adding checkorigin
[accounts-sso:vitalyrepins-signon.git] / debian / signond.aegis
1 <aegis>
2   <provide>
3     <credential name="keychain-access" checkorigin="yes" />
4     <credential name="ssoProtectedWriteAccess" checkorigin="yes" />
5     <credential name="ssoProtectedReadAccess" checkorigin="yes" />
6   </provide>
7   <account>
8     <user name="signon" group="signon"/>
9   </account>
10   <request>
11     <credential name="UID::signon" />
12     <credential name="GID::signon" />
13     <for path="/usr/bin/signonpluginprocess" />
14   </request>
15   <request>
16     <credential name="signond::keychain-access" />
17     <for path="/etc/osso-cud-scripts/signon-cud.sh" />
18   </request>
19   <request>
20     <credential name="UID::root" />
21     <credential name="GID::root" />
22     <credential name="CAP::setuid" />
23     <credential name="CAP::dac_override" />
24     <credential name="CAP::sys_module" />
25     <credential name="CAP::sys_admin" />
26     <credential name="CAP::chown" />
27     <credential name="CAP::fowner" />
28     <credential name="CAP::mknod" />
29     <credential name="CAP::ipc_lock" />
30     <credential name="signond::ssoProtectedWriteAccess" />
31     <credential name="signond::ssoProtectedReadAccess" />
32     <for path="/usr/bin/signond" id="signond-id" />
33   </request>
34   <request context="INSTALL">
35     <credential name="aegisfs::AegisFSMountAdd" />
36   </request>
37 </aegis>