On 05/06/15 12:13, John Johansen wrote: > On 05/29/2015 09:29 AM, Simon McVittie wrote: >> Here's a sketch of how [polkit mediation] could look, for instance: >> >> audit polkit action=org.freedesktop.udisks2.filesystem-mount, >> audit deny polkit \ >> action=org.freedesktop.udisks2.filesystem-mount-system, >> >> or if the syntax in policy files was entirely generic, perhaps something >> more like: >> >> userspace class=polkit \ >> action=org.freedesktop.udisks2.filesystem-mount, >> audit deny userspace class=polkit \ >> action=org.freedesktop.udisks2.filesystem-mount-system, >> >> Does this sound like a reasonable generalization? >> > generally speaking, yes :) > > I can't say when polkit will get patched but I expect it will happen sooner > than later.
If this becomes something that is concretely required, please talk to the polkit mailing list - the polkit developers ought to have an opportunity to review this. I've subscribed to that list to be able to give D-Bus advice. My colleague Philip Withnall and I are not (currently) polkit maintainers, but we would potentially be interested in reviewing and/or helping with implementation for this feature. -- Simon McVittie Collabora Ltd. <http://www.collabora.com/> -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
