! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Better shutdown fallback code for the BSDs
Status:
RESOLVED: FIXED
Product:
Xfce4-session
Component:
General

Comments

Description Ali Abdallah editbugs 2018-09-26 10:30:35 CEST
Hey,

I've implemented "native" shutdown fallback code on the  BSDs (tested on FreeBSD, OpenBSD, DragonflyBSD). Current fallback code relies on Polkit, but when it is not available, the fallback code does not work and user can't shutdown/reboot/suspend/hibernate. 

On the BSD however, users of group operator can shutdown/reboot the systems, on FreeBSD/NetBSD/DragonFly users with write access to /dev/acpi can hibernate/suspend the system (typicall operators users), on OpenBSD users with /var/run/apmdev can suspend/hibernate.  So I have added code to handle all of this. 

Here is the code:
https://git.xfce.org/users/ali/xfce4-session/
Comment 1 Landry Breuil editbugs 2018-10-06 09:45:53 CEST
Cool stuff !

Reading your diff, from what i understand, on BSD the code will first check
- if the user is operator, if we're shutting down/rebooting
- or the user has access to apmdev, which means the system has to run apmd, and the user is in wheel group (on OpenBSD apmdev is mode 660, root:wheel) - and if we're suspending/hibernating

If those conditions are fullfilled, it will *first* use the 'native' methode (ie shutdown -p, shutdown -r, zzz, ZZZ), and *then* use polkit as a fallback ?

i like this behaviour, i just want to make sure i understand it fully so that i can document it properly for users in https://github.com/openbsd/ports/blob/master/meta/xfce/pkg/README-main#L20

- if you run apmd and are in the wheel group, you can suspend/hibernate 
- if you are in operator group you can shutdown/reboot
- as a fallback, you should install polkit, *and* have systemwide dbus daemon running

will test your diff in the coming days in various situations so that i can confirm reality matches my understanding.

Thanks !
Comment 2 Ali Abdallah editbugs 2018-10-07 19:34:38 CEST
Your understanding is correct, access to apmdev is checked on OpenBSD, on FreeBSD/Dragonfly the check is performed on /dev/acpi for suspend/hibernate. 

You need to have consolekit disabled in order to use the fallback code, the session works as follows on *BSD (after the patch)

1. Consolekit
2. Fallback 
3. Polkit using xfsm-shutdown-helper (You need to have polkit rule for org.xfce.session.xfsm-shutdown-helper)
Comment 3 Landry Breuil editbugs 2018-10-10 20:54:36 CEST
hmmm, so i think something is wrong somewhere:
- i've built xfce4-session 4.13.1 with your commit ported on top
- disabled consolekit (ie i just use startxfce4 from .xsession, usually i use ck-launch-session /usr/local/bin/startxfce4 ) - ck-list-sessions lists nothing
- apmd is of course running, even if i'm on a desktop...
- i'm in group operator & wheel

and in the logout dialog i only have logout/reboot/halt, with the last two greyed out. Time for more debugging i guess..
Comment 4 Landry Breuil editbugs 2018-10-10 21:30:53 CEST
setting XFSM_VERBOSE=1, it seems it tries to use a dbus method:

TRACE[xfsm-manager.c:2298] xfsm_manager_dbus_can_shutdown(): entering
TRACE[xfsm-manager.c:2343] xfsm_manager_dbus_can_restart(): entering
TRACE[xfsm-manager.c:2390] xfsm_manager_dbus_can_suspend(): entering
TRACE[xfsm-manager.c:2438] xfsm_manager_dbus_can_hibernate(): entering
TRACE[xfsm-manager.c:2486] xfsm_manager_dbus_can_hybrid_sleep(): entering

which i guess tries to fallback to polkit, instead of the new fallback code? or im reading it wrong..

the polkit rule for the shutdown helper is installed in /usr/local/share/polkit-1/actions/org.xfce.session.policy but i guess its not active by default as not in /etc/polkit-1 ?
Comment 5 Landry Breuil editbugs 2018-10-10 21:38:11 CEST
Ah... i needed to kill the systemwide dbus daemon. If the systemwide daemon is running but ckit is not in use, i only have 3 buttons with reboot/halt greyed out, my guess is that an unexpected codepath is taken...

If there's no systemwide dbus, all 6 buttons are present and active.. so it goes through the new fallback code.

If i then kill apmd, all buttons are present, but the suspend/hibernate/hybrid sleep are inactive, as expected.
Comment 6 Landry Breuil editbugs 2018-10-10 21:39:26 CEST
cc'ing olivier duchateau & youri mouton who iirc maintain the freebsd & netbsd xfce ports..
Comment 7 Ali Abdallah editbugs 2018-10-12 21:43:10 CEST
What do you mean by systemwide dbus? 

Careful that D-Bus auto-run consolekit when the session asks for a proxy on its name. You have to have consolekit completely removed, otherwise it gets activated by D-Bus.
Comment 8 Landry Breuil editbugs 2018-10-13 09:17:35 CEST
systemwide dbus is the one run as root when the system boots (responsible for spawing upowerd, polkitd...), not the session one spawned with the user session and running as user.

ckit was not auto spawned when i started the session with only 'startxfce4', but when being started by 'ck-launch-session startxfce4' or 'startxfce4 --with-ck-launch' - at least ck-list-sessions didnt show active consolekit sessions.
Comment 9 Ali Abdallah editbugs 2018-10-13 11:22:29 CEST
Yes, but you really don't have to disabled the systemwide dbus, it is enough to remove consolekit. The session logout code creates a proxy for consolekit when you open the dialog (using g_dbus_proxy_new). If consolekit is installed it gets activated, and it denies you from using the fallback code. 

I think the best way is to provide a compile flag to disable consolekit all (actually the session tries to communicate to logind first! Even on the BSD*), this should be optional as well.
Comment 10 Landry Breuil editbugs 2018-10-13 20:25:14 CEST
Right, now i think i better understand why i only got 3 buttons with 2 disabled then..

A compile flag is an option, another one would be to only try talking to ckit upon logout if the session was already handled by ckit, ie started with ck-launch-session or --with-ck-launch ? That should be a 'state' the session is aware of, no ?
Comment 11 Ali Abdallah editbugs 2018-10-14 16:53:40 CEST
(In reply to Landry Breuil from comment #10)
> Right, now i think i better understand why i only got 3 buttons with 2
> disabled then..

I have just tested the patch on a new openbsd 6.3 install, the fallback code works as expected!

> 
> A compile flag is an option, another one would be to only try talking to
> ckit upon logout if the session was already handled by ckit, ie started with
> ck-launch-session or --with-ck-launch ? That should be a 'state' the session
> is aware of, no ?

I would prefer a compile flag, also probably specifying 'G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START' on the consolekit proxy creating should avoid auto-launching the daemon if it is not already running.
Comment 12 Olivier Duchateau 2018-10-14 18:55:53 CEST
(In reply to Landry Breuil from comment #6)
> cc'ing olivier duchateau & youri mouton who iirc maintain the freebsd &
> netbsd xfce ports..

Also add Guido, as he's main maintainer of the Xfce ports on FreeBSD.
Comment 13 Landry Breuil editbugs 2018-12-07 10:41:55 CET
Fwiw i've been running with those commits on all my OpenBSD machines, removing the direct need for consolekit/polkit/systemwide dbus (you still need them if you run upowerd but that's a different matter..) - would be nice to have feedback from the other BSDs, but i'd like this to move forward/get commited for the next release :)
Comment 14 Guido Falsi 2018-12-09 18:21:29 CET
Sorry for the delay in replying.

I would like tot test this but I don't have an XFCE 4.13 environment at present.

I'd need some time to setup such an environment for building all required parts and create a virtual machine.

I'll try to do this but am a little busy with day job and will require some time.
Comment 15 Olivier Duchateau 2018-12-13 18:40:01 CET
I will try these patches on FreeBSD this week-end.
Comment 16 Olivier Duchateau 2018-12-20 18:27:32 CET
I tried your patches, and it fails on FreeBSD. I can only close session (however without Xorg I can shutdown my machine).

I'm member of operator, and ConsoleKit2 is not installed.
Comment 17 Olivier Duchateau 2018-12-22 15:42:33 CET
In fact, everything works fine (ConsoleKit2 was installed, so fallback mode was never enabled).

I wonder, why you define MAX_USER_GROUPS, in BSD world there is sysconf(3) function and we can use current value of _SC_NGROUPS_MAX.
Comment 18 Olivier Duchateau 2018-12-24 10:23:55 CET
I noticed, when I use the fallback mode (without ConsoleKit), xfdesktop crashes, when I shutdown (or reboot) my machine. Not yet investiguate why, verbose mode gives nothing special.
Comment 19 Landry Breuil editbugs 2019-04-27 16:46:01 CEST
ok, first i looked and tried hard to understand the existing xfce4-session 4.12 code flow without patches, here on OpenBSD, and those are my findings:

- if :
  - messagebus/systemwide dbus is running
  - the session is launched within consolekit
  - polkit is running
  - but we're not in operator group

in the logout dialog, all actions are available.

