[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932047: lightdm: greeter session support for elogind

Sam,

Thanks for this, very helpful.

I have again tested both approaches and they both work and I can find no
breakage.

On Tue, Oct 11, 2022 at 03:30:12PM -0600, Sam Hartman wrote:
> I think we want something there that allows people to get third-party
> packages into the pam config.
> If common-session isn't going to be good enough, then I guess we'd need
> to create something on the PAM side.
> But let's explore whether common-session is good enough, because it does
> look like other display managers have similar architecture and manage to
> use common-session.

Testing with @include common-session:

test@debian-sid:~$ ps -Alf|grep lightdm
4 S root       23261       1  0  80   0 - 58787 -      11:04 ?        00:00:00 /usr/sbin/lightdm
4 S root       23266   23261  2  80   0 - 80210 -      11:04 tty7     00:00:25 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
4 S root       23327   23261  0  80   0 - 40649 -      11:05 ?        00:00:01 lightdm --session-child 15 26
0 S test       23435   23432  0  80   0 -  1627 -      11:18 pts/1    00:00:00 grep lightdm

> Here are my thoughts on testing common-session in the greeter config:
> 
> * Take a look at how things appear in logind--does the greeter appear as
>   a session?  If so does anything break because of that?  (Withd Gnome,
>   the greeter does not appear to appear in loginctl list-sessions)

Neither for lightdm-greeter:

test@debian-sid:~$ loginctl list-sessions
SESSION  UID USER SEAT  TTY 
      1 1000 test seat0 tty1
      7 1000 test seat0 

2 sessions listed.

> * What selinux context do things appear in.  This only matters if
>   selinux is already in your testing structure

I am not sure I have quite understood this, which testing structure are you
referring to here? SElinux is not in /etc/pam.d/lightddm-greeter, only
/etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin.

> * Does the structure  of keyrings look like you expect.
> 
> * Do you end up with a systemd for the greeter user (assuming you are
> using systemd).  If so, do you want one?

No

test@debian-sid:~$ ps -Alf | grep systemd
4 S root           1       0  0  80   0 - 42151 -      09:19 ?        00:01:04 /lib/systemd/systemd --system --deserialize 37
4 S message+     342       1  0  80   0 -  2309 -      09:19 ?        00:00:09 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
4 S root         345       1  0  80   0 -  3598 -      09:19 ?        00:00:05 /lib/systemd/systemd-logind
4 S test         437       1  0  80   0 -  3906 -      09:30 ?        00:00:08 /lib/systemd/systemd --user
4 S root        6919       1  0  80   0 - 12319 -      09:43 ?        00:00:16 /lib/systemd/systemd-journald
4 S systemd+   11560       1  0  80   0 - 22504 -      10:05 ?        00:00:02 /lib/systemd/systemd-timesyncd
4 S root       11591       1  0  80   0 -  6236 -      10:05 ?        00:00:06 /lib/systemd/systemd-udevd
0 S test       23149     437  0  80   0 -  2278 -      10:54 ?        00:00:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
0 S test       23439   23432  0  80   0 -  1627 -      11:18 pts/1    00:00:00 grep systemd

> My suspicion is that since this appears to be working for other display
> managers, it's all fine.

It seems that way to me as well.

> But those are the areas where trouble is most likely to show up.

Thanks

Best wishes

Mark
Reply to: