Compare commits
No commits in common. "imports/c9-beta/systemd-250-3.el9" and "c8" have entirely different histories.
imports/c9
...
c8
|
@ -1 +1 @@
|
|||
SOURCES/systemd-250.tar.gz
|
||||
SOURCES/systemd-239.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
3b9db821b29a577d004c8823f4ff7a054c81a39c SOURCES/systemd-250.tar.gz
|
||||
8803baa484cbe36680463c8c5e6febeff074b8e7 SOURCES/systemd-239.tar.gz
|
||||
|
|
|
@ -0,0 +1,105 @@
|
|||
From 79df4db3fd122f5040bdf2225c3047375de3b0d2 Mon Sep 17 00:00:00 2001
|
||||
From: Filipe Brandenburger <filbranden@google.com>
|
||||
Date: Sun, 15 Jul 2018 22:43:35 -0700
|
||||
Subject: [PATCH] build-sys: Detect whether struct statx is defined in
|
||||
sys/stat.h
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Starting with glibc 2.27.9000-36.fc29, include file sys/stat.h will have a
|
||||
definition for struct statx, in which case include file linux/stat.h should be
|
||||
avoided, in order to prevent a duplicate definition.
|
||||
|
||||
In file included from ../src/basic/missing.h:18,
|
||||
from ../src/basic/util.h:28,
|
||||
from ../src/basic/hashmap.h:10,
|
||||
from ../src/shared/bus-util.h:12,
|
||||
from ../src/libsystemd/sd-bus/bus-creds.c:11:
|
||||
/usr/include/linux/stat.h:99:8: error: redefinition of ‘struct statx’
|
||||
struct statx {
|
||||
^~~~~
|
||||
In file included from /usr/include/sys/stat.h:446,
|
||||
from ../src/basic/util.h:19,
|
||||
from ../src/basic/hashmap.h:10,
|
||||
from ../src/shared/bus-util.h:12,
|
||||
from ../src/libsystemd/sd-bus/bus-creds.c:11:
|
||||
/usr/include/bits/statx.h:36:8: note: originally defined here
|
||||
struct statx
|
||||
^~~~~
|
||||
|
||||
Extend our meson.build to look for struct statx when only sys/stat.h is
|
||||
included and, in that case, do not include linux/stat.h anymore.
|
||||
|
||||
Tested that systemd builds correctly when using a glibc version that includes a
|
||||
definition for struct statx.
|
||||
|
||||
glibc Fedora RPM update:
|
||||
https://src.fedoraproject.org/rpms/glibc/c/28cb5d31fc1e5887912283c889689c47076278ae
|
||||
|
||||
glibc upstream commit:
|
||||
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fd70af45528d59a00eb3190ef6706cb299488fcd
|
||||
---
|
||||
meson.build | 5 +++++
|
||||
src/basic/missing.h | 5 ++++-
|
||||
src/basic/xattr-util.c | 1 -
|
||||
3 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 04331dd41a..a0e7240708 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -425,6 +425,7 @@ decl_headers = '''
|
||||
#include <sys/stat.h>
|
||||
'''
|
||||
# FIXME: key_serial_t is only defined in keyutils.h, this is bound to fail
|
||||
+# FIXME: these should use -D_GNU_SOURCE, since that is defined at build time
|
||||
|
||||
foreach decl : ['char16_t',
|
||||
'char32_t',
|
||||
@@ -439,6 +440,10 @@ foreach decl : ['char16_t',
|
||||
conf.set10('HAVE_' + decl.underscorify().to_upper(), have)
|
||||
endforeach
|
||||
|
||||
+conf.set10('HAVE_STRUCT_STATX_IN_SYS_STAT_H', cc.sizeof('struct statx', prefix : '''
|
||||
+#include <sys/stat.h>
|
||||
+''', args : '-D_GNU_SOURCE') > 0)
|
||||
+
|
||||
foreach decl : [['IFLA_INET6_ADDR_GEN_MODE', 'linux/if_link.h'],
|
||||
['IN6_ADDR_GEN_MODE_STABLE_PRIVACY', 'linux/if_link.h'],
|
||||
['IFLA_VRF_TABLE', 'linux/if_link.h'],
|
||||
diff --git a/src/basic/missing.h b/src/basic/missing.h
|
||||
index 71a07d0574..14ad3d4914 100644
|
||||
--- a/src/basic/missing.h
|
||||
+++ b/src/basic/missing.h
|
||||
@@ -15,7 +15,6 @@
|
||||
#include <linux/neighbour.h>
|
||||
#include <linux/oom.h>
|
||||
#include <linux/rtnetlink.h>
|
||||
-#include <linux/stat.h>
|
||||
#include <net/ethernet.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/resource.h>
|
||||
@@ -25,6 +24,10 @@
|
||||
#include <uchar.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#if !HAVE_STRUCT_STATX_IN_SYS_STAT_H
|
||||
+#include <linux/stat.h>
|
||||
+#endif
|
||||
+
|
||||
#if HAVE_AUDIT
|
||||
#include <libaudit.h>
|
||||
#endif
|
||||
diff --git a/src/basic/xattr-util.c b/src/basic/xattr-util.c
|
||||
index c5c55ea846..0ee0979837 100644
|
||||
--- a/src/basic/xattr-util.c
|
||||
+++ b/src/basic/xattr-util.c
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
-#include <linux/stat.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
|
@ -1,11 +1,9 @@
|
|||
From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001
|
||||
From 0b3833d6c3b751c6dfb40eeb2ef852984c58f546 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 1 Aug 2018 10:58:28 +0200
|
||||
Subject: [PATCH] logind: set RemoveIPC to false by default
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1959836
|
||||
Resolves: #1523233
|
||||
---
|
||||
man/logind.conf.xml | 2 +-
|
||||
src/login/logind-core.c | 2 +-
|
||||
|
@ -13,10 +11,10 @@ Resolves: #1959836
|
|||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
|
||||
index 3045c1b9ba..96fa076239 100644
|
||||
index 9e88764c6f..7d7e869a26 100644
|
||||
--- a/man/logind.conf.xml
|
||||
+++ b/man/logind.conf.xml
|
||||
@@ -354,7 +354,7 @@
|
||||
@@ -319,7 +319,7 @@
|
||||
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
|
||||
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
|
||||
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
|
||||
|
@ -26,26 +24,26 @@ index 3045c1b9ba..96fa076239 100644
|
|||
|
||||
</variablelist>
|
||||
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
|
||||
index 254a1a69fb..616c08132a 100644
|
||||
index dbae4bf5af..511e3acf8f 100644
|
||||
--- a/src/login/logind-core.c
|
||||
+++ b/src/login/logind-core.c
|
||||
@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
|
||||
@@ -25,7 +25,7 @@ void manager_reset_config(Manager *m) {
|
||||
|
||||
m->n_autovts = 6;
|
||||
m->reserve_vt = 6;
|
||||
- m->remove_ipc = true;
|
||||
+ m->remove_ipc = false;
|
||||
m->inhibit_delay_max = 5 * USEC_PER_SEC;
|
||||
m->user_stop_delay = 10 * USEC_PER_SEC;
|
||||
|
||||
m->handle_power_key = HANDLE_POWEROFF;
|
||||
m->handle_suspend_key = HANDLE_SUSPEND;
|
||||
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
|
||||
index 2d084e134d..79d685b3de 100644
|
||||
index 1029e29bc7..c7346f9819 100644
|
||||
--- a/src/login/logind.conf.in
|
||||
+++ b/src/login/logind.conf.in
|
||||
@@ -40,6 +40,6 @@
|
||||
@@ -32,6 +32,6 @@
|
||||
#IdleAction=ignore
|
||||
#IdleActionSec=30min
|
||||
#RuntimeDirectorySize=10%
|
||||
#RuntimeDirectoryInodes=400k
|
||||
-#RemoveIPC=yes
|
||||
+#RemoveIPC=no
|
||||
#InhibitorsMax=8192
|
|
@ -1,43 +0,0 @@
|
|||
From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 5 Aug 2021 17:11:47 +0200
|
||||
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
|
||||
symlink
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1989472
|
||||
---
|
||||
tmpfiles.d/meson.build | 1 -
|
||||
tmpfiles.d/systemd-resolve.conf | 10 ----------
|
||||
2 files changed, 11 deletions(-)
|
||||
delete mode 100644 tmpfiles.d/systemd-resolve.conf
|
||||
|
||||
diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
|
||||
index b8d3919025..6ae9e3e0b8 100644
|
||||
--- a/tmpfiles.d/meson.build
|
||||
+++ b/tmpfiles.d/meson.build
|
||||
@@ -7,7 +7,6 @@ files = [['README', ''],
|
||||
['journal-nocow.conf', ''],
|
||||
['systemd-nologin.conf', 'HAVE_PAM'],
|
||||
['systemd-nspawn.conf', 'ENABLE_MACHINED'],
|
||||
- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
|
||||
['systemd-tmp.conf', ''],
|
||||
['portables.conf', 'ENABLE_PORTABLED'],
|
||||
['systemd-pstore.conf', 'ENABLE_PSTORE'],
|
||||
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
|
||||
deleted file mode 100644
|
||||
index cb1c56d6a6..0000000000
|
||||
--- a/tmpfiles.d/systemd-resolve.conf
|
||||
+++ /dev/null
|
||||
@@ -1,10 +0,0 @@
|
||||
-# This file is part of systemd.
|
||||
-#
|
||||
-# systemd is free software; you can redistribute it and/or modify it
|
||||
-# under the terms of the GNU Lesser General Public License as published by
|
||||
-# the Free Software Foundation; either version 2.1 of the License, or
|
||||
-# (at your option) any later version.
|
||||
-
|
||||
-# See tmpfiles.d(5) for details
|
||||
-
|
||||
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
|
@ -1,78 +0,0 @@
|
|||
From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Fri, 2 Jul 2021 13:25:51 +0200
|
||||
Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1978639
|
||||
---
|
||||
rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++
|
||||
rules.d/meson.build | 1 +
|
||||
2 files changed, 47 insertions(+)
|
||||
create mode 100644 rules.d/40-redhat.rules
|
||||
|
||||
diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
|
||||
new file mode 100644
|
||||
index 0000000000..3c95cd2df0
|
||||
--- /dev/null
|
||||
+++ b/rules.d/40-redhat.rules
|
||||
@@ -0,0 +1,46 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+# CPU hotadd request
|
||||
+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
+
|
||||
+# Memory hotadd request
|
||||
+SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
|
||||
+ACTION!="add", GOTO="memory_hotplug_end"
|
||||
+CONST{arch}=="s390*", GOTO="memory_hotplug_end"
|
||||
+CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
|
||||
+
|
||||
+ENV{.state}="online"
|
||||
+CONST{virt}=="none", ENV{.state}="online_movable"
|
||||
+ATTR{state}=="offline", ATTR{state}="$env{.state}"
|
||||
+
|
||||
+LABEL="memory_hotplug_end"
|
||||
+
|
||||
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
||||
+
|
||||
+# load SCSI generic (sg) driver
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
+
|
||||
+# Rule for prandom character device node permissions
|
||||
+KERNEL=="prandom", MODE="0644"
|
||||
+
|
||||
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
|
||||
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
|
||||
+#
|
||||
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
|
||||
+
|
||||
+#
|
||||
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
|
||||
+# (both disk and partition) are SCSI devices based on FCP devices
|
||||
+#
|
||||
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
|
||||
+
|
||||
+# For SCSI disks
|
||||
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
|
||||
+
|
||||
+
|
||||
+# For partitions on a SCSI disk
|
||||
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
|
||||
+
|
||||
+LABEL="zfcp_scsi_device_end"
|
||||
diff --git a/rules.d/meson.build b/rules.d/meson.build
|
||||
index 5cecddb34f..c5c3590b29 100644
|
||||
--- a/rules.d/meson.build
|
||||
+++ b/rules.d/meson.build
|
||||
@@ -5,6 +5,7 @@ install_data(
|
||||
install_dir : udevrulesdir)
|
||||
|
||||
rules = files('''
|
||||
+ 40-redhat.rules
|
||||
60-autosuspend.rules
|
||||
60-block.rules
|
||||
60-cdrom_id.rules
|
|
@ -0,0 +1,53 @@
|
|||
From b924c79720cc2bf2edf75fa3ff43bb4954fccf1f Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 1 Aug 2018 13:19:39 +0200
|
||||
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
|
||||
|
||||
This should be hopefully high enough even for the very big deployments.
|
||||
|
||||
Resolves: #1523236
|
||||
---
|
||||
man/systemd-system.conf.xml | 2 +-
|
||||
src/basic/cgroup-util.h | 2 +-
|
||||
src/core/system.conf.in | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
|
||||
index a914ef2523..085086200a 100644
|
||||
--- a/man/systemd-system.conf.xml
|
||||
+++ b/man/systemd-system.conf.xml
|
||||
@@ -339,7 +339,7 @@
|
||||
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. This setting applies to all unit types that support resource control settings, with the exception
|
||||
- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller
|
||||
+ of slice units. Defaults to 80%, which equals 26214 with the kernel's defaults on the host, but might be smaller
|
||||
in OS containers.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
|
||||
index 1a28a8163a..f10c26ad51 100644
|
||||
--- a/src/basic/cgroup-util.h
|
||||
+++ b/src/basic/cgroup-util.h
|
||||
@@ -100,7 +100,7 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) {
|
||||
}
|
||||
|
||||
/* Default resource limits */
|
||||
-#define DEFAULT_TASKS_MAX_PERCENTAGE 15U /* 15% of PIDs, 4915 on default settings */
|
||||
+#define DEFAULT_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 26214 on default settings */
|
||||
#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */
|
||||
|
||||
typedef enum CGroupUnified {
|
||||
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||
index f0a59a79a5..653ec6b8c9 100644
|
||||
--- a/src/core/system.conf.in
|
||||
+++ b/src/core/system.conf.in
|
||||
@@ -45,7 +45,7 @@
|
||||
#DefaultBlockIOAccounting=no
|
||||
#DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@
|
||||
#DefaultTasksAccounting=yes
|
||||
-#DefaultTasksMax=15%
|
||||
+#DefaultTasksMax=80%
|
||||
#DefaultLimitCPU=
|
||||
#DefaultLimitFSIZE=
|
||||
#DefaultLimitDATA=
|
|
@ -1,4 +1,4 @@
|
|||
From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001
|
||||
From f58c5ced373c2532b5cc44ba2e0c3a28b41472f2 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Tue, 15 May 2018 09:24:20 +0200
|
||||
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
|
||||
|
@ -6,34 +6,40 @@ Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
|
|||
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
|
||||
adds an After relationship.
|
||||
|
||||
RHEL-only
|
||||
rhel-only
|
||||
|
||||
Resolves: #1959826
|
||||
Resolves: #1578772
|
||||
---
|
||||
src/core/unit.c | 7 +------
|
||||
units/basic.target | 3 ++-
|
||||
2 files changed, 3 insertions(+), 7 deletions(-)
|
||||
src/core/unit.c | 12 ++++++------
|
||||
units/basic.target | 3 ++-
|
||||
2 files changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index b1f1f5c82c..3a8251e2b8 100644
|
||||
index 113205bf25..c9f756c9c7 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
|
||||
}
|
||||
@@ -982,13 +982,13 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
|
||||
return 0;
|
||||
|
||||
if (c->private_tmp) {
|
||||
-
|
||||
- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
|
||||
- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
|
||||
- * /tmp specifically and masking other mount units should be handled more
|
||||
- * gracefully too, see PR#16894. */
|
||||
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
||||
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
- const char *p;
|
||||
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", NULL, true, UNIT_DEPENDENCY_FILE);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
|
||||
- FOREACH_STRING(p, "/tmp", "/var/tmp") {
|
||||
- r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
- }
|
||||
+ r = unit_require_mounts_for(u, "/var/tmp", UNIT_DEPENDENCY_FILE);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
|
||||
r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, NULL, true, UNIT_DEPENDENCY_FILE);
|
||||
if (r < 0)
|
||||
diff --git a/units/basic.target b/units/basic.target
|
||||
index d8cdd5ac14..9eae0782a2 100644
|
||||
index 4f44292249..8fc7c73ef2 100644
|
||||
--- a/units/basic.target
|
||||
+++ b/units/basic.target
|
||||
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
From c7f77dfd2bfa593bfbbdf82eea8b600ca1b46f4c Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 1 Aug 2018 17:17:07 +0200
|
||||
Subject: [PATCH] pid1: bump maximum number of process in user slice to 80% of
|
||||
pid_max
|
||||
|
||||
Related: #1523236
|
||||
---
|
||||
src/basic/cgroup-util.h | 2 +-
|
||||
units/user-.slice.d/10-defaults.conf | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
|
||||
index f10c26ad51..26e3ae0404 100644
|
||||
--- a/src/basic/cgroup-util.h
|
||||
+++ b/src/basic/cgroup-util.h
|
||||
@@ -101,7 +101,7 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) {
|
||||
|
||||
/* Default resource limits */
|
||||
#define DEFAULT_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 26214 on default settings */
|
||||
-#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */
|
||||
+#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 26214 on default settings */
|
||||
|
||||
typedef enum CGroupUnified {
|
||||
CGROUP_UNIFIED_UNKNOWN = -1,
|
||||
diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf
|
||||
index 95ab11b30b..efc9d37c8e 100644
|
||||
--- a/units/user-.slice.d/10-defaults.conf
|
||||
+++ b/units/user-.slice.d/10-defaults.conf
|
||||
@@ -12,4 +12,4 @@ Description=User Slice of UID %j
|
||||
After=systemd-user-sessions.service
|
||||
|
||||
[Slice]
|
||||
-TasksMax=33%
|
||||
+TasksMax=80%
|
|
@ -1,38 +0,0 @@
|
|||
From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Mon, 5 Sep 2016 12:47:09 +0200
|
||||
Subject: [PATCH] unit: don't add Requires for tmp.mount
|
||||
|
||||
rhel-only
|
||||
Resolves: #1619292
|
||||
---
|
||||
src/core/mount.c | 2 +-
|
||||
src/core/unit.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/mount.c b/src/core/mount.c
|
||||
index 0170406351..4d407ca4e5 100644
|
||||
--- a/src/core/mount.c
|
||||
+++ b/src/core/mount.c
|
||||
@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- if (UNIT(m)->fragment_path) {
|
||||
+ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
|
||||
/* If we have fragment configuration, then make this dependency required */
|
||||
r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
|
||||
if (r < 0)
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 3a8251e2b8..d2adb447b6 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- if (m->fragment_path) {
|
||||
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
|
||||
r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
|
||||
if (r < 0)
|
||||
return r;
|
|
@ -0,0 +1,33 @@
|
|||
From 787420ac2ba9c404e13db08601946bde263523f8 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 22 Sep 2014 07:41:06 +0200
|
||||
Subject: [PATCH] rules: automatically online hot-plugged CPUs
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 3 +++
|
||||
rules/meson.build | 1 +
|
||||
2 files changed, 4 insertions(+)
|
||||
create mode 100644 rules/40-redhat.rules
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
new file mode 100644
|
||||
index 0000000000..2b494e57cf
|
||||
--- /dev/null
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -0,0 +1,3 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
diff --git a/rules/meson.build b/rules/meson.build
|
||||
index b6a32ba77e..e7e4362c0c 100644
|
||||
--- a/rules/meson.build
|
||||
+++ b/rules/meson.build
|
||||
@@ -1,6 +1,7 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
|
||||
rules = files('''
|
||||
+ 40-redhat.rules
|
||||
60-block.rules
|
||||
60-cdrom_id.rules
|
||||
60-drm.rules
|
|
@ -0,0 +1,37 @@
|
|||
From 2991b22f5f40a66ad1cc088e502e7f40ae1806c2 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 22 Sep 2014 07:53:52 +0200
|
||||
Subject: [PATCH] rules: add rule for naming Dell iDRAC USB Virtual NIC as
|
||||
'idrac'
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/73-idrac.rules | 6 ++++++
|
||||
rules/meson.build | 1 +
|
||||
2 files changed, 7 insertions(+)
|
||||
create mode 100644 rules/73-idrac.rules
|
||||
|
||||
diff --git a/rules/73-idrac.rules b/rules/73-idrac.rules
|
||||
new file mode 100644
|
||||
index 0000000000..d67fc425b1
|
||||
--- /dev/null
|
||||
+++ b/rules/73-idrac.rules
|
||||
@@ -0,0 +1,6 @@
|
||||
+# do not edit this file, it will be overwritten on update
|
||||
+
|
||||
+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
|
||||
+# with terminates in the iDRAC. Help identify this with 'idrac'
|
||||
+
|
||||
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
|
||||
diff --git a/rules/meson.build b/rules/meson.build
|
||||
index e7e4362c0c..e04a18aca6 100644
|
||||
--- a/rules/meson.build
|
||||
+++ b/rules/meson.build
|
||||
@@ -17,6 +17,7 @@ rules = files('''
|
||||
70-joystick.rules
|
||||
70-mouse.rules
|
||||
70-touchpad.rules
|
||||
+ 73-idrac.rules
|
||||
75-net-description.rules
|
||||
75-probe_mtd.rules
|
||||
78-sound-card.rules
|
|
@ -1,298 +0,0 @@
|
|||
From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Sun, 18 Apr 2021 20:46:06 +0200
|
||||
Subject: [PATCH] ci: drop CIs irrelevant for downstream
|
||||
|
||||
* CIFuzz would need a separate project in oss-fuzz
|
||||
* Coverity would also need a separate project
|
||||
* the Labeler action is superfluous, since we already have a bot for
|
||||
that
|
||||
* mkosi testing on other distros is irrelevant for downstream RHEL
|
||||
repo
|
||||
|
||||
Resolves: #1960703
|
||||
rhel-only
|
||||
---
|
||||
.github/labeler.yml | 40 -----------------
|
||||
.github/workflows/cifuzz.yml | 55 -----------------------
|
||||
.github/workflows/coverity.yml | 43 ------------------
|
||||
.github/workflows/labeler.yml | 23 ----------
|
||||
.github/workflows/mkosi.yml | 80 ----------------------------------
|
||||
5 files changed, 241 deletions(-)
|
||||
delete mode 100644 .github/labeler.yml
|
||||
delete mode 100644 .github/workflows/cifuzz.yml
|
||||
delete mode 100644 .github/workflows/coverity.yml
|
||||
delete mode 100644 .github/workflows/labeler.yml
|
||||
delete mode 100644 .github/workflows/mkosi.yml
|
||||
|
||||
diff --git a/.github/labeler.yml b/.github/labeler.yml
|
||||
deleted file mode 100644
|
||||
index 7d128f42d6..0000000000
|
||||
--- a/.github/labeler.yml
|
||||
+++ /dev/null
|
||||
@@ -1,40 +0,0 @@
|
||||
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
-
|
||||
-hwdb:
|
||||
- - hwdb.d/**/*
|
||||
-units:
|
||||
- - units/**/*
|
||||
-documentation:
|
||||
- - NEWS
|
||||
- - docs/*
|
||||
-network:
|
||||
- - src/libsystemd-network/**/*
|
||||
- - src/network/**/*
|
||||
-udev:
|
||||
- - src/udev/**/*
|
||||
- - src/libudev/*
|
||||
-selinux:
|
||||
- - '**/*selinux*'
|
||||
-apparmor:
|
||||
- - '**/*apparmor*'
|
||||
-meson:
|
||||
- - meson_option.txt
|
||||
-mkosi:
|
||||
- - .mkosi/*
|
||||
- - mkosi.build
|
||||
-busctl:
|
||||
- - src/busctl/*
|
||||
-systemctl:
|
||||
- - src/systemctl/*
|
||||
-journal:
|
||||
- - src/journal/*
|
||||
-journal-remote:
|
||||
- - src/journal-remote/*
|
||||
-portable:
|
||||
- - src/portable/**/*
|
||||
-resolve:
|
||||
- - src/resolve/*
|
||||
-timedate:
|
||||
- - src/timedate/*
|
||||
-timesync:
|
||||
- - src/timesync/*
|
||||
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
|
||||
deleted file mode 100644
|
||||
index 11ea788a47..0000000000
|
||||
--- a/.github/workflows/cifuzz.yml
|
||||
+++ /dev/null
|
||||
@@ -1,55 +0,0 @@
|
||||
----
|
||||
-# vi: ts=2 sw=2 et:
|
||||
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
|
||||
-
|
||||
-name: CIFuzz
|
||||
-
|
||||
-permissions:
|
||||
- contents: read
|
||||
-
|
||||
-on:
|
||||
- pull_request:
|
||||
- paths:
|
||||
- - '**/meson.build'
|
||||
- - '.github/workflows/**'
|
||||
- - 'meson_options.txt'
|
||||
- - 'src/**'
|
||||
- - 'test/fuzz/**'
|
||||
- - 'tools/oss-fuzz.sh'
|
||||
- push:
|
||||
- branches:
|
||||
- - main
|
||||
-jobs:
|
||||
- Fuzzing:
|
||||
- runs-on: ubuntu-latest
|
||||
- if: github.repository == 'systemd/systemd'
|
||||
- concurrency:
|
||||
- group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
|
||||
- cancel-in-progress: true
|
||||
- strategy:
|
||||
- fail-fast: false
|
||||
- matrix:
|
||||
- sanitizer: [address, undefined, memory]
|
||||
- steps:
|
||||
- - name: Build Fuzzers (${{ matrix.sanitizer }})
|
||||
- id: build
|
||||
- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||
- with:
|
||||
- oss-fuzz-project-name: 'systemd'
|
||||
- dry-run: false
|
||||
- allowed-broken-targets-percentage: 0
|
||||
- sanitizer: ${{ matrix.sanitizer }}
|
||||
- - name: Run Fuzzers (${{ matrix.sanitizer }})
|
||||
- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||
- with:
|
||||
- oss-fuzz-project-name: 'systemd'
|
||||
- fuzz-seconds: 600
|
||||
- dry-run: false
|
||||
- sanitizer: ${{ matrix.sanitizer }}
|
||||
- - name: Upload Crash
|
||||
- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2
|
||||
- if: failure() && steps.build.outcome == 'success'
|
||||
- with:
|
||||
- name: ${{ matrix.sanitizer }}-artifacts
|
||||
- path: ./out/artifacts
|
||||
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
|
||||
deleted file mode 100644
|
||||
index a164d16fbf..0000000000
|
||||
--- a/.github/workflows/coverity.yml
|
||||
+++ /dev/null
|
||||
@@ -1,43 +0,0 @@
|
||||
----
|
||||
-# vi: ts=2 sw=2 et:
|
||||
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
-#
|
||||
-name: Coverity
|
||||
-
|
||||
-on:
|
||||
- schedule:
|
||||
- # Run Coverity daily at midnight
|
||||
- - cron: '0 0 * * *'
|
||||
-
|
||||
-permissions:
|
||||
- contents: read
|
||||
-
|
||||
-jobs:
|
||||
- build:
|
||||
- runs-on: ubuntu-20.04
|
||||
- if: github.repository == 'systemd/systemd'
|
||||
- env:
|
||||
- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
|
||||
- COVERITY_SCAN_NOTIFICATION_EMAIL: ""
|
||||
- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
|
||||
- # Set in repo settings -> secrets -> repository secrets
|
||||
- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
|
||||
- CURRENT_REF: "${{ github.ref }}"
|
||||
- steps:
|
||||
- - name: Repository checkout
|
||||
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
|
||||
- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
|
||||
- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
|
||||
- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
|
||||
- - name: Install Coverity tools
|
||||
- run: tools/get-coverity.sh
|
||||
- # Reuse the setup phase of the unit test script to avoid code duplication
|
||||
- - name: Install build dependencies
|
||||
- run: sudo -E .github/workflows/unit_tests.sh SETUP
|
||||
- # Preconfigure with meson to prevent Coverity from capturing meson metadata
|
||||
- - name: Preconfigure the build directory
|
||||
- run: meson cov-build -Dman=false
|
||||
- - name: Build
|
||||
- run: tools/coverity.sh build
|
||||
- - name: Upload the results
|
||||
- run: tools/coverity.sh upload
|
||||
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
|
||||
deleted file mode 100644
|
||||
index 34d9d63d42..0000000000
|
||||
--- a/.github/workflows/labeler.yml
|
||||
+++ /dev/null
|
||||
@@ -1,23 +0,0 @@
|
||||
----
|
||||
-# vi: ts=2 sw=2 et:
|
||||
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
-#
|
||||
-name: "Pull Request Labeler"
|
||||
-
|
||||
-on:
|
||||
-- pull_request_target
|
||||
-
|
||||
-permissions:
|
||||
- contents: read
|
||||
-
|
||||
-jobs:
|
||||
- triage:
|
||||
- runs-on: ubuntu-latest
|
||||
- permissions:
|
||||
- pull-requests: write
|
||||
- steps:
|
||||
- - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e
|
||||
- with:
|
||||
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
||||
- configuration-path: .github/labeler.yml
|
||||
- sync-labels: "" # This is a workaround for issue 18671
|
||||
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
|
||||
deleted file mode 100644
|
||||
index 8fd6c72e26..0000000000
|
||||
--- a/.github/workflows/mkosi.yml
|
||||
+++ /dev/null
|
||||
@@ -1,80 +0,0 @@
|
||||
----
|
||||
-# vi: ts=2 sw=2 et:
|
||||
-# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/.
|
||||
-name: mkosi
|
||||
-
|
||||
-on:
|
||||
- push:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
- pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
-
|
||||
-permissions:
|
||||
- contents: read
|
||||
-
|
||||
-env:
|
||||
- # Enable debug logging in systemd, but keep udev's log level to info,
|
||||
- # since it's _very_ verbose in the QEMU task
|
||||
- KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console"
|
||||
-
|
||||
-jobs:
|
||||
- ci:
|
||||
- runs-on: ubuntu-20.04
|
||||
- concurrency:
|
||||
- group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }}
|
||||
- cancel-in-progress: true
|
||||
- strategy:
|
||||
- fail-fast: false
|
||||
- matrix:
|
||||
- distro:
|
||||
- - arch
|
||||
- - debian
|
||||
- - ubuntu
|
||||
- - fedora
|
||||
- - opensuse
|
||||
-
|
||||
- steps:
|
||||
- - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
|
||||
- - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5
|
||||
-
|
||||
- - name: Install
|
||||
- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
|
||||
-
|
||||
- - name: Configure
|
||||
- run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default
|
||||
-
|
||||
- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
|
||||
- # required, since current Arch's glibc implements faccessat() via faccessat2().
|
||||
- - name: Update systemd-nspawn
|
||||
- if: ${{ matrix.distro == 'arch' }}
|
||||
- run: |
|
||||
- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
|
||||
- sudo apt update
|
||||
- sudo apt build-dep systemd
|
||||
- meson build
|
||||
- ninja -C build
|
||||
- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
|
||||
- systemd-nspawn --version
|
||||
-
|
||||
- - name: Build ${{ matrix.distro }}
|
||||
- run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build
|
||||
-
|
||||
- - name: Show ${{ matrix.distro }} image summary
|
||||
- run: ./.github/workflows/run_mkosi.sh summary
|
||||
-
|
||||
- - name: Boot ${{ matrix.distro }} systemd-nspawn
|
||||
- run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }}
|
||||
-
|
||||
- - name: Check ${{ matrix.distro }} systemd-nspawn
|
||||
- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
|
||||
-
|
||||
- - name: Boot ${{ matrix.distro }} QEMU
|
||||
- run: ./.github/workflows/run_mkosi.sh qemu
|
||||
-
|
||||
- - name: Check ${{ matrix.distro }} QEMU
|
||||
- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
|
|
@ -0,0 +1,22 @@
|
|||
From d5215083fa1d10f1624ab2f0fb5ba420a2594938 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Wed, 13 May 2015 16:56:44 +0200
|
||||
Subject: [PATCH] rules: enable memory hotplug
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 2b494e57cf..8231caae98 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -1,3 +1,7 @@
|
||||
# do not edit this file, it will be overwritten on update
|
||||
|
||||
+# CPU hotadd request
|
||||
SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
+
|
||||
+# Memory hotadd request
|
||||
+SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
|
|
@ -1,61 +0,0 @@
|
|||
From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Wed, 9 Jun 2021 15:23:59 +0200
|
||||
Subject: [PATCH] ci: reconfigure Packit for RHEL 9
|
||||
|
||||
Resolves: #1960703
|
||||
rhel-only
|
||||
---
|
||||
.packit.yml | 28 ++++++++++++++++++----------
|
||||
1 file changed, 18 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 962c77913e..3461bccbc5 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
|
||||
|
||||
actions:
|
||||
post-upstream-clone:
|
||||
- # Use the Fedora Rawhide specfile
|
||||
- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
|
||||
+ # Use the CentOS Stream specfile
|
||||
+ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
|
||||
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
|
||||
- "rm -fv .packit_rpm/sources"
|
||||
- # Drop backported patches from the specfile, but keep the downstream-only ones
|
||||
- # - Patch0000-0499: backported patches from upstream
|
||||
- # - Patch0500-9999: downstream-only patches
|
||||
- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
|
||||
+ # Drop all patches, since they're already included in the tarball
|
||||
+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
|
||||
# Build the RPM with --werror. Even though --werror doesn't work in all
|
||||
# cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
|
||||
# RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
|
||||
@@ -32,12 +30,22 @@ actions:
|
||||
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
|
||||
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
|
||||
|
||||
+# Available targets can be listed via `copr-cli list-chroots`
|
||||
jobs:
|
||||
+# Build test
|
||||
- job: copr_build
|
||||
trigger: pull_request
|
||||
metadata:
|
||||
targets:
|
||||
- - fedora-rawhide-aarch64
|
||||
- - fedora-rawhide-i386
|
||||
- - fedora-rawhide-ppc64le
|
||||
- - fedora-rawhide-x86_64
|
||||
+ # FIXME: change to CentOS 9 once it's available
|
||||
+ - fedora-34-x86_64
|
||||
+ - fedora-34-aarch64
|
||||
+
|
||||
+# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
|
||||
+# Run tests (via testing farm)
|
||||
+#- job: tests
|
||||
+# trigger: pull_request
|
||||
+# metadata:
|
||||
+# targets:
|
||||
+# # FIXME: change to CentOS 9 once it's available
|
||||
+# - fedora-34-x86_64
|
|
@ -0,0 +1,22 @@
|
|||
From 4a7602e27a50828ac8a0eb6b83a1c2c722af652d Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Wed, 13 May 2015 17:11:48 +0200
|
||||
Subject: [PATCH] rules: reload sysctl settings when the bridge module is
|
||||
loaded
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 8231caae98..556a3a3a90 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -5,3 +5,6 @@ SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}
|
||||
|
||||
# Memory hotadd request
|
||||
SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
|
||||
+
|
||||
+# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
|
@ -1,28 +0,0 @@
|
|||
From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Thu, 15 Jul 2021 12:23:27 +0200
|
||||
Subject: [PATCH] ci: run unit tests on z-stream branches as well
|
||||
|
||||
Resolves: #1960703
|
||||
rhel-only
|
||||
---
|
||||
.github/workflows/unit_tests.yml | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
|
||||
index d4a4f3c723..2afde5d59d 100644
|
||||
--- a/.github/workflows/unit_tests.yml
|
||||
+++ b/.github/workflows/unit_tests.yml
|
||||
@@ -3,11 +3,7 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
#
|
||||
name: Unit tests
|
||||
-on:
|
||||
- pull_request:
|
||||
- branches:
|
||||
- - main
|
||||
- - v[0-9]+-stable
|
||||
+on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
|
@ -0,0 +1,21 @@
|
|||
From a42b57dc8b265f183a8fb6fe9ae32a9d77cbb7c5 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Wed, 20 May 2015 12:34:18 +0200
|
||||
Subject: [PATCH] rules: load sg module
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 556a3a3a90..305e752285 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -8,3 +8,6 @@ SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
|
||||
|
||||
# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
||||
+
|
||||
+# load SCSI generic (sg) driver
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
|
@ -1,25 +0,0 @@
|
|||
From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Thu, 15 Jul 2021 11:15:17 +0200
|
||||
Subject: [PATCH] random-util: increase random seed size to 1024
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1982603
|
||||
---
|
||||
src/basic/random-util.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
|
||||
index e6528ddc7f..fda78552f6 100644
|
||||
--- a/src/basic/random-util.h
|
||||
+++ b/src/basic/random-util.h
|
||||
@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
|
||||
int rdrand(unsigned long *ret);
|
||||
|
||||
/* Some limits on the pool sizes when we deal with the kernel random pool */
|
||||
-#define RANDOM_POOL_SIZE_MIN 512U
|
||||
+#define RANDOM_POOL_SIZE_MIN 1024U
|
||||
#define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
|
||||
|
||||
size_t random_pool_size(void);
|
|
@ -0,0 +1,21 @@
|
|||
From 21c96c3781f473cdbfe7acdb1affba75b50081f1 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Tue, 22 Sep 2015 12:28:28 +0200
|
||||
Subject: [PATCH] rules: prandom character device node permissions
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 305e752285..9a48adde19 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -11,3 +11,6 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/sys
|
||||
|
||||
# load SCSI generic (sg) driver
|
||||
SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
+
|
||||
+# Rule for prandom character device node permissions
|
||||
+KERNEL=="prandom", MODE="0644"
|
|
@ -0,0 +1,22 @@
|
|||
From fab2dff96f59e0851884b4ef32dccab763f5eef1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Nykr=C3=BDn?= <lnykryn@redhat.com>
|
||||
Date: Thu, 18 Aug 2016 14:51:19 +0200
|
||||
Subject: [PATCH] rules: load sg driver also when scsi_target appears (#45)
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 9a48adde19..3335fe5075 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -11,6 +11,7 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/sys
|
||||
|
||||
# load SCSI generic (sg) driver
|
||||
SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
|
||||
|
||||
# Rule for prandom character device node permissions
|
||||
KERNEL=="prandom", MODE="0644"
|
|
@ -1,22 +0,0 @@
|
|||
From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Thu, 5 Aug 2021 15:26:13 +0200
|
||||
Subject: [PATCH] journald.conf: don't touch current audit settings
|
||||
|
||||
RHEL-only
|
||||
|
||||
Related: #1973856
|
||||
---
|
||||
src/journal/journald.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
|
||||
index 5a60a9d39c..3544da2112 100644
|
||||
--- a/src/journal/journald.conf
|
||||
+++ b/src/journal/journald.conf
|
||||
@@ -44,4 +44,4 @@
|
||||
#MaxLevelWall=emerg
|
||||
#LineMax=48K
|
||||
#ReadKMsg=yes
|
||||
-#Audit=yes
|
||||
+Audit=
|
|
@ -0,0 +1,23 @@
|
|||
From fd091394e52cd652ff5163735b2a91a8c0efe415 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Tue, 13 Sep 2016 13:18:38 +0200
|
||||
Subject: [PATCH] rules: don't hoplug memory on s390x
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 3335fe5075..4c56950dab 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -4,7 +4,7 @@
|
||||
SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
|
||||
# Memory hotadd request
|
||||
-SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
|
||||
+SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/usr/bin/systemd-detect-virt", RESULT!="zvm", ATTR{state}=="offline", ATTR{state}="online"
|
||||
|
||||
# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
|
@ -1,137 +0,0 @@
|
|||
From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Tue, 10 Aug 2021 14:46:16 +0200
|
||||
Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
|
||||
|
||||
This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1982666
|
||||
---
|
||||
man/udev.xml | 9 +++++++
|
||||
src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++
|
||||
test/rule-syntax-check.py | 2 +-
|
||||
3 files changed, 66 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/udev.xml b/man/udev.xml
|
||||
index f6ea2abc12..ce96e201e4 100644
|
||||
--- a/man/udev.xml
|
||||
+++ b/man/udev.xml
|
||||
@@ -592,6 +592,15 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><varname>WAIT_FOR</varname></term>
|
||||
+ <listitem>
|
||||
+ <para>Wait for a file to become available or until a timeout of
|
||||
+ 10 seconds expires. The path is relative to the sysfs device;
|
||||
+ if no path is specified, this waits for an attribute to appear.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><varname>OPTIONS</varname></term>
|
||||
<listitem>
|
||||
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
|
||||
index 1a384d6b38..243a792662 100644
|
||||
--- a/src/udev/udev-rules.c
|
||||
+++ b/src/udev/udev-rules.c
|
||||
@@ -79,6 +79,7 @@ typedef enum {
|
||||
TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
|
||||
TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */
|
||||
TK_M_DRIVER, /* string, sd_device_get_driver() */
|
||||
+ TK_M_WAITFOR,
|
||||
TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
|
||||
TK_M_SYSCTL, /* string, takes kernel parameter through attribute */
|
||||
|
||||
@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
|
||||
rule_line->current_token = token;
|
||||
}
|
||||
|
||||
+#define WAIT_LOOP_PER_SECOND 50
|
||||
+static int wait_for_file(sd_device *dev, const char *file, int timeout) {
|
||||
+ char filepath[UDEV_PATH_SIZE];
|
||||
+ char devicepath[UDEV_PATH_SIZE];
|
||||
+ struct stat stats;
|
||||
+ int loop = timeout * WAIT_LOOP_PER_SECOND;
|
||||
+
|
||||
+ /* a relative path is a device attribute */
|
||||
+ devicepath[0] = '\0';
|
||||
+ if (file[0] != '/') {
|
||||
+ const char *val;
|
||||
+ int r;
|
||||
+
|
||||
+ r = sd_device_get_syspath(dev, &val);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ strscpyl(devicepath, sizeof(devicepath), val, NULL);
|
||||
+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
|
||||
+ file = filepath;
|
||||
+ }
|
||||
+
|
||||
+ while (--loop) {
|
||||
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
|
||||
+
|
||||
+ /* lookup file */
|
||||
+ if (stat(file, &stats) == 0) {
|
||||
+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ /* make sure, the device did not disappear in the meantime */
|
||||
+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
|
||||
+ log_debug("device disappeared while waiting for '%s'", file);
|
||||
+ return -2;
|
||||
+ }
|
||||
+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
|
||||
+ nanosleep(&duration, NULL);
|
||||
+ }
|
||||
+ log_debug("waiting for '%s' failed", file);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
|
||||
UdevRuleToken *token;
|
||||
UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
|
||||
@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
|
||||
r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
|
||||
} else
|
||||
return log_token_invalid_attr(rules, key);
|
||||
+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
|
||||
+ if (op == OP_REMOVE)
|
||||
+ return log_token_invalid_op(rules, key);
|
||||
+
|
||||
+ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
|
||||
+ return 1;
|
||||
} else if (streq(key, "GOTO")) {
|
||||
if (attr)
|
||||
return log_token_invalid_attr(rules, key);
|
||||
@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
|
||||
|
||||
return token_match_string(token, val);
|
||||
}
|
||||
+ case TK_M_WAITFOR: {
|
||||
+ char filename[UDEV_PATH_SIZE];
|
||||
+ int found;
|
||||
+
|
||||
+ udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
|
||||
+ found = (wait_for_file(event->dev, filename, 10) == 0);
|
||||
+ return found || (token->op == OP_NOMATCH);
|
||||
+ }
|
||||
case TK_M_ATTR:
|
||||
case TK_M_PARENTS_ATTR:
|
||||
return token_match_attr(token, dev, event);
|
||||
diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
|
||||
index 9a9e4d1658..0649bcf58e 100755
|
||||
--- a/test/rule-syntax-check.py
|
||||
+++ b/test/rule-syntax-check.py
|
||||
@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
|
||||
# PROGRAM can also be specified as an assignment.
|
||||
program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
|
||||
args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
|
||||
-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||
+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||
args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
|
||||
# Find comma-separated groups, but allow commas that are inside quoted strings.
|
||||
# Using quoted_string_re + '?' so that strings missing the last double quote
|
|
@ -0,0 +1,24 @@
|
|||
From a0802638f02b964cb9d2d68bad009561b2bcc910 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 16 Sep 2016 14:45:01 +0200
|
||||
Subject: [PATCH] rules: disable auto-online of hot-plugged memory on IBM z
|
||||
Systems
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index 4c56950dab..c3df320234 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -4,7 +4,7 @@
|
||||
SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
|
||||
|
||||
# Memory hotadd request
|
||||
-SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/usr/bin/systemd-detect-virt", RESULT!="zvm", ATTR{state}=="offline", ATTR{state}="online"
|
||||
+SUBSYSTEM=="memory", ACTION=="add", PROGRAM=="/bin/uname -p", RESULT!="s390*", ATTR{state}=="offline", ATTR{state}="online"
|
||||
|
||||
# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
|
||||
ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
|
|
@ -1,25 +0,0 @@
|
|||
From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Wed, 25 Aug 2021 16:03:04 +0200
|
||||
Subject: [PATCH] Really don't enable systemd-journald-audit.socket
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1973856
|
||||
---
|
||||
units/systemd-journald.service.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||
index d981273b07..f190dff5fb 100644
|
||||
--- a/units/systemd-journald.service.in
|
||||
+++ b/units/systemd-journald.service.in
|
||||
@@ -33,7 +33,7 @@ RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
RuntimeDirectory=systemd/journal
|
||||
RuntimeDirectoryPreserve=yes
|
||||
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
|
||||
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
|
||||
StandardOutput=null
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
|
@ -0,0 +1,39 @@
|
|||
From 0c5b8096cb23701f8048dba33a38e1b55249cab3 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 28 Mar 2018 17:22:30 +0200
|
||||
Subject: [PATCH] rules: introduce old-style by-path symlinks for FCP based
|
||||
SCSI devices
|
||||
|
||||
Related: #1523227
|
||||
---
|
||||
rules/40-redhat.rules | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
|
||||
index c3df320234..8ac96933c3 100644
|
||||
--- a/rules/40-redhat.rules
|
||||
+++ b/rules/40-redhat.rules
|
||||
@@ -15,3 +15,23 @@ SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin
|
||||
|
||||
# Rule for prandom character device node permissions
|
||||
KERNEL=="prandom", MODE="0644"
|
||||
+
|
||||
+# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
|
||||
+# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
|
||||
+#
|
||||
+ACTION=="remove", GOTO="zfcp_scsi_device_end"
|
||||
+
|
||||
+#
|
||||
+# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
|
||||
+# (both disk and partition) are SCSI devices based on FCP devices
|
||||
+#
|
||||
+KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
|
||||
+
|
||||
+# For SCSI disks
|
||||
+KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
|
||||
+
|
||||
+
|
||||
+# For partitions on a SCSI disk
|
||||
+KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
|
||||
+
|
||||
+LABEL="zfcp_scsi_device_end"
|
|
@ -0,0 +1,123 @@
|
|||
From 1bb734a44952a51285057409ba7b1c3e7a162cea Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 13:16:49 +0200
|
||||
Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
|
||||
|
||||
This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
|
||||
|
||||
Resolves: #1523213
|
||||
---
|
||||
man/udev.xml | 9 +++++++
|
||||
src/udev/udev-rules.c | 50 +++++++++++++++++++++++++++++++++++++++
|
||||
test/rule-syntax-check.py | 2 +-
|
||||
3 files changed, 60 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/udev.xml b/man/udev.xml
|
||||
index 15e6d8eae1..bdf901a8f0 100644
|
||||
--- a/man/udev.xml
|
||||
+++ b/man/udev.xml
|
||||
@@ -515,6 +515,15 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><varname>WAIT_FOR</varname></term>
|
||||
+ <listitem>
|
||||
+ <para>Wait for a file to become available or until a timeout of
|
||||
+ 10 seconds expires. The path is relative to the sysfs device;
|
||||
+ if no path is specified, this waits for an attribute to appear.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><varname>OPTIONS</varname></term>
|
||||
<listitem>
|
||||
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
|
||||
index f029395884..58af863f3d 100644
|
||||
--- a/src/udev/udev-rules.c
|
||||
+++ b/src/udev/udev-rules.c
|
||||
@@ -676,6 +676,41 @@ static int import_parent_into_properties(struct udev_device *dev, const char *fi
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#define WAIT_LOOP_PER_SECOND 50
|
||||
+static int wait_for_file(struct udev_device *dev, const char *file, int timeout) {
|
||||
+ char filepath[UTIL_PATH_SIZE];
|
||||
+ char devicepath[UTIL_PATH_SIZE];
|
||||
+ struct stat stats;
|
||||
+ int loop = timeout * WAIT_LOOP_PER_SECOND;
|
||||
+
|
||||
+ /* a relative path is a device attribute */
|
||||
+ devicepath[0] = '\0';
|
||||
+ if (file[0] != '/') {
|
||||
+ strscpyl(devicepath, sizeof(devicepath), udev_device_get_syspath(dev), NULL);
|
||||
+ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
|
||||
+ file = filepath;
|
||||
+ }
|
||||
+
|
||||
+ while (--loop) {
|
||||
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
|
||||
+
|
||||
+ /* lookup file */
|
||||
+ if (stat(file, &stats) == 0) {
|
||||
+ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ /* make sure, the device did not disappear in the meantime */
|
||||
+ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
|
||||
+ log_debug("device disappeared while waiting for '%s'", file);
|
||||
+ return -2;
|
||||
+ }
|
||||
+ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
|
||||
+ nanosleep(&duration, NULL);
|
||||
+ }
|
||||
+ log_debug("waiting for '%s' failed", file);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
static void attr_subst_subdir(char *attr, size_t len) {
|
||||
const char *pos, *tail, *path;
|
||||
_cleanup_closedir_ DIR *dir = NULL;
|
||||
@@ -1284,7 +1319,12 @@ static void add_rule(struct udev_rules *rules, char *line,
|
||||
rule_add_key(&rule_tmp, TK_A_RUN_PROGRAM, op, value, &cmd);
|
||||
} else
|
||||
LOG_RULE_ERROR("ignoring unknown %s{} type '%s'", "RUN", attr);
|
||||
+ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
|
||||
+ if (op == OP_REMOVE)
|
||||
+ LOG_AND_RETURN("invalid %s operation", key);
|
||||
|
||||
+ rule_add_key(&rule_tmp, TK_M_WAITFOR, 0, value, NULL);
|
||||
+ continue;
|
||||
} else if (streq(key, "LABEL")) {
|
||||
if (op == OP_REMOVE)
|
||||
LOG_AND_RETURN("invalid %s operation", key);
|
||||
@@ -1838,6 +1878,16 @@ void udev_rules_apply_to_event(struct udev_rules *rules,
|
||||
if (match_key(rules, cur, udev_device_get_driver(event->dev)) != 0)
|
||||
goto nomatch;
|
||||
break;
|
||||
+ case TK_M_WAITFOR: {
|
||||
+ char filename[UTIL_PATH_SIZE];
|
||||
+ int found;
|
||||
+
|
||||
+ udev_event_apply_format(event, rules_str(rules, cur->key.value_off), filename, sizeof(filename), false);
|
||||
+ found = (wait_for_file(event->dev, filename, 10) == 0);
|
||||
+ if (!found && (cur->key.op != OP_NOMATCH))
|
||||
+ goto nomatch;
|
||||
+ break;
|
||||
+ }
|
||||
case TK_M_ATTR:
|
||||
if (match_attr(rules, event->dev, event, cur) != 0)
|
||||
goto nomatch;
|
||||
diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
|
||||
index dfb06d9ed9..706d93632e 100755
|
||||
--- a/test/rule-syntax-check.py
|
||||
+++ b/test/rule-syntax-check.py
|
||||
@@ -18,7 +18,7 @@ if not rules_files:
|
||||
quoted_string_re = r'"(?:[^\\"]|\\.)*"'
|
||||
no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|DRIVERS?|TAG|PROGRAM|RESULT|TEST)\s*(?:=|!)=\s*' + quoted_string_re + '$')
|
||||
args_tests = re.compile(r'(ATTRS?|ENV|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
|
||||
-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||
+no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
|
||||
args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
|
||||
# Find comma-separated groups, but allow commas that are inside quoted strings.
|
||||
# Using quoted_string_re + '?' so that strings missing the last double quote
|
|
@ -0,0 +1,22 @@
|
|||
From ab0228c3d6ceba20cf89ceb1b16b7e314aaaf989 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 7 Aug 2018 10:38:33 +0200
|
||||
Subject: [PATCH] net_setup_link: allow renaming interfaces that were renamed
|
||||
previously
|
||||
|
||||
---
|
||||
src/udev/net/link-config.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
|
||||
index cec4f4f779..5113586457 100644
|
||||
--- a/src/udev/net/link-config.c
|
||||
+++ b/src/udev/net/link-config.c
|
||||
@@ -306,7 +306,6 @@ static bool should_rename(struct udev_device *device, bool respect_predictable)
|
||||
|
||||
switch (type) {
|
||||
case NET_NAME_USER:
|
||||
- case NET_NAME_RENAMED:
|
||||
/* these were already named by userspace, do not touch again */
|
||||
return false;
|
||||
case NET_NAME_PREDICTABLE:
|
|
@ -1,26 +0,0 @@
|
|||
From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 22 Sep 2021 14:38:00 +0200
|
||||
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
|
||||
|
||||
RHEL-only
|
||||
|
||||
Related: #2000927
|
||||
---
|
||||
units/meson.build | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/units/meson.build b/units/meson.build
|
||||
index 69d53f4259..9eb535858a 100644
|
||||
--- a/units/meson.build
|
||||
+++ b/units/meson.build
|
||||
@@ -159,8 +159,7 @@ units = [
|
||||
['time-set.target', ''],
|
||||
['time-sync.target', ''],
|
||||
['timers.target', ''],
|
||||
- ['tmp.mount', '',
|
||||
- 'local-fs.target.wants/'],
|
||||
+ ['tmp.mount', ''],
|
||||
['umount.target', ''],
|
||||
['usb-gadget.target', ''],
|
||||
['user.slice', ''],
|
|
@ -1,59 +0,0 @@
|
|||
From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 1 Aug 2018 13:19:39 +0200
|
||||
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
|
||||
|
||||
This should be hopefully high enough even for the very big deployments.
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #2003031
|
||||
---
|
||||
man/systemd-system.conf.xml | 4 ++--
|
||||
src/core/main.c | 2 +-
|
||||
src/core/system.conf.in | 2 +-
|
||||
3 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
|
||||
index 3805a010e2..b8e2b65625 100644
|
||||
--- a/man/systemd-system.conf.xml
|
||||
+++ b/man/systemd-system.conf.xml
|
||||
@@ -404,10 +404,10 @@
|
||||
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
|
||||
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. This setting applies to all unit types that support resource control settings, with the exception
|
||||
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||
+ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
|
||||
and root cgroup <varname>pids.max</varname>.
|
||||
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
|
||||
- For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
|
||||
+ For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
|
||||
but might be greater in other systems or smaller in OS containers.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
diff --git a/src/core/main.c b/src/core/main.c
|
||||
index 57aedb9b93..7ea848ebeb 100644
|
||||
--- a/src/core/main.c
|
||||
+++ b/src/core/main.c
|
||||
@@ -98,7 +98,7 @@
|
||||
#include <sanitizer/lsan_interface.h>
|
||||
#endif
|
||||
|
||||
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
|
||||
+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
|
||||
|
||||
static enum {
|
||||
ACTION_RUN,
|
||||
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
||||
index 96fb64d2c1..c0dc6a7e17 100644
|
||||
--- a/src/core/system.conf.in
|
||||
+++ b/src/core/system.conf.in
|
||||
@@ -54,7 +54,7 @@
|
||||
#DefaultBlockIOAccounting=no
|
||||
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
|
||||
#DefaultTasksAccounting=yes
|
||||
-#DefaultTasksMax=15%
|
||||
+#DefaultTasksMax=80%
|
||||
#DefaultLimitCPU=
|
||||
#DefaultLimitFSIZE=
|
||||
#DefaultLimitDATA=
|
|
@ -0,0 +1,23 @@
|
|||
From b61e8046ebcb28225423fc0073183d68d4c577c4 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 9 Aug 2018 15:28:44 +0200
|
||||
Subject: [PATCH] units: drop DynamicUser=yes from systemd-resolved.service
|
||||
|
||||
We don't really need DynamicUser since we add systemd-resolve user
|
||||
from rpm script
|
||||
---
|
||||
units/systemd-resolved.service.in | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
|
||||
index 9982ecebff..aaed406ab2 100644
|
||||
--- a/units/systemd-resolved.service.in
|
||||
+++ b/units/systemd-resolved.service.in
|
||||
@@ -26,7 +26,6 @@ RestartSec=0
|
||||
ExecStart=!!@rootlibexecdir@/systemd-resolved
|
||||
WatchdogSec=3min
|
||||
User=systemd-resolve
|
||||
-DynamicUser=yes
|
||||
CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||
PrivateDevices=yes
|
|
@ -0,0 +1,73 @@
|
|||
From 8618ef2fb30b4139c9bec4e45fb499cd8192a87f Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 9 Aug 2018 23:23:00 +0200
|
||||
Subject: [PATCH] journal: remove journal audit socket
|
||||
|
||||
Resolves: #1614554
|
||||
---
|
||||
units/meson.build | 2 --
|
||||
units/systemd-journald-audit.socket | 22 ----------------------
|
||||
units/systemd-journald.service.in | 4 ++--
|
||||
3 files changed, 2 insertions(+), 26 deletions(-)
|
||||
delete mode 100644 units/systemd-journald-audit.socket
|
||||
|
||||
diff --git a/units/meson.build b/units/meson.build
|
||||
index e4ac6ced64..e54a84ccbf 100644
|
||||
--- a/units/meson.build
|
||||
+++ b/units/meson.build
|
||||
@@ -89,8 +89,6 @@ units = [
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||
- ['systemd-journald-audit.socket', '',
|
||||
- 'sockets.target.wants/'],
|
||||
['systemd-journald-dev-log.socket', '',
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journald.socket', '',
|
||||
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket
|
||||
deleted file mode 100644
|
||||
index cb8b774963..0000000000
|
||||
--- a/units/systemd-journald-audit.socket
|
||||
+++ /dev/null
|
||||
@@ -1,22 +0,0 @@
|
||||
-# SPDX-License-Identifier: LGPL-2.1+
|
||||
-#
|
||||
-# This file is part of systemd.
|
||||
-#
|
||||
-# systemd is free software; you can redistribute it and/or modify it
|
||||
-# under the terms of the GNU Lesser General Public License as published by
|
||||
-# the Free Software Foundation; either version 2.1 of the License, or
|
||||
-# (at your option) any later version.
|
||||
-
|
||||
-[Unit]
|
||||
-Description=Journal Audit Socket
|
||||
-Documentation=man:systemd-journald.service(8) man:journald.conf(5)
|
||||
-DefaultDependencies=no
|
||||
-Before=sockets.target
|
||||
-ConditionSecurity=audit
|
||||
-ConditionCapability=CAP_AUDIT_READ
|
||||
-
|
||||
-[Socket]
|
||||
-Service=systemd-journald.service
|
||||
-ReceiveBuffer=128M
|
||||
-ListenNetlink=audit 1
|
||||
-PassCredentials=yes
|
||||
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||
index 52939e6820..8f5021d0de 100644
|
||||
--- a/units/systemd-journald.service.in
|
||||
+++ b/units/systemd-journald.service.in
|
||||
@@ -12,12 +12,12 @@ Description=Journal Service
|
||||
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
|
||||
DefaultDependencies=no
|
||||
Requires=systemd-journald.socket
|
||||
-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
|
||||
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
|
||||
Before=sysinit.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
|
||||
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
|
||||
ExecStart=@rootlibexecdir@/systemd-journald
|
||||
Restart=always
|
||||
RestartSec=0
|
|
@ -0,0 +1,117 @@
|
|||
From c6903d1b42d1773fda4df6676618489ad760a2a1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 18 Jul 2018 12:16:33 +0200
|
||||
Subject: [PATCH] bus: move BUS_DONT_DESTROY calls after asserts
|
||||
|
||||
It's not useful to bump the reference count before checking if the object is
|
||||
NULL. Thanks to d40f5cc498 we can do this ;).
|
||||
|
||||
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1576084,
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1575340,
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1575350. I'm not sure why those two
|
||||
people hit this code path, while most people don't. At least we won't abort.
|
||||
|
||||
(cherry picked from commit 7ae8edcd03f74da123298330b76c3fc5425042ef)
|
||||
|
||||
Resolves: #1610397
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-objects.c | 15 ++++++++-------
|
||||
src/libsystemd/sd-bus/sd-bus.c | 3 ++-
|
||||
2 files changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
|
||||
index 9609834fa9..a18ff88b07 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-objects.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-objects.c
|
||||
@@ -2090,7 +2090,6 @@ _public_ int sd_bus_emit_properties_changed_strv(
|
||||
const char *interface,
|
||||
char **names) {
|
||||
|
||||
- BUS_DONT_DESTROY(bus);
|
||||
bool found_interface = false;
|
||||
char *prefix;
|
||||
int r;
|
||||
@@ -2111,6 +2110,8 @@ _public_ int sd_bus_emit_properties_changed_strv(
|
||||
if (names && names[0] == NULL)
|
||||
return 0;
|
||||
|
||||
+ BUS_DONT_DESTROY(bus);
|
||||
+
|
||||
do {
|
||||
bus->nodes_modified = false;
|
||||
|
||||
@@ -2310,8 +2311,6 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p
|
||||
}
|
||||
|
||||
_public_ int sd_bus_emit_object_added(sd_bus *bus, const char *path) {
|
||||
- BUS_DONT_DESTROY(bus);
|
||||
-
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
struct node *object_manager;
|
||||
int r;
|
||||
@@ -2341,6 +2340,8 @@ _public_ int sd_bus_emit_object_added(sd_bus *bus, const char *path) {
|
||||
if (r == 0)
|
||||
return -ESRCH;
|
||||
|
||||
+ BUS_DONT_DESTROY(bus);
|
||||
+
|
||||
do {
|
||||
bus->nodes_modified = false;
|
||||
m = sd_bus_message_unref(m);
|
||||
@@ -2481,8 +2482,6 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char
|
||||
}
|
||||
|
||||
_public_ int sd_bus_emit_object_removed(sd_bus *bus, const char *path) {
|
||||
- BUS_DONT_DESTROY(bus);
|
||||
-
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
struct node *object_manager;
|
||||
int r;
|
||||
@@ -2512,6 +2511,8 @@ _public_ int sd_bus_emit_object_removed(sd_bus *bus, const char *path) {
|
||||
if (r == 0)
|
||||
return -ESRCH;
|
||||
|
||||
+ BUS_DONT_DESTROY(bus);
|
||||
+
|
||||
do {
|
||||
bus->nodes_modified = false;
|
||||
m = sd_bus_message_unref(m);
|
||||
@@ -2645,8 +2646,6 @@ static int interfaces_added_append_one(
|
||||
}
|
||||
|
||||
_public_ int sd_bus_emit_interfaces_added_strv(sd_bus *bus, const char *path, char **interfaces) {
|
||||
- BUS_DONT_DESTROY(bus);
|
||||
-
|
||||
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
||||
struct node *object_manager;
|
||||
char **i;
|
||||
@@ -2669,6 +2668,8 @@ _public_ int sd_bus_emit_interfaces_added_strv(sd_bus *bus, const char *path, ch
|
||||
if (r == 0)
|
||||
return -ESRCH;
|
||||
|
||||
+ BUS_DONT_DESTROY(bus);
|
||||
+
|
||||
do {
|
||||
bus->nodes_modified = false;
|
||||
m = sd_bus_message_unref(m);
|
||||
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
|
||||
index 089b51a6d9..7f03528b89 100644
|
||||
--- a/src/libsystemd/sd-bus/sd-bus.c
|
||||
+++ b/src/libsystemd/sd-bus/sd-bus.c
|
||||
@@ -2883,7 +2883,6 @@ finish:
|
||||
}
|
||||
|
||||
static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priority, sd_bus_message **ret) {
|
||||
- BUS_DONT_DESTROY(bus);
|
||||
int r;
|
||||
|
||||
/* Returns 0 when we didn't do anything. This should cause the
|
||||
@@ -2899,6 +2898,8 @@ static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priorit
|
||||
assert_return(!bus->current_message, -EBUSY);
|
||||
assert(!bus->current_slot);
|
||||
|
||||
+ BUS_DONT_DESTROY(bus);
|
||||
+
|
||||
switch (bus->state) {
|
||||
|
||||
case BUS_UNSET:
|
|
@ -1,27 +0,0 @@
|
|||
From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Thu, 4 Nov 2021 12:31:32 +0100
|
||||
Subject: [PATCH] ci: use C9S chroots in Packit
|
||||
|
||||
rhel-only
|
||||
Related: #2017035
|
||||
---
|
||||
.packit.yml | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/.packit.yml b/.packit.yml
|
||||
index 3461bccbc5..ce8782aae2 100644
|
||||
--- a/.packit.yml
|
||||
+++ b/.packit.yml
|
||||
@@ -37,9 +37,8 @@ jobs:
|
||||
trigger: pull_request
|
||||
metadata:
|
||||
targets:
|
||||
- # FIXME: change to CentOS 9 once it's available
|
||||
- - fedora-34-x86_64
|
||||
- - fedora-34-aarch64
|
||||
+ - centos-stream-9-x86_64
|
||||
+ - centos-stream-9-aarch64
|
||||
|
||||
# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
|
||||
# Run tests (via testing farm)
|
|
@ -0,0 +1,23 @@
|
|||
From 56f614a5d6305dc1d304c30438db5b394d16e2da Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 12 Oct 2018 13:58:34 +0000
|
||||
Subject: [PATCH] random-seed: raise POOL_SIZE_MIN constant to 1024
|
||||
|
||||
Resolves: #1619268
|
||||
---
|
||||
src/random-seed/random-seed.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
|
||||
index 223b56306c..adc9f298c1 100644
|
||||
--- a/src/random-seed/random-seed.c
|
||||
+++ b/src/random-seed/random-seed.c
|
||||
@@ -14,7 +14,7 @@
|
||||
#include "string-util.h"
|
||||
#include "util.h"
|
||||
|
||||
-#define POOL_SIZE_MIN 512
|
||||
+#define POOL_SIZE_MIN 1024
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
_cleanup_close_ int seed_fd = -1, random_fd = -1;
|
|
@ -1,30 +0,0 @@
|
|||
From 3c54c67a7fc65dc5b49b2452739c19b94eeb98a9 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Tue, 21 Dec 2021 10:46:17 +0100
|
||||
Subject: [PATCH] Treat EPERM as "not available" too
|
||||
|
||||
We need to do this because idmapped mounts habe been disabled in RHEL-9
|
||||
kernel: https://bugzilla.redhat.com/show_bug.cgi?id=2018141 .
|
||||
|
||||
RHEL-only
|
||||
|
||||
Fixes #55
|
||||
|
||||
Related: #2017035
|
||||
---
|
||||
src/nspawn/nspawn.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
||||
index 8f17ab8810..9225c8f162 100644
|
||||
--- a/src/nspawn/nspawn.c
|
||||
+++ b/src/nspawn/nspawn.c
|
||||
@@ -3780,7 +3780,7 @@ static int outer_child(
|
||||
arg_uid_shift != 0) {
|
||||
|
||||
r = remount_idmap(directory, arg_uid_shift, arg_uid_range);
|
||||
- if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
+ if (IN_SET(r, -EINVAL, -EPERM) || ERRNO_IS_NOT_SUPPORTED(r)) {
|
||||
/* This might fail because the kernel or file system doesn't support idmapping. We
|
||||
* can't really distinguish this nicely, nor do we have any guarantees about the
|
||||
* error codes we see, could be EOPNOTSUPP or EINVAL. */
|
|
@ -0,0 +1,119 @@
|
|||
From a046230cfb7e02938e3ad2ac85515636b319651e Mon Sep 17 00:00:00 2001
|
||||
From: Dimitri John Ledkov <xnox@ubuntu.com>
|
||||
Date: Wed, 29 Aug 2018 15:38:09 +0100
|
||||
Subject: [PATCH] cryptsetup: add support for sector-size= option (#9936)
|
||||
|
||||
Bug-Ubuntu: https://launchpad.net/bugs/1776626
|
||||
|
||||
Closes #8881.
|
||||
|
||||
(cherry picked from commit a9fc640671ef60ac949f1ace6fa687ff242fc233)
|
||||
|
||||
Resolves: #1572563
|
||||
---
|
||||
man/crypttab.xml | 9 +++++++++
|
||||
meson.build | 6 ++++++
|
||||
src/cryptsetup/cryptsetup.c | 30 ++++++++++++++++++++++++++++++
|
||||
3 files changed, 45 insertions(+)
|
||||
|
||||
diff --git a/man/crypttab.xml b/man/crypttab.xml
|
||||
index dcaf03d2ca..3574ce00da 100644
|
||||
--- a/man/crypttab.xml
|
||||
+++ b/man/crypttab.xml
|
||||
@@ -250,6 +250,15 @@
|
||||
option.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><option>sector-size=</option></term>
|
||||
+
|
||||
+ <listitem><para>Specifies the sector size in bytes. See
|
||||
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
+ for possible values and the default value of this
|
||||
+ option.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><option>swap</option></term>
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index a0e7240708..f308db2631 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -927,11 +927,17 @@ if want_libcryptsetup != 'false' and not fuzzer_build
|
||||
version : '>= 1.6.0',
|
||||
required : want_libcryptsetup == 'true')
|
||||
have = libcryptsetup.found()
|
||||
+ have_sector = cc.has_member(
|
||||
+ 'struct crypt_params_plain',
|
||||
+ 'sector_size',
|
||||
+ prefix : '#include <libcryptsetup.h>')
|
||||
else
|
||||
have = false
|
||||
+ have_sector = false
|
||||
libcryptsetup = []
|
||||
endif
|
||||
conf.set10('HAVE_LIBCRYPTSETUP', have)
|
||||
+conf.set10('HAVE_LIBCRYPTSETUP_SECTOR_SIZE', have_sector)
|
||||
|
||||
want_libcurl = get_option('libcurl')
|
||||
if want_libcurl != 'false' and not fuzzer_build
|
||||
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
||||
index 832168184a..87008cb969 100644
|
||||
--- a/src/cryptsetup/cryptsetup.c
|
||||
+++ b/src/cryptsetup/cryptsetup.c
|
||||
@@ -23,10 +23,14 @@
|
||||
|
||||
/* internal helper */
|
||||
#define ANY_LUKS "LUKS"
|
||||
+/* as in src/cryptsetup.h */
|
||||
+#define CRYPT_SECTOR_SIZE 512
|
||||
+#define CRYPT_MAX_SECTOR_SIZE 4096
|
||||
|
||||
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
||||
static char *arg_cipher = NULL;
|
||||
static unsigned arg_key_size = 0;
|
||||
+static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
|
||||
static int arg_key_slot = CRYPT_ANY_SLOT;
|
||||
static unsigned arg_keyfile_size = 0;
|
||||
static uint64_t arg_keyfile_offset = 0;
|
||||
@@ -86,6 +90,29 @@ static int parse_one_option(const char *option) {
|
||||
|
||||
arg_key_size /= 8;
|
||||
|
||||
+ } else if ((val = startswith(option, "sector-size="))) {
|
||||
+
|
||||
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
||||
+ r = safe_atou(val, &arg_sector_size);
|
||||
+ if (r < 0) {
|
||||
+ log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (arg_sector_size % 2) {
|
||||
+ log_error("sector-size= not a multiple of 2, ignoring.");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) {
|
||||
+ log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+#else
|
||||
+ log_error("sector-size= is not supported, compiled with old libcryptsetup.");
|
||||
+ return 0;
|
||||
+#endif
|
||||
+
|
||||
} else if ((val = startswith(option, "key-slot="))) {
|
||||
|
||||
arg_type = ANY_LUKS;
|
||||
@@ -471,6 +498,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
||||
struct crypt_params_plain params = {
|
||||
.offset = arg_offset,
|
||||
.skip = arg_skip,
|
||||
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
||||
+ .sector_size = arg_sector_size,
|
||||
+#endif
|
||||
};
|
||||
const char *cipher, *cipher_mode;
|
||||
_cleanup_free_ char *truncated_cipher = NULL;
|
|
@ -0,0 +1,29 @@
|
|||
From 96b6171376bfdb7417143a2026beda059fe3e22f Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Sat, 1 Sep 2018 23:47:46 +0900
|
||||
Subject: [PATCH] cryptsetup: do not define arg_sector_size if libgcrypt is
|
||||
v1.x (#9990)
|
||||
|
||||
Follow-up for #9936.
|
||||
|
||||
(cherry picked from commit 645461f0cf6ec91e5b0b571559fb4cc4898192bc)
|
||||
|
||||
Related: #1572563
|
||||
---
|
||||
src/cryptsetup/cryptsetup.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
||||
index 87008cb969..abeba44ee8 100644
|
||||
--- a/src/cryptsetup/cryptsetup.c
|
||||
+++ b/src/cryptsetup/cryptsetup.c
|
||||
@@ -30,7 +30,9 @@
|
||||
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
||||
static char *arg_cipher = NULL;
|
||||
static unsigned arg_key_size = 0;
|
||||
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
||||
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
|
||||
+#endif
|
||||
static int arg_key_slot = CRYPT_ANY_SLOT;
|
||||
static unsigned arg_keyfile_size = 0;
|
||||
static uint64_t arg_keyfile_offset = 0;
|
|
@ -1,39 +0,0 @@
|
|||
From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Mon, 31 Jan 2022 14:19:09 +0100
|
||||
Subject: [PATCH] test: copy portable profiles into the image if they don't
|
||||
exist there
|
||||
|
||||
If we're built with `-Dportable=false`, the portable profiles won't get
|
||||
installed into the image. Since we need only the profile files and
|
||||
nothing else, let's copy them into the image explicitly in such case.
|
||||
|
||||
(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a)
|
||||
|
||||
Related: #2017035
|
||||
---
|
||||
test/test-functions | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/test/test-functions b/test/test-functions
|
||||
index 218d0e6888..35d8f074a9 100644
|
||||
--- a/test/test-functions
|
||||
+++ b/test/test-functions
|
||||
@@ -1151,6 +1151,17 @@ install_systemd() {
|
||||
mkdir -p "$initdir/etc/systemd/system/service.d/"
|
||||
echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf"
|
||||
fi
|
||||
+
|
||||
+ # If we're built with -Dportabled=false, tests with systemd-analyze
|
||||
+ # --profile will fail. Since we need just the profile (text) files, let's
|
||||
+ # copy them into the image if they don't exist there.
|
||||
+ local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable"
|
||||
+ if [[ ! -d "$portable_dir/profile/strict" ]]; then
|
||||
+ dinfo "Couldn't find portable profiles in the test image"
|
||||
+ dinfo "Copying them directly from the source tree"
|
||||
+ mkdir -p "$portable_dir"
|
||||
+ cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir"
|
||||
+ fi
|
||||
}
|
||||
|
||||
get_ldpath() {
|
|
@ -1,43 +0,0 @@
|
|||
From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Tue, 1 Feb 2022 20:18:29 +0100
|
||||
Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper
|
||||
|
||||
which returns the host's cgroup hierarchy (unified, hybrid, or legacy).
