ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE

David Zeuthen zeuthen at
Thu Jul 22 06:39:29 PDT 2010


On Thu, Jul 22, 2010 at 7:58 AM, Julian Thomé <frostisch at> wrote:
> Hello mailing list,
> i have a question about the interaction between HAL, ConsoleKit,
> PolicyKit and the environment variable XDG_SESSION_COOKIE.
> As described in the documentation of ConsoleKit, the session-leader(gdm,
> kdm) asks the ConsoleKit Daemon to open a new session. The ConsoleKit
> Daemon returns the secret cookie to the session-leader.
> The Console-Kit Daemon also determine which session is currently active
> and can take control of the hardware of the Seat.
> Can someone please summarize what happens if i plug-in an usb device in
> a user-session (interaction between ConsoleKit, HAL, PolicyKit) and what
> role the XDG_SESSION_COOKIE plays in this case.

The value of the XDG_SESSION_COOKIE environment variable is used to
determine what CK session a given process belongs it. Given the
session you can get information such as is_active (is the session
currently being displayed on the seat it belongs to?) and is_local (is
the seat the session belongs to considered local or remote) and this
can be used to make authorization decisions. In particular, PolicyKit
relies on ConsoleKit for authorization decisions.

The whole thing is best explained in slide 25 of this presentation
(you want to read most of the thing to get the context)

Any privileged mechanism can user PolicyKit to make authorization
decisions. And these days PolicyKit is used in most of the modern
Linux desktop to do just that (try running pkaction(1) on modern
distro like F13 to see what I'm talking about).

Hope this helps.


More information about the dbus mailing list