rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport a bunch of patches

Browse Source
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-03-04 11:53:37 -05:00
parent c16b573717
commit 2b682337e7
20 changed files with 1394 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch
View File

@ -1,19 +1,17 @@
From 2ed3d130986501e1db27d57be424d5fd82755ca5 Mon Sep 17 00:00:00 2001 From d15dd311752fcafa92d2e6a00c582020dc0f6ac3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net> From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Feb 2016 21:29:01 +0100 Date: Fri, 12 Feb 2016 21:29:01 +0100
Subject: [PATCH] time-util: map ALARM clockids to non-ALARM clockids in now() Subject: [PATCH] time-util: map ALARM clockids to non-ALARM clockids in now()
Fixes: #2597 Fixes: #2597
(cherry picked from commit 32c1f5a57998f2a9e1992af006b83e39e3155830) (cherry picked from commit 32c1f5a57998f2a9e1992af006b83e39e3155830)
Resolves: #1310800
--- ---
src/basic/time-util.c | 24 ++++++++++++++++++++++-- src/basic/time-util.c | 24 ++++++++++++++++++++++--
src/libsystemd/sd-event/sd-event.c | 6 +++++- src/libsystemd/sd-event/sd-event.c | 6 +++++-
2 files changed, 27 insertions(+), 3 deletions(-) 2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 3973850..510f018 100644 index 3973850b44..510f018d9b 100644
--- a/src/basic/time-util.c --- a/src/basic/time-util.c
+++ b/src/basic/time-util.c +++ b/src/basic/time-util.c
@@ -42,10 +42,30 @@ @@ -42,10 +42,30 @@
@ -58,7 +56,7 @@ index 3973850..510f018 100644
return timespec_load_nsec(&ts); return timespec_load_nsec(&ts);
} }
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index deef6ba..2b46a1f 100644 index deef6ba9d3..2b46a1ff06 100644
--- a/src/libsystemd/sd-event/sd-event.c --- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c
@@ -2780,9 +2780,13 @@ _public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) { @@ -2780,9 +2780,13 @@ _public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) {
@ -76,6 +74,3 @@ index deef6ba..2b46a1f 100644
} }
return 0; return 0;
--
2.5.0

24
0002-core-fix-indenting-in-dump-output.patch Normal file
View File

@ -0,0 +1,24 @@
From 3e1d3577dd20a49d6eb5007c65b4efb7862df903 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Feb 2016 21:33:39 +0100
Subject: [PATCH] core: fix indenting in dump output
Fixes: #2593
(cherry picked from commit b895d15511526b7046c8c51e6689684144a63ae0)
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index d39e3dcaeb..3c4f85e744 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -888,7 +888,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
"%s\tInstance: %s\n"
"%s\tUnit Load State: %s\n"
"%s\tUnit Active State: %s\n"
- "%s\nState Change Timestamp: %s\n"
+ "%s\tState Change Timestamp: %s\n"
"%s\tInactive Exit Timestamp: %s\n"
"%s\tActive Enter Timestamp: %s\n"
"%s\tActive Exit Timestamp: %s\n"

238
0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch Normal file
View File

@ -0,0 +1,238 @@
From 66a35872a2429a095f8cdfd5b00f94d0b28daa0f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 15 Feb 2016 22:50:01 +0100
Subject: [PATCH] networkd: FIONREAD is not reliable on some sockets
Fixes: #2457
(cherry picked from commit 4edc2c9b6b5b921873eb82e58719ed4d9e0d69bf)
---
src/basic/socket-util.c | 34 ++++++++++++++++++++++++++++++++
src/basic/socket-util.h | 2 ++
src/libsystemd-network/sd-dhcp-client.c | 23 +++++++++------------
src/libsystemd-network/sd-dhcp-server.c | 9 ++++-----
src/libsystemd-network/sd-dhcp6-client.c | 13 ++++++------
src/libsystemd-network/sd-ndisc.c | 13 +++++-------
src/resolve/resolved-manager.c | 10 ++++------
7 files changed, 64 insertions(+), 40 deletions(-)
diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 49e5f5b125..58512686e3 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -936,3 +936,37 @@ int receive_one_fd(int transport_fd, int flags) {
return *(int*) CMSG_DATA(found);
}
+
+ssize_t next_datagram_size_fd(int fd) {
+ ssize_t l;
+ int k;
+
+ /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
+ * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't
+ * do. This difference is actually of major importance as we need to be sure that the size returned here
+ * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
+ * the wrong size. */
+
+ l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
+ if (l < 0) {
+ if (errno == EOPNOTSUPP)
+ goto fallback;
+
+ return -errno;
+ }
+ if (l == 0)
+ goto fallback;
+
+ return l;
+
+fallback:
+ k = 0;
+
+ /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
+ * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
+
+ if (ioctl(fd, FIONREAD, &k) < 0)
+ return -errno;
+
+ return (ssize_t) k;
+}
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 92edc1dc22..d17a2f35f8 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -133,5 +133,7 @@ int send_one_fd_sa(int transport_fd,
#define send_one_fd(transport_fd, fd, flags) send_one_fd_sa(transport_fd, fd, NULL, 0, flags)
int receive_one_fd(int transport_fd, int flags);
+ssize_t next_datagram_size_fd(int fd);
+
#define CMSG_FOREACH(cmsg, mh) \
for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg)))
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index cad1a52c09..729ef880ce 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1525,20 +1525,17 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
uint32_t revents, void *userdata) {
sd_dhcp_client *client = userdata;
_cleanup_free_ DHCPMessage *message = NULL;
- int buflen = 0, len, r;
const struct ether_addr zero_mac = { { 0, 0, 0, 0, 0, 0 } };
const struct ether_addr *expected_chaddr = NULL;
uint8_t expected_hlen = 0;
+ ssize_t len, buflen;
assert(s);
assert(client);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* this can't be right */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc0(buflen);
if (!message)
@@ -1616,17 +1613,15 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
};
struct cmsghdr *cmsg;
bool checksum = true;
- int buflen = 0, len, r;
+ ssize_t buflen, len;
+ int r;
assert(s);
assert(client);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* this can't be right */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
packet = malloc0(buflen);
if (!packet)
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index ad3a37b722..54ff1a3f28 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -955,14 +955,13 @@ static int server_receive_message(sd_event_source *s, int fd,
.msg_controllen = sizeof(cmsgbuf),
};
struct cmsghdr *cmsg;
- int buflen = 0, len;
+ ssize_t buflen, len;
assert(server);
- if (ioctl(fd, FIONREAD, &buflen) < 0)
- return -errno;
- else if (buflen < 0)
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc(buflen);
if (!message)
diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
index 5b6b9cbcac..7d56d4cc60 100644
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -33,6 +33,7 @@
#include "in-addr-util.h"
#include "network-internal.h"
#include "random-util.h"
+#include "socket-util.h"
#include "string-table.h"
#include "util.h"
@@ -891,18 +892,16 @@ static int client_receive_message(sd_event_source *s, int fd, uint32_t revents,
sd_dhcp6_client *client = userdata;
DHCP6_CLIENT_DONT_DESTROY(client);
_cleanup_free_ DHCP6Message *message = NULL;
- int r, buflen, len;
+ ssize_t buflen, len;
+ int r = 0;
assert(s);
assert(client);
assert(client->event);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* This really should not happen */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc(buflen);
if (!message)
diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
index 519d2aa36b..bae6a49fe6 100644
--- a/src/libsystemd-network/sd-ndisc.c
+++ b/src/libsystemd-network/sd-ndisc.c
@@ -491,19 +491,16 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
struct cmsghdr *cmsg;
struct in6_addr *gw;
unsigned lifetime;
- ssize_t len;
- int r, pref, stateful, buflen = 0;
+ ssize_t len, buflen;
+ int r, pref, stateful;
assert(s);
assert(nd);
assert(nd->event);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* This really should not happen */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
iov.iov_len = buflen;
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index bf5efe4cfa..7f9073448a 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -617,18 +617,16 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
struct msghdr mh = {};
struct cmsghdr *cmsg;
struct iovec iov;
- int ms = 0, r;
- ssize_t l;
+ ssize_t ms, l;
+ int r;
assert(m);
assert(fd >= 0);
assert(ret);
- r = ioctl(fd, FIONREAD, &ms);
- if (r < 0)
- return -errno;
+ ms = next_datagram_size_fd(fd);
if (ms < 0)
- return -EIO;
+ return ms;
r = dns_packet_new(&p, protocol, ms);
if (r < 0)

55
0004-networkd-rework-idle-detection-logic-of-networkd.patch Normal file
View File

@ -0,0 +1,55 @@
From 1b8cc9fb6cac9d5882ab33b79f880d03d1859efb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 15 Feb 2016 19:11:18 +0100
Subject: [PATCH] networkd: rework idle detection logic of networkd
This patch makes networkd stay around as long as there is more than just a
loopback interface around, or the loopback device isn't fully probed yet, or
the loopback device has a .network file attached.
In essence, this means networkd stays around now continously as it should,
unless it is running in some (container?) environment that really has no
interface except a loopback device.
Fixes #2577.
(cherry picked from commit 9dc907f9c93636cb63ca90300fa3b8c03812701f)
---
src/network/networkd-manager.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index b527191a5a..b8cb7f875d 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -1091,22 +1091,19 @@ static bool manager_check_idle(void *userdata) {
assert(m);
+ /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback
+ * device around, for which we have no configuration, and which already left the PENDING state. In all other
+ * cases we are not idle. */
+
HASHMAP_FOREACH(link, m->links, i) {
- /* we are not woken on udev activity, so let's just wait for the
- * pending udev event */
+ /* We are not woken on udev activity, so let's just wait for the pending udev event */
if (link->state == LINK_STATE_PENDING)
return false;
- if (!link->network)
- continue;
+ if ((link->flags & IFF_LOOPBACK) == 0)
+ return false;
- /* we are not woken on netork activity, so let's stay around */
- if (link_lldp_enabled(link) ||
- link_ipv4ll_enabled(link) ||
- link_dhcp4_server_enabled(link) ||
- link_dhcp4_enabled(link) ||
- link_dhcp6_enabled(link) ||
- link_ipv6_accept_ra_enabled(link))
+ if (link->network)
return false;
}

24
0005-core-fix-assertion-check.patch Normal file
View File

@ -0,0 +1,24 @@
From 84494c062524f39771cc9363597daa29d5d041b6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Feb 2016 13:18:36 +0100
Subject: [PATCH] core: fix assertion check
Fixes: #2632
(cherry picked from commit 3f51aec8647fe13f4b1e46b2f75ff635403adf91)
---
src/core/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index 6f3e6a8db3..3d0bae16e5 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
usec_t add;
assert(t);
- assert(*v);
+ assert(v);
if (t->random_usec == 0)
return;

26
0006-udev-fix-cg_unified-return-code-checking.patch Normal file
View File

@ -0,0 +1,26 @@
From 19bc96f7cdda48ca331d5cb0060d3a7eaad59a16 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Feb 2016 14:03:47 +0100
Subject: [PATCH] udev: fix cg_unified() return code checking
Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79.
Fixes: #2635
(cherry picked from commit 6d2353394fc33e923d1ab464c8f88df2a5105ffb)
---
src/udev/udevd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 2c1c4a967b..bb92f16352 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1715,7 +1715,7 @@ int main(int argc, char *argv[]) {
by PID1. otherwise we are not guaranteed to have a dedicated cgroup */
r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
if (r < 0) {
- if (r == -ENOENT || r == -ENOEXEC)
+ if (r == -ENOENT || r == -ENOMEDIUM)
log_debug_errno(r, "did not find dedicated cgroup: %m");
else
log_warning_errno(r, "failed to get cgroup: %m");

54
0007-core-revert-core-resolve-specifier-in-config_parse_e.patch Normal file
View File

@ -0,0 +1,54 @@
From 31acc428d9bfa04582ca7c5ec3580ef2b7aed172 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Wed, 17 Feb 2016 22:32:36 +0000
Subject: [PATCH] core: revert "core: resolve specifier in config_parse_exec()"
This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a.
Exec*-settings resolve specifiers twice:
%%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0
Fixes #2637
(cherry picked from commit bd1b973fb326e9b7587494fd6108e5ded46e9163)
---
src/core/load-fragment.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index b3dec7b8cc..8804b3ac41 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -574,9 +574,7 @@ int config_parse_exec(
void *data,
void *userdata) {
- _cleanup_free_ char *cmd = NULL;
ExecCommand **e = data;
- Unit *u = userdata;
const char *p;
bool semicolon;
int r;
@@ -585,7 +583,6 @@ int config_parse_exec(
assert(lvalue);
assert(rvalue);
assert(e);
- assert(u);
e += ltype;
rvalue += strspn(rvalue, WHITESPACE);
@@ -596,13 +593,7 @@ int config_parse_exec(
return 0;
}
- r = unit_full_printf(u, rvalue, &cmd);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
- return 0;
- }
-
- p = cmd;
+ p = rvalue;
do {
_cleanup_free_ char *path = NULL, *firstword = NULL;
bool separate_argv0 = false, ignore = false;

25
0008-activate-fix-E-option-parsing.patch Normal file
View File

@ -0,0 +1,25 @@
From 3ea302d20b1c60f469ed7315611d002a0d88f57d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Feb 2016 21:54:31 -0500
Subject: [PATCH] activate: fix -E option parsing
Fixes #2658.
(cherry picked from commit b722348d050aa2754cd9f903e8c3ce810c616b06)
---
src/activate/activate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/activate/activate.c b/src/activate/activate.c
index 0db4967edb..4b3d0e5371 100644
--- a/src/activate/activate.c
+++ b/src/activate/activate.c
@@ -379,7 +379,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "+hl:aEd", options, NULL)) >= 0)
+ while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
switch(c) {
case 'h':
help();

30
0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch Normal file
View File

@ -0,0 +1,30 @@
From 328e8daf82c4e82ebcd06ae87bb825d5060cb94b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Feb 2016 17:33:10 -0500
Subject: [PATCH] basic/strbuf: do not call bsearch with a null argument
Das ist verboten!
src/basic/strbuf.c:162:23: runtime error: null pointer passed as argument 2,
which is declared to never be null
(cherry picked from commit 82501b3fc40dae2660a86ab07462f33fe26347ad)
---
src/basic/strbuf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
index 77220c0251..dac2881603 100644
--- a/src/basic/strbuf.c
+++ b/src/basic/strbuf.c
@@ -156,6 +156,10 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
return off;
}
+ /* bsearch is not allowed on a NULL sequence */
+ if (node->children_count == 0)
+ break;
+
/* lookup child node */
c = s[len - 1 - depth];
search.c = c;

30
0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch Normal file
View File

@ -0,0 +1,30 @@
From 28c6938992e05238fa077ff820015bb37e1ecae6 Mon Sep 17 00:00:00 2001
From: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Date: Fri, 19 Feb 2016 15:21:18 +0100
Subject: [PATCH] udev/path_id: correct segmentation fault due to missing NULL
check
Running "udevadm test-builtin path_id /sys/devices/platform/" results
in a segmentation fault.
The problem is that udev_device_get_subsystem(dev) might return NULL
in a streq() call. Solve this problem by using streq_ptr() instead.
(cherry picked from commit 5181ab917d6407cb57043e98955f0de1614366ea)
---
src/udev/udev-builtin-path_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
index b6ed45d8ba..6e9adc6e96 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/udev/udev-builtin-path_id.c
@@ -712,7 +712,7 @@ static int builtin_path_id(struct udev_device *dev, int argc, char *argv[], bool
* devices do not expose their buses and do not provide a unique
* and predictable name that way.
*/
- if (streq(udev_device_get_subsystem(dev), "block") && !supported_transport)
+ if (streq_ptr(udev_device_get_subsystem(dev), "block") && !supported_transport)
path = mfree(path);
if (path != NULL) {

