1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] systemd + ACL: Why it is broken.
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20systemd%20%2B%20ACL%3A%20Why%20it%20is%20broken.&In-Reply-To=%3C4E3ADA53.2050405%40colin.guthr.ie%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007229.html">
<LINK REL="Next" HREF="007517.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] systemd + ACL: Why it is broken.</H1>
<B>Colin Guthrie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20systemd%20%2B%20ACL%3A%20Why%20it%20is%20broken.&In-Reply-To=%3C4E3ADA53.2050405%40colin.guthr.ie%3E"
TITLE="[Mageia-dev] systemd + ACL: Why it is broken.">mageia at colin.guthr.ie
</A><BR>
<I>Thu Aug 4 19:43:47 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="007229.html">[Mageia-dev] [RPM] 1 core/updates_testing schroot-1.4.22-1.1.mga1
</A></li>
<LI>Next message: <A HREF="007517.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7230">[ date ]</a>
<a href="thread.html#7230">[ thread ]</a>
<a href="subject.html#7230">[ subject ]</a>
<a href="author.html#7230">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hi,
OK, so the reason that device ACLs are kinda broken with systemd is
because the acl stuff is being done twice, once via udev and again via
systemd.... but sadly systemd gets it wrong as it's not aware of the
user session, see:
systemd-loginctl --no-pager
This is due to the fact that some essential additions to
/etc/pam.d/system-auth are not done when systemd is installed.
I added the following line to the end of my system-auth (the "login"
file where console kit connector lies didn't work):
-session optional pam_systemd.so
The question is, how should we handle this? Edit the pam package and add
it or do something more complex? AFAIK Fedora uses a system to manage
these files called authconfig.... not sure if we could/should adopt
that. I don't know much about it.
On a related note, we'll also need to rebuild udev without udev-acl
support, as this is now
handled by systemd. At present, with the above fix to pam, I will be
getting my ACLs written twice, which (when systemd knows I'm logged in)
is fine. I think it's actually the default in udev 173, but
we can do that manually with 172 via:
--disable-udev_acl
in udev.
That said, this would commit us to systemd so we need to tread carefully
here as without systemd, then the ACLs would not get written with
obvious consequences (basically the exact opposite of now!).
Anyway, for now I have my ACLs back and can use my audio devices! Yay!
Col
--
Colin Guthrie
mageia(at)colin.guthr.ie
<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
Day Job:
Tribalogic Limited [<A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>]
Open Source:
Mageia Contributor [<A HREF="http://www.mageia.org/">http://www.mageia.org/</A>]
PulseAudio Hacker [<A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>]
Trac Hacker [<A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>]
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007229.html">[Mageia-dev] [RPM] 1 core/updates_testing schroot-1.4.22-1.1.mga1
</A></li>
<LI>Next message: <A HREF="007517.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7230">[ date ]</a>
<a href="thread.html#7230">[ thread ]</a>
<a href="subject.html#7230">[ subject ]</a>
<a href="author.html#7230">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
