Gary: >> Do you believe that a different kind of audit trail should be recorded >> by this project than if, for example, the sysadmin just types the uadmin >> command with the magic number arguments? > > This project makes new access control decisions (within hald).
Are you referring to the usage of libpolkit by hald and consumed by GPM? If the GPM project were to take libpolkit out of the picture, and instead just call chkauthattr directly in each program that needs to know if the user has authorization, then would this simplify the overall architecture of GPM and make this case less controversial? If there is some value in using libpolkit as a wrapper for checking RBAC authorizations, then perhaps this could be discussed in a follow-up ARC case where it might be easier to focus on the issues specific to using it. Brian