|
||||
|
||||
(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a)
|
||||
|
||||
Related: #2047768
|
||||
---
|
||||
test/test-functions | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/test/test-functions b/test/test-functions
|
||||
index 35d8f074a9..4827b6bedf 100644
|
||||
--- a/test/test-functions
|
||||
+++ b/test/test-functions
|
||||
@@ -1996,6 +1996,24 @@ import_initdir() {
|
||||
export initdir
|
||||
}
|
||||
|
||||
+get_cgroup_hierarchy() {
|
||||
+ case "$(stat -c '%T' -f /sys/fs/cgroup)" in
|
||||
+ cgroup2fs)
|
||||
+ echo "unified"
|
||||
+ ;;
|
||||
+ tmpfs)
|
||||
+ if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then
|
||||
+ echo "hybrid"
|
||||
+ else
|
||||
+ echo "legacy"
|
||||
+ fi
|
||||
+ ;;
|
||||
+ *)
|
||||
+ dfatal "Failed to determine host's cgroup hierarchy"
|
||||
+ exit 1
|
||||
+ esac
|
||||
+}
|
||||
+
|
||||
## @brief Converts numeric logging level to the first letter of level name.
|
||||
#
|
||||
# @param lvl Numeric logging level in range from 1 to 6.
|
|
@ -0,0 +1,112 @@
|
|||
From e143339ac712f745727951973417ce93b5d06d78 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 12 Oct 2018 14:50:09 +0000
|
||||
Subject: [PATCH] units: don't enable per-service IP firewall by default
|
||||
|
||||
Resolves: #1630219
|
||||
---
|
||||
units/systemd-coredump@.service.in | 1 -
|
||||
units/systemd-hostnamed.service.in | 1 -
|
||||
units/systemd-journald.service.in | 1 -
|
||||
units/systemd-localed.service.in | 1 -
|
||||
units/systemd-logind.service.in | 1 -
|
||||
units/systemd-machined.service.in | 1 -
|
||||
units/systemd-portabled.service.in | 1 -
|
||||
units/systemd-timedated.service.in | 1 -
|
||||
units/systemd-udevd.service.in | 1 -
|
||||
9 files changed, 9 deletions(-)
|
||||
|
||||
diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
|
||||
index 215696ecd1..68a68a5055 100644
|
||||
--- a/units/systemd-coredump@.service.in
|
||||
+++ b/units/systemd-coredump@.service.in
|
||||
@@ -37,5 +37,4 @@ SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
StateDirectory=systemd/coredump
|
||||
diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
|
||||
index da74b4fe8b..4e5470dd29 100644
|
||||
--- a/units/systemd-hostnamed.service.in
|
||||
+++ b/units/systemd-hostnamed.service.in
|
||||
@@ -33,5 +33,4 @@ SystemCallFilter=@system-service sethostname
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
ReadWritePaths=/etc
|
||||
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
|
||||
index 8f5021d0de..2d5fd0120d 100644
|
||||
--- a/units/systemd-journald.service.in
|
||||
+++ b/units/systemd-journald.service.in
|
||||
@@ -33,7 +33,6 @@ SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# services being run since we keep one fd open per service. Also, when
|
||||
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
|
||||
index a24e61a0cd..ce043db154 100644
|
||||
--- a/units/systemd-localed.service.in
|
||||
+++ b/units/systemd-localed.service.in
|
||||
@@ -33,5 +33,4 @@ SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
ReadWritePaths=/etc
|
||||
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
|
||||
index 5e090bcf23..6953fac55b 100644
|
||||
--- a/units/systemd-logind.service.in
|
||||
+++ b/units/systemd-logind.service.in
|
||||
@@ -34,7 +34,6 @@ SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
FileDescriptorStoreMax=512
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
|
||||
index 1200a90a61..dec2c4b0dc 100644
|
||||
--- a/units/systemd-machined.service.in
|
||||
+++ b/units/systemd-machined.service.in
|
||||
@@ -27,7 +27,6 @@ SystemCallFilter=@system-service @mount
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
|
||||
# Note that machined cannot be placed in a mount namespace, since it
|
||||
# needs access to the host's mount namespace in order to implement the
|
||||
diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in
|
||||
index a868f61dba..64f14071e8 100644
|
||||
--- a/units/systemd-portabled.service.in
|
||||
+++ b/units/systemd-portabled.service.in
|
||||
@@ -23,4 +23,3 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
|
||||
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
|
||||
index 906bb4326c..662b39557a 100644
|
||||
--- a/units/systemd-timedated.service.in
|
||||
+++ b/units/systemd-timedated.service.in
|
||||
@@ -31,5 +31,4 @@ SystemCallFilter=@system-service @clock
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
||||
ReadWritePaths=/etc
|
||||
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
|
||||
index 6a3814e5d9..fd9ead3bb8 100644
|
||||
--- a/units/systemd-udevd.service.in
|
||||
+++ b/units/systemd-udevd.service.in
|
||||
@@ -33,4 +33,3 @@ SystemCallFilter=@system-service @module @raw-io
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
-IPAddressDeny=any
|
|
@ -0,0 +1,45 @@
|
|||
From 87922b7adc47f311e89b21e37b26ee300a401e1d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 9 Jul 2018 13:21:44 +0200
|
||||
Subject: [PATCH] bus-message: do not crash on message with a string of zero
|
||||
length
|
||||
|
||||
We'd calculate the "real" length of the string as 'item_size - 1', which does
|
||||
not work out well when item_size == 0.
|
||||
|
||||
(cherry picked from commit 81b6e63029eefcb0ec03a3a7c248490e38106073)
|
||||
|
||||
Resolves: #1635439
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-message.c | 6 ++++++
|
||||
.../crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e | Bin 0 -> 51 bytes
|
||||
2 files changed, 6 insertions(+)
|
||||
create mode 100644 test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
||||
index 8d92bc2002..381034f5f8 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-message.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-message.c
|
||||
@@ -3312,6 +3312,12 @@ _public_ int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
|
||||
if (IN_SET(type, SD_BUS_TYPE_STRING, SD_BUS_TYPE_OBJECT_PATH, SD_BUS_TYPE_SIGNATURE)) {
|
||||
bool ok;
|
||||
|
||||
+ /* D-Bus spec: The marshalling formats for the string-like types all end
|
||||
+ * with a single zero (NUL) byte, but that byte is not considered to be part
|
||||
+ * of the text. */
|
||||
+ if (c->item_size == 0)
|
||||
+ return -EBADMSG;
|
||||
+
|
||||
r = message_peek_body(m, &rindex, 1, c->item_size, &q);
|
||||
if (r < 0)
|
||||
return r;
|
||||
diff --git a/test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e b/test/fuzz/fuzz-bus-message/crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..4488f0a6c685b5d43eddbe41a0c6a3b6be9b02e2
|
||||
GIT binary patch
|
||||
literal 51
|
||||
fcmc~1WMC4sJpJnr13KV`0|t%6q+%$@&=ddw)CUPg
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Tue, 1 Feb 2022 20:25:00 +0100
|
||||
Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56
|
||||
|
||||
since cgroup empty notifications are unreliable in legacy cgroups.
|
||||
|
||||
See: systemd/systemd#22320
|
||||
Complements: systemd/systemd#22344
|
||||
(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954)
|
||||
|
||||
Related: #2047768
|
||||
---
|
||||
test/TEST-56-EXIT-TYPE/test.sh | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh
|
||||
index 0f84dca1ba..37475e817e 100755
|
||||
--- a/test/TEST-56-EXIT-TYPE/test.sh
|
||||
+++ b/test/TEST-56-EXIT-TYPE/test.sh
|
||||
@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup"
|
||||
# shellcheck source=test/test-functions
|
||||
. "${TEST_BASE_DIR:?}/test-functions"
|
||||
|
||||
+if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
|
||||
+ echo "This test requires unified cgroup hierarchy, skipping..."
|
||||
+ exit 0
|
||||
+fi
|
||||
+
|
||||
do_test "$@"
|
|
@ -0,0 +1,279 @@
|
|||
From 26de3af817b0c5746cb61b798ae8e138e01ea17c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 9 Jul 2018 07:03:01 +0200
|
||||
Subject: [PATCH] Introduce free_and_strndup and use it in bus-message.c
|
||||
|
||||
v2: fix error in free_and_strndup()
|
||||
|
||||
When the orignal and copied message were the same, but shorter than specified
|
||||
length l, memory read past the end of the buffer would be performed. A test
|
||||
case is included: a string that had an embedded NUL ("q\0") is used to replace
|
||||
"q".
|
||||
|
||||
v3: Fix one more bug in free_and_strndup and add tests.
|
||||
|
||||
v4: Some style fixed based on review, one more use of free_and_replace, and
|
||||
make the tests more comprehensive.
|
||||
|
||||
(cherry picked from commit 7f546026abbdc56c453a577e52d57159458c3e9c)
|
||||
|
||||
Resolves: #1635428
|
||||
---
|
||||
src/basic/string-util.c | 28 +++++++-
|
||||
src/basic/string-util.h | 1 +
|
||||
src/libsystemd/sd-bus/bus-message.c | 34 ++++------
|
||||
src/test/test-string-util.c | 62 ++++++++++++++++++
|
||||
...h-b88ad9ecf4aacf4a0caca5b5543953265367f084 | Bin 0 -> 32 bytes
|
||||
5 files changed, 103 insertions(+), 22 deletions(-)
|
||||
create mode 100644 test/fuzz/fuzz-bus-message/crash-b88ad9ecf4aacf4a0caca5b5543953265367f084
|
||||
|
||||
diff --git a/src/basic/string-util.c b/src/basic/string-util.c
|
||||
index 0a40683493..dfa739996f 100644
|
||||
--- a/src/basic/string-util.c
|
||||
+++ b/src/basic/string-util.c
|
||||
@@ -1004,7 +1004,7 @@ int free_and_strdup(char **p, const char *s) {
|
||||
|
||||
assert(p);
|
||||
|
||||
- /* Replaces a string pointer with an strdup()ed new string,
|
||||
+ /* Replaces a string pointer with a strdup()ed new string,
|
||||
* possibly freeing the old one. */
|
||||
|
||||
if (streq_ptr(*p, s))
|
||||
@@ -1023,6 +1023,32 @@ int free_and_strdup(char **p, const char *s) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
+int free_and_strndup(char **p, const char *s, size_t l) {
|
||||
+ char *t;
|
||||
+
|
||||
+ assert(p);
|
||||
+ assert(s || l == 0);
|
||||
+
|
||||
+ /* Replaces a string pointer with a strndup()ed new string,
|
||||
+ * freeing the old one. */
|
||||
+
|
||||
+ if (!*p && !s)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (*p && s && strneq(*p, s, l) && (l > strlen(*p) || (*p)[l] == '\0'))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (s) {
|
||||
+ t = strndup(s, l);
|
||||
+ if (!t)
|
||||
+ return -ENOMEM;
|
||||
+ } else
|
||||
+ t = NULL;
|
||||
+
|
||||
+ free_and_replace(*p, t);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
#if !HAVE_EXPLICIT_BZERO
|
||||
/*
|
||||
* Pointer to memset is volatile so that compiler must de-reference
|
||||
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
|
||||
index c0cc4e78d7..96a9260f93 100644
|
||||
--- a/src/basic/string-util.h
|
||||
+++ b/src/basic/string-util.h
|
||||
@@ -176,6 +176,7 @@ char *strrep(const char *s, unsigned n);
|
||||
int split_pair(const char *s, const char *sep, char **l, char **r);
|
||||
|
||||
int free_and_strdup(char **p, const char *s);
|
||||
+int free_and_strndup(char **p, const char *s, size_t l);
|
||||
|
||||
/* Normal memmem() requires haystack to be nonnull, which is annoying for zero-length buffers */
|
||||
static inline void *memmem_safe(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) {
|
||||
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
||||
index 381034f5f8..7c8bad2bdd 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-message.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-message.c
|
||||
@@ -4175,20 +4175,19 @@ _public_ int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char
|
||||
|
||||
if (contents) {
|
||||
size_t l;
|
||||
- char *sig;
|
||||
|
||||
r = signature_element_length(c->signature+c->index+1, &l);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- assert(l >= 1);
|
||||
+ /* signature_element_length does verification internally */
|
||||
|
||||
- sig = strndup(c->signature + c->index + 1, l);
|
||||
- if (!sig)
|
||||
+ assert(l >= 1);
|
||||
+ if (free_and_strndup(&c->peeked_signature,
|
||||
+ c->signature + c->index + 1, l) < 0)
|
||||
return -ENOMEM;
|
||||
|
||||
- free(c->peeked_signature);
|
||||
- *contents = c->peeked_signature = sig;
|
||||
+ *contents = c->peeked_signature;
|
||||
}
|
||||
|
||||
if (type)
|
||||
@@ -4201,19 +4200,17 @@ _public_ int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char
|
||||
|
||||
if (contents) {
|
||||
size_t l;
|
||||
- char *sig;
|
||||
|
||||
r = signature_element_length(c->signature+c->index, &l);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
assert(l >= 2);
|
||||
- sig = strndup(c->signature + c->index + 1, l - 2);
|
||||
- if (!sig)
|
||||
+ if (free_and_strndup(&c->peeked_signature,
|
||||
+ c->signature + c->index + 1, l - 2) < 0)
|
||||
return -ENOMEM;
|
||||
|
||||
- free(c->peeked_signature);
|
||||
- *contents = c->peeked_signature = sig;
|
||||
+ *contents = c->peeked_signature;
|
||||
}
|
||||
|
||||
if (type)
|
||||
@@ -4253,9 +4250,8 @@ _public_ int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char
|
||||
if (k > c->item_size)
|
||||
return -EBADMSG;
|
||||
|
||||
- free(c->peeked_signature);
|
||||
- c->peeked_signature = strndup((char*) q + 1, k - 1);
|
||||
- if (!c->peeked_signature)
|
||||
+ if (free_and_strndup(&c->peeked_signature,
|
||||
+ (char*) q + 1, k - 1) < 0)
|
||||
return -ENOMEM;
|
||||
|
||||
if (!signature_is_valid(c->peeked_signature, true))
|
||||
@@ -5085,25 +5081,21 @@ int bus_message_parse_fields(sd_bus_message *m) {
|
||||
|
||||
if (*p == 0) {
|
||||
size_t l;
|
||||
- char *c;
|
||||
|
||||
/* We found the beginning of the signature
|
||||
* string, yay! We require the body to be a
|
||||
* structure, so verify it and then strip the
|
||||
* opening/closing brackets. */
|
||||
|
||||
- l = ((char*) m->footer + m->footer_accessible) - p - (1 + sz);
|
||||
+ l = (char*) m->footer + m->footer_accessible - p - (1 + sz);
|
||||
if (l < 2 ||
|
||||
p[1] != SD_BUS_TYPE_STRUCT_BEGIN ||
|
||||
p[1 + l - 1] != SD_BUS_TYPE_STRUCT_END)
|
||||
return -EBADMSG;
|
||||
|
||||
- c = strndup(p + 1 + 1, l - 2);
|
||||
- if (!c)
|
||||
+ if (free_and_strndup(&m->root_container.signature,
|
||||
+ p + 1 + 1, l - 2) < 0)
|
||||
return -ENOMEM;
|
||||
-
|
||||
- free(m->root_container.signature);
|
||||
- m->root_container.signature = c;
|
||||
break;
|
||||
}
|
||||
|
||||
diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c
|
||||
index 3e72ce2c0a..43a6b14c34 100644
|
||||
--- a/src/test/test-string-util.c
|
||||
+++ b/src/test/test-string-util.c
|
||||
@@ -5,6 +5,7 @@
|
||||
#include "macro.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
+#include "tests.h"
|
||||
#include "utf8.h"
|
||||
|
||||
static void test_string_erase(void) {
|
||||
@@ -30,6 +31,64 @@ static void test_string_erase(void) {
|
||||
assert_se(x[9] == '\0');
|
||||
}
|
||||
|
||||
+static void test_free_and_strndup_one(char **t, const char *src, size_t l, const char *expected, bool change) {
|
||||
+ int r;
|
||||
+
|
||||
+ log_debug("%s: \"%s\", \"%s\", %zd (expect \"%s\", %s)",
|
||||
+ __func__, strnull(*t), strnull(src), l, strnull(expected), yes_no(change));
|
||||
+
|
||||
+ r = free_and_strndup(t, src, l);
|
||||
+ assert_se(streq_ptr(*t, expected));
|
||||
+ assert_se(r == change); /* check that change occurs only when necessary */
|
||||
+}
|
||||
+
|
||||
+static void test_free_and_strndup(void) {
|
||||
+ static const struct test_case {
|
||||
+ const char *src;
|
||||
+ size_t len;
|
||||
+ const char *expected;
|
||||
+ } cases[] = {
|
||||
+ {"abc", 0, ""},
|
||||
+ {"abc", 0, ""},
|
||||
+ {"abc", 1, "a"},
|
||||
+ {"abc", 2, "ab"},
|
||||
+ {"abc", 3, "abc"},
|
||||
+ {"abc", 4, "abc"},
|
||||
+ {"abc", 5, "abc"},
|
||||
+ {"abc", 5, "abc"},
|
||||
+ {"abc", 4, "abc"},
|
||||
+ {"abc", 3, "abc"},
|
||||
+ {"abc", 2, "ab"},
|
||||
+ {"abc", 1, "a"},
|
||||
+ {"abc", 0, ""},
|
||||
+
|
||||
+ {"", 0, ""},
|
||||
+ {"", 1, ""},
|
||||
+ {"", 2, ""},
|
||||
+ {"", 0, ""},
|
||||
+ {"", 1, ""},
|
||||
+ {"", 2, ""},
|
||||
+ {"", 2, ""},
|
||||
+ {"", 1, ""},
|
||||
+ {"", 0, ""},
|
||||
+
|
||||
+ {NULL, 0, NULL},
|
||||
+
|
||||
+ {"foo", 3, "foo"},
|
||||
+ {"foobar", 6, "foobar"},
|
||||
+ };
|
||||
+
|
||||
+ _cleanup_free_ char *t = NULL;
|
||||
+ const char *prev_expected = t;
|
||||
+
|
||||
+ for (unsigned i = 0; i < ELEMENTSOF(cases); i++) {
|
||||
+ test_free_and_strndup_one(&t,
|
||||
+ cases[i].src, cases[i].len, cases[i].expected,
|
||||
+ !streq_ptr(cases[i].expected, prev_expected));
|
||||
+ prev_expected = t;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void test_ascii_strcasecmp_n(void) {
|
||||
|
||||
assert_se(ascii_strcasecmp_n("", "", 0) == 0);
|
||||
@@ -497,7 +556,10 @@ static void test_memory_startswith(void) {
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
+ test_setup_logging(LOG_DEBUG);
|
||||
+
|
||||
test_string_erase();
|
||||
+ test_free_and_strndup();
|
||||
test_ascii_strcasecmp_n();
|
||||
test_ascii_strcasecmp_nn();
|
||||
test_cellescape();
|
||||
diff --git a/test/fuzz/fuzz-bus-message/crash-b88ad9ecf4aacf4a0caca5b5543953265367f084 b/test/fuzz/fuzz-bus-message/crash-b88ad9ecf4aacf4a0caca5b5543953265367f084
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..52469650b5498a45d5d95bd9d933c989cfb47ca7
|
||||
GIT binary patch
|
||||
literal 32
|
||||
ccmd1#|DTBg0(2Mzp)7_%AVVXuuuM|`09r!?!~g&Q
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
|
@ -1,671 +0,0 @@
|
|||
From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 1 Feb 2022 12:06:59 +0100
|
||||
Subject: [PATCH] tests: rework test macros to not take code as parameters
|
||||
|
||||
C macros are nasty. We use them, but we try to be conservative with
|
||||
them. In particular passing literal, complex code blocks as argument is
|
||||
icky, because of "," handling of C, and also because it's quite a
|
||||
challange for most code highlighters and similar. Hence, let's avoid
|
||||
that. Using macros for genreating functions is OK but if so, the
|
||||
parameters should be simple words, not full code blocks.
|
||||
|
||||
hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
|
||||
of code block as argument.
|
||||
|
||||
As side-effect this also fixes a bunch of cases where we might end up
|
||||
returning a negative value from main().
|
||||
|
||||
Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
|
||||
main() functions, these are replaced by static variables, and their
|
||||
destructors by the static destructor logic.
|
||||
|
||||
This doesn't fix any bugs or so, it's just supposed to make the code
|
||||
easier to work with and improve it easthetically.
|
||||
|
||||
Or in other words: let's use macros where it really makes sense, but
|
||||
let's not go overboard with it.
|
||||
|
||||
(And yes, FOREACH_DIRENT() is another one of those macros that take
|
||||
code, and I dislike that too and regret I ever added that.)
|
||||
|
||||
(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f)
|
||||
|
||||
Related: #2017035
|
||||
---
|
||||
src/shared/tests.h | 25 +++++++++++++-----
|
||||
src/test/test-barrier.c | 46 +++++++++++++++++----------------
|
||||
src/test/test-cgroup-setup.c | 15 ++++++-----
|
||||
src/test/test-chown-rec.c | 15 ++++++-----
|
||||
src/test/test-format-table.c | 14 +++++-----
|
||||
src/test/test-fs-util.c | 7 ++++-
|
||||
src/test/test-hashmap.c | 16 +++++++++---
|
||||
src/test/test-install-root.c | 14 +++++++---
|
||||
src/test/test-load-fragment.c | 21 ++++++++-------
|
||||
src/test/test-mountpoint-util.c | 30 +++++++++++----------
|
||||
src/test/test-namespace.c | 15 ++++++-----
|
||||
src/test/test-proc-cmdline.c | 15 ++++++-----
|
||||
src/test/test-process-util.c | 7 ++++-
|
||||
src/test/test-sd-hwdb.c | 21 ++++++++-------
|
||||
src/test/test-serialize.c | 16 ++++++------
|
||||
src/test/test-sleep.c | 15 ++++++-----
|
||||
src/test/test-stat-util.c | 7 ++++-
|
||||
src/test/test-time-util.c | 6 +++--
|
||||
src/test/test-unit-file.c | 7 ++++-
|
||||
src/test/test-unit-name.c | 21 ++++++++-------
|
||||
src/test/test-unit-serialize.c | 21 ++++++++-------
|
||||
src/test/test-utf8.c | 7 ++++-
|
||||
22 files changed, 215 insertions(+), 146 deletions(-)
|
||||
|
||||
diff --git a/src/shared/tests.h b/src/shared/tests.h
|
||||
index 3b93aab498..59448f38f6 100644
|
||||
--- a/src/shared/tests.h
|
||||
+++ b/src/shared/tests.h
|
||||
@@ -6,6 +6,7 @@
|
||||
#include "sd-daemon.h"
|
||||
|
||||
#include "macro.h"
|
||||
+#include "static-destruct.h"
|
||||
#include "util.h"
|
||||
|
||||
static inline bool manager_errno_skip_test(int r) {
|
||||
@@ -109,15 +110,27 @@ static inline int run_test_table(void) {
|
||||
return r;
|
||||
}
|
||||
|
||||
+static inline int test_nop(void) {
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
|
||||
int main(int argc, char *argv[]) { \
|
||||
- int _r = EXIT_SUCCESS; \
|
||||
+ int _r, _q; \
|
||||
test_setup_logging(log_level); \
|
||||
save_argc_argv(argc, argv); \
|
||||
- intro; \
|
||||
- _r = run_test_table(); \
|
||||
- outro; \
|
||||
- return _r; \
|
||||
+ _r = intro(); \
|
||||
+ if (_r == EXIT_SUCCESS) \
|
||||
+ _r = run_test_table(); \
|
||||
+ _q = outro(); \
|
||||
+ static_destruct(); \
|
||||
+ if (_r < 0) \
|
||||
+ return EXIT_FAILURE; \
|
||||
+ if (_r != EXIT_SUCCESS) \
|
||||
+ return _r; \
|
||||
+ if (_q < 0) \
|
||||
+ return EXIT_FAILURE; \
|
||||
+ return _q; \
|
||||
}
|
||||
|
||||
-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
|
||||
+#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
|
||||
diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
|
||||
index 8998282afb..b87538806a 100644
|
||||
--- a/src/test/test-barrier.c
|
||||
+++ b/src/test/test-barrier.c
|
||||
@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit,
|
||||
}),
|
||||
TEST_BARRIER_WAIT_SUCCESS(pid2));
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- ({
|
||||
- if (!slow_tests_enabled())
|
||||
- return log_tests_skipped("slow tests are disabled");
|
||||
-
|
||||
- /*
|
||||
- * This test uses real-time alarms and sleeps to test for CPU races
|
||||
- * explicitly. This is highly fragile if your system is under load. We
|
||||
- * already increased the BASE_TIME value to make the tests more robust,
|
||||
- * but that just makes the test take significantly longer. Given the recent
|
||||
- * issues when running the test in a virtualized environments, limit it
|
||||
- * to bare metal machines only, to minimize false-positives in CIs.
|
||||
- */
|
||||
- int v = detect_virtualization();
|
||||
- if (IN_SET(v, -EPERM, -EACCES))
|
||||
- return log_tests_skipped("Cannot detect virtualization");
|
||||
-
|
||||
- if (v != VIRTUALIZATION_NONE)
|
||||
- return log_tests_skipped("This test requires a baremetal machine");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+
|
||||
+static int intro(void) {
|
||||
+ if (!slow_tests_enabled())
|
||||
+ return log_tests_skipped("slow tests are disabled");
|
||||
+
|
||||
+ /*
|
||||
+ * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly
|
||||
+ * fragile if your system is under load. We already increased the BASE_TIME value to make the tests
|
||||
+ * more robust, but that just makes the test take significantly longer. Given the recent issues when
|
||||
+ * running the test in a virtualized environments, limit it to bare metal machines only, to minimize
|
||||
+ * false-positives in CIs.
|
||||
+ */
|
||||
+
|
||||
+ int v = detect_virtualization();
|
||||
+ if (IN_SET(v, -EPERM, -EACCES))
|
||||
+ return log_tests_skipped("Cannot detect virtualization");
|
||||
+
|
||||
+ if (v != VIRTUALIZATION_NONE)
|
||||
+ return log_tests_skipped("This test requires a baremetal machine");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+ }
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
|
||||
index 018992f96d..6f93647685 100644
|
||||
--- a/src/test/test-cgroup-setup.c
|
||||
+++ b/src/test/test-cgroup-setup.c
|
||||
@@ -64,10 +64,11 @@ TEST(is_wanted) {
|
||||
test_is_wanted_print_one(false);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
- ({
|
||||
- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
|
||||
- return log_tests_skipped("can't read /proc/cmdline");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
|
||||
+ return log_tests_skipped("can't read /proc/cmdline");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
|
||||
index 53d44566d5..691cfe767f 100644
|
||||
--- a/src/test/test-chown-rec.c
|
||||
+++ b/src/test/test-chown-rec.c
|
||||
@@ -149,10 +149,11 @@ TEST(chown_recursive) {
|
||||
assert_se(!has_xattr(p));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
- ({
|
||||
- if (geteuid() != 0)
|
||||
- return log_tests_skipped("not running as root");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ if (geteuid() != 0)
|
||||
+ return log_tests_skipped("not running as root");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
|
||||
index a3b29ca337..7515a74c12 100644
|
||||
--- a/src/test/test-format-table.c
|
||||
+++ b/src/test/test-format-table.c
|
||||
@@ -529,10 +529,10 @@ TEST(table) {
|
||||
"5min 5min \n"));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- ({
|
||||
- assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
|
||||
- assert_se(setenv("COLUMNS", "40", 1) >= 0);
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
|
||||
+ assert_se(setenv("COLUMNS", "40", 1) >= 0);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
|
||||
index 0e0d91d04e..da5a16b4bc 100644
|
||||
--- a/src/test/test-fs-util.c
|
||||
+++ b/src/test/test-fs-util.c
|
||||
@@ -968,4 +968,9 @@ TEST(open_mkdir_at) {
|
||||
assert_se(subsubdir_fd >= 0);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ arg_test_dir = saved_argv[1];
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
|
||||
index cba0c33a8a..4dc155d818 100644
|
||||
--- a/src/test/test-hashmap.c
|
||||
+++ b/src/test/test-hashmap.c
|
||||
@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) {
|
||||
/* This variable allows us to assert that the tests from different compilation units were actually run. */
|
||||
int n_extern_tests_run = 0;
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- assert_se(n_extern_tests_run == 0),
|
||||
- assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */
|
||||
+static int intro(void) {
|
||||
+ assert_se(n_extern_tests_run == 0);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+static int outro(void) {
|
||||
+ /* Ensure hashmap and ordered_hashmap were tested. */
|
||||
+ assert_se(n_extern_tests_run == 2);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
|
||||
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
|
||||
index ba715e6d7e..f540a832bd 100644
|
||||
--- a/src/test/test-install-root.c
|
||||
+++ b/src/test/test-install-root.c
|
||||
@@ -11,8 +11,11 @@
|
||||
#include "special.h"
|
||||
#include "string-util.h"
|
||||
#include "tests.h"
|
||||
+#include "tmpfile-util.h"
|
||||
|
||||
-static char root[] = "/tmp/rootXXXXXX";
|
||||
+static char *root = NULL;
|
||||
+
|
||||
+STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep);
|
||||
|
||||
TEST(basic_mask_and_enable) {
|
||||
const char *p;
|
||||
@@ -1239,10 +1242,10 @@ TEST(verify_alias) {
|
||||
verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL);
|
||||
}
|
||||
|
||||
-static void setup_root(void) {
|
||||
+static int intro(void) {
|
||||
const char *p;
|
||||
|
||||
- assert_se(mkdtemp(root));
|
||||
+ assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0);
|
||||
|
||||
p = strjoina(root, "/usr/lib/systemd/system/");
|
||||
assert_se(mkdir_p(p, 0755) >= 0);
|
||||
@@ -1264,6 +1267,9 @@ static void setup_root(void) {
|
||||
|
||||
p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
|
||||
assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0));
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
|
||||
index e878979a89..2e105df56a 100644
|
||||
--- a/src/test/test-load-fragment.c
|
||||
+++ b/src/test/test-load-fragment.c
|
||||
@@ -30,6 +30,10 @@
|
||||
/* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */
|
||||
#define CGROUP_LIMIT_DUMMY 3
|
||||
|
||||
+static char *runtime_dir = NULL;
|
||||
+
|
||||
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
|
||||
+
|
||||
TEST_RET(unit_file_get_set) {
|
||||
int r;
|
||||
Hashmap *h;
|
||||
@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) {
|
||||
assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
+static int intro(void) {
|
||||
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
+ return log_tests_skipped("cgroupfs not available");
|
||||
|
||||
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
||||
- ({
|
||||
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
- return log_tests_skipped("cgroupfs not available");
|
||||
-
|
||||
- assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
- }),
|
||||
+ assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
|
||||
- /* no outro */);
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||
index 9515d8cf7b..102d2850bf 100644
|
||||
--- a/src/test/test-mountpoint-util.c
|
||||
+++ b/src/test/test-mountpoint-util.c
|
||||
@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) {
|
||||
assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
- ({
|
||||
- /* let's move into our own mount namespace with all propagation from the host turned off, so
|
||||
- * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
|
||||
- if (unshare(CLONE_NEWNS) < 0) {
|
||||
- if (!ERRNO_IS_PRIVILEGE(errno))
|
||||
- return log_error_errno(errno, "Failed to detach mount namespace: %m");
|
||||
-
|
||||
- log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
|
||||
- } else
|
||||
- assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ /* let's move into our own mount namespace with all propagation from the host turned off, so
|
||||
+ * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
|
||||
+
|
||||
+ if (unshare(CLONE_NEWNS) < 0) {
|
||||
+ if (!ERRNO_IS_PRIVILEGE(errno))
|
||||
+ return log_error_errno(errno, "Failed to detach mount namespace: %m");
|
||||
+
|
||||
+ log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
|
||||
+ } else
|
||||
+ assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
|
||||
index 8df5533d6e..f9e34f3bfa 100644
|
||||
--- a/src/test/test-namespace.c
|
||||
+++ b/src/test/test-namespace.c
|
||||
@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) {
|
||||
assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- ({
|
||||
- if (!have_namespaces())
|
||||
- return log_tests_skipped("Don't have namespace support");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ if (!have_namespaces())
|
||||
+ return log_tests_skipped("Don't have namespace support");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
|
||||
index 1c8c9b80b7..064b4d838f 100644
|
||||
--- a/src/test/test-proc-cmdline.c
|
||||
+++ b/src/test/test-proc-cmdline.c
|
||||
@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) {
|
||||
assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx"));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- ({
|
||||
- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
|
||||
- return log_tests_skipped("can't read /proc/cmdline");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
|
||||
+ return log_tests_skipped("can't read /proc/cmdline");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
|
||||
index 06a640b1cc..8661934929 100644
|
||||
--- a/src/test/test-process-util.c
|
||||
+++ b/src/test/test-process-util.c
|
||||
@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) {
|
||||
assert_se(b == a);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ log_show_color(true);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
|
||||
index 7961c17c4a..88992a6c2b 100644
|
||||
--- a/src/test/test-sd-hwdb.c
|
||||
+++ b/src/test/test-sd-hwdb.c
|
||||
@@ -52,12 +52,15 @@ TEST(basic_enumerate) {
|
||||
assert_se(len1 == len2);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
- ({
|
||||
- _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
|
||||
- int r = sd_hwdb_new(&hwdb);
|
||||
- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
|
||||
- return log_tests_skipped_errno(r, "cannot open hwdb");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
|
||||
+ int r;
|
||||
+
|
||||
+ r = sd_hwdb_new(&hwdb);
|
||||
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
|
||||
+ return log_tests_skipped_errno(r, "cannot open hwdb");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
|
||||
index fb04b3e7fa..9aeb6c5920 100644
|
||||
--- a/src/test/test-serialize.c
|
||||
+++ b/src/test/test-serialize.c
|
||||
@@ -10,7 +10,7 @@
|
||||
#include "tests.h"
|
||||
#include "tmpfile-util.h"
|
||||
|
||||
-char long_string[LONG_LINE_MAX+1];
|
||||
+static char long_string[LONG_LINE_MAX+1];
|
||||
|
||||
TEST(serialize_item) {
|
||||
_cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX";
|
||||
@@ -189,10 +189,10 @@ TEST(serialize_environment) {
|
||||
assert_se(strv_equal(env, env2));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
- ({
|
||||
- memset(long_string, 'x', sizeof(long_string)-1);
|
||||
- char_array_0(long_string);
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ memset(long_string, 'x', sizeof(long_string)-1);
|
||||
+ char_array_0(long_string);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
|
||||
index 183ad4f7b7..f56e7e0167 100644
|
||||
--- a/src/test/test-sleep.c
|
||||
+++ b/src/test/test-sleep.c
|
||||
@@ -118,10 +118,11 @@ TEST(sleep) {
|
||||
log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
- ({
|
||||
- if (getuid() != 0)
|
||||
- log_warning("This program is unlikely to work for unprivileged users");
|
||||
- }),
|
||||
- /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ if (getuid() != 0)
|
||||
+ log_warning("This program is unlikely to work for unprivileged users");
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
|
||||
index 0f7b3ca3ce..2965ee679f 100644
|
||||
--- a/src/test/test-stat-util.c
|
||||
+++ b/src/test/test-stat-util.c
|
||||
@@ -236,4 +236,9 @@ TEST(dir_is_empty) {
|
||||
assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ log_show_color(true);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
|
||||
index 4d0131827e..f21d8b7794 100644
|
||||
--- a/src/test/test-time-util.c
|
||||
+++ b/src/test/test-time-util.c
|
||||
@@ -588,7 +588,7 @@ TEST(map_clock_usec) {
|
||||
}
|
||||
}
|
||||
|
||||
-static void setup_test(void) {
|
||||
+static int intro(void) {
|
||||
log_info("realtime=" USEC_FMT "\n"
|
||||
"monotonic=" USEC_FMT "\n"
|
||||
"boottime=" USEC_FMT "\n",
|
||||
@@ -603,6 +603,8 @@ static void setup_test(void) {
|
||||
uintmax_t x = TIME_T_MAX;
|
||||
x++;
|
||||
assert_se((time_t) x < 0);
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */);
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
|
||||
index 0f8c25c218..6c9f245c7e 100644
|
||||
--- a/src/test/test-unit-file.c
|
||||
+++ b/src/test/test-unit-file.c
|
||||
@@ -102,4 +102,9 @@ TEST(runlevel_to_target) {
|
||||
assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ log_show_color(true);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
|
||||
index 6bde9e090d..1f65407e5f 100644
|
||||
--- a/src/test/test-unit-name.c
|
||||
+++ b/src/test/test-unit-name.c
|
||||
@@ -23,6 +23,10 @@
|
||||
#include "user-util.h"
|
||||
#include "util.h"
|
||||
|
||||
+static char *runtime_dir = NULL;
|
||||
+
|
||||
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
|
||||
+
|
||||
static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) {
|
||||
log_info("%s ( %s%s%s ): %s",
|
||||
name,
|
||||
@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) {
|
||||
assert_se(!unit_name_prefix_equal("a", "a"));
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_INFO,
|
||||
+static int intro(void) {
|
||||
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
+ return log_tests_skipped("cgroupfs not available");
|
||||
|
||||
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
||||
- ({
|
||||
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
- return log_tests_skipped("cgroupfs not available");
|
||||
-
|
||||
- assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
- }),
|
||||
+ assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
|
||||
- /* no outro */);
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
|
||||
index 899fdc000c..5d39176db2 100644
|
||||
--- a/src/test/test-unit-serialize.c
|
||||
+++ b/src/test/test-unit-serialize.c
|
||||
@@ -4,6 +4,10 @@
|
||||
#include "service.h"
|
||||
#include "tests.h"
|
||||
|
||||
+static char *runtime_dir = NULL;
|
||||
+
|
||||
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
|
||||
+
|
||||
#define EXEC_START_ABSOLUTE \
|
||||
"ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\""
|
||||
#define EXEC_START_RELATIVE \
|
||||
@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) {
|
||||
test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL);
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(
|
||||
- LOG_DEBUG,
|
||||
+static int intro(void) {
|
||||
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
+ return log_tests_skipped("cgroupfs not available");
|
||||
|
||||
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
||||
- ({
|
||||
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
|
||||
- return log_tests_skipped("cgroupfs not available");
|
||||
-
|
||||
- assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
- }),
|
||||
+ assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
|
||||
- /* no outro */);
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
|
||||
index a21fcd6fd2..1b31d1f852 100644
|
||||
--- a/src/test/test-utf8.c
|
||||
+++ b/src/test/test-utf8.c
|
||||
@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) {
|
||||
}
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
|
||||
+static int intro(void) {
|
||||
+ log_show_color(true);
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
|
@ -1,300 +0,0 @@
|
|||
From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Wed, 2 Feb 2022 11:06:41 +0900
|
||||
Subject: [PATCH] test: allow to set NULL to intro or outro
|
||||
|
||||
Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033.
