rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-54.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-12-04 06:58:17 +00:00 committed by Stepan Oksanichenko
parent 8292cc06c0
commit 0ab46f1dd7
64 changed files with 3153 additions and 1782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
SOURCES/0637-define-newly-needed-constants.patch
View File

@ -1,60 +0,0 @@
From 81b23f487eeffbc0e217c4e57567cfb70842f668 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 26 Nov 2020 16:29:10 +0100
Subject: [PATCH] define newly needed constants
Related: #1850986
---
src/basic/missing.h | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 14ad3d4914..b9376617fc 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -747,10 +747,13 @@ struct input_mask {
#define IFLA_NUM_RX_QUEUES 32
#define IFLA_CARRIER 33
#define IFLA_PHYS_PORT_ID 34
-#define __IFLA_MAX 35
+#endif
+
+#define IFLA_PROP_LIST 52
+#define IFLA_ALT_IFNAME 53
+#define __IFLA_MAX 53
#define IFLA_MAX (__IFLA_MAX - 1)
-#endif
#if !HAVE_IFLA_BOND_AD_INFO
#define IFLA_BOND_UNSPEC 0
@@ -1045,6 +1048,18 @@ struct input_mask {
#define RTA_EXPIRES 23
#endif
+#ifndef RTM_NEWLINKPROP
+#define RTM_NEWLINKPROP 108
+#endif
+
+#ifndef RTM_DELLINKPROP
+#define RTM_DELLINKPROP 109
+#endif
+
+#ifndef RTM_GETLINKPROP
+#define RTM_GETLINKPROP 110
+#endif
+
#ifndef IPV6_UNICAST_IF
#define IPV6_UNICAST_IF 76
#endif
@@ -1057,6 +1072,10 @@ struct input_mask {
#define IPV4_MIN_MTU 68
#endif
+#ifndef ALTIFNAMSIZ
+#define ALTIFNAMSIZ 128
+#endif
+
#ifndef IFF_MULTI_QUEUE
#define IFF_MULTI_QUEUE 0x100
#endif

4
SOURCES/0657-sd-hwdb-allow-empty-properties.patch → SOURCES/0637-sd-hwdb-allow-empty-properties.patch
View File

@ -1,4 +1,4 @@
From cd407514366a2ec2c32ebc7a5b405d37005456fd Mon Sep 17 00:00:00 2001
From 2ab6e6ae9853e410310268efc0cea7f2276979ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 20 Oct 2020 17:12:42 +0200
Subject: [PATCH] sd-hwdb: allow empty properties
@ -9,7 +9,7 @@ override properties (back to the empty) value for specific cases.
(cherry picked from commit afe87974dd57741f74dd87165b251886f24c859f)
Related: #1930568
Related: #2005009
---
src/hwdb/hwdb.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

4
SOURCES/0658-Update-hwdb.patch → SOURCES/0638-Update-hwdb.patch
View File

@ -1,9 +1,9 @@
From a02798d09681906096cfb8f0f3997b535bb6a06d Mon Sep 17 00:00:00 2001
From 793dc4d9e32baba27eac1f37283a7485b0889803 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 19 Aug 2021 12:31:36 +0200
Subject: [PATCH] Update hwdb
Resolves: #1930568
Resolves: #2005009
---
hwdb/20-OUI.hwdb | 26574 +++++++++++++++++-
hwdb/20-acpi-vendor.hwdb | 257 +-

95
SOURCES/0638-sd-netlink-support-IFLA_PROP_LIST-and-IFLA_ALT_IFNAM.patch
View File

@ -1,95 +0,0 @@
From b0b98085bb0b95395b686efca43980d463749f3d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 20:57:51 +0900
Subject: [PATCH] sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME
attributes
(cherry picked from commit ffeb16f5d832b1c65b8c8a1dd9bdd028bd76fc72)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-message.c | 2 +-
src/libsystemd/sd-netlink/netlink-types.c | 13 +++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 4 +++-
src/libsystemd/sd-netlink/rtnl-message.c | 2 ++
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index 23907c8224..db9101c163 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -89,7 +89,7 @@ int sd_netlink_message_request_dump(sd_netlink_message *m, int dump) {
assert_return(m, -EINVAL);
assert_return(m->hdr, -EINVAL);
- assert_return(IN_SET(m->hdr->nlmsg_type, RTM_GETLINK, RTM_GETADDR, RTM_GETROUTE, RTM_GETNEIGH, RTM_GETRULE, RTM_GETADDRLABEL), -EINVAL);
+ assert_return(IN_SET(m->hdr->nlmsg_type, RTM_GETLINK, RTM_GETLINKPROP, RTM_GETADDR, RTM_GETROUTE, RTM_GETNEIGH, RTM_GETRULE, RTM_GETADDRLABEL), -EINVAL);
SET_FLAG(m->hdr->nlmsg_flags, NLM_F_DUMP, dump);
diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c
index c93fe9cb4c..47d9c7f1c4 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/sd-netlink/netlink-types.c
@@ -451,6 +451,15 @@ static const NLTypeSystem rtnl_af_spec_type_system = {
.types = rtnl_af_spec_types,
};
+static const NLType rtnl_prop_list_types[] = {
+ [IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
+};
+
+static const NLTypeSystem rtnl_prop_list_type_system = {
+ .count = ELEMENTSOF(rtnl_prop_list_types),
+ .types = rtnl_prop_list_types,
+};
+
static const NLType rtnl_link_types[] = {
[IFLA_ADDRESS] = { .type = NETLINK_TYPE_ETHER_ADDR },
[IFLA_BROADCAST] = { .type = NETLINK_TYPE_ETHER_ADDR },
@@ -501,6 +510,7 @@ static const NLType rtnl_link_types[] = {
/*
[IFLA_PHYS_PORT_ID] = { .type = NETLINK_TYPE_BINARY, .len = MAX_PHYS_PORT_ID_LEN },
*/
+ [IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
};
static const NLTypeSystem rtnl_link_type_system = {
@@ -643,6 +653,9 @@ static const NLType rtnl_types[] = {
[RTM_DELLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_GETLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_SETLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_NEWLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_DELLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_GETLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_NEWADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
[RTM_DELADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
[RTM_GETADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 7c35a2cfa7..882a616310 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -19,7 +19,9 @@ static inline bool rtnl_message_type_is_route(uint16_t type) {
}
static inline bool rtnl_message_type_is_link(uint16_t type) {
- return IN_SET(type, RTM_NEWLINK, RTM_SETLINK, RTM_GETLINK, RTM_DELLINK);
+ return IN_SET(type,
+ RTM_NEWLINK, RTM_SETLINK, RTM_GETLINK, RTM_DELLINK,
+ RTM_NEWLINKPROP, RTM_DELLINKPROP, RTM_GETLINKPROP);
}
static inline bool rtnl_message_type_is_addr(uint16_t type) {
diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c
index 4416e1720c..369c402986 100644
--- a/src/libsystemd/sd-netlink/rtnl-message.c
+++ b/src/libsystemd/sd-netlink/rtnl-message.c
@@ -449,6 +449,8 @@ int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret,
if (nlmsg_type == RTM_NEWLINK)
(*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
+ else if (nlmsg_type == RTM_NEWLINK)
+ (*ret)->hdr->nlmsg_flags |= NLM_F_EXCL | NLM_F_CREATE | NLM_F_APPEND;
ifi = NLMSG_DATA((*ret)->hdr);

26
SOURCES/0639-Disable-libpitc-to-fix-CentOS-Stream-CI.patch Normal file
View File

@ -0,0 +1,26 @@
From b029865ef6d8b23ecdbfda4e277a3f75cb59ee94 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 25 Oct 2021 15:27:27 +0200
Subject: [PATCH] Disable libpitc to fix CentOS Stream CI
We have disabled it in our spec starting with 8.5.0, so let's follow
suit here.
Related: #2017033
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index ad4584ec1d..def38bffe2 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -50,7 +50,7 @@ CONFIGURE_OPTS=(
-Dgnutls=true
-Dmicrohttpd=true
-Dlibidn2=true
- -Dlibiptc=true
+ -Dlibiptc=false
-Dlibcurl=true
-Defi=true
-Dtpm=true

106
SOURCES/0639-sd-netlink-introduce-sd_netlink_message_read_strv.patch
View File

@ -1,106 +0,0 @@
From 3c31ef05ba732e3ab5d23761c5f84768ca8de68e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:32:25 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_read_strv()
The combination of sd_netlink_message_enter_container() and
sd_netlink_message_read_string() only reads the last element if the attribute is
duplicated, such a situation easily happens for IFLA_ALT_IFNAME.
The function introduced here reads all matched attributes.
(cherry picked from commit 8f3c1859669230c2c8458675f41de13e369b47e7)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-message.c | 58 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +
2 files changed, 59 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index db9101c163..5723e1d21c 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -14,6 +14,7 @@
#include "netlink-util.h"
#include "refcnt.h"
#include "socket-util.h"
+#include "strv.h"
#include "util.h"
#define GET_CONTAINER(m, i) ((i) < (m)->n_containers ? (struct rtattr*)((uint8_t*)(m)->hdr + (m)->containers[i].offset) : NULL)
@@ -754,6 +755,63 @@ int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type,
return 0;
}
+int sd_netlink_message_read_strv(sd_netlink_message *m, unsigned short container_type, unsigned short type_id, char ***ret) {
+ _cleanup_strv_free_ char **s = NULL;
+ const NLTypeSystem *type_system;
+ const NLType *nl_type;
+ struct rtattr *rta;
+ void *container;
+ unsigned short rt_len;
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -EINVAL);
+
+ r = type_system_get_type(m->containers[m->n_containers].type_system,
+ &nl_type,
+ container_type);
+ if (r < 0)
+ return r;
+
+ if (type_get_type(nl_type) != NETLINK_TYPE_NESTED)
+ return -EINVAL;
+
+ r = type_system_get_type_system(m->containers[m->n_containers].type_system,
+ &type_system,
+ container_type);
+ if (r < 0)
+ return r;
+
+ r = type_system_get_type(type_system, &nl_type, type_id);
+ if (r < 0)
+ return r;
+
+ if (type_get_type(nl_type) != NETLINK_TYPE_STRING)
+ return -EINVAL;
+
+ r = netlink_message_read_internal(m, container_type, &container, NULL);
+ if (r < 0)
+ return r;
+
+ rt_len = (unsigned short) r;
+ rta = container;
+
+ for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
+ unsigned short type;
+
+ type = RTA_TYPE(rta);
+ if (type != type_id)
+ continue;
+
+ r = strv_extend(&s, RTA_DATA(rta));
+ if (r < 0)
+ return r;
+ }
+
+ *ret = TAKE_PTR(s);
+ return 0;
+}
+
static int netlink_container_parse(sd_netlink_message *m,
struct netlink_container *container,
int count,
diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h
index 51f0fa16b4..1f5c093f11 100644
--- a/src/systemd/sd-netlink.h
+++ b/src/systemd/sd-netlink.h
@@ -82,6 +82,7 @@ int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned shor
int sd_netlink_message_close_container(sd_netlink_message *m);
int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data);
+int sd_netlink_message_read_strv(sd_netlink_message *m, unsigned short container_type, unsigned short type_id, char ***ret);
int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data);
int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data);
int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data);

25
SOURCES/0640-rpm-Fix-typo-in-_environmentdir.patch Normal file
View File

@ -0,0 +1,25 @@
From 74cbe4b73a1dbb1113c822690561b8b41b2fb60a Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Mon, 25 Jun 2018 12:56:50 -0400
Subject: [PATCH] rpm: Fix typo in %_environmentdir
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit 6ea4cb975f99cdfd447332ffa9631790a5975eea)
Resolves: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index f3b74f4273..a24d7bbe58 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -18,7 +18,7 @@
%_sysctldir @sysctldir@
%_sysusersdir @sysusersdir@
%_tmpfilesdir @tmpfilesdir@
-%_environmnentdir @environmentdir@
+%_environmentdir @environmentdir@
%_modulesloaddir @modulesloaddir@
%_modprobedir @modprobedir@
%_systemdgeneratordir @systemgeneratordir@

65
SOURCES/0640-sd-netlink-introduce-sd_netlink_message_append_strv.patch
View File

@ -1,65 +0,0 @@
From 7888c8796197357f0214ea5fe17b11a8814fc313 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:47:21 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_append_strv()
(cherry picked from commit 6d725977c4f98a8f5effc33f44aa646cc2b6a0b7)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-message.c | 29 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +
2 files changed, 30 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index 5723e1d21c..55d6510b63 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -259,6 +259,35 @@ int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type,
return 0;
}
+int sd_netlink_message_append_strv(sd_netlink_message *m, unsigned short type, char * const *data) {
+ size_t length, size;
+ char * const *p;
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(!m->sealed, -EPERM);
+ assert_return(data, -EINVAL);
+
+ r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_STRING);
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH(p, data) {
+ if (size) {
+ length = strnlen(*p, size+1);
+ if (length > size)
+ return -EINVAL;
+ } else
+ length = strlen(*p);
+
+ r = add_rtattr(m, type, *p, length + 1);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type) {
size_t size;
int r;
diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h
index 1f5c093f11..5a05cd4485 100644
--- a/src/systemd/sd-netlink.h
+++ b/src/systemd/sd-netlink.h
@@ -67,6 +67,7 @@ int sd_netlink_attach_event(sd_netlink *nl, sd_event *e, int64_t priority);
int sd_netlink_detach_event(sd_netlink *nl);
int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data);
+int sd_netlink_message_append_strv(sd_netlink_message *m, unsigned short type, char * const *data);
int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type);
int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data);
int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data);

30
SOURCES/0641-rpm-Add-misspelled-_environmentdir-macro-for-tempora.patch Normal file
View File

@ -0,0 +1,30 @@
From 7b2d5268cf43a4ed7847bdbed2328bccddd5a716 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Tue, 26 Jun 2018 07:42:29 -0400
Subject: [PATCH] rpm: Add misspelled %_environmentdir macro for temporary
compatibility
This should be removed after systemd 240 is released.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit a6bb5504583e3267d35fa385fe20f60fd998ca5d)
Related: #2018024
---
src/core/macros.systemd.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index a24d7bbe58..abbb42b22f 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -26,6 +26,10 @@
%_systemd_system_env_generator_dir @systemenvgeneratordir@
%_systemd_user_env_generator_dir @userenvgeneratordir@
+# Because we had one release with a typo...
+# This is temporary (Remove after systemd 240 is released)
+%_environmnentdir %_environmentdir
+
%systemd_requires \
Requires(post): systemd \
Requires(preun): systemd \

71
SOURCES/0641-test-add-a-test-for-sd_netlink_message_-append-read-.patch
View File

@ -1,71 +0,0 @@
From aff5197c5f06617b1ca0291614a0fb02c0c2e948 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:48:12 +0900
Subject: [PATCH] test: add a test for sd_netlink_message_{append,read}_strv()
(cherry picked from commit d08d92d5ee508a80e35d6b95b962bd09527fb5f2)
Related: #1850986
---
src/libsystemd/sd-netlink/test-netlink.c | 33 ++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c
index 03773fb936..8ee6551385 100644
--- a/src/libsystemd/sd-netlink/test-netlink.c
+++ b/src/libsystemd/sd-netlink/test-netlink.c
@@ -10,7 +10,9 @@
#include "missing.h"
#include "netlink-util.h"
#include "socket-util.h"
+#include "stdio-util.h"
#include "string-util.h"
+#include "strv.h"
#include "util.h"
static void test_message_link_bridge(sd_netlink *rtnl) {
@@ -357,6 +359,36 @@ static void test_message(sd_netlink *rtnl) {
assert_se(sd_netlink_message_get_errno(m) == -ETIMEDOUT);
}
+static void test_strv(sd_netlink *rtnl) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+ _cleanup_strv_free_ char **names_in = NULL, **names_out;
+ const char *p;
+
+ assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINKPROP, 1) >= 0);
+
+ for (unsigned i = 0; i < 10; i++) {
+ char name[STRLEN("hoge") + DECIMAL_STR_MAX(uint32_t)];
+
+ xsprintf(name, "hoge%" PRIu32, i + 1000);
+ assert_se(strv_extend(&names_in, name) >= 0);
+ }
+
+ assert_se(sd_netlink_message_open_container(m, IFLA_PROP_LIST) >= 0);
+ assert_se(sd_netlink_message_append_strv(m, IFLA_ALT_IFNAME, names_in) >= 0);
+ assert_se(sd_netlink_message_close_container(m) >= 0);
+
+ rtnl_message_seal(m);
+ assert_se(sd_netlink_message_rewind(m) >= 0);
+
+ assert_se(sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &names_out) >= 0);
+ assert_se(strv_equal(names_in, names_out));
+
+ assert_se(sd_netlink_message_enter_container(m, IFLA_PROP_LIST) >= 0);
+ assert_se(sd_netlink_message_read_string(m, IFLA_ALT_IFNAME, &p) >= 0);
+ assert_se(streq(p, "hoge1009"));
+ assert_se(sd_netlink_message_exit_container(m) >= 0);
+}
+
int main(void) {
sd_netlink *rtnl;
sd_netlink_message *m;
@@ -377,6 +409,7 @@ int main(void) {
test_message(rtnl);
test_container(rtnl);
+ test_strv(rtnl);
if_loopback = (int) if_nametoindex("lo");
assert_se(if_loopback > 0);

32
SOURCES/0642-rpm-emit-warning-when-macro-with-typo-is-used.patch Normal file
View File

@ -0,0 +1,32 @@
From 4d994a262ec1ad3e33e197cb09aa5aeabb5835dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 3 Jul 2018 15:40:53 +0200
Subject: [PATCH] rpm: emit warning when macro with typo is used
Follow-up for a6bb550458. Suggested by @ignatenkobrain.
$ rpmbuild --eval %_environmentdir
/usr/lib/environment.d
$ rpmbuild --eval %_environmnentdir
warning: Use %_environmentdir instead
/usr/lib/environment.d
(cherry picked from commit be9bf171bbf764997551f8a9b3c2aba5c6a875d3)
Related: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index abbb42b22f..fe7ca26a34 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -28,7 +28,7 @@
# Because we had one release with a typo...
# This is temporary (Remove after systemd 240 is released)
-%_environmnentdir %_environmentdir
+%_environmnentdir %{warn:Use %%_environmentdir instead}%_environmentdir
%systemd_requires \
Requires(post): systemd \

79
SOURCES/0642-util-introduce-ifname_valid_full.patch
View File

@ -1,79 +0,0 @@
From c50aab5f23535ea7f3ef004910465e7054931199 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:01:54 +0900
Subject: [PATCH] util: introduce ifname_valid_full()
(cherry picked from commit 4252696aec9ec038ff312a164e25f039da25126f)
Related: #1850986
---
src/basic/socket-util.c | 12 +++++++++---
src/basic/socket-util.h | 5 ++++-
src/test/test-socket-util.c | 1 +
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 053bcba670..7f8066123b 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/if.h>
#include "alloc-util.h"
#include "fd-util.h"
@@ -868,7 +869,7 @@ static const char* const ip_tos_table[] = {
DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
-bool ifname_valid(const char *p) {
+bool ifname_valid_full(const char *p, bool alternative) {
bool numeric = true;
/* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
@@ -878,8 +879,13 @@ bool ifname_valid(const char *p) {
if (isempty(p))
return false;
- if (strlen(p) >= IFNAMSIZ)
- return false;
+ if (alternative) {
+ if (strlen(p) >= ALTIFNAMSIZ)
+ return false;
+ } else {
+ if (strlen(p) >= IFNAMSIZ)
+ return false;
+ }
if (dot_or_dot_dot(p))
return false;
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index c7c9ad34d6..30baba6c03 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -123,7 +123,10 @@ int fd_inc_rcvbuf(int fd, size_t n);
int ip_tos_to_string_alloc(int i, char **s);
int ip_tos_from_string(const char *s);
-bool ifname_valid(const char *p);
+bool ifname_valid_full(const char *p, bool alternative);
+static inline bool ifname_valid(const char *p) {
+ return ifname_valid_full(p, false);
+}
bool address_label_valid(const char *p);
int getpeercred(int fd, struct ucred *ucred);
diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index 19c5395b92..c545622c09 100644
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -39,6 +39,7 @@ static void test_ifname_valid(void) {
assert(ifname_valid("xxxxxxxxxxxxxxx"));
assert(!ifname_valid("xxxxxxxxxxxxxxxx"));
+ assert(ifname_valid_full("xxxxxxxxxxxxxxxx", true));
}
static void test_socket_address_parse(void) {

75
SOURCES/0643-Remove-unintended-additions-to-systemd-analyze-man-p.patch Normal file
View File

@ -0,0 +1,75 @@
From f29b7bcd85d4e8d824d36fecc130a0d74af718f8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 12 Oct 2021 16:47:48 +0200
Subject: [PATCH] Remove unintended additions to systemd-analyze man page
These changes were introduced in commit
a2e00522971897909db2a81b4daf10e5700f453e .
Resolves: #2004765
---
man/systemd-analyze.xml | 51 +----------------------------------------
1 file changed, 1 insertion(+), 50 deletions(-)
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 7c873cbdd1..e17ff0cf90 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -354,56 +354,7 @@ $ eog targets.svg</programlisting>
they elapse next. This takes the same input as the <varname>OnCalendar=</varname> setting in
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
following the syntax described in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>. By
- default, only the next time the calendar expression will elapse is shown; use
- <option>--iterations=</option> to show the specified number of next times the expression
- elapses.</para>
-
- <example>
- <title>Show leap days in the near future</title>
-
- <programlisting>$ systemd-analyze calendar --iterations=5 '*-2-29 0:0:0'
- Original form: *-2-29 0:0:0
-Normalized form: *-02-29 00:00:00
- Next elapse: Sat 2020-02-29 00:00:00 UTC
- From now: 11 months 15 days left
- Iter. #2: Thu 2024-02-29 00:00:00 UTC
- From now: 4 years 11 months left
- Iter. #3: Tue 2028-02-29 00:00:00 UTC
- From now: 8 years 11 months left
- Iter. #4: Sun 2032-02-29 00:00:00 UTC
- From now: 12 years 11 months left
- Iter. #5: Fri 2036-02-29 00:00:00 UTC
- From now: 16 years 11 months left
-</programlisting>
- </example>
- </refsect2>
-
- <refsect2>
- <title><command>systemd-analyze timespan <replaceable>EXPRESSION</replaceable>...</command></title>
-
- <para>This command parses a time span and outputs the normalized form and the equivalent value in
- microseconds. The time span should adhere to the same syntax documented in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
- Values without associated magnitudes are parsed as seconds.</para>
-
- <example>
- <title>Show parsing of timespans</title>
-
- <programlisting>$ systemd-analyze timespan 1s 300s '1year 0.000001s'
-Original: 1s
- μs: 1000000
- Human: 1s
-
-Original: 300s
- μs: 300000000
- Human: 5min
-
-Original: 1year 0.000001s
- μs: 31557600000001
- Human: 1y 1us
-</programlisting>
- </example>
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
</refsect2>
<refsect2>

69
SOURCES/0643-rename-function.patch
View File

@ -1,69 +0,0 @@
From 7fc7c2774e0836ace524215ced5c60db405a154a Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 27 Nov 2020 10:25:12 +0100
Subject: [PATCH] rename function
This happened upstream in commit
54a8423788ec3cc6240959ab9f5cdac40baf047a, but I don't want to backport
the whole commit...
Related: #1850986
---
src/libsystemd-network/network-internal.c | 2 +-
src/libsystemd-network/network-internal.h | 2 +-
src/network/networkd-network-gperf.gperf | 2 +-
src/udev/net/link-config-gperf.gperf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 0849b44ee2..629e858def 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -183,7 +183,7 @@ int config_parse_net_condition(const char *unit,
return 0;
}
-int config_parse_ifnames(
+int config_parse_match_ifnames(
const char *unit,
const char *filename,
unsigned line,
diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 883f34b95c..9074758bbb 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -34,7 +34,7 @@ bool net_match_config(Set *match_mac,
CONFIG_PARSER_PROTOTYPE(config_parse_net_condition);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddrs);
-CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
+CONFIG_PARSER_PROTOTYPE(config_parse_match_ifnames);
CONFIG_PARSER_PROTOTYPE(config_parse_ifalias);
CONFIG_PARSER_PROTOTYPE(config_parse_iaid);
CONFIG_PARSER_PROTOTYPE(config_parse_bridge_port_priority);
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 6ad5257f79..c4a2eccdc2 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -24,7 +24,7 @@ Match.MACAddress, config_parse_hwaddrs,
Match.Path, config_parse_strv, 0, offsetof(Network, match_path)
Match.Driver, config_parse_strv, 0, offsetof(Network, match_driver)
Match.Type, config_parse_strv, 0, offsetof(Network, match_type)
-Match.Name, config_parse_ifnames, 0, offsetof(Network, match_name)
+Match.Name, config_parse_match_ifnames, 0, offsetof(Network, match_name)
Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(Network, match_host)
Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(Network, match_virt)
Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(Network, match_kernel_cmdline)
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index 5640fa0513..b37836d852 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -20,7 +20,7 @@ struct ConfigPerfItem;
%includes
%%
Match.MACAddress, config_parse_hwaddrs, 0, offsetof(link_config, match_mac)
-Match.OriginalName, config_parse_ifnames, 0, offsetof(link_config, match_name)
+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(link_config, match_name)
Match.Path, config_parse_strv, 0, offsetof(link_config, match_path)
Match.Driver, config_parse_strv, 0, offsetof(link_config, match_driver)
Match.Type, config_parse_strv, 0, offsetof(link_config, match_type)

21
SOURCES/0644-Disable-iptables-for-CI.patch Normal file
View File

@ -0,0 +1,21 @@
From ffd20a699280a4732d0fe4cddafe12ee8010ddb6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 13 Oct 2021 10:01:59 +0200
Subject: [PATCH] Disable iptables for CI
---
.github/workflows/unit_tests.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index def38bffe2..814870e7a0 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -92,7 +92,6 @@ SYSTEMD_BUILD_DEPS=(
gnutls-devel
gobject-introspection-devel
gperf
- iptables-devel
kmod-devel
libacl-devel
libblkid-devel

238
SOURCES/0644-udev-support-AlternativeName-setting-in-.link-file.patch
View File

@ -1,238 +0,0 @@
From b99b055ba975c1663beaf94dbfe8f5c5c7398996 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:21:18 +0900
Subject: [PATCH] udev: support AlternativeName= setting in .link file
(cherry picked from commit a5053a158b43c5ddee90f4915b9fc603e0191d6d)
Related: #1850986
---
man/systemd.link.xml | 8 ++++
src/libsystemd/sd-netlink/netlink-util.c | 40 ++++++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 1 +
src/shared/conf-parser.c | 60 ++++++++++++++++++++++++
src/shared/conf-parser.h | 1 +
src/udev/net/link-config-gperf.gperf | 1 +
src/udev/net/link-config.c | 5 ++
src/udev/net/link-config.h | 1 +
8 files changed, 117 insertions(+)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 32657308d0..0b0d83349d 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -343,6 +343,14 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AlternativeName=</varname></term>
+ <listitem>
+ <para>The alternative interface name to use. This option can be specified multiple times.
+ If the empty string is assigned to this option, the list is reset, and all prior assignments
+ have no effect.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>MTUBytes=</varname></term>
<listitem>
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 3928dfbabf..c1c306f121 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -4,6 +4,7 @@
#include "netlink-internal.h"
#include "netlink-util.h"
+#include "strv.h"
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
@@ -80,6 +81,45 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
return 0;
}
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(ifindex > 0);
+
+ if (strv_isempty(alternative_names))
+ return 0;
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, ifindex);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container(message, IFLA_PROP_LIST);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_append_strv(message, IFLA_ALT_IFNAME, alternative_names);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_close_container(message);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, NULL);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
struct nlmsgerr *err;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 882a616310..92de19c092 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -38,6 +38,7 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
int rtnl_log_parse_error(int r);
int rtnl_log_create_error(int r);
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 246b7431e4..1f40f00c72 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -970,6 +970,66 @@ int config_parse_ifname(
return 0;
}
+int config_parse_ifnames(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_strv_free_ char **names = NULL;
+ char ***s = data;
+ const char *p;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (isempty(rvalue)) {
+ *s = strv_free(*s);
+ return 0;
+ }
+
+ p = rvalue;
+ for (;;) {
+ _cleanup_free_ char *word = NULL;
+
+ r = extract_first_word(&p, &word, NULL, 0);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "Failed to extract interface name, ignoring assignment: %s",
+ rvalue);
+ return 0;
+ }
+ if (r == 0)
+ break;
+
+ if (!ifname_valid_full(word, ltype)) {
+ log_syntax(unit, LOG_ERR, filename, line, 0,
+ "Interface name is not valid or too long, ignoring assignment: %s",
+ word);
+ continue;
+ }
+
+ r = strv_consume(&names, TAKE_PTR(word));
+ if (r < 0)
+ return log_oom();
+ }
+
+ r = strv_extend_strv(s, names, true);
+ if (r < 0)
+ return log_oom();
+
+ return 0;
+}
+
int config_parse_ip_port(
const char *unit,
const char *filename,
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
index a0a5c89c27..375b2e5a74 100644
--- a/src/shared/conf-parser.h
+++ b/src/shared/conf-parser.h
@@ -137,6 +137,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_signal);
CONFIG_PARSER_PROTOTYPE(config_parse_personality);
CONFIG_PARSER_PROTOTYPE(config_parse_permille);
CONFIG_PARSER_PROTOTYPE(config_parse_ifname);
+CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
CONFIG_PARSER_PROTOTYPE(config_parse_ip_port);
CONFIG_PARSER_PROTOTYPE(config_parse_join_controllers);
CONFIG_PARSER_PROTOTYPE(config_parse_mtu);
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index b37836d852..913c754145 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -34,6 +34,7 @@ Link.MACAddressPolicy, config_parse_mac_policy, 0,
Link.MACAddress, config_parse_hwaddr, 0, offsetof(link_config, mac)
Link.NamePolicy, config_parse_name_policy, 0, offsetof(link_config, name_policy)
Link.Name, config_parse_ifname, 0, offsetof(link_config, name)
+Link.AlternativeName, config_parse_ifnames, 1, offsetof(link_config, alternative_names)
Link.Alias, config_parse_ifalias, 0, offsetof(link_config, alias)
Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(link_config, mtu)
Link.BitsPerSecond, config_parse_si_size, 0, offsetof(link_config, speed)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 5113586457..d07a1a1874 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -67,6 +67,7 @@ static void link_config_free(link_config *link) {
free(link->mac);
free(link->name_policy);
free(link->name);
+ strv_free(link->alternative_names);
free(link->alias);
free(link);
@@ -468,6 +469,10 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (r < 0)
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
+ r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
+ if (r < 0)
+ return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
+
*name = new_name;
return 0;
diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
index 4798bb101c..93d5fdce59 100644
--- a/src/udev/net/link-config.h
+++ b/src/udev/net/link-config.h
@@ -50,6 +50,7 @@ struct link_config {
MACPolicy mac_policy;
NamePolicy *name_policy;
char *name;
+ char **alternative_names;
char *alias;
uint32_t mtu;
size_t speed;

103
SOURCES/0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch Normal file
View File

@ -0,0 +1,103 @@
From 8e322f5bc24547963978be071a8a2547abad875a Mon Sep 17 00:00:00 2001
From: Henri Chain <henri.chain@enioka.com>
Date: Tue, 5 Oct 2021 13:10:31 +0200
Subject: [PATCH] core: fix SIGABRT on empty exec command argv
This verifies that the argv part of any exec_command parameters that
are sent through dbus is not empty at deserialization time.
There is an additional check in service.c service_verify() that again
checks if all exec_commands are correctly populated, after the service
has been loaded, whether through dbus or otherwise.
Fixes #20933.
(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
Resolves: #2020239
---
src/core/dbus-execute.c | 4 ++++
src/core/service.c | 12 +++++++++++
test/TEST-23-TYPE-EXEC/testsuite.sh | 31 +++++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 8348663000..2e64f0baf4 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -969,6 +969,10 @@ int bus_set_transient_exec_command(
if (r < 0)
return r;
+ if (strv_isempty(argv))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "\"%s\" argv cannot be empty", name);
+
r = sd_bus_message_read(message, "b", &b);
if (r < 0)
return r;
diff --git a/src/core/service.c b/src/core/service.c
index 5e3e75b5ae..12adf89dd4 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -536,6 +536,18 @@ static int service_verify(Service *s) {
if (UNIT(s)->load_state != UNIT_LOADED)
return 0;
+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
+ ExecCommand *command;
+
+ LIST_FOREACH(command, command, s->exec_command[c])
+ if (strv_isempty(command->argv)) {
+ log_unit_error(UNIT(s),
+ "Service has an empty argv in %s=. Refusing.",
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
+ }
+
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
return -ENOEXEC;
diff --git a/test/TEST-23-TYPE-EXEC/testsuite.sh b/test/TEST-23-TYPE-EXEC/testsuite.sh
index 80734bbbdc..e0c34cfd04 100755
--- a/test/TEST-23-TYPE-EXEC/testsuite.sh
+++ b/test/TEST-23-TYPE-EXEC/testsuite.sh
@@ -21,6 +21,37 @@ systemd-run --unit=four -p Type=exec /bin/sleep infinity
! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity
! systemd-run --unit=six -p Type=exec /tmp/brokenbinary
+# For issue #20933
+
+# Should work normally
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0
+
+# DBus call should fail but not crash systemd
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 0 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
+# Same but with the empty argv in the middle
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
+ ExecStart "a(sasb)" 3 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ /usr/bin/sleep 0 true \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
systemd-analyze set-log-level info
echo OK > /testok

115
SOURCES/0645-network-make-Name-in-Match-support-alternative-names.patch
View File

@ -1,115 +0,0 @@
From c76d050d8d61b4a63d4407bd03bd3f49cd9915ce Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 22:46:19 +0900
Subject: [PATCH] network: make Name= in [Match] support alternative names of
interfaces
(cherry picked from commit 572b21d96cabd5860b0670e98440b6cb99a4b749
src/network bits have been left out.)
Related: #1850986
---
man/systemd.network.xml | 7 +++----
src/libsystemd-network/network-internal.c | 20 ++++++++++++++++++--
src/libsystemd-network/network-internal.h | 3 ++-
src/udev/net/link-config.c | 3 ++-
4 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index fc8e0aea68..8300540096 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -133,10 +133,9 @@
<varlistentry>
<term><varname>Name=</varname></term>
<listitem>
- <para>A whitespace-separated list of shell-style globs
- matching the device name, as exposed by the udev property
- <literal>INTERFACE</literal>. If the list is prefixed
- with a "!", the test is inverted.</para>
+ <para>A whitespace-separated list of shell-style globs matching the device name, as exposed
+ by the udev property <literal>INTERFACE</literal>, or device's alternative names. If the
+ list is prefixed with a "!", the test is inverted.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 629e858def..a935709cd0 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -92,6 +92,18 @@ static bool net_condition_test_strv(char * const *raw_patterns,
return string && strv_fnmatch(raw_patterns, string, 0);
}
+static bool net_condition_test_ifname(char * const *patterns, const char *ifname, char * const *alternative_names) {
+ if (net_condition_test_strv(patterns, ifname))
+ return true;
+
+ char * const *p;
+ STRV_FOREACH(p, alternative_names)
+ if (net_condition_test_strv(patterns, *p))
+ return true;
+
+ return false;
+}
+
bool net_match_config(Set *match_mac,
char * const *match_paths,
char * const *match_drivers,
@@ -107,7 +119,8 @@ bool net_match_config(Set *match_mac,
const char *dev_parent_driver,
const char *dev_driver,
const char *dev_type,
- const char *dev_name) {
+ const char *dev_name,
+ char * const *alternative_names) {
if (match_host && condition_test(match_host) <= 0)
return false;
@@ -124,6 +137,9 @@ bool net_match_config(Set *match_mac,
if (match_arch && condition_test(match_arch) <= 0)
return false;
+ if (!net_condition_test_ifname(match_names, dev_name, alternative_names))
+ return false;
+
if (match_mac && dev_mac && !set_contains(match_mac, dev_mac))
return false;
@@ -214,7 +230,7 @@ int config_parse_match_ifnames(
if (r == 0)
break;
- if (!ifname_valid(word)) {
+ if (!ifname_valid_full(word, ltype)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Interface name is not valid or too long, ignoring assignment: %s", rvalue);
return 0;
}
diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 9074758bbb..e1d098f3fe 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -29,7 +29,8 @@ bool net_match_config(Set *match_mac,
const char *dev_parent_driver,
const char *dev_driver,
const char *dev_type,
- const char *dev_name);
+ const char *dev_name,
+ char * const *alternative_names);
CONFIG_PARSER_PROTOTYPE(config_parse_net_condition);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr);
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index d07a1a1874..e5052f8f29 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -238,7 +238,8 @@ int link_config_get(link_config_ctx *ctx, struct udev_device *device,
udev_device_get_driver(udev_device_get_parent(device)),
udev_device_get_property_value(device, "ID_NET_DRIVER"),
udev_device_get_devtype(device),
- udev_device_get_sysname(device))) {
+ udev_device_get_sysname(device),
+ NULL)) {
if (link->match_name) {
unsigned char name_assign_type = NET_NAME_UNKNOWN;

39
SOURCES/0646-core-service-also-check-path-in-exec-commands.patch Normal file
View File

@ -0,0 +1,39 @@
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 6 Oct 2021 00:19:41 +0900
Subject: [PATCH] core/service: also check path in exec commands
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
Related: #2020239
---
src/core/service.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 12adf89dd4..ae31973774 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
ExecCommand *command;
- LIST_FOREACH(command, command, s->exec_command[c])
+ LIST_FOREACH(command, command, s->exec_command[c]) {
+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
+ log_unit_error(UNIT(s),
+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
+ command->path,
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
if (strv_isempty(command->argv)) {
log_unit_error(UNIT(s),
"Service has an empty argv in %s=. Refusing.",
service_exec_command_to_string(c));
return -ENOEXEC;
}
+ }
}
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {

170
SOURCES/0646-udev-extend-the-length-of-ID_NET_NAME_XXX-to-ALTIFNA.patch
View File

@ -1,170 +0,0 @@
From 22dd44ae3cfd66e622e0b672af96728b6f505ad1 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 11:01:35 +0900
Subject: [PATCH] udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ
(cherry picked from commit 78f8849f84ca0939796edb840e878a9d2e124a4d)
Related: #1850986
---
src/udev/net/link-config.c | 5 ++++-
src/udev/udev-builtin-net_id.c | 33 +++++++++++++++++----------------
src/udev/udev-event.c | 4 ++--
3 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index e5052f8f29..4de8ee7d7e 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -19,6 +19,7 @@
#include "path-util.h"
#include "proc-cmdline.h"
#include "random-util.h"
+#include "socket-util.h"
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
@@ -405,7 +406,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
NamePolicy *policy;
for (policy = config->name_policy;
- !new_name && *policy != _NAMEPOLICY_INVALID; policy++) {
+ *policy != _NAMEPOLICY_INVALID; policy++) {
switch (*policy) {
case NAMEPOLICY_KERNEL:
respect_predictable = true;
@@ -428,6 +429,8 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
default:
break;
}
+ if (ifname_valid(new_name))
+ break;
}
}
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 7c153f0aef..0611c08234 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -90,6 +90,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/if.h>
#include <linux/pci_regs.h>
#include "dirent-util.h"
@@ -172,21 +173,21 @@ struct netnames {
bool mac_valid;
struct udev_device *pcidev;
- char pci_slot[IFNAMSIZ];
- char pci_path[IFNAMSIZ];
- char pci_onboard[IFNAMSIZ];
+ char pci_slot[ALTIFNAMSIZ];
+ char pci_path[ALTIFNAMSIZ];
+ char pci_onboard[ALTIFNAMSIZ];
const char *pci_onboard_label;
- char usb_ports[IFNAMSIZ];
- char bcma_core[IFNAMSIZ];
- char ccw_busid[IFNAMSIZ];
- char vio_slot[IFNAMSIZ];
- char platform_path[IFNAMSIZ];
+ char usb_ports[ALTIFNAMSIZ];
+ char bcma_core[ALTIFNAMSIZ];
+ char ccw_busid[ALTIFNAMSIZ];
+ char vio_slot[ALTIFNAMSIZ];
+ char platform_path[ALTIFNAMSIZ];
};
struct virtfn_info {
struct udev_device *physfn_pcidev;
- char suffix[IFNAMSIZ];
+ char suffix[ALTIFNAMSIZ];
};
static const NamingScheme* naming_scheme_from_name(const char *name) {
@@ -883,7 +884,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
err = names_mac(dev, &names);
if (err >= 0 && names.mac_valid) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
xsprintf(str, "%sx%02x%02x%02x%02x%02x%02x", prefix,
names.mac[0], names.mac[1], names.mac[2],
@@ -896,7 +897,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get path names for Linux on System z network devices */
err = names_ccw(dev, &names);
if (err >= 0 && names.type == NET_CCW) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.ccw_busid))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -906,7 +907,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ibmveth/ibmvnic slot-based names. */
err = names_vio(dev, &names);
if (err >= 0 && names.type == NET_VIO) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.vio_slot))
udev_builtin_add_property(dev, test, "ID_NET_NAME_SLOT", str);
@@ -916,7 +917,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ACPI path names for ARM64 platform devices */
err = names_platform(dev, &names, test);
if (err >= 0 && names.type == NET_PLATFORM) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.platform_path))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -930,7 +931,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* plain PCI device */
if (names.type == NET_PCI) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_onboard[0] &&
snprintf_ok(str, sizeof str, "%s%s", prefix, names.pci_onboard))
@@ -953,7 +954,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* USB device */
err = names_usb(dev, &names);
if (err >= 0 && names.type == NET_USB) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_path[0] &&
snprintf_ok(str, sizeof str, "%s%s%s", prefix, names.pci_path, names.usb_ports))
@@ -968,7 +969,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* Broadcom bus */
err = names_bcma(dev, &names);
if (err >= 0 && names.type == NET_BCMA) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_path[0] &&
snprintf_ok(str, sizeof str, "%s%s%s", prefix, names.pci_path, names.bcma_core))
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index fd8406d959..19b100d4f8 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -816,13 +816,13 @@ out:
static int rename_netif(struct udev_event *event) {
struct udev_device *dev = event->dev;
- char name[IFNAMSIZ];
+ char name[ALTIFNAMSIZ];
const char *oldname;
int r;
oldname = udev_device_get_sysname(dev);
- strscpy(name, IFNAMSIZ, event->name);
+ strscpy(name, ALTIFNAMSIZ, event->name);
r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
if (r < 0)

124
SOURCES/0647-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch Normal file
View File

@ -0,0 +1,124 @@
From 397aaad6da5c4bfb160adca7a68f865086f2ed0a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 30 Sep 2021 14:05:36 +0200
Subject: [PATCH] mount-util: fix fd_is_mount_point() when both the parent and
directory are network fs
The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.
(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d)
Resolves: #2015057
---
src/basic/mount-util.c | 71 ++++++++++++++++++++++++------------------
1 file changed, 41 insertions(+), 30 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 45348bf878..0c709001be 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -139,6 +139,19 @@ static int fd_fdinfo_mnt_id(int fd, const char *filename, int flags, int *mnt_id
return safe_atoi(p, mnt_id);
}
+static bool is_name_to_handle_at_fatal_error(int err) {
+ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For
+ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall
+ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a
+ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some
+ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to
+ * happen and therefore are considered fatal ones. */
+
+ assert(err < 0);
+
+ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL);
+}
+
int fd_is_mount_point(int fd, const char *filename, int flags) {
_cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL;
int mount_id = -1, mount_id_parent = -1;
@@ -173,42 +186,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) {
* real mounts of their own. */
r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags);
- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL))
- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked
- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount
- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness
- * (EINVAL): fall back to simpler logic. */
- goto fallback_fdinfo;
- else if (r == -EOPNOTSUPP)
- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs
- * supports it (in which case it is a mount point), otherwise fallback to the traditional stat()
- * logic */
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
+
+ /* This kernel or file system does not support name_to_handle_at(), hence let's see
+ * if the upper fs supports it (in which case it is a mount point), otherwise fall
+ * back to the traditional stat() logic */
nosupp = true;
- else if (r < 0)
- return r;
+ }
r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH);
- if (r == -EOPNOTSUPP) {
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
if (nosupp)
- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */
+ /* Both the parent and the directory can't do name_to_handle_at() */
goto fallback_fdinfo;
- else
- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so,
- * it must be a mount point. */
- return 1;
- } else if (r < 0)
- return r;
- /* The parent can do name_to_handle_at() but the
- * directory we are interested in can't? If so, it
- * must be a mount point. */
+ /* The parent can't do name_to_handle_at() but the directory we are
+ * interested in can? If so, it must be a mount point. */
+ return 1;
+ }
+
+ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If
+ * so, it must be a mount point. */
if (nosupp)
return 1;
- /* If the file handle for the directory we are
- * interested in and its parent are identical, we
- * assume this is the root directory, which is a mount
- * point. */
+ /* If the file handle for the directory we are interested in and its parent are identical,
+ * we assume this is the root directory, which is a mount point. */
if (h->handle_bytes == h_parent->handle_bytes &&
h->handle_type == h_parent->handle_type &&
@@ -300,10 +311,10 @@ int path_get_mnt_id(const char *path, int *ret) {
int r;
r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0);
- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */
- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
+ if (r == 0 || is_name_to_handle_at_fatal_error(r))
+ return r;
- return r;
+ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
}
int umount_recursive(const char *prefix, int flags) {

43
SOURCES/0647-udev-do-not-fail-if-kernel-does-not-support-alternat.patch
View File

@ -1,43 +0,0 @@
From 42894fc33ae88f3be49aa01ac24dd1c3e96770f6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 15:32:22 +0900
Subject: [PATCH] udev: do not fail if kernel does not support alternative
names
(cherry picked from commit bb181dd4a664ca8e82a8f7194261fd6531e861d8)
Related: #1850986
---
man/systemd.link.xml | 3 ++-
src/udev/net/link-config.c | 4 +++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 0b0d83349d..c8ebb751ee 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -348,7 +348,8 @@
<listitem>
<para>The alternative interface name to use. This option can be specified multiple times.
If the empty string is assigned to this option, the list is reset, and all prior assignments
- have no effect.</para>
+ have no effect. If the kernel does not support the alternative names, then this setting will
+ be ignored.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 4de8ee7d7e..8e88c8e5c4 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -474,7 +474,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
- if (r < 0)
+ if (r == -EOPNOTSUPP)
+ log_debug_errno(r, "Could not set AlternativeName= on %s, ignoring: %m", old_name);
+ else if (r < 0)
return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
*name = new_name;

28
SOURCES/0648-basic-add-vmware-hypervisor-detection-from-device-tr.patch Normal file
View File

@ -0,0 +1,28 @@
From 537055fc407d7cff32ddd3414a6900ccff579c46 Mon Sep 17 00:00:00 2001
From: Cyprien Laplace <claplace@vmware.com>
Date: Thu, 14 Nov 2019 09:42:14 -0500
Subject: [PATCH] basic: add vmware hypervisor detection from device-tree
Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.
(cherry picked from commit 4d4ac92c928fcbc60b85fcbf8370af3883ee63db)
Resolves: #1959150
---
src/basic/virt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 0b88005ed6..8d862b6d67 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -122,6 +122,8 @@ static int detect_vm_device_tree(void) {
return VIRTUALIZATION_KVM;
else if (strstr(hvtype, "xen"))
return VIRTUALIZATION_XEN;
+ else if (strstr(hvtype, "vmware"))
+ return VIRTUALIZATION_VMWARE;
else
return VIRTUALIZATION_VM_OTHER;
#else

169
SOURCES/0648-udev-introduce-AlternativeNamesPolicy-setting.patch
View File

@ -1,169 +0,0 @@
From 4f47e35ee4026f24ee99a0bfa7ba5b2f24a92a02 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 23:44:42 +0900
Subject: [PATCH] udev: introduce AlternativeNamesPolicy= setting
(cherry picked from commit ef1d2c07f9567dfea8a4e012d8779a4ded2d9ae6)
Resolves: #1850986
---
man/systemd.link.xml | 11 +++++
src/udev/net/link-config-gperf.gperf | 1 +
src/udev/net/link-config.c | 62 ++++++++++++++++++++++++++--
src/udev/net/link-config.h | 5 +++
4 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index c8ebb751ee..13dcce0879 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -343,6 +343,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AlternativeNamesPolicy=</varname></term>
+ <listitem>
+ <para>A space-separated list of policies by which the interface's alternative names
+ should be set. Each of the policies may fail, and all successful policies are used. The
+ available policies are <literal>database</literal>, <literal>onboard</literal>,
+ <literal>slot</literal>, <literal>path</literal>, and <literal>mac</literal>. If the
+ kernel does not support the alternative names, then this setting will be ignored.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>AlternativeName=</varname></term>
<listitem>
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index 913c754145..df8404e7b8 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -35,6 +35,7 @@ Link.MACAddress, config_parse_hwaddr, 0,
Link.NamePolicy, config_parse_name_policy, 0, offsetof(link_config, name_policy)
Link.Name, config_parse_ifname, 0, offsetof(link_config, name)
Link.AlternativeName, config_parse_ifnames, 1, offsetof(link_config, alternative_names)
+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(link_config, alternative_names_policy)
Link.Alias, config_parse_ifalias, 0, offsetof(link_config, alias)
Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(link_config, mtu)
Link.BitsPerSecond, config_parse_si_size, 0, offsetof(link_config, speed)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 8e88c8e5c4..6ceb4c698e 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -69,6 +69,7 @@ static void link_config_free(link_config *link) {
free(link->name_policy);
free(link->name);
strv_free(link->alternative_names);
+ free(link->alternative_names_policy);
free(link->alias);
free(link);
@@ -349,6 +350,7 @@ static int get_mac(struct udev_device *device, bool want_random,
int link_config_apply(link_config_ctx *ctx, link_config *config,
struct udev_device *device, const char **name) {
+ _cleanup_strv_free_ char **altnames = NULL;
bool respect_predictable = false;
struct ether_addr generated_mac;
struct ether_addr *mac = NULL;
@@ -473,11 +475,52 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (r < 0)
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
- r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
+ if (config->alternative_names) {
+ altnames = strv_copy(config->alternative_names);
+ if (!altnames)
+ return log_oom();
+ }
+
+ if (config->alternative_names_policy)
+ for (NamePolicy *p = config->alternative_names_policy; *p != _NAMEPOLICY_INVALID; p++) {
+ const char *n;
+
+ switch (*p) {
+ case NAMEPOLICY_DATABASE:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE");
+ break;
+ case NAMEPOLICY_ONBOARD:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_ONBOARD");
+ break;
+ case NAMEPOLICY_SLOT:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_SLOT");
+ break;
+ case NAMEPOLICY_PATH:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_PATH");
+ break;
+ case NAMEPOLICY_MAC:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_MAC");
+ break;
+ default:
+ assert_not_reached("invalid policy");
+ }
+ if (!isempty(n)) {
+ r = strv_extend(&altnames, n);
+ if (r < 0)
+ return log_oom();
+ }
+ }
+
+ if (new_name)
+ strv_remove(altnames, new_name);
+ strv_remove(altnames, old_name);
+ strv_uniq(altnames);
+
+ r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)
- log_debug_errno(r, "Could not set AlternativeName= on %s, ignoring: %m", old_name);
+ log_debug_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s, ignoring: %m", old_name);
else if (r < 0)
- return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
+ return log_warning_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s: %m", old_name);
*name = new_name;
@@ -524,3 +567,16 @@ DEFINE_STRING_TABLE_LOOKUP(name_policy, NamePolicy);
DEFINE_CONFIG_PARSE_ENUMV(config_parse_name_policy, name_policy, NamePolicy,
_NAMEPOLICY_INVALID,
"Failed to parse interface name policy");
+
+static const char* const alternative_names_policy_table[_NAMEPOLICY_MAX] = {
+ [NAMEPOLICY_DATABASE] = "database",
+ [NAMEPOLICY_ONBOARD] = "onboard",
+ [NAMEPOLICY_SLOT] = "slot",
+ [NAMEPOLICY_PATH] = "path",
+ [NAMEPOLICY_MAC] = "mac",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(alternative_names_policy, NamePolicy);
+DEFINE_CONFIG_PARSE_ENUMV(config_parse_alternative_names_policy, alternative_names_policy, NamePolicy,
+ _NAMEPOLICY_INVALID,
+ "Failed to parse alternative names policy");
diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
index 93d5fdce59..634bd2ec54 100644
--- a/src/udev/net/link-config.h
+++ b/src/udev/net/link-config.h
@@ -49,6 +49,7 @@ struct link_config {
struct ether_addr *mac;
MACPolicy mac_policy;
NamePolicy *name_policy;
+ NamePolicy *alternative_names_policy;
char *name;
char **alternative_names;
char *alias;
@@ -78,6 +79,9 @@ int link_get_driver(link_config_ctx *ctx, struct udev_device *device, char **ret
const char *name_policy_to_string(NamePolicy p) _const_;
NamePolicy name_policy_from_string(const char *p) _pure_;
+const char *alternative_names_policy_to_string(NamePolicy p) _const_;
+NamePolicy alternative_names_policy_from_string(const char *p) _pure_;
+
const char *mac_policy_to_string(MACPolicy p) _const_;
MACPolicy mac_policy_from_string(const char *p) _pure_;
@@ -86,3 +90,4 @@ const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN
int config_parse_mac_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_name_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_alternative_names_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

22
SOURCES/0649-network-set-AlternativeNamesPolicy-in-99-default.lin.patch
View File

@ -1,22 +0,0 @@
From 433d85ac89baa0683290cf8b5a913e7c6d666ef1 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 00:30:38 +0900
Subject: [PATCH] network: set AlternativeNamesPolicy= in 99-default.link
(cherry picked from commit 49f5cbe92484a6661bccc0ae6c547bc5767c83bf)
Related: #1850986
---
network/99-default.link | 1 +
1 file changed, 1 insertion(+)
diff --git a/network/99-default.link b/network/99-default.link
index 561bf329e4..58c0b74a7c 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -9,4 +9,5 @@
[Link]
NamePolicy=kernel database onboard slot path
+AlternativeNamesPolicy=database onboard slot path
MACAddressPolicy=persistent

45
SOURCES/0649-pam-do-not-require-a-non-expired-password-for-user-..patch Normal file
View File

@ -0,0 +1,45 @@
From a677e477ef541d172ede2a5bd728a4ff1ffb312d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 1 Jun 2021 16:17:16 +0200
Subject: [PATCH] pam: do not require a non-expired password for user@.service
Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.
The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:
systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1961746.
(cherry picked from commit 71889176e4372b443018584c3520c1ff3efe2711)
Resolves: #1961746
---
src/login/systemd-user.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index 4f85b4b7fe..20c8999331 100644
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -2,7 +2,7 @@
#
# Used by systemd --user instances.
-account required pam_unix.so
+account sufficient pam_unix.so no_pass_expiry
m4_ifdef(`HAVE_SELINUX',
session required pam_selinux.so close
session required pam_selinux.so nottys open

59
SOURCES/0650-random-util-call-initialize_srand-after-fork.patch
View File

@ -1,59 +0,0 @@
From c4c771f2dc5c590990d1f9105886b833afa59852 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 19:47:48 +0900
Subject: [PATCH] random-util: call initialize_srand() after fork()
(cherry picked from commit a0f11d1d11a546f791855ec9c47c2ff830e6a5aa)
Related: #1850986
---
src/basic/random-util.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index 91481559db..801f6ad131 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -4,6 +4,7 @@
#include <errno.h>
#include <fcntl.h>
#include <linux/random.h>
+#include <pthread.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
@@ -26,6 +27,8 @@
#include "random-util.h"
#include "time-util.h"
+static bool srand_called = false;
+
int acquire_random_bytes(void *p, size_t n, bool high_quality_required) {
static int have_syscall = -1;
@@ -81,8 +84,12 @@ int acquire_random_bytes(void *p, size_t n, bool high_quality_required) {
return loop_read_exact(fd, (uint8_t*) p + already_done, n - already_done, true);
}
+static void clear_srand_initialization(void) {
+ srand_called = false;
+}
+
void initialize_srand(void) {
- static bool srand_called = false;
+ static bool pthread_atfork_registered = false;
unsigned x;
#if HAVE_SYS_AUXV_H
void *auxv;
@@ -109,6 +116,11 @@ void initialize_srand(void) {
srand(x);
srand_called = true;
+
+ if (!pthread_atfork_registered) {
+ (void) pthread_atfork(NULL, NULL, clear_srand_initialization);
+ pthread_atfork_registered = true;
+ }
}
/* INT_MAX gives us only 31 bits, so use 24 out of that. */

26
SOURCES/0650-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch Normal file
View File

@ -0,0 +1,26 @@
From c0e530dc95fa7842ec1a48fd5df98956a76ae26c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 26 Feb 2021 10:25:31 +0000
Subject: [PATCH] udev rules: add rule to create /dev/ptp_hyperv
As for the KVM case, necessary for network cards with
PTP devices when running a guest on HyperV
(cherry picked from commit 32e868f058da8b90add00b2958c516241c532b70)
Resolves: #1991834
---
rules/50-udev-default.rules.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index 191f56f42e..36657ce1a4 100644
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -83,4 +83,6 @@ KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
+
LABEL="default_end"

223
SOURCES/0651-process-util-explicitly-handle-processes-lacking-par.patch Normal file
View File

@ -0,0 +1,223 @@
From 9b30c003c8f80bf44f18168d07ea11c48e6d8864 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Jul 2021 15:57:51 +0200
Subject: [PATCH] process-util: explicitly handle processes lacking parents in
get_process_ppid()
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").
Replaces: #20153
This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.
This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
(cherry picked from commit 0c4d1e6d96a549054bfe0597d197f829838917f1)
Resolves: #1977569
---
src/basic/process-util.c | 27 +++++++++++++-------
src/coredump/coredump.c | 23 +++++++++--------
src/test/test-process-util.c | 48 +++++++++++++++++++++++++++++++++---
3 files changed, 74 insertions(+), 24 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 0a4a747ba4..6016d83d41 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -603,20 +603,23 @@ int get_process_environ(pid_t pid, char **env) {
return 0;
}
-int get_process_ppid(pid_t pid, pid_t *_ppid) {
- int r;
+int get_process_ppid(pid_t pid, pid_t *ret) {
_cleanup_free_ char *line = NULL;
long unsigned ppid;
const char *p;
+ int r;
assert(pid >= 0);
- assert(_ppid);
if (pid == 0 || pid == getpid_cached()) {
- *_ppid = getppid();
+ if (ret)
+ *ret = getppid();
return 0;
}
+ if (pid == 1) /* PID 1 has no parent, shortcut this case */
+ return -EADDRNOTAVAIL;
+
p = procfs_file_alloca(pid, "stat");
r = read_one_line_file(p, &line);
if (r == -ENOENT)
@@ -624,9 +627,8 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
if (r < 0)
return r;
- /* Let's skip the pid and comm fields. The latter is enclosed
- * in () but does not escape any () in its value, so let's
- * skip over it manually */
+ /* Let's skip the pid and comm fields. The latter is enclosed in () but does not escape any () in its
+ * value, so let's skip over it manually */
p = strrchr(line, ')');
if (!p)
@@ -640,10 +642,17 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
&ppid) != 1)
return -EIO;
- if ((long unsigned) (pid_t) ppid != ppid)
+ /* If ppid is zero the process has no parent. Which might be the case for PID 1 but also for
+ * processes originating in other namespaces that are inserted into a pidns. Return a recognizable
+ * error in this case. */
+ if (ppid == 0)
+ return -EADDRNOTAVAIL;
+
+ if ((pid_t) ppid < 0 || (long unsigned) (pid_t) ppid != ppid)
return -ERANGE;
- *_ppid = (pid_t) ppid;
+ if (ret)
+ *ret = (pid_t) ppid;
return 0;
}
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 2a130e8838..fb3a6ecfe9 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -591,8 +591,7 @@ static int get_process_ns(pid_t pid, const char *namespace, ino_t *ns) {
return 0;
}
-static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
- pid_t cpid = pid, ppid = 0;
+static int get_mount_namespace_leader(pid_t pid, pid_t *ret) {
ino_t proc_mntns;
int r = 0;
@@ -602,8 +601,12 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
for (;;) {
ino_t parent_mntns;
+ pid_t ppid;
- r = get_process_ppid(cpid, &ppid);
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) /* Reached the top (i.e. typically PID 1, but could also be a process
+ * whose parent is not in our pidns) */
+ return -ENOENT;
if (r < 0)
return r;
@@ -611,17 +614,13 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
if (r < 0)
return r;
- if (proc_mntns != parent_mntns)
- break;
-
- if (ppid == 1)
- return -ENOENT;
+ if (proc_mntns != parent_mntns) {
+ *ret = ppid;
+ return 0;
+ }
- cpid = ppid;
+ pid = ppid;
}
-
- *container_pid = ppid;
- return 0;
}
/* Returns 1 if the parent was found.
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 26e3247993..6b14ff592b 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -19,6 +19,7 @@
#include "macro.h"
#include "parse-util.h"
#include "process-util.h"
+#include "procfs-util.h"
#include "signal-util.h"
#include "stdio-util.h"
#include "string-util.h"
@@ -56,9 +57,12 @@ static void test_get_process_comm(pid_t pid) {
assert_se(get_process_cmdline(pid, 1, false, &d) >= 0);
log_info("PID"PID_FMT" cmdline truncated to 1: '%s'", pid, d);
- assert_se(get_process_ppid(pid, &e) >= 0);
- log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
- assert_se(pid == 1 ? e == 0 : e > 0);
+ r = get_process_ppid(pid, &e);
+ assert_se(pid == 1 ? r == -EADDRNOTAVAIL : r >= 0);
+ if (r >= 0) {
+ log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
+ assert_se(e > 0);
+ }
assert_se(is_kernel_thread(pid) == 0 || pid != 1);
@@ -585,6 +589,43 @@ static void test_ioprio_class_from_to_string(void) {
test_ioprio_class_from_to_string_one("-1", -1);
}
+static void test_get_process_ppid(void) {
+ uint64_t limit;
+ int r;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
+
+ /* the process with the PID above the global limit definitely doesn't exist. Verify that */
+ assert_se(procfs_tasks_get_limit(&limit) >= 0);
+ assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+
+ for (pid_t pid = 0;;) {
+ _cleanup_free_ char *c1 = NULL, *c2 = NULL;
+ pid_t ppid;
+
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) {
+ log_info("No further parent PID");
+ break;
+ }
+
+ assert_se(r >= 0);
+
+ /* NOTE: The size is SIZE_MAX in the original commit, but it would require backporting a
+ * lot more stuff to support that (the current version of get_process_cmdline() just fails with
+ * ENOMEM). UINT16_MAX should be enough for practical purposes.
+ */
+ assert_se(get_process_cmdline(pid, UINT16_MAX, true, &c1) >= 0);
+ assert_se(get_process_cmdline(ppid, UINT16_MAX, true, &c2) >= 0);
+
+ log_info("Parent of " PID_FMT " (%s) is " PID_FMT " (%s).", pid, c1, ppid, c2);
+
+ pid = ppid;
+ }
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -614,6 +655,7 @@ int main(int argc, char *argv[]) {
test_safe_fork();
test_pid_to_ptr();
test_ioprio_class_from_to_string();
+ test_get_process_ppid();
return 0;
}

78
SOURCES/0651-sd-netlink-introduce-rtnl_resolve_link_alternative_n.patch
View File

@ -1,78 +0,0 @@
From 8db22aec9bfd140855b64f2879b7ca6d1cba69c6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 18:28:36 +0900
Subject: [PATCH] sd-netlink: introduce rtnl_resolve_link_alternative_names()
(cherry picked from commit b04c5e51da7a61d41d564e73a1e92bd8b29b0223)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-types.c | 1 +
src/libsystemd/sd-netlink/netlink-util.c | 29 +++++++++++++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 1 +
3 files changed, 31 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c
index 47d9c7f1c4..e118a0aa30 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/sd-netlink/netlink-types.c
@@ -511,6 +511,7 @@ static const NLType rtnl_link_types[] = {
[IFLA_PHYS_PORT_ID] = { .type = NETLINK_TYPE_BINARY, .len = MAX_PHYS_PORT_ID_LEN },
*/
[IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
+ [IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
};
static const NLTypeSystem rtnl_link_type_system = {
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index c1c306f121..62fc71a3d8 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -120,6 +120,35 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return 0;
}
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(name);
+ assert(ret);
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, 0);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_append_string(message, IFLA_ALT_IFNAME, name);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, &reply);
+ if (r < 0)
+ return r;
+
+ return sd_rtnl_message_link_get_ifindex(reply, ret);
+}
+
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
struct nlmsgerr *err;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 92de19c092..ea98439fad 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -39,6 +39,7 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
int rtnl_log_parse_error(int r);
int rtnl_log_create_error(int r);

30
SOURCES/0652-errno-util-add-ERRNO_IS_PRIVILEGE-helper.patch Normal file
View File

@ -0,0 +1,30 @@
From c078d4d4bc3a61d186a98e03afc699b11134e09f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Nov 2019 12:22:40 +0100
Subject: [PATCH] errno-util: add ERRNO_IS_PRIVILEGE() helper
(cherry picked from commit e884e000714c2db006384058a63788ffcce8c8b8)
Related: #1977569
---
src/basic/util.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/basic/util.h b/src/basic/util.h
index c70467f98c..76b76d7e91 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -170,6 +170,13 @@ static inline int negative_errno(void) {
return -errno;
}
+/* Two different errors for access problems */
+static inline bool ERRNO_IS_PRIVILEGE(int r) {
+ return IN_SET(abs(r),
+ EACCES,
+ EPERM);
+}
+
static inline unsigned u64log2(uint64_t n) {
#if __SIZEOF_LONG_LONG__ == 8
return (n > 1) ? (unsigned) __builtin_clzll(n) ^ 63U : 0;

27
SOURCES/0652-udev-sort-alternative-names.patch
View File

@ -1,27 +0,0 @@
From eeea9a2f94b5defb97c20c62a23345a367a734aa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 20:41:21 +0900
Subject: [PATCH] udev: sort alternative names
Kernel preserves the order of alternative names. So, for user
visibility, let's sort the alternative names.
(cherry picked from commit 4d016e965b13883cccc963a34a1299a0c4f900ca)
Related: #1850986
---
src/udev/net/link-config.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 6ceb4c698e..8bd374d352 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -515,6 +515,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
strv_remove(altnames, new_name);
strv_remove(altnames, old_name);
strv_uniq(altnames);
+ strv_sort(altnames);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)

102
SOURCES/0653-netlink-introduce-rtnl_get-delete_link_alternative_n.patch
View File

@ -1,102 +0,0 @@
From 8f946da7ee9bbb6e52e99b452c1f4f6f76e7b3c2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:29:13 +0900
Subject: [PATCH] netlink: introduce rtnl_get/delete_link_alternative_names()
(cherry picked from commit 14982526145de84201c7e3b4fc6be6aa5e9a08f7)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-util.c | 45 ++++++++++++++++++++++--
src/libsystemd/sd-netlink/netlink-util.h | 2 ++
2 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 62fc71a3d8..7f09261981 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -81,12 +81,45 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
return 0;
}
-int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
+ _cleanup_strv_free_ char **names = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(ifindex > 0);
+ assert(ret);
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, ifindex);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, &reply);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_read_strv(reply, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &names);
+ if (r < 0 && r != -ENODATA)
+ return r;
+
+ *ret = TAKE_PTR(names);
+
+ return 0;
+}
+
+static int rtnl_update_link_alternative_names(sd_netlink **rtnl, uint16_t nlmsg_type, int ifindex, char * const *alternative_names) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
int r;
assert(rtnl);
assert(ifindex > 0);
+ assert(IN_SET(nlmsg_type, RTM_NEWLINKPROP, RTM_DELLINKPROP));
if (strv_isempty(alternative_names))
return 0;
@@ -97,7 +130,7 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return r;
}
- r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, ifindex);
+ r = sd_rtnl_message_new_link(*rtnl, &message, nlmsg_type, ifindex);
if (r < 0)
return r;
@@ -120,6 +153,14 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return 0;
}
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ return rtnl_update_link_alternative_names(rtnl, RTM_NEWLINKPROP, ifindex, alternative_names);
+}
+
+int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ return rtnl_update_link_alternative_names(rtnl, RTM_DELLINKPROP, ifindex, alternative_names);
+}
+
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index ea98439fad..4fc31aa274 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -38,7 +38,9 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
+int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret);
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
+int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
int rtnl_log_parse_error(int r);

318
SOURCES/0653-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch Normal file
View File

@ -0,0 +1,318 @@
From 62678ec1aa02b53cb116b6f7dd72a54bf61153b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 2 Nov 2021 18:18:21 +0100
Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum
value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From packit/rawhide-arm64 logs:
Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting.
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
The kernel has a few different limits. In particular kernel.threads-max can be
set to some lower value, and kernel.pid_max can be set to a higher value. This
is nice because it reduces PID reuse, even if the number of threads that is
allowed is limited. But the tests assumed that we cannot have a thread with
PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid.
So let's rework the whole thing: let's expose the helpers to read
kernel.threads-max and kernel.pid_max, and print what they return in tests.
procfs_tasks_get_limit() was something that is only used in tests, and wasn't
very well defined, so let's drop it.
Fixes #21193.
(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c)
Related: #1977569
---
src/basic/procfs-util.c | 53 +++++++++---------------------------
src/basic/procfs-util.h | 4 ++-
src/basic/util.c | 49 +++++++++++++++++++++++----------
src/test/test-process-util.c | 10 +++++--
src/test/test-procfs-util.c | 37 +++++++++++++++++++------
5 files changed, 88 insertions(+), 65 deletions(-)
diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
index 7aaf95bfce..fa5671dd72 100644
--- a/src/basic/procfs-util.c
+++ b/src/basic/procfs-util.c
@@ -12,54 +12,34 @@
#include "stdio-util.h"
#include "string-util.h"
-int procfs_tasks_get_limit(uint64_t *ret) {
+int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
- uint64_t pid_max, threads_max;
int r;
assert(ret);
- /* So there are two sysctl files that control the system limit of processes:
- *
- * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on
- * concurrent tasks.
- *
- * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number
- * of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed
- * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by
- * default.
- *
- * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as
- * it's the lowest boundary they need to bump when they want higher number of processes.
- *
- * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of
- * tasks that can be created is one lower, as PID 0 is not a valid process ID. */
-
r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
if (r < 0)
return r;
- r = safe_atou64(value, &pid_max);
- if (r < 0)
- return r;
+ return safe_atou64(value, ret);
+}
- value = mfree(value);
- r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
- if (r < 0)
- return r;
+int procfs_get_threads_max(uint64_t *ret) {
+ _cleanup_free_ char *value = NULL;
+ int r;
- r = safe_atou64(value, &threads_max);
+ assert(ret);
+
+ r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
if (r < 0)
return r;
- /* Subtract one from pid_max, since PID 0 is not a valid PID */
- *ret = MIN(pid_max-1, threads_max);
- return 0;
+ return safe_atou64(value, ret);
}
int procfs_tasks_set_limit(uint64_t limit) {
char buffer[DECIMAL_STR_MAX(uint64_t)+1];
- _cleanup_free_ char *value = NULL;
uint64_t pid_max;
int r;
@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) {
* set it to the maximum. */
limit = CLAMP(limit, 20U, TASKS_MAX);
- r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
- if (r < 0)
- return r;
- r = safe_atou64(value, &pid_max);
+ r = procfs_get_pid_max(&pid_max);
if (r < 0)
return r;
@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) {
/* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not
* generate an error */
- value = mfree(value);
- if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0)
- return r; /* return original error */
-
- if (safe_atou64(value, &threads_max) < 0)
+ if (procfs_get_threads_max(&threads_max) < 0)
return r; /* return original error */
- if (MIN(pid_max-1, threads_max) != limit)
+ if (MIN(pid_max - 1, threads_max) != limit)
return r; /* return original error */
/* Yay! Value set already matches what we were trying to set, hence consider this a success. */
diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
index 5a44e9eff7..caaee8b0b6 100644
--- a/src/basic/procfs-util.h
+++ b/src/basic/procfs-util.h
@@ -5,7 +5,9 @@
#include "time-util.h"
-int procfs_tasks_get_limit(uint64_t *ret);
+int procfs_get_pid_max(uint64_t *ret);
+int procfs_get_threads_max(uint64_t *ret);
+
int procfs_tasks_set_limit(uint64_t limit);
int procfs_tasks_get_current(uint64_t *ret);
diff --git a/src/basic/util.c b/src/basic/util.c
index 609f8c2f33..548e3652cc 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -527,23 +527,46 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) {
}
uint64_t system_tasks_max(void) {
-
- uint64_t a = TASKS_MAX, b = TASKS_MAX;
+ uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX;
_cleanup_free_ char *root = NULL;
int r;
- /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this
- * limit:
+ /* Determine the maximum number of tasks that may run on this system. We check three sources to
+ * determine this limit:
+ *
+ * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows.
+ *
+ * This puts a direct limit on the number of concurrent tasks.
+ *
+ * b) kernel.pid_max sysctl: the maximum PID value.
+ *
+ * This limits the numeric range PIDs can take, and thus indirectly also limits the number of
+ * concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed
+ * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond
+ * INT16_MAX by default.
*
- * a) the maximum tasks value the kernel allows on this architecture
- * b) the cgroups pids_max attribute for the system
- * c) the kernel's configured maximum PID value
+ * Also note the weird definition: PIDs assigned will be kept below this value, which means
+ * the number of tasks that can be created is one lower, as PID 0 is not a valid process ID.
*
- * And then pick the smallest of the three */
+ * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks.
+ *
+ * and then pick the smallest of the three.
+ *
+ * By default pid_max is set to much lower values than threads-max, hence the limit people come into
+ * contact with first, as it's the lowest boundary they need to bump when they want higher number of
+ * processes.
+ */
+
+ r = procfs_get_threads_max(&a);
+ if (r < 0)
+ log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m");
- r = procfs_tasks_get_limit(&a);
+ r = procfs_get_pid_max(&b);
if (r < 0)
- log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m");
+ log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m");
+ else if (b > 0)
+ /* Subtract one from pid_max, since PID 0 is not a valid PID */
+ b--;
r = cg_get_root_path(&root);
if (r < 0)
@@ -555,15 +578,13 @@ uint64_t system_tasks_max(void) {
if (r < 0)
log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m");
else if (!streq(value, "max")) {
- r = safe_atou64(value, &b);
+ r = safe_atou64(value, &c);
if (r < 0)
log_debug_errno(r, "Failed to parse pids.max attribute of cgroup root, ignoring: %m");
}
}
- return MIN3(TASKS_MAX,
- a <= 0 ? TASKS_MAX : a,
- b <= 0 ? TASKS_MAX : b);
+ return MIN3(a, b, c);
}
uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) {
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 6b14ff592b..6295889b47 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -598,8 +598,14 @@ static void test_get_process_ppid(void) {
assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
/* the process with the PID above the global limit definitely doesn't exist. Verify that */
- assert_se(procfs_tasks_get_limit(&limit) >= 0);
- assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+ assert_se(procfs_get_pid_max(&limit) >= 0);
+ log_debug("kernel.pid_max = %"PRIu64, limit);
+
+ if (limit < INT_MAX) {
+ r = get_process_ppid(limit + 1, NULL);
+ log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r);
+ assert(r == -ESRCH);
+ }
for (pid_t pid = 0;;) {
_cleanup_free_ char *c1 = NULL, *c2 = NULL;
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index 1d0612985b..bb6943fed0 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -5,11 +5,13 @@
#include "log.h"
#include "parse-util.h"
#include "procfs-util.h"
+#include "process-util.h"
+#include "util.h"
int main(int argc, char *argv[]) {
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
nsec_t nsec;
- uint64_t v;
+ uint64_t v, w;
int r;
log_parse_environment();
@@ -24,22 +26,41 @@ int main(int argc, char *argv[]) {
assert_se(procfs_tasks_get_current(&v) >= 0);
log_info("Current number of tasks: %" PRIu64, v);
- assert_se(procfs_tasks_get_limit(&v) >= 0);
+ v = TASKS_MAX;
+ r = procfs_get_pid_max(&v);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.pid_max: %"PRIu64, v);
+
+ w = TASKS_MAX;
+ r = procfs_get_threads_max(&w);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.threads-max: %"PRIu64, w);
+
+ v = MIN(v - (v > 0), w);
+
+ assert_se(r >= 0);
log_info("Limit of tasks: %" PRIu64, v);
assert_se(v > 0);
- assert_se(procfs_tasks_set_limit(v) >= 0);
+ r = procfs_tasks_set_limit(v);
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) {
+ log_notice_errno(r, "Skipping test: can't set task limits");
+ return EXIT_TEST_SKIP;
+ }
+ assert(r >= 0);
if (v > 100) {
- uint64_t w;
+ log_info("Reducing limit by one to %"PRIu64"…", v-1);
+
r = procfs_tasks_set_limit(v-1);
- assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS));
+ log_info_errno(r, "procfs_tasks_set_limit: %m");
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
- assert_se(procfs_tasks_get_limit(&w) >= 0);
- assert_se((r == 0 && w == v - 1) || (r < 0 && w == v));
+ assert_se(procfs_get_threads_max(&w) >= 0);
+ assert_se(r >= 0 ? w == v - 1 : w == v);
assert_se(procfs_tasks_set_limit(v) >= 0);
- assert_se(procfs_tasks_get_limit(&w) >= 0);
+ assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(v == w);
}

81
SOURCES/0654-netlink-do-not-fail-when-new-interface-name-is-alrea.patch
View File

@ -1,81 +0,0 @@
From 6db267672de69d6bf4809f433cde106e11145ca8 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:31:24 +0900
Subject: [PATCH] netlink: do not fail when new interface name is already used
as an alternative name
When renaming a network interface, the new name may be used as an
alternative name. In that case, let's swap the current name and the
alternative name. That is, first drop the new name from the list of
alternative names, then rename the interface, finally set the old name
as an alternative name.
(cherry picked from commit 434a34838034347f45fb9a47df55b1a36e5addfd)
Related: #1850986
---
src/libsystemd/sd-netlink/netlink-util.c | 30 +++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 7f09261981..4e42ef9e26 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -1,23 +1,40 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
+#include <net/if.h>
+
#include "sd-netlink.h"
#include "netlink-internal.h"
#include "netlink-util.h"
+#include "socket-util.h"
+#include "string-util.h"
#include "strv.h"
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+ _cleanup_strv_free_ char **alternative_names = NULL;
+ char old_name[IF_NAMESIZE + 1] = {};
int r;
assert(rtnl);
assert(ifindex > 0);
assert(name);
- if (!*rtnl) {
- r = sd_netlink_open(rtnl);
+ if (!ifname_valid(name))
+ return -EINVAL;
+
+ r = rtnl_get_link_alternative_names(rtnl, ifindex, &alternative_names);
+ if (r < 0)
+ log_debug_errno(r, "Failed to get alternative names on network interface %i, ignoring: %m",
+ ifindex);
+
+ if (strv_contains(alternative_names, name)) {
+ r = rtnl_delete_link_alternative_names(rtnl, ifindex, STRV_MAKE(name));
if (r < 0)
- return r;
+ return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m",
+ name, ifindex);
+
+ if_indextoname(ifindex, old_name);
}
r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
@@ -32,6 +49,13 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
if (r < 0)
return r;
+ if (!isempty(old_name)) {
+ r = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(old_name));
+ if (r < 0)
+ log_debug_errno(r, "Failed to set '%s' as an alternative name on network interface %i, ignoring: %m",
+ old_name, ifindex);
+ }
+
return 0;
}

31
SOURCES/0654-test-process-util-also-add-EROFS-to-the-list-of-good.patch Normal file
View File

@ -0,0 +1,31 @@
From fe15b97e44beb69305d3970a3748624ae76f9f04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Nov 2021 09:39:16 +0100
Subject: [PATCH] test-process-util: also add EROFS to the list of "good"
errors
It is only added in the one place where we actually try to set the
setting to a new value. Before we were testing if we can set to it the
existing value, which was a noop. We could still get a permission error,
but this is the first place where we would propagate EROFS.
(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950)
Related: #1977569
---
src/test/test-procfs-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index bb6943fed0..d656c4df4f 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -53,7 +53,7 @@ int main(int argc, char *argv[]) {
r = procfs_tasks_set_limit(v-1);
log_info_errno(r, "procfs_tasks_set_limit: %m");
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(r >= 0 ? w == v - 1 : w == v);

146
SOURCES/0655-journal-refresh-cached-credentials-of-stdout-streams.patch Normal file
View File

@ -0,0 +1,146 @@
From a42cf9af339f48f633fa0b17a960e1e407b7450f Mon Sep 17 00:00:00 2001
From: Lorenz Bauer <lmb@cloudflare.com>
Date: Mon, 4 Nov 2019 16:35:46 +0000
Subject: [PATCH] journal: refresh cached credentials of stdout streams
journald assumes that getsockopt(SO_PEERCRED) correctly identifies the
process on the remote end of the socket. However, this is incorrect
according to man 7 socket:
The returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2).
This becomes a problem when a new process inherits the stdout stream
from a parent. First, log messages from the child process will
be attributed to the parent. Second, the struct ucred used by journald
becomes invalid as soon as the parent exits. Further sendmsg calls then
fail with ENOENT. Logs for the child process then vanish from the journal.
Fix this by using recvmsg on the stdout stream, and refreshing the cached
struct ucred if SCM_CREDENTIALS indicate a new process.
Fixes #13708
(cherry picked from commit 09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc)
Resolves: #1931806
---
src/journal/journald-stream.c | 49 ++++++++++++++++++++++++++--
test/TEST-04-JOURNAL/test-journal.sh | 13 ++++++++
2 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 6f8a4011ff..302a82d3d7 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -484,11 +484,22 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
}
static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
StdoutStream *s = userdata;
+ struct ucred *ucred = NULL;
+ struct cmsghdr *cmsg;
+ struct iovec iovec;
size_t limit;
ssize_t l;
int r;
+ struct msghdr msghdr = {
+ .msg_iov = &iovec,
+ .msg_iovlen = 1,
+ .msg_control = buf,
+ .msg_controllen = sizeof(buf),
+ };
+
assert(s);
if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
@@ -508,20 +519,50 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents,
* always leave room for a terminating NUL we might need to add. */
limit = MIN(s->allocated - 1, s->server->line_max);
- l = read(s->fd, s->buffer + s->length, limit - s->length);
+ iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length);
+
+ l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (l < 0) {
- if (errno == EAGAIN)
+ if (IN_SET(errno, EINTR, EAGAIN))
return 0;
log_warning_errno(errno, "Failed to read from stream: %m");
goto terminate;
}
+ cmsg_close_all(&msghdr);
if (l == 0) {
stdout_stream_scan(s, true);
goto terminate;
}
+ CMSG_FOREACH(cmsg, &msghdr)
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+ ucred = (struct ucred *)CMSG_DATA(cmsg);
+ break;
+ }
+
+ /* Invalidate the context if the pid of the sender changed.
+ * This happens when a forked process inherits stdout / stderr
+ * from a parent. In this case getpeercred returns the ucred
+ * of the parent, which can be invalid if the parent has exited
+ * in the meantime.
+ */
+ if (ucred && ucred->pid != s->ucred.pid) {
+ /* force out any previously half-written lines from a
+ * different process, before we switch to the new ucred
+ * structure for everything we just added */
+ r = stdout_stream_scan(s, true);
+ if (r < 0)
+ goto terminate;
+
+ s->ucred = *ucred;
+ client_context_release(s->server, s->context);
+ s->context = NULL;
+ }
+
s->length += l;
r = stdout_stream_scan(s, false);
if (r < 0)
@@ -559,6 +600,10 @@ int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
if (r < 0)
return log_error_errno(r, "Failed to determine peer credentials: %m");
+ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
+ if (r < 0)
+ return log_error_errno(r, "SO_PASSCRED failed: %m");
+
if (mac_selinux_use()) {
r = getpeersec(fd, &stream->label);
if (r < 0 && r != -EOPNOTSUPP)
diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
index 260cae09ab..52a6ee84d1 100755
--- a/test/TEST-04-JOURNAL/test-journal.sh
+++ b/test/TEST-04-JOURNAL/test-journal.sh
@@ -63,6 +63,19 @@ grep -q '^PRIORITY=6$' /output
! grep -q '^FOO=' /output
! grep -q '^SYSLOG_FACILITY=' /output
+# https://github.com/systemd/systemd/issues/13708
+ID=$(journalctl --new-id128 | sed -n 2p)
+systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' &
+PID=$!
+wait %%
+journalctl --sync
+# We can drop this grep when https://github.com/systemd/systemd/issues/13937
+# has a fix.
+journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/output
+[[ `grep -c . /output` -eq 2 ]]
+grep -q "^_PID=$PID" /output
+grep -vq "^_PID=$PID" /output
+
# Don't lose streams on restart
systemctl start forever-print-hola
sleep 3

46
SOURCES/0655-udev-do-not-try-to-reassign-alternative-names.patch
View File

@ -1,46 +0,0 @@
From 817a707daf1e9fa4f20eba04ce1c52af7518e355 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:36:05 +0900
Subject: [PATCH] udev: do not try to reassign alternative names
Setting alternative names may fail if some of them are already assigned.
(cherry picked from commit 97fdae33dfe8e7e0a4e5230564f6cdebc4450eec)
Related: #1850986
---
src/udev/net/link-config.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 8bd374d352..5220f247f0 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -350,7 +350,7 @@ static int get_mac(struct udev_device *device, bool want_random,
int link_config_apply(link_config_ctx *ctx, link_config *config,
struct udev_device *device, const char **name) {
- _cleanup_strv_free_ char **altnames = NULL;
+ _cleanup_strv_free_ char **altnames = NULL, **current_altnames = NULL;
bool respect_predictable = false;
struct ether_addr generated_mac;
struct ether_addr *mac = NULL;
@@ -514,9 +514,17 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (new_name)
strv_remove(altnames, new_name);
strv_remove(altnames, old_name);
+
+ r = rtnl_get_link_alternative_names(&ctx->rtnl, ifindex, &current_altnames);
+ if (r < 0)
+ log_debug_errno(r, "Failed to get alternative names on %s, ignoring: %m", old_name);
+
+ char **p;
+ STRV_FOREACH(p, current_altnames)
+ strv_remove(altnames, *p);
+
strv_uniq(altnames);
strv_sort(altnames);
-
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)
log_debug_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s, ignoring: %m", old_name);

37
SOURCES/0656-Fix-LGTM-build.patch
View File

@ -1,37 +0,0 @@
From 93c42f4da4563d225e3a2b9e72e8f9bb50d86bb1 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 17 Sep 2021 15:10:03 +0200
Subject: [PATCH] Fix LGTM build
Related: #1850986
---
src/network/netdev/netdev.c | 2 +-
src/network/networkd-network.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 82ce88402f..e97cc07028 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -640,7 +640,7 @@ static int netdev_load_one(Manager *manager, const char *filename) {
netdev_raw->match_host, netdev_raw->match_virt,
netdev_raw->match_kernel_cmdline, netdev_raw->match_kernel_version,
netdev_raw->match_arch,
- NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
return 0;
if (netdev_raw->kind == _NETDEV_KIND_INVALID) {
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 429aac5e6c..7637d135a4 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -479,7 +479,7 @@ int network_get(Manager *manager, struct udev_device *device,
network->match_virt, network->match_kernel_cmdline,
network->match_kernel_version, network->match_arch,
address, path, parent_driver, driver,
- devtype, ifname)) {
+ devtype, ifname, NULL)) {
if (network->match_name && device) {
const char *attr;
uint8_t name_assign_type = NET_NAME_UNKNOWN;

35
SOURCES/0656-util-lib-introduce-HAS_FEATURE_ADDRESS_SANITIZER.patch Normal file
View File

@ -0,0 +1,35 @@
From 39b10c9e7e4ad80adc0e8c43f7d1917edee515dd Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 2 Dec 2018 08:28:24 +0100
Subject: [PATCH] util-lib: introduce HAS_FEATURE_ADDRESS_SANITIZER
https://clang.llvm.org/docs/AddressSanitizer.html#conditional-compilation-with-has-feature-address-sanitizer
(cherry picked from commit 289acab951c5937fdf6d3a2666f411fd66dd20e5)
Related: #2017033
---
src/basic/macro.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 0fe6a62aa8..62f2359633 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -55,6 +55,17 @@
# endif
#endif
+#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# if defined(__has_feature)
+# if __has_feature(address_sanitizer)
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# endif
+# endif
+# if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# define HAS_FEATURE_ADDRESS_SANITIZER 0
+# endif
+#endif
+
/* Temporarily disable some warnings */
#define DISABLE_WARNING_DECLARATION_AFTER_STATEMENT \
_Pragma("GCC diagnostic push"); \

34
SOURCES/0657-ci-skip-test-execute-on-GH-Actions-under-ASan.patch Normal file
View File

@ -0,0 +1,34 @@
From c0c7a5d73bd53375f90fbe70287512269bc8de16 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 12 Jan 2021 22:14:59 +0100
Subject: [PATCH] ci: skip test-execute on GH Actions under ASan
It seems to suffer from the same issue as on Travis CI, where the test
randomly fails due to timeouts in its subtests.
See: https://github.com/systemd/systemd/issues/10696#issuecomment-758501797
(cherry picked from commit f1a8fed286e3b9527b1837e9d5c6cb8d88bd2041)
Related: #2017033
---
src/test/test-execute.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 294f8fe7dd..5303652b93 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -798,6 +798,13 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+#if HAS_FEATURE_ADDRESS_SANITIZER
+ if (strstr_ptr(ci_environment(), "travis") || strstr_ptr(ci_environment(), "github-actions")) {
+ log_notice("Running on Travis CI/GH Actions under ASan, skipping, see https://github.com/systemd/systemd/issues/10696");
+ return EXIT_TEST_SKIP;
+ }
+#endif
+
(void) unsetenv("USER");
(void) unsetenv("LOGNAME");
(void) unsetenv("SHELL");

27
SOURCES/0658-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch Normal file
View File

@ -0,0 +1,27 @@
From 8c15742d1194e0db9a2555553e4d77ebb441b3dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 22 Sep 2020 19:05:17 +0200
Subject: [PATCH] test-seccomp: accept ENOSYS from sysctl(2) too
It seems that kernel 5.9 started returning that.
(cherry picked from commit 0af05e485a3a88f454c714901eb6109307dc893e)
Related: #2017033
---
src/test/test-seccomp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 5eb1c78b8b..6ec04c4c55 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -239,7 +239,7 @@ static void test_protect_sysctl(void) {
if (pid == 0) {
#if defined __NR__sysctl && __NR__sysctl >= 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
- assert_se(errno == EFAULT);
+ assert_se(IN_SET(errno, EFAULT, ENOSYS));
#endif
assert_se(seccomp_protect_sysctl() >= 0);

51
SOURCES/0659-test-accept-that-char-device-0-0-can-now-be-created-.patch Normal file
View File

@ -0,0 +1,51 @@
From e61aa66a63bcfe9ce0d80f0db691ba40218b872a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Aug 2020 21:50:55 +0200
Subject: [PATCH] test: accept that char device 0/0 can now be created witout
privileges
Fixes: #16721
(cherry picked from commit 5b5ce6298e5a1c09beacd5c963e2350979cbf94a)
Related: #2017033
---
src/test/test-fs-util.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
index e3338ea440..aa32629f62 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -518,8 +518,8 @@ static void test_touch_file(void) {
assert_se(timespec_load(&st.st_mtim) == test_mtime);
if (geteuid() == 0) {
- a = strjoina(p, "/cdev");
- r = mknod(a, 0775 | S_IFCHR, makedev(0, 0));
+ a = strjoina(p, "/bdev");
+ r = mknod(a, 0775 | S_IFBLK, makedev(0, 0));
if (r < 0 && errno == EPERM && detect_container() > 0) {
log_notice("Running in unprivileged container? Skipping remaining tests in %s", __func__);
return;
@@ -529,17 +529,17 @@ static void test_touch_file(void) {
assert_se(lstat(a, &st) >= 0);
assert_se(st.st_uid == test_uid);
assert_se(st.st_gid == test_gid);
- assert_se(S_ISCHR(st.st_mode));
+ assert_se(S_ISBLK(st.st_mode));
assert_se((st.st_mode & 0777) == 0640);
assert_se(timespec_load(&st.st_mtim) == test_mtime);
- a = strjoina(p, "/bdev");
- assert_se(mknod(a, 0775 | S_IFBLK, makedev(0, 0)) >= 0);
+ a = strjoina(p, "/cdev");
+ assert_se(mknod(a, 0775 | S_IFCHR, makedev(0, 0)) >= 0);
assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
assert_se(lstat(a, &st) >= 0);
assert_se(st.st_uid == test_uid);
assert_se(st.st_gid == test_gid);
- assert_se(S_ISBLK(st.st_mode));
+ assert_se(S_ISCHR(st.st_mode));
assert_se((st.st_mode & 0777) == 0640);
assert_se(timespec_load(&st.st_mtim) == test_mtime);
}

54
SOURCES/0660-meson-do-not-fail-if-rsync-is-not-installed-with-mes.patch Normal file
View File

@ -0,0 +1,54 @@
From d5cefb7293d2999dcad81bd71933b319ca6c3590 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 12 Apr 2021 14:03:32 +0200
Subject: [PATCH] meson: do not fail if rsync is not installed with meson
0.57.2
https://github.com/mesonbuild/meson/issues/8641
Our CI started to fail. Even if the change is reverted in meson,
we need a quick workaround here.
(cherry picked from commit 7c5fd25119a495009ea62f79e5daec34cc464628)
Related: #2017033
---
man/meson.build | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index a953d34098..efc8836d0c 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -178,17 +178,20 @@ html = custom_target(
depends : html_pages,
command : ['echo'])
-run_target(
- 'doc-sync',
- depends : man_pages + html_pages,
- command : ['rsync', '-rlv',
- '--delete-excluded',
- '--include=man',
- '--include=*.html',
- '--exclude=*',
- '--omit-dir-times',
- meson.current_build_dir(),
- get_option('www-target')])
+rsync = find_program('rsync', required : false)
+if rsync.found()
+ run_target(
+ 'doc-sync',
+ depends : man_pages + html_pages,
+ command : [rsync, '-rlv',
+ '--delete-excluded',
+ '--include=man',
+ '--include=*.html',
+ '--exclude=*',
+ '--omit-dir-times',
+ meson.current_build_dir(),
+ get_option('www-target')])
+endif
############################################################

27
SOURCES/0661-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch Normal file
View File

@ -0,0 +1,27 @@
From 30afbfdc82eb61f3bf47d6b1fa67a61d0ffcc4f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 14 Dec 2018 08:16:31 +0100
Subject: [PATCH] pid1: fix free of uninitialized pointer in
unit_fail_if_noncanonical()
https://bugzilla.redhat.com/show_bug.cgi?id=1653068
(cherry picked from commit 58d9d89b4b41189bdcea86c2ad5cf708b7d54aca)
Related: #1970945
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 93c13e58d9..152a860d08 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -4785,7 +4785,7 @@ void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
}
int unit_fail_if_noncanonical(Unit *u, const char* where) {
- _cleanup_free_ char *canonical_where;
+ _cleanup_free_ char *canonical_where = NULL;
int r;
assert(u);

32
SOURCES/0662-sd-event-take-ref-on-event-loop-object-before-dispat.patch Normal file
View File

@ -0,0 +1,32 @@
From f025def77efc6bb1473b719e905fa70ed20b08d3 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 8 Sep 2021 15:42:11 +0200
Subject: [PATCH] sd-event: take ref on event loop object before dispatching
event sources
Idea is that all public APIs should take reference on objects that get
exposed to user-provided callbacks. We take the reference as a
protection from callbacks dropping it. We used to do this also here in
sd_event_loop(). However, in cleanup portion of f814c871e6 this was
accidentally dropped.
(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f)
Related: #1970945
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index f78da00c3a..47cf93b3f4 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -3838,7 +3838,7 @@ _public_ int sd_event_loop(sd_event *e) {
assert_return(!event_pid_changed(e), -ECHILD);
assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
- _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = NULL;
+ _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = sd_event_ref(e);
while (e->state != SD_EVENT_FINISHED) {
r = sd_event_run(e, (uint64_t) -1);

33
SOURCES/0663-core-consider-service-with-no-start-command-immediat.patch Normal file
View File

@ -0,0 +1,33 @@
From c667291303bb876707d86ac3ab9ca62355bae1b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 22:45:34 +0200
Subject: [PATCH] core: consider service with no start command immediately
started
The service would always be in state == SERVICE_INACTIVE, but it needs to go
through state == SERVICE_START so that SuccessAction/FailureAction are executed.
(cherry picked from commit ef5ae8e71329e43c277e6d4f983f0c0793047b94)
Related: #1860899
---
src/core/service.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/core/service.c b/src/core/service.c
index ae31973774..4da1c5accb 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2055,6 +2055,12 @@ static void service_enter_start(Service *s) {
goto fail;
}
+ /* We force a fake state transition here. Otherwise, the unit would go directly from
+ * SERVICE_DEAD to SERVICE_DEAD without SERVICE_ACTIVATING or SERVICE_ACTIVE
+ * inbetween. This way we can later trigger actions that depend on the state
+ * transition, including SuccessAction=. */
+ service_set_state(s, SERVICE_START);
+
service_enter_start_post(s);
return;
}

84
SOURCES/0664-man-move-description-of-Action-modes-to-FailureActio.patch Normal file
View File

@ -0,0 +1,84 @@
From 12ce6830c63b4a27bb6d5b7729d70a86079b108f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:56:35 +0200
Subject: [PATCH] man: move description of *Action= modes to
FailureAction=/SuccessAction=
FailureAction=/SuccessAction= were added later then StartLimitAction=, so it
was easiest to refer to the existing description. But those two settings are
somewhat simpler (they just execute the action unconditionally) while
StartLimitAction= has additional timing and burst parameters, and they are
about to take on a more prominent role, so let's move the description of
allowed values.
(cherry picked from commit 454dd6ce7adb744584ecae9aa0bd1acf3a00e9ed)
Related: #1860899
---
man/systemd.unit.xml | 44 +++++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 7605c43375..802db453a4 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -873,6 +873,24 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>FailureAction=</varname></term>
+ <term><varname>SuccessAction=</varname></term>
+
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
+ state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
+ <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
+ <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
+ <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
+ terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
+ <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
+ might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
+ options default to <option>none</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>JobTimeoutSec=</varname></term>
<term><varname>JobRunningTimeoutSec=</varname></term>
@@ -929,29 +947,13 @@
<varlistentry>
<term><varname>StartLimitAction=</varname></term>
- <listitem><para>Configure the action to take if the rate limit configured with
- <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of
- <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no
- action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the
- normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
- <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
- cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
- <option>reboot-immediate</option> causes immediate execution of the
- <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
- might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. Defaults to <option>none</option>.</para></listitem>
+ <listitem><para>Configure an additional action to take if the rate limit configured with
+ <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
+ values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
+ the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
+ the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>FailureAction=</varname></term>
- <term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes the same values as the setting <varname>StartLimitAction=</varname> setting and executes the same
- actions. Both options default to <option>none</option>.</para></listitem>
- </varlistentry>
<varlistentry>
<term><varname>RebootArgument=</varname></term>

361
SOURCES/0665-core-define-exit-and-exit-force-actions-for-user-uni.patch Normal file
View File

@ -0,0 +1,361 @@
From 19d91eef7f15b654cd96ad5350385e535fab9e2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 13:28:39 +0200
Subject: [PATCH] core: define "exit" and "exit-force" actions for user units
and only accept that
We would accept e.g. FailureAction=reboot-force in user units and then do an
exit in the user manager. Let's be stricter, and define "exit"/"exit-force" as
the only supported actions in user units.
v2:
- rename 'exit' to 'exit-force' and add new 'exit'
- add test for the parsing function
(cherry picked from commit 54fcb6192c618726d11404b24b1a1e9ec3169ee1)
Related: #1860899
---
TODO | 4 +++
man/systemd.unit.xml | 26 +++++++++-------
src/core/dbus-unit.c | 37 ++++++++++++++++++++++-
src/core/emergency-action.c | 47 ++++++++++++++++++++++-------
src/core/emergency-action.h | 5 ++++
src/core/load-fragment.c | 42 +++++++++++++++++++++++++-
src/test/meson.build | 5 ++++
src/test/test-emergency-action.c | 51 ++++++++++++++++++++++++++++++++
8 files changed, 195 insertions(+), 22 deletions(-)
create mode 100644 src/test/test-emergency-action.c
diff --git a/TODO b/TODO
index 3100e067d6..0705b6b08e 100644
--- a/TODO
+++ b/TODO
@@ -4,6 +4,10 @@ Bugfixes:
* copy.c: set the right chattrs before copying files and others after
+* Many manager configuration settings that are only applicable to user
+ manager or system manager can be always set. It would be better to reject
+ them when parsing config.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 802db453a4..5772a6684e 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -877,18 +877,24 @@
<term><varname>FailureAction=</varname></term>
<term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
- <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
- <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
- terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
- <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state.
+ Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
+ all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
+ <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
+ to <option>none</option>.</para>
+
+ <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
+ following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
+ <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
+ cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
+ <option>reboot-immediate</option> causes immediate execution of the
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
- options default to <option>none</option>.</para></listitem>
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar
+ semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ <option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 549a166abc..e7ea9db3ac 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1564,8 +1564,43 @@ static int bus_unit_set_live_property(
return 0;
}
+static int bus_set_transient_emergency_action(
+ Unit *u,
+ const char *name,
+ EmergencyAction *p,
+ sd_bus_message *message,
+ UnitWriteFlags flags,
+ sd_bus_error *error) {
+
+ const char *s;
+ EmergencyAction v;
+ int r;
+ bool system;
+
+ assert(p);
+
+ r = sd_bus_message_read(message, "s", &s);
+ if (r < 0)
+ return r;
+
+ system = MANAGER_IS_SYSTEM(u->manager);
+ r = parse_emergency_action(s, system, &v);
+ if (v < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ v == -EOPNOTSUPP ? "EmergencyAction setting invalid for manager type: %s"
+ : "Invalid %s setting: %s",
+ name, s);
+
+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
+ *p = v;
+ unit_write_settingf(u, flags, name,
+ "%s=%s", name, s);
+ }
+
+ return 1;
+}
+
static BUS_DEFINE_SET_TRANSIENT_PARSE(collect_mode, CollectMode, collect_mode_from_string);
-static BUS_DEFINE_SET_TRANSIENT_PARSE(emergency_action, EmergencyAction, emergency_action_from_string);
static BUS_DEFINE_SET_TRANSIENT_PARSE(job_mode, JobMode, job_mode_from_string);
static int bus_set_transient_conditions(
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 766a3b4d2b..00f5996317 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -39,15 +39,6 @@ int emergency_action(
return -ECANCELED;
}
- if (!MANAGER_IS_SYSTEM(m)) {
- /* Downgrade all options to simply exiting if we run
- * in user mode */
-
- log_warning("Exiting: %s", reason);
- m->exit_code = MANAGER_EXIT;
- return -ECANCELED;
- }
-
switch (action) {
case EMERGENCY_ACTION_REBOOT:
@@ -80,11 +71,26 @@ int emergency_action(
(void) reboot(RB_AUTOBOOT);
break;
+ case EMERGENCY_ACTION_EXIT:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting", reason);
+
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
+ case EMERGENCY_ACTION_EXIT_FORCE:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
@@ -113,6 +119,27 @@ static const char* const emergency_action_table[_EMERGENCY_ACTION_MAX] = {
[EMERGENCY_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate",
[EMERGENCY_ACTION_POWEROFF] = "poweroff",
[EMERGENCY_ACTION_POWEROFF_FORCE] = "poweroff-force",
- [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate"
+ [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate",
+ [EMERGENCY_ACTION_EXIT] = "exit",
+ [EMERGENCY_ACTION_EXIT_FORCE] = "exit-force",
};
DEFINE_STRING_TABLE_LOOKUP(emergency_action, EmergencyAction);
+
+int parse_emergency_action(
+ const char *value,
+ bool system,
+ EmergencyAction *ret) {
+
+ EmergencyAction x;
+
+ x = emergency_action_from_string(value);
+ if (x < 0)
+ return -EINVAL;
+
+ if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
+ (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ return -EOPNOTSUPP;
+
+ *ret = x;
+ return 0;
+}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 61791f176f..646ccc4e6b 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -13,6 +13,9 @@ typedef enum EmergencyAction {
EMERGENCY_ACTION_POWEROFF,
EMERGENCY_ACTION_POWEROFF_FORCE,
EMERGENCY_ACTION_POWEROFF_IMMEDIATE,
+ EMERGENCY_ACTION_EXIT,
+ _EMERGENCY_ACTION_FIRST_USER_ACTION = EMERGENCY_ACTION_EXIT,
+ EMERGENCY_ACTION_EXIT_FORCE,
_EMERGENCY_ACTION_MAX,
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
@@ -24,3 +27,5 @@ int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg,
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
+
+int parse_emergency_action(const char *value, bool system, EmergencyAction *ret);
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index e0d7b8f7f8..c102ffb9f0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -77,7 +77,6 @@ DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_emergency_action, emergency_action, EmergencyAction, "Failed to parse failure action specifier");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
@@ -4253,6 +4252,47 @@ int config_parse_job_running_timeout_sec(
return 0;
}
+int config_parse_emergency_action(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Manager *m = NULL;
+ EmergencyAction *x = data;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (unit)
+ m = ((Unit*) userdata)->manager;
+ else
+ m = data;
+
+ r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
+ if (r < 0) {
+ if (r == -EOPNOTSUPP)
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "%s= specified as %s mode action, ignoring: %s",
+ lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
+ else
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
+ return 0;
+ }
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/test/meson.build b/src/test/meson.build
index 7b310d4ec7..40cf56d73d 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -65,6 +65,11 @@ tests += [
libshared],
[]],
+ [['src/test/test-emergency-action.c'],
+ [libcore,
+ libshared],
+ []],
+
[['src/test/test-job-type.c'],
[libcore,
libshared],
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
new file mode 100644
index 0000000000..493b23227e
--- /dev/null
+++ b/src/test/test-emergency-action.c
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "emergency-action.h"
+#include "tests.h"
+
+static void test_parse_emergency_action(void) {
+ EmergencyAction x;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(parse_emergency_action("none", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("exit", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT);
+ assert_se(parse_emergency_action("exit-force", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
+ assert_se(parse_emergency_action("exit-forcee", false, &x) == -EINVAL);
+
+ assert_se(parse_emergency_action("none", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT);
+ assert_se(parse_emergency_action("reboot-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_FORCE);
+ assert_se(parse_emergency_action("reboot-immediate", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_IMMEDIATE);
+ assert_se(parse_emergency_action("poweroff", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF);
+ assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
+ assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
+ assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+}
+
+int main(int argc, char **argv) {
+ test_setup_logging(LOG_INFO);
+
+ test_parse_emergency_action();
+
+ return EXIT_SUCCESS;
+}

40
SOURCES/0666-core-accept-system-mode-emergency-action-specifiers-.patch Normal file
View File

@ -0,0 +1,40 @@
From 9dbb6564826a0def39a77ad292aecde75537d164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 14:49:36 +0200
Subject: [PATCH] core: accept system mode emergency action specifiers with a
warning
Before we would only accept those "system" values, so there wasn't other
chocie. Let's provide backwards compatiblity in case somebody made use of
this functionality in user mode.
v2: use 'exit-force' not 'exit'
v3: use error value in log_syntax
(cherry picked from commit 469f76f170db39c72578e869ec7c087bb43f9350)
Related: #1860899
---
src/core/load-fragment.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index c102ffb9f0..c0b1fd4f91 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4280,6 +4280,16 @@ int config_parse_emergency_action(
r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
if (r < 0) {
+ if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
+ /* Compat mode: remove for systemd 241. */
+
+ log_syntax(unit, LOG_INFO, filename, line, r,
+ "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
+ lvalue, rvalue);
+ *x = EMERGENCY_ACTION_EXIT_FORCE;
+ return 0;
+ }
+
if (r == -EOPNOTSUPP)
log_syntax(unit, LOG_ERR, filename, line, r,
"%s= specified as %s mode action, ignoring: %s",

43
SOURCES/0667-core-allow-services-with-no-commands-but-SuccessActi.patch Normal file
View File

@ -0,0 +1,43 @@
From f97c6d921fb6b3d7ba88e064b03d3dd767df9ba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:07:42 +0200
Subject: [PATCH] core: allow services with no commands but SuccessAction set
(cherry picked from commit 3f00d379fa6221a4570c8cd955afd9b661787db9)
Related: #1860899
---
src/core/service.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index 4da1c5accb..7969bbf071 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -556,8 +556,13 @@ static int service_verify(Service *s) {
}
}
- if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
- log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
+ if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
+ && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ /* FailureAction= only makes sense if one of the start or stop commands is specified.
+ * SuccessAction= will be executed unconditionally if no commands are specified. Hence,
+ * either a command or SuccessAction= are required. */
+
+ log_unit_error(UNIT(s), "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.");
return -ENOEXEC;
}
@@ -566,8 +571,8 @@ static int service_verify(Service *s) {
return -ENOEXEC;
}
- if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START]) {
- log_unit_error(UNIT(s), "Service has no ExecStart= setting, which is only allowed for RemainAfterExit=yes services. Refusing.");
+ if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ log_unit_error(UNIT(s), "Service has no ExecStart= and no SuccessAction= settings and does not have RemainAfterExit=yes set. Refusing.");
return -ENOEXEC;
}

120
SOURCES/0668-core-limit-service-watchdogs-no-to-actual-watchdog-c.patch Normal file
View File

@ -0,0 +1,120 @@
From b8358d4edf1896a821c9370c9ba31c2bb07c277a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:24:44 +0200
Subject: [PATCH] core: limit service-watchdogs=no to actual "watchdog"
commands
The setting is now only looked at when considering an action for a job timeout
or unit start limit. It is ignored for ctrl-alt-del, SuccessAction, SuccessFailure.
v2: turn the parameter into a flag field
v3: rename Options to Flags
(cherry picked from commit 1710d4beff6329cf6ae0767953cad09593517b2a)
Related: #1860899
---
src/core/emergency-action.c | 3 ++-
src/core/emergency-action.h | 8 +++++++-
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 9 ++++++---
5 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 00f5996317..e9e757dfa3 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -24,6 +24,7 @@ static void log_and_status(Manager *m, const char *message, const char *reason)
int emergency_action(
Manager *m,
EmergencyAction action,
+ EmergencyActionFlags options,
const char *reboot_arg,
const char *reason) {
@@ -34,7 +35,7 @@ int emergency_action(
if (action == EMERGENCY_ACTION_NONE)
return -ECANCELED;
- if (!m->service_watchdogs) {
+ if (FLAGS_SET(options, EMERGENCY_ACTION_IS_WATCHDOG) && !m->service_watchdogs) {
log_warning("Watchdog disabled! Not acting on: %s", reason);
return -ECANCELED;
}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 646ccc4e6b..efbfaf6c6a 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -20,10 +20,16 @@ typedef enum EmergencyAction {
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
+typedef enum EmergencyActionFlags {
+ EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+} EmergencyActionFlags;
+
#include "macro.h"
#include "manager.h"
-int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg, const char *reason);
+int emergency_action(Manager *m,
+ EmergencyAction action, EmergencyActionFlags options,
+ const char *reboot_arg, const char *reason);
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
diff --git a/src/core/job.c b/src/core/job.c
index 870ec0a387..d647aac42d 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg, "job timed out");
+ emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->job_timeout_reboot_arg, "job timed out");
return 0;
}
diff --git a/src/core/manager.c b/src/core/manager.c
index 3c44ad3dbc..ac1b198b21 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, NULL,
+ emergency_action(m, m->cad_burst_action, 0, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index 152a860d08..dc5c89c195 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, u->reboot_arg, "unit failed");
+ return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->reboot_arg, "unit failed");
}
bool unit_shall_confirm_spawn(Unit *u) {
@@ -2469,9 +2470,11 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag
unit_check_binds_to(u);
if (os != UNIT_FAILED && ns == UNIT_FAILED)
- (void) emergency_action(u->manager, u->failure_action, u->reboot_arg, "unit failed");
+ (void) emergency_action(u->manager, u->failure_action, 0,
+ u->reboot_arg, "unit failed");
else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE)
- (void) emergency_action(u->manager, u->success_action, u->reboot_arg, "unit succeeded");
+ (void) emergency_action(u->manager, u->success_action, 0,
+ u->reboot_arg, "unit succeeded");
}
unit_add_to_dbus_queue(u);

56
SOURCES/0669-units-use-SuccessAction-exit-force-in-systemd-exit.s.patch Normal file
View File

@ -0,0 +1,56 @@
From b0394ad25fd601b9ef29d26b87f12b0a0c17cda0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:09:11 +0200
Subject: [PATCH] units: use SuccessAction=exit-force in systemd-exit.service
Fixes #10414.
v2:
- rename .service.in to .service
- rename 'exit' to 'exit-force'
(cherry picked from commit 631c9b7bf2dab5065d753a7b1cfaff5b100b3c90)
Resolves: #1860899
---
units/user/meson.build | 2 +-
units/user/{systemd-exit.service.in => systemd-exit.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/user/{systemd-exit.service.in => systemd-exit.service} (87%)
diff --git a/units/user/meson.build b/units/user/meson.build
index b1c2e95597..36341a42f5 100644
--- a/units/user/meson.build
+++ b/units/user/meson.build
@@ -14,6 +14,7 @@ units = [
'sockets.target',
'sound.target',
'timers.target',
+ 'systemd-exit.service',
'systemd-tmpfiles-clean.timer',
]
@@ -23,7 +24,6 @@ foreach file : units
endforeach
in_units = [
- 'systemd-exit.service',
'systemd-tmpfiles-clean.service',
'systemd-tmpfiles-setup.service',
]
diff --git a/units/user/systemd-exit.service.in b/units/user/systemd-exit.service
similarity index 87%
rename from units/user/systemd-exit.service.in
rename to units/user/systemd-exit.service
index d69273f6b3..1d3b61e3ab 100644
--- a/units/user/systemd-exit.service.in
+++ b/units/user/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --user --force exit
+SuccessAction=exit-force

51
SOURCES/0670-units-use-SuccessAction-reboot-force-in-systemd-rebo.patch Normal file
View File

@ -0,0 +1,51 @@
From f531c34dd8ead33b9972bcd06017ac80ccedb757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:30:53 +0200
Subject: [PATCH] units: use SuccessAction=reboot-force in
systemd-reboot.service
(cherry picked from commit d85515edcf9700dc068201ab9f7103f04f3b25b2)
Related: #1860899
---
units/meson.build | 2 +-
units/{systemd-reboot.service.in => systemd-reboot.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-reboot.service.in => systemd-reboot.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index a1cd2524dc..b482431a10 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
'timers.target.wants/'],
@@ -182,7 +183,6 @@ in_units = [
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
- ['systemd-reboot.service', ''],
['systemd-remount-fs.service', '',
'local-fs.target.wants/'],
['systemd-resolved.service', 'ENABLE_RESOLVE',
diff --git a/units/systemd-reboot.service.in b/units/systemd-reboot.service
similarity index 89%
rename from units/systemd-reboot.service.in
rename to units/systemd-reboot.service
index 4763ccfdca..505f60aabf 100644
--- a/units/systemd-reboot.service.in
+++ b/units/systemd-reboot.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force reboot
+SuccessAction=reboot-force

56
SOURCES/0671-units-use-SuccessAction-poweroff-force-in-systemd-po.patch Normal file
View File

@ -0,0 +1,56 @@
From 7e84234d9953f7ffacf7fff82679c9c9c3b78b7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:34:57 +0200
Subject: [PATCH] units: use SuccessAction=poweroff-force in
systemd-poweroff.service
Explicit systemctl calls remain in systemd-halt.service and the system
systemd-exit.service. To convert systemd-halt, we'd need to add
SuccessAction=halt-force. Halting doesn't make much sense, so let's just
leave that is. systemd-exit.service will be converted in the next commit.
(cherry picked from commit afa6206583dfbc93e29981cb5d713841e4ca2865)
Related: #1860899
---
units/meson.build | 2 +-
...{systemd-poweroff.service.in => systemd-poweroff.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-poweroff.service.in => systemd-poweroff.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index b482431a10..6fa804148b 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-poweroff.service', ''],
['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
@@ -179,7 +180,6 @@ in_units = [
['systemd-nspawn@.service', ''],
['systemd-portabled.service', 'ENABLE_PORTABLED',
'dbus-org.freedesktop.portable1.service'],
- ['systemd-poweroff.service', ''],
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
diff --git a/units/systemd-poweroff.service.in b/units/systemd-poweroff.service
similarity index 89%
rename from units/systemd-poweroff.service.in
rename to units/systemd-poweroff.service
index e9fd655508..8d1d54389b 100644
--- a/units/systemd-poweroff.service.in
+++ b/units/systemd-poweroff.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force poweroff
+SuccessAction=poweroff-force

164
SOURCES/0672-units-allow-and-use-SuccessAction-exit-force-in-syst.patch Normal file
View File

@ -0,0 +1,164 @@
From c0aa64901aa4d5d7c917fccf0993819fb1a1262f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 16:34:45 +0200
Subject: [PATCH] units: allow and use SuccessAction=exit-force in system
systemd-exit.service
C.f. 287419c119ef961db487a281162ab037eba70c61: 'systemctl exit 42' can be
used to set an exit value and pulls in exit.target, which pulls in systemd-exit.service,
which calls org.fdo.Manager.Exit, which calls method_exit(), which sets the objective
to MANAGER_EXIT. Allow the same to happen through SuccessAction=exit.
v2: update for 'exit' and 'exit-force'
(cherry picked from commit a400bd8c2a6285576edf8e2147e1d17aab129501)
Related: #1860899
---
man/systemd.unit.xml | 7 +++--
src/core/emergency-action.c | 27 +++++++++++--------
src/test/test-emergency-action.c | 6 ++---
units/meson.build | 2 +-
...d-exit.service.in => systemd-exit.service} | 5 +---
5 files changed, 24 insertions(+), 23 deletions(-)
rename units/{systemd-exit.service.in => systemd-exit.service} (88%)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 5772a6684e..e80c760dd6 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -881,9 +881,8 @@
Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
<option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
- all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
- <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
- to <option>none</option>.</para>
+ all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and
+ <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para>
<para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
@@ -893,7 +892,7 @@
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ semantics. <option>exit</option> causes the manager to exit following the normal shutdown procedure, and
<option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index e9e757dfa3..44b92ae6f8 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -13,6 +13,7 @@
#include "special.h"
#include "string-table.h"
#include "terminal-util.h"
+#include "virt.h"
static void log_and_status(Manager *m, const char *message, const char *reason) {
log_warning("%s: %s", message, reason);
@@ -73,12 +74,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT:
- assert(MANAGER_IS_USER(m));
-
- log_and_status(m, "Exiting", reason);
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting", reason);
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+ }
- (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
- break;
+ log_notice("Doing \"poweroff\" action instead of an \"exit\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
@@ -86,11 +89,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT_FORCE:
- assert(MANAGER_IS_USER(m));
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+ }
- log_and_status(m, "Exiting immediately", reason);
- m->exit_code = MANAGER_EXIT;
- break;
+ log_notice("Doing \"poweroff-force\" action instead of an \"exit-force\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
@@ -137,8 +143,7 @@ int parse_emergency_action(
if (x < 0)
return -EINVAL;
- if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
- (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ if (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION)
return -EOPNOTSUPP;
*ret = x;
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
index 493b23227e..8ce28ed9f5 100644
--- a/src/test/test-emergency-action.c
+++ b/src/test/test-emergency-action.c
@@ -36,10 +36,10 @@ static void test_parse_emergency_action(void) {
assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
- assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
- assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit", true, &x) == 0);
+ assert_se(parse_emergency_action("exit-force", true, &x) == 0);
assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
- assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
}
int main(int argc, char **argv) {
diff --git a/units/meson.build b/units/meson.build
index 6fa804148b..a74fa95195 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -86,6 +86,7 @@ units = [
'multi-user.target.wants/'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],
+ ['systemd-exit.service', ''],
['systemd-initctl.socket', '',
'sockets.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
@@ -135,7 +136,6 @@ in_units = [
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
- ['systemd-exit.service', ''],
['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
'sysinit.target.wants/'],
['systemd-fsck-root.service', ''],
diff --git a/units/systemd-exit.service.in b/units/systemd-exit.service
similarity index 88%
rename from units/systemd-exit.service.in
rename to units/systemd-exit.service
index 2fb6ebd767..6029b13a05 100644
--- a/units/systemd-exit.service.in
+++ b/units/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force exit
+SuccessAction=exit

174
SOURCES/0673-core-do-not-warn-about-mundane-emergency-actions.patch Normal file
View File

@ -0,0 +1,174 @@
From c8e9877d14c8742cc3732d305af2422f8a16f47d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:27:20 +0200
Subject: [PATCH] core: do not "warn" about mundane emergency actions
For example in a container we'd log:
Oct 17 17:01:10 rawhide systemd[1]: Started Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Forcibly powering off: unit succeeded
Oct 17 17:01:10 rawhide systemd[1]: Reached target Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Shutting down.
and on the console we'd write (in red)
[ !! ] Forcibly powering off: unit succeeded
This is not useful in any way, and the fact that we're calling an "emergency action"
is an internal implementation detail. Let's log about c-a-d and the watchdog actions
only.
(cherry picked from commit c7adcb1af9946d0672c16bb4bb7eedf39b3d1fcb)
Related: #1860899
---
src/core/emergency-action.c | 29 ++++++++++++++++-------------
src/core/emergency-action.h | 1 +
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 3 ++-
5 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 44b92ae6f8..fea1cb83db 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -15,11 +15,12 @@
#include "terminal-util.h"
#include "virt.h"
-static void log_and_status(Manager *m, const char *message, const char *reason) {
- log_warning("%s: %s", message, reason);
- manager_status_printf(m, STATUS_TYPE_EMERGENCY,
- ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
- "%s: %s", message, reason);
+static void log_and_status(Manager *m, bool warn, const char *message, const char *reason) {
+ log_full(warn ? LOG_WARNING : LOG_DEBUG, "%s: %s", message, reason);
+ if (warn)
+ manager_status_printf(m, STATUS_TYPE_EMERGENCY,
+ ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
+ "%s: %s", message, reason);
}
int emergency_action(
@@ -41,17 +42,19 @@ int emergency_action(
return -ECANCELED;
}
+ bool warn = FLAGS_SET(options, EMERGENCY_ACTION_WARN);
+
switch (action) {
case EMERGENCY_ACTION_REBOOT:
- log_and_status(m, "Rebooting", reason);
+ log_and_status(m, warn, "Rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_REBOOT_FORCE:
- log_and_status(m, "Forcibly rebooting", reason);
+ log_and_status(m, warn, "Forcibly rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
m->exit_code = MANAGER_REBOOT;
@@ -59,7 +62,7 @@ int emergency_action(
break;
case EMERGENCY_ACTION_REBOOT_IMMEDIATE:
- log_and_status(m, "Rebooting immediately", reason);
+ log_and_status(m, warn, "Rebooting immediately", reason);
sync();
@@ -75,7 +78,7 @@ int emergency_action(
case EMERGENCY_ACTION_EXIT:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting", reason);
+ log_and_status(m, warn, "Exiting", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
}
@@ -84,13 +87,13 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
- log_and_status(m, "Powering off", reason);
+ log_and_status(m, warn, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_EXIT_FORCE:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting immediately", reason);
+ log_and_status(m, warn, "Exiting immediately", reason);
m->exit_code = MANAGER_EXIT;
break;
}
@@ -99,12 +102,12 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
- log_and_status(m, "Forcibly powering off", reason);
+ log_and_status(m, warn, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
break;
case EMERGENCY_ACTION_POWEROFF_IMMEDIATE:
- log_and_status(m, "Powering off immediately", reason);
+ log_and_status(m, warn, "Powering off immediately", reason);
sync();
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index efbfaf6c6a..2aa1497118 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -22,6 +22,7 @@ typedef enum EmergencyAction {
typedef enum EmergencyActionFlags {
EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+ EMERGENCY_ACTION_WARN = 1 << 1,
} EmergencyActionFlags;
#include "macro.h"
diff --git a/src/core/job.c b/src/core/job.c
index d647aac42d..43ab55ed18 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ emergency_action(u->manager, u->job_timeout_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->job_timeout_reboot_arg, "job timed out");
return 0;
diff --git a/src/core/manager.c b/src/core/manager.c
index ac1b198b21..ee976f70b3 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, 0, NULL,
+ emergency_action(m, m->cad_burst_action, EMERGENCY_ACTION_WARN, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index dc5c89c195..23afa24c77 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ return emergency_action(u->manager, u->start_limit_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->reboot_arg, "unit failed");
}

43
SOURCES/0674-core-return-true-from-cg_is_empty-on-ENOENT.patch Normal file
View File

@ -0,0 +1,43 @@
From 2aaa40e698f66fd10d0a7a71ca39637e24809e97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:48:35 +0200
Subject: [PATCH] core: return true from cg_is_empty* on ENOENT
(cherry picked from commit 1bcf3fc6c57d92927b96cad8c739099b4ceae236)
Related: #1860899
---
src/basic/cgroup-util.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 992b12811a..14abe6e014 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -1177,7 +1177,7 @@ int cg_is_empty(const char *controller, const char *path) {
r = cg_enumerate_processes(controller, path, &f);
if (r == -ENOENT)
- return 1;
+ return true;
if (r < 0)
return r;
@@ -1207,6 +1207,8 @@ int cg_is_empty_recursive(const char *controller, const char *path) {
* via the "populated" attribute of "cgroup.events". */
r = cg_read_event(controller, path, "populated", &t);
+ if (r == -ENOENT)
+ return true;
if (r < 0)
return r;
@@ -1221,7 +1223,7 @@ int cg_is_empty_recursive(const char *controller, const char *path) {
r = cg_enumerate_subgroups(controller, path, &d);
if (r == -ENOENT)
- return 1;
+ return true;
if (r < 0)
return r;

