[PATCH] Allow hibernate, suspend and CPUFreq for root independently from desktop-console

[David Zeuthen]

On Wed, 2007-03-07 at 21:30 +0100, Holger Macht wrote:
> This changes the logic how privileges for hibernate, suspend and cpufreq
> are determined. With the current situation, the application/script
> checking if the caller is allowed to do something, has to explicitly grant
> access for the root user with checking for uid == 0. The new method
> exclusively grants access for the root user, but specifies that others can
> possess the privilege as soon as they possess the desktop-console
> privilege. This way, the lower lever application/script does not have to
> handle any special case, it just has to check if the caller (whether root
> or not) possesses the specific privilege.
> 
> I hope that I was able to make this clear. It is a little bit tricky to
> explain and to understand ;-)
> 
> I have this patch already sometime in the openSUSE hal package and I think
> it is correct, or at least more simple to handle. I just somehow forgot to
> bring it up earlier. Comments?  Maybe this also makes sense for some of
> the other privileges before 0.5.9?

I want to slightly rework how PolicyKit work once HAL 0.5.9 is out
(sorry for taking so long with PolicyKit, just too much going on) so
please go ahead and commit this and other changes you need. But note
that things will slightly change; hopefully for the better. 

     David

ps. : Some out-of-context thoughts on PolicyKit are here

https://www.redhat.com/archives/fedora-devel-list/2007-March/msg01211.html

that may (or may not!) make sense. Basically I want to move the
decision-making bits into a shared library (rather than the daemon) with
pluggable back-ends and make the policy-granting bits be activated
on-demand. That way we can get rid of the init script at least and we
should have much fewer, actually none, IPC round trips when making
policy decisions. But more on that when 0.5.9 is out....