parent
0224c0ebb1
commit
9efbb443aa
47
0001-logind-set-RemoveIPC-to-false-by-default.patch
Normal file
47
0001-logind-set-RemoveIPC-to-false-by-default.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Wed, 1 Aug 2018 10:58:28 +0200
|
||||||
|
Subject: [PATCH] logind: set RemoveIPC to false by default
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1959836
|
||||||
|
|
||||||
|
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
|
||||||
|
index 3045c1b9ba..96fa076239 100644
|
||||||
|
--- a/man/logind.conf.xml
|
||||||
|
+++ b/man/logind.conf.xml
|
||||||
|
@@ -354,7 +354,7 @@
|
||||||
|
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
|
||||||
|
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
|
||||||
|
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
|
||||||
|
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
|
||||||
|
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
|
||||||
|
index 254a1a69fb..616c08132a 100644
|
||||||
|
--- a/src/login/logind-core.c
|
||||||
|
+++ b/src/login/logind-core.c
|
||||||
|
@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
|
||||||
|
|
||||||
|
m->n_autovts = 6;
|
||||||
|
m->reserve_vt = 6;
|
||||||
|
- m->remove_ipc = true;
|
||||||
|
+ m->remove_ipc = false;
|
||||||
|
m->inhibit_delay_max = 5 * USEC_PER_SEC;
|
||||||
|
m->user_stop_delay = 10 * USEC_PER_SEC;
|
||||||
|
|
||||||
|
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
|
||||||
|
index 2d084e134d..79d685b3de 100644
|
||||||
|
--- a/src/login/logind.conf.in
|
||||||
|
+++ b/src/login/logind.conf.in
|
||||||
|
@@ -40,6 +40,6 @@
|
||||||
|
#IdleActionSec=30min
|
||||||
|
#RuntimeDirectorySize=10%
|
||||||
|
#RuntimeDirectoryInodes=400k
|
||||||
|
-#RemoveIPC=yes
|
||||||
|
+#RemoveIPC=no
|
||||||
|
#InhibitorsMax=8192
|
||||||
|
#SessionsMax=8192
|
@ -0,0 +1,38 @@
|
|||||||
|
From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Thu, 5 Aug 2021 17:11:47 +0200
|
||||||
|
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
|
||||||
|
symlink
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1989472
|
||||||
|
|
||||||
|
diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
|
||||||
|
index b8d3919025..6ae9e3e0b8 100644
|
||||||
|
--- a/tmpfiles.d/meson.build
|
||||||
|
+++ b/tmpfiles.d/meson.build
|
||||||
|
@@ -7,7 +7,6 @@ files = [['README', ''],
|
||||||
|
['journal-nocow.conf', ''],
|
||||||
|
['systemd-nologin.conf', 'HAVE_PAM'],
|
||||||
|
['systemd-nspawn.conf', 'ENABLE_MACHINED'],
|
||||||
|
- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
|
||||||
|
['systemd-tmp.conf', ''],
|
||||||
|
['portables.conf', 'ENABLE_PORTABLED'],
|
||||||
|
['systemd-pstore.conf', 'ENABLE_PSTORE'],
|
||||||
|
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
|
||||||
|
deleted file mode 100644
|
||||||
|
index cb1c56d6a6..0000000000
|
||||||
|
--- a/tmpfiles.d/systemd-resolve.conf
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,10 +0,0 @@
|
||||||
|
-# This file is part of systemd.
|
||||||
|
-#
|
||||||
|
-# systemd is free software; you can redistribute it and/or modify it
|
||||||
|
-# under the terms of the GNU Lesser General Public License as published by
|
||||||
|
-# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
|
-# (at your option) any later version.
|
||||||
|
-
|
||||||
|
-# See tmpfiles.d(5) for details
|
||||||
|
-
|
||||||
|
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
73
0003-Copy-40-redhat.rules-from-RHEL-8.patch
Normal file
73
0003-Copy-40-redhat.rules-from-RHEL-8.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Fri, 2 Jul 2021 13:25:51 +0200
|
||||||
|
Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1978639
|
||||||
|
|
||||||
|
diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..3c95cd2df0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/rules.d/40-redhat.rules
|
||||||
|
@@ -0,0 +1,46 @@
|
||||||
|
+# do not edit this file, it will be overwritten on update
|
||||||
|
+
|
||||||
|
+# CPU hotadd request
|
||||||
|
+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||||
|
+
|
||||||
|
+# Memory hotadd request
|
||||||
|
+SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
|
||||||
|
+ACTION!="add", GOTO="memory_hotplug_end"
|
||||||
|
+CONST{arch}=="s390*", GOTO="memory_hotplug_end"
|
||||||
|
+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
|
||||||
|
+
|
||||||
|
+ENV{.state}="online"
|
||||||
|
+CONST{virt}=="none", ENV{.state}="online_movable"
|
||||||
|
+ATTR{state}=="offline", ATTR{state}="$env{.state}"
|
||||||
|
+
|
||||||
|
+LABEL="memory_hotplug_end"
|
||||||
|
+
|
||||||
|
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||||
|
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
||||||
|
+
|
||||||
|
+# load SCSI generic (sg) driver
|
||||||
|
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||||
|
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||||
|
+
|
||||||
|
+# Rule for prandom character device node permissions
|
||||||
|
+KERNEL=="prandom", MODE="0644"
|
||||||
|
+
|
||||||
|
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
|
||||||
|
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
|
||||||
|
+#
|
||||||
|
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
|
||||||
|
+# (both disk and partition) are SCSI devices based on FCP devices
|
||||||
|
+#
|
||||||
|
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
|
||||||
|
+
|
||||||
|
+# For SCSI disks
|
||||||
|
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+# For partitions on a SCSI disk
|
||||||
|
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
|
||||||
|
+
|
||||||
|
+LABEL="zfcp_scsi_device_end"
|
||||||
|
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||||
|
index 5cecddb34f..c5c3590b29 100644
|
||||||
|
--- a/rules.d/meson.build
|
||||||
|
+++ b/rules.d/meson.build
|
||||||
|
@@ -5,6 +5,7 @@ install_data(
|
||||||
|
install_dir : udevrulesdir)
|
||||||
|
|
||||||
|
rules = files('''
|
||||||
|
+ 40-redhat.rules
|
||||||
|
60-autosuspend.rules
|
||||||
|
60-block.rules
|
||||||
|
60-cdrom_id.rules
|
@ -0,0 +1,41 @@
|
|||||||
|
From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Synacek <jsynacek@redhat.com>
|
||||||
|
Date: Tue, 15 May 2018 09:24:20 +0200
|
||||||
|
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
|
||||||
|
|
||||||
|
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
|
||||||
|
adds an After relationship.
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1959826
|
||||||
|
|
||||||
|
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||||
|
index b1f1f5c82c..3a8251e2b8 100644
|
||||||
|
--- a/src/core/unit.c
|
||||||
|
+++ b/src/core/unit.c
|
||||||
|
@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
|
||||||
|
}
|
||||||
|
|
||||||
|
if (c->private_tmp) {
|
||||||
|
-
|
||||||
|
- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
|
||||||
|
- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
|
||||||
|
- * /tmp specifically and masking other mount units should be handled more
|
||||||
|
- * gracefully too, see PR#16894. */
|
||||||
|
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
||||||
|
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
diff --git a/units/basic.target b/units/basic.target
|
||||||
|
index d8cdd5ac14..9eae0782a2 100644
|
||||||
|
--- a/units/basic.target
|
||||||
|
+++ b/units/basic.target
|
||||||
|
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
|
||||||
|
# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
|
||||||
|
# we support that unit being masked, and this should not be considered an error.
|
||||||
|
RequiresMountsFor=/var /var/tmp
|
||||||
|
-Wants=tmp.mount
|
||||||
|
+# RHEL-only: Disable /tmp on tmpfs.
|
||||||
|
+#Wants=tmp.mount
|
34
0005-unit-don-t-add-Requires-for-tmp.mount.patch
Normal file
34
0005-unit-don-t-add-Requires-for-tmp.mount.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||||
|
Date: Mon, 5 Sep 2016 12:47:09 +0200
|
||||||
|
Subject: [PATCH] unit: don't add Requires for tmp.mount
|
||||||
|
|
||||||
|
rhel-only
|
||||||
|
Resolves: #1619292
|
||||||
|
|
||||||
|
diff --git a/src/core/mount.c b/src/core/mount.c
|
||||||
|
index 0170406351..4d407ca4e5 100644
|
||||||
|
--- a/src/core/mount.c
|
||||||
|
+++ b/src/core/mount.c
|
||||||
|
@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) {
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
- if (UNIT(m)->fragment_path) {
|
||||||
|
+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
|
||||||
|
/* If we have fragment configuration, then make this dependency required */
|
||||||
|
r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
|
||||||
|
if (r < 0)
|
||||||
|
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||||
|
index 3a8251e2b8..d2adb447b6 100644
|
||||||
|
--- a/src/core/unit.c
|
||||||
|
+++ b/src/core/unit.c
|
||||||
|
@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) {
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
- if (m->fragment_path) {
|
||||||
|
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
|
||||||
|
r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
21
0006-units-add-Install-section-to-tmp.mount.patch
Normal file
21
0006-units-add-Install-section-to-tmp.mount.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
From 0e4d18011e394d83c5e6ce045c05b03619fe7145 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Synacek <jsynacek@redhat.com>
|
||||||
|
Date: Tue, 22 Jan 2019 10:28:42 +0100
|
||||||
|
Subject: [PATCH] units: add [Install] section to tmp.mount
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Related: #1959826
|
||||||
|
|
||||||
|
diff --git a/units/tmp.mount b/units/tmp.mount
|
||||||
|
index 4e1bb8de24..4874e8daff 100644
|
||||||
|
--- a/units/tmp.mount
|
||||||
|
+++ b/units/tmp.mount
|
||||||
|
@@ -23,3 +23,7 @@ What=tmpfs
|
||||||
|
Where=/tmp
|
||||||
|
Type=tmpfs
|
||||||
|
Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
|
||||||
|
+
|
||||||
|
+# Make 'systemctl enable tmp.mount' work:
|
||||||
|
+[Install]
|
||||||
|
+WantedBy=local-fs.target
|
26
0007-rc-local-order-after-network-online.target.patch
Normal file
26
0007-rc-local-order-after-network-online.target.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 6dc2d5628fded20609561ca3c63517b3dc381042 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Thu, 11 Mar 2021 15:48:23 +0100
|
||||||
|
Subject: [PATCH] rc-local: order after network-online.target
|
||||||
|
|
||||||
|
I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
|
||||||
|
just network-online.target didn't exist back then.
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1954429
|
||||||
|
|
||||||
|
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
|
||||||
|
index 55e83dfe00..0eee722154 100644
|
||||||
|
--- a/units/rc-local.service.in
|
||||||
|
+++ b/units/rc-local.service.in
|
||||||
|
@@ -13,7 +13,8 @@
|
||||||
|
Description={{RC_LOCAL_PATH}} Compatibility
|
||||||
|
Documentation=man:systemd-rc-local-generator(8)
|
||||||
|
ConditionFileIsExecutable={{RC_LOCAL_PATH}}
|
||||||
|
-After=network.target
|
||||||
|
+After=network-online.target
|
||||||
|
+Wants=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
286
0008-ci-drop-CIs-irrelevant-for-downstream.patch
Normal file
286
0008-ci-drop-CIs-irrelevant-for-downstream.patch
Normal file
@ -0,0 +1,286 @@
|
|||||||
|
From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||||
|
Date: Sun, 18 Apr 2021 20:46:06 +0200
|
||||||
|
Subject: [PATCH] ci: drop CIs irrelevant for downstream
|
||||||
|
|
||||||
|
* CIFuzz would need a separate project in oss-fuzz
|
||||||
|
* Coverity would also need a separate project
|
||||||
|
* the Labeler action is superfluous, since we already have a bot for
|
||||||
|
that
|
||||||
|
* mkosi testing on other distros is irrelevant for downstream RHEL
|
||||||
|
repo
|
||||||
|
|
||||||
|
Resolves: #1960703
|
||||||
|
rhel-only
|
||||||
|
|
||||||
|
diff --git a/.github/labeler.yml b/.github/labeler.yml
|
||||||
|
deleted file mode 100644
|
||||||
|
index 7d128f42d6..0000000000
|
||||||
|
--- a/.github/labeler.yml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,40 +0,0 @@
|
||||||
|
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
-
|
||||||
|
-hwdb:
|
||||||
|
- - hwdb.d/**/*
|
||||||
|
-units:
|
||||||
|
- - units/**/*
|
||||||
|
-documentation:
|
||||||
|
- - NEWS
|
||||||
|
- - docs/*
|
||||||
|
-network:
|
||||||
|
- - src/libsystemd-network/**/*
|
||||||
|
- - src/network/**/*
|
||||||
|
-udev:
|
||||||
|
- - src/udev/**/*
|
||||||
|
- - src/libudev/*
|
||||||
|
-selinux:
|
