rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-48.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-06-26 04:20:18 +00:00 committed by Andrew Lukoshko
parent 01cfa6ca88
commit 85aa03a764
36 changed files with 2293 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
View File

@ -1,4 +1,4 @@
From 43c0bcb8b24edb83bc265cdde264e6d2a36d1cea Mon Sep 17 00:00:00 2001
From 1afb38f39a9b4508533cc1c7262e5fff418cb317 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:49:08 +0200
Subject: [PATCH] Revert "udev: run link_update() with increased retry count in
@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: run link_update() with increased retry count in
This reverts commit 1f3165bda13c8572c8c31d23c998835c4e2ad8f3.
Related: #1963980
Related: #1942299
---
src/udev/udev-event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

4
SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
View File

@ -1,4 +1,4 @@
From 612773fa8b6333dcdac382849e81fa5a473dd1f9 Mon Sep 17 00:00:00 2001
From 897b4d1e19c706d9198b9308125df57a5d469a6b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:50:31 +0200
Subject: [PATCH] Revert "udev: make algorithm that selects highest priority
@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: make algorithm that selects highest priority
This reverts commit 1d5f966c1758eb620755fcae54abd07a1ac36d3d.
Related: #1963980
Related: #1942299
---
src/udev/udev-event.c | 71 +++++-------
src/udev/udev-node.c | 244 ++++++++++++------------------------------

4
SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
View File

@ -1,4 +1,4 @@
From bc21daeb780911d586de7ff0004ed2bc515b8826 Mon Sep 17 00:00:00 2001
From 94ad224240140a7287f9e2be5905b9c506350193 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:54:10 +0200
Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices
@ -7,7 +7,7 @@ Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices
udev test fail. Once we reintroduce the fix for link_update()
we will revert this commit.]
Related: #1963980
Related: #1942299
---
test/udev-test.pl | 179 ----------------------------------------------
1 file changed, 179 deletions(-)

41
SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch Normal file
View File

@ -0,0 +1,41 @@
From 4e589237979fdf90af38d466abd7fcd852356f02 Mon Sep 17 00:00:00 2001
From: Kai Krakow <kai@kaishome.de>
Date: Sat, 17 Aug 2019 02:33:43 +0200
Subject: [PATCH] cgroup: Also set io.bfq.weight
Current kernels with BFQ scheduler do not yet set their IO weight
through "io.weight" but through "io.bfq.weight" (using a slightly
different interface supporting only default weights, not per-device
weights). This commit enables "IOWeight=" to just to that.
This patch may be dropped at some time later.
Github-Link: https://github.com/systemd/systemd/issues/7057
Signed-off-by: Kai Krakow <kai@kaishome.de>
(cherry picked from commit 21221ce1ce9a572e82d46d80692afd65c224fc50)
Related: #1927290
---
src/core/cgroup.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 71e30fd4db..f02cc31c6e 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -984,6 +984,14 @@ static void cgroup_context_apply(
log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
"Failed to set io.weight: %m");
+ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight"
+ * See also: https://github.com/systemd/systemd/pull/13335 */
+ xsprintf(buf, "%" PRIu64 "\n", weight);
+ r = cg_set_attribute("io", path, "io.bfq.weight", buf);
+ if (r < 0)
+ log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
+ "Failed to set io.bfq.weight: %m");
+
if (has_io) {
CGroupIODeviceWeight *w;

82
SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch Normal file
View File

@ -0,0 +1,82 @@
From e706f5df66b7189a7df526aeeb45c86b8c4b057a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 2 Nov 2020 14:51:10 +0100
Subject: [PATCH] seccomp: allow turning off of seccomp filtering via env var
Fixes: #17504
(While we are it, also move $SYSTEMD_SECCOMP_LOG= env var description
into the right document section)
Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603
(cherry picked from commit ce8f6d478e3f6c6a313fb19615aa5029bb18f86d)
Resolves: #1916835
---
doc/ENVIRONMENT.md | 3 +++
src/nspawn/nspawn-seccomp.c | 2 +-
src/shared/seccomp-util.c | 19 +++++++++++++++----
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md
index 0e763b6302..36b649afe1 100644
--- a/doc/ENVIRONMENT.md
+++ b/doc/ENVIRONMENT.md
@@ -117,3 +117,6 @@ systemd-sulogin-shell:
* `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
root password is not available (such as when the root account is locked).
See `sulogin(8)` for more details.
+
+* `$SYSTEMD_SECCOMP=0` if set, seccomp filters will not be enforced, even if
+ support for it is compiled in and available in the kernel.
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index b56c5b04a8..fba22644da 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -172,7 +172,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
int r;
if (!is_seccomp_available()) {
- log_debug("SECCOMP features not detected in the kernel, disabling SECCOMP filterering");
+ log_debug("SECCOMP features not detected in the kernel or disabled at runtime, disabling SECCOMP filtering");
return 0;
}
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index d91fb4e269..e903512d45 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -12,6 +12,7 @@
#include "af-list.h"
#include "alloc-util.h"
+#include "env-util.h"
#include "macro.h"
#include "nsflags.h"
#include "process-util.h"
@@ -244,10 +245,20 @@ static bool is_seccomp_filter_available(void) {
bool is_seccomp_available(void) {
static int cached_enabled = -1;
- if (cached_enabled < 0)
- cached_enabled =
- is_basic_seccomp_available() &&
- is_seccomp_filter_available();
+ if (cached_enabled < 0) {
+ int b;
+
+ b = getenv_bool("SYSTEMD_SECCOMP");
+ if (b != 0) {
+ if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */
+ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring.");
+
+ cached_enabled =
+ is_basic_seccomp_available() &&
+ is_seccomp_filter_available();
+ } else
+ cached_enabled = false;
+ }
return cached_enabled;
}

36
SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch Normal file
View File

@ -0,0 +1,36 @@
From 7fb2d86b58201341a582b739a5445821bec66eea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 6 Nov 2019 12:44:39 +0100
Subject: [PATCH] meson: remove strange dep that causes meson to enter infinite
loop
The value is obviously bogus, but didn't seem to cause problems so far.
With meson-0.52.0, it causes a hang. The number of aliases is always rather
small (usually just one or two, possibly up to a dozen in a few cases), so
even if this causes some looping, it is strange that it has such a huge impact.
But let's just remove it.
Fixes #13742.
Tested with meson-0.52.0-1.module_f31+6771+f5d842eb.noarch,
meson-0.51.1-1.fc29.noarch.
(cherry picked from commit af336643a01d0b210b18312c253a50594ba54b0a)
Resolves: #1970860
---
man/meson.build | 1 -
1 file changed, 1 deletion(-)
diff --git a/man/meson.build b/man/meson.build
index ec05d73bc6..a953d34098 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -68,7 +68,6 @@ foreach tuple : xsltproc.found() ? manpages : []
foreach htmlalias : htmlaliases
link = custom_target(
htmlalias,
- input : p2,
output : htmlalias,
command : ['ln', '-fs', html, '@OUTPUT@'])
if want_html

182
SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch Normal file
View File

@ -0,0 +1,182 @@
From 8df650c7c5adc2bb24a0077d8332f5ee342e7fd8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 26 Feb 2021 10:25:24 +0100
Subject: [PATCH] copy: handle copy_file_range() weirdness on procfs/sysfs
This addresses the issue described in https://lwn.net/Articles/846403/
and makes sure we will be able to stream bytes from procfs/sysfs via
copy_bytes() if people ask us to.
Based on: ee1aa61c4710ae567a2b844e0f0bb8cb0456ab8c
Related: #1970860
---
src/basic/copy.c | 75 +++++++++++++++++++++++++++++---------------
src/test/test-copy.c | 17 ++++++++++
2 files changed, 66 insertions(+), 26 deletions(-)
diff --git a/src/basic/copy.c b/src/basic/copy.c
index e06a503a29..a48c42c5c6 100644
--- a/src/basic/copy.c
+++ b/src/basic/copy.c
@@ -92,7 +92,7 @@ int copy_bytes_full(
void **ret_remains,
size_t *ret_remains_size) {
- bool try_cfr = true, try_sendfile = true, try_splice = true;
+ bool try_cfr = true, try_sendfile = true, try_splice = true, copied_something = false;
int r, nonblock_pipe = -1;
size_t m = SSIZE_MAX; /* that is the maximum that sendfile and c_f_r accept */
@@ -185,9 +185,20 @@ int copy_bytes_full(
try_cfr = false;
/* use fallback below */
- } else if (n == 0) /* EOF */
- break;
- else
+ } else if (n == 0) { /* likely EOF */
+
+ if (copied_something)
+ break;
+
+ /* So, we hit EOF immediately, without having copied a single byte. This
+ * could indicate two things: the file is actually empty, or we are on some
+ * virtual file system such as procfs/sysfs where the syscall actually
+ * doesn't work but doesn't return an error. Try to handle that, by falling
+ * back to simple read()s in case we encounter empty files.
+ *
+ * See: https://lwn.net/Articles/846403/ */
+ try_cfr = try_sendfile = try_splice = false;
+ } else
/* Success! */
goto next;
}
@@ -201,9 +212,14 @@ int copy_bytes_full(
try_sendfile = false;
/* use fallback below */
- } else if (n == 0) /* EOF */
+ } else if (n == 0) { /* likely EOF */
+
+ if (copied_something)
+ break;
+
+ try_sendfile = try_splice = false; /* same logic as above for copy_file_range() */
break;
- else
+ } else
/* Success! */
goto next;
}
@@ -213,14 +229,14 @@ int copy_bytes_full(
/* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
* descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
- * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour here, and
- * check if either of the specified fds are a pipe, and if so, let's pass the flag
- * automatically, depending on O_NONBLOCK being set.
+ * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour
+ * here, and check if either of the specified fds are a pipe, and if so, let's pass
+ * the flag automatically, depending on O_NONBLOCK being set.
*
- * Here's a twist though: when we use it to move data between two pipes of which one has
- * O_NONBLOCK set and the other has not, then we have no individual control over O_NONBLOCK
- * behaviour. Hence in that case we can't use splice() and still guarantee systematic
- * O_NONBLOCK behaviour, hence don't. */
+ * Here's a twist though: when we use it to move data between two pipes of which one
+ * has O_NONBLOCK set and the other has not, then we have no individual control over
+ * O_NONBLOCK behaviour. Hence in that case we can't use splice() and still guarantee
+ * systematic O_NONBLOCK behaviour, hence don't. */
if (nonblock_pipe < 0) {
int a, b;
@@ -238,12 +254,13 @@ int copy_bytes_full(
(a == FD_IS_BLOCKING_PIPE && b == FD_IS_NONBLOCKING_PIPE) ||
(a == FD_IS_NONBLOCKING_PIPE && b == FD_IS_BLOCKING_PIPE))
- /* splice() only works if one of the fds is a pipe. If neither is, let's skip
- * this step right-away. As mentioned above, if one of the two fds refers to a
- * blocking pipe and the other to a non-blocking pipe, we can't use splice()
- * either, hence don't try either. This hence means we can only use splice() if
- * either only one of the two fds is a pipe, or if both are pipes with the same
- * nonblocking flag setting. */
+ /* splice() only works if one of the fds is a pipe. If neither is,
+ * let's skip this step right-away. As mentioned above, if one of the
+ * two fds refers to a blocking pipe and the other to a non-blocking
+ * pipe, we can't use splice() either, hence don't try either. This
+ * hence means we can only use splice() if either only one of the two
+ * fds is a pipe, or if both are pipes with the same nonblocking flag
+ * setting. */
try_splice = false;
else
@@ -259,9 +276,13 @@ int copy_bytes_full(
try_splice = false;
/* use fallback below */
- } else if (n == 0) /* EOF */
- break;
- else
+ } else if (n == 0) { /* likely EOF */
+
+ if (copied_something)
+ break;
+
+ try_splice = false; /* same logic as above for copy_file_range() + sendfile() */
+ } else
/* Success! */
goto next;
}
@@ -312,11 +333,13 @@ int copy_bytes_full(
assert(max_bytes >= (uint64_t) n);
max_bytes -= n;
}
- /* sendfile accepts at most SSIZE_MAX-offset bytes to copy,
- * so reduce our maximum by the amount we already copied,
- * but don't go below our copy buffer size, unless we are
- * close the limit of bytes we are allowed to copy. */
+
+ /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, so reduce our maximum by the
+ * amount we already copied, but don't go below our copy buffer size, unless we are close the
+ * limit of bytes we are allowed to copy. */
m = MAX(MIN(COPY_BUFFER_SIZE, max_bytes), m - n);
+
+ copied_something = true;
}
return 0; /* return 0 if we hit EOF earlier than the size limit */
diff --git a/src/test/test-copy.c b/src/test/test-copy.c
index 2e8d251ac1..29ac33e47a 100644
--- a/src/test/test-copy.c
+++ b/src/test/test-copy.c
@@ -253,6 +253,22 @@ static void test_copy_atomic(void) {
assert_se(copy_file_atomic("/etc/fstab", q, 0644, 0, COPY_REPLACE) >= 0);
}
+static void test_copy_proc(void) {
+ _cleanup_(rm_rf_physical_and_freep) char *p = NULL;
+ _cleanup_free_ char *f = NULL, *a = NULL, *b = NULL;
+
+ /* Check if copying data from /proc/ works correctly, i.e. let's see if https://lwn.net/Articles/846403/ is a problem for us */
+
+ assert_se(mkdtemp_malloc(NULL, &p) >= 0);
+ assert_se(f = path_join(NULL, p, "version"));
+ assert_se(copy_file("/proc/version", f, 0, (mode_t) -1, 0, 0) >= 0);
+
+ assert_se(read_one_line_file("/proc/version", &a) >= 0);
+ assert_se(read_one_line_file(f, &b) >= 0);
+ assert_se(streq(a, b));
+ assert_se(strlen(a) > 0);
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
@@ -267,6 +283,7 @@ int main(int argc, char *argv[]) {
test_copy_bytes_regular_file(argv[0], false, 32000); /* larger than copy buffer size */
test_copy_bytes_regular_file(argv[0], true, 32000);
test_copy_atomic();
+ test_copy_proc();
return 0;
}

33
SOURCES/0571-core-Hide-Deactivated-successfully-message.patch Normal file
View File

@ -0,0 +1,33 @@
From 4dc498258bd0cce1bc8ad2311c5f12de5678e0af Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 27 May 2021 12:25:51 +0200
Subject: [PATCH] core: Hide "Deactivated successfully" message
Show message "Deactivated successfully" in debug mode (when manager is
user) rather than in info mode. This message has low information value
for regular users and it might be a bit overwhelming on a system with
a lot of devices.
(cherry picked from commit edf2ee22f54005d76b2fb8fdcc9c60974feb88bc)
Resolves: #1954802
---
src/core/unit.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index cd3e7c806d..93c13e58d9 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5525,7 +5525,10 @@ int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
void unit_log_success(Unit *u) {
assert(u);
- log_struct(LOG_INFO,
+ /* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode.
+ * This message has low information value for regular users and it might be a bit overwhelming on a system with
+ * a lot of devices. */
+ log_struct(MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO,
"MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
LOG_UNIT_ID(u),
LOG_UNIT_INVOCATION_ID(u),

35
SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch Normal file
View File

@ -0,0 +1,35 @@
From 42f639d3689b7cbc9ce6b9578a2790c254508384 Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Fri, 8 Jan 2021 14:52:26 +0800
Subject: [PATCH] util: rework in_initrd() to make use of
path_is_temporary_fs()
(cherry picked from commit 96cceb35e7985f5ee6c9b17e129a76259273cdde)
Related: #1959339
---
src/basic/util.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index 82cb937314..b443e639f3 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -130,7 +130,6 @@ int prot_from_flags(int flags) {
}
bool in_initrd(void) {
- struct statfs s;
if (saved_in_initrd >= 0)
return saved_in_initrd;
@@ -146,8 +145,7 @@ bool in_initrd(void) {
*/
saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
- statfs("/", &s) >= 0 &&
- is_temporary_fs(&s);
+ path_is_temporary_fs("/") > 0;
return saved_in_initrd;
}

99
SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch Normal file
View File

@ -0,0 +1,99 @@
From 99ca5b681fceedd010b2616b1248a483f4bfbd97 Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Wed, 13 Jan 2021 00:04:53 +0800
Subject: [PATCH] initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs
Sometimes, non-ramfs initrd root are useful. Eg, for kdump, because
initramfs is memory consuming, so mount a compressed image in earlier
initrd, chroot into it then let systemd do the rest of job is a good
solution.
But systemd doesn't recognize the initrd environment if rootfs is not a
temporary fs. This is a reasonable check, because switch-root in initrd
will wipe the whole rootfs, will be a disaster if there are any
misdetect.
So extend SYSTEMD_IN_INITRD environment variable, now it accepts boolean
value and two extra keyword, "auto" and "lenient". "auto" is same as
before, and it's the default value. "lenient" will let systemd bypass
the rootfs check.
(cherry picked from commit db4c45cf4f10ca094b9e9570b758abd445d65381)
Related: #1959339
---
doc/ENVIRONMENT.md | 8 ++++++++
src/basic/util.c | 28 +++++++++++++++++++++++++---
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md
index 36b649afe1..8d7ce6ae2c 100644
--- a/doc/ENVIRONMENT.md
+++ b/doc/ENVIRONMENT.md
@@ -37,6 +37,14 @@ All tools:
useful for debugging, in order to test generators and other code against
specific kernel command lines.
+* `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
+ method. Defaults to `auto`. Behavior is defined as follows:
+ `auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted
+ on `/`. If both conditions meet, then it's in initrd.
+ `lenient`: Similiar to `auto`, but the rootfs check is skipped.
+ `0|1`: Simply overrides initrd detection. This is useful for debugging and
+ testing initrd-only programs in the main system.
+
* `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will
not output graphical smiley emojis, but ASCII alternatives instead. Note that
this only controls use of Unicode emoji glyphs, and has no effect on other
diff --git a/src/basic/util.c b/src/basic/util.c
index b443e639f3..59bcf7b00c 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -130,11 +130,14 @@ int prot_from_flags(int flags) {
}
bool in_initrd(void) {
+ int r;
+ const char *e;
+ bool lenient = false;
if (saved_in_initrd >= 0)
return saved_in_initrd;
- /* We make two checks here:
+ /* We have two checks here:
*
* 1. the flag file /etc/initrd-release must exist
* 2. the root file system must be a memory file system
@@ -142,10 +145,29 @@ bool in_initrd(void) {
* The second check is extra paranoia, since misdetecting an
* initrd can have bad consequences due the initrd
* emptying when transititioning to the main systemd.
+ *
+ * If env var $SYSTEMD_IN_INITRD is not set or set to "auto",
+ * both checks are used. If it's set to "lenient", only check
+ * 1 is used. If set to a booleen value, then the boolean
+ * value is returned.
*/
- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
- path_is_temporary_fs("/") > 0;
+ e = secure_getenv("SYSTEMD_IN_INITRD");
+ if (e) {
+ if (streq(e, "lenient"))
+ lenient = true;
+ else if (!streq(e, "auto")) {
+ r = parse_boolean(e);
+ if (r >= 0) {
+ saved_in_initrd = r > 0;
+ return saved_in_initrd;
+ }
+ log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
+ }
+ }
+
+ saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) &&
+ access("/etc/initrd-release", F_OK) >= 0;
return saved_in_initrd;
}

35
SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch Normal file
View File

@ -0,0 +1,35 @@
From 3299c855c6e65596ff9d8635dcbd45ff6818499a Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Thu, 14 Jan 2021 00:39:10 +0800
Subject: [PATCH] initrd: do a debug log if failed to detect rootfs type
(cherry picked from commit 3377c740d9121f38385e70d6a380b5e4bd8c672a)
Related: #1959339
---
src/basic/util.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index 59bcf7b00c..fef52ad5ff 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -166,8 +166,16 @@ bool in_initrd(void) {
}
}
- saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) &&
- access("/etc/initrd-release", F_OK) >= 0;
+ if (!lenient) {
+ r = path_is_temporary_fs("/");
+ if (r < 0)
+ log_debug_errno(r, "Couldn't determine if / is a temporary file system: %m");
+
+ saved_in_initrd = r > 0;
+ }
+
+ if (saved_in_initrd != 0)
+ saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0;
return saved_in_initrd;
}

39
SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch Normal file
View File

@ -0,0 +1,39 @@
From a1417c121d19272b1389098648132106a5ffc661 Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Thu, 14 Jan 2021 01:25:20 +0800
Subject: [PATCH] initrd: do a debug log if /etc/initrd-release doesn't take
effect
Signed-off-by: Kairui Song <kasong@redhat.com>
(cherry picked from commit 4a60d8cbcae574896a28f9f1f6204a1bddca8e99)
Related: #1959339
---
src/basic/util.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index fef52ad5ff..609f8c2f33 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -174,8 +174,17 @@ bool in_initrd(void) {
saved_in_initrd = r > 0;
}
- if (saved_in_initrd != 0)
- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0;
+ r = access("/etc/initrd-release", F_OK);
+ if (r >= 0) {
+ if (saved_in_initrd == 0)
+ log_debug("/etc/initrd-release exists, but it's not an initrd.");
+ else
+ saved_in_initrd = 1;
+ } else {
+ if (errno != ENOENT)
+ log_debug_errno(errno, "Failed to test if /etc/initrd-release exists: %m");
+ saved_in_initrd = 0;
+ }
return saved_in_initrd;
}

25
SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch Normal file
View File

@ -0,0 +1,25 @@
From 64975b046d5a0877690aa6de9389b8234ee1cfab Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 3 Aug 2018 10:45:31 +0200
Subject: [PATCH] units: assign user-runtime-dir@.service to user-%i.slice
This service won't use much resources, but it's certainly nicer to see
it attached th the user's slice along with user@.service, so that
everything we run for a specific user is properly bound into one unit.
(cherry picked from commit 1193c11a04b3ecc29925904fbeb5d64834bce73e)
Related: #1946453
---
units/user-runtime-dir@.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
index 8c02beda3b..13b3ed52f8 100644
--- a/units/user-runtime-dir@.service.in
+++ b/units/user-runtime-dir@.service.in
@@ -15,3 +15,4 @@ StopWhenUnneeded=yes
ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i
ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i
RemainAfterExit=true
+Slice=user-%i.slice

30
SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch Normal file
View File

@ -0,0 +1,30 @@
From 1fa9a6bf51a1a1d0fa2ccc23283739d16e9179b4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 3 Aug 2018 10:42:09 +0200
Subject: [PATCH] units: order user-runtime-dir@.service after
systemd-user-sessions.service
We use systemd-user-sessions.service as barrier when to allow login
sessions. With this patch user@.service is ordered after that too, so
that any login related code (which user-runtime-dir@.service is) is
guaranteed to run after the barrier, and never before.
(cherry picked from commit eb748aef4fbfd03b64938aa471bb8ceda1bc89a8)
Related: #1946453
---
units/user-runtime-dir@.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
index 13b3ed52f8..31354c9bf2 100644
--- a/units/user-runtime-dir@.service.in
+++ b/units/user-runtime-dir@.service.in
@@ -9,6 +9,7 @@
[Unit]
Description=/run/user/%i mount wrapper
+After=systemd-user-sessions.service
StopWhenUnneeded=yes
[Service]

26
SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch Normal file
View File

@ -0,0 +1,26 @@
From 780d1d9fa7ccc036e6e237221ac51ed69453c8c6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 2 Aug 2018 20:57:56 +0200
Subject: [PATCH] units: make sure user-runtime-dir@.service is Type=oneshot
We order user@.service after it, hence we need to properly know when it
finished starting up.
(cherry picked from commit d06e8fbce35c2b52ee1d09af4888876d5f2d7ae4)
Related: #1946453
---
units/user-runtime-dir@.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
index 31354c9bf2..bfd6488d61 100644
--- a/units/user-runtime-dir@.service.in
+++ b/units/user-runtime-dir@.service.in
@@ -15,5 +15,6 @@ StopWhenUnneeded=yes
[Service]
ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i
ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i
+Type=oneshot
RemainAfterExit=true
Slice=user-%i.slice

52
SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch Normal file
View File

@ -0,0 +1,52 @@
From 354b894aa3e79f54ab75bf6fae76ce28ca80db38 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 2 Aug 2018 20:56:34 +0200
Subject: [PATCH] user-runtime-dir: downgrade a few log messages to LOG_DEBUG
that we ignore
As the comments already say it might be quite likely that
$XDG_RUNTIME_DIR is not set up as mount, and we shouldn't complain about
that.
Moreover, let's make this idempotent, so that a runtime dir that is
already gone and is removed again doesn't cause failure.
(cherry picked from commit 3a13442bbf72e7ebdd0b4d60c2922ea7c5cc9496)
Related: #1946453
---
src/login/user-runtime-dir.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c
index 1bb26c99e4..9693821990 100644
--- a/src/login/user-runtime-dir.c
+++ b/src/login/user-runtime-dir.c
@@ -95,20 +95,19 @@ static int user_remove_runtime_path(const char *runtime_path) {
r = rm_rf(runtime_path, 0);
if (r < 0)
- log_error_errno(r, "Failed to remove runtime directory %s (before unmounting): %m", runtime_path);
+ log_debug_errno(r, "Failed to remove runtime directory %s (before unmounting), ignoring: %m", runtime_path);
- /* Ignore cases where the directory isn't mounted, as that's
- * quite possible, if we lacked the permissions to mount
- * something */
+ /* Ignore cases where the directory isn't mounted, as that's quite possible, if we lacked the permissions to
+ * mount something */
r = umount2(runtime_path, MNT_DETACH);
if (r < 0 && !IN_SET(errno, EINVAL, ENOENT))
- log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", runtime_path);
+ log_debug_errno(errno, "Failed to unmount user runtime directory %s, ignoring: %m", runtime_path);
r = rm_rf(runtime_path, REMOVE_ROOT);
- if (r < 0)
- log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);
+ if (r < 0 && r != -ENOENT)
+ return log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);
- return r;
+ return 0;
}
static int do_mount(const char *runtime_path, uid_t uid, gid_t gid) {

33
SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch Normal file
View File

@ -0,0 +1,33 @@
From 91ed691ff73d4d71fae8f6896a1bba73e6a76bba Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Wed, 20 Mar 2019 15:14:32 +0000
Subject: [PATCH] shared/install: Preserve escape characters for escaped unit
names
Since switching to extract_first_word with no flags for parsing
unit names in 4c9565eea534cd233a913c8c21f7920dba229743, escape
characters will be stripped from escaped unit names such as
"mnt-persistent\x2dvolume.mount" resulting in the unit not being
configured as defined. Preserve escape characters again for
compatibility with existing preset definitions.
(cherry picked from commit 82bd4da71e9cdd5a2e9266332f5a7399845e31f6)
Resolves: #1952686
---
src/shared/install.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index c2847df3f8..c9fef6bde2 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -2774,7 +2774,7 @@ static int split_pattern_into_name_and_instances(const char *pattern, char **out
assert(out_instances);
assert(out_unit_name);
- r = extract_first_word(&pattern, &unit_name, NULL, 0);
+ r = extract_first_word(&pattern, &unit_name, NULL, EXTRACT_RETAIN_ESCAPE);
if (r < 0)
return r;

80
SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch Normal file
View File

@ -0,0 +1,80 @@
From 48dacf8d30cd61b72939e9c3419acced4b2fde74 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Fri, 2 Oct 2020 11:05:23 +0200
Subject: [PATCH] basic/virt: Detect PowerVM hypervisor
Currently systemd-detect-virt fails to detect running under PowerVM.
Add code to detect PowerVM based on code in util-linux.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
(cherry picked from commit 3224e38bb6b3287ca253cbafb460a150544d5818)
Resolves: #1937989
---
man/systemd-detect-virt.xml | 7 ++++++-
src/basic/virt.c | 6 ++++++
src/basic/virt.h | 1 +
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index c4763fd561..6beb2c2aa1 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -65,7 +65,7 @@
</thead>
<tbody>
<row>
- <entry valign="top" morerows="11">VM</entry>
+ <entry valign="top" morerows="12">VM</entry>
<entry><varname>qemu</varname></entry>
<entry>QEMU software virtualization, without KVM</entry>
</row>
@@ -95,6 +95,11 @@
<entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry>
</row>
+ <row>
+ <entry><varname>powervm</varname></entry>
+ <entry>IBM PowerVM hypervisor - comes as firmware with some IBM POWER servers</entry>
+ </row>
+
<row>
<entry><varname>xen</varname></entry>
<entry>Xen hypervisor (only domU, not dom0)</entry>
diff --git a/src/basic/virt.c b/src/basic/virt.c
index dfa1525219..0b88005ed6 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -92,6 +92,11 @@ static int detect_vm_device_tree(void) {
_cleanup_closedir_ DIR *dir = NULL;
struct dirent *dent;
+ if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 &&
+ access("/proc/device-tree/hmc-managed?", F_OK) == 0 &&
+ access("/proc/device-tree/chosen/qemu,graphic-width", F_OK) != 0)
+ return VIRTUALIZATION_POWERVM;
+
dir = opendir("/proc/device-tree");
if (!dir) {
if (errno == ENOENT) {
@@ -635,6 +640,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
[VIRTUALIZATION_PARALLELS] = "parallels",
[VIRTUALIZATION_BHYVE] = "bhyve",
[VIRTUALIZATION_QNX] = "qnx",
+ [VIRTUALIZATION_POWERVM] = "powervm",
[VIRTUALIZATION_VM_OTHER] = "vm-other",
[VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
diff --git a/src/basic/virt.h b/src/basic/virt.h
index c4cf4bfeab..640b3ed779 100644
--- a/src/basic/virt.h
+++ b/src/basic/virt.h
@@ -21,6 +21,7 @@ enum {
VIRTUALIZATION_PARALLELS,
VIRTUALIZATION_BHYVE,
VIRTUALIZATION_QNX,
+ VIRTUALIZATION_POWERVM,
VIRTUALIZATION_VM_OTHER,
VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER,

