Compare commits
19 Commits
Author | SHA1 | Date |
---|---|---|
Zbigniew Jędrzejewski-Szmek | cfc4155361 | |
Zbigniew Jędrzejewski-Szmek | f06aedf357 | |
Zbigniew Jędrzejewski-Szmek | 2db1b855c4 | |
Zbigniew Jędrzejewski-Szmek | ae8ac59076 | |
Susant Sahani | 841dd54e44 | |
Michal Sekletar | 0e4d67be19 | |
Jan Synacek | a7d1c05883 | |
Michal Sekletar | 6037cb4380 | |
Zbigniew Jędrzejewski-Szmek | f4cc4c90ab | |
Zbigniew Jędrzejewski-Szmek | d550c96234 | |
Zbigniew Jędrzejewski-Szmek | bc76c3b9de | |
Zbigniew Jędrzejewski-Szmek | 8a9b24f9e9 | |
Zbigniew Jędrzejewski-Szmek | 6474b3a260 | |
Zbigniew Jędrzejewski-Szmek | 96242b19e4 | |
Zbigniew Jędrzejewski-Szmek | a53414d804 | |
Jan Synacek | 06752e79eb | |
Zbigniew Jędrzejewski-Szmek | 443fb40969 | |
Zbigniew Jędrzejewski-Szmek | c2ed70225d | |
Zbigniew Jędrzejewski-Szmek | fa28e232ce |
|
@ -1,9 +1,11 @@
|
|||
From 15b947fb798cd131355ba9935802d58e92bdba6e Mon Sep 17 00:00:00 2001
|
||||
From f4bb8c3a9aed5ddefb66380c818d04aa0b663693 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 4 Mar 2016 21:46:47 -0500
|
||||
Subject: [PATCH] test-compress-benchmark: skip loop iteration if size is 0
|
||||
|
||||
Otherwise we would hit an assert in the compression code.
|
||||
|
||||
(cherry picked from commit 15b947fb798cd131355ba9935802d58e92bdba6e)
|
||||
---
|
||||
src/journal/test-compress-benchmark.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
|
@ -0,0 +1,38 @@
|
|||
From c411521802d5e89eeb5cdf39cdd7b9538a3a3a08 Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Tue, 15 Mar 2016 12:43:33 +0100
|
||||
Subject: [PATCH] time-util: fall back to CLOCK_MONOTONIC if CLOCK_BOOTTIME
|
||||
unsupported
|
||||
|
||||
It was added in 2.6.39, and causes an assertion to fail when running in mock
|
||||
hosted on 2.6.23-based RHEL-6:
|
||||
|
||||
Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
|
||||
|
||||
(cherry picked from commit 2abd5b5a49ae368b258ffc7257ab703bccda67dd)
|
||||
---
|
||||
src/basic/time-util.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
|
||||
index 510f018d9b..ec112e23e2 100644
|
||||
--- a/src/basic/time-util.c
|
||||
+++ b/src/basic/time-util.c
|
||||
@@ -47,12 +47,15 @@ static clockid_t map_clock_id(clockid_t c) {
|
||||
/* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
|
||||
* fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
|
||||
* when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
|
||||
- * those archs. */
|
||||
+ * those archs.
|
||||
+ *
|
||||
+ * Also, older kernels don't support CLOCK_BOOTTIME: fall back to CLOCK_MONOTONIC. */
|
||||
|
||||
switch (c) {
|
||||
|
||||
+ case CLOCK_BOOTTIME:
|
||||
case CLOCK_BOOTTIME_ALARM:
|
||||
- return CLOCK_BOOTTIME;
|
||||
+ return clock_boottime_or_monotonic ();
|
||||
|
||||
case CLOCK_REALTIME_ALARM:
|
||||
return CLOCK_REALTIME;
|
|
@ -0,0 +1,47 @@
|
|||
From b1ab67134c28ade32eab8fde37840efac789affc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 11 Mar 2016 13:41:49 -0500
|
||||
Subject: [PATCH] headers: use __inline__ instead of inline
|
||||
|
||||
https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Alternate-Keywords.html#Alternate-Keywords
|
||||
recommends __inline__ over inline in ANSI C compatible headers.
|
||||
Tested with gcc-5.3 and clang-3.7.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1316964
|
||||
(cherry picked from commit 0cb27225e9c658d80538ace7a267ba0a2d2f44f2)
|
||||
---
|
||||
src/systemd/_sd-common.h | 2 +-
|
||||
src/systemd/sd-id128.h | 4 ++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h
|
||||
index 2d4e1f26e1..3bb886be75 100644
|
||||
--- a/src/systemd/_sd-common.h
|
||||
+++ b/src/systemd/_sd-common.h
|
||||
@@ -74,7 +74,7 @@
|
||||
#endif
|
||||
|
||||
#define _SD_DEFINE_POINTER_CLEANUP_FUNC(type, func) \
|
||||
- static inline void func##p(type **p) { \
|
||||
+ static __inline__ void func##p(type **p) { \
|
||||
if (*p) \
|
||||
func(*p); \
|
||||
} \
|
||||
diff --git a/src/systemd/sd-id128.h b/src/systemd/sd-id128.h
|
||||
index a3bf5897b8..4dff0b9b81 100644
|
||||
--- a/src/systemd/sd-id128.h
|
||||
+++ b/src/systemd/sd-id128.h
|
||||
@@ -100,11 +100,11 @@ int sd_id128_get_boot(sd_id128_t *ret);
|
||||
((x).bytes[15] & 15) >= 10 ? 'a' + ((x).bytes[15] & 15) - 10 : '0' + ((x).bytes[15] & 15), \
|
||||
0 })
|
||||
|
||||
-_sd_pure_ static inline int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
||||
+_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
|
||||
return memcmp(&a, &b, 16) == 0;
|
||||
}
|
||||
|
||||
-_sd_pure_ static inline int sd_id128_is_null(sd_id128_t a) {
|
||||
+_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
|
||||
return a.qwords[0] == 0 && a.qwords[1] == 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
From 641a7f0c61ff42ea55ad7152e7f874ea5d680a2d Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Wed, 9 Mar 2016 09:29:25 -0500
|
||||
Subject: [PATCH] /dev/console must be labeled with SELinux label
|
||||
|
||||
If the user specifies an selinux_apifs_context all content created in
|
||||
the container including /dev/console should use this label.
|
||||
|
||||
Currently when this uses the default label it gets labeled user_devpts_t,
|
||||
which would require us to write a policy allowing container processes to
|
||||
manage user_devpts_t. This means that an escaped process would be allowed
|
||||
to attack all users terminals as well as other container terminals. Changing
|
||||
the label to match the apifs_context, means the processes would only be allowed
|
||||
to manage their specific tty.
|
||||
|
||||
This change fixes a problem preventing RKT containers from working with systemd-nspawn.
|
||||
|
||||
(cherry picked from commit 68b020494d1ff085281061413d9236b5865ef238)
|
||||
---
|
||||
src/nspawn/nspawn.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
||||
index ef348c335b..8c06f6ef75 100644
|
||||
--- a/src/nspawn/nspawn.c
|
||||
+++ b/src/nspawn/nspawn.c
|
||||
@@ -87,6 +87,7 @@
|
||||
#ifdef HAVE_SECCOMP
|
||||
#include "seccomp-util.h"
|
||||
#endif
|
||||
+#include "selinux-util.h"
|
||||
#include "signal-util.h"
|
||||
#include "socket-util.h"
|
||||
#include "stat-util.h"
|
||||
@@ -3286,6 +3287,12 @@ int main(int argc, char *argv[]) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
+ if (arg_selinux_apifs_context) {
|
||||
+ r = mac_selinux_apply(console, arg_selinux_apifs_context);
|
||||
+ if (r < 0)
|
||||
+ goto finish;
|
||||
+ }
|
||||
+
|
||||
if (unlockpt(master) < 0) {
|
||||
r = log_error_errno(errno, "Failed to unlock tty: %m");
|
||||
goto finish;
|
|
@ -0,0 +1,90 @@
|
|||
From 1b8bdd05fcecd83cc8c8269f06a50ced055ab864 Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Tue, 1 Dec 2015 18:01:44 +0100
|
||||
Subject: [PATCH] fstab-generator: fix automount option and don't start
|
||||
associated mount unit at boot
|
||||
|
||||
Without this patch applied the mount unit with 'automount' option was still
|
||||
pulled by local-fs.target and thus was activated during the boot process which
|
||||
defeats the purpose of the 'automount' option:
|
||||
|
||||
$ grep /mnt /etc/fstab
|
||||
/dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
|
||||
|
||||
$ reboot
|
||||
...
|
||||
|
||||
$ mount | grep mnt
|
||||
systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
|
||||
/dev/vdb1 on /mnt type ext2 (rw,relatime)
|
||||
|
||||
$ systemctl status mnt.mount | grep Active
|
||||
Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
|
||||
|
||||
With the patch applied:
|
||||
|
||||
$ reboot
|
||||
...
|
||||
|
||||
$ mount | grep mnt
|
||||
systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
|
||||
|
||||
$ systemctl status mnt.mount | grep Active
|
||||
Active: inactive (dead)
|
||||
|
||||
$ ls /mnt
|
||||
lost+found
|
||||
|
||||
$ systemctl status mnt.mount | grep Active
|
||||
Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
|
||||
|
||||
(cherry picked from commit 2b14df4a9ae92623b584e61db6b5b37accd832c1)
|
||||
---
|
||||
src/core/mount.c | 11 ++++++++++-
|
||||
src/fstab-generator/fstab-generator.c | 4 ++--
|
||||
2 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/core/mount.c b/src/core/mount.c
|
||||
index de1075d3a0..cfe4b0f517 100644
|
||||
--- a/src/core/mount.c
|
||||
+++ b/src/core/mount.c
|
||||
@@ -104,6 +104,14 @@ static bool mount_is_auto(const MountParameters *p) {
|
||||
return !fstab_test_option(p->options, "noauto\0");
|
||||
}
|
||||
|
||||
+static bool mount_is_automount(const MountParameters *p) {
|
||||
+ assert(p);
|
||||
+
|
||||
+ return fstab_test_option(p->options,
|
||||
+ "comment=systemd.automount\0"
|
||||
+ "x-systemd.automount\0");
|
||||
+}
|
||||
+
|
||||
static bool needs_quota(const MountParameters *p) {
|
||||
assert(p);
|
||||
|
||||
@@ -328,7 +336,8 @@ static int mount_add_device_links(Mount *m) {
|
||||
if (path_equal(m->where, "/"))
|
||||
return 0;
|
||||
|
||||
- if (mount_is_auto(p) && UNIT(m)->manager->running_as == MANAGER_SYSTEM)
|
||||
+ if (mount_is_auto(p) && !mount_is_automount(p) &&
|
||||
+ UNIT(m)->manager->running_as == MANAGER_SYSTEM)
|
||||
device_wants_mount = true;
|
||||
|
||||
r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
|
||||
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
|
||||
index 97a48764ae..6f576b5ecf 100644
|
||||
--- a/src/fstab-generator/fstab-generator.c
|
||||
+++ b/src/fstab-generator/fstab-generator.c
|
||||
@@ -336,8 +336,8 @@ static int add_mount(
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to write unit file %s: %m", unit);
|
||||
|
||||
- if (!noauto) {
|
||||
- lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
|
||||
+ if (!noauto && !automount) {
|
||||
+ lnk = strjoin(arg_dest, "/", post, nofail ? ".wants/" : ".requires/", name, NULL);
|
||||
if (!lnk)
|
||||
return log_oom();
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From d5d78852bac634317639e87868647548c586b15a Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 5 Apr 2016 19:30:31 +0200
|
||||
Subject: [PATCH] shared: add a temporary work-around for kernel header
|
||||
inclusion fuck-up
|
||||
|
||||
See: #2864
|
||||
---
|
||||
src/shared/firewall-util.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
|
||||
index 0d3da2e6d2..ade2de7727 100644
|
||||
--- a/src/shared/firewall-util.c
|
||||
+++ b/src/shared/firewall-util.c
|
||||
@@ -17,14 +17,24 @@
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
+#warning "Temporary work-around for broken glibc vs. linux kernel header definitions"
|
||||
+#warning "This really should be removed sooner rather than later, when this is fixed upstream"
|
||||
+#define _NET_IF_H 1
|
||||
+
|
||||
#include <alloca.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <endian.h>
|
||||
#include <errno.h>
|
||||
-#include <net/if.h>
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
+#include <net/if.h>
|
||||
+#include <linux/if.h>
|
||||
+#ifndef IFNAMSIZ
|
||||
+#undef _NET_IF_H
|
||||
+/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
|
||||
+#include <net/if.h>
|
||||
+#endif
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#include <linux/netfilter/nf_nat.h>
|
||||
#include <linux/netfilter/xt_addrtype.h>
|
|
@ -0,0 +1,45 @@
|
|||
From 8becf310b0b72abe8e0bd9707fc8064636609e30 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 20 May 2016 09:12:42 -0400
|
||||
Subject: [PATCH] Make the fix for net/if.h fuckup even worse (#3287)
|
||||
|
||||
The original conflict is fixed in the kernel in v4.6-rc7-40-g4a91cb61bb,
|
||||
but now our work-around causes a compilation failure.
