| Age | Commit message (Collapse) | Author |
|---|
|
The cgroup attribute memory.soft_limit_in_bytes is unlikely to stay
around in the kernel for good, so let's not expose it for now. We can
readd something like it later when the kernel guys decided on a final
API for this.
|
|
Set some_transport = true to prevent scm devices from being ignored.
Suggested-by: Harald Hoyer <harald@redhat.com>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
|
|
We currently use seat_can_multi_session() to test for two things:
* whether the seat can handle session-switching
* whether the seat has VTs
As both are currently logically equivalent, we didn't care. However, we
want to allow session-switching on seats without VTs, so split this helper
into:
* seat_can_multi_session(): whether session-switching is supported
* seat_has_vts(): whether the seat has VTs
Note that only one seat on a system can have VTs. There is only one set of
them. We automatically assign them to seat0 as usual.
With this patch in place, we can easily add new session-switching/tracking
methods without breaking any VT code as it is now protected by has_vts(),
no longer by can_multi_session().
|
|
VT numbers start with 1. If a session has vtnr == 0, we must not assume it
is running on a VT.
Note that this could trigger the assert() below as CreateSession() sets
vtnr to 0, not <0.
|
|
A seat provides text-logins if it has VTs. This is always limited to seat0
so the seat_is_seat0() check is correct. However, if VTs are disabled, no
seat provides text-logins so we also need to check for the console-fd.
This was previously:
return seat_is_vtconsole();
It looked right, but was functionally equivalent to seat_is_seat0(). The
rename of this helper made it more obvious that it is missing the VT test.
|
|
The seat->vtconsole member always points to the default seat seat0. Even
if VTs are disabled, it's used as default seat. Therefore, rename it to
seat0 to correctly state what it is.
This also changes the seat files in /run from IS_VTCONSOLE to IS_SEAT0. It
wasn't used by any code, yet, so this seems fine.
While we are at it, we also remove every "if (s->vtconsole)" as this
pointer is always valid!
|
|
Currently, Activate() calls chvt(), which does an ioctl(VT_ACTIVATE) and
immediately calls seat_set_active(). However, VTs are allowed to prevent
being deactivated. Therefore, logind cannot be sure the VT_ACTIVATE call
was actually successful.
Furthermore, compositors often need to clean up their devices before they
acknowledge the VT switch. The immediate call to seat_set_active() may
modify underlying ACLs, though. Thus, some compositors may fail cleaning
up their stuff. Moreover, the compositor being switched to (if listening
to logind instead of VTs) will not be able to activate its devices if the
old VT still has them active.
We could simply add an VT_WAITACTIVE call, which blocks until the given VT
is active. However, this can block forever if the compositor hangs.
So to fix this, we make Activate() lazy. That is, it only schedules a
session-switch but does not wait for it to complete. The caller can no
longer rely on it being immediate. Instead, a caller is required to wait
for the PropertiesChanged signal and read the "Active" field.
We could make Activate() wait asynchronously for the session-switch to
complete and then send the return-message afterwards. However, this would
add a lot of state-tracking with no real gain:
1) Sessions normally don't care whether Activate() was actually
successful as they currently _must_ wait for the VT activation to do
anything for real.
2) Error messages for failed session switches can be printed by logind
instead of the session issuing Activate().
3) Sessions that require synchronous Activate() calls can simply issue
the call and then wait for "Active" properties to change. This also
allows them to implement their own timeout.
This change prepares for multi-session on seats without VTs. Forced VT
switches are always bad as compositors cannot perform any cleanup. This
isn't strictly required, but may lead to loss of information and ambiguous
error messages.
So for multi-session on seats without VTs, we must wait for the current
session to clean-up before finalizing the session-switch. This requires
Activate() to be lazy as we cannot block here.
Note that we can always implement a timeout which allows us to guarantee
the session switch to happen. Nevertheless, this calls for a lazy
Activate().
|
|
A session usually has only a single compositor or other application that
controls graphics and input devices on it. To avoid multiple applications
from hijacking each other's devices or even using the devices in parallel,
we add session controllers.
A session controller is an application that manages a session. Specific
API calls may be limited to controllers to avoid others from getting
unprivileged access to restricted resources. A session becomes a
controller by calling the RequestControl() dbus API call. It can drop it
via ReleaseControl().
logind tracks bus-names to release the controller once an application
closes the bus. We use the new bus-name tracking to do that. Note that
during ReleaseControl() we need to check whether some other session also
tracks the name before we remove it from the bus-name tracking list.
Currently, we only allow one controller at a time. However, the public API
does not enforce this restriction. So if it makes sense, we can allow
multiple controllers in parallel later. Or we can add a "scope" parameter,
which allows a different controller for graphics-devices, sound-devices
and whatever you want.
Note that currently you get -EBUSY if there is already a controller. You
can force the RequestControl() call (root-only) to drop the current
controller and recover the session during an emergency. To recover a seat,
this is not needed, though. You can simply create a new session or
force-activate it.
To become a session controller, a dbus caller must either be root or the
same user as the user of the session. This allows us to run a session
compositor as user and we no longer need any CAP_SYS_ADMIN.
|
|
If we want to track bus-names to allow exclusive resource-access, we need
a way to get notified when a bus-name is gone. We make logind watch for
NameOwnerChanged dbus events and check whether the name is currently
watched. If it is, we remove it from the watch-list (notification for
other objects can be added in follow-up patches).
|
|
Session compositors need access to fbdev, DRM and evdev devices if they
control a session. To make logind pass them to sessions, we need to
listen for them actively.
However, we avoid creating new seats for non master-of-seat devices. Only
once a seat is created, we start remembering all other session devices. If
the last master-device is removed (even if there are other non-master
devices still available), we destroy the seat. This is the current
behavior, but we need to explicitly implement it now as there may be
non-master devices in the seat->devices list.
Unlike master devices, we don't care whether our list of non-master
devices is complete. We don't export this list but use it only as cache if
sessions request these devices. Hence, if a session requests a device that
is not in the list, we will simply look it up. However, once a session
requested a device, we must be notified of "remove" udev events. So we
must link the devices somehow into the device-list.
Regarding the implementation, we now sort the device list by the "master"
flag. This guarantees that master devices are at the front and non-master
devices at the tail of the list. Thus, we can easily test whether a seat
has a master device attached.
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=68232
|
|
|
|
Previously the specifier calls could only indicate OOM by returning
NULL. With this change they will return negative errno-style error codes
like everything else.
|
|
|
|
https://bugs.archlinux.org/task/36950
|
|
Only ASCII letters and digits are allowed.
|
|
The logs are unlikely to contain any useful information in this case.
Also, change "walked on cycle path" to "found dependency on", which
is less technical and indicates the direction. With the old message,
I was never sure if prior units depended on later ones, or vice versa.
https://bugzilla.redhat.com/show_bug.cgi?id=996133
https://bugzilla.redhat.com/show_bug.cgi?id=997082
|
|
Travis tests are failing, probably because /proc/meminfo is not available
in the test environment. The same might be true in some virtualized systems,
so just treat missing /proc/meminfo as a sign that hibernation is not
possible.
|
|
|
|
As we load unit files lazily, we need to make sure something pulls in swap
units that should be started automatically, otherwise the default dependencies
will never be applied.
This partially reinstates code removed in
commit 64347fc2b983f33e7efb0fd2bb44e133fb9f30f4.
Also don't order swap devices after swap.target when they are 'nofail'.
|
|
Condition that is checked is taken from upower:
active(anon) < free swap * 0.98
This is really stupid, because the kernel knows the situation better,
e.g. there could be two swap files, and then hibernation would be
impossible despite passing this check, or the kernel could start
supporting compressed swap and/or compressed hibernation images, and
then this this check would be too stringent. Nevertheless, until
we have something better, this should at least return a true negative
if there's no swap.
Logging of capabilities in the journal is changed to not strip leading
zeros. I consider this more readable anyway.
http://cgit.freedesktop.org/upower/tree/src/up-daemon.c#n613
https://bugzilla.redhat.com/show_bug.cgi?id=1007059
|
|
At the beginning move_later is set to -1, but it is set to different
value only if expression !move_later is true.
|
|
Make sure swap.target correctly requires/wants the swap units.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=69291.
Reported-by: Hussam Al-Tayeb
|
|
|
|
|
|
If the memory_limit of unit is -1, we should write "-1"
to the file memory.limit_in_bytes. not the (unit64_t) -1.
otherwise the memory.limit_in_bytes will be set to zero.
|
|
it should be memory.soft_limit_in_bytes.
|
|
set the value of variable "r" to the return value
of cg_set_attribute.
|
|
Trivial cleanup of repeat_unmount() spelling.
|
|
The main usecase for this is to make it possible to use cryptsetup in
the initrd without it having to include a host-specific /etc/crypttab.
Tested-by: Thomas Bächler <thomas@archlinux.org>
|
|
|
|
|
|
|
|
Services using the watchdog option might want to be restarted
only if the watchdog triggers.
|
|
Can help since the journal requires /etc/machine-id to exists in order to start,
and will simply silently exit when it does not.
|
|
wait_filter() callback shouldn't process JobRemove signals for arbitrary
jobs. It should only deal with signals for jobs which are included in
set of jobs we wait for.
|
|
Fixup for ac4c8d6da8b5e.
|
|
This enables a getty on active kernel consoles even when they are not
the last one specified on the kernel command line and mapped to
/dev/console. Now the order "console=ttyS0 console=tty0" works in
addition to "console=tty0 console=ttyS0".
|
|
bash allows them, and so should we.
string_has_cc is changed to allow tabs, and if they are not wanted,
they must be now checked for explicitly. There are two other callers,
apart from the env file loaders, and one already checked anyway, and
the other is changed to check.
https://bugs.freedesktop.org/show_bug.cgi?id=68592
https://bugs.gentoo.org/show_bug.cgi?id=481554
|
|
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
|
|
We don't allow reusing of scopes.
|
|
The VT number was already part of the DBus API, but was not
exposed in the C API.
|
|
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
|
|
|
|
umount.target in the real root
These mounts should be kept around and unmounted in the shutdown ramfs.
Currently, we will still attempt to umount these in the final kill spree, but
we should consider avoiding that too. Also, the should_umount function should
be generalised and put into util.c or something like that, but we are still
discussing precisely how.
|
|
This makes mount units work like swap units: when the backing device appears
the mount unit will be started.
v2: the device should want the mount unconditionally, not only for DefaultDependencies=yes
|
|
There is no need to restrict this to only the 'nofail' case. In the '!nofail'
case the unit is already wanted by swap.target, so this is not a functional change.
|
|
This removes some redundancy between the generator and the core mount handling.
|
|
We can use systemctl show unitname to show the BlockIODeviceWeight
of unit.
|
