colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/polkit: Add debug option

Browse Source
This commit is contained in:
Craig Hall 2022-10-02 08:46:28 +01:00
parent 352ed567a7
commit a4995b6f0a
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/security/polkit.nix
View File

@ -14,6 +14,8 @@ in
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions.");
security.polkit.extraConfig = mkOption {
type = types.lines;
default = "";
@ -21,6 +23,7 @@ in
''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
// Make sure to set { security.polkit.debug = true; } in configuration.nix
polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});
@ -58,6 +61,11 @@ in
systemd.packages = [ pkgs.polkit.out ];
systemd.services.polkit.serviceConfig.ExecStart = [
""
"${pkgs.polkit.out}/lib/polkit-1/polkitd ${optionalString (!cfg.debug) "--no-debug"}"
];
systemd.services.polkit.restartTriggers = [ config.system.path ];
systemd.services.polkit.stopIfChanged = false;