docs: emphasize that registered functions may actually never be called

Signed-off-by: David Zeuthen <davidz@redhat.com>

1 files changed, 11 insertions, 2 deletions

diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index 2aa1da1..4fbc117 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -511,7 +511,7 @@ System Context         |                        |
 
     <para>
       The <function>addRule()</function> method is used for adding a
-      function that is called whenever an authorization check for
+      function that may be called whenever an authorization check for
       <parameter>action</parameter>, <parameter>subject</parameter>
       and <parameter>details</parameter> is performed. Functions are
       called in the order they have been added until one of the
@@ -532,7 +532,7 @@ System Context         |                        |
 
     <para>
       The <function>addAdminRule()</function> method is used for
-      adding a function that is called whenever administrator
+      adding a function may be called whenever administrator
       authentication is required. The function is used to specify what
       identies may be used for administrator authentication for the
       authorization check identified by <parameter>action</parameter>,
@@ -549,6 +549,15 @@ System Context         |                        |
     </para>
 
     <para>
+      There is no guarantee that a function registered with
+      <function>addRule()</function> or
+      <function>addAdminRule()</function> is ever called - for example
+      an early rules file could register a function that always return
+      a value, hence ensuring that functions added later are never
+      called.
+    </para>
+
+    <para>
       The <function>log()</function> method writes the given
       <parameter>message</parameter> to the system logger. Log entries
       are emitted using the <constant>LOG_AUTHPRIV</constant> flag