[systemd-devel] systemd security issue

[Damian Ivanov]

Hi all,

With Fedora having automatic multiseat support, I tried it and had the
following issues

We've encountered some issues I would consider as somehow security
(not like root access, but one user can interfer other users) ones :

a) In the gnome-control-center==> Color Management you can play
with the settings of a monitor attached to another seat.
b) When having two user logged the suspend options conflict.
e.g USER 1: lower brightness on monitor if idle for 5 minutes
  USER 2: user is working.
  ==> No problem. User 1 - Seat 1 monitor's brightness is
correctly lowered on User2's not

  USER 1: Suspend is set to 5 minutes and USER 1 goes for
a cigarette or at lunch :)
  USER 2: Is working
===> Whole workstation suspend after 5 minutes while USER 2 is working

PS: Lennart,
I know not everybody can be on every mailing list, but I wrote to your
address provided at your blog, to the
one you use for fedora-devel list and wrote to the whole Fedora
mailing list, any way I can improve communication with you?

If you have some pluggable HW for us, we won't say no, in case it
suits our need a friend of mine and me
will be selling pre-configured fedora multiseat machines in Bulgaria.

Cheers,
Damian
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Jeremy Allard]

It was really a problem with some component of xorg not linked to the good
udev, or something like that. I deleted udev, and recompiled all the xorg
packages and now it work pretty well. Thanks you very much for all your
help. :)
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [ANNOUNCE] systemd v189

[Lennart Poettering]

Heya!

http://www.freedesktop.org/software/systemd/systemd-189.tar.xz

CHANGES WITH 189:

* Support for reading structured kernel messages from
  /dev/kmsg has now been added and is enabled by default.

* Support for reading kernel messages from /proc/kmsg has now
  been removed. If you want kernel messages in the journal
  make sure to run a recent kernel (>= 3.5) that supports
  reading structured messages from /dev/kmsg (see
  above). /proc/kmsg is now exclusive property of classic
  syslog daemons again.

* The libudev API gained the new
  udev_device_new_from_device_id() call.

* The logic for file system namespace (ReadOnlyDirectory=,
  ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
  require pivot_root() anymore. This means fewer temporary
  directories are created below /tmp for this feature.

* nspawn containers will now see and receive all submounts
  made on the host OS below the root file system of the
  container.

* Forward Secure Sealing is now supported for Journal files,
  which provide cryptographical sealing of journal files so
  that attackers cannot alter log history anymore without this
  being detectable. Lennart will soon post a blog story about
  this explaining it in more detail.

* There are two new service settings RestartPreventExitStatus=
  and SuccessExitStatus= which allow configuration of exit
  status (exit code or signal) which will be excepted from the
  restart logic, resp. consider successful.

* journalctl gained the new --verify switch that can be used
  to check the integrity of the structure of journal files and
  (if Forward Secure Sealing is enabled) the contents of
  journal files.

* nspawn containers will now be run with /dev/stdin, /dev/fd/
  and similar symlinks pre-created. This makes running shells
  as container init process a lot more fun.

* The fstab support can now handle PARTUUID= and PARTLABEL=
  entries.

* A new ConditionHost= condition has been added to match
  against the hostname (with globs) and machine ID. This is
  useful for clusters where a single OS image is used to
  provision a large number of hosts which shall run slightly
  different sets of services.

* Services which hit the restart limit will now be placed in a
  failure state.

Contributions from Bertram Poettering, Dave Reisner, Huang
Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Colin Guthrie]

'Twas brillig, and Jeremy Allard at 22/08/12 18:45 did gyre and gimble:
> 
> 
> 2012/8/22 Lennart Poettering  >
> 
> On Wed, 22.08.12 03:00, Jeremy Allard (elvis4...@gmail.com
> ) wrote:
> 
> > > Here's a more informations about my configuration to help you figure
> > what's wrong.
> > Here's the version of severals core components of my system.
> > udev: 165
> 
> udev is now part of systemd. You cannot use an external udev.
> 
>  
> Oh, yeah, I forgot about this.. Does the fact that udev is installed
> side by side with systemd can cause this?
>  
> 
> > So, I log in into the tty, I do xinit, and I CAN see the graphical
> > interface of my windows manager, but I can't move the mouse, and the
> > keyboard is frozen.
> 
> That sounds as if X didnt enumerate the input devices.


Well potentially. Also consider that latest systemd-udev ships libudev
with a major of 1 not 0, so everything needing libudev needs to be
recompiled too. Better to ensure that you don't have two versions
installed (and neither two versions of the lib).

