On Mon, Mar 16, 2009 at 12:19:53PM -0700, Adam Williamson wrote: > On Sat, 2009-03-14 at 14:39 -0600, Michal Jaegermann wrote: > > On Fri, Mar 13, 2009 at 05:50:58PM -0400, James Laska wrote: > > > > > > = DeviceKit = > > > > > > Ever notice how the graphical disk management functionality present > > > during a Fedora installation is not available after you've installed > > > your system? > > > > > > <Enter DeviceKit on stage left> > > > > AFAICS this is the next big security disaster in the making. > > The security model for DeviceKit is 'use PolicyKit'. DeviceKit uses the > policies set by PolicyKit to regulate access to storage devices. If you > want a restrictive policy on such access, set it up in PolicyKit. After his standard initial response "this is not a bug", or equivalent, David Zeuthen got convinced to look at https://bugzilla.redhat.com/show_bug.cgi?id=489397 and apparently a fix should be simple in this case. The general issue is that while on one hand things are getting tightened up with SELinux policies, from time to time beyond a point of usability, at the same moment big holes are opened due to a byzantine maze of dependencies between PolicyKit and DeviceKit and Nautilus and generally desktop things. While so far it appears that it is possible to hack around issues one has to catch up first that there is a problem and this should not be required by default. By all means looser restrictions should be available if desired but as a configured choice and not surprises. Michal -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
