FS#57918 - [systemd] pam_systemd <-> dbus <-> systemd-logind problem: session mgmt broken in 238.0-3

Attached to Project: Arch Linux
Opened by Alex (thalunil) - Thursday, 22 March 2018, 18:46 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 01 May 2018, 16:50 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
With current systemd 238.0-3 i am experiencing difficulties with my login session.
pam_systemd is unable to talk to the systemd login manager (see log entry in auth.log)

Additional info:
* package version(s)
systemd 238.0-3
* when downgrading to previous systemd release there is no such problem, this means, the systemd-logind gets called by pam_systemd correctly and the following steps do not happen and work correctly. previous systemd release working is systemd-237.64-1

Steps to reproduce:
In /var/log/auth.log:
Mar 22 19:06:30 atreides lightdm: pam_unix(lightdm:session): session opened for user thalunil by (uid=0)
Mar 22 19:06:30 atreides lightdm: pam_systemd(lightdm:session): Failed to create session: No such process

$XDG_SESSION_ID isn't set
echo $XDG_SESSION_ID
<nothing>

command: loginctl
0 sessions listed.

No user specific tmpfs directories in /var/run present after login
This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 01 May 2018, 16:50 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Config issue
Comment by Christian Hesse (eworm) - Friday, 23 March 2018, 19:51 GMT
I can not reproduce and searching my log I did not suffer this.
Is this fixed with 238.51-1? Can anybody reproduce?
Comment by Daniel Holman (Skillet) - Monday, 26 March 2018, 13:51 GMT
Still not fixed with 238.51-1. Getting this with lightdm as well as logging in on a TTY.

Mar 23 08:17:55 Loki login[25998]: pam_systemd(login:session): Failed to create session: No such process

Environment vars not set for user session either.
Comment by Alex (thalunil) - Monday, 26 March 2018, 16:37 GMT
i wonder if there is somehow a system wrackage introduced somewhere...but i am unable to find it.
Skillet: downgrading also fixes you session-problem?
Comment by Daniel Holman (Skillet) - Tuesday, 27 March 2018, 21:25 GMT
Alex: downgrading to version 237.64-1 does indeed fix the session
Comment by Alex (thalunil) - Monday, 16 April 2018, 08:02 GMT
I encountered that supplying systemd-logind with the additional group "proc" solves this issue.
The background of this is the "hidepid" mount option of /proc i am utilizing.
I added this information to ArchWiki - https://wiki.archlinux.org/index.php/Security#hidepid

Example:
- /etc/fstab: proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=proc 0 0
- debug flag set in /etc/pam.d/system-login "-session optional pam_systemd.so debug""

System Log comparisions:

With systemd 237 (systemd-login is not in group proc) user sessions works fine:
-------------
Apr 16 07:49:30 archlinux sshd[307]: pam_systemd(sshd:session): pam-systemd initializing
Apr 16 07:49:30 archlinux sshd[307]: pam_systemd(sshd:session): Asking logind to create session: uid=1000 pid=307 service=sshd type=tty class=user desktop= seat= vtnr=0 tty= display= remote=yes remote_user= remote_host=10.0.2.2
Apr 16 07:49:30 archlinux systemd[1]: Created slice User Slice of vagrant.
Apr 16 07:49:30 archlinux systemd[1]: Starting User Manager for UID 1000...
Apr 16 07:49:30 archlinux systemd-logind[254]: New session c1 of user vagrant.
Apr 16 07:49:30 archlinux systemd[1]: Started Session c1 of user vagrant.
Apr 16 07:49:30 archlinux systemd[309]: pam_unix(systemd-user:session): session opened for user vagrant by (uid=0)
Apr 16 07:49:30 archlinux systemd[309]: pam_systemd(systemd-user:session): pam-systemd initializing
Apr 16 07:49:31 archlinux systemd[309]: Listening on GnuPG cryptographic agent and passphrase cache.
Apr 16 07:49:31 archlinux systemd[309]: Reached target Paths.
Apr 16 07:49:31 archlinux sshd[307]: pam_systemd(sshd:session): Reply from logind: id=c1 object_path=/org/freedesktop/login1/session/c1 runtime_path=/run/user/1000 session_fd=6 seat= vtnr=0 original_uid=1000
Apr 16 07:49:31 archlinux systemd[309]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Apr 16 07:49:31 archlinux systemd[309]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Apr 16 07:49:31 archlinux systemd[309]: Listening on GnuPG network certificate management daemon.
Apr 16 07:49:31 archlinux systemd[309]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Apr 16 07:49:31 archlinux systemd[309]: Reached target Timers.
Apr 16 07:49:31 archlinux systemd[309]: Starting D-Bus User Message Bus Socket.
Apr 16 07:49:31 archlinux systemd[309]: Listening on D-Bus User Message Bus Socket.
Apr 16 07:49:31 archlinux systemd[309]: Reached target Sockets.
Apr 16 07:49:31 archlinux systemd[309]: Reached target Basic System.
Apr 16 07:49:31 archlinux systemd[309]: Reached target Default.
Apr 16 07:49:31 archlinux systemd[309]: Startup finished in 39ms.
Apr 16 07:49:31 archlinux systemd[1]: Started User Manager for UID 1000.

