From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 25 Nov 2025 17:42:11 +0000 (+0100)
Subject: run: merge privileged_execution() into become_root()
X-Git-Tag: v259-rc2~7^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ef2002a966577b5b634130b052d076ebe5e0300;p=thirdparty%2Fsystemd.git

run: merge privileged_execution() into become_root()

This got split in 5cabeed80b30972babc7a082ca794c6b197e72ab
to accommodate --empower, and later --empower received
dedicated handling again (c36942916b7409109687d693c04b039def9c5b79).
I think the new naming makes more sense - --empower is privileged
after all, just with uid left unchanged. Hence merge
privileged_execution back into it.
---

diff --git a/src/run/run.c b/src/run/run.c
index b0cb2e52798..232ac58e9c2 100644
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -264,14 +264,15 @@ static int help_sudo_mode(void) {
 }
 
 static bool become_root(void) {
-        return !arg_exec_user || STR_IN_SET(arg_exec_user, "root", "0");
-}
-
-static bool privileged_execution(void) {
         if (arg_runtime_scope != RUNTIME_SCOPE_SYSTEM)
                 return false;
 
-        return become_root();
+        if (!arg_exec_user) {
+                assert(!arg_empower); /* assume default user has been set */
+                return true;
+        }
+
+        return STR_IN_SET(arg_exec_user, "root", "0");
 }
 
 static int add_timer_property(const char *name, const char *val) {
@@ -885,7 +886,7 @@ static int parse_argv(int argc, char *argv[]) {
 }
 
 static double shell_prompt_hue(void) {
-        if (privileged_execution())
+        if (become_root())
                 return 0; /* red */
 
         if (arg_empower)
@@ -895,7 +896,7 @@ static double shell_prompt_hue(void) {
 }
 
 static Glyph shell_prompt_glyph(void) {
-        if (privileged_execution())
+        if (become_root())
                 return GLYPH_SUPERHERO;
 
         if (arg_empower)
@@ -905,7 +906,7 @@ static Glyph shell_prompt_glyph(void) {
 }
 
 static Glyph pty_window_glyph(void) {
-        if (privileged_execution())
+        if (become_root())
                 return GLYPH_RED_CIRCLE;
 
         if (arg_empower)
@@ -1295,10 +1296,10 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
                  * default. Note that pam_logind/systemd-logind doesn't distinguish between run0-style privilege
                  * escalation on a TTY and first class (getty-style) TTY logins (and thus gives root a per-session
                  * manager for interactive TTY sessions), hence let's override the logic explicitly here. We only do
-                 * this for root though, under the assumption that if a regular user temporarily transitions into
-                 * another regular user it's a better default that the full user environment is uniformly
-                 * available. */
-                if (arg_lightweight < 0 && (privileged_execution() || arg_empower))
+                 * this for root or --empower though, under the assumption that if a regular user temporarily
+                 * transitions into another regular user it's a better default that the full user environment is
+                 * uniformly available. */
+                if (arg_lightweight < 0 && (become_root() || arg_empower))
                         arg_lightweight = true;
 
                 if (arg_lightweight >= 0) {