[Pkg-utopia-maintainers] Bug#1076728: elogind: privileged operation with polkit fails
Mark Hindley
mark at hindley.org.uk
Thu Dec 19 09:53:47 GMT 2024
On Wed, Dec 18, 2024 at 07:01:35PM +0000, Mark Hindley wrote:
> Maybe. I am at (or probably beyond) my area of expertise. At the moment I am
> unsure if elogind ought to be using its own cgroups namespace or if docker.io is
> behaving badly here. Time for some reading....
My reading of systemd's cg_pid_get_owner_uid() is that it calls
cg_pid_get_path_shifted() with root=NULL and hardcodes
SYSTEMD_CGROUP_CONTROLLER, so consulting alternative namespaces are not
possible. Therefore, for elogind to use libsystemd0 compatible cgroups,
/sys/fs/cgroup/user.slice is the only possible option. But I am happy to be
corrected here if I have misread the code.
Looking at docker.io's initscript, it checks if /sys/fs/cgroup is a mount point
before mounting cgroups there. So, adding elogind to LSB header 'Should-Start'
ought to ensure elogind is started first to mount /sys/fs/cgroup. Does that
work? Does it break docker?
Mark
More information about the Pkg-utopia-maintainers
mailing list