Backport some patches

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-07-17 19:34:13 -04:00
parent f3e3e4d477
commit d044ab56d6
12 changed files with 427 additions and 2 deletions

View File

@ -0,0 +1,23 @@
From b2954c2fbed0409adba2687b17fb956f002b2bbe Mon Sep 17 00:00:00 2001
From: Jeremy Bicha <jbicha@ubuntu.com>
Date: Thu, 13 Jul 2017 10:44:33 -0400
Subject: [PATCH] escape: Fix help description (#6352)
Resolves: #6351(cherry picked from commit 303608c1bcf9568371625fbbd9442946cadba422)
---
src/escape/escape.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/escape/escape.c b/src/escape/escape.c
index af98c98e40..89e885d47c 100644
--- a/src/escape/escape.c
+++ b/src/escape/escape.c
@@ -38,7 +38,7 @@ static bool arg_path = false;
static void help(void) {
printf("%s [OPTIONS...] [NAME...]\n\n"
- "Show system and user paths.\n\n"
+ "Escape strings for usage in system unit names.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --suffix=SUFFIX Unit suffix to append to escaped strings\n"

View File

@ -0,0 +1,51 @@
From 33145774d9d41ac306f972e0247c9a073d5dbfc9 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 14 Jul 2017 18:28:28 +0200
Subject: [PATCH] build-sys: install udev rule 70-joystick.{rules,hwdb} (#6363)
* meson: install udev files 70-joystick.{rules,hwdb}
* Makefile: install udev file 70-joystick.hwdb
(cherry picked from commit 816be2ba448940e2517dba81492e80b1e6a5954f)
---
Makefile.am | 1 +
hwdb/meson.build | 1 +
rules/meson.build | 1 +
3 files changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index c16e62280b..b95c93bb98 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4062,6 +4062,7 @@ dist_udevhwdb_DATA = \
hwdb/60-evdev.hwdb \
hwdb/60-keyboard.hwdb \
hwdb/60-sensor.hwdb \
+ hwdb/70-joystick.hwdb \
hwdb/70-mouse.hwdb \
hwdb/70-pointingstick.hwdb \
hwdb/70-touchpad.hwdb
diff --git a/hwdb/meson.build b/hwdb/meson.build
index 74a93f9ccb..6fceff2b3b 100644
--- a/hwdb/meson.build
+++ b/hwdb/meson.build
@@ -12,6 +12,7 @@ hwdb_files = files('''
60-evdev.hwdb
60-keyboard.hwdb
60-sensor.hwdb
+ 70-joystick.hwdb
70-mouse.hwdb
70-pointingstick.hwdb
70-touchpad.hwdb
diff --git a/rules/meson.build b/rules/meson.build
index 0f818a506f..7f4725ad65 100644
--- a/rules/meson.build
+++ b/rules/meson.build
@@ -12,6 +12,7 @@ rules = files('''
60-sensor.rules
60-serial.rules
64-btrfs.rules
+ 70-joystick.rules
70-mouse.rules
70-touchpad.rules
75-net-description.rules

View File

@ -0,0 +1,22 @@
From a1b21ca91835ec0322ccd0eedf9951ba0e52db80 Mon Sep 17 00:00:00 2001
From: IPv4v6 <mail.ipv4v6@gmail.com>
Date: Sat, 15 Jul 2017 13:53:21 +0200
Subject: [PATCH] add version argument to help function (#6377)
Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>(cherry picked from commit cb4069d95e447e8a01fc3feee6d6cb99669c4c38)
---
src/core/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/main.c b/src/core/main.c
index 88e2c92504..babcab4978 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1091,6 +1091,7 @@ static int help(void) {
printf("%s [OPTIONS...]\n\n"
"Starts up and maintains the system or user services.\n\n"
" -h --help Show this help\n"
+ " --version Show version\n"
" --test Determine startup sequence, dump it and exit\n"
" --no-pager Do not pipe output into a pager\n"
" --dump-configuration-items Dump understood unit configuration items\n"

