On Wed, Feb 22, 2012 at 03:45:18PM +0100, Ladislav Slezak wrote:
Dne 22.2.2012 15:25, Lukas Ocilka napsal(a):
ACLs ---- * Bind to path * Roles defined as in WebYast
BTW, today I came across an interesting polkit feature: org.freedesktop.policykit.imply annotation:
"The org.freedesktop.policykit.imply annotation (its value is a string containing a space separated list of action identifiers) can be used to define meta actions. The way it works is that if a subject is authorized for an action with this annotation, then it is also authorized for any action specified by the annotation. A typical use of this annotation is when defining an UI shell with a single lock button that should unlock multiple actions from distinct mechanisms." (See "man polkit")
Using this annotations we could easily define high-level roles from low-level actions and it would be transparent for polkit and work with all polkit tools and services (pkaction, pkcheck, DBus service, etc...)
The drawback is that it could not be used in WebYaST on SLES (due to the old PolicyKit), we would need a workaround there... :-(
Ah, interesting. Now, to continue the general discussion, some summary is in this file (to which I have added now): https://github.com/yast/yast--/blob/master/doc/comparing-policies.txt To compare with other designs, see the list of polkit actions on your system: run "pkaction". -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu