m (1 revision(s)) |
mNo edit summary |
||
| Line 5: | Line 5: | ||
== Summary == | == Summary == | ||
PolicyKit provides a flexible framework for granting users access to privileged operations. | |||
It is meant to replace the old userhelper approach, and overcome some of its shortcomings. | It is meant to replace the old userhelper approach, and overcome some of its shortcomings. | ||
| Line 18: | Line 18: | ||
== Detailed Description == | == Detailed Description == | ||
PolicyKit is currently being developed in the context of the hal project. An initial release has just | |||
[http://lists.freedesktop.org/archives/hal/2007-June/008815.html happened] . hal support for | [http://lists.freedesktop.org/archives/hal/2007-June/008815.html happened] . hal support for PolicyKit is | ||
developed in parallel and will appear in hal 0.5.10. | developed in parallel and will appear in hal 0.5.10. | ||
David recently released | David recently released PolicyKit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of | ||
PolicyKit 0.6 and hal 0.5.10. | |||
Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide. | Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide. | ||
In Fedora 8, the only user of | In Fedora 8, the only user of PolicyKit will be hal. The clock-setting feature of the panel clock has been implemented, | ||
but came to late for F8. It is now being proposed as an [[Releases/FeatureClockApplet| F9 feature]] . | but came to late for F8. It is now being proposed as an [[Releases/FeatureClockApplet| F9 feature]] . | ||
| Line 43: | Line 43: | ||
4. David administrates his familys desktop system. He wants to allow every family member to format removable media | 4. David administrates his familys desktop system. He wants to allow every family member to format removable media | ||
without giving them the root password. He achieves this by editing the xml file that defines the policy for | without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit. | ||
== Scope == | == Scope == | ||
Requires | Requires PolicyKit packages and changes to hal, system-config-date, gdm. | ||
== Test Plan == | == Test Plan == | ||
| Line 55: | Line 55: | ||
== Dependencies == | == Dependencies == | ||
Depends on an upstream | Depends on an upstream PolicyKit release, which has happened now, packages are in rawhide. The clock setting part requires | ||
dbus system-bus activation, which is in dbus 1.1.2 in rawhide. | dbus system-bus activation, which is in dbus 1.1.2 in rawhide. | ||
| Line 65: | Line 65: | ||
== Contingency Plan == | == Contingency Plan == | ||
The transition to | The transition to PolicyKit will be gradual. It can happily coexist with the traditional userhelper | ||
approach. | approach. | ||
== Documentation == | == Documentation == | ||
PolicyKit ships man pages for its commandline utilities and for its configuration file format. | |||
It also includes the | It also includes the PolicyKit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html. | ||
== Release Notes == | == Release Notes == | ||
Latest revision as of 04:51, 22 January 2009
PolicyKit
Summary
PolicyKit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings.
Owner
- Name: DavidZeuthen
Current status
- Targeted release: Fedora 8
- Last updated: 2007-10-03
- Percentage of completion: 100%
Detailed Description
PolicyKit is currently being developed in the context of the hal project. An initial release has just happened . hal support for PolicyKit is developed in parallel and will appear in hal 0.5.10.
David recently released PolicyKit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of PolicyKit 0.6 and hal 0.5.10.
Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.
In Fedora 8, the only user of PolicyKit will be hal. The clock-setting feature of the panel clock has been implemented, but came to late for F8. It is now being proposed as an F9 feature .
Usage cases/rationale
1. David wants to format his USB stick. When he activates the corresponding item from the context menu, the system presents a dialog asking him for the root password.
2. Matt needs to adjust the clock of his computer. The context menu of the panel clock lets him do this without asking for passwords. (Or, depending on the policy, allows him to authenticate with his own password like sudo or Mac OS X.)
3. When Ray shuts down his system, gdm asks him if he really wants to shut down while his girlfriend has a session running on the system. When he is the only user on the system, gdm shuts down without further questions.
4. David administrates his familys desktop system. He wants to allow every family member to format removable media without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit.
Scope
Requires PolicyKit packages and changes to hal, system-config-date, gdm.
Test Plan
Verify that the use cases above all work.
Dependencies
Depends on an upstream PolicyKit release, which has happened now, packages are in rawhide. The clock setting part requires dbus system-bus activation, which is in dbus 1.1.2 in rawhide.
Details
For the clock setting part, implement a small dbus service for changing time/date, and use dbus system-bus activation to use it. system-config-date should also be changed to use this dbus service.
Contingency Plan
The transition to PolicyKit will be gradual. It can happily coexist with the traditional userhelper approach.
Documentation
PolicyKit ships man pages for its commandline utilities and for its configuration file format. It also includes the PolicyKit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.