Translate Polkit permissions/rules from pkla into JS-rules
c.buhtz at posteo.jp
c.buhtz at posteo.jp
Wed Jan 8 12:22:57 UTC 2025
Hello,
Not sure if this is the right place. Please redirect me if I a wrong
here. I never understood polkit and only used code snippets copied from
the web to configure it. With migrating to Trixie I realized that the
format of the polkit rules changed and now is using a JavaScript like
syntax. Now I need to translate my old (pkla) rules int the new syntax.
Let me start with just one of the rules as an example. Maybe I can solve
the others if I understand how to solve this.
After logging into a XRDP Session (with XFCE) I am asked for a password
to allow the creation of a color device. On Bookworm I used this rule to
allow the action without being asked for a password:
[Color Manager All Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.settings.modify.system;org.freedesktop.color-manager.create-device
ResultAny=no
ResultInactive=no
ResultActive=yes
On Trixie I translated that into this:
/* org.freedesktop.color-manager.create-device */
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.color-manager.create-device") {
return polkit.Result.YES;
}
return polkit.Result.NO;
});
And now I am not asked for a password anymore. Fine.
But the problem is that some other new things not working anymore: I can
not mount an USB-Stick, I can not logout from the session.
I do unterstand that this problems happen because I do "return
polkit.Result.NO;" in the else branch. But without understanding the
whole polkit-JS-rule-logic I don't know what else I can put into the
else-branch to make it work.
Regards,
Christian Buhtz
More information about the polkit-devel
mailing list