Re: [systemd-devel] Make X11 logind session unconditionally active
On Tuesday 05 November 2013 at 03:41:01, Lennart wrote: On Tue, 05.11.13 00:51, Ivan Shapovalov (intelfx...@gmail.com) wrote: Hello! I'm still trying to make my friendship with logind. I have a headless server with Xvnc server running on it. Under the server a logind session is created by the DM. The session has Type=x11, but VTNr=0 since Xvnc does not bind itself to any VT. Hence the session is always Active=no (there is no VT I can switch to). Nah, that's not how this really should work. Basically, there are sessions which are assigned to seats and sessions which aren't. Seats in this case means local, physical seats. Sessions without seats are unconditionally active. Only sessions with seats can be inactive. Since an xvnc session is not a local one it should not have a seat, and hecnce should alway be active. So the question is: it is possible to mark a session as always active or something like that? Well, that should be the case implicitly if the session is properly registered. What does loginctl show-session print for this session? Lennart Yes, I had the session bound to seat0. Configuring lightdm to use an empty seat made the session Active=yes. $ loginctl show-session c37 Id=c37 Timestamp=Вт 2013-11-05 12:22:13 MSK TimestampMonotonic=59464298414 VTNr=0 Display=localhost:10 Remote=no Service=lightdm Scope=session-c37.scope Leader=25926 Audit=0 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 Name=intelfx However, this still isn't exactly what I want. Now the session has no seat, so 1. udisks does not allow me to mount removables without authentication; 2. I suppose the dynamic device node permission stuff won't work for me either. So I want that session to be equivalent to a local one in terms of permissions etc... Is it somehow possible? Thanks, -- Ivan Shapovalov / intelfx / ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tue, 05.11.13 12:37, Ivan Shapovalov (intelfx...@gmail.com) wrote: So the question is: it is possible to mark a session as always active or something like that? Well, that should be the case implicitly if the session is properly registered. What does loginctl show-session print for this session? Lennart Yes, I had the session bound to seat0. Configuring lightdm to use an empty seat made the session Active=yes. $ loginctl show-session c37 Id=c37 Timestamp=Вт 2013-11-05 12:22:13 MSK TimestampMonotonic=59464298414 VTNr=0 Display=localhost:10 Remote=no Service=lightdm Scope=session-c37.scope Leader=25926 Audit=0 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 Name=intelfx However, this still isn't exactly what I want. Now the session has no seat, so 1. udisks does not allow me to mount removables without authentication; 2. I suppose the dynamic device node permission stuff won't work for me either. So I want that session to be equivalent to a local one in terms of permissions etc... Is it somehow possible? So you want something like a hybrid session, i.e. one that is virtual but has access to local devices? That's a special setup that is not supported by logind itself. However note that you can express any policies you like with polkit, hence you can configure it to grant access to the devices to your user even if he is not logged into a physical session. But that's something you have to do unrelated to logind. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tuesday 05 November 2013 at 11:15:30, Lennart wrote: On Tue, 05.11.13 12:37, Ivan Shapovalov (intelfx...@gmail.com) wrote: So the question is: it is possible to mark a session as always active or something like that? Well, that should be the case implicitly if the session is properly registered. What does loginctl show-session print for this session? Lennart Yes, I had the session bound to seat0. Configuring lightdm to use an empty seat made the session Active=yes. $ loginctl show-session c37 Id=c37 Timestamp=Вт 2013-11-05 12:22:13 MSK TimestampMonotonic=59464298414 VTNr=0 Display=localhost:10 Remote=no Service=lightdm Scope=session-c37.scope Leader=25926 Audit=0 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 Name=intelfx However, this still isn't exactly what I want. Now the session has no seat, so 1. udisks does not allow me to mount removables without authentication; 2. I suppose the dynamic device node permission stuff won't work for me either. So I want that session to be equivalent to a local one in terms of permissions etc... Is it somehow possible? So you want something like a hybrid session, i.e. one that is virtual but has access to local devices? That's a special setup that is not supported by logind itself. However note that you can express any policies you like with polkit, hence you can configure it to grant access to the devices to your user even if he is not logged into a physical session. But that's something you have to do unrelated to logind. Lennart Yes, I want something like that... Is it not supported _yet_ or _by design_? I suspect it is a valuable thing to have. Sure, I can try to configure polkit, but will that grant me permissions on device nodes (e. g. printers)? -- Ivan Shapovalov / intelfx / ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tue, 05.11.13 14:24, Ivan Shapovalov (intelfx...