Re: "not authorised" doing various desktoppy things [and 1 more messages] [and 1 more messages]
On Tue, 17 Jan 2017 13:35:14 + Ian Jacksonwrote: > [1] AIUI this is when your laptop suspends to RAM, but after a timeout > or when the battery is low, wakes up so that it can suspend to disk. Linux implements hybrid sleep by going ahead and writing the hibernation image out, then suspending to RAM. That makes it take longer to sleep, but it doesn't have to wake up later on a timer (likely in an enclosed bag). If you wake it up while still suspended to RAM, it can wake up fast and ignore the hibernation image; if it runs out of battery and loses power, then when you power it back on it'll resume from the hibernation image and still not lose state.
Re: "not authorised" doing various desktoppy things [and 1 more messages] [and 1 more messages]
Martín Ferrari writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > This seems to solve the problem for me, thank you very much! (And I hope > you can get this in for stretch!) Thanks to everyone for their reports. This is very helpful. Currently experimental has 10-3~exp2 which also has a patch from Nikolaus Schulz to support hybrid sleep[1]. I don't use this myself so reports on that would also be welcome. I indeed intend to push this to sid in the next few days, with the plan that it will be in stretch. Thanks, Ian. [1] AIUI this is when your laptop suspends to RAM, but after a timeout or when the battery is low, wakes up so that it can suspend to disk. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On So, Jan 15, 2017 at 04:43:11 +, Ian Jackson wrote: I have just uploaded systemd-shim 10-3~exp1 to experimental. I seems to fix the problem for me. Depending on feedback, I will upload this to sid in the next few days. Thank you very much. I don’t have problems either. Stephan -- | Stephan Seitz E-Mail: s...@fsing.rootsland.net | | Public Keys: http://fsing.rootsland.net/~stse/keys.html | smime.p7s Description: S/MIME cryptographic signature
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On 15/01/17 13:43, Ian Jackson wrote: > Ian Jackson writes ("Re: "not authorised" doing various desktoppy things [and > 1 more messages]"): >> More news later today. > > I have just uploaded systemd-shim 10-3~exp1 to experimental. I seems > to fix the problem for me. Depending on feedback, I will upload this > to sid in the next few days. This seems to solve the problem for me, thank you very much! (And I hope you can get this in for stretch!) -- Martín Ferrari (Tincho)
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Ian Jackson writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > More news later today. I have just uploaded systemd-shim 10-3~exp1 to experimental. I seems to fix the problem for me. Depending on feedback, I will upload this to sid in the next few days. Thanks, Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
tl;dr TYVM to Michael Biebl I intend QA upload of systemd-shim with Michael's wrapper Michael Biebl writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > Am 05.01.2017 um 19:56 schrieb Michael Biebl: > > Then copy the attached wrapper script to /usr/lib/x86_64-linux-gnu/ > > and make it executable. > > Obviously, the wrapper script should start systemd-shim.orig. Well, I only previously glanced at this script. I thought it was a way to collect more information. Now that I sit down to deal with this problem properly, I discover that actually it fixes the problem! Thank you very much (and I'm sorry now that I was a bit avoidant about trying this, thinking that it would be part of a big and stressy debugging and spelunking session). Correct me if I'm wrong, but I think the right thing is probably to do is ship this comaptibility workaround in stretch. I looked on my system and filesystems of type cgroup are not mounted anywhere else. And I'm not sure what is using /sys/fs/cgroup/systemd but it doesn't seem to be systemd-shim. I guess then that this is something that used to be done by one bit of systemd and is now done by another bit, so that it now has to also be done by systemd-shim ? So my plan is to do a QA upload of systemd-shim which includes a variant of your wrapper script (perhaps with set -e added...). I looked at the code in systemd-shim and implementing this code in its C code doesn't look very convenient. (It's also possible that this should be done in an init script but I haven't considered that properly.) I haven't decided whether to put give the wrapper the name `/usr/lib/x86_64-linux-gnu/systemd-shim' as you did, or alternatively whether to give it a new name and change the reference in /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service Unless anyone has an opinion I'll do whatever is easier. More news later today. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Fri, Jan 06, 2017 at 01:58:50PM +0100, Ansgar Burchardt wrote: > > > Including access to devices (which X wants these days)? > > > > That's just for ancient graphics cards (ie, with no KMS/DRM support) > > without xserver-xorg-legacy, right? > > logind is required for drivers using KMS and *not* the legacy suid > wrapper, see /usr/share/doc/xserver-xorg-core/NEWS.Debian.gz. Nope, I don't have systemd (and thus logind) on any of my non-virtual machines, I don't have xserver-xorg-legacy either, yet X works fine. I've just pulled out the oldest box I have in my junk pile (a pre-amd64 Pentium4 with Intel 82915G/GV/910GL), installed current X on it -- works fine without logind. Non-KMS stuff you need xorg-legacy for sounds ISAish. On the other hand, hurd which has no KMS does need xorg-legacy. > I think wayland does the same (I haven't used it though). Me neither. > So eventually alternatives should probably provide an alternative for > this part of logind too. I guess that "relies on logind" part is true only under systemd? At least, other VT manipulating tools like "open" run into permissions problem there too. Meow! -- Autotools hint: to do a zx-spectrum build on a pdp11 host, type: ./configure --host=zx-spectrum --build=pdp11
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Fri, 2017-01-06 at 07:48 +0100, Adam Borowski wrote: > On Thu, Jan 05, 2017 at 12:19:08PM +0100, Ansgar Burchardt wrote: > > With elogind do you mean https://github.com/wingo/elogind? That > > project doesn't look very active. > > > > Is there any active project trying to reimplement the logind API? > > Consolekit2 for example; it suffers from being a fork of consolekit > codebase though. That one looks indeed still active. > > Including access to devices (which X wants these days)? > > That's just for ancient graphics cards (ie, with no KMS/DRM support) > without xserver-xorg-legacy, right? logind is required for drivers using KMS and *not* the legacy suid wrapper, see /usr/share/doc/xserver-xorg-core/NEWS.Debian.gz. I think wayland does the same (I haven't used it though). So eventually alternatives should probably provide an alternative for this part of logind too. Ansgar
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Thu, Jan 05, 2017 at 12:19:08PM +0100, Ansgar Burchardt wrote: > On Thu, 2017-01-05 at 11:22 +0100, Adam Borowski wrote: > > Neither systemd-shim nor consolekit are solutions that are viable in > > the long term, the sooner we get rid of both, the better. I don't > > know what's a good alternative, though. Loginkit is > > vapourware. Elogind maybe? > > With elogind do you mean https://github.com/wingo/elogind? That > project doesn't look very active. > > Is there any active project trying to reimplement the logind API? Consolekit2 for example; it suffers from being a fork of consolekit codebase though. I haven't done the research, my current solution works for me so far (even if I know it's not going to last). > Including access to devices (which X wants these days)? That's just for ancient graphics cards (ie, with no KMS/DRM support) without xserver-xorg-legacy, right? Meow! -- Autotools hint: to do a zx-spectrum build on a pdp11 host, type: ./configure --host=zx-spectrum --build=pdp11
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Am 05.01.2017 um 19:56 schrieb Michael Biebl: > Then copy the attached wrapper script to /usr/lib/x86_64-linux-gnu/ > and make it executable. Obviously, the wrapper script should start systemd-shim.orig. Fixed one attached. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? #!/bin/sh # We rely on cgmanager to setup /sys/fs/cgroup if ! mountpoint -q /sys/fs/cgroup; then echo "cgmanager has not setup /sys/fs/cgroup or is not running, exiting" exit 1 fi # Mount legacy cgroup controller at /sys/fs/cgroup/systemd if ! mountpoint -q /sys/fs/cgroup/systemd; then mkdir -p /sys/fs/cgroup/systemd mount -t cgroup -o nosuid,noexec,nodev,none,name=systemd systemd /sys/fs/cgroup/systemd fi mkdir -p /run/systemd exec /usr/lib/x86_64-linux-gnu/systemd-shim.orig signature.asc Description: OpenPGP digital signature
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Am 04.01.2017 um 20:12 schrieb Ian Jackson: > Michael Biebl writes ("Re: "not authorised" doing various desktoppy things > [and 1 more messages]"): >> Am 04.01.2017 um 12:07 schrieb Ian Jackson: >>> I think #844785 needs a fix though. >> >> Agreed. Does anyone who uses sysvinit want to look into this? > > Um, me ? Well, I don't particularly want to but I intend to. > Help from all quarters gratefully accepted. Assuming you use amd64 (adjust the paths if necessary for i386): # mv /usr/lib/x86_64-linux-gnu/systemd-shim /usr/lib/x86_64-linux-gnu/systemd-shim.orig Then copy the attached wrapper script to /usr/lib/x86_64-linux-gnu/ and make it executable. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? #!/bin/sh # We rely on cgmanager to setup /sys/fs/cgroup if ! mountpoint -q /sys/fs/cgroup; then echo "cgmanager has not setup /sys/fs/cgroup not running, exiting" exit 1 fi # Mount legacy cgroup controller at /sys/fs/cgroup/systemd if ! mountpoint -q /sys/fs/cgroup/systemd; then mkdir -p /sys/fs/cgroup/systemd mount -t cgroup -o nosuid,noexec,nodev,none,name=systemd systemd /sys/fs/cgroup/systemd fi mkdir -p /run/systemd exec /usr/lib/x86_64-linux-gnu/systemd-shim signature.asc Description: OpenPGP digital signature
