mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
logind: don't apply RemoveIPC= to system users
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
This commit is contained in:
parent
f5c0c00f40
commit
f7dc3ab9f4
Notes:
Lennart Poettering
2014-05-22 22:02:30 +09:00
Backport: bugfix
@ -4879,7 +4879,9 @@ substitutions = \
|
||||
'|PYTHON=$(PYTHON)|' \
|
||||
'|PYTHON_BINARY=$(PYTHON_BINARY)|' \
|
||||
'|NTP_SERVERS=$(NTP_SERVERS)|' \
|
||||
'|DNS_SERVERS=$(DNS_SERVERS)|'
|
||||
'|DNS_SERVERS=$(DNS_SERVERS)|' \
|
||||
'|systemuidmax=$(SYSTEM_UID_MAX)|' \
|
||||
'|systemgidmax=$(SYSTEM_GID_MAX)|'
|
||||
|
||||
SED_PROCESS = \
|
||||
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
|
||||
|
22
configure.ac
22
configure.ac
@ -853,6 +853,26 @@ AC_ARG_WITH(time-epoch,
|
||||
|
||||
AC_DEFINE_UNQUOTED(TIME_EPOCH, [$TIME_EPOCH], [Time Epoch])
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
AC_ARG_WITH(system-uid-max,
|
||||
AS_HELP_STRING([--with-system-uid-max=UID]
|
||||
[Maximum UID for system users]),
|
||||
[SYSTEM_UID_MAX="$withval"],
|
||||
[SYSTEM_UID_MAX="`awk 'BEGIN { uid=999 } /^\s*SYS_UID_MAX\s+/ { uid=$2 } END { print uid }' /etc/login.defs 2>/dev/null || echo 999`"])
|
||||
|
||||
AC_DEFINE_UNQUOTED(SYSTEM_UID_MAX, [$SYSTEM_UID_MAX], [Maximum System UID])
|
||||
AC_SUBST(SYSTEM_UID_MAX)
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
AC_ARG_WITH(system-gid-max,
|
||||
AS_HELP_STRING([--with-system-gid-max=GID]
|
||||
[Maximum GID for system groups]),
|
||||
[SYSTEM_GID_MAX="$withval"],
|
||||
[SYSTEM_GID_MAX="`awk 'BEGIN { gid=999 } /^\s*SYS_GID_MAX\s+/ { gid=$2 } END { print gid }' /etc/login.defs 2>/dev/null || echo 999`"])
|
||||
|
||||
AC_DEFINE_UNQUOTED(SYSTEM_GID_MAX, [$SYSTEM_GID_MAX], [Maximum System GID])
|
||||
AC_SUBST(SYSTEM_GID_MAX)
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
have_localed=no
|
||||
AC_ARG_ENABLE(localed, AS_HELP_STRING([--disable-localed], [disable locale daemon]))
|
||||
@ -1256,6 +1276,8 @@ AC_MSG_RESULT([
|
||||
Extra start script: ${RC_LOCAL_SCRIPT_PATH_START}
|
||||
Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP}
|
||||
Debug shell: ${SUSHELL} @ ${DEBUGTTY}
|
||||
Maximum System UID: ${SYSTEM_UID_MAX}
|
||||
Maximum System GID: ${SYSTEM_GID_MAX}
|
||||
|
||||
CFLAGS: ${OUR_CFLAGS} ${CFLAGS}
|
||||
CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
|
||||
|
@ -19,6 +19,8 @@ systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/u
|
||||
systemdsystemgeneratordir=@systemgeneratordir@
|
||||
systemdusergeneratordir=@usergeneratordir@
|
||||
catalogdir=@catalogdir@
|
||||
systemuidmax=@systemuidmax@
|
||||
systemgidmax=@systemgidmax@
|
||||
|
||||
Name: systemd
|
||||
Description: systemd System and Service Manager
|
||||
|
@ -258,7 +258,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
|
||||
if (s->runtime_journal)
|
||||
return s->runtime_journal;
|
||||
|
||||
if (uid <= 0)
|
||||
if (uid <= SYSTEM_UID_MAX)
|
||||
return s->system_journal;
|
||||
|
||||
r = sd_id128_get_machine(&machine);
|
||||
|
@ -332,8 +332,8 @@ fail:
|
||||
int clean_ipc(uid_t uid) {
|
||||
int ret = 0, r;
|
||||
|
||||
/* Refuse to clean IPC of the root user */
|
||||
if (uid == 0)
|
||||
/* Refuse to clean IPC of the root and system users */
|
||||
if (uid <= SYSTEM_UID_MAX)
|
||||
return 0;
|
||||
|
||||
r = clean_sysvipc_shm(uid);
|
||||
|
Loading…
Reference in New Issue
Block a user