rpms
/
systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-249-7.el9_b

This commit is contained in:
CentOS Sources 2021-11-03 20:51:05 -04:00 committed by Stepan Oksanichenko
commit dce7cb8d0f
62 changed files with 6576 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/systemd-249.tar.gz

1
.systemd.metadata Normal file
View File

@ -0,0 +1 @@
7c8e186aa6a81d97f86d62584062d0b560e4559d SOURCES/systemd-249.tar.gz

54
SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch Normal file
View File

@ -0,0 +1,54 @@
From 5ce0a9b91add22f2a21f1bc7c0f888307f7e58e8 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default
RHEL-only
Resolves: #1959836
(cherry picked from commit 0b3833d6c3b751c6dfb40eeb2ef852984c58f546)
---
man/logind.conf.xml | 2 +-
src/login/logind-core.c | 2 +-
src/login/logind.conf.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index be62b6b572..bec7ff44af 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -346,7 +346,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
</varlistentry>
</variablelist>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 22031f485a..f5e1126adc 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
m->n_autovts = 6;
m->reserve_vt = 6;
- m->remove_ipc = true;
+ m->remove_ipc = false;
m->inhibit_delay_max = 5 * USEC_PER_SEC;
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index 27ba77ce79..f9c5099865 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -39,6 +39,6 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodes=400k
-#RemoveIPC=yes
+#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192

65
SOURCES/0002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Normal file
View File

@ -0,0 +1,65 @@
From d00c14d513bbac6562a5921a2be225cfcc4f794f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:46:41 +0200
Subject: [PATCH] basic/unit-name: do not use strdupa() on a path
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
Resolves: #1984299
(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
---
src/basic/unit-name.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 284a773483..a22763443f 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
}
int unit_name_path_escape(const char *f, char **ret) {
- char *p, *s;
+ _cleanup_free_ char *p = NULL;
+ char *s;
assert(f);
assert(ret);
- p = strdupa(f);
+ p = strdup(f);
if (!p)
return -ENOMEM;
@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
if (!path_is_normalized(p))
return -EINVAL;
- /* Truncate trailing slashes */
+ /* Truncate trailing slashes and skip leading slashes */
delete_trailing_chars(p, "/");
-
- /* Truncate leading slashes */
- p = skip_leading_chars(p, "/");
-
- s = unit_name_escape(p);
+ s = unit_name_escape(skip_leading_chars(p, "/"));
}
if (!s)
return -ENOMEM;

39
SOURCES/0003-basic-unit-name-adjust-comments.patch Normal file
View File

@ -0,0 +1,39 @@
From 10a1e767c7bacca5da4ae7260c2a53f7949c3d7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:52:56 +0200
Subject: [PATCH] basic/unit-name: adjust comments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We already checked for "too long" right above…
Related: #1984299
(cherry picked from commit 4e2544c30bfb95e7cb4d1551ba066b1a56520ad6)
---
src/basic/unit-name.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index a22763443f..1deead7458 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;

27
SOURCES/0004-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch Normal file
View File

@ -0,0 +1,27 @@
From ae1b3df445f9f9e27fa6a42602d4eb1db92df7a0 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
symlink
RHEL-only
Resolves: #1989472
---
tmpfiles.d/etc.conf.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in
index 2323fd8cd8..ebdc699c26 100644
--- a/tmpfiles.d/etc.conf.in
+++ b/tmpfiles.d/etc.conf.in
@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
{% if HAVE_SMACK_RUN_LABEL %}
t /etc/mtab - - - - security.SMACK64=_
{% endif %}
-{% if ENABLE_RESOLVE %}
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
-{% endif %}
C! /etc/nsswitch.conf - - - -
{% if HAVE_PAM %}
C! /etc/pam.d - - - -

78
SOURCES/0005-Copy-40-redhat.rules-from-RHEL-8.patch Normal file
View File

@ -0,0 +1,78 @@
From ddf558cda4afe6b81586887bcbb8d0ea376c7e71 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 2 Jul 2021 13:25:51 +0200
Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
RHEL-only
Resolves: #1978639
---
rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++
rules.d/meson.build | 1 +
2 files changed, 47 insertions(+)
create mode 100644 rules.d/40-redhat.rules
diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
new file mode 100644
index 0000000000..3c95cd2df0
--- /dev/null
+++ b/rules.d/40-redhat.rules
@@ -0,0 +1,46 @@
+# do not edit this file, it will be overwritten on update
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
+
+# Memory hotadd request
+SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
+ACTION!="add", GOTO="memory_hotplug_end"
+CONST{arch}=="s390*", GOTO="memory_hotplug_end"
+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
+
+ENV{.state}="online"
+CONST{virt}=="none", ENV{.state}="online_movable"
+ATTR{state}=="offline", ATTR{state}="$env{.state}"
+
+LABEL="memory_hotplug_end"
+
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
+
+# load SCSI generic (sg) driver
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
+
+# Rule for prandom character device node permissions
+KERNEL=="prandom", MODE="0644"
+
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
+#
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
+
+#
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
+# (both disk and partition) are SCSI devices based on FCP devices
+#
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
+
+# For SCSI disks
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
+
+
+# For partitions on a SCSI disk
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
+
+LABEL="zfcp_scsi_device_end"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 598649a562..72632979fa 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -5,6 +5,7 @@ install_data(
install_dir : udevrulesdir)
rules = files('''
+ 40-redhat.rules
60-autosuspend.rules
60-block.rules
60-cdrom_id.rules

47
SOURCES/0006-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch Normal file
View File

@ -0,0 +1,47 @@
From d77095927682f5a6921d3825256743eb8f5e6e1b Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
adds an After relationship.
RHEL-only
Resolves: #1959826
(cherry picked from commit f58c5ced373c2532b5cc44ba2e0c3a28b41472f2)
---
src/core/unit.c | 7 +------
units/basic.target | 3 ++-
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 30afd5a776..d9cd0c229a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1266,12 +1266,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
}
if (c->private_tmp) {
-
- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
- * /tmp specifically and masking other mount units should be handled more
- * gracefully too, see PR#16894. */
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
diff --git a/units/basic.target b/units/basic.target
index d8cdd5ac14..9eae0782a2 100644
--- a/units/basic.target
+++ b/units/basic.target
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
# we support that unit being masked, and this should not be considered an error.
RequiresMountsFor=/var /var/tmp
-Wants=tmp.mount
+# RHEL-only: Disable /tmp on tmpfs.
+#Wants=tmp.mount

40
SOURCES/0007-unit-don-t-add-Requires-for-tmp.mount.patch Normal file
View File

@ -0,0 +1,40 @@
From 209af66ef66a67a9cafa5a1d6364ce436cd593aa Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount
rhel-only
Resolves: #1619292
(cherry picked from commit 03e52d33bbdea731eaa79545bb1d30c5b21abe3d)
---
src/core/mount.c | 2 +-
src/core/unit.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 053deac14d..1fd3102ad3 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -343,7 +343,7 @@ static int mount_add_mount_dependencies(Mount *m) {
if (r < 0)
return r;
- if (UNIT(m)->fragment_path) {
+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
/* If we have fragment configuration, then make this dependency required */
r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
if (r < 0)
diff --git a/src/core/unit.c b/src/core/unit.c
index d9cd0c229a..371dda7e29 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1506,7 +1506,7 @@ static int unit_add_mount_dependencies(Unit *u) {
if (r < 0)
return r;
- if (m->fragment_path) {
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
if (r < 0)
return r;

25
SOURCES/0008-units-add-Install-section-to-tmp.mount.patch Normal file
View File

@ -0,0 +1,25 @@
From c54ec17a683866f8e74f0d78c19369a6e86e46f3 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 22 Jan 2019 10:28:42 +0100
Subject: [PATCH] units: add [Install] section to tmp.mount
RHEL-only
Related: #1959826
(cherry picked from commit bb3d205bea1c83cbd0e27b504f5f1faa884fb602)
---
units/tmp.mount | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/units/tmp.mount b/units/tmp.mount
index 516bd1621c..fc1812111e 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount
@@ -23,3 +23,7 @@ What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k
+
+# Make 'systemctl enable tmp.mount' work:
+[Install]
+WantedBy=local-fs.target

29
SOURCES/0009-rc-local-order-after-network-online.target.patch Normal file
View File

@ -0,0 +1,29 @@
From 10c26ebc7cd9bff3d73ff9a89ddec44bde88e4cd Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
just network-online.target didn't exist back then.
RHEL-only
Resolves: #1954429
---
units/rc-local.service.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 55e83dfe00..0eee722154 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,8 @@
Description={{RC_LOCAL_PATH}} Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable={{RC_LOCAL_PATH}}
-After=network.target
+After=network-online.target
+Wants=network-online.target
[Service]
Type=forking

284
SOURCES/0010-ci-drop-CIs-irrelevant-for-downstream.patch Normal file
View File

@ -0,0 +1,284 @@
From b3c617b8d0fb95322e203842d2ac68593a4acdcd Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 18 Apr 2021 20:46:06 +0200
Subject: [PATCH] ci: drop CIs irrelevant for downstream
* CIFuzz would need a separate project in oss-fuzz
* Coverity would also need a separate project
* the Labeler action is superfluous, since we already have a bot for
that
* mkosi testing on other distros is irrelevant for downstream RHEL
repo
Resolves: #1960703
rhel-only
---
.github/labeler.yml | 38 ------------------
.github/workflows/cifuzz.yml | 47 ----------------------
.github/workflows/coverity.yml | 39 -------------------
.github/workflows/labeler.yml | 13 -------
.github/workflows/mkosi.yml | 58 ----------------------------
.github/workflows/test_mkosi_boot.py | 24 ------------
6 files changed, 219 deletions(-)
delete mode 100644 .github/labeler.yml
delete mode 100644 .github/workflows/cifuzz.yml
delete mode 100644 .github/workflows/coverity.yml
delete mode 100644 .github/workflows/labeler.yml
delete mode 100644 .github/workflows/mkosi.yml
delete mode 100755 .github/workflows/test_mkosi_boot.py
diff --git a/.github/labeler.yml b/.github/labeler.yml
deleted file mode 100644
index 773d575004..0000000000
--- a/.github/labeler.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-hwdb:
- - hwdb.d/**/*
-units:
- - units/**/*
-documentation:
- - NEWS
- - docs/*
-network:
- - src/libsystemd-network/**/*
- - src/network/**/*
-udev:
- - src/udev/**/*
- - src/libudev/*
-selinux:
- - '**/*selinux*'
-apparmor:
- - '**/*apparmor*'
-meson:
- - meson_option.txt
-mkosi:
- - .mkosi/*
- - mkosi.build
-busctl:
- - src/busctl/*
-systemctl:
- - src/systemctl/*
-journal:
- - src/journal/*
-journal-remote:
- - src/journal-remote/*
-portable:
- - src/portable/**/*
-resolve:
- - src/resolve/*
-timedate:
- - src/timedate/*
-timesync:
- - src/timesync/*
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
deleted file mode 100644
index 14d81a67ff..0000000000
--- a/.github/workflows/cifuzz.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
-
-name: CIFuzz
-on:
- pull_request:
- paths:
- - '**/meson.build'
- - '.github/workflows/**'
- - 'meson_options.txt'
- - 'src/**'
- - 'test/fuzz/**'
- - 'tools/oss-fuzz.sh'
- push:
- branches:
- - main
-jobs:
- Fuzzing:
- runs-on: ubuntu-latest
- if: github.repository == 'systemd/systemd'
- strategy:
- fail-fast: false
- matrix:
- sanitizer: [address, undefined, memory]
- steps:
- - name: Build Fuzzers (${{ matrix.sanitizer }})
- id: build
- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- dry-run: false
- allowed-broken-targets-percentage: 0
- sanitizer: ${{ matrix.sanitizer }}
- - name: Run Fuzzers (${{ matrix.sanitizer }})
- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- fuzz-seconds: 600
- dry-run: false
- sanitizer: ${{ matrix.sanitizer }}
- - name: Upload Crash
- uses: actions/upload-artifact@v1
- if: failure() && steps.build.outcome == 'success'
- with:
- name: ${{ matrix.sanitizer }}-artifacts
- path: ./out/artifacts
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
deleted file mode 100644
index a0eb0f01fd..0000000000
--- a/.github/workflows/coverity.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-#
-name: Coverity
-
-on:
- schedule:
- # Run Coverity daily at midnight
- - cron: '0 0 * * *'
-
-jobs:
- build:
- runs-on: ubuntu-20.04
- if: github.repository == 'systemd/systemd'
- env:
- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
- COVERITY_SCAN_NOTIFICATION_EMAIL: ""
- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
- # Set in repo settings -> secrets -> repository secrets
- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
- CURRENT_REF: "${{ github.ref }}"
- steps:
- - name: Repository checkout
- uses: actions/checkout@v1
- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
- - name: Install Coverity tools
- run: tools/get-coverity.sh
- # Reuse the setup phase of the unit test script to avoid code duplication
- - name: Install build dependencies
- run: sudo -E .github/workflows/unit_tests.sh SETUP
- # Preconfigure with meson to prevent Coverity from capturing meson metadata
- - name: Preconfigure the build directory
- run: meson cov-build -Dman=false
- - name: Build
- run: tools/coverity.sh build
- - name: Upload the results
- run: tools/coverity.sh upload
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
deleted file mode 100644
index 76d67a3a5c..0000000000
--- a/.github/workflows/labeler.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-name: "Pull Request Labeler"
-on:
-- pull_request_target
-
-jobs:
- triage:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/labeler@main
- with:
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
- configuration-path: .github/labeler.yml
- sync-labels: "" # This is a workaround for issue 18671
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
deleted file mode 100644
index babdf7ae6e..0000000000
--- a/.github/workflows/mkosi.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: mkosi
-
-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in .mkosi.
-
-on:
- push:
- branches:
- - main
- pull_request:
- branches:
- - main
-
-jobs:
- ci:
- runs-on: ubuntu-20.04
- strategy:
- fail-fast: false
- matrix:
- distro:
- - arch
- - debian
- - ubuntu
- - fedora
-
- steps:
- - uses: actions/checkout@v2
- - uses: systemd/mkosi@v9
-
- - name: Install
- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
-
- - name: Symlink
- run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default
-
- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
- # required, since current Arch's glibc implements faccessat() via faccessat2().
- - name: Update systemd-nspawn
- if: ${{ matrix.distro == 'arch' }}
- run: |
- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
- sudo apt update
- sudo apt build-dep systemd
- meson build
- ninja -C build
- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
- systemd-nspawn --version
-
- - name: Build ${{ matrix.distro }}
- run: sudo python3 -m mkosi --password= --qemu-headless build
-
- - name: Show ${{ matrix.distro }} image summary
- run: sudo python3 -m mkosi --password= --qemu-headless summary
-
- - name: Boot ${{ matrix.distro }} systemd-nspawn
- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless boot
-
- - name: Boot ${{ matrix.distro }} QEMU
- run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless qemu
diff --git a/.github/workflows/test_mkosi_boot.py b/.github/workflows/test_mkosi_boot.py
deleted file mode 100755
index 3418fd3a51..0000000000
--- a/.github/workflows/test_mkosi_boot.py
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env python3
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-import pexpect
-import sys
-
-
-def run() -> None:
- p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300)
-
- p.expect("#")
- p.sendline("systemctl poweroff")
-
- p.expect(pexpect.EOF)
-
-
-try:
- run()
-except pexpect.EOF:
- print("UNEXPECTED EOF")
- sys.exit(1)
-except pexpect.TIMEOUT:
- print("TIMED OUT")
- sys.exit(1)

60
SOURCES/0011-ci-reconfigure-Packit-for-RHEL-9.patch Normal file
View File

@ -0,0 +1,60 @@
From b00b4b76e8a7267db2dc54a5d23272a6586770da Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 9 Jun 2021 15:23:59 +0200
Subject: [PATCH] ci: reconfigure Packit for RHEL 9
Resolves: #1960703
rhel-only
---
.packit.yml | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/.packit.yml b/.packit.yml
index 4545e30e08..3461bccbc5 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
actions:
post-upstream-clone:
- # Use the Fedora Rawhide specfile
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
+ # Use the CentOS Stream specfile
+ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- "rm -fv .packit_rpm/sources"
- # Drop backported patches from the specfile, but keep the downstream-only ones
- # - Patch0000-0499: backported patches from upstream
- # - Patch0500-9999: downstream-only patches
- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
+ # Drop all patches, since they're already included in the tarball
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
# Build the RPM with --werror. Even though --werror doesn't work in all
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
@@ -32,11 +30,22 @@ actions:
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+# Available targets can be listed via `copr-cli list-chroots`
jobs:
+# Build test
- job: copr_build
trigger: pull_request
metadata:
targets:
- - fedora-rawhide-aarch64
- - fedora-rawhide-i386
- - fedora-rawhide-x86_64
+ # FIXME: change to CentOS 9 once it's available
+ - fedora-34-x86_64
+ - fedora-34-aarch64
+
+# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
+# Run tests (via testing farm)
+#- job: tests
+# trigger: pull_request
+# metadata:
+# targets:
+# # FIXME: change to CentOS 9 once it's available
+# - fedora-34-x86_64

27
SOURCES/0012-ci-run-unit-tests-on-z-stream-branches-as-well.patch Normal file
View File

@ -0,0 +1,27 @@
From ef23dd2793c19e9505ab1e70fff20b7ea184dc54 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 15 Jul 2021 12:23:27 +0200
Subject: [PATCH] ci: run unit tests on z-stream branches as well
Resolves: #1960703
rhel-only
---
.github/workflows/unit_tests.yml | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index ca1e6e0c30..e560bff830 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -2,10 +2,7 @@
# vi: ts=2 sw=2 et:
#
name: Unit tests
-on:
- pull_request:
- branches:
- - main
+on: [pull_request]
jobs:
build:

110
SOURCES/0013-Check-return-value-of-pam_get_item-pam_get_data-func.patch Normal file
View File

@ -0,0 +1,110 @@
From a311dc4ade908452d7920452a18ce411af0f6dd3 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <sirmy15@gmail.com>
Date: Thu, 17 Jun 2021 16:39:23 +0200
Subject: [PATCH] Check return value of pam_get_item/pam_get_data functions
(cherry picked from commit a22cbf85ed9863ba5c86681db89424747119ef0c)
Resolves: #1973210
---
src/login/pam_systemd.c | 66 ++++++++++++++++++++++++++++++++++-------
1 file changed, 55 insertions(+), 11 deletions(-)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index f8bd17eefe..1b643d52ca 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -705,7 +705,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
* "systemd-user" we simply set XDG_RUNTIME_DIR and
* leave. */
- (void) pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ r = pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM service: %s", pam_strerror(handle, r));
+ return r;
+ }
if (streq_ptr(service, "systemd-user")) {
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
@@ -719,10 +723,26 @@ _public_ PAM_EXTERN int pam_sm_open_session(
/* Otherwise, we ask logind to create a session for us */
- (void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
- (void) pam_get_item(handle, PAM_TTY, (const void**) &tty);
- (void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
- (void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
+ r = pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM XDISPLAY: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_TTY, (const void**) &tty);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM TTY: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RUSER: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM RHOST: %s", pam_strerror(handle, r));
+ return r;
+ }
seat = getenv_harder(handle, "XDG_SEAT", NULL);
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
@@ -789,11 +809,31 @@ _public_ PAM_EXTERN int pam_sm_open_session(
remote = !isempty(remote_host) && !is_localhost(remote_host);
- (void) pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max);
- (void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
- (void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
- (void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
- (void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
+ r = pam_get_data(handle, "systemd.memory_max", (const void **)&memory_max);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.memory_max data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.tasks_max data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.cpu_weight data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.io_weight data: %s", pam_strerror(handle, r));
+ return r;
+ }
+ r = pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.runtime_max_sec data: %s", pam_strerror(handle, r));
+ return r;
+ }
/* Talk to logind over the message bus */
@@ -996,7 +1036,11 @@ _public_ PAM_EXTERN int pam_sm_close_session(
/* Only release session if it wasn't pre-existing when we
* tried to create it */
- (void) pam_get_data(handle, "systemd.existing", &existing);
+ r = pam_get_data(handle, "systemd.existing", &existing);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA)) {
+ pam_syslog(handle, LOG_ERR, "Failed to get PAM systemd.existing data: %s", pam_strerror(handle, r));
+ return r;
+ }
id = pam_getenv(handle, "XDG_SESSION_ID");
if (id && !existing) {

25
SOURCES/0014-random-util-increase-random-seed-size-to-1024.patch Normal file
View File

@ -0,0 +1,25 @@
From f1266682aca4a2ed3d85017527d1456cbe5d2f2a Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024
RHEL-only
Resolves: #1982603
---
src/basic/random-util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
index e6528ddc7f..fda78552f6 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
int rdrand(unsigned long *ret);
/* Some limits on the pool sizes when we deal with the kernel random pool */
-#define RANDOM_POOL_SIZE_MIN 512U
+#define RANDOM_POOL_SIZE_MIN 1024U
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
size_t random_pool_size(void);

