Package: pcscd
Version: 2.2.3-1
Severity: normal
Today I've rebooted my unattended-upgrades-enabled sid laptop after a
long time (almost 70 days) and discovered I could not access my smart
cards anymore.
from syslog:
pcscd: ../src/auth.c:145:IsClientAuthorized() Process 31413 (user: 1000) is NOT
authorized for action: access_pcsc
pcscd: ../src/winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC
client
I had to add a polkit rule in order to allow my unprivileged self to use
the cards:
> sudo cat /etc/polkit-1/rules.d/40-allow-pcscd.rules
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("plugdev")
&& (
action.id === "org.debian.pcsc-lite.access_pcsc"
|| action.id === "org.debian.pcsc-lite.access_card"
)
) {
return polkit.Result.YES;
}
return polkit.Result.NOT_HANDLED;
});
Given the long time since the previous reboot, I don't know when the
problem has started or where it has originated.
Maybe pcscd has started being linked against polkit only recently? If
this is the case, I suggest shipping with the package a polkit rule
similar to the one above and adding a NEWS entry to warn the users. This
would particularly benefit users that depend on the smart card for
logging in.
Thanks,
Gian Piero.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.9.12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: OpenRC (via /run/openrc), PID 1: init
LSM: AppArmor: enabled
Versions of packages pcscd depends on:
ii libc6 2.39-6
ii libccid [pcsc-ifd-handler] 1.6.1-1
ii libglib2.0-0t64 2.80.4-1
ii libpcsclite1 2.2.3-1
ii libpolkit-gobject-1-0 124-3
ii libsystemd0 256.4-2
ii libudev1 256.4-2
pcscd recommends no packages.
Versions of packages pcscd suggests:
pn systemd <none>
-- no debconf information
