From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 06:03:13 2022
Received: (at submit) by debbugs.gnu.org; 4 Aug 2022 10:03:13 +0000
Received: from localhost ([127.0.0.1]:51334 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJXhA-0008Cv-Ls
	for submit@debbugs.gnu.org; Thu, 04 Aug 2022 06:03:13 -0400
Received: from lists.gnu.org ([209.51.188.17]:47100)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@muradm.net>) id 1oJXh8-0008Cn-7C
 for submit@debbugs.gnu.org; Thu, 04 Aug 2022 06:03:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40598)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@muradm.net>) id 1oJXh3-0008UD-Uu
 for bug-guix@gnu.org; Thu, 04 Aug 2022 06:03:07 -0400
Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:56972
 helo=nomad-cl1.muradm.net)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@muradm.net>) id 1oJXh2-0002VN-6c
 for bug-guix@gnu.org; Thu, 04 Aug 2022 06:03:05 -0400
Received: from localhost ([127.0.0.1]:33536)
 by nomad-cl1.muradm.net with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJXgV-0000Ku-2f
 for bug-guix@gnu.org; Thu, 04 Aug 2022 10:02:31 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; 
 s=mail;
 h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:
 Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=FXsQCo4n3WuhprTQ6Nk9NsXYsLr5Up3oa/nL/7WbZrY=; b=Qg4sQasb14tGVukIGE1bL54yki
 RLozMhjlQ6txliDXbOilN2RXOdFkv+AlGtd/Qi7ZbPdGz+9omcXfiwPRLMSLF0Xth9mhXwKTkEr00
 OFNQod7ry5HIYitKZWaePWuw5/ixnJA9kDwKeiEnOyQIlePuxkRy7PNrPCDsHXX5+k1HH99nGe41L
 qTw2ZNVvIV3bYYcviufwHvHLI/xqZmvmWGK4HxJ1eFEbSDP7yGjAo2YASlehkOnDkXA8N8rk4oBLW
 QhvBvmr4h9D8612gtA8N7zb9tj7g8mQ5Bo4zksH/00XRDDlqb+IEGO6IdXWXCXJbWdBeE6pGdFdIg
 eWwC1M10q1eDhablIuLW1Ltlifr20I9bx2FTAcsRkdaQQHeivHwGqwVjXWTAlbMITWtxH6HbidPot
 pIYc166c8F43H0FIyC18dluxs1+I6W+WOwbGAOwC0kYCs2Cy1jPzUlXVq71CljrU9j5M5fc/9Qnw3
 j8MCJoyQG5+OskmhpW64IEm4;
Received: from muradm by localhost with local (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJXgy-0003yr-2D
 for bug-guix@gnu.org; Thu, 04 Aug 2022 13:03:00 +0300
User-agent: mu4e 1.8.7; emacs 29.0.50
From: muradm <mail@muradm.net>
To: bug-guix@gnu.org
Subject: greeter user permissions are not enough to talk with seatd
Date: Thu, 04 Aug 2022 12:45:13 +0300
Message-ID: <87czdg2unf.fsf@muradm.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Received-SPF: pass client-ip=139.162.159.157; envelope-from=mail@muradm.net;
 helo=nomad-cl1.muradm.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain; format=flowed


Hi,

As per discussion here:
https://lists.gnu.org/archive/html/guix-devel/2022-08/msg00020.html

Above change reduced permissions of greeter user.
While it is ok for greeters that do not talk to seatd,
greeters talking to seatd lost access to seatd socket.
As result, greeter (e.g. gtkgreet) requiring communication
with seatd is failing to start, causing "black screen"
behavior on active terminal (switching to the other non seatd
related terminal is possible, for manual permissions
adjustment as workaround).

To address this issue, we need more flexible control over
seatd user/group, which creates seatd.sock, and greeter user
which connects to seatd.sock.

Other distros (Arch for instance) introduced "seat" group.
So user which wants to login on system controlled by seatd
should be member of that group.

However, not all greeters require that, so I decided to make
more flexible. Propsed solutions consists of:

* 56690 - gnu: seatd-service-type: Should use seat group.
With this change, if seatd-service-type is present in the
system configuration, "seat" group will be added, and seatd
will run as root/seat. Group is configurable, but default is 
"seat".

* 56699 - gnu: greetd-service-type: Add greeter-extra-groups 
  config field.
With this change, if user wants to use seatd-service-type with
greeter requiring seatd.sock, he can add "seat" group to
greeter-extra-groups field.

Thanks in advance,
muradm


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLrmVQACgkQ6M7O0mLO
BeJFohAAr/iwhBTm8Ge6F/u/RRnlewbKP5VcZaU2sR1ck6NqQ27eFU1Zn+ZqUDA9
6tWjCMg/lfpxBt91+V9HOdOQY+3v0Yno6SqkMODYsQFLB8w1LvHAchpJaju43Z21
B84viXLYJHFXKBQvWi9nuH8mB5q7icZ8bmGGqP/SXh7Gf4v1jeKJEHFl4Gmn0SW2
AGu9+rjE9WUlqhEKiYgXvok90WCHu0syBzGD9bpOfOHMvgOFsYLBqP7BSSm84Kso
VpT7+6ZB5Xh9De0BCFr4CUInKrSwmNJQEs7ShkXGfPVJHa1AGDSXdTwEURJRHYXZ
8erF9etX4J5Mi0lgT/hST8PCV18E0//le0WXs5PiYYnKfCHp/SmFqEI1aDkiFlEE
rCvKLiVedglaaUSxjx6uSSgjk5A1/SAZCFEgrMWlJsduKuXzkUsSyN+Ai/iQGn7I
UEqWbApWRXdJrBbviAb5LtokVAelnT9KksXlxXiANLLXUN6xds1IuR/nBZekqi3K
YK/U4CSNhv+Bpdd5fgat58t2l9nY23ELAe4IORSPzpmNGEcMHUkadesuaSdaMgZs
f0YwGKFQ44KzHYazrcQKwl+RljGggL7MfsUOrK5J0AJscZGLSuDKGYAg9jIoIRtZ
s8KvNOcocG5o+/Li1utgPIIYwTROFc1rV7FMrwUIKuypCbTQak4=
=fLZ+
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 07:08:09 2022
Received: (at 56971) by debbugs.gnu.org; 4 Aug 2022 11:08:09 +0000
Received: from localhost ([127.0.0.1]:51418 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJYi1-0001fB-2w
	for submit@debbugs.gnu.org; Thu, 04 Aug 2022 07:08:09 -0400
Received: from mailrelay.tugraz.at ([129.27.2.202]:22771)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@ist.tugraz.at>)
 id 1oJYhy-0001ey-Ba; Thu, 04 Aug 2022 07:08:07 -0400
Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4Lz5YZ40yCz1LX55;
 Thu,  4 Aug 2022 13:08:02 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4Lz5YZ40yCz1LX55
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1659611282;
 bh=fAtWVJ1a/HiXTuLhmLuKHny1WNzS6phcFHa0PCKyLRY=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
 b=P5JlhKlM9I4frLW42tjdiWAs0IgKExAk54O2eo0Ofsm/W5iQS8jKkMuayix8Xbn05
 iaIH70WJTjLz7T3NLqI6+o2/m0rCa5lavNsstPj2Vz44M+AXUhXoKkfm4VrdwVrXCB
 QwgxPcZhiYno5WnjTqDbLR04aFkn7CPwQa9CBUIA=
Message-ID: <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
To: muradm <mail@muradm.net>, 56971@debbugs.gnu.org
Date: Thu, 04 Aug 2022 13:08:01 +0200
In-Reply-To: <87czdg2unf.fsf@muradm.net>
References: <87czdg2unf.fsf@muradm.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56971
Cc: control@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

block 56971 by 56690 56699
thanks

Hi muradm,

Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm:
> [...] greeter (e.g. gtkgreet) requiring communication
> with seatd is failing to start, causing "black screen"
> behavior on active terminal (switching to the other non seatd
> related terminal is possible, for manual permissions
> adjustment as workaround).
> 
> To address this issue, we need more flexible control over
> seatd user/group, which creates seatd.sock, and greeter user
> which connects to seatd.sock.
Okay.

> However, not all greeters require that, so I decided to make
> more flexible.
Flexibility for its own sake is not always the right solution.  On the
other hand, looking at the two patches, it appears they are to be used
in combination?

>  Propsed solutions consists of:
> 
> * 56690 - gnu: seatd-service-type: Should use seat group.
> With this change, if seatd-service-type is present in the
> system configuration, "seat" group will be added, and seatd
> will run as root/seat. Group is configurable, but default is 
> "seat".
Why just the group and no user?  Is it not possible to launch seatd as
non-root?

> * 56699 - gnu: greetd-service-type: Add greeter-extra-groups 
>   config field.
> With this change, if user wants to use seatd-service-type with
> greeter requiring seatd.sock, he can add "seat" group to
> greeter-extra-groups field.
Note that you still have a TODO on that patch.

Cheers




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 09:10:02 2022
Received: (at 56971) by debbugs.gnu.org; 4 Aug 2022 13:10:02 +0000
Received: from localhost ([127.0.0.1]:51570 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJabx-0000ip-K5
	for submit@debbugs.gnu.org; Thu, 04 Aug 2022 09:10:02 -0400
Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:52448
 helo=nomad-cl1.muradm.net)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@muradm.net>)
 id 1oJabv-0000iG-Bk; Thu, 04 Aug 2022 09:10:00 -0400
Received: from localhost ([127.0.0.1]:47754)
 by nomad-cl1.muradm.net with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJabL-0000WH-34;
 Thu, 04 Aug 2022 13:09:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; 
 s=mail;
 h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To
 :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=EoTFRh1mg+ibNGK4kDejVKqyjYI1neydj5gEU8HtRF4=; b=s8qkTpKn2XCJ6wIhdhbZibepcP
 5HFJvrSHeVCxkRB0UnR3LOJljt1YJK7AWSI3FYGL59AGINlph0qKX1Zplmpv3sNflzdCilVd6qK6C
 zYIPvzYXOCAlS7XrUxXp80Ewp1i2ZpV0vUZ4H2H7qhZe86miM+P7BxAk/0SzOFqUDZaHl6UOoJrkX
 RsYMI7/hyWDb1T9AL17CsPgZYqeKvBorz8ZoLexr/ExWbsBtIQ0BBilL6ZuGTa+xWFGOayniY3hAZ
 j9k5igwtSG+GqIcQJh+TexFsnl5P2Odz8iYffCLs4e+BDiXSbetAs3vt5/kXWd03jKcd/VIqjAQAM
 tUo1r8fYn6JCd1Z4Rr+yF5ASzCAcuCXvSIxfQDREBDBdKh+KWEmqSCz/y4lw21k5JzcymIvdtKgis
 zQU23vdsDibY9PeGEsZt+K71AWZczfUjT++EHtEd9KI0oygTZr4FidELHIBwEriE2gd2JyCBgouKF
 SgoZ2MQKxTkZwKvH045mTWZk;
Received: from muradm by localhost with local (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJabm-0004pC-1k;
 Thu, 04 Aug 2022 16:09:50 +0300
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
User-agent: mu4e 1.8.7; emacs 29.0.50
From: muradm <mail@muradm.net>
To: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
Date: Thu, 04 Aug 2022 15:52:32 +0300
In-reply-to: <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
Message-ID: <874jys2m01.fsf@muradm.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 56971
Cc: control@debbugs.gnu.org, 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:

