Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Sonntag, 10. August 2014, 22:15:31 schrieb Michael Biebl: Version: 208-6 Am 15.05.2014 02:30, schrieb Michael Biebl: Am 13.05.2014 22:13, schrieb Michael Biebl: The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions I've also forwarded this to http://lists.freedesktop.org/archives/systemd-devel/2014-May/019175.html This was fixed upstream and the fix is part of the v208-stable branch. So closing for 208-6 which includes the patches from v208-stable Thanks, will try. Upgraded to systemd 208-7 already which via systemd-shim nicely coexists with sysvinit-core. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Montag, 19. Mai 2014, 15:15:50 schrieb Michael Biebl: Am 19.05.2014 15:02, schrieb Martin Steigerwald: Am Dienstag, 13. Mai 2014, 22:13:09 schrieb Michael Biebl: Am 13.05.2014 09:57, schrieb Martin Steigerwald: org.freedesktop.login1.hibernate-multiple-sessions This also needs the according suspend action to be a full work-around: merkaba:/etc/polkit-1/localauthority/50-local.d cat org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.login1.hibernate-multiple- sessions;org.freedesktop.login1.suspend-multiple-sessions No, you should not need that. suspend-multiple-sessions already has allow_activeyes/allow_active, i.e. if you have an active (logind) session, policykit will *not* prompt for an admin password. If you don't have an active logind session (check with loginctl show-session ID), this is something you should investigate. Well, I had two KDE sessions open. Without the suspend I got a policykit dialog on the one which was active as I closed the laptop lid. With it, I did not get one. Thats all I can say. So I keep this option for now. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Dienstag, 13. Mai 2014, 22:13:09 schrieb Michael Biebl: The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions This also needs the according suspend action to be a full work-around: merkaba:/etc/polkit-1/localauthority/50-local.d cat org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.login1.hibernate-multiple- sessions;org.freedesktop.login1.suspend-multiple-sessions ResultAny=yes ResultInactive=yes ResultActive=yes Before that on closing laptop lid it suspended, but I still got an authorization dialog. Just in case anyone else needs this work-around. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am 19.05.2014 15:02, schrieb Martin Steigerwald: Am Dienstag, 13. Mai 2014, 22:13:09 schrieb Michael Biebl: Am 13.05.2014 09:57, schrieb Martin Steigerwald: org.freedesktop.login1.hibernate-multiple-sessions This also needs the according suspend action to be a full work-around: merkaba:/etc/polkit-1/localauthority/50-local.d cat org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.login1.hibernate-multiple- sessions;org.freedesktop.login1.suspend-multiple-sessions No, you should not need that. suspend-multiple-sessions already has allow_activeyes/allow_active, i.e. if you have an active (logind) session, policykit will *not* prompt for an admin password. If you don't have an active logind session (check with loginctl show-session ID), this is something you should investigate. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Donnerstag, 15. Mai 2014, 02:30:20 schrieb Michael Biebl: Am 13.05.2014 22:13, schrieb Michael Biebl: The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions I've also forwarded this to http://lists.freedesktop.org/archives/systemd-devel/2014-May/019175.html Thanks for forwarding. I tried: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.login1.hibernate-multiple-sessions ResultAny=yes ResultInactive=yes ResultActive=yes And this seems to work with two full KDE sessions open with one containing a with an SSH session to some server. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
tags 747939 + fixed-upstream thanks Am 15.05.2014 02:30, schrieb Michael Biebl: See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions I've also forwarded this to http://lists.freedesktop.org/archives/systemd-devel/2014-May/019175.html A fix was committed upstream [0]. I guess we just cherry-pick that patch for now. Michael [0] http://cgit.freedesktop.org/systemd/systemd/commit/?id=301f9684e6465df5d0590f6c571fe3229ded966d -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Donnerstag, 15. Mai 2014, 19:00:07 schrieb Michael Biebl: tags 747939 + fixed-upstream thanks Am 15.05.2014 02:30, schrieb Michael Biebl: See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions I've also forwarded this to http://lists.freedesktop.org/archives/systemd-devel/2014-May/019175.html A fix was committed upstream [0]. I guess we just cherry-pick that patch for now. Great, thanks. I will drop my /etc/polkit-1 file then. I did not see any other problems with systemd 208-1 so far. [0] http://cgit.freedesktop.org/systemd/systemd/commit/?id=301f9684e6465df5d0590 f6c571fe3229ded966d -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am 13.05.2014 22:13, schrieb Michael Biebl: The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions I've also forwarded this to http://lists.freedesktop.org/archives/systemd-devel/2014-May/019175.