import systemd-239-72.el8

This commit is contained in:
CentOS Sources 2023-02-18 06:12:52 +00:00 committed by Stepan Oksanichenko
parent 68fc178a57
commit 48b003cd3a
12 changed files with 738 additions and 1 deletions

View File

@ -0,0 +1,70 @@
From a55bdb007ca24900a704f72359305b04125d9e05 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Apr 2022 10:13:43 +0200
Subject: [PATCH] logind: remember our idle state and use it to detect idle
level transitions
Fixes #16391
(cherry picked from commit 4e2cfb778b9ed7f22ee98f48f28cf8678d25ad32)
Resolved: #1866955
---
src/login/logind.c | 23 +++++++++++++++++++----
src/login/logind.h | 1 +
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/login/logind.c b/src/login/logind.c
index 6b576dad0d..bb1d3f3523 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -1027,18 +1027,33 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us
n = now(CLOCK_MONOTONIC);
r = manager_get_idle_hint(m, &since);
- if (r <= 0)
+ if (r <= 0) {
/* Not idle. Let's check if after a timeout it might be idle then. */
elapse = n + m->idle_action_usec;
- else {
+ m->was_idle = false;
+ } else {
+
/* Idle! Let's see if it's time to do something, or if
* we shall sleep for longer. */
if (n >= since.monotonic + m->idle_action_usec &&
(m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) {
- log_info("System idle. Taking action.");
+ bool is_edge = false;
+
+ /* We weren't idle previously or some activity happened while we were sleeping, and now we are
+ * idle. Let's remember that for the next time and make this an edge transition. */
+ if (!m->was_idle || since.monotonic >= m->idle_action_not_before_usec) {
+ is_edge = true;
+ m->was_idle = true;
+ }
+
+ if (m->idle_action == HANDLE_LOCK && !is_edge)
+ /* We are idle and we were before so we are actually not taking any action. */
+ log_debug("System idle.");
+ else
+ log_info("System idle. Doing %s operation.", handle_action_to_string(m->idle_action));
- manager_handle_action(m, 0, m->idle_action, false, false);
+ manager_handle_action(m, 0, m->idle_action, false, is_edge);
m->idle_action_not_before_usec = n;
}
diff --git a/src/login/logind.h b/src/login/logind.h
index 606adf4fe6..b9b4a5113f 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -101,6 +101,7 @@ struct Manager {
usec_t idle_action_usec;
usec_t idle_action_not_before_usec;
HandleAction idle_action;
+ bool was_idle;
usec_t stop_idle_session_usec;

View File

@ -0,0 +1,103 @@
From 1925845dc10330e4b48fec68333fac6ef2b7bf5c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Jun 2022 08:56:08 +0900
Subject: [PATCH] test: import logind test from debian/ubuntu test suite
[dtardon: Picked just the scaffolding, not the tests themselves.]
(cherry picked from commit 9c94ab0f6ff22da4278a6e9a93ddc480607c55ac)
Related: #1866955
---
test/TEST-35-LOGIN/Makefile | 1 +
test/TEST-35-LOGIN/test.sh | 55 +++++++++++++++++++++++++++++++++
test/TEST-35-LOGIN/testsuite.sh | 9 ++++++
3 files changed, 65 insertions(+)
create mode 120000 test/TEST-35-LOGIN/Makefile
create mode 100755 test/TEST-35-LOGIN/test.sh
create mode 100755 test/TEST-35-LOGIN/testsuite.sh
diff --git a/test/TEST-35-LOGIN/Makefile b/test/TEST-35-LOGIN/Makefile
new file mode 120000
index 0000000000..e9f93b1104
--- /dev/null
+++ b/test/TEST-35-LOGIN/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
new file mode 100755
index 0000000000..32410c8149
--- /dev/null
+++ b/test/TEST-35-LOGIN/test.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+TEST_DESCRIPTION="LOGIN"
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+test_setup() {
+ create_empty_image
+ mkdir -p "$TESTDIR"/root
+ mount "${LOOPDEV}p1" "$TESTDIR"/root
+
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
+
+ setup_basic_environment
+
+ inst_binary pkill
+ inst_binary useradd
+ inst_binary userdel
+
+ # mask some services that we do not want to run in these tests
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.socket
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-resolved.service
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-machined.service
+
+ # setup the testsuite service
+ cat >"$initdir"/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+
+[Service]
+ExecStart=/bin/bash -x /testsuite.sh
+Type=oneshot
+StandardOutput=tty
+StandardError=tty
+NotifyAccess=all
+EOF
+ cp testsuite.sh "$initdir"/
+
+ setup_testsuite
+ ) || return 1
+ setup_nspawn_root
+
+ ddebug "umount $TESTDIR/root"
+ umount "$TESTDIR"/root
+}
+
+do_test "$@"
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
new file mode 100755
index 0000000000..9855b4bc80
--- /dev/null
+++ b/test/TEST-35-LOGIN/testsuite.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+: >/failed
+
+touch /testok
+rm /failed

View File

@ -0,0 +1,37 @@
From 21c281585983fe2efc2b74d712d98ff7e6c013b1 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 14 Jun 2022 09:11:00 +0900
Subject: [PATCH] test: introduce inst_recursive() helper function
(cherry picked from commit da0465dc95388afc15598357452afef85035c639)
Related: #1866955
---
test/test-functions | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 19363be858..9606a1b085 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1224,6 +1224,20 @@ inst_any() {
return 1
}
+inst_recursive() {
+ local p item
+
+ for p in "$@"; do
+ while read -r item; do
+ if [[ -d "$item" ]]; then
+ inst_dir "$item"
+ elif [[ -f "$item" ]]; then
+ inst_simple "$item"
+ fi
+ done < <(find "$p" 2>/dev/null)
+ done
+}
+
# dracut_install [-o ] <file> [<file> ... ]
# Install <file> to the initramfs image
# -o optionally install the <file> and don't fail, if it is not there

View File

@ -0,0 +1,148 @@
From 638c2418e705410344e07e77f944530df0f4608f Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 1 Jul 2022 12:59:57 +0200
Subject: [PATCH] tests: verify that Lock D-Bus signal is sent when
IdleAction=lock
(cherry picked from commit 181656fc0faa885d69bc34822b8e9b5de3fdf6bf)
Related: #1866955
---
test/TEST-35-LOGIN/test.sh | 11 +++-
test/TEST-35-LOGIN/testsuite.sh | 93 +++++++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 1 deletion(-)
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
index 32410c8149..f83afcff49 100755
--- a/test/TEST-35-LOGIN/test.sh
+++ b/test/TEST-35-LOGIN/test.sh
@@ -14,14 +14,23 @@ test_setup() {
(
LOG_LEVEL=5
- eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
+ eval "$(udevadm info --export --query=env --name="${LOOPDEV}p2")"
setup_basic_environment
+ inst_binary awk
inst_binary pkill
inst_binary useradd
inst_binary userdel
+ if command -v expect >/dev/null && command -v tclsh >/dev/null ; then
+ # shellcheck disable=SC2016
+ version="$(tclsh <<< 'puts $tcl_version')"
+
+ dracut_install expect
+ inst_recursive /usr/lib64/tcl"$version" /usr/share/tcl"$version"
+ fi
+
# mask some services that we do not want to run in these tests
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
index 9855b4bc80..e4d72beb74 100755
--- a/test/TEST-35-LOGIN/testsuite.sh
+++ b/test/TEST-35-LOGIN/testsuite.sh
@@ -3,7 +3,100 @@
set -eux
set -o pipefail
+setup_idle_action_lock() {
+ useradd testuser ||:
+
+ mkdir -p /run/systemd/logind.conf.d/
+ cat >/run/systemd/logind.conf.d/idle-action-lock.conf <<EOF
+[Login]
+IdleAction=lock
+IdleActionSec=1s
+EOF
+
+ mkdir -p /run/systemd/systemd-logind.service.d/
+ cat >/run/systemd/systemd-logind.service.d/debug.conf <<EOF
+[Service]
+Environment=SYSTEMD_LOG_LEVEL=debug
+EOF
+
+ systemctl restart systemd-logind.service
+}
+
+teardown_idle_action_lock() {(
+ set +ex
+ rm -f /run/systemd/logind.conf.d/idle-action-lock.conf
+ rm -f /run/systemd/systemd-logind.service.d/debug.conf
+ pkill -9 -u "$(id -u testuser)"
+ userdel -r testuser
+ systemctl restart systemd-logind.service
+)}
+
+test_lock_idle_action() {
+ if ! command -v expect >/dev/null ; then
+ echo >&2 "expect not installed, skiping test ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ setup_idle_action_lock
+ trap teardown_idle_action_lock RETURN
+
+ if loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -q testuser ; then
+ echo >&2 "Session of the \'testuser\' is already present."
+ return 1
+ fi
+
+ # IdleActionSec is set 1s but the accuracy of associated timer is 30s so we
+ # need to sleep in worst case for 31s to make sure timer elapsed. We sleep
+ # here for 35s to accomodate for any possible scheudling delays.
+ cat > /tmp/test.exp <<EOF
+spawn systemd-run -G -t -p PAMName=login -p User=testuser bash
+send "sleep 35\r"
+send "echo foobar\r"
+send "sleep 35\r"
+send "exit\r"
+interact
+wait
+EOF
+
+ ts="$(date '+%H:%M:%S')"
+ busctl --match "type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.login1.Session',member='Lock'" monitor > dbus.log &
+
+ expect /tmp/test.exp &
+
+ # Sleep a bit to give expect time to spawn systemd-run before we check for
+ # the presence of resulting session.
+ sleep 2
+ if [ "$(loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -c testuser)" != 1 ] ; then
+ echo >&2 "\'testuser\' is expected to have exactly one session running."
+ return 1
+ fi
+
+ wait %2
+ sleep 20
+ kill %1
+
+ # We slept for 35s , in that interval all sessions should have become idle
+ # and "Lock" signal should have been sent out. Then we wrote to tty to make
+ # session active again and next we slept for another 35s so sessions have
+ # become idle again. 'Lock' signal is sent out for each session, we have at
+ # least one session, so minimum of 2 "Lock" signals must have been sent.
+ if [ "$(grep -c Member=Lock dbus.log)" -lt 2 ]; then
+ echo >&2 "Too few 'Lock' D-Bus signal sent, expected at least 2."
+ return 1
+ fi
+
+ journalctl -b -u systemd-logind.service --since="$ts" > logind.log
+ if [ "$(grep -c 'System idle. Doing lock operation.' logind.log)" -lt 2 ]; then
+ echo >&2 "System haven't entered idle state at least 2 times."
+ return 1
+ fi
+
+ rm -f dbus.log logind.log
+}
+
: >/failed
+test_lock_idle_action
+
touch /testok
rm /failed

View File

@ -0,0 +1,86 @@
From 797b00e6a6f33d2b74beba02f678bf4d12e2146b Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 14 Dec 2021 17:27:05 +0100
Subject: [PATCH] systemctl: simplify halt_main()
The code at this point is not able to tell whether it was called as
halt/poweroff/reboot or shutdown with time "now".
The code also takes a shortcut to skip logind if called as root.
That however means asking shutdown for immediate action won't trigger a
wall message.
As per https://github.com/systemd/systemd/issues/8424#issuecomment-374677315
all commands should trigger a wall message.
That simplifies the code as we can try logind first always.
(cherry picked from commit adefc8789b63225662e50ceaa282f9553b5c64eb)
Resolves: #2053273
---
src/systemctl/systemctl.c | 44 ++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 26 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index b967550b97..4bedb52f2a 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8658,34 +8658,23 @@ static int logind_schedule_shutdown(void) {
static int halt_main(void) {
int r;
- r = logind_check_inhibitors(arg_action);
- if (r < 0)
- return r;
-
+ /* always try logind first */
if (arg_when > 0)
- return logind_schedule_shutdown();
-
- if (geteuid() != 0) {
- if (arg_dry_run || arg_force > 0) {
- (void) must_be_root();
- return -EPERM;
- }
+ r = logind_schedule_shutdown();
+ else {
+ r = logind_check_inhibitors(arg_action);
+ if (r < 0)
+ return r;
- /* Try logind if we are a normal user and no special
- * mode applies. Maybe PolicyKit allows us to shutdown
- * the machine. */
- if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
- r = logind_reboot(arg_action);
- if (r >= 0)
- return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* requested operation is not
- * supported on the local system or
- * already in progress */
- return r;
- /* on all other errors, try low-level operation */
- }
+ r = logind_reboot(arg_action);
}
+ if (r >= 0)
+ return r;
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation is not supported on the local system or already in
+ * progress */
+ return r;
+ /* on all other errors, try low-level operation */
/* In order to minimize the difference between operation with and
* without logind, we explicitly enable non-blocking mode for this,
@@ -8695,7 +8684,10 @@ static int halt_main(void) {
if (!arg_dry_run && !arg_force)
return start_with_fallback();
- assert(geteuid() == 0);
+ if (geteuid() != 0) {
+ (void) must_be_root();
+ return -EPERM;
+ }
if (!arg_no_wtmp) {
if (sd_booted() > 0)

