From df98bb77f7cdd32c4e75d509ca4abc46ecef6546 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 26 2021 04:20:18 +0000 Subject: import systemd-239-48.el8 --- diff --git a/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch b/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch index cca9c5d..a6ad6a9 100644 --- a/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch +++ b/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch @@ -1,4 +1,4 @@ -From 43c0bcb8b24edb83bc265cdde264e6d2a36d1cea Mon Sep 17 00:00:00 2001 +From 1afb38f39a9b4508533cc1c7262e5fff418cb317 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Mon, 17 May 2021 15:49:08 +0200 Subject: [PATCH] Revert "udev: run link_update() with increased retry count in @@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: run link_update() with increased retry count in This reverts commit 1f3165bda13c8572c8c31d23c998835c4e2ad8f3. -Related: #1963980 +Related: #1942299 --- src/udev/udev-event.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch b/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch index f9c38cf..3d5cc9c 100644 --- a/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch +++ b/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch @@ -1,4 +1,4 @@ -From 612773fa8b6333dcdac382849e81fa5a473dd1f9 Mon Sep 17 00:00:00 2001 +From 897b4d1e19c706d9198b9308125df57a5d469a6b Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Mon, 17 May 2021 15:50:31 +0200 Subject: [PATCH] Revert "udev: make algorithm that selects highest priority @@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: make algorithm that selects highest priority This reverts commit 1d5f966c1758eb620755fcae54abd07a1ac36d3d. -Related: #1963980 +Related: #1942299 --- src/udev/udev-event.c | 71 +++++------- src/udev/udev-node.c | 244 ++++++++++++------------------------------ diff --git a/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch b/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch index 4eb0e15..72eea13 100644 --- a/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch +++ b/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch @@ -1,4 +1,4 @@ -From bc21daeb780911d586de7ff0004ed2bc515b8826 Mon Sep 17 00:00:00 2001 +From 94ad224240140a7287f9e2be5905b9c506350193 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Mon, 17 May 2021 15:54:10 +0200 Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices @@ -7,7 +7,7 @@ Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices udev test fail. Once we reintroduce the fix for link_update() we will revert this commit.] -Related: #1963980 +Related: #1942299 --- test/udev-test.pl | 179 ---------------------------------------------- 1 file changed, 179 deletions(-) diff --git a/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch b/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch new file mode 100644 index 0000000..f06d372 --- /dev/null +++ b/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch @@ -0,0 +1,41 @@ +From 4e589237979fdf90af38d466abd7fcd852356f02 Mon Sep 17 00:00:00 2001 +From: Kai Krakow +Date: Sat, 17 Aug 2019 02:33:43 +0200 +Subject: [PATCH] cgroup: Also set io.bfq.weight + +Current kernels with BFQ scheduler do not yet set their IO weight +through "io.weight" but through "io.bfq.weight" (using a slightly +different interface supporting only default weights, not per-device +weights). This commit enables "IOWeight=" to just to that. + +This patch may be dropped at some time later. + +Github-Link: https://github.com/systemd/systemd/issues/7057 +Signed-off-by: Kai Krakow + +(cherry picked from commit 21221ce1ce9a572e82d46d80692afd65c224fc50) + +Related: #1927290 +--- + src/core/cgroup.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 71e30fd4db..f02cc31c6e 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -984,6 +984,14 @@ static void cgroup_context_apply( + log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, + "Failed to set io.weight: %m"); + ++ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" ++ * See also: https://github.com/systemd/systemd/pull/13335 */ ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ r = cg_set_attribute("io", path, "io.bfq.weight", buf); ++ if (r < 0) ++ log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, ++ "Failed to set io.bfq.weight: %m"); ++ + if (has_io) { + CGroupIODeviceWeight *w; + diff --git a/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch b/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch new file mode 100644 index 0000000..58d8b14 --- /dev/null +++ b/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch @@ -0,0 +1,82 @@ +From e706f5df66b7189a7df526aeeb45c86b8c4b057a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 2 Nov 2020 14:51:10 +0100 +Subject: [PATCH] seccomp: allow turning off of seccomp filtering via env var + +Fixes: #17504 + +(While we are it, also move $SYSTEMD_SECCOMP_LOG= env var description +into the right document section) + +Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603 + +(cherry picked from commit ce8f6d478e3f6c6a313fb19615aa5029bb18f86d) + +Resolves: #1916835 +--- + doc/ENVIRONMENT.md | 3 +++ + src/nspawn/nspawn-seccomp.c | 2 +- + src/shared/seccomp-util.c | 19 +++++++++++++++---- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md +index 0e763b6302..36b649afe1 100644 +--- a/doc/ENVIRONMENT.md ++++ b/doc/ENVIRONMENT.md +@@ -117,3 +117,6 @@ systemd-sulogin-shell: + * `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the + root password is not available (such as when the root account is locked). + See `sulogin(8)` for more details. ++ ++* `$SYSTEMD_SECCOMP=0` – if set, seccomp filters will not be enforced, even if ++ support for it is compiled in and available in the kernel. +diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c +index b56c5b04a8..fba22644da 100644 +--- a/src/nspawn/nspawn-seccomp.c ++++ b/src/nspawn/nspawn-seccomp.c +@@ -172,7 +172,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys + int r; + + if (!is_seccomp_available()) { +- log_debug("SECCOMP features not detected in the kernel, disabling SECCOMP filterering"); ++ log_debug("SECCOMP features not detected in the kernel or disabled at runtime, disabling SECCOMP filtering"); + return 0; + } + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index d91fb4e269..e903512d45 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -12,6 +12,7 @@ + + #include "af-list.h" + #include "alloc-util.h" ++#include "env-util.h" + #include "macro.h" + #include "nsflags.h" + #include "process-util.h" +@@ -244,10 +245,20 @@ static bool is_seccomp_filter_available(void) { + bool is_seccomp_available(void) { + static int cached_enabled = -1; + +- if (cached_enabled < 0) +- cached_enabled = +- is_basic_seccomp_available() && +- is_seccomp_filter_available(); ++ if (cached_enabled < 0) { ++ int b; ++ ++ b = getenv_bool("SYSTEMD_SECCOMP"); ++ if (b != 0) { ++ if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */ ++ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring."); ++ ++ cached_enabled = ++ is_basic_seccomp_available() && ++ is_seccomp_filter_available(); ++ } else ++ cached_enabled = false; ++ } + + return cached_enabled; + } diff --git a/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch b/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch new file mode 100644 index 0000000..9029c4b --- /dev/null +++ b/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch @@ -0,0 +1,36 @@ +From 7fb2d86b58201341a582b739a5445821bec66eea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 6 Nov 2019 12:44:39 +0100 +Subject: [PATCH] meson: remove strange dep that causes meson to enter infinite + loop + +The value is obviously bogus, but didn't seem to cause problems so far. +With meson-0.52.0, it causes a hang. The number of aliases is always rather +small (usually just one or two, possibly up to a dozen in a few cases), so +even if this causes some looping, it is strange that it has such a huge impact. +But let's just remove it. + +Fixes #13742. + +Tested with meson-0.52.0-1.module_f31+6771+f5d842eb.noarch, +meson-0.51.1-1.fc29.noarch. + +(cherry picked from commit af336643a01d0b210b18312c253a50594ba54b0a) + +Resolves: #1970860 +--- + man/meson.build | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/man/meson.build b/man/meson.build +index ec05d73bc6..a953d34098 100644 +--- a/man/meson.build ++++ b/man/meson.build +@@ -68,7 +68,6 @@ foreach tuple : xsltproc.found() ? manpages : [] + foreach htmlalias : htmlaliases + link = custom_target( + htmlalias, +- input : p2, + output : htmlalias, + command : ['ln', '-fs', html, '@OUTPUT@']) + if want_html diff --git a/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch b/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch new file mode 100644 index 0000000..b14a3c7 --- /dev/null +++ b/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch @@ -0,0 +1,182 @@ +From 8df650c7c5adc2bb24a0077d8332f5ee342e7fd8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 26 Feb 2021 10:25:24 +0100 +Subject: [PATCH] copy: handle copy_file_range() weirdness on procfs/sysfs + +This addresses the issue described in https://lwn.net/Articles/846403/ +and makes sure we will be able to stream bytes from procfs/sysfs via +copy_bytes() if people ask us to. + +Based on: ee1aa61c4710ae567a2b844e0f0bb8cb0456ab8c +Related: #1970860 +--- + src/basic/copy.c | 75 +++++++++++++++++++++++++++++--------------- + src/test/test-copy.c | 17 ++++++++++ + 2 files changed, 66 insertions(+), 26 deletions(-) + +diff --git a/src/basic/copy.c b/src/basic/copy.c +index e06a503a29..a48c42c5c6 100644 +--- a/src/basic/copy.c ++++ b/src/basic/copy.c +@@ -92,7 +92,7 @@ int copy_bytes_full( + void **ret_remains, + size_t *ret_remains_size) { + +- bool try_cfr = true, try_sendfile = true, try_splice = true; ++ bool try_cfr = true, try_sendfile = true, try_splice = true, copied_something = false; + int r, nonblock_pipe = -1; + size_t m = SSIZE_MAX; /* that is the maximum that sendfile and c_f_r accept */ + +@@ -185,9 +185,20 @@ int copy_bytes_full( + + try_cfr = false; + /* use fallback below */ +- } else if (n == 0) /* EOF */ +- break; +- else ++ } else if (n == 0) { /* likely EOF */ ++ ++ if (copied_something) ++ break; ++ ++ /* So, we hit EOF immediately, without having copied a single byte. This ++ * could indicate two things: the file is actually empty, or we are on some ++ * virtual file system such as procfs/sysfs where the syscall actually ++ * doesn't work but doesn't return an error. Try to handle that, by falling ++ * back to simple read()s in case we encounter empty files. ++ * ++ * See: https://lwn.net/Articles/846403/ */ ++ try_cfr = try_sendfile = try_splice = false; ++ } else + /* Success! */ + goto next; + } +@@ -201,9 +212,14 @@ int copy_bytes_full( + + try_sendfile = false; + /* use fallback below */ +- } else if (n == 0) /* EOF */ ++ } else if (n == 0) { /* likely EOF */ ++ ++ if (copied_something) ++ break; ++ ++ try_sendfile = try_splice = false; /* same logic as above for copy_file_range() */ + break; +- else ++ } else + /* Success! */ + goto next; + } +@@ -213,14 +229,14 @@ int copy_bytes_full( + + /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file + * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the +- * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour here, and +- * check if either of the specified fds are a pipe, and if so, let's pass the flag +- * automatically, depending on O_NONBLOCK being set. ++ * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour ++ * here, and check if either of the specified fds are a pipe, and if so, let's pass ++ * the flag automatically, depending on O_NONBLOCK being set. + * +- * Here's a twist though: when we use it to move data between two pipes of which one has +- * O_NONBLOCK set and the other has not, then we have no individual control over O_NONBLOCK +- * behaviour. Hence in that case we can't use splice() and still guarantee systematic +- * O_NONBLOCK behaviour, hence don't. */ ++ * Here's a twist though: when we use it to move data between two pipes of which one ++ * has O_NONBLOCK set and the other has not, then we have no individual control over ++ * O_NONBLOCK behaviour. Hence in that case we can't use splice() and still guarantee ++ * systematic O_NONBLOCK behaviour, hence don't. */ + + if (nonblock_pipe < 0) { + int a, b; +@@ -238,12 +254,13 @@ int copy_bytes_full( + (a == FD_IS_BLOCKING_PIPE && b == FD_IS_NONBLOCKING_PIPE) || + (a == FD_IS_NONBLOCKING_PIPE && b == FD_IS_BLOCKING_PIPE)) + +- /* splice() only works if one of the fds is a pipe. If neither is, let's skip +- * this step right-away. As mentioned above, if one of the two fds refers to a +- * blocking pipe and the other to a non-blocking pipe, we can't use splice() +- * either, hence don't try either. This hence means we can only use splice() if +- * either only one of the two fds is a pipe, or if both are pipes with the same +- * nonblocking flag setting. */ ++ /* splice() only works if one of the fds is a pipe. If neither is, ++ * let's skip this step right-away. As mentioned above, if one of the ++ * two fds refers to a blocking pipe and the other to a non-blocking ++ * pipe, we can't use splice() either, hence don't try either. This ++ * hence means we can only use splice() if either only one of the two ++ * fds is a pipe, or if both are pipes with the same nonblocking flag ++ * setting. */ + + try_splice = false; + else +@@ -259,9 +276,13 @@ int copy_bytes_full( + + try_splice = false; + /* use fallback below */ +- } else if (n == 0) /* EOF */ +- break; +- else ++ } else if (n == 0) { /* likely EOF */ ++ ++ if (copied_something) ++ break; ++ ++ try_splice = false; /* same logic as above for copy_file_range() + sendfile() */ ++ } else + /* Success! */ + goto next; + } +@@ -312,11 +333,13 @@ int copy_bytes_full( + assert(max_bytes >= (uint64_t) n); + max_bytes -= n; + } +- /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, +- * so reduce our maximum by the amount we already copied, +- * but don't go below our copy buffer size, unless we are +- * close the limit of bytes we are allowed to copy. */ ++ ++ /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, so reduce our maximum by the ++ * amount we already copied, but don't go below our copy buffer size, unless we are close the ++ * limit of bytes we are allowed to copy. */ + m = MAX(MIN(COPY_BUFFER_SIZE, max_bytes), m - n); ++ ++ copied_something = true; + } + + return 0; /* return 0 if we hit EOF earlier than the size limit */ +diff --git a/src/test/test-copy.c b/src/test/test-copy.c +index 2e8d251ac1..29ac33e47a 100644 +--- a/src/test/test-copy.c ++++ b/src/test/test-copy.c +@@ -253,6 +253,22 @@ static void test_copy_atomic(void) { + assert_se(copy_file_atomic("/etc/fstab", q, 0644, 0, COPY_REPLACE) >= 0); + } + ++static void test_copy_proc(void) { ++ _cleanup_(rm_rf_physical_and_freep) char *p = NULL; ++ _cleanup_free_ char *f = NULL, *a = NULL, *b = NULL; ++ ++ /* Check if copying data from /proc/ works correctly, i.e. let's see if https://lwn.net/Articles/846403/ is a problem for us */ ++ ++ assert_se(mkdtemp_malloc(NULL, &p) >= 0); ++ assert_se(f = path_join(NULL, p, "version")); ++ assert_se(copy_file("/proc/version", f, 0, (mode_t) -1, 0, 0) >= 0); ++ ++ assert_se(read_one_line_file("/proc/version", &a) >= 0); ++ assert_se(read_one_line_file(f, &b) >= 0); ++ assert_se(streq(a, b)); ++ assert_se(strlen(a) > 0); ++} ++ + int main(int argc, char *argv[]) { + log_set_max_level(LOG_DEBUG); + +@@ -267,6 +283,7 @@ int main(int argc, char *argv[]) { + test_copy_bytes_regular_file(argv[0], false, 32000); /* larger than copy buffer size */ + test_copy_bytes_regular_file(argv[0], true, 32000); + test_copy_atomic(); ++ test_copy_proc(); + + return 0; + } diff --git a/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch b/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch new file mode 100644 index 0000000..1ec2d8a --- /dev/null +++ b/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch @@ -0,0 +1,33 @@ +From 4dc498258bd0cce1bc8ad2311c5f12de5678e0af Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 27 May 2021 12:25:51 +0200 +Subject: [PATCH] core: Hide "Deactivated successfully" message + +Show message "Deactivated successfully" in debug mode (when manager is +user) rather than in info mode. This message has low information value +for regular users and it might be a bit overwhelming on a system with +a lot of devices. + +(cherry picked from commit edf2ee22f54005d76b2fb8fdcc9c60974feb88bc) + +Resolves: #1954802 +--- + src/core/unit.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index cd3e7c806d..93c13e58d9 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5525,7 +5525,10 @@ int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) { + void unit_log_success(Unit *u) { + assert(u); + +- log_struct(LOG_INFO, ++ /* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode. ++ * This message has low information value for regular users and it might be a bit overwhelming on a system with ++ * a lot of devices. */ ++ log_struct(MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO, + "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR, + LOG_UNIT_ID(u), + LOG_UNIT_INVOCATION_ID(u), diff --git a/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch b/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch new file mode 100644 index 0000000..bdc3418 --- /dev/null +++ b/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch @@ -0,0 +1,35 @@ +From 42f639d3689b7cbc9ce6b9578a2790c254508384 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Fri, 8 Jan 2021 14:52:26 +0800 +Subject: [PATCH] util: rework in_initrd() to make use of + path_is_temporary_fs() + +(cherry picked from commit 96cceb35e7985f5ee6c9b17e129a76259273cdde) + +Related: #1959339 +--- + src/basic/util.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/basic/util.c b/src/basic/util.c +index 82cb937314..b443e639f3 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -130,7 +130,6 @@ int prot_from_flags(int flags) { + } + + bool in_initrd(void) { +- struct statfs s; + + if (saved_in_initrd >= 0) + return saved_in_initrd; +@@ -146,8 +145,7 @@ bool in_initrd(void) { + */ + + saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 && +- statfs("/", &s) >= 0 && +- is_temporary_fs(&s); ++ path_is_temporary_fs("/") > 0; + + return saved_in_initrd; + } diff --git a/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch b/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch new file mode 100644 index 0000000..0b3202f --- /dev/null +++ b/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch @@ -0,0 +1,99 @@ +From 99ca5b681fceedd010b2616b1248a483f4bfbd97 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Wed, 13 Jan 2021 00:04:53 +0800 +Subject: [PATCH] initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs + +Sometimes, non-ramfs initrd root are useful. Eg, for kdump, because +initramfs is memory consuming, so mount a compressed image in earlier +initrd, chroot into it then let systemd do the rest of job is a good +solution. + +But systemd doesn't recognize the initrd environment if rootfs is not a +temporary fs. This is a reasonable check, because switch-root in initrd +will wipe the whole rootfs, will be a disaster if there are any +misdetect. + +So extend SYSTEMD_IN_INITRD environment variable, now it accepts boolean +value and two extra keyword, "auto" and "lenient". "auto" is same as +before, and it's the default value. "lenient" will let systemd bypass +the rootfs check. + +(cherry picked from commit db4c45cf4f10ca094b9e9570b758abd445d65381) + +Related: #1959339 +--- + doc/ENVIRONMENT.md | 8 ++++++++ + src/basic/util.c | 28 +++++++++++++++++++++++++--- + 2 files changed, 33 insertions(+), 3 deletions(-) + +diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md +index 36b649afe1..8d7ce6ae2c 100644 +--- a/doc/ENVIRONMENT.md ++++ b/doc/ENVIRONMENT.md +@@ -37,6 +37,14 @@ All tools: + useful for debugging, in order to test generators and other code against + specific kernel command lines. + ++* `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection ++ method. Defaults to `auto`. Behavior is defined as follows: ++ `auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted ++ on `/`. If both conditions meet, then it's in initrd. ++ `lenient`: Similiar to `auto`, but the rootfs check is skipped. ++ `0|1`: Simply overrides initrd detection. This is useful for debugging and ++ testing initrd-only programs in the main system. ++ + * `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will + not output graphical smiley emojis, but ASCII alternatives instead. Note that + this only controls use of Unicode emoji glyphs, and has no effect on other +diff --git a/src/basic/util.c b/src/basic/util.c +index b443e639f3..59bcf7b00c 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -130,11 +130,14 @@ int prot_from_flags(int flags) { + } + + bool in_initrd(void) { ++ int r; ++ const char *e; ++ bool lenient = false; + + if (saved_in_initrd >= 0) + return saved_in_initrd; + +- /* We make two checks here: ++ /* We have two checks here: + * + * 1. the flag file /etc/initrd-release must exist + * 2. the root file system must be a memory file system +@@ -142,10 +145,29 @@ bool in_initrd(void) { + * The second check is extra paranoia, since misdetecting an + * initrd can have bad consequences due the initrd + * emptying when transititioning to the main systemd. ++ * ++ * If env var $SYSTEMD_IN_INITRD is not set or set to "auto", ++ * both checks are used. If it's set to "lenient", only check ++ * 1 is used. If set to a booleen value, then the boolean ++ * value is returned. + */ + +- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 && +- path_is_temporary_fs("/") > 0; ++ e = secure_getenv("SYSTEMD_IN_INITRD"); ++ if (e) { ++ if (streq(e, "lenient")) ++ lenient = true; ++ else if (!streq(e, "auto")) { ++ r = parse_boolean(e); ++ if (r >= 0) { ++ saved_in_initrd = r > 0; ++ return saved_in_initrd; ++ } ++ log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m"); ++ } ++ } ++ ++ saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) && ++ access("/etc/initrd-release", F_OK) >= 0; + + return saved_in_initrd; + } diff --git a/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch b/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch new file mode 100644 index 0000000..cda944e --- /dev/null +++ b/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch @@ -0,0 +1,35 @@ +From 3299c855c6e65596ff9d8635dcbd45ff6818499a Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Thu, 14 Jan 2021 00:39:10 +0800 +Subject: [PATCH] initrd: do a debug log if failed to detect rootfs type + +(cherry picked from commit 3377c740d9121f38385e70d6a380b5e4bd8c672a) + +Related: #1959339 +--- + src/basic/util.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/basic/util.c b/src/basic/util.c +index 59bcf7b00c..fef52ad5ff 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -166,8 +166,16 @@ bool in_initrd(void) { + } + } + +- saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) && +- access("/etc/initrd-release", F_OK) >= 0; ++ if (!lenient) { ++ r = path_is_temporary_fs("/"); ++ if (r < 0) ++ log_debug_errno(r, "Couldn't determine if / is a temporary file system: %m"); ++ ++ saved_in_initrd = r > 0; ++ } ++ ++ if (saved_in_initrd != 0) ++ saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0; + + return saved_in_initrd; + } diff --git a/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch b/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch new file mode 100644 index 0000000..f31ba4c --- /dev/null +++ b/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch @@ -0,0 +1,39 @@ +From a1417c121d19272b1389098648132106a5ffc661 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Thu, 14 Jan 2021 01:25:20 +0800 +Subject: [PATCH] initrd: do a debug log if /etc/initrd-release doesn't take + effect + +Signed-off-by: Kairui Song + +(cherry picked from commit 4a60d8cbcae574896a28f9f1f6204a1bddca8e99) + +Related: #1959339 +--- + src/basic/util.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/basic/util.c b/src/basic/util.c +index fef52ad5ff..609f8c2f33 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -174,8 +174,17 @@ bool in_initrd(void) { + saved_in_initrd = r > 0; + } + +- if (saved_in_initrd != 0) +- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0; ++ r = access("/etc/initrd-release", F_OK); ++ if (r >= 0) { ++ if (saved_in_initrd == 0) ++ log_debug("/etc/initrd-release exists, but it's not an initrd."); ++ else ++ saved_in_initrd = 1; ++ } else { ++ if (errno != ENOENT) ++ log_debug_errno(errno, "Failed to test if /etc/initrd-release exists: %m"); ++ saved_in_initrd = 0; ++ } + + return saved_in_initrd; + } diff --git a/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch b/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch new file mode 100644 index 0000000..ea2c0ce --- /dev/null +++ b/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch @@ -0,0 +1,25 @@ +From 64975b046d5a0877690aa6de9389b8234ee1cfab Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 3 Aug 2018 10:45:31 +0200 +Subject: [PATCH] units: assign user-runtime-dir@.service to user-%i.slice + +This service won't use much resources, but it's certainly nicer to see +it attached th the user's slice along with user@.service, so that +everything we run for a specific user is properly bound into one unit. + +(cherry picked from commit 1193c11a04b3ecc29925904fbeb5d64834bce73e) + +Related: #1946453 +--- + units/user-runtime-dir@.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in +index 8c02beda3b..13b3ed52f8 100644 +--- a/units/user-runtime-dir@.service.in ++++ b/units/user-runtime-dir@.service.in +@@ -15,3 +15,4 @@ StopWhenUnneeded=yes + ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i + ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i + RemainAfterExit=true ++Slice=user-%i.slice diff --git a/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch b/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch new file mode 100644 index 0000000..c852f8d --- /dev/null +++ b/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch @@ -0,0 +1,30 @@ +From 1fa9a6bf51a1a1d0fa2ccc23283739d16e9179b4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 3 Aug 2018 10:42:09 +0200 +Subject: [PATCH] units: order user-runtime-dir@.service after + systemd-user-sessions.service + +We use systemd-user-sessions.service as barrier when to allow login +sessions. With this patch user@.service is ordered after that too, so +that any login related code (which user-runtime-dir@.service is) is +guaranteed to run after the barrier, and never before. + +(cherry picked from commit eb748aef4fbfd03b64938aa471bb8ceda1bc89a8) + +Related: #1946453 +--- + units/user-runtime-dir@.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in +index 13b3ed52f8..31354c9bf2 100644 +--- a/units/user-runtime-dir@.service.in ++++ b/units/user-runtime-dir@.service.in +@@ -9,6 +9,7 @@ + + [Unit] + Description=/run/user/%i mount wrapper ++After=systemd-user-sessions.service + StopWhenUnneeded=yes + + [Service] diff --git a/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch b/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch new file mode 100644 index 0000000..493f4c6 --- /dev/null +++ b/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch @@ -0,0 +1,26 @@ +From 780d1d9fa7ccc036e6e237221ac51ed69453c8c6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 2 Aug 2018 20:57:56 +0200 +Subject: [PATCH] units: make sure user-runtime-dir@.service is Type=oneshot + +We order user@.service after it, hence we need to properly know when it +finished starting up. + +(cherry picked from commit d06e8fbce35c2b52ee1d09af4888876d5f2d7ae4) + +Related: #1946453 +--- + units/user-runtime-dir@.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in +index 31354c9bf2..bfd6488d61 100644 +--- a/units/user-runtime-dir@.service.in ++++ b/units/user-runtime-dir@.service.in +@@ -15,5 +15,6 @@ StopWhenUnneeded=yes + [Service] + ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i + ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i ++Type=oneshot + RemainAfterExit=true + Slice=user-%i.slice diff --git a/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch b/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch new file mode 100644 index 0000000..1a577ba --- /dev/null +++ b/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch @@ -0,0 +1,52 @@ +From 354b894aa3e79f54ab75bf6fae76ce28ca80db38 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 2 Aug 2018 20:56:34 +0200 +Subject: [PATCH] user-runtime-dir: downgrade a few log messages to LOG_DEBUG + that we ignore + +As the comments already say it might be quite likely that +$XDG_RUNTIME_DIR is not set up as mount, and we shouldn't complain about +that. + +Moreover, let's make this idempotent, so that a runtime dir that is +already gone and is removed again doesn't cause failure. + +(cherry picked from commit 3a13442bbf72e7ebdd0b4d60c2922ea7c5cc9496) + +Related: #1946453 +--- + src/login/user-runtime-dir.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c +index 1bb26c99e4..9693821990 100644 +--- a/src/login/user-runtime-dir.c ++++ b/src/login/user-runtime-dir.c +@@ -95,20 +95,19 @@ static int user_remove_runtime_path(const char *runtime_path) { + + r = rm_rf(runtime_path, 0); + if (r < 0) +- log_error_errno(r, "Failed to remove runtime directory %s (before unmounting): %m", runtime_path); ++ log_debug_errno(r, "Failed to remove runtime directory %s (before unmounting), ignoring: %m", runtime_path); + +- /* Ignore cases where the directory isn't mounted, as that's +- * quite possible, if we lacked the permissions to mount +- * something */ ++ /* Ignore cases where the directory isn't mounted, as that's quite possible, if we lacked the permissions to ++ * mount something */ + r = umount2(runtime_path, MNT_DETACH); + if (r < 0 && !IN_SET(errno, EINVAL, ENOENT)) +- log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", runtime_path); ++ log_debug_errno(errno, "Failed to unmount user runtime directory %s, ignoring: %m", runtime_path); + + r = rm_rf(runtime_path, REMOVE_ROOT); +- if (r < 0) +- log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path); ++ if (r < 0 && r != -ENOENT) ++ return log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path); + +- return r; ++ return 0; + } + + static int do_mount(const char *runtime_path, uid_t uid, gid_t gid) { diff --git a/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch b/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch new file mode 100644 index 0000000..beb7ac3 --- /dev/null +++ b/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch @@ -0,0 +1,33 @@ +From 91ed691ff73d4d71fae8f6896a1bba73e6a76bba Mon Sep 17 00:00:00 2001 +From: David Michael +Date: Wed, 20 Mar 2019 15:14:32 +0000 +Subject: [PATCH] shared/install: Preserve escape characters for escaped unit + names + +Since switching to extract_first_word with no flags for parsing +unit names in 4c9565eea534cd233a913c8c21f7920dba229743, escape +characters will be stripped from escaped unit names such as +"mnt-persistent\x2dvolume.mount" resulting in the unit not being +configured as defined. Preserve escape characters again for +compatibility with existing preset definitions. + +(cherry picked from commit 82bd4da71e9cdd5a2e9266332f5a7399845e31f6) + +Resolves: #1952686 +--- + src/shared/install.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index c2847df3f8..c9fef6bde2 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -2774,7 +2774,7 @@ static int split_pattern_into_name_and_instances(const char *pattern, char **out + assert(out_instances); + assert(out_unit_name); + +- r = extract_first_word(&pattern, &unit_name, NULL, 0); ++ r = extract_first_word(&pattern, &unit_name, NULL, EXTRACT_RETAIN_ESCAPE); + if (r < 0) + return r; + diff --git a/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch b/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch new file mode 100644 index 0000000..38da2c0 --- /dev/null +++ b/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch @@ -0,0 +1,80 @@ +From 48dacf8d30cd61b72939e9c3419acced4b2fde74 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Fri, 2 Oct 2020 11:05:23 +0200 +Subject: [PATCH] basic/virt: Detect PowerVM hypervisor + +Currently systemd-detect-virt fails to detect running under PowerVM. + +Add code to detect PowerVM based on code in util-linux. + +Signed-off-by: Michal Suchanek +(cherry picked from commit 3224e38bb6b3287ca253cbafb460a150544d5818) + +Resolves: #1937989 +--- + man/systemd-detect-virt.xml | 7 ++++++- + src/basic/virt.c | 6 ++++++ + src/basic/virt.h | 1 + + 3 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index c4763fd561..6beb2c2aa1 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -65,7 +65,7 @@ + + + +- VM ++ VM + qemu + QEMU software virtualization, without KVM + +@@ -95,6 +95,11 @@ + Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor + + ++ ++ powervm ++ IBM PowerVM hypervisor - comes as firmware with some IBM POWER servers ++ ++ + + xen + Xen hypervisor (only domU, not dom0) +diff --git a/src/basic/virt.c b/src/basic/virt.c +index dfa1525219..0b88005ed6 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -92,6 +92,11 @@ static int detect_vm_device_tree(void) { + _cleanup_closedir_ DIR *dir = NULL; + struct dirent *dent; + ++ if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 && ++ access("/proc/device-tree/hmc-managed?", F_OK) == 0 && ++ access("/proc/device-tree/chosen/qemu,graphic-width", F_OK) != 0) ++ return VIRTUALIZATION_POWERVM; ++ + dir = opendir("/proc/device-tree"); + if (!dir) { + if (errno == ENOENT) { +@@ -635,6 +640,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_PARALLELS] = "parallels", + [VIRTUALIZATION_BHYVE] = "bhyve", + [VIRTUALIZATION_QNX] = "qnx", ++ [VIRTUALIZATION_POWERVM] = "powervm", + [VIRTUALIZATION_VM_OTHER] = "vm-other", + + [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", +diff --git a/src/basic/virt.h b/src/basic/virt.h +index c4cf4bfeab..640b3ed779 100644 +--- a/src/basic/virt.h ++++ b/src/basic/virt.h +@@ -21,6 +21,7 @@ enum { + VIRTUALIZATION_PARALLELS, + VIRTUALIZATION_BHYVE, + VIRTUALIZATION_QNX, ++ VIRTUALIZATION_POWERVM, + VIRTUALIZATION_VM_OTHER, + VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER, + diff --git a/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch b/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch new file mode 100644 index 0000000..233523a --- /dev/null +++ b/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch @@ -0,0 +1,57 @@ +From 102f4ff97a24c2ddaf6e569c678a0a713f972863 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Fri, 19 Mar 2021 10:05:47 +0100 +Subject: [PATCH] man: document differences in clean exit status for + Type=oneshot + +See commit 1f0958f640b87175cd547c1e69084cfe54a22e9d . + +(cherry picked from commit f055cf77862bc580f3afbfaac161d1c060f39411) + +Resolves: #1940078 +--- + man/systemd.service.xml | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/man/systemd.service.xml b/man/systemd.service.xml +index 54586d1948..1e30a564df 100644 +--- a/man/systemd.service.xml ++++ b/man/systemd.service.xml +@@ -669,14 +669,19 @@ + If set to (the default), the service will + not be restarted. If set to , it + will be restarted only when the service process exits cleanly. +- In this context, a clean exit means an exit code of 0, or one +- of the signals +- SIGHUP, +- SIGINT, +- SIGTERM or +- SIGPIPE, and +- additionally, exit statuses and signals specified in +- SuccessExitStatus=. If set to ++ In this context, a clean exit means any of the following: ++ ++ exit code of 0; ++ for types other than ++ Type=oneshot, one of the signals ++ SIGHUP, ++ SIGINT, ++ SIGTERM, or ++ SIGPIPE; ++ exit statuses and signals specified in ++ SuccessExitStatus=. ++ ++ If set to + , the service will be restarted + when the process exits with a non-zero exit code, is + terminated by a signal (including on core dump, but excluding +@@ -798,7 +803,8 @@ + Takes a list of exit status definitions that, + when returned by the main service process, will be considered + successful termination, in addition to the normal successful +- exit code 0 and the signals SIGHUP, ++ exit code 0 and, except for Type=oneshot, ++ the signals SIGHUP, + SIGINT, SIGTERM, and + SIGPIPE. Exit status definitions can + either be numeric exit codes or termination signal names, diff --git a/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch b/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch new file mode 100644 index 0000000..c40d0fd --- /dev/null +++ b/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch @@ -0,0 +1,42 @@ +From 53673326ea78039b27e1dbd5328a8fe9a1a17445 Mon Sep 17 00:00:00 2001 +From: d032747 +Date: Tue, 15 Dec 2020 10:40:06 +0100 +Subject: [PATCH] busctl: add a timestamp to the output of the busctl monitor + command + +(cherry picked from commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2) + +Resolves: #1909214 +--- + src/libsystemd/sd-bus/bus-dump.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/libsystemd/sd-bus/bus-dump.c b/src/libsystemd/sd-bus/bus-dump.c +index 2bd06053a6..36f592e0ba 100644 +--- a/src/libsystemd/sd-bus/bus-dump.c ++++ b/src/libsystemd/sd-bus/bus-dump.c +@@ -55,6 +55,15 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) { + f = stdout; + + if (flags & BUS_MESSAGE_DUMP_WITH_HEADER) { ++ char buf[FORMAT_TIMESTAMP_MAX]; ++ const char *p; ++ usec_t ts = m->realtime; ++ ++ if (ts == 0) ++ ts = now(CLOCK_REALTIME); ++ ++ p = format_timestamp_us_utc(buf, sizeof(buf), ts); ++ + fprintf(f, + "%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64, + m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() : +@@ -82,6 +91,8 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) { + if (m->reply_cookie != 0) + fprintf(f, " ReplyCookie=%" PRIu64, m->reply_cookie); + ++ fprintf(f, " Timestamp=\"%s\"", strna(p)); ++ + fputs("\n", f); + + if (m->sender) diff --git a/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch b/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch new file mode 100644 index 0000000..2a0c9a6 --- /dev/null +++ b/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch @@ -0,0 +1,90 @@ +From 240c55f1526300daac640ef2c1f4941de4579493 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Jul 2020 23:15:47 +0200 +Subject: [PATCH] basic/cap-list: parse/print numerical capabilities + +We would refuse to print capabilities which were didn't have a name +for. The kernel adds new capabilities from time to time, most recently +cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with +"Failed to parse bus message: Invalid argument" because +capability_set_to_string_alloc() would fail with -EINVAL. So let's +print such capabilities in hexadecimal: + +CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search + cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap + cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin + cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16 + 0x17 0x18 0x19 0x1a ... + +For symmetry, also allow capabilities that we don't know to be specified. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736. + +(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329) + +Resolves: #1946943 +--- + src/basic/cap-list.c | 10 +++++++--- + src/test/test-cap-list.c | 4 +++- + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c +index bfcda33520..56a81c7dfc 100644 +--- a/src/basic/cap-list.c ++++ b/src/basic/cap-list.c +@@ -10,6 +10,7 @@ + #include "macro.h" + #include "missing.h" + #include "parse-util.h" ++#include "stdio-util.h" + #include "util.h" + + static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len); +@@ -37,7 +38,7 @@ int capability_from_name(const char *name) { + /* Try to parse numeric capability */ + r = safe_atoi(name, &i); + if (r >= 0) { +- if (i >= 0 && i < (int) ELEMENTSOF(capability_names)) ++ if (i >= 0 && i < 64) + return i; + else + return -EINVAL; +@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) { + for (i = 0; i < cap_last_cap(); i++) + if (set & (UINT64_C(1) << i)) { + const char *p; ++ char buf[2 + 16 + 1]; + size_t add; + + p = capability_to_name(i); +- if (!p) +- return -EINVAL; ++ if (!p) { ++ xsprintf(buf, "0x%lx", i); ++ p = buf; ++ } + + add = strlen(p); + +diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c +index de5fa729cc..84bbb7b7e7 100644 +--- a/src/test/test-cap-list.c ++++ b/src/test/test-cap-list.c +@@ -30,6 +30,8 @@ static void test_cap_list(void) { + assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ); + assert_se(capability_from_name("0") == 0); + assert_se(capability_from_name("15") == 15); ++ assert_se(capability_from_name("63") == 63); ++ assert_se(capability_from_name("64") == -EINVAL); + assert_se(capability_from_name("-1") == -EINVAL); + + for (i = 0; i < capability_list_length(); i++) { +@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) { + + free(t1); + assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t, +- " hogehoge foobar 12345 3.14 -3 ", t)); ++ " hogehoge foobar 18446744073709551616 3.14 -3 ", t)); + assert_se(capability_set_from_string(t1, &c1) == 0); + assert_se(c1 == c_masked); + } diff --git a/SOURCES/0585-shared-mount-util-convert-to-libmount.patch b/SOURCES/0585-shared-mount-util-convert-to-libmount.patch new file mode 100644 index 0000000..0c3a221 --- /dev/null +++ b/SOURCES/0585-shared-mount-util-convert-to-libmount.patch @@ -0,0 +1,318 @@ +From ca634baa10e2249d4a706d59b67be764867e5f32 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 30 Nov 2020 10:37:06 +0100 +Subject: [PATCH] shared/mount-util: convert to libmount + +It seems better to use just a single parsing algorithm for /proc/self/mountinfo. + +Also, unify the naming of variables in all places that use mnt_table_next_fs(). +It makes it easier to compare the different call sites. + +(cherry picked from commit 13dcfe4661b467131c943620d0f44711798bfd54) + +Related: #1885143 +--- + src/basic/mount-util.c | 133 ++++++++++++++++++----------------------- + src/core/mount.c | 22 +++---- + src/core/umount.c | 14 ++--- + 3 files changed, 76 insertions(+), 93 deletions(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index 5b04e21f34..bac1a25cc8 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -13,7 +13,6 @@ + #include + + #include "alloc-util.h" +-#include "escape.h" + #include "extract-word.h" + #include "fd-util.h" + #include "fileio.h" +@@ -27,6 +26,9 @@ + #include "string-util.h" + #include "strv.h" + ++DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_table*, mnt_free_table); ++DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_iter*, mnt_free_iter); ++ + /* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of + * any more currently defined value to future-proof things: if the size is increased in the API headers, and our code + * is recompiled then it would cease working on old kernels, as those refuse any sizes larger than this value with +@@ -313,55 +315,43 @@ int umount_recursive(const char *prefix, int flags) { + * unmounting them until they are gone. */ + + do { +- _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; ++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; ++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; + + again = false; +- r = 0; + +- proc_self_mountinfo = fopen("/proc/self/mountinfo", "re"); +- if (!proc_self_mountinfo) +- return -errno; ++ table = mnt_new_table(); ++ iter = mnt_new_iter(MNT_ITER_FORWARD); ++ if (!table || !iter) ++ return -ENOMEM; + +- (void) __fsetlocking(proc_self_mountinfo, FSETLOCKING_BYCALLER); ++ r = mnt_table_parse_mtab(table, NULL); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m"); + + for (;;) { +- _cleanup_free_ char *path = NULL, *p = NULL; +- int k; +- +- k = fscanf(proc_self_mountinfo, +- "%*s " /* (1) mount id */ +- "%*s " /* (2) parent id */ +- "%*s " /* (3) major:minor */ +- "%*s " /* (4) root */ +- "%ms " /* (5) mount point */ +- "%*s" /* (6) mount options */ +- "%*[^-]" /* (7) optional fields */ +- "- " /* (8) separator */ +- "%*s " /* (9) file system type */ +- "%*s" /* (10) mount source */ +- "%*s" /* (11) mount options 2 */ +- "%*[^\n]", /* some rubbish at the end */ +- &path); +- if (k != 1) { +- if (k == EOF) +- break; ++ struct libmnt_fs *fs; ++ const char *path; + +- continue; +- } +- +- r = cunescape(path, UNESCAPE_RELAX, &p); ++ r = mnt_table_next_fs(table, iter, &fs); ++ if (r == 1) ++ break; + if (r < 0) +- return r; ++ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m"); + +- if (!path_startswith(p, prefix)) ++ path = mnt_fs_get_target(fs); ++ if (!path) + continue; + +- if (umount2(p, flags) < 0) { +- r = log_debug_errno(errno, "Failed to umount %s: %m", p); ++ if (!path_startswith(path, prefix)) ++ continue; ++ ++ if (umount2(path, flags) < 0) { ++ r = log_debug_errno(errno, "Failed to umount %s: %m", path); + continue; + } + +- log_debug("Successfully unmounted %s", p); ++ log_debug("Successfully unmounted %s", path); + + again = true; + n++; +@@ -416,6 +406,8 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl + + for (;;) { + _cleanup_set_free_free_ Set *todo = NULL; ++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; ++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; + bool top_autofs = false; + char *x; + unsigned long orig_flags; +@@ -424,58 +416,52 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl + if (!todo) + return -ENOMEM; + ++ table = mnt_new_table(); ++ iter = mnt_new_iter(MNT_ITER_FORWARD); ++ if (!table || !iter) ++ return -ENOMEM; ++ + rewind(proc_self_mountinfo); + +- for (;;) { +- _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL; +- int k; +- +- k = fscanf(proc_self_mountinfo, +- "%*s " /* (1) mount id */ +- "%*s " /* (2) parent id */ +- "%*s " /* (3) major:minor */ +- "%*s " /* (4) root */ +- "%ms " /* (5) mount point */ +- "%*s" /* (6) mount options (superblock) */ +- "%*[^-]" /* (7) optional fields */ +- "- " /* (8) separator */ +- "%ms " /* (9) file system type */ +- "%*s" /* (10) mount