home.social

#policykit — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #policykit, aggregated by home.social.

  1. #Rhythmbox 3.4.8 ist vorinstalliert. Das reagiert aber sehr zäh. Nach einem Stop spielt es noch sekundenlang weiter. Das installierte Gnome Software findet #exaile aber nicht #strawberry Im Terminal kann man aber strawberry 1.2.10 installieren.
    Für einige #AppImage muss man #libfuse2t64 nachinstallieren.
    Bei den meisten anderen mint tools wie #mintbackup #mintupdate oder #mintsystem scheitert die Vorgehensweise, weil #policykit-1 nicht installierbar ist. Offenbar wurde das durch polkit ersetzt.

  2. Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via , privilege escalation commands like don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

    dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

    The UI is already there, just show it!

  3. Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via #fprintd, privilege escalation commands like #sudo don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

    #PolicyKit dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

    The UI is already there, just show it!

  4. Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via #fprintd, privilege escalation commands like #sudo don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

    #PolicyKit dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

    The UI is already there, just show it!

  5. Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via #fprintd, privilege escalation commands like #sudo don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

    #PolicyKit dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

    The UI is already there, just show it!

  6. Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via #fprintd, privilege escalation commands like #sudo don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

    #PolicyKit dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

    The UI is already there, just show it!

  7. @rust_discussions none of my systems has #sudo - and never had.
    "Back in the days", I just used "su", nowadays most applications use #PolicyKit to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

    #systemd #dbus #linux

  8. @rust_discussions none of my systems has #sudo - and never had.
    "Back in the days", I just used "su", nowadays most applications use #PolicyKit to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

    #systemd #dbus #linux

  9. @rust_discussions none of my systems has #sudo - and never had.
    "Back in the days", I just used "su", nowadays most applications use #PolicyKit to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

    #systemd #dbus #linux

  10. @rust_discussions none of my systems has #sudo - and never had.
    "Back in the days", I just used "su", nowadays most applications use #PolicyKit to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

    #systemd #dbus #linux

  11. @rust_discussions none of my systems has #sudo - and never had.
    "Back in the days", I just used "su", nowadays most applications use #PolicyKit to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

    #systemd #dbus #linux

  12. Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

  13. Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

  14. Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

  15. Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

  16. Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

  17. After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

    As with most things, it was:

    🤦‍♂️ My fault
    🤏 A one-line fix

    #1password #policykit #i3wm

    major.io/p/1password-cli-lxpol

  18. After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

    As with most things, it was:

    🤦‍♂️ My fault
    🤏 A one-line fix

    #1password #policykit #i3wm

    major.io/p/1password-cli-lxpol

  19. After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

    As with most things, it was:

    🤦‍♂️ My fault
    🤏 A one-line fix

    #1password #policykit #i3wm

    major.io/p/1password-cli-lxpol

  20. After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

    As with most things, it was:

    🤦‍♂️ My fault
    🤏 A one-line fix

    #1password #policykit #i3wm

    major.io/p/1password-cli-lxpol

  21. After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

    As with most things, it was:

    🤦‍♂️ My fault
    🤏 A one-line fix

    #1password #policykit #i3wm

    major.io/p/1password-cli-lxpol

  22. Proposing 3 steps to@solve the issue on .

    Step 1) Create rules for your instance. Easiest is to do it yourself.

    Best is to create a policy with your community, and set up a democratic process for it.
    Here is how joinmastodon.org/covenant

    Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like . policykit.org Another great resource is metagov.org

  23. Proposing 3 steps to@solve the #ContentModeration issue on #Mastodon.

    Step 1) Create rules for your instance. Easiest is to do it yourself.

    Best is to create a policy with your community, and set up a democratic process for it.
    Here is how joinmastodon.org/covenant

    Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like #PolicyKit. policykit.org Another great resource is metagov.org

  24. Proposing 3 steps to@solve the #ContentModeration issue on #Mastodon.

    Step 1) Create rules for your instance. Easiest is to do it yourself.

    Best is to create a policy with your community, and set up a democratic process for it.
    Here is how joinmastodon.org/covenant

    Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like #PolicyKit. policykit.org Another great resource is metagov.org

  25. Proposing 3 steps to@solve the #ContentModeration issue on #Mastodon.

    Step 1) Create rules for your instance. Easiest is to do it yourself.

    Best is to create a policy with your community, and set up a democratic process for it.
    Here is how joinmastodon.org/covenant

    Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like #PolicyKit. policykit.org Another great resource is metagov.org

  26. Proposing 3 steps to@solve the #ContentModeration issue on #Mastodon.

    Step 1) Create rules for your instance. Easiest is to do it yourself.

    Best is to create a policy with your community, and set up a democratic process for it.
    Here is how joinmastodon.org/covenant

    Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like #PolicyKit. policykit.org Another great resource is metagov.org

  27. @aral the fact, that "list-machines" provides output is most likely the inconsistency here, as machines are also global.
    The difference between #systemd's "--system" and "--user" mode is, whether something is managed within a user's resources and/or session, like user units/services running within a user's login/desktop session.
    This has nothing to do with a users permissions to control services in the system context, for which privileges are granted via #DBus through #PolicyKit

  28. @aral the fact, that "list-machines" provides output is most likely the inconsistency here, as machines are also global.
    The difference between #systemd's "--system" and "--user" mode is, whether something is managed within a user's resources and/or session, like user units/services running within a user's login/desktop session.
    This has nothing to do with a users permissions to control services in the system context, for which privileges are granted via #DBus through #PolicyKit

  29. @aral the fact, that "list-machines" provides output is most likely the inconsistency here, as machines are also global.
    The difference between #systemd's "--system" and "--user" mode is, whether something is managed within a user's resources and/or session, like user units/services running within a user's login/desktop session.
    This has nothing to do with a users permissions to control services in the system context, for which privileges are granted via #DBus through #PolicyKit

  30. @aral the fact, that "list-machines" provides output is most likely the inconsistency here, as machines are also global.
    The difference between #systemd's "--system" and "--user" mode is, whether something is managed within a user's resources and/or session, like user units/services running within a user's login/desktop session.
    This has nothing to do with a users permissions to control services in the system context, for which privileges are granted via #DBus through #PolicyKit

  31. @debacle @xpac: #pkexec alleine ist schon grusig, siehe z.B. CVE-2021-4034. Und da dann noch #JavaScript dahinter? 🤮

    Gut, dass man auch sehr gut ohne #PolicyKit, #sudo und ähnliche #LPE-anfällige Programme leben kann — auch auf dem #Linux #Desktop.

  32. Does anyone have a nice and simple example of a script that involves / to ultimately write a file to a root-owned directory?

  33. Does anyone have a nice and simple example of a #python script that involves #policykit / #polkit to ultimately write a file to a root-owned directory?

  34. « company Qualys has uncovered a truly dangerous memory corruption in polkit's pkexec, CVE-2021-4034. , formerly known as , is a SUID-root program. It's installed by default in every major distribution. » ⚠️ zdnet.com/article/major-linux-

  35. « #Security company Qualys has uncovered a truly dangerous memory corruption #vulnerability in polkit's pkexec, CVE-2021-4034. #Polkit, formerly known as #PolicyKit, is a #systemd SUID-root program. It's installed by default in every major #Linux distribution. » ⚠️ zdnet.com/article/major-linux-