Allow PIDFile in system services with User= set to non-root

2025-12-20 19:25:42 +01:00
3 changed files with 93 additions and 0 deletions
--- a/9000-core-allow-to-use-PIDFile-in-user-session-services.patch
+++ b/9000-core-allow-to-use-PIDFile-in-user-session-services.patch
@@ -0,0 +1,40 @@
+From 1c08e5e5ac9828a600bb692f051c4deac5d9d13d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 8 Jul 2025 17:37:33 +0900
+Subject: [PATCH] core: allow to use PIDFile= in user session services
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes #38108.
+
+Co-authored-by: 铝箔 <38349409+Sodium-Aluminate@users.noreply.github.com>
+(cherry picked from commit 7e269126778875e7e8927d795132109fb9a9b3a1)
+---
+ src/core/service.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 0134d0e775..92d2f3d77c 100644
+--- a/src/core/service.c
+++ b/src/core/service.c
+@@ -1215,11 +1215,13 @@ static int service_load_pid_file(Service *s, bool may_warn) {
+                 if (fstat(fileno(f), &st) < 0)
+                         return log_unit_error_errno(UNIT(s), errno, "Failed to fstat() PID file '%s': %m", s->pid_file);
+ 
+-                if (st.st_uid != 0)
+                if (st.st_uid != getuid())
+                         return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+-                                                    "New main PID "PID_FMT" from PID file does not belong to service, and PID file is not owned by root. Refusing.", pidref.pid);
+                                                    "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
+                                                    pidref.pid, st.st_uid, getuid());
+ 
+-                log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by root.", pidref.pid);
+                log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by "UID_FMT".",
+                               pidref.pid, st.st_uid);
+         }
+ 
+         if (s->main_pid_known) {
+-- 
+2.52.0
+
--- a/9001-core-allow-to-use-PIDFile-in-system-session-services.patch
+++ b/9001-core-allow-to-use-PIDFile-in-system-session-services.patch
@@ -0,0 +1,49 @@
+From 25ab32bde5f6ada7f45d32917b7ce672addc4e73 Mon Sep 17 00:00:00 2001
+From: Louis-Baptiste Sobolewski <lb.sobolewski@protonmail.com>
+Date: Sat, 20 Dec 2025 17:45:21 +0100
+Subject: [PATCH] core: allow to use PIDFile= in system session services with
+ User= set to non-root
+
+---
+ src/core/service.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 92d2f3d77c..9faed57e3a 100644
+--- a/src/core/service.c
+++ b/src/core/service.c
+@@ -50,6 +50,7 @@
+ #include "transaction.h"
+ #include "unit-name.h"
+ #include "unit.h"
+#include "user-util.h"
+ #include "utf8.h"
+ 
+ #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__)
+@@ -1215,10 +1216,19 @@ static int service_load_pid_file(Service *s, bool may_warn) {
+                 if (fstat(fileno(f), &st) < 0)
+                         return log_unit_error_errno(UNIT(s), errno, "Failed to fstat() PID file '%s': %m", s->pid_file);
+ 
+-                if (st.st_uid != getuid())
+-                        return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+-                                                    "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
+-                                                    pidref.pid, st.st_uid, getuid());
+                if (st.st_uid != getuid()) {
+                        /* In system units with User= the UID of the processes is not getuid() */
+                        uid_t uid;
+                        r = get_user_creds((const char **)&(s->exec_context.user), &uid, NULL, NULL, NULL, 0);
+                        if (r < 0)
+                                return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+                                                            "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
+                                                            pidref.pid, st.st_uid, getuid());
+                        else if (st.st_uid != uid)
+                                return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
+                                                            "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT" or "UID_FMT"). Refusing.",
+                                                            pidref.pid, st.st_uid, getuid(), uid);
+                }
+ 
+                 log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by "UID_FMT".",
+                                pidref.pid, st.st_uid);
+-- 
+2.52.0
+
--- a/systemd.spec
+++ b/systemd.spec
@@ -249,6 +249,10 @@ Patch:          5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
 Patch:          5004-disable-session-freeze.patch
 %endif

+# Support using PIDFile= in services with a User= directive
+Patch:          9000-core-allow-to-use-PIDFile-in-user-session-services.patch
+Patch:          9001-core-allow-to-use-PIDFile-in-system-session-services.patch
+
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
 init scripts for Linux. systemd provides aggressive parallelization