View previous topic :: View next topic |
Author |
Message |
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Tue Oct 09, 2012 9:13 am Post subject: local udisks pkla rule stopped working |
|
|
Hi and thanks for reading this!
After the upgrade to dbus-1.6.8 from 1.6.2 I can no longer automount my internal partitions without being asked for a password. I use a stable amd64 box.
It used to work with this setup:
Code: | lab 50-local.d # ll /etc/polkit-1/localauthority/50-local.d/
total 8
-rw-r--r-- 1 root root 128 oct 9 10:36 01-my-polkit-udisks.pkla
-rw-r--r-- 1 root root 206 feb 10 2012 10-org-freedesktop-network-manager-settings.pkla
lab 50-local.d # cat 01-my-polkit-udisks.pkla
[udisks full access]
Identity=unix-group:wheel
Action=org.freedesktop.udisks.*
ResultAny=yes
ResultInactive=no
ResultActive=yes |
However, it seems now the rules in the 01-my-polkit-udisks.pkla file are no longer honored. Previously the working file name was my-polkit-udisks.pkla, but I have even prefixed it with "01-" to try to make it work, just in case.
Am I missing something? I even re-emerged udisks, to no avail.
Any help is greatly appreciated.
Last edited by urcindalo on Thu Oct 11, 2012 11:38 am; edited 2 times in total |
|
Back to top |
|
|
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Tue Oct 09, 2012 4:00 pm Post subject: |
|
|
I downgraded to dbus-1.6.2 and the problem persists, so dbus is not to blame, at least alone.
This problem also happens on my laptop at home. I just checked. So now I have two different boxes screwed up by some dbus/udisks/policy very recent change/upgrade. |
|
Back to top |
|
|
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Thu Oct 11, 2012 11:35 am Post subject: |
|
|
It seems the problem is indeed the udisks .pkla rule in /etc/polkit-1/localauthority/50-local.d not being honored anymore.
When I change the org.freedesktop.udisks.filesystem-mount-system-internal rule in /usr/share/polkit-1/actions/org.freedesktop.udisks.policy to YES for allow_active I can mount internal partitions without being prompted for a password. This also means I'm correctly getting an active session, as shown by ck-list-sessions:
Code: | $ ck-list-sessions
Session1:
unix-user = '1000'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2012-10-11T10:46:12.928083Z'
login-session-id = '7' |
However, editing the org.freedesktop.udisks.filesystem-mount-system-internal rule is not the recommended way of achieving what I want.
What is failing?
Why my rule in /etc/polkit-1/localauthority/50-local.d is not working anymore?
Am I the only one suffering from this? |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
|
Back to top |
|
|
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Sat Oct 13, 2012 8:58 am Post subject: |
|
|
I solved it.
It wasn't simply a syntax change in the pkla file
I had to:
1) Place the rule in another directory, with a different suffix and a different syntax.
2) Correct the bad syntax in the polkit Gentoo Wiki example.
Just in case someone needs it, these are the steps to solve the issue:
1) Become root
2) Go to /etc/polkit-1/rules.d
3) Create a file like 99-udisks.rules with this content (assuming the user belongs to the wheel group): Code: | polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks.filesystem-mount-system-internal" &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
}); |
4) That's it
As a side note I really hope some people, when visiting a Doctor to get cured, were actually told what drugs to take instead of what Treaty of Medicine to study to cure themselves. |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Sat Oct 13, 2012 5:45 pm Post subject: |
|
|
I said you need to rewrite the rule into the new syntax, not the file.
While the change done by upstream in a quite annoying way, it was a documented change (well, kind of). |
|
Back to top |
|
|
|