Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_elogind otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes #390.
int bus_set_address_user(sd_bus *b) {
const char *e;
+ uid_t uid;
+ int r;
assert(b);
if (e)
return sd_bus_set_address(b, e);
+ r = cg_pid_get_owner_uid(0, &uid);
+ if (r < 0)
+ uid = getuid();
+
e = secure_getenv("XDG_RUNTIME_DIR");
if (e) {
_cleanup_free_ char *ee = NULL;
if (!ee)
return -ENOMEM;
- (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, getuid(), ee);
+ (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, ee);
} else
- (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, getuid());
+ (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, uid);
if (!b->address)
return -ENOMEM;
~ianmdlvl / elogind.git / commitdiff