source */ +- "%*s" /* (11) mount options (bind mount) */ +- "%*[^\n]", /* some rubbish at the end */ +- &path, +- &type); +- if (k != 2) { +- if (k == EOF) +- break; ++ r = mnt_table_parse_stream(table, proc_self_mountinfo, "/proc/self/mountinfo"); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m"); + +- continue; +- } ++ for (;;) { ++ struct libmnt_fs *fs; ++ const char *path, *type; + +- r = cunescape(path, UNESCAPE_RELAX, &p); ++ r = mnt_table_next_fs(table, iter, &fs); ++ if (r == 1) ++ break; + if (r < 0) +- return r; ++ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m"); ++ ++ path = mnt_fs_get_target(fs); ++ type = mnt_fs_get_fstype(fs); ++ if (!path || !type) ++ continue; + +- if (!path_startswith(p, cleaned)) ++ if (!path_startswith(path, cleaned)) + continue; + +- /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount we shall +- * operate on. */ +- if (!path_equal(cleaned, p)) { ++ /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount ++ * we shall operate on. */ ++ if (!path_equal(path, cleaned)) { + bool blacklisted = false; + char **i; + + STRV_FOREACH(i, blacklist) { +- + if (path_equal(*i, cleaned)) + continue; + + if (!path_startswith(*i, cleaned)) + continue; + +- if (path_startswith(p, *i)) { ++ if (path_startswith(path, *i)) { + blacklisted = true; +- log_debug("Not remounting %s, because blacklisted by %s, called for %s", p, *i, cleaned); ++ log_debug("Not remounting %s blacklisted by %s, called for %s", ++ path, *i, cleaned); + break; + } + } +@@ -490,15 +476,12 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl + * already triggered, then we will find + * another entry for this. */ + if (streq(type, "autofs")) { +- top_autofs = top_autofs || path_equal(cleaned, p); ++ top_autofs = top_autofs || path_equal(path, cleaned); + continue; + } + +- if (!set_contains(done, p)) { +- r = set_consume(todo, p); +- p = NULL; +- if (r == -EEXIST) +- continue; ++ if (!set_contains(done, path)) { ++ r = set_put_strdup(todo, path); + if (r < 0) + return r; + } +diff --git a/src/core/mount.c b/src/core/mount.c +index 076dfd06a3..7e80a0c974 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1606,18 +1606,18 @@ fail: + } + + static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { +- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL; +- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL; +- int r = 0; ++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; ++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; ++ int r; + + assert(m); + +- t = mnt_new_table(); +- i = mnt_new_iter(MNT_ITER_FORWARD); +- if (!t || !i) ++ table = mnt_new_table(); ++ iter = mnt_new_iter(MNT_ITER_FORWARD); ++ if (!table || !iter) + return log_oom(); + +- r = mnt_table_parse_mtab(t, NULL); ++ r = mnt_table_parse_mtab(table, NULL); + if (r < 0) + return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m"); + +@@ -1628,11 +1628,11 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + _cleanup_free_ char *d = NULL, *p = NULL; + int k; + +- k = mnt_table_next_fs(t, i, &fs); +- if (k == 1) ++ r = mnt_table_next_fs(table, iter, &fs); ++ if (r == 1) + break; +- if (k < 0) +- return log_error_errno(k, "Failed to get next entry from /proc/self/mountinfo: %m"); ++ if (r < 0) ++ return log_error_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m"); + + device = mnt_fs_get_source(fs); + path = mnt_fs_get_target(fs); +diff --git a/src/core/umount.c b/src/core/umount.c +index 241fe6fc62..3f02bf141a 100644 +--- a/src/core/umount.c ++++ b/src/core/umount.c +@@ -55,18 +55,18 @@ void mount_points_list_free(MountPoint **head) { + } + + int mount_points_list_get(const char *mountinfo, MountPoint **head) { +- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL; +- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL; ++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; ++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; + int r; + + assert(head); + +- t = mnt_new_table(); +- i = mnt_new_iter(MNT_ITER_FORWARD); +- if (!t || !i) ++ table = mnt_new_table(); ++ iter = mnt_new_iter(MNT_ITER_FORWARD); ++ if (!table || !iter) + return log_oom(); + +- r = mnt_table_parse_mtab(t, mountinfo); ++ r = mnt_table_parse_mtab(table, mountinfo); + if (r < 0) + return log_error_errno(r, "Failed to parse %s: %m", mountinfo); + +@@ -79,7 +79,7 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) { + bool try_remount_ro; + MountPoint *m; + +- r = mnt_table_next_fs(t, i, &fs); ++ r = mnt_table_next_fs(table, iter, &fs); + if (r == 1) + break; + if (r < 0) diff --git a/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch b/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch new file mode 100644 index 0000000..a212238 --- /dev/null +++ b/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch @@ -0,0 +1,92 @@ +From 996f88461c45e8620c5a8a0c958dc133bd02c50e Mon Sep 17 00:00:00 2001 +From: Jakob Unterwurzacher +Date: Mon, 30 Nov 2020 10:27:48 +0100 +Subject: [PATCH] mount-util: bind_remount: avoid calling statvfs + +The commit +"util: Do not clear parent mount flags when setting up namespaces" +introduced a statvfs call read the flags of the original mount +and have them applied to the bind mount. + +This has two problems: + +(1) The mount flags returned by statvfs(2) do not match the flags +accepted by mount(2). For example, the value 4096 means ST_RELATIME +when returned by statvfs(2), but means MS_BIND when passed to mount(2). + +(2) A call to statvfs blocks indefinitely when ran against a disconnected +network drive ( https://github.com/systemd/systemd/issues/12667 ). + +We already use libmount to parse `/proc/self/mountinfo` but did not use the +mount flag information from there. This patch changes that to use the mount +flags parsed by libmount instead of calling statvfs. Only if getting the +flags through libmount fails we call statvfs. + +Fixes https://github.com/systemd/systemd/issues/12667 + +(cherry picked from commit d34a40082db3ffca8de66bfa4df50951101bdae5) + +Resolves: #1885143 +--- + src/basic/mount-util.c | 31 +++++++++++++++++++++++++++---- + 1 file changed, 27 insertions(+), 4 deletions(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index bac1a25cc8..2cf98eaa84 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -364,11 +364,34 @@ int umount_recursive(const char *prefix, int flags) { + return r ? r : n; + } + +-static int get_mount_flags(const char *path, unsigned long *flags) { +- struct statvfs buf; ++/* Get the mount flags for the mountpoint at "path" from "table" */ ++static int get_mount_flags(const char *path, unsigned long *flags, struct libmnt_table *table) { ++ struct statvfs buf = {}; ++ struct libmnt_fs *fs = NULL; ++ const char *opts = NULL; ++ int r = 0; ++ ++ fs = mnt_table_find_target(table, path, MNT_ITER_FORWARD); ++ if (fs == NULL) { ++ log_warning("Could not find '%s' in mount table", path); ++ goto fallback; ++ } ++ ++ opts = mnt_fs_get_vfs_options(fs); ++ r = mnt_optstr_get_flags(opts, flags, mnt_get_builtin_optmap(MNT_LINUX_MAP)); ++ if (r != 0) { ++ log_warning_errno(r, "Could not get flags for '%s': %m", path); ++ goto fallback; ++ } + ++ /* relatime is default and trying to set it in an unprivileged container causes EPERM */ ++ *flags &= ~MS_RELATIME; ++ return 0; ++ ++fallback: + if (statvfs(path, &buf) < 0) + return -errno; ++ + *flags = buf.f_flag; + return 0; + } +@@ -501,7 +524,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl + return -errno; + + orig_flags = 0; +- (void) get_mount_flags(cleaned, &orig_flags); ++ (void) get_mount_flags(cleaned, &orig_flags, table); + orig_flags &= ~MS_RDONLY; + + if (mount(NULL, prefix, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) +@@ -535,7 +558,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl + + /* Try to reuse the original flag set */ + orig_flags = 0; +- (void) get_mount_flags(x, &orig_flags); ++ (void) get_mount_flags(x, &orig_flags, table); + orig_flags &= ~MS_RDONLY; + + if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) diff --git a/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch b/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch new file mode 100644 index 0000000..80fadef --- /dev/null +++ b/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch @@ -0,0 +1,30 @@ +From b6ffe7ec63d86c5ac66171d6731068b87e3e7b50 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sat, 27 Jun 2020 11:13:01 +0200 +Subject: [PATCH] mount-util: use UMOUNT_NOFOLLOW in recursive umounter + +When we only want to unmount mount points below some path then it is +against our interest to follow symlinks. Hence don't. + +(cherry picked from commit 827ea5212507c3833b6ae14cdf65e446b36b5e05) + +Related: #1885143 +--- + src/basic/mount-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index 2cf98eaa84..be26bb5ec1 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -346,8 +346,8 @@ int umount_recursive(const char *prefix, int flags) { + if (!path_startswith(path, prefix)) + continue; + +- if (umount2(path, flags) < 0) { +- r = log_debug_errno(errno, "Failed to umount %s: %m", path); ++ if (umount2(path, flags | UMOUNT_NOFOLLOW) < 0) { ++ log_debug_errno(errno, "Failed to umount %s: %m", path); + continue; + } + diff --git a/SOURCES/0588-test-install-root-create-referenced-targets.patch b/SOURCES/0588-test-install-root-create-referenced-targets.patch new file mode 100644 index 0000000..7ac367e --- /dev/null +++ b/SOURCES/0588-test-install-root-create-referenced-targets.patch @@ -0,0 +1,29 @@ +From 55cde82204724df756a198da691471f2f3f83d5a Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 31 Mar 2021 10:08:31 +0200 +Subject: [PATCH] test-install-root: create referenced targets + +(cherry picked from commit cd228002ccedb927b4531a4b7dd9ea7015fdb657) + +Related: #1835351 +--- + src/test/test-install-root.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index fe1ca5b16f..f8b41b04db 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -1061,6 +1061,12 @@ int main(int argc, char *argv[]) { + p = strjoina(root, "/usr/lib/systemd/system-preset/"); + assert_se(mkdir_p(p, 0755) >= 0); + ++ p = strjoina(root, "/usr/lib/systemd/system/multi-user.target"); ++ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0); ++ ++ p = strjoina(root, "/usr/lib/systemd/system/graphical.target"); ++ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0); ++ + test_basic_mask_and_enable(root); + test_linked_units(root); + test_default(root); diff --git a/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch b/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch new file mode 100644 index 0000000..88f445c --- /dev/null +++ b/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch @@ -0,0 +1,113 @@ +From dfb4e03e0865d189a5c171072d6d7b31f49e1088 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Wed, 3 Jun 2020 10:33:21 +0200 +Subject: [PATCH] install: warn if WantedBy targets don't exist + +Currently, if [Install] section contains WantedBy=target that doesn't exist, +systemd creates the symlinks anyway. That is just user-unfriendly. +Let's be nice and warn about installing non-existent targets. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1835351. + +Replaces: #15834 +(cherry picked from commit 8ae27441c2dcf585f58242991302b09778d4d710) + +Resolves: #1835351 +--- + src/shared/install.c | 25 ++++++++++++++++++------- + src/shared/install.h | 1 + + 2 files changed, 19 insertions(+), 7 deletions(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index c9fef6bde2..055b09f98c 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -362,6 +362,11 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang + log_info("Unit %s is an alias to a unit that is not present, ignoring.", + changes[i].path); + break; ++ case UNIT_FILE_DESTINATION_NOT_PRESENT: ++ if (!quiet) ++ log_warning("Unit %s is added as a dependency to a non-existent unit %s.", ++ changes[i].source, changes[i].path); ++ break; + case -EEXIST: + if (changes[i].source) + log_error_errno(changes[i].type, +@@ -1730,6 +1735,7 @@ static int install_info_symlink_alias( + } + + static int install_info_symlink_wants( ++ UnitFileScope scope, + UnitFileInstallInfo *i, + const LookupPaths *paths, + const char *config_path, +@@ -1795,6 +1801,9 @@ static int install_info_symlink_wants( + q = create_symlink(paths, i->path, path, true, changes, n_changes); + if (r == 0) + r = q; ++ ++ if (unit_file_exists(scope, paths, dst) == 0) ++ unit_file_changes_add(changes, n_changes, UNIT_FILE_DESTINATION_NOT_PRESENT, dst, i->path); + } + + return r; +@@ -1830,6 +1839,7 @@ static int install_info_symlink_link( + } + + static int install_info_apply( ++ UnitFileScope scope, + UnitFileInstallInfo *i, + const LookupPaths *paths, + const char *config_path, +@@ -1848,11 +1858,11 @@ static int install_info_apply( + + r = install_info_symlink_alias(i, paths, config_path, force, changes, n_changes); + +- q = install_info_symlink_wants(i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes); ++ q = install_info_symlink_wants(scope, i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes); + if (r == 0) + r = q; + +- q = install_info_symlink_wants(i, paths, config_path, i->required_by, ".requires/", changes, n_changes); ++ q = install_info_symlink_wants(scope, i, paths, config_path, i->required_by, ".requires/", changes, n_changes); + if (r == 0) + r = q; + +@@ -1916,7 +1926,7 @@ static int install_context_apply( + if (i->type != UNIT_FILE_TYPE_REGULAR) + continue; + +- q = install_info_apply(i, paths, config_path, force, changes, n_changes); ++ q = install_info_apply(scope, i, paths, config_path, force, changes, n_changes); + if (r >= 0) { + if (q < 0) + r = q; +@@ -3324,10 +3334,11 @@ static const char* const unit_file_state_table[_UNIT_FILE_STATE_MAX] = { + DEFINE_STRING_TABLE_LOOKUP(unit_file_state, UnitFileState); + + static const char* const unit_file_change_type_table[_UNIT_FILE_CHANGE_TYPE_MAX] = { +- [UNIT_FILE_SYMLINK] = "symlink", +- [UNIT_FILE_UNLINK] = "unlink", +- [UNIT_FILE_IS_MASKED] = "masked", +- [UNIT_FILE_IS_DANGLING] = "dangling", ++ [UNIT_FILE_SYMLINK] = "symlink", ++ [UNIT_FILE_UNLINK] = "unlink", ++ [UNIT_FILE_IS_MASKED] = "masked", ++ [UNIT_FILE_IS_DANGLING] = "dangling", ++ [UNIT_FILE_DESTINATION_NOT_PRESENT] = "destination not present", + }; + + DEFINE_STRING_TABLE_LOOKUP(unit_file_change_type, UnitFileChangeType); +diff --git a/src/shared/install.h b/src/shared/install.h +index e452940991..f07bebb415 100644 +--- a/src/shared/install.h ++++ b/src/shared/install.h +@@ -57,6 +57,7 @@ enum UnitFileChangeType { + UNIT_FILE_UNLINK, + UNIT_FILE_IS_MASKED, + UNIT_FILE_IS_DANGLING, ++ UNIT_FILE_DESTINATION_NOT_PRESENT, + _UNIT_FILE_CHANGE_TYPE_MAX, + _UNIT_FILE_CHANGE_TYPE_INVALID = INT_MIN + }; diff --git a/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch b/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch new file mode 100644 index 0000000..10b11cc --- /dev/null +++ b/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch @@ -0,0 +1,56 @@ +From 430445a936cdb4c32c55affdfdd94b7eb910d5e6 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Wed, 31 Mar 2021 10:38:00 +0200 +Subject: [PATCH] test-install-root: add test for unknown WantedBy= target + +(cherry picked from commit 8adbad370f522831dd9246fe272caf37ce748d4a) + +Related: #1835351 +--- + src/test/test-install-root.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c +index f8b41b04db..73e1e0ae03 100644 +--- a/src/test/test-install-root.c ++++ b/src/test/test-install-root.c +@@ -20,6 +20,7 @@ static void test_basic_mask_and_enable(const char *root) { + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", NULL) == -ENOENT); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", NULL) == -ENOENT); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", NULL) == -ENOENT); ++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) == -ENOENT); + + p = strjoina(root, "/usr/lib/systemd/system/a.service"); + assert_se(write_string_file(p, +@@ -147,6 +148,31 @@ static void test_basic_mask_and_enable(const char *root) { + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_ENABLED); ++ ++ /* Test enabling with unknown dependency target */ ++ ++ p = strjoina(root, "/usr/lib/systemd/system/f.service"); ++ assert_se(write_string_file(p, ++ "[Install]\n" ++ "WantedBy=x.target\n", WRITE_STRING_FILE_CREATE) >= 0); ++ ++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) >= 0); ++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_DISABLED); ++ ++ assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("f.service"), &changes, &n_changes) == 1); ++ assert_se(n_changes == 2); ++ assert_se(changes[0].type == UNIT_FILE_SYMLINK); ++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/f.service")); ++ p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/x.target.wants/f.service"); ++ assert_se(streq(changes[0].path, p)); ++ assert_se(changes[1].type == UNIT_FILE_DESTINATION_NOT_PRESENT); ++ p = strjoina(root, "/usr/lib/systemd/system/f.service"); ++ assert_se(streq(changes[1].source, p)); ++ assert_se(streq(changes[1].path, "x.target")); ++ unit_file_changes_free(changes, n_changes); ++ changes = NULL; n_changes = 0; ++ ++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + } + + static void test_linked_units(const char *root) { diff --git a/SOURCES/0591-ceph-is-a-network-filesystem.patch b/SOURCES/0591-ceph-is-a-network-filesystem.patch new file mode 100644 index 0000000..78f408c --- /dev/null +++ b/SOURCES/0591-ceph-is-a-network-filesystem.patch @@ -0,0 +1,24 @@ +From d284fd2b036ed874f9f38da63f1ab4e9fd9e96a3 Mon Sep 17 00:00:00 2001 +From: Jonas Jelten +Date: Thu, 17 Oct 2019 12:10:13 +0200 +Subject: [PATCH] ceph is a network filesystem + +(cherry picked from commit c4742de6d801b125abf3c4d1c710280f51d7c701) + +Resolves: #1952013 +--- + src/basic/mount-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index be26bb5ec1..45348bf878 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -608,6 +608,7 @@ bool fstype_is_network(const char *fstype) { + + return STR_IN_SET(fstype, + "afs", ++ "ceph", + "cifs", + "smb3", + "smbfs", diff --git a/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch b/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch new file mode 100644 index 0000000..a3b7073 --- /dev/null +++ b/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch @@ -0,0 +1,49 @@ +From 8bdc512d2651b4600f7e744b06633a7524b64346 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 12 Oct 2020 16:31:42 +0200 +Subject: [PATCH] sysctl: set kernel.core_pipe_limit=16 + +We need to make sure that our coredump pattern handler manages to read +process metadata from /proc/$PID/ before the kernel reaps the crashed +process. By default the kernel will reap the process as soon as it can. +By setting kernel.core_pipe_limit to a non-zero the kernel will wait for +userspace to finish before reaping. + +We'll set the value to 16, which allows 16 crashes to be +processed in parallel. This matches the MaxConnections= setting in +systemd-coredump.socket. + +See: #17301 + +(This doesn't close 17301, since we probably should also gracefully +handle if /proc/$PID/ vanished already while our coredump handler runs, +just in case people loclly set the sysctl back to zero. i.e. we should +collect what we can and rather issue an incomplete log record than +none.) + +(cherry picked from commit 2a9b9323cd844baae3229e9dba67e478bee70654) + +Resolves: #1949729 +--- + sysctl.d/50-coredump.conf.in | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in +index ccd5c2cc56..8d6fbb718c 100644 +--- a/sysctl.d/50-coredump.conf.in ++++ b/sysctl.d/50-coredump.conf.in +@@ -10,3 +10,14 @@ + # setting below. + + kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e ++ ++# Allow that 16 coredumps are dispatched in parallel by the kernel. We want to ++# be able to collect process metadata from /proc/%P/ while processing ++# coredumps, and thus need to make sure the crashed processes are not reaped ++# until we finished collecting what we need. The kernel default for this sysctl ++# is "0" which means the kernel doesn't wait for userspace processes to finish ++# processing before reaping the crashed processes — by setting this higher the ++# kernel will delay reaping until we are done, but only for the specified ++# number of crashes in parallel. The value of 16 is chosen to match ++# systemd-coredump.socket's MaxConnections= value. ++kernel.core_pipe_limit=16 diff --git a/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch b/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch new file mode 100644 index 0000000..d9774a8 --- /dev/null +++ b/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch @@ -0,0 +1,116 @@ +From 73bf41a783edbff1b367e645956ed602de1889e2 Mon Sep 17 00:00:00 2001 +From: Insun +Date: Sun, 28 Oct 2018 21:26:13 +0900 +Subject: [PATCH] core: don't drop timer expired but not yet processed when + system date is changed + +There is difference between time set by the user and real elapsed time because of accuracy feature. +If you change the system date(or time) between these times, the timer drops. + +You can easily reproduce it with the following command. +----------------------------------------------------------- +$ systemd-run --on-active=3s ls; sleep 3; date -s "`date`" +----------------------------------------------------------- + +In the following command, the problem is rarely reproduced. But it exists. +--------------------------------------------------------------------------------------------- +$ systemd-run --on-active=3s --timer-property=AccuracySec=1us ls ; sleep 1; date -s "`date`" +--------------------------------------------------------------------------------------------- + +Note : Global AccuracySec value. +---------------------------------------------------------------------- +$ cat /etc/systemd/system.conf +DefaultTimerAccuracySec=1min +---------------------------------------------------------------------- + +(cherry picked from commit fee04d7f3ab810e99b97535ca5fda2f9517acda9) + +Related: #1899402 +--- + src/core/timer.