On Thu, 09.01.14 09:56, Yin Kangkai ([email protected]) wrote: > Hi, > > I am bringing up systemd user session in Tizen, I am using v208. > > We run into a small issue that if a user session service file claims > TTY, systemd user session will fail to chown_terminal() for it: > > "Failed at step STDIN spawning /usr/bin/xorg-launch-helper: Permission > denied" > > My testing service file has something like this: > > [Service] > StandardInput=tty > TTYPath=/dev/tty1 > ExecStart=/usr/bin/xxx > > > I tried to look into the code... The failure seems happen after > "systemd --user" forked and about the exec into the new process, in > execute.c:exec_spawn(), when calling chown_terminal(). > > So my question is: > > * does systemd depend on other (e.g. udev) to set the /dev/tty1 > permission beforehand? Or > > * should we do the chown_terminal() stuff in PAM/pam_systemd after we > got the PAM_TTY? since otherwise it's too late to do it in > exec_spawn(), it's already running as normal "user", you can't > chown /dev/tty1 etc. > > Please help me to understand this, and anything I am missing. Thanks.
The chown_terminal() call is invoked at point in time where privileges have not been dropped yet for the process that is being forked off. This means that there isn't actually relly any excuse for ths to fail with EPERM, since we are still root. Is it possible that this issue is reated to SMACK or so? I.e. some SMACK policy forbidding this chowning for the forked off process? Otherwise I have no idea really how this could ever fail with EPERM... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