41
SOURCES/0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch Normal file
View File

@ -0,0 +1,41 @@
From d68134590110a93c383a7ae696ccf3717f20682a Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
default
RHEL-only
Resolves: #1973856
---
units/meson.build | 3 +--
units/systemd-journald.service.in | 2 +-
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index 17e9ead9c1..68be8d0108 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -119,8 +119,7 @@ units = [
'sysinit.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
- ['systemd-journald-audit.socket', '',
- 'sockets.target.wants/'],
+ ['systemd-journald-audit.socket', ''],
['systemd-journald-dev-log.socket', '',
'sockets.target.wants/'],
['systemd-journald.socket', '',
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index cd17b6b4e7..d981273b07 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -12,7 +12,7 @@ Description=Journal Service
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Requires=systemd-journald.socket
-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
Before=sysinit.target
[Service]

22
SOURCES/0016-journald.conf-don-t-touch-current-audit-settings.patch Normal file
View File

@ -0,0 +1,22 @@
From c040ffc7d27e2952bd6acccc1d8a351f31ba24db Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings
RHEL-only
Related: #1973856
---
src/journal/journald.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index 5a60a9d39c..3544da2112 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -44,4 +44,4 @@
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
-#Audit=yes
+Audit=

137
SOURCES/0017-Revert-udev-remove-WAIT_FOR-key.patch Normal file
View File

@ -0,0 +1,137 @@
From ba508dc60d5f62d8821242eebf50efcfbddd1428 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 10 Aug 2021 14:46:16 +0200
Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
RHEL-only
Resolves: #1982666
---
man/udev.xml | 9 +++++++
src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++
test/rule-syntax-check.py | 2 +-
3 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/man/udev.xml b/man/udev.xml
index f6ea2abc12..ce96e201e4 100644
--- a/man/udev.xml
+++ b/man/udev.xml
@@ -592,6 +592,15 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>WAIT_FOR</varname></term>
+ <listitem>
+ <para>Wait for a file to become available or until a timeout of
+ 10 seconds expires. The path is relative to the sysfs device;
+ if no path is specified, this waits for an attribute to appear.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>OPTIONS</varname></term>
<listitem>
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
index bf997fc0ed..a02a7a1bc6 100644
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -78,6 +78,7 @@ typedef enum {
TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */
TK_M_DRIVER, /* string, sd_device_get_driver() */
+ TK_M_WAITFOR,
TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
TK_M_SYSCTL, /* string, takes kernel parameter through attribute */
@@ -415,6 +416,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
rule_line->current_token = token;
}
+#define WAIT_LOOP_PER_SECOND 50
+static int wait_for_file(sd_device *dev, const char *file, int timeout) {
+ char filepath[UDEV_PATH_SIZE];
+ char devicepath[UDEV_PATH_SIZE];
+ struct stat stats;
+ int loop = timeout * WAIT_LOOP_PER_SECOND;
+
+ /* a relative path is a device attribute */
+ devicepath[0] = '\0';
+ if (file[0] != '/') {
+ const char *val;
+ int r;
+
+ r = sd_device_get_syspath(dev, &val);
+ if (r < 0)
+ return r;
+ strscpyl(devicepath, sizeof(devicepath), val, NULL);
+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
+ file = filepath;
+ }
+
+ while (--loop) {
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
+
+ /* lookup file */
+ if (stat(file, &stats) == 0) {
+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
+ return 0;
+ }
+ /* make sure, the device did not disappear in the meantime */
+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
+ log_debug("device disappeared while waiting for '%s'", file);
+ return -2;
+ }
+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
+ nanosleep(&duration, NULL);
+ }
+ log_debug("waiting for '%s' failed", file);
+ return -1;
+}
+
static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
UdevRuleToken *token;
UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
@@ -957,6 +999,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
} else
return log_token_invalid_attr(rules, key);
+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
+ if (op == OP_REMOVE)
+ return log_token_invalid_op(rules, key);
+
+ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
+ return 1;
} else if (streq(key, "GOTO")) {
if (attr)
return log_token_invalid_attr(rules, key);
@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
return token_match_string(token, val);
}
+ case TK_M_WAITFOR: {
+ char filename[UDEV_PATH_SIZE];
+ int found;
+
+ udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
+ found = (wait_for_file(event->dev, filename, 10) == 0);
+ return found || (token->op == OP_NOMATCH);
+ }
case TK_M_ATTR:
case TK_M_PARENTS_ATTR:
return token_match_attr(token, dev, event);
diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
index 9a9e4d1658..0649bcf58e 100755
--- a/test/rule-syntax-check.py
+++ b/test/rule-syntax-check.py
@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
# PROGRAM can also be specified as an assignment.
program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
# Find comma-separated groups, but allow commas that are inside quoted strings.
# Using quoted_string_re + '?' so that strings missing the last double quote

94
SOURCES/0018-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch Normal file
View File

@ -0,0 +1,94 @@
From 7cea77bd5712260277e451d34908f01f14c467c4 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 30 Aug 2021 18:38:09 +0200
Subject: [PATCH] boot: don't build bootctl when -Dgnu-efi=false is set
(cherry picked from commit fbe3a414e1d8f7b05dccf3d24d4fa475eb9c6bc9)
Resolves: #1972223
---
meson.build | 8 +++++---
shell-completion/bash/meson.build | 2 +-
shell-completion/zsh/meson.build | 2 +-
units/meson.build | 2 +-
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/meson.build b/meson.build
index 738879eb21..d28f04607a 100644
--- a/meson.build
+++ b/meson.build
@@ -1608,6 +1608,10 @@ else
endif
conf.set10('ENABLE_EFI', have)
+subdir('src/fundamental')
+subdir('src/boot/efi')
+conf.set10('HAVE_GNU_EFI', have_gnu_efi)
+
############################################################
build_bpf_skel_py = find_program('tools/build-bpf-skel.py')
@@ -1660,7 +1664,6 @@ includes = [libsystemd_includes, include_directories('src/shared')]
subdir('po')
subdir('catalog')
-subdir('src/fundamental')
subdir('src/basic')
subdir('src/libsystemd')
subdir('src/shared')
@@ -1751,7 +1754,6 @@ subdir('src/journal')
subdir('src/libsystemd-network')
subdir('src/analyze')
-subdir('src/boot/efi')
subdir('src/busctl')
subdir('src/coredump')
subdir('src/cryptenroll')
@@ -2145,7 +2147,7 @@ if conf.get('HAVE_PAM') == 1
install_dir : rootlibexecdir)
endif
-if conf.get('ENABLE_EFI') == 1 and conf.get('HAVE_BLKID') == 1
+if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1
public_programs += executable(
'bootctl',
'src/boot/bootctl.c',
diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build
index c26b413d92..bfdd2b01f0 100644
--- a/shell-completion/bash/meson.build
+++ b/shell-completion/bash/meson.build
@@ -33,7 +33,7 @@ items = [['busctl', ''],
['systemd-run', ''],
['udevadm', ''],
['kernel-install', ''],
- ['bootctl', 'ENABLE_EFI'],
+ ['bootctl', 'HAVE_GNU_EFI'],
['coredumpctl', 'ENABLE_COREDUMP'],
['homectl', 'ENABLE_HOMED'],
['hostnamectl', 'ENABLE_HOSTNAMED'],
diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build
index f5f9b0f993..3a92f303b8 100644
--- a/shell-completion/zsh/meson.build
+++ b/shell-completion/zsh/meson.build
@@ -28,7 +28,7 @@ items = [['_busctl', ''],
['_sd_outputmodes', ''],
['_sd_unit_files', ''],
['_sd_machines', ''],
- ['_bootctl', 'ENABLE_EFI'],
+ ['_bootctl', 'HAVE_GNU_EFI'],
['_coredumpctl', 'ENABLE_COREDUMP'],
['_hostnamectl', 'ENABLE_HOSTNAMED'],
['_localectl', 'ENABLE_LOCALED'],
diff --git a/units/meson.build b/units/meson.build
index 68be8d0108..27a2b60137 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -102,7 +102,7 @@ units = [
['systemd-ask-password-wall.path', '',
'multi-user.target.wants/'],
['systemd-ask-password-wall.service', ''],
- ['systemd-boot-system-token.service', 'ENABLE_EFI',
+ ['systemd-boot-system-token.service', 'HAVE_GNU_EFI',
'sysinit.target.wants/'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],

56
SOURCES/0019-rules-add-elevator-kernel-command-line-parameter.patch Normal file
View File

@ -0,0 +1,56 @@
From 7938e1e61c57441798d81124fd67b2e9bdd5e525 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter
Kernel removed the elevator= option, so let's reintroduce
it for rhel8 via udev rule.
RHEL-only
Resolves: #1998190
---
rules.d/40-elevator.rules | 20 ++++++++++++++++++++
rules.d/meson.build | 1 +
2 files changed, 21 insertions(+)
create mode 100644 rules.d/40-elevator.rules
diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
new file mode 100644
index 0000000000..dbe8fc81a4
--- /dev/null
+++ b/rules.d/40-elevator.rules
@@ -0,0 +1,20 @@
+# We aren't adding devices skip the elevator check
+ACTION!="add", GOTO="sched_out"
+
+SUBSYSTEM!="block", GOTO="sched_out"
+ENV{DEVTYPE}!="disk", GOTO="sched_out"
+
+# Technically, dm-multipath can be configured to use an I/O scheduler.
+# However, there are races between the 'add' uevent and the linking in
+# of the queue/scheduler sysfs file. For now, just skip dm- devices.
+KERNEL=="dm-*|md*", GOTO="sched_out"
+
+# Skip bio-based devices, which don't support an I/O scheduler.
+ATTR{queue/scheduler}=="none", GOTO="sched_out"
+
+# If elevator= is specified on the kernel command line, change the
+# scheduler to the one specified.
+IMPORT{cmdline}="elevator"
+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
+
+LABEL="sched_out"
\ No newline at end of file
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 72632979fa..b41c50cad3 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -5,6 +5,7 @@ install_data(
install_dir : udevrulesdir)
rules = files('''
+ 40-elevator.rules
40-redhat.rules
60-autosuspend.rules
60-block.rules

43
SOURCES/0020-sd-device-introduce-device_has_devlink.patch Normal file
View File

@ -0,0 +1,43 @@
From 76aebe6fec5894b05114fdf1e8aee54139bef69e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:22:15 +0900
Subject: [PATCH] sd-device: introduce device_has_devlink()
(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f)
Related: #1977994
---
src/libsystemd/sd-device/device-private.h | 1 +
src/libsystemd/sd-device/sd-device.c | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h
index fe268d7f2f..9bb5eff208 100644
--- a/src/libsystemd/sd-device/device-private.h
+++ b/src/libsystemd/sd-device/device-private.h
@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device);
void device_set_devlink_priority(sd_device *device, int priority);
int device_ensure_usec_initialized(sd_device *device, sd_device *device_old);
int device_add_devlink(sd_device *device, const char *devlink);
+bool device_has_devlink(sd_device *device, const char *devlink);
int device_add_property(sd_device *device, const char *property, const char *value);
int device_add_tag(sd_device *device, const char *tag, bool both);
void device_remove_tag(sd_device *device, const char *tag);
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 388128bf33..8a9e4a33a1 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -1193,6 +1193,13 @@ int device_add_devlink(sd_device *device, const char *devlink) {
return 0;
}
+bool device_has_devlink(sd_device *device, const char *devlink) {
+ assert(device);
+ assert(devlink);
+
+ return set_contains(device->devlinks, devlink);
+}
+
static int device_add_property_internal_from_string(sd_device *device, const char *str) {
_cleanup_free_ char *key = NULL;
char *value;

305
SOURCES/0021-udev-node-split-out-permission-handling-from-udev_no.patch Normal file
View File

@ -0,0 +1,305 @@
From acf81f97412be44d60be03a0a2e3ca62f4a5146b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:24:15 +0900
Subject: [PATCH] udev-node: split out permission handling from udev_node_add()
And then merge udev_node_add() and udev_node_update_old_links().
(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d)
Related: #1977994
---
src/udev/udev-event.c | 9 +-
src/udev/udev-node.c | 204 +++++++++++++++++++-----------------------
src/udev/udev-node.h | 12 ++-
3 files changed, 106 insertions(+), 119 deletions(-)
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index b28089be71..8b9f8aecfe 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -895,9 +895,6 @@ static int update_devnode(UdevEvent *event) {
if (r < 0)
return log_device_error_errno(dev, r, "Failed to get devnum: %m");
- /* remove/update possible left-over symlinks from old database entry */
- (void) udev_node_update_old_links(dev, event->dev_db_clone);
-
if (!uid_is_valid(event->uid)) {
r = device_get_devnode_uid(dev, &event->uid);
if (r < 0 && r != -ENOENT)
@@ -921,7 +918,11 @@ static int update_devnode(UdevEvent *event) {
bool apply_mac = device_for_action(dev, SD_DEVICE_ADD);
- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list);
+ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list);
+ if (r < 0)
+ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m");
+
+ return udev_node_update(dev, event->dev_db_clone);
}
static int event_execute_rules_on_remove(
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 9e52906571..7cc9ee3670 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;
}
-int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) {
- const char *name;
+static int device_get_devpath_by_devnum(sd_device *dev, char **ret) {
+ const char *subsystem;
+ dev_t devnum;
+ int r;
+
+ assert(dev);
+ assert(ret);
+
+ r = sd_device_get_subsystem(dev, &subsystem);
+ if (r < 0)
+ return r;
+
+ r = sd_device_get_devnum(dev, &devnum);
+ if (r < 0)
+ return r;
+
+ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret);
+}
+
+int udev_node_update(sd_device *dev, sd_device *dev_old) {
+ _cleanup_free_ char *filename = NULL;
+ const char *devnode, *devlink;
int r;
assert(dev);
assert(dev_old);
- /* update possible left-over symlinks */
- FOREACH_DEVICE_DEVLINK(dev_old, name) {
- const char *name_current;
- bool found = false;
+ r = sd_device_get_devname(dev, &devnode);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get devnode: %m");
- /* check if old link name still belongs to this device */
- FOREACH_DEVICE_DEVLINK(dev, name_current)
- if (streq(name, name_current)) {
- found = true;
- break;
- }
+ if (DEBUG_LOGGING) {
+ const char *id = NULL;
- if (found)
+ (void) device_get_device_id(dev, &id);
+ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id));
+ }
+
+ /* update possible left-over symlinks */
+ FOREACH_DEVICE_DEVLINK(dev_old, devlink) {
+ /* check if old link name still belongs to this device */
+ if (device_has_devlink(dev, devlink))
continue;
log_device_debug(dev,
- "Updating old device symlink '%s', which is no longer belonging to this device.",
- name);
+ "Removing/updating old device symlink '%s', which is no longer belonging to this device.",
+ devlink);
- r = link_update(dev, name, false);
+ r = link_update(dev, devlink, /* add = */ false);
if (r < 0)
log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- name);
+ "Failed to remove/update device symlink '%s', ignoring: %m",
+ devlink);
}
+ /* create/update symlinks, add symlinks to name index */
+ FOREACH_DEVICE_DEVLINK(dev, devlink) {
+ r = link_update(dev, devlink, /* add = */ true);
+ if (r < 0)
+ log_device_warning_errno(dev, r,
+ "Failed to create/update device symlink '%s', ignoring: %m",
+ devlink);
+ }
+
+ r = device_get_devpath_by_devnum(dev, &filename);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device path: %m");
+
+ /* always add /dev/{block,char}/$major:$minor */
+ r = node_symlink(dev, devnode, filename);
+ if (r < 0)
+ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename);
+
+ return 0;
+}
+
+int udev_node_remove(sd_device *dev) {
+ _cleanup_free_ char *filename = NULL;
+ const char *devlink;
+ int r;
+
+ assert(dev);
+
+ /* remove/update symlinks, remove symlinks from name index */
+ FOREACH_DEVICE_DEVLINK(dev, devlink) {
+ r = link_update(dev, devlink, /* add = */ false);
+ if (r < 0)
+ log_device_warning_errno(dev, r,
+ "Failed to remove/update device symlink '%s', ignoring: %m",
+ devlink);
+ }
+
+ r = device_get_devpath_by_devnum(dev, &filename);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device path: %m");
+
+ /* remove /dev/{block,char}/$major:$minor */
+ if (unlink(filename) < 0 && errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename);
+
return 0;
}
-static int node_permissions_apply(sd_device *dev, bool apply_mac,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list) {
+int udev_node_apply_permissions(
+ sd_device *dev,
+ bool apply_mac,
+ mode_t mode,
+ uid_t uid,
+ gid_t gid,
+ OrderedHashmap *seclabel_list) {
+
const char *devnode, *subsystem, *id = NULL;
bool apply_mode, apply_uid, apply_gid;
_cleanup_close_ int node_fd = -1;
@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
if (r < 0)
log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode);
- return r;
-}
-
-static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) {
- const char *subsystem;
- dev_t devnum;
- int r;
-
- assert(ret);
-
- r = sd_device_get_subsystem(dev, &subsystem);
- if (r < 0)
- return r;
-
- r = sd_device_get_devnum(dev, &devnum);
- if (r < 0)
- return r;
-
- return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret);
-}
-
-int udev_node_add(sd_device *dev, bool apply,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list) {
- const char *devnode, *devlink;
- _cleanup_free_ char *filename = NULL;
- int r;
-
- assert(dev);
-
- r = sd_device_get_devname(dev, &devnode);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get devnode: %m");
-
- if (DEBUG_LOGGING) {
- const char *id = NULL;
-
- (void) device_get_device_id(dev, &id);
- log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id));
- }
-
- r = node_permissions_apply(dev, apply, mode, uid, gid, seclabel_list);
- if (r < 0)
- return r;
-
- /* create/update symlinks, add symlinks to name index */
- FOREACH_DEVICE_DEVLINK(dev, devlink) {
- r = link_update(dev, devlink, true);
- if (r < 0)
- log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- devlink);
- }
-
- r = xsprintf_dev_num_path_from_sd_device(dev, &filename);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device path: %m");
-
- /* always add /dev/{block,char}/$major:$minor */
- r = node_symlink(dev, devnode, filename);
- if (r < 0)
- return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename);
-
- return 0;
-}
-
-int udev_node_remove(sd_device *dev) {
- _cleanup_free_ char *filename = NULL;
- const char *devlink;
- int r;
-
- assert(dev);
-
- /* remove/update symlinks, remove symlinks from name index */
- FOREACH_DEVICE_DEVLINK(dev, devlink) {
- r = link_update(dev, devlink, false);
- if (r < 0)
- log_device_warning_errno(dev, r,
- "Failed to update device symlink '%s', ignoring: %m",
- devlink);
- }
-
- r = xsprintf_dev_num_path_from_sd_device(dev, &filename);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device path: %m");
-
- /* remove /dev/{block,char}/$major:$minor */
- if (unlink(filename) < 0 && errno != ENOENT)
- return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename);
-
return 0;
}
diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h
index 2349f9c471..a34af77146 100644
--- a/src/udev/udev-node.h
+++ b/src/udev/udev-node.h
@@ -8,10 +8,14 @@
#include "hashmap.h"
-int udev_node_add(sd_device *dev, bool apply,
- mode_t mode, uid_t uid, gid_t gid,
- OrderedHashmap *seclabel_list);
+int udev_node_apply_permissions(
+ sd_device *dev,
+ bool apply_mac,
+ mode_t mode,
+ uid_t uid,
+ gid_t gid,
+ OrderedHashmap *seclabel_list);
int udev_node_remove(sd_device *dev);
-int udev_node_update_old_links(sd_device *dev, sd_device *dev_old);
+int udev_node_update(sd_device *dev, sd_device *dev_old);
size_t udev_node_escape_path(const char *src, char *dest, size_t size);

36
SOURCES/0022-udev-node-stack-directory-must-exist-when-adding-dev.patch Normal file
View File

@ -0,0 +1,36 @@
From 18d2fb228bc155fc357262ec2dc5713318bab453 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:14:42 +0900
Subject: [PATCH] udev-node: stack directory must exist when adding device node
symlink
(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6)
Related: #1977994
---
src/udev/udev-node.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 7cc9ee3670..4496a2bd9b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
dir = opendir(stackdir);
if (!dir) {
- if (errno == ENOENT) {
- *ret = TAKE_PTR(target);
- return !!*ret;
- }
+ if (add) /* The stack directory must exist. */
+ return -errno;
+ if (errno != ENOENT)
+ return -errno;
- return -errno;
+ *ret = NULL;
+ return 0;
}
r = device_get_device_id(dev, &id);

