Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
23.07.2020 22:25, Neil Bothwick пишет: > On Thu, 23 Jul 2020 15:15:04 +0300, i.Dark_Templar wrote: > >> With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i >> -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- >> :$nextdisplay" from running X11 session and get myself a separate new >> X11 session running from different user. >> >> With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to >> do this if line 'allowed_users = anybody' is added to file >> '/etc/X11/X11/Xwrapper.config'. >> >> But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a >> similar setup to work. I've tried adding options '-keeptty' or 'vt?' or >> both, but all I get are errors like these: >> >> Fatal server error: >> (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) > > Is your new user a member of the tty group? > > No. Should I add every user I wish to allow running Xorg without suid in such setup to tty group? I don't like such idea. Currently, there are no users in this group. Granting a user permissions to control every tty looks like an overkill and an insecure setting. I'm not trying to fix this setup at any cost. I'm trying to figure out if it's possible to do this without suid and I'm just missing something, or if I should stick to suid for my use-case.
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
On Thu, 23 Jul 2020 15:15:04 +0300, i.Dark_Templar wrote: > With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i > -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- > :$nextdisplay" from running X11 session and get myself a separate new > X11 session running from different user. > > With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to > do this if line 'allowed_users = anybody' is added to file > '/etc/X11/X11/Xwrapper.config'. > > But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a > similar setup to work. I've tried adding options '-keeptty' or 'vt?' or > both, but all I get are errors like these: > > Fatal server error: > (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) Is your new user a member of the tty group? -- Neil Bothwick Old hitchhikers never die-they just throw in the towel. pgpxgmHYN0ArJ.pgp Description: OpenPGP digital signature
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
On Thu, 23 Jul 2020 19:38:21 +0300, i.Dark_Templar wrote: > I'm using --newuse (-N). According to 'man emerge', --newuse and > --changed-use are pretty similar, but if disabled USE-flag is added or > removed for package without version change, --changed-use does not > trigger rebuild of package. That's not quite right. The difference is that --changed-use won't trigger a rebuild if the change of use flag makes no difference on your settings whereas --newuse will always rebuild for a changed flag. It has noting to sdo with version changes, which will always case a rebuild because you are using -u. -- Neil Bothwick Adolescence, n.: The stage between puberty and adultery. pgpB_lX8NkfwU.pgp Description: OpenPGP digital signature
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
i.Dark_Templar wrote: > 23.07.2020 19:29, Matt Connell (Gmail) пишет: >> On Thu, 2020-07-23 at 19:24 +0300, i.Dark_Templar wrote: >>> 23.07.2020 19:05, Walter Dnes пишет: >>> On Thu, Jul 23, 2020 at 03:15:04PM +0300, i.Dark_Templar wrote > Hi. > I've tried using xorg-server[elogind,-suid] and got an issue. I know this may sound too simple, but did you update world? News item https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html says... >>> >>> Yes, of course. I usually do 'emerge -avuDN system world' >> I may be way off base, but would the changed-use flag (-U / --changed- >> use) have been needed in order to apply this change? >> >> > I'm using --newuse (-N). According to 'man emerge', --newuse and > --changed-use are pretty similar, but if disabled USE-flag is added or > removed for package without version change, --changed-use does not > trigger rebuild of package. > > Anyway, I just tried running 'emerge -avuUDN system world', and it > reported 'Nothing to merge'. > > Just a FYI. If you put world as a set, you can leave out system. The world set will pull in the system set so it will save you some typing. Just a thought. Dale
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
23.07.2020 19:29, Matt Connell (Gmail) пишет: > On Thu, 2020-07-23 at 19:24 +0300, i.Dark_Templar wrote: >> 23.07.2020 19:05, Walter Dnes пишет: >> >>> On Thu, Jul 23, 2020 at 03:15:04PM +0300, i.Dark_Templar wrote Hi. I've tried using xorg-server[elogind,-suid] and got an issue. >>>I know this may sound too simple, but did you update world? News item >>> https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html >>> says... >> >> >> Yes, of course. I usually do 'emerge -avuDN system world' > > I may be way off base, but would the changed-use flag (-U / --changed- > use) have been needed in order to apply this change? > > I'm using --newuse (-N). According to 'man emerge', --newuse and --changed-use are pretty similar, but if disabled USE-flag is added or removed for package without version change, --changed-use does not trigger rebuild of package. Anyway, I just tried running 'emerge -avuUDN system world', and it reported 'Nothing to merge'.
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
On Thu, 2020-07-23 at 19:24 +0300, i.Dark_Templar wrote: > 23.07.2020 19:05, Walter Dnes пишет: > > > On Thu, Jul 23, 2020 at 03:15:04PM +0300, i.Dark_Templar wrote > > > Hi. > > > I've tried using xorg-server[elogind,-suid] and got an issue. > >I know this may sound too simple, but did you update world? News item > > https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html > > says... > > > Yes, of course. I usually do 'emerge -avuDN system world' I may be way off base, but would the changed-use flag (-U / --changed- use) have been needed in order to apply this change?
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
23.07.2020 19:05, Walter Dnes пишет: > On Thu, Jul 23, 2020 at 03:15:04PM +0300, i.Dark_Templar wrote >> Hi. >> >> I've tried using xorg-server[elogind,-suid] and got an issue. > > I know this may sound too simple, but did you update world? News item > https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html > says... > Yes, of course. I usually do 'emerge -avuDN system world', and I have following options in make.conf: EMERGE_DEFAULT_OPTS="--with-bdeps=y --binpkg-respect-use=y --autounmask=n --complete-graph=y --keep-going" And I did following sequence after emerging xorg-server with different USE-flags before testing it: logout out of X11 session, login into console session as root, restart xdm service (restart sddm), login into KDE session via SDDM. KDE session works fine, but I can't start one more X11 session from it. While I didn't test it, I guess X11 session could be started fine from user if you login into a console session (text-only session), but when I try to start one more X11 session from already running X11 session, I hit insufficient permissions error. >> to globally enable 'elogind' USE flag and update the system >> >> # emerge --newuse @world >> >> Afterwards, one will need to re-login, so the PAM can assign a >> seat. One can confirm that a seat has been assigned upon login >> by running: >> >> $ loginctl user-status > As far as I can see elogind works fine for me in usual scenario: login via SDDM.
Re: [gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
On Thu, Jul 23, 2020 at 03:15:04PM +0300, i.Dark_Templar wrote > Hi. > > I've tried using xorg-server[elogind,-suid] and got an issue. I know this may sound too simple, but did you update world? News item https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html says... > to globally enable 'elogind' USE flag and update the system > > # emerge --newuse @world > > Afterwards, one will need to re-login, so the PAM can assign a > seat. One can confirm that a seat has been assigned upon login > by running: > > $ loginctl user-status -- Walter Dnes I don't run "desktop environments"; I run useful applications
[gentoo-user] xorg-server[elogind,-suid] and starting additional Xorg session from running Xorg session
Hi. I've tried using xorg-server[elogind,-suid] and got an issue. With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- :$nextdisplay" from running X11 session and get myself a separate new X11 session running from different user. With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to do this if line 'allowed_users = anybody' is added to file '/etc/X11/X11/Xwrapper.config'. But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a similar setup to work. I've tried adding options '-keeptty' or 'vt?' or both, but all I get are errors like these: Fatal server error: (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) or Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 5 (Permission denied) Is it possible to make setup like this work with elogind without suid?