search

vmihalko / t2_polkit

Other
0 stars 0 forks source link

[patch] detect logind and fall back to ConsoleKit at runtime #53

Open vmihalko opened 11 years ago

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 13, 2013, 20:10

Submitted by Fabio Erculiani

Assigned to David Zeuthen @david

Link to original bug (#63504)

Description

Created attachment 77926 drop a lot of duplicated code and detect logind at runtime

Attached is a patch that lets polkit detect logind at runtime and fall back to consolekit when logind is not available. This is particularly useful for distributions willing to support multiple init systems or just wanting to ensure a smooth migration to systemd.

Attachment 77926, "drop a lot of duplicated code and detect logind at runtime":
0001-Detect-logind-at-runtime.patch

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 14, 2013, 24:03

:speech_balloon: Fabio Erculiani said:

Probably, the consolekit dependency should also depend on a ./configure flag and at least one of --enable-libsystemd-login and --enable-consolekit should be specified. I am thinking about systemd-only systems where consolekit got removed.

But let me know if you are interested in the idea of having logind detected at runtime (like GNOME3 does) first.

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 14, 2013, 20:20

:speech_balloon: David Zeuthen @david said:

Now that Ubuntu has transitioned from ConsoleKit to logind (and logind can exist without systemd being the init system), I think we should just hard-require logind and drop support for ConsoleKit as it would make it a lot easier to maintain the code going forward. This is important, especially since bugs in ConsoleKit may lead to issues where users are given permissions they otherwise wouldn't have had.

Adding Colin and Mitr to the Cc for their input.

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 14, 2013, 21:23

:speech_balloon: Fabio Erculiani said:

I am not sure about what are the plans for Gentoo, but I expect to see consolekit around for some time still. While we are willing to improve the level of systemd support, having polkit detect consolekit/logind at runtime is certainly something good, given that all the other components (for instance, gnome-shell, gnome-session and gdm) are already able to do that.

The only component that doesn't seem to do this at runtime is actually polkit. I think that it would be nice to have this patch (I am willing to adapt it to make it look nicer) to cover the interim period though.

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 18, 2013, 23:16

:speech_balloon: Miloslav Trmac said:

(In reply to comment 1) Probably, the consolekit dependency should also depend on a ./configure flag and at least one of --enable-libsystemd-login and --enable-consolekit should be specified. I am thinking about systemd-only systems where consolekit got removed.

Yes, that's definitely necessary; otherwise polkit would be the only component dragging in ConsoleKit into minimal installations.

But let me know if you are interested in the idea of having logind detected at runtime (like GNOME3 does) first.

I'm rather unsure about the LOGIND_RUNNING() conditions all over the place - the value of that can change between two calls (especially during system startup/shutdown), we might potentially end up with a system that concurrently uses session IDs from both, or where the libpolkit-gobject interpretation (in some processes?) and the polkitd interpretation differs.

The polkitd side could in principle be handled by adding an command-line option to choose one of the backends; I have no idea how to handle the possible polkitd/libpolkit-gobject discrepancy.

Perhaps it's all fine and safe (the check in polkit_backend_interactive_authority_register_authentication_agent seems to cover my main worry) - right now it's not obvious to me but I could probably be convinced; I haven't looked into this in detail.

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Apr 18, 2013, 23:22

:speech_balloon: Miloslav Trmac said:

(In reply to comment 2) Now that Ubuntu has transitioned from ConsoleKit to logind (and logind can exist without systemd being the init system), I think we should just hard-require logind and drop support for ConsoleKit as it would make it a lot easier to maintain the code going forward.

I can't see that - it's surely easiest to do nothing and keep the existing code there :)

This is important, especially since bugs in ConsoleKit may lead to issues where users are given permissions they otherwise wouldn't have had.

The existence of this bug is a proof that ConsoleKit still has users (even users willing to write patches).

Is ConsoleKit itself actually insecure, or is it a general worry? Some googling suggests that it can now use the audit session ID instead of poking into /proc/%d/environ, which is the only really problematic aspect I know about right now.

vmihalko commented 11 years ago

In GitLab by @bugzilla-migration on Jul 25, 2013, 08:59

:speech_balloon: Samuli Suominen said:

David, please, don't remove CK support from polkitd. CK is still the only clean option, and it's been reported logind won't work without systemd without systemd >= 205 again. For example, XFCE has no plans on removing CK support since CK works on BSD and logind doesn't.