[systemd-devel] The whole su/pkexec session debate
David Herrmann
dh.herrmann at gmail.com
Mon Dec 2 05:37:04 PST 2013
Hi
On Mon, Dec 2, 2013 at 11:00 AM, Colin Guthrie <gmane at colin.guthr.ie> wrote:
> 'Twas brillig, and Martin Pitt at 02/12/13 05:48 did gyre and gimble:
>>> > This way, screen will keep an "active" reference to the session and
>>> > systemd-logind will not mark it as "closing".
>>
>> But that screen process would still be running in the user's logind
>> session cgroup, so logind can see that the session is still active
>> that way? (Unless you configured it to kill all session processes on
>> logout).
>
> The session is still marked as "closing" but because processes still
> exist it never quite dies. And yes, the kill processes option (which is
> a nice thing to enable if possible) would indeed kill the screen.
We have this nice "pipe" which is leaked into every session-process.
If they fork(), the pipe is dup()ed (unless they use /proc/self/fd/*
to close all fds) into the child. Only when *all* these processes are
dead, logind gets HUP on its side of the pipe.
Unfortunately, we make pam_close_session() call ReleaseSession() which
instructs logind to mark the session as "closing" and disables the
pipe-logic.
So to fix this, we could remove the ReleaseSession() call from
pam_systemd.c and solely rely on the pipe-logic. This however,
prevents normal gnome-session sessions from being marked as "closing"
once the session exited but some random process lingers in the
session-cgroup.
But then gnome-session should simply call ReleaseSession() on the bus itself..
Cheers
David
More information about the systemd-devel
mailing list