<div dir="ltr"><div>Hello,</div><div><br></div><div>I'm not aware of anything apparent that should affect that. AFAIK mozjs changed IIRC twice between those versions and then there was a vulnerability mitigation. <br></div><div>Can you please provide outputs from journal? <br></div><div>Also, do you happen to have an option to downgrade to 0.118 or lower to determine the version to blame?</div><div><br></div><div>In case of further questions, don't hesitate to reach out to me.<br></div><div>Thanks.</div><div><br></div><div>Jan Rybar<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 7, 2022 at 12:07 PM Piotr Łobacz <<a href="mailto:piotr.lobacz@vm.pl">piotr.lobacz@vm.pl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hi all,</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I am facing an issue with polkit rules for pkexec. Currently when i try to run an application with pkexec command I'm facing an error:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Jun 07 09:46:06 eg pkexec[59699]: test: Error executing command as another user: Not authorized [USER=root] [TTY=/dev/pts/0] [CWD=/home/root] [COMMAND=/usr/sbin/nft]<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
the rule for this to be run, looks like this:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<div>polkit.addRule(function(action, subject) {</div>
<div> user_app = [</div>
<div> '/bin/chmod',</div>
<div> '/bin/chown',</div>
<div> '/bin/rm',</div>
<div> '/sbin/ifconfig',</div>
<div> '/sbin/route',</div>
<div> '/usr/sbin/update-ca-certificates',</div>
<div> '/usr/bin/hostnamectl',</div>
<div> '/usr/bin/iotedge',</div>
<div> '/usr/bin/swupdate',</div>
<div> '/usr/bin/timedatectl',</div>
<div> '/usr/sbin/dmidecode',</div>
<div> '/usr/sbin/eg_reboot',</div>
<div> '/usr/sbin/factory_reset',</div>
<div> '/usr/sbin/grub_console',</div>
<div> '/usr/sbin/nft',</div>
<div> '/usr/sbin/read_admin_keys',</div>
<div> '/usr/sbin/useradd',</div>
<div> '/usr/sbin/userdel'</div>
<div>];</div>
<div> if (<a href="http://action.id" target="_blank">action.id</a> == "org.freedesktop.policykit.exec" && subject.user == "tes" && user_app.includes(action.lookup("program"))) {</div>
<div> return polkit.Result.YES;</div>
<div>}</div>
<div>});</div>
<div><br>
</div>
<div>and is stored in /etc/polkit-1/rules.d/30-sbin-test.rules. This was all working before, with polkit 0.116, but now we have switched to newer yocto 4.0 and there is polkit 0.119, with which it stopped working for us. Does something has changed in the polkitd
service and I'm missing it?</div>
<div><br>
</div>
<div>BR</div>
<div>Piotr</div>
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div id="gmail-m_5933154902259098843Signature">
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
</div>
</div>
</div>
</div>
</div>
</blockquote></div>