Nixpkgs: security.hideProcessInformation prevents systemctl reboot issued by a regular user from working

Created on 6 Dec 2016  路  5Comments  路  Source: NixOS/nixpkgs

Issue description

When security.hideProcessInformation = true, a regular user logged in locally (as the only seat) cannot run systemctl reboot, poweroff, suspend, halt, hibernate etc.

This ability is a convenience for desktop systemd users. E.g. this issue prevents GNOME鈥檚 power buttons (restart, power off, hibernate) from working.

Steps to reproduce

  1. Set security.hideProcessInformation = true.
  2. As a regular user logged in locally (i.e. not over SSH), run systemctl reboot (or just reboot, it鈥檚 the same).
  3. You鈥檒l get:
    Failed to set wall message, ignoring: Interactive authentication required. Failed to reboot system via logind: Interactive authentication required. Failed to start reboot.target: Interactive authentication required. See system logs and 'systemctl status reboot.target' for details.
  4. Without hideProcessInformation, the machine would reboot correctly.

Technical details

  • System: 16.09.1149.e360c72 (Flounder)
  • Nix version: nix-env (Nix) 1.11.4
  • Nixpkgs version: "16.09.1149.e360c72"
bug
Source
picture michalrus

All 5 comments

logind runs with root privileges. It has the information about all processes. It should not matter that a regular user that wants to reboot doesn鈥檛 have it all.

michalrus picture michalrus on 6 Dec 2016

Also related: with hideProcessInformation set, one cannot change screen brightness in GNOME:

Dec 06 17:35:32 nixos pkexec[2315]: mikolaj: Error executing command as another user: Not authorized [USER=root] [TTY=unknown] [CWD=/home/mikolaj] [COMMAND=/nix/store/llny1hmxjbjk3j24ws7bnkh4ghrw8qch-gnome-settings-daemon-3.20.1/libexec/gsd-backlight-helper --set-brightness 891]
Dec 06 17:35:32 nixos gnome-settings-daemon.desktop[1452]: Error executing command as another user: Not authorized
Dec 06 17:35:32 nixos gnome-settings-daemon.desktop[1452]: This incident has been reported.

Side note: with this option enabled, changing brightness and rebooting works fine in Xfce.

michalrus picture michalrus on 6 Dec 2016

I have a pending patch for some issues I had. I'll do some testing and push it if it turns out to resolve this problem as well.

joachifm picture joachifm on 6 Dec 2016
🎉1

I looked at the implementation of hidepid in the kernel. The logic does not take superuser into account; the task must be in the designated proc gid or have the sys_ptrace capability to access process information owned by other users. systemd-logind lacks that capability. (It would have worked out if we didn't use a designated proc group, it'd default to 0). The other problem you noted has to do with polkit arbitration, which is also broken.

joachifm picture joachifm on 7 Dec 2016
1

Awesome, thank you! :heart_eyes_cat:

michalrus picture michalrus on 11 Dec 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

langston-barrett picture langston-barrett  路  3Comments
spacekitteh picture spacekitteh  路  3Comments
grahamc picture grahamc  路  3Comments
chris-martin picture chris-martin  路  3Comments
yawnt picture yawnt  路  3Comments