> block 56971 by 56690 56699
> thanks
>
> Hi muradm,
Hi Liliana,

> Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm:
>> [...] greeter (e.g. gtkgreet) requiring communication
>> with seatd is failing to start, causing "black screen"
>> behavior on active terminal (switching to the other non seatd
>> related terminal is possible, for manual permissions
>> adjustment as workaround).
>>
>> To address this issue, we need more flexible control over
>> seatd user/group, which creates seatd.sock, and greeter user
>> which connects to seatd.sock.
> Okay.
>
>> However, not all greeters require that, so I decided to make
>> more flexible.
> Flexibility for its own sake is not always the right solution.=20
> On the
> other hand, looking at the two patches, it appears they are to=20
> be used
> in combination?
>
No, technically they are not strongly dependent on each other,
could be applied one after another in no particular order.
After both are applied, in cooperation they address this issue.

>>  Propsed solutions consists of:
>>
>> * 56690 - gnu: seatd-service-type: Should use seat group.
>> With this change, if seatd-service-type is present in the
>> system configuration, "seat" group will be added, and seatd
>> will run as root/seat. Group is configurable, but default is
>> "seat".
> Why just the group and no user?  Is it not possible to launch=20
> seatd as
> non-root?
seatd provides a way for display servers to access input/output=20
devices
without having to be root. So seatd it self has to run as root.
When seatd opening socket as root/seat, all members of seat would
be able to communicate with it. Also socket could be opened with
seat/seat for instance, but there is no specific point in doing=20
so.
Will be one more unused system user around.
Arch seems to follow similar way, root/seat is ok for socket.
Also will signal that seatd is running as root.

>> * 56699 - gnu: greetd-service-type: Add greeter-extra-groups
>> =C2=A0 config field.
>> With this change, if user wants to use seatd-service-type with
>> greeter requiring seatd.sock, he can add "seat" group to
>> greeter-extra-groups field.
> Note that you still have a TODO on that patch.
That TODO is from the initial commit, it is about cgroup file
system mounting, and totally out of scope of this issue.

> Cheers
Thanks in advance


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLrxR4ACgkQ6M7O0mLO
BeIiCA/+Ih2VS0QORe/ZLten/R8BQ/UczQtURdpatoidf55hTP3Kd/AE5xLWRw8U
fUEjCsbEOSJQlZ92BmXcH6gSQenGBsL1p6xtKjm5rEdzza6dYEdeePI8oNzd7/Jf
QkmY/Yt7MbJ6Oi5db1fSTDhyQk8d+YIYNNrXSFpvjGnmFdwuN53rCw47V6nJSQ5U
+mQp4ypkZMh6BPwJH4CBjBP2pWmXI/X5Jn/lW92CbIRrH/CFnRlj/OWFnjJzbSef
4uciS0XeGkFQnVAxAgRl5DMEjESrx8dJL0cOLzu8h0c2k7l1fU2hG71ugn1fEnij
na0zeWElfwAaXSIpHiftCwa0aKHsepm1gDuwWjkOzyV5lGr3zopFkRE0Mcuf1JUn
jmm2Vc9rb0eQBLa46X6pkwZKRho3tzE+BxP64wvrUlFzhaRHKF5brquseqLQL7WU
0RUgAXm66f3OkJHQAiI8vmwKB7JlqHfOp8bDvVaTrkkEBMaSqWOerT80MOl5P8QV
rKGgzS8dw+vT7ilGG+hfj4rVfY9fF8IEzXFusKJPfE3MuCDSkD2BySs0ZR87fHil
9JbOcsiDDXAJEoaJ5WuVzpcee6Ux0i6ZIIad/B3cdqA73P9cbV1gI4yvvYCD/Nq0
gXKl2T2uWLAwnVBtKEA1WclVNnRdR8v8j8r0KZkVVLhB/RknmG8=
=ExNC
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 05 02:11:36 2022
Received: (at 56971) by debbugs.gnu.org; 5 Aug 2022 06:11:36 +0000
Received: from localhost ([127.0.0.1]:55771 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJqYW-0004D9-Rp
	for submit@debbugs.gnu.org; Fri, 05 Aug 2022 02:11:36 -0400
Received: from mailrelay.tugraz.at ([129.27.2.202]:31783)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@ist.tugraz.at>)
 id 1oJqYQ-0004Cq-EW; Fri, 05 Aug 2022 02:11:31 -0400
Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4LzZwp37t2z3wd1;
 Fri,  5 Aug 2022 08:11:22 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1659679882;
 bh=W6Jdf6pLwHs4rgV3+U9BDIGhWJe0zzyK4OTwNycrO3E=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=OgAwjNM21hksZLd4zfk/87kzhowhKRycSNTaX1IsT8i12U5eORyBlSRCkQPWmF2RT
 YfkSzYT6juHzhgHjdPQ+epk+UKfwuBiCHj3ZeNs/AnHq10npN+YOzJ7qD3f/DboIi2
 +wMzjQvn69lvuMsIVlcXK7iCXGdjqfJ+HPFYI/aU=
Message-ID: <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
To: muradm <mail@muradm.net>
Date: Fri, 05 Aug 2022 08:11:21 +0200
In-Reply-To: <874jys2m01.fsf@muradm.net>
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
 <874jys2m01.fsf@muradm.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56971
Cc: control@debbugs.gnu.org, 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm:
> 
> Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
> 
> > [...] [L]ooking at the two patches, it appears they are to 
> > be used in combination?
> > 
> No, technically they are not strongly dependent on each other,
> could be applied one after another in no particular order.
> After both are applied, in cooperation they address this issue.
This is what I'm saying, albeit in different words.  As far as I
understand, neither of these patches really accomplishes anything if
not put together.  Thus, you more or less opened three issues to
address one.

> > 
> seatd it self has to run as root.
Okay.

> That TODO is from the initial commit, it is about cgroup file
> system mounting, and totally out of scope of this issue.
I didn't mean your code, I meant a suggestion from a reviewer that you
haven't addressed yet (to my knowledge at least).

Cheers




From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 05 02:56:28 2022
Received: (at 56971) by debbugs.gnu.org; 5 Aug 2022 06:56:28 +0000
Received: from localhost ([127.0.0.1]:55906 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJrFz-0007c4-LH
	for submit@debbugs.gnu.org; Fri, 05 Aug 2022 02:56:27 -0400
Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:44296
 helo=nomad-cl1.muradm.net)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@muradm.net>)
 id 1oJrFy-0007bm-Bx; Fri, 05 Aug 2022 02:56:27 -0400
Received: from localhost ([127.0.0.1]:48190)
 by nomad-cl1.muradm.net with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJrFO-0000ka-0f;
 Fri, 05 Aug 2022 06:55:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; 
 s=mail;
 h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To
 :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=gjWarPNLax8K4Ja+fI9L7SKP6wbJv1vme2kZByFbgws=; b=MGUBxBVLg18BFxNeaz2lUuwJxf
 phaQvERNHuMPKY5wIXG/x4awDuAubxVK0j2dheJ/n+t6mq76YpBPKaEMt06g6ipGDefGS7MykEmPE
 LQ6/ysR0A/+TesgDwUlQEoW9HKPJwJ1I51TrY/bZgiJJhFo6WOdroNxyNXLisgqoEBSbhoKYcXi8C
 v65SAIr0aAMdto08RaiJuLUf4Kh0N5j6sBTVCg/HBagRbic/H14SjapZYMJOLmsOkoe3132yxuNho
 nKEpmTY4Arvj7OC6kbr6TEG6azA6o6NVGyTnxDsKiKElbwdsMgEu5eG9PunwfO8nxKGW92ypx3Rk6
 Gpq46deOOHskMXRL9lvsXVVALVDStLNgJbhDWcHpRW2/2O8m2KfFsA5XiGUy2FtRumhoj+CbV12TB
 KsQgUv7CjqVcaP34ux5aRikgbvIicQokWZ/8Oy5V/5slquBQG0Z/08iIiMMfJNNLaW3h7OX1qX4zq
 nJdXHBubBZAqvfQNTi/tS8UV;
Received: from muradm by localhost with local (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oJrFs-0007Qo-0H;
 Fri, 05 Aug 2022 09:56:20 +0300
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
 <874jys2m01.fsf@muradm.net>
 <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
User-agent: mu4e 1.8.7; emacs 29.0.50
From: muradm <mail@muradm.net>
To: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
Date: Fri, 05 Aug 2022 09:48:21 +0300
In-reply-to: <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
Message-ID: <87r11v18mk.fsf@muradm.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 56971
Cc: control@debbugs.gnu.org, 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; format=flowed


Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:

> Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm:
>>
>> Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
>>
>> > [...] [L]ooking at the two patches, it appears they are to
>> > be used in combination?
>> >
>> No, technically they are not strongly dependent on each other,
>> could be applied one after another in no particular order.
>> After both are applied, in cooperation they address this issue.
> This is what I'm saying, albeit in different words.  As far as I
> understand, neither of these patches really accomplishes 
> anything if
> not put together.  Thus, you more or less opened three issues to
> address one.
Really I don't know what to comment here else. My analysis showed
two independent issues, one is that seatd should have a declared
group so that users of it could join it. This issues is not 
specific
to greetd/greeter in any way. Any other greeting mechanism could
fall short on this. And second, greeter today required conditional
group to interact with seatd, or it could be any other group like
input, usb, modem or else depending on user setup.
Solutions are offered accordingly. Third issue, this bug I was
asked to open. I don't understand, is it a sin to have multiple
issues, or what is the problem here?

