summaryrefslogtreecommitdiffstats
path: root/units/user@.service.in (follow)
Commit message (Collapse)AuthorAgeFilesLines
* units: make system service manager create init.scope subcgroup for user ↵Lennart Poettering2023-04-271-0/+1
| | | | | | | | service manager This one is basically for free, since the service manager is already prepared for being invoked in init.scope. Hence let's start it in the right cgroup right-away.
* units: Order user@.service after systemd-oomd.serviceDaan De Meyer2023-03-181-1/+1
| | | | | | | | | | | | The user manager connects to oomd over varlink. Currently, during shutdown, if oomd is stopped before any user manager, the user manager will try to reconnect to the socket, leading to a warning from pid 1 about a conflicting transaction. Let's fix this by ordering user@.service after systemd-oomd.service, so that user sessions are stopped before systemd-oomd is stopped, which makes sure that the user sessions won't try to start oomd via its socket after systemd-oomd is stopped.
* units: let systemd --user manage its own memory pressure handlingLennart Poettering2023-03-011-0/+1
| | | | | | | | | | | Let's make things systematic: the per-user and the per-system manager should manage their own memory pressure, as they are, well, managers of things. This is particularly relevant and the per-user service manager should watch its own "init.scope" subcgroup, instead of the main service unit cgroup, and hence $MEMORY_PRESSURE_WATCH as set by the per-system service manager would simply be wrong.
* core: split system/user job timeouts and make them configurableZbigniew Jędrzejewski-Szmek2023-02-011-1/+1
| | | | | | | | | | | | | | | | Config options are -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec=. Existing -Dupdate-helper-user-timeout= is renamed to -Dupdate-helper-user-timeout-sec= for consistency. All three options take an integer value in seconds. The renaming and type-change of the option is a small compat break, but it's just at compile time and result in a clear error message. I also doubt that anyone was actually using the option. This commit separates the user manager timeouts, but keeps them unchanged at 90 s. The timeout for the user manager is set to 4/3*user-timeout, which means that it is still 120 s. Fedora wants to experiment with lower timeouts, but doing this via a patch would be annoying and more work than necessary. Let's make this easy to configure.
* pid1: make sure we send our calling service manager RELOADING=1 when reloadingLennart Poettering2023-01-101-1/+1
| | | | | | | | And send READY=1 again when we are done with it. We do this not only for "daemon-reload" but also for "daemon-reexec" and "switch-root", since from the perspective of an encapsulating service manager these three operations are not that different.
* logind: don't delay login for root even if systemd-user-sessions.service is ↵Franck Bui2022-07-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | not activated yet If for any reason something goes wrong during the boot process (most likely due to a network issue), system admins should be allowed to log in to the system to debug the problem. However due to the login session barrier enforced by systemd-user-sessions.service for all users, logins for root will be delayed until a (dbus) timeout expires. Beside being confusing, it's not a nice user experience to wait for an indefinite period of time (no message is shown) this and also suggests that something went wrong in the background. The reason of this delay is due to the fact that all units involved in the creation of a user session are ordered after systemd-user-sessions.service, which is subject to network issues. If root needs to log in at that time, logind is requested to create a new session (via pam_systemd), which ultimately ends up waiting for systemd-user-session.service to be activated. This has the bad side effect to block login for root until the dbus call done by pam_systemd times out and the PAM stack proceeds anyways. To solve this problem, this patch orders the session scope units and the user instances only after systemd-user-sessions.service for unprivileged users only.
