IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Many syscalls added and all fit nicely into existing groups, hence lets
add them there.
(cherry picked from commit 9e48626571)
(cherry picked from commit 51ea58a04b)
Note: this doesn't do much without an updated libseccomp (>= 2.4.2 ?).
This makes changes similar to the parent commit, but for hibernate-resume-generator.
If resume= is specified on the kernel command line, we'll set JobRunningTimeoutSec=0
for the device. This matches what we do for the root device.
In practice, other timeouts will take effect. For example dracut tries (and
fails :[ ) to start dracut-emergency.service after some time.
Fixes#7242, https://bugzilla.redhat.com/show_bug.cgi?id=1705522.
(cherry picked from commit ff757c9d29)
(cherry picked from commit bb598b56eb)
(cherry picked from commit 1a5428c2ab)
Fixes#7242
Sets the systemd device timeout for the resume device to the same as
the root device. This prevents systemd-hibernate-resume@.service from
silently timing out and booting into a fresh session instead of the
saved hibernation state when the user is using luks, has set
rootflags=x-systemd.device-timeout=X to longer than the default timeout,
and the luks password is entered after the default timeout.
(cherry picked from commit 70e843fe92)
6f177c7dc0 caused key file errors to immediately fail, which would make it hard to correct an issue due to e.g. a crypttab typo or a damaged key file.
Closes#11723.
(cherry picked from commit c20db38875)
I see we log this during every boot, even though it is a routine expected event:
Nov 12 14:50:01 krowka systemd[1]: systemd-journald.service: Service has no hold-off time (RestartSec=0), scheduling restart.
(and for other services too). Let's downgrade this to debug level.
https://bugzilla.redhat.com/show_bug.cgi?id=1614871
(cherry picked from commit 868f7d36cc)
(cherry picked from commit fdffd284b6)
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
(cherry picked from commit 6374862615)
(cherry picked from commit e2d4cb9843)
(cherry picked from commit fb21e13e8e)
When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.
This might have other uses too, for example debugging.
(cherry picked from commit 1068447e69)
zjs: patch modified to not make the function public
(cherry picked from commit 83bfc0d8dd)
(cherry picked from commit 2e504c92d1)
When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.
(cherry picked from commit 7f56982289)
(cherry picked from commit 0697d0d972)
(cherry picked from commit 54791aff01)
It's enough, complex stuff to warrant its own source file.
No other changes, just splitting out.
(cherry picked from commit 269e4d2d6b)
(cherry picked from commit 0a19ff7004)
(cherry picked from commit 31a1d569db)
Since libcap v2.29 the format of cap_to_text() has been changed which
makes certain `test-execute` subtest fail. Let's remove the offending
part of the output (dropped capabilities) to make it compatible with
both the old and the new libcap.
(cherry picked from commit 9569e38503)
(cherry picked from commit 1325dfb577)
(cherry picked from commit 560eb5babf)
Fixes systemd build in Fedora rawhide.
The old ldsdir option is not useful, because both the directory and the
file name changed. Let's remove the option and try to autodetect the file
name. If this turns out to be not enough, a new option to simply specify
the full path to the file can be added.
F31:
efi arch: x86_64
EFI machine type: x64
EFI CC ccache cc
EFI lds: /usr/lib64/gnuefi/elf_x64_efi.lds
EFI crt0: /usr/lib64/gnuefi/crt0-efi-x64.o
EFI include directory: /usr/include/efi
F32:
efi arch: x86_64
EFI machine type: x64
EFI CC ccache cc
EFI lds: /usr/lib/gnuefi/x64/efi.lds
EFI crt0: /usr/lib/gnuefi/x64/crt0.o
EFI include directory: /usr/include/efi
(cherry picked from commit ce4121c6ff)
(cherry picked from commit 3538fafb47)
(cherry picked from commit 275b266bde)
Officially we default to a "enable *", even though pretty much everybody
overrides this with "disable *". We have a bunch of targets and services which
should not be enabled by default. In case the default policy is not overriden,
our passive units would be enabled by presets, which is generally not useful at
all. So let's explicitly mark them as disabled.
Note that this effectively changes very little. E.g. on Fedora, all the units
listed in this patch were "disabled" already.
Fixes#14648.