>
>> >
>> seatd it self has to run as root.
> Okay.
>
>> That TODO is from the initial commit, it is about cgroup file
>> system mounting, and totally out of scope of this issue.
> I didn't mean your code, I meant a suggestion from a reviewer 
> that you
> haven't addressed yet (to my knowledge at least).
done

>
> Cheers


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLsvxMACgkQ6M7O0mLO
BeI5lBAAioynCgDd0ltCYi631xZwj0FxEFYSfN+V7h8OeOejwEbz8gJ6N38hNLTC
yeoz8LnGapDH3ysf49KsMHw7u0gXb3WKuUGUIrKtXTk7FKHBQ6iZ1W3R3IsGaVY+
nCLci4SsrocwTHWhPV9bCS+ysRR9VqNUdKBX+06VoQRxlzMwie/eVXFtqyKEgQ+v
sWi8trAMgrU/J8kEAZcit9pBDwz3zTTMeQjljVqpO5k3RbzSl6sjtw1gNZA/aGEw
77DnZ7IUHwJw6xcmGO6w/dmOywAeaD/hW+Uuu3Z/zwlh62q79rMNbD57bGHE7zYb
afUB5WKEZfpdiNw+JR4mLPaHFDPL7DTwBwxoHCPqCK53t7VkFKTdCNa67rsOsZsY
IwjmjnwOYOhk3MOra+EwZOb51fEL+Oxu3497I5wGfPxabHvhnpKKJrzKM20lP3yo
akgcxZf/6qQfebM2LFYdB+yeZ3NJX5lIkhcenlJvH7F47X4jD20gMYP4Uk9W1DzC
NotVcUl0MRzMbVLSbZq7RJZhxnxrNOZeckoemDmojlhiL2KS32irVof7HF+J56NW
axzvkhJJj8MHWArvMgrR24Qre2rQnFcxDA08tfpOQykY/uqBB3PZMRIVtSxwIoK7
hYBgM2ZU3Vx0NJV4N2YJ/oZC7VgmXbdRh0f1TZVml+RMiIXGIc0=
=SiA5
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 05 04:04:58 2022
Received: (at 56971) by debbugs.gnu.org; 5 Aug 2022 08:04:58 +0000
Received: from localhost ([127.0.0.1]:56063 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oJsKI-0005O9-GN
	for submit@debbugs.gnu.org; Fri, 05 Aug 2022 04:04:58 -0400
Received: from mailrelay.tugraz.at ([129.27.2.202]:54691)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@ist.tugraz.at>) id 1oJsKG-0005O0-EG
 for 56971@debbugs.gnu.org; Fri, 05 Aug 2022 04:04:56 -0400
Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4LzdRn1xWcz1LZXM;
 Fri,  5 Aug 2022 10:04:53 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4LzdRn1xWcz1LZXM
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1659686693;
 bh=meQ4eBCBLhNJ0wedBtP4BQoIIQubw2JwWoMB48Dm42E=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
 b=sXcSmyBkywGu+JAOa8+gl9D3MKuN8ASQo+ntED2DrZYKoARq5EoSfTIBMP4GJ63ni
 xGFkSKN3JgCbj8S5N5Xfxbl+QEIShN6wvydYtf3X37xXAoChZNrWJ1auHW/Eta4nmB
 +26kXpw8YlQRRJGuixKwx6qqxd7PdiEdh/ZJIeos=
Message-ID: <128b8b30d46a357318bad98c3f11bceb8adbb8ca.camel@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
To: muradm <mail@muradm.net>
Date: Fri, 05 Aug 2022 10:04:52 +0200
In-Reply-To: <87r11v18mk.fsf@muradm.net>
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
 <874jys2m01.fsf@muradm.net>
 <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
 <87r11v18mk.fsf@muradm.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56971
Cc: 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Am Freitag, dem 05.08.2022 um 09:48 +0300 schrieb muradm:
> 
> Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
> 
> > Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm:
> > > 
> > > Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
> > > 
> > > > [...] [L]ooking at the two patches, it appears they are to
> > > > be used in combination?
> > > > 
> > > No, technically they are not strongly dependent on each other,
> > > could be applied one after another in no particular order.
> > > After both are applied, in cooperation they address this issue.
> > This is what I'm saying, albeit in different words.  As far as I
> > understand, neither of these patches really accomplishes 
> > anything if
> > not put together.  Thus, you more or less opened three issues to
> > address one.
> Really I don't know what to comment here else.  My analysis showed
> two independent issues, one is that seatd should have a declared
> group so that users of it could join it.  This issues is not 
> specific to greetd/greeter in any way.  Any other greeting mechanism
> could fall short on this.
But it is greetd that does, no?  If there are other greeting mechanisms
currently packaged in Guix falling short of this, please do tell.

> And second, greeter today required conditional group to interact with
> seatd, or it could be any other group like input, usb, modem or else
> depending on user setup.
> Solutions are offered accordingly. Third issue, this bug I was
> asked to open. I don't understand, is it a sin to have multiple
> issues, or what is the problem here?
It is not really a problem, but an observation.  I personally think a
single series that has both patches would have been more visible than
this thing split across three topics for two patches.  There is a small
overhead if you have to consider merges and blocks, even if debbugs
supports them.

