replace PolicyKit with resmgr

Ludwig Nussel ludwig.nussel at suse.de
Wed Jun 28 07:01:19 PDT 2006


On Monday 26 June 2006 22:01, Artem Kachitchkine wrote:
> Can't say about replacement, but I like the idea of a single API that HAL uses 
> to retrieve privileges, regardless to how these privileges are really stored and 
> managed. The issue of device permissions/ACLs is largely irrelevant, because 
> that's just one of many ways to store privileges. Currently polkitd stores 
> privileges in text files - I think a resmgr backend could be hooked up instead.

Yes it can but why run yet another complicated dbus based daemon
when there is a simple solution that works without dbus? Device
permissions are related as it does make sense to allow a user to
e.g. use mkfs on the command line when it's possible to access the
device via some gnome-mkfs-via-dbus-interface at the same time.
Anyways, if you don't think about the devices for a moment you must
admit that PolicyKit's 'privileges' and resmgr's 'classes' are
basically the same idea. Especially after adding the pam module it
became obvious that policykit's features overlap with pam_console
and resmgr. So IMO those three things should be combined.

> Initial HAL integration in Solaris will probably not use polkitd at all, only 
> the libpolkit with static privileges from the text files (though the D-BUS stuff 
> that creeped in recently will need to be patched). We also don't use 
> pam-console.

So you don't grant different permissions based on whether the user
is logged in locally or remote?

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/



More information about the hal mailing list