nixos/systemd: fix run0 failing to run commands

Fixes #361592. I was able to test this change by doing the following: 1. Create a file named “test-systemd-run0.nix” that contains this Nix expression: let nixpkgs = /path/to/nixpkgs; pkgs = import nixpkgs { }; in pkgs.testers.runNixOSTest { name = "test-systemd-run0"; nodes.machine = { security.polkit.enable = true; }; testScript = '' start_all() machine.succeed("run0 env") ''; } 2. Replace “/path/to/nixpkgs” with the actual path to an actual copy of Nixpkgs. 3. Run the integration test by running this command: nix-build <path to test-systemd-run0.nix> (cherry picked from commit d54262911c)
2026-01-11 10:22:54 +08:00 · 2025-06-24 09:08:27 -04:00
parent 8ef0e435e0
commit d5378cec85
1 changed files with 9 additions and 0 deletions
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -831,6 +831,15 @@ in
        minsize = "1M";
      };
    };
+
+    # run0 is supposed to authenticate the user via polkit and then run a command. Without this next
+    # part, run0 would fail to run the command even if authentication is successful and the user has
+    # permission to run the command. This next part is only enabled if polkit is enabled because the
+    # error that we’re trying to avoid can’t possibly happen if polkit isn’t enabled. When polkit isn’t
+    # enabled, run0 will fail before it even tries to run the command.
+    security.pam.services = mkIf config.security.polkit.enable {
+      systemd-run0 = { };
+    };
  };

  # FIXME: Remove these eventually.