On 01/08/2019 21:25, Bruce Dubbs via blfs-dev wrote: > On 8/1/19 1:44 PM, Bruce Dubbs wrote: >> On 8/1/19 1:13 PM, DJ Lucas via blfs-dev wrote: >>> On 8/1/19 11:40 AM, Bruce Dubbs via blfs-dev wrote: >>> >>>> On 8/1/19 10:49 AM, Pierre Labastie via blfs-dev wrote: >>>>> On 31/07/2019 00:44, DJ Lucas via blfs-dev wrote: >>>>>> On July 30, 2019 3:54:34 PM CDT, Pierre Labastie via blfs-dev >>>>>> <[email protected]> wrote: >>>>> >>>>>> IIUC above, this is because we do not have elogind in LFS, so our first >>>>>> build of dbus does not link to libsystemd (unlike in LFS-systemd). The >>>>>> lack of dbus support is inconsequential in that configuration because we >>>>>> are going to rebuild systemd later in BLFS. >>>>>> >>>>>>> There is also another thing, which bothers me: instructions for the >>>>>>> xorg >>>>>>> server are the same in both books (sysv/elogind and systemd). So, when >>>>>>> we add >>>>>>> --enable-install-setuid to xorg-server, we add it in both books. But I >>>>>>> believed it was not needed in the systemd book... >>>>>>> >>>>>> That would be my doing as I had believed that they would be the same >>>>>> (and still believe they should be, but my attempts to find the reason >>>>>> for the differences have failed me thus far), so the two variants got >>>>>> merged down. In fact, I think I am the only one who has demonstrated >>>>>> that a rootless Xorg is even possible with elogind in our group. Five >>>>>> consecutive builds, all slightly different, but logical (apparently only >>>>>> to me), build orders. I'd gotten frustrated trying to track it down, I >>>>>> was simply spinning my wheels, so I put it on the back burner (knowing >>>>>> that a viable workaround exists). I'll be testing noveau on an existing >>>>>> build next week to possibly eliminate hardware/drivers. I want to also >>>>>> say that I've built entirely in chroot already, but I'm not 100% certain >>>>>> on that. >>>>>> >>>>>> HTH >>>>>> >>>>> >>>>> OK, I've found the error!!!! >>>>> On the Xinit page, we have: >>>>> --- >>>>> sed -e '/$serverargs $vtarg/ s/serverargs/: #&/' \ >>>>> -i startx.cpp >>>>> --- >>>>> for the Sysv/elogind book, while we do not have this for the systemd book. >>>>> >>>>> Removing the ": #" allows startx to run the server and the usual clients. >>>>> >>>>> I think even the suid-wrapper is not needed! (it drops privilege anyway if >>>>> /dev/dri/card0 is KMS compatible). This can be tested by moving >>>>> /usr/libexec/Xorg.wrap to /usr/libexec/Xorg.wrap.nouse, and trying again: >>>>> startx still works. >>>>> >>>>> So we can: >>>>> remove the sed on the Xinit page >>>>> remove any enable-xxx-suid switch for xorg-server (well, maybe some >>>>> drivers do >>>>> need the wrapper, this has to be tested, but I do not have the hardware >>>>> (intel >>>>> driver works fine without the wrapper)). >>>>> >>>>> Pierre >>>>> PS: I've spend almost 24 h running the server, xinit, with gdb, playing >>>>> with >>>>> xauth files, etc, before finding this stupid bug! >>>>> >>>> >>>> I appreciate your hard work in finding the discrepancy. >>>> >>>> We added that sed on purpose so Xorg will come up on vt7 instead of >>>> vt<current>. For most users it probably does not make a difference, but >>>> it is convenient to be able to switch between vt1 and vt7 when debugging. >>>> >>>> My preference is to leave the sed and the suid alone in the sysv book, but >>>> as an alternative we could just document the technique in a note. >>>> >>>> >>> Apologies if this comes through twice, my work laptop had an old >>> configuration, the first will probably get blocked. >>> >>> I don't think this is correct, but might be a clue. My build script for >>> xinit has this sed, and it works. >>> http://www.linuxfromscratch.org/~dj/mkbuild.sh/sources/buildscripts/xinit.sh >>> >>> The proposed sed also does nothing from what I can see (this from Arch, >>> where it would not have been applied, but I can't get to my workstation >>> from here): >>> >>> [dj@DJ-ARCH-02 ~]$ head -n 137 /usr/bin/startx | tail -n 3 >>> if [ "$have_vtarg" = "no" ]; then >>> serverargs="$serverargs $vtarg" >>> fi >>> [dj@DJ-ARCH-02 ~]$ sed -e '/$serverargs $vtarg/ s/serverargs/&/' >>> /usr/bin/startx | head -n 137 | tail -n 3 >>> if [ "$have_vtarg" = "no" ]; then >>> serverargs="$serverargs $vtarg" >>> fi >>> >>> If this is actually the issue, I must have successfully done something >>> wrong multiple times (but I wouldn't put it past me at this point), but >>> then my preference is for opposite Bruce's suggestion. IOW: put the >>> commands on the xinit page to add the suid bit for Xorg along with the sed >>> and put them inside of nodump tags.Like Bruce said, the majority of users >>> won't care one way or the other, but avoiding a suid bit wherever possible >>> is a good thing. >> >> Your sed does nothing: >> >> sed -e '/$serverargs $vtarg/ s/serverargs/&/' >> >> you need >> >> sed -e '/$serverargs $vtarg/ s/serverargs/: #&/' >> >> Which comments out that particular line, but adds the colon because it is in >> an 'if' construct. >> >> I'm working on a modification to the book now. > > Please take a look at the xinit instructions from commit 21892. > > http://www.linuxfromscratch.org/blfs/view/svn/x/xinit.html > > Feedback welcome. >
Thanks for doing that. Feedback: I'd rather add role="nodump" to the example instructions in xinit (chmod u+s and sed) (I may add that if you'd like), and it seems you have not removed the --enable-install-setuid switch from configure in xorg-server. Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
