mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
homed: explicitly deactivate all home directories on shutdown
Let's explicitly deactivate all home dirs on shutdown, in order to properly synchronizing unmounting and avoiding blocking devices. Previously, we'd rely on automatic deactivation when home directories become unused. However, that scheme is asynchronous, and ongoing deactviations might conflicts with attempts to unmount /home. Let's fix that by providing an explicit service systemd-homed-activate.service whose only job is to have a ExecStop= line that explicitly deactivates all home directories on shutdown. This service can the be ordered after home.mount and similar, ensuring that we'll first deactivate all homes before deactivating /home itself during shutdown. This is kept separate from systemd-homed.service so that it is possible to restart systemd-homed.service without deactivating all home directories. Fixes: #16842
This commit is contained in:
parent
626fb9f301
commit
d1f6e01e47
@ -821,6 +821,15 @@
|
||||
their home directories are removed from memory.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>deactivate-all</command></term>
|
||||
|
||||
<listitem><para>Execute the <command>deactivate</command> command on all active home directories at
|
||||
once. This operation is generally executed on system shut down (i.e. by <command>systemctl
|
||||
poweroff</command> and related commands), to ensure all active user's home directories are fully
|
||||
deactivated before <filename>/home/</filename> and related file systems are unmounted.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>with</command> <replaceable>USER</replaceable> <replaceable>COMMAND…</replaceable></term>
|
||||
|
||||
|
@ -95,6 +95,7 @@ node /org/freedesktop/home1 {
|
||||
out h send_fd);
|
||||
ReleaseHome(in s user_name);
|
||||
LockAllHomes();
|
||||
DeactivateAllHomes();
|
||||
properties:
|
||||
readonly a(sso) AutoLogin = [...];
|
||||
};
|
||||
@ -156,6 +157,8 @@ node /org/freedesktop/home1 {
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="LockAllHomes()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="DeactivateAllHomes()"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="AutoLogin"/>
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
@ -340,6 +343,9 @@ node /org/freedesktop/home1 {
|
||||
<para><function>LockAllHomes()</function> locks all active home directories that only have references
|
||||
that opted into automatic suspending during system suspend. This is usually invoked automatically
|
||||
shortly before system suspend.</para>
|
||||
|
||||
<para><function>DeactivateAllHomes()</function> deactivates all home areas that are currently
|
||||
active. This is usually invoked automatically shortly before system shutdown.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
|
@ -1844,7 +1844,28 @@ static int lock_all_homes(int argc, char *argv[], void *userdata) {
|
||||
|
||||
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to lock home: %s", bus_error_message(&error, r));
|
||||
return log_error_errno(r, "Failed to lock all homes: %s", bus_error_message(&error, r));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int deactivate_all_homes(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
r = acquire_bus(&bus);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_message_new_method_call(bus, &m, bus_mgr, "DeactivateAllHomes");
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to deactivate all homes: %s", bus_error_message(&error, r));
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1902,6 +1923,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||
" lock USER… Temporarily lock an active home area\n"
|
||||
" unlock USER… Unlock a temporarily locked home area\n"
|
||||
" lock-all Lock all suitable home areas\n"
|
||||
" deactivate-all Deactivate all active home areas\n"
|
||||
" with USER [COMMAND…] Run shell or command with access to a home area\n"
|
||||
"\n%4$sOptions:%5$s\n"
|
||||
" -h --help Show this help\n"
|
||||
@ -3328,21 +3350,22 @@ static int redirect_bus_mgr(void) {
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
static const Verb verbs[] = {
|
||||
{ "help", VERB_ANY, VERB_ANY, 0, help },
|
||||
{ "list", VERB_ANY, 1, VERB_DEFAULT, list_homes },
|
||||
{ "activate", 2, VERB_ANY, 0, activate_home },
|
||||
{ "deactivate", 2, VERB_ANY, 0, deactivate_home },
|
||||
{ "inspect", VERB_ANY, VERB_ANY, 0, inspect_home },
|
||||
{ "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_home },
|
||||
{ "create", VERB_ANY, 2, 0, create_home },
|
||||
{ "remove", 2, VERB_ANY, 0, remove_home },
|
||||
{ "update", VERB_ANY, 2, 0, update_home },
|
||||
{ "passwd", VERB_ANY, 2, 0, passwd_home },
|
||||
{ "resize", 2, 3, 0, resize_home },
|
||||
{ "lock", 2, VERB_ANY, 0, lock_home },
|
||||
{ "unlock", 2, VERB_ANY, 0, unlock_home },
|
||||
{ "with", 2, VERB_ANY, 0, with_home },
|
||||
{ "lock-all", VERB_ANY, 1, 0, lock_all_homes },
|
||||
{ "help", VERB_ANY, VERB_ANY, 0, help },
|
||||
{ "list", VERB_ANY, 1, VERB_DEFAULT, list_homes },
|
||||
{ "activate", 2, VERB_ANY, 0, activate_home },
|
||||
{ "deactivate", 2, VERB_ANY, 0, deactivate_home },
|
||||
{ "inspect", VERB_ANY, VERB_ANY, 0, inspect_home },
|
||||
{ "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_home },
|
||||
{ "create", VERB_ANY, 2, 0, create_home },
|
||||
{ "remove", 2, VERB_ANY, 0, remove_home },
|
||||
{ "update", VERB_ANY, 2, 0, update_home },
|
||||
{ "passwd", VERB_ANY, 2, 0, passwd_home },
|
||||
{ "resize", 2, 3, 0, resize_home },
|
||||
{ "lock", 2, VERB_ANY, 0, lock_home },
|
||||
{ "unlock", 2, VERB_ANY, 0, unlock_home },
|
||||
{ "with", 2, VERB_ANY, 0, with_home },
|
||||
{ "lock-all", VERB_ANY, 1, 0, lock_all_homes },
|
||||
{ "deactivate-all", VERB_ANY, 1, 0, deactivate_all_homes },
|
||||
{}
|
||||
};
|
||||
|
||||
|
@ -2482,6 +2482,50 @@ static int home_dispatch_lock_all(Home *h, Operation *o) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int home_dispatch_deactivate_all(Home *h, Operation *o) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
int r;
|
||||
|
||||
assert(h);
|
||||
assert(o);
|
||||
assert(o->type == OPERATION_DEACTIVATE_ALL);
|
||||
|
||||
switch (home_get_state(h)) {
|
||||
|
||||
case HOME_UNFIXATED:
|
||||
case HOME_ABSENT:
|
||||
case HOME_INACTIVE:
|
||||
case HOME_DIRTY:
|
||||
log_info("Home %s is already deactivated.", h->user_name);
|
||||
r = 1; /* done */
|
||||
break;
|
||||
|
||||
case HOME_LOCKED:
|
||||
log_info("Home %s is currently locked, not deactivating.", h->user_name);
|
||||
r = 1; /* done */
|
||||
break;
|
||||
|
||||
case HOME_ACTIVE:
|
||||
log_info("Deactivating home %s.", h->user_name);
|
||||
r = home_deactivate_internal(h, false, &error);
|
||||
break;
|
||||
|
||||
default:
|
||||
/* All other cases means we are currently executing an operation, which means the job remains
|
||||
* pending. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
assert(!h->current_operation);
|
||||
|
||||
if (r != 0) /* failure or completed */
|
||||
operation_result(o, r, &error);
|
||||
else /* ongoing */
|
||||
h->current_operation = operation_ref(o);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int home_dispatch_pipe_eof(Home *h, Operation *o) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
int r;
|
||||
@ -2579,6 +2623,7 @@ static int on_pending(sd_event_source *s, void *userdata) {
|
||||
[OPERATION_ACQUIRE] = home_dispatch_acquire,
|
||||
[OPERATION_RELEASE] = home_dispatch_release,
|
||||
[OPERATION_LOCK_ALL] = home_dispatch_lock_all,
|
||||
[OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
|
||||
[OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
|
||||
[OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
|
||||
};
|
||||
|
@ -591,7 +591,45 @@ static int method_lock_all_homes(sd_bus_message *message, void *userdata, sd_bus
|
||||
}
|
||||
|
||||
if (waiting) /* At least one lock operation was enqeued, let's leave here without a reply: it will
|
||||
* be sent as soon as the last of the lock operations completed. */
|
||||
* be sent as soon as the last of the lock operations completed. */
|
||||
return 1;
|
||||
|
||||
return sd_bus_reply_method_return(message, NULL);
|
||||
}
|
||||
|
||||
static int method_deactivate_all_homes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
_cleanup_(operation_unrefp) Operation *o = NULL;
|
||||
bool waiting = false;
|
||||
Manager *m = userdata;
|
||||
Home *h;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
/* This is called from systemd-homed-activate.service's ExecStop= command to ensure that all home
|
||||
* directories are shutdown before the system goes down. Note that we don't do this from
|
||||
* systemd-homed.service itself since we want to allow restarting of it without tearing down all home
|
||||
* directories. */
|
||||
|
||||
HASHMAP_FOREACH(h, m->homes_by_name) {
|
||||
|
||||
if (!o) {
|
||||
o = operation_new(OPERATION_DEACTIVATE_ALL, message);
|
||||
if (!o)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
log_info("Automatically deactivating home of user %s.", h->user_name);
|
||||
|
||||
r = home_schedule_operation(h, o, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
waiting = true;
|
||||
}
|
||||
|
||||
if (waiting) /* At least one lock operation was enqeued, let's leave here without a reply: it will be
|
||||
* sent as soon as the last of the deactivation operations completed. */
|
||||
return 1;
|
||||
|
||||
return sd_bus_reply_method_return(message, NULL);
|
||||
@ -804,6 +842,7 @@ static const sd_bus_vtable manager_vtable[] = {
|
||||
|
||||
/* An operation that acts on all homes that allow it */
|
||||
SD_BUS_METHOD("LockAllHomes", NULL, NULL, method_lock_all_homes, 0),
|
||||
SD_BUS_METHOD("DeactivateAllHomes", NULL, NULL, method_deactivate_all_homes, 0),
|
||||
|
||||
SD_BUS_VTABLE_END
|
||||
};
|
||||
|
@ -9,6 +9,7 @@ typedef enum OperationType {
|
||||
OPERATION_ACQUIRE, /* enqueued on AcquireHome() */
|
||||
OPERATION_RELEASE, /* enqueued on ReleaseHome() */
|
||||
OPERATION_LOCK_ALL, /* enqueued on LockAllHomes() */
|
||||
OPERATION_DEACTIVATE_ALL, /* enqueued on DeactivateAllHomes() */
|
||||
OPERATION_PIPE_EOF, /* enqueued when we see EOF on the per-home reference pipes */
|
||||
OPERATION_DEACTIVATE_FORCE, /* enqueued on hard $HOME unplug */
|
||||
OPERATION_IMMEDIATE, /* this is never enqueued, it's just a marker we immediately started executing an operation without enqueuing anything first. */
|
||||
|
@ -102,6 +102,7 @@ units = [
|
||||
['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
|
||||
'sysinit.target.wants/'],
|
||||
['systemd-halt.service', ''],
|
||||
['systemd-homed-activate.service', 'ENABLE_HOMED'],
|
||||
['systemd-initctl.socket', 'HAVE_SYSV_COMPAT',
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journal-catalog-update.service', '',
|
||||
|
23
units/systemd-homed-activate.service
Normal file
23
units/systemd-homed-activate.service
Normal file
@ -0,0 +1,23 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
Description=Home Area Activation
|
||||
Documentation=man:systemd-homed.service(8)
|
||||
After=home.mount systemd-homed.service
|
||||
Before=systemd-user-sessions.service
|
||||
|
||||
[Service]
|
||||
ExecStop=homectl deactivate-all
|
||||
RemainAfterExit=true
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=systemd-homed.service
|
||||
Also=systemd-homed.service
|
@ -39,4 +39,4 @@ SystemCallFilter=@system-service @mount
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=dbus-org.freedesktop.home1.service
|
||||
Also=systemd-userdbd.service
|
||||
Also=systemd-homed-activate.service systemd-userdbd.service
|
||||
|
Loading…
Reference in New Issue
Block a user