Bug 1026038

Summary: Powerdevil asks aboutorg.kde.powerdevil.discretegpuhelper.hasdualgpu permissions on every login
Product: [openSUSE] openSUSE Tumbleweed Reporter: Christian Boltz <suse-beta>
Component: KDE Workspace (Plasma)Assignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: fabian, krahmer
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 13.2   
Whiteboard:
Found By: Beta-Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Christian Boltz 2017-02-19 10:47:28 UTC 
Since my last tumbleweed update, I get a request for the root password on every KDE login. (Unfortunately this update included the last 10 snapshots to make debugging more interesting.)

This request is saying (first line translated back from german):

    Can't check for discrete GPU because of a system policy
    $default_text
    $root_password_input_field

    Application:                # empty
    Action:             Check existence of discrete gpu
    Manufacturer:       KDE
    polkit.subject-pid: 8650
    polkit.caller.pid:  8836

The requested permission is org.kde.powerdevil.discretegpuhelper.hasdualgpu


Note: In case it's relevant - I'm using PERMISSION_SECURITY="secure local" in /etc/sysconfig/security.
Comment 1 Fabian Vogt 2017-04-16 11:35:03 UTC 
powerdeveil 5.9 gained support for detecting presence of a dual gpu configuration and queries the information on startup, so it's intentional.
Comment 2 Christian Boltz 2017-04-16 19:12:11 UTC 
Marcus, can you please change /etc/polkit-default-privs.restrictive to avoid this root password request on every KDE login?
Comment 3 Marcus Meissner 2017-04-16 20:11:34 UTC 
see bug 1019644
Comment 4 Marcus Meissner 2017-04-16 20:12:56 UTC 
wrong bug. sigh.
Comment 5 Marcus Meissner 2017-04-16 20:14:46 UTC 
bug 1019748
Comment 6 Sebastian Krahmer 2017-04-18 09:00:44 UTC 
changed to "no:no:yes" in the polkit git.
Is that sufficient?
Comment 7 Christian Boltz 2017-04-18 16:33:34 UTC 
I tested this (via /etc/polkit-default-privs.local) and no longer get a password request on login :-)

However, I wonder if the two "no" make sense or if you should use "auth_admin_keep" like the current /etc/polkit-default-privs.restrictive does. (I'm not an expert for PolicyKit, so I'll let you decide.)
Comment 8 Sebastian Krahmer 2017-04-19 13:43:50 UTC 
Indeed, there are some logical inconsitencies in some using auth_admin and
some use "no". For reference, I took it from here:

https://bugzilla.suse.com/show_bug.cgi?id=1019748#c18

For desktop sessions it should make no difference, as only
logged in users apparenly invoke it. And only for desktop sessions
this DBUS function is called. If there are problems with it
in future, feel free to reopen it.

Otherwise, closing as fixed.
Comment 9 Bernhard Wiedemann 2017-05-03 12:00:54 UTC 
This is an autogenerated message for OBS integration:
This bug (1026038) was mentioned in
https://build.opensuse.org/request/show/492617 Factory / polkit-default-privs
Comment 10 Ludwig Nussel 2017-05-08 08:36:13 UTC 
I find the amount of 'yes' settings in the restrictive level worrysome