Date: Wed, 27 Dec 2023 08:30:42 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 266532] x11/lightdm: Login sessions do not respect login.conf Message-ID: <bug-266532-39348-vAi1JqLcTX@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-266532-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-266532-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266532 --- Comment #33 from Guido Falsi <madpilot@FreeBSD.org> --- (In reply to Ivan Rozhuk from comment #31) 1 - the call before the fork is done with the "LOGIN_SETGROUP" argument and= the comment on it clearly states the reason. Here we are calling it once with "LOGIN_SETALL", which includes that too, in one go. Not sure why this is being done in two steps in su and login. 2 - I confirm Daniel analysis, you can see at [1] that setusercontext will = grab the correct login class by itself. 3 - The first call to setusercontext is performed with the LOGIN_SETGROUP argument, which causes it to only configure groups membership for the user,= I don't think that makes any difference in relation to env variables. The com= ment there makes it clear this is simply done because PAM could add group memberships to the user. in general: The patch logic is anyway an improvement on what lightdm was doing (that is= a simple setuid/setgid). We are keeping the same basic semantics though. Looks like login.c is building the environment one piece at the time, but replica= ting that logic looks unnecessarily complicated based on the information we have. This code can be improved in the future if issues arise. BTW I noticed now I made an indent mistake in the patch I need to fix. [1] https://cgit.freebsd.org/src/tree/lib/libutil/login_class.c#n437 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266532-39348-vAi1JqLcTX>