Releases/FeaturePolicyKit

From FedoraProject

< Releases(Difference between revisions)
Jump to: navigation, search
(Imported from MoinMoin)
 
m
 
(One intermediate revision by one user not shown)
Line 5: Line 5:
 
== Summary ==
 
== Summary ==
  
Policy''''''Kit provides a flexible framework for granting users access to privileged operations.
+
PolicyKit provides a flexible framework for granting users access to privileged operations.
 
It is meant to replace the old userhelper approach, and overcome some of its shortcomings.
 
It is meant to replace the old userhelper approach, and overcome some of its shortcomings.
  
Line 18: Line 18:
 
== Detailed Description ==
 
== Detailed Description ==
  
Policy''''''Kit is currently being developed in the context of the hal project. An initial release has just
+
PolicyKit is currently being developed in the context of the hal project. An initial release has just
[http://lists.freedesktop.org/archives/hal/2007-June/008815.html happened] . hal support for Policy''''''Kit is
+
[http://lists.freedesktop.org/archives/hal/2007-June/008815.html happened] . hal support for PolicyKit is
 
developed in parallel and will appear in hal 0.5.10.
 
developed in parallel and will appear in hal 0.5.10.
  
David recently released Policy''''''Kit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of
+
David recently released PolicyKit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of
Policy''''''Kit 0.6 and hal 0.5.10.
+
PolicyKit 0.6 and hal 0.5.10.
  
 
Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.
 
Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.
  
In Fedora 8, the only user of Policy''''''Kit will be hal. The clock-setting feature of the panel clock has been implemented,
+
In Fedora 8, the only user of PolicyKit will be hal. The clock-setting feature of the panel clock has been implemented,
 
but came to late for F8. It is now being proposed as an [[Releases/FeatureClockApplet|  F9 feature]] .
 
but came to late for F8. It is now being proposed as an [[Releases/FeatureClockApplet|  F9 feature]] .
  
Line 43: Line 43:
  
 
4. David administrates his familys desktop system. He wants to allow every family member to format removable media
 
4. David administrates his familys desktop system. He wants to allow every family member to format removable media
without giving them the root password. He achieves this by editing the xml file that defines the policy for Policy''''''Kit.
+
without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit.
  
 
== Scope ==
 
== Scope ==
  
Requires Policy''''''Kit packages and changes to hal, system-config-date, gdm.
+
Requires PolicyKit packages and changes to hal, system-config-date, gdm.
  
 
== Test Plan ==
 
== Test Plan ==
Line 55: Line 55:
 
== Dependencies ==
 
== Dependencies ==
  
Depends on an upstream Policy''''''Kit release, which has happened now, packages are in rawhide. The clock setting part requires
+
Depends on an upstream PolicyKit release, which has happened now, packages are in rawhide. The clock setting part requires
 
dbus system-bus activation, which is in dbus 1.1.2 in rawhide.
 
dbus system-bus activation, which is in dbus 1.1.2 in rawhide.
  
Line 65: Line 65:
 
== Contingency Plan ==
 
== Contingency Plan ==
  
The transition to Policy''''''Kit will be gradual. It can happily coexist with the traditional userhelper
+
The transition to PolicyKit will be gradual. It can happily coexist with the traditional userhelper
 
approach.
 
approach.
  
 
== Documentation ==
 
== Documentation ==
  
Policy''''''Kit ships man pages for its commandline utilities and for its configuration file format.
+
PolicyKit ships man pages for its commandline utilities and for its configuration file format.
It also includes the Policy''''''Kit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.
+
It also includes the PolicyKit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.
  
 
== Release Notes ==
 
== Release Notes ==

Latest revision as of 04:51, 22 January 2009

Contents

[edit] PolicyKit

[edit] Summary

PolicyKit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings.

[edit] Owner

  • Name: DavidZeuthen

[edit] Current status

  • Targeted release: Fedora 8
  • Last updated: 2007-10-03
  • Percentage of completion: 100%

[edit] Detailed Description

PolicyKit is currently being developed in the context of the hal project. An initial release has just happened . hal support for PolicyKit is developed in parallel and will appear in hal 0.5.10.

David recently released PolicyKit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of PolicyKit 0.6 and hal 0.5.10.

Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.

In Fedora 8, the only user of PolicyKit will be hal. The clock-setting feature of the panel clock has been implemented, but came to late for F8. It is now being proposed as an F9 feature .

[edit] Usage cases/rationale

1. David wants to format his USB stick. When he activates the corresponding item from the context menu, the system presents a dialog asking him for the root password.

2. Matt needs to adjust the clock of his computer. The context menu of the panel clock lets him do this without asking for passwords. (Or, depending on the policy, allows him to authenticate with his own password like sudo or Mac OS X.)

3. When Ray shuts down his system, gdm asks him if he really wants to shut down while his girlfriend has a session running on the system. When he is the only user on the system, gdm shuts down without further questions.

4. David administrates his familys desktop system. He wants to allow every family member to format removable media without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit.

[edit] Scope

Requires PolicyKit packages and changes to hal, system-config-date, gdm.

[edit] Test Plan

Verify that the use cases above all work.

[edit] Dependencies

Depends on an upstream PolicyKit release, which has happened now, packages are in rawhide. The clock setting part requires dbus system-bus activation, which is in dbus 1.1.2 in rawhide.

[edit] Details

For the clock setting part, implement a small dbus service for changing time/date, and use dbus system-bus activation to use it. system-config-date should also be changed to use this dbus service.

[edit] Contingency Plan

The transition to PolicyKit will be gradual. It can happily coexist with the traditional userhelper approach.

[edit] Documentation

PolicyKit ships man pages for its commandline utilities and for its configuration file format. It also includes the PolicyKit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.

[edit] Release Notes