rpms/systemd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport some fixes

Browse Source 
Resolves: #1310608 #1321392 #1325462 #1328947 #1336960 #1341179 #1350686 #1357822 #1339131 #1352378
This commit is contained in:
Jan Synacek 2016-07-20 15:04:55 +02:00
parent 443fb40969
commit 06752e79eb
11 changed files with 812 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch Normal file
View File

@ -0,0 +1,61 @@
From 68239871c255877a0f0ba9814b399e9adc01d186 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 28 Apr 2016 17:09:50 +0200
Subject: [PATCH 1/8] core: make sure to close connection fd when we fail to
activate a per-connection service
Fixes: #2993 #2691
(cherry picked from commit 3e7a1f50e473a374e1657d2051237e2db04c4db2)
Resolves: #1310608
---
src/core/service.c | 2 +-
src/core/service.h | 1 +
src/core/socket.c | 6 +++++-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index ac7e41d..01d6582 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -181,7 +181,7 @@ static int service_set_main_pid(Service *s, pid_t pid) {
return 0;
}
-static void service_close_socket_fd(Service *s) {
+void service_close_socket_fd(Service *s) {
assert(s);
s->socket_fd = asynchronous_close(s->socket_fd);
diff --git a/src/core/service.h b/src/core/service.h
index d342e00..20bfd06 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -200,6 +200,7 @@ struct Service {
extern const UnitVTable service_vtable;
int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
+void service_close_socket_fd(Service *s);
const char* service_restart_to_string(ServiceRestart i) _const_;
ServiceRestart service_restart_from_string(const char *s) _pure_;
diff --git a/src/core/socket.c b/src/core/socket.c
index 976687a..60906b1 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1994,8 +1994,12 @@ static void socket_enter_running(Socket *s, int cfd) {
s->n_connections ++;
r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
- if (r < 0)
+ if (r < 0) {
+ /* We failed to activate the new service, but it still exists. Let's make sure the service
+ * closes and forgets the connection fd again, immediately. */
+ service_close_socket_fd(service);
goto fail;
+ }
/* Notify clients about changed counters */
unit_add_to_dbus_queue(UNIT(s));
--
2.7.4

36
0033-device-Ensure-we-have-sysfs-path-before-comparing.patch Normal file
View File

@ -0,0 +1,36 @@
From 7b175c402c0da5a8cc6fdbfc005ec43c0f5d00d4 Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Mon, 14 Mar 2016 09:42:07 +0000
Subject: [PATCH 2/8] device: Ensure we have sysfs path before comparing.
In some cases we do not have a udev device when setting up a unit
(certainly the code gracefully handles this). However, we do
then go on to compare the path via path_equal which will assert
if a null value is passed in.
See https://bugs.mageia.org/show_bug.cgi?id=17766
Not sure if this is the correct fix, but it avoids the crash
(cherry picked from commit 5e1558f4a09e596561c9168384f2258e7c0718a1)
Resolves: #1321392
---
src/core/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/device.c b/src/core/device.c
index d201dc5..c64e01c 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -318,7 +318,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
* the GC to have garbaged it. That's desired since the device
* unit may have a dependency on the mount unit which was
* added during the loading of the later. */
- if (u && DEVICE(u)->state == DEVICE_PLUGGED) {
+ if (sysfs && u && DEVICE(u)->state == DEVICE_PLUGGED) {
/* This unit is in plugged state: we're sure it's
* attached to a device. */
if (!path_equal(DEVICE(u)->sysfs, sysfs)) {
--
2.7.4

106
0034-networkctl-split-out-system-status-stuff-into-its-ow.patch Normal file
View File

