rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to latest git

Browse Source
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2014-10-10 14:56:53 -04:00
parent cebcd2064c
commit f1004dc2ae
49 changed files with 3793 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
0533-bus-proxyd-assorted-cleanups-and-fixes.patch Normal file
View File

@ -0,0 +1,105 @@
From e91c8c201931d6be8229d624c10ed9c7c210d470 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Tue, 7 Oct 2014 17:58:29 +0200
Subject: [PATCH] bus-proxyd: assorted cleanups and fixes
Just some cleanups around policy checks that came up during review.
The code is still not productive.
---
src/bus-proxyd/bus-policy.c | 23 +++++++++++++----------
test/bus-policy/methods.conf | 2 +-
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 2ff5d646f1..aea8541d50 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -604,7 +604,10 @@ struct policy_check_filter {
int message_type;
const char *interface;
const char *path;
- const char *member;
+ union {
+ const char *name;
+ const char *member;
+ };
char **names_strv;
Hashmap *names_hash;
};
@@ -633,7 +636,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
break;
}
- if (i->message_type && (i->message_type != filter->message_type))
+ if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
break;
if (i->path && !streq_ptr(i->path, filter->path))
@@ -650,14 +653,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
case POLICY_ITEM_OWN:
assert(filter->member);
- if (streq(i->name, filter->member))
+ if (streq(i->name, "*") || streq(i->name, filter->name))
return is_permissive(i);
break;
case POLICY_ITEM_OWN_PREFIX:
assert(filter->member);
- if (startswith(i->name, filter->member))
+ if (streq(i->name, "*") || startswith(i->name, filter->name))
return is_permissive(i);
break;
@@ -747,9 +750,9 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
struct policy_check_filter filter = {
- .class = POLICY_ITEM_OWN,
- .ucred = ucred,
- .member = name,
+ .class = POLICY_ITEM_OWN,
+ .ucred = ucred,
+ .name = name,
};
return policy_check(p, &filter) == ALLOW;
@@ -758,21 +761,21 @@ bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
bool policy_check_hello(Policy *p, const struct ucred *ucred) {
struct policy_check_filter filter = {
- .class = POLICY_ITEM_USER,
.ucred = ucred,
};
int user, group;
+ filter.class = POLICY_ITEM_USER;
user = policy_check(p, &filter);
if (user == DENY)
return false;
filter.class = POLICY_ITEM_GROUP;
group = policy_check(p, &filter);
- if (user == DUNNO && group == DUNNO)
+ if (group == DENY)
return false;
- return !(user == DENY || group == DENY);
+ return !(user == DUNNO && group == DUNNO);
}
bool policy_check_recv(Policy *p,
diff --git a/test/bus-policy/methods.conf b/test/bus-policy/methods.conf
index 4d4675ea10..4bc38f9151 100644
--- a/test/bus-policy/methods.conf
+++ b/test/bus-policy/methods.conf
@@ -11,7 +11,7 @@
<allow send_destination="org.test.test1" send_interface="org.test.int1"/>
<allow send_destination="org.test.test1" send_interface="org.test.int2"/>
- <allow receive_sender="org.test.test3" receive_interface="org.test.int3" receiver_member="Member111"/>
+ <allow receive_sender="org.test.test3" receive_interface="org.test.int3" receive_member="Member111"/>
</policy>
</busconfig>

2
0533-core-don-t-allow-enabling-if-unit-is-masked.patch → 0534-core-don-t-allow-enabling-if-unit-is-masked.patch
View File

@ -1,4 +1,4 @@
From 85fa479ca5358d9472245eb0da6a86b5d644ccf9 Mon Sep 17 00:00:00 2001
From f7101b7368dfe41dbc8b7203e06133cccb589c01 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 7 Oct 2014 13:35:41 +0200
Subject: [PATCH] core: don't allow enabling if unit is masked

87
0535-fedora-add-bridge-sysctl-configuration.patch
View File

@ -1,87 +0,0 @@
From ea3a099cb842beca5292d71e78f54c9dddde0ac6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 01:49:10 -0400
Subject: [PATCH] fedora: add bridge sysctl configuration
Udev rule is added to load those settings when the bridge
module is loaded.
https://bugzilla.redhat.com/show_bug.cgi?id=634736
---
Makefile.am | 8 ++++++--
rules/.gitignore | 1 +
rules/99-bridge.rules.in | 9 +++++++++
sysctl.d/50-bridge.conf | 4 ++++
4 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 rules/99-bridge.rules.in
create mode 100644 sysctl.d/50-bridge.conf
diff --git a/Makefile.am b/Makefile.am
index e52db1793b..41e94575ef 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -445,7 +445,8 @@ CLEANFILES += \
$(nodist_zshcompletion_DATA)
dist_sysctl_DATA = \
- sysctl.d/50-default.conf
+ sysctl.d/50-default.conf \
+ sysctl.d/50-bridge.conf
dist_systemunit_DATA = \
units/graphical.target \
@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \
rules/95-udev-late.rules
nodist_udevrules_DATA += \
- rules/99-systemd.rules
+ rules/99-systemd.rules \
+ rules/99-bridge.rules
dist_udevhwdb_DATA = \
hwdb/20-pci-vendor-model.hwdb \
@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \
EXTRA_DIST += \
rules/99-systemd.rules.in \
+ rules/99-bridge.rules.in \
src/udev/udev.pc.in
CLEANFILES += \
rules/99-systemd.rules \
+ rules/99-bridge.rules \
src/udev/udev.pc
EXTRA_DIST += \
diff --git a/rules/.gitignore b/rules/.gitignore
index 93a50ddd80..46c7f3ce91 100644
--- a/rules/.gitignore
+++ b/rules/.gitignore
@@ -1 +1,2 @@
/99-systemd.rules
+/99-bridge.rules
diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in
new file mode 100644
index 0000000000..f46f96bd2e
--- /dev/null
+++ b/rules/99-bridge.rules.in
@@ -0,0 +1,9 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+# Apply sysctl settings to bridges
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge"
diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf
new file mode 100644
index 0000000000..b586bf15fa
--- /dev/null
+++ b/sysctl.d/50-bridge.conf
@@ -0,0 +1,4 @@
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0

23
0535-man-mention-docker-as-type-of-virtualization.patch Normal file
View File

@ -0,0 +1,23 @@
From 1e98337f26cb6805a684eff9bc5eb842512ac8fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 21:41:14 -0400
Subject: [PATCH] man: mention docker as type of virtualization
---
man/systemd-detect-virt.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index bdf220eb28..1e8230c555 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -74,7 +74,8 @@
<varname>uml</varname>,
<varname>openvz</varname>, <varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
- <varname>systemd-nspawn</varname>.</para>
+ <varname>systemd-nspawn</varname>,
+ <varname>docker</varname>.</para>
<para>If multiple virtualization solutions are used,
only the "innermost" is detected and identified. That

100
0536-NEWS-update-for-217.patch Normal file
View File

@ -0,0 +1,100 @@
From b62a309a47dd11e11729616767421397b6ca7053 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 22:01:37 -0400
Subject: [PATCH] NEWS: update for 217
---
NEWS | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/NEWS b/NEWS
index f52ee027a1..6d93787bf8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,86 @@
systemd System and Service Manager
+CHANGES WITH 217:
+
+ * journalctl gained option -t/--identifier to match on the
+ syslog identifier and --utc option to show timestamps in UTC
+ timezone. journalctl now also accepts -n/--lines=all to
+ disable line cap under a pager.
+
+ * Services can notify the manager before they start a reload
+ (by sending RELOADING=1) or shutdown (by sending
+ STOPPING=1). This allows the manager to show the
+ internal state of daemons and closes a race condition
+ when the process is still running but has closed its
+ d-bus connection.
+
+ * Services with Type=oneshot do not have to have any
+ ExecStart commands.
+
+ * User units are now loaded also from
+ $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
+ /run/systemd/user directory that was already previously
+ supported, but is under the control of the user.
+
+ * A timeout for the start of the system can be configured. The
+ system can be configured to reboot or poweroff if the basic
+ system default target is not reached before the timeout (new
+ StartTimeoutSec=, StartTimeoutAction=,
+ StartTimeoutRebootArgument= options).
+
+ * systemd-logind can be configured to also handle lid switch
+ events even when the machine is docked or multiple displays
+ are attached (HandleLidSwitchDocked= option).
+
+ * A helper binary and a service have been added which can be
+ used to resume from hibernation in the initramfs. A
+ generator will parse the resume= option on the kernel
+ command-line to trigger resume.
+
+ * systemd-evcat input debugging tool has been added. It will
+ print keys read for the input system and show modifier
+ status.
+
+ * systemd-modeset graphics debugging tool will show undulating
+ rainbows on all connected displays.
+
+ * A user console daemon systemd-consoled has been added. It is
+ a preview, and will so far open a single terminal on each
+ session of the user marked as Desktop=SYSTEMD-CONSOLE.
+
+ * Route metrics can be specified for DHCP routes added by
+ systemd-networkd.
+
+ * SELinux context of socket-actived services can be set from
+ the information provided by the remote peer
+ (SELinuxContextFromNet= option).
+
+ * Userspace firmware loading support has been removed and
+ the minimum supported kernel version is thus bumped to 3.7.
+
+ * Timeout for udev workers has been increased from 1 to 3
+ minutes, but a warning will be printed after 1 minute to
+ help diagnose kernel modules that take a long time to load.
+
+ * Udev rules can now remove tags with TAG-="foobar".
+
+ * Readhead implementation has been removed. In many
+ circumstatances it didn't give expected benefits even for
+ rotational disk drives and was becoming less relevant in the
+ age of SSDs.
+
+ * Swap units can use Discard= to specify discard options.
+ Discard options specified for swaps in /etc/fstab are now
+ respected.
+
+ * Docker containers are now detected as a separate type of
+ virtualization.
+
+ * The Password Agent protocol gained support for queries where
+ the user input is shown, useful e.g. for usernames.
+ systemd-ask-password gained a new --echo option to turn
+ that on.
+
CHANGES WITH 216:
* timedated no longer reads NTP implementation unit names from

235
0537-unit-move-UnitDependency-to-unit-name.patch Normal file
View File

@ -0,0 +1,235 @@
From cb87a73b45503eaa6bead291423a529b00d27156 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Wed, 8 Oct 2014 11:58:57 +0200
Subject: [PATCH] unit: move UnitDependency to unit-name
---
src/core/unit.c | 29 ----------------------------
src/core/unit.h | 51 --------------------------------------------------
src/shared/unit-name.c | 29 ++++++++++++++++++++++++++++
src/shared/unit-name.h | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 80 insertions(+), 80 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 399d202738..0389e6e440 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3457,32 +3457,3 @@ static const char* const unit_active_state_table[_UNIT_ACTIVE_STATE_MAX] = {
};
DEFINE_STRING_TABLE_LOOKUP(unit_active_state, UnitActiveState);
-
-static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = {
- [UNIT_REQUIRES] = "Requires",
- [UNIT_REQUIRES_OVERRIDABLE] = "RequiresOverridable",
- [UNIT_REQUISITE] = "Requisite",
- [UNIT_REQUISITE_OVERRIDABLE] = "RequisiteOverridable",
- [UNIT_WANTS] = "Wants",
- [UNIT_BINDS_TO] = "BindsTo",
- [UNIT_PART_OF] = "PartOf",
- [UNIT_REQUIRED_BY] = "RequiredBy",
- [UNIT_REQUIRED_BY_OVERRIDABLE] = "RequiredByOverridable",
- [UNIT_WANTED_BY] = "WantedBy",
- [UNIT_BOUND_BY] = "BoundBy",
- [UNIT_CONSISTS_OF] = "ConsistsOf",
- [UNIT_CONFLICTS] = "Conflicts",
- [UNIT_CONFLICTED_BY] = "ConflictedBy",
- [UNIT_BEFORE] = "Before",
- [UNIT_AFTER] = "After",
- [UNIT_ON_FAILURE] = "OnFailure",
- [UNIT_TRIGGERS] = "Triggers",
- [UNIT_TRIGGERED_BY] = "TriggeredBy",
- [UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo",
- [UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom",
- [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf",
- [UNIT_REFERENCES] = "References",
- [UNIT_REFERENCED_BY] = "ReferencedBy",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency);
diff --git a/src/core/unit.h b/src/core/unit.h
index 3e61067f84..a773762f36 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -28,7 +28,6 @@
typedef struct Unit Unit;
typedef struct UnitVTable UnitVTable;
typedef enum UnitActiveState UnitActiveState;
-typedef enum UnitDependency UnitDependency;
typedef struct UnitRef UnitRef;
typedef struct UnitStatusMessageFormats UnitStatusMessageFormats;
@@ -70,53 +69,6 @@ static inline bool UNIT_IS_INACTIVE_OR_FAILED(UnitActiveState t) {
return t == UNIT_INACTIVE || t == UNIT_FAILED;
}
-enum UnitDependency {
- /* Positive dependencies */
- UNIT_REQUIRES,
- UNIT_REQUIRES_OVERRIDABLE,
- UNIT_REQUISITE,
- UNIT_REQUISITE_OVERRIDABLE,
- UNIT_WANTS,
- UNIT_BINDS_TO,
- UNIT_PART_OF,
-
- /* Inverse of the above */
- UNIT_REQUIRED_BY, /* inverse of 'requires' and 'requisite' is 'required_by' */
- UNIT_REQUIRED_BY_OVERRIDABLE, /* inverse of 'requires_overridable' and 'requisite_overridable' is 'soft_required_by' */
- UNIT_WANTED_BY, /* inverse of 'wants' */
- UNIT_BOUND_BY, /* inverse of 'binds_to' */
- UNIT_CONSISTS_OF, /* inverse of 'part_of' */
-
- /* Negative dependencies */
- UNIT_CONFLICTS, /* inverse of 'conflicts' is 'conflicted_by' */
- UNIT_CONFLICTED_BY,
-
- /* Order */
- UNIT_BEFORE, /* inverse of 'before' is 'after' and vice versa */
- UNIT_AFTER,
-
- /* On Failure */
- UNIT_ON_FAILURE,
-
- /* Triggers (i.e. a socket triggers a service) */
- UNIT_TRIGGERS,
- UNIT_TRIGGERED_BY,
-
- /* Propagate reloads */
- UNIT_PROPAGATES_RELOAD_TO,
- UNIT_RELOAD_PROPAGATED_FROM,
-
- /* Joins namespace of */
- UNIT_JOINS_NAMESPACE_OF,
-
- /* Reference information for GC logic */
- UNIT_REFERENCES, /* Inverse of 'references' is 'referenced_by' */
- UNIT_REFERENCED_BY,
-
- _UNIT_DEPENDENCY_MAX,
- _UNIT_DEPENDENCY_INVALID = -1
-};
-
#include "manager.h"
#include "job.h"
@@ -629,9 +581,6 @@ int unit_require_mounts_for(Unit *u, const char *path);
const char *unit_active_state_to_string(UnitActiveState i) _const_;
UnitActiveState unit_active_state_from_string(const char *s) _pure_;
-const char *unit_dependency_to_string(UnitDependency i) _const_;
-UnitDependency unit_dependency_from_string(const char *s) _pure_;
-
/* Macros which append UNIT= or USER_UNIT= to the message */
#define log_full_unit(level, unit, ...) log_meta_object(level, __FILE__, __LINE__, __func__, getpid() == 1 ? "UNIT=" : "USER_UNIT=", unit, __VA_ARGS__)
diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c
index a2d62d3151..2ef85450e7 100644
--- a/src/shared/unit-name.c
+++ b/src/shared/unit-name.c
@@ -592,3 +592,32 @@ int build_subslice(const char *slice, const char*name, char **subslice) {
*subslice = ret;
return 0;
}
+
+static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = {
+ [UNIT_REQUIRES] = "Requires",
+ [UNIT_REQUIRES_OVERRIDABLE] = "RequiresOverridable",
+ [UNIT_REQUISITE] = "Requisite",
+ [UNIT_REQUISITE_OVERRIDABLE] = "RequisiteOverridable",
+ [UNIT_WANTS] = "Wants",
+ [UNIT_BINDS_TO] = "BindsTo",
+ [UNIT_PART_OF] = "PartOf",
+ [UNIT_REQUIRED_BY] = "RequiredBy",
+ [UNIT_REQUIRED_BY_OVERRIDABLE] = "RequiredByOverridable",
+ [UNIT_WANTED_BY] = "WantedBy",
+ [UNIT_BOUND_BY] = "BoundBy",
+ [UNIT_CONSISTS_OF] = "ConsistsOf",
+ [UNIT_CONFLICTS] = "Conflicts",
+ [UNIT_CONFLICTED_BY] = "ConflictedBy",
+ [UNIT_BEFORE] = "Before",
+ [UNIT_AFTER] = "After",
+ [UNIT_ON_FAILURE] = "OnFailure",
+ [UNIT_TRIGGERS] = "Triggers",
+ [UNIT_TRIGGERED_BY] = "TriggeredBy",
+ [UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo",
+ [UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom",
+ [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf",
+ [UNIT_REFERENCES] = "References",
+ [UNIT_REFERENCED_BY] = "ReferencedBy",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency);
diff --git a/src/shared/unit-name.h b/src/shared/unit-name.h
index d06d2b2353..daeb56a860 100644
--- a/src/shared/unit-name.h
+++ b/src/shared/unit-name.h
@@ -29,6 +29,7 @@
typedef enum UnitType UnitType;
typedef enum UnitLoadState UnitLoadState;
+typedef enum UnitDependency UnitDependency;
enum UnitType {
UNIT_SERVICE = 0,
@@ -59,6 +60,53 @@ enum UnitLoadState {
_UNIT_LOAD_STATE_INVALID = -1
};
+enum UnitDependency {
+ /* Positive dependencies */
+ UNIT_REQUIRES,
+ UNIT_REQUIRES_OVERRIDABLE,
+ UNIT_REQUISITE,
+ UNIT_REQUISITE_OVERRIDABLE,
+ UNIT_WANTS,
+ UNIT_BINDS_TO,
+ UNIT_PART_OF,
+
+ /* Inverse of the above */
+ UNIT_REQUIRED_BY, /* inverse of 'requires' and 'requisite' is 'required_by' */
+ UNIT_REQUIRED_BY_OVERRIDABLE, /* inverse of 'requires_overridable' and 'requisite_overridable' is 'soft_required_by' */
+ UNIT_WANTED_BY, /* inverse of 'wants' */
+ UNIT_BOUND_BY, /* inverse of 'binds_to' */
+ UNIT_CONSISTS_OF, /* inverse of 'part_of' */
+
+ /* Negative dependencies */
+ UNIT_CONFLICTS, /* inverse of 'conflicts' is 'conflicted_by' */
+ UNIT_CONFLICTED_BY,
+
+ /* Order */
+ UNIT_BEFORE, /* inverse of 'before' is 'after' and vice versa */
+ UNIT_AFTER,
+
+ /* On Failure */
+ UNIT_ON_FAILURE,
+
+ /* Triggers (i.e. a socket triggers a service) */
+ UNIT_TRIGGERS,
+ UNIT_TRIGGERED_BY,
+
+ /* Propagate reloads */
+ UNIT_PROPAGATES_RELOAD_TO,
+ UNIT_RELOAD_PROPAGATED_FROM,
+
+ /* Joins namespace of */
+ UNIT_JOINS_NAMESPACE_OF,
+
+ /* Reference information for GC logic */
+ UNIT_REFERENCES, /* Inverse of 'references' is 'referenced_by' */
+ UNIT_REFERENCED_BY,
+
+ _UNIT_DEPENDENCY_MAX,
+ _UNIT_DEPENDENCY_INVALID = -1
+};
+
const char *unit_type_to_string(UnitType i) _const_;
UnitType unit_type_from_string(const char *s) _pure_;
@@ -112,3 +160,6 @@ char *unit_name_mangle(const char *name, enum unit_name_mangle allow_globs);
char *unit_name_mangle_with_suffix(const char *name, enum unit_name_mangle allow_globs, const char *suffix);
int build_subslice(const char *slice, const char*name, char **subslice);
+
+const char *unit_dependency_to_string(UnitDependency i) _const_;
+UnitDependency unit_dependency_from_string(const char *s) _pure_;

595
0538-systemctl-add-add-wants-and-add-requires-verbs.patch Normal file
View File

@ -0,0 +1,595 @@
From e94937df954451eb4aa63573f0d7404ed2db987e Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Wed, 8 Oct 2014 11:59:46 +0200
Subject: [PATCH] systemctl: add add-wants and add-requires verbs
---
TODO | 1 -
man/systemctl.xml | 19 ++++++
src/core/dbus-manager.c | 83 +++++++++++++++++----------
src/core/org.freedesktop.systemd1.conf | 4 ++
src/core/selinux-access.c | 29 ++++++++++
src/core/selinux-access.h | 3 +
src/shared/install.c | 102 ++++++++++++++++++++++++++++++---
src/shared/install.h | 2 +
src/systemctl/systemctl.c | 100 ++++++++++++++++++++++++++++++++
9 files changed, 303 insertions(+), 40 deletions(-)
diff --git a/TODO b/TODO
index 10baa1cec3..b437166273 100644
--- a/TODO
+++ b/TODO
@@ -461,7 +461,6 @@ Features:
- "systemctl mask" should find all names by which a unit is accessible
(i.e. by scanning for symlinks to it) and link them all to /dev/null
- systemctl list-unit-files should list generated files (and probably with a new state "generated" for them, or so)
- - systemctl: maybe add "systemctl add-wants" or so...
* timer units:
- timer units should get the ability to trigger when:
diff --git a/man/systemctl.xml b/man/systemctl.xml
index b28a3b7e8a..b2aa17f22b 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -1098,6 +1098,25 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
</varlistentry>
<varlistentry>
+ <term><command>add-wants <replaceable>TARGET</replaceable>
+ <replaceable>NAME</replaceable>...</command></term>
+ <term><command>add-requires <replaceable>TARGET</replaceable>
+ <replaceable>NAME</replaceable>...</command></term>
+
+ <listitem>
+ <para>Adds <literal>Wants=</literal> resp. <literal>Requires=</literal>
+ dependency to the specified <replaceable>TARGET</replaceable> for
+ one or more units. </para>
+
+ <para>This command honors <option>--system</option>,
+ <option>--user</option>, <option>--runtime</option> and
+ <option>--global</option> in a similar way as
+ <command>enable</command>.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>link <replaceable>FILENAME</replaceable>...</command></term>
<listitem>
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 533ce439a7..57db1c9f6a 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1562,9 +1562,6 @@ static int method_enable_unit_files_generic(
sd_bus_error *error) {
_cleanup_strv_free_ char **l = NULL;
-#ifdef HAVE_SELINUX
- char **i;
-#endif
UnitFileChange *changes = NULL;
unsigned n_changes = 0;
UnitFileScope scope;
@@ -1588,18 +1585,9 @@ static int method_enable_unit_files_generic(
if (r < 0)
return r;
-#ifdef HAVE_SELINUX
- STRV_FOREACH(i, l) {
- Unit *u;
-
- u = manager_get_unit(m, *i);
- if (u) {
- r = selinux_unit_access_check(u, message, verb, error);
- if (r < 0)
- return r;
- }
- }
-#endif
+ r = selinux_unit_access_check_strv(l, message, m, verb, error);
+ if (r < 0)
+ return r;
scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
@@ -1637,9 +1625,6 @@ static int method_mask_unit_files(sd_bus *bus, sd_bus_message *message, void *us
static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_strv_free_ char **l = NULL;
-#ifdef HAVE_SELINUX
- char **i;
-#endif
UnitFileChange *changes = NULL;
unsigned n_changes = 0;
Manager *m = userdata;
@@ -1674,18 +1659,9 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
return -EINVAL;
}
-#ifdef HAVE_SELINUX
- STRV_FOREACH(i, l) {
- Unit *u;
-
- u = manager_get_unit(m, *i);
- if (u) {
- r = selinux_unit_access_check(u, message, "enable", error);
- if (r < 0)
- return r;
- }
- }
-#endif
+ r = selinux_unit_access_check_strv(l, message, m, "enable", error);
+ if (r < 0)
+ return r;
scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
@@ -1828,6 +1804,52 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
return reply_unit_file_changes_and_free(m, bus, message, -1, changes, n_changes);
}
+static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
+ _cleanup_strv_free_ char **l = NULL;
+ Manager *m = userdata;
+ UnitFileChange *changes = NULL;
+ unsigned n_changes = 0;
+ UnitFileScope scope;
+ int runtime, force, r;
+ char *target;
+ char *type;
+ UnitDependency dep;
+
+ assert(bus);
+ assert(message);
+ assert(m);
+
+ r = bus_verify_manage_unit_files_async(m, message, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
+ r = sd_bus_message_read_strv(message, &l);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_read(message, "ssbb", &target, &type, &runtime, &force);
+ if (r < 0)
+ return r;
+
+ dep = unit_dependency_from_string(type);
+ if (dep < 0)
+ return -EINVAL;
+
+ r = selinux_unit_access_check_strv(l, message, m, "enable", error);
+ if (r < 0)
+ return r;
+
+ scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
+
+ r = unit_file_add_dependency(scope, runtime, NULL, l, target, dep, force, &changes, &n_changes);
+ if (r < 0)
+ return r;
+
+ return reply_unit_file_changes_and_free(m, bus, message, -1, changes, n_changes);
+}
+
const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_VTABLE_START(0),
@@ -1918,6 +1940,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_METHOD("SetDefaultTarget", "sb", "a(sss)", method_set_default_target, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("GetDefaultTarget", NULL, "s", method_get_default_target, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("PresetAllUnitFiles", "sbb", "a(sss)", method_preset_all_unit_files, SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("AddDependencyUnitFiles", "asssbb", "a(sss)", method_add_dependency_unit_files, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_SIGNAL("UnitNew", "so", 0),
SD_BUS_SIGNAL("UnitRemoved", "so", 0),
diff --git a/src/core/org.freedesktop.systemd1.conf b/src/core/org.freedesktop.systemd1.conf
index 3e1382524a..6a7a37ee92 100644
--- a/src/core/org.freedesktop.systemd1.conf
+++ b/src/core/org.freedesktop.systemd1.conf
@@ -199,6 +199,10 @@
send_member="PresetAllUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
+ send_interface="org.freedesktop.systemd1.Manager"
+ send_member="AddDependencyUnitFiles"/>
+
+ <allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Job"
send_member="Cancel"/>
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index cdbfb83a1a..184f202c1e 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -250,6 +250,27 @@ finish:
return r;
}
+int selinux_unit_access_check_strv(char **units,
+ sd_bus_message *message,
+ Manager *m,
+ const char *permission,
+ sd_bus_error *error) {
+ char **i;
+ Unit *u;
+ int r;
+
+ STRV_FOREACH(i, units) {
+ u = manager_get_unit(m, *i);
+ if (u) {
+ r = selinux_unit_access_check(u, message, permission, error);
+ if (r < 0)
+ return r;
+ }
+ }
+
+ return 0;
+}
+
#else
int selinux_generic_access_check(
@@ -264,4 +285,12 @@ int selinux_generic_access_check(
void selinux_access_free(void) {
}
+int selinux_unit_access_check_strv(char **units,
+ sd_bus_message *message,
+ Manager *m,
+ const char *permission,
+ sd_bus_error *error) {
+ return 0;
+}
+
#endif
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
index 27d9e14591..6a4362a73c 100644
--- a/src/core/selinux-access.h
+++ b/src/core/selinux-access.h
@@ -24,11 +24,14 @@
#include "sd-bus.h"
#include "bus-error.h"
#include "bus-util.h"
+#include "manager.h"
void selinux_access_free(void);
int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
+int selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
+
#ifdef HAVE_SELINUX
#define selinux_access_check(message, permission, error) \
diff --git a/src/shared/install.c b/src/shared/install.c
index 945bb2748d..ff5dcbac15 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1042,7 +1042,8 @@ static int unit_file_load(
InstallInfo *info,
const char *path,
const char *root_dir,
- bool allow_symlink) {
+ bool allow_symlink,
+ bool load) {
const ConfigTableItem items[] = {
{ "Install", "Alias", config_parse_strv, 0, &info->aliases },
@@ -1064,6 +1065,11 @@ static int unit_file_load(
if (!isempty(root_dir))
path = strappenda(root_dir, "/", path);
+ if (!load) {
+ r = access(path, F_OK) ? -errno : 0;
+ return r;
+ }
+
fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|(allow_symlink ? 0 : O_NOFOLLOW));
if (fd < 0)
return -errno;
@@ -1092,7 +1098,8 @@ static int unit_file_search(
InstallInfo *info,
LookupPaths *paths,
const char *root_dir,
- bool allow_symlink) {
+ bool allow_symlink,
+ bool load) {
char **p;
int r;
@@ -1102,7 +1109,7 @@ static int unit_file_search(
assert(paths);
if (info->path)
- return unit_file_load(c, info, info->path, root_dir, allow_symlink);
+ return unit_file_load(c, info, info->path, root_dir, allow_symlink, load);
assert(info->name);
@@ -1113,7 +1120,7 @@ static int unit_file_search(
if (!path)
return -ENOMEM;
- r = unit_file_load(c, info, path, root_dir, allow_symlink);
+ r = unit_file_load(c, info, path, root_dir, allow_symlink, load);
if (r >= 0) {
info->path = path;
path = NULL;
@@ -1142,7 +1149,7 @@ static int unit_file_search(
if (!path)
return -ENOMEM;
- r = unit_file_load(c, info, path, root_dir, allow_symlink);
+ r = unit_file_load(c, info, path, root_dir, allow_symlink, load);
if (r >= 0) {
info->path = path;
path = NULL;
@@ -1175,7 +1182,7 @@ static int unit_file_can_install(
assert_se(i = hashmap_first(c.will_install));
- r = unit_file_search(&c, i, paths, root_dir, allow_symlink);
+ r = unit_file_search(&c, i, paths, root_dir, allow_symlink, true);
if (r >= 0)
r =
@@ -1402,7 +1409,7 @@ static int install_context_apply(
assert_se(hashmap_move_one(c->have_installed, c->will_install, i->name) == 0);
- q = unit_file_search(c, i, paths, root_dir, false);
+ q = unit_file_search(c, i, paths, root_dir, false, true);
if (q < 0) {
if (r >= 0)
r = q;
@@ -1443,7 +1450,7 @@ static int install_context_mark_for_removal(
assert_se(hashmap_move_one(c->have_installed, c->will_install, i->name) == 0);
- q = unit_file_search(c, i, paths, root_dir, false);
+ q = unit_file_search(c, i, paths, root_dir, false, true);
if (q == -ENOENT) {
/* do nothing */
} else if (q < 0) {
@@ -1489,6 +1496,83 @@ static int install_context_mark_for_removal(
return r;
}
+int unit_file_add_dependency(
+ UnitFileScope scope,
+ bool runtime,
+ const char *root_dir,
+ char **files,
+ char *target,
+ UnitDependency dep,
+ bool force,
+ UnitFileChange **changes,
+ unsigned *n_changes) {
+
+ _cleanup_lookup_paths_free_ LookupPaths paths = {};
+ _cleanup_(install_context_done) InstallContext c = {};
+ _cleanup_free_ char *config_path = NULL;
+ char **i;
+ int r;
+ InstallInfo *info;
+
+ assert(scope >= 0);
+ assert(scope < _UNIT_FILE_SCOPE_MAX);
+
+ r = lookup_paths_init_from_scope(&paths, scope, root_dir);
+ if (r < 0)
+ return r;
+
+ r = get_config_path(scope, runtime, root_dir, &config_path);
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH(i, files) {
+ UnitFileState state;
+
+ state = unit_file_get_state(scope, root_dir, *i);
+ if (state < 0) {
+ log_error("Failed to get unit file state for %s: %s", *i, strerror(-state));
+ return state;
+ }
+
+ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) {
+ log_error("Failed to enable unit: Unit %s is masked", *i);
+ return -ENOTSUP;
+ }
+
+ r = install_info_add_auto(&c, *i);
+ if (r < 0)
+ return r;
+ }
+
+ while ((info = hashmap_first(c.will_install))) {
+ r = hashmap_ensure_allocated(&c.have_installed, &string_hash_ops);
+ if (r < 0)
+ return r;
+
+ assert_se(hashmap_move_one(c.have_installed, c.will_install, info->name) == 0);
+
+ r = unit_file_search(&c, info, &paths, root_dir, false, false);
+ if (r < 0)
+ return r;
+
+ if (dep == UNIT_WANTS)
+ r = strv_extend(&info->wanted_by, target);
+ else if (dep == UNIT_REQUIRES)
+ r = strv_extend(&info->required_by, target);
+ else
+ r = -EINVAL;
+
+ if (r < 0)
+ return r;
+
+ r = install_info_apply(info, &paths, config_path, root_dir, force, changes, n_changes);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
int unit_file_enable(
UnitFileScope scope,
bool runtime,
@@ -1638,7 +1722,7 @@ int unit_file_set_default(
assert_se(i = hashmap_first(c.will_install));
- r = unit_file_search(&c, i, &paths, root_dir, false);
+ r = unit_file_search(&c, i, &paths, root_dir, false, true);
if (r < 0)
return r;
diff --git a/src/shared/install.h b/src/shared/install.h
index ff16d9f681..c0b4df69d5 100644
--- a/src/shared/install.h
+++ b/src/shared/install.h
@@ -22,6 +22,7 @@
***/
#include "hashmap.h"
+#include "unit-name.h"
typedef enum UnitFileScope {
UNIT_FILE_SYSTEM,
@@ -93,6 +94,7 @@ int unit_file_mask(UnitFileScope scope, bool runtime, const char *root_dir, char
int unit_file_unmask(UnitFileScope scope, bool runtime, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes);
int unit_file_set_default(UnitFileScope scope, const char *root_dir, const char *file, bool force, UnitFileChange **changes, unsigned *n_changes);
int unit_file_get_default(UnitFileScope scope, const char *root_dir, char **name);
+int unit_file_add_dependency(UnitFileScope scope, bool runtime, const char *root_dir, char **files, char *target, UnitDependency dep, bool force, UnitFileChange **changes, unsigned *n_changes);
UnitFileState unit_file_get_state(UnitFileScope scope, const char *root_dir, const char *filename);
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 1c6fef484e..12175923e9 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5288,6 +5288,100 @@ finish:
return r;
}
+static int add_dependency(sd_bus *bus, char **args) {
+ _cleanup_strv_free_ char **names = NULL;
+ _cleanup_free_ char *target = NULL;
+ const char *verb = args[0];
+ UnitDependency dep;
+ int r = 0;
+
+ if (!args[1])
+ return 0;
+
+ target = unit_name_mangle_with_suffix(args[1], MANGLE_NOGLOB, ".target");
+ if (!target)
+ return log_oom();
+
+ r = mangle_names(args+2, &names);
+ if (r < 0)
+ return r;
+
+ if (streq(verb, "add-wants"))
+ dep = UNIT_WANTS;
+ else if (streq(verb, "add-requires"))
+ dep = UNIT_REQUIRES;
+ else
+ assert_not_reached("Unknown verb");
+
+ if (!bus || avoid_bus()) {
+ UnitFileChange *changes = NULL;
+ unsigned n_changes = 0;
+
+ r = unit_file_add_dependency(arg_scope, arg_runtime, arg_root, names, target, dep, arg_force, &changes, &n_changes);
+
+ if (r < 0) {
+ log_error("Can't add dependency: %s", strerror(-r));
+ return r;
+ }
+
+ if (!arg_quiet)
+ dump_unit_file_changes(changes, n_changes);
+
+ unit_file_changes_free(changes, n_changes);
+
+ } else {
+ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL, *m = NULL;
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+
+ r = sd_bus_message_new_method_call(
+ bus,
+ &m,
+ "org.freedesktop.systemd1",
+ "/org/freedesktop/systemd1",
+ "org.freedesktop.systemd1.Manager",
+ "AddDependencyUnitFiles");
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append_strv(m, names);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append(m, "s", target);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append(m, "s", unit_dependency_to_string(dep));
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append(m, "b", arg_runtime);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append(m, "b", arg_force);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_call(bus, m, 0, &error, &reply);
+ if (r < 0) {
+ log_error("Failed to execute operation: %s", bus_error_message(&error, r));
+ return r;
+ }
+
+ r = deserialize_and_dump_unit_file_changes(reply);
+ if (r < 0)
+ return r;
+
+ if (!arg_no_reload)
+ r = daemon_reload(bus, args);
+ else
+ r = 0;
+ }
+
+ return r;
+}
+
static int preset_all(sd_bus *bus, char **args) {
UnitFileChange *changes = NULL;
unsigned n_changes = 0;
@@ -5533,6 +5627,10 @@ static void systemctl_help(void) {
" unmask NAME... Unmask one or more units\n"
" link PATH... Link one or more units files into\n"
" the search path\n"
+ " add-wants TARGET NAME... Add 'Wants' dependency for the target\n"
+ " on specified one or more units\n"
+ " add-requires TARGET NAME... Add 'Requires' dependency for the target\n"
+ " on specified one or more units\n"
" get-default Get the name of the default target\n"
" set-default NAME Set the default target\n\n"
"Machine Commands:\n"
@@ -6543,6 +6641,8 @@ static int systemctl_main(sd_bus *bus, int argc, char *argv[], int bus_error) {
{ "get-default", EQUAL, 1, get_default, NOBUS },
{ "set-property", MORE, 3, set_property },
{ "is-system-running", EQUAL, 1, is_system_running },
+ { "add-wants", MORE, 3, add_dependency, NOBUS },
+ { "add-requires", MORE, 3, add_dependency, NOBUS },
{}
}, *verb = verbs;

