You are not logged in.

#1 2009-03-06 20:35:12

potentials
Member
Registered: 2004-01-04
Posts: 130

Problems with HAL policies

I seem to have HAL policies problem.
If I login as user into gnome, volumes aren't auto-mounted. But if I login as root, they are auto-mounted.

moreover, If I login as user after logging as root, the volumes are already mounted and are accessible by the user.

HAL policies seem to allow everybody to "inoke methods on the Manager and Device interfaces"
Here's my /etc/dbus-1/system.d/hal.conf

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>

  <!-- This configuration file specifies the required security policies
       for the HAL to work. -->

  <!-- Only root or user hal can own the HAL service -->
  <policy user="hal">
    <allow own="org.freedesktop.Hal"/>
  </policy>
  <policy user="root">
    <allow own="org.freedesktop.Hal"/>
  </policy>

  <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
  <policy context="default">
    <allow send_interface="org.freedesktop.Hal.Manager"/>
    <allow send_interface="org.freedesktop.Hal.Device"/>
    <allow receive_interface="org.freedesktop.Hal.Manager"
           receive_sender="org.freedesktop.Hal"/>
    <allow receive_interface="org.freedesktop.Hal.Device"
           receive_sender="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
    <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
       receive_sender="org.freedesktop.Hal"/>
    <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
       receive_sender="org.freedesktop.Hal"/>
    <allow receive_interface="org.freedesktop.Hal.Device.Volume"
       receive_sender="org.freedesktop.Hal"/>
    <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
       receive_sender="org.freedesktop.Hal"/>
  </policy>

  <!-- Default policy for the exported interfaces; if PolicyKit is not used
       for access control you will need to modify this -->
  <policy context="default">
    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

</busconfig>

I've tried everything. I've added the user to hal, optical and storage groups but it didn't work.
Any ideas?

Last edited by potentials (2009-03-06 20:35:51)

Offline

#2 2009-03-06 20:50:34

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: Problems with HAL policies

If you haven't already, read the HAL article in the wiki. In particular the issues section. This sounds to me like a PolicyKit problem.

Offline

#3 2009-03-06 21:07:18

potentials
Member
Registered: 2004-01-04
Posts: 130

Re: Problems with HAL policies

I've added this to /etc/PolicyKit/PolicyKit.conf

               <match action="org.freedesktop.hal.storage.*">
                       <return result="yes"/>
               </match>
               <match action="hal-storage-mount-fixed-extra-options"> <!-- for internal devices mounted with extra options like a wished mount point -->
                       <return result="yes" />
               </match>
               <match action="hal-storage-mount-removable-extra-options"> <!-- for external devices mounted with extra options like a wished mount point -->
                       <return result="yes" />

Still not working ...

Offline

#4 2009-03-07 14:16:05

potentials
Member
Registered: 2004-01-04
Posts: 130

Re: Problems with HAL policies

potentials wrote:

I've added this to /etc/PolicyKit/PolicyKit.conf

               <match action="org.freedesktop.hal.storage.*">
                       <return result="yes"/>
               </match>
               <match action="hal-storage-mount-fixed-extra-options"> <!-- for internal devices mounted with extra options like a wished mount point -->
                       <return result="yes" />
               </match>
               <match action="hal-storage-mount-removable-extra-options"> <!-- for external devices mounted with extra options like a wished mount point -->
                       <return result="yes" />

Still not working ...

OK, the problem solved. I forgot to put the above lines in the config section of PolicyKit.conf.
Now that I've done that, it works fine.

Offline

Board footer

Powered by FluxBB