@ -0,0 +1,106 @@
From 07a676a01a3157073629692213fcd5e458cf9150 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Feb 2016 18:20:40 +0100
Subject: [PATCH 3/8] networkctl: split out system status stuff into its own
function
(cherry picked from commit 0070333f26543a319a17aee8b22bdde4071630c4)
Resolves: #1325462
---
src/network/networkctl.c | 67 ++++++++++++++++++++++++++----------------------
1 file changed, 36 insertions(+), 31 deletions(-)
diff --git a/src/network/networkctl.c b/src/network/networkctl.c
index 60724fc..9640e30 100644
--- a/src/network/networkctl.c
+++ b/src/network/networkctl.c
@@ -660,12 +660,46 @@ static int link_status_one(
return 0;
}
+static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
+ _cleanup_free_ char *operational_state = NULL;
+ _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
+ const char *on_color_operational, *off_color_operational;
+
+ assert(rtnl);
+
+ sd_network_get_operational_state(&operational_state);
+ operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+
+ printf("%s%s%s State: %s%s%s\n",
+ on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
+ on_color_operational, strna(operational_state), off_color_operational);
+
+ dump_addresses(rtnl, " Address: ", 0);
+ dump_gateways(rtnl, hwdb, " Gateway: ", 0);
+
+ sd_network_get_dns(&dns);
+ dump_list(" DNS: ", dns);
+
+ sd_network_get_search_domains(&search_domains);
+ dump_list("Search Domains: ", search_domains);
+
+ sd_network_get_route_domains(&route_domains);
+ dump_list(" Route Domains: ", route_domains);
+
+ sd_network_get_ntp(&ntp);
+ dump_list(" NTP: ", ntp);
+
+ return 0;
+}
+
static int link_status(int argc, char *argv[], void *userdata) {
_cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
char **name;
int r;
+ pager_open_if_enabled();
+
r = sd_netlink_open(&rtnl);
if (r < 0)
return log_error_errno(r, "Failed to connect to netlink: %m");
@@ -674,37 +708,8 @@ static int link_status(int argc, char *argv[], void *userdata) {
if (r < 0)
log_debug_errno(r, "Failed to open hardware database: %m");
- if (argc <= 1 && !arg_all) {
- _cleanup_free_ char *operational_state = NULL;
- _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains;
- const char *on_color_operational, *off_color_operational;
-
- sd_network_get_operational_state(&operational_state);
- operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
-
- printf("%s%s%s State: %s%s%s\n",
- on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
- on_color_operational, strna(operational_state), off_color_operational);
-
- dump_addresses(rtnl, " Address: ", 0);
- dump_gateways(rtnl, hwdb, " Gateway: ", 0);
-
- sd_network_get_dns(&dns);
- dump_list(" DNS: ", dns);
-
- sd_network_get_search_domains(&search_domains);
- dump_list("Search Domains: ", search_domains);
-
- sd_network_get_route_domains(&route_domains);
- dump_list(" Route Domains: ", route_domains);
-
- sd_network_get_ntp(&ntp);
- dump_list(" NTP: ", ntp);
-
- return 0;
- }
-
- pager_open_if_enabled();
+ if (argc <= 1 && !arg_all)
+ return system_status(rtnl, hwdb);
if (arg_all) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
--
2.7.4

35
0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch Normal file
View File

@ -0,0 +1,35 @@
From 3d52ea376b88d6edf6ba8176deae999c89344192 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 26 Apr 2016 05:19:10 -0400
Subject: [PATCH 4/8] systemd --user: call pam_loginuid when creating
user@.service (#3120)
This way the user service will have a loginuid, and it will be inherited by
child services. This shouldn't change anything as far as systemd itself is
concerned, but is nice for various services spawned from by systemd --user
that expect a loginuid.
pam_loginuid(8) says that it should be enabled for "..., crond and atd".
user@.service should behave similarly to those two as far as audit is
concerned.
https://bugzilla.redhat.com/show_bug.cgi?id=1328947#c28
(cherry picked from commit 1000522a60ceade446773c67031b47a566d4a70d)
Resolves: #1328947
---
src/login/systemd-user.m4 | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index 7933508..f188a8e 100644
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -8,4 +8,5 @@ m4_ifdef(`HAVE_SELINUX',
session required pam_selinux.so close
session required pam_selinux.so nottys open
)m4_dnl
+session required pam_loginuid.so
session include system-auth
--
2.7.4

29
0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch Normal file
View File

@ -0,0 +1,29 @@
From b01ab427e13e5f780ab7d0af8e9e0f8975b03170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 19 May 2016 15:08:41 -0400
Subject: [PATCH 5/8] systemctl: suppress no-[Install] hint when --quiet is
used (#3295)
https://bugzilla.redhat.com/show_bug.cgi?id=1336960
(cherry picked from commit 35b132e8ad3c50614605e00cf8ff20988094d21c)
Resolves: #1336960
---
src/systemctl/systemctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 908ccab..b4581fe 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5521,7 +5521,7 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
r = 0;
}
- if (carries_install_info == 0)
+ if (carries_install_info == 0 && !arg_quiet)
log_warning("The unit files have no [Install] section. They are not meant to be enabled\n"
"using systemctl.\n"
"Possible reasons for having this kind of units are:\n"
--
2.7.4

