Negotiating a VT session with logind - needs a new interface?

When starting a confined shell it is not currently possible to acquire a graphical ttyN session with logind as AppArmour will deny access to “org.freedesktop.login1” via dbus.

I note that there are existing interfaces (e.g. “shutdown” & “network_manager”) that allow some access to “org.freedesktop.login1”, but not to “Session” and “Seat” as needed for the above.

As a result I’m thinking proposing a new interface that allows this access. That leads to several questions:

  • Would adding to an existing interface - e.g. “wayland” (which I already implement) be preferable? (It would work for me but doesn’t seem coherent.)
  • If not, would a new interface for this be acceptable?
  • if so, what would be the best name? “logind”?

Ping @jdstrand

Note, I’m motivated by Mir-based snaps mir-test-tools and egmde-confined-desktop, but this seems a much more general issue and might affect others.

We discussed on IRC where I suggested “login-session-control”.

Here’s the PR: https://github.com/snapcore/snapd/pull/6790