mirror of
https://github.com/systemd/systemd
synced 2024-10-07 00:30:59 +00:00
Merge pull request #30610 from YHNdnzj/logind-serialize-pidref
logind: serialize session leader pidfd to fdstore
This commit is contained in:
commit
7903567cb7
|
@ -1188,8 +1188,10 @@ int pidref_is_alive(const PidRef *pidref) {
|
|||
return -ESRCH;
|
||||
|
||||
result = pid_is_alive(pidref->pid);
|
||||
if (result < 0)
|
||||
if (result < 0) {
|
||||
assert(result != -ESRCH);
|
||||
return result;
|
||||
}
|
||||
|
||||
r = pidref_verify(pidref);
|
||||
if (r == -ESRCH)
|
||||
|
|
|
@ -807,7 +807,6 @@ int session_send_create_reply(Session *s, sd_bus_error *error) {
|
|||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *c = NULL;
|
||||
_cleanup_close_ int fifo_fd = -EBADF;
|
||||
_cleanup_free_ char *p = NULL;
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
|
||||
|
@ -828,10 +827,6 @@ int session_send_create_reply(Session *s, sd_bus_error *error) {
|
|||
if (fifo_fd < 0)
|
||||
return fifo_fd;
|
||||
|
||||
r = session_watch_pidfd(s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* Update the session state file before we notify the client about the result. */
|
||||
session_save(s);
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
#include "audit-util.h"
|
||||
#include "bus-error.h"
|
||||
#include "bus-util.h"
|
||||
#include "daemon-util.h"
|
||||
#include "devnum-util.h"
|
||||
#include "env-file.h"
|
||||
#include "escape.h"
|
||||
|
@ -87,13 +88,54 @@ int session_new(Session **ret, Manager *m, const char *id) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void session_reset_leader(Session *s) {
|
||||
static int session_dispatch_leader_pidfd(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
|
||||
Session *s = ASSERT_PTR(userdata);
|
||||
|
||||
assert(s->leader.fd == fd);
|
||||
session_stop(s, /* force= */ false);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int session_watch_pidfd(Session *s) {
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
assert(s->manager);
|
||||
assert(pidref_is_set(&s->leader));
|
||||
|
||||
if (s->leader.fd < 0)
|
||||
return 0;
|
||||
|
||||
r = sd_event_add_io(s->manager->event, &s->leader_pidfd_event_source, s->leader.fd, EPOLLIN, session_dispatch_leader_pidfd, s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_event_source_set_priority(s->leader_pidfd_event_source, SD_EVENT_PRIORITY_IMPORTANT);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(void) sd_event_source_set_description(s->leader_pidfd_event_source, "session-pidfd");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void session_reset_leader(Session *s, bool keep_fdstore) {
|
||||
assert(s);
|
||||
|
||||
if (!keep_fdstore) {
|
||||
/* Clear fdstore if we're asked to, no matter if s->leader is set or not, so that when
|
||||
* initially deserializing leader fd we clear the old fd too. */
|
||||
(void) notify_remove_fd_warnf("session-%s-leader-fd", s->id);
|
||||
s->leader_fd_saved = false;
|
||||
}
|
||||
|
||||
if (!pidref_is_set(&s->leader))
|
||||
return;
|
||||
|
||||
assert_se(hashmap_remove_value(s->manager->sessions_by_leader, &s->leader, s));
|
||||
s->leader_pidfd_event_source = sd_event_source_disable_unref(s->leader_pidfd_event_source);
|
||||
|
||||
(void) hashmap_remove_value(s->manager->sessions_by_leader, &s->leader, s);
|
||||
|
||||
return pidref_done(&s->leader);
|
||||
}
|
||||
|
@ -142,7 +184,7 @@ Session* session_free(Session *s) {
|
|||
|
||||
free(s->scope_job);
|
||||
|
||||
session_reset_leader(s);
|
||||
session_reset_leader(s, /* keep_fdstore = */ true);
|
||||
|
||||
sd_bus_message_unref(s->create_message);
|
||||
|
||||
|
@ -188,15 +230,27 @@ int session_set_leader_consume(Session *s, PidRef _leader) {
|
|||
if (pidref_equal(&s->leader, &pidref))
|
||||
return 0;
|
||||
|
||||
session_reset_leader(s);
|
||||
session_reset_leader(s, /* keep_fdstore = */ false);
|
||||
|
||||
s->leader = TAKE_PIDREF(pidref);
|
||||
|
||||
r = session_watch_pidfd(s);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to watch leader pidfd for session '%s': %m", s->id);
|
||||
|
||||
r = hashmap_ensure_put(&s->manager->sessions_by_leader, &pidref_hash_ops, &s->leader, s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
assert(r > 0);
|
||||
|
||||
if (s->leader.fd >= 0) {
|
||||
r = notify_push_fdf(s->leader.fd, "session-%s-leader-fd", s->id);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to push leader pidfd for session '%s', ignoring: %m", s->id);
|
||||
else
|
||||
s->leader_fd_saved = true;
|
||||
}
|
||||
|
||||
(void) audit_session_from_pid(s->leader.pid, &s->audit_id);
|
||||
|
||||
return 1;
|
||||
|
@ -240,16 +294,18 @@ int session_save(Session *s) {
|
|||
"# This is private data. Do not parse.\n"
|
||||
"UID="UID_FMT"\n"
|
||||
"USER=%s\n"
|
||||
"ACTIVE=%i\n"
|
||||
"IS_DISPLAY=%i\n"
|
||||
"ACTIVE=%s\n"
|
||||
"IS_DISPLAY=%s\n"
|
||||
"STATE=%s\n"
|
||||
"REMOTE=%i\n",
|
||||
"REMOTE=%s\n"
|
||||
"LEADER_FD_SAVED=%s\n",
|
||||
s->user->user_record->uid,
|
||||
s->user->user_record->user_name,
|
||||
session_is_active(s),
|
||||
s->user->display == s,
|
||||
one_zero(session_is_active(s)),
|
||||
one_zero(s->user->display == s),
|
||||
session_state_to_string(session_get_state(s)),
|
||||
s->remote);
|
||||
one_zero(s->remote),
|
||||
one_zero(s->leader_fd_saved));
|
||||
|
||||
if (s->type >= 0)
|
||||
fprintf(f, "TYPE=%s\n", session_type_to_string(s->type));
|
||||
|
@ -408,7 +464,8 @@ int session_load(Session *s) {
|
|||
*vtnr = NULL,
|
||||
*state = NULL,
|
||||
*position = NULL,
|
||||
*leader = NULL,
|
||||
*leader_pid = NULL,
|
||||
*leader_fd_saved = NULL,
|
||||
*type = NULL,
|
||||
*original_type = NULL,
|
||||
*class = NULL,
|
||||
|
@ -425,32 +482,33 @@ int session_load(Session *s) {
|
|||
assert(s);
|
||||
|
||||
r = parse_env_file(NULL, s->state_file,
|
||||
"REMOTE", &remote,
|
||||
"SCOPE", &s->scope,
|
||||
"SCOPE_JOB", &s->scope_job,
|
||||
"FIFO", &s->fifo_path,
|
||||
"SEAT", &seat,
|
||||
"TTY", &s->tty,
|
||||
"TTY_VALIDITY", &tty_validity,
|
||||
"DISPLAY", &s->display,
|
||||
"REMOTE_HOST", &s->remote_host,
|
||||
"REMOTE_USER", &s->remote_user,
|
||||
"SERVICE", &s->service,
|
||||
"DESKTOP", &s->desktop,
|
||||
"VTNR", &vtnr,
|
||||
"STATE", &state,
|
||||
"POSITION", &position,
|
||||
"LEADER", &leader,
|
||||
"TYPE", &type,
|
||||
"ORIGINAL_TYPE", &original_type,
|
||||
"CLASS", &class,
|
||||
"UID", &uid,
|
||||
"REALTIME", &realtime,
|
||||
"MONOTONIC", &monotonic,
|
||||
"CONTROLLER", &controller,
|
||||
"ACTIVE", &active,
|
||||
"DEVICES", &devices,
|
||||
"IS_DISPLAY", &is_display);
|
||||
"REMOTE", &remote,
|
||||
"SCOPE", &s->scope,
|
||||
"SCOPE_JOB", &s->scope_job,
|
||||
"FIFO", &s->fifo_path,
|
||||
"SEAT", &seat,
|
||||
"TTY", &s->tty,
|
||||
"TTY_VALIDITY", &tty_validity,
|
||||
"DISPLAY", &s->display,
|
||||
"REMOTE_HOST", &s->remote_host,
|
||||
"REMOTE_USER", &s->remote_user,
|
||||
"SERVICE", &s->service,
|
||||
"DESKTOP", &s->desktop,
|
||||
"VTNR", &vtnr,
|
||||
"STATE", &state,
|
||||
"POSITION", &position,
|
||||
"LEADER", &leader_pid,
|
||||
"LEADER_FD_SAVED", &leader_fd_saved,
|
||||
"TYPE", &type,
|
||||
"ORIGINAL_TYPE", &original_type,
|
||||
"CLASS", &class,
|
||||
"UID", &uid,
|
||||
"REALTIME", &realtime,
|
||||
"MONOTONIC", &monotonic,
|
||||
"CONTROLLER", &controller,
|
||||
"ACTIVE", &active,
|
||||
"DEVICES", &devices,
|
||||
"IS_DISPLAY", &is_display);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read %s: %m", s->state_file);
|
||||
|
||||
|
@ -517,19 +575,6 @@ int session_load(Session *s) {
|
|||
s->tty_validity = v;
|
||||
}
|
||||
|
||||
if (leader) {
|
||||
_cleanup_(pidref_done) PidRef p = PIDREF_NULL;
|
||||
|
||||
r = pidref_set_pidstr(&p, leader);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to parse leader PID of session: %s", leader);
|
||||
else {
|
||||
r = session_set_leader_consume(s, TAKE_PIDREF(p));
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to set session leader PID, ignoring: %m");
|
||||
}
|
||||
}
|
||||
|
||||
if (type) {
|
||||
SessionType t;
|
||||
|
||||
|
@ -604,6 +649,33 @@ int session_load(Session *s) {
|
|||
session_restore_vt(s);
|
||||
}
|
||||
|
||||
if (leader_pid) {
|
||||
assert(!pidref_is_set(&s->leader));
|
||||
|
||||
r = parse_pid(leader_pid, &s->deserialized_pid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse LEADER=%s: %m", leader_pid);
|
||||
|
||||
if (leader_fd_saved) {
|
||||
r = parse_boolean(leader_fd_saved);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse LEADER_FD_SAVED=%s: %m", leader_fd_saved);
|
||||
s->leader_fd_saved = r > 0;
|
||||
|
||||
if (s->leader_fd_saved)
|
||||
/* The leader fd will be acquired from fdstore later */
|
||||
return 0;
|
||||
}
|
||||
|
||||
_cleanup_(pidref_done) PidRef p = PIDREF_NULL;
|
||||
|
||||
r = pidref_set_pid(&p, s->deserialized_pid);
|
||||
if (r >= 0)
|
||||
r = session_set_leader_consume(s, TAKE_PIDREF(p));
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to set leader PID for session '%s': %m", s->id);
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -917,7 +989,6 @@ int session_finalize(Session *s) {
|
|||
LOG_MESSAGE("Removed session %s.", s->id));
|
||||
|
||||
s->timer_event_source = sd_event_source_unref(s->timer_event_source);
|
||||
s->leader_pidfd_event_source = sd_event_source_unref(s->leader_pidfd_event_source);
|
||||
|
||||
if (s->seat)
|
||||
seat_evict_position(s->seat, s);
|
||||
|
@ -942,7 +1013,7 @@ int session_finalize(Session *s) {
|
|||
seat_save(s->seat);
|
||||
}
|
||||
|
||||
session_reset_leader(s);
|
||||
session_reset_leader(s, /* keep_fdstore = */ false);
|
||||
|
||||
user_save(s->user);
|
||||
user_send_changed(s->user, "Display", NULL);
|
||||
|
@ -1225,36 +1296,6 @@ static void session_remove_fifo(Session *s) {
|
|||
}
|
||||
}
|
||||
|
||||
static int session_dispatch_leader_pidfd(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
|
||||
Session *s = ASSERT_PTR(userdata);
|
||||
|
||||
assert(s->leader.fd == fd);
|
||||
session_stop(s, /* force= */ false);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int session_watch_pidfd(Session *s) {
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
|
||||
if (s->leader.fd < 0)
|
||||
return 0;
|
||||
|
||||
r = sd_event_add_io(s->manager->event, &s->leader_pidfd_event_source, s->leader.fd, EPOLLIN, session_dispatch_leader_pidfd, s);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_event_source_set_priority(s->leader_pidfd_event_source, SD_EVENT_PRIORITY_IMPORTANT);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(void) sd_event_source_set_description(s->leader_pidfd_event_source, "session-pidfd");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool session_may_gc(Session *s, bool drop_not_started) {
