import UBI systemd-252-67.el9_8.4

This commit is contained in:
AlmaLinux RelEng Bot 2026-06-24 19:10:33 -04:00
parent d406a554c3
commit f4e03c9036
7 changed files with 620 additions and 1 deletions

View File

@ -0,0 +1,55 @@
From 413d89a2e5896e2fc62de9c73aa62bd2d7da6ea3 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Mar 2026 12:15:26 +0000
Subject: [PATCH] nspawn: apply BindUser/Ephemeral from settings file only if
trusted
Originally reported on yeswehack.com as:
YWH-PGM9780-116
Follow-up for 2f8930449079403b26c9164b8eeac78d5af2c8df
Follow-up for a2f577fca0be79b23f61f033229b64884e7d840a
(cherry picked from commit 61bceb1bff4b1f9c126b18dc971ca3e6d8c71c40)
Resolves: RHEL-163870
---
src/nspawn/nspawn.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index db45968cd3..39d036ef7e 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4304,8 +4304,13 @@ static int merge_settings(Settings *settings, const char *path) {
}
if ((arg_settings_mask & SETTING_EPHEMERAL) == 0 &&
- settings->ephemeral >= 0)
- arg_ephemeral = settings->ephemeral;
+ settings->ephemeral >= 0) {
+
+ if (!arg_settings_trusted)
+ log_warning("Ignoring ephemeral setting, file %s is not trusted.", path);
+ else
+ arg_ephemeral = settings->ephemeral;
+ }
if ((arg_settings_mask & SETTING_DIRECTORY) == 0 &&
settings->root) {
@@ -4473,8 +4478,13 @@ static int merge_settings(Settings *settings, const char *path) {
}
if ((arg_settings_mask & SETTING_BIND_USER) == 0 &&
- !strv_isempty(settings->bind_user))
- strv_free_and_replace(arg_bind_user, settings->bind_user);
+ !strv_isempty(settings->bind_user)) {
+
+ if (!arg_settings_trusted)
+ log_warning("Ignoring bind user setting, file %s is not trusted.", path);
+ else
+ strv_free_and_replace(arg_bind_user, settings->bind_user);
+ }
if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0 &&
settings->notify_ready >= 0)

View File

@ -0,0 +1,32 @@
From bd8f4b9ed6ed3ae5f8d4f6f7bce34ea9c2e8e5f4 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 11 Mar 2026 13:27:14 +0000
Subject: [PATCH] nspawn: normalize pivot_root paths
Originally reported on yeswehack.com as:
YWH-PGM9780-116
Follow-up for b53ede699cdc5233041a22591f18863fb3fe2672
(cherry picked from commit 7b85f5498a958e5bb660c703b8f4a71cceed3373)
Resolves: RHEL-163870
---
src/nspawn/nspawn-mount.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index a54f1464ba..af96d2d1d7 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -1244,7 +1244,9 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s
if (!path_is_absolute(root_new))
return -EINVAL;
- if (root_old && !path_is_absolute(root_old))
+ if (!path_is_normalized(root_new))
+ return -EINVAL;
+ if (root_old && (!path_is_absolute(root_old) || !path_is_normalized(root_old)))
return -EINVAL;
free_and_replace(*pivot_root_new, root_new);

