rpms
/
systemd
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: rpms:master
Branches Tags
rpms:master
rpms:f40-riscv64
rpms:main-riscv64
rpms:f38-riscv64
rpms:f37
rpms:f38
rpms:main
rpms:rawhide
rpms:f36
rpms:f37-riscv64
rpms:f35
rpms:f33-riscv64
rpms:f33
rpms:master-riscv64
rpms:f28
rpms:f27
rpms:rpm-master
rpms:f25
rpms:f26
rpms:f24
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:systemd-216-16.fc21
rpms:systemd-216-15.fc21
rpms:systemd-216-14.fc21
rpms:systemd-216-13.fc21
rpms:systemd-216-12.fc21
rpms:systemd-217-4.fc22
rpms:systemd-217-3.fc22
rpms:systemd-217-2.fc22
rpms:systemd-217-1.fc22
rpms:systemd-216-12.fc22
rpms:systemd-216-11.fc22
rpms:systemd-216-10.fc22
rpms:systemd-216-9.fc22
rpms:systemd-216-8.fc22
rpms:systemd-216-7.fc22
rpms:systemd-216-6.fc22
rpms:systemd-216-5.fc22
rpms:systemd-216-4.fc22
rpms:systemd-216-3.fc22
rpms:systemd-216-2.fc22
rpms:systemd-216-1.fc22
rpms:systemd-215-12.fc22
rpms:systemd-215-11.fc22
rpms:systemd-215-10.fc22
rpms:systemd-215-9.fc22
rpms:systemd-209-1.fc21
rpms:systemd-209-2.gitf01de96.fc21
rpms:systemd-210-1.fc21
rpms:systemd-210-2.fc21
rpms:systemd-210-3.fc21
rpms:systemd-210-4.fc21
rpms:systemd-210-5.fc21
rpms:systemd-210-6.fc21
rpms:systemd-210-7.fc21
rpms:systemd-210-8.fc21
rpms:systemd-211-1.fc21
rpms:systemd-211-2.fc21
rpms:systemd-212-1.fc21
rpms:systemd-212-2.fc21
rpms:systemd-212-3.fc21
rpms:systemd-212-4.fc21
rpms:systemd-212-5.fc21
rpms:systemd-212-6.fc21
rpms:systemd-213-1.fc21
rpms:systemd-213-2.fc21
rpms:systemd-213-3.fc21
rpms:systemd-213-4.fc21
rpms:systemd-214-1.fc21
rpms:systemd-214-2.fc21
rpms:systemd-214-3.fc21
rpms:systemd-214-4.fc21
rpms:systemd-214-5.fc21
rpms:systemd-216-11.fc21
rpms:systemd-216-10.fc21
rpms:systemd-216-9.fc21
rpms:systemd-215-1.fc21
rpms:systemd-215-2.fc21
rpms:systemd-215-3.fc21
rpms:systemd-215-4.fc21
rpms:systemd-215-5.fc21
rpms:systemd-215-6.fc21
rpms:systemd-215-7.fc21
rpms:systemd-215-8.fc21
rpms:systemd-215-9.fc21
rpms:systemd-215-10.fc21
rpms:systemd-215-11.fc21
rpms:systemd-215-12.fc21
rpms:systemd-215-13.fc21
rpms:systemd-215-14.fc21
rpms:systemd-215-15.fc21
rpms:systemd-215-16.fc21
rpms:systemd-215-17.fc21
rpms:systemd-215-18.fc21
rpms:systemd-215-19.fc21
rpms:systemd-216-1.fc21
rpms:systemd-216-2.fc21
rpms:systemd-216-3.fc21
rpms:systemd-216-4.fc21
rpms:systemd-216-5.fc21
rpms:systemd-216-6.fc21
rpms:systemd-216-7.fc21
rpms:systemd-216-8.fc21
rpms:systemd-4-4_fc14
rpms:systemd-4-3_fc14
rpms:systemd-4-2_fc14
rpms:systemd-4-1_fc14
rpms:systemd-3-3_fc14
rpms:systemd-3-2_fc14
rpms:systemd-3-1_fc14
rpms:systemd-2-0_fc14
rpms:systemd-1-0_fc14
rpms:systemd-0-0_7_20100629git4176e5_fc14
rpms:systemd-0-0_6_20100622gita3723b_fc14
rpms:systemd-0-0_5_20100622gita3723b_fc14
rpms:systemd-0-0_4_20100614git393034_fc14
rpms:systemd-0-0_3_20100610git2f198e_fc14
..
compare: rpms:f25
Branches Tags
rpms:f40-riscv64
rpms:main-riscv64
rpms:f38-riscv64
rpms:f37
rpms:f38
rpms:main
rpms:rawhide
rpms:f36
rpms:f37-riscv64
rpms:f35
rpms:f33-riscv64
rpms:f33
rpms:master
rpms:master-riscv64
rpms:f28
rpms:f27
rpms:rpm-master
rpms:f25
rpms:f26
rpms:f24
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:systemd-216-16.fc21
rpms:systemd-216-15.fc21
rpms:systemd-216-14.fc21
rpms:systemd-216-13.fc21
rpms:systemd-216-12.fc21
rpms:systemd-217-4.fc22
rpms:systemd-217-3.fc22
rpms:systemd-217-2.fc22
rpms:systemd-217-1.fc22
rpms:systemd-216-12.fc22
rpms:systemd-216-11.fc22
rpms:systemd-216-10.fc22
rpms:systemd-216-9.fc22
rpms:systemd-216-8.fc22
rpms:systemd-216-7.fc22
rpms:systemd-216-6.fc22
rpms:systemd-216-5.fc22
rpms:systemd-216-4.fc22
rpms:systemd-216-3.fc22
rpms:systemd-216-2.fc22
rpms:systemd-216-1.fc22
rpms:systemd-215-12.fc22
rpms:systemd-215-11.fc22
rpms:systemd-215-10.fc22
rpms:systemd-215-9.fc22
rpms:systemd-209-1.fc21
rpms:systemd-209-2.gitf01de96.fc21
rpms:systemd-210-1.fc21
rpms:systemd-210-2.fc21
rpms:systemd-210-3.fc21
rpms:systemd-210-4.fc21
rpms:systemd-210-5.fc21
rpms:systemd-210-6.fc21
rpms:systemd-210-7.fc21
rpms:systemd-210-8.fc21
rpms:systemd-211-1.fc21
rpms:systemd-211-2.fc21
rpms:systemd-212-1.fc21
rpms:systemd-212-2.fc21
rpms:systemd-212-3.fc21
rpms:systemd-212-4.fc21
rpms:systemd-212-5.fc21
rpms:systemd-212-6.fc21
rpms:systemd-213-1.fc21
rpms:systemd-213-2.fc21
rpms:systemd-213-3.fc21
rpms:systemd-213-4.fc21
rpms:systemd-214-1.fc21
rpms:systemd-214-2.fc21
rpms:systemd-214-3.fc21
rpms:systemd-214-4.fc21
rpms:systemd-214-5.fc21
rpms:systemd-216-11.fc21
rpms:systemd-216-10.fc21
rpms:systemd-216-9.fc21
rpms:systemd-215-1.fc21
rpms:systemd-215-2.fc21
rpms:systemd-215-3.fc21
rpms:systemd-215-4.fc21
rpms:systemd-215-5.fc21
rpms:systemd-215-6.fc21
rpms:systemd-215-7.fc21
rpms:systemd-215-8.fc21
rpms:systemd-215-9.fc21
rpms:systemd-215-10.fc21
rpms:systemd-215-11.fc21
rpms:systemd-215-12.fc21
rpms:systemd-215-13.fc21
rpms:systemd-215-14.fc21
rpms:systemd-215-15.fc21
rpms:systemd-215-16.fc21
rpms:systemd-215-17.fc21
rpms:systemd-215-18.fc21
rpms:systemd-215-19.fc21
rpms:systemd-216-1.fc21
rpms:systemd-216-2.fc21
rpms:systemd-216-3.fc21
rpms:systemd-216-4.fc21
rpms:systemd-216-5.fc21
rpms:systemd-216-6.fc21
rpms:systemd-216-7.fc21
rpms:systemd-216-8.fc21
rpms:systemd-4-4_fc14
rpms:systemd-4-3_fc14
rpms:systemd-4-2_fc14
rpms:systemd-4-1_fc14
rpms:systemd-3-3_fc14
rpms:systemd-3-2_fc14
rpms:systemd-3-1_fc14
rpms:systemd-2-0_fc14
rpms:systemd-1-0_fc14
rpms:systemd-0-0_7_20100629git4176e5_fc14
rpms:systemd-0-0_6_20100622gita3723b_fc14
rpms:systemd-0-0_5_20100622gita3723b_fc14
rpms:systemd-0-0_4_20100614git393034_fc14
rpms:systemd-0-0_3_20100610git2f198e_fc14

13 Commits
master ... f25

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek e717650837 Add missing BR 2017-10-26 14:55:48 +02:00
Zbigniew Jędrzejewski-Szmek 97c46fbcb2 Backport some patches 2017-10-26 13:52:03 +02:00
Zbigniew Jędrzejewski-Szmek 668158ef0a libs subpackage also requires grep 
Fixes #1474529.
 2017-07-25 18:22:22 -04:00
Zbigniew Jędrzejewski-Szmek b6578c0351 Tweak the patches a bit more 2017-06-27 17:41:33 -04:00
Zbigniew Jędrzejewski-Szmek 1d5d446f1d Fix an out-of-bounds write in systemd-resolved 2017-06-27 13:33:43 -04:00
Zbigniew Jędrzejewski-Szmek e0467342b0 Backport one "security" patch 
The patch order is messed up, because I committed the patches that
Michal selected to systemd-stable in the wrong order. Sorry.
 2017-05-25 16:45:21 -04:00
Michal Sekletar ed724b69dc Backport bunch of bugfixes (asserts, segv, memleaks) from upstream 2017-02-22 10:29:24 +01:00
Michal Sekletar 117b3ffe68 Backport support for phys_port_name to net_id 
Resolves: #1425737
 2017-02-22 10:26:44 +01:00
Zbigniew Jędrzejewski-Szmek 5d20f321b0 Add fake dependency on systemd-pam to systemd-devel 2017-01-18 10:07:49 -05:00
Zbigniew Jędrzejewski-Szmek 00e68d95b1 Backport mtime==0 fix 2017-01-17 10:11:56 -05:00
Zbigniew Jędrzejewski-Szmek 7ede846743 Make sure we have our compressions libs ready 
In case some library is not detected properly in the future, fail
the /configure step. We should probably do that for most deps, but
I'm too lazy atm.
 2017-01-16 23:24:21 -05:00
Jan Synacek ed7ad327da Fix buildsystem to check for lz4 correctly (#1404406) 2017-01-16 13:01:41 +01:00
Jan Synacek 0d334e296f Fix: the systemd-nspawn manpage is not installed (#1411269) 
Resolves: #1411269
 2017-01-11 13:18:54 +01:00
72 changed files with 3644 additions and 2084 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
*~
/systemd-*/
/.build-*.log
/x86_64/

33
0001-systemctl-be-sure-to-be-quiet-with-systemctl-is-enab.patch Normal file
View File

@ -0,0 +1,33 @@
From 555c57de77d0a364c116b28809524a1067e2159f Mon Sep 17 00:00:00 2001
From: Christian Rebischke <Chris.Rebischke@posteo.de>
Date: Thu, 28 Jul 2016 04:40:20 +0200
Subject: [PATCH] systemctl: be sure to be quiet with 'systemctl is-enabled
--quiet' (#3819)
Fixes #3813.
(cherry picked from commit 689e4e6a94222b4d58a8b9cb3c51cc2f82268aa9)
---
src/systemctl/systemctl.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 6a0ed79a53..6e61eeadef 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5566,10 +5566,12 @@ static int enable_sysv_units(const char *verb, char **args) {
if (!found_sysv)
continue;
- if (found_native)
- log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
- else
- log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
+ if (!arg_quiet) {
+ if (found_native)
+ log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
+ else
+ log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
+ }
if (!isempty(arg_root))
argv[c++] = q = strappend("--root=", arg_root);

70
0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch
View File

@ -1,70 +0,0 @@
From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Nov 2020 14:28:24 +0100
Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
fails
This test fails on i686 and ppc64le in koji:
/* test_path */
Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
I guess some permission error is the most likely.
---
src/test/test-path-util.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
index f4f8d0550b..be428334f3 100644
--- a/src/test/test-path-util.c
+++ b/src/test/test-path-util.c
@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
}
static void test_path(void) {
- _cleanup_close_ int fd = -1;
-
log_info("/* %s */", __func__);
test_path_compare("/goo", "/goo", 0);
@@ -80,10 +78,6 @@ static void test_path(void) {
assert_se(streq(basename("/aa///file..."), "file..."));
assert_se(streq(basename("file.../"), ""));
- fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
- assert_se(fd >= 0);
- assert_se(fd_is_mount_point(fd, "/", 0) > 0);
-
test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
test_path_simplify("///", "/", "/");
@@ -120,6 +114,22 @@ static void test_path(void) {
assert_se(!path_equal_ptr(NULL, "/a"));
}
+static void test_path_is_mountpoint(void) {
+ _cleanup_close_ int fd = -1;
+ int r;
+
+ log_info("/* %s */", __func__);
+
+ fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
+ assert_se(fd >= 0);
+
+ r = fd_is_mount_point(fd, "/", 0);
+ if (r < 0)
+ log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
+ else
+ assert_se(r == 1);
+}
+
static void test_path_equal_root(void) {
/* Nail down the details of how path_equal("/", ...) works. */
@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
test_print_paths();
test_path();
+ test_path_is_mountpoint();
test_path_equal_root();
test_find_executable_full();
test_find_executable(argv[0]);

33
0001-test-path-util-ignore-test-failure.patch
View File

@ -1,33 +0,0 @@
From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 12 Nov 2020 15:06:12 +0100
Subject: [PATCH] test-path-util: ignore test failure
---
src/test/test-path-util.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
index be428334f3..207c659b8b 100644
--- a/src/test/test-path-util.c
+++ b/src/test/test-path-util.c
@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
log_info("/* %s */", __func__);
+ (void) system("uname -a");
+ (void) system("mountpoint /");
+
fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
assert_se(fd >= 0);
r = fd_is_mount_point(fd, "/", 0);
if (r < 0)
log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
- else
- assert_se(r == 1);
+ else if (r == 0)
+ log_warning("/ is not a mountpoint?");
}
static void test_path_equal_root(void) {

26
0002-logind-0-and-100-should-be-valid-for-UserTasksMax-38.patch Normal file
View File

@ -0,0 +1,26 @@
From 821098286ee773662245254c11ada000ab32fa91 Mon Sep 17 00:00:00 2001
From: Tejun Heo <htejun@fb.com>
Date: Sun, 31 Jul 2016 21:38:47 -0400
Subject: [PATCH] logind: 0% and 100% should be valid for UserTasksMax (#3836)
config_parse_user_tasks_max() was incorrectly accepting percentage value
between 1 and 99. Update it to accept 0% and 100%. This brings it in line
with TasksMax handling in systemd.
(cherry picked from commit cb3e4417590196bd30e1b8097348dca6ba34bd15)
---
src/login/logind-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 348e396292..63363035e7 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -893,7 +893,7 @@ int config_parse_user_tasks_max(
/* First, try to parse as percentage */
r = parse_percent(rvalue);
- if (r > 0 && r < 100)
+ if (r >= 0)
k = system_tasks_max_scale(r, 100U);
else {

40
0003-systemd-ask-password-make-sure-directory-watch-is-st.patch Normal file
View File

