rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport patch for container compatibility

Browse Source 
... (rhbz#2165004)
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2023-02-21 11:14:00 +01:00
parent 4bdd16eba5
commit 0104b2cfb3
2 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
26478.patch Normal file
View File

@ -0,0 +1,46 @@
From e7662d18a14588740c245d10027e2c42a0a21c0e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 19 Feb 2023 02:42:52 +0900
Subject: [PATCH] core/manager: falling back to execute generators without
sandboxing
When running in a container, like podman, docker or so, creating new mount
namespace may be disabled.
Fixes #26474.
Fixes RHBZ#2165004 (https://bugzilla.redhat.com/show_bug.cgi?id=2165004).
---
src/core/manager.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 7b394794b0d4..380a4e30d7af 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3829,12 +3829,25 @@ static int manager_run_generators(Manager *m) {
}
r = safe_fork("(sd-gens)",
- FORK_RESET_SIGNALS | FORK_LOG | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP,
+ FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP,
NULL);
if (r == 0) {
r = manager_execute_generators(m, paths, /* remount_ro= */ true);
_exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE);
}
+ if (r < 0) {
+ if (!ERRNO_IS_PRIVILEGE(r)) {
+ log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m");
+ goto finish;
+ }
+
+ /* Failed to fork with new mount namespace? Maybe, running in a container environment with
+ * seccomp or without capability. */
+ log_debug_errno(r,
+ "Failed to fork off sandboxing environment for executing generators. "
+ "Falling back to execute generators without sandboxing: %m");
+ r = manager_execute_generators(m, paths, /* remount_ro= */ false);
+ }
finish:
lookup_paths_trim_generator(&m->lookup_paths);

4
systemd.spec
View File

@ -94,6 +94,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
Patch0001: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26494.patch
# https://github.com/systemd/systemd/issues/26474
# https://bugzilla.redhat.com/show_bug.cgi?id=2165004
Patch0002: https://patch-diff.githubusercontent.com/raw/systemd/systemd/pull/26478.patch
# Those are downstream-only patches, but we don't want them in packit builds:
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
Patch0490: use-bfq-scheduler.patch