2 This file is part of systemd.
4 Copyright 2011 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/mount.h>
25 #include "alloc-util.h"
26 #include "bus-common-errors.h"
27 #include "bus-error.h"
29 #include "clean-ipc.h"
30 #include "conf-parser.h"
34 #include "formats-util.h"
38 #include "logind-user.h"
40 #include "mount-util.h"
41 #include "parse-util.h"
42 #include "path-util.h"
44 #include "smack-util.h"
45 //#include "special.h"
46 #include "stdio-util.h"
47 #include "string-table.h"
48 #include "unit-name.h"
49 #include "user-util.h"
52 #if 1 /// elogind uses a static value here
53 # define SPECIAL_USER_SLICE "user.slice"
55 int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) {
56 _cleanup_(user_freep) User *u = NULL;
57 char lu[DECIMAL_STR_MAX(uid_t) + 1];
71 xsprintf(lu, UID_FMT, uid);
73 u->name = strdup(name);
77 if (asprintf(&u->state_file, "/run/systemd/users/"UID_FMT, uid) < 0)
80 if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0)
83 r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice);
87 r = unit_name_build("user", lu, ".service", &u->service);
91 r = hashmap_put(m->users, UID_TO_PTR(uid), u);
95 r = hashmap_put(m->user_units, u->slice, u);
99 r = hashmap_put(m->user_units, u->service, u);
108 User *user_free(User *u) {
113 LIST_REMOVE(gc_queue, u->manager->user_gc_queue, u);
116 session_free(u->sessions);
119 hashmap_remove_value(u->manager->user_units, u->service, u);
122 hashmap_remove_value(u->manager->user_units, u->slice, u);
124 hashmap_remove_value(u->manager->users, UID_TO_PTR(u->uid), u);
126 #if 0 /// elogind neither supports slice nor service jobs.
127 u->slice_job = mfree(u->slice_job);
128 u->service_job = mfree(u->service_job);
131 u->service = mfree(u->service);
132 u->slice = mfree(u->slice);
133 u->runtime_path = mfree(u->runtime_path);
134 u->state_file = mfree(u->state_file);
135 u->name = mfree(u->name);
140 static int user_save_internal(User *u) {
141 _cleanup_free_ char *temp_path = NULL;
142 _cleanup_fclose_ FILE *f = NULL;
146 assert(u->state_file);
148 r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
152 r = fopen_temporary(u->state_file, &f, &temp_path);
156 fchmod(fileno(f), 0644);
159 "# This is private data. Do not parse.\n"
163 user_state_to_string(user_get_state(u)));
165 /* LEGACY: no-one reads RUNTIME= anymore, drop it at some point */
167 fprintf(f, "RUNTIME=%s\n", u->runtime_path);
169 #if 0 /// elogind neither supports service nor slice jobs
171 fprintf(f, "SERVICE_JOB=%s\n", u->service_job);
174 fprintf(f, "SLICE_JOB=%s\n", u->slice_job);
178 fprintf(f, "DISPLAY=%s\n", u->display->id);
180 if (dual_timestamp_is_set(&u->timestamp))
182 "REALTIME="USEC_FMT"\n"
183 "MONOTONIC="USEC_FMT"\n",
184 u->timestamp.realtime,
185 u->timestamp.monotonic);
191 fputs("SESSIONS=", f);
193 LIST_FOREACH(sessions_by_user, i, u->sessions) {
202 fputs("\nSEATS=", f);
204 LIST_FOREACH(sessions_by_user, i, u->sessions) {
213 fputs(i->seat->id, f);
216 fputs("\nACTIVE_SESSIONS=", f);
218 LIST_FOREACH(sessions_by_user, i, u->sessions) {
219 if (!session_is_active(i))
230 fputs("\nONLINE_SESSIONS=", f);
232 LIST_FOREACH(sessions_by_user, i, u->sessions) {
233 if (session_get_state(i) == SESSION_CLOSING)
244 fputs("\nACTIVE_SEATS=", f);
246 LIST_FOREACH(sessions_by_user, i, u->sessions) {
247 if (!session_is_active(i) || !i->seat)
255 fputs(i->seat->id, f);
258 fputs("\nONLINE_SEATS=", f);
260 LIST_FOREACH(sessions_by_user, i, u->sessions) {
261 if (session_get_state(i) == SESSION_CLOSING || !i->seat)
269 fputs(i->seat->id, f);
274 r = fflush_and_check(f);
278 if (rename(temp_path, u->state_file) < 0) {
286 (void) unlink(u->state_file);
289 (void) unlink(temp_path);
291 return log_error_errno(r, "Failed to save user data %s: %m", u->state_file);
294 int user_save(User *u) {
300 return user_save_internal (u);
303 int user_load(User *u) {
304 _cleanup_free_ char *display = NULL, *realtime = NULL, *monotonic = NULL;
310 r = parse_env_file(u->state_file, NEWLINE,
311 #if 0 /// elogind neither supports service nor slice jobs
312 "SERVICE_JOB", &u->service_job,
313 "SLICE_JOB", &u->slice_job,
316 "REALTIME", &realtime,
317 "MONOTONIC", &monotonic,
323 return log_error_errno(r, "Failed to read %s: %m", u->state_file);
327 s = hashmap_get(u->manager->sessions, display);
329 if (s && s->display && display_is_local(s->display))
333 timestamp_deserialize(realtime, &u->timestamp.realtime);
335 timestamp_deserialize(monotonic, &u->timestamp.monotonic);
340 static int user_mkdir_runtime_path(User *u) {
345 r = mkdir_safe_label("/run/user", 0755, 0, 0);
347 return log_error_errno(r, "Failed to create /run/user: %m");
349 if (path_is_mount_point(u->runtime_path, 0) <= 0) {
350 _cleanup_free_ char *t = NULL;
352 (void) mkdir_label(u->runtime_path, 0700);
355 r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
357 r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
363 r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t);
365 if (errno != EPERM) {
366 r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path);
370 /* Lacking permissions, maybe
371 * CAP_SYS_ADMIN-less container? In this case,
372 * just use a normal directory. */
374 r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid);
376 log_error_errno(r, "Failed to change runtime directory ownership and mode: %m");
381 r = label_fix(u->runtime_path, false, false);
383 log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", u->runtime_path);
389 /* Try to clean up, but ignore errors */
390 (void) rmdir(u->runtime_path);
394 static int user_start_slice(User *u) {
395 #if 0 /// elogind can not ask systemd via dbus to start user services
396 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
397 const char *description;
403 u->slice_job = mfree(u->slice_job);
404 description = strjoina("User Slice of ", u->name);
406 r = manager_start_slice(
410 "systemd-logind.service",
411 "systemd-user-sessions.service",
412 u->manager->user_tasks_max,
417 else if (!sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS))
418 /* we don't fail due to this, let's try to continue */
419 log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)",
420 u->slice, bus_error_message(&error, r), error.name);
424 hashmap_put(u->manager->user_units, u->slice, u);
430 static int user_start_service(User *u) {
431 #if 0 /// elogind can not ask systemd via dbus to start user services
432 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
438 u->service_job = mfree(u->service_job);
440 r = manager_start_unit(
446 /* we don't fail due to this, let's try to continue */
447 log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r));
449 u->service_job = job;
454 hashmap_put(u->manager->user_units, u->service, u);
460 int user_start(User *u) {
465 if (u->started && !u->stopping)
469 * If u->stopping is set, the user is marked for removal and the slice
470 * and service stop-jobs are queued. We have to clear that flag before
471 * queing the start-jobs again. If they succeed, the user object can be
472 * re-used just fine (pid1 takes care of job-ordering and proper
473 * restart), but if they fail, we want to force another user_stop() so
474 * possibly pending units are stopped.
475 * Note that we don't clear u->started, as we have no clue what state
476 * the user is in on failure here. Hence, we pretend the user is
477 * running so it will be properly taken down by GC. However, we clearly
478 * return an error from user_start() in that case, so no further
479 * reference to the user is taken.
484 log_debug("New user %s logged in.", u->name);
486 /* Make XDG_RUNTIME_DIR */
487 r = user_mkdir_runtime_path(u);
493 r = user_start_slice(u);
497 /* Save the user data so far, because pam_systemd will read the
498 * XDG_RUNTIME_DIR out of it while starting up systemd --user.
499 * We need to do user_save_internal() because we have not
500 * "officially" started yet. */
501 user_save_internal(u);
503 /* Spawn user systemd */
504 r = user_start_service(u);
509 if (!dual_timestamp_is_set(&u->timestamp))
510 dual_timestamp_get(&u->timestamp);
511 user_send_signal(u, true);
515 /* Save new user data */
521 #if 0 /// UNNEEDED by elogind
522 static int user_stop_slice(User *u) {
523 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
529 r = manager_stop_unit(u->manager, u->slice, &error, &job);
531 log_error("Failed to stop user slice: %s", bus_error_message(&error, r));
541 static int user_stop_service(User *u) {
542 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
548 r = manager_stop_unit(u->manager, u->service, &error, &job);
550 log_error("Failed to stop user service: %s", bus_error_message(&error, r));
554 free(u->service_job);
555 u->service_job = job;
561 static int user_remove_runtime_path(User *u) {
566 r = rm_rf(u->runtime_path, 0);
568 log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
570 /* Ignore cases where the directory isn't mounted, as that's
571 * quite possible, if we lacked the permissions to mount
573 r = umount2(u->runtime_path, MNT_DETACH);
574 if (r < 0 && errno != EINVAL && errno != ENOENT)
575 log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", u->runtime_path);
577 r = rm_rf(u->runtime_path, REMOVE_ROOT);
579 log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
584 int user_stop(User *u, bool force) {
589 /* Stop jobs have already been queued */
595 LIST_FOREACH(sessions_by_user, s, u->sessions) {
596 k = session_stop(s, force);
602 #if 0 /// elogind does not support service or slice jobs
603 k = user_stop_service(u);
608 k = user_stop_slice(u);
620 int user_finalize(User *u) {
627 log_debug("User %s logged out.", u->name);
629 LIST_FOREACH(sessions_by_user, s, u->sessions) {
630 k = session_finalize(s);
635 /* Kill XDG_RUNTIME_DIR */
636 k = user_remove_runtime_path(u);
640 /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
641 * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
642 * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
643 * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
644 * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
645 * and do it only for normal users. */
646 if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
647 k = clean_ipc_by_uid(u->uid);
652 unlink(u->state_file);
653 user_add_to_gc_queue(u);
656 user_send_signal(u, false);
663 int user_get_idle_hint(User *u, dual_timestamp *t) {
665 bool idle_hint = true;
666 dual_timestamp ts = DUAL_TIMESTAMP_NULL;
670 LIST_FOREACH(sessions_by_user, s, u->sessions) {
674 ih = session_get_idle_hint(s, &k);
680 if (k.monotonic < ts.monotonic)
686 } else if (idle_hint) {
688 if (k.monotonic > ts.monotonic)
699 int user_check_linger_file(User *u) {
700 _cleanup_free_ char *cc = NULL;
703 cc = cescape(u->name);
707 p = strjoina("/var/lib/systemd/linger/", cc);
709 return access(p, F_OK) >= 0;
712 bool user_check_gc(User *u, bool drop_not_started) {
715 if (drop_not_started && !u->started)
721 if (user_check_linger_file(u) > 0)
724 #if 0 /// elogind neither supports service nor slice jobs
725 if (u->slice_job && manager_job_is_active(u->manager, u->slice_job))
728 if (u->service_job && manager_job_is_active(u->manager, u->service_job))
735 void user_add_to_gc_queue(User *u) {
741 LIST_PREPEND(gc_queue, u->manager->user_gc_queue, u);
742 u->in_gc_queue = true;
745 UserState user_get_state(User *u) {
753 #if 0 /// elogind neither supports service nor slice jobs.