27
0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch Normal file
View File

@ -0,0 +1,27 @@
From 319dadd4b39ed03271848ca649e4d76de0fbf8ff Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sun, 21 Feb 2016 22:27:01 +0100
Subject: [PATCH] networkd: make sure we allocate the NTA set before we add
items to it
See: #2683
(cherry picked from commit cbbf38aefc7a3d18d68f0d8fffb6b59d77948690)
---
src/network/networkd-network.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 4315790093..54f76fe206 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -994,6 +994,10 @@ int config_parse_dnssec_negative_trust_anchors(
continue;
}
+ r = set_ensure_allocated(&n->dnssec_negative_trust_anchors, &dns_name_hash_ops);
+ if (r < 0)
+ return log_oom();
+
r = set_put(n->dnssec_negative_trust_anchors, w);
if (r < 0)
return log_oom();

70
0012-networkd-tunnel-fix-tunnel-address.patch Normal file
View File

@ -0,0 +1,70 @@
From f432f7f9037833d77e6e0d16c275b950e1cd8e03 Mon Sep 17 00:00:00 2001
From: Susant Sahani <ssahani@gmail.com>
Date: Sat, 20 Feb 2016 18:03:31 +0530
Subject: [PATCH] networkd: tunnel fix tunnel address
this fixes 2655
(cherry picked from commit 07dcb085893a2fe212b7e158028725876d2ab98f)
---
src/network/networkd-netdev-tunnel.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c
index 46ff2974f4..7aaa041ba3 100644
--- a/src/network/networkd-netdev-tunnel.c
+++ b/src/network/networkd-netdev-tunnel.c
@@ -54,7 +54,7 @@ static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlin
assert(link);
assert(m);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0)
@@ -87,7 +87,7 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink
assert(link);
assert(m);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0)
@@ -124,7 +124,7 @@ static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink
t = GRETAP(netdev);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
assert(link);
assert(m);
@@ -497,7 +497,7 @@ static void ipip_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void sit_init(NetDev *n) {
@@ -507,7 +507,7 @@ static void sit_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void vti_init(NetDev *n) {
@@ -538,7 +538,7 @@ static void gre_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void ip6gre_init(NetDev *n) {

47
0013-calendarspec-fix-find_next-skipping-times.patch Normal file
View File

@ -0,0 +1,47 @@
From 182b69ec5eade7b2accc09d58128b6d286067299 Mon Sep 17 00:00:00 2001
From: Hristo Venev <hristo@venev.name>
Date: Mon, 22 Feb 2016 08:02:48 -0500
Subject: [PATCH] calendarspec: fix find_next skipping times
reset usec when bumping hours/minutes
(cherry picked from commit a022d76e6a7c711954be5535e6308d0a470e232a)
---
src/basic/calendarspec.c | 4 ++--
src/test/test-calendarspec.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index 775879076d..ac7b7c4c87 100644
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -1027,7 +1027,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
r = find_matching_component(spec->hour, &c.tm_hour);
if (r > 0)
- c.tm_min = c.tm_sec = 0;
+ c.tm_min = c.tm_sec = tm_usec = 0;
if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
c.tm_mday ++;
c.tm_hour = c.tm_min = c.tm_sec = tm_usec = 0;
@@ -1036,7 +1036,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
r = find_matching_component(spec->minute, &c.tm_min);
if (r > 0)
- c.tm_sec = 0;
+ c.tm_sec = tm_usec = 0;
if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
c.tm_hour ++;
c.tm_min = c.tm_sec = tm_usec = 0;
diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
index 8754cb3381..5a8c6cbfb6 100644
--- a/src/test/test-calendarspec.c
+++ b/src/test/test-calendarspec.c
@@ -137,6 +137,7 @@ int main(int argc, char* argv[]) {
test_next("2015-11-13 09:11:23.42", "EET", 12345, 1447398683420000);
test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683420000, 1447398685190000);
test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683419999, 1447398683420000);
+ test_next("Sun 16:00:00", "CET", 1456041600123456, 1456066800000000);
assert_se(calendar_spec_from_string("test", &c) < 0);
assert_se(calendar_spec_from_string("", &c) < 0);

52
0014-core-exclude-.slice-units-from-systemctl-isolate.patch Normal file
View File

@ -0,0 +1,52 @@
From 3d08427e07af2419f542c3786db2e78f0ed7c282 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 18 Feb 2016 22:51:23 +0100
Subject: [PATCH] core: exclude .slice units from "systemctl isolate"
Fixes: #1969
(cherry picked from commit 1b4cd0cf11feb7d41f2eff17f86fa55b31bb6841)
---
src/core/scope.c | 3 +--
src/core/slice.c | 8 ++++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/core/scope.c b/src/core/scope.c
index c5d0ecef04..361695c3f9 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -50,8 +50,7 @@ static void scope_init(Unit *u) {
assert(u->load_state == UNIT_STUB);
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
-
- UNIT(s)->ignore_on_isolate = true;
+ u->ignore_on_isolate = true;
}
static void scope_done(Unit *u) {
diff --git a/src/core/slice.c b/src/core/slice.c
index d65364c6f4..667f61bde5 100644
--- a/src/core/slice.c
+++ b/src/core/slice.c
@@ -34,6 +34,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = {
[SLICE_ACTIVE] = UNIT_ACTIVE
};
+static void slice_init(Unit *u) {
+ assert(u);
+ assert(u->load_state == UNIT_STUB);
+
+ u->ignore_on_isolate = true;
+}
+
static void slice_set_state(Slice *t, SliceState state) {
SliceState old_state;
assert(t);
@@ -305,6 +312,7 @@ const UnitVTable slice_vtable = {
.no_instances = true,
.can_transient = true,
+ .init = slice_init,
.load = slice_load,
.coldplug = slice_coldplug,

35
0015-shorten-hostname-before-checking-for-trailing-dot.patch Normal file
View File

@ -0,0 +1,35 @@
From 414c46af13efbb4b0eeb0c7d429e1941742f120e Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Mon, 29 Feb 2016 10:19:01 +0100
Subject: [PATCH] shorten hostname before checking for trailing dot
Shortening can lead to a hostname that has a trailing dot.
Therefore it should be done before checking from trailing dots.
(cherry picked from commit 46e1a2278116e2f5067c35127ccbd8589335f734)
---
src/basic/hostname-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c
index 7bb23448ed..123cee3125 100644
--- a/src/basic/hostname-util.c
+++ b/src/basic/hostname-util.c
@@ -122,6 +122,8 @@ char* hostname_cleanup(char *s) {
assert(s);
+ strshorten(s, HOST_NAME_MAX);
+
for (p = s, d = s, dot = true; *p; p++) {
if (*p == '.') {
if (dot)
@@ -141,8 +143,6 @@ char* hostname_cleanup(char *s) {
else
*d = 0;
- strshorten(s, HOST_NAME_MAX);
-
return s;
}

81
0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch Normal file
View File

@ -0,0 +1,81 @@
From 270eaf14c4905a9635bd1d009cb1565cd4f3626f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 22 Feb 2016 18:40:28 +0100
Subject: [PATCH] hashmap: use void* and uint8_t* for generic pointers
As suggested by CODING_STYLE we should use "void*" as type for generic memory,
and uint8_t* for generic bytes. Hence use that instead of "char*", which should
really be used only for strings these days.
(cherry picked from commit 1a39bc8c650802630696c38e510a4a2a4c6bda92)
---
src/basic/hashmap.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c
index 6f1a049d47..85b8d812b3 100644
--- a/src/basic/hashmap.c
+++ b/src/basic/hashmap.c
@@ -176,7 +176,7 @@ enum HashmapType {
};
struct _packed_ indirect_storage {
- char *storage; /* where buckets and DIBs are stored */
+ void *storage; /* where buckets and DIBs are stored */
uint8_t hash_key[HASH_KEY_SIZE]; /* hash key; changes during resize */
unsigned n_entries; /* number of stored entries */
@@ -193,7 +193,7 @@ struct direct_storage {
/* This gives us 39 bytes on 64bit, or 35 bytes on 32bit.
* That's room for 4 set_entries + 4 DIB bytes + 3 unused bytes on 64bit,
* or 7 set_entries + 7 DIB bytes + 0 unused bytes on 32bit. */
- char storage[sizeof(struct indirect_storage)];
+ uint8_t storage[sizeof(struct indirect_storage)];
};
#define DIRECT_BUCKETS(entry_t) \
@@ -302,7 +302,7 @@ static void n_entries_dec(HashmapBase *h) {
h->n_direct_entries--;
}
-static char *storage_ptr(HashmapBase *h) {
+static void *storage_ptr(HashmapBase *h) {
return h->has_indirect ? h->indirect.storage
: h->direct.storage;
}
@@ -347,7 +347,7 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) {
static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) {
return (struct hashmap_base_entry*)
- (storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
+ ((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
}
static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) {
@@ -381,7 +381,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_
static dib_raw_t *dib_raw_ptr(HashmapBase *h) {
return (dib_raw_t*)
- (storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
+ ((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
}
static unsigned bucket_distance(HashmapBase *h, unsigned idx, unsigned from) {
@@ -1028,7 +1028,7 @@ static int hashmap_base_put_boldly(HashmapBase *h, unsigned idx,
*/
static int resize_buckets(HashmapBase *h, unsigned entries_add) {
struct swap_entries swap;
- char *new_storage;
+ void *new_storage;
dib_raw_t *old_dibs, *new_dibs;
const struct hashmap_type_info *hi;
unsigned idx, optimal_idx;
@@ -1095,7 +1095,7 @@ static int resize_buckets(HashmapBase *h, unsigned entries_add) {
h->indirect.n_buckets = (1U << new_shift) /
(hi->entry_size + sizeof(dib_raw_t));
- old_dibs = (dib_raw_t*)(new_storage + hi->entry_size * old_n_buckets);
+ old_dibs = (dib_raw_t*)((uint8_t*) new_storage + hi->entry_size * old_n_buckets);
new_dibs = dib_raw_ptr(h);
/*

260
0017-resolved-fix-notification-iteration-logic-when-trans.patch Normal file
View File

@ -0,0 +1,260 @@
From 61596a9aac5f0d4cef3845b04d61f2dad4aa0814 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 22 Feb 2016 20:39:45 +0100
Subject: [PATCH] resolved: fix notification iteration logic when transactions
are completed
When a transaction is complete, and we notify its owners, make sure we deal
correctly with the requesters removing themselves from the list of owners while
we continue iterating.
This was previously already dealt with with transactions that require other
transactions for DNSSEC purposes, fix this for other possibly transaction
owners too now.
Since iterating through "Set" objects is not safe regarding removal of entries
from it, rework the logic to use two Sets, and move each entry we notified from
one set to the other set before we dispatch the notification. This move operation
requires no additional memory, and enables us to ensure that we don't notify
any object twice.
Fixes: #2676
(cherry picked from commit 35aa04e9edf422beac3493afa555d29575b3046c)
---
src/basic/macro.h | 6 ++++
src/basic/set.h | 3 ++
src/resolve/resolved-dns-query.c | 5 +++
src/resolve/resolved-dns-transaction.c | 62 ++++++++++++++++------------------
src/resolve/resolved-dns-transaction.h | 6 ++--
src/resolve/resolved-dns-zone.c | 5 +++
6 files changed, 52 insertions(+), 35 deletions(-)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 2695d0edb7..ab5cc97e17 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -361,6 +361,12 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) {
_found; \
})
+#define SWAP_TWO(x, y) do { \
+ typeof(x) _t = (x); \
+ (x) = (y); \
+ (y) = (_t); \
+ } while (false)
+
/* Define C11 thread_local attribute even on older gcc compiler
* version */
#ifndef thread_local
diff --git a/src/basic/set.h b/src/basic/set.h
index 2bff5062da..e0d9dd001c 100644
--- a/src/basic/set.h
+++ b/src/basic/set.h
@@ -126,6 +126,9 @@ int set_put_strdupv(Set *s, char **l);
#define SET_FOREACH(e, s, i) \
for ((i) = ITERATOR_FIRST; set_iterate((s), &(i), (void**)&(e)); )
+#define SET_FOREACH_MOVE(e, d, s) \
+ for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); )
+
DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free);
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index a378b2b7f7..2a02544eb6 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -62,6 +62,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
while ((t = set_steal_first(c->transactions))) {
set_remove(t->notify_query_candidates, c);
+ set_remove(t->notify_query_candidates_done, c);
dns_transaction_gc(t);
}
}
@@ -139,6 +140,10 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->notify_query_candidates, c);
if (r < 0)
goto gc;
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index d48fdd1281..4f5cbab702 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -52,6 +52,7 @@ static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) {
while ((z = set_steal_first(t->dnssec_transactions))) {
set_remove(z->notify_transactions, t);
+ set_remove(z->notify_transactions_done, t);
dns_transaction_gc(z);
}
}
@@ -100,14 +101,26 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
set_remove(c->transactions, t);
set_free(t->notify_query_candidates);
+ while ((c = set_steal_first(t->notify_query_candidates_done)))
+ set_remove(c->transactions, t);
+ set_free(t->notify_query_candidates_done);
+
while ((i = set_steal_first(t->notify_zone_items)))
i->probe_transaction = NULL;
set_free(t->notify_zone_items);
+ while ((i = set_steal_first(t->notify_zone_items_done)))
+ i->probe_transaction = NULL;
+ set_free(t->notify_zone_items_done);
+
while ((z = set_steal_first(t->notify_transactions)))
set_remove(z->dnssec_transactions, t);
set_free(t->notify_transactions);
+ while ((z = set_steal_first(t->notify_transactions_done)))
+ set_remove(z->dnssec_transactions, t);
+ set_free(t->notify_transactions_done);
+
dns_transaction_flush_dnssec_transactions(t);
set_free(t->dnssec_transactions);
@@ -128,8 +141,11 @@ bool dns_transaction_gc(DnsTransaction *t) {
return true;
if (set_isempty(t->notify_query_candidates) &&
+ set_isempty(t->notify_query_candidates_done) &&
set_isempty(t->notify_zone_items) &&
- set_isempty(t->notify_transactions)) {
+ set_isempty(t->notify_zone_items_done) &&
+ set_isempty(t->notify_transactions) &&
+ set_isempty(t->notify_transactions_done)) {
dns_transaction_free(t);
return false;
}
@@ -266,6 +282,7 @@ static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
t->block_gc++;
+
while ((z = set_first(t->notify_zone_items))) {
/* First, make sure the zone item drops the reference
* to us */
@@ -284,7 +301,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
DnsQueryCandidate *c;
DnsZoneItem *z;
DnsTransaction *d;
- Iterator i;
const char *st;
assert(t);
@@ -329,39 +345,17 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
* transaction isn't freed while we are still looking at it */
t->block_gc++;
- SET_FOREACH(c, t->notify_query_candidates, i)
+ SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates)
dns_query_candidate_notify(c);
- SET_FOREACH(z, t->notify_zone_items, i)
- dns_zone_item_notify(z);
+ SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done);
- if (!set_isempty(t->notify_transactions)) {
- DnsTransaction **nt;
- unsigned j, n = 0;
-
- /* We need to be careful when notifying other
- * transactions, as that might destroy other
- * transactions in our list. Hence, in order to be
- * able to safely iterate through the list of
- * transactions, take a GC lock on all of them
- * first. Then, in a second loop, notify them, but
- * first unlock that specific transaction. */
-
- nt = newa(DnsTransaction*, set_size(t->notify_transactions));
- SET_FOREACH(d, t->notify_transactions, i) {
- nt[n++] = d;
- d->block_gc++;
- }
-
- assert(n == set_size(t->notify_transactions));
+ SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items)
+ dns_zone_item_notify(z);
+ SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done);
- for (j = 0; j < n; j++) {
- if (set_contains(t->notify_transactions, nt[j]))
- dns_transaction_notify(nt[j], t);
-
- nt[j]->block_gc--;
- dns_transaction_gc(nt[j]);
- }
- }
+ SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions)
+ dns_transaction_notify(d, t);
+ SWAP_TWO(t->notify_transactions, t->notify_transactions_done);
t->block_gc--;
dns_transaction_gc(t);
@@ -1619,6 +1613,10 @@ static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResource
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&aux->notify_transactions_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->dnssec_transactions, aux);
if (r < 0)
goto gc;
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 4617194711..fd0237d166 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -119,17 +119,17 @@ struct DnsTransaction {
/* Query candidates this transaction is referenced by and that
* shall be notified about this specific transaction
* completing. */
- Set *notify_query_candidates;
+ Set *notify_query_candidates, *notify_query_candidates_done;
/* Zone items this transaction is referenced by and that shall
* be notified about completion. */
- Set *notify_zone_items;
+ Set *notify_zone_items, *notify_zone_items_done;
/* Other transactions that this transactions is referenced by
* and that shall be notified about completion. This is used
* when transactions want to validate their RRsets, but need
* another DNSKEY or DS RR to do so. */
- Set *notify_transactions;
+ Set *notify_transactions, *notify_transactions_done;
/* The opposite direction: the transactions this transaction
* created in order to request DNSKEY or DS RRs. */
diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c
index f52383cfd1..be535cff14 100644
--- a/src/resolve/resolved-dns-zone.c
+++ b/src/resolve/resolved-dns-zone.c
@@ -38,6 +38,7 @@ void dns_zone_item_probe_stop(DnsZoneItem *i) {
i->probe_transaction = NULL;
set_remove(t->notify_zone_items, i);
+ set_remove(t->notify_zone_items_done, i);
dns_transaction_gc(t);
}
@@ -186,6 +187,10 @@ static int dns_zone_item_probe_start(DnsZoneItem *i) {
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&t->notify_zone_items_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->notify_zone_items, i);
if (r < 0)
goto gc;