57
SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch Normal file
View File

@ -0,0 +1,57 @@
From 102f4ff97a24c2ddaf6e569c678a0a713f972863 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 19 Mar 2021 10:05:47 +0100
Subject: [PATCH] man: document differences in clean exit status for
Type=oneshot
See commit 1f0958f640b87175cd547c1e69084cfe54a22e9d .
(cherry picked from commit f055cf77862bc580f3afbfaac161d1c060f39411)
Resolves: #1940078
---
man/systemd.service.xml | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 54586d1948..1e30a564df 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -669,14 +669,19 @@
If set to <option>no</option> (the default), the service will
not be restarted. If set to <option>on-success</option>, it
will be restarted only when the service process exits cleanly.
- In this context, a clean exit means an exit code of 0, or one
- of the signals
- <constant>SIGHUP</constant>,
- <constant>SIGINT</constant>,
- <constant>SIGTERM</constant> or
- <constant>SIGPIPE</constant>, and
- additionally, exit statuses and signals specified in
- <varname>SuccessExitStatus=</varname>. If set to
+ In this context, a clean exit means any of the following:
+ <itemizedlist>
+ <listitem><simpara>exit code of 0;</simpara></listitem>
+ <listitem><simpara>for types other than
+ <varname>Type=oneshot</varname>, one of the signals
+ <constant>SIGHUP</constant>,
+ <constant>SIGINT</constant>,
+ <constant>SIGTERM</constant>, or
+ <constant>SIGPIPE</constant>;</simpara></listitem>
+ <listitem><simpara>exit statuses and signals specified in
+ <varname>SuccessExitStatus=</varname>.</simpara></listitem>
+ </itemizedlist>
+ If set to
<option>on-failure</option>, the service will be restarted
when the process exits with a non-zero exit code, is
terminated by a signal (including on core dump, but excluding
@@ -798,7 +803,8 @@
<listitem><para>Takes a list of exit status definitions that,
when returned by the main service process, will be considered
successful termination, in addition to the normal successful
- exit code 0 and the signals <constant>SIGHUP</constant>,
+ exit code 0 and, except for <varname>Type=oneshot</varname>,
+ the signals <constant>SIGHUP</constant>,
<constant>SIGINT</constant>, <constant>SIGTERM</constant>, and
<constant>SIGPIPE</constant>. Exit status definitions can
either be numeric exit codes or termination signal names,

42
SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch Normal file
View File

@ -0,0 +1,42 @@
From 53673326ea78039b27e1dbd5328a8fe9a1a17445 Mon Sep 17 00:00:00 2001
From: d032747 <michael.trapp@sap.com>
Date: Tue, 15 Dec 2020 10:40:06 +0100
Subject: [PATCH] busctl: add a timestamp to the output of the busctl monitor
command
(cherry picked from commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2)
Resolves: #1909214
---
src/libsystemd/sd-bus/bus-dump.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/libsystemd/sd-bus/bus-dump.c b/src/libsystemd/sd-bus/bus-dump.c
index 2bd06053a6..36f592e0ba 100644
--- a/src/libsystemd/sd-bus/bus-dump.c
+++ b/src/libsystemd/sd-bus/bus-dump.c
@@ -55,6 +55,15 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) {
f = stdout;
if (flags & BUS_MESSAGE_DUMP_WITH_HEADER) {
+ char buf[FORMAT_TIMESTAMP_MAX];
+ const char *p;
+ usec_t ts = m->realtime;
+
+ if (ts == 0)
+ ts = now(CLOCK_REALTIME);
+
+ p = format_timestamp_us_utc(buf, sizeof(buf), ts);
+
fprintf(f,
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64,
m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() :
@@ -82,6 +91,8 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) {
if (m->reply_cookie != 0)
fprintf(f, " ReplyCookie=%" PRIu64, m->reply_cookie);
+ fprintf(f, " Timestamp=\"%s\"", strna(p));
+
fputs("\n", f);
if (m->sender)

90
SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch Normal file
View File

@ -0,0 +1,90 @@
From 240c55f1526300daac640ef2c1f4941de4579493 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Jul 2020 23:15:47 +0200
Subject: [PATCH] basic/cap-list: parse/print numerical capabilities
We would refuse to print capabilities which were didn't have a name
for. The kernel adds new capabilities from time to time, most recently
cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
"Failed to parse bus message: Invalid argument" because
capability_set_to_string_alloc() would fail with -EINVAL. So let's
print such capabilities in hexadecimal:
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
0x17 0x18 0x19 0x1a ...
For symmetry, also allow capabilities that we don't know to be specified.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329)
Resolves: #1946943
---
src/basic/cap-list.c | 10 +++++++---
src/test/test-cap-list.c | 4 +++-
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index bfcda33520..56a81c7dfc 100644
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -10,6 +10,7 @@
#include "macro.h"
#include "missing.h"
#include "parse-util.h"
+#include "stdio-util.h"
#include "util.h"
static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
/* Try to parse numeric capability */
r = safe_atoi(name, &i);
if (r >= 0) {
- if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
+ if (i >= 0 && i < 64)
return i;
else
return -EINVAL;
@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
for (i = 0; i < cap_last_cap(); i++)
if (set & (UINT64_C(1) << i)) {
const char *p;
+ char buf[2 + 16 + 1];
size_t add;
p = capability_to_name(i);
- if (!p)
- return -EINVAL;
+ if (!p) {
+ xsprintf(buf, "0x%lx", i);
+ p = buf;
+ }
add = strlen(p);
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
index de5fa729cc..84bbb7b7e7 100644
--- a/src/test/test-cap-list.c
+++ b/src/test/test-cap-list.c
@@ -30,6 +30,8 @@ static void test_cap_list(void) {
assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ);
assert_se(capability_from_name("0") == 0);
assert_se(capability_from_name("15") == 15);
+ assert_se(capability_from_name("63") == 63);
+ assert_se(capability_from_name("64") == -EINVAL);
assert_se(capability_from_name("-1") == -EINVAL);
for (i = 0; i < capability_list_length(); i++) {
@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
free(t1);
assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t,
- " hogehoge foobar 12345 3.14 -3 ", t));
+ " hogehoge foobar 18446744073709551616 3.14 -3 ", t));
assert_se(capability_set_from_string(t1, &c1) == 0);
assert_se(c1 == c_masked);
}

318
SOURCES/0585-shared-mount-util-convert-to-libmount.patch Normal file
View File

@ -0,0 +1,318 @@
From ca634baa10e2249d4a706d59b67be764867e5f32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 30 Nov 2020 10:37:06 +0100
Subject: [PATCH] shared/mount-util: convert to libmount
It seems better to use just a single parsing algorithm for /proc/self/mountinfo.
Also, unify the naming of variables in all places that use mnt_table_next_fs().
It makes it easier to compare the different call sites.
(cherry picked from commit 13dcfe4661b467131c943620d0f44711798bfd54)
Related: #1885143
---
src/basic/mount-util.c | 133 ++++++++++++++++++-----------------------
src/core/mount.c | 22 +++----
src/core/umount.c | 14 ++---
3 files changed, 76 insertions(+), 93 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 5b04e21f34..bac1a25cc8 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -13,7 +13,6 @@
#include <libmount.h>
#include "alloc-util.h"
-#include "escape.h"
#include "extract-word.h"
#include "fd-util.h"
#include "fileio.h"
@@ -27,6 +26,9 @@
#include "string-util.h"
#include "strv.h"
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_table*, mnt_free_table);
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_iter*, mnt_free_iter);
+
/* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of
* any more currently defined value to future-proof things: if the size is increased in the API headers, and our code
* is recompiled then it would cease working on old kernels, as those refuse any sizes larger than this value with
@@ -313,55 +315,43 @@ int umount_recursive(const char *prefix, int flags) {
* unmounting them until they are gone. */
do {
- _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
+ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
again = false;
- r = 0;
- proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
- if (!proc_self_mountinfo)
- return -errno;
+ table = mnt_new_table();
+ iter = mnt_new_iter(MNT_ITER_FORWARD);
+ if (!table || !iter)
+ return -ENOMEM;
- (void) __fsetlocking(proc_self_mountinfo, FSETLOCKING_BYCALLER);
+ r = mnt_table_parse_mtab(table, NULL);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m");
for (;;) {
- _cleanup_free_ char *path = NULL, *p = NULL;
- int k;
-
- k = fscanf(proc_self_mountinfo,
- "%*s " /* (1) mount id */
- "%*s " /* (2) parent id */
- "%*s " /* (3) major:minor */
- "%*s " /* (4) root */
- "%ms " /* (5) mount point */
- "%*s" /* (6) mount options */
- "%*[^-]" /* (7) optional fields */
- "- " /* (8) separator */
- "%*s " /* (9) file system type */
- "%*s" /* (10) mount source */
- "%*s" /* (11) mount options 2 */
- "%*[^\n]", /* some rubbish at the end */
- &path);
- if (k != 1) {
- if (k == EOF)
- break;
+ struct libmnt_fs *fs;
+ const char *path;
- continue;
- }
-
- r = cunescape(path, UNESCAPE_RELAX, &p);
+ r = mnt_table_next_fs(table, iter, &fs);
+ if (r == 1)
+ break;
if (r < 0)
- return r;
+ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
- if (!path_startswith(p, prefix))
+ path = mnt_fs_get_target(fs);
+ if (!path)
continue;
- if (umount2(p, flags) < 0) {
- r = log_debug_errno(errno, "Failed to umount %s: %m", p);
+ if (!path_startswith(path, prefix))
+ continue;
+
+ if (umount2(path, flags) < 0) {
+ r = log_debug_errno(errno, "Failed to umount %s: %m", path);
continue;
}
- log_debug("Successfully unmounted %s", p);
+ log_debug("Successfully unmounted %s", path);
again = true;
n++;
@@ -416,6 +406,8 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
for (;;) {
_cleanup_set_free_free_ Set *todo = NULL;
+ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
bool top_autofs = false;
char *x;
unsigned long orig_flags;
@@ -424,58 +416,52 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
if (!todo)
return -ENOMEM;
+ table = mnt_new_table();
+ iter = mnt_new_iter(MNT_ITER_FORWARD);
+ if (!table || !iter)
+ return -ENOMEM;
+
rewind(proc_self_mountinfo);
- for (;;) {
- _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
- int k;
-
- k = fscanf(proc_self_mountinfo,
- "%*s " /* (1) mount id */
- "%*s " /* (2) parent id */
- "%*s " /* (3) major:minor */
- "%*s " /* (4) root */
- "%ms " /* (5) mount point */
- "%*s" /* (6) mount options (superblock) */
- "%*[^-]" /* (7) optional fields */
- "- " /* (8) separator */
- "%ms " /* (9) file system type */
- "%*s" /* (10) mount source */
- "%*s" /* (11) mount options (bind mount) */
- "%*[^\n]", /* some rubbish at the end */
- &path,
- &type);
- if (k != 2) {
- if (k == EOF)
- break;
+ r = mnt_table_parse_stream(table, proc_self_mountinfo, "/proc/self/mountinfo");
+ if (r < 0)
+ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m");
- continue;
- }
+ for (;;) {
+ struct libmnt_fs *fs;
+ const char *path, *type;
- r = cunescape(path, UNESCAPE_RELAX, &p);
+ r = mnt_table_next_fs(table, iter, &fs);
+ if (r == 1)
+ break;
if (r < 0)
- return r;
+ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
+
+ path = mnt_fs_get_target(fs);
+ type = mnt_fs_get_fstype(fs);
+ if (!path || !type)
+ continue;
- if (!path_startswith(p, cleaned))
+ if (!path_startswith(path, cleaned))
continue;
- /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount we shall
- * operate on. */
- if (!path_equal(cleaned, p)) {
+ /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount
+ * we shall operate on. */
+ if (!path_equal(path, cleaned)) {
bool blacklisted = false;
char **i;
STRV_FOREACH(i, blacklist) {
-
if (path_equal(*i, cleaned))
continue;
if (!path_startswith(*i, cleaned))
continue;
- if (path_startswith(p, *i)) {
+ if (path_startswith(path, *i)) {
blacklisted = true;
- log_debug("Not remounting %s, because blacklisted by %s, called for %s", p, *i, cleaned);
+ log_debug("Not remounting %s blacklisted by %s, called for %s",
+ path, *i, cleaned);
break;
}
}
@@ -490,15 +476,12 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
* already triggered, then we will find
* another entry for this. */
if (streq(type, "autofs")) {
- top_autofs = top_autofs || path_equal(cleaned, p);
+ top_autofs = top_autofs || path_equal(path, cleaned);
continue;
}
- if (!set_contains(done, p)) {
- r = set_consume(todo, p);
- p = NULL;
- if (r == -EEXIST)
- continue;
+ if (!set_contains(done, path)) {
+ r = set_put_strdup(todo, path);
if (r < 0)
return r;
}
diff --git a/src/core/mount.c b/src/core/mount.c
index 076dfd06a3..7e80a0c974 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1606,18 +1606,18 @@ fail:
}
static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
- int r = 0;
+ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+ int r;
assert(m);
- t = mnt_new_table();
- i = mnt_new_iter(MNT_ITER_FORWARD);
- if (!t || !i)
+ table = mnt_new_table();
+ iter = mnt_new_iter(MNT_ITER_FORWARD);
+ if (!table || !iter)
return log_oom();
- r = mnt_table_parse_mtab(t, NULL);
+ r = mnt_table_parse_mtab(table, NULL);
if (r < 0)
return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
@@ -1628,11 +1628,11 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
_cleanup_free_ char *d = NULL, *p = NULL;
int k;
- k = mnt_table_next_fs(t, i, &fs);
- if (k == 1)
+ r = mnt_table_next_fs(table, iter, &fs);
+ if (r == 1)
break;
- if (k < 0)
- return log_error_errno(k, "Failed to get next entry from /proc/self/mountinfo: %m");
+ if (r < 0)
+ return log_error_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
device = mnt_fs_get_source(fs);
path = mnt_fs_get_target(fs);
diff --git a/src/core/umount.c b/src/core/umount.c
index 241fe6fc62..3f02bf141a 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -55,18 +55,18 @@ void mount_points_list_free(MountPoint **head) {
}
int mount_points_list_get(const char *mountinfo, MountPoint **head) {
- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
+ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
int r;
assert(head);
- t = mnt_new_table();
- i = mnt_new_iter(MNT_ITER_FORWARD);
- if (!t || !i)
+ table = mnt_new_table();
+ iter = mnt_new_iter(MNT_ITER_FORWARD);
+ if (!table || !iter)
return log_oom();
- r = mnt_table_parse_mtab(t, mountinfo);
+ r = mnt_table_parse_mtab(table, mountinfo);
if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", mountinfo);
@@ -79,7 +79,7 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) {
bool try_remount_ro;
MountPoint *m;
- r = mnt_table_next_fs(t, i, &fs);
+ r = mnt_table_next_fs(table, iter, &fs);
if (r == 1)
break;
if (r < 0)

92
SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch Normal file
View File

@ -0,0 +1,92 @@
From 996f88461c45e8620c5a8a0c958dc133bd02c50e Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Mon, 30 Nov 2020 10:27:48 +0100
Subject: [PATCH] mount-util: bind_remount: avoid calling statvfs
The commit
"util: Do not clear parent mount flags when setting up namespaces"
introduced a statvfs call read the flags of the original mount
and have them applied to the bind mount.
This has two problems:
(1) The mount flags returned by statvfs(2) do not match the flags
accepted by mount(2). For example, the value 4096 means ST_RELATIME
when returned by statvfs(2), but means MS_BIND when passed to mount(2).
(2) A call to statvfs blocks indefinitely when ran against a disconnected
network drive ( https://github.com/systemd/systemd/issues/12667 ).
We already use libmount to parse `/proc/self/mountinfo` but did not use the
mount flag information from there. This patch changes that to use the mount
flags parsed by libmount instead of calling statvfs. Only if getting the
flags through libmount fails we call statvfs.
Fixes https://github.com/systemd/systemd/issues/12667
(cherry picked from commit d34a40082db3ffca8de66bfa4df50951101bdae5)
Resolves: #1885143
---
src/basic/mount-util.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index bac1a25cc8..2cf98eaa84 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -364,11 +364,34 @@ int umount_recursive(const char *prefix, int flags) {
return r ? r : n;
}
-static int get_mount_flags(const char *path, unsigned long *flags) {
- struct statvfs buf;
+/* Get the mount flags for the mountpoint at "path" from "table" */
+static int get_mount_flags(const char *path, unsigned long *flags, struct libmnt_table *table) {
+ struct statvfs buf = {};
+ struct libmnt_fs *fs = NULL;
+ const char *opts = NULL;
+ int r = 0;
+
+ fs = mnt_table_find_target(table, path, MNT_ITER_FORWARD);
+ if (fs == NULL) {
+ log_warning("Could not find '%s' in mount table", path);
+ goto fallback;
+ }
+
+ opts = mnt_fs_get_vfs_options(fs);
+ r = mnt_optstr_get_flags(opts, flags, mnt_get_builtin_optmap(MNT_LINUX_MAP));
+ if (r != 0) {
+ log_warning_errno(r, "Could not get flags for '%s': %m", path);
+ goto fallback;
+ }
+ /* relatime is default and trying to set it in an unprivileged container causes EPERM */
+ *flags &= ~MS_RELATIME;
+ return 0;
+
+fallback:
if (statvfs(path, &buf) < 0)
return -errno;
+
*flags = buf.f_flag;
return 0;
}
@@ -501,7 +524,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
return -errno;
orig_flags = 0;
- (void) get_mount_flags(cleaned, &orig_flags);
+ (void) get_mount_flags(cleaned, &orig_flags, table);
orig_flags &= ~MS_RDONLY;
if (mount(NULL, prefix, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
@@ -535,7 +558,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
/* Try to reuse the original flag set */
orig_flags = 0;
- (void) get_mount_flags(x, &orig_flags);
+ (void) get_mount_flags(x, &orig_flags, table);
orig_flags &= ~MS_RDONLY;
if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)

30
SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch Normal file
View File

@ -0,0 +1,30 @@
From b6ffe7ec63d86c5ac66171d6731068b87e3e7b50 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 27 Jun 2020 11:13:01 +0200
Subject: [PATCH] mount-util: use UMOUNT_NOFOLLOW in recursive umounter
When we only want to unmount mount points below some path then it is
against our interest to follow symlinks. Hence don't.
(cherry picked from commit 827ea5212507c3833b6ae14cdf65e446b36b5e05)
Related: #1885143
---
src/basic/mount-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 2cf98eaa84..be26bb5ec1 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -346,8 +346,8 @@ int umount_recursive(const char *prefix, int flags) {
if (!path_startswith(path, prefix))
continue;
- if (umount2(path, flags) < 0) {
- r = log_debug_errno(errno, "Failed to umount %s: %m", path);
+ if (umount2(path, flags | UMOUNT_NOFOLLOW) < 0) {
+ log_debug_errno(errno, "Failed to umount %s: %m", path);
continue;
}

