1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-27 03:21:32 +03:00
Commit Graph

32 Commits

Author SHA1 Message Date
Lennart Poettering
ce7de0ba8e units: run user service managers at OOM score adjustment 100
Let's make it slightly more likely that a per-user service manager is
killed than any system service. We use a conservative 100 (from a range
that goes all the way to 1000).

Replaces: #17426

Together with the previous commit this means: system manager and system
services are placed at OOM score adjustment 0 (specifically: they
inherit kernel default of 0). User service manager (both for root and
non-root) are placed at 100. User services for non-root are placed at
200, those for root inherit 100.

Note that processes forked off the user *sessions* (i.e. not forked off
the per-user service manager) remain at 0 (e.g. the shell process
created by a tty or ssh login). This probably should be
addressed too one day (maybe in pam_systemd?), but is not covered here.
2021-10-04 16:27:10 +02:00
Zbigniew Jędrzejewski-Szmek
059cc610b7 meson: use jinja2 for unit templates
We don't need two (and half) templating systems anymore, yay!

I'm keeping the changes minimal, to make the diff manageable. Some enhancements
due to a better templating system might be possible in the future.

For handling of '## ' — see the next commit.
2021-05-19 10:24:43 +09:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
a3558e7952 units: do not ignore return value from systemd --user
This minus has been there since the unit was added in
d42d27ead9. I think the idea was not cause things
to fail if the user instance doesn't work. But ignoring the return value
doesn't seem to be the right way to approach the problem. In particular, if
the program fails to run, we'll get a bogus fail state, see
https://bugzilla.redhat.com/show_bug.cgi?id=1727895#c1:

with the minus:
$ systemctl start user@1002
Job for user@1002.service failed because the service did not take the steps required by its unit configuration.
See "systemctl status user@1002.service" and "journalctl -xe" for details.

without the minus:
$ systemctl start user@1002
Job for user@1002.service failed because the control process exited with error code.
See "systemctl status user@1002.service" and "journalctl -xe" for details.
2020-03-05 04:49:37 +09:00
Lennart Poettering
928df2c251 units: turn off keyring handling for user@.service
This service uses PAM anyway, hence let pam_keyring set things up for
us. Moreover, this way we ensure that the invocation ID is not set for
this service as key, and thus can't confuse the user service's
invocation ID.

Fixes: #11649
2019-03-19 10:58:20 +01:00
Thomas Blume
8c1f04352b user@.service: don't kill user manager at runlevel switch
Loggin in as root user and then switching the runlevel results in a
stop of the user manager, even though the user ist still logged in.
That leaves a broken user session.

Adding "IgnoreOnIsolate=true" to user@.service fixes this.
2018-09-13 12:18:27 +02:00
Lennart Poettering
e5b3ace969 units: make sure user@.service runs with dbus still up
Fixes: #9565
2018-07-25 14:12:09 +02:00
Zbigniew Jędrzejewski-Szmek
a99655b052 man: add a description of user@.service, user-runtime-dir@.service, user-*.slice
Fixes #9590.
2018-07-20 16:57:50 +02:00
Zbigniew Jędrzejewski-Szmek
a9f0f5e501 logind: split %t directory creation to a helper unit
Unfortunately this needs a new binary to do the mount because there's just
too many special steps to outsource this to systemd-mount:
- EPERM needs to be treated specially
- UserRuntimeDir= setting must be obeyed
- SELinux label must be adjusted

This allows user@.service to be started independently of logind.
So 'systemctl start user@nnn' will start the user manager for user nnn.
Logind will start it too when the user logs in, and will stop it (unless
lingering is enabled) when the user logs out.

Fixes #7339.
2018-04-25 16:20:28 +02:00
Franck Bui
acc8059129 units: delegate "memory" instead of "cpu" by default for user instances (#8320)
CPU accounting has a too bad impact on performance to be enabled by
default. Therefore we should not delegate "cpu" for now.

OTOH since commit e0c46a7364, memory accounting
has been turned on for all units by default so it makes sense to delegate this
controller by default.
2018-03-01 10:58:03 +01:00
Lennart Poettering
5dfcaaaf11 units: delegate only "cpu" and "pids" controllers by default (#7564)
Now that we can configure which controllers to delegate precisely, let's
limit wht we delegate to the user session: only "cpu" and "pids" as a
minimal baseline.

