apparmor-session-lockdown: set XDG_RUNTIME_DIR to run user processes

We use systemd-run to schedule the pactl process to be run under a vaguely realistic user-session. However, there's a chicken-and-egg problem here: systemd-run uses either D-Bus or a private socket in XDG_RUNTIME_DIR to communicate with systemd, and without setting some environment variables we can't know either of those. This is similar to the implementation of the same concept in common/run-test-in-systemd. Unfortunately, the AppArmor tests need to reinvent that bit, because they run as root (to be able to manipulate AppArmor, which is a highly privileged action). Bug-Apertis: https://phabricator.apertis.org/T1859 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Differential Revision: https://phabricator.apertis.org/D3449

apparmor-session-lockdown: set XDG_RUNTIME_DIR to run user processes
We use systemd-run to schedule the pactl process to be run under a vaguely realistic user-session. However, there's a chicken-and-egg problem here: systemd-run uses either D-Bus or a private socket in XDG_RUNTIME_DIR to communicate with systemd, and without setting some environment variables we can't know either of those. This is similar to the implementation of the same concept in common/run-test-in-systemd. Unfortunately, the AppArmor tests need to reinvent that bit, because they run as root (to be able to manipulate AppArmor, which is a highly privileged action). Bug-Apertis: https://phabricator.apertis.org/T1859 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Differential Revision: https://phabricator.apertis.org/D3449
24b1f6df · Simon McVittie · c558a480 · 24b1f6df
Commit 24b1f6df authored 8 years ago by Simon McVittie
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -20,6 +20,8 @@ import subprocess
 import sys

 ORDINARY_USER = 'user'
+ORDINARY_UID = subprocess.check_output(['id', '-u', ORDINARY_USER],
+        universal_newlines=True).strip()

 def stdmsg(*x):
    print(*x)
@@ -135,7 +137,18 @@ def before_reboot():
    open('/var/log/audit/audit.log', 'w').close()

 def after_reboot():
-    log_subprocess('sudo', '-u', ORDINARY_USER, 'systemd-run', '--user',
+    log_subprocess('sudo', '-u', ORDINARY_USER,
+            # We hard-code this to bootstrap the right environment for
+            # systemd-run to be able to talk to systemd --user, because
+            # sudo itself doesn't set up this variable via the PAM stack.
+            'env', 'XDG_RUNTIME_DIR=/run/user/{}'.format(ORDINARY_UID),
+
+            # Running under systemd-run means we pull in the rest of the
+            # environment under which a realistic user process would run,
+            # so pactl is running in a less precarious environment.
+            'systemd-run', '--user',
+
+            # We run this for its side-effect, namely starting pulseaudio.
            'pactl', 'stat')
    log_subprocess('aa-status')