On 07/21/2014 07:57 PM, Russell Doty wrote:
On Thu, 2014-07-17 at 10:38 +0200, Jan Safranek wrote:
Hello,
I've been working on reusing polkit authorization for OpenLMI providers, which use a DBus service (e.g. NetworkManager, PackageKit, realmd, systemd, ...).
Jan, can customers modify or create access policies or is this hardcoded into the Providers?
People can freely modify the policy, it's just bunch of files in /etc/polkit-1. By default, the policy is empty and the default one applies, in Fedora it means that members of 'wheel' group are de-facto sysadmins and can do anything.
Just FYI, the policy files in /etc are javascript, which brings great flexibility (jsafrane can set locale only on Monday and only when it's not raining), on the other hand, there is no way, how to edit these files from API (you would need to parse full javascript semantics).
Jan