From 24b1f6df99bcd58310b67a243b0ff6ef0fe4f8c7 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 22 Jun 2016 17:26:13 +0100
Subject: [PATCH] apparmor-session-lockdown: set XDG_RUNTIME_DIR to run user
 processes

We use systemd-run to schedule the pactl process to be run under
a vaguely realistic user-session. However, there's a chicken-and-egg
problem here: systemd-run uses either D-Bus or a private socket in
XDG_RUNTIME_DIR to communicate with systemd, and without setting some
environment variables we can't know either of those.

This is similar to the implementation of the same concept in
common/run-test-in-systemd. Unfortunately, the AppArmor tests
need to reinvent that bit, because they run as root (to be able to
manipulate AppArmor, which is a highly privileged action).

Bug-Apertis: https://phabricator.apertis.org/T1859

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3449
---
 apparmor/session-lockdown/no-deny | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/apparmor/session-lockdown/no-deny b/apparmor/session-lockdown/no-deny
index 5baa1ef..dc53b78 100755
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -20,6 +20,8 @@ import subprocess
 import sys
 
 ORDINARY_USER = 'user'
+ORDINARY_UID = subprocess.check_output(['id', '-u', ORDINARY_USER],
+        universal_newlines=True).strip()
 
 def stdmsg(*x):
     print(*x)
@@ -135,7 +137,18 @@ def before_reboot():
     open('/var/log/audit/audit.log', 'w').close()
 
 def after_reboot():
-    log_subprocess('sudo', '-u', ORDINARY_USER, 'systemd-run', '--user',
+    log_subprocess('sudo', '-u', ORDINARY_USER,
+            # We hard-code this to bootstrap the right environment for
+            # systemd-run to be able to talk to systemd --user, because
+            # sudo itself doesn't set up this variable via the PAM stack.
+            'env', 'XDG_RUNTIME_DIR=/run/user/{}'.format(ORDINARY_UID),
+
+            # Running under systemd-run means we pull in the rest of the
+            # environment under which a realistic user process would run,
+            # so pactl is running in a less precarious environment.
+            'systemd-run', '--user',
+
+            # We run this for its side-effect, namely starting pulseaudio.
             'pactl', 'stat')
     log_subprocess('aa-status')
 
-- 
GitLab