On Fri, Dec 15, 2017, at 5:19 PM, Ruixin Bao wrote: > Hello, > > I was wondering if it is possible to have a configuration set so that > both /usr/share/polkit-1/actions/xx.policy and /usr/local/share/ > polkit-1/actions/xx.policy > files can get recognized?
I'm not opposed to this...but I feel like trying to generalize this is going to be an uphill battle. What things use /usr/local vs things that only use /usr in the broader ecosystem is a mess. @gscrivano suggested adding /etc which makes sense to me. Bigger picture though for containers like these that are fully trusted (in the sense that a malicious container can easily gain CAP_SYS_ADMIN on the host), I think it's clearer if we install into /usr - and we can support that for rpm-ostree based systems just as well as traditional via something like the "generate RPM" path. _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel