Compare commits
No commits in common. "master" and "systemd-211-2.fc21" have entirely different histories.
master
...
systemd-21
|
|
@ -1,8 +1,6 @@
|
|||
*~
|
||||
/systemd-*/
|
||||
/.build-*.log
|
||||
/x86_64/
|
||||
/systemd-*src.rpm
|
||||
/systemd-*.tar.xz
|
||||
/systemd-*.tar.gz
|
||||
/*.rpm
|
||||
|
|
|
|||
|
|
@ -1,70 +0,0 @@
|
|||
From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 12 Nov 2020 14:28:24 +0100
|
||||
Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
|
||||
fails
|
||||
|
||||
This test fails on i686 and ppc64le in koji:
|
||||
/* test_path */
|
||||
Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
|
||||
|
||||
I guess some permission error is the most likely.
|
||||
---
|
||||
src/test/test-path-util.c | 23 +++++++++++++++++------
|
||||
1 file changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
|
||||
index f4f8d0550b..be428334f3 100644
|
||||
--- a/src/test/test-path-util.c
|
||||
+++ b/src/test/test-path-util.c
|
||||
@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
|
||||
}
|
||||
|
||||
static void test_path(void) {
|
||||
- _cleanup_close_ int fd = -1;
|
||||
-
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
test_path_compare("/goo", "/goo", 0);
|
||||
@@ -80,10 +78,6 @@ static void test_path(void) {
|
||||
assert_se(streq(basename("/aa///file..."), "file..."));
|
||||
assert_se(streq(basename("file.../"), ""));
|
||||
|
||||
- fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
|
||||
- assert_se(fd >= 0);
|
||||
- assert_se(fd_is_mount_point(fd, "/", 0) > 0);
|
||||
-
|
||||
test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
|
||||
test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
|
||||
test_path_simplify("///", "/", "/");
|
||||
@@ -120,6 +114,22 @@ static void test_path(void) {
|
||||
assert_se(!path_equal_ptr(NULL, "/a"));
|
||||
}
|
||||
|
||||
+static void test_path_is_mountpoint(void) {
|
||||
+ _cleanup_close_ int fd = -1;
|
||||
+ int r;
|
||||
+
|
||||
+ log_info("/* %s */", __func__);
|
||||
+
|
||||
+ fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
|
||||
+ assert_se(fd >= 0);
|
||||
+
|
||||
+ r = fd_is_mount_point(fd, "/", 0);
|
||||
+ if (r < 0)
|
||||
+ log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
|
||||
+ else
|
||||
+ assert_se(r == 1);
|
||||
+}
|
||||
+
|
||||
static void test_path_equal_root(void) {
|
||||
/* Nail down the details of how path_equal("/", ...) works. */
|
||||
|
||||
@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
|
||||
|
||||
test_print_paths();
|
||||
test_path();
|
||||
+ test_path_is_mountpoint();
|
||||
test_path_equal_root();
|
||||
test_find_executable_full();
|
||||
test_find_executable(argv[0]);
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 12 Nov 2020 15:06:12 +0100
|
||||
Subject: [PATCH] test-path-util: ignore test failure
|
||||
|
||||
---
|
||||
src/test/test-path-util.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
|
||||
index be428334f3..207c659b8b 100644
|
||||
--- a/src/test/test-path-util.c
|
||||
+++ b/src/test/test-path-util.c
|
||||
@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
+ (void) system("uname -a");
|
||||
+ (void) system("mountpoint /");
|
||||
+
|
||||
fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
|
||||
assert_se(fd >= 0);
|
||||
|
||||
r = fd_is_mount_point(fd, "/", 0);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
|
||||
- else
|
||||
- assert_se(r == 1);
|
||||
+ else if (r == 0)
|
||||
+ log_warning("/ is not a mountpoint?");
|
||||
}
|
||||
|
||||
static void test_path_equal_root(void) {
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [[ ! -x /sbin/new-kernel-pkg ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
COMMAND="$1"
|
||||
KERNEL_VERSION="$2"
|
||||
BOOT_DIR_ABS="$3"
|
||||
KERNEL_IMAGE="$4"
|
||||
|
||||
KERNEL_DIR="${KERNEL_IMAGE%/*}"
|
||||
[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
|
||||
case "$COMMAND" in
|
||||
add)
|
||||
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
|
||||
for i in \
|
||||
"$KERNEL_IMAGE" \
|
||||
"$KERNEL_DIR"/System.map \
|
||||
"$KERNEL_DIR"/config \
|
||||
"$KERNEL_DIR"/zImage.stub \
|
||||
"$KERNEL_DIR"/dtb \
|
||||
; do
|
||||
[[ -e "$i" ]] || continue
|
||||
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
|
||||
command -v restorecon &>/dev/null && \
|
||||
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
|
||||
done
|
||||
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
|
||||
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
|
||||
if [[ -e "$i" ]]; then
|
||||
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
|
||||
command -v restorecon &>/dev/null && \
|
||||
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
|
||||
fi
|
||||
fi
|
||||
/sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
|
||||
/sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
|
||||
/sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
|
||||
;;
|
||||
remove)
|
||||
/sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# skip other installation plugins, if we can't find a boot loader spec conforming setup
|
||||
if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
|
||||
exit 77
|
||||
fi
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# The ptrace system call is used for interprocess services,
