[Mageia-dev] systemd + ACL: Why it is broken.

Colin Guthrie mageia at colin.guthr.ie
Thu Aug 25 16:26:42 CEST 2011 

Ping!

Any thoughts on the below email?

Seeing as udev 173 has landed which removes supoprt for udev-acl, we
need to either back out 173 (or rebuild with udev-acl support) or we
need to use systemd with the below changes officially blessed!

Col

'Twas brillig, and Colin Guthrie at 04/08/11 18:43 did gyre and gimble:
> Hi,
> 
> OK, so the reason that device ACLs are kinda broken with systemd is
> because the acl stuff is being done twice, once via udev and again via
> systemd.... but sadly systemd gets it wrong as it's not aware of the
> user session, see:
> systemd-loginctl --no-pager
> 
> 
> This is due to the fact that some essential additions to
> /etc/pam.d/system-auth are not done when systemd is installed.
> 
> I added the following line to the end of my system-auth (the "login"
> file where console kit connector lies didn't work):
> 
> -session    optional      pam_systemd.so
> 
> 
> 
> The question is, how should we handle this? Edit the pam package and add
> it or do something more complex? AFAIK Fedora uses a system to manage
> these files called authconfig.... not sure if we could/should adopt
> that. I don't know much about it.
> 
> 
> 
> 
> On a related note, we'll also need to rebuild udev without udev-acl
> support, as this is now
> handled by systemd. At present, with the above fix to pam, I will be
> getting my ACLs written twice, which (when systemd knows I'm logged in)
> is fine. I think it's actually the default in udev 173, but
> we can do that manually with 172 via:
>   --disable-udev_acl
> in udev.
> 
> That said, this would commit us to systemd so we need to tread carefully
> here as without systemd, then the ACLs would not get written with
> obvious consequences (basically the exact opposite of now!).
> 
> Anyway, for now I have my ACLs back and can use my audio devices! Yay!
> 
> Col
> 
> 


-- 

Colin Guthrie
mageia(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
  Mageia Contributor [http://www.mageia.org/]
  PulseAudio Hacker [http://www.pulseaudio.org/]
  Trac Hacker [http://trac.edgewall.org/]

More information about the Mageia-dev mailing list