From: Luca Boccassi Date: Tue, 3 Sep 2024 21:37:39 +0000 (+0100) Subject: logind: drop new delay-weak inhibitor X-Git-Tag: v257-rc1~117^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5360db2a90c23898a93a888cc13230f77166f17a;p=thirdparty%2Fsystemd.git logind: drop new delay-weak inhibitor It wasn't actually requested, just a misunderstanding, so drop it. Fixes https://github.com/systemd/systemd/issues/34091 Follow-up for 804874d26ac73e0af07c4c5d7165c95372f03f6d --- diff --git a/NEWS b/NEWS index 81b6380cedf..c47f521d5ca 100644 --- a/NEWS +++ b/NEWS @@ -35,17 +35,17 @@ CHANGES WITH 257 in spe: Accept=yes sockets too, where it was previously silently ignored and "connection" was used unconditionally. - * systemd-logind now always obeys inhibitor locks, where previously it - ignored locks taken by the caller or when the caller was root. A + * systemd-logind now always obeys block inhibitor locks, where previously + it ignored locks taken by the caller or when the caller was root. A privileged caller can always close the other sessions, remove the inhibitor locks, or use --force or --check-inhibitors=no to ignore the inhibitors. This change thus doesn't affect security, since everything that was possible before at a given privilege level is still possible, but it should make the inhibitor logic easier to use and understand, - and also help avoiding accidental reboots and shutdowns. New 'delay-weak' - and 'block-weak' inhibitor modes were added, if taken they will make - the inhibitor lock work as in the previous versions. Inhibitor locks - can also be taken by remote users (subject to polkit policy). + and also help avoiding accidental reboots and shutdowns. New 'block-weak' + inhibitor modes were added, if taken they will make the inhibitor lock + work as in the previous versions. Inhibitor locks can also be taken by + remote users (subject to polkit policy). * systemd-nspawn will now mount the unified cgroup hierarchy into a container if no systemd installation is found in a container's root diff --git a/docs/INHIBITOR_LOCKS.md b/docs/INHIBITOR_LOCKS.md index b88704d330f..a7e2d91fdf5 100644 --- a/docs/INHIBITOR_LOCKS.md +++ b/docs/INHIBITOR_LOCKS.md @@ -42,8 +42,8 @@ If such a lock is taken the operation will fail (but still may be overridden if The InhibitDelayMaxSec= setting in [logind.conf(5)](http://www.freedesktop.org/software/systemd/man/logind.conf.html) controls the timeout for this. This is intended to be used by applications which need a synchronous way to execute actions before system suspend but shall not be allowed to block suspend indefinitely. This mode is only available for _sleep_ and _shutdown_ locks. -3. _block-weak_ and _delay-weak_ that work as the non-weak counterparts, but that in addition may be ignored -automatically and silently under certain circumstances, unlike the formers which are always respected. +3. _block-weak_ that works as its non-weak counterpart, but that in addition may be ignored +automatically and silently under certain circumstances, unlike the former which is always respected. Inhibitor locks are taken via the Inhibit() D-Bus call on the logind Manager object: diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml index c5263efc827..4de37ef27ff 100644 --- a/man/org.freedesktop.login1.xml +++ b/man/org.freedesktop.login1.xml @@ -672,16 +672,18 @@ node /org/freedesktop/login1 { #define SD_LOGIND_SKIP_INHIBITORS (UINT64_C(1) << 4) When the flags is 0 then these methods behave just like the versions without - flags. Since systemd version 256 SD_LOGIND_ROOT_CHECK_INHIBITORS (0x01) is deprecated, - and active inhibitors are always honoured by default for privileged users too, and a new flag - SD_LOGIND_SKIP_INHIBITORS (0x04) can be specified to bypass inhibitors. When - SD_LOGIND_KEXEC_REBOOT (0x02) is set, then RebootWithFlags() - performs a kexec reboot if kexec kernel is loaded. When SD_LOGIND_SOFT_REBOOT - (0x04) is set, or SD_LOGIND_SOFT_REBOOT_IF_NEXTROOT_SET_UP (0x08) is set and a - new root file system has been set up on /run/nextroot/, then - RebootWithFlags() performs a userspace reboot only. - SD_LOGIND_SOFT_REBOOT_IF_NEXTROOT_SET_UP and - SD_LOGIND_KEXEC_REBOOT can be combined, with soft-reboot having precedence. + flags. Since systemd version 257 active inhibitors are honoured by default for privileged users too. + SD_LOGIND_ROOT_CHECK_INHIBITORS (0x01) now only applies to weak inhibitors, to + request that they honoured for privileged users too, since they ignore them by default. A new flag + SD_LOGIND_SKIP_INHIBITORS (0x04) can be specified to bypass all types of + inhibitors. When SD_LOGIND_KEXEC_REBOOT (0x02) is set, then + RebootWithFlags() performs a kexec reboot if kexec kernel is loaded. When + SD_LOGIND_SOFT_REBOOT (0x04) is set, or + SD_LOGIND_SOFT_REBOOT_IF_NEXTROOT_SET_UP (0x08) is set and a new root file system + has been set up on /run/nextroot/, then RebootWithFlags() + performs a userspace reboot only. SD_LOGIND_SOFT_REBOOT_IF_NEXTROOT_SET_UP and + SD_LOGIND_KEXEC_REBOOT can be combined, with soft-reboot having precedence. + SetRebootParameter() sets a parameter for a subsequent reboot operation. See the description of reboot in @@ -738,11 +740,10 @@ node /org/freedesktop/login1 { should be a short human readable string identifying the reason why the lock is taken. Finally, mode is either block or delay which encodes whether the inhibit shall be consider mandatory or whether it should just delay the operation to a - certain maximum time, while the block-weak and delay-weak - variants will create an inhibitor that is automatically ignored in some circumstances. The method - returns a file descriptor. The lock is released the moment this file descriptor and all its duplicates - are closed. For more information on the inhibition logic see - Inhibitor Locks. + certain maximum time, while the block-weak and variants will create an inhibitor + that is automatically ignored in some circumstances. The method returns a file descriptor. The lock is + released the moment this file descriptor and all its duplicates are closed. For more information on + the inhibition logic see Inhibitor Locks. diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml index df0a6370865..a8516a5f44c 100644 --- a/man/systemd-inhibit.xml +++ b/man/systemd-inhibit.xml @@ -92,13 +92,12 @@ - Takes block, delay, - block-weak or delay-weak and describes how the lock is - applied. If block is used (the default), the lock prohibits any of the requested - operations without time limit, and only privileged users may override it. If - delay is used, the lock can only delay the requested operations for a limited - time. If the time elapses, the lock is ignored and the operation executed. The time limit may be - specified in + Takes block, delay, or + block-weak and describes how the lock is applied. If block is + used (the default), the lock prohibits any of the requested operations without time limit, and only + privileged users may override it. If delay is used, the lock can only delay the + requested operations for a limited time. If the time elapses, the lock is ignored and the operation + executed. The time limit may be specified in logind.conf5. Note