rpms/systemd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-72.el8

Browse Source
This commit is contained in:
CentOS Sources 2023-03-28 09:12:37 +00:00 committed by Stepan Oksanichenko
parent d976fabcbe
commit 3af7cd1371
49 changed files with 4920 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

377
SOURCES/0826-logind-optionally-watch-utmp-for-login-data.patch Normal file
View File

@ -0,0 +1,377 @@
From d897789b4dc7d115c915842eabf33ed3de20110a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 7 Aug 2018 13:49:34 +0200
Subject: [PATCH] logind: optionally watch utmp for login data
This allows us to determine the TTY an ssh session is for, which is
useful to to proper idle detection for ssh sessions.
Fixes: #9622
(cherry picked from commit 3d0ef5c7e00155bc74f6f71c34cad518a4ff56ba)
Related: #2122288
---
src/login/logind-core.c | 143 +++++++++++++++++++++++++++++++++++++
src/login/logind-dbus.c | 5 ++
src/login/logind-session.c | 24 +++++++
src/login/logind-session.h | 14 +++-
src/login/logind.c | 10 +++
src/login/logind.h | 8 +++
6 files changed, 203 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 0ed812a2c8..7e33f8e6aa 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -5,6 +5,9 @@
#include <sys/ioctl.h>
#include <sys/types.h>
#include <linux/vt.h>
+#if ENABLE_UTMP
+#include <utmpx.h>
+#endif
#include "alloc-util.h"
#include "bus-error.h"
@@ -14,6 +17,7 @@
#include "fd-util.h"
#include "logind.h"
#include "parse-util.h"
+#include "path-util.h"
#include "process-util.h"
#include "strv.h"
#include "terminal-util.h"
@@ -692,3 +696,142 @@ bool manager_all_buttons_ignored(Manager *m) {
return true;
}
+
+int manager_read_utmp(Manager *m) {
+#if ENABLE_UTMP
+ int r;
+
+ assert(m);
+
+ if (utmpxname(_PATH_UTMPX) < 0)
+ return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m");
+
+ setutxent();
+
+ for (;;) {
+ _cleanup_free_ char *t = NULL;
+ struct utmpx *u;
+ const char *c;
+ Session *s;
+
+ errno = 0;
+ u = getutxent();
+ if (!u) {
+ if (errno != 0)
+ log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m");
+ r = 0;
+ break;
+ }
+
+ if (u->ut_type != USER_PROCESS)
+ continue;
+
+ if (!pid_is_valid(u->ut_pid))
+ continue;
+
+ t = strndup(u->ut_line, sizeof(u->ut_line));
+ if (!t) {
+ r = log_oom();
+ break;
+ }
+
+ c = path_startswith(t, "/dev/");
+ if (c) {
+ r = free_and_strdup(&t, c);
+ if (r < 0) {
+ log_oom();
+ break;
+ }
+ }
+
+ if (isempty(t))
+ continue;
+
+ s = hashmap_get(m->sessions_by_leader, PID_TO_PTR(u->ut_pid));
+ if (!s)
+ continue;
+
+ if (s->tty_validity == TTY_FROM_UTMP && !streq_ptr(s->tty, t)) {
+ /* This may happen on multiplexed SSH connection (i.e. 'SSH connection sharing'). In
+ * this case PAM and utmp sessions don't match. In such a case let's invalidate the TTY
+ * information and never acquire it again. */
+
+ s->tty = mfree(s->tty);
+ s->tty_validity = TTY_UTMP_INCONSISTENT;
+ log_debug("Session '%s' has inconsistent TTY information, dropping TTY information.", s->id);
+ continue;
+ }
+
+ /* Never override what we figured out once */
+ if (s->tty || s->tty_validity >= 0)
+ continue;
+
+ s->tty = TAKE_PTR(t);
+ s->tty_validity = TTY_FROM_UTMP;
+ log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id);
+ }
+
+ endutxent();
+ return r;
+#else
+ return 0
+#endif
+}
+
+#if ENABLE_UTMP
+static int manager_dispatch_utmp(sd_event_source *s, const struct inotify_event *event, void *userdata) {
+ Manager *m = userdata;
+
+ assert(m);
+
+ /* If there's indication the file itself might have been removed or became otherwise unavailable, then let's
+ * reestablish the watch on whatever there's now. */
+ if ((event->mask & (IN_ATTRIB|IN_DELETE_SELF|IN_MOVE_SELF|IN_Q_OVERFLOW|IN_UNMOUNT)) != 0)
+ manager_connect_utmp(m);
+
+ (void) manager_read_utmp(m);
+ return 0;
+}
+#endif
+
+void manager_connect_utmp(Manager *m) {
+#if ENABLE_UTMP
+ sd_event_source *s = NULL;
+ int r;
+
+ assert(m);
+
+ /* Watch utmp for changes via inotify. We do this to deal with tools such as ssh, which will register the PAM
+ * session early, and acquire a TTY only much later for the connection. Thus during PAM the TTY won't be known
+ * yet. ssh will register itself with utmp when it finally acquired the TTY. Hence, let's make use of this, and
+ * watch utmp for the TTY asynchronously. We use the PAM session's leader PID as key, to find the right entry.
+ *
+ * Yes, relying on utmp is pretty ugly, but it's good enough for informational purposes, as well as idle
+ * detection (which, for tty sessions, relies on the TTY used) */
+
+ r = sd_event_add_inotify(m->event, &s, _PATH_UTMPX, IN_MODIFY|IN_MOVE_SELF|IN_DELETE_SELF|IN_ATTRIB, manager_dispatch_utmp, m);
+ if (r < 0)
+ log_full_errno(r == -ENOENT ? LOG_DEBUG: LOG_WARNING, r, "Failed to create inotify watch on " _PATH_UTMPX ", ignoring: %m");
+ else {
+ r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE);
+ if (r < 0)
+ log_warning_errno(r, "Failed to adjust utmp event source priority, ignoring: %m");
+
+ (void) sd_event_source_set_description(s, "utmp");
+ }
+
+ sd_event_source_unref(m->utmp_event_source);
+ m->utmp_event_source = s;
+#endif
+}
+
+void manager_reconnect_utmp(Manager *m) {
+#if ENABLE_UTMP
+ assert(m);
+
+ if (m->utmp_event_source)
+ return;
+
+ manager_connect_utmp(m);
+#endif
+}
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 1bb152bc20..0248042308 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -772,6 +772,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
} while (hashmap_get(m->sessions, id));
}
+ /* If we are not watching utmp aleady, try again */
+ manager_reconnect_utmp(m);
+
r = manager_add_user_by_uid(m, uid, &user);
if (r < 0)
goto fail;
@@ -795,6 +798,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
r = -ENOMEM;
goto fail;
}
+
+ session->tty_validity = TTY_FROM_PAM;
}
if (!isempty(display)) {
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 1143a834a4..d666f86d3f 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -56,6 +56,7 @@ int session_new(Session **ret, Manager *m, const char *id) {
.fifo_fd = -1,
.vtfd = -1,
.audit_id = AUDIT_SESSION_INVALID,
+ .tty_validity = _TTY_VALIDITY_INVALID,
};
s->state_file = strappend("/run/systemd/sessions/", id);
@@ -219,6 +220,9 @@ int session_save(Session *s) {
if (s->tty)
fprintf(f, "TTY=%s\n", s->tty);
+ if (s->tty_validity >= 0)
+ fprintf(f, "TTY_VALIDITY=%s\n", tty_validity_to_string(s->tty_validity));
+
if (s->display)
fprintf(f, "DISPLAY=%s\n", s->display);
@@ -355,6 +359,7 @@ static int session_load_devices(Session *s, const char *devices) {
int session_load(Session *s) {
_cleanup_free_ char *remote = NULL,
*seat = NULL,
+ *tty_validity = NULL,
*vtnr = NULL,
*state = NULL,
*position = NULL,
@@ -380,6 +385,7 @@ int session_load(Session *s) {
"FIFO", &s->fifo_path,
"SEAT", &seat,
"TTY", &s->tty,
+ "TTY_VALIDITY", &tty_validity,
"DISPLAY", &s->display,
"REMOTE_HOST", &s->remote_host,
"REMOTE_USER", &s->remote_user,
@@ -456,6 +462,16 @@ int session_load(Session *s) {
seat_claim_position(s->seat, s, npos);
}
+ if (tty_validity) {
+ TTYValidity v;
+
+ v = tty_validity_from_string(tty_validity);
+ if (v < 0)
+ log_debug("Failed to parse TTY validity: %s", tty_validity);
+ else
+ s->tty_validity = v;
+ }
+
if (leader) {
if (parse_pid(leader, &s->leader) >= 0)
(void) audit_session_from_pid(s->leader, &s->audit_id);
@@ -1368,3 +1384,11 @@ static const char* const kill_who_table[_KILL_WHO_MAX] = {
};
DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
+
+static const char* const tty_validity_table[_TTY_VALIDITY_MAX] = {
+ [TTY_FROM_PAM] = "from-pam",
+ [TTY_FROM_UTMP] = "from-utmp",
+ [TTY_UTMP_INCONSISTENT] = "utmp-inconsistent",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(tty_validity, TTYValidity);
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index 9bd0c96a03..7da845cea3 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -46,6 +46,14 @@ enum KillWho {
_KILL_WHO_INVALID = -1
};
+typedef enum TTYValidity {
+ TTY_FROM_PAM,
+ TTY_FROM_UTMP,
+ TTY_UTMP_INCONSISTENT, /* may happen on ssh sessions with multiplexed TTYs */
+ _TTY_VALIDITY_MAX,
+ _TTY_VALIDITY_INVALID = -1,
+} TTYValidity;
+
struct Session {
Manager *manager;
@@ -60,8 +68,9 @@ struct Session {
dual_timestamp timestamp;
- char *tty;
char *display;
+ char *tty;
+ TTYValidity tty_validity;
bool remote;
char *remote_user;
@@ -159,6 +168,9 @@ SessionClass session_class_from_string(const char *s) _pure_;
const char *kill_who_to_string(KillWho k) _const_;
KillWho kill_who_from_string(const char *s) _pure_;
+const char* tty_validity_to_string(TTYValidity t) _const_;
+TTYValidity tty_validity_from_string(const char *s) _pure_;
+
int session_prepare_vt(Session *s);
void session_restore_vt(Session *s);
void session_leave_vt(Session *s);
diff --git a/src/login/logind.c b/src/login/logind.c
index 6c208c8e89..25de9a6ab2 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -132,6 +132,10 @@ static Manager* manager_unref(Manager *m) {
sd_event_source_unref(m->udev_button_event_source);
sd_event_source_unref(m->lid_switch_ignore_event_source);
+#if ENABLE_UTMP
+ sd_event_source_unref(m->utmp_event_source);
+#endif
+
safe_close(m->console_active_fd);
udev_monitor_unref(m->udev_seat_monitor);
@@ -1095,6 +1099,9 @@ static int manager_startup(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to register SIGHUP handler: %m");
+ /* Connect to utmp */
+ manager_connect_utmp(m);
+
/* Connect to console */
r = manager_connect_console(m);
if (r < 0)
@@ -1150,6 +1157,9 @@ static int manager_startup(Manager *m) {
/* Reserve the special reserved VT */
manager_reserve_vt(m);
+ /* Read in utmp if it exists */
+ manager_read_utmp(m);
+
/* And start everything */
HASHMAP_FOREACH(seat, m->seats, i)
seat_start(seat);
diff --git a/src/login/logind.h b/src/login/logind.h
index d29b01c75b..bb127bf4a5 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -43,6 +43,10 @@ struct Manager {
sd_event_source *udev_vcsa_event_source;
sd_event_source *udev_button_event_source;
+#if ENABLE_UTMP
+ sd_event_source *utmp_event_source;
+#endif
+
int console_active_fd;
unsigned n_autovts;
@@ -150,6 +154,10 @@ bool manager_is_docked_or_external_displays(Manager *m);
bool manager_is_on_external_power(void);
bool manager_all_buttons_ignored(Manager *m);
+int manager_read_utmp(Manager *m);
+void manager_connect_utmp(Manager *m);
+void manager_reconnect_utmp(Manager *m);
+
extern const sd_bus_vtable manager_vtable[];
int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error);

188
SOURCES/0827-logind-add-hashtable-for-finding-session-by-leader-P.patch Normal file
View File

@ -0,0 +1,188 @@
From fbc394252588325b6e7ecd1ab65ad40b51763c58 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 7 Aug 2018 12:08:24 +0200
Subject: [PATCH] logind: add hashtable for finding session by leader PID
This is useful later on, when we quickly want to find the session for a
leader PID.
(cherry picked from commit 238794b15082e6f61d0ce2943d39205289fff7f0)
Related: #2122288
---
src/login/logind-core.c | 15 ++++++++------
src/login/logind-dbus.c | 3 +--
src/login/logind-session.c | 41 +++++++++++++++++++++++++++++++++++---
src/login/logind-session.h | 1 +
src/login/logind.c | 4 +++-
src/login/logind.h | 1 +
6 files changed, 53 insertions(+), 12 deletions(-)
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 7e33f8e6aa..a1943b6f9d 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -339,13 +339,16 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **ret) {
if (!pid_is_valid(pid))
return -EINVAL;
- r = cg_pid_get_unit(pid, &unit);
- if (r < 0)
- goto not_found;
+ s = hashmap_get(m->sessions_by_leader, PID_TO_PTR(pid));
+ if (!s) {
+ r = cg_pid_get_unit(pid, &unit);
+ if (r < 0)
+ goto not_found;
- s = hashmap_get(m->session_units, unit);
- if (!s)
- goto not_found;
+ s = hashmap_get(m->session_units, unit);
+ if (!s)
+ goto not_found;
+ }
if (ret)
*ret = s;
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 0248042308..01bfef4ff7 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -784,9 +784,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
goto fail;
session_set_user(session, user);
+ session_set_leader(session, leader);
- session->leader = leader;
- session->audit_id = audit_id;
session->type = t;
session->class = c;
session->remote = remote;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index d666f86d3f..cc838ca383 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -121,6 +121,9 @@ Session* session_free(Session *s) {
free(s->scope);
}
+ if (pid_is_valid(s->leader))
+ (void) hashmap_remove_value(s->manager->sessions_by_leader, PID_TO_PTR(s->leader), s);
+
free(s->scope_job);
sd_bus_message_unref(s->create_message);
@@ -149,6 +152,30 @@ void session_set_user(Session *s, User *u) {
user_update_last_session_timer(u);
}
+int session_set_leader(Session *s, pid_t pid) {
+ int r;
+
+ assert(s);
+
+ if (!pid_is_valid(pid))
+ return -EINVAL;
+
+ if (s->leader == pid)
+ return 0;
+
+ r = hashmap_put(s->manager->sessions_by_leader, PID_TO_PTR(pid), s);
+ if (r < 0)
+ return r;
+
+ if (pid_is_valid(s->leader))
+ (void) hashmap_remove_value(s->manager->sessions_by_leader, PID_TO_PTR(s->leader), s);
+
+ s->leader = pid;
+ (void) audit_session_from_pid(pid, &s->audit_id);
+
+ return 1;
+}
+
static void session_save_devices(Session *s, FILE *f) {
SessionDevice *sd;
Iterator i;
@@ -473,8 +500,16 @@ int session_load(Session *s) {
}
if (leader) {
- if (parse_pid(leader, &s->leader) >= 0)
- (void) audit_session_from_pid(s->leader, &s->audit_id);
+ pid_t pid;
+
+ r = parse_pid(leader, &pid);
+ if (r < 0)
+ log_debug_errno(r, "Failed to parse leader PID of session: %s", leader);
+ else {
+ r = session_set_leader(s, pid);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set session leader PID, ignoring: %m");
+ }
}
if (type) {
@@ -910,7 +945,7 @@ int session_get_idle_hint(Session *s, dual_timestamp *t) {
/* For sessions with a leader but no explicitly configured
* tty, let's check the controlling tty of the leader */
- if (s->leader > 0) {
+ if (pid_is_valid(s->leader)) {
r = get_process_ctty_atime(s->leader, &atime);
if (r >= 0)
goto found_atime;
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index 7da845cea3..8c7d0301f2 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -124,6 +124,7 @@ Session* session_free(Session *s);
DEFINE_TRIVIAL_CLEANUP_FUNC(Session *, session_free);
void session_set_user(Session *s, User *u);
+int session_set_leader(Session *s, pid_t pid);
bool session_may_gc(Session *s, bool drop_not_started);
void session_add_to_gc_queue(Session *s);
int session_activate(Session *s);
diff --git a/src/login/logind.c b/src/login/logind.c
index 25de9a6ab2..6b576dad0d 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -46,6 +46,7 @@ static int manager_new(Manager **ret) {
m->devices = hashmap_new(&string_hash_ops);
m->seats = hashmap_new(&string_hash_ops);
m->sessions = hashmap_new(&string_hash_ops);
+ m->sessions_by_leader = hashmap_new(NULL);
m->users = hashmap_new(NULL);
m->inhibitors = hashmap_new(&string_hash_ops);
m->buttons = hashmap_new(&string_hash_ops);
@@ -53,7 +54,7 @@ static int manager_new(Manager **ret) {
m->user_units = hashmap_new(&string_hash_ops);
m->session_units = hashmap_new(&string_hash_ops);
- if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units)
+ if (!m->devices || !m->seats || !m->sessions || !m->sessions_by_leader || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units)
return -ENOMEM;
m->udev = udev_new();
@@ -112,6 +113,7 @@ static Manager* manager_unref(Manager *m) {
hashmap_free(m->devices);
hashmap_free(m->seats);
hashmap_free(m->sessions);
+ hashmap_free(m->sessions_by_leader);
hashmap_free(m->users);
hashmap_free(m->inhibitors);
hashmap_free(m->buttons);
diff --git a/src/login/logind.h b/src/login/logind.h
index bb127bf4a5..7f94dea2f6 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -26,6 +26,7 @@ struct Manager {
Hashmap *devices;
Hashmap *seats;
Hashmap *sessions;
+ Hashmap *sessions_by_leader;
Hashmap *users;
Hashmap *inhibitors;
Hashmap *buttons;

93
SOURCES/0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch Normal file
View File

@ -0,0 +1,93 @@
From 69ec7c9170e29fdf745fa282448d051edd1f88b2 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 9 Aug 2022 11:41:04 +0200
Subject: [PATCH] core/load-fragment: move config_parse_sec_fix_0 to src/shared
(cherry picked from commit 4ee8176fe33bbcd0971c4583a0e7d1cc2a64ac06)
Related: #2122288
---
src/core/load-fragment.c | 33 ---------------------------------
src/core/load-fragment.h | 1 -
src/shared/conf-parser.c | 2 ++
src/shared/conf-parser.h | 1 +
4 files changed, 3 insertions(+), 34 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index c0b1fd4f91..53de7ff5e9 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1865,39 +1865,6 @@ int config_parse_service_timeout(
return 0;
}
-int config_parse_sec_fix_0(
- const char *unit,
- const char *filename,
- unsigned line,
- const char *section,
- unsigned section_line,
- const char *lvalue,
- int ltype,
- const char *rvalue,
- void *data,
- void *userdata) {
-
- usec_t *usec = data;
- int r;
-
- assert(filename);
- assert(lvalue);
- assert(rvalue);
- assert(usec);
-
- /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
- * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
- * timeout. */
-
- r = parse_sec_fix_0(rvalue, usec);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
- return 0;
- }
-
- return 0;
-}
-
int config_parse_user_group_compat(
const char *unit,
const char *filename,
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index f9d34d484d..b964737f9e 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -95,7 +95,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_bus_name);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_working_directory);
CONFIG_PARSER_PROTOTYPE(config_parse_fdname);
-CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat);
CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat);
CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces);
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 1f40f00c72..414dde2e3d 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -1286,3 +1286,5 @@ int config_parse_permille(const char* unit,
return 0;
}
+
+DEFINE_CONFIG_PARSE_PTR(config_parse_sec_fix_0, parse_sec_fix_0, usec_t, "Failed to parse time value");
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
index 375b2e5a74..56fd302db8 100644
--- a/src/shared/conf-parser.h
+++ b/src/shared/conf-parser.h
@@ -142,6 +142,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ip_port);
CONFIG_PARSER_PROTOTYPE(config_parse_join_controllers);
CONFIG_PARSER_PROTOTYPE(config_parse_mtu);
CONFIG_PARSER_PROTOTYPE(config_parse_rlimit);
+CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
typedef enum Disabled {
DISABLED_CONFIGURATION,

123
SOURCES/0829-sd-event-add-relative-timer-calls.patch Normal file
View File

@ -0,0 +1,123 @@
From 30f5836253f820086caa24fc9283344615b8fc00 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 28 Jul 2020 11:17:00 +0200
Subject: [PATCH] sd-event: add relative timer calls
We frequently want to set a timer relative to the current time. Let's
add an explicit API for this. This not only saves us a few lines of code
everywhere and simplifies things, but also allows us to do correct
overflow checking.
(cherry picked from commit d6a83dc48ad1981665ff427858ae8e59d4cfd6cb)
Related: #2122288
---
src/libsystemd/libsystemd.sym | 8 +++++-
src/libsystemd/sd-event/sd-event.c | 42 ++++++++++++++++++++++++++++++
src/systemd/sd-event.h | 2 ++
3 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
index 3b55fc6473..449918093c 100644
--- a/src/libsystemd/libsystemd.sym
+++ b/src/libsystemd/libsystemd.sym
@@ -578,12 +578,18 @@ LIBSYSTEMD_240 {
sd_bus_get_method_call_timeout;
} LIBSYSTEMD_239;
+LIBSYSTEMD_247 {
+global:
+ sd_event_add_time_relative;
+ sd_event_source_set_time_relative;
+} LIBSYSTEMD_240;
+
LIBSYSTEMD_248 {
global:
sd_event_source_set_ratelimit;
sd_event_source_get_ratelimit;
sd_event_source_is_ratelimited;
-} LIBSYSTEMD_240;
+} LIBSYSTEMD_247;
LIBSYSTEMD_250 {
global:
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 09d4584bf9..2c9d331bf2 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1415,6 +1415,31 @@ fail:
return r;
}
+_public_ int sd_event_add_time_relative(
+ sd_event *e,
+ sd_event_source **ret,
+ clockid_t clock,
+ uint64_t usec,
+ uint64_t accuracy,
+ sd_event_time_handler_t callback,
+ void *userdata) {
+
+ usec_t t;
+ int r;
+
+ /* Same as sd_event_add_time() but operates relative to the event loop's current point in time, and
+ * checks for overflow. */
+
+ r = sd_event_now(e, clock, &t);
+ if (r < 0)
+ return r;
+
+ if (usec >= USEC_INFINITY - t)
+ return -EOVERFLOW;
+
+ return sd_event_add_time(e, ret, clock, t + usec, accuracy, callback, userdata);
+}
+
static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
assert(s);
@@ -2578,6 +2603,23 @@ _public_ int sd_event_source_set_time(sd_event_source *s, uint64_t usec) {
return 0;
}
+_public_ int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec) {
+ usec_t t;
+ int r;
+
+ assert_return(s, -EINVAL);
+ assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM);
+
+ r = sd_event_now(s->event, event_source_type_to_clock(s->type), &t);
+ if (r < 0)
+ return r;
+
+ if (usec >= USEC_INFINITY - t)
+ return -EOVERFLOW;
+
+ return sd_event_source_set_time(s, t + usec);
+}
+
_public_ int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec) {
assert_return(s, -EINVAL);
assert_return(usec, -EINVAL);
diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h
index c2e9c9614d..960bea1ac4 100644
--- a/src/systemd/sd-event.h
+++ b/src/systemd/sd-event.h
@@ -87,6 +87,7 @@ sd_event* sd_event_unref(sd_event *e);
int sd_event_add_io(sd_event *e, sd_event_source **s, int fd, uint32_t events, sd_event_io_handler_t callback, void *userdata);
int sd_event_add_time(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata);
+int sd_event_add_time_relative(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata);
int sd_event_add_signal(sd_event *e, sd_event_source **s, int sig, sd_event_signal_handler_t callback, void *userdata);
int sd_event_add_child(sd_event *e, sd_event_source **s, pid_t pid, int options, sd_event_child_handler_t callback, void *userdata);
int sd_event_add_inotify(sd_event *e, sd_event_source **s, const char *path, uint32_t mask, sd_event_inotify_handler_t callback, void *userdata);
@@ -136,6 +137,7 @@ int sd_event_source_set_io_events(sd_event_source *s, uint32_t events);
int sd_event_source_get_io_revents(sd_event_source *s, uint32_t* revents);
int sd_event_source_get_time(sd_event_source *s, uint64_t *usec);
int sd_event_source_set_time(sd_event_source *s, uint64_t usec);
+int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec);
int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec);
int sd_event_source_set_time_accuracy(sd_event_source *s, uint64_t usec);
int sd_event_source_get_time_clock(sd_event_source *s, clockid_t *clock);

233
SOURCES/0830-logind-add-option-to-stop-idle-sessions-after-specif.patch Normal file
View File

@ -0,0 +1,233 @@
From 24439b08e3a3437b423553c385cde1d4cddf18f6 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 8 Aug 2022 09:13:50 +0200
Subject: [PATCH] logind: add option to stop idle sessions after specified
timeout
Thanks to Jan Pazdziora <jpazdziora@redhat.com> for providing a patch
which implemeted a PoC of this feature.
(cherry picked from commit 82325af3ae41bc7efb3d5cd8f56a4652fef498c2)
Resolves: #2122288
---
man/logind.conf.xml | 11 ++++++
src/login/logind-core.c | 2 +
src/login/logind-dbus.c | 1 +
src/login/logind-gperf.gperf | 1 +
src/login/logind-session.c | 72 +++++++++++++++++++++++++++++++++---
src/login/logind-session.h | 2 +
src/login/logind.conf.in | 1 +
src/login/logind.h | 2 +
8 files changed, 86 insertions(+), 6 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 0cf8a7d1f2..00b5b1f2e8 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -333,6 +333,17 @@
are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>StopIdleSessionSec=</varname></term>
+
+ <listitem><para>Specifies a timeout in seconds, or a time span value after which
+ <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle for
+ longer then the timeout will be stopped. Defaults to <literal>infinity</literal>
+ (<filename>systemd-logind</filename> is not checking the idle state of sessions). For details about the syntax
+ of time spans, see
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ </para></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index a1943b6f9d..abe6eecffb 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -58,6 +58,8 @@ void manager_reset_config(Manager *m) {
m->kill_only_users = strv_free(m->kill_only_users);
m->kill_exclude_users = strv_free(m->kill_exclude_users);
+
+ m->stop_idle_session_usec = USEC_INFINITY;
}
int manager_parse_config_file(Manager *m) {
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 01bfef4ff7..81aacb4eed 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2720,6 +2720,7 @@ const sd_bus_vtable manager_vtable[] = {
SD_BUS_PROPERTY("SessionsMax", "t", NULL, offsetof(Manager, sessions_max), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("NCurrentSessions", "t", property_get_hashmap_size, offsetof(Manager, sessions), 0),
SD_BUS_PROPERTY("UserTasksMax", "t", property_get_compat_user_tasks_max, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
+ SD_BUS_PROPERTY("StopIdleSessionUSec", "t", NULL, offsetof(Manager, stop_idle_session_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_METHOD_WITH_NAMES("GetSession",
"s",
diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf
index 8829ce7d85..214ac5c4a3 100644
--- a/src/login/logind-gperf.gperf
+++ b/src/login/logind-gperf.gperf
@@ -42,3 +42,4 @@ Login.RemoveIPC, config_parse_bool, 0, offse
Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max)
Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max)
Login.UserTasksMax, config_parse_compat_user_tasks_max, 0, offsetof(Manager, user_tasks_max)
+Login.StopIdleSessionSec, config_parse_sec_fix_0, 0, offsetof(Manager, stop_idle_session_usec)
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index cc838ca383..56f40fbec4 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -29,6 +29,7 @@
#include "string-table.h"
#include "strv.h"
#include "terminal-util.h"
+#include "time-util.h"
#include "user-util.h"
#include "util.h"
@@ -139,6 +140,8 @@ Session* session_free(Session *s) {
free(s->state_file);
+ sd_event_source_unref(s->stop_on_idle_event_source);
+
return mfree(s);
}
@@ -658,6 +661,55 @@ static int session_start_scope(Session *s, sd_bus_message *properties, sd_bus_er
return 0;
}
+static int session_dispatch_stop_on_idle(sd_event_source *source, uint64_t t, void *userdata) {
+ Session *s = userdata;
+ dual_timestamp ts;
+ int r, idle;
+
+ assert(s);
+
+ if (s->stopping)
+ return 0;
+
+ idle = session_get_idle_hint(s, &ts);
+ if (idle) {
+ log_debug("Session \"%s\" of user \"%s\" is idle, stopping.", s->id, s->user->name);
+
+ return session_stop(s, /* force */ true);
+ }
+
+ r = sd_event_source_set_time(source, usec_add(ts.monotonic, s->manager->stop_idle_session_usec));
+ if (r < 0)
+ return log_error_errno(r, "Failed to configure stop on idle session event source: %m");
+
+ r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
+ if (r < 0)
+ return log_error_errno(r, "Failed to enable stop on idle session event source: %m");
+
+ return 1;
+}
+
+static int session_setup_stop_on_idle_timer(Session *s) {
+ int r;
+
+ assert(s);
+
+ if (s->manager->stop_idle_session_usec == USEC_INFINITY)
+ return 0;
+
+ r = sd_event_add_time_relative(
+ s->manager->event,
+ &s->stop_on_idle_event_source,
+ CLOCK_MONOTONIC,
+ s->manager->stop_idle_session_usec,
+ 0,
+ session_dispatch_stop_on_idle, s);
+ if (r < 0)
+ return log_error_errno(r, "Failed to add stop on idle session event source: %m");
+
+ return 0;
+}
+
int session_start(Session *s, sd_bus_message *properties, sd_bus_error *error) {
int r;
@@ -680,6 +732,10 @@ int session_start(Session *s, sd_bus_message *properties, sd_bus_error *error) {
if (r < 0)
return r;
+ r = session_setup_stop_on_idle_timer(s);
+ if (r < 0)
+ return r;
+
log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO,
"MESSAGE_ID=" SD_MESSAGE_SESSION_START_STR,
"SESSION_ID=%s", s->id,
@@ -917,7 +973,7 @@ static int get_process_ctty_atime(pid_t pid, usec_t *atime) {
}
int session_get_idle_hint(Session *s, dual_timestamp *t) {
- usec_t atime = 0, n;
+ usec_t atime = 0, dtime = 0;
int r;
assert(s);
@@ -961,12 +1017,16 @@ found_atime:
if (t)
dual_timestamp_from_realtime(t, atime);
- n = now(CLOCK_REALTIME);
-
- if (s->manager->idle_action_usec <= 0)
- return 0;
+ if (s->manager->idle_action_usec > 0 && s->manager->stop_idle_session_usec != USEC_INFINITY)
+ dtime = MIN(s->manager->idle_action_usec, s->manager->stop_idle_session_usec);
+ else if (s->manager->idle_action_usec > 0)
+ dtime = s->manager->idle_action_usec;
+ else if (s->manager->stop_idle_session_usec != USEC_INFINITY)
+ dtime = s->manager->stop_idle_session_usec;
+ else
+ return false;
- return atime + s->manager->idle_action_usec <= n;
+ return usec_add(atime, dtime) <= now(CLOCK_REALTIME);
}
void session_set_idle_hint(Session *s, bool b) {
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index 8c7d0301f2..6678441bb9 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -112,6 +112,8 @@ struct Session {
Hashmap *devices;
sd_bus_track *track;
+ sd_event_source *stop_on_idle_event_source;
+
LIST_FIELDS(Session, sessions_by_user);
LIST_FIELDS(Session, sessions_by_seat);
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index c7346f9819..a62c2b0b57 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -35,3 +35,4 @@
#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
+#StopIdleSessionSec=infinity
diff --git a/src/login/logind.h b/src/login/logind.h
index 7f94dea2f6..606adf4fe6 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -102,6 +102,8 @@ struct Manager {
usec_t idle_action_not_before_usec;
HandleAction idle_action;
+ usec_t stop_idle_session_usec;
+
HandleAction handle_power_key;
HandleAction handle_suspend_key;
HandleAction handle_hibernate_key;

29
SOURCES/0831-logind-schedule-idle-check-full-interval-from-now-if.patch Normal file
View File

@ -0,0 +1,29 @@
From e48edc1b923267a5fcc808c3eb7151bf460a68ba Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 9 Sep 2022 13:38:58 +0200
Subject: [PATCH] logind: schedule idle check full interval from now if we
couldn't figure out atime timestamp
(cherry picked from commit 6edf707fd59347024fa6be0342b108527825db1f)
Related: #2122288
---
src/login/logind-session.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 56f40fbec4..18a07efcdb 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -678,7 +678,10 @@ static int session_dispatch_stop_on_idle(sd_event_source *source, uint64_t t, vo
return session_stop(s, /* force */ true);
}
- r = sd_event_source_set_time(source, usec_add(ts.monotonic, s->manager->stop_idle_session_usec));
+ r = sd_event_source_set_time(
+ source,
+ usec_add(dual_timestamp_is_set(&ts) ? ts.monotonic : now(CLOCK_MONOTONIC),
+ s->manager->stop_idle_session_usec));
if (r < 0)
return log_error_errno(r, "Failed to configure stop on idle session event source: %m");

59
SOURCES/0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch Normal file
View File

@ -0,0 +1,59 @@
From 5f69ba3919d32ed93c68bb6b8b70a516f2bb56a8 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Aug 2022 14:34:49 +0200
Subject: [PATCH] ci(lint): add shell linter - Differential ShellCheck
It performs differential ShellCheck scans and report results directly in
pull request.
documentation:
https://github.com/redhat-plumbers-in-action/differential-shellcheck
(inspired by commit
https://github.com/systemd/systemd/commit/3f3c718e79abdac698ae90de5cd4c0560a0a75d4)
RHEL-only
Related: #2122499
---
.github/workflows/differential-shellcheck.yml | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 .github/workflows/differential-shellcheck.yml
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
new file mode 100644
index 0000000000..fa94679b51
--- /dev/null
+++ b/.github/workflows/differential-shellcheck.yml
@@ -0,0 +1,31 @@
+---
+# https://github.com/redhat-plumbers-in-action/differential-shellcheck#readme
+
+name: Differential ShellCheck
+on:
+ pull_request:
+ branches:
+ - master
+ - rhel-8.*.0
+
+permissions:
+ contents: read
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+
+ permissions:
+ security-events: write
+ pull-requests: write
+
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Differential ShellCheck
+ uses: redhat-plumbers-in-action/differential-shellcheck@v3
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}

34
SOURCES/0833-meson-do-not-compare-objects-of-different-types.patch Normal file
View File

@ -0,0 +1,34 @@
From deb09b3bd826571149f6b018f3a3ff8a33cd104b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 28 Jun 2018 16:09:04 +0900
Subject: [PATCH] meson: do not compare objects of different types
This fixes the following warning:
```
meson.build:1140: WARNING: Trying to compare values of different types (DependencyHolder, list) using !=.
The result of this is undefined and will become a hard error in a future Meson release.
```
Follow-up for f02582f69fe1e7663a87ba80bd4f90d5d23ee75f(#9410).
(cherry picked from commit 48f5da19b6e8f0d05f5217bc9856093d354ce5d0)
Related: #2122499
---
meson.build | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 6729a9ea5e..af4cf331da 100644
--- a/meson.build
+++ b/meson.build
@@ -1165,7 +1165,8 @@ substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
dns_over_tls = get_option('dns-over-tls')
if dns_over_tls != 'false'
- have = libgnutls != [] and libgnutls.version().version_compare('>=3.5.3')
+ have = (conf.get('HAVE_GNUTLS') == 1 and
+ libgnutls.version().version_compare('>=3.5.3'))
if dns_over_tls == 'true' and not have
error('DNS-over-TLS support was requested, but dependencies are not available')
endif

48
SOURCES/0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch Normal file
View File

@ -0,0 +1,48 @@
From ea9b3a664f5e67d0ee6b0bf6ca362835ae11fedc Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 20 Dec 2021 20:48:32 +0900
Subject: [PATCH] journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as
MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74
(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67)
Related: #2122499
---
src/journal-remote/journal-remote-main.c | 2 +-
src/journal-remote/microhttpd-util.h | 10 +++++++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 47fe9d7433..bcaa370099 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -304,7 +304,7 @@ static int request_handler(
/* When serialized, an entry of maximum size might be slightly larger,
* so this does not correspond exactly to the limit in journald. Oh well.
*/
- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
+ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE,
"Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
}
diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
index 26909082a1..dd0ca1d9bd 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/journal-remote/microhttpd-util.h
@@ -38,9 +38,13 @@
# define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE
#endif
-/* Renamed in µhttpd 0.9.53 */
-#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE
-# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE
+/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */
+#ifndef MHD_HTTP_CONTENT_TOO_LARGE
+# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE
+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */
+# else
+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE
+# endif
#endif
#if MHD_VERSION < 0x00094203

71
SOURCES/0835-Fix-build-with-httpd-0.9.71.patch Normal file
View File

@ -0,0 +1,71 @@
From ca86de228e19cea268ec3eeabc9097d7c28fbf24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 30 Jun 2020 09:56:10 +0200
Subject: [PATCH] =?UTF-8?q?Fix=20build=20with=20=C2=B5httpd=200.9.71?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The return type of callbacks was changed from int to an enum.
(cherry picked from commit d17eabb1052e7c8c432331a7a782845e36164f01)
Related: #2122499
---
src/journal-remote/journal-gatewayd.c | 4 ++--
src/journal-remote/journal-remote-main.c | 2 +-
src/journal-remote/microhttpd-util.h | 6 ++++++
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 54446ff7b5..3ff05a4d72 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -338,7 +338,7 @@ static int request_parse_range(
return 0;
}
-static int request_parse_arguments_iterator(
+static mhd_result request_parse_arguments_iterator(
void *cls,
enum MHD_ValueKind kind,
const char *key,
@@ -795,7 +795,7 @@ static int request_handler_machine(
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}
-static int request_handler(
+static mhd_result request_handler(
void *cls,
struct MHD_Connection *connection,
const char *url,
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index bcaa370099..a1008db6eb 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -241,7 +241,7 @@ static int process_http_upload(
return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.");
};
-static int request_handler(
+static mhd_result request_handler(
void *cls,
struct MHD_Connection *connection,
const char *url,
diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
index dd0ca1d9bd..792c07ac20 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/journal-remote/microhttpd-util.h
@@ -51,6 +51,12 @@
# define MHD_create_response_from_fd_at_offset64 MHD_create_response_from_fd_at_offset
#endif
+#if MHD_VERSION >= 0x00097002
+# define mhd_result enum MHD_Result
+#else
+# define mhd_result int
+#endif
+
void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
/* respond_oom() must be usable with return, hence this form. */

303
SOURCES/0836-ci-replace-LGTM-with-CodeQL.patch Normal file
View File

@ -0,0 +1,303 @@
From 2b1dbcab1af1a22f3a46fa23aa551a7394673938 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 15 Sep 2022 15:29:23 +0200
Subject: [PATCH] ci: replace LGTM with CodeQL
As LGTM is going to be shut down by EOY, let's use CodeQL instead.
This is loosely based on upstream's CodeQL configs with some minor
tweaks to avoid backporting tons of unrelated commits.
rhel-only
Related: #2122499
---
.github/codeql-config.yml | 12 ++++
.github/codeql-custom.qls | 44 ++++++++++++
.../PotentiallyDangerousFunction.ql | 3 +
.../UninitializedVariableWithCleanup.ql | 16 ++---
.github/codeql-queries/qlpack.yml | 11 +++
.github/workflows/codeql.yml | 68 +++++++++++++++++++
.lgtm.yml | 37 ----------
7 files changed, 146 insertions(+), 45 deletions(-)
create mode 100644 .github/codeql-config.yml
create mode 100644 .github/codeql-custom.qls
rename {.lgtm/cpp-queries => .github/codeql-queries}/PotentiallyDangerousFunction.ql (93%)
rename {.lgtm/cpp-queries => .github/codeql-queries}/UninitializedVariableWithCleanup.ql (86%)
create mode 100644 .github/codeql-queries/qlpack.yml
create mode 100644 .github/workflows/codeql.yml
delete mode 100644 .lgtm.yml
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
new file mode 100644
index 0000000000..7c01d32caa
--- /dev/null
+++ b/.github/codeql-config.yml
@@ -0,0 +1,12 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+name: "CodeQL config"
+
+disable-default-queries: false
+
+queries:
+ - name: Enable possibly useful queries which are disabled by default
+ uses: ./.github/codeql-custom.qls
+ - name: systemd-specific CodeQL queries
+ uses: ./.github/codeql-queries/
diff --git a/.github/codeql-custom.qls b/.github/codeql-custom.qls
new file mode 100644
index 0000000000..d35fbe3114
--- /dev/null
+++ b/.github/codeql-custom.qls
@@ -0,0 +1,44 @@
+---
+# vi: ts=2 sw=2 et syntax=yaml:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Note: it is not recommended to directly reference the respective queries from
+# the github/codeql repository, so we have to "dance" around it using
+# a custom QL suite
+# See:
+# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries
+# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120
+# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/
+
+# Note: the codeql/<lang>-queries pack name can be found in the CodeQL repo[0]
+# in <lang>/ql/src/qlpack.yml. The respective codeql-suites are then
+# under <lang>/ql/src/codeql-suites/.
+#
+# [0] https://github.com/github/codeql
+- import: codeql-suites/cpp-lgtm.qls
+ from: codeql/cpp-queries
+- import: codeql-suites/python-lgtm.qls
+ from: codeql/python-queries
+- include:
+ id:
+ - cpp/bad-strncpy-size
+ - cpp/declaration-hides-variable
+ - cpp/include-non-header
+ - cpp/inconsistent-null-check
+ - cpp/mistyped-function-arguments
+ - cpp/nested-loops-with-same-variable
+ - cpp/sizeof-side-effect
+ - cpp/suspicious-pointer-scaling
+ - cpp/suspicious-pointer-scaling-void
+ - cpp/suspicious-sizeof
+ - cpp/unsafe-strcat
+ - cpp/unsafe-strncat
+ - cpp/unsigned-difference-expression-compared-zero
+ - cpp/unused-local-variable
+ tags:
+ - "security"
+ - "correctness"
+ severity: "error"
+- exclude:
+ id:
+ - cpp/fixme-comment
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.github/codeql-queries/PotentiallyDangerousFunction.ql
similarity index 93%
rename from .lgtm/cpp-queries/PotentiallyDangerousFunction.ql
rename to .github/codeql-queries/PotentiallyDangerousFunction.ql
index 39e8dddd13..63fd14e75f 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.github/codeql-queries/PotentiallyDangerousFunction.ql
@@ -46,6 +46,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "accept" and
message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
+ ) or (
+ f.getQualifiedName() = "dirname" and
+ message = "Call dirname() is icky. Use path_extract_directory() instead."
)
}
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.github/codeql-queries/UninitializedVariableWithCleanup.ql
similarity index 86%
rename from .lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
rename to .github/codeql-queries/UninitializedVariableWithCleanup.ql
index 6b3b62f8bc..e514111f28 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.github/codeql-queries/UninitializedVariableWithCleanup.ql
@@ -50,16 +50,16 @@ class UninitialisedLocalReachability extends StackVariableReachability {
* fun(&x);
* puts(x);
*
- * `useOfVarActual()` won't treat this an an uninitialized read even if the callee
+ * `useOfVarActual()` won't treat this as an uninitialized read even if the callee
* doesn't modify the argument, however, `useOfVar()` will
*/
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
- // only report the _first_ possibly uninitialized use
+ /* only report the _first_ possibly uninitialized use */
useOfVar(v, node) or
(
- /* If there's an return statement somewhere between the variable declaration
+ /* If there's a return statement somewhere between the variable declaration
* and a possible definition, don't accept is as a valid initialization.
*
* E.g.:
@@ -71,7 +71,7 @@ class UninitialisedLocalReachability extends StackVariableReachability {
* x = malloc(...);
*
* is not a valid initialization, since we might return from the function
- * _before_ the actual iniitialization (emphasis on _might_, since we
+ * _before_ the actual initialization (emphasis on _might_, since we
* don't know if the return statement might ever evaluate to true).
*/
definitionBarrier(v, node) and
@@ -92,14 +92,14 @@ predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosing
* for this check to exclude them.
*/
VariableAccess commonException() {
- // If the uninitialized use we've found is in a macro expansion, it's
- // typically something like va_start(), and we don't want to complain.
+ /* If the uninitialized use we've found is in a macro expansion, it's
+ * typically something like va_start(), and we don't want to complain. */
result.getParent().isInMacroExpansion()
or
result.getParent() instanceof BuiltInOperation
or
- // Finally, exclude functions that contain assembly blocks. It's
- // anyone's guess what happens in those.
+ /* Finally, exclude functions that contain assembly blocks. It's
+ * anyone's guess what happens in those. */
containsInlineAssembly(result.getEnclosingFunction())
}
diff --git a/.github/codeql-queries/qlpack.yml b/.github/codeql-queries/qlpack.yml
new file mode 100644
index 0000000000..a1a2dec6d6
--- /dev/null
+++ b/.github/codeql-queries/qlpack.yml
@@ -0,0 +1,11 @@
+---
+# vi: ts=2 sw=2 et syntax=yaml:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+library: false
+name: systemd/cpp-queries
+version: 0.0.1
+dependencies:
+ codeql/cpp-all: "*"
+ codeql/suite-helpers: "*"
+extractor: cpp
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..c5426d5686
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,68 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+name: "CodeQL"
+
+on:
+ pull_request:
+ branches:
+ - master
+ - rhel-*
+ paths:
+ - '**/meson.build'
+ - '.github/**/codeql*'
+ - 'src/**'
+ - 'test/**'
+ - 'tools/**'
+ push:
+ branches:
+ - master
+ - rhel-*
+
+permissions:
+ contents: read
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-22.04
+ concurrency:
+ group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
+ cancel-in-progress: true
+ permissions:
+ actions: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ['cpp', 'python']
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ config-file: ./.github/codeql-config.yml
+
+ - name: Install dependencies
+ if: matrix.language == 'cpp'
+ run: |
+ echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+ sudo apt-get -y update
+ sudo apt-get -y build-dep systemd
+ sudo apt-get -y install libfdisk-dev libpwquality-dev libqrencode-dev libssl-dev libxkbcommon-dev libzstd-dev
+
+ - name: Build
+ if: matrix.language == 'cpp'
+ run: |
+ # EL 8 systemd fails to build with newer gnu-efi (3.0.13 on Ubuntu Jammy ATTOW)
+ meson build -Dlibiptc=false -Dgnu-efi=false
+ ninja -C build -v
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
diff --git a/.lgtm.yml b/.lgtm.yml
deleted file mode 100644
index fe93957b67..0000000000
--- a/.lgtm.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-
-# Explicitly enable certain checks which are hidden by default
-queries:
- - include: cpp/bad-strncpy-size
- - include: cpp/declaration-hides-variable
- - include: cpp/inconsistent-null-check
- - include: cpp/mistyped-function-arguments
- - include: cpp/nested-loops-with-same-variable
- - include: cpp/sizeof-side-effect
- - include: cpp/suspicious-pointer-scaling
- - include: cpp/suspicious-pointer-scaling-void
- - include: cpp/suspicious-sizeof
- - include: cpp/unsafe-strcat
- - include: cpp/unsafe-strncat
- - include: cpp/unsigned-difference-expression-compared-zero
- - include: cpp/unused-local-variable
- - include:
- tags:
- - "security"
- - "correctness"
- severity: "error"
-
-extraction:
- cpp:
- prepare:
- packages:
- - python3-pip
- - python3-setuptools
- - python3-wheel
- after_prepare:
- - pip3 install meson
- - export PATH="$HOME/.local/bin/:$PATH"
- python:
- python_setup:
- version: 3

71
SOURCES/0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch Normal file
View File

@ -0,0 +1,71 @@
From 4c241b812ea79f3faa02c45f95834842c7847b76 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 21 Sep 2022 15:14:26 +0200
Subject: [PATCH] ci(mergify): Update policy - Drop LGTM checks
rhel-only
Related: #2122499
---
.github/workflows/differential-shellcheck.yml | 1 +
.mergify.yml | 28 ++++++-------------
2 files changed, 9 insertions(+), 20 deletions(-)
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index fa94679b51..4399f0bc64 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -13,6 +13,7 @@ permissions:
jobs:
lint:
+ name: Differential ShellCheck
runs-on: ubuntu-latest
permissions:
diff --git a/.mergify.yml b/.mergify.yml
index 3afd04f18e..a5eed6a82a 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -11,16 +11,10 @@ pull_request_rules:
- -check-success=build (stream8, GCC_ASAN)
# CentOS Stream CI
- -check-success=CentOS CI (CentOS Stream 8)
- # LGTM
- - and:
- - "-check-success=LGTM analysis: JavaScript"
- - "-check-neutral=LGTM analysis: JavaScript"
- - and:
- - "-check-success=LGTM analysis: Python"
- - "-check-neutral=LGTM analysis: Python"
- - and:
- - "-check-success=LGTM analysis: C/C++"
- - "-check-neutral=LGTM analysis: C/C++"
+ # CodeQL
+ - -check-success=CodeQL
+ # Other
+ - -check-success=Differential ShellCheck
actions:
label:
add:
@@ -36,16 +30,10 @@ pull_request_rules:
- check-success=build (stream8, GCC_ASAN)
# CentOS Stream CI
- check-success=CentOS CI (CentOS Stream 8)
- # LGTM
- - or:
- - "check-success=LGTM analysis: JavaScript"
- - "check-neutral=LGTM analysis: JavaScript"
- - or:
- - "check-success=LGTM analysis: Python"
- - "check-neutral=LGTM analysis: Python"
- - or:
- - "check-success=LGTM analysis: C/C++"
- - "check-neutral=LGTM analysis: C/C++"
+ # CodeQL
+ - check-success=CodeQL
+ # Other
+ - check-success=Differential ShellCheck
actions:
label:
remove:

44
SOURCES/0838-time-util-fix-buffer-over-run.patch Normal file
View File

@ -0,0 +1,44 @@
From a521f942d5c304bca7c61bacb3c79e565853718e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 7 Jul 2022 18:27:02 +0900
Subject: [PATCH] time-util: fix buffer-over-run
Fixes #23928.
(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e)
Resolves: #2139391
---
src/basic/time-util.c | 2 +-
src/test/test-time-util.c | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index c36e462193..d46d884be5 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -515,7 +515,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
t = b;
}
- n = MIN((size_t) k, l);
+ n = MIN((size_t) k, l-1);
l -= n;
p += n;
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index 354a01dd1a..6ebde4153c 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -187,6 +187,11 @@ static void test_format_timespan(usec_t accuracy) {
test_format_timespan_one(500 * USEC_PER_MSEC, accuracy);
test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy);
test_format_timespan_one(USEC_INFINITY, accuracy);
+
+ /* See issue #23928. */
+ _cleanup_free_ char *buf;
+ assert_se(buf = new(char, 5));
+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
}
static void test_timezone_is_valid(void) {

32
SOURCES/0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch Normal file
View File

@ -0,0 +1,32 @@
From 2fe9fb3e844d7991105c40d4363eed9069a6837d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 18 Nov 2022 16:16:36 +0100
Subject: [PATCH] basic: recognize pdfs filesystem as a network filesystem
Fujitsu advises their users to always use _netdev mount option with pdfs
mounts. Hence it makes sense to simply consider pdfs mounts as network
filesystem mounts.
https://software.fujitsu.com/jp/manual/manualfiles/m130027/j2ul1563/02enz200/j1563-02-06-02-02.html
RHEL-only
Resolves: #2094661
---
src/basic/mount-util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index e7f9e514c2..983566b46b 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -634,7 +634,8 @@ bool fstype_is_network(const char *fstype) {
"glusterfs",
"pvfs2", /* OrangeFS */
"ocfs2",
- "lustre");
+ "lustre",
+ "pdfs");
}
bool fstype_is_api_vfs(const char *fstype) {

49
SOURCES/0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch Normal file
View File

@ -0,0 +1,49 @@
From 4bb425eea9f3037a583a23d99f15aa71562f2481 Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Thu, 17 Sep 2020 01:49:17 -0700
Subject: [PATCH] core: move reset_arguments() to the end of main's finish
Fixes #16991
fb39af4ce42d7ef9af63009f271f404038703704 replaced `free_arguments()` with
`reset_arguments()`, which frees arg_* variables as before, but also resets all
of them to the default values. `reset_arguments()` was positioned
in such a way that it overrode some arg_* values still in use at shutdown.
To avoid further unintentional resets, I moved `reset_arguments()`
right before the return, when nothing else will be using the arg_* variables.
(cherry picked from commit 7d9eea2bd3d4f83668c7a78754d201b226acbf1e)
Resolves: #2127131
---
src/core/main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/main.c b/src/core/main.c
index bfd4c531a7..cfa6fec930 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2631,7 +2631,6 @@ finish:
m = manager_free(m);
}
- reset_arguments();
mac_selinux_finish();
if (reexecute)
@@ -2656,6 +2655,7 @@ finish:
* in become_shutdown() so normally we cannot free them yet. */
watchdog_free_device();
arg_watchdog_device = mfree(arg_watchdog_device);
+ reset_arguments();
return retval;
}
#endif
@@ -2677,5 +2677,6 @@ finish:
freeze_or_reboot();
}
+ reset_arguments();
return retval;
}

91
SOURCES/0841-manager-move-inc.-of-n_reloading-into-a-function.patch Normal file
View File

@ -0,0 +1,91 @@
From 708c394b7ca35fe2328fa0760696ff95caab8ff8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 29 Nov 2022 16:15:47 +0100
Subject: [PATCH] manager: move inc. of n_reloading into a function
[dtardon: This is inspired by commit d147e2b66b4d6b71db1bc59b62286b2eb9c3d29f ,
but it does just the minimal change needed for the next commit.]
Related: #2136869
---
src/core/main.c | 2 +-
src/core/manager.c | 12 ++++++++----
src/core/manager.h | 1 +
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index cfa6fec930..c3e2ce8956 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1131,7 +1131,7 @@ static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching
return log_error_errno(r, "Failed to create serialization file: %m");
/* Make sure nothing is really destructed when we shut down */
- m->n_reloading++;
+ manager_reloading_start(m);
bus_manager_send_reloading(m, true);
fds = fdset_new();
diff --git a/src/core/manager.c b/src/core/manager.c
index f4611e6f8f..f923cbce37 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1578,6 +1578,10 @@ static void manager_preset_all(Manager *m) {
log_info("Populated /etc with preset unit settings.");
}
+void manager_reloading_start(Manager *m) {
+ m->n_reloading++;
+}
+
int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
int r;
@@ -1609,7 +1613,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
* this is already known, so we increase the counter here
* already */
if (serialization)
- m->n_reloading++;
+ manager_reloading_start(m);
/* First, enumerate what we can from all config files */
dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_START);
@@ -3093,7 +3097,7 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
assert(f);
assert(fds);
- m->n_reloading++;
+ manager_reloading_start(m);
fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id);
fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs);
@@ -3211,7 +3215,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
log_debug("Deserializing state...");
- m->n_reloading++;
+ manager_reloading_start(m);
for (;;) {
_cleanup_free_ char *line = NULL;
@@ -3455,7 +3459,7 @@ int manager_reload(Manager *m) {
if (r < 0)
return r;
- m->n_reloading++;
+ manager_reloading_start(m);
bus_manager_send_reloading(m, true);
fds = fdset_new();
diff --git a/src/core/manager.h b/src/core/manager.h
index 3f2cfc5e2e..adbbb518cb 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -386,6 +386,7 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **m);
Manager* manager_free(Manager *m);
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
+void manager_reloading_start(Manager *m);
int manager_startup(Manager *m, FILE *serialization, FDSet *fds);
Job *manager_get_job(Manager *m, uint32_t id);

59
SOURCES/0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch Normal file
View File

@ -0,0 +1,59 @@
From 22eb8fbdab14e5b1b11a4d84c83bef97317e1d2a Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 2 Sep 2021 16:37:13 +0200
Subject: [PATCH] core: Add new DBUS properties UnitsReloadStartTimestamp and
UnitsLoadTimestampMontonic
(cherry picked from commit 49fbe940a429c3d8807bacdfce03af834275257c)
Related: #2136869
---
src/core/dbus-manager.c | 1 +
src/core/manager.c | 2 ++
src/core/manager.h | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 5b1ed3646e..8a41eda4a6 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2486,6 +2486,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
BUS_PROPERTY_DUAL_TIMESTAMP("GeneratorsFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_GENERATORS_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST),
BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadStartTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_START]), SD_BUS_VTABLE_PROPERTY_CONST),
BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST),
+ BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", property_get_log_level, property_set_log_level, 0, 0),
SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", property_get_log_target, property_set_log_target, 0, 0),
SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0),
diff --git a/src/core/manager.c b/src/core/manager.c
index f923cbce37..8aa398cac8 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1580,6 +1580,7 @@ static void manager_preset_all(Manager *m) {
void manager_reloading_start(Manager *m) {
m->n_reloading++;
+ dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD);
}
int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
@@ -4622,6 +4623,7 @@ static const char *const manager_timestamp_table[_MANAGER_TIMESTAMP_MAX] = {
[MANAGER_TIMESTAMP_GENERATORS_FINISH] = "generators-finish",
[MANAGER_TIMESTAMP_UNITS_LOAD_START] = "units-load-start",
[MANAGER_TIMESTAMP_UNITS_LOAD_FINISH] = "units-load-finish",
+ [MANAGER_TIMESTAMP_UNITS_LOAD] = "units-load",
};
DEFINE_STRING_TABLE_LOOKUP(manager_timestamp, ManagerTimestamp);
diff --git a/src/core/manager.h b/src/core/manager.h
index adbbb518cb..98d381bc5b 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -67,6 +67,7 @@ typedef enum ManagerTimestamp {
MANAGER_TIMESTAMP_GENERATORS_FINISH,
MANAGER_TIMESTAMP_UNITS_LOAD_START,
MANAGER_TIMESTAMP_UNITS_LOAD_FINISH,
+ MANAGER_TIMESTAMP_UNITS_LOAD,
_MANAGER_TIMESTAMP_MAX,
_MANAGER_TIMESTAMP_INVALID = -1,
} ManagerTimestamp;

29
SOURCES/0843-core-Indicate-the-time-when-the-manager-started-load.patch Normal file
View File

@ -0,0 +1,29 @@
From f2de5398b0a1ebb3e6390506368c11329b843524 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 2 Sep 2021 16:50:50 +0200
Subject: [PATCH] core: Indicate the time when the manager started loading
units the last time
(cherry picked from commit 15b9243c0d7f6d1531fa65dbc01bd11e8e6c12ca)
Resolves: #2136869
---
src/core/manager.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/core/manager.c b/src/core/manager.c
index 8aa398cac8..a9cd51b624 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3554,6 +3554,11 @@ int manager_reload(Manager *m) {
/* Let's finally catch up with any changes that took place while we were reloading/reexecing */
manager_catchup(m);
+ /* Create a file which will indicate when the manager started loading units the last time. */
+ (void) touch_file("/run/systemd/systemd-units-load", false,
+ m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME),
+ UID_INVALID, GID_INVALID, 0444);
+
/* Sync current state of bus names with our set of listening units */
q = manager_enqueue_sync_bus_names(m);
if (q < 0 && r >= 0)

