Commit b555fb75 authored by David Zeuthen's avatar David Zeuthen
Browse files

update TODO

parent 5fe40c14
- Add support for overriding defaults. Will require
org.freedesktop.policykit.grant
- On every polkit_context_is_[caller|session]_authorized we load - On every polkit_context_is_[caller|session]_authorized we load
all .policy XML files. This is bad. Dave Jones will kill us. all .policy XML files. This is bad. Dave Jones will kill us.
We should We should
...@@ -33,37 +30,18 @@ ...@@ -33,37 +30,18 @@
external API). This is mainly to be able to handle OOM for external API). This is mainly to be able to handle OOM for
mechanisms that will need this (such as dbus-daemon) mechanisms that will need this (such as dbus-daemon)
- add support for additional <match> attributes - Kill the config file
in /etc/PolicyKit/PolicyKit.conf
- <match timeofday="0900-1700">
Matches 9am through 5pm local time
- <match weekday="Mon-Fri">
Matches only on Monday->Friday both inclusive
- <match selinux_context="regexp">
Match on caller's SELinux context
- <match caller_exe="regexp">
Matches the path of the executable the caller stems from
- <match group="regexp">
Match on group
- <match session_active="true|false">
Only if the caller is in an active session (or not)
- <match seat_local="true|false"> - Add support for granting authorizations to a) UNIX Groups; and
Only if the caller is on a local seat (or not) b) SELinux security contexts
... And of course the we need the ULTIMATE copout - Add API and support in polkit-auth/polkit-action for maintaining
a list of entities for whom implicit authorizations do not apply.
(Typical example is that in a desktop OS one wants a UNIX group
for "Restricted Users". Another example is a guest account.)
- <match run_program=""> - Add API and support in polkit-auth/polkit-action to define what
Run a program to make the decision; details are exported in the administrator auth means.
environment. Program cannot assume to run as root or in a specific
security context; it will need to use a helper a'la
pam_unix_password.so
- Reconsider adding k/v dictionaries to Actions; e.g. the Mechanism for - Reconsider adding k/v dictionaries to Actions; e.g. the Mechanism for
dial-up networking can attach the key/value pair dial-up networking can attach the key/value pair
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment