From: Mike Yuan Date: Sat, 4 Jan 2025 12:31:28 +0000 (+0100) Subject: tty-ask-password-agent: if we're spawning further agents, grant them notify access X-Git-Tag: v258-rc1~1706^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F35855%2Fhead;p=thirdparty%2Fsystemd.git tty-ask-password-agent: if we're spawning further agents, grant them notify access Follow-up for 254649d5762540ade590909c70c27af86c7dfdac Otherwise, systemd-ask-password-console.service times out being started since the main process never delivers READY=1 notification. Alternative to #35853 --- diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c index 68b6d1c70e4..5ff892c25df 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c @@ -581,7 +581,7 @@ static int ask_on_this_console(const char *tty, char **arguments, pid_t *ret_pid assert_se(sigaction(SIGHUP, &sigaction_default, NULL) >= 0); assert_se(sigprocmask_many(SIG_UNBLOCK, NULL, SIGHUP, SIGCHLD) >= 0); - r = safe_fork("(sd-passwd)", FORK_RESET_SIGNALS|FORK_LOG, ret_pid); + r = safe_fork("(sd-passwd)", FORK_RESET_SIGNALS|FORK_KEEP_NOTIFY_SOCKET|FORK_LOG, ret_pid); if (r < 0) return r; if (r == 0) { @@ -676,6 +676,13 @@ static int ask_on_consoles(char *argv[]) { if (!arguments) return log_oom(); + /* Grant agents we spawn notify access too, so that once an agent establishes inotify watch + * READY=1 from them is accepted by service manager (see process_and_watch_password_files()). + * + * Note that when any agent exits STOPPING=1 would also be sent, but that's utterly what we want, + * i.e. the password is answered on one console and other agents get killed below. */ + (void) sd_notify(/* unset_environment = */ false, "NOTIFYACCESS=all"); + /* Start an agent on each console. */ STRV_FOREACH(tty, consoles) { pid_t pid;