| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
Since the invention of read-only memory, write-only memory has been
considered deprecated. Where appropriate, either make use of the
value, or avoid writing it, to make it clear that it is not used.
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1010215
|
| |
|
|
| |
Sync with user_bus_path() in logind-user-dbus.c
|
| |
|
|
| |
clang FTW!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use seat_can_multi_session() to test for two things:
* whether the seat can handle session-switching
* whether the seat has VTs
As both are currently logically equivalent, we didn't care. However, we
want to allow session-switching on seats without VTs, so split this helper
into:
* seat_can_multi_session(): whether session-switching is supported
* seat_has_vts(): whether the seat has VTs
Note that only one seat on a system can have VTs. There is only one set of
them. We automatically assign them to seat0 as usual.
With this patch in place, we can easily add new session-switching/tracking
methods without breaking any VT code as it is now protected by has_vts(),
no longer by can_multi_session().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The seat->vtconsole member always points to the default seat seat0. Even
if VTs are disabled, it's used as default seat. Therefore, rename it to
seat0 to correctly state what it is.
This also changes the seat files in /run from IS_VTCONSOLE to IS_SEAT0. It
wasn't used by any code, yet, so this seems fine.
While we are at it, we also remove every "if (s->vtconsole)" as this
pointer is always valid!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A session usually has only a single compositor or other application that
controls graphics and input devices on it. To avoid multiple applications
from hijacking each other's devices or even using the devices in parallel,
we add session controllers.
A session controller is an application that manages a session. Specific
API calls may be limited to controllers to avoid others from getting
unprivileged access to restricted resources. A session becomes a
controller by calling the RequestControl() dbus API call. It can drop it
via ReleaseControl().
logind tracks bus-names to release the controller once an application
closes the bus. We use the new bus-name tracking to do that. Note that
during ReleaseControl() we need to check whether some other session also
tracks the name before we remove it from the bus-name tracking list.
Currently, we only allow one controller at a time. However, the public API
does not enforce this restriction. So if it makes sense, we can allow
multiple controllers in parallel later. Or we can add a "scope" parameter,
which allows a different controller for graphics-devices, sound-devices
and whatever you want.
Note that currently you get -EBUSY if there is already a controller. You
can force the RequestControl() call (root-only) to drop the current
controller and recover the session during an emergency. To recover a seat,
this is not needed, though. You can simply create a new session or
force-activate it.
To become a session controller, a dbus caller must either be root or the
same user as the user of the session. This allows us to run a session
compositor as user and we no longer need any CAP_SYS_ADMIN.
|
| |
|
|
|
|
|
|
| |
If we want to track bus-names to allow exclusive resource-access, we need
a way to get notified when a bus-name is gone. We make logind watch for
NameOwnerChanged dbus events and check whether the name is currently
watched. If it is, we remove it from the watch-list (notification for
other objects can be added in follow-up patches).
|
| |
|
|
| |
Only ASCII letters and digits are allowed.
|
| | |
|
| |
|
|
|
|
| |
bash ignores SIGTERM, and can only be terminated cleanly via SIGHUP.
Hence make sure that we the scope unit for the session is created with
SendSIGHUP enabled.
|
| |
|
|
|
|
| |
reply
https://bugs.freedesktop.org/show_bug.cgi?id=67273
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=67273
|
| |
|
|
|
|
|
| |
As we want to centralized cgroup access we should stop killing the user
sessions directly from the systemd-user-sessions service. Instead, rely
on PID 1 doing this by adding the right ordering dependencies to the
session scope units.
|
| |
|
|
|
|
|
| |
When PID 1 reloads the units logind/machined will see UnitRemoved
signals for all units. Instead of trusting these immediately, let's
check the actual unit state before considering a unit gone, so that
reloading PID 1 is not mistaken as the end of all sessions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
|
| |
|
|
|
|
|
|
|
| |
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.
Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- This changes all logind cgroup objects to use slice objects rather
than fixed croup locations.
- logind can now collect minimal information about running
VMs/containers. As fixed cgroup locations can no longer be used we
need an entity that keeps track of machine cgroups in whatever slice
they might be located. Since logind already keeps track of users,
sessions and seats this is a trivial addition.
- nspawn will now register with logind and pass various bits of metadata
along. A new option "--slice=" has been added to place the container
in a specific slice.
- loginctl gained commands to list, introspect and terminate machines.
- user.slice and machine.slice will now be pulled in by logind.service,
since only logind.service requires this slice.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
| | |
|
| | |
|
| |
|
|
| |
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
| |
|
|
|
| |
bus_error and bus_error_message_or_strerror dit almost exactly the same,
so use only one of them and place it in dbus-common.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
|
| | |
|
| | |
|
| |
|
|
|
| |
cronjobs are neither interactive user session, nor lock screens, nor
login screens, hence they should get their own class.
|
| |
|
|
|
| |
You can write much more than just one line with this call (and we
frequently do), so let's correct the naming.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgroup path rather than audit
Previously for cases like "su" or "sudo" where a session is attempted to
be created from within an existing one we used the audit session ID to
detect this and in such a case we simple returned the session data of
the original session a second time.
With this change we will now use the cgroup path of the calling path to
determine the old session, i.e. we only rely on our own session
identification scheme, instead of audits.
We will continue to keep the audit session ID and ours in sync however,
to avoid unnecessary confusion.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Occasionally people report problem with reboot/poweroff operations hanging in
the middle. One known cause is when a new transaction to start a unit is
enqueued while the shutdown is going on. The start of the unit conflicts with
the shutdown jobs, so they get cancelled. The failure case can be quite unpleasant,
becase getty and sshd may already be stopped.
Fix it by using irreversible jobs for shutdown (reboot/poweroff/...) actions.
This applies to commands like "reboot", "telinit 6", "systemctl reboot". Should
someone desire to use reversible jobs, they can say "systemctl start reboot.target".`
|
| |
|
|
|
|
|
| |
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't allow any locks to be taken while we are in the process of
executing the specific operation, so that apps are not surprised if a
suspend/shutdown happens while they rely on their inhibitor.
- Get rid of the Resumed signal, it was a bad idea, and redundant due to
PrepareForSleep(false), see below.
- Always send out PrepareFor{Shutdown,Sleep} signals, instead of only if
a delay lock is taken.
- Move PrepareForSleep(false) after we come back from the suspend, so
that apps can use this as "Resumed" notification. This also has the
benefit that apps know when to take a new lock.
|
| | |
|
| |
|
|
|
|
|
|
| |
suspend/hibernate/hybrid-sleep
This allows clients to get asynchronous notifications for user-requested
suspend/hibernate cycles. Kernel-triggered automatic suspending is not
covered.
|
| |
|
|
|
| |
This should make sure that closing the lid while shutting down won't
suspend the machine but will simply cause the shutdown to complete.
|
| |
|
|
|
|
| |
sessions before shutting down
https://bugzilla.redhat.com/show_bug.cgi?id=890827
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Tested in latest gnome-ostree; if accepted, I'll look at a followup
patch which fixes the other dbus_connection_send(reply, ...) calls
besides logind]
DBus messages can have a flag NO_REPLY associated that means "I don't
need a reply". This is for efficiency reasons - for one-off requests
that can't return an error, etc.
However, it's up to users to manually check
dbus_message_get_no_reply() from a message. libdbus will happily send
out a reply if you don't.
Unfortunately, doing so is not just less efficient - it also triggers
a security error, for complex reasons. This is something that will
eventually be fixed in dbus, but it's also correct to handle it in
client applications.
This new helper API is slightly nicer in that you don't have to pass
NULL to say you don't want a reply serial for your reply.
This patch also tweaks logind to use the API - there are more areas of
the code that need this treatment too.
|
| |
|
|
|
| |
After all, if a sudo/su inside an X terminal should get added to the
same session as the X session itself.
|
| | |
|
| | |
|
| |
|
|
| |
instance actually created it
|
| |
|
|
|
|
|
| |
The MESSAGE_ID=... stanza will appear in countless number of places.
It is just too long to write it out in full each time.
Incidentally, this also fixes a typo of MESSSAGE is three places.
|
