[Bug 776392] Re: finish user session support

James Hunt 776392 at bugs.launchpad.net
Mon Nov 4 08:32:38 UTC 2013 

Agreed - closing.

** Changed in: upstart (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/776392

Title:
  finish user session support

Status in “upstart” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: upstart

  Upstart in Natty introduced a framework to allow users to create and
  manage their own upstart jobs.

  This bug is to elaborate the support for user sessions and enable them
  for oneiric.

  Known problems that need to be overcome before user sessions can be
  enabled:

  = Known Issues =

  == User Sessions do not Function Within a Chroot Environment ==

  This appears to be because dbus itself is not workable within a
  chroot. The Upstart chroot support added in natty side-steps this
  issue by using the private (and hence root-only) comms link between
  initctl and the init daemon (outside the chroot).

  == Primary Group Query via D-Bus ==

  D-Bus does not currently expose a public API call to allow Upstart to
  query a users primary group. _dbus_user_info_fill_uid () seems to
  exist for this but is a "secret" API (not in the public headers).

  This needs to be addressed since without it, we cannot support user
  sessions within a chroot environment without making the probably
  invalid assumption that a chroot users primary group is identical to
  the equivalently-named non-chroot-users primary group.

  == Inability to Distinguish User Jobs from System Jobs ==

  In Natty, if a user creates a job config file in ~/.init/, this will
  be displayed by "initctl list". However, if that job were called say
  "cron.conf", there would be two entries in "initctl list": one for the
  system job called "cron" (/etc/init/cron.conf) and the other for the
  users job (~/.init/cron.conf). This is in itself not a problem, but
  what is an issue is that it is not possible to distinguish between the
  two using initctl alone.

  A simplistic solution to this problem would be a new switch on initctl
  to show only user jobs and change initctl to *NOT* show user jobs by
  default. This would make sense from a backwards-compatibility
  perspective.

  A better solution would be to modify the existing D-Bus method
  GetJobByName such that it also returned ownership information
  (essentially the Session object). This would allow initctl to annotate
  the output of "initctl list" with owner details.

  == Testing ==

  === Scenarios ===

  User sessions -- like chroot support, which is built upon the same
  foundation -- require careful testing. When enabled we have the
  following primary scenarios to test:

  - root job in non-chroot environment ("traditional" method of operation - available now).
  - non-root job in non-chroot environment (aka non-chroot user job).
  - root job in chroot environment (available now).
  - non-root job in chroot environment (user job in chroot).

  Careful consideration needs to be given to potential privilege
  escalation issues.

  === Infrastructure ===

  The existing Upstart test framework cannot currently accommodate
  system/scenario tests as listed above.

  Questions:

  - How can we automatically handle the scenarios above? Can we use fakeroot/LD_PRELOAD to simulate root test runs?
  - How do we handle full chroot testing?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/776392/+subscriptions

More information about the foundations-bugs mailing list