[Mageia-dev] systemd + ACL: Why it is broken.
Colin Guthrie
mageia at colin.guthr.ie
Thu Aug 25 16:26:42 CEST 2011
Ping!
Any thoughts on the below email?
Seeing as udev 173 has landed which removes supoprt for udev-acl, we
need to either back out 173 (or rebuild with udev-acl support) or we
need to use systemd with the below changes officially blessed!
Col
'Twas brillig, and Colin Guthrie at 04/08/11 18:43 did gyre and gimble:
> Hi,
>
> OK, so the reason that device ACLs are kinda broken with systemd is
> because the acl stuff is being done twice, once via udev and again via
> systemd.... but sadly systemd gets it wrong as it's not aware of the
> user session, see:
> systemd-loginctl --no-pager
>
>
> This is due to the fact that some essential additions to
> /etc/pam.d/system-auth are not done when systemd is installed.
>
> I added the following line to the end of my system-auth (the "login"
> file where console kit connector lies didn't work):
>
> -session optional pam_systemd.so
>
>
>
> The question is, how should we handle this? Edit the pam package and add
> it or do something more complex? AFAIK Fedora uses a system to manage
> these files called authconfig.... not sure if we could/should adopt
> that. I don't know much about it.
>
>
>
>
> On a related note, we'll also need to rebuild udev without udev-acl
> support, as this is now
> handled by systemd. At present, with the above fix to pam, I will be
> getting my ACLs written twice, which (when systemd knows I'm logged in)
> is fine. I think it's actually the default in udev 173, but
> we can do that manually with 172 via:
> --disable-udev_acl
> in udev.
>
> That said, this would commit us to systemd so we need to tread carefully
> here as without systemd, then the ACLs would not get written with
> obvious consequences (basically the exact opposite of now!).
>
> Anyway, for now I have my ACLs back and can use my audio devices! Yay!
>
> Col
>
>
--
Colin Guthrie
mageia(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mageia Contributor [http://www.mageia.org/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
More information about the Mageia-dev
mailing list