[systemd-devel] Has anyone written equiv of ck-xinit-session for logind?

[Lennart Poettering]

On Tue, 28.02.12 00:52, Colin Guthrie (gmane at colin.guthr.ie) wrote:

> Hi,
> 
> I'm getting bug reports about startx not registering user sessions under
> systemd.
> 
> With console-kit, ck-xinit-session did the job and I was hoping someone
> (Fred - maybe you've done it on SuSE?) had written the equiv for logind?
> 
> Figured it's worth asking :)

There is no such tool afaik. We don't really support this on Fedora, and
so far the requests for this have been very minimal. My recommendation
would be to somehow patch your display manager to manage your screen
only on request, rather then trying to avoid a display manager at all.

There's a fundamental contradiction in creating "forked off" sessions like
this: the whole audit system is written in a way that session ids can
only change from "unset" to "set" but not from "set" to "set to
something else". While this is previously has not been enforced by the
kernel, we will now enforce this starting with F17 (and presumably other
distros will follow suit). But that means that (audit) session
assignment is entirely sealed for processes, and creating another
session out of an existing one simply cannot work.

Which basically means you always have to spawn the session from a
pristine, priviliged, non-session service, which is why I recommend
improving a display manager to make this work, and avoid startx.

It's probably sufficient to make gdm bus-activatable (by dropping in a
dbus .service file for it). With that in place you don't have to start
it all the time, but can still activate it easily dynamically by
invoking "gdmflexiserver" as root. With a bit of additional work you
should be able to write a tiny SUID tool that uses this and logs in the
calling user automatically.

Summary: ck-xinit-session is borked, and should not be used. Instead,
use a display manager, and make it activatable if you don't want to run
it all the time.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.