[PolicyKit] Authorizations of Interpreted Languages
S.Çağlar Onur
caglar at pardus.org.tr
Wed May 14 08:53:26 PDT 2008
Hi Harald;
14 May 2008 Çar tarihinde, Harald Hoyer şunları yazmıştı:
> isn't the authorization checked by the backend by pid?
> example:
> http://git.fedorahosted.org/git/?p=system-config-boot.git;a=blob;f=src/grub-conf-mechanism.py;h=6d7e098b9e30019e1f8f5e9f6c50d7e908783c1c;hb=experimental
>
> pid = dbus.UInt32(dbus_object.GetConnectionUnixProcessID(sender))
> IsProcessAuthorized(action_id, pid, False)
Yes, but if you select "Keep for session" checkbox PolicyKit starts to check application name instead of pid. See following;
"Keep session" not selected;
tr.org.pardus.comar.net.link.setstate
Authorized: No
Scope: Confined to pid 2397 (/usr/bin/python2.4)
Obtained: Wed May 14 18:28:02 2008 by auth as root (uid 0)
Constraint: Session must be on a local console
Constraint: Session must be active
Constraint: Only allowed for program /usr/bin/python2.4
"Keep session" selected;
tr.org.pardus.comar.net.link.setstate
Authorized: No
Scope: Confined to session /org/freedesktop/ConsoleKit/Session1
Obtained: Wed May 14 18:52:53 2008 by auth as root (uid 0)
Constraint: Session must be on a local console
Constraint: Session must be active
Constraint: Only allowed for program /usr/bin/python2.4
Cheers
--
S.Çağlar Onur <caglar at pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/hal/attachments/20080514/b67e2fc8/attachment.pgp
More information about the hal
mailing list