[arch-general] hal has lost its mind again.

David C. Rankin, J.D.,P.E. drankinatty at suddenlinkmail.com
Thu May 21 14:37:00 EDT 2009


On or about Wednesday 20 May 2009 at approximately 04:00:48 am bardo composed:
> 2009/5/20 David C. Rankin, J.D.,P.E. <drankinatty at suddenlinkmail.com>:
> > On or about Tuesday 19 May 2009 at approximately 03:33:03 bardo composed:
> >> 2009/5/18 David C. Rankin, J.D.,P.E. <drankinatty at suddenlinkmail.com>:
> >> >                <match group="users">
> >> >                        <return result="yes"/>
> >> >                </match>
> >>
> >> I think this may be your problem. I searched some time ago and found
> >> out PolicyKit didn't support group matches. A quick look to the
> >> PolicyKit.conf(5) man page seems to confirm this is still the case.
> >> Now, I don't know if an invalid entry could invalidate the whole
> >> config, but it's worth a try.
> >>
> >> Corrado
> >
> > Corrado,
> >
> >   You and I may be saying the same thing for two different circumstances.
> > Admin_auth certainly allows both user and group auths for actions (man 5
> > PolicyKit.conf):
> >
> > define_admin_auth
>
> I wasn't saying you can't use "group" as an attribute for
> "define_admin_auth", I was saying you can't use it as an attribute for
> "match". So at least that rule won't work, I tried it before. Now, I
> don't know how PolicyKit deals with wrong parameters, but in the worst
> case it could treat the whole file as invalid, and that could be why
> your *other* rules don't work.
>
> I hope I made myself clearer this time :)
>
> Corrado

Yep,

	I'll give Policy kit another shot when I pop the archlinux drive back in. If 
Policy Kit is ignoring the whole file (which it shouldn't do, but seems like 
it is), then that should be logged somewhere. I have been through 
everything.log and messages.log, etc. and there isn't any message like that. 
If it isn't logging rejections, then we need to find a way to have it do so. 
It would sure make troubleshooting policy kit problems a whole lot easier. 
Thank you for your help.


More information about the arch-general mailing list