Cheers




From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 07 16:53:24 2022
Received: (at 56971) by debbugs.gnu.org; 7 Aug 2022 20:53:24 +0000
Received: from localhost ([127.0.0.1]:38386 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oKnH2-0007Gw-1l
	for submit@debbugs.gnu.org; Sun, 07 Aug 2022 16:53:24 -0400
Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:48462
 helo=nomad-cl1.muradm.net)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@muradm.net>) id 1oKnH0-0007Gj-79
 for 56971@debbugs.gnu.org; Sun, 07 Aug 2022 16:53:22 -0400
Received: from localhost ([127.0.0.1]:40760)
 by nomad-cl1.muradm.net with esmtps (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oKnGN-0001Ya-0a;
 Sun, 07 Aug 2022 20:52:43 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; 
 s=mail;
 h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To
 :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=Q87vRnlzBiIv3KDcKJowBl8kVH1WQkiyICAu2pjq7wE=; b=sHnlZd+T5Mei4l7BnPib9/5dC3
 5dTEaotuFrLjzeHzjbdHqDSHvI5iurgJdhe4TaTv7hqok1hhvJeiYWjDzICebfMOABXgt01vSIu+b
 EvF/CoT/7wa1ALOnq18r4+t8k5Ew8WvKjyTbWAqtWdl2EwTlECQOnfWVQ4hYbcLuzLh0fDtOmUULc
 4ZoJiA/E6faMNxzXX7aajRKQldqCvy0KCa26jAsfJ8xEXTYvdPB/aqA9i3ZhsHUQfL9w5PK8Gs2UY
 wfkR4VyAMEty5a1Y3ZWJMkd8sGy8rO2/q4g2mdb8wE2XTPJZVzCLh5mstp6vffRHcgvmj1cnWWpyD
 RhTN9vPSkFahipF2Pt97ior2BFbC7ofyMyXopSM2SM2yl6YnAafmzEhSTWZt2aSOMVTeslp5VBPwO
 79CBPgye9h25Ik28OQG4g93vg7HX0V8dyOTdy6oRfgCu9g4bhVl+G77KZ7F8CwqXsF6zGZoaOsc32
 JcOsNI2f+IO1OgKVBMBjDAyH;
Received: from muradm by localhost with local (Exim 4.96)
 (envelope-from <mail@muradm.net>) id 1oKnGl-0004bY-2M;
 Sun, 07 Aug 2022 23:53:07 +0300
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
 <874jys2m01.fsf@muradm.net>
 <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
 <87r11v18mk.fsf@muradm.net>
 <128b8b30d46a357318bad98c3f11bceb8adbb8ca.camel@ist.tugraz.at>
User-agent: mu4e 1.8.7; emacs 29.0.50
From: muradm <mail@muradm.net>
To: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
Date: Sun, 07 Aug 2022 23:48:36 +0300
In-reply-to: <128b8b30d46a357318bad98c3f11bceb8adbb8ca.camel@ist.tugraz.at>
Message-ID: <878rnz22to.fsf@muradm.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
 > Am Freitag, dem 05.08.2022 um 09:48 +0300 schrieb muradm: >> >> Liliana
 Marie Prikler <liliana.prikler@ist.tugraz.at> writes: >> >> > Am Donnerstag,
 dem 04.08.2022 um 15:52 +0300 schrieb muradm: >> [...] 
 Content analysis details:   (1.7 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
 [URIs: muradm.net]
X-Debbugs-Envelope-To: 56971
Cc: 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.7 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:

> Am Freitag, dem 05.08.2022 um 09:48 +0300 schrieb muradm:
>>
>> Liliana Marie Prikler <liliana.prikler@ist.tugraz.at> writes:
>>
>> > Am Donnerstag, dem 04.08.2022 um 15:52 +0300 schrieb muradm:
>> > >
>> > > Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>=20
>> > > writes:
>> > >
>> > > > [...] [L]ooking at the two patches, it appears they are=20
>> > > > to
>> > > > be used in combination?
>> > > >
>> > > No, technically they are not strongly dependent on each=20
>> > > other,
>> > > could be applied one after another in no particular order.
>> > > After both are applied, in cooperation they address this=20
>> > > issue.
>> > This is what I'm saying, albeit in different words.=C2=A0 As far=20
>> > as I
>> > understand, neither of these patches really accomplishes
>> > anything if
>> > not put together.=C2=A0 Thus, you more or less opened three issues=20
>> > to
>> > address one.
>> Really I don't know what to comment here else.  My analysis=20
>> showed
>> two independent issues, one is that seatd should have a=20
>> declared
>> group so that users of it could join it.  This issues is not
>> specific to greetd/greeter in any way.  Any other greeting=20
>> mechanism
>> could fall short on this.
> But it is greetd that does, no?  If there are other greeting=20
> mechanisms
> currently packaged in Guix falling short of this, please do=20
> tell.
Point is not that "there are any/others affected", the point is,=20
that
seatd is providing and interface, and currently it has a problem,
which is wrong permission.

