Rebase to v250 - drop all patches

Related: #2047768
This commit is contained in:
Jan Macku 2022-01-31 11:34:21 +01:00
parent 5b2321d1b0
commit 0224c0ebb1
48 changed files with 0 additions and 3430 deletions

View File

@ -1,54 +0,0 @@
From 5ce0a9b91add22f2a21f1bc7c0f888307f7e58e8 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default
RHEL-only
Resolves: #1959836
(cherry picked from commit 0b3833d6c3b751c6dfb40eeb2ef852984c58f546)
---
man/logind.conf.xml | 2 +-
src/login/logind-core.c | 2 +-
src/login/logind.conf.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index be62b6b572..bec7ff44af 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -346,7 +346,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
</varlistentry>
</variablelist>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 22031f485a..f5e1126adc 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
m->n_autovts = 6;
m->reserve_vt = 6;
- m->remove_ipc = true;
+ m->remove_ipc = false;
m->inhibit_delay_max = 5 * USEC_PER_SEC;
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index 27ba77ce79..f9c5099865 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -39,6 +39,6 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodes=400k
-#RemoveIPC=yes
+#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192

View File

@ -1,65 +0,0 @@
From d00c14d513bbac6562a5921a2be225cfcc4f794f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:46:41 +0200
Subject: [PATCH] basic/unit-name: do not use strdupa() on a path
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
Resolves: #1984299
(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
---
src/basic/unit-name.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 284a773483..a22763443f 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
}
int unit_name_path_escape(const char *f, char **ret) {
- char *p, *s;
+ _cleanup_free_ char *p = NULL;
+ char *s;
assert(f);
assert(ret);
- p = strdupa(f);
+ p = strdup(f);
if (!p)
return -ENOMEM;
@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
if (!path_is_normalized(p))
return -EINVAL;
- /* Truncate trailing slashes */
+ /* Truncate trailing slashes and skip leading slashes */
delete_trailing_chars(p, "/");
-
- /* Truncate leading slashes */
- p = skip_leading_chars(p, "/");
-
- s = unit_name_escape(p);
+ s = unit_name_escape(skip_leading_chars(p, "/"));
}
if (!s)
return -ENOMEM;

View File

@ -1,39 +0,0 @@
From 10a1e767c7bacca5da4ae7260c2a53f7949c3d7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:52:56 +0200
Subject: [PATCH] basic/unit-name: adjust comments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We already checked for "too long" right above…
Related: #1984299
(cherry picked from commit 4e2544c30bfb95e7cb4d1551ba066b1a56520ad6)
---
src/basic/unit-name.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index a22763443f..1deead7458 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;

View File

@ -1,27 +0,0 @@
From ae1b3df445f9f9e27fa6a42602d4eb1db92df7a0 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
symlink
RHEL-only
Resolves: #1989472
---
tmpfiles.d/etc.conf.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in
index 2323fd8cd8..ebdc699c26 100644
--- a/tmpfiles.d/etc.conf.in
+++ b/tmpfiles.d/etc.conf.in
@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
{% if HAVE_SMACK_RUN_LABEL %}
t /etc/mtab - - - - security.SMACK64=_
{% endif %}
-{% if ENABLE_RESOLVE %}
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
-{% endif %}
C! /etc/nsswitch.conf - - - -
{% if HAVE_PAM %}
C! /etc/pam.d - - - -

View File

@ -1,78 +0,0 @@
From ddf558cda4afe6b81586887bcbb8d0ea376c7e71 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 2 Jul 2021 13:25:51 +0200
Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
RHEL-only
Resolves: #1978639
---
rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++
rules.d/meson.build | 1 +
2 files changed, 47 insertions(+)
create mode 100644 rules.d/40-redhat.rules
diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
new file mode 100644
index 0000000000..3c95cd2df0
--- /dev/null
+++ b/rules.d/40-redhat.rules
@@ -0,0 +1,46 @@
+# do not edit this file, it will be overwritten on update
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
+
+# Memory hotadd request
+SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
+ACTION!="add", GOTO="memory_hotplug_end"
+CONST{arch}=="s390*", GOTO="memory_hotplug_end"
+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
+
+ENV{.state}="online"
+CONST{virt}=="none", ENV{.state}="online_movable"
+ATTR{state}=="offline", ATTR{state}="$env{.state}"
+
+LABEL="memory_hotplug_end"
+
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
+
+# load SCSI generic (sg) driver
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
+
+# Rule for prandom character device node permissions
+KERNEL=="prandom", MODE="0644"
+
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
+#
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
+
+#
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
+# (both disk and partition) are SCSI devices based on FCP devices
+#
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
+
+# For SCSI disks
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
+
+
+# For partitions on a SCSI disk
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
+
+LABEL="zfcp_scsi_device_end"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 598649a562..72632979fa 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -5,6 +5,7 @@ install_data(
install_dir : udevrulesdir)
rules = files('''
+ 40-redhat.rules
60-autosuspend.rules
60-block.rules
60-cdrom_id.rules

View File

@ -1,47 +0,0 @@
From d77095927682f5a6921d3825256743eb8f5e6e1b Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
adds an After relationship.
RHEL-only
Resolves: #1959826
(cherry picked from commit f58c5ced373c2532b5cc44ba2e0c3a28b41472f2)
---
src/core/unit.c | 7 +------
units/basic.target | 3 ++-
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 30afd5a776..d9cd0c229a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1266,12 +1266,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
}
if (c->private_tmp) {
-
- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
- * /tmp specifically and masking other mount units should be handled more
- * gracefully too, see PR#16894. */
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
diff --git a/units/basic.target b/units/basic.target
index d8cdd5ac14..9eae0782a2 100644
--- a/units/basic.target
+++ b/units/basic.target
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
# we support that unit being masked, and this should not be considered an error.
RequiresMountsFor=/var /var/tmp
-Wants=tmp.mount
+# RHEL-only: Disable /tmp on tmpfs.
+#Wants=tmp.mount

View File

@ -1,40 +0,0 @@
From 209af66ef66a67a9cafa5a1d6364ce436cd593aa Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount
rhel-only
Resolves: #1619292
(cherry picked from commit 03e52d33bbdea731eaa79545bb1d30c5b21abe3d)
---
src/core/mount.c | 2 +-
src/core/unit.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 053deac14d..1fd3102ad3 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -343,7 +343,7 @@ static int mount_add_mount_dependencies(Mount *m) {
if (r < 0)
return r;
- if (UNIT(m)->fragment_path) {
+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
/* If we have fragment configuration, then make this dependency required */
r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
if (r < 0)
diff --git a/src/core/unit.c b/src/core/unit.c
index d9cd0c229a..371dda7e29 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1506,7 +1506,7 @@ static int unit_add_mount_dependencies(Unit *u) {
if (r < 0)
return r;
- if (m->fragment_path) {
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
if (r < 0)
return r;

View File

@ -1,25 +0,0 @@
From c54ec17a683866f8e74f0d78c19369a6e86e46f3 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 22 Jan 2019 10:28:42 +0100
Subject: [PATCH] units: add [Install] section to tmp.mount
RHEL-only
Related: #1959826
(cherry picked from commit bb3d205bea1c83cbd0e27b504f5f1faa884fb602)
---
units/tmp.mount | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/units/tmp.mount b/units/tmp.mount
index 516bd1621c..fc1812111e 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount
@@ -23,3 +23,7 @@ What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k
+
+# Make 'systemctl enable tmp.mount' work:
+[Install]
+WantedBy=local-fs.target

View File

@ -1,29 +0,0 @@
From 10c26ebc7cd9bff3d73ff9a89ddec44bde88e4cd Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
just network-online.target didn't exist back then.
RHEL-only
Resolves: #1954429
---
units/rc-local.service.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 55e83dfe00..0eee722154 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,8 @@
Description={{RC_LOCAL_PATH}} Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable={{RC_LOCAL_PATH}}
-After=network.target
+After=network-online.target
+Wants=network-online.target
[Service]
Type=forking

View File

@ -1,284 +0,0 @@
From b3c617b8d0fb95322e203842d2ac68593a4acdcd Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 18 Apr 2021 20:46:06 +0200
Subject: [PATCH] ci: drop CIs irrelevant for downstream
* CIFuzz would need a separate project in oss-fuzz
* Coverity would also need a separate project
* the Labeler action is superfluous, since we already have a bot for
that
* mkosi testing on other distros is irrelevant for downstream RHEL
repo
Resolves: #1960703
rhel-only
---
.github/labeler.yml | 38 ------------------
.github/workflows/cifuzz.yml | 47 ----------------------
.github/workflows/coverity.yml | 39 -------------------
.github/workflows/labeler.yml | 13 -------
.github/workflows/mkosi.yml | 58 ----------------------------
.github/workflows/test_mkosi_boot.py | 24 ------------
6 files changed, 219 deletions(-)
delete mode 100644 .github/labeler.yml
delete mode 100644 .github/workflows/cifuzz.yml
delete mode 100644 .github/workflows/coverity.yml
delete mode 100644 .github/workflows/labeler.yml
delete mode 100644 .github/workflows/mkosi.yml
delete mode 100755 .github/workflows/test_mkosi_boot.py
diff --git a/.github/labeler.yml b/.github/labeler.yml
deleted file mode 100644
index 773d575004..0000000000
--- a/.github/labeler.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-hwdb:
- - hwdb.d/**/*
-units:
- - units/**/*
-documentation:
- - NEWS
- - docs/*
-network:
- - src/libsystemd-network/**/*
- - src/network/**/*
-udev:
- - src/udev/**/*
- - src/libudev/*
-selinux:
- - '**/*selinux*'
-apparmor:
- - '**/*apparmor*'
-meson:
- - meson_option.txt
-mkosi:
- - .mkosi/*
- - mkosi.build
-busctl:
- - src/busctl/*
-systemctl:
- - src/systemctl/*
-journal:
- - src/journal/*
-journal-remote:
- - src/journal-remote/*
-portable:
- - src/portable/**/*
-resolve:
- - src/resolve/*
-timedate:
- - src/timedate/*
-timesync:
- - src/timesync/*
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
deleted file mode 100644
index 14d81a67ff..0000000000
--- a/.github/workflows/cifuzz.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
-
-name: CIFuzz
-on:
- pull_request:
- paths:
- - '**/meson.build'
- - '.github/workflows/**'
- - 'meson_options.txt'
- - 'src/**'
- - 'test/fuzz/**'
- - 'tools/oss-fuzz.sh'
- push:
- branches:
- - main
-jobs:
- Fuzzing:
- runs-on: ubuntu-latest
- if: github.repository == 'systemd/systemd'
- strategy:
- fail-fast: false
- matrix:
- sanitizer: [address, undefined, memory]
- steps:
- - name: Build Fuzzers (${{ matrix.sanitizer }})
- id: build
- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- dry-run: false
- allowed-broken-targets-percentage: 0
- sanitizer: ${{ matrix.sanitizer }}
- - name: Run Fuzzers (${{ matrix.sanitizer }})
- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- fuzz-seconds: 600
- dry-run: false
- sanitizer: ${{ matrix.sanitizer }}
- - name: Upload Crash
- uses: actions/upload-artifact@v1
- if: failure() && steps.build.outcome == 'success'
- with:
- name: ${{ matrix.sanitizer }}-artifacts
- path: ./out/artifacts
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
deleted file mode 100644
index a0eb0f01fd..0000000000
--- a/.github/workflows/coverity.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-#
-name: Coverity
-
-on:
- schedule:
- # Run Coverity daily at midnight
- - cron: '0 0 * * *'
-
-jobs:
- build:
- runs-on: ubuntu-20.04
- if: github.repository == 'systemd/systemd'
- env:
- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
- COVERITY_SCAN_NOTIFICATION_EMAIL: ""
- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
- # Set in repo settings -> secrets -> repository secrets
- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
- CURRENT_REF: "${{ github.ref }}"
- steps:
- - name: Repository checkout
- uses: actions/checkout@v1
- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
- - name: Install Coverity tools
- run: tools/get-coverity.sh
- # Reuse the setup phase of the unit test script to avoid code duplication
- - name: Install build dependencies
- run: sudo -E .github/workflows/unit_tests.sh SETUP
- # Preconfigure with meson to prevent Coverity from capturing meson metadata
- - name: Preconfigure the build directory
- run: meson cov-build -Dman=false
- - name: Build
- run: tools/coverity.sh build
- - name: Upload the results
- run: tools/coverity.sh upload
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
deleted file mode 100644
index 76d67a3a5c..0000000000
--- a/.github/workflows/labeler.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-name: "Pull Request Labeler"
-on:
-- pull_request_target
-
-jobs:
- triage:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/labeler@main
- with:
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
- configuration-path: .github/labeler.yml
- sync-labels: "" # This is a workaround for issue 18671
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
deleted file mode 100644
index babdf7ae6e..0000000000
--- a/.github/workflows/mkosi.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: mkosi
-
-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in .mkosi.
-
-on:
- push:
- branches:
- - main
- pull_request:
- branches:
- - main
-
-jobs:
- ci:
- runs-on: ubuntu-20.04
- strategy:
- fail-fast: false
- matrix:
- distro:
- - arch
- - debian
- - ubuntu
- - fedora
-
- steps:
- - uses: actions/checkout@v2
- - uses: systemd/mkosi@v9
-
- - name: Install
- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
-
- - name: Symlink
- run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default
-
- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
- # required, since current Arch's glibc implements faccessat() via faccessat2().
- - name: Update systemd-nspawn
- if: ${{ matrix.distro == 'arch' }}
- run: |
- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
- sudo apt update
- sudo apt build-dep systemd
- meson build
- ninja -C build
- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
- systemd-nspawn --version
-
- - name: Build ${{ matrix.distro }}
- run: sudo python3 -m mkosi --password= --qemu-headless build
-
- - name: Show ${{ matrix.distro }} image summary
- run: sudo python3 -m mkosi --password= --qemu-headless summary
-
- - name: Boot ${{ matrix.distro }} systemd-nspawn
- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless boot
-
- - name: Boot ${{ matrix.distro }} QEMU
- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless qemu
diff --git a/.github/workflows/test_mkosi_boot.py b/.github/workflows/test_mkosi_boot.py
deleted file mode 100755
index 3418fd3a51..0000000000
--- a/.github/workflows/test_mkosi_boot.py
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env python3
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-import pexpect
-import sys
-
-
-def run() -> None:
- p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300)
-
- p.expect("#")
- p.sendline("systemctl poweroff")
-
- p.expect(pexpect.EOF)
-
-
-try:
- run()
-except pexpect.EOF:
- print("UNEXPECTED EOF")
- sys.exit(1)
-except pexpect.TIMEOUT:
- print("TIMED OUT")
- sys.exit(1)

View File

@ -1,60 +0,0 @@
From b00b4b76e8a7267db2dc54a5d23272a6586770da Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 9 Jun 2021 15:23:59 +0200
Subject: [PATCH] ci: reconfigure Packit for RHEL 9
Resolves: #1960703
rhel-only
---
.packit.yml | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/.packit.yml b/.packit.yml
index 4545e30e08..3461bccbc5 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
actions:
post-upstream-clone:
- # Use the Fedora Rawhide specfile
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
+ # Use the CentOS Stream specfile
+ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- "rm -fv .packit_rpm/sources"
- # Drop backported patches from the specfile, but keep the downstream-only ones
- # - Patch0000-0499: backported patches from upstream
- # - Patch0500-9999: downstream-only patches
- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
+ # Drop all patches, since they're already included in the tarball
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
# Build the RPM with --werror. Even though --werror doesn't work in all
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
@@ -32,11 +30,22 @@ actions:
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+# Available targets can be listed via `copr-cli list-chroots`
jobs:
+# Build test
- job: copr_build
trigger: pull_request
metadata:
targets:
- - fedora-rawhide-aarch64
- - fedora-rawhide-i386
- - fedora-rawhide-x86_64
+ # FIXME: change to CentOS 9 once it's available
+ - fedora-34-x86_64
+ - fedora-34-aarch64
+
+# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
+# Run tests (via testing farm)
+#- job: tests
+# trigger: pull_request
+# metadata:
+# targets:
+# # FIXME: change to CentOS 9 once it's available
+# - fedora-34-x86_64

View File

@ -1,27 +0,0 @@
From ef23dd2793c19e9505ab1e70fff20b7ea184dc54 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 15 Jul 2021 12:23:27 +0200
Subject: [PATCH] ci: run unit tests on z-stream branches as well
Resolves: #1960703
rhel-only
---
.github/workflows/unit_tests.yml | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index ca1e6e0c30..e560bff830 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -2,10 +2,7 @@
# vi: ts=2 sw=2 et:
#
name: Unit tests
-on:
- pull_request:
- branches:
- - main
+on: [pull_request]
jobs:
build:

View File

@ -1,110 +0,0 @@
From a311dc4ade908452d7920452a18ce411af0f6dd3 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <sirmy15@gmail.com>
Date: Thu, 17 Jun 2021 16:39:23 +0200
Subject: [PATCH] Check return value of pam_get_item/pam_get_data functions
(cherry picked from commit a22cbf85ed9863ba5c86681db89424747119ef0c)
Resolves: #1973210
---
src/login/pam_systemd.c | 66 ++++++++++++++++++++++++++++++++++-------
1 file changed, 55 insertions(+), 11 deletions(-)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index f8bd17eefe..1b643d52ca 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -705,7 +705,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
* "systemd-user" we simply set XDG_RUNTIME_DIR and
* leave. */
- (void) pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ r = pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM service: %s", pam_strerror(handle, r));
+ return r;
+ }
if (streq_ptr(service, "systemd-user")) {
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
@@ -719,10 +723,26 @@ _public_ PAM_EXTERN int pam_sm_open_session(
/* Otherwise, we ask logind to create a session for us */
- (void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
- (void) pam_get_item(handle, PAM_TTY, (const void**) &tty);
- (void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
- (void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
+ r = pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM XDISPLAY: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_TTY, (const void**) &tty);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM TTY: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RUSER: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RHOST: %s", pam_strerror(handle, r));
+ return r;
+ }
seat = getenv_harder(handle, "XDG_SEAT", NULL);
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
@@ -789,11 +809,31 @@ _public_ PAM_EXTERN int pam_sm_open_session(
remote = !isempty(remote_host) && !is_localhost(remote_host);
- (void) pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max);
- (void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
- (void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
- (void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
- (void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
+ r = pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.memory_max data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.tasks_max data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.cpu_weight data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.io_weight data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.runtime_max_sec data: %s", pam_strerror(handle, r));
+ return r;
+ }
/* Talk to logind over the message bus */
@@ -996,7 +1036,11 @@ _public_ PAM_EXTERN int pam_sm_close_session(
/* Only release session if it wasn't pre-existing when we
* tried to create it */
- (void) pam_get_data(handle, "systemd.existing", &existing);
+ r = pam_get_data(handle, "systemd.existing", &existing);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.existing data: %s", pam_strerror(handle, r));
+ return r;
+ }
id = pam_getenv(handle, "XDG_SESSION_ID");
if (id && !existing) {

View File

@ -1,25 +0,0 @@
From f1266682aca4a2ed3d85017527d1456cbe5d2f2a Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024
RHEL-only
Resolves: #1982603
---
src/basic/random-util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
index e6528ddc7f..fda78552f6 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
int rdrand(unsigned long *ret);
/* Some limits on the pool sizes when we deal with the kernel random pool */
-#define RANDOM_POOL_SIZE_MIN 512U
+#define RANDOM_POOL_SIZE_MIN 1024U
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
size_t random_pool_size(void);

View File

@ -1,41 +0,0 @@
From d68134590110a93c383a7ae696ccf3717f20682a Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
default
RHEL-only
Resolves: #1973856
---
units/meson.build | 3 +--
units/systemd-journald.service.in | 2 +-
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index 17e9ead9c1..68be8d0108 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -119,8 +119,7 @@ units = [
'sysinit.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
- ['systemd-journald-audit.socket', '',
- 'sockets.target.wants/'],
+ ['systemd-journald-audit.socket', ''],
['systemd-journald-dev-log.socket', '',
'sockets.target.wants/'],
['systemd-journald.socket', '',
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index cd17b6b4e7..d981273b07 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -12,7 +12,7 @@ Description=Journal Service
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Requires=systemd-journald.socket
-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
Before=sysinit.target
[Service]

View File

@ -1,22 +0,0 @@
From c040ffc7d27e2952bd6acccc1d8a351f31ba24db Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings
RHEL-only
Related: #1973856
---
src/journal/journald.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index 5a60a9d39c..3544da2112 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -44,4 +44,4 @@
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
-#Audit=yes
+Audit=

View File

@ -1,137 +0,0 @@
From ba508dc60d5f62d8821242eebf50efcfbddd1428 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 10 Aug 2021 14:46:16 +0200
Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
RHEL-only
Resolves: #1982666
---
man/udev.xml | 9 +++++++
src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++
test/rule-syntax-check.py | 2 +-
3 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/man/udev.xml b/man/udev.xml
index f6ea2abc12..ce96e201e4 100644
--- a/man/udev.xml
+++ b/man/udev.xml
@@ -592,6 +592,15 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>WAIT_FOR</varname></term>
+ <listitem>
+ <para>Wait for a file to become available or until a timeout of
+ 10 seconds expires. The path is relative to the sysfs device;
+ if no path is specified, this waits for an attribute to appear.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>OPTIONS</varname></term>
<listitem>
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
index bf997fc0ed..a02a7a1bc6 100644
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -78,6 +78,7 @@ typedef enum {
TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */
TK_M_DRIVER, /* string, sd_device_get_driver() */
+ TK_M_WAITFOR,
TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
TK_M_SYSCTL, /* string, takes kernel parameter through attribute */
@@ -415,6 +416,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
rule_line->current_token = token;
}
+#define WAIT_LOOP_PER_SECOND 50
+static int wait_for_file(sd_device *dev, const char *file, int timeout) {
+ char filepath[UDEV_PATH_SIZE];
+ char devicepath[UDEV_PATH_SIZE];
+ struct stat stats;
+ int loop = timeout * WAIT_LOOP_PER_SECOND;
+
+ /* a relative path is a device attribute */
+ devicepath[0] = '\0';
+ if (file[0] != '/') {
+ const char *val;
+ int r;
+
+ r = sd_device_get_syspath(dev, &val);
+ if (r < 0)
+ return r;
+ strscpyl(devicepath, sizeof(devicepath), val, NULL);
+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
+ file = filepath;
+ }
+
+ while (--loop) {
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
+
+ /* lookup file */
+ if (stat(file, &stats) == 0) {
+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
+ return 0;
+ }
+ /* make sure, the device did not disappear in the meantime */
+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
+ log_debug("device disappeared while waiting for '%s'", file);
+ return -2;
+ }
+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
+ nanosleep(&duration, NULL);
+ }
+ log_debug("waiting for '%s' failed", file);
+ return -1;
+}
+
static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
UdevRuleToken *token;
UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
@@ -957,6 +999,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
} else
return log_token_invalid_attr(rules, key);
+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
+ if (op == OP_REMOVE)
+ return log_token_invalid_op(rules, key);
+
+ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
+ return 1;
} else if (streq(key, "GOTO")) {
if (attr)
return log_token_invalid_attr(rules, key);
@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
return token_match_string(token, val);
}
+ case TK_M_WAITFOR: {
+ char filename[UDEV_PATH_SIZE];
+ int found;
+
+ udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
+ found = (wait_for_file(event->dev, filename, 10) == 0);
+ return found || (token->op == OP_NOMATCH);
+ }
case TK_M_ATTR:
case TK_M_PARENTS_ATTR:
return token_match_attr(token, dev, event);
diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
index 9a9e4d1658..0649bcf58e 100755
--- a/test/rule-syntax-check.py
+++ b/test/rule-syntax-check.py
@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
# PROGRAM can also be specified as an assignment.
program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
# Find comma-separated groups, but allow commas that are inside quoted strings.
# Using quoted_string_re + '?' so that strings missing the last double quote

View File

@ -1,25 +0,0 @@
From bdea01b16bedae5fdba3e9a12a864087cfb4b040 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 25 Aug 2021 16:03:04 +0200
Subject: [PATCH] Really don't enable systemd-journald-audit.socket
RHEL-only
Resolves: #1973856
---
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index d981273b07..f190dff5fb 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -33,7 +33,7 @@ RestrictRealtime=yes
RestrictSUIDSGID=yes
RuntimeDirectory=systemd/journal
RuntimeDirectoryPreserve=yes
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
StandardOutput=null
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM

View File

@ -1,56 +0,0 @@
From f583f3db3533bb2b3db1646d6afa74613fca46a6 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter
Kernel removed the elevator= option, so let's reintroduce
it for rhel8 via udev rule.
RHEL-only
Resolves: #2003002
---
rules.d/40-elevator.rules | 20 ++++++++++++++++++++
rules.d/meson.build | 1 +
2 files changed, 21 insertions(+)
create mode 100644 rules.d/40-elevator.rules
diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
new file mode 100644
index 0000000000..dbe8fc81a4
--- /dev/null
+++ b/rules.d/40-elevator.rules
@@ -0,0 +1,20 @@
+# We aren't adding devices skip the elevator check
+ACTION!="add", GOTO="sched_out"
+
+SUBSYSTEM!="block", GOTO="sched_out"
+ENV{DEVTYPE}!="disk", GOTO="sched_out"
+
+# Technically, dm-multipath can be configured to use an I/O scheduler.
+# However, there are races between the 'add' uevent and the linking in
+# of the queue/scheduler sysfs file. For now, just skip dm- devices.
+KERNEL=="dm-*|md*", GOTO="sched_out"
+
+# Skip bio-based devices, which don't support an I/O scheduler.
+ATTR{queue/scheduler}=="none", GOTO="sched_out"
+
+# If elevator= is specified on the kernel command line, change the
+# scheduler to the one specified.
+IMPORT{cmdline}="elevator"
+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
+
+LABEL="sched_out"
\ No newline at end of file
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 72632979fa..b41c50cad3 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -5,6 +5,7 @@ install_data(
install_dir : udevrulesdir)
rules = files('''
+ 40-elevator.rules
40-redhat.rules
60-autosuspend.rules
60-block.rules

View File

@ -1,94 +0,0 @@
From 9c67a1570d89ff462cb51f4b2a6d2ed0af8e2e9c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 30 Aug 2021 18:38:09 +0200
Subject: [PATCH] boot: don't build bootctl when -Dgnu-efi=false is set
(cherry picked from commit fbe3a414e1d8f7b05dccf3d24d4fa475eb9c6bc9)
Resolves: #2003130
---
meson.build | 8 +++++---
shell-completion/bash/meson.build | 2 +-
shell-completion/zsh/meson.build | 2 +-
units/meson.build | 2 +-
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/meson.build b/meson.build
index 738879eb21..d28f04607a 100644
--- a/meson.build
+++ b/meson.build
@@ -1608,6 +1608,10 @@ else
endif
conf.set10('ENABLE_EFI', have)
+subdir('src/fundamental')
+subdir('src/boot/efi')
+conf.set10('HAVE_GNU_EFI', have_gnu_efi)
+
############################################################
build_bpf_skel_py = find_program('tools/build-bpf-skel.py')
@@ -1660,7 +1664,6 @@ includes = [libsystemd_includes, include_directories('src/shared')]
subdir('po')
subdir('catalog')
-subdir('src/fundamental')
subdir('src/basic')
subdir('src/libsystemd')
subdir('src/shared')
@@ -1751,7 +1754,6 @@ subdir('src/journal')
subdir('src/libsystemd-network')
subdir('src/analyze')
-subdir('src/boot/efi')
subdir('src/busctl')
subdir('src/coredump')
subdir('src/cryptenroll')
@@ -2145,7 +2147,7 @@ if conf.get('HAVE_PAM') == 1
install_dir : rootlibexecdir)
endif
-if conf.get('ENABLE_EFI') == 1 and conf.get('HAVE_BLKID') == 1
+if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1
public_programs += executable(
'bootctl',
'src/boot/bootctl.c',
diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build
index c26b413d92..bfdd2b01f0 100644
--- a/shell-completion/bash/meson.build
+++ b/shell-completion/bash/meson.build
@@ -33,7 +33,7 @@ items = [['busctl', ''],
['systemd-run', ''],
['udevadm', ''],
['kernel-install', ''],
- ['bootctl', 'ENABLE_EFI'],
+ ['bootctl', 'HAVE_GNU_EFI'],
['coredumpctl', 'ENABLE_COREDUMP'],
['homectl', 'ENABLE_HOMED'],
['hostnamectl', 'ENABLE_HOSTNAMED'],
diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build
index f5f9b0f993..3a92f303b8 100644
--- a/shell-completion/zsh/meson.build
+++ b/shell-completion/zsh/meson.build
@@ -28,7 +28,7 @@ items = [['_busctl', ''],
['_sd_outputmodes', ''],
['_sd_unit_files', ''],
['_sd_machines', ''],
- ['_bootctl', 'ENABLE_EFI'],
+ ['_bootctl', 'HAVE_GNU_EFI'],
['_coredumpctl', 'ENABLE_COREDUMP'],
['_hostnamectl', 'ENABLE_HOSTNAMED'],
['_localectl', 'ENABLE_LOCALED'],
diff --git a/units/meson.build b/units/meson.build
index 68be8d0108..27a2b60137 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -102,7 +102,7 @@ units = [
['systemd-ask-password-wall.path', '',
'multi-user.target.wants/'],
['systemd-ask-password-wall.service', ''],
- ['systemd-boot-system-token.service', 'ENABLE_EFI',
+ ['systemd-boot-system-token.service', 'HAVE_GNU_EFI',
'sysinit.target.wants/'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],

View File

@ -1,28 +0,0 @@
From 8f08b876d44d96b3f255ac5275a1daa3ccf9a801 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 21 Sep 2021 22:47:42 +0200
Subject: [PATCH] unit: install the systemd-bless-boot.service only if we have
gnu-efi
Follow-up to #20591.
(cherry picked from commit 220261ef940a126588b20a1765a2501811473839)
Related: #2003130
---
units/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/meson.build b/units/meson.build
index 27a2b60137..e06d883cd2 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -179,7 +179,7 @@ in_units = [
['systemd-backlight@.service', 'ENABLE_BACKLIGHT'],
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
- ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'],
+ ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'],
['systemd-boot-check-no-failures.service', ''],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
['systemd-pstore.service', 'ENABLE_PSTORE'],

View File

@ -1,26 +0,0 @@
From ab1ecca56e5a1cc5ad120958b1bb94c7854f3795 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 22 Sep 2021 14:38:00 +0200
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
RHEL-only
Related: #2000927
---
units/meson.build | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index e06d883cd2..40487d123e 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -154,8 +154,7 @@ units = [
['time-set.target', ''],
['time-sync.target', ''],
['timers.target', ''],
- ['tmp.mount', '',
- 'local-fs.target.wants/'],
+ ['tmp.mount', ''],
['umount.target', ''],
['usb-gadget.target', ''],
['user.slice', ''],

View File

@ -1,59 +0,0 @@
From 50a744391dbb1130d38b44700ae7e6649fcc9ffb Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
This should be hopefully high enough even for the very big deployments.
RHEL-only
Resolves: #2003031
---
man/systemd-system.conf.xml | 4 ++--
src/core/main.c | 2 +-
src/core/system.conf.in | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index c11dd46143..72c8db5890 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -389,10 +389,10 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
- For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
+ For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
but might be greater in other systems or smaller in OS containers.</para></listitem>
</varlistentry>
diff --git a/src/core/main.c b/src/core/main.c
index da6c50a1c4..f4fe7517fd 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -92,7 +92,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
static enum {
ACTION_RUN,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index e88280bd0a..f2c75fcd32 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -54,7 +54,7 @@
#DefaultBlockIOAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=80%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=

View File

@ -1,43 +0,0 @@
From 9c46b3e584fbb7be0a9e93471d30f2885bd194c9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:22:15 +0900
Subject: [PATCH] sd-device: introduce device_has_devlink()
(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f)
Related: #2005024
---
src/libsystemd/sd-device/device-private.h | 1 +
src/libsystemd/sd-device/sd-device.c | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h
index fe268d7f2f..9bb5eff208 100644
--- a/src/libsystemd/sd-device/device-private.h
+++ b/src/libsystemd/sd-device/device-private.h
@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device);
void device_set_devlink_priority(sd_device *device, int priority);
int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
int device_add_devlink(sd_device *device, const char *devlink);
+bool device_has_devlink(sd_device *device, const char *devlink);
int device_add_property(sd_device *device, const char *property, const char *value);
int device_add_tag(sd_device *device, const char *tag, bool both);
void device_remove_tag(sd_device *device, const char *tag);
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 388128bf33..8a9e4a33a1 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -1193,6 +1193,13 @@ int device_add_devlink(sd_device *device, const char *devlink) {
return 0;
}
+bool device_has_devlink(sd_device *device, const char *devlink) {
+ assert(device);
+ assert(devlink);
+
+ return set_contains(device->devlinks, devlink);
+}
+
static int device_add_property_internal_from_string(sd_device *device, const char *str) {
_cleanup_free_ char *key = NULL;
char *value;

View File

@ -1,305 +0,0 @@
From a4fba2d79634d660ed2014e18cb85eea090b6413 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:24:15 +0900
Subject: [PATCH] udev-node: split out permission handling from udev_node_add()
And then merge udev_node_add() and udev_node_update_old_links().
(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d)
Related: #2005024
---
src/udev/udev-event.c | 9 +-
src/udev/udev-node.c | 204 +++++++++++++++++++-----------------------
src/udev/udev-node.h | 12 ++-
3 files changed, 106 insertions(+), 119 deletions(-)
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index b28089be71..8b9f8aecfe 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -895,9 +895,6 @@ static int update_devnode(UdevEvent *event) {
if (r < 0)
return log_device_error_errno(dev, r, "Failed to get devnum: %m");
- /* remove/update possible left-over symlinks from old database entry */
- (void) udev_node_update_old_links(dev, event->dev_db_clone);
-
if (!uid_is_valid(event->uid)) {
r = device_get_devnode_uid(dev, &event->uid);
if (r < 0 && r != -ENOENT)
@@ -921,7 +918,11 @@ static int update_devnode(UdevEvent *event) {
bool apply_mac = device_for_action(dev, SD_DEVICE_ADD);
- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list);
+ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list);
+ if (r < 0)
+ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m");
+
+ return udev_node_update(dev, event->dev_db_clone);
}
static int event_execute_rules_on_remove(
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 9e52906571..7cc9ee3670 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;
}
-int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) {
- const char *name;
+static int device_get_devpath_by_devnum(sd_device *dev, char **ret) {
+ const char *subsystem;
+ dev_t devnum;
+ int r;
+
+ assert(dev);
+ assert(ret);
+
+ r = sd_device_get_subsystem(dev, &subsystem);
+ if (r < 0)
+ return r;
+
+ r = sd_device_get_devnum(dev, &devnum);
+ if (r < 0)
+ return r;
+
+ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret);
+}
+
+int udev_node_update(sd_device *dev, sd_device *dev_old) {
+ _cleanup_free_ char *filename = NULL;
+ const char *devnode, *devlink;
int r;
assert(dev);
assert(dev_old);
- /* update possible left-over symlinks */
- FOREACH_DEVICE_DEVLINK(dev_old, name) {
- const char *name_current;
- bool found = false;
+ r = sd_device_get_devname(dev, &devnode);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get devnode: %m");
- /* check if old link name still belongs to this device */
- FOREACH_DEVICE_DEVLINK(dev, name_current)
- if (streq(name, name_current)) {
- found = true;
- break;
- }
+ if (DEBUG_LOGGING) {
+ const char *id = NULL;
- if (found)
+ (void) device_get_device_id(dev, &id);
+ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id));
+ }
+
+ /* update possible left-over symlinks */
+ FOREACH_DEVICE_DEVLINK(dev_old, devlink) {
+ /* check if old link name still belongs to this device */
+ if (device_has_devlink(dev, devlink))
continue;
log_device_debug(dev,
- "Updating old device symlink '%s', which is no longer belonging to this device.",
- name);
+ "Removing/updating old device symlink '%s', which is no longer belonging to this device.",
+ devlink);
- r = link_update(dev, name, false);
+ r = link_update(dev, devlink, /* add = */ false);
if (r < 0)
log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- name);
+ "Failed to remove/update device symlink '%s', ignoring: %m",
+ devlink);
}
+ /* create/update symlinks, add symlinks to name index */
+ FOREACH_DEVICE_DEVLINK(dev, devlink) {
+ r = link_update(dev, devlink, /* add = */ true);
+ if (r < 0)
+ log_device_warning_errno(dev, r,
+ "Failed to create/update device symlink '%s', ignoring: %m",
+ devlink);
+ }
+
+ r = device_get_devpath_by_devnum(dev, &filename);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device path: %m");
+
+ /* always add /dev/{block,char}/$major:$minor */
+ r = node_symlink(dev, devnode, filename);
+ if (r < 0)
+ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename);
+
+ return 0;
+}
+
+int udev_node_remove(sd_device *dev) {
+ _cleanup_free_ char *filename = NULL;
+ const char *devlink;
+ int r;
+
+ assert(dev);
+
+ /* remove/update symlinks, remove symlinks from name index */
+ FOREACH_DEVICE_DEVLINK(dev, devlink) {
+ r = link_update(dev, devlink, /* add = */ false);
+ if (r < 0)
+ log_device_warning_errno(dev, r,
+ "Failed to remove/update device symlink '%s', ignoring: %m",
+ devlink);
+ }
+
+ r = device_get_devpath_by_devnum(dev, &filename);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device path: %m");
+
+ /* remove /dev/{block,char}/$major:$minor */
+ if (unlink(filename) < 0 && errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename);
+
return 0;
}
-static int node_permissions_apply(sd_device *dev, bool apply_mac,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list) {
+int udev_node_apply_permissions(
+ sd_device *dev,
+ bool apply_mac,
+ mode_t mode,
+ uid_t uid,
+ gid_t gid,
+ OrderedHashmap *seclabel_list) {
+
const char *devnode, *subsystem, *id = NULL;
bool apply_mode, apply_uid, apply_gid;
_cleanup_close_ int node_fd = -1;
@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
if (r < 0)
log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode);
- return r;
-}
-
-static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) {
- const char *subsystem;
- dev_t devnum;
- int r;
-
- assert(ret);
-
- r = sd_device_get_subsystem(dev, &subsystem);
- if (r < 0)
- return r;
-
- r = sd_device_get_devnum(dev, &devnum);
- if (r < 0)
- return r;
-
- return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret);
-}
-
-int udev_node_add(sd_device *dev, bool apply,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list) {
- const char *devnode, *devlink;
- _cleanup_free_ char *filename = NULL;
- int r;
-
- assert(dev);
-
- r = sd_device_get_devname(dev, &devnode);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get devnode: %m");
-
- if (DEBUG_LOGGING) {
- const char *id = NULL;
-
- (void) device_get_device_id(dev, &id);
- log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id));
- }
-
- r = node_permissions_apply(dev, apply, mode, uid, gid, seclabel_list);
- if (r < 0)
- return r;
-
- /* create/update symlinks, add symlinks to name index */
- FOREACH_DEVICE_DEVLINK(dev, devlink) {
- r = link_update(dev, devlink, true);
- if (r < 0)
- log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- devlink);
- }
-
- r = xsprintf_dev_num_path_from_sd_device(dev, &filename);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device path: %m");
-
- /* always add /dev/{block,char}/$major:$minor */
- r = node_symlink(dev, devnode, filename);
- if (r < 0)
- return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename);
-
- return 0;
-}
-
-int udev_node_remove(sd_device *dev) {
- _cleanup_free_ char *filename = NULL;
- const char *devlink;
- int r;
-
- assert(dev);
-
- /* remove/update symlinks, remove symlinks from name index */
- FOREACH_DEVICE_DEVLINK(dev, devlink) {
- r = link_update(dev, devlink, false);
- if (r < 0)
- log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- devlink);
- }
-
- r = xsprintf_dev_num_path_from_sd_device(dev, &filename);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device path: %m");
-
- /* remove /dev/{block,char}/$major:$minor */
- if (unlink(filename) < 0 && errno != ENOENT)
- return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename);
-
return 0;
}
diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h
index 2349f9c471..a34af77146 100644
--- a/src/udev/udev-node.h
+++ b/src/udev/udev-node.h
@@ -8,10 +8,14 @@
#include "hashmap.h"
-int udev_node_add(sd_device *dev, bool apply,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list);
+int udev_node_apply_permissions(
+ sd_device *dev,
+ bool apply_mac,
+ mode_t mode,
+ uid_t uid,
+ gid_t gid,
+ OrderedHashmap *seclabel_list);
int udev_node_remove(sd_device *dev);
-int udev_node_update_old_links(sd_device *dev, sd_device *dev_old);
+int udev_node_update(sd_device *dev, sd_device *dev_old);
size_t udev_node_escape_path(const char *src, char *dest, size_t size);

View File

@ -1,36 +0,0 @@
From 506dc32b2428936d67e9cf1a034d6b63dbc1cbb0 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:14:42 +0900
Subject: [PATCH] udev-node: stack directory must exist when adding device node
symlink
(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6)
Related: #2005024
---
src/udev/udev-node.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 7cc9ee3670..4496a2bd9b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
dir = opendir(stackdir);
if (!dir) {
- if (errno == ENOENT) {
- *ret = TAKE_PTR(target);
- return !!*ret;
- }
+ if (add) /* The stack directory must exist. */
+ return -errno;
+ if (errno != ENOENT)
+ return -errno;
- return -errno;
+ *ret = NULL;
+ return 0;
}
r = device_get_device_id(dev, &id);

View File

@ -1,250 +0,0 @@
From 065209fc7a53d6f296f7fffd261f0a92fddc4485 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:16:21 +0900
Subject: [PATCH] udev-node: save information about device node and priority in
symlink
Previously, we only store device IDs in /run/udev/links, and when
creating/removing device node symlink, we create sd_device object
corresponds to the IDs and read device node and priority from the
object. That requires parsing uevent and udev database files.
This makes link_find_prioritized() get the most prioritzed device node
without parsing the files.
(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943)
Related: #2005024
---
src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++-------------
1 file changed, 121 insertions(+), 51 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 4496a2bd9b..5d6aae0bd4 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -18,6 +18,7 @@
#include "fs-util.h"
#include "hexdecoct.h"
#include "mkdir.h"
+#include "parse-util.h"
#include "path-util.h"
#include "selinux-util.h"
#include "smack-util.h"
@@ -28,9 +29,9 @@
#include "udev-node.h"
#include "user-util.h"
-#define CREATE_LINK_MAX_RETRIES 128
-#define LINK_UPDATE_MAX_RETRIES 128
-#define TOUCH_FILE_MAX_RETRIES 128
+#define CREATE_LINK_MAX_RETRIES 128
+#define LINK_UPDATE_MAX_RETRIES 128
+#define CREATE_STACK_LINK_MAX_RETRIES 128
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
return r;
FOREACH_DIRENT_ALL(dent, dir, break) {
- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL;
- const char *devnode;
- int db_prio = 0;
+ _cleanup_free_ char *path = NULL, *buf = NULL;
+ int tmp_prio;
- if (dent->d_name[0] == '\0')
- break;
if (dent->d_name[0] == '.')
continue;
- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir);
-
- /* did we find ourself? */
+ /* skip ourself */
if (streq(dent->d_name, id))
continue;
- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0)
- continue;
+ path = path_join(stackdir, dent->d_name);
+ if (!path)
+ return -ENOMEM;
- if (sd_device_get_devname(dev_db, &devnode) < 0)
- continue;
+ if (readlink_malloc(path, &buf) >= 0) {
+ char *devnode;
- if (device_get_devlink_priority(dev_db, &db_prio) < 0)
- continue;
+ /* New format. The devnode and priority can be obtained from symlink. */
- if (target && db_prio <= priority)
- continue;
+ devnode = strchr(buf, ':');
+ if (!devnode || devnode == buf)
+ continue;
- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir);
+ *(devnode++) = '\0';
+ if (!path_startswith(devnode, "/dev"))
+ continue;
- r = free_and_strdup(&target, devnode);
- if (r < 0)
- return r;
- priority = db_prio;
+ if (safe_atoi(buf, &tmp_prio) < 0)
+ continue;
+
+ if (target && tmp_prio <= priority)
+ continue;
+
+ r = free_and_strdup(&target, devnode);
+ if (r < 0)
+ return r;
+ } else {
+ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL;
+ const char *devnode;
+
+ /* Old format. The devnode and priority must be obtained from uevent and
+ * udev database files. */
+
+ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0)
+ continue;
+
+ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0)
+ continue;
+
+ if (target && tmp_prio <= priority)
+ continue;
+
+ if (sd_device_get_devname(tmp_dev, &devnode) < 0)
+ continue;
+
+ r = free_and_strdup(&target, devnode);
+ if (r < 0)
+ return r;
+ }
+
+ priority = tmp_prio;
}
*ret = TAKE_PTR(target);
@@ -256,10 +285,72 @@ toolong:
return size - 1;
}
+static int update_stack_directory(sd_device *dev, const char *dirname, bool add) {
+ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL;
+ const char *devname, *id;
+ int priority, r;
+
+ assert(dev);
+ assert(dirname);
+
+ r = device_get_device_id(dev, &id);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device id: %m");
+
+ filename = path_join(dirname, id);
+ if (!filename)
+ return log_oom_debug();
+
+ if (!add) {
+ if (unlink(filename) < 0 && errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+
+ (void) rmdir(dirname);
+ return 0;
+ }
+
+ r = sd_device_get_devname(dev, &devname);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device node: %m");
+
+ r = device_get_devlink_priority(dev, &priority);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m");
+
+ if (asprintf(&data, "%i:%s", priority, devname) < 0)
+ return log_oom_debug();
+
+ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data))
+ return 0;
+
+ if (unlink(filename) < 0 && errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+
+ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) {
+ /* This may fail with -ENOENT when the parent directory is removed during
+ * creating the file by another udevd worker. */
+ r = mkdir_p(dirname, 0755);
+ if (r == -ENOENT)
+ continue;
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname);
+
+ if (symlink(data, filename) < 0) {
+ if (errno == ENOENT)
+ continue;
+ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename);
+ }
+
+ return 0;
+ }
+
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ELOOP), "Failed to create symbolic link %s: %m", filename);
+}
+
/* manage "stack of names" with possibly specified device priorities */
static int link_update(sd_device *dev, const char *slink_in, bool add) {
- _cleanup_free_ char *slink = NULL, *filename = NULL, *dirname = NULL;
- const char *slink_name, *id;
+ _cleanup_free_ char *slink = NULL, *dirname = NULL;
+ const char *slink_name;
char name_enc[NAME_MAX+1];
int i, r, retries;
@@ -279,35 +370,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL),
"Invalid symbolic link of device node: %s", slink);
- r = device_get_device_id(dev, &id);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device id: %m");
-
(void) udev_node_escape_path(slink_name, name_enc, sizeof(name_enc));
- dirname = path_join("/run/udev/links/", name_enc);
+ dirname = path_join("/run/udev/links", name_enc);
if (!dirname)
return log_oom_debug();
- filename = path_join(dirname, id);
- if (!filename)
- return log_oom_debug();
-
- if (!add) {
- if (unlink(filename) < 0 && errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
-
- (void) rmdir(dirname);
- } else {
- for (unsigned j = 0; j < TOUCH_FILE_MAX_RETRIES; j++) {
- /* This may fail with -ENOENT when the parent directory is removed during
- * creating the file by another udevd worker. */
- r = touch_file(filename, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444);
- if (r != -ENOENT)
- break;
- }
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to create %s: %m", filename);
- }
+ r = update_stack_directory(dev, dirname, add);
+ if (r < 0)
+ return r;
/* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
* will be fixed in the second invocation. */

View File

@ -1,146 +0,0 @@
From a13bd62f6cb8332864ed3566fdf51eedfe240043 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 12:57:40 +0900
Subject: [PATCH] udev-node: always update timestamp of stack directory
Please see the comments in the code.
(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174)
Related: #2005024
---
src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 87 insertions(+), 3 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 5d6aae0bd4..0de848da19 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -32,6 +32,7 @@
#define CREATE_LINK_MAX_RETRIES 128
#define LINK_UPDATE_MAX_RETRIES 128
#define CREATE_STACK_LINK_MAX_RETRIES 128
+#define UPDATE_TIMESTAMP_MAX_RETRIES 128
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -285,9 +286,60 @@ toolong:
return size - 1;
}
+static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) {
+ assert(path);
+ assert(prev);
+
+ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may
+ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume
+ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the
+ * same devlink simultaneously.
+ *
+ * 1. B creates/removes a symlink in the stack directory.
+ * 2. A calls the first stat() in the loop of link_update().
+ * 3. A calls link_find_prioritized().
+ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
+ * 5. B and C finish link_update().
+ * 6. A creates/removes devlink according to the outdated result in the step 3.
+ * 7. A calls the second stat() in the loop of link_update().
+ *
+ * If these 7 steps are processed in this order within a short time period that kernel's timer
+ * does not increase, then even if the contents in the stack directory is changed, the results
+ * of two stat() called by A shows the same timestamp, and A cannot detect the change.
+ *
+ * By calling this function after creating/removing symlinks in the stack directory, the
+ * timestamp of the stack directory is always increased at least in the above step 5, so A can
+ * detect the update. */
+
+ if ((prev->st_mode & S_IFMT) == 0)
+ return 0; /* Does not exist, or previous stat() failed. */
+
+ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) {
+ struct stat st;
+
+ if (stat(path, &st) < 0)
+ return -errno;
+
+ if (!stat_inode_unmodified(prev, &st))
+ return 0;
+
+ log_device_debug(dev,
+ "%s is modified, but its timestamp is not changed, "
+ "updating timestamp after 10ms.",
+ path);
+
+ (void) usleep(10 * USEC_PER_MSEC);
+ if (utimensat(AT_FDCWD, path, NULL, 0) < 0)
+ return -errno;
+ }
+
+ return -ELOOP;
+}
+
static int update_stack_directory(sd_device *dev, const char *dirname, bool add) {
_cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL;
const char *devname, *id;
+ struct stat st = {};
int priority, r;
assert(dev);
@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
return log_oom_debug();
if (!add) {
- if (unlink(filename) < 0 && errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+ bool unlink_failed = false;
+
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT)
+ return 0; /* The stack directory is already removed. That's OK. */
+ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname);
+ }
+
+ if (unlink(filename) < 0) {
+ unlink_failed = true;
+ if (errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+ }
+
+ if (rmdir(dirname) >= 0 || errno == ENOENT)
+ return 0;
+
+ if (unlink_failed)
+ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */
+
+ /* The symlink was removed. Check if the timestamp of directory is changed. */
+ r = update_timestamp(dev, dirname, &st);
+ if (r < 0 && r != -ENOENT)
+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname);
- (void) rmdir(dirname);
return 0;
}
@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname);
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT)
+ continue;
+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
+ }
+
if (symlink(data, filename) < 0) {
if (errno == ENOENT)
continue;
return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename);
}
+ /* The symlink was created. Check if the timestamp of directory is changed. */
+ r = update_timestamp(dev, dirname, &st);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname);
+
return 0;
}

View File

@ -1,34 +0,0 @@
From cf49a46c165619a0480d361a0afebb89e998f61c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 2 Sep 2021 06:58:59 +0900
Subject: [PATCH] udev-node: assume no new claim to a symlink if
/run/udev/links is not updated
During creating a symlink to a device node, if another device node which
requests the same symlink is added/removed, `stat_inode_unmodified()`
should always detects that. We do not need to continue the loop
unconditionally.
(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df)
Related: #2005024
---
src/udev/udev-node.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 0de848da19..1a34ea8128 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
r = node_symlink(dev, target, slink);
if (r < 0)
return r;
- if (r == 1)
- /* We have replaced already existing symlink, possibly there is some other device trying
- * to claim the same symlink. Let's do one more iteration to give us a chance to fix
- * the error if other device actually claims the symlink with higher priority. */
- continue;
/* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */
if ((st1.st_mode & S_IFMT) != 0) {

View File

@ -1,92 +0,0 @@
From 1561b9e2c9ea779ab611f52fd8b4eef616896e09 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 02:20:33 +0900
Subject: [PATCH] udev-node: always atomically create symlink to device node
By the previous commit, it is not necessary to distinguish if the devlink
already exists. Also, I cannot find any significant advantages of the
previous complecated logic, that is, first try to create directly, and then
fallback to atomically creation. Moreover, such logic increases the chance
of conflicts between multiple udev workers.
This makes devlinks always created atomically. Hopefully, this reduces the
conflicts between the workers.
(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70)
Related: #2005024
---
src/udev/udev-node.c | 42 +++++++++---------------------------------
1 file changed, 9 insertions(+), 33 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 1a34ea8128..46c04fe00b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
assert(node);
assert(slink);
+ if (lstat(slink, &stats) >= 0) {
+ if (!S_ISLNK(stats.st_mode))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
+ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node);
+ } else if (errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink);
+
r = path_extract_directory(slink, &slink_dirname);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink);
@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node);
- if (lstat(slink, &stats) >= 0) {
- _cleanup_free_ char *buf = NULL;
-
- if (!S_ISLNK(stats.st_mode))
- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node);
-
- if (readlink_malloc(slink, &buf) >= 0 &&
- path_equal(target, buf)) {
- /* preserve link with correct target, do not replace node of other device */
- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target);
-
- (void) label_fix(slink, LABEL_IGNORE_ENOENT);
- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW);
-
- return 0;
- }
- } else if (errno == ENOENT) {
- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target);
-
- r = create_symlink(target, slink);
- if (r >= 0)
- return 0;
-
- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink);
- } else
- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink);
-
- log_device_debug(dev, "Atomically replace '%s'", slink);
-
r = device_get_device_id(dev, &id);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get device id: %m");
- slink_tmp = strjoina(slink, ".tmp-", id);
+ slink_tmp = strjoina(slink, ".tmp-", id);
(void) unlink(slink_tmp);
r = create_symlink(target, slink_tmp);
@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
return r;
}
- /* Tell caller that we replaced already existing symlink. */
- return 1;
+ return 0;
}
static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) {

View File

@ -1,44 +0,0 @@
From a3389b23db9b9ab1ad11f181f036be35aade8c31 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:44:26 +0900
Subject: [PATCH] udev-node: check stack directory change even if devlink is
removed
Otherwise, when multiple device additions and removals occur
simultaneously, symlink to unexisting devnode may be created.
Hopefully fixes #19946.
(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8)
Related: #2005024
---
src/udev/udev-node.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 46c04fe00b..28e6e8df94 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
if (r < 0)
return r;
- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */
- if ((st1.st_mode & S_IFMT) != 0) {
- r = stat(dirname, &st2);
- if (r < 0 && errno != ENOENT)
- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
-
- if (stat_inode_unmodified(&st1, &st2))
- break;
- }
+ if (stat(dirname, &st2) < 0 && errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
+
+ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) ||
+ stat_inode_unmodified(&st1, &st2))
+ return 0;
}
return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;

View File

@ -1,32 +0,0 @@
From 52938c3ed27ebaadce97060ad8ebdcb351403d90 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 2 Sep 2021 08:23:35 +0900
Subject: [PATCH] udev-node: shorten code a bit and update log message
(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea)
Related: #2005024
---
src/udev/udev-node.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 28e6e8df94..2e7df899e4 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
- r = stat(dirname, &st1);
- if (r < 0 && errno != ENOENT)
+ if (stat(dirname, &st1) < 0 && errno != ENOENT)
return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
r = link_find_prioritized(dev, add, dirname, &target);
if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink);
+ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink);
if (r == 0) {
log_device_debug(dev, "No reference left for '%s', removing", slink);

View File

@ -1,59 +0,0 @@
From 75275ae07233e213fe03a1a33870efe10dbb2b39 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:34:48 +0900
Subject: [PATCH] udev-node: add random delay on conflict in updating device
node symlink
To make multiple workers not update the same device node symlink
simultaneously.
(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a)
Related: #2005024
---
src/udev/udev-node.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 2e7df899e4..675e6ce313 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -20,12 +20,14 @@
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
+#include "random-util.h"
#include "selinux-util.h"
#include "smack-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "strxcpyx.h"
+#include "time-util.h"
#include "udev-node.h"
#include "user-util.h"
@@ -33,6 +35,8 @@
#define LINK_UPDATE_MAX_RETRIES 128
#define CREATE_STACK_LINK_MAX_RETRIES 128
#define UPDATE_TIMESTAMP_MAX_RETRIES 128
+#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC)
+#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC)
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -447,6 +451,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
+ if (i > 0) {
+ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY);
+
+ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.",
+ dirname, slink, FORMAT_TIMESPAN(delay, USEC_PER_MSEC));
+ (void) usleep(delay);
+ }
+
if (stat(dirname, &st1) < 0 && errno != ENOENT)
return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);

View File

@ -1,80 +0,0 @@
From c715be5f677ab61704ffe358716cf700d662b82d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:29:42 +0900
Subject: [PATCH] udev-node: drop redundant trial of devlink creation
Previously, the devlink was created based on the priority saved in udev
database. So, we needed to reevaluate devlinks after database is saved.
But now the priority is stored in the symlink under /run/udev/links, and
the loop of devlink creation is controlled with the timestamp of the
directory. So, the double evaluation is not necessary anymore.
(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f)
Related: #2005024
---
src/udev/udev-event.c | 5 +----
src/udev/udev-node.c | 12 ++++--------
2 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index 8b9f8aecfe..c77f55c67e 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -1060,10 +1060,7 @@ int udev_event_execute_rules(
device_set_is_initialized(dev);
- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database,
- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure
- * symlinks point to devices that claim them with the highest priority. */
- return update_devnode(event);
+ return 0;
}
void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) {
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 675e6ce313..bb551d86b0 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *slink = NULL, *dirname = NULL;
const char *slink_name;
char name_enc[NAME_MAX+1];
- int i, r, retries;
+ int r;
assert(dev);
assert(slink_in);
@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
if (r < 0)
return r;
- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
- * will be fixed in the second invocation. */
- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1;
-
- for (i = 0; i < retries; i++) {
+ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
@@ -472,7 +468,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink);
(void) rmdir_parents(slink, "/dev");
- break;
+ return 0;
}
r = node_symlink(dev, target, slink);
@@ -487,7 +483,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return 0;
}
- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;
+ return -ELOOP;
}
static int device_get_devpath_by_devnum(sd_device *dev, char **ret) {

View File

@ -1,36 +0,0 @@
From 13293ddc7822025cb9f785262655f928634395f6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 12 Sep 2021 16:05:51 +0900
Subject: [PATCH] udev-node: simplify the example of race
(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce)
Related: #2005024
---
src/udev/udev-node.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index bb551d86b0..61cb9a449b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev)
/* Even if a symlink in the stack directory is created/removed, the mtime of the directory may
* not be changed. Why? Let's consider the following situation. For simplicity, let's assume
- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the
- * same devlink simultaneously.
+ * there exist two udev workers (A and B) and all of them calls link_update() for the same
+ * devlink simultaneously.
*
- * 1. B creates/removes a symlink in the stack directory.
+ * 1. A creates/removes a symlink in the stack directory.
* 2. A calls the first stat() in the loop of link_update().
* 3. A calls link_find_prioritized().
- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
- * 5. B and C finish link_update().
+ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
+ * 5. B finishes link_update().
* 6. A creates/removes devlink according to the outdated result in the step 3.
* 7. A calls the second stat() in the loop of link_update().
*

View File

@ -1,59 +0,0 @@
From 969b05b3f1dc644e821756205450b06a30c79d7f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 12 Sep 2021 16:14:27 +0900
Subject: [PATCH] udev-node: do not ignore unexpected errors on removing
symlink in stack directory
Only acceptable error here is -ENOENT.
(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663)
Related: #2005024
---
src/udev/udev-node.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 61cb9a449b..e1fb387cb9 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
return log_oom_debug();
if (!add) {
- bool unlink_failed = false;
+ int unlink_error = 0, stat_error = 0;
if (stat(dirname, &st) < 0) {
if (errno == ENOENT)
return 0; /* The stack directory is already removed. That's OK. */
- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname);
+ stat_error = -errno;
}
- if (unlink(filename) < 0) {
- unlink_failed = true;
- if (errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
- }
+ if (unlink(filename) < 0)
+ unlink_error = -errno;
if (rmdir(dirname) >= 0 || errno == ENOENT)
return 0;
- if (unlink_failed)
- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */
+ if (unlink_error < 0) {
+ if (unlink_error == -ENOENT)
+ return 0;
+
+ /* If we failed to remove the symlink, then there is almost nothing we can do. */
+ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename);
+ }
+
+ if (stat_error < 0)
+ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname);
/* The symlink was removed. Check if the timestamp of directory is changed. */
r = update_timestamp(dev, dirname, &st);