|
||||
int r;
|
||||
|
||||
|
@ -1267,15 +1308,17 @@ bool session_may_gc(Session *s, bool drop_not_started) {
|
|||
return true;
|
||||
|
||||
r = pidref_is_alive(&s->leader);
|
||||
if (r == -ESRCH)
|
||||
/* Session has no leader. This is probably because the leader vanished before deserializing
|
||||
* pidfd from FD store. */
|
||||
return true;
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Unable to determine if leader PID " PID_FMT " is still alive, assuming not.", s->leader.pid);
|
||||
log_debug_errno(r, "Unable to determine if leader PID " PID_FMT " is still alive, assuming not: %m", s->leader.pid);
|
||||
if (r > 0)
|
||||
return false;
|
||||
|
||||
if (s->fifo_fd >= 0) {
|
||||
if (pipe_eof(s->fifo_fd) <= 0)
|
||||
return false;
|
||||
}
|
||||
if (s->fifo_fd >= 0 && pipe_eof(s->fifo_fd) <= 0)
|
||||
return false;
|
||||
|
||||
if (s->scope_job) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
|
|
|
@ -89,6 +89,8 @@ struct Session {
|
|||
int vtfd;
|
||||
|
||||
PidRef leader;
|
||||
bool leader_fd_saved; /* pidfd of leader uploaded to fdstore */
|
||||
pid_t deserialized_pid; /* PID deserialized from state file (for verification when pidfd is used) */
|
||||
uint32_t audit_id;
|
||||
|
||||
int fifo_fd;
|
||||
|
@ -144,7 +146,6 @@ void session_set_type(Session *s, SessionType t);
|
|||
int session_set_display(Session *s, const char *display);
|
||||
int session_set_tty(Session *s, const char *tty);
|
||||
int session_create_fifo(Session *s);
|
||||
int session_watch_pidfd(Session *s);
|
||||
int session_start(Session *s, sd_bus_message *properties, sd_bus_error *error);
|
||||
int session_stop(Session *s, bool force);
|
||||
int session_finalize(Session *s);
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
#include "constants.h"
|
||||
#include "daemon-util.h"
|
||||
#include "device-util.h"
|
||||
#include "devnum-util.h"
|
||||
#include "dirent-util.h"
|
||||
#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
|
@ -191,13 +192,10 @@ static int manager_enumerate_devices(Manager *m) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
FOREACH_DEVICE(e, d) {
|
||||
int k;
|
||||
r = 0;
|
||||
|
||||
k = manager_process_seat_device(m, d);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
}
|
||||
FOREACH_DEVICE(e, d)
|
||||
RET_GATHER(r, manager_process_seat_device(m, d));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -225,13 +223,10 @@ static int manager_enumerate_buttons(Manager *m) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
FOREACH_DEVICE(e, d) {
|
||||
int k;
|
||||
r = 0;
|
||||
|
||||
k = manager_process_button_device(m, d);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
}
|
||||
FOREACH_DEVICE(e, d)
|
||||
RET_GATHER(r, manager_process_button_device(m, d));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -251,12 +246,11 @@ static int manager_enumerate_seats(Manager *m) {
|
|||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/seats: %m");
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/seats/: %m");
|
||||
}
|
||||
|
||||
FOREACH_DIRENT(de, d, return -errno) {
|
||||
Seat *s;
|
||||
int k;
|
||||
|
||||
if (!dirent_is_file(de))
|
||||
continue;
|
||||
|
@ -269,9 +263,7 @@ static int manager_enumerate_seats(Manager *m) {
|
|||
continue;
|
||||
}
|
||||
|
||||
k = seat_load(s);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
