[systemd-commits] 3 commits - src/cgls.c src/cgroup-util.c src/cgroup-util.h src/condition.c src/fsck.c src/locale-setup.c src/pam-module.c src/quotacheck.c src/target.c src/user-sessions.c src/vconsole-setup.c
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Mar 14 15:47:29 PDT 2011
src/cgls.c | 14 ++++++++++++--
src/cgroup-util.c | 28 ++++++++++++++++++++++++++++
src/cgroup-util.h | 2 ++
src/condition.c | 3 +++
src/fsck.c | 3 +++
src/locale-setup.c | 41 +++++++++++++++++++++--------------------
src/pam-module.c | 37 +++++++++++++++++++++++++++----------
src/quotacheck.c | 3 +++
src/target.c | 3 +++
src/user-sessions.c | 15 +++++++++++++--
src/vconsole-setup.c | 25 +++++++++++++------------
11 files changed, 128 insertions(+), 46 deletions(-)
New commits:
commit 2fc9784656900c4dc3715db506096ddc23fdd87c
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 14 23:41:47 2011 +0100
container: skip a few things when we are run in a container such as accessing /proc/cmdline
diff --git a/src/condition.c b/src/condition.c
index 1d6cf12..1dce276 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -67,6 +67,9 @@ static bool test_kernel_command_line(const char *parameter) {
assert(parameter);
+ if (detect_virtualization(NULL) > 0)
+ return false;
+
if ((r = read_one_line_file("/proc/cmdline", &line)) < 0) {
log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
return false;
diff --git a/src/fsck.c b/src/fsck.c
index b5d8764..a3c83c3 100644
--- a/src/fsck.c
+++ b/src/fsck.c
@@ -106,6 +106,9 @@ static int parse_proc_cmdline(void) {
int r;
size_t l;
+ if (detect_virtualization(NULL) > 0)
+ return 0;
+
if ((r = read_one_line_file("/proc/cmdline", &line)) < 0) {
log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
return 0;
diff --git a/src/locale-setup.c b/src/locale-setup.c
index 7684681..055c1fa 100644
--- a/src/locale-setup.c
+++ b/src/locale-setup.c
@@ -69,28 +69,29 @@ int locale_setup(void) {
zero(variables);
- if ((r = parse_env_file("/proc/cmdline", WHITESPACE,
+ if (detect_virtualization(NULL) <= 0)
+ if ((r = parse_env_file("/proc/cmdline", WHITESPACE,
#ifdef TARGET_FEDORA
- "LANG", &variables[VARIABLE_LANG],
+ "LANG", &variables[VARIABLE_LANG],
#endif
- "locale.LANG", &variables[VARIABLE_LANG],
- "locale.LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
- "locale.LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
- "locale.LC_TIME", &variables[VARIABLE_LC_TIME],
- "locale.LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
- "locale.LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
- "locale.LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
- "locale.LC_PAPER", &variables[VARIABLE_LC_PAPER],
- "locale.LC_NAME", &variables[VARIABLE_LC_NAME],
- "locale.LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
- "locale.LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
- "locale.LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
- "locale.LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION],
- NULL)) < 0) {
-
- if (r != -ENOENT)
- log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
- }
+ "locale.LANG", &variables[VARIABLE_LANG],
+ "locale.LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
+ "locale.LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
+ "locale.LC_TIME", &variables[VARIABLE_LC_TIME],
+ "locale.LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
+ "locale.LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
+ "locale.LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
+ "locale.LC_PAPER", &variables[VARIABLE_LC_PAPER],
+ "locale.LC_NAME", &variables[VARIABLE_LC_NAME],
+ "locale.LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
+ "locale.LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
+ "locale.LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
+ "locale.LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION],
+ NULL)) < 0) {
+
+ if (r != -ENOENT)
+ log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
+ }
/* Hmm, nothing set on the kernel cmd line? Then let's
* try /etc/locale.conf */
diff --git a/src/quotacheck.c b/src/quotacheck.c
index da2da3b..057d861 100644
--- a/src/quotacheck.c
+++ b/src/quotacheck.c
@@ -35,6 +35,9 @@ static int parse_proc_cmdline(void) {
int r;
size_t l;
+ if (detect_virtualization(NULL) > 0)
+ return 0;
+
if ((r = read_one_line_file("/proc/cmdline", &line)) < 0) {
log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
return 0;
diff --git a/src/target.c b/src/target.c
index e61255c..b8d4a01 100644
--- a/src/target.c
+++ b/src/target.c
@@ -92,6 +92,9 @@ static int target_add_getty_dependencies(Target *t) {
if (!unit_has_name(UNIT(t), SPECIAL_GETTY_TARGET))
return 0;
+ if (detect_container(NULL) > 0)
+ return 1;
+
if (read_one_line_file("/sys/class/tty/console/active", &active) >= 0) {
const char *tty;
diff --git a/src/vconsole-setup.c b/src/vconsole-setup.c
index 5b97712..29ce7be 100644
--- a/src/vconsole-setup.c
+++ b/src/vconsole-setup.c
@@ -176,21 +176,22 @@ int main(int argc, char **argv) {
utf8 = is_locale_utf8();
- if ((r = parse_env_file("/proc/cmdline", WHITESPACE,
+ if (detect_virtualization(NULL) <= 0)
+ if ((r = parse_env_file("/proc/cmdline", WHITESPACE,
#ifdef TARGET_FEDORA
- "SYSFONT", &vc_font,
- "KEYTABLE", &vc_keymap,
+ "SYSFONT", &vc_font,
+ "KEYTABLE", &vc_keymap,
#endif
- "vconsole.keymap", &vc_keymap,
- "vconsole.keymap.toggle", &vc_keymap_toggle,
- "vconsole.font", &vc_font,
- "vconsole.font.map", &vc_font_map,
- "vconsole.font.unimap", &vc_font_unimap,
- NULL)) < 0) {
+ "vconsole.keymap", &vc_keymap,
+ "vconsole.keymap.toggle", &vc_keymap_toggle,
+ "vconsole.font", &vc_font,
+ "vconsole.font.map", &vc_font_map,
+ "vconsole.font.unimap", &vc_font_unimap,
+ NULL)) < 0) {
- if (r != -ENOENT)
- log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
- }
+ if (r != -ENOENT)
+ log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
+ }
/* Hmm, nothing set on the kernel cmd line? Then let's
* try /etc/vconsole.conf */
commit 1f16b4a6c496288aa62dc2ac973f88ca6c801b5d
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 14 23:40:41 2011 +0100
cgls: by default start with group of PID 1
diff --git a/src/cgls.c b/src/cgls.c
index 93617dd..6f08301 100644
--- a/src/cgls.c
+++ b/src/cgls.c
@@ -106,8 +106,18 @@ int main(int argc, char *argv[]) {
if (path_startswith(p, "/sys/fs/cgroup")) {
printf("Working Directory %s:\n", p);
r = show_cgroup_by_path(p, NULL, 0);
- } else
- r = show_cgroup(SYSTEMD_CGROUP_CONTROLLER, "/", NULL, 0);
+ } else {
+ char *root = NULL;
+ const char *t = NULL;
+
+ if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &root)) < 0)
+ t = "/";
+ else
+ t = root;
+
+ r = show_cgroup(SYSTEMD_CGROUP_CONTROLLER, t, NULL, 0);
+ free(root);
+ }
free(p);
}
commit 1f73f0f163eeb8a889e3799c0c63bcb437e531ac
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 14 23:13:57 2011 +0100
pam: determine user cgroup tree from cgroup of PID 1
diff --git a/src/cgroup-util.c b/src/cgroup-util.c
index 055c906..bbadc78 100644
--- a/src/cgroup-util.c
+++ b/src/cgroup-util.c
@@ -967,3 +967,31 @@ int cg_fix_path(const char *path, char **result) {
return r;
}
+
+int cg_get_user_path(char **path) {
+ char *root, *p;
+
+ assert(path);
+
+ /* Figure out the place to put user cgroups below. We use the
+ * same as PID 1 has but with the "/system" suffix replaced by
+ * "/user" */
+
+ if (cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &root) < 0)
+ p = strdup("/user");
+ else {
+ if (endswith(root, "/system"))
+ root[strlen(root) - 7] = 0;
+ else if (streq(root, "/"))
+ root[0] = 0;
+
+ p = strappend(root, "/user");
+ free(root);
+ }
+
+ if (!p)
+ return -ENOMEM;
+
+ *path = p;
+ return 0;
+}
diff --git a/src/cgroup-util.h b/src/cgroup-util.h
index 73df969..1eccbc9 100644
--- a/src/cgroup-util.h
+++ b/src/cgroup-util.h
@@ -68,4 +68,6 @@ int cg_install_release_agent(const char *controller, const char *agent);
int cg_is_empty(const char *controller, const char *path, bool ignore_self);
int cg_is_empty_recursive(const char *controller, const char *path, bool ignore_self);
+int cg_get_user_path(char **path);
+
#endif
diff --git a/src/pam-module.c b/src/pam-module.c
index e1a1a50..3a5404d 100644
--- a/src/pam-module.c
+++ b/src/pam-module.c
@@ -199,10 +199,8 @@ static int open_file_and_lock(const char *fn) {
* locally accessible, and most likely even tmpfs. */
if (flock(fd, LOCK_EX) < 0) {
- int r = -errno;
-
close_nointr_nofail(fd);
- return r;
+ return -errno;
}
return fd;
@@ -275,6 +273,7 @@ static uint64_t get_session_id(int *mode) {
/* Last attempt, pick a random value */
return (uint64_t) random_ull();
}
+
static int get_user_data(
pam_handle_t *handle,
const char **ret_username,
@@ -398,6 +397,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
int lock_fd = -1;
bool create_session = true;
char **controllers = NULL, **reset_controllers = NULL, **c;
+ char *cgroup_user_tree = NULL;
assert(handle);
@@ -417,6 +417,12 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if ((r = get_user_data(handle, &username, &pw)) != PAM_SUCCESS)
goto finish;
+ if ((r = cg_get_user_path(&cgroup_user_tree)) < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to determine user cgroup tree: %s", strerror(-r));
+ r = PAM_SYSTEM_ERR;
+ goto finish;
+ }
+
if (safe_mkdir(RUNTIME_DIR "/user", 0755, 0, 0) < 0) {
pam_syslog(handle, LOG_ERR, "Failed to create runtime directory: %m");
r = PAM_SYSTEM_ERR;
@@ -480,9 +486,9 @@ _public_ PAM_EXTERN int pam_sm_open_session(
}
}
- r = asprintf(&buf, "/user/%s/%s", username, id);
+ r = asprintf(&buf, "%s/%s/%s", cgroup_user_tree, username, id);
} else
- r = asprintf(&buf, "/user/%s/master", username);
+ r = asprintf(&buf, "%s/%s/master", cgroup_user_tree, username);
if (r < 0) {
r = PAM_BUF_ERR;
@@ -513,6 +519,8 @@ finish:
strv_free(controllers);
strv_free(reset_controllers);
+ free(cgroup_user_tree);
+
return r;
}
@@ -604,6 +612,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
struct passwd *pw;
const void *created = NULL;
char **controllers = NULL, **c, **kill_only_users = NULL, **kill_exclude_users = NULL;
+ char *cgroup_user_tree = NULL;
assert(handle);
@@ -621,6 +630,12 @@ _public_ PAM_EXTERN int pam_sm_close_session(
if ((r = get_user_data(handle, &username, &pw)) != PAM_SUCCESS)
goto finish;
+ if ((r = cg_get_user_path(&cgroup_user_tree)) < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to determine user cgroup tree: %s", strerror(-r));
+ r = PAM_SYSTEM_ERR;
+ goto finish;
+ }
+
if ((lock_fd = open_file_and_lock(RUNTIME_DIR "/user/.pam-systemd-lock")) < 0) {
pam_syslog(handle, LOG_ERR, "Failed to lock runtime directory: %m");
r = PAM_SYSTEM_ERR;
@@ -628,14 +643,14 @@ _public_ PAM_EXTERN int pam_sm_close_session(
}
/* We are probably still in some session/user dir. Move ourselves out of the way as first step */
- if ((r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, "/user", 0)) < 0)
+ if ((r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_user_tree, 0)) < 0)
pam_syslog(handle, LOG_ERR, "Failed to move us away: %s", strerror(-r));
STRV_FOREACH(c, controllers)
- if ((r = cg_attach(*c, "/user", 0)) < 0)
+ if ((r = cg_attach(*c, cgroup_user_tree, 0)) < 0)
pam_syslog(handle, LOG_ERR, "Failed to move us away in %s hierarchy: %s", *c, strerror(-r));
- if (asprintf(&user_path, "/user/%s", username) < 0) {
+ if (asprintf(&user_path, "%s/%s", cgroup_user_tree, username) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
@@ -644,8 +659,8 @@ _public_ PAM_EXTERN int pam_sm_close_session(
if ((id = pam_getenv(handle, "XDG_SESSION_ID")) && created) {
- if (asprintf(&session_path, "/user/%s/%s", username, id) < 0 ||
- asprintf(&nosession_path, "/user/%s/master", username) < 0) {
+ if (asprintf(&session_path, "%s/%s/%s", cgroup_user_tree, username, id) < 0 ||
+ asprintf(&nosession_path, "%s/%s/master", cgroup_user_tree, username) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
@@ -731,5 +746,7 @@ finish:
strv_free(kill_exclude_users);
strv_free(kill_only_users);
+ free(cgroup_user_tree);
+
return r;
}
diff --git a/src/user-sessions.c b/src/user-sessions.c
index 8026961..d3faad0 100644
--- a/src/user-sessions.c
+++ b/src/user-sessions.c
@@ -57,14 +57,25 @@ int main(int argc, char*argv[]) {
} else if (streq(argv[1], "stop")) {
int r, q;
+ char *cgroup_user_tree = NULL;
if ((r = write_one_line_file("/var/run/nologin", "System is going down.")) < 0)
log_error("Failed to create /var/run/nologin: %s", strerror(-r));
- if ((q = cg_kill_recursive_and_wait(SYSTEMD_CGROUP_CONTROLLER, "/user", true)) < 0)
+ if ((q = cg_get_user_path(&cgroup_user_tree)) < 0) {
+ log_error("Failed to determine use path: %s", strerror(-q));
+ goto finish;
+ }
+
+ q = cg_kill_recursive_and_wait(SYSTEMD_CGROUP_CONTROLLER, cgroup_user_tree, true);
+ free(cgroup_user_tree);
+
+ if (q < 0) {
log_error("Failed to kill sessions: %s", strerror(-q));
+ goto finish;
+ }
- if (r < 0 || q < 0)
+ if (r < 0)
goto finish;
} else {
More information about the systemd-commits
mailing list