1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] systemd + ACL: Why it is broken.
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20systemd%20%2B%20ACL%3A%20Why%20it%20is%20broken.&In-Reply-To=%3C4E565BA2.8050707%40colin.guthr.ie%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007230.html">
<LINK REL="Next" HREF="007590.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] systemd + ACL: Why it is broken.</H1>
<B>Colin Guthrie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20systemd%20%2B%20ACL%3A%20Why%20it%20is%20broken.&In-Reply-To=%3C4E565BA2.8050707%40colin.guthr.ie%3E"
TITLE="[Mageia-dev] systemd + ACL: Why it is broken.">mageia at colin.guthr.ie
</A><BR>
<I>Thu Aug 25 16:26:42 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="007230.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI>Next message: <A HREF="007590.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7517">[ date ]</a>
<a href="thread.html#7517">[ thread ]</a>
<a href="subject.html#7517">[ subject ]</a>
<a href="author.html#7517">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Ping!
Any thoughts on the below email?
Seeing as udev 173 has landed which removes supoprt for udev-acl, we
need to either back out 173 (or rebuild with udev-acl support) or we
need to use systemd with the below changes officially blessed!
Col
'Twas brillig, and Colin Guthrie at 04/08/11 18:43 did gyre and gimble:
><i> Hi,
</I>><i>
</I>><i> OK, so the reason that device ACLs are kinda broken with systemd is
</I>><i> because the acl stuff is being done twice, once via udev and again via
</I>><i> systemd.... but sadly systemd gets it wrong as it's not aware of the
</I>><i> user session, see:
</I>><i> systemd-loginctl --no-pager
</I>><i>
</I>><i>
</I>><i> This is due to the fact that some essential additions to
</I>><i> /etc/pam.d/system-auth are not done when systemd is installed.
</I>><i>
</I>><i> I added the following line to the end of my system-auth (the "login"
</I>><i> file where console kit connector lies didn't work):
</I>><i>
</I>><i> -session optional pam_systemd.so
</I>><i>
</I>><i>
</I>><i>
</I>><i> The question is, how should we handle this? Edit the pam package and add
</I>><i> it or do something more complex? AFAIK Fedora uses a system to manage
</I>><i> these files called authconfig.... not sure if we could/should adopt
</I>><i> that. I don't know much about it.
</I>><i>
</I>><i>
</I>><i>
</I>><i>
</I>><i> On a related note, we'll also need to rebuild udev without udev-acl
</I>><i> support, as this is now
</I>><i> handled by systemd. At present, with the above fix to pam, I will be
</I>><i> getting my ACLs written twice, which (when systemd knows I'm logged in)
</I>><i> is fine. I think it's actually the default in udev 173, but
</I>><i> we can do that manually with 172 via:
</I>><i> --disable-udev_acl
</I>><i> in udev.
</I>><i>
</I>><i> That said, this would commit us to systemd so we need to tread carefully
</I>><i> here as without systemd, then the ACLs would not get written with
</I>><i> obvious consequences (basically the exact opposite of now!).
</I>><i>
</I>><i> Anyway, for now I have my ACLs back and can use my audio devices! Yay!
</I>><i>
</I>><i> Col
</I>><i>
</I>><i>
</I>
--
Colin Guthrie
mageia(at)colin.guthr.ie
<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
Day Job:
Tribalogic Limited [<A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>]
Open Source:
Mageia Contributor [<A HREF="http://www.mageia.org/">http://www.mageia.org/</A>]
PulseAudio Hacker [<A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>]
Trac Hacker [<A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>]
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007230.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI>Next message: <A HREF="007590.html">[Mageia-dev] systemd + ACL: Why it is broken.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7517">[ date ]</a>
<a href="thread.html#7517">[ thread ]</a>
<a href="subject.html#7517">[ subject ]</a>
<a href="author.html#7517">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
