import systemd-239-72.el8
This commit is contained in:
parent
68fc178a57
commit
48b003cd3a
@ -0,0 +1,70 @@
|
|||||||
|
From a55bdb007ca24900a704f72359305b04125d9e05 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Wed, 20 Apr 2022 10:13:43 +0200
|
||||||
|
Subject: [PATCH] logind: remember our idle state and use it to detect idle
|
||||||
|
level transitions
|
||||||
|
|
||||||
|
Fixes #16391
|
||||||
|
|
||||||
|
(cherry picked from commit 4e2cfb778b9ed7f22ee98f48f28cf8678d25ad32)
|
||||||
|
|
||||||
|
Resolved: #1866955
|
||||||
|
---
|
||||||
|
src/login/logind.c | 23 +++++++++++++++++++----
|
||||||
|
src/login/logind.h | 1 +
|
||||||
|
2 files changed, 20 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind.c b/src/login/logind.c
|
||||||
|
index 6b576dad0d..bb1d3f3523 100644
|
||||||
|
--- a/src/login/logind.c
|
||||||
|
+++ b/src/login/logind.c
|
||||||
|
@@ -1027,18 +1027,33 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us
|
||||||
|
n = now(CLOCK_MONOTONIC);
|
||||||
|
|
||||||
|
r = manager_get_idle_hint(m, &since);
|
||||||
|
- if (r <= 0)
|
||||||
|
+ if (r <= 0) {
|
||||||
|
/* Not idle. Let's check if after a timeout it might be idle then. */
|
||||||
|
elapse = n + m->idle_action_usec;
|
||||||
|
- else {
|
||||||
|
+ m->was_idle = false;
|
||||||
|
+ } else {
|
||||||
|
+
|
||||||
|
/* Idle! Let's see if it's time to do something, or if
|
||||||
|
* we shall sleep for longer. */
|
||||||
|
|
||||||
|
if (n >= since.monotonic + m->idle_action_usec &&
|
||||||
|
(m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) {
|
||||||
|
- log_info("System idle. Taking action.");
|
||||||
|
+ bool is_edge = false;
|
||||||
|
+
|
||||||
|
+ /* We weren't idle previously or some activity happened while we were sleeping, and now we are
|
||||||
|
+ * idle. Let's remember that for the next time and make this an edge transition. */
|
||||||
|
+ if (!m->was_idle || since.monotonic >= m->idle_action_not_before_usec) {
|
||||||
|
+ is_edge = true;
|
||||||
|
+ m->was_idle = true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (m->idle_action == HANDLE_LOCK && !is_edge)
|
||||||
|
+ /* We are idle and we were before so we are actually not taking any action. */
|
||||||
|
+ log_debug("System idle.");
|
||||||
|
+ else
|
||||||
|
+ log_info("System idle. Doing %s operation.", handle_action_to_string(m->idle_action));
|
||||||
|
|
||||||
|
- manager_handle_action(m, 0, m->idle_action, false, false);
|
||||||
|
+ manager_handle_action(m, 0, m->idle_action, false, is_edge);
|
||||||
|
m->idle_action_not_before_usec = n;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/login/logind.h b/src/login/logind.h
|
||||||
|
index 606adf4fe6..b9b4a5113f 100644
|
||||||
|
--- a/src/login/logind.h
|
||||||
|
+++ b/src/login/logind.h
|
||||||
|
@@ -101,6 +101,7 @@ struct Manager {
|
||||||
|
usec_t idle_action_usec;
|
||||||
|
usec_t idle_action_not_before_usec;
|
||||||
|
HandleAction idle_action;
|
||||||
|
+ bool was_idle;
|
||||||
|
|
||||||
|
usec_t stop_idle_session_usec;
|
||||||
|
|
@ -0,0 +1,103 @@
|
|||||||
|
From 1925845dc10330e4b48fec68333fac6ef2b7bf5c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||||
|
Date: Wed, 1 Jun 2022 08:56:08 +0900
|
||||||
|
Subject: [PATCH] test: import logind test from debian/ubuntu test suite
|
||||||
|
|
||||||
|
[dtardon: Picked just the scaffolding, not the tests themselves.]
|
||||||
|
|
||||||
|
(cherry picked from commit 9c94ab0f6ff22da4278a6e9a93ddc480607c55ac)
|
||||||
|
|
||||||
|
Related: #1866955
|
||||||
|
---
|
||||||
|
test/TEST-35-LOGIN/Makefile | 1 +
|
||||||
|
test/TEST-35-LOGIN/test.sh | 55 +++++++++++++++++++++++++++++++++
|
||||||
|
test/TEST-35-LOGIN/testsuite.sh | 9 ++++++
|
||||||
|
3 files changed, 65 insertions(+)
|
||||||
|
create mode 120000 test/TEST-35-LOGIN/Makefile
|
||||||
|
create mode 100755 test/TEST-35-LOGIN/test.sh
|
||||||
|
create mode 100755 test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
|
||||||
|
diff --git a/test/TEST-35-LOGIN/Makefile b/test/TEST-35-LOGIN/Makefile
|
||||||
|
new file mode 120000
|
||||||
|
index 0000000000..e9f93b1104
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/TEST-35-LOGIN/Makefile
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+../TEST-01-BASIC/Makefile
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000..32410c8149
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/TEST-35-LOGIN/test.sh
|
||||||
|
@@ -0,0 +1,55 @@
|
||||||
|
+#!/usr/bin/env bash
|
||||||
|
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
+set -e
|
||||||
|
+
|
||||||
|
+TEST_DESCRIPTION="LOGIN"
|
||||||
|
+
|
||||||
|
+# shellcheck source=test/test-functions
|
||||||
|
+. "${TEST_BASE_DIR:?}/test-functions"
|
||||||
|
+
|
||||||
|
+test_setup() {
|
||||||
|
+ create_empty_image
|
||||||
|
+ mkdir -p "$TESTDIR"/root
|
||||||
|
+ mount "${LOOPDEV}p1" "$TESTDIR"/root
|
||||||
|
+
|
||||||
|
+ (
|
||||||
|
+ LOG_LEVEL=5
|
||||||
|
+ eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
|
||||||
|
+
|
||||||
|
+ setup_basic_environment
|
||||||
|
+
|
||||||
|
+ inst_binary pkill
|
||||||
|
+ inst_binary useradd
|
||||||
|
+ inst_binary userdel
|
||||||
|
+
|
||||||
|
+ # mask some services that we do not want to run in these tests
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.service
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.socket
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-resolved.service
|
||||||
|
+ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-machined.service
|
||||||
|
+
|
||||||
|
+ # setup the testsuite service
|
||||||
|
+ cat >"$initdir"/etc/systemd/system/testsuite.service <<EOF
|
||||||
|
+[Unit]
|
||||||
|
+Description=Testsuite service
|
||||||
|
+
|
||||||
|
+[Service]
|
||||||
|
+ExecStart=/bin/bash -x /testsuite.sh
|
||||||
|
+Type=oneshot
|
||||||
|
+StandardOutput=tty
|
||||||
|
+StandardError=tty
|
||||||
|
+NotifyAccess=all
|
||||||
|
+EOF
|
||||||
|
+ cp testsuite.sh "$initdir"/
|
||||||
|
+
|
||||||
|
+ setup_testsuite
|
||||||
|
+ ) || return 1
|
||||||
|
+ setup_nspawn_root
|
||||||
|
+
|
||||||
|
+ ddebug "umount $TESTDIR/root"
|
||||||
|
+ umount "$TESTDIR"/root
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+do_test "$@"
|
||||||
|
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000..9855b4bc80
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+#!/usr/bin/env bash
|
||||||
|
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
+set -eux
|
||||||
|
+set -o pipefail
|
||||||
|
+
|
||||||
|
+: >/failed
|
||||||
|
+
|
||||||
|
+touch /testok
|
||||||
|
+rm /failed
|
@ -0,0 +1,37 @@
|
|||||||
|
From 21c281585983fe2efc2b74d712d98ff7e6c013b1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||||
|
Date: Tue, 14 Jun 2022 09:11:00 +0900
|
||||||
|
Subject: [PATCH] test: introduce inst_recursive() helper function
|
||||||
|
|
||||||
|
(cherry picked from commit da0465dc95388afc15598357452afef85035c639)
|
||||||
|
|
||||||
|
Related: #1866955
|
||||||
|
---
|
||||||
|
test/test-functions | 14 ++++++++++++++
|
||||||
|
1 file changed, 14 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/test/test-functions b/test/test-functions
|
||||||
|
index 19363be858..9606a1b085 100644
|
||||||
|
--- a/test/test-functions
|
||||||
|
+++ b/test/test-functions
|
||||||
|
@@ -1224,6 +1224,20 @@ inst_any() {
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
+inst_recursive() {
|
||||||
|
+ local p item
|
||||||
|
+
|
||||||
|
+ for p in "$@"; do
