Comment 136 for bug 1197395

(In reply to Colin Walters from comment #60)
> Can you send this patch to systemd-devel? Red Hat Bugzilla is a crappy
> * We could also check whether uid != getuid() - i mean we know the code
> above uses loginuid, so indirecting via lstat() is weird. But I'm OK with
> the code as is.

Sorry for the confusion (on both sides, I suppose). For me audit_loginuid_from_pid() does not actually succeed, so it's falling back to pam_get_username(). But *if* that succeeds, the current patch is wrong indeed, we need to *always* get the username from PAM. But that's indeed a separate issue (and in fact it seems it's the original issue of this bug, which I didn't really fully understand until now). So we need to check pam_get_user() against the owner of $RUNTIME_DIR (as logind always gives us the one from the session, not the one for the target user) to fix the "root destroys my runtime dir" issue, and secondly we would ideally drop the audit_loginuid_from_pid() thing as it's not really what we want. I'll follow up on the upstream ML with updated patches.