On 24/08/2019 23:38, Ken Moffat via blfs-dev wrote: > Assuming that the reply to my earlier post (should I be in the input > group?) is 'no', can somebody please spare some time to explain how > authorisation via polkit (which I think is the intended route to > gaining access to /dev/input/event*) is supposed to work ? > > I've built polkit with the patch for elogind. Both dbus and elogind > have been started. > > First question: should polkitd be running (i.e. visible in ps aux) > or does it only fire up to respond to dbus, and then shut down again > ?
No, polkit is consulted (started?) by dbus-daemon when needed > > Second question: how is the user who started xorg authenticated by > polkitd ? I think most of the policies are in /usr/share/polkit-1/actions. Do not ask me how they work! Actually, I do not see anything about access to input devices in there. But I am not sure polkit is needed. Once there is a "seat" for the user (attributed by logind), dbus can run some things as root (or any other user) on the behalf of that user. > > Looking at the man pages, all rules files in /etc/polkit-1/rules.d > and /usr/share/polkit-1/rules.d are processed in lexical order (in > the event of a tie, the file in /etc is processed first). But on > this completed system I only have three files in those two > directories: > > /etc/polkit/rules.d/50-default-rules which seems to be checking if > admin users are in the wheel group, and in > /usr/share/polkit-1/rules.d I have > org.freedesktop.NetworkManager.rules and > org.gtk.vfs.file-operations.rules from building those packages at a > later stage. > > I don't see anything that would cause polkitd to grant access to me > via elogind. > > At this point, I'm clearly out of my depth, and I will not be > updating further systems (nor reviewing if the kernel config for > elogind is adequate, nor if the mountcgroupfs and elogind > bootscripts are really needed) unless I can understand where my > build/usage of elogind is failing. > -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
