Once upon a time, Colin Walters <walters@xxxxxxxxxx> said: > (Thanks for a constructive discussion by the way!) No problem; I'm trying to understand and help things move forward. I don't want to see another thing like SELinux or PulseAudio where it becomes "common knowledge" that you should just disable or remove something. > So, that leaves us with the question of how to configure it for > Fedora. A data point here is that the Fedora polkit package adds two > Unix groups "desktop_user_r" and "desktop_admin_r". However, it's > unclear to me whether the expectation is that official Fedora > consumables (i.e. desktop installer) would customize PolicyKit using > these. Where are those documented? I guess that's something new for F12, so maybe there's something there. However, I just searched the Fedora wiki and got no hits (if this is Fedora-specific, shouldn't it be there?). > > The bigger issue is that much of the policy is not well documented, > > except in the XML files (which are pretty terse). > > The individual actions aren't documented well enough? Or the 1,000 > meter view of all of the installed actions on a default desktop? I guess some of both. At a quick glance, I see over 100 actions on my F11 desktop (in over 1400 lines of XML, not counting langauges); how am I supposed to be knowledgeable enough to know which of those I may want (or need) to change for certain situations? Don't get me wrong; I do like having more fine-grained access control. What would be nice would be a guide of how all this fits together and when to change what (not just documentation of individual options or syntax), but I do also understand that developers don't always like writing documentation (hey, who does, other than tech writers!). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
