/usr/share/polkit-1/actions/org.debian.pcsc-lite.policyOn Thu, Oct 8, 2020 at 11:06 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > > Hi, > > this is a topic since a lot of time and it's still hits the user in it's > face for no reason. > > Found: while presenting Fedora 33 changes to an audience and > screenrecording with wayland isn't working yet :( > > Tested on Fedora 33 liveimage: > > su > dnf install xrdp -y > adduser -s /bin/bash -d /home/rdptest rdptest > passwd rdptest > systemctl start xrdp > > ## different pc ## > > Start Remmina or XFreeRDP to connect to your running liveimage. > > You get a fucking uncloseable requester once the gnome session is open, > that you need to enter a password for the LIVEUSER with to buttons > without any function. It's not possible to get rid of it by using either > one of the buttons nor a windowclose. I do not have two systems to reproduce, but it seems that something tries to access the smart cards while you connect and polkit makes this popup. You can fix it by disabling the popup at all (/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy), or better, identify what tried to access the smart cards. Running pcscd with debug output may help. To do that disable pcscd (systemctl stop and disable), and then try running it in the foreground: sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu --color | tee log.txt > Only Solution: dnf erase pcsc* > > Because: stopping that service does not stop the requester from popping > up, as the daemon gets restarted via a socket. Yes, the idea is for it to be enabled only when some service asks for smart card access. I wonder however what is there that requests that access. > Now what really makes it so anoying: there is no smartcard reader in the > hw. There are two access control levels, access the pcsc daemon, and access specific cards. Currently according to the pcsc-lite.policy we ship we require authentication to access either when connecting remotely. I wonder whether it makes sense to tweak these settings. Could you try playing with the policy and see whether there are options that could remove this popup? If you allow access to the daemon from remote sessions do you still get the popup? regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