RET_GATHER(r, seat_load(s));
|
||||
}
|
||||
|
||||
return r;
|
||||
|
@ -292,19 +284,21 @@ static int manager_enumerate_linger_users(Manager *m) {
|
|||
}
|
||||
|
||||
FOREACH_DIRENT(de, d, return -errno) {
|
||||
int k;
|
||||
_cleanup_free_ char *n = NULL;
|
||||
int k;
|
||||
|
||||
if (!dirent_is_file(de))
|
||||
continue;
|
||||
|
||||
k = cunescape(de->d_name, 0, &n);
|
||||
if (k < 0) {
|
||||
r = log_warning_errno(k, "Failed to unescape username '%s', ignoring: %m", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Failed to unescape username '%s', ignoring: %m", de->d_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
k = manager_add_user_by_name(m, n, NULL);
|
||||
if (k < 0)
|
||||
r = log_warning_errno(k, "Couldn't add lingering user %s, ignoring: %m", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Couldn't add lingering user %s, ignoring: %m", de->d_name));
|
||||
}
|
||||
|
||||
return r;
|
||||
|
@ -312,7 +306,7 @@ static int manager_enumerate_linger_users(Manager *m) {
|
|||
|
||||
static int manager_enumerate_users(Manager *m) {
|
||||
_cleanup_closedir_ DIR *d = NULL;
|
||||
int r, k;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
|
@ -325,148 +319,198 @@ static int manager_enumerate_users(Manager *m) {
|
|||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/users: %m");
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/users/: %m");
|
||||
}
|
||||
|
||||
FOREACH_DIRENT(de, d, return -errno) {
|
||||
User *u;
|
||||
uid_t uid;
|
||||
int k;
|
||||
|
||||
if (!dirent_is_file(de))
|
||||
continue;
|
||||
|
||||
k = parse_uid(de->d_name, &uid);
|
||||
if (k < 0) {
|
||||
r = log_warning_errno(k, "Failed to parse filename /run/systemd/users/%s as UID.", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Failed to parse filename /run/systemd/users/%s as UID, ignoring: %m", de->d_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
k = manager_add_user_by_uid(m, uid, &u);
|
||||
if (k < 0) {
|
||||
r = log_warning_errno(k, "Failed to add user by file name %s, ignoring: %m", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Failed to add user by filename %s, ignoring: %m", de->d_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
user_add_to_gc_queue(u);
|
||||
|
||||
k = user_load(u);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
RET_GATHER(r, user_load(u));
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
static int parse_fdname(const char *fdname, char **session_id, dev_t *dev) {
|
||||
static int parse_fdname(const char *fdname, char **ret_session_id, dev_t *ret_devno) {
|
||||
_cleanup_strv_free_ char **parts = NULL;
|
||||
_cleanup_free_ char *id = NULL;
|
||||
unsigned major, minor;
|
||||
int r;
|
||||
|
||||
assert(ret_session_id);
|
||||
assert(ret_devno);
|
||||
|
||||
parts = strv_split(fdname, "-");
|
||||
if (!parts)
|
||||
return -ENOMEM;
|
||||
if (strv_length(parts) != 5)
|
||||
return -EINVAL;
|
||||
|
||||
if (!streq(parts[0], "session"))
|
||||
if (_unlikely_(!streq(parts[0], "session")))
|
||||
return -EINVAL;
|
||||
|
||||
id = strdup(parts[1]);
|
||||
if (!id)
|
||||
return -ENOMEM;
|
||||
|
||||
if (!streq(parts[2], "device"))
|
||||
if (streq(parts[2], "leader")) {
|
||||
*ret_session_id = TAKE_PTR(id);
|
||||
*ret_devno = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (_unlikely_(!streq(parts[2], "device")))
|
||||
return -EINVAL;
|
||||
|
||||
unsigned major, minor;
|
||||
|
||||
r = safe_atou(parts[3], &major);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = safe_atou(parts[4], &minor);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*dev = makedev(major, minor);
|
||||
*session_id = TAKE_PTR(id);
|
||||
*ret_session_id = TAKE_PTR(id);
|
||||
*ret_devno = makedev(major, minor);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int deliver_fd(Manager *m, const char *fdname, int fd) {
|
||||
_cleanup_free_ char *id = NULL;
|
||||
static int deliver_session_device_fd(Session *s, const char *fdname, int fd, dev_t devno) {
|
||||
SessionDevice *sd;
|
||||
struct stat st;
|
||||
Session *s;
|
||||
dev_t dev;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(s);
|
||||
assert(fdname);
|
||||
assert(fd >= 0);
|
||||
|
||||
r = parse_fdname(fdname, &id, &dev);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to parse fd name %s: %m", fdname);
|
||||
|
||||
s = hashmap_get(m->sessions, id);
|
||||
if (!s)
|
||||
/* If the session doesn't exist anymore, the associated session device attached to this fd
|
||||
* doesn't either. Let's simply close this fd. */
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO), "Failed to attach fd for unknown session: %s", id);
|
||||
assert(devno > 0);
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
/* The device is allowed to go away at a random point, in which case fstat() failing is
|
||||
* expected. */
|
||||
return log_debug_errno(errno, "Failed to stat device fd for session %s: %m", id);
|
||||
return log_debug_errno(errno, "Failed to stat device fd '%s' for session '%s': %m",
|
||||
fdname, s->id);
|
||||
|
||||
if (!S_ISCHR(st.st_mode) || st.st_rdev != dev)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENODEV), "Device fd doesn't point to the expected character device node");
|
||||
if (!S_ISCHR(st.st_mode) || st.st_rdev != devno)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENODEV),
|
||||
"Device fd '%s' doesn't point to the expected character device node.",
|
||||
fdname);
|
||||
|
||||
sd = hashmap_get(s->devices, &dev);
|
||||
sd = hashmap_get(s->devices, &devno);
|
||||
if (!sd)
|
||||
/* Weird, we got an fd for a session device which wasn't recorded in the session state
|
||||
* file... */
|
||||
return log_warning_errno(SYNTHETIC_ERRNO(ENODEV), "Got fd for missing session device [%u:%u] in session %s",
|
||||
major(dev), minor(dev), s->id);
|
||||
return log_warning_errno(SYNTHETIC_ERRNO(ENODEV),
|
||||
"Got session device fd '%s' [" DEVNUM_FORMAT_STR "], but not present in session state.",
|
||||
fdname, DEVNUM_FORMAT_VAL(devno));
|
||||
|
||||
log_debug("Attaching fd to session device [%u:%u] for session %s",
|
||||
major(dev), minor(dev), s->id);
|
||||
log_debug("Attaching session device fd '%s' [" DEVNUM_FORMAT_STR "] to session '%s'.",
|
||||
fdname, DEVNUM_FORMAT_VAL(devno), s->id);
|
||||
|
||||
session_device_attach_fd(sd, fd, s->was_active);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int manager_attach_fds(Manager *m) {
|
||||
_cleanup_strv_free_ char **fdnames = NULL;
|
||||
int n;
|
||||
static int deliver_session_leader_fd_consume(Session *s, const char *fdname, int fd) {
|
||||
_cleanup_(pidref_done) PidRef leader_fdstore = PIDREF_NULL;
|
||||
int r;
|
||||
|
||||
/* Upon restart, PID1 will send us back all fds of session devices that we previously opened. Each
|
||||
* file descriptor is associated with a given session. The session ids are passed through FDNAMES. */
|
||||
assert(s);
|
||||
assert(fdname);
|
||||
assert(fd >= 0);
|
||||
|
||||
assert(m);
|
||||
if (!s->leader_fd_saved)
|
||||
log_warning("Got leader pidfd for session '%s', but not recorded in session state, proceeding anyway.",
|
||||
s->id);
|
||||
else
|
||||
assert(!pidref_is_set(&s->leader));
|
||||
|
||||
n = sd_listen_fds_with_names(true, &fdnames);
|
||||
if (n < 0)
|
||||
return log_warning_errno(n, "Failed to acquire passed fd list: %m");
|
||||
if (n == 0)
|
||||
return 0;
|
||||
r = pidref_set_pidfd_take(&leader_fdstore, fd);
|
||||
if (r < 0) {
|
||||
if (r == -ESRCH)
|
||||
log_debug_errno(r, "Leader of session '%s' is gone while deserializing.", s->id);
|
||||
else
|
||||
log_warning_errno(r, "Failed to create reference to leader of session '%s': %m", s->id);
|
||||
|
||||
for (int i = 0; i < n; i++) {
|
||||
int fd = SD_LISTEN_FDS_START + i;
|
||||
|
||||
if (deliver_fd(m, fdnames[i], fd) >= 0)
|
||||
continue;
|
||||
|
||||
/* Hmm, we couldn't deliver the fd to any session device object? If so, let's close the fd
|
||||
* and remove it from fdstore. */
|
||||
close_and_notify_warn(fd, fdnames[i]);
|
||||
close_and_notify_warn(fd, fdname);
|
||||
return r;
|
||||
}
|
||||
|
||||
assert(pid_is_valid(s->deserialized_pid));
|
||||
|
||||
if (leader_fdstore.pid != s->deserialized_pid)
|
||||
log_warning("Leader from pidfd (" PID_FMT ") doesn't match with LEADER=" PID_FMT " for session '%s', proceeding anyway.",
|
||||
leader_fdstore.pid, s->deserialized_pid, s->id);
|
||||
|
||||
r = session_set_leader_consume(s, TAKE_PIDREF(leader_fdstore));
|
||||
if (r < 0)
|
||||
return log_warning_errno(r, "Failed to attach leader pidfd for session '%s': %m", s->id);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int manager_attach_session_fd_one_consume(Manager *m, const char *fdname, int fd) {
|
||||
_cleanup_free_ char *id = NULL;
|
||||
dev_t devno;
|
||||
Session *s;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(fdname);
|
||||
assert(fd >= 0);
|
||||
|
||||
r = parse_fdname(fdname, &id, &devno);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to parse stored fd name '%s': %m", fdname);
|
||||
goto fail_close;
|
||||
}
|
||||
|
||||
s = hashmap_get(m->sessions, id);
|
||||
if (!s) {
|
||||
/* If the session doesn't exist anymore, let's simply close this fd. */
|
||||
r = log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
|
||||
"Cannot attach fd '%s' to unknown session '%s', ignoring.", fdname, id);
|
||||
goto fail_close;
|
||||
}
|
||||
|
||||
if (devno > 0) {
|
||||
r = deliver_session_device_fd(s, fdname, fd, devno);
|
||||
if (r < 0)
|
||||
goto fail_close;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Takes ownership of fd on both success and failure */
|
||||
return deliver_session_leader_fd_consume(s, fdname, fd);
|
||||
|
||||
fail_close:
|
||||
close_and_notify_warn(fd, fdname);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int manager_enumerate_sessions(Manager *m) {
|
||||
_cleanup_strv_free_ char **fdnames = NULL;
|
||||
_cleanup_closedir_ DIR *d = NULL;
|
||||
int r = 0, k;
|
||||
int r = 0, n;
|
||||
|
||||
assert(m);
|
||||
|
||||
|
@ -476,18 +520,19 @@ static int manager_enumerate_sessions(Manager *m) {
|
|||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/sessions: %m");
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/sessions/: %m");
|
||||
}
|
||||
|
||||
FOREACH_DIRENT(de, d, return -errno) {
|
||||
struct Session *s;
|
||||
Session *s;
|
||||
int k;
|
||||
|
||||
if (!dirent_is_file(de))
|
||||
continue;
|
||||
|
||||
k = manager_add_session(m, de->d_name, &s);
|
||||
if (k < 0) {
|
||||
