[systemd-devel] Possible support for child logind sessions running under a display server?

nerdopolis bluescreen_avenger at verizon.net
Wed Sep 16 02:09:02 UTC 2020


Hi


I have been experimenting with cobbling up some sort of non-root kmscon
alternate by combining wlroots based cage and vte, However Two problems
force me to run it as root.

(The first being the obvious escalation of /bin/login which might be 
possible to do with systemd-run and pkexec and a custom policy)



The second being that for polkit to work in the session XDG_SEAT and 
XDG_VTNR both need to be set. However if an existing session is using 
that XDG_VTNR the polkit session fails to start



For example, under a terminal running under a graphical session run:
        system-run --setenv=XDG_SEAT=$XDG_SEAT --setenv=XDG_VTNR=$XDG_VTNR -t -- login -p
then logging in with the prompt, and then trying `pkexec ls` access is
denied, because I guess that XDG_VTNR is already used.

adding 
  --setenv=XDG_VTNR=63
to `systemd-run` works, but not feasible as it doesn't work quite right

So could something like where if XDG_SESSION_CLASS="guest" the session 
won't need a VTNr on seat0 be acceptable?

Although I guess these child sessions in theory, they won't be activateable,
as the session for the host display server will need to be active for the
host display server to actually work...

Thanks




More information about the systemd-devel mailing list