Received: (at 56971) by debbugs.gnu.org; 5 Aug 2022 06:56:28 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Aug 05 02:56:28 2022 Received: from localhost ([127.0.0.1]:55906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oJrFz-0007c4-LH for submit <at> debbugs.gnu.org; Fri, 05 Aug 2022 02:56:27 -0400 Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:44296 helo=nomad-cl1.muradm.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1oJrFy-0007bm-Bx; Fri, 05 Aug 2022 02:56:27 -0400 Received: from localhost ([127.0.0.1]:48190) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJrFO-0000ka-0f; Fri, 05 Aug 2022 06:55:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gjWarPNLax8K4Ja+fI9L7SKP6wbJv1vme2kZByFbgws=; b=MGUBxBVLg18BFxNeaz2lUuwJxf phaQvERNHuMPKY5wIXG/x4awDuAubxVK0j2dheJ/n+t6mq76YpBPKaEMt06g6ipGDefGS7MykEmPE LQ6/ysR0A/+TesgDwUlQEoW9HKPJwJ1I51TrY/bZgiJJhFo6WOdroNxyNXLisgqoEBSbhoKYcXi8C v65SAIr0aAMdto08RaiJuLUf4Kh0N5j6sBTVCg/HBagRbic/H14SjapZYMJOLmsOkoe3132yxuNho nKEpmTY4Arvj7OC6kbr6TEG6azA6o6NVGyTnxDsKiKElbwdsMgEu5eG9PunwfO8nxKGW92ypx3Rk6 Gpq46deOOHskMXRL9lvsXVVALVDStLNgJbhDWcHpRW2/2O8m2KfFsA5XiGUy2FtRumhoj+CbV12TB KsQgUv7CjqVcaP34ux5aRikgbvIicQokWZ/8Oy5V/5slquBQG0Z/08iIiMMfJNNLaW3h7OX1qX4zq nJdXHBubBZAqvfQNTi/tS8UV; Received: from muradm by localhost with local (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJrFs-0007Qo-0H; Fri, 05 Aug 2022 09:56:20 +0300 References: <87czdg2unf.fsf@HIDDEN> <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@HIDDEN> <874jys2m01.fsf@HIDDEN> <f87faa9307a2e57dd18cebfe93559b3261171695.camel@HIDDEN> User-agent: mu4e 1.8.7; emacs 29.0.50 From: muradm <mail@HIDDEN> To: Liliana Marie Prikler <liliana.prikler@HIDDEN> Subject: Re: greeter user permissions are not enough to talk with seatd Date: Fri, 05 Aug 2022 09:48:21 +0300 In-reply-to: <f87faa9307a2e57dd18cebfe93559b3261171695.camel@HIDDEN> Message-ID: <87r11v18mk.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 56971 Cc: control <at> debbugs.gnu.org, 56971 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; format=flowed Liliana Marie Prikler <liliana.prikler@HIDDEN> writes: > Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm: >> >> Liliana Marie Prikler <liliana.prikler@HIDDEN> writes: >> >> > [...] [L]ooking at the two patches, it appears they are to >> > be used in combination? >> > >> No, technically they are not strongly dependent on each other, >> could be applied one after another in no particular order. >> After both are applied, in cooperation they address this issue. > This is what I'm saying, albeit in different words. As far as I > understand, neither of these patches really accomplishes > anything if > not put together. Thus, you more or less opened three issues to > address one. Really I don't know what to comment here else. My analysis showed two independent issues, one is that seatd should have a declared group so that users of it could join it. This issues is not specific to greetd/greeter in any way. Any other greeting mechanism could fall short on this. And second, greeter today required conditional group to interact with seatd, or it could be any other group like input, usb, modem or else depending on user setup. Solutions are offered accordingly. Third issue, this bug I was asked to open. I don't understand, is it a sin to have multiple issues, or what is the problem here? > >> > >> seatd it self has to run as root. > Okay. > >> That TODO is from the initial commit, it is about cgroup file >> system mounting, and totally out of scope of this issue. > I didn't mean your code, I meant a suggestion from a reviewer > that you > haven't addressed yet (to my knowledge at least). done > > Cheers --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLsvxMACgkQ6M7O0mLO BeI5lBAAioynCgDd0ltCYi631xZwj0FxEFYSfN+V7h8OeOejwEbz8gJ6N38hNLTC yeoz8LnGapDH3ysf49KsMHw7u0gXb3WKuUGUIrKtXTk7FKHBQ6iZ1W3R3IsGaVY+ nCLci4SsrocwTHWhPV9bCS+ysRR9VqNUdKBX+06VoQRxlzMwie/eVXFtqyKEgQ+v sWi8trAMgrU/J8kEAZcit9pBDwz3zTTMeQjljVqpO5k3RbzSl6sjtw1gNZA/aGEw 77DnZ7IUHwJw6xcmGO6w/dmOywAeaD/hW+Uuu3Z/zwlh62q79rMNbD57bGHE7zYb afUB5WKEZfpdiNw+JR4mLPaHFDPL7DTwBwxoHCPqCK53t7VkFKTdCNa67rsOsZsY IwjmjnwOYOhk3MOra+EwZOb51fEL+Oxu3497I5wGfPxabHvhnpKKJrzKM20lP3yo akgcxZf/6qQfebM2LFYdB+yeZ3NJX5lIkhcenlJvH7F47X4jD20gMYP4Uk9W1DzC NotVcUl0MRzMbVLSbZq7RJZhxnxrNOZeckoemDmojlhiL2KS32irVof7HF+J56NW axzvkhJJj8MHWArvMgrR24Qre2rQnFcxDA08tfpOQykY/uqBB3PZMRIVtSxwIoK7 hYBgM2ZU3Vx0NJV4N2YJ/oZC7VgmXbdRh0f1TZVml+RMiIXGIc0= =SiA5 -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN
:bug#56971
; Package guix
.
Full text available.Received: (at 56971) by debbugs.gnu.org; 5 Aug 2022 06:11:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Aug 05 02:11:36 2022 Received: from localhost ([127.0.0.1]:55771 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oJqYW-0004D9-Rp for submit <at> debbugs.gnu.org; Fri, 05 Aug 2022 02:11:36 -0400 Received: from mailrelay.tugraz.at ([129.27.2.202]:31783) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>) id 1oJqYQ-0004Cq-EW; Fri, 05 Aug 2022 02:11:31 -0400 Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4LzZwp37t2z3wd1; Fri, 5 Aug 2022 08:11:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1659679882; bh=W6Jdf6pLwHs4rgV3+U9BDIGhWJe0zzyK4OTwNycrO3E=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=OgAwjNM21hksZLd4zfk/87kzhowhKRycSNTaX1IsT8i12U5eORyBlSRCkQPWmF2RT YfkSzYT6juHzhgHjdPQ+epk+UKfwuBiCHj3ZeNs/AnHq10npN+YOzJ7qD3f/DboIi2 +wMzjQvn69lvuMsIVlcXK7iCXGdjqfJ+HPFYI/aU= Message-ID: <f87faa9307a2e57dd18cebfe93559b3261171695.camel@HIDDEN> Subject: Re: greeter user permissions are not enough to talk with seatd From: Liliana Marie Prikler <liliana.prikler@HIDDEN> To: muradm <mail@HIDDEN> Date: Fri, 05 Aug 2022 08:11:21 +0200 In-Reply-To: <874jys2m01.fsf@HIDDEN> References: <87czdg2unf.fsf@HIDDEN> <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@HIDDEN> <874jys2m01.fsf@HIDDEN> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56971 Cc: control <at> debbugs.gnu.org, 56971 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm: > > Liliana Marie Prikler <liliana.prikler@HIDDEN> writes: > > > [...] [L]ooking at the two patches, it appears they are to > > be used in combination? > > > No, technically they are not strongly dependent on each other, > could be applied one after another in no particular order. > After both are applied, in cooperation they address this issue. This is what I'm saying, albeit in different words. As far as I understand, neither of these patches really accomplishes anything if not put together. Thus, you more or less opened three issues to address one. > > > seatd it self has to run as root. Okay. > That TODO is from the initial commit, it is about cgroup file > system mounting, and totally out of scope of this issue. I didn't mean your code, I meant a suggestion from a reviewer that you haven't addressed yet (to my knowledge at least). Cheers
bug-guix@HIDDEN
:bug#56971
; Package guix
.
Full text available.Received: (at 56971) by debbugs.gnu.org; 4 Aug 2022 13:10:02 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 04 09:10:02 2022 Received: from localhost ([127.0.0.1]:51570 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oJabx-0000ip-K5 for submit <at> debbugs.gnu.org; Thu, 04 Aug 2022 09:10:02 -0400 Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:52448 helo=nomad-cl1.muradm.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1oJabv-0000iG-Bk; Thu, 04 Aug 2022 09:10:00 -0400 Received: from localhost ([127.0.0.1]:47754) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJabL-0000WH-34; Thu, 04 Aug 2022 13:09:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=EoTFRh1mg+ibNGK4kDejVKqyjYI1neydj5gEU8HtRF4=; b=s8qkTpKn2XCJ6wIhdhbZibepcP 5HFJvrSHeVCxkRB0UnR3LOJljt1YJK7AWSI3FYGL59AGINlph0qKX1Zplmpv3sNflzdCilVd6qK6C zYIPvzYXOCAlS7XrUxXp80Ewp1i2ZpV0vUZ4H2H7qhZe86miM+P7BxAk/0SzOFqUDZaHl6UOoJrkX RsYMI7/hyWDb1T9AL17CsPgZYqeKvBorz8ZoLexr/ExWbsBtIQ0BBilL6ZuGTa+xWFGOayniY3hAZ j9k5igwtSG+GqIcQJh+TexFsnl5P2Odz8iYffCLs4e+BDiXSbetAs3vt5/kXWd03jKcd/VIqjAQAM tUo1r8fYn6JCd1Z4Rr+yF5ASzCAcuCXvSIxfQDREBDBdKh+KWEmqSCz/y4lw21k5JzcymIvdtKgis zQU23vdsDibY9PeGEsZt+K71AWZczfUjT++EHtEd9KI0oygTZr4FidELHIBwEriE2gd2JyCBgouKF SgoZ2MQKxTkZwKvH045mTWZk; Received: from muradm by localhost with local (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJabm-0004pC-1k; Thu, 04 Aug 2022 16:09:50 +0300 References: <87czdg2unf.fsf@HIDDEN> <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@HIDDEN> User-agent: mu4e 1.8.7; emacs 29.0.50 From: muradm <mail@HIDDEN> To: Liliana Marie Prikler <liliana.prikler@HIDDEN> Subject: Re: greeter user permissions are not enough to talk with seatd Date: Thu, 04 Aug 2022 15:52:32 +0300 In-reply-to: <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@HIDDEN> Message-ID: <874jys2m01.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 56971 Cc: control <at> debbugs.gnu.org, 56971 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Liliana Marie Prikler <liliana.prikler@HIDDEN> writes: > block 56971 by 56690 56699 > thanks > > Hi muradm, Hi Liliana, > Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm: >> [...] greeter (e.g. gtkgreet) requiring communication >> with seatd is failing to start, causing "black screen" >> behavior on active terminal (switching to the other non seatd >> related terminal is possible, for manual permissions >> adjustment as workaround). >> >> To address this issue, we need more flexible control over >> seatd user/group, which creates seatd.sock, and greeter user >> which connects to seatd.sock. > Okay. > >> However, not all greeters require that, so I decided to make >> more flexible. > Flexibility for its own sake is not always the right solution.