Summary: | app-emulation/libvirt with latest sys-auth/polkit and the problem of converting XML .pkla rules to JS .rules file(s) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | lsching17 |
Component: | [OLD] Core system | Assignee: | Doug Goldstein (RETIRED) <cardoe> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
xfce4.10 session autostart
authenication_dialog libvirt policy |
Description
lsching17
2012-10-11 01:13:21 UTC
Created attachment 326246 [details]
xfce4.10 session autostart
Created attachment 326248 [details]
authenication_dialog
Created attachment 326250 [details]
libvirt policy
See this commit: http://cgit.freedesktop.org/polkit/commit/?id=8dc28b8939f4e02a6de69d50fa3509e33f64335e "This is polkit 0.106. There's a major change in this release which is a switch from .pkla files (keyfile-format) to .rules files (JavaScript)" A new javascript rule like this may work for you: polkit.addRule(function(action, subject) { if (action.id == "org.libvirt.unix.manage" && subject.isInGroup("zusers")) { return "yes"; } }); placed in: /usr/share/polkit-1/rules.d/99-authfoo.rules Soory to misjudeg this version as a crap. But i am unware of this fundamental change, and the "man pklocalauthority" is outdated. Is the "/etc/polkit-1/localauthority" folder obsolete? (In reply to comment #5) > Is the "/etc/polkit-1/localauthority" folder obsolete? I don´t have any further information on this, for me that old path doesn´t work anymore. /etc/polkit-1/localauthority/50-local.d is obsolete and the .pkla files with it, and replaced by JavaScript based rules in /etc/polkit-1/rules.d/99-foobar.rules I don't see how this is a polkit bug, since the change was done it purpose, so moving to libvirt maintainers: See how .pkla are converted to .rules in net-misc/networkmanager and net-misc/modemmanager ebuilds in Portage if you need an example. "man polkit" will also tell how the .rules files work. (In reply to comment #7) > /etc/polkit-1/localauthority/50-local.d is obsolete and the .pkla files with > it, > and replaced by JavaScript based rules in > /etc/polkit-1/rules.d/99-foobar.rules > > I don't see how this is a polkit bug, since the change was done it purpose, > so moving to libvirt maintainers: See how .pkla are converted to .rules in > net-misc/networkmanager and net-misc/modemmanager ebuilds in Portage if you > need an example. "man polkit" will also tell how the .rules files work. So basically we bumped polkit which uses completely incompatible files and didn't put blockers in all the users of polkit? So now I need to put blockers for !>=polkit-0.106 in all existing versions of libvirt and make a new ebuild for one that supports the newer files? Ah more David Z crappy software and design changes. (In reply to comment #8) > (In reply to comment #7) > > /etc/polkit-1/localauthority/50-local.d is obsolete and the .pkla files with > > it, > > and replaced by JavaScript based rules in > > /etc/polkit-1/rules.d/99-foobar.rules > > > > I don't see how this is a polkit bug, since the change was done it purpose, > > so moving to libvirt maintainers: See how .pkla are converted to .rules in > > net-misc/networkmanager and net-misc/modemmanager ebuilds in Portage if you > > need an example. "man polkit" will also tell how the .rules files work. > > So basically we bumped polkit which uses completely incompatible files and > didn't put blockers in all the users of polkit? So now I need to put > blockers for !>=polkit-0.106 in all existing versions of libvirt and make a > new ebuild for one that supports the newer files? > > Ah more David Z crappy software and design changes. oh, there is no need for blocking >=polkit-0.106 It seems that the polkit "actions" file of libvirt is still functioning my libvirt works after placing a new "rule" file in /usr/share/polkit-1/rules.d/, although i still need to launch the polkit agent manually sometimes. (In reply to comment #9) > (In reply to comment #8) > > (In reply to comment #7) > > > /etc/polkit-1/localauthority/50-local.d is obsolete and the .pkla files with > > > it, > > > and replaced by JavaScript based rules in > > > /etc/polkit-1/rules.d/99-foobar.rules > > > > > > I don't see how this is a polkit bug, since the change was done it purpose, > > > so moving to libvirt maintainers: See how .pkla are converted to .rules in > > > net-misc/networkmanager and net-misc/modemmanager ebuilds in Portage if you > > > need an example. "man polkit" will also tell how the .rules files work. > > > > So basically we bumped polkit which uses completely incompatible files and > > didn't put blockers in all the users of polkit? So now I need to put > > blockers for !>=polkit-0.106 in all existing versions of libvirt and make a > > new ebuild for one that supports the newer files? > > > > Ah more David Z crappy software and design changes. > > oh, there is no need for blocking >=polkit-0.106 > > It seems that the polkit "actions" file of libvirt is still functioning > > my libvirt works after placing a new "rule" file in > /usr/share/polkit-1/rules.d/, although i still need to launch the polkit > agent manually sometimes. almost correct but... nonono, use /etc/polkit-1/rules.d/ to override /usr instead. there is no CONFIG_PROTECT for anything in /usr/share/polkit-1/ |