Hello, I was wondering if it is possible to have a configuration set so that both /usr/share/polkit-1/actions/xx.policy and /usr/local/share/polkit-1/actions/xx.policy files can get recognized? I am going to try to explain the use case of /usr/local/share/xxxxx/'s policies. However, I am not very familiar with policy kit, so if I made mistakes in the email, feel free to correct me.
I have been working on atomic system containers[1], a way to run container in production using read only images. One of its main ideas is to let the host run the containerized services. Recently, I tried to make firewalld as a system container[2]. Firewalld interacts with dbus-daemon and policy kit. To make firewalld containerized, we need to find a way to interact with host via dbus-daemon and policy kit rules. Then, we decided to copy the policy kit related files from the container onto the host so they can be visible. However, the OS that I am currently working with has a read only /usr and therefore do not support any files copying into /usr/share. The only exception is for /usr/local related files. Thus, I tried to copy policy files into /usr/local/share/, but that sometimes will make polkit not recognize the firewalld action. (e.g: Error: Action org.fedoraproject.FirewallD1.config is not registered) I hope my explanation makes sense. Are there any suggestions for a work around when policy files can not be copied to /usr/share/polkit-1/actions? [1]https://github.com/projectatomic/atomic-system-containers [2]https://github.com/projectatomic/atomic-system-containers/pull/150 Thank you for your time. _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel
