mirror of
https://github.com/systemd/systemd
synced 2024-10-15 12:34:37 +00:00
34160d9195
SetLinger is authorized by the PolicyKit action "set-self-linger", if it is not passed an explicit UID. According to comments we were determining the default UID from the client's session. However, user processes e.g. which are run from a terminal emulator do not necessarily belong to a session scope unit. They may equally be started from the systemd user manager [1][2]. Actually the comment was wrong, and it would also have worked for processes started from the systemd user manager. Nevertheless it seems to involve fetching "augmented credentials" i.e. it's using a racy method, so we shouldn't have been authenticating based on it. We could change the default UID, but that raises issues especially for consistency between the methods. Instead we can just use the clients effective UID for authorization. This commit also fixes `loginctl enable-linger $USER` to match the docs that say it was equivalent to `loginctl enable-linger` (given that $USER matches the callers user and owner_uid). Previously, the former would not have suceeded for unpriviliged users in the default configuration. [1] It seems the main meaning of per-session scopes is tracking the PAM login process. Killing that provokes logind to revoke device access. Less circularly, killing it provokes getty to hangup the TTY. [2] User units may be started with an environment which includes XDG_SESSION_ID (presuambly GNOME does this?). Or not. |
||
|---|---|---|
| .github | ||
| .mkosi | ||
| catalog | ||
| coccinelle | ||
| docs | ||
| factory/etc | ||
| hwdb | ||
| man | ||
| modprobe.d | ||
| network | ||
| po | ||
| rules | ||
| shell-completion | ||
| src | ||
| sysctl.d | ||
| system-preset | ||
| sysusers.d | ||
| test | ||
| tmpfiles.d | ||
| tools | ||
| units | ||
| xorg | ||
| .dir-locals.el | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| .vimrc | ||
| .ycm_extra_conf.py | ||
| CODING_STYLE | ||
| configure | ||
| DISTRO_PORTING | ||
| ENVIRONMENT.md | ||
| HACKING | ||
| LICENSE.GPL2 | ||
| LICENSE.LGPL2.1 | ||
| Makefile | ||
| meson.build | ||
| meson_options.txt | ||
| mkosi.build | ||
| mkosi.default | ||
| NEWS | ||
| README | ||
| README.md | ||
| TODO | ||
systemd - System and Service Manager
Details
General information about systemd can be found in the systemd Wiki.
Information about build requirements are provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the HACKING file for information how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list or join our IRC channel.