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Jeremy Allard]

2012/8/22 Franz Dietrich 

>
>
> > Here's a more informations about my configuration to help you figure
> > what's wrong.
> > Here's the version of severals core components of my system.
> > udev: 165
> > kernel: 3.2.28 (totally vanilla)
> > dbus: 1.4.1
> > xorg-server: 1.9.5
> >
> > I know with my first post I did not include a lot information, I'll
> > try to be more clear now. I don't think it matters, but I do not use
> > graphic login manager. I log myself in a tty, and I start Xorg with
> > xinit. I use a really simple tiling wm. My .xinitrc file go like this
> >
> > setxkbmap ca
> > exec spectrwm
> >
> > and that's it.
> >
> > So, I log in into the tty, I do xinit, and I CAN see the graphical
> > interface of my windows manager, but I can't move the mouse, and the
> > keyboard is frozen. As I said before, the magicsysk combination for
> > killing xorg seems to work at 50%. When I do it, I can't see anymore
> > the graphical interface of my windows manager, it's just a black
> > screen. Then, I have no choice, I have to press on the reboot button,
> > but I noticed that when I press on the reboot button just one time,
> > without holding it, I can see the shutdown process going on with
> > systemd. I can't think of what detail I could forget about. I hope I
> > gave enough information.
> Did you try this with another init system? To be sure that it's a
> systemd issue...
> I remember having the same issue when HAL support was not compiled into
> the XServer but was needed. However I guess that HAL is not an issue
> anymore.
> You might also try to figure out the autorun things of your
> Windowmanager and run a program (glxgears or something else that moves)
> to figure out whether or not the system is frozen or you just lack
> possibility of input.


Yes, I tried with sysvinit and it work perfectly. Yes, I'll try the trick
with glxgears. Thanks for your help.

> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Jeremy Allard]

2012/8/22 Lennart Poettering 

> On Tue, 21.08.12 20:46, Jeremy Allard (elvis4...@gmail.com) wrote:
>
> > Yes, because pam is not avalaible by default with slackware, I disabled
> it
> > with --disable-pam since it said in the ./configure --help that it is
> > optional. I guessed it shouldn't be a problem if I disable it. I did not
> > touch logind, so it should be enable afaik. It's to very hard to install
> > PAM on slackware, so I'll try to install it and build my systemd package
> > with pam support and I'll tell you if it work. For libudev support in
> xorg,
> > there is no --enable-config-udev is not present by default in the build
> > script. The default of this is set to auto, so I guess it is enable
> anyway
> > even if you don't specify it exactly.
>
> logind requires PAM to work. Maybe Slackware is not a good choice to run
> systemd on if PAM is not available.
>
> Lennart
>
> --
> Lennart Poettering - Red Hat, Inc.
>
PAM is not avalaible by default, but you can still install it from an
"extra" repo and this is what I did.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Jeremy Allard]

2012/8/22 Lennart Poettering 

> On Wed, 22.08.12 03:00, Jeremy Allard (elvis4...@gmail.com) wrote:
>
> > > Here's a more informations about my configuration to help you figure
> > what's wrong.
> > Here's the version of severals core components of my system.
> > udev: 165
>
udev is now part of systemd. You cannot use an external udev.
>

Oh, yeah, I forgot about this.. Does the fact that udev is installed side
by side with systemd can cause this?


> > So, I log in into the tty, I do xinit, and I CAN see the graphical
> > interface of my windows manager, but I can't move the mouse, and the
> > keyboard is frozen.
>
> That sounds as if X didnt enumerate the input devices.
>

Hmm, okay.


> Lennart
>
> --
> Lennart Poettering - Red Hat, Inc.
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] diverting HandlePowerKey

[Koen Kooi]

Op 16 aug. 2012, om 16:37 heeft Lennart Poettering  het 
volgende geschreven:

> On Thu, 16.08.12 14:47, Mantas Mikulėnas (graw...@gmail.com) wrote:
> 
>> On Thu, Aug 16, 2012 at 2:23 PM, Robin Becker  wrote:
>>> However, on my netbooks I like to use the power button to launch oblogout
>>> which brings up a bunch of buttons that allow me to
>>> logout/suspend/restart/halt etc etc. I can of course continue to use acpid
>>> to handle the power button, but that seems opposed to the spirit of systemd.
>> 
>> acpid is still okay, I believe. Even though it comes with a single
>> shell script for all actions, it is not part of boot process, and it's
>> not a required part of acpid either – acpid actually has a built-in
>> filtering mechanism in /etc/acpi/events, and the shell script is just
>> default configuration.
>> 
>> However, running X11 programs from a daemon, regardless whether it it
>> is logind or acpid, is not recommended. Sure, it might be okay for a
>> single-user machine, but I have ended up with two, three X servers
>> fairly often even on my personal laptop.
>> 
>> It'd be a bit better if the button/lid events were handled by a
>> program running inside the Openbox session (the events can be read
>> from /run/acpid.socket).
> 
> No, nobody should use the acpid client protocol for this. 
> 
> On Linux ACPI key presses are processed like any other keys, and thus
> are propagated to the X server. The desktop environment should handle
> these keys and then do whatever is necessary (show a dialog box, react
> immediatey, ...).

And ACPI is x86 only, so you should really focus on catching the KEY_POWER event
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Lennart Poettering]

On Wed, 22.08.12 03:00, Jeremy Allard (elvis4...@gmail.com) wrote:

> > Here's a more informations about my configuration to help you figure
> what's wrong.
> Here's the version of severals core components of my system.
> udev: 165

udev is now part of systemd. You cannot use an external udev.

> So, I log in into the tty, I do xinit, and I CAN see the graphical
> interface of my windows manager, but I can't move the mouse, and the
> keyboard is frozen. 

That sounds as if X didnt enumerate the input devices.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Lennart Poettering]

On Tue, 21.08.12 20:46, Jeremy Allard (elvis4...@gmail.com) wrote:

> Yes, because pam is not avalaible by default with slackware, I disabled it
> with --disable-pam since it said in the ./configure --help that it is
> optional. I guessed it shouldn't be a problem if I disable it. I did not
> touch logind, so it should be enable afaik. It's to very hard to install
> PAM on slackware, so I'll try to install it and build my systemd package
> with pam support and I'll tell you if it work. For libudev support in xorg,
> there is no --enable-config-udev is not present by default in the build
> script. The default of this is set to auto, so I guess it is enable anyway
> even if you don't specify it exactly.

logind requires PAM to work. Maybe Slackware is not a good choice to run
systemd on if PAM is not available.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Franz Dietrich]

> Here's a more informations about my configuration to help you figure
> what's wrong.
> Here's the version of severals core components of my system.
> udev: 165
> kernel: 3.2.28 (totally vanilla)
> dbus: 1.4.1
> xorg-server: 1.9.5
> 
> I know with my first post I did not include a lot information, I'll
> try to be more clear now. I don't think it matters, but I do not use
> graphic login manager. I log myself in a tty, and I start Xorg with
> xinit. I use a really simple tiling wm. My .xinitrc file go like this
> 
> setxkbmap ca
> exec spectrwm
> 
> and that's it.
> 
> So, I log in into the tty, I do xinit, and I CAN see the graphical
> interface of my windows manager, but I can't move the mouse, and the
> keyboard is frozen. As I said before, the magicsysk combination for
> killing xorg seems to work at 50%. When I do it, I can't see anymore
> the graphical interface of my windows manager, it's just a black
> screen. Then, I have no choice, I have to press on the reboot button,
> but I noticed that when I press on the reboot button just one time,
> without holding it, I can see the shutdown process going on with
> systemd. I can't think of what detail I could forget about. I hope I
> gave enough information.
Did you try this with another init system? To be sure that it's a
systemd issue...
I remember having the same issue when HAL support was not compiled into
the XServer but was needed. However I guess that HAL is not an issue
anymore.
You might also try to figure out the autorun things of your
Windowmanager and run a program (glxgears or something else that moves)
to figure out whether or not the system is frozen or you just lack
possibility of input.


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Xorg freeze totally with systemd-188

[Jeremy Allard]

2012/8/21 Jeremy Allard 

>
>
> 2012/8/21 Jeremy Allard 
>
>>
>>
>> 2012/8/21 Lennart Poettering 
>>
>>> On Tue, 21.08.12 19:21, Jeremy Allard (elvis4...@gmail.com) wrote:
>>>
>>> > Hello !
>>> > I'm currently in the process of porting systemd to slackware.
>>>
>>> systemd is not much fun without PAM. AFAIK Slackware doesn't do
>>> PAM. Hence systemd is probably not much fun either.
>>>
>>> > Everything work great, except that when I try to start xorg (as root
>>> or as
>>> > a normal user, it does not change anything), there is visual output (I
>>> can
>>> > see the graphical interface of my wm) but everything else is frozen. I
>>> > can't switch to TTY, I can't move my mouse and even the magicsysk
>>> > combination for killing xorg does not work. It seems to kill xorg, but
>>> then
>>> > I just have a black screen.
>>>
>>> Well, this is too little information to say anthing about this, but did
>>> you make sure to install a libudev enabled X and that you enabled logind
>>> in systemd? (requires PAM).
>>>
>>> Lennart
>>>
>>> --
>>> Lennart Poettering - Red Hat, Inc.
>>>
>> I installed pam and rebuild my packages with pam support, and I still
>> have the same issue. Xorg is build with udev support too.
>>
>
> Here's a more informations about my configuration to help you figure
what's wrong.
Here's the version of severals core components of my system.
udev: 165
kernel: 3.2.28 (totally vanilla)
dbus: 1.4.1
xorg-server: 1.9.5

I know with my first post I did not include a lot information, I'll try to
be more clear now. I don't think it matters, but I do not use graphic login
manager. I log myself in a tty, and I start Xorg with xinit. I use a really
simple tiling wm. My .xinitrc file go like this

setxkbmap ca
exec spectrwm

and that's it.

So, I log in into the tty, I do xinit, and I CAN see the graphical
interface of my windows manager, but I can't move the mouse, and the
keyboard is frozen. As I said before, the magicsysk combination for killing
xorg seems to work at 50%. When I do it, I can't see anymore the graphical
interface of my windows manager, it's just a black screen. Then, I have no
choice, I have to press on the reboot button, but I noticed that when I
press on the reboot button just one time, without holding it, I can see the
shutdown process going on with systemd. I can't think of what detail I
could forget about. I hope I gave enough information.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel