polkit-gnome-authorization missing

Jeroen van Meeuwen kanarip at kanarip.com
Sun Oct 18 21:47:06 UTC 2009


On 10/18/2009 11:12 PM, Matthias Clasen wrote:
> On Sun, 2009-10-18 at 22:30 +0200, Christoph Wickert wrote:
>> Just a quick follow-up:
>>
>> Am Sonntag, den 18.10.2009, 22:17 +0200 schrieb Christoph Wickert:
>>>
>>> Anyway, I think we both agree that 50-local.d definitely contains
>>> "host-specific configuration data", do we?
>>
>> Quoting
>> http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLIBVARIABLESTATEINFORMATION
>>
>> "var/lib : Variable state information
>> Purpose
>> This hierarchy holds state information pertaining to an application or
>> the system. State information is data that programs modify while they
>> run, and that pertains to one specific host. Users must never need to
>> modify files in /var/lib to configure a package's operation."
>
> Right. Users don't.
>

What the FHS also says is it is application state data, a.k.a. 
transactional data, and not configuration data. Since the polkit-1 files 
should never be changed by users, and should thus also not be changed by 
a UI application, I fail to see how these configuration files can be in 
/var/lib/ instead of /etc/.

More importantly, the definition of what is vendor, org, site and local 
is, IMHO, as follows:

vendor is what PolicyKit ships as a default policy, much like perl and 
ruby have vendor libraries (modules, extensions). This policy can be 
overriden or extended by an organisation (example.org Ltd.) in org 
(possibly through configuration management). Site is for what packages 
deploy, much like perl and ruby use site directories, and local then 
finally gives an organisation the opportunity to lay down a policy 
applicable to just some hosts, only to finally have the mandatory policy 
(package A / local.d can set foo to be allowed but organisation does not 
want to allow it), much like perl and ruby use or are going to use 
/usr/local/lib{,64}/ and /usr/local/share/.

It would make more sense to me to just have vendor (PolicyKit), site 
(packages), org (my configs) and local (my host specific configs) -in 
that order. It doesn't make much sense to me to have site be parsed 
after org, only to then have the same thing in mandatory again.

Does such make sense compared to how it is supposed to be used, and if 
put in more proper wording, would such be how it could be explained in 
the man page?

> Site or org administrators can install suitable policies there,
> preferably in the form of a policy package.
>

Org, site and local administrators probably deploy some kind of 
configuration somehow (I'll withhold from my recommendations). It 
wouldn't matter much in what directory they are exactly (type once, 
deploy many, many times). It does matter in what order various files are 
to be parsed, and what files from which sources might end up in various 
places exactly. Could we have some more clarification on what the 
various directories in /var/lib/polkit-1/localauthority/ are supposed to 
be used for, and what could (may or may not) put files in these directories?

-- Jeroen




More information about the desktop mailing list