rpms/systemd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-74.el8_8.2

Browse Source
This commit is contained in:
Andrew Lukoshko 2023-06-29 19:09:24 +00:00
parent 020374c810
commit 8bfaff043a
8 changed files with 809 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
SOURCES/0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch Normal file
View File

@ -0,0 +1,113 @@
From e0488facf5b6e1faa292460548cfe0d7c542918d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 31 Aug 2020 19:37:13 +0200
Subject: [PATCH] pager: set $LESSSECURE whenver we invoke a pager
Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.
Prompted by #5666
(cherry picked from commit 612ebf6c913dd0e4197c44909cb3157f5c51a2f0)
Related: #2175623
---
man/less-variables.xml | 8 ++++++++
man/systemctl.xml | 1 +
man/systemd.xml | 2 ++
src/basic/pager.c | 23 +++++++++++++++++++++--
4 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/man/less-variables.xml b/man/less-variables.xml
index a3faa38997..9dad4247da 100644
--- a/man/less-variables.xml
+++ b/man/less-variables.xml
@@ -36,5 +36,13 @@
the invoking terminal is determined to be UTF-8 compatible).</para></listitem>
</varlistentry>
+ <varlistentry id='lesssecure'>
+ <term><varname>$SYSTEMD_LESSSECURE</varname></term>
+
+ <listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
+ variable when invoking the pager, which controls the "secure" mode of less (which disables commands
+ such as <literal>|</literal> which allow to easily shell out to external command lines). By default
+ less secure mode is enabled, with this setting it may be disabled.</para></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/man/systemctl.xml b/man/systemctl.xml
index a71e6c7c4f..abc386e6fb 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -2010,6 +2010,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<xi:include href="less-variables.xml" xpointer="pager"/>
<xi:include href="less-variables.xml" xpointer="less"/>
<xi:include href="less-variables.xml" xpointer="lesscharset"/>
+ <xi:include href="less-variables.xml" xpointer="lesssecure"/>
</refsect1>
<refsect1>
diff --git a/man/systemd.xml b/man/systemd.xml
index 17ab59beb5..66ae4d841d 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -862,6 +862,8 @@
</listitem>
</varlistentry>
+ <xi:include href="less-variables.xml" xpointer="lesssecure"/>
+
<varlistentry>
<term><varname>$LISTEN_PID</varname></term>
<term><varname>$LISTEN_FDS</varname></term>
diff --git a/src/basic/pager.c b/src/basic/pager.c
index f241261119..4efb01c483 100644
--- a/src/basic/pager.c
+++ b/src/basic/pager.c
@@ -11,6 +11,7 @@
#include <unistd.h>
#include "copy.h"
+#include "env-util.h"
#include "fd-util.h"
#include "locale-util.h"
#include "log.h"
@@ -94,8 +95,7 @@ int pager_open(bool no_pager, bool jump_to_end) {
if (setenv("LESS", less_opts, 1) < 0)
_exit(EXIT_FAILURE);
- /* Initialize a good charset for less. This is
- * particularly important if we output UTF-8
+ /* Initialize a good charset for less. This is particularly important if we output UTF-8
* characters. */
less_charset = getenv("SYSTEMD_LESSCHARSET");
if (!less_charset && is_locale_utf8())
@@ -104,6 +104,25 @@ int pager_open(bool no_pager, bool jump_to_end) {
setenv("LESSCHARSET", less_charset, 1) < 0)
_exit(EXIT_FAILURE);
+ /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
+ * privileged stuff. */
+ r = getenv_bool("SYSTEMD_LESSSECURE");
+ if (r == 0) { /* Remove env var if off */
+ if (unsetenv("LESSSECURE") < 0) {
+ log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
+ _exit(EXIT_FAILURE);
+ }
+ } else {
+ /* Set env var otherwise */
+ if (r < 0)
+ log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
+
+ if (setenv("LESSSECURE", "1", 1) < 0) {
+ log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
+ _exit(EXIT_FAILURE);
+ }
+ }
+
if (pager) {
execlp(pager, pager, NULL);
execl("/bin/sh", "sh", "-c", pager, NULL);

264
SOURCES/0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch Normal file
View File

@ -0,0 +1,264 @@
From cd2d72208df18c0894d2e6eea0656603e326f9cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 12 Oct 2020 18:57:32 +0200
Subject: [PATCH] test-login: always test sd_pid_get_owner_uid(), modernize
A long time some function only worked when in a session, and the test
didn't execute them when sd_pid_get_session() failed. Let's always call
them to increase coverage.
While at it, let's test for ==0 not >=0 where we don't expect the function
to return anything except 0 or error.
(cherry picked from commit 1b5b507cd2d1d7a2b053151abb548475ad9c5c3b)
Related: #2175623
---
src/libsystemd/sd-login/test-login.c | 132 ++++++++++++++-------------
1 file changed, 71 insertions(+), 61 deletions(-)
diff --git a/src/libsystemd/sd-login/test-login.c b/src/libsystemd/sd-login/test-login.c
index ccb1905a46..60ef889ec0 100644
--- a/src/libsystemd/sd-login/test-login.c
+++ b/src/libsystemd/sd-login/test-login.c
@@ -8,20 +8,22 @@
#include "sd-login.h"
#include "alloc-util.h"
+#include "errno-list.h"
#include "fd-util.h"
#include "format-util.h"
#include "log.h"
#include "string-util.h"
#include "strv.h"
-#include "util.h"
+#include "time-util.h"
+#include "user-util.h"
static char* format_uids(char **buf, uid_t* uids, int count) {
- int pos = 0, k, inc;
+ int pos = 0, inc;
size_t size = (DECIMAL_STR_MAX(uid_t) + 1) * count + 1;
assert_se(*buf = malloc(size));
- for (k = 0; k < count; k++) {
+ for (int k = 0; k < count; k++) {
sprintf(*buf + pos, "%s"UID_FMT"%n", k > 0 ? " " : "", uids[k], &inc);
pos += inc;
}
@@ -32,6 +34,10 @@ static char* format_uids(char **buf, uid_t* uids, int count) {
return *buf;
}
+static const char *e(int r) {
+ return r == 0 ? "OK" : errno_to_name(r);
+}
+
static void test_login(void) {
_cleanup_close_pair_ int pair[2] = { -1, -1 };
_cleanup_free_ char *pp = NULL, *qq = NULL,
@@ -41,65 +47,71 @@ static void test_login(void) {
*seat = NULL, *session = NULL,
*unit = NULL, *user_unit = NULL, *slice = NULL;
int r;
- uid_t u, u2;
- char *t, **seats, **sessions;
+ uid_t u, u2 = UID_INVALID;
+ char *t, **seats = NULL, **sessions = NULL;
r = sd_pid_get_unit(0, &unit);
- assert_se(r >= 0 || r == -ENODATA);
- log_info("sd_pid_get_unit(0, …) → \"%s\"", strna(unit));
+ log_info("sd_pid_get_unit(0, …) → %s / \"%s\"", e(r), strnull(unit));
+ assert_se(IN_SET(r, 0, -ENODATA));
r = sd_pid_get_user_unit(0, &user_unit);
- assert_se(r >= 0 || r == -ENODATA);
- log_info("sd_pid_get_user_unit(0, …) → \"%s\"", strna(user_unit));
+ log_info("sd_pid_get_user_unit(0, …) → %s / \"%s\"", e(r), strnull(user_unit));
+ assert_se(IN_SET(r, 0, -ENODATA));
r = sd_pid_get_slice(0, &slice);
- assert_se(r >= 0 || r == -ENODATA);
- log_info("sd_pid_get_slice(0, …) → \"%s\"", strna(slice));
+ log_info("sd_pid_get_slice(0, …) → %s / \"%s\"", e(r), strnull(slice));
+ assert_se(IN_SET(r, 0, -ENODATA));
+
