rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

systemd-256-15

Browse Source 
Resolves: RHEL-56144,RHEL-57603,RHEL-59871
This commit is contained in:
Jan Macku 2024-10-15 14:39:24 +02:00
parent a591ab1d82
commit 4203851b1e
8 changed files with 481 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
0091-ci-rename-beta-branch-to-match-dist-git-name.patch Normal file
View File

@ -0,0 +1,25 @@
From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 5 Sep 2024 12:36:01 +0200
Subject: [PATCH] ci: rename beta branch to match dist-git name
rhel-only: ci
Related: RHEL-57603
---
.github/tracker-validator.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
index 2e858606ff..1226b8a92a 100644
--- a/.github/tracker-validator.yml
+++ b/.github/tracker-validator.yml
@@ -6,7 +6,7 @@ labels:
products:
- Red Hat Enterprise Linux 10
- CentOS Stream 10
- - rhel-10.0.beta
+ - rhel-10.0-beta
- rhel-10.0
- rhel-10.0.z
- rhel-10.1

41
0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch Normal file
View File

@ -0,0 +1,41 @@
From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001
From: Chengen Du <chengen.du@canonical.com>
Date: Mon, 12 Aug 2024 11:41:52 +0800
Subject: [PATCH] udev: Handle PTP device symlink properly on udev action
'change'
PTP device symlink creation rules are currently executed only when the
udev action is 'add'. If a user reloads the rules and runs the udevadm
trigger command to reapply changes, the symlink may be deleted, which
can prevent the chronyd service from restarting properly.
Signed-off-by: Chengen Du <chengen.du@canonical.com>
(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
Resolves: RHEL-59871
---
rules.d/50-udev-default.rules.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index 9b00c7037e..6f80feeecf 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
+
ACTION!="add", GOTO="default_end"
SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
KERNEL=="udmabuf", GROUP="kvm"
-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
-
LABEL="default_end"

121
0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch Normal file
View File

@ -0,0 +1,121 @@
From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 30 Jul 2024 10:51:21 +0100
Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd)
Related: RHEL-56144
---
src/basic/confidential-virt.c | 11 ++++++++---
src/boot/efi/vmm.c | 9 ++++++---
src/fundamental/confidential-virt-fundamental.h | 1 +
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
index b6521cf5bf..8a88a3eb83 100644
--- a/src/basic/confidential-virt.c
+++ b/src/basic/confidential-virt.c
@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) {
return ret;
}
-static bool detect_hyperv_sev(void) {
+static bool detect_hyperv_cvm(uint32_t isoltype) {
uint32_t eax, ebx, ecx, edx, feat;
char sig[13] = {};
@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) {
ebx = ecx = edx = 0;
cpuid(&eax, &ebx, &ecx, &edx);
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
return true;
}
@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) {
if (!(eax & EAX_SEV)) {
log_debug("No sev in CPUID, trying hyperv CPUID");
- if (detect_hyperv_sev())
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP))
return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP;
log_debug("No hyperv CPUID");
@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) {
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
return CONFIDENTIAL_VIRTUALIZATION_TDX;
+ log_debug("No tdx in CPUID, trying hyperv CPUID");
+
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
+ return CONFIDENTIAL_VIRTUALIZATION_TDX;
+
return CONFIDENTIAL_VIRTUALIZATION_NONE;
}
diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c
index 60e216d54c..3459461390 100644
--- a/src/boot/efi/vmm.c
+++ b/src/boot/efi/vmm.c
@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) {
return val;
}
-static bool detect_hyperv_sev(void) {
+static bool detect_hyperv_cvm(uint32_t isoltype) {
uint32_t eax, ebx, ecx, edx, feat;
char sig[13] = {};
@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) {
if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) {
__cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx);
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
return true;
}
@@ -379,7 +379,7 @@ static bool detect_sev(void) {
* specific CPUID checks.
*/
if (!(eax & EAX_SEV))
- return detect_hyperv_sev();
+ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP);
msrval = msr(MSR_AMD64_SEV);
@@ -403,6 +403,9 @@ static bool detect_tdx(void) {
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
return true;
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
+ return true;
+
return false;
}
#endif /* ! __i386__ && ! __x86_64__ */
diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h
index 986923e1c2..618b5800ea 100644
--- a/src/fundamental/confidential-virt-fundamental.h
+++ b/src/fundamental/confidential-virt-fundamental.h
@@ -65,6 +65,7 @@
#define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf)
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
#define EAX_SEV (UINT32_C(1) << 1)
#define MSR_SEV (UINT64_C(1) << 0)

