diff options
Diffstat (limited to 'nixos/modules/security/polkit.nix')
| -rw-r--r-- | nixos/modules/security/polkit.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 95a2d4d5377a5..f33898578b817 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -14,6 +14,8 @@ in security.polkit.enable = mkEnableOption (lib.mdDoc "polkit"); + security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions."); + security.polkit.extraConfig = mkOption { type = types.lines; default = ""; @@ -21,6 +23,7 @@ in '' /* Log authorization checks. */ polkit.addRule(function(action, subject) { + // Make sure to set { security.polkit.debug = true; } in configuration.nix polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid); }); @@ -58,6 +61,11 @@ in systemd.packages = [ pkgs.polkit.out ]; + systemd.services.polkit.serviceConfig.ExecStart = [ + "" + "${pkgs.polkit.out}/lib/polkit-1/polkitd ${optionalString (!cfg.debug) "--no-debug"}" + ]; + systemd.services.polkit.restartTriggers = [ config.system.path ]; systemd.services.polkit.stopIfChanged = false; |