added polkit-default-privs temporary permissions until audited bnc#827644
[opensuse:polkit-default-privs.git] / polkit-default-privs.restrictive
1 #
2 # /etc/polkit-default-privs.restrictive use in an environment where
3 # hosts are centrally administered and users should have minimal
4 # privileges. Privileged operations require authentication as admin.
5 #
6 #
7 # Please do not modify this file, use polkit-default-privs.local instead.
8 #
9 org.freedesktop.policykit.read                                  auth_admin_keep_always
10 org.freedesktop.policykit.revoke                                auth_admin_keep_always
11 org.freedesktop.policykit.grant                                 auth_admin_keep_always
12 org.freedesktop.policykit.modify-defaults                       auth_admin_keep_always
13 #
14 org.freedesktop.network-manager-settings.system.modify          auth_admin_keep_always
15 org.freedesktop.network-manager-settings.system.hostname.modify auth_admin_keep
16 org.freedesktop.network-manager-settings.system.wifi.share.protected auth_admin
17 org.freedesktop.network-manager-settings.system.wifi.share.open auth_admin
18 org.freedesktop.NetworkManager.enable-disable-network           auth_admin
19 org.freedesktop.NetworkManager.enable-disable-wifi              auth_admin
20 org.freedesktop.NetworkManager.enable-disable-wwan              auth_admin
21 org.freedesktop.NetworkManager.use-user-connections             auth_admin
22 org.freedesktop.NetworkManager.network-control                  auth_admin
23 org.freedesktop.NetworkManager.sleep-wake                       auth_admin
24 # bnc#680140
25 org.freedesktop.NetworkManager.enable-disable-wimax             auth_admin
26 org.freedesktop.NetworkManager.wifi.share.protected             auth_admin
27 org.freedesktop.NetworkManager.wifi.share.open                  auth_admin
28 org.freedesktop.NetworkManager.settings.modify.own              auth_admin_keep
29 org.freedesktop.NetworkManager.settings.modify.system           auth_admin_keep
30 org.freedesktop.NetworkManager.settings.modify.hostname         auth_admin
31 #
32 org.libvirt.unix.monitor                                        auth_admin_keep_always
33 org.libvirt.unix.manage                                         auth_admin_keep_always
34 #
35 # gnome-settings-daemon (bnc#690496)
36 #
37 org.gnome.settingsdaemon.datetimemechanism.configure            auth_admin_keep
38 # bnc#750795
39 org.gnome.settings-daemon.plugins.wacom.wacom-led-helper        auth_admin
40 # bnc#822405
41 org.gnome.settings-daemon.plugins.wacom.wacom-oled-helper       auth_admin
42 #
43 # colord (bnc#698250)
44 #
45 org.freedesktop.color-manager.create-device                     auth_admin
46 org.freedesktop.color-manager.create-profile                    auth_admin
47 org.freedesktop.color-manager.delete-device                     auth_admin
48 org.freedesktop.color-manager.delete-profile                    auth_admin
49 org.freedesktop.color-manager.modify-device                     auth_admin
50 org.freedesktop.color-manager.modify-profile                    auth_admin
51 org.freedesktop.color-manager.install-system-wide               auth_admin
52 org.freedesktop.color-manager.device-inhibit                    auth_admin
53 org.freedesktop.color-manager.sensor-lock                       auth_admin
54 #
55 # package kit
56 #
57 org.freedesktop.packagekit.package-install                      auth_admin_keep_always
58 org.freedesktop.packagekit.package-install-untrusted            auth_admin
59 org.freedesktop.packagekit.system-trust-signing-key             auth_admin
60 org.freedesktop.packagekit.package-eula-accept                  auth_admin_keep_always
61 org.freedesktop.packagekit.package-remove                       auth_admin_keep_always
62 org.freedesktop.packagekit.system-update                        auth_admin_keep_always
63 org.freedesktop.packagekit.system-rollback                      auth_admin_keep_always
64 org.freedesktop.packagekit.system-sources-configure             auth_admin_keep_always
65 org.freedesktop.packagekit.system-sources-refresh               auth_admin_keep_always
66 org.freedesktop.packagekit.system-network-proxy-configure       auth_admin_keep_always
67 org.freedesktop.packagekit.cancel-foreign                       auth_admin_keep
68 org.freedesktop.packagekit.device-rebind                        auth_admin_keep
