Age | Commit message (Collapse) | Author |
|
No functional change expected :)
|
|
them fully log out
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
Currently if the user logs out, the GC may never call user_stop(),
this will not terminate the systemd user and (sd-pam) of that user.
To fix this, remove the USER_CLOSING state check that is blocking the
GC from calling user_stop(). Since if user_check_gc() returns false
this means that all the sessions of the user were removed which will
make user_get_state() return USER_CLOSING.
Conclusion: that test will never be statisfied.
So we remove the USER_CLOSING check and replace it with a check inside
user_stop() this way we know that user_stop() has already queued stop
jobs, no need to redo.
This ensures that the GC will get its two steps correctly as pointed out
by Lennart:
http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html
Note: this also fixes another bug that prevents creating the user
private dbus socket which will break communications with the user
manager.
|
|
KillUserProcesses=yes/no should be ignored when termination is
explicitly requested.
|
|
In function user_get_state() remove the session_is_active() check, just
count on the session_get_state() function to get the correct session
state.
session_is_active() may return true before starting the session scope
and user service, this means it will return true even before the creation
of the session fifo_fd which will produce incorrect states.
So be consistent and just use session_get_state().
|
|
Simplify the shutdown logic a bit:
- Keep the session FIFO around in the PAM module, even after the session
shutdown hook has been finished. This allows logind to track precisely
when the PAM handler goes away.
- In the ReleaseSession() call start a timer, that will stop terminate
the session when elapsed.
- Never fiddle with the KillMode of scopes to configure whether user
processes should be killed or not. Instead, simply leave the scope
units around when we terminate a session whose processes should not be
killed.
- When killing is enabled, stop the session scope on FIFO EOF or after
the ReleaseSession() timeout. When killing is disabled, simply tell
PID 1 to abandon the scope.
Because the scopes stay around and hence all processes are always member
of a scope, the system shutdown logic should be more robust, as the
scopes can be shutdown as part of the usual shutdown logic.
|
|
Use PID_FMT/USEC_FMT/... in more places.
Also update logind error messages to print the full path to a file that
failed. This should make debugging easier for people who do not know
off the top of their head where logind stores it state.
|
|
Noticed-by: Jan Alexander Steffens <jan.steffens@gmail.com>
|
|
With the current logic, a user will never be garbage-collected, since its
manager will always be around. Change the logic such that a user is
garbage-collected when it has no sessions and linger is disabled.
|
|
|
|
|
|
each invocation
We can determine the list entry type via the typeof() gcc construct, and
so we should to make the macros much shorter to use.
|
|
|
|
correctly
|
|
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
|
|
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.
Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
|
|
Replace the very generic cgroup hookup with a much simpler one. With
this change only the high-level cgroup settings remain, the ability to
set arbitrary cgroup attributes is removed, so is support for adding
units to arbitrary cgroup controllers or setting arbitrary paths for
them (especially paths that are different for the various controllers).
This also introduces a new -.slice root slice, that is the parent of
system.slice and friends. This enables easy admin configuration of
root-level cgrouo properties.
This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in
/dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is
turned off by DevicePolicy=).
|
|
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
|
|
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
This counts 'online sessions' in addition to 'active sessions' and 'sessions'.
In this context, an 'online session' covers all session in the 'active' state
in addition to the explicit 'online' state.
This provides an easy machanism to determin all relevant sessions easily
(i.e. those that are not 'closing') and adds new semantics to the sd-login.c
APIs sd_uid_get_sessions() and sd_uid_get_seats() where the require_active
argument can be supplied as a value 2 which only lists sessions which are
'online'.
This functionality should allow client applications to avoid deadlocks where
they only exit when all sessions are complete, such as a the problem where
PulseAudio will not exit until all sessions are gone, but in itself prevents
the session from exiting.
|
|
Prevsiouly the first active seat for a user would never be listed and
any subsequent seats would be concatenated on without any spaces.
|
|
closing.
PulseAudio for example will keep a client connection open provided
at least one session exists. However, if all sessions are currently
in the process of closing, we should flag that as the overall state
appropriately to better reflect what is happening.
Although this does better reflect the status for any given user, it does
not actually solve the overall problem of PulseAudio still finding some
sessions active and thus not exiting and therefore actually preventing
the session from closing. Future commits will extend sd-login to cope
with this situation.
|
|
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
|
|
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
|
|
The sssd folks would like to place the kerberos credential cache in
XDG_RUNTIME_DIR, but need to do that in the PAM auth hooks, before
pam_systemd is run as part of the PAM session setup. Hence, in order to
make this easy for them: avoid usage of usernames, and use user IDs
instead thus making an additional NSS lookup unnecessary in the kerberos
bits, but still have the directory well-defined so that the kerberos
bits can determine it before pam_systemd is run.
|
|
|
|
|
|
context
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
Only 34 of 74 tools need libselinux linked, and libselinux is a pain
with its unconditional library constructor.
|
|
|
|
The messages make people nervous.
https://bugzilla.redhat.com/show_bug.cgi?id=727315
|
|
|