@ -0,0 +1,40 @@
From c877672ff6ec11efc8cd55d4c156211b16cf0975 Mon Sep 17 00:00:00 2001
From: tblume <Thomas.Blume@suse.com>
Date: Tue, 2 Aug 2016 14:55:25 +0200
Subject: [PATCH] systemd-ask-password: make sure directory watch is started
before cryptsetup (#3850)
The password directory watch should get ordered before cryptsetup to make sure
that the password for unlocking the crypt device gets prompted.
(cherry picked from commit 7633f8ef371a0992374956437fb7bb8189156b10)
---
units/systemd-ask-password-console.path | 2 +-
units/systemd-ask-password-wall.path | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path
index 2949635fea..7899ae788f 100644
--- a/units/systemd-ask-password-console.path
+++ b/units/systemd-ask-password-console.path
@@ -11,7 +11,7 @@ Documentation=man:systemd-ask-password-console.service(8)
DefaultDependencies=no
Conflicts=shutdown.target
After=plymouth-start.service
-Before=paths.target shutdown.target
+Before=paths.target shutdown.target cryptsetup.target
ConditionPathExists=!/run/plymouth/pid
[Path]
diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path
index 95ec9bc8a0..a3ca617256 100644
--- a/units/systemd-ask-password-wall.path
+++ b/units/systemd-ask-password-wall.path
@@ -10,7 +10,7 @@ Description=Forward Password Requests to Wall Directory Watch
Documentation=man:systemd-ask-password-console.service(8)
DefaultDependencies=no
Conflicts=shutdown.target
-Before=paths.target shutdown.target
+Before=paths.target shutdown.target cryptsetup.target
[Path]
DirectoryNotEmpty=/run/systemd/ask-password

34
0004-Revert-logind-really-handle-KeyIgnoreInhibited-optio.patch Normal file
View File

@ -0,0 +1,34 @@
From 811a90e2de94c71bddf02cdab36c1a0560288695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Mon, 8 Aug 2016 11:07:38 +0300
Subject: [PATCH] Revert "logind: really handle *KeyIgnoreInhibited options in
logind.conf"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 8121f4d209eca85dcb11830800483cdfafbef9b7.
The special 'key handling' inhibitors should always work regardless of
any *IgnoreInhibited settings otherwise they're nearly useless.
Reverts: #3470
Fixes: #3897
(cherry picked from commit 06a70b918d4d753769a727239f75af8896006467)
---
src/login/logind-action.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/logind-action.c b/src/login/logind-action.c
index 8ef48dbaa1..a950409254 100644
--- a/src/login/logind-action.c
+++ b/src/login/logind-action.c
@@ -85,7 +85,7 @@ int manager_handle_action(
}
/* If the key handling is inhibited, don't do anything */
- if (!ignore_inhibited && inhibit_key > 0) {
+ if (inhibit_key > 0) {
if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) {
log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key));
return 0;

109
0005-man-explain-that-KeyIgnoreInhibited-only-apply-to-a-.patch Normal file
View File

@ -0,0 +1,109 @@
From 9ecf9e414a97e861db403e043696fed6033508f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 14 Aug 2016 16:27:59 -0400
Subject: [PATCH] man: explain that *KeyIgnoreInhibited only apply to a subset
of locks
Follow-up for #3924.
(cherry picked from commit 05b2a8fd7a0533758d2f532df798cabc3c442683)
---
man/logind.conf.xml | 42 ++++++++++++++++++++++++++----------------
man/systemd-inhibit.xml | 2 +-
man/systemd-logind.service.xml | 2 +-
3 files changed, 28 insertions(+), 18 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index adba5a4131..5931832996 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -211,7 +211,7 @@
<term><varname>HandleLidSwitch=</varname></term>
<term><varname>HandleLidSwitchDocked=</varname></term>
- <listitem><para>Controls whether logind shall handle the
+ <listitem><para>Controls how logind shall handle the
system power and sleep keys and the lid switch to trigger
actions such as system power-off or suspend. Can be one of
<literal>ignore</literal>,
@@ -240,7 +240,16 @@
docking station, or if more than one display is connected, the
action specified by <varname>HandleLidSwitchDocked=</varname>
occurs; otherwise the <varname>HandleLidSwitch=</varname>
- action occurs.</para></listitem>
+ action occurs.</para>
+
+ <para>A different application may disable logind's handling of system power and
+ sleep keys and the lid switch by taking a low-level inhibitor lock
+ ("handle-power-key", "handle-suspend-key", "handle-hibernate-key",
+ "handle-lid-switch"). This is most commonly used by graphical desktop environments
+ to take over suspend and hibernation handling, and to use their own configuration
+ mechanisms. If a low-level inhibitor lock is taken, logind will not take any
+ action when that key or switch is triggered and the <varname>Handle*=</varname>
+ settings are irrelevant.</para></listitem>
</varlistentry>
<varlistentry>
@@ -249,21 +258,22 @@
<term><varname>HibernateKeyIgnoreInhibited=</varname></term>
<term><varname>LidSwitchIgnoreInhibited=</varname></term>
- <listitem><para>Controls whether actions triggered by the
- power and sleep keys and the lid switch are subject to
- inhibitor locks. These settings take boolean arguments. If
- <literal>no</literal>, the inhibitor locks taken by
- applications in order to block the requested operation are
- respected. If <literal>yes</literal>, the requested operation
- is executed in any case.
+ <listitem><para>Controls whether actions that <command>systemd-logind</command>
+ takes when the power and sleep keys and the lid switch are triggered are subject
+ to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor
+ locks ("handle-*-key"), are always honoured, irrespective of this setting.</para>
+
+ <para>These settings take boolean arguments. If <literal>no</literal>, the
+ inhibitor locks taken by applications are respected. If <literal>yes</literal>,
+ "shutdown", "sleep", and "idle" inhibitor locks are ignored.
<varname>PowerKeyIgnoreInhibited=</varname>,
- <varname>SuspendKeyIgnoreInhibited=</varname> and
- <varname>HibernateKeyIgnoreInhibited=</varname> default to
- <literal>no</literal>.
- <varname>LidSwitchIgnoreInhibited=</varname> defaults to
- <literal>yes</literal>. This means that the lid switch does
- not respect suspend blockers by default, but the power and
- sleep keys do. </para></listitem>
+ <varname>SuspendKeyIgnoreInhibited=</varname>, and
+ <varname>HibernateKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
+ <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
+ This means that when <command>systemd-logind</command> is handling events by
+ itself (no low level inhibitor locks are taken by another application), the lid
+ switch does not respect suspend blockers by default, but the power and sleep keys
+ do.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml
index 9d85908f97..ce169960d8 100644
--- a/man/systemd-inhibit.xml
+++ b/man/systemd-inhibit.xml
@@ -61,7 +61,7 @@
<title>Description</title>
<para><command>systemd-inhibit</command> may be used to execute a
- program with a shutdown, sleep or idle inhibitor lock taken. The
+ program with a shutdown, sleep, or idle inhibitor lock taken. The
lock will be acquired before the specified command line is
executed and released afterwards.</para>
diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml
index 5733e42cd1..f0bdb1c756 100644
--- a/man/systemd-logind.service.xml
+++ b/man/systemd-logind.service.xml
@@ -84,7 +84,7 @@
management</para></listitem>
</itemizedlist>
- <para>User sessions are registered in logind via the
+ <para>User sessions are registered with logind via the
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
PAM module.</para>

25
0006-systemctl-fix-preset-all-with-missing-etc-systemd-sy.patch Normal file
View File

@ -0,0 +1,25 @@
From ee2b7cbcd0633aaddd4f758580e9157dea0e6a1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 11 Aug 2016 21:53:32 -0400
Subject: [PATCH] systemctl: fix preset-all with missing /etc/systemd/system
If the directory is missing, we can assume that those pesky symlinks are gone too.
(cherry picked from commit 32d9493e593fed7fe5b4dd1e92fe4fd419042fe5)
---
src/shared/install.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 7b49e1ece9..2d9306058d 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -620,7 +620,7 @@ static int remove_marked_symlinks(
fd = open(config_path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
if (fd < 0)
- return -errno;
+ return errno == ENOENT ? 0 : -errno;
do {
int q, cfd;

74
0007-shared-install-remove-unused-paramater-and-add-more-.patch Normal file
View File

@ -0,0 +1,74 @@
From 6f3bf5e9e0ba04df7ffc85b6a21d296c2902edcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 12 Aug 2016 23:50:58 -0400
Subject: [PATCH] shared/install: remove unused paramater and add more comments
(cherry picked from commit ff56349d5a83f2202ed331f232f5d73467db482c)
---
src/shared/install.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 2d9306058d..5e0f9c5d0c 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -903,6 +903,10 @@ static int install_info_may_process(
return 0;
}
+/**
+ * Adds a new UnitFileInstallInfo entry under name in the InstallContext.will_process
+ * hashmap, or retrieves the existing one if already present.
+ */
static int install_info_add(
InstallContext *c,
const char *name,
@@ -1334,9 +1338,8 @@ static int install_info_follow(
}
/**
- * Search for the unit file. If the unit name is a symlink,
- * follow the symlink to the target, maybe more than once.
- * Propagate the instance name if present.
+ * Search for the unit file. If the unit name is a symlink, follow the symlink to the
+ * target, maybe more than once. Propagate the instance name if present.
*/
static int install_info_traverse(
UnitFileScope scope,
@@ -1421,6 +1424,10 @@ static int install_info_traverse(
return 0;
}
+/**
+ * Call install_info_add() with name_or_path as the path (if name_or_path starts with "/")
+ * or the name (otherwise). root_dir is prepended to the path.
+ */
static int install_info_add_auto(
InstallContext *c,
const LookupPaths *paths,
@@ -2685,7 +2692,6 @@ static int preset_prepare_one(
InstallContext *plus,
InstallContext *minus,
LookupPaths *paths,
- UnitFilePresetMode mode,
const char *name,
Presets presets,
UnitFileChange **changes,
@@ -2748,7 +2754,7 @@ int unit_file_preset(
return r;
STRV_FOREACH(i, files) {
- r = preset_prepare_one(scope, &plus, &minus, &paths, mode, *i, presets, changes, n_changes);
+ r = preset_prepare_one(scope, &plus, &minus, &paths, *i, presets, changes, n_changes);
if (r < 0)
return r;
}
@@ -2809,7 +2815,7 @@ int unit_file_preset_all(
continue;
/* we don't pass changes[] in, because we want to handle errors on our own */
- r = preset_prepare_one(scope, &plus, &minus, &paths, mode, de->d_name, presets, NULL, 0);
+ r = preset_prepare_one(scope, &plus, &minus, &paths, de->d_name, presets, NULL, 0);
if (r == -ERFKILL)
r = unit_file_changes_add(changes, n_changes,
UNIT_FILE_IS_MASKED, de->d_name, NULL);

83
0008-shared-install-ignore-unit-symlinks-when-doing-prese.patch Normal file
View File

@ -0,0 +1,83 @@
From 35b8a55c85aa69af9634af337085da777d438bea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 13 Aug 2016 01:20:29 -0400
Subject: [PATCH] shared/install: ignore unit symlinks when doing preset-all
Before, when interating over unit files during preset-all, behaviour was the
following:
- if we hit the real unit name first, presets were queried for that name, and
that unit was enabled or disabled accordingly,
- if we hit an alias first (one of the symlinks chaining to the real unit), we
checked the presets using the symlink name, and then proceeded to enable or
disable the real unit.
E.g. for systemd-networkd.service we have the alias dbus-org.freedesktop.network1.service
(/usr/lib/systemd/system/dbus-org.freedesktop.network1.service), but the preset
is only for the systemd-networkd.service name. The service would be enabled or
disabled pseudorandomly depending on the order of iteration.
For "preset", behaviour was analogous: preset on the alias name disabled the
service (following the default disable policy), preset on the "real" name
applied the presets.
With the patch, for "preset" and "preset-all" we silently skip symlinks. This
gives mostly the right behaviour, with the limitation that presets on aliases
are ignored. I think that presets on aliases are not that common (at least my
preset files on Fedora don't exhibit any such usage), and should not be
necessary, since whoever installs the preset can just refer to the real unit
file. It would be possible to overcome this limitation by gathering a list of
names of a unit first, and then checking whether *any* of the names matches the
presets list. That would require a significant redesign of the code, and be
a lot slower (since we would have to fully read all unit directories to preset
one unit) to so I'm not doing that for now.
With this patch, two properties are satisfied:
- preset-all and preset are idempotent, and the second and subsequent invocations
do not produce any changes,
- preset-all and preset for a specific name produce the same state for that unit.
Fixes #3616.
(cherry picked from commit 11e11fd57a837ea1cb142009c3048882392f3ed3)
---
src/shared/install.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 5e0f9c5d0c..ef5a56391c 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1974,7 +1974,6 @@ int unit_file_revert(
unsigned *n_changes) {
_cleanup_set_free_free_ Set *remove_symlinks_to = NULL;
- /* _cleanup_(install_context_done) InstallContext c = {}; */
_cleanup_lookup_paths_free_ LookupPaths paths = {};
_cleanup_strv_free_ char **todo = NULL;
size_t n_todo = 0, n_allocated = 0;
@@ -2697,13 +2696,21 @@ static int preset_prepare_one(
UnitFileChange **changes,
unsigned *n_changes) {
+ _cleanup_(install_context_done) InstallContext tmp = {};
UnitFileInstallInfo *i;
int r;
- if (install_info_find(plus, name) ||
- install_info_find(minus, name))
+ if (install_info_find(plus, name) || install_info_find(minus, name))
return 0;
+ r = install_info_discover(scope, &tmp, paths, name, SEARCH_FOLLOW_CONFIG_SYMLINKS, &i);
+ if (r < 0)
+ return r;
+ if (!streq(name, i->name)) {
+ log_debug("Skipping %s because is an alias for %s", name, i->name);
+ return 0;
+ }
+
r = query_presets(name, presets);
if (r < 0)
return r;

94
0009-man-describe-what-symlinks-to-unit-do-and-specify-th.patch Normal file
View File

