diff --git a/SOURCES/0826-logind-optionally-watch-utmp-for-login-data.patch b/SOURCES/0826-logind-optionally-watch-utmp-for-login-data.patch new file mode 100644 index 0000000..dde4151 --- /dev/null +++ b/SOURCES/0826-logind-optionally-watch-utmp-for-login-data.patch @@ -0,0 +1,377 @@ +From d897789b4dc7d115c915842eabf33ed3de20110a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 7 Aug 2018 13:49:34 +0200 +Subject: [PATCH] logind: optionally watch utmp for login data + +This allows us to determine the TTY an ssh session is for, which is +useful to to proper idle detection for ssh sessions. + +Fixes: #9622 +(cherry picked from commit 3d0ef5c7e00155bc74f6f71c34cad518a4ff56ba) + +Related: #2122288 +--- + src/login/logind-core.c | 143 +++++++++++++++++++++++++++++++++++++ + src/login/logind-dbus.c | 5 ++ + src/login/logind-session.c | 24 +++++++ + src/login/logind-session.h | 14 +++- + src/login/logind.c | 10 +++ + src/login/logind.h | 8 +++ + 6 files changed, 203 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index 0ed812a2c8..7e33f8e6aa 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -5,6 +5,9 @@ + #include + #include + #include ++#if ENABLE_UTMP ++#include ++#endif + + #include "alloc-util.h" + #include "bus-error.h" +@@ -14,6 +17,7 @@ + #include "fd-util.h" + #include "logind.h" + #include "parse-util.h" ++#include "path-util.h" + #include "process-util.h" + #include "strv.h" + #include "terminal-util.h" +@@ -692,3 +696,142 @@ bool manager_all_buttons_ignored(Manager *m) { + + return true; + } ++ ++int manager_read_utmp(Manager *m) { ++#if ENABLE_UTMP ++ int r; ++ ++ assert(m); ++ ++ if (utmpxname(_PATH_UTMPX) < 0) ++ return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m"); ++ ++ setutxent(); ++ ++ for (;;) { ++ _cleanup_free_ char *t = NULL; ++ struct utmpx *u; ++ const char *c; ++ Session *s; ++ ++ errno = 0; ++ u = getutxent(); ++ if (!u) { ++ if (errno != 0) ++ log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); ++ r = 0; ++ break; ++ } ++ ++ if (u->ut_type != USER_PROCESS) ++ continue; ++ ++ if (!pid_is_valid(u->ut_pid)) ++ continue; ++ ++ t = strndup(u->ut_line, sizeof(u->ut_line)); ++ if (!t) { ++ r = log_oom(); ++ break; ++ } ++ ++ c = path_startswith(t, "/dev/"); ++ if (c) { ++ r = free_and_strdup(&t, c); ++ if (r < 0) { ++ log_oom(); ++ break; ++ } ++ } ++ ++ if (isempty(t)) ++ continue; ++ ++ s = hashmap_get(m->sessions_by_leader, PID_TO_PTR(u->ut_pid)); ++ if (!s) ++ continue; ++ ++ if (s->tty_validity == TTY_FROM_UTMP && !streq_ptr(s->tty, t)) { ++ /* This may happen on multiplexed SSH connection (i.e. 'SSH connection sharing'). In ++ * this case PAM and utmp sessions don't match. In such a case let's invalidate the TTY ++ * information and never acquire it again. */ ++ ++ s->tty = mfree(s->tty); ++ s->tty_validity = TTY_UTMP_INCONSISTENT; ++ log_debug("Session '%s' has inconsistent TTY information, dropping TTY information.", s->id); ++ continue; ++ } ++ ++ /* Never override what we figured out once */ ++ if (s->tty || s->tty_validity >= 0) ++ continue; ++ ++ s->tty = TAKE_PTR(t); ++ s->tty_validity = TTY_FROM_UTMP; ++ log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id); ++ } ++ ++ endutxent(); ++ return r; ++#else ++ return 0 ++#endif ++} ++ ++#if ENABLE_UTMP ++static int manager_dispatch_utmp(sd_event_source *s, const struct inotify_event *event, void *userdata) { ++ Manager *m = userdata; ++ ++ assert(m); ++ ++ /* If there's indication the file itself might have been removed or became otherwise unavailable, then let's ++ * reestablish the watch on whatever there's now. */ ++ if ((event->mask & (IN_ATTRIB|IN_DELETE_SELF|IN_MOVE_SELF|IN_Q_OVERFLOW|IN_UNMOUNT)) != 0) ++ manager_connect_utmp(m); ++ ++ (void) manager_read_utmp(m); ++ return 0; ++} ++#endif ++ ++void manager_connect_utmp(Manager *m) { ++#if ENABLE_UTMP ++ sd_event_source *s = NULL; ++ int r; ++ ++ assert(m); ++ ++ /* Watch utmp for changes via inotify. We do this to deal with tools such as ssh, which will register the PAM ++ * session early, and acquire a TTY only much later for the connection. Thus during PAM the TTY won't be known ++ * yet. ssh will register itself with utmp when it finally acquired the TTY. Hence, let's make use of this, and ++ * watch utmp for the TTY asynchronously. We use the PAM session's leader PID as key, to find the right entry. ++ * ++ * Yes, relying on utmp is pretty ugly, but it's good enough for informational purposes, as well as idle ++ * detection (which, for tty sessions, relies on the TTY used) */ ++ ++ r = sd_event_add_inotify(m->event, &s, _PATH_UTMPX, IN_MODIFY|IN_MOVE_SELF|IN_DELETE_SELF|IN_ATTRIB, manager_dispatch_utmp, m); ++ if (r < 0) ++ log_full_errno(r == -ENOENT ? LOG_DEBUG: LOG_WARNING, r, "Failed to create inotify watch on " _PATH_UTMPX ", ignoring: %m"); ++ else { ++ r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE); ++ if (r < 0) ++ log_warning_errno(r, "Failed to adjust utmp event source priority, ignoring: %m"); ++ ++ (void) sd_event_source_set_description(s, "utmp"); ++ } ++ ++ sd_event_source_unref(m->utmp_event_source); ++ m->utmp_event_source = s; ++#endif ++} ++ ++void manager_reconnect_utmp(Manager *m) { ++#if ENABLE_UTMP ++ assert(m); ++ ++ if (m->utmp_event_source) ++ return; ++ ++ manager_connect_utmp(m); ++#endif ++} +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 1bb152bc20..0248042308 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -772,6 +772,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus + } while (hashmap_get(m->sessions, id)); + } + ++ /* If we are not watching utmp aleady, try again */ ++ manager_reconnect_utmp(m); ++ + r = manager_add_user_by_uid(m, uid, &user); + if (r < 0) + goto fail; +@@ -795,6 +798,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus + r = -ENOMEM; + goto fail; + } ++ ++ session->tty_validity = TTY_FROM_PAM; + } + + if (!isempty(display)) { +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 1143a834a4..d666f86d3f 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -56,6 +56,7 @@ int session_new(Session **ret, Manager *m, const char *id) { + .fifo_fd = -1, + .vtfd = -1, + .audit_id = AUDIT_SESSION_INVALID, ++ .tty_validity = _TTY_VALIDITY_INVALID, + }; + + s->state_file = strappend("/run/systemd/sessions/", id); +@@ -219,6 +220,9 @@ int session_save(Session *s) { + if (s->tty) + fprintf(f, "TTY=%s\n", s->tty); + ++ if (s->tty_validity >= 0) ++ fprintf(f, "TTY_VALIDITY=%s\n", tty_validity_to_string(s->tty_validity)); ++ + if (s->display) + fprintf(f, "DISPLAY=%s\n", s->display); + +@@ -355,6 +359,7 @@ static int session_load_devices(Session *s, const char *devices) { + int session_load(Session *s) { + _cleanup_free_ char *remote = NULL, + *seat = NULL, ++ *tty_validity = NULL, + *vtnr = NULL, + *state = NULL, + *position = NULL, +@@ -380,6 +385,7 @@ int session_load(Session *s) { + "FIFO", &s->fifo_path, + "SEAT", &seat, + "TTY", &s->tty, ++ "TTY_VALIDITY", &tty_validity, + "DISPLAY", &s->display, + "REMOTE_HOST", &s->remote_host, + "REMOTE_USER", &s->remote_user, +@@ -456,6 +462,16 @@ int session_load(Session *s) { + seat_claim_position(s->seat, s, npos); + } + ++ if (tty_validity) { ++ TTYValidity v; ++ ++ v = tty_validity_from_string(tty_validity); ++ if (v < 0) ++ log_debug("Failed to parse TTY validity: %s", tty_validity); ++ else ++ s->tty_validity = v; ++ } ++ + if (leader) { + if (parse_pid(leader, &s->leader) >= 0) + (void) audit_session_from_pid(s->leader, &s->audit_id); +@@ -1368,3 +1384,11 @@ static const char* const kill_who_table[_KILL_WHO_MAX] = { + }; + + DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho); ++ ++static const char* const tty_validity_table[_TTY_VALIDITY_MAX] = { ++ [TTY_FROM_PAM] = "from-pam", ++ [TTY_FROM_UTMP] = "from-utmp", ++ [TTY_UTMP_INCONSISTENT] = "utmp-inconsistent", ++}; ++ ++DEFINE_STRING_TABLE_LOOKUP(tty_validity, TTYValidity); +diff --git a/src/login/logind-session.h b/src/login/logind-session.h +index 9bd0c96a03..7da845cea3 100644 +--- a/src/login/logind-session.h ++++ b/src/login/logind-session.h +@@ -46,6 +46,14 @@ enum KillWho { + _KILL_WHO_INVALID = -1 + }; + ++typedef enum TTYValidity { ++ TTY_FROM_PAM, ++ TTY_FROM_UTMP, ++ TTY_UTMP_INCONSISTENT, /* may happen on ssh sessions with multiplexed TTYs */ ++ _TTY_VALIDITY_MAX, ++ _TTY_VALIDITY_INVALID = -1, ++} TTYValidity; ++ + struct Session { + Manager *manager; + +@@ -60,8 +68,9 @@ struct Session { + + dual_timestamp timestamp; + +- char *tty; + char *display; ++ char *tty; ++ TTYValidity tty_validity; + + bool remote; + char *remote_user; +@@ -159,6 +168,9 @@ SessionClass session_class_from_string(const char *s) _pure_; + const char *kill_who_to_string(KillWho k) _const_; + KillWho kill_who_from_string(const char *s) _pure_; + ++const char* tty_validity_to_string(TTYValidity t) _const_; ++TTYValidity tty_validity_from_string(const char *s) _pure_; ++ + int session_prepare_vt(Session *s); + void session_restore_vt(Session *s); + void session_leave_vt(Session *s); +diff --git a/src/login/logind.c b/src/login/logind.c +index 6c208c8e89..25de9a6ab2 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -132,6 +132,10 @@ static Manager* manager_unref(Manager *m) { + sd_event_source_unref(m->udev_button_event_source); + sd_event_source_unref(m->lid_switch_ignore_event_source); + ++#if ENABLE_UTMP ++ sd_event_source_unref(m->utmp_event_source); ++#endif ++ + safe_close(m->console_active_fd); + + udev_monitor_unref(m->udev_seat_monitor); +@@ -1095,6 +1099,9 @@ static int manager_startup(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to register SIGHUP handler: %m"); + ++ /* Connect to utmp */ ++ manager_connect_utmp(m); ++ + /* Connect to console */ + r = manager_connect_console(m); + if (r < 0) +@@ -1150,6 +1157,9 @@ static int manager_startup(Manager *m) { + /* Reserve the special reserved VT */ + manager_reserve_vt(m); + ++ /* Read in utmp if it exists */ ++ manager_read_utmp(m); ++ + /* And start everything */ + HASHMAP_FOREACH(seat, m->seats, i) + seat_start(seat); +diff --git a/src/login/logind.h b/src/login/logind.h +index d29b01c75b..bb127bf4a5 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -43,6 +43,10 @@ struct Manager { + sd_event_source *udev_vcsa_event_source; + sd_event_source *udev_button_event_source; + ++#if ENABLE_UTMP ++ sd_event_source *utmp_event_source; ++#endif ++ + int console_active_fd; + + unsigned n_autovts; +@@ -150,6 +154,10 @@ bool manager_is_docked_or_external_displays(Manager *m); + bool manager_is_on_external_power(void); + bool manager_all_buttons_ignored(Manager *m); + ++int manager_read_utmp(Manager *m); ++void manager_connect_utmp(Manager *m); ++void manager_reconnect_utmp(Manager *m); ++ + extern const sd_bus_vtable manager_vtable[]; + + int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error); diff --git a/SOURCES/0827-logind-add-hashtable-for-finding-session-by-leader-P.patch b/SOURCES/0827-logind-add-hashtable-for-finding-session-by-leader-P.patch new file mode 100644 index 0000000..c506df0 --- /dev/null +++ b/SOURCES/0827-logind-add-hashtable-for-finding-session-by-leader-P.patch @@ -0,0 +1,188 @@ +From fbc394252588325b6e7ecd1ab65ad40b51763c58 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 7 Aug 2018 12:08:24 +0200 +Subject: [PATCH] logind: add hashtable for finding session by leader PID + +This is useful later on, when we quickly want to find the session for a +leader PID. + +(cherry picked from commit 238794b15082e6f61d0ce2943d39205289fff7f0) + +Related: #2122288 +--- + src/login/logind-core.c | 15 ++++++++------ + src/login/logind-dbus.c | 3 +-- + src/login/logind-session.c | 41 +++++++++++++++++++++++++++++++++++--- + src/login/logind-session.h | 1 + + src/login/logind.c | 4 +++- + src/login/logind.h | 1 + + 6 files changed, 53 insertions(+), 12 deletions(-) + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index 7e33f8e6aa..a1943b6f9d 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -339,13 +339,16 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **ret) { + if (!pid_is_valid(pid)) + return -EINVAL; + +- r = cg_pid_get_unit(pid, &unit); +- if (r < 0) +- goto not_found; ++ s = hashmap_get(m->sessions_by_leader, PID_TO_PTR(pid)); ++ if (!s) { ++ r = cg_pid_get_unit(pid, &unit); ++ if (r < 0) ++ goto not_found; + +- s = hashmap_get(m->session_units, unit); +- if (!s) +- goto not_found; ++ s = hashmap_get(m->session_units, unit); ++ if (!s) ++ goto not_found; ++ } + + if (ret) + *ret = s; +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 0248042308..01bfef4ff7 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -784,9 +784,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus + goto fail; + + session_set_user(session, user); ++ session_set_leader(session, leader); + +- session->leader = leader; +- session->audit_id = audit_id; + session->type = t; + session->class = c; + session->remote = remote; +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index d666f86d3f..cc838ca383 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -121,6 +121,9 @@ Session* session_free(Session *s) { + free(s->scope); + } + ++ if (pid_is_valid(s->leader)) ++ (void) hashmap_remove_value(s->manager->sessions_by_leader, PID_TO_PTR(s->leader), s); ++ + free(s->scope_job); + + sd_bus_message_unref(s->create_message); +@@ -149,6 +152,30 @@ void session_set_user(Session *s, User *u) { + user_update_last_session_timer(u); + } + ++int session_set_leader(Session *s, pid_t pid) { ++ int r; ++ ++ assert(s); ++ ++ if (!pid_is_valid(pid)) ++ return -EINVAL; ++ ++ if (s->leader == pid) ++ return 0; ++ ++ r = hashmap_put(s->manager->sessions_by_leader, PID_TO_PTR(pid), s); ++ if (r < 0) ++ return r; ++ ++ if (pid_is_valid(s->leader)) ++ (void) hashmap_remove_value(s->manager->sessions_by_leader, PID_TO_PTR(s->leader), s); ++ ++ s->leader = pid; ++ (void) audit_session_from_pid(pid, &s->audit_id); ++ ++ return 1; ++} ++ + static void session_save_devices(Session *s, FILE *f) { + SessionDevice *sd; + Iterator i; +@@ -473,8 +500,16 @@ int session_load(Session *s) { + } + + if (leader) { +- if (parse_pid(leader, &s->leader) >= 0) +- (void) audit_session_from_pid(s->leader, &s->audit_id); ++ pid_t pid; ++ ++ r = parse_pid(leader, &pid); ++ if (r < 0) ++ log_debug_errno(r, "Failed to parse leader PID of session: %s", leader); ++ else { ++ r = session_set_leader(s, pid); ++ if (r < 0) ++ log_warning_errno(r, "Failed to set session leader PID, ignoring: %m"); ++ } + } + + if (type) { +@@ -910,7 +945,7 @@ int session_get_idle_hint(Session *s, dual_timestamp *t) { + + /* For sessions with a leader but no explicitly configured + * tty, let's check the controlling tty of the leader */ +- if (s->leader > 0) { ++ if (pid_is_valid(s->leader)) { + r = get_process_ctty_atime(s->leader, &atime); + if (r >= 0) + goto found_atime; +diff --git a/src/login/logind-session.h b/src/login/logind-session.h +index 7da845cea3..8c7d0301f2 100644 +--- a/src/login/logind-session.h ++++ b/src/login/logind-session.h +@@ -124,6 +124,7 @@ Session* session_free(Session *s); + DEFINE_TRIVIAL_CLEANUP_FUNC(Session *, session_free); + + void session_set_user(Session *s, User *u); ++int session_set_leader(Session *s, pid_t pid); + bool session_may_gc(Session *s, bool drop_not_started); + void session_add_to_gc_queue(Session *s); + int session_activate(Session *s); +diff --git a/src/login/logind.c b/src/login/logind.c +index 25de9a6ab2..6b576dad0d 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -46,6 +46,7 @@ static int manager_new(Manager **ret) { + m->devices = hashmap_new(&string_hash_ops); + m->seats = hashmap_new(&string_hash_ops); + m->sessions = hashmap_new(&string_hash_ops); ++ m->sessions_by_leader = hashmap_new(NULL); + m->users = hashmap_new(NULL); + m->inhibitors = hashmap_new(&string_hash_ops); + m->buttons = hashmap_new(&string_hash_ops); +@@ -53,7 +54,7 @@ static int manager_new(Manager **ret) { + m->user_units = hashmap_new(&string_hash_ops); + m->session_units = hashmap_new(&string_hash_ops); + +- if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units) ++ if (!m->devices || !m->seats || !m->sessions || !m->sessions_by_leader || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units) + return -ENOMEM; + + m->udev = udev_new(); +@@ -112,6 +113,7 @@ static Manager* manager_unref(Manager *m) { + hashmap_free(m->devices); + hashmap_free(m->seats); + hashmap_free(m->sessions); ++ hashmap_free(m->sessions_by_leader); + hashmap_free(m->users); + hashmap_free(m->inhibitors); + hashmap_free(m->buttons); +diff --git a/src/login/logind.h b/src/login/logind.h +index bb127bf4a5..7f94dea2f6 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -26,6 +26,7 @@ struct Manager { + Hashmap *devices; + Hashmap *seats; + Hashmap *sessions; ++ Hashmap *sessions_by_leader; + Hashmap *users; + Hashmap *inhibitors; + Hashmap *buttons; diff --git a/SOURCES/0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch b/SOURCES/0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch new file mode 100644 index 0000000..252084b --- /dev/null +++ b/SOURCES/0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch @@ -0,0 +1,93 @@ +From 69ec7c9170e29fdf745fa282448d051edd1f88b2 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 9 Aug 2022 11:41:04 +0200 +Subject: [PATCH] core/load-fragment: move config_parse_sec_fix_0 to src/shared + +(cherry picked from commit 4ee8176fe33bbcd0971c4583a0e7d1cc2a64ac06) + +Related: #2122288 +--- + src/core/load-fragment.c | 33 --------------------------------- + src/core/load-fragment.h | 1 - + src/shared/conf-parser.c | 2 ++ + src/shared/conf-parser.h | 1 + + 4 files changed, 3 insertions(+), 34 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index c0b1fd4f91..53de7ff5e9 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -1865,39 +1865,6 @@ int config_parse_service_timeout( + return 0; + } + +-int config_parse_sec_fix_0( +- const char *unit, +- const char *filename, +- unsigned line, +- const char *section, +- unsigned section_line, +- const char *lvalue, +- int ltype, +- const char *rvalue, +- void *data, +- void *userdata) { +- +- usec_t *usec = data; +- int r; +- +- assert(filename); +- assert(lvalue); +- assert(rvalue); +- assert(usec); +- +- /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for +- * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a +- * timeout. */ +- +- r = parse_sec_fix_0(rvalue, usec); +- if (r < 0) { +- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue); +- return 0; +- } +- +- return 0; +-} +- + int config_parse_user_group_compat( + const char *unit, + const char *filename, +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index f9d34d484d..b964737f9e 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -95,7 +95,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_bus_name); + CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode); + CONFIG_PARSER_PROTOTYPE(config_parse_working_directory); + CONFIG_PARSER_PROTOTYPE(config_parse_fdname); +-CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0); + CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat); + CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat); + CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces); +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index 1f40f00c72..414dde2e3d 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -1286,3 +1286,5 @@ int config_parse_permille(const char* unit, + + return 0; + } ++ ++DEFINE_CONFIG_PARSE_PTR(config_parse_sec_fix_0, parse_sec_fix_0, usec_t, "Failed to parse time value"); +diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h +index 375b2e5a74..56fd302db8 100644 +--- a/src/shared/conf-parser.h ++++ b/src/shared/conf-parser.h +@@ -142,6 +142,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ip_port); + CONFIG_PARSER_PROTOTYPE(config_parse_join_controllers); + CONFIG_PARSER_PROTOTYPE(config_parse_mtu); + CONFIG_PARSER_PROTOTYPE(config_parse_rlimit); ++CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0); + + typedef enum Disabled { + DISABLED_CONFIGURATION, diff --git a/SOURCES/0829-sd-event-add-relative-timer-calls.patch b/SOURCES/0829-sd-event-add-relative-timer-calls.patch new file mode 100644 index 0000000..ba40d6e --- /dev/null +++ b/SOURCES/0829-sd-event-add-relative-timer-calls.patch @@ -0,0 +1,123 @@ +From 30f5836253f820086caa24fc9283344615b8fc00 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jul 2020 11:17:00 +0200 +Subject: [PATCH] sd-event: add relative timer calls + +We frequently want to set a timer relative to the current time. Let's +add an explicit API for this. This not only saves us a few lines of code +everywhere and simplifies things, but also allows us to do correct +overflow checking. + +(cherry picked from commit d6a83dc48ad1981665ff427858ae8e59d4cfd6cb) + +Related: #2122288 +--- + src/libsystemd/libsystemd.sym | 8 +++++- + src/libsystemd/sd-event/sd-event.c | 42 ++++++++++++++++++++++++++++++ + src/systemd/sd-event.h | 2 ++ + 3 files changed, 51 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym +index 3b55fc6473..449918093c 100644 +--- a/src/libsystemd/libsystemd.sym ++++ b/src/libsystemd/libsystemd.sym +@@ -578,12 +578,18 @@ LIBSYSTEMD_240 { + sd_bus_get_method_call_timeout; + } LIBSYSTEMD_239; + ++LIBSYSTEMD_247 { ++global: ++ sd_event_add_time_relative; ++ sd_event_source_set_time_relative; ++} LIBSYSTEMD_240; ++ + LIBSYSTEMD_248 { + global: + sd_event_source_set_ratelimit; + sd_event_source_get_ratelimit; + sd_event_source_is_ratelimited; +-} LIBSYSTEMD_240; ++} LIBSYSTEMD_247; + + LIBSYSTEMD_250 { + global: +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 09d4584bf9..2c9d331bf2 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -1415,6 +1415,31 @@ fail: + return r; + } + ++_public_ int sd_event_add_time_relative( ++ sd_event *e, ++ sd_event_source **ret, ++ clockid_t clock, ++ uint64_t usec, ++ uint64_t accuracy, ++ sd_event_time_handler_t callback, ++ void *userdata) { ++ ++ usec_t t; ++ int r; ++ ++ /* Same as sd_event_add_time() but operates relative to the event loop's current point in time, and ++ * checks for overflow. */ ++ ++ r = sd_event_now(e, clock, &t); ++ if (r < 0) ++ return r; ++ ++ if (usec >= USEC_INFINITY - t) ++ return -EOVERFLOW; ++ ++ return sd_event_add_time(e, ret, clock, t + usec, accuracy, callback, userdata); ++} ++ + static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { + assert(s); + +@@ -2578,6 +2603,23 @@ _public_ int sd_event_source_set_time(sd_event_source *s, uint64_t usec) { + return 0; + } + ++_public_ int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec) { ++ usec_t t; ++ int r; ++ ++ assert_return(s, -EINVAL); ++ assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM); ++ ++ r = sd_event_now(s->event, event_source_type_to_clock(s->type), &t); ++ if (r < 0) ++ return r; ++ ++ if (usec >= USEC_INFINITY - t) ++ return -EOVERFLOW; ++ ++ return sd_event_source_set_time(s, t + usec); ++} ++ + _public_ int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec) { + assert_return(s, -EINVAL); + assert_return(usec, -EINVAL); +diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h +index c2e9c9614d..960bea1ac4 100644 +--- a/src/systemd/sd-event.h ++++ b/src/systemd/sd-event.h +@@ -87,6 +87,7 @@ sd_event* sd_event_unref(sd_event *e); + + int sd_event_add_io(sd_event *e, sd_event_source **s, int fd, uint32_t events, sd_event_io_handler_t callback, void *userdata); + int sd_event_add_time(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata); ++int sd_event_add_time_relative(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata); + int sd_event_add_signal(sd_event *e, sd_event_source **s, int sig, sd_event_signal_handler_t callback, void *userdata); + int sd_event_add_child(sd_event *e, sd_event_source **s, pid_t pid, int options, sd_event_child_handler_t callback, void *userdata); + int sd_event_add_inotify(sd_event *e, sd_event_source **s, const char *path, uint32_t mask, sd_event_inotify_handler_t callback, void *userdata); +@@ -136,6 +137,7 @@ int sd_event_source_set_io_events(sd_event_source *s, uint32_t events); + int sd_event_source_get_io_revents(sd_event_source *s, uint32_t* revents); + int sd_event_source_get_time(sd_event_source *s, uint64_t *usec); + int sd_event_source_set_time(sd_event_source *s, uint64_t usec); ++int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec); + int sd_event_source_get_time_accuracy(sd_event_source *s, uint64_t *usec); + int sd_event_source_set_time_accuracy(sd_event_source *s, uint64_t usec); + int sd_event_source_get_time_clock(sd_event_source *s, clockid_t *clock); diff --git a/SOURCES/0830-logind-add-option-to-stop-idle-sessions-after-specif.patch b/SOURCES/0830-logind-add-option-to-stop-idle-sessions-after-specif.patch new file mode 100644 index 0000000..891a3da --- /dev/null +++ b/SOURCES/0830-logind-add-option-to-stop-idle-sessions-after-specif.patch @@ -0,0 +1,233 @@ +From 24439b08e3a3437b423553c385cde1d4cddf18f6 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 8 Aug 2022 09:13:50 +0200 +Subject: [PATCH] logind: add option to stop idle sessions after specified + timeout + +Thanks to Jan Pazdziora for providing a patch +which implemeted a PoC of this feature. + +(cherry picked from commit 82325af3ae41bc7efb3d5cd8f56a4652fef498c2) + +Resolves: #2122288 +--- + man/logind.conf.xml | 11 ++++++ + src/login/logind-core.c | 2 + + src/login/logind-dbus.c | 1 + + src/login/logind-gperf.gperf | 1 + + src/login/logind-session.c | 72 +++++++++++++++++++++++++++++++++--- + src/login/logind-session.h | 2 + + src/login/logind.conf.in | 1 + + src/login/logind.h | 2 + + 8 files changed, 86 insertions(+), 6 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 0cf8a7d1f2..00b5b1f2e8 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -333,6 +333,17 @@ + are excluded from the effect of this setting. Defaults to no. + + ++ ++ StopIdleSessionSec= ++ ++ Specifies a timeout in seconds, or a time span value after which ++ systemd-logind checks the idle state of all sessions. Every session that is idle for ++ longer then the timeout will be stopped. Defaults to infinity ++ (systemd-logind is not checking the idle state of sessions). For details about the syntax ++ of time spans, see ++ systemd.time7. ++ ++ + + + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index a1943b6f9d..abe6eecffb 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -58,6 +58,8 @@ void manager_reset_config(Manager *m) { + + m->kill_only_users = strv_free(m->kill_only_users); + m->kill_exclude_users = strv_free(m->kill_exclude_users); ++ ++ m->stop_idle_session_usec = USEC_INFINITY; + } + + int manager_parse_config_file(Manager *m) { +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 01bfef4ff7..81aacb4eed 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -2720,6 +2720,7 @@ const sd_bus_vtable manager_vtable[] = { + SD_BUS_PROPERTY("SessionsMax", "t", NULL, offsetof(Manager, sessions_max), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("NCurrentSessions", "t", property_get_hashmap_size, offsetof(Manager, sessions), 0), + SD_BUS_PROPERTY("UserTasksMax", "t", property_get_compat_user_tasks_max, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), ++ SD_BUS_PROPERTY("StopIdleSessionUSec", "t", NULL, offsetof(Manager, stop_idle_session_usec), SD_BUS_VTABLE_PROPERTY_CONST), + + SD_BUS_METHOD_WITH_NAMES("GetSession", + "s", +diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf +index 8829ce7d85..214ac5c4a3 100644 +--- a/src/login/logind-gperf.gperf ++++ b/src/login/logind-gperf.gperf +@@ -42,3 +42,4 @@ Login.RemoveIPC, config_parse_bool, 0, offse + Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) + Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) + Login.UserTasksMax, config_parse_compat_user_tasks_max, 0, offsetof(Manager, user_tasks_max) ++Login.StopIdleSessionSec, config_parse_sec_fix_0, 0, offsetof(Manager, stop_idle_session_usec) +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index cc838ca383..56f40fbec4 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -29,6 +29,7 @@ + #include "string-table.h" + #include "strv.h" + #include "terminal-util.h" ++#include "time-util.h" + #include "user-util.h" + #include "util.h" + +@@ -139,6 +140,8 @@ Session* session_free(Session *s) { + + free(s->state_file); + ++ sd_event_source_unref(s->stop_on_idle_event_source); ++ + return mfree(s); + } + +@@ -658,6 +661,55 @@ static int session_start_scope(Session *s, sd_bus_message *properties, sd_bus_er + return 0; + } + ++static int session_dispatch_stop_on_idle(sd_event_source *source, uint64_t t, void *userdata) { ++ Session *s = userdata; ++ dual_timestamp ts; ++ int r, idle; ++ ++ assert(s); ++ ++ if (s->stopping) ++ return 0; ++ ++ idle = session_get_idle_hint(s, &ts); ++ if (idle) { ++ log_debug("Session \"%s\" of user \"%s\" is idle, stopping.", s->id, s->user->name); ++ ++ return session_stop(s, /* force */ true); ++ } ++ ++ r = sd_event_source_set_time(source, usec_add(ts.monotonic, s->manager->stop_idle_session_usec)); ++ if (r < 0) ++ return log_error_errno(r, "Failed to configure stop on idle session event source: %m"); ++ ++ r = sd_event_source_set_enabled(source, SD_EVENT_ONESHOT); ++ if (r < 0) ++ return log_error_errno(r, "Failed to enable stop on idle session event source: %m"); ++ ++ return 1; ++} ++ ++static int session_setup_stop_on_idle_timer(Session *s) { ++ int r; ++ ++ assert(s); ++ ++ if (s->manager->stop_idle_session_usec == USEC_INFINITY) ++ return 0; ++ ++ r = sd_event_add_time_relative( ++ s->manager->event, ++ &s->stop_on_idle_event_source, ++ CLOCK_MONOTONIC, ++ s->manager->stop_idle_session_usec, ++ 0, ++ session_dispatch_stop_on_idle, s); ++ if (r < 0) ++ return log_error_errno(r, "Failed to add stop on idle session event source: %m"); ++ ++ return 0; ++} ++ + int session_start(Session *s, sd_bus_message *properties, sd_bus_error *error) { + int r; + +@@ -680,6 +732,10 @@ int session_start(Session *s, sd_bus_message *properties, sd_bus_error *error) { + if (r < 0) + return r; + ++ r = session_setup_stop_on_idle_timer(s); ++ if (r < 0) ++ return r; ++ + log_struct(s->class == SESSION_BACKGROUND ? LOG_DEBUG : LOG_INFO, + "MESSAGE_ID=" SD_MESSAGE_SESSION_START_STR, + "SESSION_ID=%s", s->id, +@@ -917,7 +973,7 @@ static int get_process_ctty_atime(pid_t pid, usec_t *atime) { + } + + int session_get_idle_hint(Session *s, dual_timestamp *t) { +- usec_t atime = 0, n; ++ usec_t atime = 0, dtime = 0; + int r; + + assert(s); +@@ -961,12 +1017,16 @@ found_atime: + if (t) + dual_timestamp_from_realtime(t, atime); + +- n = now(CLOCK_REALTIME); +- +- if (s->manager->idle_action_usec <= 0) +- return 0; ++ if (s->manager->idle_action_usec > 0 && s->manager->stop_idle_session_usec != USEC_INFINITY) ++ dtime = MIN(s->manager->idle_action_usec, s->manager->stop_idle_session_usec); ++ else if (s->manager->idle_action_usec > 0) ++ dtime = s->manager->idle_action_usec; ++ else if (s->manager->stop_idle_session_usec != USEC_INFINITY) ++ dtime = s->manager->stop_idle_session_usec; ++ else ++ return false; + +- return atime + s->manager->idle_action_usec <= n; ++ return usec_add(atime, dtime) <= now(CLOCK_REALTIME); + } + + void session_set_idle_hint(Session *s, bool b) { +diff --git a/src/login/logind-session.h b/src/login/logind-session.h +index 8c7d0301f2..6678441bb9 100644 +--- a/src/login/logind-session.h ++++ b/src/login/logind-session.h +@@ -112,6 +112,8 @@ struct Session { + Hashmap *devices; + sd_bus_track *track; + ++ sd_event_source *stop_on_idle_event_source; ++ + LIST_FIELDS(Session, sessions_by_user); + LIST_FIELDS(Session, sessions_by_seat); + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index c7346f9819..a62c2b0b57 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -35,3 +35,4 @@ + #RemoveIPC=no + #InhibitorsMax=8192 + #SessionsMax=8192 ++#StopIdleSessionSec=infinity +diff --git a/src/login/logind.h b/src/login/logind.h +index 7f94dea2f6..606adf4fe6 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -102,6 +102,8 @@ struct Manager { + usec_t idle_action_not_before_usec; + HandleAction idle_action; + ++ usec_t stop_idle_session_usec; ++ + HandleAction handle_power_key; + HandleAction handle_suspend_key; + HandleAction handle_hibernate_key; diff --git a/SOURCES/0831-logind-schedule-idle-check-full-interval-from-now-if.patch b/SOURCES/0831-logind-schedule-idle-check-full-interval-from-now-if.patch new file mode 100644 index 0000000..8a10fc4 --- /dev/null +++ b/SOURCES/0831-logind-schedule-idle-check-full-interval-from-now-if.patch @@ -0,0 +1,29 @@ +From e48edc1b923267a5fcc808c3eb7151bf460a68ba Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 9 Sep 2022 13:38:58 +0200 +Subject: [PATCH] logind: schedule idle check full interval from now if we + couldn't figure out atime timestamp + +(cherry picked from commit 6edf707fd59347024fa6be0342b108527825db1f) + +Related: #2122288 +--- + src/login/logind-session.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 56f40fbec4..18a07efcdb 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -678,7 +678,10 @@ static int session_dispatch_stop_on_idle(sd_event_source *source, uint64_t t, vo + return session_stop(s, /* force */ true); + } + +- r = sd_event_source_set_time(source, usec_add(ts.monotonic, s->manager->stop_idle_session_usec)); ++ r = sd_event_source_set_time( ++ source, ++ usec_add(dual_timestamp_is_set(&ts) ? ts.monotonic : now(CLOCK_MONOTONIC), ++ s->manager->stop_idle_session_usec)); + if (r < 0) + return log_error_errno(r, "Failed to configure stop on idle session event source: %m"); + diff --git a/SOURCES/0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch b/SOURCES/0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch new file mode 100644 index 0000000..d848bfa --- /dev/null +++ b/SOURCES/0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch @@ -0,0 +1,59 @@ +From 5f69ba3919d32ed93c68bb6b8b70a516f2bb56a8 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 16 Aug 2022 14:34:49 +0200 +Subject: [PATCH] ci(lint): add shell linter - Differential ShellCheck + +It performs differential ShellCheck scans and report results directly in +pull request. + +documentation: +https://github.com/redhat-plumbers-in-action/differential-shellcheck + +(inspired by commit + https://github.com/systemd/systemd/commit/3f3c718e79abdac698ae90de5cd4c0560a0a75d4) + +RHEL-only + +Related: #2122499 +--- + .github/workflows/differential-shellcheck.yml | 31 +++++++++++++++++++ + 1 file changed, 31 insertions(+) + create mode 100644 .github/workflows/differential-shellcheck.yml + +diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml +new file mode 100644 +index 0000000000..fa94679b51 +--- /dev/null ++++ b/.github/workflows/differential-shellcheck.yml +@@ -0,0 +1,31 @@ ++--- ++# https://github.com/redhat-plumbers-in-action/differential-shellcheck#readme ++ ++name: Differential ShellCheck ++on: ++ pull_request: ++ branches: ++ - master ++ - rhel-8.*.0 ++ ++permissions: ++ contents: read ++ ++jobs: ++ lint: ++ runs-on: ubuntu-latest ++ ++ permissions: ++ security-events: write ++ pull-requests: write ++ ++ steps: ++ - name: Repository checkout ++ uses: actions/checkout@v3 ++ with: ++ fetch-depth: 0 ++ ++ - name: Differential ShellCheck ++ uses: redhat-plumbers-in-action/differential-shellcheck@v3 ++ with: ++ token: ${{ secrets.GITHUB_TOKEN }} diff --git a/SOURCES/0833-meson-do-not-compare-objects-of-different-types.patch b/SOURCES/0833-meson-do-not-compare-objects-of-different-types.patch new file mode 100644 index 0000000..234e387 --- /dev/null +++ b/SOURCES/0833-meson-do-not-compare-objects-of-different-types.patch @@ -0,0 +1,34 @@ +From deb09b3bd826571149f6b018f3a3ff8a33cd104b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 28 Jun 2018 16:09:04 +0900 +Subject: [PATCH] meson: do not compare objects of different types + +This fixes the following warning: +``` +meson.build:1140: WARNING: Trying to compare values of different types (DependencyHolder, list) using !=. +The result of this is undefined and will become a hard error in a future Meson release. +``` + +Follow-up for f02582f69fe1e7663a87ba80bd4f90d5d23ee75f(#9410). + +(cherry picked from commit 48f5da19b6e8f0d05f5217bc9856093d354ce5d0) + +Related: #2122499 +--- + meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 6729a9ea5e..af4cf331da 100644 +--- a/meson.build ++++ b/meson.build +@@ -1165,7 +1165,8 @@ substs.set('DEFAULT_DNSSEC_MODE', default_dnssec) + + dns_over_tls = get_option('dns-over-tls') + if dns_over_tls != 'false' +- have = libgnutls != [] and libgnutls.version().version_compare('>=3.5.3') ++ have = (conf.get('HAVE_GNUTLS') == 1 and ++ libgnutls.version().version_compare('>=3.5.3')) + if dns_over_tls == 'true' and not have + error('DNS-over-TLS support was requested, but dependencies are not available') + endif diff --git a/SOURCES/0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch b/SOURCES/0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch new file mode 100644 index 0000000..689ad06 --- /dev/null +++ b/SOURCES/0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch @@ -0,0 +1,48 @@ +From ea9b3a664f5e67d0ee6b0bf6ca362835ae11fedc Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Dec 2021 20:48:32 +0900 +Subject: [PATCH] journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as + MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 + +(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67) + +Related: #2122499 +--- + src/journal-remote/journal-remote-main.c | 2 +- + src/journal-remote/microhttpd-util.h | 10 +++++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 47fe9d7433..bcaa370099 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -304,7 +304,7 @@ static int request_handler( + /* When serialized, an entry of maximum size might be slightly larger, + * so this does not correspond exactly to the limit in journald. Oh well. + */ +- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, ++ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE, + "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); + } + +diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h +index 26909082a1..dd0ca1d9bd 100644 +--- a/src/journal-remote/microhttpd-util.h ++++ b/src/journal-remote/microhttpd-util.h +@@ -38,9 +38,13 @@ + # define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE + #endif + +-/* Renamed in µhttpd 0.9.53 */ +-#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE +-# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE ++/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */ ++#ifndef MHD_HTTP_CONTENT_TOO_LARGE ++# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE ++# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */ ++# else ++# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE ++# endif + #endif + + #if MHD_VERSION < 0x00094203 diff --git a/SOURCES/0835-Fix-build-with-httpd-0.9.71.patch b/SOURCES/0835-Fix-build-with-httpd-0.9.71.patch new file mode 100644 index 0000000..0f8ec58 --- /dev/null +++ b/SOURCES/0835-Fix-build-with-httpd-0.9.71.patch @@ -0,0 +1,71 @@ +From ca86de228e19cea268ec3eeabc9097d7c28fbf24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 30 Jun 2020 09:56:10 +0200 +Subject: [PATCH] =?UTF-8?q?Fix=20build=20with=20=C2=B5httpd=200.9.71?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The return type of callbacks was changed from int to an enum. + +(cherry picked from commit d17eabb1052e7c8c432331a7a782845e36164f01) + +Related: #2122499 +--- + src/journal-remote/journal-gatewayd.c | 4 ++-- + src/journal-remote/journal-remote-main.c | 2 +- + src/journal-remote/microhttpd-util.h | 6 ++++++ + 3 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c +index 54446ff7b5..3ff05a4d72 100644 +--- a/src/journal-remote/journal-gatewayd.c ++++ b/src/journal-remote/journal-gatewayd.c +@@ -338,7 +338,7 @@ static int request_parse_range( + return 0; + } + +-static int request_parse_arguments_iterator( ++static mhd_result request_parse_arguments_iterator( + void *cls, + enum MHD_ValueKind kind, + const char *key, +@@ -795,7 +795,7 @@ static int request_handler_machine( + return MHD_queue_response(connection, MHD_HTTP_OK, response); + } + +-static int request_handler( ++static mhd_result request_handler( + void *cls, + struct MHD_Connection *connection, + const char *url, +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index bcaa370099..a1008db6eb 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -241,7 +241,7 @@ static int process_http_upload( + return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK."); + }; + +-static int request_handler( ++static mhd_result request_handler( + void *cls, + struct MHD_Connection *connection, + const char *url, +diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h +index dd0ca1d9bd..792c07ac20 100644 +--- a/src/journal-remote/microhttpd-util.h ++++ b/src/journal-remote/microhttpd-util.h +@@ -51,6 +51,12 @@ + # define MHD_create_response_from_fd_at_offset64 MHD_create_response_from_fd_at_offset + #endif + ++#if MHD_VERSION >= 0x00097002 ++# define mhd_result enum MHD_Result ++#else ++# define mhd_result int ++#endif ++ + void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0); + + /* respond_oom() must be usable with return, hence this form. */ diff --git a/SOURCES/0836-ci-replace-LGTM-with-CodeQL.patch b/SOURCES/0836-ci-replace-LGTM-with-CodeQL.patch new file mode 100644 index 0000000..b24cc6c --- /dev/null +++ b/SOURCES/0836-ci-replace-LGTM-with-CodeQL.patch @@ -0,0 +1,303 @@ +From 2b1dbcab1af1a22f3a46fa23aa551a7394673938 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 15 Sep 2022 15:29:23 +0200 +Subject: [PATCH] ci: replace LGTM with CodeQL + +As LGTM is going to be shut down by EOY, let's use CodeQL instead. + +This is loosely based on upstream's CodeQL configs with some minor +tweaks to avoid backporting tons of unrelated commits. + +rhel-only +Related: #2122499 +--- + .github/codeql-config.yml | 12 ++++ + .github/codeql-custom.qls | 44 ++++++++++++ + .../PotentiallyDangerousFunction.ql | 3 + + .../UninitializedVariableWithCleanup.ql | 16 ++--- + .github/codeql-queries/qlpack.yml | 11 +++ + .github/workflows/codeql.yml | 68 +++++++++++++++++++ + .lgtm.yml | 37 ---------- + 7 files changed, 146 insertions(+), 45 deletions(-) + create mode 100644 .github/codeql-config.yml + create mode 100644 .github/codeql-custom.qls + rename {.lgtm/cpp-queries => .github/codeql-queries}/PotentiallyDangerousFunction.ql (93%) + rename {.lgtm/cpp-queries => .github/codeql-queries}/UninitializedVariableWithCleanup.ql (86%) + create mode 100644 .github/codeql-queries/qlpack.yml + create mode 100644 .github/workflows/codeql.yml + delete mode 100644 .lgtm.yml + +diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml +new file mode 100644 +index 0000000000..7c01d32caa +--- /dev/null ++++ b/.github/codeql-config.yml +@@ -0,0 +1,12 @@ ++--- ++# vi: ts=2 sw=2 et: ++# SPDX-License-Identifier: LGPL-2.1-or-later ++name: "CodeQL config" ++ ++disable-default-queries: false ++ ++queries: ++ - name: Enable possibly useful queries which are disabled by default ++ uses: ./.github/codeql-custom.qls ++ - name: systemd-specific CodeQL queries ++ uses: ./.github/codeql-queries/ +diff --git a/.github/codeql-custom.qls b/.github/codeql-custom.qls +new file mode 100644 +index 0000000000..d35fbe3114 +--- /dev/null ++++ b/.github/codeql-custom.qls +@@ -0,0 +1,44 @@ ++--- ++# vi: ts=2 sw=2 et syntax=yaml: ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# Note: it is not recommended to directly reference the respective queries from ++# the github/codeql repository, so we have to "dance" around it using ++# a custom QL suite ++# See: ++# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries ++# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120 ++# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/ ++ ++# Note: the codeql/-queries pack name can be found in the CodeQL repo[0] ++# in /ql/src/qlpack.yml. The respective codeql-suites are then ++# under /ql/src/codeql-suites/. ++# ++# [0] https://github.com/github/codeql ++- import: codeql-suites/cpp-lgtm.qls ++ from: codeql/cpp-queries ++- import: codeql-suites/python-lgtm.qls ++ from: codeql/python-queries ++- include: ++ id: ++ - cpp/bad-strncpy-size ++ - cpp/declaration-hides-variable ++ - cpp/include-non-header ++ - cpp/inconsistent-null-check ++ - cpp/mistyped-function-arguments ++ - cpp/nested-loops-with-same-variable ++ - cpp/sizeof-side-effect ++ - cpp/suspicious-pointer-scaling ++ - cpp/suspicious-pointer-scaling-void ++ - cpp/suspicious-sizeof ++ - cpp/unsafe-strcat ++ - cpp/unsafe-strncat ++ - cpp/unsigned-difference-expression-compared-zero ++ - cpp/unused-local-variable ++ tags: ++ - "security" ++ - "correctness" ++ severity: "error" ++- exclude: ++ id: ++ - cpp/fixme-comment +diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.github/codeql-queries/PotentiallyDangerousFunction.ql +similarity index 93% +rename from .lgtm/cpp-queries/PotentiallyDangerousFunction.ql +rename to .github/codeql-queries/PotentiallyDangerousFunction.ql +index 39e8dddd13..63fd14e75f 100644 +--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql ++++ b/.github/codeql-queries/PotentiallyDangerousFunction.ql +@@ -46,6 +46,9 @@ predicate potentiallyDangerousFunction(Function f, string message) { + ) or ( + f.getQualifiedName() = "accept" and + message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead." ++ ) or ( ++ f.getQualifiedName() = "dirname" and ++ message = "Call dirname() is icky. Use path_extract_directory() instead." + ) + } + +diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.github/codeql-queries/UninitializedVariableWithCleanup.ql +similarity index 86% +rename from .lgtm/cpp-queries/UninitializedVariableWithCleanup.ql +rename to .github/codeql-queries/UninitializedVariableWithCleanup.ql +index 6b3b62f8bc..e514111f28 100644 +--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql ++++ b/.github/codeql-queries/UninitializedVariableWithCleanup.ql +@@ -50,16 +50,16 @@ class UninitialisedLocalReachability extends StackVariableReachability { + * fun(&x); + * puts(x); + * +- * `useOfVarActual()` won't treat this an an uninitialized read even if the callee ++ * `useOfVarActual()` won't treat this as an uninitialized read even if the callee + * doesn't modify the argument, however, `useOfVar()` will + */ + override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) } + + override predicate isBarrier(ControlFlowNode node, StackVariable v) { +- // only report the _first_ possibly uninitialized use ++ /* only report the _first_ possibly uninitialized use */ + useOfVar(v, node) or + ( +- /* If there's an return statement somewhere between the variable declaration ++ /* If there's a return statement somewhere between the variable declaration + * and a possible definition, don't accept is as a valid initialization. + * + * E.g.: +@@ -71,7 +71,7 @@ class UninitialisedLocalReachability extends StackVariableReachability { + * x = malloc(...); + * + * is not a valid initialization, since we might return from the function +- * _before_ the actual iniitialization (emphasis on _might_, since we ++ * _before_ the actual initialization (emphasis on _might_, since we + * don't know if the return statement might ever evaluate to true). + */ + definitionBarrier(v, node) and +@@ -92,14 +92,14 @@ predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosing + * for this check to exclude them. + */ + VariableAccess commonException() { +- // If the uninitialized use we've found is in a macro expansion, it's +- // typically something like va_start(), and we don't want to complain. ++ /* If the uninitialized use we've found is in a macro expansion, it's ++ * typically something like va_start(), and we don't want to complain. */ + result.getParent().isInMacroExpansion() + or + result.getParent() instanceof BuiltInOperation + or +- // Finally, exclude functions that contain assembly blocks. It's +- // anyone's guess what happens in those. ++ /* Finally, exclude functions that contain assembly blocks. It's ++ * anyone's guess what happens in those. */ + containsInlineAssembly(result.getEnclosingFunction()) + } + +diff --git a/.github/codeql-queries/qlpack.yml b/.github/codeql-queries/qlpack.yml +new file mode 100644 +index 0000000000..a1a2dec6d6 +--- /dev/null ++++ b/.github/codeql-queries/qlpack.yml +@@ -0,0 +1,11 @@ ++--- ++# vi: ts=2 sw=2 et syntax=yaml: ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++library: false ++name: systemd/cpp-queries ++version: 0.0.1 ++dependencies: ++ codeql/cpp-all: "*" ++ codeql/suite-helpers: "*" ++extractor: cpp +diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml +new file mode 100644 +index 0000000000..c5426d5686 +--- /dev/null ++++ b/.github/workflows/codeql.yml +@@ -0,0 +1,68 @@ ++--- ++# vi: ts=2 sw=2 et: ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++name: "CodeQL" ++ ++on: ++ pull_request: ++ branches: ++ - master ++ - rhel-* ++ paths: ++ - '**/meson.build' ++ - '.github/**/codeql*' ++ - 'src/**' ++ - 'test/**' ++ - 'tools/**' ++ push: ++ branches: ++ - master ++ - rhel-* ++ ++permissions: ++ contents: read ++ ++jobs: ++ analyze: ++ name: Analyze ++ runs-on: ubuntu-22.04 ++ concurrency: ++ group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} ++ cancel-in-progress: true ++ permissions: ++ actions: read ++ security-events: write ++ ++ strategy: ++ fail-fast: false ++ matrix: ++ language: ['cpp', 'python'] ++ ++ steps: ++ - name: Checkout repository ++ uses: actions/checkout@v3 ++ ++ - name: Initialize CodeQL ++ uses: github/codeql-action/init@v2 ++ with: ++ languages: ${{ matrix.language }} ++ config-file: ./.github/codeql-config.yml ++ ++ - name: Install dependencies ++ if: matrix.language == 'cpp' ++ run: | ++ echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list ++ sudo apt-get -y update ++ sudo apt-get -y build-dep systemd ++ sudo apt-get -y install libfdisk-dev libpwquality-dev libqrencode-dev libssl-dev libxkbcommon-dev libzstd-dev ++ ++ - name: Build ++ if: matrix.language == 'cpp' ++ run: | ++ # EL 8 systemd fails to build with newer gnu-efi (3.0.13 on Ubuntu Jammy ATTOW) ++ meson build -Dlibiptc=false -Dgnu-efi=false ++ ninja -C build -v ++ ++ - name: Perform CodeQL Analysis ++ uses: github/codeql-action/analyze@v2 +diff --git a/.lgtm.yml b/.lgtm.yml +deleted file mode 100644 +index fe93957b67..0000000000 +--- a/.lgtm.yml ++++ /dev/null +@@ -1,37 +0,0 @@ +---- +-# vi: ts=2 sw=2 et: +- +-# Explicitly enable certain checks which are hidden by default +-queries: +- - include: cpp/bad-strncpy-size +- - include: cpp/declaration-hides-variable +- - include: cpp/inconsistent-null-check +- - include: cpp/mistyped-function-arguments +- - include: cpp/nested-loops-with-same-variable +- - include: cpp/sizeof-side-effect +- - include: cpp/suspicious-pointer-scaling +- - include: cpp/suspicious-pointer-scaling-void +- - include: cpp/suspicious-sizeof +- - include: cpp/unsafe-strcat +- - include: cpp/unsafe-strncat +- - include: cpp/unsigned-difference-expression-compared-zero +- - include: cpp/unused-local-variable +- - include: +- tags: +- - "security" +- - "correctness" +- severity: "error" +- +-extraction: +- cpp: +- prepare: +- packages: +- - python3-pip +- - python3-setuptools +- - python3-wheel +- after_prepare: +- - pip3 install meson +- - export PATH="$HOME/.local/bin/:$PATH" +- python: +- python_setup: +- version: 3 diff --git a/SOURCES/0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch b/SOURCES/0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch new file mode 100644 index 0000000..b7603f0 --- /dev/null +++ b/SOURCES/0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch @@ -0,0 +1,71 @@ +From 4c241b812ea79f3faa02c45f95834842c7847b76 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 21 Sep 2022 15:14:26 +0200 +Subject: [PATCH] ci(mergify): Update policy - Drop LGTM checks + +rhel-only + +Related: #2122499 +--- + .github/workflows/differential-shellcheck.yml | 1 + + .mergify.yml | 28 ++++++------------- + 2 files changed, 9 insertions(+), 20 deletions(-) + +diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml +index fa94679b51..4399f0bc64 100644 +--- a/.github/workflows/differential-shellcheck.yml ++++ b/.github/workflows/differential-shellcheck.yml +@@ -13,6 +13,7 @@ permissions: + + jobs: + lint: ++ name: Differential ShellCheck + runs-on: ubuntu-latest + + permissions: +diff --git a/.mergify.yml b/.mergify.yml +index 3afd04f18e..a5eed6a82a 100644 +--- a/.mergify.yml ++++ b/.mergify.yml +@@ -11,16 +11,10 @@ pull_request_rules: + - -check-success=build (stream8, GCC_ASAN) + # CentOS Stream CI + - -check-success=CentOS CI (CentOS Stream 8) +- # LGTM +- - and: +- - "-check-success=LGTM analysis: JavaScript" +- - "-check-neutral=LGTM analysis: JavaScript" +- - and: +- - "-check-success=LGTM analysis: Python" +- - "-check-neutral=LGTM analysis: Python" +- - and: +- - "-check-success=LGTM analysis: C/C++" +- - "-check-neutral=LGTM analysis: C/C++" ++ # CodeQL ++ - -check-success=CodeQL ++ # Other ++ - -check-success=Differential ShellCheck + actions: + label: + add: +@@ -36,16 +30,10 @@ pull_request_rules: + - check-success=build (stream8, GCC_ASAN) + # CentOS Stream CI + - check-success=CentOS CI (CentOS Stream 8) +- # LGTM +- - or: +- - "check-success=LGTM analysis: JavaScript" +- - "check-neutral=LGTM analysis: JavaScript" +- - or: +- - "check-success=LGTM analysis: Python" +- - "check-neutral=LGTM analysis: Python" +- - or: +- - "check-success=LGTM analysis: C/C++" +- - "check-neutral=LGTM analysis: C/C++" ++ # CodeQL ++ - check-success=CodeQL ++ # Other ++ - check-success=Differential ShellCheck + actions: + label: + remove: diff --git a/SOURCES/0838-time-util-fix-buffer-over-run.patch b/SOURCES/0838-time-util-fix-buffer-over-run.patch new file mode 100644 index 0000000..c63ae79 --- /dev/null +++ b/SOURCES/0838-time-util-fix-buffer-over-run.patch @@ -0,0 +1,44 @@ +From a521f942d5c304bca7c61bacb3c79e565853718e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: [PATCH] time-util: fix buffer-over-run + +Fixes #23928. + +(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e) + +Resolves: #2139391 +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index c36e462193..d46d884be5 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -515,7 +515,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index 354a01dd1a..6ebde4153c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -187,6 +187,11 @@ static void test_format_timespan(usec_t accuracy) { + test_format_timespan_one(500 * USEC_PER_MSEC, accuracy); + test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy); + test_format_timespan_one(USEC_INFINITY, accuracy); ++ ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); + } + + static void test_timezone_is_valid(void) { diff --git a/SOURCES/0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch b/SOURCES/0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch new file mode 100644 index 0000000..c7f889f --- /dev/null +++ b/SOURCES/0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch @@ -0,0 +1,32 @@ +From 2fe9fb3e844d7991105c40d4363eed9069a6837d Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 18 Nov 2022 16:16:36 +0100 +Subject: [PATCH] basic: recognize pdfs filesystem as a network filesystem + +Fujitsu advises their users to always use _netdev mount option with pdfs +mounts. Hence it makes sense to simply consider pdfs mounts as network +filesystem mounts. + +https://software.fujitsu.com/jp/manual/manualfiles/m130027/j2ul1563/02enz200/j1563-02-06-02-02.html + +RHEL-only + +Resolves: #2094661 +--- + src/basic/mount-util.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index e7f9e514c2..983566b46b 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -634,7 +634,8 @@ bool fstype_is_network(const char *fstype) { + "glusterfs", + "pvfs2", /* OrangeFS */ + "ocfs2", +- "lustre"); ++ "lustre", ++ "pdfs"); + } + + bool fstype_is_api_vfs(const char *fstype) { diff --git a/SOURCES/0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch b/SOURCES/0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch new file mode 100644 index 0000000..a2696f8 --- /dev/null +++ b/SOURCES/0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch @@ -0,0 +1,49 @@ +From 4bb425eea9f3037a583a23d99f15aa71562f2481 Mon Sep 17 00:00:00 2001 +From: Anita Zhang +Date: Thu, 17 Sep 2020 01:49:17 -0700 +Subject: [PATCH] core: move reset_arguments() to the end of main's finish + +Fixes #16991 + +fb39af4ce42d7ef9af63009f271f404038703704 replaced `free_arguments()` with +`reset_arguments()`, which frees arg_* variables as before, but also resets all +of them to the default values. `reset_arguments()` was positioned +in such a way that it overrode some arg_* values still in use at shutdown. + +To avoid further unintentional resets, I moved `reset_arguments()` +right before the return, when nothing else will be using the arg_* variables. + +(cherry picked from commit 7d9eea2bd3d4f83668c7a78754d201b226acbf1e) + +Resolves: #2127131 +--- + src/core/main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index bfd4c531a7..cfa6fec930 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2631,7 +2631,6 @@ finish: + m = manager_free(m); + } + +- reset_arguments(); + mac_selinux_finish(); + + if (reexecute) +@@ -2656,6 +2655,7 @@ finish: + * in become_shutdown() so normally we cannot free them yet. */ + watchdog_free_device(); + arg_watchdog_device = mfree(arg_watchdog_device); ++ reset_arguments(); + return retval; + } + #endif +@@ -2677,5 +2677,6 @@ finish: + freeze_or_reboot(); + } + ++ reset_arguments(); + return retval; + } diff --git a/SOURCES/0841-manager-move-inc.-of-n_reloading-into-a-function.patch b/SOURCES/0841-manager-move-inc.-of-n_reloading-into-a-function.patch new file mode 100644 index 0000000..799bd04 --- /dev/null +++ b/SOURCES/0841-manager-move-inc.-of-n_reloading-into-a-function.patch @@ -0,0 +1,91 @@ +From 708c394b7ca35fe2328fa0760696ff95caab8ff8 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Tue, 29 Nov 2022 16:15:47 +0100 +Subject: [PATCH] manager: move inc. of n_reloading into a function + +[dtardon: This is inspired by commit d147e2b66b4d6b71db1bc59b62286b2eb9c3d29f , +but it does just the minimal change needed for the next commit.] + +Related: #2136869 +--- + src/core/main.c | 2 +- + src/core/manager.c | 12 ++++++++---- + src/core/manager.h | 1 + + 3 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index cfa6fec930..c3e2ce8956 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1131,7 +1131,7 @@ static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching + return log_error_errno(r, "Failed to create serialization file: %m"); + + /* Make sure nothing is really destructed when we shut down */ +- m->n_reloading++; ++ manager_reloading_start(m); + bus_manager_send_reloading(m, true); + + fds = fdset_new(); +diff --git a/src/core/manager.c b/src/core/manager.c +index f4611e6f8f..f923cbce37 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1578,6 +1578,10 @@ static void manager_preset_all(Manager *m) { + log_info("Populated /etc with preset unit settings."); + } + ++void manager_reloading_start(Manager *m) { ++ m->n_reloading++; ++} ++ + int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + int r; + +@@ -1609,7 +1613,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + * this is already known, so we increase the counter here + * already */ + if (serialization) +- m->n_reloading++; ++ manager_reloading_start(m); + + /* First, enumerate what we can from all config files */ + dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_START); +@@ -3093,7 +3097,7 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) { + assert(f); + assert(fds); + +- m->n_reloading++; ++ manager_reloading_start(m); + + fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id); + fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs); +@@ -3211,7 +3215,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + + log_debug("Deserializing state..."); + +- m->n_reloading++; ++ manager_reloading_start(m); + + for (;;) { + _cleanup_free_ char *line = NULL; +@@ -3455,7 +3459,7 @@ int manager_reload(Manager *m) { + if (r < 0) + return r; + +- m->n_reloading++; ++ manager_reloading_start(m); + bus_manager_send_reloading(m, true); + + fds = fdset_new(); +diff --git a/src/core/manager.h b/src/core/manager.h +index 3f2cfc5e2e..adbbb518cb 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -386,6 +386,7 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **m); + Manager* manager_free(Manager *m); + DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); + ++void manager_reloading_start(Manager *m); + int manager_startup(Manager *m, FILE *serialization, FDSet *fds); + + Job *manager_get_job(Manager *m, uint32_t id); diff --git a/SOURCES/0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch b/SOURCES/0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch new file mode 100644 index 0000000..dd27bfa --- /dev/null +++ b/SOURCES/0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch @@ -0,0 +1,59 @@ +From 22eb8fbdab14e5b1b11a4d84c83bef97317e1d2a Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 2 Sep 2021 16:37:13 +0200 +Subject: [PATCH] core: Add new DBUS properties UnitsReloadStartTimestamp and + UnitsLoadTimestampMontonic + +(cherry picked from commit 49fbe940a429c3d8807bacdfce03af834275257c) + +Related: #2136869 +--- + src/core/dbus-manager.c | 1 + + src/core/manager.c | 2 ++ + src/core/manager.h | 1 + + 3 files changed, 4 insertions(+) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 5b1ed3646e..8a41eda4a6 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2486,6 +2486,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + BUS_PROPERTY_DUAL_TIMESTAMP("GeneratorsFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_GENERATORS_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), + BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadStartTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_START]), SD_BUS_VTABLE_PROPERTY_CONST), + BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), ++ BUS_PROPERTY_DUAL_TIMESTAMP("UnitsLoadTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_UNITS_LOAD]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", property_get_log_level, property_set_log_level, 0, 0), + SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", property_get_log_target, property_set_log_target, 0, 0), + SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0), +diff --git a/src/core/manager.c b/src/core/manager.c +index f923cbce37..8aa398cac8 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1580,6 +1580,7 @@ static void manager_preset_all(Manager *m) { + + void manager_reloading_start(Manager *m) { + m->n_reloading++; ++ dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD); + } + + int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { +@@ -4622,6 +4623,7 @@ static const char *const manager_timestamp_table[_MANAGER_TIMESTAMP_MAX] = { + [MANAGER_TIMESTAMP_GENERATORS_FINISH] = "generators-finish", + [MANAGER_TIMESTAMP_UNITS_LOAD_START] = "units-load-start", + [MANAGER_TIMESTAMP_UNITS_LOAD_FINISH] = "units-load-finish", ++ [MANAGER_TIMESTAMP_UNITS_LOAD] = "units-load", + }; + + DEFINE_STRING_TABLE_LOOKUP(manager_timestamp, ManagerTimestamp); +diff --git a/src/core/manager.h b/src/core/manager.h +index adbbb518cb..98d381bc5b 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -67,6 +67,7 @@ typedef enum ManagerTimestamp { + MANAGER_TIMESTAMP_GENERATORS_FINISH, + MANAGER_TIMESTAMP_UNITS_LOAD_START, + MANAGER_TIMESTAMP_UNITS_LOAD_FINISH, ++ MANAGER_TIMESTAMP_UNITS_LOAD, + _MANAGER_TIMESTAMP_MAX, + _MANAGER_TIMESTAMP_INVALID = -1, + } ManagerTimestamp; diff --git a/SOURCES/0843-core-Indicate-the-time-when-the-manager-started-load.patch b/SOURCES/0843-core-Indicate-the-time-when-the-manager-started-load.patch new file mode 100644 index 0000000..4a05d20 --- /dev/null +++ b/SOURCES/0843-core-Indicate-the-time-when-the-manager-started-load.patch @@ -0,0 +1,29 @@ +From f2de5398b0a1ebb3e6390506368c11329b843524 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 2 Sep 2021 16:50:50 +0200 +Subject: [PATCH] core: Indicate the time when the manager started loading + units the last time + +(cherry picked from commit 15b9243c0d7f6d1531fa65dbc01bd11e8e6c12ca) + +Resolves: #2136869 +--- + src/core/manager.