#include "bus-common-errors.h"
#include "bus-error.h"
#include "bus-util.h"
+#include "cgroup-util.h"
#include "clean-ipc.h"
#include "conf-parser.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
-#include "formats-util.h"
+#include "format-util.h"
#include "fs-util.h"
#include "hashmap.h"
#include "label.h"
#include "user-util.h"
#include "util.h"
+#if 1 /// elogind uses a static value here
+# define SPECIAL_USER_SLICE "user.slice"
+#endif // 1
int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) {
_cleanup_(user_freep) User *u = NULL;
char lu[DECIMAL_STR_MAX(uid_t) + 1];
if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0)
return -ENOMEM;
- r = slice_build_subslice("user.slice", lu, &u->slice);
+ r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice);
if (r < 0)
return r;
if (r == -ENOENT)
return 0;
- log_error_errno(r, "Failed to read %s: %m", u->state_file);
- return r;
+ return log_error_errno(r, "Failed to read %s: %m", u->state_file);
}
if (display)
if (r < 0)
return log_error_errno(r, "Failed to create /run/user: %m");
- if (path_is_mount_point(u->runtime_path, 0) <= 0) {
+ if (path_is_mount_point(u->runtime_path, NULL, 0) <= 0) {
_cleanup_free_ char *t = NULL;
(void) mkdir_label(u->runtime_path, 0700);
r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t);
if (r < 0) {
- if (errno != EPERM) {
+ if (errno != EPERM && errno != EACCES) {
r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path);
goto fail;
}
- /* Lacking permissions, maybe
- * CAP_SYS_ADMIN-less container? In this case,
- * just use a normal directory. */
+ log_debug_errno(errno, "Failed to mount per-user tmpfs directory %s, assuming containerized execution, ignoring: %m", u->runtime_path);
r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid);
if (r < 0) {
if (k < 0)
r = k;
- /* Clean SysV + POSIX IPC objects */
- if (u->manager->remove_ipc) {
- k = clean_ipc(u->uid);
+ /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
+ * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
+ * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
+ * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
+ * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
+ * and do it only for normal users. */
+ if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
+ k = clean_ipc_by_uid(u->uid);
if (k < 0)
r = k;
}
assert(rvalue);
assert(data);
- /* First, try to parse as percentage */
+ if (isempty(rvalue)) {
+ *m = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U);
+ return 0;
+ }
+
+ if (streq(rvalue, "infinity")) {
+ *m = CGROUP_LIMIT_MAX;
+ return 0;
+ }
+
+ /* Try to parse as percentage */
r = parse_percent(rvalue);
- if (r > 0 && r < 100)
+ if (r >= 0)
k = system_tasks_max_scale(r, 100U);
else {