X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogin%2Flogind-user.c;h=b8abc6af0135b267ea433a58a048366875025b71;hp=0a0836afae85abac94e86d4c5a48fb98d2c0d31c;hb=3388ec3d75fe3000f63514d118a5783ccee0bb3d;hpb=1dc76d84ae35f23e10f37925df55bc66c61b0eaa diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 0a0836afa..b8abc6af0 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -1,5 +1,3 @@ -/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ - /*** This file is part of systemd. @@ -28,12 +26,13 @@ #include "bus-common-errors.h" #include "bus-error.h" #include "bus-util.h" +#include "cgroup-util.h" #include "clean-ipc.h" #include "conf-parser.h" #include "escape.h" #include "fd-util.h" #include "fileio.h" -#include "formats-util.h" +#include "format-util.h" #include "fs-util.h" #include "hashmap.h" #include "label.h" @@ -51,6 +50,9 @@ #include "user-util.h" #include "util.h" +#if 1 /// elogind uses a static value here +# define SPECIAL_USER_SLICE "user.slice" +#endif // 1 int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) { _cleanup_(user_freep) User *u = NULL; char lu[DECIMAL_STR_MAX(uid_t) + 1]; @@ -79,7 +81,7 @@ int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) { if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0) return -ENOMEM; - r = slice_build_subslice("user.slice", lu, &u->slice); + r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice); if (r < 0) return r; @@ -126,6 +128,7 @@ User *user_free(User *u) { u->slice_job = mfree(u->slice_job); u->service_job = mfree(u->service_job); #endif // 0 + u->service = mfree(u->service); u->slice = mfree(u->slice); u->runtime_path = mfree(u->runtime_path); @@ -318,8 +321,7 @@ int user_load(User *u) { if (r == -ENOENT) return 0; - log_error_errno(r, "Failed to read %s: %m", u->state_file); - return r; + return log_error_errno(r, "Failed to read %s: %m", u->state_file); } if (display) @@ -328,17 +330,10 @@ int user_load(User *u) { if (s && s->display && display_is_local(s->display)) u->display = s; - if (realtime) { - unsigned long long l; - if (sscanf(realtime, "%llu", &l) > 0) - u->timestamp.realtime = l; - } - - if (monotonic) { - unsigned long long l; - if (sscanf(monotonic, "%llu", &l) > 0) - u->timestamp.monotonic = l; - } + if (realtime) + timestamp_deserialize(realtime, &u->timestamp.realtime); + if (monotonic) + timestamp_deserialize(monotonic, &u->timestamp.monotonic); return r; } @@ -352,7 +347,7 @@ static int user_mkdir_runtime_path(User *u) { if (r < 0) return log_error_errno(r, "Failed to create /run/user: %m"); - if (path_is_mount_point(u->runtime_path, 0) <= 0) { + if (path_is_mount_point(u->runtime_path, NULL, 0) <= 0) { _cleanup_free_ char *t = NULL; (void) mkdir_label(u->runtime_path, 0700); @@ -368,14 +363,12 @@ static int user_mkdir_runtime_path(User *u) { r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { - if (errno != EPERM) { + if (errno != EPERM && errno != EACCES) { r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path); goto fail; } - /* Lacking permissions, maybe - * CAP_SYS_ADMIN-less container? In this case, - * just use a normal directory. */ + log_debug_errno(errno, "Failed to mount per-user tmpfs directory %s, assuming containerized execution, ignoring: %m", u->runtime_path); r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid); if (r < 0) { @@ -392,14 +385,14 @@ static int user_mkdir_runtime_path(User *u) { return 0; fail: - /* Try to clean up, but ignore errors */ + /* Try to clean up, but ignore errors */ (void) rmdir(u->runtime_path); return r; } static int user_start_slice(User *u) { #if 0 /// elogind can not ask systemd via dbus to start user services - _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; const char *description; char *job; int r; @@ -418,13 +411,12 @@ static int user_start_slice(User *u) { u->manager->user_tasks_max, &error, &job); - if (r < 0) { + if (r >= 0) + u->slice_job = job; + else if (!sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS)) /* we don't fail due to this, let's try to continue */ - if (!sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS)) - log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)", u->slice, bus_error_message(&error, r), error.name); - } else { - u->slice_job = job; - } + log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)", + u->slice, bus_error_message(&error, r), error.name); #else assert(u); @@ -436,7 +428,7 @@ static int user_start_slice(User *u) { static int user_start_service(User *u) { #if 0 /// elogind can not ask systemd via dbus to start user services - _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; char *job; int r; @@ -449,11 +441,11 @@ static int user_start_service(User *u) { u->service, &error, &job); - if (r < 0) { + if (r < 0) { /* we don't fail due to this, let's try to continue */ log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r)); - } else { - u->service_job = job; + } else { + u->service_job = job; } #else assert(u); @@ -527,7 +519,7 @@ int user_start(User *u) { #if 0 /// UNNEEDED by elogind static int user_stop_slice(User *u) { - _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; char *job; int r; @@ -546,7 +538,7 @@ static int user_stop_slice(User *u) { } static int user_stop_service(User *u) { - _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; char *job; int r; @@ -644,9 +636,14 @@ int user_finalize(User *u) { if (k < 0) r = k; - /* Clean SysV + POSIX IPC objects */ - if (u->manager->remove_ipc) { - k = clean_ipc(u->uid); + /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs + * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to + * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such + * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because + * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, + * and do it only for normal users. */ + if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) { + k = clean_ipc_by_uid(u->uid); if (k < 0) r = k; } @@ -895,7 +892,6 @@ int config_parse_tmpfs_size( void *userdata) { size_t *sz = data; - const char *e; int r; assert(filename); @@ -903,35 +899,78 @@ int config_parse_tmpfs_size( assert(rvalue); assert(data); - e = endswith(rvalue, "%"); - if (e) { - unsigned long ul; - char *f; + /* First, try to parse as percentage */ + r = parse_percent(rvalue); + if (r > 0 && r < 100) + *sz = physical_memory_scale(r, 100U); + else { + uint64_t k; - errno = 0; - ul = strtoul(rvalue, &f, 10); - if (errno > 0 || f != e) { - log_syntax(unit, LOG_ERR, filename, line, errno, "Failed to parse percentage value, ignoring: %s", rvalue); - return 0; - } + /* If the passed argument was not a percentage, or out of range, parse as byte size */ - if (ul <= 0 || ul >= 100) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Percentage value out of range, ignoring: %s", rvalue); + r = parse_size(rvalue, 1024, &k); + if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue); return 0; } - *sz = PAGE_ALIGN((size_t) ((physical_memory() * (uint64_t) ul) / (uint64_t) 100)); - } else { - uint64_t k = 0; + *sz = PAGE_ALIGN((size_t) k); + } - r = parse_size(rvalue, 1024, &k); - if (r < 0 || (uint64_t) (size_t) k != k) { - log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue); + return 0; +} + +int config_parse_user_tasks_max( + const char* unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + uint64_t *m = data; + uint64_t k; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + if (isempty(rvalue)) { + *m = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U); + return 0; + } + + if (streq(rvalue, "infinity")) { + *m = CGROUP_LIMIT_MAX; + return 0; + } + + /* Try to parse as percentage */ + r = parse_percent(rvalue); + if (r >= 0) + k = system_tasks_max_scale(r, 100U); + else { + + /* If the passed argument was not a percentage, or out of range, parse as byte size */ + + r = safe_atou64(rvalue, &k); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse tasks maximum, ignoring: %s", rvalue); return 0; } + } - *sz = PAGE_ALIGN((size_t) k); + if (k <= 0 || k >= UINT64_MAX) { + log_syntax(unit, LOG_ERR, filename, line, 0, "Tasks maximum out of range, ignoring: %s", rvalue); + return 0; } + *m = k; return 0; }