null sessions and seats are passed to JS rules in systemd user sessions
The session and seat considered by the JS backend are incorrect, due to the following series of events:
- The common code in the interactive backend asks the session monitor for the session ID
- The session monitor calls
sd_pid_get_session()
which is expected to fail in a systemd user session, and falls back tosd_uid_get_display()
- The session monitor determines that the session is local
- The interactive backend defers to the JS backend to determine whether the action is authorized, passing in the local=true flag (but it doesn't pass the session ID)
- The JS backend, when preparing the JS object, again calls
sd_pid_get_session()
which fails, but doesn't fall back to anything else - The session and seat that the JS rules see are
null
.
The JS backend should fall back to sd_uid_get_display()
if sd_pid_get_session()
fails, or even better the already-determined session and seat should be passed in to the JS backend in order to remove the duplicate code for determining the session and seat.