import systemd-239-65.el8
This commit is contained in:
parent
e2881b4302
commit
d50792f00f
|
@ -0,0 +1,24 @@
|
|||
From 3a35fcaad4bb3831808280854eb84f68975279a1 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Tue, 19 Jul 2022 22:44:07 +0200
|
||||
Subject: [PATCH] ci: bump the worker Ubuntu version to Jammy
|
||||
|
||||
rhel-only
|
||||
Related: #2087152
|
||||
---
|
||||
.github/workflows/unit_tests.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
|
||||
index 87b162fa71..f397e8ed6e 100644
|
||||
--- a/.github/workflows/unit_tests.yml
|
||||
+++ b/.github/workflows/unit_tests.yml
|
||||
@@ -6,7 +6,7 @@ on: [pull_request]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
- runs-on: ubuntu-20.04
|
||||
+ runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
|
@ -0,0 +1,43 @@
|
|||
From 434b4b64d17e16ed23f90c99c26dbd0e4ce6cd88 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 24 Nov 2021 15:58:50 +0100
|
||||
Subject: [PATCH] test: make test-execute pass on Linux 5.15
|
||||
|
||||
Linux 5.15 broke kernel API:
|
||||
|
||||
https://github.com/torvalds/linux/commit/e70344c05995a190a56bbd1a23dc2218bcc8c924
|
||||
|
||||
Previously setting IOPRIO_CLASS_NONE for a process would then report
|
||||
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
|
||||
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
|
||||
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
|
||||
breakage that our testsuite trips up on.
|
||||
|
||||
(I made some minimal effort to inform the kernel people about this API
|
||||
breakage during the 5.15 rc phase, but noone was interested.)
|
||||
|
||||
Either way let's hadle this gracefully in our test suite and accept
|
||||
"best-effort" too when "none" was set.
|
||||
|
||||
(This is only triggable if the tests are run on 5.15 with full privs)
|
||||
|
||||
(cherry picked from commit d9b8771108cf2955efc3852b477391017d2c599a)
|
||||
|
||||
Related: #2087152
|
||||
---
|
||||
test/test-execute/exec-ioschedulingclass-none.service | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/test-execute/exec-ioschedulingclass-none.service b/test/test-execute/exec-ioschedulingclass-none.service
|
||||
index b6af122a1e..8f917d345d 100644
|
||||
--- a/test/test-execute/exec-ioschedulingclass-none.service
|
||||
+++ b/test/test-execute/exec-ioschedulingclass-none.service
|
||||
@@ -2,6 +2,7 @@
|
||||
Description=Test for IOSchedulingClass=none
|
||||
|
||||
[Service]
|
||||
-ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none"'
|
||||
+# Old kernels might report "none" here, new kernels "best-effort".
|
||||
+ExecStart=/bin/sh -x -c 'c=$$(LC_ALL=C ionice); test "$${c%%:*}" = "none" -o "$${c%%:*}" = "best-effort"'
|
||||
Type=oneshot
|
||||
IOSchedulingClass=none
|
|
@ -0,0 +1,25 @@
|
|||
From 128d784dacb456f9ea675911e88d4b47925bda0d Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Wed, 20 Jul 2022 10:24:36 +0200
|
||||
Subject: [PATCH] ci: install iputils
|
||||
|
||||
Required by test-bpf.
|
||||
|
||||
rhel-only
|
||||
Related: #2087152
|
||||
---
|
||||
.github/workflows/unit_tests.sh | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
|
||||
index c1311310fb..3859433720 100755
|
||||
--- a/.github/workflows/unit_tests.sh
|
||||
+++ b/.github/workflows/unit_tests.sh
|
||||
@@ -11,6 +11,7 @@ ADDITIONAL_DEPS=(
|
||||
dnsmasq
|
||||
e2fsprogs
|
||||
hostname
|
||||
+ iputils
|
||||
libasan
|
||||
libubsan
|
||||
nc
|
|
@ -0,0 +1,63 @@
|
|||
From 0feaf0be515c02a10ca12f726b4a8424262cf09c Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 19 Jul 2022 12:43:43 +0200
|
||||
Subject: [PATCH] ci(Mergify): Add `ci-waived` logic
|
||||
|
||||
RHEL-only
|
||||
|
||||
Related: #2087152
|
||||
---
|
||||
.mergify.yml | 32 ++++++++++++++++++--------------
|
||||
1 file changed, 18 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/.mergify.yml b/.mergify.yml
|
||||
index 6fa400effd..3afd04f18e 100644
|
||||
--- a/.mergify.yml
|
||||
+++ b/.mergify.yml
|
||||
@@ -4,6 +4,7 @@
|
||||
pull_request_rules:
|
||||
- name: Add `needs-ci` label on CI fail
|
||||
conditions:
|
||||
+ - label!=ci-waived
|
||||
- or:
|
||||
# Unit tests
|
||||
- -check-success=build (stream8, GCC)
|
||||
@@ -27,21 +28,24 @@ pull_request_rules:
|
||||
|
||||
- name: Remove `needs-ci` label on CI success
|
||||
conditions:
|
||||
- # Unit tests
|
||||
- - check-success=build (stream8, GCC)
|
||||
- - check-success=build (stream8, GCC_ASAN)
|
||||
- # CentOS Stream CI
|
||||
- - check-success=CentOS CI (CentOS Stream 8)
|
||||
- # LGTM
|
||||
- or:
|
||||
- - "check-success=LGTM analysis: JavaScript"
|
||||
- - "check-neutral=LGTM analysis: JavaScript"
|
||||
- - or:
|
||||
- - "check-success=LGTM analysis: Python"
|
||||
- - "check-neutral=LGTM analysis: Python"
|
||||
- - or:
|
||||
- - "check-success=LGTM analysis: C/C++"
|
||||
- - "check-neutral=LGTM analysis: C/C++"
|
||||
+ - label=ci-waived
|
||||
+ - and:
|
||||
+ # Unit tests
|
||||
+ - check-success=build (stream8, GCC)
|
||||
+ - check-success=build (stream8, GCC_ASAN)
|
||||
+ # CentOS Stream CI
|
||||
+ - check-success=CentOS CI (CentOS Stream 8)
|
||||
+ # LGTM
|
||||
+ - or:
|
||||
+ - "check-success=LGTM analysis: JavaScript"
|
||||
+ - "check-neutral=LGTM analysis: JavaScript"
|
||||
+ - or:
|
||||
+ - "check-success=LGTM analysis: Python"
|
||||
+ - "check-neutral=LGTM analysis: Python"
|
||||
+ - or:
|
||||
+ - "check-success=LGTM analysis: C/C++"
|
||||
+ - "check-neutral=LGTM analysis: C/C++"
|
||||
actions:
|
||||
label:
|
||||
remove:
|
|
@ -0,0 +1,33 @@
|
|||
From e48586dcfa66731a353ecc832e43fab75559e2cf Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 30 Oct 2019 16:37:42 +0100
|
||||
Subject: [PATCH] sd-event: don't invalidate source type on disconnect
|
||||
|
||||
This fixes fd closing if fd ownership is requested.
|
||||
|
||||
(cherry picked from commit f59825595182d70b9ead238d1e885d0db99cc201)
|
||||
|
||||
Resolves: #2115396
|
||||
---
|
||||
src/libsystemd/sd-event/sd-event.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
|
||||
index 0adfdd9e1a..09d4584bf9 100644
|
||||
--- a/src/libsystemd/sd-event/sd-event.c
|
||||
+++ b/src/libsystemd/sd-event/sd-event.c
|
||||
@@ -1104,11 +1104,13 @@ static void source_disconnect(sd_event_source *s) {
|
||||
|
||||
event = s->event;
|
||||
|
||||
- s->type = _SOURCE_EVENT_SOURCE_TYPE_INVALID;
|
||||
s->event = NULL;
|
||||
LIST_REMOVE(sources, event->sources, s);
|
||||
event->n_sources--;
|
||||
|
||||
+ /* Note that we don't invalidate the type here, since we still need it in order to close the fd or
|
||||
+ * pidfd associated with this event source, which we'll do only on source_free(). */
|
||||
+
|
||||
if (!s->floating)
|
||||
sd_event_unref(event);
|
||||
}
|
|
@ -0,0 +1,98 @@
|
|||
From e6cd875a767ba23b218cdca395307ac6fb7fd882 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 30 May 2022 14:50:05 +0200
|
||||
Subject: [PATCH] tests: make sure we delay running mount start jobs when
|
||||
/p/s/mountinfo is rate limited
|
||||
|
||||
(cherry picked from commit 9e15be6c8d55abd800bf33f9776dd0e307ed37bc)
|
||||
|
||||
Related: #2095744
|
||||
---
|
||||
test/TEST-60-MOUNT-RATELIMIT/testsuite.sh | 53 +++++++++++++++++++++++
|
||||
test/test-functions | 2 +-
|
||||
2 files changed, 54 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh b/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
|
||||
index 6211050faf..84fe9640e1 100755
|
||||
--- a/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
|
||||
+++ b/test/TEST-60-MOUNT-RATELIMIT/testsuite.sh
|
||||
@@ -2,6 +2,56 @@
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
+test_issue_20329() {
|
||||
+ local tmpdir unit
|
||||
+ tmpdir="$(mktemp -d)"
|
||||
+ unit=$(systemd-escape --suffix mount --path "$tmpdir")
|
||||
+
|
||||
+ # Set up test mount unit
|
||||
+ cat > /run/systemd/system/"$unit" <<EOF
|
||||
+[Mount]
|
||||
+What=tmpfs
|
||||
+Where=$tmpdir
|
||||
+Type=tmpfs
|
||||
+Options=defaults,nofail
|
||||
+EOF
|
||||
+
|
||||
+ # Start the unit
|
||||
+ systemctl daemon-reload
|
||||
+ systemctl start "$unit"
|
||||
+
|
||||
+ [[ "$(systemctl show --property SubState --value "$unit")" = "mounted" ]] || {
|
||||
+ echo >&2 "Test mount \"$unit\" unit isn't mounted"
|
||||
+ return 1
|
||||
+ }
|
||||
+ mountpoint -q "$tmpdir"
|
||||
+
|
||||
+ trap 'systemctl stop $unit' RETURN
|
||||
+
|
||||
+ # Trigger the mount ratelimiting
|
||||
+ cd "$(mktemp -d)"
|
||||
+ mkdir foo
|
||||
+ for ((i=0;i<50;++i)); do
|
||||
+ mount --bind foo foo
|
||||
+ umount foo
|
||||
+ done
|
||||
+
|
||||
+ # Unmount the test mount and start it immediately again via systemd
|
||||
+ umount "$tmpdir"
|
||||
+ systemctl start "$unit"
|
||||
+
|
||||
+ # Make sure it is seen as mounted by systemd and it actually is mounted
|
||||
+ [[ "$(systemctl show --property SubState --value "$unit")" = "mounted" ]] || {
|
||||
+ echo >&2 "Test mount \"$unit\" unit isn't in \"mounted\" state"
|
||||
+ return 1
|
||||
+ }
|
||||
+
|
||||
+ mountpoint -q "$tmpdir" || {
|
||||
+ echo >&2 "Test mount \"$unit\" is in \"mounted\" state, actually is not mounted"
|
||||
+ return 1
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
systemd-analyze log-level debug
|
||||
systemd-analyze log-target journal
|
||||
|
||||
@@ -85,6 +135,9 @@ if systemctl list-units -t mount tmp-meow* | grep -q tmp-meow; then
|
||||
exit 42
|
||||
fi
|
||||
|
||||
+# test that handling of mount start jobs is delayed when /proc/self/mouninfo monitor is rate limited
|
||||
+test_issue_20329
|
||||
+
|
||||
systemd-analyze log-level info
|
||||
|
||||
echo OK >/testok
|
||||
diff --git a/test/test-functions b/test/test-functions
|
||||
index 4d7832b1fb..ed8ab98173 100644
|
||||
--- a/test/test-functions
|
||||
+++ b/test/test-functions
|
||||
@@ -23,7 +23,7 @@ fi
|
||||
|
||||
PATH_TO_INIT=$ROOTLIBDIR/systemd
|
||||
|
||||
-BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env"
|
||||
+BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env mktemp mountpoint"
|
||||
DEBUGTOOLS="df free ls stty cat ps ln ip route dmesg dhclient mkdir cp ping dhclient strace less grep id tty touch du sort hostname find"
|
||||
|
||||
STATEDIR="${BUILD_DIR:-.}/test/$(basename $(dirname $(realpath $0)))"
|
|
@ -0,0 +1,29 @@
|
|||
From 0bf1df5c35c310c3efe49c7a3cb8c3be3e33492b Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:05:37 +0100
|
||||
Subject: [PATCH] core: drop references to 'StandardOutputFileToCreate'
|
||||
|
||||
This property never existed, let's drop any reference to it.
|
||||
|
||||
(cherry picked from commit 922ce049d1ed37ce77e3322711e29f256d9e5959)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
src/core/dbus-execute.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
|
||||
index 2e64f0baf4..05134851c5 100644
|
||||
--- a/src/core/dbus-execute.c
|
||||
+++ b/src/core/dbus-execute.c
|
||||
@@ -1809,8 +1809,8 @@ int bus_exec_context_set_transient_property(
|
||||
|
||||
} else if (STR_IN_SET(name,
|
||||
"StandardInputFile",
|
||||
- "StandardOutputFile", "StandardOutputFileToCreate", "StandardOutputFileToAppend",
|
||||
- "StandardErrorFile", "StandardErrorFileToCreate", "StandardErrorFileToAppend")) {
|
||||
+ "StandardOutputFile", "StandardOutputFileToAppend",
|
||||
+ "StandardErrorFile", "StandardErrorFileToAppend")) {
|
||||
const char *s;
|
||||
|
||||
r = sd_bus_message_read(message, "s", &s);
|
|
@ -0,0 +1,29 @@
|
|||
From 2ba82e6b7e9a7b138c985561dd7d26b9e4111fbe Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:06:19 +0100
|
||||
Subject: [PATCH] dbus-execute: fix indentation
|
||||
|
||||
(cherry picked from commit dbe6c4b657aa5c58bfc049d869b94f00b41b7d95)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
src/core/dbus-execute.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
|
||||
index 05134851c5..fc433cc96f 100644
|
||||
--- a/src/core/dbus-execute.c
|
||||
+++ b/src/core/dbus-execute.c
|
||||
@@ -1858,9 +1858,9 @@ int bus_exec_context_set_transient_property(
|
||||
c->std_error = EXEC_OUTPUT_FILE;
|
||||
unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=file:%s", s);
|
||||
} else {
|
||||
- assert(streq(name, "StandardErrorFileToAppend"));
|
||||
- c->std_error = EXEC_OUTPUT_FILE_APPEND;
|
||||
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
|
||||
+ assert(streq(name, "StandardErrorFileToAppend"));
|
||||
+ c->std_error = EXEC_OUTPUT_FILE_APPEND;
|
||||
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
From 4fbd505c5a15f2b6078dc43e5a1ff999993e8b23 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:07:06 +0100
|
||||
Subject: [PATCH] dbus-execute: generate the correct transient unit setting
|
||||
|
||||
(cherry picked from commit 1704fba92f7b2c92238b0833943669045374daf9)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
src/core/dbus-execute.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
|
||||
index fc433cc96f..00f4aeacef 100644
|
||||
--- a/src/core/dbus-execute.c
|
||||
+++ b/src/core/dbus-execute.c
|
||||
@@ -1856,11 +1856,11 @@ int bus_exec_context_set_transient_property(
|
||||
|
||||
if (streq(name, "StandardErrorFile")) {
|
||||
c->std_error = EXEC_OUTPUT_FILE;
|
||||
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=file:%s", s);
|
||||
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardError=file:%s", s);
|
||||
} else {
|
||||
assert(streq(name, "StandardErrorFileToAppend"));
|
||||
c->std_error = EXEC_OUTPUT_FILE_APPEND;
|
||||
- unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardOutput=append:%s", s);
|
||||
+ unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "StandardError=append:%s", s);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
From b06347d1e85c98507ba386b24e6c7159edf4784f Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:07:39 +0100
|
||||
Subject: [PATCH] =?UTF-8?q?bus-unit-util:=20properly=20accept=20StandardOu?=
|
||||
=?UTF-8?q?tput=3Dappend:=E2=80=A6=20settings?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
(cherry picked from commit 8d33232ef1ad051b5ed00bd7b5fffb5a19bb83ae)
|
||||
|
||||
Resolves: #2093479
|
||||
---
|
||||
src/shared/bus-unit-util.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
|
||||
index 9010448aaf..3910dfa812 100644
|
||||
--- a/src/shared/bus-unit-util.c
|
||||
+++ b/src/shared/bus-unit-util.c
|
||||
@@ -894,9 +894,11 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
|
||||
} else if ((n = startswith(eq, "file:"))) {
|
||||
appended = strjoina(field, "File");
|
||||
r = sd_bus_message_append(m, "(sv)", appended, "s", n);
|
||||
+ } else if ((n = startswith(eq, "append:"))) {
|
||||
+ appended = strjoina(field, "FileToAppend");
|
||||
+ r = sd_bus_message_append(m, "(sv)", appended, "s", n);
|
||||
} else
|
||||
r = sd_bus_message_append(m, "(sv)", field, "s", eq);
|
||||
-
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
From d6ffd324cc933efec946a3ffbed6fccfe7077203 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:07:48 +0100
|
||||
Subject: [PATCH] core: be more careful when inheriting stdout fds to stderr
|
||||
|
||||
We need to compare the fd name/file name if we inherit an fd from stdout
|
||||
to stderr. Let's do that.
|
||||
|
||||
Fixes: #10875
|
||||
(cherry picked from commit 41fc585a7a3b8ae857cad5fdad1bc70cdacfa8e5)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
src/core/execute.c | 27 +++++++++++++++++++++++++--
|
||||
1 file changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/execute.c b/src/core/execute.c
|
||||
index 9cbb678ac4..b1d8dceb32 100644
|
||||
--- a/src/core/execute.c
|
||||
+++ b/src/core/execute.c
|
||||
@@ -545,6 +545,30 @@ static int setup_input(
|
||||
}
|
||||
}
|
||||
|
||||
+static bool can_inherit_stderr_from_stdout(
|
||||
+ const ExecContext *context,
|
||||
+ ExecOutput o,
|
||||
+ ExecOutput e) {
|
||||
+
|
||||
+ assert(context);
|
||||
+
|
||||
+ /* Returns true, if given the specified STDERR and STDOUT output we can directly dup() the stdout fd to the
|
||||
+ * stderr fd */
|
||||
+
|
||||
+ if (e == EXEC_OUTPUT_INHERIT)
|
||||
+ return true;
|
||||
+ if (e != o)
|
||||
+ return false;
|
||||
+
|
||||
+ if (e == EXEC_OUTPUT_NAMED_FD)
|
||||
+ return streq_ptr(context->stdio_fdname[STDOUT_FILENO], context->stdio_fdname[STDERR_FILENO]);
|
||||
+
|
||||
+ if (IN_SET(e, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND))
|
||||
+ return streq_ptr(context->stdio_file[STDOUT_FILENO], context->stdio_file[STDERR_FILENO]);
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
static int setup_output(
|
||||
const Unit *unit,
|
||||
const ExecContext *context,
|
||||
@@ -603,7 +627,7 @@ static int setup_output(
|
||||
return fileno;
|
||||
|
||||
/* Duplicate from stdout if possible */
|
||||
- if ((e == o && e != EXEC_OUTPUT_NAMED_FD) || e == EXEC_OUTPUT_INHERIT)
|
||||
+ if (can_inherit_stderr_from_stdout(context, o, e))
|
||||
return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
|
||||
|
||||
o = e;
|
||||
@@ -694,7 +718,6 @@ static int setup_output(
|
||||
flags |= O_APPEND;
|
||||
|
||||
fd = acquire_path(context->stdio_file[fileno], flags, 0666 & ~context->umask);
|
||||
-
|
||||
if (fd < 0)
|
||||
return fd;
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
From 2bbaa4b647c8a60a6c6a591f71313b0667447246 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 26 Nov 2018 21:09:07 +0100
|
||||
Subject: [PATCH] =?UTF-8?q?test:=20add=20a=20test=20for=20StandardError=3D?=
|
||||
=?UTF-8?q?file:=E2=80=A6?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This deserves a test of its, given how broken on so many levels this
|
||||
previously was.
|
||||
|
||||
(cherry picked from commit 196b0a11f306b8041e35316feb05ed1f00380957)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
test/TEST-27-STDOUTFILE/Makefile | 1 +
|
||||
test/TEST-27-STDOUTFILE/test.sh | 52 ++++++++++++++++++++++++++++
|
||||
test/TEST-27-STDOUTFILE/testsuite.sh | 40 +++++++++++++++++++++
|
||||
3 files changed, 93 insertions(+)
|
||||
create mode 120000 test/TEST-27-STDOUTFILE/Makefile
|
||||
create mode 100755 test/TEST-27-STDOUTFILE/test.sh
|
||||
create mode 100755 test/TEST-27-STDOUTFILE/testsuite.sh
|
||||
|
||||
diff --git a/test/TEST-27-STDOUTFILE/Makefile b/test/TEST-27-STDOUTFILE/Makefile
|
||||
new file mode 120000
|
||||
index 0000000000..e9f93b1104
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-27-STDOUTFILE/Makefile
|
||||
@@ -0,0 +1 @@
|
||||
+../TEST-01-BASIC/Makefile
|
||||
\ No newline at end of file
|
||||
diff --git a/test/TEST-27-STDOUTFILE/test.sh b/test/TEST-27-STDOUTFILE/test.sh
|
||||
new file mode 100755
|
||||
index 0000000000..724dbef231
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-27-STDOUTFILE/test.sh
|
||||
@@ -0,0 +1,52 @@
|
||||
+#!/bin/bash
|
||||
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
+# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
+set -e
|
||||
+TEST_DESCRIPTION="test StandardOutput=file:"
|
||||
+
|
||||
+. $TEST_BASE_DIR/test-functions
|
||||
+
|
||||
+test_setup() {
|
||||
+ create_empty_image
|
||||
+ mkdir -p $TESTDIR/root
|
||||
+ mount ${LOOPDEV}p1 $TESTDIR/root
|
||||
+
|
||||
+ (
|
||||
+ LOG_LEVEL=5
|
||||
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
||||
+
|
||||
+ inst_binary cmp
|
||||
+
|
||||
+ setup_basic_environment
|
||||
+
|
||||
+ # mask some services that we do not want to run in these tests
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service
|
||||
+ ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service
|
||||
+
|
||||
+ # setup the testsuite service
|
||||
+ cat >$initdir/etc/systemd/system/testsuite.service <<EOF
|
||||
+[Unit]
|
||||
+Description=Testsuite service
|
||||
+
|
||||
+[Service]
|
||||
+ExecStart=/testsuite.sh
|
||||
+Type=oneshot
|
||||
+StandardOutput=tty
|
||||
+StandardError=tty
|
||||
+NotifyAccess=all
|
||||
+EOF
|
||||
+ cp testsuite.sh $initdir/
|
||||
+
|
||||
+ setup_testsuite
|
||||
+ ) || return 1
|
||||
+ setup_nspawn_root
|
||||
+
|
||||
+ ddebug "umount $TESTDIR/root"
|
||||
+ umount $TESTDIR/root
|
||||
+}
|
||||
+
|
||||
+do_test "$@"
|
||||
diff --git a/test/TEST-27-STDOUTFILE/testsuite.sh b/test/TEST-27-STDOUTFILE/testsuite.sh
|
||||
new file mode 100755
|
||||
index 0000000000..75559e03e5
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-27-STDOUTFILE/testsuite.sh
|
||||
@@ -0,0 +1,40 @@
|
||||
+#!/bin/bash
|
||||
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
+# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
+set -ex
|
||||
+set -o pipefail
|
||||
+
|
||||
+systemd-analyze set-log-level debug
|
||||
+systemd-analyze set-log-target console
|
||||
+
|
||||
+systemd-run --unit=one -p StandardOutput=file:/tmp/stdout -p StandardError=file:/tmp/stderr -p Type=exec sh -c 'echo x ; echo y >&2'
|
||||
+cmp /tmp/stdout <<EOF
|
||||
+x
|
||||
+EOF
|
||||
+cmp /tmp/stderr <<EOF
|
||||
+y
|
||||
+EOF
|
||||
+
|
||||
+systemd-run --unit=two -p StandardOutput=file:/tmp/stdout -p StandardError=file:/tmp/stderr -p Type=exec sh -c 'echo z ; echo a >&2'
|
||||
+cmp /tmp/stdout <<EOF
|
||||
+z
|
||||
+EOF
|
||||
+cmp /tmp/stderr <<EOF
|
||||
+a
|
||||
+EOF
|
||||
+
|
||||
+systemd-run --unit=three -p StandardOutput=append:/tmp/stdout -p StandardError=append:/tmp/stderr -p Type=exec sh -c 'echo b ; echo c >&2'
|
||||
+cmp /tmp/stdout <<EOF
|
||||
+z
|
||||
+b
|
||||
+EOF
|
||||
+cmp /tmp/stderr <<EOF
|
||||
+a
|
||||
+c
|
||||
+EOF
|
||||
+
|
||||
+systemd-analyze set-log-level info
|
||||
+
|
||||
+echo OK > /testok
|
||||
+
|
||||
+exit 0
|
|
@ -0,0 +1,260 @@
|
|||
From aa93c2acd6c9ed4eb0152be9002f59ecd9cc277e Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Fri, 24 Jun 2022 09:13:42 +0200
|
||||
Subject: [PATCH] =?UTF-8?q?tree-wide:=20allow=20ASCII=20fallback=20for=20?=
|
||||
=?UTF-8?q?=E2=86=92=20in=20logs?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
(cherry picked from commit e2341b6bc325932b3f9f10874956952cbdbd6361)
|
||||
|
||||
Resolves: #2093479
|
||||
---
|
||||
src/basic/mount-util.c | 5 +++--
|
||||
src/core/dbus.c | 4 +++-
|
||||
src/core/namespace.c | 7 +++++--
|
||||
src/core/socket.c | 4 +++-
|
||||
src/libsystemd/sd-bus/sd-bus.c | 4 +++-
|
||||
src/login/logind-acl.c | 5 +++--
|
||||
src/resolve/resolved-dns-query.c | 11 +++++++++--
|
||||
src/shared/dns-domain.c | 9 ++++++---
|
||||
src/tmpfiles/tmpfiles.c | 4 +++-
|
||||
9 files changed, 38 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
|
||||
index 0c709001be..e7f9e514c2 100644
|
||||
--- a/src/basic/mount-util.c
|
||||
+++ b/src/basic/mount-util.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "fileio.h"
|
||||
#include "fs-util.h"
|
||||
#include "hashmap.h"
|
||||
+#include "locale-util.h"
|
||||
#include "mount-util.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
@@ -844,8 +845,8 @@ int mount_verbose(
|
||||
log_debug("Bind-mounting %s on %s (%s \"%s\")...",
|
||||
what, where, strnull(fl), strempty(o));
|
||||
else if (f & MS_MOVE)
|
||||
- log_debug("Moving mount %s → %s (%s \"%s\")...",
|
||||
- what, where, strnull(fl), strempty(o));
|
||||
+ log_debug("Moving mount %s %s %s (%s \"%s\")...",
|
||||
+ what, special_glyph(ARROW), where, strnull(fl), strempty(o));
|
||||
else
|
||||
log_debug("Mounting %s on %s (%s \"%s\")...",
|
||||
strna(type), where, strnull(fl), strempty(o));
|
||||
diff --git a/src/core/dbus.c b/src/core/dbus.c
|
||||
index 584a8a1b01..66d838cdb4 100644
|
||||
--- a/src/core/dbus.c
|
||||
+++ b/src/core/dbus.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include "dbus.h"
|
||||
#include "fd-util.h"
|
||||
#include "fs-util.h"
|
||||
+#include "locale-util.h"
|
||||
#include "log.h"
|
||||
#include "missing.h"
|
||||
#include "mkdir.h"
|
||||
@@ -751,7 +752,8 @@ static int manager_dispatch_sync_bus_names(sd_event_source *es, void *userdata)
|
||||
assert(s);
|
||||
|
||||
if (!streq_ptr(s->bus_name, name)) {
|
||||
- log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name);
|
||||
+ log_unit_warning(u, "Bus name has changed from %s %s %s, ignoring.",
|
||||
+ s->bus_name, special_glyph(ARROW), name);
|
||||
continue;
|
||||
}
|
||||
|
||||
diff --git a/src/core/namespace.c b/src/core/namespace.c
|
||||
index e4930db15c..3566795d46 100644
|
||||
--- a/src/core/namespace.c
|
||||
+++ b/src/core/namespace.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "fd-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "label.h"
|
||||
+#include "locale-util.h"
|
||||
#include "loop-util.h"
|
||||
#include "loopback-setup.h"
|
||||
#include "missing.h"
|
||||
@@ -841,7 +842,8 @@ static int follow_symlink(
|
||||
return -ELOOP;
|
||||
}
|
||||
|
||||
- log_debug("Followed mount entry path symlink %s → %s.", mount_entry_path(m), target);
|
||||
+ log_debug("Followed mount entry path symlink %s %s %s.",
|
||||
+ mount_entry_path(m), special_glyph(ARROW), target);
|
||||
|
||||
free_and_replace(m->path_malloc, target);
|
||||
m->has_prefix = true;
|
||||
@@ -920,7 +922,8 @@ static int apply_mount(
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to follow symlinks on %s: %m", mount_entry_source(m));
|
||||
|
||||
- log_debug("Followed source symlinks %s → %s.", mount_entry_source(m), chased);
|
||||
+ log_debug("Followed source symlinks %s %s %s.",
|
||||
+ mount_entry_source(m), special_glyph(ARROW), chased);
|
||||
|
||||
free_and_replace(m->source_malloc, chased);
|
||||
|
||||
diff --git a/src/core/socket.c b/src/core/socket.c
|
||||
index 6f9a0f7575..bdfeb43a70 100644
|
||||
--- a/src/core/socket.c
|
||||
+++ b/src/core/socket.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "in-addr-util.h"
|
||||
#include "io-util.h"
|
||||
#include "label.h"
|
||||
+#include "locale-util.h"
|
||||
#include "log.h"
|
||||
#include "missing.h"
|
||||
#include "mkdir.h"
|
||||
@@ -1355,7 +1356,8 @@ static int socket_symlink(Socket *s) {
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
- log_unit_warning_errno(UNIT(s), r, "Failed to create symlink %s → %s, ignoring: %m", p, *i);
|
||||
+ log_unit_warning_errno(UNIT(s), r, "Failed to create symlink %s %s %s, ignoring: %m",
|
||||
+ p, special_glyph(ARROW), *i);
|
||||
}
|
||||
|
||||
return 0;
|
||||
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
|
||||
index 803f3f50d6..21e54591f7 100644
|
||||
--- a/src/libsystemd/sd-bus/sd-bus.c
|
||||
+++ b/src/libsystemd/sd-bus/sd-bus.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include "cgroup-util.h"
|
||||
#include "def.h"
|
||||
#include "fd-util.h"
|
||||
+#include "locale-util.h"
|
||||
#include "hexdecoct.h"
|
||||
#include "hostname-util.h"
|
||||
#include "macro.h"
|
||||
@@ -518,7 +519,8 @@ void bus_set_state(sd_bus *bus, enum bus_state state) {
|
||||
if (state == bus->state)
|
||||
return;
|
||||
|
||||
- log_debug("Bus %s: changing state %s → %s", strna(bus->description), table[bus->state], table[state]);
|
||||
+ log_debug("Bus %s: changing state %s %s %s", strna(bus->description),
|
||||
+ table[bus->state], special_glyph(ARROW), table[state]);
|
||||
bus->state = state;
|
||||
}
|
||||
|
||||
diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
|
||||
index cafeb8822f..fe17eac0e6 100644
|
||||
--- a/src/login/logind-acl.c
|
||||
+++ b/src/login/logind-acl.c
|
||||
@@ -9,6 +9,7 @@
|
||||
#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-util.h"
|
||||
+#include "locale-util.h"
|
||||
#include "logind-acl.h"
|
||||
#include "set.h"
|
||||
#include "string-util.h"
|
||||
@@ -260,8 +261,8 @@ int devnode_acl_all(struct udev *udev,
|
||||
SET_FOREACH(n, nodes, i) {
|
||||
int k;
|
||||
|
||||
- log_debug("Changing ACLs at %s for seat %s (uid "UID_FMT"→"UID_FMT"%s%s)",
|
||||
- n, seat, old_uid, new_uid,
|
||||
+ log_debug("Changing ACLs at %s for seat %s (uid "UID_FMT"%s"UID_FMT"%s%s)",
|
||||
+ n, seat, old_uid, special_glyph(ARROW), new_uid,
|
||||
del ? " del" : "", add ? " add" : "");
|
||||
|
||||
k = devnode_acl(n, flush, del, old_uid, add, new_uid);
|
||||
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
|
||||
index c921fe841f..573e27d662 100644
|
||||
--- a/src/resolve/resolved-dns-query.c
|
||||
+++ b/src/resolve/resolved-dns-query.c
|
||||
@@ -3,6 +3,7 @@
|
||||
#include "alloc-util.h"
|
||||
#include "dns-domain.h"
|
||||
#include "dns-type.h"
|
||||
+#include "locale-util.h"
|
||||
#include "hostname-util.h"
|
||||
#include "local-addresses.h"
|
||||
#include "resolved-dns-query.h"
|
||||
@@ -942,7 +943,10 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
|
||||
if (r < 0)
|
||||
return r;
|
||||
else if (r > 0)
|
||||
- log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
|
||||
+ log_debug("Following CNAME/DNAME %s %s %s.",
|
||||
+ dns_question_first_name(q->question_idna),
|
||||
+ special_glyph(ARROW),
|
||||
+ dns_question_first_name(nq_idna));
|
||||
|
||||
k = dns_question_is_equal(q->question_idna, q->question_utf8);
|
||||
if (k < 0)
|
||||
@@ -956,7 +960,10 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
|
||||
if (k < 0)
|
||||
return k;
|
||||
else if (k > 0)
|
||||
- log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
|
||||
+ log_debug("Following UTF8 CNAME/DNAME %s %s %s.",
|
||||
+ dns_question_first_name(q->question_utf8),
|
||||
+ special_glyph(ARROW),
|
||||
+ dns_question_first_name(nq_utf8));
|
||||
}
|
||||
|
||||
if (r == 0 && k == 0) /* No actual cname happened? */
|
||||
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
|
||||
index de2fcca8b2..59799dec56 100644
|
||||
--- a/src/shared/dns-domain.c
|
||||
+++ b/src/shared/dns-domain.c
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "dns-domain.h"
|
||||
+#include "locale-util.h"
|
||||
#include "hashmap.h"
|
||||
#include "hexdecoct.h"
|
||||
#include "in-addr-util.h"
|
||||
@@ -1260,7 +1261,7 @@ int dns_name_apply_idna(const char *name, char **ret) {
|
||||
|
||||
r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t,
|
||||
IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL);
|
||||
- log_debug("idn2_lookup_u8: %s → %s", name, t);
|
||||
+ log_debug("idn2_lookup_u8: %s %s %s", name, special_glyph(ARROW), t);
|
||||
if (r == IDN2_OK) {
|
||||
if (!startswith(name, "xn--")) {
|
||||
_cleanup_free_ char *s = NULL;
|
||||
@@ -1273,8 +1274,10 @@ int dns_name_apply_idna(const char *name, char **ret) {
|
||||
}
|
||||
|
||||
if (!streq_ptr(name, s)) {
|
||||
- log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.",
|
||||
- name, t, s);
|
||||
+ log_debug("idn2 roundtrip failed: \"%s\" %s \"%s\" %s \"%s\", ignoring.",
|
||||
+ name, special_glyph(ARROW), t,
|
||||
+ special_glyph(ARROW), s);
|
||||
+ *ret = NULL;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index 50fada99dd..b3c2aac746 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include "fs-util.h"
|
||||
#include "glob-util.h"
|
||||
#include "io-util.h"
|
||||
+#include "locale-util.h"
|
||||
#include "label.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
@@ -2143,7 +2144,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) {
|
||||
* there's no immediate need for action by the user. However, in the interest of making things less confusing
|
||||
* to the user, let's still inform the user that these snippets should really be updated. */
|
||||
|
||||
- log_notice("[%s:%u] Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", fname, line, *path, n);
|
||||
+ log_notice("[%s:%u] Line references path below legacy directory /var/run/, updating %s %s %s; please update the tmpfiles.d/ drop-in file accordingly.",
|
||||
+ fname, line, *path, special_glyph(ARROW), n);
|
||||
|
||||
free(*path);
|
||||
*path = n;
|
|
@ -0,0 +1,129 @@
|
|||
From f27568d24a29590b34fec3a96a5b3b5d290ba3d8 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Fri, 24 Jun 2022 09:59:44 +0200
|
||||
Subject: [PATCH] =?UTF-8?q?tree-wide:=20allow=20ASCII=20fallback=20for=20?=
|
||||
=?UTF-8?q?=E2=80=A6=20in=20logs?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
(cherry picked from commit 28e5e1e97f47067bce190ea6b3404907d63e4320)
|
||||
|
||||
Related: #2093479
|
||||
---
|
||||
src/core/manager.c | 5 +++--
|
||||
src/shared/vlan-util.c | 3 ++-
|
||||
src/sysusers/sysusers.c | 5 +++--
|
||||
src/tmpfiles/tmpfiles.c | 6 +++---
|
||||
4 files changed, 11 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 845c26f498..5873e5b6d7 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -49,6 +49,7 @@
|
||||
#include "io-util.h"
|
||||
#include "label.h"
|
||||
#include "locale-setup.h"
|
||||
+#include "locale-util.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "manager.h"
|
||||
@@ -1404,7 +1405,7 @@ static void manager_coldplug(Manager *m) {
|
||||
|
||||
assert(m);
|
||||
|
||||
- log_debug("Invoking unit coldplug() handlers…");
|
||||
+ log_debug("Invoking unit coldplug() handlers%s", special_glyph(ELLIPSIS));
|
||||
|
||||
/* Let's place the units back into their deserialized state */
|
||||
HASHMAP_FOREACH_KEY(u, k, m->units, i) {
|
||||
@@ -1426,7 +1427,7 @@ static void manager_catchup(Manager *m) {
|
||||
|
||||
assert(m);
|
||||
|
||||
- log_debug("Invoking unit catchup() handlers…");
|
||||
+ log_debug("Invoking unit catchup() handlers%s", special_glyph(ELLIPSIS));
|
||||
|
||||
/* Let's catch up on any state changes that happened while we were reloading/reexecing */
|
||||
HASHMAP_FOREACH_KEY(u, k, m->units, i) {
|
||||
diff --git a/src/shared/vlan-util.c b/src/shared/vlan-util.c
|
||||
index 400994a354..9301dacbe2 100644
|
||||
--- a/src/shared/vlan-util.c
|
||||
+++ b/src/shared/vlan-util.c
|
||||
@@ -1,6 +1,7 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
#include "conf-parser.h"
|
||||
+#include "locale-util.h"
|
||||
#include "parse-util.h"
|
||||
#include "string-util.h"
|
||||
#include "vlan-util.h"
|
||||
@@ -67,7 +68,7 @@ int config_parse_vlanid(
|
||||
|
||||
r = parse_vlanid(rvalue, id);
|
||||
if (r == -ERANGE) {
|
||||
- log_syntax(unit, LOG_ERR, filename, line, r, "VLAN identifier outside of valid range 0…4094, ignoring: %s", rvalue);
|
||||
+ log_syntax(unit, LOG_ERR, filename, line, r, "VLAN identifier outside of valid range 0%s4094, ignoring: %s", special_glyph(ELLIPSIS), rvalue);
|
||||
return 0;
|
||||
}
|
||||
if (r < 0) {
|
||||
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
|
||||
index a374ebaaf4..f547388151 100644
|
||||
--- a/src/sysusers/sysusers.c
|
||||
+++ b/src/sysusers/sysusers.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include "format-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "hashmap.h"
|
||||
+#include "locale-util.h"
|
||||
#include "pager.h"
|
||||
#include "path-util.h"
|
||||
#include "selinux-util.h"
|
||||
@@ -1890,13 +1891,13 @@ static int read_config_files(char **args) {
|
||||
|
||||
STRV_FOREACH(f, files)
|
||||
if (p && path_equal(*f, p)) {
|
||||
- log_debug("Parsing arguments at position \"%s\"…", *f);
|
||||
+ log_debug("Parsing arguments at position \"%s\"%s", *f, special_glyph(ELLIPSIS));
|
||||
|
||||
r = parse_arguments(args);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else {
|
||||
- log_debug("Reading config file \"%s\"…", *f);
|
||||
+ log_debug("Reading config file \"%s\"%s", *f, special_glyph(ELLIPSIS));
|
||||
|
||||
/* Just warn, ignore result otherwise */
|
||||
(void) read_config_file(*f, true);
|
||||
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
|
||||
index b3c2aac746..8da525120b 100644
|
||||
--- a/src/tmpfiles/tmpfiles.c
|
||||
+++ b/src/tmpfiles/tmpfiles.c
|
||||
@@ -2654,7 +2654,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
|
||||
assert(fn);
|
||||
|
||||
if (streq(fn, "-")) {
|
||||
- log_debug("Reading config from stdin…");
|
||||
+ log_debug("Reading config from stdin%s", special_glyph(ELLIPSIS));
|
||||
fn = "<stdin>";
|
||||
f = stdin;
|
||||
} else {
|
||||
@@ -2667,7 +2667,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
|
||||
|
||||
return log_error_errno(r, "Failed to open '%s': %m", fn);
|
||||
}
|
||||
- log_debug("Reading config file \"%s\"…", fn);
|
||||
+ log_debug("Reading config file \"%s\"%s", fn, special_glyph(ELLIPSIS));
|
||||
f = _f;
|
||||
}
|
||||
|
||||
@@ -2765,7 +2765,7 @@ static int read_config_files(char **config_dirs, char **args, bool *invalid_conf
|
||||
|
||||
STRV_FOREACH(f, files)
|
||||
if (p && path_equal(*f, p)) {
|
||||
- log_debug("Parsing arguments at position \"%s\"…", *f);
|
||||
+ log_debug("Parsing arguments at position \"%s\"%s", *f, special_glyph(ELLIPSIS));
|
||||
|
||||
r = parse_arguments(config_dirs, args, invalid_config);
|
||||
if (r < 0)
|
|
@ -0,0 +1,115 @@
|
|||
From 207f51115c18c668982ef8bdb8a024fccaeb87f0 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Sat, 16 Jul 2022 09:49:12 +0200
|
||||
Subject: [PATCH] core: allow to set default timeout for devices
|
||||
|
||||
Fixes: #19879
|
||||
(cherry picked from commit a0fe19f9f791c05af236265954b1d73e8fcf5468)
|
||||
|
||||
Resolves: #1967245
|
||||
---
|
||||
src/core/dbus-manager.c | 1 +
|
||||
src/core/device.c | 2 +-
|
||||
src/core/main.c | 4 ++++
|
||||
src/core/manager.c | 1 +
|
||||
src/core/manager.h | 1 +
|
||||
src/core/system.conf.in | 1 +
|
||||
6 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
|
||||
index 7488f22116..5b1ed3646e 100644
|
||||
--- a/src/core/dbus-manager.c
|
||||
+++ b/src/core/dbus-manager.c
|
||||
@@ -2509,6 +2509,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
|
||||
SD_BUS_PROPERTY("DefaultTimerAccuracyUSec", "t", bus_property_get_usec, offsetof(Manager, default_timer_accuracy_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultTimeoutStartUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_start_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultTimeoutStopUSec", "t", bus_property_get_usec, offsetof(Manager, default_timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
+ SD_BUS_PROPERTY("DefaultDeviceTimeoutUSec", "t", bus_property_get_usec, offsetof(Manager, default_device_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultRestartUSec", "t", bus_property_get_usec, offsetof(Manager, default_restart_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DefaultStartLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Manager, default_start_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
/* The following two items are obsolete alias */
|
||||
diff --git a/src/core/device.c b/src/core/device.c
|
||||
index cb8b66dfc5..71b7c1ef81 100644
|
||||
--- a/src/core/device.c
|
||||
+++ b/src/core/device.c
|
||||
@@ -97,7 +97,7 @@ static void device_init(Unit *u) {
|
||||
* indefinitely for plugged in devices, something which cannot
|
||||
* happen for the other units since their operations time out
|
||||
* anyway. */
|
||||
- u->job_running_timeout = u->manager->default_timeout_start_usec;
|
||||
+ u->job_running_timeout = u->manager->default_device_timeout_usec;
|
||||
|
||||
u->ignore_on_isolate = true;
|
||||
|
||||
diff --git a/src/core/main.c b/src/core/main.c
|
||||
index 08a4df3c97..bfd4c531a7 100644
|
||||
--- a/src/core/main.c
|
||||
+++ b/src/core/main.c
|
||||
@@ -109,6 +109,7 @@ static usec_t arg_default_restart_usec;
|
||||
static usec_t arg_default_timeout_start_usec;
|
||||
static usec_t arg_default_timeout_stop_usec;
|
||||
static usec_t arg_default_timeout_abort_usec;
|
||||
+static usec_t arg_default_device_timeout_usec;
|
||||
static bool arg_default_timeout_abort_set;
|
||||
static usec_t arg_default_start_limit_interval;
|
||||
static unsigned arg_default_start_limit_burst;
|
||||
@@ -687,6 +688,7 @@ static int parse_config_file(void) {
|
||||
{ "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
|
||||
{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
|
||||
{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
|
||||
+ { "Manager", "DefaultDeviceTimeoutSec", config_parse_sec, 0, &arg_default_device_timeout_usec },
|
||||
{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
|
||||
{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
|
||||
{ "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
|
||||
@@ -754,6 +756,7 @@ static void set_manager_defaults(Manager *m) {
|
||||
m->default_std_error = arg_default_std_error;
|
||||
m->default_timeout_start_usec = arg_default_timeout_start_usec;
|
||||
m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
|
||||
+ m->default_device_timeout_usec = arg_default_device_timeout_usec;
|
||||
m->default_restart_usec = arg_default_restart_usec;
|
||||
m->default_start_limit_interval = arg_default_start_limit_interval;
|
||||
m->default_start_limit_burst = arg_default_start_limit_burst;
|
||||
@@ -2077,6 +2080,7 @@ static void reset_arguments(void) {
|
||||
arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
|
||||
arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
|
||||
arg_default_timeout_abort_set = false;
|
||||
+ arg_default_device_timeout_usec = DEFAULT_TIMEOUT_USEC;
|
||||
arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
|
||||
arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
|
||||
arg_runtime_watchdog = 0;
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 5873e5b6d7..f4611e6f8f 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -731,6 +731,7 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) {
|
||||
m->default_tasks_max = UINT64_MAX;
|
||||
m->default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
|
||||
m->default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
|
||||
+ m->default_device_timeout_usec = DEFAULT_TIMEOUT_USEC,
|
||||
m->default_restart_usec = DEFAULT_RESTART_USEC;
|
||||
m->original_log_level = -1;
|
||||
m->original_log_target = _LOG_TARGET_INVALID;
|
||||
diff --git a/src/core/manager.h b/src/core/manager.h
|
||||
index 7b572c8dfd..3f2cfc5e2e 100644
|
||||
--- a/src/core/manager.h
|
||||
+++ b/src/core/manager.h
|
||||
@@ -285,6 +285,7 @@ struct Manager {
|
||||
ExecOutput default_std_output, default_std_error;
|
||||
|
||||
usec_t default_restart_usec, default_timeout_start_usec, default_timeout_stop_usec;
|
||||
+ usec_t default_device_timeout_usec;
|
||||
|
||||
usec_t default_start_limit_interval;
|
||||
unsigned default_start_limit_burst;
|
||||
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||
index 84246c0e36..2f6852a89f 100644
|
||||
--- a/src/core/system.conf.in
|
||||
+++ b/src/core/system.conf.in
|
||||
@@ -37,6 +37,7 @@
|
||||
#DefaultStandardError=inherit
|
||||
#DefaultTimeoutStartSec=90s
|
||||
#DefaultTimeoutStopSec=90s
|
||||
+#DefaultDeviceTimeoutSec=90s
|
||||
#DefaultRestartSec=100ms
|
||||
#DefaultStartLimitIntervalSec=10s
|
||||
#DefaultStartLimitBurst=5
|
|
@ -0,0 +1,34 @@
|
|||
From ba81eba0feaf5c34f52141301e2b7ca93128fed0 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Sat, 16 Jul 2022 10:16:41 +0200
|
||||
Subject: [PATCH] man: document DefaultDeviceTimeoutSec=
|
||||
|
||||
(cherry picked from commit 9e69bd4801588c12811c611a1c68b54cecbe1718)
|
||||
|
||||
Related: #1967245
|
||||
---
|
||||
man/systemd-system.conf.xml | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
|
||||
index 988c4e7665..3670f34cb5 100644
|
||||
--- a/man/systemd-system.conf.xml
|
||||
+++ b/man/systemd-system.conf.xml
|
||||
@@ -305,6 +305,17 @@
|
||||
100ms.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><varname>DefaultDeviceTimeoutSec=</varname></term>
|
||||
+
|
||||
+ <listitem><para>Configures the default timeout for waiting for devices. It can be changed per
|
||||
+ device via the <varname>x-systemd.device-timeout=</varname> option in <filename>/etc/fstab</filename>
|
||||
+ and <filename>/etc/crypttab</filename> (see
|
||||
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||||
+ Defaults to 90s.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><varname>DefaultStartLimitIntervalSec=</varname></term>
|
||||
<term><varname>DefaultStartLimitBurst=</varname></term>
|
|
@ -0,0 +1,255 @@
|
|||
From f1a1ff976ed0787c79a0f57d773bc555ab756b8c Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Fri, 17 Dec 2021 19:39:29 +0100
|
||||
Subject: [PATCH] Revert "core: Propagate condition failed state to triggering
|
||||
units."
|
||||
|
||||
This reverts commit 12ab94a1e4961a39c32efb60b71866ab588d3ea2.
