Bug 17978

Summary: libpolkit requires config and reload files, and policy dir, to be present
Product: PolicyKit Reporter: James Westby <jw+debian>
Component: libpolkitAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED INVALID QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description James Westby 2008-10-08 08:24:22 UTC
Hi,

In

  https://bugs.launchpad.net/bugs/275432

two users reported they were getting errors from consolekit:

  CRITICAL: cannot initialize libpolkit

This was found to be because they had only libpolkit2 installed,
and not the policykit package, as Debian, and hence Ubuntu, splits
the packages.

consolekit reports this error on a failure from polkit_context_init.
That function includes code like

                /* Watch the /etc/PolicyKit/PolicyKit.conf file */
                pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd,
                                                                   PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
                                                                   IN_MODIFY | IN_CREATE | IN_ATTRIB);
                if (pk_context->inotify_config_wd < 0) {
                        polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
                                   strerror (errno));
                        /* TODO: set error */
                        goto error;
                }

if the conf file is not present then the inotify_add_watch call fails
with ENOENT, and so polkit returns an error.

This then causes a problem on minimal debian based systems that only
have libpolkit installed, and not the policykit package that contains
these files. It will also fail if, e.g.the PolicyKit.reload file is
deleted.

It may be that the files are required for the library to work, and so
this is a packaging problem, but I'm not convinced that is the case
for two reasons. Firstly,

                pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error);
                /* if configuration file was bad, log it */
                if (pk_context->config == NULL) {
                        kit_warning ("failed to load configuration file: %s",
                                     polkit_error_get_error_message (*pk_error));
                        if (pk_error == &pk_error2)
                                polkit_error_free (*pk_error);
                }

if the config file isn't present then polkit_config_new will return
NULL, but this isn't fatal.

Secondly, inotify_add_watch is called with the IN_CREATE flag. This
only has an effect if the path is a directory, but it may indicate
that the intent was to get events on creation of a file at the specified
path. (The way to do that is apparently monitor the parent directory
with that flag and switch on the path name when the events occur).

So, I would appreciate clarification on what situations the code is intended
to work in, so that I can fix the packaging, or we can fix the code.

Thanks,

James
Comment 1 Martin Pitt 2009-03-26 02:41:24 UTC
Although fixing PolicyKit for this case should be possible, it would be a rather intrusive patch, and given its security sensitive nature, I'd rather not remove its defences.

I think it is more appropriate to make ConsoleKit work if PolityKit initialization fails. In that case it should just disable the reboot/halt functionality, just as if it would have been compiled without PK support in the first place.

I reported this as bug 20876, with a tested patch.

I keep this open, though, since fixing it in PK, with a semantics of "always return NO if no configuration is found" would fix the problem more fundamentally, and for all software using PK.
Comment 2 David Zeuthen (not reading bugmail) 2009-10-21 10:38:35 UTC
This bug report is for the old version of PolicyKit. Closing as all of the code has been rewritten. Please reopen if the bug report applies to the latest version of PolicyKit. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.