With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).
This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
Spotted randomly when going through CI logs:
systemd-udevd[658]: /usr/lib/systemd/network/80-6rd-tunnel.link:21: Unknown section 'Network'. Ignoring.
Follow-up for 658169e6d3.
According to SPC4, the value of 0x14 is reserved to distinguish
host managed zoned block, e.g., some SMR (Shingled Magnetic Recording)
disks.
Other utilities such as sg3_utils can successfully recognize such
kind of disks. This patch implements the same ability.
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
```
[Output]
Format=disk
```
Let's make sure these follow the rest of kernel-install and always
operate on the given root directory, even if the verb itself can't
support --root= just yet.
We only want to do this for fully set up, interactive sessions, i.e.
user and user-early, but not for any others, hence restrict the rules a
bit.
Follow-up for: 508b4786e8
In logind we generally want to stop user@.service for a user once they
log out. So the usual rule is that whenever a User object is around that
has no pinning sessions we should close it.
Except that it isn't that easy. We allow that user@.service is also
manually started, in which case the User object is created but not
pinned by any session.
Let's rework how this is handled: we define two different GC modes. In
one GC mode we'll keep the User object around whenever *any* session
exists (thus: including the user@.service session), and one where we
only keep it around whenever a *pinning* session exists (i.e. when a
user actually logs in, but the user@.service session doesn't count like
that).
And the trick is now that we start out in the *any* GC mode, and switch
to the *pinning* GC mode once the first user session logs in.
This should make things more robust as we know exactly in which state we
are and when to GC a user.
Let's streamline the logic that decides whether the screen lock, idle
timeout or display election mechanism applies to a session class. Let's
add explicitly SESSION_CLASS_IS_XYZ() macros for each, and then resue
them at all suitable places, and refuse any attempts to use the
functionality on the wrong clases with a friendly error message.
This is the same as the "background" class, but does *not* pull in a
service manager. It might be useful for things like select cron jobs
that do not intend to call per-user IPC calls.
Replaces: #23569Fixes: #23978
