rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Version 230

Browse Source
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-05-21 19:13:20 -04:00
parent 8efe61bc18
commit 8f6ec2ee91
27 changed files with 13 additions and 1795 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch
View File

@ -1,76 +0,0 @@
From d15dd311752fcafa92d2e6a00c582020dc0f6ac3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Feb 2016 21:29:01 +0100
Subject: [PATCH] time-util: map ALARM clockids to non-ALARM clockids in now()
Fixes: #2597
(cherry picked from commit 32c1f5a57998f2a9e1992af006b83e39e3155830)
---
src/basic/time-util.c | 24 ++++++++++++++++++++++--
src/libsystemd/sd-event/sd-event.c | 6 +++++-
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 3973850b44..510f018d9b 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -42,10 +42,30 @@
static nsec_t timespec_load_nsec(const struct timespec *ts);
+static clockid_t map_clock_id(clockid_t c) {
+
+ /* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
+ * fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
+ * when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
+ * those archs. */
+
+ switch (c) {
+
+ case CLOCK_BOOTTIME_ALARM:
+ return CLOCK_BOOTTIME;
+
+ case CLOCK_REALTIME_ALARM:
+ return CLOCK_REALTIME;
+
+ default:
+ return c;
+ }
+}
+
usec_t now(clockid_t clock_id) {
struct timespec ts;
- assert_se(clock_gettime(clock_id, &ts) == 0);
+ assert_se(clock_gettime(map_clock_id(clock_id), &ts) == 0);
return timespec_load(&ts);
}
@@ -53,7 +73,7 @@ usec_t now(clockid_t clock_id) {
nsec_t now_nsec(clockid_t clock_id) {
struct timespec ts;
- assert_se(clock_gettime(clock_id, &ts) == 0);
+ assert_se(clock_gettime(map_clock_id(clock_id), &ts) == 0);
return timespec_load_nsec(&ts);
}
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index deef6ba9d3..2b46a1ff06 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -2780,9 +2780,13 @@ _public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) {
*usec = e->timestamp.monotonic;
break;
- default:
+ case CLOCK_BOOTTIME:
+ case CLOCK_BOOTTIME_ALARM:
*usec = e->timestamp_boottime;
break;
+
+ default:
+ assert_not_reached("Unknown clock?");
}
return 0;

24
0002-core-fix-indenting-in-dump-output.patch
View File

@ -1,24 +0,0 @@
From 3e1d3577dd20a49d6eb5007c65b4efb7862df903 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Feb 2016 21:33:39 +0100
Subject: [PATCH] core: fix indenting in dump output
Fixes: #2593
(cherry picked from commit b895d15511526b7046c8c51e6689684144a63ae0)
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index d39e3dcaeb..3c4f85e744 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -888,7 +888,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
"%s\tInstance: %s\n"
"%s\tUnit Load State: %s\n"
"%s\tUnit Active State: %s\n"
- "%s\nState Change Timestamp: %s\n"
+ "%s\tState Change Timestamp: %s\n"
"%s\tInactive Exit Timestamp: %s\n"
"%s\tActive Enter Timestamp: %s\n"
"%s\tActive Exit Timestamp: %s\n"

238
0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch
View File

@ -1,238 +0,0 @@
From 66a35872a2429a095f8cdfd5b00f94d0b28daa0f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 15 Feb 2016 22:50:01 +0100
Subject: [PATCH] networkd: FIONREAD is not reliable on some sockets
Fixes: #2457
(cherry picked from commit 4edc2c9b6b5b921873eb82e58719ed4d9e0d69bf)
---
src/basic/socket-util.c | 34 ++++++++++++++++++++++++++++++++
src/basic/socket-util.h | 2 ++
src/libsystemd-network/sd-dhcp-client.c | 23 +++++++++------------
src/libsystemd-network/sd-dhcp-server.c | 9 ++++-----
src/libsystemd-network/sd-dhcp6-client.c | 13 ++++++------
src/libsystemd-network/sd-ndisc.c | 13 +++++-------
src/resolve/resolved-manager.c | 10 ++++------
7 files changed, 64 insertions(+), 40 deletions(-)
diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 49e5f5b125..58512686e3 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -936,3 +936,37 @@ int receive_one_fd(int transport_fd, int flags) {
return *(int*) CMSG_DATA(found);
}
+
+ssize_t next_datagram_size_fd(int fd) {
+ ssize_t l;
+ int k;
+
+ /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
+ * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't
+ * do. This difference is actually of major importance as we need to be sure that the size returned here
+ * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
+ * the wrong size. */
+
+ l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
+ if (l < 0) {
+ if (errno == EOPNOTSUPP)
+ goto fallback;
+
+ return -errno;
+ }
+ if (l == 0)
+ goto fallback;
+
+ return l;
+
+fallback:
+ k = 0;
+
+ /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
+ * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
+
+ if (ioctl(fd, FIONREAD, &k) < 0)
+ return -errno;
+
+ return (ssize_t) k;
+}
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 92edc1dc22..d17a2f35f8 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -133,5 +133,7 @@ int send_one_fd_sa(int transport_fd,
#define send_one_fd(transport_fd, fd, flags) send_one_fd_sa(transport_fd, fd, NULL, 0, flags)
int receive_one_fd(int transport_fd, int flags);
+ssize_t next_datagram_size_fd(int fd);
+
#define CMSG_FOREACH(cmsg, mh) \
for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg)))
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index cad1a52c09..729ef880ce 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1525,20 +1525,17 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
uint32_t revents, void *userdata) {
sd_dhcp_client *client = userdata;
_cleanup_free_ DHCPMessage *message = NULL;
- int buflen = 0, len, r;
const struct ether_addr zero_mac = { { 0, 0, 0, 0, 0, 0 } };
const struct ether_addr *expected_chaddr = NULL;
uint8_t expected_hlen = 0;
+ ssize_t len, buflen;
assert(s);
assert(client);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* this can't be right */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc0(buflen);
if (!message)
@@ -1616,17 +1613,15 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
};
struct cmsghdr *cmsg;
bool checksum = true;
- int buflen = 0, len, r;
+ ssize_t buflen, len;
+ int r;
assert(s);
assert(client);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* this can't be right */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
packet = malloc0(buflen);
if (!packet)
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index ad3a37b722..54ff1a3f28 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -955,14 +955,13 @@ static int server_receive_message(sd_event_source *s, int fd,
.msg_controllen = sizeof(cmsgbuf),
};
struct cmsghdr *cmsg;
- int buflen = 0, len;
+ ssize_t buflen, len;
assert(server);
- if (ioctl(fd, FIONREAD, &buflen) < 0)
- return -errno;
- else if (buflen < 0)
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc(buflen);
if (!message)
diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
index 5b6b9cbcac..7d56d4cc60 100644
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -33,6 +33,7 @@
#include "in-addr-util.h"
#include "network-internal.h"
#include "random-util.h"
+#include "socket-util.h"
#include "string-table.h"
#include "util.h"
@@ -891,18 +892,16 @@ static int client_receive_message(sd_event_source *s, int fd, uint32_t revents,
sd_dhcp6_client *client = userdata;
DHCP6_CLIENT_DONT_DESTROY(client);
_cleanup_free_ DHCP6Message *message = NULL;
- int r, buflen, len;
+ ssize_t buflen, len;
+ int r = 0;
assert(s);
assert(client);
assert(client->event);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* This really should not happen */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
message = malloc(buflen);
if (!message)
diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
index 519d2aa36b..bae6a49fe6 100644
--- a/src/libsystemd-network/sd-ndisc.c
+++ b/src/libsystemd-network/sd-ndisc.c
@@ -491,19 +491,16 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
struct cmsghdr *cmsg;
struct in6_addr *gw;
unsigned lifetime;
- ssize_t len;
- int r, pref, stateful, buflen = 0;
+ ssize_t len, buflen;
+ int r, pref, stateful;
assert(s);
assert(nd);
assert(nd->event);
- r = ioctl(fd, FIONREAD, &buflen);
- if (r < 0)
- return -errno;
- else if (buflen < 0)
- /* This really should not happen */
- return -EIO;
+ buflen = next_datagram_size_fd(fd);
+ if (buflen < 0)
+ return buflen;
iov.iov_len = buflen;
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index bf5efe4cfa..7f9073448a 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -617,18 +617,16 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
struct msghdr mh = {};
struct cmsghdr *cmsg;
struct iovec iov;
- int ms = 0, r;
- ssize_t l;
+ ssize_t ms, l;
+ int r;
assert(m);
assert(fd >= 0);
assert(ret);
- r = ioctl(fd, FIONREAD, &ms);
- if (r < 0)
- return -errno;
+ ms = next_datagram_size_fd(fd);
if (ms < 0)
- return -EIO;
+ return ms;
r = dns_packet_new(&p, protocol, ms);
if (r < 0)

55
0004-networkd-rework-idle-detection-logic-of-networkd.patch
View File

@ -1,55 +0,0 @@
From 1b8cc9fb6cac9d5882ab33b79f880d03d1859efb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 15 Feb 2016 19:11:18 +0100
Subject: [PATCH] networkd: rework idle detection logic of networkd
This patch makes networkd stay around as long as there is more than just a
loopback interface around, or the loopback device isn't fully probed yet, or
the loopback device has a .network file attached.
In essence, this means networkd stays around now continously as it should,
unless it is running in some (container?) environment that really has no
interface except a loopback device.
Fixes #2577.
(cherry picked from commit 9dc907f9c93636cb63ca90300fa3b8c03812701f)
---
src/network/networkd-manager.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index b527191a5a..b8cb7f875d 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -1091,22 +1091,19 @@ static bool manager_check_idle(void *userdata) {
assert(m);
+ /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback
+ * device around, for which we have no configuration, and which already left the PENDING state. In all other
+ * cases we are not idle. */
+
HASHMAP_FOREACH(link, m->links, i) {
- /* we are not woken on udev activity, so let's just wait for the
- * pending udev event */
+ /* We are not woken on udev activity, so let's just wait for the pending udev event */
if (link->state == LINK_STATE_PENDING)
return false;
- if (!link->network)
- continue;
+ if ((link->flags & IFF_LOOPBACK) == 0)
+ return false;
- /* we are not woken on netork activity, so let's stay around */
- if (link_lldp_enabled(link) ||
- link_ipv4ll_enabled(link) ||
- link_dhcp4_server_enabled(link) ||
- link_dhcp4_enabled(link) ||
- link_dhcp6_enabled(link) ||
- link_ipv6_accept_ra_enabled(link))
+ if (link->network)
return false;
}

24
0005-core-fix-assertion-check.patch
View File

@ -1,24 +0,0 @@
From 84494c062524f39771cc9363597daa29d5d041b6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Feb 2016 13:18:36 +0100
Subject: [PATCH] core: fix assertion check
Fixes: #2632
(cherry picked from commit 3f51aec8647fe13f4b1e46b2f75ff635403adf91)
---
src/core/timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/timer.c b/src/core/timer.c
index 6f3e6a8db3..3d0bae16e5 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
usec_t add;
assert(t);
- assert(*v);
+ assert(v);
if (t->random_usec == 0)
return;

26
0006-udev-fix-cg_unified-return-code-checking.patch
View File

@ -1,26 +0,0 @@
From 19bc96f7cdda48ca331d5cb0060d3a7eaad59a16 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Feb 2016 14:03:47 +0100
Subject: [PATCH] udev: fix cg_unified() return code checking
Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79.
Fixes: #2635
(cherry picked from commit 6d2353394fc33e923d1ab464c8f88df2a5105ffb)
---
src/udev/udevd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 2c1c4a967b..bb92f16352 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1715,7 +1715,7 @@ int main(int argc, char *argv[]) {
by PID1. otherwise we are not guaranteed to have a dedicated cgroup */
r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
if (r < 0) {
- if (r == -ENOENT || r == -ENOEXEC)
+ if (r == -ENOENT || r == -ENOMEDIUM)
log_debug_errno(r, "did not find dedicated cgroup: %m");
else
log_warning_errno(r, "failed to get cgroup: %m");

54
0007-core-revert-core-resolve-specifier-in-config_parse_e.patch
View File

@ -1,54 +0,0 @@
From 31acc428d9bfa04582ca7c5ec3580ef2b7aed172 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Wed, 17 Feb 2016 22:32:36 +0000
Subject: [PATCH] core: revert "core: resolve specifier in config_parse_exec()"
This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a.
Exec*-settings resolve specifiers twice:
%%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0
Fixes #2637
(cherry picked from commit bd1b973fb326e9b7587494fd6108e5ded46e9163)
---
src/core/load-fragment.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index b3dec7b8cc..8804b3ac41 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -574,9 +574,7 @@ int config_parse_exec(
void *data,
void *userdata) {
- _cleanup_free_ char *cmd = NULL;
ExecCommand **e = data;
- Unit *u = userdata;
const char *p;
bool semicolon;
int r;
@@ -585,7 +583,6 @@ int config_parse_exec(
assert(lvalue);
assert(rvalue);
assert(e);
- assert(u);
e += ltype;
rvalue += strspn(rvalue, WHITESPACE);
@@ -596,13 +593,7 @@ int config_parse_exec(
return 0;
}
- r = unit_full_printf(u, rvalue, &cmd);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
- return 0;
- }
-
- p = cmd;
+ p = rvalue;
do {
_cleanup_free_ char *path = NULL, *firstword = NULL;
bool separate_argv0 = false, ignore = false;

25
0008-activate-fix-E-option-parsing.patch
View File

@ -1,25 +0,0 @@
From 3ea302d20b1c60f469ed7315611d002a0d88f57d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Feb 2016 21:54:31 -0500
Subject: [PATCH] activate: fix -E option parsing
Fixes #2658.
(cherry picked from commit b722348d050aa2754cd9f903e8c3ce810c616b06)
---
src/activate/activate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/activate/activate.c b/src/activate/activate.c
index 0db4967edb..4b3d0e5371 100644
--- a/src/activate/activate.c
+++ b/src/activate/activate.c
@@ -379,7 +379,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "+hl:aEd", options, NULL)) >= 0)
+ while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
switch(c) {
case 'h':
help();

30
0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch
View File

@ -1,30 +0,0 @@
From 328e8daf82c4e82ebcd06ae87bb825d5060cb94b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Feb 2016 17:33:10 -0500
Subject: [PATCH] basic/strbuf: do not call bsearch with a null argument
Das ist verboten!
src/basic/strbuf.c:162:23: runtime error: null pointer passed as argument 2,
which is declared to never be null
(cherry picked from commit 82501b3fc40dae2660a86ab07462f33fe26347ad)
---
src/basic/strbuf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
index 77220c0251..dac2881603 100644
--- a/src/basic/strbuf.c
+++ b/src/basic/strbuf.c
@@ -156,6 +156,10 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
return off;
}
+ /* bsearch is not allowed on a NULL sequence */
+ if (node->children_count == 0)
+ break;
+
/* lookup child node */
c = s[len - 1 - depth];
search.c = c;

30
0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch
View File

@ -1,30 +0,0 @@
From 28c6938992e05238fa077ff820015bb37e1ecae6 Mon Sep 17 00:00:00 2001
From: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Date: Fri, 19 Feb 2016 15:21:18 +0100
Subject: [PATCH] udev/path_id: correct segmentation fault due to missing NULL
check
Running "udevadm test-builtin path_id /sys/devices/platform/" results
in a segmentation fault.
The problem is that udev_device_get_subsystem(dev) might return NULL
in a streq() call. Solve this problem by using streq_ptr() instead.
(cherry picked from commit 5181ab917d6407cb57043e98955f0de1614366ea)
---
src/udev/udev-builtin-path_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
index b6ed45d8ba..6e9adc6e96 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/udev/udev-builtin-path_id.c
@@ -712,7 +712,7 @@ static int builtin_path_id(struct udev_device *dev, int argc, char *argv[], bool
* devices do not expose their buses and do not provide a unique
* and predictable name that way.
*/
- if (streq(udev_device_get_subsystem(dev), "block") && !supported_transport)
+ if (streq_ptr(udev_device_get_subsystem(dev), "block") && !supported_transport)
path = mfree(path);
if (path != NULL) {

27
0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch
View File

@ -1,27 +0,0 @@
From 319dadd4b39ed03271848ca649e4d76de0fbf8ff Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sun, 21 Feb 2016 22:27:01 +0100
Subject: [PATCH] networkd: make sure we allocate the NTA set before we add
items to it
See: #2683
(cherry picked from commit cbbf38aefc7a3d18d68f0d8fffb6b59d77948690)
---
src/network/networkd-network.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 4315790093..54f76fe206 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -994,6 +994,10 @@ int config_parse_dnssec_negative_trust_anchors(
continue;
}
+ r = set_ensure_allocated(&n->dnssec_negative_trust_anchors, &dns_name_hash_ops);
+ if (r < 0)
+ return log_oom();
+
r = set_put(n->dnssec_negative_trust_anchors, w);
if (r < 0)
return log_oom();

70
0012-networkd-tunnel-fix-tunnel-address.patch
View File

@ -1,70 +0,0 @@
From f432f7f9037833d77e6e0d16c275b950e1cd8e03 Mon Sep 17 00:00:00 2001
From: Susant Sahani <ssahani@gmail.com>
Date: Sat, 20 Feb 2016 18:03:31 +0530
Subject: [PATCH] networkd: tunnel fix tunnel address
this fixes 2655
(cherry picked from commit 07dcb085893a2fe212b7e158028725876d2ab98f)
---
src/network/networkd-netdev-tunnel.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c
index 46ff2974f4..7aaa041ba3 100644
--- a/src/network/networkd-netdev-tunnel.c
+++ b/src/network/networkd-netdev-tunnel.c
@@ -54,7 +54,7 @@ static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlin
assert(link);
assert(m);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0)
@@ -87,7 +87,7 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink
assert(link);
assert(m);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0)
@@ -124,7 +124,7 @@ static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink
t = GRETAP(netdev);
assert(t);
- assert(t->family == AF_INET || t->family != -1);
+ assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
assert(link);
assert(m);
@@ -497,7 +497,7 @@ static void ipip_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void sit_init(NetDev *n) {
@@ -507,7 +507,7 @@ static void sit_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void vti_init(NetDev *n) {
@@ -538,7 +538,7 @@ static void gre_init(NetDev *n) {
assert(t);
t->pmtudisc = true;
- t->family = -1;
+ t->family = AF_UNSPEC;
}
static void ip6gre_init(NetDev *n) {

47
0013-calendarspec-fix-find_next-skipping-times.patch
View File

@ -1,47 +0,0 @@
From 182b69ec5eade7b2accc09d58128b6d286067299 Mon Sep 17 00:00:00 2001
From: Hristo Venev <hristo@venev.name>
Date: Mon, 22 Feb 2016 08:02:48 -0500
Subject: [PATCH] calendarspec: fix find_next skipping times
reset usec when bumping hours/minutes
(cherry picked from commit a022d76e6a7c711954be5535e6308d0a470e232a)
---
src/basic/calendarspec.c | 4 ++--
src/test/test-calendarspec.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index 775879076d..ac7b7c4c87 100644
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -1027,7 +1027,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
r = find_matching_component(spec->hour, &c.tm_hour);
if (r > 0)
- c.tm_min = c.tm_sec = 0;
+ c.tm_min = c.tm_sec = tm_usec = 0;
if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
c.tm_mday ++;
c.tm_hour = c.tm_min = c.tm_sec = tm_usec = 0;
@@ -1036,7 +1036,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
r = find_matching_component(spec->minute, &c.tm_min);
if (r > 0)
- c.tm_sec = 0;
+ c.tm_sec = tm_usec = 0;
if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
c.tm_hour ++;
c.tm_min = c.tm_sec = tm_usec = 0;
diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
index 8754cb3381..5a8c6cbfb6 100644
--- a/src/test/test-calendarspec.c
+++ b/src/test/test-calendarspec.c
@@ -137,6 +137,7 @@ int main(int argc, char* argv[]) {
test_next("2015-11-13 09:11:23.42", "EET", 12345, 1447398683420000);
test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683420000, 1447398685190000);
test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683419999, 1447398683420000);
+ test_next("Sun 16:00:00", "CET", 1456041600123456, 1456066800000000);
assert_se(calendar_spec_from_string("test", &c) < 0);
assert_se(calendar_spec_from_string("", &c) < 0);

52
0014-core-exclude-.slice-units-from-systemctl-isolate.patch
View File

@ -1,52 +0,0 @@
From 3d08427e07af2419f542c3786db2e78f0ed7c282 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 18 Feb 2016 22:51:23 +0100
Subject: [PATCH] core: exclude .slice units from "systemctl isolate"
Fixes: #1969
(cherry picked from commit 1b4cd0cf11feb7d41f2eff17f86fa55b31bb6841)
---
src/core/scope.c | 3 +--
src/core/slice.c | 8 ++++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/core/scope.c b/src/core/scope.c
index c5d0ecef04..361695c3f9 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -50,8 +50,7 @@ static void scope_init(Unit *u) {
assert(u->load_state == UNIT_STUB);
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
-
- UNIT(s)->ignore_on_isolate = true;
+ u->ignore_on_isolate = true;
}
static void scope_done(Unit *u) {
diff --git a/src/core/slice.c b/src/core/slice.c
index d65364c6f4..667f61bde5 100644
--- a/src/core/slice.c
+++ b/src/core/slice.c
@@ -34,6 +34,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = {
[SLICE_ACTIVE] = UNIT_ACTIVE
};
+static void slice_init(Unit *u) {
+ assert(u);
+ assert(u->load_state == UNIT_STUB);
+
+ u->ignore_on_isolate = true;
+}
+
static void slice_set_state(Slice *t, SliceState state) {
SliceState old_state;
assert(t);
@@ -305,6 +312,7 @@ const UnitVTable slice_vtable = {
.no_instances = true,
.can_transient = true,
+ .init = slice_init,
.load = slice_load,
.coldplug = slice_coldplug,

35
0015-shorten-hostname-before-checking-for-trailing-dot.patch
View File

@ -1,35 +0,0 @@
From 414c46af13efbb4b0eeb0c7d429e1941742f120e Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Mon, 29 Feb 2016 10:19:01 +0100
Subject: [PATCH] shorten hostname before checking for trailing dot
Shortening can lead to a hostname that has a trailing dot.
Therefore it should be done before checking from trailing dots.
(cherry picked from commit 46e1a2278116e2f5067c35127ccbd8589335f734)
---
src/basic/hostname-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c
index 7bb23448ed..123cee3125 100644
--- a/src/basic/hostname-util.c
+++ b/src/basic/hostname-util.c
@@ -122,6 +122,8 @@ char* hostname_cleanup(char *s) {
assert(s);
+ strshorten(s, HOST_NAME_MAX);
+
for (p = s, d = s, dot = true; *p; p++) {
if (*p == '.') {
if (dot)
@@ -141,8 +143,6 @@ char* hostname_cleanup(char *s) {
else
*d = 0;
- strshorten(s, HOST_NAME_MAX);
-
return s;
}

81
0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
View File

@ -1,81 +0,0 @@
From 270eaf14c4905a9635bd1d009cb1565cd4f3626f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 22 Feb 2016 18:40:28 +0100
Subject: [PATCH] hashmap: use void* and uint8_t* for generic pointers
As suggested by CODING_STYLE we should use "void*" as type for generic memory,
and uint8_t* for generic bytes. Hence use that instead of "char*", which should
really be used only for strings these days.
(cherry picked from commit 1a39bc8c650802630696c38e510a4a2a4c6bda92)
---
src/basic/hashmap.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c
index 6f1a049d47..85b8d812b3 100644
--- a/src/basic/hashmap.c
+++ b/src/basic/hashmap.c
@@ -176,7 +176,7 @@ enum HashmapType {
};
struct _packed_ indirect_storage {
- char *storage; /* where buckets and DIBs are stored */
+ void *storage; /* where buckets and DIBs are stored */
uint8_t hash_key[HASH_KEY_SIZE]; /* hash key; changes during resize */
unsigned n_entries; /* number of stored entries */
@@ -193,7 +193,7 @@ struct direct_storage {
/* This gives us 39 bytes on 64bit, or 35 bytes on 32bit.
* That's room for 4 set_entries + 4 DIB bytes + 3 unused bytes on 64bit,
* or 7 set_entries + 7 DIB bytes + 0 unused bytes on 32bit. */
- char storage[sizeof(struct indirect_storage)];
+ uint8_t storage[sizeof(struct indirect_storage)];
};
#define DIRECT_BUCKETS(entry_t) \
@@ -302,7 +302,7 @@ static void n_entries_dec(HashmapBase *h) {
h->n_direct_entries--;
}
-static char *storage_ptr(HashmapBase *h) {
+static void *storage_ptr(HashmapBase *h) {
return h->has_indirect ? h->indirect.storage
: h->direct.storage;
}
@@ -347,7 +347,7 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) {
static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) {
return (struct hashmap_base_entry*)
- (storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
+ ((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
}
static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) {
@@ -381,7 +381,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_
static dib_raw_t *dib_raw_ptr(HashmapBase *h) {
return (dib_raw_t*)
- (storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
+ ((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
}
static unsigned bucket_distance(HashmapBase *h, unsigned idx, unsigned from) {
@@ -1028,7 +1028,7 @@ static int hashmap_base_put_boldly(HashmapBase *h, unsigned idx,
*/
static int resize_buckets(HashmapBase *h, unsigned entries_add) {
struct swap_entries swap;
- char *new_storage;
+ void *new_storage;
dib_raw_t *old_dibs, *new_dibs;
const struct hashmap_type_info *hi;
unsigned idx, optimal_idx;
@@ -1095,7 +1095,7 @@ static int resize_buckets(HashmapBase *h, unsigned entries_add) {
h->indirect.n_buckets = (1U << new_shift) /
(hi->entry_size + sizeof(dib_raw_t));
- old_dibs = (dib_raw_t*)(new_storage + hi->entry_size * old_n_buckets);
+ old_dibs = (dib_raw_t*)((uint8_t*) new_storage + hi->entry_size * old_n_buckets);
new_dibs = dib_raw_ptr(h);
/*

260
0017-resolved-fix-notification-iteration-logic-when-trans.patch
View File

@ -1,260 +0,0 @@
From 61596a9aac5f0d4cef3845b04d61f2dad4aa0814 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 22 Feb 2016 20:39:45 +0100
Subject: [PATCH] resolved: fix notification iteration logic when transactions
are completed
When a transaction is complete, and we notify its owners, make sure we deal
correctly with the requesters removing themselves from the list of owners while
we continue iterating.
This was previously already dealt with with transactions that require other
transactions for DNSSEC purposes, fix this for other possibly transaction
owners too now.
Since iterating through "Set" objects is not safe regarding removal of entries
from it, rework the logic to use two Sets, and move each entry we notified from
one set to the other set before we dispatch the notification. This move operation
requires no additional memory, and enables us to ensure that we don't notify
any object twice.
Fixes: #2676
(cherry picked from commit 35aa04e9edf422beac3493afa555d29575b3046c)
---
src/basic/macro.h | 6 ++++
src/basic/set.h | 3 ++
src/resolve/resolved-dns-query.c | 5 +++
src/resolve/resolved-dns-transaction.c | 62 ++++++++++++++++------------------
src/resolve/resolved-dns-transaction.h | 6 ++--
src/resolve/resolved-dns-zone.c | 5 +++
6 files changed, 52 insertions(+), 35 deletions(-)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 2695d0edb7..ab5cc97e17 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -361,6 +361,12 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) {
_found; \
})
+#define SWAP_TWO(x, y) do { \
+ typeof(x) _t = (x); \
+ (x) = (y); \
+ (y) = (_t); \
+ } while (false)
+
/* Define C11 thread_local attribute even on older gcc compiler
* version */
#ifndef thread_local
diff --git a/src/basic/set.h b/src/basic/set.h
index 2bff5062da..e0d9dd001c 100644
--- a/src/basic/set.h
+++ b/src/basic/set.h
@@ -126,6 +126,9 @@ int set_put_strdupv(Set *s, char **l);
#define SET_FOREACH(e, s, i) \
for ((i) = ITERATOR_FIRST; set_iterate((s), &(i), (void**)&(e)); )
+#define SET_FOREACH_MOVE(e, d, s) \
+ for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); )
+
DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free);
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index a378b2b7f7..2a02544eb6 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -62,6 +62,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
while ((t = set_steal_first(c->transactions))) {
set_remove(t->notify_query_candidates, c);
+ set_remove(t->notify_query_candidates_done, c);
dns_transaction_gc(t);
}
}
@@ -139,6 +140,10 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->notify_query_candidates, c);
if (r < 0)
goto gc;
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index d48fdd1281..4f5cbab702 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -52,6 +52,7 @@ static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) {
while ((z = set_steal_first(t->dnssec_transactions))) {
set_remove(z->notify_transactions, t);
+ set_remove(z->notify_transactions_done, t);
dns_transaction_gc(z);
}
}
@@ -100,14 +101,26 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
set_remove(c->transactions, t);
set_free(t->notify_query_candidates);
+ while ((c = set_steal_first(t->notify_query_candidates_done)))
+ set_remove(c->transactions, t);
+ set_free(t->notify_query_candidates_done);
+
while ((i = set_steal_first(t->notify_zone_items)))
i->probe_transaction = NULL;
set_free(t->notify_zone_items);
+ while ((i = set_steal_first(t->notify_zone_items_done)))
+ i->probe_transaction = NULL;
+ set_free(t->notify_zone_items_done);
+
while ((z = set_steal_first(t->notify_transactions)))
set_remove(z->dnssec_transactions, t);
set_free(t->notify_transactions);
+ while ((z = set_steal_first(t->notify_transactions_done)))
+ set_remove(z->dnssec_transactions, t);
+ set_free(t->notify_transactions_done);
+
dns_transaction_flush_dnssec_transactions(t);
set_free(t->dnssec_transactions);
@@ -128,8 +141,11 @@ bool dns_transaction_gc(DnsTransaction *t) {
return true;
if (set_isempty(t->notify_query_candidates) &&
+ set_isempty(t->notify_query_candidates_done) &&
set_isempty(t->notify_zone_items) &&
- set_isempty(t->notify_transactions)) {
+ set_isempty(t->notify_zone_items_done) &&
+ set_isempty(t->notify_transactions) &&
+ set_isempty(t->notify_transactions_done)) {
dns_transaction_free(t);
return false;
}
@@ -266,6 +282,7 @@ static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
t->block_gc++;
+
while ((z = set_first(t->notify_zone_items))) {
/* First, make sure the zone item drops the reference
* to us */
@@ -284,7 +301,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
DnsQueryCandidate *c;
DnsZoneItem *z;
DnsTransaction *d;
- Iterator i;
const char *st;
assert(t);
@@ -329,39 +345,17 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
* transaction isn't freed while we are still looking at it */
t->block_gc++;
- SET_FOREACH(c, t->notify_query_candidates, i)
+ SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates)
dns_query_candidate_notify(c);
- SET_FOREACH(z, t->notify_zone_items, i)
- dns_zone_item_notify(z);
+ SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done);
- if (!set_isempty(t->notify_transactions)) {
- DnsTransaction **nt;
- unsigned j, n = 0;
-
- /* We need to be careful when notifying other
- * transactions, as that might destroy other
- * transactions in our list. Hence, in order to be
- * able to safely iterate through the list of
- * transactions, take a GC lock on all of them
- * first. Then, in a second loop, notify them, but
- * first unlock that specific transaction. */
-
- nt = newa(DnsTransaction*, set_size(t->notify_transactions));
- SET_FOREACH(d, t->notify_transactions, i) {
- nt[n++] = d;
- d->block_gc++;
- }
-
- assert(n == set_size(t->notify_transactions));
+ SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items)
+ dns_zone_item_notify(z);
+ SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done);
- for (j = 0; j < n; j++) {
- if (set_contains(t->notify_transactions, nt[j]))
- dns_transaction_notify(nt[j], t);
-
- nt[j]->block_gc--;
- dns_transaction_gc(nt[j]);
- }
- }
+ SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions)
+ dns_transaction_notify(d, t);
+ SWAP_TWO(t->notify_transactions, t->notify_transactions_done);
t->block_gc--;
dns_transaction_gc(t);
@@ -1619,6 +1613,10 @@ static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResource
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&aux->notify_transactions_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->dnssec_transactions, aux);
if (r < 0)
goto gc;
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 4617194711..fd0237d166 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -119,17 +119,17 @@ struct DnsTransaction {
/* Query candidates this transaction is referenced by and that
* shall be notified about this specific transaction
* completing. */
- Set *notify_query_candidates;
+ Set *notify_query_candidates, *notify_query_candidates_done;
/* Zone items this transaction is referenced by and that shall
* be notified about completion. */
- Set *notify_zone_items;
+ Set *notify_zone_items, *notify_zone_items_done;
/* Other transactions that this transactions is referenced by
* and that shall be notified about completion. This is used
* when transactions want to validate their RRsets, but need
* another DNSKEY or DS RR to do so. */
- Set *notify_transactions;
+ Set *notify_transactions, *notify_transactions_done;
/* The opposite direction: the transactions this transaction
* created in order to request DNSKEY or DS RRs. */
diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c
index f52383cfd1..be535cff14 100644
--- a/src/resolve/resolved-dns-zone.c
+++ b/src/resolve/resolved-dns-zone.c
@@ -38,6 +38,7 @@ void dns_zone_item_probe_stop(DnsZoneItem *i) {
i->probe_transaction = NULL;
set_remove(t->notify_zone_items, i);
+ set_remove(t->notify_zone_items_done, i);
dns_transaction_gc(t);
}
@@ -186,6 +187,10 @@ static int dns_zone_item_probe_start(DnsZoneItem *i) {
if (r < 0)
goto gc;
+ r = set_ensure_allocated(&t->notify_zone_items_done, NULL);
+ if (r < 0)
+ goto gc;
+
r = set_put(t->notify_zone_items, i);
if (r < 0)
goto gc;

249
0018-selinux-always-try-to-load-the-full-selinux-db.patch
View File

@ -1,249 +0,0 @@
From a4feb275ce859fb63e1153cb2eb16ed276f3a96f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 1 Mar 2016 20:35:55 -0500
Subject: [PATCH] selinux: always try to load the full selinux db
https://github.com/systemd/systemd/pull/2508#issuecomment-190901170
Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
(cherry picked from commit c3dacc8bbf2dc2f5d498072418289c3ba79160ac)
---
src/basic/selinux-util.c | 16 ++++------------
src/basic/selinux-util.h | 2 +-
src/core/main.c | 2 +-
src/hostname/hostnamed.c | 2 +-
src/locale/localed.c | 2 +-
src/login/logind.c | 2 +-
src/resolve/resolved.c | 2 +-
src/sysusers/sysusers.c | 2 +-
src/test/test-udev.c | 2 +-
src/timedate/timedated.c | 2 +-
src/tmpfiles/tmpfiles.c | 2 +-
src/udev/udevadm.c | 2 +-
src/udev/udevd.c | 2 +-
src/update-done/update-done.c | 2 +-
src/user-sessions/user-sessions.c | 2 +-
15 files changed, 18 insertions(+), 26 deletions(-)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 6c63b9d652..71ceac1bcd 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -80,31 +80,23 @@ void mac_selinux_retest(void) {
#endif
}
-int mac_selinux_init(const char *prefix) {
+int mac_selinux_init(void) {
int r = 0;
#ifdef HAVE_SELINUX
usec_t before_timestamp, after_timestamp;
struct mallinfo before_mallinfo, after_mallinfo;
- if (!mac_selinux_use())
+ if (label_hnd)
return 0;
- if (label_hnd)
+ if (!mac_selinux_use())
return 0;
before_mallinfo = mallinfo();
before_timestamp = now(CLOCK_MONOTONIC);
- if (prefix) {
- struct selinux_opt options[] = {
- { .type = SELABEL_OPT_SUBSET, .value = prefix },
- };
-
- label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
- } else
- label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (!label_hnd) {
log_enforcing("Failed to initialize SELinux context: %m");
r = security_getenforce() == 1 ? -errno : 0;
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
index 27e8edb41b..ce6bc8e44c 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -29,7 +29,7 @@ bool mac_selinux_use(void);
bool mac_selinux_have(void);
void mac_selinux_retest(void);
-int mac_selinux_init(const char *prefix);
+int mac_selinux_init(void);
void mac_selinux_finish(void);
int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
diff --git a/src/core/main.c b/src/core/main.c
index e2088574c0..d861960c6d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1382,7 +1382,7 @@ int main(int argc, char *argv[]) {
dual_timestamp_get(&security_finish_timestamp);
}
- if (mac_selinux_init(NULL) < 0) {
+ if (mac_selinux_init() < 0) {
error_message = "Failed to initialize SELinux policy";
goto finish;
}
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index c37e32e96b..d11756e615 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -706,7 +706,7 @@ int main(int argc, char *argv[]) {
log_open();
umask(0022);
- mac_selinux_init("/etc");
+ mac_selinux_init();
if (argc != 1) {
log_error("This program takes no arguments.");
diff --git a/src/locale/localed.c b/src/locale/localed.c
index f0fe59cc67..a2fc6af4c9 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) {
log_open();
umask(0022);
- mac_selinux_init("/etc");
+ mac_selinux_init();
if (argc != 1) {
log_error("This program takes no arguments.");
diff --git a/src/login/logind.c b/src/login/logind.c
index 933602eb08..d5f6757bd3 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- r = mac_selinux_init("/run");
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "Could not initialize labelling: %m");
goto finish;
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index c7e2ab14d6..161ea03412 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 863c628323..4377f1b910 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/test/test-udev.c b/src/test/test-udev.c
index 9cc64f7c68..d01789fe08 100644
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
log_debug("version %s", VERSION);
- mac_selinux_init("/dev");
+ mac_selinux_init();
action = argv[1];
if (action == NULL) {
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index 2a10135fba..a522d0c5f9 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -159,7 +159,7 @@ static int context_write_data_local_rtc(Context *c) {
}
}
- mac_selinux_init("/etc");
+ mac_selinux_init();
return write_string_file_atomic_label("/etc/adjtime", w);
}
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 7b105a6bd4..f3487013cf 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- mac_selinux_init(NULL);
+ mac_selinux_init();
items = ordered_hashmap_new(&string_hash_ops);
globs = ordered_hashmap_new(&string_hash_ops);
diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
index 7bd2c1ea42..a6a873e5de 100644
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
- mac_selinux_init("/dev");
+ mac_selinux_init();
while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0)
switch (c) {
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index bb92f16352..243df7386f 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) {
umask(022);
- r = mac_selinux_init("/dev");
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "could not initialize labelling: %m");
goto exit;
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 931e583785..da306a4444 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
- r = mac_selinux_init(NULL);
+ r = mac_selinux_init();
if (r < 0) {
log_error_errno(r, "SELinux setup failed: %m");
goto finish;
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
index 8bf44e2100..9b29b5ba1d 100644
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@@ -40,7 +40,7 @@ int main(int argc, char*argv[]) {
umask(0022);
- mac_selinux_init(NULL);
+ mac_selinux_init();
if (streq(argv[1], "start")) {
int r = 0;