View File

@ -0,0 +1,110 @@
From 87663c17b8529c4b4d216ec996c23c022999789e Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 6 Mar 2026 19:32:35 +0000
Subject: [PATCH] udev: check for invalid chars in various fields received from
the kernel
(cherry picked from commit 16325b35fa6ecb25f66534a562583ce3b96d52f3)
Resolves: RHEL-163876
---
src/udev/dmi_memory_id/dmi_memory_id.c | 3 ++-
src/udev/scsi_id/scsi_id.c | 5 +++--
src/udev/udev-builtin-net_id.c | 7 ++++++-
src/udev/v4l_id/v4l_id.c | 5 ++++-
4 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c
index 1345289219..d833a5989d 100644
--- a/src/udev/dmi_memory_id/dmi_memory_id.c
+++ b/src/udev/dmi_memory_id/dmi_memory_id.c
@@ -50,6 +50,7 @@
#include "string-util.h"
#include "udev-util.h"
#include "unaligned.h"
+#include "utf8.h"
#include "version.h"
#define SUPPORTED_SMBIOS_VER 0x030300
@@ -185,7 +186,7 @@ static void dmi_memory_device_string(
str = strdupa_safe(dmi_string(h, s));
str = strstrip(str);
- if (!isempty(str))
+ if (!isempty(str) && utf8_is_valid(str) && !string_has_cc(str, /* ok= */ NULL))
printf("MEMORY_DEVICE_%u_%s=%s\n", slot_num, attr_suffix, str);
}
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
index 364d567705..2a489f4e38 100644
--- a/src/udev/scsi_id/scsi_id.c
+++ b/src/udev/scsi_id/scsi_id.c
@@ -26,6 +26,7 @@
#include "strv.h"
#include "strxcpyx.h"
#include "udev-util.h"
+#include "utf8.h"
#include "version.h"
static const struct option options[] = {
@@ -441,8 +442,8 @@ static int scsi_id(char *maj_min_dev) {
}
if (dev_scsi.tgpt_group[0] != '\0')
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
- if (dev_scsi.unit_serial_number[0] != '\0')
- printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
+ if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
+ printf("ID_SCSI_SERIAL=%s\n", serial_str);
goto out;
}
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index e1895a38c0..6bb6465832 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -39,6 +39,7 @@
#include "strv.h"
#include "strxcpyx.h"
#include "udev-builtin.h"
+#include "utf8.h"
#define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1)
#define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1)
@@ -1188,9 +1189,13 @@ static int get_link_info(sd_device *dev, LinkInfo *info) {
return r;
r = device_get_sysattr_value_filtered(dev, "phys_port_name", &info->phys_port_name);
- if (r >= 0)
+ if (r >= 0) {
+ if (!utf8_is_valid(info->phys_port_name) || string_has_cc(info->phys_port_name, /* ok= */ NULL))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Invalid phys_port_name");
+
/* Check if phys_port_name indicates virtual device representor */
(void) sscanf(info->phys_port_name, "pf%*uvf%d", &info->vf_representor_id);
+ }
r = device_get_sysattr_value_filtered(dev, "address", &s);
if (r < 0 && r != -ENOENT)
diff --git a/src/udev/v4l_id/v4l_id.c b/src/udev/v4l_id/v4l_id.c
index c2312c7909..ae8459c456 100644
--- a/src/udev/v4l_id/v4l_id.c
+++ b/src/udev/v4l_id/v4l_id.c
@@ -27,6 +27,8 @@
#include <linux/videodev2.h>
#include "fd-util.h"
+#include "string-util.h"
+#include "utf8.h"
#include "util.h"
int main(int argc, char *argv[]) {
@@ -66,7 +68,8 @@ int main(int argc, char *argv[]) {
if (ioctl(fd, VIDIOC_QUERYCAP, &v2cap) == 0) {
int capabilities;
printf("ID_V4L_VERSION=2\n");
- printf("ID_V4L_PRODUCT=%s\n", v2cap.card);
+ if (utf8_is_valid((char *)v2cap.card) && !string_has_cc((char *)v2cap.card, /* ok= */ NULL))
+ printf("ID_V4L_PRODUCT=%s\n", v2cap.card);
printf("ID_V4L_CAPABILITIES=:");
if (v2cap.capabilities & V4L2_CAP_DEVICE_CAPS)
capabilities = v2cap.device_caps;

