Review Board 2.0.17


openlmi-storage: Add polkit integration.

Review Request #1924 - Created July 23, 2014 and submitted

Information
Jan Safranek
openlmi-storage
edc238d...
Reviewers
developers
Add polkit integration.

The polkit actions are taken from storaged and udisks, just with
org.openlmi.storage prefix. This allows us to experiment with existing
authorization schemes and identify problems in storaged and udisks.

The storage provider itself still runs as root, but is asks polkit
to authorize each action. Since polkit authorizes processes and not
users, we must spawn a little helper process under UID of the remote user
to check the authorization, see lmi.storage.util.polkit module. There is one
fork and several execs involved in each policy check.


   
Review request changed
Updated (Feb. 16, 2015, 2:28 p.m.)

Status: Closed (submitted)