250
SOURCES/0023-udev-node-save-information-about-device-node-and-pri.patch Normal file
View File

@ -0,0 +1,250 @@
From 9c68b5675ffd11f2a3f9123446b54c2d0eea4682 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:16:21 +0900
Subject: [PATCH] udev-node: save information about device node and priority in
symlink
Previously, we only store device IDs in /run/udev/links, and when
creating/removing device node symlink, we create sd_device object
corresponds to the IDs and read device node and priority from the
object. That requires parsing uevent and udev database files.
This makes link_find_prioritized() get the most prioritzed device node
without parsing the files.
(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943)
Related: #1977994
---
src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++-------------
1 file changed, 121 insertions(+), 51 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 4496a2bd9b..5d6aae0bd4 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -18,6 +18,7 @@
#include "fs-util.h"
#include "hexdecoct.h"
#include "mkdir.h"
+#include "parse-util.h"
#include "path-util.h"
#include "selinux-util.h"
#include "smack-util.h"
@@ -28,9 +29,9 @@
#include "udev-node.h"
#include "user-util.h"
-#define CREATE_LINK_MAX_RETRIES 128
-#define LINK_UPDATE_MAX_RETRIES 128
-#define TOUCH_FILE_MAX_RETRIES 128
+#define CREATE_LINK_MAX_RETRIES 128
+#define LINK_UPDATE_MAX_RETRIES 128
+#define CREATE_STACK_LINK_MAX_RETRIES 128
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
return r;
FOREACH_DIRENT_ALL(dent, dir, break) {
- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL;
- const char *devnode;
- int db_prio = 0;
+ _cleanup_free_ char *path = NULL, *buf = NULL;
+ int tmp_prio;
- if (dent->d_name[0] == '\0')
- break;
if (dent->d_name[0] == '.')
continue;
- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir);
-
- /* did we find ourself? */
+ /* skip ourself */
if (streq(dent->d_name, id))
continue;
- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0)
- continue;
+ path = path_join(stackdir, dent->d_name);
+ if (!path)
+ return -ENOMEM;
- if (sd_device_get_devname(dev_db, &devnode) < 0)
- continue;
+ if (readlink_malloc(path, &buf) >= 0) {
+ char *devnode;
- if (device_get_devlink_priority(dev_db, &db_prio) < 0)
- continue;
+ /* New format. The devnode and priority can be obtained from symlink. */
- if (target && db_prio <= priority)
- continue;
+ devnode = strchr(buf, ':');
+ if (!devnode || devnode == buf)
+ continue;
- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir);
+ *(devnode++) = '\0';
+ if (!path_startswith(devnode, "/dev"))
+ continue;
- r = free_and_strdup(&target, devnode);
- if (r < 0)
- return r;
- priority = db_prio;
+ if (safe_atoi(buf, &tmp_prio) < 0)
+ continue;
+
+ if (target && tmp_prio <= priority)
+ continue;
+
+ r = free_and_strdup(&target, devnode);
+ if (r < 0)
+ return r;
+ } else {
+ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL;
+ const char *devnode;
+
+ /* Old format. The devnode and priority must be obtained from uevent and
+ * udev database files. */
+
+ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0)
+ continue;
+
+ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0)
+ continue;
+
+ if (target && tmp_prio <= priority)
+ continue;
+
+ if (sd_device_get_devname(tmp_dev, &devnode) < 0)
+ continue;
+
+ r = free_and_strdup(&target, devnode);
+ if (r < 0)
+ return r;
+ }
+
+ priority = tmp_prio;
}
*ret = TAKE_PTR(target);
@@ -256,10 +285,72 @@ toolong:
return size - 1;
}
+static int update_stack_directory(sd_device *dev, const char *dirname, bool add) {
+ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL;
+ const char *devname, *id;
+ int priority, r;
+
+ assert(dev);
+ assert(dirname);
+
+ r = device_get_device_id(dev, &id);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device id: %m");
+
+ filename = path_join(dirname, id);
+ if (!filename)
+ return log_oom_debug();
+
+ if (!add) {
+ if (unlink(filename) < 0 && errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+
+ (void) rmdir(dirname);
+ return 0;
+ }
+
+ r = sd_device_get_devname(dev, &devname);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device node: %m");
+
+ r = device_get_devlink_priority(dev, &priority);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m");
+
+ if (asprintf(&data, "%i:%s", priority, devname) < 0)
+ return log_oom_debug();
+
+ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data))
+ return 0;
+
+ if (unlink(filename) < 0 && errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+
+ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) {
+ /* This may fail with -ENOENT when the parent directory is removed during
+ * creating the file by another udevd worker. */
+ r = mkdir_p(dirname, 0755);
+ if (r == -ENOENT)
+ continue;
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname);
+
+ if (symlink(data, filename) < 0) {
+ if (errno == ENOENT)
+ continue;
+ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename);
+ }
+
+ return 0;
+ }
+
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ELOOP), "Failed to create symbolic link %s: %m", filename);
+}
+
/* manage "stack of names" with possibly specified device priorities */
static int link_update(sd_device *dev, const char *slink_in, bool add) {
- _cleanup_free_ char *slink = NULL, *filename = NULL, *dirname = NULL;
- const char *slink_name, *id;
+ _cleanup_free_ char *slink = NULL, *dirname = NULL;
+ const char *slink_name;
char name_enc[NAME_MAX+1];
int i, r, retries;
@@ -279,35 +370,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL),
"Invalid symbolic link of device node: %s", slink);
- r = device_get_device_id(dev, &id);
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to get device id: %m");
-
(void) udev_node_escape_path(slink_name, name_enc, sizeof(name_enc));
- dirname = path_join("/run/udev/links/", name_enc);
+ dirname = path_join("/run/udev/links", name_enc);
if (!dirname)
return log_oom_debug();
- filename = path_join(dirname, id);
- if (!filename)
- return log_oom_debug();
-
- if (!add) {
- if (unlink(filename) < 0 && errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
-
- (void) rmdir(dirname);
- } else {
- for (unsigned j = 0; j < TOUCH_FILE_MAX_RETRIES; j++) {
- /* This may fail with -ENOENT when the parent directory is removed during
- * creating the file by another udevd worker. */
- r = touch_file(filename, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444);
- if (r != -ENOENT)
- break;
- }
- if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to create %s: %m", filename);
- }
+ r = update_stack_directory(dev, dirname, add);
+ if (r < 0)
+ return r;
/* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
* will be fixed in the second invocation. */

146
SOURCES/0024-udev-node-always-update-timestamp-of-stack-directory.patch Normal file
View File

@ -0,0 +1,146 @@
From 16a6007cc8881ef19cc97de676d3b2b36b2def82 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 12:57:40 +0900
Subject: [PATCH] udev-node: always update timestamp of stack directory
Please see the comments in the code.
(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174)
Related: #1977994
---
src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 87 insertions(+), 3 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 5d6aae0bd4..0de848da19 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -32,6 +32,7 @@
#define CREATE_LINK_MAX_RETRIES 128
#define LINK_UPDATE_MAX_RETRIES 128
#define CREATE_STACK_LINK_MAX_RETRIES 128
+#define UPDATE_TIMESTAMP_MAX_RETRIES 128
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -285,9 +286,60 @@ toolong:
return size - 1;
}
+static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) {
+ assert(path);
+ assert(prev);
+
+ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may
+ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume
+ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the
+ * same devlink simultaneously.
+ *
+ * 1. B creates/removes a symlink in the stack directory.
+ * 2. A calls the first stat() in the loop of link_update().
+ * 3. A calls link_find_prioritized().
+ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
+ * 5. B and C finish link_update().
+ * 6. A creates/removes devlink according to the outdated result in the step 3.
+ * 7. A calls the second stat() in the loop of link_update().
+ *
+ * If these 7 steps are processed in this order within a short time period that kernel's timer
+ * does not increase, then even if the contents in the stack directory is changed, the results
+ * of two stat() called by A shows the same timestamp, and A cannot detect the change.
+ *
+ * By calling this function after creating/removing symlinks in the stack directory, the
+ * timestamp of the stack directory is always increased at least in the above step 5, so A can
+ * detect the update. */
+
+ if ((prev->st_mode & S_IFMT) == 0)
+ return 0; /* Does not exist, or previous stat() failed. */
+
+ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) {
+ struct stat st;
+
+ if (stat(path, &st) < 0)
+ return -errno;
+
+ if (!stat_inode_unmodified(prev, &st))
+ return 0;
+
+ log_device_debug(dev,
+ "%s is modified, but its timestamp is not changed, "
+ "updating timestamp after 10ms.",
+ path);
+
+ (void) usleep(10 * USEC_PER_MSEC);
+ if (utimensat(AT_FDCWD, path, NULL, 0) < 0)
+ return -errno;
+ }
+
+ return -ELOOP;
+}
+
static int update_stack_directory(sd_device *dev, const char *dirname, bool add) {
_cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL;
const char *devname, *id;
+ struct stat st = {};
int priority, r;
assert(dev);
@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
return log_oom_debug();
if (!add) {
- if (unlink(filename) < 0 && errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+ bool unlink_failed = false;
+
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT)
+ return 0; /* The stack directory is already removed. That's OK. */
+ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname);
+ }
+
+ if (unlink(filename) < 0) {
+ unlink_failed = true;
+ if (errno != ENOENT)
+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
+ }
+
+ if (rmdir(dirname) >= 0 || errno == ENOENT)
+ return 0;
+
+ if (unlink_failed)
+ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */
+
+ /* The symlink was removed. Check if the timestamp of directory is changed. */
+ r = update_timestamp(dev, dirname, &st);
+ if (r < 0 && r != -ENOENT)
+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname);
- (void) rmdir(dirname);
return 0;
}
@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname);
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT)
+ continue;
+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
+ }
+
if (symlink(data, filename) < 0) {
if (errno == ENOENT)
continue;
return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename);
}
+ /* The symlink was created. Check if the timestamp of directory is changed. */
+ r = update_timestamp(dev, dirname, &st);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname);
+
return 0;
}

34
SOURCES/0025-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch Normal file
View File

@ -0,0 +1,34 @@
From 18936c8ee21fabb2036b1849a4bb7f5b64bee897 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 2 Sep 2021 06:58:59 +0900
Subject: [PATCH] udev-node: assume no new claim to a symlink if
/run/udev/links is not updated
During creating a symlink to a device node, if another device node which
requests the same symlink is added/removed, `stat_inode_unmodified()`
should always detects that. We do not need to continue the loop
unconditionally.
(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df)
Related: #1977994
---
src/udev/udev-node.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 0de848da19..1a34ea8128 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
r = node_symlink(dev, target, slink);
if (r < 0)
return r;
- if (r == 1)
- /* We have replaced already existing symlink, possibly there is some other device trying
- * to claim the same symlink. Let's do one more iteration to give us a chance to fix
- * the error if other device actually claims the symlink with higher priority. */
- continue;
/* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */
if ((st1.st_mode & S_IFMT) != 0) {

92
SOURCES/0026-udev-node-always-atomically-create-symlink-to-device.patch Normal file
View File

@ -0,0 +1,92 @@
From 323f687e53737ccf7687482c31690374da90d8e7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 02:20:33 +0900
Subject: [PATCH] udev-node: always atomically create symlink to device node
By the previous commit, it is not necessary to distinguish if the devlink
already exists. Also, I cannot find any significant advantages of the
previous complecated logic, that is, first try to create directly, and then
fallback to atomically creation. Moreover, such logic increases the chance
of conflicts between multiple udev workers.
This makes devlinks always created atomically. Hopefully, this reduces the
conflicts between the workers.
(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70)
Related: #1977994
---
src/udev/udev-node.c | 42 +++++++++---------------------------------
1 file changed, 9 insertions(+), 33 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 1a34ea8128..46c04fe00b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
assert(node);
assert(slink);
+ if (lstat(slink, &stats) >= 0) {
+ if (!S_ISLNK(stats.st_mode))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
+ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node);
+ } else if (errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink);
+
r = path_extract_directory(slink, &slink_dirname);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink);
@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node);
- if (lstat(slink, &stats) >= 0) {
- _cleanup_free_ char *buf = NULL;
-
- if (!S_ISLNK(stats.st_mode))
- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node);
-
- if (readlink_malloc(slink, &buf) >= 0 &&
- path_equal(target, buf)) {
- /* preserve link with correct target, do not replace node of other device */
- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target);
-
- (void) label_fix(slink, LABEL_IGNORE_ENOENT);
- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW);
-
- return 0;
- }
- } else if (errno == ENOENT) {
- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target);
-
- r = create_symlink(target, slink);
- if (r >= 0)
- return 0;
-
- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink);
- } else
- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink);
-
- log_device_debug(dev, "Atomically replace '%s'", slink);
-
r = device_get_device_id(dev, &id);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get device id: %m");
- slink_tmp = strjoina(slink, ".tmp-", id);
+ slink_tmp = strjoina(slink, ".tmp-", id);
(void) unlink(slink_tmp);
r = create_symlink(target, slink_tmp);
@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
return r;
}
- /* Tell caller that we replaced already existing symlink. */
- return 1;
+ return 0;
}
static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) {

44
SOURCES/0027-udev-node-check-stack-directory-change-even-if-devli.patch Normal file
View File

@ -0,0 +1,44 @@
From 6ecd6fdcc27f374debcce47366c2862967f99463 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:44:26 +0900
Subject: [PATCH] udev-node: check stack directory change even if devlink is
removed
Otherwise, when multiple device additions and removals occur
simultaneously, symlink to unexisting devnode may be created.
Hopefully fixes #19946.
(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8)
Related: #1977994
---
src/udev/udev-node.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 46c04fe00b..28e6e8df94 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
if (r < 0)
return r;
- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */
- if ((st1.st_mode & S_IFMT) != 0) {
- r = stat(dirname, &st2);
- if (r < 0 && errno != ENOENT)
- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
-
- if (stat_inode_unmodified(&st1, &st2))
- break;
- }
+ if (stat(dirname, &st2) < 0 && errno != ENOENT)
+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
+
+ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) ||
+ stat_inode_unmodified(&st1, &st2))
+ return 0;
}
return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;

32
SOURCES/0028-udev-node-shorten-code-a-bit-and-update-log-message.patch Normal file
View File

@ -0,0 +1,32 @@
From a075830244f699703a88a492413d931eaeb23a65 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 2 Sep 2021 08:23:35 +0900
Subject: [PATCH] udev-node: shorten code a bit and update log message
(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea)
Related: #1977994
---
src/udev/udev-node.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 28e6e8df94..2e7df899e4 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
- r = stat(dirname, &st1);
- if (r < 0 && errno != ENOENT)
+ if (stat(dirname, &st1) < 0 && errno != ENOENT)
return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);
r = link_find_prioritized(dev, add, dirname, &target);
if (r < 0)
- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink);
+ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink);
if (r == 0) {
log_device_debug(dev, "No reference left for '%s', removing", slink);

59
SOURCES/0029-udev-node-add-random-delay-on-conflict-in-updating-d.patch Normal file
View File

@ -0,0 +1,59 @@
From c484f91a87679fb26342408f20e7bdddf316f5a0 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 04:34:48 +0900
Subject: [PATCH] udev-node: add random delay on conflict in updating device
node symlink
To make multiple workers not update the same device node symlink
simultaneously.
(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a)
Related: #1977994
---
src/udev/udev-node.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 2e7df899e4..675e6ce313 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -20,12 +20,14 @@
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
+#include "random-util.h"
#include "selinux-util.h"
#include "smack-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "strxcpyx.h"
+#include "time-util.h"
#include "udev-node.h"
#include "user-util.h"
@@ -33,6 +35,8 @@
#define LINK_UPDATE_MAX_RETRIES 128
#define CREATE_STACK_LINK_MAX_RETRIES 128
#define UPDATE_TIMESTAMP_MAX_RETRIES 128
+#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC)
+#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC)
#define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f)
static int create_symlink(const char *target, const char *slink) {
@@ -447,6 +451,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
+ if (i > 0) {
+ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY);
+
+ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.",
+ dirname, slink, FORMAT_TIMESPAN(delay, USEC_PER_MSEC));
+ (void) usleep(delay);
+ }
+
if (stat(dirname, &st1) < 0 && errno != ENOENT)
return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname);

80
SOURCES/0030-udev-node-drop-redundant-trial-of-devlink-creation.patch Normal file
View File

@ -0,0 +1,80 @@
From 458a6cd748ee5555b6957888b69d475ac3f619c6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Sep 2021 09:29:42 +0900
Subject: [PATCH] udev-node: drop redundant trial of devlink creation
Previously, the devlink was created based on the priority saved in udev
database. So, we needed to reevaluate devlinks after database is saved.
But now the priority is stored in the symlink under /run/udev/links, and
the loop of devlink creation is controlled with the timestamp of the
directory. So, the double evaluation is not necessary anymore.
(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f)
Related: #1977994
---
src/udev/udev-event.c | 5 +----
src/udev/udev-node.c | 12 ++++--------
2 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index 8b9f8aecfe..c77f55c67e 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -1060,10 +1060,7 @@ int udev_event_execute_rules(
device_set_is_initialized(dev);
- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database,
- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure
- * symlinks point to devices that claim them with the highest priority. */
- return update_devnode(event);
+ return 0;
}
void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) {
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 675e6ce313..bb551d86b0 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
_cleanup_free_ char *slink = NULL, *dirname = NULL;
const char *slink_name;
char name_enc[NAME_MAX+1];
- int i, r, retries;
+ int r;
assert(dev);
assert(slink_in);
@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
if (r < 0)
return r;
- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
- * will be fixed in the second invocation. */
- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1;
-
- for (i = 0; i < retries; i++) {
+ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) {
_cleanup_free_ char *target = NULL;
struct stat st1 = {}, st2 = {};
@@ -472,7 +468,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink);
(void) rmdir_parents(slink, "/dev");
- break;
+ return 0;
}
r = node_symlink(dev, target, slink);
@@ -487,7 +483,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) {
return 0;
}
- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;
+ return -ELOOP;
}
static int device_get_devpath_by_devnum(sd_device *dev, char **ret) {

36
SOURCES/0031-udev-node-simplify-the-example-of-race.patch Normal file
View File

@ -0,0 +1,36 @@
From a5a14281160881fbb39d80a2572a18ecadbeedd5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 12 Sep 2021 16:05:51 +0900
Subject: [PATCH] udev-node: simplify the example of race
(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce)
Related: #1977994
---
src/udev/udev-node.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index bb551d86b0..61cb9a449b 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev)
/* Even if a symlink in the stack directory is created/removed, the mtime of the directory may
* not be changed. Why? Let's consider the following situation. For simplicity, let's assume
- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the
- * same devlink simultaneously.
+ * there exist two udev workers (A and B) and all of them calls link_update() for the same
+ * devlink simultaneously.
*
- * 1. B creates/removes a symlink in the stack directory.
+ * 1. A creates/removes a symlink in the stack directory.
* 2. A calls the first stat() in the loop of link_update().
* 3. A calls link_find_prioritized().
- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
- * 5. B and C finish link_update().
+ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated.
+ * 5. B finishes link_update().
* 6. A creates/removes devlink according to the outdated result in the step 3.
* 7. A calls the second stat() in the loop of link_update().
*

59
SOURCES/0032-udev-node-do-not-ignore-unexpected-errors-on-removin.patch Normal file
View File

@ -0,0 +1,59 @@
From 735971d9bffeccc0c17311a29909bdf5d693f806 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 12 Sep 2021 16:14:27 +0900
Subject: [PATCH] udev-node: do not ignore unexpected errors on removing
symlink in stack directory
Only acceptable error here is -ENOENT.
(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663)
Related: #1977994
---
src/udev/udev-node.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 61cb9a449b..e1fb387cb9 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add)
return log_oom_debug();
if (!add) {
- bool unlink_failed = false;
+ int unlink_error = 0, stat_error = 0;
if (stat(dirname, &st) < 0) {
if (errno == ENOENT)
return 0; /* The stack directory is already removed. That's OK. */
- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname);
+ stat_error = -errno;
}
- if (unlink(filename) < 0) {
- unlink_failed = true;
- if (errno != ENOENT)
- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename);
- }
+ if (unlink(filename) < 0)
+ unlink_error = -errno;
if (rmdir(dirname) >= 0 || errno == ENOENT)
return 0;
- if (unlink_failed)
- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */
+ if (unlink_error < 0) {
+ if (unlink_error == -ENOENT)
+ return 0;
+
+ /* If we failed to remove the symlink, then there is almost nothing we can do. */
+ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename);
+ }
+
+ if (stat_error < 0)
+ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname);
/* The symlink was removed. Check if the timestamp of directory is changed. */
r = update_timestamp(dev, dirname, &st);

25
SOURCES/0033-basic-time-util-introduce-FORMAT_TIMESPAN.patch Normal file
View File

@ -0,0 +1,25 @@
From e1f53e60bdc368c81beba8b6173047ec8149f8e9 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 09:28:29 +0200
Subject: [PATCH] basic/time-util: introduce FORMAT_TIMESPAN
This is cherry-pick of the relevant part from the tree-wide change in
5291f26d4a6.
Related: #1977994
---
src/basic/time-util.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/time-util.h b/src/basic/time-util.h
index 2bd947d6a8..8254913930 100644
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@@ -67,6 +67,7 @@ typedef enum TimestampStyle {
#define FORMAT_TIMESTAMP_WIDTH 28U /* when outputting, assume this width */
#define FORMAT_TIMESTAMP_RELATIVE_MAX 256U
#define FORMAT_TIMESPAN_MAX 64U
+#define FORMAT_TIMESPAN(t, accuracy) format_timespan((char[FORMAT_TIMESPAN_MAX]){}, FORMAT_TIMESPAN_MAX, t, accuracy)
#define TIME_T_MAX (time_t)((UINTMAX_C(1) << ((sizeof(time_t) << 3) - 1)) - 1)

