| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This has been supported since e9e74f28d783 but never got documented.
Add it to the man pages (plus one comment in a header).
Closes #34127.
|
| |
|
|
|
|
| |
Follow-up for 0e10c3d8724b0a5d07871c9de71565ac91dd55b7
Addresses https://github.com/systemd/systemd/pull/25049#discussion_r1647513862
|
| |
|
|
|
|
|
| |
The PrepareForShutdownWithMetadata signal was added via
e4aab5cf1a00bbb73f325f4f785dd4171ccdae77 but a corresponding property
was not. A property has to be a single type, so the bool needs to be
one of the key/value pairs as 'ba{sv}' is not a valid property.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently inhibitors are bypassed unless an explicit request is made to
check for them, or even in that case when the requestor is root or the
same uid as the holder of the lock.
But in many cases this makes it impractical to rely on inhibitor locks.
For example, in Debian there are several convoluted and archaic
workarounds that divert systemctl/reboot to some hacky custom scripts
to try and enforce blocking accidental reboots, when it's not expected
that the requestor will remember to specify the command line option
to enable checking for active inhibitor locks.
Also in many cases one wants to ensure that locks taken by a user are
respected by actions initiated by that same user.
Change logind so that inhibitors checks are not skipped in these
cases, and systemctl so that locks are checked in order to show a
friendly error message rather than "permission denied".
Add new block-weak and delay-weak modes that keep the previous
behaviour unchanged.
|
| |
|
|
| |
pressed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update frameworks that work automatically in the background
occasionally need to schedule reboots. Systemd-logind already
provides a nice mechanism to schedule shutdowns, send notfications
and block logins short before the time. Systemd has a framework for
calendar events, so we may conveniently use logind to define a
maintenance time for reboots.
The existing ScheduleShutdown DBus method in logind expects a usec_t
with an absolute time. Passing USEC_INFINITY as magic value now tells
logind to take the time from the configured maintenance time if set.
"shutdown -r" leverages that and uses the maintenance time
automatically if configured. The one minute default is still used if
nothing was specified.
Similarly the new 'auto' setting for the --when parameter of systemctl
uses the maintenance time if configured or a one minute timer like the
shutdown command.
|
| |
|
|
|
| |
"who" is the entity doing the killing, "whom" is the target.
Follow-up for 4ccde410a3fc141c9ddf285f24a22dfea99e0287.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes https://github.com/systemd/systemd/issues/28514.
Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486:
> Whenever PAM is enabled for a service, we set up the PAM session and then
> fork off a process whose only job is to eventually close the PAM session when
> the service dies. That services we run with service privileges, both to
> minimize attack surface and because we want to use PR_SET_DEATHSIG to be get
> a notification via signal whenever the main process dies. But that only works
> if we have the same credentials as that main process.
>
> Now, if pam_systemd runs inside the PAM stack (which it normally does) it's
> session close hook will ask logind to synchronously end the session via a bus
> call. Currently that call is not accessible to unprivileged clients. And
> that's the part we need to relax: allow users to end their own sessions.
The check is implemented in a way that allows the kill if the sender is in
the target session.
I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to
be a convenient reproducer.
Before:
May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully.
May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied
May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope...
May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope.
May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit.
May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151.
After:
May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope...
May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope.
May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit.
May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153.
Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598.
It seems that with the call to ReleaseSession, we wait for the pam session
close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession
in pam_systemd, and things block on that, nothing is killed prematurely.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Since signals can take arguments, let's suffix them with () as we
already do with functions. To make sure we remain consistent, make the
`update-dbus-docs.py` script check & fix any occurrences where this is
not the case.
Resolves: #31002
|
| |
|
|
| |
As per https://github.com/systemd/systemd/pull/30884#discussion_r1448938737
|
| |
|
|
|
|
|
| |
It may be useful for DEs to follow changes on this property, esp. now that
recent UPower has removed its own lid handling code.
Related: https://gitlab.freedesktop.org/upower/upower/-/commit/07565ef6a1aa4a115f8ce51e259e408edbaed4cc
|
| | |
|
| |
|
|
| |
operation
|
| |
|
|
|
|
|
| |
Triggered by the SetTTY() method.
Follow-up to 092e6cd19ad.
Addresses: https://github.com/systemd/systemd/pull/30043#pullrequestreview-1733628935
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of SetDisplay() method in 4885d7490b2 the Display
property emits a "properties changed" message every time the display is
changed using this method, so mark it appropriately.
