[Bugs] [Bug 305] New: ConsoleKit-0.4.2 sessions will not be local unless opened with a compatible login manager.

bugzilla-daemon at exherbo.org bugzilla-daemon at exherbo.org
Sun Sep 26 07:21:55 BST 2010


https://bugs.exherbo.org/show_bug.cgi?id=305

           Summary: ConsoleKit-0.4.2 sessions will not be local unless
                    opened with a compatible login manager.
           Product: Repositories
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Packages
        AssignedTo: unassigned at exherbo.org
        ReportedBy: spoonb at cdspooner.com
           Package: sys-auth/ConsoleKit-0.4.2


The recent release of ConsoleKit (v0.4.2) has changed the policy regarding the
creation of local sessions. (commit 4f88228f31a63c026c424a92827f26ad7535275c) 

See https://bugs.freedesktop.org/show_bug.cgi?id=28377

Users of gdm and kdm shouldn't have any problems. These login managers use the
OpenSessionWithParameters dbus method and can set the is-local parameter. This
method is restricted to privileged processes per the default polkit policies.

Other login managers that don't use libck-connector or there own implementation
can use the pam_ck_connector module but this has some limitations without minor
modifications (See man pam_ck_connector). I believe neither xdm or slim have
any native ConsoleKit support and I have not tested them with the pam module.

The problem is for those using xinit/startx with ck-launch-session to create a
ConsoleKit session when starting X. This would also include startxfce4 as I
recall. The current practice is to execute ck-launch-session during xinit, but
ck-launch-session uses the OpenSession method which is available to all users,
However this method without a proper login/session manager will not create a
local session with ConsoleKit-0.4.2 due to the recent changes.

The pam_ck_connector module can be used with login to create a local session
for that vt, but when xinit/startx is executed it switches vt's and the session
is marked inactive.

Steps To Reproduce:
1) Upgrade to ConsoleKit-0.4.2
2) Add ck-launch-session mywindowmanager to .xinitrc if not already present.
3) startx or xinit

Results: 
"ck-list-sessions" will show the session parameter is-local=False where with
ConsoleKit[<=0.41] the is-local parameter would be True. Consequently the user
will lose privileges associated with a local session like
shutdown/restart/suspend in gnome among others.

Workaround/Solution:
This is only going to effect a certain subset of users. The immediate
workaround is to simply use gdm, kdm or any display manager that properly
registers with ConsoleKit. Xdm and slim may be able to use the pam_ck_connector
module. 

The solution is to have a text based login manager that uses the pam module
properly or even better the ck-connecter lib and sets the sessionid which
ConsoleKit accesses from the proc interface to determine if the new session
leader originates from a session that has already been created is-local=True by
a privileged process (which in this case would be the login manager).

I have submit an exheres to the faithful zebrapig for ConsoleKit-0.4.2 in which
I have referenced this bug.


-- 
Configure bugmail: https://bugs.exherbo.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the Bugs mailing list