remove polkit from core?
Steve Grubb
sgrubb at redhat.com
Wed Nov 14 15:47:22 UTC 2012
On Wednesday, November 14, 2012 08:07:25 AM tim.lauridsen at gmail.com wrote:
> On Wed, Nov 14, 2012 at 6:53 AM, Ian Pilcher <arequipeno at gmail.com> wrote:
> > On 11/13/2012 09:50 PM, Matthias Clasen wrote:
> > > Yes, this was a misunderstanding. What is still supported is the .policy
> >
> > files containing the default policy. And that is very good, since such
> > policy files are installed by pretty much every package that uses polkit,
> > while .pkla files were only used by very few packages.
> >
> >
> > Wait. So the .pkla file I wrote to allow my run virt-manager as my
> > normal user is going to stop working, and I'm going to have to write the
> > replacement in JavaScript?
> >
> > Let's just say I'm struggling to find the words ...
>
> In F18 yes.
>
> http://davidz25.blogspot.dk/2012/06/authorization-rules-in-polkit.html
This blog misses the most important property about security settings...they
have to be auditable through automation. If you have 10,000 systems and need
to know your security posture, you have to be able to check them through
automation.
If the javascript had a file over in /etc that it read configuration things
from, then we are OK. But if we have to go check the code itself, there is a
problem.
-Steve
> http://www.freedesktop.org/software/polkit/docs/master/polkit.8.html
>
> Tim
More information about the devel
mailing list