rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

systemd-252-63

Browse Source 
Resolves: RHEL-109833,RHEL-127859
This commit is contained in:
Jan Macku 2025-11-27 14:33:52 +01:00
parent c40c55ef8d
commit f453f2c6ee
7 changed files with 422 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1292-cryptsetup-generator-refactor-add_crypttab_devices.patch Normal file
View File

@ -0,0 +1,130 @@
From 01826a6ded513adea1dabeccc6b860baee277482 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 30 May 2024 10:44:36 +0200
Subject: [PATCH] cryptsetup-generator: refactor add_crypttab_devices()
Move the processing of a crypttab entry to a separate function.
No functional changes, just refactoring.
(cherry picked from commit a07cb7d404582f9c0bfaedb9dd07f93848aa91c6)
Related: RHEL-127859
---
src/cryptsetup/cryptsetup-generator.c | 87 +++++++++++++++------------
1 file changed, 49 insertions(+), 38 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 9e8e7e746f..6ab3b85b6b 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -779,6 +779,52 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
return 0;
}
+static int add_crypttab_device(const char *name, const char *device, const char *keyspec, const char *options) {
+ _cleanup_free_ char *keyfile = NULL, *keydev = NULL, *headerdev = NULL, *filtered_header = NULL;
+ crypto_device *d = NULL;
+ char *uuid;
+ int r;
+
+ uuid = startswith(device, "UUID=");
+ if (!uuid)
+ uuid = path_startswith(device, "/dev/disk/by-uuid/");
+ if (!uuid)
+ uuid = startswith(name, "luks-");
+ if (uuid)
+ d = hashmap_get(arg_disks, uuid);
+
+ if (arg_allow_list && !d) {
+ log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
+ return 0;
+ }
+
+ r = split_locationspec(keyspec, &keyfile, &keydev);
+ if (r < 0)
+ return r;
+
+ if (options && (!d || !d->options)) {
+ r = filter_header_device(options, &headerdev, &filtered_header);
+ if (r < 0)
+ return r;
+ options = filtered_header;
+ }
+
+ r = create_disk(name,
+ device,
+ keyfile,
+ keydev,
+ (d && d->options) ? d->headerdev : headerdev,
+ (d && d->options) ? d->options : options,
+ arg_crypttab);
+ if (r < 0)
+ return r;
+
+ if (d)
+ d->create = false;
+
+ return 0;
+}
+
static int add_crypttab_devices(void) {
_cleanup_fclose_ FILE *f = NULL;
unsigned crypttab_line = 0;
@@ -795,10 +841,8 @@ static int add_crypttab_devices(void) {
}
for (;;) {
- _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL,
- *keyfile = NULL, *keydev = NULL, *headerdev = NULL, *filtered_header = NULL;
- crypto_device *d = NULL;
- char *l, *uuid;
+ _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL;
+ char *l;
int k;
r = read_line(f, LONG_LINE_MAX, &line);
@@ -819,42 +863,9 @@ static int add_crypttab_devices(void) {
continue;
}
- uuid = startswith(device, "UUID=");
- if (!uuid)
- uuid = path_startswith(device, "/dev/disk/by-uuid/");
- if (!uuid)
- uuid = startswith(name, "luks-");
- if (uuid)
- d = hashmap_get(arg_disks, uuid);
-
- if (arg_allow_list && !d) {
- log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
- continue;
- }
-
- r = split_locationspec(keyspec, &keyfile, &keydev);
+ r = add_crypttab_device(name, device, keyspec, options);
if (r < 0)
return r;
-
- if (options && (!d || !d->options)) {
- r = filter_header_device(options, &headerdev, &filtered_header);
- if (r < 0)
- return r;
- free_and_replace(options, filtered_header);
- }
-
- r = create_disk(name,
- device,
- keyfile,
- keydev,
- (d && d->options) ? d->headerdev : headerdev,
- (d && d->options) ? d->options : options,
- arg_crypttab);
- if (r < 0)
- return r;
-
- if (d)
- d->create = false;
}
return 0;

43
1293-cryptsetup-generator-continue-parsing-after-error.patch Normal file
View File

@ -0,0 +1,43 @@
From 238dadc16fb2bb6ad2fef5602dac5cd2c9aa31ed Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 30 May 2024 10:46:13 +0200
Subject: [PATCH] cryptsetup-generator: continue parsing after error
Let's make the crypttab parser more robust and continue even if parsing
of a line failed.
(cherry picked from commit 83813bae7ae471862ff84b038b5e4eaefae41c98)
Resolves: RHEL-127859
---
src/cryptsetup/cryptsetup-generator.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 6ab3b85b6b..924a403ee5 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -828,7 +828,7 @@ static int add_crypttab_device(const char *name, const char *device, const char
static int add_crypttab_devices(void) {
_cleanup_fclose_ FILE *f = NULL;
unsigned crypttab_line = 0;
- int r;
+ int r, ret = 0;
if (!arg_read_crypttab)
return 0;
@@ -863,12 +863,10 @@ static int add_crypttab_devices(void) {
continue;
}
- r = add_crypttab_device(name, device, keyspec, options);
- if (r < 0)
- return r;
+ RET_GATHER(ret, add_crypttab_device(name, device, keyspec, options));
}
- return 0;
+ return ret;
}
static int add_proc_cmdline_devices(void) {

