mirror of
https://github.com/microsoft/WSL.git
synced 2026-04-10 07:50:53 -05:00
c0dd0ce656
* Add DCOM LaunchPermission for WSLCSessionFactory WSLCSessionFactory (wslcsession.exe) was registered without an AppId or explicit DCOM LaunchPermission. When wslservice (SYSTEM) impersonates a non-interactive caller such as Network Service and calls CreateComServerAsUser to launch the per-user session factory, DCOM falls back to machine-default launch permissions which do not include service accounts. This causes E_ACCESSDENIED during session creation. Add an AppId with the same LaunchPermission and AccessPermission SDDL used by the other WSL COM servers (LxssUserSession, WSLCSessionManager, WslDeviceHost), granting launch/activate rights to Authenticated Users (AU), Principal Self (PS), and Local System (SY). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Extract DCOM permission blob into CMake variable The same binary security descriptor was duplicated 8 times across 4 AppId registrations. Extract it into a DCOM_PERMISSION CMake variable defined in msipackage/CMakeLists.txt so future permission changes only need one edit. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>