Add LANGUAGE property to LMI_Locale
by Alexander Lakhin
Hello,
It seems that LMI_Locale misses one important property - LANGUAGE.
The property can have value distinct from LC_* and LANG and it is
supported by systemd-localed/localectl.
Is it possible to add it to the LMI_Locale provider?
I would like to propose the attached patch for it or should I file the bug?
Best regards,
Alexander
8 years, 8 months
Polkit-based authorization in OpenLMI providers
by Jan Safranek
Hello,
I've been working on reusing polkit authorization for OpenLMI providers,
which use a DBus service (e.g. NetworkManager, PackageKit, realmd,
systemd, ...).
I've documented the architecture on our wiki [1] and I submitted review
in our review-board. I won't push the patches until we get to an
agreement that it's the way to go and also the implementation is secure
- please review carefully. There are *no* changes needed in our provider
code and/or in the DBus services we work with.
1: https://fedorahosted.org/openlmi/wiki/PolkitAuthorization
2: https://reviewboard-openlmi.rhcloud.com/users/jsafrane/
In short, the concept is similar to Cockpit's reauthorization [3], we
just don't play tricks with user passwords - we don't have one on CIM
provider level. Instead, we register a polkit agent, which bluntly
authenticates every request from polkit in its PAM session.
3: https://github.com/cockpit-project/cockpit/blob/master/doc/reauthorize.md
[Kudos to Cockpit guys, I used their code to implement polkit agent and
helper.]
Just a side note: right now, users with remote CIM access must be
members of 'pegasus' group, otherwise they cannot start a provider. Is
it good or bad? Should _any_ user be able to use CIM by default and let
polkit decide? It's trivial to fix, just set different file/directory
permissions in tog-pegasus.rpm. And there is /etc/Pegasus/access.conf,
which can control access properly if sysadmin wishes, so the question is
just about the default setting.
Jan
9 years, 1 month
Getting list of registered profiles for openlmi
by Devchandra L Meetei
Hi All
Does openlmi providers advertise the CIM_registeredProfile for openlmi
providers?
I am not able to get it, prima facie, by a enumerate instance on interop
namespace(both root/PG_InterOp and root/interop).
It shows registeredProfiles of pegasus only.
Also while trying to list it using lmishell,
c.root.PG_interop.CIM_RegisteredProfile show
NOT FOUND error as PG_InterOp's case is changed, which should be fine as
CIMName are supposed to be case insensitive.
This behaviour is seen on openlmi shipped with CentOS-7
Please correct me if I am doing incorrectly.
--
Warm Regards
--Dev
OpenPegasus Developer
"I'm one of those people that think Thomas Edison and the light bulb
changed the world more than Karl Marx ever did," Steve Jobs
9 years, 1 month