* as the filesystems in question should be local, and only
* locally accessible, and most likely even tmpfs. */
- if (flock(fd, LOCK_EX) < 0)
+ if (flock(fd, LOCK_EX) < 0) {
+ close_nointr_nofail(fd);
return -errno;
+ }
return fd;
}
ssize_t r;
/* We do a bit of endianess swapping here, just to be
- * sure. /var should be machine specific anyway, and
- * /var/run even mounted from tmpfs, so this
- * byteswapping should really not be necessary. But
- * then again, you never know, so let's avoid any
- * risk. */
+ * sure. /run should be machine specific anyway, and
+ * even mounted from tmpfs, so this byteswapping
+ * should really not be necessary. But then again, you
+ * never know, so let's avoid any risk. */
if (loop_read(fd, &counter, sizeof(counter), false) != sizeof(counter))
counter = 1;
/* Last attempt, pick a random value */
return (uint64_t) random_ull();
}
+
static int get_user_data(
pam_handle_t *handle,
const char **ret_username,
int lock_fd = -1;
bool create_session = true;
char **controllers = NULL, **reset_controllers = NULL, **c;
+ char *cgroup_user_tree = NULL;
assert(handle);
if ((r = get_user_data(handle, &username, &pw)) != PAM_SUCCESS)
goto finish;
+ if ((r = cg_get_user_path(&cgroup_user_tree)) < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to determine user cgroup tree: %s", strerror(-r));
+ r = PAM_SYSTEM_ERR;
+ goto finish;
+ }
+
if (safe_mkdir(RUNTIME_DIR "/user", 0755, 0, 0) < 0) {
pam_syslog(handle, LOG_ERR, "Failed to create runtime directory: %m");
r = PAM_SYSTEM_ERR;
goto finish;
}
- /* Create /var/run/$USER */
+ /* Create /run/user/$USER */
free(buf);
if (asprintf(&buf, RUNTIME_DIR "/user/%s", username) < 0) {
r = PAM_BUF_ERR;
}
}
- r = asprintf(&buf, "/user/%s/%s", username, id);
+ r = asprintf(&buf, "%s/%s/%s", cgroup_user_tree, username, id);
} else
- r = asprintf(&buf, "/user/%s/master", username);
+ r = asprintf(&buf, "%s/%s/master", cgroup_user_tree, username);
if (r < 0) {
r = PAM_BUF_ERR;
strv_free(controllers);
strv_free(reset_controllers);
+ free(cgroup_user_tree);
+
return r;
}
struct passwd *pw;
const void *created = NULL;
char **controllers = NULL, **c, **kill_only_users = NULL, **kill_exclude_users = NULL;
+ char *cgroup_user_tree = NULL;
assert(handle);
if ((r = get_user_data(handle, &username, &pw)) != PAM_SUCCESS)
goto finish;
+ if ((r = cg_get_user_path(&cgroup_user_tree)) < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to determine user cgroup tree: %s", strerror(-r));
+ r = PAM_SYSTEM_ERR;
+ goto finish;
+ }
+
if ((lock_fd = open_file_and_lock(RUNTIME_DIR "/user/.pam-systemd-lock")) < 0) {
pam_syslog(handle, LOG_ERR, "Failed to lock runtime directory: %m");
r = PAM_SYSTEM_ERR;
}
/* We are probably still in some session/user dir. Move ourselves out of the way as first step */
- if ((r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, "/user", 0)) < 0)
+ if ((r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_user_tree, 0)) < 0)
pam_syslog(handle, LOG_ERR, "Failed to move us away: %s", strerror(-r));
STRV_FOREACH(c, controllers)
- if ((r = cg_attach(*c, "/user", 0)) < 0)
+ if ((r = cg_attach(*c, cgroup_user_tree, 0)) < 0)
pam_syslog(handle, LOG_ERR, "Failed to move us away in %s hierarchy: %s", *c, strerror(-r));
- if (asprintf(&user_path, "/user/%s", username) < 0) {
+ if (asprintf(&user_path, "%s/%s", cgroup_user_tree, username) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
if ((id = pam_getenv(handle, "XDG_SESSION_ID")) && created) {
- if (asprintf(&session_path, "/user/%s/%s", username, id) < 0 ||
- asprintf(&nosession_path, "/user/%s/master", username) < 0) {
+ if (asprintf(&session_path, "%s/%s/%s", cgroup_user_tree, username, id) < 0 ||
+ asprintf(&nosession_path, "%s/%s/master", cgroup_user_tree, username) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
strv_free(kill_exclude_users);
strv_free(kill_only_users);
+ free(cgroup_user_tree);
+
return r;
}