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Package: systemd Version: 208-1 Severity: normal Dear Maintainer, if systemd is running I get a password prompt during hibernation[1][2]. Now if I spawn another KDE session, open a screen in it, quit the session, loginctl still treats it as running session: merkaba:~ loginctl | cat 1 1000 martin seat0 4 2012 ms seat0 Well, the screen is indeed running as that user: ba:~ ps aux | grep ^ms | grep -v grep ms5651 0.0 0.0 37792 1468 ?Ss Mai11 0:00 /lib/systemd/systemd --user ms5654 0.0 0.0 178412 4 ?SMai11 0:00 (sd-pam) ms 14034 0.0 0.0 26296 1288 ?Ss Mai12 0:01 SCREEN ms 14035 0.0 0.0 44620 1004 pts/15 Ss+ Mai12 0:00 /usr/bin/zsh ms 14061 0.0 0.0 40656 796 pts/16 Ss+ Mai12 0:00 /usr/bin/zsh Honestly, while treating this as an still open session from a technical session may be correct, this again shows why the policy of asking a password on hibernation on a *single* seat system creates a lot of changes in default behavior that I find outrightly annoying, unintuitive and from a user point of view of common sense just plain broken. This is *still* a single seat system. I am its boss. So it is supposed to do what *I* want, instead of insisting of knowing better than me. And as I am logged into to an existing session it is supposed to do so without asking me any password anymore. I am authenticated, thanks. The only way this could make sense from a usability point of view IMHO is displaying a dialog with hey, you still got a screen session open, really want to hibernate? before locking the screen with simple yes and no button. Its obviously not there yet as it first locks the screen, then displays the dialog, and then if I unlock the screen and and enter the password immediately hibernates *without* locking the screen, basically hibernating with a unlocked desktop if I am not quick enough to press Ctrl-L to lock it. Thats why I yesterday used, sleep 20 ; pm-hibernate last night, I just wanted to go to sleep and hibernate the system. Again just closing the lid will suspend the system just fine, without asking a password, so its even inconsistent. And again, changing it with merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. So please, treat this report seriously at least from a policy point of view, instead of just closing it again as not your business. I am ready to report different bugs for the affected components, in case I get advice on where to report what, but please treat this as a regression over previous behavior in case systemd is running. Previous behavior that IMHO matches common sense much more closely. [1] Debian BTS web gui does not respond within acceptable time, will add later [2] See above. Thanks, Martin -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental')Architecture: amd64 (x86_64) Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15.0-rc5-tp520 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages systemd depends on: ii acl 2.2.52-1 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-53 ii libacl1 2.2.52-1 ii libaudit11:2.3.6-1 ii libblkid12.20.1-5.7 ii libc62.18-5 ii libcap2 1:2.22-1.2 ii libcap2-bin 1:2.22-1.2 ii libcryptsetup4 2:1.6.4-4 ii libdbus-1-3 1.8.2-1 ii libgcrypt11 1.5.3-4 ii libkmod2 17-2 ii liblzma5 5.1.1alpha+20120614-2 ii libpam0g 1.1.8-3 ii libselinux1 2.2.2-2 ii libsystemd-daemon0 208-1 ii libsystemd-journal0 208-1 ii libsystemd-login0208-1 ii libudev1 204-10 ii libwrap0 7.6.q-25 ii sysv-rc 2.88dsf-53 ii udev 204-10 ii util-linux 2.20.1-5.7 Versions of packages systemd recommends: ii libpam-systemd 208-1 Versions of packages systemd suggests: pn systemd-ui none -- no debconf information [OVERRIDDEN] /run/systemd/system/session-4.scope.d/90-SendSIGHUP.conf → /run/systemd/system/session-1.scope.d/90-SendSIGHUP.conf Files /run/systemd/system/session-1.scope.d/90-SendSIGHUP.conf and /run/systemd/system/session-4.scope.d/90-SendSIGHUP.conf are identical [OVERRIDDEN] /run/systemd/system/session-4.scope.d/90-TimeoutStopUSec.conf → /run/systemd/system/session-1.scope.d/90-TimeoutStopUSec.conf Files /run/systemd/system/session-1.scope.d/90-TimeoutStopUSec.conf and
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#747939: systemd: prevents hibernation without password with open screen session in other login session
Am Dienstag, 13. Mai 2014, 22:13:09 schrieb Michael Biebl: The following assumes you run policykit 0.105 Am 13.05.2014 09:57, schrieb Martin Steigerwald: merkaba:/etc/polkit-1 cat ./localauthority/50-local.d/org.freedesktop.upower.pkla [Suspend/hibernate permissions] Identity=unix-group:sudo Action=org.freedesktop.upower.hibernate;org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes does not have any effect on this. You are using the wrong Action here. See /usr/share/polkit-1/actions/org.freedesktop.login1.policy. What you are looking for is org.freedesktop.login1.hibernate-multiple-sessions Thank you, Michael. I will try this. Ciao, -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.