X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flogin%2Flogind-session.c;h=4e0af8656b6a570d95c0fcee501945409a1ecb13;hb=1c0f62e37b0e775df7cb6121bc6ae64d1d885d3b;hp=5ea7e260a7d3d0bf2fa4a8e3e45d136927d4c1b0;hpb=8d53b4534a5923721b5f1e9dd7e8f4a903d02d51;p=elogind.git diff --git a/src/login/logind-session.c b/src/login/logind-session.c index 5ea7e260a..4e0af8656 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -145,6 +145,11 @@ int session_save(Session *s) { "TYPE=%s\n", session_type_to_string(s->type)); + if (s->class >= 0) + fprintf(f, + "CLASS=%s\n", + session_class_to_string(s->class)); + if (s->cgroup_path) fprintf(f, "CGROUP=%s\n", @@ -225,7 +230,8 @@ int session_load(Session *s) { *vtnr = NULL, *leader = NULL, *audit_id = NULL, - *type = NULL; + *type = NULL, + *class = NULL; int k, r; @@ -245,6 +251,7 @@ int session_load(Session *s) { "VTNR", &vtnr, "LEADER", &leader, "TYPE", &type, + "CLASS", &class, NULL); if (r < 0) @@ -297,6 +304,14 @@ int session_load(Session *s) { s->type = t; } + if (class) { + SessionClass c; + + c = session_class_from_string(class); + if (c >= 0) + s->class = c; + } + if (s->fifo_path) { int fd; @@ -376,6 +391,10 @@ static int session_link_x11_socket(Session *s) { return -ENOENT; } + /* Note that this cannot be in a subdir to avoid + * vulnerabilities since we are privileged but the runtime + * path is owned by the user */ + t = strappend(s->user->runtime_path, "/X11-display"); if (!t) { log_error("Out of memory"); @@ -601,6 +620,23 @@ static int session_terminate_cgroup(Session *s) { log_error("Failed to kill session cgroup: %s", strerror(-r)); } else { + if (s->leader > 0) { + Session *t; + + /* We still send a HUP to the leader process, + * even if we are not supposed to kill the + * whole cgroup. But let's first check the + * leader still exists and belongs to our + * session... */ + + r = manager_get_session_by_pid(s->manager, s->leader, &t); + if (r > 0 && t == s) { + kill(s->leader, SIGTERM); /* for normal processes */ + kill(s->leader, SIGHUP); /* for shells */ + kill(s->leader, SIGCONT); /* in case they are stopped */ + } + } + r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true); if (r < 0) log_error("Failed to check session cgroup: %s", strerror(-r)); @@ -608,8 +644,7 @@ static int session_terminate_cgroup(Session *s) { r = cg_delete(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path); if (r < 0) log_error("Failed to delete session cgroup: %s", strerror(-r)); - } else - r = -EBUSY; + } } STRV_FOREACH(k, s->user->manager->controllers) @@ -620,7 +655,7 @@ static int session_terminate_cgroup(Session *s) { free(s->cgroup_path); s->cgroup_path = NULL; - return r; + return 0; } static int session_unlink_x11_socket(Session *s) { @@ -931,6 +966,14 @@ static const char* const session_type_table[_SESSION_TYPE_MAX] = { DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType); +static const char* const session_class_table[_SESSION_CLASS_MAX] = { + [SESSION_USER] = "user", + [SESSION_GREETER] = "greeter", + [SESSION_LOCK_SCREEN] = "lock-screen" +}; + +DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass); + static const char* const kill_who_table[_KILL_WHO_MAX] = { [KILL_LEADER] = "leader", [KILL_ALL] = "all"