Unexpected active sessions stop by systemd-logind

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • midnight commander, gdm, systemd-logind

Issue

  • Active session can be unexpectedly terminated if user activity in the session is for example, browsing files in Midnight Commander or reading manual pages using the man utility.
  • Graphical session that run Gnome Display Manager (gdm) might be terminated unexpectedly and that has adverse influence on the overall state of the GNOME desktop environment.

Resolution

The Red Hat engineering team is actively working on addressing aforementioned issues. In order to address the first, the Linux kernel fix (commit 360c11e, commit e8cc334) was proposed and is now in the process of backporting to affected versions of Red Hat Enterprise Linux:
RHEL9: The kernel fix was delivered to RHEL9.4: RHSA-2024:2394
RHEL8: The kernel fix was delivered to RHEL8.10: RHSA-2024:8856

The second problem was addressed by the backport of systemd-logind fix in the systemd package:
RHEL 8: The systemd fix was delivered to RHEL8.10 RHBA-2024:11158
RHEL 8: The systemd fix was delivered to RHEL9.4 RHSA-2024:2463

Root Cause

Previously, OpenSSH server options ClientAliveInterval= and ClientAliveCountMax= were used to implement STIG provision which requires the system to terminate idle sessions. Since the OpenSSH bugfix changed the behavior of these options it was no longer possible to implement the STIG provision using them and the compliance team was looking for a suitable replacement.

New option, StopIdleSessionSec= was implemented in systemd-logind and was backported to Red Hat Enterprise Linux and STIG role started to employ the new option. This change introduced the issues with unexpectedly terminated sessions.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments