[systemd-devel] Possible support for child logind sessions running under a display server?
nerdopolis
bluescreen_avenger at verizon.net
Wed Sep 16 02:09:02 UTC 2020
Hi
I have been experimenting with cobbling up some sort of non-root kmscon
alternate by combining wlroots based cage and vte, However Two problems
force me to run it as root.
(The first being the obvious escalation of /bin/login which might be
possible to do with systemd-run and pkexec and a custom policy)
The second being that for polkit to work in the session XDG_SEAT and
XDG_VTNR both need to be set. However if an existing session is using
that XDG_VTNR the polkit session fails to start
For example, under a terminal running under a graphical session run:
system-run --setenv=XDG_SEAT=$XDG_SEAT --setenv=XDG_VTNR=$XDG_VTNR -t -- login -p
then logging in with the prompt, and then trying `pkexec ls` access is
denied, because I guess that XDG_VTNR is already used.
adding
--setenv=XDG_VTNR=63
to `systemd-run` works, but not feasible as it doesn't work quite right
So could something like where if XDG_SESSION_CLASS="guest" the session
won't need a VTNr on seat0 be acceptable?
Although I guess these child sessions in theory, they won't be activateable,
as the session for the host display server will need to be active for the
host display server to actually work...
Thanks
More information about the systemd-devel
mailing list