libhal-policy -> PolicyKit

Artem Kachitchkine Artem.Kachitchkin at Sun.COM
Thu Mar 9 13:28:29 PST 2006

>     particular it puts the (policy, uid, pid) tupple in a list
>     called temporary_policy_overrides. Should the end-point suddenly
>     disconnect we catch this and delete the tupple from the list
>     temporary_policy_overrides.
>  7. If successful, gnome-mount does Mount() again on HAL. This flows
>     through HAL and eventually hal-storage-mount is invoked. This binary
>     uses libpolkit in particular libpolkit_is_uid_allowed_for_policy()
>     to check whether the given $HAL_METHOD_INVOKED_BY_UID and
>     $HAL_METHOD_INVOKED_BY_PID (we will start exporting this soon in
>     HAL :-) is privileged. 

PolicyKit daemon will also have to protect against a race when process 
PID gets a temporary policy, suddenly disconnects, the PID gets reused 
by another process, which tries to gain access to the same policy before 
the policy backing store (local file or a distributed database) deletes 
the temporary_policy_override entry from the previous process.


More information about the hal mailing list