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index 281ac7f97f..ef240a6f19 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) { + unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0); + } + +-static void timer_enter_waiting(Timer *t, bool initial); ++static void timer_enter_waiting(Timer *t, bool initial, bool time_change); + + static int timer_coldplug(Unit *u) { + Timer *t = TIMER(u); +@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) { + return 0; + + if (t->deserialized_state == TIMER_WAITING) +- timer_enter_waiting(t, false); ++ timer_enter_waiting(t, false, false); + else + timer_set_state(t, t->deserialized_state); + +@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) { + log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0)); + } + +-static void timer_enter_waiting(Timer *t, bool initial) { ++static void timer_enter_waiting(Timer *t, bool initial, bool time_change) { + bool found_monotonic = false, found_realtime = false; + bool leave_around = false; + triple_timestamp ts; +@@ -444,7 +444,7 @@ static void timer_enter_waiting(Timer *t, bool initial) { + + v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value); + +- if (!initial && ++ if (!initial && !time_change && + v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) && + IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) { + /* This is a one time trigger, disable it now */ +@@ -642,7 +642,7 @@ static int timer_start(Unit *u) { + } + + t->result = TIMER_SUCCESS; +- timer_enter_waiting(t, true); ++ timer_enter_waiting(t, true, false); + return 1; + } + +@@ -764,14 +764,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) { + case TIMER_ELAPSED: + + /* Recalculate sleep time */ +- timer_enter_waiting(t, false); ++ timer_enter_waiting(t, false, false); + break; + + case TIMER_RUNNING: + + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { + log_unit_debug(UNIT(t), "Got notified about unit deactivation."); +- timer_enter_waiting(t, false); ++ timer_enter_waiting(t, false, false); + } + break; + +@@ -813,7 +813,7 @@ static void timer_time_change(Unit *u) { + t->last_trigger.realtime = ts; + + log_unit_debug(u, "Time change, recalculating next elapse."); +- timer_enter_waiting(t, false); ++ timer_enter_waiting(t, false, true); + } + + static void timer_timezone_change(Unit *u) { +@@ -825,7 +825,7 @@ static void timer_timezone_change(Unit *u) { + return; + + log_unit_debug(u, "Timezone change, recalculating next elapse."); +- timer_enter_waiting(t, false); ++ timer_enter_waiting(t, false, false); + } + + static const char* const timer_base_table[_TIMER_BASE_MAX] = { diff --git a/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch b/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch new file mode 100644 index 0000000..4334cb5 --- /dev/null +++ b/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch @@ -0,0 +1,152 @@ +From 3d4280d0a487109f8f648147083baf573e4418a3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Fri, 2 Nov 2018 20:56:08 +0100 +Subject: [PATCH] core: Detect initial timer state from serialized data + +We keep a mark whether a single-shot timer was triggered in the caller's +variable initial. When such a timer elapses while we are +serializing/deserializing the inner state, we consider the timer +incorrectly as elapsed and don't trigger it later. + +This patch exploits last_trigger timestamp that we already serialize, +hence we can eliminate the argument initial completely. + +A reproducer for OnBootSec= timers: + cat >repro.c < + #include + #include + #include + #include + #include + #include + #include + + int main(int argc, char *argv[]) { + char command[1024]; + int pause; + + struct timespec now; + + while (1) { + usleep(rand() % 200000); // prevent periodic repeats + clock_gettime(CLOCK_MONOTONIC, &now); + printf("%i\n", now.tv_sec); + + system("rm -f $PWD/mark"); + snprintf(command, 1024, "systemd-run --user --on-boot=%i --timer-property=AccuracySec=100ms " + "touch $PWD/mark", now.tv_sec + 1); + system(command); + system("systemctl --user list-timers"); + pause = (1000000000 - now.tv_nsec)/1000 - 70000; // fiddle to hit the middle of reloading + usleep(pause > 0 ? pause : 0); + system("systemctl --user daemon-reload"); + sync(); + sleep(2); + if (open("./mark", 0) < 0) + if (errno == ENOENT) { + printf("mark file does not exist\n"); + break; + } + } + + return 0; + } + EOD + +(cherry picked from commit aa1f95d2647197eca84c33a0f10adaeada08467d) + +Resolves: #1899402 +--- + src/core/timer.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index ef240a6f19..1718ffc5a5 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) { + unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0); + } + +-static void timer_enter_waiting(Timer *t, bool initial, bool time_change); ++static void timer_enter_waiting(Timer *t, bool time_change); + + static int timer_coldplug(Unit *u) { + Timer *t = TIMER(u); +@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) { + return 0; + + if (t->deserialized_state == TIMER_WAITING) +- timer_enter_waiting(t, false, false); ++ timer_enter_waiting(t, false); + else + timer_set_state(t, t->deserialized_state); + +@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) { + log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0)); + } + +-static void timer_enter_waiting(Timer *t, bool initial, bool time_change) { ++static void timer_enter_waiting(Timer *t, bool time_change) { + bool found_monotonic = false, found_realtime = false; + bool leave_around = false; + triple_timestamp ts; +@@ -444,7 +444,8 @@ static void timer_enter_waiting(Timer *t, bool initial, bool time_change) { + + v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value); + +- if (!initial && !time_change && ++ if (dual_timestamp_is_set(&t->last_trigger) && ++ !time_change && + v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) && + IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) { + /* This is a one time trigger, disable it now */ +@@ -642,7 +643,7 @@ static int timer_start(Unit *u) { + } + + t->result = TIMER_SUCCESS; +- timer_enter_waiting(t, true, false); ++ timer_enter_waiting(t, false); + return 1; + } + +@@ -764,14 +765,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) { + case TIMER_ELAPSED: + + /* Recalculate sleep time */ +- timer_enter_waiting(t, false, false); ++ timer_enter_waiting(t, false); + break; + + case TIMER_RUNNING: + + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { + log_unit_debug(UNIT(t), "Got notified about unit deactivation."); +- timer_enter_waiting(t, false, false); ++ timer_enter_waiting(t, false); + } + break; + +@@ -813,7 +814,7 @@ static void timer_time_change(Unit *u) { + t->last_trigger.realtime = ts; + + log_unit_debug(u, "Time change, recalculating next elapse."); +- timer_enter_waiting(t, false, true); ++ timer_enter_waiting(t, true); + } + + static void timer_timezone_change(Unit *u) { +@@ -825,7 +826,7 @@ static void timer_timezone_change(Unit *u) { + return; + + log_unit_debug(u, "Timezone change, recalculating next elapse."); +- timer_enter_waiting(t, false, false); ++ timer_enter_waiting(t, false); + } + + static const char* const timer_base_table[_TIMER_BASE_MAX] = { diff --git a/SOURCES/0595-rc-local-order-after-network-online.target.patch b/SOURCES/0595-rc-local-order-after-network-online.target.patch new file mode 100644 index 0000000..438bb50 --- /dev/null +++ b/SOURCES/0595-rc-local-order-after-network-online.target.patch @@ -0,0 +1,29 @@ +From 8cd99937562cde7533519303a7a0ad1df749e075 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 11 Mar 2021 15:48:23 +0100 +Subject: [PATCH] rc-local: order after network-online.target + +I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf, +just network-online.target didn't exist back then. + +RHEL-only + +Resolves: #1934028 +--- + units/rc-local.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/rc-local.service.in b/units/rc-local.service.in +index 78ce69e0ae..74e83d8c07 100644 +--- a/units/rc-local.service.in ++++ b/units/rc-local.service.in +@@ -13,7 +13,8 @@ + Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility + Documentation=man:systemd-rc-local-generator(8) + ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@ +-After=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + Type=forking diff --git a/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch new file mode 100644 index 0000000..147d4eb --- /dev/null +++ b/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch @@ -0,0 +1,25 @@ +From 830bd662276ee117e65a4b3d541f77e8b172eafd Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 25 Jan 2021 16:19:56 +0100 +Subject: [PATCH] set core ulimit to 0 like on RHEL-7 + +RHEL-only + +Resolves: #1905582 +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 0d93fbf147..b4d6dfa15a 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -52,7 +52,7 @@ + #DefaultLimitFSIZE= + #DefaultLimitDATA= + #DefaultLimitSTACK= +-#DefaultLimitCORE= ++DefaultLimitCORE=0 + #DefaultLimitRSS= + #DefaultLimitNOFILE= + #DefaultLimitAS= diff --git a/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch new file mode 100644 index 0000000..216c7d1 --- /dev/null +++ b/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch @@ -0,0 +1,129 @@ +From 4ad39b0531f550cde6e01df0801f177c08514c8b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 14 Sep 2020 17:58:03 +0200 +Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id() + +https://bugzilla.redhat.com/show_bug.cgi?id=1803070 + +I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different +than the one we get from /proc/self/fdinfo/. This only matters when both statx and +name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo: + +(gdb) !uname -r +5.6.19-200.fc31.ppc64le + +(gdb) !cat /proc/self/mountinfo +697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota +700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <========================================================== +701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel +702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw +703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755 +704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel +705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666 +706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755 +720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755 +722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel +725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw +613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel +614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate +615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 +617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755 + +The test process does +name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then +openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then +read(open("/proc/self/fdinfo/4", ...)) which gives +"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n" + +and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo. + +We could either drop the fallback path (and fail name_to_handle_at() is not +avaliable) or ignore the error in the test. Not sure what is better. I think +this issue only occurs sometimes and with older kernels, so probably continuing +with the current flaky implementation is better than ripping out the fallback. + +Another strace: +writev(2, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603 +) = 28 +name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0 +writev(2, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697 +) = 20 +name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0 +writev(2, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605 +) = 30 +name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0 +writev(2, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703 +) = 23 +name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported) +openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4 +openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +fstat(5, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 +read(5, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36 +read(5, "", 1024) = 0 +close(5) = 0 +close(4) = 0 +writev(2, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725 +) = 42 +writev(2, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc +) = 39 +writev(2, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting. +) = 109 +rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 +rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 +getpid() = 20 +gettid() = 20 +tgkill(20, 20, SIGABRT) = 0 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 + +Resolves: #1910425 +--- + src/test/test-mount-util.