Update to v235
This commit is contained in:
parent
ac49c72d1e
commit
3cb1145229
@ -1,23 +0,0 @@
|
||||
From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Bicha <jbicha@ubuntu.com>
|
||||
Date: Thu, 13 Jul 2017 10:44:33 -0400
|
||||
Subject: [PATCH] escape: Fix help description (#6352)
|
||||
|
||||
Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422)
|
||||
---
|
||||
src/escape/escape.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/escape/escape.c b/src/escape/escape.c
|
||||
index af98c98e40..89e885d47c 100644
|
||||
--- a/src/escape/escape.c
|
||||
+++ b/src/escape/escape.c
|
||||
@@ -38,7 +38,7 @@ static bool arg_path = false;
|
||||
|
||||
static void help(void) {
|
||||
printf("%s [OPTIONS...] [NAME...]\n\n"
|
||||
- "Show system and user paths.\n\n"
|
||||
+ "Escape strings for usage in system unit names.\n\n"
|
||||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
" --suffix=SUFFIX Unit suffix to append to escaped strings\n"
|
249
0001-po-update-Polish-translation-7015.patch
Normal file
249
0001-po-update-Polish-translation-7015.patch
Normal file
@ -0,0 +1,249 @@
|
||||
From b32bceb6c319f5a7b61f8bbfc14af8bb43effc11 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Piotr=20Dr=C4=85g?= <piotrdrag@gmail.com>
|
||||
Date: Fri, 6 Oct 2017 16:10:33 +0200
|
||||
Subject: [PATCH] po: update Polish translation (#7015)
|
||||
|
||||
---
|
||||
po/pl.po | 104 +++++++++++++++++++++++++++++++++++++++++----------------------
|
||||
1 file changed, 68 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/po/pl.po b/po/pl.po
|
||||
index c289a2cd4c..0c8bec37dd 100644
|
||||
--- a/po/pl.po
|
||||
+++ b/po/pl.po
|
||||
@@ -1,15 +1,15 @@
|
||||
# Polish translation for systemd.
|
||||
-# Copyright © 2011-2016 the systemd authors.
|
||||
+# Copyright © 2011-2017 the systemd authors.
|
||||
# This file is distributed under the same license as the systemd package.
|
||||
-# Piotr Drąg <piotrdrag@gmail.com>, 2011, 2013-2016.
|
||||
+# Piotr Drąg <piotrdrag@gmail.com>, 2011, 2013-2017.
|
||||
# Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>, 2011.
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: systemd\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
-"POT-Creation-Date: 2016-10-05 19:01+0200\n"
|
||||
-"PO-Revision-Date: 2016-10-05 19:02+0200\n"
|
||||
+"POT-Creation-Date: 2017-10-06 15:29+0200\n"
|
||||
+"PO-Revision-Date: 2017-10-05 15:30+0200\n"
|
||||
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
|
||||
"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
|
||||
"Language: pl\n"
|
||||
@@ -89,7 +89,7 @@ msgid ""
|
||||
"as well as the pretty host name."
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby ustawić statycznie skonfigurowaną nazwę "
|
||||
-"lokalnego komputera, a także jego ładną nazwę."
|
||||
+"lokalnego komputera, a także jego nazwę czytelną dla człowieka."
|
||||
|
||||
#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
|
||||
msgid "Set machine information"
|
||||
@@ -347,18 +347,50 @@ msgstr ""
|
||||
"zażądał jego wstrzymania."
|
||||
|
||||
#: ../src/login/org.freedesktop.login1.policy.in.h:39
|
||||
+msgid "Halt the system"
|
||||
+msgstr "Zatrzymanie systemu"
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:40
|
||||
+msgid "Authentication is required for halting the system."
|
||||
+msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać system."
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:41
|
||||
+msgid "Halt the system while other users are logged in"
|
||||
+msgstr "Zatrzymanie systemu, kiedy są zalogowani inni użytkownicy"
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:42
|
||||
+msgid ""
|
||||
+"Authentication is required for halting the system while other users are "
|
||||
+"logged in."
|
||||
+msgstr ""
|
||||
+"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy są zalogowani "
|
||||
+"inni użytkownicy."
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:43
|
||||
+msgid "Halt the system while an application asked to inhibit it"
|
||||
+msgstr "Zatrzymanie systemu, kiedy program zażądał jego wstrzymania"
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:44
|
||||
+msgid ""
|
||||
+"Authentication is required for halting the system while an application asked "
|
||||
+"to inhibit it."
|
||||
+msgstr ""
|
||||
+"Wymagane jest uwierzytelnienie, aby zatrzymać system, kiedy program zażądał "
|
||||
+"jego wstrzymania."
|
||||
+
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:45
|
||||
msgid "Suspend the system"
|
||||
msgstr "Uśpienie systemu"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:40
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:46
|
||||
msgid "Authentication is required for suspending the system."
|
||||
msgstr "Wymagane jest uwierzytelnienie, aby uśpić system."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:41
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:47
|
||||
msgid "Suspend the system while other users are logged in"
|
||||
msgstr "Uśpienie systemu, kiedy są zalogowani inni użytkownicy"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:42
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:48
|
||||
msgid ""
|
||||
"Authentication is required for suspending the system while other users are "
|
||||
"logged in."
|
||||
@@ -366,11 +398,11 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby uśpić system, kiedy są zalogowani inni "
|
||||
"użytkownicy."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:43
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:49
|
||||
msgid "Suspend the system while an application asked to inhibit it"
|
||||
msgstr "Uśpienie systemu, kiedy program zażądał jego wstrzymania"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:44
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:50
|
||||
msgid ""
|
||||
"Authentication is required for suspending the system while an application "
|
||||
"asked to inhibit it."
|
||||
@@ -378,19 +410,19 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby uśpić system, kiedy program zażądał jego "
|
||||
"wstrzymania."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:45
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:51
|
||||
msgid "Hibernate the system"
|
||||
msgstr "Hibernacja systemu"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:46
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:52
|
||||
msgid "Authentication is required for hibernating the system."
|
||||
msgstr "Wymagane jest uwierzytelnienie, aby zahibernować system."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:47
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:53
|
||||
msgid "Hibernate the system while other users are logged in"
|
||||
msgstr "Hibernacja systemu, kiedy są zalogowani inni użytkownicy"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:48
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:54
|
||||
msgid ""
|
||||
"Authentication is required for hibernating the system while other users are "
|
||||
"logged in."
|
||||
@@ -398,11 +430,11 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy są zalogowani "
|
||||
"inni użytkownicy."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:49
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:55
|
||||
msgid "Hibernate the system while an application asked to inhibit it"
|
||||
msgstr "Hibernacja systemu, kiedy program zażądał jej wstrzymania"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:50
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:56
|
||||
msgid ""
|
||||
"Authentication is required for hibernating the system while an application "
|
||||
"asked to inhibit it."
|
||||
@@ -410,31 +442,31 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zahibernować system, kiedy program "
|
||||
"zażądał jej wstrzymania."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:51
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:57
|
||||
msgid "Manage active sessions, users and seats"
|
||||
msgstr "Zarządzanie aktywnymi sesjami, użytkownikami i stanowiskami"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:52
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:58
|
||||
msgid ""
|
||||
"Authentication is required for managing active sessions, users and seats."
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zarządzać aktywnymi sesjami, "
|
||||
"użytkownikami i stanowiskami."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:53
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:59
|
||||
msgid "Lock or unlock active sessions"
|
||||
msgstr "Zablokowanie lub odblokowanie aktywnych sesji"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:54
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:60
|
||||
msgid "Authentication is required to lock or unlock active sessions."
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zablokować lub odblokować aktywne sesje."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:55
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:61
|
||||
msgid "Allow indication to the firmware to boot to setup interface"
|
||||
msgstr "Wskazanie oprogramowaniu sprzętowemu, aby uruchomić interfejs ustawień"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:56
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:62
|
||||
msgid ""
|
||||
"Authentication is required to indicate to the firmware to boot to setup "
|
||||
"interface."
|
||||
@@ -442,11 +474,11 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby wskazać oprogramowaniu sprzętowemu, że "
|
||||
"należy uruchomić interfejs ustawień."
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:57
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:63
|
||||
msgid "Set a wall message"
|
||||
msgstr "Ustawienie komunikatu wall"
|
||||
|
||||
-#: ../src/login/org.freedesktop.login1.policy.in.h:58
|
||||
+#: ../src/login/org.freedesktop.login1.policy.in.h:64
|
||||
msgid "Authentication is required to set a wall message"
|
||||
msgstr "Wymagane jest uwierzytelnienie, aby ustawić komunikat wall"
|
||||
|
||||
@@ -569,36 +601,36 @@ msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby kontrolować, czy włączyć synchronizację "
|
||||
"czasu przez sieć."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:459
|
||||
+#: ../src/core/dbus-unit.c:458
|
||||
msgid "Authentication is required to start '$(unit)'."
|
||||
-msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”."
|
||||
+msgstr "Wymagane jest uwierzytelnienie, aby uruchomić jednostkę „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:460
|
||||
+#: ../src/core/dbus-unit.c:459
|
||||
msgid "Authentication is required to stop '$(unit)'."
|
||||
-msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”."
|
||||
+msgstr "Wymagane jest uwierzytelnienie, aby zatrzymać jednostkę „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:461
|
||||
+#: ../src/core/dbus-unit.c:460
|
||||
msgid "Authentication is required to reload '$(unit)'."
|
||||
msgstr ""
|
||||
-"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”."
|
||||
+"Wymagane jest uwierzytelnienie, aby ponownie wczytać jednostkę „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:462 ../src/core/dbus-unit.c:463
|
||||
+#: ../src/core/dbus-unit.c:461 ../src/core/dbus-unit.c:462
|
||||
msgid "Authentication is required to restart '$(unit)'."
|
||||
msgstr ""
|
||||
-"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”."
|
||||
+"Wymagane jest uwierzytelnienie, aby ponownie uruchomić jednostkę „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:570
|
||||
+#: ../src/core/dbus-unit.c:569
|
||||
msgid "Authentication is required to kill '$(unit)'."
|
||||
msgstr ""
|
||||
-"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”."
|
||||
+"Wymagane jest uwierzytelnienie, aby wymusić wyłączenie jednostki „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:601
|
||||
+#: ../src/core/dbus-unit.c:600
|
||||
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby przywrócić stan „failed” (niepowodzenia) "
|
||||
"jednostki „$(unit)”."
|
||||
|
||||
-#: ../src/core/dbus-unit.c:634
|
||||
+#: ../src/core/dbus-unit.c:633
|
||||
msgid "Authentication is required to set properties on '$(unit)'."
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby ustawić właściwości jednostki „$(unit)”."
|
@ -1,51 +0,0 @@
|
||||
From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Hesse <mail@eworm.de>
|
||||
Date: Fri, 14 Jul 2017 18:28:28 +0200
|
||||
Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363)
|
||||
|
||||
* meson: install udev files 70-joystick.{rules,hwdb}
|
||||
* Makefile: install udev file 70-joystick.hwdb
|
||||
|
||||
(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f)
|
||||
---
|
||||
Makefile.am | 1 +
|
||||
hwdb/meson.build | 1 +
|
||||
rules/meson.build | 1 +
|
||||
3 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index c16e62280b..b95c93bb98 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \
|
||||
hwdb/60-evdev.hwdb \
|
||||
hwdb/60-keyboard.hwdb \
|
||||
hwdb/60-sensor.hwdb \
|
||||
+ hwdb/70-joystick.hwdb \
|
||||
hwdb/70-mouse.hwdb \
|
||||
hwdb/70-pointingstick.hwdb \
|
||||
hwdb/70-touchpad.hwdb
|
||||
diff --git a/hwdb/meson.build b/hwdb/meson.build
|
||||
index 74a93f9ccb..6fceff2b3b 100644
|
||||
--- a/hwdb/meson.build
|
||||
+++ b/hwdb/meson.build
|
||||
@@ -12,6 +12,7 @@ hwdb_files = files('''
|
||||
60-evdev.hwdb
|
||||
60-keyboard.hwdb
|
||||
60-sensor.hwdb
|
||||
+ 70-joystick.hwdb
|
||||
70-mouse.hwdb
|
||||
70-pointingstick.hwdb
|
||||
70-touchpad.hwdb
|
||||
diff --git a/rules/meson.build b/rules/meson.build
|
||||
index 0f818a506f..7f4725ad65 100644
|
||||
--- a/rules/meson.build
|
||||
+++ b/rules/meson.build
|
||||
@@ -12,6 +12,7 @@ rules = files('''
|
||||
60-sensor.rules
|
||||
60-serial.rules
|
||||
64-btrfs.rules
|
||||
+ 70-joystick.rules
|
||||
70-mouse.rules
|
||||
70-touchpad.rules
|
||||
75-net-description.rules
|
@ -1,22 +0,0 @@
|
||||
From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001
|
||||
From: IPv4v6 <mail.ipv4v6@gmail.com>
|
||||
Date: Sat, 15 Jul 2017 13:53:21 +0200
|
||||
Subject: [PATCH] add version argument to help function (#6377)
|
||||
|
||||
Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>(cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38)
|
||||
---
|
||||
src/core/main.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/core/main.c b/src/core/main.c
|
||||
index 88e2c92504..babcab4978 100644
|
||||
--- a/src/core/main.c
|
||||
+++ b/src/core/main.c
|
||||
@@ -1091,6 +1091,7 @@ static int help(void) {
|
||||
printf("%s [OPTIONS...]\n\n"
|
||||
"Starts up and maintains the system or user services.\n\n"
|
||||
" -h --help Show this help\n"
|
||||
+ " --version Show version\n"
|
||||
" --test Determine startup sequence, dump it and exit\n"
|
||||
" --no-pager Do not pipe output into a pager\n"
|
||||
" --dump-configuration-items Dump understood unit configuration items\n"
|
@ -1,79 +0,0 @@
|
||||
From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 15 Jul 2017 19:28:02 +0000
|
||||
Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl
|
||||
|
||||
So don't even try to added the filter to reduce noise.
|
||||
The test is updated to skip calling _sysctl because the kernel prints
|
||||
an oops-like message that is confusing and unhelpful:
|
||||
|
||||
Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080
|
||||
Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f)
|
||||
Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1
|
||||
Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017
|
||||
Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000
|
||||
Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4
|
||||
Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750
|
||||
Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000
|
||||
Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0
|
||||
Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020
|
||||
Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0
|
||||
Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0
|
||||
Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f
|
||||
Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000
|
||||
Jul 15 21:07:01 rpi3 kernel:
|
||||
|
||||
(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380)
|
||||
(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29)
|
||||
---
|
||||
src/shared/seccomp-util.c | 4 ++++
|
||||
src/test/test-seccomp.c | 4 ++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index 36843d4bf5..1a8bfbe416 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) {
|
||||
|
||||
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
|
||||
|
||||
+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64))
|
||||
+ /* No _sysctl syscall */
|
||||
+ continue;
|
||||
+
|
||||
r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW);
|
||||
if (r < 0)
|
||||
return r;
|
||||
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
|
||||
index efd145e063..50fe24c794 100644
|
||||
--- a/src/test/test-seccomp.c
|
||||
+++ b/src/test/test-seccomp.c
|
||||
@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) {
|
||||
assert_se(pid >= 0);
|
||||
|
||||
if (pid == 0) {
|
||||
+#if __NR__sysctl > 0
|
||||
assert_se(syscall(__NR__sysctl, NULL) < 0);
|
||||
assert_se(errno == EFAULT);
|
||||
+#endif
|
||||
|
||||
assert_se(seccomp_protect_sysctl() >= 0);
|
||||
|
||||
+#if __NR__sysctl > 0
|
||||
assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
|
||||
assert_se(errno == EPERM);
|
||||
+#endif
|
||||
|
||||
_exit(EXIT_SUCCESS);
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 15 Jul 2017 19:30:01 +0000
|
||||
Subject: [PATCH] seccomp: arm64 does not have mmap2
|
||||
|
||||
I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145.
|
||||
Unfortunately I didn't have the hardware at hand and went by
|
||||
looking at the kernel headers.
