summaryrefslogtreecommitdiff
path: root/src/login/logind.c
AgeCommit message (Collapse)Author
2014-02-19logind: remove redundant check in manager_new()Maciej Wereski
2014-02-13logind: make sure to terminate systemd user on logoutsDjalal Harouni
Currently if the user logs out, the GC may never call user_stop(), this will not terminate the systemd user and (sd-pam) of that user. To fix this, remove the USER_CLOSING state check that is blocking the GC from calling user_stop(). Since if user_check_gc() returns false this means that all the sessions of the user were removed which will make user_get_state() return USER_CLOSING. Conclusion: that test will never be statisfied. So we remove the USER_CLOSING check and replace it with a check inside user_stop() this way we know that user_stop() has already queued stop jobs, no need to redo. This ensures that the GC will get its two steps correctly as pointed out by Lennart: http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html Note: this also fixes another bug that prevents creating the user private dbus socket which will break communications with the user manager.
2014-02-11logind: always kill session when termination is requestedZbigniew Jędrzejewski-Szmek
KillUserProcesses=yes/no should be ignored when termination is explicitly requested.
2014-02-07logind: rework session shutdown logicLennart Poettering
Simplify the shutdown logic a bit: - Keep the session FIFO around in the PAM module, even after the session shutdown hook has been finished. This allows logind to track precisely when the PAM handler goes away. - In the ReleaseSession() call start a timer, that will stop terminate the session when elapsed. - Never fiddle with the KillMode of scopes to configure whether user processes should be killed or not. Instead, simply leave the scope units around when we terminate a session whose processes should not be killed. - When killing is enabled, stop the session scope on FIFO EOF or after the ReleaseSession() timeout. When killing is disabled, simply tell PID 1 to abandon the scope. Because the scopes stay around and hence all processes are always member of a scope, the system shutdown logic should be more robust, as the scopes can be shutdown as part of the usual shutdown logic.
2013-12-18core,logind,networkd: check for udev device initialization via enumeration ↵Lennart Poettering
matches Instead of checking each device after we got it, check wuth an enumeration filter instead, to make it more efficient.
2013-12-18core,logind,networkd: don't pick up devices from udev before they finished ↵Lennart Poettering
udev initialization Managers shouldn't pick up the devices the manage before udev finished initialization, hence check explicitly for that.
2013-12-13event: be more conservative when returning errors from event handler callbacksLennart Poettering
We really should return errors from event handlers if we have a continous problem and don't know any other solution.
2013-12-12bus: remove explicit activator-specific flags, the kdbus supports it nowKay Sievers
2013-12-12bus: add SD_BUS_NAME_REPLACE_EXISTING to all activatable services, fix one ↵Kay Sievers
flags conversion
2013-12-12bus: instead of exposing the dbus1 flags when acquiring a name use our own ↵Lennart Poettering
that are closer to kdbus This turns around DO_NOT_QUEUE into QUEUE which implies a more useful default. (And negative options are awful anyway.)
2013-12-11event: hook up sd-event with the service watchdog logicLennart Poettering
Adds a new call sd_event_set_watchdog() that can be used to hook up the event loop with the watchdog supervision logic of systemd. If enabled and $WATCHDOG_USEC is set the event loop will ping the invoking systemd daemon right after coming back from epoll_wait() but not more often than $WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than $WATCHDOG_USEC/4*3, to make sure the service manager is called in time. This means that setting WatchdogSec= in a .service file and calling sd_event_set_watchdog() in your daemon is enough to hook it up with the watchdog logic.
2013-12-03bus: make sd_bus_request_name() and sd_bus_release_name() behave more like ↵Lennart Poettering
other calls Instead of returning an enum of return codes, make them return error codes like kdbus does internally. Also, document this behaviour so that clients can stick to it. (Also rework bus-control.c to always have to functions for dbus1 vs. kernel implementation of the various calls.)
2013-11-20core: convert PID 1 to libsystemd-busLennart Poettering
This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-12bus: introduce concept of a default bus for each thread and make use of it ↵Lennart Poettering
everywhere We want to emphasize bus connections as per-thread communication primitives, hence introduce a concept of a per-thread default bus, and make use of it everywhere.
2013-11-12bus: introduce concept of a "default" event loop per-thread and make use of ↵Lennart Poettering
it everywhere Try to emphasize a bit that there should be a mapping between event loops and threads, hence introduce a logic that there's one "default" event loop for each thread, that can be queried via "sd_event_default()".
2013-11-08Remove dead code and unexport some callsLennart Poettering
"make check-api-unused" informs us about code that is not used anymore or that is exported but only used internally. Fix these all over the place.