159
0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch Normal file
View File

@ -0,0 +1,159 @@
From e62432d67c5a4c1a9315179aa92119cf15f4210a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 16 Jun 2016 15:29:16 +0200
Subject: [PATCH 6/8] systemctl: make sure we terminate the bus connection
first, and then close the pager (#3550)
If "systemctl -H" is used, let's make sure we first terminate the bus
connection, and only then close the pager. If done in this order ssh will get
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
terminate. This makes sure the standard error we were invoked on is released by
ssh, and only that makes sure we don't deadlock on the pager which waits for
all clients closing its input pipe.
(Similar fixes for the various other xyzctl tools that support both pagers and
-H)
Fixes: #3543
(cherry picked from commit cf647b69baee4c478d3909c327e3d917e1563f44)
Resolves: #1341179
---
src/libsystemd/sd-bus/busctl.c | 3 ++-
src/locale/localectl.c | 3 ++-
src/login/loginctl.c | 4 +++-
src/machine/machinectl.c | 3 ++-
src/systemctl/systemctl.c | 4 ++--
src/timedate/timedatectl.c | 3 ++-
6 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
index 35fabf0..c806d6f 100644
--- a/src/libsystemd/sd-bus/busctl.c
+++ b/src/libsystemd/sd-bus/busctl.c
@@ -1974,7 +1974,7 @@ static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
}
int main(int argc, char *argv[]) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ sd_bus *bus = NULL;
int r;
log_parse_environment();
@@ -2065,6 +2065,7 @@ int main(int argc, char *argv[]) {
r = busctl_main(bus, argc, argv);
finish:
+ sd_bus_flush_close_unref(bus);
pager_close();
strv_free(arg_matches);
diff --git a/src/locale/localectl.c b/src/locale/localectl.c
index 365c79a..45404f1 100644
--- a/src/locale/localectl.c
+++ b/src/locale/localectl.c
@@ -664,7 +664,7 @@ static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
}
int main(int argc, char*argv[]) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ sd_bus *bus = NULL;
int r;
setlocale(LC_ALL, "");
@@ -684,6 +684,7 @@ int main(int argc, char*argv[]) {
r = localectl_main(bus, argc, argv);
finish:
+ sd_bus_flush_close_unref(bus);
pager_close();
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
diff --git a/src/login/loginctl.c b/src/login/loginctl.c
index 6ad3d08..601d180 100644
--- a/src/login/loginctl.c
+++ b/src/login/loginctl.c
@@ -1532,7 +1532,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
}
int main(int argc, char *argv[]) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ sd_bus *bus = NULL;
int r;
setlocale(LC_ALL, "");
@@ -1554,6 +1554,8 @@ int main(int argc, char *argv[]) {
r = loginctl_main(argc, argv, bus);
finish:
+ sd_bus_flush_close_unref(bus);
+
pager_close();
polkit_agent_close();
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
index 4853139..4798228 100644
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@@ -2646,7 +2646,7 @@ static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
}
int main(int argc, char*argv[]) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ sd_bus *bus = NULL;
int r;
setlocale(LC_ALL, "");
@@ -2668,6 +2668,7 @@ int main(int argc, char*argv[]) {
r = machinectl_main(argc, argv, bus);
finish:
+ sd_bus_flush_close_unref(bus);
pager_close();
polkit_agent_close();
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index b4581fe..0996920 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7684,6 +7684,8 @@ int main(int argc, char*argv[]) {
}
finish:
+ release_busses();
+
pager_close();
ask_password_agent_close();
polkit_agent_close();
@@ -7695,8 +7697,6 @@ finish:
strv_free(arg_wall);
free(arg_root);
- release_busses();
-
/* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
return r < 0 ? EXIT_FAILURE : r;
diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
index 097963b..7e88fd1 100644
--- a/src/timedate/timedatectl.c
+++ b/src/timedate/timedatectl.c
@@ -488,7 +488,7 @@ static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
}
int main(int argc, char *argv[]) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ sd_bus *bus = NULL;
int r;
setlocale(LC_ALL, "");
@@ -508,6 +508,7 @@ int main(int argc, char *argv[]) {
r = timedatectl_main(bus, argc, argv);
finish:
+ sd_bus_flush_close_unref(bus);
pager_close();
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
--
2.7.4

78
0038-core-move-start-ratelimiting-check-after-condition-c.patch Normal file
View File