||||||
|
- - '**/*selinux*'
|
||||||
|
-apparmor:
|
||||||
|
- - '**/*apparmor*'
|
||||||
|
-meson:
|
||||||
|
- - meson_option.txt
|
||||||
|
-mkosi:
|
||||||
|
- - .mkosi/*
|
||||||
|
- - mkosi.build
|
||||||
|
-busctl:
|
||||||
|
- - src/busctl/*
|
||||||
|
-systemctl:
|
||||||
|
- - src/systemctl/*
|
||||||
|
-journal:
|
||||||
|
- - src/journal/*
|
||||||
|
-journal-remote:
|
||||||
|
- - src/journal-remote/*
|
||||||
|
-portable:
|
||||||
|
- - src/portable/**/*
|
||||||
|
-resolve:
|
||||||
|
- - src/resolve/*
|
||||||
|
-timedate:
|
||||||
|
- - src/timedate/*
|
||||||
|
-timesync:
|
||||||
|
- - src/timesync/*
|
||||||
|
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
|
||||||
|
deleted file mode 100644
|
||||||
|
index 11ea788a47..0000000000
|
||||||
|
--- a/.github/workflows/cifuzz.yml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,55 +0,0 @@
|
||||||
|
----
|
||||||
|
-# vi: ts=2 sw=2 et:
|
||||||
|
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
|
||||||
|
-
|
||||||
|
-name: CIFuzz
|
||||||
|
-
|
||||||
|
-permissions:
|
||||||
|
- contents: read
|
||||||
|
-
|
||||||
|
-on:
|
||||||
|
- pull_request:
|
||||||
|
- paths:
|
||||||
|
- - '**/meson.build'
|
||||||
|
- - '.github/workflows/**'
|
||||||
|
- - 'meson_options.txt'
|
||||||
|
- - 'src/**'
|
||||||
|
- - 'test/fuzz/**'
|
||||||
|
- - 'tools/oss-fuzz.sh'
|
||||||
|
- push:
|
||||||
|
- branches:
|
||||||
|
- - main
|
||||||
|
-jobs:
|
||||||
|
- Fuzzing:
|
||||||
|
- runs-on: ubuntu-latest
|
||||||
|
- if: github.repository == 'systemd/systemd'
|
||||||
|
- concurrency:
|
||||||
|
- group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
|
||||||
|
- cancel-in-progress: true
|
||||||
|
- strategy:
|
||||||
|
- fail-fast: false
|
||||||
|
- matrix:
|
||||||
|
- sanitizer: [address, undefined, memory]
|
||||||
|
- steps:
|
||||||
|
- - name: Build Fuzzers (${{ matrix.sanitizer }})
|
||||||
|
- id: build
|
||||||
|
- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||||
|
- with:
|
||||||
|
- oss-fuzz-project-name: 'systemd'
|
||||||
|
- dry-run: false
|
||||||
|
- allowed-broken-targets-percentage: 0
|
||||||
|
- sanitizer: ${{ matrix.sanitizer }}
|
||||||
|
- - name: Run Fuzzers (${{ matrix.sanitizer }})
|
||||||
|
- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||||
|
- with:
|
||||||
|
- oss-fuzz-project-name: 'systemd'
|
||||||
|
- fuzz-seconds: 600
|
||||||
|
- dry-run: false
|
||||||
|
- sanitizer: ${{ matrix.sanitizer }}
|
||||||
|
- - name: Upload Crash
|
||||||
|
- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2
|
||||||
|
- if: failure() && steps.build.outcome == 'success'
|
||||||
|
- with:
|
||||||
|
- name: ${{ matrix.sanitizer }}-artifacts
|
||||||
|
- path: ./out/artifacts
|
||||||
|
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
|
||||||
|
deleted file mode 100644
|
||||||
|
index a164d16fbf..0000000000
|
||||||
|
--- a/.github/workflows/coverity.yml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,43 +0,0 @@
|
||||||
|
----
|
||||||
|
-# vi: ts=2 sw=2 et:
|
||||||
|
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
-#
|
||||||
|
-name: Coverity
|
||||||
|
-
|
||||||
|
-on:
|
||||||
|
- schedule:
|
||||||
|
- # Run Coverity daily at midnight
|
||||||
|
- - cron: '0 0 * * *'
|
||||||
|
-
|
||||||
|
-permissions:
|
||||||
|
- contents: read
|
||||||
|
-
|
||||||
|
-jobs:
|
||||||
|
- build:
|
||||||
|
- runs-on: ubuntu-20.04
|
||||||
|
- if: github.repository == 'systemd/systemd'
|
||||||
|
- env:
|
||||||
|
- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
|
||||||
|
- COVERITY_SCAN_NOTIFICATION_EMAIL: ""
|
||||||
|
- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
|
||||||
|
- # Set in repo settings -> secrets -> repository secrets
|
||||||
|
- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
|
||||||
|
- CURRENT_REF: "${{ github.ref }}"
|
||||||
|
- steps:
|
||||||
|
- - name: Repository checkout
|
||||||
|
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
|
||||||
|
- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
|
||||||
|
- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
|
||||||
|
- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
|
||||||
|
- - name: Install Coverity tools
|
||||||
|
- run: tools/get-coverity.sh
|
||||||
|
- # Reuse the setup phase of the unit test script to avoid code duplication
|
||||||
|
- - name: Install build dependencies
|
||||||
|
- run: sudo -E .github/workflows/unit_tests.sh SETUP
|
||||||
|
- # Preconfigure with meson to prevent Coverity from capturing meson metadata
|
||||||
|
- - name: Preconfigure the build directory
|
||||||
|
- run: meson cov-build -Dman=false
|
||||||
|
- - name: Build
|
||||||
|
- run: tools/coverity.sh build
|
||||||
|
- - name: Upload the results
|
||||||
|
- run: tools/coverity.sh upload
|
||||||
|
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
|
||||||
|
deleted file mode 100644
|
||||||
|
index 34d9d63d42..0000000000
|
||||||
|
--- a/.github/workflows/labeler.yml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,23 +0,0 @@
|
||||||
|
----
|
||||||
|
-# vi: ts=2 sw=2 et:
|
||||||
|
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
-#
|
||||||
|
-name: "Pull Request Labeler"
|
||||||
|
-
|
||||||
|
-on:
|
||||||
|
-- pull_request_target
|
||||||
|
-
|
||||||
|
-permissions:
|
||||||
|
- contents: read
|
||||||
|
-
|
||||||
|
-jobs:
|
||||||
|
- triage:
|
||||||
|
- runs-on: ubuntu-latest
|
||||||
|
- permissions:
|
||||||
|
- pull-requests: write
|
||||||
|
- steps:
|
||||||
|
- - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e
|
||||||
|
- with:
|
||||||
|
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
||||||
|
- configuration-path: .github/labeler.yml
|
||||||
|
- sync-labels: "" # This is a workaround for issue 18671
|
||||||
|
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
|
||||||
|
deleted file mode 100644
|
||||||
|
index 8fd6c72e26..0000000000
|
||||||
|
--- a/.github/workflows/mkosi.yml
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,80 +0,0 @@
|
||||||
|
----
|
||||||
|
-# vi: ts=2 sw=2 et:
|
||||||
|
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/.
