Enviar pesquisa
Carregar
DBus PolicyKit and YaST
âą
Transferir como ODP, PDF
âą
1 gostou
âą
1,012 visualizaçÔes
L
lslezak
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 39
Baixar agora
Recomendados
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
Novell
Â
Lecture 8 permissions
Lecture 8 permissions
Wiliam Ferraciolli
Â
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep Dive
Shradha Nayak Thakare
Â
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
Â
Novell ZENworks Overview and Futures
Novell ZENworks Overview and Futures
Novell
Â
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell
Â
Novell Teaming: Automating Business Processes with Forms and Workflows
Novell Teaming: Automating Business Processes with Forms and Workflows
Novell
Â
IBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive training
Smita Raut
Â
Recomendados
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
Novell
Â
Lecture 8 permissions
Lecture 8 permissions
Wiliam Ferraciolli
Â
IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep Dive
Shradha Nayak Thakare
Â
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
Â
Novell ZENworks Overview and Futures
Novell ZENworks Overview and Futures
Novell
Â
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell
Â
Novell Teaming: Automating Business Processes with Forms and Workflows
Novell Teaming: Automating Business Processes with Forms and Workflows
Novell
Â
IBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive training
Smita Raut
Â
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
Novell
Â
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
Â
Cont0519
Cont0519
Samuel Dratwa
Â
File Access in Novell Open Enterprise Server 2 SP2
File Access in Novell Open Enterprise Server 2 SP2
Novell
Â
Unit09
Unit09
Nurul Nadirah
Â
Cloud storage solution technical requirement
Cloud storage solution technical requirement
taotao1240
Â
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
DataWorks Summit
Â
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
Â
Big Data 2107 for Ribbon
Big Data 2107 for Ribbon
Samuel Dratwa
Â
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
Â
Novell Identity Manager Tips, Tricks and Best Practices
Novell Identity Manager Tips, Tricks and Best Practices
Novell
Â
Cl309
Cl309
Juliette Ponnet
Â
Application layer
Application layer
Neha Kurale
Â
SQL Queries on Smalltalk Objects
SQL Queries on Smalltalk Objects
ESUG
Â
Novell Open Enterprise Server for Beginners
Novell Open Enterprise Server for Beginners
Novell
Â
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
Hendrik van Run
Â
Ch13 protection
Ch13 protection
Welly Dian Astika
Â
Cl116
Cl116
Juliette Ponnet
Â
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day
Kimihiko Kitase
Â
Cl219
Cl219
Juliette Ponnet
Â
Android application development fundamentals
Android application development fundamentals
indiangarg
Â
Files matter-fms
Files matter-fms
Finceptum Oy
Â
Mais conteĂșdo relacionado
Mais procurados
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
Novell
Â
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
Â
Cont0519
Cont0519
Samuel Dratwa
Â
File Access in Novell Open Enterprise Server 2 SP2
File Access in Novell Open Enterprise Server 2 SP2
Novell
Â
Unit09
Unit09
Nurul Nadirah
Â
Cloud storage solution technical requirement
Cloud storage solution technical requirement
taotao1240
Â
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
DataWorks Summit
Â
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
Â
Big Data 2107 for Ribbon
Big Data 2107 for Ribbon
Samuel Dratwa
Â
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
Â
Novell Identity Manager Tips, Tricks and Best Practices
Novell Identity Manager Tips, Tricks and Best Practices
Novell
Â
Cl309
Cl309
Juliette Ponnet
Â
Application layer
Application layer
Neha Kurale
Â
SQL Queries on Smalltalk Objects
SQL Queries on Smalltalk Objects
ESUG
Â
Novell Open Enterprise Server for Beginners
Novell Open Enterprise Server for Beginners
Novell
Â
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
Hendrik van Run
Â
Ch13 protection
Ch13 protection
Welly Dian Astika
Â
Cl116
Cl116
Juliette Ponnet
Â
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day
Kimihiko Kitase
Â
Cl219
Cl219
Juliette Ponnet
Â
Mais procurados
(20)
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
Â
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Â
Cont0519
Cont0519
Â
File Access in Novell Open Enterprise Server 2 SP2
File Access in Novell Open Enterprise Server 2 SP2
Â
Unit09
Unit09
Â
Cloud storage solution technical requirement
Cloud storage solution technical requirement
Â
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
NonStop Hadoop - Applying the PaxosFamily of Protocols to make Critical Hadoo...
Â
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Â
Big Data 2107 for Ribbon
Big Data 2107 for Ribbon
Â
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
Â
Novell Identity Manager Tips, Tricks and Best Practices
Novell Identity Manager Tips, Tricks and Best Practices
Â
Cl309
Cl309
Â
Application layer
Application layer
Â
SQL Queries on Smalltalk Objects
SQL Queries on Smalltalk Objects
Â
Novell Open Enterprise Server for Beginners
Novell Open Enterprise Server for Beginners
Â
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
CSD-2881 - Achieving System Production Readiness for IBM PureApplication System
Â
Ch13 protection
Ch13 protection
Â
Cl116
Cl116
Â
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day
Â
Cl219
Cl219
Â
Semelhante a DBus PolicyKit and YaST
Android application development fundamentals
Android application development fundamentals
indiangarg
Â
Files matter-fms
Files matter-fms
Finceptum Oy
Â
Synapseindia android apps overview
Synapseindia android apps overview
Synapseindiappsdevelopment
Â
Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...
David Wallom
Â
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
AVEVA
Â
Os file
Os file
mominabrar
Â
Net essentials6e ch8
Net essentials6e ch8
APSU
Â
Birmingham-20060705
Birmingham-20060705
Miguel Vidal
Â
Active directoryfinal
Active directoryfinal
RafaĆ Kucharski
Â
Processes and Threads in Windows Vista
Processes and Threads in Windows Vista
Trinh Phuc Tho
Â
TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
Real-Time Innovations (RTI)
Â
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
Ajay Choudhary
Â
How to Build a Compute Cluster
How to Build a Compute Cluster
Ramsay Key
Â
Rocking the enterprise with Ruby - RubyKaigi 2010
Rocking the enterprise with Ruby - RubyKaigi 2010
releasebeta
Â
(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environment
BIOVIA
Â
Distributed Operating System.pptx
Distributed Operating System.pptx
harpreetkaur1129
Â
Open shift and docker - october,2014
Open shift and docker - october,2014
Hojoong Kim
Â
Hpc 6 7
Hpc 6 7
Yasir Khan
Â
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
moneyjh
Â
Unit 4
Unit 4
pm_ghate
Â
Semelhante a DBus PolicyKit and YaST
(20)
Android application development fundamentals
Android application development fundamentals
Â
Files matter-fms
Files matter-fms
Â
Synapseindia android apps overview
Synapseindia android apps overview
Â
Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...
Â
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
Â
Os file
Os file
Â
Net essentials6e ch8
Net essentials6e ch8
Â
Birmingham-20060705
Birmingham-20060705
Â
Active directoryfinal
Active directoryfinal
Â
Processes and Threads in Windows Vista
Processes and Threads in Windows Vista
Â
TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
Â
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
Â
How to Build a Compute Cluster
How to Build a Compute Cluster
Â
Rocking the enterprise with Ruby - RubyKaigi 2010
Rocking the enterprise with Ruby - RubyKaigi 2010
Â
(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environment
Â
Distributed Operating System.pptx
Distributed Operating System.pptx
Â
Open shift and docker - october,2014
Open shift and docker - october,2014
Â
Hpc 6 7
Hpc 6 7
Â
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
Â
Unit 4
Unit 4
Â
Mais de lslezak
openSUSE Conference 2017 - YaST News
openSUSE Conference 2017 - YaST News
lslezak
Â
openSUSE Conference 2017 - The Docker at Travis Presentation
openSUSE Conference 2017 - The Docker at Travis Presentation
lslezak
Â
openSUSE Conference 2017 - The Atom Presentation
openSUSE Conference 2017 - The Atom Presentation
lslezak
Â
Integrating the Ruby Debugger into YaST
Integrating the Ruby Debugger into YaST
lslezak
Â
YaST Debugging
YaST Debugging
lslezak
Â
WebYaST (openSUSE conference 2010)
WebYaST (openSUSE conference 2010)
lslezak
Â
WebYaST presentation at LinuxTag 2010
WebYaST presentation at LinuxTag 2010
lslezak
Â
Mais de lslezak
(7)
openSUSE Conference 2017 - YaST News
openSUSE Conference 2017 - YaST News
Â
openSUSE Conference 2017 - The Docker at Travis Presentation
openSUSE Conference 2017 - The Docker at Travis Presentation
Â
openSUSE Conference 2017 - The Atom Presentation
openSUSE Conference 2017 - The Atom Presentation
Â
Integrating the Ruby Debugger into YaST
Integrating the Ruby Debugger into YaST
Â
YaST Debugging
YaST Debugging
Â
WebYaST (openSUSE conference 2010)
WebYaST (openSUSE conference 2010)
Â
WebYaST presentation at LinuxTag 2010
WebYaST presentation at LinuxTag 2010
Â
Ăltimo
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Â
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Â
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Â
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Â
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Â
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Â
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Â
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Â
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Â
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Â
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Â
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Â
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Â
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Â
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Â
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
Â
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Â
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Â
Ăltimo
(20)
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Â
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Â
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Â
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Â
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Â
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Â
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Â
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Â
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Â
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Â
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Â
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Â
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Â
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Â
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Â
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Â
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Â
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Â
DBus PolicyKit and YaST
1.
DBus, PolicyKit and
YaST Ing. Ladislav SlezĂĄk <lslezak@novell.com> YaST Developer
2.
DBus
3.
© Novell, Inc.
All rights reserved.3 DBus âą What is DBus? â Local interprocess communication (IPC) â Message based (sends messages, not streams) â Messages are transferred in binary form â Supports 1:1 and 1:N communication
4.
© Novell, Inc.
All rights reserved.4 DBus âą Why? â Unified communication for desktop replacing DCOP (KDE) and CORBA (GNOME) â For communication between desktop applications or between desktop applications and system daemons, for handling system events...
5.
© Novell, Inc.
All rights reserved.5 DBus Concepts âą Object oriented view â DBus services provides objects â But OOP is not required, service can be written in C âą Data types â Basic data types: integer, string, boolean... â Containers: array, hash, structure, variant > Containers can be recursive
6.
© Novell, Inc.
All rights reserved.6 DBus parts âą DBus daemon â Runs a bus, processes and routes the messages âą DBus library (libdbus) â Low-level C API âą Language bindings â High-level API for Python, Ruby, Qt, Glib ⊠â Wrappers for low-level C calls â Conversion between native and DBus data types â May provide object proxy for mapping native objects (GObject, QObject,...) and signals to DBus objects and signals
7.
© Novell, Inc.
All rights reserved.7 DBus Terminology âą Bus â The place for transferring the messages â Multiple buses can run in parallel > System wide bus â single bus for system wide events and services, runs under a system user (non-root) > Session bus â one per user session, for desktop applications, created at login, runs with user privileges > Private bus â special separate bus can be started by applications
8.
© Novell, Inc.
All rights reserved.8 DBus Terminology âą Connection/Service name â Unique ID (:1.42, assigned by DBus) or well-known (org.freedesktop.PowerManagement, defined by service) âą Object path in object tree â /org/freedesktop/PowerManagement âą Interface name â Named group of methods and signals, org.freedesktop.PowerManagement âą Method name â Suspend
9.
© Novell, Inc.
All rights reserved.9 DBus Terminology Service org.freedesktop.PowerManagement Object /org/freedesktop/PowerManagement Bus Interface org.freedesktop.PowerManagement Method Suspend()
10.
© Novell, Inc.
All rights reserved.10 DBus Message âą Message types â Method call â Method reply â Error â Signal (1:N publish/subscribe communication) âą Header â Type, destination service, target object, method, sender, serial number, data type signature... âą Data â Arguments in binary form
11.
© Novell, Inc.
All rights reserved.11 Object Introspection âą Query available objects in a service âą Runtime object browsing âą Needed by language proxies and DBus browsers
12.
© Novell, Inc.
All rights reserved.12 Service Activation âą DBus service â can be provided by a running application â can start be started on demand > Started service can continue running, it can exit immediately or exit after a timeout
13.
© Novell, Inc.
All rights reserved.13 Access Control âą It's possible to allow or deny access to a specific object, interface, method, signal...
14.
© Novell, Inc.
All rights reserved.14 Python Example âą Method call example import dbus bus = dbus.SessionBus() obj = bus.get_object('org.freedesktop.PowerManagement', '/org/freedesktop/PowerManagement') iface = dbus.Interface(obj,'org.freedesktop.PowerManagement') result = iface.CanHibernate() print result
15.
© Novell, Inc.
All rights reserved.15 GUI Tools â qdbusviewer
16.
© Novell, Inc.
All rights reserved.16 GUI Tools â kdbus
17.
© Novell, Inc.
All rights reserved.17 Command line tools âą dbus-send â Sends a message âą dbus-monitor â Monitors activity on a bus âą qdbus â DBus browsing, sending messages
18.
© Novell, Inc.
