diff options
Diffstat (limited to 'src/grp-login')
-rw-r--r-- | src/grp-login/Makefile | 6 | ||||
-rw-r--r-- | src/grp-login/loginctl/Makefile | 2 | ||||
-rw-r--r-- | src/grp-login/loginctl/loginctl.c | 8 | ||||
-rw-r--r-- | src/grp-login/pam_systemd/pam_systemd.c | 31 | ||||
-rw-r--r-- | src/grp-login/systemd-inhibit/Makefile | 2 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/Makefile | 3 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind-action.c | 4 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind-core.c | 2 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind-gperf.gperf | 2 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind-session.c | 26 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind-user.c | 75 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind.c | 4 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind.conf.in | 2 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind.conf.xml | 9 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/logind.h | 1 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/org.freedesktop.login1.policy.in | 2 | ||||
-rw-r--r-- | src/grp-login/systemd-logind/systemd-logind.service.in | 2 |
17 files changed, 109 insertions, 72 deletions
diff --git a/src/grp-login/Makefile b/src/grp-login/Makefile index fe0bab0f81..48a15db591 100644 --- a/src/grp-login/Makefile +++ b/src/grp-login/Makefile @@ -27,19 +27,19 @@ test_login_SOURCES = \ src/libsystemd/sd-login/test-login.c test_login_LDADD = \ - libshared.la + libsystemd-shared.la test_login_shared_SOURCES = \ src/login/test-login-shared.c test_login_shared_LDADD = \ - libshared.la + libsystemd-shared.la test_inhibit_SOURCES = \ src/login/test-inhibit.c test_inhibit_LDADD = \ - libshared.la + libsystemd-shared.la test_login_tables_SOURCES = \ src/login/test-login-tables.c diff --git a/src/grp-login/loginctl/Makefile b/src/grp-login/loginctl/Makefile index d2c6eebd27..f1a474e1cc 100644 --- a/src/grp-login/loginctl/Makefile +++ b/src/grp-login/loginctl/Makefile @@ -29,7 +29,7 @@ loginctl_SOURCES = \ src/login/sysfs-show.c loginctl_LDADD = \ - libshared.la + libsystemd-shared.la rootbin_PROGRAMS += \ loginctl diff --git a/src/grp-login/loginctl/loginctl.c b/src/grp-login/loginctl/loginctl.c index 3ac325fc97..469bec582f 100644 --- a/src/grp-login/loginctl/loginctl.c +++ b/src/grp-login/loginctl/loginctl.c @@ -291,7 +291,7 @@ typedef struct SessionStatusInfo { char *seat; char *tty; char *display; - bool remote; + int remote; char *remote_host; char *remote_user; char *service; @@ -305,7 +305,7 @@ typedef struct SessionStatusInfo { typedef struct UserStatusInfo { uid_t uid; - bool linger; + int linger; char *name; struct dual_timestamp timestamp; char *state; @@ -1555,7 +1555,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) { } int main(int argc, char *argv[]) { - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + sd_bus *bus = NULL; int r; setlocale(LC_ALL, ""); @@ -1577,6 +1577,8 @@ int main(int argc, char *argv[]) { r = loginctl_main(argc, argv, bus); finish: + sd_bus_flush_close_unref(bus); + pager_close(); polkit_agent_close(); diff --git a/src/grp-login/pam_systemd/pam_systemd.c b/src/grp-login/pam_systemd/pam_systemd.c index 6f67506e5a..11f527cda0 100644 --- a/src/grp-login/pam_systemd/pam_systemd.c +++ b/src/grp-login/pam_systemd/pam_systemd.c @@ -182,25 +182,20 @@ static int export_legacy_dbus_address( _cleanup_free_ char *s = NULL; int r = PAM_BUF_ERR; - if (is_kdbus_available()) { - if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0) - goto error; - } else { - /* FIXME: We *really* should move the access() check into the - * daemons that spawn dbus-daemon, instead of forcing - * DBUS_SESSION_BUS_ADDRESS= here. */ - - s = strjoin(runtime, "/bus", NULL); - if (!s) - goto error; - - if (access(s, F_OK) < 0) - return