|
||||
|
||||
(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c)
|
||||
|
||||
Related: #2017035
|
||||
---
|
||||
src/shared/tests.h | 45 +++++++++++++++++----------------
|
||||
src/test/test-barrier.c | 2 +-
|
||||
src/test/test-cgroup-setup.c | 2 +-
|
||||
src/test/test-chown-rec.c | 2 +-
|
||||
src/test/test-format-table.c | 2 +-
|
||||
src/test/test-fs-util.c | 2 +-
|
||||
src/test/test-hashmap.c | 2 +-
|
||||
src/test/test-install-root.c | 2 +-
|
||||
src/test/test-load-fragment.c | 2 +-
|
||||
src/test/test-mountpoint-util.c | 2 +-
|
||||
src/test/test-namespace.c | 2 +-
|
||||
src/test/test-proc-cmdline.c | 2 +-
|
||||
src/test/test-process-util.c | 2 +-
|
||||
src/test/test-sd-hwdb.c | 2 +-
|
||||
src/test/test-serialize.c | 2 +-
|
||||
src/test/test-sleep.c | 2 +-
|
||||
src/test/test-stat-util.c | 2 +-
|
||||
src/test/test-time-util.c | 2 +-
|
||||
src/test/test-unit-file.c | 2 +-
|
||||
src/test/test-unit-name.c | 2 +-
|
||||
src/test/test-unit-serialize.c | 2 +-
|
||||
src/test/test-utf8.c | 2 +-
|
||||
22 files changed, 44 insertions(+), 43 deletions(-)
|
||||
|
||||
diff --git a/src/shared/tests.h b/src/shared/tests.h
|
||||
index 59448f38f6..ef6acd368e 100644
|
||||
--- a/src/shared/tests.h
|
||||
+++ b/src/shared/tests.h
|
||||
@@ -110,27 +110,28 @@ static inline int run_test_table(void) {
|
||||
return r;
|
||||
}
|
||||
|
||||
-static inline int test_nop(void) {
|
||||
- return EXIT_SUCCESS;
|
||||
-}
|
||||
-
|
||||
-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
|
||||
- int main(int argc, char *argv[]) { \
|
||||
- int _r, _q; \
|
||||
- test_setup_logging(log_level); \
|
||||
- save_argc_argv(argc, argv); \
|
||||
- _r = intro(); \
|
||||
- if (_r == EXIT_SUCCESS) \
|
||||
- _r = run_test_table(); \
|
||||
- _q = outro(); \
|
||||
- static_destruct(); \
|
||||
- if (_r < 0) \
|
||||
- return EXIT_FAILURE; \
|
||||
- if (_r != EXIT_SUCCESS) \
|
||||
- return _r; \
|
||||
- if (_q < 0) \
|
||||
- return EXIT_FAILURE; \
|
||||
- return _q; \
|
||||
+#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro) \
|
||||
+ int main(int argc, char *argv[]) { \
|
||||
+ int (*_intro)(void) = intro; \
|
||||
+ int (*_outro)(void) = outro; \
|
||||
+ int _r, _q; \
|
||||
+ test_setup_logging(log_level); \
|
||||
+ save_argc_argv(argc, argv); \
|
||||
+ _r = _intro ? _intro() : EXIT_SUCCESS; \
|
||||
+ if (_r == EXIT_SUCCESS) \
|
||||
+ _r = run_test_table(); \
|
||||
+ _q = _outro ? _outro() : EXIT_SUCCESS; \
|
||||
+ static_destruct(); \
|
||||
+ if (_r < 0) \
|
||||
+ return EXIT_FAILURE; \
|
||||
+ if (_r != EXIT_SUCCESS) \
|
||||
+ return _r; \
|
||||
+ if (_q < 0) \
|
||||
+ return EXIT_FAILURE; \
|
||||
+ return _q; \
|
||||
}
|
||||
|
||||
-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
|
||||
+#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro) \
|
||||
+ DEFINE_TEST_MAIN_FULL(log_level, intro, NULL)
|
||||
+#define DEFINE_TEST_MAIN(log_level) \
|
||||
+ DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL)
|
||||
diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
|
||||
index b87538806a..bbd7e2bddb 100644
|
||||
--- a/src/test/test-barrier.c
|
||||
+++ b/src/test/test-barrier.c
|
||||
@@ -444,4 +444,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
|
||||
index 6f93647685..c377ff0a00 100644
|
||||
--- a/src/test/test-cgroup-setup.c
|
||||
+++ b/src/test/test-cgroup-setup.c
|
||||
@@ -71,4 +71,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
|
||||
index 691cfe767f..97711f58b0 100644
|
||||
--- a/src/test/test-chown-rec.c
|
||||
+++ b/src/test/test-chown-rec.c
|
||||
@@ -156,4 +156,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
|
||||
index 7515a74c12..1b4963d928 100644
|
||||
--- a/src/test/test-format-table.c
|
||||
+++ b/src/test/test-format-table.c
|
||||
@@ -535,4 +535,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
|
||||
index da5a16b4bc..602ce75f98 100644
|
||||
--- a/src/test/test-fs-util.c
|
||||
+++ b/src/test/test-fs-util.c
|
||||
@@ -973,4 +973,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
|
||||
index 4dc155d818..dbf762cc0b 100644
|
||||
--- a/src/test/test-hashmap.c
|
||||
+++ b/src/test/test-hashmap.c
|
||||
@@ -169,4 +169,4 @@ static int outro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
|
||||
+DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro);
|
||||
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
|
||||
index f540a832bd..f718689c3a 100644
|
||||
--- a/src/test/test-install-root.c
|
||||
+++ b/src/test/test-install-root.c
|
||||
@@ -1272,4 +1272,4 @@ static int intro(void) {
|
||||
}
|
||||
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
|
||||
index 2e105df56a..1bd68c7e0a 100644
|
||||
--- a/src/test/test-load-fragment.c
|
||||
+++ b/src/test/test-load-fragment.c
|
||||
@@ -906,4 +906,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
|
||||
index 102d2850bf..4d140c42b6 100644
|
||||
--- a/src/test/test-mountpoint-util.c
|
||||
+++ b/src/test/test-mountpoint-util.c
|
||||
@@ -313,4 +313,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
|
||||
index f9e34f3bfa..7a634adca9 100644
|
||||
--- a/src/test/test-namespace.c
|
||||
+++ b/src/test/test-namespace.c
|
||||
@@ -227,4 +227,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
|
||||
index 064b4d838f..1f43bb3eb0 100644
|
||||
--- a/src/test/test-proc-cmdline.c
|
||||
+++ b/src/test/test-proc-cmdline.c
|
||||
@@ -254,4 +254,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
|
||||
index 8661934929..7a8adad50c 100644
|
||||
--- a/src/test/test-process-util.c
|
||||
+++ b/src/test/test-process-util.c
|
||||
@@ -900,4 +900,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
|
||||
index 88992a6c2b..4251e2a809 100644
|
||||
--- a/src/test/test-sd-hwdb.c
|
||||
+++ b/src/test/test-sd-hwdb.c
|
||||
@@ -63,4 +63,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
|
||||
index 9aeb6c5920..bcf2e843b0 100644
|
||||
--- a/src/test/test-serialize.c
|
||||
+++ b/src/test/test-serialize.c
|
||||
@@ -195,4 +195,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
|
||||
index f56e7e0167..5aebcdd935 100644
|
||||
--- a/src/test/test-sleep.c
|
||||
+++ b/src/test/test-sleep.c
|
||||
@@ -125,4 +125,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
|
||||
index 2965ee679f..7f633ab259 100644
|
||||
--- a/src/test/test-stat-util.c
|
||||
+++ b/src/test/test-stat-util.c
|
||||
@@ -241,4 +241,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
|
||||
index f21d8b7794..554693834b 100644
|
||||
--- a/src/test/test-time-util.c
|
||||
+++ b/src/test/test-time-util.c
|
||||
@@ -607,4 +607,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
|
||||
index 6c9f245c7e..cc08a4ae4b 100644
|
||||
--- a/src/test/test-unit-file.c
|
||||
+++ b/src/test/test-unit-file.c
|
||||
@@ -107,4 +107,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
|
||||
index 1f65407e5f..8cd0e0b4a1 100644
|
||||
--- a/src/test/test-unit-name.c
|
||||
+++ b/src/test/test-unit-name.c
|
||||
@@ -856,4 +856,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
||||
diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
|
||||
index 5d39176db2..3ef15f3b1e 100644
|
||||
--- a/src/test/test-unit-serialize.c
|
||||
+++ b/src/test/test-unit-serialize.c
|
||||
@@ -60,4 +60,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
|
||||
diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
|
||||
index 1b31d1f852..7337b81227 100644
|
||||
--- a/src/test/test-utf8.c
|
||||
+++ b/src/test/test-utf8.c
|
||||
@@ -236,4 +236,4 @@ static int intro(void) {
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
|
||||
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
|
|
@ -0,0 +1,34 @@
|
|||
From ab6a1bdf3519d4344dee4e0225c74fc1198c8a60 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 15 Oct 2018 10:54:11 +0000
|
||||
Subject: [PATCH] tests: backport test_setup_logging()
|
||||
|
||||
Related: #1635428
|
||||
---
|
||||
src/shared/tests.c | 6 ++++++
|
||||
src/shared/tests.h | 1 +
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/shared/tests.c b/src/shared/tests.c
|
||||
index 6b3df0aa07..b10343650f 100644
|
||||
--- a/src/shared/tests.c
|
||||
+++ b/src/shared/tests.c
|
||||
@@ -54,3 +54,9 @@ const char* get_testdata_dir(const char *suffix) {
|
||||
strncpy(testdir + strlen(testdir), suffix, sizeof(testdir) - strlen(testdir) - 1);
|
||||
return testdir;
|
||||
}
|
||||
+
|
||||
+void test_setup_logging(int level) {
|
||||
+ log_set_max_level(level);
|
||||
+ log_parse_environment();
|
||||
+ log_open();
|
||||
+}
|
||||
diff --git a/src/shared/tests.h b/src/shared/tests.h
|
||||
index b88135ed93..cad21169f8 100644
|
||||
--- a/src/shared/tests.h
|
||||
+++ b/src/shared/tests.h
|
||||
@@ -3,3 +3,4 @@
|
||||
|
||||
char* setup_fake_runtime_dir(void);
|
||||
const char* get_testdata_dir(const char *suffix);
|
||||
+void test_setup_logging(int level);
|
|
@ -0,0 +1,23 @@
|
|||
From 80d5f0e2057717e9e5588edcabac95b8c238795c Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 15 Oct 2018 10:55:50 +0000
|
||||
Subject: [PATCH] journal: change support URL shown in the catalog entries
|
||||
|
||||
Resolves: #1550548
|
||||
---
|
||||
meson_options.txt | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 16c1f2b2fa..ab2a658713 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -205,7 +205,7 @@ option('ntp-servers', type : 'string',
|
||||
value : 'time1.google.com time2.google.com time3.google.com time4.google.com')
|
||||
option('support-url', type : 'string',
|
||||
description : 'the support URL to show in catalog entries included in systemd',
|
||||
- value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel')
|
||||
+ value : 'https://access.redhat.com/support')
|
||||
option('www-target', type : 'string',
|
||||
description : 'the address and dir to upload docs too',
|
||||
value : 'www.freedesktop.org:/srv/www.freedesktop.org/www/software/systemd')
|
|
@ -0,0 +1,48 @@
|
|||
From e0f2dd42fb02aa5767d38714c95ac10fb683ad67 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Fri, 11 Mar 2016 17:06:17 -0500
|
||||
Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
|
||||
|
||||
If the symlink doesn't exists, and we are being started, let's
|
||||
create it to provie name resolution.
|
||||
|
||||
If it exists, do nothing. In particular, if it is a broken symlink,
|
||||
we cannot really know if the administator configured it to point to
|
||||
a location used by some service that hasn't started yet, so we
|
||||
don't touch it in that case either.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1313085
|
||||
---
|
||||
src/resolve/resolved.c | 4 ++++
|
||||
tmpfiles.d/etc.conf.m4 | 3 ---
|
||||
2 files changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
|
||||
index c01e53e9da..f3d96df458 100644
|
||||
--- a/src/resolve/resolved.c
|
||||
+++ b/src/resolve/resolved.c
|
||||
@@ -53,6 +53,10 @@ int main(int argc, char *argv[]) {
|
||||
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
||||
* privileges are already dropped. */
|
||||
if (getuid() == 0) {
|
||||
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
|
||||
+ if (r < 0 && errno != EEXIST)
|
||||
+ log_warning_errno(errno,
|
||||
+ "Could not create /etc/resolv.conf symlink: %m");
|
||||
|
||||
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
|
||||
r = drop_privileges(uid, gid,
|
||||
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
|
||||
index df8d42101c..928105ea8d 100644
|
||||
--- a/tmpfiles.d/etc.conf.m4
|
||||
+++ b/tmpfiles.d/etc.conf.m4
|
||||
@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
|
||||
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
|
||||
t /etc/mtab - - - - security.SMACK64=_
|
||||
)m4_dnl
|
||||
-m4_ifdef(`ENABLE_RESOLVE',
|
||||
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||
-)m4_dnl
|
||||
C /etc/nsswitch.conf - - - -
|
||||
m4_ifdef(`HAVE_PAM',
|
||||
C /etc/pam.d - - - -
|
|
@ -0,0 +1,27 @@
|
|||
From e615b80f3fda82ac7fe628800a9ff2103788bd05 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Tue, 9 Oct 2018 13:50:55 +0200
|
||||
Subject: [PATCH] dissect-image: use right comparison function
|
||||
|
||||
fstype can be NULL here.
|
||||
|
||||
(cherry picked from commit 4db1879acdc0b853e1a7e6e650b6feb917175fac)
|
||||
|
||||
Resolves: #1602706
|
||||
---
|
||||
src/shared/dissect-image.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
|
||||
index fa1cf26ee1..e076c8e7db 100644
|
||||
--- a/src/shared/dissect-image.c
|
||||
+++ b/src/shared/dissect-image.c
|
||||
@@ -230,7 +230,7 @@ int dissect_image(
|
||||
.node = TAKE_PTR(n),
|
||||
};
|
||||
|
||||
- m->encrypted = streq(fstype, "crypto_LUKS");
|
||||
+ m->encrypted = streq_ptr(fstype, "crypto_LUKS");
|
||||
|
||||
*ret = TAKE_PTR(m);
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
From 8fdca31b41a6470ceda8e0a84f90a1e5ca28aa5c Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Tue, 9 Oct 2018 17:26:19 +0200
|
||||
Subject: [PATCH] login: avoid leak of name returned by uid_to_name()
|
||||
|
||||
(cherry picked from commit e99742ef3e9d847da04e71fec0eb426063b25068)
|
||||
|
||||
Resolves: #1602706
|
||||
---
|
||||
src/login/logind-dbus.c | 4 +++-
|
||||
src/login/logind-utmp.c | 6 +++---
|
||||
2 files changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
|
||||
index 13298cc855..dca7f4a30f 100644
|
||||
--- a/src/login/logind-dbus.c
|
||||
+++ b/src/login/logind-dbus.c
|
||||
@@ -2155,6 +2155,7 @@ static int method_cancel_scheduled_shutdown(sd_bus_message *message, void *userd
|
||||
|
||||
if (cancelled && m->enable_wall_messages) {
|
||||
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
||||
+ _cleanup_free_ char *username = NULL;
|
||||
const char *tty = NULL;
|
||||
uid_t uid = 0;
|
||||
int r;
|
||||
@@ -2165,8 +2166,9 @@ static int method_cancel_scheduled_shutdown(sd_bus_message *message, void *userd
|
||||
(void) sd_bus_creds_get_tty(creds, &tty);
|
||||
}
|
||||
|
||||
+ username = uid_to_name(uid);
|
||||
utmp_wall("The system shutdown has been cancelled",
|
||||
- uid_to_name(uid), tty, logind_wall_tty_filter, m);
|
||||
+ username, tty, logind_wall_tty_filter, m);
|
||||
}
|
||||
|
||||
return sd_bus_reply_method_return(message, "b", cancelled);
|
||||
diff --git a/src/login/logind-utmp.c b/src/login/logind-utmp.c
|
||||
index 71ebdfcfb1..8bdd4ab6bf 100644
|
||||
--- a/src/login/logind-utmp.c
|
||||
+++ b/src/login/logind-utmp.c
|
||||
@@ -61,7 +61,7 @@ bool logind_wall_tty_filter(const char *tty, void *userdata) {
|
||||
|
||||
static int warn_wall(Manager *m, usec_t n) {
|
||||
char date[FORMAT_TIMESTAMP_MAX] = {};
|
||||
- _cleanup_free_ char *l = NULL;
|
||||
+ _cleanup_free_ char *l = NULL, *username = NULL;
|
||||
usec_t left;
|
||||
int r;
|
||||
|
||||
@@ -83,8 +83,8 @@ static int warn_wall(Manager *m, usec_t n) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
- utmp_wall(l, uid_to_name(m->scheduled_shutdown_uid),
|
||||
- m->scheduled_shutdown_tty, logind_wall_tty_filter, m);
|
||||
+ username = uid_to_name(m->scheduled_shutdown_uid);
|
||||
+ utmp_wall(l, username, m->scheduled_shutdown_tty, logind_wall_tty_filter, m);
|
||||
|
||||
return 1;
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
From fbe394e9166ddfe847dcac0eab0fcbd3c225dc33 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Wed, 10 Oct 2018 09:33:28 +0200
|
||||
Subject: [PATCH] firewall-util: add an assert that we're not overwriting a
|
||||
buffer
|
||||
|
||||
... like commit f28501279d2c28fdbb31d8273b723e9bf71d3b98 does for
|
||||
out_interface.
|
||||
|
||||
(cherry picked from commit 0b777d20e9a3868b12372ffce8040d1be063cec7)
|
||||
|
||||
Resolves: #1602706
|
||||
---
|
||||
src/shared/firewall-util.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
|
||||
index eb4f5ff616..cba52fb419 100644
|
||||
--- a/src/shared/firewall-util.c
|
||||
+++ b/src/shared/firewall-util.c
|
||||
@@ -50,8 +50,14 @@ static int entry_fill_basics(
|
||||
entry->ip.proto = protocol;
|
||||
|
||||
if (in_interface) {
|
||||
+ size_t l;
|
||||
+
|
||||
+ l = strlen(in_interface);
|
||||
+ assert(l < sizeof entry->ip.iniface);
|
||||
+ assert(l < sizeof entry->ip.iniface_mask);
|
||||
+
|
||||
strcpy(entry->ip.iniface, in_interface);
|
||||
- memset(entry->ip.iniface_mask, 0xFF, strlen(in_interface)+1);
|
||||
+ memset(entry->ip.iniface_mask, 0xFF, l + 1);
|
||||
}
|
||||
if (source) {
|
||||
entry->ip.src = source->in;
|
|
@ -0,0 +1,29 @@
|
|||
From ebdb96247433d920b391672e019da9402aabd351 Mon Sep 17 00:00:00 2001
|
||||
From: David Tardon <dtardon@redhat.com>
|
||||
Date: Wed, 10 Oct 2018 13:56:54 +0200
|
||||
Subject: [PATCH] journal-file: avoid calling ftruncate with invalid fd
|
||||
|
||||
This can happen if journal_file_close is called from the failure
|
||||
handling code of journal_file_open before f->fd was established.
|
||||
|
||||
(cherry picked from commit c52368509f48e556be5a4c7a171361b656a25e02)
|
||||
|
||||
Resolves: #1602706
|
||||
---
|
||||
src/journal/journal-file.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
||||
index 62e7f68a13..efc3ee052b 100644
|
||||
--- a/src/journal/journal-file.c
|
||||
+++ b/src/journal/journal-file.c
|
||||
@@ -1846,6 +1846,9 @@ static int journal_file_append_entry_internal(
|
||||
void journal_file_post_change(JournalFile *f) {
|
||||
assert(f);
|
||||
|
||||
+ if (f->fd < 0)
|
||||
+ return;
|
||||
+
|
||||
/* inotify() does not receive IN_MODIFY events from file
|
||||
* accesses done via mmap(). After each access we hence
|
||||
* trigger IN_MODIFY by truncating the journal file to its
|
|
@ -0,0 +1,33 @@
|
|||
From c232bc1f346a6af9777c216d01f7940898ae1650 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Oct 2018 12:12:33 +0200
|
||||
Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
|
||||
header
|
||||
|
||||
Fixes a vulnerability originally discovered by Felix Wilhelm from
|
||||
Google.
|
||||
|
||||
CVE-2018-15688
|
||||
LP: #1795921
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
|
||||
|
||||
(cherry-picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
|
||||
|
||||
Resolves: #1643363
|
||||
---
|
||||
src/libsystemd-network/dhcp6-option.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
|
||||
index 18196b1257..0979497299 100644
|
||||
--- a/src/libsystemd-network/dhcp6-option.c
|
||||
+++ b/src/libsystemd-network/dhcp6-option.c
|
||||
@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
- if (*buflen < len)
|
||||
+ if (*buflen < offsetof(DHCP6Option, data) + len)
|
||||
return -ENOBUFS;
|
||||
|
||||
ia_hdr = *buf;
|
|
@ -0,0 +1,133 @@
|
|||
From 35a23324975ac6ee0bbd3408394f992007b7a439 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 13 Nov 2018 11:59:06 +0100
|
||||
Subject: [PATCH] =?UTF-8?q?core:=20rename=20queued=5Fmessage=20=E2=86=92?=
|
||||
=?UTF-8?q?=20pending=5Freload=5Fmessage?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This field is only used for pending Reload() replies, hence let's rename
|
||||
it to be more descriptive and precise.
|
||||
|
||||
No change in behaviour.
|
||||
|
||||
(cherry picked from commit 209de5256b7ba8600c3e73a85a43b86708998d65)
|
||||
|
||||
Resolves: #1647359
|
||||
---
|
||||
src/core/dbus-manager.c | 4 ++--
|
||||
src/core/dbus.c | 12 ++++++------
|
||||
src/core/dbus.h | 2 +-
|
||||
src/core/manager.c | 6 +++---
|
||||
src/core/manager.h | 2 +-
|
||||
5 files changed, 13 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
|
||||
index 4ed68af1e0..d39c9b28c4 100644
|
||||
--- a/src/core/dbus-manager.c
|
||||
+++ b/src/core/dbus-manager.c
|
||||
@@ -1329,8 +1329,8 @@ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *
|
||||
* is finished. That way the caller knows when the reload
|
||||
* finished. */
|
||||
|
||||
- assert(!m->queued_message);
|
||||
- r = sd_bus_message_new_method_return(message, &m->queued_message);
|
||||
+ assert(!m->pending_reload_message);
|
||||
+ r = sd_bus_message_new_method_return(message, &m->pending_reload_message);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
diff --git a/src/core/dbus.c b/src/core/dbus.c
|
||||
index bf5917696e..256a410215 100644
|
||||
--- a/src/core/dbus.c
|
||||
+++ b/src/core/dbus.c
|
||||
@@ -47,23 +47,23 @@
|
||||
|
||||
static void destroy_bus(Manager *m, sd_bus **bus);
|
||||
|
||||
-int bus_send_queued_message(Manager *m) {
|
||||
+int bus_send_pending_reload_message(Manager *m) {
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
- if (!m->queued_message)
|
||||
+ if (!m->pending_reload_message)
|
||||
return 0;
|
||||
|
||||
/* If we cannot get rid of this message we won't dispatch any
|
||||
* D-Bus messages, so that we won't end up wanting to queue
|
||||
* another message. */
|
||||
|
||||
- r = sd_bus_send(NULL, m->queued_message, NULL);
|
||||
+ r = sd_bus_send(NULL, m->pending_reload_message, NULL);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to send queued message: %m");
|
||||
|
||||
- m->queued_message = sd_bus_message_unref(m->queued_message);
|
||||
+ m->pending_reload_message = sd_bus_message_unref(m->pending_reload_message);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1079,8 +1079,8 @@ static void destroy_bus(Manager *m, sd_bus **bus) {
|
||||
u->bus_track = sd_bus_track_unref(u->bus_track);
|
||||
|
||||
/* Get rid of queued message on this bus */
|
||||
- if (m->queued_message && sd_bus_message_get_bus(m->queued_message) == *bus)
|
||||
- m->queued_message = sd_bus_message_unref(m->queued_message);
|
||||
+ if (m->pending_reload_message && sd_bus_message_get_bus(m->pending_reload_message) == *bus)
|
||||
+ m->pending_reload_message = sd_bus_message_unref(m->pending_reload_message);
|
||||
|
||||
/* Possibly flush unwritten data, but only if we are
|
||||
* unprivileged, since we don't want to sync here */
|
||||
diff --git a/src/core/dbus.h b/src/core/dbus.h
|
||||
index 382a96da7d..f1c0fa86c0 100644
|
||||
--- a/src/core/dbus.h
|
||||
+++ b/src/core/dbus.h
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
#include "manager.h"
|
||||
|
||||
-int bus_send_queued_message(Manager *m);
|
||||
+int bus_send_pending_reload_message(Manager *m);
|
||||
|
||||
int bus_init_private(Manager *m);
|
||||
int bus_init_api(Manager *m);
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 930df4e23a..a24bfcacdf 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -2078,7 +2078,7 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
|
||||
return 0;
|
||||
|
||||
/* Anything to do at all? */
|
||||
- if (!m->dbus_unit_queue && !m->dbus_job_queue && !m->send_reloading_done && !m->queued_message)
|
||||
+ if (!m->dbus_unit_queue && !m->dbus_job_queue && !m->send_reloading_done && !m->pending_reload_message)
|
||||
return 0;
|
||||
|
||||
/* Do we have overly many messages queued at the moment? If so, let's not enqueue more on top, let's sit this
|
||||
@@ -2123,8 +2123,8 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
|
||||
n++, budget--;
|
||||
}
|
||||
|
||||
- if (budget > 0 && m->queued_message) {
|
||||
- bus_send_queued_message(m);
|
||||
+ if (budget > 0 && m->pending_reload_message) {
|
||||
+ bus_send_pending_reload_message(m);
|
||||
n++;
|
||||
}
|
||||
|
||||
diff --git a/src/core/manager.h b/src/core/manager.h
|
||||
index ea5d425030..c7f4d66ecd 100644
|
||||
--- a/src/core/manager.h
|
||||
+++ b/src/core/manager.h
|
||||
@@ -215,7 +215,7 @@ struct Manager {
|
||||
|
||||
/* This is used during reloading: before the reload we queue
|
||||
* the reply message here, and afterwards we send it */
|
||||
- sd_bus_message *queued_message;
|
||||
+ sd_bus_message *pending_reload_message;
|
||||
|
||||
Hashmap *watch_bus; /* D-Bus names => Unit object n:1 */
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From 52a474cf15bf2b0edb449750eb63eb8cdb9a3780 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 13 Nov 2018 12:00:42 +0100
|
||||
Subject: [PATCH] core: when we can't send the pending reload message, say we
|
||||
ignore it in the warning we log
|
||||
|
||||
No change in behaviour, just better wording.
|
||||
|
||||
(cherry picked from commit 4b66bccab004221b903b43b4c224442bfa3e9ac7)
|
||||
|
||||
Resolves: #1647359
|
||||
---
|
||||
src/core/dbus.c | 7 +++----
|
||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/core/dbus.c b/src/core/dbus.c
|
||||
index 256a410215..346a440c5d 100644
|
||||
--- a/src/core/dbus.c
|
||||
+++ b/src/core/dbus.c
|
||||
@@ -55,13 +55,12 @@ int bus_send_pending_reload_message(Manager *m) {
|
||||
if (!m->pending_reload_message)
|
||||
return 0;
|
||||
|
||||
- /* If we cannot get rid of this message we won't dispatch any
|
||||
- * D-Bus messages, so that we won't end up wanting to queue
|
||||
- * another message. */
|
||||
+ /* If we cannot get rid of this message we won't dispatch any D-Bus messages, so that we won't end up wanting
|
||||
+ * to queue another message. */
|
||||
|
||||
r = sd_bus_send(NULL, m->pending_reload_message, NULL);
|
||||
if (r < 0)
|
||||
- log_warning_errno(r, "Failed to send queued message: %m");
|
||||
+ log_warning_errno(r, "Failed to send queued message, ignoring: %m");
|
||||
|
||||
m->pending_reload_message = sd_bus_message_unref(m->pending_reload_message);
|
||||
|
|
@ -0,0 +1,114 @@
|
|||
From 0412acb95ffac94d5916ee19991cc7194e55953c Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 13 Nov 2018 12:48:49 +0100
|
||||
Subject: [PATCH] core: make sure we don't throttle change signal generator
|
||||
when a reload is pending
|
||||
|
||||
Fixes: #10627
|
||||
(cherry picked from commit b8d381c47776ea0440af175cbe0c02cb743bde08)
|
||||
|
||||
Resolves: #1647359
|
||||
---
|
||||
src/core/manager.c | 64 ++++++++++++++++++++++++++++------------------
|
||||
1 file changed, 39 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index a24bfcacdf..3b2fe11e87 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -2074,56 +2074,70 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
|
||||
|
||||
assert(m);
|
||||
|
||||
+ /* Avoid recursion */
|
||||
if (m->dispatching_dbus_queue)
|
||||
return 0;
|
||||
|
||||
- /* Anything to do at all? */
|
||||
- if (!m->dbus_unit_queue && !m->dbus_job_queue && !m->send_reloading_done && !m->pending_reload_message)
|
||||
- return 0;
|
||||
+ /* When we are reloading, let's not wait with generating signals, since we need to exit the manager as quickly
|
||||
+ * as we can. There's no point in throttling generation of signals in that case. */
|
||||
+ if (MANAGER_IS_RELOADING(m) || m->send_reloading_done || m->pending_reload_message)
|
||||
+ budget = (unsigned) -1; /* infinite budget in this case */
|
||||
+ else {
|
||||
+ /* Anything to do at all? */
|
||||
+ if (!m->dbus_unit_queue && !m->dbus_job_queue)
|
||||
+ return 0;
|
||||
|
||||
- /* Do we have overly many messages queued at the moment? If so, let's not enqueue more on top, let's sit this
|
||||
- * cycle out, and process things in a later cycle when the queues got a bit emptier. */
|
||||
- if (manager_bus_n_queued_write(m) > MANAGER_BUS_BUSY_THRESHOLD)
|
||||
- return 0;
|
||||
+ /* Do we have overly many messages queued at the moment? If so, let's not enqueue more on top, let's
|
||||
+ * sit this cycle out, and process things in a later cycle when the queues got a bit emptier. */
|
||||
+ if (manager_bus_n_queued_write(m) > MANAGER_BUS_BUSY_THRESHOLD)
|
||||
+ return 0;
|
||||
|
||||
- /* Only process a certain number of units/jobs per event loop iteration. Even if the bus queue wasn't overly
|
||||
- * full before this call we shouldn't increase it in size too wildly in one step, and we shouldn't monopolize
|
||||
- * CPU time with generating these messages. Note the difference in counting of this "budget" and the
|
||||
- * "threshold" above: the "budget" is decreased only once per generated message, regardless how many
|
||||
- * busses/direct connections it is enqueued on, while the "threshold" is applied to each queued instance of bus
|
||||
- * message, i.e. if the same message is enqueued to five busses/direct connections it will be counted five
|
||||
- * times. This difference in counting ("references" vs. "instances") is primarily a result of the fact that
|
||||
- * it's easier to implement it this way, however it also reflects the thinking that the "threshold" should put
|
||||
- * a limit on used queue memory, i.e. space, while the "budget" should put a limit on time. Also note that
|
||||
- * the "threshold" is currently chosen much higher than the "budget". */
|
||||
- budget = MANAGER_BUS_MESSAGE_BUDGET;
|
||||
+ /* Only process a certain number of units/jobs per event loop iteration. Even if the bus queue wasn't
|
||||
+ * overly full before this call we shouldn't increase it in size too wildly in one step, and we
|
||||
+ * shouldn't monopolize CPU time with generating these messages. Note the difference in counting of
|
||||
+ * this "budget" and the "threshold" above: the "budget" is decreased only once per generated message,
|
||||
+ * regardless how many busses/direct connections it is enqueued on, while the "threshold" is applied to
|
||||
+ * each queued instance of bus message, i.e. if the same message is enqueued to five busses/direct
|
||||
+ * connections it will be counted five times. This difference in counting ("references"
|
||||
+ * vs. "instances") is primarily a result of the fact that it's easier to implement it this way,
|
||||
+ * however it also reflects the thinking that the "threshold" should put a limit on used queue memory,
|
||||
+ * i.e. space, while the "budget" should put a limit on time. Also note that the "threshold" is
|
||||
+ * currently chosen much higher than the "budget". */
|
||||
+ budget = MANAGER_BUS_MESSAGE_BUDGET;
|
||||
+ }
|
||||
|
||||
m->dispatching_dbus_queue = true;
|
||||
|
||||
- while (budget > 0 && (u = m->dbus_unit_queue)) {
|
||||
+ while (budget != 0 && (u = m->dbus_unit_queue)) {
|
||||
|
||||
assert(u->in_dbus_queue);
|
||||
|
||||
bus_unit_send_change_signal(u);
|
||||
- n++, budget--;
|
||||
+ n++;
|
||||
+
|
||||
+ if (budget != (unsigned) -1)
|
||||
+ budget--;
|
||||
}
|
||||
|
||||
- while (budget > 0 && (j = m->dbus_job_queue)) {
|
||||
+ while (budget != 0 && (j = m->dbus_job_queue)) {
|
||||
assert(j->in_dbus_queue);
|
||||
|
||||
bus_job_send_change_signal(j);
|
||||
- n++, budget--;
|
||||
+ n++;
|
||||
+
|
||||
+ if (budget != (unsigned) -1)
|
||||
+ budget--;
|
||||
}
|
||||
|
||||
m->dispatching_dbus_queue = false;
|
||||
|
||||
- if (budget > 0 && m->send_reloading_done) {
|
||||
+ if (m->send_reloading_done) {
|
||||
m->send_reloading_done = false;
|
||||
bus_manager_send_reloading(m, false);
|
||||
- n++, budget--;
|
||||
+ n++;
|
||||
}
|
||||
|
||||
- if (budget > 0 && m->pending_reload_message) {
|
||||
+ if (m->pending_reload_message) {
|
||||
bus_send_pending_reload_message(m);
|
||||
n++;
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
From 84b15a8a493424efa8c9eaa9a44a23c3c59742bd Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 25 Oct 2018 16:21:26 +0200
|
||||
Subject: [PATCH] proc-cmdline: introduce PROC_CMDLINE_RD_STRICT
|
||||
|
||||
Our current set of flags allows an option to be either
|
||||
use just in initrd or both in initrd and normal system.
|
||||
This new flag is intended to be used in the case where
|
||||
you want apply some settings just in initrd or just
|
||||
in normal system.
|
||||
|
||||
(cherry picked from commit ed58820d7669971762dd887dc117d922c23f2543)
|
||||
|
||||
Related: #1643429
|
||||
---
|
||||
src/basic/proc-cmdline.c | 3 ++-
|
||||
src/basic/proc-cmdline.h | 1 +
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c
|
||||
index add481c2ae..530ac37460 100644
|
||||
--- a/src/basic/proc-cmdline.c
|
||||
+++ b/src/basic/proc-cmdline.c
|
||||
@@ -72,7 +72,8 @@ int proc_cmdline_parse(proc_cmdline_parse_t parse_item, void *data, unsigned fla
|
||||
|
||||
if (flags & PROC_CMDLINE_STRIP_RD_PREFIX)
|
||||
key = q;
|
||||
- }
|
||||
+ } else if (in_initrd() && flags & PROC_CMDLINE_RD_STRICT)
|
||||
+ continue;
|
||||
|
||||
value = strchr(key, '=');
|
||||
if (value)
|
||||
diff --git a/src/basic/proc-cmdline.h b/src/basic/proc-cmdline.h
|
||||
index 4a9e6e0f62..140200dbf4 100644
|
||||
--- a/src/basic/proc-cmdline.h
|
||||
+++ b/src/basic/proc-cmdline.h
|
||||
@@ -8,6 +8,7 @@
|
||||
enum {
|
||||
PROC_CMDLINE_STRIP_RD_PREFIX = 1,
|
||||
PROC_CMDLINE_VALUE_OPTIONAL = 2,
|
||||
+ PROC_CMDLINE_RD_STRICT = 4
|
||||
};
|
||||
|
||||
typedef int (*proc_cmdline_parse_t)(const char *key, const char *value, void *data);
|
|
@ -0,0 +1,77 @@
|
|||
From 55798355455b9255458d6a705f8766c4dbe3ef73 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Thu, 25 Oct 2018 16:34:00 +0200
|
||||
Subject: [PATCH] debug-generator: introduce rd.* version of all options
|
||||
|
||||
(cherry picked from commit a7dd6d04b07f58df5c0294743d76df0be0b4b928)
|
||||
|
||||
Resolves: #1643429
|
||||
---
|
||||
man/systemd-debug-generator.xml | 27 +++++++++++++++++++--------
|
||||
src/debug-generator/debug-generator.c | 2 +-
|
||||
2 files changed, 20 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-debug-generator.xml b/man/systemd-debug-generator.xml
|
||||
index d5cf4109b0..fa88e8ac01 100644
|
||||
--- a/man/systemd-debug-generator.xml
|
||||
+++ b/man/systemd-debug-generator.xml
|
||||
@@ -33,27 +33,38 @@
|
||||
that reads the kernel command line and understands three
|
||||
options:</para>
|
||||
|
||||
- <para>If the <option>systemd.mask=</option> option is specified
|
||||
- and followed by a unit name, this unit is masked for the runtime,
|
||||
- similar to the effect of
|
||||
+ <para>If the <option>systemd.mask=</option> or <option>rd.systemd.mask=</option>
|
||||
+ option is specified and followed by a unit name, this unit is
|
||||
+ masked for the runtime, similar to the effect of
|
||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||||
<command>mask</command> command. This is useful to boot with
|
||||
certain units removed from the initial boot transaction for
|
||||
- debugging system startup. May be specified more than once.</para>
|
||||
+ debugging system startup. May be specified more than once.
|
||||
+ <option>rd.systemd.mask=</option> is honored only by initial
|
||||
+ RAM disk (initrd) while <option>systemd.mask=</option> is
|
||||
+ honored only in the main system.</para>
|
||||
|
||||
- <para>If the <option>systemd.wants=</option> option is specified
|
||||
+ <para>If the <option>systemd.wants=</option> or
|
||||
+ <option>rd.systemd.wants=</option> option is specified
|
||||
and followed by a unit name, a start job for this unit is added to
|
||||
the initial transaction. This is useful to start one or more
|
||||
- additional units at boot. May be specified more than once.</para>
|
||||
+ additional units at boot. May be specified more than once.
|
||||
+ <option>rd.systemd.wants=</option> is honored only by initial
|
||||
+ RAM disk (initrd) while <option>systemd.wants=</option> is
|
||||
+ honored only in the main system.</para>
|
||||
|
||||
- <para>If the <option>systemd.debug_shell</option> option is
|
||||
+ <para>If the <option>systemd.debug_shell</option> or
|
||||
+ <option>rd.systemd.debug_shell</option> option is
|
||||
specified, the debug shell service
|
||||
<literal>debug-shell.service</literal> is pulled into the boot
|
||||
transaction. It will spawn a debug shell on tty9 during early
|
||||
system startup. Note that the shell may also be turned on
|
||||
persistently by enabling it with
|
||||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||||
- <command>enable</command> command.</para>
|
||||
+ <command>enable</command> command.
|
||||
+ <option>rd.systemd.debug_shell=</option> is honored only by initial
|
||||
+ RAM disk (initrd) while <option>systemd.debug_shell</option> is
|
||||
+ honored only in the main system.</para>
|
||||
|
||||
<para><filename>systemd-debug-generator</filename> implements
|
||||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||||
diff --git a/src/debug-generator/debug-generator.c b/src/debug-generator/debug-generator.c
|
||||
index dd6ab94fa2..800d31cebe 100644
|
||||
--- a/src/debug-generator/debug-generator.c
|
||||
+++ b/src/debug-generator/debug-generator.c
|
||||
@@ -154,7 +154,7 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
umask(0022);
|
||||
|
||||
- r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
|
||||
+ r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_RD_STRICT | PROC_CMDLINE_STRIP_RD_PREFIX);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
|
||||
|
|
@ -0,0 +1,213 @@
|
|||
From 107d75ca9394481bd045385fc45f2ee65b30ad16 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Oct 2018 11:26:59 +0200
|
||||
Subject: [PATCH] chown-recursive: let's rework the recursive logic to use
|
||||
O_PATH
|
||||
|
||||
That way we can pin a specific inode and analyze it and manipulate it
|
||||
without it being swapped out beneath our hands.
|
||||
|
||||
Fixes a vulnerability originally found by Jann Horn from Google.
|
||||
|
||||
CVE-2018-15687
|
||||
LP: #1796692
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1639076
|
||||
|
||||
(cherry-picked from commit 5de6cce58b3e8b79239b6e83653459d91af6e57c)
|
||||
|
||||
Resolves: #1643368
|
||||
---
|
||||
src/core/chown-recursive.c | 146 ++++++++++++++++++-------------------
|
||||
1 file changed, 70 insertions(+), 76 deletions(-)
|
||||
|
||||
diff --git a/src/core/chown-recursive.c b/src/core/chown-recursive.c
|
||||
index c4794501c2..27c64489b5 100644
|
||||
--- a/src/core/chown-recursive.c
|
||||
+++ b/src/core/chown-recursive.c
|
||||
@@ -1,17 +1,19 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
-#include <sys/types.h>
|
||||
-#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <sys/types.h>
|
||||
|
||||
-#include "user-util.h"
|
||||
-#include "macro.h"
|
||||
-#include "fd-util.h"
|
||||
-#include "dirent-util.h"
|
||||
#include "chown-recursive.h"
|
||||
+#include "dirent-util.h"
|
||||
+#include "fd-util.h"
|
||||
+#include "macro.h"
|
||||
+#include "stdio-util.h"
|
||||
+#include "strv.h"
|
||||
+#include "user-util.h"
|
||||
|
||||
-static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid, gid_t gid) {
|
||||
- int r;
|
||||
+static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) {
|
||||
+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(st);
|
||||
@@ -20,90 +22,82 @@ static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid,
|
||||
(!gid_is_valid(gid) || st->st_gid == gid))
|
||||
return 0;
|
||||
|
||||
- if (name)
|
||||
- r = fchownat(fd, name, uid, gid, AT_SYMLINK_NOFOLLOW);
|
||||
- else
|
||||
- r = fchown(fd, uid, gid);
|
||||
- if (r < 0)
|
||||
- return -errno;
|
||||
+ /* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with
|
||||
+ * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */
|
||||
+ xsprintf(procfs_path, "/proc/self/fd/%i", fd);
|
||||
|
||||
- /* The linux kernel alters the mode in some cases of chown(). Let's undo this. */
|
||||
- if (name) {
|
||||
- if (!S_ISLNK(st->st_mode))
|
||||
- r = fchmodat(fd, name, st->st_mode, 0);
|
||||
- else /* There's currently no AT_SYMLINK_NOFOLLOW for fchmodat() */
|
||||
- r = 0;
|
||||
- } else
|
||||
- r = fchmod(fd, st->st_mode);
|
||||
- if (r < 0)
|
||||
+ if (chown(procfs_path, uid, gid) < 0)
|
||||
return -errno;
|
||||
|
||||
+ /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks
|
||||
+ * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file
|
||||
+ * systems trying to change the access mode will succeed but has no effect while on others it actively
|
||||
+ * fails. */
|
||||
+ if (!S_ISLNK(st->st_mode))
|
||||
+ if (chmod(procfs_path, st->st_mode & 07777) < 0)
|
||||
+ return -errno;
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gid_t gid) {
|
||||
+ _cleanup_closedir_ DIR *d = NULL;
|
||||
bool changed = false;
|
||||
+ struct dirent *de;
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(st);
|
||||
|
||||
- if (S_ISDIR(st->st_mode)) {
|
||||
- _cleanup_closedir_ DIR *d = NULL;
|
||||
- struct dirent *de;
|
||||
-
|
||||
- d = fdopendir(fd);
|
||||
- if (!d) {
|
||||
- r = -errno;
|
||||
- goto finish;
|
||||
- }
|
||||
- fd = -1;
|
||||
-
|
||||
- FOREACH_DIRENT_ALL(de, d, r = -errno; goto finish) {
|
||||
- struct stat fst;
|
||||
-
|
||||
- if (dot_or_dot_dot(de->d_name))
|
||||
- continue;
|
||||
-
|
||||
- if (fstatat(dirfd(d), de->d_name, &fst, AT_SYMLINK_NOFOLLOW) < 0) {
|
||||
- r = -errno;
|
||||
- goto finish;
|
||||
- }
|
||||
-
|
||||
- if (S_ISDIR(fst.st_mode)) {
|
||||
- int subdir_fd;
|
||||
-
|
||||
- subdir_fd = openat(dirfd(d), de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
|
||||
- if (subdir_fd < 0) {
|
||||
- r = -errno;
|
||||
- goto finish;
|
||||
- }
|
||||
-
|
||||
- r = chown_recursive_internal(subdir_fd, &fst, uid, gid);
|
||||
- if (r < 0)
|
||||
- goto finish;
|
||||
- if (r > 0)
|
||||
- changed = true;
|
||||
- } else {
|
||||
- r = chown_one(dirfd(d), de->d_name, &fst, uid, gid);
|
||||
- if (r < 0)
|
||||
- goto finish;
|
||||
- if (r > 0)
|
||||
- changed = true;
|
||||
- }
|
||||
+ d = fdopendir(fd);
|
||||
+ if (!d) {
|
||||
+ safe_close(fd);
|
||||
+ return -errno;
|
||||
+ }
|
||||
+
|
||||
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
|
||||
+ _cleanup_close_ int path_fd = -1;
|
||||
+ struct stat fst;
|
||||
+
|
||||
+ if (dot_or_dot_dot(de->d_name))
|
||||
+ continue;
|
||||
+
|
||||
+ /* Let's pin the child inode we want to fix now with an O_PATH fd, so that it cannot be swapped out
|
||||
+ * while we manipulate it. */
|
||||
+ path_fd = openat(dirfd(d), de->d_name, O_PATH|O_CLOEXEC|O_NOFOLLOW);
|
||||
+ if (path_fd < 0)
|
||||
+ return -errno;
|
||||
+
|
||||
+ if (fstat(path_fd, &fst) < 0)
|
||||
+ return -errno;
|
||||
+
|
||||
+ if (S_ISDIR(fst.st_mode)) {
|
||||
+ int subdir_fd;
|
||||
+
|
||||
+ /* Convert it to a "real" (i.e. non-O_PATH) fd now */
|
||||
+ subdir_fd = fd_reopen(path_fd, O_RDONLY|O_CLOEXEC|O_NOATIME);
|
||||
+ if (subdir_fd < 0)
|
||||
+ return subdir_fd;
|
||||
+
|
||||
+ r = chown_recursive_internal(subdir_fd, &fst, uid, gid); /* takes possession of subdir_fd even on failure */
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ if (r > 0)
|
||||
+ changed = true;
|
||||
+ } else {
|
||||
+ r = chown_one(path_fd, &fst, uid, gid);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ if (r > 0)
|
||||
+ changed = true;
|
||||
}
|
||||
+ }
|
||||
|
||||
- r = chown_one(dirfd(d), NULL, st, uid, gid);
|
||||
- } else
|
||||
- r = chown_one(fd, NULL, st, uid, gid);
|
||||
+ r = chown_one(dirfd(d), st, uid, gid);
|
||||
if (r < 0)
|
||||
- goto finish;
|
||||
+ return r;
|
||||
|
||||
- r = r > 0 || changed;
|
||||
-
|
||||
-finish:
|
||||
- safe_close(fd);
|
||||
- return r;
|
||||
+ return r > 0 || changed;
|
||||
}
|
||||
|
||||
int path_chown_recursive(const char *path, uid_t uid, gid_t gid) {
|
||||
@@ -111,7 +105,7 @@ int path_chown_recursive(const char *path, uid_t uid, gid_t gid) {
|
||||
struct stat st;
|
||||
int r;
|
||||
|
||||
- fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
|
||||
+ fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
|
||||
if (fd < 0)
|
||||
return -errno;
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
From bbe9ac11d8d4a8511214605509a593fb9f04ffaa Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Oct 2018 11:28:40 +0200
|
||||
Subject: [PATCH] chown-recursive: also drop ACLs when recursively chown()ing
|
||||
|
||||
Let's better be safe than sorry and also drop ACLs.
|
||||
|
||||
(cherry-picked from commit f89bc84f3242449cbc308892c87573b131f121df)
|
||||
|
||||
Related: #1643368
|
||||
---
|
||||
src/core/chown-recursive.c | 16 ++++++++++++----
|
||||
1 file changed, 12 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/core/chown-recursive.c b/src/core/chown-recursive.c
|
||||
index 27c64489b5..447b771267 100644
|
||||
--- a/src/core/chown-recursive.c
|
||||
+++ b/src/core/chown-recursive.c
|
||||
@@ -3,6 +3,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
+#include <sys/xattr.h>
|
||||
|
||||
#include "chown-recursive.h"
|
||||
#include "dirent-util.h"
|
||||
@@ -14,6 +15,7 @@
|
||||
|
||||
static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) {
|
||||
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
|
||||
+ const char *n;
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(st);
|
||||
@@ -26,13 +28,19 @@ static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) {
|
||||
* O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */
|
||||
xsprintf(procfs_path, "/proc/self/fd/%i", fd);
|
||||
|
||||
+ /* Drop any ACL if there is one */
|
||||
+ FOREACH_STRING(n, "system.posix_acl_access", "system.posix_acl_default")
|
||||
+ if (removexattr(procfs_path, n) < 0)
|
||||
+ if (!IN_SET(errno, ENODATA, EOPNOTSUPP, ENOSYS, ENOTTY))
|
||||
+ return -errno;
|
||||
+
|
||||
if (chown(procfs_path, uid, gid) < 0)
|
||||
return -errno;
|
||||
|
||||
- /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks
|
||||
- * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file
|
||||
- * systems trying to change the access mode will succeed but has no effect while on others it actively
|
||||
- * fails. */
|
||||
+ /* The linux kernel alters the mode in some cases of chown(), as well when we change ACLs. Let's undo this. We
|
||||
+ * do this only for non-symlinks however. That's because for symlinks the access mode is ignored anyway and
|
||||
+ * because on some kernels/file systems trying to change the access mode will succeed but has no effect while
|
||||
+ * on others it actively fails. */
|
||||
if (!S_ISLNK(st->st_mode))
|
||||
if (chmod(procfs_path, st->st_mode & 07777) < 0)
|
||||
return -errno;
|
|
@ -0,0 +1,34 @@
|
|||
From c9630164b869e109bf2960968fc583449ccf0875 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Oct 2018 11:42:11 +0200
|
||||
Subject: [PATCH] chown-recursive: TAKE_FD() is your friend
|
||||
|
||||
(cherry-picked from commit cd6b7d50c337b3676a3d5fc2188ff298dcbdb939)
|
||||
|
||||
Related: #1643368
|
||||
---
|
||||
src/core/chown-recursive.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/core/chown-recursive.c b/src/core/chown-recursive.c
|
||||
index 447b771267..7767301f7d 100644
|
||||
--- a/src/core/chown-recursive.c
|
||||
+++ b/src/core/chown-recursive.c
|
||||
@@ -111,7 +111,6 @@ static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gi
|
||||
int path_chown_recursive(const char *path, uid_t uid, gid_t gid) {
|
||||
_cleanup_close_ int fd = -1;
|
||||
struct stat st;
|
||||
- int r;
|
||||
|
||||
fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
|
||||
if (fd < 0)
|
||||
@@ -130,8 +129,5 @@ int path_chown_recursive(const char *path, uid_t uid, gid_t gid) {
|
||||
(!gid_is_valid(gid) || st.st_gid == gid))
|
||||
return 0;
|
||||
|
||||
- r = chown_recursive_internal(fd, &st, uid, gid);
|
||||
- fd = -1; /* we donated the fd to the call, regardless if it succeeded or failed */
|
||||
-
|
||||
- return r;
|
||||
+ return chown_recursive_internal(TAKE_FD(fd), &st, uid, gid); /* we donate the fd to the call, regardless if it succeeded or failed */
|
||||
}
|
|
@ -0,0 +1,200 @@
|
|||
From b53f89d56a5b7528735ddf335f8b47ab3e1a947a Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 19 Oct 2018 11:31:37 +0200
|
||||
Subject: [PATCH] test: add test case for recursive chown()ing
|
||||
|
||||
[msekleta: I removed call to log_test_skipped() and replaced it with older construct log_info() + return EXIT_TEST_SKIP]
|
||||
|
||||
(cherry-picked from commit cb9e44db36caefcbb8ee7a12e14217305ed69ff2)
|
||||
|
||||
Related: #1643368
|
||||
---
|
||||
src/test/meson.build | 5 ++
|
||||
src/test/test-chown-rec.c | 162 ++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 167 insertions(+)
|
||||
create mode 100644 src/test/test-chown-rec.c
|
||||
|
||||
diff --git a/src/test/meson.build b/src/test/meson.build
|
||||
index 7da7e3a22c..b982251b1f 100644
|
||||
--- a/src/test/meson.build
|
||||
+++ b/src/test/meson.build
|
||||
@@ -60,6 +60,11 @@ tests += [
|
||||
libmount,
|
||||
libblkid]],
|
||||
|
||||
+ [['src/test/test-chown-rec.c'],
|
||||
+ [libcore,
|
||||
+ libshared],
|
||||
+ []],
|
||||
+
|
||||
[['src/test/test-job-type.c'],
|
||||
[libcore,
|
||||
libshared],
|
||||
diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
|
||||
new file mode 100644
|
||||
index 0000000000..f16d4d4ba2
|
||||
--- /dev/null
|
||||
+++ b/src/test/test-chown-rec.c
|
||||
@@ -0,0 +1,162 @@
|
||||
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
+
|
||||
+#include <sys/xattr.h>
|
||||
+
|
||||
+#include "alloc-util.h"
|
||||
+#include "chown-recursive.h"
|
||||
+#include "fileio.h"
|
||||
+#include "log.h"
|
||||
+#include "rm-rf.h"
|
||||
+#include "string-util.h"
|
||||
+#include "tests.h"
|
||||
+
|
||||
+static const uint8_t acl[] = {
|
||||
+ 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x02, 0x00, 0x07, 0x00,
|
||||
+ 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x10, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x20, 0x00, 0x05, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff,
|
||||
+};
|
||||
+
|
||||
+static const uint8_t default_acl[] = {
|
||||
+ 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x04, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x08, 0x00, 0x07, 0x00,
|
||||
+ 0x04, 0x00, 0x00, 0x00, 0x10, 0x00, 0x07, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff, 0x20, 0x00, 0x05, 0x00,
|
||||
+ 0xff, 0xff, 0xff, 0xff,
|
||||
+};
|
||||
+
|
||||
+static bool has_xattr(const char *p) {
|
||||
+ char buffer[sizeof(acl) * 4];
|
||||
+
|
||||
+ if (lgetxattr(p, "system.posix_acl_access", buffer, sizeof(buffer)) < 0) {
|
||||
+ if (IN_SET(errno, EOPNOTSUPP, ENOTTY, ENODATA, ENOSYS))
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+static void test_chown_recursive(void) {
|
||||
+ _cleanup_(rm_rf_physical_and_freep) char *t = NULL;
|
||||
+ struct stat st;
|
||||
+ const char *p;
|
||||
+
|
||||
+ umask(022);
|
||||
+ assert_se(mkdtemp_malloc(NULL, &t) >= 0);
|
||||
+
|
||||
+ p = strjoina(t, "/dir");
|
||||
+ assert_se(mkdir(p, 0777) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISDIR(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/symlink");
|
||||
+ assert_se(symlink("../../", p) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISLNK(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0777);
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/reg");
|
||||
+ assert_se(mknod(p, S_IFREG|0777, 0) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISREG(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/sock");
|
||||
+ assert_se(mknod(p, S_IFSOCK|0777, 0) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISSOCK(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/fifo");
|
||||
+ assert_se(mknod(p, S_IFIFO|0777, 0) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISFIFO(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ /* We now apply an xattr to the dir, and check it again */
|
||||
+ p = strjoina(t, "/dir");
|
||||
+ assert_se(setxattr(p, "system.posix_acl_access", acl, sizeof(acl), 0) >= 0);
|
||||
+ assert_se(setxattr(p, "system.posix_acl_default", default_acl, sizeof(default_acl), 0) >= 0);
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISDIR(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0775); /* acl change changed the mode too */
|
||||
+ assert_se(st.st_uid == 0);
|
||||
+ assert_se(st.st_gid == 0);
|
||||
+ assert_se(has_xattr(p));
|
||||
+
|
||||
+ assert_se(path_chown_recursive(t, 1, 2) >= 0);
|
||||
+
|
||||
+ p = strjoina(t, "/dir");
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISDIR(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0775);
|
||||
+ assert_se(st.st_uid == 1);
|
||||
+ assert_se(st.st_gid == 2);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/symlink");
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISLNK(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0777);
|
||||
+ assert_se(st.st_uid == 1);
|
||||
+ assert_se(st.st_gid == 2);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/reg");
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISREG(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 1);
|
||||
+ assert_se(st.st_gid == 2);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/sock");
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISSOCK(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 1);
|
||||
+ assert_se(st.st_gid == 2);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+
|
||||
+ p = strjoina(t, "/dir/fifo");
|
||||
+ assert_se(lstat(p, &st) >= 0);
|
||||
+ assert_se(S_ISFIFO(st.st_mode));
|
||||
+ assert_se((st.st_mode & 07777) == 0755);
|
||||
+ assert_se(st.st_uid == 1);
|
||||
+ assert_se(st.st_gid == 2);
|
||||
+ assert_se(!has_xattr(p));
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char *argv[]) {
|
||||
+ log_set_max_level(LOG_DEBUG);
|
||||
+ log_parse_environment();
|
||||
+ log_open();
|
||||
+
|
||||
+ if (geteuid() != 0) {
|
||||
+ log_info("not running as root");
|
||||
+ return EXIT_TEST_SKIP;
|
||||
+ }
|
||||
+
|
||||
+ test_chown_recursive();
|
||||
+
|
||||
+ return EXIT_SUCCESS;
|
||||
+}
|
|
@ -0,0 +1,32 @@
|
|||
From 730ce6562f8a5f4a61d1ed3ffb4d65fa27b728fc Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
|
||||
Date: Fri, 17 Aug 2018 21:31:05 +0200
|
||||
Subject: [PATCH] Revert "sysctl.d: request ECN on both in and outgoing
|
||||
connections"
|
||||
|
||||
Turning on ECN still causes slow or broken network on linux. Our tcp
|
||||
is not yet ready for wide spread use of ECN.
|
||||
|
||||
This reverts commit 919472741dba6ad0a3f6c2b76d390a02d0e2fdc3.
|
||||
|
||||
(cherry picked from commit 1e190dfd5bb95036f937ef1dc46f43eb0a146612)
|
||||
|
||||
Resolves: #1619790
|
||||
---
|
||||
sysctl.d/50-default.conf | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
|
||||
index b67ae87ca6..e263cf0628 100644
|
||||
--- a/sysctl.d/50-default.conf
|
||||
+++ b/sysctl.d/50-default.conf
|
||||
@@ -33,9 +33,6 @@ net.ipv4.conf.all.promote_secondaries = 1
|
||||
# Fair Queue CoDel packet scheduler to fight bufferbloat
|
||||
net.core.default_qdisc = fq_codel
|
||||
|
||||
-# Request Explicit Congestion Notification (ECN) on both in and outgoing connections
|
||||
-net.ipv4.tcp_ecn = 1
|
||||
-
|
||||
# Enable hard and soft link protection
|
||||
fs.protected_hardlinks = 1
|
||||
fs.protected_symlinks = 1
|
|
@ -0,0 +1,84 @@
|
|||
From 886e5b028953404f2d924b561c0689d3e50dbbf4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 13 Sep 2018 09:24:36 +0200
|
||||
Subject: [PATCH] detect-virt: do not try to read all of /proc/cpuinfo
|
||||
|
||||
Quoting https://github.com/systemd/systemd/issues/10074:
|
||||
> detect_vm_uml() reads /proc/cpuinfo with read_full_file()
|
||||
> read_full_file() has a file max limit size of READ_FULL_BYTES_MAX=(4U*1024U*1024U)
|
||||
> Unfortunately, the size of my /proc/cpuinfo is bigger, approximately:
|
||||
> echo $(( 4* $(cat /proc/cpuinfo | wc -c)))
|
||||
> 9918072
|
||||
> This causes read_full_file() to fail and the Condition test fallout.
|
||||
|
||||
Let's just read line by line until we find an intersting line. This also
|
||||
helps if not running under UML, because we avoid reading as much data.
|
||||
|
||||
(cherry picked from commit 6058516a14ada1748313af6783f5b4e7e3006654)
|
||||
|
||||
Resolves: #1631532
|
||||
---
|
||||
src/basic/virt.c | 38 ++++++++++++++++++++++++++++----------
|
||||
1 file changed, 28 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/basic/virt.c b/src/basic/virt.c
|
||||
index d347732bb3..e05b3e6d99 100644
|
||||
--- a/src/basic/virt.c
|
||||
+++ b/src/basic/virt.c
|
||||
@@ -11,6 +11,7 @@
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "dirent-util.h"
|
||||
+#include "def.h"
|
||||
#include "env-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
@@ -259,21 +260,38 @@ static int detect_vm_hypervisor(void) {
|
||||
}
|
||||
|
||||
static int detect_vm_uml(void) {
|
||||
- _cleanup_free_ char *cpuinfo_contents = NULL;
|
||||
+ _cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
/* Detect User-Mode Linux by reading /proc/cpuinfo */
|
||||
- r = read_full_file("/proc/cpuinfo", &cpuinfo_contents, NULL);
|
||||
- if (r == -ENOENT) {
|
||||
- log_debug("/proc/cpuinfo not found, assuming no UML virtualization.");
|
||||
- return VIRTUALIZATION_NONE;
|
||||
+ f = fopen("/proc/cpuinfo", "re");
|
||||
+ if (!f) {
|
||||
+ if (errno == ENOENT) {
|
||||
+ log_debug("/proc/cpuinfo not found, assuming no UML virtualization.");
|
||||
+ return VIRTUALIZATION_NONE;
|
||||
+ }
|
||||
+ return -errno;
|
||||
}
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
|
||||
- if (strstr(cpuinfo_contents, "\nvendor_id\t: User Mode Linux\n")) {
|
||||
- log_debug("UML virtualization found in /proc/cpuinfo");
|
||||
- return VIRTUALIZATION_UML;
|
||||
+ for (;;) {
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
+ const char *t;
|
||||
+
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ if (r == 0)
|
||||
+ break;
|
||||
+
|
||||
+ t = startswith(line, "vendor_id\t: ");
|
||||
+ if (t) {
|
||||
+ if (startswith(t, "User Mode Linux")) {
|
||||
+ log_debug("UML virtualization found in /proc/cpuinfo");
|
||||
+ return VIRTUALIZATION_UML;
|
||||
+ }
|
||||
+
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
log_debug("UML virtualization not found in /proc/cpuinfo.");
|
|
@ -0,0 +1,166 @@
|
|||
From eb141ba81158feb74118da4e7a3f2266b11ffe10 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Mon, 9 Jul 2018 08:06:28 +0200
|
||||
Subject: [PATCH] sd-bus: unify three code-paths which free struct
|
||||
bus_container
|
||||
|
||||
We didn't free one of the fields in two of the places.
|
||||
|
||||
$ valgrind --show-leak-kinds=all --leak-check=full \
|
||||
build/fuzz-bus-message \
|
||||
test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
|
||||
...
|
||||
==14457== HEAP SUMMARY:
|
||||
==14457== in use at exit: 3 bytes in 1 blocks
|
||||
==14457== total heap usage: 509 allocs, 508 frees, 51,016 bytes allocated
|
||||
==14457==
|
||||
==14457== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
|
||||
==14457== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
|
||||
==14457== by 0x53AFE79: strndup (in /usr/lib64/libc-2.27.so)
|
||||
==14457== by 0x4F52EB8: free_and_strndup (string-util.c:1039)
|
||||
==14457== by 0x4F8E1AB: sd_bus_message_peek_type (bus-message.c:4193)
|
||||
==14457== by 0x4F76CB5: bus_message_dump (bus-dump.c:144)
|
||||
==14457== by 0x108F12: LLVMFuzzerTestOneInput (fuzz-bus-message.c:24)
|
||||
==14457== by 0x1090F7: main (fuzz-main.c:34)
|
||||
==14457==
|
||||
==14457== LEAK SUMMARY:
|
||||
==14457== definitely lost: 3 bytes in 1 blocks
|
||||
|
||||
(cherry picked from commit 6d1e0f4fcba8d6f425da3dc91805db95399b3c8b)
|
||||
Resolves: #1635435
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-message.c | 64 +++++++++---------
|
||||
...k-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20 | Bin 0 -> 534 bytes
|
||||
2 files changed, 32 insertions(+), 32 deletions(-)
|
||||
create mode 100644 test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
||||
index 7c8bad2bdd..d55cb14843 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-message.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-message.c
|
||||
@@ -77,19 +77,38 @@ static void message_reset_parts(sd_bus_message *m) {
|
||||
m->cached_rindex_part_begin = 0;
|
||||
}
|
||||
|
||||
-static void message_reset_containers(sd_bus_message *m) {
|
||||
- unsigned i;
|
||||
+static struct bus_container *message_get_container(sd_bus_message *m) {
|
||||
+ assert(m);
|
||||
+
|
||||
+ if (m->n_containers == 0)
|
||||
+ return &m->root_container;
|
||||
+
|
||||
+ assert(m->containers);
|
||||
+ return m->containers + m->n_containers - 1;
|
||||
+}
|
||||
+
|
||||
+static void message_free_last_container(sd_bus_message *m) {
|
||||
+ struct bus_container *c;
|
||||
+
|
||||
+ c = message_get_container(m);
|
||||
+
|
||||
+ free(c->signature);
|
||||
+ free(c->peeked_signature);
|
||||
+ free(c->offsets);
|
||||
+
|
||||
+ /* Move to previous container, but not if we are on root container */
|
||||
+ if (m->n_containers > 0)
|
||||
+ m->n_containers--;
|
||||
+}
|
||||
|
||||
+static void message_reset_containers(sd_bus_message *m) {
|
||||
assert(m);
|
||||
|
||||
- for (i = 0; i < m->n_containers; i++) {
|
||||
- free(m->containers[i].signature);
|
||||
- free(m->containers[i].offsets);
|
||||
- }
|
||||
+ while (m->n_containers > 0)
|
||||
+ message_free_last_container(m);
|
||||
|
||||
m->containers = mfree(m->containers);
|
||||
-
|
||||
- m->n_containers = m->containers_allocated = 0;
|
||||
+ m->containers_allocated = 0;
|
||||
m->root_container.index = 0;
|
||||
}
|
||||
|
||||
@@ -112,10 +131,8 @@ static sd_bus_message* message_free(sd_bus_message *m) {
|
||||
free(m->iovec);
|
||||
|
||||
message_reset_containers(m);
|
||||
- free(m->root_container.signature);
|
||||
- free(m->root_container.offsets);
|
||||
-
|
||||
- free(m->root_container.peeked_signature);
|
||||
+ assert(m->n_containers == 0);
|
||||
+ message_free_last_container(m);
|
||||
|
||||
bus_creds_done(&m->creds);
|
||||
return mfree(m);
|
||||
@@ -1113,16 +1130,6 @@ _public_ int sd_bus_message_set_allow_interactive_authorization(sd_bus_message *
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static struct bus_container *message_get_container(sd_bus_message *m) {
|
||||
- assert(m);
|
||||
-
|
||||
- if (m->n_containers == 0)
|
||||
- return &m->root_container;
|
||||
-
|
||||
- assert(m->containers);
|
||||
- return m->containers + m->n_containers - 1;
|
||||
-}
|
||||
-
|
||||
struct bus_body_part *message_append_part(sd_bus_message *m) {
|
||||
struct bus_body_part *part;
|
||||
|
||||
@@ -4108,13 +4115,9 @@ _public_ int sd_bus_message_exit_container(sd_bus_message *m) {
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
- free(c->signature);
|
||||
- free(c->peeked_signature);
|
||||
- free(c->offsets);
|
||||
- m->n_containers--;
|
||||
+ message_free_last_container(m);
|
||||
|
||||
c = message_get_container(m);
|
||||
-
|
||||
saved = c->index;
|
||||
c->index = c->saved_index;
|
||||
r = container_next_item(m, c, &m->rindex);
|
||||
@@ -4132,16 +4135,13 @@ static void message_quit_container(sd_bus_message *m) {
|
||||
assert(m->sealed);
|
||||
assert(m->n_containers > 0);
|
||||
|
||||
- c = message_get_container(m);
|
||||
-
|
||||
/* Undo seeks */
|
||||
+ c = message_get_container(m);
|
||||
assert(m->rindex >= c->before);
|
||||
m->rindex = c->before;
|
||||
|
||||
/* Free container */
|
||||
- free(c->signature);
|
||||
- free(c->offsets);
|
||||
- m->n_containers--;
|
||||
+ message_free_last_container(m);
|
||||
|
||||
/* Correct index of new top-level container */
|
||||
c = message_get_container(m);
|
||||
diff --git a/test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20 b/test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..c371824ffb604708619fd0713e8fca609bac18f7
|
||||
GIT binary patch
|
||||
literal 534
|
||||
zcmZ{h!A`?442GSJP20o?A&zJgm*%p<cmZx)c?GB2N~MZabq0zMhzqX`{7ze`LYk$&
|
||||
z_LnqH{-ic!J`GWMLG(>T#&`l!4rxq{&>8YmwQrOs;B(}I_m11m8`nFp<MR{a3sX`q
|
||||
z!cs!Q@A35`W+B>`#ek1>oQYVSs`!XH?7Y=}3y9Ye+UliL9^x9s66$8wH+TPdOG`n|
|
||||
z5Uhx<nM2)KiEdF(J5Ct}Xa*iksL!VNssA<Hq<KDseGAsT^*)9kK$?O39;dyGTv
|
||||
zLhpD3X)k6@tX`CzbBVV-7e$fy9()CjJ&n(=^)uJCKFB5Xi}-<1ru7po5XlEJ?uByQ
|
||||
MaEPzRhwknF02{PjtN;K2
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 220a60a61a91153fd8e49e58884b9b0b904888f6 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Wed, 31 Oct 2018 12:50:19 +0100
|
||||
Subject: [PATCH] sd-bus: properly initialize containers
|
||||
|
||||
Fixes a SIGSEGV introduced by commit 38a5315a3a6fab745d8c86ff9e486faaf50b28d1.
|
||||
The same problem doesn't exist upstream, as the container structure
|
||||
there is initialized using a compound literal, which is zeroed out by
|
||||
default.
|
||||
|
||||
Related: #1635435
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-message.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
||||
index d55cb14843..780c8c6185 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-message.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-message.c
|
||||
@@ -2004,6 +2004,7 @@ _public_ int sd_bus_message_open_container(
|
||||
w = m->containers + m->n_containers++;
|
||||
w->enclosing = type;
|
||||
w->signature = TAKE_PTR(signature);
|
||||
+ w->peeked_signature = NULL;
|
||||
w->index = 0;
|
||||
w->array_size = array_size;
|
||||
w->before = before;
|
|
@ -0,0 +1,240 @@
|
|||
From 0977e6b34fb5f28fc94f1df32261742881fa9bbe Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 30 Aug 2018 08:45:11 +0000
|
||||
Subject: [PATCH] cryptsetup-generator: introduce basic keydev support
|
||||
|
||||
Dracut has a support for unlocking encrypted drives with keyfile stored
|
||||
on the external drive. This support is included in the generated initrd
|
||||
only if systemd module is not included.
|
||||
|
||||
When systemd is used in initrd then attachment of encrypted drives is
|
||||
handled by systemd-cryptsetup tools. Our generator has support for
|
||||
keyfile, however, it didn't support keyfile on the external block
|
||||
device (keydev).
|
||||
|
||||
This commit introduces basic keydev support. Keydev can be specified per
|
||||
luks.uuid on the kernel command line. Keydev is automatically mounted
|
||||
during boot and we look for keyfile in the keydev
|
||||
mountpoint (i.e. keyfile path is prefixed with the keydev mount point
|
||||
path). After crypt device is attached we automatically unmount
|
||||
where keyfile resides.
|
||||
|
||||
Example:
|
||||
rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV
|
||||
|
||||
(cherry-picked from commit 70f5f48eb891b12e969577b464de61e15a2593da)
|
||||
|
||||
Resolves: #1656869
|
||||
---
|
||||
man/systemd-cryptsetup-generator.xml | 14 ++++
|
||||
src/cryptsetup/cryptsetup-generator.c | 105 +++++++++++++++++++++++++-
|
||||
2 files changed, 115 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml
|
||||
index c37ee76b87..e30d69bfe7 100644
|
||||
--- a/man/systemd-cryptsetup-generator.xml
|
||||
+++ b/man/systemd-cryptsetup-generator.xml
|
||||
@@ -144,6 +144,20 @@
|
||||
to the one specified by <varname>rd.luks.key=</varname> or
|
||||
<varname>luks.key=</varname> of the corresponding UUID, or the
|
||||
password file that was specified without a UUID.</para>
|
||||
+
|
||||
+ <para>It is also possible to specify an external device which
|
||||
+ should be mounted before we attempt to unlock the LUKS device.