All rights reserved.18 DBus Documentation âą Introduction to DBus â http://www.freedesktop.org/wiki/IntroductionToDBus âą DBus tutorial â http://dbus.freedesktop.org/doc/dbus-tutorial.html âą DBus FAQ â http://dbus.freedesktop.org/doc/dbus-faq.html âą Low-level C API â http://dbus.freedesktop.org/doc/dbus/api/html/group__DBus.html âą C example â http://dbus.freedesktop.org/doc/dbus/libdbus-tutorial.html
19.
PolicyKit
20.
© Novell, Inc.
All rights reserved.20 PolicyKit âą Framework for central policy management of privileged operations â In contrast to /etc/sudoers, user group management... âą Extends DBus security model â more fine grained privileges â User can mount removable media, but cannot mount fixed media â User can shutdown the machine from a local session
21.
© Novell, Inc.
All rights reserved.21 PolicyKit Model âą Application is split to privileged and unprivileged part, each part runs in a different process â For security reasons the privileged part should be as small as possible â The privileged part is called âMechanismâ âą These parts communicate via IPC (DBus, pipes, ...)
22.
© Novell, Inc.
All rights reserved.22 PolicyKit Model http://hal.freedesktop.org/docs/PolicyKit/diagram-bus-model.png
23.
© Novell, Inc.
All rights reserved.23 Mechanism âą Runs as a privileged user âą Parts of mechanism â Decider part â checks whether the requester is allowed to call the action part â Action part â carries out the privileged action âą The action is performed only when the decider part says âYesâ Request Mechanism Allowed? Do Action Error
24.
© Novell, Inc.
All rights reserved.24 Input for Decision âą Subject â Attributes of the requester â UID, application, local or remote session, active session... âą Object â Removable device, Package, Power management... âą Action â What to do with the object â Mount the device, install the package, reboot the system... âą PolicyKit encodes object and action to single Action ID â e.g. org.freedesktop.hal.storage.mount-removable
25.
© Novell, Inc.
All rights reserved.25 Authorization Check âą Also the unprivileged part may check whether it can do the privileged operation â Disabled or locked options in UI
26.
© Novell, Inc.
All rights reserved.26 How to Obtain an Authorization âą User is allowed to do action â By default (defined in configuration file) â Under a special condition (e.g. active session) â Administrator grants the authorization to the user â Obtains the authorization via authentication
27.
© Novell, Inc.
All rights reserved.27 Authentication âą Authentication agent is a DBus service (org.freedesktop.PolicyKit.AuthenticationAgent)
28.
© Novell, Inc.
All rights reserved.28 Workflow âą HAL example âą Mount request sent http://hal.freedesktop.org/docs/PolicyKit/diagram-interaction.png âą Check the authorization
29.
© Novell, Inc.
All rights reserved.29 Workflow âą An exception is returned âą The user authenticates
30.
© Novell, Inc.
All rights reserved.30 Workflow âą A token is written to DB âą The second attept is OK
31.
© Novell, Inc.
All rights reserved.31 Command Line Tools âą polkit-auth â Manage authorizations â display, obtain, revoke... âą polkit-action â List actions, modify defaults âą polkit-policy-file-validate â A validation tool for .policy files, should be called from 'make check' âą polkit-policy-file-validate â Validates /etc/PolicyKit/PolicyKit.conf file
32.
© Novell, Inc.
All rights reserved.32 PolicyKit Documentation âą Design, API reference manual, tools... â http://hal.freedesktop.org/docs/PolicyKit/index.html â Package PolicyKit-doc
33.
YaST DBus Service
34.
© Novell, Inc.
All rights reserved.34 YaST DBus Service âą Access the YaST functionality from other applications âą Needed for WebYaST Why DBus? âą Auto start (no running daemon) âą Starts YaST as root user (no SUID flag) Why PolicyKit? âą Admin tools available
35.
© Novell, Inc.
All rights reserved.35 YaST DBus Service âą Package yast2-dbus-server âą Service org.opensuse.YaST.modules running on the system bus âą Object /org/opensuse/YaST/modules/<module> âą Interface org.opensuse.YaST.Values âą The service is started automatically âą Shuts down after 2 minutes
36.
© Novell, Inc.
All rights reserved.36 Solved Problems âą PolicyKit action ID â Created from function name â Checked before function call âą Stateful YaST modules â Stateless wrappers (YaPI) â Lock(), Unlock() methods âą YaST module autoloading â No need to load all YaST modules âą YCP data types and special values â Additional interface âą Bugfixes in Ruby DBus bindings
37.
Questions?
38.
Thank you!
Baixar agora