Age | Commit message (Collapse) | Author |
|
|
|
Currently, Activate() calls chvt(), which does an ioctl(VT_ACTIVATE) and
immediately calls seat_set_active(). However, VTs are allowed to prevent
being deactivated. Therefore, logind cannot be sure the VT_ACTIVATE call
was actually successful.
Furthermore, compositors often need to clean up their devices before they
acknowledge the VT switch. The immediate call to seat_set_active() may
modify underlying ACLs, though. Thus, some compositors may fail cleaning
up their stuff. Moreover, the compositor being switched to (if listening
to logind instead of VTs) will not be able to activate its devices if the
old VT still has them active.
We could simply add an VT_WAITACTIVE call, which blocks until the given VT
is active. However, this can block forever if the compositor hangs.
So to fix this, we make Activate() lazy. That is, it only schedules a
session-switch but does not wait for it to complete. The caller can no
longer rely on it being immediate. Instead, a caller is required to wait
for the PropertiesChanged signal and read the "Active" field.
We could make Activate() wait asynchronously for the session-switch to
complete and then send the return-message afterwards. However, this would
add a lot of state-tracking with no real gain:
1) Sessions normally don't care whether Activate() was actually
successful as they currently _must_ wait for the VT activation to do
anything for real.
2) Error messages for failed session switches can be printed by logind
instead of the session issuing Activate().
3) Sessions that require synchronous Activate() calls can simply issue
the call and then wait for "Active" properties to change. This also
allows them to implement their own timeout.
This change prepares for multi-session on seats without VTs. Forced VT
switches are always bad as compositors cannot perform any cleanup. This
isn't strictly required, but may lead to loss of information and ambiguous
error messages.
So for multi-session on seats without VTs, we must wait for the current
session to clean-up before finalizing the session-switch. This requires
Activate() to be lazy as we cannot block here.
Note that we can always implement a timeout which allows us to guarantee
the session switch to happen. Nevertheless, this calls for a lazy
Activate().
|
|
A session usually has only a single compositor or other application that
controls graphics and input devices on it. To avoid multiple applications
from hijacking each other's devices or even using the devices in parallel,
we add session controllers.
A session controller is an application that manages a session. Specific
API calls may be limited to controllers to avoid others from getting
unprivileged access to restricted resources. A session becomes a
controller by calling the RequestControl() dbus API call. It can drop it
via ReleaseControl().
logind tracks bus-names to release the controller once an application
closes the bus. We use the new bus-name tracking to do that. Note that
during ReleaseControl() we need to check whether some other session also
tracks the name before we remove it from the bus-name tracking list.
Currently, we only allow one controller at a time. However, the public API
does not enforce this restriction. So if it makes sense, we can allow
multiple controllers in parallel later. Or we can add a "scope" parameter,
which allows a different controller for graphics-devices, sound-devices
and whatever you want.
Note that currently you get -EBUSY if there is already a controller. You
can force the RequestControl() call (root-only) to drop the current
controller and recover the session during an emergency. To recover a seat,
this is not needed, though. You can simply create a new session or
force-activate it.
To become a session controller, a dbus caller must either be root or the
same user as the user of the session. This allows us to run a session
compositor as user and we no longer need any CAP_SYS_ADMIN.
|
|
If we want to track bus-names to allow exclusive resource-access, we need
a way to get notified when a bus-name is gone. We make logind watch for
NameOwnerChanged dbus events and check whether the name is currently
watched. If it is, we remove it from the watch-list (notification for
other objects can be added in follow-up patches).
|
|
Session compositors need access to fbdev, DRM and evdev devices if they
control a session. To make logind pass them to sessions, we need to
listen for them actively.
However, we avoid creating new seats for non master-of-seat devices. Only
once a seat is created, we start remembering all other session devices. If
the last master-device is removed (even if there are other non-master
devices still available), we destroy the seat. This is the current
behavior, but we need to explicitly implement it now as there may be
non-master devices in the seat->devices list.
Unlike master devices, we don't care whether our list of non-master
devices is complete. We don't export this list but use it only as cache if
sessions request these devices. Hence, if a session requests a device that
is not in the list, we will simply look it up. However, once a session
requested a device, we must be notified of "remove" udev events. So we
must link the devices somehow into the device-list.
Regarding the implementation, we now sort the device list by the "master"
flag. This guarantees that master devices are at the front and non-master
devices at the tail of the list. Thus, we can easily test whether a seat
has a master device attached.
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=68232
|
|
|
|
Previously the specifier calls could only indicate OOM by returning
NULL. With this change they will return negative errno-style error codes
like everything else.
|
|
|
|
|
|
|
|
Also consolidate the wlan key into the "all Samsung" rule to avoid repetition.
Thanks to Mauro Carvalho Chehab!
https://bugzilla.redhat.com/show_bug.cgi?id=989103
|
|
|
|
https://bugs.archlinux.org/task/36950
|
|
Use AC_LINK_IFELSE instead of AC_COMPILE_IFELSE to test for flags that
might succeed during compilation but not during linking. An example is gcc
compiled with libssp support but gnu-ld without it. In this case
-fstack-protector works fine during compilation but fails during linking
as several internal helpers are missing.
|
|
Only ASCII letters and digits are allowed.
|
|
The logs are unlikely to contain any useful information in this case.
Also, change "walked on cycle path" to "found dependency on", which
is less technical and indicates the direction. With the old message,
I was never sure if prior units depended on later ones, or vice versa.
https://bugzilla.redhat.com/show_bug.cgi?id=996133
https://bugzilla.redhat.com/show_bug.cgi?id=997082
|
|
ARM syscall list includes SYS_OABI_SYSCALL_BASE and SYS_SYSCALL_BASE
which were obsuring real syscall names.
|
|
Travis tests are failing, probably because /proc/meminfo is not available
in the test environment. The same might be true in some virtualized systems,
so just treat missing /proc/meminfo as a sign that hibernation is not
possible.
|
|
|
|
As we load unit files lazily, we need to make sure something pulls in swap
units that should be started automatically, otherwise the default dependencies
will never be applied.
This partially reinstates code removed in
commit 64347fc2b983f33e7efb0fd2bb44e133fb9f30f4.
Also don't order swap devices after swap.target when they are 'nofail'.
|
|
|
|
Condition that is checked is taken from upower:
active(anon) < free swap * 0.98
This is really stupid, because the kernel knows the situation better,
e.g. there could be two swap files, and then hibernation would be
impossible despite passing this check, or the kernel could start
supporting compressed swap and/or compressed hibernation images, and
then this this check would be too stringent. Nevertheless, until
we have something better, this should at least return a true negative
if there's no swap.
Logging of capabilities in the journal is changed to not strip leading
zeros. I consider this more readable anyway.
http://cgit.freedesktop.org/upower/tree/src/up-daemon.c#n613
https://bugzilla.redhat.com/show_bug.cgi?id=1007059
|
|
|
|
This should have been part of commit 7ab064a6d
|
|
At the beginning move_later is set to -1, but it is set to different
value only if expression !move_later is true.
|
|
Make sure swap.target correctly requires/wants the swap units.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=69291.
Reported-by: Hussam Al-Tayeb
|
|
|
|
|
|
|
|
If the memory_limit of unit is -1, we should write "-1"
to the file memory.limit_in_bytes. not the (unit64_t) -1.
otherwise the memory.limit_in_bytes will be set to zero.
|
|
it should be memory.soft_limit_in_bytes.
|
|
set the value of variable "r" to the return value
of cg_set_attribute.
|
|
Trivial cleanup of repeat_unmount() spelling.
|
|
The main usecase for this is to make it possible to use cryptsetup in
the initrd without it having to include a host-specific /etc/crypttab.
Tested-by: Thomas Bächler <thomas@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is a recurring submission and includes corrections to various
issue spotted. I guess I can just skip over reporting ubiquitous
comma placement fixes…
Highligts in this particular commit:
- the "unsigned" type qualifier is completed to form a full type
"unsigned int"
- alphabetic -> lexicographic (that way we automatically define how
numbers get sorted)
|
|
|
|
|
|
Services using the watchdog option might want to be restarted
only if the watchdog triggers.
|
|
Can help since the journal requires /etc/machine-id to exists in order to start,
and will simply silently exit when it does not.
|
|
|
|
wait_filter() callback shouldn't process JobRemove signals for arbitrary
jobs. It should only deal with signals for jobs which are included in
set of jobs we wait for.
|
|
|