forked from pool/systemd
Accepting request 208952 from Base:System
- Add U_logind_revert_lazy_session_activation_on_non_vt_seats.patch * See: http://cgit.freedesktop.org/systemd/systemd/commit/?id=3fdb2494c1e24c0a020f5b54022d2c751fd26f50 (forwarded request 208810 from lbssousa) OBS-URL: https://build.opensuse.org/request/show/208952 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=168
This commit is contained in:
commit
3eb2188d66
70
1011-check-4-valid-kmsg-device.patch
Normal file
70
1011-check-4-valid-kmsg-device.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From: Werner Fink <werner@suse.de>
|
||||||
|
Date: Thu, 21 Nov 2013 11:50:32 +0000
|
||||||
|
Subject: [PATCH] Avoid busy systemd-journald
|
||||||
|
|
||||||
|
Avoid a busy systemd-journald due polling a broken /dec/kmsg in lxc
|
||||||
|
environments.
|
||||||
|
|
||||||
|
---
|
||||||
|
journald-kmsg.c | 27 ++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 26 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: systemd-208/src/journal/journald-kmsg.c
|
||||||
|
===================================================================
|
||||||
|
--- systemd-208/src/journal/journald-kmsg.c
|
||||||
|
+++ systemd-208/src/journal/journald-kmsg.c 2013-11-21 13:30:22.930735683 +0000
|
||||||
|
@@ -23,7 +23,9 @@
|
||||||
|
#include <sys/epoll.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
|
||||||
|
#include <systemd/sd-messages.h>
|
||||||
|
#include <libudev.h>
|
||||||
|
@@ -377,20 +379,43 @@ int server_flush_dev_kmsg(Server *s) {
|
||||||
|
|
||||||
|
int server_open_dev_kmsg(Server *s) {
|
||||||
|
struct epoll_event ev;
|
||||||
|
+ struct stat st;
|
||||||
|
|
||||||
|
assert(s);
|
||||||
|
|
||||||
|
s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
|
||||||
|
if (s->dev_kmsg_fd < 0) {
|
||||||
|
- log_warning("Failed to open /dev/kmsg, ignoring: %m");
|
||||||
|
+ /* Do not warn as it may not exists in LXC environments */
|
||||||
|
+ if (errno != ENOENT)
|
||||||
|
+ log_warning("Failed to open /dev/kmsg, ignoring: %m");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (fstat(s->dev_kmsg_fd, &st) < 0) {
|
||||||
|
+ log_error("Failed to stat /dev/kmsg fd, ignoring: %m");
|
||||||
|
+ close_nointr_nofail(s->dev_kmsg_fd);
|
||||||
|
+ s->dev_kmsg_fd = -1;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!S_ISCHR(st.st_mode) || major(st.st_rdev) != 1 || minor(st.st_rdev) != 11) {
|
||||||
|
+ int old_errno = errno;
|
||||||
|
+ errno = ENODEV;
|
||||||
|
+ log_warning("Irregular device /dev/kmsg, ignoring: %m");
|
||||||
|
+ errno = old_errno;
|
||||||
|
+ close_nointr_nofail(s->dev_kmsg_fd);
|
||||||
|
+ s->dev_kmsg_fd = -1;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
zero(ev);
|
||||||
|
ev.events = EPOLLIN;
|
||||||
|
ev.data.fd = s->dev_kmsg_fd;
|
||||||
|
if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) {
|
||||||
|
|
||||||
|
+ close_nointr_nofail(s->dev_kmsg_fd);
|
||||||
|
+ s->dev_kmsg_fd = -1;
|
||||||
|
+
|
||||||
|
/* This will fail with EPERM on older kernels where
|
||||||
|
* /dev/kmsg is not readable. */
|
||||||
|
if (errno == EPERM)
|
@ -0,0 +1,168 @@
|
|||||||
|
Based on upstream baae0358f349870544884e405e82e4be7d8add9f
|
||||||
|
| From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
| Date: Tue, 26 Nov 2013 04:05:00 +0000
|
||||||
|
| Subject: pam_systemd: do not set XDG_RUNTIME_DIR if the session's original user is not the same as the newly logged in one
|
||||||
|
| It's better not to set any XDG_RUNTIME_DIR at all rather than one of a
|
||||||
|
| different user. So let's do this.
