Bug#897654: libpam-systemd: "Failed to create session: No such process"

Thu, 03 May 2018 14:27:28 -0700 

Am 03.05.2018 um 23:12 schrieb Michael Gold:
> retitle 897654 libpam-systemd: hidepid causes "Failed to create session: No 
> such process"
> thanks
> 
> On Thu, May 03, 2018 at 22:53:34 +0200, Michael Biebl wrote:
>> On Thu, 3 May 2018 16:31:53 -0400 Michael Gold <mg...@qnx.com> wrote:
>>>     Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): 
>>> pam-systemd initializing
>>>     Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): 
>>> Asking logind to create session: uid=1000 pid=14767 service=lightdm 
>>> type=x11 class=user desktop=lightdm-xsession seat=seat0 vtnr=7 tty= 
>>> display=:0 remote=no remote_user= remote_host=
>>>     Apr 09 11:37:30 golbez lightdm[14767]: pam_systemd(lightdm:session): 
>>> Failed to create session: No such process
> ...
>> Are you using hidepid?
> 
> Yes, "proc /proc proc rw,relatime,gid=4,hidepid=2 0 0".  After running
> "mount /proc -o remount,hidepid=0" I logged in on a VT and saw a session
> in the list.
> 
> (I was wrong about this working on the other system.  I'm using the same
> mount options there and also have 0 sessions, at least over ssh.)
> 
> Thanks for the quick response.  Is this problem already tracked?  Any
> idea why it would happen, given that systemd-logind is running as root?

Well, logind is running as root, but the the service file is locked down
considerably:

CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL
CAP_CHOWN CAP_KILL CAP_DAC_REA
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module
@obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
LockPersonality=yes
IPAddressDeny=any
FileDescriptorStoreMax=512

You will probably have to tweak those settings yourself, if you want to
continue to use hidepid




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to