2013-11-05logind: port logind to libsystemd-busLennart Poettering
2013-10-14list: make our list macros a bit easier to use by not requring type spec on ↵Lennart Poettering
each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-09-26Move part of logind.c into a separate fileZbigniew Jędrzejewski-Szmek
liblogind-core.la was underlinked, missing a few functions defined in logind.c. They are moved to a new file, logind-core.c, and this file is linked into liblogind-core.la. In addition, logind-acl.c is attached to the liblogind-core.la, instead of systemd-logind directly.
2013-09-24logind: return -EINVAL when PID is wrongLukas Nykryn
dbus-send --print-reply --system --dest=org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager.GetUserByPID uint32:0 causes systemd-logind[29843]: Assertion 'pid >= 1' failed at src/login/logind.c:938, function manager_get_user_by_pid(). Aborting.
2013-09-17logind: rename vtconsole to seat0David Herrmann
The seat->vtconsole member always points to the default seat seat0. Even if VTs are disabled, it's used as default seat. Therefore, rename it to seat0 to correctly state what it is. This also changes the seat files in /run from IS_VTCONSOLE to IS_SEAT0. It wasn't used by any code, yet, so this seems fine. While we are at it, we also remove every "if (s->vtconsole)" as this pointer is always valid!
2013-09-17logind: add session controllersDavid Herrmann
A session usually has only a single compositor or other application that controls graphics and input devices on it. To avoid multiple applications from hijacking each other's devices or even using the devices in parallel, we add session controllers. A session controller is an application that manages a session. Specific API calls may be limited to controllers to avoid others from getting unprivileged access to restricted resources. A session becomes a controller by calling the RequestControl() dbus API call. It can drop it via ReleaseControl(). logind tracks bus-names to release the controller once an application closes the bus. We use the new bus-name tracking to do that. Note that during ReleaseControl() we need to check whether some other session also tracks the name before we remove it from the bus-name tracking list. Currently, we only allow one controller at a time. However, the public API does not enforce this restriction. So if it makes sense, we can allow multiple controllers in parallel later. Or we can add a "scope" parameter, which allows a different controller for graphics-devices, sound-devices and whatever you want. Note that currently you get -EBUSY if there is already a controller. You can force the RequestControl() call (root-only) to drop the current controller and recover the session during an emergency. To recover a seat, this is not needed, though. You can simply create a new session or force-activate it. To become a session controller, a dbus caller must either be root or the same user as the user of the session. This allows us to run a session compositor as user and we no longer need any CAP_SYS_ADMIN.
2013-09-17logind: add infrastructure to watch busnamesDavid Herrmann
If we want to track bus-names to allow exclusive resource-access, we need a way to get notified when a bus-name is gone. We make logind watch for NameOwnerChanged dbus events and check whether the name is currently watched. If it is, we remove it from the watch-list (notification for other objects can be added in follow-up patches).
2013-09-17logind: listen actively for session devicesDavid Herrmann
Session compositors need access to fbdev, DRM and evdev devices if they control a session. To make logind pass them to sessions, we need to listen for them actively. However, we avoid creating new seats for non master-of-seat devices. Only once a seat is created, we start remembering all other session devices. If the last master-device is removed (even if there are other non-master devices still available), we destroy the seat. This is the current behavior, but we need to explicitly implement it now as there may be non-master devices in the seat->devices list. Unlike master devices, we don't care whether our list of non-master devices is complete. We don't export this list but use it only as cache if sessions request these devices. Hence, if a session requests a device that is not in the list, we will simply look it up. However, once a session requested a device, we must be notified of "remove" udev events. So we must link the devices somehow into the device-list. Regarding the implementation, we now sort the device list by the "master" flag. This guarantees that master devices are at the front and non-master devices at the tail of the list. Thus, we can easily test whether a seat has a master device attached.
2013-09-16Verify validity of session name when received from outsideZbigniew Jędrzejewski-Szmek
Only ASCII letters and digits are allowed.
2013-08-28logind: be more verbose on errorsZbigniew Jędrzejewski-Szmek
2013-08-13logind: restore logic to kill user processes when session endsLennart Poettering
2013-07-10logind: don't misunderstand UnitRemoved signals during reloadingLennart Poettering
When PID 1 reloads the units logind/machined will see UnitRemoved signals for all units. Instead of trusting these immediately, let's check the actual unit state before considering a unit gone, so that reloading PID 1 is not mistaken as the end of all sessions.
2013-07-03logind/machined: properly notice when units are gc'edLennart Poettering
2013-07-02machined: split out machine registration stuff from logindLennart Poettering
Embedded folks don't need the machine registration stuff, hence it's nice to make this optional. Also, I'd expect that machinectl will grow additional commands quickly, for example to join existing containers and suchlike, hence it's better keeping that separate from loginctl.
