Your message dated Wed, 17 Dec 2025 19:19:40 +0000
with message-id <[email protected]>
and subject line Bug#1110748: fixed in policykit-1 127-1
has caused the Debian Bug report #1110748,
regarding pkexec takes a long time when `ulimit -n` is high
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pkexec
Version: 126-2
Severity: normal
Dear Maintainer,
I've just upgraded to trixie, and noticed that synaptic-pkexec & pkexec
took a very long time to start up. By stracing pkexec, I found that it
was taking a very long time attempting to close many invalid file
descriptors.
/etc/security/limits.d/nofile.conf had:
@audio - nofile unlimited
The solution is probably "don't do that, then": I do appreciate that
setting 'nofile unlimited' is maybe a bad idea. I've not seen a problem
like this before updating to trixie, though, so I'm filing this bug just
in case anyone else has done the same stupid thing as me and notices
that synaptic-pkexec (and other things) take a very long time to start
up and wonders why.
colinf@colinf-xps15:~$ ulimit -n
1073741816
colinf@colinf-xps15:~$ time pkexec echo "hi"
hi
real 1m49.300s
user 0m37.384s
sys 1m9.203s
colinf@colinf-xps15:~$ ulimit -n 1024
colinf@colinf-xps15:~$ time pkexec echo "hi"
hi
real 0m2.938s
user 0m0.007s
sys 0m0.010s
colinf@colinf-xps15:~$
-- System Information:
Debian Release: 13.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pkexec depends on:
ii libc6 2.41-12
ii libglib2.0-0t64 2.84.3-1
ii libpam0g 1.7.0-5
ii libpolkit-agent-1-0 126-2
ii libpolkit-gobject-1-0 126-2
ii polkitd 126-2
pkexec recommends no packages.
pkexec suggests no packages.
Versions of packages pkexec is related to:
pn elogind <none>
pn libpam-elogind <none>
ii libpam-systemd 257.7-1
ii systemd 257.7-1
-- no debconf information
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: policykit-1
Source-Version: 127-1
Done: Luca Boccassi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luca Boccassi <[email protected]> (supplier of updated policykit-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Dec 2025 18:35:00 +0000
Source: policykit-1
Architecture: source
Version: 127-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Luca Boccassi <[email protected]>
Closes: 1094078 1109334 1110748 1119670
Changes:
policykit-1 (127-1) unstable; urgency=medium
.
[ Michael Biebl ]
* Drop debian/clean
.
[ Simon McVittie ]
* d/control: Mark gir1.2-polkit-1.0 as Multi-Arch: same
* d/control: Mark -dev packages as Multi-Arch: same
* d/control: Use dpkg-build-api v1 instead of Rules-Requires-Root
* Standards-Version: 4.7.2 (no changes required)
* d/salsa-ci.yml: Use recommended recipe
.
[ Luca Boccassi ]
* Update upstream source from tag 'upstream/127'
(Closes: #1109334, #1119670, #1094078, #1110748)
(CVE-2025-7519)
* Add build dependency on mount for unit tests
* Install new polkitd.conf and manpage
* polkitd: start polkit-agent-helper.socket on install/upgrade
* polkitd: drop postinst workarounds for pre-bookworm
* polkitd: drop adduser and rely exclusively on sd-sysusers
* polkitd: do not change perms of /etc/polkit-1/rules.d in postinst and
rely on tmpfiles.d
* polkitd: do not set SUID on polkit-agent-helper-1 under systemd
* Update symbols file for v127
Checksums-Sha1:
fa7e7dd239fed8a2748d593af626a976aaa84f06 3095 policykit-1_127-1.dsc
ea9a7516c448a42adff0a0f88629d13d14d90ad9 472872 policykit-1_127.orig.tar.gz
541e5d08e9b7c326cf6c979d4a07251ff298da9a 29852 policykit-1_127-1.debian.tar.xz
e490021d1315b7693fd2b95feb4a4b594c93e7eb 9990
policykit-1_127-1_source.buildinfo
Checksums-Sha256:
f9182911393e9bb0286118a89f2cc2f22769a6956c32d490e055d00ace9ffec8 3095
policykit-1_127-1.dsc
9b7bc16f086479dcc626c575976568ba4a85d34297a750d8ab3d2e57f6d8b988 472872
policykit-1_127.orig.tar.gz
ffa6b0dd9c43f07f09aa5108ea12bc3d4d02fc38aa00a706350a153628402a24 29852
policykit-1_127-1.debian.tar.xz
54b5d07204046ed2c19fbb0ae53636c2dbf7987d7fdbe7f7ff1d4027d7a752e5 9990
policykit-1_127-1_source.buildinfo
Files:
9c33e2a4e43f0c59c931fd70a176ab44 3095 admin optional policykit-1_127-1.dsc
2cc95f1b02fc1de6c9e52db986642ec4 472872 admin optional
policykit-1_127.orig.tar.gz
8ec9c3c46d18350c56309e989c7be506 29852 admin optional
policykit-1_127-1.debian.tar.xz
111265b644a00e5cd04fce43ff676879 9990 admin optional
policykit-1_127-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmlC/FQRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB4UZRAArc3rHSnI25eAdQPfavSVgGveaU9H5LxJ
uwP/LlUNTLPKkVrQU8chgCZoxBF4xUyOjy6sOxlCGDfJhpvQccGt21blOVjaH3Bi
DN50yCZx4GnwW3wwm/3qt9m9ZVZ3wQoMV7uSBjurrrug3H+C9sPyuZCUH4glO4VG
RxzHu1z1mPRcHMU/CHgwryz9J2gKVK4a16gXp2utc+xRmh0k7WAH7/GXCI0TfkzY
STUtGdJ+xQJmxOp2v+zedjfvq05/qjWDyeAMTBUJBhV+l8DaxY9BzwT2pD2sTFaS
N6WOfKQwwKGLpqvSV+9qlmA81OJkfOE1me38I7zRnj34FhmTK+R58toAGXAOB54g
GPJ1nVYVTePsnWMgcrzFnf1+hlxufVChKjMtyXB8fAExeYWRgROLSV64I5HxiO7s
Vpk6Rk9qHqgqdpM4gjZviz4FujvTWgj4M3DUmhqJcGvuf1VjEnRFzubjPpnlafby
fIOzd7XkbOiibsAEYYGrPlV3ZHWKmQuE0R7hT1e5+56O+YdZb7fNs+FBHb2SWqC6
v67vhUxhxh945C1S5A2fOEJjFDH8qruaG4U2hd+p3yFefr5Xn2NTBZJibrvyOLw9
RKQHMSTJgNJ/gDKHuBZlq/fmmDJYVdLbImMTtZhsvW6ftN/UHvo6nGMN4urhnF0b
KVZVJSb+L5w=
=jefd
-----END PGP SIGNATURE-----
pgpYKkJoE0UxA.pgp
Description: PGP signature
--- End Message ---
