On Mon, 2009-03-16 at 15:25 -0600, Michal Jaegermann wrote: > > The security model for DeviceKit is 'use PolicyKit'. DeviceKit uses the > > policies set by PolicyKit to regulate access to storage devices. If you > > want a restrictive policy on such access, set it up in PolicyKit. > > After his standard initial response "this is not a bug", or > equivalent, David Zeuthen got convinced to look at > https://bugzilla.redhat.com/show_bug.cgi?id=489397 > and apparently a fix should be simple in this case. > > The general issue is that while on one hand things are getting > tightened up with SELinux policies, from time to time beyond a point > of usability, at the same moment big holes are opened due to a > byzantine maze of dependencies between PolicyKit and DeviceKit and > Nautilus and generally desktop things. While so far it appears that > it is possible to hack around issues one has to catch up first that > there is a problem and this should not be required by default. By > all means looser restrictions should be available if desired but as > a configured choice and not surprises. FWIW I pretty much agree with you, I rather think the issue of PolicyKit defaults and capabilities wrt to security has not been closely enough examined. I just wanted to make sure the thread contained the information that DeviceKit's behaviour can be configured and controlled via PolicyKit. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
