https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c11
--- Comment #11 from Alexander Bergmann 2013-07-08 16:18:52 UTC ---
We have two parts here that need to be evaluated.
1. New dbus service "org.kde.nepomuk.filewatch".
2. New PolicyKit rule "org.kde.nepomuk.filewatch.raiselimit"
1. A new dbus system service is introduced with nepomuk-core. This system
service allows the execution of kde_nepomuk_filewatch_raiselimit that is also
part of nepomuk-core. Inside the FileWatchHelper::raiselimit function inside
raiselimit.cpp it doubles the value in /proc/sys/fs/inotify/max_user_watches
and sets/replaces this value in
/etc/sysctl.d/97-kde-nepomuk-filewatch-inotify.conf to be reboot persistent.
2. The PolicyKit is used to have an upstruction layer between the user session
and the FileWatchHelper::raiselimit function. An unprivileged user account can
therefore gain the privilege to raise the max_user_watches for the system. For
this the user has to authenticate as admin (root).
org.kde.nepomuk.filewatch.raiselimit no:no:auth_admin_keep
All functions are programmed straight forward. So there is no security impact.
Therefore the changes in polkit-default-privs and rpmlint can be marked as
valid and can be set permanently.
polkit-default-privs.changes:
- track nepomuk rights (bnc#825262)
rpmlint.changes:
- allow nepomuk helpers temporary without full audit (bnc#825262)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.