From 2946f41442e210afb7382d5a76ca1321aa02bac6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 10 2014 17:32:37 +0000 Subject: import systemd-208-11.el7_0.5 --- diff --git a/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch b/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch new file mode 100644 index 0000000..4670661 --- /dev/null +++ b/SOURCES/0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch @@ -0,0 +1,610 @@ +From 6744ef720b34a87ff69acb8535cf5e83db6f5e8b Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 24 Jun 2014 14:50:26 +0200 +Subject: [PATCH] socket: add SocketUser= and SocketGroup= for chown()ing + sockets in the file system + +This is relatively complex, as we cannot invoke NSS from PID 1, and thus +need to fork a helper process temporarily. + +(cherry picked from commit 3900e5fdff688dc3c273f177d9d913b7389d5561) + +Resolves: #1111761 +--- + man/systemd.socket.xml | 38 ++++-- + src/core/dbus-socket.c | 8 +- + src/core/load-fragment-gperf.gperf.m4 | 4 +- + src/core/socket.c | 220 +++++++++++++++++++++++++++------- + src/core/socket.h | 5 + + src/shared/exit-status.c | 4 + + src/shared/exit-status.h | 3 +- + 7 files changed, 224 insertions(+), 58 deletions(-) + +diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml +index 570a6fb..d146b3b 100644 +--- a/man/systemd.socket.xml ++++ b/man/systemd.socket.xml +@@ -372,16 +372,21 @@ + + + +- DirectoryMode= +- If listening on a file +- system socket or FIFO, the parent +- directories are automatically created +- if needed. This option specifies the +- file system access mode used when +- creating these directories. Takes an +- access mode in octal +- notation. Defaults to +- 0755. ++ SocketUser= ++ SocketGroup= ++ ++ Takes a UNIX ++ user/group name. When specified ++ all AF_UNIX sockets and FIFO nodes in ++ the file system are owned by the ++ specified user and group. If unset ++ (the default), the nodes are owned by ++ the root user/group (if run in system ++ context) or the invoking user/group ++ (if run in user context). If only a ++ user is specified but no group, then ++ the group is derived from the user's ++ default group. + + + +@@ -396,6 +401,19 @@ + + + ++ DirectoryMode= ++ If listening on a file ++ system socket or FIFO, the parent ++ directories are automatically created ++ if needed. This option specifies the ++ file system access mode used when ++ creating these directories. Takes an ++ access mode in octal ++ notation. Defaults to ++ 0755. ++ ++ ++ + Accept= + Takes a boolean + argument. If true, a service instance +diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c +index 30c4b63..870bcdc 100644 +--- a/src/core/dbus-socket.c ++++ b/src/core/dbus-socket.c +@@ -44,8 +44,10 @@ + BUS_CGROUP_CONTEXT_INTERFACE \ + " \n" \ + " \n" \ +- " \n" \ ++ " \n" \ ++ " \n" \ + " \n" \ ++ " \n" \ + " \n" \ + " \n" \ + " \n" \ +@@ -172,8 +174,10 @@ static const BusProperty bus_socket_properties[] = { + BUS_EXEC_COMMAND_PROPERTY("ExecStopPost", offsetof(Socket, exec_command[SOCKET_EXEC_STOP_POST]), true ), + { "ControlPID", bus_property_append_pid, "u", offsetof(Socket, control_pid) }, + { "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true }, +- { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) }, ++ { "SocketUser", bus_property_append_string, "s", offsetof(Socket, user), true }, ++ { "SocketGroup", bus_property_append_string, "s", offsetof(Socket, group), true }, + { "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) }, ++ { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) }, + { "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) }, + { "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) }, + { "Priority", bus_property_append_int, "i", offsetof(Socket, priority) }, +diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 +index d65bcc1..0991cb9 100644 +--- a/src/core/load-fragment-gperf.gperf.m4 ++++ b/src/core/load-fragment-gperf.gperf.m4 +@@ -193,8 +193,10 @@ Socket.ExecStartPost, config_parse_exec, SOCKET_EXEC + Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command) + Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command) + Socket.TimeoutSec, config_parse_sec, 0, offsetof(Socket, timeout_usec) +-Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode) ++Socket.SocketUser, config_parse_unit_string_printf, 0, offsetof(Socket, user) ++Socket.SocketGroup, config_parse_unit_string_printf, 0, offsetof(Socket, group) + Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode) ++Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode) + Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept) + Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections) + Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive) +diff --git a/src/core/socket.c b/src/core/socket.c +index e673f38..32e0d35 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -54,6 +54,7 @@ + static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = { + [SOCKET_DEAD] = UNIT_INACTIVE, + [SOCKET_START_PRE] = UNIT_ACTIVATING, ++ [SOCKET_START_CHOWN] = UNIT_ACTIVATING, + [SOCKET_START_POST] = UNIT_ACTIVATING, + [SOCKET_LISTENING] = UNIT_ACTIVE, + [SOCKET_RUNNING] = UNIT_ACTIVE, +@@ -147,6 +148,8 @@ static void socket_done(Unit *u) { + free(s->smack); + free(s->smack_ip_in); + free(s->smack_ip_out); ++ free(s->user); ++ free(s->group); + + unit_unwatch_timer(u, &s->timer_watch); + } +@@ -527,6 +530,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { + "%sSmackLabelIPOut: %s\n", + prefix, s->smack_ip_out); + ++ if (s->user) ++ fprintf(f, ++ "%sOwnerUser: %s\n", ++ prefix, s->user); ++ ++ if (s->group) ++ fprintf(f, ++ "%sOwnerGroup: %s\n", ++ prefix, s->user); ++ + LIST_FOREACH(port, p, s->ports) { + + if (p->type == SOCKET_SOCKET) { +@@ -1100,6 +1113,7 @@ static void socket_set_state(Socket *s, SocketState state) { + s->state = state; + + if (state != SOCKET_START_PRE && ++ state != SOCKET_START_CHOWN && + state != SOCKET_START_POST && + state != SOCKET_STOP_PRE && + state != SOCKET_STOP_PRE_SIGTERM && +@@ -1116,7 +1130,8 @@ static void socket_set_state(Socket *s, SocketState state) { + if (state != SOCKET_LISTENING) + socket_unwatch_fds(s); + +- if (state != SOCKET_START_POST && ++ if (state != SOCKET_START_CHOWN && ++ state != SOCKET_START_POST && + state != SOCKET_LISTENING && + state != SOCKET_RUNNING && + state != SOCKET_STOP_PRE && +@@ -1143,6 +1158,7 @@ static int socket_coldplug(Unit *u) { + if (s->deserialized_state != s->state) { + + if (s->deserialized_state == SOCKET_START_PRE || ++ s->deserialized_state == SOCKET_START_CHOWN || + s->deserialized_state == SOCKET_START_POST || + s->deserialized_state == SOCKET_STOP_PRE || + s->deserialized_state == SOCKET_STOP_PRE_SIGTERM || +@@ -1163,7 +1179,8 @@ static int socket_coldplug(Unit *u) { + return r; + } + +- if (s->deserialized_state == SOCKET_START_POST || ++ if (s->deserialized_state == SOCKET_START_CHOWN || ++ s->deserialized_state == SOCKET_START_POST || + s->deserialized_state == SOCKET_LISTENING || + s->deserialized_state == SOCKET_RUNNING || + s->deserialized_state == SOCKET_STOP_PRE || +@@ -1185,7 +1202,7 @@ static int socket_coldplug(Unit *u) { + static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { + pid_t pid; + int r; +- char **argv; ++ _cleanup_strv_free_ char **argv = NULL; + + assert(s); + assert(c); +@@ -1216,11 +1233,11 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { + NULL, + &pid); + +- strv_free(argv); + if (r < 0) + goto fail; + +- if ((r = unit_watch_pid(UNIT(s), pid)) < 0) ++ r = unit_watch_pid(UNIT(s), pid); ++ if (r < 0) + /* FIXME: we need to do something here */ + goto fail; + +@@ -1234,6 +1251,88 @@ fail: + return r; + } + ++static int socket_chown(Socket *s, pid_t *_pid) { ++ pid_t pid; ++ int r; ++ ++ r = unit_watch_timer(UNIT(s), CLOCK_MONOTONIC, true, s->timeout_usec, &s->timer_watch); ++ if (r < 0) ++ goto fail; ++ ++ pid = fork(); ++ if (pid < 0) ++ return -errno; ++ ++ if (pid == 0) { ++ SocketPort *p; ++ uid_t uid = (uid_t) -1; ++ gid_t gid = (gid_t) -1; ++ int ret; ++ ++ default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1); ++ ignore_signals(SIGPIPE, -1); ++ log_forget_fds(); ++ ++ if (!isempty(s->user)) { ++ const char *user = s->user; ++ ++ r = get_user_creds(&user, &uid, &gid, NULL, NULL); ++ if (r < 0) { ++ ret = EXIT_USER; ++ goto fail_child; ++ } ++ } ++ ++ if (!isempty(s->group)) { ++ const char *group = s->group; ++ ++ r = get_group_creds(&group, &gid); ++ if (r < 0) { ++ ret = EXIT_GROUP; ++ goto fail_child; ++ } ++ } ++ ++ LIST_FOREACH(port, p, s->ports) { ++ const char *path = NULL; ++ ++ if (p->type == SOCKET_SOCKET) ++ path = socket_address_get_path(&p->address); ++ else if (p->type == SOCKET_FIFO) ++ path = p->path; ++ ++ if (!path) ++ continue; ++ ++ if (chown(path, uid, gid) < 0) { ++ r = -errno; ++ ret = EXIT_CHOWN; ++ goto fail_child; ++ } ++ } ++ ++ _exit(0); ++ ++ fail_child: ++ log_open(); ++ log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r)); ++ ++ _exit(ret); ++ } ++ ++ r = unit_watch_pid(UNIT(s), pid); ++ if (r < 0) ++ goto fail; ++ ++ *_pid = pid; ++ ++ return 0; ++ ++fail: ++ unit_unwatch_timer(UNIT(s), &s->timer_watch); ++ return r; ++} ++ + static void socket_enter_dead(Socket *s, SocketResult f) { + assert(s); + +@@ -1256,9 +1355,11 @@ static void socket_enter_stop_post(Socket *s, SocketResult f) { + socket_unwatch_control_pid(s); + + s->control_command_id = SOCKET_EXEC_STOP_POST; ++ s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST]; + +- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) { +- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0) ++ if (s->control_command) { ++ r = socket_spawn(s, s->control_command, &s->control_pid); ++ if (r < 0) + goto fail; + + socket_set_state(s, SOCKET_STOP_POST); +@@ -1326,9 +1427,11 @@ static void socket_enter_stop_pre(Socket *s, SocketResult f) { + socket_unwatch_control_pid(s); + + s->control_command_id = SOCKET_EXEC_STOP_PRE; ++ s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE]; + +- if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) { +- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0) ++ if (s->control_command) { ++ r = socket_spawn(s, s->control_command, &s->control_pid); ++ if (r < 0) + goto fail; + + socket_set_state(s, SOCKET_STOP_PRE); +@@ -1376,15 +1479,13 @@ static void socket_enter_start_post(Socket *s) { + } + + socket_unwatch_control_pid(s); +- + s->control_command_id = SOCKET_EXEC_START_POST; ++ s->control_command = s->exec_command[SOCKET_EXEC_START_POST]; + +- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) { ++ if (s->control_command) { + r = socket_spawn(s, s->control_command, &s->control_pid); + if (r < 0) { +- log_warning_unit(UNIT(s)->id, +- "%s failed to run 'start-post' task: %s", +- UNIT(s)->id, strerror(-r)); ++ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r)); + goto fail; + } + +@@ -1398,6 +1499,38 @@ fail: + socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES); + } + ++static void socket_enter_start_chown(Socket *s) { ++ int r; ++ ++ assert(s); ++ ++ r = socket_open_fds(s); ++ if (r < 0) { ++ log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r)); ++ goto fail; ++ } ++ ++ if (!isempty(s->user) || !isempty(s->group)) { ++ socket_unwatch_control_pid(s); ++ s->control_command_id = SOCKET_EXEC_START_CHOWN; ++ s->control_command = NULL; ++ ++ r = socket_chown(s, &s->control_pid); ++ if (r < 0) { ++ log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r)); ++ goto fail; ++ } ++ ++ socket_set_state(s, SOCKET_START_CHOWN); ++ } else ++ socket_enter_start_post(s); ++ ++ return; ++ ++fail: ++ socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES); ++} ++ + static void socket_enter_start_pre(Socket *s) { + int r; + assert(s); +@@ -1405,21 +1538,21 @@ static void socket_enter_start_pre(Socket *s) { + socket_unwatch_control_pid(s); + + s->control_command_id = SOCKET_EXEC_START_PRE; ++ s->control_command = s->exec_command[SOCKET_EXEC_START_PRE]; + +- if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) { +- if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0) ++ if (s->control_command) { ++ r = socket_spawn(s, s->control_command, &s->control_pid); ++ if (r < 0) + goto fail; + + socket_set_state(s, SOCKET_START_PRE); + } else +- socket_enter_start_post(s); ++ socket_enter_start_chown(s); + + return; + + fail: +- log_warning_unit(UNIT(s)->id, +- "%s failed to run 'start-pre' task: %s", +- UNIT(s)->id, strerror(-r)); ++ log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r)); + socket_enter_dead(s, SOCKET_FAILURE_RESOURCES); + } + +@@ -1609,6 +1742,7 @@ static int socket_start(Unit *u) { + return -EAGAIN; + + if (s->state == SOCKET_START_PRE || ++ s->state == SOCKET_START_CHOWN || + s->state == SOCKET_START_POST) + return 0; + +@@ -1669,6 +1803,7 @@ static int socket_stop(Unit *u) { + /* If there's already something running we go directly into + * kill mode. */ + if (s->state == SOCKET_START_PRE || ++ s->state == SOCKET_START_CHOWN || + s->state == SOCKET_START_POST) { + socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS); + return -EAGAIN; +@@ -2098,11 +2233,18 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) { + + case SOCKET_START_PRE: + if (f == SOCKET_SUCCESS) +- socket_enter_start_post(s); ++ socket_enter_start_chown(s); + else + socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f); + break; + ++ case SOCKET_START_CHOWN: ++ if (f == SOCKET_SUCCESS) ++ socket_enter_start_post(s); ++ else ++ socket_enter_stop_pre(s, f); ++ break; ++ + case SOCKET_START_POST: + if (f == SOCKET_SUCCESS) + socket_enter_listening(s); +@@ -2141,65 +2283,53 @@ static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) { + switch (s->state) { + + case SOCKET_START_PRE: +- log_warning_unit(u->id, +- "%s starting timed out. Terminating.", u->id); ++ log_warning_unit(u->id, "%s starting timed out. Terminating.", u->id); + socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT); + break; + ++ case SOCKET_START_CHOWN: + case SOCKET_START_POST: +- log_warning_unit(u->id, +- "%s starting timed out. Stopping.", u->id); ++ log_warning_unit(u->id, "%s starting timed out. Stopping.", u->id); + socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT); + break; + + case SOCKET_STOP_PRE: +- log_warning_unit(u->id, +- "%s stopping timed out. Terminating.", u->id); ++ log_warning_unit(u->id, "%s stopping timed out. Terminating.", u->id); + socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT); + break; + + case SOCKET_STOP_PRE_SIGTERM: + if (s->kill_context.send_sigkill) { +- log_warning_unit(u->id, +- "%s stopping timed out. Killing.", u->id); ++ log_warning_unit(u->id, "%s stopping timed out. Killing.", u->id); + socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT); + } else { +- log_warning_unit(u->id, +- "%s stopping timed out. Skipping SIGKILL. Ignoring.", +- u->id); ++ log_warning_unit(u->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", u->id); + socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT); + } + break; + + case SOCKET_STOP_PRE_SIGKILL: +- log_warning_unit(u->id, +- "%s still around after SIGKILL. Ignoring.", u->id); ++ log_warning_unit(u->id, "%s still around after SIGKILL. Ignoring.", u->id); + socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT); + break; + + case SOCKET_STOP_POST: +- log_warning_unit(u->id, +- "%s stopping timed out (2). Terminating.", u->id); ++ log_warning_unit(u->id, "%s stopping timed out (2). Terminating.", u->id); + socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT); + break; + + case SOCKET_FINAL_SIGTERM: + if (s->kill_context.send_sigkill) { +- log_warning_unit(u->id, +- "%s stopping timed out (2). Killing.", u->id); ++ log_warning_unit(u->id, "%s stopping timed out (2). Killing.", u->id); + socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT); + } else { +- log_warning_unit(u->id, +- "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", +- u->id); ++ log_warning_unit(u->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->id); + socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT); + } + break; + + case SOCKET_FINAL_SIGKILL: +- log_warning_unit(u->id, +- "%s still around after SIGKILL (2). Entering failed mode.", +- u->id); ++ log_warning_unit(u->id, "%s still around after SIGKILL (2). Entering failed mode.", u->id); + socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT); + break; + +@@ -2333,6 +2463,7 @@ static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) { + static const char* const socket_state_table[_SOCKET_STATE_MAX] = { + [SOCKET_DEAD] = "dead", + [SOCKET_START_PRE] = "start-pre", ++ [SOCKET_START_CHOWN] = "start-chown", + [SOCKET_START_POST] = "start-post", + [SOCKET_LISTENING] = "listening", + [SOCKET_RUNNING] = "running", +@@ -2349,6 +2480,7 @@ DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState); + + static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = { + [SOCKET_EXEC_START_PRE] = "StartPre", ++ [SOCKET_EXEC_START_CHOWN] = "StartChown", + [SOCKET_EXEC_START_POST] = "StartPost", + [SOCKET_EXEC_STOP_PRE] = "StopPre", + [SOCKET_EXEC_STOP_POST] = "StopPost" +diff --git a/src/core/socket.h b/src/core/socket.h +index 3d7eadc..6a24883 100644 +--- a/src/core/socket.h ++++ b/src/core/socket.h +@@ -32,6 +32,7 @@ typedef struct Socket Socket; + typedef enum SocketState { + SOCKET_DEAD, + SOCKET_START_PRE, ++ SOCKET_START_CHOWN, + SOCKET_START_POST, + SOCKET_LISTENING, + SOCKET_RUNNING, +@@ -48,6 +49,7 @@ typedef enum SocketState { + + typedef enum SocketExecCommand { + SOCKET_EXEC_START_PRE, ++ SOCKET_EXEC_START_CHOWN, + SOCKET_EXEC_START_POST, + SOCKET_EXEC_STOP_PRE, + SOCKET_EXEC_STOP_POST, +@@ -151,6 +153,9 @@ struct Socket { + char *smack; + char *smack_ip_in; + char *smack_ip_out; ++ ++ char *user; ++ char *group; + }; + + /* Called from the service code when collecting fds */ +diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c +index 45131f2..f15fdba 100644 +--- a/src/shared/exit-status.c ++++ b/src/shared/exit-status.c +@@ -130,6 +130,10 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) { + + case EXIT_SECCOMP: + return "SECCOMP"; ++ ++ case EXIT_CHOWN: ++ return "CHOWN"; ++ + } + } + +diff --git a/src/shared/exit-status.h b/src/shared/exit-status.h +index 1f035a3..52dd3d0 100644 +--- a/src/shared/exit-status.h ++++ b/src/shared/exit-status.h +@@ -67,7 +67,8 @@ typedef enum ExitStatus { + EXIT_NETWORK, + EXIT_NAMESPACE, + EXIT_NO_NEW_PRIVILEGES, +- EXIT_SECCOMP ++ EXIT_SECCOMP, ++ EXIT_CHOWN + } ExitStatus; + + typedef enum ExitStatusLevel { diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 8cde371..d8d055a 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -11,7 +11,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 208 -Release: 11%{?dist}.4 +Release: 11%{?dist}.5 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager @@ -267,6 +267,7 @@ Patch0233: 0233-units-serial-getty-.service-add-Install-section.patch Patch0234: 0234-units-order-network-online.target-after-network.targ.patch Patch0235: 0235-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch Patch0236: 0236-util-reset-signals-when-we-fork-off-agents.patch +Patch0237: 0237-socket-add-SocketUser-and-SocketGroup-for-chown-ing-.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -1065,6 +1066,9 @@ getent passwd systemd-journal-gateway >/dev/null 2>&1 || useradd -r -l -u 191 -g %{_datadir}/systemd/gatewayd %changelog +* Fri Dec 05 2014 Michal Sekletar - 208-11.5 +- socket: add SocketUser= and SocketGroup= for chown()ing (#1171054) + * Mon Oct 06 2014 Lukáš Nykrýn - 208-11.4 - util: reset signals when we fork off agents - util: fix minimal race where we might miss SIGTERMs when forking off an agent