the system-monitor only uses `pkexec` to invoke /usr/bin/kill, /usr/bin/renice and /usr/bin/systemctl as root. So no privilege checking is performed within the deepin code. Since these are very generic actions they could conflict with other uses of pkexec in conjunction with /usr/bin/kill and the other tools. Hopefully that will not break anything, though. I will whitelist these actions.