pcsc-lite and polkit rules in openSUSE 13.2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

pcsc-lite and polkit rules in openSUSE 13.2

Michael Ströder
HI!

After upgrading to openSUSE 13.2 accessing my USB CCID card reader though
pcscd does not work anymore. Seems that polkit rules are needed for this new
pcscd version (access as root does work).

After doing some reading I've tried to create file
/usr/share/polkit-1/rules.d/org.debian.pcsc-lite.packagekit.rules (see below)
but it does not work.

Any clue?

Ciao, Michael.

----------------- snip -----------------
polkit.addRule(function(action, subject) {
    if (
                        action.id == "org.debian.pcsc-lite.access_pcsc" &&
                        subject.active == true &&
                        subject.local == true &&
                        subject.isInGroup("scard")
    )
                {
                        return polkit.Result.YES;
                }
});

polkit.addRule(function(action, subject) {
    if (
                        action.id == "org.debian.pcsc-lite.access_card" &&
                        subject.active == true &&
                        subject.local == true &&
                        subject.isInGroup("scard")
        )
                {
                        return polkit.Result.YES;
                }
});


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pcsc-lite and polkit rules in openSUSE 13.2

Marcus Meissner
Hi,

we have a request on relaxing the policykit rules already,
so this is probably not nceessary.

Ciao, Marcus
On Wed, Nov 05, 2014 at 05:16:56PM +0100, Michael Ströder wrote:

> HI!
>
> After upgrading to openSUSE 13.2 accessing my USB CCID card reader though
> pcscd does not work anymore. Seems that polkit rules are needed for this new
> pcscd version (access as root does work).
>
> After doing some reading I've tried to create file
> /usr/share/polkit-1/rules.d/org.debian.pcsc-lite.packagekit.rules (see below)
> but it does not work.
>
> Any clue?
>
> Ciao, Michael.
>
> ----------------- snip -----------------
> polkit.addRule(function(action, subject) {
>     if (
> action.id == "org.debian.pcsc-lite.access_pcsc" &&
> subject.active == true &&
> subject.local == true &&
> subject.isInGroup("scard")
>     )
> {
> return polkit.Result.YES;
> }
> });
>
> polkit.addRule(function(action, subject) {
>     if (
> action.id == "org.debian.pcsc-lite.access_card" &&
> subject.active == true &&
> subject.local == true &&
> subject.isInGroup("scard")
> )
> {
> return polkit.Result.YES;
> }
> });
>


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: ***UNCHECKED*** Re: [opensuse-security] pcsc-lite and polkit rules in openSUSE 13.2

Michael Ströder
Marcus Meissner wrote:
> we have a request on relaxing the policykit rules already,
> so this is probably not nceessary.

Are you talking about this issue?

http://bugzilla.opensuse.org/show_bug.cgi?id=900115

Unfortunately I cannot read it. Could you please elaborate on how it is going
to be relaxed? I need it now.

Ciao, Michael.

> On Wed, Nov 05, 2014 at 05:16:56PM +0100, Michael Ströder wrote:
>> HI!
>>
>> After upgrading to openSUSE 13.2 accessing my USB CCID card reader though
>> pcscd does not work anymore. Seems that polkit rules are needed for this new
>> pcscd version (access as root does work).
>>
>> After doing some reading I've tried to create file
>> /usr/share/polkit-1/rules.d/org.debian.pcsc-lite.packagekit.rules (see below)
>> but it does not work.
>>
>> Any clue?
>>
>> Ciao, Michael.
>>
>> ----------------- snip -----------------
>> polkit.addRule(function(action, subject) {
>>     if (
>> action.id == "org.debian.pcsc-lite.access_pcsc" &&
>> subject.active == true &&
>> subject.local == true &&
>> subject.isInGroup("scard")
>>     )
>> {
>> return polkit.Result.YES;
>> }
>> });
>>
>> polkit.addRule(function(action, subject) {
>>     if (
>> action.id == "org.debian.pcsc-lite.access_card" &&
>> subject.active == true &&
>> subject.local == true &&
>> subject.isInGroup("scard")
>> )
>> {
>> return polkit.Result.YES;
>> }
>> });


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ***UNCHECKED*** Re: [opensuse-security] pcsc-lite and polkit rules in openSUSE 13.2

Marcus Meissner
Hi,

the polkit-default-privs update that relaxes the pcsc permissions was released yesterday.

Ciao, Marcus
On Wed, Nov 05, 2014 at 05:49:31PM +0100, Michael Ströder wrote:

> Marcus Meissner wrote:
> > we have a request on relaxing the policykit rules already,
> > so this is probably not nceessary.
>
> Are you talking about this issue?
>
> http://bugzilla.opensuse.org/show_bug.cgi?id=900115
>
> Unfortunately I cannot read it. Could you please elaborate on how it is going
> to be relaxed? I need it now.
>
> Ciao, Michael.
>
> > On Wed, Nov 05, 2014 at 05:16:56PM +0100, Michael Ströder wrote:
> >> HI!
> >>
> >> After upgrading to openSUSE 13.2 accessing my USB CCID card reader though
> >> pcscd does not work anymore. Seems that polkit rules are needed for this new
> >> pcscd version (access as root does work).
> >>
> >> After doing some reading I've tried to create file
> >> /usr/share/polkit-1/rules.d/org.debian.pcsc-lite.packagekit.rules (see below)
> >> but it does not work.
> >>
> >> Any clue?
> >>
> >> Ciao, Michael.
> >>
> >> ----------------- snip -----------------
> >> polkit.addRule(function(action, subject) {
> >>     if (
> >> action.id == "org.debian.pcsc-lite.access_pcsc" &&
> >> subject.active == true &&
> >> subject.local == true &&
> >> subject.isInGroup("scard")
> >>     )
> >> {
> >> return polkit.Result.YES;
> >> }
> >> });
> >>
> >> polkit.addRule(function(action, subject) {
> >>     if (
> >> action.id == "org.debian.pcsc-lite.access_card" &&
> >> subject.active == true &&
> >> subject.local == true &&
> >> subject.isInGroup("scard")
> >> )
> >> {
> >> return polkit.Result.YES;
> >> }
> >> });
>


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]