From 45d8c418b5373a741433f02277f7da6dc0331d7c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 8 Aug 2011 19:28:17 +0000 Subject: [PATCH] * Some hackery to get ConsoleKit to work with the SLIM and "auto" display managers. This was broken due to a change in ConsoleKit 0.4.2: https://bugs.freedesktop.org/show_bug.cgi?id=28377 Using ConsoleKit's pam-ck-connector helps in that it creates local sessions; however, they're not marked as active because the x11-display-device property is not set. As a workaround, calling ck-launch-session seems to work. More details: https://bugs.gentoo.org/show_bug.cgi?id=336634 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598150 https://bugzilla.redhat.com/show_bug.cgi?id=585952 svn path=/nixos/trunk/; revision=28400 --- modules/programs/shadow.nix | 3 ++- modules/services/x11/display-managers/auto.nix | 5 +++++ modules/services/x11/display-managers/default.nix | 10 ++++++++-- modules/services/x11/display-managers/slim.nix | 13 +++++++++++-- 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix index 81286d9bb5c..68e9fe38f5b 100644 --- a/modules/programs/shadow.nix +++ b/modules/programs/shadow.nix @@ -75,7 +75,8 @@ in security.pam.services = [ { name = "chsh"; rootOK = true; } { name = "chfn"; rootOK = true; } - { name = "su"; rootOK = true; forwardXAuth = true; } + # Enable ‘ownDevices’ for the services/x11/display-managers/auto.nix module. + { name = "su"; rootOK = true; ownDevices = true; forwardXAuth = true; } { name = "passwd"; } # Note: useradd, groupadd etc. aren't setuid root, so it # doesn't really matter what the PAM config says as long as it diff --git a/modules/services/x11/display-managers/auto.nix b/modules/services/x11/display-managers/auto.nix index e2b1ee42e83..7518dc350f7 100644 --- a/modules/services/x11/display-managers/auto.nix +++ b/modules/services/x11/display-managers/auto.nix @@ -52,6 +52,11 @@ in ''; }; + # The ConsoleKit PAM connector launches a local session, but it's + # not set as "active" (maybe because x11-display-device is not + # set). Launching a child session seems to fix that. + services.xserver.displayManager.forceCKSession = true; + }; } diff --git a/modules/services/x11/display-managers/default.nix b/modules/services/x11/display-managers/default.nix index e17cb541af6..47743d436a5 100644 --- a/modules/services/x11/display-managers/default.nix +++ b/modules/services/x11/display-managers/default.nix @@ -53,8 +53,8 @@ let # Start a ConsoleKit session so that we get ownership of various # devices. - if test -z "$XDG_SESSION_COOKIE"; then - exec ${pkgs.consolekit}/bin/ck-launch-session "$0" "$sessionType" + if [ \( -z "$XDG_SESSION_COOKIE" -o -n "${toString cfg.displayManager.forceCKSession}" \) -a -z "$CK_STARTED" ]; then + CK_STARTED=1 exec ${pkgs.consolekit}/bin/ck-launch-session "$0" "$sessionType" fi # Handle being called by kdm. @@ -162,6 +162,12 @@ in apply = toString; }; + forceCKSession = mkOption { + internal = true; + default = false; + description = "Whether to force launching of a ConsoleKit session."; + }; + session = mkOption { default = []; example = [ diff --git a/modules/services/x11/display-managers/slim.nix b/modules/services/x11/display-managers/slim.nix index bc1fceeefc5..fb6f1de9d5a 100644 --- a/modules/services/x11/display-managers/slim.nix +++ b/modules/services/x11/display-managers/slim.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: with pkgs.lib; @@ -106,8 +106,17 @@ in # Allow null passwords so that the user can login as root on the # installation CD. - security.pam.services = [ { name = "slim"; allowNullPassword = true; } ]; + security.pam.services = singleton + { name = "slim"; + allowNullPassword = true; + ownDevices = true; + }; + # The ConsoleKit PAM connector launches a local session, but it's + # not set as "active" (maybe because x11-display-device is not + # set). Launching a child session seems to fix that. + services.xserver.displayManager.forceCKSession = true; + }; }