Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?

From: Lance Wang <lance w19 gmail com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
Date: Thu, 10 Sep 2009 14:13:11 +0800

Hi Dan

On Fri, Sep 4, 2009 at 1:29 AM, Dan Williams <dcbw redhat com> wrote:
> On Tue, 2009-09-01 at 15:12 +0800, Bin Li wrote:



>>   There's only org.freedesktop.network-manager-settings.system.modify,
>> introduce something like
>> org.freedesktop.network-manager-settings.user.modify so NM can
>> determine whether it should accept user settings.
>>
>>   Also we could separate the action in more grained, such as
>> org.freedesktop.network-manager-settings.system.modify
>> org.freedesktop.network-manager-settings.system.add
>> org.freedesktop.network-manager-settings.system.delete
>
> I thought about that, but can't see a use-case.  If you can *add*
> connections, then that's the same thing as modifying them.  It makes no
> sense to deny modify, but allow add, since the user could just add the
> connection they wanted instead of modifying an existing one.  Delete by
> itself also doesn't make a lot of sense.  I view the three permissions
> as a unit because in reality, I can't think of cases where you'd
> actually need to split them up.
>

But maybe we could separate the action according the type of the
connection. For example, they may be like these

org.freedesktop.network-manager-settings.system.wired.modify
org.freedesktop.network-manager-settings.system.wireless.modify
org.freedesktop.network-manager-settings.system.mobile.modify
org.freedesktop.network-manager-settings.system.vpn.modify
org.freedesktop.network-manager-settings.system.dsl.modify

.

>> and the same for .user .
>>
>>
>> And you may even want to specifically allow or disallow adding for
>> specific network types like wired, wireless, VPN, etc.
>
> Definitely.  There are now permissions in the system settings service
> that the UI can check for, and this sort of thing would be used to allow
> the UI to intelligently enable/disable elements.

So what is the permissions do you mean in the system settings service?
I am afraid that It is possible that go round them through dbus
directly instead of UI.
Because that you can send anything to the interface
org.freedesktop.NetworkManagerSettings.System
if you get authorised.





-- 
:
Lance Wang

U+738B U+4F36 U+5353

Follow-Ups:
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Dan Williams

References:
- Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Bin Li
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]