From: ludo@gnu.org (Ludovic Courtès)
To: Chris Marusich <cmmarusich@gmail.com>
Cc: rennes@openmailbox.org, help-guix@gnu.org
Subject: Re: Network Manager Service
Date: Mon, 21 Nov 2016 14:53:02 +0100 [thread overview]
Message-ID: <87y40dvt1d.fsf@gnu.org> (raw)
In-Reply-To: <874m31xijr.fsf@gmail.com> (Chris Marusich's message of "Mon, 21 Nov 2016 01:56:40 -0800")
[-- Attachment #1: Type: text/plain, Size: 784 bytes --]
Chris Marusich <cmmarusich@gmail.com> skribis:
> I found NetworkManager errors like the following in /var/log/messages,
> which seems suspicious:
>
> error poking ModemManager: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.ModemManager1 was not provided by any .service files
> error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Authorization check failed: Action org.freedesktop.NetworkManager.checkpoint-rollback is not registered
> error requesting auth for org.freedesktop.NetworkManager.enable-disable-network: Authorization check failed: Action org.freedesktop.NetworkManager.enable-disable-network is not registered
Looks like we’re missing polkit “actions”, which the attached patch may
solve:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 10334 bytes --]
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 876f56d..26390a4 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -21,7 +21,9 @@
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
+ #:use-module (gnu system pam)
#:use-module ((gnu packages glib) #:select (dbus))
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages admin)
#:use-module (guix gexp)
#:use-module (guix records)
@@ -30,7 +32,10 @@
#:export (dbus-configuration
dbus-configuration?
dbus-root-service-type
- dbus-service))
+ dbus-service
+
+ polkit-service-type
+ polkit-service))
;;;
;;; D-Bus.
@@ -218,4 +223,91 @@ and policy files. For example, to allow avahi-daemon to use the system bus,
(dbus-configuration (dbus dbus)
(services services))))
+\f
+;;;
+;;; Polkit privilege management service.
+;;;
+
+(define-record-type* <polkit-configuration>
+ polkit-configuration make-polkit-configuration
+ polkit-configuration?
+ (polkit polkit-configuration-polkit ;<package>
+ (default polkit))
+ (actions polkit-configuration-actions ;list of <package>
+ (default '())))
+
+(define %polkit-accounts
+ (list (user-group (name "polkitd") (system? #t))
+ (user-account
+ (name "polkitd")
+ (group "polkitd")
+ (system? #t)
+ (comment "Polkit daemon user")
+ (home-directory "/var/empty")
+ (shell "/run/current-system/profile/sbin/nologin"))))
+
+(define %polkit-pam-services
+ (list (unix-pam-service "polkit-1")))
+
+(define (polkit-directory packages)
+ "Return a directory containing an @file{actions} and possibly a
+@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}."
+ (with-imported-modules '((guix build union))
+ (computed-file "etc-polkit-1"
+ #~(begin
+ (use-modules (guix build union) (srfi srfi-26))
+
+ (union-build #$output
+ (map (cut string-append <>
+ "/share/polkit-1")
+ (list #$@packages)))))))
+
+(define polkit-etc-files
+ (match-lambda
+ (($ <polkit-configuration> polkit packages)
+ `(("polkit-1" ,(polkit-directory (cons polkit packages)))))))
+
+(define polkit-setuid-programs
+ (match-lambda
+ (($ <polkit-configuration> polkit)
+ (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1")
+ (file-append polkit "/bin/pkexec")))))
+
+(define polkit-service-type
+ (service-type (name 'polkit)
+ (extensions
+ (list (service-extension account-service-type
+ (const %polkit-accounts))
+ (service-extension pam-root-service-type
+ (const %polkit-pam-services))
+ (service-extension dbus-root-service-type
+ (compose
+ list
+ polkit-configuration-polkit))
+ (service-extension etc-service-type
+ polkit-etc-files)
+ (service-extension setuid-program-service-type
+ polkit-setuid-programs)))
+
+ ;; Extensions are lists of packages that provide polkit rules
+ ;; or actions under share/polkit-1/{actions,rules.d}.
+ (compose concatenate)
+ (extend (lambda (config actions)
+ (polkit-configuration
+ (inherit config)
+ (actions
+ (append (polkit-configuration-actions config)
+ actions)))))))
+
+(define* (polkit-service #:key (polkit polkit))
+ "Return a service that runs the
+@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
+management service}, which allows system administrators to grant access to
+privileged operations in a structured way. By querying the Polkit service, a
+privileged system component can know when it should grant additional
+capabilities to ordinary users. For example, an ordinary user can be granted
+the capability to suspend the system if the user is logged in locally."
+ (service polkit-service-type
+ (polkit-configuration (polkit polkit))))
+
;;; dbus.scm ends here
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index dfd1ea6..7555780 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -37,7 +37,6 @@
#:use-module (gnu packages gnome)
#:use-module (gnu packages xfce)
#:use-module (gnu packages avahi)
- #:use-module (gnu packages polkit)
#:use-module (gnu packages xdisorg)
#:use-module (gnu packages suckless)
#:use-module (gnu packages linux)
@@ -68,11 +67,6 @@
bluetooth-service
- polkit-configuration
- polkit-configuration?
- polkit-service
- polkit-service-type
-
elogind-configuration
elogind-configuration?
elogind-service
@@ -415,93 +409,6 @@ Users need to be in the @code{lp} group to access the D-Bus service.
\f
;;;
-;;; Polkit privilege management service.
-;;;
-
-(define-record-type* <polkit-configuration>
- polkit-configuration make-polkit-configuration
- polkit-configuration?
- (polkit polkit-configuration-polkit ;<package>
- (default polkit))
- (actions polkit-configuration-actions ;list of <package>
- (default '())))
-
-(define %polkit-accounts
- (list (user-group (name "polkitd") (system? #t))
- (user-account
- (name "polkitd")
- (group "polkitd")
- (system? #t)
- (comment "Polkit daemon user")
- (home-directory "/var/empty")
- (shell "/run/current-system/profile/sbin/nologin"))))
-
-(define %polkit-pam-services
- (list (unix-pam-service "polkit-1")))
-
-(define (polkit-directory packages)
- "Return a directory containing an @file{actions} and possibly a
-@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}."
- (with-imported-modules '((guix build union))
- (computed-file "etc-polkit-1"
- #~(begin
- (use-modules (guix build union) (srfi srfi-26))
-
- (union-build #$output
- (map (cut string-append <>
- "/share/polkit-1")
- (list #$@packages)))))))
-
-(define polkit-etc-files
- (match-lambda
- (($ <polkit-configuration> polkit packages)
- `(("polkit-1" ,(polkit-directory (cons polkit packages)))))))
-
-(define polkit-setuid-programs
- (match-lambda
- (($ <polkit-configuration> polkit)
- (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1")
- (file-append polkit "/bin/pkexec")))))
-
-(define polkit-service-type
- (service-type (name 'polkit)
- (extensions
- (list (service-extension account-service-type
- (const %polkit-accounts))
- (service-extension pam-root-service-type
- (const %polkit-pam-services))
- (service-extension dbus-root-service-type
- (compose
- list
- polkit-configuration-polkit))
- (service-extension etc-service-type
- polkit-etc-files)
- (service-extension setuid-program-service-type
- polkit-setuid-programs)))
-
- ;; Extensions are lists of packages that provide polkit rules
- ;; or actions under share/polkit-1/{actions,rules.d}.
- (compose concatenate)
- (extend (lambda (config actions)
- (polkit-configuration
- (inherit config)
- (actions
- (append (polkit-configuration-actions config)
- actions)))))))
-
-(define* (polkit-service #:key (polkit polkit))
- "Return a service that runs the
-@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
-management service}, which allows system administrators to grant access to
-privileged operations in a structured way. By querying the Polkit service, a
-privileged system component can know when it should grant additional
-capabilities to ordinary users. For example, an ordinary user can be granted
-the capability to suspend the system if the user is logged in locally."
- (service polkit-service-type
- (polkit-configuration (polkit polkit))))
-
-\f
-;;;
;;; Colord D-Bus service.
;;;
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 5a83240..9454d0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -23,6 +23,7 @@
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu services dbus)
+ #:use-module (gnu services desktop) ;polkit-service-type
#:use-module (gnu system shadow)
#:use-module (gnu system pam)
#:use-module (gnu packages admin)
@@ -695,6 +696,7 @@ and @command{wicd-curses} user interfaces."
(list (service-extension shepherd-root-service-type
network-manager-shepherd-service)
(service-extension dbus-root-service-type list)
+ (service-extension polkit-service-type list)
(service-extension activation-service-type
(const %network-manager-activation))
;; Add network-manager to the system profile.
[-- Attachment #3: Type: text/plain, Size: 203 bytes --]
Could you try and report back?
(The patch is a one-liner but it moves polkit to dbus.scm to avoid a
circular dependency between networking.scm and desktop.scm.)
Thanks for testing!
Ludo’.
next prev parent reply other threads:[~2016-11-21 13:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-21 3:18 Network Manager Service rennes
2016-11-21 8:44 ` Ludovic Courtès
2016-11-21 9:56 ` Chris Marusich
2016-11-21 11:13 ` ng0
2016-11-21 13:53 ` Ludovic Courtès [this message]
2016-11-23 4:55 ` rennes
2016-11-23 9:09 ` Ludovic Courtès
2016-11-24 2:15 ` rennes
2016-11-24 5:52 ` Chris Marusich
2016-11-24 21:02 ` Ludovic Courtès
2016-11-27 0:23 ` rennes
2016-11-27 20:42 ` Ludovic Courtès
2016-12-01 10:53 ` rennes
2016-12-01 12:06 ` Chris Marusich
2016-12-01 12:30 ` rennes
2016-12-08 14:41 ` Ludovic Courtès
2016-12-08 15:04 ` rennes
2016-12-08 15:25 ` Marius Bakke
2016-12-08 22:34 ` Ludovic Courtès
2016-12-09 6:55 ` Chris Marusich
2016-12-11 0:25 ` Chris Marusich
2016-12-11 22:02 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y40dvt1d.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=cmmarusich@gmail.com \
--cc=help-guix@gnu.org \
--cc=rennes@openmailbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.