From 06c3a78f7ab9d45521e33300f9a2e9fcd8dfe716 Mon Sep 17 00:00:00 2001 From: wchang kim Date: Fri, 24 Jun 2016 18:45:58 +0900 Subject: [PATCH] Description : Adding to enable/disable the multiuser feature. The feature of multiuser can be disabled by changing with_multiuser value in the spec file. When multiuser is disabled, - Disabling logind feature. - Making /run/systemd/users/5001 - Mounting /run/user/5001 - Do not fork sd-pam - Running user@5001.service directly Change-Id: Iec82c2e74a72c159d602c2fe4efff4d4c8ddf810 Signed-off-by: Woochang Kim --- Makefile.am | 10 +++++++++- configure.ac | 1 + packaging/systemd.spec | 24 ++++++++++++++++++++++++ src/core/execute.c | 2 ++ tmpfiles.d/systemd.conf.m4 | 7 +++++++ units/run-user-5001.mount | 11 +++++++++++ units/user@.service.m4.in | 1 + 7 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 units/run-user-5001.mount diff --git a/Makefile.am b/Makefile.am index 3d79736..ba77afa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5938,9 +5938,17 @@ dist_udevrules_DATA += \ nodist_udevrules_DATA += \ src/login/71-seat.rules \ src/login/73-seat-late.rules - +else +MULTI_USER_TARGET_WANTS += \ + user@5001.service endif +dist_systemunit_DATA += \ + units/run-user-5001.mount + +SYSINIT_TARGET_WANTS += \ + run-user-5001.mount + polkitpolicy_in_files += \ src/login/org.freedesktop.login1.policy.in diff --git a/configure.ac b/configure.ac index 057beaa..0bba479 100644 --- a/configure.ac +++ b/configure.ac @@ -1029,6 +1029,7 @@ have_logind=no AC_ARG_ENABLE(logind, AS_HELP_STRING([--disable-logind], [disable login daemon])) if test "x$enable_logind" != "xno"; then have_logind=yes + M4_DEFINES="$M4_DEFINES -DHAVE_LOGIND" fi AM_CONDITIONAL(ENABLE_LOGIND, [test "$have_logind" = "yes"]) AS_IF([test "$have_logind" = "yes"], [ AC_DEFINE(HAVE_LOGIND, [1], [Logind support available]) ]) diff --git a/packaging/systemd.spec b/packaging/systemd.spec index a863203..87405fe 100644 --- a/packaging/systemd.spec +++ b/packaging/systemd.spec @@ -9,6 +9,7 @@ %define WITH_BACKLIGHT 0 %define WITH_TIMEDATED 0 %define WITH_RFKILL 0 +%define with_multiuser 1 Name: systemd Version: 219 @@ -153,6 +154,9 @@ cp %{SOURCE1001} . --with-sysvinit-path= \ --with-sysvrcnd-path= \ --with-smack-run-label=System \ +%if ! %{?with_multiuser} + --disable-logind \ +%endif cc_cv_CFLAGS__flto=no make %{?_smp_mflags} \ systemunitdir=%{_unitdir} \ @@ -186,7 +190,9 @@ EOF /usr/bin/ln -s ../bin/systemctl %{buildroot}%{_sbindir}/runlevel # legacy links +%if %{?with_multiuser} /usr/bin/ln -s loginctl %{buildroot}%{_bindir}/systemd-loginctl +%endif # We create all wants links manually at installation time to make sure # they are not owned and hence overriden by rpm after the used deleted @@ -278,7 +284,9 @@ mkdir -p %{buildroot}/%{_localstatedir}/log/journal /usr/bin/systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd.service >/dev/null 2>&1 || : # Rename configuration files that changed their names +%if %{?with_multiuser} /usr/bin/mv -n %{_sysconfdir}/systemd/systemd-logind.conf %{_sysconfdir}/systemd/logind.conf >/dev/null 2>&1 || : +%endif /usr/bin/mv -n %{_sysconfdir}/systemd/systemd-journald.conf %{_sysconfdir}/systemd/journald.conf >/dev/null 2>&1 || : %post @@ -315,7 +323,9 @@ fi %files %manifest %{name}.manifest +%if %{with_multiuser} %config %{_sysconfdir}/pam.d/systemd-user +%endif %{_bindir}/bootctl %{_bindir}/busctl %{_bindir}/kernel-install @@ -366,7 +376,9 @@ fi %dir %{_datadir}/systemd %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.systemd1.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.hostname1.conf +%if %{?with_multiuser} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.login1.conf +%endif %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.locale1.conf %if %{?WITH_TIMEDATED} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.timedate1.conf @@ -378,7 +390,9 @@ fi %endif %config(noreplace) %{_sysconfdir}/systemd/system.conf %config(noreplace) %{_sysconfdir}/systemd/user.conf +%if %{?with_multiuser} %config(noreplace) %{_sysconfdir}/systemd/logind.conf +%endif %config(noreplace) %{_sysconfdir}/systemd/journald.conf %config(noreplace) %{_sysconfdir}/udev/udev.conf %{_sysconfdir}/xdg/systemd @@ -394,8 +408,10 @@ fi %{_bindir}/systemd-ask-password %{_bindir}/systemd-tty-ask-password-agent %{_bindir}/systemd-machine-id-setup +%if %{?with_multiuser} %{_bindir}/loginctl %{_bindir}/systemd-loginctl +%endif %{_bindir}/journalctl %{_bindir}/systemd-tmpfiles %{_bindir}/systemd-nspawn @@ -405,7 +421,9 @@ fi %{_bindir}/systemd-cgtop %{_bindir}/systemd-delta %{_bindir}/systemd-detect-virt +%if %{?with_multiuser} %{_bindir}/systemd-inhibit +%endif %{_bindir}/udevadm %{_bindir}/systemd-escape %{_bindir}/systemd-path @@ -460,7 +478,9 @@ fi %{_datadir}/dbus-1/services/org.freedesktop.systemd1.service %{_datadir}/dbus-1/system-services/org.freedesktop.systemd1.service %{_datadir}/dbus-1/system-services/org.freedesktop.hostname1.service +%if %{?with_multiuser} %{_datadir}/dbus-1/system-services/org.freedesktop.login1.service +%endif %{_datadir}/dbus-1/system-services/org.freedesktop.locale1.service %if %{?WITH_TIMEDATED} %{_datadir}/dbus-1/system-services/org.freedesktop.timedate1.service @@ -470,7 +490,9 @@ fi %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.systemd1.policy %{_datadir}/polkit-1/actions/org.freedesktop.hostname1.policy +%if %{?with_multiuser} %{_datadir}/polkit-1/actions/org.freedesktop.login1.policy +%endif %{_datadir}/polkit-1/actions/org.freedesktop.locale1.policy %if %{?WITH_TIMEDATED} %{_datadir}/polkit-1/actions/org.freedesktop.timedate1.policy @@ -494,7 +516,9 @@ fi %files -n libsystemd %manifest %{name}.manifest +%if %{?with_multiuser} %{_libdir}/security/pam_systemd.so +%endif %{_libdir}/libsystemd.so.* %{_libdir}/libudev.so.* %{_libdir}/libsystemd-daemon.so.* diff --git a/src/core/execute.c b/src/core/execute.c index 7c178b9..807914e 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -899,6 +899,7 @@ static int setup_pam( parent_pid = getpid(); +#ifdef HAVE_LOGIND pam_pid = fork(); if (pam_pid < 0) { r = -errno; @@ -977,6 +978,7 @@ static int setup_pam( pam_end(handle, pam_code | flags); _exit(ret); } +#endif // HAVE_LOGIND barrier_set_role(&barrier, BARRIER_PARENT); diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 index 2cd58e9..3681756 100644 --- a/tmpfiles.d/systemd.conf.m4 +++ b/tmpfiles.d/systemd.conf.m4 @@ -71,3 +71,10 @@ a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- d /var/lib/systemd 0755 root root - d /var/lib/systemd/coredump 0755 root root 3d + +m4_ifdef(`HAVE_LOGIND', +`', +` +f /run/systemd/users/5001 0775 owner users - +' +)m4_dnl diff --git a/units/run-user-5001.mount b/units/run-user-5001.mount new file mode 100644 index 0000000..8957251 --- /dev/null +++ b/units/run-user-5001.mount @@ -0,0 +1,11 @@ +[Unit] +Description=Default User Directory +DefaultDependencies=no +Conflicts=umount.target +After=systemd-tmpfiles-setup.service + +[Mount] +What=tmpfs +Where=/run/user/5001 +Type=tmpfs +Options=mode=700,smackfsroot=*,nosuid,noexec,nodev,uid=5001,gid=100,size=98748k diff --git a/units/user@.service.m4.in b/units/user@.service.m4.in index 9957ee1..9fc0c30 100644 --- a/units/user@.service.m4.in +++ b/units/user@.service.m4.in @@ -20,6 +20,7 @@ KillMode=mixed Delegate=yes TasksMax=infinity Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%U/dbus/user_bus_socket +Environment=XDG_RUNTIME_DIR=/run/user/%U Capabilities=cap_mac_admin,cap_mac_override,cap_setgid=i SupplementaryGroups=priv_mediastorage priv_externalstorage priv_message_read priv_mapservice priv_network_get priv_internet SecureBits=keep-caps -- 2.7.4