Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Desktop (http://www.linux-archive.org/fedora-desktop/)
-   -   musings on session service mgmt (http://www.linux-archive.org/fedora-desktop/28335-musings-session-service-mgmt.html)

David Zeuthen 01-04-2008 12:53 AM

musings on session service mgmt
 
On Thu, 2008-01-03 at 20:39 -0500, Havoc Pennington wrote:
> This may be obvious, but the "correct" solution is supposed to be that
> apps should connect to either the X server or the session message bus
> and they should exit when the X server or message bus does. (Both Xlib
> and libdbus exit on disconnect by default for this reason.)

Of course...

> Other solutions are pretty much hacks, I mean, they may be worthwhile
> and pragmatic hacks, but, nonetheless. Apps should be exiting with the
> session already or they are buggy.

... but people write all sorts of weird apps, they have religious
reasons for not wanting deps.. that, and as soon as you require people
to add code to their app then everything falls apart.

> I would think this should only be done after the session bus is gone and
> apps have had a chance to cleanly exit, and maybe some kind of warning
> should be logged like "crappy app xyz had to be killed"

Certainly. The proposed ordering would guarantee this (00 < 01). I'm a
big fan of logging this to syslog too.

David


--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Dan Winship 01-04-2008 01:48 PM

musings on session service mgmt
 
David Zeuthen wrote:
> Also, since we're talking about environment variables, we surely need to
> care about the ordering; e.g. we want
>
> 00-ck-xinit-session.sh
> 01-dbus-session-bus.sh
> 10-ssh-agent.sh
> 10-seahorse-agent.sh
>
> and so forth.

That still doesn't work though; dbus-daemon won't have access to
$SSH_AGENT or $GPG_AGENT_INFO, and so therefore neither will any
applications that it launches. (We already have this problem with
$SESSION_MANAGER.)

The only real solution is "don't use environment variables for long-term
IPC". Eg, libgnomekeyring used to use an environment variable to find
gnome-keyring-daemon, which ended up meaning that dbus-launched apps
couldn't access gnome-keyring, but now it's been fixed to use dbus
instead. But yeah, we're not going to get gpg and ssh to use dbus, I know.

The "new-gnome-session" branch in SVN (which Lucas Rocha is hacking on,
but it looks like won't make it in time for 2.22?) has a dbus interface
(org.gnome.SessionManager.Setenv) that lets apps that start very early
in the startup process hand environment variables back up to the session
manager so that apps started after them will see those vars. If
dbus-daemon itself also supported something like this, that would help
solve the ordering issues somewhat (though still not entirely).

-- Dan

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Ray Strode 01-04-2008 01:56 PM

musings on session service mgmt
 
Hi,
> > Also, since we're talking about environment variables, we surely
> > need to care about the ordering; e.g. we want
> >
> > 00-ck-xinit-session.sh
> > 01-dbus-session-bus.sh
> > 10-ssh-agent.sh
> > 10-seahorse-agent.sh
> >
> > and so forth.
>
> That still doesn't work though; dbus-daemon won't have access to
> $SSH_AGENT or $GPG_AGENT_INFO, and so therefore neither will any
> applications that it launches. (We already have this problem with
> $SESSION_MANAGER.)
>
Those scripts get sourced before dbus daemon is launched.

--Ray

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Ray Strode 01-04-2008 02:05 PM

musings on session service mgmt
 
Hi,

> Assuming problem 2. will be magically solved for us (see below), we
> could nicely rearrange the flow such that SSH_AGENT, DBUS_LAUNCH,
> CK_XINIT_SESSION could just use standard constructs
> in /etc/X11/xinit/xinitrc.d/.
I actually have that written on my whiteboard as a TODO when I get time.

