diff options
-rw-r--r-- | mkosi.conf.d/10-systemd.conf | 2 | ||||
-rw-r--r-- | src/sulogin-shell/sulogin-shell.c | 14 |
2 files changed, 16 insertions, 0 deletions
diff --git a/mkosi.conf.d/10-systemd.conf b/mkosi.conf.d/10-systemd.conf index a19d464a09..d82a59dd03 100644 --- a/mkosi.conf.d/10-systemd.conf +++ b/mkosi.conf.d/10-systemd.conf @@ -28,3 +28,5 @@ KernelCommandLineExtra=systemd.crash_shell printk.devkmsg=on # Tell networkd to manage the ethernet interface. ip=enp0s1:any + # Make sure sulogin works even with a locked root account. + SYSTEMD_SULOGIN_FORCE=1 diff --git a/src/sulogin-shell/sulogin-shell.c b/src/sulogin-shell/sulogin-shell.c index 87eed541f0..e81bb527ff 100644 --- a/src/sulogin-shell/sulogin-shell.c +++ b/src/sulogin-shell/sulogin-shell.c @@ -17,6 +17,7 @@ #include "log.h" #include "main-func.h" #include "process-util.h" +#include "proc-cmdline.h" #include "signal-util.h" #include "special.h" #include "unit-def.h" @@ -116,6 +117,7 @@ static int run(int argc, char *argv[]) { NULL, /* --force */ NULL }; + bool force = false; int r; log_setup(); @@ -123,6 +125,18 @@ static int run(int argc, char *argv[]) { print_mode(argc > 1 ? argv[1] : ""); if (getenv_bool("SYSTEMD_SULOGIN_FORCE") > 0) + force = true; + + if (!force) { + /* We look the argument in the kernel cmdline under the same name as the environment variable + * to express that this is not supported at the same level as the regular kernel cmdline + * switches. */ + r = proc_cmdline_get_bool("SYSTEMD_SULOGIN_FORCE", &force); + if (r < 0) + log_debug_errno(r, "Failed to parse SYSTEMD_SULOGIN_FORCE from kernel command line, ignoring: %m"); + } + + if (force) /* allows passwordless logins if root account is locked. */ sulogin_cmdline[1] = "--force"; |