I'm a GNOME 3.12 user that had various problems until I discovered the cause was gnome-keyring-daemon running as root. On my system the /usr/bin/gnome-keyring-daemon file has the setuid bit enabled: $ ls -l /usr/bin/gnome-keyring-daemon -rws--x--x 1 root root 940184 Jun 19 17:36 /usr/bin/gnome-keyring-daemon I can fix my problems if I run the following command and restart GNOME: # chmod 0711 /usr/bin/gnome-keyring-daemon But if I re-emerge gnome-keyring the setuid bit is enabled again, and I don't know why. It happens with all recent versions of the gnome-keyring package (namely 3.10.1, 3.12.0 and 3.12.2). I found bug 470666 that seems similar to mine. I hope this is not a duplicate. Anyway I think I don't have xattr enabled on my filesystem: $ mount | grep /dev/sda1 /dev/sda1 on / type ext4 (rw,relatime,data=ordered) $ emerge -pv gnome-keyring These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] gnome-base/gnome-keyring-3.12.2 USE="pam ssh-agent -caps -debug -filecaps (-selinux) {-test}" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB Reproducible: Always # emerge --info Portage 2.2.10 (default/linux/amd64/13.0/desktop/gnome/systemd, gcc-4.8.2, glibc-2.19, 3.15.0-gentoo-r1-cifs x86_64) ================================================================= System uname: Linux-3.15.0-gentoo-r1-cifs-x86_64-Intel-R-_Core-TM-2_Duo_CPU_E8400_@_3.00GHz-with-gentoo-2.2 KiB Mem: 8103664 total, 2808980 free KiB Swap: 0 total, 0 free Timestamp of tree: Sat, 14 Jun 2014 13:45:01 +0000 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p47 dev-lang/python: 2.7.6-r1, 3.3.5, 3.4.0 dev-util/cmake: 2.8.12.2-r1 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6, 1.12.6, 1.14.1 sys-devel/binutils: 2.24-r3 sys-devel/gcc: 4.8.2 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.14 (virtual/os-headers) sys-libs/glibc: 2.19 Repositories: gentoo bitcoin x-portage ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=native -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=native -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirror.switch.ch/ftp/mirror/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="xz" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/bitcoin /usr/local/portage" USE="X a52 aac acpi alsa amd64 bash-completion berkdb bzip2 cairo cdda cdr cli colord crypt css cxx dbus dri dts dvd dvdr eds emboss encode evo exif fam firefox flac gdbm gif gnome gnome-keyring gnome-online-accounts gstreamer gtk iconv introspection ipv6 jpeg latex lcms ldap libnotify libsecret lm_sensors mad mmx modules mp3 mp4 mpeg multilib nautilus ncurses networkmanager nls nptl opengl pam pango pcre pdf png policykit ppds pulseaudio qt3support qt4 readline samba scanner sdl session smp socialweb sound sse sse2 sse3 sse4_1 ssl ssse3 startup-notification svg systemd tcpd tiff truetype udev udisks unicode upower usb x264 xcb xml xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby19 ruby20" SANE_BACKENDS="snapscan" USERLAND="GNU" VIDEO_CARDS="intel i915 vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
Like I said in bug #470666, the solution is to set fcaps/suid only if USE=caps. And probably we should add a post-install message warning users who for whatever reason haven't enabled xattr on their filesystem.
What kind of problems are you getting now?
My only problem now is that if I re-emerge gnome-keyring I also have to remember to manually remove the setuid bit for /usr/bin/gnome-keyring-daemon, otherwise I have problems with Evolution (https://bugzilla.gnome.org/show_bug.cgi?id=728469) and Network Manager (https://bugzilla.gnome.org/show_bug.cgi?id=731372). In both cases I get the following error message: > Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached
+*gnome-keyring-3.12.2-r1 (23 Jun 2014) + + 23 Jun 2014; Alexandre Rostovtsev <tetromino@gentoo.org> + gnome-keyring-3.10.1.ebuild, gnome-keyring-3.12.0.ebuild, + gnome-keyring-3.12.2.ebuild, +gnome-keyring-3.12.2-r1.ebuild: + Apply cap_ipc_lock only if USE=caps, and never install gnome-keyring-daemon + as suid root since that breaks dbus activation (bug #513870, thanks to + Francesco Turco). Remove ancient libgnome-keyring pdepend, shouldn't be + needed now (bug #502434, thanks to Yaroslav Isakov).
