On Wed, 29 Nov 2017 19:05:07 +0100 Lennart Poettering <lenn...@poettering.net> wrote:
> On Di, 28.11.17 12:14, Pekka Paalanen (ppaala...@gmail.com) wrote: > > > + > > +[Unit] > > +Description=Weston, a Wayland compositor, as a system service > > +Documentation=man:weston(1) man:weston.ini(5) > > +Documentation=http://wayland.freedesktop.org/ > > + > > +# Make sure we are started after logins are permitted. > > +After=systemd-user-sessions.service > > + > > +# If Plymouth is used, we want to start when it is on its way out. > > +After=plymouth-quit-wait.service > > + > > +# D-Bus is necessary for contacting logind. Logind is required. > > +Wants=dbus.socket > > +After=dbus.socket > > + > > +# This scope is created by pam_systemd when logging in as the user. > > +# This directive is a workaround to a systemd bug, where the setup of the > > +# user session by PAM has some race condition, possibly leading to a > > failure. > > +# See README for more details. > > +After=session-c1.scope > > Hmm, what is this about? > > This is racy, as the session ID is not really reliably predictable, > and is synthesized in different contexts in different ways, for > example depnding on whether audit is enabled in the kernel it might be > session-1.scope rather than session-c1.scope. Hi Lennart, this is the bit Martyn talked you in person some time ago, maybe Martyn could refresh your memory? Yes, I am definitely not happy about this directive, but it serves as the reminder of the issue Martyn was debugging a long time ago, and this was the workaround chosen for the particular project at that time. I guessed it's not portable. I have it here so it would trigger the discussion, in the hopes that someone could recall the details of the fundamental problem. I heard it was deemed to be a hard-to-reproduce systemd bug, but I have no other details. If we could determine the bug doesn't exist anymore, that would be awesome and I could just drop this. > > +# Set up a full user session for the user, required by Weston. > > +PAMName=login > > Piggy-backing on "login" is a bad idea. "login" is a text tool, and > thus the PAM rules for it usually pull in some TTY specific PAM > modules. YOu shoudl really use your own PAM fragment here, and > configure only the bits you need. Ok. Is there any guide or example I could point people to, so that they can write their own stuff correctly? Any example I could put into Weston docs? Personally I have no understanding of what PAM does. I just copied weston-launch (setuid-root helper for non-systemd systems) that also uses "login" for PAM name if it was asked to create a new session(?). Thanks, pq
pgpa0dvsfQfwk.pgp
Description: OpenPGP digital signature
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
