systemd-256-13

Resolves: RHEL-55132,RHEL-55728,RHEL-55734,RHEL-55746
This commit is contained in:
Lukas Nykryn 2024-08-22 15:43:32 +02:00
parent 19f0b3cb64
commit c645a5a5e2
10 changed files with 430 additions and 4 deletions

View File

@ -0,0 +1,48 @@
From a81dc0cad9c24df7c005378fe2c438a98054a7d3 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sun, 30 Jun 2024 13:12:45 +0200
Subject: [PATCH] systemctl: do not try to acquire triggering units for
template units
(cherry picked from commit 09d6038d833468ba7c24c658597387ef699ca4fd)
Resolves: RHEL-55132
---
src/systemctl/systemctl-util.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c
index 2482b7ccb2..08a3ebe128 100644
--- a/src/systemctl/systemctl-util.c
+++ b/src/systemctl/systemctl-util.c
@@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
if (r < 0)
return r;
+ if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
+ goto skip;
+
if (ignore_masked) {
r = unit_is_masked(bus, name);
if (r < 0)
return r;
- if (r > 0) {
- *ret = NULL;
- return 0;
- }
+ if (r > 0)
+ goto skip;
}
dbus_path = unit_dbus_path_from_name(name);
@@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
*ret = TAKE_PTR(active);
return 0;
+
+skip:
+ *ret = NULL;
+ return 0;
}
void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) {

View File

@ -0,0 +1,24 @@
From dee8164e2d136efb7bac04775c8bef255f659766 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 22 Jun 2024 12:08:39 +0200
Subject: [PATCH] core/unit: add one assertion for u->manager
(cherry picked from commit 8b17371b6185c9829bb21a813aadb2225ccfc4de)
Resolves: RHEL-55734
---
src/core/unit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/unit.c b/src/core/unit.c
index a5556ba462..c668c45ee9 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -6103,6 +6103,7 @@ int unit_test_trigger_loaded(Unit *u) {
void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
assert(u);
+ assert(u->manager);
assert(context);
/* EXEC_PRESERVE_RESTART is handled via unit_release_resources()! */

View File

@ -0,0 +1,88 @@
From 45d326633b32f4dee739ca38a67347c828c1c136 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 22 Jun 2024 12:03:50 +0200
Subject: [PATCH] core/service: destroy runtime data when Type=oneshot services
exit
Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes
services that make use of credentials. When those exits, the cred mounts
remain established, which is pointless and quite annoying. Let's
instead destroy the runtime data on SERVICE_EXITED, if no process
will be spawned for the unit again.
(cherry picked from commit c26948c6dae1d2ca13499b36f193b13a0760834c)
Resolves: RHEL-55734
---
src/core/service.c | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index 6e81460ad0..60cc902745 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1206,13 +1206,12 @@ static void service_search_main_pid(Service *s) {
}
static void service_set_state(Service *s, ServiceState state) {
+ Unit *u = UNIT(ASSERT_PTR(s));
ServiceState old_state;
const UnitActiveState *table;
- assert(s);
-
if (s->state != state)
- bus_unit_send_pending_change_signal(UNIT(s), false);
+ bus_unit_send_pending_change_signal(u, false);
table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
@@ -1246,8 +1245,8 @@ static void service_set_state(Service *s, ServiceState state) {
SERVICE_DEAD, SERVICE_FAILED,
SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
SERVICE_DEAD_RESOURCES_PINNED)) {
- unit_unwatch_all_pids(UNIT(s));
- unit_dequeue_rewatch_pids(UNIT(s));
+ unit_unwatch_all_pids(u);
+ unit_dequeue_rewatch_pids(u);
}
if (state != SERVICE_START)
@@ -1256,15 +1255,31 @@ static void service_set_state(Service *s, ServiceState state) {
if (!IN_SET(state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY))
service_stop_watchdog(s);
- /* For the inactive states unit_notify() will trim the cgroup,
- * but for exit we have to do that ourselves... */
- if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(UNIT(s)->manager))
- unit_prune_cgroup(UNIT(s));
+ if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) {
+ /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to
+ * do that ourselves... */
+ unit_prune_cgroup(u);
+
+ /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data
+ * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount
+ * for the whole duration of the oneshot service while no processes are actually running,
+ * among other things. */
+
+ bool start_only = true;
+ for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++)
+ if (s->exec_command[c]) {
+ start_only = false;
+ break;
+ }
+
+ if (start_only)
+ unit_destroy_runtime_data(u, &s->exec_context);
+ }
if (old_state != state)
- log_unit_debug(UNIT(s), "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
+ log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
- unit_notify(UNIT(s), table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
+ unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
}
static usec_t service_coldplug_timeout(Service *s) {

