[systemd-devel] Has anyone written equiv of ck-xinit-session for logind?

Colin Guthrie gmane at colin.guthr.ie
Wed Feb 29 05:59:46 PST 2012


'Twas brillig, and Lennart Poettering at 29/02/12 13:52 did gyre and gimble:
> On Tue, 28.02.12 00:52, Colin Guthrie (gmane at colin.guthr.ie) wrote:
> 
>> Hi,
>>
>> I'm getting bug reports about startx not registering user sessions under
>> systemd.
>>
>> With console-kit, ck-xinit-session did the job and I was hoping someone
>> (Fred - maybe you've done it on SuSE?) had written the equiv for logind?
>>
>> Figured it's worth asking :)
> 
> There is no such tool afaik. We don't really support this on Fedora, and
> so far the requests for this have been very minimal. My recommendation
> would be to somehow patch your display manager to manage your screen
> only on request, rather then trying to avoid a display manager at all.
> 
> There's a fundamental contradiction in creating "forked off" sessions like
> this: the whole audit system is written in a way that session ids can
> only change from "unset" to "set" but not from "set" to "set to
> something else". While this is previously has not been enforced by the
> kernel, we will now enforce this starting with F17 (and presumably other
> distros will follow suit). But that means that (audit) session
> assignment is entirely sealed for processes, and creating another
> session out of an existing one simply cannot work.
> 
> Which basically means you always have to spawn the session from a
> pristine, priviliged, non-session service, which is why I recommend
> improving a display manager to make this work, and avoid startx.
> 
> It's probably sufficient to make gdm bus-activatable (by dropping in a
> dbus .service file for it). With that in place you don't have to start
> it all the time, but can still activate it easily dynamically by
> invoking "gdmflexiserver" as root. With a bit of additional work you
> should be able to write a tiny SUID tool that uses this and logs in the
> calling user automatically.
> 
> Summary: ck-xinit-session is borked, and should not be used. Instead,
> use a display manager, and make it activatable if you don't want to run
> it all the time.


Thanks as always for the detailed explanation Lennart!

I'll see what can be done - either via some gdm tweaks as you suggest or
simply by not supporting it any more (which is obviously the easiest
option!)

Cheers

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/


More information about the systemd-devel mailing list