Skip to content
  • Ray Strode's avatar
    util: Drop spawn_with_login_uid function · aef0cf13
    Ray Strode authored
    accountsservice will try to run commands under the loginuid of the
    caller that initiates a command. This gives a better trail in the
    audit log of who is doing what.
    Many systems now use CONFIG_AUDIT_LOGINUID_IMMUTABLE, though, making
    loginuid spoofing not even possible.
    Furthermore, some versions of systemd seem to be failing to handle
    putting /proc/self/loginuid in the ReadWritePaths list failing
    with an error:
      Failed to mount /run/systemd/unit-root/proc/844/loginuid to /run/systemd/unit-root/proc/844/loginuid: Permission denied
      accounts-daemon.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/844/loginuid: Permission denied
      accounts-daemon.service: Failed at step NAMESPACE spawning /usr/libexec/accounts-daemon: Permission denied
    This commit drops all mentions of loginuid to workaround that error.
    Closes: #102