FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-13-2012, 05:14 PM
"Stefan G. Weichinger"
 
Default USB automount

Am 13.09.2012 18:41, schrieb Canek Peláez Valdés:

> It doesn't, but I was under the assumption it was because I'm using
> systemd. Since I installed gnome-shell-3.4 this has stopped working;
> my findings can be seen on the bug to freedesktop.org:
>
> https://bugs.freedesktop.org/show_bug.cgi?id=53905
>
> It hits not only USB mounting; it also hits suspend/hibernate (I'm no
> longer allowed to suspend as user), setting up printers, and basically
> everything related to polkit.

correct! Same stuff here ... additionally accessing libvirt (if compiled
with polkit).

> Could you run polkitd without the --no-debug option (I don't have
> OpenRC installed, nor /etc/init.d, so I don't know if that is how it's
> run under OpenRC) and see on the logs if you see the following?
>
> **
> ERRORolkitbackendjsauthority.c:730:subject_to_js val: code should not be
> reached

I wonder how to start it without that option. When I have Gnome running
and kill the polkit, then restart it ... I see it running but the last
line is:

Acquired the name org.freedesktop.PolicyKit1 on the system bus


> If so, please state it in the bug. David hasn't answered in three
> weeks; two of them he was at the Kernel Summit in San Diego, but I
> think it's time for me to nudge him again. An independent report
> should help.
>
> I'm running GNOME 3 unstable and with my systemd-only overlay, so I'm
> used to this kind of things happening from time to time. Also, it has
> easy workarounds (pmount, pm-suspend, etc.), so I haven't been really
> concerned into fixing it.

I fixed it by downgrading polkit afai remember (weeks ago).
Gave the new ebuild a try and still these issues.

S
 
Old 09-13-2012, 05:29 PM
Canek Peláez Valdés
 
Default USB automount

On Thu, Sep 13, 2012 at 12:14 PM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 13.09.2012 18:41, schrieb Canek Peláez Valdés:
>
>> It doesn't, but I was under the assumption it was because I'm using
>> systemd. Since I installed gnome-shell-3.4 this has stopped working;
>> my findings can be seen on the bug to freedesktop.org:
>>
>> https://bugs.freedesktop.org/show_bug.cgi?id=53905
>>
>> It hits not only USB mounting; it also hits suspend/hibernate (I'm no
>> longer allowed to suspend as user), setting up printers, and basically
>> everything related to polkit.
>
> correct! Same stuff here ... additionally accessing libvirt (if compiled
> with polkit).
>
>> Could you run polkitd without the --no-debug option (I don't have
>> OpenRC installed, nor /etc/init.d, so I don't know if that is how it's
>> run under OpenRC) and see on the logs if you see the following?
>>
>> **
>> ERRORolkitbackendjsauthority.c:730:subject_to_js val: code should not be
>> reached
>
> I wonder how to start it without that option. When I have Gnome running
> and kill the polkit, then restart it ... I see it running but the last
> line is:
>
> Acquired the name org.freedesktop.PolicyKit1 on the system bus

$ /usr/lib/polkit-1/polkitd --replace --no-debug

>> If so, please state it in the bug. David hasn't answered in three
>> weeks; two of them he was at the Kernel Summit in San Diego, but I
>> think it's time for me to nudge him again. An independent report
>> should help.
>>
>> I'm running GNOME 3 unstable and with my systemd-only overlay, so I'm
>> used to this kind of things happening from time to time. Also, it has
>> easy workarounds (pmount, pm-suspend, etc.), so I haven't been really
>> concerned into fixing it.
>
> I fixed it by downgrading polkit afai remember (weeks ago).
> Gave the new ebuild a try and still these issues.

I actually hadn't thought about downgrading polkit, since it was
working with the same version in GNOME 3.2. Or maybe it was a fluke
(the bug is reproducible, but sometimes I need to try several times).
I will try downgrading.

Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
 
Old 09-13-2012, 05:31 PM
Canek Peláez Valdés
 
Default USB automount

On Thu, Sep 13, 2012 at 12:14 PM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 13.09.2012 18:41, schrieb Canek Peláez Valdés:
>
>> It doesn't, but I was under the assumption it was because I'm using
>> systemd. Since I installed gnome-shell-3.4 this has stopped working;
>> my findings can be seen on the bug to freedesktop.org:
>>
>> https://bugs.freedesktop.org/show_bug.cgi?id=53905
>>
>> It hits not only USB mounting; it also hits suspend/hibernate (I'm no
>> longer allowed to suspend as user), setting up printers, and basically
>> everything related to polkit.
>
> correct! Same stuff here ... additionally accessing libvirt (if compiled
> with polkit).

