From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Marusich <cmmarusich@gmail.com>
Subject: Re: Let non-root users use MTP devices (Attempt #2)
Date: Thu, 29 Dec 2016 02:15:37 -0800
Message-ID: <871swrf3cm.fsf@gmail.com>
References: <87mvfggv4k.fsf@gmail.com>
	<20161229090121.3718-1-cmmarusich@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54949)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1cMXkO-0002JT-4R
	for guix-devel@gnu.org; Thu, 29 Dec 2016 05:15:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1cMXkN-0001hl-7D
	for guix-devel@gnu.org; Thu, 29 Dec 2016 05:15:44 -0500
Received: from mail-pg0-x243.google.com ([2607:f8b0:400e:c05::243]:35195)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <cmmarusich@gmail.com>)
	id 1cMXkM-0001hc-UQ
	for guix-devel@gnu.org; Thu, 29 Dec 2016 05:15:43 -0500
Received: by mail-pg0-x243.google.com with SMTP id i5so18555369pgh.2
	for <guix-devel@gnu.org>; Thu, 29 Dec 2016 02:15:42 -0800 (PST)
In-Reply-To: <20161229090121.3718-1-cmmarusich@gmail.com> (Chris Marusich's
	message of "Thu, 29 Dec 2016 01:01:19 -0800")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Chris Marusich <cmmarusich@gmail.com> writes:

> Here's a second attempt to fix MTP support for GuixSD.  It's simple and
> requires no special group permissions.
>
> It turns out that elogind (like systemd's logind) can be compiled with
> support for ACLs (provided by libacl), in which case elogind will
> automatically set an ACL on a device file granting access to a user when
> that user is logged in using a seat to which the device is attached.  In
> short, by adding acl as an input to elogind, users will be able to
> access devices without running programs as root, and without being a
> member of any special group.
>
> That's just one piece of the puzzle, though.  The other piece is the
> udev rules provided by libmtp.  It's necessary to install those udev
> rules; if we don't, then the MTP device won't be tagged properly, so
> elogind will not set any ACLs for it.  I've chosen to install those
> rules by modifying the base services in desktop.scm so that all desktops
> will get the rules, not just GNOME; if you know of a better way to
> install them, please let me know.
>
> This patch has a happy side effect.  Namely: because elogind is now
> setting ACLs, it gives a user access to other devices that are attached
> to their seat.  For instance, after this change, I can access /dev/kvm
> and /dev/cdrom (and other devices) without being root, and without being
> in any special group.  How nice!

After sending this, I've noticed something odd: sometimes, it can take
quite a while for elogind to set the ACLs.  It's a bit of a mystery to
me.  I'm not sure how/when elogind decides to update the ACLs; I assumed
it was continuously checking for changes in the hardware or receiving
notifications about hardware changes, but it seems like elogind isn't
noticing when I plug in my phone.  Even though the device file shows up,
elogind doesn't set the ACLs unless I do something.

By "do something," I mean: Apparently, logging out and logging back in
seems to trigger elogind to set the ACLs.  Even just switching virtual
terminals (i.e., Control + F1, followed by Control + F7) seems to
trigger it, which is weird.  Even when elogind has not yet set the ACLs,
the "uaccess" tag has in fact been correctly set for the device (as
reported by e.g. "udevadm info /dev/libmtp-1-1"), which leads me to
suspect that elogind is either failing to notice or just ignoring the
hardware change.  I wonder if this might be a bug of some kind.

What do you think we should do?

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlhk4kkACgkQ3UCaFdgi
Rp2QbxAA1Z2JpPeEMMsw1HmGOeKfjZhxtav7dzg+km7HJ0rhSUlNlHV79l+xspxI
v3EAnI75FtqZM/ZXawxpRHZDKrbHTEgCvszKmEMgEnJ0zga5MdNA5kQNi1otfBI0
AVcaKnt0L/IkToEGtKOzeXDiXMH0t/UGDI5nqC6LN8V3hSuRGP++qckg0AZ6SsBK
5WUUSSzPIjZaHT4t7zibazJoWKGINGzlLc9TRPzQII1G1Y7LKCe1RiaeOyxjC33l
v316VqEfDTiM3XaUB+CGHDr2AKNV1qBTLrhXnk/QXGH0++gicUQXjCApfWYcBhz9
qRn4w+lBXLlbnPsgobBRmQ+ufaeUPzcsN0+pfW4qiANoE7g8DEebatojfMQta2nv
YcC4KWmxI9CUNrdXo2nRr+YMzqOH5hn1VRQstCo5mumRFHBYdYZpKjjkJcJDgQFD
0Q2HIHD1GxHP1l/BTjWG/KwrQVR+/BT/le7wa3WNy4CPZQXeacID8Na8fzwupw/t
q+2vSfxnR64Kiodv8cZ7diiDHajKHOKo3Je1VCjMcCOz+0YBqTHhyAhoi63HtJT4
FyntVPJXvhpiEJrdRX/JRnauxawLLvkTfjKG3V0i8I4wbuIpRUaWBWup08Eov3Xc
wxcN23HS+7Pvpb+9ysvoCsWXBjjQdfPfX/0lr2z+nMOgA89XoNY=
=n5K1
-----END PGP SIGNATURE-----
--=-=-=--