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 8aa398cac8..a9cd51b624 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3554,6 +3554,11 @@ int manager_reload(Manager *m) { + /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ + manager_catchup(m); + ++ /* Create a file which will indicate when the manager started loading units the last time. */ ++ (void) touch_file("/run/systemd/systemd-units-load", false, ++ m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME), ++ UID_INVALID, GID_INVALID, 0444); ++ + /* Sync current state of bus names with our set of listening units */ + q = manager_enqueue_sync_bus_names(m); + if (q < 0 && r >= 0) diff --git a/SOURCES/0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch b/SOURCES/0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch new file mode 100644 index 0000000..db62e35 --- /dev/null +++ b/SOURCES/0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch @@ -0,0 +1,34 @@ +From 3c2d2345814935cea8525e802e764fb2949eb3df Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Mon, 27 Dec 2021 18:22:43 +0000 +Subject: [PATCH] core: do not touch /run/systemd/systemd-units-load from user + session instances + +Follow-up for: https://github.com/systemd/systemd/commit/15b9243c0d7f6d1531fa65dbc01bd11e8e6c12ca +Fixes: https://github.com/systemd/systemd/issues/21911 + +(cherry picked from commit 4b3ad81bfafcd97acb06db463495e348d159d8e6) + +Related: #2136869 +--- + src/core/manager.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index a9cd51b624..e083596e58 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3555,9 +3555,10 @@ int manager_reload(Manager *m) { + manager_catchup(m); + + /* Create a file which will indicate when the manager started loading units the last time. */ +- (void) touch_file("/run/systemd/systemd-units-load", false, +- m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME), +- UID_INVALID, GID_INVALID, 0444); ++ if (MANAGER_IS_SYSTEM(m)) ++ (void) touch_file("/run/systemd/systemd-units-load", false, ++ m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME), ++ UID_INVALID, GID_INVALID, 0444); + + /* Sync current state of bus names with our set of listening units */ + q = manager_enqueue_sync_bus_names(m); diff --git a/SOURCES/0845-sysctl-downgrade-message-when-we-have-no-permission.patch b/SOURCES/0845-sysctl-downgrade-message-when-we-have-no-permission.patch new file mode 100644 index 0000000..9e3d1e8 --- /dev/null +++ b/SOURCES/0845-sysctl-downgrade-message-when-we-have-no-permission.patch @@ -0,0 +1,49 @@ +From ffe4233155085b479c69abe844a34de212b8e5e1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 16 Jan 2020 14:45:28 +0100 +Subject: [PATCH] sysctl: downgrade message when we have no permission + +We need to run sysctl also in containers, because the network +subtree is namespaces and may legitimately be writable. But logging +all "errors" at notice level creates unwanted noise. + +Also downgrade message about missing sysctls to log_info. This might also be +relatively common when configuration is targeted at different kernel +versions. With log_debug it'll still end up in the logs, but isn't really worth +of "notice" most of the time. + +https://bugzilla.redhat.com/show_bug.cgi?id=1609806 +(cherry picked from commit 32458cc9687c1b60ff0f22c0e71da93ce78b1534) + +Resolves: #2158160 +--- + src/sysctl/sysctl.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c +index 4c85d6887f..dc14e1aaf1 100644 +--- a/src/sysctl/sysctl.c ++++ b/src/sysctl/sysctl.c +@@ -82,13 +82,15 @@ static int apply_all(OrderedHashmap *sysctl_options) { + k = sysctl_write(option->key, option->value); + if (k < 0) { + /* If the sysctl is not available in the kernel or we are running with reduced +- * privileges and cannot write it, then log about the issue at LOG_NOTICE level, and +- * proceed without failing. (EROFS is treated as a permission problem here, since +- * that's how container managers usually protected their sysctls.) In all other cases +- * log an error and make the tool fail. */ +- +- if (IN_SET(k, -EPERM, -EACCES, -EROFS, -ENOENT) || option->ignore_failure) +- log_notice_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); ++ * privileges and cannot write it, then log about the issue, and proceed without ++ * failing. (EROFS is treated as a permission problem here, since that's how ++ * container managers usually protected their sysctls.) In all other cases log an ++ * error and make the tool fail. */ ++ ++ if (option->ignore_failure || k == -EROFS || ERRNO_IS_PRIVILEGE(k)) ++ log_debug_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); ++ else if (k == -ENOENT) ++ log_info_errno(k, "Couldn't write '%s' to '%s', ignoring: %m", option->value, option->key); + else { + log_error_errno(k, "Couldn't write '%s' to '%s': %m", option->value, option->key); + if (r == 0) diff --git a/SOURCES/0846-core-respect-SELinuxContext-for-socket-creation.patch b/SOURCES/0846-core-respect-SELinuxContext-for-socket-creation.patch new file mode 100644 index 0000000..dbdd058 --- /dev/null +++ b/SOURCES/0846-core-respect-SELinuxContext-for-socket-creation.patch @@ -0,0 +1,53 @@ +From 1f408c8d9739b1038012eeec7bf0f918c8095bc4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 23 Sep 2022 19:00:22 +0200 +Subject: [PATCH] core: respect SELinuxContext= for socket creation + +On socket creation respect the SELinuxContext= setting of the associated +service, such that the initial created socket has the same label as the +future process accepting the connection (since w.r.t SELinux sockets +normally have the same label as the owning process). + +Triggered by #24702 + +(cherry picked from commit 599b384924bbef9f8f7fa5700c6fa35a404d9a98) + +Related: #2136738 +--- + src/core/socket.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/core/socket.c b/src/core/socket.c +index 9d47ca2616..d1ca0a07c5 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -1427,6 +1427,7 @@ fail: + static int socket_determine_selinux_label(Socket *s, char **ret) { + Service *service; + ExecCommand *c; ++ const char *exec_context; + _cleanup_free_ char *path = NULL; + int r; + +@@ -1448,8 +1449,20 @@ static int socket_determine_selinux_label(Socket *s, char **ret) { + + if (!UNIT_ISSET(s->service)) + goto no_label; +- + service = SERVICE(UNIT_DEREF(s->service)); ++ ++ exec_context = service->exec_context.selinux_context; ++ if (exec_context) { ++ char *con; ++ ++ con = strdup(exec_context); ++ if (!con) ++ return -ENOMEM; ++ ++ *ret = TAKE_PTR(con); ++ return 0; ++ } ++ + c = service->exec_command[SERVICE_EXEC_START]; + if (!c) + goto no_label; diff --git a/SOURCES/0847-manager-use-target-process-context-to-set-socket-con.patch b/SOURCES/0847-manager-use-target-process-context-to-set-socket-con.patch new file mode 100644 index 0000000..d10bdca --- /dev/null +++ b/SOURCES/0847-manager-use-target-process-context-to-set-socket-con.patch @@ -0,0 +1,128 @@ +From 3f90090e70a5fa81bced17792fe08d9c46324da9 Mon Sep 17 00:00:00 2001 +From: "Ted X. Toth" +Date: Thu, 13 Oct 2022 12:58:26 -0700 +Subject: [PATCH] manager: use target process context to set socket context + +Use target process context to set socket context when using SELinuxContextFromNet +not systemd's context. Currently when using the SELinuxContextFromNet option for +a socket activated services, systemd calls getcon_raw which returns init_t and +uses the resulting context to compute the context to be passed to the +setsockcreatecon call. A socket of type init_t is created and listened on and +this means that SELinux policy cannot be written to control which processes +(SELinux types) can connect to the socket since the ref policy allows all +'types' to connect to sockets of the type init_t. When security accessors see +that any process can connect to a socket this raises serious concerns. I have +spoken with SELinux contributors in person and on the mailing list and the +consensus is that the best solution is to use the target executables context +when computing the sockets context in all cases. + +[zjs review/comment: + +This removes the branch that was added in 16115b0a7b7cdf08fb38084d857d572d8a9088dc. +16115b0a7b7cdf08fb38084d857d572d8a9088dc did two things: it had the branch here +in 'socket_determine_selinux_label()' and a code in 'exec_child()' to call +'label_get_child_mls_label(socket_fd, command->path, &label)'. + +Before this patch, the flow was: +''' +mac_selinux_get_child_mls_label: + peercon = getpeercon_raw(socket_fd); + if (!exec_label) + exec_label = getfilecon_raw(exe); + +socket_open_fds: + if (params->selinux_context_net) # + label = mac_selinux_get_our_label(); # this part is removed + else # + label = mac_selinux_get_create_label_from_exe(path); + socket_address_listen_in_cgroup(s, &p->address, label); + +exec_child(): + exec_context = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context); + setexeccon(exec_context); +''' +] + +(cherry picked from commit 29dbc62d74f7b7881dc3136e68e03a03ea055b36) + +Resolves: #2136738 +--- + src/core/socket.c | 58 ++++++++++++++++++++--------------------------- + 1 file changed, 24 insertions(+), 34 deletions(-) + +diff --git a/src/core/socket.c b/src/core/socket.c +index d1ca0a07c5..8aa5463b25 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -1434,47 +1434,37 @@ static int socket_determine_selinux_label(Socket *s, char **ret) { + assert(s); + assert(ret); + +- if (s->selinux_context_from_net) { +- /* If this is requested, get label from the network label */ +- +- r = mac_selinux_get_our_label(ret); +- if (r == -EOPNOTSUPP) +- goto no_label; +- +- } else { +- /* Otherwise, get it from the executable we are about to start */ +- r = socket_instantiate_service(s); +- if (r < 0) +- return r; ++ r = socket_instantiate_service(s); ++ if (r < 0) ++ return r; + +- if (!UNIT_ISSET(s->service)) +- goto no_label; +- service = SERVICE(UNIT_DEREF(s->service)); ++ if (!UNIT_ISSET(s->service)) ++ goto no_label; ++ service = SERVICE(UNIT_DEREF(s->service)); + +- exec_context = service->exec_context.selinux_context; +- if (exec_context) { +- char *con; ++ exec_context = service->exec_context.selinux_context; ++ if (exec_context) { ++ char *con; + +- con = strdup(exec_context); +- if (!con) +- return -ENOMEM; ++ con = strdup(exec_context); ++ if (!con) ++ return -ENOMEM; + +- *ret = TAKE_PTR(con); +- return 0; +- } ++ *ret = TAKE_PTR(con); ++ return 0; ++ } + +- c = service->exec_command[SERVICE_EXEC_START]; +- if (!c) +- goto no_label; ++ c = service->exec_command[SERVICE_EXEC_START]; ++ if (!c) ++ goto no_label; + +- r = chase_symlinks(c->path, service->exec_context.root_directory, CHASE_PREFIX_ROOT, &path); +- if (r < 0) +- goto no_label; ++ r = chase_symlinks(c->path, service->exec_context.root_directory, CHASE_PREFIX_ROOT, &path); ++ if (r < 0) ++ goto no_label; + +- r = mac_selinux_get_create_label_from_exe(path, ret); +- if (IN_SET(r, -EPERM, -EOPNOTSUPP)) +- goto no_label; +- } ++ r = mac_selinux_get_create_label_from_exe(path, ret); ++ if (IN_SET(r, -EPERM, -EOPNOTSUPP)) ++ goto no_label; + + return r; + diff --git a/SOURCES/0848-virt-detect-Amazon-EC2-Nitro-instance.patch b/SOURCES/0848-virt-detect-Amazon-EC2-Nitro-instance.patch new file mode 100644 index 0000000..fc3d0bd --- /dev/null +++ b/SOURCES/0848-virt-detect-Amazon-EC2-Nitro-instance.patch @@ -0,0 +1,142 @@ +From 6ffd3de2ccc5901974f292c9694829e25441060d Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Sun, 11 Oct 2020 21:25:00 +0100 +Subject: [PATCH] virt: detect Amazon EC2 Nitro instance + +Amazon EC2 Nitro hypervisor is technically based on KVM[1], which +systemd-detect-virt identify propely from CPUID. However the lack of +CPUID on aarch64 (A1, T4 instance type) prevents a correct +identification, impacting hostnamectl and systemd-random-seed. Instead +it's possible to identify virtualization from DMI vendor ID. + +Prior to this commit: + # hostnamectl + Static hostname: n/a + Transient hostname: ip-10-97-8-12 + Icon name: computer + Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b + Boot ID: b7b7e2fe0079448db664839df59f9817 + Operating System: Gentoo/Linux + Kernel: Linux 5.4.69-longterm + Architecture: arm64 + +After this commit: + # hostnamectl + Static hostname: n/a + Transient hostname: ip-10-97-8-12 + Icon name: computer-vm + Chassis: vm + Machine ID: 8e3772fbcfa3dd6f330a12ff5df5a63b + Boot ID: bd04da57084e41078f20541101867113 + Virtualization: amazon + Operating System: Gentoo/Linux + Kernel: Linux 5.4.69-longterm + Architecture: arm64 + +[1] https://aws.amazon.com/ec2/faqs/ + +(cherry picked from commit b6eca3731dd92b009b182f188936e1c2544574da) + +Resolves: #2117948 +--- + man/systemd-detect-virt.xml | 7 ++++++- + man/systemd.unit.xml | 1 + + src/basic/virt.c | 8 +++++--- + src/basic/virt.h | 1 + + src/test/test-condition.c | 1 + + 5 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index 6beb2c2aa1..61c210e24d 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -72,7 +72,12 @@ + + + kvm +- Linux KVM kernel virtual machine, with whatever software, except Oracle Virtualbox ++ Linux KVM kernel virtual machine, in combination with QEMU. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below. ++ ++ ++ ++ amazon ++ Amazon EC2 Nitro using Linux KVM + + + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index 6f213ccd56..5207a5bb3c 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -1068,6 +1068,7 @@ + virtualization solution, or one of + qemu, + kvm, ++ amazon, + zvm, + vmware, + microsoft, +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 8d862b6d67..78c68d66e0 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -147,6 +147,7 @@ static int detect_vm_dmi(void) { + int id; + } dmi_vendor_table[] = { + { "KVM", VIRTUALIZATION_KVM }, ++ { "Amazon EC2", VIRTUALIZATION_AMAZON }, + { "QEMU", VIRTUALIZATION_QEMU }, + /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ + { "VMware", VIRTUALIZATION_VMWARE }, +@@ -339,8 +340,8 @@ int detect_vm(void) { + + /* We have to use the correct order here: + * +- * → First, try to detect Oracle Virtualbox, even if it uses KVM, as well as Xen even if it cloaks as Microsoft +- * Hyper-V. ++ * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if ++ * it cloaks as Microsoft Hyper-V. + * + * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is + * overwritten. +@@ -348,7 +349,7 @@ int detect_vm(void) { + * → Third, try to detect from DMI. */ + + dmi = detect_vm_dmi(); +- if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN)) { ++ if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) { + r = dmi; + goto finish; + } +@@ -631,6 +632,7 @@ int running_in_chroot(void) { + static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_NONE] = "none", + [VIRTUALIZATION_KVM] = "kvm", ++ [VIRTUALIZATION_AMAZON] = "amazon", + [VIRTUALIZATION_QEMU] = "qemu", + [VIRTUALIZATION_BOCHS] = "bochs", + [VIRTUALIZATION_XEN] = "xen", +diff --git a/src/basic/virt.h b/src/basic/virt.h +index 640b3ed779..ed4ff063e0 100644 +--- a/src/basic/virt.h ++++ b/src/basic/virt.h +@@ -10,6 +10,7 @@ enum { + + VIRTUALIZATION_VM_FIRST, + VIRTUALIZATION_KVM = VIRTUALIZATION_VM_FIRST, ++ VIRTUALIZATION_AMAZON, + VIRTUALIZATION_QEMU, + VIRTUALIZATION_BOCHS, + VIRTUALIZATION_XEN, +diff --git a/src/test/test-condition.c b/src/test/test-condition.c +index 24395dafc6..29ea63c4ff 100644 +--- a/src/test/test-condition.c ++++ b/src/test/test-condition.c +@@ -510,6 +510,7 @@ static void test_condition_test_virtualization(void) { + + NULSTR_FOREACH(virt, + "kvm\0" ++ "amazon\0" + "qemu\0" + "bochs\0" + "xen\0" diff --git a/SOURCES/0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch b/SOURCES/0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch new file mode 100644 index 0000000..12f1b77 --- /dev/null +++ b/SOURCES/0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch @@ -0,0 +1,37 @@ +From e320f72150829228f10ec24f3fba34d5377c5120 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Sun, 11 Oct 2020 22:25:56 +0100 +Subject: [PATCH] machine-id-setup: generate machine-id from DMI product ID on + Amazon EC2 + +Amazon EC2 Nitro hypervisor is technically based on KVM[1]. + +[1] https://aws.amazon.com/ec2/faqs/ + +(cherry picked from commit 382a46d129899ca9027b07c325102cab173dd563) + +Related: #2117948 +--- + src/core/machine-id-setup.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c +index 11528f83c4..fe2abc4e68 100644 +--- a/src/core/machine-id-setup.c ++++ b/src/core/machine-id-setup.c +@@ -57,11 +57,11 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) { + return 0; + } + +- } else if (detect_vm() == VIRTUALIZATION_KVM) { ++ } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU)) { + +- /* If we are not running in a container, see if we are +- * running in qemu/kvm and a machine ID was passed in +- * via -uuid on the qemu/kvm command line */ ++ /* If we are not running in a container, see if we are running in a VM that provides ++ * a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM ++ * with the -uuid on the qemu command line or the Amazon EC2 Nitro hypervisor. */ + + if (id128_read("/sys/class/dmi/id/product_uuid", ID128_UUID, ret) >= 0) { + log_info("Initializing machine ID from KVM UUID."); diff --git a/SOURCES/0850-virt-use-string-table-to-detect-VM-or-container.patch b/SOURCES/0850-virt-use-string-table-to-detect-VM-or-container.patch new file mode 100644 index 0000000..f0990a6 --- /dev/null +++ b/SOURCES/0850-virt-use-string-table-to-detect-VM-or-container.patch @@ -0,0 +1,134 @@ +From efa2cdb699df3e5d5d7180e50f3ebfff74788c5c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 7 Jan 2020 11:49:39 +0900 +Subject: [PATCH] virt: use string table to detect VM or container + +(cherry picked from commit 735ea55f5cd87a82757a8911edd80fba799b46ee) + +Related: #2117948 +--- + src/basic/virt.c | 73 ++++++++++++++++++++++-------------------------- + 1 file changed, 33 insertions(+), 40 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 78c68d66e0..6e4c702051 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -22,27 +22,26 @@ + #include "string-util.h" + #include "virt.h" + ++static const char *const vm_table[_VIRTUALIZATION_MAX] = { ++ [VIRTUALIZATION_XEN] = "XenVMMXenVMM", ++ [VIRTUALIZATION_KVM] = "KVMKVMKVM", ++ [VIRTUALIZATION_QEMU] = "TCGTCGTCGTCG", ++ /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ ++ [VIRTUALIZATION_VMWARE] = "VMwareVMware", ++ /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ ++ [VIRTUALIZATION_MICROSOFT] = "Microsoft Hv", ++ /* https://wiki.freebsd.org/bhyve */ ++ [VIRTUALIZATION_BHYVE] = "bhyve bhyve ", ++ [VIRTUALIZATION_QNX] = "QNXQVMBSQG", ++}; ++ ++DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(vm, int); ++ + static int detect_vm_cpuid(void) { + + /* CPUID is an x86 specific interface. */ + #if defined(__i386__) || defined(__x86_64__) + +- static const struct { +- const char *cpuid; +- int id; +- } cpuid_vendor_table[] = { +- { "XenVMMXenVMM", VIRTUALIZATION_XEN }, +- { "KVMKVMKVM", VIRTUALIZATION_KVM }, +- { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU }, +- /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ +- { "VMwareVMware", VIRTUALIZATION_VMWARE }, +- /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ +- { "Microsoft Hv", VIRTUALIZATION_MICROSOFT }, +- /* https://wiki.freebsd.org/bhyve */ +- { "bhyve bhyve ", VIRTUALIZATION_BHYVE }, +- { "QNXQVMBSQG", VIRTUALIZATION_QNX }, +- }; +- + uint32_t eax, ebx, ecx, edx; + bool hypervisor; + +@@ -59,7 +58,7 @@ static int detect_vm_cpuid(void) { + uint32_t sig32[3]; + char text[13]; + } sig = {}; +- unsigned j; ++ int v; + + /* There is a hypervisor, see what it is */ + __cpuid(0x40000000U, eax, ebx, ecx, edx); +@@ -70,11 +69,11 @@ static int detect_vm_cpuid(void) { + + log_debug("Virtualization found, CPUID=%s", sig.text); + +- for (j = 0; j < ELEMENTSOF(cpuid_vendor_table); j ++) +- if (streq(sig.text, cpuid_vendor_table[j].cpuid)) +- return cpuid_vendor_table[j].id; ++ v = vm_from_string(sig.text); ++ if (v < 0) ++ return VIRTUALIZATION_VM_OTHER; + +- return VIRTUALIZATION_VM_OTHER; ++ return v; + } + #endif + log_debug("No virtualization found in CPUID"); +@@ -434,22 +433,20 @@ finish: + return r; + } + +-int detect_container(void) { +- static const struct { +- const char *value; +- int id; +- } value_table[] = { +- { "lxc", VIRTUALIZATION_LXC }, +- { "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT }, +- { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, +- { "docker", VIRTUALIZATION_DOCKER }, +- { "rkt", VIRTUALIZATION_RKT }, +- }; ++static const char *const container_table[_VIRTUALIZATION_MAX] = { ++ [VIRTUALIZATION_LXC] = "lxc", ++ [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt", ++ [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", ++ [VIRTUALIZATION_DOCKER] = "docker", ++ [VIRTUALIZATION_RKT] = "rkt", ++}; ++ ++DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(container, int); + ++int detect_container(void) { + static thread_local int cached_found = _VIRTUALIZATION_INVALID; + _cleanup_free_ char *m = NULL; + const char *e = NULL; +- unsigned j; + int r; + + if (cached_found >= 0) +@@ -522,13 +519,9 @@ int detect_container(void) { + goto finish; + + translate_name: +- for (j = 0; j < ELEMENTSOF(value_table); j++) +- if (streq(e, value_table[j].value)) { +- r = value_table[j].id; +- goto finish; +- } +- +- r = VIRTUALIZATION_CONTAINER_OTHER; ++ r = container_from_string(e); ++ if (r < 0) ++ r = VIRTUALIZATION_CONTAINER_OTHER; + + finish: + log_debug("Found container virtualization %s.", virtualization_to_string(r)); diff --git a/SOURCES/0851-fileio-introduce-read_full_virtual_file-for-reading-.patch b/SOURCES/0851-fileio-introduce-read_full_virtual_file-for-reading-.patch new file mode 100644 index 0000000..84b09c9 --- /dev/null +++ b/SOURCES/0851-fileio-introduce-read_full_virtual_file-for-reading-.patch @@ -0,0 +1,194 @@ +From 7a3843972ea290daf1bec5e1133db654749b8c02 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Tue, 22 Oct 2019 16:09:21 +0200 +Subject: [PATCH] fileio: introduce read_full_virtual_file() for reading + virtual files in sysfs, procfs + +Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work +with two sorts of virtual files. + +One sort uses "seq_file", and the results of the first read are buffered for +the second read. The other sort uses "raw" reads which always go direct to the +device. + +In the later case, the content of the virtual file must be retrieved with a +single read otherwise subsequent read might get the new value instead of +finding EOF immediately. That's the reason why the usage of fread(3) is +prohibited in this case as it always performs a second call to read(2) looking +for EOF which is subject to the race described previously. + +Fixes: #13585. +(cherry picked from commit 21b40f16622f171a9969dc334d74fb5eb2f575c2) + +Related: #2117948 +--- + src/basic/fileio.c | 115 ++++++++++++++++++++++++++- + src/basic/fileio.h | 1 + + src/libsystemd/sd-device/sd-device.c | 2 +- + 3 files changed, 113 insertions(+), 5 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 6b0bad5b71..733fb42463 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -276,6 +276,113 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { + return 1; + } + ++int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { ++ _cleanup_free_ char *buf = NULL; ++ _cleanup_close_ int fd = -1; ++ struct stat st; ++ size_t n, size; ++ int n_retries; ++ char *p; ++ ++ assert(ret_contents); ++ ++ /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work ++ * with two sorts of virtual files. One sort uses "seq_file", and the results of ++ * the first read are buffered for the second read. The other sort uses "raw" ++ * reads which always go direct to the device. In the latter case, the content of ++ * the virtual file must be retrieved with a single read otherwise a second read ++ * might get the new value instead of finding EOF immediately. That's the reason ++ * why the usage of fread(3) is prohibited in this case as it always performs a ++ * second call to read(2) looking for EOF. See issue 13585. */ ++ ++ fd = open(filename, O_RDONLY|O_CLOEXEC); ++ if (fd < 0) ++ return -errno; ++ ++ /* Start size for files in /proc which usually report a file size of 0. */ ++ size = LINE_MAX / 2; ++ ++ /* Limit the number of attempts to read the number of bytes returned by fstat(). */ ++ n_retries = 3; ++ ++ for (;;) { ++ if (n_retries <= 0) ++ return -EIO; ++ ++ if (fstat(fd, &st) < 0) ++ return -errno; ++ ++ if (!S_ISREG(st.st_mode)) ++ return -EBADF; ++ ++ /* Be prepared for files from /proc which generally report a file size of 0. */ ++ if (st.st_size > 0) { ++ size = st.st_size; ++ n_retries--; ++ } else ++ size = size * 2; ++ ++ if (size > READ_FULL_BYTES_MAX) ++ return -E2BIG; ++ ++ p = realloc(buf, size + 1); ++ if (!p) ++ return -ENOMEM; ++ buf = TAKE_PTR(p); ++ ++ for (;;) { ++ ssize_t k; ++ ++ /* Read one more byte so we can detect whether the content of the ++ * file has already changed or the guessed size for files from /proc ++ * wasn't large enough . */ ++ k = read(fd, buf, size + 1); ++ if (k >= 0) { ++ n = k; ++ break; ++ } ++ ++ if (errno != -EINTR) ++ return -errno; ++ } ++ ++ /* Consider a short read as EOF */ ++ if (n <= size) ++ break; ++ ++ /* Hmm... either we read too few bytes from /proc or less likely the content ++ * of the file might have been changed (and is now bigger) while we were ++ * processing, let's try again either with a bigger guessed size or the new ++ * file size. */ ++ ++ if (lseek(fd, 0, SEEK_SET) < 0) ++ return -errno; ++ } ++ ++ if (n < size) { ++ p = realloc(buf, n + 1); ++ if (!p) ++ return -ENOMEM; ++ buf = TAKE_PTR(p); ++ } ++ ++ if (!ret_size) { ++ /* Safety check: if the caller doesn't want to know the size of what we ++ * just read it will rely on the trailing NUL byte. But if there's an ++ * embedded NUL byte, then we should refuse operation as otherwise ++ * there'd be ambiguity about what we just read. */ ++ ++ if (memchr(buf, 0, n)) ++ return -EBADMSG; ++ } else ++ *ret_size = n; ++ ++ buf[n] = 0; ++ *ret_contents = TAKE_PTR(buf); ++ ++ return 0; ++} ++ + int read_full_stream(FILE *f, char **contents, size_t *size) { + _cleanup_free_ char *buf = NULL; + struct stat st; +@@ -300,9 +407,9 @@ int read_full_stream(FILE *f, char **contents, size_t *size) { + if (st.st_size > READ_FULL_BYTES_MAX) + return -E2BIG; + +- /* Start with the right file size, but be prepared for files from /proc which generally report a file +- * size of 0. Note that we increase the size to read here by one, so that the first read attempt +- * already makes us notice the EOF. */ ++ /* Start with the right file size. Note that we increase the size ++ * to read here by one, so that the first read attempt already ++ * makes us notice the EOF. */ + if (st.st_size > 0) + n = st.st_size + 1; + } +@@ -986,7 +1093,7 @@ int get_proc_field(const char *filename, const char *pattern, const char *termin + assert(pattern); + assert(field); + +- r = read_full_file(filename, &status, NULL); ++ r = read_full_virtual_file(filename, &status, NULL); + if (r < 0) + return r; + +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 77e6206e95..c6ad375b8d 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -38,6 +38,7 @@ int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *f + int read_one_line_file(const char *fn, char **line); + int read_full_file(const char *fn, char **contents, size_t *size); + int read_full_stream(FILE *f, char **contents, size_t *size); ++int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); + + int verify_file(const char *fn, const char *blob, bool accept_extra_nl); + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index be29053f8c..49750ba9d7 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -1798,7 +1798,7 @@ _public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr, + size_t size; + + /* read attribute value */ +- r = read_full_file(path, &value, &size); ++ r = read_full_virtual_file(path, &value, &size); + if (r < 0) + return r; + diff --git a/SOURCES/0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch b/SOURCES/0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch new file mode 100644 index 0000000..bf84a18 --- /dev/null +++ b/SOURCES/0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch @@ -0,0 +1,118 @@ +From 44cbd79562ed55a8b0f2e5b5dc708265568ed9f8 Mon Sep 17 00:00:00 2001 +From: Noah Meyerhans +Date: Fri, 30 Apr 2021 09:30:52 -0700 +Subject: [PATCH] Use BIOS characteristics to distinguish EC2 bare-metal from + VMs + +DMI vendor information fields do not provide enough information for us to +distinguish between Amazon EC2 virtual machines and bare-metal instances. +SMBIOS provides a BIOS Information +table (https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0.pdf +Ch. 7) that provides a field to indicate that the current machine is a virtual +machine. On EC2 virtual machine instances, this field is set, while bare-metal +instances leave this unset, so we inspect the field via the kernel's +/sys/firemware/dmi/entries interface. + +Fixes #18929 + +(cherry picked from commit ce35037928f4c4c931088256853f07804ec7d235) + +Related: #2117948 +--- + src/basic/virt.c | 65 +++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 61 insertions(+), 4 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 6e4c702051..00d1c894e6 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -22,6 +22,12 @@ + #include "string-util.h" + #include "virt.h" + ++enum { ++ SMBIOS_VM_BIT_SET, ++ SMBIOS_VM_BIT_UNSET, ++ SMBIOS_VM_BIT_UNKNOWN, ++}; ++ + static const char *const vm_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_XEN] = "XenVMMXenVMM", + [VIRTUALIZATION_KVM] = "KVMKVMKVM", +@@ -131,9 +137,8 @@ static int detect_vm_device_tree(void) { + #endif + } + +-static int detect_vm_dmi(void) { + #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) +- ++static int detect_vm_dmi_vendor(void) { + static const char *const dmi_vendors[] = { + "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ + "/sys/class/dmi/id/sys_vendor", +@@ -179,11 +184,63 @@ static int detect_vm_dmi(void) { + return dmi_vendor_table[j].id; + } + } +-#endif ++ return VIRTUALIZATION_NONE; ++} ++ ++static int detect_vm_smbios(void) { ++ /* The SMBIOS BIOS Charateristics Extension Byte 2 (Section 2.1.2.2 of ++ * https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0.pdf), specifies that ++ * the 4th bit being set indicates a VM. The BIOS Characteristics table is exposed via the kernel in ++ * /sys/firmware/dmi/entries/0-0. Note that in the general case, this bit being unset should not ++ * imply that the system is running on bare-metal. For example, QEMU 3.1.0 (with or without KVM) ++ * with SeaBIOS does not set this bit. */ ++ _cleanup_free_ char *s = NULL; ++ size_t readsize; ++ int r; ++ ++ r = read_full_virtual_file("/sys/firmware/dmi/entries/0-0/raw", &s, &readsize); ++ if (r < 0) { ++ log_debug_errno(r, "Unable to read /sys/firmware/dmi/entries/0-0/raw, ignoring: %m"); ++ return SMBIOS_VM_BIT_UNKNOWN; ++ } ++ if (readsize < 20 || s[1] < 20) { ++ /* The spec indicates that byte 1 contains the size of the table, 0x12 + the number of ++ * extension bytes. The data we're interested in is in extension byte 2, which would be at ++ * 0x13. If we didn't read that much data, or if the BIOS indicates that we don't have that ++ * much data, we don't infer anything from the SMBIOS. */ ++ log_debug("Only read %zu bytes from /sys/firmware/dmi/entries/0-0/raw (expected 20)", readsize); ++ return SMBIOS_VM_BIT_UNKNOWN; ++ } + +- log_debug("No virtualization found in DMI"); ++ uint8_t byte = (uint8_t) s[19]; ++ if (byte & (1U<<4)) { ++ log_debug("DMI BIOS Extension table indicates virtualization"); ++ return SMBIOS_VM_BIT_SET; ++ } ++ log_debug("DMI BIOS Extension table does not indicate virtualization"); ++ return SMBIOS_VM_BIT_UNSET; ++} ++#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */ ++ ++static int detect_vm_dmi(void) { ++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++ ++ int r; ++ r = detect_vm_dmi_vendor(); + ++ /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between Amazon EC2 ++ * virtual machines and bare-metal instances, so we need to look at SMBIOS. */ ++ if (r == VIRTUALIZATION_AMAZON && detect_vm_smbios() == SMBIOS_VM_BIT_UNSET) ++ return VIRTUALIZATION_NONE; ++ ++ /* If we haven't identified a VM, but the firmware indicates that there is one, indicate as much. We ++ * have no further information about what it is. */ ++ if (r == VIRTUALIZATION_NONE && detect_vm_smbios() == SMBIOS_VM_BIT_SET) ++ return VIRTUALIZATION_VM_OTHER; ++ return r; ++#else + return VIRTUALIZATION_NONE; ++#endif + } + + static int detect_vm_xen(void) { diff --git a/SOURCES/0853-device-drop-refuse_after.patch b/SOURCES/0853-device-drop-refuse_after.patch new file mode 100644 index 0000000..80e5c62 --- /dev/null +++ b/SOURCES/0853-device-drop-refuse_after.patch @@ -0,0 +1,37 @@ +From bb9d00035c00b8590c389e66b5d94334bbb7379d Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Mon, 30 Mar 2020 10:49:29 +0200 +Subject: [PATCH] device: drop refuse_after + +Scheduling devices after a given unit can be useful to start device *jobs* at a +specific time in the transaction, see commit 4195077ab4c823c. + +This (hidden) change was introduced by commit eef85c4a3f8054d2. + +(cherry picked from commit b862c25716520d9381d5a841dba0f0c14e9c970a) + +[dtardon: This picks just the minimal relevant change from +c80a9a33d04fb4381327a69ce929c94a9f1d0e6c and +b862c25716520d9381d5a841dba0f0c14e9c970a] + +Resolves: #2043524 +--- + src/core/unit.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index dfe0c243ef..9be2a0c326 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2841,8 +2841,9 @@ int unit_add_dependency( + return 0; + } + +- if ((d == UNIT_BEFORE && other->type == UNIT_DEVICE) || +- (d == UNIT_AFTER && u->type == UNIT_DEVICE)) { ++ /* Note that ordering a device unit after a unit is permitted since it ++ * allows to start its job running timeout at a specific time. */ ++ if (d == UNIT_BEFORE && other->type == UNIT_DEVICE) { + log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id); + return 0; + } diff --git a/SOURCES/0854-manager-limit-access-to-private-dbus-socket.patch b/SOURCES/0854-manager-limit-access-to-private-dbus-socket.patch new file mode 100644 index 0000000..42ff3fa --- /dev/null +++ b/SOURCES/0854-manager-limit-access-to-private-dbus-socket.patch @@ -0,0 +1,44 @@ +From 004130ae74688eb321aadc05192bab69fe5cbcbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 22 Jul 2022 11:45:12 +0200 +Subject: [PATCH] manager: limit access to private dbus socket + +For the system manager, /run/systemd/private is publicly accessible, because +/run/systemd is 0755, and /run/systemd/private is 0777. For the user manager, +/run/user/ is 0700, and /run/user//systemd/private is 0777. This +does not directly cause any security issue because we check the sender in +bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()). + +But it makes sense to limit access to the socket to avoid wasting time in PID1. +Somebody could send messages there that'd we'd reject anyway. It also makes +things more explicit. + +(cherry picked from commit df1cbd1adf26071aab41d96e054452a3d66103a4) + +Resolves: #2119405 +--- + src/core/dbus.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/core/dbus.c b/src/core/dbus.c +index 66d838cdb4..ec6c52cb85 100644 +--- a/src/core/dbus.c ++++ b/src/core/dbus.c +@@ -42,6 +42,7 @@ + #include "string-util.h" + #include "strv.h" + #include "strxcpyx.h" ++#include "umask-util.h" + #include "user-util.h" + + #define CONNECTIONS_MAX 4096 +@@ -1019,7 +1020,8 @@ int bus_init_private(Manager *m) { + if (fd < 0) + return log_error_errno(errno, "Failed to allocate private socket: %m"); + +- r = bind(fd, &sa.sa, salen); ++ RUN_WITH_UMASK(0077) ++ r = bind(fd, &sa.sa, salen); + if (r < 0) + return log_error_errno(errno, "Failed to bind private socket: %m"); + diff --git a/SOURCES/0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch b/SOURCES/0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch new file mode 100644 index 0000000..d53c85d --- /dev/null +++ b/SOURCES/0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch @@ -0,0 +1,35 @@ +From b0574acc0bddceb0af47f6cce327a87041ab4b52 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 11 Nov 2018 12:33:06 +0100 +Subject: [PATCH] journalctl: do not treat EINTR as an error when waiting for + events + +Fixup for 2a1e0f2228bbdfbc18635e959f47df7da50b62fe. Fixes #10724. + +Reproducer: start 'journalctl -f' in a terminal window, change window size. +(cherry picked from commit 8e143a123276a9636987b08f555603927ca9e186) + +Resolves: #2161683 +--- + src/journal/journalctl.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index fa83dce562..228cfe7e49 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -2084,8 +2084,13 @@ static int wait_for_change(sd_journal *j, int poll_fd) { + if (r < 0) + return log_error_errno(r, "Failed to determine journal waiting time: %m"); + +- if (ppoll(pollfds, ELEMENTSOF(pollfds), timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0) ++ if (ppoll(pollfds, ELEMENTSOF(pollfds), ++ timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0) { ++ if (errno == EINTR) ++ return 0; ++ + return log_error_errno(errno, "Couldn't wait for journal event: %m"); ++ } + + if (pollfds[1].revents & (POLLHUP|POLLERR)) { /* STDOUT has been closed? */ + log_debug("Standard output has been closed."); diff --git a/SOURCES/0856-core-bring-manager_startup-and-manager_reload-more-i.patch b/SOURCES/0856-core-bring-manager_startup-and-manager_reload-more-i.patch new file mode 100644 index 0000000..e785fdf --- /dev/null +++ b/SOURCES/0856-core-bring-manager_startup-and-manager_reload-more-i.patch @@ -0,0 +1,76 @@ +From b9dd7ee5f4d0f6d51899d7e14ac7ef2fd2840b8f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 9 Oct 2018 17:37:57 +0200 +Subject: [PATCH] core: bring manager_startup() and manager_reload() more + inline + +Both functions do partly the same, let's make sure they do it in the +same order, and that we don't miss some calls. + +This makes a number of changes: + +1. Moves exec_runtime_vacuum() two calls down in manager_startup(). This + should not have any effect but makes manager_startup() more like + manager_reload(). + +2. Calls manager_recheck_journal(), manager_recheck_dbus(), + manager_enqueue_sync_bus_names() in manager_startup() too. This is a + good idea since during reeexec we pass through manager_startup() and + hence can't assume dbus and journald weren't up yet, hence let's + check if they are ready to be connected to. + +3. Include manager_enumerate_perpetual() in manager_reload(), too. This + is not strictly necessary, since these units are included in the + serialization anyway, but it's still a nice thing, in particular as + theoretically the deserialization could fail. + +(cherry picked from commit 3ad2afb6a204513c7834c64ab864e40169874390) + +Resolves: #2059633 +--- + src/core/manager.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index e083596e58..4a9f9bfcf9 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1665,12 +1665,12 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + /* Release any dynamic users no longer referenced */ + dynamic_user_vacuum(m, true); + +- exec_runtime_vacuum(m); +- + /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */ + manager_vacuum_uid_refs(m); + manager_vacuum_gid_refs(m); + ++ exec_runtime_vacuum(m); ++ + if (serialization) { + assert(m->n_reloading > 0); + m->n_reloading--; +@@ -1681,6 +1681,13 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + m->send_reloading_done = true; + } + ++ /* It might be safe to log to the journal now and connect to dbus */ ++ manager_recheck_journal(m); ++ manager_recheck_dbus(m); ++ ++ /* Sync current state of bus names with our set of listening units */ ++ (void) manager_enqueue_sync_bus_names(m); ++ + /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ + manager_catchup(m); + +@@ -3505,7 +3512,8 @@ int manager_reload(Manager *m) { + lookup_paths_reduce(&m->lookup_paths); + manager_build_unit_path_cache(m); + +- /* First, enumerate what we can from all config files */ ++ /* First, enumerate what we can from kernel and suchlike */ ++ manager_enumerate_perpetual(m); + manager_enumerate(m); + + /* Second, deserialize our stored data */ diff --git a/SOURCES/0857-pam-add-a-call-to-pam_namespace.patch b/SOURCES/0857-pam-add-a-call-to-pam_namespace.patch new file mode 100644 index 0000000..8825e9e --- /dev/null +++ b/SOURCES/0857-pam-add-a-call-to-pam_namespace.patch @@ -0,0 +1,35 @@ +From b1b7aaf83414c5b0bed6e61d38aefe29a21fdbcf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 23 Nov 2022 16:09:56 +0100 +Subject: [PATCH] pam: add a call to pam_namespace + +A call to pam_namespace is required so that children of user@.service end up in +a namespace as expected. pam_namespace gets called as part of the stack that +creates a session (login, sshd, gdm, etc.) and those processes end up in a +namespace, but it also needs to be called from our stack which is parallel and +descends from pid1 itself. + +The call to pam_namespace is similar to the call to pam_keyinit that was added +in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service +creates a new session which is disconnected from the parent environment. Both +calls are not suitable for inclusion in the shared part of the stack (e.g. +@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser +should not include them. + +(cherry picked from commit 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901) + +Resolves: #1861836 +--- + src/login/systemd-user.m4 | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4 +index 20c8999331..eb291beaed 100644 +--- a/src/login/systemd-user.m4 ++++ b/src/login/systemd-user.m4 +@@ -9,4 +9,5 @@ session required pam_selinux.so nottys open + )m4_dnl + session required pam_loginuid.so + session optional pam_keyinit.so force revoke ++session required pam_namespace.so + session optional pam_systemd.so diff --git a/SOURCES/0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch b/SOURCES/0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch new file mode 100644 index 0000000..8f71336 --- /dev/null +++ b/SOURCES/0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch @@ -0,0 +1,31 @@ +From 4b573adbcc040fa50f1130cb8cf1bdb9559565cf Mon Sep 17 00:00:00 2001 +From: Boqun Feng +Date: Wed, 13 Oct 2021 11:32:09 +0800 +Subject: [PATCH] virt: Support detection for ARM64 Hyper-V guests + +The detection of Microsoft Hyper-V VMs is done by cpuid currently, +however there is no cpuid on ARM64. And since ARM64 is now a supported +architecture for Microsoft Hyper-V guests[1], then use DMI tables to +detect a Hyper-V guest, which is more generic and works for ARM64. + +[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467 + +(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87) + +Resolves: #2158307 +--- + src/basic/virt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 00d1c894e6..cc95097101 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -162,6 +162,7 @@ static int detect_vm_dmi_vendor(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, ++ { "Microsoft", VIRTUALIZATION_MICROSOFT }, + }; + unsigned i; + int r; diff --git a/SOURCES/0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch b/SOURCES/0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch new file mode 100644 index 0000000..8a91e30 --- /dev/null +++ b/SOURCES/0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch @@ -0,0 +1,41 @@ +From e732bc987f2f779e89f30193bf694e0456ab7ce0 Mon Sep 17 00:00:00 2001 +From: Boqun Feng +Date: Tue, 23 Nov 2021 15:09:26 +0800 +Subject: [PATCH] virt: Fix the detection for Hyper-V VMs + +Use product_version instead of product_name in DMI table and the string +"Hyper-V" to avoid misdetection. + +Fixes: #21468 + +Signed-off-by: Boqun Feng +(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4) + +Related: #2158307 +--- + src/basic/virt.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index cc95097101..f750a0463f 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -143,7 +143,8 @@ static int detect_vm_dmi_vendor(void) { + "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ + "/sys/class/dmi/id/sys_vendor", + "/sys/class/dmi/id/board_vendor", +- "/sys/class/dmi/id/bios_vendor" ++ "/sys/class/dmi/id/bios_vendor", ++ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */ + }; + + static const struct { +@@ -162,7 +163,7 @@ static int detect_vm_dmi_vendor(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, +- { "Microsoft", VIRTUALIZATION_MICROSOFT }, ++ { "Hyper-V", VIRTUALIZATION_MICROSOFT }, + }; + unsigned i; + int r; diff --git a/SOURCES/0860-basic-add-STRERROR-wrapper-for-strerror_r.patch b/SOURCES/0860-basic-add-STRERROR-wrapper-for-strerror_r.patch new file mode 100644 index 0000000..4d1c5e5 --- /dev/null +++ b/SOURCES/0860-basic-add-STRERROR-wrapper-for-strerror_r.patch @@ -0,0 +1,98 @@ +From 9c95d8dda42de288a57638a44dd5ea967469063d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 7 Oct 2022 12:28:31 +0200 +Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r() + +(cherry picked from commit 2c5d05b3cd986568105d67891e4010b868dea24f) + +Related: #2155520 +--- + src/basic/util.h | 10 ++++++++++ + src/test/test-util.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 50 insertions(+) + +diff --git a/src/basic/util.h b/src/basic/util.h +index 76b76d7e91..195f02cf5f 100644 +--- a/src/basic/util.h ++++ b/src/basic/util.h +@@ -153,6 +153,16 @@ static inline void _reset_errno_(int *saved_errno) { + errno = *saved_errno; + } + ++/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */ ++#define ERRNO_BUF_LEN 1024 ++ ++/* Note: the lifetime of the compound literal is the immediately surrounding block, ++ * see C11 §6.5.2.5, and ++ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks ++ * ++ * Note that we use the GNU variant of strerror_r() here. */ ++#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) ++ + #define PROTECT_ERRNO _cleanup_(_reset_errno_) __attribute__((unused)) int _saved_errno_ = errno + + #define UNPROTECT_ERRNO \ +diff --git a/src/test/test-util.c b/src/test/test-util.c +index df60d89115..c93eaf7fc6 100644 +--- a/src/test/test-util.c ++++ b/src/test/test-util.c +@@ -12,6 +12,7 @@ + #include "process-util.h" + #include "raw-clone.h" + #include "rm-rf.h" ++#include "stdio-util.h" + #include "string-util.h" + #include "util.h" + +@@ -321,6 +322,42 @@ static void test_system_tasks_max_scale(void) { + assert_se(system_tasks_max_scale(UINT64_MAX/4, UINT64_MAX) == UINT64_MAX); + } + ++static void test_strerror_not_threadsafe(void) { ++ /* Just check that strerror really is not thread-safe. */ ++ log_info("strerror(%d) → %s", 200, strerror(200)); ++ log_info("strerror(%d) → %s", 201, strerror(201)); ++ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX)); ++ ++ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201)); ++ ++ /* This call is not allowed, because the first returned string becomes invalid when ++ * we call strerror the second time: ++ * ++ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201)); ++ */ ++} ++ ++static void test_STRERROR(void) { ++ /* Just check that STRERROR really is thread-safe. */ ++ log_info("STRERROR(%d) → %s", 200, STRERROR(200)); ++ log_info("STRERROR(%d) → %s", 201, STRERROR(201)); ++ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201)); ++ ++ const char *a = STRERROR(200), *b = STRERROR(201); ++ assert_se(strstr(a, "200")); ++ assert_se(strstr(b, "201")); ++ ++ /* Check with negative values */ ++ assert_se(streq(a, STRERROR(-200))); ++ assert_se(streq(b, STRERROR(-201))); ++ ++ const char *c = STRERROR(INT_MAX); ++ char buf[DECIMAL_STR_MAX(int)]; ++ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */ ++ log_info("STRERROR(%d) → %s", INT_MAX, c); ++ assert_se(strstr(c, buf)); ++} ++ + int main(int argc, char *argv[]) { + log_parse_environment(); + log_open(); +@@ -340,5 +377,8 @@ int main(int argc, char *argv[]) { + test_system_tasks_max(); + test_system_tasks_max_scale(); + ++ test_strerror_not_threadsafe(); ++ test_STRERROR(); ++ + return 0; + } diff --git a/SOURCES/0861-coredump-put-context-array-into-a-struct.patch b/SOURCES/0861-coredump-put-context-array-into-a-struct.patch new file mode 100644 index 0000000..75029e7 --- /dev/null +++ b/SOURCES/0861-coredump-put-context-array-into-a-struct.patch @@ -0,0 +1,529 @@ +From f53c6620c55488e2a3bd92957b21b6b95a7a3d35 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 12 Jan 2023 15:47:09 +0100 +Subject: [PATCH] coredump: put context array into a struct + +[dtardon: This is based on commit f46c706bdd4316ae8ed6baf7a8c382b90b84f648 , +but does just the minimal change to introduce the Context struct that is +needed by the following commit.] + +Related: #2155520 +--- + src/coredump/coredump.c | 208 +++++++++++++++++++++------------------- + 1 file changed, 108 insertions(+), 100 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index fb3a6ecfe9..ebc56d8342 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -91,6 +91,10 @@ enum { + _CONTEXT_MAX + }; + ++typedef struct Context { ++ const char *meta[_CONTEXT_MAX]; ++} Context; ++ + typedef enum CoredumpStorage { + COREDUMP_STORAGE_NONE, + COREDUMP_STORAGE_EXTERNAL, +@@ -184,7 +188,7 @@ static int fix_acl(int fd, uid_t uid) { + return 0; + } + +-static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) { ++static int fix_xattr(int fd, const Context *context) { + + static const char * const xattrs[_CONTEXT_MAX] = { + [CONTEXT_PID] = "user.coredump.pid", +@@ -209,10 +213,10 @@ static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) { + for (i = 0; i < _CONTEXT_MAX; i++) { + int k; + +- if (isempty(context[i]) || !xattrs[i]) ++ if (isempty(context->meta[i]) || !xattrs[i]) + continue; + +- k = fsetxattr(fd, xattrs[i], context[i], strlen(context[i]), XATTR_CREATE); ++ k = fsetxattr(fd, xattrs[i], context->meta[i], strlen(context->meta[i]), XATTR_CREATE); + if (k < 0 && r == 0) + r = -errno; + } +@@ -230,7 +234,7 @@ static int fix_permissions( + int fd, + const char *filename, + const char *target, +- const char *context[_CONTEXT_MAX], ++ const Context *context, + uid_t uid) { + + int r; +@@ -273,18 +277,18 @@ static int maybe_remove_external_coredump(const char *filename, uint64_t size) { + return 1; + } + +-static int make_filename(const char *context[_CONTEXT_MAX], char **ret) { ++static int make_filename(const Context *context, char **ret) { + _cleanup_free_ char *c = NULL, *u = NULL, *p = NULL, *t = NULL; + sd_id128_t boot = {}; + int r; + + assert(context); + +- c = filename_escape(context[CONTEXT_COMM]); ++ c = filename_escape(context->meta[CONTEXT_COMM]); + if (!c) + return -ENOMEM; + +- u = filename_escape(context[CONTEXT_UID]); ++ u = filename_escape(context->meta[CONTEXT_UID]); + if (!u) + return -ENOMEM; + +@@ -292,11 +296,11 @@ static int make_filename(const char *context[_CONTEXT_MAX], char **ret) { + if (r < 0) + return r; + +- p = filename_escape(context[CONTEXT_PID]); ++ p = filename_escape(context->meta[CONTEXT_PID]); + if (!p) + return -ENOMEM; + +- t = filename_escape(context[CONTEXT_TIMESTAMP]); ++ t = filename_escape(context->meta[CONTEXT_TIMESTAMP]); + if (!t) + return -ENOMEM; + +@@ -313,7 +317,7 @@ static int make_filename(const char *context[_CONTEXT_MAX], char **ret) { + } + + static int save_external_coredump( +- const char *context[_CONTEXT_MAX], ++ const Context *context, + int input_fd, + char **ret_filename, + int *ret_node_fd, +@@ -334,19 +338,19 @@ static int save_external_coredump( + assert(ret_data_fd); + assert(ret_size); + +- r = parse_uid(context[CONTEXT_UID], &uid); ++ r = parse_uid(context->meta[CONTEXT_UID], &uid); + if (r < 0) + return log_error_errno(r, "Failed to parse UID: %m"); + +- r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit); ++ r = safe_atou64(context->meta[CONTEXT_RLIMIT], &rlimit); + if (r < 0) +- return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]); ++ return log_error_errno(r, "Failed to parse resource limit: %s", context->meta[CONTEXT_RLIMIT]); + if (rlimit < page_size()) { + /* Is coredumping disabled? Then don't bother saving/processing the coredump. + * Anything below PAGE_SIZE cannot give a readable coredump (the kernel uses + * ELF_EXEC_PAGESIZE which is not easily accessible, but is usually the same as PAGE_SIZE. */ + log_info("Resource limits disable core dumping for process %s (%s).", +- context[CONTEXT_PID], context[CONTEXT_COMM]); ++ context->meta[CONTEXT_PID], context->meta[CONTEXT_COMM]); + return -EBADSLT; + } + +@@ -371,7 +375,7 @@ static int save_external_coredump( + + r = copy_bytes(input_fd, fd, max_size, 0); + if (r < 0) { +- log_error_errno(r, "Cannot store coredump of %s (%s): %m", context[CONTEXT_PID], context[CONTEXT_COMM]); ++ log_error_errno(r, "Cannot store coredump of %s (%s): %m", context->meta[CONTEXT_PID], context->meta[CONTEXT_COMM]); + goto fail; + } + *ret_truncated = r == 1; +@@ -659,12 +663,12 @@ static int get_process_container_parent_cmdline(pid_t pid, char** cmdline) { + return 1; + } + +-static int change_uid_gid(const char *context[]) { ++static int change_uid_gid(const Context *context) { + uid_t uid; + gid_t gid; + int r; + +- r = parse_uid(context[CONTEXT_UID], &uid); ++ r = parse_uid(context->meta[CONTEXT_UID], &uid); + if (r < 0) + return r; + +@@ -677,7 +681,7 @@ static int change_uid_gid(const char *context[]) { + uid = gid = 0; + } + } else { +- r = parse_gid(context[CONTEXT_GID], &gid); ++ r = parse_gid(context->meta[CONTEXT_GID], &gid); + if (r < 0) + return r; + } +@@ -685,23 +689,23 @@ static int change_uid_gid(const char *context[]) { + return drop_privileges(uid, gid, 0); + } + +-static bool is_journald_crash(const char *context[_CONTEXT_MAX]) { ++static bool is_journald_crash(const Context *context) { + assert(context); + +- return streq_ptr(context[CONTEXT_UNIT], SPECIAL_JOURNALD_SERVICE); ++ return streq_ptr(context->meta[CONTEXT_UNIT], SPECIAL_JOURNALD_SERVICE); + } + +-static bool is_pid1_crash(const char *context[_CONTEXT_MAX]) { ++static bool is_pid1_crash(const Context *context) { + assert(context); + +- return streq_ptr(context[CONTEXT_UNIT], SPECIAL_INIT_SCOPE) || +- streq_ptr(context[CONTEXT_PID], "1"); ++ return streq_ptr(context->meta[CONTEXT_UNIT], SPECIAL_INIT_SCOPE) || ++ streq_ptr(context->meta[CONTEXT_PID], "1"); + } + + #define SUBMIT_COREDUMP_FIELDS 4 + + static int submit_coredump( +- const char *context[_CONTEXT_MAX], ++ Context *context, + struct iovec *iovec, + size_t n_iovec_allocated, + size_t n_iovec, +@@ -760,11 +764,11 @@ static int submit_coredump( + if (coredump_size <= arg_process_size_max) { + _cleanup_free_ char *stacktrace = NULL; + +- r = coredump_make_stack_trace(coredump_fd, context[CONTEXT_EXE], &stacktrace); ++ r = coredump_make_stack_trace(coredump_fd, context->meta[CONTEXT_EXE], &stacktrace); + if (r >= 0) +- core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], +- " (", context[CONTEXT_COMM], ") of user ", +- context[CONTEXT_UID], " dumped core.", ++ core_message = strjoin("MESSAGE=Process ", context->meta[CONTEXT_PID], ++ " (", context->meta[CONTEXT_COMM], ") of user ", ++ context->meta[CONTEXT_UID], " dumped core.", + journald_crash ? "\nCoredump diverted to " : "", + journald_crash ? filename : "", + "\n\n", stacktrace); +@@ -779,9 +783,9 @@ static int submit_coredump( + if (!core_message) + #endif + log: +- core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], +- " (", context[CONTEXT_COMM], ") of user ", +- context[CONTEXT_UID], " dumped core.", ++ core_message = strjoin("MESSAGE=Process ", context->meta[CONTEXT_PID], ++ " (", context->meta[CONTEXT_COMM], ") of user ", ++ context->meta[CONTEXT_UID], " dumped core.", + journald_crash && filename ? "\nCoredump diverted to " : NULL, + journald_crash && filename ? filename : NULL); + if (!core_message) +@@ -826,7 +830,7 @@ log: + return 0; + } + +-static void map_context_fields(const struct iovec *iovec, const char* context[]) { ++static void map_context_fields(const struct iovec *iovec, Context *context) { + + static const char * const context_field_names[] = { + [CONTEXT_PID] = "COREDUMP_PID=", +@@ -857,7 +861,7 @@ static void map_context_fields(const struct iovec *iovec, const char* context[]) + + /* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the + * buffer, though not included in the iov_len count. (see below) */ +- context[i] = p; ++ context->meta[i] = p; + break; + } + } +@@ -866,7 +870,7 @@ static int process_socket(int fd) { + _cleanup_close_ int coredump_fd = -1; + struct iovec *iovec = NULL; + size_t n_iovec = 0, n_allocated = 0, i, k; +- const char *context[_CONTEXT_MAX] = {}; ++ Context context = {}; + int r; + + assert(fd >= 0); +@@ -950,7 +954,7 @@ static int process_socket(int fd) { + iovec[n_iovec].iov_len = (size_t) n; + + cmsg_close_all(&mh); +- map_context_fields(iovec + n_iovec, context); ++ map_context_fields(iovec + n_iovec, &context); + n_iovec++; + } + +@@ -960,24 +964,24 @@ static int process_socket(int fd) { + } + + /* Make sure we got all data we really need */ +- assert(context[CONTEXT_PID]); +- assert(context[CONTEXT_UID]); +- assert(context[CONTEXT_GID]); +- assert(context[CONTEXT_SIGNAL]); +- assert(context[CONTEXT_TIMESTAMP]); +- assert(context[CONTEXT_RLIMIT]); +- assert(context[CONTEXT_HOSTNAME]); +- assert(context[CONTEXT_COMM]); ++ assert(context.meta[CONTEXT_PID]); ++ assert(context.meta[CONTEXT_UID]); ++ assert(context.meta[CONTEXT_GID]); ++ assert(context.meta[CONTEXT_SIGNAL]); ++ assert(context.meta[CONTEXT_TIMESTAMP]); ++ assert(context.meta[CONTEXT_RLIMIT]); ++ assert(context.meta[CONTEXT_HOSTNAME]); ++ assert(context.meta[CONTEXT_COMM]); + assert(coredump_fd >= 0); + + /* Small quirk: the journal fields contain the timestamp padded with six zeroes, so that the kernel-supplied 1s + * granularity timestamps becomes 1µs granularity, i.e. the granularity systemd usually operates in. Since we + * are reconstructing the original kernel context, we chop this off again, here. */ +- k = strlen(context[CONTEXT_TIMESTAMP]); ++ k = strlen(context.meta[CONTEXT_TIMESTAMP]); + if (k > 6) +- context[CONTEXT_TIMESTAMP] = strndupa(context[CONTEXT_TIMESTAMP], k - 6); ++ context.meta[CONTEXT_TIMESTAMP] = strndupa(context.meta[CONTEXT_TIMESTAMP], k - 6); + +- r = submit_coredump(context, iovec, n_allocated, n_iovec, coredump_fd); ++ r = submit_coredump(&context, iovec, n_allocated, n_iovec, coredump_fd); + + finish: + for (i = 0; i < n_iovec; i++) +@@ -1062,7 +1066,7 @@ static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const ch + } + + static int gather_pid_metadata( +- char* context[_CONTEXT_MAX], ++ Context *context, + char **comm_fallback, + struct iovec *iovec, size_t *n_iovec) { + +@@ -1077,65 +1081,69 @@ static int gather_pid_metadata( + const char *p; + int r, signo; + +- r = parse_pid(context[CONTEXT_PID], &pid); ++ r = parse_pid(context->meta[CONTEXT_PID], &pid); + if (r < 0) +- return log_error_errno(r, "Failed to parse PID \"%s\": %m", context[CONTEXT_PID]); ++ return log_error_errno(r, "Failed to parse PID \"%s\": %m", context->meta[CONTEXT_PID]); + +- r = get_process_comm(pid, &context[CONTEXT_COMM]); ++ r = get_process_comm(pid, &t); + if (r < 0) { + log_warning_errno(r, "Failed to get COMM, falling back to the command line: %m"); +- context[CONTEXT_COMM] = strv_join(comm_fallback, " "); +- if (!context[CONTEXT_COMM]) ++ context->meta[CONTEXT_COMM] = strv_join(comm_fallback, " "); ++ if (!context->meta[CONTEXT_COMM]) + return log_oom(); +- } ++ } else ++ context->meta[CONTEXT_COMM] = t; + +- r = get_process_exe(pid, &context[CONTEXT_EXE]); ++ r = get_process_exe(pid, &t); + if (r < 0) + log_warning_errno(r, "Failed to get EXE, ignoring: %m"); ++ else ++ context->meta[CONTEXT_EXE] = t; + +- if (cg_pid_get_unit(pid, &context[CONTEXT_UNIT]) >= 0) { +- if (!is_journald_crash((const char**) context)) { ++ if (cg_pid_get_unit(pid, &t) >= 0) { ++ if (!is_journald_crash(context)) { + /* OK, now we know it's not the journal, hence we can make use of it now. */ + log_set_target(LOG_TARGET_JOURNAL_OR_KMSG); + log_open(); + } + + /* If this is PID 1 disable coredump collection, we'll unlikely be able to process it later on. */ +- if (is_pid1_crash((const char**) context)) { ++ if (is_pid1_crash(context)) { + log_notice("Due to PID 1 having crashed coredump collection will now be turned off."); + disable_coredumps(); + } + +- set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]); +- } ++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context->meta[CONTEXT_UNIT]); ++ } else ++ context->meta[CONTEXT_UNIT] = t; + + if (cg_pid_get_user_unit(pid, &t) >= 0) + set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t); + + /* The next few are mandatory */ +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context->meta[CONTEXT_PID])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context->meta[CONTEXT_UID])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context->meta[CONTEXT_GID])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context->meta[CONTEXT_SIGNAL])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context->meta[CONTEXT_RLIMIT])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context->meta[CONTEXT_HOSTNAME])) + return log_oom(); + +- if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context->meta[CONTEXT_COMM])) + return log_oom(); + +- if (context[CONTEXT_EXE] && +- !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE])) ++ if (context->meta[CONTEXT_EXE] && ++ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context->meta[CONTEXT_EXE])) + return log_oom(); + + if (sd_pid_get_session(pid, &t) >= 0) +@@ -1198,11 +1206,11 @@ static int gather_pid_metadata( + if (get_process_environ(pid, &t) >= 0) + set_iovec_field_free(iovec, n_iovec, "COREDUMP_ENVIRON=", t); + +- t = strjoin("COREDUMP_TIMESTAMP=", context[CONTEXT_TIMESTAMP], "000000"); ++ t = strjoin("COREDUMP_TIMESTAMP=", context->meta[CONTEXT_TIMESTAMP], "000000"); + if (t) + iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t); + +- if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo)) ++ if (safe_atoi(context->meta[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo)) + set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo)); + + return 0; /* we successfully acquired all metadata */ +@@ -1210,7 +1218,7 @@ static int gather_pid_metadata( + + static int process_kernel(int argc, char* argv[]) { + +- char* context[_CONTEXT_MAX] = {}; ++ Context context = {}; + struct iovec iovec[29 + SUBMIT_COREDUMP_FIELDS]; + size_t i, n_iovec, n_to_free = 0; + int r; +@@ -1222,15 +1230,15 @@ static int process_kernel(int argc, char* argv[]) { + return -EINVAL; + } + +- context[CONTEXT_PID] = argv[1 + CONTEXT_PID]; +- context[CONTEXT_UID] = argv[1 + CONTEXT_UID]; +- context[CONTEXT_GID] = argv[1 + CONTEXT_GID]; +- context[CONTEXT_SIGNAL] = argv[1 + CONTEXT_SIGNAL]; +- context[CONTEXT_TIMESTAMP] = argv[1 + CONTEXT_TIMESTAMP]; +- context[CONTEXT_RLIMIT] = argv[1 + CONTEXT_RLIMIT]; +- context[CONTEXT_HOSTNAME] = argv[1 + CONTEXT_HOSTNAME]; ++ context.meta[CONTEXT_PID] = argv[1 + CONTEXT_PID]; ++ context.meta[CONTEXT_UID] = argv[1 + CONTEXT_UID]; ++ context.meta[CONTEXT_GID] = argv[1 + CONTEXT_GID]; ++ context.meta[CONTEXT_SIGNAL] = argv[1 + CONTEXT_SIGNAL]; ++ context.meta[CONTEXT_TIMESTAMP] = argv[1 + CONTEXT_TIMESTAMP]; ++ context.meta[CONTEXT_RLIMIT] = argv[1 + CONTEXT_RLIMIT]; ++ context.meta[CONTEXT_HOSTNAME] = argv[1 + CONTEXT_HOSTNAME]; + +- r = gather_pid_metadata(context, argv + 1 + CONTEXT_COMM, iovec, &n_to_free); ++ r = gather_pid_metadata(&context, argv + 1 + CONTEXT_COMM, iovec, &n_to_free); + if (r < 0) + goto finish; + +@@ -1243,8 +1251,8 @@ static int process_kernel(int argc, char* argv[]) { + + assert(n_iovec <= ELEMENTSOF(iovec)); + +- if (is_journald_crash((const char**) context) || is_pid1_crash((const char**) context)) +- r = submit_coredump((const char**) context, ++ if (is_journald_crash(&context) || is_pid1_crash(&context)) ++ r = submit_coredump(&context, + iovec, ELEMENTSOF(iovec), n_iovec, + STDIN_FILENO); + else +@@ -1255,15 +1263,15 @@ static int process_kernel(int argc, char* argv[]) { + free(iovec[i].iov_base); + + /* Those fields are allocated by gather_pid_metadata */ +- free(context[CONTEXT_COMM]); +- free(context[CONTEXT_EXE]); +- free(context[CONTEXT_UNIT]); ++ free((char *) context.meta[CONTEXT_COMM]); ++ free((char *) context.meta[CONTEXT_EXE]); ++ free((char *) context.meta[CONTEXT_UNIT]); + + return r; + } + + static int process_backtrace(int argc, char *argv[]) { +- char *context[_CONTEXT_MAX] = {}; ++ Context context = {}; + _cleanup_free_ char *message = NULL; + _cleanup_free_ struct iovec *iovec = NULL; + size_t n_iovec, n_allocated, n_to_free = 0, i; +@@ -1279,13 +1287,13 @@ static int process_backtrace(int argc, char *argv[]) { + return -EINVAL; + } + +- context[CONTEXT_PID] = argv[2 + CONTEXT_PID]; +- context[CONTEXT_UID] = argv[2 + CONTEXT_UID]; +- context[CONTEXT_GID] = argv[2 + CONTEXT_GID]; +- context[CONTEXT_SIGNAL] = argv[2 + CONTEXT_SIGNAL]; +- context[CONTEXT_TIMESTAMP] = argv[2 + CONTEXT_TIMESTAMP]; +- context[CONTEXT_RLIMIT] = argv[2 + CONTEXT_RLIMIT]; +- context[CONTEXT_HOSTNAME] = argv[2 + CONTEXT_HOSTNAME]; ++ context.meta[CONTEXT_PID] = argv[2 + CONTEXT_PID]; ++ context.meta[CONTEXT_UID] = argv[2 + CONTEXT_UID]; ++ context.meta[CONTEXT_GID] = argv[2 + CONTEXT_GID]; ++ context.meta[CONTEXT_SIGNAL] = argv[2 + CONTEXT_SIGNAL]; ++ context.meta[CONTEXT_TIMESTAMP] = argv[2 + CONTEXT_TIMESTAMP]; ++ context.meta[CONTEXT_RLIMIT] = argv[2 + CONTEXT_RLIMIT]; ++ context.meta[CONTEXT_HOSTNAME] = argv[2 + CONTEXT_HOSTNAME]; + + n_allocated = 34 + COREDUMP_STORAGE_EXTERNAL; + /* 26 metadata, 2 static, +unknown input, 4 storage, rounded up */ +@@ -1293,7 +1301,7 @@ static int process_backtrace(int argc, char *argv[]) { + if (!iovec) + return log_oom(); + +- r = gather_pid_metadata(context, argv + 2 + CONTEXT_COMM, iovec, &n_to_free); ++ r = gather_pid_metadata(&context, argv + 2 + CONTEXT_COMM, iovec, &n_to_free); + if (r < 0) + goto finish; + if (r > 0) { +@@ -1320,10 +1328,10 @@ static int process_backtrace(int argc, char *argv[]) { + if (journal_importer_eof(&importer)) { + log_warning("Did not receive a full journal entry on stdin, ignoring message sent by reporter"); + +- message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], +- " (", context[CONTEXT_COMM], ")" +- " of user ", context[CONTEXT_UID], +- " failed with ", context[CONTEXT_SIGNAL]); ++ message = strjoin("MESSAGE=Process ", context.meta[CONTEXT_PID], ++ " (", context.meta[CONTEXT_COMM], ")" ++ " of user ", context.meta[CONTEXT_UID], ++ " failed with ", context.meta[CONTEXT_SIGNAL]); + if (!message) { + r = log_oom(); + goto finish; +@@ -1349,9 +1357,9 @@ static int process_backtrace(int argc, char *argv[]) { + free(iovec[i].iov_base); + + /* Those fields are allocated by gather_pid_metadata */ +- free(context[CONTEXT_COMM]); +- free(context[CONTEXT_EXE]); +- free(context[CONTEXT_UNIT]); ++ free((char *) context.meta[CONTEXT_COMM]); ++ free((char *) context.meta[CONTEXT_EXE]); ++ free((char *) context.meta[CONTEXT_UNIT]); + + return r; + } diff --git a/SOURCES/0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch b/SOURCES/0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch new file mode 100644 index 0000000..707bdda --- /dev/null +++ b/SOURCES/0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch @@ -0,0 +1,354 @@ +From d178865d3d9940423f4d99360e3dc2fcaf0b2c96 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 28 Nov 2022 12:12:55 +0100 +Subject: [PATCH] coredump: do not allow user to access coredumps with changed + uid/gid/capabilities + +When the user starts a program which elevates its permissions via setuid, +setgid, or capabilities set on the file, it may access additional information +which would then be visible in the coredump. We shouldn't make the the coredump +visible to the user in such cases. + +Reported-by: Matthias Gerstner + +This reads the /proc//auxv file and attaches it to the process metadata as +PROC_AUXV. Before the coredump is submitted, it is parsed and if either +at_secure was set (which the kernel will do for processes that are setuid, +setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file +is not made accessible to the user. If we can't access this data, we assume the +file should not be made accessible either. In principle we could also access +the auxv data from a note in the core file, but that is much more complex and +it seems better to use the stand-alone file that is provided by the kernel. + +Attaching auxv is both convient for this patch (because this way it's passed +between the stages along with other fields), but I think it makes sense to save +it in general. + +We use the information early in the core file to figure out if the program was +32-bit or 64-bit and its endianness. This way we don't need heuristics to guess +whether the format of the auxv structure. This test might reject some cases on +fringe architecutes. But the impact would be limited: we just won't grant the +user permissions to view the coredump file. If people report that we're missing +some cases, we can always enhance this to support more architectures. + +I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and +ppc64el, but not the whole coredump handling. + +(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03) + +Resolves: #2155520 +--- + src/coredump/coredump.c | 190 ++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 182 insertions(+), 8 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index ebc56d8342..d8acd2d3a7 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -88,11 +89,13 @@ enum { + CONTEXT_COMM, + CONTEXT_EXE, + CONTEXT_UNIT, ++ CONTEXT_PROC_AUXV, + _CONTEXT_MAX + }; + + typedef struct Context { + const char *meta[_CONTEXT_MAX]; ++ size_t meta_size[_CONTEXT_MAX]; + } Context; + + typedef enum CoredumpStorage { +@@ -148,8 +151,7 @@ static inline uint64_t storage_size_max(void) { + return 0; + } + +-static int fix_acl(int fd, uid_t uid) { +- ++static int fix_acl(int fd, uid_t uid, bool allow_user) { + #if HAVE_ACL + _cleanup_(acl_freep) acl_t acl = NULL; + acl_entry_t entry; +@@ -157,6 +159,11 @@ static int fix_acl(int fd, uid_t uid) { + int r; + + assert(fd >= 0); ++ assert(uid_is_valid(uid)); ++ ++ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ ++ if (!allow_user) ++ return 0; + + if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) + return 0; +@@ -235,7 +242,8 @@ static int fix_permissions( + const char *filename, + const char *target, + const Context *context, +- uid_t uid) { ++ uid_t uid, ++ bool allow_user) { + + int r; + +@@ -245,7 +253,7 @@ static int fix_permissions( + + /* Ignore errors on these */ + (void) fchmod(fd, 0640); +- (void) fix_acl(fd, uid); ++ (void) fix_acl(fd, uid, allow_user); + (void) fix_xattr(fd, context); + + if (fsync(fd) < 0) +@@ -316,6 +324,154 @@ static int make_filename(const Context *context, char **ret) { + return 0; + } + ++static int parse_auxv64( ++ const uint64_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ if (size_bytes % (2 * sizeof(uint64_t)) != 0) ++ return log_warning_errno(-EIO, "Incomplete auxv structure (%zu bytes).", size_bytes); ++ ++ size_t words = size_bytes / sizeof(uint64_t); ++ ++ /* Note that we set output variables even on error. */ ++ ++ for (size_t i = 0; i + 1 < words; i += 2) ++ switch (auxv[i]) { ++ case AT_SECURE: ++ *at_secure = auxv[i + 1] != 0; ++ break; ++ case AT_UID: ++ *uid = auxv[i + 1]; ++ break; ++ case AT_EUID: ++ *euid = auxv[i + 1]; ++ break; ++ case AT_GID: ++ *gid = auxv[i + 1]; ++ break; ++ case AT_EGID: ++ *egid = auxv[i + 1]; ++ break; ++ case AT_NULL: ++ if (auxv[i + 1] != 0) ++ goto error; ++ return 0; ++ } ++ error: ++ return log_warning_errno(-ENODATA, ++ "AT_NULL terminator not found, cannot parse auxv structure."); ++} ++ ++static int parse_auxv32( ++ const uint32_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ size_t words = size_bytes / sizeof(uint32_t); ++ ++ if (size_bytes % (2 * sizeof(uint32_t)) != 0) ++ return log_warning_errno(-EIO, "Incomplete auxv structure (%zu bytes).", size_bytes); ++ ++ /* Note that we set output variables even on error. */ ++ ++ for (size_t i = 0; i + 1 < words; i += 2) ++ switch (auxv[i]) { ++ case AT_SECURE: ++ *at_secure = auxv[i + 1] != 0; ++ break; ++ case AT_UID: ++ *uid = auxv[i + 1]; ++ break; ++ case AT_EUID: ++ *euid = auxv[i + 1]; ++ break; ++ case AT_GID: ++ *gid = auxv[i + 1]; ++ break; ++ case AT_EGID: ++ *egid = auxv[i + 1]; ++ break; ++ case AT_NULL: ++ if (auxv[i + 1] != 0) ++ goto error; ++ return 0; ++ } ++ error: ++ return log_warning_errno(-ENODATA, ++ "AT_NULL terminator not found, cannot parse auxv structure."); ++} ++ ++static int grant_user_access(int core_fd, const Context *context) { ++ int at_secure = -1; ++ uid_t uid = UID_INVALID, euid = UID_INVALID; ++ uid_t gid = GID_INVALID, egid = GID_INVALID; ++ int r; ++ ++ assert(core_fd >= 0); ++ assert(context); ++ ++ if (!context->meta[CONTEXT_PROC_AUXV]) ++ return log_warning_errno(-ENODATA, "No auxv data, not adjusting permissions."); ++ ++ uint8_t elf[EI_NIDENT]; ++ errno = 0; ++ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) ++ return log_warning_errno(errno > 0 ? -errno : -EIO, ++ "Failed to pread from coredump fd: %s", ++ errno > 0 ? STRERROR(errno) : "Unexpected EOF"); ++ ++ if (elf[EI_MAG0] != ELFMAG0 || ++ elf[EI_MAG1] != ELFMAG1 || ++ elf[EI_MAG2] != ELFMAG2 || ++ elf[EI_MAG3] != ELFMAG3 || ++ elf[EI_VERSION] != EV_CURRENT) ++ return log_info_errno(-EUCLEAN, ++ "Core file does not have ELF header, not adjusting permissions."); ++ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || ++ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) ++ return log_info_errno(-EUCLEAN, ++ "Core file has strange ELF class, not adjusting permissions."); ++ ++ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) ++ return log_info_errno(-EUCLEAN, ++ "Core file has non-native endianness, not adjusting permissions."); ++ ++ if (elf[EI_CLASS] == ELFCLASS64) ++ r = parse_auxv64((const uint64_t*) context->meta[CONTEXT_PROC_AUXV], ++ context->meta_size[CONTEXT_PROC_AUXV], ++ &at_secure, &uid, &euid, &gid, &egid); ++ else ++ r = parse_auxv32((const uint32_t*) context->meta[CONTEXT_PROC_AUXV], ++ context->meta_size[CONTEXT_PROC_AUXV], ++ &at_secure, &uid, &euid, &gid, &egid); ++ if (r < 0) ++ return r; ++ ++ /* We allow access if we got all the data and at_secure is not set and ++ * the uid/gid matches euid/egid. */ ++ bool ret = ++ at_secure == 0 && ++ uid != UID_INVALID && euid != UID_INVALID && uid == euid && ++ gid != GID_INVALID && egid != GID_INVALID && gid == egid; ++ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", ++ ret ? "permit" : "restrict", ++ uid, euid, gid, egid, yes_no(at_secure)); ++ return ret; ++} ++ + static int save_external_coredump( + const Context *context, + int input_fd, +@@ -395,6 +551,8 @@ static int save_external_coredump( + goto fail; + } + ++ bool allow_user = grant_user_access(fd, context) > 0; ++ + #if HAVE_XZ || HAVE_LZ4 + /* If we will remove the coredump anyway, do not compress. */ + if (arg_compress && !maybe_remove_external_coredump(NULL, st.st_size)) { +@@ -420,7 +578,7 @@ static int save_external_coredump( + goto fail_compressed; + } + +- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); ++ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); + if (r < 0) + goto fail_compressed; + +@@ -443,7 +601,7 @@ static int save_external_coredump( + uncompressed: + #endif + +- r = fix_permissions(fd, tmp, fn, context, uid); ++ r = fix_permissions(fd, tmp, fn, context, uid, allow_user); + if (r < 0) + goto fail; + +@@ -842,6 +1000,7 @@ static void map_context_fields(const struct iovec *iovec, Context *context) { + [CONTEXT_HOSTNAME] = "COREDUMP_HOSTNAME=", + [CONTEXT_COMM] = "COREDUMP_COMM=", + [CONTEXT_EXE] = "COREDUMP_EXE=", ++ [CONTEXT_PROC_AUXV] = "COREDUMP_PROC_AUXV=", + }; + + unsigned i; +@@ -862,6 +1021,7 @@ static void map_context_fields(const struct iovec *iovec, Context *context) { + /* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the + * buffer, though not included in the iov_len count. (see below) */ + context->meta[i] = p; ++ context->meta_size[i] = iovec->iov_len - strlen(context_field_names[i]); + break; + } + } +@@ -1070,7 +1230,7 @@ static int gather_pid_metadata( + char **comm_fallback, + struct iovec *iovec, size_t *n_iovec) { + +- /* We need 27 empty slots in iovec! ++ /* We need 28 empty slots in iovec! + * + * Note that if we fail on oom later on, we do not roll-back changes to the iovec structure. (It remains valid, + * with the first n_iovec fields initialized.) */ +@@ -1078,6 +1238,7 @@ static int gather_pid_metadata( + uid_t owner_uid; + pid_t pid; + char *t; ++ size_t size; + const char *p; + int r, signo; + +@@ -1187,6 +1348,19 @@ static int gather_pid_metadata( + if (read_full_file(p, &t, NULL) >=0) + set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_MOUNTINFO=", t); + ++ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ ++ p = procfs_file_alloca(pid, "auxv"); ++ if (read_full_file(p, &t, &size) >= 0) { ++ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); ++ if (buf) { ++ /* Add a dummy terminator to make save_context() happy. */ ++ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; ++ iovec[(*n_iovec)++] = IOVEC_MAKE(buf, size + strlen("COREDUMP_PROC_AUXV=")); ++ } ++ ++ free(t); ++ } ++ + if (get_process_cwd(pid, &t) >= 0) + set_iovec_field_free(iovec, n_iovec, "COREDUMP_CWD=", t); + +@@ -1219,7 +1393,7 @@ static int gather_pid_metadata( + static int process_kernel(int argc, char* argv[]) { + + Context context = {}; +- struct iovec iovec[29 + SUBMIT_COREDUMP_FIELDS]; ++ struct iovec iovec[30 + SUBMIT_COREDUMP_FIELDS]; + size_t i, n_iovec, n_to_free = 0; + int r; + diff --git a/SOURCES/0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch b/SOURCES/0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch new file mode 100644 index 0000000..583749a --- /dev/null +++ b/SOURCES/0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch @@ -0,0 +1,70 @@ +From a55bdb007ca24900a704f72359305b04125d9e05 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 20 Apr 2022 10:13:43 +0200 +Subject: [PATCH] logind: remember our idle state and use it to detect idle + level transitions + +Fixes #16391 + +(cherry picked from commit 4e2cfb778b9ed7f22ee98f48f28cf8678d25ad32) + +Resolved: #1866955 +--- + src/login/logind.c | 23 +++++++++++++++++++---- + src/login/logind.h | 1 + + 2 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/src/login/logind.c b/src/login/logind.c +index 6b576dad0d..bb1d3f3523 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -1027,18 +1027,33 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us + n = now(CLOCK_MONOTONIC); + + r = manager_get_idle_hint(m, &since); +- if (r <= 0) ++ if (r <= 0) { + /* Not idle. Let's check if after a timeout it might be idle then. */ + elapse = n + m->idle_action_usec; +- else { ++ m->was_idle = false; ++ } else { ++ + /* Idle! Let's see if it's time to do something, or if + * we shall sleep for longer. */ + + if (n >= since.monotonic + m->idle_action_usec && + (m->idle_action_not_before_usec <= 0 || n >= m->idle_action_not_before_usec + m->idle_action_usec)) { +- log_info("System idle. Taking action."); ++ bool is_edge = false; ++ ++ /* We weren't idle previously or some activity happened while we were sleeping, and now we are ++ * idle. Let's remember that for the next time and make this an edge transition. */ ++ if (!m->was_idle || since.monotonic >= m->idle_action_not_before_usec) { ++ is_edge = true; ++ m->was_idle = true; ++ } ++ ++ if (m->idle_action == HANDLE_LOCK && !is_edge) ++ /* We are idle and we were before so we are actually not taking any action. */ ++ log_debug("System idle."); ++ else ++ log_info("System idle. Doing %s operation.", handle_action_to_string(m->idle_action)); + +- manager_handle_action(m, 0, m->idle_action, false, false); ++ manager_handle_action(m, 0, m->idle_action, false, is_edge); + m->idle_action_not_before_usec = n; + } + +diff --git a/src/login/logind.h b/src/login/logind.h +index 606adf4fe6..b9b4a5113f 100644 +--- a/src/login/logind.h ++++ b/src/login/logind.h +@@ -101,6 +101,7 @@ struct Manager { + usec_t idle_action_usec; + usec_t idle_action_not_before_usec; + HandleAction idle_action; ++ bool was_idle; + + usec_t stop_idle_session_usec; + diff --git a/SOURCES/0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch b/SOURCES/0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch new file mode 100644 index 0000000..6c058f8 --- /dev/null +++ b/SOURCES/0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch @@ -0,0 +1,103 @@ +From 1925845dc10330e4b48fec68333fac6ef2b7bf5c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 1 Jun 2022 08:56:08 +0900 +Subject: [PATCH] test: import logind test from debian/ubuntu test suite + +[dtardon: Picked just the scaffolding, not the tests themselves.] + +(cherry picked from commit 9c94ab0f6ff22da4278a6e9a93ddc480607c55ac) + +Related: #1866955 +--- + test/TEST-35-LOGIN/Makefile | 1 + + test/TEST-35-LOGIN/test.sh | 55 +++++++++++++++++++++++++++++++++ + test/TEST-35-LOGIN/testsuite.sh | 9 ++++++ + 3 files changed, 65 insertions(+) + create mode 120000 test/TEST-35-LOGIN/Makefile + create mode 100755 test/TEST-35-LOGIN/test.sh + create mode 100755 test/TEST-35-LOGIN/testsuite.sh + +diff --git a/test/TEST-35-LOGIN/Makefile b/test/TEST-35-LOGIN/Makefile +new file mode 120000 +index 0000000000..e9f93b1104 +--- /dev/null ++++ b/test/TEST-35-LOGIN/Makefile +@@ -0,0 +1 @@ ++../TEST-01-BASIC/Makefile +\ No newline at end of file +diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh +new file mode 100755 +index 0000000000..32410c8149 +--- /dev/null ++++ b/test/TEST-35-LOGIN/test.sh +@@ -0,0 +1,55 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++set -e ++ ++TEST_DESCRIPTION="LOGIN" ++ ++# shellcheck source=test/test-functions ++. "${TEST_BASE_DIR:?}/test-functions" ++ ++test_setup() { ++ create_empty_image ++ mkdir -p "$TESTDIR"/root ++ mount "${LOOPDEV}p1" "$TESTDIR"/root ++ ++ ( ++ LOG_LEVEL=5 ++ eval $(udevadm info --export --query=env --name="${LOOPDEV}p2") ++ ++ setup_basic_environment ++ ++ inst_binary pkill ++ inst_binary useradd ++ inst_binary userdel ++ ++ # mask some services that we do not want to run in these tests ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.service ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-networkd.socket ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-resolved.service ++ ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-machined.service ++ ++ # setup the testsuite service ++ cat >"$initdir"/etc/systemd/system/testsuite.service </failed ++ ++touch /testok ++rm /failed diff --git a/SOURCES/0865-test-introduce-inst_recursive-helper-function.patch b/SOURCES/0865-test-introduce-inst_recursive-helper-function.patch new file mode 100644 index 0000000..cb98216 --- /dev/null +++ b/SOURCES/0865-test-introduce-inst_recursive-helper-function.patch @@ -0,0 +1,37 @@ +From 21c281585983fe2efc2b74d712d98ff7e6c013b1 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 14 Jun 2022 09:11:00 +0900 +Subject: [PATCH] test: introduce inst_recursive() helper function + +(cherry picked from commit da0465dc95388afc15598357452afef85035c639) + +Related: #1866955 +--- + test/test-functions | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 19363be858..9606a1b085 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1224,6 +1224,20 @@ inst_any() { + return 1 + } + ++inst_recursive() { ++ local p item ++ ++ for p in "$@"; do ++ while read -r item; do ++ if [[ -d "$item" ]]; then ++ inst_dir "$item" ++ elif [[ -f "$item" ]]; then ++ inst_simple "$item" ++ fi ++ done < <(find "$p" 2>/dev/null) ++ done ++} ++ + # dracut_install [-o ] [ ... ] + # Install to the initramfs image + # -o optionally install the and don't fail, if it is not there diff --git a/SOURCES/0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch b/SOURCES/0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch new file mode 100644 index 0000000..f1fe13a --- /dev/null +++ b/SOURCES/0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch @@ -0,0 +1,148 @@ +From 638c2418e705410344e07e77f944530df0f4608f Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 1 Jul 2022 12:59:57 +0200 +Subject: [PATCH] tests: verify that Lock D-Bus signal is sent when + IdleAction=lock + +(cherry picked from commit 181656fc0faa885d69bc34822b8e9b5de3fdf6bf) + +Related: #1866955 +--- + test/TEST-35-LOGIN/test.sh | 11 +++- + test/TEST-35-LOGIN/testsuite.sh | 93 +++++++++++++++++++++++++++++++++ + 2 files changed, 103 insertions(+), 1 deletion(-) + +diff --git a/test/TEST-35-LOGIN/test.sh b/test/TEST-35-LOGIN/test.sh +index 32410c8149..f83afcff49 100755 +--- a/test/TEST-35-LOGIN/test.sh ++++ b/test/TEST-35-LOGIN/test.sh +@@ -14,14 +14,23 @@ test_setup() { + + ( + LOG_LEVEL=5 +- eval $(udevadm info --export --query=env --name="${LOOPDEV}p2") ++ eval "$(udevadm info --export --query=env --name="${LOOPDEV}p2")" + + setup_basic_environment + ++ inst_binary awk + inst_binary pkill + inst_binary useradd + inst_binary userdel + ++ if command -v expect >/dev/null && command -v tclsh >/dev/null ; then ++ # shellcheck disable=SC2016 ++ version="$(tclsh <<< 'puts $tcl_version')" ++ ++ dracut_install expect ++ inst_recursive /usr/lib64/tcl"$version" /usr/share/tcl"$version" ++ fi ++ + # mask some services that we do not want to run in these tests + ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-hwdb-update.service + ln -fs /dev/null "$initdir"/etc/systemd/system/systemd-journal-catalog-update.service +diff --git a/test/TEST-35-LOGIN/testsuite.sh b/test/TEST-35-LOGIN/testsuite.sh +index 9855b4bc80..e4d72beb74 100755 +--- a/test/TEST-35-LOGIN/testsuite.sh ++++ b/test/TEST-35-LOGIN/testsuite.sh +@@ -3,7 +3,100 @@ + set -eux + set -o pipefail + ++setup_idle_action_lock() { ++ useradd testuser ||: ++ ++ mkdir -p /run/systemd/logind.conf.d/ ++ cat >/run/systemd/logind.conf.d/idle-action-lock.conf </run/systemd/systemd-logind.service.d/debug.conf </dev/null ; then ++ echo >&2 "expect not installed, skiping test ${FUNCNAME[0]}" ++ return 0 ++ fi ++ ++ setup_idle_action_lock ++ trap teardown_idle_action_lock RETURN ++ ++ if loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -q testuser ; then ++ echo >&2 "Session of the \'testuser\' is already present." ++ return 1 ++ fi ++ ++ # IdleActionSec is set 1s but the accuracy of associated timer is 30s so we ++ # need to sleep in worst case for 31s to make sure timer elapsed. We sleep ++ # here for 35s to accomodate for any possible scheudling delays. ++ cat > /tmp/test.exp < dbus.log & ++ ++ expect /tmp/test.exp & ++ ++ # Sleep a bit to give expect time to spawn systemd-run before we check for ++ # the presence of resulting session. ++ sleep 2 ++ if [ "$(loginctl --no-legend | awk '{ print $3; }' | sort -u | grep -c testuser)" != 1 ] ; then ++ echo >&2 "\'testuser\' is expected to have exactly one session running." ++ return 1 ++ fi ++ ++ wait %2 ++ sleep 20 ++ kill %1 ++ ++ # We slept for 35s , in that interval all sessions should have become idle ++ # and "Lock" signal should have been sent out. Then we wrote to tty to make ++ # session active again and next we slept for another 35s so sessions have ++ # become idle again. 