With systemd 238 (systemd-login is not in group proc) user sessions is broken:
-------------
Apr 16 07:12:39 archlinux sshd[430]: pam_systemd(sshd:session): pam-systemd initializing
Apr 16 07:12:39 archlinux sshd[430]: pam_systemd(sshd:session): Asking logind to create session: uid=1000 pid=430 service=sshd ...
Apr 16 07:12:39 archlinux sshd[430]: pam_systemd(sshd:session): Failed to create session: No such process

After supplying systemd-login with the supplementary group proc systemd 238 user session is working again with following log:
-------------
Apr 16 07:55:39 archlinux sshd[298]: pam_systemd(sshd:session): pam-systemd initializing
Apr 16 07:55:39 archlinux sshd[298]: pam_systemd(sshd:session): Asking logind to create session: uid=1000 pid=298 service=sshd type=tty class=user desktop= seat= vtnr=0 tty= display= remote=yes remote_user= remote_host=10.0.2.2
Apr 16 07:55:39 archlinux systemd[1]: Created slice User Slice of vagrant.
Apr 16 07:55:39 archlinux systemd[1]: Starting User Manager for UID 1000...
Apr 16 07:55:39 archlinux systemd-logind[275]: New session c1 of user vagrant.
Apr 16 07:55:39 archlinux systemd[1]: Started Session c1 of user vagrant.
Apr 16 07:55:39 archlinux systemd[300]: pam_unix(systemd-user:session): session opened for user vagrant by (uid=0)
Apr 16 07:55:39 archlinux systemd[300]: pam_systemd(systemd-user:session): pam-systemd initializing
Apr 16 07:55:39 archlinux systemd[300]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Apr 16 07:55:39 archlinux systemd[300]: Reached target Paths.
Apr 16 07:55:39 archlinux sshd[298]: pam_systemd(sshd:session): Reply from logind: id=c1 object_path=/org/freedesktop/login1/session/c1 runtime_path=/run/user/1000 session_fd=7 seat= vtnr=0 original_uid=1000
Apr 16 07:55:39 archlinux systemd[300]: Reached target Timers.
Apr 16 07:55:39 archlinux systemd[300]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Apr 16 07:55:39 archlinux systemd[300]: Listening on GnuPG network certificate management daemon.
Apr 16 07:55:39 archlinux systemd[300]: Starting D-Bus User Message Bus Socket.
Apr 16 07:55:39 archlinux systemd[300]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Apr 16 07:55:39 archlinux systemd[300]: Listening on GnuPG cryptographic agent and passphrase cache.
Apr 16 07:55:39 archlinux systemd[300]: Listening on D-Bus User Message Bus Socket.
Apr 16 07:55:39 archlinux systemd[300]: Reached target Sockets.
Apr 16 07:55:39 archlinux systemd[300]: Reached target Basic System.
Apr 16 07:55:39 archlinux systemd[300]: Reached target Default.
Apr 16 07:55:39 archlinux systemd[300]: Startup finished in 38ms.
Apr 16 07:55:39 archlinux systemd[1]: Started User Manager for UID 1000.

This issue seems resolved to me.
Skillet: can you confirm?

Loading...