|
||||||
|
-name: mkosi
|
||||||
|
-
|
||||||
|
-on:
|
||||||
|
- push:
|
||||||
|
- branches:
|
||||||
|
- - main
|
||||||
|
- - v[0-9]+-stable
|
||||||
|
- pull_request:
|
||||||
|
- branches:
|
||||||
|
- - main
|
||||||
|
- - v[0-9]+-stable
|
||||||
|
-
|
||||||
|
-permissions:
|
||||||
|
- contents: read
|
||||||
|
-
|
||||||
|
-env:
|
||||||
|
- # Enable debug logging in systemd, but keep udev's log level to info,
|
||||||
|
- # since it's _very_ verbose in the QEMU task
|
||||||
|
- KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console"
|
||||||
|
-
|
||||||
|
-jobs:
|
||||||
|
- ci:
|
||||||
|
- runs-on: ubuntu-20.04
|
||||||
|
- concurrency:
|
||||||
|
- group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }}
|
||||||
|
- cancel-in-progress: true
|
||||||
|
- strategy:
|
||||||
|
- fail-fast: false
|
||||||
|
- matrix:
|
||||||
|
- distro:
|
||||||
|
- - arch
|
||||||
|
- - debian
|
||||||
|
- - ubuntu
|
||||||
|
- - fedora
|
||||||
|
- - opensuse
|
||||||
|
-
|
||||||
|
- steps:
|
||||||
|
- - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
|
||||||
|
- - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5
|
||||||
|
-
|
||||||
|
- - name: Install
|
||||||
|
- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
|
||||||
|
-
|
||||||
|
- - name: Configure
|
||||||
|
- run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default
|
||||||
|
-
|
||||||
|
- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
|
||||||
|
- # required, since current Arch's glibc implements faccessat() via faccessat2().
|
||||||
|
- - name: Update systemd-nspawn
|
||||||
|
- if: ${{ matrix.distro == 'arch' }}
|
||||||
|
- run: |
|
||||||
|
- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
|
||||||
|
- sudo apt update
|
||||||
|
- sudo apt build-dep systemd
|
||||||
|
- meson build
|
||||||
|
- ninja -C build
|
||||||
|
- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
|
||||||
|
- systemd-nspawn --version
|
||||||
|
-
|
||||||
|
- - name: Build ${{ matrix.distro }}
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build
|
||||||
|
-
|
||||||
|
- - name: Show ${{ matrix.distro }} image summary
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh summary
|
||||||
|
-
|
||||||
|
- - name: Boot ${{ matrix.distro }} systemd-nspawn
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }}
|
||||||
|
-
|
||||||
|
- - name: Check ${{ matrix.distro }} systemd-nspawn
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
|
||||||
|
-
|
||||||
|
- - name: Boot ${{ matrix.distro }} QEMU
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh qemu
|
||||||
|
-
|
||||||
|
- - name: Check ${{ matrix.distro }} QEMU
|
||||||
|
- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
|
58
0009-ci-reconfigure-Packit-for-RHEL-9.patch
Normal file
58
0009-ci-reconfigure-Packit-for-RHEL-9.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||||
|
Date: Wed, 9 Jun 2021 15:23:59 +0200
|
||||||
|
Subject: [PATCH] ci: reconfigure Packit for RHEL 9
|
||||||
|
|
||||||
|
Resolves: #1960703
|
||||||
|
rhel-only
|
||||||
|
|
||||||
|
diff --git a/.packit.yml b/.packit.yml
|
||||||
|
index 962c77913e..3461bccbc5 100644
|
||||||
|
--- a/.packit.yml
|
||||||
|
+++ b/.packit.yml
|
||||||
|
@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
|
||||||
|
|
||||||
|
actions:
|
||||||
|
post-upstream-clone:
|
||||||
|
- # Use the Fedora Rawhide specfile
|
||||||
|
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
|
||||||
|
+ # Use the CentOS Stream specfile
|
||||||
|
+ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
|
||||||
|
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
|
||||||
|
- "rm -fv .packit_rpm/sources"
|
||||||
|
- # Drop backported patches from the specfile, but keep the downstream-only ones
|
||||||
|
- # - Patch0000-0499: backported patches from upstream
|
||||||
|
- # - Patch0500-9999: downstream-only patches
|
||||||
|
- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
|
||||||
|
+ # Drop all patches, since they're already included in the tarball
|
||||||
|
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
|
||||||
|
# Build the RPM with --werror. Even though --werror doesn't work in all
|
||||||
|
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
|
||||||
|
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
|
||||||
|
@@ -32,12 +30,22 @@ actions:
|
||||||
|
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
|
||||||
|
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
|
||||||
|
|
||||||
|
+# Available targets can be listed via `copr-cli list-chroots`
|
||||||
|
jobs:
|
||||||
|
+# Build test
|
||||||
|
- job: copr_build
|
||||||
|
trigger: pull_request
|
||||||
|
metadata:
|
||||||
|
targets:
|
||||||
|
- - fedora-rawhide-aarch64
|
||||||
|
- - fedora-rawhide-i386
|
||||||
|
- - fedora-rawhide-ppc64le
|
||||||
|
- - fedora-rawhide-x86_64
|
||||||
|
+ # FIXME: change to CentOS 9 once it's available
|
||||||
|
+ - fedora-34-x86_64
|
||||||
|
+ - fedora-34-aarch64
|
||||||
|
+
|
||||||
|
+# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
|
||||||
|
+# Run tests (via testing farm)
|
||||||
|
+#- job: tests
|
||||||
|
+# trigger: pull_request
|
||||||
|
+# metadata:
|
||||||
|
+# targets:
|
||||||
|
+# # FIXME: change to CentOS 9 once it's available
|
||||||
|
+# - fedora-34-x86_64
|
25
0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
Normal file
25
0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||||
|
Date: Thu, 15 Jul 2021 12:23:27 +0200
|
||||||
|
Subject: [PATCH] ci: run unit tests on z-stream branches as well
|
||||||
|
|
||||||
|
Resolves: #1960703
|
||||||
|
rhel-only
|
||||||
|
|
||||||
|
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
|
||||||
|
index d4a4f3c723..2afde5d59d 100644
|
||||||
|
--- a/.github/workflows/unit_tests.yml
|
||||||
|
