polkit_authority_check_authorization oddity
David Zeuthen
david at fubar.dk
Thu Jul 16 13:41:14 PDT 2009
Hi,
I think you somehow dropped the Cc to the mailing list. Adding it back.
On Thu, 2009-07-16 at 11:45 -0700, Daniel Nicoletti wrote:
> Sure, and strange... since i had both installed and it called
> always the kde version, i didn't test calling this on gnome
> but it worked pretty well.
It's not defined what should happen. What is started may not even be
deterministic, it could depend on the phase of the moon (read: order of
things returned by readdir(2) is undefined).
> What about using it on xfce, or any other desktop (that didn't put kde or gnome
> authenticationAgent on their autostart) ?
It is up to desktop projects, or the distributor of the desktop project,
to take care of this. For example the XFCE guys in Fedora, IIRC, ship a
package with a single XFCE-specific autostart file and a "Requires:
polkit-gnome" directive.
> IMO it's not a problem if the gnome dialog is called in a KDE session,
> in most cases you only have one desktop installed.
Actually, for better or worse, some (many) large-scale deployments, like
university campuses, actually offer their users the choice of desktop
environment. IIRC Boston University does this.
> The real problem is no AuthenticationAgent being called at all.
I can't see how that's a problem. It's simply just a bug with the OS /
distribution if users end up in situations like this. E.g. distributions
already need to do a lot of integration work to avoid making the desktop
unusable - this is just another example.
(Of course for distributions promoting "choice", e.g. literally allowing
users to only include what they want, this can be a problem insofar the
user may end up in situations where no authentication agent is
available. But, IMNSHO, such distributions typically have much bigger
problems than this.)
> Another problem is that I don't like useless programs wasting my RAM,
> (so maybe i should try to make a simple kdedaemon plugin just to handle the request
> and see if it's possible to forward the D-Bus request to another app)
> By useless I mean that it's not common to be using it.
You can implement an authentication agent in whatever way you want. For
example for GNOME this would just be a simple gnome-settings-daemon
plug-in living in the main gnome-settings-daemon process.
> But still the old behavior did worked pretty well.
The old behavior required clients to be aware of PolicyKit and that
itself made things more complex and bloated than necessary.
David
More information about the polkit-devel
mailing list