Status of Policy Kit
David Zeuthen
david at fubar.dk
Wed May 2 22:11:52 PDT 2007
Hi,
On Wed, 2007-05-02 at 03:38 +0530, Sayamindu Dasgupta wrote:
> Sounds good. I have a question however. Will it be possible to
> integrate this dialog into Sabayon in any way. We are working on
> making Sabayon the deployers' swiss army knife of some sorts, and
> during the 2.20 release cycle, we'll be merging Pessulus and Sabayon
> into one single source tree (the two tools are already integrated).
> So it might be a nice idea if the administrator can access this tool
> from Sabayon itself (maybe via Tools->Set Systemwide Action Policy or
> something like that)
That's certainly something worth looking into; I'm not exactly sure how
the UI for systemwide actions should look; what I wrote in the earlier
mail was just a sketch; I think the initial release of PK will just punt
the whole thing and let people edit the XML if they want... We'll see!
> The place I am currently kind of stuck is, how to handle removable
> devices. As far as my understanding goes (and my mentor agrees with me
> as well), it would be best to leave removable devices to HAL, and the
> policy that is defined via PolicyKit.However, I am bit lost on how to
> actually implement this (as I am clueless about HAL) - but I am trying
> to figure it out :-). One of the ideas is that if the path filtering
> code in Nautilus/GTK+ Filechooser comes across a path that is in a
> removable device, it lets the user access it, assuming that the
> relevant policy has already been applied to the device. The part that
> I am yet to figure out is how to find out that the path actually
> points to a removable device :-).
Most, if not all, Linux distros (not sure about Solaris) mount things
like removable media in /media because being FHS[1] compliant is a good
thing in general. It's right now hardcoded into HAL as well. Also, few
distros AFAIK allow the user to mount non-removable media and
non-hotpluggable drives (because it's a security risk, search the
archives of e.g. this list).
So I think using the heuristic that any path in the GNOME Filechooser
for a GnomeVFSVolume outside $HOME is safe if, and only if, it's mounted
somewhere in /media? But it probably requires some closer investigation,
anyway this is probably a good starting point I think...
> I would be glad to be of help in the GUI tools that you work on -
> please let me know if you need a hand :-). I am also working on a
> guide for large scale GNOME deployments (basically documenting tools
> like Sabayon, Pessulus, etc),and I think it will be a good idea to
> include the "hardware policy configurator" in the list of apps as
> well.
Cool that's definitely good to know; thanks!
David
[1] : http://www.pathname.com/fhs/pub/fhs-2.3.html#MEDIAMOUNTPOINT
More information about the hal
mailing list