On 2014-01-10, 06:27 +0100, Lennart Poettering wrote: > On Thu, 09.01.14 09:56, Yin Kangkai ([email protected]) wrote: > > > Hi, > > > > I am bringing up systemd user session in Tizen, I am using v208. > > > > We run into a small issue that if a user session service file claims > > TTY, systemd user session will fail to chown_terminal() for it: > > > > "Failed at step STDIN spawning /usr/bin/xorg-launch-helper: Permission > > denied" > > > > My testing service file has something like this: > > > > [Service] > > StandardInput=tty > > TTYPath=/dev/tty1 > > ExecStart=/usr/bin/xxx > > > > > > I tried to look into the code... The failure seems happen after > > "systemd --user" forked and about the exec into the new process, in > > execute.c:exec_spawn(), when calling chown_terminal(). > > > > So my question is: > > > > * does systemd depend on other (e.g. udev) to set the /dev/tty1 > > permission beforehand? Or > > > > * should we do the chown_terminal() stuff in PAM/pam_systemd after we > > got the PAM_TTY? since otherwise it's too late to do it in > > exec_spawn(), it's already running as normal "user", you can't > > chown /dev/tty1 etc. > > > > Please help me to understand this, and anything I am missing. Thanks. > > The chown_terminal() call is invoked at point in time where privileges > have not been dropped yet for the process that is being forked off. This > means that there isn't actually relly any excuse for ths to fail with > EPERM, since we are still root.
No? It is already in user session, systemd is not root here any more right? Do I miss anything? > Is it possible that this issue is reated to SMACK or so? I.e. some SMACK > policy forbidding this chowning for the forked off process? Otherwise I > have no idea really how this could ever fail with EPERM... _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
