diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:14 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:14 +0100 |
| commit | 3be68c032c864fa98ed85e54ea5af19976c55ed7 (patch) | |
| tree | cfb707a6b1f0a68d2554045470e41a4b90dcdb2c /run_onchange_after_deploy-etc.sh.tmpl | |
| parent | 0711f1b4a4045c583c63f494a61262ed1146a944 (diff) | |
| download | dotfiles-3be68c032c864fa98ed85e54ea5af19976c55ed7.tar.gz dotfiles-3be68c032c864fa98ed85e54ea5af19976c55ed7.tar.bz2 dotfiles-3be68c032c864fa98ed85e54ea5af19976c55ed7.zip | |
feat(suspend): disable system suspend until hardened kernel resume issue is fixed
linux-hardened wedges on resume from S3 (NVMe/i915/iwlwifi driver UAF
exposed by INIT_ON_FREE + slab hardening). Until root-caused, take
suspend off the table while keeping lock + DPMS intact.
- etc/systemd/logind.conf.d/20-no-suspend.conf: lid close, suspend
key, hibernate key all map to 'lock'; IdleAction=ignore (swayidle
drives DPMS+swaylock independently).
- run_onchange_after_deploy-etc.sh.tmpl: mask sleep.target,
suspend.target, hibernate.target, hybrid-sleep.target,
suspend-then-hibernate.target via /etc/systemd/system -> /dev/null
symlinks. Catches 'systemctl suspend' from any source.
- dot_config/sway/config: XF86Sleep and system-mode 's' now run
loginctl lock-session instead of systemctl suspend.
- dot_config/sway/executable_power-menu.sh: drop Suspend entry.
- KEYBINDS.md: reflect new behaviour.
To re-enable later: remove the logind drop-in + symlink loop, then
sudo systemctl daemon-reload.
Diffstat (limited to 'run_onchange_after_deploy-etc.sh.tmpl')
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 743675a..a60d833 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -30,6 +30,18 @@ done # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo sudo ln -sfT sudo /etc/pam.d/sudo-i +# Mask sleep/suspend/hibernate at the unit level. See +# etc/systemd/logind.conf.d/20-no-suspend.conf for context. This blocks +# `systemctl suspend` from any source (manual, scripts, GUI menus) in +# addition to the logind key/lid handler overrides. To re-enable: +# remove these symlinks (and revert the logind drop-in) then +# `sudo systemctl daemon-reload`. +for target in sleep.target suspend.target hibernate.target \ + hybrid-sleep.target suspend-then-hibernate.target; do + sudo ln -sfT /dev/null "/etc/systemd/system/$target" +done +sudo systemctl daemon-reload + # Reload systemd-logind so changes under /etc/systemd/logind.conf.d/ # (e.g. HandlePowerKey overrides) take effect without dropping sessions. sudo systemctl kill -s HUP systemd-logind |