[systemd-commits] 4 commits - src/login units/systemd-logind.service.in

David Herrmann dvdhrm at kemper.freedesktop.org
Tue Oct 1 09:06:21 PDT 2013


 src/login/logind-seat.c           |    4 ++-
 src/login/logind-session-device.c |   42 ++++++++++++++++++++++++++++----------
 units/systemd-logind.service.in   |    2 -
 3 files changed, 35 insertions(+), 13 deletions(-)

New commits:
commit 11c2f7a81381127c253cc6fd05da6dad0d842336
Author: David Herrmann <dh.herrmann at gmail.com>
Date:   Tue Oct 1 17:59:44 2013 +0200

    logind: run with CAP_SYS_ADMIN
    
    DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability
    bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge
    set of actions, this mostly renders the restriction-set useless. Anyway,
    patches are already pending to reduce the restriction on the kernel side.
    But these won't really make it into any stable-release so for now we're
    stuck with CAP_SYS_ADMIN.

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 6b68717..31b5cd0 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -18,7 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
 Restart=always
 RestartSec=0
 BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 
 # Increase the default a bit in order to allow many simultaneous
 # logins since we keep one fd open per session.

commit dfd552707d43087a1e0079cdae9f5290e14b78e9
Author: David Herrmann <dh.herrmann at gmail.com>
Date:   Tue Oct 1 17:58:58 2013 +0200

    logind: send PropertyChanged during deactivation
    
    We only send the PropertyChanged signal for the to-be-activated session
    but not for the to-be-deactivated one. Fix that so both listeners get
    notified about the new state.

diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 4a4d40a..feebcf4 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -246,8 +246,10 @@ int seat_set_active(Seat *s, Session *session) {
         old_active = s->active;
         s->active = session;
 
-        if (old_active)
+        if (old_active) {
                 session_device_pause_all(old_active);
+                session_send_changed(old_active, "Active\0");
+        }
 
         seat_apply_acls(s, old_active);
 

commit c2e5d024a380bae6ead301fb4f40787b372ec3e0
Author: David Herrmann <dh.herrmann at gmail.com>
Date:   Tue Oct 1 17:53:43 2013 +0200

    logind: check whether first drmSetMaster succeeded
    
    The initial drmSetMaster may fail if there is an active master already. We
    must not assume that all existing clients comply to logind rules. We check
    for this during session-activation already but didn't during device setup.
    Fix this by checking the return code.
    
    As drmSetMaster has had horrible return codes in the past (0 for failure?
    EINVAL for denied access, ..) we need to be quite pedantic. To guarantee
    an open file-descriptor we need to close the device and reopen it without
    master if setting master failed first.

diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c
index 27afafa..546c537 100644
--- a/src/login/logind-session-device.c
+++ b/src/login/logind-session-device.c
@@ -144,7 +144,7 @@ static int sd_drmdropmaster(int fd) {
 }
 
 static int session_device_open(SessionDevice *sd, bool active) {
-        int fd;
+        int fd, r;
 
         assert(sd->type != DEVICE_TYPE_UNKNOWN);
 
@@ -155,9 +155,17 @@ static int session_device_open(SessionDevice *sd, bool active) {
 
         switch (sd->type) {
         case DEVICE_TYPE_DRM:
-                if (active)
-                        sd_drmsetmaster(fd);
-                else {
+                if (active) {
+                        /* Weird legacy DRM semantics might return an error
+                         * even though we're master. No way to detect that so
+                         * fail at all times and let caller retry in inactive
+                         * state. */
+                        r = sd_drmsetmaster(fd);
+                        if (r < 0) {
+                                close(fd);
+                                return r;
+                        }
+                } else {
                         /* DRM-Master is granted to the first user who opens a
                          * device automatically (ughh, racy!). Hence, we just
                          * drop DRM-Master in case we were the first. */
@@ -384,9 +392,17 @@ int session_device_new(Session *s, dev_t dev, SessionDevice **out) {
          * revoke access and thus invalidate the fd. But this is still needed
          * to pass a valid fd back. */
         sd->active = session_is_active(s);
-        sd->fd = session_device_open(sd, sd->active);
-        if (sd->fd < 0)
-                goto error;
+        r = session_device_open(sd, sd->active);
+        if (r < 0) {
+                /* EINVAL _may_ mean a master is active; retry inactive */
+                if (sd->active && r == -EINVAL) {
+                        sd->active = false;
+                        r = session_device_open(sd, false);
+                }
+                if (r < 0)
+                        goto error;
+        }
+        sd->fd = r;
 
         LIST_PREPEND(SessionDevice, sd_by_device, sd->device->session_devices, sd);
 

commit 081dfa852fc5cd183a20747f2d8e4ef62d29d181
Author: David Herrmann <dh.herrmann at gmail.com>
Date:   Tue Oct 1 17:48:15 2013 +0200

    logind: fix session-device dbus notify
    
    Had this fix lying around here for some time. Thanks to missing
    type-checking for va-args we passed in the actual major/minor values
    instead of pointers to it. Fix it by saving the values on the stack first
    and passing in the pointers.

diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c
index b45f9eb..27afafa 100644
--- a/src/login/logind-session-device.c
+++ b/src/login/logind-session-device.c
@@ -46,9 +46,13 @@ static void session_device_notify(SessionDevice *sd, enum SessionDeviceNotificat
         _cleanup_dbus_message_unref_ DBusMessage *m = NULL;
         _cleanup_free_ char *path = NULL;
         const char *t = NULL;
+        uint32_t major, minor;
 
         assert(sd);
 
+        major = major(sd->dev);
+        minor = minor(sd->dev);
+
         if (!sd->session->controller)
                 return;
 
@@ -68,8 +72,8 @@ static void session_device_notify(SessionDevice *sd, enum SessionDeviceNotificat
         switch (type) {
         case SESSION_DEVICE_RESUME:
                 if (!dbus_message_append_args(m,
-                                              DBUS_TYPE_UINT32, major(sd->dev),
-                                              DBUS_TYPE_UINT32, minor(sd->dev),
+                                              DBUS_TYPE_UINT32, &major,
+                                              DBUS_TYPE_UINT32, &minor,
                                               DBUS_TYPE_UNIX_FD, &sd->fd,
                                               DBUS_TYPE_INVALID))
                         return;
@@ -88,8 +92,8 @@ static void session_device_notify(SessionDevice *sd, enum SessionDeviceNotificat
         }
 
         if (t && !dbus_message_append_args(m,
-                                           DBUS_TYPE_UINT32, major(sd->dev),
-                                           DBUS_TYPE_UINT32, minor(sd->dev),
+                                           DBUS_TYPE_UINT32, &major,
+                                           DBUS_TYPE_UINT32, &minor,
                                            DBUS_TYPE_STRING, &t,
                                            DBUS_TYPE_INVALID))
                 return;



More information about the systemd-commits mailing list