[packagekit] DBUS configuration

Robin Norwood rnorwood at redhat.com
Fri Feb 29 07:03:40 PST 2008 

On Fri, 29 Feb 2008 10:27:39 +0100
Sebastian Heinlein <glatzor at ubuntu.com> wrote:

> Quoting Sebastian Heinlein <glatzor at ubuntu.com>:
> 
> > Quoting Robin Norwood <rnorwood at redhat.com>:
> >
> >> On Tue, 26 Feb 2008 13:39:02 -0500
> >> Robin Norwood <rnorwood at redhat.com> wrote:
> >>
> >>> On Tue, 26 Feb 2008 19:09:03 +0100
> >>> Richard Hughes <hughsient at gmail.com> wrote:
> >>>
> >>> > On Tue, 2008-02-26 at 12:44 -0500, Robin Norwood wrote:
> >>> > > Does anyone use the PACKAGEKIT_USER business?  It evaluates to
> >>> > > 'root' by default, so doesn't really have any effect unless
> >>> > > it is set, aside from a slight performance penalty.  We
> >>> > > should probably remove it from the shipping configs unless it
> >>> > > really is for something.  I didn't want to just make the
> >>> > > change for fear of breaking anyone's setup.
> >>> >
> >>> > Well, it basically just was there for debian, IIRC they don't
> >>> > like running things as root. Maybe we can just ensure that
> >>> > @PACKAGEKIT_USER@ is root by default, and cut out the explicit
> >>> > line. That might be best.
> >
> >>> Yeah, I like that plan.  We'll see what the debian guys say,
> >>> though.
> >>
> >> This is done, now.  I replaced 'root' with @PACKAGEKIT_USER@
> >> throughout, and remove explicit references to 'root'.  The way
> >> things are now, packagekitd and the dbus backend daemons both run
> >> as root.  If anyone doesn't like it that way, feel free to fix it.
> >
> > Since in Debian/Ubuntu I would use separate users for the daemon and
> > the backend and don't want to ship a patch, I introduced a new
> > configure option --with-backend-user, which defaults to the daemon
> > user. See 8a7a56deae9b9684f3c79dee7f58214e354c9ca8
> 
> 
> This is not sufficient. I would also have to allow the backend user
> to own PackageKitBackend.
> 
> Would you be ok if I would reintroduce this?
>    <policy user="@PK_BACKEND_USER@">
>      <allow own="org.freedesktop.PackageKit"/>
>    </policy>
> 
> This would result in a duplicated root entry for distributions which  
> do not separate here.

That's ok with me.  David Z said there might be a slight performance hit
to having duplicates, but I'm sure it's negligible.

-RN

-- 
Robin Norwood
Red Hat, Inc.

"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching

More information about the PackageKit mailing list