Consistent PolicyKit system policy
Colin Walters
walters at verbum.org
Mon Aug 10 13:42:06 UTC 2009
On Mon, Aug 10, 2009 at 9:08 AM, Tim Waugh<twaugh at redhat.com> wrote:
> What is the goal of the default Fedora PolicyKit policy system-wide, and
> how can we check that PolicyKit mechanisms' default policies are
> adhering to it?
Generally where I'd like to move to is where the RPM package defaults
are appropriate for a shared computer lab PC, and the desktop spin
kickstart modifies things as appropriate for the unmanaged home
PC/laptop. You could think of "computer lab PC" as very similar to
the our heritage, the "timesharing unix server" case, except that it
makes sense for say plugging in a USB key to do something useful.
An example of something that would be different between the RPM
package and desktop spin is the policy for software installation. In
the RPM package it should be either none allowed or "initiate updates
only", whereas the desktop spin would allow clickthrough for arbitrary
RPM installation. (This is mainly relevant in the future when we
don't have a separate root password in important places in the UI
flow).
We don't do this at all now though =) For your particular case I
think your current policy is the best we can do for all targets.
More information about the fedora-devel-list
mailing list