You are not logged in.

#1 2009-05-22 16:34:11

Mr.Cat
Member
Registered: 2008-09-27
Posts: 79

Whatta hell is going on with policykit?

Policykit has been quite a paranoid recently. Many of you may recall those automount issues, which could be solved by adding some entries to PolicyKit.conf. And now (http://bbs.archlinux.org/viewtopic.php?pid=557089) policykit seems to interfere with powersaving daemons (a couple of months ago I tried KDE4 - and powerdevil was fully functional out of the box - dunno, whether it still is).

So, what do we have for now? Many arch wiki articles (most notably - beginner's guide) claim that adding the user to "power", "storage" and similar groups is enough to grant that user access to power management mounting and etc. Other articles/forum topics mention policykit issues and offer different workarounds (i.e. either PolicyKit.conf hacking or consolekit hacking).

So, does anybody know, what is going with policykit? Why is it being paranoid? What is the right way to configure it (editing PolicyKit.conf seems a irty hack for me)?

Also I think we should update the beginner's guide to include policykit configuration, shouldn't we?

Offline

#2 2009-05-22 17:11:28

whoops
Member
Registered: 2009-03-19
Posts: 891

Re: Whatta hell is going on with policykit?

I think policykit is currently on its way to a mental breakdown and we shouldn't encourage it by giving it too much attention. Just ignore it, it will eventually go away. Updating guides will just make it feel like it's right - no need to do that, as long as policykit still seems to be in the middle of those issues/changes - and the resulting errors usually aren't so bad one can't still do mostly everything (and look into recent forum threads if it gets to annoying to use sudo etc.).

Also, I've got no idea - like at all (ok, should have written that first).

Offline

#3 2009-05-22 18:49:19

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Whatta hell is going on with policykit?

Mr.Cat wrote:

Also I think we should update the beginner's guide to include policykit configuration, shouldn't we?

Why, you can live w/o it. And w/o consolekit, hal ... :-)

Offline

#4 2009-05-22 18:55:29

ozar
Member
From: USA
Registered: 2005-02-18
Posts: 1,686

Re: Whatta hell is going on with policykit?

There certainly are lots of *-kits in the overall picture these days.  It shouldn't be long before we'll be needing a kit-kit package.  lol


oz

Offline

#5 2009-05-22 20:39:43

Mr.Cat
Member
Registered: 2008-09-27
Posts: 79

Re: Whatta hell is going on with policykit?

karol wrote:
Mr.Cat wrote:

Also I think we should update the beginner's guide to include policykit configuration, shouldn't we?

Why, you can live w/o it. And w/o consolekit, hal ... :-)

I agree, that an experienced archer can live without hal and *kits, but when it comes to an arch newbie, beginner's guide encourages him to use hal - i.e. for hotplugging (and this is really handy - with hal you are likely not to need a xorg.conf any more). Besides such kde and gnome components as volume managers and power managers rely on hal. That is why in my opinion beginner's guide should cover those *kits configuration.

Offline

#6 2009-05-22 20:55:28

Mr.Cat
Member
Registered: 2008-09-27
Posts: 79

Re: Whatta hell is going on with policykit?

whoops wrote:

I think policykit is currently on its way to a mental breakdown and we shouldn't encourage it by giving it too much attention. Just ignore it, it will eventually go away.

Well, that is what I'm trying to decide - whether to ignore those *kits or to learh how to use them. I haven't figured out much about them yet and that is why I am asking for clarification.

For now it sems to me, that hal tries to provide an api for common hardware related tasks and policykit is intended to control access to those apis. And that is the point where I'm confused. Access control on per-user or per-group basis imho is not worth this whole hal+*kits infrastructure. So it seems to me that policykit is intended for per-application access control, since that could be a worthy goal. But hacking policykit.conf with those "<match user=" we break the possibility of per-application access control and return to per-user access control. So that is why I'm asking about a proper way to configure those *kits. It is not possible to evaluate their features unles we learn to use them.

Offline

#7 2009-05-22 21:27:58

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Whatta hell is going on with policykit?

