Hi Khem, the owner/permission change is from the following commit in meta-oe:
commit 6da0fd21c900e32a0693a6b27d38182f19c8c76c Author: Luca Boccassi [email protected]<mailto:[email protected]> Date: Mon Aug 12 12:15:40 2024 +0100 polkit: stop overriding DAC on /usr/share/polkit-1/rules.d This is no longer required by upstream for data in /usr/, as it ships in packages so there's no point hiding its content. Still required for /etc/ as that's for local modifications. So either other recipes (e.g., systemd) adapt to this change, or we revert this change. Regards, Qi From: [email protected] <[email protected]> On Behalf Of Khem Raj Sent: Thursday, August 29, 2024 9:46 AM To: [email protected] Cc: Alexander Kanavin <[email protected]>; [email protected] Subject: Re: [PATCH] [OE-core] [PATCH] systemd: use update-alternatives to solve conflicts with polkit On Wed, Aug 28, 2024 at 6:22 PM wangmy via lists.openembedded.org<https://urldefense.com/v3/__http:/lists.openembedded.org__;!!AjveYdw8EvQ!bnEcUpbumHuTlZhWSalUVRI5pENjFzvB8Dyo_0Apcb-ZwHemDqMVurWfDumRGTuJgEI3jeBx76OPe_C8xDKFuw$> <[email protected]<mailto:[email protected]>> wrote: | Are you using package_rpm and dnf to compose the image? Yes. I checked the permission of rules.d, they are different: systemd: %attr(700,polkitd,root) %dir "/usr/share/polkit-1/rules.d" polkit: %attr(755,root,root) %dir "/usr/share/polkit-1/rules.d" If the permission need to be unified, which one should be unified into? Stricter is better so 700 seems good from security pov but we need to ensure it works with polkit -- Best Regards --------------------------------------------------- Wang Mingyu FUJITSU NANJING SOFTWARE TECHNOLOGY CO., LTD. (FNST) No.6 Wenzhu Road, Nanjing, 210012, Chi<https://urldefense.com/v3/__https:/www.google.com/maps/search/6*Wenzhu*Road,*Nanjing,*210012,*Chi?entry=gmail&source=g__;KysrKys!!AjveYdw8EvQ!bnEcUpbumHuTlZhWSalUVRI5pENjFzvB8Dyo_0Apcb-ZwHemDqMVurWfDumRGTuJgEI3jeBx76OPe_BzmA8PRQ$>na TEL:+86+25-86630566--8568 COINS: 79988548 FAX: +86+25-83317685 MAIL: [email protected]<mailto:[email protected]> > -----Original Message----- > From: Alexander Kanavin > <[email protected]<mailto:[email protected]>> > Sent: Wednesday, August 28, 2024 5:15 PM > To: Wang, Mingyu/王 鸣瑜 <[email protected]<mailto:[email protected]>> > Cc: > [email protected]<mailto:[email protected]> > Subject: Re: [PATCH] [OE-core] [PATCH] systemd: use update-alternatives to > solve conflicts with polkit > > On Wed, 28 Aug 2024 at 11:04, Mingyu Wang (Fujitsu) > <[email protected]<mailto:[email protected]>> > wrote: > > > > The name of /usr/share/polkit-1/rules.d are the same, but the files > > contained > in the path are different. > > What methods can be chosen to solve this problem in this situation? > > Are you using package_rpm and dnf to compose the image? If so, you can look at > the spec files used to produce the packages in ${WORKDIR} of systemd and > polkit to see how /usr/share/polkit-1/rules.d is specified in both. It might > be that > permissions or ownership are different and dnf can't resolve that. > > Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203900): https://lists.openembedded.org/g/openembedded-core/message/203900 Mute This Topic: https://lists.openembedded.org/mt/108138529/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
