rename basic.la to shared.la and put selinux deps in shared-selinx.la

[elogind.git] / src / login / logind-session.c

diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index c0d95329685d768498ea99a322ed99006d3889a0..641678210fecb6c6578c0f25f04a74c7f92155c5 100644 (file)
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -28,6 +28,7 @@
 #include "logind-session.h"
 #include "strv.h"
 #include "util.h"
+#include "mkdir.h"
 #include "cgroup-util.h"
 
 #define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE)
@@ -145,6 +146,11 @@ int session_save(Session *s) {
                         "TYPE=%s\n",
                         session_type_to_string(s->type));
 
+        if (s->class >= 0)
+                fprintf(f,
+                        "CLASS=%s\n",
+                        session_class_to_string(s->class));
+
         if (s->cgroup_path)
                 fprintf(f,
                         "CGROUP=%s\n",
@@ -225,7 +231,8 @@ int session_load(Session *s) {
                 *vtnr = NULL,
                 *leader = NULL,
                 *audit_id = NULL,
-                *type = NULL;
+                *type = NULL,
+                *class = NULL;
 
         int k, r;
 
@@ -245,6 +252,7 @@ int session_load(Session *s) {
                            "VTNR",           &vtnr,
                            "LEADER",         &leader,
                            "TYPE",           &type,
+                           "CLASS",          &class,
                            NULL);
 
         if (r < 0)
@@ -297,6 +305,14 @@ int session_load(Session *s) {
                         s->type = t;
         }
 
+        if (class) {
+                SessionClass c;
+
+                c = session_class_from_string(class);
+                if (c >= 0)
+                        s->class = c;
+        }
+
         if (s->fifo_path) {
                 int fd;
 
@@ -376,6 +392,10 @@ static int session_link_x11_socket(Session *s) {
                 return -ENOENT;
         }
 
+        /* Note that this cannot be in a subdir to avoid
+         * vulnerabilities since we are privileged but the runtime
+         * path is owned by the user */
+
         t = strappend(s->user->runtime_path, "/X11-display");
         if (!t) {
                 log_error("Out of memory");
@@ -947,6 +967,14 @@ static const char* const session_type_table[_SESSION_TYPE_MAX] = {
 
 DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
 
+static const char* const session_class_table[_SESSION_CLASS_MAX] = {
+        [SESSION_USER] = "user",
+        [SESSION_GREETER] = "greeter",
+        [SESSION_LOCK_SCREEN] = "lock-screen"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
+
 static const char* const kill_who_table[_KILL_WHO_MAX] = {
         [KILL_LEADER] = "leader",
         [KILL_ALL] = "all"