Arch Linux

Also:

I needed to add another workaround (analogous to the one described above) for "org.freedesktop.hal.storage.eject" as well, since ejecting devices didn't work either.

Works fine here, but I'm using consolekit on this system. When using gdm, consolekit is supported by default. For everything else you'll need to add the pam_ck_connector.so module as session object to the correct pam.d modules.

Thanks for the comment and the suggestion. Console-kit-daemon *is* running while I'm getting these errors (I think it gets started by dbus, but I'm not sure). I also tried manually adding:
"session required pam_ck_connector.so" to the /etc/pam.d/login file, but this doesn't seem to be making any difference (I restarted after making the change).

If I use GDM to log in everything works fine.
If I login using my usual method (autologin my user to vc/1 using mingetty then X is started from ~/.bash_profile) -- it doesn't.

So is this whole new policykit/consolekit thing only going to work correctly when using a login manager?
Any suggestions for a reasonable workaround given a setup like mine (without a login manager)?

I just want to say I experience the same issue on my i686 machine!

I've been experiencing the same thing, however it doesn't appear to be related to policykit. The testing version of hal is the culprit--I downgraded hal to v0.5.11-4 and everything is working fine again.

That's because hal 0.5.11-5 is using policykit, where 0.5.11-4 is not. Upstream is heading towards more policykit and consolekit integration and nearly every distribution is following that. If you don't want to setup a login manager or use the pam modules shipped with consolekit, you're on your own. You can always install policykit-gnome and run polkit-gnome-authorization to setup different permissions, but these will not be the defaults on archlinux.

OK -- I solved this one, at least on my machines. Here is what I did:

1) Add "session optional pam_ck_connector.so" to /etc/pam.d/login
2) Every session started from .xinitrc must have ck-launch-session pre-appended, like so:
exec ck-launch-session openbox-session
or exec ck-launch-session start-wmii.sh

When all this is done the permissions seem to work as they should.

Thanks for the info, fwojciec. I solved it as well...by simply abandoning hal. No more headaches! =)

How are you going to use the hotplugging in xorg without hal? :P

I don't use hotplugging. If it comes down to the point where hal is an absolute requirement for using Xorg, I'll look for alternatives.

This is still unsolved for me, tried fwojciec's way, tried the patch posted here, nothing works. Who of you guys have it running and what did you do for it? I'm on i686

Experiencing the same issues at x86_64
testing/hal 0.5.11-7
extra/dbus 1.2.4-1
extra/policykit 0.9-7

same here on x86_64

same on x86_64, Till hal is fixed 0.5.11-4 package does not have this issue.

JGC could you give us more detailed solution how to fix this problem please? Your comment above is not clear enough for me. And a wiki should be updated for this... Thanks!

This is my summary:

1) pam_ck_connector doesn't work in /etc/pam.d/kde: it opens a session, but sets active=FALSE (see ck-list-sessions)
2) If I use .xsession and launch "exec ck-launch-session startkde", everything works, but this should only be used in combination with startx, not with a login manager
3) If I patch kdebase-workspace with http://bugs.kde.org/attachment.cgi?id=28418, everything works out of the box (should also work when launching somethinge else than kde from kdm). This is already supported in upstream kde 4.2

This should be the way to go:
1) Fix all login managers to launch a consolekit session
2) For sessions launched from xinitrc/startx, use ck-launch-session
3) Maybe fix pam_ck_connector to be less braindead

I have uploaded kdebase-workspace-4.1.3-2 to testing. Please let me know if that solves the problems.

Pierre, it doesn't solve the Problem on my x86_64. I think it is a KDE4 bug because the same things happened on another boxes from me too.

Update it mounts now , I can read, delete and create files and copy from the USB-Drive to the Computer after changes in the fstab "/dev/disk/by-uuid/{AAAA-1111-AA} /media/{NameOfTheDrive} vfat users,exec,noauto 0 0" but this is not really what I want. The Problem now I can't copy - paste files from the Computer to the USB drive.

I hate this little critter :)

1) You shouldn't put anything in fstab! The point of hal is not using fstab.
2) You need to login again using kdm with the patched package. Make sure you actually relaunch kdm after the update, not just log out and log in (which won't necessarily relaunch it). If you don't use kdm, but rather startx, you need to have 'ck-launch-session startkde' instead of 'startkde' in .xinitrc.

I didn't try Pierre's new package yet, but the one I built for myself is working great.

Same problems with Openbox/PCmanFM/x86_64

Can you please run ck-list-sessions and paste the output here?

@Jada: This is not a bug in KDE. 4.1.x just does not support consolekit. Only 4.2.x will have some basic support.
@JGC: Is it possible to disable consolekit in hal until it is really working. (especially the pam module)

I think fixing the pam module should have the highest priority.

