diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-12-17 03:11:52 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-12-17 03:11:52 -0500 |
| commit | b849891b5dde5ee14ab8b7b7db74e65a4a38d993 (patch) | |
| tree | 29bb0e6fda9b4b170041913de495da057bbe3621 /src/grp-login/systemd-logind/logind-user.c | |
| parent | 004efebf9cc559ea131bb9460ee0ee198e2d5da7 (diff) | |
| parent | 881228ff72434a0e3401a16bd87f179ef0ab1619 (diff) | |
Merge branch 'notsystemd/postmove' into notsystemd/master
# Conflicts:
# src/grp-journal/libjournal-core/.gitignore
# src/grp-system/libcore/include/core/mount.h
Diffstat (limited to 'src/grp-login/systemd-logind/logind-user.c')
| -rw-r--r-- | src/grp-login/systemd-logind/logind-user.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/src/grp-login/systemd-logind/logind-user.c b/src/grp-login/systemd-logind/logind-user.c index 3c5f5df290..0308a78d42 100644 --- a/src/grp-login/systemd-logind/logind-user.c +++ b/src/grp-login/systemd-logind/logind-user.c @@ -26,6 +26,7 @@ #include "sd-bus/bus-error.h" #include "sd-bus/bus-util.h" #include "systemd-basic/alloc-util.h" +#include "systemd-basic/cgroup-util.h" #include "systemd-basic/escape.h" #include "systemd-basic/fd-util.h" #include "systemd-basic/fileio.h" @@ -354,14 +355,12 @@ static int user_mkdir_runtime_path(User *u) { r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { - if (errno != EPERM) { + if (errno != EPERM && errno != EACCES) { r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path); goto fail; } - /* Lacking permissions, maybe - * CAP_SYS_ADMIN-less container? In this case, - * just use a normal directory. */ + log_debug_errno(errno, "Failed to mount per-user tmpfs directory %s, assuming containerized execution, ignoring: %m", u->runtime_path); r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid); if (r < 0) { @@ -613,9 +612,14 @@ int user_finalize(User *u) { if (k < 0) r = k; - /* Clean SysV + POSIX IPC objects */ - if (u->manager->remove_ipc) { - k = clean_ipc(u->uid); + /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs + * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to + * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such + * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because + * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, + * and do it only for normal users. */ + if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) { + k = clean_ipc_by_uid(u->uid); if (k < 0) r = k; } @@ -892,9 +896,19 @@ int config_parse_user_tasks_max( assert(rvalue); assert(data); - /* First, try to parse as percentage */ + if (isempty(rvalue)) { + *m = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U); + return 0; + } + + if (streq(rvalue, "infinity")) { + *m = CGROUP_LIMIT_MAX; + return 0; + } + + /* Try to parse as percentage */ r = parse_percent(rvalue); - if (r > 0 && r < 100) + if (r >= 0) k = system_tasks_max_scale(r, 100U); else { |