diff options
Diffstat (limited to 'src/grp-login/systemd-logind')
| -rw-r--r-- | src/grp-login/systemd-logind/logind-action.c | 2 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-button.c | 9 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-device.c | 9 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-inhibit.c | 9 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-seat.c | 9 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-session.c | 14 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind-user.c | 32 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind.c | 8 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/logind.conf.xml | 47 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/systemd-logind.service.in | 4 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/systemd-logind.service.xml | 2 | ||||
| -rw-r--r-- | src/grp-login/systemd-logind/systemd-user.pam.m4 | 4 |
12 files changed, 81 insertions, 68 deletions
diff --git a/src/grp-login/systemd-logind/logind-action.c b/src/grp-login/systemd-logind/logind-action.c index 594a7e0039..3115284564 100644 --- a/src/grp-login/systemd-logind/logind-action.c +++ b/src/grp-login/systemd-logind/logind-action.c @@ -86,7 +86,7 @@ int manager_handle_action( } /* If the key handling is inhibited, don't do anything */ - if (!ignore_inhibited && inhibit_key > 0) { + if (inhibit_key > 0) { if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) { log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key)); return 0; diff --git a/src/grp-login/systemd-logind/logind-button.c b/src/grp-login/systemd-logind/logind-button.c index 912140cc13..60e9f0a476 100644 --- a/src/grp-login/systemd-logind/logind-button.c +++ b/src/grp-login/systemd-logind/logind-button.c @@ -45,15 +45,12 @@ Button* button_new(Manager *m, const char *name) { return NULL; b->name = strdup(name); - if (!b->name) { - free(b); - return NULL; - } + if (!b->name) + return mfree(b); if (hashmap_put(m->buttons, b->name, b) < 0) { free(b->name); - free(b); - return NULL; + return mfree(b); } b->manager = m; diff --git a/src/grp-login/systemd-logind/logind-device.c b/src/grp-login/systemd-logind/logind-device.c index ac119701a0..15ef1b10bb 100644 --- a/src/grp-login/systemd-logind/logind-device.c +++ b/src/grp-login/systemd-logind/logind-device.c @@ -35,15 +35,12 @@ Device* device_new(Manager *m, const char *sysfs, bool master) { return NULL; d->sysfs = strdup(sysfs); - if (!d->sysfs) { - free(d); - return NULL; - } + if (!d->sysfs) + return mfree(d); if (hashmap_put(m->devices, d->sysfs, d) < 0) { free(d->sysfs); - free(d); - return NULL; + return mfree(d); } d->manager = m; diff --git a/src/grp-login/systemd-logind/logind-inhibit.c b/src/grp-login/systemd-logind/logind-inhibit.c index cea4850a47..b416f395a1 100644 --- a/src/grp-login/systemd-logind/logind-inhibit.c +++ b/src/grp-login/systemd-logind/logind-inhibit.c @@ -46,17 +46,14 @@ Inhibitor* inhibitor_new(Manager *m, const char* id) { return NULL; i->state_file = strappend("/run/systemd/inhibit/", id); - if (!i->state_file) { - free(i); - return NULL; - } + if (!i->state_file) + return mfree(i); i->id = basename(i->state_file); if (hashmap_put(m->inhibitors, i->id, i) < 0) { free(i->state_file); - free(i); - return NULL; + return mfree(i); } i->manager = m; diff --git a/src/grp-login/systemd-logind/logind-seat.c b/src/grp-login/systemd-logind/logind-seat.c index 5bb9ed6226..ea5513bea5 100644 --- a/src/grp-login/systemd-logind/logind-seat.c +++ b/src/grp-login/systemd-logind/logind-seat.c @@ -49,18 +49,15 @@ Seat *seat_new(Manager *m, const char *id) { return NULL; s->state_file = strappend("/run/systemd/seats/", id); - if (!s->state_file) { - free(s); - return NULL; - } + if (!s->state_file) + return mfree(s); s->id = basename(s->state_file); s->manager = m; if (hashmap_put(m->seats, s->id, s) < 0) { free(s->state_file); - free(s); - return NULL; + return mfree(s); } return s; diff --git a/src/grp-login/systemd-logind/logind-session.c b/src/grp-login/systemd-logind/logind-session.c index 58ac2aeeb7..f25f4b6555 100644 --- a/src/grp-login/systemd-logind/logind-session.c +++ b/src/grp-login/systemd-logind/logind-session.c @@ -64,16 +64,13 @@ Session* session_new(Manager *m, const char *id) { return NULL; s->state_file = strappend("/run/systemd/sessions/", id); - if (!s->state_file) { - free(s); - return NULL; - } + if (!s->state_file) + return mfree(s); s->devices = hashmap_new(&devt_hash_ops); if (!s->devices) { free(s->state_file); - free(s); - return NULL; + return mfree(s); } s->id = basename(s->state_file); @@ -81,8 +78,7 @@ Session* session_new(Manager *m, const char *id) { if (hashmap_put(m->sessions, s->id, s) < 0) { hashmap_free(s->devices); free(s->state_file); - free(s); - return NULL; + return mfree(s); } s->manager = m; @@ -613,7 +609,7 @@ static int session_stop_scope(Session *s, bool force) { return 0; /* Let's always abandon the scope first. This tells systemd that we are not interested anymore, and everything - * that is left in in the scope is "left-over". Informing systemd about this has the benefit that it will log + * that is left in the scope is "left-over". Informing systemd about this has the benefit that it will log * when killing any processes left after this point. */ r = manager_abandon_scope(s->manager, s->scope, &error); if (r < 0) diff --git a/src/grp-login/systemd-logind/logind-user.c b/src/grp-login/systemd-logind/logind-user.c index 3c5f5df290..0308a78d42 100644 --- a/src/grp-login/systemd-logind/logind-user.c +++ b/src/grp-login/systemd-logind/logind-user.c @@ -26,6 +26,7 @@ #include "sd-bus/bus-error.h" #include "sd-bus/bus-util.h" #include "systemd-basic/alloc-util.h" +#include "systemd-basic/cgroup-util.h" #include "systemd-basic/escape.h" #include "systemd-basic/fd-util.h" #include "systemd-basic/fileio.h" @@ -354,14 +355,12 @@ static int user_mkdir_runtime_path(User *u) { r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { - if (errno != EPERM) { + if (errno != EPERM && errno != EACCES) { r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path); goto fail; } - /* Lacking permissions, maybe - * CAP_SYS_ADMIN-less container? In this case, - * just use a normal directory. */ + log_debug_errno(errno, "Failed to mount per-user tmpfs directory %s, assuming containerized execution, ignoring: %m", u->runtime_path); r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid); if (r < 0) { @@ -613,9 +612,14 @@ int user_finalize(User *u) { if (k < 0) r = k; - /* Clean SysV + POSIX IPC objects */ - if (u->manager->remove_ipc) { - k = clean_ipc(u->uid); + /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs + * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to + * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such + * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because + * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, + * and do it only for normal users. */ + if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) { + k = clean_ipc_by_uid(u->uid); if (k < 0) r = k; } @@ -892,9 +896,19 @@ int config_parse_user_tasks_max( assert(rvalue); assert(data); - /* First, try to parse as percentage */ + if (isempty(rvalue)) { + *m = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U); + return 0; + } + + if (streq(rvalue, "infinity")) { + *m = CGROUP_LIMIT_MAX; + return 0; + } + + /* Try to parse as percentage */ r = parse_percent(rvalue); - if (r > 0 && r < 100) + if (r >= 0) k = system_tasks_max_scale(r, 100U); else { diff --git a/src/grp-login/systemd-logind/logind.c b/src/grp-login/systemd-logind/logind.c index ccb88d4ead..c95a11f9ea 100644 --- a/src/grp-login/systemd-logind/logind.c +++ b/src/grp-login/systemd-logind/logind.c @@ -28,6 +28,7 @@ #include "sd-bus/bus-error.h" #include "sd-bus/bus-util.h" #include "systemd-basic/alloc-util.h" +#include "systemd-basic/cgroup-util.h" #include "systemd-basic/def.h" #include "systemd-basic/dirent-util.h" #include "systemd-basic/fd-util.h" @@ -63,7 +64,7 @@ static void manager_reset_config(Manager *m) { m->idle_action = HANDLE_IGNORE; m->runtime_dir_size = physical_memory_scale(10U, 100U); /* 10% */ - m->user_tasks_max = system_tasks_max_scale(33U, 100U); /* 33% */ + m->user_tasks_max = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U); /* 33% */ m->sessions_max = 8192; m->inhibitors_max = 8192; @@ -126,7 +127,8 @@ static void manager_free(Manager *m) { Inhibitor *i; Button *b; - assert(m); + if (!m) + return; while ((session = hashmap_first(m->sessions))) session_free(session); @@ -1002,7 +1004,7 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us static int manager_parse_config_file(Manager *m) { assert(m); - return config_parse_many(PKGSYSCONFDIR "/logind.conf", + return config_parse_many_nulstr(PKGSYSCONFDIR "/logind.conf", CONF_PATHS_NULSTR("systemd/logind.conf.d"), "Login\0", config_item_perf_lookup, logind_gperf_lookup, diff --git a/src/grp-login/systemd-logind/logind.conf.xml b/src/grp-login/systemd-logind/logind.conf.xml index adba5a4131..994e0e1140 100644 --- a/src/grp-login/systemd-logind/logind.conf.xml +++ b/src/grp-login/systemd-logind/logind.conf.xml @@ -211,7 +211,7 @@ <term><varname>HandleLidSwitch=</varname></term> <term><varname>HandleLidSwitchDocked=</varname></term> - <listitem><para>Controls whether logind shall handle the + <listitem><para>Controls how logind shall handle the system power and sleep keys and the lid switch to trigger actions such as system power-off or suspend. Can be one of <literal>ignore</literal>, @@ -240,7 +240,16 @@ docking station, or if more than one display is connected, the action specified by <varname>HandleLidSwitchDocked=</varname> occurs; otherwise the <varname>HandleLidSwitch=</varname> - action occurs.</para></listitem> + action occurs.