On 03/11/16 09:15 PM, Alexander Pyhalov wrote:
Here's the new version :
https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
What is changed:
- now we use pfexec to run brasero and sound juicer;
- we don't care if user runs with EUID 0, it's his own difficulties;
so far this works with sudo, but fails (for brasero only) with
su/pfexec, when user have Primary Administrator profile (just don't
use Primary Administrator, it's insane));
- we restrict privileges to basic_privs,sys_devices.
What is changed from user perspective:
- brasero/sound juicer will work in default configurations when run
from menu;
- if you have Primary Administrator profile, brasero will not work
when run from menu.
Needs some more testing (so far didn't try to write CDs, just looked
at ppriv output).
This is _not sane_, "solution" nor acceptable to make Primary
Administrator an invalide because there are bugs somewhere elese, in Glib.
I would rather sopundjuicer/brasero NOT working as user if Primary
administrator can't do that task.
Primary Administrator can be used to test does some functionality works
and see exactly where bugs are and this bug is as said in Glib and Not
elsewhere, so untill it is fixed, it is better not to make things worse
untill then. PA should do _anything_ so not being able to do _anything_
is very huge bug by itself.
Not introducing bigger bug, please, to solve another one is very
appretiated.
Primary Administrator is not selected by default Atm and it is enough to
say that it is not to be used for everyday tasks, without attacking it's
existence.
Ideally, command should work as described as Desktop user (not every
user) should be able to write optical media and read from it for some
tasks (Even if making new RBAC role for it) and that is where roles come
to play, but without affecting the rest of the system sanity.
_______________________________________________
oi-dev mailing list
oi-dev@openindiana.org
http://openindiana.org/mailman/listinfo/oi-dev