+ r = sd_pid_get_owner_uid(0, &u2);
+ log_info("sd_pid_get_owner_uid(0, …) → %s / "UID_FMT, e(r), u2);
+ assert_se(IN_SET(r, 0, -ENODATA));
r = sd_pid_get_session(0, &session);
- if (r < 0) {
- log_warning_errno(r, "sd_pid_get_session(0, …): %m");
- if (r == -ENODATA)
- log_info("Seems we are not running in a session, skipping some tests.");
- } else {
- log_info("sd_pid_get_session(0, …) → \"%s\"", session);
-
- assert_se(sd_pid_get_owner_uid(0, &u2) == 0);
- log_info("sd_pid_get_owner_uid(0, …) → "UID_FMT, u2);
-
- assert_se(sd_pid_get_cgroup(0, &cgroup) == 0);
- log_info("sd_pid_get_cgroup(0, …) → \"%s\"", cgroup);
-
- r = sd_uid_get_display(u2, &display_session);
- assert_se(r >= 0 || r == -ENODATA);
- log_info("sd_uid_get_display("UID_FMT", …) → \"%s\"",
- u2, strnull(display_session));
-
- assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0);
- sd_peer_get_session(pair[0], &pp);
- sd_peer_get_session(pair[1], &qq);
- assert_se(streq_ptr(pp, qq));
-
- r = sd_uid_get_sessions(u2, false, &sessions);
+ log_info("sd_pid_get_session(0, …) → %s / \"%s\"", e(r), strnull(session));
+
+ r = sd_pid_get_cgroup(0, &cgroup);
+ log_info("sd_pid_get_cgroup(0, …) → %s / \"%s\"", e(r), strnull(cgroup));
+ assert_se(r == 0);
+
+ r = sd_uid_get_display(u2, &display_session);
+ log_info("sd_uid_get_display("UID_FMT", …) → %s / \"%s\"", u2, e(r), strnull(display_session));
+ if (u2 == UID_INVALID)
+ assert_se(r == -EINVAL);
+ else
+ assert_se(IN_SET(r, 0, -ENODATA));
+
+ assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0);
+ sd_peer_get_session(pair[0], &pp);
+ sd_peer_get_session(pair[1], &qq);
+ assert_se(streq_ptr(pp, qq));
+
+ r = sd_uid_get_sessions(u2, false, &sessions);
+ assert_se(t = strv_join(sessions, " "));
+ log_info("sd_uid_get_sessions("UID_FMT", …) → %s \"%s\"", u2, e(r), t);
+ if (u2 == UID_INVALID)
+ assert_se(r == -EINVAL);
+ else {
assert_se(r >= 0);
assert_se(r == (int) strv_length(sessions));
- assert_se(t = strv_join(sessions, " "));
- strv_free(sessions);
- log_info("sd_uid_get_sessions("UID_FMT", …) → [%i] \"%s\"", u2, r, t);
- free(t);
+ }
+ sessions = strv_free(sessions);
+ free(t);
- assert_se(r == sd_uid_get_sessions(u2, false, NULL));
+ assert_se(r == sd_uid_get_sessions(u2, false, NULL));
- r = sd_uid_get_seats(u2, false, &seats);
+ r = sd_uid_get_seats(u2, false, &seats);
+ assert_se(t = strv_join(seats, " "));
+ log_info("sd_uid_get_seats("UID_FMT", …) → %s \"%s\"", u2, e(r), t);
+ if (u2 == UID_INVALID)
+ assert_se(r == -EINVAL);
+ else {
assert_se(r >= 0);
assert_se(r == (int) strv_length(seats));
- assert_se(t = strv_join(seats, " "));
- strv_free(seats);
- log_info("sd_uid_get_seats("UID_FMT", …) → [%i] \"%s\"", u2, r, t);
- free(t);
-
- assert_se(r == sd_uid_get_seats(u2, false, NULL));
}
+ seats = strv_free(seats);
+ free(t);
+
+ assert_se(r == sd_uid_get_seats(u2, false, NULL));
if (session) {
r = sd_session_is_active(session);
