diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-08-01 19:24:40 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-08-19 00:37:25 +0200 |
commit | 00d9ef8560c252d8504be99cb38d1a54d35a9144 (patch) | |
tree | 388323761f8f32b4ec3b83a017a8931c4fd450b9 /src/login/logind-user.c | |
parent | 51d73fd96a55810ca40324eec098e66c6657699b (diff) |
core: add RemoveIPC= setting
This adds the boolean RemoveIPC= setting to service, socket, mount and swap
units (i.e. all unit types that may invoke processes). if turned on, and the
unit's user/group is not root, all IPC objects of the user/group are removed
when the service is shut down. The life-cycle of the IPC objects is hence bound
to the unit life-cycle.
This is particularly relevant for units with dynamic users, as it is essential
that no objects owned by the dynamic users survive the service exiting. In
fact, this patch adds code to imply RemoveIPC= if DynamicUser= is set.
In order to communicate the UID/GID of an executed process back to PID 1 this
adds a new "user lookup" socket pair, that is inherited into the forked
processes, and closed before the exec(). This is needed since we cannot do NSS
from PID 1 due to deadlock risks, However need to know the used UID/GID in
order to clean up IPC owned by it if the unit shuts down.
Diffstat (limited to 'src/login/logind-user.c')
-rw-r--r-- | src/login/logind-user.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 63363035e7..11951aca5b 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -612,9 +612,14 @@ int user_finalize(User *u) { if (k < 0) r = k; - /* Clean SysV + POSIX IPC objects */ - if (u->manager->remove_ipc) { - k = clean_ipc(u->uid); + /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs + * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to + * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such + * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because + * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, + * and do it only for normal users. */ + if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) { + k = clean_ipc_by_uid(u->uid); if (k < 0) r = k; } |