On Sat, Oct 21, 2017 at 10:55:04AM -0700, Jasper St. Pierre wrote:
> The last time this came up (when I tried to replace mozjs with Duktape), it
> was pointed out that libvirt uses JS rules [0], and there's some evidence
> that administrators are doing it as well. [1]
>
> [0] https://libvirt.org/a
Hi Jasper
2017-10-21 21:06 GMT+02:00 Jasper St. Pierre :
>
> I notice that Debian actually patches this to add an additional rule to the
> JavaScript -- is Debian shipping JS-based rules or not?
We ship the JS based policykit-1 in experimental [1] but it was never
part of a stable release.
Some p
On 21/10/17 20:06, Jasper St. Pierre wrote:
> One more example for you, from gnome-initial-setup [0]. To give context
> on this scenario, gnome-initial-setup is acting as if it was the
> administrator in a restricted environment, guiding you through setting
> up your system, so it asserts authori
One more example for you, from gnome-initial-setup [0]. To give context on
this scenario, gnome-initial-setup is acting as if it was the administrator
in a restricted environment, guiding you through setting up your system, so
it asserts authorization over its own actions. A fairly flexible whiteli
Reply is down thar ->
On 21/10/17 19:39, Michael Biebl wrote:
> Hi!
>
>
> 2017-10-21 19:28 GMT+02:00 Matthew Miller :
>> On Sat, Oct 21, 2017 at 03:40:40AM +0100, Ikey Doherty wrote:
>>> I've opted to make it an **alternative** backend to ease migration,
>>> thus:
>>>
>>> --with-backend=js|keyf
Hi!
2017-10-21 19:28 GMT+02:00 Matthew Miller :
> On Sat, Oct 21, 2017 at 03:40:40AM +0100, Ikey Doherty wrote:
>> I've opted to make it an **alternative** backend to ease migration,
>> thus:
>>
>> --with-backend=js|keyfile
>
> Nice. I'm personally super in favor of it. Not speaking for Red Hat
So for libvirt *itself* its easy to do the rules [1] but if push
comes to shove I'm happy to help port the upstream projects if
they're reliant on dynamic rule generation.
As for the verbs part of the equation I do intend to have a part
of the format allowing this, something along the lines of:
E
The last time this came up (when I tried to replace mozjs with Duktape), it
was pointed out that libvirt uses JS rules [0], and there's some evidence
that administrators are doing it as well. [1]
[0] https://libvirt.org/aclpolkit.html
[1] https://github.com/systemd/systemd/pull/1159
On Sat, Oct 2
On Sat, Oct 21, 2017 at 03:40:40AM +0100, Ikey Doherty wrote:
> I've opted to make it an **alternative** backend to ease migration,
> thus:
>
> --with-backend=js|keyfile
Nice. I'm personally super in favor of it. Not speaking for Red Hat
officially, by any means. From a pure Fedora point of view
