From c8a806f2c0939c241b4a99ca861d4f3dca103f14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Apr 2016 11:13:26 -0400 Subject: [PATCH 01/10] core: prefix selinux messages with "selinux: " SELinux outputs semi-random messages like "Unknown permission start for class system", and the user has to dig into message metadata to find out where they are comming from. Add a prefix to give a hint. --- src/core/selinux-access.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 2cdfcf7b5d..cc287d602d 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -110,6 +110,7 @@ static int callback_type_to_priority(int type) { */ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; + const char *fmt2; #ifdef HAVE_AUDIT int fd; @@ -131,8 +132,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { } #endif + fmt2 = strjoina("selinux: ", fmt); + va_start(ap, fmt); - log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap); + log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt2, ap); va_end(ap); return 0; From a2ed707712161869cf53102d786c939e658962e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Apr 2016 15:03:19 -0400 Subject: [PATCH 02/10] logind: reload config on SIGHUP v2: - fix setting of kill_user_processes and *_ignore_inhibited settings --- src/login/logind-core.c | 3 ++ src/login/logind.c | 92 +++++++++++++++++++++++++++-------------- 2 files changed, 64 insertions(+), 31 deletions(-) diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 8bdb3a9a38..73075274e0 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -367,6 +367,9 @@ bool manager_shall_kill(Manager *m, const char *user) { if (!m->kill_user_processes) return false; + if (!m->kill_exclude_users && streq(user, "root")) + return false; + if (strv_contains(m->kill_exclude_users, user)) return false; diff --git a/src/login/logind.c b/src/login/logind.c index d5f6757bd3..268502c437 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -41,6 +41,35 @@ static void manager_free(Manager *m); +static void manager_reset_config(Manager *m) { + m->n_autovts = 6; + m->reserve_vt = 6; + m->remove_ipc = true; + m->inhibit_delay_max = 5 * USEC_PER_SEC; + m->handle_power_key = HANDLE_POWEROFF; + m->handle_suspend_key = HANDLE_SUSPEND; + m->handle_hibernate_key = HANDLE_HIBERNATE; + m->handle_lid_switch = HANDLE_SUSPEND; + m->handle_lid_switch_docked = HANDLE_IGNORE; + m->power_key_ignore_inhibited = false; + m->suspend_key_ignore_inhibited = false; + m->hibernate_key_ignore_inhibited = false; + m->lid_switch_ignore_inhibited = true; + + m->holdoff_timeout_usec = 30 * USEC_PER_SEC; + + m->idle_action_usec = 30 * USEC_PER_MINUTE; + m->idle_action = HANDLE_IGNORE; + + m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ + m->user_tasks_max = UINT64_C(12288); + + m->kill_user_processes = false; + + m->kill_only_users = strv_free(m->kill_only_users); + m->kill_exclude_users = strv_free(m->kill_exclude_users); +} + static Manager *manager_new(void) { Manager *m; int r; @@ -52,25 +81,8 @@ static Manager *manager_new(void) { m->console_active_fd = -1; m->reserve_vt_fd = -1; - m->n_autovts = 6; - m->reserve_vt = 6; - m->remove_ipc = true; - m->inhibit_delay_max = 5 * USEC_PER_SEC; - m->handle_power_key = HANDLE_POWEROFF; - m->handle_suspend_key = HANDLE_SUSPEND; - m->handle_hibernate_key = HANDLE_HIBERNATE; - m->handle_lid_switch = HANDLE_SUSPEND; - m->handle_lid_switch_docked = HANDLE_IGNORE; - m->lid_switch_ignore_inhibited = true; - m->holdoff_timeout_usec = 30 * USEC_PER_SEC; - - m->idle_action_usec = 30 * USEC_PER_MINUTE; - m->idle_action = HANDLE_IGNORE; m->idle_action_not_before_usec = now(CLOCK_MONOTONIC); - m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ - m->user_tasks_max = UINT64_C(12288); - m->devices = hashmap_new(&string_hash_ops); m->seats = hashmap_new(&string_hash_ops); m->sessions = hashmap_new(&string_hash_ops); @@ -84,10 +96,6 @@ static Manager *manager_new(void) { if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units) goto fail; - m->kill_exclude_users = strv_new("root", NULL); - if (!m->kill_exclude_users) - goto fail; - m->udev = udev_new(); if (!m->udev) goto fail; @@ -98,6 +106,8 @@ static Manager *manager_new(void) { sd_event_set_watchdog(m->event, true); + manager_reset_config(m); + return m; fail: @@ -986,6 +996,30 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us return 0; } +static int manager_parse_config_file(Manager *m) { + assert(m); + + return config_parse_many(PKGSYSCONFDIR "/logind.conf", + CONF_PATHS_NULSTR("systemd/logind.conf.d"), + "Login\0", + config_item_perf_lookup, logind_gperf_lookup, + false, m); +} + +static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { + Manager *m = userdata; + int r; + + manager_reset_config(m); + r = manager_parse_config_file(m); + if (r < 0) + log_warning_errno(r, "Failed to parse config file, using defaults: %m"); + else + log_info("Config file reloaded."); + + return 0; +} + static int manager_startup(Manager *m) { int r; Seat *seat; @@ -997,6 +1031,12 @@ static int manager_startup(Manager *m) { assert(m); + assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGHUP, -1) >= 0); + + r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m); + if (r < 0) + return log_error_errno(r, "Failed to register SIGHUP handler: %m"); + /* Connect to console */ r = manager_connect_console(m); if (r < 0) @@ -1099,16 +1139,6 @@ static int manager_run(Manager *m) { } } -static int manager_parse_config_file(Manager *m) { - assert(m); - - return config_parse_many(PKGSYSCONFDIR "/logind.conf", - CONF_PATHS_NULSTR("systemd/logind.conf.d"), - "Login\0", - config_item_perf_lookup, logind_gperf_lookup, - false, m); -} - int main(int argc, char *argv[]) { Manager *m = NULL; int r; From 4eac7f5cccf60b8184173254c7dbff5d9710c57c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Apr 2016 15:41:04 -0400 Subject: [PATCH 03/10] man: reformat examples using --- man/systemd-run.xml | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 473f83eac6..7b7c9305fb 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -341,10 +341,10 @@ Examples - The following command will log the environment variables - provided by systemd to services: + + Logging environment variables provided by systemd to services - # systemd-run env + # systemd-run env Running as unit: run-19945.service # journalctl -u run-19945.service Sep 08 07:37:21 bupkis systemd[1]: Starting /usr/bin/env... @@ -352,19 +352,27 @@ Sep 08 07:37:21 bupkis systemd[1]: Started /usr/bin/env. Sep 08 07:37:21 bupkis env[19948]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin Sep 08 07:37:21 bupkis env[19948]: LANG=en_US.UTF-8 Sep 08 07:37:21 bupkis env[19948]: BOOT_IMAGE=/vmlinuz-3.11.0-0.rc5.git6.2.fc20.x86_64 + - The following command invokes the - updatedb8 - tool, but lowers the block I/O weight for it to 10. See - systemd.resource-control5 - for more information on the BlockIOWeight= - property. + + Limiting resources available to a command - # systemd-run -p BlockIOWeight=10 updatedb + # systemd-run -p BlockIOWeight=10 updatedb - The following command will touch a file after 30 seconds. + This command invokes the + updatedb8 + tool, but lowers the block I/O weight for it to 10. See + systemd.resource-control5 + for more information on the BlockIOWeight= + property. + - # date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo + + Running commands at a specified time + + The following command will touch a file after 30 seconds. + + # date; systemd-run --on-active=30 --timer-property=AccuracySec=100ms /bin/touch /tmp/foo Mon Dec 8 20:44:24 KST 2014 Running as unit: run-71.timer Will run service as unit: run-71.service @@ -376,13 +384,16 @@ Dec 08 20:44:38 container systemd[1]: Started /bin/touch /tmp/foo. -- Logs begin at Fri 2014-12-05 19:09:21 KST, end at Mon 2014-12-08 20:44:54 KST. -- Dec 08 20:44:48 container systemd[1]: Starting /bin/touch /tmp/foo... Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo. + - The following command invokes /bin/bash - as a service passing its standard input, output and error to - the calling TTY. + + Allowing access to the tty - # systemd-run -t --send-sighup /bin/bash + The following command invokes /bin/bash as a service + passing its standard input, output and error to the calling TTY. + # systemd-run -t --send-sighup /bin/bash + From 65eb37f8fcf0c82db0d9b600bb804adf7ead0327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Apr 2016 16:22:08 -0400 Subject: [PATCH 04/10] man: expand description of lingering and KillUserProcesses setting The description in the man page was wrong, KillUserProcesses does not kill all processes of the user. Describe what the setting does, and also add links between the relavant sections of the manual. Also, add an extensive example which shows how to launch screen in the background. --- man/loginctl.xml | 36 +++++++++++++++++++++++++++++++++- man/logind.conf.xml | 47 ++++++++++++++++++++++++++++++--------------- man/systemd-run.xml | 44 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 110 insertions(+), 17 deletions(-) diff --git a/man/loginctl.xml b/man/loginctl.xml index 7f7252a5d9..fb51740503 100644 --- a/man/loginctl.xml +++ b/man/loginctl.xml @@ -312,7 +312,10 @@ This allows users who are not logged in to run long-running services. Takes one or more user names or numeric UIDs as argument. If no argument is specified, enables/disables - lingering for the user of the session of the caller. + lingering for the user of the session of the caller. + + See also KillUserProcesses= setting in + logind.conf5. @@ -410,6 +413,37 @@ otherwise. + + Examples + + + Querying user status + + $ loginctl user-status +fatima (1005) + Since: Sat 2016-04-09 14:23:31 EDT; 54min ago + State: active + Sessions: 5 *3 + Unit: user-1005.slice + ├─user@1005.service + ... + ├─session-3.scope + ... + └─session-5.scope + ├─3473 login -- fatima + └─3515 -zsh + +Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session): + session opened for user fatima by LOGIN(uid=0) +Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima + + + There are two sessions, 3 and 5. Session 3 is a graphical session, + marked with a star. The tree of processing including the two corresponding + scope units and the user manager unit are shown. + + + diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 597759e33a..10a23955a4 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -119,30 +119,45 @@ KillUserProcesses= - Takes a boolean argument. Configures whether - the processes of a user should be killed when the user - completely logs out (i.e. after the user's last session - ended). Defaults to no. + Takes a boolean argument. Configures whether the processes of a + user should be killed when the user logs out. If true, the scope unit + corresponding to the session and all processes inside that scope will be + terminated. If false, the scope is "abandonded", see + systemd.scope5, + and processes are not killed. Defaults to no. - Note that setting KillUserProcesses=1 + In addition to session processes, user process may run under the user + manager unit user@.service. Depending on the linger + settings, this may allow users to run processes independent of their login + sessions. See the description of enable-linger in + loginctl1. + + + Note that setting KillUserProcesses=yes will break tools like - screen1. + screen1 + and + tmux1, + unless they are moved out of the session scope. See example in + systemd-run1. + KillOnlyUsers= KillExcludeUsers= - These settings take space-separated lists of - usernames that influence the effect of - KillUserProcesses=. If not empty, only - processes of users listed in KillOnlyUsers= - will be killed when they log out entirely. Processes of users - listed in KillExcludeUsers= are excluded - from being killed. KillExcludeUsers= - defaults to root and takes precedence over - KillOnlyUsers=, which defaults to the empty - list. + These settings take space-separated lists of usernames that + determine to which users the KillUserProcesses= setting + applies. A user name may be added to KillExcludeUsers= to + exclude the processes in the session scopes of that user from being killed even if + KillUserProcesses=yes is set. If + KillExcludeUsers= is not set, the root user + is excluded by default. KillExcludeUsers= may be set to an + empty value to override this default. If a user is not excluded, + KillOnlyUsers= is checked next. A list of user names may be + specified in KillOnlyUsers=, to only include those + users. Otherwise, all users are included. diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 7b7c9305fb..0d58356e00 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -394,6 +394,50 @@ Dec 08 20:44:48 container systemd[1]: Started /bin/touch /tmp/foo.# systemd-run -t --send-sighup /bin/bash + + + Start <command>screen</command> as a user service + + $ systemd-run --scope --user screen +Running scope as unit run-r14b0047ab6df45bfb45e7786cc839e76.scope. + +$ screen -ls +There is a screen on: + 492..laptop (Detached) +1 Socket in /var/run/screen/S-fatima. + + + This starts the screen process as a child of the + systemd --user process that was started by + user@.service, in a scope unit. A + systemd.scope5 + unit is used instead of a + systemd.service5 + unit, because screen will exit when detaching from the terminal, + and a service unit would be terminated. Running screen + as a user unit has the advantage that it is not part of the session scope. + If KillUserProcesses=yes is configured in + logind.conf5, + the default, the session scope will be terminated when the user logs + out of that session. + + The user@.service is started automatically + when the user first logs in, and stays around as long as at least one + login session is open. After the user logs out of the last session, + user@.service and all services underneath it + are terminated. This behaviour is the default, when "lingering" is + not enabled for that user. Enabling lingering means that + user@.service is started automatically during + boot, even if the user is not logged in, and that the service is + not terminated when the user logs out. + + Enabling lingering allows the user to run processes without being logged in, + for example to allow screen to persist after the user logs out, + even if the session scope is terminated. In the default configuration, users can + enable lingering for themselves: + + $ loginctl enable-linger + From 97e5530cf2076a2b4fc55755917262607aaa6338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Apr 2016 20:40:45 -0400 Subject: [PATCH 05/10] logind: flip KillUserProcesses to on by default This ensures that users sessions are properly cleaned up after. The admin can still enable or disable linger for specific users to allow them to run processes after they log out. Doing that through the user session is much cleaner and provides better control. dbus daemon can now be run in the user session (with --enable-user-session, added in 1.10.2), and most distributions opted to pick this configuration. In the normal case it makes a lot of sense to kill remaining processes. The exception is stuff like screen and tmux. But it's easy enough to work around, a simple example was added to the man page in previous commit. In the long run those services should integrate with the systemd users session on their own. https://bugs.freedesktop.org/show_bug.cgi?id=94508 https://github.com/systemd/systemd/issues/2900 --- NEWS | 27 ++++++++++++++++++++++++--- man/logind.conf.xml | 2 +- src/login/logind.c | 2 +- src/login/logind.conf | 2 +- 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index b75638ed36..99e6b51ae3 100644 --- a/NEWS +++ b/NEWS @@ -22,9 +22,26 @@ CHANGES WITH 230 in spe: * systemd-resolve conveniently resolves DANE records with the --tlsa option and OPENPGPKEY records with the --openpgp option. - * Testing tool /usr/lib/systemd/systemd-activate is renamed to - systemd-socket-activate and installed into /usr/bin. It is now fully - supported. + * systemd-logind will now by default terminate user processes that are + part of the user session scope unit (session-XX.scope) when the user + logs out. This behaviour is controlled by the + KillUserProcesses=yes|no setting in logind.conf, and previous default + of "no" is now changed to "yes". This means that user sessions will + be properly cleaned up after, but additional steps are necessary to + allow intentionally long-running processes to survive logout. + + While the user is logged in at least once, user@.service is running, + and any service that should survive the end of any individual login + session can be started at a user service or scope using systemd-run. + systemd-run(1) man page has been extended with an example which + shows how to run screen in a scope unit underneath user@.service. + The same command works for tmux. + + After the user logs out of all sessions, user@.service will be + terminated too, by default, unless the user has "lingering" enabled. + To effectively allow users to run long-term tasks even if they are + logged out, lingering must be enabled for them. See loginctl(1) + for details. * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line @@ -45,6 +62,10 @@ CHANGES WITH 230 in spe: * The Unique Identifier sent in DHCP requests can be configured. + * Testing tool /usr/lib/systemd/systemd-activate is renamed to + systemd-socket-activate and installed into /usr/bin. It is now fully + supported. + * systemd-journald now uses separate threads to flush changes to disk when closing journal files. diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 10a23955a4..6e587c3561 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -124,7 +124,7 @@ corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandonded", see systemd.scope5, - and processes are not killed. Defaults to no. + and processes are not killed. Defaults to yes. In addition to session processes, user process may run under the user manager unit user@.service. Depending on the linger diff --git a/src/login/logind.c b/src/login/logind.c index 268502c437..616346799a 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -64,7 +64,7 @@ static void manager_reset_config(Manager *m) { m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); - m->kill_user_processes = false; + m->kill_user_processes = true; m->kill_only_users = strv_free(m->kill_only_users); m->kill_exclude_users = strv_free(m->kill_exclude_users); diff --git a/src/login/logind.conf b/src/login/logind.conf index 6095e482ac..8316bb4d74 100644 --- a/src/login/logind.conf +++ b/src/login/logind.conf @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=no +#KillUserProcesses=yes #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 From 95365a576f7e81f3e2f02fa3e8225c4b03f12214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 11 Apr 2016 22:51:31 -0400 Subject: [PATCH 06/10] build-sys: add --without-kill-user-processes configure option --- Makefile.am | 6 +- NEWS | 3 + configure.ac | 211 ++++++++++++---------- src/login/.gitignore | 1 + src/login/logind.c | 2 +- src/login/{logind.conf => logind.conf.in} | 2 +- 6 files changed, 121 insertions(+), 104 deletions(-) rename src/login/{logind.conf => logind.conf.in} (95%) diff --git a/Makefile.am b/Makefile.am index c566b1f6e4..e97d5bd78f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5725,7 +5725,7 @@ dist_dbussystemservice_DATA += \ dist_dbuspolicy_DATA += \ src/login/org.freedesktop.login1.conf -dist_pkgsysconf_DATA += \ +nodist_pkgsysconf_DATA += \ src/login/logind.conf polkitpolicy_files += \ @@ -5762,7 +5762,8 @@ gperf_gperf_sources += \ EXTRA_DIST += \ src/login/71-seat.rules.in \ src/login/73-seat-late.rules.in \ - units/systemd-logind.service.in + units/systemd-logind.service.in \ + src/login/logind.conf.in # ------------------------------------------------------------------------------ if HAVE_PAM @@ -5879,6 +5880,7 @@ substitutions = \ '|NTP_SERVERS=$(NTP_SERVERS)|' \ '|DNS_SERVERS=$(DNS_SERVERS)|' \ '|DEFAULT_DNSSEC_MODE=$(DEFAULT_DNSSEC_MODE)|' \ + '|KILL_USER_PROCESSES=$(KILL_USER_PROCESSES)|' \ '|systemuidmax=$(SYSTEM_UID_MAX)|' \ '|systemgidmax=$(SYSTEM_GID_MAX)|' \ '|TTY_GID=$(TTY_GID)|' \ diff --git a/NEWS b/NEWS index 99e6b51ae3..7199a67201 100644 --- a/NEWS +++ b/NEWS @@ -43,6 +43,9 @@ CHANGES WITH 230 in spe: logged out, lingering must be enabled for them. See loginctl(1) for details. + Previous defaults can be restored at compile time by the + --without-kill-user-processes option. + * The unified cgroup hierarchy added in Linux 4.5 is now supported. Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to enable. diff --git a/configure.ac b/configure.ac index 7b9e64a0f6..d4e8ab6664 100644 --- a/configure.ac +++ b/configure.ac @@ -1014,6 +1014,16 @@ fi AM_CONDITIONAL(ENABLE_LOGIND, [test "$have_logind" = "yes"]) AS_IF([test "$have_logind" = "yes"], [ AC_DEFINE(HAVE_LOGIND, [1], [Logind support available]) ]) +AC_ARG_WITH([kill-user-processes], + [AS_HELP_STRING([--without-kill-user-processes], [Set logind's KillUserProcesses=no by default])]) +AS_IF([test "$with_kill_user_processes" != "no"], + [kill_user_processes=true + KILL_USER_PROCESSES=yes], + [kill_user_processes=false + KILL_USER_PROCESSES=no]) +AC_DEFINE_UNQUOTED(KILL_USER_PROCESSES, [$kill_user_processes], [Default KillUserProcesses setting]) +AC_SUBST(KILL_USER_PROCESSES) + # ------------------------------------------------------------------------------ have_machined=no AC_ARG_ENABLE(machined, AS_HELP_STRING([--disable-machined], [disable machine daemon])) @@ -1554,106 +1564,107 @@ AC_OUTPUT AC_MSG_RESULT([ $PACKAGE_NAME $VERSION - libcryptsetup: ${have_libcryptsetup} - PAM: ${have_pam} - AUDIT: ${have_audit} - IMA: ${have_ima} - AppArmor: ${have_apparmor} - SELinux: ${have_selinux} - SECCOMP: ${have_seccomp} - SMACK: ${have_smack} - ZLIB: ${have_zlib} - XZ: ${have_xz} - LZ4: ${have_lz4} - BZIP2: ${have_bzip2} - ACL: ${have_acl} - GCRYPT: ${have_gcrypt} - QRENCODE: ${have_qrencode} - MICROHTTPD: ${have_microhttpd} - GNUTLS: ${have_gnutls} - libcurl: ${have_libcurl} - libidn: ${have_libidn} - libiptc: ${have_libiptc} - ELFUTILS: ${have_elfutils} - binfmt: ${have_binfmt} - vconsole: ${have_vconsole} - quotacheck: ${have_quotacheck} - tmpfiles: ${have_tmpfiles} - sysusers: ${have_sysusers} - firstboot: ${have_firstboot} - randomseed: ${have_randomseed} - backlight: ${have_backlight} - rfkill: ${have_rfkill} - logind: ${have_logind} - machined: ${have_machined} - importd: ${have_importd} - hostnamed: ${have_hostnamed} - timedated: ${have_timedated} - timesyncd: ${have_timesyncd} - Default NTP servers: ${NTP_SERVERS} - time epoch: ${TIME_EPOCH} - localed: ${have_localed} - networkd: ${have_networkd} - resolved: ${have_resolved} - Default DNS servers: ${DNS_SERVERS} - Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} - coredump: ${have_coredump} - polkit: ${have_polkit} - efi: ${have_efi} - gnuefi: ${have_gnuefi} - efi arch: ${EFI_ARCH} - EFI machine type: ${EFI_MACHINE_TYPE_NAME} - EFI CC ${EFI_CC} - EFI libdir: ${EFI_LIB_DIR} - EFI ldsdir: ${EFI_LDS_DIR} - EFI includedir: ${EFI_INC_DIR} - kmod: ${have_kmod} - xkbcommon: ${have_xkbcommon} - blkid: ${have_blkid} - libmount: ${have_libmount} - dbus: ${have_dbus} - nss-myhostname: ${have_myhostname} - hwdb: ${enable_hwdb} - tpm: ${have_tpm} - kdbus: ${have_kdbus} - Python: ${have_python} - man pages: ${have_manpages} - test coverage: ${have_coverage} - Split /usr: ${enable_split_usr} - SysV compatibility: ${SYSTEM_SYSV_COMPAT} - utmp/wtmp support: ${have_utmp} - ldconfig support: ${enable_ldconfig} - hibernate support: ${enable_hibernate} - extra debugging: ${enable_debug} - tests: ${enable_tests} + libcryptsetup: ${have_libcryptsetup} + PAM: ${have_pam} + AUDIT: ${have_audit} + IMA: ${have_ima} + AppArmor: ${have_apparmor} + SELinux: ${have_selinux} + SECCOMP: ${have_seccomp} + SMACK: ${have_smack} + ZLIB: ${have_zlib} + XZ: ${have_xz} + LZ4: ${have_lz4} + BZIP2: ${have_bzip2} + ACL: ${have_acl} + GCRYPT: ${have_gcrypt} + QRENCODE: ${have_qrencode} + MICROHTTPD: ${have_microhttpd} + GNUTLS: ${have_gnutls} + libcurl: ${have_libcurl} + libidn: ${have_libidn} + libiptc: ${have_libiptc} + ELFUTILS: ${have_elfutils} + binfmt: ${have_binfmt} + vconsole: ${have_vconsole} + quotacheck: ${have_quotacheck} + tmpfiles: ${have_tmpfiles} + sysusers: ${have_sysusers} + firstboot: ${have_firstboot} + randomseed: ${have_randomseed} + backlight: ${have_backlight} + rfkill: ${have_rfkill} + logind: ${have_logind} + Default KillUserProcesses setting: ${KILL_USER_PROCESSES} + machined: ${have_machined} + importd: ${have_importd} + hostnamed: ${have_hostnamed} + timedated: ${have_timedated} + timesyncd: ${have_timesyncd} + Default NTP servers: ${NTP_SERVERS} + time epoch: ${TIME_EPOCH} + localed: ${have_localed} + networkd: ${have_networkd} + resolved: ${have_resolved} + Default DNS servers: ${DNS_SERVERS} + Default DNSSEC mode: ${DEFAULT_DNSSEC_MODE} + coredump: ${have_coredump} + polkit: ${have_polkit} + efi: ${have_efi} + gnuefi: ${have_gnuefi} + efi arch: ${EFI_ARCH} + EFI machine type: ${EFI_MACHINE_TYPE_NAME} + EFI CC ${EFI_CC} + EFI libdir: ${EFI_LIB_DIR} + EFI ldsdir: ${EFI_LDS_DIR} + EFI includedir: ${EFI_INC_DIR} + kmod: ${have_kmod} + xkbcommon: ${have_xkbcommon} + blkid: ${have_blkid} + libmount: ${have_libmount} + dbus: ${have_dbus} + nss-myhostname: ${have_myhostname} + hwdb: ${enable_hwdb} + tpm: ${have_tpm} + kdbus: ${have_kdbus} + Python: ${have_python} + man pages: ${have_manpages} + test coverage: ${have_coverage} + Split /usr: ${enable_split_usr} + SysV compatibility: ${SYSTEM_SYSV_COMPAT} + utmp/wtmp support: ${have_utmp} + ldconfig support: ${enable_ldconfig} + hibernate support: ${enable_hibernate} + extra debugging: ${enable_debug} + tests: ${enable_tests} - prefix: ${prefix} - rootprefix: ${with_rootprefix} - sysconf dir: ${sysconfdir} - datarootdir: ${datarootdir} - includedir: ${includedir} - lib dir: ${libdir} - rootlib dir: ${with_rootlibdir} - SysV init scripts: ${SYSTEM_SYSVINIT_PATH} - SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} - Build Python: ${PYTHON} - PAM modules dir: ${with_pamlibdir} - PAM configuration dir: ${with_pamconfdir} - D-Bus policy dir: ${with_dbuspolicydir} - D-Bus session dir: ${with_dbussessionservicedir} - D-Bus system dir: ${with_dbussystemservicedir} - Bash completions dir: ${with_bashcompletiondir} - Zsh completions dir: ${with_zshcompletiondir} - Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} - Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} - Wheel group: ${have_wheel_group} - Debug shell: ${SUSHELL} @ ${DEBUGTTY} - TTY GID: ${TTY_GID} - Maximum System UID: ${SYSTEM_UID_MAX} - Maximum System GID: ${SYSTEM_GID_MAX} - Certificate root: ${CERTIFICATEROOT} + prefix: ${prefix} + rootprefix: ${with_rootprefix} + sysconf dir: ${sysconfdir} + datarootdir: ${datarootdir} + includedir: ${includedir} + lib dir: ${libdir} + rootlib dir: ${with_rootlibdir} + SysV init scripts: ${SYSTEM_SYSVINIT_PATH} + SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH} + Build Python: ${PYTHON} + PAM modules dir: ${with_pamlibdir} + PAM configuration dir: ${with_pamconfdir} + D-Bus policy dir: ${with_dbuspolicydir} + D-Bus session dir: ${with_dbussessionservicedir} + D-Bus system dir: ${with_dbussystemservicedir} + Bash completions dir: ${with_bashcompletiondir} + Zsh completions dir: ${with_zshcompletiondir} + Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} + Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} + Wheel group: ${have_wheel_group} + Debug shell: ${SUSHELL} @ ${DEBUGTTY} + TTY GID: ${TTY_GID} + Maximum System UID: ${SYSTEM_UID_MAX} + Maximum System GID: ${SYSTEM_GID_MAX} + Certificate root: ${CERTIFICATEROOT} - CFLAGS: ${OUR_CFLAGS} ${CFLAGS} - CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} - LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} + CFLAGS: ${OUR_CFLAGS} ${CFLAGS} + CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} + LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} ]) diff --git a/src/login/.gitignore b/src/login/.gitignore index 39088ec252..3a8ba497c1 100644 --- a/src/login/.gitignore +++ b/src/login/.gitignore @@ -1,4 +1,5 @@ /logind-gperf.c +/logind.conf /org.freedesktop.login1.policy /71-seat.rules /73-seat-late.rules diff --git a/src/login/logind.c b/src/login/logind.c index 616346799a..a48e2fc61e 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -64,7 +64,7 @@ static void manager_reset_config(Manager *m) { m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); - m->kill_user_processes = true; + m->kill_user_processes = KILL_USER_PROCESSES; m->kill_only_users = strv_free(m->kill_only_users); m->kill_exclude_users = strv_free(m->kill_exclude_users); diff --git a/src/login/logind.conf b/src/login/logind.conf.in similarity index 95% rename from src/login/logind.conf rename to src/login/logind.conf.in index 8316bb4d74..3c96def45d 100644 --- a/src/login/logind.conf +++ b/src/login/logind.conf.in @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=yes +#KillUserProcesses=@KILL_USER_PROCESSES@ #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 From 921f831d3e2e27a0da16d93ad3dc468263a63320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2016 23:52:41 -0400 Subject: [PATCH 07/10] logind: make KillOnlyUsers override KillUserProcesses Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be used to specify users to kill, independently of the KillUserProcesses setting. Having the settings orthogonal seems to make more sense. It also makes KillOnlyUsers symmetrical to KillExcludeUsers. --- man/logind.conf.xml | 25 +++++++++++++------------ src/login/logind-core.c | 9 +++------ 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/man/logind.conf.xml b/man/logind.conf.xml index 6e587c3561..3217ece21a 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -124,7 +124,9 @@ corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandonded", see systemd.scope5, - and processes are not killed. Defaults to yes. + and processes are not killed. Defaults to yes, + but see the options KillOnlyUsers= and + KillExcludeUsers= below. In addition to session processes, user process may run under the user manager unit user@.service. Depending on the linger @@ -147,17 +149,16 @@ KillOnlyUsers= KillExcludeUsers= - These settings take space-separated lists of usernames that - determine to which users the KillUserProcesses= setting - applies. A user name may be added to KillExcludeUsers= to - exclude the processes in the session scopes of that user from being killed even if - KillUserProcesses=yes is set. If - KillExcludeUsers= is not set, the root user - is excluded by default. KillExcludeUsers= may be set to an - empty value to override this default. If a user is not excluded, - KillOnlyUsers= is checked next. A list of user names may be - specified in KillOnlyUsers=, to only include those - users. Otherwise, all users are included. + These settings take space-separated lists of usernames that override + the KillUserProcesses= setting. A user name may be added to + KillExcludeUsers= to exclude the processes in the session scopes of + that user from being killed even if KillUserProcesses=yes is set. If + KillExcludeUsers= is not set, the root user is + excluded by default. KillExcludeUsers= may be set to an empty value + to override this default. If a user is not excluded, KillOnlyUsers= + is checked next. If this setting is specified, only the session scopes of those users + will be killed. Otherwise, users are subject to the + KillUserProcesses=yes setting. diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 73075274e0..cbf8d757fe 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -364,19 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) { assert(m); assert(user); - if (!m->kill_user_processes) - return false; - if (!m->kill_exclude_users && streq(user, "root")) return false; if (strv_contains(m->kill_exclude_users, user)) return false; - if (strv_isempty(m->kill_only_users)) - return true; + if (!strv_isempty(m->kill_only_users)) + return strv_contains(m->kill_only_users, user); - return strv_contains(m->kill_only_users, user); + return m->kill_user_processes; } static int vt_is_busy(unsigned int vtnr) { From 152199f2d705effdcddacff63b3ca88671b1290f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2016 22:52:28 -0400 Subject: [PATCH 08/10] logind: allow any user to request lingering We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites. --- NEWS | 5 +++-- src/login/logind-dbus.c | 8 +++++--- src/login/org.freedesktop.login1.policy.in | 8 ++++++++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 7199a67201..3924264e6f 100644 --- a/NEWS +++ b/NEWS @@ -40,8 +40,9 @@ CHANGES WITH 230 in spe: After the user logs out of all sessions, user@.service will be terminated too, by default, unless the user has "lingering" enabled. To effectively allow users to run long-term tasks even if they are - logged out, lingering must be enabled for them. See loginctl(1) - for details. + logged out, lingering must be enabled for them. See loginctl(1) for + details. The default polkit policy was modified to allow users to + set lingering for themselves without authentication. Previous defaults can be restored at compile time by the --without-kill-user-processes option. diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 1d3133ee25..a281f99a34 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_free_ char *cc = NULL; Manager *m = userdata; - int b, r; + int r, b, interactive; struct passwd *pw; const char *path; uint32_t uid; - int interactive; + bool self = false; assert(message); assert(m); @@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu if (r < 0) return r; + self = true; + } else if (!uid_is_valid(uid)) return -EINVAL; @@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, - "org.freedesktop.login1.set-user-linger", + self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger", NULL, interactive, UID_INVALID, diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in index 23326bb79f..1fa6441629 100644 --- a/src/login/org.freedesktop.login1.policy.in +++ b/src/login/org.freedesktop.login1.policy.in @@ -111,6 +111,14 @@ + + <_description>Allow non-logged-in user to run programs + <_message>Explicit request is required to run programs as a non-logged-in user. + + yes + + + <_description>Allow non-logged-in users to run programs <_message>Authentication is required to run programs as a non-logged-in user. From 26e00f0e6a27d20c9d2da61cb46cb241fe0642a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2016 23:35:45 -0400 Subject: [PATCH 09/10] loginctl: show linger status in user-status MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit zbyszek (1002) Since: Tue 2016-04-12 23:11:46 EDT; 23min ago State: active Sessions: *3 Linger: yes Unit: user-1002.slice ├─user@1002.service │ └─init.scope │ ├─38 /usr/lib/systemd/systemd --user │ └─39 (sd-pam) └─session-3.scope ├─ 31 login -- zbyszek ├─ 44 -bash ├─15076 loginctl user-status zbyszek └─15077 less --- src/login/loginctl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/login/loginctl.c b/src/login/loginctl.c index 01f6fa5db0..8b23135edd 100644 --- a/src/login/loginctl.c +++ b/src/login/loginctl.c @@ -293,6 +293,7 @@ typedef struct SessionStatusInfo { typedef struct UserStatusInfo { uid_t uid; + bool linger; char *name; struct dual_timestamp timestamp; char *state; @@ -551,6 +552,7 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) static const struct bus_properties_map map[] = { { "Name", "s", NULL, offsetof(UserStatusInfo, name) }, + { "Linger", "b", NULL, offsetof(UserStatusInfo, linger) }, { "Slice", "s", NULL, offsetof(UserStatusInfo, slice) }, { "State", "s", NULL, offsetof(UserStatusInfo, state) }, { "UID", "u", NULL, offsetof(UserStatusInfo, uid) }, @@ -595,16 +597,16 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) char **l; printf("\tSessions:"); - STRV_FOREACH(l, i.sessions) { - if (streq_ptr(*l, i.display)) - printf(" *%s", *l); - else - printf(" %s", *l); - } + STRV_FOREACH(l, i.sessions) + printf(" %s%s", + streq_ptr(*l, i.display) ? "*" : "", + *l); printf("\n"); } + printf("\t Linger: %s\n", yes_no(i.linger)); + if (i.slice) { printf("\t Unit: %s\n", i.slice); show_unit_cgroup(bus, "org.freedesktop.systemd1.Slice", i.slice, 0); From 42fbdf45864b46f3eb62a3738b81e687685eb9bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 12 Apr 2016 23:36:37 -0400 Subject: [PATCH 10/10] shared/logs-show: fix memleak in add_matches_for_unit --- src/shared/logs-show.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index e2d2931c51..38a55525c0 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1073,7 +1073,7 @@ int add_matches_for_unit(sd_journal *j, const char *unit) { ); if (r == 0 && endswith(unit, ".slice")) { - char *m5 = strappend("_SYSTEMD_SLICE=", unit); + const char *m5 = strjoina("_SYSTEMD_SLICE=", unit); /* Show all messages belonging to a slice */ (void)(