Bug#897654: libpam-systemd: "Failed to create session: No such process"
Michael Biebl
biebl at debian.org
Thu May 3 22:25:05 BST 2018
Am 03.05.2018 um 23:12 schrieb Michael Gold:
> retitle 897654 libpam-systemd: hidepid causes "Failed to create session: No such process"
> thanks
>
> On Thu, May 03, 2018 at 22:53:34 +0200, Michael Biebl wrote:
>> On Thu, 3 May 2018 16:31:53 -0400 Michael Gold <mgold at qnx.com> wrote:
>>> Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): pam-systemd initializing
>>> Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): Asking logind to create session: uid=1000 pid=14767 service=lightdm type=x11 class=user desktop=lightdm-xsession seat=seat0 vtnr=7 tty= display=:0 remote=no remote_user= remote_host=
>>> Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): Failed to create session: No such process
> ...
>> Are you using hidepid?
>
> Yes, "proc /proc proc rw,relatime,gid=4,hidepid=2 0 0". After running
> "mount /proc -o remount,hidepid=0" I logged in on a VT and saw a session
> in the list.
>
> (I was wrong about this working on the other system. I'm using the same
> mount options there and also have 0 sessions, at least over ssh.)
>
> Thanks for the quick response. Is this problem already tracked? Any
> idea why it would happen, given that systemd-logind is running as root?
Well, logind is running as root, but the the service file is locked down
considerably:
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL
CAP_CHOWN CAP_KILL CAP_DAC_REA
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module
@obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
LockPersonality=yes
IPAddressDeny=any
FileDescriptorStoreMax=512
You will probably have to tweak those settings yourself, if you want to
continue to use hidepid
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180503/62123330/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list