Jeff Garzik wrote: > Even Microsoft Windows asks for elevated privileges for this sort of > thing! What I'd like to have is a comprehensive set of options that need to be locked down in PolicyKit to get a secure system. It looks like there are tons of potentially nasty options enabled by default, with little information over what they do. What does org.freedesktop.devicekit.disks.filesystem-mount do? Does this mean a console user can mount any file system, even non- removable media? Does org.fedoraproject.abrt.install-debuginfos mean that any console user can fill up the root partition with debuginfo rpms? Does org.freedesktop.RealtimeKit1.acquire-high-priority mean that any console user can stop the rest of the system working by opening up lots of realtime processes? Who knows what org.freedesktop.devicekit.disks.change, “Modify a device” does. Sounds nasty. Can the user detach a system disk? org.freedesktop.devicekit.disks.drive- detach or start a fsck? org.freedesktop.devicekit.disks.filesystem-check I don't mind users being able to handle removable media, but I don't want them messing around as sysadmin on system disks, changing timezones, etc... Where is all this explained? Jeremy -- http://jeremysanders.net/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