(cherry picked from commit 61c3e2c8bf)
(cherry picked from commit 3034855a5b)
(cherry picked from commit 9239154545)
We use those strings as hash keys. While writing "a...b" looks strange,
"a///b" does not look so strange. Both syntaxes would actually result in the
value being correctly written to the file, but they would confuse our
de-deplication over keys. So let's normalize. Output also becomes nicer.
Add test.
(cherry picked from commit f3b136a484)
(cherry picked from commit c2e3046819)
(cherry picked from commit a827c41851)
```
ninja -C build
ninja: Entering directory `build'
[29/101] Generating systemd_boot.so with a custom command.
FAILED: src/boot/efi/systemd_boot.so
/usr/bin/ld -o src/boot/efi/systemd_boot.so -T /usr/lib64/gnuefi/elf_x64_efi.lds -shared -Bsymbolic -nostdlib -znocombreloc -L /usr/lib64 /usr/lib64/gnuefi/crt0-efi-x64.o src/boot/efi/disk.c.o src/boot/efi/graphics.c.o src/boot/efi/measure.c.o src/boot/efi/pe.c.o src/boot/efi/util.c.o src/boot/efi/boot.c.o src/boot/efi/console.c.o src/boot/efi/crc32.c.o src/boot/efi/random-seed.c.o src/boot/efi/sha256.c.o src/boot/efi/shim.c.o -lefi -lgnuefi /usr/lib/gcc/x86_64-redhat-linux/10/libgcc.a
/usr/bin/ld: src/boot/efi/graphics.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/pe.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/util.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/boot.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/console.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/random-seed.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/shim.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
[31/101] Generating stub.c.o with a custom command.
ninja: build stopped: subcommand failed.
make: *** [Makefile:2: all] Error 1
```
(cherry picked from commit 8bdda551da)
(cherry picked from commit 80af3cf5e3)
(cherry picked from commit 7bbdc56aaf)
This is something people should know about, since it's caused by
misconfiguration.
Fixes: #13912
(cherry picked from commit ce96c9cb1a)
(cherry picked from commit fc053e2dfb)
(cherry picked from commit 6f9a8621d8)
I guess we can drop this now, the key is no longer valid until
2019-01-11, hence there's no point in still including it in our trust
anchor.
(cherry picked from commit f1f20764f9)
(cherry picked from commit af0e630693)
(cherry picked from commit 0637255d3b)
Otherwise we might access memory coming after it that is not valid or
allocated.
Fixes: #14114
(cherry picked from commit e0567bc8ad)
(cherry picked from commit ae59f1666c)
(cherry picked from commit 9a135baa40)
When probing partitions, we inherit important information from the parent
disk device such as ID_MODEL, and usage of such properties is seen to
be acceptable and well established.
However, we need to exclude filesystem information from the properties
that get inherited. Information about the device content should not be
passed on in this way.
For example, Linux distro install media commonly uses an ISO filesystem
plus a partition table. The ISO filesystem is detected on the main disk
device, but we should not pass down those details to the partitions,
some or all of which may be pointing at storage areas completely distinct
from the ISO filesystem.
This is particularly problematic when adding new partitions on media
set up in this way (since the new partitions are then reported to contain
the parent device's ISO filesystem), or when dealing with more unusual
hybrid ISO layouts. The inaccuracy of information here inversely affects
users of blkid and udev's persistent storage symlinks.
Exclude ID_FS_* properties from the inheritance chain to avoid these
problems.
Fixes: #14408
(cherry picked from commit 19212f2781)
(cherry picked from commit 377cc5d91e)
(cherry picked from commit 2b9ec8384c)
let's check VERSION instead of VERSION_ID where appropriate.
Fixes: #14493
(cherry picked from commit 4353974d75)
(cherry picked from commit 1faf5dde4d)
(cherry picked from commit 852ae28e68)
We were checking the uid, whereas we should have checked the gid
(cherry picked from commit 98cd752a28)
(cherry picked from commit 2c8ae283b0)
(cherry picked from commit 017fddd998)
We fucked up errno vs. r two times, let's correct that.
While we are at it, let's handle the error first, like we usually do,
and the clean case without indentation.
(cherry picked from commit 88287615e6)
(cherry picked from commit 6b48479f45)
(cherry picked from commit 9d5e3cb774)
Real syscall numbers start at 0. The fake seccomp values seem to be
strictly less than 0.
Fixes: 4df8fe8415
(cherry picked from commit fb4b0465ab)
(cherry picked from commit 70e8c1978a)
A follow-up for 59b657296a, adding the
same conditioning for all cases of our __NR_xyz use.
Fixes: #14031
(cherry picked from commit 4df8fe8415)
(cherry picked from commit a0a1977d9a)
building systemd fails with a compiler that supports
-fstack-protector but does not enable it by default.
(will miss several __stack_chk_* symbols).
fix this by also adding the switch during linking.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
(cherry picked from commit 68e70ac2b2)
(cherry picked from commit 6d97aca0d5)
(cherry picked from commit 397ec43f73)
mkdir -p is called both when setting up the autofs mount, as well
as after being notified that the real mount unit should be called.
However the first mkdir -p is hardcoded with 0555, while the second
uses the value specified to DirectoryMode in the automount unit; the
second mkdir -p is only needed when called from coldplug, so under
normal operation the dirs are incorrectly created with mode 0555.
This replaces the hardcoded 0555 mode with the value of DirectoryMode.
Closes#13683.
(cherry picked from commit 8084dcb9d7)
(cherry picked from commit f406a691a7)
(cherry picked from commit 2910a2aaa3)
Currently systemd will treat smb3 as local filesystem and cause
can't boot failures. Add smb3 to the list of remote filesystems
to fix this issue.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
(cherry picked from commit ff7d6a740b)
(cherry picked from commit 19a43dc38a)
(cherry picked from commit 2eec0b555c)
As documented in the man-page, readdir() may return a directory entry with
d_type == DT_UNKNOWN. This must be handled for regular filesystems.
dirent_ensure_type() is available to set d_type if necessary. Use it in
some more places.
Without this systemd will fail to boot correctly with nfsroot and some
other filesystems.
Closes#13609
(cherry picked from commit 28e68bb235)
(cherry picked from commit 5c0224c7bf)
(cherry picked from commit 3ec2317fc2)
On one of my test machines, test-path-util was failing because the
find_binary("xxxx-xxxx") was returning -EACCES instead of -ENOENT. This
happens because the PATH entry on that host contains a directory which
the user in question doesn't have access to. Typically applications
ignore permission errors when searching through PATH, for example in
bash:
$ whoami
cdown
$ PATH=/root:/bin type sh
sh is /bin/sh
This behaviour is present on zsh and other shells as well, though. This
patch brings our PATH search behaviour closer to other major Unix tools.
(cherry picked from commit 4e1ddb6612)
(cherry picked from commit 8282bc61df)
(cherry picked from commit c823ad15ef)
See https://bugzilla.redhat.com/show_bug.cgi?id=1731772:
when autofs4 is disabled in the kernel,
proc-sys-fs-binfmt_misc.automount is not started, so the binfmt_misc module is
never loaded. If we added a dependency on proc-sys-fs-binfmt_misc.mount
to systemd-binfmt.service, things would work even if autofs4 was disabled, but
we would unconditionally pull in the module and mount, which we don't want to do.
(Right now we ony load the module if some binfmt is configured.)
But let's make it easier to handle this case by doing two changes:
1. order systemd-binfmt.service after the .mount unit (so that the .service
can count on the mount if both units are pulled in, even if .automount
is skipped)
2. add [Install] section to the service unit. This way the user can do
'systemctl enable proc-sys-fs-binfmt_misc.mount' to get the appropriate behaviour.
(cherry picked from commit 508133917d)
(cherry picked from commit e151bf4674)
(cherry picked from commit 14f8449622)
The reference to the man page of `systemd-user-sessions.service`
in the comments of `tmpfiles.d/systemd-nologin.conf` is corrected.
(cherry picked from commit 7a72a95741)
(cherry picked from commit 2b8e574d82)
(cherry picked from commit 2f92999ef9)
Signed-off-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit abdc57dfe1)
(cherry picked from commit a0577353f1)
(cherry picked from commit 67a0bf97e3)
These were clearly intended to be "%m" to display the human readable version
of the error stored in errno.
(cherry picked from commit 28b77ab246)
(cherry picked from commit 693e983988)
(cherry picked from commit db640717ce)
After all, that is the expected state.
(cherry picked from commit 90b059b608)
(cherry picked from commit ea7151b8c4)
(cherry picked from commit 4402499842)