Merge branch 'notsystemd/postmove' into notsystemd/master

# Conflicts:
#	src/grp-journal/systemd-journald/Makefile
#	src/grp-login/systemd-logind/Makefile
#	src/grp-machine/grp-import/systemd-export/Makefile
#	src/grp-machine/grp-import/systemd-import/Makefile
#	src/grp-machine/grp-import/systemd-pull/Makefile
#	src/grp-machine/systemd-machined/Makefile
#	src/grp-network/libnetworkd-core/Makefile
#	src/grp-resolve/libbasic-dns/Makefile
#	src/grp-resolve/systemd-resolved/Makefile
#	src/grp-utils/systemd-path/Makefile
#	src/libshared/src/Makefile
#	src/libsystemd-network/include/systemd-network/sd-ndisc.h
#	src/libsystemd/Makefile
#	src/libsystemd/src/test.mk
#	src/libudev/Makefile
#	src/systemd-dbus1-generator/Makefile
#	src/systemd-nspawn/nspawn.c

Signed-off-by: Luke Shumaker <lukeshu@sbcglobal.net>

17 files changed, 109 insertions, 72 deletions

diff --git a/src/grp-login/Makefile b/src/grp-login/Makefile
index fe0bab0f81..48a15db591 100644
--- a/src/grp-login/Makefile
+++ b/src/grp-login/Makefile
@@ -27,19 +27,19 @@ test_login_SOURCES = \
 	src/libsystemd/sd-login/test-login.c
 
 test_login_LDADD = \
-	libshared.la
+	libsystemd-shared.la
 
 test_login_shared_SOURCES = \
 	src/login/test-login-shared.c
 
 test_login_shared_LDADD = \
-	libshared.la
+	libsystemd-shared.la
 
 test_inhibit_SOURCES = \
 	src/login/test-inhibit.c
 
 test_inhibit_LDADD = \
-	libshared.la
+	libsystemd-shared.la
 
 test_login_tables_SOURCES = \
 	src/login/test-login-tables.c
diff --git a/src/grp-login/loginctl/Makefile b/src/grp-login/loginctl/Makefile
index d2c6eebd27..f1a474e1cc 100644
--- a/src/grp-login/loginctl/Makefile
+++ b/src/grp-login/loginctl/Makefile
@@ -29,7 +29,7 @@ loginctl_SOURCES = \
 	src/login/sysfs-show.c
 
 loginctl_LDADD = \
-	libshared.la
+	libsystemd-shared.la
 
 rootbin_PROGRAMS += \
 	loginctl
diff --git a/src/grp-login/loginctl/loginctl.c b/src/grp-login/loginctl/loginctl.c
index 3ac325fc97..469bec582f 100644
--- a/src/grp-login/loginctl/loginctl.c
+++ b/src/grp-login/loginctl/loginctl.c
@@ -291,7 +291,7 @@ typedef struct SessionStatusInfo {
         char *seat;
         char *tty;
         char *display;
-        bool remote;
+        int remote;
         char *remote_host;
         char *remote_user;
         char *service;
@@ -305,7 +305,7 @@ typedef struct SessionStatusInfo {
 
 typedef struct UserStatusInfo {
         uid_t uid;
-        bool linger;
+        int linger;
         char *name;
         struct dual_timestamp timestamp;
         char *state;
@@ -1555,7 +1555,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
 }
 
 int main(int argc, char *argv[]) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        sd_bus *bus = NULL;
         int r;
 
         setlocale(LC_ALL, "");
@@ -1577,6 +1577,8 @@ int main(int argc, char *argv[]) {
         r = loginctl_main(argc, argv, bus);
 
 finish:
+        sd_bus_flush_close_unref(bus);
+
         pager_close();
         polkit_agent_close();
 
diff --git a/src/grp-login/pam_systemd/pam_systemd.c b/src/grp-login/pam_systemd/pam_systemd.c
index 6f67506e5a..11f527cda0 100644
--- a/src/grp-login/pam_systemd/pam_systemd.c
+++ b/src/grp-login/pam_systemd/pam_systemd.c
@@ -182,25 +182,20 @@ static int export_legacy_dbus_address(
         _cleanup_free_ char *s = NULL;
         int r = PAM_BUF_ERR;
 
-        if (is_kdbus_available()) {
-                if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
-                        goto error;
-        } else {
-                /* FIXME: We *really* should move the access() check into the
-                 * daemons that spawn dbus-daemon, instead of forcing
-                 * DBUS_SESSION_BUS_ADDRESS= here. */
-
-                s = strjoin(runtime, "/bus", NULL);
-                if (!s)
-                        goto error;
-
-                if (access(s, F_OK) < 0)
-                        return PAM_SUCCESS;
+        /* FIXME: We *really* should move the access() check into the
+         * daemons that spawn dbus-daemon, instead of forcing
+         * DBUS_SESSION_BUS_ADDRESS= here. */
 
-                s = mfree(s);
-                if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
-                        goto error;
-        }
+        s = strjoin(runtime, "/bus", NULL);
+        if (!s)
+                goto error;
+
+        if (access(s, F_OK) < 0)
+                return PAM_SUCCESS;
+
+        s = mfree(s);
+        if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
+                goto error;
 
         r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
         if (r != PAM_SUCCESS)
diff --git a/src/grp-login/systemd-inhibit/Makefile b/src/grp-login/systemd-inhibit/Makefile
index 93440da575..8b3b7995d9 100644
--- a/src/grp-login/systemd-inhibit/Makefile
+++ b/src/grp-login/systemd-inhibit/Makefile
@@ -29,7 +29,7 @@ systemd_inhibit_SOURCES = \
 	src/login/inhibit.c
 
 systemd_inhibit_LDADD = \
-	libshared.la
+	libsystemd-shared.la
 
 rootbin_PROGRAMS += \
 	systemd-inhibit
diff --git a/src/grp-login/systemd-logind/Makefile b/src/grp-login/systemd-logind/Makefile
index 3c9a0a05ef..ed2db4e038 100644
--- a/src/grp-login/systemd-logind/Makefile
+++ b/src/grp-login/systemd-logind/Makefile
@@ -59,6 +59,9 @@ _liblogind_core_la_SOURCES = \
 	src/login/logind-utmp.c \
 	src/login/logind-acl.h
 
+liblogind_core_la_LIBADD = \
+	libsystemd-shared.la
+
 ifneq ($(HAVE_ACL),)
 _liblogind_core_la_SOURCES += \
 	src/login/logind-acl.c
diff --git a/src/grp-login/systemd-logind/logind-action.c b/src/grp-login/systemd-logind/logind-action.c
index 0cfeab3fdb..a7c88e7e65 100644
--- a/src/grp-login/systemd-logind/logind-action.c
+++ b/src/grp-login/systemd-logind/logind-action.c
@@ -86,7 +86,7 @@ int manager_handle_action(
         }
 
         /* If the key handling is inhibited, don't do anything */
-        if (inhibit_key > 0) {
+        if (!ignore_inhibited && inhibit_key > 0) {
                 if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) {
                         log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key));
                         return 0;
@@ -125,7 +125,7 @@ int manager_handle_action(
                 return -EALREADY;
         }
 
-        inhibit_operation = handle == HANDLE_SUSPEND || handle == HANDLE_HIBERNATE || handle == HANDLE_HYBRID_SLEEP ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN;
+        inhibit_operation = IN_SET(handle, HANDLE_SUSPEND, HANDLE_HIBERNATE, HANDLE_HYBRID_SLEEP) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN;
 
         /* If the actual operation is inhibited, warn and fail */
         if (!ignore_inhibited &&
diff --git a/src/grp-login/systemd-logind/logind-core.c b/src/grp-login/systemd-logind/logind-core.c
index 13ea97ae0d..b2ae7c2e1a 100644
--- a/src/grp-login/systemd-logind/logind-core.c
+++ b/src/grp-login/systemd-logind/logind-core.c
@@ -498,7 +498,7 @@ static int manager_count_external_displays(Manager *m) {
                         continue;
 
                 /* Ignore internal displays: the type is encoded in
-                 * the sysfs name, as the second dash seperated item
+                 * the sysfs name, as the second dash separated item
                  * (the first is the card name, the last the connector
                  * number). We implement a whitelist of external
                  * displays here, rather than a whitelist, to ensure
diff --git a/src/grp-login/systemd-logind/logind-gperf.gperf b/src/grp-login/systemd-logind/logind-gperf.gperf
index d578234e53..1a39c3bf96 100644
--- a/src/grp-login/systemd-logind/logind-gperf.gperf
+++ b/src/grp-login/systemd-logind/logind-gperf.gperf
@@ -38,4 +38,4 @@ Login.RuntimeDirectorySize,        config_parse_tmpfs_size,    0, offsetof(Manag
 Login.RemoveIPC,                   config_parse_bool,          0, offsetof(Manager, remove_ipc)
 Login.InhibitorsMax,               config_parse_uint64,        0, offsetof(Manager, inhibitors_max)
 Login.SessionsMax,                 config_parse_uint64,        0, offsetof(Manager, sessions_max)
-Login.UserTasksMax,                config_parse_uint64,        0, offsetof(Manager, user_tasks_max)
+Login.UserTasksMax,                config_parse_user_tasks_max,0, offsetof(Manager, user_tasks_max)
diff --git a/src/grp-login/systemd-logind/logind-session.c b/src/grp-login/systemd-logind/logind-session.c
index 928f4a6314..b08db54068 100644
--- a/src/grp-login/systemd-logind/logind-session.c
+++ b/src/grp-login/systemd-logind/logind-session.c
@@ -605,7 +605,6 @@ int session_start(Session *s) {
 
 static int session_stop_scope(Session *s, bool force) {
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
-        char *job = NULL;
         int r;
 
         assert(s);
@@ -613,22 +612,25 @@ static int session_stop_scope(Session *s, bool force) {
         if (!s->scope)
                 return 0;
 
+        /* Let's always abandon the scope first. This tells systemd that we are not interested anymore, and everything
+         * that is left in in the scope is "left-over". Informing systemd about this has the benefit that it will log
+         * when killing any processes left after this point. */
+        r = manager_abandon_scope(s->manager, s->scope, &error);
+        if (r < 0)
+                log_warning_errno(r, "Failed to abandon session scope, ignoring: %s", bus_error_message(&error, r));
+
+        /* Optionally, let's kill everything that's left now. */
         if (force || manager_shall_kill(s->manager, s->user->name)) {
+                char *job = NULL;
+
                 r = manager_stop_unit(s->manager, s->scope, &error, &job);
-                if (r < 0) {
-                        log_error("Failed to stop session scope: %s", bus_error_message(&error, r));
-                        return r;
-                }
+                if (r < 0)
+                        return log_error_errno(r, "Failed to stop session scope: %s", bus_error_message(&error, r));
 
                 free(s->scope_job);
                 s->scope_job = job;
-        } else {
-                r = manager_abandon_scope(s->manager, s->scope, &error);
-                if (r < 0) {
-                        log_error("Failed to abandon session scope: %s", bus_error_message(&error, r));
-                        return r;
-                }
-        }
+        } else
+                s->scope_job = mfree(s->scope_job);
 
         return 0;
 }
diff --git a/src/grp-login/systemd-logind/logind-user.c b/src/grp-login/systemd-logind/logind-user.c
index 015276efc8..5a2750b72b 100644
--- a/src/grp-login/systemd-logind/logind-user.c
+++ b/src/grp-login/systemd-logind/logind-user.c
@@ -312,8 +312,7 @@ int user_load(User *u) {
                 if (r == -ENOENT)
                         return 0;
 
-                log_error_errno(r, "Failed to read %s: %m", u->state_file);
-                return r;
+                return log_error_errno(r, "Failed to read %s: %m", u->state_file);
         }
 
         if (display)
@@ -844,7 +843,6 @@ int config_parse_tmpfs_size(
                 void *userdata) {
 
         size_t *sz = data;
-        const char *e;
         int r;
 
         assert(filename);
@@ -852,35 +850,68 @@ int config_parse_tmpfs_size(
         assert(rvalue);
         assert(data);
 
-        e = endswith(rvalue, "%");
-        if (e) {
-                unsigned long ul;
-                char *f;
+        /* First, try to parse as percentage */
+        r = parse_percent(rvalue);
+        if (r > 0 && r < 100)
+                *sz = physical_memory_scale(r, 100U);
+        else {
+                uint64_t k;
 
-                errno = 0;
-                ul = strtoul(rvalue, &f, 10);
-                if (errno > 0 || f != e) {
-                        log_syntax(unit, LOG_ERR, filename, line, errno, "Failed to parse percentage value, ignoring: %s", rvalue);
-                        return 0;
-                }
+                /* If the passed argument was not a percentage, or out of range, parse as byte size */
 
-                if (ul <= 0 || ul >= 100) {
-                        log_syntax(unit, LOG_ERR, filename, line, 0, "Percentage value out of range, ignoring: %s", rvalue);
+                r = parse_size(rvalue, 1024, &k);
+                if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue);
                         return 0;
                 }
 
-                *sz = PAGE_ALIGN((size_t) ((physical_memory() * (uint64_t) ul) / (uint64_t) 100));
-        } else {
-                uint64_t k;
+                *sz = PAGE_ALIGN((size_t) k);
+        }
 
