1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include <sys/epoll.h>
28 #include "logind-session.h"
32 #include "cgroup-util.h"
34 #define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE)
36 Session* session_new(Manager *m, User *u, const char *id) {
46 s->state_file = strappend("/run/systemd/sessions/", id);
52 s->id = file_name_from_path(s->state_file);
54 if (hashmap_put(m->sessions, s->id, s) < 0) {
64 LIST_PREPEND(Session, sessions_by_user, u->sessions, s);
69 void session_free(Session *s) {
73 LIST_REMOVE(Session, gc_queue, s->manager->session_gc_queue, s);
76 LIST_REMOVE(Session, sessions_by_user, s->user->sessions, s);
78 if (s->user->display == s)
79 s->user->display = NULL;
83 if (s->seat->active == s)
84 s->seat->active = NULL;
86 LIST_REMOVE(Session, sessions_by_seat, s->seat->sessions, s);
90 hashmap_remove(s->manager->cgroups, s->cgroup_path);
93 strv_free(s->controllers);
101 hashmap_remove(s->manager->sessions, s->id);
103 session_remove_fifo(s);
109 int session_save(Session *s) {
119 r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
123 r = fopen_temporary(s->state_file, &f, &temp_path);
129 fchmod(fileno(f), 0644);
132 "# This is private data. Do not parse.\n"
137 "KILL_PROCESSES=%i\n",
138 (unsigned long) s->user->uid,
140 session_is_active(s),
147 session_type_to_string(s->type));
152 session_class_to_string(s->class));
194 if (s->seat && seat_can_multi_session(s->seat))
202 (unsigned long) s->leader);
207 (unsigned long long) s->audit_id);
211 if (ferror(f) || rename(temp_path, s->state_file) < 0) {
213 unlink(s->state_file);
222 log_error("Failed to save session data for %s: %s", s->id, strerror(-r));
227 int session_load(Session *s) {
229 *kill_processes = NULL,
241 r = parse_env_file(s->state_file, NEWLINE,
243 "KILL_PROCESSES", &kill_processes,
244 "CGROUP", &s->cgroup_path,
245 "FIFO", &s->fifo_path,
248 "DISPLAY", &s->display,
249 "REMOTE_HOST", &s->remote_host,
250 "REMOTE_USER", &s->remote_user,
251 "SERVICE", &s->service,
262 k = parse_boolean(remote);
267 if (kill_processes) {
268 k = parse_boolean(kill_processes);
270 s->kill_processes = k;
273 if (seat && !s->seat) {
276 o = hashmap_get(s->manager->seats, seat);
278 seat_attach_session(o, s);
281 if (vtnr && s->seat && seat_can_multi_session(s->seat)) {
284 k = safe_atoi(vtnr, &v);
285 if (k >= 0 && v >= 1)
292 k = parse_pid(leader, &pid);
293 if (k >= 0 && pid >= 1) {
296 audit_session_from_pid(pid, &s->audit_id);
303 t = session_type_from_string(type);
311 c = session_class_from_string(class);
319 /* If we open an unopened pipe for reading we will not
320 get an EOF. to trigger an EOF we hence open it for
321 reading, but close it right-away which then will
324 fd = session_create_fifo(s);
326 close_nointr_nofail(fd);
332 free(kill_processes);
341 int session_activate(Session *s) {
352 if (s->seat->active == s)
355 assert(seat_is_vtconsole(s->seat));
361 return seat_set_active(s->seat, s);
364 static int session_link_x11_socket(Session *s) {
370 assert(s->user->runtime_path);
372 if (s->user->display)
375 if (!s->display || !display_is_local(s->display))
378 k = strspn(s->display+1, "0123456789");
379 f = new(char, sizeof("/tmp/.X11-unix/X") + k);
381 log_error("Out of memory");
385 c = stpcpy(f, "/tmp/.X11-unix/X");
386 memcpy(c, s->display+1, k);
389 if (access(f, F_OK) < 0) {
390 log_warning("Session %s has display %s with nonexisting socket %s.", s->id, s->display, f);
395 /* Note that this cannot be in a subdir to avoid
396 * vulnerabilities since we are privileged but the runtime
397 * path is owned by the user */
399 t = strappend(s->user->runtime_path, "/X11-display");
401 log_error("Out of memory");
406 if (link(f, t) < 0) {
407 if (errno == EEXIST) {
414 if (symlink(f, t) < 0) {
416 if (errno == EEXIST) {
419 if (symlink(f, t) >= 0)
423 log_error("Failed to link %s to %s: %m", f, t);
431 log_info("Linked %s to %s.", f, t);
435 s->user->display = s;
440 static int session_create_one_group(Session *s, const char *controller, const char *path) {
448 r = cg_create_and_attach(controller, path, s->leader);
450 r = cg_create(controller, path);
452 r = cg_create(controller, path);
457 r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid, -1);
459 r = cg_set_group_access(controller, path, 0755, s->user->uid, s->user->gid);
464 static int session_create_cgroup(Session *s) {
471 assert(s->user->cgroup_path);
473 if (!s->cgroup_path) {
474 if (asprintf(&p, "%s/%s", s->user->cgroup_path, s->id) < 0) {
475 log_error("Out of memory");
481 r = session_create_one_group(s, SYSTEMD_CGROUP_CONTROLLER, p);
483 log_error("Failed to create "SYSTEMD_CGROUP_CONTROLLER":%s: %s", p, strerror(-r));
485 s->cgroup_path = NULL;
491 STRV_FOREACH(k, s->controllers) {
493 if (strv_contains(s->reset_controllers, *k))
496 r = session_create_one_group(s, *k, p);
498 log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r));
501 STRV_FOREACH(k, s->manager->controllers) {
503 if (strv_contains(s->reset_controllers, *k) ||
504 strv_contains(s->manager->reset_controllers, *k) ||
505 strv_contains(s->controllers, *k))
508 r = session_create_one_group(s, *k, p);
510 log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r));
515 STRV_FOREACH(k, s->reset_controllers) {
516 r = cg_attach(*k, "/", s->leader);
518 log_warning("Failed to reset controller %s: %s", *k, strerror(-r));
522 STRV_FOREACH(k, s->manager->reset_controllers) {
524 if (strv_contains(s->reset_controllers, *k) ||
525 strv_contains(s->controllers, *k))
528 r = cg_attach(*k, "/", s->leader);
530 log_warning("Failed to reset controller %s: %s", *k, strerror(-r));
535 hashmap_put(s->manager->cgroups, s->cgroup_path, s);
540 int session_start(Session *s) {
549 r = user_start(s->user);
553 log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG,
554 "New session %s of user %s.", s->id, s->user->name);
557 r = session_create_cgroup(s);
561 /* Create X11 symlink */
562 session_link_x11_socket(s);
564 dual_timestamp_get(&s->timestamp);
567 seat_read_active_vt(s->seat);
571 /* Save session data */
575 session_send_signal(s, true);
580 if (s->seat->active == s)
581 seat_send_changed(s->seat, "Sessions\0ActiveSession\0");
583 seat_send_changed(s->seat, "Sessions\0");
586 user_send_changed(s->user, "Sessions\0");
591 static bool session_shall_kill(Session *s) {
594 if (!s->kill_processes)
597 if (strv_contains(s->manager->kill_exclude_users, s->user->name))
600 if (strv_isempty(s->manager->kill_only_users))
603 return strv_contains(s->manager->kill_only_users, s->user->name);
606 static int session_terminate_cgroup(Session *s) {
615 cg_trim(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, false);
617 if (session_shall_kill(s)) {
619 r = cg_kill_recursive_and_wait(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true);
621 log_error("Failed to kill session cgroup: %s", strerror(-r));
627 /* We still send a HUP to the leader process,
628 * even if we are not supposed to kill the
629 * whole cgroup. But let's first check the
630 * leader still exists and belongs to our
633 r = manager_get_session_by_pid(s->manager, s->leader, &t);
634 if (r > 0 && t == s) {
635 kill(s->leader, SIGTERM); /* for normal processes */
636 kill(s->leader, SIGHUP); /* for shells */
637 kill(s->leader, SIGCONT); /* in case they are stopped */
641 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true);
643 log_error("Failed to check session cgroup: %s", strerror(-r));
645 r = cg_delete(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path);
647 log_error("Failed to delete session cgroup: %s", strerror(-r));
651 STRV_FOREACH(k, s->user->manager->controllers)
652 cg_trim(*k, s->cgroup_path, true);
654 hashmap_remove(s->manager->cgroups, s->cgroup_path);
656 free(s->cgroup_path);
657 s->cgroup_path = NULL;
662 static int session_unlink_x11_socket(Session *s) {
669 if (s->user->display != s)
672 s->user->display = NULL;
674 t = strappend(s->user->runtime_path, "/X11-display");
676 log_error("Out of memory");
683 return r < 0 ? -errno : 0;
686 int session_stop(Session *s) {
692 log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG,
693 "Removed session %s.", s->id);
696 k = session_terminate_cgroup(s);
700 /* Remove X11 symlink */
701 session_unlink_x11_socket(s);
703 unlink(s->state_file);
704 session_add_to_gc_queue(s);
705 user_add_to_gc_queue(s->user);
708 session_send_signal(s, false);
711 if (s->seat->active == s)
712 seat_set_active(s->seat, NULL);
714 seat_send_changed(s->seat, "Sessions\0");
717 user_send_changed(s->user, "Sessions\0");
724 bool session_is_active(Session *s) {
730 return s->seat->active == s;
733 int session_get_idle_hint(Session *s, dual_timestamp *t) {
744 *t = s->idle_hint_timestamp;
752 if (s->tty[0] != '/') {
753 p = strappend("/dev/", s->tty);
759 if (!startswith(p ? p : s->tty, "/dev/")) {
764 k = lstat(p ? p : s->tty, &st);
770 u = timespec_load(&st.st_atim);
771 n = now(CLOCK_REALTIME);
772 b = u + IDLE_THRESHOLD_USEC < n;
775 dual_timestamp_from_realtime(t, u + b ? IDLE_THRESHOLD_USEC : 0);
781 *t = s->idle_hint_timestamp;
786 void session_set_idle_hint(Session *s, bool b) {
789 if (s->idle_hint == b)
793 dual_timestamp_get(&s->idle_hint_timestamp);
795 session_send_changed(s,
798 "IdleSinceHintMonotonic\0");
801 seat_send_changed(s->seat,
804 "IdleSinceHintMonotonic\0");
806 user_send_changed(s->user,
809 "IdleSinceHintMonotonic\0");
811 manager_send_changed(s->manager,
814 "IdleSinceHintMonotonic\0");
817 int session_create_fifo(Session *s) {
824 r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
828 if (asprintf(&s->fifo_path, "/run/systemd/sessions/%s.ref", s->id) < 0)
831 if (mkfifo(s->fifo_path, 0600) < 0 && errno != EEXIST)
835 /* Open reading side */
836 if (s->fifo_fd < 0) {
837 struct epoll_event ev;
839 s->fifo_fd = open(s->fifo_path, O_RDONLY|O_CLOEXEC|O_NDELAY);
843 r = hashmap_put(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1), s);
849 ev.data.u32 = FD_FIFO_BASE + s->fifo_fd;
851 if (epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_ADD, s->fifo_fd, &ev) < 0)
855 /* Open writing side */
856 r = open(s->fifo_path, O_WRONLY|O_CLOEXEC|O_NDELAY);
863 void session_remove_fifo(Session *s) {
866 if (s->fifo_fd >= 0) {
867 assert_se(hashmap_remove(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
868 assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0);
869 close_nointr_nofail(s->fifo_fd);
874 unlink(s->fifo_path);
880 int session_check_gc(Session *s, bool drop_not_started) {
885 if (drop_not_started && !s->started)
888 if (s->fifo_fd >= 0) {
890 r = pipe_eof(s->fifo_fd);
898 if (s->cgroup_path) {
900 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, false);
911 void session_add_to_gc_queue(Session *s) {
917 LIST_PREPEND(Session, gc_queue, s->manager->session_gc_queue, s);
918 s->in_gc_queue = true;
921 int session_kill(Session *s, KillWho who, int signo) {
930 if (s->leader <= 0 && who == KILL_LEADER)
934 if (kill(s->leader, signo) < 0)
937 if (who == KILL_ALL) {
940 pid_set = set_new(trivial_hash_func, trivial_compare_func);
945 q = set_put(pid_set, LONG_TO_PTR(s->leader));
950 q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, signo, false, true, false, pid_set);
952 if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
962 static const char* const session_type_table[_SESSION_TYPE_MAX] = {
963 [SESSION_TTY] = "tty",
964 [SESSION_X11] = "x11",
965 [SESSION_UNSPECIFIED] = "unspecified"
968 DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
970 static const char* const session_class_table[_SESSION_CLASS_MAX] = {
971 [SESSION_USER] = "user",
972 [SESSION_GREETER] = "greeter",
973 [SESSION_LOCK_SCREEN] = "lock-screen"
976 DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
978 static const char* const kill_who_table[_KILL_WHO_MAX] = {
979 [KILL_LEADER] = "leader",
983 DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);