Systemd should be run under polkitd group by default #1051
Conversation
When user mount procfs with option hidepid=2, systemd-logind will fail to manage X session, with option gid=polkitd in /etc/fstab and Group=polkitd in systemd-logind.service, systemd should see session again
|
So, firstly we don#t support hidepid= with systemd, that cannot really work, not just for polkit, but also not for the journald, sd-bus and a lot of other things. Secondly, why don't you just use gid=0? |
|
I used it in archlinux, it works fine, if hidepid doesn't present, it works fine, journald and sd-bus work fine, I don't know any issue here, bro |
|
"fine" is in the eye of the bheolder. THe simple fact is that we need access to a lot of metadata from /proc for process we get logs from or communciate with. You cannot just take that away that easily. Most of our code is written defensively, and doesn't complain too loudly when it cannot get the bits it needs, but this will result in problems later on. In general, I think hidepid= could actually be useful, but not the way it is right now. For it to work it should be a true mount option, so that we can turn it on individually per service, by mounting a new instance of procfs into a private mount namespace for the service. But hidepid= is currently a global option, that only masks as a mount option, so this doesn't work. The key here really is that in systemd globally turning on hidepid= will break too much, and we will not support that as it is right now. Sorry. |
|
thank you, bro, I see this problem |
When user mount procfs with option hidepid=2, systemd-logind will fail to manage X session, with option gid=polkitd in /etc/fstab and Group=polkitd in systemd-logind.service, systemd should see session again