shutdownd: use PassCred=yes in the socket unit

Since Linux 3.2 in order to receive SCM_CREDENTIALS it is not sufficient
to set SO_PASSCRED just before recvmsg(). The option has to be already
set when the sender sends the message.

With socket activation it is too late to set the option in the service.
It must be set on the socket right from the start.

See the kernel commit:
16e57262 af_unix: dont send SCM_CREDENTIALS by default

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=757628

diff --git a/src/shutdownd.c b/src/shutdownd.c
index 0ffa8b28815f4c1805b14e16c77cc7853609f272..46856b01ad616b8230f96193ce48ea26fc89bfd7 100644 (file)
--- a/src/shutdownd.c
+++ b/src/shutdownd.c
@@ -173,7 +173,6 @@ int main(int argc, char *argv[]) {
         };
 
         int r = EXIT_FAILURE, n_fds;
-        int one = 1;
         struct shutdownd_command c;
         struct pollfd pollfd[_FD_MAX];
         bool exec_shutdown = false, unlink_nologin = false, failed = false;
@@ -205,11 +204,6 @@ int main(int argc, char *argv[]) {
                 return EXIT_FAILURE;
         }
 
-        if (setsockopt(SD_LISTEN_FDS_START, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0) {
-                log_error("SO_PASSCRED failed: %m");
-                return EXIT_FAILURE;
-        }
-
         zero(c);
         zero(pollfd);
 

diff --git a/units/systemd-shutdownd.socket b/units/systemd-shutdownd.socket
index bc0358a346fbf921021af9cd640bef8716e8847d..13b6c7a5cc3e93e3c36f2902828f8f7e8a055407 100644 (file)
--- a/units/systemd-shutdownd.socket
+++ b/units/systemd-shutdownd.socket
@@ -15,3 +15,4 @@ Before=sockets.target
 [Socket]
 ListenDatagram=/run/systemd/shutdownd
 SocketMode=0600
+PassCred=yes