@ -0,0 +1,78 @@
From 7f67b70a9ff9ae99beb8175791f2b3e19d2274b9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 26 Apr 2016 20:34:33 +0200
Subject: [PATCH 7/8] core: move start ratelimiting check after condition
checks
With #2564 unit start rate limiting was moved from after the condition checks
are to before they are made, in an attempt to fix #2467. This however resulted
in #2684. However, with a previous commit a concept of per socket unit trigger
rate limiting has been added, to fix #2467 more comprehensively, hence the
start limit can be moved after the condition checks again, thus fixing #2684.
Fixes: #2684
(cherry picked from commit 7629ec4642b03517742d09b7303c204fddf82108)
Resolves: #1350686
---
man/systemd.unit.xml | 3 ++-
src/core/load-fragment-gperf.gperf.m4 | 1 +
src/core/unit.c | 10 +++++-----
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 5794681..39cb525 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -768,7 +768,8 @@
manually at a later point, from which point on, the restart logic is again activated. Note that
<command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
which is useful if the administrator wants to manually start a unit and the start limit interferes with
- that.</para></listitem>
+ that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
+ activations with failing conditions are not counted by this rate limiting.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5024fd1..479f5e3 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -220,6 +220,7 @@ Service.TimeoutStartSec, config_parse_service_timeout, 0,
Service.TimeoutStopSec, config_parse_service_timeout, 0, 0
Service.RuntimeMaxSec, config_parse_sec, 0, offsetof(Service, runtime_max_usec)
Service.WatchdogSec, config_parse_sec, 0, offsetof(Service, watchdog_usec)
+m4_dnl The following three only exist for compatibility, they moved into Unit, see above
Service.StartLimitInterval, config_parse_sec, 0, offsetof(Unit, start_limit.interval)
Service.StartLimitBurst, config_parse_unsigned, 0, offsetof(Unit, start_limit.burst)
Service.StartLimitAction, config_parse_failure_action, 0, offsetof(Unit, start_limit_action)
diff --git a/src/core/unit.c b/src/core/unit.c
index 3c4f85e..d3d3720 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1472,11 +1472,6 @@ int unit_start(Unit *u) {
if (UNIT_IS_ACTIVE_OR_RELOADING(state))
return -EALREADY;
- /* Make sure we don't enter a busy loop of some kind. */
- r = unit_start_limit_test(u);
- if (r < 0)
- return r;
-
/* Units that aren't loaded cannot be started */
if (u->load_state != UNIT_LOADED)
return -EINVAL;
@@ -1518,6 +1513,11 @@ int unit_start(Unit *u) {
if (!UNIT_VTABLE(u)->start)
return -EBADR;
+ /* Make sure we don't enter a busy loop of some kind. */
+ r = unit_start_limit_test(u);
+ if (r < 0)
+ return r;
+
/* We don't suppress calls to ->start() here when we are
* already starting, to allow this request to be used as a
* "hurry up" call, for example when the unit is in some "auto
--
2.7.4

64
0039-strbuf-set-the-proper-character-when-creating-new-no.patch Normal file
View File

@ -0,0 +1,64 @@
From c8db0d7662af5aa4d43c4e61fb09715b8436bdab Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 3 May 2016 22:15:49 +0200
Subject: [PATCH 8/8] strbuf: set the proper character when creating new nodes
Commit 82501b3fc added an early break when a terminal node is found to
incorrect place -- before setting c. This caused trie to be built that
does not correspond to what it points to in buffer, causing incorrect
deduplications:
# cat /etc/udev/rules.d/99-bug.rules
ENV{FOO}=="0"
ENV{xx0}=="BAR"
ENV{BAZ}=="00"
# udevadm test
* RULE /etc/udev/rules.d/99-bug.rules:1, token: 0, count: 2, label: ''
M ENV match 'FOO' '0'(plain)
* RULE /etc/udev/rules.d/99-bug.rules:2, token: 2, count: 2, label: ''
M ENV match 'xx0' 'BAR'(plain)
* RULE /etc/udev/rules.d/99-bug.rules:3, token: 4, count: 2, label: ''
M ENV match 'BAZ' 'x0'(plain)
* END
The addition of "xx0" following "0" will cause a trie like this to be
created:
c=\0
c=0 "0"
c=0 "xx0" <-- note the c is incorrect here, causing "00" to be
c=O "FOO" deduplicated to it
c=R "BAR"
This in effect caused the usb_modeswitch rule for Huawei modems to never
match and this never be switched to serial mode from mass storage.
(cherry picked from commit c45606eb95a7171b0dc801e91d35034957ad5e9e)
Resolves: #1357822
---
src/basic/strbuf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
index dac2881..79eef6c 100644
--- a/src/basic/strbuf.c
+++ b/src/basic/strbuf.c
@@ -156,12 +156,13 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
return off;
}
+ c = s[len - 1 - depth];
+
/* bsearch is not allowed on a NULL sequence */
if (node->children_count == 0)
break;
/* lookup child node */
- c = s[len - 1 - depth];
search.c = c;
child = bsearch(&search, node->children, node->children_count,
sizeof(struct strbuf_child_entry),
--
2.7.4

