systemd: don't try to run as user manager when called without any arguments

It's better for users if programs don't do "significant" things too easily, and
should be especially conservative when called without any arguments whatsoever.
So far systemd would would try to launch itself as a user manager and fail on
some cgroup permission stuff. systemd --user is run execlusively from user@.service
and there we call it with --user. Calls to the binary without any arguments as
non-pid1 are almost always a mistake.

https://github.com/systemd/systemd/issues/18419#issuecomment-779422571

diff --git a/src/core/main.c b/src/core/main.c
index 8c7bcc2d3d98c9ece854d224b5607ae42acef4c9..690bc53d853fe12f7895a2cb66b87e7050625956 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -821,6 +821,7 @@ static int parse_argv(int argc, char *argv[]) {
         };
 
         int c, r;
+        bool user_arg_seen = false;
 
         assert(argc >= 1);
         assert(argv);
@@ -910,6 +911,7 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case ARG_USER:
                         arg_system = false;
+                        user_arg_seen = true;
                         break;
 
                 case ARG_TEST:
@@ -1066,10 +1068,12 @@ static int parse_argv(int argc, char *argv[]) {
                 }
 
         if (optind < argc && getpid_cached() != 1)
-                /* Hmm, when we aren't run as init system
-                 * let's complain about excess arguments */
+                /* Hmm, when we aren't run as init system let's complain about excess arguments */
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Excess arguments.");
+
+        if (arg_action == ACTION_RUN && !arg_system && !user_arg_seen)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Excess arguments.");
+                                       "Explicit --user argument required to run as user manager.");
 
         return 0;
 }