28
SOURCES/0034-unit-install-the-systemd-bless-boot.service-only-if-.patch Normal file
View File

@ -0,0 +1,28 @@
From aef14d77e157fd0748ef664c83e55fd3880ea787 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 21 Sep 2021 22:47:42 +0200
Subject: [PATCH] unit: install the systemd-bless-boot.service only if we have
gnu-efi
Follow-up to #20591.
(cherry picked from commit 220261ef940a126588b20a1765a2501811473839)
Related: #1972223
---
units/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/meson.build b/units/meson.build
index 27a2b60137..e06d883cd2 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -179,7 +179,7 @@ in_units = [
['systemd-backlight@.service', 'ENABLE_BACKLIGHT'],
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
- ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'],
+ ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'],
['systemd-boot-check-no-failures.service', ''],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
['systemd-pstore.service', 'ENABLE_PSTORE'],

26
SOURCES/0035-units-don-t-enable-tmp.mount-statically-in-local-fs..patch Normal file
View File

@ -0,0 +1,26 @@
From 532a10738745716620ef6af5813bc9c81c235f07 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 22 Sep 2021 14:38:00 +0200
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
RHEL-only
Related: #1959826
---
units/meson.build | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index e06d883cd2..40487d123e 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -154,8 +154,7 @@ units = [
['time-set.target', ''],
['time-sync.target', ''],
['timers.target', ''],
- ['tmp.mount', '',
- 'local-fs.target.wants/'],
+ ['tmp.mount', ''],
['umount.target', ''],
['usb-gadget.target', ''],
['user.slice', ''],

59
SOURCES/0036-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch Normal file
View File

@ -0,0 +1,59 @@
From 9ac22ee1e9d1ae32ff2d824e5a0e763a18b36d7e Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
This should be hopefully high enough even for the very big deployments.
RHEL-only
Resolves: #1997200
---
man/systemd-system.conf.xml | 4 ++--
src/core/main.c | 2 +-
src/core/system.conf.in | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index c11dd46143..72c8db5890 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -389,10 +389,10 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
- For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
+ For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
but might be greater in other systems or smaller in OS containers.</para></listitem>
</varlistentry>
diff --git a/src/core/main.c b/src/core/main.c
index da6c50a1c4..f4fe7517fd 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -92,7 +92,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
static enum {
ACTION_RUN,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index e88280bd0a..f2c75fcd32 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -54,7 +54,7 @@
#DefaultBlockIOAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=80%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=

40
SOURCES/0037-udev-net-setup-link-change-the-default-MACAddressPol.patch Normal file
View File

@ -0,0 +1,40 @@
From ac965c0ae8c9ffa7d606bce9ffa3052fccbac0ce Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
"none"
While stable MAC address for interface types that don't have the
address provided by HW could be useful it also breaks LACP based bonds.
Let's err on the side of caution and don't change the MAC address from
udev.
Resolves: #1921094
---
man/systemd.link.xml | 2 +-
test/fuzz/fuzz-link-parser/99-default.link | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 1093e2e0b8..095d8b4873 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -816,7 +816,7 @@
<programlisting>[Link]
NamePolicy=kernel database onboard slot path
-MACAddressPolicy=persistent</programlisting>
+MACAddressPolicy=none</programlisting>
</example>
<example>
diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
index feb5b1fbb0..3d755898b4 100644
--- a/test/fuzz/fuzz-link-parser/99-default.link
+++ b/test/fuzz/fuzz-link-parser/99-default.link
@@ -9,4 +9,4 @@
[Link]
NamePolicy=keep kernel database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

24
SOURCES/0038-udev-net-setup-link-really-change-the-default-MACAdd.patch Normal file
View File

@ -0,0 +1,24 @@
From 19ab86202b9c4366ea5bd5ac820301f0ab6d1f95 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 1 Oct 2021 11:46:23 +0200
Subject: [PATCH] udev/net-setup-link: *really* change the default
MACAddressPolicy to "none"
Fix the oversight and change the policy in the link file, i.e. the
place where it actually matters.
Related: #1921094
---
network/99-default.link | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/network/99-default.link b/network/99-default.link
index bca660ac28..31aee37e75 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -13,4 +13,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

2
SOURCES/10-oomd-defaults.conf Normal file
View File

@ -0,0 +1,2 @@
[OOM]
DefaultMemoryPressureDurationSec=20s

2
SOURCES/10-oomd-root-slice-defaults.conf Normal file
View File

@ -0,0 +1,2 @@
[Slice]
ManagedOOMSwap=kill

3
SOURCES/10-oomd-user-service-defaults.conf Normal file
View File

@ -0,0 +1,3 @@
[Service]
ManagedOOMMemoryPressure=kill
ManagedOOMMemoryPressureLimit=50%

51
SOURCES/20-grubby.install Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
if [[ ! -x /sbin/new-kernel-pkg ]]; then
exit 0
fi
COMMAND="$1"
KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
KERNEL_DIR="${KERNEL_IMAGE%/*}"
[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
case "$COMMAND" in
add)
if [[ "${KERNEL_DIR}" != "/boot" ]]; then
for i in \
"$KERNEL_IMAGE" \
"$KERNEL_DIR"/System.map \
"$KERNEL_DIR"/config \
"$KERNEL_DIR"/zImage.stub \
"$KERNEL_DIR"/dtb \
; do
[[ -e "$i" ]] || continue
cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
command -v restorecon &>/dev/null && \
restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
done
# hmac is .vmlinuz-<version>.hmac so needs a special treatment
i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
if [[ -e "$i" ]]; then
cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
command -v restorecon &>/dev/null && \
restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
fi
fi
/sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
/sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
;;
remove)
/sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
;;
*)
;;
esac
# skip other installation plugins, if we can't find a boot loader spec conforming setup
if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
exit 77
fi

42
SOURCES/20-yama-ptrace.conf Normal file
View File

@ -0,0 +1,42 @@
# The ptrace system call is used for interprocess services,
# communication and introspection (like synchronisation, signaling,
# debugging, tracing and profiling) of processes.
#
# Usage of ptrace is restricted by normal user permissions. Normal
# unprivileged processes cannot use ptrace on processes that they
# cannot send signals to or processes that are running set-uid or
# set-gid. Nevertheless, processes running under the same uid will
# usually be able to ptrace one another.
#
# Fedora enables the Yama security mechanism which restricts ptrace
# even further. Sysctl setting kernel.yama.ptrace_scope can have one
# of the following values:
#
# 0 - Normal ptrace security permissions.
# 1 - Restricted ptrace. Only child processes plus normal permissions.
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
# 3 - No attach. No process may call ptrace at all. Irrevocable.
#
# For more information see Documentation/security/Yama.txt in the
# kernel sources.
#
# The default is 1., which allows tracing of child processes, but
# forbids tracing of arbitrary processes. This allows programs like
# gdb or strace to work when the most common way of having the
# debugger start the debuggee is used:
# gdb /path/to/program ...
# Attaching to already running programs is NOT allowed:
# gdb -p ...
# This default setting is suitable for the common case, because it
# reduces the risk that one hacked process can be used to attack other
# processes. (For example, a hacked firefox process in a user session
# will not be able to ptrace the keyring process and extract passwords
# stored only in memory.)
#
# Developers and administrators might want to disable those protections
# to be able to attach debuggers to existing processes. Use
# sysctl kernel.yama.ptrace_scope=0
# for change the setting temporarily, or copy this file to
# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
kernel.yama.ptrace_scope = 0

129
SOURCES/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch Normal file
View File

@ -0,0 +1,129 @@
From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
+++ killed by SIGABRT (core dumped) +++
---
src/test/test-mountpoint-util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 30b00ae4d8b..ffe5144b04a 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
* that's really the case */
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
- assert_se(path_equal(p, t));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
}

16
SOURCES/inittab Normal file
View File

@ -0,0 +1,16 @@
# inittab is no longer used.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target

3
SOURCES/libsystemd-shared.abignore Normal file
View File

@ -0,0 +1,3 @@
[suppress_file]
# This shared object is private to systemd
file_name_regexp=libsystemd-shared-.*.so

10
SOURCES/macros.sysusers Normal file
View File

@ -0,0 +1,10 @@
# RPM macros for packages creating system accounts
#
# Turn a sysusers.d file into macros specified by
# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
%sysusers_requires_compat Requires(pre): shadow-utils
%sysusers_create_compat() \
%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
%{nil}

101
SOURCES/purge-nobody-user Executable file
View File

@ -0,0 +1,101 @@
#!/bin/bash -eu
if [ $UID -ne 0 ]; then
echo "WARNING: This script needs to run as root to be effective"
exit 1
fi
export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
if [ "${1:-}" = "--ignore-journal" ]; then
shift
ignore_journal=1
else
ignore_journal=0
fi
echo "Checking processes..."
if ps h -u 99 | grep .; then
echo "ERROR: ps reports processes with UID 99!"
exit 2
fi
echo "... not found"
echo "Checking UTMP..."
if w -h 199 | grep . ; then
echo "ERROR: w reports UID 99 as active!"
exit 2
fi
if w -h nobody | grep . ; then
echo "ERROR: w reports user nobody as active!"
exit 2
fi
echo "... not found"
echo "Checking the journal..."
if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
echo "ERROR: journalctl reports messages from UID 99 in current boot!"
exit 2
fi
echo "... not found"
echo "Looking for files in /etc, /run, /tmp, and /var..."
if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
echo "ERROR: found files belonging to UID 99"
exit 2
fi
echo "... not found"
echo "Checking if nobody is defined correctly..."
if getent passwd nobody |
grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
then
echo "OK, nothing to do."
exit 0
else
echo "NOTICE: User nobody is not defined correctly"
fi
echo "Checking if nfsnobody or something else is using the uid..."
if getent passwd 65534 | grep . ; then
echo "NOTICE: will have to remove this user"
else
echo "... not found"
fi
if [ "${1:-}" = "-x" ]; then
if getent passwd nobody >/dev/null; then
# this will remove both the user and the group.
( set -x
userdel nobody
)
fi
if getent passwd 65534 >/dev/null; then
# Make sure the uid is unused. This should free gid too.
name="$(getent passwd 65534 | cut -d: -f1)"
( set -x
userdel "$name"
)
fi
if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
echo "Sleeping, so sss can catch up"
sleep 3
fi
if getent group 65534; then
# Make sure the gid is unused, even if uid wasn't.
name="$(getent group 65534 | cut -d: -f1)"
( set -x
groupdel "$name"
)
fi
# systemd-sysusers uses the same gid and uid
( set -x
systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
)
else
echo "Pass '-x' to perform changes"
fi

161
SOURCES/split-files.py Normal file
View File

@ -0,0 +1,161 @@
import re, sys, os, collections
buildroot = sys.argv[1]
known_files = sys.stdin.read().splitlines()
known_files = {line.split()[-1]:line for line in known_files}
def files(root):
os.chdir(root)
todo = collections.deque(['.'])
while todo:
n = todo.pop()
files = os.scandir(n)
for file in files:
yield file
if file.is_dir() and not file.is_symlink():
todo.append(file)
o_libs = open('.file-list-libs', 'w')
o_udev = open('.file-list-udev', 'w')
o_pam = open('.file-list-pam', 'w')
o_rpm_macros = open('.file-list-rpm-macros', 'w')
o_devel = open('.file-list-devel', 'w')
o_container = open('.file-list-container', 'w')
o_networkd = open('.file-list-networkd', 'w')
o_resolved = open('.file-list-resolved', 'w')
o_oomd = open('.file-list-oomd', 'w')
o_remote = open('.file-list-remote', 'w')
o_tests = open('.file-list-tests', 'w')
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
o_rest = open('.file-list-rest', 'w')
for file in files(buildroot):
n = file.path[1:]
if re.match(r'''/usr/(share|include)$|
/usr/share/man(/man.|)$|
/usr/share/zsh(/site-functions|)$|
/usr/share/dbus-1$|
/usr/share/dbus-1/system.d$|
/usr/share/dbus-1/(system-|)services$|
/usr/share/polkit-1(/actions|/rules.d|)$|
/usr/share/pkgconfig$|
/usr/share/bash-completion(/completions|)$|
/usr(/lib|/lib64|/bin|/sbin|)$|
/usr/lib.*/(security|pkgconfig)$|
/usr/lib/rpm(/macros.d|)$|
/usr/lib/firewalld(/services|)$|
/usr/share/(locale|licenses|doc)| # no $
/etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
/etc/(dnf|dnf/protected.d)$|
/usr/(src|lib/debug)| # no $
/run$|
/var(/cache|/log|/lib|/run|)$
''', n, re.X):
continue
if '/security/pam_' in n or '/man8/pam_' in n:
o = o_pam
elif '/rpm/' in n:
o = o_rpm_macros
elif '/usr/lib/systemd/tests' in n:
o = o_tests
elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
o = o_devel
elif re.search(r'''journal-(remote|gateway|upload)|
systemd-remote\.conf|
/usr/share/systemd/gatewayd|
/var/log/journal/remote
''', n, re.X):
o = o_remote
elif re.search(r'''mymachines|
machinectl|
systemd-nspawn|
import-pubring.gpg|
systemd-(machined|import|pull)|
/machine.slice|
/machines.target|
var-lib-machines.mount|
org.freedesktop.(import|machine)1
''', n, re.X):
o = o_container
elif re.search(r'''/usr/lib/systemd/network/80-|
networkd|
networkctl|
org.freedesktop.network1
''', n, re.X):
o = o_networkd
elif re.search(r'''resolved|
resolvectl|
org.freedesktop.resolve1|
systemd-resolve|
nss-resolve
''', n, re.X):
o = o_resolved
elif '.so.' in n:
o = o_libs
elif re.search(r'''udev(?!\.pc)|
hwdb|
bootctl|
sd-boot|systemd-boot\.|loader.conf|
bless-boot|
boot-system-token|
kernel-install|
vconsole|
backlight|
rfkill|
random-seed|
modules-load|
timesync|
cryptsetup|
kmod|
quota|
pstore|
sleep|suspend|hibernate|
systemd-tmpfiles-setup-dev|
network/99-default.link|
growfs|makefs|makeswap|mkswap|
fsck|
repart|
gpt-auto|
volatile-root|
verity-setup|
remount-fs|
/boot$|
/boot/efi|
/kernel/|
/kernel$|
/modprobe.d
''', n, re.X):
o = o_udev
elif re.search(r'''10-oomd-.*defaults\.conf|
oomd\.conf|
oomctl|
org.freedesktop.oom1|
systemd-oomd
''', n, re.X):
o = o_oomd
elif n.endswith('.standalone'):
if 'tmpfiles' in n:
o = o_standalone_tmpfiles
elif 'sysusers' in n:
o = o_standalone_sysusers
else:
assert False, 'Found .standalone not belonging to known packages'
else:
o = o_rest
if n in known_files:
prefix = ' '.join(known_files[n].split()[:-1])
if prefix:
prefix += ' '
elif file.is_dir() and not file.is_symlink():
prefix = '%dir '
elif 'README' in n:
prefix = '%doc '
elif n.startswith('/etc'):
prefix = '%config(noreplace) '
else:
prefix = ''
suffix = '*' if '/man/' in n else ''
print(f'{prefix}{n}{suffix}', file=o)

10
SOURCES/sysctl.conf.README Normal file
View File

@ -0,0 +1,10 @@
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

6
SOURCES/systemd-journal-gatewayd.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>systemd-journal-gatewayd</short>
<description>Journal Gateway Service</description>
<port protocol="tcp" port="19531"/>
</service>

6
SOURCES/systemd-journal-remote.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>systemd-journal-remote</short>
<description>Journal Remote Sink</description>
<port protocol="tcp" port="19532"/>
</service>

3
SOURCES/systemd-udev-trigger-no-reload.conf Normal file
View File

@ -0,0 +1,3 @@
[Unit]
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
RefuseManualStop=true

10
SOURCES/systemd-user Normal file
View File

@ -0,0 +1,10 @@
# This file is part of systemd.
#
# Used by systemd --user instances.
account include system-auth
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session include system-auth

2
SOURCES/sysusers.attr Normal file
View File

@ -0,0 +1,2 @@
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
%__sysusers_path ^%{_sysusersdir}/.*\\.conf$

79
SOURCES/sysusers.generate-pre.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# This script turns sysuser.d files into scriptlets mandated by Fedora
# packaging guidelines. The general idea is to define users using the
# declarative syntax but to turn this into traditional scriptlets.
user() {
user="$1"
uid="$2"
desc="$3"
group="$4"
home="$5"
shell="$6"
[ "$desc" = '-' ] && desc=
[ "$home" = '-' -o "$home" = '' ] && home=/
[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
if [ "$uid" = '-' -o "$uid" = '' ]; then
cat <<EOF
getent passwd '$user' >/dev/null || \\
useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
EOF
else
cat <<EOF
if ! getent passwd '$user' >/dev/null ; then
if ! getent passwd '$uid' >/dev/null ; then
useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
else
useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
fi
fi
EOF
fi
}
group() {
group="$1"
gid="$2"
if [ "$gid" = '-' ]; then
cat <<EOF
getent group '$group' >/dev/null || groupadd -r '$group'
EOF
else
cat <<EOF
getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
EOF
fi
}
parse() {
while read line || [ "$line" ]; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
eval arr=( $line )
case "${arr[0]}" in
('u')
group "${arr[1]}" "${arr[2]}"
user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
# TODO: user:group support
;;
('g')
group "${arr[1]}" "${arr[2]}"
;;
('m')
group "${arr[2]}" "-"
user "${arr[1]}" "-" "" "${arr[2]}"
;;
esac
done
}
for fn in "$@"; do
[ -e "$fn" ] || continue
echo "# generated from $(basename $fn)"
parse < "$fn"
done

28
SOURCES/sysusers.prov Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
parse() {
while read line; do
[ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
line="${line## *}"
[ -z "$line" ] && continue
set -- $line
case "$1" in
('u')
echo "user($2)"
echo "group($2)"
# TODO: user:group support
;;
('g')
echo "group($2)"
;;
('m')
echo "user($2)"
echo "group($3)"
;;
esac
done
}
while read fn; do
parse < "$fn"
done

89
SOURCES/triggers.systemd Normal file
View File

@ -0,0 +1,89 @@
# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# Copyright 2018 Neal Gompa
# The contents of this are an example to be copied into systemd.spec.
#
# Minimum rpm version supported: 4.14.0
%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
# This script will run after any package is initially installed or
# upgraded. We care about the case where a package is initially
# installed, because other cases are covered by the *un scriptlets,
# so sometimes we will reload needlessly.
if test -d "/run/systemd/system"; then
%{_bindir}/systemctl daemon-reload || :
%{_bindir}/systemctl reload-or-restart --marked || :
fi
%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
# On removal, we need to run daemon-reload after any units have been
# removed.
# On upgrade, we need to run daemon-reload after any new unit files
# have been installed, but before %postun scripts in packages get
# executed.
if test -d "/run/systemd/system"; then
%{_bindir}/systemctl daemon-reload || :
fi
%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
# We restart remaining services that should be restarted here.
if test -d "/run/systemd/system"; then
%{_bindir}/systemctl reload-or-restart --marked || :
fi
%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
# This script will process files installed in /usr/lib/sysusers.d to create
# specified users automatically. The priority is set such that it
# will run before the tmpfiles file trigger.
if test -d "/run/systemd/system"; then
%{_bindir}/systemd-sysusers || :
fi
%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
# This script will automatically invoke hwdb update if files have been
# installed or updated in /usr/lib/udev/hwdb.d.
if test -d "/run/systemd/system"; then
%{_bindir}/systemd-hwdb update || :
fi
%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
# This script will automatically invoke journal catalog update if files
# have been installed or updated in /usr/lib/systemd/catalog.
if test -d "/run/systemd/system"; then
%{_bindir}/journalctl --update-catalog || :
fi
%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
# This script will automatically apply binfmt rules if files have been
# installed or updated in /usr/lib/binfmt.d.
if test -d "/run/systemd/system"; then
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
# during install
/usr/lib/systemd/systemd-binfmt || :
fi
%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d
# This script will process files installed in /usr/lib/tmpfiles.d to create
# tmpfiles automatically. The priority is set such that it will run
# after the sysusers file trigger, but before any other triggers.
if test -d "/run/systemd/system"; then
%{_bindir}/systemd-tmpfiles --create || :
fi
%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
# This script will automatically update udev with new rules if files
# have been installed or updated in /usr/lib/udev/rules.d.
if test -e /run/udev/control; then
%{_bindir}/udevadm control --reload || :
fi
%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d
# This script will automatically apply sysctl rules if files have been
# installed or updated in /usr/lib/sysctl.d.
if test -d "/run/systemd/system"; then
/usr/lib/systemd/systemd-sysctl || :
fi

2
SOURCES/yum-protect-systemd.conf Normal file
View File

@ -0,0 +1,2 @@
systemd
systemd-udev

3141
SPECS/systemd.spec Normal file
View File

File diff suppressed because it is too large Load Diff