Oh, BTW; I just run /usr/sbin/libvirtd --verbose as my user before
starting boxes; everything works. It also works invoking qemu by hand.

Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
 
Old 09-13-2012, 05:48 PM
Canek Peláez Valdés
 
Default USB automount

On Thu, Sep 13, 2012 at 12:29 PM, Canek Peláez Valdés <caneko@gmail.com> wrote:
[snip]
> I actually hadn't thought about downgrading polkit, since it was
> working with the same version in GNOME 3.2. Or maybe it was a fluke
> (the bug is reproducible, but sometimes I need to try several times).
> I will try downgrading.

Didn't work with 0.106-r7 (which I had to hunt from the Attic), and I
cannot downgrade to 0.104 since udisks:2 depends on it. So I suppose
we need to nudge David again.

Regards.
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
 
Old 09-13-2012, 05:54 PM
"Stefan G. Weichinger"
 
Default USB automount

Am 13.09.2012 19:29, schrieb Canek Peláez Valdés:

> $ /usr/lib/polkit-1/polkitd --replace --no-debug

I think you want debug ... so:


$ /usr/lib/polkit-1/polkitd --replace

right?

No additional output here, tried clicking user-menu (upper right) as
mentioned in your bug-report ...

>> I fixed it by downgrading polkit afai remember (weeks ago). Gave
>> the new ebuild a try and still these issues.
>
> I actually hadn't thought about downgrading polkit, since it was
> working with the same version in GNOME 3.2. Or maybe it was a fluke
> (the bug is reproducible, but sometimes I need to try several
> times). I will try downgrading.

I think it worked with the latest stable polkit.
Would have to retry, right now I have to leave my office ...

Thanks, Stefan
 
Old 09-13-2012, 05:55 PM
"Stefan G. Weichinger"
 
Default USB automount

Am 13.09.2012 19:31, schrieb Canek Peláez Valdés:

> Oh, BTW; I just run /usr/sbin/libvirtd --verbose as my user before
> starting boxes; everything works. It also works invoking qemu by hand.

I rebuilt libvirt without the polkit-USE-flag. Standalone box for
myself, unix-auth is enough ... IMO.

S
 
Old 09-13-2012, 06:08 PM
"Stefan G. Weichinger"
 
Default USB automount

Am 13.09.2012 19:48, schrieb Canek Peláez Valdés:
> On Thu, Sep 13, 2012 at 12:29 PM, Canek Peláez Valdés <caneko@gmail.com> wrote:
> [snip]
>> I actually hadn't thought about downgrading polkit, since it was
>> working with the same version in GNOME 3.2. Or maybe it was a fluke
>> (the bug is reproducible, but sometimes I need to try several times).
>> I will try downgrading.
>
> Didn't work with 0.106-r7 (which I had to hunt from the Attic), and I
> cannot downgrade to 0.104 since udisks:2 depends on it. So I suppose
> we need to nudge David again.

Yes, that conflict sounds familiar ... I hit that one also!

S
 
Old 09-13-2012, 06:56 PM
Canek Peláez Valdés
 
Default USB automount

On Thu, Sep 13, 2012 at 1:08 PM, Stefan G. Weichinger <lists@xunil.at> wrote:
> Am 13.09.2012 19:48, schrieb Canek Peláez Valdés:
>> On Thu, Sep 13, 2012 at 12:29 PM, Canek Peláez Valdés <caneko@gmail.com> wrote:
>> [snip]
>>> I actually hadn't thought about downgrading polkit, since it was
>>> working with the same version in GNOME 3.2. Or maybe it was a fluke
>>> (the bug is reproducible, but sometimes I need to try several times).
>>> I will try downgrading.
>>
>> Didn't work with 0.106-r7 (which I had to hunt from the Attic), and I
>> cannot downgrade to 0.104 since udisks:2 depends on it. So I suppose
>> we need to nudge David again.
>
> Yes, that conflict sounds familiar ... I hit that one also!

I took another look at polkit's and gnome-shell's source code. I
didn't do it before since I have work to do and (as I said) the
problems are somewhat workaroundables. After looking at the code, the
plot thickens:

gnome-shell registers itself to polkit as a PolkitUnixSession:

http://git.gnome.org/browse/gnome-shell/tree/src/shell-polkit-authentication-agent.c?id=3.4.2#n106

polkit will not deal with that in subject_to_jsval:

http://cgit.freedesktop.org/polkit/tree/src/polkitbackend/polkitbackendjsauthority.c?id=0.107#n730

The funny thing? Both code paths were written by David Zeuthen, which
by the way is the one handling the bug.

It gets better: I changed gnome-shell's code so it registers itself as
PolkitUnixProcess (which supposedly is handled by subject_to_jsval),
and I put printf's in the function subject_to_jsval. It turns out
that, no matter that it actually gets registered as unix-process,
gnome-shell it's also registered (at some point) as unix-session.

My feeling is that gnome-shell should get registered as
system-bus-name (which it does), and that should be the "primary"
interface of gnome-shell for polkit. However, in Gentoo (I haven't
found any other mention of this bug in any other distro), somehow the
unix-session interface takes control.

I updated the bug:

https://bugs.freedesktop.org/show_bug.cgi?id=53905

and I hope David will respond soon.

Regards
--
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México
 
Old 09-13-2012, 11:41 PM
"Walter Dnes"
 
Default USB automount

On Thu, Sep 13, 2012 at 09:19:19AM -0500, Canek Pel??ez Vald??s wrote
> On Thu, Sep 13, 2012 at 1:50 AM, Walter Dnes <waltdnes@waltdnes.org> wrote:

> > A normal user can pumount *WHAT THAT SAME USER* has pmounted. Now try
> > for a general solution.
>
> The general solution is using something like udisks+polkit. That is a
> true general solution; otherwise you end up like the author of
> calibre, with a security mess on his hands:
>
> https://bugs.launchpad.net/calibre/+bug/885027

To expand on what Neil said...
* my configuration does not use suid. It passes a parameter to a script
that runs under sudo
* pmount and pumount are abreviations for "policy mount" and "policy
umount". It has its own security policy, namely that it will only
mount/unmount devices in /media

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
 
Old 09-14-2012, 05:42 AM
"Stefan G. Weichinger"
 
Default USB automount

Am 2012-09-13 20:56, schrieb Canek Peláez Valdés:
> On Thu, Sep 13, 2012 at 1:08 PM, Stefan G. Weichinger <lists@xunil.at> wrote:
>> Am 13.09.2012 19:48, schrieb Canek Peláez Valdés:
>>> On Thu, Sep 13, 2012 at 12:29 PM, Canek Peláez Valdés <caneko@gmail.com> wrote:
>>> [snip]
>>>> I actually hadn't thought about downgrading polkit, since it was
>>>> working with the same version in GNOME 3.2. Or maybe it was a fluke
>>>> (the bug is reproducible, but sometimes I need to try several times).
>>>> I will try downgrading.
>>>
>>> Didn't work with 0.106-r7 (which I had to hunt from the Attic), and I
>>> cannot downgrade to 0.104 since udisks:2 depends on it. So I suppose
>>> we need to nudge David again.
>>
>> Yes, that conflict sounds familiar ... I hit that one also!
>
> I took another look at polkit's and gnome-shell's source code. I
> didn't do it before since I have work to do and (as I said) the
> problems are somewhat workaroundables. After looking at the code, the
> plot thickens:
>
> gnome-shell registers itself to polkit as a PolkitUnixSession:
>
> http://git.gnome.org/browse/gnome-shell/tree/src/shell-polkit-authentication-agent.c?id=3.4.2#n106
>
> polkit will not deal with that in subject_to_jsval:
>
> http://cgit.freedesktop.org/polkit/tree/src/polkitbackend/polkitbackendjsauthority.c?id=0.107#n730
>
> The funny thing? Both code paths were written by David Zeuthen, which
> by the way is the one handling the bug.
>
> It gets better: I changed gnome-shell's code so it registers itself as
> PolkitUnixProcess (which supposedly is handled by subject_to_jsval),
> and I put printf's in the function subject_to_jsval. It turns out
> that, no matter that it actually gets registered as unix-process,
> gnome-shell it's also registered (at some point) as unix-session.
>
> My feeling is that gnome-shell should get registered as
> system-bus-name (which it does), and that should be the "primary"
> interface of gnome-shell for polkit. However, in Gentoo (I haven't
> found any other mention of this bug in any other distro), somehow the
> unix-session interface takes control.
>
> I updated the bug:
>
> https://bugs.freedesktop.org/show_bug.cgi?id=53905
>
> and I hope David will respond soon.

Great to hear, thanks so far.
Looking forward to his reply ....

Stefan
 

Thread Tools




All times are GMT. The time now is 07:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org