Bug#894273: policykit-1-gnome: polkit-gnome-authentication-agent-1 fails to start when hidepid=2

2018-03-28 Thread ಚಿರಾಗ್ ನಟರಾಜ್ 
Huh, thanks - I didn't think to look at polkit itself. Sorry for the dup.

So it seems polkit itself is effectively completely broken when using hidepid, 
and there is no way to fix it without defeating the _purpose_ of hidepid 
(granting my user the privileges to see the full /proc tree basically disables 
hidepid, although it may still be useful for hiding /proc from _other_ users, 
e.g. ones that run various daemons...?).

As I don't really use polkit much, I don't think I'll be doing that, but I 
think we should at least list this somewhere in the readme or package 
description for policykit-1 so that affected users know about the current 
solution (this is more important now that systemd uses polkit for authorization 
and a broken polkit means a broken systemd, at least in terms of interactive 
authorization).

Sincerely,

Chiraag
-- 
ಚಿರಾಗ್ ನಟರಾಜ್
Graduate Student at Brown University
Email: chiraag.nata...@gmail.com
Phone: 610-350-6329
Website: http://chiraag.nataraj.us


signature.asc
Description: PGP signature

Bug#894273: policykit-1-gnome: polkit-gnome-authentication-agent-1 fails to start when hidepid=2

2018-03-27 Thread Chiraag Nataraj 
Package: policykit-1-gnome
Version: 0.105-6
Severity: normal

Dear Maintainer,

I happen to run my system with /proc mounted with hidepid=2 for security 
reasons. I tried starting polkit-gnome-authentication-agent-1 as well as 
mate-polkit and they both failed (I use awesome window manager, so I need to 
start the auth agent manually). Further investigation/sleuthing led me to 
discover that hidepid=2 breaks PolicyKit (it supposedly also breaks 
systemd-logind, but I haven't had any trouble with that yet...maybe that's been 
fixed?). This seems to be completely undocumented, as I ended up discovering 
this on a random forum. Am I missing something or is this completely 
undocumented? And if it is undocumented, can we put a note in the package 
description or in the README? Alternatively, is there a workaround for this and 
can we document that somewhere?

Sincerely,

Chiraag

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.11-chiraag (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages policykit-1-gnome depends on:
ii  libc6  2.27-2
ii  libgdk-pixbuf2.0-0 2.36.11-2
ii  libglib2.0-0   2.56.0-4
ii  libgtk-3-0 3.22.29-2
ii  libpolkit-agent-1-00.113-6
ii  libpolkit-gobject-1-0  0.113-6
ii  policykit-10.113-6

policykit-1-gnome recommends no packages.

policykit-1-gnome suggests no packages.