@ -0,0 +1,94 @@
From c9b3950580db43c576d3ec8f7bf14e49905a09cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 13 Aug 2016 09:38:12 -0400
Subject: [PATCH] man: describe what symlinks to unit do, and specify that
presets must use real names
The man pages didn't ever mention that symlinks to units can be created, and what
exactly this means. Fix that omission, and disallow presets on alias names.
(cherry picked from commit d923e42eed9a29137821760dafecb13798264c07)
---
man/systemctl.xml | 3 ++-
man/systemd.preset.xml | 4 ++++
man/systemd.unit.xml | 36 +++++++++++++++++++++++-------------
3 files changed, 29 insertions(+), 14 deletions(-)
diff --git a/man/systemctl.xml b/man/systemctl.xml
index e7880d24f7..8b73e91bdb 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -1088,7 +1088,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
enabled and disabled, or only enabled, or only disabled.</para>
<para>If the unit carries no install information, it will be silently ignored
- by this command.</para>
+ by this command. <replaceable>NAME</replaceable> must be the real unit name,
+ any alias names are ignored silently.</para>
<para>For more information on the preset policy format, see
<citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
diff --git a/man/systemd.preset.xml b/man/systemd.preset.xml
index b7164014f0..d09167baaf 100644
--- a/man/systemd.preset.xml
+++ b/man/systemd.preset.xml
@@ -98,6 +98,10 @@
Empty lines and lines whose first non-whitespace character is # or
; are ignored.</para>
+ <para>Presets must refer to the "real" unit file, and not to any aliases. See
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for a description of unit aliasing.</para>
+
<para>Two different directives are understood:
<literal>enable</literal> may be used to enable units by default,
<literal>disable</literal> to disable units by default.</para>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 85a7b12d76..f818e772a9 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -144,21 +144,31 @@
<option>false</option> and <option>off</option> are
equivalent.</para>
- <para>Time span values encoded in unit files can be written in
- various formats. A stand-alone number specifies a time in seconds.
- If suffixed with a time unit, the unit is honored. A concatenation
- of multiple values with units is supported, in which case the
- values are added up. Example: "50" refers to 50 seconds; "2min
- 200ms" refers to 2 minutes plus 200 milliseconds, i.e. 120200ms.
- The following time units are understood: s, min, h, d, w, ms, us.
- For details see
+ <para>Time span values encoded in unit files can be written in various formats. A stand-alone number specifies a
+ time in seconds. If suffixed with a time unit, the unit is honored. A concatenation of multiple values with units
+ is supported, in which case the values are added up. Example: <literal>50</literal> refers to 50 seconds;
+ <literal>2min 200ms</literal> refers to 2 minutes and 200 milliseconds, i.e. 120200 ms. The following time units
+ are understood: <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>d</literal>,
+ <literal>w</literal>, <literal>ms</literal>, <literal>us</literal>. For details see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
- <para>Empty lines and lines starting with # or ; are
- ignored. This may be used for commenting. Lines ending
- in a backslash are concatenated with the following
- line while reading and the backslash is replaced by a
- space character. This may be used to wrap long lines.</para>
+ <para>Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are ignored. This may be
+ used for commenting. Lines ending in a backslash are concatenated with the following line while reading and the
+ backslash is replaced by a space character. This may be used to wrap long lines.</para>
+
+ <para>Units can be aliased (have an alternative name), by creating a symlink from the new name to the existing name
+ in one of the unit search paths. For example, <filename>systemd-networkd.service</filename> has the alias
+ <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the symlink
+ <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In addition, unit files may
+ specify aliases through the <varname>Alias=</varname> directive in the [Install] section; those aliases are only
+ effective when the unit is enabled. When the unit is enabled, symlinks will be created for those names, and removed
+ when the unit is disabled. For example, <filename>reboot.target</filename> specifies
+ <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever CTRL+ALT+DEL is
+ pressed. Alias names may be used in commands like <command>enable</command>, <command>disable</command>,
+ <command>start</command>, <command>stop</command>, <command>status</command>, …, and in unit dependency directives
+ <varname>Wants=</varname>, <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …,
+ with the limitation that aliases specified through <varname>Alias=</varname> are only effective when the unit is
+ enabled. Aliases cannot be used with the <command>preset</command> command.</para>
<para>Along with a unit file <filename>foo.service</filename>, the
directory <filename>foo.service.wants/</filename> may exist. All

144
0010-shared-install-move-root-skipping-into-create_symlin.patch Normal file
View File

@ -0,0 +1,144 @@
From f0d72d47f05bbbb851d9ab64df877a3f0e769b4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 13 Aug 2016 01:21:57 -0400
Subject: [PATCH] shared/install: move root skipping into create_symlink()
No functional change intended.
(cherry picked from commit 60bec8e4031367869520280350fa1523625d682b)
---
src/shared/install.c | 33 +++++++++++++--------------------
1 file changed, 13 insertions(+), 20 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index ef5a56391c..8c45725f5a 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -394,6 +394,7 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
}
static int create_symlink(
+ const LookupPaths *paths,
const char *old_path,
const char *new_path,
bool force,
@@ -401,11 +402,16 @@ static int create_symlink(
unsigned *n_changes) {
_cleanup_free_ char *dest = NULL;
+ const char *rp;
int r;
assert(old_path);
assert(new_path);
+ rp = skip_root(paths, old_path);
+ if (rp)
+ old_path = rp;
+
/* Actually create a symlink, and remember that we did. Is
* smart enough to check if there's already a valid symlink in
* place.
@@ -1486,7 +1492,6 @@ static int install_info_symlink_alias(
STRV_FOREACH(s, i->aliases) {
_cleanup_free_ char *alias_path = NULL, *dst = NULL;
- const char *rp;
q = install_full_printf(i, *s, &dst);
if (q < 0)
@@ -1496,9 +1501,7 @@ static int install_info_symlink_alias(
if (!alias_path)
return -ENOMEM;
- rp = skip_root(paths, i->path);
-
- q = create_symlink(rp ?: i->path, alias_path, force, changes, n_changes);
+ q = create_symlink(paths, i->path, alias_path, force, changes, n_changes);
if (r == 0)
r = q;
}
@@ -1542,7 +1545,6 @@ static int install_info_symlink_wants(
STRV_FOREACH(s, list) {
_cleanup_free_ char *path = NULL, *dst = NULL;
- const char *rp;
q = install_full_printf(i, *s, &dst);
if (q < 0)
@@ -1557,9 +1559,7 @@ static int install_info_symlink_wants(
if (!path)
return -ENOMEM;
- rp = skip_root(paths, i->path);
-
- q = create_symlink(rp ?: i->path, path, true, changes, n_changes);
+ q = create_symlink(paths, i->path, path, true, changes, n_changes);
if (r == 0)
r = q;
}
@@ -1576,7 +1576,6 @@ static int install_info_symlink_link(
unsigned *n_changes) {
_cleanup_free_ char *path = NULL;
- const char *rp;
int r;
assert(i);
@@ -1594,9 +1593,7 @@ static int install_info_symlink_link(
if (!path)
return -ENOMEM;
- rp = skip_root(paths, i->path);
-
- return create_symlink(rp ?: i->path, path, force, changes, n_changes);
+ return create_symlink(paths, i->path, path, force, changes, n_changes);
}
static int install_info_apply(
@@ -1772,7 +1769,7 @@ int unit_file_mask(
if (!path)
return -ENOMEM;
- q = create_symlink("/dev/null", path, force, changes, n_changes);
+ q = create_symlink(&paths, "/dev/null", path, force, changes, n_changes);
if (q < 0 && r >= 0)
r = q;
}
@@ -1932,14 +1929,12 @@ int unit_file_link(
r = 0;
STRV_FOREACH(i, todo) {
_cleanup_free_ char *new_path = NULL;
- const char *old_path;
- old_path = skip_root(&paths, *i);
new_path = path_make_absolute(basename(*i), config_path);
if (!new_path)
return -ENOMEM;
- q = create_symlink(old_path ?: *i, new_path, force, changes, n_changes);
+ q = create_symlink(&paths, *i, new_path, force, changes, n_changes);
if (q < 0 && r >= 0)
r = q;
}
@@ -2318,7 +2313,7 @@ int unit_file_set_default(
_cleanup_lookup_paths_free_ LookupPaths paths = {};
_cleanup_(install_context_done) InstallContext c = {};
UnitFileInstallInfo *i;
- const char *new_path, *old_path;
+ const char *new_path;
int r;
assert(scope >= 0);
@@ -2341,10 +2336,8 @@ int unit_file_set_default(
if (r < 0)
return r;
- old_path = skip_root(&paths, i->path);
new_path = strjoina(paths.persistent_config, "/" SPECIAL_DEFAULT_TARGET);
-
- return create_symlink(old_path ?: i->path, new_path, force, changes, n_changes);
+ return create_symlink(&paths, i->path, new_path, force, changes, n_changes);
}
int unit_file_get_default(

97
0011-shared-install-when-creating-symlinks-keep-existing-.patch Normal file
View File

@ -0,0 +1,97 @@
From bfcaa19428a32234356fde460ef556c23bf80f4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 13 Aug 2016 01:27:21 -0400
Subject: [PATCH] shared/install: when creating symlinks, keep existing
relative symlinks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Running preset-all on a system installed from rpms or even created
using make install would remove and recreate a lot of symlinks, changing
relative to absolute symlinks. In general relative symlinks are nicer,
so there is no reason to change them, and those spurious changes were
obscuring more interesting stuff.
$ make install DESTDIR=/var/tmp/inst1
$ systemctl preset-all --root=/var/tmp/inst1
(before)
Removed /var/tmp/inst1/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service.
Created symlink /var/tmp/inst1/etc/systemd/system/ctrl-alt-del.target → /usr/lib/systemd/system/exit.target.
Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/remote-fs.target.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/remote-fs.target → /usr/lib/systemd/system/remote-fs.target.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/machines.target → /usr/lib/systemd/system/machines.target.
Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-journal-remote.socket → /usr/lib/systemd/system/systemd-journal-remote.socket.
Removed /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-networkd.socket → /usr/lib/systemd/system/systemd-networkd.socket.
Removed /var/tmp/inst1/etc/systemd/system/getty.target.wants/getty@tty1.service.
Created symlink /var/tmp/inst1/etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service → /usr/lib/systemd/system/systemd-journal-upload.service.
Removed /var/tmp/inst1/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service.
Created symlink /var/tmp/inst1/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service → /usr/lib/systemd/system/systemd-timesyncd.service.
Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-resolved.service.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-resolved.service → /usr/lib/systemd/system/systemd-resolved.service.
Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-networkd.service → /usr/lib/systemd/system/systemd-networkd.service.
(after)
Removed /var/tmp/inst1/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service.
Created symlink /var/tmp/inst1/etc/systemd/system/ctrl-alt-del.target → /usr/lib/systemd/system/exit.target.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/machines.target → /usr/lib/systemd/system/machines.target.
Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-journal-remote.socket → /usr/lib/systemd/system/systemd-journal-remote.socket.
Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service → /usr/lib/systemd/system/systemd-journal-upload.service.
(cherry picked from commit 25ea92778d5f4339e07c152a99d16223f43ad681)
---
src/shared/install.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 8c45725f5a..9ce8e4d390 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -393,6 +393,21 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
log_error_errno(r, "Failed to %s: %m.", verb);
}
+/**
+ * Checks if two paths or symlinks from wd are the same, when root is the root of the filesystem.
+ * wc should be the full path in the host file system.
+ */
+static bool chroot_symlinks_same(const char *root, const char *wd, const char *a, const char *b) {
+ assert(path_is_absolute(wd));
+
+ /* This will give incorrect results if the paths are relative and go outside
+ * of the chroot. False negatives are possible. */
+
+ a = strjoina(path_is_absolute(a) ? root : wd, "/", a);
+ b = strjoina(path_is_absolute(b) ? root : wd, "/", b);
+ return path_equal_or_files_same(a, b);
+}
+
static int create_symlink(
const LookupPaths *paths,
const char *old_path,
@@ -401,7 +416,7 @@ static int create_symlink(
UnitFileChange **changes,
unsigned *n_changes) {
- _cleanup_free_ char *dest = NULL;
+ _cleanup_free_ char *dest = NULL, *dirname = NULL;
const char *rp;
int r;
@@ -442,7 +457,11 @@ static int create_symlink(
return r;
}
- if (path_equal(dest, old_path))
+ dirname = dirname_malloc(new_path);
+ if (!dirname)
+ return -ENOMEM;
+
+ if (chroot_symlinks_same(paths->root_dir, dirname, dest, old_path))
return 1;
if (!force) {

75
0012-shared-install-properly-report-masked-units-listed-i.patch Normal file
View File

@ -0,0 +1,75 @@
From 3f5a187dcf8ad2f0690046876d30d37630c11014 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Aug 2016 22:15:54 -0400
Subject: [PATCH] shared/install: properly report masked units listed in Also=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A masked unit is listed in Also=:
$ systemctl cat test1 test2
→# /etc/systemd/system/test1.service
[Unit]
Description=test service 1
[Service]
Type=oneshot
ExecStart=/usr/bin/true
[Install]
WantedBy=multi-user.target
Also=test2.service
Alias=alias1.service
→# /dev/null
$ systemctl --root=/ enable test1
(before)
Created symlink /etc/systemd/system/alias1.service → /etc/systemd/system/test1.service.
Created symlink /etc/systemd/system/multi-user.target.wants/test1.service → /etc/systemd/system/test1.service.
The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
settings in the [Install] section, and DefaultInstance for template units).
This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
4) In case of template units, the unit is meant to be enabled with some
instance name specified.
(after)
Created symlink /etc/systemd/system/alias1.service → /etc/systemd/system/test1.service.
Created symlink /etc/systemd/system/multi-user.target.wants/test1.service → /etc/systemd/system/test1.service.
Unit /etc/systemd/system/test2.service is masked, ignoring.
(cherry picked from commit f16517151310b88591f3501a59e23ae2a79e7f02)
---
src/shared/install.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/shared/install.c b/src/shared/install.c
index 9ce8e4d390..9d9f4dff4f 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1686,6 +1686,17 @@ static int install_context_apply(
if (r < 0)
return r;
+ /* We can attempt to process a masked unit when a different unit
+ * that we were processing specifies it in DefaultInstance= or Also=. */
+ if (i->type == UNIT_FILE_TYPE_MASKED) {
+ unit_file_changes_add(changes, n_changes, UNIT_FILE_IS_MASKED, i->path, NULL);
+ if (r >= 0)
+ /* Assume that some *could* have been enabled here, avoid
+ * "empty [Install] section" warning. */
+ r += 1;
+ continue;
+ }
+
if (i->type != UNIT_FILE_TYPE_REGULAR)
continue;

45
0013-Revert-pid1-reconnect-to-the-console-before-being-re.patch Normal file
View File

@ -0,0 +1,45 @@
From e59e123d9c0692b6104deea954e1a2db172e22e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Aug 2016 21:39:39 -0400
Subject: [PATCH] Revert "pid1: reconnect to the console before being
re-executed"
This reverts commit affd7ed1a923b0df8479cff1bd9eafb625fdaa66.
> So it looks like make_console_stdio() has bad side effect. More specifically it
> does a TIOCSCTTY ioctl (via acquire_terminal()) which sees to disturb the
> process which was using/owning the console.
Fixes #3842.
https://bugs.debian.org/834367
https://bugzilla.redhat.com/show_bug.cgi?id=1367766
(cherry picked from commit bd64d82c1c0e3fe2a5f9b3dd9132d62834f50b2d)
---
src/core/main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index f2adca7d2b..f59a55f166 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2016,9 +2016,6 @@ finish:
log_error_errno(r, "Failed to switch root, trying to continue: %m");
}
- /* Reopen the console */
- (void) make_console_stdio();
-
args_size = MAX(6, argc+1);
args = newa(const char*, args_size);
@@ -2066,6 +2063,9 @@ finish:
arg_serialization = safe_fclose(arg_serialization);
fds = fdset_free(fds);
+ /* Reopen the console */
+ (void) make_console_stdio();
+
for (j = 1, i = 1; j < (unsigned) argc; j++)
args[i++] = argv[j];
args[i++] = NULL;

62
0014-systemd-ignore-lack-of-tty-when-checking-whether-col.patch Normal file
View File

@ -0,0 +1,62 @@
From 0da0a63dba426aa351d733292df6ec41603b39b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Aug 2016 22:03:56 -0400
Subject: [PATCH] systemd: ignore lack of tty when checking whether colors
should be enabled
When started by the kernel, we are connected to the console, and we'll set TERM
properly to some value in fixup_environment(). We'll then enable or disable
colors based on the value of $SYSTEMD_COLORS and $TERM.
When reexecuting, TERM should be already set, so we can use this value.
Effectively, behaviour is the same as before affd7ed1a was reverted, but instead
of reopening the console before configuring color output, we just ignore what
stdout is connected to and decide based on the variables only.
(cherry picked from commit 158fbf7661912adf0f42c93155499119811dde82)
---
src/basic/terminal-util.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index df56d85317..47d31ad4d7 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -1191,12 +1191,9 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) {
return receive_one_fd(pair[0], 0);
}
-bool terminal_is_dumb(void) {
+static bool getenv_terminal_is_dumb(void) {
const char *e;
- if (!on_tty())
- return true;
-
e = getenv("TERM");
if (!e)
return true;
@@ -1204,6 +1201,13 @@ bool terminal_is_dumb(void) {
return streq(e, "dumb");
}
+bool terminal_is_dumb(void) {
+ if (!on_tty())
+ return true;
+
+ return getenv_terminal_is_dumb();
+}
+
bool colors_enabled(void) {
static int enabled = -1;
@@ -1213,6 +1217,9 @@ bool colors_enabled(void) {
colors = getenv("SYSTEMD_COLORS");
if (colors)
enabled = parse_boolean(colors) != 0;
+ else if (getpid() == 1)
+ /* PID1 outputs to the console without holding it open all the time */
+ enabled = !getenv_terminal_is_dumb();
else
enabled = !terminal_is_dumb();
}

