ConsoleKit Removal / Automatic Multi-Seat Support
A grab-bag of little cleanups and improvements all related to session and seat handling.
- Name: Lennart Poettering
- Email: lennart AT poettering DOT net
- Targeted release: Fedora 17
- Last updated: 2012-02-06
- Percentage of completion: 100%
Logic is now in rawhide (in systemd 30), patches for some subsystems (X11, accountsservice) ready. These patches have been put into F16 packages. The necessary gdm [patches] are still in testing. Patches for many ConsoleKit users in GNOME are available, and most of them have been merged by now.
- Automatic multi-seat support
- Make systemd available in the session
- Removal of XDG_SESSION_COOKIE and its security problems, emphasis on audit loginuid and cgroup names instead
- On-Demand starting of VT gettys
- Covering all of getty, SSH and X11 sessions
- Make session exit of pam_systemd more robust
- Introduce D-Bus user bus
- allow systemd user services to be run outside of a session, for selected users, a la cron with cron.allow
When we reach the point where ConsoleKit is actually dropped, additionally
- Simplify our stack by removing CK
- Fix the 63 threads CK VT watching issue
This feature introduces a new systemd daemon, systemd-logind, which takes over a lot of the logic of pam_systemd (which is reduced to a small stub that is a lot more robust) as well as ConsoleKit and udev-acl. systemd-logind can be configured in systemd-logind.conf and controlled via systemd-loginctl.
Benefit to Fedora
Things become safer, cleaner and smaller. We add automatic multi-seat support. We can optionally start user services outside of a login (e.g. a per-user Rygel on boot without having the user to log in).
Precise scope outlined in:
systemd needs to be updated to version 30 or newer.
To get working automatic multiseat support, we need to patch
To complete the removal of ConsoleKit, a larger set of packages need to be touched.
Packages that currently require ConsoleKit:
- libfprint (DONE)
- polkit (DONE)
- accountsservice (DONE)
- gdm (see above)
Packages that are using the ConsoleKit D-Bus API at runtime:
- gnome-session (uses can_restart, can_shutdown, can_switch_user, sets session idle, checks session type) (DONE)
- gnome-packagekit (uses ConsoleKit to reboot with polkit control) (DONE)
- gnome-settings-daemon (listens for ActiveChanged, calls Stop) (DONE)
- control-center (find out if a user is logged in) (DONE)
- gnome-screensaver (listens for Lock/Unlock/ActiveChanged signals from ConsoleKit) (DONE)
- NetworkManager (find out if a user is logged in and if his session is active) (DONE)
- gnome-shell (DONE)
- accountsservice-libs (DONE)
How To Test
- Test Multi-Seat support (ideally with hardware from plugable): plug in plugable hw and you should instantly get a new gdm display on the seat
- You should have 6 gettys on tty1-6
- To test ConsoleKit removal, inspect that manifest of the desktop spin and verify that it does not include ConsoleKit.
- Test that other desktops pull in ConsoleKit, if they still need it. Also verify that ConsoleKit continues to work as expected when it is installed. This can be done e.g. with the help of ck-list-sessions
Plugging in certain multi-seat hw should just work: i.e. make a gdm appear on it.
We need smaller changes in: X11, gdm, CK, udev, dbus, plymouth, PK, NM, accountsservice
Until the 'ckremoval' part of this feature is complete, ConsoleKit will continue to be available simultaneously as the new logic. The multiseat part of this feature can be used even if ConsoleKit has not been completely removed.
If the multiseat part of this feature does not get completed, we can just disable the systemd specific login manager again and things should work as previously.
- General overview: Multiseat on Linux
- Developer documentation:
Fedora 17 is using systemd as a login manager. For details, see systemd-logind.conf(5) and systemd-loginctl(1). This provides automatic multi-seat support. The login manager part of systemd supersedes ConsoleKit functionality.
[if ckremoval is complete] ConsoleKit is no longer installed by default.
[if ckremoval is not complete] ConsoleKit is still available to support parts of the system that have not been ported to the new systemd APIs.