On 8/1/19 3:01 PM, Pierre Labastie via blfs-dev wrote:
On 01/08/2019 21:25, Bruce Dubbs via blfs-dev wrote:
On 8/1/19 1:44 PM, Bruce Dubbs wrote:
On 8/1/19 1:13 PM, DJ Lucas via blfs-dev wrote:
On 8/1/19 11:40 AM, Bruce Dubbs via blfs-dev wrote:
On 8/1/19 10:49 AM, Pierre Labastie via blfs-dev wrote:
On 31/07/2019 00:44, DJ Lucas via blfs-dev wrote:
On July 30, 2019 3:54:34 PM CDT, Pierre Labastie via blfs-dev
<[email protected]> wrote:
IIUC above, this is because we do not have elogind in LFS, so our first
build of dbus does not link to libsystemd (unlike in LFS-systemd). The
lack of dbus support is inconsequential in that configuration because we
are going to rebuild systemd later in BLFS.
There is also another thing, which bothers me: instructions for the
xorg
server are the same in both books (sysv/elogind and systemd). So, when
we add
--enable-install-setuid to xorg-server, we add it in both books. But I
believed it was not needed in the systemd book...
That would be my doing as I had believed that they would be the same
(and still believe they should be, but my attempts to find the reason
for the differences have failed me thus far), so the two variants got
merged down. In fact, I think I am the only one who has demonstrated
that a rootless Xorg is even possible with elogind in our group. Five
consecutive builds, all slightly different, but logical (apparently only
to me), build orders. I'd gotten frustrated trying to track it down, I
was simply spinning my wheels, so I put it on the back burner (knowing
that a viable workaround exists). I'll be testing noveau on an existing
build next week to possibly eliminate hardware/drivers. I want to also
say that I've built entirely in chroot already, but I'm not 100% certain
on that.
HTH
OK, I've found the error!!!!
On the Xinit page, we have:
---
sed -e '/$serverargs $vtarg/ s/serverargs/: #&/' \
-i startx.cpp
---
for the Sysv/elogind book, while we do not have this for the systemd book.
Removing the ": #" allows startx to run the server and the usual clients.
I think even the suid-wrapper is not needed! (it drops privilege anyway if
/dev/dri/card0 is KMS compatible). This can be tested by moving
/usr/libexec/Xorg.wrap to /usr/libexec/Xorg.wrap.nouse, and trying again:
startx still works.
So we can:
remove the sed on the Xinit page
remove any enable-xxx-suid switch for xorg-server (well, maybe some
drivers do
need the wrapper, this has to be tested, but I do not have the hardware
(intel
driver works fine without the wrapper)).
Pierre
PS: I've spend almost 24 h running the server, xinit, with gdb, playing with
xauth files, etc, before finding this stupid bug!
I appreciate your hard work in finding the discrepancy.
We added that sed on purpose so Xorg will come up on vt7 instead of
vt<current>. For most users it probably does not make a difference, but
it is convenient to be able to switch between vt1 and vt7 when debugging.
My preference is to leave the sed and the suid alone in the sysv book, but
as an alternative we could just document the technique in a note.
Apologies if this comes through twice, my work laptop had an old
configuration, the first will probably get blocked.
I don't think this is correct, but might be a clue. My build script for
xinit has this sed, and it works.
http://www.linuxfromscratch.org/~dj/mkbuild.sh/sources/buildscripts/xinit.sh
The proposed sed also does nothing from what I can see (this from Arch,
where it would not have been applied, but I can't get to my workstation
from here):
[dj@DJ-ARCH-02 ~]$ head -n 137 /usr/bin/startx | tail -n 3
if [ "$have_vtarg" = "no" ]; then
serverargs="$serverargs $vtarg"
fi
[dj@DJ-ARCH-02 ~]$ sed -e '/$serverargs $vtarg/ s/serverargs/&/'
/usr/bin/startx | head -n 137 | tail -n 3
if [ "$have_vtarg" = "no" ]; then
serverargs="$serverargs $vtarg"
fi
If this is actually the issue, I must have successfully done something
wrong multiple times (but I wouldn't put it past me at this point), but
then my preference is for opposite Bruce's suggestion. IOW: put the
commands on the xinit page to add the suid bit for Xorg along with the sed
and put them inside of nodump tags.Like Bruce said, the majority of users
won't care one way or the other, but avoiding a suid bit wherever possible
is a good thing.
Your sed does nothing:
sed -e '/$serverargs $vtarg/ s/serverargs/&/'
you need
sed -e '/$serverargs $vtarg/ s/serverargs/: #&/'
Which comments out that particular line, but adds the colon because it is in
an 'if' construct.
I'm working on a modification to the book now.
Please take a look at the xinit instructions from commit 21892.
http://www.linuxfromscratch.org/blfs/view/svn/x/xinit.html
Feedback welcome.
Thanks for doing that. Feedback:
I'd rather add role="nodump" to the example instructions in xinit (chmod u+s
and sed)
Done.
(I may add that if you'd like), and it seems you have not removed the
--enable-install-setuid switch from configure in xorg-server.
I intended to do that, but forgot. Done now.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
