https://bugzilla.novell.com/show_bug.cgi?id=825262 https://bugzilla.novell.com/show_bug.cgi?id=825262#c11 --- Comment #11 from Alexander Bergmann <abergmann@suse.com> 2013-07-08 16:18:52 UTC --- We have two parts here that need to be evaluated. 1. New dbus service "org.kde.nepomuk.filewatch". 2. New PolicyKit rule "org.kde.nepomuk.filewatch.raiselimit" 1. A new dbus system service is introduced with nepomuk-core. This system service allows the execution of kde_nepomuk_filewatch_raiselimit that is also part of nepomuk-core. Inside the FileWatchHelper::raiselimit function inside raiselimit.cpp it doubles the value in /proc/sys/fs/inotify/max_user_watches and sets/replaces this value in /etc/sysctl.d/97-kde-nepomuk-filewatch-inotify.conf to be reboot persistent. 2. The PolicyKit is used to have an upstruction layer between the user session and the FileWatchHelper::raiselimit function. An unprivileged user account can therefore gain the privilege to raise the max_user_watches for the system. For this the user has to authenticate as admin (root). org.kde.nepomuk.filewatch.raiselimit no:no:auth_admin_keep All functions are programmed straight forward. So there is no security impact. Therefore the changes in polkit-default-privs and rpmlint can be marked as valid and can be set permanently. polkit-default-privs.changes: - track nepomuk rights (bnc#825262) rpmlint.changes: - allow nepomuk helpers temporary without full audit (bnc#825262) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.