gnome-login: system policy prevents pulseaudio from acquiring high-priority scheduling

shrek-m at gmx.de shrek-m at gmx.de
Mon Dec 10 09:46:56 UTC 2007 

Matthias Clasen schrieb:
> On Sun, 2007-12-09 at 19:45 +0100, shrek-m at gmx.de wrote:
>
>   
>> i was playing with
>> $ polkit-gnome-authorization
>>
>> i added  one user  and blocked an  other,
>> now  none  can edit the "org.pulseaudio  high-priority-scheduling"
>> because it crashes.
>>     
>
> That is simply a bug. I gave David a fix for it; I hope he manages to
> push out a fixed build soon. In the meantime, you can use 
> polkit-auth --revoke 
> to remove the explicit grants that are causing the problem.
>   

ok, i will wait and see ...

>> root (local X) can not edit the policies
>>     a tool for sysadmins but root can not use it  ?
>>     
>
> What is the problem with using it as root (apart from the aforementioned
> bug) ?
>   

the  gui  does not crash as root but absolutely no authorization was
displayed as root.

the gui (local gnome-terminal `su -`) for root:
all is "greyed out", root can change nothing (block, grant, revoke, modify)

the gui (`ssh -Y user at rawhide` ; `su -`) for root:
all is "greyed out", root can change nothing (block, grant, revoke, modify)


# polkit-auth --user admin --explicit       (granted:pulseaudio)
displayed the authorization
"revoke" was possible


# polkit-auth --user test --explicit    (blocked:pulseaudio)
nothing is displayed but the blocked:authorization must exist because
the warning does not pop up for "test" but for "admin"
i have to use
# polkit-auth --user test --explicit-details
ok, now i see the details
but "revoke" seems to be useless.


all in all:  it seems to me that the gui and tui  need some work.

>> one more tool for a sysadmin to check and to manage  ?
>>     
>
> How much checking and managing you want to do depends on your personal
> preferences. At least there is a tool, which is more than consolehelper
> ever achieved...
>   

i could not find the possibility to add groups.

# rm  /usr/share/PolicyKit/policy/PulseAudio.policy
could be a possibility to remove the annoying pulseaudio warnings for
all users
before i have to give all users the root-password :)


can you import/export/clone policies over the network?
can PolicyKit manage users/groups/worksations in a lan? (central backend
on a server)
  userA at wsA  ==  userA at wsB !=  userA at wsC


>> a user can not edit via ssh  X11forwarding  ?   
>
> Should work, what problem are you seeing ?
>   

`ssh -Y user at rawhide` ; gnome-terminal :
the gui for unprivileged users "admin" or "test"
the user can  _only_block_himself_  but nothing else, the rest is
"greyed out".


local-X-session, gnome-terminal :
the gui for unprivileged users "admin" or "test"
_all_is_ok_  and both can block, grant, modify
but the given authorizations are not displayed.
in the gnome-terminal i can see warnings eg. "already exist" but not if
it was sucessfully.


not really usefull  :((

>> no possibilty to disable it like selinux  ?
>>     
>
> What do you mean by that ? Blindly allowing every privileged operation
> for everybody ? Or denying it for everybody ?


-- 
shrek-m

More information about the test mailing list