Created attachment 881791 [details] emerge --info sys-auth/polkit cannot open /usr/share/polkit-1/rules.d resulting in no loaded rules. This happens with all the versions currently in tree. Following error is logged: polkitd[2981]: Error opening rules directory: Error opening directory “/usr/share/polkit-1/rules.d”: Permission denied (g-file-error-quark, 2) polkitd[2981]: Finished loading, compiling and executing 0 rules This happens despite the daemon running as polkitd user and the directory permissions being: drwx------ 2 polkitd root 4096 Jan 9 17:35 rules.d I have re-emerged the system and then the world. I have tried downgrading but nothing changes. I have opened a thread on gentoo forums asking for advice but there is no reply. https://forums.gentoo.org/viewtopic-p-8812531.html#8812531
Looks like the problem is in /usr/share being a symbolic link. Is there a way to make it work with symbolic links or is there a reason why it should not be?
What is /usr/share a symlink to on your system? Did you do it (which is fine, although interesting), or did something do it for you? (Also, just reposting my own comment: we should check if this is related to the systemd unit hardeing in the newer versions.)
(In reply to Sam James from comment #2) > What is /usr/share a symlink to on your system? Did you do it (which is > fine, although interesting), or did something do it for you? > > (Also, just reposting my own comment: we should check if this is related to > the systemd unit hardeing in the newer versions.) Thanks. Yes I did some years ago as I ran out of room on / No problems until now.
(In reply to Sam James from comment #2) > What is /usr/share a symlink to on your system? Did you do it (which is > fine, although interesting), or did something do it for you? > > (Also, just reposting my own comment: we should check if this is related to > the systemd unit hardeing in the newer versions.) Sorry, it points to /home/share where /home is a different partition than / on the same SSD.
https://gitlab.freedesktop.org/polkit/polkit/-/commit/25eef55dddbf0b4d635fbdd508710b496be80d9c Could you try the old version of the unit file? That is, just something like: ``` [Unit] Description=Authorization Manager Documentation=man:polkit(8) [Service] Type=dbus BusName=org.freedesktop.PolicyKit1 ExecStart=/usr/lib/polkit-1/polkitd --no-debug User=polkitd Group=polkitd ```
(In reply to Sam James from comment #5) > https://gitlab.freedesktop.org/polkit/polkit/-/commit/ > 25eef55dddbf0b4d635fbdd508710b496be80d9c > > Could you try the old version of the unit file? > > That is, just something like: > ``` > [Unit] > Description=Authorization Manager > Documentation=man:polkit(8) > > [Service] > Type=dbus > BusName=org.freedesktop.PolicyKit1 > ExecStart=/usr/lib/polkit-1/polkitd --no-debug > User=polkitd > Group=polkitd > ``` Yes, that works fine! Thank you. What a rabbit hole...
(In reply to Sam James from comment #5) > https://gitlab.freedesktop.org/polkit/polkit/-/commit/ > 25eef55dddbf0b4d635fbdd508710b496be80d9c > > Could you try the old version of the unit file? > > That is, just something like: > ``` > [Unit] > Description=Authorization Manager > Documentation=man:polkit(8) > > [Service] > Type=dbus > BusName=org.freedesktop.PolicyKit1 > ExecStart=/usr/lib/polkit-1/polkitd --no-debug > User=polkitd > Group=polkitd > ``` Heppy to do more testing if needed.
I don't think systemd really supports having /usr/share as a symlink to protected locations like /home. If you must maintain this setup, you will probably need to disable the ProtectHome setting in the polkit unit file.
You might have better luck using a bind mount instead of a symlink.
(In reply to Mike Gilbert from comment #9) > You might have better luck using a bind mount instead of a symlink. Thank you. I will do that.