127
0015-shared-install-do-not-enable-masked-instances-4005.patch Normal file
View File

@ -0,0 +1,127 @@
From 3cb3b0145ed8439eb604b43596e6456ed3292c46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 21 Aug 2016 09:10:51 -0400
Subject: [PATCH] shared/install: do not enable masked instances (#4005)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When told to enable a template unit, and the DefaultInstance specified in that
unit was masked, we would do this. Such a unit cannot be started or loaded, so
reporting successful enabling is misleading and unexpected.
$ systemctl mask getty@tty1
Created symlink /etc/systemd/system/getty@tty1.service → /dev/null.
$ systemctl --root=/ enable getty@tty1
(unchanged)
Failed to enable unit, unit /etc/systemd/system/getty@tty1.service is masked.
$ systemctl --root=/ enable getty@
(before)
Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service.
(now)
Failed to enable unit, unit /etc/systemd/system/getty@tty1.service is masked.
The same error is emitted for enable and preset. And an error is emmited, not a
warning, so the failure to enable DefaultInstance is treated the same as if the
instance was specified on the command line. I think that this makes most sense,
for most template units.
Fixes #2513.
(cherry picked from commit 047d91f9c8cf1bcf5a30f428668babd619533944)
---
src/shared/install.c | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 9d9f4dff4f..cb2a2e7e0d 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -912,8 +912,8 @@ static int install_info_may_process(
assert(i);
assert(paths);
- /* Checks whether the loaded unit file is one we should process, or is masked, transient or generated and thus
- * not subject to enable/disable operations. */
+ /* Checks whether the loaded unit file is one we should process, or is masked,
+ * transient or generated and thus not subject to enable/disable operations. */
if (i->type == UNIT_FILE_TYPE_MASKED) {
unit_file_changes_add(changes, n_changes, -ERFKILL, i->path, NULL);
@@ -1134,7 +1134,6 @@ static int unit_file_load(
struct stat st;
int r;
- assert(c);
assert(info);
assert(path);
@@ -1163,6 +1162,9 @@ static int unit_file_load(
return 0;
}
+ /* c is only needed if we actually load the file */
+ assert(c);
+
fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
if (fd < 0)
return -errno;
@@ -1275,7 +1277,6 @@ static int unit_file_search(
char **p;
int r;
- assert(c);
assert(info);
assert(paths);
@@ -1546,7 +1547,14 @@ static int install_info_symlink_wants(
assert(paths);
assert(config_path);
+ if (strv_isempty(list))
+ return 0;
+
if (unit_name_is_valid(i->name, UNIT_NAME_TEMPLATE)) {
+ UnitFileInstallInfo instance = {
+ .type = _UNIT_FILE_TYPE_INVALID,
+ };
+ _cleanup_free_ char *path = NULL;
/* Don't install any symlink if there's no default
* instance configured */
@@ -1558,6 +1566,19 @@ static int install_info_symlink_wants(
if (r < 0)
return r;
+ instance.name = buf;
+ r = unit_file_search(NULL, &instance, paths, SEARCH_FOLLOW_CONFIG_SYMLINKS);
+ if (r < 0)
+ return r;
+
+ path = instance.path;
+ instance.path = NULL;
+
+ if (instance.type == UNIT_FILE_TYPE_MASKED) {
+ unit_file_changes_add(changes, n_changes, -ERFKILL, path, NULL);
+ return -ERFKILL;
+ }
+
n = buf;
} else
n = i->name;
@@ -1687,12 +1708,12 @@ static int install_context_apply(
return r;
/* We can attempt to process a masked unit when a different unit
- * that we were processing specifies it in DefaultInstance= or Also=. */
+ * that we were processing specifies it in Also=. */
if (i->type == UNIT_FILE_TYPE_MASKED) {
unit_file_changes_add(changes, n_changes, UNIT_FILE_IS_MASKED, i->path, NULL);
if (r >= 0)
- /* Assume that some *could* have been enabled here, avoid
- * "empty [Install] section" warning. */
+ /* Assume that something *could* have been enabled here,
+ * avoid "empty [Install] section" warning. */
r += 1;
continue;
}

29
0016-If-the-notification-message-length-is-0-ignore-the-m.patch Normal file
View File

@ -0,0 +1,29 @@
From 2e9b525caa9e3126e54f0d9506d0c36d7d533997 Mon Sep 17 00:00:00 2001
From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
Date: Wed, 28 Sep 2016 18:25:50 -0300
Subject: [PATCH] If the notification message length is 0, ignore the message
(#4237)
Fixes #4234.
Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
---
src/core/manager.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/manager.c b/src/core/manager.c
index 4d84a0b37e..a085ed899a 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1648,6 +1648,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return -errno;
}
+ if (n == 0) {
+ log_debug("Got zero-length notification message. Ignoring.");
+ return 0;
+ }
CMSG_FOREACH(cmsg, &msghdr) {
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {

48
0017-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch Normal file
View File

@ -0,0 +1,48 @@
From 39e5e97e68a9c1bca3bcfa6c9316a83dad0b072d Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 29 Sep 2016 19:44:34 +0200
Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
(#4240)
If manager_dispatch_notify_fd() fails and returns an error then the handling of
service notifications will be disabled entirely leading to a compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
---
src/core/manager.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index a085ed899a..36488b673a 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1643,10 +1643,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) {
- if (errno == EAGAIN || errno == EINTR)
- return 0;
+ if (!IN_SET(errno, EAGAIN, EINTR))
+ log_error("Failed to receive notification message: %m");
- return -errno;
+ /* It's not an option to return an error here since it
+ * would disable the notification handler entirely. Services
+ * wouldn't be able to send the WATCHDOG message for
+ * example... */
+ return 0;
}
if (n == 0) {
log_debug("Got zero-length notification message. Ignoring.");
@@ -1673,7 +1677,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
r = fdset_new_array(&fds, fd_array, n_fds);
if (r < 0) {
close_many(fd_array, n_fds);
- return log_oom();
+ log_oom();
+ return 0;
}
}

77
0018-pid1-process-zero-length-notification-messages-again.patch Normal file
View File

@ -0,0 +1,77 @@
From 9d77c48a80e1cc2ad016eba1756a5ca293d51f86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 29 Sep 2016 16:06:02 +0200
Subject: [PATCH] pid1: process zero-length notification messages again
This undoes 531ac2b234. I acked that patch without looking at the code
carefully enough. There are two problems:
- we want to process the fds anyway
- in principle empty notification messages are valid, and we should
process them as usual, including logging using log_unit_debug().
(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
---
src/core/manager.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 36488b673a..85bf858992 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1584,13 +1584,12 @@ static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, ui
return 0;
}
-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
+static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
_cleanup_strv_free_ char **tags = NULL;
assert(m);
assert(u);
assert(buf);
- assert(n > 0);
tags = strv_split(buf, "\n\r");
if (!tags) {
@@ -1652,10 +1651,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
* example... */
return 0;
}
- if (n == 0) {
- log_debug("Got zero-length notification message. Ignoring.");
- return 0;
- }
CMSG_FOREACH(cmsg, &msghdr) {
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
@@ -1692,25 +1687,27 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return 0;
}
+ /* The message should be a string. Here we make sure it's NUL-terminated,
+ * but only the part until first NUL will be used anyway. */
buf[n] = 0;
/* Notify every unit that might be interested, but try
* to avoid notifying the same one multiple times. */
u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
if (u1) {
- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
found = true;
}
u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
if (u2 && u2 != u1) {
- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
found = true;
}
u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
if (u3 && u3 != u2 && u3 != u1) {
- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
+ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
found = true;
}

30
0019-shared-install-fix-set-default-with-empty-root-4118.patch Normal file
View File

@ -0,0 +1,30 @@
From eadc5d94950a04f9fb64cb3906644af04de81970 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 10 Sep 2016 12:07:51 +0100
Subject: [PATCH] shared/install: fix set-default with empty root (#4118)
https://bugzilla.redhat.com/show_bug.cgi?id=1374371
When root was empty or equal to "/", chroot_symlinks_same was called with
root==NULL, and strjoina returned "", so the code thought both paths are equal
even if they were not. Fix that by always providing a non-null first argument
to strjoina.
(cherry picked from commit ae9efab711e7478b4f035edd00824d518bcf0d3c)
---
src/shared/install.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/shared/install.c b/src/shared/install.c
index cb2a2e7e0d..cf1e8349d7 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -403,6 +403,9 @@ static bool chroot_symlinks_same(const char *root, const char *wd, const char *a
/* This will give incorrect results if the paths are relative and go outside
* of the chroot. False negatives are possible. */
+ if (!root)
+ root = "/";
+
a = strjoina(path_is_absolute(a) ? root : wd, "/", a);
b = strjoina(path_is_absolute(b) ? root : wd, "/", b);
return path_equal_or_files_same(a, b);

70
0020-Various-simplifications.patch Normal file
View File

@ -0,0 +1,70 @@
From 2f38e2f3ceaf753979a63a7dcec601fc6c811b11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 15 Nov 2016 15:01:40 -0500
Subject: [PATCH] Various simplifications
---
src/core/scope.c | 8 +++++---
src/core/unit.c | 11 +++++------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/core/scope.c b/src/core/scope.c
index b45e238974..caed476065 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -244,7 +244,9 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) {
if (state == SCOPE_STOP_SIGTERM)
skip_signal = bus_scope_send_request_stop(s) > 0;
- if (!skip_signal) {
+ if (skip_signal)
+ r = 1; /* wait */
+ else {
r = unit_kill_context(
UNIT(s),
&s->kill_context,
@@ -254,8 +256,8 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) {
-1, -1, false);
if (r < 0)
goto fail;
- } else
- r = 1;
+ }
+ log_unit_debug(UNIT(s), "Killing unit %s: ret=%d", UNIT(s)->id, r);
if (r > 0) {
r = scope_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_stop_usec));
diff --git a/src/core/unit.c b/src/core/unit.c
index 4934a0e56f..6726ce0749 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3558,14 +3558,14 @@ int unit_kill_context(
bool main_pid_alien) {
bool wait_for_exit = false, send_sighup;
- cg_kill_log_func_t log_func;
+ cg_kill_log_func_t log_func = NULL;
int sig, r;
assert(u);
assert(c);
- /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0 if we
- * killed something worth waiting for, 0 otherwise. */
+ /* Kill the processes belonging to this unit, in preparation for shutting the unit down.
+ * Returns > 0 if we killed something worth waiting for, 0 otherwise. */
if (c->kill_mode == KILL_NONE)
return 0;
@@ -3577,9 +3577,8 @@ int unit_kill_context(
IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
sig != SIGHUP;
- log_func =
- k != KILL_TERMINATE ||
- IN_SET(sig, SIGKILL, SIGABRT) ? log_kill : NULL;
+ if (k != KILL_TERMINATE || IN_SET(sig, SIGKILL, SIGABRT))
+ log_func = log_kill;
if (main_pid > 0) {
if (log_func)

42
0021-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch Normal file
View File

@ -0,0 +1,42 @@
From 2901e7ae25cb417d1e4902f71147a3de853c94b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Nov 2016 10:18:30 -0500
Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
(#4717)
lz4 upstream decided to switch to an incompatible numbering scheme
(1.7.3 follows 131, to match the so version).
PKG_CHECK_MODULES does not allow two version matches for the same package,
so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
"new" numbers (anything below 10 is assume to be new), once for the "old"
numbers (anything above >= 125). This assumes that the "new" versioning
will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
mature project.
Fixed #4690.
(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
---
configure.ac | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index cf595e68c0..4a0b2691d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -602,10 +602,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
have_lz4=no
AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
AS_IF([test "x$enable_lz4" != "xno"], [
- PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
- [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
+ PKG_CHECK_MODULES(LZ4, [ liblz4 < 10 ],
+ [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
have_lz4=yes],
- have_lz4=no)
+ [PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
+ [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
+ have_lz4=yes],
+ have_lz4=no)])
AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
[AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
])

71
0022-pid1-do-not-use-mtime-0-as-sign-of-masking-4388.patch Normal file
View File

@ -0,0 +1,71 @@
From 48aab8bd94f75072a8d44f351a66cf74db450275 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 17 Oct 2016 01:15:03 -0400
Subject: [PATCH] pid1: do not use mtime==0 as sign of masking (#4388)
It is allowed for unit files to have an mtime==0, so instead of assuming that
any file that had mtime==0 was masked, use the load_state to filter masked
units.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1384150.
(cherry picked from commit ba25d39e449347952522162c3fa110b04308e28c)
---
src/core/unit.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 6726ce0749..d94b3eb5ab 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2950,7 +2950,7 @@ int unit_coldplug(Unit *u) {
return 0;
}
-static bool fragment_mtime_newer(const char *path, usec_t mtime) {
+static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
struct stat st;
if (!path)
@@ -2960,12 +2960,12 @@ static bool fragment_mtime_newer(const char *path, usec_t mtime) {
/* What, cannot access this anymore? */
return true;
- if (mtime > 0)
+ if (path_masked)
+ /* For masked files check if they are still so */
+ return !null_or_empty(&st);
+ else
/* For non-empty files check the mtime */
return timespec_load(&st.st_mtim) > mtime;
- else if (!null_or_empty(&st))
- /* For masked files check if they are still so */
- return true;
return false;
}
@@ -2976,18 +2976,22 @@ bool unit_need_daemon_reload(Unit *u) {
assert(u);
- if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime))
+ /* For unit files, we allow masking… */
+ if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
+ u->load_state == UNIT_MASKED))
return true;
- if (fragment_mtime_newer(u->source_path, u->source_mtime))
+ /* Source paths should not be masked… */
+ if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
return true;
(void) unit_find_dropin_paths(u, &t);
if (!strv_equal(u->dropin_paths, t))
return true;
+ /* … any drop-ins that are masked are simply omitted from the list. */
STRV_FOREACH(path, u->dropin_paths)
- if (fragment_mtime_newer(*path, u->dropin_mtime))
+ if (fragment_mtime_newer(*path, u->dropin_mtime, false))
return true;
return false;

27
0023-resolved-bugfix-of-null-pointer-p-question-dereferen.patch Normal file
View File

@ -0,0 +1,27 @@
From 2934d046b1f1d6e0cfc08b843066d10bea3e9109 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Wed, 24 May 2017 08:56:48 +0300
Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
(#6020)
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
---
src/resolve/resolved-dns-packet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index a8ad8fe342..8b620cb6a8 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -2264,6 +2264,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
if (r < 0)
return r;
+ if (!p->question)
+ return 0;
+
if (p->question->n_keys != 1)
return 0;

102
0024-udev-net_id-add-support-for-phys_port_name-attribute.patch Normal file
View File

@ -0,0 +1,102 @@
From 59fab93ac7960c28bcd7f7646dff07f57073df7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20P=C3=ADrko?= <jiri@resnulli.us>
Date: Wed, 2 Nov 2016 03:46:01 +0100
Subject: [PATCH] udev: net_id: add support for phys_port_name attribute
(#4506)
Switch drivers uses phys_port_name attribute to pass front panel port
name to user. Use it to generate netdev names.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
(cherry picked from commit 4887b656c22af059d4e833de7b56544f24951184)
---
src/udev/udev-builtin-net_id.c | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index a7be2a4eed..0eb2500dd2 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -35,10 +35,12 @@
* Type of names:
* b<number> — BCMA bus core number
* c<bus_id> — CCW bus group name, without leading zeros [s390]
- * o<index>[d<dev_port>] — on-board device index number
- * s<slot>[f<function>][d<dev_port>] — hotplug slot index number
+ * o<index>[n<phys_port_name>|d<dev_port>]
+ * — on-board device index number
+ * s<slot>[f<function>][n<phys_port_name>|d<dev_port>]
+ * — hotplug slot index number
* x<MAC> — MAC address
- * [P<domain>]p<bus>s<slot>[f<function>][d<dev_port>]
+ * [P<domain>]p<bus>s<slot>[f<function>][n<phys_port_name>|d<dev_port>]
* — PCI geographical location
* [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
* — USB port number chain
@@ -137,7 +139,7 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
unsigned dev_port = 0;
size_t l;
char *s;
- const char *attr;
+ const char *attr, *port_name;
int idx;
/* ACPI _DSM — device specific method for naming a PCI or PCI Express device */
@@ -164,10 +166,15 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
if (attr)
dev_port = strtol(attr, NULL, 10);
+ /* kernel provided front panel port name for multiple port PCI device */
+ port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
+
s = names->pci_onboard;
l = sizeof(names->pci_onboard);
l = strpcpyf(&s, l, "o%d", idx);
- if (dev_port > 0)
+ if (port_name)
+ l = strpcpyf(&s, l, "n%s", port_name);
+ else if (dev_port > 0)
l = strpcpyf(&s, l, "d%d", dev_port);
if (l == 0)
names->pci_onboard[0] = '\0';
@@ -202,7 +209,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
unsigned domain, bus, slot, func, dev_port = 0;
size_t l;
char *s;
- const char *attr;
+ const char *attr, *port_name;
struct udev_device *pci = NULL;
char slots[256], str[256];
_cleanup_closedir_ DIR *dir = NULL;
@@ -217,6 +224,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
if (attr)
dev_port = strtol(attr, NULL, 10);
+ /* kernel provided front panel port name for multiple port PCI device */
+ port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
+
/* compose a name based on the raw kernel's PCI bus, slot numbers */
s = names->pci_path;
l = sizeof(names->pci_path);
@@ -225,7 +235,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
l = strpcpyf(&s, l, "p%us%u", bus, slot);
if (func > 0 || is_pci_multifunction(names->pcidev))
l = strpcpyf(&s, l, "f%u", func);
- if (dev_port > 0)
+ if (port_name)
+ l = strpcpyf(&s, l, "n%s", port_name);
+ else if (dev_port > 0)
l = strpcpyf(&s, l, "d%u", dev_port);
if (l == 0)
names->pci_path[0] = '\0';
@@ -275,7 +287,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
l = strpcpyf(&s, l, "s%d", hotplug_slot);
if (func > 0 || is_pci_multifunction(names->pcidev))
l = strpcpyf(&s, l, "f%d", func);
- if (dev_port > 0)
+ if (port_name)
+ l = strpcpyf(&s, l, "n%s", port_name);
+ else if (dev_port > 0)
l = strpcpyf(&s, l, "d%d", dev_port);
if (l == 0)
names->pci_slot[0] = '\0';

26
0025-logind-don-t-hit-assert-when-we-try-to-free-NULL-man.patch Normal file
View File

@ -0,0 +1,26 @@
From a33057b3b58fba988b52da60fada0b25de589c78 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Oct 2016 19:19:46 +0200
Subject: [PATCH] logind: don't hit assert when we try to free NULL manager
object
Fixes: #4431
(cherry picked from commit 84a4e6608dbda38c724ab196a226db209a50b224)
---
src/login/logind.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/login/logind.c b/src/login/logind.c
index 5ce36d28c7..e5854db264 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -125,7 +125,8 @@ static void manager_free(Manager *m) {
Inhibitor *i;
Button *b;
- assert(m);
+ if (!m)
+ return;
while ((session = hashmap_first(m->sessions)))
session_free(session);

36
0026-core-if-the-start-command-vanishes-during-runtime-do.patch Normal file
View File

@ -0,0 +1,36 @@
From 4185055dfcc4eb549c66c116fd8a7e87e9931ae8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 21 Oct 2016 12:27:46 +0200
Subject: [PATCH] core: if the start command vanishes during runtime don't hit
an assert
This can happen when the configuration is changed and reloaded while we are
executing a service. Let's not hit an assert in this case.
Fixes: #4444
(cherry picked from commit 47fffb3530af3e3ad4048570611685635fde062e)
---
src/core/service.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index afb198507b..537db62808 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1706,7 +1706,15 @@ static void service_enter_start(Service *s) {
}
if (!c) {
- assert(s->type == SERVICE_ONESHOT);
+ if (s->type != SERVICE_ONESHOT) {
+ /* There's no command line configured for the main command? Hmm, that is strange. This can only
+ * happen if the configuration changes at runtime. In this case, let's enter a failure
+ * state. */
+ log_unit_error(UNIT(s), "There's no 'start' task anymore we could start: %m");
+ r = -ENXIO;
+ goto fail;
+ }
+
service_enter_start_post(s);
return;
}

35
0027-core-don-t-hit-an-assert-when-printing-status-messag.patch Normal file
View File

@ -0,0 +1,35 @@
From 37c30b6829eabedf0e5c800aeffb16d4d1b3d2ec Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 2 Nov 2016 12:02:53 -0600
Subject: [PATCH] core: don't hit an assert when printing status messages about
units with overly long description strings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This essentially reverts one part of d054f0a4d451120c26494263fc4dc175bfd405b1.
(We might also choose to use proper ellipsation here, but I wasn't sure the
memory allocation this requires wouöld be a good idea here...)
Fixes: #4534
(cherry picked from commit 07ecca0dc9d2d8f3b3abd73ab32f254f339fd903)
---
src/core/job.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/job.c b/src/core/job.c
index 7557874d4d..4efcfb80f3 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -767,8 +767,9 @@ static void job_log_status_message(Unit *u, JobType t, JobResult result) {
if (!format)
return;
+ /* The description might be longer than the buffer, but that's OK, we'll just truncate it here */
DISABLE_WARNING_FORMAT_NONLITERAL;
- xsprintf(buf, format, unit_description(u));
+ snprintf(buf, sizeof(buf), format, unit_description(u));
REENABLE_WARNING;
switch (t) {

34
0028-device-Avoid-calling-unit_free-NULL-in-device-setup-.patch Normal file
View File

@ -0,0 +1,34 @@
From c29d24941d5cb3a7016647a4791c7812f2cb83ed Mon Sep 17 00:00:00 2001
From: Dave Reisner <d@falconindy.com>
Date: Sun, 27 Nov 2016 17:05:39 -0500
Subject: [PATCH] device: Avoid calling unit_free(NULL) in device setup logic
(#4748)
Since a581e45ae8f9bb5c, there's a few function calls to
unit_new_for_name which will unit_free on failure. Prior to this commit,
a failure would result in calling unit_free with a NULL unit, and hit an
assertion failure, seen at least via device_setup_unit:
Assertion 'u' failed at src/core/unit.c:519, function unit_free(). Aborting.
Fixes #4747
https://bugs.archlinux.org/task/51950
(cherry picked from commit d112eae7da77899be245ab52aa1747d4675549f1)
---
src/core/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/device.c b/src/core/device.c
index 16e56efcc3..31724e4e55 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -369,7 +369,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
fail:
log_unit_warning_errno(u, r, "Failed to set up device unit: %m");
- if (delete)
+ if (delete && u)
unit_free(u);
return r;

85
0029-sd-network-fix-memleak-in-dhcp6_option_parse_domainn.patch Normal file
View File

@ -0,0 +1,85 @@
From 975e64e62b5db27f3d65f9a7aeb6a0689a535436 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 24 Jan 2017 05:11:59 +0300
Subject: [PATCH] sd-network: fix memleak in dhcp6_option_parse_domainname
(#5114)
The simplest way to reproduce:
```diff
diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index bd289fa..7b0a5ef 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = {
0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8,
0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b,
- 0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74,
+ 0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74,
0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20,
0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
@@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) {
assert_se(!memcmp(addrs, &msg_advertise[124], r * 16));
r = sd_dhcp6_lease_get_domains(lease, &domains);
- assert_se(r == 1);
- assert_se(!strcmp("lab.intra", domains[0]));
- assert_se(domains[1] == NULL);
+ assert_se(r == -ENOENT);
r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs);
assert_se(r == 1);
```
Fixes:
```
=================================================================
==15043==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
#2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
#5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759
#6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
#2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807
#5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895
#6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994
#7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
#8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
#9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
#10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706
#11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737
#12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760
#13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
```
(cherry picked from commit 419eaa8f8d2025bae98c23bdedb434d6dbb025b8)
---
src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index 5462e03476..f8056dbc4b 100644
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -339,7 +339,7 @@ int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
size_t pos = 0, idx = 0;
- _cleanup_free_ char **names = NULL;
+ _cleanup_strv_free_ char **names = NULL;
int r;
assert_return(optlen > 1, -ENODATA);

56
0030-sd-network-fix-memleak-in-dhcp6_lease_set_domains-51.patch Normal file
View File

@ -0,0 +1,56 @@
From e40c3001ab4ec57c78b0a0093c165cf850f5540a Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 24 Jan 2017 05:12:58 +0300
Subject: [PATCH] sd-network: fix memleak in dhcp6_lease_set_domains (#5113)
The simplest way to reproduce:
```diff
diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
index bd289fa..4e14d8f 100644
--- a/src/libsystemd-network/test-dhcp6-client.c
+++ b/src/libsystemd-network/test-dhcp6-client.c
@@ -286,6 +286,8 @@ static int test_advertise_option(sd_event *e) {
assert_se(optlen == 11);
assert_se(dhcp6_lease_set_domains(lease, optval,
optlen) >= 0);
+ assert_se(dhcp6_lease_set_domains(lease, optval,
+ optlen) >= 0);
break;
case SD_DHCP6_OPTION_SNTP_SERVERS:
```
Fixes:
```
==27369==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x7f90e7d21160 in strdup (/lib64/libasan.so.3+0x5a160)
#1 0x7f90e7467f69 in strv_extend src/basic/strv.c:552
#2 0x5612fcc19379 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
#3 0x5612fcc1acdf in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
#4 0x5612fcc06b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
#5 0x5612fcc0a987 in main src/libsystemd-network/test-dhcp6-client.c:761
#6 0x7f90e6d46400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: 10 byte(s) leaked in 1 allocation(s).
```
(cherry picked from commit 0b75a95ace6e1d82772f6b5f1809f4839b810628)
---
src/libsystemd-network/sd-dhcp6-lease.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index 5c10a6326a..681384b3ff 100644
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -226,7 +226,7 @@ int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval,
if (r < 0)
return 0;
- free(lease->domains);
+ strv_free(lease->domains);
lease->domains = domains;
lease->domains_count = r;

55
0031-sd-event-when-exiting-no-signal-event-are-pending-is.patch Normal file
View File

@ -0,0 +1,55 @@
From e72c338a9fe72a45e6687174fddf1a1725b5949b Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 8 Feb 2017 20:56:22 +0100
Subject: [PATCH] sd-event: "when exiting no signal event are pending" is a
wrong assertion (#5271)
The code make the following assertion: when freeing a event loop object
(usually it's done after exiting from the main event loop), no signal events
are still queued and are pending.
This assertion can be found in event_unmask_signal_data() with
"assert(!d->current);" assertion.
It appears that this assertion can be wrong at least in a specific case
described below.
Consider the following example which is inspired from udev: a process defines 3
source events: 2 are created by sd_event_add_signal() and 1 is created by
sd_event_add_post().
1. the process receives the 2 signals consecutively so that signal 'A' source
event is queued and pending. Consequently the post source event is also
queued and pending. This is done by sd_event_wait().
2. The callback for signal 'A' is called by sd_event_dispatch().
3. The next call to sd_event_wait() will queue signal 'B' source event.
4. The callback for the post source event is called and calls sd_event_exit().
5. the event loop is exited.
6. freeing the event loop object will lead to the assertion failure in
event_unmask_signal_data().
This patch simply removes this assertion as it doesn't seem to be a
bug if the signal data still reference a signal source at this point.
(cherry picked from commit 4470860388e12a5dda1d65773e411a349221a3e9)
---
src/libsystemd/sd-event/sd-event.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 9857f8b1fc..41ce91fa79 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -730,7 +730,6 @@ static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig
/* If all the mask is all-zero we can get rid of the structure */
hashmap_remove(e->signal_data, &d->priority);
- assert(!d->current);
safe_close(d->fd);
free(d);
return;

32
0032-journal-gatewayd-fix-segfault-with-certain-request-3.patch Normal file
View File

@ -0,0 +1,32 @@
From 97248e26cdd728c025cc709496d4250350a4878a Mon Sep 17 00:00:00 2001
From: Yi EungJun <semtlenori@gmail.com>
Date: Sun, 7 Aug 2016 05:39:13 +0900
Subject: [PATCH] journal-gatewayd: fix segfault with certain request (#3893)
When client requests to get logs with `follow` and `KEY=match` that
doesn't match any log entry, journal-gatewayd segfaulted.
Make request_reader_entries to return zero in such case to wait for
matching entries.
This fixes https://github.com/systemd/systemd/issues/3873.
(cherry picked from commit 3475fc5899db8c8c9198573912429b85213e4862)
---
src/journal-remote/journal-gatewayd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 4ad9184993..e4a82871b5 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -239,6 +239,9 @@ static ssize_t request_reader_entries(
m->size = (uint64_t) sz;
}
+ if (m->tmp == NULL && m->follow)
+ return 0;
+
if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
log_error_errno(errno, "Failed to seek to position: %m");
return MHD_CONTENT_READER_END_WITH_ERROR;

24
0033-boot-fix-bootctl-install-segfault-4404.patch Normal file
View File

@ -0,0 +1,24 @@
From abdafca5183be5593275033e0514f62fae579aba Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 19 Oct 2016 20:50:47 +0900
Subject: [PATCH] boot: fix `bootctl install` segfault (#4404)
(cherry picked from commit 9ee051b9c7623e148bf0d768cc2677aecf283fc8)
---
src/boot/bootctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 37fa049ecf..115fe9338c 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -550,7 +550,8 @@ static const char *efi_subdirs[] = {
"EFI/systemd",
"EFI/BOOT",
"loader",
- "loader/entries"
+ "loader/entries",
+ NULL
};
static int create_dirs(const char *esp_path) {

36
0034-sysusers-fix-memleak-4430.patch Normal file
View File

@ -0,0 +1,36 @@
From 18de263b7581d2b222027143e9f90e2ebcaefe72 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 20 Oct 2016 21:23:32 +0300
Subject: [PATCH] sysusers: fix memleak (#4430)
Fixes:
```
==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3
==28075== at 0x4C2BAEE: malloc (vg_replace_malloc.c:298)
==28075== by 0x4C2DCA1: realloc (vg_replace_malloc.c:785)
==28075== by 0x4ED40A2: greedy_realloc (alloc-util.c:57)
==28075== by 0x4E90F87: extract_first_word (extract-word.c:78)
==28075== by 0x4E91813: extract_many_words (extract-word.c:270)
==28075== by 0x10FE93: parse_line (sysusers.c:1325)
==28075== by 0x11198B: read_config_file (sysusers.c:1640)
==28075== by 0x111EB8: main (sysusers.c:1773)
==28075==
```
(cherry picked from commit d9b8ea5448ba1e61d681a206d770a4eac39b9936)
---
src/sysusers/sysusers.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 787d68a009..a39a580e6a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1189,6 +1189,7 @@ static void item_free(Item *i) {
free(i->uid_path);
free(i->gid_path);
free(i->description);
+ free(i->home);
free(i);
}

36
0035-sysusers-fix-memleak-4443.patch Normal file
View File

@ -0,0 +1,36 @@
From e67c65061dd9fc540ff9e40d0262641af73e1a4d Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Fri, 21 Oct 2016 13:30:45 +0300
Subject: [PATCH] sysusers: fix memleak (#4443)
Fixes:
Oct 20 09:10:49 systemd-sysusers[144]: Direct leak of 20 byte(s) in 1 object(s) allocated from:
Oct 20 09:10:49 systemd-sysusers[144]: #0 0x7f3565a13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
Oct 20 09:10:49 systemd-sysusers[144]: #1 0x7f3565526bd0 in malloc_multiply src/basic/alloc-util.h:70
Oct 20 09:10:49 systemd-sysusers[144]: #2 0x7f356552cb55 in tempfn_xxxxxx src/basic/fileio.c:1116
Oct 20 09:10:49 systemd-sysusers[144]: #3 0x7f356552c4f0 in fopen_temporary src/basic/fileio.c:1042
Oct 20 09:10:49 systemd-sysusers[144]: #4 0x7f356555e00e in fopen_temporary_label src/basic/fileio-label.c:63
Oct 20 09:10:49 systemd-sysusers[144]: #5 0x56197c4a1766 in make_backup src/sysusers/sysusers.c:209
Oct 20 09:10:49 systemd-sysusers[144]: #6 0x56197c4a6335 in write_files src/sysusers/sysusers.c:710
Oct 20 09:10:49 systemd-sysusers[144]: #7 0x56197c4ae571 in main src/sysusers/sysusers.c:1817
Oct 20 09:10:49 systemd-sysusers[144]: #8 0x7f3564dee730 in __libc_start_main (/lib64/libc.so.6+0x20730)
(cherry picked from commit 0a12bb1eaa097dc83018aa034faef113a91e6014)
---
src/sysusers/sysusers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index a39a580e6a..dfb708c1b9 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -190,7 +190,8 @@ static int load_group_database(void) {
static int make_backup(const char *target, const char *x) {
_cleanup_close_ int src = -1;
_cleanup_fclose_ FILE *dst = NULL;
- char *backup, *temp;
+ _cleanup_free_ char *temp = NULL;
+ char *backup;
struct timespec ts[2];
struct stat st;
int r;

40
0036-journalctl-fix-memleak.patch Normal file
View File

@ -0,0 +1,40 @@
From c36c799dafadcf5c5447698da97a8d7bd36c9ea4 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 3 Nov 2016 21:23:22 +0000
Subject: [PATCH] journalctl: fix memleak
bash-4.3# journalctl --no-hostname >/dev/null
=================================================================
==288==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 48492 byte(s) in 2694 object(s) allocated from:
#0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
#1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70
#2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98
#3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347
#4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977
#5 0x5650e29cd83d in main src/journal/journalctl.c:2581
#6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730)
SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s).
Closes: #4568
(cherry picked from commit 12104159ed88324fa95505a6a8b333dd92a80368)
---
src/shared/logs-show.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
index d04728f505..f347ceed11 100644
--- a/src/shared/logs-show.c
+++ b/src/shared/logs-show.c
@@ -378,7 +378,7 @@ static int output_short(
if (hostname && (flags & OUTPUT_NO_HOSTNAME)) {
/* Suppress display of the hostname if this is requested. */
- hostname = NULL;
+ hostname = mfree(hostname);
hostname_len = 0;
}

56
0037-acl-util-fix-memleak.patch Normal file
View File

@ -0,0 +1,56 @@
From 33628598ef1af73f8f50f96b4ce18f8a95733913 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 3 Nov 2016 22:04:40 +0000
Subject: [PATCH] acl-util: fix memleak
Fixes:
$ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null
==22309== Memcheck, a memory error detector
==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22309== Command: /home/vagrant/systemd/.libs/lt-journalctl
==22309==
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
==22309==
==22309== HEAP SUMMARY:
==22309== in use at exit: 8,680 bytes in 4 blocks
==22309== total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated
==22309==
==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4
==22309== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==22309== by 0x6F37A0A: __new_var_obj_p (__libobj.c:36)
==22309== by 0x6F362F7: __acl_init_obj (acl_init.c:28)
==22309== by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54)
==22309== by 0x6F36087: acl_get_file (acl_get_file.c:69)
==22309== by 0x4F15752: acl_search_groups (acl-util.c:172)
==22309== by 0x113A1E: access_check_var_log_journal (journalctl.c:1836)
==22309== by 0x113D8D: access_check (journalctl.c:1889)
==22309== by 0x115681: main (journalctl.c:2236)
==22309==
==22309== LEAK SUMMARY:
==22309== definitely lost: 56 bytes in 1 blocks
==22309== indirectly lost: 432 bytes in 1 blocks
==22309== possibly lost: 0 bytes in 0 blocks
==22309== still reachable: 8,192 bytes in 2 blocks
==22309== suppressed: 0 bytes in 0 blocks
(cherry picked from commit 29d87223d54fc13e16f444677f0a94ed0755bd88)
---
src/shared/acl-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 2aa951fce9..79a3b9591d 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -162,7 +162,7 @@ int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
int acl_search_groups(const char *path, char ***ret_groups) {
_cleanup_strv_free_ char **g = NULL;
- _cleanup_(acl_free) acl_t acl = NULL;
+ _cleanup_(acl_freep) acl_t acl = NULL;
bool ret = false;
acl_entry_t entry;
int r;

45
0038-core-fix-memleak-in-bus_exec_context_set_transient_p.patch Normal file
View File

@ -0,0 +1,45 @@
From 2b0fa6690d559b069612115764e6f80f27699534 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Wed, 25 Jan 2017 05:53:50 +0300
Subject: [PATCH] core: fix memleak in bus_exec_context_set_transient_property
(#5143)
Fixes:
```sh
systemd-run --property EnvironmentFile=/some/environment/file /bin/sleep 30
```
```
23 bytes in 1 blocks are definitely lost in loss record 1 of 7
at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
by 0x4E85488: malloc_multiply (alloc-util.h:70)
by 0x4E85F19: strjoin_real (string-util.c:252)
by 0x1AF741: bus_exec_context_set_transient_property (dbus-execute.c:1418)
by 0x1A907C: bus_service_set_property (dbus-service.c:330)
by 0x1A66DD: bus_unit_set_properties (dbus-unit.c:1456)
by 0x19CF93: transient_unit_from_message (dbus-manager.c:892)
by 0x19D388: method_start_transient_unit (dbus-manager.c:980)
by 0x4F60544: method_callbacks_run (bus-objects.c:418)
by 0x4F62D9D: object_find_and_run (bus-objects.c:1255)
by 0x4F633CE: bus_process_object (bus-objects.c:1371)
by 0x4F2CE1D: process_message (sd-bus.c:2563)
```
Closes: #5142
(cherry picked from commit 9b531f04fb16e072100b10b93613abe846140305)
---
src/core/dbus-execute.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 307c3d8e7a..a1d55236fc 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1224,7 +1224,7 @@ int bus_exec_context_set_transient_property(
_cleanup_free_ char *joined = NULL;
_cleanup_fclose_ FILE *f = NULL;
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
size_t size = 0;
char **i;

35
0039-core-dbus-fix-two-strv-memleaks.patch Normal file
View File

@ -0,0 +1,35 @@
From c9906ce0e0a74d5fe9c04bcb1bbc0de75402b8ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 24 Jan 2017 22:21:16 -0500
Subject: [PATCH] core/dbus: fix two strv memleaks
job_dbus_path and unit_dbus_path both allocate new strings, so we should use
strv_free.
(cherry picked from commit f0c03de85afa93d1df2bb533a46748e7f4264af6)
---
src/core/dbus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3422a02d68..5d87bca8b1 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -477,7 +477,7 @@ static int bus_kill_context_find(sd_bus *bus, const char *path, const char *inte
}
static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
Manager *m = userdata;
unsigned k = 0;
Iterator i;
@@ -504,7 +504,7 @@ static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char
}
static int bus_unit_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
- _cleanup_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL;
Manager *m = userdata;
unsigned k = 0;
Iterator i;

25
0040-resolve-fix-strv-memleak.patch Normal file
View File

@ -0,0 +1,25 @@
From 47194e64843ea986a56864442cb9653a6b23219d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 24 Jan 2017 22:27:21 -0500
Subject: [PATCH] resolve: fix strv memleak
sd_bus_message_read_strv() returns a normal strv...
(cherry picked from commit c6d92582205065e4924b9f0cb1428f4a5f210fd4)
---
src/resolve/resolved-link-bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 364812250f..59cd6cf1cb 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -462,7 +462,7 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_set_free_free_ Set *ns = NULL;
- _cleanup_free_ char **ntas = NULL;
+ _cleanup_strv_free_ char **ntas = NULL;
Link *l = userdata;
int r;
char **i;

106
0041-sd-device-replace-lstat-open-with-open-O_NOFOLLOW.patch Normal file
View File

@ -0,0 +1,106 @@
From a7c2ac892ad0c6e9d270bf9adf071f0aab456282 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 19 Feb 2017 14:17:19 -0500
Subject: [PATCH] sd-device: replace lstat() + open() with open(O_NOFOLLOW)
Coverity was complaining about TOCTOU (CID #745806). Indeed, it seems better
to open the file and avoid the stat altogether:
- O_NOFOLLOW means we'll get ELOOP, which we can translate to EINVAL as before,
- similarly, open(O_WRONLY) on a directory will fail with EISDIR,
- and finally, it makes no sense to check access mode ourselves: just let
the kernel do it and propagate the error.
v2:
- fix memleak, don't clober input arg
(cherry picked from commit 2fa4861ad5a203bff604cac660136834e3b70108)
---
src/libsystemd/sd-device/sd-device.c | 43 ++++++++++++++----------------------
1 file changed, 16 insertions(+), 27 deletions(-)
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 0c4ad966bd..1d68fe07ae 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -1857,8 +1857,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
_cleanup_free_ char *value = NULL;
const char *syspath;
char *path;
- struct stat statbuf;
- size_t value_len = 0;
+ size_t len = 0;
ssize_t size;
int r;
@@ -1876,8 +1875,14 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
return r;
path = strjoina(syspath, "/", sysattr);
- r = lstat(path, &statbuf);
- if (r < 0) {
+
+ fd = open(path, O_WRONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (fd < 0) {
+ if (errno == ELOOP)
+ return -EINVAL;
+ if (errno == EISDIR)
+ return -EISDIR;
+
value = strdup("");
if (!value)
return -ENOMEM;
@@ -1889,46 +1894,30 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
return -ENXIO;
}
- if (S_ISLNK(statbuf.st_mode))
- return -EINVAL;
-
- /* skip directories */
- if (S_ISDIR(statbuf.st_mode))
- return -EISDIR;
-
- /* skip non-readable files */
- if ((statbuf.st_mode & S_IRUSR) == 0)
- return -EACCES;
-
- value_len = strlen(_value);
+ len = strlen(_value);
/* drop trailing newlines */
- while (value_len > 0 && _value[value_len - 1] == '\n')
- _value[--value_len] = '\0';
+ while (len > 0 && _value[len - 1] == '\n')
+ len --;
/* value length is limited to 4k */
- if (value_len > 4096)
+ if (len > 4096)
return -EINVAL;
- fd = open(path, O_WRONLY | O_CLOEXEC);
- if (fd < 0)
- return -errno;
-
- value = strdup(_value);
+ value = strndup(_value, len);
if (!value)
return -ENOMEM;
- size = write(fd, value, value_len);
+ size = write(fd, value, len);
if (size < 0)
return -errno;
- if ((size_t)size != value_len)
+ if ((size_t)size != len)
return -EIO;
r = device_add_sysattr_value(device, sysattr, value);
if (r < 0)
return r;
-
value = NULL;
return 0;

108
0042-test-resolved-packet-add-a-simple-test-for-our-alloc.patch Normal file
View File

@ -0,0 +1,108 @@
From 976d4b21b85aad15bf359089dd84b39c48347fb2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 18 Jun 2017 15:53:15 -0400
Subject: [PATCH] test-resolved-packet: add a simple test for our allocation
functions
---
.gitignore | 1 +
Makefile.am | 14 ++++++++++++
src/resolve/test-resolved-packet.c | 45 ++++++++++++++++++++++++++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 src/resolve/test-resolved-packet.c
diff --git a/.gitignore b/.gitignore
index f7db68b4a6..814a1c8861 100644
--- a/.gitignore
+++ b/.gitignore
@@ -255,6 +255,7 @@
/test-replace-var
/test-resolve
/test-resolve-tables
+/test-resolved-packet
/test-ring
/test-rlimit-util
/test-sched-prio
diff --git a/Makefile.am b/Makefile.am
index 0c27f81986..e8d72a8129 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5451,6 +5451,7 @@ dist_zshcompletion_data += \
tests += \
test-dns-packet \
test-resolve-tables \
+ test-resolved-packet \
test-dnssec
manual_tests += \
@@ -5472,6 +5473,19 @@ test_resolve_tables_LDADD = \
$(GCRYPT_LIBS) \
-lm
+test_resolved_packet_SOURCES = \
+ src/resolve/test-resolved-packet.c \
+ $(basic_dns_sources)
+
+test_resolved_packet_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(GCRYPT_CFLAGS)
+
+test_resolved_packet_LDADD = \
+ libsystemd-shared.la \
+ $(GCRYPT_LIBS) \
+ -lm
+
test_dns_packet_SOURCES = \
src/resolve/test-dns-packet.c \
$(basic_dns_sources)
diff --git a/src/resolve/test-resolved-packet.c b/src/resolve/test-resolved-packet.c
new file mode 100644
index 0000000000..8b7da1408d
--- /dev/null
+++ b/src/resolve/test-resolved-packet.c
@@ -0,0 +1,45 @@
+/***
+ This file is part of systemd
+
+ Copyright 2017 Zbigniew Jędrzejewski-Szmek
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "log.h"
+#include "resolved-dns-packet.h"
+
+static void test_dns_packet_new(void) {
+ size_t i;
+
+ for (i = 0; i < DNS_PACKET_SIZE_MAX + 2; i++) {
+ _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
+
+ assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, i) == 0);
+
+ log_debug("dns_packet_new: %zu → %zu", i, p->allocated);
+ assert_se(p->allocated >= MIN(DNS_PACKET_SIZE_MAX, i));
+ }
+}
+
+int main(int argc, char **argv) {
+
+ log_set_max_level(LOG_DEBUG);
+ log_parse_environment();
+ log_open();
+
+ test_dns_packet_new();
+
+ return 0;
+}

48
0043-resolved-simplify-alloc-size-calculation.patch Normal file
View File

@ -0,0 +1,48 @@
From e3abee3dee32ae7cd8e937e44ace94ab7f45ede9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 18 Jun 2017 16:07:57 -0400
Subject: [PATCH] resolved: simplify alloc size calculation
The allocation size was calculated in a complicated way, and for values
close to the page size we would actually allocate less than requested.
Reported by Chris Coulson <chris.coulson@canonical.com>.
CVE-2017-9445
---
src/resolve/resolved-dns-packet.c | 8 +-------
src/resolve/resolved-dns-packet.h | 2 --
2 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 8b620cb6a8..7262a50eee 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
assert(ret);
- if (mtu <= UDP_PACKET_HEADER_SIZE)
- a = DNS_PACKET_SIZE_START;
- else
- a = mtu - UDP_PACKET_HEADER_SIZE;
-
- if (a < DNS_PACKET_HEADER_SIZE)
- a = DNS_PACKET_HEADER_SIZE;
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
/* round up to next page size */
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
index 7b7d4e14c9..05a7a844e4 100644
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@@ -66,8 +66,6 @@ struct DnsPacketHeader {
/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
-#define DNS_PACKET_SIZE_START 512
-
struct DnsPacket {
int n_ref;
DnsProtocol protocol;