|
||||
|
||||
(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871)
|
||||
(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891)
|
||||
---
|
||||
src/shared/seccomp-util.c | 7 ++-----
|
||||
1 file changed, 2 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index 1a8bfbe416..637ee8526e 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) {
|
||||
|
||||
break;
|
||||
|
||||
- case SCMP_ARCH_AARCH64:
|
||||
- block_syscall = SCMP_SYS(mmap);
|
||||
- /* fall through */
|
||||
-
|
||||
case SCMP_ARCH_ARM:
|
||||
filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */
|
||||
shmat_syscall = SCMP_SYS(shmat);
|
||||
@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) {
|
||||
|
||||
case SCMP_ARCH_X86_64:
|
||||
case SCMP_ARCH_X32:
|
||||
- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */
|
||||
+ case SCMP_ARCH_AARCH64:
|
||||
+ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */
|
||||
shmat_syscall = SCMP_SYS(shmat);
|
||||
break;
|
||||
|
@ -1,41 +0,0 @@
|
||||
From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 15 Jul 2017 19:30:48 +0000
|
||||
Subject: [PATCH] test-seccomp: arm64 does not have access() and poll()
|
||||
|
||||
glibc uses faccessat and ppoll, so just add a filters for that.
|
||||
|
||||
(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490)
|
||||
(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1)
|
||||
---
|
||||
src/test/test-seccomp.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
|
||||
index 50fe24c794..28fe206507 100644
|
||||
--- a/src/test/test-seccomp.c
|
||||
+++ b/src/test/test-seccomp.c
|
||||
@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) {
|
||||
assert_se(poll(NULL, 0, 0) == 0);
|
||||
|
||||
assert_se(s = set_new(NULL));
|
||||
+#if SCMP_SYS(access) >= 0
|
||||
assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0);
|
||||
+#else
|
||||
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0);
|
||||
+#endif
|
||||
|
||||
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0);
|
||||
|
||||
@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) {
|
||||
s = set_free(s);
|
||||
|
||||
assert_se(s = set_new(NULL));
|
||||
+#if SCMP_SYS(poll) >= 0
|
||||
assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0);
|
||||
+#else
|
||||
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0);
|
||||
+#endif
|
||||
|
||||
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0);
|
||||
|
@ -1,31 +0,0 @@
|
||||
From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001
|
||||
From: NeilBrown <neil@brown.name>
|
||||
Date: Mon, 17 Jul 2017 18:03:34 +1000
|
||||
Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for
|
||||
non-devices (#6368)
|
||||
|
||||
If you specify "x-systemd.device-timeout" for an NFS mount
|
||||
point, you get no warning and a meaningless device unit
|
||||
dependency created.
|
||||
|
||||
Better to have a warning and no dependency.
|
||||
(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304)
|
||||
---
|
||||
src/shared/generator.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/shared/generator.c b/src/shared/generator.c
|
||||
index 6a78ebbda7..6a887e3aad 100644
|
||||
--- a/src/shared/generator.c
|
||||
+++ b/src/shared/generator.c
|
||||
@@ -182,6 +182,10 @@ int generator_write_timeouts(
|
||||
node = fstab_node_to_udev_node(what);
|
||||
if (!node)
|
||||
return log_oom();
|
||||
+ if (!is_device_path(node)) {
|
||||
+ log_warning("x-systemd.device-timeout ignored for %s", what);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
r = unit_name_from_path(node, ".device", &unit);
|
||||
if (r < 0)
|
@ -1,22 +0,0 @@
|
||||
From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001
|
||||
From: WaLyong Cho <walyong.cho@samsung.com>
|
||||
Date: Thu, 13 Jul 2017 13:06:34 +0900
|
||||
Subject: [PATCH] core: modify resource leak by SmackProcessLabel=
|
||||
|
||||
(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2)
|
||||
---
|
||||
src/core/execute.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/core/execute.c b/src/core/execute.c
|
||||
index d72e5bf08c..4ed133fb6a 100644
|
||||
--- a/src/core/execute.c
|
||||
+++ b/src/core/execute.c
|
||||
@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) {
|
||||
c->utmp_id = mfree(c->utmp_id);
|
||||
c->selinux_context = mfree(c->selinux_context);
|
||||
c->apparmor_profile = mfree(c->apparmor_profile);
|
||||
+ c->smack_process_label = mfree(c->smack_process_label);
|
||||
|
||||
c->syscall_filter = set_free(c->syscall_filter);
|
||||
c->syscall_archs = set_free(c->syscall_archs);
|
@ -1,31 +0,0 @@
|
||||
From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001
|
||||
From: WaLyong Cho <walyong.cho@samsung.com>
|
||||
Date: Thu, 13 Jul 2017 13:10:41 +0900
|
||||
Subject: [PATCH] core: dump also missed security context
|
||||
|
||||
(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857)
|
||||
---
|
||||
src/core/execute.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/src/core/execute.c b/src/core/execute.c
|
||||
index 4ed133fb6a..62faa028a1 100644
|
||||
--- a/src/core/execute.c
|
||||
+++ b/src/core/execute.c
|
||||
@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
|
||||
"%sSELinuxContext: %s%s\n",
|
||||
prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
|
||||
|
||||
+ if (c->apparmor_profile)
|
||||
+ fprintf(f,
|
||||
+ "%sAppArmorProfile: %s%s\n",
|
||||
+ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
|
||||
+
|
||||
+ if (c->smack_process_label)
|
||||
+ fprintf(f,
|
||||
+ "%sSmackProcessLabel: %s%s\n",
|
||||
+ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label);
|
||||
+
|
||||
if (c->personality != PERSONALITY_INVALID)
|
||||
fprintf(f,
|
||||
"%sPersonality: %s\n",
|
@ -1,32 +0,0 @@
|
||||
From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekletar@users.noreply.github.com>
|
||||
Date: Mon, 17 Jul 2017 10:04:37 +0200
|
||||
Subject: [PATCH] journald: make sure we retain all stream fds across restarts
|
||||
(#6348)
|
||||
|
||||
Currently we set 4096 as maximum for number of stream connections that
|
||||
we accept. However maximum number of file descriptors that systemd is
|
||||
willing to accept from us is just 1024. This means we can't retain all
|
||||
stream connections that we accepted. Hence bump the limit of fds in a
|
||||
unit file so that systemd holds open all stream fds while we are
|
||||
restarted.
|
||||
|
||||
New limit is set to 4224 (4096 + 128).
|
||||
(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795)
|
||||
---
|
||||
units/systemd-journald.service.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||
index 66b7c6a48e..1e86d63648 100644
|
||||
--- a/units/systemd-journald.service.in
|
||||
+++ b/units/systemd-journald.service.in
|
||||
@@ -21,7 +21,7 @@ Restart=always
|
||||
RestartSec=0
|
||||
StandardOutput=null
|
||||
WatchdogSec=3min
|
||||
-FileDescriptorStoreMax=1024
|
||||
+FileDescriptorStoreMax=4224
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
|
||||
MemoryDenyWriteExecute=yes
|
||||
RestrictRealtime=yes
|
@ -1,37 +0,0 @@
|
||||
From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 17 Jul 2017 15:45:44 -0400
|
||||
Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec
|
||||
|
||||
2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=,
|
||||
89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=,
|
||||
and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for
|
||||
x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx
|
||||
we write it out as JobRunningTimeoutSec=xxx. Two options:
|
||||
- write out JobRunningTimeoutSec=<a very big number>,
|
||||
- change JobRunningTimeoutSec= to behave like the other options.
|
||||
|
||||
I think it would be confusing for JobRunningTimeoutSec= to have different
|
||||
syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the
|
||||
second option.
|
||||
|
||||
Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
|
||||
|
||||
(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19)
|
||||
---
|
||||
src/core/load-fragment-gperf.gperf.m4 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
|
||||
index 5b5a86250e..7fb39cf948 100644
|
||||
--- a/src/core/load-fragment-gperf.gperf.m4
|
||||
+++ b/src/core/load-fragment-gperf.gperf.m4
|
||||
@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0,
|
||||
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
|
||||
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
|
||||
Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
|
||||
-Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout)
|
||||
+Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
|
||||
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
|
||||
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
|
||||
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)
|
@ -1,31 +0,0 @@
|
||||
From e48936b0be085f15a2e2ac88b2e50a91a66782ac Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Berrange <berrange@redhat.com>
|
||||
Date: Wed, 19 Jul 2017 10:06:07 +0100
|
||||
Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)
|
||||
|
||||
QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG"
|
||||
on x86 when running with the TCG CPU emulator:
|
||||
|
||||
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html
|
||||
|
||||
Existing methods of detecting QEMU are left unchanged for sake of
|
||||
backcompatibility.
