| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Spell out the proper name. Use 'pos' over 'position', and also update the
logind state file to do the same. Note that this breaks live updates.
However, we only save 'POSITION' on non-seat0, so this shouldn't bother
anyone for real. If you run multi-seat setups, you better restart a
machine on updates, anyway.
|
| |
|
|
|
|
|
|
| |
Make sure a greeter can forcefully spawn a session on a VT that is
in-use. A recent patch prevented this (this used to be possible for all
session types) as it is highly fragile. However, as it turns out,
greeters seem to rely on that feature. Therefore, make sure we allow it
explicitly for greeters.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Given a container "foo", that maps user id $UID to container user, using
user namespaces, this NSS module extenstion will now map the $UID to a
name "vu-foo-$TUID" for the translated UID $UID.
Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs
of $GID.
This simple change should make userns users more discoverable. Also,
given that many tools like "adduser" check NSS before allocating a UID,
should lower the chance of UID range conflicts between tools.
|
| |
|
|
|
|
|
| |
It is no different to return 0 over 1 in the property
callback. It is confusing to return 1 which made me think
1 has a special purpose. This way code is consistent with
the rest of the tree.
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now, if you're already in a session and call CreateSession, we
return information about the current session of yours. This is highy
confusing and a nasty hack. Avoid that, and instead return a commonly
known error, so the caller can detect that.
This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT
in pam_systemd, if you're already in a session. But this sounds like the
right thing to do, anyway.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Old gdm and lightdm start the user-session during login before they
destroy the greeter-session. Therefore, the user-session will take over
the VT from the greeter. We recently prevented this by never allowing
multiple sessions on the same VT. Fix this now, by explicitly allowing
this if the owning session is a GREETER.
Note that gdm no longer behaves like this. Instead, due to wayland, they
always use a different VT for each session. All other login-managers are
highly encouraged to destroy the greeter-session _before_ starting the
user-session. We now work around this, but this will probably not last
forever (and will already have nasty side-effects on the greeter-session).
|
| |
|
|
| |
! is supposed to be used for booleans and pointers.
|
| |
|
|
|
|
|
| |
Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush()
(which writes all unwritten messages out) + sd_bus_close() (which
terminates the connection, releasing all unread messages) +
sd_bus_unref() (which frees the connection).
The combination of this call is used pretty frequently in systemd tools
right before exiting, and should also be relevant for most external
clients, and is hence useful to cover in a call of its own.
Previously the combination of the three calls was already done in the
_cleanup_bus_close_unref_ macro, but this was only available internally.
Also see #327
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now, if you start a session via 'su' or 'sudo' from within a
session, we make sure to re-use the existing session instead of creating a
new one. We detect this by reading the session of the requesting PID.
However, with gnome-terminal running as a busname-unit, and as such
running outside the session of the user, this will no longer work.
Therefore, this patch makes sure to return the existing session of a VT if
you start a new one.
This has the side-effect, that you will re-use a session which your PID is
not part of. This works fine, but will break assumptions if the parent
session dies (and as such close your session even though you think you're
part of it). However, this should be perfectly fine. If you run multiple
logins on the same session, you should really know what you're doing. The
current way of silently accepting it but choosing the last registered
session is just weird.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qemu provides a separate pci-bridge exclusively for multi-seat setups.
The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new
pci-bridge-seat was specifically added to simplify guest-side
multiseat configuration. It is identical to the normal pci-pci bridge,
except that it has a different id (1b36:000a) so we can match it and
configure multiseating automatically.
Make sure we always treat this as separate seat if we detect this, just
like other "Pluggable" devices.
(David: write commit-message)
|
| |
|
|
|
| |
This properly avoids setting DBUS_SESSION_BUS_ADDRESS if kdbus
is loaded (or built into the kernel) but not wanted.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, this had a race condition during a user's first login.
Some component calls CreateSession (most likely by a PAM service
other than 'systemd-user' running pam_systemd), with the following
results:
- logind:
* create the user's XDG_RUNTIME_DIR
* tell pid 1 to create user-UID.slice
* tell pid 1 to start user@UID.service
Then these two processes race:
- logind:
* save information including XDG_RUNTIME_DIR to /run/systemd/users/UID
- the subprocess of pid 1 responsible for user@service:
* start a 'systemd-user' PAM session, which reads XDG_RUNTIME_DIR
and puts it in the environment
* run systemd --user, which requires XDG_RUNTIME_DIR in the
environment
If logind wins the race, which usually happens, everything is fine;
but if the subprocesses of pid 1 win the race, which can happen
under load, then systemd --user exits unsuccessfully.
To avoid this race, we have to write out /run/systemd/users/UID
even though the service has not "officially" started yet;
previously this did an early-return without saving anything.
Record its state as OPENING in this case.
Bug: https://github.com/systemd/systemd/issues/232
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
|
| |
|
|
|
| |
As discussed in #257: we should ensure the selinux label is correctly
applied to each user's XDG_RUNTIME_DIR.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we'd just count connected displays, and if there was 2 or
more we assumed a "docked" state.
With this change we now:
- Only count external displays, ignore internal ones (which we detect by
checking the connector name against a whitelist of known external plug
types)
- We ignore connectors which are explicitly disabled
- We then compare the count with >= 1 rather than >= 2 as before
This new logic has the benefit that systems that disconnect the internal
display when the lid is closed are better supported. Also, explicitly
disabled ports do not confuse the algorithm anymore.
This new algorithm has been suggested here:
http://lists.freedesktop.org/archives/intel-gfx/2015-June/068821.html
This also makes two functions static, that are not used outside of their
.c files.
|
| | |
|
| |
|
|
| |
Let's use it as initializer where appropriate.
|
| |
|
|
|
| |
We know the state anyway, let's expose it in the bus. It's useful for
debugging at least, but it might be useful for DEs too.
|
| |
|
|
|
|
|
|
|
|
|
| |
This ports a lot of manual code over to sigprocmask_many() and friends.
Also, we now consistly check for sigprocmask() failures with
assert_se(), since the call cannot realistically fail unless there's a
programming error.
Also encloses a few sd_event_add_signal() calls with (void) when we
ignore the return values for it knowingly.
|
| |
|
|
|
|
|
|
|
|
| |
If you use bus_map_all_properties(), you must be aware that it might
touch output variables even though it may fail. This is, because we parse
many different bus-properties and cannot tell how to clean them up, in
case we fail deep down in the parser.
Fix all callers of bus_map_all_properties() to correctly cleanup any
context structures at all times.
|
| |
|
|
|
|
|
| |
Fix CID 1304686: Dereference after null check (FORWARD_NULL)
However, this commit does not fix any bug in logind. It helps to keep
the elect_display_compare() function generic.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit c0f32805 ("logind: use sd_event timer source for inhibitor
logic") reworked the main loop logic of logind so that it uses a
real timeout callback handler to execute delayed functions.
What the old code did, however, was to call those functions on
every iteration in the main loop, not only when the timeout
expired.
Restore that behavior by bringing back manager_dispatch_delayed(),
and call it from manager_run(). The internal event source callback
manager_inhibit_timeout_handler() was turned into a wrapper of
manager_dispatch_delayed() now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed for generic DRM devices like the VirtualBox vboxvideo
driver, which exposes itself as a generic, ID-less DRM device at
/dev/dri/card0 (after applying this commit):
$ udevadm info --query=all --path \
/sys/devices/pci0000:00/0000:00:02.0/drm/card0
P: /devices/pci0000:00/0000:00:02.0/drm/card0
N: dri/card0
E: DEVNAME=/dev/dri/card0
E: DEVPATH=/devices/pci0000:00/0000:00:02.0/drm/card0
E: DEVTYPE=drm_minor
E: ID_FOR_SEAT=drm-pci-0000_00_02_0
E: ID_PATH=pci-0000:00:02.0
E: ID_PATH_TAG=pci-0000_00_02_0
E: MAJOR=226
E: MINOR=0
E: SUBSYSTEM=drm
E: TAGS=:master-of-seat:seat:uaccess:
E: USEC_INITIALIZED=59893
Without this patch, the capabilities for a seat on a VirtualBox
installation of systemd v219 incorrectly show it as non-graphical, even
though I can type these commands from an xterm:
$ loginctl show-seat seat0
Id=seat0
CanMultiSession=yes
CanTTY=yes
CanGraphical=no
…
https://bugs.freedesktop.org/show_bug.cgi?id=90822
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When (for example) switching from X11 to a new VT and logging in there,
creating a new session, the user state file (/run/systemd/users/$uid) is
not updated after the session becomes active. The latest time it is
saved is when the session is in SESSION_OPENING.
This results in a /run/systemd/users/$uid file which contains
STATE=online for the current user on the current active VT, which is
obviously wrong.
As functions like sd_uid_get_state() use this file to get the user’s
state, this could result in things like PolicyKit making incorrect
decisions about the user’s state. (See
https://bugs.freedesktop.org/show_bug.cgi?id=76358.)
Fix this by re-saving the state for a session’s user after completing
the state_job for that session.
https://bugs.freedesktop.org/show_bug.cgi?id=90818
|
| |
|
|
|
|
|
|
|
|
| |
mask/handlers
Also, when the child is potentially long-running make sure to set a
death signal.
Also, ignore the result of the reset operations explicitly by casting
them to (void).
|
| |
|
|
| |
No functional changes.
|
| |
|
|
|
| |
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt.
flags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous implementation of user_elect_display() could easily end up
overwriting the user’s valid graphical session with a new TTY session.
For example, consider the situation where there is one session:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
it is initially elected as the user’s display (i.e. u->display = c1).
If another session is started, on a different VT, the sessions_by_user
list becomes:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
c2, type = SESSION_TTY, !stopping, class = SESSION_USER
In the previous code, graphical = c1 and text = c2, as expected.
However, neither graphical nor text fulfil the conditions for setting
u->display = graphical (because neither is better than u->display), so
the code falls through to check the text variable. The conditions for
this match, as u->display->type != SESSION_TTY (it’s actually
SESSION_X11). Hence u->display is set to c2, which is incorrect, because
session c1 is still valid.
Refactor user_elect_display() to use a more explicit filter and
pre-order comparison over the sessions. This can be demonstrated to be
stable and only ever ‘upgrade’ the session to a more graphical one.
https://bugs.freedesktop.org/show_bug.cgi?id=90769
|
| |
|
|
|
| |
Make Coverity happy and tell it we're not interested in the return
value of these two calls.
|
| |
|
|
|
| |
When a scheduled is cancelled, make sure to remove /run/nologin.
This is a regression from the recent shutdownd removal and logind rework.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A variety of changes:
- Make sure all our calls distuingish OOM from other errors if OOM is
not the only error possible.
- Be much stricter when parsing escaped paths, do not accept trailing or
leading escaped slashes.
- Change unit validation to take a bit mask for allowing plain names,
instance names or template names or an combination thereof.
- Refuse manipulating invalid unit name
|
| |
|
|
|
|
|
|
| |
If NULL is specified for the bus it is now automatically derived from
the passed in message.
This commit also changes a number of invocations of sd_bus_send() to
make use of this.
|
| |
|
|
|
|
| |
This should simplify the prototype a bit. The bus parameter is redundant
in most cases, and in the few where it matters it can be derived from
the message via sd_bus_message_get_bus().
|
| |
|
|
| |
log_error_errno() already adds a newline, so drop them.
|
| |
|
|
|
|
| |
Port over more code from shutdownd and teach logind to write /run/nologin at
least 5 minutes before the system is going down, and
/run/systemd/shutdown/scheduled when a shutdown is scheduled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a timer to print UTMP wall messages so that it repeatedly informs users
about a scheduled shutdown:
* every 1 minute with less than 10 minutes to go
* every 15 minutes with less than 60 minutes to go
* every 30 minutes with less than 180 minutes (3 hours) to go
* every 60 minutes if more than that to go
This functionality only active if the .EnableWallMessages DBus property
is set to true. Also, a custom string can be added to the wall message,
set through the WallMessagePrefix property.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a method called ScheduleShutdown in org.freedesktop.login1.Manager
which adds a timer to shut down the system at a later point in time.
The first argument holds the type of the schedule that is about to
happen, and must be one of 'reboot', 'halt' or 'poweroff'.
The second argument specifies the absolute time, based on
CLOCK_REALTIME in nanoseconds, at which the the operation should be
executed.
To cancel a previously scheduled shutdown, the CancelScheduledShutdown()
can be called, which returns a bool, indicating whether a scheduled
timeout was cancelled.
Also add a new property called ScheduledShutdown which returns the
equivalent to what was passed in via ScheduleShutdown, as '(st)' type.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Factor out the code to ask polkit for authorization from
method_do_shutdown_or_sleep() into an own function called
verify_shutdown_creds().
This is needed in order to also use the same checks when shutdown
operations are scheduled. For that, it's also necessary to allow
NULL values for that action{,_multiple_sessions,_ignore_inhibit)
arguments, which will suppress the call if no action string is
passed.
|
| |
|
|
| |
CID #996284.
|
| |
|
|
|
| |
make manager_gc(), manager_startup(), manager_new(), manager_free()
and manager_run() static, and kill their forward declarations.
|
| |
|
|
|
|
|
|
| |
Instead of open-coding the delayed action and inhibit timeout logic,
switch over to a real sd_event_source based implementation.
This is not only easier to read but also allows us to add more timers
in the future.
|
| | |
|
| | |
|
