question about .policy locations
Ruixin Bao
rubao at redhat.com
Fri Dec 15 22:19:56 UTC 2017
Hello,
I was wondering if it is possible to have a configuration set so that both /usr/share/polkit-1/actions/xx.policy and /usr/local/share/polkit-1/actions/xx.policy
files can get recognized? I am going to try to explain the use case of /usr/local/share/xxxxx/'s policies. However, I am not very familiar with policy kit,
so if I made mistakes in the email, feel free to correct me.
I have been working on atomic system containers[1], a way to run container in production using read only images. One of its main ideas is to let the host run the containerized services.
Recently, I tried to make firewalld as a system container[2]. Firewalld interacts with dbus-daemon and policy kit. To make firewalld containerized, we need to find a way to interact with
host via dbus-daemon and policy kit rules. Then, we decided to copy the policy kit related files from the container onto the host so they can be visible.
However, the OS that I am currently working with has a read only /usr and therefore do not support any files copying into /usr/share. The only exception is for /usr/local related files.
Thus, I tried to copy policy files into /usr/local/share/, but that sometimes will make polkit not recognize the firewalld action. (e.g: Error: Action org.fedoraproject.FirewallD1.config is not registered)
I hope my explanation makes sense. Are there any suggestions for a work around when policy files can not be copied to /usr/share/polkit-1/actions?
[1]https://github.com/projectatomic/atomic-system-containers
[2]https://github.com/projectatomic/atomic-system-containers/pull/150
Thank you for your time.
More information about the polkit-devel
mailing list