Bug#989719: Backport commit 7820a56ccb ("logind: Restore chvt as non-root user without polkit") to bullseye
Punit Agrawal
punitagrawal at gmail.com
Fri Jun 11 11:14:54 BST 2021
Michael Biebl <biebl at debian.org> writes:
> Am 11.06.2021 um 11:58 schrieb Michael Biebl:
>> Am 11.06.2021 um 11:49 schrieb Punit Agrawal:
>>> Michael Biebl <biebl at debian.org> writes:
>>>
>>>> Am 11.06.2021 um 11:07 schrieb Michael Biebl:
>>>>> Am 11.06.2021 um 10:55 schrieb Punit Agrawal:
>>>>>> Package: systemd
>>>>>> Version: 247.3-5
>>>>>> Severity: important
>>>>>> X-Debbugs-Cc: punit1.agrawal at toshiba.co.jp
>>>>>>
>>>>>> systemd 245 introduced a bug[0][1] that prevents activating virtual
>>>>>> terminal without CAP_SYS_ADMIN when polkit is disabled (as is the case
>>>>>> on many embedded systems). One consequence of this is that it prevents
>>>>>> running weston from a service as a non-root user.
>>>>> But in Debian, PolicyKit support is enabled?
>>>>> Can you elaborate why this issue is relevant for Debian?
>>>>
>>>> To be more specific:
>>>> We never reach
>>>> https://github.com/systemd/systemd/blob/main/src/login/logind-polkit.c#L19
>>>> as this is a compile time switch and the "return 1" is only relevant
>>>> for distros which build systemd without PolicyKit support. But Debian
>>>> *does* build with PolicyKit support (i.e. ENABLE_POLKIT will be set).
>>>>
>>>> So, I don't see how this pull request makes any functional difference
>>>> for Debian.
>>>
>>> Without the commit, policykit-1 needs to be installed - as this would be
>>> the only reason
>> This is a compile time check though (the commit you linked).
>> I don't see how this is going to make a difference
>
> Is it correct that you didn't test the patch?
I've not tested systemd with the patch. Though I did carry out the below
sanity checks before filing the request.
After upgrading a test system (from buster), I noticed that weston
failed to launch on startup. After a lot of head scratching and looking
at upstream bug reports, I came across the linked thread - the symptoms
and work around (using root) matched the behaviour I was seeing.
Since then, I've also verified that installing policykit-1 brings back
the old behaviour, i.e., not requiring root.
More information about the Pkg-systemd-maintainers
mailing list