diff options
| author | David Herrmann <dh.herrmann@gmail.com> | 2015-09-28 12:53:42 +0200 |
|---|---|---|
| committer | David Herrmann <dh.herrmann@gmail.com> | 2015-11-16 15:34:36 +0100 |
| commit | f9e4283df30ad8916878396da449b2e38656b6f7 (patch) | |
| tree | 574c35fa42c97669d1ec4a55b5d125ef2bc81079 | |
| parent | 44690833dfadb523c1f9b6a9e6e1dced44f374e1 (diff) | |
login: simply XDG_RUNTIME_DIR management
Lets not pretend we support changing XDG_RUNTIME_DIR via logind state
files. There is no reason to ever write the string into /run, as we
allocate it statically based on the UID, anyway. Lets stop that and just
allocate the runtime_path in "struct User" at all times.
We keep writing it into the /run state to make sure pam_systemd of
previous installs can still read it. However, pam_systemd is now fixed to
allocate it statically as well, so we can safely remove that some time in
the future.
Last but not least: If software depends on systemd, they're more than free
to assume /run/user/$uid is their runtime dir. Lets not require sane
applications to query the environment to get their runtime dir. As long as
applications know their login-UID, they should be safe to deduce the
runtime dir.
| -rw-r--r-- | src/login/logind-user.c | 42 | ||||
| -rw-r--r-- | src/login/pam_systemd.c | 28 |
2 files changed, 24 insertions, 46 deletions
diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 7bdbe6583c..92f3b75a85 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -68,6 +68,9 @@ User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) { if (asprintf(&u->state_file, "/run/systemd/users/"UID_FMT, uid) < 0) goto fail; + if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0) + goto fail; + if (hashmap_put(m->users, UID_TO_PTR(uid), u) < 0) goto fail; @@ -78,6 +81,7 @@ User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) { return u; fail: + free(u->runtime_path); free(u->state_file); free(u->name); free(u); @@ -141,6 +145,7 @@ static int user_save_internal(User *u) { u->name, user_state_to_string(user_get_state(u))); + /* LEGACY: no-one reads RUNTIME= anymore, drop it at some point */ if (u->runtime_path) fprintf(f, "RUNTIME=%s\n", u->runtime_path); @@ -288,7 +293,6 @@ int user_load(User *u) { assert(u); r = parse_env_file(u->state_file, NEWLINE, - "RUNTIME", &u->runtime_path, "SERVICE", &u->service, "SERVICE_JOB", &u->service_job, "SLICE", &u->slice, @@ -327,7 +331,6 @@ int user_load(User *u) { } static int user_mkdir_runtime_path(User *u) { - char *p; int r; assert(u); @@ -336,16 +339,10 @@ static int user_mkdir_runtime_path(User *u) { if (r < 0) return log_error_errno(r, "Failed to create /run/user: %m"); - if (!u->runtime_path) { - if (asprintf(&p, "/run/user/" UID_FMT, u->uid) < 0) - return log_oom(); - } else - p = u->runtime_path; - - if (path_is_mount_point(p, 0) <= 0) { + if (path_is_mount_point(u->runtime_path, 0) <= 0) { _cleanup_free_ char *t = NULL; - (void) mkdir_label(p, 0700); + (void) mkdir_label(u->runtime_path, 0700); if (mac_smack_use()) r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size); @@ -356,10 +353,10 @@ static int user_mkdir_runtime_path(User *u) { goto fail; } - r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t); + r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { if (errno != EPERM) { - r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p); + r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path); goto fail; } @@ -367,29 +364,23 @@ static int user_mkdir_runtime_path(User *u) { * CAP_SYS_ADMIN-less container? In this case, * just use a normal directory. */ - r = chmod_and_chown(p, 0700, u->uid, u->gid); + r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid); if (r < 0) { log_error_errno(r, "Failed to change runtime directory ownership and mode: %m"); goto fail; } } - r = label_fix(p, false, false); + r = label_fix(u->runtime_path, false, false); if (r < 0) - log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", p); + log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", u->runtime_path); } - u->runtime_path = p; return 0; fail: - if (p) { - /* Try to clean up, but ignore errors */ - (void) rmdir(p); - free(p); - } - - u->runtime_path = NULL; + /* Try to clean up, but ignore errors */ + (void) rmdir(u->runtime_path); return r; } @@ -574,9 +565,6 @@ static int user_remove_runtime_path(User *u) { assert(u); - if (!u->runtime_path) - return 0; - r = rm_rf(u->runtime_path, 0); if (r < 0) log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path); @@ -592,8 +580,6 @@ static int user_remove_runtime_path(User *u) { if (r < 0) log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path); - u->runtime_path = mfree(u->runtime_path); - return r; } diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 0d61f528db..3f7cbb78df 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -267,29 +267,21 @@ _public_ PAM_EXTERN int pam_sm_open_session( pam_get_item(handle, PAM_SERVICE, (const void**) &service); if (streq_ptr(service, "systemd-user")) { - _cleanup_free_ char *p = NULL, *rt = NULL; + _cleanup_free_ char *rt = NULL; - if (asprintf(&p, "/run/systemd/users/"UID_FMT, pw->pw_uid) < 0) + if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0) return PAM_BUF_ERR; - r = parse_env_file(p, NEWLINE, - "RUNTIME", &rt, - NULL); - if (r < 0 && r != -ENOENT) - return PAM_SESSION_ERR; - - if (rt) { - r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); - return r; - } - - r = export_legacy_dbus_address(handle, pw->pw_uid, rt); - if (r != PAM_SUCCESS) - return r; + r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + return r; } + r = export_legacy_dbus_address(handle, pw->pw_uid, rt); + if (r != PAM_SUCCESS) + return r; + return PAM_SUCCESS; } |