The first day of the Westcoast summit is now over. We enjoyed the excellent hospitality of the Endless Mobile crew.
Before coming here, I set up a GNOME goal for converting applications to DBus activation, and with the help of Cosimo, I converted a few applications. This will make applications fit nicely into the coming session setup with systemd –user and kdbus.
One of the longer discussions we had today was around this topic. Lennart explained how things might work: The systemd user instance creates the user bus when a user logs in, and every application that is started via DBus activation is actually spawned by the systemd user instance, and thus gets its own cgroup, and D-Bus policy, which will be used to limit the access that sandboxed applications have on the bus.
Kay demonstrated systemd –user and kdbus launching a full GNOME session on his laptop. Most things just work already. Only a few things will need fixes:
- PolicyKit currently uses the session of the caller in determining which authentication agent to talk to, etc. Applications that are activated on the user bus are not technically part of a session (as in: a descendent of the gnome-session process), so this won’t work anymore.
- gdm keeps a process around for the lifetime of the session that provides the pam stack used e.g. when unlocking the session, and without a clear session association, this may not work in the same way anymore.
We can work on these issues while we are waiting for kdbus to find its way in the kernel.
After discussing this, and many other topics, we ended the day in a fantastic Chinese restaurant, followed by beer.