On Thu, 2020-06-04 at 11:32 -0700, Samuel Sieb wrote: > On 6/4/20 9:52 AM, Michael Catanzaro wrote: > > > > I don't think we actually have the technical capability to ship it > > in > > live media without also installing it by default on the installed > > system. > > > > It currently has to run as root, which is not acceptable, so would > > require some work to split out privileged operations into a > > separate > > backend process and use polkit for authentication. I think it would > > make > > more sense to focus on improving Disks to do what you need rather > > than > > rewriting GParted. > > As far as I can tell, it's already using polkit. It asks for > authentication before running. On the live image, the user doesn't > have > a password, so you might not see the dialog. (There was a bug with > that > previously.) Well, it does actually use polkit, but it doesn't do the important thing - it just uses polkit to authorize running *the entire app* as root. The /usr/bin/gparted wrapper is more or less functionally equivalent to just doing 'sudo gpartedbin'. The way this is 'supposed to be done' is that the app would run as a regular user, and use polkit to authorize only running the *specific operations* that require root privileges as root. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
