On 05.05.2014 13:58, Hans de Goede wrote: > Hi, > > On 05/05/2014 11:47 AM, Stef Walter wrote: >> Many of the polkit policy files services ship in Fedora have lines that >> look like this: >> >> <defaults> >> <allow_any>no</allow_any> >> <allow_inactive>no</allow_inactive> >> <allow_active>auth_admin_keep</allow_active> >> </defaults> >> >> The <allow_any>no</allow_any> prevents use of the service from remote >> sessions such as ssh or Cockpit. >> >> The poorly named <allow_any> tag controls the default policy for users >> logged in from any non-monitor+keyboard session. That is, sessions that >> don't come from a 'seat'. >> >> So unless your service is changing seat specific hardware, you probably >> want an <allow_any> tag that is similar or identical to <allow_active>. > > Erm, IMHO it should be the same as <allow_inactive>, if something is > not allowed to be done from an inactive state (ie from a switched away session > with fast user switching) it certainly should also not be allowed to be > done over ssh. Technically you are correct. The best kind of correct. In reality it depends on the service. Some services may want to prevent use when inactive (ie: locked screen) simply for UI reasons, not security. But more importantly <allow_inactive> has been copy-pasta'd all over the place. For the services I've filed bugs for nobody has really thought about whether it's correct. So yes, if your service makes a distinction about <allow_inactive> for a good reason, then set <allow_any> to the same thing. Stef -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
