musings on session service mgmt

David Zeuthen davidz at redhat.com
Fri Jan 4 01:10:14 UTC 2008 

Hi,

After investigating (please read the full report including links to
desktop-devel-list)

 https://bugzilla.redhat.com/show_bug.cgi?id=427316

I realized what an incredibly poor state session service management is
in and what kind of hoops upstream authors jump through because neither
X11, nor xdg or GNOME has provided them with useful infrastructure. It
looks like KDE has _some_ kind of infrastructure for this.

There are basically two problems that we've been ignoring and hacking
around for as long as I've used Linux on the desktop

 1. There is no good way of starting session services that needs to
    export environment variables. While one may rightfully argue this is
    utter crack in most cases, things like seahorse-agent demonstrates
    that this is sometimes needed. Also, you surely need to do this for
    the session message bus.

 2. I think we've all experienced this one or more times; you log out
    of your session and log back in. Wow, now things are weird or maybe
    doesn't even work. The reason for this is that processes from your
    old session keeps hanging around. In fact, I was bitten by this just
    before the holidays; I simply couldn't login. Why? An old gconfd
    process was lingering and that blocked login. The solution? Log in
    as root on VT1 and do the usual 'killall -9 -u davidz' dance.

The latter problem is, I think, on the level of being a security bug.
The former is just hindering process and is making people build on top
of our platform (speaking in upstream sense here) do really crackful
things like rewriting your .gnupg/gpg.conf file.  

I think with a little work we could fix this on the X11 level and
potentially get this upstream too. First, in Fedora we actually got a
rather decent way of solving 1.; see

 https://bugzilla.redhat.com/show_bug.cgi?id=427316#c15

for the solution. Unfortunately, this a) isn't upstream; and b) isn't as
perfect as it needs to be. If you follow the flow, basically this
happens

 /usr/bin/xinit
   sources /etc/X11/xinit/xinitrc
     sources /etc/X11/xinit/xinitrc-common
       sources /etc/X11/xinit/xinitrc.d/*.sh
       sets up SSH_AGENT, DBUS_LAUNCH, CK_XINIT_SESSION
     does some weird stuff, then evals three variables above and,
      essentially, execs gnome-session or startkde

Observations

 a. Ideally SSH_AGENT, DBUS_LAUNCH, CK_XINIT_SESSION would just
    use /etc/X11/xinit/xinitrc.d/. I'm told this is to make sure
    things are reaped (because of problem 2. above)

 b. It's annoying that the session bus is started after the stuff
    in /etc/X11/xinit/xinitrc.d/ - no session bus for you.

 c. No way to run code once the session is over.

Proposal

Assuming problem 2. will be magically solved for us (see below), we
could nicely rearrange the flow such that SSH_AGENT, DBUS_LAUNCH,
CK_XINIT_SESSION could just use standard constructs
in /etc/X11/xinit/xinitrc.d/. 

Another observation is that only stuff using environment variables
should use /etc/X11/xinit/xinitrc.d/ (some man page should spell this
out) - everything else should use the XDG autostart spec (where we have
UI, e.g. gnome-session-properties).

Also, since we're talking about environment variables, we surely need to
care about the ordering; e.g. we want

 00-ck-xinit-session.sh
 01-dbus-session-bus.sh
 10-ssh-agent.sh
 10-seahorse-agent.sh

and so forth. Again, the man page should be clear about this. Also,
there should be a README file in /etc/X11/xinit/xinitrc.d/ that points
to the man page.

Instead of exec'ing gnome-session, we run it in the background. When we
are done we run the same scripts in reverse just with 'stop' instead of
'start' as the first positional parameter.

Notably, 00-ck-xinit-session.sh will take care of problem 2. The way it
does this is because of the way that ConsoleKit works. It basically will
just kill all the processes where the uid and the environment variable
XDG_SESSION_COOKIE matches. First it tries SIGTERM. Then after a few
seconds, it moves on to SIGKILL (e.g. -9).

(of course, any process can unset XDG_SESSION_COOKIE and then fork and
that way linger on. But no sane process would do that unless it's
hostile.)

All of this only includes modifying xorg-x11-xinit. We surely should get
this upstream. 

The benefits?

- Things like seahorse-agent, ssh-agent and so forth now has proper
  infrastructure to use. If we make the docs good enough we can point
  people to these and hopefully people won't do horrendous things like
  e.g. rewriting .gnupg/gpg.conf.

- We solve the decade-long problem of lingering processes after logout.

I think this is a pretty small project that could be done in a few days,
maybe a week. Any takers? Thoughts? Am I on crack?

          David

More information about the Fedora-desktop-list mailing list