that delay is only available for sleep and shutdown. In addition, the weak variants will automatically and silently be diff --git a/shell-completion/zsh/_systemd-inhibit b/shell-completion/zsh/_systemd-inhibit index d43c7818344..d52da55c3f7 100644 --- a/shell-completion/zsh/_systemd-inhibit +++ b/shell-completion/zsh/_systemd-inhibit @@ -33,6 +33,6 @@ _arguments \ '--what=[Operations to inhibit]:options:_systemd-inhibit_what' \ '--who=[A descriptive string who is inhibiting]:who is inhibiting:' \ '--why=[A descriptive string why is being inhibited]:reason for the lock:' \ - '--mode=[One of block, block-weak, delay, or delay-weak]:lock mode:( block block-weak delay delay-weak )' \ + '--mode=[One of block, block-weak, or delay]:lock mode:( block block-weak delay )' \ '--list[List active inhibitors]' \ '*:commands:_systemd-inhibit_commands' diff --git a/src/login/inhibit.c b/src/login/inhibit.c index 990bda0cfd2..a0d5c1314f6 100644 --- a/src/login/inhibit.c +++ b/src/login/inhibit.c @@ -157,7 +157,7 @@ static int help(void) { " handle-lid-switch\n" " --who=STRING A descriptive string who is inhibiting\n" " --why=STRING A descriptive string why is being inhibited\n" - " --mode=MODE One of block, block-weak, delay, or delay-weak\n" + " --mode=MODE One of block, block-weak, or delay\n" " --list List active inhibitors\n" "\nSee the %s for details.\n", program_invocation_short_name, diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index b66573f0963..ac40c87e637 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -3622,7 +3622,7 @@ static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error "Invalid mode specification %s", mode); /* Delay is only supported for shutdown/sleep */ - if (IN_SET(mm, INHIBIT_DELAY, INHIBIT_DELAY_WEAK) && (w & ~(INHIBIT_SHUTDOWN|INHIBIT_SLEEP))) + if (mm == INHIBIT_DELAY && (w & ~(INHIBIT_SHUTDOWN|INHIBIT_SLEEP))) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Delay inhibitors only supported for shutdown and sleep"); diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c index c1798f927c8..70905c92b39 100644 --- a/src/login/logind-inhibit.c +++ b/src/login/logind-inhibit.c @@ -371,7 +371,7 @@ InhibitWhat manager_inhibit_what(Manager *m, bool block) { HASHMAP_FOREACH(i, m->inhibitors) if (i->started && - ((!block && IN_SET(i->mode, INHIBIT_DELAY, INHIBIT_DELAY_WEAK)) || + ((!block && i->mode == INHIBIT_DELAY) || (block && IN_SET(i->mode, INHIBIT_BLOCK, INHIBIT_BLOCK_WEAK)))) what |= i->what; @@ -424,13 +424,13 @@ bool manager_is_inhibited( continue; if ((block && !IN_SET(i->mode, INHIBIT_BLOCK, INHIBIT_BLOCK_WEAK)) || - (!block && !IN_SET(i->mode, INHIBIT_DELAY, INHIBIT_DELAY_WEAK))) + (!block && i->mode != INHIBIT_DELAY)) continue; if (ignore_inactive && pidref_is_active_session(m, &i->pid) <= 0) continue; - if (IN_SET(i->mode, INHIBIT_BLOCK_WEAK, INHIBIT_DELAY_WEAK) && ignore_uid && i->uid == uid) + if (i->mode == INHIBIT_BLOCK_WEAK && ignore_uid && i->uid == uid) continue; if (!inhibited || @@ -531,7 +531,6 @@ static const char* const inhibit_mode_table[_INHIBIT_MODE_MAX] = { [INHIBIT_BLOCK] = "block", [INHIBIT_BLOCK_WEAK] = "block-weak", [INHIBIT_DELAY] = "delay", - [INHIBIT_DELAY_WEAK] = "delay-weak" }; DEFINE_STRING_TABLE_LOOKUP(inhibit_mode, InhibitMode); diff --git a/src/login/logind-inhibit.h b/src/login/logind-inhibit.h index b5167974af9..8712fb1900c 100644 --- a/src/login/logind-inhibit.h +++ b/src/login/logind-inhibit.h @@ -22,7 +22,6 @@ typedef enum InhibitMode { INHIBIT_BLOCK, INHIBIT_BLOCK_WEAK, INHIBIT_DELAY, - INHIBIT_DELAY_WEAK, _INHIBIT_MODE_MAX, _INHIBIT_MODE_INVALID = -EINVAL, } InhibitMode;