Version 255~rc1

- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS
- All the files and services related to pcrs are moved to -udev subpackage.
  This includes the new systemd-pcrlock binary.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2023-11-07 16:27:34 +01:00
parent a9b4725785
commit e8cc280d45
11 changed files with 51 additions and 825 deletions

View File

@ -1,243 +0,0 @@
From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 9 Sep 2023 14:46:32 +0200
Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units
This adds a new "PollLimit" pair of settings to .socket units, very
similar to existing "TriggerLimit" logic. The differences are:
* PollLimit focusses on the polling on the sockets, and pauses that
temporarily if a ratelimit on that is reached. TriggerLimit otoh
focusses on the triggering effect of socket units, and stops
triggering once the ratelimit is hit.
* While the trigger limit being hit is an action that causes the socket
unit to fail the polling limit being reached will just temporarily
disable polling on the socket fd, and it is resumed once the ratelimit
interval is over.
* When a socket unit operates on multiple socket fds (e,g, ListenStream=
on both some ipv6 and an ipv4 address or so). Then the PollLimit will
be specific to each fd, while the trigger limit is specific to the
whole unit.
Implementation-wise this is mostly a wrapper around sd-event's
sd_event_source_set_ratelimit(), which exposes the desired behaviour
directly.
Usecase for all of this: socket services which when overloaded with
connections should just slow down reception of it, but not fail
persistently.
(cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e)
---
man/org.freedesktop.systemd1.xml | 12 ++++++++++
src/core/dbus-socket.c | 8 +++++++
src/core/load-fragment-gperf.gperf.in | 2 ++
src/core/socket.c | 32 +++++++++++++++++++--------
src/core/socket.h | 2 ++
src/shared/bus-unit-util.c | 10 +++++----
6 files changed, 53 insertions(+), 13 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 56906e2f3b..0557dc2379 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
readonly t TriggerLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u TriggerLimitBurst = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly t PollLimitIntervalUSec = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly u PollLimitBurst = ...;
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
@@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitIntervalUSec"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="PollLimitBurst"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
@@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<!--End of Autogenerated section-->
+ <para><varname>PollLimitIntervalUSec</varname>/<varname>PollLimitBurst</varname> properties configure the
+ polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
+ zero the limiting feature is turned off.</para>
+
<refsect2>
<title>Properties</title>
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 09a3a9502b..04552b7c60 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = {
SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
@@ -248,6 +250,9 @@ static int bus_socket_set_transient_property(
if (streq(name, "TriggerLimitBurst"))
return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error);
+ if (streq(name, "PollLimitBurst"))
+ return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error);
+
if (streq(name, "SocketMode"))
return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error);
@@ -275,6 +280,9 @@ static int bus_socket_set_transient_property(
if (streq(name, "TriggerLimitIntervalUSec"))
return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error);
+ if (streq(name, "PollLimitIntervalUSec"))
+ return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error);
+
if (streq(name, "SmackLabel"))
return bus_set_transient_string(u, name, &s->smack, message, flags, error);
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index b66adf2811..0d1ee9c231 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -507,6 +507,8 @@ Socket.FileDescriptorName, config_parse_fdname,
Socket.Service, config_parse_socket_service, 0, 0
Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval)
Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst)
+Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit_interval)
+Socket.PollLimitBurst, config_parse_unsigned, 0, offsetof(Socket, poll_limit_burst)
{% if ENABLE_SMACK %}
Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack)
Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in)
diff --git a/src/core/socket.c b/src/core/socket.c
index 75034ac357..dc18744f54 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -101,6 +101,9 @@ static void socket_init(Unit *u) {
s->trigger_limit.interval = USEC_INFINITY;
s->trigger_limit.burst = UINT_MAX;
+
+ s->poll_limit_interval = USEC_INFINITY;
+ s->poll_limit_burst = UINT_MAX;
}
static void socket_unwatch_control_pid(Socket *s) {
@@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) {
* off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
* process whatever is queued in one go, and thus should normally never have to be started frequently. This is
* different for Accept=yes where each connection is processed by a new service instance, and thus frequent
- * service starts are typical. */
+ * service starts are typical.
+ *
+ * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to
+ * trigger this earlier. */
if (s->trigger_limit.interval == USEC_INFINITY)
s->trigger_limit.interval = 2 * USEC_PER_SEC;
+ if (s->trigger_limit.burst == UINT_MAX)
+ s->trigger_limit.burst = s->accept ? 200 : 20;
- if (s->trigger_limit.burst == UINT_MAX) {
- if (s->accept)
- s->trigger_limit.burst = 200;
- else
- s->trigger_limit.burst = 20;
- }
+ if (s->poll_limit_interval == USEC_INFINITY)
+ s->poll_limit_interval = 2 * USEC_PER_SEC;
+ if (s->poll_limit_burst == UINT_MAX)
+ s->poll_limit_burst = s->accept ? 150 : 15;
if (have_non_accept_socket(s)) {
@@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
fprintf(f,
"%sTriggerLimitIntervalSec: %s\n"
- "%sTriggerLimitBurst: %u\n",
+ "%sTriggerLimitBurst: %u\n"
+ "%sPollLimitIntervalSec: %s\n"
+ "%sPollLimitBurst: %u\n",
prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC),
- prefix, s->trigger_limit.burst);
+ prefix, s->trigger_limit.burst,
+ prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC),
+ prefix, s->poll_limit_burst);
str = ip_protocol_to_name(s->socket_protocol);
if (str)
@@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) {
(void) sd_event_source_set_description(p->event_source, "socket-port-io");
}
+
+ r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst);
+ if (r < 0)
+ log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m");
}
return 0;
diff --git a/src/core/socket.h b/src/core/socket.h
index 191d27f46d..b03a291e4a 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -158,6 +158,8 @@ struct Socket {
char *fdname;
RateLimit trigger_limit;
+ usec_t poll_limit_interval;
+ unsigned poll_limit_burst;
};
SocketPeer *socket_peer_ref(SocketPeer *p);
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index e7b44cc39b..9f0f37488d 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
return 1;
}
- if (streq(field, "TriggerLimitBurst"))
+ if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst"))
return bus_append_safe_atou(m, field, eq);
- if (streq(field, "TriggerLimitIntervalSec"))
+ if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec"))
return bus_append_parse_sec_rename(m, field, eq);
return 0;
@@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
"MaxConnections",
"MaxConnectionsPerSource",
"KeepAliveProbes",
- "TriggerLimitBurst"))
+ "TriggerLimitBurst",
+ "PollLimitBurst"))
return bus_append_safe_atou(m, field, eq);
if (STR_IN_SET(field, "SocketMode",
@@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
"KeepAliveTimeSec",
"KeepAliveIntervalSec",
"DeferAcceptSec",
- "TriggerLimitIntervalSec"))
+ "TriggerLimitIntervalSec",
+ "PollLimitIntervalSec"))
return bus_append_parse_sec_rename(m, field, eq);
if (STR_IN_SET(field, "ReceiveBuffer",

View File

@ -1,50 +0,0 @@
From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 19 Sep 2023 16:06:26 -0700
Subject: [PATCH] find_legacy_keymap: extend variant match bonus again
If the column is "-" and the X context variant specifer only
contains commas, we should also give the match bonus. The variant
string is supposed to be a comma-separated list as long as the
list of layouts, so it's quite natural for consumers to be written
in such a way that they pass a string only containing commas if
there are multiple layouts and no variants. anaconda is a real
world case that does this.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
src/locale/localed-util.c | 2 +-
src/locale/test-localed-util.c | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
index eba13a2ac3..9b6949e14d 100644
--- a/src/locale/localed-util.c
+++ b/src/locale/localed-util.c
@@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
matching++;
- if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
+ if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) {
matching++;
if (streq_ptr(xc->options, a[4]))
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
index f702ff29b0..e92c178a98 100644
--- a/src/locale/test-localed-util.c
+++ b/src/locale/test-localed-util.c
@@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) {
assert_se(streq(vc.keymap, "bg_bds-utf8"));
vc_context_clear(&vc);
+ /* same, but with variant specified as "," */
+ log_info("/* test with variant as ',', desired match second (bg,us:) */");
+ assert_se(free_and_strdup(&xc.variant, ",") >= 0);
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
+ vc_context_clear(&vc);
+
log_info("/* test with old mapping (fr:latin9) */");
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);

