From d36331157b3db67abda7fdd0738813851e61a282 Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Nov 13 2024 06:45:30 +0000 Subject: Make pam_systemd 256 backwards compatible with logind 255 --- diff --git a/0001-core-Add-debug-logging-for-systemd-killing-services-.patch b/0001-core-Add-debug-logging-for-systemd-killing-services-.patch deleted file mode 100644 index 60b854a..0000000 --- a/0001-core-Add-debug-logging-for-systemd-killing-services-.patch +++ /dev/null @@ -1,86 +0,0 @@ -From a246b1c63f082565c4492d8bdd945623863df07d Mon Sep 17 00:00:00 2001 -From: Ryan Wilson -Date: Tue, 29 Oct 2024 10:25:53 -0700 -Subject: [PATCH] core: Add debug logging for systemd killing services/units - ---- - src/basic/pidref.c | 2 ++ - src/core/service.c | 3 +++ - src/core/unit.c | 12 ++++++++++++ - src/core/unit.h | 3 +++ - 4 files changed, 20 insertions(+) - -diff --git a/src/basic/pidref.c b/src/basic/pidref.c -index 69a010210d..6bd7198d0d 100644 ---- a/src/basic/pidref.c -+++ b/src/basic/pidref.c -@@ -268,6 +268,8 @@ int pidref_kill(const PidRef *pidref, int sig) { - if (!pidref) - return -ESRCH; - -+ log_debug("Sending signal %s for PID " PID_FMT " and PIDFD %d", signal_to_string(sig), pidref->pid, pidref->fd); -+ - if (pidref->fd >= 0) - return RET_NERRNO(pidfd_send_signal(pidref->fd, sig, NULL, 0)); - -diff --git a/src/core/service.c b/src/core/service.c -index 6e81460ad0..577f1f067d 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2138,6 +2138,9 @@ static void service_enter_signal(Service *s, ServiceState state, ServiceResult f - * died now */ - (void) unit_enqueue_rewatch_pids(UNIT(s)); - -+ log_unit_debug(UNIT(s), "Sending signal to unit for state %s with result %s", -+ service_state_to_string(state), service_result_to_string(f)); -+ - kill_operation = state_to_kill_operation(s, state); - r = unit_kill_context(UNIT(s), kill_operation); - if (r < 0) { -diff --git a/src/core/unit.c b/src/core/unit.c -index 136b7aacb0..3a47331985 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4796,6 +4796,16 @@ static int unit_kill_context_one( - return !is_alien; - } - -+static const char* const kill_operation_table[_KILL_OPERATION_MAX] = { -+ [KILL_TERMINATE] = "terminate", -+ [KILL_TERMINATE_AND_LOG] = "terminate-and-log", -+ [KILL_RESTART] = "restart", -+ [KILL_KILL] = "kill", -+ [KILL_WATCHDOG] = "watchdog", -+}; -+ -+DEFINE_STRING_TABLE_LOOKUP(kill_operation, KillOperation); -+ - int unit_kill_context(Unit *u, KillOperation k) { - bool wait_for_exit = false, send_sighup; - cg_kill_log_func_t log_func = NULL; -@@ -4807,6 +4817,8 @@ int unit_kill_context(Unit *u, KillOperation k) { - * if we killed something worth waiting for, 0 otherwise. Do not confuse with unit_kill_common() - * which is used for user-requested killing of unit processes. */ - -+ log_unit_debug(u, "Killing unit context with operation %s", kill_operation_to_string(k)); -+ - KillContext *c = unit_get_kill_context(u); - if (!c || c->kill_mode == KILL_NONE) - return 0; -diff --git a/src/core/unit.h b/src/core/unit.h -index b135fecc51..e46dfb7c58 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -1053,6 +1053,9 @@ UnitMountDependencyType unit_mount_dependency_type_from_string(const char *s) _c - const char* unit_mount_dependency_type_to_string(UnitMountDependencyType t) _const_; - UnitDependency unit_mount_dependency_type_to_dependency_type(UnitMountDependencyType t) _pure_; - -+const char* kill_operation_to_string(KillOperation t) _const_; -+KillOperation kill_operation_from_string(const char *s) _pure_; -+ - /* Macros which append UNIT= or USER_UNIT= to the message */ - - #define log_unit_full_errno_zerook(unit, level, error, ...) \ --- -2.43.5 - diff --git a/0001-pam_systemd-Make-pam_systemd-256-backwards-compatibl.patch b/0001-pam_systemd-Make-pam_systemd-256-backwards-compatibl.patch new file mode 100644 index 0000000..6b3df6e --- /dev/null +++ b/0001-pam_systemd-Make-pam_systemd-256-backwards-compatibl.patch @@ -0,0 +1,43 @@ +From 05188f9029780396097d5355198b8ec818852353 Mon Sep 17 00:00:00 2001 +From: Ryan Wilson +Date: Tue, 12 Nov 2024 22:17:53 -0800 +Subject: [PATCH] pam_systemd: Make pam_systemd 256 backwards compatible to + logind 255 + +--- + src/login/pam_systemd.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c +index a711c89b12..7222d5a0df 100644 +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -1124,6 +1124,25 @@ _public_ PAM_EXTERN int pam_sm_open_session( + + r = sd_bus_call(bus, m, LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC, &error, &reply); + } ++ if (r < 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_INVALID_ARGS)) { ++ SessionContext context2 = context; ++ context2.class = ""; ++ ++ sd_bus_error_free(&error); ++ pam_debug_syslog(handle, debug, ++ "New session classes are not available, retrying after unsetting class."); ++ ++ m = sd_bus_message_unref(m); ++ r = create_session_message(bus, ++ handle, ++ &context2, ++ /* avoid_pidfd = */ true, ++ &m); ++ if (r < 0) ++ return pam_bus_log_create_error(handle, r); ++ ++ r = sd_bus_call(bus, m, LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC, &error, &reply); ++ } + if (r < 0) { + if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) { + /* We are already in a session, don't do anything */ +-- +2.43.5 + diff --git a/systemd.spec b/systemd.spec index 1017f2f..be78f92 100644 --- a/systemd.spec +++ b/systemd.spec @@ -44,7 +44,7 @@ Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:256.7} -Release: %{?release_override}%{!?release_override:1.5}%{?dist} +Release: %{?release_override}%{!?release_override:1.6}%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -148,10 +148,8 @@ Patch0903: 0001-keep-on-using-DBus-as-fallback-if-varlink-is-not-ava.patch # bus-util: Return ENOMEDIUM if XDG_RUNTIME_DIR is unset Patch0904: https://github.com/systemd/systemd/pull/34851.patch -# core: Add debug logging for systemd killing services/units -# Once we root cause systemd 256 killing services/units on upgrade, we should -# upstream this patch + any other patches used for debugging. -Patch0905: 0001-core-Add-debug-logging-for-systemd-killing-services-.patch +# pam_systemd: Make pam_systemd 256 backwards compatible to logind 255 +Patch0905: 0001-pam_systemd-Make-pam_systemd-256-backwards-compatibl.patch %endif @@ -1118,15 +1116,7 @@ systemctl --global preset-all &>/dev/null || : [ -w %{_localstatedir} ] && mkdir -p %{systemd_rpmstatedir} && touch %{systemd_rpmstatedir}/restart-required || : %postun -if [ -w %{systemd_rpmstatedir} ] && [ ! -f %{systemd_rpmstatedir}/restart-required ]; then -%if 0%{?facebook} - # Always restart logind since systemd < 256 does not include logind restart in postun - # and the older uninstalled RPM postun will run first on upgrade. We will get rid of - # this once Facebook upgrades systemd >= 256 - %systemd_postun_with_restart systemd-logind.service -%endif - exit 0 || : -fi +[ -w %{systemd_rpmstatedir} ] && [ ! -f %{systemd_rpmstatedir}/restart-required ] && exit 0 || : [ -w %{systemd_rpmstatedir} ] && rm -f %{systemd_rpmstatedir}/restart-required || : @@ -1138,17 +1128,7 @@ if [ $1 -ge 1 ]; then systemd-tmpfiles --create &>/dev/null || : fi -# systemd-logind restart is disabled because of DRM fds getting closed which breaks -# graphical sessions. However, every release we encounter breakage because something -# in pam_systemd or so starts making use of new logind APIs which then fails because -# logind wasn't restarted. As a workaround, for FB builds, we enable logind restarts -# because the problems with logind restarts are limited to graphical sessions of which -# FB has none. -%if 0%{?facebook} -%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-logind.service -%else %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service -%endif # This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves. @@ -1157,15 +1137,7 @@ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then fi %posttrans -if [ -w %{systemd_rpmstatedir} ] && [ ! -f %{systemd_rpmstatedir}/restart-required ]; then -%if 0%{?facebook} - # Always restart logind since systemd < 256 does not include logind restart in postun - # and the older uninstalled RPM postun will run first on upgrade. We will get rid of - # this once Facebook upgrades systemd >= 256 - %systemd_posttrans_with_restart systemd-logind.service -%endif - exit 0 || : -fi +[ -w %{systemd_rpmstatedir} ] && [ ! -f %{systemd_rpmstatedir}/restart-required ] && exit 0 || : [ -w %{systemd_rpmstatedir} ] && rm -f %{systemd_rpmstatedir}/restart-required || : @@ -1177,17 +1149,7 @@ systemctl daemon-reexec || : systemd-tmpfiles --create &>/dev/null || : -# systemd-logind restart is disabled because of DRM fds getting closed which breaks -# graphical sessions. However, every release we encounter breakage because something -# in pam_systemd or so starts making use of new logind APIs which then fails because -# logind wasn't restarted. As a workaround, for FB builds, we enable logind restarts -# because the problems with logind restarts are limited to graphical sessions of which -# FB has none. -%if 0%{?facebook} -%systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-logind.service -%else %systemd_posttrans_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service -%endif # This is the expanded form of %%systemd_user_daemon_reexec. We # can't use the macro because we define it ourselves.