Matthias Clasen <mclasen <at> redhat.com> writes:
What do you mean by that ? Blindly allowing every privileged
operation
for everybody ? Or denying it for everybody ?
In cases like this (real-time priority for sound servers), this used to be
exactly how things worked (or at least were designed to work upstream,
distributions did not always allow everything SUID that wanted it) in the good
old days, sound servers were installed SUID root and just always took real-time
priority. Now PA is SUID root, but asks PolicyKit whether it can actually use
this privilege. So compared with how things used to work, this is seen as an
additional restriction, not an additional permission.
Now PolicyKit may also be used to hand out additional permissions, and there it
would be entirely stupid to default to always granting them, obviously.
Kevin Kofler