-/***
- This file is part of systemd.
-
- Copyright 2011 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
+/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
#include <string.h>
-#include <sys/mount.h>
#include <unistd.h>
+#include <stdio_ext.h>
#include "alloc-util.h"
#include "bus-common-errors.h"
#include "bus-error.h"
#include "bus-util.h"
+#include "cgroup-util.h"
#include "clean-ipc.h"
-#include "conf-parser.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
-#include "formats-util.h"
+#include "format-util.h"
#include "fs-util.h"
#include "hashmap.h"
#include "label.h"
#include "logind-user.h"
#include "mkdir.h"
-#include "mount-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "rm-rf.h"
-#include "smack-util.h"
-//#include "special.h"
+#include "special.h"
#include "stdio-util.h"
#include "string-table.h"
#include "unit-name.h"
if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0)
return -ENOMEM;
- r = slice_build_subslice("user.slice", lu, &u->slice);
+ r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice);
if (r < 0)
return r;
if (r < 0)
return r;
- *out = u;
- u = NULL;
+ *out = TAKE_PTR(u);
+
return 0;
}
u->slice_job = mfree(u->slice_job);
u->service_job = mfree(u->service_job);
#endif // 0
+
u->service = mfree(u->service);
u->slice = mfree(u->slice);
u->runtime_path = mfree(u->runtime_path);
assert(u);
assert(u->state_file);
- r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, MKDIR_WARN_MODE);
if (r < 0)
goto fail;
if (r < 0)
goto fail;
- fchmod(fileno(f), 0644);
+ (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+ (void) fchmod(fileno(f), 0644);
fprintf(f,
"# This is private data. Do not parse.\n"
assert(u);
- r = parse_env_file(u->state_file, NEWLINE,
+ r = parse_env_file(NULL, u->state_file, NEWLINE,
#if 0 /// elogind neither supports service nor slice jobs
"SERVICE_JOB", &u->service_job,
"SLICE_JOB", &u->slice_job,
if (r == -ENOENT)
return 0;
- log_error_errno(r, "Failed to read %s: %m", u->state_file);
- return r;
+ return log_error_errno(r, "Failed to read %s: %m", u->state_file);
}
if (display)
if (s && s->display && display_is_local(s->display))
u->display = s;
- if (realtime) {
- unsigned long long l;
- if (sscanf(realtime, "%llu", &l) > 0)
- u->timestamp.realtime = l;
- }
-
- if (monotonic) {
- unsigned long long l;
- if (sscanf(monotonic, "%llu", &l) > 0)
- u->timestamp.monotonic = l;
- }
-
- return r;
-}
-
-static int user_mkdir_runtime_path(User *u) {
- int r;
-
- assert(u);
-
- r = mkdir_safe_label("/run/user", 0755, 0, 0);
- if (r < 0)
- return log_error_errno(r, "Failed to create /run/user: %m");
-
- if (path_is_mount_point(u->runtime_path, 0) <= 0) {
- _cleanup_free_ char *t = NULL;
-
- (void) mkdir_label(u->runtime_path, 0700);
-
- if (mac_smack_use())
- r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
- else
- r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
- if (r < 0) {
- r = log_oom();
- goto fail;
- }
-
- r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t);
- if (r < 0) {
- if (errno != EPERM) {
- r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path);
- goto fail;
- }
-
- /* Lacking permissions, maybe
- * CAP_SYS_ADMIN-less container? In this case,
- * just use a normal directory. */
-
- r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid);
- if (r < 0) {
- log_error_errno(r, "Failed to change runtime directory ownership and mode: %m");
- goto fail;
- }
- }
-
- r = label_fix(u->runtime_path, false, false);
- if (r < 0)
- log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", u->runtime_path);
- }
-
- return 0;
+ if (realtime)
+ timestamp_deserialize(realtime, &u->timestamp.realtime);
+ if (monotonic)
+ timestamp_deserialize(monotonic, &u->timestamp.monotonic);
-fail:
- /* Try to clean up, but ignore errors */
- (void) rmdir(u->runtime_path);
return r;
}
-static int user_start_slice(User *u) {
-#if 0 /// elogind can not ask systemd via dbus to start user services
- _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
- const char *description;
- char *job;
- int r;
-
- assert(u);
-
- u->slice_job = mfree(u->slice_job);
- description = strjoina("User Slice of ", u->name);
-
- r = manager_start_slice(
- u->manager,
- u->slice,
- description,
- "systemd-logind.service",
- "systemd-user-sessions.service",
- u->manager->user_tasks_max,
- &error,
- &job);
- if (r >= 0)
- u->slice_job = job;
- else if (!sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS))
- /* we don't fail due to this, let's try to continue */
- log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)",
- u->slice, bus_error_message(&error, r), error.name);
-#else
- assert(u);
-
- hashmap_put(u->manager->user_units, u->slice, u);
-#endif // 0
-
- return 0;
-}
static int user_start_service(User *u) {
#if 0 /// elogind can not ask systemd via dbus to start user services
u->service,
&error,
&job);
- if (r < 0) {
+ if (r < 0)
/* we don't fail due to this, let's try to continue */
log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r));
- } else {
- u->service_job = job;
- }
+ else
+ u->service_job = job;
#else
assert(u);
*/
u->stopping = false;
- if (!u->started) {
- log_debug("New user %s logged in.", u->name);
-
- /* Make XDG_RUNTIME_DIR */
- r = user_mkdir_runtime_path(u);
- if (r < 0)
- return r;
- }
-
- /* Create cgroup */
- r = user_start_slice(u);
- if (r < 0)
- return r;
+ if (!u->started)
+ log_debug("Starting services for new user %s.", u->name);
/* Save the user data so far, because pam_systemd will read the
* XDG_RUNTIME_DIR out of it while starting up systemd --user.