View File

@ -0,0 +1,32 @@
From 62af15ed46544eec6453ad2bac8926e292e5d189 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 13 Mar 2026 11:10:47 +0000
Subject: [PATCH] udev: fix review mixup
The previous version in the PR changed variable and sanitized it
in place. The second version switched to skip if CCs are in the
string instead, but didn't move back to the original variable.
Because it's an existing variable, no CI caught it.
Follow-up for 16325b35fa6ecb25f66534a562583ce3b96d52f3
(cherry picked from commit 54f880b02ecf7362e630ffc885d1466df6ee6820)
Resolves: RHEL-163876
---
src/udev/scsi_id/scsi_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
index 2a489f4e38..71c5534851 100644
--- a/src/udev/scsi_id/scsi_id.c
+++ b/src/udev/scsi_id/scsi_id.c
@@ -443,7 +443,7 @@ static int scsi_id(char *maj_min_dev) {
if (dev_scsi.tgpt_group[0] != '\0')
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
- printf("ID_SCSI_SERIAL=%s\n", serial_str);
+ printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
goto out;
}

View File

@ -0,0 +1,52 @@
From 023f021259fb5fff8b8f40ea53694a36479d26e3 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 10 Apr 2026 19:04:04 +0100
Subject: [PATCH] udev/scsi-id: check for invalid chars in various fields
received from the kernel
Follow-up for 16325b35fa6ecb25f66534a562583ce3b96d52f3
(cherry picked from commit 5f700d148c44063c0f0dbb9fc136866339cd3fa7)
Related: RHEL-163876
---
src/udev/scsi_id/scsi_id.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c
index 71c5534851..2f2a07891f 100644
--- a/src/udev/scsi_id/scsi_id.c
+++ b/src/udev/scsi_id/scsi_id.c
@@ -389,6 +389,10 @@ static int set_inq_values(struct scsi_id_device *dev_scsi, const char *path) {
return 0;
}
+static bool scsi_string_is_valid(const char *s) {
+ return !isempty(s) && utf8_is_valid(s) && !string_has_cc(s, /* ok= */ NULL);
+}
+
/*
* scsi_id: try to get an id, if one is found, printf it to stdout.
* returns a value passed to exit() - 0 if printed an id, else 1.
@@ -432,17 +436,17 @@ static int scsi_id(char *maj_min_dev) {
udev_replace_chars(serial_str, NULL);
printf("ID_SERIAL_SHORT=%s\n", serial_str);
}
- if (dev_scsi.wwn[0] != '\0') {
+ if (scsi_string_is_valid(dev_scsi.wwn)) {
printf("ID_WWN=0x%s\n", dev_scsi.wwn);
- if (dev_scsi.wwn_vendor_extension[0] != '\0') {
+ if (scsi_string_is_valid(dev_scsi.wwn_vendor_extension)) {
printf("ID_WWN_VENDOR_EXTENSION=0x%s\n", dev_scsi.wwn_vendor_extension);
printf("ID_WWN_WITH_EXTENSION=0x%s%s\n", dev_scsi.wwn, dev_scsi.wwn_vendor_extension);
} else
printf("ID_WWN_WITH_EXTENSION=0x%s\n", dev_scsi.wwn);
}
- if (dev_scsi.tgpt_group[0] != '\0')
+ if (scsi_string_is_valid(dev_scsi.tgpt_group))
printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group);
- if (dev_scsi.unit_serial_number[0] != '\0' && utf8_is_valid(dev_scsi.unit_serial_number) && !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL))
+ if (scsi_string_is_valid(dev_scsi.unit_serial_number))
printf("ID_SCSI_SERIAL=%s\n", dev_scsi.unit_serial_number);
goto out;
}

View File

@ -0,0 +1,322 @@
From e9dcdc8a757636eb96e7ae99b3b4f55dab289261 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 7 Apr 2026 11:16:42 +0200
Subject: [PATCH] fstab-generator: support swap on network block devices
Teach swap units to support the _netdev option as well, which should
make swaps on iSCSI possible. This mirrors the logic we already have for
regular mounts in both the fstab-generator and the core
(mount.c/swap.c).
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
(cherry picked from commit 3d5bd67a2259e7a4edc27476d4cae049653c4414)
Resolves: RHEL-166186
---
man/systemd.swap.xml | 28 +++++++++--
src/core/swap.c | 46 ++++++++++++++++---
src/fstab-generator/fstab-generator.c | 16 +++++--
src/shared/generator.c | 2 +-
.../systemd-remount-fs.service | 0
.../sysroot.mount | 0
.../50-netdev-dependencies.conf | 5 ++
.../dev-sdx1.swap | 10 ++++
.../systemd-remount-fs.service | 0
.../remote-fs.target.requires/dev-sdx1.swap | 1 +
.../50-netdev-dependencies.conf | 5 ++
.../dev-sdx1.swap | 10 ++++
.../sysroot.mount | 0
.../remote-fs.target.requires/dev-sdx1.swap | 1 +
.../test-21-swap-netdev.fstab.input | 1 +
15 files changed, 111 insertions(+), 14 deletions(-)
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service
create mode 120000 test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount
create mode 120000 test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
create mode 100644 test/test-fstab-generator/test-21-swap-netdev.fstab.input
diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml
index 8287382eb6..6af8a31021 100644
--- a/man/systemd.swap.xml
+++ b/man/systemd.swap.xml
@@ -90,9 +90,15 @@
<para>The following dependencies are added unless <varname>DefaultDependencies=no</varname> is set:</para>
<itemizedlist>
- <listitem><para>Swap units automatically acquire a <varname>Conflicts=</varname> and a
+ <listitem><para>Local swap units automatically acquire a <varname>Conflicts=</varname> and a
<varname>Before=</varname> dependency on <filename>umount.target</filename> so that they are deactivated at
shutdown as well as a <varname>Before=swap.target</varname> dependency.</para></listitem>
+
+ <listitem><para>Network swap units (those with <option>_netdev</option> in their options) automatically acquire
+ <varname>After=</varname> dependencies on <filename>remote-fs-pre.target</filename> and
+ <filename>network.target</filename>, plus <varname>After=</varname> and <varname>Wants=</varname> dependencies
+ on <filename>network-online.target</filename>, and a <varname>Before=</varname> dependency on
+ <filename>remote-fs.target</filename> instead of <filename>swap.target</filename>.</para></listitem>
</itemizedlist>
</refsect2>
</refsect1>
@@ -124,7 +130,8 @@
<listitem><para>With <option>noauto</option>, the swap unit
will not be added as a dependency for
- <filename>swap.target</filename>. This means that it will not
+ <filename>swap.target</filename> (or <filename>remote-fs.target</filename> for network swap devices,
+ see <option>_netdev</option> below). This means that it will not
be activated automatically during boot, unless it is pulled in
by some other unit. The <option>auto</option> option has the
opposite meaning and is the default.</para>
@@ -136,8 +143,8 @@
<listitem><para>With <option>nofail</option>, the swap unit
will be only wanted, not required by
- <filename>swap.target</filename>. This means that the boot
- will continue even if this swap device is not activated
+ <filename>swap.target</filename> (or <filename>remote-fs.target</filename> for network swap
+ devices). This means that the boot will continue even if this swap device is not activated
successfully.</para>
</listitem>
</varlistentry>
@@ -161,6 +168,19 @@
in <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this swap device as requiring network access. This is useful for swap on
+ network block devices (e.g. iSCSI).</para>
+
+ <para>Network swap units are ordered between <filename>remote-fs-pre.target</filename> and
+ <filename>remote-fs.target</filename>, instead of being ordered before
+ <filename>swap.target</filename>. They also pull in <filename>network-online.target</filename> and
+ are ordered after it and <filename>network.target</filename>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/src/core/swap.c b/src/core/swap.c
index 5c83c4780f..10743d4b9d 100644
--- a/src/core/swap.c
+++ b/src/core/swap.c
@@ -253,6 +253,7 @@ static int swap_add_device_dependencies(Swap *s) {
}
static int swap_add_default_dependencies(Swap *s) {
+ SwapParameters *p;
int r;
assert(s);
@@ -266,13 +267,46 @@ static int swap_add_default_dependencies(Swap *s) {
if (detect_container() > 0)
return 0;
- /* swap units generated for the swap dev links are missing the
- * ordering dep against the swap target. */
- r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SWAP_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
- if (r < 0)
- return r;
+ p = swap_get_parameters(s);
+
+ if (p && fstab_test_option(p->options, "_netdev\0")) {
+ /* Network swap devices (those with _netdev in options) are routed through
+ * remote-fs.target instead of swap.target, mirroring how network mounts use
+ * remote-fs.target instead of local-fs.target. This avoids an ordering cycle:
+ * swap.target is pulled in at sysinit.target time, but network-online.target
+ * only comes after basic.target which is after sysinit.target. */
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_REMOTE_FS_PRE_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_REMOTE_FS_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+