View File

@ -0,0 +1,51 @@
From 1d63577410cde215c04921d62f435259a6b258d7 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Mon, 20 Dec 2021 18:05:50 +0100
Subject: [PATCH] systemctl: shutdown don't fallback on auth fail
For shutdowns don't fall back to starting the target directly if talking
to logind failed with auth failure. That would just lead to another
polkit auth attempt.
(cherry picked from commit 38d55bf2641f345445cb4e6a5e5e808555591db2)
Related: #2053273
---
src/systemctl/systemctl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 4bedb52f2a..199f736f7f 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -3675,8 +3675,8 @@ static int start_special(int argc, char *argv[], void *userdata) {
r = logind_reboot(a);
if (r >= 0)
return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* requested operation is not supported or already in progress */
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation requires auth, is not supported or already in progress */
return r;
/* On all other errors, try low-level operation. In order to minimize the difference between
@@ -8644,7 +8644,7 @@ static int logind_schedule_shutdown(void) {
action,
arg_when);
if (r < 0)
- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
+ return log_warning_errno(r, "Failed to schedule shutdown: %s", bus_error_message(&error, r));
if (!arg_quiet)
log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when));
@@ -8670,8 +8670,8 @@ static int halt_main(void) {
}
if (r >= 0)
return r;
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
- /* Requested operation is not supported on the local system or already in
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
+ /* Requested operation requires auth, is not supported on the local system or already in
* progress */
return r;
/* on all other errors, try low-level operation */

View File

@ -0,0 +1,82 @@
From d36295d7c1b110d150b7af6e3354c28af4c4884d Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 30 Jan 2023 14:27:24 +0100
Subject: [PATCH] systemctl: reintroduce the original halt_main()
RHEL-only
Related: #2053273
---
src/systemctl/systemctl.c | 59 +++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 199f736f7f..a26e4a913a 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8655,6 +8655,65 @@ static int logind_schedule_shutdown(void) {
#endif
}
+static int halt_main_old(void) {
+ int r;
+
+ r = logind_check_inhibitors(arg_action);
+ if (r < 0)
+ return r;
+
+ if (arg_when > 0)
+ return logind_schedule_shutdown();
+
+ if (geteuid() != 0) {
+ if (arg_dry_run || arg_force > 0) {
+ (void) must_be_root();
+ return -EPERM;
+ }
+
+ /* Try logind if we are a normal user and no special
+ * mode applies. Maybe PolicyKit allows us to shutdown
+ * the machine. */
+ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
+ r = logind_reboot(arg_action);
+ if (r >= 0)
+ return r;
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
+ /* requested operation is not
+ * supported on the local system or
+ * already in progress */
+ return r;
+ /* on all other errors, try low-level operation */
+ }
+ }
+
+ /* In order to minimize the difference between operation with and
+ * without logind, we explicitly enable non-blocking mode for this,
+ * as logind's shutdown operations are always non-blocking. */
+ arg_no_block = true;
+
+ if (!arg_dry_run && !arg_force)
+ return start_with_fallback();
+
+ assert(geteuid() == 0);
+
+ if (!arg_no_wtmp) {
+ if (sd_booted() > 0)
+ log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");
+ else {
+ r = utmp_put_shutdown();
+ if (r < 0)
+ log_warning_errno(r, "Failed to write utmp record: %m");
+ }
+ }
+
+ if (arg_dry_run)
+ return 0;
+
+ r = halt_now(arg_action);
+ return log_error_errno(r, "Failed to reboot: %m");
+}
+
static int halt_main(void) {
int r;

View File

@ -0,0 +1,44 @@
From 74632586b46c7e88b09c57eec50f9c4aed254b98 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 30 Jan 2023 14:31:23 +0100
Subject: [PATCH] systemctl: preserve old behavior unless requested
Currently, the legacy shutdown commands ignore inhibitors and reboot
immediately if run by root. Let's preserve that behavior in RHEL-8 by
default. The new behavior can be turned on by those who want it by
exporting SYSTEMD_NEW_SHUTDOWN=1 .
RHEL-only
Related: #2053273
---
src/systemctl/systemctl.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a26e4a913a..1546119ce5 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -8714,7 +8714,7 @@ static int halt_main_old(void) {
return log_error_errno(r, "Failed to reboot: %m");
}
-static int halt_main(void) {
+static int halt_main_new(void) {
int r;
/* always try logind first */
@@ -8765,6 +8765,13 @@ static int halt_main(void) {
return log_error_errno(r, "Failed to reboot: %m");
}
+static int halt_main(void) {
+ if (getenv_bool("SYSTEMD_NEW_SHUTDOWN") > 0)
+ return halt_main_new();
+ else
+ return halt_main_old();
+}
+
static int runlevel_main(void) {
int r, runlevel, previous;

View File

@ -0,0 +1,43 @@
From ea3910e561f043f5a131a846862955c77169da1b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 19 Nov 2018 11:39:45 +0100
Subject: [PATCH] pam_systemd: suppress LOG_DEBUG log messages if debugging is
off
In the PAM module we need to suppress LOG_DEBUG messages manually, if
debug logging is not on, as PAM won't do this for us. We did this
correctly for most log messages already, but two were missing. Let's fix
those too.
Fixes: #10822
(cherry picked from commit 2675747f3cdd6f1e6236bbb2f79abfa53fb307f1)
Resolves: #2170084
---
src/login/pam_systemd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 64e1b4d1bf..c87e980b18 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -476,7 +476,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
}
if (seat && !streq(seat, "seat0") && vtnr != 0) {
- pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
+ if (debug)
+ pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
vtnr = 0;
}
@@ -577,7 +578,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
r = sd_bus_call(bus, m, 0, &error, &reply);
if (r < 0) {
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
- pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
+ if (debug)
+ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
return PAM_SUCCESS;
} else {
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));

View File

@ -0,0 +1,50 @@
From 33351e103734188a4a30b88e7f2ea0613d628599 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 Feb 2023 15:56:52 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.8
RHEL-only
Resolves: #2170499
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a567483995..3cc7719e99 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -328,6 +328,12 @@
for that, the limit is increased to now 65535.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.8</constant></term>
+
+ <para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index df84acf27c..ef2bb1b08e 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -141,6 +141,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX,
+ NAMING_RHEL_8_8 = NAMING_RHEL_8_7,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -161,6 +162,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.5", NAMING_RHEL_8_5 },
{ "rhel-8.6", NAMING_RHEL_8_6 },
{ "rhel-8.7", NAMING_RHEL_8_7 },
+ { "rhel-8.8", NAMING_RHEL_8_8 },
/* … add more schemes here, as the logic to name devices is updated … */
};

View File

@ -8,4 +8,5 @@ account include system-auth
session required pam_selinux.so close session required pam_selinux.so close
session required pam_selinux.so nottys open session required pam_selinux.so nottys open
session required pam_loginuid.so session required pam_loginuid.so
session required pam_namespace.so
session include system-auth session include system-auth

View File

@ -13,7 +13,7 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239 Version: 239
Release: 71%{?dist} Release: 72%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -912,6 +912,16 @@ Patch0859: 0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch
Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch
Patch0861: 0861-coredump-put-context-array-into-a-struct.patch Patch0861: 0861-coredump-put-context-array-into-a-struct.patch
Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch
Patch0863: 0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch
Patch0864: 0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch
Patch0865: 0865-test-introduce-inst_recursive-helper-function.patch
Patch0866: 0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch
Patch0867: 0867-systemctl-simplify-halt_main.patch
Patch0868: 0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch
Patch0869: 0869-systemctl-reintroduce-the-original-halt_main.patch
Patch0870: 0870-systemctl-preserve-old-behavior-unless-requested.patch
Patch0871: 0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch
Patch0872: 0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch
%ifarch %{ix86} x86_64 aarch64 %ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1 %global have_gnu_efi 1
@ -1541,6 +1551,18 @@ fi
%files tests -f .file-list-tests %files tests -f .file-list-tests
%changelog %changelog
* Fri Feb 17 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-72
- test: import logind test from debian/ubuntu test suite (#1866955)
- test: introduce inst_recursive() helper function (#1866955)
- tests: verify that Lock D-Bus signal is sent when IdleAction=lock (#1866955)
- systemctl: simplify halt_main() (#2053273)
- systemctl: shutdown don't fallback on auth fail (#2053273)
- systemctl: reintroduce the original halt_main() (#2053273)
- systemctl: preserve old behavior unless requested (#2053273)
- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (#2170084)
- udev/net_id: introduce naming scheme for RHEL-8.8 (#2170499)
- pam: add a call to pam_namespace (#1861836)
* Tue Jan 31 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-71 * Tue Jan 31 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-71
- manager: limit access to private dbus socket (#2119405) - manager: limit access to private dbus socket (#2119405)
- journalctl: do not treat EINTR as an error when waiting for events (#2161683) - journalctl: do not treat EINTR as an error when waiting for events (#2161683)