View File

@ -1,58 +0,0 @@
From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 15 Sep 2023 15:35:36 -0700
Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching
We should give a match bonus if the X context variant is empty
and the xvariant column in kbd-model-map is "-" (which means
none). Currently, we don't, which means that if you call this
on a context with layouts bg,us and no variant, you get the
console layout bg_pho-utf8 instead of bg_bds-utf8 (because both
score the same, and the bg_pho-utf8 row comes first). You should
get bg_bds-utf8 in this case.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
src/locale/localed-util.c | 2 +-
src/locale/test-localed-util.c | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
index 02fac9786b..6a05b50a31 100644
--- a/src/locale/localed-util.c
+++ b/src/locale/localed-util.c
@@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
matching++;
- if (streq_ptr(xc->variant, a[3])) {
+ if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
matching++;
if (streq_ptr(xc->options, a[4]))
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
index cb66dffd48..a19d80a967 100644
--- a/src/locale/test-localed-util.c
+++ b/src/locale/test-localed-util.c
@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) {
assert_se(streq(vc.keymap, "es-dvorak"));
vc_context_clear(&vc);
+ /* es no-variant test is not very good as the desired match
+ comes first in the list so will win if both candidates score
+ the same. in this case the desired match comes second so will
+ not win unless we correctly give the no-variant match a bonus
+ */
+ log_info("/* test without variant, desired match second (bg,us:) */");
+ assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0);
+ assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
+ assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
+ assert_se(streq(vc.keymap, "bg_bds-utf8"));
+ vc_context_clear(&vc);
+
log_info("/* test with old mapping (fr:latin9) */");
assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
--
2.41.0

View File

@ -1,25 +0,0 @@
From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 20 Sep 2023 15:14:31 -0700
Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry
qwerty here is a variant, not an option.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
src/locale/kbd-model-map | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map
index a145e13ecd..279d1a36d8 100644
--- a/src/locale/kbd-model-map
+++ b/src/locale/kbd-model-map
@@ -52,7 +52,7 @@ es es pc105 - terminate:ctrl_alt_bksp
ro-cedilla ro pc105 cedilla terminate:ctrl_alt_bksp
ie ie pc105 - terminate:ctrl_alt_bksp
et ee pc105 - terminate:ctrl_alt_bksp
-sk-qwerty sk pc105 - terminate:ctrl_alt_bksp,qwerty
+sk-qwerty sk pc105 qwerty terminate:ctrl_alt_bksp
sk-qwertz sk pc105 - terminate:ctrl_alt_bksp
fr-latin9 fr pc105 latin9 terminate:ctrl_alt_bksp
fr_CH-latin1 ch pc105 fr terminate:ctrl_alt_bksp

