diff --git a/0990-fd-util-rework-how-we-determine-highest-possible-fd.patch b/0990-fd-util-rework-how-we-determine-highest-possible-fd.patch new file mode 100644 index 0000000..f976e78 --- /dev/null +++ b/0990-fd-util-rework-how-we-determine-highest-possible-fd.patch @@ -0,0 +1,70 @@ +From 1b547e500207a469a533d819db5b7c6c22516ec3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 17 Jan 2019 12:23:21 +0100 +Subject: [PATCH] fd-util: rework how we determine highest possible fd + +(cherry picked from commit 498e265df1c63212ec1a0991c135877a23f1ba4f) + +Related: RHEL-18302 +--- + src/basic/fd-util.c | 37 ++++++++++++++++++++++++++----------- + 1 file changed, 26 insertions(+), 11 deletions(-) + +diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c +index e085dc23b4..fea93d2039 100644 +--- a/src/basic/fd-util.c ++++ b/src/basic/fd-util.c +@@ -188,6 +188,27 @@ _pure_ static bool fd_in_set(int fd, const int fdset[], size_t n_fdset) { + return false; + } + ++static int get_max_fd(void) { ++ struct rlimit rl; ++ rlim_t m; ++ ++ /* Return the highest possible fd, based RLIMIT_NOFILE, but enforcing FD_SETSIZE-1 as lower boundary ++ * and INT_MAX as upper boundary. */ ++ ++ if (getrlimit(RLIMIT_NOFILE, &rl) < 0) ++ return -errno; ++ ++ m = MAX(rl.rlim_cur, rl.rlim_max); ++ if (m < FD_SETSIZE) /* Let's always cover at least 1024 fds */ ++ return FD_SETSIZE-1; ++ ++ if (m == RLIM_INFINITY || m > INT_MAX) /* Saturate on overflow. After all fds are "int", hence can ++ * never be above INT_MAX */ ++ return INT_MAX; ++ ++ return (int) (m - 1); ++} ++ + int close_all_fds(const int except[], size_t n_except) { + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; +@@ -197,20 +218,14 @@ int close_all_fds(const int except[], size_t n_except) { + + d = opendir("/proc/self/fd"); + if (!d) { +- struct rlimit rl; + int fd, max_fd; + +- /* When /proc isn't available (for example in chroots) the fallback is brute forcing through the fd +- * table */ +- +- assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0); +- +- if (rl.rlim_max == 0) +- return -EINVAL; ++ /* When /proc isn't available (for example in chroots) the fallback is brute forcing through ++ * the fd table */ + +- /* Let's take special care if the resource limit is set to unlimited, or actually larger than the range +- * of 'int'. Let's avoid implicit overflows. */ +- max_fd = (rl.rlim_max == RLIM_INFINITY || rl.rlim_max > INT_MAX) ? INT_MAX : (int) (rl.rlim_max - 1); ++ max_fd = get_max_fd(); ++ if (max_fd < 0) ++ return max_fd; + + for (fd = 3; fd >= 0; fd = fd < max_fd ? fd + 1 : -1) { + int q; diff --git a/0991-basic-fd-util-refuse-infinite-loop-in-close_all_fds.patch b/0991-basic-fd-util-refuse-infinite-loop-in-close_all_fds.patch new file mode 100644 index 0000000..e7d679e --- /dev/null +++ b/0991-basic-fd-util-refuse-infinite-loop-in-close_all_fds.patch @@ -0,0 +1,70 @@ +From 957edb063f3e9751bbdc05bd973bb2190ab0e917 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 15 Mar 2019 15:13:25 +0100 +Subject: [PATCH] basic/fd-util: refuse "infinite" loop in close_all_fds() + +I had a test machine with ulimit -n set to 1073741816 through pam +("session required pam_limits.so set_all", which copies the limits from PID 1, +left over from testing of #10921). + +test-execute would "hang" and then fail with a timeout when running +exec-inaccessiblepaths-proc.service. It turns out that the problem was in +close_all_fds(), which would go to the fallback path of doing close() +1073741813 times. Let's just fail if we hit this case. This only matters +for cases where both /proc is inaccessible, and the *soft* limit has been +raised. + + (gdb) bt + #0 0x00007f7e2e73fdc8 in close () from target:/lib64/libc.so.6 + #1 0x00007f7e2e42cdfd in close_nointr () + from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so + #2 0x00007f7e2e42d525 in close_all_fds () + from target:/home/zbyszek/src/systemd-work3/build-rawhide/src/shared/libsystemd-shared-241.so + #3 0x0000000000426e53 in exec_child () + #4 0x0000000000429578 in exec_spawn () + #5 0x00000000004ce1ab in service_spawn () + #6 0x00000000004cff77 in service_enter_start () + #7 0x00000000004d028f in service_enter_start_pre () + #8 0x00000000004d16f2 in service_start () + #9 0x00000000004568f4 in unit_start () + #10 0x0000000000416987 in test () + #11 0x0000000000417632 in test_exec_inaccessiblepaths () + #12 0x0000000000419362 in run_tests () + #13 0x0000000000419632 in main () + +(cherry picked from commit 6a461d1f59850ff27bd254a3b71fe9ade0523e76) + +Related: RHEL-18302 +--- + src/basic/fd-util.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c +index fea93d2039..5d0df11d7e 100644 +--- a/src/basic/fd-util.c ++++ b/src/basic/fd-util.c +@@ -24,6 +24,10 @@ + #include "stdio-util.h" + #include "util.h" + ++/* The maximum number of iterations in the loop to close descriptors in the fallback case ++ * when /proc/self/fd/ is inaccessible. */ ++#define MAX_FD_LOOP_LIMIT (1024*1024) ++ + int close_nointr(int fd) { + assert(fd >= 0); + +@@ -227,6 +231,13 @@ int close_all_fds(const int except[], size_t n_except) { + if (max_fd < 0) + return max_fd; + ++ /* Refuse to do the loop over more too many elements. It's better to fail immediately than to ++ * spin the CPU for a long time. */ ++ if (max_fd > MAX_FD_LOOP_LIMIT) ++ return log_debug_errno(EPERM, ++ "/proc/self/fd is inaccessible. Refusing to loop over %d potential fds.", ++ max_fd); ++ + for (fd = 3; fd >= 0; fd = fd < max_fd ? fd + 1 : -1) { + int q; + diff --git a/0992-fd-util-split-out-inner-fallback-loop-of-close_all_f.patch b/0992-fd-util-split-out-inner-fallback-loop-of-close_all_f.patch new file mode 100644 index 0000000..faa1977 --- /dev/null +++ b/0992-fd-util-split-out-inner-fallback-loop-of-close_all_f.patch @@ -0,0 +1,110 @@ +From c2665abd4cae74f262d9a522b94528841ad141d2 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 12 Oct 2021 15:53:27 +0200 +Subject: [PATCH] fd-util: split out inner fallback loop of close_all_fds() as + close_all_fds_without_malloc() + +(cherry picked from commit 11966552a88039869972ca4b450f622664bd1c5e) + +Related: RHEL-18302 +--- + src/basic/fd-util.c | 63 +++++++++++++++++++++++++-------------------- + src/basic/fd-util.h | 1 + + 2 files changed, 36 insertions(+), 28 deletions(-) + +diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c +index 5d0df11d7e..7e4611dfda 100644 +--- a/src/basic/fd-util.c ++++ b/src/basic/fd-util.c +@@ -213,44 +213,51 @@ static int get_max_fd(void) { + return (int) (m - 1); + } + +-int close_all_fds(const int except[], size_t n_except) { +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; +- int r = 0; ++int close_all_fds_without_malloc(const int except[], size_t n_except) { ++ int max_fd, r = 0; + + assert(n_except == 0 || except); + +- d = opendir("/proc/self/fd"); +- if (!d) { +- int fd, max_fd; ++ /* This is the inner fallback core of close_all_fds(). This never calls malloc() or opendir() or so ++ * and hence is safe to be called in signal handler context. Most users should call close_all_fds(), ++ * but when we assume we are called from signal handler context, then use this simpler call ++ * instead. */ + +- /* When /proc isn't available (for example in chroots) the fallback is brute forcing through +- * the fd table */ ++ max_fd = get_max_fd(); ++ if (max_fd < 0) ++ return max_fd; + +- max_fd = get_max_fd(); +- if (max_fd < 0) +- return max_fd; ++ /* Refuse to do the loop over more too many elements. It's better to fail immediately than to ++ * spin the CPU for a long time. */ ++ if (max_fd > MAX_FD_LOOP_LIMIT) ++ return log_debug_errno(EPERM, ++ "Refusing to loop over %d potential fds.", ++ max_fd); + +- /* Refuse to do the loop over more too many elements. It's better to fail immediately than to +- * spin the CPU for a long time. */ +- if (max_fd > MAX_FD_LOOP_LIMIT) +- return log_debug_errno(EPERM, +- "/proc/self/fd is inaccessible. Refusing to loop over %d potential fds.", +- max_fd); ++ for (int fd = 3; fd >= 0; fd = fd < max_fd ? fd + 1 : -1) { ++ int q; + +- for (fd = 3; fd >= 0; fd = fd < max_fd ? fd + 1 : -1) { +- int q; ++ if (fd_in_set(fd, except, n_except)) ++ continue; + +- if (fd_in_set(fd, except, n_except)) +- continue; ++ q = close_nointr(fd); ++ if (q < 0 && q != -EBADF && r >= 0) ++ r = q; ++ } + +- q = close_nointr(fd); +- if (q < 0 && q != -EBADF && r >= 0) +- r = q; +- } ++ return r; ++} + +- return r; +- } ++int close_all_fds(const int except[], size_t n_except) { ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ int r = 0; ++ ++ assert(n_except == 0 || except); ++ ++ d = opendir("/proc/self/fd"); ++ if (!d) ++ return close_all_fds_without_malloc(except, n_except); /* ultimate fallback if /proc/ is not available */ + + FOREACH_DIRENT(de, d, return -errno) { + int fd = -1, q; +diff --git a/src/basic/fd-util.h b/src/basic/fd-util.h +index 8adc959da8..b2837d3588 100644 +--- a/src/basic/fd-util.h ++++ b/src/basic/fd-util.h +@@ -54,6 +54,7 @@ int fd_nonblock(int fd, bool nonblock); + int fd_cloexec(int fd, bool cloexec); + + int close_all_fds(const int except[], size_t n_except); ++int close_all_fds_without_malloc(const int except[], size_t n_except); + + int same_fd(int a, int b); + diff --git a/0993-exec-util-use-close_all_fds_without_malloc-from-free.patch b/0993-exec-util-use-close_all_fds_without_malloc-from-free.patch new file mode 100644 index 0000000..f82bbdb --- /dev/null +++ b/0993-exec-util-use-close_all_fds_without_malloc-from-free.patch @@ -0,0 +1,29 @@ +From 140e598dcf6b86007b1daba42c31253521964b2e Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 29 Jul 2021 16:50:44 +0200 +Subject: [PATCH] exec-util: use close_all_fds_without_malloc() from freeze() + +(cherry picked from commit ab27b2fe56c6c4bd0295b248448adb1c698e9284) + +Resolves: RHEL-18302 +--- + src/basic/process-util.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 6016d83d41..9e2237375d 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -991,8 +991,10 @@ _noreturn_ void freeze(void) { + + log_close(); + +- /* Make sure nobody waits for us on a socket anymore */ +- close_all_fds(NULL, 0); ++ /* Make sure nobody waits for us (i.e. on one of our sockets) anymore. Note that we use ++ * close_all_fds_without_malloc() instead of plain close_all_fds() here, since we want this function ++ * to be compatible with being called from signal handlers. */ ++ (void) close_all_fds_without_malloc(NULL, 0); + + sync(); + diff --git a/0994-ci-use-source-git-automation-composite-Action.patch b/0994-ci-use-source-git-automation-composite-Action.patch new file mode 100644 index 0000000..1ca70f2 --- /dev/null +++ b/0994-ci-use-source-git-automation-composite-Action.patch @@ -0,0 +1,185 @@ +From 5d0fc67965b48e05c28d0993368a3982efd03b4b Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 12 Jan 2024 16:01:43 +0100 +Subject: [PATCH] ci: use source-git-automation composite Action + +This will allow us maintain the source-git automation in separate repo +and reduce the duplication of the code and noise in the systemd repo. + +rhel-only + +Related: RHEL-1087 +--- + .../source-git-automation-on-demand.yml | 55 ++------------ + .github/workflows/source-git-automation.yml | 72 ++----------------- + 2 files changed, 9 insertions(+), 118 deletions(-) + +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 948708916d..0c72f9f210 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -1,5 +1,3 @@ +---- +- + name: Source git Automation Scheduled/On Demand + on: + schedule: +@@ -59,61 +57,16 @@ jobs: + pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} + + permissions: ++ # required for merging PRs + contents: write +- statuses: write +- checks: write ++ # required for PR comments and setting labels + pull-requests: write + + steps: +- - name: Repository checkout +- uses: actions/checkout@v3 +- +- - id: metadata +- name: Gather Pull Request Metadata +- uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-number: ${{ matrix.pr-number }} +- +- - if: ${{ !cancelled() }} +- id: commit-linter +- name: Lint Commits +- uses: redhat-plumbers-in-action/advanced-commit-linter@v2 +- with: +- pr-metadata: ${{ steps.metadata.outputs.metadata }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- # Validates tracker, changes tracker status, updates PR title +- - if: ${{ !cancelled() }} +- id: tracker-validator +- name: Validate Tracker +- uses: redhat-plumbers-in-action/tracker-validator@v1 +- with: +- pr-metadata: ${{ steps.metadata.outputs.metadata }} +- component: systemd +- tracker: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} +- tracker-type: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} +- bugzilla-instance: https://bugzilla.redhat.com +- bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} +- jira-instance: https://issues.redhat.com +- jira-api-token: ${{ secrets.JIRA_API_TOKEN }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- - if: ${{ !cancelled() }} +- name: Pull Request Validator +- uses: redhat-plumbers-in-action/pull-request-validator@v1 +- with: +- pr-metadata: ${{ steps.metadata.outputs.metadata }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- - id: auto-merge +- name: Auto Merge +- uses: redhat-plumbers-in-action/auto-merge@v1 +- with: +- pr-metadata: ${{ steps.metadata.outputs.metadata }} +- tracker: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} +- tracker-type: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} +- bugzilla-instance: https://bugzilla.redhat.com + bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} +- jira-instance: https://issues.redhat.com + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 95819baa8b..b6cefa67b1 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -26,83 +26,21 @@ jobs: + with: + name: pr-metadata + +- commit-linter: ++ source-git-automation: + needs: [ download-metadata ] + runs-on: ubuntu-latest + +- outputs: +- validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }} +- +- permissions: +- statuses: write +- checks: write +- pull-requests: write +- +- steps: +- - id: commit-linter +- name: Lint Commits +- uses: redhat-plumbers-in-action/advanced-commit-linter@v2 +- with: +- pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- # Validates tracker, changes tracker status, updates PR title +- tracker-validator: +- if: ${{ !cancelled() }} +- needs: [ download-metadata, commit-linter ] +- runs-on: ubuntu-latest +- +- permissions: +- checks: write +- pull-requests: write +- +- steps: +- - name: Validate Tracker +- uses: redhat-plumbers-in-action/tracker-validator@v1 +- with: +- pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} +- component: systemd +- tracker: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} +- tracker-type: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} +- bugzilla-instance: https://bugzilla.redhat.com +- bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} +- jira-instance: https://issues.redhat.com +- jira-api-token: ${{ secrets.JIRA_API_TOKEN }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- pull-request-validator: +- needs: [ download-metadata ] +- runs-on: ubuntu-latest +- +- permissions: +- checks: write +- pull-requests: write +- +- steps: +- - name: Pull Request Validator +- uses: redhat-plumbers-in-action/pull-request-validator@v1 +- with: +- pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} +- token: ${{ secrets.GITHUB_TOKEN }} +- +- auto-merge: +- needs: [ download-metadata, commit-linter, tracker-validator, pull-request-validator ] +- runs-on: ubuntu-latest +- + permissions: ++ # required for merging PRs + contents: write +- checks: write ++ # required for PR comments and setting labels + pull-requests: write + + steps: +- - name: Auto Merge +- uses: redhat-plumbers-in-action/auto-merge@v1 ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} +- tracker: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }} +- tracker-type: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }} +- bugzilla-instance: https://bugzilla.redhat.com + bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }} +- jira-instance: https://issues.redhat.com + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0995-ci-increase-the-cron-interval-to-45-minutes.patch b/0995-ci-increase-the-cron-interval-to-45-minutes.patch new file mode 100644 index 0000000..439ff3e --- /dev/null +++ b/0995-ci-increase-the-cron-interval-to-45-minutes.patch @@ -0,0 +1,29 @@ +From fd21fb2e2e3bbbd937d120197b11c740d608fb19 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 12 Jan 2024 16:03:09 +0100 +Subject: [PATCH] ci: increase the cron interval to 45 minutes + +This should help us to avoid hitting the rate limit on the GitHub API. + +rhel-only + +Related: RHEL-1087 +--- + .github/workflows/source-git-automation-on-demand.yml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 0c72f9f210..6aeee51e6d 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -1,8 +1,8 @@ + name: Source git Automation Scheduled/On Demand + on: + schedule: +- # Workflow runs every 15 minutes +- - cron: '*/15 * * * *' ++ # Workflow runs every 45 minutes ++ - cron: '*/45 * * * *' + workflow_dispatch: + inputs: + pr-number: diff --git a/0996-ci-add-all-Z-Stream-versions-to-array-of-allowed-ver.patch b/0996-ci-add-all-Z-Stream-versions-to-array-of-allowed-ver.patch new file mode 100644 index 0000000..673fc84 --- /dev/null +++ b/0996-ci-add-all-Z-Stream-versions-to-array-of-allowed-ver.patch @@ -0,0 +1,31 @@ +From 42e3739198e41c65b986f69a53bc6c93f7e112be Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 12 Jan 2024 16:04:22 +0100 +Subject: [PATCH] ci: add all Z-Stream versions to array of allowed versions + +rhel-only + +Related: RHEL-1087 +--- + .github/tracker-validator.yml | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +index 500dce3d92..b09f702dd9 100644 +--- a/.github/tracker-validator.yml ++++ b/.github/tracker-validator.yml +@@ -7,8 +7,14 @@ products: + - Red Hat Enterprise Linux 8 + - CentOS Stream 8 + - rhel-8.2.0 ++ - rhel-8.2.0.z + - rhel-8.4.0 ++ - rhel-8.4.0.z + - rhel-8.6.0 ++ - rhel-8.6.0.z + - rhel-8.8.0 ++ - rhel-8.8.0.z + - rhel-8.9.0 ++ - rhel-8.9.0.z + - rhel-8.10.0 ++ - rhel-8.10.0.z diff --git a/0997-tree-wide-always-declare-bitflag-enums-the-same-way.patch b/0997-tree-wide-always-declare-bitflag-enums-the-same-way.patch new file mode 100644 index 0000000..774b0fe --- /dev/null +++ b/0997-tree-wide-always-declare-bitflag-enums-the-same-way.patch @@ -0,0 +1,215 @@ +From dd3c13f364e03e843d838bf925a5fc85513343ed Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 7 Jan 2019 17:48:28 +0100 +Subject: [PATCH] tree-wide: always declare bitflag enums the same way + +let's always use the 1 << x syntax. No change of behaviour or even of +the compiled binary. + +(cherry picked from commit be0b7a1a66fd269b644124c4633088ab2224d1fb) + +Resolves: RHEL-2857 +--- + src/basic/btrfs-util.h | 16 ++++++++-------- + src/basic/cgroup-util.h | 6 +++--- + src/basic/extract-word.h | 12 ++++++------ + src/basic/unit-name.h | 10 +++++----- + src/libsystemd/sd-bus/bus-dump.h | 4 ++-- + src/libsystemd/sd-bus/bus-protocol.h | 12 ++++++------ + src/login/logind-inhibit.h | 18 +++++++++--------- + src/resolve/resolved-dns-answer.h | 10 +++++----- + 8 files changed, 44 insertions(+), 44 deletions(-) + +diff --git a/src/basic/btrfs-util.h b/src/basic/btrfs-util.h +index a594387b5a..967627991f 100644 +--- a/src/basic/btrfs-util.h ++++ b/src/basic/btrfs-util.h +@@ -27,17 +27,17 @@ typedef struct BtrfsQuotaInfo { + } BtrfsQuotaInfo; + + typedef enum BtrfsSnapshotFlags { +- BTRFS_SNAPSHOT_FALLBACK_COPY = 1, /* If the source isn't a subvolume, reflink everything */ +- BTRFS_SNAPSHOT_READ_ONLY = 2, +- BTRFS_SNAPSHOT_RECURSIVE = 4, +- BTRFS_SNAPSHOT_QUOTA = 8, +- BTRFS_SNAPSHOT_FALLBACK_DIRECTORY = 16, /* If the destination doesn't support subvolumes, reflink/copy instead */ +- BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE = 32, /* When we can't create a subvolume, use the FS_IMMUTABLE attribute for indicating read-only */ ++ BTRFS_SNAPSHOT_FALLBACK_COPY = 1 << 0, /* If the source isn't a subvolume, reflink everything */ ++ BTRFS_SNAPSHOT_READ_ONLY = 1 << 1, ++ BTRFS_SNAPSHOT_RECURSIVE = 1 << 2, ++ BTRFS_SNAPSHOT_QUOTA = 1 << 3, ++ BTRFS_SNAPSHOT_FALLBACK_DIRECTORY = 1 << 4, /* If the destination doesn't support subvolumes, reflink/copy instead */ ++ BTRFS_SNAPSHOT_FALLBACK_IMMUTABLE = 1 << 5, /* When we can't create a subvolume, use the FS_IMMUTABLE attribute for indicating read-only */ + } BtrfsSnapshotFlags; + + typedef enum BtrfsRemoveFlags { +- BTRFS_REMOVE_RECURSIVE = 1, +- BTRFS_REMOVE_QUOTA = 2, ++ BTRFS_REMOVE_RECURSIVE = 1 << 0, ++ BTRFS_REMOVE_QUOTA = 1 << 1, + } BtrfsRemoveFlags; + + int btrfs_is_filesystem(int fd); +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index 