diff --git a/src/machine/machine-varlink.c b/src/machine/machine-varlink.c
index 8c437efc17..a773094cfe 100644
--- a/src/machine/machine-varlink.c
+++ b/src/machine/machine-varlink.c
@@ -155,7 +155,7 @@ int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink
r = varlink_verify_polkit_async(
link,
manager->bus,
- "org.freedesktop.machine1.create-machine",
+ machine->allocate_unit ? "org.freedesktop.machine1.create-machine" : "org.freedesktop.machine1.register-machine",
(const char**) STRV_MAKE("name", machine->name,
"class", machine_class_to_string(machine->class)),
&manager->polkit_registry);
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 30f722a449..82c0addefb 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -228,6 +228,7 @@ static int method_list_machines(sd_bus_message *message, void *userdata, sd_bus_
static int method_create_or_register_machine(
Manager *manager,
sd_bus_message *message,
+ const char *polkit_action,
bool read_network,
Machine **ret,
sd_bus_error *error) {
@@ -318,7 +319,7 @@ static int method_create_or_register_machine(
r = bus_verify_polkit_async(
message,
- "org.freedesktop.machine1.create-machine",
+ polkit_action,
details,
&manager->polkit_registry,
error);
@@ -378,7 +379,7 @@ static int method_create_machine_internal(sd_bus_message *message, bool read_net
assert(message);
- r = method_create_or_register_machine(manager, message, read_network, &m, error);
+ r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.create-machine", read_network, &m, error);
if (r < 0)
return r;
if (r == 0)
@@ -416,7 +417,7 @@ static int method_register_machine_internal(sd_bus_message *message, bool read_n
assert(message);
- r = method_create_or_register_machine(manager, message, read_network, &m, error);
+ r = method_create_or_register_machine(manager, message, "org.freedesktop.machine1.register-machine", read_network, &m, error);
if (r < 0)
return r;
if (r == 0)
diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy
index fe125ed0db..d5b8d83d2a 100644
--- a/src/machine/org.freedesktop.machine1.policy
+++ b/src/machine/org.freedesktop.machine1.policy
@@ -99,7 +99,17 @@
auth_admin
auth_admin_keep
- org.freedesktop.login1.shell org.freedesktop.login1.login
+ org.freedesktop.login1.shell org.freedesktop.login1.login org.freedesktop.machine1.register-machine
+
+
+
+ Register a local virtual machine or container
+ Authentication is required to register a local virtual machine or container.
+
+ auth_admin
+ auth_admin
+ yes
+