View File

@ -1,117 +0,0 @@
From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 15 Sep 2023 16:02:29 -0700
Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order
reversed
The lines in kbd-model-map date back to ye olde times (RH's old
system-config-keyboard), and I think predate this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1039185
where we got strong feedback that, for 'switched' layout setups
like Russian, US English should be the *first* layout and the
native layout the *second* one. This is how anaconda and, as of
recently, gnome-initial-setup configure such cases - but that
means, if we try to use localed to convert these configurations
using kbd-model-map, we get the wrong result (we get "us" as the
console layout). See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1912609
where we first noticed this wasn't working right, but sadly, we
'fixed' it with a not-really-correct bodge in anaconda instead
of doing it properly.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
src/locale/localed-util.c | 44 ++++++++++++++++++++++------------
src/locale/test-localed-util.c | 5 +++-
2 files changed, 33 insertions(+), 16 deletions(-)
diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
index 6a05b50a31..eba13a2ac3 100644
--- a/src/locale/localed-util.c
+++ b/src/locale/localed-util.c
@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
/* If we got an exact match, this is the best */
matching = 10;
else {
- /* We have multiple X layouts, look for an
- * entry that matches our key with everything
- * but the first layout stripped off. */
- if (startswith_comma(xc->layout, a[1]))
- matching = 5;
+ /* see if we get an exact match with the order reversed */
+ _cleanup_strv_free_ char **b = NULL;
+ _cleanup_free_ char *c = NULL;
+ r = strv_split_full(&b, a[1], ",", 0);
+ if (r < 0)
+ return r;
+ strv_reverse(b);
+ c = strv_join(b, ",");
+ if (!c)
+ return log_oom();
+ if (streq(xc->layout, c))
+ matching = 9;
else {
- _cleanup_free_ char *x = NULL;
-
- /* If that didn't work, strip off the
- * other layouts from the entry, too */
- x = strdupcspn(a[1], ",");
- if (!x)
- return -ENOMEM;
- if (startswith_comma(xc->layout, x))
- matching = 1;
+ /* We have multiple X layouts, look for an
+ * entry that matches our key with everything
+ * but the first layout stripped off. */
+ if (startswith_comma(xc->layout, a[1]))
+ matching = 5;
+ else {
+ _cleanup_free_ char *x = NULL;
+
+ /* If that didn't work, strip off the
+ * other layouts from the entry, too */
+ x = strdupcspn(a[1], ",");
+ if (!x)
+ return -ENOMEM;
+ if (startswith_comma(xc->layout, x))
+ matching = 1;
+ }
}
}
@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
}
}
- if (best_matching < 10 && !isempty(xc->layout)) {
+ if (best_matching < 9 && !isempty(xc->layout)) {
_cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL;
/* The best match is only the first part of the X11
diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
index a19d80a967..f702ff29b0 100644
--- a/src/locale/test-localed-util.c
+++ b/src/locale/test-localed-util.c
@@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) {
assert_se(streq(vc.keymap, "fr-latin9"));
vc_context_clear(&vc);
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */
+ /* us,ru is the x config users want, but they still want ru
+ as the console layout in this case */
log_info("/* test with a compound mapping (us,ru:) */");
assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0);
assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
- assert_se(streq(vc.keymap, "us"));
+ assert_se(streq(vc.keymap, "ru"));
vc_context_clear(&vc);
log_info("/* test with a compound mapping (ru,us:) */");
--
2.41.0

View File

@ -1,80 +0,0 @@
From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Sep 2023 17:51:49 +0200
Subject: [PATCH 2/3] man: document the new
PollLimitIntervalSec=/PollLimitBurst= settings
(cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e)
---
man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++--------
1 file changed, 47 insertions(+), 11 deletions(-)
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 45555302f1..462978d438 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -830,17 +830,53 @@
<term><varname>TriggerLimitIntervalSec=</varname></term>
<term><varname>TriggerLimitBurst=</varname></term>
- <listitem><para>Configures a limit on how often this socket unit may be activated within a specific time
- interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
- interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
- <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
- the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
- value and specifies the number of permitted activations per time interval, and defaults to 200 for
- <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20
- activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the
- socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this
- limit is enforced before the service activation is enqueued.</para></listitem>
+ <listitem><para>Configures a limit on how often this socket unit may be activated within a specific
+ time interval. The <varname>TriggerLimitIntervalSec=</varname> setting may be used to configure the
+ length of the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>,
+ <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
+ details on the various time units understood). The <varname>TriggerLimitBurst=</varname> setting
+ takes a positive integer value and specifies the number of permitted activations per time interval,
+ and defaults to 200 for <varname>Accept=yes</varname> sockets (thus by default permitting 200
+ activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of
+ trigger rate limiting.</para>
+
+ <para>If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible
+ anymore until restarted. Note that this limit is enforced before the service activation is
+ enqueued.</para>
+
+ <para>Compare with <varname>PollLimitIntervalSec=</varname>/<varname>PollLimitBurst=</varname>
+ described below, which implements a temporary slowdown if a socket unit is flooded with incoming
+ traffic, as opposed to the permanent failure state
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> results in.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>PollLimitIntervalSec=</varname></term>
+ <term><varname>PollLimitBurst=</varname></term>
+
+ <listitem><para>Configures a limit on how often polling events on the file descriptors backing this
+ socket unit will be considered. This pair of settings is similar to
+ <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> but instead of
+ putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling
+ frequency. The expected parameter syntax and range are identical to that of the aforementioned
+ options, and can be disabled the same way.</para>
+
+ <para>If the polling limit is hit polling is temporarily disabled on it until the specified time
+ window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger
+ limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts
+ through packet flooding.</para>
+
+ <para>The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit
+ which is enforced for the entire socket unit. This distinction matters for socket units that listen
+ on multiple file descriptors (i.e. have multiple <varname>ListenXYZ=</varname> stanzas).</para>
+
+ <para>These setting defaults to 150 (in case of <varname>Accept=yes</varname>) and 15 (otherwise)
+ polling events per 2s. This is considerably lower than the default values for the trigger limit (see
+ above) and means that the polling limit should typically ensure the trigger limit is never hit,
+ unless one of them is reconfigured or disabled.</para>
+ </listitem>
</varlistentry>
</variablelist>

View File

@ -1,79 +0,0 @@
From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Sep 2023 18:05:27 +0200
Subject: [PATCH 3/3] ci: add test for poll limit
(cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853)
---
test/TEST-07-PID1/test.sh | 2 ++
test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++
2 files changed, 50 insertions(+)
create mode 100755 test/units/testsuite-07.poll-limit.sh
diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh
index 1c3d7137fe..d0e35d870f 100755
--- a/test/TEST-07-PID1/test.sh
+++ b/test/TEST-07-PID1/test.sh
@@ -32,6 +32,8 @@ Alias=issue2730-alias.mount
EOF
"${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount
ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount"
+
+ image_install logger
}
do_test "$@"
diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh
new file mode 100755
index 0000000000..480d7ee8df
--- /dev/null
+++ b/test/units/testsuite-07.poll-limit.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+systemd-analyze log-level debug
+
+cat > /run/systemd/system/floodme@.service <<EOF
+[Service]
+ExecStart=/bin/true
+EOF
+
+cat > /run/systemd/system/floodme.socket <<EOF
+[Socket]
+ListenStream=/tmp/floodme
+PollLimitIntervalSec=10s
+Accept=yes
+PollLimitBurst=3
+EOF
+
+systemctl daemon-reload
+systemctl start floodme.socket
+
+START=$(date +%s%N)
+
+# Trigger this 100 times in a flood
+for (( i=0 ; i < 100; i++ )) ; do
+ logger -u /tmp/floodme foo &
+done
+
+# Let some time pass
+sleep 5
+
+END=$(date +%s%N)
+
+PASSED=$((END-START))
+
+# Calculate (round up) how many trigger events could have happened in the passed time
+MAXCOUNT=$(((PASSED+10000000000)*3/10000000000))
+
+# We started 100 connection attempts, but only 3 should have gone through, as per limit
+test "$(systemctl show -P NAccepted floodme.socket)" -le "$MAXCOUNT"
+
+systemctl stop floodme.socket floodme@*.service
+
+rm /run/systemd/system/floodme@.service /run/systemd/system/floodme.socket /tmp/floodme
+
+systemctl daemon-reload

View File

@ -1,94 +0,0 @@
From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 26 Jul 2023 09:02:04 +0200
Subject: [PATCH] rpm: add %systemd_postun_with_reload and
%systemd_user_postun_with_reload
For some units, the package would like to issue a reload. The machinery was
already in place since c9615f73521986b3607b852c139036d58973043c:
systemctl reload-or-restart --marked
Enqueues restart jobs for all units that have the 'needs-restart'
mark, and reload jobs for units that have the 'needs-reload' mark.
When a unit marked for reload does not support reload, restart will
be queued.
The new macros allow a reload to be issued instead of a restart.
Based on the discussion on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/
Tested using dummy package https://github.com/keszybz/rpm-test-reload.
---
src/rpm/macros.systemd.in | 16 ++++++++++++++++
src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
index c07541c7286c..f05553f557e9 100644
--- a/src/rpm/macros.systemd.in
+++ b/src/rpm/macros.systemd.in
@@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
fi \
%{nil}
+%systemd_postun_with_reload() \
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+ # Package upgrade, not uninstall \
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \
+fi \
+%{nil}
+
+%systemd_user_postun_with_reload() \
+%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \
+if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+ # Package upgrade, not uninstall \
+ {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \
+fi \
+%{nil}
+
%udev_hwdb_update() %{nil}
%udev_rules_update() %{nil}
diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
index c623a5ea1722..c81e16c3d3ff 100755
--- a/src/rpm/systemd-update-helper.in
+++ b/src/rpm/systemd-update-helper.in
@@ -47,6 +47,15 @@ case "$command" in
wait
;;
+ mark-reload-system-units)
+ [ -d /run/systemd/system ] || exit 0
+
+ for unit in "$@"; do
+ systemctl set-property "$unit" Markers=+needs-reload &
+ done
+ wait
+ ;;
+
mark-restart-user-units)
[ -d /run/systemd/system ] || exit 0
@@ -60,6 +69,19 @@ case "$command" in
wait
;;
+ mark-reload-user-units)
+ [ -d /run/systemd/system ] || exit 0
+
+ users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
+ for user in $users; do
+ for unit in "$@"; do
+ SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \
+ systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload &
+ done
+ done
+ wait
+ ;;
+
system-reload-restart|system-reload|system-restart)
if [ -n "$*" ]; then
echo "Unexpected arguments for '$command': $*"

View File

@ -1 +1 @@
SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a
SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824

View File

@ -150,7 +150,7 @@ for file in files(buildroot):
integritytab|
remount-fs|
/initrd|
systemd-pcrphase|
systemd-pcr|
systemd-measure|
/boot$|
/kernel/|

View File

@ -35,7 +35,7 @@
Name: systemd
Url: https://systemd.io
%if %{without inplace}
Version: 254.5
Version: 255~rc1
%else
# determine the build information from local checkout
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@ -104,21 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
Patch0001: https://github.com/systemd/systemd/pull/26494.patch
# Backport of patches that allow reloading of units
Patch0002: https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch
# Backport of improvements to console keyboard layout guessing
# https://github.com/systemd/systemd/pull/29215
# https://bugzilla.redhat.com/show_bug.cgi?id=1912609
Patch0003: 0001-find_legacy_keymap-fix-empty-variant-matching.patch
Patch0004: 0002-find_legacy_keymap-try-matching-with-layout-order-re.patch
Patch0005: 0001-find_legacy_keymap-extend-variant-match-bonus-again.patch
Patch0006: 0001-keyboard-model-map-correct-sk-qwerty-entry.patch
# Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
Patch0010: 0001-core-add-new-PollLimit-settings-to-.socket-units.patch
Patch0011: 0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch
Patch0012: 0003-ci-add-test-for-poll-limit.patch
# Those are downstream-only patches, but we don't want them in packit builds:
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@ -128,7 +113,7 @@ Patch0490: use-bfq-scheduler.patch
Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
%global want_bootloader 1
%endif
BuildRequires: gcc
@ -204,6 +189,9 @@ BuildRequires: python3dist(pytest-flakes)
%endif
BuildRequires: python3dist(pytest)
BuildRequires: python3dist(zstd)
%if 0%{?want_bootloader}
BuildRequires: python3dist(pyelftools)
%endif
# gzip and lzma are provided by the stdlib
BuildRequires: firewalld-filesystem
BuildRequires: libseccomp-devel
@ -408,7 +396,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon.
It also contains tools to manage encrypted home areas and secrets bound to the
machine, and to create or grow partitions and make file systems automatically.
%if 0%{?have_gnu_efi}
%if 0%{?want_bootloader}
%package ukify
Summary: Tool to build Unified Kernel Images
Requires: %{name} = %{version}-%{release}
@ -576,16 +564,6 @@ package and is meant for use in exitrds.
%prep
%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1
%generate_buildrequires
%if 0%{?have_gnu_efi}
if grep -q gnu-efi meson_options.txt; then
echo 'gnu-efi'
echo 'gnu-efi-devel'
else
echo 'python3dist(pyelftools)'
fi
%endif
%build
%global ntpvendor %(source /etc/os-release; echo ${ID})
%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
@ -599,44 +577,44 @@ CONFIGURE_OPTS=(
-Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
-Dservice-watchdog=
-Ddev-kvm-mode=0666
-Dkmod=true
-Dxkbcommon=true
-Dblkid=true
-Dfdisk=true
-Dseccomp=true
-Dkmod=enabled
-Dxkbcommon=enabled
-Dblkid=enabled
-Dfdisk=enabled
-Dseccomp=enabled
-Dima=true
-Dselinux=true
-Dbpf-framework=%[0%{?have_bpf}?"true":"false"]
-Dapparmor=false
-Dpolkit=true
-Dxz=%[%{with xz}?"true":"false"]
-Dzlib=%[%{with zlib}?"true":"false"]
