Bug#989719: Backport commit 7820a56ccb ("logind: Restore chvt as non-root user without polkit") to bullseye

Punit Agrawal punitagrawal at gmail.com
Fri Jun 11 10:49:28 BST 2021


Michael Biebl <biebl at debian.org> writes:

> Am 11.06.2021 um 11:07 schrieb Michael Biebl:
>> Am 11.06.2021 um 10:55 schrieb Punit Agrawal:
>>> Package: systemd
>>> Version: 247.3-5
>>> Severity: important
>>> X-Debbugs-Cc: punit1.agrawal at toshiba.co.jp
>>>
>>> systemd 245 introduced a bug[0][1] that prevents activating virtual
>>> terminal without CAP_SYS_ADMIN when polkit is disabled (as is the case
>>> on many embedded systems). One consequence of this is that it prevents
>>> running weston from a service as a non-root user.
>> But in Debian, PolicyKit support is enabled?
>> Can you elaborate why this issue is relevant for Debian?
>
> To be more specific:
> We never reach
> https://github.com/systemd/systemd/blob/main/src/login/logind-polkit.c#L19
> as this is a compile time switch and the "return 1" is only relevant
> for distros which build systemd without PolicyKit support. But Debian
> *does* build with PolicyKit support (i.e. ENABLE_POLKIT will be set).
>
> So, I don't see how this pull request makes any functional difference
> for Debian.

Without the commit, policykit-1 needs to be installed - as this would be
the only reason

Running a quick test, the additional dependencies add ~500kb - which is
less than what I was expecting going by the comments in the upstream
reports about policykit pulling in javascript engines, etc.

At this point, it would be good to have the backport to avoid the
regression going from buster to bullseye (once released) - but since we
have an acceptable work around it's not critical.

Thanks a lot for the quick response!



More information about the Pkg-systemd-maintainers mailing list