Mailinglist Archive: yast-devel (25 mails)

< Previous Next >
Re: [yast-devel] YaST++ policies/ACLs
On Wed, Feb 22, 2012 at 03:45:18PM +0100, Ladislav Slezak wrote:
Dne 22.2.2012 15:25, Lukas Ocilka napsal(a):
ACLs
----
* Bind to path
* Roles defined as in WebYast

BTW, today I came across an interesting polkit feature:
org.freedesktop.policykit.imply annotation:

"The org.freedesktop.policykit.imply annotation (its value is a string
containing a
space separated list of action identifiers) can be used to define meta
actions. The
way it works is that if a subject is authorized for an action with this
annotation,
then it is also authorized for any action specified by the annotation. A
typical use
of this annotation is when defining an UI shell with a single lock button
that should
unlock multiple actions from distinct mechanisms."
(See "man polkit")

Using this annotations we could easily define high-level roles from low-level
actions and it would be transparent for polkit and work with all polkit tools
and
services (pkaction, pkcheck, DBus service, etc...)

The drawback is that it could not be used in WebYaST on SLES (due to the old
PolicyKit), we would need a workaround there... :-(

Ah, interesting.

Now, to continue the general discussion, some summary is in this
file (to which I have added now):
https://github.com/yast/yast--/blob/master/doc/comparing-policies.txt

To compare with other designs, see the list of polkit actions on your
system: run "pkaction".
--
Martin Vidner, YaST developer
http://en.opensuse.org/User:Mvidner

Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu
< Previous Next >
Follow Ups