Fixes: #1715
2017-12-07 08:48:08 +01:00
Zbigniew Jędrzejewski-Szmek
a7df2d1e43 Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
Yu Watanabe
4429c69f8d units: do not perform m4 if not necessary (#6575) 2017-08-09 09:13:41 -04:00
Przemyslaw Kedzierski
dd5ae4c36c bus-proxy: cloning smack label
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.

It is done before and independent of dropping privileges.

The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.

The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.

In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.

In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
2014-12-09 18:23:24 +01:00
Lennart Poettering
a931ad47a8 core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.

For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.

Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.

Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.

This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
2014-11-05 18:49:14 +01:00
Lennart Poettering
58ea275a68 core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes
This should fix some race with terminating systemd --user, where the
system systemd instance might race against the user systemd instance
when sending SIGTERM.
2014-01-29 13:42:06 +01:00
Zbigniew Jędrzejewski-Szmek
d8160f21fd Improve messages about user mode a bit 2014-01-08 22:15:27 -05:00
Kay Sievers
8b255ecd99 pam_systemd: export DBUS_SESSION_BUS_ADDRESS 2014-01-08 18:11:37 +08:00
Zbigniew Jędrzejewski-Szmek
4acbce7979 build-sys: fix generation of user@.service 2013-12-27 12:12:41 -05:00
Mantas Mikulėnas
3dc9f55d6e units: user@.service: fix user bus path 2013-12-27 12:12:41 -05:00
Zbigniew Jędrzejewski-Szmek
59fccd8211 execute.c: always set $SHELL
In e6dca81 $SHELL was added to user@.service. Let's
instead provide it to all units which have a user.
2013-10-02 22:23:56 +02:00
Evan Callicoat
e6dca81441 units: Add SHELL environment variable
With the advent of systemd --user sessions, it's become very interesting to spawn X as a user unit, as well as accompanying processes that may have previously been in a .xinitrc/.xsession, or even just to replace a collection of XDG/GDM/KDM/etc session files with independent systemd --user units. The simplest case here would be to login on a tty, with the traditional /usr/sbin/login "login manager".

However, systemd --user (spawned by user@.service) is at the top level of the slice for the user, and does not inherit any environment variables from the login process. Given the number of common applications which rely on SHELL being set in the environment, it seems like the cleanest way to provide this variable is to set it to %s in the user@.service.

Ideally in the long-term, applications which rely on SHELL being set should be fixed to just grab it from getpwnam() or similar, but until that becomes more common, I propose this simple change to make user sessions a little bit nicer out of the box.
2013-10-01 04:17:31 +02:00
Zbigniew Jędrzejewski-Szmek
5c390a4ae0 Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.

Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
2013-09-11 15:35:06 -04:00
Lennart Poettering
4c5420a0c1 units: since we auto-spawn user@.service instances now we don need an [Install] section in it 2013-07-11 01:57:09 +02:00
Lennart Poettering
fb6becb443 logind: port over to use scopes+slices for all cgroup stuff
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.

Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
2013-07-02 01:48:55 +02:00
Auke Kok
9541fe6adf systemctl does not expand %u, so revert back to %I
The description field is only displayed by systemctl, and
it can't expand %u properly (it will always display "root").
2013-05-09 09:39:15 -07:00
Lennart Poettering
a34cb32e54 units: update user@.service to reflect new user cgroup paths 2013-04-23 16:00:32 -03:00
Auke Kok
3abcb6aced Update user session unit template.
While most folks will be using the derivative from user-session-units,
I'm updating this one to reflect some of the fixes and things to note
about user sessions:

- cgroup should be set with "%u" - username instead of %I
- set dbus path with %U explicitly too
- hint to folks that wish to use MEM_CG features in user sessions
- allow unit to be enabled for instances with systemctl enable
2013-03-22 21:43:31 -07:00
Lennart Poettering
5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Kay Sievers
e0d25329b2 move /usr/bin/systemd to /usr/lib/systemd/systemd 2012-02-08 00:08:10 +01:00
Lennart Poettering
bde7f90721 logind: temporarily hack right user bus address into unit file 2011-07-01 22:36:15 +02:00
Lennart Poettering
d42d27ead9 logind: add service for per-user shared systemd daemon 2011-06-30 02:18:01 +02:00