[Pkg-utopia-maintainers] Bug#1076728: elogind: privileged operation with polkit fails

Andrew Bower andrew at bower.uk
Wed Dec 18 18:29:32 GMT 2024 

Control: tags 1076728 - moreinfo unreproducible

Hi Mark,

On Wed, Dec 18, 2024 at 10:10:03AM +0000, Mark Hindley wrote:
> Can you please check the runtime data?
> 
> How is /sys/fs/cgroup mounted?

Differently from yours...

$ mount|grep cgroup
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755,inode64)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/elogind type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/libexec/elogind-cgroups-agent,name=elogind)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,relatime,rdma)
cgroup on /sys/fs/cgroup/misc type cgroup (rw,relatime,misc)

These mounts are set up by the docker initscript. Disabling the docker
initscript and rebooting results in full functionality: shutdown
buttons, CUPS admin, smartcard access, GUI prompt for pkexec id.

In this case the only difference with the diagnostic output is I have
more content under the scope directory under sysfs.

So a good find with that diagnostic request, thank you Mark!

I think we can therefore move this bug to docker.io?

For completeness, here is the rest of the diagnostic output in the
failing situation:

$ loginctl
SESSION  UID USER    SEAT  TTY STATE   IDLE SINCE
      1 1000 andy    seat0 -   active  no   -    
     c1  108 lightdm seat0 -   closing no   -    

2 sessions listed.
$ cat /run/systemd/sessions/1
# This is private data. Do not parse.
UID=1000
USER=andy
ACTIVE=1
IS_DISPLAY=1
STATE=active
REMOTE=0
TYPE=x11
ORIGINAL_TYPE=x11
CLASS=user
FIFO=/run/systemd/sessions/1.ref
SEAT=seat0
DISPLAY=:0
SERVICE=lightdm
DESKTOP=lightdm-xsession
VTNR=7
LEADER=3085
AUDIT=1
REALTIME=1734543482585228
MONOTONIC=24608270
$ echo $DISPLAY
:0.0
$ cat /proc/3085/cgroup
13:misc:/
12:rdma:/
11:pids:/
10:hugetlb:/
9:net_prio:/
8:perf_event:/
7:net_cls:/
6:freezer:/
5:devices:/
4:name=elogind:/user.slice/user-1000.slice/session-1.scope

And the relevant location is:

/sys/fs/cgroup/elogind/user.slice/user-108.slice/session-c1.scope

More information about the Pkg-utopia-maintainers mailing list