rpms
/
systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-65.el8

This commit is contained in:
CentOS Sources 2022-08-24 22:31:01 +00:00 committed by root
parent e2881b4302
commit d50792f00f
30 changed files with 3168 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
SOURCES/0792-ci-bump-the-worker-Ubuntu-version-to-Jammy.patch Normal file
View File

@ -0,0 +1,24 @@
From 3a35fcaad4bb3831808280854eb84f68975279a1 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 19 Jul 2022 22:44:07 +0200
Subject: [PATCH] ci: bump the worker Ubuntu version to Jammy
rhel-only
Related: #2087152
---
.github/workflows/unit_tests.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 87b162fa71..f397e8ed6e 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -6,7 +6,7 @@ on: [pull_request]
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:

43
SOURCES/0793-test-make-test-execute-pass-on-Linux-5.15.patch Normal file
View File

@ -0,0 +1,43 @@
From 434b4b64d17e16ed23f90c99c26dbd0e4ce6cd88 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 24 Nov 2021 15:58:50 +0100
Subject: [PATCH] test: make test-execute pass on Linux 5.15
Linux 5.15 broke kernel API:
https://github.com/torvalds/linux/commit/e70344c05995a190a56bbd1a23dc2218bcc8c924
Previously setting IOPRIO_CLASS_NONE for a process would then report
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
breakage that our testsuite trips up on.
(I made some minimal effort to inform the kernel people about this API
breakage during the 5.15 rc phase, but noone was interested.)
Either way let's hadle this gracefully in our test suite and accept
"best-effort" too when "none" was set.
(This is only triggable if the tests are run on 5.15 with full privs)
(cherry picked from commit d9b8771108cf2955efc3852b477391017d2c599a)
Related: #2087152
---
test/test-execute/exec-ioschedulingclass-none.service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test/test-execute/exec-ioschedulingclass-none.service b/test/test-execute/exec-ioschedulingclass-none.service
index b6af122a1e..8f917d345d 100644
--- a/test/test-execute/exec-ioschedulingclass-none.service
+++ b/test/test-execute/exec-ioschedulingclass-none.service
@@ -2,6 +2,7 @@
Description=Test for IOSchedulingClass=none
[Service]
-ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none"'
+# Old kernels might report "none" here, new kernels "best-effort".
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none" -o "$${c%%:*}" = "best-effort"'
Type=oneshot
IOSchedulingClass=none

25
SOURCES/0794-ci-install-iputils.patch Normal file
View File

@ -0,0 +1,25 @@
From 128d784dacb456f9ea675911e88d4b47925bda0d Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 20 Jul 2022 10:24:36 +0200
Subject: [PATCH] ci: install iputils
Required by test-bpf.
rhel-only
Related: #2087152
---
.github/workflows/unit_tests.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index c1311310fb..3859433720 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -11,6 +11,7 @@ ADDITIONAL_DEPS=(
dnsmasq
e2fsprogs
hostname
+ iputils
libasan
libubsan
nc

63
SOURCES/0795-ci-Mergify-Add-ci-waived-logic.patch Normal file
View File

@ -0,0 +1,63 @@
From 0feaf0be515c02a10ca12f726b4a8424262cf09c Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 19 Jul 2022 12:43:43 +0200
Subject: [PATCH] ci(Mergify): Add `ci-waived` logic
RHEL-only
Related: #2087152
---
.mergify.yml | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/.mergify.yml b/.mergify.yml
index 6fa400effd..3afd04f18e 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -4,6 +4,7 @@
pull_request_rules:
- name: Add `needs-ci` label on CI fail
conditions:
+ - label!=ci-waived
- or:
# Unit tests
- -check-success=build (stream8, GCC)
@@ -27,21 +28,24 @@ pull_request_rules:
- name: Remove `needs-ci` label on CI success
conditions:
- # Unit tests
- - check-success=build (stream8, GCC)
- - check-success=build (stream8, GCC_ASAN)
- # CentOS Stream CI
- - check-success=CentOS CI (CentOS Stream 8)
- # LGTM
- or:
- - "check-success=LGTM analysis: JavaScript"
- - "check-neutral=LGTM analysis: JavaScript"
- - or:
- - "check-success=LGTM analysis: Python"
- - "check-neutral=LGTM analysis: Python"
- - or:
- - "check-success=LGTM analysis: C/C++"
- - "check-neutral=LGTM analysis: C/C++"
+ - label=ci-waived
+ - and:
+ # Unit tests
+ - check-success=build (stream8, GCC)
+ - check-success=build (stream8, GCC_ASAN)
+ # CentOS Stream CI
+ - check-success=CentOS CI (CentOS Stream 8)
+ # LGTM
+ - or:
+ - "check-success=LGTM analysis: JavaScript"
+ - "check-neutral=LGTM analysis: JavaScript"
+ - or:
+ - "check-success=LGTM analysis: Python"
+ - "check-neutral=LGTM analysis: Python"
+ - or:
+ - "check-success=LGTM analysis: C/C++"
+ - "check-neutral=LGTM analysis: C/C++"
actions:
label:
remove:

33
SOURCES/0796-sd-event-don-t-invalidate-source-type-on-disconnect.patch Normal file
View File

@ -0,0 +1,33 @@
From e48586dcfa66731a353ecc832e43fab75559e2cf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 30 Oct 2019 16:37:42 +0100
Subject: [PATCH] sd-event: don't invalidate source type on disconnect
This fixes fd closing if fd ownership is requested.
(cherry picked from commit f59825595182d70b9ead238d1e885d0db99cc201)
Resolves: #2115396
---
src/libsystemd/sd-event/sd-event.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 0adfdd9e1a..09d4584bf9 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1104,11 +1104,13 @@ static void source_disconnect(sd_event_source *s) {
event = s->event;
- s->type = _SOURCE_EVENT_SOURCE_TYPE_INVALID;
s->event = NULL;
LIST_REMOVE(sources, event->sources, s);
event->n_sources--;
+ /* Note that we don't invalidate the type here, since we still need it in order to close the fd or
+ * pidfd associated with this event source, which we'll do only on source_free(). */
+
if (!s->floating)
sd_event_unref(event);
}

98
SOURCES/0797-tests-make-sure-we-delay-running-mount-start-jobs-wh.patch Normal file
View File

@ -0,0 +1,98 @@
From e6cd875a767ba23b218cdca395307ac6fb7fd882 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 30 May 2022 14:50:05 +0200
Subject: [PATCH] tests: make sure we delay running mount start jobs when
/p/s/mountinfo is rate limited
(cherry picked from commit 9e15be6c8d55abd800bf33f9776dd0e307ed37bc)
Related: #2095744
---
test/TEST-60-MOUNT-RATELIMIT/testsuite.sh | 53 +++++++++++++++++++++++
test/test-functions | 2 +-
2 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh b/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
index 6211050faf..84fe9640e1 100755
--- a/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
+++ b/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
@@ -2,6 +2,56 @@
set -eux
set -o pipefail
+test_issue_20329() {
+ local tmpdir unit
+ tmpdir="$(mktemp -d)"
+ unit=$(systemd-escape --suffix mount --path "$tmpdir")
+
+ # Set up test mount unit
+ cat > /run/systemd/system/"$unit" <<EOF
+[Mount]
+What=tmpfs
+Where=$tmpdir
+Type=tmpfs
+Options=defaults,nofail
+EOF
+
+ # Start the unit
+ systemctl daemon-reload
+ systemctl start "$unit"
+
+ [[ "$(systemctl show --property SubState --value "$unit")" = "mounted" ]] || {
+ echo >&2 "Test mount \"$unit\" unit isn't mounted"
+ return 1
+ }
+ mountpoint -q "$tmpdir"
+
+ trap 'systemctl stop $unit' RETURN
+
+ # Trigger the mount ratelimiting
+ cd "$(mktemp -d)"
+ mkdir foo
+ for ((i=0;i<50;++i)); do
+ mount --bind foo foo
+ umount foo
+ done
+
+ # Unmount the test mount and start it immediately again via systemd
+ umount "$tmpdir"
+ systemctl start "$unit"
+
+ # Make sure it is seen as mounted by systemd and it actually is mounted
+ [[ "$(systemctl show --property SubState --value "$unit")" = "mounted" ]] || {
+ echo >&2 "Test mount \"$unit\" unit isn't in \"mounted\" state"
+ return 1
+ }
+
+ mountpoint -q "$tmpdir" || {
+ echo >&2 "Test mount \"$unit\" is in \"mounted\" state, actually is not mounted"
+ return 1
+ }
+}
+
systemd-analyze log-level debug
systemd-analyze log-target journal
@@ -85,6 +135,9 @@ if systemctl list-units -t mount tmp-meow* | grep -q tmp-meow; then
exit 42
fi
+# test that handling of mount start jobs is delayed when /proc/self/mouninfo monitor is rate limited
+test_issue_20329
+
systemd-analyze log-level info
echo OK >/testok
diff --git a/test/test-functions b/test/test-functions
index 4d7832b1fb..ed8ab98173 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -23,7 +23,7 @@ fi
PATH_TO_INIT=$ROOTLIBDIR/systemd
-BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env"
+BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env mktemp mountpoint"
DEBUGTOOLS="df free ls stty cat ps ln ip route dmesg dhclient mkdir cp ping dhclient strace less grep id tty touch du sort hostname find"
STATEDIR="${BUILD_DIR:-.}/test/$(basename $(dirname $(realpath $0)))"

29
SOURCES/0798-core-drop-references-to-StandardOutputFileToCreate.patch Normal file
View File

@ -0,0 +1,29 @@
From 0bf1df5c35c310c3efe49c7a3cb8c3be3e33492b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:05:37 +0100
Subject: [PATCH] core: drop references to 'StandardOutputFileToCreate'
This property never existed, let's drop any reference to it.
(cherry picked from commit 922ce049d1ed37ce77e3322711e29f256d9e5959)
Related: #2093479
---
src/core/dbus-execute.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 2e64f0baf4..05134851c5 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1809,8 +1809,8 @@ int bus_exec_context_set_transient_property(
} else if (STR_IN_SET(name,
"StandardInputFile",
- "StandardOutputFile", "StandardOutputFileToCreate", "StandardOutputFileToAppend",
- "StandardErrorFile", "StandardErrorFileToCreate", "StandardErrorFileToAppend")) {
+ "StandardOutputFile", "StandardOutputFileToAppend",
+ "StandardErrorFile", "StandardErrorFileToAppend")) {
const char *s;
r = sd_bus_message_read(message, "s", &s);

29
SOURCES/0799-dbus-execute-fix-indentation.patch Normal file
View File

@ -0,0 +1,29 @@
From 2ba82e6b7e9a7b138c985561dd7d26b9e4111fbe Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:06:19 +0100
Subject: [PATCH] dbus-execute: fix indentation
(cherry picked from commit dbe6c4b657aa5c58bfc049d869b94f00b41b7d95)
Related: #2093479
---
src/core/dbus-execute.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 05134851c5..fc433cc96f 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1858,9 +1858,9 @@ int bus_exec_context_set_transient_property(
c->std_error = EXEC_OUTPUT_FILE;
unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=file:%s", s);
} else {
- assert(streq(name, "StandardErrorFileToAppend"));
- c->std_error = EXEC_OUTPUT_FILE_APPEND;
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
+ assert(streq(name, "StandardErrorFileToAppend"));
+ c->std_error = EXEC_OUTPUT_FILE_APPEND;
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
}
}
}

30
SOURCES/0800-dbus-execute-generate-the-correct-transient-unit-set.patch Normal file
View File

@ -0,0 +1,30 @@
From 4fbd505c5a15f2b6078dc43e5a1ff999993e8b23 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:07:06 +0100
Subject: [PATCH] dbus-execute: generate the correct transient unit setting
(cherry picked from commit 1704fba92f7b2c92238b0833943669045374daf9)
Related: #2093479
---
src/core/dbus-execute.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index fc433cc96f..00f4aeacef 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1856,11 +1856,11 @@ int bus_exec_context_set_transient_property(
if (streq(name, "StandardErrorFile")) {
c->std_error = EXEC_OUTPUT_FILE;
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=file:%s", s);
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardError=file:%s", s);
} else {
assert(streq(name, "StandardErrorFileToAppend"));
c->std_error = EXEC_OUTPUT_FILE_APPEND;
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardError=append:%s", s);
}
}
}

33
SOURCES/0801-bus-unit-util-properly-accept-StandardOutput-append-.patch Normal file
View File

@ -0,0 +1,33 @@
From b06347d1e85c98507ba386b24e6c7159edf4784f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:07:39 +0100
Subject: [PATCH] =?UTF-8?q?bus-unit-util:=20properly=20accept=20StandardOu?=
=?UTF-8?q?tput=3Dappend:=E2=80=A6=20settings?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(cherry picked from commit 8d33232ef1ad051b5ed00bd7b5fffb5a19bb83ae)
Resolves: #2093479
---
src/shared/bus-unit-util.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 9010448aaf..3910dfa812 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -894,9 +894,11 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
} else if ((n = startswith(eq, "file:"))) {
appended = strjoina(field, "File");
r = sd_bus_message_append(m, "(sv)", appended, "s", n);
+ } else if ((n = startswith(eq, "append:"))) {
+ appended = strjoina(field, "FileToAppend");
+ r = sd_bus_message_append(m, "(sv)", appended, "s", n);
} else
r = sd_bus_message_append(m, "(sv)", field, "s", eq);
-
if (r < 0)
return bus_log_create_error(r);

68
SOURCES/0802-core-be-more-careful-when-inheriting-stdout-fds-to-s.patch Normal file
View File

@ -0,0 +1,68 @@
From d6ffd324cc933efec946a3ffbed6fccfe7077203 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:07:48 +0100
Subject: [PATCH] core: be more careful when inheriting stdout fds to stderr
We need to compare the fd name/file name if we inherit an fd from stdout
to stderr. Let's do that.
Fixes: #10875
(cherry picked from commit 41fc585a7a3b8ae857cad5fdad1bc70cdacfa8e5)
Related: #2093479
---
src/core/execute.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 9cbb678ac4..b1d8dceb32 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -545,6 +545,30 @@ static int setup_input(
}
}
+static bool can_inherit_stderr_from_stdout(
+ const ExecContext *context,
+ ExecOutput o,
+ ExecOutput e) {
+
+ assert(context);
+
+ /* Returns true, if given the specified STDERR and STDOUT output we can directly dup() the stdout fd to the
+ * stderr fd */
+
+ if (e == EXEC_OUTPUT_INHERIT)
+ return true;
+ if (e != o)
+ return false;
+
+ if (e == EXEC_OUTPUT_NAMED_FD)
+ return streq_ptr(context->stdio_fdname[STDOUT_FILENO], context->stdio_fdname[STDERR_FILENO]);
+
+ if (IN_SET(e, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND))
+ return streq_ptr(context->stdio_file[STDOUT_FILENO], context->stdio_file[STDERR_FILENO]);
+
+ return true;
+}
+
static int setup_output(
const Unit *unit,
const ExecContext *context,
@@ -603,7 +627,7 @@ static int setup_output(
return fileno;
/* Duplicate from stdout if possible */
- if ((e == o && e != EXEC_OUTPUT_NAMED_FD) || e == EXEC_OUTPUT_INHERIT)
+ if (can_inherit_stderr_from_stdout(context, o, e))
return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
o = e;
@@ -694,7 +718,6 @@ static int setup_output(
flags |= O_APPEND;
fd = acquire_path(context->stdio_file[fileno], flags, 0666 & ~context->umask);
-
if (fd < 0)
return fd;

136
SOURCES/0803-test-add-a-test-for-StandardError-file.patch Normal file
View File

@ -0,0 +1,136 @@
From 2bbaa4b647c8a60a6c6a591f71313b0667447246 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 26 Nov 2018 21:09:07 +0100
Subject: [PATCH] =?UTF-8?q?test:=20add=20a=20test=20for=20StandardError=3D?=
=?UTF-8?q?file:=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This deserves a test of its, given how broken on so many levels this
previously was.
(cherry picked from commit 196b0a11f306b8041e35316feb05ed1f00380957)
Related: #2093479
---
test/TEST-27-STDOUTFILE/Makefile | 1 +
test/TEST-27-STDOUTFILE/test.sh | 52 ++++++++++++++++++++++++++++
test/TEST-27-STDOUTFILE/testsuite.sh | 40 +++++++++++++++++++++
3 files changed, 93 insertions(+)
create mode 120000 test/TEST-27-STDOUTFILE/Makefile
create mode 100755 test/TEST-27-STDOUTFILE/test.sh
create mode 100755 test/TEST-27-STDOUTFILE/testsuite.sh
diff --git a/test/TEST-27-STDOUTFILE/Makefile b/test/TEST-27-STDOUTFILE/Makefile
new file mode 120000
index 0000000000..e9f93b1104
--- /dev/null
+++ b/test/TEST-27-STDOUTFILE/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-27-STDOUTFILE/test.sh b/test/TEST-27-STDOUTFILE/test.sh
new file mode 100755
index 0000000000..724dbef231
--- /dev/null
+++ b/test/TEST-27-STDOUTFILE/test.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -e
+TEST_DESCRIPTION="test StandardOutput=file:"
+
+. $TEST_BASE_DIR/test-functions
+
+test_setup() {
+ create_empty_image
+ mkdir -p $TESTDIR/root
+ mount ${LOOPDEV}p1 $TESTDIR/root
+
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+ inst_binary cmp
+
+ setup_basic_environment
+
+ # mask some services that we do not want to run in these tests
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service
+
+ # setup the testsuite service
+ cat >$initdir/etc/systemd/system/testsuite.service <<EOF
+[Unit]
+Description=Testsuite service
+
+[Service]
+ExecStart=/testsuite.sh
+Type=oneshot
+StandardOutput=tty
+StandardError=tty
+NotifyAccess=all
+EOF
+ cp testsuite.sh $initdir/
+
+ setup_testsuite
+ ) || return 1
+ setup_nspawn_root
+
+ ddebug "umount $TESTDIR/root"
+ umount $TESTDIR/root
+}
+
+do_test "$@"
diff --git a/test/TEST-27-STDOUTFILE/testsuite.sh b/test/TEST-27-STDOUTFILE/testsuite.sh
new file mode 100755
index 0000000000..75559e03e5
--- /dev/null
+++ b/test/TEST-27-STDOUTFILE/testsuite.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+set -ex
+set -o pipefail
+
+systemd-analyze set-log-level debug
+systemd-analyze set-log-target console
+
+systemd-run --unit=one -p StandardOutput=file:/tmp/stdout -p StandardError=file:/tmp/stderr -p Type=exec sh -c 'echo x ; echo y >&2'
+cmp /tmp/stdout <<EOF
+x
+EOF
+cmp /tmp/stderr <<EOF
+y
+EOF
+
+systemd-run --unit=two -p StandardOutput=file:/tmp/stdout -p StandardError=file:/tmp/stderr -p Type=exec sh -c 'echo z ; echo a >&2'
+cmp /tmp/stdout <<EOF
+z
+EOF
+cmp /tmp/stderr <<EOF
+a
+EOF
+
+systemd-run --unit=three -p StandardOutput=append:/tmp/stdout -p StandardError=append:/tmp/stderr -p Type=exec sh -c 'echo b ; echo c >&2'
+cmp /tmp/stdout <<EOF
+z
+b
+EOF
+cmp /tmp/stderr <<EOF
+a
+c
+EOF
+
+systemd-analyze set-log-level info
+
+echo OK > /testok
+
+exit 0

260
SOURCES/0804-tree-wide-allow-ASCII-fallback-for-in-logs.patch Normal file
View File

@ -0,0 +1,260 @@
From aa93c2acd6c9ed4eb0152be9002f59ecd9cc277e Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 24 Jun 2022 09:13:42 +0200
Subject: [PATCH] =?UTF-8?q?tree-wide:=20allow=20ASCII=20fallback=20for=20?=
=?UTF-8?q?=E2=86=92=20in=20logs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(cherry picked from commit e2341b6bc325932b3f9f10874956952cbdbd6361)
Resolves: #2093479
---
src/basic/mount-util.c | 5 +++--
src/core/dbus.c | 4 +++-
src/core/namespace.c | 7 +++++--
src/core/socket.c | 4 +++-
src/libsystemd/sd-bus/sd-bus.c | 4 +++-
src/login/logind-acl.c | 5 +++--
src/resolve/resolved-dns-query.c | 11 +++++++++--
src/shared/dns-domain.c | 9 ++++++---
src/tmpfiles/tmpfiles.c | 4 +++-
9 files changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 0c709001be..e7f9e514c2 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -18,6 +18,7 @@
#include "fileio.h"
#include "fs-util.h"
#include "hashmap.h"
+#include "locale-util.h"
#include "mount-util.h"
#include "parse-util.h"
#include "path-util.h"
@@ -844,8 +845,8 @@ int mount_verbose(
log_debug("Bind-mounting %s on %s (%s \"%s\")...",
what, where, strnull(fl), strempty(o));
else if (f & MS_MOVE)
- log_debug("Moving mount %s → %s (%s \"%s\")...",
- what, where, strnull(fl), strempty(o));
+ log_debug("Moving mount %s %s %s (%s \"%s\")...",
+ what, special_glyph(ARROW), where, strnull(fl), strempty(o));
else
log_debug("Mounting %s on %s (%s \"%s\")...",
strna(type), where, strnull(fl), strempty(o));
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 584a8a1b01..66d838cdb4 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -31,6 +31,7 @@
#include "dbus.h"
#include "fd-util.h"
#include "fs-util.h"
+#include "locale-util.h"
#include "log.h"
#include "missing.h"
#include "mkdir.h"
@@ -751,7 +752,8 @@ static int manager_dispatch_sync_bus_names(sd_event_source *es, void *userdata)
assert(s);
if (!streq_ptr(s->bus_name, name)) {
- log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name);
+ log_unit_warning(u, "Bus name has changed from %s %s %s, ignoring.",
+ s->bus_name, special_glyph(ARROW), name);
continue;
}
diff --git a/src/core/namespace.c b/src/core/namespace.c
index e4930db15c..3566795d46 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -15,6 +15,7 @@
#include "fd-util.h"
#include "fs-util.h"
#include "label.h"
+#include "locale-util.h"
#include "loop-util.h"
#include "loopback-setup.h"
#include "missing.h"
@@ -841,7 +842,8 @@ static int follow_symlink(
return -ELOOP;
}
- log_debug("Followed mount entry path symlink %s → %s.", mount_entry_path(m), target);
+ log_debug("Followed mount entry path symlink %s %s %s.",
+ mount_entry_path(m), special_glyph(ARROW), target);
free_and_replace(m->path_malloc, target);
m->has_prefix = true;
@@ -920,7 +922,8 @@ static int apply_mount(
if (r < 0)
return log_debug_errno(r, "Failed to follow symlinks on %s: %m", mount_entry_source(m));
- log_debug("Followed source symlinks %s → %s.", mount_entry_source(m), chased);
+ log_debug("Followed source symlinks %s %s %s.",
+ mount_entry_source(m), special_glyph(ARROW), chased);
free_and_replace(m->source_malloc, chased);
diff --git a/src/core/socket.c b/src/core/socket.c
index 6f9a0f7575..bdfeb43a70 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -25,6 +25,7 @@
#include "in-addr-util.h"
#include "io-util.h"
#include "label.h"
+#include "locale-util.h"
#include "log.h"
#include "missing.h"
#include "mkdir.h"
@@ -1355,7 +1356,8 @@ static int socket_symlink(Socket *s) {
}
if (r < 0)
- log_unit_warning_errno(UNIT(s), r, "Failed to create symlink %s → %s, ignoring: %m", p, *i);
+ log_unit_warning_errno(UNIT(s), r, "Failed to create symlink %s %s %s, ignoring: %m",
+ p, special_glyph(ARROW), *i);
}
return 0;
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 803f3f50d6..21e54591f7 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -31,6 +31,7 @@
#include "cgroup-util.h"
#include "def.h"
#include "fd-util.h"
+#include "locale-util.h"
#include "hexdecoct.h"
#include "hostname-util.h"
#include "macro.h"
@@ -518,7 +519,8 @@ void bus_set_state(sd_bus *bus, enum bus_state state) {
if (state == bus->state)
return;
- log_debug("Bus %s: changing state %s → %s", strna(bus->description), table[bus->state], table[state]);
+ log_debug("Bus %s: changing state %s %s %s", strna(bus->description),
+ table[bus->state], special_glyph(ARROW), table[state]);
bus->state = state;
}
diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
index cafeb8822f..fe17eac0e6 100644
--- a/src/login/logind-acl.c
+++ b/src/login/logind-acl.c
@@ -9,6 +9,7 @@
#include "escape.h"
#include "fd-util.h"
#include "format-util.h"
+#include "locale-util.h"
#include "logind-acl.h"
#include "set.h"
#include "string-util.h"
@@ -260,8 +261,8 @@ int devnode_acl_all(struct udev *udev,
SET_FOREACH(n, nodes, i) {
int k;
- log_debug("Changing ACLs at %s for seat %s (uid "UID_FMT"→"UID_FMT"%s%s)",
- n, seat, old_uid, new_uid,
+ log_debug("Changing ACLs at %s for seat %s (uid "UID_FMT"%s"UID_FMT"%s%s)",
+ n, seat, old_uid, special_glyph(ARROW), new_uid,
del ? " del" : "", add ? " add" : "");
k = devnode_acl(n, flush, del, old_uid, add, new_uid);
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index c921fe841f..573e27d662 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -3,6 +3,7 @@
#include "alloc-util.h"
#include "dns-domain.h"
#include "dns-type.h"
+#include "locale-util.h"
#include "hostname-util.h"
#include "local-addresses.h"
#include "resolved-dns-query.h"
@@ -942,7 +943,10 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
if (r < 0)
return r;
else if (r > 0)
- log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
+ log_debug("Following CNAME/DNAME %s %s %s.",
+ dns_question_first_name(q->question_idna),
+ special_glyph(ARROW),
+ dns_question_first_name(nq_idna));
k = dns_question_is_equal(q->question_idna, q->question_utf8);
if (k < 0)
@@ -956,7 +960,10 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
if (k < 0)
return k;
else if (k > 0)
- log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
+ log_debug("Following UTF8 CNAME/DNAME %s %s %s.",
+ dns_question_first_name(q->question_utf8),
+ special_glyph(ARROW),
+ dns_question_first_name(nq_utf8));
}
if (r == 0 && k == 0) /* No actual cname happened? */
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index de2fcca8b2..59799dec56 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -17,6 +17,7 @@
#include "alloc-util.h"
#include "dns-domain.h"
+#include "locale-util.h"
#include "hashmap.h"
#include "hexdecoct.h"
#include "in-addr-util.h"
@@ -1260,7 +1261,7 @@ int dns_name_apply_idna(const char *name, char **ret) {
r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t,
IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL);
- log_debug("idn2_lookup_u8: %s → %s", name, t);
+ log_debug("idn2_lookup_u8: %s %s %s", name, special_glyph(ARROW), t);
if (r == IDN2_OK) {
if (!startswith(name, "xn--")) {
_cleanup_free_ char *s = NULL;
@@ -1273,8 +1274,10 @@ int dns_name_apply_idna(const char *name, char **ret) {
}
if (!streq_ptr(name, s)) {
- log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.",
- name, t, s);
+ log_debug("idn2 roundtrip failed: \"%s\" %s \"%s\" %s \"%s\", ignoring.",
+ name, special_glyph(ARROW), t,
+ special_glyph(ARROW), s);
+ *ret = NULL;
return 0;
}
}
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 50fada99dd..b3c2aac746 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -36,6 +36,7 @@
#include "fs-util.h"
#include "glob-util.h"
#include "io-util.h"
+#include "locale-util.h"
#include "label.h"
#include "log.h"
#include "macro.h"
@@ -2143,7 +2144,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) {
* there's no immediate need for action by the user. However, in the interest of making things less confusing
* to the user, let's still inform the user that these snippets should really be updated. */
- log_notice("[%s:%u] Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", fname, line, *path, n);
+ log_notice("[%s:%u] Line references path below legacy directory /var/run/, updating %s %s %s; please update the tmpfiles.d/ drop-in file accordingly.",
+ fname, line, *path, special_glyph(ARROW), n);
free(*path);
*path = n;

129
SOURCES/0805-tree-wide-allow-ASCII-fallback-for-in-logs.patch Normal file
View File

@ -0,0 +1,129 @@
From f27568d24a29590b34fec3a96a5b3b5d290ba3d8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 24 Jun 2022 09:59:44 +0200
Subject: [PATCH] =?UTF-8?q?tree-wide:=20allow=20ASCII=20fallback=20for=20?=
=?UTF-8?q?=E2=80=A6=20in=20logs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(cherry picked from commit 28e5e1e97f47067bce190ea6b3404907d63e4320)
Related: #2093479
---
src/core/manager.c | 5 +++--
src/shared/vlan-util.c | 3 ++-
src/sysusers/sysusers.c | 5 +++--
src/tmpfiles/tmpfiles.c | 6 +++---
4 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 845c26f498..5873e5b6d7 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -49,6 +49,7 @@
#include "io-util.h"
#include "label.h"
#include "locale-setup.h"
+#include "locale-util.h"
#include "log.h"
#include "macro.h"
#include "manager.h"
@@ -1404,7 +1405,7 @@ static void manager_coldplug(Manager *m) {
assert(m);
- log_debug("Invoking unit coldplug() handlers…");
+ log_debug("Invoking unit coldplug() handlers%s", special_glyph(ELLIPSIS));
/* Let's place the units back into their deserialized state */
HASHMAP_FOREACH_KEY(u, k, m->units, i) {
@@ -1426,7 +1427,7 @@ static void manager_catchup(Manager *m) {
assert(m);
- log_debug("Invoking unit catchup() handlers…");
+ log_debug("Invoking unit catchup() handlers%s", special_glyph(ELLIPSIS));
/* Let's catch up on any state changes that happened while we were reloading/reexecing */
HASHMAP_FOREACH_KEY(u, k, m->units, i) {
diff --git a/src/shared/vlan-util.c b/src/shared/vlan-util.c
index 400994a354..9301dacbe2 100644
--- a/src/shared/vlan-util.c
+++ b/src/shared/vlan-util.c
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "conf-parser.h"
+#include "locale-util.h"
#include "parse-util.h"
#include "string-util.h"
#include "vlan-util.h"
@@ -67,7 +68,7 @@ int config_parse_vlanid(
r = parse_vlanid(rvalue, id);
if (r == -ERANGE) {
- log_syntax(unit, LOG_ERR, filename, line, r, "VLAN identifier outside of valid range 0…4094, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, r, "VLAN identifier outside of valid range 0%s4094, ignoring: %s", special_glyph(ELLIPSIS), rvalue);
return 0;
}
if (r < 0) {
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index a374ebaaf4..f547388151 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -12,6 +12,7 @@
#include "format-util.h"
#include "fs-util.h"
#include "hashmap.h"
+#include "locale-util.h"
#include "pager.h"
#include "path-util.h"
#include "selinux-util.h"
@@ -1890,13 +1891,13 @@ static int read_config_files(char **args) {
STRV_FOREACH(f, files)
if (p && path_equal(*f, p)) {
- log_debug("Parsing arguments at position \"%s\"…", *f);
+ log_debug("Parsing arguments at position \"%s\"%s", *f, special_glyph(ELLIPSIS));
r = parse_arguments(args);
if (r < 0)
return r;
} else {
- log_debug("Reading config file \"%s\"…", *f);
+ log_debug("Reading config file \"%s\"%s", *f, special_glyph(ELLIPSIS));
/* Just warn, ignore result otherwise */
(void) read_config_file(*f, true);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index b3c2aac746..8da525120b 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2654,7 +2654,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
assert(fn);
if (streq(fn, "-")) {
- log_debug("Reading config from stdin…");
+ log_debug("Reading config from stdin%s", special_glyph(ELLIPSIS));
fn = "<stdin>";
f = stdin;
} else {
@@ -2667,7 +2667,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
return log_error_errno(r, "Failed to open '%s': %m", fn);
}
- log_debug("Reading config file \"%s\"…", fn);
+ log_debug("Reading config file \"%s\"%s", fn, special_glyph(ELLIPSIS));
f = _f;
}
@@ -2765,7 +2765,7 @@ static int read_config_files(char **config_dirs, char **args, bool *invalid_conf
STRV_FOREACH(f, files)
if (p && path_equal(*f, p)) {
- log_debug("Parsing arguments at position \"%s\"…", *f);
+ log_debug("Parsing arguments at position \"%s\"%s", *f, special_glyph(ELLIPSIS));
r = parse_arguments(config_dirs, args, invalid_config);
if (r < 0)

115
SOURCES/0806-core-allow-to-set-default-timeout-for-devices.patch Normal file
View File

@ -0,0 +1,115 @@
From 207f51115c18c668982ef8bdb8a024fccaeb87f0 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Sat, 16 Jul 2022 09:49:12 +0200
Subject: [PATCH] core: allow to set default timeout for devices
Fixes: #19879
(cherry picked from commit a0fe19f9f791c05af236265954b1d73e8fcf5468)
Resolves: #1967245
---
src/core/dbus-manager.c | 1 +
src/core/device.c | 2 +-
src/core/main.c | 4 ++++
src/core/manager.c | 1 +
src/core/manager.h | 1 +
src/core/system.conf.in | 1 +
6 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 7488f22116..5b1ed3646e 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2509,6 +2509,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_PROPERTY("DefaultTimerAccuracyUSec", "t", bus_property_get_usec, offsetof(Manager, default_timer_accuracy_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTimeoutStartUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_start_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTimeoutStopUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("DefaultDeviceTimeoutUSec", "t", bus_property_get_usec, offsetof(Manager, default_device_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultRestartUSec", "t", bus_property_get_usec, offsetof(Manager, default_restart_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultStartLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Manager, default_start_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
/* The following two items are obsolete alias */
diff --git a/src/core/device.c b/src/core/device.c
index cb8b66dfc5..71b7c1ef81 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -97,7 +97,7 @@ static void device_init(Unit *u) {
* indefinitely for plugged in devices, something which cannot
* happen for the other units since their operations time out
* anyway. */
- u->job_running_timeout = u->manager->default_timeout_start_usec;
+ u->job_running_timeout = u->manager->default_device_timeout_usec;
u->ignore_on_isolate = true;
diff --git a/src/core/main.c b/src/core/main.c
index 08a4df3c97..bfd4c531a7 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -109,6 +109,7 @@ static usec_t arg_default_restart_usec;
static usec_t arg_default_timeout_start_usec;
static usec_t arg_default_timeout_stop_usec;
static usec_t arg_default_timeout_abort_usec;
+static usec_t arg_default_device_timeout_usec;
static bool arg_default_timeout_abort_set;
static usec_t arg_default_start_limit_interval;
static unsigned arg_default_start_limit_burst;
@@ -687,6 +688,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
+ { "Manager", "DefaultDeviceTimeoutSec", config_parse_sec, 0, &arg_default_device_timeout_usec },
{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
{ "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
@@ -754,6 +756,7 @@ static void set_manager_defaults(Manager *m) {
m->default_std_error = arg_default_std_error;
m->default_timeout_start_usec = arg_default_timeout_start_usec;
m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
+ m->default_device_timeout_usec = arg_default_device_timeout_usec;
m->default_restart_usec = arg_default_restart_usec;
m->default_start_limit_interval = arg_default_start_limit_interval;
m->default_start_limit_burst = arg_default_start_limit_burst;
@@ -2077,6 +2080,7 @@ static void reset_arguments(void) {
arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_set = false;
+ arg_default_device_timeout_usec = DEFAULT_TIMEOUT_USEC;
arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
arg_runtime_watchdog = 0;
diff --git a/src/core/manager.c b/src/core/manager.c
index 5873e5b6d7..f4611e6f8f 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -731,6 +731,7 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) {
m->default_tasks_max = UINT64_MAX;
m->default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
m->default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
+ m->default_device_timeout_usec = DEFAULT_TIMEOUT_USEC,
m->default_restart_usec = DEFAULT_RESTART_USEC;
m->original_log_level = -1;
m->original_log_target = _LOG_TARGET_INVALID;
diff --git a/src/core/manager.h b/src/core/manager.h
index 7b572c8dfd..3f2cfc5e2e 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -285,6 +285,7 @@ struct Manager {
ExecOutput default_std_output, default_std_error;
usec_t default_restart_usec, default_timeout_start_usec, default_timeout_stop_usec;
+ usec_t default_device_timeout_usec;
usec_t default_start_limit_interval;
unsigned default_start_limit_burst;
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 84246c0e36..2f6852a89f 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -37,6 +37,7 @@
#DefaultStandardError=inherit
#DefaultTimeoutStartSec=90s
#DefaultTimeoutStopSec=90s
+#DefaultDeviceTimeoutSec=90s
#DefaultRestartSec=100ms
#DefaultStartLimitIntervalSec=10s
#DefaultStartLimitBurst=5

