[3711020239] Upstream Reporter: Allison Karlitskaya
Upstream issue status: Open
Upstream description:

Right now we more or less become root by using sudo, via the "bridge configuration" mechanism in manifest files (and specifically pkg/shell/manifest.json). We also have pkexec support, and run0 support is added by #22373.

I have an experimental PR in https://github.com/allisonkarlitskaya/systemd_ctypes/pull/83 that shows that run0 isn't so complicated. It more or less boils down to a call to StartTransientUnit with some plumbing for stdin/-out/-err. I've tested, and this works with RHEL 8.8 (and presumably everything in between).

Meanwhile run0 is a bit annoying to wrap because among other things it generates bad error messages. We can't plausibly show something like "Failed to start transient unit: Access Denied" to the user. If we call the D-Bus API directly then we get access to the error codes and can display better/localized messages. The polkit agent interaction comes from the existing code that we have for pkexec.

I think we should do this via some mechanism like retconning a "method" field into our bridge configs with values like "spawn" (default) and "transient-unit". In case "method": "spawn" (the default) we look at the "spawn" key for the command to exec (which is the current behaviour). If it's "transient-unit" then we call StartTransientUnit on systemd via the system bus instead.