Re: PolicyKit and new HAL?

To: Christian Weeks <christian.weeks@oracle.com>
Cc: debian-gtk-gnome@lists.debian.org
Subject: Re: PolicyKit and new HAL?
From: Michael Biebl <biebl@debian.org>
Date: Wed, 08 Aug 2007 01:10:46 +0200
Message-id: <[🔎] 46B8FBF6.4060006@debian.org>
In-reply-to: <[🔎] 1186510651.6123.12.camel@cweeks-lap>
References: <[🔎] 1186510651.6123.12.camel@cweeks-lap>

Christian Weeks schrieb:
> Hi
> I've just noticed that recent HAL changes have broken the click to mount
> of nautilus.
> 
> When I click any hard disk type device, I now get a fun and useful popup
> and the disk doesn't mount:
> 
> "Cannot mount volume."
> "Error org.freedesktop.Hal.Device.PermissionDeniedByPolicy."
> Details: "hal-storage-fixed-mount refused uid 1000" (1000 is me)
> 
>>From the hal (0.5.9-1) changelog:
>     - debian/patches/55_nonpolkit-mount-policy.patch
> (containing this):
> +        /* root can do everything; only allow handling removable
> devices
> +         * without uid change to non-root users */
> +        if (!invoked_by_uid || strcmp(invoked_by_uid, "0"))
> +                if (!privilege || strcmp (privilege,
> "hal-storage-removable-mount"))
> +                        permission_denied_privilege (privilege,
> invoked_by_uid);
> 
> So, in summary, it appears a whole new privileges system has arrived.
> Except that I cannot control it. A bit of research indicates that the
> "PolicyKit" is supposed to manage these privileges. Is there any
> information on when policykit is going to be debianised? I looked at the
> pkg-utopia svn repository and there is nothing there that appears to be
> ready- or even recent (several months have passed since the last code
> commit).
> 
> If PolicyKit is going to be some time in development, could we at least
> fall back to where we were before this patch: i.e. anyone can mount
> anything? Or do I have to install etch's hal (and all that pain) to
> bring back what I want?
> 
> PS. Command line solutions are all well and good, but what the point of
> the UI then?
> 

It would be a non negligible security risk, if every user could mount
all non-removable (fixed) devices. If you want to allow that, configure
your fixed mount points via /etc/fstab (with the user option).

For removable devices (external usb drives, cd-rom etc), everything
should work out of the box.

If and when PolicyKit will land in Debian, I can't tell yet. First it
has to mature. It changed quite a lot during the last months and simply
was/is to much in flux to be packaged.

Michael




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- PolicyKit and new HAL?
  - From: Christian Weeks <christian.weeks@oracle.com>

Prev by Date: PolicyKit and new HAL?
Next by Date: Poor nautilus/libgnomevfs2 performance for network transfers
Previous by thread: PolicyKit and new HAL?
Next by thread: Poor nautilus/libgnomevfs2 performance for network transfers
Index(es):
- Date
- Thread