33
0539-note-on-relative-symlink-in-os-release.patch Normal file
View File

@ -0,0 +1,33 @@
From 5a94946cdf38d3574bd32cd3151b32003df60e6a Mon Sep 17 00:00:00 2001
From: Rahul Sundaram <metherid@gmail.com>
Date: Wed, 8 Oct 2014 01:42:59 -0400
Subject: [PATCH] note on relative symlink in os-release
---
man/os-release.xml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/man/os-release.xml b/man/os-release.xml
index 4e02f800b6..b298304943 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
@@ -90,11 +90,15 @@
files at the same
time. <filename>/usr/lib/os-release</filename> is the
recommended place to store OS release information as
- part of vendor trees. Frequently,
- <filename>/etc/os-release</filename> is simply a
- symlink to <filename>/usr/lib/os-release</filename>,
+ part of vendor trees.
+ <filename>/etc/os-release</filename> should be a
+ relative symlink to
+ <filename>/usr/lib/os-release</filename>,
to provide compatibility with applications only
- looking at <filename>/etc</filename>.</para>
+ looking at <filename>/etc</filename>. A relative
+ symlink instead of an absolute symlink is
+ necessary to avoid breaking the link in a chroot or
+ initrd environment such as dracut.</para>
<para><filename>os-release</filename> contains data
that is defined by the operating system vendor and

45
0540-nspawn-copy-dev-net-tun-from-host.patch Normal file
View File

@ -0,0 +1,45 @@
From 85614d663e4a09beee1c78aaa67f02943d50d5a0 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Wed, 8 Oct 2014 15:01:07 +0200
Subject: [PATCH] nspawn: copy /dev/net/tun from host
This enables tuntap support in the container (assumning the necessary capabilities are in place).
---
src/nspawn/nspawn.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 34436b82a2..da4c116f36 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1101,7 +1101,8 @@ static int copy_devnodes(const char *dest) {
"full\0"
"random\0"
"urandom\0"
- "tty\0";
+ "tty\0"
+ "net/tun\0";
const char *d;
int r = 0;
@@ -1132,10 +1133,17 @@ static int copy_devnodes(const char *dest) {
log_error("%s is not a char or block device, cannot copy", from);
return -EIO;
- } else if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+ } else {
+ r = mkdir_parents(to, 0775);
+ if (r < 0) {
+ log_error("Failed to create parent directory of %s: %s", to, strerror(-r));
+ return -r;
+ }
- log_error("mknod(%s) failed: %m", dest);
- return -errno;
+ if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+ log_error("mknod(%s) failed: %m", dest);
+ return -errno;
+ }
}
}

145
0541-sd-bus-sync-kdbus.h-ABI-break.patch Normal file
View File

@ -0,0 +1,145 @@
From 40885bb29e3f39fc06787075f666a0ec2ac35361 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Wed, 8 Oct 2014 15:32:41 +0200
Subject: [PATCH] sd-bus: sync kdbus.h (ABI break)
Sync kdbus.h once again. Two thing have changed:
a) KDBUS_CMD_EP_* was renamed to KDBUS_CMD_ENDPOINT_*
b) struct kdbus_cmd_hello and struct kdbus_cmd_make gained a
'features' bitfield (which is currently unused)
---
src/libsystemd/sd-bus/bus-kernel.c | 19 ++++++++++---------
src/libsystemd/sd-bus/kdbus.h | 16 ++++++++++------
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index b431d78139..c3dbc837d7 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -1307,9 +1307,9 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
return -errno;
}
- /* The higher 32bit of the flags field are considered
- * 'incompatible flags'. Refuse them all for now. */
- if (make->flags > 0xFFFFFFFFULL) {
+ /* The features field are considered 'incompatible flags'.
+ * Refuse them all for now. */
+ if (make->features) {
safe_close(fd);
return -ENOTSUP;
}
@@ -1439,14 +1439,14 @@ int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char *
n->size = offsetof(struct kdbus_item, str) + strlen(ep_name) + 1;
strcpy(n->str, ep_name);
- if (ioctl(fd, KDBUS_CMD_EP_MAKE, make) < 0) {
+ if (ioctl(fd, KDBUS_CMD_ENDPOINT_MAKE, make) < 0) {
safe_close(fd);
return -errno;
}
- /* The higher 32bit of the flags field are considered
- * 'incompatible flags'. Refuse them all for now. */
- if (make->flags > 0xFFFFFFFFULL) {
+ /* The features field are considered 'incompatible flags'.
+ * Refuse them all for now. */
+ if (make->features) {
safe_close(fd);
return -ENOTSUP;
}
@@ -1503,7 +1503,7 @@ int bus_kernel_set_endpoint_policy(int fd, uid_t uid, BusEndpoint *ep) {
n = KDBUS_ITEM_NEXT(n);
}
- r = ioctl(fd, KDBUS_CMD_EP_UPDATE, update);
+ r = ioctl(fd, KDBUS_CMD_ENDPOINT_UPDATE, update);
if (r < 0)
return -errno;
@@ -1576,7 +1576,8 @@ int bus_kernel_make_starter(
/* The higher 32bit of both flags fields are considered
* 'incompatible flags'. Refuse them all for now. */
- if (hello->bus_flags > 0xFFFFFFFFULL ||
+ if (hello->features ||
+ hello->bus_flags > 0xFFFFFFFFULL ||
hello->conn_flags > 0xFFFFFFFFULL)
return -ENOTSUP;
diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h
index 8994b5673d..79a17f3449 100644
--- a/src/libsystemd/sd-bus/kdbus.h
+++ b/src/libsystemd/sd-bus/kdbus.h
@@ -554,6 +554,7 @@ enum kdbus_attach_flags {
/**
* struct kdbus_cmd_hello - struct to say hello to kdbus
* @size: The total size of the structure
+ * @features: Feature negotiation bitmask
* @conn_flags: Connection flags (KDBUS_HELLO_*).
* @attach_flags: Mask of metadata to attach to each message sent
* (KDBUS_ATTACH_*)
@@ -573,6 +574,7 @@ enum kdbus_attach_flags {
*/
struct kdbus_cmd_hello {
__u64 size;
+ __u64 features;
__u64 conn_flags;
__u64 attach_flags;
__u64 bus_flags;
@@ -596,14 +598,16 @@ enum kdbus_make_flags {
/**
* struct kdbus_cmd_make - struct to make a bus, an endpoint or a domain
* @size: The total size of the struct
+ * @features: Feature negotiation bitmask
* @flags: Properties for the bus/ep/domain to create
* @items: Items describing details
*
- * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_EP_MAKE and
- * KDBUS_CMD_DOMAIN_MAKE ioctls.
+ * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_ENDPOINT_MAKE
+ * and KDBUS_CMD_DOMAIN_MAKE ioctls.
*/
struct kdbus_cmd_make {
__u64 size;
+ __u64 features;
__u64 flags;
struct kdbus_item items[0];
} __attribute__((aligned(8)));
@@ -775,7 +779,7 @@ struct kdbus_cmd_match {
* is closed.
* @KDBUS_CMD_DOMAIN_MAKE: Similar to KDBUS_CMD_BUS_MAKE, but it creates a
* new kdbus domain.
- * @KDBUS_CMD_EP_MAKE: Creates a new named special endpoint to talk to
+ * @KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to
* the bus. Such endpoints usually carry a more
* restrictive policy and grant restricted access
* to specific applications.
@@ -811,7 +815,7 @@ struct kdbus_cmd_match {
* @KDBUS_CMD_CONN_UPDATE: Update the properties of a connection. Used to
* update the metadata subscription mask and
* policy.
- * @KDBUS_CMD_EP_UPDATE: Update the properties of a custom enpoint. Used
+ * @KDBUS_CMD_ENDPOINT_UPDATE: Update the properties of a custom enpoint. Used
* to update the policy.
* @KDBUS_CMD_MATCH_ADD: Install a match which broadcast messages should
* be delivered to the connection.
@@ -822,7 +826,7 @@ enum kdbus_ioctl_type {
struct kdbus_cmd_make),
KDBUS_CMD_DOMAIN_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x10,
struct kdbus_cmd_make),
- KDBUS_CMD_EP_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x20,
+ KDBUS_CMD_ENDPOINT_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x20,
struct kdbus_cmd_make),
KDBUS_CMD_HELLO = _IOWR(KDBUS_IOCTL_MAGIC, 0x30,
@@ -850,7 +854,7 @@ enum kdbus_ioctl_type {
KDBUS_CMD_CONN_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x61,
struct kdbus_cmd_update),
- KDBUS_CMD_EP_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x71,
+ KDBUS_CMD_ENDPOINT_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x71,
struct kdbus_cmd_update),
KDBUS_CMD_MATCH_ADD = _IOW(KDBUS_IOCTL_MAGIC, 0x80,

27
0542-Update-TODO.patch Normal file
View File

@ -0,0 +1,27 @@
From 402696d787d252d6317e36c5be340d47578bb27b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 8 Oct 2014 21:32:30 +0200
Subject: [PATCH] Update TODO
---
TODO | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/TODO b/TODO
index b437166273..7d205faa8d 100644
--- a/TODO
+++ b/TODO
@@ -34,6 +34,13 @@ External:
Features:
+* bus-proxy: when passing messages from kdbus, make sure we properly
+ handle the case where a large number of fds is appended that we
+ cannot pass into sendmsg() of the AF_UNIX sokcet (which only accepts
+ 253 messages)
+
+* check for validity of ucred fields in bus-proxy, like we do in journald
+
* busctl: add a pcap writer, using LINKTYPE_DBUS/231
* man: maybe use the word "inspect" rather than "introspect"?

24
0543-core-map-the-rescue-argument-to-rescue.target.patch Normal file
View File

@ -0,0 +1,24 @@
From 5329ab10ffaf5b4a3fd6ebd9380b1ec09d05cfc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Tue, 7 Oct 2014 14:55:21 +0300
Subject: [PATCH] core: map the 'rescue' argument to rescue.target
Even though the 'emergency' and 'single' aliases come from sysvinit, the
lack of 'rescue' is still quite confusing (caught me by surprise for the
9th time yet) and inconsistent with `systemctl rescue` as well.
---
src/core/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/core/main.c b/src/core/main.c
index 1a62e04c80..44373cc7ef 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -272,6 +272,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
static const char * const rlmap[] = {
"emergency", SPECIAL_EMERGENCY_TARGET,
"-b", SPECIAL_EMERGENCY_TARGET,
+ "rescue", SPECIAL_RESCUE_TARGET,
"single", SPECIAL_RESCUE_TARGET,
"-s", SPECIAL_RESCUE_TARGET,
"s", SPECIAL_RESCUE_TARGET,

143
0544-time-functions-named-internal-really-shouldn-t-be-ex.patch Normal file
View File

@ -0,0 +1,143 @@
From 5ab99e076c72a44f2e174e48abd9945cd0180d76 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 8 Oct 2014 22:37:45 +0200
Subject: [PATCH] time: functions named "internal" really shouldn't be exported
Also, let's try to make function names descriptive, instead of using
bools for flags.
---
src/journal/journalctl.c | 22 +++++++++++++++-------
src/shared/logs-show.c | 4 +++-
src/shared/time-util.c | 16 ++++++++++++++--
src/shared/time-util.h | 5 +++--
4 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 816934ee6b..feb53bd203 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -127,6 +127,14 @@ static void pager_open_if_enabled(void) {
pager_open(arg_pager_end);
}
+static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
+
+ if (arg_utc)
+ return format_timestamp_utc(buf, l, t);
+
+ return format_timestamp(buf, l, t);
+}
+
static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
sd_id128_t id = SD_ID128_NULL;
int off = 0, r;
@@ -890,8 +898,8 @@ static int list_boots(sd_journal *j) {
printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
w, i - count + 1,
SD_ID128_FORMAT_VAL(id->id),
- format_timestamp_internal(a, sizeof(a), id->first, arg_utc),
- format_timestamp_internal(b, sizeof(b), id->last, arg_utc));
+ format_timestamp_maybe_utc(a, sizeof(a), id->first),
+ format_timestamp_maybe_utc(b, sizeof(b), id->last));
}
return 0;
@@ -1502,8 +1510,8 @@ static int verify(sd_journal *j) {
if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
if (validated > 0) {
log_info("=> Validated from %s to %s, final %s entries not sealed.",
- format_timestamp_internal(a, sizeof(a), first, arg_utc),
- format_timestamp_internal(b, sizeof(b), validated, arg_utc),
+ format_timestamp_maybe_utc(a, sizeof(a), first),
+ format_timestamp_maybe_utc(b, sizeof(b), validated),
format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
} else if (last > 0)
log_info("=> No sealing yet, %s of entries not sealed.",
@@ -1898,11 +1906,11 @@ int main(int argc, char *argv[]) {
if (r > 0) {
if (arg_follow)
printf("-- Logs begin at %s. --\n",
- format_timestamp_internal(start_buf, sizeof(start_buf), start, arg_utc));
+ format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
else
printf("-- Logs begin at %s, end at %s. --\n",
- format_timestamp_internal(start_buf, sizeof(start_buf), start, arg_utc),
- format_timestamp_internal(end_buf, sizeof(end_buf), end, arg_utc));
+ format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
+ format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
}
}
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
index e30e6865ac..3d742491c9 100644
--- a/src/shared/logs-show.c
+++ b/src/shared/logs-show.c
@@ -447,7 +447,9 @@ static int output_verbose(
}
fprintf(f, "%s [%s]\n",
- format_timestamp_us(ts, sizeof(ts), realtime, flags & OUTPUT_UTC),
+ flags & OUTPUT_UTC ?
+ format_timestamp_us_utc(ts, sizeof(ts), realtime) :
+ format_timestamp_us(ts, sizeof(ts), realtime),
cursor);
JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) {
diff --git a/src/shared/time-util.c b/src/shared/time-util.c
index 09f4a21354..433c262dfa 100644
--- a/src/shared/time-util.c
+++ b/src/shared/time-util.c
@@ -152,7 +152,7 @@ struct timeval *timeval_store(struct timeval *tv, usec_t u) {
return tv;
}
-char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc) {
+static char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc) {
struct tm tm;
time_t sec;
@@ -178,7 +178,11 @@ char *format_timestamp(char *buf, size_t l, usec_t t) {
return format_timestamp_internal(buf, l, t, false);
}
-char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc) {
+char *format_timestamp_utc(char *buf, size_t l, usec_t t) {
+ return format_timestamp_internal(buf, l, t, true);
+}
+
+static char *format_timestamp_internal_us(char *buf, size_t l, usec_t t, bool utc) {
struct tm tm;
time_t sec;
@@ -203,6 +207,14 @@ char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc) {
return buf;
}
+char *format_timestamp_us(char *buf, size_t l, usec_t t) {
+ return format_timestamp_internal_us(buf, l, t, false);
+}
+
+char *format_timestamp_us_utc(char *buf, size_t l, usec_t t) {
+ return format_timestamp_internal_us(buf, l, t, true);
+}
+
char *format_timestamp_relative(char *buf, size_t l, usec_t t) {
const char *s;
usec_t n, d;
diff --git a/src/shared/time-util.h b/src/shared/time-util.h
index 16cc593cf5..05369d295b 100644
--- a/src/shared/time-util.h
+++ b/src/shared/time-util.h
@@ -84,9 +84,10 @@ struct timespec *timespec_store(struct timespec *ts, usec_t u);
usec_t timeval_load(const struct timeval *tv) _pure_;
struct timeval *timeval_store(struct timeval *tv, usec_t u);
-char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc);
char *format_timestamp(char *buf, size_t l, usec_t t);
-char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc);
+char *format_timestamp_utc(char *buf, size_t l, usec_t t);
+char *format_timestamp_us(char *buf, size_t l, usec_t t);
+char *format_timestamp_us_utc(char *buf, size_t l, usec_t t);
char *format_timestamp_relative(char *buf, size_t l, usec_t t);
char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy);

29
0545-util-avoid-double-close-of-fd.patch Normal file
View File

@ -0,0 +1,29 @@
From 6f53e671aa7539cab02c9f739d84d28a343ca5bc Mon Sep 17 00:00:00 2001
From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Wed, 8 Oct 2014 23:57:32 +0200
Subject: [PATCH] util: avoid double close of fd
We could end with a double close if we close the fd loop and flush_fd
fails. That would make us goto fail and there we close the fd once
again. This patch sets the fd to the return value for safe_close: -1
A fd with negative value will be ignored by the next call to
safe_close.
CID#996223
---
src/shared/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/util.c b/src/shared/util.c
index bbd9bd11d6..5f6249eb04 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -2074,7 +2074,7 @@ int acquire_terminal(
* ended our handle will be dead. It's important that
* we do this after sleeping, so that we don't enter
* an endless loop. */
- safe_close(fd);
+ fd = safe_close(fd);
}
safe_close(notify);

34
0546-man-systemctl-document-enable-on-masked-units.patch Normal file
View File

@ -0,0 +1,34 @@
From 751ea8deaf96cabd4f1321735cd86535840a3faf Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Wed, 8 Oct 2014 08:04:52 +0200
Subject: [PATCH] man/systemctl: document enable on masked units
---
man/systemctl.xml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/man/systemctl.xml b/man/systemctl.xml
index b2aa17f22b..61a23de7d7 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -924,6 +924,9 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
the system, or for all future logins of all users, or only this
boot. Note that in the last case, no systemd daemon
configuration is reloaded.</para>
+
+ <para>Using <command>enable</command> on masked units
+ results in an error.</para>
</listitem>
</varlistentry>
@@ -1080,8 +1083,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
<filename>/dev/null</filename>, making it impossible to
start them. This is a stronger version of
<command>disable</command>, since it prohibits all kinds of
- activation of the unit, including manual activation. Use
- this option with care. This honors the
+ activation of the unit, including enablement and manual
+ activation. Use this option with care. This honors the
<option>--runtime</option> option to only mask temporarily
until the next reboot of the system.</para>
</listitem>

210
0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch Normal file
View File

@ -0,0 +1,210 @@
From 4807d2d068ae9fc08b87121fc0a574394f8acc5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 4 Oct 2014 22:57:43 -0400
Subject: [PATCH] sd-event: be more careful when enabling/disabling signals
When a child event is disabled (in order to be freed) and there is no
SIGCHLD signal event, sd_event_source_set_enabled will disable SIGCHLD
even if there are other child events.
Also remove some unneeded signalfd updates.
https://bugs.freedesktop.org/show_bug.cgi?id=84659
Based-on-a-patch-by: Hristo Venev <mustrumr97@gmail.com>
---
src/libsystemd/sd-event/sd-event.c | 86 ++++++++++++++++++++++++++++----------
1 file changed, 63 insertions(+), 23 deletions(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 4c67ee87e1..c5f062b3e0 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -590,6 +590,14 @@ static struct clock_data* event_get_clock_data(sd_event *e, EventSourceType t) {
}
}
+static bool need_signal(sd_event *e, int signal) {
+ return (e->signal_sources && e->signal_sources[signal] &&
+ e->signal_sources[signal]->enabled != SD_EVENT_OFF)
+ ||
+ (signal == SIGCHLD &&
+ e->n_enabled_child_sources > 0);
+}
+
static void source_disconnect(sd_event_source *s) {
sd_event *event;
@@ -626,11 +634,13 @@ static void source_disconnect(sd_event_source *s) {
case SOURCE_SIGNAL:
if (s->signal.sig > 0) {
- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0)
- assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0);
-
if (s->event->signal_sources)
s->event->signal_sources[s->signal.sig] = NULL;
+
+ /* If the signal was on and now it is off... */
+ if (s->enabled != SD_EVENT_OFF && !need_signal(s->event, s->signal.sig)) {
+ assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0);
+ }
}
break;
@@ -640,10 +650,12 @@ static void source_disconnect(sd_event_source *s) {
if (s->enabled != SD_EVENT_OFF) {
assert(s->event->n_enabled_child_sources > 0);
s->event->n_enabled_child_sources--;
- }
- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD])
- assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0);
+ /* We know the signal was on, if it is off now... */
+ if (!need_signal(s->event, SIGCHLD)) {
+ assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0);
+ }
+ }
hashmap_remove(s->event->child_sources, INT_TO_PTR(s->child.pid));
}
@@ -963,6 +975,7 @@ _public_ int sd_event_add_signal(
sd_event_source *s;
sigset_t ss;
int r;
+ bool previous;
assert_return(e, -EINVAL);
assert_return(sig > 0, -EINVAL);
@@ -987,6 +1000,8 @@ _public_ int sd_event_add_signal(
} else if (e->signal_sources[sig])
return -EBUSY;
+ previous = need_signal(e, sig);
+
s = source_new(e, !ret, SOURCE_SIGNAL);
if (!s)
return -ENOMEM;
@@ -997,9 +1012,10 @@ _public_ int sd_event_add_signal(
s->enabled = SD_EVENT_ON;
e->signal_sources[sig] = s;
- assert_se(sigaddset(&e->sigset, sig) == 0);
- if (sig != SIGCHLD || e->n_enabled_child_sources == 0) {
+ if (!previous) {
+ assert_se(sigaddset(&e->sigset, sig) == 0);
+
r = event_update_signal_fd(e);
if (r < 0) {
source_free(s);
@@ -1023,6 +1039,7 @@ _public_ int sd_event_add_child(
sd_event_source *s;
int r;
+ bool previous;
assert_return(e, -EINVAL);
assert_return(pid > 1, -EINVAL);
@@ -1039,6 +1056,8 @@ _public_ int sd_event_add_child(
if (hashmap_contains(e->child_sources, INT_TO_PTR(pid)))
return -EBUSY;
+ previous = need_signal(e, SIGCHLD);
+
s = source_new(e, !ret, SOURCE_CHILD);
if (!s)
return -ENOMEM;
@@ -1057,9 +1076,9 @@ _public_ int sd_event_add_child(
e->n_enabled_child_sources ++;
- assert_se(sigaddset(&e->sigset, SIGCHLD) == 0);
+ if (!previous) {
+ assert_se(sigaddset(&e->sigset, SIGCHLD) == 0);
- if (!e->signal_sources || !e->signal_sources[SIGCHLD]) {
r = event_update_signal_fd(e);
if (r < 0) {
source_free(s);
@@ -1437,23 +1456,32 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
}
case SOURCE_SIGNAL:
+ assert(need_signal(s->event, s->signal.sig));
+
s->enabled = m;
- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0) {
+
+ if (!need_signal(s->event, s->signal.sig)) {
assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0);
- event_update_signal_fd(s->event);
+
+ (void) event_update_signal_fd(s->event);
+ /* If disabling failed, we might get a spurious event,
+ * but otherwise nothing bad should happen. */
}
break;
case SOURCE_CHILD:
+ assert(need_signal(s->event, SIGCHLD));
+
s->enabled = m;
assert(s->event->n_enabled_child_sources > 0);
s->event->n_enabled_child_sources--;
- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD]) {
+ if (!need_signal(s->event, SIGCHLD)) {
assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0);
- event_update_signal_fd(s->event);
+
+ (void) event_update_signal_fd(s->event);
}
break;
@@ -1501,22 +1529,34 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
}
case SOURCE_SIGNAL:
- s->enabled = m;
-
- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0) {
+ /* Check status before enabling. */
+ if (!need_signal(s->event, s->signal.sig)) {
assert_se(sigaddset(&s->event->sigset, s->signal.sig) == 0);
- event_update_signal_fd(s->event);
+
+ r = event_update_signal_fd(s->event);
+ if (r < 0) {
+ s->enabled = SD_EVENT_OFF;
+ return r;
+ }
}
+
+ s->enabled = m;
break;
case SOURCE_CHILD:
+ /* Check status before enabling. */
if (s->enabled == SD_EVENT_OFF) {
- s->event->n_enabled_child_sources++;
-
- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD]) {
- assert_se(sigaddset(&s->event->sigset, SIGCHLD) == 0);
- event_update_signal_fd(s->event);
+ if (!need_signal(s->event, SIGCHLD)) {
+ assert_se(sigaddset(&s->event->sigset, s->signal.sig) == 0);
+
+ r = event_update_signal_fd(s->event);
+ if (r < 0) {
+ s->enabled = SD_EVENT_OFF;
+ return r;
+ }
}
+
+ s->event->n_enabled_child_sources++;
}
s->enabled = m;

109
0548-sd-event-also-update-signal-mask-when-disconnecting-.patch Normal file
View File

@ -0,0 +1,109 @@
From f95387cda829bc053992c398789ce3aa6f42f81e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 4 Oct 2014 23:17:45 -0400
Subject: [PATCH] sd-event: also update signal mask when disconnecting sources
---
src/libsystemd/sd-event/sd-event.c | 68 +++++++++++++++++++++-----------------
1 file changed, 38 insertions(+), 30 deletions(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index c5f062b3e0..80a2ae97e8 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -598,6 +598,36 @@ static bool need_signal(sd_event *e, int signal) {
e->n_enabled_child_sources > 0);
}
+static int event_update_signal_fd(sd_event *e) {
+ struct epoll_event ev = {};
+ bool add_to_epoll;
+ int r;
+
+ assert(e);
+
+ add_to_epoll = e->signal_fd < 0;
+
+ r = signalfd(e->signal_fd, &e->sigset, SFD_NONBLOCK|SFD_CLOEXEC);
+ if (r < 0)
+ return -errno;
+
+ e->signal_fd = r;
+
+ if (!add_to_epoll)
+ return 0;
+
+ ev.events = EPOLLIN;
+ ev.data.ptr = INT_TO_PTR(SOURCE_SIGNAL);
+
+ r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->signal_fd, &ev);
+ if (r < 0) {
+ e->signal_fd = safe_close(e->signal_fd);
+ return -errno;
+ }
+
+ return 0;
+}
+
static void source_disconnect(sd_event_source *s) {
sd_event *event;
@@ -640,6 +670,10 @@ static void source_disconnect(sd_event_source *s) {
/* If the signal was on and now it is off... */
if (s->enabled != SD_EVENT_OFF && !need_signal(s->event, s->signal.sig)) {
assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0);
+
+ (void) event_update_signal_fd(s->event);
+ /* If disabling failed, we might get a spurious event,
+ * but otherwise nothing bad should happen. */
}
}
@@ -654,6 +688,10 @@ static void source_disconnect(sd_event_source *s) {
/* We know the signal was on, if it is off now... */
if (!need_signal(s->event, SIGCHLD)) {
assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0);
+
+ (void) event_update_signal_fd(s->event);
+ /* If disabling failed, we might get a spurious event,
+ * but otherwise nothing bad should happen. */
}
}
@@ -929,36 +967,6 @@ fail:
return r;
}
-static int event_update_signal_fd(sd_event *e) {
- struct epoll_event ev = {};
- bool add_to_epoll;
- int r;
-
- assert(e);
-
- add_to_epoll = e->signal_fd < 0;
-
- r = signalfd(e->signal_fd, &e->sigset, SFD_NONBLOCK|SFD_CLOEXEC);
- if (r < 0)
- return -errno;
-
- e->signal_fd = r;
-
- if (!add_to_epoll)
- return 0;
-
- ev.events = EPOLLIN;
- ev.data.ptr = INT_TO_PTR(SOURCE_SIGNAL);
-
- r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->signal_fd, &ev);
- if (r < 0) {
- e->signal_fd = safe_close(e->signal_fd);
- return -errno;
- }
-
- return 0;
-}
-
static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
assert(s);

24
0549-update-TODO.patch Normal file
View File

@ -0,0 +1,24 @@
From 706d97503df83d141d241b645d2c920d691b3d62 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Oct 2014 01:46:31 +0200
Subject: [PATCH] update TODO
---
TODO | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/TODO b/TODO
index 7d205faa8d..45c08f0942 100644
--- a/TODO
+++ b/TODO
@@ -34,6 +34,10 @@ External:
Features:
+* man: document that corrupted journal files is nothing to act on
+
+* systemctl isolate should use ".target" as completion suffix, not ".service"
+
* bus-proxy: when passing messages from kdbus, make sure we properly
handle the case where a large number of fds is appended that we
cannot pass into sendmsg() of the AF_UNIX sokcet (which only accepts

36
0550-systemctl-suggest-xe-not-xn.patch Normal file
View File

@ -0,0 +1,36 @@
From b923047d73f412be40ba162e0b664cff3c17a480 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 8 Oct 2014 20:22:51 -0400
Subject: [PATCH] systemctl: suggest -xe not -xn
https://bugzilla.redhat.com/show_bug.cgi?id=1150289
---
src/systemctl/systemctl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 12175923e9..cdaefa52b9 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2350,18 +2350,18 @@ static int check_wait_response(WaitData *d) {
else if (streq(d->result, "canceled"))
log_error("Job for %s canceled.", strna(d->name));
else if (streq(d->result, "dependency"))
- log_error("A dependency job for %s failed. See 'journalctl -xn' for details.", strna(d->name));
+ log_error("A dependency job for %s failed. See 'journalctl -xe' for details.", strna(d->name));
else if (!streq(d->result, "done") && !streq(d->result, "skipped")) {
if (d->name) {
bool quotes;
quotes = chars_intersect(d->name, SHELL_NEED_QUOTES);
- log_error("Job for %s failed. See \"systemctl status %s%s%s\" and \"journalctl -xn\" for details.",
+ log_error("Job for %s failed. See \"systemctl status %s%s%s\" and \"journalctl -xe\" for details.",
d->name,
quotes ? "'" : "", d->name, quotes ? "'" : "");
} else
- log_error("Job failed. See \"journalctl -xn\" for details.");
+ log_error("Job failed. See \"journalctl -xe\" for details.");
}
}

27
0551-sd-bus-check-return-value-of-asprintf.patch Normal file
View File

@ -0,0 +1,27 @@
From b1543c4c93855b61b40118e9f14a0423dac2e078 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Thu, 9 Oct 2014 11:26:09 +0200
Subject: [PATCH] sd-bus: check return value of asprintf()
Check for OOM conditions of asprintf() in bus_set_address_user().
---
src/libsystemd/sd-bus/sd-bus.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index bc4376fb51..549f9e0943 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -1163,7 +1163,11 @@ int bus_set_address_user(sd_bus *b) {
#endif
} else {
#ifdef ENABLE_KDBUS
- asprintf(&b->address, KERNEL_USER_BUS_FMT, getuid());
+ int r;
+
+ r = asprintf(&b->address, KERNEL_USER_BUS_FMT, getuid());
+ if (r < 0)
+ return -ENOMEM;
#else
return -ECONNREFUSED;
#endif

40
0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch Normal file
View File

@ -0,0 +1,40 @@
From 2134b5ef6b5c944036d051381f4bd7b7e61ef373 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Oct 2014 11:36:34 +0200
Subject: [PATCH] man: SyslogIdentifier= has an effect on journal logging too
---
man/systemd.exec.xml | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 939983fb7e..e9af4abd6d 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -572,15 +572,19 @@
<varlistentry>
<term><varname>SyslogIdentifier=</varname></term>
<listitem><para>Sets the process name
- to prefix log lines sent to syslog or
- the kernel log buffer with. If not set,
- defaults to the process name of the
- executed process. This option is only
- useful when
+ to prefix log lines sent to the
+ logging system or the kernel log
+ buffer with. If not set, defaults to
+ the process name of the executed
+ process. This option is only useful
+ when
<varname>StandardOutput=</varname> or
<varname>StandardError=</varname> are
- set to <option>syslog</option> or
- <option>kmsg</option>.</para></listitem>
+ set to <option>syslog</option>,
+ <option>journal</option> or
+ <option>kmsg</option> (or to the same
+ settings in combination with
+ <option>+console</option>).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>SyslogFacility=</varname></term>

50
0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch Normal file
View File

@ -0,0 +1,50 @@
From 374738d55b2bc4ab07c22f9a0be95a76de1c9478 Mon Sep 17 00:00:00 2001
From: Lukasz Skalski <l.skalski@samsung.com>
Date: Thu, 9 Oct 2014 11:02:47 +0200
Subject: [PATCH] logind: mount per-user tmpfs with 'smackfsroot=*' for smack
enabled systems
---
src/login/logind-user.c | 8 +++++++-
units/systemd-logind.service.in | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index d48eca47f0..3847496c15 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -37,6 +37,7 @@
#include "conf-parser.h"
#include "clean-ipc.h"
#include "logind-user.h"
+#include "smack-util.h"
User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) {
User *u;
@@ -325,7 +326,12 @@ static int user_mkdir_runtime_path(User *u) {
mkdir(p, 0700);
- if (asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size) < 0) {
+ if (use_smack())
+ r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
+ else
+ r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
+
+ if (r < 0) {
r = log_oom();
goto fail;
}
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index c6cbd1c8df..f087e99ce2 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
Restart=always
RestartSec=0
BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous

185
0554-bus-policy-move-name-list-iteration-to-policy-users.patch Normal file
View File

@ -0,0 +1,185 @@
From d46fbfb48deff83943355992e55f9ef4431ff5ef Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Thu, 9 Oct 2014 13:26:53 +0200
Subject: [PATCH] bus-policy: move name list iteration to policy users
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.
Test cases amended accordingly.
---
src/bus-proxyd/bus-policy.c | 29 ++++++++++-------------------
src/bus-proxyd/bus-policy.h | 4 ++--
src/bus-proxyd/test-bus-policy.c | 21 +++++++--------------
3 files changed, 19 insertions(+), 35 deletions(-)
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index aea8541d50..625f5ddaee 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -602,14 +602,10 @@ struct policy_check_filter {
int class;
const struct ucred *ucred;
int message_type;
+ const char *name;
const char *interface;
const char *path;
- union {
- const char *name;
- const char *member;
- };
- char **names_strv;
- Hashmap *names_hash;
+ const char *member;
};
static int is_permissive(PolicyItem *i) {
@@ -628,13 +624,8 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
case POLICY_ITEM_SEND:
case POLICY_ITEM_RECV:
- if (i->name) {
- if (filter->names_hash && !hashmap_contains(filter->names_hash, i->name))
- break;
-
- if (filter->names_strv && !strv_contains(filter->names_strv, i->name))
- break;
- }
+ if (i->name && !streq_ptr(i->name, filter->name))
+ break;
if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
break;
@@ -651,14 +642,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
return is_permissive(i);
case POLICY_ITEM_OWN:
- assert(filter->member);
+ assert(filter->name);
if (streq(i->name, "*") || streq(i->name, filter->name))
return is_permissive(i);
break;
case POLICY_ITEM_OWN_PREFIX:
- assert(filter->member);
+ assert(filter->name);
if (streq(i->name, "*") || startswith(i->name, filter->name))
return is_permissive(i);
@@ -780,8 +771,8 @@ bool policy_check_hello(Policy *p, const struct ucred *ucred) {
bool policy_check_recv(Policy *p,
const struct ucred *ucred,
- Hashmap *names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member) {
@@ -789,8 +780,8 @@ bool policy_check_recv(Policy *p,
struct policy_check_filter filter = {
.class = POLICY_ITEM_RECV,
.ucred = ucred,
- .names_hash = names,
.message_type = message_type,
+ .name = name,
.interface = interface,
.path = path,
.member = member,
@@ -801,8 +792,8 @@ bool policy_check_recv(Policy *p,
bool policy_check_send(Policy *p,
const struct ucred *ucred,
- char **names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member) {
@@ -810,8 +801,8 @@ bool policy_check_send(Policy *p,
struct policy_check_filter filter = {
.class = POLICY_ITEM_SEND,
.ucred = ucred,
- .names_strv = names,
.message_type = message_type,
+ .name = name,
.interface = interface,
.path = path,
.member = member,
diff --git a/src/bus-proxyd/bus-policy.h b/src/bus-proxyd/bus-policy.h
index 5b4d9d0c10..64fe1ffac5 100644
--- a/src/bus-proxyd/bus-policy.h
+++ b/src/bus-proxyd/bus-policy.h
@@ -80,15 +80,15 @@ bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name);
bool policy_check_hello(Policy *p, const struct ucred *ucred);
bool policy_check_recv(Policy *p,
const struct ucred *ucred,
- Hashmap *names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member);
bool policy_check_send(Policy *p,
const struct ucred *ucred,
- char **names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member);
diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
index 5267788b70..c9a027e877 100644
--- a/src/bus-proxyd/test-bus-policy.c
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -63,8 +63,6 @@ int main(int argc, char *argv[]) {
Policy p = {};
struct ucred ucred = {};
- char **names_strv;
- Hashmap *names_hash;
/* Ownership tests */
assert_se(test_policy_load(&p, "ownerships.conf") == 0);
@@ -93,32 +91,27 @@ int main(int argc, char *argv[]) {
/* Signaltest */
assert_se(test_policy_load(&p, "signals.conf") == 0);
- names_strv = STRV_MAKE("bli.bla.blubb");
ucred.uid = 0;
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_SIGNAL, NULL, "/an/object/path", NULL) == true);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == true);
ucred.uid = 1;
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_SIGNAL, NULL, "/an/object/path", NULL) == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == false);
policy_free(&p);
/* Method calls */
assert_se(test_policy_load(&p, "methods.conf") == 0);
- names_strv = STRV_MAKE("org.test.test1");
policy_dump(&p);
ucred.uid = 0;
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "bli.bla.blubb", "Member") == false);
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "bli.bla.blubb", "Member") == false);
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int1", "Member") == true);
- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int2", "Member") == true);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == true);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == true);
- names_hash = hashmap_new(&string_hash_ops);
- assert(names_hash != NULL);
- assert_se(hashmap_put(names_hash, "org.test.test3", NULL) >= 0);
- assert_se(policy_check_recv(&p, &ucred, names_hash, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int3", "Member111") == true);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test3", "/an/object/path", "org.test.int3", "Member111") == true);
policy_free(&p);

122
0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch Normal file
View File

@ -0,0 +1,122 @@
From ee3a5027f7c56df2ef47a774970433d7045c9e9f Mon Sep 17 00:00:00 2001
From: Patrik Flykt <patrik.flykt@linux.intel.com>
Date: Wed, 8 Oct 2014 11:00:07 +0300
Subject: [PATCH] sd-dhcp6-lease: Name the structure containing IAADDR data
With this change the DHCP6_OPTION_IAADDR_LEN define can be removed in
favor of using sizeof(). Using the name of the struct and sizeof()
makes it clearer how much and what data is being copied from the
DHCPv6 message.
---
src/libsystemd-network/dhcp6-internal.h | 2 +-
src/libsystemd-network/dhcp6-option.c | 21 ++++++++++-----------
src/libsystemd-network/sd-dhcp6-lease.c | 10 ++++++----
3 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h
index 94e3a5d408..6cc0aa8a8d 100644
--- a/src/libsystemd-network/dhcp6-internal.h
+++ b/src/libsystemd-network/dhcp6-internal.h
@@ -38,7 +38,7 @@ struct DHCP6Address {
struct in6_addr address;
be32_t lifetime_preferred;
be32_t lifetime_valid;
- } _packed_;
+ } iaaddr _packed_;
};
struct DHCP6IA {
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index e9b382c170..e6a31778f4 100644
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -32,7 +32,6 @@
#define DHCP6_OPTION_HDR_LEN 4
#define DHCP6_OPTION_IA_NA_LEN 12
#define DHCP6_OPTION_IA_TA_LEN 4
-#define DHCP6_OPTION_IAADDR_LEN 24
static int option_append_hdr(uint8_t **buf, size_t *buflen, uint16_t optcode,
size_t optlen) {
@@ -111,16 +110,16 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
LIST_FOREACH(addresses, addr, ia->addresses) {
r = option_append_hdr(buf, buflen, DHCP6_OPTION_IAADDR,
- DHCP6_OPTION_IAADDR_LEN);
+ sizeof(addr->iaaddr));
if (r < 0)
return r;
- memcpy(*buf, &addr->address, DHCP6_OPTION_IAADDR_LEN);
+ memcpy(*buf, &addr->iaaddr, sizeof(addr->iaaddr));
- *buf += DHCP6_OPTION_IAADDR_LEN;
- *buflen -= DHCP6_OPTION_IAADDR_LEN;
+ *buf += sizeof(addr->iaaddr);
+ *buflen -= sizeof(addr->iaaddr);
- ia_addrlen += DHCP6_OPTION_HDR_LEN + DHCP6_OPTION_IAADDR_LEN;
+ ia_addrlen += DHCP6_OPTION_HDR_LEN + sizeof(addr->iaaddr);
}
r = option_append_hdr(&ia_hdr, &ia_buflen, ia->type, len + ia_addrlen);
@@ -192,7 +191,7 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype,
case DHCP6_OPTION_IA_NA:
if (*buflen < DHCP6_OPTION_IA_NA_LEN + DHCP6_OPTION_HDR_LEN +
- DHCP6_OPTION_IAADDR_LEN) {
+ sizeof(addr->iaaddr)) {
r = -ENOBUFS;
goto error;
}
@@ -214,7 +213,7 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype,
case DHCP6_OPTION_IA_TA:
if (*buflen < DHCP6_OPTION_IA_TA_LEN + DHCP6_OPTION_HDR_LEN +
- DHCP6_OPTION_IAADDR_LEN) {
+ sizeof(addr->iaaddr)) {
r = -ENOBUFS;
goto error;
}
@@ -250,10 +249,10 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype,
LIST_INIT(addresses, addr);
- memcpy(&addr->address, *buf, DHCP6_OPTION_IAADDR_LEN);
+ memcpy(&addr->iaaddr, *buf, sizeof(addr->iaaddr));
- lt_valid = be32toh(addr->lifetime_valid);
- lt_pref = be32toh(addr->lifetime_valid);
+ lt_valid = be32toh(addr->iaaddr.lifetime_valid);
+ lt_pref = be32toh(addr->iaaddr.lifetime_valid);
if (!lt_valid || lt_pref > lt_valid) {
log_dhcp6_client(client, "IA preferred %ds > valid %ds",
diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
index b9d0503642..e2715ea659 100644
--- a/src/libsystemd-network/sd-dhcp6-lease.c
+++ b/src/libsystemd-network/sd-dhcp6-lease.c
@@ -41,7 +41,7 @@ int dhcp6_lease_ia_rebind_expire(const DHCP6IA *ia, uint32_t *expire) {
assert_return(expire, -EINVAL);
LIST_FOREACH(addresses, addr, ia->addresses) {
- t = be32toh(addr->lifetime_valid);
+ t = be32toh(addr->iaaddr.lifetime_valid);
if (valid < t)
valid = t;
}
@@ -156,9 +156,11 @@ int sd_dhcp6_lease_get_next_address(sd_dhcp6_lease *lease,
if (!lease->addr_iter)
return -ENOMSG;
- memcpy(addr, &lease->addr_iter->address, sizeof(struct in6_addr));
- *lifetime_preferred = be32toh(lease->addr_iter->lifetime_preferred);
- *lifetime_valid = be32toh(lease->addr_iter->lifetime_valid);
+ memcpy(addr, &lease->addr_iter->iaaddr.address,
+ sizeof(struct in6_addr));
+ *lifetime_preferred =
+ be32toh(lease->addr_iter->iaaddr.lifetime_preferred);
+ *lifetime_valid = be32toh(lease->addr_iter->iaaddr.lifetime_valid);
lease->addr_iter = lease->addr_iter->addresses_next;

24
0556-socket-proxyd-Unchecked-return-value-from-library.patch Normal file
View File

@ -0,0 +1,24 @@
From 25dbe4f50f93fb6398844ba67ea197f76adc237a Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Thu, 9 Oct 2014 19:01:11 +0530
Subject: [PATCH] socket-proxyd: Unchecked return value from library
CID 1237543 (#1 of 1): Unchecked return value from library
(CHECKED_RETURN)
---
src/socket-proxy/socket-proxyd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c
index ff2b24f452..3041903757 100644
--- a/src/socket-proxy/socket-proxyd.c
+++ b/src/socket-proxy/socket-proxyd.c
@@ -125,7 +125,7 @@ static int connection_create_pipes(Connection *c, int buffer[2], size_t *sz) {
return -errno;
}
- fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);
+ (void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE);
r = fcntl(buffer[0], F_GETPIPE_SZ);
if (r < 0) {

28
0557-bus-proxy-allow-getpeersec-to-fail.patch Normal file
View File

@ -0,0 +1,28 @@
From 7ff3bb4e47fe287997ba24a3b3ae719bd9043d74 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Thu, 9 Oct 2014 15:40:17 +0200
Subject: [PATCH] bus-proxy: allow getpeersec() to fail
getpeersec() will fail for non-SELinux enabled machines, so don't make that
a hard error.
---
src/bus-proxyd/bus-proxyd.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index ce571fa753..4f44825679 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -1152,11 +1152,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- r = getpeersec(in_fd, &peersec);
- if (r < 0) {
- log_error("Failed to get security creds: %s", strerror(-r));
- goto finish;
- }
+ (void) getpeersec(in_fd, &peersec);
}
if (arg_drop_privileges) {

22
0558-update-TODO.patch Normal file
View File

@ -0,0 +1,22 @@
From 384a4be2b00cb95ce215dd343cc9aa77adc9b1ec Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Oct 2014 16:51:31 +0200
Subject: [PATCH] update TODO
---
TODO | 2 ++
1 file changed, 2 insertions(+)
diff --git a/TODO b/TODO
index 45c08f0942..dc20954582 100644
--- a/TODO
+++ b/TODO
@@ -34,6 +34,8 @@ External:
Features:
+* maybe support a new very "soft" reboot mode, that simply kills all processes, disassembles everything, flushes /run and sysvipc, and then reexecs systemd again
+
* man: document that corrupted journal files is nothing to act on
* systemctl isolate should use ".target" as completion suffix, not ".service"

31
0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch Normal file
View File

@ -0,0 +1,31 @@
From 6041a7ee2c1bbff6301082f192fc1b0882400d42 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Thu, 9 Oct 2014 17:27:57 +0200
Subject: [PATCH] service: enter SERVICE_STOP_SIGTERM state after getting
"STOPPING=1"
SERVICE_STOP would mean we're running the ExecStop command. That's not
the case with "STOPPING=1".
Instead we should enter the same state as if we just told the service
to stop, i.e. SERVICE_STOP_SIGTERM.
This fixes a bug where voluntarily exiting services would hang around in
deactivating state until timeout.
---
src/core/service.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 395e0ca8c6..f551061366 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1227,7 +1227,8 @@ static void service_enter_stop_by_notify(Service *s) {
if (s->timeout_stop_usec > 0)
service_arm_timer(s, s->timeout_stop_usec);
- service_set_state(s, SERVICE_STOP);
+ /* The service told us it's stopping, so it's as if we SIGTERM'd it. */
+ service_set_state(s, SERVICE_STOP_SIGTERM);
}
static void service_enter_stop(Service *s, ServiceResult f) {

49
0560-man-document-the-new-rescue-kernel-command-line-opti.patch Normal file
View File

@ -0,0 +1,49 @@
From f280bcfb21aacce03abf17b3ad732c1351df42b9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Oct 2014 18:26:47 +0200
Subject: [PATCH] man: document the new "rescue" kernel command line option
---
man/kernel-command-line.xml | 1 +
man/systemd.xml | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml
index 3263b77cea..2552c79c11 100644
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@@ -154,6 +154,7 @@
<varlistentry>
<term><varname>-b</varname></term>
<term><varname>emergency</varname></term>
+ <term><varname>rescue</varname></term>
<term><varname>single</varname></term>
<term><varname>s</varname></term>
<term><varname>S</varname></term>
diff --git a/man/systemd.xml b/man/systemd.xml
index 0d017575b6..bf7a7a6f67 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -1125,17 +1125,19 @@
</varlistentry>
<varlistentry>
- <term><varname>-b</varname></term>
<term><varname>emergency</varname></term>
+ <term><varname>-b</varname></term>
<listitem><para>Boot into emergency
mode. This is equivalent to
<varname>systemd.unit=emergency.target</varname>
- and provided for compatibility
- reasons and to be easier to type.</para></listitem>
+ and provided for compatibility reasons
+ and to be easier to
+ type.</para></listitem>
</varlistentry>
<varlistentry>
+ <term><varname>rescue</varname></term>
<term><varname>single</varname></term>
<term><varname>s</varname></term>
<term><varname>S</varname></term>

98
0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch Normal file
View File

@ -0,0 +1,98 @@
From 360af4cf6f18469df97c11af4cd5696e0ca8b3ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 22:44:29 -0400
Subject: [PATCH] sd-journal: do not reset sd_j_enumerate_unique position on
error
systemctl would call sd_j_enumerate_unique() interleaved with
sd_j_next(). But the latter can remove a file if it detects an
error in it. In those circumstances sd_j_enumerate_unique would
restart with the first file in hashmap. With many corrupted files
sd_j_enumerate_unique might iterate over the list multiple times.
Avoid this by jumping to the next file in unique list if possible,
or setting a flag that tells sd_j_enumerate_unique that it is done
otherwise.
---
src/journal/journal-internal.h | 4 ++++
src/journal/sd-journal.c | 18 ++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h
index 2f1f7fc771..e591fb61f8 100644
--- a/src/journal/journal-internal.h
+++ b/src/journal/journal-internal.h
@@ -124,6 +124,10 @@ struct sd_journal {
bool on_network;
bool no_new_files;
+ bool unique_file_lost; /* File we were iterating over got
+ removed, and there were no more
+ files, so sd_j_enumerate_unique
+ will return a value equal to 0. */
size_t data_threshold;
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 1fc9f01d0a..b72a0867e7 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -1375,8 +1375,11 @@ static void remove_file_real(sd_journal *j, JournalFile *f) {
}
if (j->unique_file == f) {
- j->unique_file = NULL;
+ /* Jump to the next unique_file or NULL if that one was last */
+ j->unique_file = hashmap_next(j->files, j->unique_file->path);
j->unique_offset = 0;
+ if (!j->unique_file)
+ j->unique_file_lost = true;
}
journal_file_close(f);
@@ -2490,6 +2493,7 @@ _public_ int sd_journal_query_unique(sd_journal *j, const char *field) {
j->unique_field = f;
j->unique_file = NULL;
j->unique_offset = 0;
+ j->unique_file_lost = false;
return 0;
}
@@ -2506,9 +2510,13 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
k = strlen(j->unique_field);
if (!j->unique_file) {
+ if (j->unique_file_lost)
+ return 0;
+
j->unique_file = hashmap_first(j->files);
if (!j->unique_file)
return 0;
+
j->unique_offset = 0;
}
@@ -2538,13 +2546,10 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
/* We reached the end of the list? Then start again, with the next file */
if (j->unique_offset == 0) {
- JournalFile *n;
-
- n = hashmap_next(j->files, j->unique_file->path);
- if (!n)
+ j->unique_file = hashmap_next(j->files, j->unique_file->path);
+ if (!j->unique_file)
return 0;
- j->unique_file = n;
continue;
}
@@ -2632,6 +2637,7 @@ _public_ void sd_journal_restart_unique(sd_journal *j) {
j->unique_file = NULL;
j->unique_offset = 0;
+ j->unique_file_lost = false;
}
_public_ int sd_journal_reliable_fd(sd_journal *j) {

25
0562-sd-journal-change-check-to-assert.patch Normal file
View File

@ -0,0 +1,25 @@
From 853bd5cc72a0d4cbdd07cc3cabc65bef333a0c71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 22:51:35 -0400
Subject: [PATCH] sd-journal: change check to assert
As of 0f99f74a14 'sd-journal: verify that object start with the field
name' this condition should never happen.
---
src/journal/journalctl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index feb53bd203..7f4bc3229c 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -838,8 +838,7 @@ static int list_boots(sd_journal *j) {
return r;
SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
- if (length < strlen("_BOOT_ID="))
- continue;
+ assert(startswith(data, "_BOOT_ID="));
if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
return log_oom();

296
0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch Normal file
View File

@ -0,0 +1,296 @@
From 06cc69d44c8ff2b652527357f28acd4cbe77c814 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Sat, 6 Sep 2014 10:36:34 +0200
Subject: [PATCH] sd-journal: fix sd_journal_enumerate_unique skipping values
sd_journal_enumerate_unique will lock its mmap window to prevent it
from being released by calling mmap_cache_get with keep_always=true.
This call may return windows that are wider, but compatible with the
parameters provided to it.
This can result in a mismatch where the window to be released cannot
properly be selected, because we have more than one window matching the
parameters of mmap_cache_release. Therefore, introduce a release_cookie
to be used when releasing the window.
https://bugs.freedesktop.org/show_bug.cgi?id=79380
---
src/journal/journal-file.c | 2 +-
src/journal/journal-file.h | 11 ++++-------
src/journal/journal-verify.c | 2 +-
src/journal/mmap-cache.c | 32 +++++++++++++++++++-------------
src/journal/mmap-cache.h | 8 +++-----
src/journal/sd-journal.c | 11 ++++++-----
src/journal/test-mmap-cache.c | 10 +++++-----
7 files changed, 39 insertions(+), 37 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index f25cda6ddc..038b437e1f 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -391,7 +391,7 @@ static int journal_file_move_to(JournalFile *f, int context, bool keep_always, u
return -EADDRNOTAVAIL;
}
- return mmap_cache_get(f->mmap, f->fd, f->prot, context, keep_always, offset, size, &f->last_stat, ret);
+ return mmap_cache_get(f->mmap, f->fd, f->prot, context, keep_always, offset, size, &f->last_stat, ret, NULL);
}
static uint64_t minimum_header_size(Object *o) {
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index 6b4bf0d5ae..fa5b943e46 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -212,17 +212,14 @@ static unsigned type_to_context(int type) {
return type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
}
-static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) {
+static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset, void **release_cookie) {
unsigned context = type_to_context(o->object.type);
uint64_t s = le64toh(o->object.size);
return mmap_cache_get(f->mmap, f->fd, f->prot, context, true,
- offset, s, &f->last_stat, NULL);
+ offset, s, &f->last_stat, NULL, release_cookie);
}
-static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) {
- unsigned context = type_to_context(o->object.type);
- uint64_t s = le64toh(o->object.size);
-
- return mmap_cache_release(f->mmap, f->fd, f->prot, context, offset, s);
+static inline int journal_file_object_release(JournalFile *f, void *release_cookie) {
+ return mmap_cache_release(f->mmap, f->fd, release_cookie);
}
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index b4e8f73c41..f74adcbc89 100644
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -368,7 +368,7 @@ static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) {
c = (a + b) / 2;
- r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z);
+ r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z, NULL);
if (r < 0)
return r;
diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
index 2d268fc332..b7db6f1da5 100644
--- a/src/journal/mmap-cache.c
+++ b/src/journal/mmap-cache.c
@@ -352,7 +352,8 @@ static int try_context(
bool keep_always,
uint64_t offset,
size_t size,
- void **ret) {
+ void **ret,
+ void **release_cookie) {
Context *c;
@@ -381,6 +382,8 @@ static int try_context(
if (ret)
*ret = (uint8_t*) c->window->ptr + (offset - c->window->offset);
+ if (keep_always && release_cookie)
+ *release_cookie = c->window;
return 1;
}
@@ -392,7 +395,8 @@ static int find_mmap(
bool keep_always,
uint64_t offset,
size_t size,
- void **ret) {
+ void **ret,
+ void **release_cookie) {
FileDescriptor *f;
Window *w;
@@ -425,6 +429,8 @@ static int find_mmap(
if (ret)
*ret = (uint8_t*) w->ptr + (offset - w->offset);
+ if (keep_always && release_cookie)
+ *release_cookie = c->window;
return 1;
}
@@ -437,7 +443,8 @@ static int add_mmap(
uint64_t offset,
size_t size,
struct stat *st,
- void **ret) {
+ void **ret,
+ void **release_cookie) {
uint64_t woffset, wsize;
Context *c;
@@ -521,6 +528,8 @@ static int add_mmap(
if (ret)
*ret = (uint8_t*) w->ptr + (offset - w->offset);
+ if (keep_always && release_cookie)
+ *release_cookie = c->window;
return 1;
outofmem:
@@ -537,7 +546,8 @@ int mmap_cache_get(
uint64_t offset,
size_t size,
struct stat *st,
- void **ret) {
+ void **ret,
+ void **release_cookie) {
int r;
@@ -547,14 +557,14 @@ int mmap_cache_get(
assert(size > 0);
/* Check whether the current context is the right one already */
- r = try_context(m, fd, prot, context, keep_always, offset, size, ret);
+ r = try_context(m, fd, prot, context, keep_always, offset, size, ret, release_cookie);
if (r != 0) {
m->n_hit ++;
return r;
}
/* Search for a matching mmap */
- r = find_mmap(m, fd, prot, context, keep_always, offset, size, ret);
+ r = find_mmap(m, fd, prot, context, keep_always, offset, size, ret, release_cookie);
if (r != 0) {
m->n_hit ++;
return r;
@@ -563,16 +573,13 @@ int mmap_cache_get(
m->n_missed++;
/* Create a new mmap */
- return add_mmap(m, fd, prot, context, keep_always, offset, size, st, ret);
+ return add_mmap(m, fd, prot, context, keep_always, offset, size, st, ret, release_cookie);
}
int mmap_cache_release(
MMapCache *m,
int fd,
- int prot,
- unsigned context,
- uint64_t offset,
- size_t size) {
+ void *release_cookie) {
FileDescriptor *f;
Window *w;
@@ -580,7 +587,6 @@ int mmap_cache_release(
assert(m);
assert(m->n_ref > 0);
assert(fd >= 0);
- assert(size > 0);
f = hashmap_get(m->fds, INT_TO_PTR(fd + 1));
if (!f)
@@ -589,7 +595,7 @@ int mmap_cache_release(
assert(f->fd == fd);
LIST_FOREACH(by_fd, w, f->windows)
- if (window_matches(w, fd, prot, offset, size))
+ if (w == release_cookie)
break;
if (!w)
diff --git a/src/journal/mmap-cache.h b/src/journal/mmap-cache.h
index 647555a73e..76e5316248 100644
--- a/src/journal/mmap-cache.h
+++ b/src/journal/mmap-cache.h
@@ -40,14 +40,12 @@ int mmap_cache_get(
uint64_t offset,
size_t size,
struct stat *st,
- void **ret);
+ void **ret,
+ void **release_cookie);
int mmap_cache_release(
MMapCache *m,
int fd,
- int prot,
- unsigned context,
- uint64_t offset,
- size_t size);
+ void *release_cookie);
void mmap_cache_close_fd(MMapCache *m, int fd);
void mmap_cache_close_context(MMapCache *m, unsigned context);
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index b72a0867e7..479444c8df 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -2528,6 +2528,7 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
size_t ol;
bool found;
int r;
+ void *release_cookie;
/* Proceed to next data object in the field's linked list */
if (j->unique_offset == 0) {
@@ -2568,7 +2569,7 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
return -EBADMSG;
}
- r = journal_file_object_keep(j->unique_file, o, j->unique_offset);
+ r = journal_file_object_keep(j->unique_file, o, j->unique_offset, &release_cookie);
if (r < 0)
return r;
@@ -2616,13 +2617,13 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
found = true;
}
- if (found)
- continue;
-
- r = journal_file_object_release(j->unique_file, o, j->unique_offset);
+ r = journal_file_object_release(j->unique_file, release_cookie);
if (r < 0)
return r;
+ if (found)
+ continue;
+
r = return_data(j, j->unique_file, o, data, l);
if (r < 0)
return r;
diff --git a/src/journal/test-mmap-cache.c b/src/journal/test-mmap-cache.c
index b7bb260fcf..778e884c3f 100644
--- a/src/journal/test-mmap-cache.c
+++ b/src/journal/test-mmap-cache.c
@@ -49,23 +49,23 @@ int main(int argc, char *argv[]) {
assert(z >= 0);
unlink(pz);
- r = mmap_cache_get(m, x, PROT_READ, 0, false, 1, 2, NULL, &p);
+ r = mmap_cache_get(m, x, PROT_READ, 0, false, 1, 2, NULL, &p, NULL);
assert(r >= 0);
- r = mmap_cache_get(m, x, PROT_READ, 0, false, 2, 2, NULL, &q);
+ r = mmap_cache_get(m, x, PROT_READ, 0, false, 2, 2, NULL, &q, NULL);
assert(r >= 0);
assert((uint8_t*) p + 1 == (uint8_t*) q);
- r = mmap_cache_get(m, x, PROT_READ, 1, false, 3, 2, NULL, &q);
+ r = mmap_cache_get(m, x, PROT_READ, 1, false, 3, 2, NULL, &q, NULL);
assert(r >= 0);
assert((uint8_t*) p + 2 == (uint8_t*) q);
- r = mmap_cache_get(m, x, PROT_READ, 0, false, 16ULL*1024ULL*1024ULL, 2, NULL, &p);
+ r = mmap_cache_get(m, x, PROT_READ, 0, false, 16ULL*1024ULL*1024ULL, 2, NULL, &p, NULL);
assert(r >= 0);
- r = mmap_cache_get(m, x, PROT_READ, 1, false, 16ULL*1024ULL*1024ULL+1, 2, NULL, &q);
+ r = mmap_cache_get(m, x, PROT_READ, 1, false, 16ULL*1024ULL*1024ULL+1, 2, NULL, &q, NULL);
assert(r >= 0);
assert((uint8_t*) p + 1 == (uint8_t*) q);

22
0564-journalctl-use-pager-for-list-boots.patch Normal file
View File

@ -0,0 +1,22 @@
From cab9b000f28a940e92d1d4241d967cad94c650e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 19:52:31 -0400
Subject: [PATCH] journalctl: use pager for --list-boots
---
src/journal/journalctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 7f4bc3229c..328e40b416 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -837,6 +837,8 @@ static int list_boots(sd_journal *j) {
if (r < 0)
return r;
+ pager_open_if_enabled();
+
SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
assert(startswith(data, "_BOOT_ID="));

66
0565-systemctl-remove-casts-in-formatting.patch Normal file
View File

@ -0,0 +1,66 @@
From 8c06592fa10c08d94f0841548516e72d08366e85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 22:57:56 -0400
Subject: [PATCH] systemctl: remove casts in formatting
---
src/systemctl/systemctl.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index cdaefa52b9..8d6d162d15 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -2186,7 +2186,7 @@ static int cancel_job(sd_bus *bus, char **args) {
NULL,
"u", id);
if (r < 0) {
- log_error("Failed to cancel job %u: %s", (unsigned) id, bus_error_message(&error, r));
+ log_error("Failed to cancel job %"PRIu32": %s", id, bus_error_message(&error, r));
return r;
}
}
@@ -3409,7 +3409,7 @@ static void print_status_info(
if (i->main_pid > 0 || i->control_pid > 0) {
if (i->main_pid > 0) {
- printf(" Main PID: %u", (unsigned) i->main_pid);
+ printf(" Main PID: "PID_FMT, i->main_pid);
if (i->running) {
_cleanup_free_ char *comm = NULL;
@@ -3440,7 +3440,7 @@ static void print_status_info(
if (i->control_pid > 0) {
_cleanup_free_ char *c = NULL;
- printf(" %8s: %u", i->main_pid ? "" : " Control", (unsigned) i->control_pid);
+ printf(" %8s: "PID_FMT, i->main_pid ? "" : " Control", i->control_pid);
get_process_comm(i->control_pid, &c);
if (c)
@@ -3828,7 +3828,7 @@ static int print_property(const char *name, sd_bus_message *m, const char *conte
return bus_log_parse_error(r);
if (u > 0)
- printf("%s=%u\n", name, (unsigned) u);
+ printf("%s=%"PRIu32"\n", name, u);
else if (arg_all)
printf("%s=\n", name);
@@ -3999,14 +3999,14 @@ static int print_property(const char *name, sd_bus_message *m, const char *conte
tt = strv_join(info.argv, " ");
- printf("%s={ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid=%u ; code=%s ; status=%i%s%s }\n",
+ printf("%s={ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid="PID_FMT" ; code=%s ; status=%i%s%s }\n",
name,
strna(info.path),
strna(tt),
yes_no(info.ignore),
strna(format_timestamp(timestamp1, sizeof(timestamp1), info.start_timestamp)),
strna(format_timestamp(timestamp2, sizeof(timestamp2), info.exit_timestamp)),
- (unsigned) info. pid,
+ info.pid,
sigchld_code_to_string(info.code),
info.status,
info.code == CLD_EXITED ? "" : "/",

30
0566-man-clarify-what-microsoft-and-oracle-stand-for.patch Normal file
View File

@ -0,0 +1,30 @@
From b3a2a7ceb7b0db3003c205bc49853fd62df155dc Mon Sep 17 00:00:00 2001
From: Rahul Sundaram <metherid@gmail.com>
Date: Thu, 9 Oct 2014 22:14:36 -0400
Subject: [PATCH] man: clarify what "microsoft" and "oracle" stand for
https://bugzilla.redhat.com/show_bug.cgi?id=1150477
---
man/systemd-detect-virt.xml | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 1e8230c555..d3969e1f82 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -68,10 +68,11 @@
virtualization technology. The following technologies
are currently identified: <varname>qemu</varname>,
<varname>kvm</varname>, <varname>vmware</varname>,
- <varname>microsoft</varname>,
- <varname>oracle</varname>, <varname>xen</varname>,
- <varname>bochs</varname>, <varname>chroot</varname>,
- <varname>uml</varname>,
+ <varname>microsoft</varname> (Hyper-V, also known as
+ Viridian or Windows Server Virtualization),
+ <varname>oracle</varname> (VirtualBox),
+ <varname>xen</varname>, <varname>bochs</varname>,
+ <varname>chroot</varname>, <varname>uml</varname>,
<varname>openvz</varname>, <varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
<varname>systemd-nspawn</varname>,

33
0567-Update-TODO.patch Normal file
View File

@ -0,0 +1,33 @@
From afea8d3853d0f76b3845729ff00e75d281f43a1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 20:01:02 -0400
Subject: [PATCH] Update TODO
---
TODO | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/TODO b/TODO
index dc20954582..69ed60eaff 100644
--- a/TODO
+++ b/TODO
@@ -11,6 +11,7 @@ Bugfixes:
* properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point.
After killing 'systemd --user', systemctl restart user@... fails.
+/run/user/1000/systemd/notify has to be removed manually.
ExecStart with unicode characters fails in strv_split_quoted:
@@ -18,6 +19,11 @@ ExecStart with unicode characters fails in strv_split_quoted:
Environment=ONE='one' "TWO='two two' too" THREE=
ExecStart=/bin/python3 -c 'import sys;print(sys.argv)' $ONE $TWO $THREE
+MEMORY return code is overloaded for syntax errors in the commandline.
+str_split_quoted() should return a real return code, so spawn_child can
+report the failure properly.
+
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.

36
0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch Normal file
View File

@ -0,0 +1,36 @@
From 4f47bb8c5e5f234c614dc14532a9483328e61002 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 22:25:01 -0500
Subject: [PATCH] build-sys: use -Wno-typedef-redefinition only for clang
Our checks for -Wno-xxx switches do not work with gcc [1].
[1] https://gcc.gnu.org/wiki/FAQ#wnowarning
---
configure.ac | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index caf1f0e54e..d04f6f464f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -183,7 +183,6 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-Wno-unused-parameter \
-Wno-missing-field-initializers \
-Wno-unused-result \
- -Wno-typedef-redefinition \
-Werror=overflow \
-Wdate-time \
-Wnested-externs \
@@ -198,6 +197,11 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-fstack-protector-strong \
-fPIE \
--param=ssp-buffer-size=4])
+
+AS_CASE([$CC], [*clang*],
+ [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\
+ -Wno-typedef-redefinition])])
+
AS_CASE([$CFLAGS], [*-O[[12345\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-flto -ffat-lto-objects])],

26
0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch Normal file
View File

@ -0,0 +1,26 @@
From 65e3a2cf7c3b399853dd309f702ca5078b7d16ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Oct 2014 22:30:45 -0500
Subject: [PATCH] build-sys: use -Wno-gnu-variable-sized-type-not-at-end under
clang
Otherwise we get useless warnings about journal code.
---
configure.ac | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index d04f6f464f..945adfcbee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -200,7 +200,9 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
AS_CASE([$CC], [*clang*],
[CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\
- -Wno-typedef-redefinition])])
+ -Wno-typedef-redefinition \
+ -Wno-gnu-variable-sized-type-not-at-end \
+ ])])
AS_CASE([$CFLAGS], [*-O[[12345\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\

28
0570-systemd-hibernate-resume-.service-remove-unnecessary.patch Normal file
View File

@ -0,0 +1,28 @@
From 5516ae44198b5128f2afd93c7fb7973f89e2bfd9 Mon Sep 17 00:00:00 2001
From: Ivan Shapovalov <intelfx100@gmail.com>
Date: Thu, 9 Oct 2014 23:52:26 -0400
Subject: [PATCH] systemd-hibernate-resume@.service: remove unnecessary
ordering
They were left from an early review iteration, when hibernate-resume
functionality was intended to work also outside of initramfs.
Now this is not the case, and these dependencies became redundant
as systemd-fsck-root.service can never be part of initramfs, and
systemd-remount-fs.service makes little sense in it.
---
units/systemd-hibernate-resume@.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-hibernate-resume@.service.in b/units/systemd-hibernate-resume@.service.in
index 6db584dc4d..65e8eb83f1 100644
--- a/units/systemd-hibernate-resume@.service.in
+++ b/units/systemd-hibernate-resume@.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
BindsTo=%i.device
Wants=local-fs-pre.target
After=%i.device
-Before=local-fs-pre.target systemd-remount-fs.service systemd-fsck-root.service
+Before=local-fs-pre.target
ConditionPathExists=/etc/initrd-release
[Service]

24
0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch Normal file
View File

@ -0,0 +1,24 @@
From 864e17068ce9acf418d42a625141884293170952 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Oct 2014 11:11:25 +0200
Subject: [PATCH] nspawn: actually allow access to /dev/net/tun in the
container
It's not sufficient to just copy the device node over, we need to update
the policy for it too.
---
src/nspawn/nspawn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index da4c116f36..f04d326131 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1558,6 +1558,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
"/dev/random", "rwm",
"/dev/urandom", "rwm",
"/dev/tty", "rwm",
+ "/dev/net/tun", "rwm",
/* Allow the container
* access to ptys. However,
* do not permit the

139
0572-man-rework-VM-container-identifier-list-into-a-table.patch Normal file
View File

@ -0,0 +1,139 @@
From a9d9ad1fa7d528f49ecf9c971f840b5fe135119d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Oct 2014 12:29:08 +0200
Subject: [PATCH] man: rework VM/container identifier list into a table, and
include descriptions for all entries
(also remove chroot from the list, we don't detect that anymore)
---
man/systemd-detect-virt.xml | 110 +++++++++++++++++++++++++++++++++++++++-----
1 file changed, 98 insertions(+), 12 deletions(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index d3969e1f82..e167bddd07 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -66,17 +66,102 @@
<para>When executed without <option>--quiet</option>
will print a short identifier for the detected
virtualization technology. The following technologies
- are currently identified: <varname>qemu</varname>,
- <varname>kvm</varname>, <varname>vmware</varname>,
- <varname>microsoft</varname> (Hyper-V, also known as
- Viridian or Windows Server Virtualization),
- <varname>oracle</varname> (VirtualBox),
- <varname>xen</varname>, <varname>bochs</varname>,
- <varname>chroot</varname>, <varname>uml</varname>,
- <varname>openvz</varname>, <varname>lxc</varname>,
- <varname>lxc-libvirt</varname>,
- <varname>systemd-nspawn</varname>,
- <varname>docker</varname>.</para>
+ are currently identified:</para>
+
+ <table>
+ <title>Known VM virtualization technologies</title>
+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+ <colspec colname="id" />
+ <colspec colname="product" />
+ <thead>
+ <row>
+ <entry>ID</entry>
+ <entry>VM Product</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><varname>qemu</varname></entry>
+ <entry>QEMU software virtualization</entry>
+ </row>
+ <row>
+ <entry><varname>kvm</varname></entry>
+ <entry>Linux KVM kernel virtual machine</entry>
+ </row>
+
+ <row>
+ <entry><varname>vmware</varname></entry>
+ <entry>VMware Workstation or Server, and related products</entry>
+ </row>
+
+ <row>
+ <entry><varname>microsoft</varname></entry>
+ <entry>Hyper-V, also known as Viridian or Windows Server Virtualization</entry>
+ </row>
+
+ <row>
+ <entry><varname>oracle</varname></entry>
+ <entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems)</entry>
+ </row>
+
+ <row>
+ <entry><varname>xen</varname></entry>
+ <entry>Xen hypervisor</entry>
+ </row>
+
+ <row>
+ <entry><varname>bochs</varname></entry>
+ <entry>Bochs Emulator</entry>
+ </row>
+
+ <row>
+ <entry><varname>uml</varname></entry>
+ <entry>User-mode Linux</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table>
+ <title>Known container virtualization technologies</title>
+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+ <colspec colname="id" />
+ <colspec colname="product" />
+ <thead>
+ <row>
+ <entry>ID</entry>
+ <entry>Container Product</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><varname>openvz</varname></entry>
+ <entry>OpenVZ/Virtuozzo</entry>
+ </row>
+
+ <row>
+ <entry><varname>lxc</varname></entry>
+ <entry>Linux container implementation by LXC</entry>
+ </row>
+
+ <row>
+ <entry><varname>lxc-libvirt</varname></entry>
+ <entry>Linux container implementation by libvirt</entry>
+ </row>
+
+ <row>
+ <entry><varname>systemd-nspawn</varname></entry>
+ <entry>systemd's minimal container implementation, see <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></entry>
+ </row>
+
+ <row>
+ <entry><varname>docker</varname></entry>
+ <entry>Docker container manager</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
<para>If multiple virtualization solutions are used,
only the "innermost" is detected and identified. That
@@ -135,7 +220,8 @@
<refsect1>
<title>See Also</title>
<para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>

59
0573-man-include-zVM-in-systemd-detect-virt-list.patch Normal file
View File

@ -0,0 +1,59 @@
From 26d32dc5ee6d288108001f3fb7d45e25be441e14 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Oct 2014 12:36:57 +0200
Subject: [PATCH] man: include zVM in systemd-detect-virt list
---
man/systemd-detect-virt.xml | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index e167bddd07..eed0fe0ce9 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -69,7 +69,7 @@
are currently identified:</para>
<table>
- <title>Known VM virtualization technologies</title>
+ <title>Known VM virtualization technologies (i.e. full hardware virtualization)</title>
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
<colspec colname="id" />
<colspec colname="product" />
@@ -84,12 +84,18 @@
<entry><varname>qemu</varname></entry>
<entry>QEMU software virtualization</entry>
</row>
+
<row>
<entry><varname>kvm</varname></entry>
<entry>Linux KVM kernel virtual machine</entry>
</row>
<row>
+ <entry><varname>zvm</varname></entry>
+ <entry>s390 z/VM</entry>
+ </row>
+
+ <row>
<entry><varname>vmware</varname></entry>
<entry>VMware Workstation or Server, and related products</entry>
</row>
@@ -106,7 +112,7 @@
<row>
<entry><varname>xen</varname></entry>
- <entry>Xen hypervisor</entry>
+ <entry>Xen hypervisor (only domU, not dom0)</entry>
</row>
<row>
@@ -124,7 +130,7 @@
</table>
<table>
- <title>Known container virtualization technologies</title>
+ <title>Known container virtualization technologies (i.e. shared kernel virtualization)</title>
<tgroup cols='2' align='left' colsep='1' rowsep='1'>
<colspec colname="id" />
<colspec colname="product" />

39
0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch Normal file
View File

