From 5d490208a8eadf747d6ea548b1c47e143d734152 Mon Sep 17 00:00:00 2001 From: Adrian Vovk Date: Sat, 16 Mar 2024 17:44:25 -0400 Subject: [PATCH 1/3] Revert "homed: Add InhibitSuspend() method" I'm moving this functionality into logind instead. This reverts commit 691b99160de4bc856e676dba6e07b33d2fa0908e. --- man/org.freedesktop.home1.xml | 42 ++++--------------- src/home/homed-home-bus.c | 54 +----------------------- src/home/homed-home-bus.h | 1 - src/home/homed-home.c | 60 +++++++++------------------ src/home/homed-home.h | 23 +++------- src/home/homed-manager-bus.c | 10 ----- src/home/org.freedesktop.home1.conf | 8 ---- src/home/org.freedesktop.home1.policy | 10 ----- 8 files changed, 35 insertions(+), 173 deletions(-) diff --git a/man/org.freedesktop.home1.xml b/man/org.freedesktop.home1.xml index 8ac3d96086c29..e1045f59fd61b 100644 --- a/man/org.freedesktop.home1.xml +++ b/man/org.freedesktop.home1.xml @@ -112,8 +112,6 @@ node /org/freedesktop/home1 { out h send_fd); @org.freedesktop.systemd1.Privileged("true") ReleaseHome(in s user_name); - InhibitSuspendHome(in s user_name, - out h send_fd); @org.freedesktop.systemd1.Privileged("true") LockAllHomes(); @org.freedesktop.systemd1.Privileged("true") @@ -187,8 +185,6 @@ node /org/freedesktop/home1 { - - @@ -364,7 +360,7 @@ node /org/freedesktop/home1 { org.freedesktop.home1.Home interface. LockHome() temporarily suspends access to a home directory, flushing out any - cryptographic keys from memory. This is only supported on some back-ends, and is usually done during system + cryptographic keys from memory. This is only supported on some back-ends, and usually done during system suspend, in order to effectively secure home directories while the system is sleeping. Takes a user name as single argument. If an application attempts to access a home directory while it is locked it will typically freeze until the home directory is unlocked again. This method is equivalent to @@ -387,10 +383,9 @@ node /org/freedesktop/home1 { re-authenticate when the system comes back from suspending. It should be set by all clients that implement a secure lock screen running outside of the user's context, that is brought up when the system comes back from suspend and can be used to re-acquire the credentials to unlock the user's home - directory. A home directory is locked automatically at system suspend only if all clients with open - references to the home directory specify that they support this functionality, and no client has - temporarily inhibited it (see InhibitSuspendHome() below); otherwise the directory - remains unlocked. This method is equivalent to Acquire() on the + directory. If a home directory has at least one client with an open reference to the home directory + that does not support this it is not suspended automatically at system suspend, otherwise it is. This + method is equivalent to Acquire() on the org.freedesktop.home1.Home interface. RefHome() is similar to AcquireHome() but takes no user @@ -412,25 +407,9 @@ node /org/freedesktop/home1 { triggered deactivation is completed. This method is equivalent to Release() on the org.freedesktop.home1.Home interface. - InhibitSuspendHome() temporarily inhibits automatic locking during system - suspend for a home directory. It returns a file descriptor that inhibits this functionality for as long - as it is open. As mentioned above, locking a home directory requires a secure lock screen running - outside of the user context, and is likely to freeze any process that attempts to access the directory. - Thus, locking a home directory is a trade-off: it increases security, but prevents the client from - displaying any user content on its secure lock screen, including notifications, media controls, contact - information for incoming phone calls, and much more. A client may use this method to implement more - complicated automatic locking behavior for home directories, in order to solve some of these UX issues. - For instance, the client may choose to only lock the home directory and switch to the secure lock screen - if the device has been suspended for over 24 hours. Note that this inhibitor does not prevent clients from - calling LockHome(), and in fact clients will need to call LockHome() - manually as part of their custom behavior to lock the home directory. Clients should take care to ensure that - the file descriptor is closed in the event that their custom behavior fails or is disabled. This method is - equivalent to InhibitSuspend() on the org.freedesktop.home1.Home - interface. - LockAllHomes() locks all active home directories that only have references - that opted into automatic locking during system suspend and have no clients inhibiting this behavior. - This is usually invoked automatically shortly before system suspend. + that opted into automatic suspending during system suspend. This is usually invoked automatically + shortly before system suspend. DeactivateAllHomes() deactivates all home areas that are currently active. This is usually invoked automatically shortly before system shutdown. @@ -492,7 +471,6 @@ node /org/freedesktop/home1/home { out h send_fd); @org.freedesktop.systemd1.Privileged("true") Release(); - InhibitSuspend(out h send_fd); properties: @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s UserName = '...'; @@ -556,8 +534,6 @@ node /org/freedesktop/home1/home { - - @@ -579,7 +555,7 @@ node /org/freedesktop/home1/home { Update(), UpdateEx(), Resize(), ChangePassword(), Lock(), Unlock(), Acquire(), Ref(), RefUnrestricted(), - Release(), InhibitSuspend() operate like their matching counterparts + Release(), operate like their matching counterparts on the org.freedesktop.home1.Manager interface (see above). The main difference is that they are methods of the home directory objects, and hence carry no additional user name parameter. Which of the two flavors of methods to call depends on the handles to the user known on the @@ -611,12 +587,12 @@ node /org/freedesktop/home1/home { History The Manager Object - InhibitSuspendHome(), ActivateHomeIfReferenced(), RefHomeUnrestricted(), + ActivateHomeIfReferenced(), RefHomeUnrestricted(), CreateHomeEx(), and UpdateHomeEx() were added in version 256. Home Objects - InhibitSuspend(), ActivateIfReferenced(), RefUnrestricted(), and + ActivateIfReferenced(), RefUnrestricted(), and UpdateEx() were added in version 256. diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c index 368ce2d9e23d6..307a8912cda0e 100644 --- a/src/home/homed-home-bus.c +++ b/src/home/homed-home-bus.c @@ -657,7 +657,7 @@ int bus_home_method_acquire( return r; /* This operation might not be something we can executed immediately, hence queue it */ - fd = home_create_fifo(h, please_suspend ? HOME_FIFO_PLEASE_SUSPEND : HOME_FIFO_DONT_SUSPEND); + fd = home_create_fifo(h, please_suspend); if (fd < 0) return sd_bus_reply_method_errnof(message, fd, "Failed to allocate FIFO for %s: %m", h->user_name); @@ -716,7 +716,7 @@ int bus_home_method_ref( } } - fd = home_create_fifo(h, please_suspend ? HOME_FIFO_PLEASE_SUSPEND : HOME_FIFO_DONT_SUSPEND); + fd = home_create_fifo(h, please_suspend); if (fd < 0) return sd_bus_reply_method_errnof(message, fd, "Failed to allocate FIFO for %s: %m", h->user_name); @@ -745,51 +745,6 @@ int bus_home_method_release( return 1; } -int bus_home_method_inhibit_suspend( - sd_bus_message *message, - void *userdata, - sd_bus_error *error) { - - _cleanup_close_ int fd = -EBADF; - Home *h = ASSERT_PTR(userdata); - HomeState state; - int r; - - r = home_verify_polkit_async( - h, - message, - "org.freedesktop.home1.inhibit-suspend", - h->uid, - error); - if (r < 0) - return r; - if (r == 0) - return 1; /* Will call us back */ - - state = home_get_state(h); - switch (state) { - case HOME_ABSENT: - return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name); - case HOME_UNFIXATED: - case HOME_INACTIVE: - case HOME_DIRTY: - return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name); - case HOME_LOCKED: - return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name); - default: - if (HOME_STATE_IS_ACTIVE(state)) - break; - - return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name); - } - - fd = home_create_fifo(h, HOME_FIFO_INHIBIT_SUSPEND); - if (fd < 0) - return sd_bus_reply_method_errnof(message, fd, "Failed to allocate FIFO for %s: %m", h->user_name); - - return sd_bus_reply_method_return(message, "h", fd); -} - /* We map a uid_t as uint32_t bus property, let's ensure this is safe. */ assert_cc(sizeof(uid_t) == sizeof(uint32_t)); @@ -949,11 +904,6 @@ const sd_bus_vtable home_vtable[] = { bus_home_method_ref, 0), SD_BUS_METHOD("Release", NULL, NULL, bus_home_method_release, 0), - SD_BUS_METHOD_WITH_ARGS("InhibitSuspend", - SD_BUS_NO_ARGS, - SD_BUS_RESULT("h", send_fd), - bus_home_method_inhibit_suspend, - SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END }; diff --git a/src/home/homed-home-bus.h b/src/home/homed-home-bus.h index 9ba2cf1252504..9cd5768279a93 100644 --- a/src/home/homed-home-bus.h +++ b/src/home/homed-home-bus.h @@ -25,7 +25,6 @@ int bus_home_method_unlock(sd_bus_message *message, void *userdata, sd_bus_error int bus_home_method_acquire(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_ref(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_release(sd_bus_message *message, void *userdata, sd_bus_error *error); -int bus_home_method_inhibit_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error); extern const BusObjectImplementation home_object; diff --git a/src/home/homed-home.c b/src/home/homed-home.c index edde6fafd3cbb..e0c8637c4c754 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -226,7 +226,6 @@ Home *home_free(Home *h) { h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend); h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend); - h->inhibit_suspend_event_source = sd_event_source_disable_unref(h->inhibit_suspend_event_source); h->pending_operations = ordered_set_free(h->pending_operations); h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source); @@ -2707,9 +2706,6 @@ static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *u if (h->ref_event_source_dont_suspend == s) h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend); - if (h->inhibit_suspend_event_source == s) - h->inhibit_suspend_event_source = sd_event_source_disable_unref(h->inhibit_suspend_event_source); - if (home_is_referenced(h)) return 0; @@ -2725,42 +2721,25 @@ static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *u return 0; } -int home_create_fifo(Home *h, HomeFifoType type) { - static const struct { - const char *suffix; - const char *description; - size_t event_source; - } table[_HOME_FIFO_TYPE_MAX] = { - [HOME_FIFO_PLEASE_SUSPEND] = { - .suffix = ".please-suspend", - .description = "acquire-ref", - .event_source = offsetof(Home, ref_event_source_please_suspend), - }, - [HOME_FIFO_DONT_SUSPEND] = { - .suffix = ".dont-suspend", - .description = "acquire-ref-dont-suspend", - .event_source = offsetof(Home, ref_event_source_dont_suspend), - }, - [HOME_FIFO_INHIBIT_SUSPEND] = { - .suffix = ".inhibit-suspend", - .description = "inhibit-suspend", - .event_source = offsetof(Home, inhibit_suspend_event_source), - }, - }; - +int home_create_fifo(Home *h, bool please_suspend) { _cleanup_close_ int ret_fd = -EBADF; - sd_event_source **evt; - const char *fn; + sd_event_source **ss; + const char *fn, *suffix; int r; assert(h); - assert(type >= 0 && type < _HOME_FIFO_TYPE_MAX); - evt = (sd_event_source**) ((uint8_t*) h + table[type].event_source); + if (please_suspend) { + suffix = ".please-suspend"; + ss = &h->ref_event_source_please_suspend; + } else { + suffix = ".dont-suspend"; + ss = &h->ref_event_source_dont_suspend; + } - fn = strjoina("/run/systemd/home/", h->user_name, table[type].suffix); + fn = strjoina("/run/systemd/home/", h->user_name, suffix); - if (!*evt) { + if (!*ss) { _cleanup_close_ int ref_fd = -EBADF; (void) mkdir("/run/systemd/home/", 0755); @@ -2771,19 +2750,20 @@ int home_create_fifo(Home *h, HomeFifoType type) { if (ref_fd < 0) return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn); - r = sd_event_add_io(h->manager->event, evt, ref_fd, 0, on_home_ref_eof, h); + r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h); if (r < 0) return log_error_errno(r, "Failed to allocate reference FIFO event source: %m"); - (void) sd_event_source_set_description(*evt, table[type].description); + (void) sd_event_source_set_description(*ss, "acquire-ref"); - r = sd_event_source_set_priority(*evt, SD_EVENT_PRIORITY_IDLE-1); + r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1); if (r < 0) return r; - r = sd_event_source_set_io_fd_own(*evt, true); + r = sd_event_source_set_io_fd_own(*ss, true); if (r < 0) return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m"); + TAKE_FD(ref_fd); } @@ -2863,10 +2843,8 @@ bool home_is_referenced(Home *h) { bool home_shall_suspend(Home *h) { assert(h); - /* We lock the home area on suspend if... */ - return h->ref_event_source_please_suspend && /* at least one client supports suspend, and... */ - !h->ref_event_source_dont_suspend && /* no clients lack support for suspend, and... */ - !h->inhibit_suspend_event_source; /* no client is temporarily inhibiting suspend */ + /* Suspend if there's at least one client referencing this home directory that wants a suspend and none who does not. */ + return h->ref_event_source_please_suspend && !h->ref_event_source_dont_suspend; } static int home_dispatch_release(Home *h, Operation *o) { diff --git a/src/home/homed-home.h b/src/home/homed-home.h index 0f3d1ce3251b4..7f42461a45df6 100644 --- a/src/home/homed-home.h +++ b/src/home/homed-home.h @@ -139,17 +139,12 @@ struct Home { bool unregister_on_failure; /* The reading side of a FIFO stored in /run/systemd/home/, the writing side being used for reference - * counting. The references dropped to zero as soon as we see EOF. This concept exists thrice: once - * for clients that are fine if we lock the home directory on system suspend, once for clients - * that are not ok with that, and once for clients that are usually ok with it but temporarily - * want to opt-out so that they can implement more advanced behavior on their own. This allows - * us to determine for each home whether there are any clients that don't support suspend at this - * moment. */ + * counting. The references dropped to zero as soon as we see EOF. This concept exists twice: once + * for clients that are fine if we suspend the home directory on system suspend, and once for clients + * that are not ok with that. This allows us to determine for each home whether there are any clients + * that support unsuspend. */ sd_event_source *ref_event_source_please_suspend; sd_event_source *ref_event_source_dont_suspend; - /* This is distinct from ref_event_source_dont_suspend because it can be obtained from unprivileged - * code, and thus we don't count it as a reference on the home area. */ - sd_event_source *inhibit_suspend_event_source; /* Any pending operations we still need to execute. These are for operations we want to queue if we * can't execute them right-away. */ @@ -215,15 +210,7 @@ int home_killall(Home *h); int home_augment_status(Home *h, UserRecordLoadFlags flags, UserRecord **ret); -typedef enum { - HOME_FIFO_PLEASE_SUSPEND, - HOME_FIFO_DONT_SUSPEND, - HOME_FIFO_INHIBIT_SUSPEND, - _HOME_FIFO_TYPE_MAX, - _HOME_FIFO_TYPE_INVALID = -EINVAL, -} HomeFifoType; -int home_create_fifo(Home *h, HomeFifoType mode); - +int home_create_fifo(Home *h, bool please_suspend); int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error); int home_auto_login(Home *h, char ***ret_seats); diff --git a/src/home/homed-manager-bus.c b/src/home/homed-manager-bus.c index 1e63012a06f4a..6a3da0f01aae5 100644 --- a/src/home/homed-manager-bus.c +++ b/src/home/homed-manager-bus.c @@ -623,10 +623,6 @@ static int method_release_home(sd_bus_message *message, void *userdata, sd_bus_e return generic_home_method(userdata, message, bus_home_method_release, error); } -static int method_inhibit_suspend_home(sd_bus_message *message, void *userdata, sd_bus_error *error) { - return generic_home_method(userdata, message, bus_home_method_inhibit_suspend, error); -} - static int method_lock_all_homes(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(operation_unrefp) Operation *o = NULL; bool waiting = false; @@ -901,12 +897,6 @@ static const sd_bus_vtable manager_vtable[] = { method_release_home, 0), - SD_BUS_METHOD_WITH_ARGS("InhibitSuspendHome", - SD_BUS_ARGS("s", user_name), - SD_BUS_RESULT("h", send_fd), - method_inhibit_suspend_home, - SD_BUS_VTABLE_UNPRIVILEGED), - /* An operation that acts on all homes that allow it */ SD_BUS_METHOD("LockAllHomes", NULL, NULL, method_lock_all_homes, 0), SD_BUS_METHOD("DeactivateAllHomes", NULL, NULL, method_deactivate_all_homes, 0), diff --git a/src/home/org.freedesktop.home1.conf b/src/home/org.freedesktop.home1.conf index 9ac34aea55f67..b8085929b0108 100644 --- a/src/home/org.freedesktop.home1.conf +++ b/src/home/org.freedesktop.home1.conf @@ -137,10 +137,6 @@ send_interface="org.freedesktop.home1.Manager" send_member="ReleaseHome"/> - - @@ -227,10 +223,6 @@ send_interface="org.freedesktop.home1.Home" send_member="Release"/> - - diff --git a/src/home/org.freedesktop.home1.policy b/src/home/org.freedesktop.home1.policy index be32b2e8e4e19..3b19ed3ed5fc0 100644 --- a/src/home/org.freedesktop.home1.policy +++ b/src/home/org.freedesktop.home1.policy @@ -69,16 +69,6 @@ - - Inhibit automatic lock of a home area - Authentication is required to inhibit automatic lock of a user's home area. - - auth_admin_keep - auth_admin_keep - auth_admin_keep - - - Activate a home area Authentication is required to activate a user's home area. From 7555fc91227ef160f7a772f6c2ded27522e2a0ac Mon Sep 17 00:00:00 2001 From: Adrian Vovk Date: Thu, 14 Mar 2024 17:11:36 -0400 Subject: [PATCH 2/3] homed: Minor function name cleanup It's not actually a dbus method, just function that all the various dbus methods end up calling to update the user record. So rename it to reflect as such --- src/home/homed-home-bus.c | 4 ++-- src/home/homed-home-bus.h | 3 ++- src/home/homed-manager-bus.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c index 307a8912cda0e..624cbdb3d33d9 100644 --- a/src/home/homed-home-bus.c +++ b/src/home/homed-home-bus.c @@ -415,7 +415,7 @@ int bus_home_method_authenticate( return 1; } -int bus_home_method_update_record( +int bus_home_update_record( Home *h, sd_bus_message *message, UserRecord *hr, @@ -487,7 +487,7 @@ int bus_home_method_update( return r; } - return bus_home_method_update_record(h, message, hr, blobs, flags, error); + return bus_home_update_record(h, message, hr, blobs, flags, error); } int bus_home_method_resize( diff --git a/src/home/homed-home-bus.h b/src/home/homed-home-bus.h index 9cd5768279a93..1644bc8066a42 100644 --- a/src/home/homed-home-bus.h +++ b/src/home/homed-home-bus.h @@ -17,7 +17,6 @@ int bus_home_method_remove(sd_bus_message *message, void *userdata, sd_bus_error int bus_home_method_fixate(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_authenticate(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_update(sd_bus_message *message, void *userdata, sd_bus_error *error); -int bus_home_method_update_record(Home *home, sd_bus_message *message, UserRecord *hr, Hashmap *blobs, uint64_t flags, sd_bus_error *error); int bus_home_method_resize(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_change_password(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_lock(sd_bus_message *message, void *userdata, sd_bus_error *error); @@ -26,6 +25,8 @@ int bus_home_method_acquire(sd_bus_message *message, void *userdata, sd_bus_erro int bus_home_method_ref(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_home_method_release(sd_bus_message *message, void *userdata, sd_bus_error *error); +int bus_home_update_record(Home *home, sd_bus_message *message, UserRecord *hr, Hashmap *blobs, uint64_t flags, sd_bus_error *error); + extern const BusObjectImplementation home_object; int bus_home_path(Home *h, char **ret); diff --git a/src/home/homed-manager-bus.c