greetd: add terminal switch flag configuration option
This adds "switch" true/false flag in "terminal" section of
Flag controls whether terminal under control should be switched to
when greetd starts. If "switch" set to true, greetd behaves as it
did before, on start vt_setactivate will be called. If "switch" set
to false, and terminal under control by greetd is not currently
active VT, greetd will wait for terminal to become active with
vt_waitactive, which translates to VT_WAITACTIVE ioctl call.
* greetd/src/config/mod.rs: add "switch" flag
* greetd/src/server.rs: add using "switch" flag and waiting for active
* greetd/src/terminal/mod.rs: add vt_waitactive method
* man/greetd-5.scd: mention "switch" configuration option
rustfmt: Change merge_imports to imports_granularity
docs: Fix scdoc syntax for greetd.5
Ensure initial session is only run once.
Security concerns were raised regarding the initial session being
executed whenever greetd was restarted (when signing out of one's DE,
when greetd or a greeter restarted or crashed, ...).
This creates a runfile (by default at /run/greetd.run) either when the
initial session is executed or when a greeter is started. Whenever this
file exists, the initial session is ignored (and the configured greeter
is always run).
Add makefile for man pages
recommend making config world readable rather than setting owner
There is no secret material that needs to be unreadable except to the
daemon, but if there were, the current instructions never recommended
setting a locked down mode.
The daemon doesn't need write access either.
Recommending chown rather than making the config world readable as is
typical for bog standard system configs, is confusing and inconsistent
with e.g. the in house AUR packaging. It also might be erroneously
interpreted as a requirement, which is challenging for packaging systems
that don't support distributing files/directories owned by non-root
readme: Add discuss section
deps: update nix and other dependencies
`fork` is now marked as unsafe (nix-rust/nix#1030)
deps: update tokio to 1.0
ci: Disable automatic github mirroring
docs: Document new general section
config: Fix tests for general section
config: Add general.source_profile
This adds a system-wide toggle for whether the system profile should be
sourced by /bin/sh before running the command. Note that the command
will still be run with /bin/sh, regardless of profile sourcing.
The option defaults to true for now.
source_profile = false
Use additional pam service config for greeter
Check the existence and attempt to use `greetd-greeter` pam service file
for greeter sessions. The fallback is a standard greetd pam service,
i.e. `greetd` or `login`.
Rationale: proper configurations for different session types can vary in
acceptable modules. Certain modules like `pam_selinux` are actually
harmful for an unprivileged greeter session as it removes the SELinux
security label from the greeter processes.
config: Skip reading config in session worker
The decision to start a session worker or main process is taken after
the config module has been queried. This means that the regular process
for loading config files is also run. This can lead to errors if the
config file is not in the default location, as the session worker does
not receive the config argument.
Skip reading config files if the session-worker flag is set.
Use stdin as VT for current/none vt selections
The controlling tty will now be obtained from stdin if possible for
current/non, which is useful for inittab setups and shell test
Terminate cleanly on SIGINT
Use per-pid socket paths
Use of per-pid socket paths allows multiple greetd instances to be
started without accidentally trampling on eachothers' socket paths.
This has the added benefit of rendering the socket-path configuration
Delete the listener on Drop for cleanup.