From Fedora Project Wiki

< Releases

Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

PolicyKit

Summary

Policy'Kit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings.

Owner

  • Name: DavidZeuthen

Current status

  • Targeted release: Fedora 8
  • Last updated: 2007-10-03
  • Percentage of completion: 100%

Detailed Description

Policy'Kit is currently being developed in the context of the hal project. An initial release has just happened . hal support for Policy'Kit is developed in parallel and will appear in hal 0.5.10.

David recently released Policy'Kit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of Policy'Kit 0.6 and hal 0.5.10.

Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.

In Fedora 8, the only user of Policy'Kit will be hal. The clock-setting feature of the panel clock has been implemented, but came to late for F8. It is now being proposed as an F9 feature .

Usage cases/rationale

1. David wants to format his USB stick. When he activates the corresponding item from the context menu, the system presents a dialog asking him for the root password.

2. Matt needs to adjust the clock of his computer. The context menu of the panel clock lets him do this without asking for passwords. (Or, depending on the policy, allows him to authenticate with his own password like sudo or Mac OS X.)

3. When Ray shuts down his system, gdm asks him if he really wants to shut down while his girlfriend has a session running on the system. When he is the only user on the system, gdm shuts down without further questions.

4. David administrates his familys desktop system. He wants to allow every family member to format removable media without giving them the root password. He achieves this by editing the xml file that defines the policy for Policy'Kit.

Scope

Requires Policy'Kit packages and changes to hal, system-config-date, gdm.

Test Plan

Verify that the use cases above all work.

Dependencies

Depends on an upstream Policy'Kit release, which has happened now, packages are in rawhide. The clock setting part requires dbus system-bus activation, which is in dbus 1.1.2 in rawhide.

Details

For the clock setting part, implement a small dbus service for changing time/date, and use dbus system-bus activation to use it. system-config-date should also be changed to use this dbus service.

Contingency Plan

The transition to Policy'Kit will be gradual. It can happily coexist with the traditional userhelper approach.

Documentation

Policy'Kit ships man pages for its commandline utilities and for its configuration file format. It also includes the Policy'Kit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Releases/FeaturePolicyKit&oldid=15658"