[oi-dev] glib changes review

[Nikola M]

On 03/11/16 09:15 PM, Alexander Pyhalov wrote:
> Here's the new version : 
> https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
>
> What is changed:
> - now we use pfexec to run brasero and sound juicer;
> - we don't care if user runs with EUID 0, it's his own difficulties;
> so far this works with sudo, but fails (for brasero only) with 
> su/pfexec, when user have Primary Administrator profile (just don't 
> use Primary Administrator, it's insane));
> - we restrict privileges to basic_privs,sys_devices.
>
> What is changed from user perspective:
> - brasero/sound juicer will work in default configurations when run 
> from menu;
> - if  you have Primary Administrator profile, brasero will not work 
> when run from menu.
>
> Needs some more testing (so far didn't try to write CDs, just looked 
> at ppriv output).
This is _not sane_, "solution" nor acceptable to make Primary 
Administrator an invalide because there are bugs somewhere elese, in Glib.
I would rather sopundjuicer/brasero NOT working as user if Primary 
administrator can't do that task.

Primary Administrator can be used to test does some functionality works 
and see exactly where bugs are and this bug is as said in Glib and Not 
elsewhere, so untill it is fixed, it is better not to make things worse 
untill then.  PA should do _anything_ so not being able to do _anything_ 
is very huge bug by itself.
Not introducing bigger bug, please, to solve another one is very 
appretiated.

Primary Administrator is not selected by default Atm and it is enough to 
say that it is not to be used for everyday tasks, without attacking it's 
existence.

Ideally, command should work as described as Desktop user (not every 
user) should be able to write optical media and read from it for some 
tasks (Even if making new RBAC role for it) and that is where roles come 
to play, but without affecting the rest of the system sanity.