On Fri, 09.11.12 11:27, Matthew Miller (mattdm@xxxxxxxxxxxxxxxxx) wrote: > Apparently the new version of polkit brings in javascript. The js package is > 6.5MB. I think anything that uses polkit will depend on it -- can we remove > it from core? We can work towards that but it requires a bit of changes in systemd. A number of systemd services check with PK for authorization if an unprivileged user tries to execute a privileged operation. Since we never really tested this on systems that lack PK the fallback code that bypasses PK if it is not around didn't really get the testing it deserved. Just today I made a minor fix to systemd git to deal nicely with PK-less systems. So, I think it makes sense to make PK truly optional, but this needs a bit of love in some layers of our stack, not just systemd but others as well, I presume. If somebody wants to work on it, please do, and file bugs whenever you notice that you get a PK related error message where a fallback to classic Unix UID-based security doesn't work as it should. David actually documented explicitly that daemons should fall back to classic Unix-style uid-based authoization if PK is found not to be around. It's clearly systemd's fault that we so far didn't follow this fully. Of course, it should be clear that making PK optional if a desktop is installed is not desirable, but other than that I think for head-less systems such as servers or embedded making PK optional would be desirable goal and worthwile to spend a bit of work on. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