+++ b/.github/workflows/unit_tests.yml
|
||||||
|
@@ -3,11 +3,7 @@
|
||||||
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
#
|
||||||
|
name: Unit tests
|
||||||
|
-on:
|
||||||
|
- pull_request:
|
||||||
|
- branches:
|
||||||
|
- - main
|
||||||
|
- - v[0-9]+-stable
|
||||||
|
+on: [pull_request]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
22
0011-random-util-increase-random-seed-size-to-1024.patch
Normal file
22
0011-random-util-increase-random-seed-size-to-1024.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Thu, 15 Jul 2021 11:15:17 +0200
|
||||||
|
Subject: [PATCH] random-util: increase random seed size to 1024
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1982603
|
||||||
|
|
||||||
|
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
|
||||||
|
index e6528ddc7f..fda78552f6 100644
|
||||||
|
--- a/src/basic/random-util.h
|
||||||
|
+++ b/src/basic/random-util.h
|
||||||
|
@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
|
||||||
|
int rdrand(unsigned long *ret);
|
||||||
|
|
||||||
|
/* Some limits on the pool sizes when we deal with the kernel random pool */
|
||||||
|
-#define RANDOM_POOL_SIZE_MIN 512U
|
||||||
|
+#define RANDOM_POOL_SIZE_MIN 1024U
|
||||||
|
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
|
||||||
|
|
||||||
|
size_t random_pool_size(void);
|
@ -0,0 +1,37 @@
|
|||||||
|
From f1d66259bcff8333d7dd495bbeef274206f7300d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Synacek <jsynacek@redhat.com>
|
||||||
|
Date: Thu, 2 May 2019 14:11:54 +0200
|
||||||
|
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
|
||||||
|
default
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1973856
|
||||||
|
|
||||||
|
diff --git a/units/meson.build b/units/meson.build
|
||||||
|
index a9bf28f6d9..69d53f4259 100644
|
||||||
|
--- a/units/meson.build
|
||||||
|
+++ b/units/meson.build
|
||||||
|
@@ -124,8 +124,7 @@ units = [
|
||||||
|
'sysinit.target.wants/'],
|
||||||
|
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||||
|
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||||
|
- ['systemd-journald-audit.socket', '',
|
||||||
|
- 'sockets.target.wants/'],
|
||||||
|
+ ['systemd-journald-audit.socket', ''],
|
||||||
|
['systemd-journald-dev-log.socket', '',
|
||||||
|
'sockets.target.wants/'],
|
||||||
|
['systemd-journald.socket', '',
|
||||||
|
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||||
|
index cd17b6b4e7..d981273b07 100644
|
||||||
|
--- a/units/systemd-journald.service.in
|
||||||
|
+++ b/units/systemd-journald.service.in
|
||||||
|
@@ -12,7 +12,7 @@ Description=Journal Service
|
||||||
|
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
|
||||||
|
DefaultDependencies=no
|
||||||
|
Requires=systemd-journald.socket
|
||||||
|
-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
|
||||||
|
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
|
||||||
|
Before=sysinit.target
|
||||||
|
|
||||||
|
[Service]
|
19
0013-journald.conf-don-t-touch-current-audit-settings.patch
Normal file
19
0013-journald.conf-don-t-touch-current-audit-settings.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Thu, 5 Aug 2021 15:26:13 +0200
|
||||||
|
Subject: [PATCH] journald.conf: don't touch current audit settings
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Related: #1973856
|
||||||
|
|
||||||
|
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
|
||||||
|
index 5a60a9d39c..3544da2112 100644
|
||||||
|
--- a/src/journal/journald.conf
|
||||||
|
+++ b/src/journal/journald.conf
|
||||||
|
@@ -44,4 +44,4 @@
|
||||||
|
#MaxLevelWall=emerg
|
||||||
|
#LineMax=48K
|
||||||
|
#ReadKMsg=yes
|
||||||
|
-#Audit=yes
|
||||||
|
+Audit=
|
132
0014-Revert-udev-remove-WAIT_FOR-key.patch
Normal file
132
0014-Revert-udev-remove-WAIT_FOR-key.patch
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Tue, 10 Aug 2021 14:46:16 +0200
|
||||||
|
Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
|
||||||
|
|
||||||
|
This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1982666
|
||||||
|
|
||||||
|
diff --git a/man/udev.xml b/man/udev.xml
|
||||||
|
index f6ea2abc12..ce96e201e4 100644
|
||||||
|
--- a/man/udev.xml
|
||||||
|
+++ b/man/udev.xml
|
||||||
|
@@ -592,6 +592,15 @@
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term><varname>WAIT_FOR</varname></term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>Wait for a file to become available or until a timeout of
|
||||||
|
+ 10 seconds expires. The path is relative to the sysfs device;
|
||||||
|
+ if no path is specified, this waits for an attribute to appear.</para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>OPTIONS</varname></term>
|
||||||
|
<listitem>
|
||||||
|
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
|
||||||
|
index 1a384d6b38..243a792662 100644
|
||||||
|
--- a/src/udev/udev-rules.c
|
||||||
|
+++ b/src/udev/udev-rules.c
|
||||||
|
@@ -79,6 +79,7 @@ typedef enum {
|
||||||
|
TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
|
||||||
|
TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */
|
||||||
|
TK_M_DRIVER, /* string, sd_device_get_driver() */
|
||||||
|
+ TK_M_WAITFOR,
|
||||||
|
TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
|
||||||
|
TK_M_SYSCTL, /* string, takes kernel parameter through attribute */
|
||||||
|
|
||||||
|
@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
|
||||||
|
rule_line->current_token = token;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#define WAIT_LOOP_PER_SECOND 50
|
||||||
|
+static int wait_for_file(sd_device *dev, const char *file, int timeout) {
|
||||||
|
+ char filepath[UDEV_PATH_SIZE];
|
||||||
|
+ char devicepath[UDEV_PATH_SIZE];
|
||||||
|
+ struct stat stats;
|
||||||
|
+ int loop = timeout * WAIT_LOOP_PER_SECOND;
|
||||||
|
+
|
||||||
|
+ /* a relative path is a device attribute */
|
||||||
|
+ devicepath[0] = '\0';
|
||||||
|
+ if (file[0] != '/') {
|
||||||
|
+ const char *val;
|
||||||
|
+ int r;
|
||||||
|
+
|
||||||
|
+ r = sd_device_get_syspath(dev, &val);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ return r;
|
||||||
|
+ strscpyl(devicepath, sizeof(devicepath), val, NULL);
|
||||||
|
+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
|
||||||
|
+ file = filepath;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while (--loop) {
|
||||||
|
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
|
||||||
|
+
|
||||||
|
+ /* lookup file */
|
||||||
|
+ if (stat(file, &stats) == 0) {
|
||||||
|
+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ /* make sure, the device did not disappear in the meantime */
|
||||||
|
+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
|
||||||
|
+ log_debug("device disappeared while waiting for '%s'", file);
|
||||||
|
+ return -2;
|
||||||
|
+ }
|
||||||
|
+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
|
||||||
|
+ nanosleep(&duration, NULL);
|
||||||
|
+ }
|
||||||
|
+ log_debug("waiting for '%s' failed", file);
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
|
||||||
|
UdevRuleToken *token;
|
||||||
|
UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
|
||||||
|
@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
|
||||||
|
r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
|
||||||
|
} else
|
||||||
|
return log_token_invalid_attr(rules, key);
|
||||||
|
+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
|
||||||
|
+ if (op == OP_REMOVE)
|
||||||
|
+ return log_token_invalid_op(rules, key);
|
||||||
|
+
|
||||||
|
+ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
|
||||||
|
+ return 1;
|
||||||
|
} else if (streq(key, "GOTO")) {
|
||||||
|
if (attr)
|
||||||
|
return log_token_invalid_attr(rules, key);
|
||||||
|
@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
|
||||||
|
|
||||||
|
return token_match_string(token, val);
|
||||||
|
}
|
||||||
|
+ case TK_M_WAITFOR: {
|
||||||
|
+ char filename[UDEV_PATH_SIZE];
|
||||||
|
+ int found;
|
||||||
|
+
|
||||||
|
+ udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
|
||||||
|
+ found = (wait_for_file(event->dev, filename, 10) == 0);
|
||||||
|
+ return found || (token->op == OP_NOMATCH);
|
||||||
|
+ }
|
||||||
|
case TK_M_ATTR:
|
||||||
|
case TK_M_PARENTS_ATTR:
|
||||||
|
return token_match_attr(token, dev, event);
|
||||||
|
diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
|
||||||
|
index 9a9e4d1658..0649bcf58e 100755
|
||||||
|
--- a/test/rule-syntax-check.py
|
||||||
|
+++ b/test/rule-syntax-check.py
|
||||||
|
@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
|
||||||
|
# PROGRAM can also be specified as an assignment.
|
||||||
|
program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
|
||||||
|
args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
|
||||||
|
-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||||
|
+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||||
|
args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
|
||||||
|
# Find comma-separated groups, but allow commas that are inside quoted strings.
|
||||||
|
# Using quoted_string_re + '?' so that strings missing the last double quote
|
22
0015-Really-don-t-enable-systemd-journald-audit.socket.patch
Normal file
22
0015-Really-don-t-enable-systemd-journald-audit.socket.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Wed, 25 Aug 2021 16:03:04 +0200
|
||||||
|
Subject: [PATCH] Really don't enable systemd-journald-audit.socket
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1973856
|
||||||
|
|
||||||
|
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||||
|
index d981273b07..f190dff5fb 100644
|
||||||
|
--- a/units/systemd-journald.service.in
|
||||||
|
+++ b/units/systemd-journald.service.in
|
||||||
|
@@ -33,7 +33,7 @@ RestrictRealtime=yes
|
||||||
|
RestrictSUIDSGID=yes
|
||||||
|
RuntimeDirectory=systemd/journal
|
||||||
|
RuntimeDirectoryPreserve=yes
|
||||||
|
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
|
||||||
|
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
|
||||||
|
StandardOutput=null
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallErrorNumber=EPERM
|
51
0016-rules-add-elevator-kernel-command-line-parameter.patch
Normal file
51
0016-rules-add-elevator-kernel-command-line-parameter.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From 1e423276a24d7c895d196f9f10bf8c0b9155c633 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||||
|
Date: Tue, 12 Feb 2019 16:58:16 +0100
|
||||||
|
Subject: [PATCH] rules: add elevator= kernel command line parameter
|
||||||
|
|
||||||
|
Kernel removed the elevator= option, so let's reintroduce
|
||||||
|
it for rhel8 via udev rule.
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #2003002
|
||||||
|
|
||||||
|
diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..dbe8fc81a4
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/rules.d/40-elevator.rules
|
||||||
|
@@ -0,0 +1,20 @@
|
||||||
|
+# We aren't adding devices skip the elevator check
|
||||||
|
+ACTION!="add", GOTO="sched_out"
|
||||||
|
+
|
||||||
|
+SUBSYSTEM!="block", GOTO="sched_out"
|
||||||
|
+ENV{DEVTYPE}!="disk", GOTO="sched_out"
|
||||||
|
+
|
||||||
|
+# Technically, dm-multipath can be configured to use an I/O scheduler.
|
||||||
|
+# However, there are races between the 'add' uevent and the linking in
|
||||||
|
+# of the queue/scheduler sysfs file. For now, just skip dm- devices.
|
||||||
|
+KERNEL=="dm-*|md*", GOTO="sched_out"
|
||||||
|
+
|
||||||
|
+# Skip bio-based devices, which don't support an I/O scheduler.
|
||||||
|
+ATTR{queue/scheduler}=="none", GOTO="sched_out"
|
||||||
|
+
|
||||||
|
+# If elevator= is specified on the kernel command line, change the
|
||||||
|
+# scheduler to the one specified.
