Retrying revoke()

Posted Apr 13, 2013 19:35 UTC (Sat) by apoelstra (subscriber, #75205)
In reply to: Retrying revoke() by guillemj
Parent article: Retrying revoke()

> If that's a Debian-based distribution, then the X binary is just a pretty small setuid wrapper that checks if the user can invoke the real non-setuid Xorg binary based off some policies from a wrapper-specific configuration file.

I'm running Fedora -- if I remove the setuid bit, X won't start because it lacks permission to hijack a tty. (Maybe I can fix this, but I don't know how. There are so many special groups on modern desktops..)

Retrying revoke()

Posted Apr 14, 2013 12:36 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

I'm assuming you're using startx for this? If that's the case, I had filed a bug about programs in the X session being denied PolicyKit since the TTY didn't match the login TTY. You can pass "vt02" to launch on a separate TTY, but I think you still need suid to do that.

On a related note, that's the reason why a systemd --user session doesn't work right now: I get denied taking over the TTY, but I can't use a different TTY because PolicyKit denies nice things like suspend and shutdown.