Caught by systemd/systemd#30029:
systemd-logind[1366]: Got message type=method_call sender=:1.165 destination=org.freedesktop.login1 path=/org/freedesktop/login1/session/_310 interface=org.freedesktop.login1.Session member=SetDisplay cookie=8 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-logind[1366]: Assertion 'v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE || v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION' failed at src/libsystemd/sd-bus/bus-objects.c:2141, function emit_properties_changed_on_interface(). Ignoring.
Follow-up to 4885d7490b2.
|
| |
|
|
|
| |
This new D-Bus API uses pidfd to refer to the session leader. Also,
pam_systemd will try to make use of it when pidfd support is available.
|
| |
|
|
|
|
|
|
|
| |
Automatically softreboot if the nextroot has been set up with an OS
tree, or automatically kexec if a kernel has been loaded with kexec
--load.
Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to
skip the automated switchover.
|
| |
|
|
|
| |
These only go back to version 250 which is the first version to provide the
export-dbus-interfaces build target.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The existing signal doesn't say which type of shutdown is going to happen.
With the introduction of soft-reboot, it is useful to have this information
broadcasted, so that clients can choose to do different things based on the
reboot type.
Add a{sv} as the payload so that more metadata can be added later if
needed, without needing to add yet another signal.
Send both old and new signal for backward compatibility, and send the new
one first so that clients can just wait for the first one on both old and
new systems.
|
| | |
|
| | |
|
| |\
| |
| | |
Add option to stop idle sessions after specified timeout
|
| | |
| |
| |
| |
| | |
Thanks to Jan Pazdziora <jpazdziora@redhat.com> for providing a patch
which implemeted a PoC of this feature.
|
| |/
|
|
|
|
|
|
|
| |
Something *is* similar
Something *works* similarly
Something does something, similarly to how something else does something
See https://sites.ulethbridge.ca/roussel/2017/11/29/similar-and-similarly-are-they-similar/
for a clear explanation.
|
| |
|
|
|
|
|
|
| |
Currently, the only way to set display name of a graphical session is to
pass it to CreateSession(). But modern display managers like gdm start
the display server as part of the user session, which means that the
display name isn't known yet when the session is being created. Hence,
let's make it possible to set it later.
|
| | |
|
| | |
|
| |
|
|
| |
gdbus is an external program, so it makes sense to recommend busctl.
|
| |
|
|
|
|
|
|
| |
The settings and internal varables were added, but this was never
exposed on the bus. Add that.
Follow-up-for: a520bb665417af7aa98dcb983f3583659bbab807
Follow-up-for: #19917
|
| | |
|
| |
|
|
| |
Fixes #21882.
|
| |
|
|
| |
Add new flag to allow kexec reboot if kernel is already loaded.
|
| |
|
|
|
| |
Add new systemd-logind WithFlags version for Reboot and others. These
methods add a unit64 parameter, with which can send additional control flags.
|
| | |
|
| |
|
|
|
| |
https://www.freedesktop.org/wiki/Software/systemd/multiseat/ says that it
is obsoleted by sd-login(3), so it doesn't make much sense to link to the former.
|
| | |
|
| |
|
|
| |
lxml insists on this, see 4fb222c4b29ec2a1a451a1e0e99c5d3c520395ab.
|
| |
|
| |
Fix a presumed copy&paste error. SetLockedHint corresponds to the "locked hint", not the "idle hint".
|
| |
|
|
|
| |
In cases where we used both die-net and man-pages for the same reference,
I switched to use man-pages everywhere.
|
| |
|
|
|
| |
Limit number of inodes for tmpfs mounts on /run/user/$UID. Default is
RuntimeDirectorySize= divided by 4096.
|
| |
|
|
| |
Added in db72aea4a952cdfdef51eda03408d7c4a11e7359.
|
| |
|
|
| |
Removed in 8f8cc84ba4612e74cd1e26898c6816e6e60fc4e9.
|
| |
|
|
|
|
| |
This has the advantage that the executables are always in place and we don't
need any units to exist on the bus, so we can eventually hook this up into
a normal build system. (Probably as a build time check.)
|
| | |
|
| |
|
|
|
|
| |
See d35f51ea848ca76bd3747db69e8c5dd864e82bc3 for justification.
First use in each file is turned into a link to the documentation page.
|
| |
|
|
| |
Pointed out by @boucman and @DaanDeMeyer during review.
|
| |
|
|
|
|
|
|
| |
Follow-up for f92c8d1c67bcdeba097e3203d8aafe3a31230ada.
directives.index:
- This index contains 3398 entries in 19 sections, referring to 333 individual
+ This index contains 4316 entries in 19 sections, referring to 333 individual
|
