| Summary: | sys-auth/consolekit[pam] and sys-apps/systemd[pam]: pam_ck_connector.so, pam_systemd.so: CONFIG_AUDITSYSCALL=y is not implemented on ALPHA, HPPA, MIPS, SH... | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | [OLD] Core system | Assignee: | Freedesktop bugs <freedesktop-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | alpha, dlan, systemd |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=478032 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 478032, 478076, 517804 | ||
|
Description
Jeroen Roovers (RETIRED)
2012-10-14 19:06:55 UTC
(In reply to comment #0) > Also, it isn't readily obvious what AUDITSYSCALL has to do with USE=pam, and > since it appears to be useful to have that flag enabled, it is difficult to > form an opinion on whether I should enable it. I guess I want to use PAM but > at the same time I want only expected problems, not the unexpected ones. CONFIG_AUDITSYSCALL enables /proc/$pid/sessionid /usr/libexec/ck-collect-session-info reads /proc/$pid/sessionid /usr/sbin/console-kit-daemon calls /usr/libexec/ck-collect-session-info when attempting to register a new session for a pid pam_ck_connector.so calls console-kit-daemon over dbus to register a new session TL;DR: if you don't enable CONFIG_AUDITSYSCALL, consolekit is unable to properly register sessions, making it close to useless, and pam_ck_connector.so 100% useless. See https://bugs.launchpad.net/ubuntu/+source/consolekit/+bug/688470 for an example of what happens. In other words, you can expect consolekit, polkit, and basically every modern GUI administrative tool to fail on hppa when running as non-root :( Not just HPPA - Alpha, MIPS, and SH too. As pointed out here: https://bugs.gentoo.org/show_bug.cgi?id=436668#c2 Minor arch's propably shouldn't have consolekit, or polkit keyworded at all at the moment... CCing everyone involved to drop their keywords from consolekit and from revdeps recursively $ qatom `tinderboxr sys-auth/consolekit` | awk '{ print $1 "/" $2; }' | sort -u
* sys-auth/consolekit
app-admin/packagekit-base
app-emulation/spice-vdagent
gnome-base/gdm
gnome-base/gnome-control-center
gnome-base/gnome-session
gnome-base/gnome-settings-daemon
gnome-base/gnome-shell
gnome-extra/gnome-packagekit
gnome-extra/gnome-power-manager
kde-base/kdm
lxde-base/lxdm
net-misc/networkmanager
net-wireless/bluez
sys-apps/accountsservice
sys-auth/pambase
x11-apps/xdm
x11-misc/cdm
x11-misc/slim
xfce-base/xfce4-session
[tinderboxr is an elaborate shortcut for `wget http://tinderbox.dev.gentoo.org/misc/rindex/${*}` ]
(In reply to comment #3) > As pointed out here: > > https://bugs.gentoo.org/show_bug.cgi?id=436668#c2 > > Minor arch's propably shouldn't have consolekit, or polkit keyworded at all > at the moment... > > CCing everyone involved to drop their keywords from consolekit and from > revdeps recursively I'm using consolekit on the lemote yeeloong and this would seriously break what I'm doing there. I understand that consolekit/polkit will become useless, but is there some older versions we can keep and just drop keywords above that? OK, here are better options for people having problems: - If dev-lang/spidemonkey is a no-go, you can keep sys-apps/polkit since 0.108 keyworded by this dependency hack: !arch? ( >=dev-lang/spidemonkey-1.8.5-r2 ) - If your arch doesn't have CONFIG_AUDITSYSCALL support in the kernel, you need to package.use.mask USE=pam for sys-auth/consolekit on your arch This way you can have working ConsoleKit with Display Managers BUT not with console, startx or Diplay Managers WITHOUT internal consolekit support But if you leave spidermonkey out, the dlopen will fail (but not crash) and it will deny your authorization... it cripples the application, but at least you can have it keyworded since stuff depends on polkit, for the time being Ignore the earlier comment from me in this bug. Things are moving too fast. ALPHA, HPPA, MIPS, SH: package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required for getting /proc/<pid>/sessionid, loginuid, and such (In reply to Samuli Suominen from comment #7) > Ignore the earlier comment from me in this bug. Things are moving too fast. > > ALPHA, HPPA, MIPS, SH: > package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because > your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required > for getting /proc/<pid>/sessionid, loginuid, and such Except for hppa, I think that for the rest maintainer is allowed to add things to use.mask (and, then, solve this for the other arches). For hppa I guess Jeroen will take care (In reply to Pacho Ramos from comment #8) > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care 15 Oct 2012; Jeroen Roovers <jer@gentoo.org> consolekit-0.4.5_p20120320.ebuild, consolekit-0.4.5_p20120320-r1.ebuild: Drop HPPA keywording (bug #438368). (In reply to Jeroen Roovers from comment #9) > (In reply to Pacho Ramos from comment #8) > > Except for hppa, I think that for the rest maintainer is allowed to add > > things to use.mask (and, then, solve this for the other arches). For hppa I > > guess Jeroen will take care > > 15 Oct 2012; Jeroen Roovers <jer@gentoo.org> > consolekit-0.4.5_p20120320.ebuild, consolekit-0.4.5_p20120320-r1.ebuild: > Drop HPPA keywording (bug #438368). And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. (In reply to Pacho Ramos from comment #8) > (In reply to Samuli Suominen from comment #7) > > Ignore the earlier comment from me in this bug. Things are moving too fast. > > > > ALPHA, HPPA, MIPS, SH: > > package.use.mask 'pam' for sys-apps/systemd and sys-auth/consolekit because > > your arch doesn't have CONFIG_AUDITSYSCALL=y kernel feature that is required > > for getting /proc/<pid>/sessionid, loginuid, and such > > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care You mean package.use.mask instead of use.mask, but yes, we can mask it for rest. As per Comment #0 it looks like "SUPERH" == "SH" is supported afterall? So just arch/{alpha,mips}/package.use.mask left? (In reply to Samuli Suominen from comment #10) > And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. Since it's arguably the future of Linux, I'm working on that (see bug #480268). (In reply to Jeroen Roovers from comment #11) > (In reply to Samuli Suominen from comment #10) > > And HPPA won't keyword sys-apps/systemd? Then HPPA is done here. > > Since it's arguably the future of Linux, I'm working on that (see bug > #480268). OK, so you need 'sys-apps/systemd pam' in package.use.mask then (In reply to Samuli Suominen from comment #10) [...] > You mean package.use.mask instead of use.mask, but yes, we can mask it for > rest. As per Comment #0 it looks like "SUPERH" == "SH" is supported > afterall? So just arch/{alpha,mips}/package.use.mask left? + 01 Sep 2013; Pacho Ramos <pacho@gentoo.org> arch/alpha/package.use.mask, + arch/mips/package.use.mask: + CONFIG_AUDITSYSCALL=y is not implemented, bug #438368 + (In reply to Pacho Ramos from comment #8) > Except for hppa, I think that for the rest maintainer is allowed to add > things to use.mask (and, then, solve this for the other arches). For hppa I > guess Jeroen will take care consolekit and systemd are not keyworded for HPPA. Fixed? Alpha has gained CONFIG_AUDITSYSCALL support for 3.14, so once that is stable I guess we'll be able to unmask some of this. |