[oi-dev] glib changes review
minikola at gmail.com
Wed Mar 16 05:30:41 UTC 2016
On 03/11/16 09:15 PM, Alexander Pyhalov wrote:
> Here's the new version :
> What is changed:
> - now we use pfexec to run brasero and sound juicer;
> - we don't care if user runs with EUID 0, it's his own difficulties;
> so far this works with sudo, but fails (for brasero only) with
> su/pfexec, when user have Primary Administrator profile (just don't
> use Primary Administrator, it's insane));
> - we restrict privileges to basic_privs,sys_devices.
> What is changed from user perspective:
> - brasero/sound juicer will work in default configurations when run
> from menu;
> - if you have Primary Administrator profile, brasero will not work
> when run from menu.
> Needs some more testing (so far didn't try to write CDs, just looked
> at ppriv output).
This is _not sane_, "solution" nor acceptable to make Primary
Administrator an invalide because there are bugs somewhere elese, in Glib.
I would rather sopundjuicer/brasero NOT working as user if Primary
administrator can't do that task.
Primary Administrator can be used to test does some functionality works
and see exactly where bugs are and this bug is as said in Glib and Not
elsewhere, so untill it is fixed, it is better not to make things worse
untill then. PA should do _anything_ so not being able to do _anything_
is very huge bug by itself.
Not introducing bigger bug, please, to solve another one is very
Primary Administrator is not selected by default Atm and it is enough to
say that it is not to be used for everyday tasks, without attacking it's
Ideally, command should work as described as Desktop user (not every
user) should be able to write optical media and read from it for some
tasks (Even if making new RBAC role for it) and that is where roles come
to play, but without affecting the rest of the system sanity.
More information about the oi-dev