69 org.freedesktop.packagekit.system-change-install-root           auth_admin
70 org.freedesktop.packagekit.upgrade-system                       auth_admin
71 org.freedesktop.packagekit.repair-system                        auth_admin
72 #
73 org.pulseaudio.acquire-real-time                                auth_admin_keep_always
74 org.pulseaudio.acquire-high-priority                            auth_admin_keep_always
75 #
76 # gconf
77 #
78 org.gnome.gconf.defaults.set-system                             auth_admin_keep
79 org.gnome.gconf.defaults.set-mandatory                          auth_admin_keep
80 #
81 # just an example program
82 #
83 org.gnome.policykit.examples.jump                               no:no:auth_self_one_shot
84 org.gnome.policykit.examples.frobnicate                         no:no:auth_self
85 org.gnome.policykit.examples.tweak                              no:no:auth_admin
86 org.gnome.policykit.examples.twiddle                            no:no:auth_admin_keep_always
87 org.gnome.policykit.examples.punch                              no:no:auth_self_keep_session
88 org.gnome.policykit.examples.toggle                             no:no:auth_admin_keep_always
89 org.gnome.policykit.examples.kick-foo                           no:no:auth_self
90 org.gnome.policykit.examples.kick-bar                           no:no:auth_self
91 org.gnome.policykit.examples.kick-baz                           no:no:auth_self
92 #
93 # should be consistent with udisks
94 org.freedesktop.consolekit.system.stop                          auth_admin_keep_always
95 org.freedesktop.consolekit.system.stop-multiple-users           auth_admin_keep_always
96 org.freedesktop.consolekit.system.restart                       auth_admin_keep_always
97 org.freedesktop.consolekit.system.restart-multiple-users        auth_admin_keep_always
98 #
99 # smpppd
100 #
101 org.opensuse.smpppd.connect                                     auth_admin_keep_always
102
103 #
104 # backup-manager
105 #
106 org.opensuse.backupmanager.schedule                             auth_admin
107
108 #
109 # system-config-printer
110 #
111 org.opensuse.cupspkhelper.mechanism.printer-set-default         auth_admin_keep
112 org.opensuse.cupspkhelper.mechanism.printer-enable              auth_admin_keep
113 org.opensuse.cupspkhelper.mechanism.printer-local-edit          auth_admin_keep
114 org.opensuse.cupspkhelper.mechanism.printer-remote-edit         auth_admin_keep
115 org.opensuse.cupspkhelper.mechanism.class-edit                  auth_admin_keep
116 org.opensuse.cupspkhelper.mechanism.server-settings             auth_admin_keep
117 org.opensuse.cupspkhelper.mechanism.printeraddremove            auth_admin_keep
118 org.opensuse.cupspkhelper.mechanism.job-edit                    auth_admin_keep
119 org.opensuse.cupspkhelper.mechanism.job-not-owned-edit          auth_admin_keep
120 org.opensuse.cupspkhelper.mechanism.devices-get                 auth_admin_keep
121 org.opensuse.cupspkhelper.mechanism.all-edit                    auth_admin_keep
122
123 #
124 # Firewall Zone Switcher
125 #
126 org.opensuse.zoneswitcher.control                               auth_admin
127
128 #
129 # RealTimeKit
130 #
131 org.freedesktop.RealtimeKit1.acquire-high-priority              auth_admin
132 org.freedesktop.RealtimeKit1.acquire-real-time                  auth_admin
133
134 #
135 # polkit-1
136 #
137 org.freedesktop.policykit.exec                                  auth_admin
138 org.freedesktop.policykit.lockdown                              auth_admin
139 # example progam
140 org.freedesktop.policykit.example.pkexec.run-frobnicate         auth_admin
141
142 #
143 # udisks
144 #
145 org.freedesktop.udisks.filesystem-mount                auth_admin
146 org.freedesktop.udisks.filesystem-mount-system-internal auth_admin
147 org.freedesktop.udisks.filesystem-check                auth_admin
148 org.freedesktop.udisks.filesystem-check-system-internal auth_admin
149 org.freedesktop.udisks.filesystem-unmount-others       auth_admin
150 org.freedesktop.udisks.filesystem-lsof                 auth_admin
151 org.freedesktop.udisks.filesystem-lsof-system-internal auth_admin
152 org.freedesktop.udisks.drive-eject                     auth_admin
153 org.freedesktop.udisks.drive-detach                    auth_admin
154 org.freedesktop.udisks.change                          auth_admin
155 org.freedesktop.udisks.change-system-internal          auth_admin
156 org.freedesktop.udisks.drive-ata-smart-refresh         auth_admin
157 org.freedesktop.udisks.drive-ata-smart-selftest        auth_admin
158 org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data auth_admin
159 org.freedesktop.udisks.luks-unlock                     auth_admin
160 org.freedesktop.udisks.luks-lock-others                auth_admin
161 org.freedesktop.udisks.linux-md                        auth_admin
162 org.freedesktop.udisks.cancel-job-others               auth_admin
163 org.freedesktop.udisks.inhibit-polling                 auth_admin
164 org.freedesktop.udisks.drive-set-spindown              auth_admin
165 org.freedesktop.udisks.linux-lvm2                      auth_admin
166 #
167 # udisks2 (bnc#742751)
168 #
169 org.freedesktop.udisks2.filesystem-mount-system         auth_admin
170 org.freedesktop.udisks2.filesystem-fstab                auth_admin
171 org.freedesktop.udisks2.filesystem-unmount-others       auth_admin
172 org.freedesktop.udisks2.encrypted-unlock-system         auth_admin
173 org.freedesktop.udisks2.encrypted-unlock-crypttab       auth_admin
174 org.freedesktop.udisks2.encrypted-lock-others           auth_admin
175 org.freedesktop.udisks2.encrypted-change-passphrase-system      auth_admin
176 org.freedesktop.udisks2.loop-delete-others              auth_admin
177 org.freedesktop.udisks2.manage-swapspace                auth_admin
178 org.freedesktop.udisks2.modify-device-system            auth_admin
179 org.freedesktop.udisks2.open-device                     auth_admin
180 org.freedesktop.udisks2.open-device-system              auth_admin
181 org.freedesktop.udisks2.modify-system-configuration     auth_admin
182 org.freedesktop.udisks2.read-system-configuration-secrets       auth_admin
183 org.freedesktop.udisks2.ata-smart-selftest              auth_admin
184 #
185 org.freedesktop.udisks2.filesystem-mount                auth_admin
186 org.freedesktop.udisks2.encrypted-unlock                auth_admin
187 org.freedesktop.udisks2.encrypted-change-passphrase     auth_admin
188 org.freedesktop.udisks2.loop-setup                      auth_admin
189 org.freedesktop.udisks2.modify-device                   auth_admin
190 org.freedesktop.udisks2.ata-smart-update                auth_admin
191 # (bnc#761872)
192 org.freedesktop.udisks2.eject-media                     auth_admin
193 org.freedesktop.udisks2.filesystem-mount-other-seat     auth_admin
194 org.freedesktop.udisks2.encrypted-unlock-other-seat     auth_admin
195 org.freedesktop.udisks2.loop-modify-others              auth_admin
196 org.freedesktop.udisks2.eject-media-system              auth_admin
197 org.freedesktop.udisks2.eject-media-other-seat          auth_admin
198 org.freedesktop.udisks2.modify-device-other-seat        auth_admin
199
200 #
201 # upower
202 #
203 org.freedesktop.upower.suspend                         auth_admin
204 org.freedesktop.upower.hibernate                       auth_admin
205 org.freedesktop.upower.qos.request-latency             auth_admin
206 org.freedesktop.upower.qos.request-latency-persistent  auth_admin
207 org.freedesktop.upower.qos.set-minimum-latency         auth_admin
208 org.freedesktop.upower.qos.cancel-request              auth_admin
209
210 #
211 # YaST
212 #
213 org.opensuse.yast.module-manager.import                         auth_admin
214 org.opensuse.yast.module-manager.lock                           auth_admin
215 org.opensuse.yast.modules.yapi.language.read                    no
216 org.opensuse.yast.modules.yapi.language.write                   no
217 org.opensuse.yast.modules.yapi.time.read                        no
218 org.opensuse.yast.modules.yapi.time.write                       no
219 org.opensuse.yast.modules.ysr.statelessregister                 auth_admin_keep_session
220 org.opensuse.yast.modules.ysr.getregistrationconfig             auth_admin_keep_session
221 org.opensuse.yast.modules.ysr.setregistrationconfig             auth_admin_keep_session
222 org.opensuse.yast.scr.read                                      auth_admin
223 org.opensuse.yast.scr.write                                     auth_admin
224 org.opensuse.yast.scr.execute                                   auth_admin
225 org.opensuse.yast.scr.dir                                       auth_admin