2013-07-02logind: port over to use scopes+slices for all cgroup stuffLennart Poettering
In order to prepare things for the single-writer cgroup scheme, let's make logind use systemd's own primitives for cgroup management. Every login user now gets his own private slice unit, in which his sessions live in a scope unit each. Also, add user@$UID.service to the same slice, and implicitly start it on first login.
2013-06-20logind: uninitialized variableZbigniew Jędrzejewski-Szmek
2013-06-20logind: add infrastructure to keep track of machines, and move to slicesLennart Poettering
- This changes all logind cgroup objects to use slice objects rather than fixed croup locations. - logind can now collect minimal information about running VMs/containers. As fixed cgroup locations can no longer be used we need an entity that keeps track of machine cgroups in whatever slice they might be located. Since logind already keeps track of users, sessions and seats this is a trivial addition. - nspawn will now register with logind and pass various bits of metadata along. A new option "--slice=" has been added to place the container in a specific slice. - loginctl gained commands to list, introspect and terminate machines. - user.slice and machine.slice will now be pulled in by logind.service, since only logind.service requires this slice.
2013-04-25conf-parser: restrict .include usageLennart Poettering
Disallow recursive .include, and make it unavailable in anything but unit files.
2013-04-24logind: don't busy loop if a job is still running but the delay timeout expiresLennart Poettering
2013-04-24logind: properly enumerate user/session cgroups under their new suffixed namesLennart Poettering
2013-04-17Report about syntax errors with metadataZbigniew Jędrzejewski-Szmek
The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16nspawn: introduce the new /machine/ tree in the cgroup tree and move ↵Lennart Poettering
containers there Containers will now carry a label (normally derived from the root directory name, but configurable by the user), and the container's root cgroup is /machine/<label>. This label is called "machine name", and can cover both containers and VMs (as soon as libvirt also makes use of /machine/). libsystemd-login can be used to query the machine name from a process. This patch also includes numerous clean-ups for the cgroup code.
2013-04-16logind: when looking for cgroup prefixes, allocate from stackLennart Poettering
2013-04-15Fix spelling errors using 'codespell' toolAnatol Pomozov
2013-04-05Use initalization instead of explicit zeroingZbigniew Jędrzejewski-Szmek
Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-03-15logind: explicitly create state directories during early initializationLennart Poettering
Strictly speaking this isn't necessary for the /run/systemd/seats/ directory, since that is created anyway as the first seat is found, and seat0 is always found. But let's be explicit here, and also create the sessions/ and users/ directories, so that people can always install inotify watches from very early on, even when nobody logged in yet.
2013-02-14update TODOThomas Hindoe Paaboel Andersen
2013-02-09logind: rename "seat-master" tag to "master-of-seat"Lennart Poettering
We currently enforce that seats are to be named in the form of "seatXXX", i.e. need to begin with the 4 characters "seat". Thus, "seat-master" would qualify as a seat name. As seat names are frequently used as tags on devices, the "seat-master" tag might hence confuse logind if the user decides to name a seat "seat-master". Hence, avoid any ambuigity: let's rename the "seat-master" tag to "master-of-seat".
2013-01-25logind: rework delay inhibition logicLennart Poettering
- Don't allow any locks to be taken while we are in the process of executing the specific operation, so that apps are not surprised if a suspend/shutdown happens while they rely on their inhibitor. - Get rid of the Resumed signal, it was a bad idea, and redundant due to PrepareForSleep(false), see below. - Always send out PrepareFor{Shutdown,Sleep} signals, instead of only if a delay lock is taken. - Move PrepareForSleep(false) after we come back from the suspend, so that apps can use this as "Resumed" notification. This also has the benefit that apps know when to take a new lock.
2013-01-24logind: only allow one shutdown/sleep action to be queued at the same timeLennart Poettering
This should make sure that closing the lid while shutting down won't suspend the machine but will simply cause the shutdown to complete.
2013-01-07logind: Capability of making seats without framebuffer devicesOleg Samarin
file logind.c: The seat is now activated by any device with udev tag "seat-master" file 71-seat.rules.in: All framebuffer devices have this tag
2012-12-24logind: add support for automatic suspend/hibernate/shutdown on idleLennart Poettering
2012-09-21logind: split up HandleSleepKey= into HandleSuspendKey= and HandleHibernateKey=Lennart Poettering
The kernel and X11 distuingish these two, and Thinkpad keys have both, hence we really should distinguish them too.
2012-09-21logind: allow users to override their own suspend/sleep inhibitorsLennart Poettering