Hi Noa,
I guess this is not a bug here with pam_ssh_agent but I thought you would like to know about it. Polkit has a new feature to use a systemd socket-activated service to launch the polkit-agent-helper, which makes use of systemd's sandboxing, which prevents pam_ssh_agent from reading the ssh-agent socket file. This breaks pam_ssh_agent for polkit, which is a real shame.
I wasn't yet able to figure out a fix, so have applied the workaround of disabling the socket unit, and I've filed an issue with them and will continue to work on things.
Related issues:
SUSE (where this originally masqueraded as a selinux problem) https://bugzilla.suse.com/show_bug.cgi?id=1255503#c2
Polkit: polkit-org/polkit#633
I'll let you know if there's any news.
Hi Noa,
I guess this is not a bug here with pam_ssh_agent but I thought you would like to know about it. Polkit has a new feature to use a systemd socket-activated service to launch the polkit-agent-helper, which makes use of systemd's sandboxing, which prevents pam_ssh_agent from reading the ssh-agent socket file. This breaks pam_ssh_agent for polkit, which is a real shame.
I wasn't yet able to figure out a fix, so have applied the workaround of disabling the socket unit, and I've filed an issue with them and will continue to work on things.
Related issues:
SUSE (where this originally masqueraded as a selinux problem) https://bugzilla.suse.com/show_bug.cgi?id=1255503#c2
Polkit: polkit-org/polkit#633
I'll let you know if there's any news.