29
SOURCES/0675-macro-define-HAS_FEATURE_ADDRESS_SANITIZER-also-on-g.patch Normal file
View File

@ -0,0 +1,29 @@
From 01da36fadd365329cfd9e2c97eb419c63404b25f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 3 Dec 2018 17:30:19 +0100
Subject: [PATCH] macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc
Let's make differences between compilers more minimal.
(cherry picked from commit be5f77b26e22a806179c7b03e03d424682ed325c)
Related: #2017033
---
src/basic/macro.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 62f2359633..e87026882f 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -56,7 +56,9 @@
#endif
#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
-# if defined(__has_feature)
+# ifdef __SANITIZE_ADDRESS__
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# elif defined(__has_feature)
# if __has_feature(address_sanitizer)
# define HAS_FEATURE_ADDRESS_SANITIZER 1
# endif

104
SOURCES/0676-tests-add-helper-function-to-autodetect-CI-environme.patch Normal file
View File

@ -0,0 +1,104 @@
From 6fbbf368f5a6d181b21f448255d5a4182dc2ab3a Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:00:21 +0100
Subject: [PATCH] tests: add helper function to autodetect CI environments
Sadly there is no standarized way to check if we're running in some
CI environment. So let's try to gather the heuristics in one helper
function.
Loosely cherry-picked from 4eb0c875f8825199a829ddc597874915fbee0a84.
Related: #2017033
---
src/basic/string-util.h | 6 ++++++
src/shared/tests.c | 42 +++++++++++++++++++++++++++++++++++++++++
src/shared/tests.h | 3 +++
3 files changed, 51 insertions(+)
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index 96a9260f93..742b566932 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -32,6 +32,12 @@ static inline bool streq_ptr(const char *a, const char *b) {
return strcmp_ptr(a, b) == 0;
}
+static inline char* strstr_ptr(const char *haystack, const char *needle) {
+ if (!haystack || !needle)
+ return NULL;
+ return strstr(haystack, needle);
+}
+
static inline const char* strempty(const char *s) {
return s ?: "";
}
diff --git a/src/shared/tests.c b/src/shared/tests.c
index 100b62b9b0..1da80d653f 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -7,7 +7,9 @@
#include <util.h>
#include "tests.h"
+#include "env-util.h"
#include "path-util.h"
+#include "strv.h"
char* setup_fake_runtime_dir(void) {
char t[] = "/tmp/fake-xdg-runtime-XXXXXX", *p;
@@ -75,3 +77,43 @@ void test_setup_logging(int level) {
log_parse_environment();
log_open();
}
+
+const char *ci_environment(void) {
+ /* We return a string because we might want to provide multiple bits of information later on: not
+ * just the general CI environment type, but also whether we're sanitizing or not, etc. The caller is
+ * expected to use strstr on the returned value. */
+ static const char *ans = (void*) UINTPTR_MAX;
+ const char *p;
+ int r;
+
+ if (ans != (void*) UINTPTR_MAX)
+ return ans;
+
+ /* We allow specifying the environment with $CITYPE. Nobody uses this so far, but we are ready. */
+ p = getenv("CITYPE");
+ if (!isempty(p))
+ return (ans = p);
+
+ if (getenv_bool("TRAVIS") > 0)
+ return (ans = "travis");
+ if (getenv_bool("SEMAPHORE") > 0)
+ return (ans = "semaphore");
+ if (getenv_bool("GITHUB_ACTIONS") > 0)
+ return (ans = "github-actions");
+ if (getenv("AUTOPKGTEST_ARTIFACTS") || getenv("AUTOPKGTEST_TMP"))
+ return (ans = "autopkgtest");
+
+ FOREACH_STRING(p, "CI", "CONTINOUS_INTEGRATION") {
+ /* Those vars are booleans according to Semaphore and Travis docs:
+ * https://docs.travis-ci.com/user/environment-variables/#default-environment-variables
+ * https://docs.semaphoreci.com/ci-cd-environment/environment-variables/#ci
+ */
+ r = getenv_bool(p);
+ if (r > 0)
+ return (ans = "unknown"); /* Some other unknown thing */
+ if (r == 0)
+ return (ans = NULL);
+ }
+
+ return (ans = NULL);
+}
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 3d696d02fd..4f8f349097 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -5,3 +5,6 @@ char* setup_fake_runtime_dir(void);
bool test_is_running_from_builddir(char **exedir);
const char* get_testdata_dir(void);
void test_setup_logging(int level);
+
+/* Provide a convenient way to check if we're running in CI. */
+const char *ci_environment(void);

48
SOURCES/0677-strv-rework-FOREACH_STRING-macro.patch Normal file
View File

@ -0,0 +1,48 @@
From 3539a72c260063713e4ecba17966ba9a768d8af9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Jan 2019 00:13:38 +0100
Subject: [PATCH] strv: rework FOREACH_STRING() macro
So it's apparently problematic that we use STRV_MAKE() (i.e. a compound
initializer) outside of the {} block we use it in (and that includes
outside of the ({}) block, too). Hence, let's rework the macro to not
need that.
This also makes the macro shorter, which is definitely a good and more
readable. Moreover, it will now complain if the iterator is a "char*"
instead of a "const char*", which is good too.
Fixes: #11394
(cherry picked from commit 66a64081f82dfad90f2f9394a477820a2e3e6510)
Related: #2017033
---
src/basic/strv.h | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/src/basic/strv.h b/src/basic/strv.h
index c1e4c973b6..a09d76706d 100644
--- a/src/basic/strv.h
+++ b/src/basic/strv.h
@@ -148,17 +148,10 @@ void strv_print(char **l);
_found; \
})
-#define FOREACH_STRING(x, ...) \
- for (char **_l = ({ \
- char **_ll = STRV_MAKE(__VA_ARGS__); \
- x = _ll ? _ll[0] : NULL; \
- _ll; \
- }); \
- _l && *_l; \
- x = ({ \
- _l ++; \
- _l[0]; \
- }))
+#define FOREACH_STRING(x, y, ...) \
+ for (char **_l = STRV_MAKE(({ x = y; }), ##__VA_ARGS__); \
+ x; \
+ x = *(++_l))
char **strv_reverse(char **l);
char **strv_shell_escape(char **l, const char *bad);

45
SOURCES/0678-test-systemctl-use-const-char-instead-of-char.patch Normal file
View File

@ -0,0 +1,45 @@
From fdfff847313222eed3306ac605db46d8cbd23212 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:47:24 +0100
Subject: [PATCH] test,systemctl: use "const char*" instead of "char*"
as iterator for FOREACH_STRING()
The macro iterates through literal strings (i.e. constant strings),
hence it's more correct to have the iterator const too.
Based on b2238e380e5f2fbcc129643b3fbd66f2828fd57c.
Related: #2017033
---
src/systemctl/systemctl.c | 3 ++-
src/test/test-execute.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 3dd7c1522f..b967550b97 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7011,7 +7011,8 @@ static int run_editor(char **paths) {
if (r == 0) {
const char **args;
char *editor, **editor_args = NULL;
- char **tmp_path, **original_path, *p;
+ char **tmp_path, **original_path;
+ const char *p;
size_t n_editor_args = 0, i = 1;
size_t argc;
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 5303652b93..7581d5ed68 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -146,7 +146,7 @@ invalid:
}
static bool is_inaccessible_available(void) {
- char *p;
+ const char *p;
FOREACH_STRING(p,
"/run/systemd/inaccessible/reg",

27
SOURCES/0679-ci-pass-the-GITHUB_ACTIONS-variable-to-the-CentOS-co.patch Normal file
View File

@ -0,0 +1,27 @@
From a8fd8d157c832ddad34a9a3e372579c58261f7fb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:59:41 +0100
Subject: [PATCH] ci: pass the $GITHUB_ACTIONS variable to the CentOS container
so we can properly skip tests which are problematic when running in GH
Actions.
Related: #2017033
rhel-only
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 814870e7a0..c1311310fb 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -131,7 +131,7 @@ for phase in "${PHASES[@]}"; do
# Pull a Docker image and start a new container
docker pull quay.io/centos/centos:$CENTOS_RELEASE
info "Starting container $CONT_NAME"
- $DOCKER_RUN -v $REPO_ROOT:/build:rw \
+ $DOCKER_RUN -v $REPO_ROOT:/build:rw -e GITHUB_ACTIONS="$GITHUB_ACTIONS" \
-w /build --privileged=true --name $CONT_NAME \
-dit --net=host quay.io/centos/centos:$CENTOS_RELEASE /sbin/init

135
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 51%{?dist}
Release: 54%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -686,28 +686,49 @@ Patch0633: 0633-logind-improve-error-propagation-of-user_check_linge.patch
Patch0634: 0634-logind-automatically-GC-lingering-users-for-who-now-.patch
Patch0635: 0635-pam_systemd-simplify-code-which-with-we-set-environm.patch
Patch0636: 0636-logind-validate-run-user-1000-before-we-set-it.patch
Patch0637: 0637-define-newly-needed-constants.patch
Patch0638: 0638-sd-netlink-support-IFLA_PROP_LIST-and-IFLA_ALT_IFNAM.patch
Patch0639: 0639-sd-netlink-introduce-sd_netlink_message_read_strv.patch
Patch0640: 0640-sd-netlink-introduce-sd_netlink_message_append_strv.patch
Patch0641: 0641-test-add-a-test-for-sd_netlink_message_-append-read-.patch
Patch0642: 0642-util-introduce-ifname_valid_full.patch
Patch0643: 0643-rename-function.patch
Patch0644: 0644-udev-support-AlternativeName-setting-in-.link-file.patch
Patch0645: 0645-network-make-Name-in-Match-support-alternative-names.patch
Patch0646: 0646-udev-extend-the-length-of-ID_NET_NAME_XXX-to-ALTIFNA.patch
Patch0647: 0647-udev-do-not-fail-if-kernel-does-not-support-alternat.patch
Patch0648: 0648-udev-introduce-AlternativeNamesPolicy-setting.patch
Patch0649: 0649-network-set-AlternativeNamesPolicy-in-99-default.lin.patch
Patch0650: 0650-random-util-call-initialize_srand-after-fork.patch
Patch0651: 0651-sd-netlink-introduce-rtnl_resolve_link_alternative_n.patch
Patch0652: 0652-udev-sort-alternative-names.patch
Patch0653: 0653-netlink-introduce-rtnl_get-delete_link_alternative_n.patch
Patch0654: 0654-netlink-do-not-fail-when-new-interface-name-is-alrea.patch
Patch0655: 0655-udev-do-not-try-to-reassign-alternative-names.patch
Patch0656: 0656-Fix-LGTM-build.patch
Patch0657: 0657-sd-hwdb-allow-empty-properties.patch
Patch0658: 0658-Update-hwdb.patch
Patch0637: 0637-sd-hwdb-allow-empty-properties.patch
Patch0638: 0638-Update-hwdb.patch
Patch0639: 0639-Disable-libpitc-to-fix-CentOS-Stream-CI.patch
Patch0640: 0640-rpm-Fix-typo-in-_environmentdir.patch
Patch0641: 0641-rpm-Add-misspelled-_environmentdir-macro-for-tempora.patch
Patch0642: 0642-rpm-emit-warning-when-macro-with-typo-is-used.patch
Patch0643: 0643-Remove-unintended-additions-to-systemd-analyze-man-p.patch
Patch0644: 0644-Disable-iptables-for-CI.patch
Patch0645: 0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch
Patch0646: 0646-core-service-also-check-path-in-exec-commands.patch
Patch0647: 0647-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch
Patch0648: 0648-basic-add-vmware-hypervisor-detection-from-device-tr.patch
Patch0649: 0649-pam-do-not-require-a-non-expired-password-for-user-..patch
Patch0650: 0650-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch
Patch0651: 0651-process-util-explicitly-handle-processes-lacking-par.patch
Patch0652: 0652-errno-util-add-ERRNO_IS_PRIVILEGE-helper.patch
Patch0653: 0653-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch
Patch0654: 0654-test-process-util-also-add-EROFS-to-the-list-of-good.patch
Patch0655: 0655-journal-refresh-cached-credentials-of-stdout-streams.patch
Patch0656: 0656-util-lib-introduce-HAS_FEATURE_ADDRESS_SANITIZER.patch
Patch0657: 0657-ci-skip-test-execute-on-GH-Actions-under-ASan.patch
Patch0658: 0658-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch
Patch0659: 0659-test-accept-that-char-device-0-0-can-now-be-created-.patch
Patch0660: 0660-meson-do-not-fail-if-rsync-is-not-installed-with-mes.patch
Patch0661: 0661-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch
Patch0662: 0662-sd-event-take-ref-on-event-loop-object-before-dispat.patch
Patch0663: 0663-core-consider-service-with-no-start-command-immediat.patch
Patch0664: 0664-man-move-description-of-Action-modes-to-FailureActio.patch
Patch0665: 0665-core-define-exit-and-exit-force-actions-for-user-uni.patch
Patch0666: 0666-core-accept-system-mode-emergency-action-specifiers-.patch
Patch0667: 0667-core-allow-services-with-no-commands-but-SuccessActi.patch
Patch0668: 0668-core-limit-service-watchdogs-no-to-actual-watchdog-c.patch
Patch0669: 0669-units-use-SuccessAction-exit-force-in-systemd-exit.s.patch
Patch0670: 0670-units-use-SuccessAction-reboot-force-in-systemd-rebo.patch
Patch0671: 0671-units-use-SuccessAction-poweroff-force-in-systemd-po.patch
Patch0672: 0672-units-allow-and-use-SuccessAction-exit-force-in-syst.patch
Patch0673: 0673-core-do-not-warn-about-mundane-emergency-actions.patch
Patch0674: 0674-core-return-true-from-cg_is_empty-on-ENOENT.patch
Patch0675: 0675-macro-define-HAS_FEATURE_ADDRESS_SANITIZER-also-on-g.patch
Patch0676: 0676-tests-add-helper-function-to-autodetect-CI-environme.patch
Patch0677: 0677-strv-rework-FOREACH_STRING-macro.patch
Patch0678: 0678-test-systemctl-use-const-char-instead-of-char.patch
Patch0679: 0679-ci-pass-the-GITHUB_ACTIONS-variable-to-the-CentOS-co.patch
%ifarch %{ix86} x86_64 aarch64
@ -1335,29 +1356,51 @@ fi
%files tests -f .file-list-tests
%changelog
* Thu Sep 23 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-51
- define newly needed constants (#1850986)
- sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME attributes (#1850986)
- sd-netlink: introduce sd_netlink_message_read_strv() (#1850986)
- sd-netlink: introduce sd_netlink_message_append_strv() (#1850986)
- test: add a test for sd_netlink_message_{append,read}_strv() (#1850986)
- util: introduce ifname_valid_full() (#1850986)
- rename function (#1850986)
- udev: support AlternativeName= setting in .link file (#1850986)
- network: make Name= in [Match] support alternative names of interfaces (#1850986)
- udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ (#1850986)
- udev: do not fail if kernel does not support alternative names (#1850986)
- udev: introduce AlternativeNamesPolicy= setting (#1850986)
- network: set AlternativeNamesPolicy= in 99-default.link (#1850986)
- random-util: call initialize_srand() after fork() (#1850986)
- sd-netlink: introduce rtnl_resolve_link_alternative_names() (#1850986)
- udev: sort alternative names (#1850986)
- netlink: introduce rtnl_get/delete_link_alternative_names() (#1850986)
- netlink: do not fail when new interface name is already used as an alternative name (#1850986)
- udev: do not try to reassign alternative names (#1850986)
- Fix LGTM build (#1850986)
- sd-hwdb: allow empty properties (#1930568)
- Update hwdb (#1930568)
* Wed Dec 01 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-54
- core: consider service with no start command immediately started (#1860899)
- man: move description of *Action= modes to FailureAction=/SuccessAction= (#1860899)
- core: define "exit" and "exit-force" actions for user units and only accept that (#1860899)
- core: accept system mode emergency action specifiers with a warning (#1860899)
- core: allow services with no commands but SuccessAction set (#1860899)
- core: limit service-watchdogs=no to actual "watchdog" commands (#1860899)
- units: use SuccessAction=exit-force in systemd-exit.service (#1860899)
- units: use SuccessAction=reboot-force in systemd-reboot.service (#1860899)
- units: use SuccessAction=poweroff-force in systemd-poweroff.service (#1860899)
- units: allow and use SuccessAction=exit-force in system systemd-exit.service (#1860899)
- core: do not "warn" about mundane emergency actions (#1860899)
- core: return true from cg_is_empty* on ENOENT (#1860899)
- macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc (#2017033)
- tests: add helper function to autodetect CI environments (#2017033)
- strv: rework FOREACH_STRING() macro (#2017033)
- test,systemctl: use "const char*" instead of "char*" (#2017033)
- ci: pass the $GITHUB_ACTIONS variable to the CentOS container (#2017033)
* Wed Nov 24 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-53
- sd-hwdb: allow empty properties (#2005009)
- Update hwdb (#2005009)
- Disable libpitc to fix CentOS Stream CI (#2017033)
- rpm: Fix typo in %_environmentdir (#2018024)
- rpm: Add misspelled %_environmentdir macro for temporary compatibility (#2018024)
- rpm: emit warning when macro with typo is used (#2018024)
- Remove unintended additions to systemd-analyze man page (#2004765)
- core: fix SIGABRT on empty exec command argv (#2020239)
- core/service: also check path in exec commands (#2020239)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (#2015057)
- basic: add vmware hypervisor detection from device-tree (#1959150)
- pam: do not require a non-expired password for user@.service (#1961746)
- udev rules: add rule to create /dev/ptp_hyperv (#1991834)
- process-util: explicitly handle processes lacking parents in get_process_ppid() (#1977569)
- errno-util: add ERRNO_IS_PRIVILEGE() helper (#1977569)
- procfs-util: fix confusion wrt. quantity limit and maximum value (#1977569)
- test-process-util: also add EROFS to the list of "good" errors (#1977569)
- journal: refresh cached credentials of stdout streams (#1931806)
- util-lib: introduce HAS_FEATURE_ADDRESS_SANITIZER (#2017033)
- ci: skip test-execute on GH Actions under ASan (#2017033)
- test-seccomp: accept ENOSYS from sysctl(2) too (#2017033)
- test: accept that char device 0/0 can now be created witout privileges (#2017033)
- meson: do not fail if rsync is not installed with meson 0.57.2 (#2017033)
- pid1: fix free of uninitialized pointer in unit_fail_if_noncanonical() (#1970945)
- sd-event: take ref on event loop object before dispatching event sources (#1970945)
* Fri Aug 27 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-50
- Added option --check-inhibitors for non-tty usage (#1269726)