From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-August/007590.html | 155 +++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-August/007590.html (limited to 'zarb-ml/mageia-dev/2011-August/007590.html') diff --git a/zarb-ml/mageia-dev/2011-August/007590.html b/zarb-ml/mageia-dev/2011-August/007590.html new file mode 100644 index 000000000..4a698ebf8 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-August/007590.html @@ -0,0 +1,155 @@ + + + + [Mageia-dev] systemd + ACL: Why it is broken. + + + + + + + + + +

[Mageia-dev] systemd + ACL: Why it is broken.

+ Colin Guthrie + mageia at colin.guthr.ie +
+ Sat Aug 27 16:40:43 CEST 2011 +

+
+ +
[As stated on another thread: just reposting here for future contextual
+history]
+
+OK, executive decision for now:
+
+I've just added the line:
+
+-session    optional      pam_systemd.so
+
+to /etc/pam.d/system-auth in the pam package.
+
+
+This change is quite safe:
+ 1. The leading - on the line means that if pam_systemd.so does not
+exist, it will be ignored.
+ 2. pamd_systemd.so itself is clever and if systemd is not running, it
+is a noop.
+
+So for all scenarios, this change is safe.
+
+If we want to do more with e.g. authconfig later, this can be done, but
+it's not strictly speaking needed for now.
+
+Col
+
+
+
+'Twas brillig, and Colin Guthrie at 25/08/11 15:26 did gyre and gimble:
+> Ping!
+> 
+> Any thoughts on the below email?
+> 
+> Seeing as udev 173 has landed which removes supoprt for udev-acl, we
+> need to either back out 173 (or rebuild with udev-acl support) or we
+> need to use systemd with the below changes officially blessed!
+> 
+> Col
+> 
+> 'Twas brillig, and Colin Guthrie at 04/08/11 18:43 did gyre and gimble:
+>> Hi,
+>>
+>> OK, so the reason that device ACLs are kinda broken with systemd is
+>> because the acl stuff is being done twice, once via udev and again via
+>> systemd.... but sadly systemd gets it wrong as it's not aware of the
+>> user session, see:
+>> systemd-loginctl --no-pager
+>>
+>>
+>> This is due to the fact that some essential additions to
+>> /etc/pam.d/system-auth are not done when systemd is installed.
+>>
+>> I added the following line to the end of my system-auth (the "login"
+>> file where console kit connector lies didn't work):
+>>
+>> -session    optional      pam_systemd.so
+>>
+>>
+>>
+>> The question is, how should we handle this? Edit the pam package and add
+>> it or do something more complex? AFAIK Fedora uses a system to manage
+>> these files called authconfig.... not sure if we could/should adopt
+>> that. I don't know much about it.
+>>
+>>
+>>
+>>
+>> On a related note, we'll also need to rebuild udev without udev-acl
+>> support, as this is now
+>> handled by systemd. At present, with the above fix to pam, I will be
+>> getting my ACLs written twice, which (when systemd knows I'm logged in)
+>> is fine. I think it's actually the default in udev 173, but
+>> we can do that manually with 172 via:
+>>   --disable-udev_acl
+>> in udev.
+>>
+>> That said, this would commit us to systemd so we need to tread carefully
+>> here as without systemd, then the ACLs would not get written with
+>> obvious consequences (basically the exact opposite of now!).
+>>
+>> Anyway, for now I have my ACLs back and can use my audio devices! Yay!
+>>
+>> Col
+>>
+>>
+> 
+> 
+
+
+-- 
+
+Colin Guthrie
+mageia(at)colin.guthr.ie
+http://colin.guthr.ie/
+
+Day Job:
+  Tribalogic Limited [http://www.tribalogic.net/]
+Open Source:
+  Mageia Contributor [http://www.mageia.org/]
+  PulseAudio Hacker [http://www.pulseaudio.org/]
+  Trac Hacker [http://trac.edgewall.org/]
+
+ + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1