</para> + + <para>A different application may disable logind's handling of system power and + sleep keys and the lid switch by taking a low-level inhibitor lock + ("handle-power-key", "handle-suspend-key", "handle-hibernate-key", + "handle-lid-switch"). This is most commonly used by graphical desktop environments + to take over suspend and hibernation handling, and to use their own configuration + mechanisms. If a low-level inhibitor lock is taken, logind will not take any + action when that key or switch is triggered and the <varname>Handle*=</varname> + settings are irrelevant.</para></listitem> </varlistentry> <varlistentry> @@ -249,21 +258,22 @@ <term><varname>HibernateKeyIgnoreInhibited=</varname></term> <term><varname>LidSwitchIgnoreInhibited=</varname></term> - <listitem><para>Controls whether actions triggered by the - power and sleep keys and the lid switch are subject to - inhibitor locks. These settings take boolean arguments. If - <literal>no</literal>, the inhibitor locks taken by - applications in order to block the requested operation are - respected. If <literal>yes</literal>, the requested operation - is executed in any case. + <listitem><para>Controls whether actions that <command>systemd-logind</command> + takes when the power and sleep keys and the lid switch are triggered are subject + to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor + locks ("handle-*-key"), are always honored, irrespective of this setting.</para> + + <para>These settings take boolean arguments. If <literal>no</literal>, the + inhibitor locks taken by applications are respected. If <literal>yes</literal>, + "shutdown", "sleep", and "idle" inhibitor locks are ignored. <varname>PowerKeyIgnoreInhibited=</varname>, - <varname>SuspendKeyIgnoreInhibited=</varname> and - <varname>HibernateKeyIgnoreInhibited=</varname> default to - <literal>no</literal>. - <varname>LidSwitchIgnoreInhibited=</varname> defaults to - <literal>yes</literal>. This means that the lid switch does - not respect suspend blockers by default, but the power and - sleep keys do. </para></listitem> + <varname>SuspendKeyIgnoreInhibited=</varname>, and + <varname>HibernateKeyIgnoreInhibited=</varname> default to <literal>no</literal>. + <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>. + This means that when <command>systemd-logind</command> is handling events by + itself (no low level inhibitor locks are taken by another application), the lid + switch does not respect suspend blockers by default, but the power and sleep keys + do.</para></listitem> </varlistentry> <varlistentry> @@ -318,8 +328,9 @@ <listitem><para>Sets the maximum number of OS tasks each user may run concurrently. This controls the <varname>TasksMax=</varname> setting of the per-user slice unit, see <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. Defaults to 33%, which equals 10813 with the kernel's defaults on the host, but might be smaller - in OS containers.</para></listitem> + for details. If assigned the special value <literal>infinity</literal>, no tasks limit is applied. + Defaults to 33%, which equals 10813 with the kernel's defaults on the host, but might be smaller in + OS containers.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/grp-login/systemd-logind/systemd-logind.service.in b/src/grp-login/systemd-logind/systemd-logind.service.in index bee08d011f..0b6de35733 100644 --- a/src/grp-login/systemd-logind/systemd-logind.service.in +++ b/src/grp-login/systemd-logind/systemd-logind.service.in @@ -23,9 +23,11 @@ ExecStart=@rootlibexecdir@/systemd-logind Restart=always RestartSec=0 BusName=org.freedesktop.login1 -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG WatchdogSec=3min +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io # Increase the default a bit in order to allow many simultaneous diff --git a/src/grp-login/systemd-logind/systemd-logind.service.xml b/src/grp-login/systemd-logind/systemd-logind.service.xml index 5733e42cd1..f0bdb1c756 100644 --- a/src/grp-login/systemd-logind/systemd-logind.service.xml +++ b/src/grp-login/systemd-logind/systemd-logind.service.xml @@ -84,7 +84,7 @@ management</para></listitem> </itemizedlist> - <para>User sessions are registered in logind via the + <para>User sessions are registered with logind via the <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry> PAM module.</para> diff --git a/src/grp-login/systemd-logind/systemd-user.pam.m4 b/src/grp-login/systemd-logind/systemd-user.pam.m4 index f188a8e548..e33963b125 100644 --- a/src/grp-login/systemd-logind/systemd-user.pam.m4 +++ b/src/grp-login/systemd-logind/systemd-user.pam.m4 @@ -2,11 +2,11 @@ # # Used by systemd --user instances. -account include system-auth +account required pam_unix.so m4_ifdef(`HAVE_SELINUX', session required pam_selinux.so close session required pam_selinux.so nottys open )m4_dnl session required pam_loginuid.so -session include system-auth +session optional pam_systemd.so |