From: ludo@gnu.org (Ludovic Courtès)
To: Andy Wingo <wingo@igalia.com>
Cc: guix-devel@gnu.org
Subject: Re: [PATCHES] Update elogind to 219.13
Date: Mon, 07 Mar 2016 11:01:56 +0100 [thread overview]
Message-ID: <87pov6vc6j.fsf@gnu.org> (raw)
In-Reply-To: <871t7m7jqx.fsf@igalia.com> (Andy Wingo's message of "Mon, 07 Mar 2016 09:52:22 +0100")
Andy Wingo <wingo@igalia.com> skribis:
> On Sun 06 Mar 2016 22:35, ludo@gnu.org (Ludovic Courtès) writes:
>
>> Andy Wingo <wingo@igalia.com> skribis:
>>
>>> 2. How elogind maps PIDs to sessions
>>> ------------------------------------
>>>
>>> Systemd uses cgroups in two ways: one, to organize the tree of processes
>>> into users, slices, machines, sessions, and scopes; and two, to allow
>>> the user to balance resource usage between users, slices, etc.
>>
>> systemd-logind already uses a cgroup like /sys/fs/cgroups/elogind,
>> right?
>
> Yes, but it's managed by the systemd part (rather than logind) and
> called /sys/fs/cgroups/systemd. logind has to do RPC to systemd to
> wrangle the groups.
Oh right, I remember you mentioned it before.
> I forgot to mention one thing. So, the original cgroups work gives the
> ability to partition the set of PIDs on a system using a custom
> hierarchy. However it becomes complicated because resource
> controllers (sometimes called "subsystems") can only be attached to one
> of those hierarchies. Because in systemd you often want to group and
> also control, systemd can attach a configurable set of controllers to
> its hierarchy also. This configuration can be a bit of a mess.
>
> This multi-rooted hierarchy of control is a flaw in the design of
> cgroups that is fixed with what's called the "unified cgroups", or
> cgroups v2.
>
> https://lwn.net/Articles/601840/
>
> Cgroups v2 just landed in the kernel:
>
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/cgroup-v2.txt
>
> But cgroups v1, which is what we use, will be around for a long time. I
> haven't fully grokked the new cgroups to know how to use them. We can
> switch at some point in the future.
Cool, makes sense.
>>> Polkit 0.113 broke "pkexec" in the case where your desktop environment
>>> didn't already install a polkit authentication agent.
>>
>> Would it make sense to apply your patch until upstream has a better fix?
>> What are the risks?
>
> The risk is that somehow I have introduced a flaw that allows local root
> escalation. I have the patch applied but I don't think it's a good
> thing to ship in a distro without review. I would hold off on it for
> now, it's only good in the case that you use the built-in authentication
> agent in pkexec, and then only if you need to authenticate using PAM
> rather than because some rule gave you implicit permissions.
OK, better wait for upstream to provide a patch, indeed.
BTW, a few days ago we were discussing on IRC the fact that elogind
would start before dbus-daemon, and thus get respawned a couple of times
at system startup, etc. Yesterday, with commit 956ad60, I changed it to
be started through D-Bus activation, so we should be safe now.
Cheers,
Ludo’.
next prev parent reply other threads:[~2016-03-07 10:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-06 18:41 [PATCHES] Update elogind to 219.13 Andy Wingo
2016-03-06 21:35 ` Ludovic Courtès
2016-03-07 8:52 ` Andy Wingo
2016-03-07 10:01 ` Ludovic Courtès [this message]
2016-03-07 11:03 ` Andy Wingo
2016-03-07 12:09 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pov6vc6j.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=wingo@igalia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.