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe)
|
||||
---
|
||||
src/basic/virt.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/basic/virt.c b/src/basic/virt.c
|
||||
index 6011744523..5143ac6656 100644
|
||||
--- a/src/basic/virt.c
|
||||
+++ b/src/basic/virt.c
|
||||
@@ -46,6 +46,7 @@ static int detect_vm_cpuid(void) {
|
||||
} cpuid_vendor_table[] = {
|
||||
{ "XenVMMXenVMM", VIRTUALIZATION_XEN },
|
||||
{ "KVMKVMKVM", VIRTUALIZATION_KVM },
|
||||
+ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
|
||||
/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
|
||||
{ "VMwareVMware", VIRTUALIZATION_VMWARE },
|
||||
/* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */
|
@ -1,28 +0,0 @@
|
||||
From 8864ff594b43a34e5a593da42336f28e2f30b9f5 Mon Sep 17 00:00:00 2001
|
||||
From: Felipe Sateler <fsateler@users.noreply.github.com>
|
||||
Date: Wed, 19 Jul 2017 20:48:23 -0400
|
||||
Subject: [PATCH] test-condition: don't assume that all non-root users are
|
||||
normal users (#6409)
|
||||
|
||||
Automated builders may run under a dedicated system user, and this test would fail that
|
||||
|
||||
Fixes #6366
|
||||
|
||||
(cherry picked from commit 708d423915c4ea48d408b5a3395c11055247b9bc)
|
||||
---
|
||||
src/test/test-condition.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
|
||||
index 121345cfd1..b15f1b98c0 100644
|
||||
--- a/src/test/test-condition.c
|
||||
+++ b/src/test/test-condition.c
|
||||
@@ -390,7 +390,7 @@ static void test_condition_test_user(void) {
|
||||
assert_se(condition);
|
||||
r = condition_test(condition);
|
||||
log_info("ConditionUser=@system → %i", r);
|
||||
- if (geteuid() == 0)
|
||||
+ if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX)
|
||||
assert_se(r > 0);
|
||||
else
|
||||
assert_se(r == 0);
|
@ -1,31 +0,0 @@
|
||||
From eca55fbc51056b2a4fa3242917b6fc2f0c02e981 Mon Sep 17 00:00:00 2001
|
||||
From: Harald Hoyer <harald@hoyer.xyz>
|
||||
Date: Thu, 20 Jul 2017 19:13:09 +0200
|
||||
Subject: [PATCH] call chase_symlinks without the /sysroot prefix (#6411)
|
||||
|
||||
In case fstab-generator is called in the initrd, chase_symlinks()
|
||||
returns with a canonical path "/sysroot/sysroot/<mountpoint>", if the
|
||||
"/sysroot" prefix is present in the path.
|
||||
|
||||
This patch skips the "/sysroot" prefix for the chase_symlinks() call,
|
||||
because "/sysroot" is already the root directory and chase_symlinks()
|
||||
prepends the root directory in the canonical path returned.
|
||||
|
||||
(cherry picked from commit 98eda38aed6a10c4f6d6ad0cac6e5361e87de52b)
|
||||
---
|
||||
src/fstab-generator/fstab-generator.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
|
||||
index 7f23b9fd74..f172e9c07b 100644
|
||||
--- a/src/fstab-generator/fstab-generator.c
|
||||
+++ b/src/fstab-generator/fstab-generator.c
|
||||
@@ -537,7 +537,7 @@ static int parse_fstab(bool initrd) {
|
||||
continue;
|
||||
}
|
||||
|
||||
- where = initrd ? strappend("/sysroot/", me->mnt_dir) : strdup(me->mnt_dir);
|
||||
+ where = strdup(me->mnt_dir);
|
||||
if (!where)
|
||||
return log_oom();
|
||||
|
@ -1,31 +0,0 @@
|
||||
From 0e50428d3699e3ad25861f458540d24038cfaa4e Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Thu, 20 Jul 2017 20:46:58 +0200
|
||||
Subject: [PATCH] nspawn: downgrade warning when we get sd_notify() message
|
||||
from unexpected process (#6416)
|
||||
|
||||
Given that we set NOTIFY_SOCKET unconditionally it's not surprising that
|
||||
processes way down the process tree think it's smart to send us a
|
||||
notification message.
|
||||
|
||||
It's still useful to keep this message, for debugging things, but it
|
||||
shouldn't be generated by default.
|
||||
|
||||
(cherry picked from commit 8cb574307963d1aeb1c53e1d1fbeee4a2be37259)
|
||||
---
|
||||
src/nspawn/nspawn.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
||||
index 8a5fedd4b0..0cbd8c3491 100644
|
||||
--- a/src/nspawn/nspawn.c
|
||||
+++ b/src/nspawn/nspawn.c
|
||||
@@ -2836,7 +2836,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
|
||||
}
|
||||
|
||||
if (!ucred || ucred->pid != inner_child_pid) {
|
||||
- log_warning("Received notify message without valid credentials. Ignoring.");
|
||||
+ log_debug("Received notify message without valid credentials. Ignoring.");
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,71 +0,0 @@
|
||||
From 29d9cfc097586ac79911a5f5035c45b1971a5b1f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 22 Jul 2017 08:39:49 -0400
|
||||
Subject: [PATCH] Revert "core: don't load dropin data multiple times for the
|
||||
same unit (#5139)"
|
||||
|
||||
This reverts commit 2d058a87ffb2d31a50422a8aebd119bbb4427244.
|
||||
|
||||
When we add another name to a unit (by following an alias), we need to
|
||||
reload all drop-ins. This is necessary to load any additional dropins
|
||||
found in the dirs created from the alias name.
|
||||
|
||||
Fixes #6334.
|
||||
|
||||
(cherry picked from commit 9e4ea9cc34fa032a47c253ddd94ac6c7afda663e)
|
||||
---
|
||||
src/core/unit.c | 23 +++++++----------------
|
||||
1 file changed, 7 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index b28eeb2262..9d913e8c64 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1098,7 +1098,6 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
|
||||
|
||||
/* Common implementation for multiple backends */
|
||||
int unit_load_fragment_and_dropin(Unit *u) {
|
||||
- Unit *t;
|
||||
int r;
|
||||
|
||||
assert(u);
|
||||
@@ -1111,18 +1110,15 @@ int unit_load_fragment_and_dropin(Unit *u) {
|
||||
if (u->load_state == UNIT_STUB)
|
||||
return -ENOENT;
|
||||
|
||||
- /* If the unit is an alias and the final unit has already been
|
||||
- * loaded, there's no point in reloading the dropins one more time. */
|
||||
- t = unit_follow_merge(u);
|
||||
- if (t != u && t->load_state != UNIT_STUB)
|
||||
- return 0;
|
||||
-
|
||||
- return unit_load_dropin(t);
|
||||
+ /* Load drop-in directory data. If u is an alias, we might be reloading the
|
||||
+ * target unit needlessly. But we cannot be sure which drops-ins have already
|
||||
+ * been loaded and which not, at least without doing complicated book-keeping,
|
||||
+ * so let's always reread all drop-ins. */
|
||||
+ return unit_load_dropin(unit_follow_merge(u));
|
||||
}
|
||||
|
||||
/* Common implementation for multiple backends */
|
||||
int unit_load_fragment_and_dropin_optional(Unit *u) {
|
||||
- Unit *t;
|
||||
int r;
|
||||
|
||||
assert(u);
|
||||
@@ -1138,13 +1134,8 @@ int unit_load_fragment_and_dropin_optional(Unit *u) {
|
||||
if (u->load_state == UNIT_STUB)
|
||||
u->load_state = UNIT_LOADED;
|
||||
|
||||
- /* If the unit is an alias and the final unit has already been
|
||||
- * loaded, there's no point in reloading the dropins one more time. */
|
||||
- t = unit_follow_merge(u);
|
||||
- if (t != u && t->load_state != UNIT_STUB)
|
||||
- return 0;
|
||||
-
|
||||
- return unit_load_dropin(t);
|
||||
+ /* Load drop-in directory data */
|
||||
+ return unit_load_dropin(unit_follow_merge(u));
|
||||
}
|
||||
|
||||
int unit_add_default_target_dependency(Unit *u, Unit *target) {
|
@ -1,73 +0,0 @@
|
||||
From f6441eaf050267c05ef8df8d5614bb598528942f Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Thu, 27 Jul 2017 20:22:54 +0900
|
||||
Subject: [PATCH] bash-completion: use the first argument instead of the global
|
||||
variable (#6457)
|
||||
|
||||
Without this fix:
|
||||
|
||||
$ systemctl start <tab>
|
||||
Display all 135 possibilities? (y or n)
|
||||
$ __get_startable_units --system | wc -l
|
||||
224
|
||||
|
||||
the number of the suggestions are quite different, as __get_startable_units --system does
|
||||
not filter already started units. With this fix,
|
||||
|
||||
$ systemctl start <tab>
|
||||
Display all 135 possibilities? (y or n)
|
||||
$ __get_startable_units --system | wc -l
|
||||
123
|
||||
$ __get_template_names --system | wc -l
|
||||
12
|
||||
|
||||
the number of the suggestions matches one the function returns.
|
||||
For consistency with the other internal functions, it should use the first argument
|
||||
instead of the global variable $mode.
|
||||
|
||||
[zj: add commit message to make it sound like we know what we're doing]
|
||||
|
||||
(cherry picked from commit 6bda23dd6aaba50cf8e3e6024248cf736cc443ca)
|
||||
---
|
||||
shell-completion/bash/systemctl.in | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in
|
||||
index 0398d09d18..bde28efc3e 100644
|
||||
--- a/shell-completion/bash/systemctl.in
|
||||
+++ b/shell-completion/bash/systemctl.in
|
||||
@@ -68,7 +68,7 @@ __filter_units_by_properties () {
|
||||
done
|
||||
for ((i=0; i < ${#units[*]}; i++)); do
|
||||
for ((j=0; j < ${#conditions[*]}; j++)); do
|
||||
- if [[ "${props[ i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
|
||||
+ if [[ "${props[i * ${#conditions[*]} + j]}" != "${conditions[j]}" ]]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -87,19 +87,19 @@ __get_active_units () { __systemctl $1 list-units \
|
||||
| { while read -r a b; do echo " $a"; done; }; }
|
||||
__get_startable_units () {
|
||||
# find startable inactive units
|
||||
- __filter_units_by_properties $mode ActiveState,CanStart inactive,yes $(
|
||||
- { __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
|
||||
+ __filter_units_by_properties $1 ActiveState,CanStart inactive,yes $(
|
||||
+ { __systemctl $1 list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient | \
|
||||
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
|
||||
- __systemctl $mode list-units --state inactive,failed | \
|
||||
+ __systemctl $1 list-units --state inactive,failed | \
|
||||
{ while read -r a b c; do [[ $b == "loaded" ]] && echo " $a"; done; }
|
||||
} | sort -u )
|
||||
}
|
||||
__get_restartable_units () {
|
||||
# filter out masked and not-found
|
||||
- __filter_units_by_property $mode CanStart yes $(
|
||||
- __systemctl $mode list-unit-files --state enabled,disabled,static | \
|
||||
+ __filter_units_by_property $1 CanStart yes $(
|
||||
+ __systemctl $1 list-unit-files --state enabled,disabled,static | \
|
||||
{ while read -r a b; do [[ $a =~ @\. ]] || echo " $a"; done; }
|
||||
- __systemctl $mode list-units | \
|
||||
+ __systemctl $1 list-units | \
|
||||
{ while read -r a b; do echo " $a"; done; } )
|
||||
}
|
||||
__get_failed_units () { __systemctl $1 list-units \
|
@ -1,49 +0,0 @@
|
||||
From ea0ff5cd4efb1d67820572fb0d7d1d8da0fc1dc1 Mon Sep 17 00:00:00 2001
|
||||
From: Harald Hoyer <harald@hoyer.xyz>
|
||||
Date: Fri, 28 Jul 2017 09:46:05 +0200
|
||||
Subject: [PATCH] boot/efi: don't hard fail on error for tpm measure (#6473)
|
||||
|
||||
Display the error for a small amount of time, but don't fail hard.
|
||||
|
||||
In case of a faulty BIOS, a TPM error should not prevent the boot.
|
||||
If something cares about the PCM measurement, it will be noticed
|
||||
anyway later on.
|
||||
|
||||
Especially important now, that TPM measurement is the default now on
|
||||
some distribution builds.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1411156
|
||||
(cherry picked from commit 522aa9f5f8755d7389131da41bd60b6276917ff2)
|
||||
---
|
||||
src/boot/efi/boot.c | 3 +--
|
||||
src/boot/efi/stub.c | 3 +--
|
||||
2 files changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
|
||||
index 1e990b3825..316e95a72b 100644
|
||||
--- a/src/boot/efi/boot.c
|
||||
+++ b/src/boot/efi/boot.c
|
||||
@@ -1657,8 +1657,7 @@ static EFI_STATUS image_start(EFI_HANDLE parent_image, const Config *config, con
|
||||
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
|
||||
if (EFI_ERROR(err)) {
|
||||
Print(L"Unable to add image options measurement: %r", err);
|
||||
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
|
||||
- return err;
|
||||
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
|
||||
index bab5d46de9..2562228090 100644
|
||||
--- a/src/boot/efi/stub.c
|
||||
+++ b/src/boot/efi/stub.c
|
||||
@@ -94,8 +94,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
|
||||
loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
|
||||
if (EFI_ERROR(err)) {
|
||||
Print(L"Unable to add image options measurement: %r", err);
|
||||
- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
|
||||
- return err;
|
||||
+ uefi_call_wrapper(BS->Stall, 1, 200 * 1000);
|
||||
}
|
||||
#endif
|
||||
}
|
@ -1,37 +0,0 @@
|
||||
From 9c27ced1fac191139a131d179a25801ce9ca3357 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 26 Jul 2017 14:11:15 -0400
|
||||
Subject: [PATCH] meson: -D remote and -D importd should be "combo" options
|
||||
|
||||
The default should be 'auto', and we allow 'true'
|
||||
and 'false' too.
|
||||
|
||||
Fixes #6445.
|
||||
|
||||
(cherry picked from commit b1519d656691e725a8b8950fc0e6cc8d25b1016a)
|
||||
---
|
||||
meson_options.txt | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 1594fec41f..b7a45d5806 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -69,7 +69,7 @@ option('timedated', type : 'boolean',
|
||||
description : 'install the systemd-timedated daemon')
|
||||
option('timesyncd', type : 'boolean',
|
||||
description : 'install the systemd-timesyncd daemon')
|
||||
-option('remote', type : 'boolean',
|
||||
+option('remote', type : 'combo', choices : ['auto', 'true', 'false'],
|
||||
description : 'support for "journal over the network"')
|
||||
option('myhostname', type : 'boolean',
|
||||
description : 'nss-myhostname support')
|
||||
@@ -87,7 +87,7 @@ option('sysusers', type : 'boolean',
|
||||
description : 'support for the sysusers configuration')
|
||||
option('tmpfiles', type : 'boolean',
|
||||
description : 'support for tmpfiles.d')
|
||||
-option('importd', type : 'boolean',
|
||||
+option('importd', type : 'combo', choices : ['auto', 'true', 'false'],
|
||||
description : 'install the systemd-importd daemon')
|
||||
option('hwdb', type : 'boolean',
|
||||
description : 'support for the hardware database')
|
@ -1,42 +0,0 @@
|
||||
From c64c6a8b259abfbff5ce202d5d5982b120cf928f Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Soutar <andrew@andrewsoutar.com>
|
||||
Date: Mon, 31 Jul 2017 02:19:16 -0400
|
||||
Subject: [PATCH] cryptsetup: fix infinite timeout (#6486)
|
||||
|
||||
0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
|
||||
logic here now matches this change.
|
||||
|
||||
Fixes #6381
|
||||
|
||||
(cherry picked from commit 0864d311766498563331f486909a0d950ba7de87)
|
||||
---
|
||||
src/cryptsetup/cryptsetup.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
||||
index 3b4c086162..08ed7e53ba 100644
|
||||
--- a/src/cryptsetup/cryptsetup.c
|
||||
+++ b/src/cryptsetup/cryptsetup.c
|
||||
@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false;
|
||||
static char **arg_tcrypt_keyfiles = NULL;
|
||||
static uint64_t arg_offset = 0;
|
||||
static uint64_t arg_skip = 0;
|
||||
-static usec_t arg_timeout = 0;
|
||||
+static usec_t arg_timeout = USEC_INFINITY;
|
||||
|
||||
/* Options Debian's crypttab knows we don't:
|
||||
|
||||
@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) {
|
||||
if (arg_discards)
|
||||
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
|
||||
|
||||
- if (arg_timeout > 0)
|
||||
- until = now(CLOCK_MONOTONIC) + arg_timeout;
|
||||
- else
|
||||
+ if (arg_timeout == USEC_INFINITY)
|
||||
until = 0;
|
||||
+ else
|
||||
+ until = now(CLOCK_MONOTONIC) + arg_timeout;
|
||||
|
||||
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
|
||||
|
@ -1,45 +0,0 @@
|
||||
From cb81159ce49380d39c80f803353784633b8f306c Mon Sep 17 00:00:00 2001
|
||||
From: "S. Fan" <sfanxiang@gmail.com>
|
||||
Date: Mon, 31 Jul 2017 05:10:10 -0500
|
||||
Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor
|
||||
(#6489)
|
||||
|
||||
Comparing udev_device_get_sysname(device) and sysname will always return
|
||||
true. We need to check the device received from udev monitor instead.
|
||||
|
||||
Also, fd_wait_for_event() sometimes never exits. Better set a timeout
|
||||
here.
|
||||
|
||||
(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f)
|
||||
---
|
||||
src/rfkill/rfkill.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
|
||||
index c0f138b4f4..470853d1d2 100644
|
||||
--- a/src/rfkill/rfkill.c
|
||||
+++ b/src/rfkill/rfkill.c
|
||||
@@ -138,17 +138,21 @@ static int wait_for_initialized(
|
||||
for (;;) {
|
||||
_cleanup_udev_device_unref_ struct udev_device *t = NULL;
|
||||
|
||||
- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
|
||||
+ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC);
|
||||
if (r == -EINTR)
|
||||
continue;
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to watch udev monitor: %m");
|
||||
+ if (r == 0) {
|
||||
+ log_error("Timed out wating for udev monitor.");
|
||||
+ return -ETIMEDOUT;
|
||||
+ }
|
||||
|
||||
t = udev_monitor_receive_device(monitor);
|
||||
if (!t)
|
||||
continue;
|
||||
|
||||
- if (streq_ptr(udev_device_get_sysname(device), sysname)) {
|
||||
+ if (streq_ptr(udev_device_get_sysname(t), sysname)) {
|
||||
*ret = udev_device_ref(t);
|
||||
return 0;
|
||||
}
|
@ -1,34 +0,0 @@
|
||||
From b56c4c19c8d0adca67eb34e1924d881e7d61b97f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Abd=C3=B3=20Roig-Maranges?= <abdo.roig@gmail.com>
|
||||
Date: Mon, 31 Jul 2017 12:32:09 +0200
|
||||
Subject: [PATCH] core: Do not fail perpetual mount units without fragment
|
||||
(#6459)
|
||||
|
||||
mount_load does not require fragment files to be present in order to
|
||||
load mount units which are perpetual, or come from /proc/self/mountinfo.
|
||||
|
||||
mount_verify should do the same, otherwise a synthesized '-.mount' would
|
||||
be marked as failed with "No such file or directory", as it is perpetual
|
||||
but not marked to come from /proc/self/mountinfo at this point.
|
||||
|
||||
This happens for the user instance, and I suspect it was the cause of #5375
|
||||
for the system instance, without gpt-generator.
|
||||
|
||||
(cherry picked from commit 1df96fcb31b3bc30c4a983de4734f61ed5a29115)
|
||||
---
|
||||
src/core/mount.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/mount.c b/src/core/mount.c
|
||||
index 214364d87d..7d9644e305 100644
|
||||
--- a/src/core/mount.c
|
||||
+++ b/src/core/mount.c
|
||||
@@ -503,7 +503,7 @@ static int mount_verify(Mount *m) {
|
||||
if (UNIT(m)->load_state != UNIT_LOADED)
|
||||
return 0;
|
||||
|
||||
- if (!m->from_fragment && !m->from_proc_self_mountinfo)
|
||||
+ if (!m->from_fragment && !m->from_proc_self_mountinfo && !UNIT(m)->perpetual)
|
||||
return -ENOENT;
|
||||
|
||||
r = unit_name_from_path(m->where, ".mount", &e);
|
@ -1,26 +0,0 @@
|
||||
From f2618d3474090751ae364ca326f3563797cce54a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 18 Sep 2017 17:09:52 +0200
|
||||
Subject: [PATCH] build-sys: bump xslt maxdepth limit
|
||||
|
||||
With libxslt-1.30, builds were failing on some recursion depth limit
|
||||
with systemd.index.xml. Bumping the limit fixes the issue.
|
||||
---
|
||||
man/meson.build | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/man/meson.build b/man/meson.build
|
||||
index 8ddbd5557c..5b6a21fb9f 100644
|
||||
--- a/man/meson.build
|
||||
+++ b/man/meson.build
|
||||
@@ -11,6 +11,7 @@ want_html = want_html != 'false' and xsltproc.found()
|
||||
xsltproc_flags = [
|
||||
'--nonet',
|
||||
'--xinclude',
|
||||
+ '--maxdepth', '9000',
|
||||
'--stringparam', 'man.output.quietly', '1',
|
||||
'--stringparam', 'funcsynopsis.style', 'ansi',
|
||||
'--stringparam', 'man.authors.section.enabled', '0',
|
||||
--
|
||||
2.13.5
|
||||
|
@ -1,44 +0,0 @@
|
||||
From 6d0fe8a5809ef5ccc8e92bdf2eea031178b87083 Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Wed, 30 Aug 2017 17:16:16 +0200
|
||||
Subject: [PATCH] device: make sure to remove all device units sharing the same
|
||||
sysfs path (#6679)
|
||||
|
||||
When a device is unplugged all device units sharing the same sysfs path
|
||||
pointing to that device are supposed to be removed.
|
||||
|
||||
However it didn't work since while iterating the device unit list containing
|
||||
all the relevant units, each unit was removed during each iteration of
|
||||
LIST_FOREACH. However LIST_FOREACH doesn't support this use case and
|
||||
LIST_FOREACH_SAFE must be use instead.