754 if (!u->started || u->slice_job || u->service_job)
761 bool all_closing = true;
763 LIST_FOREACH(sessions_by_user, i, u->sessions) {
766 state = session_get_state(i);
767 if (state == SESSION_ACTIVE)
769 if (state != SESSION_CLOSING)
773 return all_closing ? USER_CLOSING : USER_ONLINE;
776 if (user_check_linger_file(u) > 0)
777 return USER_LINGERING;
782 int user_kill(User *u, int signo) {
783 #if 0 /// Without systemd unit support, elogind has to rely on its session system
786 return manager_kill_unit(u->manager, u->slice, KILL_ALL, signo, NULL);
793 LIST_FOREACH(sessions_by_user, s, u->sessions) {
794 int r = session_kill(s, KILL_ALL, signo);
795 if (res == 0 && r < 0)
803 static bool elect_display_filter(Session *s) {
804 /* Return true if the session is a candidate for the user’s ‘primary
805 * session’ or ‘display’. */
808 return (s->class == SESSION_USER && !s->stopping);
811 static int elect_display_compare(Session *s1, Session *s2) {
812 /* Indexed by SessionType. Lower numbers mean more preferred. */
813 const int type_ranks[_SESSION_TYPE_MAX] = {
814 [SESSION_UNSPECIFIED] = 0,
817 [SESSION_WAYLAND] = -3,
822 /* Calculate the partial order relationship between s1 and s2,
823 * returning < 0 if s1 is preferred as the user’s ‘primary session’,
824 * 0 if s1 and s2 are equally preferred or incomparable, or > 0 if s2
827 * s1 or s2 may be NULL. */
831 if ((s1 == NULL) != (s2 == NULL))
832 return (s1 == NULL) - (s2 == NULL);
834 if (s1->stopping != s2->stopping)
835 return s1->stopping - s2->stopping;
837 if ((s1->class != SESSION_USER) != (s2->class != SESSION_USER))
838 return (s1->class != SESSION_USER) - (s2->class != SESSION_USER);
840 if ((s1->type == _SESSION_TYPE_INVALID) != (s2->type == _SESSION_TYPE_INVALID))
841 return (s1->type == _SESSION_TYPE_INVALID) - (s2->type == _SESSION_TYPE_INVALID);
843 if (s1->type != s2->type)
844 return type_ranks[s1->type] - type_ranks[s2->type];
849 void user_elect_display(User *u) {
854 /* This elects a primary session for each user, which we call
855 * the "display". We try to keep the assignment stable, but we
856 * "upgrade" to better choices. */
857 log_debug("Electing new display for user %s", u->name);
859 LIST_FOREACH(sessions_by_user, s, u->sessions) {
860 if (!elect_display_filter(s)) {
861 log_debug("Ignoring session %s", s->id);
865 if (elect_display_compare(s, u->display) < 0) {
866 log_debug("Choosing session %s in preference to %s", s->id, u->display ? u->display->id : "-");
872 static const char* const user_state_table[_USER_STATE_MAX] = {
873 [USER_OFFLINE] = "offline",
874 [USER_OPENING] = "opening",
875 [USER_LINGERING] = "lingering",
876 [USER_ONLINE] = "online",
877 [USER_ACTIVE] = "active",
878 [USER_CLOSING] = "closing"
881 DEFINE_STRING_TABLE_LOOKUP(user_state, UserState);
883 int config_parse_tmpfs_size(
885 const char *filename,
888 unsigned section_line,
903 /* First, try to parse as percentage */
904 r = parse_percent(rvalue);
905 if (r > 0 && r < 100)
906 *sz = physical_memory_scale(r, 100U);
910 /* If the passed argument was not a percentage, or out of range, parse as byte size */
912 r = parse_size(rvalue, 1024, &k);
913 if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) {
914 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue);
918 *sz = PAGE_ALIGN((size_t) k);
924 int config_parse_user_tasks_max(
926 const char *filename,
929 unsigned section_line,
945 /* First, try to parse as percentage */
946 r = parse_percent(rvalue);
948 k = system_tasks_max_scale(r, 100U);
951 /* If the passed argument was not a percentage, or out of range, parse as byte size */
953 r = safe_atou64(rvalue, &k);
955 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse tasks maximum, ignoring: %s", rvalue);
960 if (k <= 0 || k >= UINT64_MAX) {
961 log_syntax(unit, LOG_ERR, filename, line, 0, "Tasks maximum out of range, ignoring: %s", rvalue);
~ianmdlvl / elogind.git / blob