< Features
(→Scope) |
|||
| Line 33: | Line 33: | ||
== Scope == | == Scope == | ||
* Package EggDbus, which is a depencency of the new PolicyKit | |||
* Package the new PolicyKit, making it parallel-installable with the current PolicyKit | * Package the new PolicyKit, making it parallel-installable with the current PolicyKit | ||
* Port supporting libraries such as PolicyKit-gnome and PolicyKit-de to the new PolicyKit | |||
* Complete PolicyKit 1.0, including documentation and porting guide | * Complete PolicyKit 1.0, including documentation and porting guide | ||
* Port PolicyKit-using applications to the new PolicyKit: | * Port PolicyKit-using applications to the new PolicyKit: | ||
** NetworkManager | ** NetworkManager | ||
Revision as of 19:54, 27 January 2009
Feature Name
PolicyKit 1.0
Summary
PolicyKit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings. PolicyKit 1.0 addresses architectural shortcomings of the initial PolicyKit design.
Owner
- Name: David Zeuthen
Current status
- Targeted release: Fedora 11
- Last updated: 2009-01-27
- Percentage of completion: 25%
PolicyKit 0.90 is the initial release of the new PolicyKit.
Richard has produced rough packages here.
The TODO list for PolicyKit 1.0 can be found here.
Detailed Description
The initial Releases/FeaturePolicyKit as introduced in Fedora 8 has some shortcomings. E.g. it is based on a library with suid helpers. The shortcoming that motivated the rewrite is that it is not possible to integrate it with directory services such as FreeIPA. The new PolicyKit is implemented as a system bus service and has pluggable backends that make it easy to integrate with directory services. It is one of the goals of the Features/SSSD feature to write such a backend. PolicyKit 1.0 itself will ship with a backend that uses the local filesystem to store action definitions and authorizations, similar to the current PolicyKit.
More details can be found in Davids announcement of the PolicyKit 0.90 release.
Benefit to Fedora
Making it possible to manage policies in a central directory service makes Fedora more suitable for larger, centrally managed installations.
Scope
- Package EggDbus, which is a depencency of the new PolicyKit
- Package the new PolicyKit, making it parallel-installable with the current PolicyKit
- Port supporting libraries such as PolicyKit-gnome and PolicyKit-de to the new PolicyKit
- Complete PolicyKit 1.0, including documentation and porting guide
- Port PolicyKit-using applications to the new PolicyKit:
- NetworkManager
- DeviceKit-disks
- DeviceKit-power
- gnome-disk-utility
- PackageKit
- gnome-packagekit
- kpackagekit
- libvirt
- gnome-system-monitor
- gnome-applets
- gdm
- pulseaudio
- control-center
- gnome-power-manager
- fprintd
- gnome-panel
- hal
- GConf2
- gnome-session
- ConsoleKit
- system-config-services
- cups-pk-helper
How To Test
User Experience
The authentication dialogs that are shown by PolicyKit will change in some aspects. The 'retain authorization' checkboxes will likely go away and be replaced with a status icon in the style of consolehelper-gtk, that lets you inspect and drop your retained authorizations.
Dependencies
- Features/SSSD not a hard dependency, but these two features will benefit from each other
Contingency Plan
Stay with PolicyKit 0.9
Documentation
No documentation yet.
Release Notes
TBD