Hi Jan, First thx for quick answer. I am currently out, but I will try to do all the test in the evening and get back to you with all the informations.
BR Piotr Lobacz Pobierz aplikację Outlook dla systemu iOS<https://aka.ms/o0ukef> ________________________________ Od: Jan Rybar <jry...@redhat.com> Wysłane: Tuesday, June 7, 2022 12:41:46 PM Do: Piotr Łobacz <piotr.lob...@vm.pl> DW: polkit-devel@lists.freedesktop.org <polkit-devel@lists.freedesktop.org> Temat: Re: polkit rules are no longer working Hello, I'm not aware of anything apparent that should affect that. AFAIK mozjs changed IIRC twice between those versions and then there was a vulnerability mitigation. Can you please provide outputs from journal? Also, do you happen to have an option to downgrade to 0.118 or lower to determine the version to blame? In case of further questions, don't hesitate to reach out to me. Thanks. Jan Rybar On Tue, Jun 7, 2022 at 12:07 PM Piotr Łobacz <piotr.lob...@vm.pl<mailto:piotr.lob...@vm.pl>> wrote: Hi all, I am facing an issue with polkit rules for pkexec. Currently when i try to run an application with pkexec command I'm facing an error: Jun 07 09:46:06 eg pkexec[59699]: test: Error executing command as another user: Not authorized [USER=root] [TTY=/dev/pts/0] [CWD=/home/root] [COMMAND=/usr/sbin/nft] the rule for this to be run, looks like this: polkit.addRule(function(action, subject) { user_app = [ '/bin/chmod', '/bin/chown', '/bin/rm', '/sbin/ifconfig', '/sbin/route', '/usr/sbin/update-ca-certificates', '/usr/bin/hostnamectl', '/usr/bin/iotedge', '/usr/bin/swupdate', '/usr/bin/timedatectl', '/usr/sbin/dmidecode', '/usr/sbin/eg_reboot', '/usr/sbin/factory_reset', '/usr/sbin/grub_console', '/usr/sbin/nft', '/usr/sbin/read_admin_keys', '/usr/sbin/useradd', '/usr/sbin/userdel' ]; if (action.id<http://action.id> == "org.freedesktop.policykit.exec" && subject.user == "tes" && user_app.includes(action.lookup("program"))) { return polkit.Result.YES; } }); and is stored in /etc/polkit-1/rules.d/30-sbin-test.rules. This was all working before, with polkit 0.116, but now we have switched to newer yocto 4.0 and there is polkit 0.119, with which it stopped working for us. Does something has changed in the polkitd service and I'm missing it? BR Piotr
