On 2019.03.22 20:32, Piotr Karbowski wrote:
> Hi,

> - We should go back to +suid -elogind default.
> - We should actually NOT put suid on Xorg if USE="suid elogind" but
> put
> suid bit with USE="suid -elogind".
> - We should only ever enable elogind in desktop profiles.
> Personally I'd like to stay without enabling suid by default on
> xorg-server, as otherwise hardly anyone will ever drop the suid from
> it,
> which would be a big step back. Gentoo tried to drop suid from
> xorg-server a handful of times, let's make the current one a final one
> :)
> I'd like to propose doing the following:
> - Keywording elogind on missing archs
> - Making elogind a global USE flag
> - Switching desktop profiles to elogind from consolekit while still
> preserving -suid +elogind on xorg-server for those that does not use
> desktop profiles (systemd profiles users not affected)
> - Making pambase always install the configuration for pam_elogind.so,
> the same way it does for pam_gnome_keyring.so at this very moment,
> effectively removing elogind USE flag from it.
> What do you all think about?
> -- Piotr.

This looks broken by default.
[ebuild   R    ] x11-base/xorg-server-1.20.4:0/1.20.4::gentoo  USE="doc glamor 
ipv6 udev xorg xvfb -debug -dmx (-elogind) -kdrive -libressl -minimal 
(-selinux) -static-libs -suid* -systemd -unwind -wayland -xcsecurity -xephyr 

elogind is hard masked and suid is being turned off.
Its arm64, so I expect to find a few rough edges.

However, changes like this need to be coordinated across all arches.
Take a pat on the back for the elogind work and a slap on the wrist
if my arm64 systems don't work any more.

Its still building, I'll test later.  


Roy Bamford
(Neddyseagoon) a member of

Attachment: pgp9X1hZnO3mp.pgp
Description: PGP signature

Reply via email to