Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2013-11-30 17:36:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "systemd" Changes: -------- systemd-rpm-macros.changes: same change --- /work/SRC/openSUSE:Factory/systemd/systemd.changes 2013-11-07 09:05:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.systemd.new/systemd.changes 2013-11-30 17:39:55.000000000 +0100 @@ -1,0 +2,22 @@ +Thu Nov 28 10:25:58 UTC 2013 - lbsousajr@gmail.com + +- Add U_logind_revert_lazy_session_activation_on_non_vt_seats.patch + * See: http://cgit.freedesktop.org/systemd/systemd/commit/?id=3fdb2494c1e24c0a020f5... + +------------------------------------------------------------------- +Tue Nov 26 15:12:58 UTC 2013 - werner@suse.de + +- Add patch + 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch + to avoid (xdg-)su to set XDG_RUNTIME_DIR to the original user and + avoid that e.g. pulseaudio will create /run/user/<pid>/pulse owned + by root (bnc#852015) + +------------------------------------------------------------------- +Thu Nov 21 12:27:11 UTC 2013 - werner@suse.de + +- Add patch + 1011-check-4-valid-kmsg-device.patch + to avoid a busy systemd-journald (bnc#851393) + +------------------------------------------------------------------- New: ---- 1011-check-4-valid-kmsg-device.patch 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch U_logind_revert_lazy_session_activation_on_non_vt_seats.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ systemd-rpm-macros.spec: same change ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.h4rK2p/_old 2013-11-30 17:39:57.000000000 +0100 +++ /var/tmp/diff_new_pack.h4rK2p/_new 2013-11-30 17:39:57.000000000 +0100 @@ -258,6 +258,11 @@ Patch1009: 1009-make-xsltproc-use-correct-ROFF-links.patch # PATCH-FIX-OPENSUSE 1010-do-not-install-sulogin-unit-with-poweroff.patch -- Avoid installing console-shell.service (bnc#849071) Patch1010: 1010-do-not-install-sulogin-unit-with-poweroff.patch +# PATCH-FIX-OPENSUSE 1011-check-4-valid-kmsg-device.patch -- Avoid busy systemd-journald (bnc#851393) +Patch1011: 1011-check-4-valid-kmsg-device.patch +# PATCH-FIX-PSTREAM 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch +Patch1012: 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch +Patch1013: U_logind_revert_lazy_session_activation_on_non_vt_seats.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -534,6 +539,9 @@ %endif %patch1009 -p1 %patch1010 -p1 +%patch1011 -p1 +%patch1012 -p1 +%patch1013 -p1 # ensure generate files are removed rm -f units/emergency.service ++++++ 1011-check-4-valid-kmsg-device.patch ++++++ From: Werner Fink <werner@suse.de> Date: Thu, 21 Nov 2013 11:50:32 +0000 Subject: [PATCH] Avoid busy systemd-journald Avoid a busy systemd-journald due polling a broken /dec/kmsg in lxc environments. --- journald-kmsg.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) Index: systemd-208/src/journal/journald-kmsg.c =================================================================== --- systemd-208/src/journal/journald-kmsg.c +++ systemd-208/src/journal/journald-kmsg.c 2013-11-21 13:30:22.930735683 +0000 @@ -23,7 +23,9 @@ #include <sys/epoll.h> #include <fcntl.h> #include <sys/mman.h> +#include <sys/stat.h> #include <sys/socket.h> +#include <sys/types.h> #include <systemd/sd-messages.h> #include <libudev.h> @@ -377,20 +379,43 @@ int server_flush_dev_kmsg(Server *s) { int server_open_dev_kmsg(Server *s) { struct epoll_event ev; + struct stat st; assert(s); s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); if (s->dev_kmsg_fd < 0) { - log_warning("Failed to open /dev/kmsg, ignoring: %m"); + /* Do not warn as it may not exists in LXC environments */ + if (errno != ENOENT) + log_warning("Failed to open /dev/kmsg, ignoring: %m"); return 0; } + if (fstat(s->dev_kmsg_fd, &st) < 0) { + log_error("Failed to stat /dev/kmsg fd, ignoring: %m"); + close_nointr_nofail(s->dev_kmsg_fd); + s->dev_kmsg_fd = -1; + return 0; + } + + if (!S_ISCHR(st.st_mode) || major(st.st_rdev) != 1 || minor(st.st_rdev) != 11) { + int old_errno = errno; + errno = ENODEV; + log_warning("Irregular device /dev/kmsg, ignoring: %m"); + errno = old_errno; + close_nointr_nofail(s->dev_kmsg_fd); + s->dev_kmsg_fd = -1; + return 0; + } + zero(ev); ev.events = EPOLLIN; ev.data.fd = s->dev_kmsg_fd; if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) { + close_nointr_nofail(s->dev_kmsg_fd); + s->dev_kmsg_fd = -1; + /* This will fail with EPERM on older kernels where * /dev/kmsg is not readable. */ if (errno == EPERM) ++++++ 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch ++++++ Based on upstream baae0358f349870544884e405e82e4be7d8add9f | From: Lennart Poettering <lennart@poettering.net> | Date: Tue, 26 Nov 2013 04:05:00 +0000 | Subject: pam_systemd: do not set XDG_RUNTIME_DIR if the session's original user is not the same as the newly logged in one | It's better not to set any XDG_RUNTIME_DIR at all rather than one of a | different user. So let's do this. --- systemd-208/src/login/logind-dbus.c +++ systemd-208/src/login/logind-dbus.c 2013-11-26 13:37:05.730735774 +0000 @@ -523,6 +523,7 @@ static int bus_manager_create_session(Ma DBUS_TYPE_OBJECT_PATH, &path, DBUS_TYPE_STRING, &session->user->runtime_path, DBUS_TYPE_UNIX_FD, &fifo_fd, + DBUS_TYPE_UINT32, &session->user->uid, DBUS_TYPE_STRING, &cseat, DBUS_TYPE_UINT32, &vtnr, DBUS_TYPE_BOOLEAN, &exists, --- systemd-208/src/login/logind-session-dbus.c +++ systemd-208/src/login/logind-session-dbus.c 2013-11-26 13:36:07.478236401 +0000 @@ -755,6 +755,7 @@ int session_send_create_reply(Session *s DBUS_TYPE_OBJECT_PATH, &path, DBUS_TYPE_STRING, &s->user->runtime_path, DBUS_TYPE_UNIX_FD, &fifo_fd, + DBUS_TYPE_UINT32, &s->user->uid, DBUS_TYPE_STRING, &cseat, DBUS_TYPE_UINT32, &vtnr, DBUS_TYPE_BOOLEAN, &exists, --- systemd-208/src/login/pam-module.c +++ systemd-208/src/login/pam-module.c 2013-11-26 14:32:20.194235777 +0000 @@ -93,24 +93,18 @@ static int get_user_data( assert(ret_username); assert(ret_pw); - r = audit_loginuid_from_pid(0, &uid); - if (r >= 0) - pw = pam_modutil_getpwuid(handle, uid); - else { - r = pam_get_user(handle, &username, NULL); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to get user name."); - return r; - } - - if (isempty(username)) { - pam_syslog(handle, LOG_ERR, "User name not valid."); - return PAM_AUTH_ERR; - } + r = pam_get_user(handle, &username, NULL); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to get user name."); + return r; + } - pw = pam_modutil_getpwnam(handle, username); + if (isempty(username)) { + pam_syslog(handle, LOG_ERR, "User name not valid."); + return PAM_AUTH_ERR; } + pw = pam_modutil_getpwnam(handle, username); if (!pw) { pam_syslog(handle, LOG_ERR, "Failed to get user data."); return PAM_USER_UNKNOWN; @@ -123,16 +117,14 @@ static int get_user_data( } static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) { - _cleanup_free_ char *p = NULL; - int r; - _cleanup_close_ int fd = -1; union sockaddr_union sa = { .un.sun_family = AF_UNIX, }; + _cleanup_free_ char *p = NULL, *tty = NULL; + _cleanup_close_ int fd = -1; struct ucred ucred; socklen_t l; - _cleanup_free_ char *tty = NULL; - int v; + int v, r; assert(display); assert(vtnr); @@ -194,13 +186,12 @@ _public_ PAM_EXTERN int pam_sm_open_sess dbus_bool_t remote, existing; int r; uint32_t vtnr = 0; + uid_t original_uid; assert(handle); dbus_error_init(&error); - /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */ - /* Make this a NOP on non-logind systems */ if (!logind_running()) return PAM_SUCCESS; @@ -213,6 +204,9 @@ _public_ PAM_EXTERN int pam_sm_open_sess goto finish; } + if (debug) + pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); + r = get_user_data(handle, &username, &pw); if (r != PAM_SUCCESS) goto finish; @@ -374,7 +368,11 @@ _public_ PAM_EXTERN int pam_sm_open_sess if (debug) pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: " "uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s", - uid, pid, service, type, class, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host); + pw->pw_uid, pid, + strempty(service), + type, class, + seat, vtnr, tty, display, + yes_no(remote), remote_user, remote_host); reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error); if (!reply) { @@ -388,6 +386,7 @@ _public_ PAM_EXTERN int pam_sm_open_sess DBUS_TYPE_OBJECT_PATH, &object_path, DBUS_TYPE_STRING, &runtime_path, DBUS_TYPE_UNIX_FD, &session_fd, + DBUS_TYPE_UINT32, &original_uid, DBUS_TYPE_STRING, &seat, DBUS_TYPE_UINT32, &vtnr, DBUS_TYPE_BOOLEAN, &existing, @@ -399,8 +398,8 @@ _public_ PAM_EXTERN int pam_sm_open_sess if (debug) pam_syslog(handle, LOG_DEBUG, "Reply from logind: " - "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u", - id, object_path, runtime_path, session_fd, seat, vtnr); + "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u", + id, object_path, runtime_path, session_fd, seat, vtnr, original_uid); r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0); if (r != PAM_SUCCESS) { @@ -408,10 +407,24 @@ _public_ PAM_EXTERN int pam_sm_open_sess goto finish; } - r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); - goto finish; + if (original_uid == pw->pw_uid) { + /* Don't set $XDG_RUNTIME_DIR if the user we now + * authenticated for does not match the original user + * of the session. We do this in order not to result + * in privileged apps clobbering the runtime directory + * unnecessarily. */ + + r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + goto finish; + } + } else { + (void) unsetenv("XDG_RUNTIME_DIR"); + r = pam_putenv(handle, "XDG_RUNTIME_DIR"); + if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) { + pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir."); + } } if (!isempty(seat)) { ++++++ U_logind_revert_lazy_session_activation_on_non_vt_seats.patch ++++++

From 3fdb2494c1e24c0a020f5b54022d2c751fd26f50 Mon Sep 17 00:00:00 2001 From: David Herrmann <dh.herrmann@gmail.com> Date: Thu, 28 Nov 2013 09:52:18 +0000 Subject: login: revert lazy session-activation on non-VT seats

Existing applications like gdm already depend on new sessions to get immediately activated on seats without VTs. Fixes a bug reported as: [systemd-devel] systemd 208:trouble with inactive user sessions at non-seat0 seats This patch restores the original behavior. We either need to add a new flag for session-creation or some other heuristic to avoid activating new sessions in the future. --- --- a/src/login/logind-seat.c 2013-11-28 11:30:49.624623090 -0200 +++ b/src/login/logind-seat.c 2013-11-28 11:31:46.668792391 -0200 @@ -420,8 +420,8 @@ seat_send_changed(s, "Sessions\0"); /* On seats with VTs, the VT logic defines which session is active. On - * seats without VTs, we automatically activate the first session. */ - if (!seat_has_vts(s) && !s->active) + * seats without VTs, we automatically activate new sessions. */ + if (!seat_has_vts(s)) seat_set_active(s, session); return 0; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org