Created attachment 58146 [details] [review] patch os/util.c has CheckUserAuthorization() to determine if the user's allowed to start X. The only implementation there currently uses PAM, which, in 99.9% of the cases where it's used, checks to see if the user is logged in locally. The attached patch allows this function to use libsystemd-login to see if the user's on an active seat. Briefly tested on a system where user A is logged in on a console: - root can still start X - user A can still start X (whether on that console, or logged in remotely) - user B logged in remotely can't start X CC'ing Lennart to make sure I'm not horribly misusing the API.
Note: if taken, would need the appropriate autoconf/automake bits added.
Looks OK, but two points: The Debian folks will not like you for this, since this will fail if they build systemd support in but don't run systemd. Might make sense to wrap this in a bit of "if (sd_booted() > 0) { ..." around it. I think it would make sense to allow startx only when invoked from a VT, not already when the user is logged in on one at all that isn't necessarily the one he is invoking startx from. (Especially since we now want to teach startx to take over the VT it has been started on). Hence I'd suggest: bool allow; if (sd_booted() > 0) { int r; allow = false; if (sd_session_get_seat(NULL, &seat) > 0) { if (strcmp(seat, "seat0") == 0) allow = true; free(seat); } } else allow = true;
Mass closure: This bug has been untouched for more than six years, and is not obviously still valid. Please file a new report if you continue to experience issues with a current server.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.