On Mon 22 Feb 2016 15:15, l...@gnu.org (Ludovic Courtès) writes: > Andy Wingo <wi...@igalia.com> skribis: > >> Concretely: what to do about gnome-settings-daemon, xfce4-session, and >> thunar? > > What about adding a ‘gnome-session-service’ and an > ‘xfce4-session-service’, each of which would extend polkit (the latter > would also pass the Thunar policies)? > > Eventually, we could change the SLiM service to be extended by these two > things.
Makes sense to me. We are effectively granting permission to these desktop environment to do a limited set of things as root, so they do need to be services. Incidentally, when with this patch I tried to run "pkexec ls", I was able to go farther in the process -- the pkexec program embeds an authentication agent, if the desktop environment doesn't provide one, which can read a password from the console. So you're asked for the root password to be able to run "ls", but then it fails with a message that polkit knew "no session for cookie". I guess this means that there still is something not quite working between logind and polkit. Or, it could be related to X -- at startup X warns about not being able to integrate with logind for some reason, so perhaps that's it. Relatedly, for the power button and lid switch under GNOME: I assume that GNOME inhibits logind's default power button handler in favor of its own. There's an interface for that. But then somehow the permissions don't work out right, probably due to the same reason, that polkit can't make the link between the user and their session. Well, we'll figure it out I guess :) Andy