diff --git a/0227-systemd-Support-OOMPolicy-in-scope-units.patch b/0227-systemd-Support-OOMPolicy-in-scope-units.patch new file mode 100644 index 0000000..49e94dd --- /dev/null +++ b/0227-systemd-Support-OOMPolicy-in-scope-units.patch @@ -0,0 +1,172 @@ +From 97e7419df4912abc62ca379afbb6721b008fbf87 Mon Sep 17 00:00:00 2001 +From: Mark Laws +Date: Mon, 14 Nov 2022 21:48:09 +0900 +Subject: [PATCH] systemd: Support OOMPolicy in scope units + +Closes #25376. + +(cherry picked from commit 5fa098357e0ea9f05b00ed5b04a36ef9f64037db) + +Resolves: #2176918 +--- + man/org.freedesktop.systemd1.xml | 6 ++++++ + src/core/dbus-scope.c | 6 ++++++ + src/core/scope.c | 19 ++++++++++++++++--- + src/core/scope.h | 2 ++ + src/shared/bus-unit-util.c | 3 +++ + 5 files changed, 33 insertions(+), 3 deletions(-) + +diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml +index c2f70870c7..40510c43eb 100644 +--- a/man/org.freedesktop.systemd1.xml ++++ b/man/org.freedesktop.systemd1.xml +@@ -10150,6 +10150,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + readonly t RuntimeMaxUSec = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly t RuntimeRandomizedExtraUSec = ...; ++ @org.freedesktop.DBus.Property.EmitsChangedSignal("const") ++ readonly s OOMPolicy = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s Slice = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") +@@ -10324,6 +10326,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +@@ -10506,6 +10510,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + + ++ ++ + + + +diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c +index 7d2ceb0765..7b07bb8bb9 100644 +--- a/src/core/dbus-scope.c ++++ b/src/core/dbus-scope.c +@@ -5,6 +5,7 @@ + #include "bus-get-properties.h" + #include "dbus-cgroup.h" + #include "dbus-kill.h" ++#include "dbus-manager.h" + #include "dbus-scope.h" + #include "dbus-unit.h" + #include "dbus-util.h" +@@ -39,6 +40,7 @@ int bus_scope_method_abandon(sd_bus_message *message, void *userdata, sd_bus_err + } + + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, scope_result, ScopeResult); ++static BUS_DEFINE_SET_TRANSIENT_PARSE(oom_policy, OOMPolicy, oom_policy_from_string); + + const sd_bus_vtable bus_scope_vtable[] = { + SD_BUS_VTABLE_START(0), +@@ -47,6 +49,7 @@ const sd_bus_vtable bus_scope_vtable[] = { + SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("RuntimeRandomizedExtraUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_rand_extra_usec), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("OOMPolicy", "s", bus_property_get_oom_policy, offsetof(Scope, oom_policy), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_SIGNAL("RequestStop", NULL, 0), + SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_VTABLE_END +@@ -77,6 +80,9 @@ static int bus_scope_set_transient_property( + if (streq(name, "RuntimeRandomizedExtraUSec")) + return bus_set_transient_usec(u, name, &s->runtime_rand_extra_usec, message, flags, error); + ++ if (streq(name, "OOMPolicy")) ++ return bus_set_transient_oom_policy(u, name, &s->oom_policy, message, flags, error); ++ + if (streq(name, "PIDs")) { + _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; + unsigned n = 0; +diff --git a/src/core/scope.c b/src/core/scope.c +index 54a6cc63e4..e2fc4cc995 100644 +--- a/src/core/scope.c ++++ b/src/core/scope.c +@@ -43,6 +43,7 @@ static void scope_init(Unit *u) { + s->timeout_stop_usec = u->manager->default_timeout_stop_usec; + u->ignore_on_isolate = true; + s->user = s->group = NULL; ++ s->oom_policy = _OOM_POLICY_INVALID; + } + + static void scope_done(Unit *u) { +@@ -194,6 +195,11 @@ static int scope_add_extras(Scope *s) { + if (r < 0) + return r; + ++ if (s->oom_policy < 0) ++ s->oom_policy = s->cgroup_context.delegate ? OOM_CONTINUE : UNIT(s)->manager->default_oom_policy; ++ ++ s->cgroup_context.memory_oom_group = s->oom_policy == OOM_KILL; ++ + return scope_add_default_dependencies(s); + } + +@@ -286,11 +292,13 @@ static void scope_dump(Unit *u, FILE *f, const char *prefix) { + "%sScope State: %s\n" + "%sResult: %s\n" + "%sRuntimeMaxSec: %s\n" +- "%sRuntimeRandomizedExtraSec: %s\n", ++ "%sRuntimeRandomizedExtraSec: %s\n" ++ "%sOOMPolicy: %s\n", + prefix, scope_state_to_string(s->state), + prefix, scope_result_to_string(s->result), + prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC), +- prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC)); ++ prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC), ++ prefix, oom_policy_to_string(s->oom_policy)); + + cgroup_context_dump(UNIT(s), f, prefix); + kill_context_dump(&s->kill_context, f, prefix); +@@ -635,11 +643,16 @@ static void scope_notify_cgroup_oom_event(Unit *u, bool managed_oom) { + else + log_unit_debug(u, "Process of control group was killed by the OOM killer."); + +- /* This will probably need to be modified when scope units get an oom-policy */ ++ if (s->oom_policy == OOM_CONTINUE) ++ return; ++ + switch (s->state) { + + case SCOPE_START_CHOWN: + case SCOPE_RUNNING: ++ scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_OOM_KILL); ++ break; ++ + case SCOPE_STOP_SIGTERM: + scope_enter_signal(s, SCOPE_STOP_SIGKILL, SCOPE_FAILURE_OOM_KILL); + break; +diff --git a/src/core/scope.h b/src/core/scope.h +index 6a228f1177..c9574a32c2 100644 +--- a/src/core/scope.h ++++ b/src/core/scope.h +@@ -38,6 +38,8 @@ struct Scope { + + char *user; + char *group; ++ ++ OOMPolicy oom_policy; + }; + + extern const UnitVTable scope_vtable; +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index b850a28e85..922011eccd 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -2142,6 +2142,9 @@ static int bus_append_scope_property(sd_bus_message *m, const char *field, const + if (STR_IN_SET(field, "User", "Group")) + return bus_append_string(m, field, eq); + ++ if (streq(field, "OOMPolicy")) ++ return bus_append_string(m, field, eq); ++ + return 0; + } + diff --git a/0228-systemd-Default-to-OOMPolicy-continue-for-login-sess.patch b/0228-systemd-Default-to-OOMPolicy-continue-for-login-sess.patch new file mode 100644 index 0000000..5050745 --- /dev/null +++ b/0228-systemd-Default-to-OOMPolicy-continue-for-login-sess.patch @@ -0,0 +1,33 @@ +From 60f4b73b48b7e9d3f734ecdf63fa5ba9ab3c2338 Mon Sep 17 00:00:00 2001 +From: Mark Laws +Date: Thu, 24 Nov 2022 14:56:29 +0900 +Subject: [PATCH] systemd: Default to OOMPolicy=continue for login session + scopes + +If the kernel OOM kills a process under a login session scope, we don't want to +kill the user's other processes for no good reason. + +(cherry picked from commit 98b6c94b577205d31b019286c2a84cc9af244ea0) + +Resolves: #2176918 +--- + src/login/logind-dbus.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 86a5decf3f..2ab26b9c6d 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -3970,6 +3970,12 @@ int manager_start_scope( + if (r < 0) + return r; + ++ /* For login session scopes, if a process is OOM killed by the kernel, *don't* terminate the rest of ++ the scope */ ++ r = sd_bus_message_append(m, "(sv)", "OOMPolicy", "s", "continue"); ++ if (r < 0) ++ return r; ++ + /* disable TasksMax= for the session scope, rely on the slice setting for it */ + r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", UINT64_MAX); + if (r < 0) diff --git a/0229-man-rework-description-of-OOMPolicy-a-bit.patch b/0229-man-rework-description-of-OOMPolicy-a-bit.patch new file mode 100644 index 0000000..b830a07 --- /dev/null +++ b/0229-man-rework-description-of-OOMPolicy-a-bit.patch @@ -0,0 +1,48 @@ +From 1e066581a0bdfe5848dfc701e84e5d7d431699f5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 13 Dec 2022 15:25:55 +0100 +Subject: [PATCH] man: rework description of OOMPolicy= a bit + +One had to read to the very end of the long description to notice that +the setting is actually primarily intended for oomd. So let's mention oomd +right at the beginning. + +(cherry picked from commit 100d37d4f3111a97f51e37b51eea9243cb037b61) + +Resolves: #2176918 +--- + man/systemd.service.xml | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/man/systemd.service.xml b/man/systemd.service.xml +index 8d8dd77689..cae520ceab 100644 +--- a/man/systemd.service.xml ++++ b/man/systemd.service.xml +@@ -1123,17 +1123,18 @@ + + OOMPolicy= + +- Configure the out-of-memory (OOM) kernel killer policy. Note that the userspace OOM ++ Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM + killer +- systemd-oomd.service8 +- is a more flexible solution that aims to prevent out-of-memory situations for the userspace, not just +- the kernel. +- +- On Linux, when memory becomes scarce to the point that the kernel has trouble allocating memory +- for itself, it might decide to kill a running process in order to free up memory and reduce memory +- pressure. This setting takes one of continue, stop or ++ systemd-oomd.service8. ++ On Linux, when memory becomes scarce to the point that the kernel has trouble allocating memory for ++ itself, it might decide to kill a running process in order to free up memory and reduce memory ++ pressure. Note that systemd-oomd.service is a more flexible solution that aims ++ to prevent out-of-memory situations for the userspace too, not just the kernel, by attempting to ++ terminate services earlier, before the kernel would have to act. ++ ++ This setting takes one of continue, stop or + kill. If set to continue and a process of the service is +- killed by the kernel's OOM killer this is logged but the service continues running. If set to ++ killed by the OOM killer, this is logged but the service continues running. If set to + stop the event is logged but the service is terminated cleanly by the service + manager. If set to kill and one of the service's processes is killed by the OOM + killer the kernel is instructed to kill all remaining processes of the service too, by setting the diff --git a/0230-core-man-add-missing-integration-of-OOMPolicy-in-sco.patch b/0230-core-man-add-missing-integration-of-OOMPolicy-in-sco.patch new file mode 100644 index 0000000..2dceff9 --- /dev/null +++ b/0230-core-man-add-missing-integration-of-OOMPolicy-in-sco.patch @@ -0,0 +1,93 @@ +From 53464ce69ec5202b9abfb35ddbd58c61e2e0ba18 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 13 Dec 2022 15:26:58 +0100 +Subject: [PATCH] core,man: add missing integration of OOMPolicy= in scopes + +Fixup for 5fa098357e0ea9f05b00ed5b04a36ef9f64037db. + +(cherry picked from commit d5a1657d5a78e9a101fa91e60921bed54ec162b8) + +Resolves: #2176918 +--- + man/systemd.scope.xml | 2 ++ + man/systemd.service.xml | 22 ++++++++++------------ + src/core/load-fragment-gperf.gperf.in | 1 + + 3 files changed, 13 insertions(+), 12 deletions(-) + +diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml +index 17d2700069..95969bf097 100644 +--- a/man/systemd.scope.xml ++++ b/man/systemd.scope.xml +@@ -105,6 +105,8 @@ + of scope units are the following: + + ++ ++ + + RuntimeMaxSec= + +diff --git a/man/systemd.service.xml b/man/systemd.service.xml +index cae520ceab..1c9e59f722 100644 +--- a/man/systemd.service.xml ++++ b/man/systemd.service.xml +@@ -1120,7 +1120,7 @@ + above. + + +- ++ + OOMPolicy= + + Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM +@@ -1133,18 +1133,17 @@ + terminate services earlier, before the kernel would have to act. + + This setting takes one of continue, stop or +- kill. If set to continue and a process of the service is +- killed by the OOM killer, this is logged but the service continues running. If set to +- stop the event is logged but the service is terminated cleanly by the service +- manager. If set to kill and one of the service's processes is killed by the OOM +- killer the kernel is instructed to kill all remaining processes of the service too, by setting the ++ kill. If set to continue and a process in the unit is ++ killed by the OOM killer, this is logged but the unit continues running. If set to ++ stop the event is logged but the unit is terminated cleanly by the service ++ manager. If set to kill and one of the unit's processes is killed by the OOM ++ killer the kernel is instructed to kill all remaining processes of the unit too, by setting the + memory.oom.group attribute to 1; also see kernel documentation. +- ++ url="https://docs.kernel.org/admin-guide/cgroup-v2.html">kernel documentation. + + Defaults to the setting DefaultOOMPolicy= in + systemd-system.conf5 +- is set to, except for services where Delegate= is turned on, where it defaults to ++ is set to, except for units where Delegate= is turned on, where it defaults to + continue. + + Use the OOMScoreAdjust= setting to configure whether processes of the unit +@@ -1154,10 +1153,9 @@ + details. + + This setting also applies to systemd-oomd. Similarly to the kernel OOM +- kills, this setting determines the state of the service after systemd-oomd kills a +- cgroup associated with the service. ++ kills, this setting determines the state of the unit after systemd-oomd kills a ++ cgroup associated with it. + +- + + + Check +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 7675b7bb2e..81a5971339 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -555,6 +555,7 @@ Path.TriggerLimitBurst, config_parse_unsigned, + Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec) + Scope.RuntimeRandomizedExtraSec, config_parse_sec, 0, offsetof(Scope, runtime_rand_extra_usec) + Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec) ++Scope.OOMPolicy, config_parse_oom_policy, 0, offsetof(Scope, oom_policy) + {# The [Install] section is ignored here #} + Install.Alias, NULL, 0, 0 + Install.WantedBy, NULL, 0, 0 diff --git a/0231-meson-Store-fuzz-tests-in-structured-way.patch b/0231-meson-Store-fuzz-tests-in-structured-way.patch new file mode 100644 index 0000000..1b50089 --- /dev/null +++ b/0231-meson-Store-fuzz-tests-in-structured-way.patch @@ -0,0 +1,161 @@ +From d2bab1cb6c0d7242dbaca55d507f886f7ec0fa6c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Thu, 6 Oct 2022 19:06:08 +0200 +Subject: [PATCH] meson: Store fuzz tests in structured way + +Put fuzzer tests into dictionary that maps `fuzzer->list of inputs` +instead of the flat list. +This is just refactoring with no intentional . + +(cherry picked from commit 7db5761ddaa53eba197b5abc485e3290f47c661f) + +Related: #2176918 +--- + meson.build | 69 ++++++++++++++++++------------------------- + test/fuzz/meson.build | 22 ++++++++++---- + 2 files changed, 45 insertions(+), 46 deletions(-) + +diff --git a/meson.build b/meson.build +index 35704947e3..dc7388cfe3 100644 +--- a/meson.build ++++ b/meson.build +@@ -4013,19 +4013,14 @@ foreach tuple : fuzzers + build_by_default : fuzzer_build) + fuzzer_exes += exe + +- if want_tests != 'false' ++ if want_tests != 'false' and name in fuzz_regression_tests + # Run the fuzz regression tests without any sanitizers enabled. + # Additional invocations with sanitizers may be added below. +- foreach p : fuzz_regression_tests +- b = p.split('/')[-2] +- c = p.split('/')[-1] +- +- if b == name +- test('@0@_@1@'.format(b, c), +- exe, +- suite : 'fuzzers', +- args : [project_source_root / p]) +- endif ++ foreach fuzz_in : fuzz_regression_tests[name] ++ test('@0@_@1@'.format(name, fuzz_in), ++ exe, ++ suite : 'fuzzers', ++ args : [project_source_root / fuzz_testsdir / name / fuzz_in]) + endforeach + endif + endforeach +@@ -4128,45 +4123,39 @@ endif + ############################################################ + + # Enable tests for all supported sanitizers +-foreach tuple : sanitizers ++foreach tuple : fuzz_sanitizers + sanitizer = tuple[0] + build = tuple[1] + + if cc.has_link_argument('-fsanitize=@0@'.format(sanitizer)) +- prev = '' +- foreach p : fuzz_regression_tests +- b = p.split('/')[-2] +- c = p.split('/')[-1] +- +- name = '@0@:@1@'.format(b, sanitizer) +- +- if name != prev +- if want_tests == 'false' +- message('Not compiling @0@ because tests is set to false'.format(name)) +- elif fuzz_tests +- exe = custom_target( +- name, +- output : name, +- depends : build, +- command : [ln, '-fs', +- build.full_path() / b, +- '@OUTPUT@'], +- build_by_default : true) +- else +- message('Not compiling @0@ because fuzz-tests is set to false'.format(name)) +- endif ++ foreach fuzzer, fuzz_ins : fuzz_regression_tests ++ name = '@0@:@1@'.format(fuzzer, sanitizer) ++ if want_tests == 'false' ++ message('Not compiling @0@ because tests is set to false'.format(name)) ++ continue + endif +- prev = name +- +- if fuzz_tests +- test('@0@_@1@_@2@'.format(b, c, sanitizer), ++ if not fuzz_tests ++ message('Not compiling @0@ because fuzz-tests is set to false'.format(name)) ++ continue ++ endif ++ exe = custom_target( ++ name, ++ output : name, ++ depends : build, ++ command : [ln, '-fs', ++ build.full_path() / fuzzer, ++ '@OUTPUT@'], ++ build_by_default : true) ++ ++ foreach fuzz_in : fuzz_ins ++ test('@0@_@1@_@2@'.format(fuzzer, fuzz_in, sanitizer), + env, + suite : 'fuzz+san', + env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'], + timeout : 60, + args : [exe.full_path(), +- project_source_root / p]) +- endif ++ project_source_root / fuzz_testsdir / fuzzer / fuzz_in]) ++ endforeach + endforeach + endif + endforeach +diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build +index 80362d4154..82738fd1b7 100644 +--- a/test/fuzz/meson.build ++++ b/test/fuzz/meson.build +@@ -16,24 +16,34 @@ sanitize_address_undefined = custom_target( + ' '.join(cc.cmd_array()), + cxx_cmd]) + +-sanitizers = [['address,undefined', sanitize_address_undefined]] ++fuzz_sanitizers = [['address,undefined', sanitize_address_undefined]] ++fuzz_testsdir = 'test/fuzz' + + if git.found() and fs.exists(project_source_root / '.git') + out = run_command(env, '-u', 'GIT_WORK_TREE', + git, '--git-dir=@0@/.git'.format(project_source_root), +- 'ls-files', ':/test/fuzz/*/*', ++ 'ls-files', ':/@0@/*/*'.format(fuzz_testsdir), + check: true) + else +- out = run_command(sh, '-c', 'cd "@0@"; echo test/fuzz/*/*'.format(project_source_root), check: true) ++ out = run_command(sh, '-c', 'cd "@0@"; echo @1@/*/*'.format(project_source_root, fuzz_testsdir), check: true) + endif + +-fuzz_regression_tests = [] ++fuzz_regression_tests = {} + foreach p : out.stdout().split() + # Remove the last entry which is ''. + # + # Also, backslashes get mangled, so skip