Roles and Policy
Lennart Poettering
mzerqung at 0pointer.de
Thu Aug 13 18:55:42 UTC 2009
On Thu, 13.08.09 14:28, David Zeuthen (davidz at redhat.com) wrote:
> 2. Second, if you are member of the desktop_admin_r group, then you
> should be allowed to do a lot of things without being interrupted
> by authentication dialogs. This part isn't complete, for now, it
> includes
>
> org.gnome.clockapplet.mechanism.* - set timezone and system time
> org.freedesktop.devicekit.disks.* - all storage related things
> org.freedesktop.RealtimeKit1.* - run real-time processes
rtkit should be accessible for normal desktop users already. Please
move this to desktop_user_r!
I am assuming that this makes only sense if the upstream policy files
in the various packages are more strict by default than what is
shopped in polkit-desktop-policy. Right?
So, for a package that has used console-based auth by default before
(like rtkit), how should their upstream policy files be changed? How
does console-based auth and this new role-based out fit together?
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the Fedora-desktop-list
mailing list