How to grant permission to tainted device
Jim Carter
jimc at math.ucla.edu
Wed Jan 7 22:01:25 PST 2009
On Tue, 6 Jan 2009, Kay Sievers wrote:
> No idea about the "right way". :) But you should be able to port the
> resmgr stuff to /etc/ConsoleKit/run-session.d/.
Thank you! A search on Google didn't reveal what environment variables I
could use (or any docs mentioning /etc/ConsoleKit/run-session.d), so I
dropped in a script that did "printenv > /tmp/ck-envir", and discovered
CK_SESSION_USER_UID and CK_SESSION_X11_DISPLAY (to bypass the script on
XDMCP sessions, on the shared execution servers at work). Now the
ownership of the device is being set properly. I decided not to mess with
setfacl because if the permission ever didn't get withdrawn, e.g. if the
machine crashed, it would persist forever.
I noticed an odd behavior: the script is run once with an arg of
session_added, then session_removed, then session_added again. The session
proceeds, the user logs out, and the script is run with session_removed.
So it all works, but there's that peculiar preliminary pair of executions.
I'm running wdm (the reason I'm not using gdm or kdm is kind of a long
story involving MythTV), and as far as I can tell, wdm is not seat-aware.
It uses PAM for authentication, and pam_ck_connector.so is executed. I've
hacked startup scripts to do "exec ck-launch-session dbus-launch
--exit-with-session startxfce" or the equivalent for starting mythfrontend.
Maybe the initial pair of session_added/removed has something to do with
pam_ck_connector.so.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc at math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
More information about the polkit-devel
mailing list