On Wed, Feb 22, 2012 at 03:45:18PM +0100, Ladislav Slezak wrote: > Dne 22.2.2012 15:25, Lukas Ocilka napsal(a): > > ACLs > > ---- > > * Bind to path > > * Roles defined as in WebYast > > BTW, today I came across an interesting polkit feature: > org.freedesktop.policykit.imply annotation: > > "The org.freedesktop.policykit.imply annotation (its value is a string > containing a > space separated list of action identifiers) can be used to define meta > actions. The > way it works is that if a subject is authorized for an action with this > annotation, > then it is also authorized for any action specified by the annotation. A > typical use > of this annotation is when defining an UI shell with a single lock button > that should > unlock multiple actions from distinct mechanisms." > (See "man polkit") > > Using this annotations we could easily define high-level roles from low-level > actions and it would be transparent for polkit and work with all polkit tools > and > services (pkaction, pkcheck, DBus service, etc...) > > The drawback is that it could not be used in WebYaST on SLES (due to the old > PolicyKit), we would need a workaround there... :-(
Ah, interesting. Now, to continue the general discussion, some summary is in this file (to which I have added now): https://github.com/yast/yast--/blob/master/doc/comparing-policies.txt To compare with other designs, see the list of polkit actions on your system: run "pkaction". -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu
pgpgLXS7A4oyJ.pgp
Description: PGP signature