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-mount-util.c b/src/test/test-mount-util.c +index c10e1681fb..991d165fc3 100644 +--- a/src/test/test-mount-util.c ++++ b/src/test/test-mount-util.c +@@ -74,7 +74,13 @@ static void test_mnt_id(void) { + + /* The ids don't match? If so, then there are two mounts on the same path, let's check if that's really + * the case */ +- assert_se(path_equal_ptr(hashmap_get(h, INT_TO_PTR(mnt_id2)), p)); ++ char *t = hashmap_get(h, INT_TO_PTR(mnt_id2)); ++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t); ++ ++ if (!path_equal(p, t)) ++ /* Apparent kernel bug in /proc/self/fdinfo */ ++ log_warning("Bad mount id given for %s: %d, should be %d", ++ p, mnt_id2, mnt_id); + } + + hashmap_free_free(h); diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd index 04abfd1..90906e3 100644 --- a/SOURCES/triggers.systemd +++ b/SOURCES/triggers.systemd @@ -105,5 +105,7 @@ fi # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d /run/systemd/system; then - /usr/lib/systemd/systemd-binfmt + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : fi diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index b9879ee..44ae8e9 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 45%{?dist}.1 +Release: 48%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -616,6 +616,37 @@ Patch0563: 0563-pam-systemd-use-secure_getenv-rather-than-getenv.patch Patch0564: 0564-Revert-udev-run-link_update-with-increased-retry-cou.patch Patch0565: 0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch Patch0566: 0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch +Patch0567: 0567-cgroup-Also-set-io.bfq.weight.patch +Patch0568: 0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch +Patch0569: 0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch +Patch0570: 0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch +Patch0571: 0571-core-Hide-Deactivated-successfully-message.patch +Patch0572: 0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch +Patch0573: 0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch +Patch0574: 0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch +Patch0575: 0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch +Patch0576: 0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch +Patch0577: 0577-units-order-user-runtime-dir-.service-after-systemd-.patch +Patch0578: 0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch +Patch0579: 0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch +Patch0580: 0580-shared-install-Preserve-escape-characters-for-escape.patch +Patch0581: 0581-basic-virt-Detect-PowerVM-hypervisor.patch +Patch0582: 0582-man-document-differences-in-clean-exit-status-for-Ty.patch +Patch0583: 0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch +Patch0584: 0584-basic-cap-list-parse-print-numerical-capabilities.patch +Patch0585: 0585-shared-mount-util-convert-to-libmount.patch +Patch0586: 0586-mount-util-bind_remount-avoid-calling-statvfs.patch +Patch0587: 0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch +Patch0588: 0588-test-install-root-create-referenced-targets.patch +Patch0589: 0589-install-warn-if-WantedBy-targets-don-t-exist.patch +Patch0590: 0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch +Patch0591: 0591-ceph-is-a-network-filesystem.patch +Patch0592: 0592-sysctl-set-kernel.core_pipe_limit-16.patch +Patch0593: 0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch +Patch0594: 0594-core-Detect-initial-timer-state-from-serialized-data.patch +Patch0595: 0595-rc-local-order-after-network-online.target.patch +Patch0596: 0596-set-core-ulimit-to-0-like-on-RHEL-7.patch +Patch0597: 0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch %ifarch %{ix86} x86_64 aarch64 @@ -648,7 +679,6 @@ BuildRequires: libgpg-error-devel BuildRequires: gnutls-devel BuildRequires: libmicrohttpd-devel BuildRequires: libxkbcommon-devel -BuildRequires: iptables-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl BuildRequires: pkgconfig @@ -670,6 +700,8 @@ Requires(post): coreutils Requires(post): sed Requires(post): acl Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs Requires(pre): coreutils Requires(pre): /usr/bin/getent Requires(pre): /usr/sbin/groupadd @@ -856,7 +888,7 @@ CONFIGURE_OPTS=( -Dgnutls=true -Dmicrohttpd=true -Dlibidn2=true - -Dlibiptc=true + -Dlibiptc=false -Dlibcurl=true -Defi=true -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false} @@ -1076,16 +1108,14 @@ if [ -e /etc/fstab ]; then sed -i.rpm.bak -r '/^devpts\s+\/dev\/pts\s+devpts\s+defaults\s+/d; /^tmpfs\s+\/dev\/shm\s+tmpfs\s+defaults\s+/d; /^sysfs\s+\/sys\s+sysfs\s+defaults\s+/d; /^proc\s+\/proc\s+proc\s+defaults\s+/d' /etc/fstab || : fi -# Services we install by default, and which are controlled by presets. +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1647172 +# RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1783263 if [ $1 -eq 1 ] ; then - systemctl preset --quiet \ - remote-fs.target \ - getty@.service \ - serial-getty@.service \ - console-getty.service \ - debug-shell.service \ - systemd-resolved.service \ - >/dev/null || : + systemctl preset-all &>/dev/null || : fi # remove obsolete systemd-readahead file @@ -1244,32 +1274,71 @@ fi %files tests -f .file-list-tests %changelog -* Tue May 25 2021 systemd maintenance team - 239-45.1 -- Revert "udev: run link_update() with increased retry count in second invocation" (#1963980) -- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1963980) -- test/udev-test.pl: drop test cases that add mutliple devices (#1963980) +* Thu Jun 24 2021 systemd maintenance team - 239-48 +- cgroup: Also set io.bfq.weight (#1927290) +- seccomp: allow turning off of seccomp filtering via env var (#1916835) +- meson: remove strange dep that causes meson to enter infinite loop (#1970860) +- copy: handle copy_file_range() weirdness on procfs/sysfs (#1970860) +- core: Hide "Deactivated successfully" message (#1954802) +- util: rework in_initrd() to make use of path_is_temporary_fs() (#1959339) +- initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs (#1959339) +- initrd: do a debug log if failed to detect rootfs type (#1959339) +- initrd: do a debug log if /etc/initrd-release doesn't take effect (#1959339) +- units: assign user-runtime-dir@.service to user-%i.slice (#1946453) +- units: order user-runtime-dir@.service after systemd-user-sessions.service (#1946453) +- units: make sure user-runtime-dir@.service is Type=oneshot (#1946453) +- user-runtime-dir: downgrade a few log messages to LOG_DEBUG that we ignore (#1946453) +- shared/install: Preserve escape characters for escaped unit names (#1952686) +- basic/virt: Detect PowerVM hypervisor (#1937989) +- man: document differences in clean exit status for Type=oneshot (#1940078) +- busctl: add a timestamp to the output of the busctl monitor command (#1909214) +- basic/cap-list: parse/print numerical capabilities (#1946943) +- shared/mount-util: convert to libmount (#1885143) +- mount-util: bind_remount: avoid calling statvfs (#1885143) +- mount-util: use UMOUNT_NOFOLLOW in recursive umounter (#1885143) +- test-install-root: create referenced targets (#1835351) +- install: warn if WantedBy targets don't exist (#1835351) +- test-install-root: add test for unknown WantedBy= target (#1835351) +- ceph is a network filesystem (#1952013) +- sysctl: set kernel.core_pipe_limit=16 (#1949729) +- core: don't drop timer expired but not yet processed when system date is changed (#1899402) +- core: Detect initial timer state from serialized data (#1899402) +- rc-local: order after network-online.target (#1934028) +- set core ulimit to 0 like on RHEL-7 (#1905582) +- test-mountpointutil-util: do not assert in test_mnt_id() (#1910425) + +* Fri Jun 04 2021 Jan Macku - 239-47 +- systemd-binfmt: Add safeguard in triggers (#1787144) +- spec: Requires(post) openssl-libs to fix missing /etc/machine-id (#1947438) +- spec: Go back to using systemctl preset-all in post (#1783263, #1647172, #1118740) +- spec: Disable libiptc support (#1817265) + +* Wed May 19 2021 systemd maintenance team - 239-46 +- Revert "udev: run link_update() with increased retry count in second invocation" (#1942299) +- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1942299) +- test/udev-test.pl: drop test cases that add mutliple devices (#1942299) * Thu Mar 11 2021 systemd maintenance team - 239-45 -- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1931947) -- test/sys-script.py: add missing DEVNAME entries to uevents (#1931947) -- sd-event: split out helper functions for reshuffling prioqs (#1819868) -- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1819868) -- sd-event: mention that two debug logged events are ignored (#1819868) -- sd-event: split clock data allocation out of sd_event_add_time() (#1819868) -- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1819868) -- sd-event: fix delays assert brain-o (#17790) (#1819868) -- sd-event: let's suffix last_run/last_log with "_usec" (#1819868) -- sd-event: refuse running default event loops in any other thread than the one they are default for (#1819868) -- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1819868) -- sd-event: follow coding style with naming return parameter (#1819868) -- sd-event: remove earliest_index/latest_index into common part of event source objects (#1819868) -- sd-event: update state at the end in event_source_enable (#1819868) -- sd-event: increase n_enabled_child_sources just once (#1819868) -- sd-event: add ability to ratelimit event sources (#1819868) -- test: add ratelimiting test (#1819868) -- core: prevent excessive /proc/self/mountinfo parsing (#1819868) -- udev: run link_update() with increased retry count in second invocation (#1931947) -- pam-systemd: use secure_getenv() rather than getenv() (#1687514) +- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1935124) +- test/sys-script.py: add missing DEVNAME entries to uevents (#1935124) +- sd-event: split out helper functions for reshuffling prioqs (#1937315) +- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1937315) +- sd-event: mention that two debug logged events are ignored (#1937315) +- sd-event: split clock data allocation out of sd_event_add_time() (#1937315) +- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1937315) +- sd-event: fix delays assert brain-o (#17790) (#1937315) +- sd-event: let's suffix last_run/last_log with "_usec" (#1937315) +- sd-event: refuse running default event loops in any other thread than the one they are default for (#1937315) +- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1937315) +- sd-event: follow coding style with naming return parameter (#1937315) +- sd-event: remove earliest_index/latest_index into common part of event source objects (#1937315) +- sd-event: update state at the end in event_source_enable (#1937315) +- sd-event: increase n_enabled_child_sources just once (#1937315) +- sd-event: add ability to ratelimit event sources (#1937315) +- test: add ratelimiting test (#1937315) +- core: prevent excessive /proc/self/mountinfo parsing (#1937315) +- udev: run link_update() with increased retry count in second invocation (#1935124) +- pam-systemd: use secure_getenv() rather than getenv() (#1936866) * Thu Jan 28 2021 systemd maintenance team - 239-44 - ci: PowerTools repo was renamed to powertools in RHEL 8.3 (#1871827)