PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Wed Nov 21 20:23:44 PST 2007 

 doc/TODO |   40 +++++++++-------------------------------
 1 file changed, 9 insertions(+), 31 deletions(-)

New commits:
commit b555fb7594cc4d627c7aa7e33906bbcd3a34faf3
Author: David Zeuthen <davidz at redhat.com>
Date:   Wed Nov 21 23:23:09 2007 -0500

    update TODO

diff --git a/doc/TODO b/doc/TODO
index b403451..c5651d1 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,7 +1,4 @@
 
- - Add support for overriding defaults. Will require 
-   org.freedesktop.policykit.grant
-
  - On every polkit_context_is_[caller|session]_authorized we load
    all .policy XML files. This is bad. Dave Jones will kill us. 
    We should
@@ -33,37 +30,18 @@
    external API). This is mainly to be able to handle OOM for
    mechanisms that will need this (such as dbus-daemon)
 
- - add support for additional <match> attributes
-   in /etc/PolicyKit/PolicyKit.conf
-
-   - <match timeofday="0900-1700">
-     Matches 9am through 5pm local time
-
-   - <match weekday="Mon-Fri">
-     Matches only on Monday->Friday both inclusive
-
-   - <match selinux_context="regexp">
-     Match on caller's SELinux context
-
-   - <match caller_exe="regexp">
-     Matches the path of the executable the caller stems from
-
-   - <match group="regexp">
-     Match on group
-
-   - <match session_active="true|false">
-     Only if the caller is in an active session (or not)
+ - Kill the config file
 
-   - <match seat_local="true|false">
-     Only if the caller is on a local seat (or not)
+ - Add support for granting authorizations to a) UNIX Groups; and 
+   b) SELinux security contexts
 
-   ... And of course the we need the ULTIMATE copout
+ - Add API and support in polkit-auth/polkit-action for maintaining
+   a list of entities for whom implicit authorizations do not apply.
+   (Typical example is that in a desktop OS one wants a UNIX group
+    for "Restricted Users". Another example is a guest account.)
 
-   - <match run_program="">
-     Run a program to make the decision; details are exported in the
-     environment. Program cannot assume to run as root or in a specific
-     security context; it will need to use a helper a'la
-     pam_unix_password.so
+ - Add API and support in polkit-auth/polkit-action to define what
+   administrator auth means.
 
  - Reconsider adding k/v dictionaries to Actions; e.g. the Mechanism for
    dial-up networking can attach the key/value pair

More information about the hal-commit mailing list