GNOME Bugzilla – Bug 561443
Policykit integration
Last modified: 2015-11-21 11:34:01 UTC
Hello, as i said on the nautilus bug about policykit i'm willing to go on the work. I'm starting this with a friend but i have to admit that is a task needing to know the code in-depth. I think i get pretty much the idea behind both gio/gvfs and policykit but i'm unsure about how to implement it. I'm thinking about two solutions : 1) Creating a gio extension that handles that 2) Proxying GFile for operations needing authorization. If there is some leads i'm really willing to try to tackle this one ! Thanx for any help!
> as i said on the nautilus bug about policykit i'm willing to go on the work. > I'm starting this with a friend but i have to admit that is a task needing to > know the code in-depth. Can you state the bug number?
Nevermind, I didn't pay attention. It's bug 490200.
Is there any progress here? I would love to see this implemented, and I would like to have the knowledge to help, but I don't.
I'm also interested in this, and willing to do some work, but similar from the other comments I've read on this topic, I need some more concrete plans on how this can be implemented. Is there anyone (I would guess Alex :)) who can provide some more information on how this could be implemented?
I talked about this with my friend, and he asked me if it's possible to implement PolicyKit on a lower level, such as FUSE. Do you think that would be possible? If it is, it would be much more environment agnostic than implementing it in gvfs. Anyways, I study Computer Science at Chalmers University of Technology in Gothenburg, Sweden, and I plan to do a project about this next year (if it gets approved) starting in January. I will then look more into the problem and how linux security and file system works and hopefully it will be done. I know one year is a long time for some people, but compared to how long you've waited until now I guess this is nothing.
(In reply to comment #5) > I talked about this with my friend, and he asked me if it's possible to > implement PolicyKit on a lower level, such as FUSE. Do you think that would be > possible? If it is, it would be much more environment agnostic than > implementing it in gvfs. Sure it is, but it's a completely different system as GIO/GVfs. We only use fuse service to expose GVfs mounts for POSIX world with no intentions of extensive use. Practically all Gnome apps are using GIO directly and fuse is not used.
The project got accepted and I'm now doing this with three other students. Hopefully we'll have a patch within 4 months (hopefully less). So far we've read some about Linux security, setuid, polkit and gio, and we will soon begin to do a simple program that handles this and then proxy the gfile operations to it.
(In reply to comment #7) > The project got accepted and I'm now doing this with three other students. > Hopefully we'll have a patch within 4 months (hopefully less). So far we've > read some about Linux security, setuid, polkit and gio, and we will soon begin > to do a simple program that handles this and then proxy the gfile operations to > it. Okay, please post more information here as soon you have anything to publish. A design proposal or a block diagram would be nice to have so that we can tweak it to fit in gvfs before you start to implement it. Have a look at localtest, it's basically a local proxy backend written for error injection and testing, not much used nowadays. Also worth studying is the daemon protocol between master gvfs daemon and backends, most of it flows through peer-to-peer d-bus connection over abstract sockets (differs from platform however!) so if you manage to tunnel it through to a process (backend) with different UID, most of the work would be done.
This is tracked in bug 490200, which also has a working patchset. Closing as a duplicate. *** This bug has been marked as a duplicate of bug 490200 ***
ttp://www.webupd8.org/2015/03/how-to-run-gedit-and-nautilus-as-root.html