import UBI systemd-252-67.el9_8.4
This commit is contained in:
AlmaLinux RelEng Bot
parent
d406a554c3
commit
f4e03c9036
@ -0,0 +1,55 @@
|
||||
From 413d89a2e5896e2fc62de9c73aa62bd2d7da6ea3 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Wed, 11 Mar 2026 12:15:26 +0000
|
||||
Subject: [PATCH] nspawn: apply BindUser/Ephemeral from settings file only if
|
||||
trusted
|
||||
|
||||
Originally reported on yeswehack.com as:
|
||||
YWH-PGM9780-116
|
||||
|
||||
Follow-up for 2f8930449079403b26c9164b8eeac78d5af2c8df
|
||||
Follow-up for a2f577fca0be79b23f61f033229b64884e7d840a
|
||||
|
||||
(cherry picked from commit 61bceb1bff4b1f9c126b18dc971ca3e6d8c71c40)
|
||||
|
||||
Resolves: RHEL-163870
|
||||
---
|
||||
src/nspawn/nspawn.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
||||
index db45968cd3..39d036ef7e 100644
|
||||
--- a/src/nspawn/nspawn.c
|
||||
+++ b/src/nspawn/nspawn.c
|
||||
@@ -4304,8 +4304,13 @@ static int merge_settings(Settings *settings, const char *path) {
|
||||
}
|
||||
|
||||
if ((arg_settings_mask & SETTING_EPHEMERAL) == 0 &&
|
||||
- settings->ephemeral >= 0)
|
||||
- arg_ephemeral = settings->ephemeral;
|
||||
+ settings->ephemeral >= 0) {
|
||||
+
|
||||
+ if (!arg_settings_trusted)
|
||||
+ log_warning("Ignoring ephemeral setting, file %s is not trusted.", path);
|
||||
+ else
|
||||
+ arg_ephemeral = settings->ephemeral;
|
||||
+ }
|
||||
|
||||
if ((arg_settings_mask & SETTING_DIRECTORY) == 0 &&
|
||||
settings->root) {
|
||||
@@ -4473,8 +4478,13 @@ static int merge_settings(Settings *settings, const char *path) {
|
||||
}
|
||||
|
||||
if ((arg_settings_mask & SETTING_BIND_USER) == 0 &&
|
||||
- !strv_isempty(settings->bind_user))
|
||||
- strv_free_and_replace(arg_bind_user, settings->bind_user);
|
||||
+ !strv_isempty(settings->bind_user)) {
|
||||
+
|
||||
+ if (!arg_settings_trusted)
|
||||
+ log_warning("Ignoring bind user setting, file %s is not trusted.", path);
|
||||
+ else
|
||||
+ strv_free_and_replace(arg_bind_user, settings->bind_user);
|
||||
+ }
|
||||
|
||||
if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0 &&
|
||||
settings->notify_ready >= 0)
|
||||
32
SOURCES/1329-nspawn-normalize-pivot_root-paths.patch
Normal file
32
SOURCES/1329-nspawn-normalize-pivot_root-paths.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From bd8f4b9ed6ed3ae5f8d4f6f7bce34ea9c2e8e5f4 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Wed, 11 Mar 2026 13:27:14 +0000
|
||||
Subject: [PATCH] nspawn: normalize pivot_root paths
|
||||
|
||||
Originally reported on yeswehack.com as:
|
||||
YWH-PGM9780-116
|
||||
|
||||
Follow-up for b53ede699cdc5233041a22591f18863fb3fe2672
|
||||
|
||||
(cherry picked from commit 7b85f5498a958e5bb660c703b8f4a71cceed3373)
|
||||
|
||||
Resolves: RHEL-163870
|
||||
---
|
||||
src/nspawn/nspawn-mount.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
|
||||
index a54f1464ba..af96d2d1d7 100644
|
||||
--- a/src/nspawn/nspawn-mount.c
|
||||
+++ b/src/nspawn/nspawn-mount.c
|
||||
@@ -1244,7 +1244,9 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s
|
||||
|
||||
if (!path_is_absolute(root_new))
|
||||
return -EINVAL;
|
||||
- if (root_old && !path_is_absolute(root_old))
|
||||
+ if (!path_is_normalized(root_new))
|
||||
+ return -EINVAL;
|
||||
+ if (root_old && (!path_is_absolute(root_old) || !path_is_normalized(root_old)))
|
||||
return -EINVAL;
|
||||
|
||||
free_and_replace(*pivot_root_new, root_new);
|
||||
@ -0,0 +1,110 @@
|
||||
From 87663c17b8529c4b4d216ec996c23c022999789e Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Fri, 6 Mar 2026 19:32:35 +0000
|
||||
Subject: [PATCH] udev: check for invalid chars in various fields received from
|
||||
the kernel
|
||||
|
||||
(cherry picked from commit 16325b35fa6ecb25f66534a562583ce3b96d52f3)
|
||||
|
||||
Resolves: RHEL-163876
|
||||
---
|
||||
src/udev/dmi_memory_id/dmi_memory_id.c | 3 ++-
|
||||
src/udev/scsi_id/scsi_id.c | 5 +++--
|
||||
src/udev/udev-builtin-net_id.c | 7 ++++++-
|
||||
src/udev/v4l_id/v4l_id.c | 5 ++++-
|
||||
4 files changed, 15 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c
|
||||
index 1345289219..d833a5989d 100644
|
||||
--- a/src/udev/dmi_memory_id/dmi_memory_id.c
|
||||
+++ b/src/udev/dmi_memory_id/dmi_memory_id.c
|
||||
@@ -50,6 +50,7 @@
|
||||
#include "string-util.h"
|
||||
#include "udev-util.h"
|
||||
#include "unaligned.h"
|
||||
+#include "utf8.h"
|
||||
#include "version.h"
|
||||
|
||||
#define SUPPORTED_SMBIOS_VER 0x030300
|
||||
@@ -185,7 +186,7 @@ static void dmi_memory_device_string(
|
||||
|
||||
str = strdupa_safe(dmi_string(h, s));
|
||||
str = strstrip(str);
|
||||
- if (!isempty(str))
|
||||
+ if (!isempty(str) && utf8_is_valid(str) && !string_has_cc(str, /* ok= */ NULL))
|
||||
printf("MEMORY_DEVICE_%u_%s=%s\n", slot_num, attr_suffix, str);
|
||||
}
|
||||
|
||||
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
|
||||
index 364d567705..2a489f4e38 100644
|
||||
--- a/src/udev/scsi_id/scsi_id.c
|
||||
+++ b/src/udev/scsi_id/scsi_id.c
|
||||
@@ -26,6 +26,7 @@
|
||||
#include "strv.h"
|
||||
#include "strxcpyx.h"
|
||||
#include "udev-util.h"
|
||||
+#include "utf8.h"
|
||||
#include "version.h"
|
||||
|
||||
static const struct option options[] = {
|
||||
@@ -441,8 +442,8 @@ static int scsi_id(char *maj_min_dev) {
|
||||
}
|
||||
if (dev_scsi.tgpt_group[0] != '\0')
|
||||
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
|
||||
- if (dev_scsi.unit_serial_number[0] != '\0')
|
||||
- printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
|
||||
+ if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
|
||||
+ printf("ID_SCSI_SERIAL=%s\n", serial_str);
|
||||
goto out;
|
||||
}
|
||||
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index e1895a38c0..6bb6465832 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -39,6 +39,7 @@
|
||||
#include "strv.h"
|
||||
#include "strxcpyx.h"
|
||||
#include "udev-builtin.h"
|
||||
+#include "utf8.h"
|
||||
|
||||
#define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1)
|
||||
#define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1)
|
||||
@@ -1188,9 +1189,13 @@ static int get_link_info(sd_device *dev, LinkInfo *info) {
|
||||
return r;
|
||||
|
||||
r = device_get_sysattr_value_filtered(dev, "phys_port_name", &info->phys_port_name);
|
||||
- if (r >= 0)
|
||||
+ if (r >= 0) {
|
||||
+ if (!utf8_is_valid(info->phys_port_name) || string_has_cc(info->phys_port_name, /* ok= */ NULL))
|
||||
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Invalid phys_port_name");
|
||||
+
|
||||
/* Check if phys_port_name indicates virtual device representor */
|
||||
(void) sscanf(info->phys_port_name, "pf%*uvf%d", &info->vf_representor_id);
|
||||
+ }
|
||||
|
||||
r = device_get_sysattr_value_filtered(dev, "address", &s);
|
||||
if (r < 0 && r != -ENOENT)
|
||||
diff --git a/src/udev/v4l_id/v4l_id.c b/src/udev/v4l_id/v4l_id.c
|
||||
index c2312c7909..ae8459c456 100644
|
||||
--- a/src/udev/v4l_id/v4l_id.c
|
||||
+++ b/src/udev/v4l_id/v4l_id.c
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <linux/videodev2.h>
|
||||
|
||||
#include "fd-util.h"
|
||||
+#include "string-util.h"
|
||||
+#include "utf8.h"
|
||||
#include "util.h"
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
@@ -66,7 +68,8 @@ int main(int argc, char *argv[]) {
|
||||
if (ioctl(fd, VIDIOC_QUERYCAP, &v2cap) == 0) {
|
||||
int capabilities;
|
||||
printf("ID_V4L_VERSION=2\n");
|
||||
- printf("ID_V4L_PRODUCT=%s\n", v2cap.card);
|
||||
+ if (utf8_is_valid((char *)v2cap.card) && !string_has_cc((char *)v2cap.card, /* ok= */ NULL))
|
||||
+ printf("ID_V4L_PRODUCT=%s\n", v2cap.card);
|
||||
printf("ID_V4L_CAPABILITIES=:");
|
||||
if (v2cap.capabilities & V4L2_CAP_DEVICE_CAPS)
|
||||
capabilities = v2cap.device_caps;
|
||||
32
SOURCES/1331-udev-fix-review-mixup.patch
Normal file
32
SOURCES/1331-udev-fix-review-mixup.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 62af15ed46544eec6453ad2bac8926e292e5d189 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Fri, 13 Mar 2026 11:10:47 +0000
|
||||
Subject: [PATCH] udev: fix review mixup
|
||||
|
||||
The previous version in the PR changed variable and sanitized it
|
||||
in place. The second version switched to skip if CCs are in the
|
||||
string instead, but didn't move back to the original variable.
|
||||
Because it's an existing variable, no CI caught it.
|
||||
|
||||
Follow-up for 16325b35fa6ecb25f66534a562583ce3b96d52f3
|
||||
|
||||
(cherry picked from commit 54f880b02ecf7362e630ffc885d1466df6ee6820)
|
||||
|
||||
Resolves: RHEL-163876
|
||||
---
|
||||
src/udev/scsi_id/scsi_id.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
|
||||
index 2a489f4e38..71c5534851 100644
|
||||
--- a/src/udev/scsi_id/scsi_id.c
|
||||
+++ b/src/udev/scsi_id/scsi_id.c
|
||||
@@ -443,7 +443,7 @@ static int scsi_id(char *maj_min_dev) {
|
||||
if (dev_scsi.tgpt_group[0] != '\0')
|
||||
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
|
||||
if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
|
||||
- printf("ID_SCSI_SERIAL=%s\n", serial_str);
|
||||
+ printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -0,0 +1,52 @@
|
||||
From 023f021259fb5fff8b8f40ea53694a36479d26e3 Mon Sep 17 00:00:00 2001
|
||||
From: Luca Boccassi <luca.boccassi@gmail.com>
|
||||
Date: Fri, 10 Apr 2026 19:04:04 +0100
|
||||
Subject: [PATCH] udev/scsi-id: check for invalid chars in various fields
|
||||
received from the kernel
|
||||
|
||||
Follow-up for 16325b35fa6ecb25f66534a562583ce3b96d52f3
|
||||
|
||||
(cherry picked from commit 5f700d148c44063c0f0dbb9fc136866339cd3fa7)
|
||||
|
||||
Related: RHEL-163876
|
||||
---
|
||||
src/udev/scsi_id/scsi_id.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
|
||||
index 71c5534851..2f2a07891f 100644
|
||||
--- a/src/udev/scsi_id/scsi_id.c
|
||||
+++ b/src/udev/scsi_id/scsi_id.c
|
||||
@@ -389,6 +389,10 @@ static int set_inq_values(struct scsi_id_device *dev_scsi, const char *path) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static bool scsi_string_is_valid(const char *s) {
|
||||
+ return !isempty(s) && utf8_is_valid(s) && !string_has_cc(s, /* ok= */ NULL);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* scsi_id: try to get an id, if one is found, printf it to stdout.
|
||||
* returns a value passed to exit() - 0 if printed an id, else 1.
|
||||
@@ -432,17 +436,17 @@ static int scsi_id(char *maj_min_dev) {
|
||||
udev_replace_chars(serial_str, NULL);
|
||||
printf("ID_SERIAL_SHORT=%s\n", serial_str);
|
||||
}
|
||||
- if (dev_scsi.wwn[0] != '\0') {
|
||||
+ if (scsi_string_is_valid(dev_scsi.wwn)) {
|
||||
printf("ID_WWN=0x%s\n", dev_scsi.wwn);
|
||||
- if (dev_scsi.wwn_vendor_extension[0] != '\0') {
|
||||
+ if (scsi_string_is_valid(dev_scsi.wwn_vendor_extension)) {
|
||||
printf("ID_WWN_VENDOR_EXTENSION=0x%s\n", dev_scsi.wwn_vendor_extension);
|
||||
printf("ID_WWN_WITH_EXTENSION=0x%s%s\n", dev_scsi.wwn, dev_scsi.wwn_vendor_extension);
|
||||
} else
|
||||
printf("ID_WWN_WITH_EXTENSION=0x%s\n", dev_scsi.wwn);
|
||||
}
|
||||
- if (dev_scsi.tgpt_group[0] != '\0')
|
||||
+ if (scsi_string_is_valid(dev_scsi.tgpt_group))
|
||||
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
|
||||
- if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
|
||||
+ if (scsi_string_is_valid(dev_scsi.unit_serial_number))
|
||||
printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
|
||||
goto out;
|
||||
}
|
||||
@ -0,0 +1,322 @@
|
||||
From e9dcdc8a757636eb96e7ae99b3b4f55dab289261 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Tue, 7 Apr 2026 11:16:42 +0200
|
||||
Subject: [PATCH] fstab-generator: support swap on network block devices
|
||||
|
||||
Teach swap units to support the _netdev option as well, which should
|
||||
make swaps on iSCSI possible. This mirrors the logic we already have for
|
||||
regular mounts in both the fstab-generator and the core
|
||||
(mount.c/swap.c).
|
||||
|
||||
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
|
||||
(cherry picked from commit 3d5bd67a2259e7a4edc27476d4cae049653c4414)
|
||||
|
||||
Resolves: RHEL-166186
|
||||
---
|
||||
man/systemd.swap.xml | 28 +++++++++--
|
||||
src/core/swap.c | 46 ++++++++++++++++---
|
||||
src/fstab-generator/fstab-generator.c | 16 +++++--
|
||||
src/shared/generator.c | 2 +-
|
||||
.../systemd-remount-fs.service | 0
|
||||
.../sysroot.mount | 0
|
||||
.../50-netdev-dependencies.conf | 5 ++
|
||||
.../dev-sdx1.swap | 10 ++++
|
||||
.../systemd-remount-fs.service | 0
|
||||
.../remote-fs.target.requires/dev-sdx1.swap | 1 +
|
||||
.../50-netdev-dependencies.conf | 5 ++
|
||||
.../dev-sdx1.swap | 10 ++++
|
||||
.../sysroot.mount | 0
|
||||
.../remote-fs.target.requires/dev-sdx1.swap | 1 +
|
||||
.../test-21-swap-netdev.fstab.input | 1 +
|
||||
15 files changed, 111 insertions(+), 14 deletions(-)
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service
|
||||
create mode 120000 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount
|
||||
create mode 120000 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
|
||||
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.input
|
||||
|
||||
diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml
|
||||
index 8287382eb6..6af8a31021 100644
|
||||
--- a/man/systemd.swap.xml
|
||||
+++ b/man/systemd.swap.xml
|
||||
@@ -90,9 +90,15 @@
|
||||
<para>The following dependencies are added unless <varname>DefaultDependencies=no</varname> is set:</para>
|
||||
|
||||
<itemizedlist>
|
||||
- <listitem><para>Swap units automatically acquire a <varname>Conflicts=</varname> and a
|
||||
+ <listitem><para>Local swap units automatically acquire a <varname>Conflicts=</varname> and a
|
||||
<varname>Before=</varname> dependency on <filename>umount.target</filename> so that they are deactivated at
|
||||
shutdown as well as a <varname>Before=swap.target</varname> dependency.</para></listitem>
|
||||
+
|
||||
+ <listitem><para>Network swap units (those with <option>_netdev</option> in their options) automatically acquire
|
||||
+ <varname>After=</varname> dependencies on <filename>remote-fs-pre.target</filename> and
|
||||
+ <filename>network.target</filename>, plus <varname>After=</varname> and <varname>Wants=</varname> dependencies
|
||||
+ on <filename>network-online.target</filename>, and a <varname>Before=</varname> dependency on
|
||||
+ <filename>remote-fs.target</filename> instead of <filename>swap.target</filename>.</para></listitem>
|
||||
</itemizedlist>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
@@ -124,7 +130,8 @@
|
||||
|
||||
<listitem><para>With <option>noauto</option>, the swap unit
|
||||
will not be added as a dependency for
|
||||
- <filename>swap.target</filename>. This means that it will not
|
||||
+ <filename>swap.target</filename> (or <filename>remote-fs.target</filename> for network swap devices,
|
||||
+ see <option>_netdev</option> below). This means that it will not
|
||||
be activated automatically during boot, unless it is pulled in
|
||||
by some other unit. The <option>auto</option> option has the
|
||||
opposite meaning and is the default.</para>
|
||||
@@ -136,8 +143,8 @@
|
||||
|
||||
<listitem><para>With <option>nofail</option>, the swap unit
|
||||
will be only wanted, not required by
|
||||
- <filename>swap.target</filename>. This means that the boot
|
||||
- will continue even if this swap device is not activated
|
||||
+ <filename>swap.target</filename> (or <filename>remote-fs.target</filename> for network swap
|
||||
+ devices). This means that the boot will continue even if this swap device is not activated
|
||||
successfully.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -161,6 +168,19 @@
|
||||
in <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term><option>_netdev</option></term>
|
||||
+
|
||||
+ <listitem><para>Marks this swap device as requiring network access. This is useful for swap on
|
||||
+ network block devices (e.g. iSCSI).</para>
|
||||
+
|
||||
+ <para>Network swap units are ordered between <filename>remote-fs-pre.target</filename> and
|
||||
+ <filename>remote-fs.target</filename>, instead of being ordered before
|
||||
+ <filename>swap.target</filename>. They also pull in <filename>network-online.target</filename> and
|
||||
+ are ordered after it and <filename>network.target</filename>.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
diff --git a/src/core/swap.c b/src/core/swap.c
|
||||
index 5c83c4780f..10743d4b9d 100644
|
||||
--- a/src/core/swap.c
|
||||
+++ b/src/core/swap.c
|
||||
@@ -253,6 +253,7 @@ static int swap_add_device_dependencies(Swap *s) {
|
||||
}
|
||||
|
||||
static int swap_add_default_dependencies(Swap *s) {
|
||||
+ SwapParameters *p;
|
||||
int r;
|
||||
|
||||
assert(s);
|
||||
@@ -266,13 +267,46 @@ static int swap_add_default_dependencies(Swap *s) {
|
||||
if (detect_container() > 0)
|
||||
return 0;
|
||||
|
||||
- /* swap units generated for the swap dev links are missing the
|
||||
- * ordering dep against the swap target. */
|
||||
- r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SWAP_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
+ p = swap_get_parameters(s);
|
||||
+
|
||||
+ if (p && fstab_test_option(p->options, "_netdev\0")) {
|
||||
+ /* Network swap devices (those with _netdev in options) are routed through
|
||||
+ * remote-fs.target instead of swap.target, mirroring how network mounts use
|
||||
+ * remote-fs.target instead of local-fs.target. This avoids an ordering cycle:
|
||||
+ * swap.target is pulled in at sysinit.target time, but network-online.target
|
||||
+ * only comes after basic.target which is after sysinit.target. */
|
||||
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_REMOTE_FS_PRE_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_REMOTE_FS_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ /* Pull in and order after network-online.target, analogous to
|
||||
+ * mount_add_default_network_dependencies() for network mounts. */
|
||||
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_NETWORK_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, SPECIAL_NETWORK_ONLINE_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ } else {
|
||||
+ /* swap units generated for the swap dev links are missing the
|
||||
+ * ordering dep against the swap target. */
|
||||
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SWAP_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ }
|
||||
|
||||
- return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
|
||||
+ return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET,
|
||||
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
|
||||
}
|
||||
|
||||
static int swap_verify(Swap *s) {
|
||||
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
|
||||
index 28677a2f39..7b417dd2d1 100644
|
||||
--- a/src/fstab-generator/fstab-generator.c
|
||||
+++ b/src/fstab-generator/fstab-generator.c
|
||||
@@ -208,6 +208,7 @@ static int add_swap(
|
||||
|
||||
_cleanup_free_ char *name = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
+ bool is_network;
|
||||
int r;
|
||||
|
||||
assert(what);
|
||||
@@ -227,10 +228,12 @@ static int add_swap(
|
||||
return true;
|
||||
}
|
||||
|
||||
- log_debug("Found swap entry what=%s makefs=%s growfs=%s pcrfs=%s noauto=%s nofail=%s",
|
||||
+ is_network = fstab_test_option(options, "_netdev\0");
|
||||
+
|
||||
+ log_debug("Found swap entry what=%s makefs=%s growfs=%s pcrfs=%s noauto=%s nofail=%s netdev=%s",
|
||||
what,
|
||||
yes_no(flags & MOUNT_MAKEFS), yes_no(flags & MOUNT_GROWFS), yes_no(flags & MOUNT_PCRFS),
|
||||
- yes_no(flags & MOUNT_NOAUTO), yes_no(flags & MOUNT_NOFAIL));
|
||||
+ yes_no(flags & MOUNT_NOAUTO), yes_no(flags & MOUNT_NOFAIL), yes_no(is_network));
|
||||
|
||||
r = unit_name_from_path(what, ".swap", &name);
|
||||
if (r < 0)
|
||||
@@ -271,6 +274,12 @@ static int add_swap(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+ if (is_network) {
|
||||
+ r = generator_write_device_deps(arg_dest, what, /* where= */ NULL, options);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ }
|
||||
+
|
||||
if (flags & MOUNT_MAKEFS) {
|
||||
r = generator_hook_up_mkswap(arg_dest, what);
|
||||
if (r < 0)
|
||||
@@ -284,7 +293,8 @@ static int add_swap(
|
||||
log_warning("%s: measuring swap devices is currently unsupported.", what);
|
||||
|
||||
if (!(flags & MOUNT_NOAUTO)) {
|
||||
- r = generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET,
|
||||
+ const char *target = is_network ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_SWAP_TARGET;
|
||||
+ r = generator_add_symlink(arg_dest, target,
|
||||
(flags & MOUNT_NOFAIL) ? "wants" : "requires", name);
|
||||
if (r < 0)
|
||||
return r;
|
||||
diff --git a/src/shared/generator.c b/src/shared/generator.c
|
||||
index a688ba446c..5dc103400b 100644
|
||||
--- a/src/shared/generator.c
|
||||
+++ b/src/shared/generator.c
|
||||
@@ -428,7 +428,7 @@ int generator_write_device_deps(
|
||||
_cleanup_free_ char *node = NULL, *unit = NULL;
|
||||
int r;
|
||||
|
||||
- if (fstab_is_extrinsic(where, opts))
|
||||
+ if (where && fstab_is_extrinsic(where, opts))
|
||||
return 0;
|
||||
|
||||
if (!fstab_test_option(opts, "_netdev\0"))
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service
|
||||
new file mode 100644
|
||||
index 0000000000..e69de29bb2
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount
|
||||
new file mode 100644
|
||||
index 0000000000..e69de29bb2
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
new file mode 100644
|
||||
index 0000000000..33d814c275
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
@@ -0,0 +1,5 @@
|
||||
+# Automatically generated by systemd-fstab-generator
|
||||
+
|
||||
+[Unit]
|
||||
+After=network-online.target network.target
|
||||
+Wants=network-online.target
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
|
||||
new file mode 100644
|
||||
index 0000000000..32f276c9e1
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Automatically generated by systemd-fstab-generator
|
||||
+
|
||||
+[Unit]
|
||||
+Documentation=man:fstab(5) man:systemd-fstab-generator(8)
|
||||
+SourcePath=/etc/fstab
|
