[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#56971: greeter user permissions are not enough to talk with seatd
From: |
muradm |
Subject: |
bug#56971: greeter user permissions are not enough to talk with seatd |
Date: |
Thu, 04 Aug 2022 15:52:32 +0300 |
User-agent: |
mu4e 1.8.7; emacs 29.0.50 |
Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
block 56971 by 56690 56699
thanks
Hi muradm,
Hi Liliana,
Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm:
[...] greeter (e.g. gtkgreet) requiring communication
with seatd is failing to start, causing "black screen"
behavior on active terminal (switching to the other non seatd
related terminal is possible, for manual permissions
adjustment as workaround).
To address this issue, we need more flexible control over
seatd user/group, which creates seatd.sock, and greeter user
which connects to seatd.sock.
Okay.
However, not all greeters require that, so I decided to make
more flexible.
Flexibility for its own sake is not always the right solution.
On the
other hand, looking at the two patches, it appears they are to
be used
in combination?
No, technically they are not strongly dependent on each other,
could be applied one after another in no particular order.
After both are applied, in cooperation they address this issue.
Propsed solutions consists of:
* 56690 - gnu: seatd-service-type: Should use seat group.
With this change, if seatd-service-type is present in the
system configuration, "seat" group will be added, and seatd
will run as root/seat. Group is configurable, but default is
"seat".
Why just the group and no user? Is it not possible to launch
seatd as
non-root?
seatd provides a way for display servers to access input/output
devices
without having to be root. So seatd it self has to run as root.
When seatd opening socket as root/seat, all members of seat would
be able to communicate with it. Also socket could be opened with
seat/seat for instance, but there is no specific point in doing
so.
Will be one more unused system user around.
Arch seems to follow similar way, root/seat is ok for socket.
Also will signal that seatd is running as root.
* 56699 - gnu: greetd-service-type: Add greeter-extra-groups
config field.
With this change, if user wants to use seatd-service-type with
greeter requiring seatd.sock, he can add "seat" group to
greeter-extra-groups field.
Note that you still have a TODO on that patch.
That TODO is from the initial commit, it is about cgroup file
system mounting, and totally out of scope of this issue.
Cheers
Thanks in advance
signature.asc
Description: PGP signature
- bug#56971: greeter user permissions are not enough to talk with seatd, muradm, 2022/08/04
- bug#56971: greeter user permissions are not enough to talk with seatd, Liliana Marie Prikler, 2022/08/04
- bug#56971: greeter user permissions are not enough to talk with seatd,
muradm <=
- bug#56971: greeter user permissions are not enough to talk with seatd, Liliana Marie Prikler, 2022/08/05
- bug#56971: greeter user permissions are not enough to talk with seatd, muradm, 2022/08/05
- bug#56971: greeter user permissions are not enough to talk with seatd, Liliana Marie Prikler, 2022/08/05
- bug#56971: greeter user permissions are not enough to talk with seatd, muradm, 2022/08/07
- bug#56971: greeter user permissions are not enough to talk with seatd, Liliana Marie Prikler, 2022/08/08
bug#56971: greeter user permissions are not enough to talk with seatd, Liliana Marie Prikler, 2022/08/26