Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829956 - gnome-base/gnome-keyring-40.0: cannot start from sys-apps/dbus if compiled with caps
Summary: gnome-base/gnome-keyring-40.0: cannot start from sys-apps/dbus if compiled wi...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-25 10:49 UTC by Viorel Munteanu
Modified: 2021-12-25 22:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Viorel Munteanu gentoo-dev 2021-12-25 10:49:08 UTC
If compiled with USE=caps, trying to start org.freedesktop.secrets.service results in a timeout.  Trying the command by hand gives this:

$ usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
SSH_AUTH_SOCK=/run/user/1001/keyring/ssh

** (gnome-keyring-daemon:15495): WARNING **: 12:32:58.574: Couldn't connect to session bus: Cannot spawn a message bus when setuid

gnome-keyring is not actually setuid, but it has cap_ipc_lock=ep.

As a workaround, if I compile with USE="filecaps -caps" it works, I suppose because it cannot check file caps and is still not setuid.  But this basically disables a security check.

I think other distributions have this solved from dbus instead, so maybe this bug belongs there.