CheckboxPolicykit

Differences between revisions 1 and 2
Revision 1 as of 2008-12-05 11:50:12
Size: 2851
Editor: cpc1-oxfd8-0-0-cust993
Comment: new spec
Revision 2 as of 2008-12-08 19:39:56
Size: 3148
Editor: 216
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Line 13: Line 12:
##This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.) No real user impact, so no release note necessary. Users will still be prompted for authentication, but at different times.
Line 17: Line 16:
When running Checkbox on an end-user desktop it is more appropriate to elevate privileges selectively. Desktop tests running with LDTP should run as a user and Checkbox should be able to run in the same mode. Although running Checkbox through sudo has allowed us to work around permission related issues, this provides a "tainted" result as well as exposing the system vulnerabilites. In particular the latter will become more of a concern as we extend test coverage and incorporate community tests.

Ideally unless we are testing functionality that requires root permissions, then all tests should be performed as the current users.

This will also allow us to address current issues with integrating LDTP/desktop tests into Checkbox, as they cannot (easily) be run as root.
Line 25: Line 28:

 * That PolicyKit is the right solution for this
 * That the current requirements for running as root only apply to a small number of tests

  • Launchpad Entry: qa-checkbox-policykit

  • Created: 2008-12-05

  • Contributors: schwuk

  • Packages affected: checkbox

Summary

Checkbox currently runs completely as root which is not appropriate default behaviour for most end-user cases. Privileges should be elevated only when there is a specific need as defined in the test.

Release Note

No real user impact, so no release note necessary. Users will still be prompted for authentication, but at different times.

Rationale

Although running Checkbox through sudo has allowed us to work around permission related issues, this provides a "tainted" result as well as exposing the system vulnerabilites. In particular the latter will become more of a concern as we extend test coverage and incorporate community tests.

Ideally unless we are testing functionality that requires root permissions, then all tests should be performed as the current users.

This will also allow us to address current issues with integrating LDTP/desktop tests into Checkbox, as they cannot (easily) be run as root.

Use Cases

  • Jill desktop user starts Checkbox from the Admin menu (System Testing). She can get a basic view of her hardware and perform most tests without entering her password.
  • As we add more comprehensive desktop test coverage it is important that they run in an environment that is as realistic as possible - as a user, not as root.

Assumptions

  • That PolicyKit is the right solution for this

  • That the current requirements for running as root only apply to a small number of tests

Design

Implementation

UI Changes

Code Changes

Test/Demo Plan

Unresolved issues

BoF agenda and discussion

CategorySpec

QATeam/Specs/CheckboxPolicykit (last edited 2009-01-19 15:32:50 by cpc4-oxfd8-0-0-cust39)