From 3be68c032c864fa98ed85e54ea5af19976c55ed7 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 29 May 2026 11:18:14 +0100 Subject: feat(suspend): disable system suspend until hardened kernel resume issue is fixed linux-hardened wedges on resume from S3 (NVMe/i915/iwlwifi driver UAF exposed by INIT_ON_FREE + slab hardening). Until root-caused, take suspend off the table while keeping lock + DPMS intact. - etc/systemd/logind.conf.d/20-no-suspend.conf: lid close, suspend key, hibernate key all map to 'lock'; IdleAction=ignore (swayidle drives DPMS+swaylock independently). - run_onchange_after_deploy-etc.sh.tmpl: mask sleep.target, suspend.target, hibernate.target, hybrid-sleep.target, suspend-then-hibernate.target via /etc/systemd/system -> /dev/null symlinks. Catches 'systemctl suspend' from any source. - dot_config/sway/config: XF86Sleep and system-mode 's' now run loginctl lock-session instead of systemctl suspend. - dot_config/sway/executable_power-menu.sh: drop Suspend entry. - KEYBINDS.md: reflect new behaviour. To re-enable later: remove the logind drop-in + symlink loop, then sudo systemctl daemon-reload. --- run_onchange_after_deploy-etc.sh.tmpl | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'run_onchange_after_deploy-etc.sh.tmpl') diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 743675a..a60d833 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -30,6 +30,18 @@ done # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo sudo ln -sfT sudo /etc/pam.d/sudo-i +# Mask sleep/suspend/hibernate at the unit level. See +# etc/systemd/logind.conf.d/20-no-suspend.conf for context. This blocks +# `systemctl suspend` from any source (manual, scripts, GUI menus) in +# addition to the logind key/lid handler overrides. To re-enable: +# remove these symlinks (and revert the logind drop-in) then +# `sudo systemctl daemon-reload`. +for target in sleep.target suspend.target hibernate.target \ + hybrid-sleep.target suspend-then-hibernate.target; do + sudo ln -sfT /dev/null "/etc/systemd/system/$target" +done +sudo systemctl daemon-reload + # Reload systemd-logind so changes under /etc/systemd/logind.conf.d/ # (e.g. HandlePowerKey overrides) take effect without dropping sessions. sudo systemctl kill -s HUP systemd-logind -- cgit v1.3.1