#include "util.h"
#include "mkdir.h"
+#include "rm-rf.h"
#include "hashmap.h"
-#include "strv.h"
#include "fileio.h"
#include "path-util.h"
#include "special.h"
#include "bus-util.h"
#include "bus-error.h"
#include "conf-parser.h"
+#include "clean-ipc.h"
#include "logind-user.h"
+#include "smack-util.h"
+#include "formats-util.h"
User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) {
User *u;
if (!u->name)
goto fail;
- if (asprintf(&u->state_file, "/run/systemd/users/%lu", (unsigned long) uid) < 0)
+ if (asprintf(&u->state_file, "/run/systemd/users/"UID_FMT, uid) < 0)
goto fail;
- if (hashmap_put(m->users, ULONG_TO_PTR((unsigned long) uid), u) < 0)
+ if (hashmap_put(m->users, UID_TO_PTR(uid), u) < 0)
goto fail;
u->manager = m;
free(u->runtime_path);
- hashmap_remove(u->manager->users, ULONG_TO_PTR((unsigned long) u->uid));
+ hashmap_remove(u->manager->users, UID_TO_PTR(u->uid));
free(u->name);
free(u->state_file);
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
if (r < 0)
- goto finish;
+ goto fail;
r = fopen_temporary(u->state_file, &f, &temp_path);
if (r < 0)
- goto finish;
+ goto fail;
fchmod(fileno(f), 0644);
fputc('\n', f);
}
- fflush(f);
+ r = fflush_and_check(f);
+ if (r < 0)
+ goto fail;
- if (ferror(f) || rename(temp_path, u->state_file) < 0) {
+ if (rename(temp_path, u->state_file) < 0) {
r = -errno;
- unlink(u->state_file);
- unlink(temp_path);
+ goto fail;
}
-finish:
- if (r < 0)
- log_error("Failed to save user data %s: %s", u->state_file, strerror(-r));
+ return 0;
- return r;
+fail:
+ (void) unlink(u->state_file);
+
+ if (temp_path)
+ (void) unlink(temp_path);
+
+ return log_error_errno(r, "Failed to save user data %s: %m", u->state_file);
}
int user_load(User *u) {
if (r == -ENOENT)
return 0;
- log_error("Failed to read %s: %s", u->state_file, strerror(-r));
+ log_error_errno(r, "Failed to read %s: %m", u->state_file);
return r;
}
assert(u);
r = mkdir_safe_label("/run/user", 0755, 0, 0);
- if (r < 0) {
- log_error("Failed to create /run/user: %s", strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to create /run/user: %m");
if (!u->runtime_path) {
if (asprintf(&p, "/run/user/" UID_FMT, u->uid) < 0)
if (path_is_mount_point(p, false) <= 0) {
_cleanup_free_ char *t = NULL;
- mkdir(p, 0700);
+ (void) mkdir(p, 0700);
- if (asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size) < 0) {
+ if (mac_smack_use())
+ r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
+ else
+ r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
+ if (r < 0) {
r = log_oom();
goto fail;
}
r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t);
if (r < 0) {
- log_error("Failed to mount per-user tmpfs directory %s: %s", p, strerror(-r));
- goto fail;
+ if (errno != EPERM) {
+ r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p);
+ goto fail;
+ }
+
+ /* Lacking permissions, maybe
+ * CAP_SYS_ADMIN-less container? In this case,
+ * just use a normal directory. */
+
+ r = chmod_and_chown(p, 0700, u->uid, u->gid);
+ if (r < 0) {
+ log_error_errno(r, "Failed to change runtime directory ownership and mode: %m");
+ goto fail;
+ }
}
}
return 0;
fail:
- free(p);
+ if (p) {
+ /* Try to clean up, but ignore errors */
+ (void) rmdir(p);
+ free(p);
+ }
+
u->runtime_path = NULL;
return r;
}
if (!u->slice) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
- char lu[DECIMAL_STR_MAX(unsigned long) + 1], *slice;
