Bug 11476 - draksec does not modify permissions
Summary: draksec does not modify permissions
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Colin Guthrie
QA Contact:
URL:
Whiteboard:
Keywords: Junior_job
Depends on:
Blocks:
 
Reported: 2013-10-15 17:36 CEST by Daniele B
Modified: 2013-11-27 13:24 CET (History)
3 users (show)

See Also:
Source RPM: drakxtools-15.68-1.mga4
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Daniele B 2013-10-15 17:36:14 CEST 
When opening draksec the window does not show the current setting - all the dropdown menu are blank.

Moreover, changing the settings in any field does not affect anything; the files under /usr/share/polkit-1/actions are never modified (and they should be)


Theme name: oxygen-gtk
RPM: drakxtools-15.68-1.mga4
Kernel version = 3.12.0-desktop-0.rc5.1.mga4
Distribution=Mageia release 4 (Cauldron) for x86_64
CPU=Intel(R) Core(TM) i3 CPU       M 350  @ 2.27GHz
David Walser 2013-10-15 18:13:07 CEST

Hardware: x86_64 => All
Assignee: bugsquad => mageia

Comment 1 Colin Guthrie 2013-10-15 19:14:49 CEST 
Implementation notes:

draksec will ship a new file:

/usr/share/polkit-1/rules.d/org.mageia.draksec.rules containing:

polkit.addRule(function(action, subject) {
  if (typeof draksecAuth != "function" || action.id.indexOf("org.mageia.") != 0)
    return polkit.Result.NOT_HANDLED;

  var tool = action.id.split(".")[2];
  var rv = draksecAuth(tool);
  if (rv != polkit.Result.NOT_HANDLED)
    polkit.log("draksec security policy for '" + tool + "' is overriden to '" + rv + "'");
  return rv;
});



The GUI will then change to read/write a file called /etc/polkit-1/rules.d/51-mageia-draksec.rules.

This file will contain e.g.:

var draksecAuth = function(tool) {
  switch (tool) {
    case 'drakconf': return polkit.Result.YES;
    case 'drakrpm': return polkit.Result.AUTH_SELF_KEEP;
  }
  return polkit.Result.NOT_HANDLED;
};


essentially for each tool that is overridden from the default, it will contain a case+return pair.

This should be fairly easy to parse using regex in perl. If the file does not exist, then default policy is applied.

The only tricky bit in the UI would be knowing what "default" means, (as it would require parsing all the action policy files) but this could be left out.


Ultimately the tool will likely become a lot simpler.

If someone wants to play at learning perl etc. then this is quite a simple task to implement.
Manuel Hiebel 2013-10-15 20:59:33 CEST

Keywords: (none) => Junior_job
CC: (none) => thierry.vignaud

Olav Vitters 2013-10-15 23:36:49 CEST

CC: (none) => olav

Vince45 2013-10-16 16:31:12 CEST

CC: (none) => vince.7145

Comment 2 Colin Guthrie 2013-11-21 22:33:59 CET 
This should now be implemented in git, namely this commit:
http://gitweb.mageia.org/software/drakx/commit/?id=3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1

(although there were a few other small tidyups).
Comment 3 Colin Guthrie 2013-11-27 13:24:20 CET 
Completed as per above comment.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.