45
0019-selinux-use-raw-variants-of-security_compute_create-.patch
View File

@ -1,45 +0,0 @@
From 4f1ae61da9eda1115c1461e77a44101d96532700 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 2 Mar 2016 10:16:39 -0500
Subject: [PATCH] selinux: use raw variants of security_compute_create and
setfscreatecon
As suggested by Evgeny Vereshchagin as a follow up for
https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
(cherry picked from commit 5c5433ad32c3d911f0c66cc124d190d40a2b5f5b)
---
src/basic/selinux-util.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 71ceac1bcd..5e6181f662 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -217,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
return -errno;
sclass = string_to_security_class("process");
- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
+ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
@@ -296,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
return -ENOMEM;
sclass = string_to_security_class("process");
- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
+ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
@@ -350,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
log_enforcing("Failed to determine SELinux security context for %s: %m", path);
} else {
- if (setfscreatecon(filecon) >= 0)
+ if (setfscreatecon_raw(filecon) >= 0)
return 0; /* Success! */
log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path);

25
0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch
View File

@ -1,25 +0,0 @@
From f4bb8c3a9aed5ddefb66380c818d04aa0b663693 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 4 Mar 2016 21:46:47 -0500
Subject: [PATCH] test-compress-benchmark: skip loop iteration if size is 0
Otherwise we would hit an assert in the compression code.
(cherry picked from commit 15b947fb798cd131355ba9935802d58e92bdba6e)
---
src/journal/test-compress-benchmark.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/journal/test-compress-benchmark.c b/src/journal/test-compress-benchmark.c
index 5b2d130cd6..0ef6d36a50 100644
--- a/src/journal/test-compress-benchmark.c
+++ b/src/journal/test-compress-benchmark.c
@@ -105,6 +105,8 @@ static void test_compress_decompress(const char* label, const char* type,
int r;
size = permute(i);
+ if (size == 0)
+ continue;
log_debug("%s %zu %zu", type, i, size);

38
0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch
View File

@ -1,38 +0,0 @@
From c411521802d5e89eeb5cdf39cdd7b9538a3a3a08 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 15 Mar 2016 12:43:33 +0100
Subject: [PATCH] time-util: fall back to CLOCK_MONOTONIC if CLOCK_BOOTTIME
unsupported
It was added in 2.6.39, and causes an assertion to fail when running in mock
hosted on 2.6.23-based RHEL-6:
Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
(cherry picked from commit 2abd5b5a49ae368b258ffc7257ab703bccda67dd)
---
src/basic/time-util.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 510f018d9b..ec112e23e2 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -47,12 +47,15 @@ static clockid_t map_clock_id(clockid_t c) {
/* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
* fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
* when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
- * those archs. */
+ * those archs.
+ *
+ * Also, older kernels don't support CLOCK_BOOTTIME: fall back to CLOCK_MONOTONIC. */
switch (c) {
+ case CLOCK_BOOTTIME:
case CLOCK_BOOTTIME_ALARM:
- return CLOCK_BOOTTIME;
+ return clock_boottime_or_monotonic ();
case CLOCK_REALTIME_ALARM:
return CLOCK_REALTIME;

47
0022-headers-use-__inline__-instead-of-inline.patch
View File

@ -1,47 +0,0 @@
From b1ab67134c28ade32eab8fde37840efac789affc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Mar 2016 13:41:49 -0500
Subject: [PATCH] headers: use __inline__ instead of inline
https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Alternate-Keywords.html#Alternate-Keywords
recommends __inline__ over inline in ANSI C compatible headers.
Tested with gcc-5.3 and clang-3.7.
https://bugzilla.redhat.com/show_bug.cgi?id=1316964
(cherry picked from commit 0cb27225e9c658d80538ace7a267ba0a2d2f44f2)
---
src/systemd/_sd-common.h | 2 +-
src/systemd/sd-id128.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h
index 2d4e1f26e1..3bb886be75 100644
--- a/src/systemd/_sd-common.h
+++ b/src/systemd/_sd-common.h
@@ -74,7 +74,7 @@
#endif
#define _SD_DEFINE_POINTER_CLEANUP_FUNC(type, func) \
- static inline void func##p(type **p) { \
+ static __inline__ void func##p(type **p) { \
if (*p) \
func(*p); \
} \
diff --git a/src/systemd/sd-id128.h b/src/systemd/sd-id128.h
index a3bf5897b8..4dff0b9b81 100644
--- a/src/systemd/sd-id128.h
+++ b/src/systemd/sd-id128.h
@@ -100,11 +100,11 @@ int sd_id128_get_boot(sd_id128_t *ret);
((x).bytes[15] & 15) >= 10 ? 'a' + ((x).bytes[15] & 15) - 10 : '0' + ((x).bytes[15] & 15), \
0 })
-_sd_pure_ static inline int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
+_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
return memcmp(&a, &b, 16) == 0;
}
-_sd_pure_ static inline int sd_id128_is_null(sd_id128_t a) {
+_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
return a.qwords[0] == 0 && a.qwords[1] == 0;
}

47
0023-dev-console-must-be-labeled-with-SELinux-label.patch
View File

@ -1,47 +0,0 @@
From 641a7f0c61ff42ea55ad7152e7f874ea5d680a2d Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 9 Mar 2016 09:29:25 -0500
Subject: [PATCH] /dev/console must be labeled with SELinux label
If the user specifies an selinux_apifs_context all content created in
the container including /dev/console should use this label.
Currently when this uses the default label it gets labeled user_devpts_t,
which would require us to write a policy allowing container processes to
manage user_devpts_t. This means that an escaped process would be allowed
to attack all users terminals as well as other container terminals. Changing
the label to match the apifs_context, means the processes would only be allowed
to manage their specific tty.
This change fixes a problem preventing RKT containers from working with systemd-nspawn.
(cherry picked from commit 68b020494d1ff085281061413d9236b5865ef238)
---
src/nspawn/nspawn.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index ef348c335b..8c06f6ef75 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -87,6 +87,7 @@
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
#endif
+#include "selinux-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "stat-util.h"
@@ -3286,6 +3287,12 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ if (arg_selinux_apifs_context) {
+ r = mac_selinux_apply(console, arg_selinux_apifs_context);
+ if (r < 0)
+ goto finish;
+ }
+
if (unlockpt(master) < 0) {
r = log_error_errno(errno, "Failed to unlock tty: %m");
goto finish;

90
0024-fstab-generator-fix-automount-option-and-don-t-start.patch
View File

@ -1,90 +0,0 @@
From 1b8bdd05fcecd83cc8c8269f06a50ced055ab864 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Tue, 1 Dec 2015 18:01:44 +0100
Subject: [PATCH] fstab-generator: fix automount option and don't start
associated mount unit at boot
Without this patch applied the mount unit with 'automount' option was still
pulled by local-fs.target and thus was activated during the boot process which
defeats the purpose of the 'automount' option:
$ grep /mnt /etc/fstab
/dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
/dev/vdb1 on /mnt type ext2 (rw,relatime)
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
With the patch applied:
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
$ systemctl status mnt.mount | grep Active
Active: inactive (dead)
$ ls /mnt
lost+found
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
(cherry picked from commit 2b14df4a9ae92623b584e61db6b5b37accd832c1)
---
src/core/mount.c | 11 ++++++++++-
src/fstab-generator/fstab-generator.c | 4 ++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index de1075d3a0..cfe4b0f517 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -104,6 +104,14 @@ static bool mount_is_auto(const MountParameters *p) {
return !fstab_test_option(p->options, "noauto\0");
}
+static bool mount_is_automount(const MountParameters *p) {
+ assert(p);
+
+ return fstab_test_option(p->options,
+ "comment=systemd.automount\0"
+ "x-systemd.automount\0");
+}
+
static bool needs_quota(const MountParameters *p) {
assert(p);
@@ -328,7 +336,8 @@ static int mount_add_device_links(Mount *m) {
if (path_equal(m->where, "/"))
return 0;
- if (mount_is_auto(p) && UNIT(m)->manager->running_as == MANAGER_SYSTEM)
+ if (mount_is_auto(p) && !mount_is_automount(p) &&
+ UNIT(m)->manager->running_as == MANAGER_SYSTEM)
device_wants_mount = true;
r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 97a48764ae..6f576b5ecf 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -336,8 +336,8 @@ static int add_mount(
if (r < 0)
return log_error_errno(r, "Failed to write unit file %s: %m", unit);
- if (!noauto) {
- lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
+ if (!noauto && !automount) {
+ lnk = strjoin(arg_dest, "/", post, nofail ? ".wants/" : ".requires/", name, NULL);
if (!lnk)
return log_oom();

37
0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
View File

@ -1,37 +0,0 @@
From d9e075d88e7d9d82464147d8283771d709c14ef8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Feb 2016 15:13:33 -0500
Subject: [PATCH] Add a workaround for {linux/net}/if.h conflict
Include linux/if.h and make sure we don't include the other file.
https://bugzilla.redhat.com/show_bug.cgi?id=1300256
---
src/shared/firewall-util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index 0d3da2e..c38f9cc 100644
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -16,15 +16,16 @@
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#define _NET_IF_H 1
#include <alloca.h>
#include <arpa/inet.h>
#include <endian.h>
#include <errno.h>
-#include <net/if.h>
#include <stddef.h>
#include <string.h>
#include <sys/socket.h>
+#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter/nf_nat.h>
#include <linux/netfilter/xt_addrtype.h>
--
2.5.0

2
sources
View File

@ -1 +1 @@
5d696f65381b2608da70544df07c2b3c systemd-229.tar.gz f2f10a6f100c38582b4f02d60210227d systemd-230.tar.gz

74
systemd.spec
View File

@ -12,8 +12,8 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 229 Version: 230
Release: 15%{?gitcommit:.git%{gitcommitshort}}%{?dist} Release: 1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager Summary: A System and Service Manager
@ -37,33 +37,7 @@ Source7: systemd-journal-remote.xml
Source8: systemd-journal-gatewayd.xml Source8: systemd-journal-gatewayd.xml
Source9: 20-yama-ptrace.conf Source9: 20-yama-ptrace.conf
Patch0001: 0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch
Patch0002: 0002-core-fix-indenting-in-dump-output.patch
Patch0003: 0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch
Patch0004: 0004-networkd-rework-idle-detection-logic-of-networkd.patch
Patch0005: 0005-core-fix-assertion-check.patch
Patch0006: 0006-udev-fix-cg_unified-return-code-checking.patch
Patch0007: 0007-core-revert-core-resolve-specifier-in-config_parse_e.patch
Patch0008: 0008-activate-fix-E-option-parsing.patch
Patch0009: 0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch
Patch0010: 0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch
Patch0011: 0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch
Patch0012: 0012-networkd-tunnel-fix-tunnel-address.patch
Patch0013: 0013-calendarspec-fix-find_next-skipping-times.patch
Patch0014: 0014-core-exclude-.slice-units-from-systemctl-isolate.patch
Patch0015: 0015-shorten-hostname-before-checking-for-trailing-dot.patch
Patch0016: 0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
Patch0017: 0017-resolved-fix-notification-iteration-logic-when-trans.patch
Patch0018: 0018-selinux-always-try-to-load-the-full-selinux-db.patch
Patch0019: 0019-selinux-use-raw-variants-of-security_compute_create-.patch
Patch0020: 0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch
Patch0021: 0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch
Patch0022: 0022-headers-use-__inline__-instead-of-inline.patch
Patch0023: 0023-dev-console-must-be-labeled-with-SELinux-label.patch
Patch0024: 0024-fstab-generator-fix-automount-option-and-don-t-start.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch0999: 0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
# kernel-install patch for grubby, drop if grubby is obsolete # kernel-install patch for grubby, drop if grubby is obsolete
Patch1000: kernel-install-grubby.patch Patch1000: kernel-install-grubby.patch
@ -126,6 +100,7 @@ Requires: %{name}-pam = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
Recommends: diffutils Recommends: diffutils
Requires: util-linux Requires: util-linux
Recommends: libxkbcommon%{_?isa}
Provides: /bin/systemctl Provides: /bin/systemctl
Provides: /sbin/shutdown Provides: /sbin/shutdown
Provides: syslog Provides: syslog
@ -170,23 +145,11 @@ Requires: %{name} = %{version}-%{release}
%description pam %description pam
Systemd PAM module registers the session with systemd-logind. Systemd PAM module registers the session with systemd-logind.
%package compat-libs
Summary: systemd compatibility libraries
License: LGPLv2+ and MIT
# To reduce confusion, this package can only be installed in parallel
# with the normal systemd-libs, same version.
Requires: systemd-libs%{?_isa} = %{version}-%{release}
%description compat-libs
Compatibility libraries for systemd. If your package requires this
package, you need to update your link options and build.
%package devel %package devel
Summary: Development headers for systemd Summary: Development headers for systemd
License: LGPLv2+ and MIT License: LGPLv2+ and MIT
# We need both libsystemd and libsystemd-<compat> libraries # We need both libsystemd and libsystemd-<compat> libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-compat-libs%{?_isa} = %{version}-%{release}
Provides: libudev-devel = %{version} Provides: libudev-devel = %{version}
Obsoletes: libudev-devel < 183 Obsoletes: libudev-devel < 183
@ -277,8 +240,6 @@ systemd-journal-remote, and systemd-journal-upload.
--exclude src/core/.gitignore \ --exclude src/core/.gitignore \
--exclude src/hostname/.gitignore \ --exclude src/hostname/.gitignore \
--exclude src/journal/.gitignore \ --exclude src/journal/.gitignore \
--exclude src/libsystemd-daemon/.gitignore \
--exclude src/libsystemd-id128/.gitignore \
--exclude src/libudev/.gitignore \ --exclude src/libudev/.gitignore \
--exclude src/locale/.gitignore \ --exclude src/locale/.gitignore \
--exclude src/login/.gitignore \ --exclude src/login/.gitignore \
@ -320,7 +281,6 @@ CONFIGURE_OPTS=(
%configure \ %configure \
"${CONFIGURE_OPTS[@]}" \ "${CONFIGURE_OPTS[@]}" \
--enable-compat-libs \
--enable-xkbcommon \ --enable-xkbcommon \
PYTHON=%{__python3} PYTHON=%{__python3}
make %{?_smp_mflags} GCC_COLORS="" V=1 make %{?_smp_mflags} GCC_COLORS="" V=1
@ -534,9 +494,6 @@ fi
%post libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%post compat-libs -p /sbin/ldconfig
%postun compat-libs -p /sbin/ldconfig
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service
%post udev %post udev
@ -651,7 +608,6 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%config(noreplace) %{_sysconfdir}/systemd/user.conf %config(noreplace) %{_sysconfdir}/systemd/user.conf
%config(noreplace) %{_sysconfdir}/systemd/logind.conf %config(noreplace) %{_sysconfdir}/systemd/logind.conf
%config(noreplace) %{_sysconfdir}/systemd/journald.conf %config(noreplace) %{_sysconfdir}/systemd/journald.conf
%config(noreplace) %{_sysconfdir}/systemd/bootchart.conf
%config(noreplace) %{_sysconfdir}/systemd/resolved.conf %config(noreplace) %{_sysconfdir}/systemd/resolved.conf
%config(noreplace) %{_sysconfdir}/systemd/coredump.conf %config(noreplace) %{_sysconfdir}/systemd/coredump.conf
%config(noreplace) %{_sysconfdir}/yum/protected.d/systemd.conf %config(noreplace) %{_sysconfdir}/yum/protected.d/systemd.conf
@ -691,6 +647,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{_bindir}/systemd-resolve %{_bindir}/systemd-resolve
%{_bindir}/systemd-sysusers %{_bindir}/systemd-sysusers
%{_bindir}/systemd-firstboot %{_bindir}/systemd-firstboot
%{_bindir}/systemd-socket-activate
%{_bindir}/hostnamectl %{_bindir}/hostnamectl
%{_bindir}/localectl %{_bindir}/localectl
%{_bindir}/timedatectl %{_bindir}/timedatectl
@ -837,7 +794,6 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%exclude %{_datadir}/zsh/site-functions/_systemd-nspawn %exclude %{_datadir}/zsh/site-functions/_systemd-nspawn
%{pkgdir}/catalog/systemd.*.catalog %{pkgdir}/catalog/systemd.*.catalog
%{pkgdir}/network/80-container-host0.network %{pkgdir}/network/80-container-host0.network
%{pkgdir}/network/80-container-ve.network
%ghost %dir %{_localstatedir}/lib/rpm-state/systemd %ghost %dir %{_localstatedir}/lib/rpm-state/systemd
@ -851,20 +807,10 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%files pam %files pam
%{_libdir}/security/pam_systemd.so %{_libdir}/security/pam_systemd.so
%files compat-libs
%{_libdir}/libsystemd-daemon.so.*
%{_libdir}/libsystemd-login.so.*
%{_libdir}/libsystemd-journal.so.*
%{_libdir}/libsystemd-id128.so.*
%files devel %files devel
%dir %{_includedir}/systemd %dir %{_includedir}/systemd
%{_libdir}/libudev.so %{_libdir}/libudev.so
%{_libdir}/libsystemd.so %{_libdir}/libsystemd.so
%{_libdir}/libsystemd-daemon.so
%{_libdir}/libsystemd-login.so
%{_libdir}/libsystemd-journal.so
%{_libdir}/libsystemd-id128.so
%{_includedir}/systemd/sd-daemon.h %{_includedir}/systemd/sd-daemon.h
%{_includedir}/systemd/sd-login.h %{_includedir}/systemd/sd-login.h
%{_includedir}/systemd/sd-journal.h %{_includedir}/systemd/sd-journal.h
@ -878,10 +824,6 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{_includedir}/libudev.h %{_includedir}/libudev.h
%{_libdir}/pkgconfig/libudev.pc %{_libdir}/pkgconfig/libudev.pc
%{_libdir}/pkgconfig/libsystemd.pc %{_libdir}/pkgconfig/libsystemd.pc
%{_libdir}/pkgconfig/libsystemd-daemon.pc
%{_libdir}/pkgconfig/libsystemd-login.pc
%{_libdir}/pkgconfig/libsystemd-journal.pc
%{_libdir}/pkgconfig/libsystemd-id128.pc
%{_mandir}/man3/* %{_mandir}/man3/*
%files udev %files udev
@ -985,6 +927,8 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{pkgdir}/systemd-import %{pkgdir}/systemd-import
%{pkgdir}/systemd-importd %{pkgdir}/systemd-importd
%{pkgdir}/systemd-pull %{pkgdir}/systemd-pull
%{pkgdir}/network/80-container-ve.network
%{pkgdir}/network/80-container-vz.network
%{_datadir}/dbus-1/system-services/org.freedesktop.machine1.service %{_datadir}/dbus-1/system-services/org.freedesktop.machine1.service
%{_datadir}/dbus-1/system-services/org.freedesktop.import1.service %{_datadir}/dbus-1/system-services/org.freedesktop.import1.service
%{_datadir}/polkit-1/actions/org.freedesktop.import1.policy %{_datadir}/polkit-1/actions/org.freedesktop.import1.policy
@ -1015,6 +959,12 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{_mandir}/man[1578]/systemd-nspawn.* %{_mandir}/man[1578]/systemd-nspawn.*
%changelog %changelog
* Wed May 18 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 230-1
- New version
- Drop compat-libs
- Require libxkbcommon explictly, since the automatic dependency will
not be generated anymore
* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-15 * Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-15
- Remove duplicated entries in -container %%files (#1330395) - Remove duplicated entries in -container %%files (#1330395)