diff options
39 files changed, 467 insertions, 253 deletions
diff --git a/Makefile.am b/Makefile.am index 198265f48d..f2ef83b0c7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5720,7 +5720,7 @@ dist_dbussystemservice_DATA += \ dist_dbuspolicy_DATA += \ src/login/org.freedesktop.login1.conf -dist_pkgsysconf_DATA += \ +nodist_pkgsysconf_DATA += \ src/login/logind.conf polkitpolicy_files += \ @@ -5757,7 +5757,8 @@ gperf_gperf_sources += \ EXTRA_DIST += \ src/login/71-seat.rules.in \ src/login/73-seat-late.rules.in \ - units/systemd-logind.service.in + units/systemd-logind.service.in \ + src/login/logind.conf.in # ------------------------------------------------------------------------------ if HAVE_PAM @@ -5874,6 +5875,7 @@ substitutions = \ '|NTP_SERVERS=$(NTP_SERVERS)|' \ '|DNS_SERVERS=$(DNS_SERVERS)|' \ '|DEFAULT_DNSSEC_MODE=$(DEFAULT_DNSSEC_MODE)|' \ + '|KILL_USER_PROCESSES=$(KILL_USER_PROCESSES)|' \ '|systemuidmax=$(SYSTEM_UID_MAX)|' \ '|systemgidmax=$(SYSTEM_GID_MAX)|' \ '|TTY_GID=$(TTY_GID)|' \ @@ -22,9 +22,30 @@ CHANGES WITH 230 in spe: * systemd-resolve conveniently resolves DANE records with the --tlsa option and OPENPGPKEY records with the --openpgp option. - * Testing tool /usr/lib/systemd/systemd-activate is renamed to - systemd-socket-activate and installed into /usr/bin. It is now fully - supported. + * systemd-logind will now by default terminate user processes that are + part of the user session scope unit (session-XX.scope) when the user + logs out. This behaviour is controlled by the + KillUserProcesses=yes|no setting in logind.conf, and previous default + of "no" is now changed to "yes". This means that user sessions will + be properly cleaned up after, but additional steps are necessary to + allow intentionally long-running processes to survive logout. + + While the user is logged in at least once, user@.service is running, + and any service that should survive the end of any individual login + session can be started at a user service or scope using systemd-run. + systemd-run(1) man page has been extended with an example which + shows how to run screen in a scope unit underneath user@.service. + The same command works for tmux. + + After the user logs out of all sessions, user@.service will be + terminated too, by default, unless the user has "lingering" enabled. + To effectively allow users to run long-term tasks even if they are + logged out, lingering must be enabled for them. See loginctl(1) for + details. The default polkit policy was modified to allow users to + set lingering for themselves without authentication. + + Previous defaults can be restored at compile time by the + --without-kill-user-processes option. * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line @@ -45,6 +66,10 @@ CHANGES WITH 230 in spe: * The Unique Identifier sent in DHCP requests can be configured. + * Testing tool /usr/lib/systemd/systemd-activate is renamed to + systemd-socket-activate and installed into /usr/bin. It is now fully + supported. + * systemd-journald now uses separate threads to flush changes to disk when closing journal files. @@ -286,7 +311,7 @@ CHANGES WITH 229: Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2016-02-11 + — Berlin, 2016-02-11 CHANGES WITH 228: @@ -487,7 +512,7 @@ CHANGES WITH 228: Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-11-18 + — Berlin, 2015-11-18 CHANGES WITH 227: @@ -691,7 +716,7 @@ CHANGES WITH 227: Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich, Zbigniew Jędrzejewski-Szmek, Марко М. Костић - -- Berlin, 2015-10-07 + — Berlin, 2015-10-07 CHANGES WITH 226: @@ -811,7 +836,7 @@ CHANGES WITH 226: Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø - -- Berlin, 2015-09-08 + — Berlin, 2015-09-08 CHANGES WITH 225: @@ -884,7 +909,7 @@ CHANGES WITH 225: Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-08-27 + — Berlin, 2015-08-27 CHANGES WITH 224: @@ -899,7 +924,7 @@ CHANGES WITH 224: Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen - -- Berlin, 2015-07-31 + — Berlin, 2015-07-31 CHANGES WITH 223: @@ -964,7 +989,7 @@ CHANGES WITH 223: Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo, Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-07-29 + — Berlin, 2015-07-29 CHANGES WITH 222: @@ -1004,7 +1029,7 @@ CHANGES WITH 222: Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-07-07 + — Berlin, 2015-07-07 CHANGES WITH 221: @@ -1082,7 +1107,7 @@ CHANGES WITH 221: Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner Fink, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-06-19 + — Berlin, 2015-06-19 CHANGES WITH 220: @@ -1311,7 +1336,7 @@ CHANGES WITH 220: Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-05-22 + — Berlin, 2015-05-22 CHANGES WITH 219: @@ -1635,7 +1660,7 @@ CHANGES WITH 219: Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2015-02-16 + — Berlin, 2015-02-16 CHANGES WITH 218: @@ -1837,7 +1862,7 @@ CHANGES WITH 218: Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-12-10 + — Berlin, 2014-12-10 CHANGES WITH 217: @@ -2049,7 +2074,7 @@ CHANGES WITH 217: Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-10-28 + — Berlin, 2014-10-28 CHANGES WITH 216: @@ -2251,7 +2276,7 @@ CHANGES WITH 216: Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-08-19 + — Berlin, 2014-08-19 CHANGES WITH 215: @@ -2485,7 +2510,7 @@ CHANGES WITH 215: Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-07-03 + — Berlin, 2014-07-03 CHANGES WITH 214: @@ -2679,7 +2704,7 @@ CHANGES WITH 214: Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-06-11 + — Berlin, 2014-06-11 CHANGES WITH 213: @@ -2811,7 +2836,7 @@ CHANGES WITH 213: Lindskog, WaLyong Cho, Will Woods, Zbigniew Jędrzejewski-Szmek - -- Beijing, 2014-05-28 + — Beijing, 2014-05-28 CHANGES WITH 212: @@ -2960,7 +2985,7 @@ CHANGES WITH 212: Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-03-25 + — Berlin, 2014-03-25 CHANGES WITH 211: @@ -3084,7 +3109,7 @@ CHANGES WITH 211: Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-03-12 + — Berlin, 2014-03-12 CHANGES WITH 210: @@ -3189,7 +3214,7 @@ CHANGES WITH 210: Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-02-24 + — Berlin, 2014-02-24 CHANGES WITH 209: @@ -3645,7 +3670,7 @@ CHANGES WITH 209: Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2014-02-20 + — Berlin, 2014-02-20 CHANGES WITH 208: @@ -3732,7 +3757,7 @@ CHANGES WITH 208: Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty, Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-10-02 + — Berlin, 2013-10-02 CHANGES WITH 207: @@ -3832,7 +3857,7 @@ CHANGES WITH 207: Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao, William Giokas, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-09-13 + — Berlin, 2013-09-13 CHANGES WITH 206: @@ -3931,14 +3956,14 @@ CHANGES WITH 206: Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William Giokas, Zbigniew Jędrzejewski-Szmek - -- Berlin, 2013-07-23 + — Berlin, 2013-07-23 CHANGES WITH 205: * Two new unit types have been introduced: Scope units are very similar to service units, however, are - created out of pre-existing processes -- instead of PID 1 + created out of pre-existing processes — instead of PID 1 forking off the processes. By using scope units it is possible for system services and applications to group their own child processes (worker processes) in a powerful way @@ -384,7 +384,7 @@ Features: * systemd-inhibit: make taking delay locks useful: support sending SIGINT or SIGTERM on PrepareForSleep() -* remove any syslog support from log.c -- we probably cannot do this before split-off udev is gone for good +* remove any syslog support from log.c — we probably cannot do this before split-off udev is gone for good * shutdown logging: store to EFI var, and store to USB stick? diff --git a/configure.ac b/configure.ac index 7b9e64a0f6..d4e8ab6664 100644 --- a/configure.ac +++ b/configure.ac @@ -1014,6 +1014,16 @@ fi AM_CONDITIONAL(ENABLE_LOGIND, [test "$have_logind" = "yes"]) AS_IF([test "$have_logind" = "yes"], [ AC_DEFINE(HAVE_LOGIND, [1], [Logind support available]) ]) +AC_ARG_WITH([kill-user-processes], + [AS_HELP_STRING([--without-kill-user-processes], [Set logind's KillUserProcesses=no by default])]) +AS_IF([test "$with_kill_user_processes" != "no"], + [kill_user_processes=true + KILL_USER_PROCESSES=yes], + [kill_user_processes=false + KILL_USER_PROCESSES=no]) +AC_DEFINE_UNQUOTED(KILL_USER_PROCESSES, [$kill_user_processes], [Default KillUserProcesses setting]) +AC_SUBST(KILL_USER_PROCESSES) + # ------------------------------------------------------------------------------ have_machined=no AC_ARG_ENABLE(machined, AS_HELP_STRING([--disable-machined], [disable machine daemon])) @@ -1554,106 +1564,107 @@ AC_OUTPUT AC_MSG_RESULT([ $PACKAGE_NAME $VERSION - libcryptsetup: ${have_libcryptsetup} - PAM: ${have_pam} - AUDIT: ${have_audit} - IMA: ${have_ima} - AppArmor: ${have_apparmor} - SELinux: ${have_selinux} - SECCOMP: ${have_seccomp} - SMACK: ${have_smack} - ZLIB: ${have_zlib} - XZ: ${have_xz} - LZ4: ${have_lz4} - BZIP2: ${have_bzip2} - ACL: ${have_acl} - GCRYPT: ${have_gcrypt} - QRENCODE: ${have_qrencode} - MICROHTTPD: ${have_microhttpd} - GNUTLS: ${have_gnutls} - libcurl: ${have_libcurl} - libidn: ${have_libidn} - libiptc: ${have_libiptc} - ELFUTILS: ${have_elfutils} - binfmt: ${have_binfmt} - vconsole: ${have_vconsole} - quotacheck: ${have_quotacheck} - tmpfiles: ${have_tmpfiles} - sysusers: ${have_sysusers} - firstboot: ${have_firstboot} - randomseed: ${have_randomseed} - backlight: ${have_backlight} - rfkill: ${have_rfkill} - logind: ${have_logind} - machined: ${have_machined} - importd: ${have_importd} - hostnamed: ${have_hostnamed} - timedated: ${have_timedated} - timesyncd: ${have_timesyncd} - Default NTP servers: ${NTP_SERVERS} - time epoch: ${TIME_EPOCH} - localed: ${have_localed} - networkd: ${have_networkd} - resolved: ${have_resolved} - Default DNS servers: ${DNS_SERVERS} - Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} - coredump: ${have_coredump} - polkit: ${have_polkit} - efi: ${have_efi} - gnuefi: ${have_gnuefi} - efi arch: ${EFI_ARCH} - EFI machine type: ${EFI_MACHINE_TYPE_NAME} - EFI CC ${EFI_CC} - EFI libdir: ${EFI_LIB_DIR} - EFI ldsdir: ${EFI_LDS_DIR} - EFI includedir: ${EFI_INC_DIR} - kmod: ${have_kmod} - xkbcommon: ${have_xkbcommon} - blkid: ${have_blkid} - libmount: ${have_libmount} - dbus: ${have_dbus} - nss-myhostname: ${have_myhostname} - hwdb: ${enable_hwdb} - tpm: ${have_tpm} - kdbus: ${have_kdbus} - Python: ${have_python} - man pages: ${have_manpages} - test coverage: ${have_coverage} - Split /usr: ${enable_split_usr} - SysV compatibility: ${SYSTEM_SYSV_COMPAT} - utmp/wtmp support: ${have_utmp} - ldconfig support: ${enable_ldconfig} - hibernate support: ${enable_hibernate} - extra debugging: ${enable_debug} - tests: ${enable_tests} - - prefix: ${prefix} - rootprefix: ${with_rootprefix} - sysconf dir: ${sysconfdir} - datarootdir: ${datarootdir} - includedir: ${includedir} - lib dir: ${libdir} - rootlib dir: ${with_rootlibdir} - SysV init scripts: ${SYSTEM_SYSVINIT_PATH} - SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} - Build Python: ${PYTHON} - PAM modules dir: ${with_pamlibdir} - PAM configuration dir: ${with_pamconfdir} - D-Bus policy dir: ${with_dbuspolicydir} - D-Bus session dir: ${with_dbussessionservicedir} - D-Bus system dir: ${with_dbussystemservicedir} - Bash completions dir: ${with_bashcompletiondir} - Zsh completions dir: ${with_zshcompletiondir} - Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} - Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} - Wheel group: ${have_wheel_group} - Debug shell: ${SUSHELL} @ ${DEBUGTTY} - TTY GID: ${TTY_GID} - Maximum System UID: ${SYSTEM_UID_MAX} - Maximum System GID: ${SYSTEM_GID_MAX} - Certificate root: ${CERTIFICATEROOT} - - CFLAGS: ${OUR_CFLAGS} ${CFLAGS} - CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} - LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} + libcryptsetup: ${have_libcryptsetup} + PAM: ${have_pam} + AUDIT: ${have_audit} + IMA: ${have_ima} + AppArmor: ${have_apparmor} + SELinux: ${have_selinux} + SECCOMP: ${have_seccomp} + SMACK: ${have_smack} + ZLIB: ${have_zlib} + XZ: ${have_xz} + LZ4: ${have_lz4} + BZIP2: ${have_bzip2} + ACL: ${have_acl} + GCRYPT: ${have_gcrypt} + QRENCODE: ${have_qrencode} + MICROHTTPD: ${have_microhttpd} + GNUTLS: ${have_gnutls} + libcurl: ${have_libcurl} + libidn: ${have_libidn} + libiptc: ${have_libiptc} + ELFUTILS: ${have_elfutils} + binfmt: ${have_binfmt} + vconsole: ${have_vconsole} + quotacheck: ${have_quotacheck} + tmpfiles: ${have_tmpfiles} + sysusers: ${have_sysusers} + firstboot: ${have_firstboot} + randomseed: ${have_randomseed} + backlight: ${have_backlight} + rfkill: ${have_rfkill} + logind: ${have_logind} + Default KillUserProcesses setting: ${KILL_USER_PROCESSES} + machined: ${have_machined} + importd: ${have_importd} + hostnamed: ${have_hostnamed} + timedated: ${have_timedated} + timesyncd: ${have_timesyncd} + Default NTP servers: ${NTP_SERVERS} + time epoch: ${TIME_EPOCH} + localed: ${have_localed} + networkd: ${have_networkd} + resolved: ${have_resolved} + Default DNS servers: ${DNS_SERVERS} + Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} + coredump: ${have_coredump} + polkit: ${have_polkit} + efi: ${have_efi} + gnuefi: ${have_gnuefi} + efi arch: ${EFI_ARCH} + EFI machine type: ${EFI_MACHINE_TYPE_NAME} + EFI CC ${EFI_CC} + EFI libdir: ${EFI_LIB_DIR} + EFI ldsdir: ${EFI_LDS_DIR} + EFI includedir: ${EFI_INC_DIR} + kmod: ${have_kmod} + xkbcommon: ${have_xkbcommon} + blkid: ${have_blkid} + libmount: ${have_libmount} + dbus: ${have_dbus} + nss-myhostname: ${have_myhostname} + hwdb: ${enable_hwdb} + tpm: ${have_tpm} + kdbus: ${have_kdbus} + Python: ${have_python} + man pages: ${have_manpages} + test coverage: ${have_coverage} + Split /usr: ${enable_split_usr} + SysV compatibility: ${SYSTEM_SYSV_COMPAT} + utmp/wtmp support: ${have_utmp} + ldconfig support: ${enable_ldconfig} + hibernate support: ${enable_hibernate} + extra debugging: ${enable_debug} + tests: ${enable_tests} + + prefix: ${prefix} + rootprefix: ${with_rootprefix} + sysconf dir: ${sysconfdir} + datarootdir: ${datarootdir} + includedir: ${includedir} + lib dir: ${libdir} + rootlib dir: ${with_rootlibdir} + SysV init scripts: ${SYSTEM_SYSVINIT_PATH} + SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} + Build Python: ${PYTHON} + PAM modules dir: ${with_pamlibdir} + PAM configuration dir: ${with_pamconfdir} + D-Bus policy dir: ${with_dbuspolicydir} + D-Bus session dir: ${with_dbussessionservicedir} + D-Bus system dir: ${with_dbussystemservicedir} + Bash completions dir: ${with_bashcompletiondir} + Zsh completions dir: ${with_zshcompletiondir} + Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} + Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} + Wheel group: ${have_wheel_group} + Debug shell: ${SUSHELL} @ ${DEBUGTTY} + TTY GID: ${TTY_GID} + Maximum System UID: ${SYSTEM_UID_MAX} + Maximum System GID: ${SYSTEM_GID_MAX} + Certificate root: ${CERTIFICATEROOT} + + CFLAGS: ${OUR_CFLAGS} ${CFLAGS} + CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} + LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} ]) diff --git a/hwdb/70-mouse.hwdb b/hwdb/70-mouse.hwdb index bea0464a11..a5b39dc41e 100644 --- a/hwdb/70-mouse.hwdb +++ b/hwdb/70-mouse.hwdb @@ -475,3 +475,11 @@ mouse:usb:v093ap2521:name:USB OPTICAL MOUSE: # SteelSeries Sensei Raw mouse:usb:v1038p1369:name:SteelSeries Sensei Raw Gaming Mouse: MOUSE_DPI=1000@1022 + +########################################## +# Trust +########################################## + +# Trust illuminated mouse gxt 152 +mouse:usb:v145fp01ac:name:HID-compliant Mouse Trust Gaming Mouse: + MOUSE_DPI=*800@528 1200@537 1600@536 2400@521 diff --git a/man/daemon.xml b/man/daemon.xml index b6125cb5c7..fed1ca1f49 100644 --- a/man/daemon.xml +++ b/man/daemon.xml @@ -234,7 +234,7 @@ bus-activatable by supplying a D-Bus service activation configuration file. This has multiple advantages: your daemon may be started lazily on-demand; it may be started in parallel - to other daemons requiring it -- which maximizes + to other daemons requiring it — which maximizes parallelization and boot-up speed; your daemon can be restarted on failure without losing any bus requests, as the bus queues requests for activatable services. See below for diff --git a/man/loginctl.xml b/man/loginctl.xml index 7f7252a5d9..fb51740503 100644 --- a/man/loginctl.xml +++ b/man/loginctl.xml @@ -312,7 +312,10 @@ This allows users who are not logged in to run long-running services. Takes one or more user names or numeric UIDs as argument. If no argument is specified, enables/disables - lingering for the user of the session of the caller. + lingering for the user of the session of the caller.</para> + + <para>See also <varname>KillUserProcesses=</varname> setting in + <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. </para></listitem> </varlistentry> @@ -410,6 +413,37 @@ otherwise.</para> </refsect1> + <refsect1> + <title>Examples</title> + + <example> + <title>Querying user status</title> + + <programlisting>$ loginctl user-status +fatima (1005) + Since: Sat 2016-04-09 14:23:31 EDT; 54min ago + State: active + Sessions: 5 *3 + Unit: user-1005.slice + ├─user@1005.service + ... + ├─session-3.scope + ... + └─session-5.scope + ├─3473 login -- fatima + └─3515 -zsh + +Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session): + session opened for user fatima by LOGIN(uid=0) +Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima +</programlisting> + + <para>There are two sessions, 3 and 5. Session 3 is a graphical session, + marked with a star. The tree of processing including the two corresponding + scope units and the user manager unit are shown.</para> + </example> + </refsect1> + <xi:include href="less-variables.xml" /> <refsect1> diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 597759e33a..3217ece21a 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -119,30 +119,46 @@ <varlistentry> <term><varname>KillUserProcesses=</varname></term> - <listitem><para>Takes a boolean argument. Configures whether - the processes of a user should be killed when the user - completely logs out (i.e. after the user's last session - ended). Defaults to <literal>no</literal>.</para> - - <para>Note that setting <varname>KillUserProcesses=1</varname> + <listitem><para>Takes a boolean argument. Configures whether the processes of a + user should be killed when the user logs out. If true, the scope unit + corresponding to the session and all processes inside that scope will be + terminated. If false, the scope is "abandonded", see + <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + and processes are not killed. Defaults to <literal>yes</literal>, + but see the options <varname>KillOnlyUsers=</varname> and + <varname>KillExcludeUsers=</varname> below.</para> + + <para>In addition to session processes, user process may run under the user + manager unit <filename>user@.service</filename>. Depending on the linger + settings, this may allow users to run processes independent of their login + sessions. See the description of <command>enable-linger</command> in + <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. + </para> + + <para>Note that setting <varname>KillUserProcesses=yes</varname> will break tools like - <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem> + <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry> + and + <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + unless they are moved out of the session scope. See example in + <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>. + </para></listitem> </varlistentry> <varlistentry> <term><varname>KillOnlyUsers=</varname></term> <term><varname>KillExcludeUsers=</varname></term> - <listitem><para>These settings take space-separated lists of - usernames that influence the effect of - <varname>KillUserProcesses=</varname>. If not empty, only - processes of users listed in <varname>KillOnlyUsers=</varname> - will be killed when they log out entirely. Processes of users - listed in <varname>KillExcludeUsers=</varname> are excluded - from being killed. <varname>KillExcludeUsers=</varname> - defaults to <literal>root</literal> and takes precedence over - <varname>KillOnlyUsers=</varname>, which defaults to the empty - list.</para></listitem> + <listitem><para>These settings take space-separated lists of usernames that override + the <varname>KillUserProcesses=</varname> setting. A user name may be added to + <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of + that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If + <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is + excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value + to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname> + is checked next. If this setting is specified, only the session scopes of those users + will be killed. Otherwise, users are subject to the + <varname>KillUserProcesses=yes</varname> setting.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/sd_event_source_set_priority.xml b/man/sd_event_source_set_priority.xml index 9234f4233e..8c9b39fe5e 100644 --- a/man/sd_event_source_set_priority.xml +++ b/man/sd_event_source_set_priority.xml @@ -97,7 +97,7 @@ <constant>SD_EVENT_PRIORITY_IDLE</constant> (100) may be used to indicate event sources that shall be dispatched early, normally or late. It is recommended to specify priorities based on these - definitions, and relative to them -- however, the full 64bit + definitions, and relative to them — however, the full 64bit signed integer range is available for ordering event sources.</para> diff --git a/man/sd_journal_add_match.xml b/man/sd_journal_add_match.xml index 3b27444f8d..98415d53fd 100644 --- a/man/sd_journal_add_match.xml +++ b/man/sd_journal_add_match.xml @@ -88,11 +88,19 @@ <citerefentry><refentrytitle>sd_journal_next</refentrytitle><manvolnum>3</manvolnum></citerefentry> and <citerefentry><refentrytitle>sd_journal_get_data</refentrytitle><manvolnum>3</manvolnum></citerefentry>. - Matches are of the form <literal>FIELD=value</literal>, where the - field part is a short uppercase string consisting only of 0–9, A–Z - and the underscore. It may not begin with two underscores or be - the empty string. The value part may be any value, including - binary. If a match is applied, only entries with this field set + Parameter <parameter>data</parameter> must be of the form + <literal><replaceable>FIELD</replaceable>=<replaceable>value</replaceable></literal>, + where the <replaceable>FIELD</replaceable> part is a short uppercase string consisting only + of 0–9, A–Z and the underscore; it may not begin with two underscores or be the empty + string. The <replaceable>value</replaceable> part may be anything, including binary. Parameter + <parameter>size</parameter> specifies the number of bytes in <parameter>data</parameter> + (i.e. the length of <replaceable>FIELD</replaceable>, plus one, plus the length of + <replaceable>value</replaceable>). Parameter <parameter>size</parameter> may also be + specified as <constant>0</constant>, in which case <parameter>data</parameter> + must be a <constant>NUL</constant>-terminated string, and the bytes before the terminating + zero are used as the match.</para> + + <para>If a match is applied, only entries with this field set will be iterated. Multiple matches may be active at the same time: If they apply to different fields, only entries with both fields set like this will be iterated. If they apply to the same fields, diff --git a/man/sd_journal_get_data.xml b/man/sd_journal_get_data.xml index 1f25d068d7..908ee7db16 100644 --- a/man/sd_journal_get_data.xml +++ b/man/sd_journal_get_data.xml @@ -148,7 +148,7 @@ <function>sd_journal_enumerate_unique()</function>. This threshold is a hint only: it indicates that the client program is interested only in the initial parts of the data fields, up to the threshold - in size -- but the library might still return larger data objects. + in size — but the library might still return larger data objects. That means applications should not rely exclusively on this setting to limit the size of the data fields returned, but need to apply a explicit size limit on the returned data as well. This diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index e84a15c554..2b6fb5a82f 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -67,7 +67,7 @@ processes.</para> <para>The purpose of this tool is to query system-wide passwords - -- that is passwords not attached to a specific user account. + — that is passwords not attached to a specific user account. Examples include: unlocking encrypted hard disks when they are plugged in or at boot, entering an SSL certificate passphrase for web and VPN servers.</para> diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index e32ac26850..9ed85c3950 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -262,7 +262,7 @@ <term><uri>boot</uri></term> <listitem><para>Limit events to the current boot of the system - (like <command>journalctl --this--boot</command>).</para></listitem> + (like <command>journalctl --this-boot</command>).</para></listitem> </varlistentry> <varlistentry> diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 6732b9d7be..a0376ed3e0 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -502,7 +502,7 @@ host interface name and container interface name. The latter may be omitted in which case the container and host sides will be assigned the same name. This switch is independent of - <option>--network-veth</option>, and -- in contrast -- may be + <option>--network-veth</option>, and — in contrast — may be used multiple times, and allows configuration of the network interface names. Note that <option>--network-bridge=</option> has no effect on interfaces created with diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 245daae946..9c1a29218e 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -341,10 +341,10 @@ <refsect1> <title>Examples</title> - <para>The following command will log the environment variables - provided by systemd to services:</para> + <example> + <title>Logging environment variables provided by systemd to services</title> - <programlisting># systemd-run env + <programlisting># systemd-run env Running as unit: run-19945.service # journalctl -u run-19945.service Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env... @@ -352,19 +352,27 @@ Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env. Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8 Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64</programlisting> + </example> - <para>The following command invokes the - <citerefentry project='man-pages'><refentrytitle>updatedb</refentrytitle><manvolnum>8</manvolnum></citerefentry> - tool, but lowers the block I/O weight for it to 10. See - <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for more information on the <varname>BlockIOWeight=</varname> - property.</para> + <example> + <title>Limiting resources available to a command</title> - <programlisting># systemd-run -p BlockIOWeight=10 updatedb</programlisting> + <programlisting># systemd-run -p BlockIOWeight=10 updatedb</programlisting> - <para>The following command will touch a file after 30 seconds.</para> + <para>This command invokes the + <citerefentry project='man-pages'><refentrytitle>updatedb</refentrytitle><manvolnum>8</manvolnum></citerefentry> + tool, but lowers the block I/O weight for it to 10. See + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for more information on the <varname>BlockIOWeight=</varname> + property.</para> + </example> - <programlisting># date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo + <example> + <title>Running commands at a specified time</title> + + <para>The following command will touch a file after 30 seconds.</para> + + <programlisting># date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo Mon Dec 8 20:44:24 KST 2014 Running as unit: run-71.timer Will run service as unit: run-71.service @@ -376,13 +384,60 @@ Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo. -- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. -- Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo... Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.</programlisting> - - <para>The following command invokes <filename>/bin/bash</filename> - as a service passing its standard input, output and error to - the calling TTY.</para> - - <programlisting># systemd-run -t --send-sighup /bin/bash</programlisting> - + </example> + + <example> + <title>Allowing access to the tty</title> + + <para>The following command invokes <filename>/bin/bash</filename> as a service + passing its standard input, output and error to the calling TTY.</para> + + <programlisting># systemd-run -t --send-sighup /bin/bash</programlisting> + </example> + + <example> + <title>Start <command>screen</command> as a user service</title> + + <programlisting>$ systemd-run --scope --user screen +Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope. + +$ screen -ls +There is a screen on: + 492..laptop (Detached) +1 Socket in /var/run/screen/S-fatima. +</programlisting> + + <para>This starts the <command>screen</command> process as a child of the + <command>systemd --user</command> process that was started by + <filename>user@.service</filename>, in a scope unit. A + <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry> + unit is used instead of a + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> + unit, because <command>screen</command> will exit when detaching from the terminal, + and a service unit would be terminated. Running <command>screen</command> + as a user unit has the advantage that it is not part of the session scope. + If <varname>KillUserProcesses=yes</varname> is configured in + <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + the default, the session scope will be terminated when the user logs + out of that session.</para> + + <para>The <filename>user@.service</filename> is started automatically + when the user first logs in, and stays around as long as at least one + login session is open. After the user logs out of the last session, + <filename>user@.service</filename> and all services underneath it + are terminated. This behaviour is the default, when "lingering" is + not enabled for that user. Enabling lingering means that + <filename>user@.service</filename> is started automatically during + boot, even if the user is not logged in, and that the service is + not terminated when the user logs out.