<div dir="ltr">As said before, with systemd user sessions, this will not happen. Unless I'm misremembering, Lennart has said that the only thing that should be inside the PAM session environment proper should be the session leader like "gnome-session". (Disregarding the session worker process like gdm-session-worker) </div><div class="gmail_extra"> <div class="gmail_quote">On Mon, Feb 10, 2014 at 4:54 PM, Hans de Goede <<a href="mailto:hdegoede@redhat.com" target="_blank">hdegoede@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, <div><div class="h5"> On 02/10/2014 10:49 PM, David Herrmann wrote: > Hi > > On Mon, Feb 10, 2014 at 10:48 PM, Hans de Goede <<a href="mailto:hdegoede@redhat.com">hdegoede@redhat.com</a>> wrote: >> Hi, >> >> On 02/10/2014 09:58 PM, Jasper St. Pierre wrote: >>> Something I noticed here is that you use GetSessionByPID(). This works right now, but with systemd user sessions, the display server will run outside of a session. We have to decide what to do in this case. >> >> AFAIK that won't work, the display server must be inside the pam login session of the user, otherwise logind will refuse to give access to any of the devices belonging to the seat. >> >> To be precise, logind will only give access to a process which is inside the user-session which is the active session on a certain head, and then only to devices which belong to said head. > > To be precise, only processes with the uid of the user or root can call TakeControl(), no other restrictions are enforced. So the process does not have to be in the session. </div></div>Ah right, so I guess it could be outside the user session, as long as it gets started with the uid of the user, however I think that starting user processes without them being inside a properly setup pam login session is very ugly. So it would be greatly preferable and more simple IMHO to just start it inside the user-session, and AFAIK Ray Strode is working on doing exactly that in gdm. If we go this route calling GetSessionByPID() should not be a problem at all. Regards, Hans -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a> iEYEARECAAYFAlL5SnIACgkQF3VEtJrzE/uPCACfUneP1X6T/nKzBo/ZNqIE5XGV AeEAnjVXI5BlrBAV4YCkwmcgCRhzdRFR =lEt3 -----END PGP SIGNATURE----- </blockquote></div> -- Jasper </div>