PolicyKit: looser limitations, tighter security for Linux applications
by Andy Oram
We're used to think of system-enforced access policies as crude and coarse-grained, such as the setuid permission bit that lets a user execute a program as the file's owner. Fine-grained access has to be enforced by individual applications, a laborious coding process that is weakened by not being able to take advantage of underlying operation system security. PolicyKit, developed by Red Hat and included in Fedora 8, ameliorates this unsatisfactory situation.
Red Hat developer David Zeuthen describes through examples the types of access problems solved by PolicyKit: "it's fine to mount removable media; it's not fine to mount fixed media; it's not fine to change the timezone." These are operating system capabilities that can be enforced by such operating system components as the HAL or the filesystem. But any application can use PolicyKit API to enforce any kind of access it chooses to, and it gets the backing of the operating system. Zeuthen compares PolicyKit to Authorization Services on Mac OS X and Group Policy in Windows.
It doesn't seem as if PolicyKit will replace SELinux or PAM? If that's right, you still don't have a single policy DB. So why would an SA want yet another policy DB to maintain?
|SELinux serves a different purpose from PolicyKit. SELinux is a mandatory access control solution to contain processes and to prevent them from executing particular actions. PolicyKit is a toolkit to delegate parts of system administration. SELinux can't do what PolicyKit does. PolicyKit cannot do what SELinux does. They, therefore, are independent and complementary.|