Bug 529644

Summary:	shutdown/reboot offered even when not allowed by ConsoleKit (e.g. via vnc session)
Product:	[Fedora] Fedora	Reporter:	Karel Volný <kvolny>
Component:	kdebase-workspace	Assignee:	Kevin Kofler <kevin>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	low
Version:	11	CC:	fedora, fedora, jreznik, kevin, lorenzo, ltinkl, rdieter, smparrish, than
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	4.3.5-2.fc12	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-02-05 01:23:57 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Karel Volný 2009-10-19 09:56:32 UTC

Description of problem:
If I start vncserver on my computer, and run the default session, which is KDE for me, the K menu has options to Shutdown and Reboot the computer. But I cannot restart or shutdown the computer this way, it only logs out the session.

Version-Release number of selected component (if applicable):
kdebase-workspace-4.3.2-1.fc11.x86_64
tigervnc-server-0.0.91-0.12.fc11.x86_64

How reproducible:
always

Steps to Reproduce:
1. install a KDE-only (ahem) system
2. install tigervnc-server
3. run vncserver for the first time to generate the configfile
4. kill vncserver
5. edit ~/.vnc/xstartup so that startkde gets run
6. run vncserver
7. connect to the vnc server
8. within the vnc session, try to shutdown the computer via the menu

Actual results:
the KDE session is logged out, but the computer is not shut down

Expected results:
the session is logged out and the computer is shut down

Additional info:
I report this here and not upstream because I'm not sure if some Fedora-specific configuration is not at fault here. What I recall from KDE3, I think the options to shutdown and reboot weren't displayed at all when the session was run under vnc server (?)

Comment 1 Rex Dieter 2009-10-19 10:13:12 UTC

By default, only local (ie non-remote) sessions are allowed to do restart/shutdown.  Not sure if it's kdm's config or ConsoleKit getting you here. 

I think it's the latter, but...  I'm not sure how to configure that off the top of my head.

Comment 2 Kevin Kofler 2009-10-19 15:16:56 UTC

KDE uses KDM to shut down if it's present, ConsoleKit otherwise. So if you're running KDM, the relevant setting is KDM's, but if you're running either GDM or no display manager at all, ConsoleKit and its PolicyKit settings are relevant.

Comment 3 Karel Volný 2009-10-19 15:33:46 UTC

(In reply to comment #1)
> By default, only local (ie non-remote) sessions are allowed to do
> restart/shutdown.

ok, so this would explain what I remember about KDE3 - now the question is, why KDE4 is not aware of this and still it displays those menu entries that should be disabled

(In reply to comment #2)
> KDE uses KDM to shut down if it's present, ConsoleKit otherwise. So if you're
> running KDM, the relevant setting is KDM's, but if you're running either GDM or
> no display manager at all, ConsoleKit and its PolicyKit settings are relevant.  

just to clarify - do you mean *any* KDM running?

- like when the system is started, I get to the login screen provided by KDM; I do not log in via this, but ssh from another machine as an ordinary user and start the vncserver ... then the KDM is running on the machine, but shouldn't have any influence on what runs under vncserver, or not?

Comment 4 Kevin Kofler 2009-10-19 15:52:22 UTC

SSH logins are not using any display manager, so you'll need ConsoleKit shutdown privileges.

Why it still displays the shutdown option is that when I wrote the patch for ConsoleKit shutdown, there was no way to query it if shutdown is possible. Current versions now support such an API, so I should update my patch.

Comment 5 Rex Dieter 2010-01-30 15:56:45 UTC

As I understand this, the behavior here is by design (both kdm's and ConsoleKit).  (NOTABUG)

I suppose the feature to not show Shutdown if permissions deny it can be considered an upstream feature request.

Comment 6 Kevin Kofler 2010-01-30 16:01:00 UTC

Uh, no, it's just a missing check in my ck-shutdown patch. As I said, at the time I wrote it, the necessary API was missing in ConsoleKit. I need to add this.

Comment 7 Kevin Kofler 2010-01-30 16:35:01 UTC

To be clear, the bug there is that the options are shown when they should not be.

If you want to allow shutting down over VNC, you'll need to modify the security policies, this is not allowed by default by design.

Comment 8 Kevin Kofler 2010-01-30 16:47:35 UTC

I fixed this for Rawhide in 4.2.95-2.fc13. Releases will get the fix with 4.4 at the latest, we may be pulling this into the 4.3.5 update set or push it as a separate update though.

Comment 9 Kevin Kofler 2010-01-30 16:47:56 UTC

Oops, I mean 4.3.95-2.fc13.

Comment 10 Karel Volný 2010-02-01 12:15:50 UTC

(In reply to comment #6)
> Uh, no, it's just a missing check in my ck-shutdown patch. As I said, at the
> time I wrote it, the necessary API was missing in ConsoleKit. I need to add
> this.    

pardon my ignorance, but what is the purpose of the patch, shouldn't go these changes upstream anyways?

(In reply to comment #8)
> Releases will get the fix with 4.4 at the latest, ...

does that mean that we'll get 4.4 (with the fix) in F12?
(hm, I really should pay more attention to news - what's cooking, or maybe start eating some pills for memory ...)

Comment 11 Kevin Kofler 2010-02-01 15:04:06 UTC

> pardon my ignorance, but what is the purpose of the patch

Without that patch, you can't shutdown/restart at all if you use the latest GDM or some DM-less solution (e.g. startx), even if the PolicyKit policies for ConsoleKit allow it (by default, this is the case for locally logged-in users when no other user is logged in, but not for remote logins like VNC).

> shouldn't go these changes upstream anyways?

Uh, yes… ;-)

> does that mean that we'll get 4.4 (with the fix) in F12?

The plan is to push 4.4 as an update to F12 and F11.

But you won't have to wait that long for this fix, I applied it to 4.3.5-2.fc12 and 4.3.5-2.fc11 now, so it will be fixed with the 4.3.5 update set.

Comment 12 Fedora Update System 2010-02-05 01:23:43 UTC

kde-settings-4.3-16.1, kdebase-workspace-4.3.5-2.fc12, kdelibs-4.3.5-2.fc12, kdebase-4.3.5-3.fc12, kdeaccessibility-4.3.5-1.fc12, kdeadmin-4.3.5-1.fc12, kdeartwork-4.3.5-1.fc12, kdebase-runtime-4.3.5-2.fc12, kdebindings-4.3.5-1.fc12, kdeedu-4.3.5-1.fc12, kdegames-4.3.5-1.fc12, kdegraphics-4.3.5-1.fc12, kdemultimedia-4.3.5-1.fc12, kdenetwork-4.3.5-1.fc12, kdepim-4.3.5-1.fc12, kdepim-runtime-4.3.5-1.fc12, kdeplasma-addons-4.3.5-1.fc12, kdesdk-4.3.5-1.fc12, kdetoys-4.3.5-1.fc12, kdeutils-4.3.5-1.fc12, kde-l10n-4.3.5-1.fc12, oxygen-icon-theme-4.3.5-1.fc12, strigi-0.7.1-1.fc12, kdelibs-experimental-4.3.5-1.fc12, kdepimlibs-4.3.5-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2010-02-05 01:25:35 UTC

kde-settings-4.2-16.1, kdebase-workspace-4.3.5-2.fc11, kdelibs-4.3.5-2.fc11, kdebase-4.3.5-3.fc11, kdeaccessibility-4.3.5-1.fc11, kdeadmin-4.3.5-1.fc11, kdeartwork-4.3.5-1.fc11, kdebase-runtime-4.3.5-2.fc11, kdebindings-4.3.5-1.fc11, kdeedu-4.3.5-1.fc11, kdegames-4.3.5-1.fc11, kdegraphics-4.3.5-1.fc11, kdemultimedia-4.3.5-1.fc11, kdenetwork-4.3.5-1.fc11, kdepim-4.3.5-1.fc11, kdepim-runtime-4.3.5-1.fc11, kdeplasma-addons-4.3.5-1.fc11, kdesdk-4.3.5-1.fc11, kdetoys-4.3.5-1.fc11, kdeutils-4.3.5-1.fc11, kde-l10n-4.3.5-1.fc11, oxygen-icon-theme-4.3.5-1.fc11, strigi-0.7.1-1.fc11, kdelibs-experimental-4.3.5-1.fc11, kdepimlibs-4.3.5-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Kevin Kofler 2010-02-09 13:16:21 UTC

Oops, it turns out this doesn't work properly in F11, see bug 562851. I'll have to revert the change for F11, it will be fixed only from F12 upwards.

Comment 15 Karel Volný 2010-03-05 13:38:41 UTC

looks good, thanks

well, it still allows suspend/hibernate - and it works, I've just killed one remote machine, oops :-)