auth: allow failures to read process start_time from /proc/$PID/stat with hidepid

When mounting /proc with hidepid, we might fail to read the
start-time of the process from /proc/$PID/stat. In this case,
we should just accept a start-time of zero.

On the other side of authentication, polkit should accept a zero
start-time too.

nm_utils_get_start_time_for_pid() has other uses in NetworkManager,
mostly when killing a process from a PIDFILE or during
nm_utils_kill_process_sync(). In both these cases, this will only
succeed if we try to kill a process that also runs a root.

For processes started by the current instance, we don't care about the
PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem
with hidepid there.

https://bugzilla.gnome.org/show_bug.cgi?id=764502

1 files changed, 12 insertions, 3 deletions

diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c
index 494d52d3e8..86b873f0f2 100644
--- a/src/nm-auth-subject.c
+++ b/src/nm-auth-subject.c
@@ -360,9 +360,18 @@ constructed (GObject *object)
 		priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL);
 
 		if (!priv->unix_process.start_time) {
-			/* could not detect the process start time. The subject is invalid, but don't
-			 * assert against it. */
-			_clear_private (priv);
+			/* Is the process already gone? Then fail creation of the auth subject
+			 * by clearing the type. */
+			if (kill (priv->unix_process.pid, 0) != 0)
+				_clear_private (priv);
+
+			/* Otherwise, although we didn't detect a start_time, the process is still around.
+			 * That could be due to procfs mounted with hidepid. So just accept the request.
+			 *
+			 * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat
+			 * itself (and if it fails to do so, assume a start-time of 0 and proceed).
+			 * The only combination that would fail here, is when NM is able to read the
+			 * start-time, but polkit is not. */
 		}
 		return;
 	default: