Upcoming Fedora Test Days ... DeviceKit and XFCE

Michal Jaegermann michal at harddata.com
Mon Mar 16 21:25:08 UTC 2009


On Mon, Mar 16, 2009 at 12:19:53PM -0700, Adam Williamson wrote:
> On Sat, 2009-03-14 at 14:39 -0600, Michal Jaegermann wrote:
> > On Fri, Mar 13, 2009 at 05:50:58PM -0400, James Laska wrote:
> > > 
> > > = DeviceKit =
> > > 
> > > Ever notice how the graphical disk management functionality present
> > > during a Fedora installation is not available after you've installed
> > > your system?  
> > > 
> > >    <Enter DeviceKit on stage left>  
> > 
> > AFAICS this is the next big security disaster in the making.
> 
> The security model for DeviceKit is 'use PolicyKit'. DeviceKit uses the
> policies set by PolicyKit to regulate access to storage devices. If you
> want a restrictive policy on such access, set it up in PolicyKit.

After his standard initial response "this is not a bug", or
equivalent, David Zeuthen got convinced to look at
https://bugzilla.redhat.com/show_bug.cgi?id=489397
and apparently a fix should be simple in this case.

The general issue is that while on one hand things are getting
tightened up with SELinux policies, from time to time beyond a point
of usability, at the same moment big holes are opened due to a
byzantine maze of dependencies between PolicyKit and DeviceKit and
Nautilus and generally desktop things.  While so far it appears that
it is possible to hack around issues one has to catch up first that
there is a problem and this should not be required by default.  By
all means looser restrictions should be available if desired but as
a configured choice and not surprises.

    Michal




More information about the fedora-test-list mailing list