Hi Khem, the owner/permission change is from the following commit in meta-oe:
commit 6da0fd21c900e32a0693a6b27d38182f19c8c76c Author: Luca Boccassi bl...@debian.org<mailto:bl...@debian.org> Date: Mon Aug 12 12:15:40 2024 +0100 polkit: stop overriding DAC on /usr/share/polkit-1/rules.d This is no longer required by upstream for data in /usr/, as it ships in packages so there's no point hiding its content. Still required for /etc/ as that's for local modifications. So either other recipes (e.g., systemd) adapt to this change, or we revert this change. Regards, Qi From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Khem Raj Sent: Thursday, August 29, 2024 9:46 AM To: wan...@fujitsu.com Cc: Alexander Kanavin <alex.kana...@gmail.com>; openembedded-core@lists.openembedded.org Subject: Re: [PATCH] [OE-core] [PATCH] systemd: use update-alternatives to solve conflicts with polkit On Wed, Aug 28, 2024 at 6:22 PM wangmy via lists.openembedded.org<https://urldefense.com/v3/__http:/lists.openembedded.org__;!!AjveYdw8EvQ!bnEcUpbumHuTlZhWSalUVRI5pENjFzvB8Dyo_0Apcb-ZwHemDqMVurWfDumRGTuJgEI3jeBx76OPe_C8xDKFuw$> <wangmy=fujitsu....@lists.openembedded.org<mailto:fujitsu....@lists.openembedded.org>> wrote: | Are you using package_rpm and dnf to compose the image? Yes. I checked the permission of rules.d, they are different: systemd: %attr(700,polkitd,root) %dir "/usr/share/polkit-1/rules.d" polkit: %attr(755,root,root) %dir "/usr/share/polkit-1/rules.d" If the permission need to be unified, which one should be unified into? Stricter is better so 700 seems good from security pov but we need to ensure it works with polkit -- Best Regards --------------------------------------------------- Wang Mingyu FUJITSU NANJING SOFTWARE TECHNOLOGY CO., LTD. (FNST) No.6 Wenzhu Road, Nanjing, 210012, Chi<https://urldefense.com/v3/__https:/www.google.com/maps/search/6*Wenzhu*Road,*Nanjing,*210012,*Chi?entry=gmail&source=g__;KysrKys!!AjveYdw8EvQ!bnEcUpbumHuTlZhWSalUVRI5pENjFzvB8Dyo_0Apcb-ZwHemDqMVurWfDumRGTuJgEI3jeBx76OPe_BzmA8PRQ$>na TEL:+86+25-86630566--8568 COINS: 79988548 FAX: +86+25-83317685 MAIL: wan...@fujitsu.com<mailto:wan...@fujitsu.com> > -----Original Message----- > From: Alexander Kanavin > <alex.kana...@gmail.com<mailto:alex.kana...@gmail.com>> > Sent: Wednesday, August 28, 2024 5:15 PM > To: Wang, Mingyu/王 鸣瑜 <wan...@fujitsu.com<mailto:wan...@fujitsu.com>> > Cc: > openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org> > Subject: Re: [PATCH] [OE-core] [PATCH] systemd: use update-alternatives to > solve conflicts with polkit > > On Wed, 28 Aug 2024 at 11:04, Mingyu Wang (Fujitsu) > <wan...@fujitsu.com<mailto:wan...@fujitsu.com>> > wrote: > > > > The name of /usr/share/polkit-1/rules.d are the same, but the files > > contained > in the path are different. > > What methods can be chosen to solve this problem in this situation? > > Are you using package_rpm and dnf to compose the image? If so, you can look at > the spec files used to produce the packages in ${WORKDIR} of systemd and > polkit to see how /usr/share/polkit-1/rules.d is specified in both. It might > be that > permissions or ownership are different and dnf can't resolve that. > > Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203900): https://lists.openembedded.org/g/openembedded-core/message/203900 Mute This Topic: https://lists.openembedded.org/mt/108138529/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
