diff --git a/0001-generator-setup-use-RET_GATHER.patch b/0001-generator-setup-use-RET_GATHER.patch new file mode 100644 index 0000000..220b210 --- /dev/null +++ b/0001-generator-setup-use-RET_GATHER.patch @@ -0,0 +1,42 @@ +From 89713133365b14634ed3f7e2812d4ddc17be0390 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:45:50 +0200 +Subject: [PATCH 1/3] generator-setup: use RET_GATHER() + +--- + src/core/generator-setup.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c +index 00d6ad61fa..b16211e8f4 100644 +--- a/src/core/generator-setup.c ++++ b/src/core/generator-setup.c +@@ -8,7 +8,7 @@ + #include "rm-rf.h" + + int lookup_paths_mkdir_generator(LookupPaths *p) { +- int r, q; ++ int r; + + assert(p); + +@@ -16,14 +16,8 @@ int lookup_paths_mkdir_generator(LookupPaths *p) { + return -EINVAL; + + r = mkdir_p_label(p->generator, 0755); +- +- q = mkdir_p_label(p->generator_early, 0755); +- if (q < 0 && r >= 0) +- r = q; +- +- q = mkdir_p_label(p->generator_late, 0755); +- if (q < 0 && r >= 0) +- r = q; ++ RET_GATHER(r, mkdir_p_label(p->generator_early, 0755)); ++ RET_GATHER(r, mkdir_p_label(p->generator_late, 0755)); + + return r; + } +-- +2.45.0 + diff --git a/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch new file mode 100644 index 0000000..ae26e94 --- /dev/null +++ b/0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch @@ -0,0 +1,71 @@ +From 064e901cb34b1a3dddbbe98595a2731bb85c4424 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:46:51 +0200 +Subject: [PATCH 2/3] exec-util: use the stdio array of safe_fork_full() where + appropriate + +--- + src/shared/exec-util.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index 1c7b14d98d..dc0974572f 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -36,27 +36,35 @@ + /* Put this test here for a lack of better place */ + assert_cc(EAGAIN == EWOULDBLOCK); + +-static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) { +- pid_t _pid; ++static int do_spawn( ++ const char *path, ++ char *argv[], ++ int stdout_fd, ++ pid_t *ret_pid, ++ bool set_systemd_exec_pid) { ++ + int r; + ++ assert(path); ++ assert(ret_pid); ++ + if (null_or_empty_path(path) > 0) { + log_debug("%s is empty (a mask).", path); + return 0; + } + +- r = safe_fork("(direxec)", FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid); ++ pid_t pid; ++ r = safe_fork_full( ++ "(direxec)", ++ (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, ++ /* except_fds= */ NULL, /* n_except_fds= */ 0, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ &pid); + if (r < 0) + return r; + if (r == 0) { + char *_argv[2]; + +- if (stdout_fd >= 0) { +- r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO); +- if (r < 0) +- _exit(EXIT_FAILURE); +- } +- + if (set_systemd_exec_pid) { + r = setenv_systemd_exec_pid(false); + if (r < 0) +@@ -75,7 +83,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b + _exit(EXIT_FAILURE); + } + +- *pid = _pid; ++ *ret_pid = pid; + return 1; + } + +-- +2.45.0 + diff --git a/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch new file mode 100644 index 0000000..d2d95ac --- /dev/null +++ b/0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch @@ -0,0 +1,28 @@ +From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 29 May 2024 11:50:54 +0200 +Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked + generators + +We should really have set O_CLOEXEC for all our fds, but better be safe +than sorry. +--- + src/shared/exec-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index dc0974572f..ac1c150ab1 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -58,7 +58,7 @@ static int do_spawn( + "(direxec)", + (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, + /* except_fds= */ NULL, /* n_except_fds= */ 0, +- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO, ++ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, + &pid); + if (r < 0) + return r; +-- +2.45.0 + diff --git a/systemd.spec b/systemd.spec index dc9782c..ba0c1d6 100644 --- a/systemd.spec +++ b/systemd.spec @@ -106,11 +106,15 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91. Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch +Patch0002: 0001-generator-setup-use-RET_GATHER.patch +Patch0003: 0002-exec-util-use-the-stdio-array-of-safe_fork_full-wher.patch +Patch0004: 0003-exec-util-make-sure-to-close-all-fds-for-invoked-gen.patch + %if 0%{?fedora} < 41 # Work-around for dracut issue: run generators directly when we are in initrd # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 # Drop when dracut-060 is available. -Patch0002: https://github.com/systemd/systemd/pull/26494.patch +Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif # Those are downstream-only patches, but we don't want them in packit builds: