Age | Commit message (Collapse) | Author |
|
|
|
Factor out code from sd_bus_negotiate_attach_creds() to a generic
translate function, so it can be used from other places.
|
|
Just a preparation for upcoming kdbus support.
|
|
|
|
|
|
|
|
|
|
matches against NameOwnerChange
|
|
|
|
|
|
|
|
|
|
|
|
kdbus now has more generic names for the items it passes around. That
allows for usage from other contexts.
|
|
kdbus now copies the bus unique id back to userspace in the hello
ioctl(). Use these bytes to set the server id of the sd_bus.
|
|
kdbus_cmd_hello now has a new uint64_t flags field for the requested
attachments. Follow that change in libsystemd-bus.
|
|
Augment systemd-stdio-bridge a bit to make it a 1:1 bridge from legacy
DBus clients to kdbus. In particular,
* allow setting the bus path of the upstream bus as command line
argument
* use sd_listen_fds() for systemd's socket activation
* omit calling sd_bus_negotiate_fds() when upstream bus is kdbus
* reply to bus send errors with proper dbus error messages
* treat -ECONNRESET as expected end-of-connection condition
|
|
kdbus returns -EALREADY if the requesting connection is already the
owner of a name, and -EEXIST if the name already exists and the
connection is not able to take it over.
Also, n->flags needs a translation as well to match the SD_BUS_* enum
values.
|
|
Flags used to request a name from kdbus are not identical to what DBus
and sd_bus use internally. Introduce a simple function to do the
translation for us. It's factored out to a separate function so the
dbus-driver instance can make use of it as well.
|
|
unique names
|
|
kdbus will tell us the minimum buffer size it needs in case the default
8kb buffer doesn't suffice.
|
|
In particular, KDBUS_ITEM_NEXT is now called KDBUS_PART_NEXT, and
KDBUS_ITEM_FOREACH was renamed to KDBUS_PART_FOREACH and takes one more
argument to make it more flexible.
|
|
parts
|
|
|
|
|
|
|
|
Since the backing ioctl for this on kdbus is the same we retain
atomicity this way.
|
|
|
|
It didn't build on arm. Let's simplify it a bit by
splitting x86 specific parts out, which should also make
things easier when arm virtualization support is added.
|
|
|
|
This reverts commit da66338e17f4df04d9d7cc22ec971b416d57761e.
It is superseeded by 70f75a523b16ad495a7791d595ee3eececf75953
|
|
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
|
|
Inspired by a patch by Lukas Nykryn.
|
|
This field is always false, drop it. If you want a reliable way to get
session state, call session_get_state(). Testing for any flags directly
doesn't work currently so don't pretend it would.
|
|
Sessions on seat0 must pass us a vtnr, otherwise, you shouldn't try
attaching it to seat0. For seats without VTs, we do the exact opposite: we
forbid VTs.
There can be odd situations if the session-files contain invalid
combinations. However, we try to keep sessions alive and restore state as
good as possible.
|
|
Fix the whole code to use "unsigned int" for vtnr. 0 is an invalid vtnr so
we don't need negative numbers at all.
Note that most code already assumes it's unsigned so in case there's a
negative vtnr, our code may, under special circumstances, silently break.
So this patch makes sure all sources of vtnrs verify the validity. Also
note that the dbus api already uses unsigned ints.
|
|
|
|
EPOLLET enables edge-triggered mode (see epoll(7) for more). For most
use-cases, level-triggered is just fine, but for master-TTYs we need
edge-triggered to catch EPOLLHUP. master-TTYs signal EPOLLHUP if no client
is connected, but a client may connect some time later (same happens
during vhangup(2)).
However, epoll doesn't allow masking EPOLLHUP so it's signaled constantly.
To avoid this, edge-triggered mode is needed.
|
|
If a session process calls TakeControl(), we now put the VT into
KD_GRAPHICS+K_OFF mode. This way, the new session controller can solely
rely on the logind-dbus API to manage the session.
Once the controller exits or calls ReleaseControl(), we restore the VT. We
also restore it, if we lost a controller during crash/restart (but only if
there really *was* a controller previously).
Note that we also must put the VT into VT_PROCESS mode. We want VT_AUTO
semantics, but VT_AUTO+KD_GRAPHICS actually disables *all* VT switches
(who came up with that great idea?). Hence, we set VT_PROCESS for logind
but acknowledge *all* requests immediately.
If a compositor wants custom VT setups, they can still get this by *first*
calling TakeControl() and afterwards setting up the VT. logind doesn't
touch the VT during controller runtime, only during setup/teardown. This
is actually what weston already does.
|
|
We now save the unique bus-name of a session-controller as CONTROLLER=%s
in the session files. This allows us to restore the controller after a
crash or restart.
Note that we test whether the name is still valid (dbus guarantees that
the name is unique as long as the machine is up and running). If it is,
we know that the controller still exists and can safely restore it. Our
dbus-name-tracking guarantees that we're notified once it exits.
Also note that session-devices are *not* restored. We have no way to know
which devices where used before the crash. We could store all these on
disk, too, or mark them via udev. However, this seems to be rather
cumbersome. Instead, we expect controllers to listen for NewSession
signals for their own session. This is sent on session_load() and they can
then re-request all devices.
The only race I could find is if logind crashes, then the session
controller tries calling ReleaseControl() (which will fail as logind is
down) but keeps the bus-connection valid for other independent requests.
If logind is restarted, it will restore the old controller and thus block
the session.
However, this seems unlikely for several reasons:
- The ReleaseControl() call must occur exactly in the timespan where
logind is dead.
- A process which calls ReleaseControl() usually closes the
bus-connection afterwards. Especially if ReleaseControl() fails, the
process should notice that something is wrong and close the bus.
- A process calling ReleaseControl() usually exits afterwards. There may
be any cleanup pending, but other than that, usual compositors exit.
- If a session-controller calls ReleaseControl(), a session is usually
considered closing. There is no known use-case where we hand-over
session-control in a single session. So we don't care whether the
controller is locked afterwards.
So this seems negligible.
|
|
Unfortunately, close() on a revoked/removed character-device fails with
ENODEV. I tried tracking this down in the kernel, but couldn't figure out
were exactly it comes from. However, can be easily reproduced with:
fd = open("/dev/input/event0", O_RDWR);
ioctl(fd, EVIOCREVOKE, 0);
r = close(fd);
A second close on @fd would return EBADF so the close is actually valid.
We simply ignore close() errors for all session-devices as their access
may be revoked asynchronously, or the device might get unplugged.
We use close_nointr() in case anyone ever looks at the return value (or
anyone runs "grep 'close(' -r src/" to find broken close() calls).
Fixes:
systemd-logind[31992]: Assertion 'close_nointr(fd) == 0' failed at src/shared/util.c:185, function close_nointr_nofail(). Aborting.
|
|
Small helper to run a synchronous "NameHasOwner" request on the
dbus-daemon.
|
|
Existing applications like gdm already depend on new sessions to get
immediately activated on seats without VTs. Fixes a bug reported as:
[systemd-devel] systemd 208:trouble with inactive user sessions at non-seat0 seats
This patch restores the original behavior. We either need to add a new
flag for session-creation or some other heuristic to avoid activating new
sessions in the future.
|
|
|
|
|
|
|
|
This reverts commit adcf4c81c58511b67644e17fa743d1729d3c9ccf.
We have a better solution for the problem of making two processes run in
the same namespace, and --listener is not needed hence and should be
dropped.
Conflicts:
man/systemd-socket-proxyd.xml
|
|
|
|
|
|
PrivateTmp= namespaces
|