m (bad hr!) |
|||
(123 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
<!-- The actual name of your feature page should look something like: Features/YourFeatureName. This keeps all features in the same namespace --> | <!-- The actual name of your feature page should look something like: Features/YourFeatureName. This keeps all features in the same namespace --> | ||
= | = PolicyKit 1.0 = | ||
PolicyKit 1.0 | |||
== Summary == | == Summary == | ||
Line 11: | Line 10: | ||
== Current status == | == Current status == | ||
* Targeted release: [[Releases/ | * Targeted release: [[Releases/12 | Fedora 12 ]] | ||
* Last updated: 2009- | * Last updated: 2009-09-24 | ||
* Percentage of completion: | * Percentage of completion: 100% | ||
PolicyKit 0.95 is the current release of the new PolicyKit. | |||
The polkit, polkit-gnome and polkit-desktop-policy packages are in rawhide now. | |||
The PolicyKit 0.9 packages have been obsoleted. | |||
== Detailed Description == | == Detailed Description == | ||
The initial [[Releases/FeaturePolicyKit]] as introduced in Fedora 8 has some shortcomings. The | The initial [[Releases/FeaturePolicyKit]] as introduced in Fedora 8 has some shortcomings. E.g. it is based on a library with suid helpers. The shortcoming that motivated the rewrite is that it is not possible to integrate it with directory services such as FreeIPA. The new PolicyKit is implemented as a system bus service and has pluggable backends that make it easy to integrate with directory services. It is one of the goals of the [[Features/SSSD]] feature to write such a backend. PolicyKit 1.0 itself will ship with a backend that uses the local filesystem to store action definitions and authorizations, similar | ||
to the current PolicyKit. | to the current PolicyKit. | ||
More details can be found in Davids | More details can be found in Davids | ||
[http://lists.freedesktop.org/archives/polkit-devel/2009-January/000070.html announcement] of the PolicyKit 0.90 release. | [http://lists.freedesktop.org/archives/polkit-devel/2009-January/000070.html announcement] of the PolicyKit 0.90 release and in his [http://lists.freedesktop.org/archives/polkit-devel/2009-June/000135.html plans] for the local authority. | ||
The current plan is to land the new PolicyKit early in F12 (as soon as it opens up, basically), and have most of the patches ready to port applications. The old PolicyKit 0.9 packages can remain for a while to ease the transition period and will be removed a few months into F12, when all users have been ported. | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
Making it possible to manage policies in a central directory service makes Fedora more suitable for larger, centrally managed installations. | Making it possible to manage policies in a central directory service makes Fedora more suitable for larger, centrally managed installations. | ||
As a secondary benefit, the new PolicyKit api is much simpler to work with than the PolicyKit 0.9 api. | |||
== Scope == | == Scope == | ||
* Package EggDbus, which is a dependency of the new PolicyKit | |||
* Package the new PolicyKit, making it parallel-installable with the current PolicyKit | * Package the new PolicyKit, making it parallel-installable with the current PolicyKit | ||
* Port supporting libraries such as PolicyKit-gnome and PolicyKit-kde to the new PolicyKit or obsolete them | |||
* Complete PolicyKit 1.0, including documentation and porting guide | * Complete PolicyKit 1.0, including documentation and porting guide | ||
* Port PolicyKit-using applications to the new PolicyKit: | * Port PolicyKit-using applications to the new PolicyKit: | ||
{| | |||
! Package !! Status !! Bug | |||
|- | |||
| NetworkManager || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499965 499965] | |||
|- | |||
| DeviceKit-disks || done || | |||
|- | |||
| gnome-disk-utility || done || | |||
|- | |||
| DeviceKit-power || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498695 498695] | |||
|- | |||
| gnome-power-manager || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498560 498560] | |||
|- | |||
| PackageKit || done || | |||
|- | |||
| gnome-packagekit || done || | |||
|- | |||
