Integrate PolicyKit into Ubuntu

Registered by Martin Pitt on 2007-11-22

The Gnome world starts to heavily use PolicyKit in their latest versions, and we get more and more requests to support it.

For Hardy we want to gently introduce it and discuss the security, usability, and maintenance ramifications of it. We ship PK by default and use it instead of our home-grown libpam-foreground, as well as for gnome-mount and hal.

Blueprint information

Status:
Complete
Approver:
Scott James Remnant (Canonical)
Priority:
Medium
Drafter:
Martin Pitt
Direction:
Needs approval
Assignee:
Martin Pitt
Definition:
Approved
Series goal:
Accepted for hardy
Implementation:
Implemented
Milestone target:
None
Started by
Martin Pitt on 2007-11-22
Completed by
Martin Pitt on 2008-01-13

Related branches

Sprints

Whiteboard

pitti, 2007-11-22: I emptied my brain into this Spec. Please review and give me some feedback.
Kees, can you please have your security eye on this, too? TIA
keybuk, 2007-11-22: looks good, pending kees approval
pitti, 2007-11-22: Rollout , gnome-mount changes implemented; ptrace protection, libpam-foreground dropping, and sudoers checks are still outstanding
kees, 2007-11-26: this looks good to me, it follows all the points of discussion we had about ptrace protections.
pitti, 2007-12-18: ptrace() protection strategy updated after discussion with kernel, AppArmor, and Debian upstreams, and further thinking
pitti, 2008-01-03: admin definition needs discussion: https://lists.ubuntu.com/archives/ubuntu-devel/2008-January/024904.html
pitti, 2008-01-13: we'll go with the group-based definition of admin; spec is implemented, needs release-note and test sections filled out
pitti, 2008-01-13: implemented

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.