Important: You are required to change your passwords used for Gentoo services and set an email address for your Wiki account if you haven't done so. See the full announcement and Wiki email policy change for more information.

ConsoleKit

From Gentoo Wiki
Jump to: navigation, search
External resources

ConsoleKit is a framework for defining and tracking users, login sessions, and seats.

Description

ConsoleKit's function is to support in multiuser setups. It also works for a single user, but offers no benefit compared to existing methods.

ConsoleKit is a D-Bus daemon and creates for each PAM session an own session. All applications in that session can make use of the permissions granted to this sessions. ConsoleKit determine, if the session is local (created by a local user in contrast to users logged in over the network) and if the session is active (means, it's the most recent session). Based on this distinction, ConsoleKit assigns device file permissions (e.g. for audio, video and more) to the session. Also other software like polkit make use of this distinction.

Fast user switching is a feature powered by ConsoleKit. When switching device file permissions get changed to the new active user and appliciations in the old session get notified, so they can revoke grants based on ConsoleKit informations.

ConsoleKit support in shutdown/reboot handling, so that only the local, active user can shutdown or reboot the system.

The planned multiseat feature is not fully implemented. At the moment all local sessions are in Seat1, all other sessions are in seat2.

Installation

Prerequisites

ConsoleKit uses D-Bus, so set it up first.

Kernel

Make sure you have CONFIG_AUDITSYSCALL=y in your kernel configuration (and recompile/restart if you changed it):

Kernel configuration

General setup  --->
    [*] Auditing support
    [*]   Enable system-call auditing support

Software

Portage knows the global USE flag consolekit for enabling support for ConsoleKit in other packages. Enabling this USE flag will pull in sys-auth/consolekit automatically (this is default for desktop profiles):

File/etc/portage/make.conf

USE="... consolekit ..."

The USE flags of consolekit are:

→ Information about USE flags
USE flag Default Recommended Description
acl Yes Adds support for Access Control Lists
debug No Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml
doc No Adds extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
pam Yes Adds support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
policykit Yes Use the PolicyKit framework (sys-auth/polkit) to get authorization for suspend/shutdown.
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
test No Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore

After setting this you want to update your system so the changes take effect:

root # emerge --ask --changed-use --deep @world

Configuration

Boot service

You can now start ConsoleKit:

root # /etc/init.d/consolekit start

To start ConsoleKit at boot time, add it your default runlevel (although it often also get started by ConsoleKit depending services):

root # rc-update add consolekit default

ConsoleKit integration for startx

If you want to start the X-server manually with startx (instead of using a display manager), you have to create the ConsoleKit session yourself. Therefore create the following .xinitrc for your user:

File~/.xinitrc

exec ck-launch-session dbus-launch --sh-syntax --exit-with-session YOUR_COMMAND

YOUR_COMMAND needs to be replaced by a window manager or a single application.

Usage

  • ck-list-sessions: Shows all sessions and their details. For a local, active users active and is-local should be TRUE.

Troubleshooting

  • Gentoo bugtracker: known bugs
  • ck-history --log: Shows the logged messages.
  • The ConsoleKit init.d script /etc/init.d/consolekit uses the -q parameter to supress debug messages. Remove this parameter and restart the service to get more messages. Use also the parameter --debug to get even more messages.
  • Consolekit communicates over D-Bus, so also see the D-Bus "Troubleshooting" section.