=20 > On the > other hand, looking at the two patches, it appears they are to=20 > be used > in combination? > No, technically they are not strongly dependent on each other, could be applied one after another in no particular order. After both are applied, in cooperation they address this issue. >> Propsed solutions consists of: >> >> * 56690 - gnu: seatd-service-type: Should use seat group. >> With this change, if seatd-service-type is present in the >> system configuration, "seat" group will be added, and seatd >> will run as root/seat. Group is configurable, but default is >> "seat". > Why just the group and no user? Is it not possible to launch=20 > seatd as > non-root? seatd provides a way for display servers to access input/output=20 devices without having to be root. So seatd it self has to run as root. When seatd opening socket as root/seat, all members of seat would be able to communicate with it. Also socket could be opened with seat/seat for instance, but there is no specific point in doing=20 so. Will be one more unused system user around. Arch seems to follow similar way, root/seat is ok for socket. Also will signal that seatd is running as root. >> * 56699 - gnu: greetd-service-type: Add greeter-extra-groups >> =C2=A0 config field. >> With this change, if user wants to use seatd-service-type with >> greeter requiring seatd.sock, he can add "seat" group to >> greeter-extra-groups field. > Note that you still have a TODO on that patch. That TODO is from the initial commit, it is about cgroup file system mounting, and totally out of scope of this issue. > Cheers Thanks in advance --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLrxR4ACgkQ6M7O0mLO BeIiCA/+Ih2VS0QORe/ZLten/R8BQ/UczQtURdpatoidf55hTP3Kd/AE5xLWRw8U fUEjCsbEOSJQlZ92BmXcH6gSQenGBsL1p6xtKjm5rEdzza6dYEdeePI8oNzd7/Jf QkmY/Yt7MbJ6Oi5db1fSTDhyQk8d+YIYNNrXSFpvjGnmFdwuN53rCw47V6nJSQ5U +mQp4ypkZMh6BPwJH4CBjBP2pWmXI/X5Jn/lW92CbIRrH/CFnRlj/OWFnjJzbSef 4uciS0XeGkFQnVAxAgRl5DMEjESrx8dJL0cOLzu8h0c2k7l1fU2hG71ugn1fEnij na0zeWElfwAaXSIpHiftCwa0aKHsepm1gDuwWjkOzyV5lGr3zopFkRE0Mcuf1JUn jmm2Vc9rb0eQBLa46X6pkwZKRho3tzE+BxP64wvrUlFzhaRHKF5brquseqLQL7WU 0RUgAXm66f3OkJHQAiI8vmwKB7JlqHfOp8bDvVaTrkkEBMaSqWOerT80MOl5P8QV rKGgzS8dw+vT7ilGG+hfj4rVfY9fF8IEzXFusKJPfE3MuCDSkD2BySs0ZR87fHil 9JbOcsiDDXAJEoaJ5WuVzpcee6Ux0i6ZIIad/B3cdqA73P9cbV1gI4yvvYCD/Nq0 gXKl2T2uWLAwnVBtKEA1WclVNnRdR8v8j8r0KZkVVLhB/RknmG8= =ExNC -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN
:bug#56971
; Package guix
.