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Thu, 2017-01-05 at 11:22 +0100, Adam Borowski wrote: > Neither systemd-shim nor consolekit are solutions that are viable in > the long term, the sooner we get rid of both, the better. I don't > know what's a good alternative, though. Loginkit is > vapourware. Elogind maybe? With elogind do you mean https://github.com/wingo/elogind? That project doesn't look very active. Is there any active project trying to reimplement the logind API? Including access to devices (which X wants these days)? Ansgar
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Adam Borowski writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > In my experience, systemd-shim never worked in the first place, so this is > no regression. I see results that Ian observes since the day policykit and > friends were recompiled against logind rather than consolekit. It's > somewhat puzzling that it's reported to have worked for _some_ people in the > past. It worked for me earlier in the year. I don't know what set of versions that was, but I installed one of the stretch alphas and it worked until quite recently. And the submitters of #844785 seem to see something similar. > Neither systemd-shim nor consolekit are solutions that are viable in the > long term, the sooner we get rid of both, the better. I don't know what's > a good alternative, though. Loginkit is vapourware. Elogind maybe? Surely this is something to think about for buster. (Having said that, I haven't heard of most of these things and I generally don't have a clue what I'm doing in this area.) Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Wed, Jan 04, 2017 at 07:21:42PM +0100, Michael Biebl wrote: > Am 04.01.2017 um 12:07 schrieb Ian Jackson: > > I think #844785 needs a fix though. > > Agreed. Does anyone who uses sysvinit want to look into this? In my experience, systemd-shim never worked in the first place, so this is no regression. I see results that Ian observes since the day policykit and friends were recompiled against logind rather than consolekit. It's somewhat puzzling that it's reported to have worked for _some_ people in the past. At home, I'm still using my set of rebuilds against consolekit (semi-public repository: http://angband.pl/debian nosystemd-{jessie,stretch})[1]. That's not because of any love towards consolekit -- it's a piece of crap that needs to die -- but because it works for me. Neither systemd-shim nor consolekit are solutions that are viable in the long term, the sooner we get rid of both, the better. I don't know what's a good alternative, though. Loginkit is vapourware. Elogind maybe? Meow! [1]. Also built with all references to libsystemd0 eradicated; this is not because of bloat concerns but because in multiple cases the detection is done at compile time rather than runtime, thus purging libsystemd0 is a cheap way to ensure it's not needed. -- Autotools hint: to do a zx-spectrum build on a pdp11 host, type: ./configure --host=zx-spectrum --build=pdp11
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Michael Biebl writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > Am 04.01.2017 um 12:07 schrieb Ian Jackson: > > I think #844785 needs a fix though. > > Agreed. Does anyone who uses sysvinit want to look into this? Um, me ? Well, I don't particularly want to but I intend to. Help from all quarters gratefully accepted. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Am 04.01.2017 um 12:07 schrieb Ian Jackson: > I think #844785 needs a fix though. Agreed. Does anyone who uses sysvinit want to look into this? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Re: "not authorised" doing various desktoppy things [and 1 more messages]
On Wed, 04 Jan 2017 at 02:10:56 +, Ian Jackson wrote: > Michael Biebl writes ("Re: "not authorised" doing various desktoppy things"): > > Check if your session is marked as active and local > > $ loginctl show-session $XDG_SESSION_ID > > I see (amongst other things): > > Remote=no > Active=yes > State=active Looks like the situation where polkit should allow most things. If you were using the systemd service (and cgroup) manager, I'd ask you to run `systemd-cgls` and/or `loginctl user-status` to visualize the hierarchy of processes and cgroups that logind would use to match processes to sessions, specifically looking for the process that you think should be allowed to communicate with NetworkManager or udisks2 or other privileged services; but I don't know whether that works under systemd-shim. > I have frankly no idea what to expect from the > communication between systemd-shim and systemd-logind Mostly D-Bus, I think? Arranging for `dbus-monitor --system` to be run as root and directed to a log before you log in might be useful. (To work properly this requires at least stretch's version of dbus.) > or even where to look for logs If you were using systemd, the answer would be the Journal, or the human-readable subset of the Journal that ends up in syslog. But you're not, so I don't know. syslog? /proc/kmsg? > I found this in my .xsession-errors: > > dbus-update-activation-environment: systemd --user not found, ignoring > --systemd argument That should be harmless: I don't think systemd-shim is meant to start systemd --user. If you were using the full systemd suite, logind would have asked the system service manager (/lib/systemd/systemd, pid 1, uid 0) to start a user service manager (/lib/systemd/systemd --user, pid > 1, your own uid) on your behalf, and dbus-update-activation-environment would have communicated with the user service manager to update its idea of what the environment should be to include whatever came from your Xsession.d. That's a secondary function: d-u-a-e's main job is to communicate with dbus-daemon --session to do the same thing. polkit interactions are about system-level functionality (pid 1, dbus-daemon --system, *dm, PAM), and not about what happens among an individual user's processes (systemd --user, dbus-daemon --session, .xinitrc or equivalent). S
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Ansgar Burchardt writes ("Re: "not authorised" doing various desktoppy things [and 1 more messages]"): > Ian Jackson writes: > > In fact I didn't have libpam-systemd installed for some strange > > reason, but installing it hasn't helped. (All the symptoms I report > > above are with it installed.) > > How did you not have libpam-systemd installed? network-manager has > Depends: policykit-1 and policykit-1 has Depends: libpam-systemd. I'm afraid I don't know for sure. I think this was probably a weirdness on my system due to odd things I did to it, and not a bug in any package dependencies. When I asked apt-get to install libpam-systemd, it upgraded a number of other packages. I don't think this is worth investigating further. I think #844785 needs a fix though. Tips for where to look would be very welcome. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Ian Jackson writes: > Michael Biebl writes ("Re: "not authorised" doing various desktoppy things"): > I'm not sure I need "logind integration" in my X server but perhaps I > do ? Only if you want to start X as non-root. > Simon McVittie writes ("Re: "not authorised" doing various desktoppy things"): >> None of this works unless you have libpam-systemd installed and enabled. >> That PAM module is somewhat mis-named: it's really for systemd-logind, >> the user/login manager, and not the systemd init/service manager. > > In fact I didn't have libpam-systemd installed for some strange > reason, but installing it hasn't helped. (All the symptoms I report > above are with it installed.) How did you not have libpam-systemd installed? network-manager has Depends: policykit-1 and policykit-1 has Depends: libpam-systemd. Ansgar
Re: "not authorised" doing various desktoppy things [and 1 more messages]
Michael Biebl writes ("Re: "not authorised" doing various desktoppy things"): > Check if your session is marked as active and local > $ loginctl show-session $XDG_SESSION_ID I see (amongst other things): Remote=no Active=yes State=active > Might be #844785 Perhaps it is. The symptoms seem similar. Obviously it's not ideal that systemd-shim is orphaned. I would like to fix this rather than just working around it by putting my account in some appropriate config files. Can anyone suggest a better strategy than a git bisect on the systemd package source code ? I have frankly no idea what to expect from the communication between systemd-shim and systemd-logind, or even where to look for logs. I found this in my .xsession-errors: dbus-update-activation-environment: systemd --user not found, ignoring --systemd argument And this in my Xorg.0.log: Xorg.0.log:[ 8.993] (II) systemd-logind: logind integration requires -keeptty and -keeptty was not provided, disabling logind integration I'm not sure I need "logind integration" in my X server but perhaps I do ? Simon McVittie writes ("Re: "not authorised" doing various desktoppy things"): > [stuff] Thanks for the comprehensive explanation. > None of this works unless you have libpam-systemd installed and enabled. > That PAM module is somewhat mis-named: it's really for systemd-logind, > the user/login manager, and not the systemd init/service manager. In fact I didn't have libpam-systemd installed for some strange reason, but installing it hasn't helped. (All the symptoms I report above are with it installed.) Ian. -- Ian JacksonThese opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.