Mr.Cat wrote:

It is not possible to evaluate their features unles we learn to use them.

I simply don't need them. I use Firefox, because elinks is not enough, but I haven't felt any loss dropping hal. Besides, consolekit spawned 59 processes for root, so I got rid of it ;P

Offline

#8 2009-05-22 23:56:26

SomeGuyDude
Member
Registered: 2008-10-09
Posts: 271

Re: Whatta hell is going on with policykit?

For the record, something apparently exploded recently with something or other, because I can't mount any USB drives any more. NONE of the workarounds make it happen.


And in the midst of such perfection,
I can't help but feel diseased.

Offline

#9 2009-05-23 00:19:06

Themaister
Member
From: Trondheim, Norway
Registered: 2008-07-21
Posts: 652
Website

Re: Whatta hell is going on with policykit?

Btw, is there a good way of automounting volumes, without hal, and without needing root to write to the automounted volumes?

Offline

#10 2009-05-23 00:35:49

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Whatta hell is going on with policykit?

SomeGuyDude wrote:

For the record, something apparently exploded recently with something or other, because I can't mount any USB drives any more. NONE of the workarounds make it happen.

Temp. fix: downgrade the culprit. How to find out which package is it - search your (pacman?) logs. When found & verified, file a bug report.
Thank you.

http://bbs.archlinux.org/viewtopic.php?id=64026
Do those tips help?

Last edited by karol (2009-05-23 00:41:23)

Offline

#11 2009-05-23 12:59:57

Mr.Cat
Member
Registered: 2008-09-27
Posts: 79

Re: Whatta hell is going on with policykit?

Themaister wrote:

Btw, is there a good way of automounting volumes, without hal, and without needing root to write to the automounted volumes?

You may try autofs.

Offline

#12 2009-05-23 15:00:11

thayer
Fellow
From: Vancouver, BC
Registered: 2007-05-20
Posts: 1,560
Website

Re: Whatta hell is going on with policykit?

Mr.Cat wrote:
Themaister wrote:

Btw, is there a good way of automounting volumes, without hal, and without needing root to write to the automounted volumes?

You may try autofs.

Some simple udev rules can do the trick as well for most tasks...

[thayer@dublin:~]$ cat /etc/udev/rules.d/10-my-udev.rules:

# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:
#
# /etc/udev/rules.d/10-my-udev.rules

# automount usb block devices
KERNEL=="sd[b-z]", NAME="%k", SYMLINK+="usb_%k", GROUP="users", OPTIONS="last_rule" 
ACTION=="add", KERNEL=="sd[b-z][0-9]", SYMLINK+="usb_%k", GROUP="users", NAME="%k" 
ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/mkdir -p /media/usb_%k" 
ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/ln -s /media/usb_%k /mnt/usbhd-%k" 
ACTION=="add", KERNEL=="sd[b-z][0-9]", PROGRAM=="/lib/udev/vol_id -t %N", RESULT=="vfat", RUN+="/bin/mount -t vfat -o rw,users,noauto,flush,quiet,nodev,nosuid,noexec,noatime,dmask=000,fmask=111 /dev/%k /media/usb_%k", OPTIONS="last_rule" 
ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/mount -t auto -o rw,users,noauto,sync,dirsync,noexec,nodev,noatime /dev/%k /media/usb_%k", OPTIONS="last_rule" 
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rm -f /mnt/usb_%k" 
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/umount -l /media/usb_%k" 
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rmdir /media/usb_%k", OPTIONS="last_rule"

# automount card reader devices
KERNEL=="mmcblk[0-9]", NAME="%k", SYMLINK+="card_%k", GROUP="users", OPTIONS="last_rule" 
ACTION=="add", KERNEL=="mmcblk[0-9]p[0-9]", SYMLINK+="card_%k", GROUP="users", NAME="%k" 
ACTION=="add", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/mkdir -p /media/card_%k" 
ACTION=="add", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/ln -s /media/card_%k /mnt/card-%k" 
ACTION=="add", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/mount -t vfat -o rw,users,noauto,flush,quiet,nodev,nosuid,noexec,noatime,dmask=000,fmask=111 /dev/%k /media/card_%k", OPTIONS="last_rule" 
ACTION=="remove", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/rm -f /mnt/card_%k" 
ACTION=="remove", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/umount -l /media/card_%k" 
ACTION=="remove", KERNEL=="mmcblk[0-9]p[0-9]", RUN+="/bin/rmdir /media/card_%k", OPTIONS="last_rule"