45
0044-resolved-do-not-allocate-packets-with-minimum-size.patch Normal file
View File

@ -0,0 +1,45 @@
From 626e9ef495474c95e3143ddae1a498d391c2a008 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 27 Jun 2017 14:20:00 -0400
Subject: [PATCH] resolved: do not allocate packets with minimum size
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
allocate more than the absolute minimum (which is the dns packet header size),
otherwise we have to resize immediately again after appending the first data to
the packet.
This partially reverts the previous commit.
---
src/resolve/resolved-dns-packet.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 7262a50eee..c1ee755d9f 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -28,6 +28,9 @@
#define EDNS0_OPT_DO (1<<15)
+#define DNS_PACKET_SIZE_START 512
+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
+
typedef struct DnsPacketRewinder {
DnsPacket *packet;
size_t saved_rindex;
@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
assert(ret);
- a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ /* When dns_packet_new() is called with mtu == 0, allocate more than the
+ * absolute minimum (which is the dns packet header size), to avoid
+ * resizing immediately again after appending the first data to the packet.
+ */
+ if (mtu < UDP_PACKET_HEADER_SIZE)
+ a = DNS_PACKET_SIZE_START;
+ else
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
/* round up to next page size */
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));

46
0045-resolved-define-various-packet-sizes-as-unsigned.patch Normal file
View File

@ -0,0 +1,46 @@
From 46ee71cfab1eebcd57109c5ee402d13a7b9d2468 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 27 Jun 2017 16:59:06 -0400
Subject: [PATCH] resolved: define various packet sizes as unsigned
This seems like the right thing to do, and apparently at least some compilers
warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
---
src/resolve/resolved-dns-packet.c | 2 +-
src/resolve/resolved-dns-packet.h | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index c1ee755d9f..fd37363ece 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -28,7 +28,7 @@
#define EDNS0_OPT_DO (1<<15)
-#define DNS_PACKET_SIZE_START 512
+#define DNS_PACKET_SIZE_START 512u
assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
typedef struct DnsPacketRewinder {
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
index 05a7a844e4..1020db0221 100644
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@@ -58,13 +58,13 @@ struct DnsPacketHeader {
/* The various DNS protocols deviate in how large a packet can grow,
but the TCP transport has a 16bit size field, hence that appears to
be the absolute maximum. */
-#define DNS_PACKET_SIZE_MAX 0xFFFF
+#define DNS_PACKET_SIZE_MAX 0xFFFFu
/* RFC 1035 say 512 is the maximum, for classic unicast DNS */
-#define DNS_PACKET_UNICAST_SIZE_MAX 512
+#define DNS_PACKET_UNICAST_SIZE_MAX 512u
/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
-#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u
struct DnsPacket {
int n_ref;

33
0046-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch Normal file
View File

@ -0,0 +1,33 @@
From 7cf20aa8c7f9dd5d7e907b0f96b14f4c09bc8c6d Mon Sep 17 00:00:00 2001
From: Daniel Berrange <berrange@redhat.com>
Date: Wed, 19 Jul 2017 10:06:07 +0100
Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)
QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG"
on x86 when running with the TCG CPU emulator:
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html
Existing methods of detecting QEMU are left unchanged for sake of
backcompatibility.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe)
(cherry picked from commit ce0609bc26d33e47b23fbbe1aa7465283a10fb10)
(cherry picked from commit c21be74a657c56bfc4091428b54189682c354640)
---
src/basic/virt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index dace1f4328..f1c49105ee 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -45,6 +45,7 @@ static int detect_vm_cpuid(void) {
} cpuid_vendor_table[] = {
{ "XenVMMXenVMM", VIRTUALIZATION_XEN },
{ "KVMKVMKVM", VIRTUALIZATION_KVM },
+ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
{ "VMwareVMware", VIRTUALIZATION_VMWARE },
/* http://msdn.microsoft.com/en-us/library/ff542428.aspx */

47
0047-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch Normal file
View File

@ -0,0 +1,47 @@
From 9b7e22950873b1637b286bb540d9884ce1bec19f Mon Sep 17 00:00:00 2001
From: "S. Fan" <sfanxiang@gmail.com>
Date: Mon, 31 Jul 2017 05:10:10 -0500
Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor
(#6489)
Comparing udev_device_get_sysname(device) and sysname will always return
true. We need to check the device received from udev monitor instead.
Also, fd_wait_for_event() sometimes never exits. Better set a timeout
here.
(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f)
(cherry picked from commit cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f)
(cherry picked from commit 638c0dbabd348a664c85cbaf0ab10f317468b576)
---
src/rfkill/rfkill.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
index 0acdf229ed..3c2460b5af 100644
--- a/src/rfkill/rfkill.c
+++ b/src/rfkill/rfkill.c
@@ -138,17 +138,21 @@ static int wait_for_initialized(
for (;;) {
_cleanup_udev_device_unref_ struct udev_device *t = NULL;
- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC);
if (r == -EINTR)
continue;
if (r < 0)
return log_error_errno(r, "Failed to watch udev monitor: %m");
+ if (r == 0) {
+ log_error("Timed out wating for udev monitor.");
+ return -ETIMEDOUT;
+ }
t = udev_monitor_receive_device(monitor);
if (!t)
continue;
- if (streq_ptr(udev_device_get_sysname(device), sysname)) {
+ if (streq_ptr(udev_device_get_sysname(t), sysname)) {
*ret = udev_device_ref(t);
return 0;
}

40
0048-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch Normal file
View File

@ -0,0 +1,40 @@
From 7e85bcd660d4124c4115b493f80624430216249d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 25 Oct 2017 11:19:19 +0200
Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62)
(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db)
(cherry picked from commit 1e20ca63e06337b95f4b0deedc062511d2ff31cc)
(cherry picked from commit 655ae23e5b73816fb7ebdc5dc61271cf8ffa0007)
---
src/resolve/resolved-dns-packet.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index fd37363ece..8260e45769 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1490,7 +1490,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
found = true;
- while (bitmask) {
+ for (; bitmask; bit++, bitmask >>= 1)
if (bitmap[i] & bitmask) {
uint16_t n;
@@ -1504,10 +1504,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
if (r < 0)
return r;
}
-
- bit++;
- bitmask >>= 1;
- }
}
if (!found)

51
0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Normal file
View File

@ -0,0 +1,51 @@
From 108c060c5521309b9448e3a7905b50dd505f36a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Mar 2016 17:06:17 -0500
Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
If the symlink doesn't exists, and we are being started, let's
create it to provie name resolution.
If it exists, do nothing. In particular, if it is a broken symlink,
we cannot really know if the administator configured it to point to
a location used by some service that hasn't started yet, so we
don't touch it in that case either.
https://bugzilla.redhat.com/show_bug.cgi?id=1313085
---
src/resolve/resolved.c | 4 ++++
tmpfiles.d/etc.conf.m4 | 3 ---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index deb75f9ae5..914d3b8a2d 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m");
+
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
r = drop_privileges(uid, gid,
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index 064eae94f1..928105ea8d 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
t /etc/mtab - - - - security.SMACK64=_
)m4_dnl
-m4_ifdef(`ENABLE_RESOLVED',
-L! /etc/resolv.conf - - - - ../usr/lib/systemd/resolv.conf
-)m4_dnl
C /etc/nsswitch.conf - - - -
m4_ifdef(`HAVE_PAM',
C /etc/pam.d - - - -
--
2.9.2

51
20-grubby.install
View File

@ -1,51 +0,0 @@
#!/bin/bash
if [[ ! -x /sbin/new-kernel-pkg ]]; then
exit 0
fi
COMMAND="$1"
KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
KERNEL_DIR="${KERNEL_IMAGE%/*}"
[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
case "$COMMAND" in
add)
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
for i in \
"$KERNEL_IMAGE" \
"$KERNEL_DIR"/System.map \
"$KERNEL_DIR"/config \
"$KERNEL_DIR"/zImage.stub \
"$KERNEL_DIR"/dtb \
; do
[[ -e "$i" ]] || continue
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
command -v restorecon &>/dev/null && \
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
done
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
if [[ -e "$i" ]]; then
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
command -v restorecon &>/dev/null && \
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
fi
fi
/sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
;;
remove)
/sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
;;
*)
;;
esac
# skip other installation plugins, if we can't find a boot loader spec conforming setup
if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
exit 77
fi

11
85-display-manager.preset Normal file
View File

@ -0,0 +1,11 @@
# We enable all display managers by default. Since only one can
# actually be enabled at the same time the one which is installed
# first wins
enable gdm.service
enable lightdm.service
enable slim.service
enable lxdm.service
enable sddm.service
enable kdm.service
enable xdm.service

126
90-default.preset Normal file
View File

@ -0,0 +1,126 @@
# Also see:
# https://fedoraproject.org/wiki/Starting_services_by_default
# On Fedora we deviate from some upstream defaults
disable systemd-timesyncd.service
disable systemd-networkd.service
disable systemd-resolved.service
# System stuff
enable sshd.service
enable atd.*
enable crond.*
enable chronyd.service
enable NetworkManager.service
enable NetworkManager-dispatcher.service
enable ModemManager.service
enable auditd.service
enable restorecond.service
enable bluetooth.*
enable avahi-daemon.*
enable cups.*
# The various syslog implementations
enable rsyslog.*
enable syslog-ng.*
enable sysklogd.*
# Network facing
enable firewalld.service
enable libvirtd.service
enable xinetd.service
enable ladvd.service
# Storage
enable multipathd.service
enable libstoragemgmt.service
enable lvm2-monitor.*
enable lvm2-lvmetad.*
enable dm-event.*
enable dmraid-activation.service
# https://bugzilla.redhat.com/show_bug.cgi?id=855372
enable mdmonitor.service
enable mdmonitor-takeover.service
# https://bugzilla.redhat.com/show_bug.cgi?id=876237
enable spice-vdagentd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=885406
enable qemu-guest-agent.service
# https://bugzilla.redhat.com/show_bug.cgi?id=928726
enable dnf-makecache.timer
# https://bugzilla.redhat.com/show_bug.cgi?id=929403
enable initial-setup-graphical.service
enable initial-setup-text.service
# https://bugzilla.redhat.com/show_bug.cgi?id=957135
enable vmtoolsd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=976315
enable dkms.service
# https://bugzilla.redhat.com/show_bug.cgi?id=961878
enable ipmi.service
enable ipmievd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1039351
enable x509watch.timer
# https://bugzilla.redhat.com/show_bug.cgi?id=1060754
enable dnssec-triggerd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1095353
enable uuidd.socket
# Hardware
enable gpm.*
# https://bugzilla.redhat.com/show_bug.cgi?id=1066421
enable gpsd.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1141607
enable x2gocleansessions.service
# https://fedoraproject.org/wiki/Changes/UEFISecureBootBlacklistUpdates
#
enable dbxtool.service
enable irqbalance.service
enable lm_sensors.service
enable mcelog.*
enable acpid.*
enable smartd.service
enable pcscd.socket
enable rngd.service
# Other stuff
enable abrtd.service
enable abrt-ccpp.service
enable abrt-oops.service
enable abrt-xorg.service
enable abrt-vmcore.service
enable lttng-sessiond.service
enable ksm.service
enable ksmtuned.service
enable rootfs-resize.service
enable sysstat.service
enable sysstat-collect.timer
enable sysstat-summary.timer
enable uuidd.service
enable xendomains.service
enable xenstored.service
enable xenconsoled.service
# Desktop stuff
enable accounts-daemon.service
enable rtkit-daemon.service
enable upower.service
enable udisks2.service
enable polkit.service
enable packagekit-offline-update.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1187072
enable timedatex.service

1
99-default-disable.preset Normal file
View File

@ -0,0 +1 @@
disable *

129
f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
View File

@ -1,129 +0,0 @@
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
+++ killed by SIGABRT (core dumped) +++
---
src/test/test-mountpoint-util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 30b00ae4d8b..ffe5144b04a 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
* that's really the case */
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
- assert_se(path_equal(p, t));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
}

70
kernel-install-grubby.patch Normal file
View File

@ -0,0 +1,70 @@
From 859a022f807bbab2d072c7299743b527156e7f7d Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Tue, 14 Jan 2014 17:48:08 -0500
Subject: [PATCH] kernel-install: add fedora specific callouts to
new-kernel-pkg
---
src/kernel-install/kernel-install | 43 +++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
mode change 100644 => 100755 src/kernel-install/kernel-install
diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
old mode 100644
new mode 100755
index 3ae1d77..2b8fe1e
--- a/src/kernel-install/kernel-install
+++ b/src/kernel-install/kernel-install
@@ -71,6 +71,49 @@ fi
KERNEL_VERSION="$1"
KERNEL_IMAGE="$2"
+if [[ -x /sbin/new-kernel-pkg ]]; then
+ KERNEL_DIR="${KERNEL_IMAGE%/*}"
+ [[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
+ case "$COMMAND" in
+ add)
+ if [[ "${KERNEL_DIR}" != "/boot" ]]; then
+ for i in \
+ "$KERNEL_IMAGE" \
+ "$KERNEL_DIR"/System.map \
+ "$KERNEL_DIR"/config \
+ "$KERNEL_DIR"/zImage.stub \
+ "$KERNEL_DIR"/dtb \
+ ; do
+ [[ -e "$i" ]] || continue
+ cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
+ command -v restorecon &>/dev/null && \
+ restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
+ done
+ # hmac is .vmlinuz-<version>.hmac so needs a special treatment
+ i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
+ if [[ -e "$i" ]]; then
+ cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+ command -v restorecon &>/dev/null && \
+ restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+ fi
+ fi
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
+ ;;
+ remove)
+ /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
+ ;;
+ *)
+ ;;
+ esac
+
+ # exit, if we can't find a boot loader spec conforming setup
+ if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
+ exit 0
+ fi
+fi
+
if [[ -f /etc/machine-id ]]; then
read MACHINE_ID < /etc/machine-id
fi
--
2.7.2

3
libsystemd-shared.abignore
View File

@ -1,3 +0,0 @@
[suppress_file]
# This shared object is private to systemd
file_name_regexp=libsystemd-shared-.*.so

10
macros.sysusers
View File

@ -1,10 +0,0 @@
# RPM macros for packages creating system accounts
#
# Turn a sysusers.d file into macros specified by
# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
%sysusers_requires_compat Requires(pre): shadow-utils
%sysusers_create_compat() \
%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
%{nil}

