actions: read actions from /etc/, /run/ and /usr/local/share/ too #499
Conversation
bluca
changed the title
@jrybar-rh let me know if you prefer the approach from that older PR and if so I can forward-port it, I do not have an opinion on which one is better, so up to you, I can work with either |
I like the simplicity of your solution, i.e. duplicating all the operations for both directories. However, we're currently implementing reading .rules files from few more directories (counting 4 now). In case we need to read also action files from the same directories, incl. |
I haven't come across those use cases so far, so maybe we can leave it for when it actually comes up? |
|
https://bugs.debian.org/1010228 was a request for reading both rules and actions from /usr/local, so apparently use cases for that one do exist (the bug submitter's use-case seems to have been And if the search paths for rules and actions are already 75% similar (/etc + /usr/local + /usr), then I think it might make sense to make them completely consistent with each other even though there's no known use-case for /run/polkit-1/actions, just to make documentation clearer (and possibly be able to share more code, although I haven't looked at the implementation). |
|
It seems likely that use case in that bug would be covered by /etc/ ? IE some local rule, not shipped by the package |
I don't think so? gnome-control-center installs e.g. My interpretation of the Debian bug is that the bug submitter expected that if instead of installing the .deb, they do a |
|
Well, to be fair, currently the default meson configuration sets prefix to |
|
ok, then I've cherry-picked the change from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/148 and rebased it instead, and added /run/ and /usr/local/share/ together with /etc/ |
bluca
changed the title
| &error); | ||
| if (monitor == NULL) | ||
| { | ||
| g_warning ("Error monitoring actions directory: %s", error->message); |
There was a problem hiding this comment.
Maybe we can divert a little from the original MR and use polkit_backend_authority_log() instead, so the failed monitors or loaded files (below) get into journal. g_warning is muted when --no-debug is used in .service file.
There was a problem hiding this comment.
But therer's no reference to the authority here?
There was a problem hiding this comment.
Huh, that's true. I'll probably revise polkitbackend to see if authority is really needed in the logging function.
As with the rules.d change, also read actions from /etc/, /run/ and /usr/local/share/ before /usr/share/, in this order Co-authored-by: Luca Boccassi <bluca@debian.org>
In order to allow adding services running from other images than the rootfs, read actions from /etc/polkit-1/actions too. This can happen with systemd services using RootImage= or so, which are not installed as packages and so their action files are not installed in /usr/, which might be read-only.
Fixes #180
This is an alternative to https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/148 that handles it in a different way. I do not mind which implementation is chosen, just providing an alternative.