[systemd-devel] [PATCH] logind: add sys_tty_config capability, to let it use VT_ACTIVATE ioctl on "activate" action

Mike Kazantsev mk.fraggod at gmail.com
Wed Jan 25 07:20:48 PST 2012


Good day,

Problem is that "systemd-loginctl activate <session-id>" gives
something like "D-Bus call failed: Operation not permitted", while
strace of logind process looks like this:

epoll_wait(4, {{EPOLLIN, {u32=3, u64=3}}}, 1, -1) = 1
epoll_wait(9, {{EPOLLIN, {u32=166352544, u64=166352544}}}, 1, 0) = 1
recvmsg(8, {msg_name(0)=NULL, msg_iov(1)=[{"l\1\0\1\6\0\0\0\2...
recvmsg(8, 0xbfc3636c, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
open("/dev/tty0", O_RDWR|O_NOCTTY|O_LARGEFILE|O_CLOEXEC) = 13
ioctl(13, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 -opost -isig -icanon -echo ...}) = 0
ioctl(13, VT_ACTIVATE, 0x1)             = -1 EPERM (Operation not permitted)
close(13)                               = 0
sendmsg(8, {msg_name(0)=NULL, msg_iov(2)=[{"l\3\1\1\34\0\0\0\243\0...

So it looks like "activate" fails without that capability.
I'm not sure what it's supposed to do though, and stumbled upon it
while looking into unrelated issue, so maybe it's supposed to act this
way.

michich seemed to agree on irc that the cap should be there, but since
it doesn't seem to be in git yet, I thought I'd mail the patch.


From 1e9da2f9ba2e996987eb6e7b8810efe2b933d2de Mon Sep 17 00:00:00 2001
From: Mike Kazantsev <mk.fraggod at gmail.com>
Date: Wed, 25 Jan 2012 21:09:03 +0600
Subject: [PATCH] logind: add sys_tty_config capability, to let it use
 VT_ACTIVATE ioctl on "activate" action

---
 units/systemd-logind.service.in |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index c332039..531b8f7 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -14,7 +14,7 @@ Description=Login Service
 ExecStart=@rootlibexecdir@/systemd-logind
 Type=dbus
 BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER
+CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 
 # Increase the default a bit in order to allow many simultaneous
 # logins since we keep one fd open per session.
-- 
1.7.8.1


-- 
Mike Kazantsev // fraggod.net


More information about the systemd-devel mailing list