[opensuse-factory] Adding udisks2 polkit privileges
Hi! I hope Vincent can clarify this. I want to add the following polkit rules in 12.2 kdebase3 package which are needed for its new Udisks2 backend written by Serghei Amelian recently: === Action=org.freedesktop.udisks2.* ResultAny=yes ResultInactive=yes ResultActive=yes === Can I add this rules file to my package? Or this is already implemented in 12.2? Without these rules the backend does not work properly. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat, Jun 02, 2012 at 08:34:51AM +0400, Ilya Chernykh wrote:
Hi!
I hope Vincent can clarify this.
I want to add the following polkit rules in 12.2 kdebase3 package which are needed for its new Udisks2 backend written by Serghei Amelian recently:
=== Action=org.freedesktop.udisks2.* ResultAny=yes ResultInactive=yes ResultActive=yes ===
Can I add this rules file to my package?
No. You should have figured out that "Yes" means that all users are allowed to do all udisks2 actions, which include all kind of fstab modifcations. And that this basically means full root access for all users. So it is not allowed.
Or this is already implemented in 12.2?
No.
Without these rules the backend does not work properly.
The standard file should work, if you have working console management (I think it should be there if you use gdm or kdm4 or xdm). Do you have a policy kit agent for kde3, or can you use either the kde4 or gnome one? (cross check what xfce does) Then your policy change is not required. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 03 June 2012 22:04:20 Marcus Meissner wrote:
Hi!
I hope Vincent can clarify this.
I want to add the following polkit rules in 12.2 kdebase3 package which are needed for its new Udisks2 backend written by Serghei Amelian recently:
=== Action=org.freedesktop.udisks2.* ResultAny=yes ResultInactive=yes ResultActive=yes ===
Can I add this rules file to my package?
No.
You should have figured out that "Yes" means that all users are allowed to do all udisks2 actions, which include all kind of fstab modifcations.
And that this basically means full root access for all users.
So it is not allowed.
Or this is already implemented in 12.2?
No.
Without these rules the backend does not work properly.
The standard file should work, if you have working console management (I think it should be there if you use gdm or kdm4 or xdm).
Do you have a policy kit agent for kde3, or can you use either the kde4 or gnome one? (cross check what xfce does)
Then your policy change is not required.
Does use of policy kit agent mean that upon mounting an USB drive or a CD the user should be asked a root password? This is not what is desired. The intent is to make them auto-mount. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Mon, Jun 04, 2012 at 10:33:06AM +0400, Ilya Chernykh wrote:
On Sunday 03 June 2012 22:04:20 Marcus Meissner wrote:
Hi!
I hope Vincent can clarify this.
I want to add the following polkit rules in 12.2 kdebase3 package which are needed for its new Udisks2 backend written by Serghei Amelian recently:
=== Action=org.freedesktop.udisks2.* ResultAny=yes ResultInactive=yes ResultActive=yes ===
Can I add this rules file to my package?
No.
You should have figured out that "Yes" means that all users are allowed to do all udisks2 actions, which include all kind of fstab modifcations.
And that this basically means full root access for all users.
So it is not allowed.
Or this is already implemented in 12.2?
No.
Without these rules the backend does not work properly.
The standard file should work, if you have working console management (I think it should be there if you use gdm or kdm4 or xdm).
Do you have a policy kit agent for kde3, or can you use either the kde4 or gnome one? (cross check what xfce does)
Then your policy change is not required.
Does use of policy kit agent mean that upon mounting an USB drive or a CD the user should be asked a root password?
No.
This is not what is desired. The intent is to make them auto-mount.
To make it work correctly, you need first ConsoleKit session setup support, and the policykit agent is for when the root password is needed. If your desktop is correctly marking its console sessions, via the ConsoleKit framework, then no, there is no permission required to mount USB disks or CDs. The ConsoleKit handling is the responsibility of either the display manager (xdm, kdm4, gdm have support for it) or can be explicitly set in the PAM snippet of your service. You can check if this is done by doing: $ ck-list-sessions which should print something like: Session1: unix-user = '1000' realname = 'Marcus Meissner' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = TRUE on-since = '2012-06-04T04:44:46.209182Z' login-session-id = '4294967295' Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 04 June 2012 10:42:13 you wrote:
You can check if this is done by doing:
$ ck-list-sessions
which should print something like:
Session1: unix-user = '1000' realname = 'Marcus Meissner' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = TRUE on-since = '2012-06-04T04:44:46.209182Z' login-session-id = '4294967295'
Under KDE3 session I have similar output: Session1: unix-user = '1000' realname = 'anixx' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = TRUE on-since = '2012-06-04T13:43:07.686552Z' login-session-id = '4294967295' Still Udisks2 backend fails to function properly without the modified polkit policy. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Ilya Chernykh -
Marcus Meissner