249
0018-selinux-always-try-to-load-the-full-selinux-db.patch Normal file
View File

@ -0,0 +1,249 @@
From a4feb275ce859fb63e1153cb2eb16ed276f3a96f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 1 Mar 2016 20:35:55 -0500
Subject: [PATCH] selinux: always try to load the full selinux db
https://github.com/systemd/systemd/pull/2508#issuecomment-190901170
Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
(cherry picked from commit c3dacc8bbf2dc2f5d498072418289c3ba79160ac)
---
src/basic/selinux-util.c | 16 ++++------------
src/basic/selinux-util.h | 2 +-
src/core/main.c | 2 +-
src/hostname/hostnamed.c | 2 +-
src/locale/localed.c | 2 +-
src/login/logind.c | 2 +-
src/resolve/resolved.c | 2 +-
src/sysusers/sysusers.c | 2 +-
src/test/test-udev.c | 2 +-
src/timedate/timedated.c | 2 +-
src/tmpfiles/tmpfiles.c | 2 +-
src/udev/udevadm.c | 2 +-
src/udev/udevd.c | 2 +-
src/update-done/update-done.c | 2 +-
src/user-sessions/user-sessions.c | 2 +-
15 files changed, 18 insertions(+), 26 deletions(-)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 6c63b9d652..71ceac1bcd 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -80,31 +80,23 @@ void mac_selinux_retest(void) {
#endif
}
-int mac_selinux_init(const char *prefix) {
+int mac_selinux_init(void) {
int r = 0;
#ifdef HAVE_SELINUX
usec_t before_timestamp, after_timestamp;
struct mallinfo before_mallinfo, after_mallinfo;
- if (!mac_selinux_use())
+ if (label_hnd)
return 0;
- if (label_hnd)
+ if (!mac_selinux_use())
return 0;
before_mallinfo = mallinfo();
before_timestamp = now(CLOCK_MONOTONIC);
- if (prefix) {
- struct selinux_opt options[] = {
- { .type = SELABEL_OPT_SUBSET, .value = prefix },
- };
-
- label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
- } else
- label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (!label_hnd) {
log_enforcing("Failed to initialize SELinux context: %m");
r = security_getenforce() == 1 ? -errno : 0;
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
index 27e8edb41b..ce6bc8e44c 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -29,7 +29,7 @@ bool mac_selinux_use(void);
bool mac_selinux_have(void);
void mac_selinux_retest(void);
-int mac_selinux_init(const char *prefix);
+int mac_selinux_init(void);
void mac_selinux_finish(void);
int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
diff --git a/src/core/main.c b/src/core/main.c
index e2088574c0..d861960c6d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1382,7 +1382,7 @@ int main(int argc, char *argv[]) {
dual_timestamp_get(&security_finish_timestamp);
}
- if (mac_selinux_init(NULL) < 0) {
+ if (mac_selinux_init() < 0) {
error_message = "Failed to initialize SELinux policy";
goto finish;
}
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index c37e32e96b..d11756e615 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -706,7 +706,7 @@ int main(int argc, char *argv[]) {
log_open();
umask(0022);
- mac_selinux_init("/etc");
+ mac_selinux_init();
if (argc != 1) {
log_error("This program takes no arguments.");
diff --git a/src/locale/localed.c b/src/locale/localed.c
index f0fe59cc67..a2fc6af4c9 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) {
log_open();
umask(0022);
- mac_selinux_init("/etc");
+ mac_selinux_init();
if (argc != 1) {
log_error("This program takes no arguments.");
diff --git a/src/login/logind.c b/src/login/logind.c
index 933602eb08..d5f6757bd3 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- r = mac_selinux_init("/run");
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "Could not initialize labelling: %m");
goto finish;
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index c7e2ab14d6..161ea03412 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 863c628323..4377f1b910 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/test/test-udev.c b/src/test/test-udev.c
index 9cc64f7c68..d01789fe08 100644
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
log_debug("version %s", VERSION);
- mac_selinux_init("/dev");
+ mac_selinux_init();
action = argv[1];
if (action == NULL) {
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index 2a10135fba..a522d0c5f9 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -159,7 +159,7 @@ static int context_write_data_local_rtc(Context *c) {
}
}
- mac_selinux_init("/etc");
+ mac_selinux_init();
return write_string_file_atomic_label("/etc/adjtime", w);
}
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 7b105a6bd4..f3487013cf 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- mac_selinux_init(NULL);
+ mac_selinux_init();
items = ordered_hashmap_new(&string_hash_ops);
globs = ordered_hashmap_new(&string_hash_ops);
diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
index 7bd2c1ea42..a6a873e5de 100644
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
- mac_selinux_init("/dev");
+ mac_selinux_init();
while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0)
switch (c) {
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index bb92f16352..243df7386f 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) {
umask(022);
- r = mac_selinux_init("/dev");
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "could not initialize labelling: %m");
goto exit;
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 931e583785..da306a4444 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
index 8bf44e2100..9b29b5ba1d 100644
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@@ -40,7 +40,7 @@ int main(int argc, char*argv[]) {
umask(0022);
- mac_selinux_init(NULL);
+ mac_selinux_init();
if (streq(argv[1], "start")) {
int r = 0;

45
0019-selinux-use-raw-variants-of-security_compute_create-.patch Normal file
View File

@ -0,0 +1,45 @@
From 4f1ae61da9eda1115c1461e77a44101d96532700 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 2 Mar 2016 10:16:39 -0500
Subject: [PATCH] selinux: use raw variants of security_compute_create and
setfscreatecon
As suggested by Evgeny Vereshchagin as a follow up for
https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
(cherry picked from commit 5c5433ad32c3d911f0c66cc124d190d40a2b5f5b)
---
src/basic/selinux-util.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 71ceac1bcd..5e6181f662 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -217,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
return -errno;
sclass = string_to_security_class("process");
- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
+ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
@@ -296,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
return -ENOMEM;
sclass = string_to_security_class("process");
- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
+ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
@@ -350,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
log_enforcing("Failed to determine SELinux security context for %s: %m", path);
} else {
- if (setfscreatecon(filecon) >= 0)
+ if (setfscreatecon_raw(filecon) >= 0)
return 0; /* Success! */
log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path);

19
systemd.spec
View File

@ -35,6 +35,24 @@ Source8: systemd-journal-gatewayd.xml
Source9: 20-yama-ptrace.conf Source9: 20-yama-ptrace.conf
Patch0001: 0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch Patch0001: 0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch
Patch0002: 0002-core-fix-indenting-in-dump-output.patch
Patch0003: 0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch
Patch0004: 0004-networkd-rework-idle-detection-logic-of-networkd.patch
Patch0005: 0005-core-fix-assertion-check.patch
Patch0006: 0006-udev-fix-cg_unified-return-code-checking.patch
Patch0007: 0007-core-revert-core-resolve-specifier-in-config_parse_e.patch
Patch0008: 0008-activate-fix-E-option-parsing.patch
Patch0009: 0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch
Patch0010: 0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch
Patch0011: 0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch
Patch0012: 0012-networkd-tunnel-fix-tunnel-address.patch
Patch0013: 0013-calendarspec-fix-find_next-skipping-times.patch
Patch0014: 0014-core-exclude-.slice-units-from-systemctl-isolate.patch
Patch0015: 0015-shorten-hostname-before-checking-for-trailing-dot.patch
Patch0016: 0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
Patch0017: 0017-resolved-fix-notification-iteration-logic-when-trans.patch
Patch0018: 0018-selinux-always-try-to-load-the-full-selinux-db.patch
Patch0019: 0019-selinux-use-raw-variants-of-security_compute_create-.patch
Patch0999: 0999-Add-a-workaround-for-linux-net-if.h-conflict.patch Patch0999: 0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
@ -911,6 +929,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-5 * Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-5
- Split out systemd-container subpackage (#1163412) - Split out systemd-container subpackage (#1163412)
- Split out system-udev subpackage - Split out system-udev subpackage
- Add various bugfix patches, incl. a tentative fix for #1308771
* Tue Mar 1 2016 Peter Robinson <pbrobinson@fedoraproject.org> 229-4 * Tue Mar 1 2016 Peter Robinson <pbrobinson@fedoraproject.org> 229-4
- Power64 and s390(x) now have libseccomp support - Power64 and s390(x) now have libseccomp support