Once upon a time, Richard Hughes <hughsient@xxxxxxxxx> said: > If you're not shipping custom PolicyKit rules then at the moment > normal users can, without authentication: > > * Grant high priority scheduling to a user process I have complained about this. > * Connection sharing via a protected WiFi network Only if the NetworkManager daemon is running, right? > * Suspend the system Again, on/off don't change system policy. > * Inhibit media detection > * Mount a device The user mounts are locked down (noexec), right? > * Restart the system Again, on/off don't change system policy. > * Get information about system services Information that has always been available, right? > * Install debuginfos using abrt Didn't know about this one; another thing that should be changed by default. > * Enroll new fingerprints That's along the lines of "change their password", which is reasonable (unless this is giving elevated access to those fingerprints). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