|
||||
Keep the workaround to support 4.5 kernels for now, and layer
|
||||
more ugliness on top.
|
||||
|
||||
Tested with:
|
||||
kernel-headers-4.6.0-1.fc25.x86_64
|
||||
glibc-devel-2.23.90-18.fc25.x86_64
|
||||
|
||||
kernel-headers-4.5.4-300.fc24.x86_64
|
||||
glibc-devel-2.23.1-7.fc24.x86_64
|
||||
|
||||
kernel-headers-4.4.9-300.fc23.x86_64
|
||||
glibc-devel-2.22-16.fc23.x86_64
|
||||
|
||||
kernel-headers-4.1.13-100.fc21.x86_64
|
||||
glibc-devel-2.20-8.fc21.x86_64
|
||||
---
|
||||
src/shared/firewall-util.c | 6 ++----
|
||||
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
|
||||
index ade2de7727..efcde9563d 100644
|
||||
--- a/src/shared/firewall-util.c
|
||||
+++ b/src/shared/firewall-util.c
|
||||
@@ -29,12 +29,10 @@
|
||||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
#include <net/if.h>
|
||||
-#include <linux/if.h>
|
||||
#ifndef IFNAMSIZ
|
||||
-#undef _NET_IF_H
|
||||
-/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
|
||||
-#include <net/if.h>
|
||||
+#define IFNAMSIZ 16
|
||||
#endif
|
||||
+#include <linux/if.h>
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#include <linux/netfilter/nf_nat.h>
|
||||
#include <linux/netfilter/xt_addrtype.h>
|
|
@ -0,0 +1,86 @@
|
|||
From 313f86d98c7232354d1d877f94f263dfcbcb7dd4 Mon Sep 17 00:00:00 2001
|
||||
From: James Hogarth <james.hogarth@gmail.com>
|
||||
Date: Tue, 17 May 2016 11:33:33 +0100
|
||||
Subject: [PATCH] check for valid resume= in order to allow a hibernate
|
||||
|
||||
---
|
||||
src/shared/sleep-config.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 53 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
|
||||
index a0aef66bc8..c516a6dc8a 100644
|
||||
--- a/src/shared/sleep-config.c
|
||||
+++ b/src/shared/sleep-config.c
|
||||
@@ -36,6 +36,10 @@
|
||||
#include "sleep-config.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
+#include "proc-cmdline.h"
|
||||
+#include "fstab-util.h"
|
||||
+
|
||||
+static char *arg_resume_dev = NULL;
|
||||
|
||||
#define USE(x, y) do{ (x) = (y); (y) = NULL; } while(0)
|
||||
|
||||
@@ -255,6 +259,51 @@ static bool enough_memory_for_hibernation(void) {
|
||||
return r;
|
||||
}
|
||||
|
||||
+static int parse_proc_cmdline_item(const char *key, const char *value) {
|
||||
+
|
||||
+ assert(key);
|
||||
+
|
||||
+ if (streq(key, "resume") && value) {
|
||||
+ free(arg_resume_dev);
|
||||
+ arg_resume_dev = fstab_node_to_udev_node(value);
|
||||
+ if (!arg_resume_dev)
|
||||
+ return log_oom();
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+
|
||||
+}
|
||||
+
|
||||
+static bool resume_passed_to_kernel(void) {
|
||||
+ int r = 0;
|
||||
+ struct stat rd;
|
||||
+
|
||||
+ r = parse_proc_cmdline(parse_proc_cmdline_item);
|
||||
+ if (r < 0) {
|
||||
+ log_warning("Failed to parse kernel command line, disabling hibernation.");
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (arg_resume_dev == NULL) {
|
||||
+ log_warning("No resume= argument specified in the kernel command line, disabling hibernation.");
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (stat(arg_resume_dev, &rd) < 0) {
|
||||
+ log_warning("Could not stat device %s specified in resume=, disabling hibernation.",
|
||||
+ arg_resume_dev);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (!S_ISBLK(rd.st_mode)) {
|
||||
+ log_warning("Device %s specified in resume= is not a block device, disabling hibernation.",
|
||||
+ arg_resume_dev);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
int can_sleep(const char *verb) {
|
||||
_cleanup_strv_free_ char **modes = NULL, **states = NULL;
|
||||
int r;
|
||||
@@ -270,5 +319,8 @@ int can_sleep(const char *verb) {
|
||||
if (!can_sleep_state(states) || !can_sleep_disk(modes))
|
||||
return false;
|
||||
|
||||
- return streq(verb, "suspend") || enough_memory_for_hibernation();
|
||||
+ if (streq(verb, "suspend"))
|
||||
+ return true;
|
||||
+
|
||||
+ return enough_memory_for_hibernation() && resume_passed_to_kernel();
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
From e8acb2eb8186d0c46059c0a18d328839886ccd36 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 29 May 2016 23:36:44 -0400
|
||||
Subject: [PATCH] keymap-util: also "convert" 'ru' to 'ru'
|
||||
|
||||
As discovered by Adam Williamson in
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1333998#c32, after the changes in
|
||||
81fd105a5f9 we would only match compound layouts, i.e. a comma would be
|
||||
required after 'ru' to match. This seems wrong, and we should match single
|
||||
layouts like too. So 'ru', 'ru,us' now both match.
|
||||
|
||||
startswith_comma is changed to not require a comma, i.e. check that the prefix
|
||||
matches until a comma or the end of the string. Note that startswith_comma is
|
||||
called twice. At the first site, we check that strings are not equal
|
||||
beforehand, so this change to startswith_comma has no effect. At the second
|
||||
site, it does have an effect, as described above.
|
||||
|
||||
(This commit is cherry-picked from
|
||||
https://github.com/systemd/systemd/pull/3384.)
|
||||
---
|
||||
src/locale/localed.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/locale/localed.c b/src/locale/localed.c
|
||||
index a2fc6af4c9..62f8341cb9 100644
|
||||
--- a/src/locale/localed.c
|
||||
+++ b/src/locale/localed.c
|
||||
@@ -101,9 +101,11 @@ static const char* nonempty(const char *s) {
|
||||
}
|
||||
|
||||
static bool startswith_comma(const char *s, const char *prefix) {
|
||||
- const char *t;
|
||||
+ s = startswith(s, prefix);
|
||||
+ if (!s)
|
||||
+ return false;
|
||||
|
||||
- return s && (t = startswith(s, prefix)) && (*t == ',');
|
||||
+ return *s == ',' || *s == '\0';
|
||||
}
|
||||
|
||||
static void context_free_x11(Context *c) {
|
||||
@@ -681,6 +683,8 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
|
||||
unsigned best_matching = 0;
|
||||
int r;
|
||||
|
||||
+ assert(c->x11_layout);
|
||||
+
|
||||
f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
|
||||
if (!f)
|
||||
return -errno;
|
||||
@@ -696,7 +700,7 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
|
||||
break;
|
||||
|
||||
/* Determine how well matching this entry is */
|
||||
- if (streq_ptr(c->x11_layout, a[1]))
|
||||
+ if (streq(c->x11_layout, a[1]))
|
||||
/* If we got an exact match, this is best */
|
||||
matching = 10;
|
||||
else {
|
|
@ -0,0 +1,54 @@
|
|||
From b9da815deb890443e80e11c73b5084dcfb75ad4f Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Mon, 23 May 2016 11:19:14 +0300
|
||||
Subject: [PATCH] resolved: don't stop handle messages after receiving a zero
|
||||
length UDP packet (#3323)
|
||||
|
||||
Fixes:
|
||||
|
||||
-bash-4.3# ss --udp -l -p
|
||||
State Recv-Q Send-Q Local Address:Port Peer Address:Port
|
||||
UNCONN 0 0 *:5355 *:* users:(("systemd-resolve",pid=601,fd=12))
|
||||
UNCONN 0 0 :::5355 :::* users:(("systemd-resolve",pid=601,fd=14))
|
||||
|
||||
-bash-4.3# nping --udp -p 5355 --data-length 0 -c 1 localhost
|
||||
|
||||
-bash-4.3# journalctl -u systemd-resolved -b --no-hostname
|
||||
...
|
||||
May 21 14:59:22 systemd-resolved[601]: Event source llmnr-ipv4-udp (type io) returned error, disabling: Input/output error
|
||||
...
|
||||
|
||||
-bash-4.3# nping --udp -p 5355 --data-length 1000 -c 1 localhost
|
||||
|
||||
-bash-4.3# ss --udp -l
|
||||
State Recv-Q Send-Q Local Address:Port Peer Address:Port
|
||||
UNCONN 2304 0 *:5355 *:*
|
||||
UNCONN 0 0 :::5355 :::*
|
||||
(cherry picked from commit f134289ac59560946e6559d9487e60c7690396ba)
|
||||
---
|
||||
src/resolve/resolved-manager.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
|
||||
index 7f9073448a..aeb2b78523 100644
|
||||
--- a/src/resolve/resolved-manager.c
|
||||
+++ b/src/resolve/resolved-manager.c
|
||||
@@ -643,6 +643,8 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
|
||||
mh.msg_controllen = sizeof(control);
|
||||
|
||||
l = recvmsg(fd, &mh, 0);
|
||||
+ if (l == 0)
|
||||
+ return 0;
|
||||
if (l < 0) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
return 0;
|
||||
@@ -650,9 +652,6 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
|
||||
return -errno;
|
||||
}
|
||||
|
||||
- if (l <= 0)
|
||||
- return -EIO;
|
||||
-
|
||||
assert(!(mh.msg_flags & MSG_CTRUNC));
|
||||
assert(!(mh.msg_flags & MSG_TRUNC));
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 17f18346b4158098adaaf7044660124418bca8c3 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Gundersen <teg@jklm.no>
|
||||
Date: Tue, 24 May 2016 01:34:29 +0200
|
||||
Subject: [PATCH] sd-device: udev-db - handle properties with empty value
|
||||
(#3330)
|
||||
|
||||
The statemachine was unable to parse properties with empty values,
|
||||
reported in [0].
|
||||
|
||||
When reaching the start of the KEY, we would unconditionally read
|
||||
one more character before starting to look for the end-of-line.
|
||||
Simply look for the end-of-line from the first character.