|
||||||
|
+ while read -r item; do
|
||||||
|
+ if [[ -d "$item" ]]; then
|
||||||
|
+ inst_dir "$item"
|
||||||
|
+ elif [[ -f "$item" ]]; then
|
||||||
|
+ inst_simple "$item"
|
||||||
|
+ fi
|
||||||
|
+ done < <(find "$p" 2>/dev/null)
|
||||||
|
+ done
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
# dracut_install [-o ] <file> [<file> ... ]
|
||||||
|
# Install <file> to the initramfs image
|
||||||
|
# -o optionally install the <file> and don't fail, if it is not there
|
@ -0,0 +1,148 @@
|
|||||||
|
From 638c2418e705410344e07e77f944530df0f4608f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Fri, 1 Jul 2022 12:59:57 +0200
|
||||||
|
Subject: [PATCH] tests: verify that Lock D-Bus signal is sent when
|
||||||
|
IdleAction=lock
|
||||||
|
|
||||||
|
(cherry picked from commit 181656fc0faa885d69bc34822b8e9b5de3fdf6bf)
|
||||||
|
|
||||||
|
Related: #1866955
|
||||||
|
---
|
||||||
|
test/TEST-35-LOGIN/test.sh | 11 +++-
|
||||||
|
test/TEST-35-LOGIN/testsuite.sh | 93 +++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 103 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh
|
||||||
|
index 32410c8149..f83afcff49 100755
|
||||||
|
--- a/test/TEST-35-LOGIN/test.sh
|
||||||
|
+++ b/test/TEST-35-LOGIN/test.sh
|
||||||
|
@@ -14,14 +14,23 @@ test_setup() {
|
||||||
|
|
||||||
|
(
|
||||||
|
LOG_LEVEL=5
|
||||||
|
- eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
|
||||||
|
+ eval "$(udevadm info --export --query=env --name="${LOOPDEV}p2")"
|
||||||
|
|
||||||
|
setup_basic_environment
|
||||||
|
|
||||||
|
+ inst_binary awk
|
||||||
|
inst_binary pkill
|
||||||
|
inst_binary useradd
|
||||||
|
inst_binary userdel
|
||||||
|
|
||||||
|
+ if command -v expect >/dev/null && command -v tclsh >/dev/null ; then
|
||||||
|
+ # shellcheck disable=SC2016
|
||||||
|
+ version="$(tclsh <<< 'puts $tcl_version')"
|
||||||
|
+
|
||||||
|
+ dracut_install expect
|
||||||
|
+ inst_recursive /usr/lib64/tcl"$version" /usr/share/tcl"$version"
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
# mask some services that we do not want to run in these tests
|
||||||
|
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service
|
||||||
|
ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service
|
||||||
|
diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
index 9855b4bc80..e4d72beb74 100755
|
||||||
|
--- a/test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
+++ b/test/TEST-35-LOGIN/testsuite.sh
|
||||||
|
@@ -3,7 +3,100 @@
|
||||||
|
set -eux
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
+setup_idle_action_lock() {
|
||||||
|
+ useradd testuser ||:
|
||||||
|
+
|
||||||
|
+ mkdir -p /run/systemd/logind.conf.d/
|
||||||
|
+ cat >/run/systemd/logind.conf.d/idle-action-lock.conf <<EOF
|
||||||
|
+[Login]
|
||||||
|
+IdleAction=lock
|
||||||
|
+IdleActionSec=1s
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+ mkdir -p /run/systemd/systemd-logind.service.d/
|
||||||
|
+ cat >/run/systemd/systemd-logind.service.d/debug.conf <<EOF
|
||||||
|
+[Service]
|
||||||
|
+Environment=SYSTEMD_LOG_LEVEL=debug
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+ systemctl restart systemd-logind.service
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+teardown_idle_action_lock() {(
|
||||||
|
+ set +ex
|
||||||
|
+ rm -f /run/systemd/logind.conf.d/idle-action-lock.conf
|
||||||
|
+ rm -f /run/systemd/systemd-logind.service.d/debug.conf
|
||||||
|
+ pkill -9 -u "$(id -u testuser)"
|
||||||
|
+ userdel -r testuser
|
||||||
|
+ systemctl restart systemd-logind.service
|
||||||
|
+)}
|
||||||
|
+
|
||||||
|
+test_lock_idle_action() {
|
||||||
|
+ if ! command -v expect >/dev/null ; then
|
||||||
|
+ echo >&2 "expect not installed, skiping test ${FUNCNAME[0]}"
|
||||||
|
+ return 0
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ setup_idle_action_lock
|
||||||
|
+ trap teardown_idle_action_lock RETURN
|
||||||
|
+
|
||||||
|
+ if loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -q testuser ; then
|
||||||
|
+ echo >&2 "Session of the \'testuser\' is already present."
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ # IdleActionSec is set 1s but the accuracy of associated timer is 30s so we
|
||||||
|
+ # need to sleep in worst case for 31s to make sure timer elapsed. We sleep
|
||||||
|
+ # here for 35s to accomodate for any possible scheudling delays.
|
||||||
|
+ cat > /tmp/test.exp <<EOF
|
||||||
|
+spawn systemd-run -G -t -p PAMName=login -p User=testuser bash
|
||||||
|
+send "sleep 35\r"
|
||||||
|
+send "echo foobar\r"
|
||||||
|
+send "sleep 35\r"
|
||||||
|
+send "exit\r"
|
||||||
|
+interact
|
||||||
|
+wait
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+ ts="$(date '+%H:%M:%S')"
|
||||||
|
+ busctl --match "type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.login1.Session',member='Lock'" monitor > dbus.log &
|
||||||
|
+
|
||||||
|
+ expect /tmp/test.exp &
|
||||||
|
+
|
||||||
|
+ # Sleep a bit to give expect time to spawn systemd-run before we check for
|
||||||
|
+ # the presence of resulting session.
|
||||||
|
+ sleep 2
|
||||||
|
+ if [ "$(loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -c testuser)" != 1 ] ; then
|
||||||
|
+ echo >&2 "\'testuser\' is expected to have exactly one session running."
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ wait %2
|
||||||
|
+ sleep 20
|
||||||
|
+ kill %1
|
||||||
|
+
|
||||||
|
+ # We slept for 35s , in that interval all sessions should have become idle
|
||||||
|
+ # and "Lock" signal should have been sent out. Then we wrote to tty to make
|
||||||
|
+ # session active again and next we slept for another 35s so sessions have
|
||||||
|
+ # become idle again. 'Lock' signal is sent out for each session, we have at
|
||||||
|
+ # least one session, so minimum of 2 "Lock" signals must have been sent.
|
||||||
|
+ if [ "$(grep -c Member=Lock dbus.log)" -lt 2 ]; then
|
||||||
|
+ echo >&2 "Too few 'Lock' D-Bus signal sent, expected at least 2."
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ journalctl -b -u systemd-logind.service --since="$ts" > logind.log
|
||||||
|
+ if [ "$(grep -c 'System idle. Doing lock operation.' logind.log)" -lt 2 ]; then
|
||||||
|
+ echo >&2 "System haven't entered idle state at least 2 times."
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ rm -f dbus.log logind.log
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
: >/failed
|
||||||
|
|
||||||
|
+test_lock_idle_action
|
||||||
|
+
|
||||||
|
touch /testok
|
||||||
|
rm /failed
|
86
SOURCES/0867-systemctl-simplify-halt_main.patch
Normal file
86
SOURCES/0867-systemctl-simplify-halt_main.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
From 797b00e6a6f33d2b74beba02f678bf4d12e2146b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
Date: Tue, 14 Dec 2021 17:27:05 +0100
|
||||||
|
Subject: [PATCH] systemctl: simplify halt_main()
|
||||||
|
|
||||||
|
The code at this point is not able to tell whether it was called as
|
||||||
|
halt/poweroff/reboot or shutdown with time "now".
|
||||||
|
The code also takes a shortcut to skip logind if called as root.
|
||||||
|
That however means asking shutdown for immediate action won't trigger a
|
||||||
|
wall message.
|
||||||
|
As per https://github.com/systemd/systemd/issues/8424#issuecomment-374677315
|
||||||
|
all commands should trigger a wall message.
|
||||||
|
That simplifies the code as we can try logind first always.