r = log_warning_errno(k, "Failed to add session by file name %s, ignoring: %m", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Failed to add session by filename %s, ignoring: %m", de->d_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -495,12 +540,18 @@ static int manager_enumerate_sessions(Manager *m) {
|
|||
|
||||
k = session_load(s);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
RET_GATHER(r, log_warning_errno(k, "Failed to deserialize session '%s', ignoring: %m", s->id));
|
||||
}
|
||||
|
||||
/* We might be restarted and PID1 could have sent us back the session device fds we previously
|
||||
* saved. */
|
||||
(void) manager_attach_fds(m);
|
||||
n = sd_listen_fds_with_names(/* unset_environment = */ true, &fdnames);
|
||||
if (n < 0)
|
||||
return log_error_errno(n, "Failed to acquire passed fd list: %m");
|
||||
|
||||
for (int i = 0; i < n; i++) {
|
||||
int fd = SD_LISTEN_FDS_START + i;
|
||||
|
||||
RET_GATHER(r, manager_attach_session_fd_one_consume(m, fdnames[i], fd));
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -516,25 +567,23 @@ static int manager_enumerate_inhibitors(Manager *m) {
|
|||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/inhibit: %m");
|
||||
return log_error_errno(errno, "Failed to open /run/systemd/inhibit/: %m");
|
||||
}
|
||||
|
||||
FOREACH_DIRENT(de, d, return -errno) {
|
||||
int k;
|
||||
Inhibitor *i;
|
||||
int k;
|
||||
|
||||
if (!dirent_is_file(de))
|
||||
continue;
|
||||
|
||||
k = manager_add_inhibitor(m, de->d_name, &i);
|
||||
if (k < 0) {
|
||||
r = log_warning_errno(k, "Couldn't add inhibitor %s, ignoring: %m", de->d_name);
|
||||
RET_GATHER(r, log_warning_errno(k, "Couldn't add inhibitor %s, ignoring: %m", de->d_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
k = inhibitor_load(i);
|
||||
if (k < 0)
|
||||
r = k;
|
||||
RET_GATHER(r, inhibitor_load(i));
|
||||
}
|
||||
|
||||
return r;
|
||||
|
|
|
@ -25,14 +25,22 @@ setup_test_user() {
|
|||
trap cleanup_test_user EXIT
|
||||
}
|
||||
|
||||
test_enable_debug() {
|
||||
mkdir -p /run/systemd/system/systemd-logind.service.d
|
||||
cat >/run/systemd/system/systemd-logind.service.d/debug.conf <<EOF
|
||||
test_write_dropin() {
|
||||
systemctl edit --runtime --stdin systemd-logind.service --drop-in=debug.conf <<EOF
|
||||
[Service]
|
||||
Environment=SYSTEMD_LOG_LEVEL=debug
|
||||
EOF
|
||||
systemctl daemon-reload
|
||||
systemctl stop systemd-logind.service
|
||||
|
||||
# We test "coldplug" (completely stop and start logind) here. So we need to preserve
|
||||
# the fdstore, which might contain session leader pidfds. This is extremely rare use case
|
||||
# and shall not be considered fully supported.
|
||||
# See also: https://github.com/systemd/systemd/pull/30610#discussion_r1440507850
|
||||
systemctl edit --runtime --stdin systemd-logind.service --drop-in=fdstore-preserve.conf <<EOF
|
||||
[Service]
|
||||
FileDescriptorStorePreserve=yes
|
||||
EOF
|
||||
|
||||
systemctl restart systemd-logind.service
|
||||
}
|
||||
|
||||
testcase_properties() {
|
||||
|
@ -673,7 +681,7 @@ EOF
|
|||
}
|
||||
|
||||
setup_test_user
|
||||
test_enable_debug
|
||||
test_write_dropin
|
||||
run_testcases
|
||||
|
||||
touch /testok
|
||||
|
|
|
@ -31,7 +31,7 @@ DeviceAllow=char-input rw
|
|||
DeviceAllow=char-tty rw
|
||||
DeviceAllow=char-vcs rw
|
||||
ExecStart={{LIBEXECDIR}}/systemd-logind
|
||||
FileDescriptorStoreMax=512
|
||||
FileDescriptorStoreMax=768
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
|
Loading…
Reference in a new issue