View File

@ -0,0 +1,79 @@
From 5d56b6fb41fb29cd636e64f079f9a1e1982820be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:28:02 +0000
Subject: [PATCH] seccomp: arm64/x32 do not have _sysctl
So don't even try to added the filter to reduce noise.
The test is updated to skip calling _sysctl because the kernel prints
an oops-like message that is confusing and unhelpful:
Jul 15 21:07:01 rpi3 kernel: test-seccomp[8448]: syscall -10080
Jul 15 21:07:01 rpi3 kernel: Code: aa0503e4 aa0603e5 aa0703e6 d4000001 (b13ffc1f)
Jul 15 21:07:01 rpi3 kernel: CPU: 3 PID: 8448 Comm: test-seccomp Tainted: G W 4.11.8-300.fc26.aarch64 #1
Jul 15 21:07:01 rpi3 kernel: Hardware name: raspberrypi rpi/rpi, BIOS 2017.05 06/24/2017
Jul 15 21:07:01 rpi3 kernel: task: ffff80002bb0bb00 task.stack: ffff800036354000
Jul 15 21:07:01 rpi3 kernel: PC is at 0xffff8669c7c4
Jul 15 21:07:01 rpi3 kernel: LR is at 0xaaaac64b6750
Jul 15 21:07:01 rpi3 kernel: pc : [<0000ffff8669c7c4>] lr : [<0000aaaac64b6750>] pstate: 60000000
Jul 15 21:07:01 rpi3 kernel: sp : 0000ffffdc640fd0
Jul 15 21:07:01 rpi3 kernel: x29: 0000ffffdc640fd0 x28: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x27: 0000000000000000 x26: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x25: 0000000000000000 x24: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x23: 0000000000000000 x22: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x21: 0000aaaac64b4940 x20: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x19: 0000aaaac64b88f8 x18: 0000000000000020
Jul 15 21:07:01 rpi3 kernel: x17: 0000ffff8669c7a0 x16: 0000aaaac64d2ee0
Jul 15 21:07:01 rpi3 kernel: x15: 0000000000000000 x14: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x13: 203a657275746365 x12: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x11: 0000ffffdc640418 x10: 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x9 : 0000000000000005 x8 : 00000000ffffd8a0
Jul 15 21:07:01 rpi3 kernel: x7 : 7f7f7f7f7f7f7f7f x6 : 7f7f7f7f7f7f7f7f
Jul 15 21:07:01 rpi3 kernel: x5 : 65736d68716f7277 x4 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x3 : 0000000000000008 x2 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel: x1 : 0000000000000000 x0 : 0000000000000000
Jul 15 21:07:01 rpi3 kernel:
(cherry picked from commit 1e20e640132c700c23494bb9e2619afb83878380)
(cherry picked from commit 2e64e8f46d726689a44d4084226fe3e0ea255c29)
---
src/shared/seccomp-util.c | 4 ++++
src/test/test-seccomp.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 36843d4bf5..1a8bfbe416 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -899,6 +899,10 @@ int seccomp_protect_sysctl(void) {
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64))
+ /* No _sysctl syscall */
+ continue;
+
r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW);
if (r < 0)
return r;
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index efd145e063..50fe24c794 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -244,13 +244,17 @@ static void test_protect_sysctl(void) {
assert_se(pid >= 0);
if (pid == 0) {
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
assert_se(errno == EFAULT);
+#endif
assert_se(seccomp_protect_sysctl() >= 0);
+#if __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
assert_se(errno == EPERM);
+#endif
_exit(EXIT_SUCCESS);
}

View File

@ -0,0 +1,40 @@
From e04118bd11f8268e7ee7b893f861f18f03bc6970 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:01 +0000
Subject: [PATCH] seccomp: arm64 does not have mmap2
I messed up when adding the definitions in 4278d1f5310f5acb4c6a6788233625234edb5145.
Unfortunately I didn't have the hardware at hand and went by
looking at the kernel headers.
(cherry picked from commit 53196fafcb7b24b45ed4f48ab894d00a24a6d871)
(cherry picked from commit 79873bc850177050baa0c5165b119adafeebb891)
---
src/shared/seccomp-util.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 1a8bfbe416..637ee8526e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1223,10 +1223,6 @@ int seccomp_memory_deny_write_execute(void) {
break;
- case SCMP_ARCH_AARCH64:
- block_syscall = SCMP_SYS(mmap);
- /* fall through */
-
case SCMP_ARCH_ARM:
filter_syscall = SCMP_SYS(mmap2); /* arm has only mmap2 */
shmat_syscall = SCMP_SYS(shmat);
@@ -1234,7 +1230,8 @@ int seccomp_memory_deny_write_execute(void) {
case SCMP_ARCH_X86_64:
case SCMP_ARCH_X32:
- filter_syscall = SCMP_SYS(mmap); /* amd64 and x32 have only mmap */
+ case SCMP_ARCH_AARCH64:
+ filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */
shmat_syscall = SCMP_SYS(shmat);
break;

View File

@ -0,0 +1,41 @@
From 5a3e65fa2537b31334ccb8b73a28208a3b535076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 15 Jul 2017 19:30:48 +0000
Subject: [PATCH] test-seccomp: arm64 does not have access() and poll()
glibc uses faccessat and ppoll, so just add a filters for that.
(cherry picked from commit abc0213839fef92e2e2b98a434914f22ece48490)
(cherry picked from commit f60a865a496e1e6fde7436b4013dd8ff677f29a1)
---
src/test/test-seccomp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 50fe24c794..28fe206507 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -529,7 +529,11 @@ static void test_load_syscall_filter_set_raw(void) {
assert_se(poll(NULL, 0, 0) == 0);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(access) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_access + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_faccessat + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN)) >= 0);
@@ -541,7 +545,11 @@ static void test_load_syscall_filter_set_raw(void) {
s = set_free(s);
assert_se(s = set_new(NULL));
+#if SCMP_SYS(poll) >= 0
assert_se(set_put(s, UINT32_TO_PTR(__NR_poll + 1)) >= 0);
+#else
+ assert_se(set_put(s, UINT32_TO_PTR(__NR_ppoll + 1)) >= 0);
+#endif
assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH)) >= 0);

View File

@ -0,0 +1,31 @@
From 713917bd94272fc65d94016a208b72309ae1320a Mon Sep 17 00:00:00 2001
From: NeilBrown <neil@brown.name>
Date: Mon, 17 Jul 2017 18:03:34 +1000
Subject: [PATCH] fstab-generator: ignore x-systemd.device-timeout for
non-devices (#6368)
If you specify "x-systemd.device-timeout" for an NFS mount
point, you get no warning and a meaningless device unit
dependency created.
Better to have a warning and no dependency.
(cherry picked from commit c67bd1f758f087496741ce0b3e227d82c6b4a304)
---
src/shared/generator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6a78ebbda7..6a887e3aad 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -182,6 +182,10 @@ int generator_write_timeouts(
node = fstab_node_to_udev_node(what);
if (!node)
return log_oom();
+ if (!is_device_path(node)) {
+ log_warning("x-systemd.device-timeout ignored for %s", what);
+ return 0;
+ }
r = unit_name_from_path(node, ".device", &unit);
if (r < 0)

View File

@ -0,0 +1,22 @@
From 83030c7aea991d863591df2e09d41bb19d6e01d0 Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:06:34 +0900
Subject: [PATCH] core: modify resource leak by SmackProcessLabel=
(cherry picked from commit 5b8e1b7755092e162bcf0bad8afe2e55dfbbd9e2)
---
src/core/execute.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index d72e5bf08c..4ed133fb6a 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3099,6 +3099,7 @@ void exec_context_done(ExecContext *c) {
c->utmp_id = mfree(c->utmp_id);
c->selinux_context = mfree(c->selinux_context);
c->apparmor_profile = mfree(c->apparmor_profile);
+ c->smack_process_label = mfree(c->smack_process_label);
c->syscall_filter = set_free(c->syscall_filter);
c->syscall_archs = set_free(c->syscall_archs);

View File

@ -0,0 +1,31 @@
From d8e3c9d25867f7081f060f1491186b6e3b30975b Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 13 Jul 2017 13:10:41 +0900
Subject: [PATCH] core: dump also missed security context
(cherry picked from commit 80c21aea118eeccfb2a0fcc5986b4432588dc857)
---
src/core/execute.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index 4ed133fb6a..62faa028a1 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3614,6 +3614,16 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
"%sSELinuxContext: %s%s\n",
prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
+ if (c->apparmor_profile)
+ fprintf(f,
+ "%sAppArmorProfile: %s%s\n",
+ prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
+
+ if (c->smack_process_label)
+ fprintf(f,
+ "%sSmackProcessLabel: %s%s\n",
+ prefix, c->smack_process_label_ignore ? "-" : "", c->smack_process_label);
+
if (c->personality != PERSONALITY_INVALID)
fprintf(f,
"%sPersonality: %s\n",

View File

@ -0,0 +1,32 @@
From 3dd07ebf08dd630b0f50dfff3ef6d05628b8708b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekletar@users.noreply.github.com>
Date: Mon, 17 Jul 2017 10:04:37 +0200
Subject: [PATCH] journald: make sure we retain all stream fds across restarts
(#6348)
Currently we set 4096 as maximum for number of stream connections that
we accept. However maximum number of file descriptors that systemd is
willing to accept from us is just 1024. This means we can't retain all
stream connections that we accepted. Hence bump the limit of fds in a
unit file so that systemd holds open all stream fds while we are
restarted.
New limit is set to 4224 (4096 + 128).
(cherry picked from commit 3c978aca69e0e43d4dd453437ec9c498ea788795)
---
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 66b7c6a48e..1e86d63648 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -21,7 +21,7 @@ Restart=always
RestartSec=0
StandardOutput=null
WatchdogSec=3min
-FileDescriptorStoreMax=1024
+FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
MemoryDenyWriteExecute=yes
RestrictRealtime=yes

View File

@ -0,0 +1,37 @@
From d52e2bb9c20216972754c054e8534bca28baab66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 17 Jul 2017 15:45:44 -0400
Subject: [PATCH] Use config_parse_sec_fix_0() also for JobRunningTimeoutSec
2d79a0bbb9f651656384a0a86ed814e6306fb5dd did that for TimeoutSec=,
89beff89edba592366b2960bd830d3f6e602c2c7 did that for JobTimeoutSec=,
and 0004f698df1410ef8b6ab3fb5f4b41a60c91182c did that for
x-systemd.device-timeout=. But after parsing x-systemd.device-timeout=xxx
we write it out as JobRunningTimeoutSec=xxx. Two options:
- write out JobRunningTimeoutSec=<a very big number>,
- change JobRunningTimeoutSec= to behave like the other options.
I think it would be confusing for JobRunningTimeoutSec= to have different
syntax then TimeoutSec= and JobTimeoutSec=, so this patch implements the
second option.
Fixes #6264, https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
(cherry picked from commit 4a06cbf8387555c7c04a1ee6f0c5a6f858bf4b19)
---
src/core/load-fragment-gperf.gperf.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5b5a86250e..7fb39cf948 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -194,7 +194,7 @@ Unit.OnFailureIsolate, config_parse_job_mode_isolate, 0,
Unit.IgnoreOnIsolate, config_parse_bool, 0, offsetof(Unit, ignore_on_isolate)
Unit.IgnoreOnSnapshot, config_parse_warn_compat, DISABLED_LEGACY, 0
Unit.JobTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_timeout)
-Unit.JobRunningTimeoutSec, config_parse_sec, 0, offsetof(Unit, job_running_timeout)
+Unit.JobRunningTimeoutSec, config_parse_sec_fix_0, 0, offsetof(Unit, job_running_timeout)
Unit.JobTimeoutAction, config_parse_emergency_action, 0, offsetof(Unit, job_timeout_action)
Unit.JobTimeoutRebootArgument, config_parse_unit_string_printf, 0, offsetof(Unit, job_timeout_reboot_arg)
Unit.StartLimitIntervalSec, config_parse_sec, 0, offsetof(Unit, start_limit.interval)

View File

@ -13,7 +13,7 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 234 Version: 234
Release: 2%{?gitcommit:.git%{gitcommitshort}}%{?dist} Release: 3%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -41,11 +41,23 @@ Source11: 20-grubby.install
Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60ceade446773c67031b47a566d4a70d/src/login/systemd-user.m4 Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60ceade446773c67031b47a566d4a70d/src/login/systemd-user.m4
%if 0 %if 0
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v233..v233-stable GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v234..v234-stable
i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
%endif %endif
Patch0001: 0001-escape-Fix-help-description-6352.patch
Patch0002: 0002-build-sys-install-udev-rule-70-joystick.-rules-hwdb-.patch
Patch0003: 0003-add-version-argument-to-help-function-6377.patch
Patch0004: 0004-seccomp-arm64-x32-do-not-have-_sysctl.patch
Patch0005: 0005-seccomp-arm64-does-not-have-mmap2.patch
Patch0006: 0006-test-seccomp-arm64-does-not-have-access-and-poll.patch
Patch0007: 0007-fstab-generator-ignore-x-systemd.device-timeout-for-.patch
Patch0008: 0008-core-modify-resource-leak-by-SmackProcessLabel.patch
Patch0009: 0009-core-dump-also-missed-security-context.patch
Patch0010: 0010-journald-make-sure-we-retain-all-stream-fds-across-r.patch
Patch0011: 0011-Use-config_parse_sec_fix_0-also-for-JobRunningTimeou.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@ -1027,6 +1039,10 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%{pkgdir}/tests %{pkgdir}/tests
%changelog %changelog
* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-3
- Fix x-systemd.timeout=0 in /etc/fstab (#1462378)
- Minor patches (memleaks, --help fixes, seccomp on arm64)
* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-2 * Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-2
- Create kvm group (#1431876) - Create kvm group (#1431876)