diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-10-28 14:57:00 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-28 14:57:00 +0100 |
commit | a5f6f346d3db9061fa73527e9dba3fa6b1d80b69 (patch) | |
tree | 924f5d0a1832be95944d64183fd51e5d31d2aabc | |
parent | fec837e96e902c041adae552aa3101b8a8132869 (diff) | |
parent | adc09af234047126b5ed65869d575c99dec3f9cc (diff) | |
download | systemd-a5f6f346d3db9061fa73527e9dba3fa6b1d80b69.tar.gz |
Merge pull request #13423 from pwithnall/12035-session-time-limits
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
-rw-r--r-- | docs/TRANSIENT-SETTINGS.md | 1 | ||||
-rw-r--r-- | man/pam_systemd.xml | 7 | ||||
-rw-r--r-- | man/systemd.scope.xml | 25 | ||||
-rw-r--r-- | src/core/dbus-scope.c | 13 | ||||
-rw-r--r-- | src/core/load-fragment-gperf.gperf.m4 | 1 | ||||
-rw-r--r-- | src/core/scope.c | 41 | ||||
-rw-r--r-- | src/core/scope.h | 1 | ||||
-rw-r--r-- | src/login/pam_systemd.c | 32 | ||||
-rw-r--r-- | src/shared/bus-unit-util.c | 20 | ||||
-rwxr-xr-x | test/TEST-03-JOBS/test-jobs.sh | 10 | ||||
-rw-r--r-- | test/fuzz/fuzz-unit-file/directives.scope | 2 |
11 files changed, 135 insertions, 18 deletions
diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md index 08d317ca41..05d6d4c068 100644 --- a/docs/TRANSIENT-SETTINGS.md +++ b/docs/TRANSIENT-SETTINGS.md @@ -370,6 +370,7 @@ Scope units are fully supported as transient units (in fact they only exist as such). ``` +✓ RuntimeMaxSec= ✓ TimeoutStopSec= ``` diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index fd8e4fb773..d5be98e4c0 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -263,6 +263,12 @@ <listitem><para>Sets unit <varname>IOWeight=</varname>.</para></listitem> </varlistentry> + + <varlistentry> + <term><varname>systemd.runtime_max_sec</varname></term> + + <listitem><para>Sets unit <varname>RuntimeMaxSec=</varname>.</para></listitem> + </varlistentry> </variablelist> <para>Example data as can be provided from an another PAM module: @@ -271,6 +277,7 @@ pam_set_data(handle, "systemd.memory_max", (void *)"200M", cleanup); pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup); pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup); pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup); +pam_set_data(handle, "systemd.runtime_max_sec", (void *)"3600", cleanup); </programlisting> </para> diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml index 503a480dd0..daf3554db2 100644 --- a/man/systemd.scope.xml +++ b/man/systemd.scope.xml @@ -78,6 +78,31 @@ </refsect1> <refsect1> + <title>Options</title> + + <para>Scope files may include a <literal>[Scope]</literal> + section, which carries information about the scope and the + units it contains. A number of options that may be used in + this section are shared with other unit types. These options are + documented in + <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> + and + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + The options specific to the <literal>[Scope]</literal> section + of scope units are the following:</para> + + <variablelist class='unit-directives'> + <varlistentry> + <term><varname>RuntimeMaxSec=</varname></term> + + <listitem><para>Configures a maximum time for the scope to run. If this is used and the scope has been + active for longer than the specified time it is terminated and put into a failure state. Pass + <literal>infinity</literal> (the default) to configure no runtime limit.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c index 8eb915e508..84d91dcfa3 100644 --- a/src/core/dbus-scope.c +++ b/src/core/dbus-scope.c @@ -47,6 +47,7 @@ const sd_bus_vtable bus_scope_vtable[] = { SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_SIGNAL("RequestStop", NULL, 0), SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END @@ -59,6 +60,7 @@ static int bus_scope_set_transient_property( UnitWriteFlags flags, sd_bus_error *error) { + Unit *u = UNIT(s); int r; assert(s); @@ -68,7 +70,10 @@ static int bus_scope_set_transient_property( flags |= UNIT_PRIVATE; if (streq(name, "TimeoutStopUSec")) - return bus_set_transient_usec(UNIT(s), name, &s->timeout_stop_usec, message, flags, error); + return bus_set_transient_usec(u, name, &s->timeout_stop_usec, message, flags, error); + + if (streq(name, "RuntimeMaxUSec")) + return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error); if (streq(name, "PIDs")) { _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; @@ -101,12 +106,12 @@ static int bus_scope_set_transient_property( } else pid = (uid_t) upid; - r = unit_pid_attachable(UNIT(s), pid, error); + r = unit_pid_attachable(u, pid, error); if (r < 0) return r; if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - r = unit_watch_pid(UNIT(s), pid, false); + r = unit_watch_pid(u, pid, false); if (r < 0 && r != -EEXIST) return r; } @@ -128,7 +133,7 @@ static int bus_scope_set_transient_property( /* We can't support direct connections with this, as direct connections know no service or unique name * concept, but the Controller field stores exactly that. */ - if (sd_bus_message_get_bus(message) != UNIT(s)->manager->api_bus) + if (sd_bus_message_get_bus(message) != u->manager->api_bus) return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Sorry, Controller= logic only supported via the bus."); r = sd_bus_message_read(message, "s", &controller); diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index d057c0d18b..66e1a17183 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -471,6 +471,7 @@ CGROUP_CONTEXT_CONFIG_ITEMS(Slice)m4_dnl m4_dnl CGROUP_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl KILL_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl +Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec) Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec) m4_dnl The [Install] section is ignored here. Install.Alias, NULL, 0, 0 diff --git a/src/core/scope.c b/src/core/scope.c index 094c8979a8..e8cfedb0d4 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -34,6 +34,7 @@ static void scope_init(Unit *u) { assert(u); assert(u->load_state == UNIT_STUB); + s->runtime_max_usec = USEC_INFINITY; s->timeout_stop_usec = u->manager->default_timeout_stop_usec; u->ignore_on_isolate = true; } @@ -203,6 +204,23 @@ static int scope_load(Unit *u) { return scope_verify(s); } +static usec_t scope_coldplug_timeout(Scope *s) { + assert(s); + + switch (s->deserialized_state) { + + case SCOPE_RUNNING: + return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec); + + case SCOPE_STOP_SIGKILL: + case SCOPE_STOP_SIGTERM: + return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec); + + default: + return USEC_INFINITY; + } +} + static int scope_coldplug(Unit *u) { Scope *s = SCOPE(u); int r; @@ -213,11 +231,9 @@ static int scope_coldplug(Unit *u) { if (s->deserialized_state == s->state) return 0; - if (IN_SET(s->deserialized_state, SCOPE_STOP_SIGKILL, SCOPE_STOP_SIGTERM)) { - r = scope_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_stop_usec)); - if (r < 0) - return r; - } + r = scope_arm_timer(s, scope_coldplug_timeout(s)); + if (r < 0) + return r; if (!IN_SET(s->deserialized_state, SCOPE_DEAD, SCOPE_FAILED)) (void) unit_enqueue_rewatch_pids(u); @@ -230,15 +246,18 @@ static int scope_coldplug(Unit *u) { static void scope_dump(Unit *u, FILE *f, const char *prefix) { Scope *s = SCOPE(u); + char buf_runtime[FORMAT_TIMESPAN_MAX]; assert(s); assert(f); fprintf(f, "%sScope State: %s\n" - "%sResult: %s\n", + "%sResult: %s\n" + "%sRuntimeMaxSec: %s\n", prefix, scope_state_to_string(s->state), - prefix, scope_result_to_string(s->result)); + prefix, scope_result_to_string(s->result), + prefix, format_timespan(buf_runtime, sizeof(buf_runtime), s->runtime_max_usec, USEC_PER_SEC)); cgroup_context_dump(UNIT(s), f, prefix); kill_context_dump(&s->kill_context, f, prefix); @@ -351,6 +370,9 @@ static int scope_start(Unit *u) { scope_set_state(s, SCOPE_RUNNING); + /* Set the maximum runtime timeout. */ + scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec)); + /* Start watching the PIDs currently in the scope */ (void) unit_enqueue_rewatch_pids(u); return 1; @@ -485,6 +507,11 @@ static int scope_dispatch_timer(sd_event_source *source, usec_t usec, void *user switch (s->state) { + case SCOPE_RUNNING: + log_unit_warning(UNIT(s), "Scope reached runtime time limit. Stopping."); + scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_TIMEOUT); + break; + case SCOPE_STOP_SIGTERM: if (s->kill_context.send_sigkill) { log_unit_warning(UNIT(s), "Stopping timed out. Killing."); diff --git a/src/core/scope.h b/src/core/scope.h index c38afb5e5d..ae2bb80e55 100644 --- a/src/core/scope.h +++ b/src/core/scope.h @@ -24,6 +24,7 @@ struct Scope { ScopeState state, deserialized_state; ScopeResult result; + usec_t runtime_max_usec; usec_t timeout_stop_usec; char *controller; diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 766d651c3f..1e38186e77 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -279,6 +279,27 @@ static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, co return 0; } +static int append_session_runtime_max_sec(pam_handle_t *handle, sd_bus_message *m, const char *limit) { + usec_t val; + int r; + + /* No need to parse "infinity" here, it will be set by default later in scope_init() */ + if (isempty(limit) || streq(limit, "infinity")) + return 0; + + r = parse_sec(limit, &val); + if (r >= 0) { + r = sd_bus_message_append(m, "(sv)", "RuntimeMaxUSec", "t", (uint64_t) val); + if (r < 0) { + pam_syslog(handle, LOG_ERR, "Failed to append to bus message: %s", strerror_safe(r)); + return r; + } + } else + pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.runtime_max_sec: %s, ignoring.", limit); + + return 0; +} + static int append_session_tasks_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) { uint64_t val; int r; @@ -412,7 +433,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( *seat = NULL, *type = NULL, *class = NULL, *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, *desktop_pam = NULL, - *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL; + *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL, *runtime_max_sec = NULL; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; int session_fd = -1, existing, r; bool debug = false, remote; @@ -545,6 +566,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( (void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max); (void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight); (void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight); + (void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec); /* Talk to logind over the message bus */ @@ -563,8 +585,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( strempty(seat), vtnr, strempty(tty), strempty(display), yes_no(remote), strempty(remote_user), strempty(remote_host)); pam_syslog(handle, LOG_DEBUG, "Session limits: " - "memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s", - strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight)); + "memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s runtime_max_sec=%s", + strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight), strna(runtime_max_sec)); } r = sd_bus_message_new_method_call( @@ -608,6 +630,10 @@ _public_ PAM_EXTERN int pam_sm_open_session( if (r < 0) return PAM_SESSION_ERR; + r = append_session_runtime_max_sec(handle, m, runtime_max_sec); + if (r < 0) + return PAM_SESSION_ERR; + r = append_session_tasks_max(handle, m, tasks_max); if (r < 0) return PAM_SESSION_ERR; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index cdd30e1e2d..c9f352f796 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1381,6 +1381,18 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const return 0; } +static int bus_append_scope_property(sd_bus_message *m, const char *field, const char *eq) { + if (streq(field, "RuntimeMaxSec")) + + return bus_append_parse_sec_rename(m, field, eq); + + if (streq(field, "TimeoutStopSec")) + + return bus_append_parse_sec_rename(m, field, eq); + + return 0; +} + static int bus_append_service_property(sd_bus_message *m, const char *field, const char *eq) { int r; @@ -1747,10 +1759,6 @@ int bus_append_unit_property_assignment(sd_bus_message *m, UnitType t, const cha break; case UNIT_SCOPE: - - if (streq(field, "TimeoutStopSec")) - return bus_append_parse_sec_rename(m, field, eq); - r = bus_append_cgroup_property(m, field, eq); if (r != 0) return r; @@ -1758,6 +1766,10 @@ int bus_append_unit_property_assignment(sd_bus_message *m, UnitType t, const cha r = bus_append_kill_property(m, field, eq); if (r != 0) return r; + + r = bus_append_scope_property(m, field, eq); + if (r != 0) + return r; break; case UNIT_MOUNT: diff --git a/test/TEST-03-JOBS/test-jobs.sh b/test/TEST-03-JOBS/test-jobs.sh index 42190cf478..fca6cccb4f 100755 --- a/test/TEST-03-JOBS/test-jobs.sh +++ b/test/TEST-03-JOBS/test-jobs.sh @@ -84,4 +84,14 @@ END_SEC=$(date -u '+%s') ELAPSED=$(($END_SEC-$START_SEC)) [[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1 +# Test time-limited scopes +START_SEC=$(date -u '+%s') +set +e +systemd-run --scope --property=RuntimeMaxSec=3s sleep 10 +RESULT=$? +END_SEC=$(date -u '+%s') +ELAPSED=$(($END_SEC-$START_SEC)) +[[ "$ELAPSED" -ge 3 ]] && [[ "$ELAPSED" -le 5 ]] || exit 1 +[[ "$RESULT" -ne 0 ]] || exit 1 + touch /testok diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope new file mode 100644 index 0000000000..d0e194c371 --- /dev/null +++ b/test/fuzz/fuzz-unit-file/directives.scope @@ -0,0 +1,2 @@ +scope +RuntimeMaxSec= |