From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 7377 invoked from network); 23 May 2022 23:40:59 -0000 Received: from alyss.skarnet.org (95.142.172.232) by inbox.vuxu.org with ESMTPUTF8; 23 May 2022 23:40:59 -0000 Received: (qmail 12606 invoked by uid 89); 23 May 2022 23:41:23 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Received: (qmail 12599 invoked from network); 23 May 2022 23:41:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=YDzTQOIUzeBU7baSq3zQ5+EyTAWRLsjqUZTpyzYXwKY=; b=b7HWHZPRpu5wdE2YF1ZYGOJWYifXQQSZEekrTbyn+0p1tJHlfBhRpJDpQqR2kxVldo NQW8LA0Xzxqpjysg7qaaNFI6ocjYwJzkRrxeX881fS+YaFKeAzPzyBmeCwB1UBt2G93c yYeZfHGlwZe1vixP+DjzNJCxfM4x25vXrkVesLb0gQnAL0QdcfmHcWZGcxHLCnALk9pq 82vvI7civiLZuXIEIb2Wu5A6p60GNP06I6th81tPfgW65UGjflcLN5R4h2R/HKqgSUjE qOr9KwPy0BgtV/8Szfo6tuPBQbzwXLD14lhbJAJ4rZirSHnSzXzUrSwq/89gli0ssmyl OfMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=YDzTQOIUzeBU7baSq3zQ5+EyTAWRLsjqUZTpyzYXwKY=; b=c7NVPp9NHHkdUyeKHhidF5qHxa3o940grNFODhrtxs7jLBJZA9SqYtAwcI3DgAVASx 1rJZgRKJB7gp8AeNlSoIpLY00no9CmTLFaWrxWdP52nu9YKvoMac02go5+BkzQjTBeNl FHW0883X2eScY1NYOqbaq3yR80IQVkZ9WnA6uGDlI7G0zqXBavR7GTlAsPvXKKxf8wA9 fOTTGYqrL4L8Us/AUllo5BWPL/m6xbkRNbAJDrPwLDW9WIMrB13j0Z4pQWZWM9b2QuYG GDxbhYo3cVlUGv/FSZh1yvFpKP9ZeHBtq7UDKTW7fG4Gy0MYCnCHC3JMpypKfB5HvPGN P3Qg== X-Gm-Message-State: AOAM530UGbDzsZqxxNwgGAwuv9ZqNBfgKPhdgHHZIdXvqLHxDThnDoA0 A/mw7QksDYQWrqdjmXKHcprI/AF6kSHF7yU7YDYgT0wpFh4= X-Google-Smtp-Source: ABdhPJwf7pa1OwJUZbcYgKWwa+dJbgk4dQoiFUt0B9Z5wGNNQ3kmTW9WSObdOXdOirE2g5OKi/LL5dvDyOoFkro9UTo= X-Received: by 2002:a17:902:f710:b0:15f:165f:b50b with SMTP id h16-20020a170902f71000b0015f165fb50bmr25563836plo.158.1653349254115; Mon, 23 May 2022 16:40:54 -0700 (PDT) MIME-Version: 1.0 References: <3VJC4G8PXTKVS.3RQFDLXYQABMW@oak.localdomain> <727c2c8b-2b5e-24b4-f9e5-17e651217cc9@sholland.org> In-Reply-To: From: Guillermo Date: Mon, 23 May 2022 20:40:44 -0300 Message-ID: Subject: Re: s6 xinit replacement? To: Supervision Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, yianiris / fungal-net El lun, 23 may 2022 a las 7:07, yianiris escribi=C3=B3: > > Unbelievable, on this particular list, someone suggesting that dbus or > systemd (elogind is the most invasive of all parts of systemd) is needed > to run X [...] Oh, I'm not suggesting it, I am stating it as a fact :) OK, now more seriously. This has come up some time ago in the Gentoo Forums when Gentoo's 'suid' USE flag changed to unset by default; the correct (although somewhat simplified for brevity) way to state that assertion is: the only *officialy supported* way to *not* run Xorg as root is by having it get open file descriptors from a "logind provider" (a process that implements the D-Bus org.freedesktop.login1 interface) using file descriptor passing, for /dev special files that would otherwise require a privileged open() call. Why? Because that is how Xorg is currently programmed. Technical details in this old version of a Gentoo Wiki article, if you are interested: * https://wiki.gentoo.org/index.php?title=3DNon_root_Xorg&oldid=3D884856#Su= pported_setups Personally, I don't mind D-Bus and elogind that much, because they combine well with an s6-based init system: PID COMMAND 1 s6-svscan -X3 -- /run/service 106 s6-supervise dbus-daemon 438 \_ dbus-daemon --system --nofork --nopidfile 480 elogind-daemon $ s6-rc-db type dbus-daemon longrun That said, I know that there are people who do not like D-Bus and / or elogind, and don't want them installed. That's OK, it's their choice. > no logind no dbus 0 logind/dbus warning/error messages. I hope you read the "I suppose that Xorg is not a suid binary" and "unless you do something else" parts of my previous e-mail. Setups without a suid Xorg binary, without D-Bus, and without a logind provider, need to work around the privileged open() situation: * AFAICT, Void and Obarun build Xorg with '-Dsuid_wrapper=3Dtrue', so they install the Xorg suid wrapper, and configure it to never drop privileges by default. * Samuel adds his user to a group that allows processes to perform the required privileged open() calls. (What Rio's setup does with respect to /dev/dri/card* files has not been specified). All of these require some form of elevated privileges, including effectively running Xorg as root even if its binary might not be suid (its helper, Xorg.wrap, is). If your setup works in a way that does not involve elevated privileges, to be honest, I'd rather read about *that* instead of yet another systemd / RedHat / IBM rant. > Again, sorry Guillermo, this is not personal [...] No worries, no offense taken. G.