From 66f4d108437e62659e77fe11583ae53a23c54b74 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Jun 2012 14:51:48 -0400 Subject: [PATCH] Use pam_systemd.so to set up device ownership This removes the need for ConsoleKit, so it's gone. --- modules/module-list.nix | 1 - modules/security/consolekit.nix | 60 --------------------------------- modules/security/pam.nix | 4 +-- modules/system/boot/systemd.nix | 1 + 4 files changed, 3 insertions(+), 63 deletions(-) delete mode 100644 modules/security/consolekit.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 870d316006fc..0b324e7fffd2 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -46,7 +46,6 @@ ./programs/wvdial.nix ./rename.nix ./security/ca.nix - ./security/consolekit.nix ./security/pam.nix ./security/pam_usb.nix ./security/policykit.nix diff --git a/modules/security/consolekit.nix b/modules/security/consolekit.nix deleted file mode 100644 index 28e1fec06010..000000000000 --- a/modules/security/consolekit.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, pkgs, ... }: - -with pkgs.lib; - -let - - # `pam_console' maintains the set of locally logged in users in - # /var/run/console. This is obsolete, but D-Bus still uses it for - # its `at_console' feature. So maintain it using a ConsoleKit - # session script. Borrowed from - # http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/pam-foreground-compat.ck - updateVarRunConsole = pkgs.writeTextFile { - name = "var-run-console.ck"; - destination = "/etc/ConsoleKit/run-session.d/var-run-console.ck"; - executable = true; - - text = - '' - #! ${pkgs.stdenv.shell} -e - PATH=${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.glibc}/bin - TAGDIR=/var/run/console - - [ -n "$CK_SESSION_USER_UID" ] || exit 1 - - TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`" - - if [ "$1" = "session_added" ]; then - mkdir -p "$TAGDIR" - echo "$CK_SESSION_ID" >> "$TAGFILE" - fi - - if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then - sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE" - [ -s "$TAGFILE" ] || rm -f "$TAGFILE" - fi - ''; - }; - -in - -{ - - config = { - - environment.systemPackages = [ pkgs.consolekit ]; - - services.dbus.packages = [ pkgs.consolekit ]; - - environment.etc = singleton - { source = (pkgs.buildEnv { - name = "consolekit-config"; - pathsToLink = [ "/etc/ConsoleKit" ]; - paths = [ pkgs.consolekit pkgs.udev updateVarRunConsole ]; - }) + "/etc/ConsoleKit"; - target = "ConsoleKit"; - }; - - }; - -} diff --git a/modules/security/pam.nix b/modules/security/pam.nix index 4fab7febc710..09803598db90 100644 --- a/modules/security/pam.nix +++ b/modules/security/pam.nix @@ -41,7 +41,7 @@ let # against the keys in the calling user's ~/.ssh/authorized_keys. # This is useful for "sudo" on password-less remote systems. sshAgentAuth ? false - , # If set, use ConsoleKit's PAM connector module to claim + , # If set, use systemd's PAM connector module to claim # ownership of audio devices etc. ownDevices ? false , # Whether to forward XAuth keys between users. Mostly useful @@ -104,7 +104,7 @@ let ${optionalString config.krb5.enable "session optional ${pam_krb5}/lib/security/pam_krb5.so"} ${optionalString ownDevices - "session optional ${pkgs.consolekit}/lib/security/pam_ck_connector.so"} + "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"} ${optionalString forwardXAuth "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"} ${optionalString (limits != []) diff --git a/modules/system/boot/systemd.nix b/modules/system/boot/systemd.nix index 57bc47bd6d62..0d4256990e7e 100644 --- a/modules/system/boot/systemd.nix +++ b/modules/system/boot/systemd.nix @@ -37,6 +37,7 @@ let "systemd-vconsole-setup.service" "systemd-user-sessions.service" "dbus-org.freedesktop.login1.service" + "user@.service" # Journal. "systemd-journald.socket"