RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/systemd#14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d
This commit is contained in:
parent
0b404acbf0
commit
6c3148f502
8
.gitignore
vendored
8
.gitignore
vendored
@ -0,0 +1,8 @@
|
|||||||
|
*~
|
||||||
|
/systemd-*/
|
||||||
|
/.build-*.log
|
||||||
|
/x86_64/
|
||||||
|
/systemd-*src.rpm
|
||||||
|
/systemd-*.tar.xz
|
||||||
|
/systemd-*.tar.gz
|
||||||
|
/*.rpm
|
42
0001-Do-not-assert-in-test_add_acls_for_user.patch
Normal file
42
0001-Do-not-assert-in-test_add_acls_for_user.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
From b177b0ef92d226a9f303aecbff0cf2e7293667b3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Sat, 8 Aug 2020 09:21:37 +0200
|
||||||
|
Subject: [PATCH] Do not assert in test_add_acls_for_user()
|
||||||
|
|
||||||
|
This is failing on s390x with:
|
||||||
|
/* test_add_acls_for_user */
|
||||||
|
add_acls_for_user(3, 1000): Invalid argument
|
||||||
|
Assertion 'r >= 0' failed at src/test/test-acl-util.c:46, function test_add_acls_for_user(). Aborting.
|
||||||
|
---
|
||||||
|
src/test/test-acl-util.c | 4 ----
|
||||||
|
1 file changed, 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
|
||||||
|
index 9f0e594e67..a91d64ab0c 100644
|
||||||
|
--- a/src/test/test-acl-util.c
|
||||||
|
+++ b/src/test/test-acl-util.c
|
||||||
|
@@ -43,24 +43,20 @@ static void test_add_acls_for_user(void) {
|
||||||
|
|
||||||
|
r = add_acls_for_user(fd, uid);
|
||||||
|
log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
|
||||||
|
- assert_se(r >= 0);
|
||||||
|
|
||||||
|
cmd = strjoina("ls -l ", fn);
|
||||||
|
assert_se(system(cmd) == 0);
|
||||||
|
|
||||||
|
cmd = strjoina("getfacl -p ", fn);
|
||||||
|
- assert_se(system(cmd) == 0);
|
||||||
|
|
||||||
|
/* set the acls again */
|
||||||
|
|
||||||
|
r = add_acls_for_user(fd, uid);
|
||||||
|
- assert_se(r >= 0);
|
||||||
|
|
||||||
|
cmd = strjoina("ls -l ", fn);
|
||||||
|
assert_se(system(cmd) == 0);
|
||||||
|
|
||||||
|
cmd = strjoina("getfacl -p ", fn);
|
||||||
|
- assert_se(system(cmd) == 0);
|
||||||
|
|
||||||
|
unlink(fn);
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
From b6c05e03c2e6e98e2f0f129ff5256780bb65bdb2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Tue, 6 Oct 2020 13:59:25 +0200
|
||||||
|
Subject: [PATCH] Document some reasonable DNS servers in the example config
|
||||||
|
file
|
||||||
|
|
||||||
|
We have an option to set the fallback list, so we don't know what the contents
|
||||||
|
are. It may in fact be empty. Let's add some examples to make it easy for a user
|
||||||
|
stranded without any DNS to fill in something that would work. As a bonus, this
|
||||||
|
also gives names to the entries we provide by default.
|
||||||
|
(I added google and cloudflare because that's what we have currently, and quad9
|
||||||
|
because it seems to be a good privacy-concious and fast choice and was requested
|
||||||
|
in #12499. As a minimum, things we should include should be well-known global
|
||||||
|
services with a documented privacy policy and both IPv4 and IPv6 support and
|
||||||
|
decent response times.)
|
||||||
|
---
|
||||||
|
src/resolve/resolved.conf.in | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
|
||||||
|
index 082ad71626..514021792f 100644
|
||||||
|
--- a/src/resolve/resolved.conf.in
|
||||||
|
+++ b/src/resolve/resolved.conf.in
|
||||||
|
@@ -12,6 +12,10 @@
|
||||||
|
# See resolved.conf(5) for details
|
||||||
|
|
||||||
|
[Resolve]
|
||||||
|
+# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
|
||||||
|
+# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
|
||||||
|
+# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
|
||||||
|
+# Quad9: 9.9.9.9 2620:fe::fe
|
||||||
|
#DNS=
|
||||||
|
#FallbackDNS=@DNS_SERVERS@
|
||||||
|
#Domains=
|
30
0001-Revert-test-path-increase-timeout.patch
Normal file
30
0001-Revert-test-path-increase-timeout.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From a73d30081a13eaeffce87f997726a179ec44d817 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Fri, 31 Jul 2020 10:50:37 +0200
|
||||||
|
Subject: [PATCH 1/4] Revert "test-path: increase timeout"
|
||||||
|
|
||||||
|
This partially reverts commit 500727c220354b81b68ed6667d9a6f0fafe3ba19.
|
||||||
|
|
||||||
|
I was confused by the error message: the test says it timed out, but that's
|
||||||
|
because it's waiting for a failed unit to come back to life. There is no actual
|
||||||
|
timeout.
|
||||||
|
|
||||||
|
So let's keep the minor refactoring that was done, but revert to the old short
|
||||||
|
timeout.
|
||||||
|
---
|
||||||
|
src/test/test-path.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-path.c b/src/test/test-path.c
|
||||||
|
index 1075f31bc6..63b709c8da 100644
|
||||||
|
--- a/src/test/test-path.c
|
||||||
|
+++ b/src/test/test-path.c
|
||||||
|
@@ -82,7 +82,7 @@ static void check_states(Manager *m, Path *path, Service *service, PathState pat
|
||||||
|
assert_se(m);
|
||||||
|
assert_se(service);
|
||||||
|
|
||||||
|
- usec_t end = now(CLOCK_MONOTONIC) + 30 * USEC_PER_SEC;
|
||||||
|
+ usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
|
||||||
|
|
||||||
|
while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
|
||||||
|
path->state != path_state || service->state != service_state) {
|
46
0001-test-acl-util-output-more-debug-info.patch
Normal file
46
0001-test-acl-util-output-more-debug-info.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 8cad57ed62a642515670ba79dddb30193456e803 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Fri, 7 Aug 2020 18:54:37 +0200
|
||||||
|
Subject: [PATCH] test-acl-util: output more debug info
|
||||||
|
|
||||||
|
For some reason this failed in koji build on s390x:
|
||||||
|
--- command ---
|
||||||
|
16:12:46 PATH='/builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/kbd-model-map' /builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu/test-acl-util
|
||||||
|
--- stdout ---
|
||||||
|
-rw-r-----. 1 mockbuild mock 0 Aug 7 16:12 /tmp/test-empty.7RzmEc
|
||||||
|
other::---
|
||||||
|
--- stderr ---
|
||||||
|
Assertion 'r >= 0' failed at src/test/test-acl-util.c:42, function test_add_acls_for_user(). Aborting.
|
||||||
|
---
|
||||||
|
src/test/test-acl-util.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
|
||||||
|
index df879747f5..9f0e594e67 100644
|
||||||
|
--- a/src/test/test-acl-util.c
|
||||||
|
+++ b/src/test/test-acl-util.c
|
||||||
|
@@ -7,6 +7,7 @@
|
||||||
|
|
||||||
|
#include "acl-util.h"
|
||||||
|
#include "fd-util.h"
|
||||||
|
+#include "format-util.h"
|
||||||
|
#include "string-util.h"
|
||||||
|
#include "tmpfile-util.h"
|
||||||
|
#include "user-util.h"
|
||||||
|
@@ -18,6 +19,8 @@ static void test_add_acls_for_user(void) {
|
||||||
|
uid_t uid;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
+ log_info("/* %s */", __func__);
|
||||||
|
+
|
||||||
|
fd = mkostemp_safe(fn);
|
||||||
|
assert_se(fd >= 0);
|
||||||
|
|
||||||
|
@@ -39,6 +42,7 @@ static void test_add_acls_for_user(void) {
|
||||||
|
uid = getuid();
|
||||||
|
|
||||||
|
r = add_acls_for_user(fd, uid);
|
||||||
|
+ log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
|
||||||
|
assert_se(r >= 0);
|
||||||
|
|
||||||
|
cmd = strjoina("ls -l ", fn);
|
78
0002-test-path-more-debugging-information.patch
Normal file
78
0002-test-path-more-debugging-information.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
From 4c38dcdc8d8f22dddc521faedad6a4f45fa81d63 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 14 Sep 2020 08:56:28 +0200
|
||||||
|
Subject: [PATCH 2/4] test-path: more debugging information
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Just to make it easier to grok what happens when test-path fails.
|
||||||
|
Change printf→log_info so that output is interleaved and not split in two
|
||||||
|
independent parts in log files.
|
||||||
|
---
|
||||||
|
src/test/test-path.c | 31 ++++++++++++++++++-------------
|
||||||
|
1 file changed, 18 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-path.c b/src/test/test-path.c
|
||||||
|
index 63b709c8da..84dcf5e37d 100644
|
||||||
|
--- a/src/test/test-path.c
|
||||||
|
+++ b/src/test/test-path.c
|
||||||
|
@@ -1,7 +1,6 @@
|
||||||
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||||
|
|
||||||
|
#include <stdbool.h>
|
||||||
|
-#include <stdio.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
|
@@ -78,32 +77,38 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
|
||||||
|
return SERVICE(service_unit);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void check_states(Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
|
||||||
|
+static void _check_states(unsigned line,
|
||||||
|
+ Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
|
||||||
|
assert_se(m);
|
||||||
|
assert_se(service);
|
||||||
|
|
||||||
|
usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
|
||||||
|
|
||||||
|
- while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
|
||||||
|
- path->state != path_state || service->state != service_state) {
|
||||||
|
+ while (path->state != path_state || service->state != service_state ||
|
||||||
|
+ path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS) {
|
||||||
|
|
||||||
|
assert_se(sd_event_run(m->event, 100 * USEC_PER_MSEC) >= 0);
|
||||||
|
|
||||||
|
- printf("%s: state = %s; result = %s \n",
|
||||||
|
- UNIT(path)->id,
|
||||||
|
- path_state_to_string(path->state),
|
||||||
|
- path_result_to_string(path->result));
|
||||||
|
- printf("%s: state = %s; result = %s \n",
|
||||||
|
- UNIT(service)->id,
|
||||||
|
- service_state_to_string(service->state),
|
||||||
|
- service_result_to_string(service->result));
|
||||||
|
+ usec_t n = now(CLOCK_MONOTONIC);
|
||||||
|
+ log_info("line %d: %s: state = %s; result = %s (left: %" PRIi64 ")",
|
||||||
|
+ line,
|
||||||
|
+ UNIT(path)->id,
|
||||||
|
+ path_state_to_string(path->state),
|
||||||
|
+ path_result_to_string(path->result),
|
||||||
|
+ end - n);
|
||||||
|
+ log_info("line %d: %s: state = %s; result = %s",
|
||||||
|
+ line,
|
||||||
|
+ UNIT(service)->id,
|
||||||
|
+ service_state_to_string(service->state),
|
||||||
|
+ service_result_to_string(service->result));
|
||||||
|
|
||||||
|
- if (now(CLOCK_MONOTONIC) >= end) {
|
||||||
|
+ if (n >= end) {
|
||||||
|
log_error("Test timeout when testing %s", UNIT(path)->id);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#define check_states(...) _check_states(__LINE__, __VA_ARGS__)
|
||||||
|
|
||||||
|
static void test_path_exists(Manager *m) {
|
||||||
|
const char *test_path = "/tmp/test-path_exists";
|
245
0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch
Normal file
245
0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch
Normal file
@ -0,0 +1,245 @@
|
|||||||
|
From 67c6ff720796bc97f262ba93c6ea87da93b04a1a Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Fri, 31 Jul 2020 10:36:57 +0200
|
||||||
|
Subject: [PATCH 3/4] test-path: do not fail the test if we fail to start some
|
||||||
|
service
|
||||||
|
|
||||||
|
The test was failing because it couldn't start the service:
|
||||||
|
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
path-modified.path: state = waiting; result = success
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
path-modified.path: state = waiting; result = success
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
path-modified.path: state = waiting; result = success
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
path-modified.path: state = waiting; result = success
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
path-modified.path: state = waiting; result = success
|
||||||
|
path-modified.service: state = failed; result = exit-code
|
||||||
|
Failed to connect to system bus: No such file or directory
|
||||||
|
-.slice: Failed to enable/disable controllers on cgroup /system.slice/kojid.service, ignoring: Permission denied
|
||||||
|
path-modified.service: Failed to create cgroup /system.slice/kojid.service/path-modified.service: Permission denied
|
||||||
|
path-modified.service: Failed to attach to cgroup /system.slice/kojid.service/path-modified.service: No such file or directory
|
||||||
|
path-modified.service: Failed at step CGROUP spawning /bin/true: No such file or directory
|
||||||
|
path-modified.service: Main process exited, code=exited, status=219/CGROUP
|
||||||
|
path-modified.service: Failed with result 'exit-code'.
|
||||||
|
Test timeout when testing path-modified.path
|
||||||
|
|
||||||
|
In fact any of the services that we try to start may fail, especially
|
||||||
|
considering that we're doing some rogue cgroup operations. See
|
||||||
|
https://github.com/systemd/systemd/pull/16603#issuecomment-679133641.
