From 966f3a246c8c804d8a9c9d393f03c5c3fe0dd393 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 30 Aug 2021 13:21:55 +0200
Subject: [PATCH] run/mount/systemctl: don't fork off PolicyKit/ask-pw agent
 when in --user mode

When we are in --user mode there's no point in doing PolicyKit/ask-pw
because both of these systems are only used by system-level services.
Let's disable the two agents for that automaticlly hence.

Prompted by: #20576
---
 src/mount/mount-tool.c    | 3 +++
 src/run/run.c             | 4 ++++
 src/systemctl/systemctl.c | 5 +++++
 3 files changed, 12 insertions(+)

diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c
index b0de83b8d0..8b1cb247e9 100644
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@@ -332,6 +332,9 @@ static int parse_argv(int argc, char *argv[]) {
                         assert_not_reached();
                 }
 
+        if (arg_user)
+                arg_ask_password = false;
+
         if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Execution in user context is not supported on non-local systems.");
diff --git a/src/run/run.c b/src/run/run.c
index fb38571228..664153137d 100644
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -507,6 +507,10 @@ static int parse_argv(int argc, char *argv[]) {
                         assert_not_reached();
                 }
 
+        /* If we are talking to the per-user instance PolicyKit isn't going to help */
+        if (arg_user)
+                arg_ask_password = false;
+
         with_trigger = !!arg_path_property || !!arg_socket_property || arg_with_timer;
 
         /* currently, only single trigger (path, socket, timer) unit can be created simultaneously */
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index f5ecc1f60f..e2a8aef114 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -925,6 +925,11 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
                         assert_not_reached();
                 }
 
+        /* If we are in --user mode, there's no point in talking to PolicyKit or the infra to query system
+         * passwords */
+        if (arg_scope != UNIT_FILE_SYSTEM)
+                arg_ask_password = false;
+
         if (arg_transport == BUS_TRANSPORT_REMOTE && arg_scope != UNIT_FILE_SYSTEM)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Cannot access user instance remotely.");