* Found kernel source directory: * /usr/src/linux * Found sources for kernel version: * 3.4.9-gentoo-JeR * Checking for suitable kernel configuration options... * CONFIG_AUDITSYSCALL: is not set when it should be. * Please check to make sure these options are set correctly. * Failure to do so may cause unexpected problems. Symbol: AUDITSYSCALL [=n] Type : boolean Prompt: Enable system-call auditing support Defined at init/Kconfig:356 Depends on: AUDIT [=y] && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || ARM) Since not all supported architectures have this implemented, maybe the warnings should better explain what unexpected problems we can expect. Also, it isn't readily obvious what AUDITSYSCALL has to do with USE=pam, and since it appears to be useful to have that flag enabled, it is difficult to form an opinion on whether I should enable it. I guess I want to use PAM but at the same time I want only expected problems, not the unexpected ones.
(In reply to comment #0) > Also, it isn't readily obvious what AUDITSYSCALL has to do with USE=pam, and > since it appears to be useful to have that flag enabled, it is difficult to > form an opinion on whether I should enable it. I guess I want to use PAM but > at the same time I want only expected problems, not the unexpected ones. CONFIG_AUDITSYSCALL enables /proc/$pid/sessionid /usr/libexec/ck-collect-session-info reads /proc/$pid/sessionid /usr/sbin/console-kit-daemon calls /usr/libexec/ck-collect-session-info when attempting to register a new session for a pid pam_ck_connector.so calls console-kit-daemon over dbus to register a new session TL;DR: if you don't enable CONFIG_AUDITSYSCALL, consolekit is unable to properly register sessions, making it close to useless, and pam_ck_connector.so 100% useless. See https://bugs.launchpad.net/ubuntu/+source/consolekit/+bug/688470 for an example of what happens. In other words, you can expect consolekit, polkit, and basically every modern GUI administrative tool to fail on hppa when running as non-root :(
Not just HPPA - Alpha, MIPS, and SH too.
As pointed out here: https://bugs.gentoo.org/show_bug.cgi?id=436668#c2 Minor arch's propably shouldn't have consolekit, or polkit keyworded at all at the moment... CCing everyone involved to drop their keywords from consolekit and from revdeps recursively
$ qatom `tinderboxr sys-auth/consolekit` | awk '{ print $1 "/" $2; }' | sort -u * sys-auth/consolekit app-admin/packagekit-base app-emulation/spice-vdagent gnome-base/gdm gnome-base/gnome-control-center gnome-base/gnome-session gnome-base/gnome-settings-daemon gnome-base/gnome-shell gnome-extra/gnome-packagekit gnome-extra/gnome-power-manager kde-base/kdm lxde-base/lxdm net-misc/networkmanager net-wireless/bluez sys-apps/accountsservice sys-auth/pambase x11-apps/xdm x11-misc/cdm x11-misc/slim xfce-base/xfce4-session [tinderboxr is an elaborate shortcut for `wget http://tinderbox.dev.gentoo.org/misc/rindex/${*}` ]
(In reply to comment #3) > As pointed out here: > > https://bugs.gentoo.org/show_bug.cgi?id=436668#c2 > > Minor arch's propably shouldn't have consolekit, or polkit keyworded at all > at the moment... > > CCing everyone involved to drop their keywords from consolekit and from > revdeps recursively I'm using consolekit on the lemote yeeloong and this would seriously break what I'm doing there. I understand that consolekit/polkit will become useless, but is there some older versions we can keep and just drop keywords above that?
OK, here are better options for people having problems: - If dev-lang/spidemonkey is a no-go, you can keep sys-apps/polkit since 0.108 keyworded by this dependency hack: !arch? ( >=dev-lang/spidemonkey-1.8.5-r2 ) - If your arch doesn't have CONFIG_AUDITSYSCALL support in the kernel, you need to package.use.mask USE=pam for sys-auth/consolekit on your arch This way you can have working ConsoleKit with Display Managers BUT not with console, startx or Diplay Managers WITHOUT internal consolekit support But if you leave spidermonkey out, the dlopen will fail (but not crash) and it will deny your authorization... it cripples the application, but at least you can have it keyworded since stuff depends on polkit, for the time being
Ignore the earlier comment from me in this bug. Things are moving too fast. ALPHA, HPPA, MIPS, SH: package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required for getting /proc/<pid>/sessionid, loginuid, and such
(In reply to Samuli Suominen from comment #7) > Ignore the earlier comment from me in this bug. Things are moving too fast. > > ALPHA, HPPA, MIPS, SH: > package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because > your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required > for getting /proc/<pid>/sessionid, loginuid, and such Except for hppa, I think that for the rest maintainer is allowed to add things to use.mask (and, then, solve this for the other arches). For hppa I guess Jeroen will take care
(In reply to Pacho Ramos from comment #8) > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care 15 Oct 2012; Jeroen Roovers <jer@gentoo.org> consolekit-0.4.5_p20120320.ebuild, consolekit-0.4.5_p20120320-r1.ebuild: Drop HPPA keywording (bug #438368).
(In reply to Jeroen Roovers from comment #9) > (In reply to Pacho Ramos from comment #8) > > Except for hppa, I think that for the rest maintainer is allowed to add > > things to use.mask (and, then, solve this for the other arches). For hppa I > > guess Jeroen will take care > > 15 Oct 2012; Jeroen Roovers <jer@gentoo.org> > consolekit-0.4.5_p20120320.ebuild, consolekit-0.4.5_p20120320-r1.ebuild: > Drop HPPA keywording (bug #438368). And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. (In reply to Pacho Ramos from comment #8) > (In reply to Samuli Suominen from comment #7) > > Ignore the earlier comment from me in this bug. Things are moving too fast. > > > > ALPHA, HPPA, MIPS, SH: > > package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because > > your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required > > for getting /proc/<pid>/sessionid, loginuid, and such > > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care You mean package.use.mask instead of use.mask, but yes, we can mask it for rest. As per Comment #0 it looks like "SUPERH" == "SH" is supported afterall? So just arch/{alpha,mips}/package.use.mask left?
(In reply to Samuli Suominen from comment #10) > And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. Since it's arguably the future of Linux, I'm working on that (see bug #480268).
(In reply to Jeroen Roovers from comment #11) > (In reply to Samuli Suominen from comment #10) > > And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. > > Since it's arguably the future of Linux, I'm working on that (see bug > #480268). OK, so you need 'sys-apps/systemd pam' in package.use.mask then
(In reply to Samuli Suominen from comment #10) [...] > You mean package.use.mask instead of use.mask, but yes, we can mask it for > rest. As per Comment #0 it looks like "SUPERH" == "SH" is supported > afterall? So just arch/{alpha,mips}/package.use.mask left?
+ 01 Sep 2013; Pacho Ramos <pacho@gentoo.org> arch/alpha/package.use.mask, + arch/mips/package.use.mask: + CONFIG_AUDITSYSCALL=y is not implemented, bug #438368 +
(In reply to Pacho Ramos from comment #8) > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care consolekit and systemd are not keyworded for HPPA. Fixed?
Alpha has gained CONFIG_AUDITSYSCALL support for 3.14, so once that is stable I guess we'll be able to unmask some of this.