PackageKit policy: background and plans

Peter Jones pjones at redhat.com
Mon Nov 23 19:13:53 UTC 2009


On 11/23/2009 01:24 PM, Gregory Maxwell wrote:

> I haven't tried the the fast user switching in fedora... Hopefully it is
> using some kernel mode secure path to prevent users from stealing each others
> credentials, if it isn't then one should be established for it. Why not use the
> same facility to switch to a system administration desktop, locked down a bit by
> default (use SE linux to make various unsafe user tasks like firefox,
> open office, etc unable to run in this admin context) to discourage
> casual use.

Wait, you're arguing for this *instead* of finer-grained elevations of privilege
governed by policy files which can be locally overridden safely?

> Surely this would be preferable to reducing the security against
> common casual threats.

I think you've characterized things backwards here.

-- 
        Peter




More information about the fedora-devel-list mailing list