</para> + + <para>Enabling lingering allows the user to run processes without being logged in, + for example to allow <command>screen</command> to persist after the user logs out, + even if the session scope is terminated. In the default configuration, users can + enable lingering for themselves:</para> + + <programlisting>$ loginctl enable-linger</programlisting> + </example> </refsect1> <refsect1> diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 80c15b700d..14998b9647 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -742,7 +742,7 @@ defined what that is supposed to mean, with one exception: at shutdown, a unit that is ordered after <filename>network.target</filename> will be stopped before - the network -- to whatever level it might be set up then -- + the network — to whatever level it might be set up then — is shut down. It is hence useful when writing service files that require network access on shutdown, which should order themselves after this target, but not pull it in. Also see diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index ff7558d500..d1b0ce76ef 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -3,7 +3,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/ima-setup.h b/src/core/ima-setup.h index 3bad74b246..472b58cb00 100644 --- a/src/core/ima-setup.h +++ b/src/core/ima-setup.h @@ -5,7 +5,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 2cdfcf7b5d..cc287d602d 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -110,6 +110,7 @@ static int callback_type_to_priority(int type) { */ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; + const char *fmt2; #ifdef HAVE_AUDIT int fd; @@ -131,8 +132,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { } #endif + fmt2 = strjoina("selinux: ", fmt); + va_start(ap, fmt); - log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap); + log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt2, ap); va_end(ap); return 0; diff --git a/src/core/unit.c b/src/core/unit.c index c60ae2be9d..1f57293a0b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3600,7 +3600,7 @@ int unit_kill_context( * cases. It doesn't work at all in * containers, and outside of containers it * can be confused easily by left-over - * directories in the cgroup -- which however + * directories in the cgroup — which however * should not exist in non-delegated units. On * the unified hierarchy that's different, * there we get proper events. Hence rely on diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index b1d1bf9e14..8089bb5883 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1660,7 +1660,7 @@ static int server_connect_notify(Server *s) { it. Specifically: given that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might hence block on us, we might end up in a deadlock - if we block on sending PID 1 notification messages -- by + if we block on sending PID 1 notification messages — by generating a full blocking circle. To avoid this, let's create a non-blocking socket, and connect it to the notification socket, and then wait for POLLOUT before we diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index e787cb69d3..b1c3d5f228 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -1212,19 +1212,19 @@ int device_get_id_filename(sd_device *device, const char **ret) { if (major(devnum) > 0) { assert(subsystem); - /* use dev_t -- b259:131072, c254:0 */ + /* use dev_t — b259:131072, c254:0 */ r = asprintf(&id, "%c%u:%u", streq(subsystem, "block") ? 'b' : 'c', major(devnum), minor(devnum)); if (r < 0) return -ENOMEM; } else if (ifindex > 0) { - /* use netdev ifindex -- n3 */ + /* use netdev ifindex — n3 */ r = asprintf(&id, "n%u", ifindex); if (r < 0) return -ENOMEM; } else { - /* use $subsys:$sysname -- pci:0000:00:1f.2 + /* use $subsys:$sysname — pci:0000:00:1f.2 * sysname() has '!' translated, get it from devpath */ const char *sysname; diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c index 33ef6fc0f7..1be1a7f8a7 100644 --- a/src/libsystemd/sd-resolve/test-resolve.c +++ b/src/libsystemd/sd-resolve/test-resolve.c @@ -63,7 +63,7 @@ static int getnameinfo_handler(sd_resolve_query *q, int ret, const char *host, c return 0; } - printf("Host: %s -- Serv: %s\n", strna(host), strna(serv)); + printf("Host: %s — Serv: %s\n", strna(host), strna(serv)); return 0; } diff --git a/src/login/.gitignore b/src/login/.gitignore index 39088ec252..3a8ba497c1 100644 --- a/src/login/.gitignore +++ b/src/login/.gitignore @@ -1,4 +1,5 @@ /logind-gperf.c +/logind.conf /org.freedesktop.login1.policy /71-seat.rules /73-seat-late.rules diff --git a/src/login/loginctl.c b/src/login/loginctl.c index 01f6fa5db0..8b23135edd 100644 --- a/src/login/loginctl.c +++ b/src/login/loginctl.c @@ -293,6 +293,7 @@ typedef struct SessionStatusInfo { typedef struct UserStatusInfo { uid_t uid; + bool linger; char *name; struct dual_timestamp timestamp; char *state; @@ -551,6 +552,7 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) static const struct bus_properties_map map[] = { { "Name", "s", NULL, offsetof(UserStatusInfo, name) }, + { "Linger", "b", NULL, offsetof(UserStatusInfo, linger) }, { "Slice", "s", NULL, offsetof(UserStatusInfo, slice) }, { "State", "s", NULL, offsetof(UserStatusInfo, state) }, { "UID", "u", NULL, offsetof(UserStatusInfo, uid) }, @@ -595,16 +597,16 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) char **l; printf("\tSessions:"); - STRV_FOREACH(l, i.sessions) { - if (streq_ptr(*l, i.display)) - printf(" *%s", *l); - else - printf(" %s", *l); - } + STRV_FOREACH(l, i.sessions) + printf(" %s%s", + streq_ptr(*l, i.display) ? "*" : "", + *l); printf("\n"); } + printf("\t Linger: %s\n", yes_no(i.linger)); + if (i.slice) { printf("\t Unit: %s\n", i.slice); show_unit_cgroup(bus, "org.freedesktop.systemd1.Slice", i.slice, 0); diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 8bdb3a9a38..cbf8d757fe 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -364,16 