226 org.opensuse.yast.scr.registeragent                             auth_admin
227 org.opensuse.yast.scr.unregisteragent                           auth_admin
228 org.opensuse.yast.scr.unmountagent                              auth_admin
229 org.opensuse.yast.scr.error                                     auth_admin
230 org.opensuse.yast.scr.unregisterallagents                       auth_admin
231 org.opensuse.yast.scr.registernewagents                         auth_admin
232 # webyast
233 org.opensuse.yast.permissions.read                              no
234 org.opensuse.yast.permissions.write                             no
235 org.opensuse.yast.modules.eulas.accept                          no
236 org.opensuse.yast.modules.yapi.activedirectory.read             no
237 org.opensuse.yast.modules.yapi.activedirectory.write            no
238 org.opensuse.yast.modules.yapi.firewall.read                    no
239 org.opensuse.yast.modules.yapi.firewall.write                   no
240 org.opensuse.yast.modules.yapi.kerberos.read                    no
241 org.opensuse.yast.modules.yapi.kerberos.write                   no
242 org.opensuse.yast.modules.yapi.ldap.read                        no
243 org.opensuse.yast.modules.yapi.ldap.write                       no
244 org.opensuse.yast.modules.yapi.mailsettings.read                no
245 org.opensuse.yast.modules.yapi.mailsettings.write               no
246 org.opensuse.yast.modules.yapi.ntp.synchronize                  no
247 org.opensuse.yast.modules.yapi.ntp.setserver                    no
248 org.opensuse.yast.roles.assign                                  no
249 org.opensuse.yast.roles.modify                                  no
250 org.opensuse.yast.modules.yapi.administrator.read               no
251 org.opensuse.yast.modules.yapi.administrator.write              no
252 org.opensuse.yast.modules.yapi.services.read                    no
253 org.opensuse.yast.modules.yapi.services.execute                 no
254 org.opensuse.yast.system.repositories.read                      no
255 org.opensuse.yast.system.repositories.write                     no
256 org.opensuse.yast.system.packages.read                          no
257 org.opensuse.yast.system.patches.read                           no
258 org.opensuse.yast.system.patches.install                        no
259 org.opensuse.yast.system.status.read                            no
260 org.opensuse.yast.system.status.writelimits                     no
261 org.opensuse.yast.modules.logfile.read                          no
262 org.opensuse.yast.modules.yapi.users.groupsget                  no
263 org.opensuse.yast.modules.yapi.users.groupget                   no
264 org.opensuse.yast.modules.yapi.users.groupadd                   no
265 org.opensuse.yast.modules.yapi.users.groupmodify                no
266 org.opensuse.yast.modules.yapi.users.groupdelete                no
267 org.opensuse.yast.modules.yapi.users.usersget                   no
268 org.opensuse.yast.modules.yapi.users.userget                    no
269 org.opensuse.yast.modules.yapi.users.usermodify                 no
270 org.opensuse.yast.modules.yapi.users.useradd                    no
271 org.opensuse.yast.modules.yapi.users.userdelete                 no
272 org.opensuse.yast.modules.yapi.network.read                     no
273 org.opensuse.yast.modules.yapi.network.write                    no
274 org.opensuse.yast.system.terminal.read                          no
275 # bnc#687807
276 org.opensuse.yast.system.power-management.reboot                no
277 org.opensuse.yast.system.power-management.shutdown              no
278
279
280 # KDE stuff
281
282 org.kde.fontinst.manage                                         auth_admin
283 org.kde.kcontrol.kcmclock.save                                  auth_admin
284 org.kde.kcontrol.kcmremotewidgets.save                          auth_admin
285 org.kde.ksysguard.processlisthelper.changecpuscheduler          auth_admin
286 org.kde.ksysguard.processlisthelper.changeioscheduler           auth_admin
287 org.kde.ksysguard.processlisthelper.renice                      auth_admin
288 org.kde.ksysguard.processlisthelper.sendsignal                  auth_admin
289 org.kde.polkitkde1.changeexplicitauthorizations                 auth_admin_keep
290 org.kde.polkitkde1.changeimplicitauthorizations                 auth_admin
