Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 600216

Summary: gnome-base/gnome-keyring: root instance of gnome-keyring-daemon spawned on every x11-misc/lightdm start attempt
Product: Gentoo Linux Reporter: Michał Górny <mgorny>
Component: Current packagesAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED OBSOLETE    
Severity: normal CC: alexander, hwoarang, polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/9973
Whiteboard:
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-19 07:03:42 UTC 
I've just had X11 failing to start and noticed that each attempt of starting lightdm resulted in a new gnome-keyring-daemon instance being started for root. Looks like pam_gnome_keyring is at fault here.

While failing X11 is a corner case and normally people won't have ton of gnome-keyring-daemons started, I don't see why it would need to start this daemon for root when starting a login manager.

Also, it should probably be capable of cleaning up after itself. I think the session end goes through PAM anyway, doesn't it?
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-19 07:05:55 UTC 
=================================================================
                        Package Settings
=================================================================

gnome-base/gnome-keyring-3.20.0::gentoo was built with the following:
USE="caps filecaps pam ssh-agent (-selinux) -test" ABI_X86="64"


x11-misc/lightdm-1.21.0::gentoo was built with the following:
USE="gnome gtk introspection -audit -kde -qt4 -qt5" ABI_X86="64"
Comment 2 Pacho Ramos gentoo-dev 2016-11-30 11:47:29 UTC 
Maybe it is a dupe of bug 516848... and maybe this could be checked:
https://bugs.gentoo.org/show_bug.cgi?id=516848#c7
Comment 3 Pacho Ramos gentoo-dev 2018-09-23 16:48:02 UTC 
please retry with pambase-20150213-r2
Comment 4 Alexander Tsoy 2018-09-25 15:12:40 UTC 
(In reply to Pacho Ramos from comment #3)
> please retry with pambase-20150213-r2
It doesn't fix the root issue IMHO. lightdm ebuild shouldn't replace pam.d/lightdm-greeter. I don't see the point in including system-local-login in it.
Comment 5 Alexander Tsoy 2018-09-25 15:23:24 UTC 
Lars, what do you think? pam.d/lightdm-greeter is only used by the greeter process, so it shouldn't include system-local-login. ebuild should just install upstream-provided config.

I see that fedora do the same:
https://src.fedoraproject.org/rpms/lightdm/blob/master/f/lightdm.spec
Comment 6 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-09-26 08:53:59 UTC 
Well, if this doesn't break my yubikey integration (which I need to test) I will merge it.
Comment 7 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-09-27 07:43:19 UTC 
Unfortunately your PR breaks yubikey integration (which I added into system-local-login). Any chance we can fix this but still keeping system-local-login in pam.d/lightdm-greeter?
Comment 8 Larry the Git Cow gentoo-dev 2018-09-27 08:11:48 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39b530b86790bb5d4a909118be9457be22cf7ad3

commit 39b530b86790bb5d4a909118be9457be22cf7ad3
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2018-09-25 16:09:46 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-09-27 07:41:13 +0000

    x11-misc/lightdm: use upstream lightdm-greeter pam config
    
    This pam configuration file is only used by the greeter process.
    Therefore is should't include system-local-login.
    
    Closes: https://bugs.gentoo.org/600216
    Package-Manager: Portage-2.3.49, Repoman-2.3.10
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/9973

 .../lightdm/files/lightdm-1.28.0-pam-greeter.patch |  10 ++
 x11-misc/lightdm/lightdm-1.28.0-r1.ebuild          | 144 +++++++++++++++++++++
 2 files changed, 154 insertions(+)
Comment 9 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-09-27 08:13:37 UTC 
commit a53723eb13bfa401e1b48c0041518bafd25b96dd (HEAD -> master, origin/master, origin/HEAD)
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Thu Sep 27 10:12:44 2018

    Revert "x11-misc/lightdm: use upstream lightdm-greeter pam config"
    
    This reverts commit 39b530b86790bb5d4a909118be9457be22cf7ad3.
    which was accidentally added.


Sorry for this...
Comment 10 Alexander Tsoy 2018-09-27 09:02:19 UTC 
(In reply to Lars Wendler (Polynomial-C) from comment #7)
> Unfortunately your PR breaks yubikey integration (which I added into
> system-local-login). Any chance we can fix this but still keeping
> system-local-login in pam.d/lightdm-greeter?
This particular bug is already fixed in pambase-20150213-r2. But I still think pam.d/lightdm-greeter shouldn't include system-local-login in the first place. IIUC the purpose of this pam config is to grant the user running lightdm-greeter GUI (if it is running as non-root user) permissions to reboot, shutdown, etc. The actual user logins should not be affected by this change.
Comment 11 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-09-27 09:10:10 UTC 
I can re-test this once again but what can we do here if it affects yubikey integration via system-local-login?
Comment 12 Pacho Ramos gentoo-dev 2020-09-19 19:10:22 UTC 
What action is pending here? Is this still valid?
Comment 13 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-09-20 05:55:14 UTC 
Well, right now I don't see any root-started gkd.
Comment 14 Pacho Ramos gentoo-dev 2024-07-17 09:06:13 UTC 
This looks obsolete now