|
||||
# communication and introspection (like synchronisation, signaling,
|
||||
# debugging, tracing and profiling) of processes.
|
||||
#
|
||||
# Usage of ptrace is restricted by normal user permissions. Normal
|
||||
# unprivileged processes cannot use ptrace on processes that they
|
||||
# cannot send signals to or processes that are running set-uid or
|
||||
# set-gid. Nevertheless, processes running under the same uid will
|
||||
# usually be able to ptrace one another.
|
||||
#
|
||||
# Fedora enables the Yama security mechanism which restricts ptrace
|
||||
# even further. Sysctl setting kernel.yama.ptrace_scope can have one
|
||||
# of the following values:
|
||||
#
|
||||
# 0 - Normal ptrace security permissions.
|
||||
# 1 - Restricted ptrace. Only child processes plus normal permissions.
|
||||
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
|
||||
# 3 - No attach. No process may call ptrace at all. Irrevocable.
|
||||
#
|
||||
# For more information see Documentation/security/Yama.txt in the
|
||||
# kernel sources.
|
||||
#
|
||||
# The default is 1., which allows tracing of child processes, but
|
||||
# forbids tracing of arbitrary processes. This allows programs like
|
||||
# gdb or strace to work when the most common way of having the
|
||||
# debugger start the debuggee is used:
|
||||
# gdb /path/to/program ...
|
||||
# Attaching to already running programs is NOT allowed:
|
||||
# gdb -p ...
|
||||
# This default setting is suitable for the common case, because it
|
||||
# reduces the risk that one hacked process can be used to attack other
|
||||
# processes. (For example, a hacked firefox process in a user session
|
||||
# will not be able to ptrace the keyring process and extract passwords
|
||||
# stored only in memory.)
|
||||
#
|
||||
# Developers and administrators might want to disable those protections
|
||||
# to be able to attach debuggers to existing processes. Use
|
||||
# sysctl kernel.yama.ptrace_scope=0
|
||||
# for change the setting temporarily, or copy this file to
|
||||
# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
|
||||
|
||||
kernel.yama.ptrace_scope = 0
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# We enable all display managers by default. Since only one can
|
||||
# actually be enabled at the same time the one which is installed
|
||||
# first wins
|
||||
|
||||
enable gdm.service
|
||||
enable lightdm.service
|
||||
enable slim.service
|
||||
enable lxdm.service
|
||||
enable sddm.service
|
||||
enable kdm.service
|
||||
enable xdm.service
|
||||
|
|
@ -0,0 +1,114 @@
|
|||
# Also see:
|
||||
# https://fedoraproject.org/wiki/Starting_services_by_default
|
||||
|
||||
# systemd
|
||||
enable remote-fs.target
|
||||
enable getty@tty1.service
|
||||
enable systemd-readahead-replay.service
|
||||
enable systemd-readahead-collect.service
|
||||
|
||||
# System stuff
|
||||
enable sshd.service
|
||||
enable atd.*
|
||||
enable crond.*
|
||||
enable chronyd.service
|
||||
enable rpcbind.*
|
||||
enable NetworkManager.service
|
||||
enable NetworkManager-dispatcher.service
|
||||
enable ModemManager.service
|
||||
enable auditd.service
|
||||
enable restorecond.service
|
||||
enable bluetooth.*
|
||||
enable avahi-daemon.*
|
||||
enable cups.*
|
||||
|
||||
# The various syslog implementations
|
||||
enable rsyslog.*
|
||||
enable syslog-ng.*
|
||||
enable sysklogd.*
|
||||
|
||||
# Network facing
|
||||
enable firewalld.service
|
||||
enable libvirtd.service
|
||||
enable xinetd.service
|
||||
enable ladvd.service
|
||||
|
||||
# Storage
|
||||
enable multipathd.service
|
||||
enable libstoragemgmt.service
|
||||
enable lvm2-monitor.*
|
||||
enable lvm2-lvmetad.*
|
||||
enable dm-event.*
|
||||
enable dmraid-activation.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=855372
|
||||
enable mdmonitor.service
|
||||
enable mdmonitor-takeover.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=876237
|
||||
enable spice-vdagentd.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=885406
|
||||
enable qemu-guest-agent.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=928726
|
||||
enable dnf-makecache.timer
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=929403
|
||||
enable initial-setup-graphical.service
|
||||
enable initial-setup-text.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=957135
|
||||
enable vmtoolsd.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=976315
|
||||
enable dkms.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=961878
|
||||
enable ipmi.service
|
||||
enable ipmievd.service
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1039351
|
||||
enable x509watch.timer
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1060754
|
||||
enable dnssec-triggerd.service
|
||||
|
||||
# Hardware
|
||||
enable gpm.*
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1066421
|
||||
enable gpsd.socket
|
||||
|
||||
enable irqbalance.service
|
||||
enable lm_sensors.service
|
||||
enable mcelog.*
|
||||
enable acpid.*
|
||||
enable smartd.service
|
||||
enable pcscd.socket
|
||||
enable rngd.service
|
||||
|
||||
# Other stuff
|
||||
enable abrtd.service
|
||||
enable abrt-ccpp.service
|
||||
enable abrt-oops.service
|
||||
enable abrt-xorg.service
|
||||
enable abrt-vmcore.service
|
||||
enable lttng-sessiond.service
|
||||
enable ksm.service
|
||||
enable ksmtuned.service
|
||||
enable rootfs-resize.service
|
||||
enable sysstat.service
|
||||
enable uuidd.service
|
||||
enable xendomains.service
|
||||
enable xenstored.service
|
||||
enable xenconsoled.service
