Age | Commit message (Collapse) | Author |
|
Noticed-by: Jan Alexander Steffens <jan.steffens@gmail.com>
|
|
With the current logic, a user will never be garbage-collected, since its
manager will always be around. Change the logic such that a user is
garbage-collected when it has no sessions and linger is disabled.
|
|
|
|
|
|
each invocation
We can determine the list entry type via the typeof() gcc construct, and
so we should to make the macros much shorter to use.
|
|
|
|
correctly
|
|
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
|
|
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.
Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
|
|
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
This counts 'online sessions' in addition to 'active sessions' and 'sessions'.
In this context, an 'online session' covers all session in the 'active' state
in addition to the explicit 'online' state.
This provides an easy machanism to determin all relevant sessions easily
(i.e. those that are not 'closing') and adds new semantics to the sd-login.c
APIs sd_uid_get_sessions() and sd_uid_get_seats() where the require_active
argument can be supplied as a value 2 which only lists sessions which are
'online'.
This functionality should allow client applications to avoid deadlocks where
they only exit when all sessions are complete, such as a the problem where
PulseAudio will not exit until all sessions are gone, but in itself prevents
the session from exiting.
|
|
Prevsiouly the first active seat for a user would never be listed and
any subsequent seats would be concatenated on without any spaces.
|
|
closing.
PulseAudio for example will keep a client connection open provided
at least one session exists. However, if all sessions are currently
in the process of closing, we should flag that as the overall state
appropriately to better reflect what is happening.
Although this does better reflect the status for any given user, it does
not actually solve the overall problem of PulseAudio still finding some
sessions active and thus not exiting and therefore actually preventing
the session from closing. Future commits will extend sd-login to cope
with this situation.
|
|
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
|
|
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
|
|
The sssd folks would like to place the kerberos credential cache in
XDG_RUNTIME_DIR, but need to do that in the PAM auth hooks, before
pam_systemd is run as part of the PAM session setup. Hence, in order to
make this easy for them: avoid usage of usernames, and use user IDs
instead thus making an additional NSS lookup unnecessary in the kerberos
bits, but still have the directory well-defined so that the kerberos
bits can determine it before pam_systemd is run.
|
|
|
|
|
|
context
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
Only 34 of 74 tools need libselinux linked, and libselinux is a pain
with its unconditional library constructor.
|
|
|
|
The messages make people nervous.
https://bugzilla.redhat.com/show_bug.cgi?id=727315
|
|
|