76
0094-confidential-virt-split-caching-of-CVM-detection-int.patch Normal file
View File

@ -0,0 +1,76 @@
From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 Aug 2024 16:26:00 +0100
Subject: [PATCH] confidential-virt: split caching of CVM detection into
separate method
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We have different impls of detect_confidential_virtualization per
architecture. The detection is cached in the x86_64 impl, and as we
add support for more targets, we want to use caching for all. It thus
makes sense to split caching out into an architecture independent
method.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
Related: RHEL-56144
---
src/basic/confidential-virt.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
index 8a88a3eb83..0e05ecffbf 100644
--- a/src/basic/confidential-virt.c
+++ b/src/basic/confidential-virt.c
@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) {
return is_hv;
}
-ConfidentialVirtualization detect_confidential_virtualization(void) {
- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
char sig[13] = {};
- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE;
-
- if (cached_found >= 0)
- return cached_found;
/* Skip everything on bare metal */
if (detect_hypervisor()) {
cpuid_leaf(0, sig, true);
if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
- cv = detect_sev();
+ return detect_sev();
else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0)
- cv = detect_tdx();
+ return detect_tdx();
}
- cached_found = cv;
- return cv;
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
}
#else /* ! x86_64 */
-ConfidentialVirtualization detect_confidential_virtualization(void) {
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
log_debug("No confidential virtualization detection on this architecture");
return CONFIDENTIAL_VIRTUALIZATION_NONE;
}
#endif /* ! x86_64 */
+ConfidentialVirtualization detect_confidential_virtualization(void) {
+ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
+
+ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID)
+ cached_found = detect_confidential_virtualization_impl();
+
+ return cached_found;
+}
+
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
[CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
[CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",

90
0095-confidential-virt-add-detection-for-s390x-target.patch Normal file
View File

@ -0,0 +1,90 @@
From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 Aug 2024 11:03:10 +0100
Subject: [PATCH] confidential-virt: add detection for s390x target
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.
This can be detected through a simple sysfs attribute.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
Resolves: RHEL-56144
---
src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
src/basic/confidential-virt.h | 1 +
2 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
index 0e05ecffbf..c246636c7c 100644
--- a/src/basic/confidential-virt.c
+++ b/src/basic/confidential-virt.c
@@ -11,6 +11,7 @@
#include "confidential-virt-fundamental.h"
#include "confidential-virt.h"
#include "fd-util.h"
+#include "fileio.h"
#include "missing_threads.h"
#include "string-table.h"
#include "utf8.h"
@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
return CONFIDENTIAL_VIRTUALIZATION_NONE;
}
+#elif defined(__s390x__)
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
+ _cleanup_free_ char *s = NULL;
+ size_t readsize;
+ int r;
+
+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
+ if (r < 0) {
+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
+ }
+
+ if (readsize >= 1 && s[0] == '1')
+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
+
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
+}
+
#else /* ! x86_64 */
static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
log_debug("No confidential virtualization detection on this architecture");
@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
}
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
};
DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
index c02f3b2321..f92e3e883d 100644
--- a/src/basic/confidential-virt.h
+++ b/src/basic/confidential-virt.h
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
CONFIDENTIAL_VIRTUALIZATION_TDX,
+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
_CONFIDENTIAL_VIRTUALIZATION_MAX,
_CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,

37
0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch Normal file
View File

@ -0,0 +1,37 @@
From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 Aug 2024 13:07:13 +0100
Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes
commit 9b0688f491674b53ef7a52bdf561a430c53673d6
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue Jan 9 10:52:49 2024 +0900
virt: add Google Compute Engine support
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e)
Related: RHEL-56144
---
man/systemd-detect-virt.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 2239294145..6b49e3a519 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -62,7 +62,7 @@
</thead>
<tbody>
<row>
- <entry valign="top" morerows="16">VM</entry>
+ <entry valign="top" morerows="17">VM</entry>
<entry><varname>qemu</varname></entry>
<entry>QEMU software virtualization, without KVM</entry>
</row>

74
0097-man-systemd-detect-virt-list-known-CVM-technologies.patch Normal file
View File

@ -0,0 +1,74 @@
From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 Aug 2024 13:17:56 +0100
Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add a section which lists the known confidential virtual machine
technologies.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
Related: RHEL-56144
---
man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 6b49e3a519..a4fcdfbc9d 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -217,6 +217,50 @@
WSL is categorized as a container for practical purposes.
Multiple WSL environments share the same kernel and services
should generally behave like when being run in a container.</para>
+
+ <para>When executed with <option>--cvm</option>, instead of
+ printing the virtualization technology, it will display the
+ confidential virtual machine technology, if any. The
+ following technologies are currently identified:</para>
+
+ <table>
+ <title>Known confidential virtualization technologies</title>
+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+ <colspec colname="id" />
+ <colspec colname="product" />
+ <thead>
+ <row>
+ <entry>Arch</entry>
+ <entry>ID</entry>
+ <entry>Technology</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry valign="top" morerows="3">x86_64</entry>
+ <entry><varname>sev</varname></entry>
+ <entry>AMD Secure Encrypted Virtualization</entry>
+ </row>
+ <row>
+ <entry><varname>sev-es</varname></entry>
+ <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
+ </row>
+ <row>
+ <entry><varname>sev-snp</varname></entry>
+ <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
+ </row>
+ <row>
+ <entry><varname>tdx</varname></entry>
+ <entry>Intel Trust Domain Extensions</entry>
+ </row>
+ <row>
+ <entry>s390x</entry>
+ <entry><varname>protvirt</varname></entry>
+ <entry>IBM Protected Virtualization (Secure Execution)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</refsect1>
<refsect1>

18
systemd.spec
View File

@ -48,7 +48,7 @@ Url: https://systemd.io
# Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros.
Version: %{?version_override}%{!?version_override:256}
Release: 14%{?dist}
Release: 15%{?dist}
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@ -196,6 +196,13 @@ Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
Patch0089: 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
Patch0090: 0090-ukify-Skip-test-on-architectures-without-UEFI.patch
Patch0091: 0091-ci-rename-beta-branch-to-match-dist-git-name.patch
Patch0092: 0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
Patch0093: 0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
Patch0094: 0094-confidential-virt-split-caching-of-CVM-detection-int.patch
Patch0095: 0095-confidential-virt-add-detection-for-s390x-target.patch
Patch0096: 0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch
Patch0097: 0097-man-systemd-detect-virt-list-known-CVM-technologies.patch
# Downstream-only patches (90009999)
@ -1125,6 +1132,15 @@ rm -f .file-list-*
rm -f %{name}.lang
%changelog
* Tue Oct 15 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-15
- ci: rename beta branch to match dist-git name (RHEL-57603)
- udev: Handle PTP device symlink properly on udev action 'change' (RHEL-59871)
- Fix detection of TDX confidential VM on Azure platform (RHEL-56144)
- confidential-virt: split caching of CVM detection into separate method (RHEL-56144)
- confidential-virt: add detection for s390x target (RHEL-56144)
- man/systemd-detect-virt: fix row spanning for VM header (RHEL-56144)
- man/systemd-detect-virt: list known CVM technologies (RHEL-56144)
* Fri Aug 30 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-14
- Revert "cgroup-util: Don't try to open pidfd for kernel threads" (RHEL-52634)
- ukify: Skip test on architectures without UEFI (RHEL-52634)