]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
20263082 | 2 | |
4f5dd394 | 3 | #include <errno.h> |
20263082 | 4 | #include <unistd.h> |
20263082 | 5 | |
b5efdb8a | 6 | #include "alloc-util.h" |
90558f31 | 7 | #include "bus-common-errors.h" |
cc377381 | 8 | #include "bus-error.h" |
b7147168 | 9 | #include "bus-locator.h" |
4f5dd394 | 10 | #include "bus-util.h" |
f5058264 | 11 | #include "cgroup-util.h" |
66cdd0f2 | 12 | #include "clean-ipc.h" |
686d13b9 | 13 | #include "env-file.h" |
4f5dd394 | 14 | #include "escape.h" |
3ffd4af2 | 15 | #include "fd-util.h" |
4f5dd394 | 16 | #include "fileio.h" |
f97b34a6 | 17 | #include "format-util.h" |
f4f15635 | 18 | #include "fs-util.h" |
4f5dd394 | 19 | #include "hashmap.h" |
0690160e | 20 | #include "label-util.h" |
eefc66aa | 21 | #include "limits-util.h" |
6ecda0fb | 22 | #include "logind-dbus.h" |
6ecda0fb | 23 | #include "logind-user-dbus.h" |
ed5033fd | 24 | #include "logind-user.h" |
35cd0ba5 | 25 | #include "mkdir-label.h" |
6bedfcbb | 26 | #include "parse-util.h" |
4f5dd394 | 27 | #include "path-util.h" |
ed5033fd | 28 | #include "percent-util.h" |
4f5dd394 | 29 | #include "rm-rf.h" |
d68c645b | 30 | #include "serialize.h" |
4f5dd394 | 31 | #include "special.h" |
90558f31 | 32 | #include "stdio-util.h" |
8b43440b | 33 | #include "string-table.h" |
4e5b605a | 34 | #include "strv.h" |
e4de7287 | 35 | #include "tmpfile-util.h" |
b085d224 | 36 | #include "uid-alloc-range.h" |
4f5dd394 | 37 | #include "unit-name.h" |
ee104e11 | 38 | #include "user-util.h" |
20263082 | 39 | |
d5ac9d06 LP |
40 | int user_new(User **ret, |
41 | Manager *m, | |
22c902fa | 42 | UserRecord *ur) { |
d5ac9d06 | 43 | |
157f5057 | 44 | _cleanup_(user_freep) User *u = NULL; |
6230bf75 | 45 | char lu[DECIMAL_STR_MAX(uid_t) + 1]; |
6230bf75 | 46 | int r; |
20263082 | 47 | |
8c29a457 | 48 | assert(ret); |
20263082 | 49 | assert(m); |
22c902fa LP |
50 | assert(ur); |
51 | ||
52 | if (!ur->user_name) | |
53 | return -EINVAL; | |
54 | ||
55 | if (!uid_is_valid(ur->uid)) | |
56 | return -EINVAL; | |
20263082 | 57 | |
8c29a457 | 58 | u = new(User, 1); |
20263082 | 59 | if (!u) |
157f5057 DH |
60 | return -ENOMEM; |
61 | ||
8c29a457 LP |
62 | *u = (User) { |
63 | .manager = m, | |
22c902fa | 64 | .user_record = user_record_ref(ur), |
9afe9efb | 65 | .last_session_timestamp = USEC_INFINITY, |
8c29a457 | 66 | }; |
20263082 | 67 | |
22c902fa | 68 | if (asprintf(&u->state_file, "/run/systemd/users/" UID_FMT, ur->uid) < 0) |
d5ac9d06 LP |
69 | return -ENOMEM; |
70 | ||
22c902fa | 71 | if (asprintf(&u->runtime_path, "/run/user/" UID_FMT, ur->uid) < 0) |
157f5057 | 72 | return -ENOMEM; |
f9e4283d | 73 | |
22c902fa | 74 | xsprintf(lu, UID_FMT, ur->uid); |
6230bf75 DH |
75 | r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice); |
76 | if (r < 0) | |
157f5057 | 77 | return r; |
6230bf75 | 78 | |
b690ef12 DH |
79 | r = unit_name_build("user", lu, ".service", &u->service); |
80 | if (r < 0) | |
81 | return r; | |
82 | ||
25a1ab4e LP |
83 | r = unit_name_build("user-runtime-dir", lu, ".service", &u->runtime_dir_service); |
84 | if (r < 0) | |
85 | return r; | |
86 | ||
22c902fa | 87 | r = hashmap_put(m->users, UID_TO_PTR(ur->uid), u); |
157f5057 DH |
88 | if (r < 0) |
89 | return r; | |
20263082 | 90 | |
157f5057 DH |
91 | r = hashmap_put(m->user_units, u->slice, u); |
92 | if (r < 0) | |
93 | return r; | |
9444b1f2 | 94 | |
b690ef12 DH |
95 | r = hashmap_put(m->user_units, u->service, u); |
96 | if (r < 0) | |
97 | return r; | |
98 | ||
25a1ab4e LP |
99 | r = hashmap_put(m->user_units, u->runtime_dir_service, u); |
100 | if (r < 0) | |
101 | return r; | |
102 | ||
8c29a457 | 103 | *ret = TAKE_PTR(u); |
157f5057 | 104 | return 0; |
20263082 LP |
105 | } |
106 | ||
157f5057 DH |
107 | User *user_free(User *u) { |
108 | if (!u) | |
109 | return NULL; | |
20263082 | 110 | |
14c3baca | 111 | if (u->in_gc_queue) |
71fda00f | 112 | LIST_REMOVE(gc_queue, u->manager->user_gc_queue, u); |
14c3baca | 113 | |
20263082 LP |
114 | while (u->sessions) |
115 | session_free(u->sessions); | |
116 | ||
157f5057 DH |
117 | if (u->service) |
118 | hashmap_remove_value(u->manager->user_units, u->service, u); | |
119 | ||
25a1ab4e LP |
120 | if (u->runtime_dir_service) |
121 | hashmap_remove_value(u->manager->user_units, u->runtime_dir_service, u); | |
122 | ||
157f5057 DH |
123 | if (u->slice) |
124 | hashmap_remove_value(u->manager->user_units, u->slice, u); | |
fb6becb4 | 125 | |
22c902fa | 126 | hashmap_remove_value(u->manager->users, UID_TO_PTR(u->user_record->uid), u); |
6230bf75 | 127 | |
22c902fa | 128 | sd_event_source_unref(u->timer_event_source); |
9afe9efb | 129 | |
157f5057 | 130 | u->service_job = mfree(u->service_job); |
fb6becb4 | 131 | |
157f5057 | 132 | u->service = mfree(u->service); |
25a1ab4e | 133 | u->runtime_dir_service = mfree(u->runtime_dir_service); |
157f5057 DH |
134 | u->slice = mfree(u->slice); |
135 | u->runtime_path = mfree(u->runtime_path); | |
136 | u->state_file = mfree(u->state_file); | |
22c902fa LP |
137 | |
138 | user_record_unref(u->user_record); | |
20263082 | 139 | |
157f5057 | 140 | return mfree(u); |
20263082 LP |
141 | } |
142 | ||
71161305 | 143 | static int user_save_internal(User *u) { |
70f1280c | 144 | _cleanup_(unlink_and_freep) char *temp_path = NULL; |
9444b1f2 | 145 | _cleanup_fclose_ FILE *f = NULL; |
20263082 LP |
146 | int r; |
147 | ||
148 | assert(u); | |
149 | assert(u->state_file); | |
150 | ||
37c1d5e9 | 151 | r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, MKDIR_WARN_MODE); |
20263082 | 152 | if (r < 0) |
dacd6cee | 153 | goto fail; |
20263082 | 154 | |
14c3baca LP |
155 | r = fopen_temporary(u->state_file, &f, &temp_path); |
156 | if (r < 0) | |
dacd6cee | 157 | goto fail; |
14c3baca | 158 | |
0d536673 | 159 | (void) fchmod(fileno(f), 0644); |
20263082 LP |
160 | |
161 | fprintf(f, | |
14c3baca | 162 | "# This is private data. Do not parse.\n" |
20263082 | 163 | "NAME=%s\n" |
d865bc02 LP |
164 | "STATE=%s\n" /* friendly user-facing state */ |
165 | "STOPPING=%s\n", /* low-level state */ | |
22c902fa | 166 | u->user_record->user_name, |
d865bc02 LP |
167 | user_state_to_string(user_get_state(u)), |
168 | yes_no(u->stopping)); | |
20263082 | 169 | |
f9e4283d | 170 | /* LEGACY: no-one reads RUNTIME= anymore, drop it at some point */ |
20263082 | 171 | if (u->runtime_path) |
9444b1f2 | 172 | fprintf(f, "RUNTIME=%s\n", u->runtime_path); |
20263082 | 173 | |
fb6becb4 LP |
174 | if (u->service_job) |
175 | fprintf(f, "SERVICE_JOB=%s\n", u->service_job); | |
9444b1f2 | 176 | |
20263082 | 177 | if (u->display) |
9444b1f2 LP |
178 | fprintf(f, "DISPLAY=%s\n", u->display->id); |
179 | ||
180 | if (dual_timestamp_is_set(&u->timestamp)) | |
20263082 | 181 | fprintf(f, |
90b2de37 ZJS |
182 | "REALTIME="USEC_FMT"\n" |
183 | "MONOTONIC="USEC_FMT"\n", | |
184 | u->timestamp.realtime, | |
185 | u->timestamp.monotonic); | |
20263082 | 186 | |
9afe9efb LP |
187 | if (u->last_session_timestamp != USEC_INFINITY) |
188 | fprintf(f, "LAST_SESSION_TIMESTAMP=" USEC_FMT "\n", | |
189 | u->last_session_timestamp); | |
190 | ||
034a2a52 | 191 | if (u->sessions) { |
9b958eff | 192 | bool first; |
034a2a52 | 193 | |
0d536673 | 194 | fputs("SESSIONS=", f); |
9b958eff | 195 | first = true; |
034a2a52 | 196 | LIST_FOREACH(sessions_by_user, i, u->sessions) { |
9b958eff LP |
197 | if (first) |
198 | first = false; | |
199 | else | |
0d536673 | 200 | fputc(' ', f); |
9b958eff | 201 | |
0d536673 | 202 | fputs(i->id, f); |
034a2a52 LP |
203 | } |
204 | ||
0d536673 | 205 | fputs("\nSEATS=", f); |
9b958eff | 206 | first = true; |
034a2a52 | 207 | LIST_FOREACH(sessions_by_user, i, u->sessions) { |
9b958eff LP |
208 | if (!i->seat) |
209 | continue; | |
210 | ||
211 | if (first) | |
212 | first = false; | |
213 | else | |
0d536673 | 214 | fputc(' ', f); |
9b958eff | 215 | |
0d536673 | 216 | fputs(i->seat->id, f); |
034a2a52 LP |
217 | } |
218 | ||
0d536673 | 219 | fputs("\nACTIVE_SESSIONS=", f); |
9b958eff LP |
220 | first = true; |
221 | LIST_FOREACH(sessions_by_user, i, u->sessions) { | |
222 | if (!session_is_active(i)) | |
223 | continue; | |
224 | ||
225 | if (first) | |
226 | first = false; | |
227 | else | |
0d536673 | 228 | fputc(' ', f); |
9b958eff | 229 | |
0d536673 | 230 | fputs(i->id, f); |
9b958eff | 231 | } |
034a2a52 | 232 | |
0d536673 | 233 | fputs("\nONLINE_SESSIONS=", f); |
2dc8f41a CG |
234 | first = true; |
235 | LIST_FOREACH(sessions_by_user, i, u->sessions) { | |
236 | if (session_get_state(i) == SESSION_CLOSING) | |
237 | continue; | |
238 | ||
239 | if (first) | |
240 | first = false; | |
241 | else | |
0d536673 | 242 | fputc(' ', f); |
2dc8f41a | 243 | |
0d536673 | 244 | fputs(i->id, f); |
2dc8f41a CG |
245 | } |
246 | ||
0d536673 | 247 | fputs("\nACTIVE_SEATS=", f); |
9b958eff | 248 | first = true; |
034a2a52 | 249 | LIST_FOREACH(sessions_by_user, i, u->sessions) { |
9b958eff LP |
250 | if (!session_is_active(i) || !i->seat) |
251 | continue; | |
252 | ||
253 | if (first) | |
254 | first = false; | |
255 | else | |
0d536673 | 256 | fputc(' ', f); |
47acb2f1 | 257 | |
0d536673 | 258 | fputs(i->seat->id, f); |
034a2a52 | 259 | } |
2dc8f41a | 260 | |
0d536673 | 261 | fputs("\nONLINE_SEATS=", f); |
2dc8f41a CG |
262 | first = true; |
263 | LIST_FOREACH(sessions_by_user, i, u->sessions) { | |
264 | if (session_get_state(i) == SESSION_CLOSING || !i->seat) | |
265 | continue; | |
266 | ||
267 | if (first) | |
268 | first = false; | |
269 | else | |
0d536673 | 270 | fputc(' ', f); |
2dc8f41a | 271 | |
0d536673 | 272 | fputs(i->seat->id, f); |
2dc8f41a | 273 | } |
0d536673 | 274 | fputc('\n', f); |
034a2a52 LP |
275 | } |
276 | ||
dacd6cee LP |
277 | r = fflush_and_check(f); |
278 | if (r < 0) | |
279 | goto fail; | |
14c3baca | 280 | |
dacd6cee | 281 | if (rename(temp_path, u->state_file) < 0) { |
20263082 | 282 | r = -errno; |
dacd6cee | 283 | goto fail; |
20263082 LP |
284 | } |
285 | ||
70f1280c | 286 | temp_path = mfree(temp_path); |
dacd6cee LP |
287 | return 0; |
288 | ||
289 | fail: | |
290 | (void) unlink(u->state_file); | |
291 | ||
dacd6cee | 292 | return log_error_errno(r, "Failed to save user data %s: %m", u->state_file); |
20263082 LP |
293 | } |
294 | ||
71161305 SM |
295 | int user_save(User *u) { |
296 | assert(u); | |
297 | ||
298 | if (!u->started) | |
299 | return 0; | |
300 | ||
8c29a457 | 301 | return user_save_internal(u); |
71161305 SM |
302 | } |
303 | ||
20263082 | 304 | int user_load(User *u) { |
9afe9efb | 305 | _cleanup_free_ char *realtime = NULL, *monotonic = NULL, *stopping = NULL, *last_session_timestamp = NULL; |
9444b1f2 | 306 | int r; |
20263082 LP |
307 | |
308 | assert(u); | |
309 | ||
aa8fbc74 | 310 | r = parse_env_file(NULL, u->state_file, |
9afe9efb LP |
311 | "SERVICE_JOB", &u->service_job, |
312 | "STOPPING", &stopping, | |
313 | "REALTIME", &realtime, | |
314 | "MONOTONIC", &monotonic, | |
13df9c39 | 315 | "LAST_SESSION_TIMESTAMP", &last_session_timestamp); |
1c8280fd LP |
316 | if (r == -ENOENT) |
317 | return 0; | |
318 | if (r < 0) | |
d710aaf7 | 319 | return log_error_errno(r, "Failed to read %s: %m", u->state_file); |
20263082 | 320 | |
d865bc02 LP |
321 | if (stopping) { |
322 | r = parse_boolean(stopping); | |
323 | if (r < 0) | |
324 | log_debug_errno(r, "Failed to parse 'STOPPING' boolean: %s", stopping); | |
325 | else | |
326 | u->stopping = r; | |
327 | } | |
328 | ||
b895a735 | 329 | if (realtime) |
d68c645b | 330 | (void) deserialize_usec(realtime, &u->timestamp.realtime); |
b895a735 | 331 | if (monotonic) |
d68c645b | 332 | (void) deserialize_usec(monotonic, &u->timestamp.monotonic); |
9afe9efb | 333 | if (last_session_timestamp) |
d68c645b | 334 | (void) deserialize_usec(last_session_timestamp, &u->last_session_timestamp); |
9444b1f2 | 335 | |
d865bc02 | 336 | return 0; |
20263082 LP |
337 | } |
338 | ||
25a1ab4e | 339 | static void user_start_service(User *u) { |
4afd3348 | 340 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; |
fb6becb4 LP |
341 | int r; |
342 | ||
20263082 LP |
343 | assert(u); |
344 | ||
25a1ab4e LP |
345 | /* Start the service containing the "systemd --user" instance (user@.service). Note that we don't explicitly |
346 | * start the per-user slice or the systemd-runtime-dir@.service instance, as those are pulled in both by | |
347 | * user@.service and the session scopes as dependencies. */ | |
348 | ||
b690ef12 | 349 | u->service_job = mfree(u->service_job); |
fb6becb4 | 350 | |
25a1ab4e | 351 | r = manager_start_unit(u->manager, u->service, &error, &u->service_job); |
545a30a9 | 352 | if (r < 0) |
03b6fa0c MS |
353 | log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_UNIT_MASKED) ? LOG_DEBUG : LOG_WARNING, r, |
354 | "Failed to start user service '%s', ignoring: %s", u->service, bus_error_message(&error, r)); | |
20263082 LP |
355 | } |
356 | ||
e8e4b7a0 | 357 | static int update_slice_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { |
99534007 | 358 | _cleanup_(user_record_unrefp) UserRecord *ur = ASSERT_PTR(userdata); |
80c8c786 YW |
359 | const sd_bus_error *e; |
360 | int r; | |
e8e4b7a0 LP |
361 | |
362 | assert(m); | |
e8e4b7a0 | 363 | |
80c8c786 YW |
364 | e = sd_bus_message_get_error(m); |
365 | if (e) { | |
366 | r = sd_bus_error_get_errno(e); | |
367 | log_warning_errno(r, | |
e8e4b7a0 LP |
368 | "Failed to update slice of %s, ignoring: %s", |
369 | ur->user_name, | |
80c8c786 | 370 | bus_error_message(e, r)); |
e8e4b7a0 LP |
371 | |
372 | return 0; | |
373 | } | |
374 | ||
375 | log_debug("Successfully set slice parameters of %s.", ur->user_name); | |
376 | return 0; | |
377 | } | |
378 | ||
379 | static int user_update_slice(User *u) { | |
380 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; | |
381 | int r; | |
382 | ||
383 | assert(u); | |
384 | ||
385 | if (u->user_record->tasks_max == UINT64_MAX && | |
386 | u->user_record->memory_high == UINT64_MAX && | |
387 | u->user_record->memory_max == UINT64_MAX && | |
388 | u->user_record->cpu_weight == UINT64_MAX && | |
389 | u->user_record->io_weight == UINT64_MAX) | |
390 | return 0; | |
391 | ||
b7147168 | 392 | r = bus_message_new_method_call(u->manager->bus, &m, bus_systemd_mgr, "SetUnitProperties"); |
e8e4b7a0 LP |
393 | if (r < 0) |
394 | return bus_log_create_error(r); | |
395 | ||
396 | r = sd_bus_message_append(m, "sb", u->slice, true); | |
397 | if (r < 0) | |
398 | return bus_log_create_error(r); | |
399 | ||
400 | r = sd_bus_message_open_container(m, 'a', "(sv)"); | |
401 | if (r < 0) | |
402 | return bus_log_create_error(r); | |
403 | ||
b0a94df9 ZJS |
404 | const struct { |
405 | const char *name; | |
406 | uint64_t value; | |
407 | } settings[] = { | |
408 | { "TasksMax", u->user_record->tasks_max }, | |
409 | { "MemoryMax", u->user_record->memory_max }, | |
410 | { "MemoryHigh", u->user_record->memory_high }, | |
411 | { "CPUWeight", u->user_record->cpu_weight }, | |
412 | { "IOWeight", u->user_record->io_weight }, | |
413 | }; | |
e8e4b7a0 | 414 | |
d38c0b10 LP |
415 | FOREACH_ARRAY(st, settings, ELEMENTSOF(settings)) { |
416 | if (st->value == UINT64_MAX) | |
417 | continue; | |
418 | ||
419 | r = sd_bus_message_append(m, "(sv)", st->name, "t", st->value); | |
420 | if (r < 0) | |
421 | return bus_log_create_error(r); | |
422 | } | |
e8e4b7a0 LP |
423 | |
424 | r = sd_bus_message_close_container(m); | |
425 | if (r < 0) | |
426 | return bus_log_create_error(r); | |
427 | ||
428 | r = sd_bus_call_async(u->manager->bus, NULL, m, update_slice_callback, u->user_record, 0); | |
429 | if (r < 0) | |
430 | return log_error_errno(r, "Failed to change user slice properties: %m"); | |
431 | ||
432 | /* Ref the user record pointer, so that the slot keeps it pinned */ | |
433 | user_record_ref(u->user_record); | |
434 | ||
435 | return 0; | |
436 | } | |
437 | ||
513cf7da | 438 | int user_start(User *u) { |
20263082 LP |
439 | assert(u); |
440 | ||
a832ab6f | 441 | if (u->started && !u->stopping) |
9418f147 LP |
442 | return 0; |
443 | ||
25a1ab4e | 444 | /* If u->stopping is set, the user is marked for removal and service stop-jobs are queued. We have to clear |
5238e957 | 445 | * that flag before queueing the start-jobs again. If they succeed, the user object can be re-used just fine |
25a1ab4e LP |
446 | * (pid1 takes care of job-ordering and proper restart), but if they fail, we want to force another user_stop() |
447 | * so possibly pending units are stopped. */ | |
a832ab6f DH |
448 | u->stopping = false; |
449 | ||
a9f0f5e5 | 450 | if (!u->started) |
22c902fa | 451 | log_debug("Starting services for new user %s.", u->user_record->user_name); |
a832ab6f | 452 | |
25a1ab4e LP |
453 | /* Save the user data so far, because pam_systemd will read the XDG_RUNTIME_DIR out of it while starting up |
454 | * systemd --user. We need to do user_save_internal() because we have not "officially" started yet. */ | |
71161305 SM |
455 | user_save_internal(u); |
456 | ||
e8e4b7a0 LP |
457 | /* Set slice parameters */ |
458 | (void) user_update_slice(u); | |
459 | ||
25a1ab4e | 460 | /* Start user@UID.service */ |
513cf7da | 461 | user_start_service(u); |
20263082 | 462 | |
a832ab6f DH |
463 | if (!u->started) { |
464 | if (!dual_timestamp_is_set(&u->timestamp)) | |
fa5a0251 | 465 | dual_timestamp_now(&u->timestamp); |
a832ab6f DH |
466 | user_send_signal(u, true); |
467 | u->started = true; | |
468 | } | |
9418f147 | 469 | |
7f7bb946 LP |
470 | /* Save new user data */ |
471 | user_save(u); | |
472 | ||
20263082 LP |
473 | return 0; |
474 | } | |
475 | ||
1a42ce09 | 476 | static void user_stop_service(User *u, bool force) { |