* user: delegate cpu controller, assign weights to user slicesZbigniew Jędrzejewski-Szmek2022-07-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far we didn't enable the cpu controller because of overhead of the accounting. If I'm reading things correctly, delegation was enabled for a while for the units with user and pam context set, i.e. for user@.service too. a931ad47a8623163a29d898224d8a8c1177ffdaf added the explicit Delegate=yes|no switch, but it was initially set to 'yes'. acc8059129b38d60c1b923670863137f8ec8f91a disabled delegation for user@.service with the justication that CPU accounting is expensive, but half a year later a88c5b8ac4df713d9831d0073a07fac82e884fb3 changed DefaultCPUAccounting=yes for kernels >=4.15 with the justification that CPU accounting is inexpensive there. In my (very noncomprehensive) testing, I don't see a measurable overhead if the cpu controller is enabled for user slices. I tried some repeated compilations, and there is was no statistical difference, but the noise level was fairly high. Maybe better benchmarking would reveal a difference. The goal of this change is very simple: currently all of the user session, including services like the display server and pipewire are under user@.service. This means that when e.g. a compilation job is started in the session's app.slice, the processes in session.slice compete for CPU and can be starved. In particular, audio starts to stutter, etc. With CPU controller enabled, I can start start 'ninja -C build -j40' in a tab and this doesn't have any noticable effect on audio. I don't think the particular values matter too much: the CPU controller is work-convserving, and presumably the session slice would never need more than e.g. one 1 full CPU, i.e. half or a quarter of available CPU resources on even the smallest of today's machines. app.slice and session.slice are assigned equal weights, background.slice is assigned a smaller fraction. CPUWeight=100 is the default, but I wrote it explicitly to make it easier for users to see how the split is done. So effectively this should result in session.slice getting as much power as it needs. If if turns out that this does have a noticable overhead, we could make it opt-in. But I think that the benefit to usability is important enough to enable it by default. W/o something like this the session is not really usable with background tasks.
* units: run user service managers at OOM score adjustment 100Lennart Poettering2021-10-041-0/+1
| | | | | | | | | | | | | | | | | | | Let's make it slightly more likely that a per-user service manager is killed than any system service. We use a conservative 100 (from a range that goes all the way to 1000). Replaces: #17426 Together with the previous commit this means: system manager and system services are placed at OOM score adjustment 0 (specifically: they inherit kernel default of 0). User service manager (both for root and non-root) are placed at 100. User services for non-root are placed at 200, those for root inherit 100. Note that processes forked off the user *sessions* (i.e. not forked off the per-user service manager) remain at 0 (e.g. the shell process created by a tty or ssh login). This probably should be addressed too one day (maybe in pam_systemd?), but is not covered here.
* meson: use jinja2 for unit templatesZbigniew Jędrzejewski-Szmek2021-05-191-1/+1
| | | | | | | | | We don't need two (and half) templating systems anymore, yay! I'm keeping the changes minimal, to make the diff manageable. Some enhancements due to a better templating system might be possible in the future. For handling of '## ' — see the next commit.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* units: do not ignore return value from systemd --userZbigniew Jędrzejewski-Szmek2020-03-041-1/+1
| | | | | | | | | | | | | | | | | | | This minus has been there since the unit was added in d42d27ead91e470cb12986d928441e56c0f543ca. I think the idea was not cause things to fail if the user instance doesn't work. But ignoring the return value doesn't seem to be the right way to approach the problem. In particular, if the program fails to run, we'll get a bogus fail state, see https://bugzilla.redhat.com/show_bug.cgi?id=1727895#c1: with the minus: $ systemctl start user@1002 Job for user@1002.service failed because the service did not take the steps required by its unit configuration. See "systemctl status user@1002.service" and "journalctl -xe" for details. without the minus: $ systemctl start user@1002 Job for user@1002.service failed because the control process exited with error code. See "systemctl status user@1002.service" and "journalctl -xe" for details.
* units: turn off keyring handling for user@.serviceLennart Poettering2019-03-191-0/+1
| | | | | | | | | This service uses PAM anyway, hence let pam_keyring set things up for us. Moreover, this way we ensure that the invocation ID is not set for this service as key, and thus can't confuse the user service's invocation ID. Fixes: #11649
* user@.service: don't kill user manager at runlevel switchThomas Blume2018-09-131-0/+1
| | | | | | | | Loggin in as root user and then switching the runlevel results in a stop of the user manager, even though the user ist still logged in. That leaves a broken user session. Adding "IgnoreOnIsolate=true" to user@.service fixes this.
