Am 06.12.2014 um 00:55 schrieb Svante Signell:
On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
Svante Signell svante.sign...@gmail.com writes:
On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
On 03/12/14 14:46, Svante Signell wrote:
If more granularity is needed, what's
On 12/06/2014 at 05:47 AM, Tomas Pospisek wrote:
Am 06.12.2014 um 00:55 schrieb Svante Signell:
On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
When NFSv4 development sparked the modern Linux keyring data
model, we were delighted to switch (and then got very frustrated
by the
Am 06.12.2014 um 13:39 schrieb The Wanderer:
On 12/06/2014 at 05:47 AM, Tomas Pospisek wrote:
Am 06.12.2014 um 00:55 schrieb Svante Signell:
On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
When NFSv4 development sparked the modern Linux keyring data
model, we were delighted to
On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
On 03/12/14 14:46, Svante Signell wrote:
On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
The problem with those groups is that they are not fine grained
enough.
If more granularity is needed, what's hindering
Svante Signell svante.sign...@gmail.com writes:
On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
On 03/12/14 14:46, Svante Signell wrote:
If more granularity is needed, what's hindering introduction of even
more groups: like an image group and splitting the fb0 to more devices?
Or
On Fri, 2014-12-05 at 15:22 -0800, Russ Allbery wrote:
Svante Signell svante.sign...@gmail.com writes:
On Wed, 2014-12-03 at 16:55 +, Simon McVittie wrote:
On 03/12/14 14:46, Svante Signell wrote:
If more granularity is needed, what's hindering introduction of even
more groups: like
Svante Signell svante.sign...@gmail.com writes:
So I wish you a happy life with current (Debian chosen) technology, it
is perfect! No more problems with bugs popping up or people being unable
to boot their desktop computers/servers. Merry Christmas :)
Thanks! Yeah, it's a pretty nice
* Matthias Urlichs matth...@urlichs.de [141130 09:22]:
But on a multi-user system, we can't depend on the first user being any
sort of special owner; it might just as well be the person whose desk
the machine is hidden under
I strongly disagree with this. The person performing the
On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
The default should be safe.
No.
The default should be as safe as we can make it without becoming
inconvenient.
As long as we still support non-logind configurations (and I believe we
still do at this point), having the first
Wouter Verhelst wou...@debian.org wrote:
On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
The default should be safe.
No.
The default should be as safe as we can make it without becoming
inconvenient.
As
Josselin Mouette j...@debian.org writes:
We don’t support non-logind configurations.
You might not. AFAICS, Debian does.
We support non-systemd-as-pid-1 configurations, but they still run
logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
On Wed, Dec 03, 2014 at 01:01:12PM +0100, Josselin Mouette wrote:
Wouter Verhelst wou...@debian.org wrote:
On Sun, Nov 30, 2014 at 03:02:51PM +0100, Matthias Urlichs wrote:
The default should be safe.
No.
The default should be as safe as
❦ 3 décembre 2014 13:55 +0100, Adam Borowski kilob...@angband.pl :
In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
set for the current user.
This “adduser first-user audio” was already useless in squeeze and it
hasn’t changed.
Only if you run logind or
Bjørn Mork bj...@mork.no wrote:
We support non-systemd-as-pid-1 configurations, but they still run
logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
systemd, and hence without running logind.
This is
Josselin Mouette j...@debian.org writes:
Bjørn Mork bj...@mork.no wrote:
We support non-systemd-as-pid-1 configurations, but they still run
logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
systemd,
Quoting Vincent Bernat (2014-12-03 14:25:47)
❦ 3 décembre 2014 13:55 +0100, Adam Borowski kilob...@angband.pl :
In both cases (systemd-sysv or systemd-shim), ACLs should be
correctly set for the current user.
This “adduser first-user audio” was already useless in squeeze and
it hasn’t
On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
❦ 3 décembre 2014 13:55 +0100, Adam Borowski kilob...@angband.pl :
In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
set for the current user.
This “adduser first-user audio” was already useless in squeeze
Quoting Josselin Mouette (2014-12-03 14:40:48)
Bjørn Mork bj...@mork.no wrote:
We support non-systemd-as-pid-1 configurations, but they still run
logind through systemd-shim.
systemd-shim is not essential. You can still install jessie without
systemd, and hence without running logind.
❦ 3 décembre 2014 15:46 +0100, Svante Signell svante.sign...@gmail.com :
The problem with those groups is that they are not fine grained
enough. For example, the video group gives access to the framebuffer
device (the user can do a screenshot) or to a webcam (the user can spy
another user).
On 03/12/14 14:28, Bjørn Mork wrote:
Josselin Mouette j...@debian.org writes:
We are talking about the anti-feature of adding UID=1000 to the audio
group in the installer.
Are we? I was talking about making audio work for the first-user. I
see that as a feature.
It's a trade-off between
On Wed, 2014-12-03 at 15:49 +0100, Vincent Bernat wrote:
❦ 3 décembre 2014 15:46 +0100, Svante Signell svante.sign...@gmail.com :
The problem with those groups is that they are not fine grained
enough. For example, the video group gives access to the framebuffer
device (the user can do
Vincent Bernat ber...@debian.org writes:
❦ 3 décembre 2014 13:55 +0100, Adam Borowski kilob...@angband.pl :
[…]
This “adduser first-user audio” was already useless in squeeze and
it hasn’t changed.
Only if you run logind or consolekit. Without them (ie, on headless
boxes or with
On 03/12/14 14:46, Svante Signell wrote:
On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
The problem with those groups is that they are not fine grained
enough.
