PackageKit policy: background and plans
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Tue Nov 24 15:33:36 UTC 2009
On Tuesday, 24 November 2009 at 16:24, James Antill wrote:
> On Mon, 2009-11-23 at 22:32 +0000, Colin Walters wrote:
> > On Mon, Nov 23, 2009 at 10:02 PM, James Morris <jmorris at namei.org> wrote:
> > >
> > >
> > > Possibly (it could simply be that an updated policy is weaker for some
> > > reason) -- but it doesn't matter, there should be no way to change MAC
> > > policy without MAC privilege.
> >
> > It'd be nice here if we had the ability to only grant the ability to
> > install applications, not packages.
>
> "applications" is still way too broad, IMO. Even if you limit it to
> what I assume you meant, "Desktop applications", it's not obvious that
> is good enough.
>
> A useful end goal seems more likely to be something like "allow 'local'
> users to update/install signed/trusted versions of: fonts, codecs,
> themes, games, editors". For bonus points you could make it possible for
> them to remove packages they have installed.
I can imagine an additional drop-down list of "user roles" on the user
account creation screen in firstboot GUI. What you described above would
be a "home user". However, parents may not want to let their kids install
all the games they can from Fedora software collection, so we'd also need
some tool to manage allowed root-level actions associated with these roles.
Looks like a kind of enhanced sudo to me. ;)
Regards,
R.
--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the devel
mailing list