Re: Running pam-enabled /bin/login sessions in unprivileged terminal emulators

[Lennart Poettering <lennart@xxxxxxxxxxxxxx>]

On Do, 27.05.21 22:25, nerdopolis (bluescreen_avenger@xxxxxxxxxxx) wrote:

> I guess I meant to say getty, but getty ends up calling /bin/login anyway after
> resetting the terminal and reading /etc/issue anyway. Or at least I thought.
>
> Interesting I found some simple enough looking samples for granting users the
> ability to start one service. Dang, it might not work with Debian's
> fraken-polkit-0.105 they still have.
>
> I am able to tweak up a test copy of container-getty@.service,
> setting TERM to xterm-256color and doing the XDG_SEAT=seat-vtty workaround so
> the logged in session has PAM too, and nmtui doesn't do this
>     https://i.imgur.com/dt7xAMz.png
> so that works.
>
> Something like that is what I was originally looking for, so thanks!
> but I will admit, one thing I've come to like about the socat client/server
> hing is that if say cage or vte takes a segfault during say an apt-get install,
> the running command doesn't die...

The service that implements your terminal emulator could upload the
pty master fds to systemd via the fdstore logic. That way the master
will stay open across restart of that service or when it fails.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel