nixos/systemd: run0: enable setLoginUid, disable pamMount (#428459)

2025-07-26 19:51:50 +02:00 · 2025-07-26 19:51:50 +02:00 · e9df8b4e2f
commit e9df8b4e2f
parent ee847178d2 fb51cc802d
1 changed files with 5 additions and 1 deletions
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@ -838,7 +838,11 @@ in
    # error that we’re trying to avoid can’t possibly happen if polkit isn’t enabled. When polkit isn’t
    # enabled, run0 will fail before it even tries to run the command.
    security.pam.services = mkIf config.security.polkit.enable {
-      systemd-run0 = { };
+      systemd-run0 = {
+        # Upstream config: https://github.com/systemd/systemd/blob/main/src/run/systemd-run0.in
+        setLoginUid = true;
+        pamMount = false;
+      };
    };
  };