View File

@ -0,0 +1,34 @@
From 05c29b1e58784c87ecb4ae7b56425af786e1cd05 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 30 Jul 2024 11:53:32 +0200
Subject: [PATCH] cgroup-util: Ignore kernel threads in cg_kill_items()
Similar to the implementation of cgroup.kill in the kernel, let's
skip kernel threads in cg_kill_items() as trying to kill kernel
threads as an unprivileged process will fail with EPERM and doesn't
do anything when running privileged.
(cherry picked from commit 0fbb569de1dcc06118dba006cf7a40caf6cd94d0)
Resolves: RHEL-55746
---
src/basic/cgroup-util.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 553ee6075a..1fc83a656a 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -369,6 +369,12 @@ static int cg_kill_items(
if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
continue;
+ /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
+ if (pidref_is_kernel_thread(&pidref) > 0) {
+ log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
+ continue;
+ }
+
if (log_kill)
ret_log_kill = log_kill(&pidref, sig, userdata);

View File

@ -0,0 +1,30 @@
From 418d2192e0e2bcdc7fe10f4f331231a2ad5a5c00 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 31 Jul 2024 13:38:50 +0200
Subject: [PATCH] cgroup-util: Don't try to open pidfd for kernel threads
The kernel might start returning -EINVAL when trying to open pidfd's
for kernel threads so let's not try to open pidfd's for kernel threads.
(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058)
Resolves: RHEL-55746
---
src/basic/cgroup-util.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 1fc83a656a..b0fe0ecbe8 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -149,7 +149,9 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
if (pid == 0)
return -EREMOTE;
- if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
+ /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
+ * catch those and don't try to create a pidfd for them. */
+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
*ret = PIDREF_MAKE_FROM_PID(pid);
return 1;
}

View File

@ -0,0 +1,27 @@
From d41b2bdf876e0d46486c1800d5ee12a6f641a9d4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 3 Aug 2024 05:48:51 +0900
Subject: [PATCH] cgroup-util: fix typo
Follow-up for 0fbb569de1dcc06118dba006cf7a40caf6cd94d0.
(cherry picked from commit ec4964692ae0e080c596610adee2ddb83008c839)
Resolves: RHEL-55746
---
src/basic/cgroup-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index b0fe0ecbe8..2c64a54906 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -371,7 +371,7 @@ static int cg_kill_items(
if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
continue;
- /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
+ /* Ignore kernel threads to mimic the behavior of cgroup.kill. */
if (pidref_is_kernel_thread(&pidref) > 0) {
log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
continue;

View File

@ -0,0 +1,75 @@
From c3300ddbcdd138da8bd3fb31d0f35a20f5b6ca13 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:42:11 +0200
Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta
rhel-only: policy
Related: RHEL-55728
---
man/systemd.net-naming-scheme.xml | 6 +++---
man/version-info.xml | 1 +
src/shared/netif-naming-scheme.c | 2 +-
src/shared/netif-naming-scheme.h | 2 +-
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index e458b5dd6b..610a05485b 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -526,15 +526,15 @@
</varlistentry>
<varlistentry>
- <term><constant>rhel-10.0</constant></term>
+ <term><constant>rhel-10.0-beta</constant></term>
<listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
- <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
+ <xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
</listitem>
</varlistentry>
</variablelist>
- <para>By default <constant>rhel-10.0</constant> is used.</para>
+ <para>By default <constant>rhel-10.0-beta</constant> is used.</para>
<refsect2>
<title>RHEL-9 schemes</title>
diff --git a/man/version-info.xml b/man/version-info.xml
index 274450d408..c05cebfbe2 100644
--- a/man/version-info.xml
+++ b/man/version-info.xml
@@ -103,6 +103,7 @@
<para id="rhel-9.8">Added in rhel-9.8.</para>
<para id="rhel-9.9">Added in rhel-9.9.</para>
<para id="rhel-9.10">Added in rhel-9.10.</para>
+ <para id="rhel-10.0.beta">Added in rhel-10.0-beta.</para>
<para id="rhel-10.0">Added in rhel-10.0.</para>
<para id="rhel-10.1">Added in rhel-10.1.</para>
<para id="rhel-10.2">Added in rhel-10.2.</para>
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
index 149794e926..cb5f8c5d38 100644
--- a/src/shared/netif-naming-scheme.c
+++ b/src/shared/netif-naming-scheme.c
@@ -41,7 +41,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-9.3", NAMING_RHEL_9_3 },
{ "rhel-9.4", NAMING_RHEL_9_4 },
{ "rhel-9.5", NAMING_RHEL_9_5 },
- { "rhel-10.0", NAMING_RHEL_10_0 },
+ { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA },
/* … add more schemes here, as the logic to name devices is updated … */
EXTRA_NET_NAMING_MAP
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
index 229232d452..2e2023ba5b 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
- NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
+ NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
EXTRA_NET_NAMING_SCHEMES

View File

@ -0,0 +1,43 @@
From 8da695b27c2620e6410e0b1a4d8dda4747d89b5f Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:47:56 +0200
Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN
It seems that virtio devices always have "0" in
the firmware_node/sun. And because of that, udev will
always name the device ens0, which leads to collisions.
So let's disable it for now.
rhel-only: policy
Resolves: RHEL-55728
---
man/systemd.net-naming-scheme.xml | 2 +-
src/shared/netif-naming-scheme.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index 610a05485b..8be24e4243 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -528,7 +528,7 @@
<varlistentry>
<term><constant>rhel-10.0-beta</constant></term>
- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
+ <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
<xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
</listitem>
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
index 2e2023ba5b..fb733ba768 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
+ NAMING_RHEL_10_0_BETA = NAMING_V255,
EXTRA_NET_NAMING_SCHEMES

View File

@ -0,0 +1,38 @@
From 6a8e030c0a8481e42ee60a52e7a91f736537f5e3 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 14:31:54 +0200
Subject: [PATCH] net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5
rhel-only: policy
Resolves: RHEL-55728
---
man/systemd.net-naming-scheme.xml | 2 --
src/shared/netif-naming-scheme.h | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index 8be24e4243..246c6509e3 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -604,8 +604,6 @@
children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
</para>
- <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
-
<xi:include href="version-info.xml" xpointer="rhel-9.5"/>
</listitem>
</varlistentry>
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
index fb733ba768..b2b2ee648f 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
@@ -81,7 +81,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
NAMING_RHEL_10_0_BETA = NAMING_V255,

View File

@ -48,7 +48,7 @@ Url: https://systemd.io
# Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros.
Version: %{?version_override}%{!?version_override:256}
Release: 12%{?dist}
Release: 13%{?dist}
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@ -185,6 +185,15 @@ Patch0076: 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch
Patch0077: 0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
Patch0078: 0078-man-net-naming-scheme-add-missing-period.patch
Patch0079: 0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
Patch0080: 0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
Patch0081: 0081-core-unit-add-one-assertion-for-u-manager.patch
Patch0082: 0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
Patch0083: 0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
Patch0084: 0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
Patch0085: 0085-cgroup-util-fix-typo.patch
Patch0086: 0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
# Downstream-only patches (90009999)
@ -521,8 +530,6 @@ Recommends: python3dist(pillow)
%endif
BuildRequires: binutils %{?binutils_version_req}
BuildArch: noarch
%description ukify
This package provides ukify, a script that combines a kernel image, an initrd,
with a command line, and possibly PCR measurements and other metadata, into a
@ -735,7 +742,7 @@ CONFIGURE_OPTS=(
-Dvmspawn=disabled
-Dstoragetm=false
-Dhtml=disabled
-Ddefault-net-naming-scheme=rhel-10.0
-Ddefault-net-naming-scheme=rhel-10.0-beta
-Ddefault-llmnr=no
-Ddns-over-tls=openssl
-Dntp-servers=
@ -1111,6 +1118,18 @@ rm -f .file-list-*
rm -f %{name}.lang
%changelog
* Thu Aug 22 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-13
- systemctl: do not try to acquire triggering units for template units (RHEL-55132)
- core/unit: add one assertion for u->manager (RHEL-55734)
- core/service: destroy runtime data when Type=oneshot services exit (RHEL-55734)
- cgroup-util: Ignore kernel threads in cg_kill_items() (RHEL-55746)
- cgroup-util: Don't try to open pidfd for kernel threads (RHEL-55746)
- cgroup-util: fix typo (RHEL-55746)
- netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta (RHEL-55728)
- net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN (RHEL-55728)
- net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5 (RHEL-55728)
- make systemd-ukify subpackage arch dependent (RHEL-52634)
* Thu Aug 15 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-12
- netif-naming-scheme: add rhel-9.5 scheme (RHEL-44416)
- udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOT (RHEL-44416)