'Twas brillig, and Lennart Poettering at 29/02/12 13:52 did gyre and gimble: > On Tue, 28.02.12 00:52, Colin Guthrie ([email protected]) wrote: > >> Hi, >> >> I'm getting bug reports about startx not registering user sessions under >> systemd. >> >> With console-kit, ck-xinit-session did the job and I was hoping someone >> (Fred - maybe you've done it on SuSE?) had written the equiv for logind? >> >> Figured it's worth asking :) > > There is no such tool afaik. We don't really support this on Fedora, and > so far the requests for this have been very minimal. My recommendation > would be to somehow patch your display manager to manage your screen > only on request, rather then trying to avoid a display manager at all. > > There's a fundamental contradiction in creating "forked off" sessions like > this: the whole audit system is written in a way that session ids can > only change from "unset" to "set" but not from "set" to "set to > something else". While this is previously has not been enforced by the > kernel, we will now enforce this starting with F17 (and presumably other > distros will follow suit). But that means that (audit) session > assignment is entirely sealed for processes, and creating another > session out of an existing one simply cannot work. > > Which basically means you always have to spawn the session from a > pristine, priviliged, non-session service, which is why I recommend > improving a display manager to make this work, and avoid startx. > > It's probably sufficient to make gdm bus-activatable (by dropping in a > dbus .service file for it). With that in place you don't have to start > it all the time, but can still activate it easily dynamically by > invoking "gdmflexiserver" as root. With a bit of additional work you > should be able to write a tiny SUID tool that uses this and logs in the > calling user automatically. > > Summary: ck-xinit-session is borked, and should not be used. Instead, > use a display manager, and make it activatable if you don't want to run > it all the time.
Thanks as always for the detailed explanation Lennart! I'll see what can be done - either via some gdm tweaks as you suggest or simply by not supporting it any more (which is obviously the easiest option!) Cheers Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