b/src/home/homed-manager-bus.c index 6a3da0f01aae5..403a7d0213b40 100644 --- a/src/home/homed-manager-bus.c +++ b/src/home/homed-manager-bus.c @@ -592,7 +592,7 @@ static int method_update_home(sd_bus_message *message, void *userdata, sd_bus_er if (!h) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_HOME, "No home for user %s known", hr->user_name); - return bus_home_method_update_record(h, message, hr, blobs, flags, error); + return bus_home_update_record(h, message, hr, blobs, flags, error); } static int method_resize_home(sd_bus_message *message, void *userdata, sd_bus_error *error) { From 1f8aa8456e07a51e4e4cb6a86ace9e38e6902f26 Mon Sep 17 00:00:00 2001 From: Adrian Vovk Date: Sat, 16 Mar 2024 17:54:52 -0400 Subject: [PATCH 3/3] homed: Minor man page improvements --- man/org.freedesktop.home1.xml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/man/org.freedesktop.home1.xml b/man/org.freedesktop.home1.xml index e1045f59fd61b..6fe3bb3ce0821 100644 --- a/man/org.freedesktop.home1.xml +++ b/man/org.freedesktop.home1.xml @@ -204,7 +204,9 @@ node /org/freedesktop/home1 { the numeric UID and GID, the real name, home directory and shell. In addition it returns a state identifier describing the state the user's home directory is in, as well as a bus path referring to the bus object encapsulating the user record and home directory. This object implements the - org.freedesktop.home1.Home interface documented below. + org.freedesktop.home1.Home interface documented below. This method, and most others + in this interface that take user names, will try to use the caller's home area if the specified user name is + an empty string. GetHomeByUID() is similar to GetHomeByName() but acquires the information based on the numeric UID of the user. @@ -360,7 +362,7 @@ node /org/freedesktop/home1 { org.freedesktop.home1.Home interface. LockHome() temporarily suspends access to a home directory, flushing out any - cryptographic keys from memory. This is only supported on some back-ends, and usually done during system + cryptographic keys from memory. This is only supported on some back-ends, and is usually done during system suspend, in order to effectively secure home directories while the system is sleeping. Takes a user name as single argument. If an application attempts to access a home directory while it is locked it will typically freeze until the home directory is unlocked again. This method is equivalent to @@ -555,14 +557,15 @@ node /org/freedesktop/home1/home { Update(), UpdateEx(), Resize(), ChangePassword(), Lock(), Unlock(), Acquire(), Ref(), RefUnrestricted(), - Release(), operate like their matching counterparts - on the org.freedesktop.home1.Manager interface (see above). The main difference is that - they are methods of the home directory objects, and hence carry no additional user name - parameter. Which of the two flavors of methods to call depends on the handles to the user known on the - client side: if only the user name is known, it's preferable to use the methods on the manager object - since they operate with user names only. If however the home object path was already acquired some way - it is preferable to operate on the org.freedesktop.home1.Home objects - instead. + Release(), + operate like their matching counterparts on the org.freedesktop.home1.Manager + interface (see above). The main difference is that they are methods of the home directory objects, and + hence carry no additional user name parameter. Which of the two flavors of methods to call depends on + the handles to the user known on the client side: if only the user name is known, it's preferable to use + the methods on the manager object since they operate with user names only. Clients can also easily operate + on their own home area by using the methods on the manager object with an empty string as the user name. + If the client has the home's object path already acquired in some way, however, it is preferable to operate + on the org.freedesktop.home1.Home objects instead.