On Wednesday, November 14, 2012 08:07:25 AM tim.laurid...@gmail.com wrote:
> On Wed, Nov 14, 2012 at 6:53 AM, Ian Pilcher <arequip...@gmail.com> wrote:
> > On 11/13/2012 09:50 PM, Matthias Clasen wrote:
> > > Yes, this was a misunderstanding. What is still supported is the .policy
> > 
> > files containing the default policy. And that is very good, since such
> > policy files are installed by pretty much every package that uses polkit,
> > while .pkla files were only used by very few packages.
> > 
> > 
> > Wait.  So the .pkla file I wrote to allow my run virt-manager as my
> > normal user is going to stop working, and I'm going to have to write the
> > replacement in JavaScript?
> > 
> > Let's just say I'm struggling to find the words ...
> 
> In F18 yes.
> 
> http://davidz25.blogspot.dk/2012/06/authorization-rules-in-polkit.html

This blog misses the most important property about security settings...they 
have to be auditable through automation. If you have 10,000 systems and need 
to know your security posture, you have to be able to check them through 
automation.

If the javascript had a file over in /etc that it read configuration things 
from, then we are OK. But if we have to go check the code itself, there is a 
problem.

-Steve

> http://www.freedesktop.org/software/polkit/docs/master/polkit.8.html
> 
> Tim
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to