* units: make sure user@.service runs with dbus still upLennart Poettering2018-07-251-2/+1
| | | | Fixes: #9565
* man: add a description of user@.service, user-runtime-dir@.service, user-*.sliceZbigniew Jędrzejewski-Szmek2018-07-201-0/+1
| | | | Fixes #9590.
* logind: split %t directory creation to a helper unitZbigniew Jędrzejewski-Szmek2018-04-251-0/+2
| | | | | | | | | | | | | | | Unfortunately this needs a new binary to do the mount because there's just too many special steps to outsource this to systemd-mount: - EPERM needs to be treated specially - UserRuntimeDir= setting must be obeyed - SELinux label must be adjusted This allows user@.service to be started independently of logind. So 'systemctl start user@nnn' will start the user manager for user nnn. Logind will start it too when the user logs in, and will stop it (unless lingering is enabled) when the user logs out. Fixes #7339.
* units: delegate "memory" instead of "cpu" by default for user instances (#8320)Franck Bui2018-03-011-1/+1
| | | | | | | | CPU accounting has a too bad impact on performance to be enabled by default. Therefore we should not delegate "cpu" for now. OTOH since commit e0c46a736412b79b94a21f8512a769b9212b9adf, memory accounting has been turned on for all units by default so it makes sense to delegate this controller by default.
* units: delegate only "cpu" and "pids" controllers by default (#7564)Lennart Poettering2017-12-071-1/+1
| | | | | | | Now that we can configure which controllers to delegate precisely, let's limit wht we delegate to the user session: only "cpu" and "pids" as a minimal baseline. Fixes: #1715
* Add SPDX license headers to unit filesZbigniew Jędrzejewski-Szmek2017-11-191-0/+2
|
* units: do not perform m4 if not necessary (#6575)Yu Watanabe2017-08-091-0/+21
|
* bus-proxy: cloning smack labelPrzemyslaw Kedzierski2014-12-091-19/+0
| | | | | | | | | | | | | | | | | | | | | | When dbus client connects to systemd-bus-proxyd through Unix domain socket proxy takes client's smack label and sets for itself. It is done before and independent of dropping privileges. The reason of such soluton is fact that tests of access rights performed by lsm may take place inside kernel, not only in userspace of recipient of message. The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label. In case of systemd running in system mode, CAP_MAC_ADMIN should be added to CapabilityBoundingSet in service file of bus-proxyd. In case of systemd running in user mode ('systemd --user') it can be achieved by addition Capabilities=cap_mac_admin=i and SecureBits=keep-caps to user@.service file and setting cap_mac_admin+ei on bus-proxyd binary.
* core: introduce new Delegate=yes/no property controlling creation of cgroup ↵Lennart Poettering2014-11-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | subhierarchies For priviliged units this resource control property ensures that the processes have all controllers systemd manages enabled. For unpriviliged services (those with User= set) this ensures that access rights to the service cgroup is granted to the user in question, to create further subgroups. Note that this only applies to the name=systemd hierarchy though, as access to other controllers is not safe for unpriviliged processes. Delegate=yes should be set for container scopes where a systemd instance inside the container shall manage the hierarchies below its own cgroup and have access to all controllers. Delegate=yes should also be set for user@.service, so that systemd --user can run, controlling its own cgroup tree. This commit changes machined, systemd-nspawn@.service and user@.service to set this boolean, in order to ensure that container management will just work, and the user systemd instance can run fine.
* core: introduce new KillMode=mixed which sends SIGTERM only to the main ↵Lennart Poettering2014-01-291-0/+1
| | | | | | | | process, but SIGKILL to all daemon processes This should fix some race with terminating systemd --user, where the system systemd instance might race against the user systemd instance when sending SIGTERM.
* Improve messages about user mode a bitZbigniew Jędrzejewski-Szmek2014-01-091-1/+1
|
* pam_systemd: export DBUS_SESSION_BUS_ADDRESSKay Sievers2014-01-081-0/+17
|
* build-sys: fix generation of user@.serviceZbigniew Jędrzejewski-Szmek2013-12-271-22/+0
|
* units: user@.service: fix user bus pathMantas Mikulėnas2013-12-271-1/+5
|
* execute.c: always set $SHELLZbigniew Jędrzejewski-Szmek2013-10-021-1/+0
| | | | | In e6dca81 $SHELL was added to user@.service. Let's instead provide it to all units which have a user.
* units: Add SHELL environment variableEvan Callicoat2013-10-011-0/+1
| | | | | | | | With the advent of systemd --user sessions, it's become very interesting to spawn X as a user unit, as well as accompanying processes that may have previously been in a .xinitrc/.xsession, or even just to replace a collection of XDG/GDM/KDM/etc session files with independent systemd --user units. The simplest case here would be to login on a tty, with the traditional /usr/sbin/login "login manager". However, systemd --user (spawned by user@.service) is at the top level of the slice for the user, and does not inherit any environment variables from the login process. Given the number of common applications which rely on SHELL being set in the environment, it seems like the cleanest way to provide this variable is to set it to %s in the user@.service. Ideally in the long-term, applications which rely on SHELL being set should be fixed to just grab it from getpwnam() or similar, but until that becomes more common, I propose this simple change to make user sessions a little bit nicer out of the box.
* Add pam configuration to allow user sessions to work out of the boxZbigniew Jędrzejewski-Szmek2013-09-111-1/+1
| | | | | | | | | | | | | | | | | | | systemd-logind will start user@.service. user@.service unit uses PAM with service name 'systemd-user' to perform account and session managment tasks. Previously, the name was 'systemd-shared', it is now changed to 'systemd-user'. Most PAM installations use one common setup for different callers. Based on a quick poll, distributions fall into two camps: those that have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia, Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE). Distributions that have system-auth have just one configuration file that contains auth, password, account, and session blocks, and distributions that have common-auth also have common-session, common-password, and common-account. It is thus impossible to use one configuration file which would work for everybody. systemd-user now refers to system-auth, because it seems that the approach with one file is more popular and also easier, so let's follow that.
* units: since we auto-spawn user@.service instances now we don need an ↵Lennart Poettering2013-07-111-3/+0
| | | | [Install] section in it
* logind: port over to use scopes+slices for all cgroup stuffLennart Poettering2013-07-021-4/+2
| | | | | | | | | In order to prepare things for the single-writer cgroup scheme, let's make logind use systemd's own primitives for cgroup management. Every login user now gets his own private slice unit, in which his sessions live in a scope unit each. Also, add user@$UID.service to the same slice, and implicitly start it on first login.
* systemctl does not expand %u, so revert back to %IAuke Kok2013-05-091-1/+1
| | | | | The description field is only displayed by systemctl, and it can't expand %u properly (it will always display "root").
* units: update user@.service to reflect new user cgroup pathsLennart Poettering2013-04-231-1/+1
|
* Update user session unit template.Auke Kok2013-03-231-3/+7
| | | | | | | | | | | While most folks will be using the derivative from user-session-units, I'm updating this one to reflect some of the fixes and things to note about user sessions: - cgroup should be set with "%u" - username instead of %I - set dbus path with %U explicitly too - hint to folks that wish to use MEM_CG features in user sessions - allow unit to be enabled for instances with systemctl enable
* relicense to LGPLv2.1 (with exceptions)Lennart Poettering2012-04-121-2/+2
| | | | | | | | | | | | | | We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
* move /usr/bin/systemd to /usr/lib/systemd/systemdKay Sievers2012-02-081-1/+1
|
* logind: temporarily hack right user bus address into unit fileLennart Poettering2011-07-011-1/+2
|
* logind: add service for per-user shared systemd daemonLennart Poettering2011-06-301-0/+18