1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
systemd/units/console-getty.service.in
Ronan Pigott 3d2157e707 units: drop "-p" flag from agetty's login options
This flag was added in db6aedab92 with the justification that locale
environment variables should be preserved by the user session. However,
the companion patch to drop the UnsetEnvironment= directive blocking
these variables was never merged, so the intended change was never
effected.

While the patch was ineffective toward its stated goal, the "-p" option
does have material negative consequences for the user session in
systemd — environment variables to support the use of
credentials and memory pressure directives, such as
$CREDENTIALS_DIRECTORY and $MEMORY_PRESSURE_WATCH, which are now
directly used by agetty and login, get leaked into the user session
potentially breaking applications that rely on these values.

E.g. systemd-ask-password fails from the tty when $CREDENTIALS_DIRECTORY
has been leaked from agetty, because it expects to be able to access
credentials in $CREDENTIALS_DIRECTORY.

This effectively reverts db6aedab92.

References: db6aedab92 (units: Tell login to preserve environment (#6023), 2017-05-24)
2024-08-15 16:49:02 +09:00

46 lines
1.3 KiB
SYSTEMD

# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Console Getty
Documentation=man:agetty(8) man:systemd-getty-generator(8)
After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
{% if HAVE_SYSV_COMPAT %}
After=rc-local.service
{% endif %}
Before=getty.target
# OCI containers may be run without a console
ConditionPathExists=/dev/console
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with '--' for
# safety, and then the entered username.
ExecStart=-/sbin/agetty -o '-- \\u' --noreset --noclear --keep-baud 115200,57600,38400,9600 - ${TERM}
Type=idle
Restart=always
UtmpIdentifier=cons
StandardInput=tty
StandardOutput=tty
TTYPath=/dev/console
TTYReset=yes
TTYVHangup=yes
{% if not ENABLE_LOGIND %}
KillMode=process
{% endif %}
IgnoreSIGPIPE=no
SendSIGHUP=yes
ImportCredential=tty.console.agetty.*:agetty.
ImportCredential=tty.console.login.*:login.
ImportCredential=agetty.*
ImportCredential=login.*
[Install]
WantedBy=getty.target