GitLab

Haven't moved the inotify stuff yet; not sure about what abstraction
we need...

Also,

 - Rename polkit-list-actions to polkit-action.
 - Add a bash completion script to the polkit commandline tools.

Authorizations are no longer world-readable. So for this to work with
hal you now need to do this as root

 # polkit-auth --user haldaemon --grant org.freedesktop.policykit.read

Distributions needs to do this in the %post scripts or similar.

Sorry for this huge monster patch.

Also document this symbol

This is necessary to make UI like this

 http://people.freedesktop.org/~david/Screenshot-Manage%20Authorizations.png

export some useful actions such as granting, revoking and displaying
authorizations.

Previously this API was internal, polkit/polkit-grant-database.[ch],
and linked into polkit-grant(1) and libpolkit-grant(3) through a
static library libpolkit-private.so.

Only polkit-grant have not been ported; libpolkit-grant(3) uses this
API natively now. Internally, right now, the new API just uses
polkit-grant-database.[ch] directly but that is about to change...

Now we have diagrams! With happy candy colors too!

Better late than never!

This class allows a mechanism to greatly reduce the syscall and IPC
overhead when checking whether a caller on the system bus message is
allowed to do a specific action. In a nutshell, this class caches
PolKitCaller objects and a) updates them when ConsoleKit emits
ActivityChanged signals; and b) evicts such objects from the cache
when the caller drops off the bus.

There's also an example, in examples/tracker-example/ that shows how
to use this. This example is referenced in the API docs too.

This change will futureproof libpolkit for extensions; e.g. if there's
an OS upgrade where

 a) the PolicyKit package is upgraded to a version where support for a
    new tag <allow_foo> is added; and

 b) another package, using PolicyKit, is upgraded dropping a .policy
    file using the new <allow_foo> tag; then

existing running processes using libpolkit will not fail. They will,
however, not honor the new tags until the daemon process itself is
restarted using e.g. condrestart.

We also log to the system logger whenever we encouter unknown tags.

This is useful in instances where the OS vendor wants to allow any
user, even remote users logging in via ssh etc., but recognize that
some sites may want to lock this down to a limited set of users.

Suggested by Daniel P. Berrange <berrange@redhat.com>:

<danpb>  my specific use case is that in libvirt we don't mind any user
         querying for VM status info by default
<danpb>  but some admins may wish to lock that ability down
<danpb>  so only designated users can query VM status
<davidz> right
<davidz> it makes sense
<davidz> without having giving it too much thought; adding another stanza to
         the .policy file might make sense
<davidz> <allow_non_session>yes</allow_non_session>
<davidz> danpb: would that work?
<danpb>  yeah, that'd do the trick
<davidz> cool
<davidz> I'll add it then

Patch from S.Çağlar Onur <caglar@pardus.org.tr>. Thanks.

Change to use chgrp instead of chown when only changing a group

Current installation uses a local rule which isn't guarenteed to be run
after the automake'd rule, as such it will not always setuid/setgid properly.
This patch switches that to a hook which is guarenteed to run afterwards.

Adds Gentoo as a valid OS type

Adds a little bit of more security..

Based on input from Ken VanDine

http://lists.freedesktop.org/archives/hal/2007-August/009402.html

Even though a caller may have an entry in the grant database (and as
such will see POLKIT_RESULT_YES), change the behavior such that this
is no longer honored unless the config file specifies the result
POLKIT_RESULT_ONLY_VIA_[SELF|ADMIN]_AUTH_{,KEEP_SESSION|KEEP_ALWAYS}.

E.g. this allows the sysadmin to specify things like POLKIT_RESULT_NO
in the config file and that will now make existing grants
useless. This behavior is a lot more natural.