Check out the udev archwiki article for details...


thayer williams ~ cinderwick.ca

Offline

#13 2009-05-23 15:49:58

Themaister
Member
From: Trondheim, Norway
Registered: 2008-07-21
Posts: 652
Website

Re: Whatta hell is going on with policykit?

SomeGuyDude wrote:

For the record, something apparently exploded recently with something or other, because I can't mount any USB drives any more. NONE of the workarounds make it happen.

Try the hal 0.5.11-4 package. (0.5.11-7 and onwards have been troubled)

Offline

#14 2009-05-23 20:03:06

SomeGuyDude
Member
Registered: 2008-10-09
Posts: 271

Re: Whatta hell is going on with policykit?

I just installed hal-easy from the AUR. Works seamlessly.


And in the midst of such perfection,
I can't help but feel diseased.

Offline

#15 2009-05-24 19:50:52

reverie
Member
From: Denmark
Registered: 2006-03-02
Posts: 59
Website

Re: Whatta hell is going on with policykit?

One way to ignore policykit is to put the following in /etc/PolicyKit/PolicyKit.conf

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<config version="0.1">
 <return result="yes"/>
</config>

Remember to restart hal.

Offline

#16 2009-05-27 06:39:25

Mr.Cat
Member
Registered: 2008-09-27
Posts: 79

Re: Whatta hell is going on with policykit?

Seems, that archers really prefer to ignore hal and *kits: either not to use them at all or at least not to bother themselves with setting up all those *kits. So do I. For now I'm using hal for hotplugging and automounting only and going to start using autofs intead of pcmanfm for automounting.

Offline

#17 2009-05-27 11:22:04

Primoz
Member
From: Ljubljana-Slovena-EU
Registered: 2009-03-04
Posts: 688

Re: Whatta hell is going on with policykit?

Could policykt be the problem that I can't automount NTFS ecternal drive from KDE?
I have to use umount. This problem started after I went from 32 to 64 bit..
In 32bit I was able to get it working with HAL ntfs policy rule...

I'm just curious as I did a workaround this problem, but I would still prefer if it could be mounted from KDE GUI...


Arch x86_64 ATI AMD APU KDE frameworks 5
---------------------------------
Whatever I do, I always end up with something horribly mis-configured.

Offline

#18 2009-05-27 12:21:30

SomeGuyDude
Member
Registered: 2008-10-09
Posts: 271

Re: Whatta hell is going on with policykit?

Mr.Cat wrote:

Seems, that archers really prefer to ignore hal and *kits: either not to use them at all or at least not to bother themselves with setting up all those *kits. So do I. For now I'm using hal for hotplugging and automounting only and going to start using autofs intead of pcmanfm for automounting.

Yeah, policykit is a real pile. I understand why it's there, but not being able to access an external drive as a user causes SO many extra headaches.

Primoz, that's most likely your problem. Again, try hal-easy from the AUR and see what happens.


And in the midst of such perfection,
I can't help but feel diseased.

Offline

#19 2009-05-27 12:27:46

Primoz
Member
From: Ljubljana-Slovena-EU
Registered: 2009-03-04
Posts: 688

Re: Whatta hell is going on with policykit?

SomeGuyDude wrote:

Primoz, that's most likely your problem. Again, try hal-easy from the AUR and see what happens.

Thanks! I might try. As I mentioned before I've somehow resolved it, but still if I'll get sick of CLI mouting I'll try hal-easy; as it sounds interesting...


Arch x86_64 ATI AMD APU KDE frameworks 5
---------------------------------
Whatever I do, I always end up with something horribly mis-configured.

Offline

Board footer

Powered by FluxBB