Make logind work in environments without CAP_SYS_ADMIN (mostly containers)

Patches backported from upstream 219. Thanks Christian Seiler for the backporting! Closes: #778608

Make logind work in environments without CAP_SYS_ADMIN (mostly containers)
Patches backported from upstream 219. Thanks Christian Seiler for the backporting! Closes: #778608
50446f97 · Martin Pitt · 3138dc8d · 50446f97 · 50446f97 · 50446f97
Commit 50446f97 authored Apr 08, 2015 by Martin Pitt
3 changed files
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ systemd (215-15) UNRELEASED; urgency=medium
  [ Martin Pitt ]
  * Fix getty restart loop when PTS device is gone. (Closes: #780711)
  * Run timesyncd in virtual machines. (Closes: #762343)
+  * Make logind work in environments without CAP_SYS_ADMIN (mostly
+    containers). Thanks Christian Seiler for the backporting!
+    (Closes: #778608)

 -- Martin Pitt <mpitt@debian.org>  Wed, 08 Apr 2015 10:53:38 +0200


--- a/debian/patches/logind-handle-runtime-dir-without-CAP_SYS_ADMIN.patch
+++ b/debian/patches/logind-handle-runtime-dir-without-CAP_SYS_ADMIN.patch
+From: Christian Seiler <christian@iwakd.de>
+Date: Wed, 8 Apr 2015 11:11:46 +0200
+Subject: logind: handle runtime dir without CAP_SYS_ADMIN
+
+In (e.g. LXC) containers without CAP_SYS_ADMIN, logind fails to mount
+a tmpfs over /run/user/$UID (lacking mount permissions).
+
+Now, logind will resort to chown+chmod of the directory instead. This
+allows logind to still work in those environments, although without
+the guarantees it provides (i.e. users not being able to DoS /run or
+other users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
+---
+ src/login/logind-user.c | 23 ++++++++++++++++++++---
+ 1 file changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/src/login/logind-user.c b/src/login/logind-user.c
+index fdbccb3..b5e58c1 100644
+--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
+@@ -332,8 +332,21 @@ static int user_mkdir_runtime_path(User *u) {
+ 
+                 r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t);
+                 if (r < 0) {
+-                        log_error("Failed to mount per-user tmpfs directory %s: %s", p, strerror(-r));
+-                        goto fail;
+                        r = -errno;
+                        if (r != -EPERM) {
+                                log_error("Failed to mount per-user tmpfs directory %s: %m", p);
+                                goto fail;
+                        }
+
+                        /* Lacking permissions, maybe
+                         * CAP_SYS_ADMIN-less container? In this case,
+                         * just use a normal director. */
+
+                        r = chmod_and_chown(p, 0700, u->uid, u->gid);
+                        if (r < 0) {
+                                log_error("Failed to change runtime directory ownership and mode: %s", strerror(-r));
+                                goto fail;
+                        }
+                 }
+         }
+ 
+@@ -341,7 +354,11 @@ static int user_mkdir_runtime_path(User *u) {
+         return 0;
+ 
+ fail:
+-        free(p);
+        if (p) {
+                /* Try to clean up, but ignore errors */
+                (void) rmdir(p);
+                free(p);
+        }
+         u->runtime_path = NULL;
+         return r;
+ }
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -146,6 +146,7 @@ list-add-macro-for-iterating-through-a-list-an-item-.patch
 core-if-two-start-jobs-for-the-same-swap-device-node.patch
 units-make-sure-container-getty-.service-stops-resta.patch
 timesyncd-enable-timesyncd-in-virtual-machines.patch
+logind-handle-runtime-dir-without-CAP_SYS_ADMIN.patch

 ## Debian specific patches:
 Add-back-support-for-Debian-specific-config-files.patch