|
||||
|
||||
# Desktop stuff
|
||||
enable accounts-daemon.service
|
||||
enable rtkit-daemon.service
|
||||
enable upower.service
|
||||
enable udisks2.service
|
||||
enable polkit.service
|
||||
enable packagekit-offline-update.service
|
||||
enable PackageKit.service
|
||||
|
|
@ -0,0 +1 @@
|
|||
disable *
|
||||
|
|
@ -1,129 +0,0 @@
|
|||
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 14 Sep 2020 17:58:03 +0200
|
||||
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
|
||||
|
||||
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
|
||||
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
|
||||
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
|
||||
|
||||
(gdb) !uname -r
|
||||
5.6.19-200.fc31.ppc64le
|
||||
|
||||
(gdb) !cat /proc/self/mountinfo
|
||||
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
|
||||
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
|
||||
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
|
||||
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
|
||||
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
|
||||
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
|
||||
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
|
||||
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
|
||||
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||
|
||||
The test process does
|
||||
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
|
||||
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
|
||||
read(open("/proc/self/fdinfo/4", ...)) which gives
|
||||
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
|
||||
|
||||
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
|
||||
|
||||
We could either drop the fallback path (and fail name_to_handle_at() is not
|
||||
avaliable) or ignore the error in the test. Not sure what is better. I think
|
||||
this issue only occurs sometimes and with older kernels, so probably continuing
|
||||
with the current flaky implementation is better than ripping out the fallback.
|
||||
|
||||
Another strace:
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
|
||||
) = 28
|
||||
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
|
||||
) = 20
|
||||
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
|
||||
) = 30
|
||||
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
|
||||
) = 23
|
||||
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
|
||||
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
|
||||
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
|
||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
|
||||
read(5</proc/20/fdinfo/4>, "", 1024) = 0
|
||||
close(5</proc/20/fdinfo/4>) = 0
|
||||
close(4</proc/filesystems>) = 0
|
||||
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
|
||||
) = 42
|
||||
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
|
||||
) = 39
|
||||
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
|
||||
) = 109
|
||||
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
|
||||
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
|
||||
getpid() = 20
|
||||
gettid() = 20
|
||||
tgkill(20, 20, SIGABRT) = 0
|
||||
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
|
||||
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
|
||||
+++ killed by SIGABRT (core dumped) +++
|
||||
---
|
||||
src/test/test-mountpoint-util.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||
index 30b00ae4d8b..ffe5144b04a 100644
|
||||
--- a/src/test/test-mountpoint-util.c
|
||||
+++ b/src/test/test-mountpoint-util.c
|
||||
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
|
||||
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
|
||||
* that's really the case */
|
||||
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
|
||||
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
|
||||
- assert_se(path_equal(p, t));
|
||||
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
|
||||
+
|
||||
+ if (!path_equal(p, t))
|
||||
+ /* Apparent kernel bug in /proc/self/fdinfo */
|
||||
+ log_warning("Bad mount id given for %s: %d, should be %d",
|
||||
+ p, mnt_id2, mnt_id);
|
||||
}
|
||||
}
|
||||
|
||||
16
inittab
16
inittab
|
|
@ -1,16 +0,0 @@
|
|||
# inittab is no longer used.
|
||||
#
|
||||
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
|
||||
#
|
||||
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
|
||||
#
|
||||
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
|
||||
#
|
||||
# multi-user.target: analogous to runlevel 3
|
||||
# graphical.target: analogous to runlevel 5
|
||||
#
|
||||
# To view current default target, run:
|
||||
# systemctl get-default
|
||||
#
|
||||
# To set a default target, run:
|
||||
# systemctl set-default TARGET.target
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From 0fe97bc02e3108efdb844feb1b367a89ba995d83 Mon Sep 17 00:00:00 2001
|
||||
From: Harald Hoyer <harald@redhat.com>
|
||||
Date: Tue, 14 Jan 2014 17:48:08 -0500
|
||||
Subject: [PATCH] kernel-install: add fedora specific callouts to
|
||||
new-kernel-pkg
|
||||
|
||||
---
|
||||
src/kernel-install/kernel-install | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
|
||||
index 3ae1d77..3a2ac56 100644
|
||||
--- a/src/kernel-install/kernel-install
|
||||
+++ b/src/kernel-install/kernel-install
|
||||
@@ -19,6 +19,27 @@
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
+if [[ -x /sbin/new-kernel-pkg ]]; then
|
||||
+ [[ "$2" == *\+* ]] && flavor=-"${2##*+}"
|
||||
+ case "$1" in
|
||||
+ add)
|
||||
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$2" || exit $?
|
||||
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$2" || exit $?
|
||||
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$2" || exit $?
|
||||
+ ;;
|
||||
+ remove)
|
||||
+ /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$2" || exit $?
|
||||
+ ;;
|
||||
+ *)
|
||||
+ ;;
|
||||
+ esac
|
||||
+
|
||||
+ # exit, if we can't find a boot loader spec conforming setup
|
||||
+ if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
|
||||
+ exit 0
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
usage()
|
||||
{
|
||||
echo "Usage:"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[suppress_file]
|
||||
# This shared object is private to systemd
|
||||
file_name_regexp=libsystemd-shared-.*.so
|
||||
|
|
@ -0,0 +1 @@
|
|||
$SystemLogSocketName /run/systemd/journal/syslog
|
||||
|
|
@ -0,0 +1 @@
|
|||
%_unitdir /usr/lib/systemd/system
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# RPM macros for packages creating system accounts
|
||||
#
|
||||
# Turn a sysusers.d file into macros specified by
|
||||
# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
|
||||
|
||||
%sysusers_requires_compat Requires(pre): shadow-utils
|
||||
|
||||
%sysusers_create_compat() \
|
||||
%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
|
||||
%{nil}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
NAME=systemd
|
||||
UPSTREAM=git://anongit.freedesktop.org/systemd/systemd
|
||||
REFDIR="$HOME/git/systemd" # for faster cloning, if available
|
||||
|
||||
|
||||
[ -n "$1" ] && HEAD="$1" || HEAD="HEAD"
|
||||
|
||||
WORKDIR="$(mktemp -d --tmpdir "$NAME.XXXXXXXXXX")"
|
||||
trap 'rm -rf $WORKDIR' exit
|
||||
|
||||
[ -d "$REFDIR" ] && REFERENCE="--reference $REFDIR"
|
||||
git clone $REFERENCE "$UPSTREAM" "$WORKDIR"
|
||||
|
||||
pushd "$WORKDIR" > /dev/null
|
||||
git branch to-archive $HEAD
|
||||
read COMMIT_SHORTID COMMIT_TITLE <<EOGIT
|
||||
$(git log to-archive^..to-archive --pretty='format:%h %s')
|
||||
EOGIT
|
||||
popd > /dev/null
|
||||
|
||||
echo "Making git snapshot using commit: $COMMIT_SHORTID $COMMIT_TITLE"
|
||||
|
||||
DIRNAME="$NAME-git$COMMIT_SHORTID"
|
||||
git archive --remote="$WORKDIR" --format=tar --prefix="$DIRNAME/" to-archive | xz -9 > "$DIRNAME.tar.xz"
|
||||
|
||||
echo "Written $DIRNAME.tar.xz"
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
#!/bin/bash -eu
|
||||
|
||||
if [ $UID -ne 0 ]; then
|
||||
echo "WARNING: This script needs to run as root to be effective"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
|
||||
|
||||
if [ "${1:-}" = "--ignore-journal" ]; then
|
||||
shift
|
||||
ignore_journal=1
|
||||
else
|
||||
ignore_journal=0
|
||||
fi
|
||||
|
||||
echo "Checking processes..."
|
||||
if ps h -u 99 | grep .; then
|
||||
echo "ERROR: ps reports processes with UID 99!"
|
||||
exit 2
|
||||
fi
|
||||
echo "... not found"
|
||||
|
||||
echo "Checking UTMP..."
|
||||
if w -h 199 | grep . ; then
|
||||
echo "ERROR: w reports UID 99 as active!"
|
||||
exit 2
|
||||
fi
|
||||
if w -h nobody | grep . ; then
|
||||
echo "ERROR: w reports user nobody as active!"
|
||||
exit 2
|
||||
fi
|
||||
echo "... not found"
|
||||
|
||||
echo "Checking the journal..."
|
||||
if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
|
||||
echo "ERROR: journalctl reports messages from UID 99 in current boot!"
|
||||
exit 2
|
||||
fi
|
||||
echo "... not found"
|
||||
|
||||
echo "Looking for files in /etc, /run, /tmp, and /var..."
|
||||
if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
|
||||
echo "ERROR: found files belonging to UID 99"
|
||||
exit 2
|
||||
fi
|
||||
echo "... not found"
|
||||
|
||||
echo "Checking if nobody is defined correctly..."
|
||||
if getent passwd nobody |
|
||||
grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
|
||||
then
|
||||
echo "OK, nothing to do."
|
||||
exit 0
|
||||
else
|
||||
echo "NOTICE: User nobody is not defined correctly"
|
||||
fi
|
||||
|
||||
echo "Checking if nfsnobody or something else is using the uid..."
|
||||
if getent passwd 65534 | grep . ; then
|
||||
echo "NOTICE: will have to remove this user"
|
||||
else
|
||||
echo "... not found"
|
||||
fi
|
||||
|
||||
if [ "${1:-}" = "-x" ]; then
|
||||
if getent passwd nobody >/dev/null; then
|
||||
# this will remove both the user and the group.
|
||||
( set -x
|
||||
userdel nobody
|
||||
)
|
||||
fi
|
||||
|
||||
if getent passwd 65534 >/dev/null; then
|
||||
# Make sure the uid is unused. This should free gid too.
|
||||
name="$(getent passwd 65534 | cut -d: -f1)"
|
||||
( set -x
|
||||
userdel "$name"
|
||||
)
|
||||
fi
|
||||
|
||||
if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
|
||||
echo "Sleeping, so sss can catch up"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
if getent group 65534; then
|
||||
# Make sure the gid is unused, even if uid wasn't.
|
||||
name="$(getent group 65534 | cut -d: -f1)"
|
||||
( set -x
|
||||
groupdel "$name"
|
||||
)
|
||||
fi
|
||||
|
||||
# systemd-sysusers uses the same gid and uid
|
||||
( set -x
|
||||
systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
|
||||
)
|
||||
else
|
||||
echo "Pass '-x' to perform changes"
|
||||
fi
|
||||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a
|
||||
0a70c382b6089526f98073b4ee85ef75 systemd-211.tar.xz
|
||||
|
|
|
|||
143
split-files.py
143
split-files.py
|
|
@ -1,143 +0,0 @@
|
|||
import re, sys, os, collections
|
||||
|
||||
buildroot = sys.argv[1]
|
||||
known_files = sys.stdin.read().splitlines()
|
||||
known_files = {line.split()[-1]:line for line in known_files}
|
||||
|
||||
def files(root):
|
||||
os.chdir(root)
|
||||
todo = collections.deque(['.'])
|
||||
while todo:
|
||||
n = todo.pop()
|
||||
files = os.scandir(n)
|
||||
for file in files:
|
||||
yield file
|
||||
if file.is_dir() and not file.is_symlink():
|
||||
todo.append(file)
|
||||
|
||||
o_libs = open('.file-list-libs', 'w')
|
||||
o_udev = open('.file-list-udev', 'w')
|
||||
o_pam = open('.file-list-pam', 'w')
|
||||
o_rpm_macros = open('.file-list-rpm-macros', 'w')
|
||||
o_devel = open('.file-list-devel', 'w')
|
||||
o_container = open('.file-list-container', 'w')
|
||||
o_networkd = open('.file-list-networkd', 'w')
|
||||
o_remote = open('.file-list-remote', 'w')
|
||||
o_tests = open('.file-list-tests', 'w')
|
||||
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
|
||||
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
|
||||
o_rest = open('.file-list-rest', 'w')
|
||||
for file in files(buildroot):
|
||||
n = file.path[1:]
|
||||
if re.match(r'''/usr/(share|include)$|
|
||||
/usr/share/man(/man.|)$|
|
||||
/usr/share/zsh(/site-functions|)$|
|
||||
/usr/share/dbus-1$|
|
||||
/usr/share/dbus-1/system.d$|
|
||||
/usr/share/dbus-1/(system-|)services$|
|
||||
/usr/share/polkit-1(/actions|/rules.d|)$|
|
||||
/usr/share/pkgconfig$|
|
||||
/usr/share/bash-completion(/completions|)$|
|
||||
/usr(/lib|/lib64|/bin|/sbin|)$|
|
||||
/usr/lib.*/(security|pkgconfig)$|
|
||||
/usr/lib/rpm(/macros.d|)$|
|
||||
/usr/lib/firewalld(/services|)$|
|
||||
/usr/share/(locale|licenses|doc)| # no $
|
||||
/etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
|
||||
/etc/(dnf|dnf/protected.d)$|
|
||||
/usr/(src|lib/debug)| # no $
|
||||
/run$|
|
||||
/var(/cache|/log|/lib|/run|)$
|
||||
''', n, re.X):
|
||||
continue
|
||||
if '/security/pam_' in n or '/man8/pam_' in n:
|
||||
o = o_pam
|
||||
elif '/rpm/' in n:
|
||||
o = o_rpm_macros
|
||||
elif '/usr/lib/systemd/tests' in n:
|
||||
o = o_tests
|
||||
elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
|
||||
o = o_devel
|
||||
elif re.search(r'''journal-(remote|gateway|upload)|
|
||||
systemd-remote\.conf|
|
||||
/usr/share/systemd/gatewayd|
|
||||
/var/log/journal/remote
|
||||
''', n, re.X):
|
||||
o = o_remote
|
||||
elif re.search(r'''mymachines|
|
||||
machinectl|
|
||||
systemd-nspawn|
|
||||
import-pubring.gpg|
|
||||
systemd-(machined|import|pull)|
|
||||
/machine.slice|
|
||||
/machines.target|
|
||||
var-lib-machines.mount|
|
||||
org.freedesktop.(import|machine)1
|
||||
''', n, re.X):
|
||||
o = o_container
|
||||
elif re.search(r'''/usr/lib/systemd/network/80-|
|
||||
networkd|
|
||||
networkctl|
|
||||
org.freedesktop.network1
|
||||
''', n, re.X):
|
||||
o = o_networkd
|
||||
elif '.so.' in n:
|
||||
o = o_libs
|
||||
elif re.search(r'''udev(?!\.pc)|
|
||||
hwdb|
|
||||
bootctl|
|
||||
sd-boot|systemd-boot\.|loader.conf|
|
||||
bless-boot|
|
||||
boot-system-token|
|
||||
kernel-install|
|
||||
vconsole|
|
||||
backlight|
|
||||
rfkill|
|
||||
random-seed|
|
||||
modules-load|
|
||||
timesync|
|
||||
cryptsetup|
|
||||
kmod|
|
||||
quota|
|
||||
pstore|
|
||||
sleep|suspend|hibernate|
|
||||
systemd-tmpfiles-setup-dev|
|
||||
network/99-default.link|
|
||||
growfs|makefs|makeswap|mkswap|
|
||||
fsck|
|
||||
repart|
|
||||
gpt-auto|
|
||||
volatile-root|
|
||||
verity-setup|
|
||||
remount-fs|
|
||||
/boot$|
|
||||
/boot/efi|
|
||||
/kernel/|
|
||||
/kernel$|
|
||||
/modprobe.d
|
||||
''', n, re.X):
|
||||
o = o_udev
|
||||
elif n.endswith('.standalone'):
|
||||
if 'tmpfiles' in n:
|
||||
o = o_standalone_tmpfiles
|
||||
elif 'sysusers' in n:
|
||||
o = o_standalone_sysusers
|
||||
else:
|
||||
assert False, 'Found .standalone not belonging to known packages'
|
||||
else:
|
||||
o = o_rest
|
||||
|
||||
if n in known_files:
|
||||
prefix = ' '.join(known_files[n].split()[:-1])
|
||||
if prefix:
|
||||
prefix += ' '
|
||||
elif file.is_dir() and not file.is_symlink():
|
||||
prefix = '%dir '
|
||||
elif n.startswith('/etc'):
|
||||
prefix = '%config(noreplace) '
|
||||
else:
|
||||
prefix = ''
|
||||
|
||||
suffix = '*' if '/man/' in n else ''
|
||||
|
||||
print(f'{prefix}{n}{suffix}', file=o)
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# sysctl settings are defined through files in
|
||||
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
|
||||
#
|
||||
# Vendors settings live in /usr/lib/sysctl.d/.
|
||||
# To override a whole file, create a new file with the same in
|
||||
# /etc/sysctl.d/ and put new settings there. To override
|
||||
# only specific settings, add a file with a lexically later
|
||||
# name in /etc/sysctl.d/ and put new settings there.
|
||||
#
|
||||
# For more information, see sysctl.conf(5) and sysctl.d(5).
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>systemd-journal-gatewayd</short>
|
||||
<description>Journal Gateway Service</description>
|
||||
<port protocol="tcp" port="19531"/>
|
||||
</service>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>systemd-journal-remote</short>
|
||||
<description>Journal Remote Sink</description>
|
||||
<port protocol="tcp" port="19532"/>
|
||||
</service>
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Unit]
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
|
||||
RefuseManualStop=true
|
||||
10
systemd-user
10
systemd-user
|
|
@ -1,10 +0,0 @@
|
|||
# This file is part of systemd.
|
||||
#
|
||||
# Used by systemd --user instances.
|
||||
|
||||
account include system-auth
|
||||
|
||||
session required pam_selinux.so close
|
||||
session required pam_selinux.so nottys open
|
||||
session required pam_loginuid.so
|
||||
session include system-auth
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
# Just kill all warnings about README being wrong in every possible way
|
||||
addFilter(r'README')
|
||||
|
||||
addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
|
||||
|
||||
addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
|
||||
|
||||
addFilter(r'non-readable /etc/crypttab')
|
||||
|
||||
addFilter(r'non-conffile-in-etc /etc/inittab')
|
||||
|
||||
addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
|
||||
|
||||
addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
|
||||
|
||||
addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
|
||||
|
||||
addFilter(r'non-standard-dir-perm /var/cache/private 700')
|
||||
|
||||
addFilter(r'non-root-group-log-file /var/log/btmp utmp')
|
||||
|
||||
addFilter(r'non-standard-dir-perm /var/log/private 700')
|
||||
|
||||
addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
|
||||
|
||||
addFilter(r'dangerous-command-in-')
|
||||
|
||||
addFilter(r'summary-not-capitalized C systemd')
|
||||
|
||||
addFilter(r'obsolete-not-provided')
|
||||
|
||||
addFilter(r'postin-without-ldconfig')
|
||||
|
||||
addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
|
||||
|
||||
addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
|
||||
|
||||
addFilter(r'systemd-tests\..*: W: no-documentation')
|
||||
|
||||
addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
|
||||
|
||||
addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
|
||||
|
||||
# everybody does it this way: systemd, syslog-ng, rsyslog
|
||||
addFilter(r'unversioned-explicit-provides syslog')
|
||||
|
||||
# systemd-machine-id-setup requires libssl
|
||||
addFilter(r'explicit-lib-dependency openssl-libs')
|
||||
|
||||
addFilter(r'systemd.src:.*strange-permission')
|
||||
2468
systemd.spec
2468
systemd.spec
File diff suppressed because it is too large
Load Diff
|
|
@ -1,2 +0,0 @@
|
|||
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
|
||||
%__sysusers_path ^%{_sysusersdir}/.*\\.conf$
|
||||
|
|
@ -1,79 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This script turns sysuser.d files into scriptlets mandated by Fedora
|
||||
# packaging guidelines. The general idea is to define users using the
|
||||
# declarative syntax but to turn this into traditional scriptlets.
|
||||
|
||||
user() {
|
||||
user="$1"
|
||||
uid="$2"
|
||||
desc="$3"
|
||||
group="$4"
|
||||
home="$5"
|
||||
shell="$6"
|
||||
|
||||
[ "$desc" = '-' ] && desc=
|
||||
[ "$home" = '-' -o "$home" = '' ] && home=/
|
||||
[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
|
||||
|
||||
if [ "$uid" = '-' -o "$uid" = '' ]; then
|
||||
cat <<EOF
|
||||
getent passwd '$user' >/dev/null || \\
|
||||
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
|
||||
EOF
|
||||
else
|
||||
cat <<EOF
|
||||
if ! getent passwd '$user' >/dev/null ; then
|
||||
if ! getent passwd '$uid' >/dev/null ; then
|
||||
useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
|
||||
else
|
||||
useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
|
||||
fi
|
||||
fi
|
||||
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
group() {
|
||||
group="$1"
|
||||
gid="$2"
|
||||
if [ "$gid" = '-' ]; then
|
||||
cat <<EOF
|
||||
getent group '$group' >/dev/null || groupadd -r '$group'
|
||||
EOF
|
||||
else
|
||||
cat <<EOF
|
||||
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
parse() {
|
||||
while read line || [ "$line" ]; do
|
||||
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
|
||||
line="${line## *}"
|
||||
[ -z "$line" ] && continue
|
||||
eval arr=( $line )
|
||||
case "${arr[0]}" in
|
||||
('u')
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
||||
# TODO: user:group support
|
||||
;;
|
||||
('g')
|
||||
group "${arr[1]}" "${arr[2]}"
|
||||
;;
|
||||
('m')
|
||||
group "${arr[2]}" "-"
|
||||
user "${arr[1]}" "-" "" "${arr[2]}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
for fn in "$@"; do
|
||||
[ -e "$fn" ] || continue
|
||||
echo "# generated from $(basename $fn)"
|
||||
parse < "$fn"
|
||||
done
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
parse() {
|
||||
while read line; do
|
||||
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
|
||||
line="${line## *}"
|
||||
[ -z "$line" ] && continue
|
||||
set -- $line
|
||||
case "$1" in
|
||||
('u')
|
||||
echo "user($2)"
|
||||
echo "group($2)"
|
||||
# TODO: user:group support
|
||||
;;
|
||||
('g')
|
||||
echo "group($2)"
|
||||
;;
|
||||
('m')
|
||||
echo "user($2)"
|
||||
echo "group($3)"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
while read fn; do
|
||||
parse < "$fn"
|
||||
done
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
vars:
|
||||
- artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
|
||||
tags:
|
||||
- classic
|
||||
tasks:
|
||||
# switch SELinux to permissive mode
|
||||
- name: Get default kernel
|
||||
command: "grubby --default-kernel"
|
||||
register: default_kernel
|
||||
- debug: msg="{{ default_kernel.stdout }}"
|
||||
- name: Set permissive mode
|
||||
command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
|
||||
|
||||
- name: reboot
|
||||
block:
|
||||
- name: restart host
|
||||
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_errors: true
|
||||
|
||||
- name: wait for host to come back
|
||||
wait_for_connection:
|
||||
delay: 10
|
||||
timeout: 300
|
||||
|
||||
- name: Re-create /tmp/artifacts
|
||||
command: mkdir /tmp/artifacts
|
||||
|
||||
- name: Gather SELinux denials since boot
|
||||
shell: |
|
||||
result=pass
|
||||
dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
|
||||
ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
|
||||
grep -q '<no matches>' /tmp/avc.log || result=fail
|
||||
echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
|
||||
( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
|
||||
|
||||
always:
|
||||
- name: Pull out the artifacts
|
||||
fetch:
|
||||
dest: "{{ artifacts }}/"
|
||||
src: "{{ item }}"
|
||||
flat: yes
|
||||
with_items:
|
||||
- /tmp/test.log
|
||||
- /tmp/avc.log
|
||||
- /tmp/results.yml
|
||||
111
triggers.systemd
111
triggers.systemd
|
|
@ -1,111 +0,0 @@
|
|||
# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# Copyright 2015 Zbigniew Jędrzejewski-Szmek
|
||||
# Copyright 2018 Neal Gompa
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# systemd is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# The contents of this are an example to be copied into systemd.spec.
|
||||
#
|
||||
# Minimum rpm version supported: 4.13.0
|
||||
|
||||
%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
|
||||
# This script will run after any package is initially installed or
|
||||
# upgraded. We care about the case where a package is initially
|
||||
# installed, because other cases are covered by the *un scriptlets,
|
||||
# so sometimes we will reload needlessly.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemctl daemon-reload
|
||||
fi
|
||||
|
||||
%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
|
||||
# On removal, we need to run daemon-reload after any units have been
|
||||
# removed. %transfiletriggerpostun would be ideal, but it does not get
|
||||
# executed for some reason.
|
||||
# On upgrade, we need to run daemon-reload after any new unit files
|
||||
# have been installed, but before %postun scripts in packages get
|
||||
# executed. %transfiletriggerun gets the right list of files
|
||||
# but it is invoked too early (before changes happen).
|
||||
# %filetriggerpostun happens at the right time, but it fires for
|
||||
# every package.
|
||||
# To execute the reload at the right time, we create a state
|
||||
# file in %transfiletriggerun and execute the daemon-reload in
|
||||
# the first %filetriggerpostun.
|
||||
|
||||
if test -d "/run/systemd/system"; then
|
||||
mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
|
||||
touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
|
||||
fi
|
||||
|
||||
%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
|
||||
if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
|
||||
rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
|
||||
%{_bindir}/systemctl daemon-reload
|
||||
fi
|
||||
|
||||
%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
|
||||
# This script will process files installed in /usr/lib/sysusers.d to create
|
||||
# specified users automatically. The priority is set such that it
|
||||
# will run before the tmpfiles file trigger.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-sysusers || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
|
||||
# This script will process files installed in /usr/lib/tmpfiles.d to create
|
||||
# tmpfiles automatically. The priority is set such that it will run
|
||||
# after the sysusers file trigger, but before any other triggers.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-tmpfiles --create || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
|
||||
# This script will automatically invoke hwdb update if files have been
|
||||
# installed or updated in /usr/lib/udev/hwdb.d.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/systemd-hwdb update || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/systemd/catalog
|
||||
# This script will automatically invoke journal catalog update if files
|
||||
# have been installed or updated in /usr/lib/systemd/catalog.
|
||||
if test -d /run/systemd/system; then
|
||||
%{_bindir}/journalctl --update-catalog || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin udev -- /usr/lib/udev/rules.d
|
||||
# This script will automatically update udev with new rules if files
|
||||
# have been installed or updated in /usr/lib/udev/rules.d.
|
||||
if test -e /run/udev/control; then
|
||||
%{_bindir}/udevadm control --reload || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/sysctl.d
|
||||
# This script will automatically apply sysctl rules if files have been
|
||||
# installed or updated in /usr/lib/sysctl.d.
|
||||
if test -d /run/systemd/system; then
|
||||
/usr/lib/systemd/systemd-sysctl || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -- /usr/lib/binfmt.d
|
||||
# This script will automatically apply binfmt rules if files have been
|
||||
# installed or updated in /usr/lib/binfmt.d.
|
||||
if test -d /run/systemd/system; then
|
||||
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
|
||||
# during install
|
||||
/usr/lib/systemd/systemd-binfmt || :
|
||||
fi
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 14 Aug 2019 15:57:42 +0200
|
||||
Subject: [PATCH] udev: use bfq as the default scheduler
|
||||
|
||||
As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
|
||||
Test results are that bfq seems to behave better and more consistently on
|
||||
typical hardware. The kernel does not have a configuration option to set
|
||||
the default scheduler, and it currently needs to be set by userspace.
|
||||
|
||||
See the bug for more discussion and links.
|
||||
---
|
||||
rules.d/60-block-scheduler.rules | 5 +++++
|
||||
rules.d/meson.build | 1 +
|
||||
2 files changed, 6 insertions(+)
|
||||
create mode 100644 rules.d/60-block-scheduler.rules
|
||||
|
||||
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
|
||||
new file mode 100644
|
||||
index 0000000000..480b941761
|
||||
--- /dev/null
|
||||
+++ b/rules.d/60-block-scheduler.rules
|
||||
@@ -0,0 +1,5 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+ACTION=="add", SUBSYSTEM=="block", \
|
||||
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
|
||||
+ ATTR{queue/scheduler}="bfq"
|
||||
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||
index ca4445d774..38d6aa6970 100644
|
||||
--- a/rules.d/meson.build
|
||||
+++ b/rules.d/meson.build
|
||||
@@ -3,6 +3,7 @@
|
||||
rules = files('''
|
||||
60-autosuspend.rules
|
||||
60-block.rules
|
||||
+ 60-block-scheduler.rules
|
||||
60-cdrom_id.rules
|
||||
60-drm.rules
|
||||
60-evdev.rules
|
||||
|
|
@ -1,2 +1 @@
|
|||
systemd
|
||||
systemd-udev
|
||||
|
|
|
|||
Loading…
Reference in New Issue