+ /* Pull in and order after network-online.target, analogous to
+ * mount_add_default_network_dependencies() for network mounts. */
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_NETWORK_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+
+ r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, SPECIAL_NETWORK_ONLINE_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+ } else {
+ /* swap units generated for the swap dev links are missing the
+ * ordering dep against the swap target. */
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SWAP_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+ }
- return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
+ return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET,
+ /* add_reference= */ true, UNIT_DEPENDENCY_DEFAULT);
}
static int swap_verify(Swap *s) {
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 28677a2f39..7b417dd2d1 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -208,6 +208,7 @@ static int add_swap(
_cleanup_free_ char *name = NULL;
_cleanup_fclose_ FILE *f = NULL;
+ bool is_network;
int r;
assert(what);
@@ -227,10 +228,12 @@ static int add_swap(
return true;
}
- log_debug("Found swap entry what=%s makefs=%s growfs=%s pcrfs=%s noauto=%s nofail=%s",
+ is_network = fstab_test_option(options, "_netdev\0");
+
+ log_debug("Found swap entry what=%s makefs=%s growfs=%s pcrfs=%s noauto=%s nofail=%s netdev=%s",
what,
yes_no(flags & MOUNT_MAKEFS), yes_no(flags & MOUNT_GROWFS), yes_no(flags & MOUNT_PCRFS),
- yes_no(flags & MOUNT_NOAUTO), yes_no(flags & MOUNT_NOFAIL));
+ yes_no(flags & MOUNT_NOAUTO), yes_no(flags & MOUNT_NOFAIL), yes_no(is_network));
r = unit_name_from_path(what, ".swap", &name);
if (r < 0)
@@ -271,6 +274,12 @@ static int add_swap(
if (r < 0)
return r;
+ if (is_network) {
+ r = generator_write_device_deps(arg_dest, what, /* where= */ NULL, options);
+ if (r < 0)
+ return r;
+ }
+
if (flags & MOUNT_MAKEFS) {
r = generator_hook_up_mkswap(arg_dest, what);
if (r < 0)
@@ -284,7 +293,8 @@ static int add_swap(
log_warning("%s: measuring swap devices is currently unsupported.", what);
if (!(flags & MOUNT_NOAUTO)) {
- r = generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET,
+ const char *target = is_network ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_SWAP_TARGET;
+ r = generator_add_symlink(arg_dest, target,
(flags & MOUNT_NOFAIL) ? "wants" : "requires", name);
if (r < 0)
return r;
diff --git a/src/shared/generator.c b/src/shared/generator.c
index a688ba446c..5dc103400b 100644
--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@@ -428,7 +428,7 @@ int generator_write_device_deps(
_cleanup_free_ char *node = NULL, *unit = NULL;
int r;
- if (fstab_is_extrinsic(where, opts))
+ if (where && fstab_is_extrinsic(where, opts))
return 0;
if (!fstab_test_option(opts, "_netdev\0"))
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container.sysroot/local-fs.target.wants/systemd-remount-fs.service
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.container/initrd-usr-fs.target.requires/sysroot.mount
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
new file mode 100644
index 0000000000..33d814c275
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.device.d/50-netdev-dependencies.conf
@@ -0,0 +1,5 @@
+# Automatically generated by systemd-fstab-generator
+
+[Unit]
+After=network-online.target network.target
+Wants=network-online.target
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
new file mode 100644
index 0000000000..32f276c9e1
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/dev-sdx1.swap
@@ -0,0 +1,10 @@
+# Automatically generated by systemd-fstab-generator
+
+[Unit]
+Documentation=man:fstab(5) man:systemd-fstab-generator(8)
+SourcePath=/etc/fstab
+After=blockdev@dev-sdx1.target
+
+[Swap]
+What=/dev/sdx1
+Options=_netdev
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/local-fs.target.wants/systemd-remount-fs.service
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
new file mode 120000
index 0000000000..00f0c5ce66
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected.sysroot/remote-fs.target.requires/dev-sdx1.swap
@@ -0,0 +1 @@
+../dev-sdx1.swap
\ No newline at end of file
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
new file mode 100644
index 0000000000..33d814c275
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.device.d/50-netdev-dependencies.conf
@@ -0,0 +1,5 @@
+# Automatically generated by systemd-fstab-generator
+
+[Unit]
+After=network-online.target network.target
+Wants=network-online.target
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
new file mode 100644
index 0000000000..32f276c9e1
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/dev-sdx1.swap
@@ -0,0 +1,10 @@
+# Automatically generated by systemd-fstab-generator
+
+[Unit]
+Documentation=man:fstab(5) man:systemd-fstab-generator(8)
+SourcePath=/etc/fstab
+After=blockdev@dev-sdx1.target
+
+[Swap]
+What=/dev/sdx1
+Options=_netdev
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/initrd-usr-fs.target.requires/sysroot.mount
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
new file mode 120000
index 0000000000..00f0c5ce66
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.expected/remote-fs.target.requires/dev-sdx1.swap
@@ -0,0 +1 @@
+../dev-sdx1.swap
\ No newline at end of file
diff --git a/test/test-fstab-generator/test-21-swap-netdev.fstab.input b/test/test-fstab-generator/test-21-swap-netdev.fstab.input
new file mode 100644
index 0000000000..5f719a4202
--- /dev/null
+++ b/test/test-fstab-generator/test-21-swap-netdev.fstab.input
@@ -0,0 +1 @@
+/dev/sdx1 none swap _netdev 0 0

View File

@ -21,7 +21,7 @@
Name: systemd
Url: https://systemd.io
Version: 252
Release: 67%{?dist}.2
Release: 67%{?dist}.4
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -1410,6 +1410,12 @@ Patch1324: 1324-man-fully-adopt-.local-state.patch
Patch1325: 1325-core-only-activate-transaction-that-contain-useful-j.patch
Patch1326: 1326-manager-fix-scope-for-environment-generators.patch
Patch1327: 1327-core-validate-input-cgroup-path-more-prudently.patch
Patch1328: 1328-nspawn-apply-BindUser-Ephemeral-from-settings-file-o.patch
Patch1329: 1329-nspawn-normalize-pivot_root-paths.patch
Patch1330: 1330-udev-check-for-invalid-chars-in-various-fields-recei.patch
Patch1331: 1331-udev-fix-review-mixup.patch
Patch1332: 1332-udev-scsi-id-check-for-invalid-chars-in-various-fiel.patch
Patch1333: 1333-fstab-generator-support-swap-on-network-block-device.patch
# Downstream-only patches (90009999)
@ -2287,6 +2293,16 @@ systemd-hwdb update &>/dev/null || :
%{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*
%changelog
* Tue May 12 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.4
- fstab-generator: support swap on network block devices (RHEL-166186)
* Thu Apr 16 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.3
- nspawn: apply BindUser/Ephemeral from settings file only if trusted (RHEL-163870)
- nspawn: normalize pivot_root paths (RHEL-163870)
- udev: check for invalid chars in various fields received from the kernel (RHEL-163876)
- udev: fix review mixup (RHEL-163876)
- udev/scsi-id: check for invalid chars in various fields received from the kernel (RHEL-163876)
* Thu Apr 02 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-67.2
- core: validate input cgroup path more prudently (RHEL-152082)