Full text available.Liliana Marie Prikler <liliana.prikler@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at 56971) by debbugs.gnu.org; 4 Aug 2022 11:08:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 04 07:08:09 2022 Received: from localhost ([127.0.0.1]:51418 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oJYi1-0001fB-2w for submit <at> debbugs.gnu.org; Thu, 04 Aug 2022 07:08:09 -0400 Received: from mailrelay.tugraz.at ([129.27.2.202]:22771) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>) id 1oJYhy-0001ey-Ba; Thu, 04 Aug 2022 07:08:07 -0400 Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4Lz5YZ40yCz1LX55; Thu, 4 Aug 2022 13:08:02 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4Lz5YZ40yCz1LX55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1659611282; bh=fAtWVJ1a/HiXTuLhmLuKHny1WNzS6phcFHa0PCKyLRY=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=P5JlhKlM9I4frLW42tjdiWAs0IgKExAk54O2eo0Ofsm/W5iQS8jKkMuayix8Xbn05 iaIH70WJTjLz7T3NLqI6+o2/m0rCa5lavNsstPj2Vz44M+AXUhXoKkfm4VrdwVrXCB QwgxPcZhiYno5WnjTqDbLR04aFkn7CPwQa9CBUIA= Message-ID: <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@HIDDEN> Subject: Re: greeter user permissions are not enough to talk with seatd From: Liliana Marie Prikler <liliana.prikler@HIDDEN> To: muradm <mail@HIDDEN>, 56971 <at> debbugs.gnu.org Date: Thu, 04 Aug 2022 13:08:01 +0200 In-Reply-To: <87czdg2unf.fsf@HIDDEN> References: <87czdg2unf.fsf@HIDDEN> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56971 Cc: control <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) block 56971 by 56690 56699 thanks Hi muradm, Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm: > [...] greeter (e.g. gtkgreet) requiring communication > with seatd is failing to start, causing "black screen" > behavior on active terminal (switching to the other non seatd > related terminal is possible, for manual permissions > adjustment as workaround). > > To address this issue, we need more flexible control over > seatd user/group, which creates seatd.sock, and greeter user > which connects to seatd.sock. Okay. > However, not all greeters require that, so I decided to make > more flexible. Flexibility for its own sake is not always the right solution. On the other hand, looking at the two patches, it appears they are to be used in combination? > Propsed solutions consists of: > > * 56690 - gnu: seatd-service-type: Should use seat group. > With this change, if seatd-service-type is present in the > system configuration, "seat" group will be added, and seatd > will run as root/seat. Group is configurable, but default is > "seat". Why just the group and no user? Is it not possible to launch seatd as non-root? > * 56699 - gnu: greetd-service-type: Add greeter-extra-groups > config field. > With this change, if user wants to use seatd-service-type with > greeter requiring seatd.sock, he can add "seat" group to > greeter-extra-groups field. Note that you still have a TODO on that patch. Cheers
bug-guix@HIDDEN
:bug#56971
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 4 Aug 2022 10:03:13 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 04 06:03:13 2022 Received: from localhost ([127.0.0.1]:51334 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oJXhA-0008Cv-Ls for submit <at> debbugs.gnu.org; Thu, 04 Aug 2022 06:03:13 -0400 Received: from lists.gnu.org ([209.51.188.17]:47100) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mail@HIDDEN>) id 1oJXh8-0008Cn-7C for submit <at> debbugs.gnu.org; Thu, 04 Aug 2022 06:03:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <mail@HIDDEN>) id 1oJXh3-0008UD-Uu for bug-guix@HIDDEN; Thu, 04 Aug 2022 06:03:07 -0400 Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:56972 helo=nomad-cl1.muradm.net) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <mail@HIDDEN>) id 