|
||||
|
||||
(cherry picked from commit cc0df6cc35339976c367977dc292278a1939db0c)
|
||||
---
|
||||
src/core/device.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/device.c b/src/core/device.c
|
||||
index 77601c552..87186f135 100644
|
||||
--- a/src/core/device.c
|
||||
+++ b/src/core/device.c
|
||||
@@ -514,7 +514,7 @@ static void device_update_found_one(Device *d, bool add, DeviceFound found, bool
|
||||
}
|
||||
|
||||
static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add, DeviceFound found, bool now) {
|
||||
- Device *d, *l;
|
||||
+ Device *d, *l, *n;
|
||||
|
||||
assert(m);
|
||||
assert(sysfs);
|
||||
@@ -523,7 +523,7 @@ static int device_update_found_by_sysfs(Manager *m, const char *sysfs, bool add,
|
||||
return 0;
|
||||
|
||||
l = hashmap_get(m->devices_by_sysfs, sysfs);
|
||||
- LIST_FOREACH(same_sysfs, d, l)
|
||||
+ LIST_FOREACH_SAFE(same_sysfs, d, n, l)
|
||||
device_update_found_one(d, add, found, now);
|
||||
|
||||
return 0;
|
||||
--
|
||||
2.13.5
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 108c060c5521309b9448e3a7905b50dd505f36a8 Mon Sep 17 00:00:00 2001
|
||||
From 67ba0816708038ad282fcb38f250a54bb781866a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 11 Mar 2016 17:06:17 -0500
|
||||
Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
|
||||
@ -18,34 +18,34 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1313085
|
||||
2 files changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
|
||||
index deb75f9ae5..914d3b8a2d 100644
|
||||
index 2eb7bfd030..75e2f7928c 100644
|
||||
--- a/src/resolve/resolved.c
|
||||
+++ b/src/resolve/resolved.c
|
||||
@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) {
|
||||
goto finish;
|
||||
}
|
||||
@@ -70,6 +70,10 @@ int main(int argc, char *argv[]) {
|
||||
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
||||
* privileges are already dropped. */
|
||||
if (getuid() == 0) {
|
||||
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
|
||||
+ if (r < 0 && errno != EEXIST)
|
||||
+ log_warning_errno(errno,
|
||||
+ "Could not create /etc/resolv.conf symlink: %m");
|
||||
|
||||
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
|
||||
+ if (r < 0 && errno != EEXIST)
|
||||
+ log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m");
|
||||
+
|
||||
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
|
||||
r = drop_privileges(uid, gid,
|
||||
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
|
||||
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
|
||||
r = drop_privileges(uid, gid,
|
||||
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
|
||||
index 064eae94f1..928105ea8d 100644
|
||||
index 35e3809f57..928105ea8d 100644
|
||||
--- a/tmpfiles.d/etc.conf.m4
|
||||
+++ b/tmpfiles.d/etc.conf.m4
|
||||
@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
|
||||
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
|
||||
t /etc/mtab - - - - security.SMACK64=_
|
||||
)m4_dnl
|
||||
-m4_ifdef(`ENABLE_RESOLVED',
|
||||
-m4_ifdef(`ENABLE_RESOLVE',
|
||||
-L! /etc/resolv.conf - - - - ../usr/lib/systemd/resolv.conf
|
||||
-)m4_dnl
|
||||
C /etc/nsswitch.conf - - - -
|
||||
m4_ifdef(`HAVE_PAM',
|
||||
C /etc/pam.d - - - -
|
||||
--
|
||||
2.9.2
|
||||
2.13.6
|
||||
|
||||
|
@ -1,280 +0,0 @@
|
||||
From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 5 Sep 2017 09:14:51 +0200
|
||||
Subject: [PATCH 1/3] units: order cryptsetup-pre.target before
|
||||
cryptsetup.target
|
||||
|
||||
Normally this happens automatically, but if it happened that both targets were
|
||||
pulled in, even though there were no cryptsetup units, they could be started
|
||||
in reverse order, which would be somewhat confusing. Add an explicit ordering
|
||||
to avoid this potential issue.
|
||||
---
|
||||
units/cryptsetup-pre.target | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
|
||||
index 65353419f..42e35dd4e 100644
|
||||
--- a/units/cryptsetup-pre.target
|
||||
+++ b/units/cryptsetup-pre.target
|
||||
@@ -9,3 +9,4 @@
|
||||
Description=Encrypted Volumes (Pre)
|
||||
Documentation=man:systemd.special(7)
|
||||
RefuseManualStart=yes
|
||||
+Before=cryptsetup.target
|
||||
--
|
||||
2.14.1
|
||||
|
||||
|
||||
From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 5 Sep 2017 10:15:13 +0200
|
||||
Subject: [PATCH 2/3] units: add remote-cryptsetup.target and
|
||||
remote-cryptsetup-pre.target
|
||||
|
||||
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
|
||||
cryptsetup devices which require network shall be ordered after
|
||||
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
|
||||
---
|
||||
man/systemd.special.xml | 23 +++++++++++++++++++++++
|
||||
units/cryptsetup-pre.target | 2 +-
|
||||
units/cryptsetup.target | 2 +-
|
||||
units/meson.build | 3 +++
|
||||
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
|
||||
units/remote-cryptsetup.target | 10 ++++++++++
|
||||
6 files changed, 53 insertions(+), 2 deletions(-)
|
||||
create mode 100644 units/remote-cryptsetup-pre.target
|
||||
create mode 100644 units/remote-cryptsetup.target
|
||||
|
||||
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
|
||||
index 66c45e39a..7107b8a92 100644
|
||||
--- a/man/systemd.special.xml
|
||||
+++ b/man/systemd.special.xml
|
||||
@@ -81,6 +81,8 @@
|
||||
<filename>poweroff.target</filename>,
|
||||
<filename>printer.target</filename>,
|
||||
<filename>reboot.target</filename>,
|
||||
+ <filename>remote-cryptsetup-pre.target</filename>,
|
||||
+ <filename>remote-cryptsetup.target</filename>,
|
||||
<filename>remote-fs-pre.target</filename>,
|
||||
<filename>remote-fs.target</filename>,
|
||||
<filename>rescue.target</filename>,
|
||||
@@ -450,6 +452,27 @@
|
||||
this target unit, for compatibility with SysV.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
|
||||
+ <listitem>
|
||||
+ <para>This target unit is automatically ordered before all cryptsetup devices
|
||||
+ marked with the <option>_netdev</option>. It can be used to execute additional
|
||||
+ units before such devices are set up.</para>
|
||||
+
|
||||
+ <para>It is ordered after <filename>network.target</filename> and
|
||||
+ <filename>network-online.target</filename>, and also pulls the latter in as a
|
||||
+ <varname>Wants=</varname> dependency.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <term><filename>remote-cryptsetup.target</filename></term>
|
||||
+ <listitem>
|
||||
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
|
||||
+ devices which are accessed over the network. It is used for
|
||||
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
+ entries marked with <option>_netdev</option>.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>remote-fs.target</filename></term>
|
||||
<listitem>
|
||||
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
|
||||
index 42e35dd4e..6cb28a61a 100644
|
||||
--- a/units/cryptsetup-pre.target
|
||||
+++ b/units/cryptsetup-pre.target
|
||||
@@ -6,7 +6,7 @@
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
-Description=Encrypted Volumes (Pre)
|
||||
+Description=Local Encrypted Volumes (Pre)
|
||||
Documentation=man:systemd.special(7)
|
||||
RefuseManualStart=yes
|
||||
Before=cryptsetup.target
|
||||
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
|
||||
index 25d3e33f6..10b17fd38 100644
|
||||
--- a/units/cryptsetup.target
|
||||
+++ b/units/cryptsetup.target
|
||||
@@ -6,5 +6,5 @@
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
-Description=Encrypted Volumes
|
||||
+Description=Local Encrypted Volumes
|
||||
Documentation=man:systemd.special(7)
|
||||
diff --git a/units/meson.build b/units/meson.build
|
||||
index e94add6a6..e6351c7a2 100644
|
||||
--- a/units/meson.build
|
||||
+++ b/units/meson.build
|
||||
@@ -47,6 +47,9 @@ units = [
|
||||
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
|
||||
['reboot.target', '',
|
||||
'runlevel6.target ctrl-alt-del.target'],
|
||||
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
|
||||
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
|
||||
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
|
||||
['remote-fs-pre.target', ''],
|
||||
['remote-fs.target', '',
|
||||
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
|
||||
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
|
||||
new file mode 100644
|
||||
index 000000000..a375e6188
|
||||
--- /dev/null
|
||||
+++ b/units/remote-cryptsetup-pre.target
|
||||
@@ -0,0 +1,15 @@
|
||||
+# This file is part of systemd.
|
||||
+#
|
||||
+# systemd is free software; you can redistribute it and/or modify it
|
||||
+# under the terms of the GNU Lesser General Public License as published by
|
||||
+# the Free Software Foundation; either version 2.1 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+
|
||||
+[Unit]
|
||||
+Description=Remote Encrypted Volumes (Pre)
|
||||
+Documentation=man:systemd.special(7)
|
||||
+RefuseManualStart=yes
|
||||
+Before=remote-cryptsetup.target
|
||||
+
|
||||
+After=network.target network-online.target
|
||||
+Wants=network-online.target
|
||||
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
|
||||
new file mode 100644
|
||||
index 000000000..60943bd1c
|
||||
--- /dev/null
|
||||
+++ b/units/remote-cryptsetup.target
|
||||
@@ -0,0 +1,10 @@
|
||||
+# This file is part of systemd.
|
||||
+#
|
||||
+# systemd is free software; you can redistribute it and/or modify it
|
||||
+# under the terms of the GNU Lesser General Public License as published by
|
||||
+# the Free Software Foundation; either version 2.1 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+
|
||||
+[Unit]
|
||||
+Description=Remote Encrypted Volumes
|
||||
+Documentation=man:systemd.special(7)
|
||||
--
|
||||
2.14.1
|
||||
|
||||
|
||||
From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 5 Sep 2017 11:30:33 +0200
|
||||
Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when
|
||||
_netdev is present
|
||||
|
||||
This allows such devices to depend on the network. Their startup will
|
||||
be delayed similarly to network mount units.
|
||||
|
||||
Fixes #4642.
|
||||
---
|
||||
man/crypttab.xml | 13 +++++++++++++
|
||||
src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++-----------------
|
||||
2 files changed, 32 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/man/crypttab.xml b/man/crypttab.xml
|
||||
index 17976f370..162377ebc 100644
|
||||
--- a/man/crypttab.xml
|
||||
+++ b/man/crypttab.xml
|
||||
@@ -213,6 +213,19 @@
|
||||
<option>size=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><option>_netdev</option></term>
|
||||
+
|
||||
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
|
||||
+ started after the network is available, similarly to
|
||||
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
+ units marked with <option>_netdev</option>. The service unit to set up this device
|
||||
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
|
||||
+ <filename>remote-cryptsetup.target</filename>, instead of
|
||||
+ <filename>cryptsetup-pre.target</filename> and
|
||||
+ <filename>cryptsetup.target</filename>.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><option>noauto</option></term>
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index b58b6db7c..8571ab06e 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -61,7 +61,7 @@ static int create_disk(
|
||||
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
|
||||
*filtered = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
- bool noauto, nofail, tmp, swap;
|
||||
+ bool noauto, nofail, tmp, swap, netdev;
|
||||
char *from;
|
||||
int r;
|
||||
|
||||
@@ -72,6 +72,7 @@ static int create_disk(
|
||||
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
|
||||
tmp = fstab_test_option(options, "tmp\0");
|
||||
swap = fstab_test_option(options, "swap\0");
|
||||
+ netdev = fstab_test_option(options, "_netdev\0");
|
||||
|
||||
if (tmp && swap) {
|
||||
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
|
||||
@@ -102,21 +103,22 @@ static int create_disk(
|
||||
if (!f)
|
||||
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
|
||||
|
||||
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
|
||||
- "[Unit]\n"
|
||||
- "Description=Cryptography Setup for %I\n"
|
||||
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
||||
- "SourcePath=/etc/crypttab\n"
|
||||
- "DefaultDependencies=no\n"
|
||||
- "Conflicts=umount.target\n"
|
||||
- "BindsTo=dev-mapper-%i.device\n"
|
||||
- "IgnoreOnIsolate=true\n"
|
||||
- "After=cryptsetup-pre.target\n",
|
||||
- f);
|
||||
+ fprintf(f,
|
||||
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
|
||||
+ "[Unit]\n"
|
||||
+ "Description=Cryptography Setup for %%I\n"
|
||||
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
||||
+ "SourcePath=/etc/crypttab\n"
|
||||
+ "DefaultDependencies=no\n"
|
||||
+ "Conflicts=umount.target\n"
|
||||
+ "IgnoreOnIsolate=true\n"
|
||||
+ "After=%s\n",
|
||||
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
|
||||
|
||||
if (!nofail)
|
||||
fprintf(f,
|
||||
- "Before=cryptsetup.target\n");
|
||||
+ "Before=%s\n",
|
||||
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
|
||||
|
||||
if (password) {
|
||||
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
|
||||
@@ -200,10 +202,10 @@ static int create_disk(
|
||||
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
||||
|
||||
free(to);
|
||||
- if (!nofail)
|
||||
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
|
||||
- else
|
||||
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
|
||||
+ to = strjoin(arg_dest,
|
||||
+ netdev ? "/remote-cryptsetup" : "/cryptsetup",
|
||||
+ ".target.",
|
||||
+ nofail ? "wants/" : "requires/", n);
|
||||
if (!to)
|
||||
return log_oom();
|
||||
|
||||
--
|
||||
2.14.1
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (systemd-234.tar.gz) = 762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68
|
||||
SHA512 (systemd-235.tar.gz) = 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993
|
||||
|
36
systemd.spec
36
systemd.spec
@ -12,8 +12,8 @@
|
||||
|
||||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 234
|
||||
Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Version: 235
|
||||
Release: 1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
@ -46,33 +46,9 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|
|
||||
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
|
||||
%endif
|
||||
|
||||
Patch0001: 0001-escape-Fix-help-description-6352.patch
|
||||
Patch0002: 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch
|
||||
Patch0003: 0003-add-version-argument-to-help-function-6377.patch
|
||||
Patch0004: 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch
|
||||
Patch0005: 0005-seccomp-arm64-does-not-have-mmap2.patch
|
||||
Patch0006: 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch
|
||||
Patch0007: 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch
|
||||
Patch0008: 0008-core-modify-resource-leak-by-SmackProcessLabel.patch
|
||||
Patch0009: 0009-core-dump-also-missed-security-context.patch
|
||||
Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch
|
||||
Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch
|
||||
Patch0012: 0012-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
|
||||
Patch0013: 0013-test-condition-don-t-assume-that-all-non-root-users-.patch
|
||||
Patch0014: 0014-call-chase_symlinks-without-the-sysroot-prefix-6411.patch
|
||||
Patch0015: 0015-nspawn-downgrade-warning-when-we-get-sd_notify-messa.patch
|
||||
Patch0016: 0016-Revert-core-don-t-load-dropin-data-multiple-times-fo.patch
|
||||
Patch0017: 0017-bash-completion-use-the-first-argument-instead-of-th.patch
|
||||
Patch0018: 0018-boot-efi-don-t-hard-fail-on-error-for-tpm-measure-64.patch
|
||||
Patch0019: 0019-meson-D-remote-and-D-importd-should-be-combo-options.patch
|
||||
Patch0020: 0020-cryptsetup-fix-infinite-timeout-6486.patch
|
||||
Patch0021: 0021-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
|
||||
Patch0022: 0022-core-Do-not-fail-perpetual-mount-units-without-fragm.patch
|
||||
Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch
|
||||
Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch
|
||||
Patch0001: 0001-po-update-Polish-translation-7015.patch
|
||||
|
||||
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
Patch0999: 0999-netdev-crypttab.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
@ -667,6 +643,8 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
|
||||
%dir %{_prefix}/lib/binfmt.d
|
||||
%dir %{_prefix}/lib/environment.d
|
||||
%{_prefix}/lib/environment.d/99-environment.conf
|
||||
%dir %{_prefix}/lib/modprobe.d
|
||||
%{_prefix}/lib/modprobe.d/systemd.conf
|
||||
%dir %{_prefix}/lib/kernel
|
||||
%dir %{_datadir}/systemd
|
||||
%dir %{_datadir}/dbus-1/system.d
|
||||
@ -1040,7 +1018,6 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
|
||||
%{pkgdir}/systemd-journal-gatewayd
|
||||
%{pkgdir}/systemd-journal-remote
|
||||
%{pkgdir}/systemd-journal-upload
|
||||
%{_prefix}/lib/tmpfiles.d/systemd-remote.conf
|
||||
%{_prefix}/lib/sysusers.d/systemd-remote.conf
|
||||
%dir %attr(0755,systemd-journal-upload,systemd-journal-upload) %{_localstatedir}/lib/systemd/journal-upload
|
||||
%{_datadir}/systemd/gatewayd
|
||||
@ -1053,6 +1030,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
|
||||
%{pkgdir}/tests
|
||||
|
||||
%changelog
|
||||
* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
|
||||
- Update to latest version
|
||||
|
||||
* Tue Sep 26 2017 Nathaniel McCallum <npmccallum@redhat.com> - 234-8
|
||||
- Backport /etc/crypttab _netdev feature from upstream
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user