return r;
}
- free(u->service_job);
- u->service_job = job;
-
+ free_and_replace(u->service_job, job);
return r;
}
#endif // 0
-static int user_remove_runtime_path(User *u) {
- int r;
-
- assert(u);
-
- r = rm_rf(u->runtime_path, 0);
- if (r < 0)
- log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
-
- /* Ignore cases where the directory isn't mounted, as that's
- * quite possible, if we lacked the permissions to mount
- * something */
- r = umount2(u->runtime_path, MNT_DETACH);
- if (r < 0 && errno != EINVAL && errno != ENOENT)
- log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", u->runtime_path);
-
- r = rm_rf(u->runtime_path, REMOVE_ROOT);
- if (r < 0)
- log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
-
- return r;
-}
-
int user_stop(User *u, bool force) {
Session *s;
int r = 0, k;
user_save(u);
+#if 1 /// elogind must queue this user again
+ user_add_to_gc_queue(u);
+#endif // 1
return r;
}
r = k;
}
- /* Kill XDG_RUNTIME_DIR */
- k = user_remove_runtime_path(u);
- if (k < 0)
- r = k;
-
- /* Clean SysV + POSIX IPC objects */
- if (u->manager->remove_ipc) {
- k = clean_ipc(u->uid);
+ /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
+ * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
+ * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
+ * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
+ * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
+ * and do it only for normal users. */
+ if (u->manager->remove_ipc && !uid_is_system(u->uid)) {
+ k = clean_ipc_by_uid(u->uid);
if (k < 0)
r = k;
}
if (!cc)
return -ENOMEM;
- p = strjoina("/var/lib/systemd/linger/", cc);
+ p = strjoina("/var/lib/elogind/linger/", cc);
return access(p, F_OK) >= 0;
}
-bool user_check_gc(User *u, bool drop_not_started) {
+bool user_may_gc(User *u, bool drop_not_started) {
assert(u);
if (drop_not_started && !u->started)
- return false;
+ return true;
if (u->sessions)
- return true;
+ return false;
if (user_check_linger_file(u) > 0)
- return true;
+ return false;
#if 0 /// elogind neither supports service nor slice jobs
if (u->slice_job && manager_job_is_active(u->manager, u->slice_job))
- return true;
+ return false;
if (u->service_job && manager_job_is_active(u->manager, u->service_job))
- return true;
+ return false;
#endif // 0
- return false;
+ return true;
}
void user_add_to_gc_queue(User *u) {
void *data,
void *userdata) {
- size_t *sz = data;
- const char *e;
+ uint64_t *sz = data;
int r;
assert(filename);
assert(rvalue);
assert(data);
- e = endswith(rvalue, "%");
- if (e) {
- unsigned long ul;
- char *f;
-
- errno = 0;
- ul = strtoul(rvalue, &f, 10);
- if (errno > 0 || f != e) {
- log_syntax(unit, LOG_ERR, filename, line, errno, "Failed to parse percentage value, ignoring: %s", rvalue);
- return 0;
- }
-
- if (ul <= 0 || ul >= 100) {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Percentage value out of range, ignoring: %s", rvalue);
- return 0;
- }
-
- *sz = PAGE_ALIGN((size_t) ((physical_memory() * (uint64_t) ul) / (uint64_t) 100));
- } else {
+ /* First, try to parse as percentage */
+ r = parse_percent(rvalue);
+ if (r > 0 && r < 100)
+ *sz = physical_memory_scale(r, 100U);
+ else {
uint64_t k;
+ /* If the passed argument was not a percentage, or out of range, parse as byte size */
+
r = parse_size(rvalue, 1024, &k);
- if (r < 0 || (uint64_t) (size_t) k != k) {
+ if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue);
return 0;
}
return 0;
}
+
+int config_parse_compat_user_tasks_max(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ log_syntax(unit, LOG_NOTICE, filename, line, 0,
+ "Support for option %s= has been removed.",
+ lvalue);
+ log_info("Hint: try creating /etc/elogind/system/user-.slice/50-limits.conf with:\n"
+ " [Slice]\n"
+ " TasksMax=%s",
+ rvalue);
+ return 0;
+}