Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PIDFID breaks pkexec with ConsoleKit session tracking #451

Open
0strodamus opened this issue May 13, 2024 · 4 comments
Open

PIDFID breaks pkexec with ConsoleKit session tracking #451

0strodamus opened this issue May 13, 2024 · 4 comments
Assignees
Labels
bug Something isn't working

Comments

@0strodamus
Copy link

Compiling polkit 124 with ConsoleKit 1.26 and polkit option session_tracking=ConsoleKit breaks launching any application with pkexec.
The following error is generated on the command line:

Error checking for authorization org.freedesktop.policykit.exec: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Process not found.

Reverting the PIDFID commits starting with polkitd: use PIDFDs if available to track processes and related subsequent commits fixes the issue.

Also commenting or removing the HAVE_PIDFD_OPEN line from meson.build will fix the issue.

Does this functionality require elogind or systemd? Can an option be added to meson_options.txt to toggle HAVE_PIDFD_OPEN off for systems that it isn't going to work on?

@jrybar-rh jrybar-rh added the bug Something isn't working label Jul 3, 2024
@bluca
Copy link
Member

bluca commented Jul 18, 2024

As you can see from the linked commit, there is already a build time check for the sd_pidfd_get_session function, and a fallback is used if not available, which would be your case. So the issue is somewhere else, and you'll need to debug further and find out what exactly is failing and where, as this is not really actionable as it is.

@0strodamus
Copy link
Author

Thanks for the reply.

I'm not a developer, so maybe I'm missing the fallback you're referring to. I see an if/else statement in the linked commit where sd_pid_get_session appears to be the fallback to sd_pidfd_get_session, however they're wrapped in a HAVE_LIBSYSTEMD ifdef/endif so this whole section of code should not be included when I compile because my system does not have systemd or elogind installed. I'm using ConsoleKit 1.26 with OpenRC/sysV init.

I have spent a lot of time looking over the code and I don't know how to debug this any further. I'm content to keep hacking meson.build, although looking at the commits made to polkit-125, I may stay on 123 and backport any future changes that aren't targeting systems with elogind/systemd.

If this is still not actionable, please close my issue report. Thanks again for taking the time to reply and all the best to you and the polkit project.

@thesamesam
Copy link
Contributor

thesamesam commented Oct 5, 2024

We had a report of something similar with elogind in Gentoo (https://bugs.gentoo.org/934314), bisecting to the same commit, but I haven't dug into it more (yet). Interestingly, https://923614.bugs.gentoo.org/attachment.cgi?id=901896 didn't work even just as an experiment, which kind of mirrors #451 (comment).

@RomainNaour
Copy link

Hello,

We also noticed this regression with PIDFD using SYSV init.

The issue is reproduced with polkit 124 and 125 (and master)

https://gitlab.com/buildroot.org/buildroot/-/jobs/8199992596

gentoo-bot pushed a commit to gentoo/gentoo that referenced this issue Nov 10, 2024
>=polkit-124 breaks suspend on elogind systems and I haven't been able
to get to the bottom of it, so mask for now.

Bug: polkit-org/polkit#451
Bug: https://bugs.gentoo.org/923614
Bug: https://bugs.gentoo.org/934314
Signed-off-by: Sam James <[email protected]>
PPN-SD pushed a commit to PPN-SD/gentoo that referenced this issue Nov 14, 2024
>=polkit-124 breaks suspend on elogind systems and I haven't been able
to get to the bottom of it, so mask for now.

Bug: polkit-org/polkit#451
Bug: https://bugs.gentoo.org/923614
Bug: https://bugs.gentoo.org/934314
Signed-off-by: Sam James <[email protected]>
arnout pushed a commit to buildroot/buildroot that referenced this issue Dec 4, 2024
Since the Polkit version bump 125, TestPolkitInitd fail due to an
upstream issue related to the new PIDFD support introduced in
Polkit 124 [1].

The PIDFD issue only affect OS without systemd.

Only enable PIDFD support when systemd is available until
upstream fix the issue.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/8199992596

[1] polkit-org/polkit#451

Signed-off-by: Romain Naour <[email protected]>
Signed-off-by: Arnout Vandecappelle <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

6 participants