PAM_SUCCESS; + /* FIXME: We *really* should move the access() check into the + * daemons that spawn dbus-daemon, instead of forcing + * DBUS_SESSION_BUS_ADDRESS= here. */ - s = mfree(s); - if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0) - goto error; - } + s = strjoin(runtime, "/bus", NULL); + if (!s) + goto error; + + if (access(s, F_OK) < 0) + return PAM_SUCCESS; + + s = mfree(s); + if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0) + goto error; r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0); if (r != PAM_SUCCESS) diff --git a/src/grp-login/systemd-inhibit/Makefile b/src/grp-login/systemd-inhibit/Makefile index 93440da575..8b3b7995d9 100644 --- a/src/grp-login/systemd-inhibit/Makefile +++ b/src/grp-login/systemd-inhibit/Makefile @@ -29,7 +29,7 @@ systemd_inhibit_SOURCES = \ src/login/inhibit.c systemd_inhibit_LDADD = \ - libshared.la + libsystemd-shared.la rootbin_PROGRAMS += \ systemd-inhibit diff --git a/src/grp-login/systemd-logind/Makefile b/src/grp-login/systemd-logind/Makefile index 3c9a0a05ef..ed2db4e038 100644 --- a/src/grp-login/systemd-logind/Makefile +++ b/src/grp-login/systemd-logind/Makefile @@ -59,6 +59,9 @@ _liblogind_core_la_SOURCES = \ src/login/logind-utmp.c \ src/login/logind-acl.h +liblogind_core_la_LIBADD = \ + libsystemd-shared.la + ifneq ($(HAVE_ACL),) _liblogind_core_la_SOURCES += \ src/login/logind-acl.c diff --git a/src/grp-login/systemd-logind/logind-action.c b/src/grp-login/systemd-logind/logind-action.c index 0cfeab3fdb..a7c88e7e65 100644 --- a/src/grp-login/systemd-logind/logind-action.c +++ b/src/grp-login/systemd-logind/logind-action.c @@ -86,7 +86,7 @@ int manager_handle_action( } /* If the key handling is inhibited, don't do anything */ - if (inhibit_key > 0) { + if (!ignore_inhibited && inhibit_key > 0) { if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) { log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key)); return 0; @@ -125,7 +125,7 @@ int manager_handle_action( return -EALREADY; } - inhibit_operation = handle == HANDLE_SUSPEND || handle == HANDLE_HIBERNATE || handle == HANDLE_HYBRID_SLEEP ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; + inhibit_operation = IN_SET(handle, HANDLE_SUSPEND, HANDLE_HIBERNATE, HANDLE_HYBRID_SLEEP) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; /* If the actual operation is inhibited, warn and fail */ if (!ignore_inhibited && diff --git a/src/grp-login/systemd-logind/logind-core.c b/src/grp-login/systemd-logind/logind-core.c index 13ea97ae0d..b2ae7c2e1a 100644 --- a/src/grp-login/systemd-logind/logind-core.c +++ b/src/grp-login/systemd-logind/logind-core.c @@ -498,7 +498,7 @@ static int manager_count_external_displays(Manager *m) { continue; /* Ignore internal displays: the type is encoded in - * the sysfs name, as the second dash seperated item + * the sysfs name, as the second dash separated item * (the first is the card name, the last the connector * number). We implement a whitelist of external * displays here, rather than a whitelist, to ensure diff --git a/src/grp-login/systemd-logind/logind-gperf.gperf b/src/grp-login/systemd-logind/logind-gperf.gperf index d578234e53..1a39c3bf96 100644 --- a/src/grp-login/systemd-logind/logind-gperf.gperf +++ b/src/grp-login/systemd-logind/logind-gperf.gperf @@ -38,4 +38,4 @@ Login.RuntimeDirectorySize, config_parse_tmpfs_size, 0, offsetof(Manag Login.RemoveIPC, config_parse_bool, 0, offsetof(Manager, remove_ipc) Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) -Login.UserTasksMax, config_parse_uint64, 0, offsetof(Manager, user_tasks_max) +Login.UserTasksMax, config_parse_user_tasks_max,0, offsetof(Manager, user_tasks_max) diff --git a/src/grp-login/systemd-logind/logind-session.c b/src/grp-login/systemd-logind/logind-session.c index 928f4a6314..b08db54068 100644 --- a/src/grp-login/systemd-logind/logind-session.c +++ b/src/grp-login/systemd-logind/logind-session.c @@ -605,7 +605,6 @@ int session_start(Session *s) { static int session_stop_scope(Session *s, bool force) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - char *job = NULL; int r; assert(s); @@ -613,22 +612,25 @@ static int session_stop_scope(Session *s, bool force) { if (!s->scope) return 0; + /* Let's always abandon the scope first. This tells systemd that we are not interested anymore, and everything + * that is left in in the scope is "left-over". Informing systemd about this has the benefit that it will log + * when killing any processes left after this point. */ + r = manager_abandon_scope(s->manager, s->scope, &error); + if (r < 0) + log_warning_errno(r, "Failed to abandon session scope, ignoring: %s", bus_error_message(&error, r)); + + /* Optionally, let's kill everything that's left now. */ if (force || manager_shall_kill(s->manager, s->user->name)) { + char *job = NULL; + r = manager_stop_unit(s->manager, s->scope, &error, &job); - if (r < 0) { - log_error("Failed to stop session scope: %s", bus_error_message(&error, r)); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to stop session scope: %s", bus_error_message(&error, r)); free(s->scope_job); s->scope_job = job; - } else { - r = manager_abandon_scope(s->manager, s->scope, &error); - if (r < 0) { - log_error("Failed to abandon session scope: %s", bus_error_message(&error, r)); - return r; - } - } + } else + s->scope_job = mfree(s->scope_job); return 0; } diff --git a/src/grp-login/systemd-logind/logind-user.c b/src/grp-login/systemd-logind/logind-user.c index 015276efc8..5a2750b72b 100644 --- a/src/grp-login/systemd-logind/logind-user.c +++ b/src/grp-login/systemd-logind/logind-user.c @@ -312,8 +312,7 @@ int user_load(User *u) { if (r == -ENOENT) return 0; - log_error_errno(r, "Failed to read %s: %m", u->state_file); - return r; + return log_error_errno(r, "Failed to read %s: %m", u->state_file); } if (display) @@ -844,7 +843,6 @@ int config_parse_tmpfs_size( void *userdata) { size_t *sz = data; - const char *e; int r; assert(filename); @@ -852,35 +850,68 @@ int config_parse_tmpfs_size( assert(rvalue); assert(data); - e = endswith(rvalue, "%"); - if (e) { - unsigned long ul; - char *f; + /* First, try to parse as percentage */ + r = parse_percent(rvalue); + if (r > 0 && r < 100) + *sz = physical_memory_scale(r, 100U); + else { + uint64_t k; - errno = 0; - ul = strtoul(rvalue, &f, 10); - if (errno > 0 || f != e) { - log_syntax(unit, LOG_ERR, filename, line, errno, "Failed to parse percentage value, ignoring: %s", rvalue); - return 0; - } + /* If the passed argument was not a percentage, or out of range, parse as byte size */ - if (ul <= 0 || ul >= 100) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Percentage value out of range, ignoring: %s", rvalue); + r = parse_size(rvalue, 1024, &k); + if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue); return 0; } - *sz = PAGE_ALIGN((size_t) ((physical_memory() * (uint64_t) ul) / (uint64_t) 100)); - } else { - uint64_t k; + *sz = PAGE_ALIGN((size_t) k); + } - r = parse_size(rvalue, 1024, &k); - if (r < 0 || (uint64_t) (size_t) k != k) { - log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue); + return 0; +} + +int config_parse_user_tasks_max( + const char* unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + uint64_t *m = data; + uint64_t k; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + /* First, try to parse as percentage */ + r = parse_percent(rvalue); + if (r > 0 && r < 100) + k = system_tasks_max_scale(r, 100U); + else { + + /* If the passed argument was not a percentage, or out of range, parse as byte size */ + + r = safe_atou64(rvalue, &k); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse tasks maximum, ignoring: %s", rvalue); return 0; } + } - *sz = PAGE_ALIGN((size_t) k); + if (k <= 0 || k >= UINT64_MAX) { + log_syntax(unit, LOG_ERR, filename, line, 0, "Tasks maximum out of range, ignoring: %s", rvalue); + return 0; } + *m = k; return 0; } diff --git a/src/grp-login/systemd-logind/logind.c b/src/grp-login/systemd-logind/logind.c index e5e21f7567..84e23beef0 100644 --- a/src/grp-login/systemd-logind/logind.c +++ b/src/grp-login/systemd-logind/logind.c @@ -62,8 +62,8 @@ static void manager_reset_config(Manager *m) { m->idle_action_usec = 30 * USEC_PER_MINUTE; m->idle_action = HANDLE_IGNORE; - m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ - m->user_tasks_max = 12288; + m->runtime_dir_size = physical_memory_scale(10U, 100U); /* 10% */ + m->user_tasks_max = system_tasks_max_scale(33U, 100U); /* 33% */ m->sessions_max = 8192; m->inhibitors_max = 8192; diff --git a/src/grp-login/systemd-logind/logind.conf.in b/src/grp-login/systemd-logind/logind.conf.in index 32c0844cb6..6f720b7708 100644 --- a/src/grp-login/systemd-logind/logind.conf.in +++ b/src/grp-login/systemd-logind/logind.conf.in @@ -34,4 +34,4 @@ #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 -#UserTasksMax=12288 +#UserTasksMax=33% diff --git a/src/grp-login/systemd-logind/logind.conf.xml b/src/grp-login/systemd-logind/logind.conf.xml index fe92277a1f..adba5a4131 100644 --- a/src/grp-login/systemd-logind/logind.conf.xml +++ b/src/grp-login/systemd-logind/logind.conf.xml @@ -315,12 +315,11 @@ <varlistentry> <term><varname>UserTasksMax=</varname></term> - <listitem><para>Sets the maximum number of OS tasks each user - may run concurrently. This controls the - <varname>TasksMax=</varname> setting of the per-user slice - unit, see + <listitem><para>Sets the maximum number of OS tasks each user may run concurrently. This controls the + <varname>TasksMax=</varname> setting of the per-user slice unit, see <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. Defaults to 12288 (12K).</para></listitem> + for details. Defaults to 33%, which equals 10813 with the kernel's defaults on the host, but might be smaller + in OS containers.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/grp-login/systemd-logind/logind.h b/src/grp-login/systemd-logind/logind.h index effc498118..c637cdfcac 100644 --- a/src/grp-login/systemd-logind/logind.h +++ b/src/grp-login/systemd-logind/logind.h @@ -187,6 +187,7 @@ const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned lengt int manager_set_lid_switch_ignore(Manager *m, usec_t until); int config_parse_tmpfs_size(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); +int config_parse_user_tasks_max(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret); int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret); diff --git a/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in b/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in index 1fa6441629..66cbce393c 100644 --- a/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in +++ b/src/grp-login/systemd-logind/org.freedesktop.login1.policy.in @@ -116,6 +116,8 @@ <_message>Explicit request is required to run programs as a non-logged-in user.</_message> <defaults> <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> </defaults> </action> diff --git a/src/grp-login/systemd-logind/systemd-logind.service.in b/src/grp-login/systemd-logind/systemd-logind.service.in index ff049134ee..bee08d011f 100644 --- a/src/grp-login/systemd-logind/systemd-logind.service.in +++ b/src/grp-login/systemd-logind/systemd-logind.service.in @@ -25,6 +25,8 @@ RestartSec=0 BusName=org.freedesktop.login1 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG WatchdogSec=3min +MemoryDenyWriteExecute=yes +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io # Increase the default a bit in order to allow many simultaneous # logins since we keep one fd open per session. |