34
SOURCES/0807-man-document-DefaultDeviceTimeoutSec.patch Normal file
View File

@ -0,0 +1,34 @@
From ba81eba0feaf5c34f52141301e2b7ca93128fed0 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Sat, 16 Jul 2022 10:16:41 +0200
Subject: [PATCH] man: document DefaultDeviceTimeoutSec=
(cherry picked from commit 9e69bd4801588c12811c611a1c68b54cecbe1718)
Related: #1967245
---
man/systemd-system.conf.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 988c4e7665..3670f34cb5 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -305,6 +305,17 @@
100ms.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DefaultDeviceTimeoutSec=</varname></term>
+
+ <listitem><para>Configures the default timeout for waiting for devices. It can be changed per
+ device via the <varname>x-systemd.device-timeout=</varname> option in <filename>/etc/fstab</filename>
+ and <filename>/etc/crypttab</filename> (see
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
+ Defaults to 90s.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultStartLimitIntervalSec=</varname></term>
<term><varname>DefaultStartLimitBurst=</varname></term>

255
SOURCES/0808-Revert-core-Propagate-condition-failed-state-to-trig.patch Normal file
View File

@ -0,0 +1,255 @@
From f1a1ff976ed0787c79a0f57d773bc555ab756b8c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Dec 2021 19:39:29 +0100
Subject: [PATCH] Revert "core: Propagate condition failed state to triggering
units."
This reverts commit 12ab94a1e4961a39c32efb60b71866ab588d3ea2.
(cherry picked from commit 40f41f34d4af15d0147b5b2525f0b87ff62eae9a)
Related: #2114005
---
src/core/automount.c | 14 ++++----------
src/core/automount.h | 1 -
src/core/path.c | 16 +++++-----------
src/core/path.h | 1 -
src/core/socket.c | 28 +++++++++-------------------
src/core/socket.h | 1 -
src/core/timer.c | 12 +++---------
src/core/timer.h | 1 -
src/core/unit.c | 10 ----------
src/core/unit.h | 2 --
10 files changed, 21 insertions(+), 65 deletions(-)
diff --git a/src/core/automount.c b/src/core/automount.c
index bac3b2fab7..c1c513d4a5 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -776,11 +776,6 @@ static void automount_enter_running(Automount *a) {
goto fail;
}
- if (unit_has_failed_condition_or_assert(trigger)) {
- automount_enter_dead(a, AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED);
- return;
- }
-
r = manager_add_job(UNIT(a)->manager, JOB_START, trigger, JOB_REPLACE, NULL, &error, NULL);
if (r < 0) {
log_unit_warning(UNIT(a), "Failed to queue mount startup job: %s", bus_error_message(&error, r));
@@ -1092,11 +1087,10 @@ static int automount_can_start(Unit *u) {
}
static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
- [AUTOMOUNT_SUCCESS] = "success",
- [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
- [AUTOMOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
- [AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT] = "mount-start-limit-hit",
- [AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED] = "mount-condition-failed",
+ [AUTOMOUNT_SUCCESS] = "success",
+ [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
+ [AUTOMOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
+ [AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT] = "mount-start-limit-hit",
};
DEFINE_STRING_TABLE_LOOKUP(automount_result, AutomountResult);
diff --git a/src/core/automount.h b/src/core/automount.h
index a7417d195c..21dd1c0774 100644
--- a/src/core/automount.h
+++ b/src/core/automount.h
@@ -10,7 +10,6 @@ typedef enum AutomountResult {
AUTOMOUNT_FAILURE_RESOURCES,
AUTOMOUNT_FAILURE_START_LIMIT_HIT,
AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT,
- AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED,
_AUTOMOUNT_RESULT_MAX,
_AUTOMOUNT_RESULT_INVALID = -1
} AutomountResult;
diff --git a/src/core/path.c b/src/core/path.c
index bf7e1bf3c2..c2facf0b16 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -453,7 +453,7 @@ static void path_enter_dead(Path *p, PathResult f) {
else
unit_log_failure(UNIT(p), path_result_to_string(p->result));
- path_set_state(p, p->result == PATH_SUCCESS ? PATH_DEAD : PATH_FAILED);
+ path_set_state(p, p->result != PATH_SUCCESS ? PATH_FAILED : PATH_DEAD);
}
static void path_enter_running(Path *p) {
@@ -711,11 +711,6 @@ static void path_trigger_notify(Unit *u, Unit *other) {
return;
}
- if (unit_has_failed_condition_or_assert(other)) {
- path_enter_dead(p, PATH_FAILURE_UNIT_CONDITION_FAILED);
- return;
- }
-
/* Don't propagate anything if there's still a job queued */
if (other->job)
return;
@@ -768,11 +763,10 @@ static const char* const path_type_table[_PATH_TYPE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(path_type, PathType);
static const char* const path_result_table[_PATH_RESULT_MAX] = {
- [PATH_SUCCESS] = "success",
- [PATH_FAILURE_RESOURCES] = "resources",
- [PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
- [PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
- [PATH_FAILURE_UNIT_CONDITION_FAILED] = "unit-condition-failed",
+ [PATH_SUCCESS] = "success",
+ [PATH_FAILURE_RESOURCES] = "resources",
+ [PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
+ [PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
};
DEFINE_STRING_TABLE_LOOKUP(path_result, PathResult);
diff --git a/src/core/path.h b/src/core/path.h
index 0ad6bd12c6..8a69f06c13 100644
--- a/src/core/path.h
+++ b/src/core/path.h
@@ -46,7 +46,6 @@ typedef enum PathResult {
PATH_FAILURE_RESOURCES,
PATH_FAILURE_START_LIMIT_HIT,
PATH_FAILURE_UNIT_START_LIMIT_HIT,
- PATH_FAILURE_UNIT_CONDITION_FAILED,
_PATH_RESULT_MAX,
_PATH_RESULT_INVALID = -1
} PathResult;
diff --git a/src/core/socket.c b/src/core/socket.c
index bdfeb43a70..9d47ca2616 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2274,15 +2274,6 @@ static void socket_enter_running(Socket *s, int cfd) {
goto refuse;
}
- if (UNIT_ISSET(s->service) && cfd < 0) {
- Unit *service = UNIT_DEREF(s->service);
-
- if (unit_has_failed_condition_or_assert(service)) {
- socket_enter_dead(s, SOCKET_FAILURE_SERVICE_CONDITION_FAILED);
- return;
- }
- }
-
if (cfd < 0) {
bool pending = false;
Unit *other;
@@ -3298,16 +3289,15 @@ static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
- [SOCKET_SUCCESS] = "success",
- [SOCKET_FAILURE_RESOURCES] = "resources",
- [SOCKET_FAILURE_TIMEOUT] = "timeout",
- [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
- [SOCKET_FAILURE_SIGNAL] = "signal",
- [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
- [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
- [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
- [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit",
- [SOCKET_FAILURE_SERVICE_CONDITION_FAILED] = "service-condition-failed",
+ [SOCKET_SUCCESS] = "success",
+ [SOCKET_FAILURE_RESOURCES] = "resources",
+ [SOCKET_FAILURE_TIMEOUT] = "timeout",
+ [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
+ [SOCKET_FAILURE_SIGNAL] = "signal",
+ [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
+ [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
+ [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
+ [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
};
DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
diff --git a/src/core/socket.h b/src/core/socket.h
index b171b94316..2409dbf2a0 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -39,7 +39,6 @@ typedef enum SocketResult {
SOCKET_FAILURE_START_LIMIT_HIT,
SOCKET_FAILURE_TRIGGER_LIMIT_HIT,
SOCKET_FAILURE_SERVICE_START_LIMIT_HIT,
- SOCKET_FAILURE_SERVICE_CONDITION_FAILED,
_SOCKET_RESULT_MAX,
_SOCKET_RESULT_INVALID = -1
} SocketResult;
diff --git a/src/core/timer.c b/src/core/timer.c
index 3c8d89771d..990f05fee4 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -567,11 +567,6 @@ static void timer_enter_running(Timer *t) {
return;
}
- if (unit_has_failed_condition_or_assert(trigger)) {
- timer_enter_dead(t, TIMER_FAILURE_UNIT_CONDITION_FAILED);
- return;
- }
-
r = manager_add_job(UNIT(t)->manager, JOB_START, trigger, JOB_REPLACE, NULL, &error, NULL);
if (r < 0)
goto fail;
@@ -855,10 +850,9 @@ static const char* const timer_base_table[_TIMER_BASE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(timer_base, TimerBase);
static const char* const timer_result_table[_TIMER_RESULT_MAX] = {
- [TIMER_SUCCESS] = "success",
- [TIMER_FAILURE_RESOURCES] = "resources",
- [TIMER_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
- [TIMER_FAILURE_UNIT_CONDITION_FAILED] = "unit-condition-failed",
+ [TIMER_SUCCESS] = "success",
+ [TIMER_FAILURE_RESOURCES] = "resources",
+ [TIMER_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
};
DEFINE_STRING_TABLE_LOOKUP(timer_result, TimerResult);
diff --git a/src/core/timer.h b/src/core/timer.h
index d23e19d622..833aadb0b8 100644
--- a/src/core/timer.h
+++ b/src/core/timer.h
@@ -32,7 +32,6 @@ typedef enum TimerResult {
TIMER_SUCCESS,
TIMER_FAILURE_RESOURCES,
TIMER_FAILURE_START_LIMIT_HIT,
- TIMER_FAILURE_UNIT_CONDITION_FAILED,
_TIMER_RESULT_MAX,
_TIMER_RESULT_INVALID = -1
} TimerResult;
diff --git a/src/core/unit.c b/src/core/unit.c
index 0810bf5a58..dfe0c243ef 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5661,16 +5661,6 @@ int unit_thaw_vtable_common(Unit *u) {
return unit_cgroup_freezer_action(u, FREEZER_THAW);
}
-bool unit_has_failed_condition_or_assert(Unit *u) {
- if (dual_timestamp_is_set(&u->condition_timestamp) && !u->condition_result)
- return true;
-
- if (dual_timestamp_is_set(&u->assert_timestamp) && !u->assert_result)
- return true;
-
- return false;
-}
-
static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
[COLLECT_INACTIVE] = "inactive",
[COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
diff --git a/src/core/unit.h b/src/core/unit.h
index a924bd2e83..b8b914711f 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -847,8 +847,6 @@ void unit_thawed(Unit *u);
int unit_freeze_vtable_common(Unit *u);
int unit_thaw_vtable_common(Unit *u);
-bool unit_has_failed_condition_or_assert(Unit *u);
-
/* Macros which append UNIT= or USER_UNIT= to the message */
#define log_unit_full(unit, level, error, ...) \

137
SOURCES/0809-core-Check-unit-start-rate-limiting-earlier.patch Normal file
View File

@ -0,0 +1,137 @@
From e393372ad5ba67acb9b397f044efdb1c9a100644 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 24 Aug 2021 16:46:47 +0100
Subject: [PATCH] core: Check unit start rate limiting earlier
[dtardon: This adds the test that's been left out by commit
471eda89a25a3ceac91a2d05e39a54aae78038ed]
(cherry picked from commit 9727f2427ff6b2e1f4ab927cc57ad8e888f04e95)
Related: #2114005
---
test/TEST-10-ISSUE-2467/test.sh | 3 ++
test/TEST-63-ISSUE-17433/Makefile | 1 +
test/TEST-63-ISSUE-17433/test.sh | 42 ++++++++++++++++++++++
test/TEST-63-ISSUE-17433/test63.path | 2 ++
test/TEST-63-ISSUE-17433/test63.service | 5 +++
test/TEST-63-ISSUE-17433/testsuite.service | 17 +++++++++
6 files changed, 70 insertions(+)
create mode 120000 test/TEST-63-ISSUE-17433/Makefile
create mode 100755 test/TEST-63-ISSUE-17433/test.sh
create mode 100644 test/TEST-63-ISSUE-17433/test63.path
create mode 100644 test/TEST-63-ISSUE-17433/test63.service
create mode 100644 test/TEST-63-ISSUE-17433/testsuite.service
diff --git a/test/TEST-10-ISSUE-2467/test.sh b/test/TEST-10-ISSUE-2467/test.sh
index 0e61236686..a839ef79de 100755
--- a/test/TEST-10-ISSUE-2467/test.sh
+++ b/test/TEST-10-ISSUE-2467/test.sh
@@ -42,6 +42,9 @@ EOF
[Unit]
Requires=test.socket
ConditionPathExistsGlob=/tmp/nonexistent
+# Make sure we hit the socket trigger limit in the test and not the service start limit.
+StartLimitInterval=1000
+StartLimitBurst=1000
[Service]
ExecStart=/bin/true
diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile
new file mode 120000
index 0000000000..e9f93b1104
--- /dev/null
+++ b/test/TEST-63-ISSUE-17433/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh
new file mode 100755
index 0000000000..406a1e214c
--- /dev/null
+++ b/test/TEST-63-ISSUE-17433/test.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -e
+
+TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+test_setup() {
+ create_empty_image
+ mkdir -p $TESTDIR/root
+ mount ${LOOPDEV}p1 $TESTDIR/root
+
+ # Create what will eventually be our root filesystem onto an overlay
+ (
+ LOG_LEVEL=5
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+ setup_basic_environment
+
+ # setup the testsuite service
+ cp testsuite.service $initdir/etc/systemd/system/testsuite.service
+
+ cp test63.path $initdir/etc/systemd/system/test63.path
+ cp test63.service $initdir/etc/systemd/system/test63.service
+
+ setup_testsuite
+ ) || return 1
+ setup_nspawn_root
+
+ # mask some services that we do not want to run in these tests
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
+
+ ddebug "umount $TESTDIR/root"
+ umount $TESTDIR/root
+}
+
+do_test "$@"
diff --git a/test/TEST-63-ISSUE-17433/test63.path b/test/TEST-63-ISSUE-17433/test63.path
new file mode 100644
index 0000000000..a6573bda0a
--- /dev/null
+++ b/test/TEST-63-ISSUE-17433/test63.path
@@ -0,0 +1,2 @@
+[Path]
+PathExists=/tmp/test63
diff --git a/test/TEST-63-ISSUE-17433/test63.service b/test/TEST-63-ISSUE-17433/test63.service
new file mode 100644
index 0000000000..c83801874d
--- /dev/null
+++ b/test/TEST-63-ISSUE-17433/test63.service
@@ -0,0 +1,5 @@
+[Unit]
+ConditionPathExists=!/tmp/nonexistent
+
+[Service]
+ExecStart=true
diff --git a/test/TEST-63-ISSUE-17433/testsuite.service b/test/TEST-63-ISSUE-17433/testsuite.service
new file mode 100644
index 0000000000..d3ca5b002b
--- /dev/null
+++ b/test/TEST-63-ISSUE-17433/testsuite.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=TEST-63-ISSUE-17433
+
+[Service]
+ExecStartPre=rm -f /failed /testok
+Type=oneshot
+ExecStart=rm -f /tmp/nonexistent
+ExecStart=systemctl start test63.path
+ExecStart=touch /tmp/test63
+# Make sure systemd has sufficient time to hit the start limit for test63.service.
+ExecStart=sleep 2
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = failed'
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = start-limit-hit'
+# FIXME: The path remains active, which it should not
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = failed'
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = unit-start-limit-hit'
+ExecStart=sh -x -c 'echo OK >/testok'

127
SOURCES/0810-core-Add-trigger-limit-for-path-units.patch Normal file
View File

@ -0,0 +1,127 @@
From 9d3f5e5d222308d29aad9bf7b2bfc440143a8606 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 17 Dec 2021 20:01:31 +0100
Subject: [PATCH] core: Add trigger limit for path units
When conditions fail on a service unit, a path unit can cause
PID 1 to busy loop as it keeps trying to activate the service unit.
To avoid this from happening, add a trigger limit to the path unit,
identical to the trigger limit we have for socket units.
Initially, let's start with a high limit and not make it configurable.
If needed, we can add properties to configure the rate limit similar
to the ones we have for socket units.
(cherry picked from commit aaae822b37aa3ca39aebb516fdc6bef36d730c25)
Resolves: #2114005
---
src/core/path.c | 10 ++++++++++
src/core/path.h | 3 +++
test/TEST-63-ISSUE-17433/test63.service | 2 +-
test/TEST-63-ISSUE-17433/testsuite.service | 21 +++++++++++++++++----
4 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/src/core/path.c b/src/core/path.c
index c2facf0b16..b899bde0de 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -238,6 +238,9 @@ static void path_init(Unit *u) {
assert(u->load_state == UNIT_STUB);
p->directory_mode = 0755;
+
+ p->trigger_limit.interval = 2 * USEC_PER_SEC;
+ p->trigger_limit.burst = 200;
}
void path_free_specs(Path *p) {
@@ -467,6 +470,12 @@ static void path_enter_running(Path *p) {
if (unit_stop_pending(UNIT(p)))
return;
+ if (!ratelimit_below(&p->trigger_limit)) {
+ log_unit_warning(UNIT(p), "Trigger limit hit, refusing further activation.");
+ path_enter_dead(p, PATH_FAILURE_TRIGGER_LIMIT_HIT);
+ return;
+ }
+
trigger = UNIT_TRIGGER(UNIT(p));
if (!trigger) {
log_unit_error(UNIT(p), "Unit to trigger vanished.");
@@ -767,6 +776,7 @@ static const char* const path_result_table[_PATH_RESULT_MAX] = {
[PATH_FAILURE_RESOURCES] = "resources",
[PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
[PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
+ [PATH_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
};
DEFINE_STRING_TABLE_LOOKUP(path_result, PathResult);
diff --git a/src/core/path.h b/src/core/path.h
index 8a69f06c13..12fd13fbe3 100644
--- a/src/core/path.h
+++ b/src/core/path.h
@@ -46,6 +46,7 @@ typedef enum PathResult {
PATH_FAILURE_RESOURCES,
PATH_FAILURE_START_LIMIT_HIT,
PATH_FAILURE_UNIT_START_LIMIT_HIT,
+ PATH_FAILURE_TRIGGER_LIMIT_HIT,
_PATH_RESULT_MAX,
_PATH_RESULT_INVALID = -1
} PathResult;
@@ -63,6 +64,8 @@ struct Path {
mode_t directory_mode;
PathResult result;
+
+ RateLimit trigger_limit;
};
void path_free_specs(Path *p);
diff --git a/test/TEST-63-ISSUE-17433/test63.service b/test/TEST-63-ISSUE-17433/test63.service
index c83801874d..6292434c5c 100644
--- a/test/TEST-63-ISSUE-17433/test63.service
+++ b/test/TEST-63-ISSUE-17433/test63.service
@@ -1,5 +1,5 @@
[Unit]
-ConditionPathExists=!/tmp/nonexistent
+ConditionPathExists=/tmp/nonexistent
[Service]
ExecStart=true
diff --git a/test/TEST-63-ISSUE-17433/testsuite.service b/test/TEST-63-ISSUE-17433/testsuite.service
index d3ca5b002b..39f9643890 100644
--- a/test/TEST-63-ISSUE-17433/testsuite.service
+++ b/test/TEST-63-ISSUE-17433/testsuite.service
@@ -4,14 +4,27 @@ Description=TEST-63-ISSUE-17433
[Service]
ExecStartPre=rm -f /failed /testok
Type=oneshot
+
+# Test that a path unit continuously triggering a service that fails condition checks eventually fails with
+# the trigger-limit-hit error.
ExecStart=rm -f /tmp/nonexistent
ExecStart=systemctl start test63.path
ExecStart=touch /tmp/test63
-# Make sure systemd has sufficient time to hit the start limit for test63.service.
+# Make sure systemd has sufficient time to hit the trigger limit for test63.path.
ExecStart=sleep 2
-ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = failed'
-ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = start-limit-hit'
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = inactive'
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = success'
# FIXME: The path remains active, which it should not
# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = failed'
-# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = unit-start-limit-hit'
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = trigger-limit-hit'
+
+# Test that starting the service manually doesn't affect the path unit.
+ExecStart=rm -f /tmp/test63
+ExecStart=systemctl reset-failed
+ExecStart=systemctl start test63.path
+ExecStart=systemctl start test63.service
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = inactive'
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = success'
+ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = active'
+ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = success'
ExecStart=sh -x -c 'echo OK >/testok'

680
SOURCES/0811-meson-add-syscall-names-update-target.patch Normal file
View File

@ -0,0 +1,680 @@
From f20ccc0d505eccd59bb3814f59a63ea036be5bd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Aug 2020 16:27:20 +0200
Subject: [PATCH] meson: add syscall-names-update target
The calls to find_program("tools/*") are moved earlier so they can be used
in libshared/ (and it doesn't make sense to split them).
(cherry picked from commit 47354b440e90626c320d8f142cb742ff569e3a40)
Related: #2040247
---
meson.build | 13 +-
src/shared/meson.build | 6 +
src/shared/syscall-names.text | 597 ++++++++++++++++++++++++++++++++++
tools/syscall-names-update.sh | 6 +
4 files changed, 617 insertions(+), 5 deletions(-)
create mode 100644 src/shared/syscall-names.text
create mode 100755 tools/syscall-names-update.sh
diff --git a/meson.build b/meson.build
index 57de947367..6729a9ea5e 100644
--- a/meson.build
+++ b/meson.build
@@ -1417,6 +1417,14 @@ install_libsystemd_static = static_library(
############################################################
+hwdb_update_sh = find_program('tools/meson-hwdb-update.sh')
+make_directive_index_py = find_program('tools/make-directive-index.py')
+make_man_index_py = find_program('tools/make-man-index.py')
+syscall_names_update_sh = find_program('tools/syscall-names-update.sh')
+xml_helper_py = find_program('tools/xml_helper.py')
+
+############################################################
+
# binaries that have --help and are intended for use by humans,
# usually, but not always, installed in /bin.
public_programs = []
@@ -2721,11 +2729,6 @@ run_target('fuzzers',
############################################################
-make_directive_index_py = find_program('tools/make-directive-index.py')
-make_man_index_py = find_program('tools/make-man-index.py')
-xml_helper_py = find_program('tools/xml_helper.py')
-hwdb_update_sh = find_program('tools/meson-hwdb-update.sh')
-
subdir('units')
subdir('sysctl.d')
subdir('sysusers.d')
diff --git a/src/shared/meson.build b/src/shared/meson.build
index d0a1bba4c6..c9dd0a3a4e 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -165,3 +165,9 @@ libshared = shared_library(
dependencies : libshared_deps,
install : true,
install_dir : rootlibexecdir)
+
+############################################################
+
+run_target(
+ 'syscall-names-update',
+ command : [syscall_names_update_sh, meson.current_source_dir()])
diff --git a/src/shared/syscall-names.text b/src/shared/syscall-names.text
new file mode 100644
index 0000000000..40d18a8894
--- /dev/null
+++ b/src/shared/syscall-names.text
@@ -0,0 +1,597 @@
+_llseek
+_newselect
+_sysctl
+accept
+accept4
+access
+acct
+add_key
+adjtimex
+alarm
+arc_gettls
+arc_settls
+arc_usr_cmpxchg
+arch_prctl
+arm_fadvise64_64
+arm_sync_file_range
+atomic_barrier
+atomic_cmpxchg_32
+bdflush
+bfin_spinlock
+bind
+bpf
+brk
+cache_sync
+cachectl
+cacheflush
+capget
+capset
+chdir
+chmod
+chown
+chown32
+chroot
+clock_adjtime
+clock_adjtime64
+clock_getres
+clock_getres_time64
+clock_gettime
+clock_gettime64
+clock_nanosleep
+clock_nanosleep_time64
+clock_settime
+clock_settime64
+clone
+clone2
+clone3
+close
+close_range
+connect
+copy_file_range
+creat
+create_module
+delete_module
+dipc
+dup
+dup2
+dup3
+epoll_create
+epoll_create1
+epoll_ctl
+epoll_ctl_old
+epoll_pwait
+epoll_wait
+epoll_wait_old
+eventfd
+eventfd2
+exec_with_loader
+execv
+execve
+execveat
+exit
+exit_group
+faccessat
+faccessat2
+fadvise64
+fadvise64_64
+fallocate
+fanotify_init
+fanotify_mark
+fchdir
+fchmod
+fchmodat
+fchown
+fchown32
+fchownat
+fcntl
+fcntl64
+fdatasync
+fgetxattr
+finit_module
+flistxattr
+flock
+fork
+fp_udfiex_crtl
+fremovexattr
+fsconfig
+fsetxattr
+fsmount
+fsopen
+fspick
+fstat
+fstat64
+fstatat64
+fstatfs
+fstatfs64
+fsync
+ftruncate
+ftruncate64
+futex
+futex_time64
+futimesat
+get_kernel_syms
+get_mempolicy
+get_robust_list
+get_thread_area
+getcpu
+getcwd
+getdents
+getdents64
+getdomainname
+getdtablesize
+getegid
+getegid32
+geteuid
+geteuid32
+getgid
+getgid32
+getgroups
+getgroups32
+gethostname
+getitimer
+getpagesize
+getpeername
+getpgid
+getpgrp
+getpid
+getpmsg
+getppid
+getpriority
+getrandom
+getresgid
+getresgid32
+getresuid
+getresuid32
+getrlimit
+getrusage
+getsid
+getsockname
+getsockopt
+gettid
+gettimeofday
+getuid
+getuid32
+getunwind
+getxattr
+getxgid
+getxpid
+getxuid
+idle
+init_module
+inotify_add_watch
+inotify_init
+inotify_init1
+inotify_rm_watch
+io_cancel
+io_destroy
+io_getevents
+io_pgetevents
+io_pgetevents_time64
+io_setup
+io_submit
+io_uring_enter
+io_uring_register
+io_uring_setup
+ioctl
+ioperm
+iopl
+ioprio_get
+ioprio_set
+ipc
+kcmp
+kern_features
+kexec_file_load
+kexec_load
+keyctl
+kill
+lchown
+lchown32
+lgetxattr
+link
+linkat
+listen
+listxattr
+llistxattr
+lookup_dcookie
+lremovexattr
+lseek
+lsetxattr
+lstat
+lstat64
+madvise
+mbind
+membarrier
+memfd_create
+memory_ordering
+migrate_pages
+mincore
+mkdir
+mkdirat
+mknod
+mknodat
+mlock
+mlock2
+mlockall
+mmap
+mmap2
+modify_ldt
+mount
+move_mount
+move_pages
+mprotect
+mq_getsetattr
+mq_notify
+mq_open
+mq_timedreceive
+mq_timedreceive_time64
+mq_timedsend
+mq_timedsend_time64
+mq_unlink
+mremap
+msgctl
+msgget
+msgrcv
+msgsnd
+msync
+multiplexer
+munlock
+munlockall
+munmap
+name_to_handle_at
+nanosleep
+newfstatat
+nfsservctl
+ni_syscall
+nice
+old_adjtimex
+old_getpagesize
+oldfstat
+oldlstat
+oldolduname
+oldstat
+oldumount
+olduname
+open
+open_by_handle_at
+open_tree
+openat
+openat2
+or1k_atomic
+osf_adjtime
+osf_afs_syscall
+osf_alt_plock
+osf_alt_setsid
+osf_alt_sigpending
+osf_asynch_daemon
+osf_audcntl
+osf_audgen
+osf_chflags
+osf_execve
+osf_exportfs
+osf_fchflags
+osf_fdatasync
+osf_fpathconf
+osf_fstat
+osf_fstatfs
+osf_fstatfs64
+osf_fuser
+osf_getaddressconf
+osf_getdirentries
+osf_getdomainname
+osf_getfh
+osf_getfsstat
+osf_gethostid
+osf_getitimer
+osf_getlogin
+osf_getmnt
+osf_getrusage
+osf_getsysinfo
+osf_gettimeofday
+osf_kloadcall
+osf_kmodcall
+osf_lstat
+osf_memcntl
+osf_mincore
+osf_mount
+osf_mremap
+osf_msfs_syscall
+osf_msleep
+osf_mvalid
+osf_mwakeup
+osf_naccept
+osf_nfssvc
+osf_ngetpeername
+osf_ngetsockname
+osf_nrecvfrom
+osf_nrecvmsg
+osf_nsendmsg
+osf_ntp_adjtime
+osf_ntp_gettime
+osf_old_creat
+osf_old_fstat
+osf_old_getpgrp
+osf_old_killpg
+osf_old_lstat
+osf_old_open
+osf_old_sigaction
+osf_old_sigblock
+osf_old_sigreturn
+osf_old_sigsetmask
+osf_old_sigvec
+osf_old_stat
+osf_old_vadvise
+osf_old_vtrace
+osf_old_wait
+osf_oldquota
+osf_pathconf
+osf_pid_block
+osf_pid_unblock
+osf_plock
+osf_priocntlset
+osf_profil
+osf_proplist_syscall
+osf_reboot
+osf_revoke
+osf_sbrk
+osf_security
+osf_select
+osf_set_program_attributes
+osf_set_speculative
+osf_sethostid
+osf_setitimer
+osf_setlogin
+osf_setsysinfo
+osf_settimeofday
+osf_shmat
+osf_signal
+osf_sigprocmask
+osf_sigsendset
+osf_sigstack
+osf_sigwaitprim
+osf_sstk
+osf_stat
+osf_statfs
+osf_statfs64
+osf_subsys_info
+osf_swapctl
+osf_swapon
+osf_syscall
+osf_sysinfo
+osf_table
+osf_uadmin
+osf_usleep_thread
+osf_uswitch
+osf_utc_adjtime
+osf_utc_gettime
+osf_utimes
+osf_utsname
+osf_wait4
+osf_waitid
+pause
+pciconfig_iobase
+pciconfig_read
+pciconfig_write
+perf_event_open
+perfctr
+perfmonctl
+personality
+pidfd_getfd
+pidfd_open
+pidfd_send_signal
+pipe
+pipe2
+pivot_root
+pkey_alloc
+pkey_free
+pkey_mprotect
+poll
+ppoll
+ppoll_time64
+prctl
+pread64
+preadv
+preadv2
+prlimit64
+process_vm_readv
+process_vm_writev
+pselect6
+pselect6_time64
+ptrace
+pwrite64
+pwritev
+pwritev2
+query_module
+quotactl
+read
+readahead
+readdir
+readlink
+readlinkat
+readv
+reboot
+recv
+recvfrom
+recvmmsg
+recvmmsg_time64
+recvmsg
+remap_file_pages
+removexattr
+rename
+renameat
+renameat2
+request_key
+restart_syscall
+riscv_flush_icache
+rmdir
+rseq
+rt_sigaction
+rt_sigpending
+rt_sigprocmask
+rt_sigqueueinfo
+rt_sigreturn
+rt_sigsuspend
+rt_sigtimedwait
+rt_sigtimedwait_time64
+rt_tgsigqueueinfo
+rtas
+s390_guarded_storage
+s390_pci_mmio_read
+s390_pci_mmio_write
+s390_runtime_instr
+s390_sthyi
+sched_get_affinity
+sched_get_priority_max
+sched_get_priority_min
+sched_getaffinity
+sched_getattr
+sched_getparam
+sched_getscheduler
+sched_rr_get_interval
+sched_rr_get_interval_time64
+sched_set_affinity
+sched_setaffinity
+sched_setattr
+sched_setparam
+sched_setscheduler
+sched_yield
+seccomp
+select
+semctl
+semget
+semop
+semtimedop
+semtimedop_time64
+send
+sendfile
+sendfile64
+sendmmsg
+sendmsg
+sendto
+set_mempolicy
+set_robust_list
+set_thread_area
+set_tid_address
+setdomainname
+setfsgid
+setfsgid32
+setfsuid
+setfsuid32
+setgid
+setgid32
+setgroups
+setgroups32
+sethae
+sethostname
+setitimer
+setns
+setpgid
+setpgrp
+setpriority
+setregid
+setregid32
+setresgid
+setresgid32
+setresuid
+setresuid32
+setreuid
+setreuid32
+setrlimit
+setsid
+setsockopt
+settimeofday
+setuid
+setuid32
+setxattr
+sgetmask
+shmat
+shmctl
+shmdt
+shmget
+shutdown
+sigaction
+sigaltstack
+signal
+signalfd
+signalfd4
+sigpending
+sigprocmask
+sigreturn
+sigsuspend
+socket
+socketcall
+socketpair
+splice
+spu_create
+spu_run
+ssetmask
+stat
+stat64
+statfs
+statfs64
+statx
+stime
+subpage_prot
+swapcontext
+swapoff
+swapon
+switch_endian
+symlink
+symlinkat
+sync
+sync_file_range
+sync_file_range2
+syncfs
+sys_debug_setcontext
+syscall
+sysfs
+sysinfo
+syslog
+sysmips
+tee
+tgkill
+time
+timer_create
+timer_delete
+timer_getoverrun
+timer_gettime
+timer_gettime64
+timer_settime
+timer_settime64
+timerfd
+timerfd_create
+timerfd_gettime
+timerfd_gettime64
+timerfd_settime
+timerfd_settime64
+times
+tkill
+truncate
+truncate64
+udftrap
+ugetrlimit
+umask
+umount
+umount2
+uname
+unlink
+unlinkat
+unshare
+uselib
+userfaultfd
+ustat
+utime
+utimensat
+utimensat_time64
+utimes
+utimesat
+utrap_install
+vfork
+vhangup
+vm86
+vm86old
+vmsplice
+wait4
+waitid
+waitpid
+write
+writev
diff --git a/tools/syscall-names-update.sh b/tools/syscall-names-update.sh
new file mode 100755
index 0000000000..c884b93cda
--- /dev/null
+++ b/tools/syscall-names-update.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+
+cd "$1"
+
+curl -L -o syscall-names.text 'https://raw.githubusercontent.com/hrw/syscalls-table/master/syscall-names.text'

27
SOURCES/0812-syscall-names-add-process_madvise-which-is-planned-f.patch Normal file
View File

@ -0,0 +1,27 @@
From bcc0f8bfbc0ea220895c1d3a8bf2d3124ddcef16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 25 Oct 2020 13:54:20 +0100
Subject: [PATCH] syscall-names: add process_madvise which is planned for 5.10
It was added in v5.9-11793-gecb8ac8b1f and is still present in v5.10-rc1, so it
seems likely that it'll be in 5.10 too.
(cherry picked from commit 397cca2453465d4ad5a51b16ad71acf45a3de352)
Related: #2040247
---
src/shared/syscall-names.text | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/syscall-names.text b/src/shared/syscall-names.text
index 40d18a8894..f1b7e29d50 100644
--- a/src/shared/syscall-names.text
+++ b/src/shared/syscall-names.text
@@ -392,6 +392,7 @@ pread64
preadv
preadv2
prlimit64
+process_madvise
process_vm_readv
process_vm_writev
pselect6

157
SOURCES/0813-shared-add-known-syscall-list.patch Normal file
View File

@ -0,0 +1,157 @@
From f3c6abebbe4718085fcf17ed3ab0690e379fbb7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 19 Aug 2020 17:43:23 +0200
Subject: [PATCH] shared: add @known syscall list
(cherry picked from commit 95aac01259db689dac7d8e5bfafb60e8c70cd734)
Related: #2040247
---
man/systemd.exec.xml | 4 ++++
src/shared/generate-syscall-list.py | 5 +++++
src/shared/meson.build | 11 +++++++++++
src/shared/seccomp-util.c | 6 ++++++
src/shared/seccomp-util.h | 3 ++-
src/test/test-seccomp.c | 19 ++++++++++++-------
6 files changed, 40 insertions(+), 8 deletions(-)
create mode 100755 src/shared/generate-syscall-list.py
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index dc88cf9781..b04b4ba552 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1556,6 +1556,10 @@ RestrictNamespaces=~cgroup net</programlisting>
<entry>@timer</entry>
<entry>System calls for scheduling operations by time (<citerefentry project='man-pages'><refentrytitle>alarm</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>timer_create</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
</row>
+ <row>
+ <entry>@known</entry>
+ <entry>All system calls defined by the kernel. This list is defined statically in systemd based on a kernel version that was available when this systmed version was released. It will become progressively more out-of-date as the kernel is updated.</entry>
+ </row>
</tbody>
</tgroup>
</table>
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
new file mode 100755
index 0000000000..13a6ae9241
--- /dev/null
+++ b/src/shared/generate-syscall-list.py
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+import sys
+
+for line in open(sys.argv[1]):
+ print('"{}\\0"'.format(line.strip()))
diff --git a/src/shared/meson.build b/src/shared/meson.build
index c9dd0a3a4e..fed08571d1 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -109,6 +109,16 @@ shared_sources = files('''
test_tables_h = files('test-tables.h')
shared_sources += [test_tables_h]
+generate_syscall_list = find_program('generate-syscall-list.py')
+fname = 'syscall-list.h'
+syscall_list_h = custom_target(
+ fname,
+ input : 'syscall-names.text',
+ output : fname,
+ command : [generate_syscall_list,
+ '@INPUT@'],
+ capture : true)
+
if conf.get('HAVE_ACL') == 1
shared_sources += files('acl-util.c')
endif
@@ -119,6 +129,7 @@ endif
if conf.get('HAVE_SECCOMP') == 1
shared_sources += files('seccomp-util.c')
+ shared_sources += syscall_list_h
endif
if conf.get('HAVE_LIBIPTC') == 1
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index c57c409433..c2b2f2da92 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -855,6 +855,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"timerfd_settime\0"
"times\0"
},
+ [SYSCALL_FILTER_SET_KNOWN] = {
+ .name = "@known",
+ .help = "All known syscalls declared in the kernel",
+ .value =
+#include "syscall-list.h"
+ },
};
const SyscallFilterSet *syscall_filter_set_find(const char *name) {
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 602f092255..541ba1e067 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -21,7 +21,7 @@ typedef struct SyscallFilterSet {
} SyscallFilterSet;
enum {
- /* Please leave DEFAULT first, but sort the rest alphabetically */
+ /* Please leave DEFAULT first and KNOWN last, but sort the rest alphabetically */
SYSCALL_FILTER_SET_DEFAULT,
SYSCALL_FILTER_SET_AIO,
SYSCALL_FILTER_SET_BASIC_IO,
@@ -49,6 +49,7 @@ enum {
SYSCALL_FILTER_SET_SYNC,
SYSCALL_FILTER_SET_SYSTEM_SERVICE,
SYSCALL_FILTER_SET_TIMER,
+ SYSCALL_FILTER_SET_KNOWN,
_SYSCALL_FILTER_SET_MAX
};
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 6ec04c4c55..286f01b5ce 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -106,8 +106,10 @@ static void test_filter_sets(void) {
if (pid == 0) { /* Child? */
int fd;
- /* If we look at the default set (or one that includes it), whitelist instead of blacklist */
- if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
+ /* If we look at the default set (or one that includes it), allow-list instead of deny-list */
+ if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT,
+ SYSCALL_FILTER_SET_SYSTEM_SERVICE,
+ SYSCALL_FILTER_SET_KNOWN))
r = seccomp_load_syscall_filter_set(SCMP_ACT_ERRNO(EUCLEAN), syscall_filter_sets + i, SCMP_ACT_ALLOW, true);
else
r = seccomp_load_syscall_filter_set(SCMP_ACT_ALLOW, syscall_filter_sets + i, SCMP_ACT_ERRNO(EUCLEAN), true);
@@ -639,20 +641,23 @@ static void test_lock_personality(void) {
}
static void test_filter_sets_ordered(void) {
- size_t i;
-
/* Ensure "@default" always remains at the beginning of the list */
assert_se(SYSCALL_FILTER_SET_DEFAULT == 0);
assert_se(streq(syscall_filter_sets[0].name, "@default"));
- for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
+ /* Ensure "@known" always remains at the end of the list */
+ assert_se(SYSCALL_FILTER_SET_KNOWN == _SYSCALL_FILTER_SET_MAX - 1);
+ assert_se(streq(syscall_filter_sets[SYSCALL_FILTER_SET_KNOWN].name, "@known"));
+
+ for (size_t i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
const char *k, *p = NULL;
/* Make sure each group has a description */
assert_se(!isempty(syscall_filter_sets[0].help));
- /* Make sure the groups are ordered alphabetically, except for the first entry */
- assert_se(i < 2 || strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0);
+ /* Make sure the groups are ordered alphabetically, except for the first and last entries */
+ assert_se(i < 2 || i == _SYSCALL_FILTER_SET_MAX - 1 ||
+ strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0);
NULSTR_FOREACH(k, syscall_filter_sets[i].value) {

24
SOURCES/0814-generate-syscall-list-require-python3.patch Normal file
View File

@ -0,0 +1,24 @@
From da722bc383c359b77fab671a0e7872fe4c0232ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 22 Aug 2020 16:07:05 +0200
Subject: [PATCH] generate-syscall-list: require python3
Python3.4 works, but 2.7 returns a tuple from os.uname().
(cherry picked from commit 8694114b809f92f6a882134f3635aa42bfb41e11)
Related: #2040247
---
src/shared/generate-syscall-list.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
index 13a6ae9241..0b90d2d276 100755
--- a/src/shared/generate-syscall-list.py
+++ b/src/shared/generate-syscall-list.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
import sys
for line in open(sys.argv[1]):

82
SOURCES/0815-shared-seccomp-reduce-scope-of-indexing-variables.patch Normal file
View File

@ -0,0 +1,82 @@
From 64705366e134f06438e88f0b7fbef341d0a01431 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 19 Aug 2020 17:43:40 +0200
Subject: [PATCH] shared/seccomp: reduce scope of indexing variables
(cherry picked from commit 077e8fc0cad5a4532348d20a1eef8621295dd75a)
Related: #2040247
---
src/shared/seccomp-util.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index c2b2f2da92..4d2ba31d47 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -864,12 +864,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
};
const SyscallFilterSet *syscall_filter_set_find(const char *name) {
- unsigned i;
-
if (isempty(name) || name[0] != '@')
return NULL;
- for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
+ for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
if (streq(syscall_filter_sets[i].name, name))
return syscall_filter_sets + i;
@@ -1105,7 +1103,6 @@ int seccomp_restrict_namespaces(unsigned long retain) {
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
- unsigned i;
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
@@ -1135,7 +1132,7 @@ int seccomp_restrict_namespaces(unsigned long retain) {
continue;
}
- for (i = 0; namespace_flag_map[i].name; i++) {
+ for (unsigned i = 0; namespace_flag_map[i].name; i++) {
unsigned long f;
f = namespace_flag_map[i].flag;
@@ -1288,7 +1285,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
return r;
if (whitelist) {
- int af, first = 0, last = 0;
+ int first = 0, last = 0;
void *afp;
/* If this is a whitelist, we first block the address families that are out of range and then
@@ -1296,7 +1293,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
* the set. */
SET_FOREACH(afp, address_families, i) {
- af = PTR_TO_INT(afp);
+ int af = PTR_TO_INT(afp);
if (af <= 0 || af >= af_max())
continue;
@@ -1350,7 +1347,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
}
/* Block everything between the first and last entry */
- for (af = 1; af < af_max(); af++) {
+ for (int af = 1; af < af_max(); af++) {
if (set_contains(address_families, INT_TO_PTR(af)))
continue;
@@ -1378,7 +1375,6 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
* checks. */
SET_FOREACH(af, address_families, i) {
-
r = seccomp_rule_add_exact(
seccomp,
SCMP_ACT_ERRNO(EAFNOSUPPORT),

32
SOURCES/0816-shared-syscall-list-filter-out-some-obviously-platfo.patch Normal file
View File

@ -0,0 +1,32 @@
From 2e33a4ffdd54de1f88c3cd37ca5ace94a637b1dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 19 Aug 2020 17:46:30 +0200
Subject: [PATCH] shared/syscall-list: filter out some obviously
platform-specific syscalls
(cherry picked from commit 752fedbea7c02c82287c7ff2a4139f528b3f7ba8)
Related: #2040247
---
src/shared/generate-syscall-list.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
index 0b90d2d276..030c3feec4 100755
--- a/src/shared/generate-syscall-list.py
+++ b/src/shared/generate-syscall-list.py
@@ -1,5 +1,14 @@
#!/usr/bin/env python3
import sys
+import os
+
+s390 = 's390' in os.uname().machine
+arm = 'arm' in os.uname().machine
for line in open(sys.argv[1]):
+ if line.startswith('s390_') and not s390:
+ continue
+ if line.startswith('arm_') and not arm:
+ continue
+
print('"{}\\0"'.format(line.strip()))

123
SOURCES/0817-seccomp-tighten-checking-of-seccomp-filter-creation.patch Normal file
View File

@ -0,0 +1,123 @@
From 42ed3377b5817f2c1f84e1bdca301ea51ecc3299 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 20 Sep 2018 14:19:41 +0200
Subject: [PATCH] seccomp: tighten checking of seccomp filter creation
In seccomp code, the code is changed to propagate errors which are about
anything other than unknown/unimplemented syscalls. I *think* such errors
should not happen in normal usage, but so far we would summarilly ignore all
errors, so that part is uncertain. If it turns out that other errors occur and
should be ignored, this should be added later.
In nspawn, we would count the number of added filters, but didn't use this for
anything. Drop that part.
The comments suggested that seccomp_add_syscall_filter_item() returned negative
if the syscall is unknown, but this wasn't true: it returns 0.
The error at this point can only be if the syscall was known but couldn't be
added. If the error comes from our internal whitelist in nspawn, treat this as
error, because it means that our internal table is wrong. If the error comes
from user arguments, warn and ignore. (If some syscall is not known at current
architecture, it is still silently ignored.)
(cherry picked from commit 7e86bd73a47f2b8dd3d9a743e69fb0117f450ad8)
Related: #2040247
---
src/nspawn/nspawn-seccomp.c | 14 +++++---------
src/shared/seccomp-util.c | 26 ++++++++++++++++----------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index fba22644da..17abfcec26 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -140,7 +140,7 @@ static int seccomp_add_default_syscall_filter(
*/
};
- int r, c = 0;
+ int r;
size_t i;
char **p;
@@ -150,21 +150,17 @@ static int seccomp_add_default_syscall_filter(
r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false);
if (r < 0)
- /* If the system call is not known on this architecture, then that's fine, let's ignore it */
- log_debug_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", whitelist[i].name, seccomp_arch_to_string(arch));
- else
- c++;
+ return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
}
STRV_FOREACH(p, syscall_whitelist) {
r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false);
if (r < 0)
- log_debug_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch));
- else
- c++;
+ log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
+ *p, seccomp_arch_to_string(arch));
}
- return c;
+ return 0;
}
int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) {
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 4d2ba31d47..710a734715 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -907,9 +907,13 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
r = seccomp_rule_add_exact(seccomp, action, id, 0);
if (r < 0) {
/* If the system call is not known on this architecture, then that's fine, let's ignore it */
- if (log_missing)
- log_debug_errno(r, "Failed to add rule for system call %s() / %d, ignoring: %m",
- name, id);
+ bool ignore = r == -EDOM;
+
+ if (!ignore || log_missing)
+ log_debug_errno(r, "Failed to add rule for system call %s() / %d%s: %m",
+ name, id, ignore ? ", ignoring" : "");
+ if (!ignore)
+ return r;
}
return 0;
@@ -957,10 +961,8 @@ int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilter
return r;
r = seccomp_add_syscall_filter_set(seccomp, set, action, NULL, log_missing);
- if (r < 0) {
- log_debug_errno(r, "Failed to add filter set, ignoring: %m");
- continue;
- }
+ if (r < 0)
+ return log_debug_errno(r, "Failed to add filter set: %m");
r = seccomp_load(seccomp);
if (IN_SET(r, -EPERM, -EACCES))
@@ -1005,11 +1007,15 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u
if (r < 0) {
/* If the system call is not known on this architecture, then that's fine, let's ignore it */
_cleanup_free_ char *n = NULL;
+ bool ignore;
n = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, id);
- if (log_missing)
- log_debug_errno(r, "Failed to add rule for system call %s() / %d, ignoring: %m",
- strna(n), id);
+ ignore = r == -EDOM;
+ if (!ignore || log_missing)
+ log_debug_errno(r, "Failed to add rule for system call %s() / %d%s: %m",
+ strna(n), id, ignore ? ", ignoring" : "");
+ if (!ignore)
+ return r;
}
}

156
SOURCES/0818-shared-seccomp-util-added-functionality-to-make-list.patch Normal file
View File

@ -0,0 +1,156 @@
From eaad892c513806801e3d2055788fa202372b3f15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 21 Aug 2020 17:21:04 +0200
Subject: [PATCH] shared/seccomp-util: added functionality to make list of
filtred syscalls
While at it, start removing the "seccomp_" prefix from our
own functions. It is used by libseccomp.
(cherry picked from commit 000c05207d68658b76af9e1caf9aa3a4e3fa697b)
Related: #2040247
---
src/nspawn/nspawn-seccomp.c | 9 +++++++--
src/shared/seccomp-util.c | 39 ++++++++++++++++++++++++++++++-------
src/shared/seccomp-util.h | 8 +++++++-
3 files changed, 46 insertions(+), 10 deletions(-)
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 17abfcec26..2b4a65e875 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -148,13 +148,18 @@ static int seccomp_add_default_syscall_filter(
if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0)
continue;
- r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false);
+ r = seccomp_add_syscall_filter_item(ctx,
+ whitelist[i].name,
+ SCMP_ACT_ALLOW,
+ syscall_blacklist,
+ false,
+ NULL);
if (r < 0)
return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
}
STRV_FOREACH(p, syscall_whitelist) {
- r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false);
+ r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false, NULL);
if (r < 0)
log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
*p, seccomp_arch_to_string(arch));
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 710a734715..56075d92e0 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -874,15 +874,31 @@ const SyscallFilterSet *syscall_filter_set_find(const char *name) {
return NULL;
}
-static int seccomp_add_syscall_filter_set(scmp_filter_ctx seccomp, const SyscallFilterSet *set, uint32_t action, char **exclude, bool log_missing);
+static int add_syscall_filter_set(
+ scmp_filter_ctx seccomp,
+ const SyscallFilterSet *set,
+ uint32_t action,
+ char **exclude,
+ bool log_missing,
+ char ***added);
+
+int seccomp_add_syscall_filter_item(
+ scmp_filter_ctx *seccomp,
+ const char *name,
+ uint32_t action,
+ char **exclude,
+ bool log_missing,
+ char ***added) {
-int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name, uint32_t action, char **exclude, bool log_missing) {
assert(seccomp);
assert(name);
if (strv_contains(exclude, name))
return 0;
+ /* Any syscalls that are handled are added to the *added strv. The pointer
+ * must be either NULL or point to a valid pre-initialized possibly-empty strv. */
+
if (name[0] == '@') {
const SyscallFilterSet *other;
@@ -892,7 +908,7 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
return -EINVAL;
}
- return seccomp_add_syscall_filter_set(seccomp, other, action, exclude, log_missing);
+ return add_syscall_filter_set(seccomp, other, action, exclude, log_missing, added);
} else {
int id, r;
@@ -916,25 +932,34 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
return r;
}
+ if (added) {
+ r = strv_extend(added, name);
+ if (r < 0)
+ return r;
+ }
+
return 0;
}
}
-static int seccomp_add_syscall_filter_set(
+static int add_syscall_filter_set(
scmp_filter_ctx seccomp,
const SyscallFilterSet *set,
uint32_t action,
char **exclude,
- bool log_missing) {
+ bool log_missing,
+ char ***added) {
const char *sys;
int r;
+ /* Any syscalls that are handled are added to the *added strv. It needs to be initialized. */
+
assert(seccomp);
assert(set);
NULSTR_FOREACH(sys, set->value) {
- r = seccomp_add_syscall_filter_item(seccomp, sys, action, exclude, log_missing);
+ r = seccomp_add_syscall_filter_item(seccomp, sys, action, exclude, log_missing, added);
if (r < 0)
return r;
}
@@ -960,7 +985,7 @@ int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilter
if (r < 0)
return r;
- r = seccomp_add_syscall_filter_set(seccomp, set, action, NULL, log_missing);
+ r = add_syscall_filter_set(seccomp, set, action, NULL, log_missing, NULL);
if (r < 0)
return log_debug_errno(r, "Failed to add filter set: %m");
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 541ba1e067..291b2bffe0 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -59,7 +59,13 @@ const SyscallFilterSet *syscall_filter_set_find(const char *name);
int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set);
-int seccomp_add_syscall_filter_item(scmp_filter_ctx *ctx, const char *name, uint32_t action, char **exclude, bool log_missing);
+int seccomp_add_syscall_filter_item(
+ scmp_filter_ctx *ctx,
+ const char *name,
+ uint32_t action,
+ char **exclude,
+ bool log_missing,
+ char ***added);
int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilterSet *set, uint32_t action, bool log_missing);
int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, uint32_t action, bool log_missing);

77
SOURCES/0819-nspawn-return-ENOSYS-by-default-EPERM-for-known-call.patch Normal file
View File

@ -0,0 +1,77 @@
From 65d64ba146c30a5f205b650381f331fd8db2eb22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 21 Aug 2020 17:23:48 +0200
Subject: [PATCH] nspawn: return ENOSYS by default, EPERM for "known" calls
(cherry picked from commit 3573e032f26724949e86626eace058d006b8bf70)
Resolves: #2040247
---
src/nspawn/nspawn-seccomp.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 2b4a65e875..563cda140e 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -20,7 +20,7 @@
#if HAVE_SECCOMP
-static int seccomp_add_default_syscall_filter(
+static int add_syscall_filters(
scmp_filter_ctx ctx,
uint32_t arch,
uint64_t cap_list_retain,
@@ -140,6 +140,7 @@ static int seccomp_add_default_syscall_filter(
*/
};
+ _cleanup_strv_free_ char **added = NULL;
int r;
size_t i;
char **p;
@@ -153,18 +154,25 @@ static int seccomp_add_default_syscall_filter(
SCMP_ACT_ALLOW,
syscall_blacklist,
false,
- NULL);
+ &added);
if (r < 0)
return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
}
STRV_FOREACH(p, syscall_whitelist) {
- r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false, NULL);
+ r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true, &added);
if (r < 0)
log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
*p, seccomp_arch_to_string(arch));
}
+ /* The default action is ENOSYS. Respond with EPERM to all other "known" but not allow-listed
+ * syscalls. */
+ r = seccomp_add_syscall_filter_item(ctx, "@known", SCMP_ACT_ERRNO(EPERM), added, true, NULL);
+ if (r < 0)
+ log_warning_errno(r, "Failed to add rule for @known set on %s, ignoring: %m",
+ seccomp_arch_to_string(arch));
+
return 0;
}
@@ -182,11 +190,13 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
log_debug("Applying whitelist on architecture: %s", seccomp_arch_to_string(arch));
- r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(EPERM));
+ /* We install ENOSYS as the default action, but it will only apply to syscalls which are not
+ * in the @known set, see above. */
+ r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(ENOSYS));
if (r < 0)
return log_error_errno(r, "Failed to allocate seccomp object: %m");
- r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist);
+ r = add_syscall_filters(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist);
if (r < 0)
return r;

75
SOURCES/0820-test-procfs-util-skip-test-on-certain-errors.patch Normal file
View File

@ -0,0 +1,75 @@
From 33305c6801c10b741b11a3f329dc339d2e8c5514 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 18 Aug 2022 16:35:23 +0200
Subject: [PATCH] test-procfs-util: skip test on certain errors
Inspired by upstream bf47f71c1c
RHEL-only
Related: #2087152
---
src/shared/tests.c | 12 ++++++++++++
src/shared/tests.h | 2 ++
src/test/test-procfs-util.c | 6 ++++--
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/shared/tests.c b/src/shared/tests.c
index 1da80d653f..b1c71b992f 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -78,6 +78,18 @@ void test_setup_logging(int level) {
log_open();
}
+int log_tests_skipped(const char *message) {
+ log_notice("%s: %s, skipping tests.",
+ program_invocation_short_name, message);
+ return EXIT_TEST_SKIP;
+}
+
+int log_tests_skipped_errno(int r, const char *message) {
+ log_notice_errno(r, "%s: %s, skipping tests: %m",
+ program_invocation_short_name, message);
+ return EXIT_TEST_SKIP;
+}
+
const char *ci_environment(void) {
/* We return a string because we might want to provide multiple bits of information later on: not
* just the general CI environment type, but also whether we're sanitizing or not, etc. The caller is
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 4f8f349097..d50711338c 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -5,6 +5,8 @@ char* setup_fake_runtime_dir(void);
bool test_is_running_from_builddir(char **exedir);
const char* get_testdata_dir(void);
void test_setup_logging(int level);
+int log_tests_skipped(const char *message);
+int log_tests_skipped_errno(int r, const char *message);
/* Provide a convenient way to check if we're running in CI. */
const char *ci_environment(void);
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index d656c4df4f..aba5692e54 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -7,6 +7,7 @@
#include "procfs-util.h"
#include "process-util.h"
#include "util.h"
+#include "tests.h"
int main(int argc, char *argv[]) {
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
@@ -52,8 +53,9 @@ int main(int argc, char *argv[]) {
log_info("Reducing limit by one to %"PRIu64"…", v-1);
r = procfs_tasks_set_limit(v-1);
- log_info_errno(r, "procfs_tasks_set_limit: %m");
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
+ if (IN_SET(r, -ENOENT, -EROFS) || ERRNO_IS_PRIVILEGE(r))
+ return log_tests_skipped_errno(r, "can't set tasks limit");
+ assert_se(r >= 0);
assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(r >= 0 ? w == v - 1 : w == v);

69
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 62%{?dist}
Release: 65%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -841,7 +841,35 @@ Patch0788: 0788-test-replace-swear-words-by-hoge.patch
Patch0789: 0789-core-add-new-environment-variable-RUNTIME_DIRECTORY-.patch
Patch0790: 0790-test-execute-add-tests-for-RUNTIME_DIRECTORY-or-frie.patch
Patch0791: 0791-man-document-RUNTIME_DIRECTORY-or-friends.patch
Patch0792: 0792-ci-bump-the-worker-Ubuntu-version-to-Jammy.patch
Patch0793: 0793-test-make-test-execute-pass-on-Linux-5.15.patch
Patch0794: 0794-ci-install-iputils.patch
Patch0795: 0795-ci-Mergify-Add-ci-waived-logic.patch
Patch0796: 0796-sd-event-don-t-invalidate-source-type-on-disconnect.patch
Patch0797: 0797-tests-make-sure-we-delay-running-mount-start-jobs-wh.patch
Patch0798: 0798-core-drop-references-to-StandardOutputFileToCreate.patch
Patch0799: 0799-dbus-execute-fix-indentation.patch
Patch0800: 0800-dbus-execute-generate-the-correct-transient-unit-set.patch
Patch0801: 0801-bus-unit-util-properly-accept-StandardOutput-append-.patch
Patch0802: 0802-core-be-more-careful-when-inheriting-stdout-fds-to-s.patch
Patch0803: 0803-test-add-a-test-for-StandardError-file.patch
Patch0804: 0804-tree-wide-allow-ASCII-fallback-for-in-logs.patch
Patch0805: 0805-tree-wide-allow-ASCII-fallback-for-in-logs.patch
Patch0806: 0806-core-allow-to-set-default-timeout-for-devices.patch
Patch0807: 0807-man-document-DefaultDeviceTimeoutSec.patch
Patch0808: 0808-Revert-core-Propagate-condition-failed-state-to-trig.patch
Patch0809: 0809-core-Check-unit-start-rate-limiting-earlier.patch
Patch0810: 0810-core-Add-trigger-limit-for-path-units.patch
Patch0811: 0811-meson-add-syscall-names-update-target.patch
Patch0812: 0812-syscall-names-add-process_madvise-which-is-planned-f.patch
Patch0813: 0813-shared-add-known-syscall-list.patch
Patch0814: 0814-generate-syscall-list-require-python3.patch
Patch0815: 0815-shared-seccomp-reduce-scope-of-indexing-variables.patch
Patch0816: 0816-shared-syscall-list-filter-out-some-obviously-platfo.patch
Patch0817: 0817-seccomp-tighten-checking-of-seccomp-filter-creation.patch
Patch0818: 0818-shared-seccomp-util-added-functionality-to-make-list.patch
Patch0819: 0819-nspawn-return-ENOSYS-by-default-EPERM-for-known-call.patch
Patch0820: 0820-test-procfs-util-skip-test-on-certain-errors.patch
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
@ -1471,6 +1499,43 @@ fi
%files tests -f .file-list-tests
%changelog
* Fri Aug 19 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-65
- test-procfs-util: skip test on certain errors (#2087152)
* Thu Aug 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-64
- ci: bump the worker Ubuntu version to Jammy (#2087152)
- test: make test-execute pass on Linux 5.15 (#2087152)
- ci: install iputils (#2087152)
- ci(Mergify): Add `ci-waived` logic (#2087152)
- sd-event: don't invalidate source type on disconnect (#2115396)
- tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited (#2095744)
- core: drop references to 'StandardOutputFileToCreate' (#2093479)
- dbus-execute: fix indentation (#2093479)
- dbus-execute: generate the correct transient unit setting (#2093479)
- bus-unit-util: properly accept StandardOutput=append:… settings (#2093479)
- core: be more careful when inheriting stdout fds to stderr (#2093479)
- test: add a test for StandardError=file:… (#2093479)
- tree-wide: allow ASCII fallback for in logs (#2093479)
- tree-wide: allow ASCII fallback for in logs (#2093479)
- core: allow to set default timeout for devices (#1967245)
- man: document DefaultDeviceTimeoutSec= (#1967245)
- Revert "core: Propagate condition failed state to triggering units." (#2114005)
- core: Check unit start rate limiting earlier (#2114005)
- core: Add trigger limit for path units (#2114005)
- meson: add syscall-names-update target (#2040247)
- syscall-names: add process_madvise which is planned for 5.10 (#2040247)
- shared: add @known syscall list (#2040247)
- generate-syscall-list: require python3 (#2040247)
- shared/seccomp: reduce scope of indexing variables (#2040247)
- shared/syscall-list: filter out some obviously platform-specific syscalls (#2040247)
- seccomp: tighten checking of seccomp filter creation (#2040247)
- shared/seccomp-util: added functionality to make list of filtred syscalls (#2040247)
- nspawn: return ENOSYS by default, EPERM for "known" calls (#2040247)
- revert: resolved: pin stream while calling callbacks for it (#2110549)
* Wed Aug 03 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-63
- resolved: pin stream while calling callbacks for it (#2110549)
* Mon Jul 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-62
- spec: Remove dependency on timedatex (#2066946)