34
SOURCES/0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch Normal file
View File

@ -0,0 +1,34 @@
From 3c2d2345814935cea8525e802e764fb2949eb3df Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Mon, 27 Dec 2021 18:22:43 +0000
Subject: [PATCH] core: do not touch /run/systemd/systemd-units-load from user
session instances
Follow-up for: https://github.com/systemd/systemd/commit/15b9243c0d7f6d1531fa65dbc01bd11e8e6c12ca
Fixes: https://github.com/systemd/systemd/issues/21911
(cherry picked from commit 4b3ad81bfafcd97acb06db463495e348d159d8e6)
Related: #2136869
---
src/core/manager.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index a9cd51b624..e083596e58 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3555,9 +3555,10 @@ int manager_reload(Manager *m) {
manager_catchup(m);
/* Create a file which will indicate when the manager started loading units the last time. */
- (void) touch_file("/run/systemd/systemd-units-load", false,
- m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME),
- UID_INVALID, GID_INVALID, 0444);
+ if (MANAGER_IS_SYSTEM(m))
+ (void) touch_file("/run/systemd/systemd-units-load", false,
+ m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME),
+ UID_INVALID, GID_INVALID, 0444);
/* Sync current state of bus names with our set of listening units */
q = manager_enqueue_sync_bus_names(m);

49
SOURCES/0845-sysctl-downgrade-message-when-we-have-no-permission.patch Normal file
View File

@ -0,0 +1,49 @@
From ffe4233155085b479c69abe844a34de212b8e5e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 16 Jan 2020 14:45:28 +0100
Subject: [PATCH] sysctl: downgrade message when we have no permission
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.
Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.
https://bugzilla.redhat.com/show_bug.cgi?id=1609806
(cherry picked from commit 32458cc9687c1b60ff0f22c0e71da93ce78b1534)
Resolves: #2158160
---
src/sysctl/sysctl.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
index 4c85d6887f..dc14e1aaf1 100644
--- a/src/sysctl/sysctl.c
+++ b/src/sysctl/sysctl.c
@@ -82,13 +82,15 @@ static int apply_all(OrderedHashmap *sysctl_options) {
k = sysctl_write(option->key, option->value);
if (k < 0) {
/* If the sysctl is not available in the kernel or we are running with reduced
- * privileges and cannot write it, then log about the issue at LOG_NOTICE level, and
- * proceed without failing. (EROFS is treated as a permission problem here, since
- * that's how container managers usually protected their sysctls.) In all other cases
- * log an error and make the tool fail. */
-
- if (IN_SET(k, -EPERM, -EACCES, -EROFS, -ENOENT) || option->ignore_failure)
- log_notice_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
+ * privileges and cannot write it, then log about the issue, and proceed without
+ * failing. (EROFS is treated as a permission problem here, since that's how
+ * container managers usually protected their sysctls.) In all other cases log an
+ * error and make the tool fail. */
+
+ if (option->ignore_failure || k == -EROFS || ERRNO_IS_PRIVILEGE(k))
+ log_debug_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
+ else if (k == -ENOENT)
+ log_info_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key);
else {
log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key);
if (r == 0)

53
SOURCES/0846-core-respect-SELinuxContext-for-socket-creation.patch Normal file
View File

@ -0,0 +1,53 @@
From 1f408c8d9739b1038012eeec7bf0f918c8095bc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 23 Sep 2022 19:00:22 +0200
Subject: [PATCH] core: respect SELinuxContext= for socket creation
On socket creation respect the SELinuxContext= setting of the associated
service, such that the initial created socket has the same label as the
future process accepting the connection (since w.r.t SELinux sockets
normally have the same label as the owning process).
Triggered by #24702
(cherry picked from commit 599b384924bbef9f8f7fa5700c6fa35a404d9a98)
Related: #2136738
---
src/core/socket.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index 9d47ca2616..d1ca0a07c5 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1427,6 +1427,7 @@ fail:
static int socket_determine_selinux_label(Socket *s, char **ret) {
Service *service;
ExecCommand *c;
+ const char *exec_context;
_cleanup_free_ char *path = NULL;
int r;
@@ -1448,8 +1449,20 @@ static int socket_determine_selinux_label(Socket *s, char **ret) {
if (!UNIT_ISSET(s->service))
goto no_label;
-
service = SERVICE(UNIT_DEREF(s->service));
+
+ exec_context = service->exec_context.selinux_context;
+ if (exec_context) {
+ char *con;
+
+ con = strdup(exec_context);
+ if (!con)
+ return -ENOMEM;
+
+ *ret = TAKE_PTR(con);
+ return 0;
+ }
+
c = service->exec_command[SERVICE_EXEC_START];
if (!c)
goto no_label;

128
SOURCES/0847-manager-use-target-process-context-to-set-socket-con.patch Normal file
View File

@ -0,0 +1,128 @@
From 3f90090e70a5fa81bced17792fe08d9c46324da9 Mon Sep 17 00:00:00 2001
From: "Ted X. Toth" <txtoth@flycast.org>
Date: Thu, 13 Oct 2022 12:58:26 -0700
Subject: [PATCH] manager: use target process context to set socket context
Use target process context to set socket context when using SELinuxContextFromNet
not systemd's context. Currently when using the SELinuxContextFromNet option for
a socket activated services, systemd calls getcon_raw which returns init_t and
uses the resulting context to compute the context to be passed to the
setsockcreatecon call. A socket of type init_t is created and listened on and
this means that SELinux policy cannot be written to control which processes
(SELinux types) can connect to the socket since the ref policy allows all
'types' to connect to sockets of the type init_t. When security accessors see
that any process can connect to a socket this raises serious concerns. I have
spoken with SELinux contributors in person and on the mailing list and the
consensus is that the best solution is to use the target executables context
when computing the sockets context in all cases.
[zjs review/comment:
This removes the branch that was added in 16115b0a7b7cdf08fb38084d857d572d8a9088dc.
16115b0a7b7cdf08fb38084d857d572d8a9088dc did two things: it had the branch here
in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call
'label_get_child_mls_label(socket_fd, command->path, &label)'.
Before this patch, the flow was:
'''
mac_selinux_get_child_mls_label:
peercon = getpeercon_raw(socket_fd);
if (!exec_label)
exec_label = getfilecon_raw(exe);
socket_open_fds:
if (params->selinux_context_net) #
label = mac_selinux_get_our_label(); # this part is removed
else #
label = mac_selinux_get_create_label_from_exe(path);
socket_address_listen_in_cgroup(s, &p->address, label);
exec_child():
exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context);
setexeccon(exec_context);
'''
]
(cherry picked from commit 29dbc62d74f7b7881dc3136e68e03a03ea055b36)
Resolves: #2136738
---
src/core/socket.c | 58 ++++++++++++++++++++---------------------------
1 file changed, 24 insertions(+), 34 deletions(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index d1ca0a07c5..8aa5463b25 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1434,47 +1434,37 @@ static int socket_determine_selinux_label(Socket *s, char **ret) {
assert(s);
assert(ret);
- if (s->selinux_context_from_net) {
- /* If this is requested, get label from the network label */
-
- r = mac_selinux_get_our_label(ret);
- if (r == -EOPNOTSUPP)
- goto no_label;
-
- } else {
- /* Otherwise, get it from the executable we are about to start */
- r = socket_instantiate_service(s);
- if (r < 0)
- return r;
+ r = socket_instantiate_service(s);
+ if (r < 0)
+ return r;
- if (!UNIT_ISSET(s->service))
- goto no_label;
- service = SERVICE(UNIT_DEREF(s->service));
+ if (!UNIT_ISSET(s->service))
+ goto no_label;
+ service = SERVICE(UNIT_DEREF(s->service));
- exec_context = service->exec_context.selinux_context;
- if (exec_context) {
- char *con;
+ exec_context = service->exec_context.selinux_context;
+ if (exec_context) {
+ char *con;
- con = strdup(exec_context);
- if (!con)
- return -ENOMEM;
+ con = strdup(exec_context);
+ if (!con)
+ return -ENOMEM;
- *ret = TAKE_PTR(con);
- return 0;
- }
+ *ret = TAKE_PTR(con);
+ return 0;
+ }
- c = service->exec_command[SERVICE_EXEC_START];
- if (!c)
- goto no_label;
+ c = service->exec_command[SERVICE_EXEC_START];
+ if (!c)
+ goto no_label;
- r = chase_symlinks(c->path, service->exec_context.root_directory, CHASE_PREFIX_ROOT, &path);
- if (r < 0)
- goto no_label;
+ r = chase_symlinks(c->path, service->exec_context.root_directory, CHASE_PREFIX_ROOT, &path);
+ if (r < 0)
+ goto no_label;
- r = mac_selinux_get_create_label_from_exe(path, ret);
- if (IN_SET(r, -EPERM, -EOPNOTSUPP))
- goto no_label;
- }
+ r = mac_selinux_get_create_label_from_exe(path, ret);
+ if (IN_SET(r, -EPERM, -EOPNOTSUPP))
+ goto no_label;
return r;

142
SOURCES/0848-virt-detect-Amazon-EC2-Nitro-instance.patch Normal file
View File

@ -0,0 +1,142 @@
From 6ffd3de2ccc5901974f292c9694829e25441060d Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Sun, 11 Oct 2020 21:25:00 +0100
Subject: [PATCH] virt: detect Amazon EC2 Nitro instance
Amazon EC2 Nitro hypervisor is technically based on KVM[1], which
systemd-detect-virt identify propely from CPUID. However the lack of
CPUID on aarch64 (A1, T4 instance type) prevents a correct
identification, impacting hostnamectl and systemd-random-seed. Instead
it's possible to identify virtualization from DMI vendor ID.
Prior to this commit:
# hostnamectl
Static hostname: n/a
Transient hostname: ip-10-97-8-12
Icon name: computer
Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
Boot ID: b7b7e2fe0079448db664839df59f9817
Operating System: Gentoo/Linux
Kernel: Linux 5.4.69-longterm
Architecture: arm64
After this commit:
# hostnamectl
Static hostname: n/a
Transient hostname: ip-10-97-8-12
Icon name: computer-vm
Chassis: vm
Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b
Boot ID: bd04da57084e41078f20541101867113
Virtualization: amazon
Operating System: Gentoo/Linux
Kernel: Linux 5.4.69-longterm
Architecture: arm64
[1] https://aws.amazon.com/ec2/faqs/
(cherry picked from commit b6eca3731dd92b009b182f188936e1c2544574da)
Resolves: #2117948
---
man/systemd-detect-virt.xml | 7 ++++++-
man/systemd.unit.xml | 1 +
src/basic/virt.c | 8 +++++---
src/basic/virt.h | 1 +
src/test/test-condition.c | 1 +
5 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 6beb2c2aa1..61c210e24d 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -72,7 +72,12 @@
<row>
<entry><varname>kvm</varname></entry>
- <entry>Linux KVM kernel virtual machine, with whatever software, except Oracle Virtualbox</entry>
+ <entry>Linux KVM kernel virtual machine, in combination with QEMU. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below.</entry>
+ </row>
+
+ <row>
+ <entry><varname>amazon</varname></entry>
+ <entry>Amazon EC2 Nitro using Linux KVM</entry>
</row>
<row>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 6f213ccd56..5207a5bb3c 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -1068,6 +1068,7 @@
virtualization solution, or one of
<varname>qemu</varname>,
<varname>kvm</varname>,
+ <literal>amazon</literal>,
<varname>zvm</varname>,
<varname>vmware</varname>,
<varname>microsoft</varname>,
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 8d862b6d67..78c68d66e0 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -147,6 +147,7 @@ static int detect_vm_dmi(void) {
int id;
} dmi_vendor_table[] = {
{ "KVM", VIRTUALIZATION_KVM },
+ { "Amazon EC2", VIRTUALIZATION_AMAZON },
{ "QEMU", VIRTUALIZATION_QEMU },
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
{ "VMware", VIRTUALIZATION_VMWARE },
@@ -339,8 +340,8 @@ int detect_vm(void) {
/* We have to use the correct order here:
*
- * → First, try to detect Oracle Virtualbox, even if it uses KVM, as well as Xen even if it cloaks as Microsoft
- * Hyper-V.
+ * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if
+ * it cloaks as Microsoft Hyper-V.
*
* → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is
* overwritten.
@@ -348,7 +349,7 @@ int detect_vm(void) {
* → Third, try to detect from DMI. */
dmi = detect_vm_dmi();
- if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN)) {
+ if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) {
r = dmi;
goto finish;
}
@@ -631,6 +632,7 @@ int running_in_chroot(void) {
static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_NONE] = "none",
[VIRTUALIZATION_KVM] = "kvm",
+ [VIRTUALIZATION_AMAZON] = "amazon",
[VIRTUALIZATION_QEMU] = "qemu",
[VIRTUALIZATION_BOCHS] = "bochs",
[VIRTUALIZATION_XEN] = "xen",
diff --git a/src/basic/virt.h b/src/basic/virt.h
index 640b3ed779..ed4ff063e0 100644
--- a/src/basic/virt.h
+++ b/src/basic/virt.h
@@ -10,6 +10,7 @@ enum {
VIRTUALIZATION_VM_FIRST,
VIRTUALIZATION_KVM = VIRTUALIZATION_VM_FIRST,
+ VIRTUALIZATION_AMAZON,
VIRTUALIZATION_QEMU,
VIRTUALIZATION_BOCHS,
VIRTUALIZATION_XEN,
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 24395dafc6..29ea63c4ff 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -510,6 +510,7 @@ static void test_condition_test_virtualization(void) {
NULSTR_FOREACH(virt,
"kvm\0"
+ "amazon\0"
"qemu\0"
"bochs\0"
"xen\0"

37
SOURCES/0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch Normal file
View File

@ -0,0 +1,37 @@
From e320f72150829228f10ec24f3fba34d5377c5120 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Sun, 11 Oct 2020 22:25:56 +0100
Subject: [PATCH] machine-id-setup: generate machine-id from DMI product ID on
Amazon EC2
Amazon EC2 Nitro hypervisor is technically based on KVM[1].
[1] https://aws.amazon.com/ec2/faqs/
(cherry picked from commit 382a46d129899ca9027b07c325102cab173dd563)
Related: #2117948
---
src/core/machine-id-setup.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index 11528f83c4..fe2abc4e68 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -57,11 +57,11 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) {
return 0;
}
- } else if (detect_vm() == VIRTUALIZATION_KVM) {
+ } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU)) {
- /* If we are not running in a container, see if we are
- * running in qemu/kvm and a machine ID was passed in
- * via -uuid on the qemu/kvm command line */
+ /* If we are not running in a container, see if we are running in a VM that provides
+ * a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM
+ * with the -uuid on the qemu command line or the Amazon EC2 Nitro hypervisor. */
if (id128_read("/sys/class/dmi/id/product_uuid", ID128_UUID, ret) >= 0) {
log_info("Initializing machine ID from KVM UUID.");

134
SOURCES/0850-virt-use-string-table-to-detect-VM-or-container.patch Normal file
View File

@ -0,0 +1,134 @@
From efa2cdb699df3e5d5d7180e50f3ebfff74788c5c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 7 Jan 2020 11:49:39 +0900
Subject: [PATCH] virt: use string table to detect VM or container
(cherry picked from commit 735ea55f5cd87a82757a8911edd80fba799b46ee)
Related: #2117948
---
src/basic/virt.c | 73 ++++++++++++++++++++++--------------------------
1 file changed, 33 insertions(+), 40 deletions(-)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 78c68d66e0..6e4c702051 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -22,27 +22,26 @@
#include "string-util.h"
#include "virt.h"
+static const char *const vm_table[_VIRTUALIZATION_MAX] = {
+ [VIRTUALIZATION_XEN] = "XenVMMXenVMM",
+ [VIRTUALIZATION_KVM] = "KVMKVMKVM",
+ [VIRTUALIZATION_QEMU] = "TCGTCGTCGTCG",
+ /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
+ [VIRTUALIZATION_VMWARE] = "VMwareVMware",
+ /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */
+ [VIRTUALIZATION_MICROSOFT] = "Microsoft Hv",
+ /* https://wiki.freebsd.org/bhyve */
+ [VIRTUALIZATION_BHYVE] = "bhyve bhyve ",
+ [VIRTUALIZATION_QNX] = "QNXQVMBSQG",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(vm, int);
+
static int detect_vm_cpuid(void) {
/* CPUID is an x86 specific interface. */
#if defined(__i386__) || defined(__x86_64__)
- static const struct {
- const char *cpuid;
- int id;
- } cpuid_vendor_table[] = {
- { "XenVMMXenVMM", VIRTUALIZATION_XEN },
- { "KVMKVMKVM", VIRTUALIZATION_KVM },
- { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
- /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
- { "VMwareVMware", VIRTUALIZATION_VMWARE },
- /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */
- { "Microsoft Hv", VIRTUALIZATION_MICROSOFT },
- /* https://wiki.freebsd.org/bhyve */
- { "bhyve bhyve ", VIRTUALIZATION_BHYVE },
- { "QNXQVMBSQG", VIRTUALIZATION_QNX },
- };
-
uint32_t eax, ebx, ecx, edx;
bool hypervisor;
@@ -59,7 +58,7 @@ static int detect_vm_cpuid(void) {
uint32_t sig32[3];
char text[13];
} sig = {};
- unsigned j;
+ int v;
/* There is a hypervisor, see what it is */
__cpuid(0x40000000U, eax, ebx, ecx, edx);
@@ -70,11 +69,11 @@ static int detect_vm_cpuid(void) {
log_debug("Virtualization found, CPUID=%s", sig.text);
- for (j = 0; j < ELEMENTSOF(cpuid_vendor_table); j ++)
- if (streq(sig.text, cpuid_vendor_table[j].cpuid))
- return cpuid_vendor_table[j].id;
+ v = vm_from_string(sig.text);
+ if (v < 0)
+ return VIRTUALIZATION_VM_OTHER;
- return VIRTUALIZATION_VM_OTHER;
+ return v;
}
#endif
log_debug("No virtualization found in CPUID");
@@ -434,22 +433,20 @@ finish:
return r;
}
-int detect_container(void) {
- static const struct {
- const char *value;
- int id;
- } value_table[] = {
- { "lxc", VIRTUALIZATION_LXC },
- { "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT },
- { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
- { "docker", VIRTUALIZATION_DOCKER },
- { "rkt", VIRTUALIZATION_RKT },
- };
+static const char *const container_table[_VIRTUALIZATION_MAX] = {
+ [VIRTUALIZATION_LXC] = "lxc",
+ [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt",
+ [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
+ [VIRTUALIZATION_DOCKER] = "docker",
+ [VIRTUALIZATION_RKT] = "rkt",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(container, int);
+int detect_container(void) {
static thread_local int cached_found = _VIRTUALIZATION_INVALID;
_cleanup_free_ char *m = NULL;
const char *e = NULL;
- unsigned j;
int r;
if (cached_found >= 0)
@@ -522,13 +519,9 @@ int detect_container(void) {
goto finish;
translate_name:
- for (j = 0; j < ELEMENTSOF(value_table); j++)
- if (streq(e, value_table[j].value)) {
- r = value_table[j].id;
- goto finish;
- }
-
- r = VIRTUALIZATION_CONTAINER_OTHER;
+ r = container_from_string(e);
+ if (r < 0)
+ r = VIRTUALIZATION_CONTAINER_OTHER;
finish:
log_debug("Found container virtualization %s.", virtualization_to_string(r));

194
SOURCES/0851-fileio-introduce-read_full_virtual_file-for-reading-.patch Normal file
View File

@ -0,0 +1,194 @@
From 7a3843972ea290daf1bec5e1133db654749b8c02 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Tue, 22 Oct 2019 16:09:21 +0200
Subject: [PATCH] fileio: introduce read_full_virtual_file() for reading
virtual files in sysfs, procfs
Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
with two sorts of virtual files.
One sort uses "seq_file", and the results of the first read are buffered for
the second read. The other sort uses "raw" reads which always go direct to the
device.
In the later case, the content of the virtual file must be retrieved with a
single read otherwise subsequent read might get the new value instead of
finding EOF immediately. That's the reason why the usage of fread(3) is
prohibited in this case as it always performs a second call to read(2) looking
for EOF which is subject to the race described previously.
Fixes: #13585.
(cherry picked from commit 21b40f16622f171a9969dc334d74fb5eb2f575c2)
Related: #2117948
---
src/basic/fileio.c | 115 ++++++++++++++++++++++++++-
src/basic/fileio.h | 1 +
src/libsystemd/sd-device/sd-device.c | 2 +-
3 files changed, 113 insertions(+), 5 deletions(-)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 6b0bad5b71..733fb42463 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -276,6 +276,113 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
return 1;
}
+int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
+ _cleanup_free_ char *buf = NULL;
+ _cleanup_close_ int fd = -1;
+ struct stat st;
+ size_t n, size;
+ int n_retries;
+ char *p;
+
+ assert(ret_contents);
+
+ /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
+ * with two sorts of virtual files. One sort uses "seq_file", and the results of
+ * the first read are buffered for the second read. The other sort uses "raw"
+ * reads which always go direct to the device. In the latter case, the content of
+ * the virtual file must be retrieved with a single read otherwise a second read
+ * might get the new value instead of finding EOF immediately. That's the reason
+ * why the usage of fread(3) is prohibited in this case as it always performs a
+ * second call to read(2) looking for EOF. See issue 13585. */
+
+ fd = open(filename, O_RDONLY|O_CLOEXEC);
+ if (fd < 0)
+ return -errno;
+
+ /* Start size for files in /proc which usually report a file size of 0. */
+ size = LINE_MAX / 2;
+
+ /* Limit the number of attempts to read the number of bytes returned by fstat(). */
+ n_retries = 3;
+
+ for (;;) {
+ if (n_retries <= 0)
+ return -EIO;
+
+ if (fstat(fd, &st) < 0)
+ return -errno;
+
+ if (!S_ISREG(st.st_mode))
+ return -EBADF;
+
+ /* Be prepared for files from /proc which generally report a file size of 0. */
+ if (st.st_size > 0) {
+ size = st.st_size;
+ n_retries--;
+ } else
+ size = size * 2;
+
+ if (size > READ_FULL_BYTES_MAX)
+ return -E2BIG;
+
+ p = realloc(buf, size + 1);
+ if (!p)
+ return -ENOMEM;
+ buf = TAKE_PTR(p);
+
+ for (;;) {
+ ssize_t k;
+
+ /* Read one more byte so we can detect whether the content of the
+ * file has already changed or the guessed size for files from /proc
+ * wasn't large enough . */
+ k = read(fd, buf, size + 1);
+ if (k >= 0) {
+ n = k;
+ break;
+ }
+
+ if (errno != -EINTR)
+ return -errno;
+ }
+
+ /* Consider a short read as EOF */
+ if (n <= size)
+ break;
+
+ /* Hmm... either we read too few bytes from /proc or less likely the content
+ * of the file might have been changed (and is now bigger) while we were
+ * processing, let's try again either with a bigger guessed size or the new
+ * file size. */
+
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return -errno;
+ }
+
+ if (n < size) {
+ p = realloc(buf, n + 1);
+ if (!p)
+ return -ENOMEM;
+ buf = TAKE_PTR(p);
+ }
+
+ if (!ret_size) {
+ /* Safety check: if the caller doesn't want to know the size of what we
+ * just read it will rely on the trailing NUL byte. But if there's an
+ * embedded NUL byte, then we should refuse operation as otherwise
+ * there'd be ambiguity about what we just read. */
+
+ if (memchr(buf, 0, n))
+ return -EBADMSG;
+ } else
+ *ret_size = n;
+
+ buf[n] = 0;
+ *ret_contents = TAKE_PTR(buf);
+
+ return 0;
+}
+
int read_full_stream(FILE *f, char **contents, size_t *size) {
_cleanup_free_ char *buf = NULL;
struct stat st;
@@ -300,9 +407,9 @@ int read_full_stream(FILE *f, char **contents, size_t *size) {
if (st.st_size > READ_FULL_BYTES_MAX)
return -E2BIG;
- /* Start with the right file size, but be prepared for files from /proc which generally report a file
- * size of 0. Note that we increase the size to read here by one, so that the first read attempt
- * already makes us notice the EOF. */
+ /* Start with the right file size. Note that we increase the size
+ * to read here by one, so that the first read attempt already
+ * makes us notice the EOF. */
if (st.st_size > 0)
n = st.st_size + 1;
}
@@ -986,7 +1093,7 @@ int get_proc_field(const char *filename, const char *pattern, const char *termin
assert(pattern);
assert(field);
- r = read_full_file(filename, &status, NULL);
+ r = read_full_virtual_file(filename, &status, NULL);
if (r < 0)
return r;
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 77e6206e95..c6ad375b8d 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -38,6 +38,7 @@ int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *f
int read_one_line_file(const char *fn, char **line);
int read_full_file(const char *fn, char **contents, size_t *size);
int read_full_stream(FILE *f, char **contents, size_t *size);
+int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size);
int verify_file(const char *fn, const char *blob, bool accept_extra_nl);
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index be29053f8c..49750ba9d7 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -1798,7 +1798,7 @@ _public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr,
size_t size;
/* read attribute value */
- r = read_full_file(path, &value, &size);
+ r = read_full_virtual_file(path, &value, &size);
if (r < 0)
return r;

118
SOURCES/0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch Normal file
View File

@ -0,0 +1,118 @@
From 44cbd79562ed55a8b0f2e5b5dc708265568ed9f8 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <nmeyerha@amazon.com>
Date: Fri, 30 Apr 2021 09:30:52 -0700
Subject: [PATCH] Use BIOS characteristics to distinguish EC2 bare-metal from
VMs
DMI vendor information fields do not provide enough information for us to
distinguish between Amazon EC2 virtual machines and bare-metal instances.
SMBIOS provides a BIOS Information
table (https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0.pdf
Ch. 7) that provides a field to indicate that the current machine is a virtual
machine. On EC2 virtual machine instances, this field is set, while bare-metal
instances leave this unset, so we inspect the field via the kernel's
/sys/firemware/dmi/entries interface.
Fixes #18929
(cherry picked from commit ce35037928f4c4c931088256853f07804ec7d235)
Related: #2117948
---
src/basic/virt.c | 65 +++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 61 insertions(+), 4 deletions(-)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 6e4c702051..00d1c894e6 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -22,6 +22,12 @@
#include "string-util.h"
#include "virt.h"
+enum {
+ SMBIOS_VM_BIT_SET,
+ SMBIOS_VM_BIT_UNSET,
+ SMBIOS_VM_BIT_UNKNOWN,
+};
+
static const char *const vm_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_XEN] = "XenVMMXenVMM",
[VIRTUALIZATION_KVM] = "KVMKVMKVM",
@@ -131,9 +137,8 @@ static int detect_vm_device_tree(void) {
#endif
}
-static int detect_vm_dmi(void) {
#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
-
+static int detect_vm_dmi_vendor(void) {
static const char *const dmi_vendors[] = {
"/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
"/sys/class/dmi/id/sys_vendor",
@@ -179,11 +184,63 @@ static int detect_vm_dmi(void) {
return dmi_vendor_table[j].id;
}
}
-#endif
+ return VIRTUALIZATION_NONE;
+}
+
+static int detect_vm_smbios(void) {
+ /* The SMBIOS BIOS Charateristics Extension Byte 2 (Section 2.1.2.2 of
+ * https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0.pdf), specifies that
+ * the 4th bit being set indicates a VM. The BIOS Characteristics table is exposed via the kernel in
+ * /sys/firmware/dmi/entries/0-0. Note that in the general case, this bit being unset should not
+ * imply that the system is running on bare-metal. For example, QEMU 3.1.0 (with or without KVM)
+ * with SeaBIOS does not set this bit. */
+ _cleanup_free_ char *s = NULL;
+ size_t readsize;
+ int r;
+
+ r = read_full_virtual_file("/sys/firmware/dmi/entries/0-0/raw", &s, &readsize);
+ if (r < 0) {
+ log_debug_errno(r, "Unable to read /sys/firmware/dmi/entries/0-0/raw, ignoring: %m");
+ return SMBIOS_VM_BIT_UNKNOWN;
+ }
+ if (readsize < 20 || s[1] < 20) {
+ /* The spec indicates that byte 1 contains the size of the table, 0x12 + the number of
+ * extension bytes. The data we're interested in is in extension byte 2, which would be at
+ * 0x13. If we didn't read that much data, or if the BIOS indicates that we don't have that
+ * much data, we don't infer anything from the SMBIOS. */
+ log_debug("Only read %zu bytes from /sys/firmware/dmi/entries/0-0/raw (expected 20)", readsize);
+ return SMBIOS_VM_BIT_UNKNOWN;
+ }
- log_debug("No virtualization found in DMI");
+ uint8_t byte = (uint8_t) s[19];
+ if (byte & (1U<<4)) {
+ log_debug("DMI BIOS Extension table indicates virtualization");
+ return SMBIOS_VM_BIT_SET;
+ }
+ log_debug("DMI BIOS Extension table does not indicate virtualization");
+ return SMBIOS_VM_BIT_UNSET;
+}
+#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */
+
+static int detect_vm_dmi(void) {
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
+
+ int r;
+ r = detect_vm_dmi_vendor();
+ /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between Amazon EC2
+ * virtual machines and bare-metal instances, so we need to look at SMBIOS. */
+ if (r == VIRTUALIZATION_AMAZON && detect_vm_smbios() == SMBIOS_VM_BIT_UNSET)
+ return VIRTUALIZATION_NONE;
+
+ /* If we haven't identified a VM, but the firmware indicates that there is one, indicate as much. We
+ * have no further information about what it is. */
+ if (r == VIRTUALIZATION_NONE && detect_vm_smbios() == SMBIOS_VM_BIT_SET)
+ return VIRTUALIZATION_VM_OTHER;
+ return r;
+#else
return VIRTUALIZATION_NONE;
+#endif
}
static int detect_vm_xen(void) {

37
SOURCES/0853-device-drop-refuse_after.patch Normal file
View File

@ -0,0 +1,37 @@
From bb9d00035c00b8590c389e66b5d94334bbb7379d Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Mon, 30 Mar 2020 10:49:29 +0200
Subject: [PATCH] device: drop refuse_after
Scheduling devices after a given unit can be useful to start device *jobs* at a
specific time in the transaction, see commit 4195077ab4c823c.
This (hidden) change was introduced by commit eef85c4a3f8054d2.
(cherry picked from commit b862c25716520d9381d5a841dba0f0c14e9c970a)
[dtardon: This picks just the minimal relevant change from
c80a9a33d04fb4381327a69ce929c94a9f1d0e6c and
b862c25716520d9381d5a841dba0f0c14e9c970a]
Resolves: #2043524
---
src/core/unit.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index dfe0c243ef..9be2a0c326 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2841,8 +2841,9 @@ int unit_add_dependency(
return 0;
}
- if ((d == UNIT_BEFORE && other->type == UNIT_DEVICE) ||
- (d == UNIT_AFTER && u->type == UNIT_DEVICE)) {
+ /* Note that ordering a device unit after a unit is permitted since it
+ * allows to start its job running timeout at a specific time. */
+ if (d == UNIT_BEFORE && other->type == UNIT_DEVICE) {
log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
return 0;
}

44
SOURCES/0854-manager-limit-access-to-private-dbus-socket.patch Normal file
View File

@ -0,0 +1,44 @@
From 004130ae74688eb321aadc05192bab69fe5cbcbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 22 Jul 2022 11:45:12 +0200
Subject: [PATCH] manager: limit access to private dbus socket
For the system manager, /run/systemd/private is publicly accessible, because
/run/systemd is 0755, and /run/systemd/private is 0777. For the user manager,
/run/user/<uid> is 0700, and /run/user/<uid>/systemd/private is 0777. This
does not directly cause any security issue because we check the sender in
bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()).
But it makes sense to limit access to the socket to avoid wasting time in PID1.
Somebody could send messages there that'd we'd reject anyway. It also makes
things more explicit.
(cherry picked from commit df1cbd1adf26071aab41d96e054452a3d66103a4)
Resolves: #2119405
---
src/core/dbus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 66d838cdb4..ec6c52cb85 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -42,6 +42,7 @@
#include "string-util.h"
#include "strv.h"
#include "strxcpyx.h"
+#include "umask-util.h"
#include "user-util.h"
#define CONNECTIONS_MAX 4096
@@ -1019,7 +1020,8 @@ int bus_init_private(Manager *m) {
if (fd < 0)
return log_error_errno(errno, "Failed to allocate private socket: %m");
- r = bind(fd, &sa.sa, salen);
+ RUN_WITH_UMASK(0077)
+ r = bind(fd, &sa.sa, salen);
if (r < 0)
return log_error_errno(errno, "Failed to bind private socket: %m");

35
SOURCES/0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch Normal file
View File

@ -0,0 +1,35 @@
From b0574acc0bddceb0af47f6cce327a87041ab4b52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 11 Nov 2018 12:33:06 +0100
Subject: [PATCH] journalctl: do not treat EINTR as an error when waiting for
events
Fixup for 2a1e0f2228bbdfbc18635e959f47df7da50b62fe. Fixes #10724.
Reproducer: start 'journalctl -f' in a terminal window, change window size.
(cherry picked from commit 8e143a123276a9636987b08f555603927ca9e186)
Resolves: #2161683
---
src/journal/journalctl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index fa83dce562..228cfe7e49 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -2084,8 +2084,13 @@ static int wait_for_change(sd_journal *j, int poll_fd) {
if (r < 0)
return log_error_errno(r, "Failed to determine journal waiting time: %m");
- if (ppoll(pollfds, ELEMENTSOF(pollfds), timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0)
+ if (ppoll(pollfds, ELEMENTSOF(pollfds),
+ timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0) {
+ if (errno == EINTR)
+ return 0;
+
return log_error_errno(errno, "Couldn't wait for journal event: %m");
+ }
if (pollfds[1].revents & (POLLHUP|POLLERR)) { /* STDOUT has been closed? */
log_debug("Standard output has been closed.");

76
SOURCES/0856-core-bring-manager_startup-and-manager_reload-more-i.patch Normal file
View File

@ -0,0 +1,76 @@
From b9dd7ee5f4d0f6d51899d7e14ac7ef2fd2840b8f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 17:37:57 +0200
Subject: [PATCH] core: bring manager_startup() and manager_reload() more
inline
Both functions do partly the same, let's make sure they do it in the
same order, and that we don't miss some calls.
This makes a number of changes:
1. Moves exec_runtime_vacuum() two calls down in manager_startup(). This
should not have any effect but makes manager_startup() more like
manager_reload().
2. Calls manager_recheck_journal(), manager_recheck_dbus(),
manager_enqueue_sync_bus_names() in manager_startup() too. This is a
good idea since during reeexec we pass through manager_startup() and
hence can't assume dbus and journald weren't up yet, hence let's
check if they are ready to be connected to.
3. Include manager_enumerate_perpetual() in manager_reload(), too. This
is not strictly necessary, since these units are included in the
serialization anyway, but it's still a nice thing, in particular as
theoretically the deserialization could fail.
(cherry picked from commit 3ad2afb6a204513c7834c64ab864e40169874390)
Resolves: #2059633
---
src/core/manager.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index e083596e58..4a9f9bfcf9 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1665,12 +1665,12 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
/* Release any dynamic users no longer referenced */
dynamic_user_vacuum(m, true);
- exec_runtime_vacuum(m);
-
/* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
manager_vacuum_uid_refs(m);
manager_vacuum_gid_refs(m);
+ exec_runtime_vacuum(m);
+
if (serialization) {
assert(m->n_reloading > 0);
m->n_reloading--;
@@ -1681,6 +1681,13 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
m->send_reloading_done = true;
}
+ /* It might be safe to log to the journal now and connect to dbus */
+ manager_recheck_journal(m);
+ manager_recheck_dbus(m);
+
+ /* Sync current state of bus names with our set of listening units */
+ (void) manager_enqueue_sync_bus_names(m);
+
/* Let's finally catch up with any changes that took place while we were reloading/reexecing */
manager_catchup(m);
@@ -3505,7 +3512,8 @@ int manager_reload(Manager *m) {
lookup_paths_reduce(&m->lookup_paths);
manager_build_unit_path_cache(m);
- /* First, enumerate what we can from all config files */
+ /* First, enumerate what we can from kernel and suchlike */
+ manager_enumerate_perpetual(m);
manager_enumerate(m);
/* Second, deserialize our stored data */

35
SOURCES/0857-pam-add-a-call-to-pam_namespace.patch Normal file
View File

@ -0,0 +1,35 @@
From b1b7aaf83414c5b0bed6e61d38aefe29a21fdbcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Nov 2022 16:09:56 +0100
Subject: [PATCH] pam: add a call to pam_namespace
A call to pam_namespace is required so that children of user@.service end up in
a namespace as expected. pam_namespace gets called as part of the stack that
creates a session (login, sshd, gdm, etc.) and those processes end up in a
namespace, but it also needs to be called from our stack which is parallel and
descends from pid1 itself.
The call to pam_namespace is similar to the call to pam_keyinit that was added
in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service
creates a new session which is disconnected from the parent environment. Both
calls are not suitable for inclusion in the shared part of the stack (e.g.
@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser
should not include them.
(cherry picked from commit 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901)
Resolves: #1861836
---
src/login/systemd-user.m4 | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index 20c8999331..eb291beaed 100644
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -9,4 +9,5 @@ session required pam_selinux.so nottys open
)m4_dnl
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
+session required pam_namespace.so
session optional pam_systemd.so

31
SOURCES/0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch Normal file
View File

@ -0,0 +1,31 @@
From 4b573adbcc040fa50f1130cb8cf1bdb9559565cf Mon Sep 17 00:00:00 2001
From: Boqun Feng <boqun.feng@gmail.com>
Date: Wed, 13 Oct 2021 11:32:09 +0800
Subject: [PATCH] virt: Support detection for ARM64 Hyper-V guests
The detection of Microsoft Hyper-V VMs is done by cpuid currently,
however there is no cpuid on ARM64. And since ARM64 is now a supported
architecture for Microsoft Hyper-V guests[1], then use DMI tables to
detect a Hyper-V guest, which is more generic and works for ARM64.
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467
(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87)
Resolves: #2158307
---
src/basic/virt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 00d1c894e6..cc95097101 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -162,6 +162,7 @@ static int detect_vm_dmi_vendor(void) {
{ "Parallels", VIRTUALIZATION_PARALLELS },
/* https://wiki.freebsd.org/bhyve */
{ "BHYVE", VIRTUALIZATION_BHYVE },
+ { "Microsoft", VIRTUALIZATION_MICROSOFT },
};
unsigned i;
int r;

41
SOURCES/0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch Normal file
View File

@ -0,0 +1,41 @@
From e732bc987f2f779e89f30193bf694e0456ab7ce0 Mon Sep 17 00:00:00 2001
From: Boqun Feng <boqun.feng@gmail.com>
Date: Tue, 23 Nov 2021 15:09:26 +0800
Subject: [PATCH] virt: Fix the detection for Hyper-V VMs
Use product_version instead of product_name in DMI table and the string
"Hyper-V" to avoid misdetection.
Fixes: #21468
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4)
Related: #2158307
---
src/basic/virt.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index cc95097101..f750a0463f 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -143,7 +143,8 @@ static int detect_vm_dmi_vendor(void) {
"/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
"/sys/class/dmi/id/sys_vendor",
"/sys/class/dmi/id/board_vendor",
- "/sys/class/dmi/id/bios_vendor"
+ "/sys/class/dmi/id/bios_vendor",
+ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */
};
static const struct {
@@ -162,7 +163,7 @@ static int detect_vm_dmi_vendor(void) {
{ "Parallels", VIRTUALIZATION_PARALLELS },
/* https://wiki.freebsd.org/bhyve */
{ "BHYVE", VIRTUALIZATION_BHYVE },
- { "Microsoft", VIRTUALIZATION_MICROSOFT },
+ { "Hyper-V", VIRTUALIZATION_MICROSOFT },
};
unsigned i;
int r;

98
SOURCES/0860-basic-add-STRERROR-wrapper-for-strerror_r.patch Normal file
View File

@ -0,0 +1,98 @@
From 9c95d8dda42de288a57638a44dd5ea967469063d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 12:28:31 +0200
Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r()
(cherry picked from commit 2c5d05b3cd986568105d67891e4010b868dea24f)
Related: #2155520
---
src/basic/util.h | 10 ++++++++++
src/test/test-util.c | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+)
diff --git a/src/basic/util.h b/src/basic/util.h
index 76b76d7e91..195f02cf5f 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -153,6 +153,16 @@ static inline void _reset_errno_(int *saved_errno) {
errno = *saved_errno;
}
+/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */
+#define ERRNO_BUF_LEN 1024
+
+/* Note: the lifetime of the compound literal is the immediately surrounding block,
+ * see C11 §6.5.2.5, and
+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks
+ *
+ * Note that we use the GNU variant of strerror_r() here. */
+#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+
#define PROTECT_ERRNO _cleanup_(_reset_errno_) __attribute__((unused)) int _saved_errno_ = errno
#define UNPROTECT_ERRNO \
diff --git a/src/test/test-util.c b/src/test/test-util.c
index df60d89115..c93eaf7fc6 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -12,6 +12,7 @@
#include "process-util.h"
#include "raw-clone.h"
#include "rm-rf.h"
+#include "stdio-util.h"
#include "string-util.h"
#include "util.h"
@@ -321,6 +322,42 @@ static void test_system_tasks_max_scale(void) {
assert_se(system_tasks_max_scale(UINT64_MAX/4, UINT64_MAX) == UINT64_MAX);
}
+static void test_strerror_not_threadsafe(void) {
+ /* Just check that strerror really is not thread-safe. */
+ log_info("strerror(%d) → %s", 200, strerror(200));
+ log_info("strerror(%d) → %s", 201, strerror(201));
+ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX));
+
+ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201));
+
+ /* This call is not allowed, because the first returned string becomes invalid when
+ * we call strerror the second time:
+ *
+ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201));
+ */
+}
+
+static void test_STRERROR(void) {
+ /* Just check that STRERROR really is thread-safe. */
+ log_info("STRERROR(%d) → %s", 200, STRERROR(200));
+ log_info("STRERROR(%d) → %s", 201, STRERROR(201));
+ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201));
+
+ const char *a = STRERROR(200), *b = STRERROR(201);
+ assert_se(strstr(a, "200"));
+ assert_se(strstr(b, "201"));
+
+ /* Check with negative values */
+ assert_se(streq(a, STRERROR(-200)));
+ assert_se(streq(b, STRERROR(-201)));
+
+ const char *c = STRERROR(INT_MAX);
+ char buf[DECIMAL_STR_MAX(int)];
+ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */
+ log_info("STRERROR(%d) → %s", INT_MAX, c);
+ assert_se(strstr(c, buf));
+}
+
int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
@@ -340,5 +377,8 @@ int main(int argc, char *argv[]) {
test_system_tasks_max();
test_system_tasks_max_scale();
+ test_strerror_not_threadsafe();
+ test_STRERROR();
+
return 0;
}

529
SOURCES/0861-coredump-put-context-array-into-a-struct.patch Normal file
View File

@ -0,0 +1,529 @@
From f53c6620c55488e2a3bd92957b21b6b95a7a3d35 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 12 Jan 2023 15:47:09 +0100
Subject: [PATCH] coredump: put context array into a struct
[dtardon: This is based on commit f46c706bdd4316ae8ed6baf7a8c382b90b84f648 ,
but does just the minimal change to introduce the Context struct that is
needed by the following commit.]
Related: #2155520
---
src/coredump/coredump.c | 208 +++++++++++++++++++++-------------------
1 file changed, 108 insertions(+), 100 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index fb3a6ecfe9..ebc56d8342 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -91,6 +91,10 @@ enum {
_CONTEXT_MAX
};
+typedef struct Context {
+ const char *meta[_CONTEXT_MAX];
+} Context;
+
typedef enum CoredumpStorage {
COREDUMP_STORAGE_NONE,
COREDUMP_STORAGE_EXTERNAL,
@@ -184,7 +188,7 @@ static int fix_acl(int fd, uid_t uid) {
return 0;
}
-static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) {
+static int fix_xattr(int fd, const Context *context) {
static const char * const xattrs[_CONTEXT_MAX] = {
[CONTEXT_PID] = "user.coredump.pid",
@@ -209,10 +213,10 @@ static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) {
for (i = 0; i < _CONTEXT_MAX; i++) {
int k;
- if (isempty(context[i]) || !xattrs[i])
+ if (isempty(context->meta[i]) || !xattrs[i])
continue;
- k = fsetxattr(fd, xattrs[i], context[i], strlen(context[i]), XATTR_CREATE);
+ k = fsetxattr(fd, xattrs[i], context->meta[i], strlen(context->meta[i]), XATTR_CREATE);
if (k < 0 && r == 0)
r = -errno;
}
@@ -230,7 +234,7 @@ static int fix_permissions(
int fd,
const char *filename,
const char *target,
- const char *context[_CONTEXT_MAX],
+ const Context *context,
uid_t uid) {
int r;
@@ -273,18 +277,18 @@ static int maybe_remove_external_coredump(const char *filename, uint64_t size) {
return 1;
}
-static int make_filename(const char *context[_CONTEXT_MAX], char **ret) {
+static int make_filename(const Context *context, char **ret) {
_cleanup_free_ char *c = NULL, *u = NULL, *p = NULL, *t = NULL;
sd_id128_t boot = {};
int r;
assert(context);
- c = filename_escape(context[CONTEXT_COMM]);
+ c = filename_escape(context->meta[CONTEXT_COMM]);
if (!c)
return -ENOMEM;
- u = filename_escape(context[CONTEXT_UID]);
+ u = filename_escape(context->meta[CONTEXT_UID]);
if (!u)
return -ENOMEM;
@@ -292,11 +296,11 @@ static int make_filename(const char *context[_CONTEXT_MAX], char **ret) {
if (r < 0)
return r;
- p = filename_escape(context[CONTEXT_PID]);
+ p = filename_escape(context->meta[CONTEXT_PID]);
if (!p)
return -ENOMEM;
- t = filename_escape(context[CONTEXT_TIMESTAMP]);
+ t = filename_escape(context->meta[CONTEXT_TIMESTAMP]);
if (!t)
return -ENOMEM;
@@ -313,7 +317,7 @@ static int make_filename(const char *context[_CONTEXT_MAX], char **ret) {
}
static int save_external_coredump(
- const char *context[_CONTEXT_MAX],
+ const Context *context,
int input_fd,
char **ret_filename,
int *ret_node_fd,
@@ -334,19 +338,19 @@ static int save_external_coredump(
assert(ret_data_fd);
assert(ret_size);
- r = parse_uid(context[CONTEXT_UID], &uid);
+ r = parse_uid(context->meta[CONTEXT_UID], &uid);
if (r < 0)
return log_error_errno(r, "Failed to parse UID: %m");
- r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
+ r = safe_atou64(context->meta[CONTEXT_RLIMIT], &rlimit);
if (r < 0)
- return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
+ return log_error_errno(r, "Failed to parse resource limit: %s", context->meta[CONTEXT_RLIMIT]);
if (rlimit < page_size()) {
/* Is coredumping disabled? Then don't bother saving/processing the coredump.
* Anything below PAGE_SIZE cannot give a readable coredump (the kernel uses
* ELF_EXEC_PAGESIZE which is not easily accessible, but is usually the same as PAGE_SIZE. */
log_info("Resource limits disable core dumping for process %s (%s).",
- context[CONTEXT_PID], context[CONTEXT_COMM]);
+ context->meta[CONTEXT_PID], context->meta[CONTEXT_COMM]);
return -EBADSLT;
}
@@ -371,7 +375,7 @@ static int save_external_coredump(
r = copy_bytes(input_fd, fd, max_size, 0);
if (r < 0) {
- log_error_errno(r, "Cannot store coredump of %s (%s): %m", context[CONTEXT_PID], context[CONTEXT_COMM]);
+ log_error_errno(r, "Cannot store coredump of %s (%s): %m", context->meta[CONTEXT_PID], context->meta[CONTEXT_COMM]);
goto fail;
}
*ret_truncated = r == 1;
@@ -659,12 +663,12 @@ static int get_process_container_parent_cmdline(pid_t pid, char** cmdline) {
return 1;
}
-static int change_uid_gid(const char *context[]) {
+static int change_uid_gid(const Context *context) {
uid_t uid;
gid_t gid;
int r;
- r = parse_uid(context[CONTEXT_UID], &uid);
+ r = parse_uid(context->meta[CONTEXT_UID], &uid);
if (r < 0)
return r;
@@ -677,7 +681,7 @@ static int change_uid_gid(const char *context[]) {
uid = gid = 0;
}
} else {
- r = parse_gid(context[CONTEXT_GID], &gid);
+ r = parse_gid(context->meta[CONTEXT_GID], &gid);
if (r < 0)
return r;
}
@@ -685,23 +689,23 @@ static int change_uid_gid(const char *context[]) {
return drop_privileges(uid, gid, 0);
}
-static bool is_journald_crash(const char *context[_CONTEXT_MAX]) {
+static bool is_journald_crash(const Context *context) {
assert(context);
- return streq_ptr(context[CONTEXT_UNIT], SPECIAL_JOURNALD_SERVICE);
+ return streq_ptr(context->meta[CONTEXT_UNIT], SPECIAL_JOURNALD_SERVICE);
}
-static bool is_pid1_crash(const char *context[_CONTEXT_MAX]) {
+static bool is_pid1_crash(const Context *context) {
assert(context);
- return streq_ptr(context[CONTEXT_UNIT], SPECIAL_INIT_SCOPE) ||
- streq_ptr(context[CONTEXT_PID], "1");
+ return streq_ptr(context->meta[CONTEXT_UNIT], SPECIAL_INIT_SCOPE) ||
+ streq_ptr(context->meta[CONTEXT_PID], "1");
}
#define SUBMIT_COREDUMP_FIELDS 4
static int submit_coredump(
- const char *context[_CONTEXT_MAX],
+ Context *context,
struct iovec *iovec,
size_t n_iovec_allocated,
size_t n_iovec,
@@ -760,11 +764,11 @@ static int submit_coredump(
if (coredump_size <= arg_process_size_max) {
_cleanup_free_ char *stacktrace = NULL;
- r = coredump_make_stack_trace(coredump_fd, context[CONTEXT_EXE], &stacktrace);
+ r = coredump_make_stack_trace(coredump_fd, context->meta[CONTEXT_EXE], &stacktrace);
if (r >= 0)
- core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
- " (", context[CONTEXT_COMM], ") of user ",
- context[CONTEXT_UID], " dumped core.",
+ core_message = strjoin("MESSAGE=Process ", context->meta[CONTEXT_PID],
+ " (", context->meta[CONTEXT_COMM], ") of user ",
+ context->meta[CONTEXT_UID], " dumped core.",
journald_crash ? "\nCoredump diverted to " : "",
journald_crash ? filename : "",
"\n\n", stacktrace);
@@ -779,9 +783,9 @@ static int submit_coredump(
if (!core_message)
#endif
log:
- core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
- " (", context[CONTEXT_COMM], ") of user ",
- context[CONTEXT_UID], " dumped core.",
+ core_message = strjoin("MESSAGE=Process ", context->meta[CONTEXT_PID],
+ " (", context->meta[CONTEXT_COMM], ") of user ",
+ context->meta[CONTEXT_UID], " dumped core.",
journald_crash && filename ? "\nCoredump diverted to " : NULL,
journald_crash && filename ? filename : NULL);
if (!core_message)
@@ -826,7 +830,7 @@ log:
return 0;
}
-static void map_context_fields(const struct iovec *iovec, const char* context[]) {
+static void map_context_fields(const struct iovec *iovec, Context *context) {
static const char * const context_field_names[] = {
[CONTEXT_PID] = "COREDUMP_PID=",
@@ -857,7 +861,7 @@ static void map_context_fields(const struct iovec *iovec, const char* context[])
/* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the
* buffer, though not included in the iov_len count. (see below) */
- context[i] = p;
+ context->meta[i] = p;
break;
}
}
@@ -866,7 +870,7 @@ static int process_socket(int fd) {
_cleanup_close_ int coredump_fd = -1;
struct iovec *iovec = NULL;
size_t n_iovec = 0, n_allocated = 0, i, k;
- const char *context[_CONTEXT_MAX] = {};
+ Context context = {};
int r;
assert(fd >= 0);
@@ -950,7 +954,7 @@ static int process_socket(int fd) {
iovec[n_iovec].iov_len = (size_t) n;
cmsg_close_all(&mh);
- map_context_fields(iovec + n_iovec, context);
+ map_context_fields(iovec + n_iovec, &context);
n_iovec++;
}
@@ -960,24 +964,24 @@ static int process_socket(int fd) {
}
/* Make sure we got all data we really need */
- assert(context[CONTEXT_PID]);
- assert(context[CONTEXT_UID]);
- assert(context[CONTEXT_GID]);
- assert(context[CONTEXT_SIGNAL]);
- assert(context[CONTEXT_TIMESTAMP]);
- assert(context[CONTEXT_RLIMIT]);
- assert(context[CONTEXT_HOSTNAME]);
- assert(context[CONTEXT_COMM]);
+ assert(context.meta[CONTEXT_PID]);
+ assert(context.meta[CONTEXT_UID]);
+ assert(context.meta[CONTEXT_GID]);
+ assert(context.meta[CONTEXT_SIGNAL]);
+ assert(context.meta[CONTEXT_TIMESTAMP]);
+ assert(context.meta[CONTEXT_RLIMIT]);
+ assert(context.meta[CONTEXT_HOSTNAME]);
+ assert(context.meta[CONTEXT_COMM]);
assert(coredump_fd >= 0);
/* Small quirk: the journal fields contain the timestamp padded with six zeroes, so that the kernel-supplied 1s
* granularity timestamps becomes 1µs granularity, i.e. the granularity systemd usually operates in. Since we
* are reconstructing the original kernel context, we chop this off again, here. */
- k = strlen(context[CONTEXT_TIMESTAMP]);
+ k = strlen(context.meta[CONTEXT_TIMESTAMP]);
if (k > 6)
- context[CONTEXT_TIMESTAMP] = strndupa(context[CONTEXT_TIMESTAMP], k - 6);
+ context.meta[CONTEXT_TIMESTAMP] = strndupa(context.meta[CONTEXT_TIMESTAMP], k - 6);
- r = submit_coredump(context, iovec, n_allocated, n_iovec, coredump_fd);
+ r = submit_coredump(&context, iovec, n_allocated, n_iovec, coredump_fd);
finish:
for (i = 0; i < n_iovec; i++)
@@ -1062,7 +1066,7 @@ static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const ch
}
static int gather_pid_metadata(
- char* context[_CONTEXT_MAX],
+ Context *context,
char **comm_fallback,
struct iovec *iovec, size_t *n_iovec) {
@@ -1077,65 +1081,69 @@ static int gather_pid_metadata(
const char *p;
int r, signo;
- r = parse_pid(context[CONTEXT_PID], &pid);
+ r = parse_pid(context->meta[CONTEXT_PID], &pid);
if (r < 0)
- return log_error_errno(r, "Failed to parse PID \"%s\": %m", context[CONTEXT_PID]);
+ return log_error_errno(r, "Failed to parse PID \"%s\": %m", context->meta[CONTEXT_PID]);
- r = get_process_comm(pid, &context[CONTEXT_COMM]);
+ r = get_process_comm(pid, &t);
if (r < 0) {
log_warning_errno(r, "Failed to get COMM, falling back to the command line: %m");
- context[CONTEXT_COMM] = strv_join(comm_fallback, " ");
- if (!context[CONTEXT_COMM])
+ context->meta[CONTEXT_COMM] = strv_join(comm_fallback, " ");
+ if (!context->meta[CONTEXT_COMM])
return log_oom();
- }
+ } else
+ context->meta[CONTEXT_COMM] = t;
- r = get_process_exe(pid, &context[CONTEXT_EXE]);
+ r = get_process_exe(pid, &t);
if (r < 0)
log_warning_errno(r, "Failed to get EXE, ignoring: %m");
+ else
+ context->meta[CONTEXT_EXE] = t;
- if (cg_pid_get_unit(pid, &context[CONTEXT_UNIT]) >= 0) {
- if (!is_journald_crash((const char**) context)) {
+ if (cg_pid_get_unit(pid, &t) >= 0) {
+ if (!is_journald_crash(context)) {
/* OK, now we know it's not the journal, hence we can make use of it now. */
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_open();
}
/* If this is PID 1 disable coredump collection, we'll unlikely be able to process it later on. */
- if (is_pid1_crash((const char**) context)) {
+ if (is_pid1_crash(context)) {
log_notice("Due to PID 1 having crashed coredump collection will now be turned off.");
disable_coredumps();
}
- set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
- }
+ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context->meta[CONTEXT_UNIT]);
+ } else
+ context->meta[CONTEXT_UNIT] = t;
if (cg_pid_get_user_unit(pid, &t) >= 0)
set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);
/* The next few are mandatory */
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context->meta[CONTEXT_PID]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context->meta[CONTEXT_UID]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context->meta[CONTEXT_GID]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context->meta[CONTEXT_SIGNAL]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context->meta[CONTEXT_RLIMIT]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context->meta[CONTEXT_HOSTNAME]))
return log_oom();
- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context->meta[CONTEXT_COMM]))
return log_oom();
- if (context[CONTEXT_EXE] &&
- !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
+ if (context->meta[CONTEXT_EXE] &&
+ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context->meta[CONTEXT_EXE]))
return log_oom();
if (sd_pid_get_session(pid, &t) >= 0)
@@ -1198,11 +1206,11 @@ static int gather_pid_metadata(
if (get_process_environ(pid, &t) >= 0)
set_iovec_field_free(iovec, n_iovec, "COREDUMP_ENVIRON=", t);
- t = strjoin("COREDUMP_TIMESTAMP=", context[CONTEXT_TIMESTAMP], "000000");
+ t = strjoin("COREDUMP_TIMESTAMP=", context->meta[CONTEXT_TIMESTAMP], "000000");
if (t)
iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t);
- if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
+ if (safe_atoi(context->meta[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
return 0; /* we successfully acquired all metadata */
@@ -1210,7 +1218,7 @@ static int gather_pid_metadata(
static int process_kernel(int argc, char* argv[]) {
- char* context[_CONTEXT_MAX] = {};
+ Context context = {};
struct iovec iovec[29 + SUBMIT_COREDUMP_FIELDS];
size_t i, n_iovec, n_to_free = 0;
int r;
@@ -1222,15 +1230,15 @@ static int process_kernel(int argc, char* argv[]) {
return -EINVAL;
}
- context[CONTEXT_PID] = argv[1 + CONTEXT_PID];
- context[CONTEXT_UID] = argv[1 + CONTEXT_UID];
- context[CONTEXT_GID] = argv[1 + CONTEXT_GID];
- context[CONTEXT_SIGNAL] = argv[1 + CONTEXT_SIGNAL];
- context[CONTEXT_TIMESTAMP] = argv[1 + CONTEXT_TIMESTAMP];
- context[CONTEXT_RLIMIT] = argv[1 + CONTEXT_RLIMIT];
- context[CONTEXT_HOSTNAME] = argv[1 + CONTEXT_HOSTNAME];
+ context.meta[CONTEXT_PID] = argv[1 + CONTEXT_PID];
+ context.meta[CONTEXT_UID] = argv[1 + CONTEXT_UID];
+ context.meta[CONTEXT_GID] = argv[1 + CONTEXT_GID];
+ context.meta[CONTEXT_SIGNAL] = argv[1 + CONTEXT_SIGNAL];
+ context.meta[CONTEXT_TIMESTAMP] = argv[1 + CONTEXT_TIMESTAMP];
+ context.meta[CONTEXT_RLIMIT] = argv[1 + CONTEXT_RLIMIT];
+ context.meta[CONTEXT_HOSTNAME] = argv[1 + CONTEXT_HOSTNAME];
- r = gather_pid_metadata(context, argv + 1 + CONTEXT_COMM, iovec, &n_to_free);
+ r = gather_pid_metadata(&context, argv + 1 + CONTEXT_COMM, iovec, &n_to_free);
if (r < 0)
goto finish;
@@ -1243,8 +1251,8 @@ static int process_kernel(int argc, char* argv[]) {
assert(n_iovec <= ELEMENTSOF(iovec));
- if (is_journald_crash((const char**) context) || is_pid1_crash((const char**) context))
- r = submit_coredump((const char**) context,
+ if (is_journald_crash(&context) || is_pid1_crash(&context))
+ r = submit_coredump(&context,
iovec, ELEMENTSOF(iovec), n_iovec,
STDIN_FILENO);
else
@@ -1255,15 +1263,15 @@ static int process_kernel(int argc, char* argv[]) {
free(iovec[i].iov_base);
/* Those fields are allocated by gather_pid_metadata */
- free(context[CONTEXT_COMM]);
- free(context[CONTEXT_EXE]);
- free(context[CONTEXT_UNIT]);
+ free((char *) context.meta[CONTEXT_COMM]);
+ free((char *) context.meta[CONTEXT_EXE]);
+ free((char *) context.meta[CONTEXT_UNIT]);
return r;
}
static int process_backtrace(int argc, char *argv[]) {
- char *context[_CONTEXT_MAX] = {};
+ Context context = {};
_cleanup_free_ char *message = NULL;
_cleanup_free_ struct iovec *iovec = NULL;
size_t n_iovec, n_allocated, n_to_free = 0, i;
@@ -1279,13 +1287,13 @@ static int process_backtrace(int argc, char *argv[]) {
return -EINVAL;
}
- context[CONTEXT_PID] = argv[2 + CONTEXT_PID];
- context[CONTEXT_UID] = argv[2 + CONTEXT_UID];
- context[CONTEXT_GID] = argv[2 + CONTEXT_GID];
- context[CONTEXT_SIGNAL] = argv[2 + CONTEXT_SIGNAL];
- context[CONTEXT_TIMESTAMP] = argv[2 + CONTEXT_TIMESTAMP];
- context[CONTEXT_RLIMIT] = argv[2 + CONTEXT_RLIMIT];
- context[CONTEXT_HOSTNAME] = argv[2 + CONTEXT_HOSTNAME];
+ context.meta[CONTEXT_PID] = argv[2 + CONTEXT_PID];
+ context.meta[CONTEXT_UID] = argv[2 + CONTEXT_UID];
+ context.meta[CONTEXT_GID] = argv[2 + CONTEXT_GID];
+ context.meta[CONTEXT_SIGNAL] = argv[2 + CONTEXT_SIGNAL];
+ context.meta[CONTEXT_TIMESTAMP] = argv[2 + CONTEXT_TIMESTAMP];
+ context.meta[CONTEXT_RLIMIT] = argv[2 + CONTEXT_RLIMIT];
+ context.meta[CONTEXT_HOSTNAME] = argv[2 + CONTEXT_HOSTNAME];
n_allocated = 34 + COREDUMP_STORAGE_EXTERNAL;
/* 26 metadata, 2 static, +unknown input, 4 storage, rounded up */
@@ -1293,7 +1301,7 @@ static int process_backtrace(int argc, char *argv[]) {
if (!iovec)
return log_oom();
- r = gather_pid_metadata(context, argv + 2 + CONTEXT_COMM, iovec, &n_to_free);
+ r = gather_pid_metadata(&context, argv + 2 + CONTEXT_COMM, iovec, &n_to_free);
if (r < 0)
goto finish;
if (r > 0) {
@@ -1320,10 +1328,10 @@ static int process_backtrace(int argc, char *argv[]) {
if (journal_importer_eof(&importer)) {
log_warning("Did not receive a full journal entry on stdin, ignoring message sent by reporter");
- message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
- " (", context[CONTEXT_COMM], ")"
- " of user ", context[CONTEXT_UID],
- " failed with ", context[CONTEXT_SIGNAL]);
+ message = strjoin("MESSAGE=Process ", context.meta[CONTEXT_PID],
+ " (", context.meta[CONTEXT_COMM], ")"
+ " of user ", context.meta[CONTEXT_UID],
+ " failed with ", context.meta[CONTEXT_SIGNAL]);
if (!message) {
r = log_oom();
goto finish;
@@ -1349,9 +1357,9 @@ static int process_backtrace(int argc, char *argv[]) {
free(iovec[i].iov_base);
/* Those fields are allocated by gather_pid_metadata */
- free(context[CONTEXT_COMM]);
- free(context[CONTEXT_EXE]);
- free(context[CONTEXT_UNIT]);
+ free((char *) context.meta[CONTEXT_COMM]);
+ free((char *) context.meta[CONTEXT_EXE]);
+ free((char *) context.meta[CONTEXT_UNIT]);
return r;
}

354
SOURCES/0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch Normal file
View File

@ -0,0 +1,354 @@
From d178865d3d9940423f4d99360e3dc2fcaf0b2c96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 28 Nov 2022 12:12:55 +0100
Subject: [PATCH] coredump: do not allow user to access coredumps with changed
uid/gid/capabilities
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
Resolves: #2155520
---
src/coredump/coredump.c | 190 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 182 insertions(+), 8 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index ebc56d8342..d8acd2d3a7 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -4,6 +4,7 @@
#include <stdio.h>
#include <stdio_ext.h>
#include <sys/prctl.h>
+#include <sys/auxv.h>
#include <sys/xattr.h>
#include <unistd.h>
@@ -88,11 +89,13 @@ enum {
CONTEXT_COMM,
CONTEXT_EXE,
CONTEXT_UNIT,
+ CONTEXT_PROC_AUXV,
_CONTEXT_MAX
};
typedef struct Context {
const char *meta[_CONTEXT_MAX];
+ size_t meta_size[_CONTEXT_MAX];
} Context;
typedef enum CoredumpStorage {
@@ -148,8 +151,7 @@ static inline uint64_t storage_size_max(void) {
return 0;
}
-static int fix_acl(int fd, uid_t uid) {
-
+static int fix_acl(int fd, uid_t uid, bool allow_user) {
#if HAVE_ACL
_cleanup_(acl_freep) acl_t acl = NULL;
acl_entry_t entry;
@@ -157,6 +159,11 @@ static int fix_acl(int fd, uid_t uid) {
int r;
assert(fd >= 0);
+ assert(uid_is_valid(uid));
+
+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */
+ if (!allow_user)
+ return 0;
if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
return 0;
@@ -235,7 +242,8 @@ static int fix_permissions(
const char *filename,
const char *target,
const Context *context,
- uid_t uid) {
+ uid_t uid,
+ bool allow_user) {
int r;
@@ -245,7 +253,7 @@ static int fix_permissions(
/* Ignore errors on these */
(void) fchmod(fd, 0640);
- (void) fix_acl(fd, uid);
+ (void) fix_acl(fd, uid, allow_user);
(void) fix_xattr(fd, context);
if (fsync(fd) < 0)
@@ -316,6 +324,154 @@ static int make_filename(const Context *context, char **ret) {
return 0;
}
+static int parse_auxv64(
+ const uint64_t *auxv,
+ size_t size_bytes,
+ int *at_secure,
+ uid_t *uid,
+ uid_t *euid,
+ gid_t *gid,
+ gid_t *egid) {
+
+ assert(auxv || size_bytes == 0);
+
+ if (size_bytes % (2 * sizeof(uint64_t)) != 0)
+ return log_warning_errno(-EIO, "Incomplete auxv structure (%zu bytes).", size_bytes);
+
+ size_t words = size_bytes / sizeof(uint64_t);
+
+ /* Note that we set output variables even on error. */
+
+ for (size_t i = 0; i + 1 < words; i += 2)
+ switch (auxv[i]) {
+ case AT_SECURE:
+ *at_secure = auxv[i + 1] != 0;
+ break;
+ case AT_UID:
+ *uid = auxv[i + 1];
+ break;
+ case AT_EUID:
+ *euid = auxv[i + 1];
+ break;
+ case AT_GID:
+ *gid = auxv[i + 1];
+ break;
+ case AT_EGID:
+ *egid = auxv[i + 1];
+ break;
+ case AT_NULL:
+ if (auxv[i + 1] != 0)
+ goto error;
+ return 0;
+ }
+ error:
+ return log_warning_errno(-ENODATA,
+ "AT_NULL terminator not found, cannot parse auxv structure.");
+}
+
+static int parse_auxv32(
+ const uint32_t *auxv,
+ size_t size_bytes,
+ int *at_secure,
+ uid_t *uid,
+ uid_t *euid,
+ gid_t *gid,
+ gid_t *egid) {
+
+ assert(auxv || size_bytes == 0);
+
+ size_t words = size_bytes / sizeof(uint32_t);
+
+ if (size_bytes % (2 * sizeof(uint32_t)) != 0)
+ return log_warning_errno(-EIO, "Incomplete auxv structure (%zu bytes).", size_bytes);
+
+ /* Note that we set output variables even on error. */
+
+ for (size_t i = 0; i + 1 < words; i += 2)
+ switch (auxv[i]) {
+ case AT_SECURE:
+ *at_secure = auxv[i + 1] != 0;
+ break;
+ case AT_UID:
+ *uid = auxv[i + 1];
+ break;
+ case AT_EUID:
+ *euid = auxv[i + 1];
+ break;
+ case AT_GID:
+ *gid = auxv[i + 1];
+ break;
+ case AT_EGID:
+ *egid = auxv[i + 1];
+ break;
+ case AT_NULL:
+ if (auxv[i + 1] != 0)
+ goto error;
+ return 0;
+ }
+ error:
+ return log_warning_errno(-ENODATA,
+ "AT_NULL terminator not found, cannot parse auxv structure.");
+}
+
+static int grant_user_access(int core_fd, const Context *context) {
+ int at_secure = -1;
+ uid_t uid = UID_INVALID, euid = UID_INVALID;
+ uid_t gid = GID_INVALID, egid = GID_INVALID;
+ int r;
+
+ assert(core_fd >= 0);
+ assert(context);
+
+ if (!context->meta[CONTEXT_PROC_AUXV])
+ return log_warning_errno(-ENODATA, "No auxv data, not adjusting permissions.");
+
+ uint8_t elf[EI_NIDENT];
+ errno = 0;
+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf))
+ return log_warning_errno(errno > 0 ? -errno : -EIO,
+ "Failed to pread from coredump fd: %s",
+ errno > 0 ? STRERROR(errno) : "Unexpected EOF");
+
+ if (elf[EI_MAG0] != ELFMAG0 ||
+ elf[EI_MAG1] != ELFMAG1 ||
+ elf[EI_MAG2] != ELFMAG2 ||
+ elf[EI_MAG3] != ELFMAG3 ||
+ elf[EI_VERSION] != EV_CURRENT)
+ return log_info_errno(-EUCLEAN,
+ "Core file does not have ELF header, not adjusting permissions.");
+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) ||
+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB))
+ return log_info_errno(-EUCLEAN,
+ "Core file has strange ELF class, not adjusting permissions.");
+
+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN))
+ return log_info_errno(-EUCLEAN,
+ "Core file has non-native endianness, not adjusting permissions.");
+
+ if (elf[EI_CLASS] == ELFCLASS64)
+ r = parse_auxv64((const uint64_t*) context->meta[CONTEXT_PROC_AUXV],
+ context->meta_size[CONTEXT_PROC_AUXV],
+ &at_secure, &uid, &euid, &gid, &egid);
+ else
+ r = parse_auxv32((const uint32_t*) context->meta[CONTEXT_PROC_AUXV],
+ context->meta_size[CONTEXT_PROC_AUXV],
+ &at_secure, &uid, &euid, &gid, &egid);
+ if (r < 0)
+ return r;
+
+ /* We allow access if we got all the data and at_secure is not set and
+ * the uid/gid matches euid/egid. */
+ bool ret =
+ at_secure == 0 &&
+ uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
+ gid != GID_INVALID && egid != GID_INVALID && gid == egid;
+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)",
+ ret ? "permit" : "restrict",
+ uid, euid, gid, egid, yes_no(at_secure));
+ return ret;
+}
+
static int save_external_coredump(
const Context *context,
int input_fd,
@@ -395,6 +551,8 @@ static int save_external_coredump(
goto fail;
}
+ bool allow_user = grant_user_access(fd, context) > 0;
+
#if HAVE_XZ || HAVE_LZ4
/* If we will remove the coredump anyway, do not compress. */
if (arg_compress && !maybe_remove_external_coredump(NULL, st.st_size)) {
@@ -420,7 +578,7 @@ static int save_external_coredump(
goto fail_compressed;
}
- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user);
if (r < 0)
goto fail_compressed;
@@ -443,7 +601,7 @@ static int save_external_coredump(
uncompressed:
#endif
- r = fix_permissions(fd, tmp, fn, context, uid);
+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user);
if (r < 0)
goto fail;
@@ -842,6 +1000,7 @@ static void map_context_fields(const struct iovec *iovec, Context *context) {
[CONTEXT_HOSTNAME] = "COREDUMP_HOSTNAME=",
[CONTEXT_COMM] = "COREDUMP_COMM=",
[CONTEXT_EXE] = "COREDUMP_EXE=",
+ [CONTEXT_PROC_AUXV] = "COREDUMP_PROC_AUXV=",
};
unsigned i;
@@ -862,6 +1021,7 @@ static void map_context_fields(const struct iovec *iovec, Context *context) {
/* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the
* buffer, though not included in the iov_len count. (see below) */
context->meta[i] = p;
+ context->meta_size[i] = iovec->iov_len - strlen(context_field_names[i]);
break;
}
}
@@ -1070,7 +1230,7 @@ static int gather_pid_metadata(
char **comm_fallback,
struct iovec *iovec, size_t *n_iovec) {
- /* We need 27 empty slots in iovec!
+ /* We need 28 empty slots in iovec!
*
* Note that if we fail on oom later on, we do not roll-back changes to the iovec structure. (It remains valid,
* with the first n_iovec fields initialized.) */
@@ -1078,6 +1238,7 @@ static int gather_pid_metadata(
uid_t owner_uid;
pid_t pid;
char *t;
+ size_t size;
const char *p;
int r, signo;
@@ -1187,6 +1348,19 @@ static int gather_pid_metadata(
if (read_full_file(p, &t, NULL) >=0)
set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_MOUNTINFO=", t);
+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */
+ p = procfs_file_alloca(pid, "auxv");
+ if (read_full_file(p, &t, &size) >= 0) {
+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1);
+ if (buf) {
+ /* Add a dummy terminator to make save_context() happy. */
+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0';
+ iovec[(*n_iovec)++] = IOVEC_MAKE(buf, size + strlen("COREDUMP_PROC_AUXV="));
+ }
+
+ free(t);
+ }
+
if (get_process_cwd(pid, &t) >= 0)
set_iovec_field_free(iovec, n_iovec, "COREDUMP_CWD=", t);
@@ -1219,7 +1393,7 @@ static int gather_pid_metadata(
static int process_kernel(int argc, char* argv[]) {
Context context = {};
- struct iovec iovec[29 + SUBMIT_COREDUMP_FIELDS];
+ struct iovec iovec[30 + SUBMIT_COREDUMP_FIELDS];
size_t i, n_iovec, n_to_free = 0;
int r;

70
SOURCES/0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch Normal file
View File

@ -0,0 +1,70 @@
From a55bdb007ca24900a704f72359305b04125d9e05 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Apr 2022 10:13:43 +0200
Subject: [PATCH] logind: remember our idle state and use it to detect idle
level transitions
Fixes #16391
(cherry picked from commit 4e2cfb778b9ed7f22ee98f48f28cf8678d25ad32)
Resolved: #1866955
---
src/login/logind.c | 23 +++++++++++++++++++----
src/login/logind.h | 1 +
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/login/logind.c b/src/login/logind.c
index 6b576dad0d..bb1d3f3523 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -1027,18 +1027,33 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us
n = now(CLOCK_MONOTONIC);
r = manager_get_idle_hint(m, &since);
- if (r <= 0)
+ if (r <= 0) {
/* Not idle. Let's check if after a timeout it might be idle then. */
elapse = n + m->idle_action_usec;
- else {
+ m->was_idle = false;
+ } else {
+
/* Idle! Let's see if it's time to do something, or if
* we shall sleep for longer. */
if (n >= since.monotonic + m->idle_action_usec &&
(m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) {
- log_info("System idle. Taking action.");
+ bool is_edge = false;
+
+ /* We weren't idle previously or some activity happened while we were sleeping, and now we are
+ * idle. Let's remember that for the next time and make this an edge transition. */
+ if (!m->was_idle || since.monotonic >= m->idle_action_not_before_usec) {
+ is_edge = true;
+ m->was_idle = true;
+ }
+
+ if (m->idle_action == HANDLE_LOCK && !is_edge)
+ /* We are idle and we were before so we are actually not taking any action. */
+ log_debug("System idle.");
+ else
+ log_info("System idle. Doing %s operation.", handle_action_to_string(m->idle_action));
- manager_handle_action(m, 0, m->idle_action, false, false);
+ manager_handle_action(m, 0, m->idle_action, false, is_edge);
m->idle_action_not_before_usec = n;
}
diff --git a/src/login/logind.h b/src/login/logind.h
index 606adf4fe6..b9b4a5113f 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -101,6 +101,7 @@ struct Manager {
usec_t idle_action_usec;
usec_t idle_action_not_before_usec;
HandleAction idle_action;
+ bool was_idle;
usec_t stop_idle_session_usec;

103
SOURCES/0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch Normal file
View File

@ -0,0 +1,103 @@
From 1925845dc10330e4b48fec68333fac6ef2b7bf5c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Jun 2022 08:56:08 +0900
Subject: [PATCH] test: import logind test from debian/ubuntu test suite
[dtardon: Picked just the scaffolding, not the tests themselves.]
(cherry picked from commit 9c94ab0f6ff22da4278a6e9a93ddc480607c55ac)
Related: #1866955
---
test/TEST-35-LOGIN/Makefile | 1 +
test/TEST-35-LOGIN/test.sh | 55 +++++++++++++++++++++++++++++++++
test/TEST-35-LOGIN/testsuite.sh | 9 ++++++
3 files changed, 65 insertions(+)
create mode 120000 test/TEST-35-LOGIN/Makefile
create mode 100755 test/TEST-35-LOGIN/test.sh
create mode 100755 test/TEST-35-LOGIN/testsuite.sh
diff --git a/test/TEST-35-LOGIN/Makefile b/test/TEST-35-LOGIN/Makefile
new file mode 120000
index 0000000000..e9f93b1104
--- /dev/null
+++ b/test/TEST-35-LOGIN/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
new file mode 100755
index 0000000000..32410c8149
--- /dev/null
+++ b/test/TEST-35-LOGIN/test.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+TEST_DESCRIPTION="LOGIN"
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+test_setup() {
+ create_empty_image
+ mkdir -p "$TESTDIR"/root
+ mount "${LOOPDEV}p1" "$TESTDIR"/root
+
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
+
+ setup_basic_environment
+
+ inst_binary pkill
+ inst_binary useradd
+ inst_binary userdel
+
+ # mask some services that we do not want to run in these tests
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.socket
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-resolved.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-machined.service
+
+ # setup the testsuite service
+ cat >"$initdir"/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+
+[Service]
+ExecStart=/bin/bash -x /testsuite.sh
+Type=oneshot
+StandardOutput=tty
+StandardError=tty
+NotifyAccess=all
+EOF
+ cp testsuite.sh "$initdir"/
+
+ setup_testsuite
+ ) || return 1
+ setup_nspawn_root
+
+ ddebug "umount $TESTDIR/root"
+ umount "$TESTDIR"/root
+}
+
+do_test "$@"
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
new file mode 100755
index 0000000000..9855b4bc80
--- /dev/null
+++ b/test/TEST-35-LOGIN/testsuite.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+: >/failed
+
+touch /testok
+rm /failed

37
SOURCES/0865-test-introduce-inst_recursive-helper-function.patch Normal file
View File

@ -0,0 +1,37 @@
From 21c281585983fe2efc2b74d712d98ff7e6c013b1 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 14 Jun 2022 09:11:00 +0900
Subject: [PATCH] test: introduce inst_recursive() helper function
(cherry picked from commit da0465dc95388afc15598357452afef85035c639)
Related: #1866955
---
test/test-functions | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 19363be858..9606a1b085 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1224,6 +1224,20 @@ inst_any() {
return 1
}
+inst_recursive() {
+ local p item
+
+ for p in "$@"; do
+ while read -r item; do
+ if [[ -d "$item" ]]; then
+ inst_dir "$item"
+ elif [[ -f "$item" ]]; then
+ inst_simple "$item"
+ fi
+ done < <(find "$p" 2>/dev/null)
+ done
+}
+
# dracut_install [-o ] <file> [<file> ... ]
# Install <file> to the initramfs image
# -o optionally install the <file> and don't fail, if it is not there

148
SOURCES/0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch Normal file
View File

@ -0,0 +1,148 @@
From 638c2418e705410344e07e77f944530df0f4608f Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 1 Jul 2022 12:59:57 +0200
Subject: [PATCH] tests: verify that Lock D-Bus signal is sent when
IdleAction=lock
(cherry picked from commit 181656fc0faa885d69bc34822b8e9b5de3fdf6bf)
Related: #1866955
---
test/TEST-35-LOGIN/test.sh | 11 +++-
test/TEST-35-LOGIN/testsuite.sh | 93 +++++++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 1 deletion(-)
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
index 32410c8149..f83afcff49 100755
--- a/test/TEST-35-LOGIN/test.sh
+++ b/test/TEST-35-LOGIN/test.sh
@@ -14,14 +14,23 @@ test_setup() {
(
LOG_LEVEL=5
- eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
+ eval "$(udevadm info --export --query=env --name="${LOOPDEV}p2")"
setup_basic_environment
+ inst_binary awk
inst_binary pkill
inst_binary useradd
inst_binary userdel
+ if command -v expect >/dev/null && command -v tclsh >/dev/null ; then
+ # shellcheck disable=SC2016
+ version="$(tclsh <<< 'puts $tcl_version')"
+
+ dracut_install expect
+ inst_recursive /usr/lib64/tcl"$version" /usr/share/tcl"$version"
+ fi
+
# mask some services that we do not want to run in these tests
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
index 9855b4bc80..e4d72beb74 100755
--- a/test/TEST-35-LOGIN/testsuite.sh
+++ b/test/TEST-35-LOGIN/testsuite.sh
@@ -3,7 +3,100 @@
set -eux
set -o pipefail
+setup_idle_action_lock() {
+ useradd testuser ||:
+
+ mkdir -p /run/systemd/logind.conf.d/
+ cat >/run/systemd/logind.conf.d/idle-action-lock.conf <<EOF
+[Login]
+IdleAction=lock
+IdleActionSec=1s
+EOF
+
+ mkdir -p /run/systemd/systemd-logind.service.d/
+ cat >/run/systemd/systemd-logind.service.d/debug.conf <<EOF
+[Service]
+Environment=SYSTEMD_LOG_LEVEL=debug
+EOF
+
+ systemctl restart systemd-logind.service
+}
+
+teardown_idle_action_lock() {(
+ set +ex
+ rm -f /run/systemd/logind.conf.d/idle-action-lock.conf
+ rm -f /run/systemd/systemd-logind.service.d/debug.conf
+ pkill -9 -u "$(id -u testuser)"
+ userdel -r testuser
+ systemctl restart systemd-logind.service
+)}
+
+test_lock_idle_action() {
+ if ! command -v expect >/dev/null ; then
+ echo >&2 "expect not installed, skiping test ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ setup_idle_action_lock
+ trap teardown_idle_action_lock RETURN
+
+ if loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -q testuser ; then
+ echo >&2 "Session of the \'testuser\' is already present."
+ return 1
+ fi
+
+ # IdleActionSec is set 1s but the accuracy of associated timer is 30s so we
+ # need to sleep in worst case for 31s to make sure timer elapsed. We sleep
+ # here for 35s to accomodate for any possible scheudling delays.
+ cat > /tmp/test.exp <<EOF
+spawn systemd-run -G -t -p PAMName=login -p User=testuser bash
+send "sleep 35\r"
+send "echo foobar\r"
+send "sleep 35\r"
+send "exit\r"
+interact
+wait
+EOF
+
+ ts="$(date '+%H:%M:%S')"
+ busctl --match "type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.login1.Session',member='Lock'" monitor > dbus.log &
+
+ expect /tmp/test.exp &
+
+ # Sleep a bit to give expect time to spawn systemd-run before we check for
+ # the presence of resulting session.
+ sleep 2
+ if [ "$(loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -c testuser)" != 1 ] ; then
+ echo >&2 "\'testuser\' is expected to have exactly one session running."
+ return 1
+ fi
+
+ wait %2
+ sleep 20
+ kill %1
+
+ # We slept for 35s , in that interval all sessions should have become idle
+ # and "Lock" signal should have been sent out. Then we wrote to tty to make
+ # session active again and next we slept for another 35s so sessions have
+ # become idle again. 'Lock' signal is sent out for each session, we have at
+ # least one session, so minimum of 2 "Lock" signals must have been sent.
+ if [ "$(grep -c Member=Lock dbus.log)" -lt 2 ]; then
+ echo >&2 "Too few 'Lock' D-Bus signal sent, expected at least 2."
+ return 1
+ fi
+
+ journalctl -b -u systemd-logind.service --since="$ts" > logind.log
+ if [ "$(grep -c 'System idle. Doing lock operation.' logind.log)" -lt 2 ]; then
+ echo >&2 "System haven't entered idle state at least 2 times."
+ return 1
+ fi
+
+ rm -f dbus.log logind.log
+}
+
: >/failed
+test_lock_idle_action
+
touch /testok
rm /failed

86
SOURCES/0867-systemctl-simplify-halt_main.patch Normal file
View File

@ -0,0 +1,86 @@
From 797b00e6a6f33d2b74beba02f678bf4d12e2146b Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 14 Dec 2021 17:27:05 +0100
Subject: [PATCH] systemctl: simplify halt_main()
The code at this point is not able to tell whether it was called as
halt/poweroff/reboot or shutdown with time "now".
The code also takes a shortcut to skip logind if called as root.
That however means asking shutdown for immediate action won't trigger a
wall message.
As per https://github.com/systemd/systemd/issues/8424#issuecomment-374677315
all commands should trigger a wall message.
That simplifies the code as we can try logind first always.
(cherry picked from commit adefc8789b63225662e50ceaa282f9553b5c64eb)
Resolves: #2053273
---
src/systemctl/systemctl.c | 44 ++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 26 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index b967550b97..4bedb52f2a 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8658,34 +8658,23 @@ static int logind_schedule_shutdown(void) {
static int halt_main(void) {
int r;
- r = logind_check_inhibitors(arg_action);
- if (r < 0)
- return r;
-
+ /* always try logind first */
if (arg_when > 0)
- return logind_schedule_shutdown();
-
- if (geteuid() != 0) {
- if (arg_dry_run || arg_force > 0) {
- (void) must_be_root();
- return -EPERM;
- }
+ r = logind_schedule_shutdown();
+ else {
+ r = logind_check_inhibitors(arg_action);
+ if (r < 0)
+ return r;
- /* Try logind if we are a normal user and no special
- * mode applies. Maybe PolicyKit allows us to shutdown
- * the machine. */
- if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
- r = logind_reboot(arg_action);
- if (r >= 0)
- return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* requested operation is not
- * supported on the local system or
- * already in progress */
- return r;
- /* on all other errors, try low-level operation */
- }
+ r = logind_reboot(arg_action);
}
+ if (r >= 0)
+ return r;
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation is not supported on the local system or already in
+ * progress */
+ return r;
+ /* on all other errors, try low-level operation */
/* In order to minimize the difference between operation with and
* without logind, we explicitly enable non-blocking mode for this,
@@ -8695,7 +8684,10 @@ static int halt_main(void) {
if (!arg_dry_run && !arg_force)
return start_with_fallback();
- assert(geteuid() == 0);
+ if (geteuid() != 0) {
+ (void) must_be_root();
+ return -EPERM;
+ }
if (!arg_no_wtmp) {
if (sd_booted() > 0)

51
SOURCES/0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch Normal file
View File

@ -0,0 +1,51 @@
From 1d63577410cde215c04921d62f435259a6b258d7 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Mon, 20 Dec 2021 18:05:50 +0100
Subject: [PATCH] systemctl: shutdown don't fallback on auth fail
For shutdowns don't fall back to starting the target directly if talking
to logind failed with auth failure. That would just lead to another
polkit auth attempt.
(cherry picked from commit 38d55bf2641f345445cb4e6a5e5e808555591db2)
Related: #2053273
---
src/systemctl/systemctl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 4bedb52f2a..199f736f7f 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -3675,8 +3675,8 @@ static int start_special(int argc, char *argv[], void *userdata) {
r = logind_reboot(a);
if (r >= 0)
return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* requested operation is not supported or already in progress */
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation requires auth, is not supported or already in progress */
return r;
/* On all other errors, try low-level operation. In order to minimize the difference between
@@ -8644,7 +8644,7 @@ static int logind_schedule_shutdown(void) {
action,
arg_when);
if (r < 0)
- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
+ return log_warning_errno(r, "Failed to schedule shutdown: %s", bus_error_message(&error, r));
if (!arg_quiet)
log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when));
@@ -8670,8 +8670,8 @@ static int halt_main(void) {
}
if (r >= 0)
return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* Requested operation is not supported on the local system or already in
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation requires auth, is not supported on the local system or already in
* progress */
return r;
/* on all other errors, try low-level operation */

82
SOURCES/0869-systemctl-reintroduce-the-original-halt_main.patch Normal file
View File

@ -0,0 +1,82 @@
From d36295d7c1b110d150b7af6e3354c28af4c4884d Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 30 Jan 2023 14:27:24 +0100
Subject: [PATCH] systemctl: reintroduce the original halt_main()
RHEL-only
Related: #2053273
---
src/systemctl/systemctl.c | 59 +++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 199f736f7f..a26e4a913a 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8655,6 +8655,65 @@ static int logind_schedule_shutdown(void) {
#endif
}
+static int halt_main_old(void) {
+ int r;
+
+ r = logind_check_inhibitors(arg_action);
+ if (r < 0)
+ return r;
+
+ if (arg_when > 0)
+ return logind_schedule_shutdown();
+
+ if (geteuid() != 0) {
+ if (arg_dry_run || arg_force > 0) {
+ (void) must_be_root();
+ return -EPERM;
+ }
+
+ /* Try logind if we are a normal user and no special
+ * mode applies. Maybe PolicyKit allows us to shutdown
+ * the machine. */
+ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
+ r = logind_reboot(arg_action);
+ if (r >= 0)
+ return r;
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+ /* requested operation is not
+ * supported on the local system or
+ * already in progress */
+ return r;
+ /* on all other errors, try low-level operation */
+ }
+ }
+
+ /* In order to minimize the difference between operation with and
+ * without logind, we explicitly enable non-blocking mode for this,
+ * as logind's shutdown operations are always non-blocking. */
+ arg_no_block = true;
+
+ if (!arg_dry_run && !arg_force)
+ return start_with_fallback();
+
+ assert(geteuid() == 0);
+
+ if (!arg_no_wtmp) {
+ if (sd_booted() > 0)
+ log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");
+ else {
+ r = utmp_put_shutdown();
+ if (r < 0)
+ log_warning_errno(r, "Failed to write utmp record: %m");
+ }
+ }
+
+ if (arg_dry_run)
+ return 0;
+
+ r = halt_now(arg_action);
+ return log_error_errno(r, "Failed to reboot: %m");
+}
+
static int halt_main(void) {
int r;

44
SOURCES/0870-systemctl-preserve-old-behavior-unless-requested.patch Normal file
View File

@ -0,0 +1,44 @@
From 74632586b46c7e88b09c57eec50f9c4aed254b98 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 30 Jan 2023 14:31:23 +0100
Subject: [PATCH] systemctl: preserve old behavior unless requested
Currently, the legacy shutdown commands ignore inhibitors and reboot
immediately if run by root. Let's preserve that behavior in RHEL-8 by
default. The new behavior can be turned on by those who want it by
exporting SYSTEMD_NEW_SHUTDOWN=1 .
RHEL-only
Related: #2053273
---
src/systemctl/systemctl.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a26e4a913a..1546119ce5 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8714,7 +8714,7 @@ static int halt_main_old(void) {
return log_error_errno(r, "Failed to reboot: %m");
}
-static int halt_main(void) {
+static int halt_main_new(void) {
int r;
/* always try logind first */
@@ -8765,6 +8765,13 @@ static int halt_main(void) {
return log_error_errno(r, "Failed to reboot: %m");
}
+static int halt_main(void) {
+ if (getenv_bool("SYSTEMD_NEW_SHUTDOWN") > 0)
+ return halt_main_new();
+ else
+ return halt_main_old();
+}
+
static int runlevel_main(void) {
int r, runlevel, previous;

43
SOURCES/0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch Normal file
View File

@ -0,0 +1,43 @@
From ea3910e561f043f5a131a846862955c77169da1b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 19 Nov 2018 11:39:45 +0100
Subject: [PATCH] pam_systemd: suppress LOG_DEBUG log messages if debugging is
off
In the PAM module we need to suppress LOG_DEBUG messages manually, if
debug logging is not on, as PAM won't do this for us. We did this
correctly for most log messages already, but two were missing. Let's fix
those too.
Fixes: #10822
(cherry picked from commit 2675747f3cdd6f1e6236bbb2f79abfa53fb307f1)
Resolves: #2170084
---
src/login/pam_systemd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 64e1b4d1bf..c87e980b18 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -476,7 +476,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
}
if (seat && !streq(seat, "seat0") && vtnr != 0) {
- pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
+ if (debug)
+ pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
vtnr = 0;
}
@@ -577,7 +578,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
r = sd_bus_call(bus, m, 0, &error, &reply);
if (r < 0) {
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
- pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
+ if (debug)
+ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
return PAM_SUCCESS;
} else {
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));

50
SOURCES/0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch Normal file
View File

@ -0,0 +1,50 @@
From 33351e103734188a4a30b88e7f2ea0613d628599 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 Feb 2023 15:56:52 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.8
RHEL-only
Resolves: #2170499
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a567483995..3cc7719e99 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -328,6 +328,12 @@
for that, the limit is increased to now 65535.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.8</constant></term>
+
+ <para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index df84acf27c..ef2bb1b08e 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -141,6 +141,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX,
+ NAMING_RHEL_8_8 = NAMING_RHEL_8_7,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -161,6 +162,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.5", NAMING_RHEL_8_5 },
{ "rhel-8.6", NAMING_RHEL_8_6 },
{ "rhel-8.7", NAMING_RHEL_8_7 },
+ { "rhel-8.8", NAMING_RHEL_8_8 },
/* … add more schemes here, as the logic to name devices is updated … */
};

1
SOURCES/systemd-user
View File

@ -8,4 +8,5 @@ account include system-auth
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session required pam_namespace.so
session include system-auth

104
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 67%{?dist}
Release: 72%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -875,6 +875,53 @@ Patch0822: 0822-shutdown-get-only-active-md-arrays.patch
Patch0823: 0823-scope-allow-unprivileged-delegation-on-scopes.patch
Patch0824: 0824-resolved-pin-stream-while-calling-callbacks-for-it.patch
Patch0825: 0825-ci-functions-Add-useradd-and-userdel.patch
Patch0826: 0826-logind-optionally-watch-utmp-for-login-data.patch
Patch0827: 0827-logind-add-hashtable-for-finding-session-by-leader-P.patch
Patch0828: 0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch
Patch0829: 0829-sd-event-add-relative-timer-calls.patch
Patch0830: 0830-logind-add-option-to-stop-idle-sessions-after-specif.patch
Patch0831: 0831-logind-schedule-idle-check-full-interval-from-now-if.patch
Patch0832: 0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch
Patch0833: 0833-meson-do-not-compare-objects-of-different-types.patch
Patch0834: 0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch
Patch0835: 0835-Fix-build-with-httpd-0.9.71.patch
Patch0836: 0836-ci-replace-LGTM-with-CodeQL.patch
Patch0837: 0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch
Patch0838: 0838-time-util-fix-buffer-over-run.patch
Patch0839: 0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch
Patch0840: 0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch
Patch0841: 0841-manager-move-inc.-of-n_reloading-into-a-function.patch
Patch0842: 0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch
Patch0843: 0843-core-Indicate-the-time-when-the-manager-started-load.patch
Patch0844: 0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch
Patch0845: 0845-sysctl-downgrade-message-when-we-have-no-permission.patch
Patch0846: 0846-core-respect-SELinuxContext-for-socket-creation.patch
Patch0847: 0847-manager-use-target-process-context-to-set-socket-con.patch
Patch0848: 0848-virt-detect-Amazon-EC2-Nitro-instance.patch
Patch0849: 0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch
Patch0850: 0850-virt-use-string-table-to-detect-VM-or-container.patch
Patch0851: 0851-fileio-introduce-read_full_virtual_file-for-reading-.patch
Patch0852: 0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch
Patch0853: 0853-device-drop-refuse_after.patch
Patch0854: 0854-manager-limit-access-to-private-dbus-socket.patch
Patch0855: 0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch
Patch0856: 0856-core-bring-manager_startup-and-manager_reload-more-i.patch
Patch0857: 0857-pam-add-a-call-to-pam_namespace.patch
Patch0858: 0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch
Patch0859: 0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch
Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch
Patch0861: 0861-coredump-put-context-array-into-a-struct.patch
Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch
Patch0863: 0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch
Patch0864: 0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch
Patch0865: 0865-test-introduce-inst_recursive-helper-function.patch
Patch0866: 0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch
Patch0867: 0867-systemctl-simplify-halt_main.patch
Patch0868: 0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch
Patch0869: 0869-systemctl-reintroduce-the-original-halt_main.patch
Patch0870: 0870-systemctl-preserve-old-behavior-unless-requested.patch
Patch0871: 0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch
Patch0872: 0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
@ -1504,6 +1551,61 @@ fi
%files tests -f .file-list-tests
%changelog
* Fri Feb 17 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-72
- test: import logind test from debian/ubuntu test suite (#1866955)
- test: introduce inst_recursive() helper function (#1866955)
- tests: verify that Lock D-Bus signal is sent when IdleAction=lock (#1866955)
- systemctl: simplify halt_main() (#2053273)
- systemctl: shutdown don't fallback on auth fail (#2053273)
- systemctl: reintroduce the original halt_main() (#2053273)
- systemctl: preserve old behavior unless requested (#2053273)
- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (#2170084)
- udev/net_id: introduce naming scheme for RHEL-8.8 (#2170499)
- pam: add a call to pam_namespace (#1861836)
* Tue Jan 31 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-71
- manager: limit access to private dbus socket (#2119405)
- journalctl: do not treat EINTR as an error when waiting for events (#2161683)
- core: bring manager_startup() and manager_reload() more inline (#2059633)
- pam: add a call to pam_namespace (#1861836)
- virt: Support detection for ARM64 Hyper-V guests (#2158307)
- virt: Fix the detection for Hyper-V VMs (#2158307)
- basic: add STRERROR() wrapper for strerror_r() (#2155520)
- coredump: put context array into a struct (#2155520)
- coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155520)
* Mon Jan 16 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-70
- basic: recognize pdfs filesystem as a network filesystem (#2094661)
- core: move reset_arguments() to the end of main's finish (#2127131)
- manager: move inc. of n_reloading into a function (#2136869)
- core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic (#2136869)
- core: Indicate the time when the manager started loading units the last time (#2136869)
- core: do not touch /run/systemd/systemd-units-load from user session instances (#2136869)
- sysctl: downgrade message when we have no permission (#2158160)
- core: respect SELinuxContext= for socket creation (#2136738)
- manager: use target process context to set socket context (#2136738)
- virt: detect Amazon EC2 Nitro instance (#2117948)
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 (#2117948)
- virt: use string table to detect VM or container (#2117948)
- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (#2117948)
- Use BIOS characteristics to distinguish EC2 bare-metal from VMs (#2117948)
- device: drop refuse_after (#2043524)
* Tue Nov 08 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-69
- logind: optionally watch utmp for login data (#2122288)
- logind: add hashtable for finding session by leader PID (#2122288)
- core/load-fragment: move config_parse_sec_fix_0 to src/shared (#2122288)
- sd-event: add relative timer calls (#2122288)
- logind: add option to stop idle sessions after specified timeout (#2122288)
- logind: schedule idle check full interval from now if we couldn't figure out atime timestamp (#2122288)
- ci(lint): add shell linter - Differential ShellCheck (#2122499)
- meson: do not compare objects of different types (#2122499)
- journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 (#2122499)
- Fix build with µhttpd 0.9.71 (#2122499)
- ci: replace LGTM with CodeQL (#2122499)
- ci(mergify): Update policy - Drop LGTM checks (#2122499)
- time-util: fix buffer-over-run (#2139391)
* Fri Aug 26 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-67
- resolved: pin stream while calling callbacks for it (#2110549)
- ci(functions): Add `useradd` and `userdel` (#2110549)