On Wednesday, November 14, 2012 08:07:25 AM tim.lauridsen@xxxxxxxxx wrote: > On Wed, Nov 14, 2012 at 6:53 AM, Ian Pilcher <arequipeno@xxxxxxxxx> wrote: > > On 11/13/2012 09:50 PM, Matthias Clasen wrote: > > > Yes, this was a misunderstanding. What is still supported is the .policy > > > > files containing the default policy. And that is very good, since such > > policy files are installed by pretty much every package that uses polkit, > > while .pkla files were only used by very few packages. > > > > > > Wait. So the .pkla file I wrote to allow my run virt-manager as my > > normal user is going to stop working, and I'm going to have to write the > > replacement in JavaScript? > > > > Let's just say I'm struggling to find the words ... > > In F18 yes. > > http://davidz25.blogspot.dk/2012/06/authorization-rules-in-polkit.html This blog misses the most important property about security settings...they have to be auditable through automation. If you have 10,000 systems and need to know your security posture, you have to be able to check them through automation. If the javascript had a file over in /etc that it read configuration things from, then we are OK. But if we have to go check the code itself, there is a problem. -Steve > http://www.freedesktop.org/software/polkit/docs/master/polkit.8.html > > Tim -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