|
||||
+ systemd-cryptsetup will use password file stored on that
|
||||
+ device. Device containing password file is specified by
|
||||
+ appending colon and a device identifier to the password file
|
||||
+ path. For example,
|
||||
+ <varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
|
||||
+ <varname>rd.luks.key=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
|
||||
+ Hence, in this case, we will attempt to mount file system
|
||||
+ residing on the block device with label <literal>keydev</literal>.
|
||||
+ This syntax is for now only supported on a per-device basis,
|
||||
+ i.e. you have to specify LUKS device UUID.</para>
|
||||
+
|
||||
<para><varname>rd.luks.key=</varname>
|
||||
is honored only by initial RAM disk
|
||||
(initrd) while
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index f5a81829b9..8c7a76e789 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct crypto_device {
|
||||
char *uuid;
|
||||
char *keyfile;
|
||||
+ char *keydev;
|
||||
char *name;
|
||||
char *options;
|
||||
bool create;
|
||||
@@ -37,14 +38,71 @@ static Hashmap *arg_disks = NULL;
|
||||
static char *arg_default_options = NULL;
|
||||
static char *arg_default_keyfile = NULL;
|
||||
|
||||
+static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) {
|
||||
+ _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL;
|
||||
+ _cleanup_fclose_ FILE *f = NULL;
|
||||
+ int r;
|
||||
+
|
||||
+ assert(name);
|
||||
+ assert(keydev);
|
||||
+ assert(unit);
|
||||
+ assert(mount);
|
||||
+
|
||||
+ r = mkdir_parents("/run/systemd/cryptsetup", 0755);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ r = mkdir("/run/systemd/cryptsetup", 0700);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ where = strjoin("/run/systemd/cryptsetup/keydev-", name);
|
||||
+ if (!where)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ r = mkdir(where, 0700);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ r = unit_name_from_path(where, ".mount", &u);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ r = generator_open_unit_file(arg_dest, NULL, u, &f);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ what = fstab_node_to_udev_node(keydev);
|
||||
+ if (!what)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ fprintf(f,
|
||||
+ "[Unit]\n"
|
||||
+ "DefaultDependencies=no\n\n"
|
||||
+ "[Mount]\n"
|
||||
+ "What=%s\n"
|
||||
+ "Where=%s\n"
|
||||
+ "Options=ro\n", what, where);
|
||||
+
|
||||
+ r = fflush_and_check(f);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
+ *unit = TAKE_PTR(u);
|
||||
+ *mount = TAKE_PTR(where);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int create_disk(
|
||||
const char *name,
|
||||
const char *device,
|
||||
+ const char *keydev,
|
||||
const char *password,
|
||||
const char *options) {
|
||||
|
||||
_cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL,
|
||||
- *filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL;
|
||||
+ *filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL, *keydev_mount = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
const char *dmname;
|
||||
bool noauto, nofail, tmp, swap, netdev;
|
||||
@@ -94,6 +152,9 @@ static int create_disk(
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
+ if (keydev && !password)
|
||||
+ return log_error_errno(-EINVAL, "Keydev is specified, but path to the password file is missing: %m");
|
||||
+
|
||||
r = generator_open_unit_file(arg_dest, NULL, n, &f);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@@ -109,6 +170,20 @@ static int create_disk(
|
||||
"After=%s\n",
|
||||
netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
|
||||
|
||||
+ if (keydev) {
|
||||
+ _cleanup_free_ char *unit = NULL, *p = NULL;
|
||||
+
|
||||
+ r = generate_keydev_mount(name, keydev, &unit, &keydev_mount);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to generate keydev mount unit: %m");
|
||||
+
|
||||
+ p = prefix_root(keydev_mount, password_escaped);
|
||||
+ if (!p)
|
||||
+ return log_oom();
|
||||
+
|
||||
+ free_and_replace(password_escaped, p);
|
||||
+ }
|
||||
+
|
||||
if (!nofail)
|
||||
fprintf(f,
|
||||
"Before=%s\n",
|
||||
@@ -186,6 +261,11 @@ static int create_disk(
|
||||
"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
|
||||
name_escaped);
|
||||
|
||||
+ if (keydev)
|
||||
+ fprintf(f,
|
||||
+ "ExecStartPost=" UMOUNT_PATH " %s\n\n",
|
||||
+ keydev_mount);
|
||||
+
|
||||
r = fflush_and_check(f);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to write unit file %s: %m", n);
|
||||
@@ -221,6 +301,7 @@ static int create_disk(
|
||||
static void crypt_device_free(crypto_device *d) {
|
||||
free(d->uuid);
|
||||
free(d->keyfile);
|
||||
+ free(d->keydev);
|
||||
free(d->name);
|
||||
free(d->options);
|
||||
free(d);
|
||||
@@ -309,11 +390,27 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
||||
|
||||
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
||||
if (r == 2) {
|
||||
+ char *c;
|
||||
+ _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
|
||||
+
|
||||
d = get_crypto_device(uuid);
|
||||
if (!d)
|
||||
return log_oom();
|
||||
|
||||
- free_and_replace(d->keyfile, uuid_value);
|
||||
+ c = strrchr(uuid_value, ':');
|
||||
+ if (!c)
|
||||
+ /* No keydev specified */
|
||||
+ return free_and_replace(d->keyfile, uuid_value);
|
||||
+
|
||||
+ *c = '\0';
|
||||
+ keyfile = strdup(uuid_value);
|
||||
+ keydev = strdup(++c);
|
||||
+
|
||||
+ if (!keyfile || !keydev)
|
||||
+ return log_oom();
|
||||
+
|
||||
+ free_and_replace(d->keyfile, keyfile);
|
||||
+ free_and_replace(d->keydev, keydev);
|
||||
} else if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
||||
return log_oom();
|
||||
|
||||
@@ -394,7 +491,7 @@ static int add_crypttab_devices(void) {
|
||||
continue;
|
||||
}
|
||||
|
||||
- r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
|
||||
+ r = create_disk(name, device, NULL, keyfile, (d && d->options) ? d->options : options);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@@ -434,7 +531,7 @@ static int add_proc_cmdline_devices(void) {
|
||||
else
|
||||
options = "timeout=0";
|
||||
|
||||
- r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, options);
|
||||
+ r = create_disk(d->name, device, d->keydev, d->keyfile ?: arg_default_keyfile, options);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
From 95bfd1d2f52698604e44c17dba2082f61b5f8eab Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 5 Oct 2018 22:37:37 +0200
|
||||
Subject: [PATCH] cryptsetup: don't use %m if there's no error to show
|
||||
|
||||
We are not the ones receiving an error here, but the ones generating it,
|
||||
hence we shouldn't show it with %m, that's just confusing, as it
|
||||
suggests we received an error from some other call.
|
||||
|
||||
(cherry-picked from commit 2abe64666e544be6499f870618185f8819b4c152)
|
||||
|
||||
Related: #1656869
|
||||
---
|
||||
src/cryptsetup/cryptsetup-generator.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index 8c7a76e789..52391bd185 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -152,8 +152,10 @@ static int create_disk(
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
- if (keydev && !password)
|
||||
- return log_error_errno(-EINVAL, "Keydev is specified, but path to the password file is missing: %m");
|
||||
+ if (keydev && !password) {
|
||||
+ log_error("Key device is specified, but path to the password file is missing.");
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
|
||||
r = generator_open_unit_file(arg_dest, NULL, n, &f);
|
||||
if (r < 0)
|
|
@ -0,0 +1,38 @@
|
|||
From 81df5f597257bd2579246de6182c4949b27396eb Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 4 Sep 2018 19:51:14 +0200
|
||||
Subject: [PATCH] cryptsetup-generator: don't return error if target directory
|
||||
already exists
|
||||
|
||||
(cherry-picked from commit 579875bc4a59b917fa32519e3d96d56dc591ad1e)
|
||||
|
||||
Related: #1656869
|
||||
---
|
||||
src/cryptsetup/cryptsetup-generator.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index 52391bd185..03c513c26e 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -53,16 +53,16 @@ static int generate_keydev_mount(const char *name, const char *keydev, char **un
|
||||
return r;
|
||||
|
||||
r = mkdir("/run/systemd/cryptsetup", 0700);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
+ if (r < 0 && errno != EEXIST)
|
||||
+ return -errno;
|
||||
|
||||
where = strjoin("/run/systemd/cryptsetup/keydev-", name);
|
||||
if (!where)
|
||||
return -ENOMEM;
|
||||
|
||||
r = mkdir(where, 0700);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
+ if (r < 0 && errno != EEXIST)
|
||||
+ return -errno;
|
||||
|
||||
r = unit_name_from_path(where, ".mount", &u);
|
||||
if (r < 0)
|
|
@ -0,0 +1,129 @@
|
|||
From 2a4d58bb2ab9ba5487785cc167932440a4f0c13d Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 4 Sep 2018 20:03:34 +0200
|
||||
Subject: [PATCH] cryptsetup-generator: allow whitespace characters in keydev
|
||||
specification
|
||||
|
||||
For example, <luks.uuid>=/keyfile:LABEL="KEYFILE FS" previously wouldn't
|
||||
work, because we truncated label at the first whitespace character,
|
||||
i.e. LABEL="KEYFILE".
|
||||
|
||||
(cherry-picked from commit 7949dfa73a44ae6524779689483d12243dfbcfdf)
|
||||
|
||||
Related: #1656869
|
||||
---
|
||||
src/cryptsetup/cryptsetup-generator.c | 64 ++++++++++++++++++---------
|
||||
1 file changed, 43 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index 03c513c26e..52c1262728 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -5,11 +5,13 @@
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "dropin.h"
|
||||
+#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
#include "fstab-util.h"
|
||||
#include "generator.h"
|
||||
#include "hashmap.h"
|
||||
+#include "id128-util.h"
|
||||
#include "log.h"
|
||||
#include "mkdir.h"
|
||||
#include "parse-util.h"
|
||||
@@ -39,7 +41,7 @@ static char *arg_default_options = NULL;
|
||||
static char *arg_default_keyfile = NULL;
|
||||
|
||||
static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) {
|
||||
- _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL;
|
||||
+ _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
@@ -56,7 +58,11 @@ static int generate_keydev_mount(const char *name, const char *keydev, char **un
|
||||
if (r < 0 && errno != EEXIST)
|
||||
return -errno;
|
||||
|
||||
- where = strjoin("/run/systemd/cryptsetup/keydev-", name);
|
||||
+ name_escaped = cescape(name);
|
||||
+ if (!name_escaped)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped);
|
||||
if (!where)
|
||||
return -ENOMEM;
|
||||
|
||||
@@ -386,36 +392,52 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
||||
return log_oom();
|
||||
|
||||
} else if (streq(key, "luks.key")) {
|
||||
+ size_t n;
|
||||
+ _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
|
||||
+ char *c;
|
||||
+ const char *keyspec;
|
||||
|
||||
if (proc_cmdline_value_missing(key, value))
|
||||
return 0;
|
||||
|
||||
- r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
||||
- if (r == 2) {
|
||||
- char *c;
|
||||
- _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
|
||||
+ n = strspn(value, LETTERS DIGITS "-");
|
||||
+ if (value[n] != '=') {
|
||||
+ if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
||||
+ return log_oom();
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
- d = get_crypto_device(uuid);
|
||||
- if (!d)
|
||||
- return log_oom();
|
||||
+ uuid = strndup(value, n);
|
||||
+ if (!uuid)
|
||||
+ return log_oom();
|
||||
|
||||
- c = strrchr(uuid_value, ':');
|
||||
- if (!c)
|
||||
- /* No keydev specified */
|
||||
- return free_and_replace(d->keyfile, uuid_value);
|
||||
+ if (!id128_is_valid(uuid)) {
|
||||
+ log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring.");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ d = get_crypto_device(uuid);
|
||||
+ if (!d)
|
||||
+ return log_oom();
|
||||
|
||||
- *c = '\0';
|
||||
- keyfile = strdup(uuid_value);
|
||||
- keydev = strdup(++c);
|
||||
+ keyspec = value + n + 1;
|
||||
+ c = strrchr(keyspec, ':');
|
||||
+ if (c) {
|
||||
+ *c = '\0';
|
||||
+ keyfile = strdup(keyspec);
|
||||
+ keydev = strdup(c + 1);
|
||||
|
||||
if (!keyfile || !keydev)
|
||||
return log_oom();
|
||||
+ } else {
|
||||
+ /* No keydev specified */
|
||||
+ keyfile = strdup(keyspec);
|
||||
+ if (!keyfile)
|
||||
+ return log_oom();
|
||||
+ }
|
||||
|
||||
- free_and_replace(d->keyfile, keyfile);
|
||||
- free_and_replace(d->keydev, keydev);
|
||||
- } else if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
||||
- return log_oom();
|
||||
-
|
||||
+ free_and_replace(d->keyfile, keyfile);
|
||||
+ free_and_replace(d->keydev, keydev);
|
||||
} else if (streq(key, "luks.name")) {
|
||||
|
||||
if (proc_cmdline_value_missing(key, value))
|
|
@ -0,0 +1,25 @@
|
|||
From c16785e970b83590fc9de4ea0f7e410470d88db5 Mon Sep 17 00:00:00 2001
|
||||
From: Vojtech Trefny <vtrefny@redhat.com>
|
||||
Date: Tue, 4 Dec 2018 16:47:36 +0100
|
||||
Subject: [PATCH] rules: watch metadata changes on DASD devices
|
||||
|
||||
To make sure the change event is emitted and udev db is updated
|
||||
after metadata changes.
|
||||
|
||||
(cherry picked from commit 38397c8ce044fdc0138c9919168a856c0e16f720)
|
||||
|
||||
Resolves: #1638676
|
||||
---
|
||||
rules/60-block.rules | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rules/60-block.rules b/rules/60-block.rules
|
||||
index 343fc06f85..a1458e9188 100644
|
||||
--- a/rules/60-block.rules
|
||||
+++ b/rules/60-block.rules
|
||||
@@ -8,4 +8,4 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_
|
||||
ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", ATTR{block/*/uevent}="change"
|
||||
|
||||
# watch metadata changes, caused by tools closing the device node which was opened for writing
|
||||
-ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*|pmem*|mmcblk*", OPTIONS+="watch"
|
||||
+ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*|nvme*|sd*|vd*|xvd*|pmem*|mmcblk*|dasd*", OPTIONS+="watch"
|
|
@ -0,0 +1,41 @@
|
|||
From 75c9af80cf3529c76988451e63f98010c86f48f1 Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Wed, 28 Nov 2018 11:44:20 +0100
|
||||
Subject: [PATCH] sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2
|
||||
|
||||
This switches the RFC3704 Reverse Path filtering from Strict mode to Loose
|
||||
mode. The Strict mode breaks some pretty common and reasonable use cases,
|
||||
such as keeping connections via one default route alive after another one
|
||||
appears (e.g. plugging an Ethernet cable when connected via Wi-Fi).
|
||||
|
||||
The strict filter also makes it impossible for NetworkManager to do
|
||||
connectivity check on a newly arriving default route (it starts with a
|
||||
higher metric and is bumped lower if there's connectivity).
|
||||
|
||||
Kernel's default is 0 (no filter), but a Loose filter is good enough. The
|
||||
few use cases where a Strict mode could make sense can easily override
|
||||
this.
|
||||
|
||||
The distributions that don't care about the client use cases and prefer a
|
||||
strict filter could just ship a custom configuration in
|
||||
/usr/lib/sysctl.d/ to override this.
|
||||
|
||||
Cherry-picked from: 230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e
|
||||
Resolves: #1653824
|
||||
---
|
||||
sysctl.d/50-default.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
|
||||
index e263cf0628..b0645f33e7 100644
|
||||
--- a/sysctl.d/50-default.conf
|
||||
+++ b/sysctl.d/50-default.conf
|
||||
@@ -22,7 +22,7 @@ kernel.sysrq = 16
|
||||
kernel.core_uses_pid = 1
|
||||
|
||||
# Source route verification
|
||||
-net.ipv4.conf.all.rp_filter = 1
|
||||
+net.ipv4.conf.all.rp_filter = 2
|
||||
|
||||
# Do not accept source routing
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
|
@ -0,0 +1,36 @@
|
|||
From e8ead61e1c0a919a97df64b14dbd572ef7c830d2 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Sat, 15 Dec 2018 20:22:31 +0100
|
||||
Subject: [PATCH] tests: explicitly enable user namespaces for
|
||||
TEST-13-NSPAWN-SMOKE
|
||||
|
||||
Cherry-picked from: 67f5c0c776ce9449ad21e9854665573a05141fd4
|
||||
---
|
||||
test/TEST-13-NSPAWN-SMOKE/test.sh | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/TEST-13-NSPAWN-SMOKE/test.sh b/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
index 6a0cb42eaf..c0789b5d20 100755
|
||||
--- a/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
+++ b/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
@@ -18,7 +18,7 @@ test_setup() {
|
||||
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
||||
|
||||
setup_basic_environment
|
||||
- dracut_install busybox chmod rmdir unshare ip
|
||||
+ dracut_install busybox chmod rmdir unshare ip sysctl
|
||||
|
||||
cp create-busybox-container $initdir/
|
||||
|
||||
@@ -63,6 +63,11 @@ if [[ -f /proc/1/ns/cgroup ]]; then
|
||||
fi
|
||||
|
||||
is_user_ns_supported=no
|
||||
+# On some systems (e.g. CentOS 7) the default limit for user namespaces
|
||||
+# is set to 0, which causes the following unshare syscall to fail, even
|
||||
+# with enabled user namespaces support. By setting this value explicitly
|
||||
+# we can ensure the user namespaces support to be detected correctly.
|
||||
+sysctl -w user.max_user_namespaces=10000
|
||||
if unshare -U sh -c :; then
|
||||
is_user_ns_supported=yes
|
||||
fi
|
|
@ -0,0 +1,122 @@
|
|||
From 2115fcc1e673079fe76e949ac0904267075c25a4 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 31 Oct 2018 13:04:20 +0100
|
||||
Subject: [PATCH] nspawn: beef up netns checking a bit, for compat with old
|
||||
kernels
|
||||
|
||||
Fixes: #10544
|
||||
|
||||
Cherry-picked from: 6619ad889da260cf83079cc74a85d571acd1df5a
|
||||
---
|
||||
src/basic/stat-util.c | 40 +++++++++++++++++++++++++++++++++++----
|
||||
src/nspawn/nspawn.c | 8 +++++---
|
||||
src/test/test-stat-util.c | 15 +++++++++++++++
|
||||
3 files changed, 56 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c
|
||||
index 07154e25bb..26aee9bad6 100644
|
||||
--- a/src/basic/stat-util.c
|
||||
+++ b/src/basic/stat-util.c
|
||||
@@ -204,15 +204,47 @@ int fd_is_network_fs(int fd) {
|
||||
}
|
||||
|
||||
int fd_is_network_ns(int fd) {
|
||||
+ struct statfs s;
|
||||
int r;
|
||||
|
||||
- r = fd_is_fs_type(fd, NSFS_MAGIC);
|
||||
- if (r <= 0)
|
||||
- return r;
|
||||
+ /* Checks whether the specified file descriptor refers to a network namespace. On old kernels there's no nice
|
||||
+ * way to detect that, hence on those we'll return a recognizable error (EUCLEAN), so that callers can handle
|
||||
+ * this somewhat nicely.
|
||||
+ *
|
||||
+ * This function returns > 0 if the fd definitely refers to a network namespace, 0 if it definitely does not
|
||||
+ * refer to a network namespace, -EUCLEAN if we can't determine, and other negative error codes on error. */
|
||||
+
|
||||
+ if (fstatfs(fd, &s) < 0)
|
||||
+ return -errno;
|
||||
+
|
||||
+ if (!is_fs_type(&s, NSFS_MAGIC)) {
|
||||
+ /* On really old kernels, there was no "nsfs", and network namespace sockets belonged to procfs
|
||||
+ * instead. Handle that in a somewhat smart way. */
|
||||
+
|
||||
+ if (is_fs_type(&s, PROC_SUPER_MAGIC)) {
|
||||
+ struct statfs t;
|
||||
+
|
||||
+ /* OK, so it is procfs. Let's see if our own network namespace is procfs, too. If so, then the
|
||||
+ * passed fd might refer to a network namespace, but we can't know for sure. In that case,
|
||||
+ * return a recognizable error. */
|
||||
+
|
||||
+ if (statfs("/proc/self/ns/net", &t) < 0)
|
||||
+ return -errno;
|
||||
+
|
||||
+ if (s.f_type == t.f_type)
|
||||
+ return -EUCLEAN; /* It's possible, we simply don't know */
|
||||
+ }
|
||||
+
|
||||
+ return 0; /* No! */
|
||||
+ }
|
||||
|
||||
r = ioctl(fd, NS_GET_NSTYPE);
|
||||
- if (r < 0)
|
||||
+ if (r < 0) {
|
||||
+ if (errno == ENOTTY) /* Old kernels didn't know this ioctl, let's also return a recognizable error in that case */
|
||||
+ return -EUCLEAN;
|
||||
+
|
||||
return -errno;
|
||||
+ }
|
||||
|
||||
return r == CLONE_NEWNET;
|
||||
}
|
||||
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
|
||||
index 56877bd932..8aec893a69 100644
|
||||
--- a/src/nspawn/nspawn.c
|
||||
+++ b/src/nspawn/nspawn.c
|
||||
@@ -3701,10 +3701,12 @@ static int run(int master,
|
||||
return log_error_errno(errno, "Cannot open file %s: %m", arg_network_namespace_path);
|
||||
|
||||
r = fd_is_network_ns(netns_fd);
|
||||
- if (r < 0 && r != -ENOTTY)
|
||||
+ if (r == -EUCLEAN)
|
||||
+ log_debug_errno(r, "Cannot determine if passed network namespace path '%s' really refers to a network namespace, assuming it does.", arg_network_namespace_path);
|
||||
+ else if (r < 0)
|
||||
return log_error_errno(r, "Failed to check %s fs type: %m", arg_network_namespace_path);
|
||||
- if (r == 0) {
|
||||
- log_error("Path %s doesn't refer to a network namespace", arg_network_namespace_path);
|
||||
+ else if (r == 0) {
|
||||
+ log_error("Path %s doesn't refer to a network namespace, refusing.", arg_network_namespace_path);
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
|
||||
index 43f56a6c20..2b0564d8a0 100644
|
||||
--- a/src/test/test-stat-util.c
|
||||
+++ b/src/test/test-stat-util.c
|
||||
@@ -67,11 +67,26 @@ static void test_path_is_temporary_fs(void) {
|
||||
assert_se(path_is_temporary_fs("/i-dont-exist") == -ENOENT);
|
||||
}
|
||||
|
||||
+static void test_fd_is_network_ns(void) {
|
||||
+ _cleanup_close_ int fd = -1;
|
||||
+ assert_se(fd_is_network_ns(STDIN_FILENO) == 0);
|
||||
+ assert_se(fd_is_network_ns(STDERR_FILENO) == 0);
|
||||
+ assert_se(fd_is_network_ns(STDOUT_FILENO) == 0);
|
||||
+
|
||||
+ assert_se((fd = open("/proc/self/ns/mnt", O_CLOEXEC|O_RDONLY)) >= 0);
|
||||
+ assert_se(IN_SET(fd_is_network_ns(fd), 0, -EUCLEAN));
|
||||
+ fd = safe_close(fd);
|
||||
+
|
||||
+ assert_se((fd = open("/proc/self/ns/net", O_CLOEXEC|O_RDONLY)) >= 0);
|
||||
+ assert_se(IN_SET(fd_is_network_ns(fd), 1, -EUCLEAN));
|
||||
+}
|
||||
+
|
||||
int main(int argc, char *argv[]) {
|
||||
test_files_same();
|
||||
test_is_symlink();
|
||||
test_path_is_fs_type();
|
||||
test_path_is_temporary_fs();
|
||||
+ test_fd_is_network_ns();
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,93 @@
|
|||
From 13d819cc795d8c3695ce7288436ad569366073f6 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Biebl <biebl@debian.org>
|
||||
Date: Mon, 16 Jul 2018 11:27:44 +0200
|
||||
Subject: [PATCH] test: Drop SKIP_INITRD for QEMU-based tests
|
||||
|
||||
Not all distros support booting without an initrd. E.g. the Debian
|
||||
kernel builds ext4 as a module and so relies on an initrd to
|
||||
successfully start the QEMU-based images.
|
||||
|
||||
Cherry-picked from: c2d4da002095fe6f86f89a508a81e48fb6d3196f
|
||||
---
|
||||
test/TEST-08-ISSUE-2730/test.sh | 1 -
|
||||
test/TEST-09-ISSUE-2691/test.sh | 1 -
|
||||
test/TEST-10-ISSUE-2467/test.sh | 1 -
|
||||
test/TEST-11-ISSUE-3166/test.sh | 1 -
|
||||
test/TEST-13-NSPAWN-SMOKE/test.sh | 2 +-
|
||||
test/TEST-14-MACHINE-ID/test.sh | 2 +-
|
||||
6 files changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/test/TEST-08-ISSUE-2730/test.sh b/test/TEST-08-ISSUE-2730/test.sh
|
||||
index 68159c331f..90bf133c6a 100755
|
||||
--- a/test/TEST-08-ISSUE-2730/test.sh
|
||||
+++ b/test/TEST-08-ISSUE-2730/test.sh
|
||||
@@ -6,7 +6,6 @@ TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/2730"
|
||||
TEST_NO_NSPAWN=1
|
||||
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
-SKIP_INITRD=yes
|
||||
QEMU_TIMEOUT=180
|
||||
FSTYPE=ext4
|
||||
|
||||
diff --git a/test/TEST-09-ISSUE-2691/test.sh b/test/TEST-09-ISSUE-2691/test.sh
|
||||
index 4c3e9496b4..9b5990bc60 100755
|
||||
--- a/test/TEST-09-ISSUE-2691/test.sh
|
||||
+++ b/test/TEST-09-ISSUE-2691/test.sh
|
||||
@@ -6,7 +6,6 @@ TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/2691"
|
||||
TEST_NO_NSPAWN=1
|
||||
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
-SKIP_INITRD=yes
|
||||
QEMU_TIMEOUT=90
|
||||
|
||||
test_setup() {
|
||||
diff --git a/test/TEST-10-ISSUE-2467/test.sh b/test/TEST-10-ISSUE-2467/test.sh
|
||||
index 2f95e9062d..e61f5acd3c 100755
|
||||
--- a/test/TEST-10-ISSUE-2467/test.sh
|
||||
+++ b/test/TEST-10-ISSUE-2467/test.sh
|
||||
@@ -5,7 +5,6 @@ set -e
|
||||
TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/2467"
|
||||
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
-SKIP_INITRD=yes
|
||||
|
||||
test_setup() {
|
||||
create_empty_image
|
||||
diff --git a/test/TEST-11-ISSUE-3166/test.sh b/test/TEST-11-ISSUE-3166/test.sh
|
||||
index 4602bdfc98..8aae4d5ed9 100755
|
||||
--- a/test/TEST-11-ISSUE-3166/test.sh
|
||||
+++ b/test/TEST-11-ISSUE-3166/test.sh
|
||||
@@ -6,7 +6,6 @@ TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/3166"
|
||||
TEST_NO_NSPAWN=1
|
||||
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
-SKIP_INITRD=yes
|
||||
|
||||
test_setup() {
|
||||
create_empty_image
|
||||
diff --git a/test/TEST-13-NSPAWN-SMOKE/test.sh b/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
index c0789b5d20..a676384bfc 100755
|
||||
--- a/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
+++ b/test/TEST-13-NSPAWN-SMOKE/test.sh
|
||||
@@ -4,7 +4,7 @@
|
||||
set -e
|
||||
TEST_DESCRIPTION="systemd-nspawn smoke test"
|
||||
TEST_NO_NSPAWN=1
|
||||
-SKIP_INITRD=yes
|
||||
+
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
|
||||
test_setup() {
|
||||
diff --git a/test/TEST-14-MACHINE-ID/test.sh b/test/TEST-14-MACHINE-ID/test.sh
|
||||
index 7342645bc5..62003b91b6 100755
|
||||
--- a/test/TEST-14-MACHINE-ID/test.sh
|
||||
+++ b/test/TEST-14-MACHINE-ID/test.sh
|
||||
@@ -4,7 +4,7 @@
|
||||
set -e
|
||||
TEST_DESCRIPTION="/etc/machine-id testing"
|
||||
TEST_NO_NSPAWN=1
|
||||
-SKIP_INITRD=yes
|
||||
+
|
||||
. $TEST_BASE_DIR/test-functions
|
||||
|
||||
test_setup() {
|
|
@ -0,0 +1,42 @@
|
|||
From 9c1b72de44e68ad80be7c0b98df110e7b127072d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 19 Aug 2018 19:11:30 +0200
|
||||
Subject: [PATCH] meson: rename -Ddebug to -Ddebug-extra
|
||||
|
||||
Meson added -Doptimization and -Ddebug options, which obviously causes
|
||||
a conflict with our -Ddebug options. Let's rename it.
|
||||
|
||||
Fixes #9883.
|
||||
|
||||
Cherry-picked from: 8f6b442a78d0b485f044742ad90b2e8271b4e68e
|
||||
---
|
||||
meson.build | 2 +-
|
||||
meson_options.txt | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index f308db2631..ebc55872c9 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -769,7 +769,7 @@ substs.set('DEBUGTTY', get_option('debug-tty'))
|
||||
|
||||
enable_debug_hashmap = false
|
||||
enable_debug_mmap_cache = false
|
||||
-foreach name : get_option('debug')
|
||||
+foreach name : get_option('debug-extra')
|
||||
if name == 'hashmap'
|
||||
enable_debug_hashmap = true
|
||||
elif name == 'mmap-cache'
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index ab2a658713..5716f45ccf 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -46,7 +46,7 @@ option('debug-shell', type : 'string', value : '/bin/sh',
|
||||
description : 'path to debug shell binary')
|
||||
option('debug-tty', type : 'string', value : '/dev/tty9',
|
||||
description : 'specify the tty device for debug shell')
|
||||
-option('debug', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
|
||||
+option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
|
||||
description : 'enable extra debugging')
|
||||
option('memory-accounting-default', type : 'boolean',
|
||||
description : 'enable MemoryAccounting= by default')
|
|
@ -0,0 +1,38 @@
|
|||
From b6943446f8ffde53ce059b5e869c22bed8926827 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Mon, 25 Jun 2018 22:40:40 +0900
|
||||
Subject: [PATCH] meson: check whether gnutls supports TCP fast open
|
||||
|
||||
Fixes #9403
|
||||
|
||||
Cherry-picked from: f02582f69fe1e7663a87ba80bd4f90d5d23ee75f
|
||||
---
|
||||
README | 1 +
|
||||
meson.build | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/README b/README
|
||||
index 2cde08c37e..7d06e04800 100644
|
||||
--- a/README
|
||||
+++ b/README
|
||||
@@ -154,6 +154,7 @@ REQUIREMENTS:
|
||||
libmicrohttpd (optional)
|
||||
libpython (optional)
|
||||
libidn2 or libidn (optional)
|
||||
+ gnutls >= 3.1.4 (optional, >= 3.5.3 is necessary to support DNS-over-TLS)
|
||||
elfutils >= 158 (optional)
|
||||
polkit (optional)
|
||||
pkg-config
|
||||
diff --git a/meson.build b/meson.build
|
||||
index ebc55872c9..d58926c981 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -1148,7 +1148,7 @@ substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
||||
|
||||
dns_over_tls = get_option('dns-over-tls')
|
||||
if dns_over_tls != 'false'
|
||||
- have = conf.get('HAVE_GNUTLS') == 1
|
||||
+ have = libgnutls != [] and libgnutls.version().version_compare('>=3.5.3')
|
||||
if dns_over_tls == 'true' and not have
|
||||
error('DNS-over-TLS support was requested, but dependencies are not available')
|
||||
endif
|
|
@ -0,0 +1,24 @@
|
|||
From 03e52d33bbdea731eaa79545bb1d30c5b21abe3d Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Mon, 5 Sep 2016 12:47:09 +0200
|
||||
Subject: [PATCH] unit: don't add Requires for tmp.mount
|
||||
|
||||
rhel-only
|
||||
Resolves: #1619292
|
||||
---
|
||||
src/core/unit.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index c9f756c9c7..721d8d60a3 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -1421,7 +1421,7 @@ static int unit_add_mount_dependencies(Unit *u) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- if (m->fragment_path) {
|
||||
+ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
|
||||
r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
|
||||
if (r < 0)
|
||||
return r;
|
|
@ -0,0 +1,42 @@
|
|||
From 1d43806017a0df257fef8ed6f79e12ee69c5bc20 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||
Date: Thu, 8 Nov 2018 09:40:13 +0100
|
||||
Subject: [PATCH] tests: drop the precondition check for inherited flag
|
||||
|
||||
Docker's default capability set has the inherited flag already
|
||||
set - that breaks tests which expect otherwise. Let's just
|
||||
drop the check and run the test anyway.
|
||||
|
||||
Fixes #10663
|
||||
|
||||
Cherry-picked from: c446b8486d9ed18d1bc780948ae9ee8a53fa4c3f
|
||||
---
|
||||
src/test/test-capability.c | 8 --------
|
||||
1 file changed, 8 deletions(-)
|
||||
|
||||
diff --git a/src/test/test-capability.c b/src/test/test-capability.c
|
||||
index af6d808b6d..72975cef94 100644
|
||||
--- a/src/test/test-capability.c
|
||||
+++ b/src/test/test-capability.c
|
||||
@@ -180,8 +180,6 @@ static void test_update_inherited_set(void) {
|
||||
|
||||
caps = cap_get_proc();
|
||||
assert_se(caps);
|
||||
- assert_se(!cap_get_flag(caps, CAP_CHOWN, CAP_INHERITABLE, &fv));
|
||||
- assert(fv == CAP_CLEAR);
|
||||
|
||||
set = (UINT64_C(1) << CAP_CHOWN);
|
||||
|
||||
@@ -197,12 +195,6 @@ static void test_set_ambient_caps(void) {
|
||||
uint64_t set = 0;
|
||||
cap_flag_value_t fv;
|
||||
|
||||
- caps = cap_get_proc();
|
||||
- assert_se(caps);
|
||||
- assert_se(!cap_get_flag(caps, CAP_CHOWN, CAP_INHERITABLE, &fv));
|
||||
- assert(fv == CAP_CLEAR);
|
||||
- cap_free(caps);
|
||||
-
|
||||
assert_se(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) == 0);
|
||||
|
||||
set = (UINT64_C(1) << CAP_CHOWN);
|
|
@ -0,0 +1,234 @@
|
|||
From 55a1c766445750aaefe28bd7bea454f5f1cff9bb Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 17 Oct 2018 18:36:24 +0200
|
||||
Subject: [PATCH] =?UTF-8?q?core:=20when=20deserializing=20state=20always?=
|
||||
=?UTF-8?q?=20use=20read=5Fline(=E2=80=A6,=20LONG=5FLINE=5FMAX,=20?=
|
||||
=?UTF-8?q?=E2=80=A6)?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This should be much better than fgets(), as we can read substantially
|
||||
longer lines and overly long lines result in proper errors.
|
||||
|
||||
Fixes a vulnerability discovered by Jann Horn at Google.
