[systemd-devel] TTY ownership and systemd user session
Lennart Poettering
lennart at poettering.net
Thu Jan 9 21:27:41 PST 2014
On Thu, 09.01.14 09:56, Yin Kangkai (kangkai.yin at linux.intel.com) wrote:
> Hi,
>
> I am bringing up systemd user session in Tizen, I am using v208.
>
> We run into a small issue that if a user session service file claims
> TTY, systemd user session will fail to chown_terminal() for it:
>
> "Failed at step STDIN spawning /usr/bin/xorg-launch-helper: Permission denied"
>
> My testing service file has something like this:
>
> [Service]
> StandardInput=tty
> TTYPath=/dev/tty1
> ExecStart=/usr/bin/xxx
>
>
> I tried to look into the code... The failure seems happen after
> "systemd --user" forked and about the exec into the new process, in
> execute.c:exec_spawn(), when calling chown_terminal().
>
> So my question is:
>
> * does systemd depend on other (e.g. udev) to set the /dev/tty1
> permission beforehand? Or
>
> * should we do the chown_terminal() stuff in PAM/pam_systemd after we
> got the PAM_TTY? since otherwise it's too late to do it in
> exec_spawn(), it's already running as normal "user", you can't
> chown /dev/tty1 etc.
>
> Please help me to understand this, and anything I am missing. Thanks.
The chown_terminal() call is invoked at point in time where privileges
have not been dropped yet for the process that is being forked off. This
means that there isn't actually relly any excuse for ths to fail with
EPERM, since we are still root.
Is it possible that this issue is reated to SMACK or so? I.e. some SMACK
policy forbidding this chowning for the forked off process? Otherwise I
have no idea really how this could ever fail with EPERM...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list