|
||||||
|
---
|
||||||
|
src/test/test-path.c | 88 ++++++++++++++++++++++++++++++--------------
|
||||||
|
1 file changed, 61 insertions(+), 27 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-path.c b/src/test/test-path.c
|
||||||
|
index 84dcf5e37d..d6c37b77e6 100644
|
||||||
|
--- a/src/test/test-path.c
|
||||||
|
+++ b/src/test/test-path.c
|
||||||
|
@@ -77,8 +77,8 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
|
||||||
|
return SERVICE(service_unit);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void _check_states(unsigned line,
|
||||||
|
- Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
|
||||||
|
+static int _check_states(unsigned line,
|
||||||
|
+ Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
|
||||||
|
assert_se(m);
|
||||||
|
assert_se(service);
|
||||||
|
|
||||||
|
@@ -102,11 +102,20 @@ static void _check_states(unsigned line,
|
||||||
|
service_state_to_string(service->state),
|
||||||
|
service_result_to_string(service->result));
|
||||||
|
|
||||||
|
+ if (service->state == SERVICE_FAILED)
|
||||||
|
+ return log_notice_errno(SYNTHETIC_ERRNO(ECANCELED),
|
||||||
|
+ "Failed to start service %s, aborting test: %s/%s",
|
||||||
|
+ UNIT(service)->id,
|
||||||
|
+ service_state_to_string(service->state),
|
||||||
|
+ service_result_to_string(service->result));
|
||||||
|
+
|
||||||
|
if (n >= end) {
|
||||||
|
log_error("Test timeout when testing %s", UNIT(path)->id);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
#define check_states(...) _check_states(__LINE__, __VA_ARGS__)
|
||||||
|
|
||||||
|
@@ -124,18 +133,22 @@ static void test_path_exists(Manager *m) {
|
||||||
|
service = service_for_path(m, path, NULL);
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(touch(test_path) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* Service restarts if file still exists */
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
}
|
||||||
|
@@ -154,18 +167,22 @@ static void test_path_existsglob(Manager *m) {
|
||||||
|
service = service_for_path(m, path, NULL);
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(touch(test_path) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* Service restarts if file still exists */
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
}
|
||||||
|
@@ -185,23 +202,28 @@ static void test_path_changed(Manager *m) {
|
||||||
|
service = service_for_path(m, path, NULL);
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(touch(test_path) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* Service does not restart if file still exists */
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
f = fopen(test_path, "w");
|
||||||
|
assert_se(f);
|
||||||
|
fclose(f);
|
||||||
|
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
(void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
@@ -222,23 +244,28 @@ static void test_path_modified(Manager *m) {
|
||||||
|
service = service_for_path(m, path, NULL);
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(touch(test_path) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* Service does not restart if file still exists */
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
f = fopen(test_path, "w");
|
||||||
|
assert_se(f);
|
||||||
|
fputs("test", f);
|
||||||
|
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
(void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
@@ -258,14 +285,17 @@ static void test_path_unit(Manager *m) {
|
||||||
|
service = service_for_path(m, path, "path-mycustomunit.service");
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(touch(test_path) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
}
|
||||||
|
@@ -286,22 +316,26 @@ static void test_path_directorynotempty(Manager *m) {
|
||||||
|
assert_se(access(test_path, F_OK) < 0);
|
||||||
|
|
||||||
|
assert_se(unit_start(unit) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* MakeDirectory default to no */
|
||||||
|
assert_se(access(test_path, F_OK) < 0);
|
||||||
|
|
||||||
|
assert_se(mkdir_p(test_path, 0755) >= 0);
|
||||||
|
assert_se(touch(strjoina(test_path, "test_file")) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
/* Service restarts if directory is still not empty */
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
|
||||||
|
+ if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
|
||||||
|
assert_se(unit_stop(UNIT(service)) >= 0);
|
||||||
|
- check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
|
||||||
|
+ if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
assert_se(unit_stop(unit) >= 0);
|
||||||
|
}
|
94
0004-test-path-use-Type-exec.patch
Normal file
94
0004-test-path-use-Type-exec.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
From 1a83d7234e374e991235f4ef21c56998f93cb875 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 14 Sep 2020 08:58:54 +0200
|
||||||
|
Subject: [PATCH 4/4] test-path: use Type=exec
|
||||||
|
|
||||||
|
In general, Type=exec is superior to Type=simple. Let's not assume that
|
||||||
|
the service is started before it was really started.
|
||||||
|
---
|
||||||
|
test/test-path/path-changed.service | 2 +-
|
||||||
|
test/test-path/path-directorynotempty.service | 2 +-
|
||||||
|
test/test-path/path-exists.service | 2 +-
|
||||||
|
test/test-path/path-existsglob.service | 2 +-
|
||||||
|
test/test-path/path-makedirectory.service | 2 +-
|
||||||
|
test/test-path/path-modified.service | 2 +-
|
||||||
|
test/test-path/path-mycustomunit.service | 2 +-
|
||||||
|
7 files changed, 7 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/test-path/path-changed.service b/test/test-path/path-changed.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-changed.service
|
||||||
|
+++ b/test/test-path/path-changed.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-directorynotempty.service b/test/test-path/path-directorynotempty.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-directorynotempty.service
|
||||||
|
+++ b/test/test-path/path-directorynotempty.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-exists.service b/test/test-path/path-exists.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-exists.service
|
||||||
|
+++ b/test/test-path/path-exists.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-existsglob.service b/test/test-path/path-existsglob.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-existsglob.service
|
||||||
|
+++ b/test/test-path/path-existsglob.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-makedirectory.service b/test/test-path/path-makedirectory.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-makedirectory.service
|
||||||
|
+++ b/test/test-path/path-makedirectory.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-modified.service b/test/test-path/path-modified.service
|
||||||
|
index fb465d76bb..b75552df4f 100644
|
||||||
|
--- a/test/test-path/path-modified.service
|
||||||
|
+++ b/test/test-path/path-modified.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test for Path units
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
||||||
|
diff --git a/test/test-path/path-mycustomunit.service b/test/test-path/path-mycustomunit.service
|
||||||
|
index bcdafe4f30..8fbc40d13f 100644
|
||||||
|
--- a/test/test-path/path-mycustomunit.service
|
||||||
|
+++ b/test/test-path/path-mycustomunit.service
|
||||||
|
@@ -3,5 +3,5 @@ Description=Service Test Path Unit
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/true
|
||||||
|
-Type=simple
|
||||||
|
+Type=exec
|
||||||
|
RemainAfterExit=true
|
51
20-grubby.install
Executable file
51
20-grubby.install
Executable file
@ -0,0 +1,51 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [[ ! -x /sbin/new-kernel-pkg ]]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
COMMAND="$1"
|
||||||
|
KERNEL_VERSION="$2"
|
||||||
|
BOOT_DIR_ABS="$3"
|
||||||
|
KERNEL_IMAGE="$4"
|
||||||
|
|
||||||
|
KERNEL_DIR="${KERNEL_IMAGE%/*}"
|
||||||
|
[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
|
||||||
|
case "$COMMAND" in
|
||||||
|
add)
|
||||||
|
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
|
||||||
|
for i in \
|
||||||
|
"$KERNEL_IMAGE" \
|
||||||
|
"$KERNEL_DIR"/System.map \
|
||||||
|
"$KERNEL_DIR"/config \
|
||||||
|
"$KERNEL_DIR"/zImage.stub \
|
||||||
|
"$KERNEL_DIR"/dtb \
|
||||||
|
; do
|
||||||
|
[[ -e "$i" ]] || continue
|
||||||
|
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
|
||||||
|
command -v restorecon &>/dev/null && \
|
||||||
|
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
|
||||||
|
done
|
||||||
|
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
|
||||||
|
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
|
||||||
|
if [[ -e "$i" ]]; then
|
||||||
|
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
|
||||||
|
command -v restorecon &>/dev/null && \
|
||||||
|
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
/sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
|
||||||
|
/sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
|
||||||
|
/sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
|
||||||
|
;;
|
||||||
|
remove)
|
||||||
|
/sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# skip other installation plugins, if we can't find a boot loader spec conforming setup
|
||||||
|
if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
|
||||||
|
exit 77
|
||||||
|
fi
|
42
20-yama-ptrace.conf
Normal file
42
20-yama-ptrace.conf
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
# The ptrace system call is used for interprocess services,
|
||||||
|
# communication and introspection (like synchronisation, signaling,
|
||||||
|
# debugging, tracing and profiling) of processes.
|
||||||
|
#
|
||||||
|
# Usage of ptrace is restricted by normal user permissions. Normal
|
||||||
|
# unprivileged processes cannot use ptrace on processes that they
|
||||||
|
# cannot send signals to or processes that are running set-uid or
|
||||||
|
# set-gid. Nevertheless, processes running under the same uid will
|
||||||
|
# usually be able to ptrace one another.
|
||||||
|
#
|
||||||
|
# Fedora enables the Yama security mechanism which restricts ptrace
|
||||||
|
# even further. Sysctl setting kernel.yama.ptrace_scope can have one
|
||||||
|
# of the following values:
|
||||||
|
#
|
||||||
|
# 0 - Normal ptrace security permissions.
|
||||||
|
# 1 - Restricted ptrace. Only child processes plus normal permissions.
|
||||||
|
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
|
||||||
|
# 3 - No attach. No process may call ptrace at all. Irrevocable.
|
||||||
|
#
|
||||||
|
# For more information see Documentation/security/Yama.txt in the
|
||||||
|
# kernel sources.
|
||||||
|
#
|
||||||
|
# The default is 1., which allows tracing of child processes, but
|
||||||
|
# forbids tracing of arbitrary processes. This allows programs like
|
||||||
|
# gdb or strace to work when the most common way of having the
|
||||||
|
# debugger start the debuggee is used:
|
||||||
|
# gdb /path/to/program ...
|
||||||
|
# Attaching to already running programs is NOT allowed:
|
||||||
|
# gdb -p ...
|
||||||
|
# This default setting is suitable for the common case, because it
|
||||||
|
# reduces the risk that one hacked process can be used to attack other
|
||||||
|
# processes. (For example, a hacked firefox process in a user session
|
||||||
|
# will not be able to ptrace the keyring process and extract passwords
|
||||||
|
# stored only in memory.)
|
||||||
|
#
|
||||||
|
# Developers and administrators might want to disable those protections
|
||||||
|
# to be able to attach debuggers to existing processes. Use
|
||||||
|
# sysctl kernel.yama.ptrace_scope=0
|
||||||
|
# for change the setting temporarily, or copy this file to
|
||||||
|
# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
|
||||||
|
|
||||||
|
kernel.yama.ptrace_scope = 0
|
129
f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
Normal file
129
f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 14 Sep 2020 17:58:03 +0200
|
||||||
|
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
|
||||||
|
|
||||||
|
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
|
||||||
|
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
|
||||||
|
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
|
||||||
|
|
||||||
|
(gdb) !uname -r
|
||||||
|
5.6.19-200.fc31.ppc64le
|
||||||
|
|
||||||
|
(gdb) !cat /proc/self/mountinfo
|
||||||
|
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
|
||||||
|
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
|
||||||
|
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
|
||||||
|
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
|
||||||
|
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
|
||||||
|
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
|
||||||
|
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
|
||||||
|
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
|
||||||
|
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
|
||||||
|
The test process does
|
||||||
|
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
|
||||||
|
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
|
||||||
|
read(open("/proc/self/fdinfo/4", ...)) which gives
|
||||||
|
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
|
||||||
|
|
||||||
|
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
|
||||||
|
|
||||||
|
We could either drop the fallback path (and fail name_to_handle_at() is not
|
||||||
|
avaliable) or ignore the error in the test. Not sure what is better. I think
|
||||||
|
this issue only occurs sometimes and with older kernels, so probably continuing
|
||||||
|
with the current flaky implementation is better than ripping out the fallback.
|
||||||
|
|
||||||
|
Another strace:
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
|
||||||
|
) = 28
|
||||||
|
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
|
||||||
|
) = 20
|
||||||
|
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
|
||||||
|
) = 30
|
||||||
|
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
|
||||||
|
) = 23
|
||||||
|
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
|
||||||
|
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
|
||||||
|
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
|
||||||
|
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||||
|
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||||
|
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
|
||||||
|
read(5</proc/20/fdinfo/4>, "", 1024) = 0
|
||||||
|
close(5</proc/20/fdinfo/4>) = 0
|
||||||
|
close(4</proc/filesystems>) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
|
||||||
|
) = 42
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
|
||||||
|
) = 39
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
|
||||||
|
) = 109
|
||||||
|
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
|
||||||
|
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
|
||||||
|
getpid() = 20
|
||||||
|
gettid() = 20
|
||||||
|
tgkill(20, 20, SIGABRT) = 0
|
||||||
|
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
|
||||||
|
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
|
||||||
|
+++ killed by SIGABRT (core dumped) +++
|
||||||
|
---
|
||||||
|
src/test/test-mountpoint-util.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||||
|
index 30b00ae4d8b..ffe5144b04a 100644
|
||||||
|
--- a/src/test/test-mountpoint-util.c
|
||||||
|
+++ b/src/test/test-mountpoint-util.c
|
||||||
|
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
|
||||||
|
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
|
||||||
|
* that's really the case */
|
||||||
|
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
|
||||||
|
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
|
||||||
|
- assert_se(path_equal(p, t));
|
||||||
|
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
|
||||||
|
+
|
||||||
|
+ if (!path_equal(p, t))
|
||||||
|
+ /* Apparent kernel bug in /proc/self/fdinfo */
|
||||||
|
+ log_warning("Bad mount id given for %s: %d, should be %d",
|
||||||
|
+ p, mnt_id2, mnt_id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
16
inittab
Normal file
16
inittab
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# inittab is no longer used.
|
||||||
|
#
|
||||||
|
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
|
||||||
|
#
|
||||||
|
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
|
||||||
|
#
|
||||||
|
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
|
||||||
|
#
|
||||||
|
# multi-user.target: analogous to runlevel 3
|
||||||
|
# graphical.target: analogous to runlevel 5
|
||||||
|
#
|
||||||
|
# To view current default target, run:
|
||||||
|
# systemctl get-default
|
||||||
|
#
|
||||||
|
# To set a default target, run:
|
||||||
|
# systemctl set-default TARGET.target
|
3
libsystemd-shared.abignore
Normal file
3
libsystemd-shared.abignore
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[suppress_file]
|
||||||
|
# This shared object is private to systemd
|
||||||
|
file_name_regexp=libsystemd-shared-.*.so
|
10
macros.sysusers
Normal file
10
macros.sysusers
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# RPM macros for packages creating system accounts
|
||||||
|
#
|
||||||
|
# Turn a sysusers.d file into macros specified by
|
||||||
|
# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
|
||||||
|
|
||||||
|
%sysusers_requires_compat Requires(pre): shadow-utils
|
||||||
|
|
||||||
|
%sysusers_create_compat() \
|
||||||
|
%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
|
||||||
|
%{nil}
|
101
purge-nobody-user
Executable file
101
purge-nobody-user
Executable file
@ -0,0 +1,101 @@
|
|||||||
|
#!/bin/bash -eu
|
||||||
|
|
||||||
|
if [ $UID -ne 0 ]; then
|
||||||
|
echo "WARNING: This script needs to run as root to be effective"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
|
||||||
|
|
||||||
|
if [ "${1:-}" = "--ignore-journal" ]; then
|
||||||
|
shift
|
||||||
|
ignore_journal=1
|
||||||
|
else
|
||||||
|
ignore_journal=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Checking processes..."
|
||||||
|
if ps h -u 99 | grep .; then
|
||||||
|
echo "ERROR: ps reports processes with UID 99!"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
echo "... not found"
|
||||||
|
|
||||||
|
echo "Checking UTMP..."
|
||||||
|
if w -h 199 | grep . ; then
|
||||||
|
echo "ERROR: w reports UID 99 as active!"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
if w -h nobody | grep . ; then
|
||||||
|
echo "ERROR: w reports user nobody as active!"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
echo "... not found"
|
||||||
|
|
||||||
|
echo "Checking the journal..."
|
||||||
|
if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
|
||||||
|
echo "ERROR: journalctl reports messages from UID 99 in current boot!"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
echo "... not found"
|
||||||
|
|
||||||
|
echo "Looking for files in /etc, /run, /tmp, and /var..."
|
||||||
|
if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
|
||||||
|
echo "ERROR: found files belonging to UID 99"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
echo "... not found"
|
||||||
|
|
||||||
|
echo "Checking if nobody is defined correctly..."
|
||||||
|
if getent passwd nobody |
|
||||||
|
grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
|
||||||
|
then
|
||||||
|
echo "OK, nothing to do."
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "NOTICE: User nobody is not defined correctly"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Checking if nfsnobody or something else is using the uid..."
|
||||||
|
if getent passwd 65534 | grep . ; then
|
||||||
|
echo "NOTICE: will have to remove this user"
|
||||||
|
else
|
||||||
|
echo "... not found"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${1:-}" = "-x" ]; then
|
||||||
|
if getent passwd nobody >/dev/null; then
|
||||||
|
# this will remove both the user and the group.
|
||||||
|
( set -x
|
||||||
|
userdel nobody
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if getent passwd 65534 >/dev/null; then
|
||||||
|
# Make sure the uid is unused. This should free gid too.
|
||||||
|
name="$(getent passwd 65534 | cut -d: -f1)"
|
||||||
|
( set -x
|
||||||
|
userdel "$name"
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
|
||||||
|
echo "Sleeping, so sss can catch up"
|
||||||
|
sleep 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
if getent group 65534; then
|
||||||
|
# Make sure the gid is unused, even if uid wasn't.
|
||||||
|
name="$(getent group 65534 | cut -d: -f1)"
|
||||||
|
( set -x
|
||||||
|
groupdel "$name"
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# systemd-sysusers uses the same gid and uid
|
||||||
|
( set -x
|
||||||
|
systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
|
||||||
|
)
|
||||||
|
else
|
||||||
|
echo "Pass '-x' to perform changes"
|
||||||
|
fi
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (systemd-246.6.tar.gz) = 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9
|
145
split-files.py
Normal file
145
split-files.py
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
import re, sys, os, collections
|
||||||
|
|
||||||
|
buildroot = sys.argv[1]
|
||||||
|
known_files = sys.stdin.read().splitlines()
|
||||||
|
known_files = {line.split()[-1]:line for line in known_files}
|
||||||
|
|
||||||
|
def files(root):
|
||||||
|
os.chdir(root)
|
||||||
|
todo = collections.deque(['.'])