| PackageKit-qt || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499968 499968] | |||
|- | |||
| hal || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499969 499969] | |||
|- | |||
| libvirt || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499970 499970] | |||
|- | |||
| gnome-system-monitor || done || [http://bugzilla.redhat.com/show_bug.cgi?id=495730 495730] | |||
|- | |||
| ConsoleKit || done || [http://bugzilla.redhat.com/show_bug.cgi?id=495617 495617] | |||
|- | |||
| gdm || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498361 498361] | |||
|- | |||
| pulseaudio || done || [http://bugzilla.redhat.com/show_bug.cgi?id=497621 497621] | |||
|- | |||
| control-center || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498365 498365] | |||
|- | |||
| fprintd || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498368 498368] | |||
|- | |||
| gnome-panel || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498366 498366] | |||
|- | |||
| gnome-applets || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499972 499972] | |||
|- | |||
| GConf2 || done || [http://bugzilla.redhat.com/show_bug.cgi?id=498370 498370] | |||
|- | |||
| gconf-editor || done || [http://bugzilla.redhat.com/show_bug.cgi?id=505645 505645] | |||
|- | |||
| gnome-session || needs new ConsoleKit api, see below || [http://bugzilla.redhat.com/show_bug.cgi?id=497619 497619] | |||
|- | |||
| system-config-services || || [http://bugzilla.redhat.com/show_bug.cgi?id=500007 500007] | |||
|- | |||
| cups-pk-helper || done || [http://bugzilla.redhat.com/show_bug.cgi?id=499971 499971] | |||
|- | |||
| libconcord || || [http://bugzilla.redhat.com/show_bug.cgi?id=516067 516067] | |||
|- | |||
| gnome-lirc-properties || done || [http://bugzilla.redhat.com/show_bug.cgi?id=516069 516069] [https://bugzilla.gnome.org/show_bug.cgi?id=594899 GNOME 594899] | |||
|- | |||
| argyllcms || || [http://bugzilla.redhat.com/show_bug.cgi?id=516072 516072] | |||
|} | |||
== How To Test == | == How To Test == | ||
Line 71: | Line 110: | ||
--> | --> | ||
# Make sure you have polkit and polkit-gnome 0.91 or newer installed. | |||
# Make sure /usr/libexec/polkit-gnome-authentication-agent-1 is automatically started when you log in | |||
# Choose a operation that require authorization and are using PolicyKit, e.g. setting the system timezone in the clock applet | |||
# Try the operation and verify that you get a PolicyKit password dialog according to the policy | |||
# Test that entering the wrong password does not let you execute the operation | |||
# Test that entering the correct password lets you execute the operation | |||
# Verify that the authorization is remembered according to the policy for this operation, and that a statusicon informs you about currently remembered authorizations | |||
# Verify that you can drop the authorizations from the status icon | |||
# Try changing the policy for the operation by editing the corresponding policy file | |||
# Check that the policy changes are effective immediately | |||
# Verify that logging out and back in removes all remembered authorizations | |||
Repeat these tests with other operations that require authorization, such as storing system connections in nm-applet or changing the default desktop background. | |||
== User Experience == | == User Experience == | ||
The authentication dialogs that are shown by PolicyKit will change in some aspects. The 'retain authorization' checkboxes will likely go away and be replaced with a status icon in the style of consolehelper-gtk, that lets you inspect and drop your retained authorizations. | The authentication dialogs that are shown by PolicyKit will change in some aspects. The 'retain authorization' checkboxes will likely go away and be replaced with a status icon in the style of consolehelper-gtk, that lets you inspect and drop your retained authorizations. | ||
The policy editor under ''System → Preferences → Authorizations'' is going to go away. It is a really problematic interface, and not really needed for normal users. Instead we want to add a simple group-based UI to a future user account dialog, that will let you declare that a user is an 'Administrator' or a 'Guest'. PolicyKit 1.0 includes all the infrastructure for this. | |||
