Age | Commit message (Collapse) | Author |
|
If a session controller does not need synchronous VT switches, we allow
them to pass VT control to logind, which acknowledges all VT switches
unconditionally. This works fine with all sessions using the dbus API,
but causes out-of-sync device use if we switch to legacy sessions that
are notified via VT signals. Those are processed before logind notices
the session-switch via sysfs. Therefore, leaving the old session still
active for a short amount of time.
This, in fact, may cause the legacy session to prepare graphics devices
before the old session was deactivated, and thus, maybe causing the old
session to interfer with graphics device usage.
Fix this by releasing devices immediately before acknowledging VT
switches. This way, sessions without VT handlers are required to support
async session switching (which they do in that case, anyway).
|
|
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
Simplify the way we handler session-controllers and fix several
shortcomings:
* send ReleaseDevice() signals on forced session takeover
* fix mem-leaks for busnames in case VT preparation fails (non-critical)
* avoid passing pre-allocated names to helpers
|
|
|
|
Our bus-name watch helpers only remove a bus-name if it's not a
controller, anymore. If we call manager_drop_busname() before
unregistering the controller, the busname will not be dropped. Therefore,
first drop the controller, then drop the bus-name.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=82485
|
|
|
|
|
|
First, let's drop the "bus" argument, we can determine it from the
message anyway.
Secondly, determine the right callback/userdata pair automatically from
what is currently is being dispatched. This should simplify things a lot
for us, since it makes it unnecessary to pass pointers through the
original handlers through all functions when we process messages, which
might require authentication.
|
|
|
|
This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.
This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).
Also, port over all code to this new API.
|
|
It's unneccessary, not used, and complicates callers of the
function.
|
|
On request of Stef Walter.
|
|
sd-event does not allow multiple handlers for a single signal. However,
logind sets up signal handlers for each session with VT_PROCESS set (that
is, it has an active controller). Therefore, registering multiple such
controllers will fail.
Lets make the VT-handler global, as it's mostly trivial, anyway. This way,
the sessions don't have to take care of that and we can simply acknowledge
all VT-switch requests as we always did.
|
|
If controllers can expect logind to have "prepared" the VT (e.g. set it to
graphics mode, etc) then TakeControl() should fail if said preparation
failed (and session_restore_vt() was called).
(David: fixed up !CONFIG_VT case and errno-numbers)
|
|
Since b5eca3a2059f9399d1dc52cbcf9698674c4b1cf0 we don't attempt to GC
busses anymore when unsent messages remain that keep their reference,
when they otherwise are not referenced anymore. This means that if we
explicitly want connections to go away, we need to close them.
With this change we will no do so explicitly wherver we connect to the
bus from a main program (and thus know when the bus connection should go
away), or when we create a private bus connection, that really should go
away after our use.
This fixes connection leaks in the NSS and PAM modules.
|
|
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
|
|
|
|
Also be more verbose in devnode_acl_all().
|
|
Special care is needed so that we get an error message if the
file failed to parse, but not when it is missing. To avoid duplicating
the same error check in every caller, add an additional 'warn' boolean
to tell config_parse whether a message should be issued.
This makes things both shorter and more robust wrt. to error reporting.
|
|
|
|
On Tue, Jul 15, 2014 at 1:52 PM, Alick Zhao <alick9188@gmail.com> wrote:
>>>
>>> So maybe ID_SOFTWARE_RADIO ?
>>
>> Hmm, SDR is more a term for a generic technology than for a device
>> class. To me it does not really sound like an administrator would know
>> what this is.
>>
>> What exactly is the device or subsystem you want to make accessible to
>> locally logged-in users only?
>
> Initially it is bladeRF, but many more are of interest: USRP, rtl-sdr,
> HackRF, ... [1]
>
> I agree an administrator might not know what SDR is, since it is
> currently still not widely known, and makes sense only for amateurs
> and researchers. But as a SDR fan, I see many new SDR peripherals
> are created recently, and expect to see more. So a generic ID seems
> reasonable to me.
>
> [1] http://en.wikipedia.org/wiki/List_of_software-defined_radios
|
|
|
|
If compositors use the new SwitchTo() logic to map F1-F12, we should allow
them to switch to unregistered VTs, too. Otherwise, the auto-spawn logic
of gettys won't trigger.
Reported-by: Jasper St. Pierre <jstpierre@mecheye.net>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
|
|
|
|
|
|
|
|
Better be safe than sorry...
|
|
When we dropped support for creating a per-user to the "main" X11
display we stopped returning useful data in the "Display" user property.
With this change this is fixed and we again expose an appropriate
(graphical session) in the property that is useful as the "main" one, if
one is needed.
|
|
With proprietary graphics drivers, there won't be any 'drm' devices in
sysfs, so logind will never suspend the system upon closing the lid,
even if only one (internal) display is connected. This has been reported
by multiple users so far.
IMHO, it's better to suspend the system in this case for safety reasons,
to avoid having nvidia blob users' laptops overheat, for the same reason
that sleep inhibitors are overridden (LidSwitchIgnoreInhibited=yes).
|
|
THere's no reason why hibernate should be better protected then
suspendor poweroff, so sync the policies.
|
|
No functional change expected :)
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019034.html
|
|
Was renamed in 6b01f1d3911bd7c7eadbb8a3b4375bd3ac05c98f
|
|
This function is no longer just about muteing the VT. We do all kinds of
VT setup for sessions using the controller-API. Rename the function to
something more appropriate.
|
|
The tty associated with a VT should be owned by the owner of the session
running on the VT. This is important for supporting a socket activated X
server, since the X server will open the tty itself.
This commit makes sure to chown the tty any time a session is
created and and chown it back to root any time the session
is removed. This behavior is copied from /bin/login.
|
|
greedy_realloc() and greedy_realloc0() now store the allocated
size as the count, not bytes.
Replace GREEDY_REALLOC uses with GREEDY_REALLOC_T everywhere,
and then rename GREEDY_REALLOC_T to GREEDY_REALLOC. It is just
too error-prone to have two slightly different macros which do the
same thing.
|
|
Add Mir to the list of session types. This is implemented for LightDM
in lp:~robert-ancell/lightdm/xdg-session-desktop [1].
[1] https://code.launchpad.net/~robert-ancell/lightdm/xdg-session-desktop/+merge/214108
(david: adjusted commit-header and fixed whitespace issues)
|
|
|
|
If a device is unplugged while we initialize it, we will get ENOENT for
ACL-init (and related stuff). We currently print errors then, which is
misleading. Print a debug-message early and continue.
|
|
CLOCK_BOOTTIME_ALARM, too
|
|
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
|
|
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
|
|
peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
|
|
them fully log out
|