Overview

File 9001-core-allow-to-use-PIDFile-in-system-session-services.patch of Package systemd

From 25ab32bde5f6ada7f45d32917b7ce672addc4e73 Mon Sep 17 00:00:00 2001
From: Louis-Baptiste Sobolewski <lb.sobolewski@protonmail.com>
Date: Sat, 20 Dec 2025 17:45:21 +0100
Subject: [PATCH] core: allow to use PIDFile= in system session services with
 User= set to non-root

---
 src/core/service.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/core/service.c b/src/core/service.c
index 92d2f3d77c..9faed57e3a 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -50,6 +50,7 @@
 #include "transaction.h"
 #include "unit-name.h"
 #include "unit.h"
+#include "user-util.h"
 #include "utf8.h"
 
 #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__)
@@ -1215,10 +1216,19 @@ static int service_load_pid_file(Service *s, bool may_warn) {
                 if (fstat(fileno(f), &st) < 0)
                         return log_unit_error_errno(UNIT(s), errno, "Failed to fstat() PID file '%s': %m", s->pid_file);
 
-                if (st.st_uid != getuid())
-                        return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
-                                                    "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
-                                                    pidref.pid, st.st_uid, getuid());
+                if (st.st_uid != getuid()) {
+                        /* In system units with User= the UID of the processes is not getuid() */
+                        uid_t uid;
+                        r = get_user_creds((const char **)&(s->exec_context.user), &uid, NULL, NULL, NULL, 0);
+                        if (r < 0)
+                                return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+                                                            "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
+                                                            pidref.pid, st.st_uid, getuid());
+                        else if (st.st_uid != uid)
+                                return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+                                                            "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT" or "UID_FMT"). Refusing.",
+                                                            pidref.pid, st.st_uid, getuid(), uid);
+                }
 
                 log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by "UID_FMT".",
                                pidref.pid, st.st_uid);
-- 
2.52.0
openSUSE Build Service is sponsored by
Places