|
||||||
|
+IMPORT{cmdline}="elevator"
|
||||||
|
+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
|
||||||
|
+
|
||||||
|
+LABEL="sched_out"
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||||
|
index c5c3590b29..7e0bd89200 100644
|
||||||
|
--- a/rules.d/meson.build
|
||||||
|
+++ b/rules.d/meson.build
|
||||||
|
@@ -5,6 +5,7 @@ install_data(
|
||||||
|
install_dir : udevrulesdir)
|
||||||
|
|
||||||
|
rules = files('''
|
||||||
|
+ 40-elevator.rules
|
||||||
|
40-redhat.rules
|
||||||
|
60-autosuspend.rules
|
||||||
|
60-block.rules
|
@ -0,0 +1,23 @@
|
|||||||
|
From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Wed, 22 Sep 2021 14:38:00 +0200
|
||||||
|
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Related: #2000927
|
||||||
|
|
||||||
|
diff --git a/units/meson.build b/units/meson.build
|
||||||
|
index 69d53f4259..9eb535858a 100644
|
||||||
|
--- a/units/meson.build
|
||||||
|
+++ b/units/meson.build
|
||||||
|
@@ -159,8 +159,7 @@ units = [
|
||||||
|
['time-set.target', ''],
|
||||||
|
['time-sync.target', ''],
|
||||||
|
['timers.target', ''],
|
||||||
|
- ['tmp.mount', '',
|
||||||
|
- 'local-fs.target.wants/'],
|
||||||
|
+ ['tmp.mount', ''],
|
||||||
|
['umount.target', ''],
|
||||||
|
['usb-gadget.target', ''],
|
||||||
|
['user.slice', ''],
|
@ -0,0 +1,54 @@
|
|||||||
|
From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Wed, 1 Aug 2018 13:19:39 +0200
|
||||||
|
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
|
||||||
|
|
||||||
|
This should be hopefully high enough even for the very big deployments.
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #2003031
|
||||||
|
|
||||||
|
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
|
||||||
|
index 3805a010e2..b8e2b65625 100644
|
||||||
|
--- a/man/systemd-system.conf.xml
|
||||||
|
+++ b/man/systemd-system.conf.xml
|
||||||
|
@@ -404,10 +404,10 @@
|
||||||
|
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
|
||||||
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
|
for details. This setting applies to all unit types that support resource control settings, with the exception
|
||||||
|
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||||
|
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||||
|
and root cgroup <varname>pids.max</varname>.
|
||||||
|
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
|
||||||
|
- For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
|
||||||
|
+ For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
|
||||||
|
but might be greater in other systems or smaller in OS containers.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
diff --git a/src/core/main.c b/src/core/main.c
|
||||||
|
index 57aedb9b93..7ea848ebeb 100644
|
||||||
|
--- a/src/core/main.c
|
||||||
|
+++ b/src/core/main.c
|
||||||
|
@@ -98,7 +98,7 @@
|
||||||
|
#include <sanitizer/lsan_interface.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
|
||||||
|
+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
|
||||||
|
|
||||||
|
static enum {
|
||||||
|
ACTION_RUN,
|
||||||
|
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||||
|
index 96fb64d2c1..c0dc6a7e17 100644
|
||||||
|
--- a/src/core/system.conf.in
|
||||||
|
+++ b/src/core/system.conf.in
|
||||||
|
@@ -54,7 +54,7 @@
|
||||||
|
#DefaultBlockIOAccounting=no
|
||||||
|
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
|
||||||
|
#DefaultTasksAccounting=yes
|
||||||
|
-#DefaultTasksMax=15%
|
||||||
|
+#DefaultTasksMax=80%
|
||||||
|
#DefaultLimitCPU=
|
||||||
|
#DefaultLimitFSIZE=
|
||||||
|
#DefaultLimitDATA=
|
22
0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
Normal file
22
0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
From 7344cdfb2792f67e50848f87eced21cded226d4a Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Tardon <dtardon@redhat.com>
|
||||||
|
Date: Mon, 25 Jan 2021 16:19:56 +0100
|
||||||
|
Subject: [PATCH] set core ulimit to 0 like on RHEL-7
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
|
||||||
|
Resolves: #1998509
|
||||||
|
|
||||||
|
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||||
|
index c0dc6a7e17..5913b5b0e4 100644
|
||||||
|
--- a/src/core/system.conf.in
|
||||||
|
+++ b/src/core/system.conf.in
|
||||||
|
@@ -59,7 +59,7 @@
|
||||||
|
#DefaultLimitFSIZE=
|
||||||
|
#DefaultLimitDATA=
|
||||||
|
#DefaultLimitSTACK=
|
||||||
|
-#DefaultLimitCORE=
|
||||||
|
+DefaultLimitCORE=0:infinity
|
||||||
|
#DefaultLimitRSS=
|
||||||
|
#DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}}
|
||||||
|
#DefaultLimitAS=
|
24
0020-ci-use-C9S-chroots-in-Packit.patch
Normal file
24
0020-ci-use-C9S-chroots-in-Packit.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||||
|
Date: Thu, 4 Nov 2021 12:31:32 +0100
|
||||||
|
Subject: [PATCH] ci: use C9S chroots in Packit
|
||||||
|
|
||||||
|
rhel-only
|
||||||
|
Related: #2017035
|
||||||
|
|
||||||
|
diff --git a/.packit.yml b/.packit.yml
|
||||||
|
index 3461bccbc5..ce8782aae2 100644
|
||||||
|
--- a/.packit.yml
|
||||||
|
+++ b/.packit.yml
|
||||||
|
@@ -37,9 +37,8 @@ jobs:
|
||||||
|
trigger: pull_request
|
||||||
|
metadata:
|
||||||
|
targets:
|
||||||
|
- # FIXME: change to CentOS 9 once it's available
|
||||||
|
- - fedora-34-x86_64
|
||||||
|
- - fedora-34-aarch64
|
||||||
|
+ - centos-stream-9-x86_64
|
||||||
|
+ - centos-stream-9-aarch64
|
||||||
|
|
||||||
|
# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
|
||||||
|
# Run tests (via testing farm)
|
133
0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
Normal file
133
0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
Normal file
@ -0,0 +1,133 @@
|
|||||||
|
From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 14 Sep 2020 17:58:03 +0200
|
||||||
|
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
|
||||||
|
|
||||||
|
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
|
||||||
|
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
|
||||||
|
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
|
||||||
|
|
||||||
|
(gdb) !uname -r
|
||||||
|
5.6.19-200.fc31.ppc64le
|
||||||
|
|
||||||
|
(gdb) !cat /proc/self/mountinfo
|
||||||
|
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|
||||||
|
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
|
||||||
|
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
|
||||||
|
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
|
||||||
|
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
|
||||||
|
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
|
||||||
|
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
|
||||||
|
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
|
||||||
|
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
|
||||||
|
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
|
||||||
|
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
|
||||||
|
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
|
||||||
|
|
||||||
|
The test process does
|
||||||
|
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
|
||||||
|
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
|
||||||
|
read(open("/proc/self/fdinfo/4", ...)) which gives
|
||||||
|
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
|
||||||
|
|
||||||
|
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
|
||||||
|
|
||||||
|
We could either drop the fallback path (and fail name_to_handle_at() is not
|
||||||
|
avaliable) or ignore the error in the test. Not sure what is better. I think
|
||||||
|
this issue only occurs sometimes and with older kernels, so probably continuing
|
||||||
|
with the current flaky implementation is better than ripping out the fallback.
