PolicyKit + KDE

John Tapsell johnflux at gmail.com
Wed Sep 2 21:39:31 BST 2009


2009/9/2 Thiago Macieira <thiago at kde.org>:
> Em Quarta-feira 02 Setembro 2009, às 09:53:46, você escreveu:
>> 2009/9/2 Thiago Macieira <thiago at kde.org>:
>> > Em Quarta-feira 2. Setembro 2009, às 09.01.27, John Tapsell escreveu:
>> >> 2009/9/2 Thiago Macieira <thiago at kde.org>:
>> >> > Em Quarta-feira 2. Setembro 2009, às 02.09.15, Matthew Woehlke
> escreveu:
>> >> >> That said, I guess I don't understand how PK works that this is even
>> >> >> needed. If PK says "user may edit <certain things>", why does it
>> >> >> matter if the user does that via package from packaged KDE, /bin/vi,
>> >> >> or some cobbled-together C program they just compiled? Since you are
>> >> >> talking about installing policy files I must guess that this is not
>> >> >> how PK works?
>> >> >
>> >> > Please note that the problem isn't PolicyKit.
>> >>
>> >> But it is about PolicyKit - KSysGuard uses policykit to kill processes
>> >> etc, and so has to install those files.
>> >
>> > You forgot to add that it asks policykit to kill processes because
>> > ksysguard's process lister is being run under a different UID now.
>> >
>> > Why doesn't the user front-end kill user processes?
>>
>> If the process is owned by the user, then it doesn't need policy kit.
>> Policykit is only used to kill processes not owned by the user.
>>
>> E.g. A normal user wants to kill a root process.
>
> Exactly. That's a new feature, a privilege elevation that before wasn't
> possible.
>
> This doesn't show a PolicyKit problem. It's a new feature we didn't have.

Not true, KSysGuard has been able to kill a root process for ages, by
running "kdesu kill PID".  The PolicyKit 'problem' sorta takes
ksysguard back a step, in that before ksysguard could reliably kill a
root process but now it can't without someone manually copying policy
files around.

> --
> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>  Senior Product Manager - Nokia, Qt Development Frameworks
>      PGP/GPG: 0x6EF45358; fingerprint:
>      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
>
> Qt Developer Days 2009 | Registration Now Open!
> Munich, Germany: Oct 12 - 14     San Francisco, California: Nov 2 - 4
>      http://qt.nokia.com/qtdevdays2009
>




More information about the kde-core-devel mailing list