[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: all modern desktops need systemd, either send patches or life with it (Re: systemd now appears to be only possible init system in testing)

Vincent Lefevre <vincent@vinc17.net> writes:
> On 2014-07-22 19:54:10 -0700, Russ Allbery wrote:

>> logind is also not mandatory in Debian now.  It's just required,
>> upstream, by all the major desktop environments.

> Not just by all the major desktop environments. It is also needed by
> hplip via dependencies[*], which is quite surprising for a "HP Linux
> Printing and Imaging System".

> [*] hplip -> policykit-1 -> libpam-systemd -> systemd

> Or is there any abuse of a dependency here?

Someone with more detailed desktop knowledge should read this over and
correct it as necessary.  This is just my understanding of what's going
on, and I don't work with the software in question and could be wrong in
some details.

There is a general class of problems around "let the user on console do
<thing>" that were originally controlled via UNIX groups.  The problem
with doing this via UNIX groups is that either you need complicated PAM
machinery to add supplemental groups based on whether the user is on
console, or you have to change the security model to "users who are
allowed to use the console but may not be on console at this time," which
poses other problems.

PolicyKit provided an alternative way of handling those problems, and I
suspect that's why HPLIP depended on PolicyKit.  It allowed a more direct
expression of rules like "only users on console can do this."

However, PolicyKit has basically been orphaned upstream, replaced by the
rewritten polkit, and I believe polkit depends on logind to provide core
functionality around knowing what users are on console.  So anything that
had switched from something group-based for handling this problem to
PolicyKit has probably moved or is moving to polkit, which relies on
facilities currently only provided by logind.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: