Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add possibility to load actions from multiple directories #180

Open
polkit-github-migration-bot opened this issue Nov 3, 2022 · 6 comments · May be fixed by #499
Open

add possibility to load actions from multiple directories #180

polkit-github-migration-bot opened this issue Nov 3, 2022 · 6 comments · May be fixed by #499

Comments

@polkit-github-migration-bot
Copy link
Collaborator

In gitlab.freedesktop.org by msmeissn on Nov 3, 2022, 16:17

Link to the original issue: https://gitlab.freedesktop.org/polkit/polkit/-/issues/179
can you add a feature to load actions from multiple directories, like a package supplied one and a system specific one, to allow a read-only /usr

like e.g. /usr/share/polkit-1/actions and /etc/polkit-1/actions/
@polkit-github-migration-bot
Copy link
Collaborator Author

In gitlab.freedesktop.org by jrybar on Jan 4, 2023, 15:21

I need 'the WHY' here.

Action files are supposed to be shipped with the package that implements the functionality adressed by the actions. As such, it should only reside in /usr hierarchy.
The only reason why an additional action file could be in /etc is some software development, however, /etc is also root/admin only, so why not to implement the new action file in /usr directly and ease up the bundling/packaging process?

I fail to see the reason for having those in /etc. Can you name some, please?

@polkit-github-migration-bot
Copy link
Collaborator Author

In gitlab.freedesktop.org by arvin on Jan 5, 2023, 09:08

There are cases where the admin wants to change an action. A good example is firewalld that is shipped with two actions and a link defines with one is used.

These days some distributions are moving towards allowing /usr to be read-only or/and shareable, see
https://fedoraproject.org/wiki/Features/UsrMove. In that case the admin cannot simply modify the actions in /usr. With this feature overriding actions in /etc would be possible.

@polkit-github-migration-bot
Copy link
Collaborator Author

In gitlab.freedesktop.org by jrybar on Jan 5, 2023, 18:39

Well, the way firewalld installs the files in particular is rather awkward to me. I can imagine a way on e.g. Fedora where a subpackage -server would be shipped and that package would install the server version of .policy file.

I don't know, TBH. It feels perfectly reasonable for .rules files, but for .policy... 🤔

@polkit-github-migration-bot
Copy link
Collaborator Author

In gitlab.freedesktop.org by jrybar on Jan 5, 2023, 18:46

Well, I don't see a proper reason to do this, BUT also don't see a strong reason why not. Please, separate the non-related change as noted in the MR, rebase it and I'll run a proper review on the rest. Thank you :)

@lnussel
Copy link

lnussel commented Jan 22, 2024

looks like the related merge request was not convert to a pr:
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/148

@vmihalko
Copy link
Collaborator

It was: #358

bluca added a commit to bluca/polkit that referenced this issue Sep 13, 2024
@bluca
actions: read from /etc/polkit/actions too
12afced 
In order to allow adding services running from other images than the
rootfs, read actions from /etc/polkit/actions too. This can happen
with systemd services using RootImage= or so, which are not installed
as packages and so their action files are not installed in /usr/, which
might be read-only.

Fixes polkit-org#180
@bluca bluca linked a pull request Sep 13, 2024 that will close this issue
Open
bluca added a commit to bluca/polkit that referenced this issue Sep 13, 2024
@bluca
actions: read from /etc/polkit-1/actions too
768a93b 
In order to allow adding services running from other images than the
rootfs, read actions from /etc/polkit-1/actions too. This can happen
with systemd services using RootImage= or so, which are not installed
as packages and so their action files are not installed in /usr/, which
might be read-only.

Fixes polkit-org#180
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

actions: read actions from /etc/, /run/ and /usr/local/share/ too bluca/polkit
3 participants
@lnussel @vmihalko @polkit-github-migration-bot