>> And second, greeter today required conditional group to=20
>> interact with
>> seatd, or it could be any other group like input, usb, modem or=20
>> else
>> depending on user setup.
>> Solutions are offered accordingly. Third issue, this bug I was
>> asked to open. I don't understand, is it a sin to have multiple
>> issues, or what is the problem here?
> It is not really a problem, but an observation.  I personally=20
> think a
> single series that has both patches would have been more visible=20
> than
> this thing split across three topics for two patches.  There is=20
> a small
> overhead if you have to consider merges and blocks, even if=20
> debbugs
> supports them.
This is phylosophical topic, which I suppose is not in the scope.

>
> Cheers


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmLwJjMACgkQ6M7O0mLO
BeLj5g//Xz31sWuZOHoRvSija7lhQfiJm8ZFeakHqKfPC1vWf6e/zWccnPFk6dt1
L1QqJoxl7edaHDob0rRfoSZ+oPASRCgi3+ur+OjXsU66XTkN7tumUgbhVWPB5SEa
d2zZqXHEUx9M8pE4yH58vzgv/RM+6MZ83vLsNgU5o8PM+/I75EpiIkBzwddAExtW
rjBHoAAa+GanLoIhNrc7TbaHmB2Ve02OZyYucS4g0I+iiuPZ8Xh3nGtUf+NNYSOb
6QoHiazlEcPGZ5AB093tzIYcAVeIP/V2IHHquUa5fPsB4ATGrT7CEqUju2w0fOox
H7LbYELaewTEmaA9zEbkBUuzgE2ICg4/m88Zq/HHKw36SHHfjh0vtRSp0HkD4LSX
VOvINfirzM+re3jBnDkmvNZtx4mv7w1LcRN3FBjI/4kKxLZ3E5oxT70WWg2PQz2d
wz8L8oHn6WRqL8uerjoIA+ztaj/ZVYTQEZi+8cmmmYwTf9SqjFDYJ1G6xmX9dv4Y
GZ1dtA0sH/e94c0cybtnCMuILbpsntlj1vKo/62HB+B1lwsmEJgTrwRgrnrSSvAI
R9CWxHEgd2wR1u6PRpDRD9871o2wETNI5bCQTQFVunsRC6sMKBfbpAHqxa5IPXwK
ATFRWRMsF9aT6ywP9dkXXUaQ3CV/XVXR8uTmNg5F0j3hDcAWq6I=
=7zfp
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 08 01:54:41 2022
Received: (at 56971) by debbugs.gnu.org; 8 Aug 2022 05:54:41 +0000
Received: from localhost ([127.0.0.1]:38788 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oKviq-0002Nt-TK
	for submit@debbugs.gnu.org; Mon, 08 Aug 2022 01:54:41 -0400
Received: from mailrelay.tugraz.at ([129.27.2.202]:33475)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@ist.tugraz.at>) id 1oKvio-0002Nm-RZ
 for 56971@debbugs.gnu.org; Mon, 08 Aug 2022 01:54:39 -0400
Received: from lprikler-laptop.ist.intra (gw.ist.tugraz.at [129.27.202.101])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4M1QQ41vqGz1LXsR;
 Mon,  8 Aug 2022 07:54:36 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4M1QQ41vqGz1LXsR
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1659938076;
 bh=lMINRT6A/EM3LOT88Obm5I8wE9t+elHROKVfWf7l864=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
 b=WcYe8kLwb1LI1RzL41U9IL0ejJ7HL8PlTV3uB+VuA6F51RB/dzJgt1UAlHvzIenme
 XwOztgS4qUTy3XVYPmkXZZIJSEZEGHofEY1nw0Ux8eMF1uidZdKCUv1Lo2y/103e9V
 ikjdTnGfkczDH3Bm1oMQdianZhyjqlJCTbQwOtaY=
Message-ID: <4ae0bdd4719993c471d2d58917fdddf63fcdf710.camel@ist.tugraz.at>
Subject: Re: greeter user permissions are not enough to talk with seatd
From: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
To: muradm <mail@muradm.net>
Date: Mon, 08 Aug 2022 07:54:35 +0200
In-Reply-To: <878rnz22to.fsf@muradm.net>
References: <87czdg2unf.fsf@muradm.net>
 <b5687a1a3eebc0cce2564634bc4e191cf7abd931.camel@ist.tugraz.at>
 <874jys2m01.fsf@muradm.net>
 <f87faa9307a2e57dd18cebfe93559b3261171695.camel@ist.tugraz.at>
 <87r11v18mk.fsf@muradm.net>
 <128b8b30d46a357318bad98c3f11bceb8adbb8ca.camel@ist.tugraz.at>
 <878rnz22to.fsf@muradm.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TUG-Backscatter-control: waObeELIUl4ypBWmcn/8wQ
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56971
Cc: 56971@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Am Sonntag, dem 07.08.2022 um 23:48 +0300 schrieb muradm:
> Point is not that "there are any/others affected", the point is, 
> that seatd is providing [an] interface, and currently it has a
> problem, which is wrong permission.
But there are two sides in this permission issue.  Note that the
subject line of the email is the inverse of what you just said.  Note
further how this issue doesn't require a single, but two patches to
solve, which are currently marked as blockers.  These are obviously
related.

