Mike Hearn wrote:
That's probably a good idea. I don't think anybody has enough experience
with MAC on desktops to be worrying about SELinux integration just yet
(despite what i've said in the past ;)
I believe that adding a
RootRequired=yes|no|optional
to the Desktop Entry Specs would do the job ? (Then, I should make the
items with a "RootRequired=yes" field to be hidden for non-sudoers).
Well, I used to live under MAC in two previous lives,
and it's way easier to understand than ACLs (;-))
To avoid reinventing this wheel later, how about
AccessRequired = root|specific-capability[,specific-capability]
where "root" and the specific capabilities make up a controlled
vocabulary, so lookup is trivial on systems with capabilities
and very trivial if you just want to check for root.
The solution to the general sudo problem (which is arbitrarily
hard!) can be simulated by
1) putting the sudo prefix in the command in the desktop file
2) creating and registering a specific-capability that represents
the permissions gained by sudo-ing, in library which
implements querying for capabilities, and
3) putting AccessRequired = specific-capability in the file.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
[EMAIL PROTECTED] | -- Mark Twain
(416) 263-5733 (x65733) |
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
