Privilege escalation policy and desktop_admin_r

Tim Waugh twaugh at
Thu May 27 15:53:57 UTC 2010

On Thu, 2010-05-27 at 08:23 -0700, Adam Williamson wrote:
> The relevant bit here is the last sentence, which was intended to cover
> the whole desktop_admin_r stuff. Let me know if it's factually off.

Seeing as desktop_admin_r is actually part of the default spin, can we
add some text which explicitly exempts users in that group from the
privilege escalation policy?

In other words, can we say something along the lines of "it's fine for
the default spin to ship policykit files allowing desktop_admin_r users
to do stuff without passwords being required"?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : 

More information about the devel mailing list