replace PolicyKit with resmgr

Artem Kachitchkine Artem.Kachitchkin at Sun.COM
Thu Jun 29 15:02:30 PDT 2006


> permissions are related as it does make sense to allow a user to
> e.g. use mkfs on the command line when it's possible to access the
> device via some gnome-mkfs-via-dbus-interface at the same time.

Device permissions promote the old all-or-nothing approach (user can do lots of 
things once he opens the device), while D-BUS methods give finer-grained access 
(e.g. we can separately grant fsck, mkfs, partitioning, etc).

> Anyways, if you don't think about the devices for a moment you must
> admit that PolicyKit's 'privileges' and resmgr's 'classes' are
> basically the same idea.

Yes. They are also very similar to Solaris RBAC "authorizations" (which are also 
ascii strings). In fact, we are planning to provide a PolicyKit backend that 
stores PolicyKit privileges in the Solaris authorization database. The advantage 
here is that the authorizations database is nsswitch'able and can reside in NIS, 
LDAP, etc. The rest of HAL/GNOME stuff will just work, through the magic of the 
libpolkit API.

> So you don't grant different permissions based on whether the user
> is logged in locally or remote?

We do. It is quite similar to pam-console, but not as flexible as resmgr. The 
general direction, however, is different in Solaris: file permissions and 
user/group based security controls are being obsoleted, replaced by the more 
fine grained RBAC (role-based access control) based on privileges, 
authorizations, profiles and roles. Better integration between RBAC and D-BUS is 
quite promising.

-Artem.


More information about the hal mailing list