Ubuntu

Integrate PolicyKit into Ubuntu

Registered by Martin Pitt on 2007-11-22

The Gnome world starts to heavily use PolicyKit in their latest versions, and we get more and more requests to support it.

For Hardy we want to gently introduce it and discuss the security, usability, and maintenance ramifications of it. We ship PK by default and use it instead of our home-grown libpam-foreground, as well as for gnome-mount and hal.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Scott James Remnant (Canonical)

Priority:: Medium

Drafter:: Martin Pitt

Direction:: Needs approval

Assignee:: Martin Pitt

Definition:: Approved

Series goal:: Accepted for hardy

Implementation:: Implemented

Milestone target:: None

Started by: Martin Pitt on 2007-11-22

Completed by: Martin Pitt on 2008-01-13

Related branches

Related bugs

Sprints

Whiteboard

pitti, 2007-11-22: I emptied my brain into this Spec. Please review and give me some feedback.
Kees, can you please have your security eye on this, too? TIA
keybuk, 2007-11-22: looks good, pending kees approval
pitti, 2007-11-22: Rollout , gnome-mount changes implemented; ptrace protection, libpam-foreground dropping, and sudoers checks are still outstanding
kees, 2007-11-26: this looks good to me, it follows all the points of discussion we had about ptrace protections.
pitti, 2007-12-18: ptrace() protection strategy updated after discussion with kernel, AppArmor, and Debian upstreams, and further thinking
pitti, 2008-01-03: admin definition needs discussion: https://lists.ubuntu.com/archives/ubuntu-devel/2008-January/024904.html
pitti, 2008-01-13: we'll go with the group-based definition of admin; spec is implemented, needs release-note and test sections filled out
pitti, 2008-01-13: implemented