291 org.kde.polkitkde1.changesystemconfiguration                    auth_admin
292 org.kde.polkitkde1.readauthorizations                           auth_admin_keep
293 org.kde.kcontrol.k3bsetup.save                                  auth_admin
294 org.kde.kcontrol.kcmkdm.managefaces                             auth_admin_keep
295 org.kde.kcontrol.kcmkdm.managethemes                            auth_admin_keep
296 org.kde.kcontrol.kcmkdm.save                                    auth_admin
297 # kde backlight helper (bnc#672145)
298 org.kde.powerdevil.backlighthelper.brightness                   auth_admin
299 org.kde.powerdevil.backlighthelper.setbrightness                auth_admin
300 # kdepim4/kalarm (bnc#707723)
301 org.kde.kalarmrtcwake.settimer                                  auth_admin_keep
302
303 # systemd (bnc#641924)
304 org.freedesktop.hostname1.set-hostname                          auth_admin
305 org.freedesktop.hostname1.set-static-hostname                   auth_admin
306 org.freedesktop.hostname1.set-machine-info                      auth_admin
307 org.freedesktop.systemd1.reply-password                         auth_admin
308 org.freedesktop.systemd1.bus-access                             auth_admin
309 org.freedesktop.timedate1.set-time                              auth_admin_keep
310 org.freedesktop.timedate1.set-timezone                          auth_admin_keep
311 org.freedesktop.timedate1.set-local-rtc                         auth_admin_keep
312 org.freedesktop.locale1.set-locale                              auth_admin_keep
313 org.freedesktop.login1.attach-device                            auth_admin_keep
314 org.freedesktop.login1.flush-devices                            auth_admin_keep
315 org.freedesktop.login1.power-off                                auth_admin_keep
316 org.freedesktop.login1.power-off-multiple-sessions              auth_admin_keep
317 org.freedesktop.login1.reboot                                   auth_admin_keep
318 org.freedesktop.login1.reboot-multiple-sessions                 auth_admin_keep
319 org.freedesktop.login1.set-user-linger                          auth_admin_keep
320
321 # gnome-control-center
322 org.gnome.randr.install-system-wide                             auth_admin
323
324 # gnome-power-manager/gnome-settings-daemon (bnc#650401, bnc#712841)
325 org.gnome.settings-daemon.plugins.power.backlight-helper        auth_admin
326 # xfce4-power-manager, bnc#665169
327 # code is copy&paste from gnome-power-manager
328 org.xfce.power.backlight-helper                                 auth_admin
329
330 # hp-drive-guard
331 com.hp.driveguard.toggle                                        auth_admin
332 com.hp.driveguard.install-setup                                 auth_admin
333
334 # ModemManager
335 org.freedesktop.ModemManager.Device.Control                     auth_admin
336 org.freedesktop.ModemManager.Device.Info                        auth_admin
337 org.freedesktop.ModemManager.Contacts                           auth_admin
338 org.freedesktop.ModemManager.SMS                                auth_admin
339 org.freedesktop.ModemManager.Location                           auth_admin
340 # (bnc#691896)
341 org.freedesktop.ModemManager.USSD                               auth_admin
342
343 # urfkill (bnc#688328)
344 org.freedesktop.urfkill.block                                   auth_admin
345 org.freedesktop.urfkill.blockidx                                auth_admin
346 org.freedesktop.urfkill.unblock                                 auth_admin
347 org.freedesktop.urfkill.unblockidx                              auth_admin
348 org.freedesktop.urfkill.enablekeycontrol                        auth_admin
349
350 # account services (bnc#676638)
351 org.freedesktop.accounts.user-administration                    auth_admin_keep
352 org.freedesktop.accounts.set-login-option                       auth_admin
353 org.freedesktop.accounts.change-own-user-data                   auth_admin
354
355 #
356 # smb4k (bnc#749065)
357 #
358 de.berlios.smb4k.mounthelper.mount                              auth_admin_keep
359 de.berlios.smb4k.mounthelper.unmount                            auth_admin_keep
360
361 #
362 # RecordItNow (bnc#753908)
363 #
364 org.kde.recorditnow.helper.watch                                auth_admin
365
366 #
367 # GNOME control-center (bnc#779938)