|
||||
|
||||
[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
|
||||
(cherry picked from commit bee26651fc3ca2fe6bed00cb0d9c91c429e9bb57)
|
||||
---
|
||||
src/libsystemd/sd-device/sd-device.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
|
||||
index 9633e46ce0..dfa1731b30 100644
|
||||
--- a/src/libsystemd/sd-device/sd-device.c
|
||||
+++ b/src/libsystemd/sd-device/sd-device.c
|
||||
@@ -561,7 +561,6 @@ int device_read_uevent_file(sd_device *device) {
|
||||
|
||||
state = VALUE;
|
||||
|
||||
- break;
|
||||
case VALUE:
|
||||
if (strchr(NEWLINE, uevent[i])) {
|
||||
uevent[i] = '\0';
|
|
@ -0,0 +1,27 @@
|
|||
From d43288b418d8dfc6f2e5ef7ac7048f0af593b70e Mon Sep 17 00:00:00 2001
|
||||
From: Tejun Heo <htejun@fb.com>
|
||||
Date: Mon, 23 May 2016 16:48:46 -0400
|
||||
Subject: [PATCH] core: fix the reversed sanity check when setting
|
||||
StartupBlockIOWeight over dbus
|
||||
|
||||
bus_cgroup_set_property() was rejecting if the input value was in range.
|
||||
Reverse it.
|
||||
|
||||
(cherry picked from commit 6fb09269769634df1096663ce90fac47585eb63a)
|
||||
---
|
||||
src/core/dbus-cgroup.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
|
||||
index 859d155ec1..0dbb355a8a 100644
|
||||
--- a/src/core/dbus-cgroup.c
|
||||
+++ b/src/core/dbus-cgroup.c
|
||||
@@ -325,7 +325,7 @@ int bus_cgroup_set_property(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- if (CGROUP_BLKIO_WEIGHT_IS_OK(weight))
|
||||
+ if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight))
|
||||
return sd_bus_error_set_errnof(error, EINVAL, "StartupBlockIOWeight value out of range");
|
||||
|
||||
if (mode != UNIT_CHECK) {
|
|
@ -0,0 +1,58 @@
|
|||
From 17c17ff59518267077632906ac39b7c69bf47f96 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Thu, 28 Apr 2016 17:09:50 +0200
|
||||
Subject: [PATCH] core: make sure to close connection fd when we fail to
|
||||
activate a per-connection service
|
||||
|
||||
Fixes: #2993 #2691
|
||||
(cherry picked from commit 3e7a1f50e473a374e1657d2051237e2db04c4db2)
|
||||
Resolves: rhbug#1310608
|
||||
---
|
||||
src/core/service.c | 2 +-
|
||||
src/core/service.h | 1 +
|
||||
src/core/socket.c | 6 +++++-
|
||||
3 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index ac7e41d777..01d6582aec 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -181,7 +181,7 @@ static int service_set_main_pid(Service *s, pid_t pid) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void service_close_socket_fd(Service *s) {
|
||||
+void service_close_socket_fd(Service *s) {
|
||||
assert(s);
|
||||
|
||||
s->socket_fd = asynchronous_close(s->socket_fd);
|
||||
diff --git a/src/core/service.h b/src/core/service.h
|
||||
index d342e000bb..20bfd0662b 100644
|
||||
--- a/src/core/service.h
|
||||
+++ b/src/core/service.h
|
||||
@@ -200,6 +200,7 @@ struct Service {
|
||||
extern const UnitVTable service_vtable;
|
||||
|
||||
int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
|
||||
+void service_close_socket_fd(Service *s);
|
||||
|
||||
const char* service_restart_to_string(ServiceRestart i) _const_;
|
||||
ServiceRestart service_restart_from_string(const char *s) _pure_;
|
||||
diff --git a/src/core/socket.c b/src/core/socket.c
|
||||
index 976687af41..60906b196c 100644
|
||||
--- a/src/core/socket.c
|
||||
+++ b/src/core/socket.c
|
||||
@@ -1994,8 +1994,12 @@ static void socket_enter_running(Socket *s, int cfd) {
|
||||
s->n_connections ++;
|
||||
|
||||
r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
|
||||
- if (r < 0)
|
||||
+ if (r < 0) {
|
||||
+ /* We failed to activate the new service, but it still exists. Let's make sure the service
|
||||
+ * closes and forgets the connection fd again, immediately. */
|
||||
+ service_close_socket_fd(service);
|
||||
goto fail;
|
||||
+ }
|
||||
|
||||
/* Notify clients about changed counters */
|
||||
unit_add_to_dbus_queue(UNIT(s));
|
|
@ -0,0 +1,33 @@
|
|||
From 53f2649652c3e0ec756e3a4545a88f6bda24cbce Mon Sep 17 00:00:00 2001
|
||||
From: Colin Guthrie <colin@mageia.org>
|
||||
Date: Mon, 14 Mar 2016 09:42:07 +0000
|
||||
Subject: [PATCH] device: Ensure we have sysfs path before comparing.
|
||||
|
||||
In some cases we do not have a udev device when setting up a unit
|
||||
(certainly the code gracefully handles this). However, we do
|
||||
then go on to compare the path via path_equal which will assert
|
||||
if a null value is passed in.
|
||||
|
||||
See https://bugs.mageia.org/show_bug.cgi?id=17766
|
||||
|
||||
Not sure if this is the correct fix, but it avoids the crash
|
||||
|
||||
(cherry picked from commit 5e1558f4a09e596561c9168384f2258e7c0718a1)
|
||||
Resolves: rhbug#1321392
|
||||
---
|
||||
src/core/device.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/device.c b/src/core/device.c
|
||||
index d201dc5e4b..c64e01c2aa 100644
|
||||
--- a/src/core/device.c
|
||||
+++ b/src/core/device.c
|
||||
@@ -318,7 +318,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
|
||||
* the GC to have garbaged it. That's desired since the device
|
||||
* unit may have a dependency on the mount unit which was
|
||||
* added during the loading of the later. */
|
||||
- if (u && DEVICE(u)->state == DEVICE_PLUGGED) {
|
||||
+ if (sysfs && u && DEVICE(u)->state == DEVICE_PLUGGED) {
|
||||
/* This unit is in plugged state: we're sure it's
|
||||
* attached to a device. */
|
||||
if (!path_equal(DEVICE(u)->sysfs, sysfs)) {
|
|
@ -0,0 +1,103 @@
|
|||
From c910d4a516c002f68f9d30a6457cbad0f02fed16 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Feb 2016 18:20:40 +0100
|
||||
Subject: [PATCH] networkctl: split out system status stuff into its own
|
||||
function
|
||||
|
||||
(cherry picked from commit 0070333f26543a319a17aee8b22bdde4071630c4)
|
||||
Resolves: rhbug#1325462
|
||||
---
|
||||
src/network/networkctl.c | 67 ++++++++++++++++++++++++++----------------------
|
||||
1 file changed, 36 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/src/network/networkctl.c b/src/network/networkctl.c
|
||||
index 60724fce80..9640e30499 100644
|
||||
--- a/src/network/networkctl.c
|
||||
+++ b/src/network/networkctl.c
|
||||
@@ -660,12 +660,46 @@ static int link_status_one(
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
|
||||
+ _cleanup_free_ char *operational_state = NULL;
|
||||
+ _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
|
||||
+ const char *on_color_operational, *off_color_operational;
|
||||
+
|
||||
+ assert(rtnl);
|
||||
+
|
||||
+ sd_network_get_operational_state(&operational_state);
|
||||
+ operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
|
||||
+
|
||||
+ printf("%s%s%s State: %s%s%s\n",
|
||||
+ on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
|
||||
+ on_color_operational, strna(operational_state), off_color_operational);
|
||||
+
|
||||
+ dump_addresses(rtnl, " Address: ", 0);
|
||||
+ dump_gateways(rtnl, hwdb, " Gateway: ", 0);
|
||||
+
|
||||
+ sd_network_get_dns(&dns);
|
||||
+ dump_list(" DNS: ", dns);
|
||||
+
|
||||
+ sd_network_get_search_domains(&search_domains);
|
||||
+ dump_list("Search Domains: ", search_domains);
|
||||
+
|
||||
+ sd_network_get_route_domains(&route_domains);
|
||||
+ dump_list(" Route Domains: ", route_domains);
|
||||
+
|
||||
+ sd_network_get_ntp(&ntp);
|
||||
+ dump_list(" NTP: ", ntp);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int link_status(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
|
||||
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
|
||||
char **name;
|
||||
int r;
|
||||
|
||||
+ pager_open_if_enabled();
|
||||
+
|
||||
r = sd_netlink_open(&rtnl);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to connect to netlink: %m");
|
||||
@@ -674,37 +708,8 @@ static int link_status(int argc, char *argv[], void *userdata) {
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to open hardware database: %m");
|
||||
|
||||
- if (argc <= 1 && !arg_all) {
|
||||
- _cleanup_free_ char *operational_state = NULL;
|
||||
- _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains;
|
||||
- const char *on_color_operational, *off_color_operational;
|
||||
-
|
||||
- sd_network_get_operational_state(&operational_state);
|
||||
- operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
|
||||
-
|
||||
- printf("%s%s%s State: %s%s%s\n",
|
||||
- on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
|
||||
- on_color_operational, strna(operational_state), off_color_operational);
|
||||
-
|
||||
- dump_addresses(rtnl, " Address: ", 0);
|
||||
- dump_gateways(rtnl, hwdb, " Gateway: ", 0);
|
||||
-
|
||||
- sd_network_get_dns(&dns);
|
||||
- dump_list(" DNS: ", dns);
|
||||
-
|
||||
- sd_network_get_search_domains(&search_domains);
|
||||
- dump_list("Search Domains: ", search_domains);
|
||||
-
|
||||
- sd_network_get_route_domains(&route_domains);
|
||||
- dump_list(" Route Domains: ", route_domains);
|
||||
-
|
||||
- sd_network_get_ntp(&ntp);
|
||||
- dump_list(" NTP: ", ntp);
|
||||
-
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- pager_open_if_enabled();
|
||||
+ if (argc <= 1 && !arg_all)
|
||||
+ return system_status(rtnl, hwdb);
|
||||
|
||||
if (arg_all) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;
|
|
@ -0,0 +1,32 @@
|
|||
From fa53f32e949f6d8722b371480fea7d2258785309 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 26 Apr 2016 05:19:10 -0400
|
||||
Subject: [PATCH] systemd --user: call pam_loginuid when creating user@.service
|
||||
(#3120)
|
||||
|
||||
This way the user service will have a loginuid, and it will be inherited by
|
||||
child services. This shouldn't change anything as far as systemd itself is
|
||||
concerned, but is nice for various services spawned from by systemd --user
|
||||
that expect a loginuid.
|
||||
|
||||
pam_loginuid(8) says that it should be enabled for "..., crond and atd".
|
||||
user@.service should behave similarly to those two as far as audit is
|
||||
concerned.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1328947#c28
|
||||
(cherry picked from commit 1000522a60ceade446773c67031b47a566d4a70d)
|
||||
Resolves: rhbug#1328947
|
||||
---
|
||||
src/login/systemd-user.m4 | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
|
||||
index 7933508f2b..f188a8e548 100644
|
||||
--- a/src/login/systemd-user.m4
|
||||
+++ b/src/login/systemd-user.m4
|
||||
@@ -8,4 +8,5 @@ m4_ifdef(`HAVE_SELINUX',
|
||||
session required pam_selinux.so close
|
||||
session required pam_selinux.so nottys open
|
||||
)m4_dnl
|
||||
+session required pam_loginuid.so
|
||||
session include system-auth
|
|
@ -0,0 +1,26 @@
|
|||
From 599fc965a46c36b9be06bcfd026e2dadeefbbbf5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 19 May 2016 15:08:41 -0400
|
||||
Subject: [PATCH] systemctl: suppress no-[Install] hint when --quiet is used
|
||||
(#3295)
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1336960
|
||||
(cherry picked from commit 35b132e8ad3c50614605e00cf8ff20988094d21c)
|
||||
Resolves: rhbug#1336960
|
||||
---
|
||||
src/systemctl/systemctl.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||
index 908ccabf8a..b4581fe542 100644
|
||||
--- a/src/systemctl/systemctl.c
|
||||
+++ b/src/systemctl/systemctl.c
|
||||
@@ -5521,7 +5521,7 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
|
||||
r = 0;
|
||||
}
|
||||
|
||||
- if (carries_install_info == 0)
|
||||
+ if (carries_install_info == 0 && !arg_quiet)
|
||||
log_warning("The unit files have no [Install] section. They are not meant to be enabled\n"
|
||||
"using systemctl.\n"
|
||||
"Possible reasons for having this kind of units are:\n"
|
|
@ -0,0 +1,156 @@
|
|||
From 95802bf0349e70d56eb00f7183a5dc4ff4655f09 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Thu, 16 Jun 2016 15:29:16 +0200
|
||||
Subject: [PATCH] systemctl: make sure we terminate the bus connection first,
|
||||
and then close the pager (#3550)
|
||||
|
||||
If "systemctl -H" is used, let's make sure we first terminate the bus
|
||||
connection, and only then close the pager. If done in this order ssh will get
|
||||
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
|
||||
terminate. This makes sure the standard error we were invoked on is released by
|
||||
ssh, and only that makes sure we don't deadlock on the pager which waits for
|
||||
all clients closing its input pipe.
|
||||
|
||||
(Similar fixes for the various other xyzctl tools that support both pagers and
|
||||
-H)
|
||||
|
||||
Fixes: #3543
|
||||
(cherry picked from commit cf647b69baee4c478d3909c327e3d917e1563f44)
|
||||
Resolves: rhbug#1341179
|
||||
---
|
||||
src/libsystemd/sd-bus/busctl.c | 3 ++-
|
||||
src/locale/localectl.c | 3 ++-
|
||||
src/login/loginctl.c | 4 +++-
|
||||
src/machine/machinectl.c | 3 ++-
|
||||
src/systemctl/systemctl.c | 4 ++--
|
||||
src/timedate/timedatectl.c | 3 ++-
|
||||
6 files changed, 13 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
|
||||
index 35fabf038c..c806d6fe96 100644
|
||||
--- a/src/libsystemd/sd-bus/busctl.c
|
||||
+++ b/src/libsystemd/sd-bus/busctl.c
|
||||
@@ -1974,7 +1974,7 @@ static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
+ sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
log_parse_environment();
|
||||
@@ -2065,6 +2065,7 @@ int main(int argc, char *argv[]) {
|
||||
r = busctl_main(bus, argc, argv);
|
||||
|
||||
finish:
|
||||
+ sd_bus_flush_close_unref(bus);
|
||||
pager_close();
|
||||
|
||||
strv_free(arg_matches);
|
||||
diff --git a/src/locale/localectl.c b/src/locale/localectl.c
|
||||
index 365c79aa51..45404f1fa7 100644
|
||||
--- a/src/locale/localectl.c
|
||||
+++ b/src/locale/localectl.c
|
||||
@@ -664,7 +664,7 @@ static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
int main(int argc, char*argv[]) {
|
||||
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
+ sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
setlocale(LC_ALL, "");
|
||||
@@ -684,6 +684,7 @@ int main(int argc, char*argv[]) {
|
||||
r = localectl_main(bus, argc, argv);
|
||||
|
||||
finish:
|
||||
+ sd_bus_flush_close_unref(bus);
|
||||
pager_close();
|
||||
|
||||
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
||||
diff --git a/src/login/loginctl.c b/src/login/loginctl.c
|
||||
index 6ad3d089bd..601d18063e 100644
|
||||
--- a/src/login/loginctl.c
|
||||
+++ b/src/login/loginctl.c
|
||||
@@ -1532,7 +1532,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
+ sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
setlocale(LC_ALL, "");
|
||||
@@ -1554,6 +1554,8 @@ int main(int argc, char *argv[]) {
|
||||
r = loginctl_main(argc, argv, bus);
|
||||
|
||||
finish:
|
||||
+ sd_bus_flush_close_unref(bus);
|
||||
+
|
||||
pager_close();
|
||||
polkit_agent_close();
|
||||
|
||||
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
|
||||
index 4853139321..479822880c 100644
|
||||
--- a/src/machine/machinectl.c
|
||||
+++ b/src/machine/machinectl.c
|
||||
@@ -2646,7 +2646,7 @@ static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
|
||||
}
|
||||
|
||||
int main(int argc, char*argv[]) {
|
||||
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
+ sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
setlocale(LC_ALL, "");
|
||||
@@ -2668,6 +2668,7 @@ int main(int argc, char*argv[]) {
|
||||
r = machinectl_main(argc, argv, bus);
|
||||
|
||||
finish:
|
||||
+ sd_bus_flush_close_unref(bus);
|
||||
pager_close();
|
||||
polkit_agent_close();
|
||||
|
||||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||
index b4581fe542..0996920241 100644
|
||||
--- a/src/systemctl/systemctl.c
|
||||
+++ b/src/systemctl/systemctl.c
|
||||
@@ -7684,6 +7684,8 @@ int main(int argc, char*argv[]) {
|
||||
}
|
||||
|
||||
finish:
|
||||
+ release_busses();
|
||||
+
|
||||
pager_close();
|
||||
ask_password_agent_close();
|
||||
polkit_agent_close();
|
||||
@@ -7695,8 +7697,6 @@ finish:
|
||||
strv_free(arg_wall);
|
||||
free(arg_root);
|
||||
|
||||
- release_busses();
|
||||
-
|
||||
/* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
|
||||
|
||||
return r < 0 ? EXIT_FAILURE : r;
|
||||
diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
|
||||
index 097963b41b..7e88fd15c8 100644
|
||||
--- a/src/timedate/timedatectl.c
|
||||
+++ b/src/timedate/timedatectl.c
|
||||
@@ -488,7 +488,7 @@ static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
+ sd_bus *bus = NULL;
|
||||
int r;
|
||||
|
||||
setlocale(LC_ALL, "");
|
||||
@@ -508,6 +508,7 @@ int main(int argc, char *argv[]) {
|
||||
r = timedatectl_main(bus, argc, argv);
|
||||
|
||||
finish:
|
||||
+ sd_bus_flush_close_unref(bus);
|
||||
pager_close();
|
||||
|
||||
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
|
@ -0,0 +1,74 @@
|
|||
From 4322539b5cfe3f5b43d6377dcaa65221744bf4fb Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 26 Apr 2016 20:34:33 +0200
|
||||
Subject: [PATCH] core: move start ratelimiting check after condition checks
|
||||
|
||||
With #2564 unit start rate limiting was moved from after the condition checks
|
||||
are to before they are made, in an attempt to fix #2467. This however resulted
|
||||
in #2684. However, with a previous commit a concept of per socket unit trigger
|
||||
rate limiting has been added, to fix #2467 more comprehensively, hence the
|
||||
start limit can be moved after the condition checks again, thus fixing #2684.
|
||||
|
||||
Fixes: #2684
|
||||
(cherry picked from commit 7629ec4642b03517742d09b7303c204fddf82108)
|
||||
Resolves: rhbug#1350686
|
||||
---
|
||||
man/systemd.unit.xml | 3 ++-
|
||||
src/core/load-fragment-gperf.gperf.m4 | 1 +
|
||||
src/core/unit.c | 10 +++++-----
|
||||
3 files changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
|
||||
index 5794681963..39cb5250f7 100644
|
||||
--- a/man/systemd.unit.xml
|
||||
+++ b/man/systemd.unit.xml
|
||||
@@ -768,7 +768,8 @@
|
||||
manually at a later point, from which point on, the restart logic is again activated. Note that
|
||||
<command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
|
||||
which is useful if the administrator wants to manually start a unit and the start limit interferes with
|
||||
- that.</para></listitem>
|
||||
+ that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
|
||||
+ activations with failing conditions are not counted by this rate limiting.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
|
||||
index 5024fd19a5..479f5e30f3 100644
|
||||
--- a/src/core/load-fragment-gperf.gperf.m4
|
||||
+++ b/src/core/load-fragment-gperf.gperf.m4
|
||||
@@ -220,6 +220,7 @@ Service.TimeoutStartSec, config_parse_service_timeout, 0,
|
||||
Service.TimeoutStopSec, config_parse_service_timeout, 0, 0
|
||||
Service.RuntimeMaxSec, config_parse_sec, 0, offsetof(Service, runtime_max_usec)
|
||||
Service.WatchdogSec, config_parse_sec, 0, offsetof(Service, watchdog_usec)
|
||||
+m4_dnl The following three only exist for compatibility, they moved into Unit, see above
|
||||
Service.StartLimitInterval, config_parse_sec, 0, offsetof(Unit, start_limit.interval)
|
||||
Service.StartLimitBurst, config_parse_unsigned, 0, offsetof(Unit, start_limit.burst)
|
||||
Service.StartLimitAction, config_parse_failure_action, 0, offsetof(Unit, start_limit_action)
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 3c4f85e744..d3d372029f 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1472,11 +1472,6 @@ int unit_start(Unit *u) {
|
||||
if (UNIT_IS_ACTIVE_OR_RELOADING(state))
|
||||
return -EALREADY;
|
||||
|
||||
- /* Make sure we don't enter a busy loop of some kind. */
|
||||
- r = unit_start_limit_test(u);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
-
|
||||
/* Units that aren't loaded cannot be started */
|
||||
if (u->load_state != UNIT_LOADED)
|
||||
return -EINVAL;
|
||||
@@ -1518,6 +1513,11 @@ int unit_start(Unit *u) {
|
||||
if (!UNIT_VTABLE(u)->start)
|
||||
return -EBADR;
|
||||
|
||||
+ /* Make sure we don't enter a busy loop of some kind. */
|
||||
+ r = unit_start_limit_test(u);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
/* We don't suppress calls to ->start() here when we are
|
||||
* already starting, to allow this request to be used as a
|
||||
* "hurry up" call, for example when the unit is in some "auto
|
|
@ -0,0 +1,61 @@
|
|||
From 43ea6d88a06f32dd714eacdcaf0a4656ffb02d30 Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Tue, 3 May 2016 22:15:49 +0200
|
||||
Subject: [PATCH] strbuf: set the proper character when creating new nodes
|
||||
|
||||
Commit 82501b3fc added an early break when a terminal node is found to
|
||||
incorrect place -- before setting c. This caused trie to be built that
|
||||
does not correspond to what it points to in buffer, causing incorrect
|
||||
deduplications:
|
||||
|
||||
# cat /etc/udev/rules.d/99-bug.rules
|
||||
ENV{FOO}=="0"
|
||||
ENV{xx0}=="BAR"
|
||||
ENV{BAZ}=="00"
|
||||
|
||||
# udevadm test
|
||||
* RULE /etc/udev/rules.d/99-bug.rules:1, token: 0, count: 2, label: ''
|
||||
M ENV match 'FOO' '0'(plain)
|
||||
* RULE /etc/udev/rules.d/99-bug.rules:2, token: 2, count: 2, label: ''
|
||||
M ENV match 'xx0' 'BAR'(plain)
|
||||
* RULE /etc/udev/rules.d/99-bug.rules:3, token: 4, count: 2, label: ''
|
||||
M ENV match 'BAZ' 'x0'(plain)
|
||||
* END
|
||||
|
||||
The addition of "xx0" following "0" will cause a trie like this to be
|
||||
created:
|
||||
|
||||
c=\0
|
||||
c=0 "0"
|
||||
c=0 "xx0" <-- note the c is incorrect here, causing "00" to be
|
||||
c=O "FOO" deduplicated to it
|
||||
c=R "BAR"
|
||||
|
||||
This in effect caused the usb_modeswitch rule for Huawei modems to never
|
||||
match and this never be switched to serial mode from mass storage.
|
||||
|
||||
(cherry picked from commit c45606eb95a7171b0dc801e91d35034957ad5e9e)
|
||||
Resolves: rhbug#1357822
|
||||
---
|
||||
src/basic/strbuf.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
|
||||
index dac2881603..79eef6c05d 100644
|
||||
--- a/src/basic/strbuf.c
|
||||
+++ b/src/basic/strbuf.c
|
||||
@@ -156,12 +156,13 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
|
||||
return off;
|
||||
}
|
||||
|
||||
+ c = s[len - 1 - depth];
|
||||
+
|
||||
/* bsearch is not allowed on a NULL sequence */
|
||||
if (node->children_count == 0)
|
||||
break;
|
||||
|
||||
/* lookup child node */
|
||||
- c = s[len - 1 - depth];
|
||||
search.c = c;
|
||||
child = bsearch(&search, node->children, node->children_count,
|
||||
sizeof(struct strbuf_child_entry),
|
|
@ -0,0 +1,173 @@
|
|||
From 715b55d9253c25bd6c463a2959eb33f12e9ecd1b Mon Sep 17 00:00:00 2001
|
||||
From: Susant Sahani <ssahani@users.noreply.github.com>
|
||||
Date: Thu, 21 Apr 2016 06:04:13 +0530
|
||||
Subject: [PATCH] networkd: bump MTU to 1280 for interfaces which have IPv6
|
||||
enabled (#3077)
|
||||
|
||||
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
|
||||
This fixes #3046.
|
||||
|
||||
Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
|
||||
Introduce network_has_static_ipv6_addresses() to find out if any static
|
||||
ipv6 address configured.
|
||||
If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
|
||||
IPv6 addresses not configured, then IPv6 will be automatically disabled for that
|
||||
interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
|
||||
(cherry picked from commit 439689c6ec48faba67565562d75701d5736567e7)
|
||||
Related: rhbug#1352378
|
||||
---
|
||||
man/systemd.network.xml | 2 ++
|
||||
src/basic/missing.h | 4 ++++
|
||||
src/network/networkd-link.c | 50 +++++++++++++++++++++++++++++++++++++++++-
|
||||
src/network/networkd-network.c | 13 +++++++++++
|
||||
src/network/networkd-network.h | 2 ++
|
||||
5 files changed, 70 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
|
||||
index f88751b672..e3df1b3d14 100644
|
||||
--- a/man/systemd.network.xml
|
||||
+++ b/man/systemd.network.xml
|
||||
@@ -202,6 +202,8 @@
|
||||
<para>The maximum transmission unit in bytes to set for the
|
||||
device. The usual suffixes K, M, G, are supported and are
|
||||
understood to the base of 1024.</para>
|
||||
+ <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
|
||||
+ below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
diff --git a/src/basic/missing.h b/src/basic/missing.h
|
||||
index 36b060496a..048b3fbc42 100644
|
||||
--- a/src/basic/missing.h
|
||||
+++ b/src/basic/missing.h
|
||||
@@ -912,6 +912,10 @@ static inline int setns(int fd, int nstype) {
|
||||
#define IPV6_UNICAST_IF 76
|
||||
#endif
|
||||
|
||||
+#ifndef IPV6_MIN_MTU
|
||||
+#define IPV6_MIN_MTU 1280
|
||||
+#endif
|
||||
+
|
||||
#ifndef IFF_MULTI_QUEUE
|
||||
#define IFF_MULTI_QUEUE 0x100
|
||||
#endif
|
||||
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
|
||||
index 692c0bf63d..a6039dd3b2 100644
|
||||
--- a/src/network/networkd-link.c
|
||||
+++ b/src/network/networkd-link.c
|
||||
@@ -88,6 +88,15 @@ bool link_ipv6ll_enabled(Link *link) {
|
||||
return link->network->link_local & ADDRESS_FAMILY_IPV6;
|
||||
}
|
||||
|
||||
+static bool link_ipv6_enabled(Link *link) {
|
||||
+ assert(link);
|
||||
+
|
||||
+ if (!socket_ipv6_is_supported())
|
||||
+ return false;
|
||||
+
|
||||
+ return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
|
||||
+}
|
||||
+
|
||||
bool link_lldp_enabled(Link *link) {
|
||||
if (link->flags & IFF_LOOPBACK)
|
||||
return false;
|
||||
@@ -167,6 +176,31 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
|
||||
return link->network->ipv6_privacy_extensions;
|
||||
}
|
||||
|
||||
+static int link_enable_ipv6(Link *link) {
|
||||
+ const char *p = NULL;
|
||||
+ bool disabled;
|
||||
+ int r;
|
||||
+
|
||||
+ if (link->flags & IFF_LOOPBACK)
|
||||
+ return 0;
|
||||
+
|
||||
+ disabled = !link_ipv6_enabled(link);
|
||||
+
|
||||
+ p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
|
||||
+
|
||||
+ r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE);
|
||||
+ if (r < 0)
|
||||
+ log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname);
|
||||
+ else {
|
||||
+ if (disabled)
|
||||
+ log_link_info(link, "IPv6 disabled for interface: %m");
|
||||
+ else
|
||||
+ log_link_info(link, "IPv6 enabled for interface: %m");
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
void link_update_operstate(Link *link) {
|
||||
LinkOperationalState operstate;
|
||||
assert(link);
|
||||
@@ -1382,7 +1416,21 @@ static int link_up(Link *link) {
|
||||
return log_link_error_errno(link, r, "Could not set MAC address: %m");
|
||||
}
|
||||
|
||||
+ /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
|
||||
+ for this interface then disable IPv6 else enable it. */
|
||||
+ (void) link_enable_ipv6(link);
|
||||
+
|
||||
if (link->network->mtu) {
|
||||
+ /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
|
||||
+ on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
|
||||
+ if (link_ipv6_enabled(link) && link->network->mtu < IPV6_MIN_MTU) {
|
||||
+
|
||||
+ log_link_warning(link, "Bumping MTU to " STRINGIFY(IPV6_MIN_MTU) ", as "
|
||||
+ "IPv6 is requested and requires a minimum MTU of " STRINGIFY(IPV6_MIN_MTU) " bytes: %m");
|
||||
+
|
||||
+ link->network->mtu = IPV6_MIN_MTU;
|
||||
+ }
|
||||
+
|
||||
r = sd_netlink_message_append_u32(req, IFLA_MTU, link->network->mtu);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not set MTU: %m");
|
||||
@@ -1392,7 +1440,7 @@ static int link_up(Link *link) {
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
|
||||
|
||||
- if (socket_ipv6_is_supported()) {
|
||||
+ if (link_ipv6_enabled(link)) {
|
||||
/* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
|
||||
r = sd_netlink_message_open_container(req, AF_INET6);
|
||||
if (r < 0)
|
||||
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
|
||||
index 54f76fe206..9f2cbcec30 100644
|
||||
--- a/src/network/networkd-network.c
|
||||
+++ b/src/network/networkd-network.c
|
||||
@@ -394,6 +394,19 @@ int network_apply(Manager *manager, Network *network, Link *link) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
+bool network_has_static_ipv6_addresses(Network *network) {
|
||||
+ Address *address;
|
||||
+
|
||||
+ assert(network);
|
||||
+
|
||||
+ LIST_FOREACH(addresses, address, network->static_addresses) {
|
||||
+ if (address->family == AF_INET6)
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
int config_parse_netdev(const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
|
||||
index 03c3f206c3..16533a7ec2 100644
|
||||
--- a/src/network/networkd-network.h
|
||||
+++ b/src/network/networkd-network.h
|
||||
@@ -168,6 +168,8 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret);
|
||||
int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
|
||||
int network_apply(Manager *manager, Network *network, Link *link);
|
||||
|
||||
+bool network_has_static_ipv6_addresses(Network *network);
|
||||
+
|
||||
int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||
int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||
int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
|
@ -0,0 +1,41 @@
|
|||
From ba639500547a9bce37be494fcdeff5958a6ac5e0 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Yan <tom.ty89@gmail.com>
|
||||
Date: Sat, 28 May 2016 13:35:01 +0800
|
||||
Subject: [PATCH] networkd: disable IPv6 for bridge slave
|
||||
|
||||
If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
|
||||
|
||||
(cherry picked from commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
|
||||
Resolves: rhbug#1352378
|
||||
---
|
||||
src/network/networkd-link.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
|
||||
index a6039dd3b2..13f9e895ab 100644
|
||||
--- a/src/network/networkd-link.c
|
||||
+++ b/src/network/networkd-link.c
|
||||
@@ -94,7 +94,11 @@ static bool link_ipv6_enabled(Link *link) {
|
||||
if (!socket_ipv6_is_supported())
|
||||
return false;
|
||||
|
||||
- return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
|
||||
+ if (link->network->bridge)
|
||||
+ return false;
|
||||
+
|
||||
+ /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
|
||||
+ return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
|
||||
}
|
||||
|
||||
bool link_lldp_enabled(Link *link) {
|
||||
@@ -1416,8 +1420,8 @@ static int link_up(Link *link) {
|
||||
return log_link_error_errno(link, r, "Could not set MAC address: %m");
|
||||
}
|
||||
|
||||
- /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
|
||||
- for this interface then disable IPv6 else enable it. */
|
||||
+ /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
|
||||
+ for this interface, or if it is a bridge slave, then disable IPv6 else enable it. */
|
||||
(void) link_enable_ipv6(link);
|
||||
|
||||
if (link->network->mtu) {
|
|
@ -0,0 +1,29 @@
|
|||
From 8f01e7ac78e51c8fd2e2a285cb16cbec72006c3b Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Thu, 23 Jun 2016 22:31:01 +0200
|
||||
Subject: [PATCH] udev: bump TasksMax to inifinity (#3593)
|
||||
|
||||
udevd already limits its number of workers/children: the max number is actually
|
||||
twice the number of CPUs the system is using.
|
||||
|
||||
(The limit can also be raised with udev.children-max= kernel command line
|
||||
option BTW).
|
||||
|
||||
On some servers, this limit can easily exceed the maximum number of tasks that
|
||||
systemd put on all services, which is 512 by default.
|
||||
|
||||
Since udevd has already its limitation logic, simply disable the static
|
||||
limitation done by TasksMax.
|
||||
---
|
||||
units/systemd-udevd.service.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
|
||||
index 79f28c87c6..67e4c5fcd7 100644
|
||||
--- a/units/systemd-udevd.service.in
|
||||
+++ b/units/systemd-udevd.service.in
|
||||
@@ -24,3 +24,4 @@ ExecStart=@rootlibexecdir@/systemd-udevd
|
||||
MountFlags=slave
|
||||
KillMode=mixed
|
||||
WatchdogSec=3min
|
||||
+TasksMax=infinity
|
|
@ -0,0 +1,26 @@
|
|||
From c5fb55e7ae979d376d18b28d323905a4703e8cc3 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Yan <tom.ty89@gmail.com>
|
||||
Date: Sat, 28 May 2016 13:35:01 +0800
|
||||
Subject: [PATCH] networkd: disable IPv6 for bridge slave
|
||||
|
||||
If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
|
||||
|
||||
(loosely based upon commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
|
||||
---
|
||||
src/network/networkd-link.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
|
||||
index 13f9e895ab..2268d31374 100644
|
||||
--- a/src/network/networkd-link.c
|
||||
+++ b/src/network/networkd-link.c
|
||||
@@ -45,6 +45,9 @@ bool link_dhcp6_enabled(Link *link) {
|
||||
if (!link->network)
|
||||
return false;
|
||||
|
||||
+ if (link->network->bridge)
|
||||
+ return false;
|
||||
+
|
||||
return link->network->dhcp & ADDRESS_FAMILY_IPV6;
|
||||
}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
From 9582dba16dc4fa990b86a915b74a67566c9acf84 Mon Sep 17 00:00:00 2001
|
||||
From: Susant Sahani <ssahani@users.noreply.github.com>
|
||||
Date: Wed, 18 May 2016 07:06:43 +0530
|
||||
Subject: [PATCH] networkd: add route expiration handler (#3242)
|
||||
|
||||
Fix for #3232.
|
||||
(cherry picked from commit fe7ca21acfb9fcef6cf8ce9f945377667a26a27c)
|
||||
---
|
||||
src/network/networkd-route.c | 32 +++++++++++++++++++++++++++++++-
|
||||
1 file changed, 31 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
|
||||
index e065a5a5a9..aa9c71550f 100644
|
||||
--- a/src/network/networkd-route.c
|
||||
+++ b/src/network/networkd-route.c
|
||||
@@ -411,15 +411,45 @@ int route_remove(Route *route, Link *link,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int route_expire_callback(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
|
||||
+ Link *link = userdata;
|
||||
+ int r;
|
||||
+
|
||||
+ assert(rtnl);
|
||||
+ assert(m);
|
||||
+ assert(link);
|
||||
+ assert(link->ifname);
|
||||
+ assert(link->link_messages > 0);
|
||||
+
|
||||
+ if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
|
||||
+ return 1;
|
||||
+
|
||||
+ link->link_messages--;
|
||||
+
|
||||
+ r = sd_netlink_message_get_errno(m);
|
||||
+ if (r < 0 && r != -EEXIST)
|
||||
+ log_link_warning_errno(link, r, "could not remove route: %m");
|
||||
+
|
||||
+ if (link->link_messages == 0)
|
||||
+ log_link_debug(link, "route removed");
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata) {
|
||||
Route *route = userdata;
|
||||
int r;
|
||||
|
||||
assert(route);
|
||||
|
||||
- r = route_remove(route, route->link, NULL);
|
||||
+ r = route_remove(route, route->link, route_expire_callback);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Could not remove route: %m");
|
||||
+ else {
|
||||
+ /* route may not be exist in kernel. If we fail still remove it */
|
||||
+ route->link->link_messages++;
|
||||
+ route_free(route);
|
||||
+ }
|
||||
|
||||
return 1;
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
From 5f9856fbccf249fd13fbcbc180aff9ec0a871ca7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 9 Aug 2016 10:54:05 -0400
|
||||
Subject: [PATCH] coredump: ignore RLIMIT_CORE
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1309172#c21
|
||||
---
|
||||
src/coredump/coredump.c | 9 ---------
|
||||
1 file changed, 9 deletions(-)
|
||||
|
||||
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
|
||||
index 085909c20c..aa07e68627 100644
|
||||
--- a/src/coredump/coredump.c
|
||||
+++ b/src/coredump/coredump.c
|
||||
@@ -319,15 +319,6 @@ static int save_external_coredump(
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse UID: %m");
|
||||
|
||||
- r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
|
||||
- if (r < 0)
|
||||
- return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
|
||||
- if (rlimit <= 0) {
|
||||
- /* Is coredumping disabled? Then don't bother saving/processing the coredump */
|
||||
- log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]);
|
||||
- return -EBADSLT;
|
||||
- }
|
||||
-
|
||||
/* Never store more than the process configured, or than we actually shall keep or process */
|
||||
max_size = MIN(rlimit, MAX(arg_process_size_max, arg_external_size_max));
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
From f9832c283ba8e6e4089639646fb0249bb55f5e6e Mon Sep 17 00:00:00 2001
|
||||
From: tomty89 <tom.ty89@gmail.com>
|
||||
Date: Sat, 4 Jun 2016 18:31:07 +0800
|
||||
Subject: [PATCH] networkd-link: fix handler typo for route_remove() (#3433)
|
||||
|
||||
Obviously we've been using the wrong handler here. Fixes #3352.
|
||||
(cherry picked from commit 3fb1ac5d57954bb0d881a68777e996b46ed44ce3)
|
||||
---
|
||||
src/network/networkd-link.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
|
||||
index 2268d31374..5545a5ada3 100644
|
||||
--- a/src/network/networkd-link.c
|
||||
+++ b/src/network/networkd-link.c
|
||||
@@ -2077,7 +2077,7 @@ static int link_drop_foreign_config(Link *link) {
|
||||
if (route->protocol == RTPROT_KERNEL)
|
||||
continue;
|
||||
|
||||
- r = route_remove(route, link, link_address_remove_handler);
|
||||
+ r = route_remove(route, link, link_route_remove_handler);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
From d485b5cd7153f146d7efd18c24ca09b5ddfe15e5 Mon Sep 17 00:00:00 2001
|
||||
From: Harald Hoyer <harald@redhat.com>
|
||||
Date: Fri, 22 Jul 2016 15:33:13 +0200
|
||||
Subject: [PATCH] macros.systemd.in: add %systemd_ordering (#3776)
|
||||
|
||||
To remove the hard dependency on systemd, for packages, which function
|
||||
without a running systemd the %systemd_ordering macro can be used to
|
||||
ensure ordering in the rpm transaction. %systemd_ordering makes sure,
|
||||
the systemd rpm is installed prior to the package, so the %pre/%post
|
||||
scripts can execute the systemd parts.
|
||||
|
||||
Installing systemd afterwards though, does not result in the same outcome.
|
||||
(cherry picked from commit 2424b6bd716f0c1c3bf3406b1fd1a16ba1b6a556)
|
||||
---
|
||||
src/core/macros.systemd.in | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
|
||||
index 2cace3d3ba..f3089cbcc9 100644
|
||||
--- a/src/core/macros.systemd.in
|
||||
+++ b/src/core/macros.systemd.in
|
||||
@@ -36,6 +36,12 @@ Requires(preun): systemd \
|
||||
Requires(postun): systemd \
|
||||
%{nil}
|
||||
|
||||
+%systemd_ordering \
|
||||
+OrderWithRequires(post): systemd \
|
||||
+OrderWithRequires(preun): systemd \
|
||||
+OrderWithRequires(postun): systemd \
|
||||
+%{nil}
|
||||
+
|
||||
%systemd_post() \
|
||||
if [ $1 -eq 1 ] ; then \
|
||||
# Initial installation \
|
|
@ -0,0 +1,30 @@
|
|||
From 7148c9c26658cefc88e0c17841c2399be36b2361 Mon Sep 17 00:00:00 2001
|
||||
From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
|
||||
Date: Wed, 28 Sep 2016 18:25:50 -0300
|
||||
Subject: [PATCH] If the notification message length is 0, ignore the message
|
||||
(#4237)
|
||||
|
||||
Fixes #4234.
|
||||
|
||||
Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
|
||||
(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
|
||||
(cherry picked from commit 2e9b525caa9e3126e54f0d9506d0c36d7d533997)
|
||||
---
|
||||
src/core/manager.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index f36cf5e320..6bd32ed920 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
|
||||
return -errno;
|
||||
}
|
||||
+ if (n == 0) {
|
||||
+ log_debug("Got zero-length notification message. Ignoring.");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
CMSG_FOREACH(cmsg, &msghdr) {
|
||||
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
|
|
@ -0,0 +1,50 @@
|
|||
From c7ba28481495df54477c54ee14bb6e7737ef772b Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Thu, 29 Sep 2016 19:44:34 +0200
|
||||
Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
|
||||
(#4240)
|
||||
|
||||
If manager_dispatch_notify_fd() fails and returns an error then the handling of
|
||||
service notifications will be disabled entirely leading to a compromised system.
|
||||
|
||||
For example pid1 won't be able to receive the WATCHDOG messages anymore and
|
||||
will kill all services supposed to send such messages.
|
||||
(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
|
||||
|
||||
(cherry picked from commit 39e5e97e68a9c1bca3bcfa6c9316a83dad0b072d)
|
||||
---
|
||||
src/core/manager.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 6bd32ed920..5092b1c5f6 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -1552,10 +1552,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
|
||||
n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
|
||||
if (n < 0) {
|
||||
- if (errno == EAGAIN || errno == EINTR)
|
||||
- return 0;
|
||||
+ if (!IN_SET(errno, EAGAIN, EINTR))
|
||||
+ log_error("Failed to receive notification message: %m");
|
||||
|
||||
- return -errno;
|
||||
+ /* It's not an option to return an error here since it
|
||||
+ * would disable the notification handler entirely. Services
|
||||
+ * wouldn't be able to send the WATCHDOG message for
|
||||
+ * example... */
|
||||
+ return 0;
|
||||
}
|
||||
if (n == 0) {
|
||||
log_debug("Got zero-length notification message. Ignoring.");
|
||||
@@ -1582,7 +1586,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
r = fdset_new_array(&fds, fd_array, n_fds);
|
||||
if (r < 0) {
|
||||
close_many(fd_array, n_fds);
|
||||
- return log_oom();
|
||||
+ log_oom();
|
||||
+ return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From 62a4a4bca549ee6020aec90e540ce393a34c5605 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 29 Sep 2016 16:06:02 +0200
|
||||
Subject: [PATCH] pid1: process zero-length notification messages again
|
||||
|
||||
This undoes 531ac2b234. I acked that patch without looking at the code
|
||||
carefully enough. There are two problems:
|
||||
- we want to process the fds anyway
|
||||
- in principle empty notification messages are valid, and we should
|
||||
process them as usual, including logging using log_unit_debug().
|
||||
|
||||
(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
|
||||
(cherry picked from commit 9d77c48a80e1cc2ad016eba1756a5ca293d51f86)
|
||||
---
|
||||
src/core/manager.c | 13 ++++---------
|
||||
1 file changed, 4 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 5092b1c5f6..369ed546b4 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -1493,13 +1493,12 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
|
||||
return n;
|
||||
}
|
||||
|
||||
-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
|
||||
+static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
|
||||
_cleanup_strv_free_ char **tags = NULL;
|
||||
|
||||
assert(m);
|
||||
assert(u);
|
||||
assert(buf);
|
||||
- assert(n > 0);
|
||||
|
||||
tags = strv_split(buf, "\n\r");
|
||||
if (!tags) {
|
||||
@@ -1561,10 +1560,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
* example... */
|
||||
return 0;
|
||||
}
|
||||
- if (n == 0) {
|
||||
- log_debug("Got zero-length notification message. Ignoring.");
|
||||
- return 0;
|
||||
- }
|
||||
|
||||
CMSG_FOREACH(cmsg, &msghdr) {
|
||||
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
|
||||
@@ -1607,19 +1602,19 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
* to avoid notifying the same one multiple times. */
|
||||
u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
|
||||
if (u1) {
|
||||
- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
|
||||
+ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
|
||||
found = true;
|
||||
}
|
||||
|
||||
u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
|
||||
if (u2 && u2 != u1) {
|
||||
- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
|
||||
+ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
|
||||
found = true;
|
||||
}
|
||||
|
||||
u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
|
||||
if (u3 && u3 != u2 && u3 != u1) {
|
||||
- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
|
||||
+ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
|
||||
found = true;
|
||||
}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From e6054d681031953ce7e7150efc441fd2f6f64ae3 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Pitt <martin.pitt@ubuntu.com>
|
||||
Date: Wed, 23 Mar 2016 08:46:58 +0100
|
||||
Subject: [PATCH] logind: fix crash when shutdown is not issued from a tty
|
||||
|
||||
It's possible that sd_bus_creds_get_tty() fails and thus
|
||||
scheduled_shutdown_tty is NULL in method_schedule_shutdown().
|
||||
|
||||
Fix logind_wall_tty_filter() to get along with that, by showing the message on
|
||||
all TTYs, instead of crashing in strcmp().
|
||||
|
||||
https://launchpad.net/bugs/1553040
|
||||
(cherry picked from commit b4944d2df248fbd2f96a4b9b4fe02fe0c1af7499)
|
||||
---
|
||||
src/login/logind-utmp.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/login/logind-utmp.c b/src/login/logind-utmp.c
|
||||
index 11a91c3947..29ab00eb1f 100644
|
||||
--- a/src/login/logind-utmp.c
|
||||
+++ b/src/login/logind-utmp.c
|
||||
@@ -65,7 +65,7 @@ bool logind_wall_tty_filter(const char *tty, void *userdata) {
|
||||
|
||||
assert(m);
|
||||
|
||||
- if (!startswith(tty, "/dev/"))
|
||||
+ if (!startswith(tty, "/dev/") || !m->scheduled_shutdown_tty)
|
||||
return true;
|
||||
|
||||
return !streq(tty + 5, m->scheduled_shutdown_tty);
|
|
@ -0,0 +1,24 @@
|
|||
From e0801b90cd355b65ee42ebc916293465d7bef4fd Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Date: Wed, 24 Aug 2016 20:11:48 +1000
|
||||
Subject: [PATCH] hwdb: add axis ranges for the MacBook 4,1 (#4030)
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1357990
|
||||
(cherry picked from commit 769c29d5d12532e81c983d9946961ce084609571)
|
||||
---
|
||||
hwdb/60-evdev.hwdb | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/hwdb/60-evdev.hwdb b/hwdb/60-evdev.hwdb
|
||||
index d060d81f61..c672df2dc4 100644
|
||||
--- a/hwdb/60-evdev.hwdb
|
||||
+++ b/hwdb/60-evdev.hwdb
|
||||
@@ -45,6 +45,8 @@
|
||||
|
||||
# Macbook2,1 (late 2006), single-button touchpad
|
||||
evdev:input:b0003v05ACp021B*
|
||||
+# Macbook4,1
|
||||
+evdev:input:b0003v05ACp0229*
|
||||
EVDEV_ABS_00=256:1471:12
|
||||
EVDEV_ABS_01=256:831:12
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From c89e4c375b197202434821c09a4ac7088b3dded4 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Wed, 24 May 2017 08:56:48 +0300
|
||||
Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
|
||||
(#6020)
|
||||
|
||||
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
|
||||
|
||||
(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index c940dd8929..e57f157e00 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -2259,6 +2259,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+ if (!p->question)
|
||||
+ return 0;
|
||||
+
|
||||
if (p->question->n_keys != 1)
|
||||
return 0;
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
From 2a97bf0e94be18d20d0ef671f50db1cc2d65c5e0 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Tue, 7 Jun 2016 20:47:41 +0300
|
||||
Subject: [PATCH] hwdb: selinuxify a bit (#3460)
|
||||
|
||||
-bash-4.3# rm /etc/udev/hwdb.bin
|
||||
-bash-4.3# systemd-hwdb update
|
||||
-bash-4.3# ls -Z /etc/udev/hwdb.bin
|
||||
system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
|
||||
|
||||
Fixes: #3458
|
||||
(cherry picked from commit ea683512f9b82f2257770f0ed56d819eea230fc2)
|
||||
---
|
||||
src/hwdb/hwdb.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
|
||||
index 1160dacdf1..e12cd93d1c 100644
|
||||
--- a/src/hwdb/hwdb.c
|
||||
+++ b/src/hwdb/hwdb.c
|
||||
@@ -29,7 +29,9 @@
|
||||
#include "fs-util.h"
|
||||
#include "hwdb-internal.h"
|
||||
#include "hwdb-util.h"
|
||||
+#include "label.h"
|
||||
#include "mkdir.h"
|
||||
+#include "selinux-util.h"
|
||||
#include "strbuf.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
@@ -643,12 +645,12 @@ static int hwdb_update(int argc, char *argv[], void *userdata) {
|
||||
if (!hwdb_bin)
|
||||
return -ENOMEM;
|
||||
|
||||
- mkdir_parents(hwdb_bin, 0755);
|
||||
+ mkdir_parents_label(hwdb_bin, 0755);
|
||||
r = trie_store(trie, hwdb_bin);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failure writing database %s: %m", hwdb_bin);
|
||||
|
||||
- return 0;
|
||||
+ return label_fix(hwdb_bin, false, false);
|
||||
}
|
||||
|
||||
static void help(void) {
|
||||
@@ -732,6 +734,8 @@ int main (int argc, char *argv[]) {
|
||||
if (r <= 0)
|
||||
goto finish;
|
||||
|
||||
+ mac_selinux_init();
|
||||
+
|
||||
r = hwdb_main(argc, argv);
|
||||
|
||||
finish:
|
|
@ -0,0 +1,44 @@
|
|||
From 1826d028938f0d4042a9704c74c1d6477043eb11 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekletar@users.noreply.github.com>
|
||||
Date: Fri, 8 Jul 2016 17:43:05 +0200
|
||||
Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
|
||||
(#3686)
|
||||
|
||||
This is basically the same change as ea68351.
|
||||
|
||||
(cherry picked from commit 905c37e60ef653557d0354c2afa94546c31efe50)
|
||||
---
|
||||
src/udev/udevadm-hwdb.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/udevadm-hwdb.c b/src/udev/udevadm-hwdb.c
|
||||
index 948ad0f5a5..1bffe8e8ab 100644
|
||||
--- a/src/udev/udevadm-hwdb.c
|
||||
+++ b/src/udev/udevadm-hwdb.c
|
||||
@@ -28,6 +28,8 @@
|
||||
#include "fs-util.h"
|
||||
#include "hwdb-internal.h"
|
||||
#include "hwdb-util.h"
|
||||
+#include "label.h"
|
||||
+#include "mkdir.h"
|
||||
#include "strbuf.h"
|
||||
#include "string-util.h"
|
||||
#include "udev.h"
|
||||
@@ -656,12 +658,16 @@ static int adm_hwdb(struct udev *udev, int argc, char *argv[]) {
|
||||
rc = EXIT_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
- mkdir_parents(hwdb_bin, 0755);
|
||||
+
|
||||
+ mkdir_parents_label(hwdb_bin, 0755);
|
||||
+
|
||||
err = trie_store(trie, hwdb_bin);
|
||||
if (err < 0) {
|
||||
log_error_errno(err, "Failure writing database %s: %m", hwdb_bin);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
+
|
||||
+ label_fix(hwdb_bin, false, false);
|
||||
}
|
||||
|
||||
if (test) {
|
|
@ -0,0 +1,43 @@
|
|||
From 8785055303abd087f9d55bfdaee01ee197f9ed0c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 23 Nov 2016 10:18:30 -0500
|
||||
Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
|
||||
(#4717)
|
||||
|
||||
lz4 upstream decided to switch to an incompatible numbering scheme
|
||||
(1.7.3 follows 131, to match the so version).
|
||||
PKG_CHECK_MODULES does not allow two version matches for the same package,
|
||||
so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
|
||||
"new" numbers (anything below 10 is assume to be new), once for the "old"
|
||||
numbers (anything above >= 125). This assumes that the "new" versioning
|
||||
will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
|
||||
mature project.
|
||||
|
||||
Fixed #4690.
|
||||
|
||||
(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
|
||||
---
|
||||
configure.ac | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5fd73c59f1..1f95f9f5c9 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -571,10 +571,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
|
||||
have_lz4=no
|
||||
AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
|
||||
AS_IF([test "x$enable_lz4" != "xno"], [
|
||||
- PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
|
||||
- [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
|
||||
+ PKG_CHECK_MODULES(LZ4, [ liblz4 < 10 ],
|
||||
+ [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
|
||||
have_lz4=yes],
|
||||
- have_lz4=no)
|
||||
+ [PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
|
||||
+ [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
|
||||
+ have_lz4=yes],
|
||||
+ have_lz4=no)])
|
||||
AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
|
||||
[AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
|
||||
])
|
|
@ -0,0 +1,53 @@
|
|||
From 47c90e4cf813a0a38a1415936bf40b38ffdf4ce5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 18 Jun 2017 16:07:57 -0400
|
||||
Subject: [PATCH 57/58] resolved: simplify alloc size calculation
|
||||
|
||||
The allocation size was calculated in a complicated way, and for values
|
||||
close to the page size we would actually allocate less than requested.
|
||||
|
||||
Reported by Chris Coulson <chris.coulson@canonical.com>.
|
||||
|
||||
CVE-2017-9445
|
||||
|
||||
(cherry picked from commit e3abee3dee32ae7cd8e937e44ace94ab7f45ede9)
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 8 +-------
|
||||
src/resolve/resolved-dns-packet.h | 2 --
|
||||
2 files changed, 1 insertion(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index e57f157e00..c076003012 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -34,13 +34,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
|
||||
|
||||
assert(ret);
|
||||
|
||||
- if (mtu <= UDP_PACKET_HEADER_SIZE)
|
||||
- a = DNS_PACKET_SIZE_START;
|
||||
- else
|
||||
- a = mtu - UDP_PACKET_HEADER_SIZE;
|
||||
-
|
||||
- if (a < DNS_PACKET_HEADER_SIZE)
|
||||
- a = DNS_PACKET_HEADER_SIZE;
|
||||
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
||||
|
||||
/* round up to next page size */
|
||||
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
|
||||
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
|
||||
index 0bf34d270c..5c5440ee8c 100644
|
||||
--- a/src/resolve/resolved-dns-packet.h
|
||||
+++ b/src/resolve/resolved-dns-packet.h
|
||||
@@ -66,8 +66,6 @@ struct DnsPacketHeader {
|
||||
/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
|
||||
#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
|
||||
|
||||
-#define DNS_PACKET_SIZE_START 512
|
||||
-
|
||||
struct DnsPacket {
|
||||
int n_ref;
|
||||
DnsProtocol protocol;
|
||||
--
|
||||
2.13.0
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
From 28a4da88f28f469db1a258a8ba932df6060f3086 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 27 Jun 2017 14:20:00 -0400
|
||||
Subject: [PATCH 58/58] resolved: do not allocate packets with minimum size
|
||||
|
||||
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
|
||||
allocate more than the absolute minimum (which is the dns packet header size),
|
||||
otherwise we have to resize immediately again after appending the first data to
|
||||
the packet.
|
||||
|
||||
This partially reverts the previous commit.
|
||||
|
||||
(cherry picked from commit 626e9ef495474c95e3143ddae1a498d391c2a008)
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index c076003012..ace4a170c6 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -28,13 +28,23 @@
|
||||
|
||||
#define EDNS0_OPT_DO (1<<15)
|
||||
|
||||
+#define DNS_PACKET_SIZE_START 512
|
||||
+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
|
||||
+
|
||||
int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
|
||||
DnsPacket *p;
|
||||
size_t a;
|
||||
|
||||
assert(ret);
|
||||
|
||||
- a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
||||
+ /* When dns_packet_new() is called with mtu == 0, allocate more than the
|
||||
+ * absolute minimum (which is the dns packet header size), to avoid
|
||||
+ * resizing immediately again after appending the first data to the packet.
|
||||
+ */
|
||||
+ if (mtu < UDP_PACKET_HEADER_SIZE)
|
||||
+ a = DNS_PACKET_SIZE_START;
|
||||
+ else
|
||||
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
||||
|
||||
/* round up to next page size */
|
||||
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
|
||||
--
|
||||
2.13.0
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
From d9e075d88e7d9d82464147d8283771d709c14ef8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 9 Feb 2016 15:13:33 -0500
|
||||
Subject: [PATCH] Add a workaround for {linux/net}/if.h conflict
|
||||
|
||||
Include linux/if.h and make sure we don't include the other file.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1300256
|
||||
---
|
||||
src/shared/firewall-util.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
|
||||
index 0d3da2e..c38f9cc 100644
|
||||
--- a/src/shared/firewall-util.c
|
||||
+++ b/src/shared/firewall-util.c
|
||||
@@ -16,15 +16,16 @@
|
||||
You should have received a copy of the GNU Lesser General Public License
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
+#define _NET_IF_H 1
|
||||
|
||||
#include <alloca.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <endian.h>
|
||||
#include <errno.h>
|
||||
-#include <net/if.h>
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
+#include <linux/if.h>
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#include <linux/netfilter/nf_nat.h>
|
||||
#include <linux/netfilter/xt_addrtype.h>
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 1f74d99193e7d2b0546e641aba25259d9a646e5d Mon Sep 17 00:00:00 2001
|
||||
From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
|
||||
Date: Wed, 28 Sep 2016 18:25:50 -0300
|
||||
Subject: [PATCH] If the notification message length is 0, ignore the message
|
||||
(#4237)
|
||||
|
||||
Fixes #4234.
