Udisks and/or polkit problems

Tue May 8 02:45:32 PDT 2012

On Mon, 7 May 2012 20:57:19 -0400
David Zeuthen wrote:

> > That would still allow the user davidz to unmount /boot / etc..  
> 
> Sure - there's no way for udisks to tell them apart.
> 

There is fstab, there is udev which provides all that info
(removable or not) and the kernel, there's also the root user as
sudo listens to and sudo itself reports what users are doing.

I guess I could spend time changing the parts which aren't broken to
using udisks mount or more easily and so more likely look into adding an
unmount button to nautilus or elsewhere or investigate spacefm
or talk to the nautilus devs. I just figured it would be better to
align with upstream.

Any idea why nautilus only shows the mount point (as well as mount
device) for a split second as that is what offered the interface to
unmount (unmount right-click option). Unfortunately I can't remove
udisks2 without removing nautilus and they both updated at the same
time. Maybe I could force udisk2 removal, to see if that's a bug in
nautilus?

This broke likely either due to

installed udisks2 (1.94.0-1) 

or upgraded nautilus (3.2.1-1 -> 3.4.1-1).

> > That's not something that fits into my security policy?  
> 
> Well, if you have such needs, then perhaps you shouldn't be mounting
> USB devices as uid 0 from udev rules.

Then I'd lose features. Here I was, thinking unix was about usability
and simplicity not commandment and complexity. OpenBSDs hotplugd fits
that traditional bill just fine. 

It may not be your remit but perhaps you could also look into why the
copy progress bar is now far worse than linux devs used to criticise
Windows for. Again OpenBSD have solved that working far better than
windows whilst keeping buffering, admittedly it stops and starts every
few seconds which isn't a completely true reflection of what's
happening in the background, so it's not perfect, but atleast it ends
on time.

Ok, so does udisks not call an unmount via udisksctl that I can wrap to
drop permissions and utilise sudo?

p.s. polkit's configuration system (multiple locations, lack of
example, etc.) and documentation is an absolute mess and an embarassment
to unix and also includes incorrect information about sudo, perhaps
you know the people to shake up about that before people wonder any
more whether redhat want Linux to be more difficult to use and
support for financial reasons. Grsecurities RBAC has a good central
config to look at.