linux - how can I call "systemd-run" "--user" ... from execvp() (in c or c++) without requir

When I call systemd-run "--user" "--pipe" "echo" "hello" I get the expected output "hello" (plus some systemd unit info) without a password popup.

But when I run systemd-run using the exact same arguments from inside a C++ program via execvp() or execvpe() it launches a popup window with Authentication is required to start transient unit.

Example:

#include <unistd.h>

int main(int argc, char const* const argv[], char const* const envp[])
    {
        char const* argp[] =
            {
                "--user",
                "--pipe",
                "echo",
                "hello",
                nullptr,
            };
        
        //::execvp("systemd-run", const_cast<char**>(argp)); // alternative call, same result
        ::execvpe("systemd-run", const_cast<char**>(argp), const_cast<char**>(envp));
    }

Can I avoid this authentication popup requirement (while still using C++)? Preferably using a default systemd with no policy modification.

---

(I'm trying to make a quick tool to run a subcommand while preventing accidental file modification outside of specified directories, eg for a "safe" build).

When I call systemd-run "--user" "--pipe" "echo" "hello" I get the expected output "hello" (plus some systemd unit info) without a password popup.

But when I run systemd-run using the exact same arguments from inside a C++ program via execvp() or execvpe() it launches a popup window with Authentication is required to start transient unit.

Example:

#include <unistd.h>

int main(int argc, char const* const argv[], char const* const envp[])
    {
        char const* argp[] =
            {
                "--user",
                "--pipe",
                "echo",
                "hello",
                nullptr,
            };
        
        //::execvp("systemd-run", const_cast<char**>(argp)); // alternative call, same result
        ::execvpe("systemd-run", const_cast<char**>(argp), const_cast<char**>(envp));
    }

Can I avoid this authentication popup requirement (while still using C++)? Preferably using a default systemd with no policy modification.

---

(I'm trying to make a quick tool to run a subcommand while preventing accidental file modification outside of specified directories, eg for a "safe" build).

• linux
• systemd

Share Improve this question Follow edited Feb 2 at 11:02 Toby Speight 31.4k5252 gold badges7676 silver badges113113 bronze badges asked Feb 2 at 2:26 xaxazakxaxazak 91077 silver badges2020 bronze badges 6

• Not that I've ever used systemd-run, but have you tried adding the --no-ask-password option that the manual mentions? – tink Commented Feb 2 at 2:32
• Yes, this just causes Failed to start transient service unit: Interactive authentication required. – xaxazak Commented Feb 2 at 2:36
• 1 You might want to ask on Unix & Linux. They may be able to explain what criteria it uses to require authentication. – Barmar Commented Feb 2 at 2:44
• hmm, not possible to transfer this question there I guess. Is it ok to repost? – xaxazak Commented Feb 2 at 2:46
• @xaxazak You have to run it as root and there will be no popup window. – Lewis Commented Feb 2 at 3:52

 |  Show 1 more comment

1 Answer 1

Sorted by: Reset to default 1

The program is missing in argp, try this :

#include <unistd.h>

int main(int argc, char const* const argv[], char const* const envp[])
    {
        char const* argp[] =
            {
                "systemd-run", // <=========== notice this.
                "--user",
                "--pipe",
                "echo",
                "hello",
                nullptr,
            };
        
        //::execvp("systemd-run", const_cast<char**>(argp)); // alternative call, same result
        ::execvpe("systemd-run", const_cast<char**>(argp), const_cast<char**>(envp));
    }

Your version is running this command: systemd-run --pipe echo hello, reason why it asks for password.