There's a patch to support consolekit, redhat uses it for a long while already. I see no reason to use the pam module for KDE while we can have native support using a patch that went upstream into 4.2.
As for the pam module: Allan and I have been debugging it a bit for slim yesterday. Somehow the pam module makes some wrong assumptions, either by bugs in the pam module or by bugs in slim (why would you set RHOST to localhost while doing a local login, that's a bug in slim).

I will do some further bughunting on this pam module this weekend, hope we can get this thing working correctly.

As for disabling policykit in hal: this package is in testing and works as long as consolekit works with your login manager or way to start your session. This package will stay in testing as long as we haven't integrated consolekit correctly. I won't revert anything and I won't add weird policykit configuration files to the extra version of hal or policykit to fix bugs we have open in gnome-power-manager at this moment.

@Alois: have you been reading my comments? You have to either a) use a login manager that has consolekit support (gdm or kdm from testing) or b) in your .xinitrc or .xsession file, start 'ck-launch-session openbox' instead of just 'openbox'.

@JGC: There is a patched version of kdebase-workspace in testing which should work with consolekit. I didn't try that version, but I think Pierre used the same patch as I did locally. I am unsure why it wouldn't work for Jada, but he doesn't give too much information.

@Jada: Are you even using kdm? If not, the new kdebase-workspace from testing won't change anything for you.

@Thomas:

I overlook your comment, sorry.

Yes, it works.

Good morning

@ brain0: Yes I am using kdm "inittab" but I am going to change it. I will try it out using KDM "rc.conf Daemon". More about it later today!

There is no difference. I just checked and kdm from testing is working fine with consolekit.

So only other login managers are affected by this?

I also tried the testing package (x86_64) with the inittab method and it works.

If it doesn't work for you, run ck-list-sessions and paste your output here.

I a, running kdebase-workspace from testing but downgrade it now. So far I can say now, see you next year again, hopeful all this things are then fixed.

Reason, drive don't unmount, no write access, I am done with it now. Does it really have to so bloody that I never get my travel drive working. I know it is not all your fault guys, .........

Thank's to Pierre, Jan, Thomas, Tobias,

If you would give us the information we are asking for, we might get somewhere, but you simply ignore all the comments, so nobody can help you. I would actually be interested in why this fails for you. I suspect you played with fstab too much (as I said, don't use fstab if you're going to work with hal). I also told you to please run ck-list-sessions from your kde session and paste the output here, but you ignored that too.

FYI, I'm done repeating myself.

@brain0 Thomas I am not ignored that, I'm trying to understand what keeps the login manager from registering the kde session with ConsoleKit. ck-list-sessions shows no session at all.

#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth required pam_unix.so nullok
auth required pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account required pam_unix.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so md5 shadow use_authtok
session required pam_unix.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so

You could have told us that. There are no sessions if you have kdebase-workspace from extra or any older version. The only version that is capable of registering the session is kdebase-workspace from testing (4.1.3-2) and that only works if you use kdm.

So apparently, that doesn't work for you, but none of us can reproduce that (for any of us it works as soon as we use the new kdm). Jan, do you know how to debug this? Is there some option that forces consolekit to be verbose to the syslog?

@brain0 , I just have make a clean new install from img 10.2008 Nepal and now it is local time 1.30 am. My wife is calling me. I need to sleep. In few hours I am back, and start all new again.

It still doesn't work for me, here is my ck-list-sessions:
Session1:
unix-user = '1000'
realname = ',,,'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2008-12-06T11:32:35.768809Z'
login-session-id = ''

@newgargamel: This looks fine, so it should work. What exactly fails for you?

I have this error message when I insert usbstick:
"org.freedesktop.Hal.Device.PermitionDeniedByPolicy: org.freedesktop.hal.storage.mount-removable no <-- (action, result)"

Now I'm really confused: I had this exact error when I didn't have an active consolekit session. I have the same output from ck-list-sessions as you have, but mounting a USB drive works. I have no idea where to go from here, I hope Jan knows something.

Perhaps you changed the policykit-action.
"polkit-action --action org.freedesktop.hal.storage.mount-removable" lists the current values
"polkit-action --reset-defaults org.freedesktop.hal.storage.mount-removable" resets the defaults

same problem here on x86_64:
error is:
"org.freedesktop.Hal.Device.PermitionDeniedByPolicy: org.freedesktop.hal.storage.mount-removable no <-- (action, result)"

[root@Apollon PolicyKit]# ck-list-sessions
Session1:
unix-user = '1000'
realname = 'Damir Perisa,,,'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2008-12-06T13:25:35.637631Z'
login-session-id = ''


[root@Apollon PolicyKit]# polkit-action --action org.freedesktop.hal.storage.mount-removable
action_id: org.freedesktop.hal.storage.mount-removable
description: Mount file systems from removable drives.
message: System policy prevents mounting removable media
default_any: no
default_inactive: no
default_active: yes
[root@Apollon PolicyKit]# polkit-action --reset-defaults org.freedesktop.hal.storage.mount-removable
[root@Apollon PolicyKit]# polkit-action --action org.freedesktop.hal.storage.mount-removable
action_id: org.freedesktop.hal.storage.mount-removable
description: Mount file systems from removable drives.
message: System policy prevents mounting removable media
default_any: no
default_inactive: no
default_active: yes

kdm is started out of rc.conf DAEMONS

What I can think of is that some piece of KDE is still left behind and operates on hal from a previous session which is not active. I've seen this with GNOME and left-behind processes in the past also.