View File

@ -1,25 +0,0 @@
From 1cbcfc6f69e50d309698b6aa16a48b7f282913f5 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 09:28:29 +0200
Subject: [PATCH] basic/time-util: introduce FORMAT_TIMESPAN
This is cherry-pick of the relevant part from the tree-wide change in
5291f26d4a6.
Related: #2005024
---
src/basic/time-util.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/time-util.h b/src/basic/time-util.h
index 2bd947d6a8..8254913930 100644
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@@ -67,6 +67,7 @@ typedef enum TimestampStyle {
#define FORMAT_TIMESTAMP_WIDTH 28U /* when outputting, assume this width */
#define FORMAT_TIMESTAMP_RELATIVE_MAX 256U
#define FORMAT_TIMESPAN_MAX 64U
+#define FORMAT_TIMESPAN(t, accuracy) format_timespan((char[FORMAT_TIMESPAN_MAX]){}, FORMAT_TIMESPAN_MAX, t, accuracy)
#define TIME_T_MAX (time_t)((UINTMAX_C(1) << ((sizeof(time_t) << 3) - 1)) - 1)

View File

@ -1,51 +0,0 @@
From 59bad0f7db6d56c359816bc048341b38b824e460 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
"none"
While stable MAC address for interface types that don't have the
address provided by HW could be useful it also breaks LACP based bonds.
Let's err on the side of caution and don't change the MAC address from
udev.
Resolves: #2009237
---
man/systemd.link.xml | 2 +-
network/99-default.link | 2 +-
test/fuzz/fuzz-link-parser/99-default.link | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 1093e2e0b8..095d8b4873 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -816,7 +816,7 @@
<programlisting>[Link]
NamePolicy=kernel database onboard slot path
-MACAddressPolicy=persistent</programlisting>
+MACAddressPolicy=none</programlisting>
</example>
<example>
diff --git a/network/99-default.link b/network/99-default.link
index bca660ac28..31aee37e75 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -13,4 +13,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none
diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
index feb5b1fbb0..3d755898b4 100644
--- a/test/fuzz/fuzz-link-parser/99-default.link
+++ b/test/fuzz/fuzz-link-parser/99-default.link
@@ -9,4 +9,4 @@
[Link]
NamePolicy=keep kernel database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

View File

@ -1,25 +0,0 @@
From 2edaafdfacc14088d7b6f04eec578bd048057103 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 25 Jan 2021 16:19:56 +0100
Subject: [PATCH] set core ulimit to 0 like on RHEL-7
RHEL-only
Resolves: #1998509
---
src/core/system.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index f2c75fcd32..c290b14b8b 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -59,7 +59,7 @@
#DefaultLimitFSIZE=
#DefaultLimitDATA=
#DefaultLimitSTACK=
-#DefaultLimitCORE=
+DefaultLimitCORE=0:infinity
#DefaultLimitRSS=
#DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}}
#DefaultLimitAS=

View File

@ -1,60 +0,0 @@
From 8efa0b5f989d977eca51617a314ec4fdc32fb3d1 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 20 Oct 2021 19:43:34 +0200
Subject: [PATCH] test: don't install test-network-generator-conversion.sh w/o
networkd
otherwise TEST-02 will fail:
```
=== Failed test log ===
--- test-network-generator-conversion.sh begin ---
+ [[ -n '' ]]
+ [[ -x /usr/lib/systemd/systemd-network-generator ]]
+ [[ -x /lib/systemd/systemd-network-generator ]]
+ exit 1
--- test-network-generator-conversion.sh end ---
```
Before:
```
$ meson build -Dnetworkd=false -Dinstall-tests=true
$ ninja -C build
$ DESTDIR=$PWD/test-install ninja -C build install
$ find test-install/ -name test-network-generator-conversion.sh
test-install/usr/lib/systemd/tests/test-network-generator-conversion.sh
```
After:
```
$ find test-install/ -name test-network-generator-conversion.sh
<no output>
```
(cherry picked from commit 140557021ad1a3946319fff1a87831eb02d6a1a0)
Related: #2017035
---
test/meson.build | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/test/meson.build b/test/meson.build
index 47c7f4d49a..27b37a9ae7 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -98,9 +98,12 @@ if install_tests
install_data('run-unit-tests.py',
install_mode : 'rwxr-xr-x',
install_dir : testsdir)
- install_data('test-network-generator-conversion.sh',
- install_mode : 'rwxr-xr-x',
- install_dir : testsdir)
+
+ if conf.get('ENABLE_NETWORKD') == 1
+ install_data('test-network-generator-conversion.sh',
+ install_mode : 'rwxr-xr-x',
+ install_dir : testsdir)
+ endif
endif
############################################################

View File

@ -1,32 +0,0 @@
From 7d7562db194f6b521d93ef370176922d0ac68331 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@canonical.com>
Date: Fri, 3 Sep 2021 12:43:33 -0400
Subject: [PATCH] meson.build: change operator combining bools from + to and
upstream meson stopped allowing combining boolean with the plus
operator, and now requires using the logical and operator
reference:
https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c
Fixes: #20632
(cherry picked from commit c29537f39e4f413a6cbfe9669fa121bdd6d8b36f)
Related: #2017035
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index d28f04607a..f21ec5bb94 100644
--- a/meson.build
+++ b/meson.build
@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer',
want_ossfuzz = get_option('oss-fuzz')
want_libfuzzer = get_option('llvm-fuzz')
-if want_ossfuzz + want_libfuzzer > 1
+if want_ossfuzz and want_libfuzzer
error('only one of oss-fuzz or llvm-fuzz can be specified')
endif

View File

@ -1,37 +0,0 @@
From 387ba3f36092f2072ee6a05abeac27deaca177bd Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 29 Sep 2021 15:03:44 +0200
Subject: [PATCH] openssl-util: use EVP API to get RSA bits
(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92)
Resolves: #2016042
---
src/shared/openssl-util.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index bb47ae5e87..bd728e6c7c 100644
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size(
size_t *ret_suitable_key_size) {
size_t suitable_key_size;
- const RSA *rsa;
int bits;
assert_se(pkey);
@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size(
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key.");
- rsa = EVP_PKEY_get0_RSA(pkey);
- if (!rsa)
- return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate.");
-
- bits = RSA_bits(rsa);
+ bits = EVP_PKEY_bits(pkey);
log_debug("Bits in RSA key: %i", bits);
/* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only

View File

@ -1,315 +0,0 @@
From 862ded47343a782d70f7d4421a6a2e4e33684e5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 2 Nov 2021 18:18:21 +0100
Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum
value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From packit/rawhide-arm64 logs:
Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting.
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
The kernel has a few different limits. In particular kernel.threads-max can be
set to some lower value, and kernel.pid_max can be set to a higher value. This
is nice because it reduces PID reuse, even if the number of threads that is
allowed is limited. But the tests assumed that we cannot have a thread with
PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid.
So let's rework the whole thing: let's expose the helpers to read
kernel.threads-max and kernel.pid_max, and print what they return in tests.
procfs_tasks_get_limit() was something that is only used in tests, and wasn't
very well defined, so let's drop it.
Fixes #21193.
(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c)
Related: #2017035
---
src/basic/limits-util.c | 50 ++++++++++++++++++++++++----------
src/basic/procfs-util.c | 53 +++++++++---------------------------
src/basic/procfs-util.h | 4 ++-
src/test/test-process-util.c | 10 +++++--
src/test/test-procfs-util.c | 34 ++++++++++++++++-------
5 files changed, 84 insertions(+), 67 deletions(-)
diff --git a/src/basic/limits-util.c b/src/basic/limits-util.c
index 9f8e26d46a..435a2a0efe 100644
--- a/src/basic/limits-util.c
+++ b/src/basic/limits-util.c
@@ -109,35 +109,57 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) {
}
uint64_t system_tasks_max(void) {
- uint64_t a = TASKS_MAX, b = TASKS_MAX;
+ uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX;
_cleanup_free_ char *root = NULL;
int r;
- /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this
- * limit:
+ /* Determine the maximum number of tasks that may run on this system. We check three sources to
+ * determine this limit:
*
- * a) the maximum tasks value the kernel allows on this architecture
- * b) the cgroups pids_max attribute for the system
- * c) the kernel's configured maximum PID value
+ * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows.
*
- * And then pick the smallest of the three */
+ * This puts a direct limit on the number of concurrent tasks.
+ *
+ * b) kernel.pid_max sysctl: the maximum PID value.
+ *
+ * This limits the numeric range PIDs can take, and thus indirectly also limits the number of
+ * concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed
+ * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond
+ * INT16_MAX by default.
+ *
+ * Also note the weird definition: PIDs assigned will be kept below this value, which means
+ * the number of tasks that can be created is one lower, as PID 0 is not a valid process ID.
+ *
+ * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks.
+ *
+ * and then pick the smallest of the three.
+ *
+ * By default pid_max is set to much lower values than threads-max, hence the limit people come into
+ * contact with first, as it's the lowest boundary they need to bump when they want higher number of
+ * processes.
+ */
+
+ r = procfs_get_threads_max(&a);
+ if (r < 0)
+ log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m");
- r = procfs_tasks_get_limit(&a);
+ r = procfs_get_pid_max(&b);
if (r < 0)
- log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m");
+ log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m");
+ else if (b > 0)
+ /* Subtract one from pid_max, since PID 0 is not a valid PID */
+ b--;
r = cg_get_root_path(&root);
if (r < 0)
log_debug_errno(r, "Failed to determine cgroup root path, ignoring: %m");
else {
- r = cg_get_attribute_as_uint64("pids", root, "pids.max", &b);
+ r = cg_get_attribute_as_uint64("pids", root, "pids.max", &c);
if (r < 0)
- log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m");
+ log_debug_errno(r, "Failed to read pids.max attribute of root cgroup, ignoring: %m");
}
- return MIN3(TASKS_MAX,
- a <= 0 ? TASKS_MAX : a,
- b <= 0 ? TASKS_MAX : b);
+ return MIN3(a, b, c);
}
uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) {
diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
index 9234ccaf85..a29e776a3a 100644
--- a/src/basic/procfs-util.c
+++ b/src/basic/procfs-util.c
@@ -12,54 +12,34 @@
#include "stdio-util.h"
#include "string-util.h"
-int procfs_tasks_get_limit(uint64_t *ret) {
+int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
- uint64_t pid_max, threads_max;
int r;
assert(ret);
- /* So there are two sysctl files that control the system limit of processes:
- *
- * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on
- * concurrent tasks.
- *
- * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number
- * of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed
- * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by
- * default.
- *
- * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as
- * it's the lowest boundary they need to bump when they want higher number of processes.
- *
- * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of
- * tasks that can be created is one lower, as PID 0 is not a valid process ID. */
-
r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
if (r < 0)
return r;
- r = safe_atou64(value, &pid_max);
- if (r < 0)
- return r;
+ return safe_atou64(value, ret);
+}
- value = mfree(value);
- r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
- if (r < 0)
- return r;
+int procfs_get_threads_max(uint64_t *ret) {
+ _cleanup_free_ char *value = NULL;
+ int r;
- r = safe_atou64(value, &threads_max);
+ assert(ret);
+
+ r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
if (r < 0)
return r;
- /* Subtract one from pid_max, since PID 0 is not a valid PID */
- *ret = MIN(pid_max-1, threads_max);
- return 0;
+ return safe_atou64(value, ret);
}
int procfs_tasks_set_limit(uint64_t limit) {
char buffer[DECIMAL_STR_MAX(uint64_t)+1];
- _cleanup_free_ char *value = NULL;
uint64_t pid_max;
int r;
@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) {
* set it to the maximum. */
limit = CLAMP(limit, 20U, TASKS_MAX);
- r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
- if (r < 0)
- return r;
- r = safe_atou64(value, &pid_max);
+ r = procfs_get_pid_max(&pid_max);
if (r < 0)
return r;
@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) {
/* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not
* generate an error */
- value = mfree(value);
- if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0)
- return r; /* return original error */
-
- if (safe_atou64(value, &threads_max) < 0)
+ if (procfs_get_threads_max(&threads_max) < 0)
return r; /* return original error */
- if (MIN(pid_max-1, threads_max) != limit)
+ if (MIN(pid_max - 1, threads_max) != limit)
return r; /* return original error */
/* Yay! Value set already matches what we were trying to set, hence consider this a success. */
diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
index 61fa71d479..eb8c7738b1 100644
--- a/src/basic/procfs-util.h
+++ b/src/basic/procfs-util.h
@@ -5,7 +5,9 @@
#include "time-util.h"
-int procfs_tasks_get_limit(uint64_t *ret);
+int procfs_get_pid_max(uint64_t *ret);
+int procfs_get_threads_max(uint64_t *ret);
+
int procfs_tasks_set_limit(uint64_t limit);
int procfs_tasks_get_current(uint64_t *ret);
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 8c76392ae9..d89ce6e2db 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -850,8 +850,14 @@ static void test_get_process_ppid(void) {
assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
/* the process with the PID above the global limit definitely doesn't exist. Verify that */
- assert_se(procfs_tasks_get_limit(&limit) >= 0);
- assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+ assert_se(procfs_get_pid_max(&limit) >= 0);
+ log_debug("kernel.pid_max = %"PRIu64, limit);
+
+ if (limit < INT_MAX) {
+ r = get_process_ppid(limit + 1, NULL);
+ log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r);
+ assert(r == -ESRCH);
+ }
for (pid_t pid = 0;;) {
_cleanup_free_ char *c1 = NULL, *c2 = NULL;
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index b2679e30fb..876ef40dfd 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -6,12 +6,13 @@
#include "format-util.h"
#include "log.h"
#include "procfs-util.h"
+#include "process-util.h"
#include "tests.h"
int main(int argc, char *argv[]) {
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
nsec_t nsec;
- uint64_t v;
+ uint64_t v, w;
int r;
log_parse_environment();
@@ -26,26 +27,39 @@ int main(int argc, char *argv[]) {
assert_se(procfs_tasks_get_current(&v) >= 0);
log_info("Current number of tasks: %" PRIu64, v);
- r = procfs_tasks_get_limit(&v);
- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
- return log_tests_skipped("can't read /proc/sys/kernel/pid_max");
+ v = TASKS_MAX;
+ r = procfs_get_pid_max(&v);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.pid_max: %"PRIu64, v);
+
+ w = TASKS_MAX;
+ r = procfs_get_threads_max(&w);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.threads-max: %"PRIu64, w);
+
+ v = MIN(v - (v > 0), w);
assert_se(r >= 0);
log_info("Limit of tasks: %" PRIu64, v);
assert_se(v > 0);
- assert_se(procfs_tasks_set_limit(v) >= 0);
+ r = procfs_tasks_set_limit(v);
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
+ return log_tests_skipped("can't set task limits");
+ assert(r >= 0);
if (v > 100) {
- uint64_t w;
+ log_info("Reducing limit by one to %"PRIu64"…", v-1);
+
r = procfs_tasks_set_limit(v-1);
- assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS));
+ log_info_errno(r, "procfs_tasks_set_limit: %m");
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
- assert_se(procfs_tasks_get_limit(&w) >= 0);
- assert_se((r == 0 && w == v - 1) || (r < 0 && w == v));
+ assert_se(procfs_get_threads_max(&w) >= 0);
+ assert_se(r >= 0 ? w == v - 1 : w == v);
assert_se(procfs_tasks_set_limit(v) >= 0);
- assert_se(procfs_tasks_get_limit(&w) >= 0);
+ assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(v == w);
}

View File

@ -1,31 +0,0 @@
From e43e8caf2f2699de7da1f072bcc7c25e125313e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Nov 2021 09:39:16 +0100
Subject: [PATCH] test-process-util: also add EROFS to the list of "good"
errors
It is only added in the one place where we actually try to set the
setting to a new value. Before we were testing if we can set to it the
existing value, which was a noop. We could still get a permission error,
but this is the first place where we would propagate EROFS.
(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950)
Related: #2017035
---
src/test/test-procfs-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index 876ef40dfd..f19a41475d 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -52,7 +52,7 @@ int main(int argc, char *argv[]) {
r = procfs_tasks_set_limit(v-1);
log_info_errno(r, "procfs_tasks_set_limit: %m");
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(r >= 0 ? w == v - 1 : w == v);

View File

@ -1,27 +0,0 @@
From 5c8d698f3905c860eff17b84a32bb7acfb98d931 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 4 Nov 2021 12:31:32 +0100
Subject: [PATCH] ci: use C9S chroots in Packit
rhel-only
Related: #2017035
---
.packit.yml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.packit.yml b/.packit.yml
index 3461bccbc5..ce8782aae2 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -37,9 +37,8 @@ jobs:
trigger: pull_request
metadata:
targets:
- # FIXME: change to CentOS 9 once it's available
- - fedora-34-x86_64
- - fedora-34-aarch64
+ - centos-stream-9-x86_64
+ - centos-stream-9-aarch64
# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
# Run tests (via testing farm)

View File

@ -1,136 +0,0 @@
From 5a86b79c5f79215a17f6617ae925dc76b25396a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
RHEL notes: af918c4 should mitigate this issue, but in some build
systems (Copr, brew, etc.) we don't have enough privileges to create a
new mount namespace
Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
rhel-only
Related: #2017035
---
src/test/test-mountpoint-util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 983e1842d6..66d476d06d 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -91,8 +91,12 @@ static void test_mnt_id(void) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
* that's really the case */
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
- assert_se(path_equal(p, t));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
}

View File

@ -1,30 +0,0 @@
From ea4ebf86d25fb9c489d1cf1ca42371b7e2e782aa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 29 Aug 2021 21:20:43 +0900
Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount
unit is generated from /proc/self/mountinfo
Hopefully fixes #20566.
(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11)
Resolves: #2019468
---
src/core/mount.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index 1fd3102ad3..f2c85e0e5d 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1582,6 +1582,10 @@ static int mount_setup_new_unit(
if (r < 0)
return r;
+ r = mount_add_non_exec_dependencies(MOUNT(u));
+ if (r < 0)
+ return r;
+
/* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load
* the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps
* to. */

View File

@ -78,53 +78,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# patches in this range before applying upstream pull requests.
# RHEL-specific
Patch0001: 0001-logind-set-RemoveIPC-to-false-by-default.patch
Patch0002: 0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Patch0003: 0003-basic-unit-name-adjust-comments.patch
Patch0004: 0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
Patch0005: 0005-Copy-40-redhat.rules-from-RHEL-8.patch
Patch0006: 0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch0007: 0007-unit-don-t-add-Requires-for-tmp.mount.patch
Patch0008: 0008-units-add-Install-section-to-tmp.mount.patch
Patch0009: 0009-rc-local-order-after-network-online.target.patch
Patch0010: 0010-ci-drop-CIs-irrelevant-for-downstream.patch
Patch0011: 0011-ci-reconfigure-Packit-for-RHEL-9.patch
Patch0012: 0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch
Patch0013: 0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch
Patch0014: 0014-random-util-increase-random-seed-size-to-1024.patch
Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch
Patch0016: 0016-journald.conf-don-t-touch-current-audit-settings.patch
Patch0017: 0017-Revert-udev-remove-WAIT_FOR-key.patch
Patch0018: 0018-Really-don-t-enable-systemd-journald-audit.socket.patch
Patch0019: 0019-rules-add-elevator-kernel-command-line-parameter.patch
Patch0020: 0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch
Patch0021: 0021-unit-install-the-systemd-bless-boot.service-only-if-.patch
Patch0022: 0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
Patch0023: 0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
Patch0024: 0024-sd-device-introduce-device_has_devlink.patch
Patch0025: 0025-udev-node-split-out-permission-handling-from-udev_no.patch
Patch0026: 0026-udev-node-stack-directory-must-exist-when-adding-dev.patch
Patch0027: 0027-udev-node-save-information-about-device-node-and-pri.patch
Patch0028: 0028-udev-node-always-update-timestamp-of-stack-directory.patch
Patch0029: 0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch
Patch0030: 0030-udev-node-always-atomically-create-symlink-to-device.patch
Patch0031: 0031-udev-node-check-stack-directory-change-even-if-devli.patch
Patch0032: 0032-udev-node-shorten-code-a-bit-and-update-log-message.patch
Patch0033: 0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch
Patch0034: 0034-udev-node-drop-redundant-trial-of-devlink-creation.patch
Patch0035: 0035-udev-node-simplify-the-example-of-race.patch
Patch0036: 0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch
Patch0037: 0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch
Patch0038: 0038-udev-net-setup-link-change-the-default-MACAddressPol.patch
Patch0039: 0039-set-core-ulimit-to-0-like-on-RHEL-7.patch
Patch0040: 0040-test-don-t-install-test-network-generator-conversion.patch
Patch0041: 0041-meson.build-change-operator-combining-bools-from-to-.patch
Patch0042: 0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch
Patch0043: 0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch
Patch0044: 0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch
Patch0045: 0045-ci-use-C9S-chroots-in-Packit.patch
Patch0046: 0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
Patch0047: 0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch
# Downstream-only patches (90009999)