From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Wingo Subject: [PATCHES] Update elogind to 219.13 Date: Sun, 06 Mar 2016 19:41:52 +0100 Message-ID: <877fhf8n4f.fsf@pobox.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51225) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1acddZ-0007N8-P6 for guix-devel@gnu.org; Sun, 06 Mar 2016 13:42:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1acddW-0002x5-FT for guix-devel@gnu.org; Sun, 06 Mar 2016 13:42:41 -0500 Received: from pb-sasl0.int.icgroup.com ([208.72.237.25]:58319 helo=sasl.smtp.pobox.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1acddW-0002nN-AG for guix-devel@gnu.org; Sun, 06 Mar 2016 13:42:38 -0500 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl0.pobox.com (Postfix) with ESMTP id 9505148F20 for ; Sun, 6 Mar 2016 13:42:02 -0500 (EST) Received: from pb-sasl0.int.icgroup.com (unknown [127.0.0.1]) by pb-sasl0.pobox.com (Postfix) with ESMTP id 8AC2A48F1F for ; Sun, 6 Mar 2016 13:42:02 -0500 (EST) Received: from clucks (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl0.pobox.com (Postfix) with ESMTPSA id 0944448F1D for ; Sun, 6 Mar 2016 13:41:59 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Success! Mostly :) A table of contents: 1. What is now possible 2. How elogind maps PIDs to sessions 3. GuixSD caveats 1. What is now possible ----------------------- The attached patches update to the latest elogind, for which I just cut a new release. The big change is that elogind can now map PIDs to sessions. Elogind already keeps an idea of what sessions are "active". On the other hand, polkit can implicitly grant some permissions to "active" users. This set of permissions is initially empty but it can be augmented by other services, like gnome-settings-daemon. In the specific case of gnome-settings-daemon, gnome-settings-daemon ships an .action file that allows the active user to invoke a helper that can change the backlight of your screen. For example: $ tail /etc/polkit-1/actions/org.gnome.settings-daemon.plugins.power.po= licy=20 =E4=BF=AE=E6=94=B9=E7=AD=86=E8=A8=98=E5= =9E=8B=E9=9B=BB=E8=85=A6=E4=BA=AE=E5=BA=A6=E9=9C=80=E8=A6=81=E6=A0=B8=E5=B0= =8D no no yes /gnu/store/rs= syvyd0dj0j5jqkmir0najq1rcd72il-gnome-settings-daemon-3.18.2/libexec/gsd-bac= klight-helper $ /gnu/store/rssyvyd0dj0j5jqkmir0najq1rcd72il-gnome-settings-daemon-3.1= 8.2/libexec/gsd-backlight-helper --set-brightness 500 This program can only be used by the root user $ pkexec /gnu/store/rssyvyd0dj0j5jqkmir0najq1rcd72il-gnome-settings-dae= mon-3.18.2/libexec/gsd-backlight-helper --set-brightness 500 $ That last pkexec call checked remotely if polkit allowed this invocation, and whee, it did, so pkexec did a setuid() to root and invoked the binary: $ tail /var/log/secure [...] Mar 6 19:12:34 localhost pkexec: pam_unix(polkit-1:session): session o= pened for user root by (uid=3D1000) Mar 6 19:12:34 localhost pkexec[1885]: wingo: Executing command [USER= =3Droot] [TTY=3D/dev/pts/0] [CWD=3D/home/wingo/src/elogind] [COMMAND=3D/gnu= /store/rssyvyd0dj0j5jqkmir0najq1rcd72il-gnome-settings-daemon-3.18.2/libexe= c/gsd-backlight-helper --set-brightness 500] This is the exact mechanism that gnome-settings-daemon uses to set the backlight, so we are doing great! This isn't just theoretical; gnome-settings- ./plugins/power/gpm-common.c:514: command =3D g_strdup_printf ("= pkexec " LIBEXECDIR "/gsd-backlight-helper --%s %i", 2. How elogind maps PIDs to sessions ------------------------------------ Systemd uses cgroups in two ways: one, to organize the tree of processes into users, slices, machines, sessions, and scopes; and two, to allow the user to balance resource usage between users, slices, etc. In contrast, elogind only uses cgroups to organize processes, and since it doesn't try to control resource usage, it can just organize them into sessions. It turns out that you can make cgroups that are just for organization, not for controlling any particular resource. (See http://0pointer.de/blog/projects/cgroups-vs-cgroups.html, for more.) So that's what elogind does. When pam_elogind tells the logind about a new session, elogind will create a new cgroup for that session and migrate the session leader into the new cgroup, assuming that the only process in the session is the session leader. From then on, all children of that PID, even if they double-fork, are marked as being in the e.g. /sys/fs/cgroups/elogind/c1 cgroup. And yes, the interface to cgroups really is the file system. Pretty weird. The other cgroups that correspond to resource controllers like "cpuset" and "memory" have their own mounts, eg /sys/fs/cgroups/memory. So one of these patches adds a mount for the elogind cgroup hierarchy. >From then on out, to know what cgroup a process is in, you just cat a special file in /proc. For example: $ cat /proc/$(pgrep gnome-terminal)/cgroup 10:name=3Delogind:/c1 9:cpuset:/ 8:cpu:/ 7:cpuacct:/ 6:memory:/ 5:devices:/ 4:freezer:/ 3:blkio:/ 2:perf_event:/ 1:hugetlb:/ So my gnome-terminal is running in cgroup /c1, which because elogind controls that cgroup tree, we interpret to mean that it is running in the "c1" session. Voil=C3=A0. Conversely to know what PIDs are in a session: $ cat /sys/fs/cgroup/elogind/c1/cgroup.procs=20 346 411 420 [...] =20=20=20 3. Caveats ---------- Polkit 0.113 broke "pkexec" in the case where your desktop environment didn't already install a polkit authentication agent. The background is, it's usually graphical applications that want to do things on your behalf as root or some other user, and you might need to authenticate yourself or even authenticate as root to do the action. However it would be ~~~~~clownshoes pants-on-fire zaniness~~~~~~~ if apps popped up dialog boxes asking you to put in the root password. Probably those apps have security vulnerabilities, and it can be hard to know if you should trust the app with those credentials, or trust the app as root, or trust that the permissions it appears to be asking you for correspond with what it's actually going to do. So desktop environments ship graphical authentication agents that are carefully coded to be able to use credentials in a very limited way: only to *answer* the polkit daemon's query that a user is authenticated. But in the absence of such an auth agent, it could be that pkexec has to install one on its own, to allow you to enter your password on the console. It's setuid IPC madness but I have followed most of the code paths and I am OK with it. But, this fallback console agent is broken in 0.113: https://bugs.freedesktop.org/show_bug.cgi?id=3D90837. So should polkit need to ask you for a password, it will take your password but then fail to authenticate. I have a patch to fix it: http://thread.gmane.org/gmane.comp.gnu.guix.devel/16906 but probably something else will go upstream (check that bug). For the specific permissions about the backlight helper, you need http://thread.gmane.org/gmane.comp.gnu.guix.devel/16937. Need to push that one along. Finally to actually have your backlight keys work, there is something still missing -- gnome-settings-daemon has to run and I don't have that fully working yet. Perhaps some other brave soul will get on this :) Happy hacking, Andy --=-=-= Content-Type: text/plain Content-Disposition: inline; filename=0001-gnu-system-Add-elogind-cgroup-mount.patch >From f9911bdc3ff24999b5b961f299f4a3b4461c381c Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Wed, 2 Mar 2016 20:29:47 +0100 Subject: [PATCH 1/2] gnu: system: Add elogind cgroup mount. * gnu/system/file-systems.scm (%elogind-file-systems): Add elogind cgroup mount. --- gnu/system/file-systems.scm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index d93044c..0891ed2 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -232,7 +232,16 @@ initrd code." (check? #f) (flags '(no-suid no-dev no-exec)) (options "mode=0755") - (create-mount-point? #t)))) + (create-mount-point? #t)) + ;; Elogind uses cgroups to organize processes, not to control them. + (file-system + (device "cgroup") + (mount-point "/sys/fs/cgroup/elogind") + (type "cgroup") + (check? #f) + (options "none,name=elogind") + (create-mount-point? #t) + (dependencies (list (car %control-groups)))))) (define %base-file-systems ;; List of basic file systems to be mounted. Note that /proc and /sys are -- 2.6.3 --=-=-= Content-Type: text/plain Content-Disposition: inline; filename=0002-gnu-elogind-Update-to-219.13.patch >From c4d97c9ea8f1ee48d847895e9b3ef974daa4fbdc Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Sun, 6 Mar 2016 19:00:29 +0100 Subject: [PATCH 2/2] gnu: elogind: Update to 219.13. * gnu/packages/freedesktop.scm (elogind): Update to 219.13. Remove build fix that is no longer needed. Update home page. --- gnu/packages/freedesktop.scm | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 6a28379..b6f6792 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -142,14 +142,14 @@ the freedesktop.org XDG Base Directory specification.") (define-public elogind (package (name "elogind") - (version "219.12") + (version "219.13") (source (origin (method url-fetch) (uri (string-append "https://wingolog.org/pub/" name "/" name "-" version ".tar.xz")) (sha256 (base32 - "13qc4f0dl7ynnfp1y565z2k0jjizly5w3dqhiqkdk7v6jr4pksb7")) + "0swwsgm28radjxf0s05a907wf0n524lckdya0rm3kqw6gy1hiax2")) (modules '((guix build utils))) (snippet '(begin @@ -165,10 +165,7 @@ the freedesktop.org XDG Base Directory specification.") (assoc-ref %build-inputs "libcap")) (string-append "--with-udevrulesdir=" (assoc-ref %outputs "out") - "/lib/udev/rules.d") - ;; XXX: fail with: - ;; src/shared/clean-ipc.c:315: undefined reference to `mq_unlink' - "LDFLAGS=-lrt") + "/lib/udev/rules.d")) #:make-flags '("PKTTYAGENT=/run/current-system/profile/bin/pkttyagent"))) (native-inputs `(("intltool" ,intltool) @@ -188,7 +185,7 @@ the freedesktop.org XDG Base Directory specification.") ;when pressing the power button ("dbus" ,dbus) ("eudev" ,eudev))) - (home-page "https://github.com/andywingo/elogind") + (home-page "https://github.com/wingo/elogind") (synopsis "User, seat, and session management service") (description "Elogind is the systemd project's \"logind\" service, extracted out as a separate project. Elogind integrates with PAM to provide -- 2.6.3 --=-=-=--