util: Blacklist some session-specific variables
Things like XDG_SESSION_ID should not be uploaded to the environment. For example this is broken currently:
- SSH to your machine
- Log in to GNOME Shell
- Log out
- Log in again
- Lock the screen
- Try to unlock
You can't, and this is because the XDG_SESSION_ID from the first session
(step 2) has leaked through to the second one (step 4), and so GNOME
Shell is listening to the logind
UnlockSession
signal for the wrong
session. The SSH session established in step 1 serves to keep the
systemd --user
instance alive, so that the state is not torn down
between logins.
This is just one example of something that is broken currently, but it's likely that other things will be too in more or less subtle ways than this one. The idea is that we should stop setting things in the environment that are specific to one session and this is inspired by an example from D-Bus upstream.