|
||||
|
||||
Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
|
||||
---
|
||||
src/core/manager.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index f36cf5e320..6bd32ed920 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
|
||||
|
||||
return -errno;
|
||||
}
|
||||
+ if (n == 0) {
|
||||
+ log_debug("Got zero-length notification message. Ignoring.");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
CMSG_FOREACH(cmsg, &msghdr) {
|
||||
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
|
||||
--
|
||||
2.9.0
|
||||
|
133
systemd.spec
133
systemd.spec
|
@ -1,6 +1,5 @@
|
|||
#global gitcommit e35a7876b4ab1d53a7539a905613e31dc6ae50fd
|
||||
%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})
|
||||
%global _hardened_build 1
|
||||
|
||||
# We ship a .pc file but don't want to have a dep on pkg-config. We
|
||||
# strip the automatically generated dep here and instead co-own the
|
||||
|
@ -13,7 +12,7 @@
|
|||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 229
|
||||
Release: 6%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Release: 22%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: A System and Service Manager
|
||||
|
@ -53,10 +52,47 @@ Patch0016: 0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
|
|||
Patch0017: 0017-resolved-fix-notification-iteration-logic-when-trans.patch
|
||||
Patch0018: 0018-selinux-always-try-to-load-the-full-selinux-db.patch
|
||||
Patch0019: 0019-selinux-use-raw-variants-of-security_compute_create-.patch
|
||||
Patch0020: 0020-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
Patch0021: 0021-test-compress-benchmark-skip-loop-iteration-if-size-.patch
|
||||
Patch0020: 0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch
|
||||
Patch0021: 0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch
|
||||
Patch0022: 0022-headers-use-__inline__-instead-of-inline.patch
|
||||
Patch0023: 0023-dev-console-must-be-labeled-with-SELinux-label.patch
|
||||
Patch0024: 0024-fstab-generator-fix-automount-option-and-don-t-start.patch
|
||||
Patch0025: 0025-shared-add-a-temporary-work-around-for-kernel-header.patch
|
||||
Patch0026: 0026-Make-the-fix-for-net-if.h-fuckup-even-worse-3287.patch
|
||||
Patch0027: 0027-check-for-valid-resume-in-order-to-allow-a-hibernate.patch
|
||||
Patch0028: 0028-keymap-util-also-convert-ru-to-ru.patch
|
||||
Patch0029: 0029-resolved-don-t-stop-handle-messages-after-receiving-.patch
|
||||
Patch0030: 0030-sd-device-udev-db-handle-properties-with-empty-value.patch
|
||||
Patch0031: 0031-core-fix-the-reversed-sanity-check-when-setting-Star.patch
|
||||
Patch0032: 0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch
|
||||
Patch0033: 0033-device-Ensure-we-have-sysfs-path-before-comparing.patch
|
||||
Patch0034: 0034-networkctl-split-out-system-status-stuff-into-its-ow.patch
|
||||
Patch0035: 0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch
|
||||
Patch0036: 0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch
|
||||
Patch0037: 0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch
|
||||
Patch0038: 0038-core-move-start-ratelimiting-check-after-condition-c.patch
|
||||
Patch0039: 0039-strbuf-set-the-proper-character-when-creating-new-no.patch
|
||||
Patch0040: 0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch
|
||||
Patch0041: 0041-networkd-disable-IPv6-for-bridge-slave.patch
|
||||
Patch0042: 0042-udev-bump-TasksMax-to-inifinity-3593.patch
|
||||
Patch0043: 0043-networkd-disable-IPv6-for-bridge-slave.patch
|
||||
Patch0044: 0044-networkd-add-route-expiration-handler-3242.patch
|
||||
Patch0045: 0045-coredump-ignore-RLIMIT_CORE.patch
|
||||
Patch0046: 0046-networkd-link-fix-handler-typo-for-route_remove-3433.patch
|
||||
Patch0047: 0047-macros.systemd.in-add-systemd_ordering-3776.patch
|
||||
Patch0048: 0048-If-the-notification-message-length-is-0-ignore-the-m.patch
|
||||
Patch0049: 0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
|
||||
Patch0050: 0050-pid1-process-zero-length-notification-messages-again.patch
|
||||
Patch0051: 0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch
|
||||
Patch0052: 0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch
|
||||
Patch0053: 0053-resolved-bugfix-of-null-pointer-p-question-dereferen.patch
|
||||
Patch0054: 0054-hwdb-selinuxify-a-bit-3460.patch
|
||||
Patch0055: 0055-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch
|
||||
Patch0056: 0056-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
|
||||
Patch0057: 0057-resolved-simplify-alloc-size-calculation.patch
|
||||
Patch0058: 0058-resolved-do-not-allocate-packets-with-minimum-size.patch
|
||||
|
||||
Patch0999: 0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
|
||||
Patch0999: 0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
|
||||
# kernel-install patch for grubby, drop if grubby is obsolete
|
||||
Patch1000: kernel-install-grubby.patch
|
||||
|
@ -299,6 +335,10 @@ CONFIGURE_OPTS=(
|
|||
--with-ntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
|
||||
--disable-kdbus
|
||||
--disable-terminal
|
||||
--enable-lz4
|
||||
--enable-xz
|
||||
--enable-zlib
|
||||
--enable-bzip
|
||||
)
|
||||
|
||||
%configure \
|
||||
|
@ -515,11 +555,19 @@ if [ $1 -eq 1 ] ; then
|
|||
>/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
# sed-fu to remove mymachines from passwd and group lines of /etc/nsswitch.conf
|
||||
# sed-fu to add myhostanme to hosts line and remove mymachines
|
||||
# from passwd and group lines of /etc/nsswitch.conf
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1284325
|
||||
# https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
|
||||
# To avoid the removal, e.g. add a space at the end of the line.
|
||||
if [ -f /etc/nsswitch.conf ] ; then
|
||||
grep -v -E -q '^hosts:.* myhostname' /etc/nsswitch.conf &&
|
||||
sed -i.bak -e '
|
||||
/^hosts:/ !b
|
||||
/\<myhostname\>/ b
|
||||
s/[[:blank:]]*$/ myhostname/
|
||||
' /etc/nsswitch.conf >/dev/null 2>&1 || :
|
||||
|
||||
grep -E -q '^(passwd|group):.* mymachines$' /etc/nsswitch.conf &&
|
||||
sed -i.bak -r -e '
|
||||
s/^(passwd:.*) mymachines$/\1/;
|
||||
|
@ -576,7 +624,9 @@ udevadm hwdb --update >/dev/null 2>&1 || :
|
|||
%systemd_preun systemd-udev-{settle,trigger}.service systemd-udevd-{control,kernel}.socket systemd-udevd.service
|
||||
|
||||
%postun udev
|
||||
%systemd_postun_with_restart systemd-udev-{settle,trigger}.service systemd-udevd-{control,kernel}.socket systemd-udevd.service
|
||||
# Only restart systemd-udev, to run the upgraded dameon.
|
||||
# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974)
|
||||
%systemd_postun_with_restart systemd-udevd.service
|
||||
|
||||
%pre journal-remote
|
||||
getent group systemd-journal-gateway >/dev/null 2>&1 || groupadd -r -g 191 systemd-journal-gateway 2>&1 || :
|
||||
|
@ -908,6 +958,9 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||
%{_datadir}/polkit-1/actions/org.freedesktop.machine1.policy
|
||||
%{_datadir}/bash-completion/completions/machinectl
|
||||
%{_datadir}/zsh/site-functions/_machinectl
|
||||
%{_mandir}/man1/machinectl.*
|
||||
%{_mandir}/man8/systemd-machined.*
|
||||
%{_mandir}/man8/*mymachines.*
|
||||
|
||||
%files journal-remote
|
||||
%config(noreplace) %{_sysconfdir}/systemd/journal-remote.conf
|
||||
|
@ -928,10 +981,72 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||
/usr/lib/firewalld/services/*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-6
|
||||
* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-22
|
||||
- Tweak the patches a bit
|
||||
|
||||
* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-21
|
||||
- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445)
|
||||
|
||||
* Thu May 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-20
|
||||
- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
|
||||
|
||||
* Tue Feb 07 2017 Susant Sahani <susant@redhat.com> - 229-19
|
||||
- Make sure we have our compressions libs ready (#1404406)
|
||||
|
||||
* Tue Feb 07 2017 Michal Sekletar <msekleta@redhat.com> - 229-18
|
||||
- fix buildsystem to check for lz4 correctly (#1419912)
|
||||
|
||||
* Mon Jan 16 2017 Michal Sekletar <msekleta@redhat.com> - 229-17
|
||||
- explicitly relabel hwdb.bin after writing the database (#1395211)
|
||||
|
||||
* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-16
|
||||
- Fixes for #1357990, #1371596, #1378974
|
||||
|
||||
* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-15
|
||||
- Better fix for #1380286
|
||||
|
||||
* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-14
|
||||
- Denial-of-service bug against pid1 (#1380286)
|
||||
|
||||
* Wed Aug 17 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-13
|
||||
- Add %%systemd_ordering macro
|
||||
|
||||
* Wed Aug 10 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-12
|
||||
- Fixup for the networkd route fix (#1365915)
|
||||
|
||||
* Tue Aug 9 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-11
|
||||
- Ignore RLIMIT_CORE temporarily for F24 (#1309172, see comment 24)
|
||||
- Two networkd fixes (#1344661, #1350219)
|
||||
|
||||
* Thu Jul 28 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-10
|
||||
- Backport patch which prevents udevd from choking on task limits
|
||||
|
||||
* Wed Jul 20 2016 Jan Synáček <jsynacek@redhat.com> - 229-9
|
||||
- core: make sure to close connection fd when we fail to activate a per-connection service (#1310608)
|
||||
- device: Ensure we have sysfs path before comparing. (#1321392)
|
||||
- networkctl: split out system status stuff into its own function (#1325462)
|
||||
- systemd --user: call pam_loginuid when creating user@.service (#3120) (#1328947)
|
||||
- systemctl: suppress no-[Install] hint when --quiet is used (#3295) (#1336960)
|
||||
- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) (#1341179)
|
||||
- core: move start ratelimiting check after condition checks (#1350686)
|
||||
- strbuf: set the proper character when creating new nodes (#1357822)
|
||||
- fix: networkctl status: abort, munmap_chunk(): invalid pointer (#1339131)
|
||||
- networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077) (#1352378)
|
||||
- networkd: disable IPv6 for bridge slave (#1352378)
|
||||
- machinectl man page is packaged (#1351572)
|
||||
|
||||
* Mon May 30 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-8
|
||||
- Patches for #1316964, #1317928, #1338823
|
||||
- Make localed convert X11 'ru' layout to 'ru' console keymap (#1333998)
|
||||
- Don't advertise hibernation if resume= is not specified (#1206936)
|
||||
|
||||
* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-7
|
||||
- Add myhostname to /etc/nsswitch.conf (#1318303)
|
||||
|
||||
* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-6
|
||||
- Create /etc/resolv.conf symlink from systemd-resolved (#1313085)
|
||||
|
||||
* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-5
|
||||
* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-5
|
||||
- Split out systemd-container subpackage (#1163412)
|
||||
- Split out system-udev subpackage
|
||||
- Add various bugfix patches, incl. a tentative fix for #1308771
|
||||
|
|
Loading…
Reference in New Issue