Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
This counts 'online sessions' in addition to 'active sessions' and 'sessions'.
In this context, an 'online session' covers all session in the 'active' state
in addition to the explicit 'online' state.
This provides an easy machanism to determin all relevant sessions easily
(i.e. those that are not 'closing') and adds new semantics to the sd-login.c
APIs sd_uid_get_sessions() and sd_uid_get_seats() where the require_active
argument can be supplied as a value 2 which only lists sessions which are
'online'.
This functionality should allow client applications to avoid deadlocks where
they only exit when all sessions are complete, such as a the problem where
PulseAudio will not exit until all sessions are gone, but in itself prevents
the session from exiting.
PulseAudio for example will keep a client connection open provided
at least one session exists. However, if all sessions are currently
in the process of closing, we should flag that as the overall state
appropriately to better reflect what is happening.
Although this does better reflect the status for any given user, it does
not actually solve the overall problem of PulseAudio still finding some
sessions active and thus not exiting and therefore actually preventing
the session from closing. Future commits will extend sd-login to cope
with this situation.
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
The sssd folks would like to place the kerberos credential cache in
XDG_RUNTIME_DIR, but need to do that in the PAM auth hooks, before
pam_systemd is run as part of the PAM session setup. Hence, in order to
make this easy for them: avoid usage of usernames, and use user IDs
instead thus making an additional NSS lookup unnecessary in the kerberos
bits, but still have the directory well-defined so that the kerberos
bits can determine it before pam_systemd is run.
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
