# local udisks pkla rule stopped working

## urcindalo

Hi and thanks for reading this!

After the upgrade to dbus-1.6.8 from 1.6.2 I can no longer automount my internal partitions without being asked for a password. I use a stable amd64 box.

It used to work with this setup:

```
lab 50-local.d # ll /etc/polkit-1/localauthority/50-local.d/

total 8

-rw-r--r-- 1 root root 128 oct  9 10:36 01-my-polkit-udisks.pkla

-rw-r--r-- 1 root root 206 feb 10  2012 10-org-freedesktop-network-manager-settings.pkla

lab 50-local.d # cat 01-my-polkit-udisks.pkla

[udisks full access]

Identity=unix-group:wheel

Action=org.freedesktop.udisks.*

ResultAny=yes

ResultInactive=no

ResultActive=yes
```

However, it seems now the rules in the 01-my-polkit-udisks.pkla file are no longer honored. Previously the working file name was my-polkit-udisks.pkla, but I have even prefixed it with "01-" to try to make it work, just in case.

Am I missing something? I even re-emerged udisks, to no avail.

Any help is greatly appreciated.Last edited by urcindalo on Thu Oct 11, 2012 11:38 am; edited 2 times in total

----------

## urcindalo

I downgraded to dbus-1.6.2 and the problem persists, so dbus is not to blame, at least alone.

This problem also happens on my laptop at home. I just checked. So now I have two different boxes screwed up by some dbus/udisks/policy very recent change/upgrade.

----------

## urcindalo

It seems the problem is indeed the udisks .pkla rule in /etc/polkit-1/localauthority/50-local.d not being honored anymore.

When I change the org.freedesktop.udisks.filesystem-mount-system-internal rule in /usr/share/polkit-1/actions/org.freedesktop.udisks.policy to YES for allow_active I can mount internal partitions without being prompted for a password. This also means I'm correctly getting an active session, as shown by ck-list-sessions:

```
$ ck-list-sessions

Session1:

        unix-user = '1000'

        realname = '(null)'

        seat = 'Seat1'

        session-type = ''

        active = TRUE

        x11-display = ':0'

        x11-display-device = '/dev/tty7'

        display-device = ''

        remote-host-name = ''

        is-local = TRUE

        on-since = '2012-10-11T10:46:12.928083Z'

        login-session-id = '7'
```

However, editing the org.freedesktop.udisks.filesystem-mount-system-internal rule is not the recommended way of achieving what I want.

What is failing?

Why my rule in /etc/polkit-1/localauthority/50-local.d is not working anymore?

Am I the only one suffering from this?

----------

## VoidMage

 :Rolling Eyes:  Just like you were told in the bug, that you shouldn't have opened yet, the answer is http://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html.

The syntax of polkit rules has changed - you most likely just need to rewrite that pkla into the new syntax.

----------

## urcindalo

I solved it.

It wasn't simply a syntax change in the pkla file  :Rolling Eyes: 

I had to:

1) Place the rule in another directory, with a different suffix and a different syntax.

2) Correct the bad syntax in the polkit Gentoo Wiki example.

Just in case someone needs it, these are the steps to solve the issue:

1) Become root

2) Go to /etc/polkit-1/rules.d

3) Create a file like 99-udisks.rules with this content (assuming the user belongs to the wheel group):

```
polkit.addRule(function(action, subject) {

    if (action.id == "org.freedesktop.udisks.filesystem-mount-system-internal" &&

        subject.isInGroup("wheel")) {

        return polkit.Result.YES;

    }

});
```

4) That's it  :Smile: 

As a side note I really hope some people, when visiting a Doctor to get cured, were actually told what drugs to take instead of what Treaty of Medicine to study to cure themselves.

----------

## VoidMage

I said you need to rewrite the rule into the new syntax, not the file.

While the change done by upstream in a  quite annoying way, it was a documented change (well, kind of).

----------