> Another observation is that only stuff using environment variables
> should use /etc/X11/xinit/xinitrc.d/ (some man page should spell this
> out) - everything else should use the XDG autostart spec (where we
> have UI, e.g. gnome-session-properties).
>
> Also, since we're talking about environment variables, we surely need
> to care about the ordering; e.g. we want
>
> 00-ck-xinit-session.sh
> 01-dbus-session-bus.sh
> 10-ssh-agent.sh
> 10-seahorse-agent.sh
>
> and so forth. Again, the man page should be clear about this. Also,
> there should be a README file in /etc/X11/xinit/xinitrc.d/ that
> points to the man page.
>
> Instead of exec'ing gnome-session, we run it in the background. When
> we are done we run the same scripts in reverse just with 'stop'
> instead of 'start' as the first positional parameter.
Starting to seem a lot like initscripts... Anyway, definitely could be
improvement here, but I don't think we should promote this directory
too much. We really want apps using the session bus instead of their
own socket protocol and an environment variable to advertise where it
is.

Really this directory is an escape hatch for programs that don't
leverage our platform.

> I think this is a pretty small project that could be done in a few
> days, maybe a week.
Much bigger, more important fish to fry right now.

--Ray

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Nils Philippsen 01-04-2008 02:14 PM

musings on session service mgmt
 
Hi,

On Thu, 2008-01-03 at 20:10 -0500, David Zeuthen wrote:
> Notably, 00-ck-xinit-session.sh will take care of problem 2. The way it
> does this is because of the way that ConsoleKit works. It basically will
> just kill all the processes where the uid and the environment variable
> XDG_SESSION_COOKIE matches. First it tries SIGTERM. Then after a few
> seconds, it moves on to SIGKILL (e.g. -9).
>
> (of course, any process can unset XDG_SESSION_COOKIE and then fork and
> that way linger on. But no sane process would do that unless it's
> hostile.)

Not in the least, there are programs which are supposed to stay running
even when you log out -- screen, vncserver, nohup'ed processes etc. Mind
that non-desktop oriented projects might not be that inclined to work
around the "desktop strangeness du jour" (background processes being
killed when logging out would count as such).

On Thu, 2008-01-03 at 20:39 -0500, Havoc Pennington wrote:
> This may be obvious, but the "correct" solution is supposed to be that
> apps should connect to either the X server or the session message bus
> and they should exit when the X server or message bus does. (Both Xlib
> and libdbus exit on disconnect by default for this reason.)

This would solve the problem above more cleanly.

Nils
--
Nils Philippsen / Red Hat / nphilipp@redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

David Zeuthen 01-04-2008 02:22 PM

musings on session service mgmt
 
On Fri, 2008-01-04 at 16:14 +0100, Nils Philippsen wrote:
> On Thu, 2008-01-03 at 20:39 -0500, Havoc Pennington wrote:
> > This may be obvious, but the "correct" solution is supposed to be that
> > apps should connect to either the X server or the session message bus
> > and they should exit when the X server or message bus does. (Both Xlib
> > and libdbus exit on disconnect by default for this reason.)
>
> This would solve the problem above more cleanly.

Except that a decade of evidence shows us this is not the case.... but I
guess you'd rather want the status quo, with all the security issues and
perceived instability, rather than a working and secure system...

(But then again, this is the typical story of the Linux desktop; we
can't ever change or fix a thing because people who use the desktop in
rather strange (dare I even say perverse?) ways (e.g. expecting
processes to keep running) will start complaining as soon as we change
something that will break their highly-customized setups and habits. Do
not pass start. Do not collect $100. Instead let the naysayers and
status quo win.)

David


--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Colin Walters 01-04-2008 03:10 PM

musings on session service mgmt
 
On Fri, 2008-01-04 at 16:14 +0100, Nils Philippsen wrote:

> Not in the least, there are programs which are supposed to stay running
> even when you log out -- screen, vncserver, nohup'ed processes etc.

No one is talking about changing the semantics of "nohup".

What we're talking about it is that it is actually hard to write apps to
exit with the session when that's what is the desired behavior.

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Dan Winship 01-04-2008 03:10 PM

musings on session service mgmt
 
Ray Strode wrote:
> Hi,
>>> Also, since we're talking about environment variables, we surely
>>> need to care about the ordering; e.g. we want
>>>
>>> 00-ck-xinit-session.sh
>>> 01-dbus-session-bus.sh
>>> 10-ssh-agent.sh
>>> 10-seahorse-agent.sh
>>>
>>> and so forth.
>> That still doesn't work though; dbus-daemon won't have access to
>> $SSH_AGENT or $GPG_AGENT_INFO, and so therefore neither will any
>> applications that it launches. (We already have this problem with
>> $SESSION_MANAGER.)
>>
> Those scripts get sourced before dbus daemon is launched.

*currently*. But that's exactly what David is talking about changing.
(Note the ordering above.)

-- Dan

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Nils Philippsen 01-04-2008 03:19 PM

musings on session service mgmt
 
On Fri, 2008-01-04 at 10:22 -0500, David Zeuthen wrote:
> On Fri, 2008-01-04 at 16:14 +0100, Nils Philippsen wrote:
> > On Thu, 2008-01-03 at 20:39 -0500, Havoc Pennington wrote:
> > > This may be obvious, but the "correct" solution is supposed to be that
> > > apps should connect to either the X server or the session message bus
> > > and they should exit when the X server or message bus does. (Both Xlib
> > > and libdbus exit on disconnect by default for this reason.)
> >
> > This would solve the problem above more cleanly.
>
> Except that a decade of evidence shows us this is not the case.... but I
> guess you'd rather want the status quo, with all the security issues and
> perceived instability, rather than a working and secure system...

Show me why your proposal (which you admitted can be circumvented
easily) is better or more secure than fixing the handful of programs
that don't end themselves when the session exits. If we don't talk about
hostile processes which actively circumvent, we're talking about dumb
processes. These should be fixed rather than declaring stuff which up to
now worked correctly as erroneous just to avoid doing the fixing. Where
is the difficulty in letting these handful of processes either connect
to dbus, X11 or the session manager and bail out if the connection dies?
I'm curious.

> (But then again, this is the typical story of the Linux desktop; we
> can't ever change or fix a thing because people who use the desktop in
> rather strange (dare I even say perverse?) ways (e.g. expecting
> processes to keep running) will start complaining as soon as we change
> something that will break their highly-customized setups and habits. Do
> not pass start. Do not collect $100. Instead let the naysayers and
> status quo win.)

David, you need to accept that there are people who use computers
differently than you think they should. This doesn't make them second
class users. Only because an approach is different from what exists
already, that doesn't make it better. I like to think that much can be
achieved without hurting existing users. If that makes me a naysayer, it
makes you a yeasayer which is almost equally bad ;-).

Nils
--
Nils Philippsen / Red Hat / nphilipp@redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list

Nils Philippsen 01-04-2008 03:23 PM

musings on session service mgmt
 
On Fri, 2008-01-04 at 11:10 -0500, Colin Walters wrote:
> On Fri, 2008-01-04 at 16:14 +0100, Nils Philippsen wrote:
>
> > Not in the least, there are programs which are supposed to stay running
> > even when you log out -- screen, vncserver, nohup'ed processes etc.
>
> No one is talking about changing the semantics of "nohup".

Perhaps I'm a bit slow, but how would it not do this if it relies on the
inheritance of a previously non-existent environment variable that needs
to be deleted if a process shall not be killed on session exit?

> What we're talking about it is that it is actually hard to write apps to
> exit with the session when that's what is the desired behavior.

I still don't understand why this would be the case. I assume what Havoc
wrote is true, i.e. stuff that uses xlib or dbus is already covered. How
is it difficult to let the remaining handful of processes die when the
session exits? We could even let these few register themselves with
gnome-session (or whatever else is applicable) so it could explicitly
kill them on session exit, couldn't we?

Nils
--
Nils Philippsen / Red Hat / nphilipp@redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list


All times are GMT. The time now is 11:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.