- the shutdown code tries to go via consolekit_try_shutdown, but the default consolekit rules on OpenBSD (http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/sysutils/consolekit/files/10-openbsd-consolekit.rules?rev=1.2&content-type=text/x-cvsweb-markup) require operator group to shutdown, or would ask for auth - i dont have a polkit agent installed, so the ckit codepath fails, doesnt ask for a passwd (apparently, even with mate-polkit installed it fails)
- the fallback code 'works' because the polkit rule installed by xfce4-session in polkit-1/actions/org.xfce.session.policy allows the active session (<allow_active>yes</allow_active>) to execute xfsm-shutdown-helper (via consolekit, which runs as root) so a regular user (not in the operator group) is allowed to shutdown/reboot.

now, to look again at that new fallback code....
Comment 20 Landry Breuil editbugs 2019-04-27 17:19:59 CEST
I've looked again at ali's branch, and i see that autospawning ckit (if installed but not launched, because messagebus doesnt run or the session hasnt been lauched within ckit) has been disabled by G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START in https://git.xfce.org/users/ali/xfce4-session/commit/?h=bsd-shutdown-fallback&id=b7fab5309f40979da56c29bc649f1d16e625a16c and that makes sense, as starting a ckit daemon from the session will only lead to issues, as a running session cannot be 'reparented' later on to a ckit launched after the session.

so besides the nit on _SC_NGROUPS_MAX/MAX_USER_GROUPS (maybe using int new_grp = sysconf(_SC_NGROUPS_MAX) in https://git.xfce.org/users/ali/xfce4-session/tree/xfce4-session/xfsm-shutdown-fallback.c?h=bsd-shutdown-fallback#n210 and remove the #define), i think this should be merged so that its properly tested for 4.14. Otherwise that'll miss it...

olivier, guido, more opinions ?
Comment 21 Landry Breuil editbugs 2019-04-27 17:47:43 CEST
I've taken ali's work, rebased it on top of master, and fixed the MAX_USER_GROUPS thing in https://git.xfce.org/users/landry/xfce-session?h=bsd-shutdown-fallback-14722 - anyone feeling to test it more and merge ? simon, any particular opinion on the code itself ?
Comment 22 Olivier Duchateau 2019-04-27 21:04:41 CEST
(In reply to Landry Breuil from comment #20)
> I've looked again at ali's branch, and i see that autospawning ckit (if
> installed but not launched, because messagebus doesnt run or the session
> hasnt been lauched within ckit) has been disabled by
> G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START in
> https://git.xfce.org/users/ali/xfce4-session/commit/?h=bsd-shutdown-
> fallback&id=b7fab5309f40979da56c29bc649f1d16e625a16c and that makes sense,
> as starting a ckit daemon from the session will only lead to issues, as a
> running session cannot be 'reparented' later on to a ckit launched after the
> session.
> 
> so besides the nit on _SC_NGROUPS_MAX/MAX_USER_GROUPS (maybe using int
> new_grp = sysconf(_SC_NGROUPS_MAX) in
> https://git.xfce.org/users/ali/xfce4-session/tree/xfce4-session/xfsm-
> shutdown-fallback.c?h=bsd-shutdown-fallback#n210 and remove the #define), i
> think this should be merged so that its properly tested for 4.14. Otherwise
> that'll miss it...
> 
> olivier, guido, more opinions ?

I already use sysconf(_SC_NGROUPS_MAX) [1] (I think it's more BSD friendly).

[1] https://app.assembla.com/spaces/xfce4/subversion/source/HEAD/tags/4.13/x11-wm/xfce4-session/files/patch-xfce4-session_xfsm-shutdown-fallback.c#ln100
Comment 24 Git Bot editbugs 2019-05-02 19:50:42 CEST
Ali Abdallah referenced this bugreport in commit 1d56462b83cf320dff96d5b9ac3a767b019a0dd4

Added better shutdown fallback support for the BSDs (Bug #14722)

https://git.xfce.org/xfce/xfce4-session/commit?id=1d56462b83cf320dff96d5b9ac3a767b019a0dd4
Comment 25 Git Bot editbugs 2019-05-02 19:50:48 CEST
Landry Breuil referenced this bugreport in commit 207954303e3510aac0d51567f10cf1bd0b9f3fda

Use sysconf(_SC_NGROUPS_MAX) instead of #defining an arbitrary MAX_USER_GROUPS (bug #14722)

https://git.xfce.org/xfce/xfce4-session/commit?id=207954303e3510aac0d51567f10cf1bd0b9f3fda
Comment 26 Landry Breuil editbugs 2019-05-02 19:51:47 CEST
Squashed the commits from my branch and merged them to master, thanks ali !
Comment 27 Landry Breuil editbugs 2019-05-02 19:52:20 CEST
and closing ticket

Bug #14722

Reported by:
Ali Abdallah
Reported on: 2018-09-26
Last modified on: 2019-05-02

People

Assignee:
Xfce Bug Triage
CC List:
8 users

Version

Version:
Unspecified

Attachments

Additional information