gnome-login: system policy prevents pulseaudio from acquiring high-priority scheduling
shrek-m at gmx.de
shrek-m at gmx.de
Mon Dec 10 09:46:56 UTC 2007
Matthias Clasen schrieb:
> On Sun, 2007-12-09 at 19:45 +0100, shrek-m at gmx.de wrote:
>
>
>> i was playing with
>> $ polkit-gnome-authorization
>>
>> i added one user and blocked an other,
>> now none can edit the "org.pulseaudio high-priority-scheduling"
>> because it crashes.
>>
>
> That is simply a bug. I gave David a fix for it; I hope he manages to
> push out a fixed build soon. In the meantime, you can use
> polkit-auth --revoke
> to remove the explicit grants that are causing the problem.
>
ok, i will wait and see ...
>> root (local X) can not edit the policies
>> a tool for sysadmins but root can not use it ?
>>
>
> What is the problem with using it as root (apart from the aforementioned
> bug) ?
>
the gui does not crash as root but absolutely no authorization was
displayed as root.
the gui (local gnome-terminal `su -`) for root:
all is "greyed out", root can change nothing (block, grant, revoke, modify)
the gui (`ssh -Y user at rawhide` ; `su -`) for root:
all is "greyed out", root can change nothing (block, grant, revoke, modify)
# polkit-auth --user admin --explicit (granted:pulseaudio)
displayed the authorization
"revoke" was possible
# polkit-auth --user test --explicit (blocked:pulseaudio)
nothing is displayed but the blocked:authorization must exist because
the warning does not pop up for "test" but for "admin"
i have to use
# polkit-auth --user test --explicit-details
ok, now i see the details
but "revoke" seems to be useless.
all in all: it seems to me that the gui and tui need some work.
>> one more tool for a sysadmin to check and to manage ?
>>
>
> How much checking and managing you want to do depends on your personal
> preferences. At least there is a tool, which is more than consolehelper
> ever achieved...
>
i could not find the possibility to add groups.
# rm /usr/share/PolicyKit/policy/PulseAudio.policy
could be a possibility to remove the annoying pulseaudio warnings for
all users
before i have to give all users the root-password :)
can you import/export/clone policies over the network?
can PolicyKit manage users/groups/worksations in a lan? (central backend
on a server)
userA at wsA == userA at wsB != userA at wsC
>> a user can not edit via ssh X11forwarding ?
>
> Should work, what problem are you seeing ?
>
`ssh -Y user at rawhide` ; gnome-terminal :
the gui for unprivileged users "admin" or "test"
the user can _only_block_himself_ but nothing else, the rest is
"greyed out".
local-X-session, gnome-terminal :
the gui for unprivileged users "admin" or "test"
_all_is_ok_ and both can block, grant, modify
but the given authorizations are not displayed.
in the gnome-terminal i can see warnings eg. "already exist" but not if
it was sucessfully.
not really usefull :((
>> no possibilty to disable it like selinux ?
>>
>
> What do you mean by that ? Blindly allowing every privileged operation
> for everybody ? Or denying it for everybody ?
--
shrek-m
More information about the fedora-test-list
mailing list