Related Suspend bug (and fix) "Desktop unable to Suspend when Inactive Edit" bug #1757375
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1757266 Title: /etc/polkit-1/localauthority.conf.d/ parsed in wrong order? Status in policykit-1 package in Ubuntu: New Bug description: On 16.04 and using the Xubuntu session (this isn't limited to XFCE) I noticed that my notebook fails to suspend via power-management when the idle timeout expires. When returning to it, if it still has power, I see a polkit-agent GUI dialog asking me to authenticate. In /var/log/auth.log is: polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.login1.suspend for system-bus-name::1.47 [xfce4-power- manager --restart --sm-client-id 2992705d4-6fa2-4fba-966c- f7631ecd0b46] (owned by unix-user:tj) So I started digging: # inactive sleep is enabled $ xfconf-query -c xfce4-power-manager -lv | grep inactivity /xfce4-power-manager/inactivity-on-ac 14 /xfce4-power-manager/inactivity-on-battery 15 /xfce4-power-manager/inactivity-sleep-mode-on-battery 1 $ awk '/login1\.suspend"/ {E=1;print} /defaults/ && E == 1 {E++} E > 1 {print} /<\/action>/ && E > 1 {exit}' /usr/share/polkit-1/actions/org.freedesktop.login1.policy <action id="org.freedesktop.login1.suspend"> <defaults> <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>yes</allow_active> </defaults> </action> # member of sudo and adm $ groups tj adm dialout cdrom sudo dip plugdev lpadmin sambashare sbuild lxd libvirtd two_factor_auth $ sudo find /etc/polkit-1/ -type f -exec sh -c 'echo === {} ===; cat {}' \; | egrep -v '^(#|$)' === /etc/polkit-1/localauthority/50-local.d/com.ubuntu.desktop.pkla === [Enable hibernate by default in upower] Identity=unix-user:* Action=org.freedesktop.upower.hibernate ResultActive=yes ResultInactive=yes [Enable hibernate by default in logind] Identity=unix-user:* Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions;org.freedesktop.login1.hibernate-ignore-inhibit ResultActive=yes ResultInactive=yes === /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf === [Configuration] Priority=-10 === /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf === [Configuration] AdminIdentities=unix-group:sudo;unix-group:admin === /etc/polkit-1/localauthority.conf.d/50-localauthority.conf === [Configuration] AdminIdentities=unix-user:0 ubuntu-admin.conf policy sets AdminIdentities to include group 'sudo' but seems to be ignored "man 8 pklocalauthority" states that these files are parsed in C locale lexical order, and gives examples of "...given the name 60 -desktop-policy.conf to ensure that it is evaluted after the 50-localauthority.conf file shipped with PolicyKit." However: $ sudo inotifywait -r -m /etc/polkit-1/localauthority.conf.d Setting up watches. Beware: since -r was given, this may take a while! Watches established. /etc/polkit-1/localauthority.conf.d/ OPEN,ISDIR /etc/polkit-1/localauthority.conf.d/ ACCESS,ISDIR /etc/polkit-1/localauthority.conf.d/ ACCESS,ISDIR /etc/polkit-1/localauthority.conf.d/ CLOSE_NOWRITE,CLOSE,ISDIR /etc/polkit-1/localauthority.conf.d/ OPEN 51-ubuntu-admin.conf /etc/polkit-1/localauthority.conf.d/ ACCESS 51-ubuntu-admin.conf /etc/polkit-1/localauthority.conf.d/ CLOSE_NOWRITE,CLOSE 51-ubuntu-admin.conf /etc/polkit-1/localauthority.conf.d/ OPEN 50-localauthority.conf /etc/polkit-1/localauthority.conf.d/ ACCESS 50-localauthority.conf /etc/polkit-1/localauthority.conf.d/ CLOSE_NOWRITE,CLOSE 50-localauthority.conf This seems to show that the sort order might be high-low not low-high (unless they're sorted once in memory). In view of the fact that ubuntu-admin.conf appears to be ignored I suspect 50-localauthority.conf is replacing the ubuntu conf with the default: AdminIdentities=unix-group:sudo;unix-group:admin AdminIdentities=unix-user:0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1757266/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
