PolicyKit + KDE

David Jarvie djarvie at kde.org
Wed Sep 2 21:39:55 BST 2009


On Wed, September 2, 2009 5:55 pm, Dario Freddi wrote:
> Hi all,
>
> just before people start screaming at random brokeness, let's make some
> clarifications. Let's start with some points we all should agree with
> (hopefully)
>
>  - Software that do not belong to system space should be installable in
> userspace
>  - Software in userspace should not even attempt to perform root
> operations
>  - KDE can be built without kauth => polkit, having, by result, all root
> actions denied, so it correctly fits with previous statements
>
> Now, that said, I still do not understand where is the problem with
> polkit. If
> you are installing stuff userspace, you should be aware of its
> limitations.
> Not having Kauth does _NOT_ compromise your environment, it just locks you
> out from privileged operations, which is quite bearable.
>
> I already fixed cmake (more or less, still have to test throughly) to make
> stuff install outside /usr and /etc, and I will also make it spit a
> warning on
> install if these files are installed outside, so people who really care
> about having things privileged working can simply issue a sudo mv.

It's not just installing into user space that's at issue. I have multiple
installs of different KDE versions in system space - in /opt. So there
isn't a security issue from having user-writable configuration files.
There is the issue that one version could be trampling over another
version's polkit files. They really should be installed into the install
prefix, and since that's in system space, it would also be good if they
would work correctly from there.

> That said, I hope you realized that these 3 file won't make your pc
> explode if
> they are not installed in the right location but will just prevent you
> using
> systemsettings to change the system date/time and from killing privileged
> processes with KSysGuard, hence will not prevent you from developing and
> rocking on KDE as usual.

It's only these facilities which won't work just now. But that list might
well expand in future KDE versions. So it would be good to get this sorted
out to avoid more awkward future problems.

-- 
David Jarvie.
KDE developer.
KAlarm author & maintainer.
http://www.astrojar.org.uk/kalarm





More information about the kde-core-devel mailing list