Cheers




From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 26 13:06:24 2022
Received: (at 56971-done) by debbugs.gnu.org; 26 Aug 2022 17:06:24 +0000
Received: from localhost ([127.0.0.1]:54443 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oRcmm-0003f3-Fb
	for submit@debbugs.gnu.org; Fri, 26 Aug 2022 13:06:24 -0400
Received: from mail-ed1-f66.google.com ([209.85.208.66]:41880)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <liliana.prikler@gmail.com>)
 id 1oRcmk-0003eg-Hk; Fri, 26 Aug 2022 13:06:23 -0400
Received: by mail-ed1-f66.google.com with SMTP id r4so2842398edi.8;
 Fri, 26 Aug 2022 10:06:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:user-agent:references
 :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc;
 bh=R5pccjLrlLzHRCNClyFJaBTZxihFucSVIEKw2qXsC38=;
 b=PCsIK8lNClxv4Pl8cTED74GP2jDZSr3LT1h2128185CqcwOExrRvgy4K60IEYFwL5a
 AaBjgIWBvynNU2lR6R4PwpHNWNBUI95aqGsd6+0t8cGmjWhuMgCc/N6y6BmHBuVhyWQ+
 hRrVLFejfpsx1czkjo6Gp6b4lA9faqAcfmkeG+eQjhuZuHxb2CYvpX9ryd5pbdZ1pNlM
 tK54UQgEk9jhNCYGusWPIFmP6W/tT+g6T/cjfcQjPgOh1p2SfRx1Y+LVrQm2IJ4CYdH8
 qpCExr/ZtRZ1PulglgSzYp0QnfULvhgPBlYF2s/Vnsye5Mjxtt6zQY+ht9YpMOM2BQZX
 w4ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:user-agent:references
 :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
 :from:to:cc;
 bh=R5pccjLrlLzHRCNClyFJaBTZxihFucSVIEKw2qXsC38=;
 b=eK5jDR4xmuwmj28OKyei0kuM5e/Z2pzg7KgzXb2xX1cmP3avTiTdWVqTbx+fHcfejT
 qwitXrPs6fOWY9lA1Odvo40FeQP3cnVuNJigfnCGRQQXP33hzkJ4rz/WGrA6NmOV5YA9
 k7Gdhh3qljXaaUVEdG9CRVDYEPNxv79aVwX1t8REp0Xw1j6DAjE4HJPq0McAPIbg0Rex
 1iLRf/gKjt9cAwz015O8haWAJo2K6bk9W9xlqhRPGwezizrDCR81yWNcM6APUBcY6KJv
 2nI47eFSrTbVAqTVMgMilC89rJcnzaY8nYFu1z5Dd6Ddw1D+TuHnBrNPuAGoSEg6KHyk
 kjRw==
X-Gm-Message-State: ACgBeo3T+5cBXi497hmxmYMwEkKevuZGev59GSCwKNVlmr8pyDDD1y6a
 3ZBNT1IPvD9mRWFZ98IkM/0=
X-Google-Smtp-Source: AA6agR5e09Yu3j5mSpBZ3Hwg6QnbyKMWlHD/zKpGHw2la/ELb1RhFCfK+l2o9NTGMgIlKa0l7BHVHQ==
X-Received: by 2002:a05:6402:5212:b0:446:6910:5549 with SMTP id
 s18-20020a056402521200b0044669105549mr7525534edd.345.1661533576745; 
 Fri, 26 Aug 2022 10:06:16 -0700 (PDT)
Received: from nijino.fritz.box (85-127-52-93.dsl.dynamic.surfer.at.
 [85.127.52.93]) by smtp.gmail.com with ESMTPSA id
 h20-20020a170906261400b0072af890f52dsm1083542ejc.88.2022.08.26.10.06.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 26 Aug 2022 10:06:16 -0700 (PDT)
Message-ID: <400cf1fed0d340398da6e2e0e32bebdb8fd842ef.camel@gmail.com>
Subject: Re: greeter user permissions are not enough to talk with seatd
From: Liliana Marie Prikler <liliana.prikler@gmail.com>
To: muradm <mail@muradm.net>
Date: Fri, 26 Aug 2022 19:06:14 +0200
In-Reply-To: <87czdg2unf.fsf@muradm.net>
References: <87czdg2unf.fsf@muradm.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.1 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 56971-done
Cc: 56690-done@debbugs.gnu.org, 56699-done@debbugs.gnu.org,
 56971-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Am Donnerstag, dem 04.08.2022 um 12:45 +0300 schrieb muradm:
> * 56690 - gnu: seatd-service-type: Should use seat group.
> With this change, if seatd-service-type is present in the
> system configuration, "seat" group will be added, and seatd
> will run as root/seat. Group is configurable, but default is 
> "seat".
I made it so that by default the sanitizer is used to turn the string
"seat" into a group and used (ice-9 match), reducing some needless
redundancy.  I also reworded the manual to the best of my ability
following our conversations and adapted the commit message.

> * 56699 - gnu: greetd-service-type: Add greeter-extra-groups 
>   config field.
> With this change, if user wants to use seatd-service-type with
> greeter requiring seatd.sock, he can add "seat" group to
> greeter-extra-groups field.
I fixed some minor issue in the manual and reindented the marionette-
type in the tests, also reworded the commit message.

I didn't get the chance to run the system tests – some timeout causes
the marionette build to fail on my machine – but I verified
independently that at least the seatd socket has the right permissions.
I hope this will be enough for you to get gtkgreet running.

Cheers




From unknown Thu Aug 14 21:56:41 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sat, 24 Sep 2022 11:24:10 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator