[pkg-fso-maint] Bug#785644: nodm: please call pam_close_session() with root privileges
Ryan Tandy
ryan at nardis.ca
Mon May 18 18:04:01 UTC 2015
Package: nodm
Version: 0.11-1.3
Severity: minor
Dear Maintainer,
When a nodm session ends, I see in /var/log/auth.log:
May 18 10:35:51 kiwi dbus[435]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.65" (uid=1000 pid=2641 comm="/usr/sbin/nodm ") interface="org.freedesktop.login1.Manager" member="ReleaseSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=2582 comm="/lib/systemd/systemd-logind ")
May 18 10:35:51 kiwi nodm[2641]: pam_systemd(nodm:session): Failed to release session: Access denied
May 18 10:35:51 kiwi nodm[2641]: pam_close_session: Cannot make/remove an entry for the specified session
Apparently pam_systemd wants pam_close_session() to be run as root, in
order to call privileged systemd-logind interfaces.
See #580434 for the same bug in su(1).
As the xsession-child code claims to be derived from su(1), the upstream
commits fixing #580434 may be relevant:
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3357
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3358
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3359
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3360
Setting severity to minor: the session is automatically cleaned up after
the session leader terminates, so for at least pam_systemd, this is
probably mostly cosmetic.
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the pkg-fso-maint
mailing list