Re: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris

From: Brian Cameron <Brian Cameron Sun COM>
To: Matthias Clasen <matthias clasen gmail com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
Date: Sat, 26 Jan 2008 11:04:00 -0600


Matthias:

Brian, can you find out whats up with RBAC support for PoiicyKit, before
we go around and polluting every PolicyKit-using project with RBAC ifdefs ?


The changes in my patch are not that extensive since GDM's usage of
PolicyKit is very light.  Nor are there plans to pollute "every
PolicyKit-using project" with RBAC ifdefs.  There are few programs that
depend on PolicyKit which Sun has an interest in distributing.  So I
do not think you need to be concerned about the pollution getting out
of control.

I know that David has been working with some of your collegues at Sun
to add RBAC support to PolicyKit some time ago.


That is true.  I am working with Jim Li and Strony Zhang who are the two
engineers at Sun working on this project with David Zeuthen.  I have been
involved with the discussions.

However, the Sun PolicyKit effort is very experimental.  We are still
relatively early in the stages of porting it to Solaris and the RBAC
support is not far along.  Mapping all PolicyKit privileges to appropriate
RBAC keys alone is a big job.  Once we get it working, I anticipate getting
PolicyKit through Sun security audit and ARC review will be further time
consuming since the Sun Security team has concerns about introducing yet
another set of access-control mechanisms into Solaris.

Further, Sun ships no GNOME components with a hard dependency on PolicyKit
at the moment.  The one exception is gnome-system-tools, but the plan is
to phase out gnome-system-tools and replace system configuration with a
Java project called VisualPanels.  This will happen in a few Nevada builds.
For the time being we are shipping older versions of g-s-t that do not
depend on PolicyKit.  So, as long as there are no programs that Sun wants
to ship that depend on PolicyKit, there probably won't be a strong motivation
to include it.

So why are we working on PolicyKit?  Our main reasons for working on it
include:

1) To prepare ourselves so it is ready for integration if and when there
   is anything Sun wants to ship that depends on it.  This would likely
   be GNOME 2.26 at the earliest.
2) So that people in the OpenSolaris community can get involved with
   the PolicyKit project, help fix bugs, and build/use various programs
   that depend on it (that we don't ship with Solaris).  We hope to have
   very preliminary spec-files available for experimental testing soon.

In short, PolicyKit integration into Solaris is a long way off.  GDM's
dependency on PolicyKit is very light.  For now, I would appreciate
if we could live with a little "RBAC pollution" in GDM because it will make
it much easier for me to support the GDM rewrite effort.

Brian

Follow-Ups:
- Re: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
  - From: Matthias Clasen

References:
- [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
  - From: Brian Cameron
- Re: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
  - From: Brian Cameron
- Re: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
  - From: Matthias Clasen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]