Michael Biebl <bi...@debian.org> writes: > Am 11.06.2021 um 11:07 schrieb Michael Biebl: >> Am 11.06.2021 um 10:55 schrieb Punit Agrawal: >>> Package: systemd >>> Version: 247.3-5 >>> Severity: important >>> X-Debbugs-Cc: punit1.agra...@toshiba.co.jp >>> >>> systemd 245 introduced a bug[0][1] that prevents activating virtual >>> terminal without CAP_SYS_ADMIN when polkit is disabled (as is the case >>> on many embedded systems). One consequence of this is that it prevents >>> running weston from a service as a non-root user. >> But in Debian, PolicyKit support is enabled? >> Can you elaborate why this issue is relevant for Debian? > > To be more specific: > We never reach > https://github.com/systemd/systemd/blob/main/src/login/logind-polkit.c#L19 > as this is a compile time switch and the "return 1" is only relevant > for distros which build systemd without PolicyKit support. But Debian > *does* build with PolicyKit support (i.e. ENABLE_POLKIT will be set). > > So, I don't see how this pull request makes any functional difference > for Debian.
Without the commit, policykit-1 needs to be installed - as this would be the only reason Running a quick test, the additional dependencies add ~500kb - which is less than what I was expecting going by the comments in the upstream reports about policykit pulling in javascript engines, etc. At this point, it would be good to have the backport to avoid the regression going from buster to bullseye (once released) - but since we have an acceptable work around it's not critical. Thanks a lot for the quick response!