1210b38a83..65d2dbd4b6 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -136,9 +136,9 @@ int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d); + int cg_read_subgroup(DIR *d, char **fn); + + typedef enum CGroupFlags { +- CGROUP_SIGCONT = 1, +- CGROUP_IGNORE_SELF = 2, +- CGROUP_REMOVE = 4, ++ CGROUP_SIGCONT = 1 << 0, ++ CGROUP_IGNORE_SELF = 1 << 1, ++ CGROUP_REMOVE = 1 << 2, + } CGroupFlags; + + typedef void (*cg_kill_log_func_t)(pid_t pid, int sig, void *userdata); +diff --git a/src/basic/extract-word.h b/src/basic/extract-word.h +index 8c63b7c306..705ebbe95b 100644 +--- a/src/basic/extract-word.h ++++ b/src/basic/extract-word.h +@@ -4,12 +4,12 @@ + #include "macro.h" + + typedef enum ExtractFlags { +- EXTRACT_RELAX = 1, +- EXTRACT_CUNESCAPE = 2, +- EXTRACT_CUNESCAPE_RELAX = 4, +- EXTRACT_QUOTES = 8, +- EXTRACT_DONT_COALESCE_SEPARATORS = 16, +- EXTRACT_RETAIN_ESCAPE = 32, ++ EXTRACT_RELAX = 1 << 0, ++ EXTRACT_CUNESCAPE = 1 << 1, ++ EXTRACT_CUNESCAPE_RELAX = 1 << 2, ++ EXTRACT_QUOTES = 1 << 3, ++ EXTRACT_DONT_COALESCE_SEPARATORS = 1 << 4, ++ EXTRACT_RETAIN_ESCAPE = 1 << 5, + } ExtractFlags; + + int extract_first_word(const char **p, char **ret, const char *separators, ExtractFlags flags); +diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h +index 602295af8f..7df532bbc8 100644 +--- a/src/basic/unit-name.h ++++ b/src/basic/unit-name.h +@@ -9,9 +9,9 @@ + #define UNIT_NAME_MAX 256 + + typedef enum UnitNameFlags { +- UNIT_NAME_PLAIN = 1, /* Allow foo.service */ +- UNIT_NAME_INSTANCE = 2, /* Allow foo@bar.service */ +- UNIT_NAME_TEMPLATE = 4, /* Allow foo@.service */ ++ UNIT_NAME_PLAIN = 1 << 0, /* Allow foo.service */ ++ UNIT_NAME_INSTANCE = 1 << 1, /* Allow foo@bar.service */ ++ UNIT_NAME_TEMPLATE = 1 << 2, /* Allow foo@.service */ + UNIT_NAME_ANY = UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE, + } UnitNameFlags; + +@@ -53,8 +53,8 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha + int unit_name_to_path(const char *name, char **ret); + + typedef enum UnitNameMangle { +- UNIT_NAME_MANGLE_GLOB = 1, +- UNIT_NAME_MANGLE_WARN = 2, ++ UNIT_NAME_MANGLE_GLOB = 1 << 0, ++ UNIT_NAME_MANGLE_WARN = 1 << 1, + } UnitNameMangle; + + int unit_name_mangle_with_suffix(const char *name, UnitNameMangle flags, const char *suffix, char **ret); +diff --git a/src/libsystemd/sd-bus/bus-dump.h b/src/libsystemd/sd-bus/bus-dump.h +index 8e47411a45..7c1f81edec 100644 +--- a/src/libsystemd/sd-bus/bus-dump.h ++++ b/src/libsystemd/sd-bus/bus-dump.h +@@ -10,8 +10,8 @@ + #include "sd-bus.h" + + enum { +- BUS_MESSAGE_DUMP_WITH_HEADER = 1, +- BUS_MESSAGE_DUMP_SUBTREE_ONLY = 2, ++ BUS_MESSAGE_DUMP_WITH_HEADER = 1 << 0, ++ BUS_MESSAGE_DUMP_SUBTREE_ONLY = 1 << 1, + }; + + int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags); +diff --git a/src/libsystemd/sd-bus/bus-protocol.h b/src/libsystemd/sd-bus/bus-protocol.h +index 20d19d4022..f96d4b39aa 100644 +--- a/src/libsystemd/sd-bus/bus-protocol.h ++++ b/src/libsystemd/sd-bus/bus-protocol.h +@@ -57,9 +57,9 @@ enum { + /* Flags */ + + enum { +- BUS_MESSAGE_NO_REPLY_EXPECTED = 1, +- BUS_MESSAGE_NO_AUTO_START = 2, +- BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION = 4, ++ BUS_MESSAGE_NO_REPLY_EXPECTED = 1 << 0, ++ BUS_MESSAGE_NO_AUTO_START = 1 << 1, ++ BUS_MESSAGE_ALLOW_INTERACTIVE_AUTHORIZATION = 1 << 2, + }; + + /* Header fields */ +@@ -81,9 +81,9 @@ enum { + /* RequestName parameters */ + + enum { +- BUS_NAME_ALLOW_REPLACEMENT = 1, +- BUS_NAME_REPLACE_EXISTING = 2, +- BUS_NAME_DO_NOT_QUEUE = 4 ++ BUS_NAME_ALLOW_REPLACEMENT = 1 << 0, ++ BUS_NAME_REPLACE_EXISTING = 1 << 1, ++ BUS_NAME_DO_NOT_QUEUE = 1 << 2, + }; + + /* RequestName returns */ +diff --git a/src/login/logind-inhibit.h b/src/login/logind-inhibit.h +index d358a48559..650587106d 100644 +--- a/src/login/logind-inhibit.h ++++ b/src/login/logind-inhibit.h +@@ -4,15 +4,15 @@ + typedef struct Inhibitor Inhibitor; + + typedef enum InhibitWhat { +- INHIBIT_SHUTDOWN = 1, +- INHIBIT_SLEEP = 2, +- INHIBIT_IDLE = 4, +- INHIBIT_HANDLE_POWER_KEY = 8, +- INHIBIT_HANDLE_SUSPEND_KEY = 16, +- INHIBIT_HANDLE_HIBERNATE_KEY = 32, +- INHIBIT_HANDLE_LID_SWITCH = 64, +- _INHIBIT_WHAT_MAX = 128, +- _INHIBIT_WHAT_INVALID = -1 ++ INHIBIT_SHUTDOWN = 1 << 0, ++ INHIBIT_SLEEP = 1 << 1, ++ INHIBIT_IDLE = 1 << 2, ++ INHIBIT_HANDLE_POWER_KEY = 1 << 3, ++ INHIBIT_HANDLE_SUSPEND_KEY = 1 << 4, ++ INHIBIT_HANDLE_HIBERNATE_KEY = 1 << 5, ++ INHIBIT_HANDLE_LID_SWITCH = 1 << 6, ++ _INHIBIT_WHAT_MAX = 1 << 7, ++ _INHIBIT_WHAT_INVALID = -1 + } InhibitWhat; + + typedef enum InhibitMode { +diff --git a/src/resolve/resolved-dns-answer.h b/src/resolve/resolved-dns-answer.h +index aff594a00e..cc90a82529 100644 +--- a/src/resolve/resolved-dns-answer.h ++++ b/src/resolve/resolved-dns-answer.h +@@ -15,11 +15,11 @@ typedef struct DnsAnswerItem DnsAnswerItem; + * Note that we usually encode the empty DnsAnswer object as a simple NULL. */ + + typedef enum DnsAnswerFlags { +- DNS_ANSWER_AUTHENTICATED = 1, /* Item has been authenticated */ +- DNS_ANSWER_CACHEABLE = 2, /* Item is subject to caching */ +- DNS_ANSWER_SHARED_OWNER = 4, /* For mDNS: RRset may be owner by multiple peers */ +- DNS_ANSWER_CACHE_FLUSH = 8, /* For mDNS: sets cache-flush bit in the rrclass of response records */ +- DNS_ANSWER_GOODBYE = 16, /* For mDNS: item is subject to disappear */ ++ DNS_ANSWER_AUTHENTICATED = 1 << 0, /* Item has been authenticated */ ++ DNS_ANSWER_CACHEABLE = 1 << 1, /* Item is subject to caching */ ++ DNS_ANSWER_SHARED_OWNER = 1 << 2, /* For mDNS: RRset may be owner by multiple peers */ ++ DNS_ANSWER_CACHE_FLUSH = 1 << 3, /* For mDNS: sets cache-flush bit in the rrclass of response records */ ++ DNS_ANSWER_GOODBYE = 1 << 4, /* For mDNS: item is subject to disappear */ + } DnsAnswerFlags; + + struct DnsAnswerItem { diff --git a/0998-login-Add-KEY_RESTART-handling.patch b/0998-login-Add-KEY_RESTART-handling.patch new file mode 100644 index 0000000..46ac8b3 --- /dev/null +++ b/0998-login-Add-KEY_RESTART-handling.patch @@ -0,0 +1,343 @@ +From d3072cec8cec84c6cb6e5771a5084e64f78c7e80 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Fri, 14 Aug 2020 13:10:18 +0200 +Subject: [PATCH] login: Add KEY_RESTART handling + +KEY_RESTART is widely used in Linux to indicate device reboot. +So lets handle it in the same fashion as KEY_POWER. + +Signed-off-by: Robert Marko +(cherry picked from commit adbb2b6afed7858f64f5b940579f6efe79eee997) + +Resolves: RHEL-2857 +--- + man/logind.conf.xml | 26 +++++++++++++++---------- + src/login/logind-button.c | 25 +++++++++++++++++++----- + src/login/logind-core.c | 4 ++++ + src/login/logind-dbus.c | 1 + + src/login/logind-gperf.gperf | 2 ++ + src/login/logind-inhibit.c | 14 ++++++++++++- + src/login/logind-inhibit.h | 3 ++- + src/login/logind.conf.in | 2 ++ + src/login/logind.h | 2 ++ + src/login/org.freedesktop.login1.policy | 11 +++++++++++ + src/systemd/sd-messages.h | 2 ++ + 11 files changed, 75 insertions(+), 17 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 00b5b1f2e8..56981c1837 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -202,10 +202,11 @@ + HandleLidSwitch= + HandleLidSwitchExternalPower= + HandleLidSwitchDocked= ++ HandleRebootKey= + + Controls how logind shall handle the +- system power and sleep keys and the lid switch to trigger +- actions such as system power-off or suspend. Can be one of ++ system power, reboot and sleep keys and the lid switch to trigger ++ actions such as system power-off, reboot or suspend. Can be one of + ignore, + poweroff, + reboot, +@@ -222,7 +223,8 @@ + in the respective event. Only input devices with the + power-switch udev tag will be watched for + key/lid switch events. HandlePowerKey= +- defaults to poweroff. ++ defaults to poweroff, HandleRebootKey= ++ defaults to reboot. + HandleSuspendKey= and + HandleLidSwitch= default to + suspend. +@@ -243,7 +245,8 @@ + A different application may disable logind's handling of system power and + sleep keys and the lid switch by taking a low-level inhibitor lock + (handle-power-key, handle-suspend-key, +- handle-hibernate-key, handle-lid-switch). ++ handle-hibernate-key, handle-lid-switch, ++ handle-reboot-switch). + This is most commonly used by graphical desktop environments + to take over suspend and hibernation handling, and to use their own configuration + mechanisms. If a low-level inhibitor lock is taken, logind will not take any +@@ -256,20 +259,23 @@ + SuspendKeyIgnoreInhibited= + HibernateKeyIgnoreInhibited= + LidSwitchIgnoreInhibited= ++ RebootKeyIgnoreInhibited= + + Controls whether actions that systemd-logind +- takes when the power and sleep keys and the lid switch are triggered are subject +- to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor ++ takes when the power, reboot and sleep keys and the lid switch are triggered are subject ++ to high-level inhibitor locks ("shutdown", "reboot", "sleep", "idle"). Low level inhibitor + locks (handle-power-key, handle-suspend-key, +- handle-hibernate-key, handle-lid-switch), ++ handle-hibernate-key, handle-lid-switch, ++ handle-reboot-key), + are always honored, irrespective of this setting. + + These settings take boolean arguments. If no, the + inhibitor locks taken by applications are respected. If yes, +- "shutdown", "sleep", and "idle" inhibitor locks are ignored. ++ "shutdown", "reboot" "sleep", and "idle" inhibitor locks are ignored. + PowerKeyIgnoreInhibited=, +- SuspendKeyIgnoreInhibited=, and +- HibernateKeyIgnoreInhibited= default to no. ++ SuspendKeyIgnoreInhibited=, ++ HibernateKeyIgnoreInhibited= and ++ RebootKeyIgnoreInhibited= default to no. + LidSwitchIgnoreInhibited= defaults to yes. + This means that when systemd-logind is handling events by + itself (no low level inhibitor locks are taken by another application), the lid +diff --git a/src/login/logind-button.c b/src/login/logind-button.c +index 9944eb2316..48fc004198 100644 +--- a/src/login/logind-button.c ++++ b/src/login/logind-button.c +@@ -15,7 +15,7 @@ + #include "string-util.h" + #include "util.h" + +-#define CONST_MAX4(a, b, c, d) CONST_MAX(CONST_MAX(a, b), CONST_MAX(c, d)) ++#define CONST_MAX5(a, b, c, d, e) CONST_MAX(CONST_MAX(a, b), CONST_MAX(CONST_MAX(c, d), e)) + + #define ULONG_BITS (sizeof(unsigned long)*8) + +@@ -159,7 +159,20 @@ static int button_dispatch(sd_event_source *s, int fd, uint32_t revents, void *u + manager_handle_action(b->manager, INHIBIT_HANDLE_POWER_KEY, b->manager->handle_power_key, b->manager->power_key_ignore_inhibited, true); + break; + +- /* The kernel is a bit confused here: ++ /* The kernel naming is a bit confusing here: ++ KEY_RESTART was probably introduced for media playback purposes, but ++ is now being predominantly used to indicate device reboot. ++ */ ++ ++ case KEY_RESTART: ++ log_struct(LOG_INFO, ++ LOG_MESSAGE("Reboot key pressed."), ++ "MESSAGE_ID=" SD_MESSAGE_REBOOT_KEY_STR); ++ ++ manager_handle_action(b->manager, INHIBIT_HANDLE_REBOOT_KEY, b->manager->handle_reboot_key, b->manager->reboot_key_ignore_inhibited, true); ++ break; ++ ++ /* The kernel naming is a bit confusing here: + + KEY_SLEEP = suspend-to-ram, which everybody else calls "suspend" + KEY_SUSPEND = suspend-to-disk, which everybody else calls "hibernate" +@@ -233,7 +246,7 @@ static int button_suitable(Button *b) { + return -errno; + + if (bitset_get(types, EV_KEY)) { +- unsigned long keys[CONST_MAX4(KEY_POWER, KEY_POWER2, KEY_SLEEP, KEY_SUSPEND)/ULONG_BITS+1]; ++ unsigned long keys[CONST_MAX5(KEY_POWER, KEY_POWER2, KEY_SLEEP, KEY_SUSPEND, KEY_RESTART)/ULONG_BITS+1]; + + if (ioctl(b->fd, EVIOCGBIT(EV_KEY, sizeof(keys)), keys) < 0) + return -errno; +@@ -241,7 +254,8 @@ static int button_suitable(Button *b) { + if (bitset_get(keys, KEY_POWER) || + bitset_get(keys, KEY_POWER2) || + bitset_get(keys, KEY_SLEEP) || +- bitset_get(keys, KEY_SUSPEND)) ++ bitset_get(keys, KEY_SUSPEND) || ++ bitset_get(keys, KEY_RESTART)) + return true; + } + +@@ -262,7 +276,7 @@ static int button_suitable(Button *b) { + static int button_set_mask(Button *b) { + unsigned long + types[CONST_MAX(EV_KEY, EV_SW)/ULONG_BITS+1] = {}, +- keys[CONST_MAX4(KEY_POWER, KEY_POWER2, KEY_SLEEP, KEY_SUSPEND)/ULONG_BITS+1] = {}, ++ keys[CONST_MAX5(KEY_POWER, KEY_POWER2, KEY_SLEEP, KEY_SUSPEND, KEY_RESTART)/ULONG_BITS+1] = {}, + switches[CONST_MAX(SW_LID, SW_DOCK)/ULONG_BITS+1] = {}; + struct input_mask mask; + +@@ -287,6 +301,7 @@ static int button_set_mask(Button *b) { + bitset_put(keys, KEY_POWER2); + bitset_put(keys, KEY_SLEEP); + bitset_put(keys, KEY_SUSPEND); ++ bitset_put(keys, KEY_RESTART); + + mask = (struct input_mask) { + .type = EV_KEY, +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index abe6eecffb..81ec4f2653 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -39,10 +39,12 @@ void manager_reset_config(Manager *m) { + m->handle_lid_switch = HANDLE_SUSPEND; + m->handle_lid_switch_ep = _HANDLE_ACTION_INVALID; + m->handle_lid_switch_docked = HANDLE_IGNORE; ++ m->handle_reboot_key = HANDLE_REBOOT; + m->power_key_ignore_inhibited = false; + m->suspend_key_ignore_inhibited = false; + m->hibernate_key_ignore_inhibited = false; + m->lid_switch_ignore_inhibited = true; ++ m->reboot_key_ignore_inhibited = false; + + m->holdoff_timeout_usec = 30 * USEC_PER_SEC; + +@@ -698,6 +700,8 @@ bool manager_all_buttons_ignored(Manager *m) { + return false; + if (m->handle_lid_switch_docked != HANDLE_IGNORE) + return false; ++ if (m->handle_reboot_key != HANDLE_IGNORE) ++ return false; + + return true; + } +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index dbac406035..61fd47999d 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -2616,6 +2616,7 @@ static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error + w == INHIBIT_IDLE ? "org.freedesktop.login1.inhibit-block-idle" : + w == INHIBIT_HANDLE_POWER_KEY ? "org.freedesktop.login1.inhibit-handle-power-key" : + w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" : ++ w == INHIBIT_HANDLE_REBOOT_KEY ? "org.freedesktop.login1.inhibit-handle-reboot-key" : + w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" : + "org.freedesktop.login1.inhibit-handle-lid-switch", + NULL, +diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf +index 214ac5c4a3..c49703698a 100644 +--- a/src/login/logind-gperf.gperf ++++ b/src/login/logind-gperf.gperf +@@ -30,10 +30,12 @@ Login.HandleHibernateKey, config_parse_handle_action, 0, offse + Login.HandleLidSwitch, config_parse_handle_action, 0, offsetof(Manager, handle_lid_switch) + Login.HandleLidSwitchExternalPower, config_parse_handle_action, 0, offsetof(Manager, handle_lid_switch_ep) + Login.HandleLidSwitchDocked, config_parse_handle_action, 0, offsetof(Manager, handle_lid_switch_docked) ++Login.HandleRebootKey, config_parse_handle_action, 0, offsetof(Manager, handle_reboot_key) + Login.PowerKeyIgnoreInhibited, config_parse_bool, 0, offsetof(Manager, power_key_ignore_inhibited) + Login.SuspendKeyIgnoreInhibited, config_parse_bool, 0, offsetof(Manager, suspend_key_ignore_inhibited) + Login.HibernateKeyIgnoreInhibited, config_parse_bool, 0, offsetof(Manager, hibernate_key_ignore_inhibited) + Login.LidSwitchIgnoreInhibited, config_parse_bool, 0, offsetof(Manager, lid_switch_ignore_inhibited) ++Login.RebootKeyIgnoreInhibited, config_parse_bool, 0, offsetof(Manager, reboot_key_ignore_inhibited) + Login.HoldoffTimeoutSec, config_parse_sec, 0, offsetof(Manager, holdoff_timeout_usec) + Login.IdleAction, config_parse_handle_action, 0, offsetof(Manager, idle_action) + Login.IdleActionSec, config_parse_sec, 0, offsetof(Manager, idle_action_usec) +diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c +index b1f45baaca..27b862e7c4 100644 +--- a/src/login/logind-inhibit.c ++++ b/src/login/logind-inhibit.c +@@ -405,7 +405,15 @@ bool manager_is_inhibited( + } + + const char *inhibit_what_to_string(InhibitWhat w) { +- static thread_local char buffer[97]; ++ static thread_local char buffer[STRLEN( ++ "shutdown:" ++ "sleep:" ++ "idle:" ++ "handle-power-key:" ++ "handle-suspend-key:" ++ "handle-hibernate-key:" ++ "handle-lid-switch:" ++ "handle-reboot-key")+1]; + char *p; + + if (w < 0 || w >= _INHIBIT_WHAT_MAX) +@@ -426,6 +434,8 @@ const char *inhibit_what_to_string(InhibitWhat w) { + p = stpcpy(p, "handle-hibernate-key:"); + if (w & INHIBIT_HANDLE_LID_SWITCH) + p = stpcpy(p, "handle-lid-switch:"); ++ if (w & INHIBIT_HANDLE_REBOOT_KEY) ++ p = stpcpy(p, "handle-reboot-key:"); + + if (p > buffer) + *(p-1) = 0; +@@ -455,6 +465,8 @@ InhibitWhat inhibit_what_from_string(const char *s) { + what |= INHIBIT_HANDLE_HIBERNATE_KEY; + else if (l == 17 && strneq(word, "handle-lid-switch", l)) + what |= INHIBIT_HANDLE_LID_SWITCH; ++ else if (l == 17 && strneq(word, "handle-reboot-key", l)) ++ what |= INHIBIT_HANDLE_REBOOT_KEY; + else + return _INHIBIT_WHAT_INVALID; + } +diff --git a/src/login/logind-inhibit.h b/src/login/logind-inhibit.h +index 650587106d..51095a0bde 100644 +--- a/src/login/logind-inhibit.h ++++ b/src/login/logind-inhibit.h +@@ -11,7 +11,8 @@ typedef enum InhibitWhat { + INHIBIT_HANDLE_SUSPEND_KEY = 1 << 4, + INHIBIT_HANDLE_HIBERNATE_KEY = 1 << 5, + INHIBIT_HANDLE_LID_SWITCH = 1 << 6, +- _INHIBIT_WHAT_MAX = 1 << 7, ++ INHIBIT_HANDLE_REBOOT_KEY = 1 << 7, ++ _INHIBIT_WHAT_MAX = 1 << 8, + _INHIBIT_WHAT_INVALID = -1 + } InhibitWhat; + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index a62c2b0b57..95f2d48d02 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -24,10 +24,12 @@ + #HandleLidSwitch=suspend + #HandleLidSwitchExternalPower=suspend + #HandleLidSwitchDocked=ignore ++#HandleRebootKey=reboot + #PowerKeyIgnoreInhibited=no + #SuspendKeyIgnoreInhibited=no + #HibernateKeyIgnoreInhibited=no + #LidSwitchIgnoreInhibited=yes ++#RebootKeyIgnoreInhibited=no + #HoldoffTimeoutSec=30s + #IdleAction=ignore + #IdleActionSec=30min +diff --git a/src/login/logind.h b/src/login/logind.h +index b9b4a5113f..395306ced3 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -111,11 +111,13 @@ struct Manager { + HandleAction handle_lid_switch; + HandleAction handle_lid_switch_ep; + HandleAction handle_lid_switch_docked; ++ HandleAction handle_reboot_key; + + bool power_key_ignore_inhibited; + bool suspend_key_ignore_inhibited; + bool hibernate_key_ignore_inhibited; + bool lid_switch_ignore_inhibited; ++ bool reboot_key_ignore_inhibited; + + bool remove_ipc; + +diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy +index 83760e1580..882975849e 100644 +--- a/src/login/org.freedesktop.login1.policy ++++ b/src/login/org.freedesktop.login1.policy +@@ -113,6 +113,17 @@ + + + ++ ++ Allow applications to inhibit system handling of the reboot key ++ Authentication is required for an application to inhibit system handling of the reboot key. ++ ++ no ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch ++ ++ + + Allow non-logged-in user to run programs + Explicit request is required to run programs as a non-logged-in user. +diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h +index 847b698ba4..3e9584c0b2 100644 +--- a/src/systemd/sd-messages.h ++++ b/src/systemd/sd-messages.h +@@ -134,6 +134,8 @@ _SD_BEGIN_DECLARATIONS; + #define SD_MESSAGE_SYSTEM_UNDOCKED_STR SD_ID128_MAKE_STR(51,e1,71,bd,58,52,48,56,81,10,14,4c,51,7c,ca,53) + #define SD_MESSAGE_POWER_KEY SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,71) + #define SD_MESSAGE_POWER_KEY_STR SD_ID128_MAKE_STR(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,71) ++#define SD_MESSAGE_REBOOT_KEY SD_ID128_MAKE(9f,a9,d2,c0,12,13,4e,c3,85,45,1f,fe,31,6f,97,d0) ++#define SD_MESSAGE_REBOOT_KEY_STR SD_ID128_MAKE_STR(9f,a9,d2,c0,12,13,4e,c3,85,45,1f,fe,31,6f,97,d0) + #define SD_MESSAGE_SUSPEND_KEY SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,72) + #define SD_MESSAGE_SUSPEND_KEY_STR SD_ID128_MAKE_STR(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,72) + #define SD_MESSAGE_HIBERNATE_KEY SD_ID128_MAKE(b7,2e,a4,a2,88,15,45,a0,b5,0e,20,0e,55,b9,b0,73) diff --git a/0999-analyze-security-fix-recursive-call-of-syscall_names.patch b/0999-analyze-security-fix-recursive-call-of-syscall_names.patch new file mode 100644 index 0000000..21a1e74 --- /dev/null +++ b/0999-analyze-security-fix-recursive-call-of-syscall_names.patch @@ -0,0 +1,62 @@ +From dd7a5f4144bde111334582eafbc0f358e63854ea Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 1 Feb 2019 11:49:24 +0100 +Subject: [PATCH] analyze security: fix recursive call of + syscall_names_in_filter() + +When `syscall_names_in_filter()` is called in itself, it is already +examined with `whitelist`. Or, in other words, `syscall_names_in_filter()` +returns bad or good in boolean. So, the returned value should not be +compared with `whitelist` again. + +This replaces #11302. + +(cherry picked from commit 95832a0f8c2941df83e72dfc9d37eab20da8b1fa) + +Related: RHEL-5991 +--- + src/analyze/analyze-security.c | 24 +++++++++++------------- + 1 file changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c +index 969101c57b..5ef5d52e75 100644 +--- a/src/analyze/analyze-security.c ++++ b/src/analyze/analyze-security.c +@@ -480,26 +480,24 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS + const char *syscall; + + NULSTR_FOREACH(syscall, f->value) { +- bool b; ++ int id; + + if (syscall[0] == '@') { + const SyscallFilterSet *g; +- assert_se(g = syscall_filter_set_find(syscall)); +- b = syscall_names_in_filter(s, whitelist, g); +- } else { +-#if HAVE_SECCOMP +- int id; + +- /* Let's see if the system call actually exists on this platform, before complaining */ +- id = seccomp_syscall_resolve_name(syscall); +- if (id < 0) +- continue; +-#endif ++ assert_se(g = syscall_filter_set_find(syscall)); ++ if (syscall_names_in_filter(s, whitelist, g)) ++ return true; /* bad! */ + +- b = set_contains(s, syscall); ++ continue; + } + +- if (whitelist == b) { ++ /* Let's see if the system call actually exists on this platform, before complaining */ ++ id = seccomp_syscall_resolve_name(syscall); ++ if (id < 0) ++ continue; ++ ++ if (set_contains(s, syscall) == whitelist) { + log_debug("Offending syscall filter item: %s", syscall); + return true; /* bad! */ + } diff --git a/1000-analyze-security-do-not-assign-badness-to-filtered-o.patch b/1000-analyze-security-do-not-assign-badness-to-filtered-o.patch new file mode 100644 index 0000000..ba06451 --- /dev/null +++ b/1000-analyze-security-do-not-assign-badness-to-filtered-o.patch @@ -0,0 +1,28 @@ +From c8fe27ea2c560a213c3e3968fa76b5dd84e181f5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 1 Aug 2020 11:28:09 +0200 +Subject: [PATCH] analyze-security: do not assign badness to filtered-out + syscalls + +Fixes #16451, https://bugzilla.redhat.com/show_bug.cgi?id=1856273. + +(cherry picked from commit 01ecb3674ad3650bcbb14155b2dcbd4b9f4ed57e) + +Resolves: RHEL-5991 +--- + src/analyze/analyze-security.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c +index 5ef5d52e75..7c937e3587 100644 +--- a/src/analyze/analyze-security.c ++++ b/src/analyze/analyze-security.c +@@ -549,7 +549,7 @@ static int assess_system_call_filter( + b = 10; + } else { + (void) asprintf(&d, "System call blacklist defined for service, and %s is included", f->name); +- b = 5; ++ b = 0; + } + } + } diff --git a/1001-analyze-security-include-an-actual-syscall-name-in-t.patch b/1001-analyze-security-include-an-actual-syscall-name-in-t.patch new file mode 100644 index 0000000..edc5dea --- /dev/null +++ b/1001-analyze-security-include-an-actual-syscall-name-in-t.patch @@ -0,0 +1,105 @@ +From 7aa12839166b5ae2c67d51946008543d016a7733 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 1 Aug 2020 11:41:57 +0200 +Subject: [PATCH] analyze-security: include an actual syscall name in the + message + +This information was already available in the debug output, but I think it +is good to include it in the message in the table. This makes it easier to wrap +one's head around the allowlist/denylist filtering. + +(cherry picked from commit a9134af2e3ab22eba96228ea6ba440e89213cef2) + +Related: RHEL-5991 +--- + src/analyze/analyze-security.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c +index 7c937e3587..d156aa607a 100644 +--- a/src/analyze/analyze-security.c ++++ b/src/analyze/analyze-security.c +@@ -476,7 +476,7 @@ static int assess_system_call_architectures( + return 0; + } + +-static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterSet *f) { ++static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterSet *f, const char **ret_offending_syscall) { + const char *syscall; + + NULSTR_FOREACH(syscall, f->value) { +@@ -486,7 +486,7 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS + const SyscallFilterSet *g; + + assert_se(g = syscall_filter_set_find(syscall)); +- if (syscall_names_in_filter(s, whitelist, g)) ++ if (syscall_names_in_filter(s, whitelist, g, ret_offending_syscall)) + return true; /* bad! */ + + continue; +@@ -499,10 +499,13 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS + + if (set_contains(s, syscall) == whitelist) { + log_debug("Offending syscall filter item: %s", syscall); ++ if (ret_offending_syscall) ++ *ret_offending_syscall = syscall; + return true; /* bad! */ + } + } + ++ *ret_offending_syscall = NULL; + return false; + } + +@@ -513,31 +516,33 @@ static int assess_system_call_filter( + uint64_t *ret_badness, + char **ret_description) { + +- const SyscallFilterSet *f; +- char *d = NULL; +- uint64_t b; +- + assert(a); + assert(info); + assert(ret_badness); + assert(ret_description); + + assert(a->parameter < _SYSCALL_FILTER_SET_MAX); +- f = syscall_filter_sets + a->parameter; ++ const SyscallFilterSet *f = syscall_filter_sets + a->parameter; ++ ++ char *d = NULL; ++ uint64_t b; + + if (!info->system_call_filter_whitelist && set_isempty(info->system_call_filter)) { + d = strdup("Service does not filter system calls"); + b = 10; + } else { + bool bad; ++ const char *offender = NULL; + + log_debug("Analyzing system call filter, checking against: %s", f->name); +- bad = syscall_names_in_filter(info->system_call_filter, info->system_call_filter_whitelist, f); ++ bad = syscall_names_in_filter(info->system_call_filter, info->system_call_filter_whitelist, f, &offender); + log_debug("Result: %s", bad ? "bad" : "good"); + + if (info->system_call_filter_whitelist) { + if (bad) { +- (void) asprintf(&d, "System call whitelist defined for service, and %s is included", f->name); ++ (void) asprintf(&d, "System call whitelist defined for service, and %s is included " ++ "(e.g. %s is allowed)", ++ f->name, offender); + b = 9; + } else { + (void) asprintf(&d, "System call whitelist defined for service, and %s is not included", f->name); +@@ -545,7 +550,9 @@ static int assess_system_call_filter( + } + } else { + if (bad) { +- (void) asprintf(&d, "System call blacklist defined for service, and %s is not included", f->name); ++ (void) asprintf(&d, "System call blacklist defined for service, and %s is not included " ++ "(e.g. %s is allowed)", ++ f->name, offender); + b = 10; + } else { + (void) asprintf(&d, "System call blacklist defined for service, and %s is included", f->name); diff --git a/1002-udev-net_id-introduce-naming-scheme-for-RHEL-8.10.patch b/1002-udev-net_id-introduce-naming-scheme-for-RHEL-8.10.patch new file mode 100644 index 0000000..5da176e --- /dev/null +++ b/1002-udev-net_id-introduce-naming-scheme-for-RHEL-8.10.patch @@ -0,0 +1,50 @@ +From 9d9c3d38451befec0494aea4fdb12c65289b0b46 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 23 Jan 2024 15:15:00 +0100 +Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.10 + +rhel-only + +Resolves: RHEL-22426 +--- + man/systemd.net-naming-scheme.xml | 6 ++++++ + src/udev/udev-builtin-net_id.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index ddd41646ae..25e8bd9aea 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -340,6 +340,12 @@ + Same as naming scheme rhel-8.7. + + ++ ++ rhel-8.10 ++ ++ Same as naming scheme rhel-8.7. ++ ++ + Note that latest may be used to denote the latest scheme known to this + particular version of systemd. + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 0f42c1c007..ece5d29205 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -143,6 +143,7 @@ typedef enum NamingSchemeFlags { + NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX, + NAMING_RHEL_8_8 = NAMING_RHEL_8_7, + NAMING_RHEL_8_9 = NAMING_RHEL_8_7, ++ NAMING_RHEL_8_10 = NAMING_RHEL_8_7, + + _NAMING_SCHEME_FLAGS_INVALID = -1, + } NamingSchemeFlags; +@@ -165,6 +166,7 @@ static const NamingScheme naming_schemes[] = { + { "rhel-8.7", NAMING_RHEL_8_7 }, + { "rhel-8.8", NAMING_RHEL_8_8 }, + { "rhel-8.9", NAMING_RHEL_8_9 }, ++ { "rhel-8.10", NAMING_RHEL_8_10 }, + /* … add more schemes here, as the logic to name devices is updated … */ + }; + diff --git a/1003-doc-add-missing-listitem-to-systemd.net-naming-schem.patch b/1003-doc-add-missing-listitem-to-systemd.net-naming-schem.patch new file mode 100644 index 0000000..9f756e0 --- /dev/null +++ b/1003-doc-add-missing-listitem-to-systemd.net-naming-schem.patch @@ -0,0 +1,79 @@ +From 8ac0c00fa9699f1cd096a4775cf0cf7879b81f37 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Fri, 9 Feb 2024 14:42:28 +0100 +Subject: [PATCH] doc: add missing `` to + `systemd.net-naming-scheme.xml` + +rhel-only + +Related: RHEL-22426 +--- + man/systemd.net-naming-scheme.xml | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index 25e8bd9aea..11ef2ea02f 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -276,19 +276,19 @@ + + rhel-8.1 + +- Same as naming scheme rhel-8.0. ++ Same as naming scheme rhel-8.0. + + + + rhel-8.2 + +- Same as naming scheme rhel-8.0. ++ Same as naming scheme rhel-8.0. + + + + rhel-8.3 + +- Same as naming scheme rhel-8.0. ++ Same as naming scheme rhel-8.0. + + + +@@ -304,13 +304,13 @@ + + rhel-8.5 + +- Same as naming scheme rhel-8.4. ++ Same as naming scheme rhel-8.4. + + + + rhel-8.6 + +- Same as naming scheme rhel-8.4. ++ Same as naming scheme rhel-8.4. + + + +@@ -331,19 +331,19 @@ + + rhel-8.8 + +- Same as naming scheme rhel-8.7. ++ Same as naming scheme rhel-8.7. + + + + rhel-8.9 + +- Same as naming scheme rhel-8.7. ++ Same as naming scheme rhel-8.7. + + + + rhel-8.10 + +- Same as naming scheme rhel-8.7. ++ Same as naming scheme rhel-8.7. + + + Note that latest may be used to denote the latest scheme known to this diff --git a/1004-service-schedule-cleanup-of-PID-hashmaps-when-we-now.patch b/1004-service-schedule-cleanup-of-PID-hashmaps-when-we-now.patch new file mode 100644 index 0000000..973bd7f --- /dev/null +++ b/1004-service-schedule-cleanup-of-PID-hashmaps-when-we-now.patch @@ -0,0 +1,34 @@ +From 8bf7a6f42efba3ebe59872ba75233e75ffdf7c87 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 11 Dec 2023 16:09:02 +0100 +Subject: [PATCH] service: schedule cleanup of PID hashmaps when we now longer + have main_pid and we are in container + +RHEL-only + +Resolves: RHEL-5863 +--- + src/core/service.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 0423f2c73e..82c09d59f0 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -34,6 +34,7 @@ + #include "string-table.h" + #include "string-util.h" + #include "strv.h" ++#include "virt.h" + #include "unit-name.h" + #include "unit.h" + #include "utf8.h" +@@ -3535,7 +3536,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { + * detect when the cgroup becomes empty. Note that the control process is always + * our child so it's pointless to watch all other processes. */ + if (!control_pid_good(s)) +- if (!s->main_pid_known || s->main_pid_alien) ++ if (!s->main_pid_known || s->main_pid_alien || (s->main_pid == 0 && detect_container() > 0)) + (void) unit_enqueue_rewatch_pids(u); + } + diff --git a/systemd.spec b/systemd.spec index 6099c65..58b6976 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 79%{?dist} +Release: 80%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -1039,6 +1039,21 @@ Patch0986: 0986-fstab-generator-allow-overriding-etc-fstab-with-SYST.patch Patch0987: 0987-fstab-generator-allow-overriding-path-to-sysroot-etc.patch Patch0988: 0988-test-backport-TEST-81-GENERATORS-fstab-generator-onl.patch Patch0989: 0989-resolved-actually-check-authenticated-flag-of-SOA-tr.patch +Patch0990: 0990-fd-util-rework-how-we-determine-highest-possible-fd.patch +Patch0991: 0991-basic-fd-util-refuse-infinite-loop-in-close_all_fds.patch +Patch0992: 0992-fd-util-split-out-inner-fallback-loop-of-close_all_f.patch +Patch0993: 0993-exec-util-use-close_all_fds_without_malloc-from-free.patch +Patch0994: 0994-ci-use-source-git-automation-composite-Action.patch +Patch0995: 0995-ci-increase-the-cron-interval-to-45-minutes.patch +Patch0996: 0996-ci-add-all-Z-Stream-versions-to-array-of-allowed-ver.patch +Patch0997: 0997-tree-wide-always-declare-bitflag-enums-the-same-way.patch +Patch0998: 0998-login-Add-KEY_RESTART-handling.patch +Patch0999: 0999-analyze-security-fix-recursive-call-of-syscall_names.patch +Patch1000: 1000-analyze-security-do-not-assign-badness-to-filtered-o.patch +Patch1001: 1001-analyze-security-include-an-actual-syscall-name-in-t.patch +Patch1002: 1002-udev-net_id-introduce-naming-scheme-for-RHEL-8.10.patch +Patch1003: 1003-doc-add-missing-listitem-to-systemd.net-naming-schem.patch +Patch1004: 1004-service-schedule-cleanup-of-PID-hashmaps-when-we-now.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1669,6 +1684,23 @@ fi %files tests -f .file-list-tests %changelog +* Thu Feb 15 2024 systemd maintenance team - 239-80 +- fd-util: rework how we determine highest possible fd (RHEL-18302) +- basic/fd-util: refuse "infinite" loop in close_all_fds() (RHEL-18302) +- fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc() (RHEL-18302) +- exec-util: use close_all_fds_without_malloc() from freeze() (RHEL-18302) +- ci: use source-git-automation composite Action (RHEL-1087) +- ci: increase the cron interval to 45 minutes (RHEL-1087) +- ci: add all Z-Stream versions to array of allowed versions (RHEL-1087) +- tree-wide: always declare bitflag enums the same way (RHEL-2857) +- login: Add KEY_RESTART handling (RHEL-2857) +- analyze security: fix recursive call of syscall_names_in_filter() (RHEL-5991) +- analyze-security: do not assign badness to filtered-out syscalls (RHEL-5991) +- analyze-security: include an actual syscall name in the message (RHEL-5991) +- udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22426) +- doc: add missing `` to `systemd.net-naming-scheme.xml` (RHEL-22426) +- service: schedule cleanup of PID hashmaps when we now longer have main_pid and we are in container (RHEL-5863) + * Mon Jan 08 2024 systemd maintenance team - 239-79 - ci: Extend source-git-automation (RHEL-1087) - ci: add missing configuration for commit linter (RHEL-1087)