29
SOURCES/0588-test-install-root-create-referenced-targets.patch Normal file
View File

@ -0,0 +1,29 @@
From 55cde82204724df756a198da691471f2f3f83d5a Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 31 Mar 2021 10:08:31 +0200
Subject: [PATCH] test-install-root: create referenced targets
(cherry picked from commit cd228002ccedb927b4531a4b7dd9ea7015fdb657)
Related: #1835351
---
src/test/test-install-root.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
index fe1ca5b16f..f8b41b04db 100644
--- a/src/test/test-install-root.c
+++ b/src/test/test-install-root.c
@@ -1061,6 +1061,12 @@ int main(int argc, char *argv[]) {
p = strjoina(root, "/usr/lib/systemd/system-preset/");
assert_se(mkdir_p(p, 0755) >= 0);
+ p = strjoina(root, "/usr/lib/systemd/system/multi-user.target");
+ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
+
+ p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
+ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
+
test_basic_mask_and_enable(root);
test_linked_units(root);
test_default(root);

113
SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch Normal file
View File

@ -0,0 +1,113 @@
From dfb4e03e0865d189a5c171072d6d7b31f49e1088 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 3 Jun 2020 10:33:21 +0200
Subject: [PATCH] install: warn if WantedBy targets don't exist
Currently, if [Install] section contains WantedBy=target that doesn't exist,
systemd creates the symlinks anyway. That is just user-unfriendly.
Let's be nice and warn about installing non-existent targets.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1835351.
Replaces: #15834
(cherry picked from commit 8ae27441c2dcf585f58242991302b09778d4d710)
Resolves: #1835351
---
src/shared/install.c | 25 ++++++++++++++++++-------
src/shared/install.h | 1 +
2 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index c9fef6bde2..055b09f98c 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -362,6 +362,11 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
log_info("Unit %s is an alias to a unit that is not present, ignoring.",
changes[i].path);
break;
+ case UNIT_FILE_DESTINATION_NOT_PRESENT:
+ if (!quiet)
+ log_warning("Unit %s is added as a dependency to a non-existent unit %s.",
+ changes[i].source, changes[i].path);
+ break;
case -EEXIST:
if (changes[i].source)
log_error_errno(changes[i].type,
@@ -1730,6 +1735,7 @@ static int install_info_symlink_alias(
}
static int install_info_symlink_wants(
+ UnitFileScope scope,
UnitFileInstallInfo *i,
const LookupPaths *paths,
const char *config_path,
@@ -1795,6 +1801,9 @@ static int install_info_symlink_wants(
q = create_symlink(paths, i->path, path, true, changes, n_changes);
if (r == 0)
r = q;
+
+ if (unit_file_exists(scope, paths, dst) == 0)
+ unit_file_changes_add(changes, n_changes, UNIT_FILE_DESTINATION_NOT_PRESENT, dst, i->path);
}
return r;
@@ -1830,6 +1839,7 @@ static int install_info_symlink_link(
}
static int install_info_apply(
+ UnitFileScope scope,
UnitFileInstallInfo *i,
const LookupPaths *paths,
const char *config_path,
@@ -1848,11 +1858,11 @@ static int install_info_apply(
r = install_info_symlink_alias(i, paths, config_path, force, changes, n_changes);
- q = install_info_symlink_wants(i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes);
+ q = install_info_symlink_wants(scope, i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes);
if (r == 0)
r = q;
- q = install_info_symlink_wants(i, paths, config_path, i->required_by, ".requires/", changes, n_changes);
+ q = install_info_symlink_wants(scope, i, paths, config_path, i->required_by, ".requires/", changes, n_changes);
if (r == 0)
r = q;
@@ -1916,7 +1926,7 @@ static int install_context_apply(
if (i->type != UNIT_FILE_TYPE_REGULAR)
continue;
- q = install_info_apply(i, paths, config_path, force, changes, n_changes);
+ q = install_info_apply(scope, i, paths, config_path, force, changes, n_changes);
if (r >= 0) {
if (q < 0)
r = q;
@@ -3324,10 +3334,11 @@ static const char* const unit_file_state_table[_UNIT_FILE_STATE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(unit_file_state, UnitFileState);
static const char* const unit_file_change_type_table[_UNIT_FILE_CHANGE_TYPE_MAX] = {
- [UNIT_FILE_SYMLINK] = "symlink",
- [UNIT_FILE_UNLINK] = "unlink",
- [UNIT_FILE_IS_MASKED] = "masked",
- [UNIT_FILE_IS_DANGLING] = "dangling",
+ [UNIT_FILE_SYMLINK] = "symlink",
+ [UNIT_FILE_UNLINK] = "unlink",
+ [UNIT_FILE_IS_MASKED] = "masked",
+ [UNIT_FILE_IS_DANGLING] = "dangling",
+ [UNIT_FILE_DESTINATION_NOT_PRESENT] = "destination not present",
};
DEFINE_STRING_TABLE_LOOKUP(unit_file_change_type, UnitFileChangeType);
diff --git a/src/shared/install.h b/src/shared/install.h
index e452940991..f07bebb415 100644
--- a/src/shared/install.h
+++ b/src/shared/install.h
@@ -57,6 +57,7 @@ enum UnitFileChangeType {
UNIT_FILE_UNLINK,
UNIT_FILE_IS_MASKED,
UNIT_FILE_IS_DANGLING,
+ UNIT_FILE_DESTINATION_NOT_PRESENT,
_UNIT_FILE_CHANGE_TYPE_MAX,
_UNIT_FILE_CHANGE_TYPE_INVALID = INT_MIN
};

56
SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch Normal file
View File

@ -0,0 +1,56 @@
From 430445a936cdb4c32c55affdfdd94b7eb910d5e6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 31 Mar 2021 10:38:00 +0200
Subject: [PATCH] test-install-root: add test for unknown WantedBy= target
(cherry picked from commit 8adbad370f522831dd9246fe272caf37ce748d4a)
Related: #1835351
---
src/test/test-install-root.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
index f8b41b04db..73e1e0ae03 100644
--- a/src/test/test-install-root.c
+++ b/src/test/test-install-root.c
@@ -20,6 +20,7 @@ static void test_basic_mask_and_enable(const char *root) {
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", NULL) == -ENOENT);
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", NULL) == -ENOENT);
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", NULL) == -ENOENT);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) == -ENOENT);
p = strjoina(root, "/usr/lib/systemd/system/a.service");
assert_se(write_string_file(p,
@@ -147,6 +148,31 @@ static void test_basic_mask_and_enable(const char *root) {
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
+
+ /* Test enabling with unknown dependency target */
+
+ p = strjoina(root, "/usr/lib/systemd/system/f.service");
+ assert_se(write_string_file(p,
+ "[Install]\n"
+ "WantedBy=x.target\n", WRITE_STRING_FILE_CREATE) >= 0);
+
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) >= 0);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
+
+ assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("f.service"), &changes, &n_changes) == 1);
+ assert_se(n_changes == 2);
+ assert_se(changes[0].type == UNIT_FILE_SYMLINK);
+ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/f.service"));
+ p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/x.target.wants/f.service");
+ assert_se(streq(changes[0].path, p));
+ assert_se(changes[1].type == UNIT_FILE_DESTINATION_NOT_PRESENT);
+ p = strjoina(root, "/usr/lib/systemd/system/f.service");
+ assert_se(streq(changes[1].source, p));
+ assert_se(streq(changes[1].path, "x.target"));
+ unit_file_changes_free(changes, n_changes);
+ changes = NULL; n_changes = 0;
+
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
}
static void test_linked_units(const char *root) {

24
SOURCES/0591-ceph-is-a-network-filesystem.patch Normal file
View File

@ -0,0 +1,24 @@
From d284fd2b036ed874f9f38da63f1ab4e9fd9e96a3 Mon Sep 17 00:00:00 2001
From: Jonas Jelten <jj@sft.mx>
Date: Thu, 17 Oct 2019 12:10:13 +0200
Subject: [PATCH] ceph is a network filesystem
(cherry picked from commit c4742de6d801b125abf3c4d1c710280f51d7c701)
Resolves: #1952013
---
src/basic/mount-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index be26bb5ec1..45348bf878 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -608,6 +608,7 @@ bool fstype_is_network(const char *fstype) {
return STR_IN_SET(fstype,
"afs",
+ "ceph",
"cifs",
"smb3",
"smbfs",

49
SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch Normal file
View File

@ -0,0 +1,49 @@
From 8bdc512d2651b4600f7e744b06633a7524b64346 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 12 Oct 2020 16:31:42 +0200
Subject: [PATCH] sysctl: set kernel.core_pipe_limit=16
We need to make sure that our coredump pattern handler manages to read
process metadata from /proc/$PID/ before the kernel reaps the crashed
process. By default the kernel will reap the process as soon as it can.
By setting kernel.core_pipe_limit to a non-zero the kernel will wait for
userspace to finish before reaping.
We'll set the value to 16, which allows 16 crashes to be
processed in parallel. This matches the MaxConnections= setting in
systemd-coredump.socket.
See: #17301
(This doesn't close 17301, since we probably should also gracefully
handle if /proc/$PID/ vanished already while our coredump handler runs,
just in case people loclly set the sysctl back to zero. i.e. we should
collect what we can and rather issue an incomplete log record than
none.)
(cherry picked from commit 2a9b9323cd844baae3229e9dba67e478bee70654)
Resolves: #1949729
---
sysctl.d/50-coredump.conf.in | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
index ccd5c2cc56..8d6fbb718c 100644
--- a/sysctl.d/50-coredump.conf.in
+++ b/sysctl.d/50-coredump.conf.in
@@ -10,3 +10,14 @@
# setting below.
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e
+
+# Allow that 16 coredumps are dispatched in parallel by the kernel. We want to
+# be able to collect process metadata from /proc/%P/ while processing
+# coredumps, and thus need to make sure the crashed processes are not reaped
+# until we finished collecting what we need. The kernel default for this sysctl
+# is "0" which means the kernel doesn't wait for userspace processes to finish
+# processing before reaping the crashed processes — by setting this higher the
+# kernel will delay reaping until we are done, but only for the specified
+# number of crashes in parallel. The value of 16 is chosen to match
+# systemd-coredump.socket's MaxConnections= value.
+kernel.core_pipe_limit=16

116
SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch Normal file
View File

@ -0,0 +1,116 @@
From 73bf41a783edbff1b367e645956ed602de1889e2 Mon Sep 17 00:00:00 2001
From: Insun <iplayinsun@gmail.com>
Date: Sun, 28 Oct 2018 21:26:13 +0900
Subject: [PATCH] core: don't drop timer expired but not yet processed when
system date is changed
There is difference between time set by the user and real elapsed time because of accuracy feature.
If you change the system date(or time) between these times, the timer drops.
You can easily reproduce it with the following command.
-----------------------------------------------------------
$ systemd-run --on-active=3s ls; sleep 3; date -s "`date`"
-----------------------------------------------------------
In the following command, the problem is rarely reproduced. But it exists.
---------------------------------------------------------------------------------------------
$ systemd-run --on-active=3s --timer-property=AccuracySec=1us ls ; sleep 1; date -s "`date`"
---------------------------------------------------------------------------------------------
Note : Global AccuracySec value.
----------------------------------------------------------------------
$ cat /etc/systemd/system.conf
DefaultTimerAccuracySec=1min
----------------------------------------------------------------------
(cherry picked from commit fee04d7f3ab810e99b97535ca5fda2f9517acda9)
Related: #1899402
---
src/core/timer.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index 281ac7f97f..ef240a6f19 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) {
unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0);
}
-static void timer_enter_waiting(Timer *t, bool initial);
+static void timer_enter_waiting(Timer *t, bool initial, bool time_change);
static int timer_coldplug(Unit *u) {
Timer *t = TIMER(u);
@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) {
return 0;
if (t->deserialized_state == TIMER_WAITING)
- timer_enter_waiting(t, false);
+ timer_enter_waiting(t, false, false);
else
timer_set_state(t, t->deserialized_state);
@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0));
}
-static void timer_enter_waiting(Timer *t, bool initial) {
+static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
bool found_monotonic = false, found_realtime = false;
bool leave_around = false;
triple_timestamp ts;
@@ -444,7 +444,7 @@ static void timer_enter_waiting(Timer *t, bool initial) {
v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value);
- if (!initial &&
+ if (!initial && !time_change &&
v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) &&
IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) {
/* This is a one time trigger, disable it now */
@@ -642,7 +642,7 @@ static int timer_start(Unit *u) {
}
t->result = TIMER_SUCCESS;
- timer_enter_waiting(t, true);
+ timer_enter_waiting(t, true, false);
return 1;
}
@@ -764,14 +764,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) {
case TIMER_ELAPSED:
/* Recalculate sleep time */
- timer_enter_waiting(t, false);
+ timer_enter_waiting(t, false, false);
break;
case TIMER_RUNNING:
if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
log_unit_debug(UNIT(t), "Got notified about unit deactivation.");
- timer_enter_waiting(t, false);
+ timer_enter_waiting(t, false, false);
}
break;
@@ -813,7 +813,7 @@ static void timer_time_change(Unit *u) {
t->last_trigger.realtime = ts;
log_unit_debug(u, "Time change, recalculating next elapse.");
- timer_enter_waiting(t, false);
+ timer_enter_waiting(t, false, true);
}
static void timer_timezone_change(Unit *u) {
@@ -825,7 +825,7 @@ static void timer_timezone_change(Unit *u) {
return;
log_unit_debug(u, "Timezone change, recalculating next elapse.");
- timer_enter_waiting(t, false);
+ timer_enter_waiting(t, false, false);
}
static const char* const timer_base_table[_TIMER_BASE_MAX] = {

152
SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch Normal file
View File

@ -0,0 +1,152 @@
From 3d4280d0a487109f8f648147083baf573e4418a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Fri, 2 Nov 2018 20:56:08 +0100
Subject: [PATCH] core: Detect initial timer state from serialized data
We keep a mark whether a single-shot timer was triggered in the caller's
variable initial. When such a timer elapses while we are
serializing/deserializing the inner state, we consider the timer
incorrectly as elapsed and don't trigger it later.
This patch exploits last_trigger timestamp that we already serialize,
hence we can eliminate the argument initial completely.
A reproducer for OnBootSec= timers:
cat >repro.c <<EOD
/*
* Compile: gcc repro.c -o repro
* Run: ./repro
*/
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <time.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
char command[1024];
int pause;
struct timespec now;
while (1) {
usleep(rand() % 200000); // prevent periodic repeats
clock_gettime(CLOCK_MONOTONIC, &now);
printf("%i\n", now.tv_sec);
system("rm -f $PWD/mark");
snprintf(command, 1024, "systemd-run --user --on-boot=%i --timer-property=AccuracySec=100ms "
"touch $PWD/mark", now.tv_sec + 1);
system(command);
system("systemctl --user list-timers");
pause = (1000000000 - now.tv_nsec)/1000 - 70000; // fiddle to hit the middle of reloading
usleep(pause > 0 ? pause : 0);
system("systemctl --user daemon-reload");
sync();
sleep(2);
if (open("./mark", 0) < 0)
if (errno == ENOENT) {
printf("mark file does not exist\n");
break;
}
}
return 0;
}
EOD
(cherry picked from commit aa1f95d2647197eca84c33a0f10adaeada08467d)
Resolves: #1899402
---
src/core/timer.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index ef240a6f19..1718ffc5a5 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) {
unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0);
}
-static void timer_enter_waiting(Timer *t, bool initial, bool time_change);
+static void timer_enter_waiting(Timer *t, bool time_change);
static int timer_coldplug(Unit *u) {
Timer *t = TIMER(u);
@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) {
return 0;
if (t->deserialized_state == TIMER_WAITING)
- timer_enter_waiting(t, false, false);
+ timer_enter_waiting(t, false);
else
timer_set_state(t, t->deserialized_state);
@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0));
}
-static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
+static void timer_enter_waiting(Timer *t, bool time_change) {
bool found_monotonic = false, found_realtime = false;
bool leave_around = false;
triple_timestamp ts;
@@ -444,7 +444,8 @@ static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value);
- if (!initial && !time_change &&
+ if (dual_timestamp_is_set(&t->last_trigger) &&
+ !time_change &&
v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) &&
IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) {
/* This is a one time trigger, disable it now */
@@ -642,7 +643,7 @@ static int timer_start(Unit *u) {
}
t->result = TIMER_SUCCESS;
- timer_enter_waiting(t, true, false);
+ timer_enter_waiting(t, false);
return 1;
}
@@ -764,14 +765,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) {
case TIMER_ELAPSED:
/* Recalculate sleep time */
- timer_enter_waiting(t, false, false);
+ timer_enter_waiting(t, false);
break;
case TIMER_RUNNING:
if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
log_unit_debug(UNIT(t), "Got notified about unit deactivation.");
- timer_enter_waiting(t, false, false);
+ timer_enter_waiting(t, false);
}
break;
@@ -813,7 +814,7 @@ static void timer_time_change(Unit *u) {
t->last_trigger.realtime = ts;
log_unit_debug(u, "Time change, recalculating next elapse.");
- timer_enter_waiting(t, false, true);
+ timer_enter_waiting(t, true);
}
static void timer_timezone_change(Unit *u) {
@@ -825,7 +826,7 @@ static void timer_timezone_change(Unit *u) {
return;
log_unit_debug(u, "Timezone change, recalculating next elapse.");
- timer_enter_waiting(t, false, false);
+ timer_enter_waiting(t, false);
}
static const char* const timer_base_table[_TIMER_BASE_MAX] = {

29
SOURCES/0595-rc-local-order-after-network-online.target.patch Normal file
View File

@ -0,0 +1,29 @@
From 8cd99937562cde7533519303a7a0ad1df749e075 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
just network-online.target didn't exist back then.
RHEL-only
Resolves: #1934028
---
units/rc-local.service.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 78ce69e0ae..74e83d8c07 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,8 @@
Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@
-After=network.target
+After=network-online.target
+Wants=network-online.target
[Service]
Type=forking

25
SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch Normal file
View File

@ -0,0 +1,25 @@
From 830bd662276ee117e65a4b3d541f77e8b172eafd Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 25 Jan 2021 16:19:56 +0100
Subject: [PATCH] set core ulimit to 0 like on RHEL-7
RHEL-only
Resolves: #1905582
---
src/core/system.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 0d93fbf147..b4d6dfa15a 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -52,7 +52,7 @@
#DefaultLimitFSIZE=
#DefaultLimitDATA=
#DefaultLimitSTACK=
-#DefaultLimitCORE=
+DefaultLimitCORE=0
#DefaultLimitRSS=
#DefaultLimitNOFILE=
#DefaultLimitAS=

129
SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch Normal file
View File

@ -0,0 +1,129 @@
From 4ad39b0531f550cde6e01df0801f177c08514c8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
Resolves: #1910425
---
src/test/test-mount-util.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/test/test-mount-util.c b/src/test/test-mount-util.c
index c10e1681fb..991d165fc3 100644
--- a/src/test/test-mount-util.c
+++ b/src/test/test-mount-util.c
@@ -74,7 +74,13 @@ static void test_mnt_id(void) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if that's really
* the case */
- assert_se(path_equal_ptr(hashmap_get(h, INT_TO_PTR(mnt_id2)), p));
+ char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
hashmap_free_free(h);

4
SOURCES/triggers.systemd
View File

@ -105,5 +105,7 @@ fi
# This script will automatically apply binfmt rules if files have been
# installed or updated in /usr/lib/binfmt.d.
if test -d /run/systemd/system; then
/usr/lib/systemd/systemd-binfmt
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
# during install
/usr/lib/systemd/systemd-binfmt || :
fi

141
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 45%{?dist}.1
Release: 48%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -616,6 +616,37 @@ Patch0563: 0563-pam-systemd-use-secure_getenv-rather-than-getenv.patch
Patch0564: 0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
Patch0565: 0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
Patch0566: 0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
Patch0567: 0567-cgroup-Also-set-io.bfq.weight.patch
Patch0568: 0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch
Patch0569: 0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch
Patch0570: 0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch
Patch0571: 0571-core-Hide-Deactivated-successfully-message.patch
Patch0572: 0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch
Patch0573: 0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch
Patch0574: 0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch
Patch0575: 0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch
Patch0576: 0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch
Patch0577: 0577-units-order-user-runtime-dir-.service-after-systemd-.patch
Patch0578: 0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch
Patch0579: 0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch
Patch0580: 0580-shared-install-Preserve-escape-characters-for-escape.patch
Patch0581: 0581-basic-virt-Detect-PowerVM-hypervisor.patch
Patch0582: 0582-man-document-differences-in-clean-exit-status-for-Ty.patch
Patch0583: 0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch
Patch0584: 0584-basic-cap-list-parse-print-numerical-capabilities.patch
Patch0585: 0585-shared-mount-util-convert-to-libmount.patch
Patch0586: 0586-mount-util-bind_remount-avoid-calling-statvfs.patch
Patch0587: 0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch
Patch0588: 0588-test-install-root-create-referenced-targets.patch
Patch0589: 0589-install-warn-if-WantedBy-targets-don-t-exist.patch
Patch0590: 0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch
Patch0591: 0591-ceph-is-a-network-filesystem.patch
Patch0592: 0592-sysctl-set-kernel.core_pipe_limit-16.patch
Patch0593: 0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch
Patch0594: 0594-core-Detect-initial-timer-state-from-serialized-data.patch
Patch0595: 0595-rc-local-order-after-network-online.target.patch
Patch0596: 0596-set-core-ulimit-to-0-like-on-RHEL-7.patch
Patch0597: 0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
%ifarch %{ix86} x86_64 aarch64
@ -648,7 +679,6 @@ BuildRequires: libgpg-error-devel
BuildRequires: gnutls-devel
BuildRequires: libmicrohttpd-devel
BuildRequires: libxkbcommon-devel
BuildRequires: iptables-devel
BuildRequires: libxslt
BuildRequires: docbook-style-xsl
BuildRequires: pkgconfig
@ -670,6 +700,8 @@ Requires(post): coreutils
Requires(post): sed
Requires(post): acl
Requires(post): grep
# systemd-machine-id-setup requires libssl
Requires(post): openssl-libs
Requires(pre): coreutils
Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd
@ -856,7 +888,7 @@ CONFIGURE_OPTS=(
-Dgnutls=true
-Dmicrohttpd=true
-Dlibidn2=true
-Dlibiptc=true
-Dlibiptc=false
-Dlibcurl=true
-Defi=true
-Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false}
@ -1076,16 +1108,14 @@ if [ -e /etc/fstab ]; then
sed -i.rpm.bak -r '/^devpts\s+\/dev\/pts\s+devpts\s+defaults\s+/d; /^tmpfs\s+\/dev\/shm\s+tmpfs\s+defaults\s+/d; /^sysfs\s+\/sys\s+sysfs\s+defaults\s+/d; /^proc\s+\/proc\s+proc\s+defaults\s+/d' /etc/fstab || :
fi
# Services we install by default, and which are controlled by presets.
# We reset the enablement of all services upon initial installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23
# This will fix up enablement of any preset services that got installed
# before systemd due to rpm ordering problems:
# Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1647172
# RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1783263
if [ $1 -eq 1 ] ; then
systemctl preset --quiet \
remote-fs.target \
getty@.service \
serial-getty@.service \
console-getty.service \
debug-shell.service \
systemd-resolved.service \
>/dev/null || :
systemctl preset-all &>/dev/null || :
fi
# remove obsolete systemd-readahead file
@ -1244,32 +1274,71 @@ fi
%files tests -f .file-list-tests
%changelog
* Tue May 25 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-45.1
- Revert "udev: run link_update() with increased retry count in second invocation" (#1963980)
- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1963980)
- test/udev-test.pl: drop test cases that add mutliple devices (#1963980)
* Thu Jun 24 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-48
- cgroup: Also set io.bfq.weight (#1927290)
- seccomp: allow turning off of seccomp filtering via env var (#1916835)
- meson: remove strange dep that causes meson to enter infinite loop (#1970860)
- copy: handle copy_file_range() weirdness on procfs/sysfs (#1970860)
- core: Hide "Deactivated successfully" message (#1954802)
- util: rework in_initrd() to make use of path_is_temporary_fs() (#1959339)
- initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs (#1959339)
- initrd: do a debug log if failed to detect rootfs type (#1959339)
- initrd: do a debug log if /etc/initrd-release doesn't take effect (#1959339)
- units: assign user-runtime-dir@.service to user-%i.slice (#1946453)
- units: order user-runtime-dir@.service after systemd-user-sessions.service (#1946453)
- units: make sure user-runtime-dir@.service is Type=oneshot (#1946453)
- user-runtime-dir: downgrade a few log messages to LOG_DEBUG that we ignore (#1946453)
- shared/install: Preserve escape characters for escaped unit names (#1952686)
- basic/virt: Detect PowerVM hypervisor (#1937989)
- man: document differences in clean exit status for Type=oneshot (#1940078)
- busctl: add a timestamp to the output of the busctl monitor command (#1909214)
- basic/cap-list: parse/print numerical capabilities (#1946943)
- shared/mount-util: convert to libmount (#1885143)
- mount-util: bind_remount: avoid calling statvfs (#1885143)
- mount-util: use UMOUNT_NOFOLLOW in recursive umounter (#1885143)
- test-install-root: create referenced targets (#1835351)
- install: warn if WantedBy targets don't exist (#1835351)
- test-install-root: add test for unknown WantedBy= target (#1835351)
- ceph is a network filesystem (#1952013)
- sysctl: set kernel.core_pipe_limit=16 (#1949729)
- core: don't drop timer expired but not yet processed when system date is changed (#1899402)
- core: Detect initial timer state from serialized data (#1899402)
- rc-local: order after network-online.target (#1934028)
- set core ulimit to 0 like on RHEL-7 (#1905582)
- test-mountpointutil-util: do not assert in test_mnt_id() (#1910425)
* Fri Jun 04 2021 Jan Macku <jamacku@redhat.com> - 239-47
- systemd-binfmt: Add safeguard in triggers (#1787144)
- spec: Requires(post) openssl-libs to fix missing /etc/machine-id (#1947438)
- spec: Go back to using systemctl preset-all in post (#1783263, #1647172, #1118740)
- spec: Disable libiptc support (#1817265)
* Wed May 19 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-46
- Revert "udev: run link_update() with increased retry count in second invocation" (#1942299)
- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1942299)
- test/udev-test.pl: drop test cases that add mutliple devices (#1942299)
* Thu Mar 11 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-45
- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1931947)
- test/sys-script.py: add missing DEVNAME entries to uevents (#1931947)
- sd-event: split out helper functions for reshuffling prioqs (#1819868)
- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1819868)
- sd-event: mention that two debug logged events are ignored (#1819868)
- sd-event: split clock data allocation out of sd_event_add_time() (#1819868)
- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1819868)
- sd-event: fix delays assert brain-o (#17790) (#1819868)
- sd-event: let's suffix last_run/last_log with "_usec" (#1819868)
- sd-event: refuse running default event loops in any other thread than the one they are default for (#1819868)
- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1819868)
- sd-event: follow coding style with naming return parameter (#1819868)
- sd-event: remove earliest_index/latest_index into common part of event source objects (#1819868)
- sd-event: update state at the end in event_source_enable (#1819868)
- sd-event: increase n_enabled_child_sources just once (#1819868)
- sd-event: add ability to ratelimit event sources (#1819868)
- test: add ratelimiting test (#1819868)
- core: prevent excessive /proc/self/mountinfo parsing (#1819868)
- udev: run link_update() with increased retry count in second invocation (#1931947)
- pam-systemd: use secure_getenv() rather than getenv() (#1687514)
- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1935124)
- test/sys-script.py: add missing DEVNAME entries to uevents (#1935124)
- sd-event: split out helper functions for reshuffling prioqs (#1937315)
- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1937315)
- sd-event: mention that two debug logged events are ignored (#1937315)
- sd-event: split clock data allocation out of sd_event_add_time() (#1937315)
- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1937315)
- sd-event: fix delays assert brain-o (#17790) (#1937315)
- sd-event: let's suffix last_run/last_log with "_usec" (#1937315)
- sd-event: refuse running default event loops in any other thread than the one they are default for (#1937315)
- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1937315)
- sd-event: follow coding style with naming return parameter (#1937315)
- sd-event: remove earliest_index/latest_index into common part of event source objects (#1937315)
- sd-event: update state at the end in event_source_enable (#1937315)
- sd-event: increase n_enabled_child_sources just once (#1937315)
- sd-event: add ability to ratelimit event sources (#1937315)
- test: add ratelimiting test (#1937315)
- core: prevent excessive /proc/self/mountinfo parsing (#1937315)
- udev: run link_update() with increased retry count in second invocation (#1935124)
- pam-systemd: use secure_getenv() rather than getenv() (#1936866)
* Thu Jan 28 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-44
- ci: PowerTools repo was renamed to powertools in RHEL 8.3 (#1871827)