101
purge-nobody-user
View File

@ -1,101 +0,0 @@
#!/bin/bash -eu
if [ $UID -ne 0 ]; then
echo "WARNING: This script needs to run as root to be effective"
exit 1
fi
export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
if [ "${1:-}" = "--ignore-journal" ]; then
shift
ignore_journal=1
else
ignore_journal=0
fi
echo "Checking processes..."
if ps h -u 99 | grep .; then
echo "ERROR: ps reports processes with UID 99!"
exit 2
fi
echo "... not found"
echo "Checking UTMP..."
if w -h 199 | grep . ; then
echo "ERROR: w reports UID 99 as active!"
exit 2
fi
if w -h nobody | grep . ; then
echo "ERROR: w reports user nobody as active!"
exit 2
fi
echo "... not found"
echo "Checking the journal..."
if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
echo "ERROR: journalctl reports messages from UID 99 in current boot!"
exit 2
fi
echo "... not found"
echo "Looking for files in /etc, /run, /tmp, and /var..."
if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
echo "ERROR: found files belonging to UID 99"
exit 2
fi
echo "... not found"
echo "Checking if nobody is defined correctly..."
if getent passwd nobody |
grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
then
echo "OK, nothing to do."
exit 0
else
echo "NOTICE: User nobody is not defined correctly"
fi
echo "Checking if nfsnobody or something else is using the uid..."
if getent passwd 65534 | grep . ; then
echo "NOTICE: will have to remove this user"
else
echo "... not found"
fi
if [ "${1:-}" = "-x" ]; then
if getent passwd nobody >/dev/null; then
# this will remove both the user and the group.
( set -x
userdel nobody
)
fi
if getent passwd 65534 >/dev/null; then
# Make sure the uid is unused. This should free gid too.
name="$(getent passwd 65534 | cut -d: -f1)"
( set -x
userdel "$name"
)
fi
if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
echo "Sleeping, so sss can catch up"
sleep 3
fi
if getent group 65534; then
# Make sure the gid is unused, even if uid wasn't.
name="$(getent group 65534 | cut -d: -f1)"
( set -x
groupdel "$name"
)
fi
# systemd-sysusers uses the same gid and uid
( set -x
systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
)
else
echo "Pass '-x' to perform changes"
fi

2
sources
View File

@ -1 +1 @@
SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a
e6fa7f4a9c06f0427ff0539a90c69390 systemd-231.tar.gz

143
split-files.py
View File

@ -1,143 +0,0 @@
import re, sys, os, collections
buildroot = sys.argv[1]
known_files = sys.stdin.read().splitlines()
known_files = {line.split()[-1]:line for line in known_files}
def files(root):
os.chdir(root)
todo = collections.deque(['.'])
while todo:
n = todo.pop()
files = os.scandir(n)
for file in files:
yield file
if file.is_dir() and not file.is_symlink():
todo.append(file)
o_libs = open('.file-list-libs', 'w')
o_udev = open('.file-list-udev', 'w')
o_pam = open('.file-list-pam', 'w')
o_rpm_macros = open('.file-list-rpm-macros', 'w')
o_devel = open('.file-list-devel', 'w')
o_container = open('.file-list-container', 'w')
o_networkd = open('.file-list-networkd', 'w')
o_remote = open('.file-list-remote', 'w')
o_tests = open('.file-list-tests', 'w')
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
o_rest = open('.file-list-rest', 'w')
for file in files(buildroot):
n = file.path[1:]
if re.match(r'''/usr/(share|include)$|
/usr/share/man(/man.|)$|
/usr/share/zsh(/site-functions|)$|
/usr/share/dbus-1$|
/usr/share/dbus-1/system.d$|
/usr/share/dbus-1/(system-|)services$|
/usr/share/polkit-1(/actions|/rules.d|)$|
/usr/share/pkgconfig$|
/usr/share/bash-completion(/completions|)$|
/usr(/lib|/lib64|/bin|/sbin|)$|
/usr/lib.*/(security|pkgconfig)$|
/usr/lib/rpm(/macros.d|)$|
/usr/lib/firewalld(/services|)$|
/usr/share/(locale|licenses|doc)| # no $
/etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
/etc/(dnf|dnf/protected.d)$|
/usr/(src|lib/debug)| # no $
/run$|
/var(/cache|/log|/lib|/run|)$
''', n, re.X):
continue
if '/security/pam_' in n or '/man8/pam_' in n:
o = o_pam
elif '/rpm/' in n:
o = o_rpm_macros
elif '/usr/lib/systemd/tests' in n:
o = o_tests
elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
o = o_devel
elif re.search(r'''journal-(remote|gateway|upload)|
systemd-remote\.conf|
/usr/share/systemd/gatewayd|
/var/log/journal/remote
''', n, re.X):
o = o_remote
elif re.search(r'''mymachines|
machinectl|
systemd-nspawn|
import-pubring.gpg|
systemd-(machined|import|pull)|
/machine.slice|
/machines.target|
var-lib-machines.mount|
org.freedesktop.(import|machine)1
''', n, re.X):
o = o_container
elif re.search(r'''/usr/lib/systemd/network/80-|
networkd|
networkctl|
org.freedesktop.network1
''', n, re.X):
o = o_networkd
elif '.so.' in n:
o = o_libs
elif re.search(r'''udev(?!\.pc)|
hwdb|
bootctl|
sd-boot|systemd-boot\.|loader.conf|
bless-boot|
boot-system-token|
kernel-install|
vconsole|
backlight|
rfkill|
random-seed|
modules-load|
timesync|
cryptsetup|
kmod|
quota|
pstore|
sleep|suspend|hibernate|
systemd-tmpfiles-setup-dev|
network/99-default.link|
growfs|makefs|makeswap|mkswap|
fsck|
repart|
gpt-auto|
volatile-root|
verity-setup|
remount-fs|
/boot$|
/boot/efi|
/kernel/|
/kernel$|
/modprobe.d
''', n, re.X):
o = o_udev
elif n.endswith('.standalone'):
if 'tmpfiles' in n:
o = o_standalone_tmpfiles
elif 'sysusers' in n:
o = o_standalone_sysusers
else:
assert False, 'Found .standalone not belonging to known packages'
else:
o = o_rest
if n in known_files:
prefix = ' '.join(known_files[n].split()[:-1])
if prefix:
prefix += ' '
elif file.is_dir() and not file.is_symlink():
prefix = '%dir '
elif n.startswith('/etc'):
prefix = '%config(noreplace) '
else:
prefix = ''
suffix = '*' if '/man/' in n else ''
print(f'{prefix}{n}{suffix}', file=o)

10
systemd-user
View File

@ -1,10 +0,0 @@
# This file is part of systemd.
#
# Used by systemd --user instances.
account include system-auth
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session include system-auth

50
systemd.rpmlintrc
View File

@ -1,50 +0,0 @@
# Just kill all warnings about README being wrong in every possible way
addFilter(r'README')
addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
addFilter(r'non-readable /etc/crypttab')
addFilter(r'non-conffile-in-etc /etc/inittab')
addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
addFilter(r'non-standard-dir-perm /var/cache/private 700')
addFilter(r'non-root-group-log-file /var/log/btmp utmp')
addFilter(r'non-standard-dir-perm /var/log/private 700')
addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
addFilter(r'dangerous-command-in-')
addFilter(r'summary-not-capitalized C systemd')
addFilter(r'obsolete-not-provided')
addFilter(r'postin-without-ldconfig')
addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
addFilter(r'systemd-tests\..*: W: no-documentation')
addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
# everybody does it this way: systemd, syslog-ng, rsyslog
addFilter(r'unversioned-explicit-provides syslog')
# systemd-machine-id-setup requires libssl
addFilter(r'explicit-lib-dependency openssl-libs')
addFilter(r'systemd.src:.*strange-permission')

1849
systemd.spec
View File

File diff suppressed because it is too large Load Diff

2
sysusers.attr
View File

@ -1,2 +0,0 @@
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
%__sysusers_path ^%{_sysusersdir}/.*\\.conf$

79
sysusers.generate-pre.sh
View File

@ -1,79 +0,0 @@
#!/bin/bash
# This script turns sysuser.d files into scriptlets mandated by Fedora
# packaging guidelines. The general idea is to define users using the
# declarative syntax but to turn this into traditional scriptlets.
user() {
user="$1"
uid="$2"
desc="$3"
group="$4"
home="$5"
shell="$6"
[ "$desc" = '-' ] && desc=
[ "$home" = '-' -o "$home" = '' ] && home=/
[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
if [ "$uid" = '-' -o "$uid" = '' ]; then
cat <<EOF
getent passwd '$user' >/dev/null || \\
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
EOF
else
cat <<EOF
if ! getent passwd '$user' >/dev/null ; then
if ! getent passwd '$uid' >/dev/null ; then
useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
else
useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
fi
fi
EOF
fi
}
group() {
group="$1"
gid="$2"
if [ "$gid" = '-' ]; then
cat <<EOF
getent group '$group' >/dev/null || groupadd -r '$group'
EOF
else
cat <<EOF
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
EOF
fi
}
parse() {
while read line || [ "$line" ]; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
eval arr=( $line )
case "${arr[0]}" in
('u')
group "${arr[1]}" "${arr[2]}"
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
# TODO: user:group support
;;
('g')
group "${arr[1]}" "${arr[2]}"
;;
('m')
group "${arr[2]}" "-"
user "${arr[1]}" "-" "" "${arr[2]}"
;;
esac
done
}
for fn in "$@"; do
[ -e "$fn" ] || continue
echo "# generated from $(basename $fn)"
parse < "$fn"
done

28
sysusers.prov
View File

@ -1,28 +0,0 @@
#!/bin/bash
parse() {
while read line; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
set -- $line
case "$1" in
('u')
echo "user($2)"
echo "group($2)"
# TODO: user:group support
;;
('g')
echo "group($2)"
;;
('m')
echo "user($2)"
echo "group($3)"
;;
esac
done
}
while read fn; do
parse < "$fn"
done

50
tests/tests-reboot.yml
View File

@ -1,50 +0,0 @@
---
- hosts: localhost
vars:
- artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
tags:
- classic
tasks:
# switch SELinux to permissive mode
- name: Get default kernel
command: "grubby --default-kernel"
register: default_kernel
- debug: msg="{{ default_kernel.stdout }}"
- name: Set permissive mode
command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
- name: reboot
block:
- name: restart host
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
- name: wait for host to come back
wait_for_connection:
delay: 10
timeout: 300
- name: Re-create /tmp/artifacts
command: mkdir /tmp/artifacts
- name: Gather SELinux denials since boot
shell: |
result=pass
dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
grep -q '<no matches>' /tmp/avc.log || result=fail
echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
always:
- name: Pull out the artifacts
fetch:
dest: "{{ artifacts }}/"
src: "{{ item }}"
flat: yes
with_items:
- /tmp/test.log
- /tmp/avc.log
- /tmp/results.yml

125
triggers.systemd
View File

@ -1,10 +1,8 @@
# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# Copyright 2015 Zbigniew Jędrzejewski-Szmek
# Copyright 2018 Neal Gompa
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
@ -20,92 +18,47 @@
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
# The contents of this are an example to be copied into systemd.spec.
#
# Minimum rpm version supported: 4.13.0
%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
# This script will run after any package is initially installed or
# upgraded. We care about the case where a package is initially
# installed, because other cases are covered by the *un scriptlets,
# so sometimes we will reload needlessly.
if test -d /run/systemd/system; then
%{_bindir}/systemctl daemon-reload
fi
%transfiletriggerin -P 900900 -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
-- This script will run after any package is initially installed or
-- upgraded. We care about the case where a package is initially
-- installed, because other cases are covered by the *un scriptlets,
-- so sometimes we will reload needlessly.
%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
# On removal, we need to run daemon-reload after any units have been
# removed. %transfiletriggerpostun would be ideal, but it does not get
# executed for some reason.
# On upgrade, we need to run daemon-reload after any new unit files
# have been installed, but before %postun scripts in packages get
# executed. %transfiletriggerun gets the right list of files
# but it is invoked too early (before changes happen).
# %filetriggerpostun happens at the right time, but it fires for
# every package.
# To execute the reload at the right time, we create a state
# file in %transfiletriggerun and execute the daemon-reload in
# the first %filetriggerpostun.
pid = posix.fork()
if pid == 0 then
assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
elseif pid > 0 then
posix.wait(pid)
end
if test -d "/run/systemd/system"; then
mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
fi
%transfiletriggerun -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
-- On removal, we need to run daemon-reload after any units have been
-- removed. %transfiletriggerpostun would be ideal, but it does not get
-- executed for some reason.
-- On upgrade, we need to run daemon-reload after any new unit files
-- have been installed, but before %postun scripts in packages get
-- executed. %transfiletriggerun gets the right list of files
-- but it is invoked too early (before changes happen).
-- %filetriggerpostun happens at the right time, but it fires for
-- every package.
-- To execute the reload at the right time, we create a state
-- file in %transfiletriggerun and execute the daemon-reload in
-- the first %filetriggerpostun.
%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
%{_bindir}/systemctl daemon-reload
fi
posix.mkdir("%{_localstatedir}/lib")
posix.mkdir("%{_localstatedir}/lib/rpm-state")
posix.mkdir("%{_localstatedir}/lib/rpm-state/systemd")
io.open("%{_localstatedir}/lib/rpm-state/systemd/needs-reload", "w")
%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
# This script will process files installed in /usr/lib/sysusers.d to create
# specified users automatically. The priority is set such that it
# will run before the tmpfiles file trigger.
if test -d /run/systemd/system; then
%{_bindir}/systemd-sysusers || :
fi
%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
# This script will process files installed in /usr/lib/tmpfiles.d to create
# tmpfiles automatically. The priority is set such that it will run
# after the sysusers file trigger, but before any other triggers.
if test -d /run/systemd/system; then
%{_bindir}/systemd-tmpfiles --create || :
fi
%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
# This script will automatically invoke hwdb update if files have been
# installed or updated in /usr/lib/udev/hwdb.d.
if test -d /run/systemd/system; then
%{_bindir}/systemd-hwdb update || :
fi
%transfiletriggerin -- /usr/lib/systemd/catalog
# This script will automatically invoke journal catalog update if files
# have been installed or updated in /usr/lib/systemd/catalog.
if test -d /run/systemd/system; then
%{_bindir}/journalctl --update-catalog || :
fi
%transfiletriggerin udev -- /usr/lib/udev/rules.d
# This script will automatically update udev with new rules if files
# have been installed or updated in /usr/lib/udev/rules.d.
if test -e /run/udev/control; then
%{_bindir}/udevadm control --reload || :
fi
%transfiletriggerin -- /usr/lib/sysctl.d
# This script will automatically apply sysctl rules if files have been
# installed or updated in /usr/lib/sysctl.d.
if test -d /run/systemd/system; then
/usr/lib/systemd/systemd-sysctl || :
fi
%transfiletriggerin -- /usr/lib/binfmt.d
# This script will automatically apply binfmt rules if files have been
# installed or updated in /usr/lib/binfmt.d.
if test -d /run/systemd/system; then
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
# during install
/usr/lib/systemd/systemd-binfmt || :
fi
%filetriggerpostun -P 1000100 -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
if posix.access("%{_localstatedir}/lib/rpm-state/systemd/needs-reload") then
posix.unlink("%{_localstatedir}/lib/rpm-state/systemd/needs-reload")
posix.rmdir("%{_localstatedir}/lib/rpm-state/systemd")
pid = posix.fork()
if pid == 0 then
assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
elseif pid > 0 then
posix.wait(pid)
end
end

40
use-bfq-scheduler.patch
View File

@ -1,40 +0,0 @@
From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Aug 2019 15:57:42 +0200
Subject: [PATCH] udev: use bfq as the default scheduler
As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
Test results are that bfq seems to behave better and more consistently on
typical hardware. The kernel does not have a configuration option to set
the default scheduler, and it currently needs to be set by userspace.
See the bug for more discussion and links.
---
rules.d/60-block-scheduler.rules | 5 +++++
rules.d/meson.build | 1 +
2 files changed, 6 insertions(+)
create mode 100644 rules.d/60-block-scheduler.rules
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
new file mode 100644
index 0000000000..480b941761
--- /dev/null
+++ b/rules.d/60-block-scheduler.rules
@@ -0,0 +1,5 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION=="add", SUBSYSTEM=="block", \
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
+ ATTR{queue/scheduler}="bfq"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index ca4445d774..38d6aa6970 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -3,6 +3,7 @@
rules = files('''
60-autosuspend.rules
60-block.rules
+ 60-block-scheduler.rules
60-cdrom_id.rules
60-drm.rules
60-evdev.rules