From the perspective of "pkexec", we go out of our way to explicitly clear all envronment variables (e.g. DISPLAY) except for a special whitelist. But pam_systemd.so then *injects back* a broken XDG_RUNTIME_DIR.
That just has to be wrong. Right, Lennart?
There are a few options here.
One that occurs to me is for pam_systemd.so to special case XDG_RUNTIME_DIR when uid != loginuid. We could leave XDG_RUNTIME_DIR unset, and apps would have to fall back.
But as with most other people in this thread, I'm really concluding that pam_systemd.so should explicitly use getuid() for XDG_RUNTIME_DIR.
From the perspective of "pkexec", we go out of our way to explicitly clear all envronment variables (e.g. DISPLAY) except for a special whitelist. But pam_systemd.so then *injects back* a broken XDG_RUNTIME_DIR.
That just has to be wrong. Right, Lennart?
There are a few options here.
One that occurs to me is for pam_systemd.so to special case XDG_RUNTIME_DIR when uid != loginuid. We could leave XDG_RUNTIME_DIR unset, and apps would have to fall back.
But as with most other people in this thread, I'm really concluding that pam_systemd.so should explicitly use getuid() for XDG_RUNTIME_DIR.