pidfd tracking breaks gnome authentication agent

[triallax]

Describe the bug
The pidfd tracking feature added in polkit 124 causes e.g. pkexec echo hi to show a terminal password prompt instead of the gnome password modal dialog that it would show on previous versions.

Commenting out this line to disable pidfd tracking fixes the issue and makes pkexec echo hi again show the gnome authentication dialog as it should:

polkit/meson.build

Line 226 in 82f0924

config_h.set('HAVE_PIDFD_OPEN', cc.get_define('SYS_pidfd_open', prefix: '#include <sys/syscall.h>') != '')

To Reproduce
Steps to reproduce the behavior:

1. Log in to GNOME with polkit 124 installed
2. Open a terminal
3. Run pkexec echo hi
4. Observe it showing a terminal password prompt

Expected behavior
pkexec should show the gnome authentication dialog, even with pidfd tracking on.

Screenshots

polkit 124:

previous polkit versions or polkit 124 with pidfd tracking disabled:

Desktop (please complete the following information):

• OS (including version): Chimera Linux
• Desktop Environment [Gnome, KDE, ...]: GNOME 46
• Version of polkit: 124

Additional context
Notably. enough, this issue seems to only be happening with gnome's polkit auth agent. I could not reproduce the issue while running KDE Plasma with its polkit agent, and even while running gnome, starting polkit-mate-authentication-agent-1 or polkit-kde-authentication-agent-1 manually and then running pkexec echo hi would show the respective authentication dialog as expected.

Also, here are the options we're passing to meson:

-Dsession_tracking=libelogind
-Dsystemdsystemunitdir=""
-Dpolkitd_user=_polkitd
-Djs_engine=duktape
-Dauthfw=pam
-Dpam_include=dummy
-Dos_type=redhat
-Dman=true
-Dintrospection=true
-Dtests=false
-Dgtk_doc=false

[bluca]

Please attach your meson output with that configuration

[triallax]

Apologies for the delay, here's the meson output (without the aforementioned patch):

The Meson build system
Version: 1.5.1
Source dir: /builddir/polkit-124
Build dir: /builddir/polkit-124/build
Build type: native build
Project name: polkit
Project version: 124
C compiler for the host machine: clang (clang 18.1.8 "clang version 18.1.8")
C linker for the host machine: clang ld.lld 18.1.8
Host machine cpu family: x86_64
Host machine cpu: x86_64
Checking for function "clearenv" : YES 
Checking for function "fdatasync" : YES 
Checking for function "setnetgrent" : NO 
meson.build:124: WARNING: Consider using the built-in option for language standard version instead of using "-std=c99".
Found pkg-config: YES (/usr/bin/pkg-config) 2.2.0
Run-time dependency gio-2.0 found: YES 2.80.4
Run-time dependency gio-unix-2.0 found: YES 2.80.4
Run-time dependency glib-2.0 found: YES 2.80.4
Run-time dependency gobject-2.0 found: YES 2.80.4
Run-time dependency expat found: YES 2.6.2
Has header "expat.h" with dependency expat: YES 
Checking for function "XML_ParserCreate" with dependency expat: YES 
Run-time dependency duktape found: YES 2.7.0
Library m found: YES
Run-time dependency threads found: YES
Checking for function "pthread_condattr_setclock" : YES 
Did not find CMake 'cmake'
Found CMake: NO
Run-time dependency dbus-1 found: NO (tried pkgconfig and cmake)
Has header "netgroup.h" : NO 
Run-time dependency libelogind found: YES 255
Checking for function "sd_uid_get_display" with dependency libelogind: YES 
Checking for function "sd_pidfd_get_session" with dependency libelogind: YES 
Fetching value of define "SYS_pidfd_open" : 434 
Library pam found: YES
Checking for function "pam_start" with dependency -lpam: YES 
Message: how to call pam_strerror: unknown
Run-time dependency gobject-introspection-1.0 found: YES 1.80.1
Program msgfmt found: YES (/usr/bin/msgfmt)
Configuring org.freedesktop.PolicyKit1.service using configuration
Configuring org.freedesktop.PolicyKit1.conf using configuration
Configuring polkit-1 using configuration
Compiler for C supports link arguments -Wl,--version-script,/builddir/polkit-124/src/symbol.map: YES 
Dependency glib-2.0 found: YES 2.80.4 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency glib-2.0 found: YES 2.80.4 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency gobject-introspection-1.0 found: YES 1.80.1 (cached)
Dependency gobject-introspection-1.0 found: YES 1.80.1 (cached)
Program /usr/bin/g-ir-scanner found: YES (/usr/bin/g-ir-scanner)
Dependency gobject-introspection-1.0 found: YES 1.80.1 (cached)
Program /usr/bin/g-ir-compiler found: YES (/usr/bin/g-ir-compiler)
Program perl found: YES (/usr/bin/perl)
Dependency glib-2.0 found: YES 2.80.4 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency glib-2.0 found: YES 2.80.4 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency glib-2.0 found: YES 2.80.4 (cached)
Program /usr/bin/glib-genmarshal found: YES (/usr/bin/glib-genmarshal)
Program xsltproc found: YES (/usr/bin/xsltproc)
Program msginit found: YES (/usr/bin/msginit)
Program msgmerge found: YES (/usr/bin/msgmerge)
Program xgettext found: YES (/usr/bin/xgettext)
Configuring config.h using configuration
Message: 
        polkit 124
        ============

        prefix:                   /usr
        datadir:                  share

        includedir:               include
        libdir:                   lib
        sysconfdir:               /etc
        source code location:     /builddir/polkit-124
        compiler:                 clang
        c_flags:                  

        xsltproc:                 /usr/bin/xsltproc
        introspection:            true
        Distribution/OS:          redhat
        Authentication framework: pam
        Session tracking:         libelogind
        systemdsystemunitdir:     
        polkitd user:             _polkitd 
        Javascript engine:        duktape
        PAM support:              true

        PAM file auth:            dummy
        PAM file acount:          dummy
        PAM file password:        dummy
        PAM file session:         dummy
        PAM config location:      /usr/lib/pam.d

        Building api docs:        false
        Building man pages:       true
        Building examples:        false
        Building tests:           false
Build targets in project: 51
NOTICE: Future-deprecated features used:
 * 0.55.0: {'ExternalProgram.path'}
 * 0.56.0: {'dependency.get_pkgconfig_variable'}
 * 0.62.0: {'pkgconfig.generate variable for builtin directories'}

polkit 124

  User defined options
    auto_features       : auto
    bindir              : /usr/bin
    buildtype           : plain
    datadir             : /usr/share
    default_library     : both
    includedir          : /usr/include
    infodir             : /usr/share/info
    libdir              : /usr/lib
    libexecdir          : /usr/libexec
    localstatedir       : /var
    mandir              : /usr/share/man
    prefix              : /usr
    sbindir             : /usr/bin
    sharedstatedir      : /var/lib
    sysconfdir          : /etc
    werror              : false
    wrap_mode           : nodownload
    python.bytecompile  : 0
    b_lto               : true
    b_lto_mode          : thin
    b_staticpic         : true
    authfw              : pam
    gtk_doc             : false
    introspection       : true
    js_engine           : duktape
    man                 : true
    os_type             : redhat
    pam_include         : dummy
    polkitd_user        : _polkitd
    session_tracking    : libelogind
    systemdsystemunitdir: 
    tests               : false

Found ninja-1.12.1 at /usr/bin/ninja

I neglected to mention the meson options that Chimera's packaging system implicitly passes, apologies for that as well.

[bluca]

Checking for function "sd_pidfd_get_session" with dependency libelogind: YES

You are using elogind, not systemd-logind, so this is a problem that you should report to that project, as pidfd-based tracking doesn't seem to work there. Can you try with logind instead?

[jrybar-rh]

Probable duplicate of #451 (will be investigated there), also inactive -> CLOSING