-                r = parse_size(rvalue, 1024, &k);
-                if (r < 0 || (uint64_t) (size_t) k != k) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue);
+        return 0;
+}
+
+int config_parse_user_tasks_max(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        uint64_t *m = data;
+        uint64_t k;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        /* First, try to parse as percentage */
+        r = parse_percent(rvalue);
+        if (r > 0 && r < 100)
+                k = system_tasks_max_scale(r, 100U);
+        else {
+
+                /* If the passed argument was not a percentage, or out of range, parse as byte size */
+
+                r = safe_atou64(rvalue, &k);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse tasks maximum, ignoring: %s", rvalue);
                         return 0;
                 }
+        }
 
-                *sz = PAGE_ALIGN((size_t) k);
+        if (k <= 0 || k >= UINT64_MAX) {
+                log_syntax(unit, LOG_ERR, filename, line, 0, "Tasks maximum out of range, ignoring: %s", rvalue);
+                return 0;
         }
 
+        *m = k;
         return 0;
 }
diff --git a/src/grp-login/systemd-logind/logind.c b/src/grp-login/systemd-logind/logind.c
index e5e21f7567..84e23beef0 100644
--- a/src/grp-login/systemd-logind/logind.c
+++ b/src/grp-login/systemd-logind/logind.c
@@ -62,8 +62,8 @@ static void manager_reset_config(Manager *m) {
         m->idle_action_usec = 30 * USEC_PER_MINUTE;
         m->idle_action = HANDLE_IGNORE;
 
-        m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */
-        m->user_tasks_max = 12288;
+        m->runtime_dir_size = physical_memory_scale(10U, 100U); /* 10% */
+        m->user_tasks_max = system_tasks_max_scale(33U, 100U); /* 33% */
         m->sessions_max = 8192;
         m->inhibitors_max = 8192;
 
diff --git a/src/grp-login/systemd-logind/logind.conf.in b/src/grp-login/systemd-logind/logind.conf.in
index 32c0844cb6..6f720b7708 100644
--- a/src/grp-login/systemd-logind/logind.conf.in
+++ b/src/grp-login/systemd-logind/logind.conf.in
@@ -34,4 +34,4 @@
 #RemoveIPC=yes
 #InhibitorsMax=8192
 #SessionsMax=8192
-#UserTasksMax=12288
+#UserTasksMax=33%
diff --git a/src/grp-login/systemd-logind/logind.conf.xml b/src/grp-login/systemd-logind/logind.conf.xml
index fe92277a1f..adba5a4131 100644
--- a/src/grp-login/systemd-logind/logind.conf.xml
+++ b/src/grp-login/systemd-logind/logind.conf.xml
@@ -315,12 +315,11 @@
       <varlistentry>
         <term><varname>UserTasksMax=</varname></term>
 
-        <listitem><para>Sets the maximum number of OS tasks each user
-        may run concurrently. This controls the
-        <varname>TasksMax=</varname> setting of the per-user slice
-        unit, see
+        <listitem><para>Sets the maximum number of OS tasks each user may run concurrently. This controls the
+        <varname>TasksMax=</varname> setting of the per-user slice unit, see
         <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-        for details. Defaults to 12288 (12K).</para></listitem>
+        for details. Defaults to 33%, which equals 10813 with the kernel's defaults on the host, but might be smaller
+        in OS containers.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/grp-login/systemd-logind/logind.h b/src/grp-login/systemd-logind/logind.h
index effc498118..c637cdfcac 100644
--- a/src/grp-login/systemd-logind/logind.h
+++ b/src/grp-login/systemd-logind/logind.h
@@ -187,6 +187,7 @@ const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned lengt
 int manager_set_lid_switch_ignore(Manager *m, usec_t until);
 
 int config_parse_tmpfs_size(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_user_tasks_max(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 
 int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret);
 int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret);
diff --git a/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in b/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in
index 1fa6441629..66cbce393c 100644
--- a/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in
+++ b/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in
@@ -116,6 +116,8 @@
                 <_message>Explicit request is required to run programs as a non-logged-in user.</_message>
                 <defaults>
                         <allow_any>yes</allow_any>
+                        <allow_inactive>yes</allow_inactive>
+                        <allow_active>yes</allow_active>
                 </defaults>
         </action>
 
diff --git a/src/grp-login/systemd-logind/systemd-logind.service.in b/src/grp-login/systemd-logind/systemd-logind.service.in
index ff049134ee..bee08d011f 100644
--- a/src/grp-login/systemd-logind/systemd-logind.service.in
+++ b/src/grp-login/systemd-logind/systemd-logind.service.in
@@ -25,6 +25,8 @@ RestartSec=0
 BusName=org.freedesktop.login1
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 WatchdogSec=3min
+MemoryDenyWriteExecute=yes
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io
 
 # Increase the default a bit in order to allow many simultaneous
 # logins since we keep one fd open per session.