logind: allow any user to request lingering

We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites.
2024-12-14 04:33:37 +08:00 · 2016-04-12 22:52:28 -04:00 · 2016-04-12 22:52:28 -04:00 · 152199f2d7
commit 152199f2d7
parent 921f831d3e
3 changed files with 16 additions and 5 deletions
--- a/5
+++ b/5
@ -40,8 +40,9 @@ CHANGES WITH 230 in spe:
          After the user logs out of all sessions, user@.service will be
          terminated too, by default, unless the user has "lingering" enabled.
          To effectively allow users to run long-term tasks even if they are
-          logged out, lingering must be enabled for them. See loginctl(1)
-          for details.
+          logged out, lingering must be enabled for them. See loginctl(1) for
+          details. The default polkit policy was modified to allow users to
+          set lingering for themselves without authentication.

          Previous defaults can be restored at compile time by the
          --without-kill-user-processes option.
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus
 static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
        _cleanup_free_ char *cc = NULL;
        Manager *m = userdata;
-        int b, r;
+        int r, b, interactive;
        struct passwd *pw;
        const char *path;
        uint32_t uid;
-        int interactive;
+        bool self = false;

        assert(message);
        assert(m);
@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
                if (r < 0)
                        return r;

+                self = true;
+
        } else if (!uid_is_valid(uid))
                return -EINVAL;

@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
-                        "org.freedesktop.login1.set-user-linger",
+                        self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
                        NULL,
                        interactive,
                        UID_INVALID,
--- a/src/login/org.freedesktop.login1.policy.in
+++ b/src/login/org.freedesktop.login1.policy.in
@ -111,6 +111,14 @@
                </defaults>
        </action>

+        <action id="org.freedesktop.login1.set-self-linger">
+                <_description>Allow non-logged-in user to run programs</_description>
+                <_message>Explicit request is required to run programs as a non-logged-in user.</_message>
+                <defaults>
+                        <allow_any>yes</allow_any>
+                </defaults>
+        </action>
+
        <action id="org.freedesktop.login1.set-user-linger">
                <_description>Allow non-logged-in users to run programs</_description>
                <_message>Authentication is required to run programs as a non-logged-in user.</_message>