Package: libpam-systemd
Version: 232-25+deb9u1
Severity: normal

Various policykit actions that flag as for "active" or even "inactive", but
not "any", do not work from serial console sessions.  After much pain, I'm
fairly sure I've traced this down to libpam-systemd not marking serial
logins as part of a seat.  This causes policykit to decide that the session
is not local, and thus its activity state is irrelevant for the
allow_inactive / allow_active policykit grants.

This seems to boil down, finally, to the get_seat_from_display function in

Granted, serial console sessions are not _always_ local, given that I guess
modems still technically exist and you might have dialup sessions, but this
basically means that policykit is half-broken on headless systems, and that
breaks significant bits of systemd, such as systemd-inhibit, which is where
I began this adventure.

For headless systems, being able to identify serial consoles that _are_
local and thus should have a "seat" would be helpful.  The contents of
/etc/securetty seem like they would be a useful starting place here.

-- System Information:
Debian Release: 9.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'stable-debug'), 
(500, 'testing'), (490, 'unstable'), (1, 'experimental-debug'), (1, 
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-systemd depends on:
ii  dbus            1.10.24-0+deb9u1
ii  libc6           2.26-6
ii  libpam-runtime  1.1.8-3.6
ii  libpam0g        1.1.8-3.6
ii  libselinux1     2.6-3+b3
ii  systemd         232-25+deb9u1
ii  systemd-sysv    232-25+deb9u1

libpam-systemd recommends no packages.

libpam-systemd suggests no packages.

-- no debconf information

Reply via email to