- sprintf(lu, "%lu", (unsigned long) u->uid);
+ char lu[DECIMAL_STR_MAX(uid_t) + 1], *slice;
+ sprintf(lu, UID_FMT, u->uid);
- r = build_subslice(SPECIAL_USER_SLICE, lu, &slice);
+ r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &slice);
if (r < 0)
return r;
assert(u);
if (!u->service) {
- char lu[DECIMAL_STR_MAX(unsigned long) + 1], *service;
- sprintf(lu, "%lu", (unsigned long) u->uid);
+ char lu[DECIMAL_STR_MAX(uid_t) + 1], *service;
+ sprintf(lu, UID_FMT, u->uid);
- service = unit_name_build("user", lu, ".service");
- if (!service)
- return log_oom();
+ r = unit_name_build("user", lu, ".service", &service);
+ if (r < 0)
+ return log_error_errno(r, "Failed to build service name: %m");
r = manager_start_unit(u->manager, service, &error, &job);
if (r < 0) {
if (!u->runtime_path)
return 0;
- r = rm_rf(u->runtime_path, false, false, false);
+ r = rm_rf(u->runtime_path, 0);
if (r < 0)
- log_error("Failed to remove runtime directory %s: %s", u->runtime_path, strerror(-r));
+ log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
- if (umount2(u->runtime_path, MNT_DETACH) < 0)
- log_error("Failed to unmount user runtime directory %s: %m", u->runtime_path);
+ /* Ignore cases where the directory isn't mounted, as that's
+ * quite possible, if we lacked the permissions to mount
+ * something */
+ r = umount2(u->runtime_path, MNT_DETACH);
+ if (r < 0 && errno != EINVAL && errno != ENOENT)
+ log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", u->runtime_path);
- r = rm_rf(u->runtime_path, false, true, false);
+ r = rm_rf(u->runtime_path, REMOVE_ROOT);
if (r < 0)
- log_error("Failed to remove runtime directory %s: %s", u->runtime_path, strerror(-r));
+ log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
free(u->runtime_path);
u->runtime_path = NULL;
if (k < 0)
r = k;
+ /* Clean SysV + POSIX IPC objects */
+ if (u->manager->remove_ipc) {
+ k = clean_ipc(u->uid);
+ if (k < 0)
+ r = k;
+ }
+
unlink(u->state_file);
user_add_to_gc_queue(u);
if (!cc)
return -ENOMEM;
- p = strappenda("/var/lib/systemd/linger/", cc);
+ p = strjoina("/var/lib/systemd/linger/", cc);
return access(p, F_OK) >= 0;
}
return manager_kill_unit(u->manager, u->slice, KILL_ALL, signo, NULL);
}
+void user_elect_display(User *u) {
+ Session *graphical = NULL, *text = NULL, *other = NULL, *s;
+
+ assert(u);
+
+ /* This elects a primary session for each user, which we call
+ * the "display". We try to keep the assignment stable, but we
+ * "upgrade" to better choices. */
+
+ LIST_FOREACH(sessions_by_user, s, u->sessions) {
+
+ if (s->class != SESSION_USER)
+ continue;
+
+ if (s->stopping)
+ continue;
+
+ if (SESSION_TYPE_IS_GRAPHICAL(s->type))
+ graphical = s;
+ else if (s->type == SESSION_TTY)
+ text = s;
+ else
+ other = s;
+ }
+
+ if (graphical &&
+ (!u->display ||
+ u->display->class != SESSION_USER ||
+ u->display->stopping ||
+ !SESSION_TYPE_IS_GRAPHICAL(u->display->type))) {
+ u->display = graphical;
+ return;
+ }
+
+ if (text &&
+ (!u->display ||
+ u->display->class != SESSION_USER ||
+ u->display->stopping ||
+ u->display->type != SESSION_TTY)) {
+ u->display = text;
+ return;
+ }
+
+ if (other &&
+ (!u->display ||
+ u->display->class != SESSION_USER ||
+ u->display->stopping))
+ u->display = other;
+}
+
static const char* const user_state_table[_USER_STATE_MAX] = {
[USER_OFFLINE] = "offline",
[USER_OPENING] = "opening",
~ianmdlvl / elogind.git / blobdiff