Running Ubuntu 24.04 LTS with Gnome, Wayland. I have polkit rules successfully limiting power-off and suspend to AUTH_ADMIN. However, the rules simply do not work for org.freedesktop.login1.reboot. I have no idea what’s different. It does work when multiple sessions are active, but I want to prevent all reboots that aren’t done by an administrator. Any ideas?
All methods of rebooting are still available even though I set it to AUTH_ADMIN. I can reboot while logged in, from the login screen, or via terminal using shutdown --reboot.
Here is my rule:
polkit.addRule(function(action, subject) {
if ((action.id == “org.freedesktop.login1.power-off” ||
action.id == “org.freedesktop.login1.power-off-multiple-sessions” ||
action.id == “org.freedesktop.login1.reboot” ||
action.id == “org.freedesktop.login1.reboot-multiple-sessions” ||
action.id == “org.freedesktop.login1.suspend” ||
action.id == “org.freedesktop.login1.suspend-multiple-sessions”)) {
if (subject.isInGroup(“sudo”)) {
return polkit.Result.YES;
} else {
return polkit.Result.AUTH_ADMIN;
}
}
});
Has anyone been able to effectively squash reboots in any way using polkit on Ubuntu 24.04 LTS or newer? What settings worked? Note that org.freedesktop.login1.reboot-multiple-sessions works fine, but the no-logins .reboot version does not.