On Sat, Oct 21, 2017 at 10:55:04AM -0700, Jasper St. Pierre wrote: > The last time this came up (when I tried to replace mozjs with Duktape), it > was pointed out that libvirt uses JS rules [0], and there's some evidence > that administrators are doing it as well. [1] > > [0] https://libvirt.org/aclpolkit.html > [1] https://github.com/systemd/systemd/pull/1159
We had this discussion on this list back years ago, and there's this weird thing from the documentation (man page): Authorization rules are intended for two specific audiences · System Administrators · Special-purpose Operating Systems / Environments and those audiences only. In particular, applications, mechanisms and general-purpose operating systems must never include any authorization rules. ... so arguably, anything we're shipping in Fedora or Debian which includes Javascript rules is Doing It Wrong. -- Matthew Miller mat...@mattdm.org <http://mattdm.org/> Fedora Project Leader mat...@fedoraproject.org <http://fedoraproject.org/> _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel