replace PolicyKit with resmgr
Ludwig Nussel
ludwig.nussel at suse.de
Wed Jun 28 07:01:19 PDT 2006
On Monday 26 June 2006 22:01, Artem Kachitchkine wrote:
> Can't say about replacement, but I like the idea of a single API that HAL uses
> to retrieve privileges, regardless to how these privileges are really stored and
> managed. The issue of device permissions/ACLs is largely irrelevant, because
> that's just one of many ways to store privileges. Currently polkitd stores
> privileges in text files - I think a resmgr backend could be hooked up instead.
Yes it can but why run yet another complicated dbus based daemon
when there is a simple solution that works without dbus? Device
permissions are related as it does make sense to allow a user to
e.g. use mkfs on the command line when it's possible to access the
device via some gnome-mkfs-via-dbus-interface at the same time.
Anyways, if you don't think about the devices for a moment you must
admit that PolicyKit's 'privileges' and resmgr's 'classes' are
basically the same idea. Especially after adding the pam module it
became obvious that policykit's features overlap with pam_console
and resmgr. So IMO those three things should be combined.
> Initial HAL integration in Solaris will probably not use polkitd at all, only
> the libpolkit with static privileges from the text files (though the D-BUS stuff
> that creeped in recently will need to be patched). We also don't use
> pam-console.
So you don't grant different permissions based on whether the user
is logged in locally or remote?
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/
More information about the hal
mailing list