test. See + # https://github.com/mesonbuild/meson/issues/1564. +- if not p.contains('\\') +- fuzz_regression_tests += p ++ if p.contains('\\') ++ continue + endif ++ fuzzer = p.split('/')[-2] ++ fuzz_in = p.split('/')[-1] ++ if fuzzer not in fuzz_regression_tests ++ fuzz_regression_tests += {fuzzer: []} ++ endif ++ # Meson parser provision for: fuzz_regression_tests[fuzzer] += [fuzz_in] ++ l = fuzz_regression_tests[fuzzer] ++ l += [fuzz_in] ++ fuzz_regression_tests += {fuzzer: l} + endforeach diff --git a/0232-meson-Generate-fuzzer-inputs-with-directives.patch b/0232-meson-Generate-fuzzer-inputs-with-directives.patch new file mode 100644 index 0000000..1d5d2bb --- /dev/null +++ b/0232-meson-Generate-fuzzer-inputs-with-directives.patch @@ -0,0 +1,2560 @@ +From fd7d93a34d8ef8a194544dba9763e8d58a805641 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Thu, 6 Oct 2022 16:48:01 +0200 +Subject: [PATCH] meson: Generate fuzzer inputs with directives + +The lists of directives for fuzzer tests are maintained manually in the +repo. There is a tools/check-directives.sh script that runs during test +phase and reports stale directive lists. +Let's rework the script into a generator so that these directive files +are created on-the-flight and needn't be updated whenever a unit file +directives change. The scripts is rewritten in Python to get rid of gawk +dependency and each generated file is a separate meson target so that +incremental builds refresh what is just necessary (and parallelize +(negligible)). + +Note: test/fuzz/fuzz-unit-file/directives-all.slice is kept since there +is not automated way to generate it (it is not covered by the check +script neither). + +(cherry picked from commit 7e343b530e68c55f868a4a8261824ca543319a52) + +Related: #2176918 +--- + meson.build | 31 +- + test/fuzz/fuzz-link-parser/directives.link | 97 --- + .../fuzz/fuzz-netdev-parser/directives.netdev | 258 -------- + test/fuzz/fuzz-network-parser/directives | 595 ------------------ + test/fuzz/fuzz-unit-file/directives.automount | 6 - + test/fuzz/fuzz-unit-file/directives.mount | 216 ------- + test/fuzz/fuzz-unit-file/directives.path | 12 - + test/fuzz/fuzz-unit-file/directives.scope | 68 -- + test/fuzz/fuzz-unit-file/directives.service | 370 ----------- + test/fuzz/fuzz-unit-file/directives.slice | 58 -- + test/fuzz/fuzz-unit-file/directives.socket | 266 -------- + test/fuzz/fuzz-unit-file/directives.swap | 210 ------- + test/fuzz/fuzz-unit-file/directives.timer | 17 - + test/fuzz/generate-directives.py | 26 + + test/fuzz/meson.build | 50 +- + tools/check-directives.sh | 72 --- + 16 files changed, 87 insertions(+), 2265 deletions(-) + delete mode 100644 test/fuzz/fuzz-link-parser/directives.link + delete mode 100644 test/fuzz/fuzz-netdev-parser/directives.netdev + delete mode 100644 test/fuzz/fuzz-network-parser/directives + delete mode 100644 test/fuzz/fuzz-unit-file/directives.automount + delete mode 100644 test/fuzz/fuzz-unit-file/directives.mount + delete mode 100644 test/fuzz/fuzz-unit-file/directives.path + delete mode 100644 test/fuzz/fuzz-unit-file/directives.scope + delete mode 100644 test/fuzz/fuzz-unit-file/directives.service + delete mode 100644 test/fuzz/fuzz-unit-file/directives.slice + delete mode 100644 test/fuzz/fuzz-unit-file/directives.socket + delete mode 100644 test/fuzz/fuzz-unit-file/directives.swap + delete mode 100644 test/fuzz/fuzz-unit-file/directives.timer + create mode 100644 test/fuzz/generate-directives.py + delete mode 100755 tools/check-directives.sh + +diff --git a/meson.build b/meson.build +index dc7388cfe3..5b2e7ca172 100644 +--- a/meson.build ++++ b/meson.build +@@ -3997,6 +3997,7 @@ foreach tuple : fuzzers + else + sources += 'src/fuzz/fuzz-main.c' + endif ++ sources += fuzz_generated_directives + + # FIXME: Use fs.stem() with meson >= 0.54.0 + name = '@0@'.format(sources[0]).split('/')[-1].split('.')[0] +@@ -4016,11 +4017,14 @@ foreach tuple : fuzzers + if want_tests != 'false' and name in fuzz_regression_tests + # Run the fuzz regression tests without any sanitizers enabled. + # Additional invocations with sanitizers may be added below. +- foreach fuzz_in : fuzz_regression_tests[name] ++ foreach tuple : fuzz_regression_tests[name] ++ fuzz_dir = tuple[0] ++ fuzz_in = tuple[1] + test('@0@_@1@'.format(name, fuzz_in), + exe, + suite : 'fuzzers', +- args : [project_source_root / fuzz_testsdir / name / fuzz_in]) ++ args : [fuzz_dir != '' ? project_source_root / fuzz_dir / name / fuzz_in ++ : fuzz_generated_in_dir / '@0@_@1@'.format(name, fuzz_in)]) + endforeach + endif + endforeach +@@ -4109,19 +4113,6 @@ foreach exec : public_programs + endif + endforeach + +-############################################################ +- +-check_directives_sh = find_program('tools/check-directives.sh') +- +-if want_tests != 'false' +- test('check-directives', +- check_directives_sh, +- suite : 'dist-check', +- args : [project_source_root, project_build_root]) +-endif +- +-############################################################ +- + # Enable tests for all supported sanitizers + foreach tuple : fuzz_sanitizers + sanitizer = tuple[0] +@@ -4141,20 +4132,24 @@ foreach tuple : fuzz_sanitizers + exe = custom_target( + name, + output : name, +- depends : build, ++ depends : [build] + fuzz_generated_directives, + command : [ln, '-fs', + build.full_path() / fuzzer, + '@OUTPUT@'], + build_by_default : true) + +- foreach fuzz_in : fuzz_ins ++ foreach tuple : fuzz_ins ++ fuzz_dir = tuple[0] ++ fuzz_in = tuple[1] ++ + test('@0@_@1@_@2@'.format(fuzzer, fuzz_in, sanitizer), + env, + suite : 'fuzz+san', + env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'], + timeout : 60, + args : [exe.full_path(), +- project_source_root / fuzz_testsdir / fuzzer / fuzz_in]) ++ fuzz_dir != '' ? project_source_root / fuzz_dir / fuzzer / fuzz_in ++ : fuzz_generated_in_dir / '@0@_@1@'.format(fuzzer, fuzz_in)]) + endforeach + endforeach + endif +diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link +deleted file mode 100644 +index a1c797a297..0000000000 +--- a/test/fuzz/fuzz-link-parser/directives.link ++++ /dev/null +@@ -1,97 +0,0 @@ +-[Match] +-Architecture= +-Credential= +-Driver= +-Firmware= +-Host= +-KernelCommandLine= +-KernelVersion= +-Kind= +-MACAddress= +-OriginalName= +-Path= +-PermanentMACAddress= +-Property= +-Type= +-Virtualization= +-[Link] +-Description= +-MACAddressPolicy= +-MACAddress= +-NamePolicy= +-Name= +-AlternativeNamesPolicy= +-AlternativeName= +-Alias= +-TransmitQueues= +-ReceiveQueues= +-TransmitQueueLength= +-MTUBytes= +-BitsPerSecond= +-Duplex= +-AutoNegotiation= +-WakeOnLan= +-WakeOnLanPassword= +-Port= +-ReceiveChecksumOffload= +-TransmitChecksumOffload= +-GenericSegmentationOffload= +-TCPSegmentationOffload= +-TCP6SegmentationOffload= +-UDPSegmentationOffload= +-GenericReceiveOffload= +-GenericReceiveOffloadHardware= +-LargeReceiveOffload= +-ReceiveVLANCTAGHardwareAcceleration= +-TransmitVLANCTAGHardwareAcceleration= +-ReceiveVLANCTAGFilter= +-TransmitVLANSTAGHardwareAcceleration= +-NTupleFilter= +-RxChannels= +-TxChannels= +-OtherChannels= +-CombinedChannels= +-Advertise= +-RxBufferSize= +-RxMiniBufferSize= +-RxJumboBufferSize= +-TxBufferSize= +-RxFlowControl= +-TxFlowControl= +-AutoNegotiationFlowControl= +-GenericSegmentOffloadMaxBytes= +-GenericSegmentOffloadMaxSegments= +-RxCoalesceSec= +-RxMaxCoalescedFrames= +-RxCoalesceIrqSec= +-RxMaxCoalescedIrqFrames= +-TxCoalesceSec= +-TxMaxCoalescedFrames= +-TxCoalesceIrqSec= +-TxMaxCoalescedIrqFrames= +-StatisticsBlockCoalesceSec= +-UseAdaptiveRxCoalesce= +-UseAdaptiveTxCoalesce= +-CoalescePacketRateLow= +-RxCoalesceLowSec= +-RxMaxCoalescedLowFrames= +-TxCoalesceLowSec= +-TxMaxCoalescedLowFrames= +-CoalescePacketRateHigh= +-RxCoalesceHighSec= +-RxMaxCoalescedHighFrames= +-TxCoalesceHighSec= +-TxMaxCoalescedHighFrames= +-CoalescePacketRateSampleIntervalSec= +-MDI= +-SR-IOVVirtualFunctions= +-[SR-IOV] +-VirtualFunction= +-MACSpoofCheck= +-VLANId= +-VLANProtocol= +-QualityOfService= +-QueryReceiveSideScaling= +-Trust= +-LinkState= +-MACAddress= +diff --git a/test/fuzz/fuzz-netdev-parser/directives.netdev b/test/fuzz/fuzz-netdev-parser/directives.netdev +deleted file mode 100644 +index 309941f58d..0000000000 +--- a/test/fuzz/fuzz-netdev-parser/directives.netdev ++++ /dev/null +@@ -1,258 +0,0 @@ +-[VLAN] +-MVRP= +-LooseBinding= +-ReorderHeader= +-Id= +-GVRP= +-Protocol= +-EgressQOSMaps= +-IngressQOSMaps= +-[MACVLAN] +-Mode= +-SourceMACAddress= +-BroadcastMulticastQueueLength= +-[WireGuard] +-ListenPort= +-PrivateKey= +-PrivateKeyFile= +-FwMark= +-FirewallMark= +-RouteTable= +-RouteMetric= +-[MACVTAP] +-Mode= +-SourceMACAddress= +-[Match] +-Architecture= +-Credential= +-Firmware= +-Host= +-KernelCommandLine= +-KernelVersion= +-Virtualization= +-[GENEVE] +-DestinationPort= +-TTL= +-UDP6ZeroCheckSumTx= +-TOS= +-Id= +-UDPChecksum= +-UDP6ZeroChecksumTx= +-FlowLabel= +-UDP6ZeroChecksumRx= +-Remote= +-UDP6ZeroCheckSumRx= +-IPDoNotFragment= +-[Bridge] +-ForwardDelaySec= +-HelloTimeSec= +-MaxAgeSec= +-STP= +-MulticastSnooping= +-DefaultPVID= +-MulticastQuerier= +-AgeingTimeSec= +-Priority= +-GroupForwardMask= +-VLANFiltering= +-VLANProtocol= +-MulticastIGMPVersion= +-[VRF] +-TableId= +-Table= +-[Peer] +-MACAddress= +-Name= +-[WireGuardPeer] +-Endpoint= +-PresharedKey= +-PresharedKeyFile= +-PersistentKeepalive= +-PublicKey= +-AllowedIPs= +-RouteTable= +-RouteMetric= +-[Tunnel] +-FooOverUDP= +-IPv6FlowLabel= +-Remote= +-AllowLocalRemote= +-Local= +-TOS= +-Independent= +-AssignToLoopback= +-Key= +-InputKey= +-Encapsulation= +-Mode= +-OutputKey= +-DiscoverPathMTU= +-FOUDestinationPort= +-CopyDSCP= +-EncapsulationLimit= +-TTL= +-FOUSourcePort= +-IPv6RapidDeploymentPrefix= +-ERSPANVersion= +-ERSPANIndex= +-ERSPANDirection= +-ERSPANHardwareId= +-SerializeTunneledPackets= +-ISATAP= +-External= +-[VXLAN] +-UDP6ZeroChecksumRx= +-ARPProxy= +-FlowLabel= +-Local= +-RemoteChecksumTx= +-RouteShortCircuit= +-Remote= +-L3MissNotification= +-Group= +-FDBAgeingSec= +-MacLearning= +-Id= +-VNI= +-RemoteChecksumRx= +-TOS= +-L2MissNotification= +-UDP6ZeroChecksumTx= +-UDP6ZeroCheckSumRx= +-UDPCheckSum= +-GroupPolicyExtension= +-GenericProtocolExtension= +-MaximumFDBEntries= +-TTL= +-DestinationPort= +-ReduceARPProxy= +-PortRange= +-UDPChecksum= +-UDP6ZeroCheckSumTx= +-IPDoNotFragment= +-Independent= +-[VXCAN] +-Peer= +-[Bond] +-LearnPacketIntervalSec= +-TransmitHashPolicy= +-MIIMonitorSec= +-PacketsPerSlave= +-DownDelaySec= +-PrimaryReselectPolicy= +-ResendIGMP= +-ARPAllTargets= +-AdActorSystemPriority= +-UpDelaySec= +-AdSelect= +-AdActorSystem= +-AdUserPortKey= +-FailOverMACPolicy= +-ARPValidate= +-Mode= +-GratuitousARP= +-ARPIPTargets= +-MinLinks= +-LACPTransmitRate= +-ARPIntervalSec= +-AllSlavesActive= +-DynamicTransmitLoadBalancing= +-[FooOverUDP] +-Protocol= +-Port= +-PeerPort= +-Encapsulation= +-Local= +-Peer= +-[Tap] +-MultiQueue= +-OneQueue= +-User= +-Group= +-PacketInfo= +-VNetHeader= +-KeepCarrier= +-[IPVLAN] +-Mode= +-Flags= +-[IPVTAP] +-Mode= +-Flags= +-[Tun] +-OneQueue= +-MultiQueue= +-PacketInfo= +-VNetHeader= +-Group= +-User= +-KeepCarrier= +-[NetDev] +-Kind= +-MACAddress= +-MTUBytes= +-Description= +-Name= +-[L2TP] +-TunnelId= +-PeerTunnelId= +-UDPSourcePort= +-UDPDestinationPort= +-Local= +-Remote= +-EncapsulationType= +-UDPCheckSum= +-UDP6CheckSumRx= +-UDP6CheckSumTx= +-[L2TPSession] +-SessionId= +-PeerSessionId= +-Layer2SpecificHeader= +-Name= +-[MACsec] +-Port= +-Encrypt= +-[MACsecReceiveAssociation] +-Port= +-MACAddress= +-PacketNumber= +-KeyId= +-Key= +-KeyFile= +-Activate= +-UseForEncoding= +-[MACsecReceiveChannel] +-Port= +-MACAddress= +-[MACsecTransmitAssociation] +-PacketNumber= +-KeyId= +-Key= +-KeyFile= +-Activate= +-[Xfrm] +-Independent= +-InterfaceId= +-[BareUDP] +-DestinationPort= +-EtherType= +-[BatmanAdvanced] +-GatewayMode= +-Aggregation= +-BridgeLoopAvoidance= +-DistributedArpTable= +-Fragmentation= +-HopPenalty= +-OriginatorIntervalSec= +-GatewayBandwithDown= +-GatewayBandwithUp= +-GatewayBandwidthDown= +-GatewayBandwidthUp= +-RoutingAlgorithm= +-[IPoIB] +-PartitionKey= +-Mode= +-IgnoreUserspaceMulticastGroups= +-[WLAN] +-PhysicalDevice= +-Type= +-WDS= +diff --git a/test/fuzz/fuzz-network-parser/directives b/test/fuzz/fuzz-network-parser/directives +deleted file mode 100644 +index 171322ef20..0000000000 +--- a/test/fuzz/fuzz-network-parser/directives ++++ /dev/null +@@ -1,595 +0,0 @@ +-[Bridge] +-Cost= +-UseBPDU= +-HairPin= +-Isolated= +-UnicastFlood= +-FastLeave= +-Priority= +-AllowPortToBeRoot= +-MulticastToUnicast= +-MulticastFlood= +-NeighborSuppression= +-Learning= +-ProxyARP= +-ProxyARPWiFi= +-MulticastRouter= +-[Match] +-Architecture= +-BSSID= +-Credential= +-Driver= +-Firmware= +-Host= +-KernelCommandLine= +-KernelVersion= +-Kind= +-MACAddress= +-Name= +-Path= +-PermanentMACAddress= +-Property= +-SSID= +-Type= +-Virtualization= +-WLANInterfaceType= +-[Link] +-ActivationPolicy= +-RequiredForOnline= +-RequiredFamilyForOnline= +-ARP= +-AllMulticast= +-Unmanaged= +-MTUBytes= +-Multicast= +-MACAddress= +-Group= +-Promiscuous= +-[SR-IOV] +-VirtualFunction= +-MACSpoofCheck= +-VLANId= +-VLANProtocol= +-QualityOfService= +-QueryReceiveSideScaling= +-Trust= +-LinkState= +-MACAddress= +-[BridgeFDB] +-VLANId= +-MACAddress= +-Destination= +-VNI= +-AssociatedWith= +-OutgoingInterface= +-[BridgeMDB] +-MulticastGroupAddress= +-VLANId= +-[DHCP] +-UseDomains= +-UseRoutes= +-IAID= +-UserClass= +-UseNTP= +-RapidCommit= +-ForceDHCPv6PDOtherInformation= +-UseMTU= +-UseDomainName= +-RouteMetric= +-SendHostname= +-Anonymize= +-VendorClassIdentifier= +-Hostname= +-DUIDType= +-UseHostname= +-UseDNS= +-CriticalConnection= +-DUIDRawData= +-RequestBroadcast= +-ClientIdentifier= +-ListenPort= +-UseTimezone= +-RouteTable= +-[DHCPv4] +-UseDNS= +-RoutesToDNS= +-UseDomains= +-UseRoutes= +-UseGateway= +-IAID= +-UserClass= +-UseNTP= +-RoutesToNTP= +-UseSIP= +-UseMTU= +-UseDomainName= +-RouteMetric= +-SendHostname= +-Anonymize= +-VendorClassIdentifier= +-Hostname= +-DUIDType= +-UseHostname= +-Label= +-CriticalConnection= +-DUIDRawData= +-RequestBroadcast= +-ClientIdentifier= +-ListenPort= +-UseTimezone= +-RouteTable= +-DenyList= +-BlackList= +-AllowList= +-RequestOptions= +-SendRelease= +-MaxAttempts= +-IPServiceType= +-SendOption= +-SendVendorOption= +-SendDecline= +-MUDURL= +-RouteMTUBytes= +-FallbackLeaseLifetimeSec= +-Use6RD= +-NetLabel= +-[DHCPv6] +-UseAddress= +-UseDelegatedPrefix= +-UseNTP= +-UseDNS= +-UseHostname= +-UseDomains= +-RapidCommit= +-ForceDHCPv6PDOtherInformation= +-PrefixDelegationHint= +-WithoutRA= +-MUDURL= +-SendOption= +-RequestOptions= +-UserClass= +-VendorClass= +-SendVendorOption= +-RouteMetric= +-IAID= +-DUIDType= +-DUIDRawData= +-NetLabel= +-[DHCPv6PrefixDelegation] +-SubnetId= +-Announce= +-Assign= +-ManageTemporaryAddress= +-Token= +-RouteMetric= +-NetLabel= +-[DHCPPrefixDelegation] +-UplinkInterface= +-SubnetId= +-Announce= +-Assign= +-ManageTemporaryAddress= +-Token= +-RouteMetric= +-NetLabel= +-[Route] +-Destination= +-Protocol= +-Table= +-Gateway= +-InitialAdvertisedReceiveWindow= +-GatewayOnLink= +-GatewayOnlink= +-Type= +-InitialCongestionWindow= +-IPv6Preference= +-PreferredSource= +-Scope= +-MTUBytes= +-QuickAck= +-FastOpenNoCookie= +-Source= +-Metric= +-TTLPropagate= +-MultiPathRoute= +-TCPAdvertisedMaximumSegmentSize= +-TCPCongestionControlAlgorithm= +-NextHop= +-[Network] +-KeepMaster= +-IPv6DuplicateAddressDetection= +-IPMasquerade= +-ProxyARP= +-PrimarySlave= +-IPv4LLRoute= +-DefaultRouteOnDevice= +-Address= +-IPv6ProxyNDPAddress= +-IPv6AcceptRA= +-IPv6AcceptRouterAdvertisements= +-IPv4AcceptLocal= +-IPv4RouteLocalnet= +-DNSSECNegativeTrustAnchors= +-MACVTAP= +-IPv6PrivacyExtensions= +-MACVLAN= +-MulticastDNS= +-LLDP= +-Tunnel= +-Gateway= +-IPv4LL= +-IPVLAN= +-IPVTAP= +-EmitLLDP= +-IPv6MTUBytes= +-IPv4ProxyARP= +-Bridge= +-DNSOverTLS= +-Bond= +-IPv6ProxyNDP= +-DNS= +-DNSDefaultRoute= +-ActiveSlave= +-LLMNR= +-DNSSEC= +-IPv6HopLimit= +-IPForward= +-IPv6Token= +-Xfrm= +-Description= +-VXLAN= +-L2TP= +-MACsec= +-LinkLocalAddressing= +-IPv4LLStartAddress= +-IPv6LinkLocalAddressGenerationMode= +-IPv6StableSecretAddress= +-ConfigureWithoutCarrier= +-NTP= +-DHCP= +-Domains= +-IPv6SendRA= +-IPv6PrefixDelegation= +-VLAN= +-DHCPServer= +-BindCarrier= +-VRF= +-IgnoreCarrierLoss= +-KeepConfiguration= +-DHCPv6PrefixDelegation= +-DHCPPrefixDelegation= +-BatmanAdvanced= +-IPoIB= +-[IPv6Prefix] +-Prefix= +-OnLink= +-PreferredLifetimeSec= +-AddressAutoconfiguration= +-ValidLifetimeSec= +-Assign= +-Token= +-RouteMetric= +-[IPv6RoutePrefix] +-Route= +-LifetimeSec= +-[BridgeVLAN] +-EgressUntagged= +-VLAN= +-PVID= +-[LLDP] +-MUDURL= +-[CAN] +-SamplePoint= +-BitRate= +-TimeQuantaNSec= +-PropagationSegment= +-PhaseBufferSegment1= +-PhaseBufferSegment2= +-SyncJumpWidth= +-DataSamplePoint= +-DataBitRate= +-DataTimeQuantaNSec= +-DataPropagationSegment= +-DataPhaseBufferSegment1= +-DataPhaseBufferSegment2= +-DataSyncJumpWidth= +-FDMode= +-FDNonISO= +-RestartSec= +-TripleSampling= +-BusErrorReporting= +-Termination= +-ListenOnly= +-Loopback= +-OneShot= +-PresumeACK= +-ClassicDataLengthCode= +-[IPoIB] +-Mode= +-IgnoreUserspaceMulticastGroups= +-[Address] +-DuplicateAddressDetection= +-AutoJoin= +-PreferredLifetime= +-Address= +-Scope= +-HomeAddress= +-PrefixRoute= +-AddPrefixRoute= +-ManageTemporaryAddress= +-Broadcast= +-Peer= +-Label= +-RouteMetric= +-[RoutingPolicyRule] +-Table= +-IncomingInterface= +-To= +-OutgoingInterface= +-From= +-TypeOfService= +-Priority= +-FirewallMark= +-SourcePort= +-DestinationPort= +-IPProtocol= +-InvertRule= +-Family= +-SuppressPrefixLength= +-SuppressInterfaceGroup= +-User= +-Type= +-[IPv6SendRA] +-RouterPreference= +-DNSLifetimeSec= +-DNS= +-RouterLifetimeSec= +-Domains= +-EmitDNS= +-EmitDomains= +-Managed= +-OtherInformation= +-UplinkInterface= +-NetLabel= +-[IPv6PrefixDelegation] +-RouterPreference= +-DNSLifetimeSec= +-DNS= +-RouterLifetimeSec= +-Domains= +-EmitDNS= +-EmitDomains= +-Managed= +-OtherInformation= +-[Neighbor] +-Address= +-LinkLayerAddress= +-MACAddress= +-[IPv6AddressLabel] +-Label= +-Prefix= +-[IPv6AcceptRA] +-UseDomains= +-UseMTU= +-RouteTable= +-RouteMetric= +-UseDNS= +-DHCPv6Client= +-UseGateway= +-UseRoutePrefix= +-UseAutonomousPrefix= +-UseOnLinkPrefix= +-RouterAllowList= +-RouterDenyList= +-PrefixAllowList= +-PrefixDenyList= +-RouteAllowList= +-RouteDenyList= +-DenyList= +-BlackList= +-Token= +-[DHCPServer] +-EmitNTP= +-PoolSize= +-PoolOffset= +-Timezone= +-EmitDNS= +-NTP= +-EmitSIP= +-SIP= +-EmitPOP3= +-POP3= +-EmitSMTP= +-SMTP= +-EmitLPR= +-LPR= +-EmitRouter= +-Router= +-MaxLeaseTimeSec= +-DefaultLeaseTimeSec= +-EmitTimezone= +-DNS= +-SendOption= +-SendVendorOption= +-BindToInterface= +-RelayTarget= +-RelayAgentCircuitId= +-RelayAgentRemoteId= +-ServerAddress= +-UplinkInterface= +-BootServerAddress= +-BootServerName= +-BootFilename= +-[DHCPServerStaticLease] +-MACAddress= +-Address= +-[NextHop] +-Id= +-Gateway= +-Family= +-OnLink= +-Blackhole= +-Group= +-[QDisc] +-Parent= +-Handle= +-[NetworkEmulator] +-Parent= +-Handle= +-DelaySec= +-DelayJitterSec= +-LossRate= +-DuplicateRate= +-PacketLimit= +-[TokenBucketFilter] +-Parent= +-Handle= +-Rate= +-BurstBytes= +-Burst= +-LimitBytes= +-LimitSize= +-MTUBytes= +-MPUBytes= +-PeakRate= +-LatencySec= +-[StochasticFairnessQueueing] +-Parent= +-Handle= +-PerturbPeriodSec= +-[FairQueueingControlledDelay] +-Parent= +-Handle= +-PacketLimit= +-MemoryLimitBytes= +-MemoryLimit= +-Flows= +-QuantumBytes= +-Quantum= +-TargetSec= +-IntervalSec= +-CEThresholdSec= +-ECN= +-[FairQueueing] +-Parent= +-Handle= +-PacketLimit= +-FlowLimit= +-QuantumBytes= +-Quantum= +-InitialQuantumBytes= +-InitialQuantum= +-MaximumRate= +-Buckets= +-OrphanMask= +-Pacing= +-CEThresholdSec= +-[ControlledDelay] +-Parent= +-Handle= +-PacketLimit= +-TargetSec= +-IntervalSec= +-CEThresholdSec= +-ECN= +-[CAKE] +-Parent= +-Handle= +-Bandwidth= +-AutoRateIngress= +-OverheadBytes= +-MPUBytes= +-CompensationMode= +-UseRawPacketSize= +-FlowIsolationMode= +-NAT= +-PriorityQueueingPreset= +-FirewallMark= +-Wash= +-SplitGSO= +-[TrafficControlQueueingDiscipline] +-Parent= +-NetworkEmulatorDelaySec= +-NetworkEmulatorDelayJitterSec= +-NetworkEmulatorLossRate= +-NetworkEmulatorDuplicateRate= +-NetworkEmulatorPacketLimit= +-[TrivialLinkEqualizer] +-Parent= +-Handle= +-Id= +-[HierarchyTokenBucket] +-Parent= +-Handle= +-DefaultClass= +-RateToQuantum= +-[HierarchyTokenBucketClass] +-Parent= +-ClassId= +-Priority= +-QuantumBytes= +-MTUBytes= +-OverheadBytes= +-Rate= +-CeilRate= +-BufferBytes= +-CeilBufferBytes= +-[BFIFO] +-Parent= +-Handle= +-LimitBytes= +-[PFIFO] +-Parent= +-Handle= +-PacketLimit= +-[PFIFOHeadDrop] +-Parent= +-Handle= +-PacketLimit= +-[PFIFOFast] +-Parent= +-Handle= +-[GenericRandomEarlyDetection] +-Parent= +-Handle= +-VirtualQueues= +-DefaultVirtualQueue= +-GenericRIO= +-[StochasticFairBlue] +-Parent= +-Handle= +-PacketLimit= +-[PIE] +-Parent= +-Handle= +-PacketLimit= +-[QuickFairQueueing] +-Parent= +-Handle= +-[QuickFairQueueingClass] +-Parent= +-ClassId= +-Weight= +-MaxPacketBytes= +-[DeficitRoundRobinScheduler] +-Parent= +-Handle= +-[DeficitRoundRobinSchedulerClass] +-Parent= +-ClassId= +-QuantumBytes= +-[EnhancedTransmissionSelection] +-Parent= +-Handle= +-Bands= +-StrictBands= +-QuantumBytes= +-PriorityMap= +-[HeavyHitterFilter] +-Parent= +-Handle= +-PacketLimit= +-[FlowQueuePIE] +-Parent= +-Handle= +-PacketLimit= +diff --git a/test/fuzz/fuzz-unit-file/directives.automount b/test/fuzz/fuzz-unit-file/directives.automount +deleted file mode 100644 +index fd0ce64a2e..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.automount ++++ /dev/null +@@ -1,6 +0,0 @@ +-automount +-[Automount] +-DirectoryMode= +-TimeoutIdleSec= +-Where= +-ExtraOptions= +diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount +deleted file mode 100644 +index 0a44328e5c..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.mount ++++ /dev/null +@@ -1,216 +0,0 @@ +-mount +-[Mount] +-AllowedCPUs= +-AllowedMemoryNodes= +-AmbientCapabilities= +-AppArmorProfile= +-BPFProgram= +-ExecSearchPath= +-BindPaths= +-BindReadOnlyPaths= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-CPUAccounting= +-CPUAffinity= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUSchedulingPolicy= +-CPUSchedulingPriority= +-CPUSchedulingResetOnFork= +-CPUShares= +-CPUWeight= +-CacheDirectory= +-CacheDirectoryMode= +-Capabilities= +-CapabilityBoundingSet= +-ConfigurationDirectory= +-ConfigurationDirectoryMode= +-CoredumpFilter= +-DefaultMemoryLow= +-DefaultMemoryMin= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DirectoryMode= +-DisableControllers= +-DynamicUser= +-Environment= +-EnvironmentFile= +-ExecPaths= +-ExtensionDirectories= +-ExtensionImages= +-FinalKillSignal= +-ForceUnmount= +-Group= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOSchedulingClass= +-IOSchedulingPriority= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPCNamespacePath= +-IPEgressFilterPath= +-IPIngressFilterPath= +-IgnoreSIGPIPE= +-InaccessibleDirectories= +-InaccessiblePaths= +-KeyringMode= +-KillMode= +-KillSignal= +-LazyUnmount= +-LimitAS= +-LimitCORE= +-LimitCPU= +-LimitDATA= +-LimitFSIZE= +-LimitLOCKS= +-LimitMEMLOCK= +-LimitMSGQUEUE= +-LimitNICE= +-LimitNOFILE= +-LimitNPROC= +-LimitRSS= +-LimitRTPRIO= +-LimitRTTIME= +-LimitSIGPENDING= +-LimitSTACK= +-LoadCredential= +-LoadCredentialEncrypted= +-LockPersonality= +-LogExtraFields= +-LogLevelMax= +-LogNamespace= +-LogRateLimitBurst= +-LogRateLimitIntervalSec= +-LogsDirectory= +-LogsDirectoryMode= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-MemoryAccounting= +-MemoryDenyWriteExecute= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-MountAPIVFS= +-MountFlags= +-MountImages= +-NUMAMask= +-NUMAPolicy= +-NetClass= +-NetworkNamespacePath= +-Nice= +-NoExecPaths= +-NoNewPrivileges= +-OOMScoreAdjust= +-Options= +-PAMName= +-PassEnvironment= +-Personality= +-PrivateDevices= +-PrivateIPC= +-PrivateMounts= +-PrivateNetwork= +-PrivateTmp= +-PrivateUsers= +-ProcSubset= +-ProtectClock= +-ProtectControlGroups= +-ProtectHome= +-ProtectHostname= +-ProtectKernelLogs= +-ProtectKernelModules= +-ProtectKernelTunables= +-ProtectProc= +-ProtectSystem= +-ReadOnlyDirectories= +-ReadOnlyPaths= +-ReadWriteDirectories= +-ReadWriteOnly= +-ReadWritePaths= +-RemoveIPC= +-RestartKillSignal= +-RestrictAddressFamilies= +-RestrictFileSystems= +-RestrictNamespaces= +-RestrictNetworkInterfaces= +-RestrictRealtime= +-RestrictSUIDSGID= +-RootDirectory= +-RootHash= +-RootHashSignature= +-RootImage= +-RootImageOptions= +-RootVerity= +-RuntimeDirectory= +-RuntimeDirectoryMode= +-RuntimeDirectoryPreserve= +-SELinuxContext= +-SecureBits= +-SendSIGHUP= +-SendSIGKILL= +-SetCredential= +-SetCredentialEncrypted= +-Slice= +-SloppyOptions= +-SmackProcessLabel= +-SocketBindAllow= +-SocketBindDeny= +-StandardError= +-StandardInput= +-StandardInputData= +-StandardInputText= +-StandardOutput= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-StateDirectory= +-StateDirectoryMode= +-SupplementaryGroups= +-SyslogFacility= +-SyslogIdentifier= +-SyslogLevel= +-SyslogLevelPrefix= +-SystemCallArchitectures= +-SystemCallErrorNumber= +-SystemCallFilter= +-SystemCallLog= +-TTYPath= +-TTYReset= +-TTYVHangup= +-TTYVTDisallocate= +-TTYRows= +-TTYColumns= +-TasksAccounting= +-TasksMax= +-TemporaryFileSystem= +-TimeoutCleanSec= +-TimeoutSec= +-TimerSlackNSec= +-Type= +-UMask= +-UnsetEnvironment= +-User= +-UtmpIdentifier= +-UtmpMode= +-WatchdogSignal= +-What= +-Where= +-WorkingDirectory= +diff --git a/test/fuzz/fuzz-unit-file/directives.path b/test/fuzz/fuzz-unit-file/directives.path +deleted file mode 100644 +index 3c4df76b23..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.path ++++ /dev/null +@@ -1,12 +0,0 @@ +-path +-[Path] +-DirectoryMode= +-DirectoryNotEmpty= +-MakeDirectory= +-PathChanged= +-PathExists= +-PathExistsGlob= +-PathModified= +-TriggerLimitBurst= +-TriggerLimitIntervalSec= +-Unit= +diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope +deleted file mode 100644 +index 4552d0b403..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.scope ++++ /dev/null +@@ -1,68 +0,0 @@ +-scope +-[Scope] +-AllowedCPUs= +-AllowedMemoryNodes= +-BPFProgram= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-CPUAccounting= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUShares= +-CPUWeight= +-DefaultMemoryLow= +-DefaultMemoryMin= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DisableControllers= +-FinalKillSignal= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPEgressFilterPath= +-IPIngressFilterPath= +-KillMode= +-KillSignal= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-MemoryAccounting= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-NetClass= +-RestartKillSignal= +-RestrictNetworkInterfaces= +-RuntimeMaxSec= +-RuntimeRandomizedExtraSec= +-SendSIGHUP= +-SendSIGKILL= +-Slice= +-SocketBindAllow= +-SocketBindDeny= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-TasksAccounting= +-TasksMax= +-TimeoutStopSec= +-WatchdogSignal= +diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service +deleted file mode 100644 +index 056edb9f17..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.service ++++ /dev/null +@@ -1,370 +0,0 @@ +-service +-[Unit] +-After= +-AllowIsolate= +-AssertACPower= +-AssertArchitecture= +-AssertCPUFeature= +-AssertCPUPressure= +-AssertCPUs= +-AssertCapability= +-AssertControlGroupController= +-AssertCredential= +-AssertDirectoryNotEmpty= +-AssertEnvironment= +-AssertFileIsExecutable= +-AssertFileNotEmpty= +-AssertFirstBoot= +-AssertGroup= +-AssertHost= +-AssertIOPressure= +-AssertKernelCommandLine= +-AssertKernelVersion= +-AssertMemory= +-AssertMemoryPressure= +-AssertNeedsUpdate= +-AssertOSRelease= +-AssertPathExists= +-AssertPathExistsGlob= +-AssertPathIsDirectory= +-AssertPathIsEncrypted= +-AssertPathIsMountPoint= +-AssertPathIsReadWrite= +-AssertPathIsSymbolicLink= +-AssertSecurity= +-AssertUser= +-AssertVirtualization= +-BPFProgram= +-Before= +-ExecSearchPath= +-BindTo= +-BindsTo= +-CollectMode= +-ConditionACPower= +-ConditionArchitecture= +-ConditionCPUFeature= +-ConditionCPUPressure= +-ConditionCPUs= +-ConditionFirmware= +-ConditionCapability= +-ConditionControlGroupController= +-ConditionCredential= +-ConditionDirectoryNotEmpty= +-ConditionEnvironment= +-ConditionFileIsExecutable= +-ConditionFileNotEmpty= +-ConditionFirstBoot= +-ConditionGroup= +-ConditionHost= +-ConditionIOPressure= +-ConditionKernelCommandLine= +-ConditionKernelVersion= +-ConditionMemory= +-ConditionMemoryPressure= +-ConditionNeedsUpdate= +-ConditionOSRelease= +-ConditionPathExists= +-ConditionPathExistsGlob= +-ConditionPathIsDirectory= +-ConditionPathIsEncrypted= +-ConditionPathIsMountPoint= +-ConditionPathIsReadWrite= +-ConditionPathIsSymbolicLink= +-ConditionSecurity= +-ConditionUser= +-ConditionVirtualization= +-Conflicts= +-DefaultDependencies= +-Description= +-Documentation= +-FailureAction= +-FailureActionExitStatus= +-IgnoreOnIsolate= +-IgnoreOnSnapshot= +-JobRunningTimeoutSec= +-JobTimeoutAction= +-JobTimeoutRebootArgument= +-JobTimeoutSec= +-JoinsNamespaceOf= +-OnFailure= +-OnFailureIsolate= +-OnFailureJobMode= +-OnSuccess= +-OnSuccessJobMode= +-PartOf= +-PropagateReloadFrom= +-PropagateReloadTo= +-PropagatesReloadTo= +-PropagatesStopTo= +-RebootArgument= +-RefuseManualStart= +-RefuseManualStop= +-ReloadPropagatedFrom= +-Requires= +-RequiresMountsFor= +-RequiresOverridable= +-Requisite= +-RequisiteOverridable= +-SocketBindAllow= +-SocketBindDeny= +-SourcePath= +-StartLimitAction= +-StartLimitBurst= +-StartLimitInterval= +-StartLimitIntervalSec= +-StopWhenUnneeded= +-StopPropagatedFrom= +-SuccessAction= +-SuccessActionExitStatus= +-Upholds= +-Wants= +-[Install] +-Alias= +-Also= +-DefaultInstance= +-RequiredBy= +-WantedBy= +-[Service] +-AllowedCPUs= +-AllowedMemoryNodes= +-AmbientCapabilities= +-AppArmorProfile= +-BindPaths= +-BindReadOnlyPaths= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-BusName= +-BusPolicy= +-CPUAccounting= +-CPUAffinity= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUSchedulingPolicy= +-CPUSchedulingPriority= +-CPUSchedulingResetOnFork= +-CPUShares= +-CPUWeight= +-CacheDirectory= +-CacheDirectoryMode= +-Capabilities= +-CapabilityBoundingSet= +-ConfigurationDirectory= +-ConfigurationDirectoryMode= +-CoredumpFilter= +-DefaultMemoryLow= +-DefaultMemoryMin= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DisableControllers= +-DynamicUser= +-Environment= +-EnvironmentFile= +-ExecCondition= +-ExecPaths= +-ExecReload= +-ExecStart= +-ExecStartPost= +-ExecStartPre= +-ExecStop= +-ExecStopPost= +-ExitType= +-ExtensionDirectories= +-ExtensionImages= +-FailureAction= +-FileDescriptorStoreMax= +-FinalKillSignal= +-Group= +-GuessMainPID= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOSchedulingClass= +-IOSchedulingPriority= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPCNamespacePath= +-IPEgressFilterPath= +-IPIngressFilterPath= +-IgnoreSIGPIPE= +-InaccessibleDirectories= +-InaccessiblePaths= +-KeyringMode= +-KillMode= +-KillSignal= +-LimitAS= +-LimitCORE= +-LimitCPU= +-LimitDATA= +-LimitFSIZE= +-LimitLOCKS= +-LimitMEMLOCK= +-LimitMSGQUEUE= +-LimitNICE= +-LimitNOFILE= +-LimitNPROC= +-LimitRSS= +-LimitRTPRIO= +-LimitRTTIME= +-LimitSIGPENDING= +-LimitSTACK= +-LoadCredential= +-LoadCredentialEncrypted= +-LockPersonality= +-LogExtraFields= +-LogLevelMax= +-LogNamespace= +-LogRateLimitBurst= +-LogRateLimitIntervalSec= +-LogsDirectory= +-LogsDirectoryMode= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-MemoryAccounting= +-MemoryDenyWriteExecute= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-MountAPIVFS= +-MountFlags= +-MountImages= +-NUMAMask= +-NUMAPolicy= +-NetClass= +-NetworkNamespacePath= +-Nice= +-NoExecPaths= +-NoNewPrivileges= +-NonBlocking= +-NotifyAccess= +-OOMPolicy= +-OOMScoreAdjust= +-PAMName= +-PIDFile= +-PassEnvironment= +-PermissionsStartOnly= +-Personality= +-PrivateDevices= +-PrivateIPC= +-PrivateMounts= +-PrivateNetwork= +-PrivateTmp= +-PrivateUsers= +-ProcSubset= +-ProtectClock= +-ProtectControlGroups= +-ProtectHome= +-ProtectHostname= +-ProtectKernelLogs= +-ProtectKernelModules= +-ProtectKernelTunables= +-ProtectProc= +-ProtectSystem= +-ReadOnlyDirectories= +-ReadOnlyPaths= +-ReadWriteDirectories= +-ReadWritePaths= +-RebootArgument= +-RemainAfterExit= +-RemoveIPC= +-Restart= +-RestartForceExitStatus= +-RestartKillSignal= +-RestartPreventExitStatus= +-RestartSec= +-RestrictAddressFamilies= +-RestrictFileSystems= +-RestrictNamespaces= +-RestrictNetworkInterfaces= +-RestrictRealtime= +-RestrictSUIDSGID= +-RootDirectory= +-RootDirectoryStartOnly= +-RootHash= +-RootHashSignature= +-RootImage= +-RootImageOptions= +-RootVerity= +-RuntimeDirectory= +-RuntimeDirectoryMode= +-RuntimeDirectoryPreserve= +-RuntimeMaxSec= +-RuntimeRandomizedExtraSec= +-SELinuxContext= +-SecureBits= +-SendSIGHUP= +-SendSIGKILL= +-SetCredential= +-SetCredentialEncrypted= +-Slice= +-SmackProcessLabel= +-Sockets= +-StandardError= +-StandardInput= +-StandardInputData= +-StandardInputText= +-StandardOutput= +-StartLimitAction= +-StartLimitBurst= +-StartLimitInterval= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-StateDirectory= +-StateDirectoryMode= +-SuccessExitStatus= +-SupplementaryGroups= +-SysVStartPriority= +-SyslogFacility= +-SyslogIdentifier= +-SyslogLevel= +-SyslogLevelPrefix= +-SystemCallArchitectures= +-SystemCallErrorNumber= +-SystemCallFilter= +-SystemCallLog= +-TTYPath= +-TTYReset= +-TTYVHangup= +-TTYVTDisallocate= +-TTYRows= +-TTYColumns= +-TasksAccounting= +-TasksMax= +-TemporaryFileSystem= +-TimeoutAbortSec= +-TimeoutCleanSec= +-TimeoutSec= +-TimeoutStartFailureMode= +-TimeoutStartSec= +-TimeoutStopFailureMode= +-TimeoutStopSec= +-TimerSlackNSec= +-Type= +-UMask= +-USBFunctionDescriptors= +-USBFunctionStrings= +-UnsetEnvironment= +-User= +-UtmpIdentifier= +-UtmpMode= +-WatchdogSec= +-WatchdogSignal= +-WorkingDirectory= +diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice +deleted file mode 100644 +index ab77070c5e..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.slice ++++ /dev/null +@@ -1,58 +0,0 @@ +-slice +-[Slice] +-AllowedCPUs= +-AllowedMemoryNodes= +-BPFProgram= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-CPUAccounting= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUShares= +-CPUWeight= +-DefaultMemoryLow= +-DefaultMemoryMin= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DisableControllers= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPEgressFilterPath= +-IPIngressFilterPath= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-MemoryAccounting= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-NetClass= +-RestrictNetworkInterfaces= +-Slice= +-SocketBindAllow= +-SocketBindDeny= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-TasksAccounting= +-TasksMax= +diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket +deleted file mode 100644 +index 90358fc11a..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.socket ++++ /dev/null +@@ -1,266 +0,0 @@ +-socket +-[Socket] +-Accept= +-AllowedCPUs= +-AllowedMemoryNodes= +-AmbientCapabilities= +-AppArmorProfile= +-BPFProgram= +-Backlog= +-ExecSearchPath= +-BindIPv6Only= +-BindPaths= +-BindReadOnlyPaths= +-BindToDevice= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-Broadcast= +-CPUAccounting= +-CPUAffinity= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUSchedulingPolicy= +-CPUSchedulingPriority= +-CPUSchedulingResetOnFork= +-CPUShares= +-CPUWeight= +-CacheDirectory= +-CacheDirectoryMode= +-Capabilities= +-CapabilityBoundingSet= +-ConfigurationDirectory= +-ConfigurationDirectoryMode= +-CoredumpFilter= +-DefaultMemoryLow= +-DefaultMemoryMin= +-DeferAcceptSec= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DirectoryMode= +-DisableControllers= +-DynamicUser= +-Environment= +-EnvironmentFile= +-ExecPaths= +-ExecStartPost= +-ExecStartPre= +-ExecStopPost= +-ExecStopPre= +-ExtensionDirectories= +-ExtensionImages= +-FileDescriptorName= +-FinalKillSignal= +-FlushPending= +-FreeBind= +-Group= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOSchedulingClass= +-IOSchedulingPriority= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPCNamespacePath= +-IPEgressFilterPath= +-IPIngressFilterPath= +-IPTOS= +-IPTTL= +-IgnoreSIGPIPE= +-InaccessibleDirectories= +-InaccessiblePaths= +-KeepAlive= +-KeepAliveIntervalSec= +-KeepAliveProbes= +-KeepAliveTimeSec= +-KeyringMode= +-KillMode= +-KillSignal= +-LimitAS= +-LimitCORE= +-LimitCPU= +-LimitDATA= +-LimitFSIZE= +-LimitLOCKS= +-LimitMEMLOCK= +-LimitMSGQUEUE= +-LimitNICE= +-LimitNOFILE= +-LimitNPROC= +-LimitRSS= +-LimitRTPRIO= +-LimitRTTIME= +-LimitSIGPENDING= +-LimitSTACK= +-ListenDatagram= +-ListenFIFO= +-ListenMessageQueue= +-ListenNetlink= +-ListenSequentialPacket= +-ListenSpecial= +-ListenStream= +-ListenUSBFunction= +-LoadCredential= +-LoadCredentialEncrypted= +-LockPersonality= +-LogExtraFields= +-LogLevelMax= +-LogNamespace= +-LogRateLimitBurst= +-LogRateLimitIntervalSec= +-LogsDirectory= +-LogsDirectoryMode= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-Mark= +-MaxConnections= +-MaxConnectionsPerSource= +-MemoryAccounting= +-MemoryDenyWriteExecute= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-MessageQueueMaxMessages= +-MessageQueueMessageSize= +-MountAPIVFS= +-MountFlags= +-MountImages= +-NUMAMask= +-NUMAPolicy= +-NetClass= +-NetworkNamespacePath= +-Nice= +-NoDelay= +-NoExecPaths= +-NoNewPrivileges= +-OOMScoreAdjust= +-PAMName= +-PassCredentials= +-PassEnvironment= +-PassPacketInfo= +-PassSecurity= +-Personality= +-PipeSize= +-Priority= +-PrivateDevices= +-PrivateIPC= +-PrivateMounts= +-PrivateNetwork= +-PrivateTmp= +-PrivateUsers= +-ProcSubset= +-ProtectClock= +-ProtectControlGroups= +-ProtectHome= +-ProtectHostname= +-ProtectKernelLogs= +-ProtectKernelModules= +-ProtectKernelTunables= +-ProtectProc= +-ProtectSystem= +-ReadOnlyDirectories= +-ReadOnlyPaths= +-ReadWriteDirectories= +-ReadWritePaths= +-ReceiveBuffer= +-RemoveIPC= +-RemoveOnStop= +-RestartKillSignal= +-RestrictAddressFamilies= +-RestrictFileSystems= +-RestrictNamespaces= +-RestrictNetworkInterfaces= +-RestrictRealtime= +-RestrictSUIDSGID= +-ReusePort= +-RootDirectory= +-RootHash= +-RootHashSignature= +-RootImage= +-RootImageOptions= +-RootVerity= +-RuntimeDirectory= +-RuntimeDirectoryMode= +-RuntimeDirectoryPreserve= +-SELinuxContext= +-SELinuxContextFromNet= +-SecureBits= +-SendBuffer= +-SendSIGHUP= +-SendSIGKILL= +-Service= +-SetCredential= +-SetCredentialEncrypted= +-Slice= +-SmackLabel= +-SmackLabelIPIn= +-SmackLabelIPOut= +-SmackProcessLabel= +-SocketBindAllow= +-SocketBindDeny= +-SocketGroup= +-SocketMode= +-SocketProtocol= +-SocketUser= +-StandardError= +-StandardInput= +-StandardInputData= +-StandardInputText= +-StandardOutput= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-StateDirectory= +-StateDirectoryMode= +-SupplementaryGroups= +-Symlinks= +-SyslogFacility= +-SyslogIdentifier= +-SyslogLevel= +-SyslogLevelPrefix= +-SystemCallArchitectures= +-SystemCallErrorNumber= +-SystemCallFilter= +-SystemCallLog= +-TCPCongestion= +-TTYPath= +-TTYReset= +-TTYVHangup= +-TTYVTDisallocate= +-TTYRows= +-TTYColumns= +-TasksAccounting= +-TasksMax= +-TemporaryFileSystem= +-TimeoutCleanSec= +-TimeoutSec= +-TimerSlackNSec= +-Timestamping= +-Transparent= +-TriggerLimitBurst= +-TriggerLimitIntervalSec= +-UMask= +-UnsetEnvironment= +-User= +-UtmpIdentifier= +-UtmpMode= +-WatchdogSignal= +-WorkingDirectory= +-Writable= +diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap +deleted file mode 100644 +index 5d057fa630..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.swap ++++ /dev/null +@@ -1,210 +0,0 @@ +-swap +-[Swap] +-AllowedCPUs= +-AllowedMemoryNodes= +-AmbientCapabilities= +-AppArmorProfile= +-BPFProgram= +-ExecSearchPath= +-BindPaths= +-BindReadOnlyPaths= +-BlockIOAccounting= +-BlockIODeviceWeight= +-BlockIOReadBandwidth= +-BlockIOWeight= +-BlockIOWriteBandwidth= +-CPUAccounting= +-CPUAffinity= +-CPUQuota= +-CPUQuotaPeriodSec= +-CPUSchedulingPolicy= +-CPUSchedulingPriority= +-CPUSchedulingResetOnFork= +-CPUShares= +-CPUWeight= +-CacheDirectory= +-CacheDirectoryMode= +-Capabilities= +-CapabilityBoundingSet= +-ConfigurationDirectory= +-ConfigurationDirectoryMode= +-CoredumpFilter= +-DefaultMemoryLow= +-DefaultMemoryMin= +-Delegate= +-DeviceAllow= +-DevicePolicy= +-DisableControllers= +-DynamicUser= +-Environment= +-EnvironmentFile= +-ExecPaths= +-ExtensionDirectories= +-ExtensionImages= +-FinalKillSignal= +-Group= +-IOAccounting= +-IODeviceLatencyTargetSec= +-IODeviceWeight= +-IOReadBandwidthMax= +-IOReadIOPSMax= +-IOSchedulingClass= +-IOSchedulingPriority= +-IOWeight= +-IOWriteBandwidthMax= +-IOWriteIOPSMax= +-IPAccounting= +-IPAddressAllow= +-IPAddressDeny= +-IPCNamespacePath= +-IPEgressFilterPath= +-IPIngressFilterPath= +-IgnoreSIGPIPE= +-InaccessibleDirectories= +-InaccessiblePaths= +-KeyringMode= +-KillMode= +-KillSignal= +-LimitAS= +-LimitCORE= +-LimitCPU= +-LimitDATA= +-LimitFSIZE= +-LimitLOCKS= +-LimitMEMLOCK= +-LimitMSGQUEUE= +-LimitNICE= +-LimitNOFILE= +-LimitNPROC= +-LimitRSS= +-LimitRTPRIO= +-LimitRTTIME= +-LimitSIGPENDING= +-LimitSTACK= +-LoadCredential= +-LoadCredentialEncrypted= +-LockPersonality= +-LogExtraFields= +-LogLevelMax= +-LogNamespace= +-LogRateLimitBurst= +-LogRateLimitIntervalSec= +-LogsDirectory= +-LogsDirectoryMode= +-ManagedOOMMemoryPressure= +-ManagedOOMMemoryPressureLimit= +-ManagedOOMPreference= +-ManagedOOMSwap= +-MemoryAccounting= +-MemoryDenyWriteExecute= +-MemoryHigh= +-MemoryLimit= +-MemoryLow= +-MemoryMax= +-MemoryMin= +-MemorySwapMax= +-MountAPIVFS= +-MountFlags= +-MountImages= +-NUMAMask= +-NUMAPolicy= +-NetClass= +-NetworkNamespacePath= +-Nice= +-NoExecPaths= +-NoNewPrivileges= +-OOMScoreAdjust= +-Options= +-PAMName= +-PassEnvironment= +-Personality= +-Priority= +-PrivateDevices= +-PrivateIPC= +-PrivateMounts= +-PrivateNetwork= +-PrivateTmp= +-PrivateUsers= +-ProcSubset= +-ProtectClock= +-ProtectControlGroups= +-ProtectHome= +-ProtectHostname= +-ProtectKernelLogs= +-ProtectKernelModules= +-ProtectKernelTunables= +-ProtectProc= +-ProtectSystem= +-ReadOnlyDirectories= +-ReadOnlyPaths= +-ReadWriteDirectories= +-ReadWritePaths= +-RemoveIPC= +-RestartKillSignal= +-RestrictAddressFamilies= +-RestrictFileSystems= +-RestrictNamespaces= +-RestrictNetworkInterfaces= +-RestrictRealtime= +-RestrictSUIDSGID= +-RootDirectory= +-RootHash= +-RootHashSignature= +-RootImage= +-RootImageOptions= +-RootVerity= +-RuntimeDirectory= +-RuntimeDirectoryMode= +-RuntimeDirectoryPreserve= +-SELinuxContext= +-SecureBits= +-SendSIGHUP= +-SendSIGKILL= +-SetCredential= +-SetCredentialEncrypted= +-Slice= +-SmackProcessLabel= +-SocketBindAllow= +-SocketBindDeny= +-StandardError= +-StandardInput= +-StandardInputData= +-StandardInputText= +-StandardOutput= +-StartupAllowedCPUs= +-StartupAllowedMemoryNodes= +-StartupBlockIOWeight= +-StartupCPUShares= +-StartupCPUWeight= +-StartupIOWeight= +-StateDirectory= +-StateDirectoryMode= +-SupplementaryGroups= +-SyslogFacility= +-SyslogIdentifier= +-SyslogLevel= +-SyslogLevelPrefix= +-SystemCallArchitectures= +-SystemCallErrorNumber= +-SystemCallFilter= +-SystemCallLog= +-TTYPath= +-TTYReset= +-TTYVHangup= +-TTYVTDisallocate= +-TTYRows= +-TTYColumns= +-TasksAccounting= +-TasksMax= +-TemporaryFileSystem= +-TimeoutCleanSec= +-TimeoutSec= +-TimerSlackNSec= +-UMask= +-UnsetEnvironment= +-User= +-UtmpIdentifier= +-UtmpMode= +-WatchdogSignal= +-What= +-WorkingDirectory= +diff --git a/test/fuzz/fuzz-unit-file/directives.timer b/test/fuzz/fuzz-unit-file/directives.timer +deleted file mode 100644 +index 40075cf3e7..0000000000 +--- a/test/fuzz/fuzz-unit-file/directives.timer ++++ /dev/null +@@ -1,17 +0,0 @@ +-timer +-[Timer] +-AccuracySec= +-FixedRandomDelay= +-OnActiveSec= +-OnBootSec= +-OnCalendar= +-OnClockChange= +-OnStartupSec= +-OnTimezoneChange= +-OnUnitActiveSec= +-OnUnitInactiveSec= +-Persistent= +-RandomizedDelaySec= +-RemainAfterElapse= +-Unit= +-WakeSystem= +diff --git a/test/fuzz/generate-directives.py b/test/fuzz/generate-directives.py +new file mode 100644 +index 0000000000..d05108962f +--- /dev/null ++++ b/test/fuzz/generate-directives.py +@@ -0,0 +1,26 @@ ++#!/usr/bin/env python3 ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++import sys ++import collections, re ++ ++d = collections.defaultdict(list) ++for line in open(sys.argv[1]): ++ m = re.match(r'^([a-zA-Z0-9-]+)\.([a-zA-Z0-9-]+),', line) ++ if m: ++ d[m.group(1)] += [m.group(2)] ++ ++sec_rx = sys.argv[2] if len(sys.argv) > 2 else '.' ++sec_rx = re.compile(sec_rx) ++unit_type = sys.argv[3] if len(sys.argv) > 3 else None ++ ++if unit_type: ++ print(unit_type) ++ ++for section, items in d.items(): ++ if not sec_rx.match(section): ++ continue ++ print(f'[{section}]') ++ for item in items: ++ print(f'{item}=') ++ print() +diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build +index 82738fd1b7..f7f0a6111c 100644 +--- a/test/fuzz/meson.build ++++ b/test/fuzz/meson.build +@@ -1,5 +1,36 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++generate_directives_py = find_program('generate-directives.py') ++fuzz_generated_in_dir = meson.current_build_dir() ++ ++fuzz_generated_directives = [] ++ ++directives = [['fuzz-network-parser_directives', 'src/network/networkd-network-gperf.gperf'], ++ ['fuzz-netdev-parser_directives.netdev', 'src/network/netdev/netdev-gperf.gperf'], ++ ['fuzz-link-parser_directives.link', 'src/udev/net/link-config-gperf.gperf'], ++ ] ++ ++foreach tuple : directives ++ fuzz_generated_directives += custom_target( ++ tuple[0], ++ output: tuple[0], ++ command: [generate_directives_py, files(project_source_root / tuple[1])], ++ capture: true) ++endforeach ++ ++foreach section : ['Automount', 'Mount', 'Path', 'Scope', 'Service', 'Slice', 'Socket', 'Swap', 'Timer'] ++ unit_type = section.to_lower() ++ sec_rx = section == 'Service' ? '(Service|Unit|Install)' : section ++ fuzz_generated_directives += custom_target( ++ 'fuzz-unit-file_directives.@0@'.format(unit_type), ++ output: 'fuzz-unit-file_directives.@0@'.format(unit_type), ++ command: [generate_directives_py, load_fragment_gperf_gperf, sec_rx, unit_type], ++ capture: true) ++endforeach ++ ++ ++############################################################ ++ + sanitize_address_undefined = custom_target( + 'sanitize-address-undefined-fuzzers', + output : 'sanitize-address-undefined-fuzzers', +@@ -28,7 +59,22 @@ else + out = run_command(sh, '-c', 'cd "@0@"; echo @1@/*/*'.format(project_source_root, fuzz_testsdir), check: true) + endif + +-fuzz_regression_tests = {} ++# Fuzz inputs that we generate (see above fuzz_generated_directives) ++fuzz_regression_tests = { ++ 'fuzz-link-parser': [['', 'directives.link']], ++ 'fuzz-netdev-parser': [['', 'directives.netdev']], ++ 'fuzz-network-parser': [['', 'directives']], ++ 'fuzz-unit-file': [['', 'directives.automount'], ++ ['', 'directives.mount'], ++ ['', 'directives.path'], ++ ['', 'directives.scope'], ++ ['', 'directives.service'], ++ ['', 'directives.slice'], ++ ['', 'directives.socket'], ++ ['', 'directives.swap'], ++ ['', 'directives.timer']]} ++ ++# Add crafted fuzz inputs we have in the repo + foreach p : out.stdout().split() + # Remove the last entry which is ''. + # +@@ -44,6 +90,6 @@ foreach p : out.stdout().split() + endif + # Meson parser provision for: fuzz_regression_tests[fuzzer] += [fuzz_in] + l = fuzz_regression_tests[fuzzer] +- l += [fuzz_in] ++ l += [[fuzz_testsdir, fuzz_in]] + fuzz_regression_tests += {fuzzer: l} + endforeach +diff --git a/tools/check-directives.sh b/tools/check-directives.sh +deleted file mode 100755 +index 767833285b..0000000000 +--- a/tools/check-directives.sh ++++ /dev/null +@@ -1,72 +0,0 @@ +-#!/usr/bin/env bash +-# SPDX-License-Identifier: LGPL-2.1-or-later +-set -eu +-set -o pipefail +- +-SOURCE_ROOT="${1:?}" +-BUILD_ROOT="${2:?}" +- +-command -v gawk &>/dev/null || exit 77 +- +-function generate_directives() { +- gawk -v sec_rx="${2:-""}" -v unit_type="${3:-""}" ' +- match($0, /^([^ \t\.]+)\.([^ \t\.,]+)/, m) { +- # res[section][directive] = 1 +- res[m[1]][m[2]] = 1; +- } +- END { +- if (unit_type) +- print unit_type +- +- for (section in res) { +- if (sec_rx && section !~ sec_rx) +- continue +- +- print "[" section "]"; +- for (directive in res[section]) { +- print directive "="; +- } +- } +- } +- ' "$1" +-} +- +-ret=0 +-if ! diff \ +- <(generate_directives "$SOURCE_ROOT"/src/network/networkd-network-gperf.gperf | sort) \ +- <(sort "$SOURCE_ROOT"/test/fuzz/fuzz-network-parser/directives); then +- echo "Looks like test/fuzz/fuzz-network-parser/directives hasn't been updated" +- ret=1 +-fi +- +-if ! diff \ +- <(generate_directives "$SOURCE_ROOT"/src/network/netdev/netdev-gperf.gperf | sort) \ +- <(sort "$SOURCE_ROOT"/test/fuzz/fuzz-netdev-parser/directives.netdev); then +- echo "Looks like test/fuzz/fuzz-netdev-parser/directives.netdev hasn't been updated" +- ret=1 +-fi +- +-if ! diff \ +- <(generate_directives "$SOURCE_ROOT"/src/udev/net/link-config-gperf.gperf | sort) \ +- <(sort "$SOURCE_ROOT"/test/fuzz/fuzz-link-parser/directives.link) ; then +- echo "Looks like test/fuzz/fuzz-link-parser/directives.link hasn't been updated" +- ret=1 +-fi +- +-for section in Automount Mount Path Scope Slice Socket Swap Timer; do +- if ! diff \ +- <(generate_directives "$BUILD_ROOT"/src/core/load-fragment-gperf.gperf "$section" "${section,,}" | sort) \ +- <(sort "$SOURCE_ROOT/test/fuzz/fuzz-unit-file/directives.${section,,}") ; then +- echo "Looks like test/fuzz/fuzz-unit-file/directives.${section,,} hasn't been updated" +- ret=1 +- fi +-done +- +-if ! diff \ +- <(generate_directives "$BUILD_ROOT"/src/core/load-fragment-gperf.gperf "(Service|Unit|Install)" "service" | sort) \ +- <(sort "$SOURCE_ROOT/test/fuzz/fuzz-unit-file/directives.service") ; then +- echo "Looks like test/fuzz/fuzz-unit-file/directives.service hasn't been updated" +- ret=1 +-fi +- +-exit $ret diff --git a/0233-oss-fuzz-include-generated-corpora-in-the-final-zip-.patch b/0233-oss-fuzz-include-generated-corpora-in-the-final-zip-.patch new file mode 100644 index 0000000..c6d6c56 --- /dev/null +++ b/0233-oss-fuzz-include-generated-corpora-in-the-final-zip-.patch @@ -0,0 +1,35 @@ +From a810aef1f95727ec3e044441bf02e0261b2e09ec Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sat, 7 Jan 2023 10:27:05 +0100 +Subject: [PATCH] oss-fuzz: include generated corpora in the final zip file + +Since the files with generated directives are now automatically +generated during build, they're now under the respective build directory +which the current oss-fuzz CI script didn't account for. + +Follow-up to: #24958 +Fixes: #25859 + +(cherry picked from commit bef8d18b3f9776fdb28fc9a4820f9ce9418422f9) + +Related: #2176918 +--- + tools/oss-fuzz.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh +index 793411ed84..7e9312b833 100755 +--- a/tools/oss-fuzz.sh ++++ b/tools/oss-fuzz.sh +@@ -97,7 +97,10 @@ rm -rf "$hosts" + # The seed corpus is a separate flat archive for each fuzzer, + # with a fixed name ${fuzzer}_seed_corpus.zip. + for d in test/fuzz/fuzz-*; do +- zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d" ++ fuzzer="$(basename "$d")" ++ # Include the build-generated corpora if any as well ++ readarray -t generated < <(find "$build/test/fuzz" -maxdepth 1 -name "${fuzzer}*" -type f) ++ zip -jqr "$OUT/${fuzzer}_seed_corpus.zip" "$d" "${generated[@]}" + done + + # get fuzz-dns-packet corpus diff --git a/0234-unit-In-cgroupv1-gracefully-terminate-delegated-scop.patch b/0234-unit-In-cgroupv1-gracefully-terminate-delegated-scop.patch new file mode 100644 index 0000000..635b0a3 --- /dev/null +++ b/0234-unit-In-cgroupv1-gracefully-terminate-delegated-scop.patch @@ -0,0 +1,38 @@ +From 25223b64f043d9b78d1f70ee7e4a2a3b7a579a84 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 17 Mar 2023 14:00:15 +0100 +Subject: [PATCH] unit: In cgroupv1, gracefully terminate delegated scopes + again + +Instantly killing delegated scopes is just not viable for our +needs in OCP 4.13 in cgroupv1 mode. We will accept the possibility +of timeouts instead. + +Co-authored-by: Colin Walters + +rhel-only + +Resolves: #2180120 +--- + src/core/unit.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index c319e99d71..0d1a590a3f 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4616,8 +4616,13 @@ int unit_kill_context( + * however should not exist in non-delegated units. On the unified hierarchy that's different, + * there we get proper events. Hence rely on them. */ + ++ /* (RHEL9): we patch out a check for delegation here that exists upstream ++ * and accept a possible delayed shutdown due to races in favor of ++ * not just insta-killing the processes. ++ */ ++ + if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 || +- (detect_container() == 0 && !unit_cgroup_delegate(u))) ++ (detect_container() == 0)) + wait_for_exit = true; + + if (send_sighup) { diff --git a/systemd.spec b/systemd.spec index 6e3807f..bdcfcec 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://systemd.io Version: 252 -Release: 8%{?dist} +Release: 14%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -304,6 +304,14 @@ Patch0223: 0223-test-add-coverage-for-26467.patch Patch0224: 0224-test-add-coverage-for-24177.patch Patch0225: 0225-logind-session-make-stopping-of-idle-session-visible.patch Patch0226: 0226-journal-file-Fix-return-value-in-bump_entry_array.patch +Patch0227: 0227-systemd-Support-OOMPolicy-in-scope-units.patch +Patch0228: 0228-systemd-Default-to-OOMPolicy-continue-for-login-sess.patch +Patch0229: 0229-man-rework-description-of-OOMPolicy-a-bit.patch +Patch0230: 0230-core-man-add-missing-integration-of-OOMPolicy-in-sco.patch +Patch0231: 0231-meson-Store-fuzz-tests-in-structured-way.patch +Patch0232: 0232-meson-Generate-fuzzer-inputs-with-directives.patch +Patch0233: 0233-oss-fuzz-include-generated-corpora-in-the-final-zip-.patch +Patch0234: 0234-unit-In-cgroupv1-gracefully-terminate-delegated-scop.patch # Downstream-only patches (9000–9999) @@ -1125,6 +1133,16 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Tue Mar 21 2023 systemd maintenance team - 252-14 +- systemd: Support OOMPolicy in scope units (#2176918) +- systemd: Default to OOMPolicy=continue for login session scopes (#2176918) +- man: rework description of OOMPolicy= a bit (#2176918) +- core,man: add missing integration of OOMPolicy= in scopes (#2176918) +- meson: Store fuzz tests in structured way (#2176918) +- meson: Generate fuzzer inputs with directives (#2176918) +- oss-fuzz: include generated corpora in the final zip file (#2176918) +- unit: In cgroupv1, gracefully terminate delegated scopes again (#2180120) + * Mon Feb 27 2023 systemd maintenance team - 252-8 - journal-file: Fix return value in bump_entry_array() (#2173682)