Factory-reset-tools: "polkit" autoconnect request

I would like to request an additional “polkit” autoconnect for “factory-reset-tools”, which is a utility for Ubuntu-preinstalled PCs to build USB reset media and reboot into Factory Reset or UEFI firmware setup.

This feature is added in order to protect from unwanted reboot into factory reset partition or UEFI firmware setup from any non-admin account.

However, “polkit” interface does not provide one dbus interface access we want in order to authenticate in tty without sudo. I have a separate discussion here: Polkit interface and pkttyagent in snap

This does not change the fact that we need “polkit” interface to be autoconnected as it can still guard unauthenticated, or non-sudo calls to such function.

The pull request for such feature is here: WIP: reset-tools: add permission check based on polkit by medicalwei · Pull Request #803 · canonical/ubuntu-desktop-provision · GitHub

Given you description, auto-connect of polkit for factory-reset-tools fits the purpose of the snap. +1 from me

+1 from me too. I notice the PR has not been merged yet - to grant this the action-prefix needs to be encoded in the snap store declaration - can you confirm if this will be the one mentioned in the PR? Thanks.

This PR has been merged, however, the action-prefix is not encoded in the name of the interface. (if you mean I need to use polkit-com-canonical-oem-factoryresettools as interface name)

I need to file another PR to change that.

The PR that renames the plug into polkit-com-canonical-oem-factory-reset-tools is here:

+2 for, 0 against Granting “polkit” auto-connection to this snap. This is now live

thanks

1 Like