FS#65761 - [sway] polkit should be added as dependency

Attached to Project: Community Packages
Opened by Faalagorn (Faalagorn) - Monday, 09 March 2020, 22:40 GMT
Last edited by Brett Cornwall (ainola) - Friday, 04 June 2021, 05:05 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Hesse (eworm)
David Runge (dvzrv)
Brett Cornwall (ainola)
Maxim Baz (maximbaz)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Both sway and cage require polkit be added as a dependency in order to be usable from a base arch installation. Without it both DEs would fail to launch, citing inability to gain CAP_SYS_ADMIN in order to become a DRM master.




Original Author Description:
It seems that colord is need to launch sway. It took me a while to figure why sway isn't launching on a fresh system and installing weston helped. It turned out colord was needed dependency for sway.

Steps to reproduce:
1. Install a fresh system
2. Install sway
3. Try to launch it
4. Sway will not launch
5. Install colord
6. Sway will launch
This task depends upon

Closed by  Brett Cornwall (ainola)
Friday, 04 June 2021, 05:05 GMT
Reason for closing:  Fixed
Additional comments about closing:  Cool, sounds like we'll keep things as it is then.
Comment by Brett Cornwall (ainola) - Wednesday, 11 March 2020, 01:30 GMT
Looks like it needs polkit rather than colord - colord merely pulled in polkit as a dependency. Thanks for the report; this will be fixed soon.
Comment by Brett Cornwall (ainola) - Thursday, 12 March 2020, 01:44 GMT
dvzrv: I've updated sway to include this dependency. I'm happy to do cage as well but didn't want to step on your toes since I'm not a co-maintainer.
Comment by Thibaut Sautereau (thithib) - Saturday, 14 March 2020, 21:18 GMT
  • Field changed: Percent Complete (100% → 50%)
I really don't think sway requires polkit to be able to launch itself correctly. It doesn't need CAP_SYS_ADMIN as it is supposed to obtain the appropriate file descriptors from systemd-logind (I gave some details about that here: https://thibaut.sautereau.fr/2019/08/09/sway-and-hidepid/).
Comment by Brett Cornwall (ainola) - Tuesday, 17 March 2020, 19:35 GMT
Hi, Thibaut, what precisely are you proposing? I've only had time to skim to be honest but will give it a full read-through eventually.
Comment by Thibaut Sautereau (thithib) - Tuesday, 17 March 2020, 21:46 GMT
First I'd like people encountering this bug to verify that the XDG_SESSION_ID var is set in their environment before executing sway. It's set by pam_systemd in conjunction with systemd-logind, and used by sway to get the active session ID, which in turn allows it to obtain the device handles from systemd-logind.

Note that I don't know anything about polkit, so I might be wrong and polkit might actually be contributing to all this, but I'd be very surprised.
Comment by Brett Cornwall (ainola) - Tuesday, 17 March 2020, 23:27 GMT
Indeed, XDG_SESSION_ID is set.
Comment by Thibaut Sautereau (thithib) - Wednesday, 18 March 2020, 09:14 GMT
And you cannot launch sway from your tty?
Then if you really think polkit is required, it'd be interesting to know what polkit definition comes into play.
Comment by Brett Cornwall (ainola) - Wednesday, 18 March 2020, 09:37 GMT
You're encouraged to run these tests yourself to help get the full picture. Please do report back if you find anything useful.

Thanks!
Comment by Brett Cornwall (ainola) - Tuesday, 01 June 2021, 01:27 GMT
More than a year later. Sorry for the slow investigation on my own but it looks like sway prefers using setuid [1]. Testing on a VM works just fine with and without polkit when the binary is setuid.

Maintainers, any issue with removing the polkit dep and installing sway as setuid?


[1] https://github.com/swaywm/sway/issues/5260#issuecomment-619542107
Comment by Maxim Baz (maximbaz) - Tuesday, 01 June 2021, 10:15 GMT
None from my side, go for it.
Comment by Thibaut Sautereau (thithib) - Tuesday, 01 June 2021, 12:21 GMT
Wait, why would you force a new setuid binary on all Arch users of sway? The claim that "sway prefers using setuid" is totally unfounded.
Comment by David Runge (dvzrv) - Tuesday, 01 June 2021, 13:29 GMT
@ainola: tbh I would also rather not have a setuid binary if it's not required.

Can this be consolidated with upstream?
Comment by Thibaut Sautereau (thithib) - Tuesday, 01 June 2021, 14:31 GMT
@dvzrv: Upstream is already pretty clear about that, see https://github.com/swaywm/sway/wiki/Running-Sway-without-systemd.
Comment by Thibaut Sautereau (thithib) - Tuesday, 01 June 2021, 15:00 GMT
By the way and strictly speaking, it's logind, not sway, that needs polkit here. Thus ideally the dependency on polkit should rather apply to the systemd package.
Comment by David Runge (dvzrv) - Tuesday, 01 June 2021, 15:10 GMT
@thithib: Thanks for the link. I was not able to find this information initially.

Well, then nothing should indeed be done from our side. We use systemd and logind, hence we do *not* use setuid.

The systemd package already lists polkit as an optional dependency, which should be enough. However, we can add Christian Hesse to this ticket and ponder over whether it would make sense to promote it to a full dependency.
Comment by Eli Schwartz (eschwartz) - Tuesday, 01 June 2021, 18:05 GMT
Promoting js78 to a full transitive dependency on ALL systems seems quite... uncomfortable in the extreme.
Comment by Thibaut Sautereau (thithib) - Tuesday, 01 June 2021, 18:24 GMT
@dvzrv: I'm certainly fine with keeping things the way they are currently, but just to be clear, polkit was actually added as a dependency last year: https://github.com/archlinux/svntogit-community/commit/45b6e36a637c215033386ce63435a9c416a582bd#diff-3e341d2d9c67be01819b25b25d5e53ea3cdf3a38d28846cda85a195eb9b7203a. Thus, based on my previous remark about logind being the component that requires polkit, you may consider removing polkit from sway's dependencies, and then maybe just mention polkit in the Arch wiki page of sway. I honestly don't know whether that would be the best idea though.

And since you added Christian: I find the description of systemd's optional dependency on polkit to be somewhat misleading in light of this particular case, since polkit is needed for something that is not "administration".
Comment by Brett Cornwall (ainola) - Wednesday, 02 June 2021, 00:27 GMT
I'm definitely not interested in shipping a broken-by-default sway: Either we ship with one or the other. Anyone that wishes to do the other is welcome to maintain their own PKGBUILD.

Regarding the "unfounded" statements, please see the link in the same post.

I'm fine with continuing with the status quo but I wanted to make sure that there was concensus.

Cf https://github.com/swaywm/sway/issues/3668 for another byte of context.
Comment by Thibaut Sautereau (thithib) - Wednesday, 02 June 2021, 20:44 GMT
@ainola What link in what post are you talking about? Note that you keep linking to old discussions that are completely irrelevant to the current situation. In 2021, on a systemd-based distro, sway leverages logind and runs unprivileged, period.

For the record, another option here could be to make polkit an optional dependency of sway, with an unequivocal description. But you're probably going to see that as "broken-by-default", and I won't argue with that.

Loading...