[systemd-devel] pam_systemd.so and su

[Koen Kooi]

Op 22 mrt. 2012, om 02:11 heeft Lennart Poettering het volgende geschreven:

> On Thu, 22.03.12 00:41, Lennart Poettering (lennart at poettering.net) wrote:
> 
>> On Sun, 18.03.12 16:08, Canek Peláez Valdés (caneko at gmail.com) wrote:
>> 
>>> Hi; I'm using systemd 43 in Gentoo, and I usally have this line at the
>>> end of /etc/pam.d/system-auth:
>>> 
>>> -session        optional        pam_systemd.so
>>> 
>>> When I use su to become root, after logout the following message appears:
>>> 
>>> ...killed.
>>> 
>>> Not always, but most of the time. Without the line with
>>> pam_systemd.so, the message never appears.
>>> 
>>> So, two questions:
>>> 
>>> 1. Why is my session being killed at logout time?
>>> 
>>> 2. The pam_systemd.so is really necessary? The "...killed." message
>>> appears after two or three seconds, and it's slightly annoying.
>> 
>> Which version of systemd is this? (If it isnt 44, please upgrade first,
>> then try to reproduce this)
>> 
>> Do you have audit enabled in the kernel and are using pam_loginuid?
>> 
>> Normally, when the pam session close hooks are called logind responds to
>> this by killing the main process of the session if it still
>> exists. This is probably the source of the problem here.
> 
> I have now commited a patch to git that might fix your issue. Please
> test:
> 
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=75c8e3cffd7da8eede614cf61384957af2c82a29
> 
> I assume this fixes your problem, but since our kernels actually have
> audit enabled I am a bit too lazy trying to reproduce the issue here, so
> I'd be very thankful if you could test this!

On the CONFIG_AUDIT front, I just found out that CONFIG_AUDITSYSCALL is not supported on ARM and MIPS:

    depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH)

There's a patch for ARM that might make it into a recent kernel: http://git.kernel.org/?p=linux/kernel/git/viro/audit.git;a=patch;h=29ef73b7a823b77a7cd0bdd7d7cded3fb6c2587b



regards,

Koen