|
||||
|
||||
CVE-2018-15686
|
||||
LP: #1796402
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
|
||||
|
||||
(cherry picked from commit 8948b3415d762245ebf5e19d80b97d4d8cc208c1)
|
||||
|
||||
Resolves: CVE-2018-15686
|
||||
---
|
||||
src/core/job.c | 19 +++++++++++--------
|
||||
src/core/manager.c | 47 ++++++++++++++++++++--------------------------
|
||||
src/core/unit.c | 34 +++++++++++++++++----------------
|
||||
src/core/unit.h | 2 +-
|
||||
4 files changed, 50 insertions(+), 52 deletions(-)
|
||||
|
||||
diff --git a/src/core/job.c b/src/core/job.c
|
||||
index 734756b666..8552ffb704 100644
|
||||
--- a/src/core/job.c
|
||||
+++ b/src/core/job.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include "dbus-job.h"
|
||||
#include "dbus.h"
|
||||
#include "escape.h"
|
||||
+#include "fileio.h"
|
||||
#include "job.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
@@ -1091,24 +1092,26 @@ int job_serialize(Job *j, FILE *f) {
|
||||
}
|
||||
|
||||
int job_deserialize(Job *j, FILE *f) {
|
||||
+ int r;
|
||||
+
|
||||
assert(j);
|
||||
assert(f);
|
||||
|
||||
for (;;) {
|
||||
- char line[LINE_MAX], *l, *v;
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
+ char *l, *v;
|
||||
size_t k;
|
||||
|
||||
- if (!fgets(line, sizeof(line), f)) {
|
||||
- if (feof(f))
|
||||
- return 0;
|
||||
- return -errno;
|
||||
- }
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to read serialization line: %m");
|
||||
+ if (r == 0)
|
||||
+ return 0;
|
||||
|
||||
- char_array_0(line);
|
||||
l = strstrip(line);
|
||||
|
||||
/* End marker */
|
||||
- if (l[0] == 0)
|
||||
+ if (isempty(l))
|
||||
return 0;
|
||||
|
||||
k = strcspn(l, "=");
|
||||
diff --git a/src/core/manager.c b/src/core/manager.c
|
||||
index 3b2fe11e87..c83e296cf3 100644
|
||||
--- a/src/core/manager.c
|
||||
+++ b/src/core/manager.c
|
||||
@@ -3144,22 +3144,17 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
|
||||
m->n_reloading++;
|
||||
|
||||
for (;;) {
|
||||
- char line[LINE_MAX];
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
const char *val, *l;
|
||||
|
||||
- if (!fgets(line, sizeof(line), f)) {
|
||||
- if (feof(f))
|
||||
- r = 0;
|
||||
- else
|
||||
- r = -errno;
|
||||
-
|
||||
- goto finish;
|
||||
- }
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to read serialization line: %m");
|
||||
+ if (r == 0)
|
||||
+ break;
|
||||
|
||||
- char_array_0(line);
|
||||
l = strstrip(line);
|
||||
-
|
||||
- if (l[0] == 0)
|
||||
+ if (isempty(l)) /* end marker */
|
||||
break;
|
||||
|
||||
if ((val = startswith(l, "current-job-id="))) {
|
||||
@@ -3326,29 +3321,27 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
- Unit *u;
|
||||
- char name[UNIT_NAME_MAX+2];
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
const char* unit_name;
|
||||
+ Unit *u;
|
||||
|
||||
/* Start marker */
|
||||
- if (!fgets(name, sizeof(name), f)) {
|
||||
- if (feof(f))
|
||||
- r = 0;
|
||||
- else
|
||||
- r = -errno;
|
||||
-
|
||||
- goto finish;
|
||||
- }
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to read serialization line: %m");
|
||||
+ if (r == 0)
|
||||
+ break;
|
||||
|
||||
- char_array_0(name);
|
||||
- unit_name = strstrip(name);
|
||||
+ unit_name = strstrip(line);
|
||||
|
||||
r = manager_load_unit(m, unit_name, NULL, NULL, &u);
|
||||
if (r < 0) {
|
||||
log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name);
|
||||
- if (r == -ENOMEM)
|
||||
- goto finish;
|
||||
- unit_deserialize_skip(f);
|
||||
+
|
||||
+ r = unit_deserialize_skip(f);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+
|
||||
continue;
|
||||
}
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index 721d8d60a3..cc43ddc4f1 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -3368,21 +3368,19 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
|
||||
assert(fds);
|
||||
|
||||
for (;;) {
|
||||
- char line[LINE_MAX], *l, *v;
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
CGroupIPAccountingMetric m;
|
||||
+ char *l, *v;
|
||||
size_t k;
|
||||
|
||||
- if (!fgets(line, sizeof(line), f)) {
|
||||
- if (feof(f))
|
||||
- return 0;
|
||||
- return -errno;
|
||||
- }
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to read serialization line: %m");
|
||||
+ if (r == 0) /* eof */
|
||||
+ break;
|
||||
|
||||
- char_array_0(line);
|
||||
l = strstrip(line);
|
||||
-
|
||||
- /* End marker */
|
||||
- if (isempty(l))
|
||||
+ if (isempty(l)) /* End marker */
|
||||
break;
|
||||
|
||||
k = strcspn(l, "=");
|
||||
@@ -3657,23 +3655,27 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-void unit_deserialize_skip(FILE *f) {
|
||||
+int unit_deserialize_skip(FILE *f) {
|
||||
+ int r;
|
||||
assert(f);
|
||||
|
||||
/* Skip serialized data for this unit. We don't know what it is. */
|
||||
|
||||
for (;;) {
|
||||
- char line[LINE_MAX], *l;
|
||||
+ _cleanup_free_ char *line = NULL;
|
||||
+ char *l;
|
||||
|
||||
- if (!fgets(line, sizeof line, f))
|
||||
- return;
|
||||
+ r = read_line(f, LONG_LINE_MAX, &line);
|
||||
+ if (r < 0)
|
||||
+ return log_error_errno(r, "Failed to read serialization line: %m");
|
||||
+ if (r == 0)
|
||||
+ return 0;
|
||||
|
||||
- char_array_0(line);
|
||||
l = strstrip(line);
|
||||
|
||||
/* End marker */
|
||||
if (isempty(l))
|
||||
- return;
|
||||
+ return 1;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/core/unit.h b/src/core/unit.h
|
||||
index b3131eba1b..e1a60da244 100644
|
||||
--- a/src/core/unit.h
|
||||
+++ b/src/core/unit.h
|
||||
@@ -679,7 +679,7 @@ bool unit_can_serialize(Unit *u) _pure_;
|
||||
|
||||
int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs);
|
||||
int unit_deserialize(Unit *u, FILE *f, FDSet *fds);
|
||||
-void unit_deserialize_skip(FILE *f);
|
||||
+int unit_deserialize_skip(FILE *f);
|
||||
|
||||
int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value);
|
||||
int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value);
|
|
@ -0,0 +1,44 @@
|
|||
From 6abfec31acae53943896b309db4a09a1cecac9a3 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 17 Oct 2018 18:37:48 +0200
|
||||
Subject: [PATCH] core: enforce a limit on STATUS= texts recvd from services
|
||||
|
||||
Let's better be safe than sorry, and put a limit on what we receive.
|
||||
|
||||
(cherry picked from commit 3eac1bcae9284fb8b18f4b82156c0e85ddb004e5)
|
||||
|
||||
Related: CVE-2018-15686
|
||||
---
|
||||
src/core/service.c | 8 ++++++--
|
||||
src/core/service.h | 2 ++
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index db1356c417..db17221888 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -3549,8 +3549,12 @@ static void service_notify_message(
|
||||
_cleanup_free_ char *t = NULL;
|
||||
|
||||
if (!isempty(e)) {
|
||||
- if (!utf8_is_valid(e))
|
||||
- log_unit_warning(u, "Status message in notification message is not UTF-8 clean.");
|
||||
+ /* Note that this size limit check is mostly paranoia: since the datagram size we are willing
|
||||
+ * to process is already limited to NOTIFY_BUFFER_MAX, this limit here should never be hit. */
|
||||
+ if (strlen(e) > STATUS_TEXT_MAX)
|
||||
+ log_unit_warning(u, "Status message overly long (%zu > %u), ignoring.", strlen(e), STATUS_TEXT_MAX);
|
||||
+ else if (!utf8_is_valid(e))
|
||||
+ log_unit_warning(u, "Status message in notification message is not UTF-8 clean, ignoring.");
|
||||
else {
|
||||
t = strdup(e);
|
||||
if (!t)
|
||||
diff --git a/src/core/service.h b/src/core/service.h
|
||||
index 9c06e91883..a142b09f0d 100644
|
||||
--- a/src/core/service.h
|
||||
+++ b/src/core/service.h
|
||||
@@ -202,3 +202,5 @@ const char* service_result_to_string(ServiceResult i) _const_;
|
||||
ServiceResult service_result_from_string(const char *s) _pure_;
|
||||
|
||||
DEFINE_CAST(SERVICE, Service);
|
||||
+
|
||||
+#define STATUS_TEXT_MAX (16U*1024U)
|
|
@ -0,0 +1,257 @@
|
|||
From 5638e18196be1fabd9e78d4c506402bf700fe569 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||
Date: Mon, 7 Jan 2019 15:49:45 +0100
|
||||
Subject: [PATCH] travis: enable Travis CI on CentOS 7
|
||||
|
||||
(cherry picked from commit 2014cb51b6dfe1f7f0b98e62311398c2bf801c2b)
|
||||
---
|
||||
.travis.yml | 86 ++++++++++-----------------------------------
|
||||
ci/travis-centos.sh | 69 ++++++++++++++++++++++++++++++++++++
|
||||
ci/travis_wait.bash | 61 ++++++++++++++++++++++++++++++++
|
||||
3 files changed, 149 insertions(+), 67 deletions(-)
|
||||
create mode 100755 ci/travis-centos.sh
|
||||
create mode 100644 ci/travis_wait.bash
|
||||
|
||||
diff --git a/.travis.yml b/.travis.yml
|
||||
index d980038181..fc63887324 100644
|
||||
--- a/.travis.yml
|
||||
+++ b/.travis.yml
|
||||
@@ -1,77 +1,29 @@
|
||||
sudo: required
|
||||
-
|
||||
services:
|
||||
- docker
|
||||
|
||||
-language: c
|
||||
+env:
|
||||
+ global:
|
||||
+ - CI_ROOT="$TRAVIS_BUILD_DIR/ci/"
|
||||
|
||||
jobs:
|
||||
include:
|
||||
- - stage: coverity scan
|
||||
- before_script:
|
||||
- - sudo apt-get update
|
||||
+ - stage: Build & test
|
||||
+ name: CentOS 7
|
||||
+ language: bash
|
||||
+ env:
|
||||
+ - CENTOS_RELEASE="centos7"
|
||||
+ - CONT_NAME="systemd-centos-$CENTOS_RELEASE"
|
||||
+ - DOCKER_EXEC="docker exec -ti $CONT_NAME"
|
||||
+ before_install:
|
||||
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
||||
- docker --version
|
||||
- - env > .env
|
||||
- env:
|
||||
- - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
|
||||
- - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
|
||||
- - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
|
||||
- # Encrypted token for systemd/systemd Coverity Scan Analysis,
|
||||
- # generated by "travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=<TOKEN>"
|
||||
- - secure: "lM0IVP2zOG5Ywk3YCbDCQL4WioyzzwtdtpZ+hKDy4BWCZDBJ/FVwIeBsXdMDvlTa3xi+GQ1b7kS2OmTfmG4aSlhU7isuH8SMq1Y4GR5AxfhkR+irUA1A1fntlvhbjIumDGW5wjs0Dt8KogMWS+ZD4eGE59lrVO/TrhMzIe1eHENVLFQJdNq+ZJXU8wxMfHf8lXk0xA8SJTid0XvZBNc4JN6pjJRA8LaOrMNhQYfygFmVQ598kwlu7gf5vbCKFPnIgJAxdIhz12XS9utGohV28IYj9d1DdUGUT+ar3OfADj3X8KFBP4Ymc02pcln3wVgdPtrDbFZh1R9jbmfdXGAH/6tTOJVn8aFySS2Vq9QiBiprWdPsAOLcWMNhnp0lMkASxs9/W26nU7Czo8VbAVWXM1w35plDpnDGR6lk/06dmOZpqu5p3AYr5xIKACIAdPDn0rNpnSWqC750WZ8ZWbHnKuZC5TWML7scVaPiEi7D7rbwqML2rdwx4ZoTZmCHiGByXCIWTfhf0JNQAix5WW3znl+BmDesumPgPj2mX+y6J1WYJrIz12m7qh7KhV/a1ODKM+I91A9rkOA/bPnmhmSSUR7CwgvZt1fC/VwBnaFFtAz9/70kN9Q8tDBXtXidExZwh1e3t5vDG72k3lXwNqpKRvdW3LOxK6lFvqEdMWVUJls="
|
||||
+ install:
|
||||
+ - $CI_ROOT/travis-centos.sh SETUP
|
||||
script:
|
||||
- # Copy content of CI_DIR into WORKDIR
|
||||
- - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} +
|
||||
- # Build container for current user
|
||||
- - $CI_SCRIPT_DIR/build-docker-image.sh
|
||||
-
|
||||
- # For kernel version 4.8+
|
||||
- - sudo sysctl vsyscall=emulate || true
|
||||
- # Prepare environment for Coverity tool
|
||||
- - |
|
||||
- PLATFORM=`uname`
|
||||
- export TOOL_BASE="/tmp/coverity-scan-analysis"
|
||||
- export SCAN_URL="https://scan.coverity.com"
|
||||
- export UPLOAD_URL="https://scan.coverity.com/builds"
|
||||
- export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz"
|
||||
-
|
||||
- # Get Coverity tool
|
||||
- - $CI_TOOL_DIR/get-coverity.sh
|
||||
- - TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')"
|
||||
-
|
||||
- # Export env variables for Coverity scan
|
||||
- - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
|
||||
- - |
|
||||
- docker run -dit --env-file .cov-env \
|
||||
- -v ${TOOL_BASE}:${TOOL_BASE}:ro \
|
||||
- --name travis_coverity_scan coverity-${TRAVIS_COMMIT}:latest bash
|
||||
- # Make sure Coverity script is executable
|
||||
- - docker cp tools/coverity.sh travis_coverity_scan:/usr/local/bin
|
||||
- # Preconfigure with meson to prevent Coverity from capturing meson metadata
|
||||
- # Set compiler flag to prevent emit failure
|
||||
- - docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double -D_Float64=double -D_Float64x=long\ double -D_Float32=float -D_Float32x=double' meson cov-build -Dman=false"
|
||||
- # Run Coverity Analysis
|
||||
- - docker exec -it travis_coverity_scan coverity.sh build
|
||||
- - docker exec -it travis_coverity_scan coverity.sh upload
|
||||
-
|
||||
-# Specify the order of stages and conditions
|
||||
-stages:
|
||||
- - name: coverity scan
|
||||
- if: type = cron
|
||||
-
|
||||
-env:
|
||||
- global:
|
||||
- - ADMIN_EMAIL=macermak@redhat.com
|
||||
-
|
||||
- - AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")"
|
||||
- - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
|
||||
-
|
||||
- - CI_DIR="$TRAVIS_BUILD_DIR/travis-ci"
|
||||
- - CI_TOOL_DIR="$CI_DIR/tools"
|
||||
- - CI_SCRIPT_DIR="$CI_DIR/scripts"
|
||||
-
|
||||
-notifications:
|
||||
- email:
|
||||
- recipients:
|
||||
- - ${ADMIN_EMAIL}
|
||||
+ - set -e
|
||||
+ # Build systemd
|
||||
+ - $CI_ROOT/travis-centos.sh RUN
|
||||
+ - set +e
|
||||
+ after_script:
|
||||
+ - $CI_ROOT/travis-centos.sh CLEANUP
|
||||
diff --git a/ci/travis-centos.sh b/ci/travis-centos.sh
|
||||
new file mode 100755
|
||||
index 0000000000..60bbdf14c2
|
||||
--- /dev/null
|
||||
+++ b/ci/travis-centos.sh
|
||||
@@ -0,0 +1,69 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+# Run this script from the root of the systemd's git repository
|
||||
+# or set REPO_ROOT to a correct path.
|
||||
+#
|
||||
+# Example execution on Fedora:
|
||||
+# dnf install docker
|
||||
+# systemctl start docker
|
||||
+# export CONT_NAME="my-fancy-container"
|
||||
+# ci/travis-centos.sh SETUP RUN CLEANUP
|
||||
+
|
||||
+PHASES=(${@:-SETUP RUN CLEANUP})
|
||||
+CENTOS_RELEASE="${CENTOS_RELEASE:-latest}"
|
||||
+CONT_NAME="${CONT_NAME:-centos-$CENTOS_RELEASE-$RANDOM}"
|
||||
+DOCKER_EXEC="${DOCKER_EXEC:-docker exec -it $CONT_NAME}"
|
||||
+DOCKER_RUN="${DOCKER_RUN:-docker run}"
|
||||
+REPO_ROOT="${REPO_ROOT:-$PWD}"
|
||||
+ADDITIONAL_DEPS=(yum-utils iputils hostname libasan libubsan clang llvm)
|
||||
+
|
||||
+function info() {
|
||||
+ echo -e "\033[33;1m$1\033[0m"
|
||||
+}
|
||||
+
|
||||
+set -e
|
||||
+
|
||||
+source "$(dirname $0)/travis_wait.bash"
|
||||
+
|
||||
+for phase in "${PHASES[@]}"; do
|
||||
+ case $phase in
|
||||
+ SETUP)
|
||||
+ info "Setup phase"
|
||||
+ info "Using Travis $CENTOS_RELEASE"
|
||||
+ # Pull a Docker image and start a new container
|
||||
+ docker pull centos:$CENTOS_RELEASE
|
||||
+ info "Starting container $CONT_NAME"
|
||||
+ $DOCKER_RUN -v $REPO_ROOT:/build:rw \
|
||||
+ -w /build --privileged=true --name $CONT_NAME \
|
||||
+ -dit --net=host centos:$CENTOS_RELEASE /sbin/init
|
||||
+ # Beautiful workaround for Fedora's version of Docker
|
||||
+ sleep 1
|
||||
+ $DOCKER_EXEC yum makecache
|
||||
+ # Install necessary build/test requirements
|
||||
+ $DOCKER_EXEC yum -y --exclude selinux-policy\* upgrade
|
||||
+ $DOCKER_EXEC yum -y install "${ADDITIONAL_DEPS[@]}"
|
||||
+ $DOCKER_EXEC yum-builddep -y systemd
|
||||
+ ;;
|
||||
+ RUN)
|
||||
+ info "Run phase"
|
||||
+ # Build systemd
|
||||
+ $DOCKER_EXEC ./autogen.sh
|
||||
+ $DOCKER_EXEC ./configure --disable-timesyncd --disable-kdbus --disable-terminal \
|
||||
+ --enable-gtk-doc --enable-compat-libs --disable-sysusers \
|
||||
+ --disable-ldconfig --enable-lz4 --with-sysvinit-path=/etc/rc.d/init.d
|
||||
+ $DOCKER_EXEC make
|
||||
+ if ! $DOCKER_EXEC make check; then
|
||||
+ $DOCKER_EXEC cat test-suite.log
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ ;;
|
||||
+ CLEANUP)
|
||||
+ info "Cleanup phase"
|
||||
+ docker stop $CONT_NAME
|
||||
+ docker rm -f $CONT_NAME
|
||||
+ ;;
|
||||
+ *)
|
||||
+ echo >&2 "Unknown phase '$phase'"
|
||||
+ exit 1
|
||||
+ esac
|
||||
+done
|
||||
diff --git a/ci/travis_wait.bash b/ci/travis_wait.bash
|
||||
new file mode 100644
|
||||
index 0000000000..acf6ad15e4
|
||||
--- /dev/null
|
||||
+++ b/ci/travis_wait.bash
|
||||
@@ -0,0 +1,61 @@
|
||||
+# This was borrowed from https://github.com/travis-ci/travis-build/tree/master/lib/travis/build/bash
|
||||
+# to get around https://github.com/travis-ci/travis-ci/issues/9979. It should probably be removed
|
||||
+# as soon as Travis CI has started to provide an easy way to export the functions to bash scripts.
|
||||
+
|
||||
+travis_jigger() {
|
||||
+ local cmd_pid="${1}"
|
||||
+ shift
|
||||
+ local timeout="${1}"
|
||||
+ shift
|
||||
+ local count=0
|
||||
+
|
||||
+ echo -e "\\n"
|
||||
+
|
||||
+ while [[ "${count}" -lt "${timeout}" ]]; do
|
||||
+ count="$((count + 1))"
|
||||
+ echo -ne "Still running (${count} of ${timeout}): ${*}\\r"
|
||||
+ sleep 60
|
||||
+ done
|
||||
+
|
||||
+ echo -e "\\n${ANSI_RED}Timeout (${timeout} minutes) reached. Terminating \"${*}\"${ANSI_RESET}\\n"
|
||||
+ kill -9 "${cmd_pid}"
|
||||
+}
|
||||
+
|
||||
+travis_wait() {
|
||||
+ local timeout="${1}"
|
||||
+
|
||||
+ if [[ "${timeout}" =~ ^[0-9]+$ ]]; then
|
||||
+ shift
|
||||
+ else
|
||||
+ timeout=20
|
||||
+ fi
|
||||
+
|
||||
+ local cmd=("${@}")
|
||||
+ local log_file="travis_wait_${$}.log"
|
||||
+
|
||||
+ "${cmd[@]}" &>"${log_file}" &
|
||||
+ local cmd_pid="${!}"
|
||||
+
|
||||
+ travis_jigger "${!}" "${timeout}" "${cmd[@]}" &
|
||||
+ local jigger_pid="${!}"
|
||||
+ local result
|
||||
+
|
||||
+ {
|
||||
+ set +e
|
||||
+ wait "${cmd_pid}" 2>/dev/null
|
||||
+ result="${?}"
|
||||
+ ps -p"${jigger_pid}" &>/dev/null && kill "${jigger_pid}"
|
||||
+ set -e
|
||||
+ }
|
||||
+
|
||||
+ if [[ "${result}" -eq 0 ]]; then
|
||||
+ echo -e "\\n${ANSI_GREEN}The command ${cmd[*]} exited with ${result}.${ANSI_RESET}"
|
||||
+ else
|
||||
+ echo -e "\\n${ANSI_RED}The command ${cmd[*]} exited with ${result}.${ANSI_RESET}"
|
||||
+ fi
|
||||
+
|
||||
+ echo -e "\\n${ANSI_GREEN}Log:${ANSI_RESET}\\n"
|
||||
+ cat "${log_file}"
|
||||
+
|
||||
+ return "${result}"
|
||||
+}
|
|
@ -0,0 +1,175 @@
|
|||
From 45b0a38b47e07186dfe35095c7d8b1e4c2524d80 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||
Date: Mon, 14 Jan 2019 14:49:32 +0100
|
||||
Subject: [PATCH] travis: RHEL8 support
|
||||
|
||||
(cherry picked from commit e5c78840b2b124400f56cb5fbaf2357cd8901218)
|
||||
---
|
||||
.travis.yml | 8 +-
|
||||
...ravis-centos.sh => travis-centos-rhel7.sh} | 0
|
||||
ci/travis-centos-rhel8.sh | 130 ++++++++++++++++++
|
||||
3 files changed, 135 insertions(+), 3 deletions(-)
|
||||
rename ci/{travis-centos.sh => travis-centos-rhel7.sh} (100%)
|
||||
create mode 100755 ci/travis-centos-rhel8.sh
|
||||
|
||||
diff --git a/.travis.yml b/.travis.yml
|
||||
index fc63887324..1c4e6f9728 100644
|
||||
--- a/.travis.yml
|
||||
+++ b/.travis.yml
|
||||
@@ -19,11 +19,13 @@ jobs:
|
||||
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
||||
- docker --version
|
||||
install:
|
||||
- - $CI_ROOT/travis-centos.sh SETUP
|
||||
+ - RHEL_VERSION="rhel7"
|
||||
+ - [ -f meson.build ] && RHEL_VERSION="rhel8"
|
||||
+ - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh SETUP
|
||||
script:
|
||||
- set -e
|
||||
# Build systemd
|
||||
- - $CI_ROOT/travis-centos.sh RUN
|
||||
+ - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh RUN
|
||||
- set +e
|
||||
after_script:
|
||||
- - $CI_ROOT/travis-centos.sh CLEANUP
|
||||
+ - $CI_ROOT/travis-centos-${RHEL_VERSION}.sh CLEANUP
|
||||
diff --git a/ci/travis-centos.sh b/ci/travis-centos-rhel7.sh
|
||||
similarity index 100%
|
||||
rename from ci/travis-centos.sh
|
||||
rename to ci/travis-centos-rhel7.sh
|
||||
diff --git a/ci/travis-centos-rhel8.sh b/ci/travis-centos-rhel8.sh
|
||||
new file mode 100755
|
||||
index 0000000000..968603f949
|
||||
--- /dev/null
|
||||
+++ b/ci/travis-centos-rhel8.sh
|
||||
@@ -0,0 +1,130 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+# Run this script from the root of the systemd's git repository
|
||||
+# or set REPO_ROOT to a correct path.
|
||||
+#
|
||||
+# Example execution on Fedora:
|
||||
+# dnf install docker
|
||||
+# systemctl start docker
|
||||
+# export CONT_NAME="my-fancy-container"
|
||||
+# ci/travis-centos.sh SETUP RUN CLEANUP
|
||||
+
|
||||
+PHASES=(${@:-SETUP RUN CLEANUP})
|
||||
+CENTOS_RELEASE="${CENTOS_RELEASE:-latest}"
|
||||
+CONT_NAME="${CONT_NAME:-centos-$CENTOS_RELEASE-$RANDOM}"
|
||||
+DOCKER_EXEC="${DOCKER_EXEC:-docker exec -it $CONT_NAME}"
|
||||
+DOCKER_RUN="${DOCKER_RUN:-docker run}"
|
||||
+REPO_ROOT="${REPO_ROOT:-$PWD}"
|
||||
+ADDITIONAL_DEPS=(systemd-ci-environment libidn2-devel python-lxml python36 ninja-build libasan net-tools strace nc busybox e2fsprogs quota dnsmasq)
|
||||
+# Repo with additional depencencies to compile newer systemd on CentOS 7
|
||||
+COPR_REPO="https://copr.fedorainfracloud.org/coprs/mrc0mmand/systemd-centos-ci/repo/epel-7/mrc0mmand-systemd-centos-ci-epel-7.repo"
|
||||
+COPR_REPO_PATH="/etc/yum.repos.d/${COPR_REPO##*/}"
|
||||
+
|
||||
+function info() {
|
||||
+ echo -e "\033[33;1m$1\033[0m"
|
||||
+}
|
||||
+
|
||||
+set -e
|
||||
+
|
||||
+source "$(dirname $0)/travis_wait.bash"
|
||||
+
|
||||
+for phase in "${PHASES[@]}"; do
|
||||
+ case $phase in
|
||||
+ SETUP)
|
||||
+ info "Setup phase"
|
||||
+ info "Using Travis $CENTOS_RELEASE"
|
||||
+ # Pull a Docker image and start a new container
|
||||
+ docker pull centos:$CENTOS_RELEASE
|
||||
+ info "Starting container $CONT_NAME"
|
||||
+ $DOCKER_RUN -v $REPO_ROOT:/build:rw \
|
||||
+ -w /build --privileged=true --name $CONT_NAME \
|
||||
+ -dit --net=host centos:$CENTOS_RELEASE /sbin/init
|
||||
+ # Beautiful workaround for Fedora's version of Docker
|
||||
+ sleep 1
|
||||
+ $DOCKER_EXEC yum makecache
|
||||
+ $DOCKER_EXEC curl "$COPR_REPO" -o "$COPR_REPO_PATH"
|
||||
+ $DOCKER_EXEC yum -q -y install epel-release yum-utils
|
||||
+ $DOCKER_EXEC yum-config-manager -q --enable epel
|
||||
+ $DOCKER_EXEC yum -y --exclude selinux-policy\* upgrade
|
||||
+ # Install necessary build/test requirements
|
||||
+ $DOCKER_EXEC yum -y install "${ADDITIONAL_DEPS[@]}"
|
||||
+ $DOCKER_EXEC python3.6 -m ensurepip
|
||||
+ $DOCKER_EXEC python3.6 -m pip install meson
|
||||
+ # Create necessary symlinks
|
||||
+ $DOCKER_EXEC ln --force -s /usr/bin/python3.6 /usr/bin/python3
|
||||
+ $DOCKER_EXEC ln --force -s /usr/bin/ninja-build /usr/bin/ninja
|
||||
+ ;;
|
||||
+ RUN)
|
||||
+ info "Run phase"
|
||||
+ # Build systemd
|
||||
+ CONFIGURE_OPTS=(
|
||||
+ # RHEL8 options
|
||||
+ -Dsysvinit-path=/etc/rc.d/init.d
|
||||
+ -Drc-local=/etc/rc.d/rc.local
|
||||
+ -Ddns-servers=''
|
||||
+ -Ddev-kvm-mode=0666
|
||||
+ -Dkmod=true
|
||||
+ -Dxkbcommon=true
|
||||
+ -Dblkid=true
|
||||
+ -Dseccomp=true
|
||||
+ -Dima=true
|
||||
+ -Dselinux=true
|
||||
+ -Dapparmor=false
|
||||
+ -Dpolkit=true
|
||||
+ -Dxz=true
|
||||
+ -Dzlib=true
|
||||
+ -Dbzip2=true
|
||||
+ -Dlz4=true
|
||||
+ -Dpam=true
|
||||
+ -Dacl=true
|
||||
+ -Dsmack=true
|
||||
+ -Dgcrypt=true
|
||||
+ -Daudit=true
|
||||
+ -Delfutils=true
|
||||
+ -Dlibcryptsetup=true
|
||||
+ -Delfutils=true
|
||||
+ -Dqrencode=false
|
||||
+ -Dgnutls=true
|
||||
+ -Dmicrohttpd=true
|
||||
+ -Dlibidn2=true
|
||||
+ -Dlibiptc=true
|
||||
+ -Dlibcurl=true
|
||||
+ -Defi=true
|
||||
+ -Dtpm=true
|
||||
+ -Dhwdb=true
|
||||
+ -Dsysusers=true
|
||||
+ -Ddefault-kill-user-processes=false
|
||||
+ -Dtests=unsafe
|
||||
+ -Dinstall-tests=true
|
||||
+ -Dtty-gid=5
|
||||
+ -Dusers-gid=100
|
||||
+ -Dnobody-user=nobody
|
||||
+ -Dnobody-group=nobody
|
||||
+ -Dsplit-usr=false
|
||||
+ -Dsplit-bin=true
|
||||
+ -Db_lto=false
|
||||
+ -Dnetworkd=false
|
||||
+ -Dtimesyncd=false
|
||||
+ -Ddefault-hierarchy=legacy
|
||||
+ # Custom options
|
||||
+ -Dslow-tests=true
|
||||
+ -Dtests=unsafe
|
||||
+ -Dinstall-tests=true
|
||||
+ )
|
||||
+ docker exec -it -e CFLAGS='-g -O0 -ftrapv' $CONT_NAME meson build "${CONFIGURE_OPTS[@]}"
|
||||
+ $DOCKER_EXEC ninja -v -C build
|
||||
+ # "Mask" the udev-test.pl, as it requires newer version of systemd-detect-virt
|
||||
+ # and it's pointless to run it on a VM in a Docker container...
|
||||
+ echo -ne "#!/usr/bin/perl\nexit(0);\n" > "test/udev-test.pl"
|
||||
+ $DOCKER_EXEC ninja -C build test
|
||||
+ ;;
|
||||
+ CLEANUP)
|
||||
+ info "Cleanup phase"
|
||||
+ docker stop $CONT_NAME
|
||||
+ docker rm -f $CONT_NAME
|
||||
+ ;;
|
||||
+ *)
|
||||
+ echo >&2 "Unknown phase '$phase'"
|
||||
+ exit 1
|
||||
+ esac
|
||||
+done
|
|
@ -0,0 +1,37 @@
|
|||
From 2d674d48e9ca48e3bb126f20b59334100d926a23 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||
Date: Tue, 15 Jan 2019 11:03:45 +0100
|
||||
Subject: [PATCH] travis: drop the SELinux Fedora workaround
|
||||
|
||||
(cherry picked from commit 90399c456fe8cf726fc04fb7be9e2a01f9ca0eae)
|
||||
---
|
||||
ci/travis-centos-rhel7.sh | 2 +-
|
||||
ci/travis-centos-rhel8.sh | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ci/travis-centos-rhel7.sh b/ci/travis-centos-rhel7.sh
|
||||
index 60bbdf14c2..b1b3de1cc2 100755
|
||||
--- a/ci/travis-centos-rhel7.sh
|
||||
+++ b/ci/travis-centos-rhel7.sh
|
||||
@@ -40,7 +40,7 @@ for phase in "${PHASES[@]}"; do
|
||||
sleep 1
|
||||
$DOCKER_EXEC yum makecache
|
||||
# Install necessary build/test requirements
|
||||
- $DOCKER_EXEC yum -y --exclude selinux-policy\* upgrade
|
||||
+ $DOCKER_EXEC yum -y upgrade
|
||||
$DOCKER_EXEC yum -y install "${ADDITIONAL_DEPS[@]}"
|
||||
$DOCKER_EXEC yum-builddep -y systemd
|
||||
;;
|
||||
diff --git a/ci/travis-centos-rhel8.sh b/ci/travis-centos-rhel8.sh
|
||||
index 968603f949..8eda5e982f 100755
|
||||
--- a/ci/travis-centos-rhel8.sh
|
||||
+++ b/ci/travis-centos-rhel8.sh
|
||||
@@ -45,7 +45,7 @@ for phase in "${PHASES[@]}"; do
|
||||
$DOCKER_EXEC curl "$COPR_REPO" -o "$COPR_REPO_PATH"
|
||||
$DOCKER_EXEC yum -q -y install epel-release yum-utils
|
||||
$DOCKER_EXEC yum-config-manager -q --enable epel
|
||||
- $DOCKER_EXEC yum -y --exclude selinux-policy\* upgrade
|
||||
+ $DOCKER_EXEC yum -y upgrade
|
||||
# Install necessary build/test requirements
|
||||
$DOCKER_EXEC yum -y install "${ADDITIONAL_DEPS[@]}"
|
||||
$DOCKER_EXEC python3.6 -m ensurepip
|
|
@ -0,0 +1,24 @@
|
|||
From a7f87d13f6f7dd92e1f1f7617df531fa34c70b6d Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||
Date: Tue, 15 Jan 2019 14:35:27 +0100
|
||||
Subject: [PATCH] travis: fix syntax error in .travis.yml
|
||||
|
||||
(cherry picked from commit 7f9d44f527ea214347f7d3b3b067f84df53feed7)
|
||||
---
|
||||
.travis.yml | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.travis.yml b/.travis.yml
|
||||
index 1c4e6f9728..c5c9c345a9 100644
|
||||
--- a/.travis.yml
|
||||
+++ b/.travis.yml
|
||||
@@ -19,8 +19,7 @@ jobs:
|
||||
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
||||
- docker --version
|
||||
install:
|
||||
- - RHEL_VERSION="rhel7"
|
||||
- - [ -f meson.build ] && RHEL_VERSION="rhel8"
|
||||
+ - if [ -f meson.build ]; then RHEL_VERSION=rhel8; else RHEL_VERSION=rhel7; fi
|
||||
- $CI_ROOT/travis-centos-${RHEL_VERSION}.sh SETUP
|
||||
script:
|
||||
- set -e
|
|
@ -0,0 +1,40 @@
|
|||
From 63e71bda5a00c04c16f330cfc0e6f91e7dcead59 Mon Sep 17 00:00:00 2001
|
||||
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||
Date: Thu, 17 Jan 2019 12:03:10 +0100
|
||||
Subject: [PATCH] travis: reboot the container before running tests
|
||||
|
||||
---
|
||||
ci/travis-centos-rhel7.sh | 4 ++++
|
||||
ci/travis-centos-rhel8.sh | 4 ++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/ci/travis-centos-rhel7.sh b/ci/travis-centos-rhel7.sh
|
||||
index b1b3de1cc2..73416798ed 100755
|
||||
--- a/ci/travis-centos-rhel7.sh
|
||||
+++ b/ci/travis-centos-rhel7.sh
|
||||
@@ -52,6 +52,10 @@ for phase in "${PHASES[@]}"; do
|
||||
--enable-gtk-doc --enable-compat-libs --disable-sysusers \
|
||||
--disable-ldconfig --enable-lz4 --with-sysvinit-path=/etc/rc.d/init.d
|
||||
$DOCKER_EXEC make
|
||||
+ # Let's install the new systemd and "reboot" the container to avoid
|
||||
+ # unexpected fails due to incompatibilities with older systemd
|
||||
+ $DOCKER_EXEC make install
|
||||
+ docker restart $CONT_NAME
|
||||
if ! $DOCKER_EXEC make check; then
|
||||
$DOCKER_EXEC cat test-suite.log
|
||||
exit 1
|
||||
diff --git a/ci/travis-centos-rhel8.sh b/ci/travis-centos-rhel8.sh
|
||||
index 8eda5e982f..1f72d984e0 100755
|
||||
--- a/ci/travis-centos-rhel8.sh
|
||||
+++ b/ci/travis-centos-rhel8.sh
|
||||
@@ -113,6 +113,10 @@ for phase in "${PHASES[@]}"; do
|
||||
)
|
||||
docker exec -it -e CFLAGS='-g -O0 -ftrapv' $CONT_NAME meson build "${CONFIGURE_OPTS[@]}"
|
||||
$DOCKER_EXEC ninja -v -C build
|
||||
+ # Let's install the new systemd and "reboot" the container to avoid
|
||||
+ # unexpected fails due to incompatibilities with older systemd
|
||||
+ $DOCKER_EXEC ninja -C build install
|
||||
+ docker restart $CONT_NAME
|
||||
# "Mask" the udev-test.pl, as it requires newer version of systemd-detect-virt
|
||||
# and it's pointless to run it on a VM in a Docker container...
|
||||
echo -ne "#!/usr/bin/perl\nexit(0);\n" > "test/udev-test.pl"
|
|
@ -0,0 +1,35 @@
|
|||
From af43906bb0c8f2bb3b135d68d56ea2fa58fa9e60 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Dec 2018 17:33:15 +0100
|
||||
Subject: [PATCH] coredump: remove duplicate MESSAGE= prefix from message
|
||||
|
||||
systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
|
||||
systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...
|
||||
|
||||
log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
|
||||
which appends MESSAGE= on its own.
|
||||
|
||||
(cherry-picked from commit 4f62556d71206ac814a020a954b397d4940e14c3)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/coredump/coredump.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
|
||||
index 20a1cbdd45..d7dd81c1b4 100644
|
||||
--- a/src/coredump/coredump.c
|
||||
+++ b/src/coredump/coredump.c
|
||||
@@ -789,9 +789,10 @@ log:
|
||||
return log_oom();
|
||||
|
||||
if (journald_crash) {
|
||||
- /* We cannot log to the journal, so just print the MESSAGE.
|
||||
+ /* We cannot log to the journal, so just print the message.
