Re: NM and pm-utils sleep hook
On 11.01.2011 20:03, Dan Williams wrote: > On Sat, 2010-12-18 at 10:01 -0600, Robby Workman wrote: >> Hi Dan, >> >> Re this commit: >> >> commit 8310593ce48a85aa82d4a2adf805662f2b019ef5 >> Author: Dan Williams >> Date: Fri Oct 15 10:28:38 2010 -0500 >> >> core: ignore authorization for sleep/wake requests (but restrict to >> root) (rh #638640) >> >> Everyone uses pm-utils still for sleep/wake support, and that's >> traditionally how NM was put to sleep and woken up. But pm-utils >> uses dbus-send without --print-reply so dbus-send quits immediately >> after sending the message. That doesn't give NM enough time to >> get the senders UID and thus validate the request, so the request >> gets denied, and sometimes NM stays asleep after the machine is >> woken up. >> >> Instead, don't get the sender's UID and try to authorize it, but >> just let the request go through. Rely on D-Bus permissions to >> make sure that only root can call sleep/wake methods. >> >> Why not have NM ship the pm-utils sleep hook instead of having to >> work around what they ship? Last I checked, NM is the only app >> for which upstream pm-utils ships a sleep hook, and Victor (the >> lead dev there) was hoping to have apps ship their own so that >> he didn't have to maintain stuff that he may not be familiar with. > > I'm happy to ship the hooks in NM. I've talked about doing that for a > couple years already, it's just never happened :) Just put them into NM and I make sure the next pm-utils upstream release has those hooks removed (I have commit rights for pm-utils). If you want to make sure NM also works with oder pm-utils versions, you can do a neat trick: Run "disablehook 55NetworkManager" in your hook and install it as say 50NetworkManager. On the other hand, I can also just add the --print-reply option to upstream pm-utils. Just let me know what you prefer. FWIW, this change had an unfortunate side-effect, when root is looged in and the at_console policy is used, see [1] Cheers, Michael [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608301 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: NM and pm-utils sleep hook
On Sat, 2010-12-18 at 10:01 -0600, Robby Workman wrote: > Hi Dan, > > Re this commit: > > commit 8310593ce48a85aa82d4a2adf805662f2b019ef5 > Author: Dan Williams > Date: Fri Oct 15 10:28:38 2010 -0500 > > core: ignore authorization for sleep/wake requests (but restrict to > root) (rh #638640) > > Everyone uses pm-utils still for sleep/wake support, and that's > traditionally how NM was put to sleep and woken up. But pm-utils > uses dbus-send without --print-reply so dbus-send quits immediately > after sending the message. That doesn't give NM enough time to > get the senders UID and thus validate the request, so the request > gets denied, and sometimes NM stays asleep after the machine is > woken up. > > Instead, don't get the sender's UID and try to authorize it, but > just let the request go through. Rely on D-Bus permissions to > make sure that only root can call sleep/wake methods. > > Why not have NM ship the pm-utils sleep hook instead of having to > work around what they ship? Last I checked, NM is the only app > for which upstream pm-utils ships a sleep hook, and Victor (the > lead dev there) was hoping to have apps ship their own so that > he didn't have to maintain stuff that he may not be familiar with. I'm happy to ship the hooks in NM. I've talked about doing that for a couple years already, it's just never happened :) Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
NM and pm-utils sleep hook
Hi Dan, Re this commit: commit 8310593ce48a85aa82d4a2adf805662f2b019ef5 Author: Dan Williams Date: Fri Oct 15 10:28:38 2010 -0500 core: ignore authorization for sleep/wake requests (but restrict to root) (rh #638640) Everyone uses pm-utils still for sleep/wake support, and that's traditionally how NM was put to sleep and woken up. But pm-utils uses dbus-send without --print-reply so dbus-send quits immediately after sending the message. That doesn't give NM enough time to get the senders UID and thus validate the request, so the request gets denied, and sometimes NM stays asleep after the machine is woken up. Instead, don't get the sender's UID and try to authorize it, but just let the request go through. Rely on D-Bus permissions to make sure that only root can call sleep/wake methods. Why not have NM ship the pm-utils sleep hook instead of having to work around what they ship? Last I checked, NM is the only app for which upstream pm-utils ships a sleep hook, and Victor (the lead dev there) was hoping to have apps ship their own so that he didn't have to maintain stuff that he may not be familiar with. -RW ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list