YaST/Research/YaST PolicyKit integration

From openSUSE

Description

YaST right now assumes you are root.

• Define a framework to leverage something like policykit to allow YaST to perform tasks without being root, based on system policy definitions.

Relevance to YaST/openSUSE

If YaST support policykit then user can modify some settings without root permission.

Goal

Short-term goal is provide basic structures and methods for YaST how recognize and authorize user to provide action (this also include dialog for grant permission due to missing qt implementation, gnome have it as policiKit-gnome). This need support in UI (show dialogs can user use) and in agents (modify only if authorized).
Also own authorization agent could be usefull (gtk allready have it, but qt no (???))
Long-term goal use polkit in each module and also add it to skeleton module.

Scope

Describe what is *NOT* part of the project. Use cases and scenarios that remain excluded.

Related technologies

• May be easier if Dbus service is available.

Typical use case

• User doesn't have root permission and want configure his plugged printer, projector or mouse.
• User doesn't want run whole ui as root.
• User cannot change hardware settings, but can install or uninstall software.

Required knowledge and skill level

C++, D-BUS, YaST2, ycp useful

Willing mentors: kkaempf at suse.de

Dev. environment/equipment

nothing special

Participants

• jreidinger

• lslezak

• jsuchome

Division of work and schedule

Describe how work should be divided among participants and a rough schedule for the week.

Current Status

The current status of the project.

• how far the project is
  • we have few possible ways how to implement policykit. First is check in SCR agents, second is immediately after receive dbus call and third is via policykit dbus proxy.
    • policykit dbus proxy is ready to use except for authentification.
    • policykit has been integrated into SCR, each SCR call needs to have defined a policykit rule
• list of open issues
  • authentication doesn't work, seem like some problem with policykit from dbus service. Current status is that you authenticate and it still return authentication needed.
  • throwing exceptions thought dbus is quite dirty, because it is not supported good
  • Yast needs to be divided into two parts, currently whole yast is running as a DBus service although it exports SCR API only. The same problem is with the client part, there is a local SCR component which should not be used (it should use SCR via DBus).
• link to the implementation description
  • PolicyKit Proxy
• SVN repository with the current experimental code

References

• PolicyKit documentation
• Implementation in PulseAudio
• Ubuntu policykit integration