I caused myself a few hours of frustration today. I installed a new instance of Manjaro today, and it applied some Lynis security suggestions that I didn’t fully realise the impact of.
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
When I went to run pamac to install Visual Studio Code it complained and failed to install, with the error above. After many trawls through possible solutions, I came across this:
It’s for Centos, but it gave me the clue I need. I remounted proc
and restarted polkit
using:
sudo mount -o remount,rw,hidepid=2,gid=proc /proc
sudo systemctl restart polkit
Then retried pamac
and success.
Looking at the Lynis suggestion: [File-6344], the fix I used was this:
- name: Set /proc hidepid=2
lineinfile:
path: /etc/fstab
regexp: '^proc\s+'
line: "proc /proc proc defaults,hidepid=2 0 0"
state: present
notify:
- reboot
I added another block to handle Manjaro/Arch
- name: Set /proc hidepid=2 (Manjaro)
lineinfile:
path: /etc/fstab
regexp: '^proc\s+'
line: "proc /proc proc defaults,hidepid=2,gid=proc 0 0"
state: present
notify:
- reboot
when: ansible_distribution == 'Archlinux'
By default, there is no proc
entry in fstab
– removing it actually solves the problem, but doesn’t answer the security issue. Adding the gid=proc
solves both.