|
||||
* The target was set previously to something safe. */
|
||||
- log_dispatch(LOG_ERR, 0, core_message);
|
||||
+ assert(startswith(core_message, "MESSAGE="));
|
||||
+ log_dispatch(LOG_ERR, 0, core_message + strlen("MESSAGE="));
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
From 285e4d2ce6a8836ce7bf2e889d43b7272f7ccc1b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Dec 2018 17:53:50 +0100
|
||||
Subject: [PATCH] journald: remove unnecessary {}
|
||||
|
||||
(cherry-picked from commit bc2762a309132a34db1797d8b5792d5747a94484)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/journal/journald-server.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
|
||||
index 4f1550ec5b..ce2446a2f1 100644
|
||||
--- a/src/journal/journald-server.c
|
||||
+++ b/src/journal/journald-server.c
|
||||
@@ -1124,8 +1124,7 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
|
||||
return log_error_errno(errno, "recvmsg() failed: %m");
|
||||
}
|
||||
|
||||
- CMSG_FOREACH(cmsg, &msghdr) {
|
||||
-
|
||||
+ CMSG_FOREACH(cmsg, &msghdr)
|
||||
if (cmsg->cmsg_level == SOL_SOCKET &&
|
||||
cmsg->cmsg_type == SCM_CREDENTIALS &&
|
||||
cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
|
||||
@@ -1143,7 +1142,6 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
|
||||
fds = (int*) CMSG_DATA(cmsg);
|
||||
n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
|
||||
}
|
||||
- }
|
||||
|
||||
/* And a trailing NUL, just in case */
|
||||
s->buffer[n] = 0;
|
|
@ -0,0 +1,202 @@
|
|||
From b6c10945e68949edc6418f48ca7b1b748fefabe1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Dec 2018 18:38:39 +0100
|
||||
Subject: [PATCH] journald: do not store the iovec entry for process
|
||||
commandline on stack
|
||||
|
||||
This fixes a crash where we would read the commandline, whose length is under
|
||||
control of the sending program, and then crash when trying to create a stack
|
||||
allocation for it.
|
||||
|
||||
CVE-2018-16864
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1653855
|
||||
|
||||
The message actually doesn't get written to disk, because
|
||||
journal_file_append_entry() returns -E2BIG.
|
||||
|
||||
(cherry-picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
|
||||
|
||||
Resolves: #1664976
|
||||
---
|
||||
src/basic/io-util.c | 10 ++++++++++
|
||||
src/basic/io-util.h | 2 ++
|
||||
src/coredump/coredump.c | 31 +++++++++++--------------------
|
||||
src/journal/journald-server.c | 25 +++++++++++++++----------
|
||||
4 files changed, 38 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/src/basic/io-util.c b/src/basic/io-util.c
|
||||
index 1f64cc933b..575398fbe6 100644
|
||||
--- a/src/basic/io-util.c
|
||||
+++ b/src/basic/io-util.c
|
||||
@@ -8,6 +8,7 @@
|
||||
#include <unistd.h>
|
||||
|
||||
#include "io-util.h"
|
||||
+#include "string-util.h"
|
||||
#include "time-util.h"
|
||||
|
||||
int flush_fd(int fd) {
|
||||
@@ -252,3 +253,12 @@ ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length) {
|
||||
|
||||
return q - (const uint8_t*) p;
|
||||
}
|
||||
+
|
||||
+char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
|
||||
+ char *x;
|
||||
+
|
||||
+ x = strappend(field, value);
|
||||
+ if (x)
|
||||
+ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
|
||||
+ return x;
|
||||
+}
|
||||
diff --git a/src/basic/io-util.h b/src/basic/io-util.h
|
||||
index ed189b5820..792a64ad5e 100644
|
||||
--- a/src/basic/io-util.h
|
||||
+++ b/src/basic/io-util.h
|
||||
@@ -71,3 +71,5 @@ static inline bool FILE_SIZE_VALID_OR_INFINITY(uint64_t l) {
|
||||
#define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len)
|
||||
#define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string))
|
||||
#define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string)
|
||||
+
|
||||
+char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value);
|
||||
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
|
||||
index d7dd81c1b4..ffa88f612d 100644
|
||||
--- a/src/coredump/coredump.c
|
||||
+++ b/src/coredump/coredump.c
|
||||
@@ -1054,19 +1054,10 @@ static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static char* set_iovec_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
|
||||
- char *x;
|
||||
-
|
||||
- x = strappend(field, value);
|
||||
- if (x)
|
||||
- iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
|
||||
- return x;
|
||||
-}
|
||||
-
|
||||
static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const char *field, char *value) {
|
||||
char *x;
|
||||
|
||||
- x = set_iovec_field(iovec, n_iovec, field, value);
|
||||
+ x = set_iovec_string_field(iovec, n_iovec, field, value);
|
||||
free(value);
|
||||
return x;
|
||||
}
|
||||
@@ -1116,36 +1107,36 @@ static int gather_pid_metadata(
|
||||
disable_coredumps();
|
||||
}
|
||||
|
||||
- set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
|
||||
+ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
|
||||
}
|
||||
|
||||
if (cg_pid_get_user_unit(pid, &t) >= 0)
|
||||
set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);
|
||||
|
||||
/* The next few are mandatory */
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
|
||||
return log_oom();
|
||||
|
||||
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
|
||||
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
|
||||
return log_oom();
|
||||
|
||||
if (context[CONTEXT_EXE] &&
|
||||
- !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
|
||||
+ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
|
||||
return log_oom();
|
||||
|
||||
if (sd_pid_get_session(pid, &t) >= 0)
|
||||
@@ -1213,7 +1204,7 @@ static int gather_pid_metadata(
|
||||
iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t);
|
||||
|
||||
if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
|
||||
- set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
|
||||
+ set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
|
||||
|
||||
return 0; /* we successfully acquired all metadata */
|
||||
}
|
||||
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
|
||||
index ce2446a2f1..8de45552f6 100644
|
||||
--- a/src/journal/journald-server.c
|
||||
+++ b/src/journal/journald-server.c
|
||||
@@ -753,6 +753,7 @@ static void dispatch_message_real(
|
||||
pid_t object_pid) {
|
||||
|
||||
char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
|
||||
+ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
|
||||
uid_t journal_uid;
|
||||
ClientContext *o;
|
||||
|
||||
@@ -769,20 +770,23 @@ static void dispatch_message_real(
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
|
||||
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE");
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
|
||||
|
||||
- IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
|
||||
+ if (c->cmdline)
|
||||
+ /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
|
||||
+ * Let's use a heap allocation for this one. */
|
||||
+ cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
|
||||
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
|
||||
+ IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
|
||||
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP");
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT");
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
|
||||
@@ -803,13 +807,14 @@ static void dispatch_message_real(
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
|
||||
|
||||
+ /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
|
||||
IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE");
|
||||
- IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
|
||||
+ if (o->cmdline)
|
||||
+ cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
|
||||
|
||||
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
|
||||
IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
|
||||
-
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
|
||||
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
|
||||
|
|
@ -0,0 +1,159 @@
|
|||
From 6298317e2d0dffb1ff4ecebedb8709645de36b6a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Dec 2018 18:48:23 +0100
|
||||
Subject: [PATCH] basic/process-util: limit command line lengths to _SC_ARG_MAX
|
||||
|
||||
This affects systemd-journald and systemd-coredump.
|
||||
|
||||
Example entry:
|
||||
$ journalctl -o export -n1 'MESSAGE=Something logged'
|
||||
__CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0
|
||||
__REALTIME_TIMESTAMP=1544035467475864
|
||||
__MONOTONIC_TIMESTAMP=858200964562
|
||||
_BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06
|
||||
PRIORITY=6
|
||||
_UID=1000
|
||||
_GID=1000
|
||||
_CAP_EFFECTIVE=0
|
||||
_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
|
||||
_AUDIT_SESSION=1
|
||||
_AUDIT_LOGINUID=1000
|
||||
_SYSTEMD_OWNER_UID=1000
|
||||
_SYSTEMD_UNIT=user@1000.service
|
||||
_SYSTEMD_SLICE=user-1000.slice
|
||||
_SYSTEMD_USER_SLICE=-.slice
|
||||
_SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e
|
||||
_MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0
|
||||
_HOSTNAME=krowka
|
||||
_TRANSPORT=syslog
|
||||
SYSLOG_FACILITY=17
|
||||
SYSLOG_IDENTIFIER=syslog-caller
|
||||
MESSAGE=Something logged
|
||||
_COMM=poc
|
||||
_EXE=/home/zbyszek/src/systemd-work3/poc
|
||||
_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
|
||||
_SYSTEMD_USER_UNIT=gnome-terminal-server.service
|
||||
SYSLOG_PID=4108
|
||||
SYSLOG_TIMESTAMP=Dec 5 19:44:27
|
||||
_PID=4108
|
||||
_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
|
||||
_SOURCE_REALTIME_TIMESTAMP=1544035467475848
|
||||
|
||||
$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
|
||||
6 2053 2097410
|
||||
|
||||
2MB might be hard for some clients to use meaningfully, but OTOH, it is
|
||||
important to log the full commandline sometimes. For example, when the program
|
||||
is crashing, the exact argument list is useful.
|
||||
|
||||
(cherry-picked from commit 2d5d2e0cc5171c6795d2a485841474345d9e30ab)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/basic/process-util.c | 73 ++++++++++++++--------------------------
|
||||
1 file changed, 25 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
|
||||
index 0a4f917cbd..a20f1e3ccf 100644
|
||||
--- a/src/basic/process-util.c
|
||||
+++ b/src/basic/process-util.c
|
||||
@@ -128,6 +128,13 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
|
||||
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
||||
|
||||
+ if (max_length == 0) {
|
||||
+ /* This is supposed to be a safety guard against runaway command lines. */
|
||||
+ long l = sysconf(_SC_ARG_MAX);
|
||||
+ assert(l > 0);
|
||||
+ max_length = l;
|
||||
+ }
|
||||
+
|
||||
if (max_length == 1) {
|
||||
|
||||
/* If there's only room for one byte, return the empty string */
|
||||
@@ -138,32 +145,6 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
*line = ans;
|
||||
return 0;
|
||||
|
||||
- } else if (max_length == 0) {
|
||||
- size_t len = 0, allocated = 0;
|
||||
-
|
||||
- while ((c = getc(f)) != EOF) {
|
||||
-
|
||||
- if (!GREEDY_REALLOC(ans, allocated, len+3)) {
|
||||
- free(ans);
|
||||
- return -ENOMEM;
|
||||
- }
|
||||
-
|
||||
- if (isprint(c)) {
|
||||
- if (space) {
|
||||
- ans[len++] = ' ';
|
||||
- space = false;
|
||||
- }
|
||||
-
|
||||
- ans[len++] = c;
|
||||
- } else if (len > 0)
|
||||
- space = true;
|
||||
- }
|
||||
-
|
||||
- if (len > 0)
|
||||
- ans[len] = '\0';
|
||||
- else
|
||||
- ans = mfree(ans);
|
||||
-
|
||||
} else {
|
||||
bool dotdotdot = false;
|
||||
size_t left;
|
||||
@@ -235,34 +216,30 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
if (h < 0)
|
||||
return h;
|
||||
|
||||
- if (max_length == 0)
|
||||
- ans = strjoin("[", t, "]");
|
||||
- else {
|
||||
- size_t l;
|
||||
-
|
||||
- l = strlen(t);
|
||||
+ size_t l = strlen(t);
|
||||
|
||||
- if (l + 3 <= max_length)
|
||||
- ans = strjoin("[", t, "]");
|
||||
- else if (max_length <= 6) {
|
||||
+ if (l + 3 <= max_length) {
|
||||
+ ans = strjoin("[", t, "]");
|
||||
+ if (!ans)
|
||||
+ return -ENOMEM;
|
||||
|
||||
- ans = new(char, max_length);
|
||||
- if (!ans)
|
||||
- return -ENOMEM;
|
||||
+ } else if (max_length <= 6) {
|
||||
+ ans = new(char, max_length);
|
||||
+ if (!ans)
|
||||
+ return -ENOMEM;
|
||||
|
||||
- memcpy(ans, "[...]", max_length-1);
|
||||
- ans[max_length-1] = 0;
|
||||
- } else {
|
||||
- t[max_length - 6] = 0;
|
||||
+ memcpy(ans, "[...]", max_length-1);
|
||||
+ ans[max_length-1] = 0;
|
||||
+ } else {
|
||||
+ t[max_length - 6] = 0;
|
||||
|
||||
- /* Chop off final spaces */
|
||||
- delete_trailing_chars(t, WHITESPACE);
|
||||
+ /* Chop off final spaces */
|
||||
+ delete_trailing_chars(t, WHITESPACE);
|
||||
|
||||
- ans = strjoin("[", t, "...]");
|
||||
- }
|
||||
+ ans = strjoin("[", t, "...]");
|
||||
+ if (!ans)
|
||||
+ return -ENOMEM;
|
||||
}
|
||||
- if (!ans)
|
||||
- return -ENOMEM;
|
||||
}
|
||||
|
||||
*line = ans;
|
|
@ -0,0 +1,33 @@
|
|||
From 04326c02ca80666e66a5da8e6a46c2fc4476000c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 5 Dec 2018 21:34:24 +0100
|
||||
Subject: [PATCH] coredump: fix message when we fail to save a journald
|
||||
coredump
|
||||
|
||||
If creation of the message failed, we'd write a bogus entry:
|
||||
systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
|
||||
systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
|
||||
systemd-coredump[1400]: Coredump diverted to
|
||||
|
||||
(cherry-picked from commit f0136e09221364f931c3a3b715da4e4d3ee9f2ac)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/coredump/coredump.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
|
||||
index ffa88f612d..2a130e8838 100644
|
||||
--- a/src/coredump/coredump.c
|
||||
+++ b/src/coredump/coredump.c
|
||||
@@ -783,8 +783,8 @@ log:
|
||||
core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
|
||||
" (", context[CONTEXT_COMM], ") of user ",
|
||||
context[CONTEXT_UID], " dumped core.",
|
||||
- journald_crash ? "\nCoredump diverted to " : NULL,
|
||||
- journald_crash ? filename : NULL);
|
||||
+ journald_crash && filename ? "\nCoredump diverted to " : NULL,
|
||||
+ journald_crash && filename ? filename : NULL);
|
||||
if (!core_message)
|
||||
return log_oom();
|
||||
|
|
@ -0,0 +1,104 @@
|
|||
From 60b831ef50e435b66ddd99e635a5112e121c7cb3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 22 Jan 2019 15:43:07 +0100
|
||||
Subject: [PATCH] procfs-util: expose functionality to query total memory
|
||||
|
||||
procfs_memory_get_current is renamed to procfs_memory_get_used, because
|
||||
"current" can mean anything, including total memory, used memory, and free
|
||||
memory, as long as the value is up to date.
|
||||
|
||||
No functional change.
|
||||
|
||||
(cherry-picked from commit c482724aa5c5d0b1391fcf958a9a3ea6ce73a085)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/basic/procfs-util.c | 9 +++++----
|
||||
src/basic/procfs-util.h | 5 ++++-
|
||||
src/cgtop/cgtop.c | 2 +-
|
||||
src/core/cgroup.c | 2 +-
|
||||
src/test/test-procfs-util.c | 2 +-
|
||||
5 files changed, 12 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
|
||||
index a159e344b3..7aaf95bfce 100644
|
||||
--- a/src/basic/procfs-util.c
|
||||
+++ b/src/basic/procfs-util.c
|
||||
@@ -201,13 +201,11 @@ int procfs_cpu_get_usage(nsec_t *ret) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int procfs_memory_get_current(uint64_t *ret) {
|
||||
+int procfs_memory_get(uint64_t *ret_total, uint64_t *ret_used) {
|
||||
uint64_t mem_total = UINT64_MAX, mem_free = UINT64_MAX;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
- assert(ret);
|
||||
-
|
||||
f = fopen("/proc/meminfo", "re");
|
||||
if (!f)
|
||||
return -errno;
|
||||
@@ -262,6 +260,9 @@ int procfs_memory_get_current(uint64_t *ret) {
|
||||
if (mem_free > mem_total)
|
||||
return -EINVAL;
|
||||
|
||||
- *ret = (mem_total - mem_free) * 1024U;
|
||||
+ if (ret_total)
|
||||
+ *ret_total = mem_total * 1024U;
|
||||
+ if (ret_used)
|
||||
+ *ret_used = (mem_total - mem_free) * 1024U;
|
||||
return 0;
|
||||
}
|
||||
diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
|
||||
index f697ed92bc..5a44e9eff7 100644
|
||||
--- a/src/basic/procfs-util.h
|
||||
+++ b/src/basic/procfs-util.h
|
||||
@@ -11,4 +11,7 @@ int procfs_tasks_get_current(uint64_t *ret);
|
||||
|
||||
int procfs_cpu_get_usage(nsec_t *ret);
|
||||
|
||||
-int procfs_memory_get_current(uint64_t *ret);
|
||||
+int procfs_memory_get(uint64_t *ret_total, uint64_t *ret_used);
|
||||
+static inline int procfs_memory_get_used(uint64_t *ret) {
|
||||
+ return procfs_memory_get(NULL, ret);
|
||||
+}
|
||||
diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c
|
||||
index 8dda08ab4c..792b13a43d 100644
|
||||
--- a/src/cgtop/cgtop.c
|
||||
+++ b/src/cgtop/cgtop.c
|
||||
@@ -297,7 +297,7 @@ static int process(
|
||||
} else if (streq(controller, "memory")) {
|
||||
|
||||
if (is_root_cgroup(path)) {
|
||||
- r = procfs_memory_get_current(&g->memory);
|
||||
+ r = procfs_memory_get_used(&g->memory);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else {
|
||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
||||
index bb02436203..62ab41a288 100644
|
||||
--- a/src/core/cgroup.c
|
||||
+++ b/src/core/cgroup.c
|
||||
@@ -2402,7 +2402,7 @@ int unit_get_memory_current(Unit *u, uint64_t *ret) {
|
||||
|
||||
/* The root cgroup doesn't expose this information, let's get it from /proc instead */
|
||||
if (unit_has_root_cgroup(u))
|
||||
- return procfs_memory_get_current(ret);
|
||||
+ return procfs_memory_get_used(ret);
|
||||
|
||||
if ((u->cgroup_realized_mask & CGROUP_MASK_MEMORY) == 0)
|
||||
return -ENODATA;
|
||||
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
|
||||
index 08af380cc7..1d0612985b 100644
|
||||
--- a/src/test/test-procfs-util.c
|
||||
+++ b/src/test/test-procfs-util.c
|
||||
@@ -18,7 +18,7 @@ int main(int argc, char *argv[]) {
|
||||
assert_se(procfs_cpu_get_usage(&nsec) >= 0);
|
||||
log_info("Current system CPU time: %s", format_timespan(buf, sizeof(buf), nsec/NSEC_PER_USEC, 1));
|
||||
|
||||
- assert_se(procfs_memory_get_current(&v) >= 0);
|
||||
+ assert_se(procfs_memory_get_used(&v) >= 0);
|
||||
log_info("Current memory usage: %s", format_bytes(buf, sizeof(buf), v));
|
||||
|
||||
assert_se(procfs_tasks_get_current(&v) >= 0);
|
|
@ -0,0 +1,114 @@
|
|||
From ee14a2bd3d95b5d15e4d72ee2582b366e5009a86 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 26 Jan 2019 11:27:18 +0100
|
||||
Subject: [PATCH] basic/prioq: add prioq_peek_item()
|
||||
|
||||
(cherry-picked from commit ef21b3b5bf824e652addf850bcfd9374c7b33ce8)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/basic/prioq.c | 7 +++----
|
||||
src/basic/prioq.h | 8 +++++++-
|
||||
src/test/test-prioq.c | 23 +++++++++++++++++------
|
||||
3 files changed, 27 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/basic/prioq.c b/src/basic/prioq.c
|
||||
index ef28a086d1..0bf58c1f16 100644
|
||||
--- a/src/basic/prioq.c
|
||||
+++ b/src/basic/prioq.c
|
||||
@@ -259,15 +259,14 @@ int prioq_reshuffle(Prioq *q, void *data, unsigned *idx) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
-void *prioq_peek(Prioq *q) {
|
||||
-
|
||||
+void *prioq_peek_by_index(Prioq *q, unsigned idx) {
|
||||
if (!q)
|
||||
return NULL;
|
||||
|
||||
- if (q->n_items <= 0)
|
||||
+ if (idx >= q->n_items)
|
||||
return NULL;
|
||||
|
||||
- return q->items[0].data;
|
||||
+ return q->items[idx].data;
|
||||
}
|
||||
|
||||
void *prioq_pop(Prioq *q) {
|
||||
diff --git a/src/basic/prioq.h b/src/basic/prioq.h
|
||||
index e036175260..c381523525 100644
|
||||
--- a/src/basic/prioq.h
|
||||
+++ b/src/basic/prioq.h
|
||||
@@ -18,8 +18,14 @@ int prioq_put(Prioq *q, void *data, unsigned *idx);
|
||||
int prioq_remove(Prioq *q, void *data, unsigned *idx);
|
||||
int prioq_reshuffle(Prioq *q, void *data, unsigned *idx);
|
||||
|
||||
-void *prioq_peek(Prioq *q) _pure_;
|
||||
+void *prioq_peek_by_index(Prioq *q, unsigned idx) _pure_;
|
||||
+static inline void *prioq_peek(Prioq *q) {
|
||||
+ return prioq_peek_by_index(q, 0);
|
||||
+}
|
||||
void *prioq_pop(Prioq *q);
|
||||
|
||||
+#define PRIOQ_FOREACH_ITEM(q, p) \
|
||||
+ for (unsigned _i = 0; (p = prioq_peek_by_index(q, _i)); _i++)
|
||||
+
|
||||
unsigned prioq_size(Prioq *q) _pure_;
|
||||
bool prioq_isempty(Prioq *q) _pure_;
|
||||
diff --git a/src/test/test-prioq.c b/src/test/test-prioq.c
|
||||
index 89c41d8ce7..ece13808ed 100644
|
||||
--- a/src/test/test-prioq.c
|
||||
+++ b/src/test/test-prioq.c
|
||||
@@ -87,6 +87,7 @@ static void test_struct(void) {
|
||||
Set *s;
|
||||
unsigned previous = 0, i;
|
||||
int r;
|
||||
+ struct test *t;
|
||||
|
||||
srand(0);
|
||||
|
||||
@@ -96,9 +97,12 @@ static void test_struct(void) {
|
||||
s = set_new(&test_hash_ops);
|
||||
assert_se(s);
|
||||
|
||||
- for (i = 0; i < SET_SIZE; i++) {
|
||||
- struct test *t;
|
||||
+ assert_se(prioq_peek(q) == NULL);
|
||||
+ assert_se(prioq_peek_by_index(q, 0) == NULL);
|
||||
+ assert_se(prioq_peek_by_index(q, 1) == NULL);
|
||||
+ assert_se(prioq_peek_by_index(q, (unsigned) -1) == NULL);
|
||||
|
||||
+ for (i = 0; i < SET_SIZE; i++) {
|
||||
t = new0(struct test, 1);
|
||||
assert_se(t);
|
||||
t->value = (unsigned) rand();
|
||||
@@ -112,9 +116,18 @@ static void test_struct(void) {
|
||||
}
|
||||
}
|
||||
|
||||
- for (;;) {
|
||||
- struct test *t;
|
||||
+ for (i = 0; i < SET_SIZE; i++)
|
||||
+ assert_se(prioq_peek_by_index(q, i));
|
||||
+ assert_se(prioq_peek_by_index(q, SET_SIZE) == NULL);
|
||||
+
|
||||
+ unsigned count = 0;
|
||||
+ PRIOQ_FOREACH_ITEM(q, t) {
|
||||
+ assert_se(t);
|
||||
+ count++;
|
||||
+ }
|
||||
+ assert_se(count == SET_SIZE);
|
||||
|
||||
+ for (;;) {
|
||||
t = set_steal_first(s);
|
||||
if (!t)
|
||||
break;
|
||||
@@ -126,8 +139,6 @@ static void test_struct(void) {
|
||||
}
|
||||
|
||||
for (i = 0; i < SET_SIZE * 3 / 4; i++) {
|
||||
- struct test *t;
|
||||
-
|
||||
assert_se(prioq_size(q) == (SET_SIZE * 3 / 4) - i);
|
||||
|
||||
t = prioq_pop(q);
|
|
@ -0,0 +1,81 @@
|
|||
From de72fa6b0582b95216215cc1400412fe91bc8ba3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 22 Jan 2019 16:12:52 +0100
|
||||
Subject: [PATCH] journal: limit the number of entries in the cache based on
|
||||
available memory
|
||||
|
||||
This is far from perfect, but should give mostly reasonable values. My
|
||||
assumption is that if somebody has a few hundred MB of memory, they are
|
||||
unlikely to have thousands of processes logging. A hundred would already be a
|
||||
lot. So let's scale the cache size propritionally to the total memory size,
|
||||
with clamping on both ends.
|
||||
|
||||
The formula gives 64 cache entries for each GB of RAM.
|
||||
|
||||
(cherry-picked from commit b12a480829c5ca8f4d4fa9cde8716b5f2f12a3ad)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/journal/journald-context.c | 35 ++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 33 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
|
||||
index ce07de1bfb..0f0dc1de4d 100644
|
||||
--- a/src/journal/journald-context.c
|
||||
+++ b/src/journal/journald-context.c
|
||||
@@ -14,6 +14,7 @@
|
||||
#include "journal-util.h"
|
||||
#include "journald-context.h"
|
||||
#include "process-util.h"
|
||||
+#include "procfs-util.h"
|
||||
#include "string-util.h"
|
||||
#include "syslog-util.h"
|
||||
#include "unaligned.h"
|
||||
@@ -58,7 +59,37 @@
|
||||
/* Keep at most 16K entries in the cache. (Note though that this limit may be violated if enough streams pin entries in
|
||||
* the cache, in which case we *do* permit this limit to be breached. That's safe however, as the number of stream
|
||||
* clients itself is limited.) */
|
||||
-#define CACHE_MAX (16*1024)
|
||||
+#define CACHE_MAX_FALLBACK 128U
|
||||
+#define CACHE_MAX_MAX (16*1024U)
|
||||
+#define CACHE_MAX_MIN 64U
|
||||
+
|
||||
+static size_t cache_max(void) {
|
||||
+ static size_t cached = -1;
|
||||
+
|
||||
+ if (cached == (size_t) -1) {
|
||||
+ uint64_t mem_total;
|
||||
+ int r;
|
||||
+
|
||||
+ r = procfs_memory_get(&mem_total, NULL);
|
||||
+ if (r < 0) {
|
||||
+ log_warning_errno(r, "Cannot query /proc/meminfo for MemTotal: %m");
|
||||
+ cached = CACHE_MAX_FALLBACK;
|
||||
+ } else {
|
||||
+ /* Cache entries are usually a few kB, but the process cmdline is controlled by the
|
||||
+ * user and can be up to _SC_ARG_MAX, usually 2MB. Let's say that approximately up to
|
||||
+ * 1/8th of memory may be used by the cache.
|
||||
+ *
|
||||
+ * In the common case, this formula gives 64 cache entries for each GB of RAM.
|
||||
+ */
|
||||
+ long l = sysconf(_SC_ARG_MAX);
|
||||
+ assert(l > 0);
|
||||
+
|
||||
+ cached = CLAMP(mem_total / 8 / (uint64_t) l, CACHE_MAX_MIN, CACHE_MAX_MAX);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return cached;
|
||||
+}
|
||||
|
||||
static int client_context_compare(const void *a, const void *b) {
|
||||
const ClientContext *x = a, *y = b;
|
||||
@@ -587,7 +618,7 @@ static int client_context_get_internal(
|
||||
return 0;
|
||||
}
|
||||
|
||||
- client_context_try_shrink_to(s, CACHE_MAX-1);
|
||||
+ client_context_try_shrink_to(s, cache_max()-1);
|
||||
|
||||
r = client_context_new(s, pid, &c);
|
||||
if (r < 0)
|
|
@ -0,0 +1,77 @@
|
|||
From 8da81d2aba2768ced497790cc05b9f73c6268833 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 22 Jan 2019 17:30:48 +0100
|
||||
Subject: [PATCH] journald: periodically drop cache for all dead PIDs
|
||||
|
||||
In normal use, this allow us to drop dead entries from the cache and reduces
|
||||
the cache size so that we don't evict entries unnecessarily. The time limit is
|
||||
there mostly to serve as a guard against malicious logging from many different
|
||||
PIDs.
|
||||
|
||||
(cherry-picked from commit 91714a7f427a6c9c5c3be8b3819fee45050028f3)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/journal/journald-context.c | 28 ++++++++++++++++++++++++++--
|
||||
src/journal/journald-server.h | 2 ++
|
||||
2 files changed, 28 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
|
||||
index 0f0dc1de4d..51f79fd803 100644
|
||||
--- a/src/journal/journald-context.c
|
||||
+++ b/src/journal/journald-context.c
|
||||
@@ -541,15 +541,39 @@ refresh:
|
||||
}
|
||||
|
||||
static void client_context_try_shrink_to(Server *s, size_t limit) {
|
||||
+ ClientContext *c;
|
||||
+ usec_t t;
|
||||
+
|
||||
assert(s);
|
||||
|
||||
+ /* Flush any cache entries for PIDs that have already moved on. Don't do this
|
||||
+ * too often, since it's a slow process. */
|
||||
+ t = now(CLOCK_MONOTONIC);
|
||||
+ if (s->last_cache_pid_flush + MAX_USEC < t) {
|
||||
+ unsigned n = prioq_size(s->client_contexts_lru), idx = 0;
|
||||
+
|
||||
+ /* We do a number of iterations based on the initial size of the prioq. When we remove an
|
||||
+ * item, a new item is moved into its places, and items to the right might be reshuffled.
|
||||
+ */
|
||||
+ for (unsigned i = 0; i < n; i++) {
|
||||
+ c = prioq_peek_by_index(s->client_contexts_lru, idx);
|
||||
+
|
||||
+ assert(c->n_ref == 0);
|
||||
+
|
||||
+ if (!pid_is_unwaited(c->pid))
|
||||
+ client_context_free(s, c);
|
||||
+ else
|
||||
+ idx ++;
|
||||
+ }
|
||||
+
|
||||
+ s->last_cache_pid_flush = t;
|
||||
+ }
|
||||
+
|
||||
/* Bring the number of cache entries below the indicated limit, so that we can create a new entry without
|
||||
* breaching the limit. Note that we only flush out entries that aren't pinned here. This means the number of
|
||||
* cache entries may very well grow beyond the limit, if all entries stored remain pinned. */
|
||||
|
||||
while (hashmap_size(s->client_contexts) > limit) {
|
||||
- ClientContext *c;
|
||||
-
|
||||
c = prioq_pop(s->client_contexts_lru);
|
||||
if (!c)
|
||||
break; /* All remaining entries are pinned, give up */
|
||||
diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
|
||||
index 983be8bb89..c6c9b1fb1d 100644
|
||||
--- a/src/journal/journald-server.h
|
||||
+++ b/src/journal/journald-server.h
|
||||
@@ -163,6 +163,8 @@ struct Server {
|
||||
Hashmap *client_contexts;
|
||||
Prioq *client_contexts_lru;
|
||||
|
||||
+ usec_t last_cache_pid_flush;
|
||||
+
|
||||
ClientContext *my_context; /* the context of journald itself */
|
||||
ClientContext *pid1_context; /* the context of PID 1 */
|
||||
};
|
|
@ -0,0 +1,71 @@
|
|||
From 9b9b6d8c7b10c069d36f85bd17f144011282cb58 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Tue, 22 Jan 2019 14:29:50 +0100
|
||||
Subject: [PATCH] process-util: don't use overly large buffer to store process
|
||||
command line
|
||||
|
||||
Allocate new string as a return value and free our "scratch pad"
|
||||
buffer that is potentially much larger than needed (up to
|
||||
_SC_ARG_MAX).
|
||||
|
||||
Fixes #11502
|
||||
|
||||
(cherry-picked from commit eb1ec489eef8a32918bbfc56a268c9d10464584d)
|
||||
|
||||
Related: #1664976
|
||||
---
|
||||
src/basic/process-util.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
|
||||
index a20f1e3ccf..aa3eff779a 100644
|
||||
--- a/src/basic/process-util.c
|
||||
+++ b/src/basic/process-util.c
|
||||
@@ -101,7 +101,8 @@ int get_process_comm(pid_t pid, char **ret) {
|
||||
int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
bool space = false;
|
||||
- char *k, *ans = NULL;
|
||||
+ char *k;
|
||||
+ _cleanup_free_ char *ans = NULL;
|
||||
const char *p;
|
||||
int c;
|
||||
|
||||
@@ -142,7 +143,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
if (!ans)
|
||||
return -ENOMEM;
|
||||
|
||||
- *line = ans;
|
||||
+ *line = TAKE_PTR(ans);
|
||||
return 0;
|
||||
|
||||
} else {
|
||||
@@ -207,7 +208,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
_cleanup_free_ char *t = NULL;
|
||||
int h;
|
||||
|
||||
- free(ans);
|
||||
+ ans = mfree(ans);
|
||||
|
||||
if (!comm_fallback)
|
||||
return -ENOENT;
|
||||
@@ -240,9 +241,18 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
|
||||
if (!ans)
|
||||
return -ENOMEM;
|
||||
}
|
||||
+
|
||||
+ *line = TAKE_PTR(ans);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
- *line = ans;
|
||||
+ k = realloc(ans, strlen(ans) + 1);
|
||||
+ if (!k)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ ans = NULL;
|
||||
+ *line = k;
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001
|
||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||
Date: Fri, 8 Feb 2019 10:54:34 +0100
|
||||
Subject: [PATCH] Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
|
||||
to 2"
|
||||
|
||||
This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1.
|
||||
|
||||
Resolves: #1653824
|
||||
---
|
||||
sysctl.d/50-default.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
|
||||
index b0645f33e7..e263cf0628 100644
|
||||
--- a/sysctl.d/50-default.conf
|
||||
+++ b/sysctl.d/50-default.conf
|
||||
@@ -22,7 +22,7 @@ kernel.sysrq = 16
|
||||
kernel.core_uses_pid = 1
|
||||
|
||||
# Source route verification
|
||||
-net.ipv4.conf.all.rp_filter = 2
|
||||
+net.ipv4.conf.all.rp_filter = 1
|
||||
|
||||
# Do not accept source routing
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
|
@ -0,0 +1,68 @@
|
|||
From d355618518f26bd045df81a52dade79ac3079f3f Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Wed, 8 Aug 2018 15:06:36 +0900
|
||||
Subject: [PATCH] journal: fix syslog_parse_identifier()
|
||||
|
||||
Fixes #9829.
|
||||
|
||||
(cherry-picked from commit a6aadf4ae0bae185dc4c414d492a4a781c80ffe5)
|
||||
|
||||
Resolves: #1664978
|
||||
---
|
||||
src/journal/journald-syslog.c | 6 +++---
|
||||
src/journal/test-journal-syslog.c | 10 ++++++++--
|
||||
2 files changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
|
||||
index 9dea116722..97711ac7a3 100644
|
||||
--- a/src/journal/journald-syslog.c
|
||||
+++ b/src/journal/journald-syslog.c
|
||||
@@ -194,7 +194,7 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
|
||||
e = l;
|
||||
l--;
|
||||
|
||||
- if (p[l-1] == ']') {
|
||||
+ if (l > 0 && p[l-1] == ']') {
|
||||
size_t k = l-1;
|
||||
|
||||
for (;;) {
|
||||
@@ -219,8 +219,8 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
|
||||
if (t)
|
||||
*identifier = t;
|
||||
|
||||
- if (strchr(WHITESPACE, p[e]))
|
||||
- e++;
|
||||
+ e += strspn(p + e, WHITESPACE);
|
||||
+
|
||||
*buf = p + e;
|
||||
return e;
|
||||
}
|
||||
diff --git a/src/journal/test-journal-syslog.c b/src/journal/test-journal-syslog.c
|
||||
index 9ba86f6c8a..05f759817e 100644
|
||||
--- a/src/journal/test-journal-syslog.c
|
||||
+++ b/src/journal/test-journal-syslog.c
|
||||
@@ -5,8 +5,8 @@
|
||||
#include "macro.h"
|
||||
#include "string-util.h"
|
||||
|
||||
-static void test_syslog_parse_identifier(const char* str,
|
||||
- const char *ident, const char*pid, int ret) {
|
||||
+static void test_syslog_parse_identifier(const char *str,
|
||||
+ const char *ident, const char *pid, int ret) {
|
||||
const char *buf = str;
|
||||
_cleanup_free_ char *ident2 = NULL, *pid2 = NULL;
|
||||
int ret2;
|
||||
@@ -21,7 +21,13 @@ static void test_syslog_parse_identifier(const char* str,
|
||||
int main(void) {
|
||||
test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", 11);
|
||||
test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 6);
|
||||
+ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 7);
|
||||
test_syslog_parse_identifier("pidu xxx", NULL, NULL, 0);
|
||||
+ test_syslog_parse_identifier(":", "", NULL, 1);
|
||||
+ test_syslog_parse_identifier(": ", "", NULL, 3);
|
||||
+ test_syslog_parse_identifier("pidu:", "pidu", NULL, 5);
|
||||
+ test_syslog_parse_identifier("pidu: ", "pidu", NULL, 6);
|
||||
+ test_syslog_parse_identifier("pidu : ", NULL, NULL, 0);
|
||||
|
||||
return 0;
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue