Skip to main content
Topic: [WIP] seatd support (elogind alternative) (Read 16205 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: [WIP] seatd support (elogind alternative)

Reply #30
I tried to run the seatd-runit package in the gitea unsuccessfully. After looking around I still don't know why, but lightdm refused to keep me logged in.

It looked as though it just started X and then immediately killed it. I could only get to the desktop using startx and ~/.xinitrc. I'm not even sure the problem is with seatd-runit but I checked the permissions of .Xauthority, that seatd was running and that I was in at least the seatd, input and audio groups.

Unsuccessfully might be a bit harsh, I guess. I could still run the setup without a display manager, but I'd rather not.

EDIT
I tried changing the script to run exec /usr/bin/seatd -u seatd -g seatd instead of /usr/bin/seatd -g video. I noticed no difference.
I also noticed that anything that requires the DE to elevate privileges (shutdown, mount from filemanager) doesn't work, it will simply tell you that you don't have the right privileges.

Re: [WIP] seatd support (elogind alternative)

Reply #31
Oh yeah, someone needs to update the script and add seatd-runit to the repos. We have it for all the other init systems.

DEs should be able to start with seatd. I actually don't know if the other elevated privileges stuff would work, but if it's part of the loginctl API I think it should. For instance, I can mount usb devices without polkit asking me for a password at least. I don't know the details of what GUI buttons do in desktop environments though so it's possible that might not work.

Edit: Oh I just remembered. The runit DE init scripts all do a dbus check to see if elogind is running. So yeah it wouldn't work without some changes.

Re: [WIP] seatd support (elogind alternative)

Reply #32
Late here, but is there a non-systemd/elogind program that can do this? I'm not too aware of this kind of thing.

I'm not aware of any pre-made programs (or PAM modules?) for fully simulating the {systemd-,e}logind per-logged-in-user ACL functionality, either.

Personally, I think MODE=666, chmod 666 are good enough solutions, and they mostly avoid the problem of reintroducing the possibility of rootless keyloggers that comes with adding yourself to group input. The reasoning for "chmod 666 bad" I've seen on a logind dev's blogpost seems kind of contrived, to be honest).

Another possibility is doing a throwback to 2008 and calling setfacl with a e.g. plugdev group (or all regular-user UIDs on the system).

Re: [WIP] seatd support (elogind alternative)

Reply #33
Yeah chmod 666 is probably a better solution as a stopgap for now. I'll do some testing with that when I get some time. Maybe later I can actually look into uaccess and see how this all works.

Re: [WIP] seatd support (elogind alternative)

Reply #34
I saw that the seatd-runit package got moved to testing recently, so I tried it again in the hope that it would work, but I got the same problems as last time. These runit DE init scripts you talk about, what are they? sv check dbus is on some scripts, and deleting those either did nothing or brought me to a black screen without even the possibility of accessing a tty.

Re: [WIP] seatd support (elogind alternative)

Reply #35
Welp, I'm throwing in the towel. Even on a fresh install I couldn't get seatd to work with runit. If anyone got it to run I'd like to know what they did and their setup.

 

Re: [WIP] seatd support (elogind alternative)

Reply #36
Of course after I say that I find what the source of the problem was. I accidentally found this when I forgot to remove pam_rundir and reinstalled elogind and elogind itself also started to have this problem. Once I remove pam_rundir, the infinite login loop problem goes away, but now I don't have XDG_RUNTIME_DIR so things like sound don't work.

At least now it was narrowed down to something.

Edit: Also found out that the inability for my DE to elevate privileges apparently comes from it using polkit to do these things, and the lack of support from polkit for anything that isn't (e)logind. Also, pam_rundir does set the environment variable and create the proper folders when I login through the tty and use startx, it just gives me the infinite login loop on the display manager (lightdm, might try another one).

Re: [WIP] seatd support (elogind alternative)

Reply #37
I've successfully made the switch to seatd from elogind based off @Dudemanguy 's post. I wanted to note a couple of things I had to do to get the same level of functionality that comes bundled with elogind.

First I had to troubleshoot why X wasn't starting. I autostart X on login with xinit based off the information provided in the Arch wiki. The environment variable $XDG_VTNR set by elogind  was not present so I had to remove that from my .bash_profile.

Second, after removing elogind from the system via pacman -Rdd elogind, I had to ignore this package in /etc/pacman.conf with IgnorePkg = elogind due to the fact that xorg-server upgrade pulled it back in and it took over acpi events from acpid (third point).

Third, I had to install acpid and register handlers for my laptop to get the lid close functionality that was being provided by elogind. In /etc/acpi/handler.sh:

Code: [Select]
    button/lid)
        case "$3" in
            close)
                monitor_count=$(DISPLAY=:0 xrandr | grep -c -e '\sconnected')
                if [ "$monitor_count" -eq 1 ]; then
                  DISPLAY=:0 /bin/xset s activate
                  /bin/sleep 1
                  /bin/echo mem > /sys/power/state
                else
                  DISPLAY=:0 /bin/xset dpms force off
                fi
                ;;

Fourth, I had another frequently open program KeePassXC that responded to dbus events that were not being triggered anymore. To gain this functionality back on screen lock activation I call a script:

Code: [Select]
#!/usr/bin/env bash

/usr/bin/dbus-send --session --print-reply --dest=org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.MainWindow.lockAllDatabases


Lastly, running rootless X I did not have to add myself to the seatd group, though I did have to add myself to the video group.

Re: [WIP] seatd support (elogind alternative)

Reply #38
I tried installing seatd-runit and it worked out fine. I had to make a small change to get my slim-runit to use seatd, but after that it worked fine.

However, after reboot I saw messages during shutdown about elogind still running. It was started by something at boot.

I could not find any runit startup, but then I tried removing it. I see this

Code: [Select]
# pacman -R elogind
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: removing elogind breaks dependency 'elogind' required by libappindicator-gtk3
:: removing elogind breaks dependency 'elogind' required by networkmanager
:: removing elogind breaks dependency 'elogind' required by polkit
:: removing elogind breaks dependency 'elogind' required by xorg-server

I suppose that means I either have some wrong package installed or I cannot remove elogind fully. I am running this on my rpi4 with armtix and the xorg-server looks like this

Code: [Select]
# packer -Qi xorg-server
Name            : xorg-server
Version         : 21.1.1-3.1
Description     : Xorg X server
Architecture    : aarch64
URL             : https://xorg.freedesktop.org
Licenses        : custom
Groups          : xorg
Provides        : X-ABI-VIDEODRV_VERSION=25.2  X-ABI-XINPUT_VERSION=24.4  X-ABI-EXTENSION_VERSION=10.0  x-server
Depends On      : libepoxy  libxfont2  pixman  xorg-server-common  libunwind  dbus  libgl  xf86-input-libinput  nettle  elogind
                  libpciaccess  libdrm  libxshmfence  libxcvt
Optional Deps   : None
Required By     : None
Optional For    : None
Conflicts With  : nvidia-utils<=331.20  glamor-egl  xf86-video-modesetting
Replaces        : glamor-egl  xf86-video-modesetting
Installed Size  : 3.54 MiB
Packager        : Unknown Packager
Build Date      : Tue 23 Nov 2021 02:44:45 GMT
Install Date    : Sat 27 Nov 2021 12:17:56 GMT
Install Reason  : Explicitly installed
Install Script  : Yes
Validated By    : SHA-256 Sum


I suppose it might be feasible to provide something in both seatd and elogind provides that would create a solution.

For now I switch back to elogind.

Re: [WIP] seatd support (elogind alternative)

Reply #39
OK I see that the actual dependency is libelogind so I guess the pacman -Rdd elogind is OK.

Re: [WIP] seatd support (elogind alternative)

Reply #40
Yeah it's probably OK to -Rdd elogind but expect some things to break.

Re: [WIP] seatd support (elogind alternative)

Reply #41
OK I tried seatd with elogind removed and noticed that Networkmanager works, but I cannot use the disconnect and some other controls in openbox with the network-manager-applet. The disconnect fails with an authorisation message.

It may be I need to set up some policy with a polkit file and or add myself to some group.

Edit: I was already in the wheel & network groups and so I followed the instructions here https://wiki.archlinux.org/title/NetworkManager#Set_up_PolicyKit_permissions and set up a polkit file as in that article. After that I was able to force remove elogind and the network-manager-applet behaved properly.

Re: [WIP] seatd support (elogind alternative)

Reply #42
Also found out that the inability for my DE to elevate privileges apparently comes from it using polkit to do these things, and the lack of support from polkit for anything that isn't (e)logind.
Today I was playing around with consolekit2 and found out that it has support for polkit. So, weirdly enough, after all this I'm neither using seatd nor elogind, just plain consolekit2 and absolutely nothing broke (note: I'm using xinitrc instead of a DM, so that might not work). I've heard that consolekit2 and seatd go well together to provide as an alternative to elogind, but right now I'm not seeing any reason to add seatd into the mix. It'd be nice to have consolekit2 and a consolekit configured polkit in the repositories. As of now, I'm using AUR packages that I have to configure to build correctly and to use the latest versions.

Now, I think libelogind isn't going anywhere soon unless I change to wayland.

Re: [WIP] seatd support (elogind alternative)

Reply #43
Hello!
 Fresh install of OpenRC Lxqt and seatd.
 Added user to seatd group, added to audio, video etc.
 Can't login as normal user. Added user to input group.
 I can login as root, but not as normal user. Thank you..

Re: [WIP] seatd support (elogind alternative)

Reply #44
Changed Lightdm to Sddm, now it works.