After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 561443 - Policykit integration
Policykit integration
Status: RESOLVED DUPLICATE of bug 490200
Product: gvfs
Classification: Core
Component: general
git master
Other All
: Normal enhancement
: ---
Assigned To: gvfs-maint
gvfs-maint
Depends on:
Blocks: 126051 490200
 
 
Reported: 2008-11-18 22:41 UTC by Fabien Chaillou
Modified: 2015-11-21 11:34 UTC
See Also:
GNOME target: ---
GNOME version: Unversioned Enhancement



Description Fabien Chaillou 2008-11-18 22:41:23 UTC
Hello,

as i said on the nautilus bug about policykit i'm willing to go on the work. I'm starting this with a friend but i have to admit that is a task needing to know the code in-depth.

I think i get pretty much the idea behind both gio/gvfs and policykit but i'm unsure about how to implement it.

I'm thinking about two solutions :
1) Creating a gio extension that handles that
2) Proxying GFile for operations needing authorization.

If there is some leads i'm really willing to try to tackle this one !
Thanx for any help!
Comment 1 Wouter Bolsterlee (uws) 2008-11-21 15:41:46 UTC
> as i said on the nautilus bug about policykit i'm willing to go on the work.
> I'm starting this with a friend but i have to admit that is a task needing to
> know the code in-depth.

Can you state the bug number?
Comment 2 Wouter Bolsterlee (uws) 2008-11-21 15:43:02 UTC
Nevermind, I didn't pay attention. It's bug 490200.
Comment 3 Jean-Philippe Green 2010-03-20 16:55:16 UTC
Is there any progress here? I would love to see this implemented, and I would like to have the knowledge to help, but I don't.
Comment 4 jessevdk@gmail.com 2010-05-13 15:01:48 UTC
I'm also interested in this, and willing to do some work, but similar from the other comments I've read on this topic, I need some more concrete plans on how this can be implemented. Is there anyone (I would guess Alex :)) who can provide some more information on how this could be implemented?
Comment 5 Jean-Philippe Green 2012-05-27 20:42:00 UTC
I talked about this with my friend, and he asked me if it's possible to implement PolicyKit on a lower level, such as FUSE. Do you think that would be possible? If it is, it would be much more environment agnostic than implementing it in gvfs.

Anyways, I study Computer Science at Chalmers University of Technology in Gothenburg, Sweden, and I plan to do a project about this next year (if it gets approved) starting in January. I will then look more into the problem and how linux security and file system works and hopefully it will be done. I know one year is a long time for some people, but compared to how long you've waited until now I guess this is nothing.
Comment 6 Tomas Bzatek 2012-05-28 14:23:58 UTC
(In reply to comment #5)
> I talked about this with my friend, and he asked me if it's possible to
> implement PolicyKit on a lower level, such as FUSE. Do you think that would be
> possible? If it is, it would be much more environment agnostic than
> implementing it in gvfs.

Sure it is, but it's a completely different system as GIO/GVfs. We only use fuse service to expose GVfs mounts for POSIX world with no intentions of extensive use. Practically all Gnome apps are using GIO directly and fuse is not used.
Comment 7 Jean-Philippe Green 2013-02-01 16:02:39 UTC
The project got accepted and I'm now doing this with three other students. Hopefully we'll have a patch within 4 months (hopefully less). So far we've read some about Linux security, setuid, polkit and gio, and we will soon begin to do a simple program that handles this and then proxy the gfile operations to it.
Comment 8 Tomas Bzatek 2013-02-01 16:40:59 UTC
(In reply to comment #7)
> The project got accepted and I'm now doing this with three other students.
> Hopefully we'll have a patch within 4 months (hopefully less). So far we've
> read some about Linux security, setuid, polkit and gio, and we will soon begin
> to do a simple program that handles this and then proxy the gfile operations to
> it.

Okay, please post more information here as soon you have anything to publish. A design proposal or a block diagram would be nice to have so that we can tweak it to fit in gvfs before you start to implement it.

Have a look at localtest, it's basically a local proxy backend written for error injection and testing, not much used nowadays. Also worth studying is the daemon protocol between master gvfs daemon and backends, most of it flows through peer-to-peer d-bus connection over abstract sockets (differs from platform however!) so if you manage to tunnel it through to a process (backend) with different UID, most of the work would be done.
Comment 9 Cosimo Cecchi 2015-11-21 05:59:08 UTC
This is tracked in bug 490200, which also has a working patchset. Closing as a duplicate.

*** This bug has been marked as a duplicate of bug 490200 ***
Comment 10 Moo 2015-11-21 11:34:01 UTC
ttp://www.webupd8.org/2015/03/how-to-run-gedit-and-nautilus-as-root.html