Getting ready for PolicyKit 0.9
David Zeuthen
david at fubar.dk
Thu Jul 10 09:19:41 PDT 2008
Hey Michael,
Reviving an old discussion heh? ;-)
On Thu, 2008-07-10 at 17:55 +0200, Michael Biebl wrote:
> > Yeah, in general error messages should be more friendly so patches
> > welcome for that. However, it would be very weird if the CK daemon
> > wasn't running (your example includes killing it - why would you want to
> > do that?)
>
> - What if CK/PK is installed when the user is already logged in
I consider this (tracking login sessions and providing authorization
services) core parts of the OS. So you want these installed and running
up front. Or you want to ask the user to login/logout (or reboot) if
your OS allows people what to install without these components.
> - Security updates of dbus or CK might make it necessary to restart
> those services (and CK will quit as soon as dbus is restarted).
The usual answer: reboot. Or for the more adventuresome: write a patch
to make ConsoleKit and the system bus daemon transfer state to the new
instance just like e.g. init(1) does. And get those patches past the
maintainers.
(Seriously: the Linux kernel sees far more security updates than CK and
D-Bus and I suspect you can't get patches into the kernel to allow
kexec'ing into a new kernel retaining all state.)
David
More information about the polkit-devel
mailing list