From fecbce1fc654076a2fc0922e6d36e5300ea04cdf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 8 May 2023 11:03:32 +0200 Subject: sulogin: Read SYSTEMD_SULOGIN_FORCE from kernel cmdline This allows setting it on the kernel cmdline and having it work automatically without having to write any dropins or such. Also enable the option in mkosi so that we can debug the initrd properly with a locked root account. --- src/sulogin-shell/sulogin-shell.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/sulogin-shell') diff --git a/src/sulogin-shell/sulogin-shell.c b/src/sulogin-shell/sulogin-shell.c index 87eed541f0..e81bb527ff 100644 --- a/src/sulogin-shell/sulogin-shell.c +++ b/src/sulogin-shell/sulogin-shell.c @@ -17,6 +17,7 @@ #include "log.h" #include "main-func.h" #include "process-util.h" +#include "proc-cmdline.h" #include "signal-util.h" #include "special.h" #include "unit-def.h" @@ -116,6 +117,7 @@ static int run(int argc, char *argv[]) { NULL, /* --force */ NULL }; + bool force = false; int r; log_setup(); @@ -123,6 +125,18 @@ static int run(int argc, char *argv[]) { print_mode(argc > 1 ? argv[1] : ""); if (getenv_bool("SYSTEMD_SULOGIN_FORCE") > 0) + force = true; + + if (!force) { + /* We look the argument in the kernel cmdline under the same name as the environment variable + * to express that this is not supported at the same level as the regular kernel cmdline + * switches. */ + r = proc_cmdline_get_bool("SYSTEMD_SULOGIN_FORCE", &force); + if (r < 0) + log_debug_errno(r, "Failed to parse SYSTEMD_SULOGIN_FORCE from kernel command line, ignoring: %m"); + } + + if (force) /* allows passwordless logins if root account is locked. */ sulogin_cmdline[1] = "--force"; -- cgit v1.2.1