[Pkg-xfce-devel] Bug#658284: Bug#658284: xfce4-session: Please review README.Debian

Michael Biebl biebl at debian.org
Wed Feb 1 23:22:32 UTC 2012 

On 01.02.2012 23:50, Brian Potkin wrote:
> On Wed 01 Feb 2012 at 22:36:22 +0100, Michael Biebl wrote:
> 
>>> On mer., 2012-02-01 at 19:54 +0000, Brian Potkin wrote:
>>>>
>>>> In brief: /etc/polkit-1/localauthority/50-local.d/ seems to the place to
>>>> inform Policykit about local policy, so one solution would be for the
>>>> user to put .pkla files there. An example might be:
>>>>
>>>>    [udisks]
>>>>    Identity=unix-group:plugdev
>>>>    Action=org.freedesktop.udisks*
>>>>    ResultAny=yes
>>
>> I wouldn't recommend doing that.
> 
> I'd be interested in knowing why. Is it using 50-local.d for this
> purpose or something in the structure of the example which is not
> acceptable.

The purpose of the plugdev group was previously defined as allowing
users to mount removable media.

By granting access to org.freedesktop.udisks* merely by being member of
that group, those users can now format your system drive. I don't think
you want that.

And there's a lot of other stuff which won't work if your session is not
marked as active, like network-manager, packagekit, upower, etc...

Basically everything which has <allow_active>yes</allow_active> in
/usr/share/polkit-1/actions/.

It just isn't feasible anymore to workaround that by creating groups for
all those different purposes and adding users manually.

So all in all I don't think it's a good idea to document such a
workaround as a somehow "blessed" method to deal with this.

For now, I'd just recommend to use a supported display manager.

The problem with startx resp. the 90consolekit script is, that it is run
as unprivileged user and CK no longer trusts this context.
That said, I don't think this problem is unfixable. I guess what it
requires is that the PAM stack is setting up the right context so CK can
trust it.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20120202/daa17457/attachment.pgp>

More information about the Pkg-xfce-devel mailing list