39
1294-cryptsetup-generator-parse-all-cmdline-devices-too.patch Normal file
View File

@ -0,0 +1,39 @@
From 25a4e8e1d411f56fcee5b53d1620c42f3bba16e6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 30 May 2024 13:32:20 +0200
Subject: [PATCH] cryptsetup-generator: parse all cmdline devices too
(cherry picked from commit 47c703d949e84997d11d657fade68064c04a46c8)
Related: RHEL-127859
---
src/cryptsetup/cryptsetup-generator.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 924a403ee5..1136f5aed7 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -870,7 +870,7 @@ static int add_crypttab_devices(void) {
}
static int add_proc_cmdline_devices(void) {
- int r;
+ int r, ret = 0;
crypto_device *d;
HASHMAP_FOREACH(d, arg_disks) {
@@ -896,11 +896,10 @@ static int add_proc_cmdline_devices(void) {
d->headerdev,
d->options ?: arg_default_options,
"/proc/cmdline");
- if (r < 0)
- return r;
+ RET_GATHER(ret, r);
}
- return 0;
+ return ret;
}
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(crypt_device_hash_ops, char, string_hash_func, string_compare_func,

33
1295-cryptsetup-generator-always-process-cmdline-devices.patch Normal file
View File

@ -0,0 +1,33 @@
From 1ba4f74ed15a3b715eba0f21a12239af6e44146f Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 30 May 2024 13:33:57 +0200
Subject: [PATCH] cryptsetup-generator: always process cmdline devices
(cherry picked from commit d181939e2e382631d9b067e0b4cfbf11b709a297)
Related: RHEL-127859
---
src/cryptsetup/cryptsetup-generator.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 1136f5aed7..06292f7f73 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -925,14 +925,9 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
return 0;
r = add_crypttab_devices();
- if (r < 0)
- return r;
-
- r = add_proc_cmdline_devices();
- if (r < 0)
- return r;
+ RET_GATHER(r, add_proc_cmdline_devices());
- return 0;
+ return r;
}
DEFINE_MAIN_GENERATOR_FUNCTION(run);

44
1296-logind-add-background-light-session-class.patch Normal file
View File

@ -0,0 +1,44 @@
From a48488d06e60af0d02387488d4de0abbaddf93ad Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 27 Nov 2023 18:39:02 +0100
Subject: [PATCH] logind: add "background-light" session class
This is the same as the "background" class, but does *not* pull in a
service manager. It might be useful for things like select cron jobs
that do not intend to call per-user IPC calls.
Replaces: #23569
Fixes: #23978
(cherry picked from commit b5100c736f1fce2b6b22c07cf2725e4ec3764a75)
Related: RHEL-109833
---
src/login/logind-session.c | 1 +
src/login/logind-session.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 8c8dd0d43e..5ba1e690ac 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -1525,6 +1525,7 @@ static const char* const session_class_table[_SESSION_CLASS_MAX] = {
[SESSION_GREETER] = "greeter",
[SESSION_LOCK_SCREEN] = "lock-screen",
[SESSION_BACKGROUND] = "background",
+ [SESSION_BACKGROUND_LIGHT] = "background-light",
};
DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index 5ee059aa4f..a02d72c211 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -23,6 +23,7 @@ typedef enum SessionClass {
SESSION_GREETER,
SESSION_LOCK_SCREEN,
SESSION_BACKGROUND,
+ SESSION_BACKGROUND_LIGHT, /* Like SESSION_BACKGROUND, but without the service manager */
_SESSION_CLASS_MAX,
_SESSION_CLASS_INVALID = -EINVAL,
} SessionClass;

118
1297-pam_systemd-honor-session-class-provided-via-PAM-env.patch Normal file
View File

@ -0,0 +1,118 @@
From d5d08290cf66a0c491a875345902d5c3bfeb6c5a Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 25 Aug 2025 15:09:36 +0200
Subject: [PATCH] pam_systemd: honor session class provided via PAM environment
Replaces #38638
Co-authored-by: Lennart Poettering <lennart@poettering.net>
(cherry picked from commit cf2630acaa87ded5ad99ea30ed4bd895e71ca503)
Resolves: RHEL-109833
[msekleta: this is absolutely minimal version of the ideas implemented in
https://github.com/systemd/systemd/pull/30884. At this point I want to avoid
big/risky backports and what I am proposing here should suffice.]
---
man/pam_systemd.xml | 11 ++++++++++-
src/login/logind-session.c | 5 +++--
src/login/logind-user.c | 16 +++++++++++++++-
src/login/pam_systemd.c | 6 ++++--
4 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index 60b8577822..55239ea3d7 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -95,8 +95,17 @@
<literal>lock-screen</literal> or <literal>background</literal>. See
<citerefentry><refentrytitle>sd_session_get_class</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
details about the session class.</para></listitem>
- </varlistentry>
+ <para>If no session class is specified via either the PAM module option or via the
+ <varname>$XDG_SESSION_CLASS</varname> environment variable, the class is automatically chosen, depending on
+ various session parameters, such as the session type (if known), whether the session has a TTY or X11
+ display, and the user disposition. Note that various tools allow setting the session class for newly
+ allocated PAM sessions explicitly by means of the <varname>$XDG_SESSION_CLASS</varname> environment variable.
+ For example, classic UNIX cronjobs support environment variable assignments (see
+ <citerefentry project='man-pages'><refentrytitle>crontab</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
+ which may be used to choose between the <constant>background</constant> and
+ <constant>background-light</constant> session class individually per cronjob.</para>
+ </varlistentry>
<varlistentry>
<term><varname>type=</varname></term>
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 5ba1e690ac..2ad05e3798 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -680,8 +680,9 @@ static int session_start_scope(Session *s, sd_bus_message *properties, sd_bus_er
s->user->slice,
description,
/* These two have StopWhenUnneeded= set, hence add a dep towards them */
- STRV_MAKE(s->user->runtime_dir_service,
- s->user->service),
+ s->class == SESSION_BACKGROUND_LIGHT ?
+ STRV_MAKE(s->user->runtime_dir_service) :
+ STRV_MAKE(s->user->runtime_dir_service, s->user->service),
after,
user_record_home_directory(s->user->user_record),
properties,
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index e02ad754ee..ffa32c6ce5 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -441,6 +441,19 @@ static int user_update_slice(User *u) {
return 0;
}
+static bool user_wants_service_manager(User *u) {
+ assert(u);
+
+ LIST_FOREACH(sessions_by_user, s, u->sessions)
+ if (s->class != SESSION_BACKGROUND_LIGHT)
+ return true;
+
+ if (user_check_linger_file(u) > 0)
+ return true;
+
+ return false;
+}
+
int user_start(User *u) {
assert(u);
@@ -464,7 +477,8 @@ int user_start(User *u) {
(void) user_update_slice(u);
/* Start user@UID.service */
- user_start_service(u);
+ if (user_wants_service_manager(u))
+ user_start_service(u);
if (!u->started) {
if (!dual_timestamp_is_set(&u->timestamp))
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index a288b3602a..c7377e21a8 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -753,14 +753,16 @@ _public_ PAM_EXTERN int pam_sm_open_session(
* (as they otherwise even try to update it!) — but cron doesn't actually allocate a TTY for its forked
* off processes.) */
type = "unspecified";
- class = "background";
+ if (isempty(class))
+ class = "background";
tty = NULL;
} else if (streq(tty, "ssh")) {
/* ssh has been setting PAM_TTY to "ssh" (for the same reason as cron does this, see above. For further
* details look for "PAM_TTY_KLUDGE" in the openssh sources). */
type ="tty";
- class = "user";
+ if (isempty(class))
+ class = "user";
tty = NULL; /* This one is particularly sad, as this means that ssh sessions — even though usually
* associated with a pty — won't be tracked by their tty in logind. This is because ssh
* does the PAM session registration early for new connections, and registers a pty only

16
systemd.spec
View File

@ -21,7 +21,7 @@
Name: systemd
Url: https://systemd.io
Version: 252
Release: 62%{?dist}
Release: 63%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -1374,6 +1374,12 @@ Patch1288: 1288-TEST-07-PID1-add-reprudcer-for-issue-35190.patch
Patch1289: 1289-coredump-handle-ENOBUFS-and-EMSGSIZE-the-same-way.patch
Patch1290: 1290-ukify-rstrip-and-escape-binary-null-characters-from-.patch
Patch1291: 1291-timer-rebase-last_trigger-timestamp-if-needed.patch
Patch1292: 1292-cryptsetup-generator-refactor-add_crypttab_devices.patch
Patch1293: 1293-cryptsetup-generator-continue-parsing-after-error.patch
Patch1294: 1294-cryptsetup-generator-parse-all-cmdline-devices-too.patch
Patch1295: 1295-cryptsetup-generator-always-process-cmdline-devices.patch
Patch1296: 1296-logind-add-background-light-session-class.patch
Patch1297: 1297-pam_systemd-honor-session-class-provided-via-PAM-env.patch
# Downstream-only patches (90009999)
@ -2251,6 +2257,14 @@ systemd-hwdb update &>/dev/null || :
%{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*
%changelog
* Thu Nov 27 2025 systemd maintenance team <systemd-maint@redhat.com> - 252-63
- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-127859)
- cryptsetup-generator: continue parsing after error (RHEL-127859)
- cryptsetup-generator: parse all cmdline devices too (RHEL-127859)
- cryptsetup-generator: always process cmdline devices (RHEL-127859)
- logind: add "background-light" session class (RHEL-109833)
- pam_systemd: honor session class provided via PAM environment (RHEL-109833)
* Mon Nov 24 2025 systemd maintenance team <systemd-maint@redhat.com> - 252-62
- ukify: rstrip and escape binary null characters from 'inspect' output (#38607) (RHEL-109558)
- timer: rebase last_trigger timestamp if needed (RHEL-118215)