Bug#1034717: systemd-run --machine unpriv-user@ results in access denied errors reported in journal
in.cognito35 at arcor.de
in.cognito35 at arcor.de
Sat Apr 22 14:57:30 BST 2023
Package: systemd
Version: 252.6-1
Severity: minor
X-Debbugs-Cc: in.cognito35 at arcor.de
Dear Maintainer,
this happens on an up-to-date Debian testing system.
* What led up to the situation?
Executing command:
sudo systemd-run --quiet --user --machine jschmidt@ --wait --pipe --collect id
* What was the outcome of this action?
Results in the expected output:
uid=1000(farblos) gid=1000(farblos) groups=...
But errors are logged in the journal:
Apr 22 15:39:06 frblpc1 sudo[13035]: farblos : TTY=pts/0 ; PWD=/home/farblos ; USER=root ; COMMAND=/usr/bin/systemd-run --quiet --user --machine farblos@ --wait --pipe --collect id
Apr 22 15:39:06 frblpc1 sudo[13035]: pam_unix(sudo:session): session opened for user root(uid=0) by farblos(uid=1000)
Apr 22 15:39:06 frblpc1 systemd[1]: Started run-u224.service - systemd-stdio-bridge -punix:path=${XDG_RUNTIME_DIR}/bus.
Apr 22 15:39:06 frblpc1 (o-bridge)[13039]: pam_unix(login:session): session opened for user farblos(uid=1000) by (uid=0)
Apr 22 15:39:06 frblpc1 systemd[1]: Started session-22.scope - Session 22 of User farblos.
Apr 22 15:39:06 frblpc1 systemd[1298]: Started run-u14.service - id.
Apr 22 15:39:06 frblpc1 systemd[1]: run-u224.service: Deactivated successfully.
Apr 22 15:39:06 frblpc1 sudo[13035]: pam_unix(sudo:session): session closed for user root
Apr 22 15:39:06 frblpc1 (sd-pam)[13040]: pam_unix(login:session): session closed for user farblos
Apr 22 15:39:06 frblpc1 dbus-daemon[943]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.226" (uid=1000 pid=13040 comm="(sd-pam)") interface="org.freedesktop.login1.Manager" member="ReleaseSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=957 comm="/lib/systemd/systemd-logind")
Apr 22 15:39:06 frblpc1 (sd-pam)[13040]: pam_systemd(login:session): Failed to release session: Access denied
Apr 22 15:39:06 frblpc1 systemd[1]: session-22.scope: Deactivated successfully.
* What outcome did you expect instead?
No frightening errors in the journal, in particular since they
suggest incomplete session cleanup.
-- Package-specific info:
-- System Information:
Debian Release: 12.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii libacl1 2.3.1-3
ii libaudit1 1:3.0.9-1
ii libblkid1 2.38.1-5+b1
ii libc6 2.36-9
ii libcap2 1:2.66-3
ii libcryptsetup12 2:2.6.1-3~deb12u1
ii libfdisk1 2.38.1-5+b1
ii libgcrypt20 1.10.1-3
ii libkmod2 30+20221128-1
ii liblz4-1 1.9.4-1
ii liblzma5 5.4.1-0.2
ii libmount1 2.38.1-5+b1
ii libp11-kit0 0.24.1-2
ii libseccomp2 2.5.4-1+b3
ii libselinux1 3.4-1+b5
ii libssl3 3.0.8-1
ii libsystemd-shared 252.6-1
ii libsystemd0 252.6-1
ii libzstd1 1.5.4+dfsg2-5
ii mount 2.38.1-5+b1
Versions of packages systemd recommends:
ii chrony [time-daemon] 4.3-2
ii dbus [default-dbus-system-bus] 1.14.6-1
Versions of packages systemd suggests:
ii libfido2-1 1.12.0-2+b1
pn libqrencode4 <none>
ii libtss2-esys-3.0.2-0 3.2.1-3
ii libtss2-mu0 3.2.1-3
pn libtss2-rc0 <none>
ii policykit-1 122-3
ii polkitd 122-3
pn systemd-boot <none>
ii systemd-container 252.6-1
pn systemd-homed <none>
pn systemd-resolved <none>
pn systemd-userdbd <none>
Versions of packages systemd is related to:
ii dbus-user-session 1.14.6-1
pn dracut <none>
ii initramfs-tools 0.142
pn libnss-systemd <none>
ii libpam-systemd 252.6-1
ii udev 252.6-1
-- Configuration Files:
/etc/systemd/logind.conf changed:
[Login]
HandleLidSwitch=ignore
HandleLidSwitchDocked=ignore
HandleLidSwitchExternalPower=ignore
HandlePowerKey=suspend
IdleAction=suspend
IdleActionSec=15min
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list