[Mageia-dev] systemd + ACL: Why it is broken.
Colin Guthrie
mageia at colin.guthr.ie
Thu Aug 4 19:43:47 CEST 2011
Hi,
OK, so the reason that device ACLs are kinda broken with systemd is
because the acl stuff is being done twice, once via udev and again via
systemd.... but sadly systemd gets it wrong as it's not aware of the
user session, see:
systemd-loginctl --no-pager
This is due to the fact that some essential additions to
/etc/pam.d/system-auth are not done when systemd is installed.
I added the following line to the end of my system-auth (the "login"
file where console kit connector lies didn't work):
-session optional pam_systemd.so
The question is, how should we handle this? Edit the pam package and add
it or do something more complex? AFAIK Fedora uses a system to manage
these files called authconfig.... not sure if we could/should adopt
that. I don't know much about it.
On a related note, we'll also need to rebuild udev without udev-acl
support, as this is now
handled by systemd. At present, with the above fix to pam, I will be
getting my ACLs written twice, which (when systemd knows I'm logged in)
is fine. I think it's actually the default in udev 173, but
we can do that manually with 172 via:
--disable-udev_acl
in udev.
That said, this would commit us to systemd so we need to tread carefully
here as without systemd, then the ACLs would not get written with
obvious consequences (basically the exact opposite of now!).
Anyway, for now I have my ACLs back and can use my audio devices! Yay!
Col
--
Colin Guthrie
mageia(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mageia Contributor [http://www.mageia.org/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
More information about the Mageia-dev
mailing list