On Sat, 2009-11-28 at 01:32 +0300, Vladislav Zavjalov wrote: > Is there a reason why pkexec is a suid root helper now, > not a client-mechanism pair (as proposed for such purposes > in the polkit manpage)?
Simply because there is not benefit of splitting this into a daemon/client - I mean, all that pkexec does is to exec a process after checking for authorization - it's really not a lot of code. > Do you plan to allow pkexec to work with X11 programs, Kinda-sorta - to be honest I'm still on the fence on this. On one side, modern distros shouldn't ship apps needing this - I even think Fedora's default install (except for the installer maybe) doesn't have any left. On the other side there's a bunch of programs that need this and asking people to log in as root (via e.g. fast-user-switching) isn't really a satisfying answer. So I don't really know. FWIW, this topic is discussed in this bug https://bugs.freedesktop.org/show_bug.cgi?id=23673 which references https://bugs.freedesktop.org/show_bug.cgi?id=17970#c26 that has a lot of discussion about this - specifically to make things appear to work you need to also allow the uid0-app to communicate with the session bus. Tough problem. > obtaining trusted X11 environment from the ConsoleKit > session? I'm not sure exactly what this means. Thanks, David _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
