From a78781192182e348c862ab8871d703a8abe05b05 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Jan 15 2019 10:20:43 +0000 Subject: Add a work-around for #1663040 --- diff --git a/0003-Ignore-failure-to-setup-private-dev.patch b/0003-Ignore-failure-to-setup-private-dev.patch new file mode 100644 index 0000000..9ccb81c --- /dev/null +++ b/0003-Ignore-failure-to-setup-private-dev.patch @@ -0,0 +1,46 @@ +From dbe7ff3240dd30240402632dfa9d95a71f425267 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 15 Jan 2019 10:34:10 +0100 +Subject: [PATCH] Ignore failure to setup private /dev + +This partially reverts 1beab8b0d0. +--- + src/core/namespace.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index c2ca3e0334..6113b9a5ea 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -58,6 +58,7 @@ typedef struct MountEntry { + bool has_prefix:1; /* Already is prefixed by the root dir? */ + bool read_only:1; /* Shall this mount point be read-only? */ + bool applied:1; /* Already applied */ ++ bool xxx:1; + char *path_malloc; /* Use this instead of 'path_const' if we had to allocate memory */ + const char *source_const; /* The source path, for bind mounts */ + char *source_malloc; +@@ -1413,7 +1414,10 @@ int setup_namespace( + } + + r = apply_mount(root, m); +- if (r < 0) ++ if (m->mode == PRIVATE_DEV && IN_SET(r, -EPERM, -EACCES)) { ++ m->xxx = true; ++ log_warning_errno(r, "Failed to prepare private /dev, ignoring: %m"); ++ } else if (r < 0) + goto finish; + + m->applied = true; +@@ -1433,6 +1437,8 @@ int setup_namespace( + + /* Second round, flip the ro bits if necessary. */ + for (m = mounts; m < mounts + n_mounts; ++m) { ++ if (m->xxx) ++ continue; + r = make_read_only(m, blacklist, proc_self_mountinfo); + if (r < 0) + goto finish; +-- +2.19.2 + diff --git a/systemd.spec b/systemd.spec index 0991fa2..ae12798 100644 --- a/systemd.spec +++ b/systemd.spec @@ -15,7 +15,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 240 -Release: 5%{?commit:.git%{shortcommit}}%{?dist} +Release: 6%{?commit:.git%{shortcommit}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -51,6 +51,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ %endif Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch +Patch0003: 0003-Ignore-failure-to-setup-private-dev.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -692,6 +693,9 @@ fi %files tests -f .file-list-tests %changelog +* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek - 240-6.gitf02b547 +- Add a work-around for #1663040 + * Mon Jan 14 2019 Björn Esser - Rebuilt for libcrypt.so.2 (#1666033)