368 #
369 org.gnome.controlcenter.user-accounts.administration            auth_admin_keep
370 org.gnome.controlcenter.datetime.configure                      auth_admin_keep
371
372 #
373 # PackageKit / systemd offline updates (bnc#798885)
374 #
375 org.freedesktop.packagekit.trigger-offline-update               auth_admin_keep
376 org.freedesktop.packagekit.clear-offline-update                 auth_admin_keep
377
378 #
379 # gparted (bnc#810888)
380 #
381 org.opensuse.policykit.gparted                                  auth_admin
382
383 #
384 # udisks2 (bnc#809277)
385 #
386 org.freedesktop.udisks2.manage-md-raid                          auth_admin:auth_admin:auth_admin_keep
387 org.freedesktop.udisks2.power-off-drive-system                  auth_admin:auth_admin:auth_admin_keep
388 org.freedesktop.udisks2.power-off-drive-other-seat              auth_admin:auth_admin:auth_admin_keep
389 org.freedesktop.udisks2.ata-smart-enable-disable                auth_admin:auth_admin:auth_admin_keep
390 org.freedesktop.udisks2.power-off-drive                         auth_admin:auth_admin:yes
391
392 # ModemManager1 (bnc#798273)
393 org.freedesktop.ModemManager1.Control                           auth_admin
394 org.freedesktop.ModemManager1.Device.Control                    auth_admin_keep
395 org.freedesktop.ModemManager1.Contacts                          auth_admin_keep
396 org.freedesktop.ModemManager1.Messaging                         auth_admin_keep
397 org.freedesktop.ModemManager1.Location                          auth_admin_keep
398 org.freedesktop.ModemManager1.Firmware                          auth_admin
399 org.freedesktop.ModemManager1.USSD                              auth_admin_keep
400
401 # fprintfd (bnc#792095)
402 net.reactivated.fprint.device.verify                            no:no:auth_admin
403 net.reactivated.fprint.device.enroll                            no:no:auth_admin
404 net.reactivated.fprint.device.setusername                       no:no:auth_admin
405
406 # lightdm-kde-greeter (bnc#794705)
407 org.kde.kcontrol.kcmlightdm.save                                no:no:auth_admin_keep
408 org.kde.kcontrol.kcmlightdm.savethemedetails                    no:no:auth_admin_keep
409
410 # gnome-system-monitor (bnc#822011)
411 org.gnome.gnome-system-monitor.kill                             no:no:auth_admin
412 org.gnome.gnome-system-monitor.renice                           no:no:auth_admin
413
414 # nepomuk (bnc#825262)
415 org.kde.nepomuk.filewatch.raiselimit                            no:no:auth_admin_keep
416
417 # powerdevil (bnc#825256)
418 org.kde.powerdevil.backlighthelper.syspath                      no:yes:yes
419
420 # libvirt (bnc#827644) ( original wants yes:yes:yes)
421 org.libvirt.api.connect.getattr                 auth_admin_keep
422 org.libvirt.api.connect.read                    auth_admin_keep
423 org.libvirt.api.connect.search-domains          auth_admin_keep
424 org.libvirt.api.connect.search-interfaces       auth_admin_keep
425 org.libvirt.api.connect.search-networks         auth_admin_keep
426 org.libvirt.api.connect.search-node-devices     auth_admin_keep
427 org.libvirt.api.connect.search-nwfilters        auth_admin_keep
428 org.libvirt.api.connect.search-secrets          auth_admin_keep
429 org.libvirt.api.connect.search-storage-pools    auth_admin_keep
430 org.libvirt.api.domain.getattr                  auth_admin_keep
431 org.libvirt.api.domain.read                     auth_admin_keep
432 org.libvirt.api.interface.getattr               auth_admin_keep
433 org.libvirt.api.interface.read                  auth_admin_keep
434 org.libvirt.api.network.getattr                 auth_admin_keep
435 org.libvirt.api.network.read                    auth_admin_keep
436 org.libvirt.api.node-device.getattr             auth_admin_keep
437 org.libvirt.api.nwfilter.getattr                auth_admin_keep
438 org.libvirt.api.nwfilter.read                   auth_admin_keep
439 org.libvirt.api.secret.getattr                  auth_admin_keep
440 org.libvirt.api.secret.read                     auth_admin_keep
441 org.libvirt.api.storage-pool.getattr            auth_admin_keep
442 org.libvirt.api.storage-pool.read               auth_admin_keep
443 org.libvirt.api.storage-vol.getattr             auth_admin_keep
444 org.libvirt.api.storage-vol.read                auth_admin_keep
445
446 ###