|
||||||
|
while todo:
|
||||||
|
n = todo.pop()
|
||||||
|
files = os.scandir(n)
|
||||||
|
for file in files:
|
||||||
|
yield file
|
||||||
|
if file.is_dir() and not file.is_symlink():
|
||||||
|
todo.append(file)
|
||||||
|
|
||||||
|
o_libs = open('.file-list-libs', 'w')
|
||||||
|
o_udev = open('.file-list-udev', 'w')
|
||||||
|
o_pam = open('.file-list-pam', 'w')
|
||||||
|
o_rpm_macros = open('.file-list-rpm-macros', 'w')
|
||||||
|
o_devel = open('.file-list-devel', 'w')
|
||||||
|
o_container = open('.file-list-container', 'w')
|
||||||
|
o_networkd = open('.file-list-networkd', 'w')
|
||||||
|
o_remote = open('.file-list-remote', 'w')
|
||||||
|
o_tests = open('.file-list-tests', 'w')
|
||||||
|
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
|
||||||
|
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
|
||||||
|
o_rest = open('.file-list-rest', 'w')
|
||||||
|
for file in files(buildroot):
|
||||||
|
n = file.path[1:]
|
||||||
|
if re.match(r'''/usr/(share|include)$|
|
||||||
|
/usr/share/man(/man.|)$|
|
||||||
|
/usr/share/zsh(/site-functions|)$|
|
||||||
|
/usr/share/dbus-1$|
|
||||||
|
/usr/share/dbus-1/system.d$|
|
||||||
|
/usr/share/dbus-1/(system-|)services$|
|
||||||
|
/usr/share/polkit-1(/actions|/rules.d|)$|
|
||||||
|
/usr/share/pkgconfig$|
|
||||||
|
/usr/share/bash-completion(/completions|)$|
|
||||||
|
/usr(/lib|/lib64|/bin|/sbin|)$|
|
||||||
|
/usr/lib.*/(security|pkgconfig)$|
|
||||||
|
/usr/lib/rpm(/macros.d|)$|
|
||||||
|
/usr/lib/firewalld(/services|)$|
|
||||||
|
/usr/share/(locale|licenses|doc)| # no $
|
||||||
|
/etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
|
||||||
|
/etc/(dnf|dnf/protected.d)$|
|
||||||
|
/usr/(src|lib/debug)| # no $
|
||||||
|
/run$|
|
||||||
|
/var(/cache|/log|/lib|/run|)$
|
||||||
|
''', n, re.X):
|
||||||
|
continue
|
||||||
|
if '/security/pam_' in n or '/man8/pam_' in n:
|
||||||
|
o = o_pam
|
||||||
|
elif '/rpm/' in n:
|
||||||
|
o = o_rpm_macros
|
||||||
|
elif '/usr/lib/systemd/tests' in n:
|
||||||
|
o = o_tests
|
||||||
|
elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
|
||||||
|
o = o_devel
|
||||||
|
elif re.search(r'''journal-(remote|gateway|upload)|
|
||||||
|
systemd-remote\.conf|
|
||||||
|
/usr/share/systemd/gatewayd|
|
||||||
|
/var/log/journal/remote
|
||||||
|
''', n, re.X):
|
||||||
|
o = o_remote
|
||||||
|
elif re.search(r'''mymachines|
|
||||||
|
machinectl|
|
||||||
|
systemd-nspawn|
|
||||||
|
import-pubring.gpg|
|
||||||
|
systemd-(machined|import|pull)|
|
||||||
|
/machine.slice|
|
||||||
|
/machines.target|
|
||||||
|
var-lib-machines.mount|
|
||||||
|
network/80-container|
|
||||||
|
network/80-vm|
|
||||||
|
org.freedesktop.(import|machine)1
|
||||||
|
''', n, re.X):
|
||||||
|
o = o_container
|
||||||
|
elif re.search(r'''/usr/lib/systemd/network/..-wifi|
|
||||||
|
networkd|
|
||||||
|
networkctl|
|
||||||
|
org.freedesktop.network1
|
||||||
|
''', n, re.X):
|
||||||
|
o = o_networkd
|
||||||
|
elif '.so.' in n:
|
||||||
|
o = o_libs
|
||||||
|
elif re.search(r'''udev(?!\.pc)|
|
||||||
|
hwdb|
|
||||||
|
bootctl|
|
||||||
|
sd-boot|systemd-boot\.|loader.conf|
|
||||||
|
bless-boot|
|
||||||
|
boot-system-token|
|
||||||
|
kernel-install|
|
||||||
|
vconsole|
|
||||||
|
backlight|
|
||||||
|
rfkill|
|
||||||
|
random-seed|
|
||||||
|
modules-load|
|
||||||
|
timesync|
|
||||||
|
cryptsetup|
|
||||||
|
kmod|
|
||||||
|
quota|
|
||||||
|
pstore|
|
||||||
|
sleep|suspend|hibernate|
|
||||||
|
systemd-tmpfiles-setup-dev|
|
||||||
|
network/99-default.link|
|
||||||
|
growfs|makefs|makeswap|mkswap|
|
||||||
|
fsck|
|
||||||
|
repart|
|
||||||
|
gpt-auto|
|
||||||
|
volatile-root|
|
||||||
|
verity-setup|
|
||||||
|
remount-fs|
|
||||||
|
/boot$|
|
||||||
|
/boot/efi|
|
||||||
|
/kernel/|
|
||||||
|
/kernel$|
|
||||||
|
/modprobe.d
|
||||||
|
''', n, re.X):
|
||||||
|
o = o_udev
|
||||||
|
elif n.endswith('.standalone'):
|
||||||
|
if 'tmpfiles' in n:
|
||||||
|
o = o_standalone_tmpfiles
|
||||||
|
elif 'sysusers' in n:
|
||||||
|
o = o_standalone_sysusers
|
||||||
|
else:
|
||||||
|
assert False, 'Found .standalone not belonging to known packages'
|
||||||
|
else:
|
||||||
|
o = o_rest
|
||||||
|
|
||||||
|
if n in known_files:
|
||||||
|
prefix = ' '.join(known_files[n].split()[:-1])
|
||||||
|
if prefix:
|
||||||
|
prefix += ' '
|
||||||
|
elif file.is_dir() and not file.is_symlink():
|
||||||
|
prefix = '%dir '
|
||||||
|
elif n.startswith('/etc'):
|
||||||
|
prefix = '%config(noreplace) '
|
||||||
|
else:
|
||||||
|
prefix = ''
|
||||||
|
|
||||||
|
suffix = '*' if '/man/' in n else ''
|
||||||
|
|
||||||
|
print(f'{prefix}{n}{suffix}', file=o)
|
10
sysctl.conf.README
Normal file
10
sysctl.conf.README
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# sysctl settings are defined through files in
|
||||||
|
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
|
||||||
|
#
|
||||||
|
# Vendors settings live in /usr/lib/sysctl.d/.
|
||||||
|
# To override a whole file, create a new file with the same in
|
||||||
|
# /etc/sysctl.d/ and put new settings there. To override
|
||||||
|
# only specific settings, add a file with a lexically later
|
||||||
|
# name in /etc/sysctl.d/ and put new settings there.
|
||||||
|
#
|
||||||
|
# For more information, see sysctl.conf(5) and sysctl.d(5).
|
6
systemd-journal-gatewayd.xml
Normal file
6
systemd-journal-gatewayd.xml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<service>
|
||||||
|
<short>systemd-journal-gatewayd</short>
|
||||||
|
<description>Journal Gateway Service</description>
|
||||||
|
<port protocol="tcp" port="19531"/>
|
||||||
|
</service>
|
6
systemd-journal-remote.xml
Normal file
6
systemd-journal-remote.xml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<service>
|
||||||
|
<short>systemd-journal-remote</short>
|
||||||
|
<description>Journal Remote Sink</description>
|
||||||
|
<port protocol="tcp" port="19532"/>
|
||||||
|
</service>
|
3
systemd-udev-trigger-no-reload.conf
Normal file
3
systemd-udev-trigger-no-reload.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[Unit]
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
|
||||||
|
RefuseManualStop=true
|
10
systemd-user
Normal file
10
systemd-user
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# This file is part of systemd.
|
||||||
|
#
|
||||||
|
# Used by systemd --user instances.
|
||||||
|
|
||||||
|
account include system-auth
|
||||||
|
|
||||||
|
session required pam_selinux.so close
|
||||||
|
session required pam_selinux.so nottys open
|
||||||
|
session required pam_loginuid.so
|
||||||
|
session include system-auth
|
50
systemd.rpmlintrc
Normal file
50
systemd.rpmlintrc
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Just kill all warnings about README being wrong in every possible way
|
||||||
|
addFilter(r'README')
|
||||||
|
|
||||||
|
addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
|
||||||
|
|
||||||
|
addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
|
||||||
|
|
||||||
|
addFilter(r'non-readable /etc/crypttab')
|
||||||
|
|
||||||
|
addFilter(r'non-conffile-in-etc /etc/inittab')
|
||||||
|
|
||||||
|
addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
|
||||||
|
|
||||||
|
addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
|
||||||
|
|
||||||
|
addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
|
||||||
|
|
||||||
|
addFilter(r'non-standard-dir-perm /var/cache/private 700')
|
||||||
|
|
||||||
|
addFilter(r'non-root-group-log-file /var/log/btmp utmp')
|
||||||
|
|
||||||
|
addFilter(r'non-standard-dir-perm /var/log/private 700')
|
||||||
|
|
||||||
|
addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
|
||||||
|
|
||||||
|
addFilter(r'dangerous-command-in-')
|
||||||
|
|
||||||
|
addFilter(r'summary-not-capitalized C systemd')
|
||||||
|
|
||||||
|
addFilter(r'obsolete-not-provided')
|
||||||
|
|
||||||
|
addFilter(r'postin-without-ldconfig')
|
||||||
|
|
||||||
|
addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
|
||||||
|
|
||||||
|
addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
|
||||||
|
|
||||||
|
addFilter(r'systemd-tests\..*: W: no-documentation')
|
||||||
|
|
||||||
|
addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
|
||||||
|
|
||||||
|
addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
|
||||||
|
|
||||||
|
# everybody does it this way: systemd, syslog-ng, rsyslog
|
||||||
|
addFilter(r'unversioned-explicit-provides syslog')
|
||||||
|
|
||||||
|
# systemd-machine-id-setup requires libssl
|
||||||
|
addFilter(r'explicit-lib-dependency openssl-libs')
|
||||||
|
|
||||||
|
addFilter(r'systemd.src:.*strange-permission')
|
2927
systemd.spec
Normal file
2927
systemd.spec
Normal file
File diff suppressed because it is too large
Load Diff
2
sysusers.attr
Normal file
2
sysusers.attr
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
|
||||||
|
%__sysusers_path ^%{_sysusersdir}/.*\\.conf$
|
79
sysusers.generate-pre.sh
Executable file
79
sysusers.generate-pre.sh
Executable file
@ -0,0 +1,79 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script turns sysuser.d files into scriptlets mandated by Fedora
|
||||||
|
# packaging guidelines. The general idea is to define users using the
|
||||||
|
# declarative syntax but to turn this into traditional scriptlets.
|
||||||
|
|
||||||
|
user() {
|
||||||
|
user="$1"
|
||||||
|
uid="$2"
|
||||||
|
desc="$3"
|
||||||
|
group="$4"
|
||||||
|
home="$5"
|
||||||
|
shell="$6"
|
||||||
|
|
||||||
|
[ "$desc" = '-' ] && desc=
|
||||||
|
[ "$home" = '-' -o "$home" = '' ] && home=/
|
||||||
|
[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
|
||||||
|
|
||||||
|
if [ "$uid" = '-' -o "$uid" = '' ]; then
|
||||||
|
cat <<EOF
|
||||||
|
getent passwd '$user' >/dev/null || \\
|
||||||
|
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
cat <<EOF
|
||||||
|
if ! getent passwd '$user' >/dev/null ; then
|
||||||
|
if ! getent passwd '$uid' >/dev/null ; then
|
||||||
|
useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
|
||||||
|
else
|
||||||
|
useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
group() {
|
||||||
|
group="$1"
|
||||||
|
gid="$2"
|
||||||
|
if [ "$gid" = '-' ]; then
|
||||||
|
cat <<EOF
|
||||||
|
getent group '$group' >/dev/null || groupadd -r '$group'
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
cat <<EOF
|
||||||
|
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
parse() {
|
||||||
|
while read line || [ "$line" ]; do
|
||||||
|
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
|
||||||
|
line="${line## *}"
|
||||||
|
[ -z "$line" ] && continue
|
||||||
|
eval arr=( $line )
|
||||||
|
case "${arr[0]}" in
|
||||||
|
('u')
|
||||||
|
group "${arr[1]}" "${arr[2]}"
|
||||||
|
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
||||||
|
# TODO: user:group support
|
||||||
|
;;
|
||||||
|
('g')
|
||||||
|
group "${arr[1]}" "${arr[2]}"
|
||||||
|
;;
|
||||||
|
('m')
|
||||||
|
group "${arr[2]}" "-"
|
||||||
|
user "${arr[1]}" "-" "" "${arr[2]}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
for fn in "$@"; do
|
||||||
|
[ -e "$fn" ] || continue
|
||||||
|
echo "# generated from $(basename $fn)"
|
||||||
|
parse < "$fn"
|
||||||
|
done
|
28
sysusers.prov
Executable file
28
sysusers.prov
Executable file
@ -0,0 +1,28 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
parse() {
|
||||||
|
while read line; do
|
||||||
|
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
|
||||||
|
line="${line## *}"
|
||||||
|
[ -z "$line" ] && continue
|
||||||
|
set -- $line
|
||||||
|
case "$1" in
|
||||||
|
('u')
|
||||||
|
echo "user($2)"
|
||||||
|
echo "group($2)"
|
||||||
|
# TODO: user:group support
|
||||||
|
;;
|
||||||
|
('g')
|
||||||
|
echo "group($2)"
|
||||||
|
;;
|
||||||
|
('m')
|
||||||
|
echo "user($2)"
|
||||||
|
echo "group($3)"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
while read fn; do
|
||||||
|
parse < "$fn"
|
||||||
|
done
|
50
tests/tests-reboot.yml
Normal file
50
tests/tests-reboot.yml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
vars:
|
||||||
|
- artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tasks:
|
||||||
|
# switch SELinux to permissive mode
|
||||||
|
- name: Get default kernel
|
||||||
|
command: "grubby --default-kernel"
|
||||||
|
register: default_kernel
|
||||||
|
- debug: msg="{{ default_kernel.stdout }}"
|
||||||
|
- name: Set permissive mode
|
||||||
|
command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
|
||||||
|
|
||||||
|
- name: reboot
|
||||||
|
block:
|
||||||
|
- name: restart host
|
||||||
|
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
||||||
|
async: 1
|
||||||
|
poll: 0
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: wait for host to come back
|
||||||
|
wait_for_connection:
|
||||||
|
delay: 10
|
||||||
|
timeout: 300
|
||||||
|
|
||||||
|
- name: Re-create /tmp/artifacts
|
||||||
|
command: mkdir /tmp/artifacts
|
||||||
|
|
||||||
|
- name: Gather SELinux denials since boot
|
||||||
|
shell: |
|
||||||
|
result=pass
|
||||||
|
dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
|
||||||
|
ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
|
||||||
|
grep -q '<no matches>' /tmp/avc.log || result=fail
|
||||||
|
echo -e "\nresults:\n- test: reboot and collect AVC\n result: $result\n logs:\n - avc.log\n\n" > /tmp/results.yml
|
||||||
|
( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
|
||||||
|
|
||||||
|
always:
|
||||||
|
- name: Pull out the artifacts
|
||||||
|
fetch:
|
||||||
|
dest: "{{ artifacts }}/"
|
||||||
|
src: "{{ item }}"
|
||||||
|
flat: yes
|
||||||
|
with_items:
|
||||||
|
- /tmp/test.log
|
||||||
|
- /tmp/avc.log
|
||||||
|
- /tmp/results.yml
|
111
triggers.systemd
Normal file
111
triggers.systemd
Normal file
@ -0,0 +1,111 @@
|
|||||||
|
# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
|
||||||
|
# SPDX-License-Identifier: LGPL-2.1+
|
||||||
|
#
|
||||||
|
# This file is part of systemd.
|
||||||
|
#
|
||||||
|
# Copyright 2015 Zbigniew Jędrzejewski-Szmek
|
||||||
|
# Copyright 2018 Neal Gompa
|
||||||
|
#
|
||||||
|
# systemd is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU Lesser General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# systemd is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
# Lesser General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Lesser General Public License
|
||||||
|
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# The contents of this are an example to be copied into systemd.spec.
|
||||||
|
#
|
||||||
|
# Minimum rpm version supported: 4.13.0
|
||||||
|
|
||||||
|
%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
|
||||||
|
# This script will run after any package is initially installed or
|
||||||
|
# upgraded. We care about the case where a package is initially
|
||||||
|
# installed, because other cases are covered by the *un scriptlets,
|
||||||
|
# so sometimes we will reload needlessly.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
%{_bindir}/systemctl daemon-reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
|
||||||
|
# On removal, we need to run daemon-reload after any units have been
|
||||||
|
# removed. %transfiletriggerpostun would be ideal, but it does not get
|
||||||
|
# executed for some reason.
|
||||||
|
# On upgrade, we need to run daemon-reload after any new unit files
|
||||||
|
# have been installed, but before %postun scripts in packages get
|
||||||
|
# executed. %transfiletriggerun gets the right list of files
|
||||||
|
# but it is invoked too early (before changes happen).
|
||||||
|
# %filetriggerpostun happens at the right time, but it fires for
|
||||||
|
# every package.
|
||||||
|
# To execute the reload at the right time, we create a state
|
||||||
|
# file in %transfiletriggerun and execute the daemon-reload in
|
||||||
|
# the first %filetriggerpostun.
|
||||||
|
|
||||||
|
if test -d "/run/systemd/system"; then
|
||||||
|
mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
|
||||||
|
touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
|
||||||
|
fi
|
||||||
|
|
||||||
|
%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
|
||||||
|
if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
|
||||||
|
rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
|
||||||
|
%{_bindir}/systemctl daemon-reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
|
||||||
|
# This script will process files installed in /usr/lib/sysusers.d to create
|
||||||
|
# specified users automatically. The priority is set such that it
|
||||||
|
# will run before the tmpfiles file trigger.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
%{_bindir}/systemd-sysusers || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
|
||||||
|
# This script will process files installed in /usr/lib/tmpfiles.d to create
|
||||||
|
# tmpfiles automatically. The priority is set such that it will run
|
||||||
|
# after the sysusers file trigger, but before any other triggers.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
%{_bindir}/systemd-tmpfiles --create || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
|
||||||
|
# This script will automatically invoke hwdb update if files have been
|
||||||
|
# installed or updated in /usr/lib/udev/hwdb.d.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
%{_bindir}/systemd-hwdb update || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin -- /usr/lib/systemd/catalog
|
||||||
|
# This script will automatically invoke journal catalog update if files
|
||||||
|
# have been installed or updated in /usr/lib/systemd/catalog.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
%{_bindir}/journalctl --update-catalog || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin udev -- /usr/lib/udev/rules.d
|
||||||
|
# This script will automatically update udev with new rules if files
|
||||||
|
# have been installed or updated in /usr/lib/udev/rules.d.
|
||||||
|
if test -e /run/udev/control; then
|
||||||
|
%{_bindir}/udevadm control --reload || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin -- /usr/lib/sysctl.d
|
||||||
|
# This script will automatically apply sysctl rules if files have been
|
||||||
|
# installed or updated in /usr/lib/sysctl.d.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
/usr/lib/systemd/systemd-sysctl || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%transfiletriggerin -- /usr/lib/binfmt.d
|
||||||
|
# This script will automatically apply binfmt rules if files have been
|
||||||
|
# installed or updated in /usr/lib/binfmt.d.
|
||||||
|
if test -d /run/systemd/system; then
|
||||||
|
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
|
||||||
|
# during install
|
||||||
|
/usr/lib/systemd/systemd-binfmt || :
|
||||||
|
fi
|
40
use-bfq-scheduler.patch
Normal file
40
use-bfq-scheduler.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Wed, 14 Aug 2019 15:57:42 +0200
|
||||||
|
Subject: [PATCH] udev: use bfq as the default scheduler
|
||||||
|
|
||||||
|
As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
|
||||||
|
Test results are that bfq seems to behave better and more consistently on
|
||||||
|
typical hardware. The kernel does not have a configuration option to set
|
||||||
|
the default scheduler, and it currently needs to be set by userspace.
|
||||||
|
|
||||||
|
See the bug for more discussion and links.
|
||||||
|
---
|
||||||
|
rules.d/60-block-scheduler.rules | 5 +++++
|
||||||
|
rules.d/meson.build | 1 +
|
||||||
|
2 files changed, 6 insertions(+)
|
||||||
|
create mode 100644 rules.d/60-block-scheduler.rules
|
||||||
|
|
||||||
|
diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..480b941761
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/rules.d/60-block-scheduler.rules
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+# do not edit this file, it will be overwritten on update
|
||||||
|
+
|
||||||
|
+ACTION=="add", SUBSYSTEM=="block", \
|
||||||
|
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
|
||||||
|
+ ATTR{queue/scheduler}="bfq"
|
||||||
|
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||||
|
index ca4445d774..38d6aa6970 100644
|
||||||
|
--- a/rules.d/meson.build
|
||||||
|
+++ b/rules.d/meson.build
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
rules = files('''
|
||||||
|
60-autosuspend.rules
|
||||||
|
60-block.rules
|
||||||
|
+ 60-block-scheduler.rules
|
||||||
|
60-cdrom_id.rules
|
||||||
|
60-drm.rules
|
||||||
|
60-evdev.rules
|
2
yum-protect-systemd.conf
Normal file
2
yum-protect-systemd.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
systemd
|
||||||
|
systemd-udev
|
Loading…
Reference in New Issue
Block a user