PolicyKit + KDE

Alexander Neundorf neundorf at kde.org
Wed Sep 2 17:54:53 BST 2009


On Wednesday 02 September 2009, John Tapsell wrote:
> 2009/9/2 Thiago Macieira <thiago at kde.org>:
> > Em Quarta-feira 2. Setembro 2009, às 02.09.15, Matthew Woehlke escreveu:
> >> That said, I guess I don't understand how PK works that this is even
> >> needed. If PK says "user may edit <certain things>", why does it matter
> >> if the user does that via package from packaged KDE, /bin/vi, or some
> >> cobbled-together C program they just compiled? Since you are talking
> >> about installing policy files I must guess that this is not how PK
> >> works?
> >
> > Please note that the problem isn't PolicyKit.
>
> But it is about PolicyKit - KSysGuard uses policykit to kill processes
> etc, and so has to install those files.
>
> The trouble is that policy kit, by design, does not let a general
> program request root privileges.  Instead root has to _first_
> authorize that program to even request root privileges, by installing
> certain files into system directories.

Would there be a principal problem if e.g. dbus could read multiple config 
files and combine the information from them ?
Then it could be started like
dbus-daemon --config-file=/etc/dbus-1/system.conf --config-file=/opt/kde4/etc/dbus-1/kde-system.conf

etc. It should be also possible to list the config file in an env. var.
I don't see a problem there, since there is no way a user can influence the 
way how dbus-daemon is started, neither via command line arguments nor via an 
env. var.

Alex




More information about the kde-core-devel mailing list