Merge lp:~zyga/checkbox/fix-1299201 into lp:checkbox
Proposed by
Zygmunt Krynicki
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Zygmunt Krynicki | ||||
Approved revision: | 2988 | ||||
Merged at revision: | 2996 | ||||
Proposed branch: | lp:~zyga/checkbox/fix-1299201 | ||||
Merge into: | lp:checkbox | ||||
Diff against target: |
69 lines (+27/-0) 2 files modified
plainbox/plainbox/impl/ctrl.py (+3/-0) plainbox/plainbox/impl/test_ctrl.py (+24/-0) |
||||
To merge this branch: | bzr merge lp:~zyga/checkbox/fix-1299201 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Zygmunt Krynicki (community) | Approve | ||
Daniel Manrique (community) | Approve | ||
Review via email: mp+219317@code.launchpad.net |
To post a comment you must log in.
This looks OK in principle, but rather than just assuming polkit over ssh does not work at all, did we consider fixing the policy file? see comment in the bug, we can make everything auth_admin_keep:
<defaults> allow_any> auth_admin_ keep</allow_ any> allow_inactive> auth_admin_ keep</allow_ inactive> allow_active> auth_admin_ keep</allow_ active>
<
<
<
</defaults>
This may require clearing with the security team, as the secure policy is the one we ship in Ubuntu, but barring their disapproval I think that's also a possible solution.
Still, it's good for the controller to not try doing something it can't, but I wonder if instead of blanket assuming we don't work over SSH, we could use pkcheck to actively verify this.