[packagekit] DBUS configuration
Sebastian Heinlein
glatzor at ubuntu.com
Fri Feb 29 01:27:39 PST 2008
Quoting Sebastian Heinlein <glatzor at ubuntu.com>:
> Quoting Robin Norwood <rnorwood at redhat.com>:
>
>> On Tue, 26 Feb 2008 13:39:02 -0500
>> Robin Norwood <rnorwood at redhat.com> wrote:
>>
>>> On Tue, 26 Feb 2008 19:09:03 +0100
>>> Richard Hughes <hughsient at gmail.com> wrote:
>>>
>>> > On Tue, 2008-02-26 at 12:44 -0500, Robin Norwood wrote:
>>> > > Does anyone use the PACKAGEKIT_USER business? It evaluates to
>>> > > 'root' by default, so doesn't really have any effect unless it is
>>> > > set, aside from a slight performance penalty. We should probably
>>> > > remove it from the shipping configs unless it really is for
>>> > > something. I didn't want to just make the change for fear of
>>> > > breaking anyone's setup.
>>> >
>>> > Well, it basically just was there for debian, IIRC they don't like
>>> > running things as root. Maybe we can just ensure that
>>> > @PACKAGEKIT_USER@ is root by default, and cut out the explicit line.
>>> > That might be best.
>
>>> Yeah, I like that plan. We'll see what the debian guys say, though.
>>
>> This is done, now. I replaced 'root' with @PACKAGEKIT_USER@
>> throughout, and remove explicit references to 'root'. The way things
>> are now, packagekitd and the dbus backend daemons both run as root. If
>> anyone doesn't like it that way, feel free to fix it.
>
> Since in Debian/Ubuntu I would use separate users for the daemon and
> the backend and don't want to ship a patch, I introduced a new
> configure option --with-backend-user, which defaults to the daemon
> user. See 8a7a56deae9b9684f3c79dee7f58214e354c9ca8
This is not sufficient. I would also have to allow the backend user to
own PackageKitBackend.
Would you be ok if I would reintroduce this?
<policy user="@PK_BACKEND_USER@">
<allow own="org.freedesktop.PackageKit"/>
</policy>
This would result in a duplicated root entry for distributions which
do not separate here.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the PackageKit
mailing list