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) { assert(m); assert(user); - if (!m->kill_user_processes) + if (!m->kill_exclude_users && streq(user, "root")) return false; if (strv_contains(m->kill_exclude_users, user)) return false; - if (strv_isempty(m->kill_only_users)) - return true; + if (!strv_isempty(m->kill_only_users)) + return strv_contains(m->kill_only_users, user); - return strv_contains(m->kill_only_users, user); + return m->kill_user_processes; } static int vt_is_busy(unsigned int vtnr) { diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 1d3133ee25..a281f99a34 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_free_ char *cc = NULL; Manager *m = userdata; - int b, r; + int r, b, interactive; struct passwd *pw; const char *path; uint32_t uid; - int interactive; + bool self = false; assert(message); assert(m); @@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu if (r < 0) return r; + self = true; + } else if (!uid_is_valid(uid)) return -EINVAL; @@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, - "org.freedesktop.login1.set-user-linger", + self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger", NULL, interactive, UID_INVALID, diff --git a/src/login/logind.c b/src/login/logind.c index d5f6757bd3..a48e2fc61e 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -41,17 +41,7 @@ static void manager_free(Manager *m); -static Manager *manager_new(void) { - Manager *m; - int r; - - m = new0(Manager, 1); - if (!m) - return NULL; - - m->console_active_fd = -1; - m->reserve_vt_fd = -1; - +static void manager_reset_config(Manager *m) { m->n_autovts = 6; m->reserve_vt = 6; m->remove_ipc = true; @@ -61,16 +51,38 @@ static Manager *manager_new(void) { m->handle_hibernate_key = HANDLE_HIBERNATE; m->handle_lid_switch = HANDLE_SUSPEND; m->handle_lid_switch_docked = HANDLE_IGNORE; + m->power_key_ignore_inhibited = false; + m->suspend_key_ignore_inhibited = false; + m->hibernate_key_ignore_inhibited = false; m->lid_switch_ignore_inhibited = true; + m->holdoff_timeout_usec = 30 * USEC_PER_SEC; m->idle_action_usec = 30 * USEC_PER_MINUTE; m->idle_action = HANDLE_IGNORE; - m->idle_action_not_before_usec = now(CLOCK_MONOTONIC); m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); + m->kill_user_processes = KILL_USER_PROCESSES; + + m->kill_only_users = strv_free(m->kill_only_users); + m->kill_exclude_users = strv_free(m->kill_exclude_users); +} + +static Manager *manager_new(void) { + Manager *m; + int r; + + m = new0(Manager, 1); + if (!m) + return NULL; + + m->console_active_fd = -1; + m->reserve_vt_fd = -1; + + m->idle_action_not_before_usec = now(CLOCK_MONOTONIC); + m->devices = hashmap_new(&string_hash_ops); m->seats = hashmap_new(&string_hash_ops); m->sessions = hashmap_new(&string_hash_ops); @@ -84,10 +96,6 @@ static Manager *manager_new(void) { if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units) goto fail; - m->kill_exclude_users = strv_new("root", NULL); - if (!m->kill_exclude_users) - goto fail; - m->udev = udev_new(); if (!m->udev) goto fail; @@ -98,6 +106,8 @@ static Manager *manager_new(void) { sd_event_set_watchdog(m->event, true); + manager_reset_config(m); + return m; fail: @@ -986,6 +996,30 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us return 0; } +static int manager_parse_config_file(Manager *m) { + assert(m); + + return config_parse_many(PKGSYSCONFDIR "/logind.conf", + CONF_PATHS_NULSTR("systemd/logind.conf.d"), + "Login\0", + config_item_perf_lookup, logind_gperf_lookup, + false, m); +} + +static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { + Manager *m = userdata; + int r; + + manager_reset_config(m); + r = manager_parse_config_file(m); + if (r < 0) + log_warning_errno(r, "Failed to parse config file, using defaults: %m"); + else + log_info("Config file reloaded."); + + return 0; +} + static int manager_startup(Manager *m) { int r; Seat *seat; @@ -997,6 +1031,12 @@ static int manager_startup(Manager *m) { assert(m); + assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGHUP, -1) >= 0); + + r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m); + if (r < 0) + return log_error_errno(r, "Failed to register SIGHUP handler: %m"); + /* Connect to console */ r = manager_connect_console(m); if (r < 0) @@ -1099,16 +1139,6 @@ static int manager_run(Manager *m) { } } -static int manager_parse_config_file(Manager *m) { - assert(m); - - return config_parse_many(PKGSYSCONFDIR "/logind.conf", - CONF_PATHS_NULSTR("systemd/logind.conf.d"), - "Login\0", - config_item_perf_lookup, logind_gperf_lookup, - false, m); -} - int main(int argc, char *argv[]) { Manager *m = NULL; int r; diff --git a/src/login/logind.conf b/src/login/logind.conf.in index 6095e482ac..3c96def45d 100644 --- a/src/login/logind.conf +++ b/src/login/logind.conf.in @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=no +#KillUserProcesses=@KILL_USER_PROCESSES@ #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in index 23326bb79f..1fa6441629 100644 --- a/src/login/org.freedesktop.login1.policy.in +++ b/src/login/org.freedesktop.login1.policy.in @@ -111,6 +111,14 @@ </defaults> </action> + <action id="org.freedesktop.login1.set-self-linger"> + <_description>Allow non-logged-in user to run programs</_description> + <_message>Explicit request is required to run programs as a non-logged-in user.</_message> + <defaults> + <allow_any>yes</allow_any> + </defaults> + </action> + <action id="org.freedesktop.login1.set-user-linger"> <_description>Allow non-logged-in users to run programs</_description> <_message>Authentication is required to run programs as a non-logged-in user.