Allow putting .policy files in a different location than /usr/PolicyKit

Sat Sep 12 21:47:04 BST 2009

Hey,

On Thu, 2009-09-03 at 10:47 +0200, Dario Freddi wrote:
> Hello lists,
> 
> I will make the situation pretty clear in a fast way: at the moment we (as in 
> developers) at KDE have a small problem regarding PolicyKit, after it has been 
> deeply integrated in 4.4 (trunk).
> 
> It seems like there is no way to tell polkit to look for .policy files in a 
> different location than $installationprefix/share/PolicyKit/policy. This issue 
> is actually blocking most of the developers from using polkit features, as we 
> mostly install trunk stuff in a different prefix than /usr (where polkit is 
> reasonably installed). Also please note that we know of many different KDE and 
> GNOME setups where the installation is not in the standard /usr prefix, but 
> more on a remote share.
> 
> I would like to ask David if there's a way for specifying a different include 
> path in PolicyKit.conf, just like DBus allows that for policy files and 
> activation services, and if it's not possible at the moment, please really 
> consider this as a feature for polkit 1.0, it is really easy to include and 
> you would make a lot of people happier. I can also try and create a patch 
> myself for this, with some decent guidance.

Couldn't we just make the daemon look at $XDG_DATA_DIRS instead of just
$datadir/polkit-1/actions (e.g. /usr/share/polkit-1/actions). There's a
couple of problems with this however

 - polkit is typically used a security mechanism and $XDG_DATA_DIRS may
   contain paths that the admin doesn't really trust. I don't really
   know, the XDG Base Directory Spec doesn't say anything about this.
   I don't know if it should.

 - polkitd is launched by the system message bus so $XDG_DATA_DIRS would
   have to be set when the bus is launched (typically by an init 
   script) and we'd have to check/ensure that $XDG_DATA_DIRS is passed
   on to the polkitd process

 - I'm not sure $XDG_DATA_DIRS is set system-wide at all or even if it
   is intended for such use; doesn't seem to be the case on Fedora at
   least. I don't know about other distros or whether it is desirable
   or not. I think it might not be but I don't know and I haven't
   thought a lot about this.

 - It might be confusing that people who sets $XDG_DATA_DIRS for their
   login-session that the system wide polkitd instance isn't picking
   their variable up.

FWIW, this is very similar to /usr/share/dbus-1/system-services since
both directories are security related - it might be good to just do what
D-Bus does for that directory. E.g. if (and only if) D-Bus supports
$XDG_DATA_DIRS for that directory then we should do it as well.

     David