4afd3348 | 477 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; |
fb6becb4 | 478 | int r; |
20263082 | 479 | |
20263082 | 480 | assert(u); |
25a1ab4e | 481 | assert(u->service); |
20263082 | 482 | |
25a1ab4e LP |
483 | /* The reverse of user_start_service(). Note that we only stop user@UID.service here, and let StopWhenUnneeded= |
484 | * deal with the slice and the user-runtime-dir@.service instance. */ | |
20263082 | 485 | |
25a1ab4e | 486 | u->service_job = mfree(u->service_job); |
20263082 | 487 | |
1a42ce09 | 488 | r = manager_stop_unit(u->manager, u->service, force ? "replace" : "fail", &error, &u->service_job); |
fb2367ed | 489 | if (r < 0) |
25a1ab4e | 490 | log_warning_errno(r, "Failed to stop user service '%s', ignoring: %s", u->service, bus_error_message(&error, r)); |
fb6becb4 | 491 | } |
20263082 | 492 | |
9bb69af4 | 493 | int user_stop(User *u, bool force) { |
25a1ab4e | 494 | int r = 0; |
03677889 | 495 | |
20263082 LP |
496 | assert(u); |
497 | ||
25a1ab4e LP |
498 | /* This is called whenever we begin with tearing down a user record. It's called in two cases: explicit API |
499 | * request to do so via the bus (in which case 'force' is true) and automatically due to GC, if there's no | |
500 | * session left pinning it (in which case 'force' is false). Note that this just initiates tearing down of the | |
501 | * user, the User object will remain in memory until user_finalize() is called, see below. */ | |
502 | ||
503 | if (!u->started) | |
504 | return 0; | |
505 | ||
506 | if (u->stopping) { /* Stop jobs have already been queued */ | |
b58b227a | 507 | user_save(u); |
25a1ab4e | 508 | return 0; |
b58b227a DH |
509 | } |
510 | ||
20263082 | 511 | LIST_FOREACH(sessions_by_user, s, u->sessions) { |
25a1ab4e LP |
512 | int k; |
513 | ||
9bb69af4 | 514 | k = session_stop(s, force); |
20263082 LP |
515 | if (k < 0) |
516 | r = k; | |
517 | } | |
518 | ||
1a42ce09 | 519 | user_stop_service(u, force); |
20263082 | 520 | |
5f41d1f1 LP |
521 | u->stopping = true; |
522 | ||
405e0255 LP |
523 | user_save(u); |
524 | ||
525 | return r; | |
526 | } | |
527 | ||
528 | int user_finalize(User *u) { | |
405e0255 LP |
529 | int r = 0, k; |
530 | ||
531 | assert(u); | |
532 | ||
25a1ab4e LP |
533 | /* Called when the user is really ready to be freed, i.e. when all unit stop jobs and suchlike for it are |
534 | * done. This is called as a result of an earlier user_done() when all jobs are completed. */ | |
535 | ||
405e0255 | 536 | if (u->started) |
22c902fa | 537 | log_debug("User %s logged out.", u->user_record->user_name); |
405e0255 LP |
538 | |
539 | LIST_FOREACH(sessions_by_user, s, u->sessions) { | |
540 | k = session_finalize(s); | |
541 | if (k < 0) | |
542 | r = k; | |
543 | } | |
544 | ||
00d9ef85 LP |
545 | /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs |
546 | * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to | |
547 | * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such | |
548 | * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because | |
549 | * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, | |
550 | * and do it only for normal users. */ | |
22c902fa LP |
551 | if (u->manager->remove_ipc && !uid_is_system(u->user_record->uid)) { |
552 | k = clean_ipc_by_uid(u->user_record->uid); | |
66cdd0f2 LP |
553 | if (k < 0) |
554 | r = k; | |
555 | } | |
556 | ||
75bbdf47 | 557 | (void) unlink(u->state_file); |
d2f92cdf LP |
558 | user_add_to_gc_queue(u); |
559 | ||
405e0255 | 560 | if (u->started) { |
ed18b08b | 561 | user_send_signal(u, false); |
405e0255 LP |
562 | u->started = false; |
563 | } | |
9418f147 | 564 | |
20263082 LP |
565 | return r; |
566 | } | |
567 | ||
a185c5aa | 568 | int user_get_idle_hint(User *u, dual_timestamp *t) { |
a185c5aa | 569 | bool idle_hint = true; |
5cb14b37 | 570 | dual_timestamp ts = DUAL_TIMESTAMP_NULL; |
a185c5aa LP |
571 | |
572 | assert(u); | |
573 | ||
574 | LIST_FOREACH(sessions_by_user, s, u->sessions) { | |
575 | dual_timestamp k; | |
576 | int ih; | |
577 | ||
578 | ih = session_get_idle_hint(s, &k); | |
579 | if (ih < 0) | |
580 | return ih; | |
581 | ||
582 | if (!ih) { | |
583 | if (!idle_hint) { | |
584 | if (k.monotonic < ts.monotonic) | |
585 | ts = k; | |
586 | } else { | |
587 | idle_hint = false; | |
588 | ts = k; | |
589 | } | |
590 | } else if (idle_hint) { | |
591 | ||
592 | if (k.monotonic > ts.monotonic) | |
593 | ts = k; | |
594 | } | |
595 | } | |
596 | ||
597 | if (t) | |
598 | *t = ts; | |
599 | ||
600 | return idle_hint; | |
601 | } | |
602 | ||
3a9f7a30 | 603 | int user_check_linger_file(User *u) { |
cc377381 LP |
604 | _cleanup_free_ char *cc = NULL; |
605 | char *p = NULL; | |
e96cd586 | 606 | |
22c902fa | 607 | cc = cescape(u->user_record->user_name); |
cc377381 | 608 | if (!cc) |
e96cd586 LP |
609 | return -ENOMEM; |
610 | ||
63c372cb | 611 | p = strjoina("/var/lib/systemd/linger/", cc); |
6996df9b LP |
612 | if (access(p, F_OK) < 0) { |
613 | if (errno != ENOENT) | |
614 | return -errno; | |
e96cd586 | 615 | |
6996df9b LP |
616 | return false; |
617 | } | |
618 | ||
619 | return true; | |
e96cd586 LP |
620 | } |
621 | ||
4e5b605a | 622 | static bool user_unit_active(User *u) { |
4e5b605a LP |
623 | int r; |
624 | ||
625 | assert(u->service); | |
626 | assert(u->runtime_dir_service); | |
627 | assert(u->slice); | |
628 | ||
629 | FOREACH_STRING(i, u->service, u->runtime_dir_service, u->slice) { | |
630 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
631 | ||
632 | r = manager_unit_is_active(u->manager, i, &error); | |
633 | if (r < 0) | |
bbd26200 | 634 | log_debug_errno(r, "Failed to determine whether unit '%s' is active, ignoring: %s", i, bus_error_message(&error, r)); |
4e5b605a LP |
635 | if (r != 0) |
636 | return true; | |
637 | } | |
638 | ||
639 | return false; | |
640 | } | |
641 | ||
d510589f LP |
642 | static usec_t user_get_stop_delay(User *u) { |
643 | assert(u); | |
644 | ||
645 | if (u->user_record->stop_delay_usec != UINT64_MAX) | |
646 | return u->user_record->stop_delay_usec; | |
647 | ||
648 | if (user_record_removable(u->user_record) > 0) | |
649 | return 0; /* For removable users lower the stop delay to zero */ | |
650 | ||
651 | return u->manager->user_stop_delay; | |
652 | } | |
653 | ||
5c093a23 | 654 | bool user_may_gc(User *u, bool drop_not_started) { |
bd26aee1 LP |
655 | int r; |
656 | ||
20263082 LP |
657 | assert(u); |
658 | ||
4a4b033f | 659 | if (drop_not_started && !u->started) |
5c093a23 | 660 | return true; |
932e3ee7 | 661 | |
20263082 | 662 | if (u->sessions) |
5c093a23 | 663 | return false; |
20263082 | 664 | |
9afe9efb | 665 | if (u->last_session_timestamp != USEC_INFINITY) { |
d510589f LP |
666 | usec_t user_stop_delay; |
667 | ||
9afe9efb LP |
668 | /* All sessions have been closed. Let's see if we shall leave the user record around for a bit */ |
669 | ||
d510589f LP |
670 | user_stop_delay = user_get_stop_delay(u); |
671 | ||
672 | if (user_stop_delay == USEC_INFINITY) | |
9afe9efb | 673 | return false; /* Leave it around forever! */ |
d510589f LP |
674 | if (user_stop_delay > 0 && |
675 | now(CLOCK_MONOTONIC) < usec_add(u->last_session_timestamp, user_stop_delay)) | |
9afe9efb LP |
676 | return false; /* Leave it around for a bit longer. */ |
677 | } | |
678 | ||
4e5b605a LP |
679 | /* Is this a user that shall stay around forever ("linger")? Before we say "no" to GC'ing for lingering users, let's check |
680 | * if any of the three units that we maintain for this user is still around. If none of them is, | |
681 | * there's no need to keep this user around even if lingering is enabled. */ | |
682 | if (user_check_linger_file(u) > 0 && user_unit_active(u)) | |
5c093a23 | 683 | return false; |
20263082 | 684 | |
bd26aee1 LP |
685 | /* Check if our job is still pending */ |
686 | if (u->service_job) { | |
687 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
cc377381 | 688 | |
bd26aee1 LP |
689 | r = manager_job_is_active(u->manager, u->service_job, &error); |
690 | if (r < 0) | |
691 | log_debug_errno(r, "Failed to determine whether job '%s' is pending, ignoring: %s", u->service_job, bus_error_message(&error, r)); | |
692 | if (r != 0) | |
693 | return false; | |
694 | } | |
695 | ||
696 | /* Note that we don't care if the three units we manage for each user object are up or not, as we are managing | |
697 | * their state rather than tracking it. */ | |
405e0255 | 698 | |
5c093a23 | 699 | return true; |
20263082 LP |
700 | } |
701 | ||
14c3baca LP |
702 | void user_add_to_gc_queue(User *u) { |
703 | assert(u); | |
704 | ||
705 | if (u->in_gc_queue) | |
706 | return; | |
707 | ||
71fda00f | 708 | LIST_PREPEND(gc_queue, u->manager->user_gc_queue, u); |
14c3baca LP |
709 | u->in_gc_queue = true; |
710 | } | |
711 | ||
20263082 | 712 | UserState user_get_state(User *u) { |
20263082 LP |
713 | assert(u); |
714 | ||
5f41d1f1 LP |
715 | if (u->stopping) |
716 | return USER_CLOSING; | |
717 | ||
25a1ab4e | 718 | if (!u->started || u->service_job) |
405e0255 | 719 | return USER_OPENING; |
c9caad80 | 720 | |
5f41d1f1 LP |
721 | if (u->sessions) { |
722 | bool all_closing = true; | |
723 | ||
724 | LIST_FOREACH(sessions_by_user, i, u->sessions) { | |
00555a2e DH |
725 | SessionState state; |
726 | ||
727 | state = session_get_state(i); | |
728 | if (state == SESSION_ACTIVE) | |
5f41d1f1 | 729 | return USER_ACTIVE; |
00555a2e | 730 | if (state != SESSION_CLOSING) |
5f41d1f1 LP |
731 | all_closing = false; |
732 | } | |
20263082 | 733 | |
c9caad80 | 734 | return all_closing ? USER_CLOSING : USER_ONLINE; |
5f41d1f1 | 735 | } |
e96cd586 | 736 | |
4e5b605a | 737 | if (user_check_linger_file(u) > 0 && user_unit_active(u)) |
e96cd586 LP |
738 | return USER_LINGERING; |
739 | ||
740 | return USER_CLOSING; | |
20263082 LP |
741 | } |
742 | ||
de07ab16 | 743 | int user_kill(User *u, int signo) { |
de07ab16 LP |
744 | assert(u); |
745 | ||
fb6becb4 | 746 | return manager_kill_unit(u->manager, u->slice, KILL_ALL, signo, NULL); |
de07ab16 LP |
747 | } |
748 | ||
cde40acc | 749 | static bool elect_display_filter(Session *s) { |
04857cd8 | 750 | /* Return true if the session is a candidate for the user’s ‘primary session’ or ‘display’. */ |
7ffeb45c PW |
751 | assert(s); |
752 | ||
a2dcb1d7 | 753 | return IN_SET(s->class, SESSION_USER, SESSION_GREETER) && s->started && !s->stopping; |
7ffeb45c PW |
754 | } |
755 | ||
cde40acc | 756 | static int elect_display_compare(Session *s1, Session *s2) { |
7ffeb45c | 757 | /* Indexed by SessionType. Lower numbers mean more preferred. */ |
469df514 | 758 | static const int type_ranks[_SESSION_TYPE_MAX] = { |
7ffeb45c PW |
759 | [SESSION_UNSPECIFIED] = 0, |
760 | [SESSION_TTY] = -2, | |
761 | [SESSION_X11] = -3, | |
762 | [SESSION_WAYLAND] = -3, | |
763 | [SESSION_MIR] = -3, | |
764 | [SESSION_WEB] = -1, | |
765 | }; | |
766 | ||
767 | /* Calculate the partial order relationship between s1 and s2, | |
768 | * returning < 0 if s1 is preferred as the user’s ‘primary session’, | |
769 | * 0 if s1 and s2 are equally preferred or incomparable, or > 0 if s2 | |
770 | * is preferred. | |
771 | * | |
772 | * s1 or s2 may be NULL. */ | |
b9460fdc RC |
773 | if (!s1 && !s2) |
774 | return 0; | |
775 | ||
7ffeb45c PW |
776 | if ((s1 == NULL) != (s2 == NULL)) |
777 | return (s1 == NULL) - (s2 == NULL); | |
778 | ||
779 | if (s1->stopping != s2->stopping) | |
780 | return s1->stopping - s2->stopping; | |
781 | ||
782 | if ((s1->class != SESSION_USER) != (s2->class != SESSION_USER)) | |
783 | return (s1->class != SESSION_USER) - (s2->class != SESSION_USER); | |
784 | ||
59afe07c LP |
785 | if ((s1->class != SESSION_USER_EARLY) != (s2->class != SESSION_USER_EARLY)) |
786 | return (s1->class != SESSION_USER_EARLY) - (s2->class != SESSION_USER_EARLY); | |
787 | ||
7ffeb45c PW |
788 | if ((s1->type == _SESSION_TYPE_INVALID) != (s2->type == _SESSION_TYPE_INVALID)) |
789 | return (s1->type == _SESSION_TYPE_INVALID) - (s2->type == _SESSION_TYPE_INVALID); | |
790 | ||
791 | if (s1->type != s2->type) | |
792 | return type_ranks[s1->type] - type_ranks[s2->type]; | |
793 | ||
794 | return 0; | |
795 | } | |
796 | ||
952d3260 | 797 | void user_elect_display(User *u) { |
952d3260 LP |
798 | assert(u); |
799 | ||
04857cd8 LP |
800 | /* This elects a primary session for each user, which we call the "display". We try to keep the assignment |
801 | * stable, but we "upgrade" to better choices. */ | |
22c902fa | 802 | log_debug("Electing new display for user %s", u->user_record->user_name); |
952d3260 LP |
803 | |
804 | LIST_FOREACH(sessions_by_user, s, u->sessions) { | |
7ffeb45c PW |
805 | if (!elect_display_filter(s)) { |
806 | log_debug("Ignoring session %s", s->id); | |
952d3260 | 807 | continue; |
7ffeb45c | 808 | } |
952d3260 | 809 | |
7ffeb45c PW |
810 | if (elect_display_compare(s, u->display) < 0) { |
811 | log_debug("Choosing session %s in preference to %s", s->id, u->display ? u->display->id : "-"); | |
812 | u->display = s; | |
813 | } | |
e9e74f28 | 814 | } |
952d3260 LP |
815 | } |
816 | ||
9afe9efb | 817 | static int user_stop_timeout_callback(sd_event_source *es, uint64_t usec, void *userdata) { |
99534007 | 818 | User *u = ASSERT_PTR(userdata); |
9afe9efb | 819 | |
9afe9efb LP |
820 | user_add_to_gc_queue(u); |
821 | ||
822 | return 0; | |
823 | } | |
824 | ||
825 | void user_update_last_session_timer(User *u) { | |
d510589f | 826 | usec_t user_stop_delay; |
9afe9efb LP |
827 | int r; |
828 | ||
829 | assert(u); | |
830 | ||
831 | if (u->sessions) { | |
832 | /* There are sessions, turn off the timer */ | |
833 | u->last_session_timestamp = USEC_INFINITY; | |
834 | u->timer_event_source = sd_event_source_unref(u->timer_event_source); | |
835 | return; | |
836 | } | |
837 | ||
838 | if (u->last_session_timestamp != USEC_INFINITY) | |
839 | return; /* Timer already started */ | |
840 | ||
841 | u->last_session_timestamp = now(CLOCK_MONOTONIC); | |
842 | ||
843 | assert(!u->timer_event_source); | |
844 | ||
d510589f | 845 | user_stop_delay = user_get_stop_delay(u); |
0da36375 | 846 | if (!timestamp_is_set(user_stop_delay)) |
9afe9efb LP |
847 | return; |
848 | ||
849 | if (sd_event_get_state(u->manager->event) == SD_EVENT_FINISHED) { | |
850 | log_debug("Not allocating user stop timeout, since we are already exiting."); | |
851 | return; | |
852 | } | |
853 | ||
854 | r = sd_event_add_time(u->manager->event, | |
855 | &u->timer_event_source, | |
856 | CLOCK_MONOTONIC, | |
d510589f | 857 | usec_add(u->last_session_timestamp, user_stop_delay), 0, |
9afe9efb LP |
858 | user_stop_timeout_callback, u); |
859 | if (r < 0) | |
860 | log_warning_errno(r, "Failed to enqueue user stop event source, ignoring: %m"); | |
861 | ||
5291f26d | 862 | if (DEBUG_LOGGING) |
9afe9efb | 863 | log_debug("Last session of user '%s' logged out, terminating user context in %s.", |
22c902fa | 864 | u->user_record->user_name, |
5291f26d | 865 | FORMAT_TIMESPAN(user_stop_delay, USEC_PER_MSEC)); |
9afe9efb LP |
866 | } |
867 | ||
20263082 | 868 | static const char* const user_state_table[_USER_STATE_MAX] = { |
082dd188 LP |
869 | [USER_OFFLINE] = "offline", |
870 | [USER_OPENING] = "opening", | |
20263082 | 871 | [USER_LINGERING] = "lingering", |
082dd188 LP |
872 | [USER_ONLINE] = "online", |
873 | [USER_ACTIVE] = "active", | |
874 | [USER_CLOSING] = "closing" | |
20263082 LP |
875 | }; |
876 | ||
877 | DEFINE_STRING_TABLE_LOOKUP(user_state, UserState); | |
1c231f56 LP |
878 | |
879 | int config_parse_tmpfs_size( | |
880 | const char* unit, | |
881 | const char *filename, | |
882 | unsigned line, | |
883 | const char *section, | |
884 | unsigned section_line, | |
885 | const char *lvalue, | |
886 | int ltype, | |
887 | const char *rvalue, | |
888 | void *data, | |
889 | void *userdata) { | |
890 | ||
99534007 | 891 | uint64_t *sz = ASSERT_PTR(data); |
1c231f56 LP |
892 | int r; |
893 | ||
894 | assert(filename); | |
895 | assert(lvalue); | |
896 | assert(rvalue); | |
1c231f56 | 897 | |
9184ca48 | 898 | /* First, try to parse as percentage */ |
fe845b5e LP |
899 | r = parse_permyriad(rvalue); |
900 | if (r > 0) | |
901 | *sz = physical_memory_scale(r, 10000U); | |
9184ca48 | 902 | else { |
59f448cf | 903 | uint64_t k; |
1c231f56 | 904 | |
9184ca48 LP |
905 | /* If the passed argument was not a percentage, or out of range, parse as byte size */ |
906 | ||
59f448cf | 907 | r = parse_size(rvalue, 1024, &k); |
1e5f4e8b YW |
908 | if (r >= 0 && (k <= 0 || (uint64_t) (size_t) k != k)) |
909 | r = -ERANGE; | |
910 | if (r < 0) { | |
196d41bc | 911 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse size value '%s', ignoring: %m", rvalue); |
1c231f56 LP |
912 | return 0; |
913 | } | |
914 | ||
59f448cf | 915 | *sz = PAGE_ALIGN((size_t) k); |
1c231f56 LP |
916 | } |
917 | ||
918 | return 0; | |
919 | } | |
c06eec15 | 920 | |
28414939 ZJS |
921 | int config_parse_compat_user_tasks_max( |
922 | const char *unit, | |
c06eec15 LP |
923 | const char *filename, |
924 | unsigned line, | |
925 | const char *section, | |
926 | unsigned section_line, | |
927 | const char *lvalue, | |
928 | int ltype, | |
929 | const char *rvalue, | |
930 | void *data, | |
931 | void *userdata) { | |
932 | ||
c06eec15 LP |
933 | assert(filename); |
934 | assert(lvalue); | |
935 | assert(rvalue); | |
c06eec15 | 936 | |
28414939 ZJS |
937 | log_syntax(unit, LOG_NOTICE, filename, line, 0, |
938 | "Support for option %s= has been removed.", | |
939 | lvalue); | |
948f7ce4 | 940 | log_info("Hint: try creating /etc/systemd/system/user-.slice.d/50-limits.conf with:\n" |
28414939 ZJS |
941 | " [Slice]\n" |
942 | " TasksMax=%s", | |
943 | rvalue); | |
c06eec15 LP |
944 | return 0; |
945 | } |