Lennart Poettering
Lennart Poettering
So during one of our last calls I proposed some similar, i.e. pushing the decision on the effect of inhibitors into polkit, and making that choice at inhibitor install time....
I mean, something i'd like people to remind of: inhibitors are used for a bunch of things. something as benign as "let's not auto-suspend while we play a video" to...
looks generally ok, but like @bluca, @YHNdnzj, @yuwata i am also not a fan of the altered override order for /run/ here, and would prefer a different solution, see my...
lgtm, just some minor comments
> I think we should avoid adding support for authenticating based on pid+start time+uid wel, the way i see it, as long as pk still supports it and hasn't deprecated...
The starttime thing is a red herring. Here we authenticate by UID, and that's always safe (and frankly the only thing PK should ever have done...). It's a triplet of...
Also, if you really think that there was a security issue, then please get polkit to deprecate auth by uid, it's not really on us to make use of that....
I think auth-by-proc is pretty useless to me, and is probably the part that should be deprecated if you ask me. auth-by-uid otoh is the part that we should definitely...
But that's entirely fine. If some code runs under UID x then it can insert itself into any other process of UID x anyway, hence it's *enough* to identify the...
> It's not fine at all. The point of this call is to uniquely identify a 'subject' (in polkit terms), and doing it this way is not sufficient, so it's...