The vendor tree (/usr) cannot contain any secrets or privileged data, as it
is normally shipped in images or packages that can be trivially downloaded and
inspected by anybody.
It thus makes no sense to impose that /usr/share/polkit-1/rules.d is installed
as 700 and owned by the polkitd user. Remove this logic from meson.
The local (admin) configuration tree is /etc, and that is left as-is.
Having non-root directories in /usr creates huge problems for image builders,
as you must ensure that the uid available at build time is exactly the same
as the uid available at runtime. Dropping this requirement will allow to remove
a lot of kludges.")
In gitlab.freedesktop.org by bluca on Dec 30, 2022, 19:45
Link to the original merge request: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/153 This merge request consists of the following commits:
The vendor tree (/usr) cannot contain any secrets or privileged data, as it is normally shipped in images or packages that can be trivially downloaded and inspected by anybody. It thus makes no sense to impose that /usr/share/polkit-1/rules.d is installed as 700 and owned by the polkitd user. Remove this logic from meson.
The local (admin) configuration tree is /etc, and that is left as-is.
Having non-root directories in /usr creates huge problems for image builders, as you must ensure that the uid available at build time is exactly the same as the uid available at runtime. Dropping this requirement will allow to remove a lot of kludges.")