Age | Commit message (Collapse) | Author |
|
When the controlling process exits, any existing file descriptors
for that FD will be marked as hung-up and ioctls on them will
file with EIO. To work around this, open a new file descriptor
for the VT we want to clean up.
Thanks to Ray Strode for help in sorting out the problem and
coming up with a fix!
https://github.com/systemd/systemd/issues/989
|
|
The open_terminal() function adds retries in case a terminal
is in the process of being closed when we open it, and should
generally be used to open a terminal. We especially need it
for code that a subsequent commit adds that reopens the terminal
at session shut-down time; such races would be more likely in
that case.
Found by Ray Strode.
|
|
The following functions return immediately if a null pointer was passed.
* calendar_spec_free
* link_address_free
* manager_free
* sd_bus_unref
* sd_journal_close
* udev_monitor_unref
* udev_unref
It is therefore not needed that a function caller repeats a corresponding check.
This issue was fixed by using the software Coccinelle 1.0.1.
|
|
Since dacd6cee76a08331b8c8616c5f30f70ee49aa2f9 the two OOM's are
ignored as the value of r will be overwritten and we only log in
the fail section anyway.
This patch jumps to fail on OOM.
Note that this is different behavior compared to both the current
code and previous to dacd6cee76a08331b8c8616c5f30f70ee49aa2f9. Before
that commit we would log that saving the inhibit data failed, but
still write the file, though without the WHO/WHY section.
CID# 1313545
|
|
Use mfree() where we can.
Drop unnecessary {}.
Drop unnecessary variable declarations.
Cast syscall invocations where explicitly don't care for the return
value to (void).
Reword a comment.
|
|
If we get a weird signal, then we should log about it, but not return an
error, since sd-bus will not call us again then anymore, but for these
signals we match here we actually do want to be called on the next
invocation.
|
|
Let logind use the sd_bus_track helper object to track the controllers of
sessions. This does not only remove quite some code but also kills the
unconditional matches for all NameOwnerChanged signals.
The latter is something we should never ever do, as it wakes up the daemon
every time a client connects, which doesn't scale.
|
|
Many boards like hisilicon D02 board use standard gpio key to power down system.
A description of gpio-key in dts shown below,
gpio_keys {
compatible = "gpio-keys";
#address-cells = <1>;
#size-cells = <0>;
pwrbutton {
label = "Power Button";
gpios = <&porta 8 1>;
linux,code = <116>; // KEY_POWER, used by SC System Power Down
};
};
-bash-4.3# udevadm info -a /dev/input/event3
Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.
looking at device '/devices/platform/gpio_keys/input/input3/event3':
KERNEL=="event3"
SUBSYSTEM=="input"
DRIVER==""
looking at parent device '/devices/platform/gpio_keys/input/input3':
KERNELS=="input3"
SUBSYSTEMS=="input"
DRIVERS==""
ATTRS{name}=="gpio_keys"
ATTRS{phys}=="gpio-keys/input0"
ATTRS{uniq}==""
ATTRS{properties}=="0"
looking at parent device '/devices/platform/gpio_keys':
KERNELS=="gpio_keys"
SUBSYSTEMS=="platform"
DRIVERS=="gpio-keys"
ATTRS{keys}=="116"
ATTRS{switches}==""
ATTRS{driver_override}=="(null)"
ATTRS{disabled_keys}==""
ATTRS{disabled_switches}==""
looking at parent device '/devices/platform':
KERNELS=="platform"
SUBSYSTEMS==""
DRIVERS==""
|
|
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
free(foobar);
foobar = NULL;
to this:
foobar = mfree(foobar);
|
|
Make sure we release VT-positions when a session is closed. Otherwise,
lingering sessions will occupy VTs and prevent next logins from
succeeding.
Note that we already release session-devices when closing a session, so
there cannot be anyone using the VT anymore.
|
|
Use free_and_strdup() where appropriate and replace equivalent,
open-coded versions.
|
|
Some places invoked fflush() directly with their own manual error
checking, let's unify all that by using fflush_and_check().
This also unifies the general error paths of fflush()+rename() file
writers.
|
|
WRITE_STRING_FILE_ATOMIC is only valid if WRITE_STRING_FILE_CREATE is also
given. IOW, an atomic file write operation is only possible when creating a
file is also being asked for.
This is a regression from the recent write_string_file() rework.
|
|
If a session is in closing state (and already got rid of its VT), then
never re-select it for that VT. There is no reason why we should grant
something to a session that is already going away *AND* already got rid
of exactly that.
|
|
Our seat->positions[] array keeps track of the 'preferred' session on a
VT. The only situation this is used, is to select the session to activate
when a VT is activated. In the normal case, there's only one session per
VT so the selection is trivial.
Older greeters, however, implement take-overs when they start sessions on
the same VT that the greeter ran on. We recently limited such take-overs
to VTs where a greeter is running on, to force people to never share VTs
in new code that is written.
For legacy reasons, we need to be compatible to old greeters, though.
Hence, we allow those greeters to implement take-over. In such take-overs,
however, we should really make sure that the new sessions gets preferred
over the old one under all circumstances. Hence, make sure we override
the previous preferred session with a new session.
|
|
A while back we opened up all of logind's bus calls to unprivileged
users, via PK. However, the dbus1 policy wasn't updated accordingly.
With this change, the dbus1 policy is opened up for all bus calls that
should be available to unprivileged clients.
(also rearranges some calls in the vtable, to make more sense, and be in
line with the order in the bus policy file)
Fixes #471.
|
|
Spell out the proper name. Use 'pos' over 'position', and also update the
logind state file to do the same. Note that this breaks live updates.
However, we only save 'POSITION' on non-seat0, so this shouldn't bother
anyone for real. If you run multi-seat setups, you better restart a
machine on updates, anyway.
|
|
Make sure a greeter can forcefully spawn a session on a VT that is
in-use. A recent patch prevented this (this used to be possible for all
session types) as it is highly fragile. However, as it turns out,
greeters seem to rely on that feature. Therefore, make sure we allow it
explicitly for greeters.
|
|
property callback returns are consistent
|
|
fileio: consolidate write_string_file*()
|
|
It is no different to return 0 over 1 in the property
callback. It is confusing to return 1 which made me think
1 has a special purpose. This way code is consistent with
the rest of the tree.
|
|
Right now, if you're already in a session and call CreateSession, we
return information about the current session of yours. This is highy
confusing and a nasty hack. Avoid that, and instead return a commonly
known error, so the caller can detect that.
This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT
in pam_systemd, if you're already in a session. But this sounds like the
right thing to do, anyway.
|
|
Old gdm and lightdm start the user-session during login before they
destroy the greeter-session. Therefore, the user-session will take over
the VT from the greeter. We recently prevented this by never allowing
multiple sessions on the same VT. Fix this now, by explicitly allowing
this if the owning session is a GREETER.
Note that gdm no longer behaves like this. Instead, due to wayland, they
always use a different VT for each session. All other login-managers are
highly encouraged to destroy the greeter-session _before_ starting the
user-session. We now work around this, but this will probably not last
forever (and will already have nasty side-effects on the greeter-session).
|
|
Login small cleanup
|
|
|
|
! is supposed to be used for booleans and pointers.
|
|
Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
|
|
|
|
|
|
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush()
(which writes all unwritten messages out) + sd_bus_close() (which
terminates the connection, releasing all unread messages) +
sd_bus_unref() (which frees the connection).
The combination of this call is used pretty frequently in systemd tools
right before exiting, and should also be relevant for most external
clients, and is hence useful to cover in a call of its own.
Previously the combination of the three calls was already done in the
_cleanup_bus_close_unref_ macro, but this was only available internally.
Also see #327
|
|
Qemu provides a separate pci-bridge exclusively for multi-seat setups.
The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new
pci-bridge-seat was specifically added to simplify guest-side
multiseat configuration. It is identical to the normal pci-pci bridge,
except that it has a different id (1b36:000a) so we can match it and
configure multiseating automatically.
Make sure we always treat this as separate seat if we detect this, just
like other "Pluggable" devices.
(David: write commit-message)
|
|
Right now, if you start a session via 'su' or 'sudo' from within a
session, we make sure to re-use the existing session instead of creating a
new one. We detect this by reading the session of the requesting PID.
However, with gnome-terminal running as a busname-unit, and as such
running outside the session of the user, this will no longer work.
