Bugzilla – Bug 298943
missing XDG_SESSION_COOKIE in environment
Last modified: 2007-09-09 10:16:55 UTC
KDE can't mount (and e.g. KPowersave suspend) because all tools started in KDE miss the XDG_SESSION_COOKIE in the process environments. Because of this ConsoleKit can't find out to which Session a caller belongs to. Due to this HAL rejects all calls from KDE programms. We need this for the new HAL/PolicyKit version.
Danny, check ExportList in /opt/kde3/share/config/kdm/kdmrc - make it LANG,XCURSOR_THEME,XDG_SESSION_COOKIE If that works, it should be added to kdm-sysconfig-values.diff
I added this line to the file: ExportList=LANG,XCURSOR_THEME,XDG_SESSION_COOKIE But it doesn't help.
you added it to the right spot, right?
I added it to [General] (where it was commented out). On 'konsole' env contains the cookie, but as it look the started tools not, because ConsoleKit can't get the cookie via proc_pid_get_env() (in src/proc-linux.c) which try to get this from /proc/*/environ as it look. Is there maybe something wrong? Any other ideas?
you're using Beta1? Fri Aug 3 15:47:22 CEST 2007 - dmueller@suse.de - notify consolekit of logged in users
Yes, I use Beta1 on the test machine. As I said if I check the env in konsole, there is XDG_SESSION_COOKIE and a useful value. But if I start a program like KPowersave the XDG_SESSION_COOKIE is not in the environment of KPowersave. It only work, if I export the XDG_SESSION_COOKIE to KPowersave manually on start.
@Dirk: Problem is also present with this build. Do you need a testmachine, I could give you a laptop with beta1 and the needed packages installed?
I only need the packages from your hal update repository, right? yes, that would be nice, but I can play a bit with my VirtualBox as well.
Thanks for tracking down why it happened.
ah, wait, I was too quick as usual.
doesn't that mean that we have to patch ssh, sudo/su, and what hell not to pass around XDG_SESSION_COOKIE?
This is a really good question. I have no idea. It's maybe more a security question.
any opinion?
*** Bug 299569 has been marked as a duplicate of this bug. ***
*** Bug 298998 has been marked as a duplicate of this bug. ***
well, does a "su" or "sudo" and its programs in there belong to the same ConsoleKit session or not? For auditing at least they do. (I personally think they shouldnt for ConsoleKit.) How does ConsoleKit and its design define it? And I think that both su and sudo strip the environment already of all / dangerous variables, so this could jsut be added.
why do you think they should not for consolekit? when they exist for
ah, so bugzilly works again.. anyway I think they should be passed around, because the (under a different user) started applications are still running in the same session for the user.
su does not strip anything.
*** Bug 299589 has been marked as a duplicate of this bug. ***
The env cookie could survive a sudo if needed. The cookie itself does not have any meaning and is not related to any authorization or gained privilege. It is just used to track the "session". Every process that has/knows the cookie, is part of the same login session. So, sudo coming from the user's login session could just keep the cookie, if that is needed. I don't know if it's useful, but it will not hurt anything.
Pavol, could you add XDG_SESSION_COOKIE to the exception list for sudo, so that it is passed through?
Added XDG_SESSION_COOKIE to env_keep variables in /etc/sudoers. Submitted to STABLE. Closing bug.
*** Bug 300601 has been marked as a duplicate of this bug. ***
I followed the instructions from comment #24, i.e. in my /etc/sudoers, there is now Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" The problem is not corrected; I still cannot mount usb sticks and I can't hibernate (see bugs 300601 & 300602). I rebooted the machine after the modifications. And I have an additional problem: When logging on with kdm, I have problems with my keyboard. Once I had an automatic key-repitition, next time, I couldn't enter my password. This can be "fixed" ba switching to a text console and switching back to kdm again. When I removed XDG_SESSION_COOKIE from env_keep, this problem vanished.
do you have kdebase3-kdm updated from post-beta1 ? do you have kdelibs3 updated from post-beta1? its unlikely that the needed packages have been synced out already.
I can confirm that suspend-to-RAM and suspend-to-disk via kpowersave work again with the latest FACTORY packages.
Suspend and USB Sticks work just fine for me with latest HAL, PolicyKit, ConsoleKit etc.
I don`t see a reason why it should not. lets close it again and please only reopen it if you can see it with beta2. Thanks.
> I don`t see a reason why it should not. lets close it again and please only > reopen it if you can see it with beta2. Thanks. I can't see it with beta2 but can see with beta3 :-/ It worked for a while but it's not working now - usb sticker automount doesn't work neither suspend to disk/ram ("User is not allowed for hal-power-hibernate according to PolicyKit.").
#31 is most likely a new bug. So please use another bug for it
#309001 is the same bug as the one reported in Comment #31, but I think it is not the same as the one reported here. Check my comments in #309001 to better understand what is happening.