Ticket #1168 (closed defect: invalid)
Some combination of ConsoleKit, LightDM, or our greeter sucks
Reported by: | jdreed | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | Precise Beta |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
On Precise, after returning to the login screen after the first login, I can't reboot/shutdown from the greeter, and get a "Authorization is required" error from ConsoleKit?, and CK debug info shows "CkManager?: Unable to lookup cookie for caller - failing".
Adding session optional pam_loginuid.so to /etc/pam.d/lightdm fixes this.
I don't understand why.
In many respects, this is like DebianBug:597937, but not exactly.
Change History
comment:2 Changed 12 years ago by jdreed
Nope, adding pam_loginuid.so does not fix this. And this is not the same bug, because ck-list-sessions output looks completely sane. I have no idea why it only appears to affect our greeter, and not others.
Tangentially related, I wonder if it's worth refusing to launch certain services inside the chroot. Like ConsoleKit?, for example, which should _never_ be run inside the chroot.
comment:3 Changed 12 years ago by jdreed
Right, ok, this problem was a false positive. What "org.freedesktop.ConsoleKit?.Manager.NotPrivileged?: Authorization is required" actually means is "You asked to reboot, but someone else is logged in, and you're not root, so go away." The "problem" here is that unlike all other greeters, our greeter actually bothers to check the return value when asking lightdm to initiate a reboot. I'll catch the error and display a more useful message.
We appear to only need this on cluster? I wonder if this an artifact of schroot re-running the PAM stack? I definitely see pam_ck_connector spew in auth.log, about being unable to determine the display device. Should we set it explicitly or something?