9a5e9a0
9a5e9a0db135b310857d8885bc286d1bc909a5d220fb5ee
a8eb473| Status | File | + | - |
|---|---|---|---|
| M |
gardmd/src/session.rs
|
11 | 3 |
gardmd/src/session.rsmodified@@ -176,7 +176,7 @@ impl UserSession { | ||
| 176 | 176 | gid, |
| 177 | 177 | &cmd_path, |
| 178 | 178 | &cmd_args, |
| 179 | - &env_vars, | |
| 179 | + env_vars, // Pass ownership, will be modified after PAM opens session | |
| 180 | 180 | is_wayland, |
| 181 | 181 | tty_fd, |
| 182 | 182 | vt, |
@@ -298,7 +298,7 @@ fn child_process_main( | ||
| 298 | 298 | gid: nix::unistd::Gid, |
| 299 | 299 | cmd_path: &str, |
| 300 | 300 | cmd_args: &[String], |
| 301 | - env_vars: &[CString], | |
| 301 | + mut env_vars: Vec<CString>, | |
| 302 | 302 | is_wayland: bool, |
| 303 | 303 | tty_fd: Option<RawFd>, |
| 304 | 304 | vt: u32, |
@@ -322,6 +322,14 @@ fn child_process_main( | ||
| 322 | 322 | std::process::exit(1); |
| 323 | 323 | } |
| 324 | 324 | |
| 325 | + // After pam_open_session(), pam_systemd sets XDG_SESSION_ID in the environment | |
| 326 | + // Read it and add to the environment we'll pass to the session | |
| 327 | + if let Ok(session_id) = std::env::var("XDG_SESSION_ID") { | |
| 328 | + if let Ok(cstr) = CString::new(format!("XDG_SESSION_ID={}", session_id)) { | |
| 329 | + env_vars.push(cstr); | |
| 330 | + } | |
| 331 | + } | |
| 332 | + | |
| 325 | 333 | // Initialize supplementary groups (must be done as root) |
| 326 | 334 | let username_cstr = match CString::new(username) { |
| 327 | 335 | Ok(c) => c, |
@@ -397,7 +405,7 @@ fn child_process_main( | ||
| 397 | 405 | } |
| 398 | 406 | |
| 399 | 407 | // execve replaces the process image |
| 400 | - match nix::unistd::execve(&cmd_cstr, &argv, env_vars) { | |
| 408 | + match nix::unistd::execve(&cmd_cstr, &argv, &env_vars) { | |
| 401 | 409 | Ok(_) => unreachable!(), // execve doesn't return on success |
| 402 | 410 | Err(e) => { |
| 403 | 411 | eprintln!("[SESSION] execve failed: {}", e); |