Releases/FeaturePolicyKit

= PolicyKit =

Summary
PolicyKit provides a flexible framework for granting users access to privileged operations. It is meant to replace the old userhelper approach, and overcome some of its shortcomings.

Owner

 * Name: DavidZeuthen

Current status

 * Targeted release:  Fedora 8
 * Last updated: 2007-10-03
 * Percentage of completion: 100%

Detailed Description
PolicyKit is currently being developed in the context of the hal project. An initial release has just happened. hal support for PolicyKit is developed in parallel and will appear in hal 0.5.10.

David recently released PolicyKit 0.5 and a hal 0.5.10rc1 that depends on it. Rawhide contains git snapshots of PolicyKit 0.6 and hal 0.5.10.

Dbus system-bus activation has been implemented by RichardHughes and is included in dbus 1.1.2 in rawhide.

In Fedora 8, the only user of PolicyKit will be hal. The clock-setting feature of the panel clock has been implemented, but came to late for F8. It is now being proposed as an  F9 feature.

Usage cases/rationale
1. David wants to format his USB stick. When he activates the corresponding item from the context menu, the system presents a dialog asking him for the root password.

2. Matt needs to adjust the clock of his computer. The context menu of the panel clock lets him do this without asking for passwords. (Or, depending on the policy, allows him to authenticate with his own password like sudo or Mac OS X.)

3. When Ray shuts down his system, gdm asks him if he really wants to shut down while his girlfriend has a session running on the system. When he is the only user on the system, gdm shuts down without further questions.

4. David administrates his familys desktop system. He wants to allow every family member to format removable media without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit.

Scope
Requires PolicyKit packages and changes to hal, system-config-date, gdm.

Test Plan
Verify that the use cases above all work.

Dependencies
Depends on an upstream PolicyKit release, which has happened now, packages are in rawhide. The clock setting part requires dbus system-bus activation, which is in dbus 1.1.2 in rawhide.

Details
For the clock setting part, implement a small dbus service for changing time/date, and use dbus system-bus activation to use it. system-config-date should also be changed to use this dbus service.

Contingency Plan
The transition to PolicyKit will be gradual. It can happily coexist with the traditional userhelper approach.

Documentation
PolicyKit ships man pages for its commandline utilities and for its configuration file format. It also includes the PolicyKit specification. More information at http://blog.fubar.dk/?p=66, http://people.freedesktop.org/~david/polkit-spec.html and http://lists.freedesktop.org/archives/hal/2006-March/004770.html.