1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

logind: don't apply RemoveIPC= to system users

We shouldn't destroy IPC objects of system users on logout.

http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html

This introduces SYSTEM_UID_MAX defined to the maximum UID of system
users. This value is determined compile-time, either as configure switch
or from /etc/login.defs. (We don't read that file at runtime, since this
is really a choice for a system builder, not the end user.)

While we are at it we then also update journald to use SYSTEM_UID_MAX
when we decide whether to split out log data for a specific client.
This commit is contained in:
Lennart Poettering 2014-05-21 09:31:22 +09:00
parent f5c0c00f40
commit f7dc3ab9f4
Notes: Lennart Poettering 2014-05-22 22:02:30 +09:00
Backport: bugfix
5 changed files with 30 additions and 4 deletions

View File

@ -4879,7 +4879,9 @@ substitutions = \
'|PYTHON=$(PYTHON)|' \
'|PYTHON_BINARY=$(PYTHON_BINARY)|' \
'|NTP_SERVERS=$(NTP_SERVERS)|' \
'|DNS_SERVERS=$(DNS_SERVERS)|'
'|DNS_SERVERS=$(DNS_SERVERS)|' \
'|systemuidmax=$(SYSTEM_UID_MAX)|' \
'|systemgidmax=$(SYSTEM_GID_MAX)|'
SED_PROCESS = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \

View File

@ -853,6 +853,26 @@ AC_ARG_WITH(time-epoch,
AC_DEFINE_UNQUOTED(TIME_EPOCH, [$TIME_EPOCH], [Time Epoch])
# ------------------------------------------------------------------------------
AC_ARG_WITH(system-uid-max,
AS_HELP_STRING([--with-system-uid-max=UID]
[Maximum UID for system users]),
[SYSTEM_UID_MAX="$withval"],
[SYSTEM_UID_MAX="`awk 'BEGIN { uid=999 } /^\s*SYS_UID_MAX\s+/ { uid=$2 } END { print uid }' /etc/login.defs 2>/dev/null || echo 999`"])
AC_DEFINE_UNQUOTED(SYSTEM_UID_MAX, [$SYSTEM_UID_MAX], [Maximum System UID])
AC_SUBST(SYSTEM_UID_MAX)
# ------------------------------------------------------------------------------
AC_ARG_WITH(system-gid-max,
AS_HELP_STRING([--with-system-gid-max=GID]
[Maximum GID for system groups]),
[SYSTEM_GID_MAX="$withval"],
[SYSTEM_GID_MAX="`awk 'BEGIN { gid=999 } /^\s*SYS_GID_MAX\s+/ { gid=$2 } END { print gid }' /etc/login.defs 2>/dev/null || echo 999`"])
AC_DEFINE_UNQUOTED(SYSTEM_GID_MAX, [$SYSTEM_GID_MAX], [Maximum System GID])
AC_SUBST(SYSTEM_GID_MAX)
# ------------------------------------------------------------------------------
have_localed=no
AC_ARG_ENABLE(localed, AS_HELP_STRING([--disable-localed], [disable locale daemon]))
@ -1256,6 +1276,8 @@ AC_MSG_RESULT([
Extra start script: ${RC_LOCAL_SCRIPT_PATH_START}
Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP}
Debug shell: ${SUSHELL} @ ${DEBUGTTY}
Maximum System UID: ${SYSTEM_UID_MAX}
Maximum System GID: ${SYSTEM_GID_MAX}
CFLAGS: ${OUR_CFLAGS} ${CFLAGS}
CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}

View File

@ -19,6 +19,8 @@ systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/u
systemdsystemgeneratordir=@systemgeneratordir@
systemdusergeneratordir=@usergeneratordir@
catalogdir=@catalogdir@
systemuidmax=@systemuidmax@
systemgidmax=@systemgidmax@
Name: systemd
Description: systemd System and Service Manager

View File

@ -258,7 +258,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
if (s->runtime_journal)
return s->runtime_journal;
if (uid <= 0)
if (uid <= SYSTEM_UID_MAX)
return s->system_journal;
r = sd_id128_get_machine(&machine);

View File

@ -332,8 +332,8 @@ fail:
int clean_ipc(uid_t uid) {
int ret = 0, r;
/* Refuse to clean IPC of the root user */
if (uid == 0)
/* Refuse to clean IPC of the root and system users */
if (uid <= SYSTEM_UID_MAX)
return 0;
r = clean_sysvipc_shm(uid);