1oJXh2-0002VN-6c for bug-guix@HIDDEN; Thu, 04 Aug 2022 06:03:05 -0400 Received: from localhost ([127.0.0.1]:33536) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJXgV-0000Ku-2f for bug-guix@HIDDEN; Thu, 04 Aug 2022 10:02:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FXsQCo4n3WuhprTQ6Nk9NsXYsLr5Up3oa/nL/7WbZrY=; b=Qg4sQasb14tGVukIGE1bL54yki RLozMhjlQ6txliDXbOilN2RXOdFkv+AlGtd/Qi7ZbPdGz+9omcXfiwPRLMSLF0Xth9mhXwKTkEr00 OFNQod7ry5HIYitKZWaePWuw5/ixnJA9kDwKeiEnOyQIlePuxkRy7PNrPCDsHXX5+k1HH99nGe41L qTw2ZNVvIV3bYYcviufwHvHLI/xqZmvmWGK4HxJ1eFEbSDP7yGjAo2YASlehkOnDkXA8N8rk4oBLW QhvBvmr4h9D8612gtA8N7zb9tj7g8mQ5Bo4zksH/00XRDDlqb+IEGO6IdXWXCXJbWdBeE6pGdFdIg eWwC1M10q1eDhablIuLW1Ltlifr20I9bx2FTAcsRkdaQQHeivHwGqwVjXWTAlbMITWtxH6HbidPot pIYc166c8F43H0FIyC18dluxs1+I6W+WOwbGAOwC0kYCs2Cy1jPzUlXVq71CljrU9j5M5fc/9Qnw3 j8MCJoyQG5+OskmhpW64IEm4; Received: from muradm by localhost with local (Exim 4.96) (envelope-from <mail@HIDDEN>) id 1oJXgy-0003yr-2D for bug-guix@HIDDEN; Thu, 04 Aug 2022 13:03:00 +0300 User-agent: mu4e 1.8.7; emacs 29.0.50 From: muradm <mail@HIDDEN> To: bug-guix@HIDDEN Subject: greeter user permissions are not enough to talk with seatd Date: Thu, 04 Aug 2022 12:45:13 +0300 Message-ID: <87czdg2unf.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=139.162.159.157; envelope-from=mail@HIDDEN; helo=nomad-cl1.muradm.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; format=flowed Hi, As per discussion here: https://lists.gnu.org/archive/html/guix-devel/2022-08/msg00020.html Above change reduced permissions of greeter user. While it is ok for greeters that do not talk to seatd, greeters talking to seatd lost access to seatd socket. As result, greeter (e.g. gtkgreet) requiring communication with seatd is failing to start, causing "black screen" behavior on active terminal (switching to the other non seatd related terminal is possible, for manual permissions adjustment as workaround). To address this issue, we need more flexible control over seatd user/group, which creates seatd.sock, and greeter user which connects to seatd.sock. Other distros (Arch for instance) introduced "seat" group. So user which wants to login on system controlled by seatd should be member of that group. However, not all greeters require that, so I decided to make more flexible. Propsed solutions consists of: * 56690 - gnu: seatd-service-type: Should use seat group. With this change, if seatd-service-type is present in the system configuration, "seat" group will be added, and seatd will run as root/seat. Group is configurable, but default is "seat". * 56699 - gnu: greetd-service-type: Add greeter-extra-groups config field. With this change, if user wants to use seatd-service-type with greeter requiring seatd.sock, he can add "seat" group to greeter-extra-groups field. Thanks in advance, muradm --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLrmVQACgkQ6M7O0mLO BeJFohAAr/iwhBTm8Ge6F/u/RRnlewbKP5VcZaU2sR1ck6NqQ27eFU1Zn+ZqUDA9 6tWjCMg/lfpxBt91+V9HOdOQY+3v0Yno6SqkMODYsQFLB8w1LvHAchpJaju43Z21 B84viXLYJHFXKBQvWi9nuH8mB5q7icZ8bmGGqP/SXh7Gf4v1jeKJEHFl4Gmn0SW2 AGu9+rjE9WUlqhEKiYgXvok90WCHu0syBzGD9bpOfOHMvgOFsYLBqP7BSSm84Kso VpT7+6ZB5Xh9De0BCFr4CUInKrSwmNJQEs7ShkXGfPVJHa1AGDSXdTwEURJRHYXZ 8erF9etX4J5Mi0lgT/hST8PCV18E0//le0WXs5PiYYnKfCHp/SmFqEI1aDkiFlEE rCvKLiVedglaaUSxjx6uSSgjk5A1/SAZCFEgrMWlJsduKuXzkUsSyN+Ai/iQGn7I UEqWbApWRXdJrBbviAb5LtokVAelnT9KksXlxXiANLLXUN6xds1IuR/nBZekqi3K YK/U4CSNhv+Bpdd5fgat58t2l9nY23ELAe4IORSPzpmNGEcMHUkadesuaSdaMgZs f0YwGKFQ44KzHYazrcQKwl+RljGggL7MfsUOrK5J0AJscZGLSuDKGYAg9jIoIRtZ s8KvNOcocG5o+/Li1utgPIIYwTROFc1rV7FMrwUIKuypCbTQak4= =fLZ+ -----END PGP SIGNATURE----- --=-=-=--
muradm <mail@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#56971
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.