You are not logged in.

#1 2012-09-17 02:36:25

jlindgren
Member
Registered: 2011-02-27
Posts: 256

[SOLVED] polkit 0.107 breakage

After upgrading polkit from 0.105-1 to 0.107-2, everything using polkit is broken on my system.

/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 prints this on startup and immediately exits:
(polkit-gnome-authentication-agent-1:446): polkit-gnome-1-WARNING **: Unable to determine the session we are in: No session for pid 446

Trying to disconnect from my wireless network using Gnome's NetworkManager says:
Device disconnect failed
(32) org.freedesktop.NetworkManager.network-control request failed: not authorized

Trying to mount the SD card from my camera in Thunar says:
Failed to mount "2.0 GB Volume".
Not authorized to perform operation.

I've downgraded to 0.105 and everything is fine again for the moment, but I'm hoping someone can tell me what I need to do to set up the new version correctly.  Here is some info about my current setup:

I am using systemd to boot and a very simple login manager (not PAM- or ConsoleKit-aware) to start X11 and then XFCE ("ck-launch-session xfce4-session").  Since switching my system over to systemd, I have had to use the workaround described in this post: https://bbs.archlinux.org/viewtopic.php … 2#p1122362 to make NetworkManager work.  Normally, I do not run polkit-gnome-authentication-agent-1 at login (I would rather use sudo for anything that requires a password, thanks).  Instead, I have the following config file installed at /etc/polkit-1/localauthority/50-local.d/local.pkla so that any user in the network group can add/remove networks and any user in the storage group can mount/unmount removable devices: http://pastebin.com/4cK0j84C.  Output of ck-list-sessions: http://pastebin.com/gVPQSSrV.

* Rant *

Truth be told, I am sick of polkit and wish it would die.  It has caused me nothing but headaches since it first crept onto my Linux boxes a couple (?) of years ago.  XFCE used to use the simple pmount command to mount removable devices, and it worked beautifully.  Network configuration could be a whole lot simpler also.  Why not just make the necessary devices/files accessible by the network group?

Last edited by jlindgren (2012-09-18 00:51:13)

Offline

#2 2012-09-17 02:39:13

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: [SOLVED] polkit 0.107 breakage

jlindgren wrote:

I am using systemd to boot and a very simple login manager (not PAM- or ConsoleKit-aware)

That would be your problem. If you're booting with systemd, polkit will insist on using logind for authentication. You shouldn't be expecting a fallback on consolekit, and since you are avoiding PAM for login, you're out of luck.

Offline

#3 2012-09-17 02:44:20

jlindgren
Member
Registered: 2011-02-27
Posts: 256

Re: [SOLVED] polkit 0.107 breakage

Will using PAM for login be enough to fix the problem, then?  I've avoided it up to now because the API seems needlessly complex, but if it's considered "required" to have a functioning Linux system then I will look into it again.

Offline

#4 2012-09-17 02:49:35

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: [SOLVED] polkit 0.107 breakage

Yes, PAM is all you need. If you want to keep your login simple, I wrote a blog post on using startx with systemd:

http://blog.falconindy.com/articles/bac … stemd.html

Offline

#5 2012-09-17 02:55:04

jlindgren
Member
Registered: 2011-02-27
Posts: 256

Re: [SOLVED] polkit 0.107 breakage

Thanks for the quick replies! I am using a homegrown GUI login manager rather than startx, but hopefully it will not be too difficult to integrate PAM into it.

Offline

#6 2012-09-17 03:09:30

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: [SOLVED] polkit 0.107 breakage

@falconindy: or directly using fgconsole from [kbd] at xserverrc :

vt=$(fgconsole) && exec /usr/bin/X -nolisten tcp "vt$vt" "$@"

Offline

#7 2012-09-17 03:29:39

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: [SOLVED] polkit 0.107 breakage

djgera wrote:

@falconindy: or directly using fgconsole from [kbd] at xserverrc :

vt=$(fgconsole) && exec /usr/bin/X -nolisten tcp "vt$vt" "$@"

Yeah, I only found fgconsole after writing the post. I blame the poor naming convention. kbd includes chvt, why not getvt?

Offline

#8 2012-09-17 06:37:42

Awebb
Member
Registered: 2010-05-06
Posts: 6,275

Re: [SOLVED] polkit 0.107 breakage

My X on vt7 is auto-started on tty6 (like it's described n the autologin article in the wiki) and I have no problems with authentication whatsoever. How can I check, if it really works or if I just don't have any trouble with it?

Offline

#9 2012-09-17 12:41:35

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: [SOLVED] polkit 0.107 breakage

loginctl show-session <current-session-id>

Id=1
Timestamp=Sun, 16 Sep 2012 21:29:23 -0400
TimestampMonotonic=5220179
DefaultControlGroup=name=systemd:/user/noclaf/1
VTNr=1
TTY=tty1
Remote=no
Service=login
Leader=346
Audit=1
Type=tty
Class=user
Active=yes
State=active
KillProcesses=no
IdleHint=yes
IdleSinceHint=1347846127941326
IdleSinceHintMonotonic=752872250
Name=noclaf

I think the magic bits are "Remote=no" and "Active=yes". The only fallout of the method I've described here is that loginctl now thinks my session is still a TTY session ("Type=tty" and "Service=login"). I've yet to see any bad behavior because of this, though.

Offline

#10 2012-09-17 17:33:26

Awebb
Member
Registered: 2010-05-06
Posts: 6,275

Re: [SOLVED] polkit 0.107 breakage

I see. If I call it from tty6 to vt7, it's "Active=no". Thanks for the insight.

Offline

#11 2012-09-18 00:54:02

jlindgren
Member
Registered: 2011-02-27
Posts: 256

Re: [SOLVED] polkit 0.107 breakage

I added basic PAM support to my login manager and everything works again now.  I don't even need the NetworkManager workaround any longer.  @falconindy, thanks again for your help; I'm marking this thread as solved.

Offline

Board footer

Powered by FluxBB