Created attachment 77926 [details] drop a lot of duplicated code and detect logind at runtime Attached is a patch that lets polkit detect logind at runtime and fall back to consolekit when logind is not available. This is particularly useful for distributions willing to support multiple init systems or just wanting to ensure a smooth migration to systemd.
Probably, the consolekit dependency should also depend on a ./configure flag and at least one of --enable-libsystemd-login and --enable-consolekit should be specified. I am thinking about systemd-only systems where consolekit got removed. But let me know if you are interested in the idea of having logind detected at runtime (like GNOME3 does) first.
Now that Ubuntu has transitioned from ConsoleKit to logind (and logind can exist without systemd being the init system), I think we should just hard-require logind and drop support for ConsoleKit as it would make it a lot easier to maintain the code going forward. This is important, especially since bugs in ConsoleKit may lead to issues where users are given permissions they otherwise wouldn't have had. Adding Colin and Mitr to the Cc for their input.
I am not sure about what are the plans for Gentoo, but I expect to see consolekit around for some time still. While we are willing to improve the level of systemd support, having polkit detect consolekit/logind at runtime is certainly something good, given that all the other components (for instance, gnome-shell, gnome-session and gdm) are already able to do that. The only component that doesn't seem to do this at runtime is actually polkit. I think that it would be nice to have this patch (I am willing to adapt it to make it look nicer) to cover the interim period though.
(In reply to comment #1) > Probably, the consolekit dependency should also depend on a ./configure flag > and at least one of --enable-libsystemd-login and --enable-consolekit should > be specified. > I am thinking about systemd-only systems where consolekit got removed. Yes, that's definitely necessary; otherwise polkit would be the only component dragging in ConsoleKit into minimal installations. > But let me know if you are interested in the idea of having logind detected > at runtime (like GNOME3 does) first. I'm rather unsure about the LOGIND_RUNNING() conditions all over the place - the value of that can change between two calls (especially during system startup/shutdown), we might potentially end up with a system that concurrently uses session IDs from both, or where the libpolkit-gobject interpretation (in some processes?) and the polkitd interpretation differs. The polkitd side could in principle be handled by adding an command-line option to choose one of the backends; I have no idea how to handle the possible polkitd/libpolkit-gobject discrepancy. Perhaps it's all fine and safe (the check in polkit_backend_interactive_authority_register_authentication_agent seems to cover my main worry) - right now it's not obvious to me but I could probably be convinced; I haven't looked into this in detail.
(In reply to comment #2) > Now that Ubuntu has transitioned from ConsoleKit to logind (and logind can > exist without systemd being the init system), I think we should just > hard-require logind and drop support for ConsoleKit as it would make it a > lot easier to maintain the code going forward. I can't see that - it's surely easiest to do nothing and keep the existing code there :) > This is important, especially > since bugs in ConsoleKit may lead to issues where users are given > permissions they otherwise wouldn't have had. The existence of this bug is a proof that ConsoleKit still has users (even users willing to write patches). Is ConsoleKit itself actually insecure, or is it a general worry? Some googling suggests that it can now use the audit session ID instead of poking into /proc/%d/environ, which is the only really problematic aspect I know about right now.
David, please, don't remove CK support from polkitd. CK is still the only clean option, and it's been reported logind won't work without systemd without systemd >= 205 again. For example, XFCE has no plans on removing CK support since CK works on BSD and logind doesn't.
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/polkit/polkit/issues/49.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.