Therefore, this patch makes sure to return the existing session of a VT if
you start a new one.
This has the side-effect, that you will re-use a session which your PID is
not part of. This works fine, but will break assumptions if the parent
session dies (and as such close your session even though you think you're
part of it). However, this should be perfectly fine. If you run multiple
logins on the same session, you should really know what you're doing. The
current way of silently accepting it but choosing the last registered
session is just weird.
|
|
Commit c0f32805 ("logind: use sd_event timer source for inhibitor
logic") reworked the main loop logic of logind so that it uses a
real timeout callback handler to execute delayed functions.
What the old code did, however, was to call those functions on
every iteration in the main loop, not only when the timeout
expired.
Restore that behavior by bringing back manager_dispatch_delayed(),
and call it from manager_run(). The internal event source callback
manager_inhibit_timeout_handler() was turned into a wrapper of
manager_dispatch_delayed() now.
|
|
This properly avoids setting DBUS_SESSION_BUS_ADDRESS if kdbus
is loaded (or built into the kernel) but not wanted.
|
|
logind: save /run/systemd/users/UID before starting user@.service
|
|
turn kdbus support into a runtime option
|
|
logind: apply selinux label to XDG_RUNTIME_DIR
|
|
Previously, this had a race condition during a user's first login.
Some component calls CreateSession (most likely by a PAM service
other than 'systemd-user' running pam_systemd), with the following
results:
- logind:
* create the user's XDG_RUNTIME_DIR
* tell pid 1 to create user-UID.slice
* tell pid 1 to start user@UID.service
Then these two processes race:
- logind:
* save information including XDG_RUNTIME_DIR to /run/systemd/users/UID
- the subprocess of pid 1 responsible for user@service:
* start a 'systemd-user' PAM session, which reads XDG_RUNTIME_DIR
and puts it in the environment
* run systemd --user, which requires XDG_RUNTIME_DIR in the
environment
If logind wins the race, which usually happens, everything is fine;
but if the subprocesses of pid 1 win the race, which can happen
under load, then systemd --user exits unsuccessfully.
To avoid this race, we have to write out /run/systemd/users/UID
even though the service has not "officially" started yet;
previously this did an early-return without saving anything.
Record its state as OPENING in this case.
Bug: https://github.com/systemd/systemd/issues/232
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
|
|
As discussed in #257: we should ensure the selinux label is correctly
applied to each user's XDG_RUNTIME_DIR.
|
|
Previously, we'd just count connected displays, and if there was 2 or
more we assumed a "docked" state.
With this change we now:
- Only count external displays, ignore internal ones (which we detect by
checking the connector name against a whitelist of known external plug
types)
- We ignore connectors which are explicitly disabled
- We then compare the count with >= 1 rather than >= 2 as before
This new logic has the benefit that systems that disconnect the internal
display when the lid is closed are better supported. Also, explicitly
disabled ports do not confuse the algorithm anymore.
This new algorithm has been suggested here:
http://lists.freedesktop.org/archives/intel-gfx/2015-June/068821.html
This also makes two functions static, that are not used outside of their
.c files.
|
|
everywhere: actually make use of DUAL_TIMESTAMP_NULL macro
|
|
logind: expose "Docked" bool as property on the bus
|
|
|
|
We know the state anyway, let's expose it in the bus. It's useful for
debugging at least, but it might be useful for DEs too.
|
|
Let's use it as initializer where appropriate.
|
|
This ports a lot of manual code over to sigprocmask_many() and friends.
Also, we now consistly check for sigprocmask() failures with
assert_se(), since the call cannot realistically fail unless there's a
programming error.
Also encloses a few sd_event_add_signal() calls with (void) when we
ignore the return values for it knowingly.
|
|
login: fix potential null pointer dereference
|
|
Fix CID 1304686: Dereference after null check (FORWARD_NULL)
However, this commit does not fix any bug in logind. It helps to keep
the elect_display_compare() function generic.
|
|
If you use bus_map_all_properties(), you must be aware that it might
touch output variables even though it may fail. This is, because we parse
many different bus-properties and cannot tell how to clean them up, in
case we fail deep down in the parser.
Fix all callers of bus_map_all_properties() to correctly cleanup any
context structures at all times.
|