|
||||||
|
|
||||||
|
Another strace:
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
|
||||||
|
) = 28
|
||||||
|
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
|
||||||
|
) = 20
|
||||||
|
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
|
||||||
|
) = 30
|
||||||
|
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
|
||||||
|
) = 23
|
||||||
|
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
|
||||||
|
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
|
||||||
|
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
|
||||||
|
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||||
|
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
|
||||||
|
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
|
||||||
|
read(5</proc/20/fdinfo/4>, "", 1024) = 0
|
||||||
|
close(5</proc/20/fdinfo/4>) = 0
|
||||||
|
close(4</proc/filesystems>) = 0
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
|
||||||
|
) = 42
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
|
||||||
|
) = 39
|
||||||
|
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
|
||||||
|
) = 109
|
||||||
|
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
|
||||||
|
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
|
||||||
|
getpid() = 20
|
||||||
|
gettid() = 20
|
||||||
|
tgkill(20, 20, SIGABRT) = 0
|
||||||
|
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
|
||||||
|
|
||||||
|
RHEL notes: af918c4 should mitigate this issue, but in some build
|
||||||
|
systems (Copr, brew, etc.) we don't have enough privileges to create a
|
||||||
|
new mount namespace
|
||||||
|
|
||||||
|
Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
|
||||||
|
|
||||||
|
rhel-only
|
||||||
|
Related: #2017035
|
||||||
|
|
||||||
|
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||||
|
index d11edf502a..9515d8cf7b 100644
|
||||||
|
--- a/src/test/test-mountpoint-util.c
|
||||||
|
+++ b/src/test/test-mountpoint-util.c
|
||||||
|
@@ -101,8 +101,12 @@ TEST(mnt_id) {
|
||||||
|
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
|
||||||
|
* that's really the case */
|
||||||
|
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
|
||||||
|
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
|
||||||
|
- assert_se(path_equal(p, t));
|
||||||
|
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
|
||||||
|
+
|
||||||
|
+ if (!path_equal(p, t))
|
||||||
|
+ /* Apparent kernel bug in /proc/self/fdinfo */
|
||||||
|
+ log_warning("Bad mount id given for %s: %d, should be %d",
|
||||||
|
+ p, mnt_id2, mnt_id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (systemd-249.tar.gz) = 0810d09cc32e4aaa4425ee5b7ddf129262b061ce159cbd43571fabda48285243d8f80b566379ece9215d531b9407ee45e1e72c71935644fea31c7bca1bbf540c
|
SHA512 (systemd-250.tar.gz) = b618d86357c85f27a0af416af5818767af2233255a4a40b8f6a0bd690971ae1936a8ec32eaa84034f03aebfdc9a84d1f74b6f4c37a4db46d0851e636266f9cd4
|
||||||
|
28
systemd.spec
28
systemd.spec
@ -20,8 +20,8 @@
|
|||||||
|
|
||||||
Name: systemd
|
Name: systemd
|
||||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
Url: https://www.freedesktop.org/wiki/Software/systemd
|
||||||
Version: 249
|
Version: 250
|
||||||
Release: 9%{?dist}
|
Release: 1%{?dist}
|
||||||
# For a breakdown of the licensing, see README
|
# For a breakdown of the licensing, see README
|
||||||
License: LGPLv2+ and MIT and GPLv2+
|
License: LGPLv2+ and MIT and GPLv2+
|
||||||
Summary: System and Service Manager
|
Summary: System and Service Manager
|
||||||
@ -78,6 +78,27 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
|
|||||||
# patches in this range before applying upstream pull requests.
|
# patches in this range before applying upstream pull requests.
|
||||||
|
|
||||||
# RHEL-specific
|
# RHEL-specific
|
||||||
|
Patch0001: 0001-logind-set-RemoveIPC-to-false-by-default.patch
|
||||||
|
Patch0002: 0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
|
||||||
|
Patch0003: 0003-Copy-40-redhat.rules-from-RHEL-8.patch
|
||||||
|
Patch0004: 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
|
||||||
|
Patch0005: 0005-unit-don-t-add-Requires-for-tmp.mount.patch
|
||||||
|
Patch0006: 0006-units-add-Install-section-to-tmp.mount.patch
|
||||||
|
Patch0007: 0007-rc-local-order-after-network-online.target.patch
|
||||||
|
Patch0008: 0008-ci-drop-CIs-irrelevant-for-downstream.patch
|
||||||
|
Patch0009: 0009-ci-reconfigure-Packit-for-RHEL-9.patch
|
||||||
|
Patch0010: 0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
|
||||||
|
Patch0011: 0011-random-util-increase-random-seed-size-to-1024.patch
|
||||||
|
Patch0012: 0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch
|
||||||
|
Patch0013: 0013-journald.conf-don-t-touch-current-audit-settings.patch
|
||||||
|
Patch0014: 0014-Revert-udev-remove-WAIT_FOR-key.patch
|
||||||
|
Patch0015: 0015-Really-don-t-enable-systemd-journald-audit.socket.patch
|
||||||
|
Patch0016: 0016-rules-add-elevator-kernel-command-line-parameter.patch
|
||||||
|
Patch0017: 0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
|
||||||
|
Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
|
||||||
|
Patch0019: 0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
|
||||||
|
Patch0020: 0020-ci-use-C9S-chroots-in-Packit.patch
|
||||||
|
Patch0021: 0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
|
||||||
|
|
||||||
# Downstream-only patches (9000–9999)
|
# Downstream-only patches (9000–9999)
|
||||||
|
|
||||||
@ -849,6 +870,9 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s
|
|||||||
%files standalone-sysusers -f .file-list-standalone-sysusers
|
%files standalone-sysusers -f .file-list-standalone-sysusers
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 31 2022 Jan Macku <jamacku@redhat.com> - 250-1
|
||||||
|
- Rebase to v250 (#2047768)
|
||||||
|
|
||||||
* Thu Nov 18 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-9
|
* Thu Nov 18 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-9
|
||||||
- test: don't install test-network-generator-conversion.sh w/o networkd (#2017035)
|
- test: don't install test-network-generator-conversion.sh w/o networkd (#2017035)
|
||||||
- meson.build: change operator combining bools from + to and (#2017035)
|
- meson.build: change operator combining bools from + to and (#2017035)
|
||||||
|
Loading…
Reference in New Issue
Block a user