@@ -111,7 +123,7 @@ static void test_login(void) {
log_info("sd_session_is_remote(\"%s\") → %s", session, yes_no(r));
r = sd_session_get_state(session, &state);
- assert_se(r >= 0);
+ assert_se(r == 0);
log_info("sd_session_get_state(\"%s\") → \"%s\"", session, state);
assert_se(sd_session_get_uid(session, &u) >= 0);
@@ -125,16 +137,16 @@ static void test_login(void) {
log_info("sd_session_get_class(\"%s\") → \"%s\"", session, class);
r = sd_session_get_display(session, &display);
- assert_se(r >= 0 || r == -ENODATA);
+ assert_se(IN_SET(r, 0, -ENODATA));
log_info("sd_session_get_display(\"%s\") → \"%s\"", session, strna(display));
r = sd_session_get_remote_user(session, &remote_user);
- assert_se(r >= 0 || r == -ENODATA);
+ assert_se(IN_SET(r, 0, -ENODATA));
log_info("sd_session_get_remote_user(\"%s\") → \"%s\"",
session, strna(remote_user));
r = sd_session_get_remote_host(session, &remote_host);
- assert_se(r >= 0 || r == -ENODATA);
+ assert_se(IN_SET(r, 0, -ENODATA));
log_info("sd_session_get_remote_host(\"%s\") → \"%s\"",
session, strna(remote_host));
@@ -160,7 +172,7 @@ static void test_login(void) {
assert_se(r == -ENODATA);
}
- assert_se(sd_uid_get_state(u, &state2) >= 0);
+ assert_se(sd_uid_get_state(u, &state2) == 0);
log_info("sd_uid_get_state("UID_FMT", …) → %s", u, state2);
}
@@ -172,11 +184,11 @@ static void test_login(void) {
assert_se(sd_uid_is_on_seat(u, 0, seat) > 0);
r = sd_seat_get_active(seat, &session2, &u2);
- assert_se(r >= 0);
+ assert_se(r == 0);
log_info("sd_seat_get_active(\"%s\", …) → \"%s\", "UID_FMT, seat, session2, u2);
r = sd_uid_is_on_seat(u, 1, seat);
- assert_se(r >= 0);
+ assert_se(IN_SET(r, 0, 1));
assert_se(!!r == streq(session, session2));
r = sd_seat_get_sessions(seat, &sessions, &uids, &n);
@@ -184,8 +196,8 @@ static void test_login(void) {
assert_se(r == (int) strv_length(sessions));
assert_se(t = strv_join(sessions, " "));
strv_free(sessions);
- log_info("sd_seat_get_sessions(\"%s\", …) → %i, \"%s\", [%i] {%s}",
- seat, r, t, n, format_uids(&buf, uids, n));
+ log_info("sd_seat_get_sessions(\"%s\", …) → %s, \"%s\", [%u] {%s}",
+ seat, e(r), t, n, format_uids(&buf, uids, n));
free(t);
assert_se(sd_seat_get_sessions(seat, NULL, NULL, NULL) == r);
@@ -203,7 +215,7 @@ static void test_login(void) {
r = sd_seat_get_active(NULL, &t, NULL);
assert_se(IN_SET(r, 0, -ENODATA));
- log_info("sd_seat_get_active(NULL, …) (active session on current seat) → %s", strnull(t));
+ log_info("sd_seat_get_active(NULL, …) (active session on current seat) → %s / \"%s\"", e(r), strnull(t));
free(t);
r = sd_get_sessions(&sessions);
@@ -243,13 +255,11 @@ static void test_login(void) {
static void test_monitor(void) {
sd_login_monitor *m = NULL;
- unsigned n;
int r;
- r = sd_login_monitor_new("session", &m);
- assert_se(r >= 0);
+ assert_se(sd_login_monitor_new("session", &m) == 0);
- for (n = 0; n < 5; n++) {
+ for (unsigned n = 0; n < 5; n++) {
struct pollfd pollfd = {};
usec_t timeout, nw;

198
SOURCES/0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch Normal file
View File

@ -0,0 +1,198 @@
From 9c8a6018ed4a4da6efb1fc6958e70f9324bb5b1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Oct 2020 11:15:05 +0200
Subject: [PATCH] pager: make pager secure when under euid is changed or
explicitly requested
The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about
less now), and we automatically enable secure mode in certain cases, but not
otherwise.
This approach is more nuanced, but should provide a better experience for
users:
- Previusly we would set LESSSECURE=1 and trust the pager to make use of
it. But this has an effect only on less. We need to not start pagers which
are insecure when in secure mode. In particular more is like that and is a
very popular pager.
- We don't enable secure mode always, which means that those other pagers can
reasonably used.
- We do the right thing by default, but the user has ultimate control by
setting SYSTEMD_PAGERSECURE.
Fixes #5666.
v2:
- also check $PKEXEC_UID
v3:
- use 'sd_pid_get_owner_uid() != geteuid()' as the condition
(cherry picked from commit 0a42426d797406b4b01a0d9c13bb759c2629d108)
Resolves: #2175623
---
man/less-variables.xml | 28 ++++++++++++++---
meson.build | 3 +-
src/basic/pager.c | 69 +++++++++++++++++++++++++++---------------
3 files changed, 69 insertions(+), 31 deletions(-)
diff --git a/man/less-variables.xml b/man/less-variables.xml
index 9dad4247da..5f3a53c8dd 100644
--- a/man/less-variables.xml
+++ b/man/less-variables.xml
@@ -37,12 +37,30 @@
</varlistentry>
<varlistentry id='lesssecure'>
- <term><varname>$SYSTEMD_LESSSECURE</varname></term>
+ <term><varname>$SYSTEMD_PAGERSECURE</varname></term>
- <listitem><para>Takes a boolean argument. Overrides the <varname>$LESSSECURE</varname> environment
- variable when invoking the pager, which controls the "secure" mode of less (which disables commands
- such as <literal>|</literal> which allow to easily shell out to external command lines). By default
- less secure mode is enabled, with this setting it may be disabled.</para></listitem>
+ <listitem><para>Takes a boolean argument. When true, the "secure" mode of the pager is enabled; if
+ false, disabled. If <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, secure mode is enabled
+ if the effective UID is not the same as the owner of the login session, see <citerefentry
+ project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry> and
+ <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ In secure mode, <option>LESSSECURE=1</option> will be set when invoking the pager, and the pager shall
+ disable commands that open or create new files or start new subprocesses. When
+ <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, pagers which are not known to implement
+ secure mode will not be used. (Currently only
+ <citerefentry><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry> implements
+ secure mode.)</para>
+
+ <para>Note: when commands are invoked with elevated privileges, for example under <citerefentry
+ project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
+ <citerefentry
+ project='die-net'><refentrytitle>pkexec</refentrytitle><manvolnum>1</manvolnum></citerefentry>, care
+ must be taken to ensure that unintended interactive features are not enabled. "Secure" mode for the
+ pager may be enabled automatically as describe above. Setting <varname>SYSTEMD_PAGERSECURE=0</varname>
+ or not removing it from the inherited environment allows the user to invoke arbitrary commands. Note
+ that if the <varname>$SYSTEMD_PAGER</varname> or <varname>$PAGER</varname> variables are to be
+ honoured, <varname>$SYSTEMD_PAGERSECURE</varname> must be set too. It might be reasonable to completly
+ disable the pager using <option>--no-pager</option> instead.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
diff --git a/meson.build b/meson.build
index 673800a1a7..d986dd24ac 100644
--- a/meson.build
+++ b/meson.build
@@ -1467,7 +1467,8 @@ test_dlopen = executable(
'test-dlopen',
test_dlopen_c,
include_directories : includes,
- link_with : [libbasic],
+ link_with : [libsystemd_static,
+ libbasic],
dependencies : [libdl])
foreach tuple : [['myhostname', 'ENABLE_NSS_MYHOSTNAME'],
diff --git a/src/basic/pager.c b/src/basic/pager.c
index 4efb01c483..c7e101235d 100644
--- a/src/basic/pager.c
+++ b/src/basic/pager.c
@@ -10,6 +10,8 @@
#include <sys/prctl.h>
#include <unistd.h>
+#include "sd-login.h"
+
#include "copy.h"
#include "env-util.h"
#include "fd-util.h"
@@ -79,7 +81,7 @@ int pager_open(bool no_pager, bool jump_to_end) {
if (r < 0)
return r;
if (r == 0) {
- const char* less_opts, *less_charset;
+ const char* less_opts, *less_charset, *exe;
/* In the child start the pager */
@@ -105,39 +107,56 @@ int pager_open(bool no_pager, bool jump_to_end) {
_exit(EXIT_FAILURE);
/* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
- * privileged stuff. */
- r = getenv_bool("SYSTEMD_LESSSECURE");
- if (r == 0) { /* Remove env var if off */
- if (unsetenv("LESSSECURE") < 0) {
- log_error_errno(errno, "Failed to uset environment variable LESSSECURE: %m");
- _exit(EXIT_FAILURE);
- }
- } else {
- /* Set env var otherwise */
+ * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
+ * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
+ * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
+ * know to be good. */
+ int use_secure_mode = getenv_bool("SYSTEMD_PAGERSECURE");
+ bool trust_pager = use_secure_mode >= 0;
+ if (use_secure_mode == -ENXIO) {
+ uid_t uid;
+
+ r = sd_pid_get_owner_uid(0, &uid);
if (r < 0)
- log_warning_errno(r, "Unable to parse $SYSTEMD_LESSSECURE, ignoring: %m");
+ log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
+
+ use_secure_mode = r < 0 || uid != geteuid();
+
+ } else if (use_secure_mode < 0) {
+ log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
+ use_secure_mode = true;
+ }
- if (setenv("LESSSECURE", "1", 1) < 0) {
- log_error_errno(errno, "Failed to set environment variable LESSSECURE: %m");
- _exit(EXIT_FAILURE);
- }
+ /* We generally always set variables used by less, even if we end up using a different pager.
+ * They shouldn't hurt in any case, and ideally other pagers would look at them too. */
+ if (use_secure_mode)
+ r = setenv("LESSSECURE", "1", 1);
+ else
+ r = unsetenv("LESSSECURE");
+ if (r < 0) {
+ log_error_errno(errno, "Failed to adjust environment variable LESSSECURE: %m");
+ _exit(EXIT_FAILURE);
}
- if (pager) {
+ if (trust_pager && pager) { /* The pager config might be set globally, and we cannot
+ * know if the user adjusted it to be appropriate for the
+ * secure mode. Thus, start the pager specified through
+ * envvars only when $SYSTEMD_PAGERSECURE was explicitly set
+ * as well. */
execlp(pager, pager, NULL);
execl("/bin/sh", "sh", "-c", pager, NULL);
}
- /* Debian's alternatives command for pagers is
- * called 'pager'. Note that we do not call
- * sensible-pagers here, since that is just a
- * shell script that implements a logic that
- * is similar to this one anyway, but is
- * Debian-specific. */
- execlp("pager", "pager", NULL);
+ /* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
+ * sensible-pagers here, since that is just a shell script that implements a logic that is
+ * similar to this one anyway, but is Debian-specific. */
+ FOREACH_STRING(exe, "pager", "less", "more") {
+ /* Only less implements secure mode right now. */
+ if (use_secure_mode && !streq(exe, "less"))
+ continue;
- execlp("less", "less", NULL);
- execlp("more", "more", NULL);
+ execlp(exe, exe, NULL);
+ }
pager_fallback();
/* not reached */

30
SOURCES/0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch Normal file
View File

@ -0,0 +1,30 @@
From 1d8931bb5d65e9f77b470835786a97f814bd93ea Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@canonical.com>
Date: Fri, 23 Oct 2020 15:50:28 -0400
Subject: [PATCH] test: ignore ENOMEDIUM error from sd_pid_get_cgroup()
Ubuntu builds on the Launchpad infrastructure run inside a chroot that does
not have the sysfs cgroup dirs mounted, so this call will return ENOMEDIUM
from cg_unified_cached() during the build-time testing, for example when
building the package in a Launchpad PPA.
(cherry picked from commit 352ab9d74049b4ac694fdba1a6e67339f12ded93)
Related: #2175623
---
src/libsystemd/sd-login/test-login.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-login/test-login.c b/src/libsystemd/sd-login/test-login.c
index 60ef889ec0..d24a04ccc8 100644
--- a/src/libsystemd/sd-login/test-login.c
+++ b/src/libsystemd/sd-login/test-login.c
@@ -71,7 +71,7 @@ static void test_login(void) {
r = sd_pid_get_cgroup(0, &cgroup);
log_info("sd_pid_get_cgroup(0, …) → %s / \"%s\"", e(r), strnull(cgroup));
- assert_se(r == 0);
+ assert_se(IN_SET(r, 0, -ENOMEDIUM));
r = sd_uid_get_display(u2, &display_session);
log_info("sd_uid_get_display("UID_FMT", …) → %s / \"%s\"", u2, e(r), strnull(display_session));

31
SOURCES/0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch Normal file
View File

@ -0,0 +1,31 @@
From 5bb3dd9c96b55a4a9da23ed96b5a2681d82dc500 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 26 Apr 2023 20:07:10 +0200
Subject: [PATCH] pstore: fix crash and forward dummy arguments instead of NULL
[msekleta: in our version of systemd "const char path*" argument of
path_join() can't be NULL. Here we don't really want any subdirs paths
passed into move_file(), but we can't just pass NULL pointers because
they will be forwarded to path_join(). Hence, let's just pass "/"
instead.]
rhel-only
Related: #2190153
---
src/pstore/pstore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pstore/pstore.c b/src/pstore/pstore.c
index 9f61e8f7f8..5335c9f92d 100644
--- a/src/pstore/pstore.c
+++ b/src/pstore/pstore.c
@@ -366,7 +366,7 @@ static int run(int argc, char *argv[]) {
/* Move left over files out of pstore */
for (size_t n = 0; n < list.n_entries; n++)
- (void) move_file(&list.entries[n], NULL, NULL);
+ (void) move_file(&list.entries[n], "/", "/");
return 0;
}

51
SOURCES/0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch Normal file
View File

@ -0,0 +1,51 @@
From d78272e6c2dddcbca891cb5d561f23ff766486a8 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 24 Apr 2023 15:13:08 +0200
Subject: [PATCH] ci: workflow for gathering metadata for source-git automation
Workflow gathers metadata like pull request numbers and information about commits.
This metadata is used for commit validation and other actions.
This workflow also triggers for rest of the source-git automation workflows.
rhel-only
Related: #2190153
---
.github/workflows/gather-metadata.yml | 28 +++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 .github/workflows/gather-metadata.yml
diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml
new file mode 100644
index 0000000000..f432f41811
--- /dev/null
+++ b/.github/workflows/gather-metadata.yml
@@ -0,0 +1,28 @@
+name: Gather Pull Request Metadata
+on:
+ pull_request:
+ types: [ opened, reopened, synchronize ]
+ branches:
+ - main
+ - rhel-8.*.0
+
+permissions:
+ contents: read
+
+jobs:
+ gather-metadata:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v3
+
+ - id: Metadata
+ name: Gather Pull Request Metadata
+ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
+
+ - name: Upload artifact with gathered metadata
+ uses: actions/upload-artifact@v3
+ with:
+ name: pr-metadata
+ path: ${{ steps.Metadata.outputs.metadata-file }}

103
SOURCES/0911-ci-first-part-of-the-source-git-automation-commit-li.patch Normal file
View File

@ -0,0 +1,103 @@
From e08bdd25344ed475f48d22a1c303421e19489427 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 24 Apr 2023 15:15:00 +0200
Subject: [PATCH] ci: first part of the source-git automation - commit linter
Add a GitHub Workflow that is triggered on `workflow_run` events.
It uses metadata provided by `redhat-plumbers-in-action/gather-pull-request-metadata`
GitHub Action to get the PR number and the commit metadata.
The commit metadata is then used to check if the commit message contains
all required information (tracker and upstream reference). GitHub Action
responsible for commit verification `redhat-plumbers-in-action/advanced-commit-linter`
is configured via the `advanced-commit-linter.yml` file.
rhel-only
Related: #2190153
---
.github/advanced-commit-linter.yml | 23 +++++++++++
.github/workflows/source-git-automation.yml | 45 +++++++++++++++++++++
2 files changed, 68 insertions(+)
create mode 100644 .github/advanced-commit-linter.yml
create mode 100644 .github/workflows/source-git-automation.yml
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
new file mode 100644
index 0000000000..491836abbb
--- /dev/null
+++ b/.github/advanced-commit-linter.yml
@@ -0,0 +1,23 @@
+policy:
+ cherry-pick:
+ upstream:
+ - github: systemd/systemd
+ - github: systemd/systemd-stable
+ exception:
+ note:
+ - rhel-only
+ tracker:
+ - keyword:
+ - 'Resolves: #?'
+ - 'Related: #?'
+ - 'Reverts: #?'
+ issue-format:
+ - '\d+$'
+ url: 'https://bugzilla.redhat.com/show_bug.cgi?id='
+ - keyword:
+ - 'Resolves: '
+ - 'Related: '
+ - 'Reverts: '
+ issue-format:
+ - 'RHEL-\d+$'
+ url: 'https://issues.redhat.com/browse/'
diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml
new file mode 100644
index 0000000000..140f21b116
--- /dev/null
+++ b/.github/workflows/source-git-automation.yml
@@ -0,0 +1,45 @@
+name: Source git Automation
+on:
+ workflow_run:
+ workflows: [ Gather Pull Request Metadata ]
+ types:
+ - completed
+
+permissions:
+ contents: read
+
+jobs:
+ download-metadata:
+ if: >
+ github.event.workflow_run.event == 'pull_request' &&
+ github.event.workflow_run.conclusion == 'success'
+ runs-on: ubuntu-latest
+
+ outputs:
+ pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }}
+
+ steps:
+ - id: Artifact
+ name: Download Artifact
+ uses: redhat-plumbers-in-action/download-artifact@v1
+ with:
+ name: pr-metadata
+
+ commit-linter:
+ needs: [ download-metadata ]
+ runs-on: ubuntu-latest
+
+ outputs:
+ validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }}
+
+ permissions:
+ statuses: write
+ pull-requests: write
+
+ steps:
+ - id: commit-linter
+ name: Lint Commits
+ uses: redhat-plumbers-in-action/advanced-commit-linter@v1
+ with:
+ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
+ token: ${{ secrets.GITHUB_TOKEN }}

20
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 74%{?dist}
Release: 74%{?dist}.2
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -954,6 +954,13 @@ Patch0901: 0901-man-document-the-new-_LINE_BREAK-type.patch
Patch0902: 0902-journald-server-always-create-state-file-in-signal-h.patch
Patch0903: 0903-journald-server-move-relinquish-code-into-function.patch
Patch0904: 0904-journald-server-always-touch-state-file-in-signal-ha.patch
Patch0905: 0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch
Patch0906: 0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch
Patch0907: 0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch
Patch0908: 0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch
Patch0909: 0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch
Patch0910: 0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch
Patch0911: 0911-ci-first-part-of-the-source-git-automation-commit-li.patch
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
@ -1584,6 +1591,17 @@ fi
%files tests -f .file-list-tests
%changelog
* Thu May 18 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-74.2
- pstore: fix crash and forward dummy arguments instead of NULL (#2190153)
- ci: workflow for gathering metadata for source-git automation (#2190153)
- ci: first part of the source-git automation - commit linter (#2190153)
* Tue Apr 18 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-74.1
- pager: set $LESSSECURE whenver we invoke a pager (#2175623)
- test-login: always test sd_pid_get_owner_uid(), modernize (#2175623)
- pager: make pager secure when under euid is changed or explicitly requested (#2175623)
- test: ignore ENOMEDIUM error from sd_pid_get_cgroup() (#2175623)
* Tue Mar 14 2023 systemd maintenance team <systemd-maint@redhat.com> - 239-74
- journald-server: always create state file in signal handler (#2174645)
- journald-server: move relinquish code into function (#2174645)