</_message> diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 0fb3aa6c43..5cdf123652 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -299,7 +299,6 @@ void link_update_operstate(Link *link) { link->operstate = operstate; link_send_changed(link, "OperationalState", NULL); link_dirty(link); - manager_dirty(link->manager); } } @@ -3228,14 +3227,17 @@ void link_dirty(Link *link) { assert(link); + /* mark manager dirty as link is dirty */ + manager_dirty(link->manager); + r = set_ensure_allocated(&link->manager->dirty_links, NULL); if (r < 0) /* allocation errors are ignored */ return; r = set_put(link->manager->dirty_links, link); - if (r < 0) - /* allocation errors are ignored */ + if (r <= 0) + /* don't take another ref if the link was already dirty */ return; link_ref(link); diff --git a/src/network/test-network-tables.c b/src/network/test-network-tables.c index ecbbe6c3c9..adbe09a5e1 100644 --- a/src/network/test-network-tables.c +++ b/src/network/test-network-tables.c @@ -9,7 +9,7 @@ int main(int argc, char **argv) { test_table(bond_mode, NETDEV_BOND_MODE); - /* test_table(link_state, LINK_STATE); -- not a reversible mapping */ + /* test_table(link_state, LINK_STATE); — not a reversible mapping */ test_table(link_operstate, LINK_OPERSTATE); test_table(address_family_boolean, ADDRESS_FAMILY_BOOLEAN); test_table(netdev_kind, NETDEV_KIND); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index a07f148ef6..44dce471e7 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1481,7 +1481,7 @@ static int setup_journal(const char *directory) { } if (arg_link_journal == LINK_HOST) { - /* don't create parents here -- if the host doesn't have + /* don't create parents here — if the host doesn't have * permanent journal set up, don't force it here */ if (mkdir(p, 0755) < 0 && errno != EEXIST) { diff --git a/src/resolve/RFCs b/src/resolve/RFCs index 22004a00cd..09c85f9518 100644 --- a/src/resolve/RFCs +++ b/src/resolve/RFCs @@ -8,7 +8,7 @@ D = Comprehensively Implemented, by a dependency of resolved Y https://tools.ietf.org/html/rfc1034 → DOMAIN NAMES - CONCEPTS AND FACILITIES Y https://tools.ietf.org/html/rfc1035 → DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION ? https://tools.ietf.org/html/rfc1101 → DNS Encoding of Network Names and Other Types -Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts -- Application and Support +Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts — Application and Support ~ https://tools.ietf.org/html/rfc1464 → Using the Domain Name System To Store Arbitrary String Attributes Y https://tools.ietf.org/html/rfc1536 → Common DNS Implementation Errors and Suggested Fixes Y https://tools.ietf.org/html/rfc1876 → A Means for Expressing Location Information in the Domain Name System diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c index c5863b3aa2..b0dc65036d 100644 --- a/src/resolve/resolved-link.c +++ b/src/resolve/resolved-link.c @@ -468,7 +468,7 @@ static void link_read_settings(Link *l) { } if (r > 0) { - /* If this link used to be managed, but is now unmanaged, flush all our settings -- but only once. */ + /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ if (l->is_managed) link_flush_settings(l); diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index e2d2931c51..38a55525c0 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1073,7 +1073,7 @@ int add_matches_for_unit(sd_journal *j, const char *unit) { ); if (r == 0 && endswith(unit, ".slice")) { - char *m5 = strappend("_SYSTEMD_SLICE=", unit); + const char *m5 = strjoina("_SYSTEMD_SLICE=", unit); /* Show all messages belonging to a slice */ (void)( diff --git a/src/test/test-nss.c b/src/test/test-nss.c index 9c13288d2e..55af592287 100644 --- a/src/test/test-nss.c +++ b/src/test/test-nss.c @@ -381,12 +381,18 @@ static void test_byaddr(void *handle, #ifdef HAVE_MYHOSTNAME # define MODULE1 "myhostname\0" +#else +# define MODULE1 #endif #ifdef HAVE_RESOLVED # define MODULE2 "resolve\0" +#else +# define MODULE2 #endif #ifdef HAVE_MACHINED # define MODULE3 "mymachines\0" +#else +# define MODULE3 #endif #define MODULE4 "dns\0" diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index 8b1bcefe2d..a7be2a4eed 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -27,21 +27,21 @@ * http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames * * Two character prefixes based on the type of interface: - * en -- Ethernet - * sl -- serial line IP (slip) - * wl -- wlan - * ww -- wwan + * en — Ethernet + * sl — serial line IP (slip) + * wl — wlan + * ww — wwan * * Type of names: - * b<number> -- BCMA bus core number - * c<bus_id> -- CCW bus group name, without leading zeros [s390] - * o<index>[d<dev_port>] -- on-board device index number - * s<slot>[f<function>][d<dev_port>] -- hotplug slot index number - * x<MAC> -- MAC address + * b<number> — BCMA bus core number + * c<bus_id> — CCW bus group name, without leading zeros [s390] + * o<index>[d<dev_port>] — on-board device index number + * s<slot>[f<function>][d<dev_port>] — hotplug slot index number + * x<MAC> — MAC address * [P<domain>]p<bus>s<slot>[f<function>][d<dev_port>] - * -- PCI geographical location + * — PCI geographical location * [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>] - * -- USB port number chain + * — USB port number chain * * All multi-function PCI devices will carry the [f<function>] number in the * device name, including the function 0 device. @@ -140,9 +140,9 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) { const char *attr; int idx; - /* ACPI _DSM -- device specific method for naming a PCI or PCI Express device */ + /* ACPI _DSM — device specific method for naming a PCI or PCI Express device */ attr = udev_device_get_sysattr_value(names->pcidev, "acpi_index"); - /* SMBIOS type 41 -- Onboard Devices Extended Information */ + /* SMBIOS type 41 — Onboard Devices Extended Information */ if (!attr) attr = udev_device_get_sysattr_value(names->pcidev, "index"); if (!attr) @@ -230,7 +230,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) { if (l == 0) names->pci_path[0] = '\0'; - /* ACPI _SUN -- slot user number */ + /* ACPI _SUN — slot user number */ pci = udev_device_new_from_subsystem_sysname(udev, "subsystem", "pci"); if (!pci) { err = -ENOENT; diff --git a/units/rc-local.service.in b/units/rc-local.service.in index d4db1747ed..480dddbe37 100644 --- a/units/rc-local.service.in +++ b/units/rc-local.service.in @@ -17,3 +17,4 @@ Type=forking ExecStart=@RC_LOCAL_SCRIPT_PATH_START@ start TimeoutSec=0 RemainAfterExit=yes +GuessMainPID=no |