Roles and Policy

Lennart Poettering mzerqung at
Thu Aug 13 18:55:42 UTC 2009

On Thu, 13.08.09 14:28, David Zeuthen (davidz at wrote:

>  2. Second, if you are member of the desktop_admin_r group, then you
>     should be allowed to do a lot of things without being interrupted
>     by authentication dialogs. This part isn't complete, for now, it
>     includes
>       org.gnome.clockapplet.mechanism.* - set timezone and system time
>       org.freedesktop.devicekit.disks.* - all storage related things
>       org.freedesktop.RealtimeKit1.*    - run real-time processes 

rtkit should be accessible for normal desktop users already. Please
move this to desktop_user_r!

I am assuming that this makes only sense if the upstream policy files
in the various packages are more strict by default than what is
shopped in polkit-desktop-policy. Right?

So, for a package that has used console-based auth by default before
(like rtkit), how should their upstream policy files be changed? How
does console-based auth and this new role-based out fit together?


Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net           GnuPG 0x1A015CC4

More information about the Fedora-desktop-list mailing list