[FreeBSD] User's login class ignored

[rhaberkorn]

Hello!
I am on FreeBSD 14. Ly version 0.6.0. I was configuring a special login class for my user. Login classes allow customizing resource limits on FreeBSD. An ordinary VT login respects my settings and sets the correct login class for the login shell. Ly does not unfortunately. It appears that login(1) is responsible on VTs for setting the user's login class.

I am happy to build and test and even create a pull request. Some pointers on where to start looking would be appreciated, though.

Best regards!

[rhaberkorn]

Looking through XDM, which does not suffer from this problem, I thought that a call to setlogin(2) might be necessary after setgid(). So I patched it into Ly. Didn't help, though.

Even if I find the solution, the question is whether this should be merged upstream. The current v0.6.0 FreeBSD port contains a bunch of OS-specific patches ontop of Ly. I don't know whether you intend to upstream all of this. Or whether everything BSD-specific should remain in the FreeBSD ports tree instead.

[rhaberkorn]

Yeah, it seems I am also supposed to call setusercontext() instead of setuid().

From XDM:

#ifndef HAVE_SETUSERCONTEXT
        if (setuid(verify->uid) < 0) {
            LogError ("setuid %d (user \"%s\") failed: %s\n",
                      verify->uid, name, _SysErrorMsg (errno));
            return (0);
        }
#else /* HAVE_SETUSERCONTEXT */
        /*
         * Set the user's credentials: uid, gid, groups,
         * environment variables, resource limits, and umask.
         */
        /* destroy user environment before calling setusercontext */
        environ = verify->userEnviron;
        pwd = getpwnam(name);
        if (pwd) {
            if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
                LogError ("setusercontext for \"%s\" failed: %s\n",
                          name, _SysErrorMsg (errno));
                return (0);
            }
            verify->userEnviron = environ;
            endpwent();
        } else {
            LogError ("getpwnam for \"%s\" failed: %s\n",
                      name, _SysErrorMsg (errno));
            return (0);
        }
#endif /* HAVE_SETUSERCONTEXT */

Will try this next.

[rhaberkorn]

Yes, this worked. So I do have a working patch!
I still need to know whether you would like to merge it or whether I should try to get it into the FreeBSD ports tree.
As I said earlier, Ly is currently practically not buildable from the Git repository without applying all the FreeBSD patches first.

Is there anybody feeling responsible for this repository at all?

[rhaberkorn]

I officially submitted my patch to the FreeBSD ports tree.