util: Blacklist some session-specific variables by sunweaver · Pull Request #282 · mate-desktop/mate-session-manager

sunweaver · 2021-05-17T09:53:03Z

Things like XDG_SESSION_ID should not be uploaded to the environment.
For example this is broken currently:

SSH to your machine
Log in to MATE Shell
Log out
Log in again
Lock the screen
Try to unlock

You can't, and this is because the XDG_SESSION_ID from the first session
(step 2) has leaked through to the second one (step 4), and so MATE
Shell is listening to the logind UnlockSession signal for the wrong
session. The SSH session established in step 1 serves to keep the
systemd --user instance alive, so that the state is not torn down
between logins.

Original patch for GNOME by Iain Lane iainl@gnome.org.

Patch ported over to MATE's session manager by Mike Gabriel
sunweaver@debian.org.

Fixes #271

Things like XDG_SESSION_ID should not be uploaded to the environment. For example this is broken currently: 1. SSH to your machine 2. Log in to MATE Shell 3. Log out 4. Log in again 5. Lock the screen 6. Try to unlock You can't, and this is because the XDG_SESSION_ID from the first session (step 2) has leaked through to the second one (step 4), and so MATE Shell is listening to the `logind` `UnlockSession` signal for the wrong session. The SSH session established in step 1 serves to keep the `systemd --user` instance alive, so that the state is not torn down between logins. Original patch for GNOME by Iain Lane <iainl@gnome.org>. Patch ported over to MATE's session manager by Mike Gabriel <sunweaver@debian.org>. Fixes mate-desktop#271

sunweaver · 2021-05-20T20:54:32Z

@raveit65 This PR has a failing CI build. However, this does not look like a PR / patch problem.

…vironment In future releases the following variables will be omitted: XDG_VTNR, XDG_SESSION_ID, XDG_SESSION_PATH, XDG_SEAT, XDG_SEAT_PATH. These are transient variables that make sense only for a specific session among others (graphical or otherwise) and should not be placed in activation environment. This is in contrast to vars like XDG_CURERNT_DESKTOP which are relevant to one and only graphical session and may inform other sessions and environments on what's going on there. The problem though is that those vars are useful to have at hand. This commit creates alternative way of propagaitng them to compositor and further: * compositor's service `EnvironmentFile=` directive and a file for it. * `uwsm app` now transmits them via `--setenv` arg to service units it launches. Currently overall behavior is unchanged by default, the new mechanism is redundant. In future releases these vars will be moved from `always_export` set to `never_export` and `always_unset` sets. This behavior can be tested by adding `UWSM_NO_SESSION_SPECIFIC_VARS=true` directly to activation environment before `uwsm start`. Reference for var exclusion in GNOME and MATE session managers: https://gitlab.gnome.org/GNOME/gnome-session/-/issues/86 mate-desktop/mate-session-manager#282

sunweaver mentioned this pull request May 20, 2021

Shouldn't add XDG_SESSION_ID to dbus and systemd activation environment #271

Open

raveit65 mentioned this pull request May 5, 2023

Blacklist some session-specific variables (with corrected author name) #303

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

util: Blacklist some session-specific variables#282

util: Blacklist some session-specific variables#282
sunweaver wants to merge 1 commit intomate-desktop:masterfrom
sunweaver:pr/session-env-var-blacklist

sunweaver commented May 17, 2021

Uh oh!

sunweaver commented May 20, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

sunweaver commented May 17, 2021

Uh oh!

sunweaver commented May 20, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant