Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Polkit policy is not valid with newest versions of Polkit #403

Closed
LucasParsy opened this issue Aug 7, 2020 · 1 comment · Fixed by #531
Closed

Polkit policy is not valid with newest versions of Polkit #403

LucasParsy opened this issue Aug 7, 2020 · 1 comment · Fixed by #531

Comments

@LucasParsy
Copy link

LucasParsy commented Aug 7, 2020

With new versions of Polkit, the value auth_self_keep_session is no more valid for the tags <allow_any>, <allow_inactive> and <allow_active>.
The usbguard policy config is not parsed anymore by new versions of Polkit, and the defined actions are unavailable.

proposed solutions

  • auth_self_keep_session: allowed executing an action after authenticating, and the redo the action without auth for all the rest of the session.
    It is now unavailable

  • auth_self_keep: the authorization is kept for a brief period (e.g. five minutes).
    It is most probably not retro-compatible. (I found no reference online of auth_self_keep on pages mentioning auth_self_keep_session)

  • auth_self: You have to re-authenticate at each call of the action.
    This argument is retro-compatible.

Should we replace occurrences of auth_self_keep_session with auth_self_keep or auth_self?

@hartwork
Copy link
Contributor

hartwork commented Feb 6, 2022

I confirm for polkit version 0.120:

# sudo /usr/lib/polkit-1/polkitd --replace 
[..]
** (polkitd:12385): WARNING **: 01:10:03.007: Unknown PolkitImplicitAuthorization string 'auth_self_keep_session'

** (polkitd:12385): WARNING **: 01:10:03.007: Error parsing file with URI 'file:///usr/share/polkit-1/actions/org.usbguard1.policy': 14: parse error: parsing aborted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants