[systemd-devel] TTY ownership and systemd user session
Yin Kangkai
kangkai.yin at linux.intel.com
Thu Jan 9 22:11:29 PST 2014
On 2014-01-10, 06:27 +0100, Lennart Poettering wrote:
> On Thu, 09.01.14 09:56, Yin Kangkai (kangkai.yin at linux.intel.com) wrote:
>
> > Hi,
> >
> > I am bringing up systemd user session in Tizen, I am using v208.
> >
> > We run into a small issue that if a user session service file claims
> > TTY, systemd user session will fail to chown_terminal() for it:
> >
> > "Failed at step STDIN spawning /usr/bin/xorg-launch-helper: Permission denied"
> >
> > My testing service file has something like this:
> >
> > [Service]
> > StandardInput=tty
> > TTYPath=/dev/tty1
> > ExecStart=/usr/bin/xxx
> >
> >
> > I tried to look into the code... The failure seems happen after
> > "systemd --user" forked and about the exec into the new process, in
> > execute.c:exec_spawn(), when calling chown_terminal().
> >
> > So my question is:
> >
> > * does systemd depend on other (e.g. udev) to set the /dev/tty1
> > permission beforehand? Or
> >
> > * should we do the chown_terminal() stuff in PAM/pam_systemd after we
> > got the PAM_TTY? since otherwise it's too late to do it in
> > exec_spawn(), it's already running as normal "user", you can't
> > chown /dev/tty1 etc.
> >
> > Please help me to understand this, and anything I am missing. Thanks.
>
> The chown_terminal() call is invoked at point in time where privileges
> have not been dropped yet for the process that is being forked off. This
> means that there isn't actually relly any excuse for ths to fail with
> EPERM, since we are still root.
No? It is already in user session, systemd is not root here any more
right? Do I miss anything?
> Is it possible that this issue is reated to SMACK or so? I.e. some SMACK
> policy forbidding this chowning for the forked off process? Otherwise I
> have no idea really how this could ever fail with EPERM...
More information about the systemd-devel
mailing list