mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
3d2157e707
This flag was added indb6aedab92with the justification that locale environment variables should be preserved by the user session. However, the companion patch to drop the UnsetEnvironment= directive blocking these variables was never merged, so the intended change was never effected. While the patch was ineffective toward its stated goal, the "-p" option does have material negative consequences for the user session in systemd — environment variables to support the use of credentials and memory pressure directives, such as $CREDENTIALS_DIRECTORY and $MEMORY_PRESSURE_WATCH, which are now directly used by agetty and login, get leaked into the user session potentially breaking applications that rely on these values. E.g. systemd-ask-password fails from the tty when $CREDENTIALS_DIRECTORY has been leaked from agetty, because it expects to be able to access credentials in $CREDENTIALS_DIRECTORY. This effectively revertsdb6aedab92. References:db6aedab92(units: Tell login to preserve environment (#6023), 2017-05-24)
49 lines
1.4 KiB
SYSTEMD
49 lines
1.4 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Container Getty on /dev/pts/%I
|
|
Documentation=man:agetty(8) man:systemd-getty-generator(8)
|
|
Documentation=man:machinectl(1)
|
|
After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
|
|
{% if HAVE_SYSV_COMPAT %}
|
|
After=rc-local.service
|
|
{% endif %}
|
|
Before=getty.target
|
|
IgnoreOnIsolate=yes
|
|
ConditionPathExists=/dev/pts/%I
|
|
|
|
# IgnoreOnIsolate is an issue: when someone isolates rescue.target,
|
|
# tradition expects that we shut down all but the main console.
|
|
Conflicts=rescue.service
|
|
Before=rescue.service
|
|
|
|
[Service]
|
|
# The '-o' option value tells agetty to replace 'login' arguments with '--' for
|
|
# safety, and then the entered username.
|
|
ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear - ${TERM}
|
|
Type=idle
|
|
Restart=always
|
|
RestartSec=0
|
|
UtmpIdentifier=pts/%I
|
|
StandardInput=tty
|
|
StandardOutput=tty
|
|
TTYPath=/dev/pts/%I
|
|
TTYReset=yes
|
|
TTYVHangup=yes
|
|
{% if not ENABLE_LOGIND %}
|
|
KillMode=process
|
|
{% endif %}
|
|
IgnoreSIGPIPE=no
|
|
SendSIGHUP=yes
|
|
ImportCredential=tty.container.%I.agetty.*:agetty.
|
|
ImportCredential=tty.container.%I.login.*:login.
|
|
ImportCredential=agetty.*
|
|
ImportCredential=login.*
|