|
||||||
|
|
||||||
|
(cherry picked from commit adefc8789b63225662e50ceaa282f9553b5c64eb)
|
||||||
|
|
||||||
|
Resolves: #2053273
|
||||||
|
---
|
||||||
|
src/systemctl/systemctl.c | 44 ++++++++++++++++-----------------------
|
||||||
|
1 file changed, 18 insertions(+), 26 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||||
|
index b967550b97..4bedb52f2a 100644
|
||||||
|
--- a/src/systemctl/systemctl.c
|
||||||
|
+++ b/src/systemctl/systemctl.c
|
||||||
|
@@ -8658,34 +8658,23 @@ static int logind_schedule_shutdown(void) {
|
||||||
|
static int halt_main(void) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
- r = logind_check_inhibitors(arg_action);
|
||||||
|
- if (r < 0)
|
||||||
|
- return r;
|
||||||
|
-
|
||||||
|
+ /* always try logind first */
|
||||||
|
if (arg_when > 0)
|
||||||
|
- return logind_schedule_shutdown();
|
||||||
|
-
|
||||||
|
- if (geteuid() != 0) {
|
||||||
|
- if (arg_dry_run || arg_force > 0) {
|
||||||
|
- (void) must_be_root();
|
||||||
|
- return -EPERM;
|
||||||
|
- }
|
||||||
|
+ r = logind_schedule_shutdown();
|
||||||
|
+ else {
|
||||||
|
+ r = logind_check_inhibitors(arg_action);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ return r;
|
||||||
|
|
||||||
|
- /* Try logind if we are a normal user and no special
|
||||||
|
- * mode applies. Maybe PolicyKit allows us to shutdown
|
||||||
|
- * the machine. */
|
||||||
|
- if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
|
||||||
|
- r = logind_reboot(arg_action);
|
||||||
|
- if (r >= 0)
|
||||||
|
- return r;
|
||||||
|
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
- /* requested operation is not
|
||||||
|
- * supported on the local system or
|
||||||
|
- * already in progress */
|
||||||
|
- return r;
|
||||||
|
- /* on all other errors, try low-level operation */
|
||||||
|
- }
|
||||||
|
+ r = logind_reboot(arg_action);
|
||||||
|
}
|
||||||
|
+ if (r >= 0)
|
||||||
|
+ return r;
|
||||||
|
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
+ /* Requested operation is not supported on the local system or already in
|
||||||
|
+ * progress */
|
||||||
|
+ return r;
|
||||||
|
+ /* on all other errors, try low-level operation */
|
||||||
|
|
||||||
|
/* In order to minimize the difference between operation with and
|
||||||
|
* without logind, we explicitly enable non-blocking mode for this,
|
||||||
|
@@ -8695,7 +8684,10 @@ static int halt_main(void) {
|
||||||
|
if (!arg_dry_run && !arg_force)
|
||||||
|
return start_with_fallback();
|
||||||
|
|
||||||
|
- assert(geteuid() == 0);
|
||||||
|
+ if (geteuid() != 0) {
|
||||||
|
+ (void) must_be_root();
|
||||||
|
+ return -EPERM;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!arg_no_wtmp) {
|
||||||
|
if (sd_booted() > 0)
|
@ -0,0 +1,51 @@
|
|||||||
|
From 1d63577410cde215c04921d62f435259a6b258d7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
Date: Mon, 20 Dec 2021 18:05:50 +0100
|
||||||
|
Subject: [PATCH] systemctl: shutdown don't fallback on auth fail
|
||||||
|
|
||||||
|
For shutdowns don't fall back to starting the target directly if talking
|
||||||
|
to logind failed with auth failure. That would just lead to another
|
||||||
|
polkit auth attempt.
|
||||||
|
|
||||||
|
(cherry picked from commit 38d55bf2641f345445cb4e6a5e5e808555591db2)
|
||||||
|
|
||||||
|
Related: #2053273
|
||||||
|
---
|
||||||
|
src/systemctl/systemctl.c | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||||
|
index 4bedb52f2a..199f736f7f 100644
|
||||||
|
--- a/src/systemctl/systemctl.c
|
||||||
|
+++ b/src/systemctl/systemctl.c
|
||||||
|
@@ -3675,8 +3675,8 @@ static int start_special(int argc, char *argv[], void *userdata) {
|
||||||
|
r = logind_reboot(a);
|
||||||
|
if (r >= 0)
|
||||||
|
return r;
|
||||||
|
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
- /* requested operation is not supported or already in progress */
|
||||||
|
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
+ /* Requested operation requires auth, is not supported or already in progress */
|
||||||
|
return r;
|
||||||
|
|
||||||
|
/* On all other errors, try low-level operation. In order to minimize the difference between
|
||||||
|
@@ -8644,7 +8644,7 @@ static int logind_schedule_shutdown(void) {
|
||||||
|
action,
|
||||||
|
arg_when);
|
||||||
|
if (r < 0)
|
||||||
|
- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
|
||||||
|
+ return log_warning_errno(r, "Failed to schedule shutdown: %s", bus_error_message(&error, r));
|
||||||
|
|
||||||
|
if (!arg_quiet)
|
||||||
|
log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when));
|
||||||
|
@@ -8670,8 +8670,8 @@ static int halt_main(void) {
|
||||||
|
}
|
||||||
|
if (r >= 0)
|
||||||
|
return r;
|
||||||
|
- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
- /* Requested operation is not supported on the local system or already in
|
||||||
|
+ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
+ /* Requested operation requires auth, is not supported on the local system or already in
|
||||||
|
* progress */
|
||||||
|
return r;
|
||||||
|
/* on all other errors, try low-level operation */
|
@ -0,0 +1,82 @@
|
|||||||
|
From d36295d7c1b110d150b7af6e3354c28af4c4884d Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Mon, 30 Jan 2023 14:27:24 +0100
|
||||||
|
Subject: [PATCH] systemctl: reintroduce the original halt_main()
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Related: #2053273
|
||||||
|
---
|
||||||
|
src/systemctl/systemctl.c | 59 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 59 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||||
|
index 199f736f7f..a26e4a913a 100644
|
||||||
|
--- a/src/systemctl/systemctl.c
|
||||||
|
+++ b/src/systemctl/systemctl.c
|
||||||
|
@@ -8655,6 +8655,65 @@ static int logind_schedule_shutdown(void) {
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int halt_main_old(void) {
|
||||||
|
+ int r;
|
||||||
|
+
|
||||||
|
+ r = logind_check_inhibitors(arg_action);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ return r;
|
||||||
|
+
|
||||||
|
+ if (arg_when > 0)
|
||||||
|
+ return logind_schedule_shutdown();
|
||||||
|
+
|
||||||
|
+ if (geteuid() != 0) {
|
||||||
|
+ if (arg_dry_run || arg_force > 0) {
|
||||||
|
+ (void) must_be_root();
|
||||||
|
+ return -EPERM;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Try logind if we are a normal user and no special
|
||||||
|
+ * mode applies. Maybe PolicyKit allows us to shutdown
|
||||||
|
+ * the machine. */
|
||||||
|
+ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
|
||||||
|
+ r = logind_reboot(arg_action);
|
||||||
|
+ if (r >= 0)
|
||||||
|
+ return r;
|
||||||
|
+ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS))
|
||||||
|
+ /* requested operation is not
|
||||||
|
+ * supported on the local system or
|
||||||
|
+ * already in progress */
|
||||||
|
+ return r;
|
||||||
|
+ /* on all other errors, try low-level operation */
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* In order to minimize the difference between operation with and
|
||||||
|
+ * without logind, we explicitly enable non-blocking mode for this,
|
||||||
|
+ * as logind's shutdown operations are always non-blocking. */
|
||||||
|
+ arg_no_block = true;
|
||||||
|
+
|
||||||
|
+ if (!arg_dry_run && !arg_force)
|
||||||
|
+ return start_with_fallback();
|
||||||
|
+
|
||||||
|
+ assert(geteuid() == 0);
|
||||||
|
+
|
||||||
|
+ if (!arg_no_wtmp) {
|
||||||
|
+ if (sd_booted() > 0)
|
||||||
|
+ log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");
|
||||||
|
+ else {
|
||||||
|
+ r = utmp_put_shutdown();
|
||||||
|
+ if (r < 0)
|
||||||
|
+ log_warning_errno(r, "Failed to write utmp record: %m");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (arg_dry_run)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ r = halt_now(arg_action);
|
||||||
|
+ return log_error_errno(r, "Failed to reboot: %m");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int halt_main(void) {
|
||||||
|
int r;
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From 74632586b46c7e88b09c57eec50f9c4aed254b98 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Mon, 30 Jan 2023 14:31:23 +0100
|
||||||
|
Subject: [PATCH] systemctl: preserve old behavior unless requested
|
||||||
|
|
||||||
|
Currently, the legacy shutdown commands ignore inhibitors and reboot
|
||||||
|
immediately if run by root. Let's preserve that behavior in RHEL-8 by
|
||||||
|
default. The new behavior can be turned on by those who want it by
|
||||||
|
exporting SYSTEMD_NEW_SHUTDOWN=1 .
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Related: #2053273
|
||||||
|
---
|
||||||
|
src/systemctl/systemctl.c | 9 ++++++++-
|
||||||
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
|
||||||
|
index a26e4a913a..1546119ce5 100644
|
||||||
|
--- a/src/systemctl/systemctl.c
|
||||||
|
+++ b/src/systemctl/systemctl.c
|
||||||
|
@@ -8714,7 +8714,7 @@ static int halt_main_old(void) {
|
||||||
|
return log_error_errno(r, "Failed to reboot: %m");
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int halt_main(void) {
|
||||||
|
+static int halt_main_new(void) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
/* always try logind first */
|
||||||
|
@@ -8765,6 +8765,13 @@ static int halt_main(void) {
|
||||||
|
return log_error_errno(r, "Failed to reboot: %m");
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int halt_main(void) {
|
||||||
|
+ if (getenv_bool("SYSTEMD_NEW_SHUTDOWN") > 0)
|
||||||
|
+ return halt_main_new();
|
||||||
|
+ else
|
||||||
|
+ return halt_main_old();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int runlevel_main(void) {
|
||||||
|
int r, runlevel, previous;
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
From ea3910e561f043f5a131a846862955c77169da1b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Mon, 19 Nov 2018 11:39:45 +0100
|
||||||
|
Subject: [PATCH] pam_systemd: suppress LOG_DEBUG log messages if debugging is
|
||||||
|
off
|
||||||
|
|
||||||
|
In the PAM module we need to suppress LOG_DEBUG messages manually, if
|
||||||
|
debug logging is not on, as PAM won't do this for us. We did this
|
||||||
|
correctly for most log messages already, but two were missing. Let's fix
|
||||||
|
those too.
|
||||||
|
|
||||||
|
Fixes: #10822
|
||||||
|
(cherry picked from commit 2675747f3cdd6f1e6236bbb2f79abfa53fb307f1)
|
||||||
|
|
||||||
|
Resolves: #2170084
|
||||||
|
---
|
||||||
|
src/login/pam_systemd.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
|
||||||
|
index 64e1b4d1bf..c87e980b18 100644
|
||||||
|
--- a/src/login/pam_systemd.c
|
||||||
|
+++ b/src/login/pam_systemd.c
|
||||||
|
@@ -476,7 +476,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
}
|
||||||
|
|
||||||
|
if (seat && !streq(seat, "seat0") && vtnr != 0) {
|
||||||
|
- pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
|
||||||
|
vtnr = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -577,7 +578,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
r = sd_bus_call(bus, m, 0, &error, &reply);
|
||||||
|
if (r < 0) {
|
||||||
|
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
|
||||||
|
- pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
} else {
|
||||||
|
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
|
@ -0,0 +1,50 @@
|
|||||||
|
From 33351e103734188a4a30b88e7f2ea0613d628599 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Macku <jamacku@redhat.com>
|
||||||
|
Date: Thu, 16 Feb 2023 15:56:52 +0100
|
||||||
|
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.8
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #2170499
|
||||||
|
---
|
||||||
|
man/systemd.net-naming-scheme.xml | 6 ++++++
|
||||||
|
src/udev/udev-builtin-net_id.c | 2 ++
|
||||||
|
2 files changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||||
|
index a567483995..3cc7719e99 100644
|
||||||
|
--- a/man/systemd.net-naming-scheme.xml
|
||||||
|
+++ b/man/systemd.net-naming-scheme.xml
|
||||||
|
@@ -328,6 +328,12 @@
|
||||||
|
for that, the limit is increased to now 65535.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term><constant>rhel-8.8</constant></term>
|
||||||
|
+
|
||||||
|
+ <para>Same as naming scheme <constant>rhel-8.7</constant>.</para>
|
||||||
|
+ </varlistentry>
|
||||||
|
+
|
||||||
|
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
|
||||||
|
particular version of systemd.</para>
|
||||||
|
</variablelist>
|
||||||
|
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||||
|
index df84acf27c..ef2bb1b08e 100644
|
||||||
|
--- a/src/udev/udev-builtin-net_id.c
|
||||||
|
+++ b/src/udev/udev-builtin-net_id.c
|
||||||
|
@@ -141,6 +141,7 @@ typedef enum NamingSchemeFlags {
|
||||||
|
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
|
||||||
|
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
|
||||||
|
NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX,
|
||||||
|
+ NAMING_RHEL_8_8 = NAMING_RHEL_8_7,
|
||||||
|
|
||||||
|
_NAMING_SCHEME_FLAGS_INVALID = -1,
|
||||||
|
} NamingSchemeFlags;
|
||||||
|
@@ -161,6 +162,7 @@ static const NamingScheme naming_schemes[] = {
|
||||||
|
{ "rhel-8.5", NAMING_RHEL_8_5 },
|
||||||
|
{ "rhel-8.6", NAMING_RHEL_8_6 },
|
||||||
|
{ "rhel-8.7", NAMING_RHEL_8_7 },
|
||||||
|
+ { "rhel-8.8", NAMING_RHEL_8_8 },
|
||||||
|
/* … add more schemes here, as the logic to name devices is updated … */
|
||||||
|
};
|
||||||
|
|
@ -8,4 +8,5 @@ account include system-auth
|
|||||||
session required pam_selinux.so close
|
session required pam_selinux.so close
|
||||||
session required pam_selinux.so nottys open
|
session required pam_selinux.so nottys open
|
||||||
session required pam_loginuid.so
|
session required pam_loginuid.so
|
||||||
|
session required pam_namespace.so
|
||||||
session include system-auth
|
session include system-auth
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
Name: systemd
|
Name: systemd
|
||||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||||
Version: 239
|
Version: 239
|
||||||
Release: 71%{?dist}
|
Release: 72%{?dist}
|
||||||
# For a breakdown of the licensing, see README
|
# For a breakdown of the licensing, see README
|
||||||
License: LGPLv2+ and MIT and GPLv2+
|
License: LGPLv2+ and MIT and GPLv2+
|
||||||
Summary: System and Service Manager
|
Summary: System and Service Manager
|
||||||
@ -912,6 +912,16 @@ Patch0859: 0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch
|
|||||||
Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch
|
Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch
|
||||||
Patch0861: 0861-coredump-put-context-array-into-a-struct.patch
|
Patch0861: 0861-coredump-put-context-array-into-a-struct.patch
|
||||||
Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch
|
Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch
|
||||||
|
Patch0863: 0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch
|
||||||
|
Patch0864: 0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch
|
||||||
|
Patch0865: 0865-test-introduce-inst_recursive-helper-function.patch
|
||||||
|
Patch0866: 0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch
|
||||||
|
Patch0867: 0867-systemctl-simplify-halt_main.patch
|
||||||
|
Patch0868: 0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch
|
||||||
|
Patch0869: 0869-systemctl-reintroduce-the-original-halt_main.patch
|
||||||
|
Patch0870: 0870-systemctl-preserve-old-behavior-unless-requested.patch
|
||||||
|
Patch0871: 0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch
|
||||||
|
Patch0872: 0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch
|
||||||
|
|
||||||
%ifarch %{ix86} x86_64 aarch64
|
%ifarch %{ix86} x86_64 aarch64
|
||||||
%global have_gnu_efi 1
|
%global have_gnu_efi 1
|
||||||
@ -1541,6 +1551,18 @@ fi
|
|||||||
%files tests -f .file-list-tests
|
%files tests -f .file-list-tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Feb 17 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-72
|
||||||
|
- test: import logind test from debian/ubuntu test suite (#1866955)
|
||||||
|
- test: introduce inst_recursive() helper function (#1866955)
|
||||||
|
- tests: verify that Lock D-Bus signal is sent when IdleAction=lock (#1866955)
|
||||||
|
- systemctl: simplify halt_main() (#2053273)
|
||||||
|
- systemctl: shutdown don't fallback on auth fail (#2053273)
|
||||||
|
- systemctl: reintroduce the original halt_main() (#2053273)
|
||||||
|
- systemctl: preserve old behavior unless requested (#2053273)
|
||||||
|
- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (#2170084)
|
||||||
|
- udev/net_id: introduce naming scheme for RHEL-8.8 (#2170499)
|
||||||
|
- pam: add a call to pam_namespace (#1861836)
|
||||||
|
|
||||||
* Tue Jan 31 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-71
|
* Tue Jan 31 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-71
|
||||||
- manager: limit access to private dbus socket (#2119405)
|
- manager: limit access to private dbus socket (#2119405)
|
||||||
- journalctl: do not treat EINTR as an error when waiting for events (#2161683)
|
- journalctl: do not treat EINTR as an error when waiting for events (#2161683)
|
||||||
|
Loading…
Reference in New Issue
Block a user