From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 8 May 2023 09:03:32 +0000 (+0200)
Subject: sulogin: Read SYSTEMD_SULOGIN_FORCE from kernel cmdline
X-Git-Tag: v254-rc1~490
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fecbce1fc654076a2fc0922e6d36e5300ea04cdf;p=thirdparty%2Fsystemd.git

sulogin: Read SYSTEMD_SULOGIN_FORCE from kernel cmdline

This allows setting it on the kernel cmdline and having it work
automatically without having to write any dropins or such.

Also enable the option in mkosi so that we can debug the initrd
properly with a locked root account.
---

diff --git a/mkosi.conf.d/10-systemd.conf b/mkosi.conf.d/10-systemd.conf
index a19d464a09a..d82a59dd036 100644
--- a/mkosi.conf.d/10-systemd.conf
+++ b/mkosi.conf.d/10-systemd.conf
@@ -28,3 +28,5 @@ KernelCommandLineExtra=systemd.crash_shell
                        printk.devkmsg=on
                        # Tell networkd to manage the ethernet interface.
                        ip=enp0s1:any
+                       # Make sure sulogin works even with a locked root account.
+                       SYSTEMD_SULOGIN_FORCE=1
diff --git a/src/sulogin-shell/sulogin-shell.c b/src/sulogin-shell/sulogin-shell.c
index 87eed541f06..e81bb527ff8 100644
--- a/src/sulogin-shell/sulogin-shell.c
+++ b/src/sulogin-shell/sulogin-shell.c
@@ -17,6 +17,7 @@
 #include "log.h"
 #include "main-func.h"
 #include "process-util.h"
+#include "proc-cmdline.h"
 #include "signal-util.h"
 #include "special.h"
 #include "unit-def.h"
@@ -116,6 +117,7 @@ static int run(int argc, char *argv[]) {
                 NULL,             /* --force */
                 NULL
         };
+        bool force = false;
         int r;
 
         log_setup();
@@ -123,6 +125,18 @@ static int run(int argc, char *argv[]) {
         print_mode(argc > 1 ? argv[1] : "");
 
         if (getenv_bool("SYSTEMD_SULOGIN_FORCE") > 0)
+                force = true;
+
+        if (!force) {
+                /* We look the argument in the kernel cmdline under the same name as the environment variable
+                 * to express that this is not supported at the same level as the regular kernel cmdline
+                 * switches. */
+                r = proc_cmdline_get_bool("SYSTEMD_SULOGIN_FORCE", &force);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to parse SYSTEMD_SULOGIN_FORCE from kernel command line, ignoring: %m");
+        }
+
+        if (force)
                 /* allows passwordless logins if root account is locked. */
                 sulogin_cmdline[1] = "--force";