#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <sys/epoll.h>
+#include <fcntl.h>
#include "logind-session.h"
#include "strv.h"
if (!s)
return NULL;
- s->state_file = strappend("/run/systemd/session/", id);
+ s->state_file = strappend("/run/systemd/sessions/", id);
if (!s->state_file) {
free(s);
return NULL;
}
s->manager = m;
- s->pipe_fd = -1;
+ s->fifo_fd = -1;
s->user = u;
LIST_PREPEND(Session, sessions_by_user, u->sessions, s);
LIST_REMOVE(Session, sessions_by_seat, s->seat->sessions, s);
}
+ if (s->cgroup_path)
+ hashmap_remove(s->manager->cgroups, s->cgroup_path);
+
free(s->cgroup_path);
strv_free(s->controllers);
free(s->display);
free(s->remote_host);
free(s->remote_user);
+ free(s->service);
hashmap_remove(s->manager->sessions, s->id);
+ session_remove_fifo(s);
+
free(s->state_file);
free(s);
}
assert(s);
- r = safe_mkdir("/run/systemd/session", 0755, 0, 0);
+ if (!s->started)
+ return 0;
+
+ r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
s->remote,
s->kill_processes);
+ if (s->type >= 0)
+ fprintf(f,
+ "TYPE=%s\n",
+ session_type_to_string(s->type));
+
if (s->cgroup_path)
fprintf(f,
"CGROUP=%s\n",
s->cgroup_path);
+ if (s->fifo_path)
+ fprintf(f,
+ "FIFO=%s\n",
+ s->fifo_path);
+
if (s->seat)
fprintf(f,
"SEAT=%s\n",
"REMOTE_USER=%s\n",
s->remote_user);
+ if (s->service)
+ fprintf(f,
+ "SERVICE=%s\n",
+ s->service);
+
if (s->seat && seat_is_vtconsole(s->seat))
fprintf(f,
"VTNR=%i\n",
*seat = NULL,
*vtnr = NULL,
*leader = NULL,
- *audit_id = NULL;
+ *audit_id = NULL,
+ *type = NULL;
int k, r;
"REMOTE", &remote,
"KILL_PROCESSES", &kill_processes,
"CGROUP", &s->cgroup_path,
+ "FIFO", &s->fifo_path,
"SEAT", &seat,
"TTY", &s->tty,
"DISPLAY", &s->display,
"REMOTE_HOST", &s->remote_host,
"REMOTE_USER", &s->remote_user,
+ "SERVICE", &s->service,
"VTNR", &vtnr,
"LEADER", &leader,
- "AUDIT_ID", &audit_id,
+ "TYPE", &type,
NULL);
if (r < 0)
pid_t pid;
k = parse_pid(leader, &pid);
- if (k >= 0 && pid >= 1)
+ if (k >= 0 && pid >= 1) {
s->leader = pid;
+
+ audit_session_from_pid(pid, &s->audit_id);
+ }
}
- if (audit_id) {
- uint32_t l;
+ if (type) {
+ SessionType t;
+
+ t = session_type_from_string(type);
+ if (t >= 0)
+ s->type = t;
+ }
+
+ if (s->fifo_path) {
+ int fd;
+
+ /* If we open an unopened pipe for reading we will not
+ get an EOF. to trigger an EOF we hence open it for
+ reading, but close it right-away which then will
+ trigger the EOF. */
- k = safe_atou32(audit_id, &l);
- if (k >= 0 && l >= l)
- s->audit_id = l;
+ fd = session_create_fifo(s);
+ if (fd >= 0)
+ close_nointr_nofail(fd);
}
+
finish:
free(remote);
free(kill_processes);
return seat_apply_acls(s->seat, old_active);
}
-bool x11_display_is_local(const char *display) {
- assert(display);
-
- return
- display[0] == ':' &&
- display[1] >= '0' &&
- display[1] <= '9';
-}
-
static int session_link_x11_socket(Session *s) {
char *t, *f, *c;
size_t k;
if (s->user->display)
return 0;
- if (!s->display || !x11_display_is_local(s->display))
+ if (!s->display || !display_is_local(s->display))
return 0;
k = strspn(s->display+1, "0123456789");
return -ENOENT;
}
- t = strappend(s->user->runtime_path, "/display");
+ t = strappend(s->user->runtime_path, "/X11/display");
if (!t) {
log_error("Out of memory");
free(f);
return -ENOMEM;
}
+ mkdir_parents(t, 0755);
+
if (link(f, t) < 0) {
if (errno == EEXIST) {
unlink(t);
return 0;
}
+static int session_create_one_group(Session *s, const char *controller, const char *path) {
+ int r;
+
+ assert(s);
+ assert(controller);
+ assert(path);
+
+ if (s->leader > 0) {
+ r = cg_create_and_attach(controller, path, s->leader);
+ if (r < 0)
+ r = cg_create(controller, path);
+ } else
+ r = cg_create(controller, path);
+
+ if (r < 0)
+ return r;
+
+ r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid);
+ if (r >= 0)
+ r = cg_set_group_access(controller, path, 0755, s->user->uid, s->user->gid);
+
+ return r;
+}
+
static int session_create_cgroup(Session *s) {
char **k;
char *p;
} else
p = s->cgroup_path;
- if (s->leader > 0)
- r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, p, s->leader);
- else
- r = cg_create(SYSTEMD_CGROUP_CONTROLLER, p);
-
+ r = session_create_one_group(s, SYSTEMD_CGROUP_CONTROLLER, p);
if (r < 0) {
+ log_error("Failed to create "SYSTEMD_CGROUP_CONTROLLER":%s: %s", p, strerror(-r));
free(p);
s->cgroup_path = NULL;
- log_error("Failed to create "SYSTEMD_CGROUP_CONTROLLER":%s: %s", p, strerror(-r));
return r;
}
s->cgroup_path = p;
+ STRV_FOREACH(k, s->controllers) {
+
+ if (strv_contains(s->reset_controllers, *k))
+ continue;
+
+ r = session_create_one_group(s, *k, p);
+ if (r < 0)
+ log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r));
+ }
+
STRV_FOREACH(k, s->manager->controllers) {
- if (s->leader > 0)
- r = cg_create_and_attach(*k, p, s->leader);
- else
- r = cg_create(*k, p);
+ if (strv_contains(s->reset_controllers, *k) ||
+ strv_contains(s->manager->reset_controllers, *k) ||
+ strv_contains(s->controllers, *k))
+ continue;
+
+ r = session_create_one_group(s, *k, p);
if (r < 0)
- log_warning("Failed to create cgroup %s:%s: %s", *k, p, strerror(-r));
+ log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r));
}
+ if (s->leader > 0) {
+
+ STRV_FOREACH(k, s->reset_controllers) {
+ r = cg_attach(*k, "/", s->leader);
+ if (r < 0)
+ log_warning("Failed to reset controller %s: %s", *k, strerror(-r));
+
+ }
+
+ STRV_FOREACH(k, s->manager->reset_controllers) {
+
+ if (strv_contains(s->reset_controllers, *k) ||
+ strv_contains(s->controllers, *k))
+ continue;
+
+ r = cg_attach(*k, "/", s->leader);
+ if (r < 0)
+ log_warning("Failed to reset controller %s: %s", *k, strerror(-r));
+
+ }
+ }
+
+ hashmap_put(s->manager->cgroups, s->cgroup_path, s);
+
return 0;
}
if (s->started)
return 0;
+ r = user_start(s->user);
+ if (r < 0)
+ return r;
+
+ log_info("New session %s of user %s.", s->id, s->user->name);
+
/* Create cgroup */
r = session_create_cgroup(s);
if (r < 0)
/* Create X11 symlink */
session_link_x11_socket(s);
- /* Save session data */
- session_save(s);
-
dual_timestamp_get(&s->timestamp);
+ if (s->seat)
+ seat_read_active_vt(s->seat);
+
s->started = true;
+ /* Save session data */
+ session_save(s);
+ user_save(s->user);
+
session_send_signal(s, true);
if (s->seat) {
+ seat_save(s->seat);
+
if (s->seat->active == s)
seat_send_changed(s->seat, "Sessions\0ActiveSession\0");
else
static bool session_shall_kill(Session *s) {
assert(s);
- return s->kill_processes;
+ if (!s->kill_processes)
+ return false;
+
+ if (strv_contains(s->manager->kill_exclude_users, s->user->name))
+ return false;
+
+ if (strv_isempty(s->manager->kill_only_users))
+ return true;
+
+ return strv_contains(s->manager->kill_only_users, s->user->name);
}
-static int session_kill_cgroup(Session *s) {
+static int session_terminate_cgroup(Session *s) {
int r;
char **k;
STRV_FOREACH(k, s->user->manager->controllers)
cg_trim(*k, s->cgroup_path, true);
+ hashmap_remove(s->manager->cgroups, s->cgroup_path);
+
free(s->cgroup_path);
s->cgroup_path = NULL;
s->user->display = NULL;
- t = strappend(s->user->runtime_path, "/display");
+ t = strappend(s->user->runtime_path, "/X11/display");
if (!t) {
log_error("Out of memory");
return -ENOMEM;
assert(s);
- if (!s->started)
- return 0;
+ if (s->started)
+ log_info("Removed session %s.", s->id);
/* Kill cgroup */
- k = session_kill_cgroup(s);
+ k = session_terminate_cgroup(s);
if (k < 0)
r = k;
unlink(s->state_file);
session_add_to_gc_queue(s);
+ user_add_to_gc_queue(s->user);
- session_send_signal(s, false);
+ if (s->started)
+ session_send_signal(s, false);
if (s->seat) {
if (s->seat->active == s)
"IdleSinceHintMonotonic\0");
}
-int session_check_gc(Session *s) {
+int session_create_fifo(Session *s) {
int r;
assert(s);
- if (s->pipe_fd >= 0) {
+ /* Create FIFO */
+ if (!s->fifo_path) {
+ r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ if (r < 0)
+ return r;
+
+ if (asprintf(&s->fifo_path, "/run/systemd/sessions/%s.ref", s->id) < 0)
+ return -ENOMEM;
+
+ if (mkfifo(s->fifo_path, 0600) < 0 && errno != EEXIST)
+ return -errno;
+ }
+
+ /* Open reading side */
+ if (s->fifo_fd < 0) {
+ struct epoll_event ev;
- r = pipe_eof(s->pipe_fd);
+ s->fifo_fd = open(s->fifo_path, O_RDONLY|O_CLOEXEC|O_NDELAY);
+ if (s->fifo_fd < 0)
+ return -errno;
+
+ r = hashmap_put(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1), s);
+ if (r < 0)
+ return r;
+
+ zero(ev);
+ ev.events = 0;
+ ev.data.u32 = FD_FIFO_BASE + s->fifo_fd;
+
+ if (epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_ADD, s->fifo_fd, &ev) < 0)
+ return -errno;
+ }
+
+ /* Open writing side */
+ r = open(s->fifo_path, O_WRONLY|O_CLOEXEC|O_NDELAY);
+ if (r < 0)
+ return -errno;
+
+ return r;
+}
+
+void session_remove_fifo(Session *s) {
+ assert(s);
+
+ if (s->fifo_fd >= 0) {
+ assert_se(hashmap_remove(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
+ assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0);
+ close_nointr_nofail(s->fifo_fd);
+ s->fifo_fd = -1;
+ }
+
+ if (s->fifo_path) {
+ unlink(s->fifo_path);
+ free(s->fifo_path);
+ s->fifo_path = NULL;
+ }
+}
+
+int session_check_gc(Session *s, bool drop_not_started) {
+ int r;
+
+ assert(s);
+
+ if (drop_not_started && !s->started)
+ return 0;
+
+ if (s->fifo_fd >= 0) {
+
+ r = pipe_eof(s->fifo_fd);
if (r < 0)
return r;
s->in_gc_queue = true;
}
+int session_kill(Session *s, KillWho who, int signo) {
+ int r = 0;
+ Set *pid_set = NULL;
+
+ assert(s);
+
+ if (!s->cgroup_path)
+ return -ESRCH;
+
+ if (s->leader <= 0 && who == KILL_LEADER)
+ return -ESRCH;
+
+ if (s->leader > 0)
+ if (kill(s->leader, signo) < 0)
+ r = -errno;
+
+ if (who == KILL_ALL) {
+ int q;
+
+ pid_set = set_new(trivial_hash_func, trivial_compare_func);
+ if (!pid_set)
+ return -ENOMEM;
+
+ if (s->leader > 0) {
+ q = set_put(pid_set, LONG_TO_PTR(s->leader));
+ if (q < 0)
+ r = q;
+ }
+
+ q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, signo, false, true, false, pid_set);
+ if (q < 0)
+ if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+ r = q;
+ }
+
+ if (pid_set)
+ set_free(pid_set);
+
+ return r;
+}
+
static const char* const session_type_table[_SESSION_TYPE_MAX] = {
[SESSION_TTY] = "tty",
- [SESSION_X11] = "x11"
+ [SESSION_X11] = "x11",
+ [SESSION_UNSPECIFIED] = "unspecified"
};
DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
+
+static const char* const kill_who_table[_KILL_WHO_MAX] = {
+ [KILL_LEADER] = "leader",
+ [KILL_ALL] = "all"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
~ianmdlvl / elogind.git / blobdiff