That should be solved by a reboot. Or if you log out, log in on the console and kill all the user's processes.

From what I can see, my output is the same as Damir's. But I start kdm from inittab (shouldn't make a difference though).

this behaviour is after a reboot. no processes left behind. it must be something else i cannot think of since im not used to the new hal policy things.

Today, Archlinux i686

[jada@computer-01 ~]$ ck-list-sessions
Session1:
unix-user = '1000'
realname = ''
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2008-12-07T07:23:01.507758Z'
login-session-id = ''
[jada@computer-01 ~]$

It doesn't fix my problem with my USB-Travel Drive. I can't cope from the computer to the drive. But I can open all stuff on the drive and copy to the computer.

More bad, I am going to sync my MP3 Sony Walkman by using Amarok. Amarok see it and play the music. After remove the Player from the USB Port all Music files on the Player are destroid. In fact the permission is over written to "root"! No User can use this player. More bad, I have to format the MP3 Player, load Windows and load a new Firmware and Copy all MP3 from my Windows Backup Server to the Player.

I warning all how read this. In this development status, becareful with the KDE4 Desktop.

bash-3.2# polkit-action --action org.freedesktop.hal.storage.mount-removable
Cannot find policy file entry for action id 'org.freedesktop.hal.storage.mount-removable'
bash-3.2#

I doubt this is a KDE problem, so please stop trolling. So, you removed the mp3 player without unmounting?

That's not a bug. Your installation must be broken!
Try reinstalling policykit or ask in the forum.

Uwe, are you actually using hal etc from testing? I am beginning to doubt that. This bug report is ONLY about the hal problems in testing.

And BTW, KDE 4 has nothing to do with how filesystems are accessed. It is not in an early development state and does not destroy filesystems. You might want to run 'mount' while the drive is mounted to see how exactly it is mounted, and run ls -lF on the mount point. What you are telling us doesn't make ANY sense to me, nothing fits together, so I guess you did more than you should do, trying to fix things that are not broken.

EDIT: And by the way: Reinstalling the system NEVER fixes anything, it is simply a waste of time.

I am still having this issue. pcmanfm is where I run into the issue. If I right click on the device in pcmanfm it gives me the option to mount the device, upon this happening, I get errors, but these are not displayed because of some gtk error.

(pcmanfm:4433): Gtk-WARNING **: Failed to set text from markup due to error parsing markup: Error on line 1 char 53: '-' is not a valid character following a '<' character; it may not begin an element name

So, the error is not helpful since it can't be properly displayed.

This does not work for my usb camera or my usb stick.

Installed files:
]$ pacman -Qi hal policykit consolekit
Name : hal
Version : 0.5.11-7
URL : http://www.freedesktop.org/wiki/Software/hal
Licenses : GPL custom
Groups : None
Provides : None
Depends On : dbus-glib>=0.76 dbus>=1.2.4 libusb>=0.1.12 udev>=118
filesystem>=0.7.1-5 hal-info>=0.20081022 eject
libsmbios>=2.0.2 dmidecode pciutils>=3.0.2
usbutils>=0.73-5 pm-utils>=1.2.2.1 policykit>=0.9-6
consolekit>=0.3.0
Optional Deps : None
Required By : gnome-vfs pcmanfm xorg-server
Conflicts With : None
Replaces : None
Installed Size : 2448.00 K
Packager : Jan de Groot <jgc@archlinux.org>
Architecture : x86_64
Build Date : Sun 30 Nov 2008 11:51:24 AM EST
Install Date : Sun 07 Dec 2008 11:05:03 PM EST
Install Reason : Explicitly installed
Install Script : Yes
Description : Hardware Abstraction Layer
Name : policykit
Version : 0.9-7
URL : http://hal.freedesktop.org/docs/PolicyKit/
Licenses : custom
Groups : None
Provides : None
Depends On : dbus-glib>=0.76 expat>=2.0.1 pam
Optional Deps : None
Required By : consolekit gconf hal
Conflicts With : None
Replaces : None
Installed Size : 1980.00 K
Packager : Jan de Groot <jgc@archlinux.org>
Architecture : x86_64
Build Date : Sun 30 Nov 2008 09:43:40 AM EST
Install Date : Wed 03 Dec 2008 11:35:27 AM EST
Install Reason : Installed as a dependency for another package
Install Script : Yes
Description : Application development toolkit for controlling system-wide
privileges
Name : consolekit
Version : 0.3.0-3
URL : http://www.freedesktop.org/wiki/Software/ConsoleKit
Licenses : GPL
Groups : None
Provides : None
Depends On : dbus-glib>=0.76 glib2>=2.18.2 policykit>=0.9 zlib
Optional Deps : None
Required By : hal
Conflicts With : None
Replaces : None
Installed Size : 532.00 K
Packager : Jan de Groot <jgc@archlinux.org>
Architecture : x86_64
Build Date : Sun 30 Nov 2008 11:48:52 AM EST
Install Date : Wed 03 Dec 2008 11:35:27 AM EST
Install Reason : Installed as a dependency for another package
Install Script : No
Description : A framework for defining and tracking users, login sessions,
and seats

Anyway, my ck-list-sessions is as follows:
$ ck-list-sessions
Session1:
unix-user = '1000'
realname = ',,,'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2008-12-08T04:21:26.905733Z'
login-session-id = ''

my .xinitrc file:
$ cat .xinitrc
#! bin/bash

numlockx &
sh ~/.fehbg &
touch .Xauthority
pypanel &

#exec startxfce4
#exec startlxde
exec ck-launch-session openbox-session

polkit:
$ polkit-action --action org.freedesktop.hal.storage.mount-removable
action_id: org.freedesktop.hal.storage.mount-removable
description: Mount file systems from removable drives.
message: System policy prevents mounting removable media
default_any: no
default_inactive: no
default_active: yes


Rset does nothing

Anything else you want me to look into?

I should add this isn't just for usb drives, I can't mount seperate partitions where I have back-up's located either.

Partition and usb devices are all working as `mount` works just fine.

ok, newest hal works now for me. i have had to add some more lines to /etc/PolicyKit/PolicyKit.conf :
lines:
<match action="org.freedesktop.hal.storage.mount-removable">
<return result="yes" />
</match>
<match action="org.freedesktop.hal.storage.eject-removable">
<return result="yes" />
</match>

and now i am able to mount and eject removable drives.

That's not the intention of using policykit with hal. With this configuration file, everyone can mount removable volumes.

indeed. but it does not work policy-like for normal users otherwise...

Does polkit-action --show-overrides output anything on your system?

[damir@Apollon ~]$ polkit-action --show-overrides
[damir@Apollon ~]$

no

Does polkit-action --show-overrides output anything on your system? <-- NO

Any progress getting this working when starting X sessions from slim? I'm willing to help out if needed.

This issue is still not resolved for me at all. But it doesn't look like there will be a solution anytime soon.

Still doesn't really work for me. Don't have any USB sticks available at the moment, so maybe they work again, but mounting internal media suffers a fate similar to that of mounting removable drives before the hacks suggested earlier in this article. I shouldn't have to add special permissions to PolicyKit.conf for each and every action I want to permit on my machine. If we must use PolicyKit, then we should be able to do so without such unnecessary hassle, and even changing PolicyKit.conf doesn't appear to work right away (might necessitate a new session, for instance (or just not work at all)).

This is really disappointing and the first major frustration I've had with Arch in the three years that I've been using it. Anyone have a good workaround that will allow me to mount and use things that I want to use without having to look up the HAL actions and add to PolicyKit, destroy session and/or reboot each time, and hope it works? This is terrible and sad. : (

fixed for kdm.

I was unable to mount any of my internal drives using hal (mix of ntfs and hfs), I had to add these lines to PolicyKit.conf

<match action="org.freedesktop.hal.storage.mount-fixed">
<return result="yes"/>
</match>

<match action="hal-storage-mount-fixed-extra-options">
<return result="yes"/>
</match>

<match action="hal-storage-mount-removable-extra-options">
<return result="yes"/>
</match>

The hal-storage-mount-*-extra-options actions aren't likely to stick around for long but I thought I would document what I needed to do in case someone else stumbles across this bug report with the same problems.

I can also confim by adding this to the /etc/Policykit/Policykit.conf worked for me:

<match action="org.freedesktop.hal.storage.mount-removable">
<return result="yes" />
</match>
<match action="org.freedesktop.hal.storage.eject-removable">
<return result="yes" />
</match>

with this workaround
http://bugs.archlinux.org/task/13163?string=hal&project=1&search_name=&type[0]=&sev[0]=&pri[0]=&due[0]=&reported[0]=&cat[0]=&status[0]=open&percent[0]=&opened=&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=&closedto=

Please, have a look a this solution:
http://bbs.archlinux.org/viewtopic.php?id=65070