If more granularity is needed, what's hindering introduction of even
more groups: like an image group and splitting the
Josselin Mouette j...@debian.org writes:
[…]
We are talking about the anti-feature of adding UID=1000 to the audio
group in the installer. This is only relevant for desktop
installations, and all desktop tasks in the same installer bring
logind (formerly consolekit).
BTW, what
On 03/12/14 16:44, Ivan Shmakov wrote:
We are talking about the anti-feature of adding UID=1000 to the audio
group in the installer.
BTW, what about adding that same user to the ‘sudo’ group (which
D-I does; or formerly did, IIRC)? Does Logind also take care of
that
On Wed, Dec 03, 2014 at 03:08:55PM +, Simon McVittie wrote:
Feature 2: if the first user created via the installer logs in via a
non-local mechanism (typically ssh) [3], they can still play and record
audio. If you expect that the first user created via the installer is
Yes, and playing
❦ 3 décembre 2014 16:47 GMT, Ivan Shmakov i...@siamics.net :
The problem with those groups is that they are not fine grained
enough. For example, the video group gives access to the framebuffer
device (the user can do a screenshot) or to a webcam (the user can
spy another user).
Vincent Bernat ber...@debian.org writes:
❦ 3 décembre 2014 16:47 GMT, Ivan Shmakov i...@siamics.net :
The problem with those groups is that they are not fine grained
enough. For example, the video group gives access to the
framebuffer device (the user can do a screenshot) or to a webcam
❦ 3 décembre 2014 19:54 +0100, Stephan Seitz
stse+deb...@fsing.rootsland.net :
Feature 2: if the first user created via the installer logs in via a
non-local mechanism (typically ssh) [3], they can still play and record
audio. If you expect that the first user created via the installer is
Josselin Mouette j...@debian.org writes:
Le samedi 29 novembre 2014 à 16:37 +, Ivan Shmakov a écrit :
Josselin Mouette j...@debian.org writes:
[…]
Desktops (not only GNOME) use a very tiny bit of systemd,
interfaces that could be provided elsewhere.
Is that “use” as in “if
❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov i...@siamics.net :
Directly: DEs provide more useful features (especially power
management) with systemd but will work correctly without.
I see nothing in the ‘apcupsd’ changelog [1] (which is about the
only package related to power
On Sun, 30 Nov 2014, Vincent Bernat wrote:
A side-effect is that power management got a lot easier and reliable for
people not using GNOME, thanks to systemd.
As a XFCE user, I have to contradict this statement. It is still a
pain because xfce and systemd still don't act completely properly
Vincent Bernat ber...@debian.org writes:
❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov i...@siamics.net :
[…]
Or does the above concerns the users of “normally battery-powered”
devices instead?
Previously, every DE would need to reimplement power management.
Now, this is handled by
Le dimanche 30 novembre 2014 à 12:50 +, Ivan Shmakov a écrit :
PolicyKit rely on logind to know if a user is locally connected. A
non-local user won't be allowed things like network management, local
device mounting or sound card access.
That looks like a problem to solve,
❦ 30 novembre 2014 12:50 GMT, Ivan Shmakov i...@siamics.net :
PolicyKit rely on logind to know if a user is locally connected. A
non-local user won't be allowed things like network management, local
device mounting or sound card access.
That looks like a problem to solve, not a
Hi,
Ivan Shmakov:
I agree that the issue gets trickier for multiuser hosts, but
I’m pretty sure that there still will be at least one user for
whom no such access restrictions should apply, – irrespective of
his or her “login locality.”
The access groups are still
On 11/30/2014 at 06:56 AM, Vincent Bernat wrote:
❦ 30 novembre 2014 10:10 GMT, Ivan Shmakov i...@siamics.net :
Directly: DEs provide more useful features (especially power
management) with systemd but will work correctly without.
I see nothing in the ‘apcupsd’ changelog [1] (which is
❦ 30 novembre 2014 14:53 +0100, Josselin Mouette j...@debian.org :
That looks like a problem to solve, not a feature.
For home installs, I see no reason for the owner of the device
to be /denied/ access to the sound card just because of using
SSH. Why, it’s exactly
On Sunday, 30 de November de 2014 13:55:04 Vincent Bernat escribió:
❦ 30 novembre 2014 12:50 GMT, Ivan Shmakov i...@siamics.net :
PolicyKit rely on logind to know if a user is locally connected. A
non-local user won't be allowed things like network management, local
device mounting
Josselin Mouette j...@debian.org writes:
Le dimanche 30 novembre 2014 à 12:50 +, Ivan Shmakov a écrit :
[…]
For home installs, I see no reason for the owner of the device to be
/denied/ access to the sound card just because of using SSH. Why,
it’s exactly what I do. (I even did
Hi,
The Wanderer:
Thus, having systemd provide power management would at best have no
effect, more likely increase the likelihood of power-management bugs
(and make documenting power-management behavior harder),
You're forgetting a few things here.
* The idea is for all the legacy code to go
On Sun, Nov 30, 2014 at 04:40:21PM +, Ivan Shmakov wrote:
Josselin Mouette j...@debian.org writes:
* Other users only have access to audio devices through ACLs when
physically logged on.
Unless I be mistaken, ACLs are only applied at the time of
open(2). What about the
On Mon, Dec 01, 2014 at 02:10:09AM +0100, Andreas Bombe wrote:
On Sun, Nov 30, 2014 at 04:40:21PM +, Ivan Shmakov wrote:
Josselin Mouette j...@debian.org writes:
* Other users only have access to audio devices through ACLs when
physically logged on.
Unless I be mistaken,
43 matches
Mail list logo