176
0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch Normal file
View File

@ -0,0 +1,176 @@
From 8cb2654db12ef043c3e93bae21d421de420a064d Mon Sep 17 00:00:00 2001
From: Susant Sahani <ssahani@users.noreply.github.com>
Date: Thu, 21 Apr 2016 06:04:13 +0530
Subject: [PATCH 1/2] networkd: bump MTU to 1280 for interfaces which have IPv6
enabled (#3077)
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
This fixes #3046.
Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
Introduce network_has_static_ipv6_addresses() to find out if any static
ipv6 address configured.
If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
IPv6 addresses not configured, then IPv6 will be automatically disabled for that
interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
(cherry picked from commit 439689c6ec48faba67565562d75701d5736567e7)
Related: #1352378
---
man/systemd.network.xml | 2 ++
src/basic/missing.h | 4 ++++
src/network/networkd-link.c | 50 +++++++++++++++++++++++++++++++++++++++++-
src/network/networkd-network.c | 13 +++++++++++
src/network/networkd-network.h | 2 ++
5 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index f88751b..e3df1b3 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -202,6 +202,8 @@
<para>The maximum transmission unit in bytes to set for the
device. The usual suffixes K, M, G, are supported and are
understood to the base of 1024.</para>
+ <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
+ below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
</listitem>
</varlistentry>
</variablelist>
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 36b0604..048b3fb 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -912,6 +912,10 @@ static inline int setns(int fd, int nstype) {
#define IPV6_UNICAST_IF 76
#endif
+#ifndef IPV6_MIN_MTU
+#define IPV6_MIN_MTU 1280
+#endif
+
#ifndef IFF_MULTI_QUEUE
#define IFF_MULTI_QUEUE 0x100
#endif
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 692c0bf..a6039dd 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -88,6 +88,15 @@ bool link_ipv6ll_enabled(Link *link) {
return link->network->link_local & ADDRESS_FAMILY_IPV6;
}
+static bool link_ipv6_enabled(Link *link) {
+ assert(link);
+
+ if (!socket_ipv6_is_supported())
+ return false;
+
+ return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+}
+
bool link_lldp_enabled(Link *link) {
if (link->flags & IFF_LOOPBACK)
return false;
@@ -167,6 +176,31 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
return link->network->ipv6_privacy_extensions;
}
+static int link_enable_ipv6(Link *link) {
+ const char *p = NULL;
+ bool disabled;
+ int r;
+
+ if (link->flags & IFF_LOOPBACK)
+ return 0;
+
+ disabled = !link_ipv6_enabled(link);
+
+ p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
+
+ r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname);
+ else {
+ if (disabled)
+ log_link_info(link, "IPv6 disabled for interface: %m");
+ else
+ log_link_info(link, "IPv6 enabled for interface: %m");
+ }
+
+ return 0;
+}
+
void link_update_operstate(Link *link) {
LinkOperationalState operstate;
assert(link);
@@ -1382,7 +1416,21 @@ static int link_up(Link *link) {
return log_link_error_errno(link, r, "Could not set MAC address: %m");
}
+ /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
+ for this interface then disable IPv6 else enable it. */
+ (void) link_enable_ipv6(link);
+
if (link->network->mtu) {
+ /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
+ on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
+ if (link_ipv6_enabled(link) && link->network->mtu < IPV6_MIN_MTU) {
+
+ log_link_warning(link, "Bumping MTU to " STRINGIFY(IPV6_MIN_MTU) ", as "
+ "IPv6 is requested and requires a minimum MTU of " STRINGIFY(IPV6_MIN_MTU) " bytes: %m");
+
+ link->network->mtu = IPV6_MIN_MTU;
+ }
+
r = sd_netlink_message_append_u32(req, IFLA_MTU, link->network->mtu);
if (r < 0)
return log_link_error_errno(link, r, "Could not set MTU: %m");
@@ -1392,7 +1440,7 @@ static int link_up(Link *link) {
if (r < 0)
return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
- if (socket_ipv6_is_supported()) {
+ if (link_ipv6_enabled(link)) {
/* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
r = sd_netlink_message_open_container(req, AF_INET6);
if (r < 0)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 54f76fe..9f2cbce 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -394,6 +394,19 @@ int network_apply(Manager *manager, Network *network, Link *link) {
return 0;
}
+bool network_has_static_ipv6_addresses(Network *network) {
+ Address *address;
+
+ assert(network);
+
+ LIST_FOREACH(addresses, address, network->static_addresses) {
+ if (address->family == AF_INET6)
+ return true;
+ }
+
+ return false;
+}
+
int config_parse_netdev(const char *unit,
const char *filename,
unsigned line,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index 03c3f20..16533a7 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -168,6 +168,8 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret);
int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
int network_apply(Manager *manager, Network *network, Link *link);
+bool network_has_static_ipv6_addresses(Network *network);
+
int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
--
2.7.4

