[systemd-commits] 2 commits - TODO src/core

Lennart Poettering lennart at kemper.freedesktop.org
Mon May 21 08:58:05 PDT 2012 

 TODO               |    2 ++
 src/core/execute.c |   18 +++++++++++++-----
 2 files changed, 15 insertions(+), 5 deletions(-)

New commits:
commit 940c5210344e90428287e4f8878a9064e8869e22
Author: Auke Kok <auke-jan.h.kok at intel.com>
Date:   Thu May 17 12:17:42 2012 -0700

    sd-pam: Drop uid so parent signal arrives at child.
    
    The PAM helper thread needs to capture the death signal from the
    parent, but is prohibited from doing so since when the child dies
    as normal user, the kernel won't allow it to send a TERM to the
    PAM helper thread which is running as root.
    
    This causes the PAM threads to never exit, accumulating after
    user sessions exit.
    
    There is however really no need to keep the PAM threads running as
    root, so, we can just setresuid() to the same user as defined in the
    unit file for the parent thread (User=). This makes the TERM signal
    arrive as normal. In case setresuid() fails, we ignore the error, so
    we at least fall back to the current behaviour.

diff --git a/src/core/execute.c b/src/core/execute.c
index 953cfa2..4d40919 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -703,6 +703,7 @@ static int null_conv(
 static int setup_pam(
                 const char *name,
                 const char *user,
+                uid_t uid,
                 const char *tty,
                 char ***pam_env,
                 int fds[], unsigned n_fds) {
@@ -781,10 +782,17 @@ static int setup_pam(
                 open here that have been opened by PAM. */
                 close_many(fds, n_fds);
 
-                /* Wait until our parent died. This will most likely
-                 * not work since the kernel does not allow
-                 * unprivileged parents kill their privileged children
-                 * this way. We rely on the control groups kill logic
+                /* Drop privileges - we don't need any to pam_close_session
+                 * and this will make PR_SET_PDEATHSIG work in most cases.
+                 * If this fails, ignore the error - but expect sd-pam threads
+                 * to fail to exit normally */
+                if (setresuid(uid, uid, uid) < 0)
+                        log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
+
+                /* Wait until our parent died. This will only work if
+                 * the above setresuid() succeeds, otherwise the kernel
+                 * will not allow unprivileged parents kill their privileged
+                 * children this way. We rely on the control groups kill logic
                  * to do the rest for us. */
                 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
                         goto child_finish;
@@ -1294,7 +1302,7 @@ int exec_spawn(ExecCommand *command,
 
 #ifdef HAVE_PAM
                 if (context->pam_name && username) {
-                        err = setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds);
+                        err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
                         if (err < 0) {
                                 r = EXIT_PAM;
                                 goto fail_child;

commit 5b40d33761376354116a8cddb9b9fbdb6c4727d6
Author: Lennart Poettering <lennart at poettering.net>
Date:   Mon May 21 17:55:54 2012 +0200

    update TODO

diff --git a/TODO b/TODO
index f2a844e..1a47d5a 100644
--- a/TODO
+++ b/TODO
@@ -23,6 +23,8 @@ Bugfixes:
 
 Features:
 
+* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr
+
 * readahead: when bumping /sys readahead variable save mtime and compare later to detect changes
 
 * in rescue mode don't pull in sockets

More information about the systemd-commits mailing list