@ -0,0 +1,39 @@
From e737ef153c41435f1ad42b51233eedfb279e2ff7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Oct 2014 12:37:21 +0200
Subject: [PATCH] man: reference table in systemd-detect-virt(1) from
ConditionVirtualization= documentation
---
man/systemd.unit.xml | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index ec7ca5634e..e9395ff16f 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -1018,13 +1018,17 @@
<varname>openvz</varname>,
<varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
- <varname>systemd-nspawn</varname> to
- test against a specific
- implementation. If multiple
- virtualization technologies are nested,
- only the innermost is considered. The
- test may be negated by prepending an
- exclamation mark.</para>
+ <varname>systemd-nspawn</varname>,
+ <varname>docker</varname> to test
+ against a specific implementation. See
+ <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for a full list of known
+ virtualization technologies and their
+ identifiers. If multiple
+ virtualization technologies are
+ nested, only the innermost is
+ considered. The test may be negated by
+ prepending an exclamation mark.</para>
<para><varname>ConditionHost=</varname>
may be used to match against the

44
0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch Normal file
View File

@ -0,0 +1,44 @@
From 82279e696605fe4eeadd1ca3744c76c8790f885b Mon Sep 17 00:00:00 2001
From: Lukasz Skalski <l.skalski@samsung.com>
Date: Fri, 10 Oct 2014 12:29:04 +0200
Subject: [PATCH] kdbus: fix buffer overflow in bus_get_owner_kdbus() function
Commit 710fc9779b7c (kdbus repo) introduced attaching items[]
instead of name[] in kdbus_cmd_conn_info struct. Commit 581fe6c81
(systemd repo) caught up with this change, but item size was not
properly calculated.
---
src/libsystemd/sd-bus/bus-control.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index dbd94fc46b..7b106a3274 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -398,7 +398,7 @@ static int bus_get_owner_kdbus(
struct kdbus_cmd_conn_info *cmd;
struct kdbus_conn_info *conn_info;
struct kdbus_item *item;
- size_t size;
+ size_t size, l;
uint64_t m, id;
int r;
@@ -410,13 +410,12 @@ static int bus_get_owner_kdbus(
cmd = alloca0_align(size, 8);
cmd->id = id;
} else {
- size_t item_size = KDBUS_ITEM_HEADER_SIZE + strlen(name) + 1;
-
- size = offsetof(struct kdbus_cmd_conn_info, items) + item_size;
+ l = strlen(name) + 1;
+ size = offsetof(struct kdbus_cmd_conn_info, items) + KDBUS_ITEM_SIZE(l);
cmd = alloca0_align(size, 8);
- cmd->items[0].size = item_size;
+ cmd->items[0].size = KDBUS_ITEM_HEADER_SIZE + l;
cmd->items[0].type = KDBUS_ITEM_NAME;
- strcpy(cmd->items[0].str, name);
+ memcpy(cmd->items[0].str, name, l);
}
cmd->size = size;

228
0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch Normal file
View File

@ -0,0 +1,228 @@
From 9f103625b145a397e67c3714766775b615c8b587 Mon Sep 17 00:00:00 2001
From: Tobias Hunger <tobias.hunger@gmail.com>
Date: Thu, 9 Oct 2014 21:37:17 +0200
Subject: [PATCH] fstab-generator: Honor mount.usr*= on kernel command line
This allows to configure boot loader entries for systems where the
root and usr filesystems are in different subvolumes (or even on
different drives).
---
man/systemd-fstab-generator.xml | 76 ++++++++++++++++++++++++++++-
src/fstab-generator/fstab-generator.c | 90 +++++++++++++++++++++++++++++++++--
2 files changed, 160 insertions(+), 6 deletions(-)
diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml
index e3cf5d2bfb..65b48eea07 100644
--- a/man/systemd-fstab-generator.xml
+++ b/man/systemd-fstab-generator.xml
@@ -104,9 +104,83 @@
(initrd) while
<varname>fstab=</varname> is
honored by both the main system and
- the initrd. </para></listitem>
+ the initrd.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>root=</varname></term>
+
+ <listitem><para>Takes the root filesystem to mount
+ in the initrd.
+ <varname>root=</varname> is
+ honored by the initrd.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>rootfstype=</varname></term>
+
+ <listitem><para>Takes the root filesystem type that
+ will be passed to the mount command.
+ <varname>rootfstype=</varname> is
+ honored by the initrd.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>rootflags=</varname></term>
+
+ <listitem><para>Takes the root filesystem mount options
+ to use. <varname>rootflags=</varname> is
+ honored by the initrd.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>mount.usr=</varname></term>
+
+ <listitem><para>Takes the <filename>/usr</filename>
+ filesystem to be mounted by the initrd. If
+ <varname>mount.usrfstype=</varname> or
+ <varname>mount.usrflags=</varname> is set, then
+ <varname>mount.usr=</varname> will default to the value set in
+ <varname>root=</varname>.</para>
+
+ <para>Otherwise this parameter defaults to the
+ <filename>/usr</filename> entry
+ found in <filename>/etc/fstab</filename> on the root
+ filesystem.</para>
+
+ <para><varname>mount.usr=</varname> is honored by the initrd.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>mount.usrfstype=</varname></term>
+
+ <listitem><para>Takes the <filename>/usr</filename>
+ filesystem type that will be passed to the mount
+ command. If <varname>mount.usr=</varname> or
+ <varname>mount.usrflags=</varname> is set, then
+ <varname>mount.usrfstype=</varname> will default to the value set in
+ <varname>rootfstype=</varname>.</para>
+
+ <para>Otherwise this value will be read from the
+ <filename>/usr</filename> entry in
+ <filename>/etc/fstab</filename> on the root filesystem.</para>
+
+ <para><varname>mount.usrfstype=</varname> is
+ honored by the initrd.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>mount.usrflags=</varname></term>
+
+ <listitem><para>Takes the <filename>/usr</filename>
+ filesystem mount options to use. If
+ <varname>mount.usr=</varname> or
+ <varname>mount.usrfstype=</varname> is set, then
+ <varname>mount.usrflages=</varname> will default to the value set in
+ <varname>rootflags=</varname>.</para>
+ <para>Otherwise this value will be read from the
+ <filename>/usr</filename> entry in
+ <filename>/etc/fstab</filename> on the root filesystem.</para>
+
+ <para><varname>mount.usrflags=</varname> is
+ honored by the initrd.</para></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index b75bbb7998..32a8f9bd51 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -43,6 +43,9 @@ static char *arg_root_what = NULL;
static char *arg_root_fstype = NULL;
static char *arg_root_options = NULL;
static int arg_root_rw = -1;
+static char *arg_usr_what = NULL;
+static char *arg_usr_fstype = NULL;
+static char *arg_usr_options = NULL;
static int mount_find_pri(struct mntent *me, int *ret) {
@@ -494,12 +497,64 @@ static int add_root_mount(void) {
"/proc/cmdline");
}
+static int add_usr_mount(void) {
+ _cleanup_free_ char *what = NULL;
+ const char *opts;
+
+ if (!arg_usr_what && !arg_usr_fstype && !arg_usr_options)
+ return 0;
+
+ if (arg_root_what && !arg_usr_what) {
+ arg_usr_what = strdup(arg_root_what);
+
+ if (!arg_usr_what)
+ return log_oom();
+ }
+
+ if (arg_root_fstype && !arg_usr_fstype) {
+ arg_usr_fstype = strdup(arg_root_fstype);
+
+ if (!arg_usr_fstype)
+ return log_oom();
+ }
+
+ if (arg_root_options && !arg_usr_options) {
+ arg_usr_options = strdup(arg_root_options);
+
+ if (!arg_usr_options)
+ return log_oom();
+ }
+
+ if (!arg_usr_what || !arg_usr_options)
+ return 0;
+
+ what = fstab_node_to_udev_node(arg_usr_what);
+ if (!path_is_absolute(what)) {
+ log_debug("Skipping entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype));
+ return -1;
+ }
+
+ opts = arg_usr_options;
+
+ log_debug("Found entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype));
+ return add_mount(what,
+ "/sysroot/usr",
+ arg_usr_fstype,
+ opts,
+ 1,
+ false,
+ false,
+ false,
+ SPECIAL_INITRD_ROOT_FS_TARGET,
+ "/proc/cmdline");
+}
+
static int parse_proc_cmdline_item(const char *key, const char *value) {
int r;
- /* root= and roofstype= may occur more than once, the last
- * instance should take precedence. In the case of multiple
- * rootflags= the arguments should be concatenated */
+ /* root=, usr=, usrfstype= and roofstype= may occur more than once, the last
+ * instance should take precedence. In the case of multiple rootflags=
+ * or usrflags= the arguments should be concatenated */
if (STR_IN_SET(key, "fstab", "rd.fstab") && value) {
@@ -531,6 +586,28 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
free(arg_root_options);
arg_root_options = o;
+ } else if (streq(key, "mount.usr") && value) {
+
+ if (free_and_strdup(&arg_usr_what, value) < 0)
+ return log_oom();
+
+ } else if (streq(key, "mount.usrfstype") && value) {
+
+ if (free_and_strdup(&arg_usr_fstype, value) < 0)
+ return log_oom();
+
+ } else if (streq(key, "mount.usrflags") && value) {
+ char *o;
+
+ o = arg_usr_options ?
+ strjoin(arg_usr_options, ",", value, NULL) :
+ strdup(value);
+ if (!o)
+ return log_oom();
+
+ free(arg_usr_options);
+ arg_usr_options = o;
+
} else if (streq(key, "rw") && !value)
arg_root_rw = true;
else if (streq(key, "ro") && !value)
@@ -559,9 +636,12 @@ int main(int argc, char *argv[]) {
if (parse_proc_cmdline(parse_proc_cmdline_item) < 0)
return EXIT_FAILURE;
- /* Always honour root= in the kernel command line if we are in an initrd */
- if (in_initrd())
+ /* Always honour root= and usr= in the kernel command line if we are in an initrd */
+ if (in_initrd()) {
r = add_root_mount();
+ if (r == 0)
+ r = add_usr_mount();
+ }
/* Honour /etc/fstab only when that's enabled */
if (arg_fstab_enabled) {

49
0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch Normal file
View File

@ -0,0 +1,49 @@
From 0fff82e5f867f9494ed631736964d9abfe672673 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <systemd@esmil.dk>
Date: Thu, 18 Sep 2014 15:24:55 +0200
Subject: [PATCH] mount-setup: skip relabelling when SELinux and SMACK not
supported
This is also the only place where FTW_ACTIONRETVAL is used, so
this makes systemd compile without SELinux or SMACK support
when the standard library doesn't support this extension.
---
src/core/mount-setup.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 23a66d2e95..8e91217828 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -351,6 +351,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
return 0;
}
+#if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
static int nftw_cb(
const char *fpath,
const struct stat *sb,
@@ -372,6 +373,7 @@ static int nftw_cb(
return FTW_CONTINUE;
};
+#endif
int mount_setup(bool loaded_policy) {
int r;
@@ -384,6 +386,7 @@ int mount_setup(bool loaded_policy) {
return r;
}
+#if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
/* Nodes in devtmpfs and /run need to be manually updated for
* the appropriate labels, after mounting. The other virtual
* API file systems like /sys and /proc do not need that, they
@@ -402,6 +405,7 @@ int mount_setup(bool loaded_policy) {
log_info("Relabelled /dev and /run in %s.",
format_timespan(timespan, sizeof(timespan), after_relabel - before_relabel, 0));
}
+#endif
/* Create a few default symlinks, which are normally created
* by udevd, but some scripts might need them before we start

2
0505-fedora-add-bridge-sysctl-configuration.patch → fedora-add-bridge-sysctl-configuration.patch
View File

@ -1,4 +1,4 @@
From 92f6fa8c02e7721120e712b8cc1d250ce940f51c Mon Sep 17 00:00:00 2001
From 30353eb466fe1ef768dc7bc1ccc1239b97dab70c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 01:49:10 -0400
Subject: [PATCH] fedora: add bridge sysctl configuration

2
0534-fedora-disable-resolv.conf-symlink.patch → fedora-disable-resolv.conf-symlink.patch
View File

@ -1,4 +1,4 @@
From e2c48e9a4cff991e432472cd12a7b47a3049ece9 Mon Sep 17 00:00:00 2001
From 6da80d4bbfaa3d8a2a8952995a108d6dbd6a1e3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 3 Oct 2014 21:34:14 -0400
Subject: [PATCH] fedora: disable resolv.conf symlink

58
systemd.spec
View File

@ -16,7 +16,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 216
Release: 9%{?gitcommit:.git%{gitcommit}}%{?dist}
Release: 10%{?gitcommit:.git%{gitcommit}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@ -571,10 +571,54 @@ Patch0529: 0529-man-move-commandline-parsing-to-a-separate-section.patch
Patch0530: 0530-man-document-stripping-of-quotes.patch
Patch0531: 0531-Update-TODO.patch
Patch0532: 0532-proc-sys-prefixes-are-not-necessary-for-sysctl-anymo.patch
Patch0533: 0533-core-don-t-allow-enabling-if-unit-is-masked.patch
Patch0534: 0534-fedora-disable-resolv.conf-symlink.patch
Patch0535: 0535-fedora-add-bridge-sysctl-configuration.patch
Patch0533: 0533-bus-proxyd-assorted-cleanups-and-fixes.patch
Patch0534: 0534-core-don-t-allow-enabling-if-unit-is-masked.patch
Patch0535: 0535-man-mention-docker-as-type-of-virtualization.patch
Patch0536: 0536-NEWS-update-for-217.patch
Patch0537: 0537-unit-move-UnitDependency-to-unit-name.patch
Patch0538: 0538-systemctl-add-add-wants-and-add-requires-verbs.patch
Patch0539: 0539-note-on-relative-symlink-in-os-release.patch
Patch0540: 0540-nspawn-copy-dev-net-tun-from-host.patch
Patch0541: 0541-sd-bus-sync-kdbus.h-ABI-break.patch
Patch0542: 0542-Update-TODO.patch
Patch0543: 0543-core-map-the-rescue-argument-to-rescue.target.patch
Patch0544: 0544-time-functions-named-internal-really-shouldn-t-be-ex.patch
Patch0545: 0545-util-avoid-double-close-of-fd.patch
Patch0546: 0546-man-systemctl-document-enable-on-masked-units.patch
Patch0547: 0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch
Patch0548: 0548-sd-event-also-update-signal-mask-when-disconnecting-.patch
Patch0549: 0549-update-TODO.patch
Patch0550: 0550-systemctl-suggest-xe-not-xn.patch
Patch0551: 0551-sd-bus-check-return-value-of-asprintf.patch
Patch0552: 0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch
Patch0553: 0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch
Patch0554: 0554-bus-policy-move-name-list-iteration-to-policy-users.patch
Patch0555: 0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch
Patch0556: 0556-socket-proxyd-Unchecked-return-value-from-library.patch
Patch0557: 0557-bus-proxy-allow-getpeersec-to-fail.patch
Patch0558: 0558-update-TODO.patch
Patch0559: 0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch
Patch0560: 0560-man-document-the-new-rescue-kernel-command-line-opti.patch
Patch0561: 0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch
Patch0562: 0562-sd-journal-change-check-to-assert.patch
Patch0563: 0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch
Patch0564: 0564-journalctl-use-pager-for-list-boots.patch
Patch0565: 0565-systemctl-remove-casts-in-formatting.patch
Patch0566: 0566-man-clarify-what-microsoft-and-oracle-stand-for.patch
Patch0567: 0567-Update-TODO.patch
Patch0568: 0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch
Patch0569: 0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch
Patch0570: 0570-systemd-hibernate-resume-.service-remove-unnecessary.patch
Patch0571: 0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch
Patch0572: 0572-man-rework-VM-container-identifier-list-into-a-table.patch
Patch0573: 0573-man-include-zVM-in-systemd-detect-virt-list.patch
Patch0574: 0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch
Patch0575: 0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch
Patch0576: 0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch
Patch0577: 0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch
Patch0998: fedora-disable-resolv.conf-symlink.patch
Patch0999: fedora-add-bridge-sysctl-configuration.patch
# kernel-install patch for grubby, drop if grubby is obsolete
Patch1000: kernel-install-grubby.patch
@ -1354,9 +1398,13 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{_datadir}/systemd/gatewayd
%changelog
* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-10
- Fix a problem with voluntary daemon exits and some other bugs
(#1150477, #1095962, #1150289)
* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-9
- Update to latest git, but without the readahead removal patch
(#1114786, #1141137)
(#1114786, #634736)
* Wed Oct 01 2014 Kay Sievers <kay@redhat.com> - 216-8
- revert "don't reset selinux context during CHANGE events"