This is a request for enhancement related to how/where polkit looks up for actions/*.policy files, in order to make it easier to split OEM/vendor actions and local-admin configured ones.
On transactional Linux distribution (e.g. those based on ostree, or adopting an A/B partitions update model), most of the /usr hierarchy is part of OS-versioned content and is mounted in Read-Only mode. This includes content under /usr/share/polkit-1/actions which is thus not editable by a local-admin.
As a user of an atomic Linux distribution (e.g. Fedora Silverblue), I'd like to able to define my own .policy action files somewhere under /etc/, so that I can define local policies without modifying OS-owned content.
In particular, it would be good to have a lookup split similar to the one currently existing for rules files (/usr/share/polkit-1/rules.d/ plus /etc/polkit-1/rules.d/, with etc-priority).
In GitLab by @lucab on Oct 13, 2020, 11:27
This is a request for enhancement related to how/where polkit looks up for
actions/*.policyfiles, in order to make it easier to split OEM/vendor actions and local-admin configured ones.On transactional Linux distribution (e.g. those based on ostree, or adopting an A/B partitions update model), most of the
/usrhierarchy is part of OS-versioned content and is mounted in Read-Only mode. This includes content under/usr/share/polkit-1/actionswhich is thus not editable by a local-admin.As a user of an atomic Linux distribution (e.g. Fedora Silverblue), I'd like to able to define my own
.policyaction files somewhere under/etc/, so that I can define local policies without modifying OS-owned content.In particular, it would be good to have a lookup split similar to the one currently existing for rules files (
/usr/share/polkit-1/rules.d/plus/etc/polkit-1/rules.d/, with etc-priority).