[PATCH v2 10/14] systemd-logind: Add systemd-logind "core"

Jasper St. Pierre jstpierre at mecheye.net
Tue Feb 11 04:16:55 CET 2014


As said before, with systemd user sessions, this will not happen. Unless
I'm misremembering, Lennart has said that the only thing that should be
inside the PAM session environment proper should be the session leader like
"gnome-session". (Disregarding the session worker process like
gdm-session-worker)


On Mon, Feb 10, 2014 at 4:54 PM, Hans de Goede <hdegoede at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On 02/10/2014 10:49 PM, David Herrmann wrote:
> > Hi
> >
> > On Mon, Feb 10, 2014 at 10:48 PM, Hans de Goede <hdegoede at redhat.com>
> wrote:
> >> Hi,
> >>
> >> On 02/10/2014 09:58 PM, Jasper St. Pierre wrote:
> >>> Something I noticed here is that you use GetSessionByPID(). This works
> right now, but with systemd user sessions, the display server will run
> outside of a session. We have to decide what to do in this case.
> >>
> >> AFAIK that won't work, the display server must be inside the pam login
> session of the user, otherwise logind will refuse to give access to any of
> the devices belonging to the seat.
> >>
> >> To be precise, logind will only give access to a process which is
> inside the user-session which is the active session on a certain head, and
> then only to devices which belong to said head.
> >
> > To be precise, only processes with the uid of the user or root can call
> TakeControl(), no other restrictions are enforced. So the process does not
> have to be in the session.
>
> Ah right, so I guess it could be outside the user session, as long
> as it gets started with the uid of the user, however I think that starting
> user processes without them being inside a properly setup pam login session
> is very ugly.
>
> So it would be greatly preferable and more simple IMHO to just start it
> inside the user-session, and AFAIK Ray Strode is working on doing exactly
> that in gdm.
>
> If we go this route calling GetSessionByPID() should not be a problem
> at all.
>
> Regards,
>
> Hans
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlL5SnIACgkQF3VEtJrzE/uPCACfUneP1X6T/nKzBo/ZNqIE5XGV
> AeEAnjVXI5BlrBAV4YCkwmcgCRhzdRFR
> =lEt3
> -----END PGP SIGNATURE-----
>



-- 
  Jasper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140210/4ae5cbba/attachment.html>


More information about the xorg-devel mailing list