-Dbzip2=%[%{with bzip2}?"true":"false"]
-Dlz4=%[%{with lz4}?"true":"false"]
-Dzstd=%[%{with zstd}?"true":"false"]
-Dpam=true
-Dacl=true
-Dselinux=enabled
-Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"]
-Dapparmor=disabled
-Dpolkit=enabled
-Dxz=%[%{with xz}?"enabled":"disabled"]
-Dzlib=%[%{with zlib}?"enabled":"disabled"]
-Dbzip2=%[%{with bzip2}?"enabled":"disabled"]
-Dlz4=%[%{with lz4}?"enabled":"disabled"]
-Dzstd=%[%{with zstd}?"enabled":"disabled"]
-Dpam=enabled
-Dacl=enabled
-Dsmack=true
-Dopenssl=true
-Dopenssl=enabled
-Dcryptolib=openssl
-Dp11kit=true
-Dgcrypt=false
-Daudit=true
-Delfutils=true
-Dlibcryptsetup=%[%{with bootstrap}?"false":"true"]
-Delfutils=true
-Dpwquality=true
-Dqrencode=%[%{defined rhel}?"false":"true"]
-Dgnutls=%[%{with gnutls}?"true":"false"]
-Dmicrohttpd=true
-Dlibidn2=true
-Dp11kit=enabled
-Dgcrypt=disabled
-Daudit=enabled
-Delfutils=enabled
-Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"]
-Delfutils=enabled
-Dpwquality=enabled
-Dqrencode=%[%{defined rhel}?"disabled":"enabled"]
-Dgnutls=%[%{with gnutls}?"enabled":"disabled"]
-Dmicrohttpd=enabled
-Dlibidn2=enabled
-Dlibiptc=false
-Dlibcurl=true
-Dlibfido2=true
-Dxenctrl=%[0%{?have_xen}?"true":"false"]
-Dlibcurl=enabled
-Dlibfido2=enabled
-Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"]
-Defi=true
-Dtpm=true
-Dtpm2=true
-Dtpm2=enabled
-Dhwdb=true
-Dsysusers=true
-Dstandalone-binaries=true
@ -653,7 +631,7 @@ CONFIGURE_OPTS=(
-Dsplit-bin=true
-Db_lto=%[%{with lto}?"true":"false"]
-Db_ndebug=false
-Dman=true
-Dman=enabled
-Dversion-tag=%{version}-%{release}
# https://bugzilla.redhat.com/show_bug.cgi?id=1906010
-Dshared-lib-tag=%{version_no_tilde}-%{release}
@ -690,21 +668,15 @@ CONFIGURE_OPTS=(
-Dsystemd-network-uid=192
-Dsystemd-resolve-uid=193
# -Dsystemd-timesync-uid=, not set yet
)
if grep gnu-efi meson_options.txt; then
CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] )
else
# For now, let's build the bootloader in the same places where we
# built with gnu-efi. Later on, we might want to extend coverage, but
# considering that that support is untested, let's not do this now.
# Note, ukify requires bootloader, let's also explicitly enable/disable it
# here for https://github.com/systemd/systemd/pull/24175.
CONFIGURE_OPTS+=(
-Dbootloader=%[%{?have_gnu_efi}?"true":"false"]
-Dukify=%[%{?have_gnu_efi}?"true":"false"]
)
fi
# For now, let's build the bootloader in the same places where we
# built with gnu-efi. Later on, we might want to extend coverage, but
# considering that that support is untested, let's not do this now.
# Note, ukify requires bootloader, let's also explicitly enable/disable it
# here for https://github.com/systemd/systemd/pull/24175.
-Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"]
-Dukify=%[%{?want_bootloader}?"enabled":"disabled"]
)
%if %{without lto}
%global _lto_cflags %nil
@ -994,7 +966,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
# a different package version.
systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || :
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target
%post udev
# Move old stuff around in /var/lib
@ -1172,7 +1144,7 @@ fi
%files udev -f .file-list-udev
%if 0%{?have_gnu_efi}
%if 0%{?want_bootloader}
%files ukify -f .file-list-ukify
%files boot-unsigned -f .file-list-boot
%endif