@gmail.com) wrote: So you want something like a hybrid session, i.e. one that is virtual but has access to local devices? That's a special setup that is not supported by logind itself. However note that you can express any policies you like with polkit, hence you can configure it to grant access to the devices to your user even if he is not logged into a physical session. But that's something you have to do unrelated to logind. Lennart Yes, I want something like that... Is it not supported _yet_ or _by design_? I suspect it is a valuable thing to have. By design I guess. The automatic stuff is for the common case. I doubt that such a hybrid session is really such a common case, especially since it creates a ton of problems when you mix it with normal physical sessions on seat0. Sure, I can try to configure polkit, but will that grant me permissions on device nodes (e. g. printers)? Printers are a system resource, they are not reassigned to user sessions, they are expected to be written to only by system services like CUPS. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tue, 5 Nov 2013 11:33:31 +0100 Sure, I can try to configure polkit, but will that grant me permissions on device nodes (e. g. printers)? Printers are a system resource, they are not reassigned to user sessions, they are expected to be written to only by system services like CUPS. Perhaps you can write polkit rules using some actions from the list org.opensuse.cupspkhelper.mechanism.*. Check what pkaction says. Check also 'Authorization rules examples' from here: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html -- Best Regards, Pawel Wieczorkiewicz pwieczorkiew...@suse.de Linux System Developer @ SUSE LINUX Products GmbH ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tuesday 05 November 2013 at 11:33:31, Lennart wrote: On Tue, 05.11.13 14:24, Ivan Shapovalov (intelfx...@gmail.com) wrote: So you want something like a hybrid session, i.e. one that is virtual but has access to local devices? That's a special setup that is not supported by logind itself. However note that you can express any policies you like with polkit, hence you can configure it to grant access to the devices to your user even if he is not logged into a physical session. But that's something you have to do unrelated to logind. Lennart Yes, I want something like that... Is it not supported _yet_ or _by design_? I suspect it is a valuable thing to have. By design I guess. The automatic stuff is for the common case. I doubt that such a hybrid session is really such a common case, especially since it creates a ton of problems when you mix it with normal physical sessions on seat0. Sure, I can try to configure polkit, but will that grant me permissions on device nodes (e. g. printers)? Printers are a system resource, they are not reassigned to user sessions, they are expected to be written to only by system services like CUPS. Lennart ...or sound devices. After all, I'm asking about the generic case :) (Actually, when using things like HPLIP, permissions on usb nodes start to matter.) -- Ivan Shapovalov / intelfx / ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tue, 05.11.13 15:03, Ivan Shapovalov (intelfx...@gmail.com) wrote: By design I guess. The automatic stuff is for the common case. I doubt that such a hybrid session is really such a common case, especially since it creates a ton of problems when you mix it with normal physical sessions on seat0. Sure, I can try to configure polkit, but will that grant me permissions on device nodes (e. g. printers)? Printers are a system resource, they are not reassigned to user sessions, they are expected to be written to only by system services like CUPS. ...or sound devices. After all, I'm asking about the generic case :) Well, those are not handled via polkit. However there's an audio group for them by default which is the alternative way to handle these things if you don't want uaccess style ACL management. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Make X11 logind session unconditionally active
Hello! I'm still trying to make my friendship with logind. I have a headless server with Xvnc server running on it. Under the server a logind session is created by the DM. The session has Type=x11, but VTNr=0 since Xvnc does not bind itself to any VT. Hence the session is always Active=no (there is no VT I can switch to). So the question is: it is possible to mark a session as always active or something like that? Thanks, -- Ivan Shapovalov / intelfx / ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Make X11 logind session unconditionally active
On Tue, 05.11.13 00:51, Ivan Shapovalov (intelfx...@gmail.com) wrote: Hello! I'm still trying to make my friendship with logind. I have a headless server with Xvnc server running on it. Under the server a logind session is created by the DM. The session has Type=x11, but VTNr=0 since Xvnc does not bind itself to any VT. Hence the session is always Active=no (there is no VT I can switch to). Nah, that's not how this really should work. Basically, there are sessions which are assigned to seats and sessions which aren't. Seats in this case means local, physical seats. Sessions without seats are unconditionally active. Only sessions with seats can be inactive. Since an xvnc session is not a local one it should not have a seat, and hecnce should alway be active. So the question is: it is possible to mark a session as always active or something like that? Well, that should be the case implicitly if the session is properly registered. What does loginctl show-session print for this session? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel