tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-15 20:27:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/system
History
Grimmauld fb51cc802d
nixos/systemd: run0: enable setLoginUid, disable pamMount 
This brings our `run0` in line with the upstream defaults:
bcc73cafdb/src/run/systemd-run0.in

While working on `auditd`, i noticed differences in how `run0` behaves
in regard to `/proc/$pid/sessionid` and `/proc/$pid/loginuid`. Particularly,
both files were set to `4294967295`, the magic value denoting `unset`.

While the manual page says elevators such as sudo should not set the loginuid,
run0 is a bit of a special case: The unit spawned by it is not child of
the running user session, and as such there is no id to inherit.

`systemd` upstream uses `pam_loginuid`, and for consistency we should too.
Especially because it prevents a whole lot of pain when working with `auditd`.

As to pam mounts:
On nixos we enable those if they are globally enabled. Upstream does not.
Considering the password entered into polkit is usually not the user password
of the account which will own the unit, pam mount will fail for any partition
which requires a password. Thus it makes sense to also disable pam mounts
for our run0, it prevents unnecessary unexpected pain.
2025-07-25 23:49:59 +02:00
..
activation treewide: run nixfmt 1.0.0 2025-07-24 13:55:40 +02:00
boot nixos/systemd: run0: enable setLoginUid, disable pamMount 2025-07-25 23:49:59 +02:00
etc treewide: run nixfmt 1.0.0 2025-07-24 13:55:40 +02:00
service nixos/system/service: Use copy of escapeSystemdExecArgs 2025-07-20 03:02:03 +02:00
build.nix