I've installed FC7test1 on my laptop (a Dell Latitude D600), and gnome-power-manager consistently fails to suspend: Feb 19 02:34:58 example gnome-power-manager: (username) Suspending computer because the lid has been closed on ac power Feb 19 02:34:58 example gnome-power-manager: (username) Permission denied: Not in active session code='30' quark='g-exec-error-quark' Feb 19 02:34:58 example gnome-power-manager: (username) Resuming computer Feb 19 02:34:58 example gnome-power-manager: (username) suspend failed Actual results: Expected results: Additional info:
Additionally, FC6 (what I was running previously) was able to suspend/resume just fine.
Do you login via gdm?
Nope. I boot in runlevel 3, then login on the console and run "startx".
Yeah, we need to teach login(1) about poking ConsoleKit - see bug 228110 for details. I'm assigning this to ConsoleKit for the time being as I'm working on a patch for this. If you login via gdm things will work so you can do that for now until this is fixed. Thanks.
Hmmm, interesting stuff (about ConsoleKit and what not). I'll use gdm for the time being.
Hi Karel, As you know one of the features we're doing for Fedora 7 is fast user switching. http://fedoraproject.org/wiki/Desktop/FastUserSwitching It means we have a new daemon, ConsoleKit, that tracks session activity and announces state changes (session add, remove, active_changed) on D-Bus. This means we can do things like dynamically adding / removing ACL's on device nodes depending on whether a session is active and, in the future, what seat it belongs to when we're going to do multi-seat and other interesting things. ACL management was added to HAL (that now listen for ConsoleKit events) in the hal-0.5.9-0.git200718.fc7 package and I'm aiming to make this completely replace pam_console (and it's short comings) in order to do things mentioned in bug 140853 as well as handling user space devices like gphoto2 cameras and SANE scanners a lot better. So the major change is that login managers now need to register with ConsoleKit otherwise users in such sessions don't get access to device files, nor will they be allowed to invoke non-trivial methods on HAL such as for mounting storage devices and putting the computer to sleep. In gdm we've have had support for this for a while and bug 228110 is tracking all relevant login managers. As such, it would be nice to support login sessions on VT's such that device access and D-Bus calls are granted for console use and also when people are using startx). To enable this I've written a patch for login(1) that achieves this for login sessions on VT's by registering with ConsoleKit! Now, I know /bin/login is highly security sensitive code so I've tried to be careful; the bulk of the code in in a CKConnection class (that is useful for other login managers such as kdm). Btw, the reason for not doing this in a PAM module is spelled out in bug 228110 comment 5. Things about the patch - it makes util-linux depend on dbus; we could dlopen libdbus but I'm not sure it's worth it - D-Bus is now ABI stable and it's a core part of our OS. Anyway, I'm not violently opposed to dlopen() it just seems a bit more fragile. - needs some work on the build system integration for util-linux - ideally I'd like to get this upstream but it sorta depends a bit on when we're ready to declare the OpenSessionWithParameters() and CloseSession() methods on ConsoleKit ABI stable. I'm working this out with Jon (added as Cc) Thanks for considering this.
Created attachment 148400 [details] source code patch
Created attachment 148401 [details] spec file patch
RPM and SRPM for Rawhide here http://people.redhat.com/davidz/util-linux-2.13-0.49.1dze.i386.rpm http://people.redhat.com/davidz/util-linux-2.13-0.49.1dze.src.rpm Karel, sorry, I forgot to reassign to owner. Please see comment 6. Thanks!
(Also, startx don't entirely works with this setup yet. The problem is that the X server allocates a new VT (it can do this only because it's setuid root) so ConsoleKit most probably needs to be poked by the X server such that CK can mark the session as active both when, say, VT1 and VT8 is active. I talked to ajax, our X.org guy, about this on IRC and he's fine with this approach. I'll look into writing a patch for X about this after I've discussed this with Jon. Thanks.)
(In reply to comment #7) > Created an attachment (id=148400) [edit] > source code patch > Why can't this be done in pam instead? In session? ckc_new and ckc_create_local_session would be called by the session function, then pam_putenv would be used to set the XDG_SESSION_COOKIE environment variable. Why wouldn't that work?
(In reply to comment #11) > Why can't this be done in pam instead? Please see bug 228110 comment 5 why a PAM module in general cannot be used. Thanks.
OK, so we now have a PAM module. So all we need to do is - make util-linux Requires: ConsoleKit-libs - add "session optional pam_ck_connector.so" to /etc/pam.d/login Karel, is this OK with you? If so, can I make this change in pkg cvs once ConsoleKit-libs is in Rawhide? Thanks.
David, cool news. Thanks. Go ahead!
Awesome. I'm now building 2.13-0.50 which should have this change. Thanks!
This still isn't working for me, and I'm up-to-date with Rawhide as of yesterday: $ rpm -q util-linux ConsoleKit util-linux-2.13-0.50.fc7 ConsoleKit-0.1.3-0.git20070301.1.fc7 If I login on the console, run startx, and then attempt to suspend, the error messages are the same: Mar 20 15:26:48 example gnome-power-manager: (username) Suspending computer because the lid has been closed on ac power Mar 20 15:26:48 example gnome-power-manager: (username) Permission denied: Not in active session code='30' quark='g-exec-error-quark' Mar 20 15:26:48 example gnome-power-manager: (username) Resuming computer Mar 20 15:26:48 example gnome-power-manager: (username) suspend failed Something that might be related: when I login on the console now, I consistently receive this error message (before my .bash_profile executes): ** (console-kit-daemon:3492): WARNING **: Couldn't read /proc/3491/environ: Failed to open file '/proc/3491/environ': No such file or directory
This should work with ConsoleKit-0.2.0-2 (hit Rawhide today) otherwise please reopen. Thanks.
Btw, the startx problem is separate from /bin/login. For the former I just filed bug 233183.
The requirement should be for ConsoleKit-libs of the _same_ architecture as the util-linux package, to make sure it works with multilib environments (I just saw the rawhide installer install 32-bit util-linux, correctly, and 64-bit ConsoleKit-libs). Since RPM doesn't let us specify archiecture in Requires, an alternative would be to change this to a file requirement on %_lib/security/pam_ck_connector.so
(In reply to comment #19) > Since RPM doesn't let us specify archiecture in Requires, an alternative would > be to change this to a file requirement on %_lib/security/pam_ck_connector.so I don't think so. See the PAM package. You need to install to /lib/security as well as to /lib64/security. Requires: %_lib/security/... sounds pretty exotically and odd.
Note, I mean the ConsoleKit-libs must be multilib package same as pam and other packages containing PAM modules.
David, do you want to close this ? Or moved to rpm for the remaining multilib issues ?
Yeah, agreed - David Woodhouse; please open a separate bug / clone this bug for the multilib issues. Thanks.