44
0041-networkd-disable-IPv6-for-bridge-slave.patch Normal file
View File

@ -0,0 +1,44 @@
From e6fa5ce26d67724cf94addbf14aa100965b78a05 Mon Sep 17 00:00:00 2001
From: Tom Yan <tom.ty89@gmail.com>
Date: Sat, 28 May 2016 13:35:01 +0800
Subject: [PATCH 2/2] networkd: disable IPv6 for bridge slave
If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
(cherry picked from commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
Resolves: #1352378
---
src/network/networkd-link.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index a6039dd..13f9e89 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -94,7 +94,11 @@ static bool link_ipv6_enabled(Link *link) {
if (!socket_ipv6_is_supported())
return false;
- return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+ if (link->network->bridge)
+ return false;
+
+ /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
+ return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
}
bool link_lldp_enabled(Link *link) {
@@ -1416,8 +1420,8 @@ static int link_up(Link *link) {
return log_link_error_errno(link, r, "Could not set MAC address: %m");
}
- /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
- for this interface then disable IPv6 else enable it. */
+ /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
+ for this interface, or if it is a bridge slave, then disable IPv6 else enable it. */
(void) link_enable_ipv6(link);
if (link->network->mtu) {
--
2.7.4

25
systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 229
Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
Release: 9%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@ -65,6 +65,16 @@ Patch0028: 0028-keymap-util-also-convert-ru-to-ru.patch
Patch0029: 0029-resolved-don-t-stop-handle-messages-after-receiving-.patch
Patch0030: 0030-sd-device-udev-db-handle-properties-with-empty-value.patch
Patch0031: 0031-core-fix-the-reversed-sanity-check-when-setting-Star.patch
Patch0032: 0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch
Patch0033: 0033-device-Ensure-we-have-sysfs-path-before-comparing.patch
Patch0034: 0034-networkctl-split-out-system-status-stuff-into-its-ow.patch
Patch0035: 0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch
Patch0036: 0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch
Patch0037: 0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch
Patch0038: 0038-core-move-start-ratelimiting-check-after-condition-c.patch
Patch0039: 0039-strbuf-set-the-proper-character-when-creating-new-no.patch
Patch0040: 0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch
Patch0041: 0041-networkd-disable-IPv6-for-bridge-slave.patch
Patch0999: 0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
@ -949,6 +959,19 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
/usr/lib/firewalld/services/*
%changelog
* Wed Jul 20 2016 Jan Synáček <jsynacek@redhat.com> - 229-9
- core: make sure to close connection fd when we fail to activate a per-connection service (#1310608)
- device: Ensure we have sysfs path before comparing. (#1321392)
- networkctl: split out system status stuff into its own function (#1325462)
- systemd --user: call pam_loginuid when creating user@.service (#3120) (#1328947)
- systemctl: suppress no-[Install] hint when --quiet is used (#3295) (#1336960)
- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) (#1341179)
- core: move start ratelimiting check after condition checks (#1350686)
- strbuf: set the proper character when creating new nodes (#1357822)
- fix: networkctl status: abort, munmap_chunk(): invalid pointer (#1339131)
- networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077) (#1352378)
- networkd: disable IPv6 for bridge slave (#1352378)
* Mon May 30 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-8
- Patches for #1316964, #1317928, #1338823
- Make localed convert X11 'ru' layout to 'ru' console keymap (#1333998)