Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
local udisks pkla rule stopped working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
urcindalo
l33t
l33t


Joined: 08 Feb 2005
Posts: 623
Location: Almeria, Spain

PostPosted: Tue Oct 09, 2012 9:13 am    Post subject: local udisks pkla rule stopped working Reply with quote

Hi and thanks for reading this!

After the upgrade to dbus-1.6.8 from 1.6.2 I can no longer automount my internal partitions without being asked for a password. I use a stable amd64 box.
It used to work with this setup:
Code:
lab 50-local.d # ll /etc/polkit-1/localauthority/50-local.d/
total 8
-rw-r--r-- 1 root root 128 oct  9 10:36 01-my-polkit-udisks.pkla
-rw-r--r-- 1 root root 206 feb 10  2012 10-org-freedesktop-network-manager-settings.pkla
lab 50-local.d # cat 01-my-polkit-udisks.pkla
[udisks full access]
Identity=unix-group:wheel
Action=org.freedesktop.udisks.*
ResultAny=yes
ResultInactive=no
ResultActive=yes


However, it seems now the rules in the 01-my-polkit-udisks.pkla file are no longer honored. Previously the working file name was my-polkit-udisks.pkla, but I have even prefixed it with "01-" to try to make it work, just in case.
Am I missing something? I even re-emerged udisks, to no avail.

Any help is greatly appreciated.


Last edited by urcindalo on Thu Oct 11, 2012 11:38 am; edited 2 times in total
Back to top
View user's profile Send private message
urcindalo
l33t
l33t


Joined: 08 Feb 2005
Posts: 623
Location: Almeria, Spain

PostPosted: Tue Oct 09, 2012 4:00 pm    Post subject: Reply with quote

I downgraded to dbus-1.6.2 and the problem persists, so dbus is not to blame, at least alone.

This problem also happens on my laptop at home. I just checked. So now I have two different boxes screwed up by some dbus/udisks/policy very recent change/upgrade.
Back to top
View user's profile Send private message
urcindalo
l33t
l33t


Joined: 08 Feb 2005
Posts: 623
Location: Almeria, Spain

PostPosted: Thu Oct 11, 2012 11:35 am    Post subject: Reply with quote

It seems the problem is indeed the udisks .pkla rule in /etc/polkit-1/localauthority/50-local.d not being honored anymore.
When I change the org.freedesktop.udisks.filesystem-mount-system-internal rule in /usr/share/polkit-1/actions/org.freedesktop.udisks.policy to YES for allow_active I can mount internal partitions without being prompted for a password. This also means I'm correctly getting an active session, as shown by ck-list-sessions:

Code:
$ ck-list-sessions
Session1:
        unix-user = '1000'
        realname = '(null)'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty7'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2012-10-11T10:46:12.928083Z'
        login-session-id = '7'


However, editing the org.freedesktop.udisks.filesystem-mount-system-internal rule is not the recommended way of achieving what I want.

What is failing?
Why my rule in /etc/polkit-1/localauthority/50-local.d is not working anymore?
Am I the only one suffering from this?
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6196

PostPosted: Thu Oct 11, 2012 3:05 pm    Post subject: Reply with quote

:roll: Just like you were told in the bug, that you shouldn't have opened yet, the answer is http://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html.
The syntax of polkit rules has changed - you most likely just need to rewrite that pkla into the new syntax.
Back to top
View user's profile Send private message
urcindalo
l33t
l33t


Joined: 08 Feb 2005
Posts: 623
Location: Almeria, Spain

PostPosted: Sat Oct 13, 2012 8:58 am    Post subject: Reply with quote

I solved it.

It wasn't simply a syntax change in the pkla file :roll:
I had to:
1) Place the rule in another directory, with a different suffix and a different syntax.
2) Correct the bad syntax in the polkit Gentoo Wiki example.

Just in case someone needs it, these are the steps to solve the issue:
1) Become root
2) Go to /etc/polkit-1/rules.d
3) Create a file like 99-udisks.rules with this content (assuming the user belongs to the wheel group):
Code:
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks.filesystem-mount-system-internal" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

4) That's it :)

As a side note I really hope some people, when visiting a Doctor to get cured, were actually told what drugs to take instead of what Treaty of Medicine to study to cure themselves.
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6196

PostPosted: Sat Oct 13, 2012 5:45 pm    Post subject: Reply with quote

I said you need to rewrite the rule into the new syntax, not the file.
While the change done by upstream in a quite annoying way, it was a documented change (well, kind of).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum