Skip to content

logind: save seat before applying acl#36408

Merged
poettering merged 1 commit intosystemd:mainfrom
wxphaha:fix-acl
Feb 19, 2025
Merged

logind: save seat before applying acl#36408
poettering merged 1 commit intosystemd:mainfrom
wxphaha:fix-acl

Conversation

@wxphaha
Copy link

@wxphaha wxphaha commented Feb 17, 2025

udev will trigger the uaccess program in 73-seat-late.rules, which may modify the device's acl permissions. In some cases, udev triggers the uaccess program when logind is started and active is being set. At this time, 1) logind sets the user's acl permissions, 2) uaccess obtains active and sets acl permissions; 3) logind updates seat's stat_file and writes active. This situation will cause the device to not have the correct acl permissions, resulting in abnormal situations such as a black screen. Therefore, it is necessary to write active to seat's stat file before setting acl.

logind: save seat before applying acl
fc27964 
udev will trigger the uaccess program in 73-seat-late.rules, which
may modify the device's acl permissions. In some cases, udev triggers
the uaccess program when logind is started and active is being set.
At this time, 1) logind sets the user's acl permissions, 2) uaccess
obtains active and sets acl permissions; 3) logind updates seat's
stat_file and writes active. This situation will cause the device to
not have the correct acl permissions, resulting in abnormal situations
such as a black screen. Therefore, it is necessary to write active to
seat's stat file before setting acl.
@github-actions github-actions bot added login please-review PR is ready for (re-)review by a maintainer labels Feb 17, 2025
@yuwata
Copy link
Member

yuwata commented Feb 17, 2025

Uh, oh, not followed in detail, but may be related to #24026, #28512, and/or #23547 ?

@yuwata yuwata added this to the v258 milestone Feb 17, 2025
@poettering poettering merged commit df1ff1c into systemd:main Feb 19, 2025
45 of 47 checks passed
@github-actions github-actions bot removed the please-review PR is ready for (re-)review by a maintainer label Feb 19, 2025
yuwata
yuwata reviewed Feb 19, 2025
View reviewed changes
Copy link
Member

@yuwata yuwata left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, this reduces the chance of the mentioned issue. But, there is still a race:

  • udevd's uaccess module reads the seat file, and get an old uid,
  • logind updates seat file, and applies new acl,
  • udevd applies acl based on the old uid.

@yuwata
Copy link
Member

yuwata commented Feb 19, 2025

-> #36444

@yuwata yuwata mentioned this pull request Feb 19, 2025
Merged
poettering added a commit that referenced this pull request May 14, 2025
@poettering
avoid race between systemd-logind and systemd-udevd in setting ACLs (#…
798d140 
…36444)

Follow-up for #36408.
Hopefully fixes #24026, #28512, and/or #23547.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yuwata yuwata yuwata left review comments

Assignees

No one assigned

Labels

login

Milestone

v258

Development

Successfully merging this pull request may close these issues.

3 participants

@wxphaha @yuwata @poettering