|
||||||
|
--- systemd-208/src/login/logind-dbus.c
|
||||||
|
+++ systemd-208/src/login/logind-dbus.c 2013-11-26 13:37:05.730735774 +0000
|
||||||
|
@@ -523,6 +523,7 @@ static int bus_manager_create_session(Ma
|
||||||
|
DBUS_TYPE_OBJECT_PATH, &path,
|
||||||
|
DBUS_TYPE_STRING, &session->user->runtime_path,
|
||||||
|
DBUS_TYPE_UNIX_FD, &fifo_fd,
|
||||||
|
+ DBUS_TYPE_UINT32, &session->user->uid,
|
||||||
|
DBUS_TYPE_STRING, &cseat,
|
||||||
|
DBUS_TYPE_UINT32, &vtnr,
|
||||||
|
DBUS_TYPE_BOOLEAN, &exists,
|
||||||
|
--- systemd-208/src/login/logind-session-dbus.c
|
||||||
|
+++ systemd-208/src/login/logind-session-dbus.c 2013-11-26 13:36:07.478236401 +0000
|
||||||
|
@@ -755,6 +755,7 @@ int session_send_create_reply(Session *s
|
||||||
|
DBUS_TYPE_OBJECT_PATH, &path,
|
||||||
|
DBUS_TYPE_STRING, &s->user->runtime_path,
|
||||||
|
DBUS_TYPE_UNIX_FD, &fifo_fd,
|
||||||
|
+ DBUS_TYPE_UINT32, &s->user->uid,
|
||||||
|
DBUS_TYPE_STRING, &cseat,
|
||||||
|
DBUS_TYPE_UINT32, &vtnr,
|
||||||
|
DBUS_TYPE_BOOLEAN, &exists,
|
||||||
|
--- systemd-208/src/login/pam-module.c
|
||||||
|
+++ systemd-208/src/login/pam-module.c 2013-11-26 14:32:20.194235777 +0000
|
||||||
|
@@ -93,24 +93,18 @@ static int get_user_data(
|
||||||
|
assert(ret_username);
|
||||||
|
assert(ret_pw);
|
||||||
|
|
||||||
|
- r = audit_loginuid_from_pid(0, &uid);
|
||||||
|
- if (r >= 0)
|
||||||
|
- pw = pam_modutil_getpwuid(handle, uid);
|
||||||
|
- else {
|
||||||
|
- r = pam_get_user(handle, &username, NULL);
|
||||||
|
- if (r != PAM_SUCCESS) {
|
||||||
|
- pam_syslog(handle, LOG_ERR, "Failed to get user name.");
|
||||||
|
- return r;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (isempty(username)) {
|
||||||
|
- pam_syslog(handle, LOG_ERR, "User name not valid.");
|
||||||
|
- return PAM_AUTH_ERR;
|
||||||
|
- }
|
||||||
|
+ r = pam_get_user(handle, &username, NULL);
|
||||||
|
+ if (r != PAM_SUCCESS) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Failed to get user name.");
|
||||||
|
+ return r;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- pw = pam_modutil_getpwnam(handle, username);
|
||||||
|
+ if (isempty(username)) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "User name not valid.");
|
||||||
|
+ return PAM_AUTH_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ pw = pam_modutil_getpwnam(handle, username);
|
||||||
|
if (!pw) {
|
||||||
|
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
|
||||||
|
return PAM_USER_UNKNOWN;
|
||||||
|
@@ -123,16 +117,14 @@ static int get_user_data(
|
||||||
|
}
|
||||||
|
|
||||||
|
static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
|
||||||
|
- _cleanup_free_ char *p = NULL;
|
||||||
|
- int r;
|
||||||
|
- _cleanup_close_ int fd = -1;
|
||||||
|
union sockaddr_union sa = {
|
||||||
|
.un.sun_family = AF_UNIX,
|
||||||
|
};
|
||||||
|
+ _cleanup_free_ char *p = NULL, *tty = NULL;
|
||||||
|
+ _cleanup_close_ int fd = -1;
|
||||||
|
struct ucred ucred;
|
||||||
|
socklen_t l;
|
||||||
|
- _cleanup_free_ char *tty = NULL;
|
||||||
|
- int v;
|
||||||
|
+ int v, r;
|
||||||
|
|
||||||
|
assert(display);
|
||||||
|
assert(vtnr);
|
||||||
|
@@ -194,13 +186,12 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
dbus_bool_t remote, existing;
|
||||||
|
int r;
|
||||||
|
uint32_t vtnr = 0;
|
||||||
|
+ uid_t original_uid;
|
||||||
|
|
||||||
|
assert(handle);
|
||||||
|
|
||||||
|
dbus_error_init(&error);
|
||||||
|
|
||||||
|
- /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
|
||||||
|
-
|
||||||
|
/* Make this a NOP on non-logind systems */
|
||||||
|
if (!logind_running())
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
@@ -213,6 +204,9 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(handle, LOG_INFO, "pam-systemd initializing");
|
||||||
|
+
|
||||||
|
r = get_user_data(handle, &username, &pw);
|
||||||
|
if (r != PAM_SUCCESS)
|
||||||
|
goto finish;
|
||||||
|
@@ -374,7 +368,11 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
if (debug)
|
||||||
|
pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
|
||||||
|
"uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
|
||||||
|
- uid, pid, service, type, class, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);
|
||||||
|
+ pw->pw_uid, pid,
|
||||||
|
+ strempty(service),
|
||||||
|
+ type, class,
|
||||||
|
+ seat, vtnr, tty, display,
|
||||||
|
+ yes_no(remote), remote_user, remote_host);
|
||||||
|
|
||||||
|
reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
|
||||||
|
if (!reply) {
|
||||||
|
@@ -388,6 +386,7 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
DBUS_TYPE_OBJECT_PATH, &object_path,
|
||||||
|
DBUS_TYPE_STRING, &runtime_path,
|
||||||
|
DBUS_TYPE_UNIX_FD, &session_fd,
|
||||||
|
+ DBUS_TYPE_UINT32, &original_uid,
|
||||||
|
DBUS_TYPE_STRING, &seat,
|
||||||
|
DBUS_TYPE_UINT32, &vtnr,
|
||||||
|
DBUS_TYPE_BOOLEAN, &existing,
|
||||||
|
@@ -399,8 +398,8 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
|
||||||
|
if (debug)
|
||||||
|
pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
|
||||||
|
- "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",
|
||||||
|
- id, object_path, runtime_path, session_fd, seat, vtnr);
|
||||||
|
+ "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
|
||||||
|
+ id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);
|
||||||
|
|
||||||
|
r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
|
||||||
|
if (r != PAM_SUCCESS) {
|
||||||
|
@@ -408,10 +407,24 @@ _public_ PAM_EXTERN int pam_sm_open_sess
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
|
||||||
|
- r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
|
||||||
|
- if (r != PAM_SUCCESS) {
|
||||||
|
- pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
||||||
|
- goto finish;
|
||||||
|
+ if (original_uid == pw->pw_uid) {
|
||||||
|
+ /* Don't set $XDG_RUNTIME_DIR if the user we now
|
||||||
|
+ * authenticated for does not match the original user
|
||||||
|
+ * of the session. We do this in order not to result
|
||||||
|
+ * in privileged apps clobbering the runtime directory
|
||||||
|
+ * unnecessarily. */
|
||||||
|
+
|
||||||
|
+ r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
|
||||||
|
+ if (r != PAM_SUCCESS) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ (void) unsetenv("XDG_RUNTIME_DIR");
|
||||||
|
+ r = pam_putenv(handle, "XDG_RUNTIME_DIR");
|
||||||
|
+ if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir.");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isempty(seat)) {
|
@ -0,0 +1,26 @@
|
|||||||
|
From 3fdb2494c1e24c0a020f5b54022d2c751fd26f50 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Herrmann <dh.herrmann@gmail.com>
|
||||||
|
Date: Thu, 28 Nov 2013 09:52:18 +0000
|
||||||
|
Subject: login: revert lazy session-activation on non-VT seats
|
||||||
|
|
||||||
|
Existing applications like gdm already depend on new sessions to get
|
||||||
|
immediately activated on seats without VTs. Fixes a bug reported as:
|
||||||
|
[systemd-devel] systemd 208:trouble with inactive user sessions at non-seat0 seats
|
||||||
|
|
||||||
|
This patch restores the original behavior. We either need to add a new
|
||||||
|
flag for session-creation or some other heuristic to avoid activating new
|
||||||
|
sessions in the future.
|
||||||
|
---
|
||||||
|
--- a/src/login/logind-seat.c 2013-11-28 11:30:49.624623090 -0200
|
||||||
|
+++ b/src/login/logind-seat.c 2013-11-28 11:31:46.668792391 -0200
|
||||||
|
@@ -420,8 +420,8 @@
|
||||||
|
seat_send_changed(s, "Sessions\0");
|
||||||
|
|
||||||
|
/* On seats with VTs, the VT logic defines which session is active. On
|
||||||
|
- * seats without VTs, we automatically activate the first session. */
|
||||||
|
- if (!seat_has_vts(s) && !s->active)
|
||||||
|
+ * seats without VTs, we automatically activate new sessions. */
|
||||||
|
+ if (!seat_has_vts(s))
|
||||||
|
seat_set_active(s, session);
|
||||||
|
|
||||||
|
return 0;
|
@ -1,3 +1,25 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 28 10:25:58 UTC 2013 - lbsousajr@gmail.com
|
||||||
|
|
||||||
|
- Add U_logind_revert_lazy_session_activation_on_non_vt_seats.patch
|
||||||
|
* See: http://cgit.freedesktop.org/systemd/systemd/commit/?id=3fdb2494c1e24c0a020f5b54022d2c751fd26f50
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 26 15:12:58 UTC 2013 - werner@suse.de
|
||||||
|
|
||||||
|
- Add patch
|
||||||
|
1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch
|
||||||
|
to avoid (xdg-)su to set XDG_RUNTIME_DIR to the original user and
|
||||||
|
avoid that e.g. pulseaudio will create /run/user/<pid>/pulse owned
|
||||||
|
by root (bnc#852015)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 21 12:27:11 UTC 2013 - werner@suse.de
|
||||||
|
|
||||||
|
- Add patch
|
||||||
|
1011-check-4-valid-kmsg-device.patch
|
||||||
|
to avoid a busy systemd-journald (bnc#851393)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 6 09:42:05 UTC 2013 - werner@suse.de
|
Wed Nov 6 09:42:05 UTC 2013 - werner@suse.de
|
||||||
|
|
||||||
|
@ -258,6 +258,11 @@ Patch1008: 1008-add-msft-compability-rules.patch
|
|||||||
Patch1009: 1009-make-xsltproc-use-correct-ROFF-links.patch
|
Patch1009: 1009-make-xsltproc-use-correct-ROFF-links.patch
|
||||||
# PATCH-FIX-OPENSUSE 1010-do-not-install-sulogin-unit-with-poweroff.patch -- Avoid installing console-shell.service (bnc#849071)
|
# PATCH-FIX-OPENSUSE 1010-do-not-install-sulogin-unit-with-poweroff.patch -- Avoid installing console-shell.service (bnc#849071)
|
||||||
Patch1010: 1010-do-not-install-sulogin-unit-with-poweroff.patch
|
Patch1010: 1010-do-not-install-sulogin-unit-with-poweroff.patch
|
||||||
|
# PATCH-FIX-OPENSUSE 1011-check-4-valid-kmsg-device.patch -- Avoid busy systemd-journald (bnc#851393)
|
||||||
|
Patch1011: 1011-check-4-valid-kmsg-device.patch
|
||||||
|
# PATCH-FIX-PSTREAM 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch
|
||||||
|
Patch1012: 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch
|
||||||
|
Patch1013: U_logind_revert_lazy_session_activation_on_non_vt_seats.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
@ -534,6 +539,9 @@ cp %{SOURCE7} m4/
|
|||||||
%endif
|
%endif
|
||||||
%patch1009 -p1
|
%patch1009 -p1
|
||||||
%patch1010 -p1
|
%patch1010 -p1
|
||||||
|
%patch1011 -p1
|
||||||
|
%patch1012 -p1
|
||||||
|
%patch1013 -p1
|
||||||
|
|
||||||
# ensure generate files are removed
|
# ensure generate files are removed
|
||||||
rm -f units/emergency.service
|
rm -f units/emergency.service
|
||||||
|
Loading…
Reference in New Issue
Block a user