PolicyKit as a blessed dep (Was Re: End of new modules proposal period for GNOME 2.22)



Hi,

On Mon, 2007-10-29 at 17:45 +0100, Vincent Untz wrote:
> All the details about proposing new modules for 2.22 are available at:
>     http://mail.gnome.org/archives/devel-announce-list/2007-September/msg00008.html

I'd like to proposed PolicyKit and PolicyKit-gnome as blessed
dependencies for GNOME 2.22. For GNOME 2.24 I'm probably going to
proposed PolicyKit-gnome for the Desktop release (hoping to have
PolicyKit 1.0 out by then) and in the future it might make sense to have
it in the Platform too. But first things first!

(Not sure it's necessary for blessed deps; however, the answers to the
questions in http://live.gnome.org/ReleasePlanning/ModuleProposing are
in [1]).

So what is all this about?

PolicyKit
---------

There's a ton of documentation and API docs here

 http://hal.freedesktop.org/docs/PolicyKit/

but let me briefly describe what it is. In a nutshell, PolicyKit aims to
provide an API for querying and managing "authorizations" and answer the
question "Is $PROGRAM allowed to do $ACTION on $OBJECT". Let me dwell on
that for a bit. The answer may be one of: "Yes", "No", "the user needs
to prove his identity" or "the user needs to prove he's an
administrator". This is useful in at least two scenarios

 - Enterprise/Kiosk: typically enterprises and kiosk setups like to lock
   down their systems because they don't trust their users

 - Trusted path: it's useful to check that the request to install
   some new software, wipe the hard-drive or make a 1-800 call
   to a foreign country really originates from the user. As such we ask
   him to prove his identity by making him authenticate.

PolicyKit provides an API for modeling this. The idea is that privileged
software such as HAL or NetworkManager uses libpolkit as a "decider"
component.

The main driver behind PolicyKit is that it's desirable to have a very
fine-grained permission system. This is in stark contrast to the current
state of the art where you either know the root password (or sudo
equivalent) or you don't. 

The other driver was to provide the decision-making component with a lot
of data to make the decision. E.g. for local users on the console in
active sessions we say "YES"; for inactive sessions we can say "NO" and
so on. As a matter of fact, the main driver for William Jon McCann's
ConsoleKit work originated from this need

 http://gitweb.freedesktop.org/?p=ConsoleKit.git;a=summary

Notably, PolicyKit supports pluggable back-ends. The default back-end
supports all these capabilities (obtain authorizations through
authentication) but it's designed in a way so you can plug in other
back-ends; for example SUN's Role Base Acccess Control in Solaris comes
to mind (and I'm talking to these guys about writing a back-end).

(Personally I think we need this kind of thing in GNOME; having an
Authorization API is someone you can find in other platforms such as Mac
OS X.)

PolicyKit-gnome
---------------

There's a ton of docs here

 http://hal.freedesktop.org/docs/PolicyKit-gnome/

Basically, PolicyKit-gnome provides three things

 - An Authentication Agent that can prompt the user for his
   credentials; see

    http://hal.freedesktop.org/docs/PolicyKit-gnome/ref-auth-daemon.html

  and scroll down a bit

 - A set of classes to make it very easy to use PolicyKit
   from GTK+ applications:

   http://hal.freedesktop.org/docs/PolicyKit-gnome/PolKitGnomeAction.html
   http://hal.freedesktop.org/docs/PolicyKit-gnome/PolKitGnomeToggleAction.html

   (scroll down for example code and screenshots)

 - Work has begun on an the UI for managing authorizations

   http://people.freedesktop.org/~david/polkit-gnome-authorizations.png

   but this is stil pretty early; I'm going to work on that (need input
   from UI ninja's like Bryan Clark) and hope it will be nice for 2.22

Adoption
--------

The following GNOME or GNOME-ish apps use PolicyKit 

 - gnome-mount
   http://people.freedesktop.org/~david/pk-gnome-mount.png
   http://people.freedesktop.org/~david/pk-gnome-unmount.png

 - PackageKit
   http://hughsient.livejournal.com/39378.html

 - intlclock
   http://people.freedesktop.org/~david/intlclock-applet.png

 - gnome-system-monitor; I just submitted a preliminary patch here
   http://bugzilla.gnome.org/show_bug.cgi?id=491462
   http://people.freedesktop.org/~david/gnome-system-monitor-polkit-1.png
   http://people.freedesktop.org/~david/gnome-system-monitor-polkit-2.png

In Fedora we're planning to make use of PolicyKit mostly everywhere on
the desktop; effectively replacing the console-helper program (which is
similar to gksu). I'm talking to Dan Williams about adding support to
NetworkManager. Also, there's some patches by Dan Berrange of Red Hat
for virt-manager and libvirt to use this too.

At least Fedora, SUSE, Mandriva and Gentoo (I think) already ship
PolicyKit 0.6. I talked to Sjoerd Simons of Debian utopia fame and few
weeks ago and he said they're in the process of getting it packaged for
Debian.

The next release of PolicyKit and PolicyKit-gnome will be the 0.7
release hopefully this week. I had hoped to get this done by the
deadline for new modules proposals.. but for some reason I had the dates
mixed up. Sorry about that.

So is it OK to add PolicyKit and PolicyKit-gnome as an optionally
blessed dependency for 2.22? Any questions/concerns/comments?

Thanks,
David


[1] : From http://live.gnome.org/ReleasePlanning/ModuleProposing

PolicyKit
---------
Purpose: See above
Target: blessed dep (it's an fd.o project and will stay that way)
Dependencies: XML parser (libexpat works), glib2 (for now), D-Bus
              Optionally PAM
Resource usage: Hosted on fd.o infrastructure
Adoption: See above
Docs: 100% API coverage (gtk-doc); 100% man pages; extensive design docs
GNOME-ness / community: See above

PolicyKit-gnome
---------------
Purpose: See above
Target: Blessed dep for now
Deps: PolicyKit, GTK+, D-Bus, 
Resource usage: right now on fd.o; wants to move to GNOME SVN
Adoption: See above
Docs: 100% API coverage; planning to write a Yelp document
GNOME-ness / community: See above





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]