== Dependencies == | == Dependencies == | ||
* [[Features/SSSD]] not a hard dependency, but these two features will benefit from each other | * [[Features/SSSD]] not a hard dependency, but these two features will benefit from each other | ||
* [[Features/ConsoleKitInhibitAPI]] is needed to make gnome-sessions Shutdown functionality work in a nice way with PolicyKit 1 | |||
* eggdbus review: http://bugzilla.redhat.com/show_bug.cgi?id=502918 | |||
* polkit review: http://bugzilla.redhat.com/show_bug.cgi?id=502919 | |||
* polkit-gnome review: http://bugzilla.redhat.com/show_bug.cgi?id=502920 | |||
== Contingency Plan == | |||
If PolicyKit 1.0 fails catastrophically, go back to PolicyKit 0.9. All of the patches listed above will have to be backed out. | |||
If not all ports listed above can be completed in time, keep PolicyKit 0.9 around, and don't add the Obsoletes: line. | |||
== Documentation == | == Documentation == | ||
PolicyKit documentation, including API documentation and manual pages, can be found [http://hal.freedesktop.org/docs/polkit here]. In particular, see the architectural [http://hal.freedesktop.org/docs/polkit/polkit.8.html overview]. | |||
== Release Notes == | == Release Notes == | ||
Fedora 12 includes PolicyKit 1.0. | |||
In contrast to earlier PolicyKit releases in Fedora 10 and 11, this version of PolicyKit does not include a graphical application to manage individual authorizations. Instead, policies can be defined in simple text files and by associated with Unix groups. The polkit-desktop-policy package contains policy definitions suitable for 'Administrator' and 'Standard User' roles on a standalone desktop installation. See the PolicyKit | |||
[http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html documentation] for more information about policies and how they are defined. This information is also available in the polkit(8) manual page. | |||
PolicyKit 1.0 includes a status icon that informs about elevated privileges and provides an easy way to drop these privileges. | |||
== Comments and Discussion == | == Comments and Discussion == | ||
Line 95: | Line 159: | ||
* See [[Talk:Features/PolicyKitOne]] | * See [[Talk:Features/PolicyKitOne]] | ||
[[Category: | [[Category:FeatureAcceptedF12]] |
Latest revision as of 12:40, 24 September 2009
PolicyKit 1.0
Summary
PolicyKit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings. PolicyKit 1.0 addresses architectural shortcomings of the initial PolicyKit design.
Owner
- Name: David Zeuthen
Current status
- Targeted release: Fedora 12
- Last updated: 2009-09-24
- Percentage of completion: 100%
PolicyKit 0.95 is the current release of the new PolicyKit.
The polkit, polkit-gnome and polkit-desktop-policy packages are in rawhide now. The PolicyKit 0.9 packages have been obsoleted.
Detailed Description
The initial Releases/FeaturePolicyKit as introduced in Fedora 8 has some shortcomings. E.g. it is based on a library with suid helpers. The shortcoming that motivated the rewrite is that it is not possible to integrate it with directory services such as FreeIPA. The new PolicyKit is implemented as a system bus service and has pluggable backends that make it easy to integrate with directory services. It is one of the goals of the Features/SSSD feature to write such a backend. PolicyKit 1.0 itself will ship with a backend that uses the local filesystem to store action definitions and authorizations, similar to the current PolicyKit.
More details can be found in Davids announcement of the PolicyKit 0.90 release and in his plans for the local authority.
The current plan is to land the new PolicyKit early in F12 (as soon as it opens up, basically), and have most of the patches ready to port applications. The old PolicyKit 0.9 packages can remain for a while to ease the transition period and will be removed a few months into F12, when all users have been ported.
Benefit to Fedora
Making it possible to manage policies in a central directory service makes Fedora more suitable for larger, centrally managed installations.
As a secondary benefit, the new PolicyKit api is much simpler to work with than the PolicyKit 0.9 api.
Scope
- Package EggDbus, which is a dependency of the new PolicyKit
- Package the new PolicyKit, making it parallel-installable with the current PolicyKit
- Port supporting libraries such as PolicyKit-gnome and PolicyKit-kde to the new PolicyKit or obsolete them
- Complete PolicyKit 1.0, including documentation and porting guide
- Port PolicyKit-using applications to the new PolicyKit:
Package | Status | Bug |
---|---|---|
NetworkManager | done | 499965 |
DeviceKit-disks | done | |
gnome-disk-utility | done | |
DeviceKit-power | done | 498695 |
gnome-power-manager | done | 498560 |
PackageKit | done | |
gnome-packagekit | done | |
PackageKit-qt | done | 499968 |
hal | done | 499969 |
libvirt | done | 499970 |
gnome-system-monitor | done | 495730 |
ConsoleKit | done | 495617 |
gdm | done | 498361 |
pulseaudio | done | 497621 |
control-center | done | 498365 |
fprintd | done | 498368 |
gnome-panel | done | 498366 |
gnome-applets | done | 499972 |
GConf2 | done | 498370 |
gconf-editor | done | 505645 |
gnome-session | needs new ConsoleKit api, see below | 497619 |
system-config-services | 500007 | |
cups-pk-helper | done | 499971 |
libconcord | 516067 | |
gnome-lirc-properties | done | 516069 GNOME 594899 |
argyllcms | 516072 |
How To Test
- Make sure you have polkit and polkit-gnome 0.91 or newer installed.
- Make sure /usr/libexec/polkit-gnome-authentication-agent-1 is automatically started when you log in
- Choose a operation that require authorization and are using PolicyKit, e.g. setting the system timezone in the clock applet
- Try the operation and verify that you get a PolicyKit password dialog according to the policy
- Test that entering the wrong password does not let you execute the operation
- Test that entering the correct password lets you execute the operation
- Verify that the authorization is remembered according to the policy for this operation, and that a statusicon informs you about currently remembered authorizations
- Verify that you can drop the authorizations from the status icon
- Try changing the policy for the operation by editing the corresponding policy file
- Check that the policy changes are effective immediately
- Verify that logging out and back in removes all remembered authorizations
Repeat these tests with other operations that require authorization, such as storing system connections in nm-applet or changing the default desktop background.
User Experience
The authentication dialogs that are shown by PolicyKit will change in some aspects. The 'retain authorization' checkboxes will likely go away and be replaced with a status icon in the style of consolehelper-gtk, that lets you inspect and drop your retained authorizations.
The policy editor under System → Preferences → Authorizations is going to go away. It is a really problematic interface, and not really needed for normal users. Instead we want to add a simple group-based UI to a future user account dialog, that will let you declare that a user is an 'Administrator' or a 'Guest'. PolicyKit 1.0 includes all the infrastructure for this.
Dependencies
- Features/SSSD not a hard dependency, but these two features will benefit from each other
- Features/ConsoleKitInhibitAPI is needed to make gnome-sessions Shutdown functionality work in a nice way with PolicyKit 1
- eggdbus review: http://bugzilla.redhat.com/show_bug.cgi?id=502918
- polkit review: http://bugzilla.redhat.com/show_bug.cgi?id=502919
- polkit-gnome review: http://bugzilla.redhat.com/show_bug.cgi?id=502920
Contingency Plan
If PolicyKit 1.0 fails catastrophically, go back to PolicyKit 0.9. All of the patches listed above will have to be backed out.
If not all ports listed above can be completed in time, keep PolicyKit 0.9 around, and don't add the Obsoletes: line.
Documentation
PolicyKit documentation, including API documentation and manual pages, can be found here. In particular, see the architectural overview.
Release Notes
Fedora 12 includes PolicyKit 1.0.
In contrast to earlier PolicyKit releases in Fedora 10 and 11, this version of PolicyKit does not include a graphical application to manage individual authorizations. Instead, policies can be defined in simple text files and by associated with Unix groups. The polkit-desktop-policy package contains policy definitions suitable for 'Administrator' and 'Standard User' roles on a standalone desktop installation. See the PolicyKit documentation for more information about policies and how they are defined. This information is also available in the polkit(8) manual page.
PolicyKit 1.0 includes a status icon that informs about elevated privileges and provides an easy way to drop these privileges.