Bug 967354
Summary: | Impossible to uninstall polkit-pkla-compat | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Zeuthen <zeuthen> |
Component: | polkit-pkla-compat | Assignee: | Miloslav Trmač <mitr> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | mitr |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-27 13:05:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Zeuthen
2013-05-26 19:31:41 UTC
Thanks for your report. IMO, consistent results of the policy trump performance, and that's why polkit-pkla-compat needs to stay mandatory. It would be great to improve the performace, however I don't currently have any more time to spend on this; patches would be definitely welcome. (And re: the recommendation in polkit(8), it doesn't really apply because the pkla-* helpers can't run for a "very long or indeterminate amount of time", and polkitd does not handle other requests until the current one is answered ion any case, whether the answer is determined in C or JS). FWIW, some numbers (average of 5 measurements, real time): * (pkcheck --action-id org.freedesktop.locale1.set-keyboard --process $$) without polkit-pkla-compat: 27 ms * The same with polkit-pkla-compat: 61.8 ms (OK, a non-trivial increase.) * (pkla-check-authorization mitr true true org.freedesktop.locale1.set-keyboard) 13.6 ms * (pkla-admin-identities) 10.6 ms So as an unachievable lower bound, if the two helpers were replaced by a JavaScript code that took zero time to execute, the time for pkcheck could be improved to 37.6 ms. One possible way to speed this up is to deviate polkit-pkla-compat further from the original code and to rip out all of the gio/gmonitor calls, with the goal of no longer linking with libgio (at least for pkla-admin-identities, 98% of the runtime is spent loading and initializing various libraries). Another would be to add enough functionality to JS to actually allow implementing polkit-pkla-* in JS. And the third is to call polkitbackendlocalauthority from inside the JS backend, which is architecturally really ugly. |