|
||||
|
||||
(cherry picked from commit 40f41f34d4af15d0147b5b2525f0b87ff62eae9a)
|
||||
|
||||
Related: #2114005
|
||||
---
|
||||
src/core/automount.c | 14 ++++----------
|
||||
src/core/automount.h | 1 -
|
||||
src/core/path.c | 16 +++++-----------
|
||||
src/core/path.h | 1 -
|
||||
src/core/socket.c | 28 +++++++++-------------------
|
||||
src/core/socket.h | 1 -
|
||||
src/core/timer.c | 12 +++---------
|
||||
src/core/timer.h | 1 -
|
||||
src/core/unit.c | 10 ----------
|
||||
src/core/unit.h | 2 --
|
||||
10 files changed, 21 insertions(+), 65 deletions(-)
|
||||
|
||||
diff --git a/src/core/automount.c b/src/core/automount.c
|
||||
index bac3b2fab7..c1c513d4a5 100644
|
||||
--- a/src/core/automount.c
|
||||
+++ b/src/core/automount.c
|
||||
@@ -776,11 +776,6 @@ static void automount_enter_running(Automount *a) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- if (unit_has_failed_condition_or_assert(trigger)) {
|
||||
- automount_enter_dead(a, AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
r = manager_add_job(UNIT(a)->manager, JOB_START, trigger, JOB_REPLACE, NULL, &error, NULL);
|
||||
if (r < 0) {
|
||||
log_unit_warning(UNIT(a), "Failed to queue mount startup job: %s", bus_error_message(&error, r));
|
||||
@@ -1092,11 +1087,10 @@ static int automount_can_start(Unit *u) {
|
||||
}
|
||||
|
||||
static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
|
||||
- [AUTOMOUNT_SUCCESS] = "success",
|
||||
- [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
|
||||
- [AUTOMOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
- [AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT] = "mount-start-limit-hit",
|
||||
- [AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED] = "mount-condition-failed",
|
||||
+ [AUTOMOUNT_SUCCESS] = "success",
|
||||
+ [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
|
||||
+ [AUTOMOUNT_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
+ [AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT] = "mount-start-limit-hit",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(automount_result, AutomountResult);
|
||||
diff --git a/src/core/automount.h b/src/core/automount.h
|
||||
index a7417d195c..21dd1c0774 100644
|
||||
--- a/src/core/automount.h
|
||||
+++ b/src/core/automount.h
|
||||
@@ -10,7 +10,6 @@ typedef enum AutomountResult {
|
||||
AUTOMOUNT_FAILURE_RESOURCES,
|
||||
AUTOMOUNT_FAILURE_START_LIMIT_HIT,
|
||||
AUTOMOUNT_FAILURE_MOUNT_START_LIMIT_HIT,
|
||||
- AUTOMOUNT_FAILURE_MOUNT_CONDITION_FAILED,
|
||||
_AUTOMOUNT_RESULT_MAX,
|
||||
_AUTOMOUNT_RESULT_INVALID = -1
|
||||
} AutomountResult;
|
||||
diff --git a/src/core/path.c b/src/core/path.c
|
||||
index bf7e1bf3c2..c2facf0b16 100644
|
||||
--- a/src/core/path.c
|
||||
+++ b/src/core/path.c
|
||||
@@ -453,7 +453,7 @@ static void path_enter_dead(Path *p, PathResult f) {
|
||||
else
|
||||
unit_log_failure(UNIT(p), path_result_to_string(p->result));
|
||||
|
||||
- path_set_state(p, p->result == PATH_SUCCESS ? PATH_DEAD : PATH_FAILED);
|
||||
+ path_set_state(p, p->result != PATH_SUCCESS ? PATH_FAILED : PATH_DEAD);
|
||||
}
|
||||
|
||||
static void path_enter_running(Path *p) {
|
||||
@@ -711,11 +711,6 @@ static void path_trigger_notify(Unit *u, Unit *other) {
|
||||
return;
|
||||
}
|
||||
|
||||
- if (unit_has_failed_condition_or_assert(other)) {
|
||||
- path_enter_dead(p, PATH_FAILURE_UNIT_CONDITION_FAILED);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
/* Don't propagate anything if there's still a job queued */
|
||||
if (other->job)
|
||||
return;
|
||||
@@ -768,11 +763,10 @@ static const char* const path_type_table[_PATH_TYPE_MAX] = {
|
||||
DEFINE_STRING_TABLE_LOOKUP(path_type, PathType);
|
||||
|
||||
static const char* const path_result_table[_PATH_RESULT_MAX] = {
|
||||
- [PATH_SUCCESS] = "success",
|
||||
- [PATH_FAILURE_RESOURCES] = "resources",
|
||||
- [PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
- [PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
|
||||
- [PATH_FAILURE_UNIT_CONDITION_FAILED] = "unit-condition-failed",
|
||||
+ [PATH_SUCCESS] = "success",
|
||||
+ [PATH_FAILURE_RESOURCES] = "resources",
|
||||
+ [PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
+ [PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(path_result, PathResult);
|
||||
diff --git a/src/core/path.h b/src/core/path.h
|
||||
index 0ad6bd12c6..8a69f06c13 100644
|
||||
--- a/src/core/path.h
|
||||
+++ b/src/core/path.h
|
||||
@@ -46,7 +46,6 @@ typedef enum PathResult {
|
||||
PATH_FAILURE_RESOURCES,
|
||||
PATH_FAILURE_START_LIMIT_HIT,
|
||||
PATH_FAILURE_UNIT_START_LIMIT_HIT,
|
||||
- PATH_FAILURE_UNIT_CONDITION_FAILED,
|
||||
_PATH_RESULT_MAX,
|
||||
_PATH_RESULT_INVALID = -1
|
||||
} PathResult;
|
||||
diff --git a/src/core/socket.c b/src/core/socket.c
|
||||
index bdfeb43a70..9d47ca2616 100644
|
||||
--- a/src/core/socket.c
|
||||
+++ b/src/core/socket.c
|
||||
@@ -2274,15 +2274,6 @@ static void socket_enter_running(Socket *s, int cfd) {
|
||||
goto refuse;
|
||||
}
|
||||
|
||||
- if (UNIT_ISSET(s->service) && cfd < 0) {
|
||||
- Unit *service = UNIT_DEREF(s->service);
|
||||
-
|
||||
- if (unit_has_failed_condition_or_assert(service)) {
|
||||
- socket_enter_dead(s, SOCKET_FAILURE_SERVICE_CONDITION_FAILED);
|
||||
- return;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
if (cfd < 0) {
|
||||
bool pending = false;
|
||||
Unit *other;
|
||||
@@ -3298,16 +3289,15 @@ static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
|
||||
DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
|
||||
|
||||
static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
|
||||
- [SOCKET_SUCCESS] = "success",
|
||||
- [SOCKET_FAILURE_RESOURCES] = "resources",
|
||||
- [SOCKET_FAILURE_TIMEOUT] = "timeout",
|
||||
- [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
|
||||
- [SOCKET_FAILURE_SIGNAL] = "signal",
|
||||
- [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
|
||||
- [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
- [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
|
||||
- [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit",
|
||||
- [SOCKET_FAILURE_SERVICE_CONDITION_FAILED] = "service-condition-failed",
|
||||
+ [SOCKET_SUCCESS] = "success",
|
||||
+ [SOCKET_FAILURE_RESOURCES] = "resources",
|
||||
+ [SOCKET_FAILURE_TIMEOUT] = "timeout",
|
||||
+ [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
|
||||
+ [SOCKET_FAILURE_SIGNAL] = "signal",
|
||||
+ [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
|
||||
+ [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
+ [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
|
||||
+ [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
|
||||
diff --git a/src/core/socket.h b/src/core/socket.h
|
||||
index b171b94316..2409dbf2a0 100644
|
||||
--- a/src/core/socket.h
|
||||
+++ b/src/core/socket.h
|
||||
@@ -39,7 +39,6 @@ typedef enum SocketResult {
|
||||
SOCKET_FAILURE_START_LIMIT_HIT,
|
||||
SOCKET_FAILURE_TRIGGER_LIMIT_HIT,
|
||||
SOCKET_FAILURE_SERVICE_START_LIMIT_HIT,
|
||||
- SOCKET_FAILURE_SERVICE_CONDITION_FAILED,
|
||||
_SOCKET_RESULT_MAX,
|
||||
_SOCKET_RESULT_INVALID = -1
|
||||
} SocketResult;
|
||||
diff --git a/src/core/timer.c b/src/core/timer.c
|
||||
index 3c8d89771d..990f05fee4 100644
|
||||
--- a/src/core/timer.c
|
||||
+++ b/src/core/timer.c
|
||||
@@ -567,11 +567,6 @@ static void timer_enter_running(Timer *t) {
|
||||
return;
|
||||
}
|
||||
|
||||
- if (unit_has_failed_condition_or_assert(trigger)) {
|
||||
- timer_enter_dead(t, TIMER_FAILURE_UNIT_CONDITION_FAILED);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
r = manager_add_job(UNIT(t)->manager, JOB_START, trigger, JOB_REPLACE, NULL, &error, NULL);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
@@ -855,10 +850,9 @@ static const char* const timer_base_table[_TIMER_BASE_MAX] = {
|
||||
DEFINE_STRING_TABLE_LOOKUP(timer_base, TimerBase);
|
||||
|
||||
static const char* const timer_result_table[_TIMER_RESULT_MAX] = {
|
||||
- [TIMER_SUCCESS] = "success",
|
||||
- [TIMER_FAILURE_RESOURCES] = "resources",
|
||||
- [TIMER_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
- [TIMER_FAILURE_UNIT_CONDITION_FAILED] = "unit-condition-failed",
|
||||
+ [TIMER_SUCCESS] = "success",
|
||||
+ [TIMER_FAILURE_RESOURCES] = "resources",
|
||||
+ [TIMER_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(timer_result, TimerResult);
|
||||
diff --git a/src/core/timer.h b/src/core/timer.h
|
||||
index d23e19d622..833aadb0b8 100644
|
||||
--- a/src/core/timer.h
|
||||
+++ b/src/core/timer.h
|
||||
@@ -32,7 +32,6 @@ typedef enum TimerResult {
|
||||
TIMER_SUCCESS,
|
||||
TIMER_FAILURE_RESOURCES,
|
||||
TIMER_FAILURE_START_LIMIT_HIT,
|
||||
- TIMER_FAILURE_UNIT_CONDITION_FAILED,
|
||||
_TIMER_RESULT_MAX,
|
||||
_TIMER_RESULT_INVALID = -1
|
||||
} TimerResult;
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 0810bf5a58..dfe0c243ef 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -5661,16 +5661,6 @@ int unit_thaw_vtable_common(Unit *u) {
|
||||
return unit_cgroup_freezer_action(u, FREEZER_THAW);
|
||||
}
|
||||
|
||||
-bool unit_has_failed_condition_or_assert(Unit *u) {
|
||||
- if (dual_timestamp_is_set(&u->condition_timestamp) && !u->condition_result)
|
||||
- return true;
|
||||
-
|
||||
- if (dual_timestamp_is_set(&u->assert_timestamp) && !u->assert_result)
|
||||
- return true;
|
||||
-
|
||||
- return false;
|
||||
-}
|
||||
-
|
||||
static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
|
||||
[COLLECT_INACTIVE] = "inactive",
|
||||
[COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
|
||||
diff --git a/src/core/unit.h b/src/core/unit.h
|
||||
index a924bd2e83..b8b914711f 100644
|
||||
--- a/src/core/unit.h
|
||||
+++ b/src/core/unit.h
|
||||
@@ -847,8 +847,6 @@ void unit_thawed(Unit *u);
|
||||
int unit_freeze_vtable_common(Unit *u);
|
||||
int unit_thaw_vtable_common(Unit *u);
|
||||
|
||||
-bool unit_has_failed_condition_or_assert(Unit *u);
|
||||
-
|
||||
/* Macros which append UNIT= or USER_UNIT= to the message */
|
||||
|
||||
#define log_unit_full(unit, level, error, ...) \
|
|
@ -0,0 +1,137 @@
|
|||
From e393372ad5ba67acb9b397f044efdb1c9a100644 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Tue, 24 Aug 2021 16:46:47 +0100
|
||||
Subject: [PATCH] core: Check unit start rate limiting earlier
|
||||
|
||||
[dtardon: This adds the test that's been left out by commit
|
||||
471eda89a25a3ceac91a2d05e39a54aae78038ed]
|
||||
|
||||
(cherry picked from commit 9727f2427ff6b2e1f4ab927cc57ad8e888f04e95)
|
||||
|
||||
Related: #2114005
|
||||
---
|
||||
test/TEST-10-ISSUE-2467/test.sh | 3 ++
|
||||
test/TEST-63-ISSUE-17433/Makefile | 1 +
|
||||
test/TEST-63-ISSUE-17433/test.sh | 42 ++++++++++++++++++++++
|
||||
test/TEST-63-ISSUE-17433/test63.path | 2 ++
|
||||
test/TEST-63-ISSUE-17433/test63.service | 5 +++
|
||||
test/TEST-63-ISSUE-17433/testsuite.service | 17 +++++++++
|
||||
6 files changed, 70 insertions(+)
|
||||
create mode 120000 test/TEST-63-ISSUE-17433/Makefile
|
||||
create mode 100755 test/TEST-63-ISSUE-17433/test.sh
|
||||
create mode 100644 test/TEST-63-ISSUE-17433/test63.path
|
||||
create mode 100644 test/TEST-63-ISSUE-17433/test63.service
|
||||
create mode 100644 test/TEST-63-ISSUE-17433/testsuite.service
|
||||
|
||||
diff --git a/test/TEST-10-ISSUE-2467/test.sh b/test/TEST-10-ISSUE-2467/test.sh
|
||||
index 0e61236686..a839ef79de 100755
|
||||
--- a/test/TEST-10-ISSUE-2467/test.sh
|
||||
+++ b/test/TEST-10-ISSUE-2467/test.sh
|
||||
@@ -42,6 +42,9 @@ EOF
|
||||
[Unit]
|
||||
Requires=test.socket
|
||||
ConditionPathExistsGlob=/tmp/nonexistent
|
||||
+# Make sure we hit the socket trigger limit in the test and not the service start limit.
|
||||
+StartLimitInterval=1000
|
||||
+StartLimitBurst=1000
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/true
|
||||
diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile
|
||||
new file mode 120000
|
||||
index 0000000000..e9f93b1104
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-63-ISSUE-17433/Makefile
|
||||
@@ -0,0 +1 @@
|
||||
+../TEST-01-BASIC/Makefile
|
||||
\ No newline at end of file
|
||||
diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh
|
||||
new file mode 100755
|
||||
index 0000000000..406a1e214c
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-63-ISSUE-17433/test.sh
|
||||
@@ -0,0 +1,42 @@
|
||||
+#!/usr/bin/env bash
|
||||
+set -e
|
||||
+
|
||||
+TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
|
||||
+
|
||||
+# shellcheck source=test/test-functions
|
||||
+. "${TEST_BASE_DIR:?}/test-functions"
|
||||
+
|
||||
+test_setup() {
|
||||
+ create_empty_image
|
||||
+ mkdir -p $TESTDIR/root
|
||||
+ mount ${LOOPDEV}p1 $TESTDIR/root
|
||||
+
|
||||
+ # Create what will eventually be our root filesystem onto an overlay
|
||||
+ (
|
||||
+ LOG_LEVEL=5
|
||||
+ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
||||
+
|
||||
+ setup_basic_environment
|
||||
+
|
||||
+ # setup the testsuite service
|
||||
+ cp testsuite.service $initdir/etc/systemd/system/testsuite.service
|
||||
+
|
||||
+ cp test63.path $initdir/etc/systemd/system/test63.path
|
||||
+ cp test63.service $initdir/etc/systemd/system/test63.service
|
||||
+
|
||||
+ setup_testsuite
|
||||
+ ) || return 1
|
||||
+ setup_nspawn_root
|
||||
+
|
||||
+ # mask some services that we do not want to run in these tests
|
||||
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
|
||||
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
|
||||
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
|
||||
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
|
||||
+ ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
|
||||
+
|
||||
+ ddebug "umount $TESTDIR/root"
|
||||
+ umount $TESTDIR/root
|
||||
+}
|
||||
+
|
||||
+do_test "$@"
|
||||
diff --git a/test/TEST-63-ISSUE-17433/test63.path b/test/TEST-63-ISSUE-17433/test63.path
|
||||
new file mode 100644
|
||||
index 0000000000..a6573bda0a
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-63-ISSUE-17433/test63.path
|
||||
@@ -0,0 +1,2 @@
|
||||
+[Path]
|
||||
+PathExists=/tmp/test63
|
||||
diff --git a/test/TEST-63-ISSUE-17433/test63.service b/test/TEST-63-ISSUE-17433/test63.service
|
||||
new file mode 100644
|
||||
index 0000000000..c83801874d
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-63-ISSUE-17433/test63.service
|
||||
@@ -0,0 +1,5 @@
|
||||
+[Unit]
|
||||
+ConditionPathExists=!/tmp/nonexistent
|
||||
+
|
||||
+[Service]
|
||||
+ExecStart=true
|
||||
diff --git a/test/TEST-63-ISSUE-17433/testsuite.service b/test/TEST-63-ISSUE-17433/testsuite.service
|
||||
new file mode 100644
|
||||
index 0000000000..d3ca5b002b
|
||||
--- /dev/null
|
||||
+++ b/test/TEST-63-ISSUE-17433/testsuite.service
|
||||
@@ -0,0 +1,17 @@
|
||||
+[Unit]
|
||||
+Description=TEST-63-ISSUE-17433
|
||||
+
|
||||
+[Service]
|
||||
+ExecStartPre=rm -f /failed /testok
|
||||
+Type=oneshot
|
||||
+ExecStart=rm -f /tmp/nonexistent
|
||||
+ExecStart=systemctl start test63.path
|
||||
+ExecStart=touch /tmp/test63
|
||||
+# Make sure systemd has sufficient time to hit the start limit for test63.service.
|
||||
+ExecStart=sleep 2
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = failed'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = start-limit-hit'
|
||||
+# FIXME: The path remains active, which it should not
|
||||
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = failed'
|
||||
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = unit-start-limit-hit'
|
||||
+ExecStart=sh -x -c 'echo OK >/testok'
|
|
@ -0,0 +1,127 @@
|
|||
From 9d3f5e5d222308d29aad9bf7b2bfc440143a8606 Mon Sep 17 00:00:00 2001
|
||||
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||||
Date: Fri, 17 Dec 2021 20:01:31 +0100
|
||||
Subject: [PATCH] core: Add trigger limit for path units
|
||||
|
||||
When conditions fail on a service unit, a path unit can cause
|
||||
PID 1 to busy loop as it keeps trying to activate the service unit.
|
||||
To avoid this from happening, add a trigger limit to the path unit,
|
||||
identical to the trigger limit we have for socket units.
|
||||
|
||||
Initially, let's start with a high limit and not make it configurable.
|
||||
If needed, we can add properties to configure the rate limit similar
|
||||
to the ones we have for socket units.
|
||||
|
||||
(cherry picked from commit aaae822b37aa3ca39aebb516fdc6bef36d730c25)
|
||||
|
||||
Resolves: #2114005
|
||||
---
|
||||
src/core/path.c | 10 ++++++++++
|
||||
src/core/path.h | 3 +++
|
||||
test/TEST-63-ISSUE-17433/test63.service | 2 +-
|
||||
test/TEST-63-ISSUE-17433/testsuite.service | 21 +++++++++++++++++----
|
||||
4 files changed, 31 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/core/path.c b/src/core/path.c
|
||||
index c2facf0b16..b899bde0de 100644
|
||||
--- a/src/core/path.c
|
||||
+++ b/src/core/path.c
|
||||
@@ -238,6 +238,9 @@ static void path_init(Unit *u) {
|
||||
assert(u->load_state == UNIT_STUB);
|
||||
|
||||
p->directory_mode = 0755;
|
||||
+
|
||||
+ p->trigger_limit.interval = 2 * USEC_PER_SEC;
|
||||
+ p->trigger_limit.burst = 200;
|
||||
}
|
||||
|
||||
void path_free_specs(Path *p) {
|
||||
@@ -467,6 +470,12 @@ static void path_enter_running(Path *p) {
|
||||
if (unit_stop_pending(UNIT(p)))
|
||||
return;
|
||||
|
||||
+ if (!ratelimit_below(&p->trigger_limit)) {
|
||||
+ log_unit_warning(UNIT(p), "Trigger limit hit, refusing further activation.");
|
||||
+ path_enter_dead(p, PATH_FAILURE_TRIGGER_LIMIT_HIT);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
trigger = UNIT_TRIGGER(UNIT(p));
|
||||
if (!trigger) {
|
||||
log_unit_error(UNIT(p), "Unit to trigger vanished.");
|
||||
@@ -767,6 +776,7 @@ static const char* const path_result_table[_PATH_RESULT_MAX] = {
|
||||
[PATH_FAILURE_RESOURCES] = "resources",
|
||||
[PATH_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
|
||||
[PATH_FAILURE_UNIT_START_LIMIT_HIT] = "unit-start-limit-hit",
|
||||
+ [PATH_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(path_result, PathResult);
|
||||
diff --git a/src/core/path.h b/src/core/path.h
|
||||
index 8a69f06c13..12fd13fbe3 100644
|
||||
--- a/src/core/path.h
|
||||
+++ b/src/core/path.h
|
||||
@@ -46,6 +46,7 @@ typedef enum PathResult {
|
||||
PATH_FAILURE_RESOURCES,
|
||||
PATH_FAILURE_START_LIMIT_HIT,
|
||||
PATH_FAILURE_UNIT_START_LIMIT_HIT,
|
||||
+ PATH_FAILURE_TRIGGER_LIMIT_HIT,
|
||||
_PATH_RESULT_MAX,
|
||||
_PATH_RESULT_INVALID = -1
|
||||
} PathResult;
|
||||
@@ -63,6 +64,8 @@ struct Path {
|
||||
mode_t directory_mode;
|
||||
|
||||
PathResult result;
|
||||
+
|
||||
+ RateLimit trigger_limit;
|
||||
};
|
||||
|
||||
void path_free_specs(Path *p);
|
||||
diff --git a/test/TEST-63-ISSUE-17433/test63.service b/test/TEST-63-ISSUE-17433/test63.service
|
||||
index c83801874d..6292434c5c 100644
|
||||
--- a/test/TEST-63-ISSUE-17433/test63.service
|
||||
+++ b/test/TEST-63-ISSUE-17433/test63.service
|
||||
@@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
-ConditionPathExists=!/tmp/nonexistent
|
||||
+ConditionPathExists=/tmp/nonexistent
|
||||
|
||||
[Service]
|
||||
ExecStart=true
|
||||
diff --git a/test/TEST-63-ISSUE-17433/testsuite.service b/test/TEST-63-ISSUE-17433/testsuite.service
|
||||
index d3ca5b002b..39f9643890 100644
|
||||
--- a/test/TEST-63-ISSUE-17433/testsuite.service
|
||||
+++ b/test/TEST-63-ISSUE-17433/testsuite.service
|
||||
@@ -4,14 +4,27 @@ Description=TEST-63-ISSUE-17433
|
||||
[Service]
|
||||
ExecStartPre=rm -f /failed /testok
|
||||
Type=oneshot
|
||||
+
|
||||
+# Test that a path unit continuously triggering a service that fails condition checks eventually fails with
|
||||
+# the trigger-limit-hit error.
|
||||
ExecStart=rm -f /tmp/nonexistent
|
||||
ExecStart=systemctl start test63.path
|
||||
ExecStart=touch /tmp/test63
|
||||
-# Make sure systemd has sufficient time to hit the start limit for test63.service.
|
||||
+# Make sure systemd has sufficient time to hit the trigger limit for test63.path.
|
||||
ExecStart=sleep 2
|
||||
-ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = failed'
|
||||
-ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = start-limit-hit'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = inactive'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = success'
|
||||
# FIXME: The path remains active, which it should not
|
||||
# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = failed'
|
||||
-# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = unit-start-limit-hit'
|
||||
+# ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = trigger-limit-hit'
|
||||
+
|
||||
+# Test that starting the service manually doesn't affect the path unit.
|
||||
+ExecStart=rm -f /tmp/test63
|
||||
+ExecStart=systemctl reset-failed
|
||||
+ExecStart=systemctl start test63.path
|
||||
+ExecStart=systemctl start test63.service
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p ActiveState)" = inactive'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.service --value -p Result)" = success'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p ActiveState)" = active'
|
||||
+ExecStart=sh -x -c 'test "$(systemctl show test63.path --value -p Result)" = success'
|
||||
ExecStart=sh -x -c 'echo OK >/testok'
|
|
@ -0,0 +1,680 @@
|
|||
From f20ccc0d505eccd59bb3814f59a63ea036be5bd5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 18 Aug 2020 16:27:20 +0200
|
||||
Subject: [PATCH] meson: add syscall-names-update target
|
||||
|
||||
The calls to find_program("tools/*") are moved earlier so they can be used
|
||||
in libshared/ (and it doesn't make sense to split them).
|
||||
|
||||
(cherry picked from commit 47354b440e90626c320d8f142cb742ff569e3a40)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
meson.build | 13 +-
|
||||
src/shared/meson.build | 6 +
|
||||
src/shared/syscall-names.text | 597 ++++++++++++++++++++++++++++++++++
|
||||
tools/syscall-names-update.sh | 6 +
|
||||
4 files changed, 617 insertions(+), 5 deletions(-)
|
||||
create mode 100644 src/shared/syscall-names.text
|
||||
create mode 100755 tools/syscall-names-update.sh
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 57de947367..6729a9ea5e 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -1417,6 +1417,14 @@ install_libsystemd_static = static_library(
|
||||
|
||||
############################################################
|
||||
|
||||
+hwdb_update_sh = find_program('tools/meson-hwdb-update.sh')
|
||||
+make_directive_index_py = find_program('tools/make-directive-index.py')
|
||||
+make_man_index_py = find_program('tools/make-man-index.py')
|
||||
+syscall_names_update_sh = find_program('tools/syscall-names-update.sh')
|
||||
+xml_helper_py = find_program('tools/xml_helper.py')
|
||||
+
|
||||
+############################################################
|
||||
+
|
||||
# binaries that have --help and are intended for use by humans,
|
||||
# usually, but not always, installed in /bin.
|
||||
public_programs = []
|
||||
@@ -2721,11 +2729,6 @@ run_target('fuzzers',
|
||||
|
||||
############################################################
|
||||
|
||||
-make_directive_index_py = find_program('tools/make-directive-index.py')
|
||||
-make_man_index_py = find_program('tools/make-man-index.py')
|
||||
-xml_helper_py = find_program('tools/xml_helper.py')
|
||||
-hwdb_update_sh = find_program('tools/meson-hwdb-update.sh')
|
||||
-
|
||||
subdir('units')
|
||||
subdir('sysctl.d')
|
||||
subdir('sysusers.d')
|
||||
diff --git a/src/shared/meson.build b/src/shared/meson.build
|
||||
index d0a1bba4c6..c9dd0a3a4e 100644
|
||||
--- a/src/shared/meson.build
|
||||
+++ b/src/shared/meson.build
|
||||
@@ -165,3 +165,9 @@ libshared = shared_library(
|
||||
dependencies : libshared_deps,
|
||||
install : true,
|
||||
install_dir : rootlibexecdir)
|
||||
+
|
||||
+############################################################
|
||||
+
|
||||
+run_target(
|
||||
+ 'syscall-names-update',
|
||||
+ command : [syscall_names_update_sh, meson.current_source_dir()])
|
||||
diff --git a/src/shared/syscall-names.text b/src/shared/syscall-names.text
|
||||
new file mode 100644
|
||||
index 0000000000..40d18a8894
|
||||
--- /dev/null
|
||||
+++ b/src/shared/syscall-names.text
|
||||
@@ -0,0 +1,597 @@
|
||||
+_llseek
|
||||
+_newselect
|
||||
+_sysctl
|
||||
+accept
|
||||
+accept4
|
||||
+access
|
||||
+acct
|
||||
+add_key
|
||||
+adjtimex
|
||||
+alarm
|
||||
+arc_gettls
|
||||
+arc_settls
|
||||
+arc_usr_cmpxchg
|
||||
+arch_prctl
|
||||
+arm_fadvise64_64
|
||||
+arm_sync_file_range
|
||||
+atomic_barrier
|
||||
+atomic_cmpxchg_32
|
||||
+bdflush
|
||||
+bfin_spinlock
|
||||
+bind
|
||||
+bpf
|
||||
+brk
|
||||
+cache_sync
|
||||
+cachectl
|
||||
+cacheflush
|
||||
+capget
|
||||
+capset
|
||||
+chdir
|
||||
+chmod
|
||||
+chown
|
||||
+chown32
|
||||
+chroot
|
||||
+clock_adjtime
|
||||
+clock_adjtime64
|
||||
+clock_getres
|
||||
+clock_getres_time64
|
||||
+clock_gettime
|
||||
+clock_gettime64
|
||||
+clock_nanosleep
|
||||
+clock_nanosleep_time64
|
||||
+clock_settime
|
||||
+clock_settime64
|
||||
+clone
|
||||
+clone2
|
||||
+clone3
|
||||
+close
|
||||
+close_range
|
||||
+connect
|
||||
+copy_file_range
|
||||
+creat
|
||||
+create_module
|
||||
+delete_module
|
||||
+dipc
|
||||
+dup
|
||||
+dup2
|
||||
+dup3
|
||||
+epoll_create
|
||||
+epoll_create1
|
||||
+epoll_ctl
|
||||
+epoll_ctl_old
|
||||
+epoll_pwait
|
||||
+epoll_wait
|
||||
+epoll_wait_old
|
||||
+eventfd
|
||||
+eventfd2
|
||||
+exec_with_loader
|
||||
+execv
|
||||
+execve
|
||||
+execveat
|
||||
+exit
|
||||
+exit_group
|
||||
+faccessat
|
||||
+faccessat2
|
||||
+fadvise64
|
||||
+fadvise64_64
|
||||
+fallocate
|
||||
+fanotify_init
|
||||
+fanotify_mark
|
||||
+fchdir
|
||||
+fchmod
|
||||
+fchmodat
|
||||
+fchown
|
||||
+fchown32
|
||||
+fchownat
|
||||
+fcntl
|
||||
+fcntl64
|
||||
+fdatasync
|
||||
+fgetxattr
|
||||
+finit_module
|
||||
+flistxattr
|
||||
+flock
|
||||
+fork
|
||||
+fp_udfiex_crtl
|
||||
+fremovexattr
|
||||
+fsconfig
|
||||
+fsetxattr
|
||||
+fsmount
|
||||
+fsopen
|
||||
+fspick
|
||||
+fstat
|
||||
+fstat64
|
||||
+fstatat64
|
||||
+fstatfs
|
||||
+fstatfs64
|
||||
+fsync
|
||||
+ftruncate
|
||||
+ftruncate64
|
||||
+futex
|
||||
+futex_time64
|
||||
+futimesat
|
||||
+get_kernel_syms
|
||||
+get_mempolicy
|
||||
+get_robust_list
|
||||
+get_thread_area
|
||||
+getcpu
|
||||
+getcwd
|
||||
+getdents
|
||||
+getdents64
|
||||
+getdomainname
|
||||
+getdtablesize
|
||||
+getegid
|
||||
+getegid32
|
||||
+geteuid
|
||||
+geteuid32
|
||||
+getgid
|
||||
+getgid32
|
||||
+getgroups
|
||||
+getgroups32
|
||||
+gethostname
|
||||
+getitimer
|
||||
+getpagesize
|
||||
+getpeername
|
||||
+getpgid
|
||||
+getpgrp
|
||||
+getpid
|
||||
+getpmsg
|
||||
+getppid
|
||||
+getpriority
|
||||
+getrandom
|
||||
+getresgid
|
||||
+getresgid32
|
||||
+getresuid
|
||||
+getresuid32
|
||||
+getrlimit
|
||||
+getrusage
|
||||
+getsid
|
||||
+getsockname
|
||||
+getsockopt
|
||||
+gettid
|
||||
+gettimeofday
|
||||
+getuid
|
||||
+getuid32
|
||||
+getunwind
|
||||
+getxattr
|
||||
+getxgid
|
||||
+getxpid
|
||||
+getxuid
|
||||
+idle
|
||||
+init_module
|
||||
+inotify_add_watch
|
||||
+inotify_init
|
||||
+inotify_init1
|
||||
+inotify_rm_watch
|
||||
+io_cancel
|
||||
+io_destroy
|
||||
+io_getevents
|
||||
+io_pgetevents
|
||||
+io_pgetevents_time64
|
||||
+io_setup
|
||||
+io_submit
|
||||
+io_uring_enter
|
||||
+io_uring_register
|
||||
+io_uring_setup
|
||||
+ioctl
|
||||
+ioperm
|
||||
+iopl
|
||||
+ioprio_get
|
||||
+ioprio_set
|
||||
+ipc
|
||||
+kcmp
|
||||
+kern_features
|
||||
+kexec_file_load
|
||||
+kexec_load
|
||||
+keyctl
|
||||
+kill
|
||||
+lchown
|
||||
+lchown32
|
||||
+lgetxattr
|
||||
+link
|
||||
+linkat
|
||||
+listen
|
||||
+listxattr
|
||||
+llistxattr
|
||||
+lookup_dcookie
|
||||
+lremovexattr
|
||||
+lseek
|
||||
+lsetxattr
|
||||
+lstat
|
||||
+lstat64
|
||||
+madvise
|
||||
+mbind
|
||||
+membarrier
|
||||
+memfd_create
|
||||
+memory_ordering
|
||||
+migrate_pages
|
||||
+mincore
|
||||
+mkdir
|
||||
+mkdirat
|
||||
+mknod
|
||||
+mknodat
|
||||
+mlock
|
||||
+mlock2
|
||||
+mlockall
|
||||
+mmap
|
||||
+mmap2
|
||||
+modify_ldt
|
||||
+mount
|
||||
+move_mount
|
||||
+move_pages
|
||||
+mprotect
|
||||
+mq_getsetattr
|
||||
+mq_notify
|
||||
+mq_open
|
||||
+mq_timedreceive
|
||||
+mq_timedreceive_time64
|
||||
+mq_timedsend
|
||||
+mq_timedsend_time64
|
||||
+mq_unlink
|
||||
+mremap
|
||||
+msgctl
|
||||
+msgget
|
||||
+msgrcv
|
||||
+msgsnd
|
||||
+msync
|
||||
+multiplexer
|
||||
+munlock
|
||||
+munlockall
|
||||
+munmap
|
||||
+name_to_handle_at
|
||||
+nanosleep
|
||||
+newfstatat
|
||||
+nfsservctl
|
||||
+ni_syscall
|
||||
+nice
|
||||
+old_adjtimex
|
||||
+old_getpagesize
|
||||
+oldfstat
|
||||
+oldlstat
|
||||
+oldolduname
|
||||
+oldstat
|
||||
+oldumount
|
||||
+olduname
|
||||
+open
|
||||
+open_by_handle_at
|
||||
+open_tree
|
||||
+openat
|
||||
+openat2
|
||||
+or1k_atomic
|
||||
+osf_adjtime
|
||||
+osf_afs_syscall
|
||||
+osf_alt_plock
|
||||
+osf_alt_setsid
|
||||
+osf_alt_sigpending
|
||||
+osf_asynch_daemon
|
||||
+osf_audcntl
|
||||
+osf_audgen
|
||||
+osf_chflags
|
||||
+osf_execve
|
||||
+osf_exportfs
|
||||
+osf_fchflags
|
||||
+osf_fdatasync
|
||||
+osf_fpathconf
|
||||
+osf_fstat
|
||||
+osf_fstatfs
|
||||
+osf_fstatfs64
|
||||
+osf_fuser
|
||||
+osf_getaddressconf
|
||||
+osf_getdirentries
|
||||
+osf_getdomainname
|
||||
+osf_getfh
|
||||
+osf_getfsstat
|
||||
+osf_gethostid
|
||||
+osf_getitimer
|
||||
+osf_getlogin
|
||||
+osf_getmnt
|
||||
+osf_getrusage
|
||||
+osf_getsysinfo
|
||||
+osf_gettimeofday
|
||||
+osf_kloadcall
|
||||
+osf_kmodcall
|
||||
+osf_lstat
|
||||
+osf_memcntl
|
||||
+osf_mincore
|
||||
+osf_mount
|
||||
+osf_mremap
|
||||
+osf_msfs_syscall
|
||||
+osf_msleep
|
||||
+osf_mvalid
|
||||
+osf_mwakeup
|
||||
+osf_naccept
|
||||
+osf_nfssvc
|
||||
+osf_ngetpeername
|
||||
+osf_ngetsockname
|
||||
+osf_nrecvfrom
|
||||
+osf_nrecvmsg
|
||||
+osf_nsendmsg
|
||||
+osf_ntp_adjtime
|
||||
+osf_ntp_gettime
|
||||
+osf_old_creat
|
||||
+osf_old_fstat
|
||||
+osf_old_getpgrp
|
||||
+osf_old_killpg
|
||||
+osf_old_lstat
|
||||
+osf_old_open
|
||||
+osf_old_sigaction
|
||||
+osf_old_sigblock
|
||||
+osf_old_sigreturn
|
||||
+osf_old_sigsetmask
|
||||
+osf_old_sigvec
|
||||
+osf_old_stat
|
||||
+osf_old_vadvise
|
||||
+osf_old_vtrace
|
||||
+osf_old_wait
|
||||
+osf_oldquota
|
||||
+osf_pathconf
|
||||
+osf_pid_block
|
||||
+osf_pid_unblock
|
||||
+osf_plock
|
||||
+osf_priocntlset
|
||||
+osf_profil
|
||||
+osf_proplist_syscall
|
||||
+osf_reboot
|
||||
+osf_revoke
|
||||
+osf_sbrk
|
||||
+osf_security
|
||||
+osf_select
|
||||
+osf_set_program_attributes
|
||||
+osf_set_speculative
|
||||
+osf_sethostid
|
||||
+osf_setitimer
|
||||
+osf_setlogin
|
||||
+osf_setsysinfo
|
||||
+osf_settimeofday
|
||||
+osf_shmat
|
||||
+osf_signal
|
||||
+osf_sigprocmask
|
||||
+osf_sigsendset
|
||||
+osf_sigstack
|
||||
+osf_sigwaitprim
|
||||
+osf_sstk
|
||||
+osf_stat
|
||||
+osf_statfs
|
||||
+osf_statfs64
|
||||
+osf_subsys_info
|
||||
+osf_swapctl
|
||||
+osf_swapon
|
||||
+osf_syscall
|
||||
+osf_sysinfo
|
||||
+osf_table
|
||||
+osf_uadmin
|
||||
+osf_usleep_thread
|
||||
+osf_uswitch
|
||||
+osf_utc_adjtime
|
||||
+osf_utc_gettime
|
||||
+osf_utimes
|
||||
+osf_utsname
|
||||
+osf_wait4
|
||||
+osf_waitid
|
||||
+pause
|
||||
+pciconfig_iobase
|
||||
+pciconfig_read
|
||||
+pciconfig_write
|
||||
+perf_event_open
|
||||
+perfctr
|
||||
+perfmonctl
|
||||
+personality
|
||||
+pidfd_getfd
|
||||
+pidfd_open
|
||||
+pidfd_send_signal
|
||||
+pipe
|
||||
+pipe2
|
||||
+pivot_root
|
||||
+pkey_alloc
|
||||
+pkey_free
|
||||
+pkey_mprotect
|
||||
+poll
|
||||
+ppoll
|
||||
+ppoll_time64
|
||||
+prctl
|
||||
+pread64
|
||||
+preadv
|
||||
+preadv2
|
||||
+prlimit64
|
||||
+process_vm_readv
|
||||
+process_vm_writev
|
||||
+pselect6
|
||||
+pselect6_time64
|
||||
+ptrace
|
||||
+pwrite64
|
||||
+pwritev
|
||||
+pwritev2
|
||||
+query_module
|
||||
+quotactl
|
||||
+read
|
||||
+readahead
|
||||
+readdir
|
||||
+readlink
|
||||
+readlinkat
|
||||
+readv
|
||||
+reboot
|
||||
+recv
|
||||
+recvfrom
|
||||
+recvmmsg
|
||||
+recvmmsg_time64
|
||||
+recvmsg
|
||||
+remap_file_pages
|
||||
+removexattr
|
||||
+rename
|
||||
+renameat
|
||||
+renameat2
|
||||
+request_key
|
||||
+restart_syscall
|
||||
+riscv_flush_icache
|
||||
+rmdir
|
||||
+rseq
|
||||
+rt_sigaction
|
||||
+rt_sigpending
|
||||
+rt_sigprocmask
|
||||
+rt_sigqueueinfo
|
||||
+rt_sigreturn
|
||||
+rt_sigsuspend
|
||||
+rt_sigtimedwait
|
||||
+rt_sigtimedwait_time64
|
||||
+rt_tgsigqueueinfo
|
||||
+rtas
|
||||
+s390_guarded_storage
|
||||
+s390_pci_mmio_read
|
||||
+s390_pci_mmio_write
|
||||
+s390_runtime_instr
|
||||
+s390_sthyi
|
||||
+sched_get_affinity
|
||||
+sched_get_priority_max
|
||||
+sched_get_priority_min
|
||||
+sched_getaffinity
|
||||
+sched_getattr
|
||||
+sched_getparam
|
||||
+sched_getscheduler
|
||||
+sched_rr_get_interval
|
||||
+sched_rr_get_interval_time64
|
||||
+sched_set_affinity
|
||||
+sched_setaffinity
|
||||
+sched_setattr
|
||||
+sched_setparam
|
||||
+sched_setscheduler
|
||||
+sched_yield
|
||||
+seccomp
|
||||
+select
|
||||
+semctl
|
||||
+semget
|
||||
+semop
|
||||
+semtimedop
|
||||
+semtimedop_time64
|
||||
+send
|
||||
+sendfile
|
||||
+sendfile64
|
||||
+sendmmsg
|
||||
+sendmsg
|
||||
+sendto
|
||||
+set_mempolicy
|
||||
+set_robust_list
|
||||
+set_thread_area
|
||||
+set_tid_address
|
||||
+setdomainname
|
||||
+setfsgid
|
||||
+setfsgid32
|
||||
+setfsuid
|
||||
+setfsuid32
|
||||
+setgid
|
||||
+setgid32
|
||||
+setgroups
|
||||
+setgroups32
|
||||
+sethae
|
||||
+sethostname
|
||||
+setitimer
|
||||
+setns
|
||||
+setpgid
|
||||
+setpgrp
|
||||
+setpriority
|
||||
+setregid
|
||||
+setregid32
|
||||
+setresgid
|
||||
+setresgid32
|
||||
+setresuid
|
||||
+setresuid32
|
||||
+setreuid
|
||||
+setreuid32
|
||||
+setrlimit
|
||||
+setsid
|
||||
+setsockopt
|
||||
+settimeofday
|
||||
+setuid
|
||||
+setuid32
|
||||
+setxattr
|
||||
+sgetmask
|
||||
+shmat
|
||||
+shmctl
|
||||
+shmdt
|
||||
+shmget
|
||||
+shutdown
|
||||
+sigaction
|
||||
+sigaltstack
|
||||
+signal
|
||||
+signalfd
|
||||
+signalfd4
|
||||
+sigpending
|
||||
+sigprocmask
|
||||
+sigreturn
|
||||
+sigsuspend
|
||||
+socket
|
||||
+socketcall
|
||||
+socketpair
|
||||
+splice
|
||||
+spu_create
|
||||
+spu_run
|
||||
+ssetmask
|
||||
+stat
|
||||
+stat64
|
||||
+statfs
|
||||
+statfs64
|
||||
+statx
|
||||
+stime
|
||||
+subpage_prot
|
||||
+swapcontext
|
||||
+swapoff
|
||||
+swapon
|
||||
+switch_endian
|
||||
+symlink
|
||||
+symlinkat
|
||||
+sync
|
||||
+sync_file_range
|
||||
+sync_file_range2
|
||||
+syncfs
|
||||
+sys_debug_setcontext
|
||||
+syscall
|
||||
+sysfs
|
||||
+sysinfo
|
||||
+syslog
|
||||
+sysmips
|
||||
+tee
|
||||
+tgkill
|
||||
+time
|
||||
+timer_create
|
||||
+timer_delete
|
||||
+timer_getoverrun
|
||||
+timer_gettime
|
||||
+timer_gettime64
|
||||
+timer_settime
|
||||
+timer_settime64
|
||||
+timerfd
|
||||
+timerfd_create
|
||||
+timerfd_gettime
|
||||
+timerfd_gettime64
|
||||
+timerfd_settime
|
||||
+timerfd_settime64
|
||||
+times
|
||||
+tkill
|
||||
+truncate
|
||||
+truncate64
|
||||
+udftrap
|
||||
+ugetrlimit
|
||||
+umask
|
||||
+umount
|
||||
+umount2
|
||||
+uname
|
||||
+unlink
|
||||
+unlinkat
|
||||
+unshare
|
||||
+uselib
|
||||
+userfaultfd
|
||||
+ustat
|
||||
+utime
|
||||
+utimensat
|
||||
+utimensat_time64
|
||||
+utimes
|
||||
+utimesat
|
||||
+utrap_install
|
||||
+vfork
|
||||
+vhangup
|
||||
+vm86
|
||||
+vm86old
|
||||
+vmsplice
|
||||
+wait4
|
||||
+waitid
|
||||
+waitpid
|
||||
+write
|
||||
+writev
|
||||
diff --git a/tools/syscall-names-update.sh b/tools/syscall-names-update.sh
|
||||
new file mode 100755
|
||||
index 0000000000..c884b93cda
|
||||
--- /dev/null
|
||||
+++ b/tools/syscall-names-update.sh
|
||||
@@ -0,0 +1,6 @@
|
||||
+#!/bin/sh
|
||||
+set -eu
|
||||
+
|
||||
+cd "$1"
|
||||
+
|
||||
+curl -L -o syscall-names.text 'https://raw.githubusercontent.com/hrw/syscalls-table/master/syscall-names.text'
|
|
@ -0,0 +1,27 @@
|
|||
From bcc0f8bfbc0ea220895c1d3a8bf2d3124ddcef16 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 25 Oct 2020 13:54:20 +0100
|
||||
Subject: [PATCH] syscall-names: add process_madvise which is planned for 5.10
|
||||
|
||||
It was added in v5.9-11793-gecb8ac8b1f and is still present in v5.10-rc1, so it
|
||||
seems likely that it'll be in 5.10 too.
|
||||
|
||||
(cherry picked from commit 397cca2453465d4ad5a51b16ad71acf45a3de352)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/shared/syscall-names.text | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/shared/syscall-names.text b/src/shared/syscall-names.text
|
||||
index 40d18a8894..f1b7e29d50 100644
|
||||
--- a/src/shared/syscall-names.text
|
||||
+++ b/src/shared/syscall-names.text
|
||||
@@ -392,6 +392,7 @@ pread64
|
||||
preadv
|
||||
preadv2
|
||||
prlimit64
|
||||
+process_madvise
|
||||
process_vm_readv
|
||||
process_vm_writev
|
||||
pselect6
|
|
@ -0,0 +1,157 @@
|
|||
From f3c6abebbe4718085fcf17ed3ab0690e379fbb7e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 19 Aug 2020 17:43:23 +0200
|
||||
Subject: [PATCH] shared: add @known syscall list
|
||||
|
||||
(cherry picked from commit 95aac01259db689dac7d8e5bfafb60e8c70cd734)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
man/systemd.exec.xml | 4 ++++
|
||||
src/shared/generate-syscall-list.py | 5 +++++
|
||||
src/shared/meson.build | 11 +++++++++++
|
||||
src/shared/seccomp-util.c | 6 ++++++
|
||||
src/shared/seccomp-util.h | 3 ++-
|
||||
src/test/test-seccomp.c | 19 ++++++++++++-------
|
||||
6 files changed, 40 insertions(+), 8 deletions(-)
|
||||
create mode 100755 src/shared/generate-syscall-list.py
|
||||
|
||||
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
|
||||
index dc88cf9781..b04b4ba552 100644
|
||||
--- a/man/systemd.exec.xml
|
||||
+++ b/man/systemd.exec.xml
|
||||
@@ -1556,6 +1556,10 @@ RestrictNamespaces=~cgroup net</programlisting>
|
||||
<entry>@timer</entry>
|
||||
<entry>System calls for scheduling operations by time (<citerefentry project='man-pages'><refentrytitle>alarm</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>timer_create</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
|
||||
</row>
|
||||
+ <row>
|
||||
+ <entry>@known</entry>
|
||||
+ <entry>All system calls defined by the kernel. This list is defined statically in systemd based on a kernel version that was available when this systmed version was released. It will become progressively more out-of-date as the kernel is updated.</entry>
|
||||
+ </row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
|
||||
new file mode 100755
|
||||
index 0000000000..13a6ae9241
|
||||
--- /dev/null
|
||||
+++ b/src/shared/generate-syscall-list.py
|
||||
@@ -0,0 +1,5 @@
|
||||
+#!/usr/bin/env python
|
||||
+import sys
|
||||
+
|
||||
+for line in open(sys.argv[1]):
|
||||
+ print('"{}\\0"'.format(line.strip()))
|
||||
diff --git a/src/shared/meson.build b/src/shared/meson.build
|
||||
index c9dd0a3a4e..fed08571d1 100644
|
||||
--- a/src/shared/meson.build
|
||||
+++ b/src/shared/meson.build
|
||||
@@ -109,6 +109,16 @@ shared_sources = files('''
|
||||
test_tables_h = files('test-tables.h')
|
||||
shared_sources += [test_tables_h]
|
||||
|
||||
+generate_syscall_list = find_program('generate-syscall-list.py')
|
||||
+fname = 'syscall-list.h'
|
||||
+syscall_list_h = custom_target(
|
||||
+ fname,
|
||||
+ input : 'syscall-names.text',
|
||||
+ output : fname,
|
||||
+ command : [generate_syscall_list,
|
||||
+ '@INPUT@'],
|
||||
+ capture : true)
|
||||
+
|
||||
if conf.get('HAVE_ACL') == 1
|
||||
shared_sources += files('acl-util.c')
|
||||
endif
|
||||
@@ -119,6 +129,7 @@ endif
|
||||
|
||||
if conf.get('HAVE_SECCOMP') == 1
|
||||
shared_sources += files('seccomp-util.c')
|
||||
+ shared_sources += syscall_list_h
|
||||
endif
|
||||
|
||||
if conf.get('HAVE_LIBIPTC') == 1
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index c57c409433..c2b2f2da92 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -855,6 +855,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||
"timerfd_settime\0"
|
||||
"times\0"
|
||||
},
|
||||
+ [SYSCALL_FILTER_SET_KNOWN] = {
|
||||
+ .name = "@known",
|
||||
+ .help = "All known syscalls declared in the kernel",
|
||||
+ .value =
|
||||
+#include "syscall-list.h"
|
||||
+ },
|
||||
};
|
||||
|
||||
const SyscallFilterSet *syscall_filter_set_find(const char *name) {
|
||||
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
|
||||
index 602f092255..541ba1e067 100644
|
||||
--- a/src/shared/seccomp-util.h
|
||||
+++ b/src/shared/seccomp-util.h
|
||||
@@ -21,7 +21,7 @@ typedef struct SyscallFilterSet {
|
||||
} SyscallFilterSet;
|
||||
|
||||
enum {
|
||||
- /* Please leave DEFAULT first, but sort the rest alphabetically */
|
||||
+ /* Please leave DEFAULT first and KNOWN last, but sort the rest alphabetically */
|
||||
SYSCALL_FILTER_SET_DEFAULT,
|
||||
SYSCALL_FILTER_SET_AIO,
|
||||
SYSCALL_FILTER_SET_BASIC_IO,
|
||||
@@ -49,6 +49,7 @@ enum {
|
||||
SYSCALL_FILTER_SET_SYNC,
|
||||
SYSCALL_FILTER_SET_SYSTEM_SERVICE,
|
||||
SYSCALL_FILTER_SET_TIMER,
|
||||
+ SYSCALL_FILTER_SET_KNOWN,
|
||||
_SYSCALL_FILTER_SET_MAX
|
||||
};
|
||||
|
||||
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
|
||||
index 6ec04c4c55..286f01b5ce 100644
|
||||
--- a/src/test/test-seccomp.c
|
||||
+++ b/src/test/test-seccomp.c
|
||||
@@ -106,8 +106,10 @@ static void test_filter_sets(void) {
|
||||
if (pid == 0) { /* Child? */
|
||||
int fd;
|
||||
|
||||
- /* If we look at the default set (or one that includes it), whitelist instead of blacklist */
|
||||
- if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
|
||||
+ /* If we look at the default set (or one that includes it), allow-list instead of deny-list */
|
||||
+ if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT,
|
||||
+ SYSCALL_FILTER_SET_SYSTEM_SERVICE,
|
||||
+ SYSCALL_FILTER_SET_KNOWN))
|
||||
r = seccomp_load_syscall_filter_set(SCMP_ACT_ERRNO(EUCLEAN), syscall_filter_sets + i, SCMP_ACT_ALLOW, true);
|
||||
else
|
||||
r = seccomp_load_syscall_filter_set(SCMP_ACT_ALLOW, syscall_filter_sets + i, SCMP_ACT_ERRNO(EUCLEAN), true);
|
||||
@@ -639,20 +641,23 @@ static void test_lock_personality(void) {
|
||||
}
|
||||
|
||||
static void test_filter_sets_ordered(void) {
|
||||
- size_t i;
|
||||
-
|
||||
/* Ensure "@default" always remains at the beginning of the list */
|
||||
assert_se(SYSCALL_FILTER_SET_DEFAULT == 0);
|
||||
assert_se(streq(syscall_filter_sets[0].name, "@default"));
|
||||
|
||||
- for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
||||
+ /* Ensure "@known" always remains at the end of the list */
|
||||
+ assert_se(SYSCALL_FILTER_SET_KNOWN == _SYSCALL_FILTER_SET_MAX - 1);
|
||||
+ assert_se(streq(syscall_filter_sets[SYSCALL_FILTER_SET_KNOWN].name, "@known"));
|
||||
+
|
||||
+ for (size_t i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
||||
const char *k, *p = NULL;
|
||||
|
||||
/* Make sure each group has a description */
|
||||
assert_se(!isempty(syscall_filter_sets[0].help));
|
||||
|
||||
- /* Make sure the groups are ordered alphabetically, except for the first entry */
|
||||
- assert_se(i < 2 || strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0);
|
||||
+ /* Make sure the groups are ordered alphabetically, except for the first and last entries */
|
||||
+ assert_se(i < 2 || i == _SYSCALL_FILTER_SET_MAX - 1 ||
|
||||
+ strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0);
|
||||
|
||||
NULSTR_FOREACH(k, syscall_filter_sets[i].value) {
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
From da722bc383c359b77fab671a0e7872fe4c0232ce Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 22 Aug 2020 16:07:05 +0200
|
||||
Subject: [PATCH] generate-syscall-list: require python3
|
||||
|
||||
Python3.4 works, but 2.7 returns a tuple from os.uname().
|
||||
|
||||
(cherry picked from commit 8694114b809f92f6a882134f3635aa42bfb41e11)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/shared/generate-syscall-list.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
|
||||
index 13a6ae9241..0b90d2d276 100755
|
||||
--- a/src/shared/generate-syscall-list.py
|
||||
+++ b/src/shared/generate-syscall-list.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
import sys
|
||||
|
||||
for line in open(sys.argv[1]):
|
|
@ -0,0 +1,82 @@
|
|||
From 64705366e134f06438e88f0b7fbef341d0a01431 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 19 Aug 2020 17:43:40 +0200
|
||||
Subject: [PATCH] shared/seccomp: reduce scope of indexing variables
|
||||
|
||||
(cherry picked from commit 077e8fc0cad5a4532348d20a1eef8621295dd75a)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/shared/seccomp-util.c | 14 +++++---------
|
||||
1 file changed, 5 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index c2b2f2da92..4d2ba31d47 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -864,12 +864,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||
};
|
||||
|
||||
const SyscallFilterSet *syscall_filter_set_find(const char *name) {
|
||||
- unsigned i;
|
||||
-
|
||||
if (isempty(name) || name[0] != '@')
|
||||
return NULL;
|
||||
|
||||
- for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
|
||||
+ for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++)
|
||||
if (streq(syscall_filter_sets[i].name, name))
|
||||
return syscall_filter_sets + i;
|
||||
|
||||
@@ -1105,7 +1103,6 @@ int seccomp_restrict_namespaces(unsigned long retain) {
|
||||
|
||||
SECCOMP_FOREACH_LOCAL_ARCH(arch) {
|
||||
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
|
||||
- unsigned i;
|
||||
|
||||
log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch));
|
||||
|
||||
@@ -1135,7 +1132,7 @@ int seccomp_restrict_namespaces(unsigned long retain) {
|
||||
continue;
|
||||
}
|
||||
|
||||
- for (i = 0; namespace_flag_map[i].name; i++) {
|
||||
+ for (unsigned i = 0; namespace_flag_map[i].name; i++) {
|
||||
unsigned long f;
|
||||
|
||||
f = namespace_flag_map[i].flag;
|
||||
@@ -1288,7 +1285,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
|
||||
return r;
|
||||
|
||||
if (whitelist) {
|
||||
- int af, first = 0, last = 0;
|
||||
+ int first = 0, last = 0;
|
||||
void *afp;
|
||||
|
||||
/* If this is a whitelist, we first block the address families that are out of range and then
|
||||
@@ -1296,7 +1293,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
|
||||
* the set. */
|
||||
|
||||
SET_FOREACH(afp, address_families, i) {
|
||||
- af = PTR_TO_INT(afp);
|
||||
+ int af = PTR_TO_INT(afp);
|
||||
|
||||
if (af <= 0 || af >= af_max())
|
||||
continue;
|
||||
@@ -1350,7 +1347,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
|
||||
}
|
||||
|
||||
/* Block everything between the first and last entry */
|
||||
- for (af = 1; af < af_max(); af++) {
|
||||
+ for (int af = 1; af < af_max(); af++) {
|
||||
|
||||
if (set_contains(address_families, INT_TO_PTR(af)))
|
||||
continue;
|
||||
@@ -1378,7 +1375,6 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
|
||||
* checks. */
|
||||
|
||||
SET_FOREACH(af, address_families, i) {
|
||||
-
|
||||
r = seccomp_rule_add_exact(
|
||||
seccomp,
|
||||
SCMP_ACT_ERRNO(EAFNOSUPPORT),
|
|
@ -0,0 +1,32 @@
|
|||
From 2e33a4ffdd54de1f88c3cd37ca5ace94a637b1dc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 19 Aug 2020 17:46:30 +0200
|
||||
Subject: [PATCH] shared/syscall-list: filter out some obviously
|
||||
platform-specific syscalls
|
||||
|
||||
(cherry picked from commit 752fedbea7c02c82287c7ff2a4139f528b3f7ba8)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/shared/generate-syscall-list.py | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/src/shared/generate-syscall-list.py b/src/shared/generate-syscall-list.py
|
||||
index 0b90d2d276..030c3feec4 100755
|
||||
--- a/src/shared/generate-syscall-list.py
|
||||
+++ b/src/shared/generate-syscall-list.py
|
||||
@@ -1,5 +1,14 @@
|
||||
#!/usr/bin/env python3
|
||||
import sys
|
||||
+import os
|
||||
+
|
||||
+s390 = 's390' in os.uname().machine
|
||||
+arm = 'arm' in os.uname().machine
|
||||
|
||||
for line in open(sys.argv[1]):
|
||||
+ if line.startswith('s390_') and not s390:
|
||||
+ continue
|
||||
+ if line.startswith('arm_') and not arm:
|
||||
+ continue
|
||||
+
|
||||
print('"{}\\0"'.format(line.strip()))
|
|
@ -0,0 +1,123 @@
|
|||
From 42ed3377b5817f2c1f84e1bdca301ea51ecc3299 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 20 Sep 2018 14:19:41 +0200
|
||||
Subject: [PATCH] seccomp: tighten checking of seccomp filter creation
|
||||
|
||||
In seccomp code, the code is changed to propagate errors which are about
|
||||
anything other than unknown/unimplemented syscalls. I *think* such errors
|
||||
should not happen in normal usage, but so far we would summarilly ignore all
|
||||
errors, so that part is uncertain. If it turns out that other errors occur and
|
||||
should be ignored, this should be added later.
|
||||
|
||||
In nspawn, we would count the number of added filters, but didn't use this for
|
||||
anything. Drop that part.
|
||||
|
||||
The comments suggested that seccomp_add_syscall_filter_item() returned negative
|
||||
if the syscall is unknown, but this wasn't true: it returns 0.
|
||||
|
||||
The error at this point can only be if the syscall was known but couldn't be
|
||||
added. If the error comes from our internal whitelist in nspawn, treat this as
|
||||
error, because it means that our internal table is wrong. If the error comes
|
||||
from user arguments, warn and ignore. (If some syscall is not known at current
|
||||
architecture, it is still silently ignored.)
|
||||
|
||||
(cherry picked from commit 7e86bd73a47f2b8dd3d9a743e69fb0117f450ad8)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/nspawn/nspawn-seccomp.c | 14 +++++---------
|
||||
src/shared/seccomp-util.c | 26 ++++++++++++++++----------
|
||||
2 files changed, 21 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
|
||||
index fba22644da..17abfcec26 100644
|
||||
--- a/src/nspawn/nspawn-seccomp.c
|
||||
+++ b/src/nspawn/nspawn-seccomp.c
|
||||
@@ -140,7 +140,7 @@ static int seccomp_add_default_syscall_filter(
|
||||
*/
|
||||
};
|
||||
|
||||
- int r, c = 0;
|
||||
+ int r;
|
||||
size_t i;
|
||||
char **p;
|
||||
|
||||
@@ -150,21 +150,17 @@ static int seccomp_add_default_syscall_filter(
|
||||
|
||||
r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false);
|
||||
if (r < 0)
|
||||
- /* If the system call is not known on this architecture, then that's fine, let's ignore it */
|
||||
- log_debug_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", whitelist[i].name, seccomp_arch_to_string(arch));
|
||||
- else
|
||||
- c++;
|
||||
+ return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
|
||||
}
|
||||
|
||||
STRV_FOREACH(p, syscall_whitelist) {
|
||||
r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false);
|
||||
if (r < 0)
|
||||
- log_debug_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m", *p, seccomp_arch_to_string(arch));
|
||||
- else
|
||||
- c++;
|
||||
+ log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
|
||||
+ *p, seccomp_arch_to_string(arch));
|
||||
}
|
||||
|
||||
- return c;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **syscall_blacklist) {
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index 4d2ba31d47..710a734715 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -907,9 +907,13 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
|
||||
r = seccomp_rule_add_exact(seccomp, action, id, 0);
|
||||
if (r < 0) {
|
||||
/* If the system call is not known on this architecture, then that's fine, let's ignore it */
|
||||
- if (log_missing)
|
||||
- log_debug_errno(r, "Failed to add rule for system call %s() / %d, ignoring: %m",
|
||||
- name, id);
|
||||
+ bool ignore = r == -EDOM;
|
||||
+
|
||||
+ if (!ignore || log_missing)
|
||||
+ log_debug_errno(r, "Failed to add rule for system call %s() / %d%s: %m",
|
||||
+ name, id, ignore ? ", ignoring" : "");
|
||||
+ if (!ignore)
|
||||
+ return r;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -957,10 +961,8 @@ int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilter
|
||||
return r;
|
||||
|
||||
r = seccomp_add_syscall_filter_set(seccomp, set, action, NULL, log_missing);
|
||||
- if (r < 0) {
|
||||
- log_debug_errno(r, "Failed to add filter set, ignoring: %m");
|
||||
- continue;
|
||||
- }
|
||||
+ if (r < 0)
|
||||
+ return log_debug_errno(r, "Failed to add filter set: %m");
|
||||
|
||||
r = seccomp_load(seccomp);
|
||||
if (IN_SET(r, -EPERM, -EACCES))
|
||||
@@ -1005,11 +1007,15 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u
|
||||
if (r < 0) {
|
||||
/* If the system call is not known on this architecture, then that's fine, let's ignore it */
|
||||
_cleanup_free_ char *n = NULL;
|
||||
+ bool ignore;
|
||||
|
||||
n = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, id);
|
||||
- if (log_missing)
|
||||
- log_debug_errno(r, "Failed to add rule for system call %s() / %d, ignoring: %m",
|
||||
- strna(n), id);
|
||||
+ ignore = r == -EDOM;
|
||||
+ if (!ignore || log_missing)
|
||||
+ log_debug_errno(r, "Failed to add rule for system call %s() / %d%s: %m",
|
||||
+ strna(n), id, ignore ? ", ignoring" : "");
|
||||
+ if (!ignore)
|
||||
+ return r;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,156 @@
|
|||
From eaad892c513806801e3d2055788fa202372b3f15 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 21 Aug 2020 17:21:04 +0200
|
||||
Subject: [PATCH] shared/seccomp-util: added functionality to make list of
|
||||
filtred syscalls
|
||||
|
||||
While at it, start removing the "seccomp_" prefix from our
|
||||
own functions. It is used by libseccomp.
|
||||
|
||||
(cherry picked from commit 000c05207d68658b76af9e1caf9aa3a4e3fa697b)
|
||||
|
||||
Related: #2040247
|
||||
---
|
||||
src/nspawn/nspawn-seccomp.c | 9 +++++++--
|
||||
src/shared/seccomp-util.c | 39 ++++++++++++++++++++++++++++++-------
|
||||
src/shared/seccomp-util.h | 8 +++++++-
|
||||
3 files changed, 46 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
|
||||
index 17abfcec26..2b4a65e875 100644
|
||||
--- a/src/nspawn/nspawn-seccomp.c
|
||||
+++ b/src/nspawn/nspawn-seccomp.c
|
||||
@@ -148,13 +148,18 @@ static int seccomp_add_default_syscall_filter(
|
||||
if (whitelist[i].capability != 0 && (cap_list_retain & (1ULL << whitelist[i].capability)) == 0)
|
||||
continue;
|
||||
|
||||
- r = seccomp_add_syscall_filter_item(ctx, whitelist[i].name, SCMP_ACT_ALLOW, syscall_blacklist, false);
|
||||
+ r = seccomp_add_syscall_filter_item(ctx,
|
||||
+ whitelist[i].name,
|
||||
+ SCMP_ACT_ALLOW,
|
||||
+ syscall_blacklist,
|
||||
+ false,
|
||||
+ NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
|
||||
}
|
||||
|
||||
STRV_FOREACH(p, syscall_whitelist) {
|
||||
- r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false);
|
||||
+ r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false, NULL);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
|
||||
*p, seccomp_arch_to_string(arch));
|
||||
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
|
||||
index 710a734715..56075d92e0 100644
|
||||
--- a/src/shared/seccomp-util.c
|
||||
+++ b/src/shared/seccomp-util.c
|
||||
@@ -874,15 +874,31 @@ const SyscallFilterSet *syscall_filter_set_find(const char *name) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-static int seccomp_add_syscall_filter_set(scmp_filter_ctx seccomp, const SyscallFilterSet *set, uint32_t action, char **exclude, bool log_missing);
|
||||
+static int add_syscall_filter_set(
|
||||
+ scmp_filter_ctx seccomp,
|
||||
+ const SyscallFilterSet *set,
|
||||
+ uint32_t action,
|
||||
+ char **exclude,
|
||||
+ bool log_missing,
|
||||
+ char ***added);
|
||||
+
|
||||
+int seccomp_add_syscall_filter_item(
|
||||
+ scmp_filter_ctx *seccomp,
|
||||
+ const char *name,
|
||||
+ uint32_t action,
|
||||
+ char **exclude,
|
||||
+ bool log_missing,
|
||||
+ char ***added) {
|
||||
|
||||
-int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name, uint32_t action, char **exclude, bool log_missing) {
|
||||
assert(seccomp);
|
||||
assert(name);
|
||||
|
||||
if (strv_contains(exclude, name))
|
||||
return 0;
|
||||
|
||||
+ /* Any syscalls that are handled are added to the *added strv. The pointer
|
||||
+ * must be either NULL or point to a valid pre-initialized possibly-empty strv. */
|
||||
+
|
||||
if (name[0] == '@') {
|
||||
const SyscallFilterSet *other;
|
||||
|
||||
@@ -892,7 +908,7 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
- return seccomp_add_syscall_filter_set(seccomp, other, action, exclude, log_missing);
|
||||
+ return add_syscall_filter_set(seccomp, other, action, exclude, log_missing, added);
|
||||
|
||||
} else {
|
||||
int id, r;
|
||||
@@ -916,25 +932,34 @@ int seccomp_add_syscall_filter_item(scmp_filter_ctx *seccomp, const char *name,
|
||||
return r;
|
||||
}
|
||||
|
||||
+ if (added) {
|
||||
+ r = strv_extend(added, name);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
-static int seccomp_add_syscall_filter_set(
|
||||
+static int add_syscall_filter_set(
|
||||
scmp_filter_ctx seccomp,
|
||||
const SyscallFilterSet *set,
|
||||
uint32_t action,
|
||||
char **exclude,
|
||||
- bool log_missing) {
|
||||
+ bool log_missing,
|
||||
+ char ***added) {
|
||||
|
||||
const char *sys;
|
||||
int r;
|
||||
|
||||
+ /* Any syscalls that are handled are added to the *added strv. It needs to be initialized. */
|
||||
+
|
||||
assert(seccomp);
|
||||
assert(set);
|
||||
|
||||
NULSTR_FOREACH(sys, set->value) {
|
||||
- r = seccomp_add_syscall_filter_item(seccomp, sys, action, exclude, log_missing);
|
||||
+ r = seccomp_add_syscall_filter_item(seccomp, sys, action, exclude, log_missing, added);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
@@ -960,7 +985,7 @@ int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilter
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- r = seccomp_add_syscall_filter_set(seccomp, set, action, NULL, log_missing);
|
||||
+ r = add_syscall_filter_set(seccomp, set, action, NULL, log_missing, NULL);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to add filter set: %m");
|
||||
|
||||
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
|
||||
index 541ba1e067..291b2bffe0 100644
|
||||
--- a/src/shared/seccomp-util.h
|
||||
+++ b/src/shared/seccomp-util.h
|
||||
@@ -59,7 +59,13 @@ const SyscallFilterSet *syscall_filter_set_find(const char *name);
|
||||
|
||||
int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set);
|
||||
|
||||
-int seccomp_add_syscall_filter_item(scmp_filter_ctx *ctx, const char *name, uint32_t action, char **exclude, bool log_missing);
|
||||
+int seccomp_add_syscall_filter_item(
|
||||
+ scmp_filter_ctx *ctx,
|
||||
+ const char *name,
|
||||
+ uint32_t action,
|
||||
+ char **exclude,
|
||||
+ bool log_missing,
|
||||
+ char ***added);
|
||||
|
||||
int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilterSet *set, uint32_t action, bool log_missing);
|
||||
int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, uint32_t action, bool log_missing);
|
|
@ -0,0 +1,77 @@
|
|||
From 65d64ba146c30a5f205b650381f331fd8db2eb22 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 21 Aug 2020 17:23:48 +0200
|
||||
Subject: [PATCH] nspawn: return ENOSYS by default, EPERM for "known" calls
|
||||
|
||||
(cherry picked from commit 3573e032f26724949e86626eace058d006b8bf70)
|
||||
|
||||
Resolves: #2040247
|
||||
---
|
||||
src/nspawn/nspawn-seccomp.c | 20 +++++++++++++++-----
|
||||
1 file changed, 15 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
|
||||
index 2b4a65e875..563cda140e 100644
|
||||
--- a/src/nspawn/nspawn-seccomp.c
|
||||
+++ b/src/nspawn/nspawn-seccomp.c
|
||||
@@ -20,7 +20,7 @@
|
||||
|
||||
#if HAVE_SECCOMP
|
||||
|
||||
-static int seccomp_add_default_syscall_filter(
|
||||
+static int add_syscall_filters(
|
||||
scmp_filter_ctx ctx,
|
||||
uint32_t arch,
|
||||
uint64_t cap_list_retain,
|
||||
@@ -140,6 +140,7 @@ static int seccomp_add_default_syscall_filter(
|
||||
*/
|
||||
};
|
||||
|
||||
+ _cleanup_strv_free_ char **added = NULL;
|
||||
int r;
|
||||
size_t i;
|
||||
char **p;
|
||||
@@ -153,18 +154,25 @@ static int seccomp_add_default_syscall_filter(
|
||||
SCMP_ACT_ALLOW,
|
||||
syscall_blacklist,
|
||||
false,
|
||||
- NULL);
|
||||
+ &added);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to add syscall filter item %s: %m", whitelist[i].name);
|
||||
}
|
||||
|
||||
STRV_FOREACH(p, syscall_whitelist) {
|
||||
- r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, false, NULL);
|
||||
+ r = seccomp_add_syscall_filter_item(ctx, *p, SCMP_ACT_ALLOW, syscall_blacklist, true, &added);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to add rule for system call %s on %s, ignoring: %m",
|
||||
*p, seccomp_arch_to_string(arch));
|
||||
}
|
||||
|
||||
+ /* The default action is ENOSYS. Respond with EPERM to all other "known" but not allow-listed
|
||||
+ * syscalls. */
|
||||
+ r = seccomp_add_syscall_filter_item(ctx, "@known", SCMP_ACT_ERRNO(EPERM), added, true, NULL);
|
||||
+ if (r < 0)
|
||||
+ log_warning_errno(r, "Failed to add rule for @known set on %s, ignoring: %m",
|
||||
+ seccomp_arch_to_string(arch));
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -182,11 +190,13 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
|
||||
|
||||
log_debug("Applying whitelist on architecture: %s", seccomp_arch_to_string(arch));
|
||||
|
||||
- r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(EPERM));
|
||||
+ /* We install ENOSYS as the default action, but it will only apply to syscalls which are not
|
||||
+ * in the @known set, see above. */
|
||||
+ r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ERRNO(ENOSYS));
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to allocate seccomp object: %m");
|
||||
|
||||
- r = seccomp_add_default_syscall_filter(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist);
|
||||
+ r = add_syscall_filters(seccomp, arch, cap_list_retain, syscall_whitelist, syscall_blacklist);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From 33305c6801c10b741b11a3f329dc339d2e8c5514 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 18 Aug 2022 16:35:23 +0200
|
||||
Subject: [PATCH] test-procfs-util: skip test on certain errors
|
||||
|
||||
Inspired by upstream bf47f71c1c
|
||||
|
||||
RHEL-only
|
||||
Related: #2087152
|
||||
---
|
||||
src/shared/tests.c | 12 ++++++++++++
|
||||
src/shared/tests.h | 2 ++
|
||||
src/test/test-procfs-util.c | 6 ++++--
|
||||
3 files changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/shared/tests.c b/src/shared/tests.c
|
||||
index 1da80d653f..b1c71b992f 100644
|
||||
--- a/src/shared/tests.c
|
||||
+++ b/src/shared/tests.c
|
||||
@@ -78,6 +78,18 @@ void test_setup_logging(int level) {
|
||||
log_open();
|
||||
}
|
||||
|
||||
+int log_tests_skipped(const char *message) {
|
||||
+ log_notice("%s: %s, skipping tests.",
|
||||
+ program_invocation_short_name, message);
|
||||
+ return EXIT_TEST_SKIP;
|
||||
+}
|
||||
+
|
||||
+int log_tests_skipped_errno(int r, const char *message) {
|
||||
+ log_notice_errno(r, "%s: %s, skipping tests: %m",
|
||||
+ program_invocation_short_name, message);
|
||||
+ return EXIT_TEST_SKIP;
|
||||
+}
|
||||
+
|
||||
const char *ci_environment(void) {
|
||||
/* We return a string because we might want to provide multiple bits of information later on: not
|
||||
* just the general CI environment type, but also whether we're sanitizing or not, etc. The caller is
|
||||
diff --git a/src/shared/tests.h b/src/shared/tests.h
|
||||
index 4f8f349097..d50711338c 100644
|
||||
--- a/src/shared/tests.h
|
||||
+++ b/src/shared/tests.h
|
||||
@@ -5,6 +5,8 @@ char* setup_fake_runtime_dir(void);
|
||||
bool test_is_running_from_builddir(char **exedir);
|
||||
const char* get_testdata_dir(void);
|
||||
void test_setup_logging(int level);
|
||||
+int log_tests_skipped(const char *message);
|
||||
+int log_tests_skipped_errno(int r, const char *message);
|
||||
|
||||
/* Provide a convenient way to check if we're running in CI. */
|
||||
const char *ci_environment(void);
|
||||
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
|
||||
index d656c4df4f..aba5692e54 100644
|
||||
--- a/src/test/test-procfs-util.c
|
||||
+++ b/src/test/test-procfs-util.c
|
||||
@@ -7,6 +7,7 @@
|
||||
#include "procfs-util.h"
|
||||
#include "process-util.h"
|
||||
#include "util.h"
|
||||
+#include "tests.h"
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
|
||||
@@ -52,8 +53,9 @@ int main(int argc, char *argv[]) {
|
||||
log_info("Reducing limit by one to %"PRIu64"…", v-1);
|
||||
|
||||
r = procfs_tasks_set_limit(v-1);
|
||||
- log_info_errno(r, "procfs_tasks_set_limit: %m");
|
||||
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
|
||||
+ if (IN_SET(r, -ENOENT, -EROFS) || ERRNO_IS_PRIVILEGE(r))
|
||||
+ return log_tests_skipped_errno(r, "can't set tasks limit");
|
||||
+ assert_se(r >= 0);
|
||||
|
||||
assert_se(procfs_get_threads_max(&w) >= 0);
|
||||
assert_se(r >= 0 ? w == v - 1 : w == v);
|
|
@ -13,7 +13,7 @@
|
|||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 239
|
||||
Release: 62%{?dist}
|
||||
Release: 65%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
|
@ -841,7 +841,35 @@ Patch0788: 0788-test-replace-swear-words-by-hoge.patch
|
|||
Patch0789: 0789-core-add-new-environment-variable-RUNTIME_DIRECTORY-.patch
|
||||
Patch0790: 0790-test-execute-add-tests-for-RUNTIME_DIRECTORY-or-frie.patch
|
||||
Patch0791: 0791-man-document-RUNTIME_DIRECTORY-or-friends.patch
|
||||
|
||||
Patch0792: 0792-ci-bump-the-worker-Ubuntu-version-to-Jammy.patch
|
||||
Patch0793: 0793-test-make-test-execute-pass-on-Linux-5.15.patch
|
||||
Patch0794: 0794-ci-install-iputils.patch
|
||||
Patch0795: 0795-ci-Mergify-Add-ci-waived-logic.patch
|
||||
Patch0796: 0796-sd-event-don-t-invalidate-source-type-on-disconnect.patch
|
||||
Patch0797: 0797-tests-make-sure-we-delay-running-mount-start-jobs-wh.patch
|
||||
Patch0798: 0798-core-drop-references-to-StandardOutputFileToCreate.patch
|
||||
Patch0799: 0799-dbus-execute-fix-indentation.patch
|
||||
Patch0800: 0800-dbus-execute-generate-the-correct-transient-unit-set.patch
|
||||
Patch0801: 0801-bus-unit-util-properly-accept-StandardOutput-append-.patch
|
||||
Patch0802: 0802-core-be-more-careful-when-inheriting-stdout-fds-to-s.patch
|
||||
Patch0803: 0803-test-add-a-test-for-StandardError-file.patch
|
||||
Patch0804: 0804-tree-wide-allow-ASCII-fallback-for-in-logs.patch
|
||||
Patch0805: 0805-tree-wide-allow-ASCII-fallback-for-in-logs.patch
|
||||
Patch0806: 0806-core-allow-to-set-default-timeout-for-devices.patch
|
||||
Patch0807: 0807-man-document-DefaultDeviceTimeoutSec.patch
|
||||
Patch0808: 0808-Revert-core-Propagate-condition-failed-state-to-trig.patch
|
||||
Patch0809: 0809-core-Check-unit-start-rate-limiting-earlier.patch
|
||||
Patch0810: 0810-core-Add-trigger-limit-for-path-units.patch
|
||||
Patch0811: 0811-meson-add-syscall-names-update-target.patch
|
||||
Patch0812: 0812-syscall-names-add-process_madvise-which-is-planned-f.patch
|
||||
Patch0813: 0813-shared-add-known-syscall-list.patch
|
||||
Patch0814: 0814-generate-syscall-list-require-python3.patch
|
||||
Patch0815: 0815-shared-seccomp-reduce-scope-of-indexing-variables.patch
|
||||
Patch0816: 0816-shared-syscall-list-filter-out-some-obviously-platfo.patch
|
||||
Patch0817: 0817-seccomp-tighten-checking-of-seccomp-filter-creation.patch
|
||||
Patch0818: 0818-shared-seccomp-util-added-functionality-to-make-list.patch
|
||||
Patch0819: 0819-nspawn-return-ENOSYS-by-default-EPERM-for-known-call.patch
|
||||
Patch0820: 0820-test-procfs-util-skip-test-on-certain-errors.patch
|
||||
|
||||
%ifarch %{ix86} x86_64 aarch64
|
||||
%global have_gnu_efi 1
|
||||
|
@ -1471,6 +1499,43 @@ fi
|
|||
%files tests -f .file-list-tests
|
||||
|
||||
%changelog
|
||||
* Fri Aug 19 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-65
|
||||
- test-procfs-util: skip test on certain errors (#2087152)
|
||||
|
||||
* Thu Aug 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-64
|
||||
- ci: bump the worker Ubuntu version to Jammy (#2087152)
|
||||
- test: make test-execute pass on Linux 5.15 (#2087152)
|
||||
- ci: install iputils (#2087152)
|
||||
- ci(Mergify): Add `ci-waived` logic (#2087152)
|
||||
- sd-event: don't invalidate source type on disconnect (#2115396)
|
||||
- tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited (#2095744)
|
||||
- core: drop references to 'StandardOutputFileToCreate' (#2093479)
|
||||
- dbus-execute: fix indentation (#2093479)
|
||||
- dbus-execute: generate the correct transient unit setting (#2093479)
|
||||
- bus-unit-util: properly accept StandardOutput=append:… settings (#2093479)
|
||||
- core: be more careful when inheriting stdout fds to stderr (#2093479)
|
||||
- test: add a test for StandardError=file:… (#2093479)
|
||||
- tree-wide: allow ASCII fallback for → in logs (#2093479)
|
||||
- tree-wide: allow ASCII fallback for … in logs (#2093479)
|
||||
- core: allow to set default timeout for devices (#1967245)
|
||||
- man: document DefaultDeviceTimeoutSec= (#1967245)
|
||||
- Revert "core: Propagate condition failed state to triggering units." (#2114005)
|
||||
- core: Check unit start rate limiting earlier (#2114005)
|
||||
- core: Add trigger limit for path units (#2114005)
|
||||
- meson: add syscall-names-update target (#2040247)
|
||||
- syscall-names: add process_madvise which is planned for 5.10 (#2040247)
|
||||
- shared: add @known syscall list (#2040247)
|
||||
- generate-syscall-list: require python3 (#2040247)
|
||||
- shared/seccomp: reduce scope of indexing variables (#2040247)
|
||||
- shared/syscall-list: filter out some obviously platform-specific syscalls (#2040247)
|
||||
- seccomp: tighten checking of seccomp filter creation (#2040247)
|
||||
- shared/seccomp-util: added functionality to make list of filtred syscalls (#2040247)
|
||||
- nspawn: return ENOSYS by default, EPERM for "known" calls (#2040247)
|
||||
- revert: resolved: pin stream while calling callbacks for it (#2110549)
|
||||
|
||||
* Wed Aug 03 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-63
|
||||
- resolved: pin stream while calling callbacks for it (#2110549)
|
||||
|
||||
* Mon Jul 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-62
|
||||
- spec: Remove dependency on timedatex (#2066946)
|
||||
|
||||
|
|
Loading…
Reference in New Issue