||||
+After=blockdev@dev-sdx1.target
|
||||
+
|
||||
+[Swap]
|
||||
+What=/dev/sdx1
|
||||
+Options=_netdev
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service
|
||||
new file mode 100644
|
||||
index 0000000000..e69de29bb2
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
|
||||
new file mode 120000
|
||||
index 0000000000..00f0c5ce66
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
|
||||
@@ -0,0 +1 @@
|
||||
+../dev-sdx1.swap
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
new file mode 100644
|
||||
index 0000000000..33d814c275
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
|
||||
@@ -0,0 +1,5 @@
|
||||
+# Automatically generated by systemd-fstab-generator
|
||||
+
|
||||
+[Unit]
|
||||
+After=network-online.target network.target
|
||||
+Wants=network-online.target
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
|
||||
new file mode 100644
|
||||
index 0000000000..32f276c9e1
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Automatically generated by systemd-fstab-generator
|
||||
+
|
||||
+[Unit]
|
||||
+Documentation=man:fstab(5) man:systemd-fstab-generator(8)
|
||||
+SourcePath=/etc/fstab
|
||||
+After=blockdev@dev-sdx1.target
|
||||
+
|
||||
+[Swap]
|
||||
+What=/dev/sdx1
|
||||
+Options=_netdev
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount
|
||||
new file mode 100644
|
||||
index 0000000000..e69de29bb2
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
|
||||
new file mode 120000
|
||||
index 0000000000..00f0c5ce66
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
|
||||
@@ -0,0 +1 @@
|
||||
+../dev-sdx1.swap
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.input b/test/test-fstab-generator/test-21-swap-netdev.fstab.input
|
||||
new file mode 100644
|
||||
index 0000000000..5f719a4202
|
||||
--- /dev/null
|
||||
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.input
|
||||
@@ -0,0 +1 @@
|
||||
+/dev/sdx1 none swap _netdev 0 0
|
||||
@ -21,7 +21,7 @@
|
||||
Name: systemd
|
||||
Url: https://systemd.io
|
||||
Version: 252
|
||||
Release: 67%{?dist}.2
|
||||
Release: 67%{?dist}.4
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
@ -1410,6 +1410,12 @@ Patch1324: 1324-man-fully-adopt-.local-state.patch
|
||||
Patch1325: 1325-core-only-activate-transaction-that-contain-useful-j.patch
|
||||
Patch1326: 1326-manager-fix-scope-for-environment-generators.patch
|
||||
Patch1327: 1327-core-validate-input-cgroup-path-more-prudently.patch
|
||||
Patch1328: 1328-nspawn-apply-BindUser-Ephemeral-from-settings-file-o.patch
|
||||
Patch1329: 1329-nspawn-normalize-pivot_root-paths.patch
|
||||
Patch1330: 1330-udev-check-for-invalid-chars-in-various-fields-recei.patch
|
||||
Patch1331: 1331-udev-fix-review-mixup.patch
|
||||
Patch1332: 1332-udev-scsi-id-check-for-invalid-chars-in-various-fiel.patch
|
||||
Patch1333: 1333-fstab-generator-support-swap-on-network-block-device.patch
|
||||
|
||||
# Downstream-only patches (9000–9999)
|
||||
|
||||
@ -2287,6 +2293,16 @@ systemd-hwdb update &>/dev/null || :
|
||||
%{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*
|
||||
|
||||
%changelog
|
||||
* Tue May 12 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.4
|
||||
- fstab-generator: support swap on network block devices (RHEL-166186)
|
||||
|
||||
* Thu Apr 16 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.3
|
||||
- nspawn: apply BindUser/Ephemeral from settings file only if trusted (RHEL-163870)
|
||||
- nspawn: normalize pivot_root paths (RHEL-163870)
|
||||
- udev: check for invalid chars in various fields received from the kernel (RHEL-163876)
|
||||
- udev: fix review mixup (RHEL-163876)
|
||||
- udev/scsi-id: check for invalid chars in various fields received from the kernel (RHEL-163876)
|
||||
|
||||
* Thu Apr 02 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.2
|
||||
- core: validate input cgroup path more prudently (RHEL-152082)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user