'Lock' signal is sent out for each session, we have at ++ # least one session, so minimum of 2 "Lock" signals must have been sent. ++ if [ "$(grep -c Member=Lock dbus.log)" -lt 2 ]; then ++ echo >&2 "Too few 'Lock' D-Bus signal sent, expected at least 2." ++ return 1 ++ fi ++ ++ journalctl -b -u systemd-logind.service --since="$ts" > logind.log ++ if [ "$(grep -c 'System idle. Doing lock operation.' logind.log)" -lt 2 ]; then ++ echo >&2 "System haven't entered idle state at least 2 times." ++ return 1 ++ fi ++ ++ rm -f dbus.log logind.log ++} ++ + : >/failed + ++test_lock_idle_action ++ + touch /testok + rm /failed diff --git a/SOURCES/0867-systemctl-simplify-halt_main.patch b/SOURCES/0867-systemctl-simplify-halt_main.patch new file mode 100644 index 0000000..bd1d085 --- /dev/null +++ b/SOURCES/0867-systemctl-simplify-halt_main.patch @@ -0,0 +1,86 @@ +From 797b00e6a6f33d2b74beba02f678bf4d12e2146b Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Tue, 14 Dec 2021 17:27:05 +0100 +Subject: [PATCH] systemctl: simplify halt_main() + +The code at this point is not able to tell whether it was called as +halt/poweroff/reboot or shutdown with time "now". +The code also takes a shortcut to skip logind if called as root. +That however means asking shutdown for immediate action won't trigger a +wall message. +As per https://github.com/systemd/systemd/issues/8424#issuecomment-374677315 +all commands should trigger a wall message. +That simplifies the code as we can try logind first always. + +(cherry picked from commit adefc8789b63225662e50ceaa282f9553b5c64eb) + +Resolves: #2053273 +--- + src/systemctl/systemctl.c | 44 ++++++++++++++++----------------------- + 1 file changed, 18 insertions(+), 26 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index b967550b97..4bedb52f2a 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -8658,34 +8658,23 @@ static int logind_schedule_shutdown(void) { + static int halt_main(void) { + int r; + +- r = logind_check_inhibitors(arg_action); +- if (r < 0) +- return r; +- ++ /* always try logind first */ + if (arg_when > 0) +- return logind_schedule_shutdown(); +- +- if (geteuid() != 0) { +- if (arg_dry_run || arg_force > 0) { +- (void) must_be_root(); +- return -EPERM; +- } ++ r = logind_schedule_shutdown(); ++ else { ++ r = logind_check_inhibitors(arg_action); ++ if (r < 0) ++ return r; + +- /* Try logind if we are a normal user and no special +- * mode applies. Maybe PolicyKit allows us to shutdown +- * the machine. */ +- if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) { +- r = logind_reboot(arg_action); +- if (r >= 0) +- return r; +- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS)) +- /* requested operation is not +- * supported on the local system or +- * already in progress */ +- return r; +- /* on all other errors, try low-level operation */ +- } ++ r = logind_reboot(arg_action); + } ++ if (r >= 0) ++ return r; ++ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS)) ++ /* Requested operation is not supported on the local system or already in ++ * progress */ ++ return r; ++ /* on all other errors, try low-level operation */ + + /* In order to minimize the difference between operation with and + * without logind, we explicitly enable non-blocking mode for this, +@@ -8695,7 +8684,10 @@ static int halt_main(void) { + if (!arg_dry_run && !arg_force) + return start_with_fallback(); + +- assert(geteuid() == 0); ++ if (geteuid() != 0) { ++ (void) must_be_root(); ++ return -EPERM; ++ } + + if (!arg_no_wtmp) { + if (sd_booted() > 0) diff --git a/SOURCES/0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch b/SOURCES/0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch new file mode 100644 index 0000000..dd7b2dd --- /dev/null +++ b/SOURCES/0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch @@ -0,0 +1,51 @@ +From 1d63577410cde215c04921d62f435259a6b258d7 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Mon, 20 Dec 2021 18:05:50 +0100 +Subject: [PATCH] systemctl: shutdown don't fallback on auth fail + +For shutdowns don't fall back to starting the target directly if talking +to logind failed with auth failure. That would just lead to another +polkit auth attempt. + +(cherry picked from commit 38d55bf2641f345445cb4e6a5e5e808555591db2) + +Related: #2053273 +--- + src/systemctl/systemctl.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 4bedb52f2a..199f736f7f 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -3675,8 +3675,8 @@ static int start_special(int argc, char *argv[], void *userdata) { + r = logind_reboot(a); + if (r >= 0) + return r; +- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS)) +- /* requested operation is not supported or already in progress */ ++ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS)) ++ /* Requested operation requires auth, is not supported or already in progress */ + return r; + + /* On all other errors, try low-level operation. In order to minimize the difference between +@@ -8644,7 +8644,7 @@ static int logind_schedule_shutdown(void) { + action, + arg_when); + if (r < 0) +- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r)); ++ return log_warning_errno(r, "Failed to schedule shutdown: %s", bus_error_message(&error, r)); + + if (!arg_quiet) + log_info("Shutdown scheduled for %s, use 'shutdown -c' to cancel.", format_timestamp(date, sizeof(date), arg_when)); +@@ -8670,8 +8670,8 @@ static int halt_main(void) { + } + if (r >= 0) + return r; +- if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS)) +- /* Requested operation is not supported on the local system or already in ++ if (IN_SET(r, -EACCES, -EOPNOTSUPP, -EINPROGRESS)) ++ /* Requested operation requires auth, is not supported on the local system or already in + * progress */ + return r; + /* on all other errors, try low-level operation */ diff --git a/SOURCES/0869-systemctl-reintroduce-the-original-halt_main.patch b/SOURCES/0869-systemctl-reintroduce-the-original-halt_main.patch new file mode 100644 index 0000000..dce7359 --- /dev/null +++ b/SOURCES/0869-systemctl-reintroduce-the-original-halt_main.patch @@ -0,0 +1,82 @@ +From d36295d7c1b110d150b7af6e3354c28af4c4884d Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 30 Jan 2023 14:27:24 +0100 +Subject: [PATCH] systemctl: reintroduce the original halt_main() + +RHEL-only + +Related: #2053273 +--- + src/systemctl/systemctl.c | 59 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 59 insertions(+) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 199f736f7f..a26e4a913a 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -8655,6 +8655,65 @@ static int logind_schedule_shutdown(void) { + #endif + } + ++static int halt_main_old(void) { ++ int r; ++ ++ r = logind_check_inhibitors(arg_action); ++ if (r < 0) ++ return r; ++ ++ if (arg_when > 0) ++ return logind_schedule_shutdown(); ++ ++ if (geteuid() != 0) { ++ if (arg_dry_run || arg_force > 0) { ++ (void) must_be_root(); ++ return -EPERM; ++ } ++ ++ /* Try logind if we are a normal user and no special ++ * mode applies. Maybe PolicyKit allows us to shutdown ++ * the machine. */ ++ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) { ++ r = logind_reboot(arg_action); ++ if (r >= 0) ++ return r; ++ if (IN_SET(r, -EOPNOTSUPP, -EINPROGRESS)) ++ /* requested operation is not ++ * supported on the local system or ++ * already in progress */ ++ return r; ++ /* on all other errors, try low-level operation */ ++ } ++ } ++ ++ /* In order to minimize the difference between operation with and ++ * without logind, we explicitly enable non-blocking mode for this, ++ * as logind's shutdown operations are always non-blocking. */ ++ arg_no_block = true; ++ ++ if (!arg_dry_run && !arg_force) ++ return start_with_fallback(); ++ ++ assert(geteuid() == 0); ++ ++ if (!arg_no_wtmp) { ++ if (sd_booted() > 0) ++ log_debug("Not writing utmp record, assuming that systemd-update-utmp is used."); ++ else { ++ r = utmp_put_shutdown(); ++ if (r < 0) ++ log_warning_errno(r, "Failed to write utmp record: %m"); ++ } ++ } ++ ++ if (arg_dry_run) ++ return 0; ++ ++ r = halt_now(arg_action); ++ return log_error_errno(r, "Failed to reboot: %m"); ++} ++ + static int halt_main(void) { + int r; + diff --git a/SOURCES/0870-systemctl-preserve-old-behavior-unless-requested.patch b/SOURCES/0870-systemctl-preserve-old-behavior-unless-requested.patch new file mode 100644 index 0000000..e652470 --- /dev/null +++ b/SOURCES/0870-systemctl-preserve-old-behavior-unless-requested.patch @@ -0,0 +1,44 @@ +From 74632586b46c7e88b09c57eec50f9c4aed254b98 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 30 Jan 2023 14:31:23 +0100 +Subject: [PATCH] systemctl: preserve old behavior unless requested + +Currently, the legacy shutdown commands ignore inhibitors and reboot +immediately if run by root. Let's preserve that behavior in RHEL-8 by +default. The new behavior can be turned on by those who want it by +exporting SYSTEMD_NEW_SHUTDOWN=1 . + +RHEL-only + +Related: #2053273 +--- + src/systemctl/systemctl.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index a26e4a913a..1546119ce5 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -8714,7 +8714,7 @@ static int halt_main_old(void) { + return log_error_errno(r, "Failed to reboot: %m"); + } + +-static int halt_main(void) { ++static int halt_main_new(void) { + int r; + + /* always try logind first */ +@@ -8765,6 +8765,13 @@ static int halt_main(void) { + return log_error_errno(r, "Failed to reboot: %m"); + } + ++static int halt_main(void) { ++ if (getenv_bool("SYSTEMD_NEW_SHUTDOWN") > 0) ++ return halt_main_new(); ++ else ++ return halt_main_old(); ++} ++ + static int runlevel_main(void) { + int r, runlevel, previous; + diff --git a/SOURCES/0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch b/SOURCES/0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch new file mode 100644 index 0000000..70e8f6f --- /dev/null +++ b/SOURCES/0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch @@ -0,0 +1,43 @@ +From ea3910e561f043f5a131a846862955c77169da1b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 19 Nov 2018 11:39:45 +0100 +Subject: [PATCH] pam_systemd: suppress LOG_DEBUG log messages if debugging is + off + +In the PAM module we need to suppress LOG_DEBUG messages manually, if +debug logging is not on, as PAM won't do this for us. We did this +correctly for most log messages already, but two were missing. Let's fix +those too. + +Fixes: #10822 +(cherry picked from commit 2675747f3cdd6f1e6236bbb2f79abfa53fb307f1) + +Resolves: #2170084 +--- + src/login/pam_systemd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c +index 64e1b4d1bf..c87e980b18 100644 +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -476,7 +476,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( + } + + if (seat && !streq(seat, "seat0") && vtnr != 0) { +- pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat); ++ if (debug) ++ pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat); + vtnr = 0; + } + +@@ -577,7 +578,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( + r = sd_bus_call(bus, m, 0, &error, &reply); + if (r < 0) { + if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) { +- pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r)); ++ if (debug) ++ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r)); + return PAM_SUCCESS; + } else { + pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r)); diff --git a/SOURCES/0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch b/SOURCES/0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch new file mode 100644 index 0000000..c83b140 --- /dev/null +++ b/SOURCES/0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch @@ -0,0 +1,50 @@ +From 33351e103734188a4a30b88e7f2ea0613d628599 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 16 Feb 2023 15:56:52 +0100 +Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.8 + +RHEL-only + +Resolves: #2170499 +--- + man/systemd.net-naming-scheme.xml | 6 ++++++ + src/udev/udev-builtin-net_id.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml +index a567483995..3cc7719e99 100644 +--- a/man/systemd.net-naming-scheme.xml ++++ b/man/systemd.net-naming-scheme.xml +@@ -328,6 +328,12 @@ + for that, the limit is increased to now 65535. + + ++ ++ rhel-8.8 ++ ++ Same as naming scheme rhel-8.7. ++ ++ + Note that latest may be used to denote the latest scheme known to this + particular version of systemd. + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index df84acf27c..ef2bb1b08e 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -141,6 +141,7 @@ typedef enum NamingSchemeFlags { + NAMING_RHEL_8_5 = NAMING_RHEL_8_4, + NAMING_RHEL_8_6 = NAMING_RHEL_8_4, + NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX, ++ NAMING_RHEL_8_8 = NAMING_RHEL_8_7, + + _NAMING_SCHEME_FLAGS_INVALID = -1, + } NamingSchemeFlags; +@@ -161,6 +162,7 @@ static const NamingScheme naming_schemes[] = { + { "rhel-8.5", NAMING_RHEL_8_5 }, + { "rhel-8.6", NAMING_RHEL_8_6 }, + { "rhel-8.7", NAMING_RHEL_8_7 }, ++ { "rhel-8.8", NAMING_RHEL_8_8 }, + /* … add more schemes here, as the logic to name devices is updated … */ + }; + diff --git a/SOURCES/systemd-user b/SOURCES/systemd-user index 8607d4f..d1f64c1 100644 --- a/SOURCES/systemd-user +++ b/SOURCES/systemd-user @@ -8,4 +8,5 @@ account include system-auth session required pam_selinux.so close session required pam_selinux.so nottys open session required pam_loginuid.so +session required pam_namespace.so session include system-auth diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 079c082..48f77b6 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 67%{?dist} +Release: 72%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -875,6 +875,53 @@ Patch0822: 0822-shutdown-get-only-active-md-arrays.patch Patch0823: 0823-scope-allow-unprivileged-delegation-on-scopes.patch Patch0824: 0824-resolved-pin-stream-while-calling-callbacks-for-it.patch Patch0825: 0825-ci-functions-Add-useradd-and-userdel.patch +Patch0826: 0826-logind-optionally-watch-utmp-for-login-data.patch +Patch0827: 0827-logind-add-hashtable-for-finding-session-by-leader-P.patch +Patch0828: 0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch +Patch0829: 0829-sd-event-add-relative-timer-calls.patch +Patch0830: 0830-logind-add-option-to-stop-idle-sessions-after-specif.patch +Patch0831: 0831-logind-schedule-idle-check-full-interval-from-now-if.patch +Patch0832: 0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch +Patch0833: 0833-meson-do-not-compare-objects-of-different-types.patch +Patch0834: 0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch +Patch0835: 0835-Fix-build-with-httpd-0.9.71.patch +Patch0836: 0836-ci-replace-LGTM-with-CodeQL.patch +Patch0837: 0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch +Patch0838: 0838-time-util-fix-buffer-over-run.patch +Patch0839: 0839-basic-recognize-pdfs-filesystem-as-a-network-filesys.patch +Patch0840: 0840-core-move-reset_arguments-to-the-end-of-main-s-finis.patch +Patch0841: 0841-manager-move-inc.-of-n_reloading-into-a-function.patch +Patch0842: 0842-core-Add-new-DBUS-properties-UnitsReloadStartTimesta.patch +Patch0843: 0843-core-Indicate-the-time-when-the-manager-started-load.patch +Patch0844: 0844-core-do-not-touch-run-systemd-systemd-units-load-fro.patch +Patch0845: 0845-sysctl-downgrade-message-when-we-have-no-permission.patch +Patch0846: 0846-core-respect-SELinuxContext-for-socket-creation.patch +Patch0847: 0847-manager-use-target-process-context-to-set-socket-con.patch +Patch0848: 0848-virt-detect-Amazon-EC2-Nitro-instance.patch +Patch0849: 0849-machine-id-setup-generate-machine-id-from-DMI-produc.patch +Patch0850: 0850-virt-use-string-table-to-detect-VM-or-container.patch +Patch0851: 0851-fileio-introduce-read_full_virtual_file-for-reading-.patch +Patch0852: 0852-Use-BIOS-characteristics-to-distinguish-EC2-bare-met.patch +Patch0853: 0853-device-drop-refuse_after.patch +Patch0854: 0854-manager-limit-access-to-private-dbus-socket.patch +Patch0855: 0855-journalctl-do-not-treat-EINTR-as-an-error-when-waiti.patch +Patch0856: 0856-core-bring-manager_startup-and-manager_reload-more-i.patch +Patch0857: 0857-pam-add-a-call-to-pam_namespace.patch +Patch0858: 0858-virt-Support-detection-for-ARM64-Hyper-V-guests.patch +Patch0859: 0859-virt-Fix-the-detection-for-Hyper-V-VMs.patch +Patch0860: 0860-basic-add-STRERROR-wrapper-for-strerror_r.patch +Patch0861: 0861-coredump-put-context-array-into-a-struct.patch +Patch0862: 0862-coredump-do-not-allow-user-to-access-coredumps-with-.patch +Patch0863: 0863-logind-remember-our-idle-state-and-use-it-to-detect-.patch +Patch0864: 0864-test-import-logind-test-from-debian-ubuntu-test-suit.patch +Patch0865: 0865-test-introduce-inst_recursive-helper-function.patch +Patch0866: 0866-tests-verify-that-Lock-D-Bus-signal-is-sent-when-Idl.patch +Patch0867: 0867-systemctl-simplify-halt_main.patch +Patch0868: 0868-systemctl-shutdown-don-t-fallback-on-auth-fail.patch +Patch0869: 0869-systemctl-reintroduce-the-original-halt_main.patch +Patch0870: 0870-systemctl-preserve-old-behavior-unless-requested.patch +Patch0871: 0871-pam_systemd-suppress-LOG_DEBUG-log-messages-if-debug.patch +Patch0872: 0872-udev-net_id-introduce-naming-scheme-for-RHEL-8.8.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1504,6 +1551,61 @@ fi %files tests -f .file-list-tests %changelog +* Fri Feb 17 2023 systemd maintenance team - 239-72 +- test: import logind test from debian/ubuntu test suite (#1866955) +- test: introduce inst_recursive() helper function (#1866955) +- tests: verify that Lock D-Bus signal is sent when IdleAction=lock (#1866955) +- systemctl: simplify halt_main() (#2053273) +- systemctl: shutdown don't fallback on auth fail (#2053273) +- systemctl: reintroduce the original halt_main() (#2053273) +- systemctl: preserve old behavior unless requested (#2053273) +- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (#2170084) +- udev/net_id: introduce naming scheme for RHEL-8.8 (#2170499) +- pam: add a call to pam_namespace (#1861836) + +* Tue Jan 31 2023 systemd maintenance team - 239-71 +- manager: limit access to private dbus socket (#2119405) +- journalctl: do not treat EINTR as an error when waiting for events (#2161683) +- core: bring manager_startup() and manager_reload() more inline (#2059633) +- pam: add a call to pam_namespace (#1861836) +- virt: Support detection for ARM64 Hyper-V guests (#2158307) +- virt: Fix the detection for Hyper-V VMs (#2158307) +- basic: add STRERROR() wrapper for strerror_r() (#2155520) +- coredump: put context array into a struct (#2155520) +- coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155520) + +* Mon Jan 16 2023 systemd maintenance team - 239-70 +- basic: recognize pdfs filesystem as a network filesystem (#2094661) +- core: move reset_arguments() to the end of main's finish (#2127131) +- manager: move inc. of n_reloading into a function (#2136869) +- core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic (#2136869) +- core: Indicate the time when the manager started loading units the last time (#2136869) +- core: do not touch /run/systemd/systemd-units-load from user session instances (#2136869) +- sysctl: downgrade message when we have no permission (#2158160) +- core: respect SELinuxContext= for socket creation (#2136738) +- manager: use target process context to set socket context (#2136738) +- virt: detect Amazon EC2 Nitro instance (#2117948) +- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 (#2117948) +- virt: use string table to detect VM or container (#2117948) +- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (#2117948) +- Use BIOS characteristics to distinguish EC2 bare-metal from VMs (#2117948) +- device: drop refuse_after (#2043524) + +* Tue Nov 08 2022 systemd maintenance team - 239-69 +- logind: optionally watch utmp for login data (#2122288) +- logind: add hashtable for finding session by leader PID (#2122288) +- core/load-fragment: move config_parse_sec_fix_0 to src/shared (#2122288) +- sd-event: add relative timer calls (#2122288) +- logind: add option to stop idle sessions after specified timeout (#2122288) +- logind: schedule idle check full interval from now if we couldn't figure out atime timestamp (#2122288) +- ci(lint): add shell linter - Differential ShellCheck (#2122499) +- meson: do not compare objects of different types (#2122499) +- journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 (#2122499) +- Fix build with µhttpd 0.9.71 (#2122499) +- ci: replace LGTM with CodeQL (#2122499) +- ci(mergify): Update policy - Drop LGTM checks (#2122499) +- time-util: fix buffer-over-run (#2139391) + * Fri Aug 26 2022 systemd maintenance team - 239-67 - resolved: pin stream while calling callbacks for it (#2110549) - ci(functions): Add `useradd` and `userdel` (#2110549)