SOCK_PATH is made redundant by the -s command-line argument added in
a98e0c4ce9. Support was originally left
behind for short-term compatibility, but it should be fine to remove.
Previous socket cleanup is changed to run unconditionally. The cleanup
now fails if the existing file is not a socket.
sd_bus_call_method may have read and queued our ping response, so we
cannot assume that a previous ping will make the socket readable.
Instead, always send a ping if read or write queues are not empty, even
if a ping has already been sent.
This allows downstream users to write:
dependency('libseat', fallback: 'seatd')
instead of having to rely on the seatd/meson.build's variable name:
dependency('libseat', fallback: ['seatd', 'libseat'])
This reduces the boilerplate a bit. Use logind.name() instead of
having a separate source of truth. Requires adapting the checks a
bit because the dep name has a "lib" prefix.
If the compiler errors out on some -DXXX flag, then we're in
trouble. Avoid using cc.get_supported_arguments for defines we
require. Only use it for detecting support for warning flags.
The smoketest script has gotten significantly simpler, and can simply be
inlined into the build scripts if we don't care about running the tests
twice.
This should fix CI for mailing list patches.
sd_bus_call drains received messages into the receive queue, and peeks
for its own return value. It does not dispatch the receive queue.
As the socket is drained, the caller will not wake from a poll and have
no reason to dispatch libseat. This has gone unnoticed largely due to
logind sending an event for every device, making it unlikely that no
unread message will be left on the socket.
Like we have done for seatd, we fix this by sending a "ping" request to
logind if anything is left in our receive queue as reported by
sd_bus_get_events. The response to this will wake us up and ensure that
dispatch is called.
When device open or close messages are sent to seatd, libseat must read
messages from the socket until it sees the associated response message.
This means that it may drain enable/disable seat events from the socket,
queueing them internally for deferred processing.
As the socket is drained, the caller will not wake from a poll and have
no reason to dispatch libseat. To ensure that these messages would not
be left in the queue, 6fa82930d0 made it
so that open/close calls would execute all queued events just before
returning.
Unfortunately, this had the side-effect of having events fire from the
stack of libseat_open_device or libseat_close_device, which we now see
cause problems in compositors. Specifically, an issue has been observed
where libinput end up calling libseat_close_device, which in turn
dispatch a disable seat event that calls libinput_suspend. libinput does
not like this.
Instead, remove the execution from libseat_open_device and
libseat_close_device, and instead make a "ping" request to seatd if
events have been queued. The response to this will wake us up and ensure
that dispatch is called.
The parent environment might contain nasty things. Create a new
environment for the seatd process containing only the environment
variables we care about. For now, that's only SEATD_LOGLEVEL.
We previously used execlp to execute seatd, which had the effect of
searching PATH for the executable. This allowed the caller to control
what executable was run, which is bad if SUID has been set.
Instead, expose the absolute install path for seatd from meason as a
define, and use that in a call to execv.
Mimick shells and exit with a status >128 if our child has been
signalled. Exiting with 128 + signal number is what most shells do
(POSIX only requires them to exit with >128).
The command indexing had not been updated afer the introduction of
getopt, so combining a command with flags would fail.
Add error handling for if no command was specified while we're at it.
Instead of relying on seatd's user/group arguments, which require
turning our UID back into a username, just chmod/chown the socket
ourselves once seatd is ready.
We also reduce the permissions to just user access, instead of user and
group like seatd specifies.
New clients could only be added to a VT bound seat if there were no
"active" client, regardless of its actual state. This meant that if one
switched from an "active" VT to an "inactive" VT, the seat would be
blocked while the "active" client was in CLIENT_PENDING_DISABLE, causing
new clients to possibly fail should the old client take its time with
the ack.
Instead, allow new clients to also be added if there is an active client
whose state is CLIENT_PENDING_DISABLE, and there is no client with the
new VT as its session ID.
The kernel Secure Attention Key killer, triggered by SysRq+k, kills all
processes that hold an fd referencing the tty.
To avoid its attention, we stop storing the fd for the currently active
VT in seat state. This has the added benefit of simplifying state a bit.
Test if arguments (e.g. -Wimplicit-fallthrough) is available before
using it as -Wimplicit-fallthrough has been added only since gcc 7.1 and
81fea426da
and so it will raise the following build failure with gcc < 7:
arm-none-linux-gnueabi-gcc: error: unrecognized command line option '-Wimplicit-fallthrough'
Fixes:
- http://autobuild.buildroot.org/results/0ee6816a7cceebdafd07612677a594bdf68e0790
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This reverts commit 1ae6c3b3dd.
A user might want to run the builtin server as non root, if they have
permission to use the devices.
The check was originally copied from wlroots's direct backend. It was reverted
in fa05d3cde68d with a detailed explanation of why root priviledges are not
always necessary to use the DRM device.
c8b3a22d4e snuck in a change which
converts chown/chmod to fchown/fchmod using the socket fd. This appears
to succeed under Linux, but fails with EINVAL on FreeBSD. As the error
handling in this area was flawed, CI failed to catch the regression.
Partially revert c8b3a22d4e to fix the
regression on FreeBSD.
