IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Let's not allow anyone to look into /root/ if we create it via the
base-filesystem logic. i.e. change 0755 → 0750 as default access mode
for /root/, in case we create it if it happens to be missing.
(cherry picked from commit 93cbc9ca12043a13a2a80087a00012e009216f13)
(cherry picked from commit 64be8d8a345424021d837e922679816595d4b9ee)
This current code checks the wrong directory. This was broken in
4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous
code incorrectly.
(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe)
(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb)
This new call can execute both of the old operations, but also do
generic fstatat() like behaviour.
(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d)
(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b)
This allows growfs to expand the filesystem even when the underlying
block device cannot be expanded. This has been useful for example on
LUKS devices that have already been expanded using systemd-repart.
This works around the following error:
```
root@mobian:/home/mobian# /usr/lib/systemd/systemd-growfs /
crypt_resize() of /dev/block/179:2 failed: Operation not permitted
```
(cherry picked from commit e9a28b8ccd3352da3e0a75a18fc1185e52476a80)
(cherry picked from commit 378e187ed49d28fed2adfb4848f89aa438854f28)
This causes systemd-growfs to exit before resizing the partition when
`--dry-run` is passed. Resizing during a dry run of a change breaks the
users expectations.
(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0)
(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678)
Also change the title to describe the module more comprehensively.
Follow-up for 90bc309aa2c1430941f4c50f73e681ab3e488bd3. Suggested
in https://bugzilla.redhat.com/show_bug.cgi?id=2085485#c5.
(cherry picked from commit 9e6df034128936895df2d6348eefce61317ebcc2)
(cherry picked from commit a4af8592c66900734d2561b2f6809baaefdbcce8)
Otherwise, sd-device object received through sd-device-monitor does not
show current tags.
Fixes#23799.
(cherry picked from commit 4bc4040bc0a57e8bdd811c53b0db7cd443315f33)
(cherry picked from commit 7f801023432bd4857e3d9633747f5640769c52fa)
In most cases, it is not necessary to call them without retrieving
result. But, most of other getter functions for sd-device can take NULL.
Let's follow the way for consistency.
(cherry picked from commit 793ab3e9dd733d743e1d3825a26ff65384ac3cbb)
(cherry picked from commit 925cff4a15022b3452eab289b8631675e0e755e8)
Newer binutils versions currently trigger the following warnings due to
a bug in gnu-efi
on arm64:
/usr/bin/ld.bfd: warning: src/boot/efi/systemd-bootaa64.elf has a LOAD segment with RWX permissions
on amd64:
/usr/bin/ld.bfd: warning: /usr/lib/crt0-efi-x86_64.o: missing .note.GNU-stack section implies executable stack
This results in a build failure due to --fatal-warnings.
Work around this issue by suppressing those warnings until gnu-efi has
been fixed.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013341
(cherry picked from commit b0e5bf0451a6bc94e6e7b2a1de668b75c63f38c8)
(cherry picked from commit 8a6f966be404897b5333c218701965ac3b5a0806)
dm-crypt device units generated by systemd-cryptsetup-generator
habe BindsTo= dependencies on their backend devices. The dm-crypt
devices have the db_persist flag set, and thus survive the udev db
cleanup while switching root. But backend devices usually don't survive.
These devices are neither mounted nor used for swap, thus they will
seen as DEVICE_NOT_FOUND after switching root.
The BindsTo dependency will cause systemd to schedule a stop
job for the dm-crypt device, breaking boot:
[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device.
[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace
[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343
Avoid this by not setting the state of the backend devices to
DEVICE_DEAD.
Fixes the LUKS setup issue reported in #23429.
(cherry picked from commit cf1ac0cfe44997747b0f857a1d0b67cea1298272)
(cherry picked from commit 4f86dd28499cf3f7338dc3368d18eccbb126b4a9)
Commit 70e74a5997 ("pstore: Run after modules are loaded") added After=
and Wants= entries for all known kernel modules providing a pstore.
While adding these dependencies on systems where one of the modules is
not present, or not configured, should not have a real affect on the
system, it can produce annoying error messages in the kernel log. E.g.
"mtd device must be supplied (device name is empty)" when the mtdpstore
module is not configured correctly.
Since dependencies cannot be removed with drop-ins, if a distro wants to
remove some of these modules from systemd-pstore.service, they need to
patch units/systemd-pstore.service.in. On the other hand, if they want
to append to the dependencies this can be done by shipping a drop-in.
Since the original intent of the previous commit was to fix [1], which
only requires the efi_pstore module, remove all other kernel module
dependencies from systemd-pstore.service, and let distros ship drop-ins
to add dependencies if needed.
[1] https://github.com/systemd/systemd/issues/18540
(cherry picked from commit 8b8bd621e1d16808678fc3afed257df1fa03a281)
The systemd-pstore service takes pstore files on boot and transfers them
to disk. It only does it once on boot and only if it finds any. The typical
location of the pstore on modern systems is the UEFI variable store.
Most distributions ship with CONFIG_EFI_VARS_PSTORE=m. That means, the
UEFI variable store is only available on boot after the respective module
is loaded.
In most situations, the pstore service gets loaded before the UEFI pstore,
so we don't get to transfer logs. Instead, they accumulate, filling up the
pstore over time, potentially breaking the UEFI variable store.
Let's add a service dependency on any kernel module that can provide a
pstore to ensure we only scan for pstate after we can actually see pstate.
I have seen live occurences of systems breaking because we did not erase
the pstates and ran out of UEFI nvram space.
Fixes https://github.com/systemd/systemd/issues/18540
(cherry picked from commit 70e74a5997ae2ce7ba72a74ac949c3b2dad1a1d6)
On switching root, a device may have a persistent databse. In that case,
Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not
necessary to downgrade the Device.deserialized_found and
Device.deserialized_state. Otherwise, the state of the device unit may
be changed plugged -> dead -> plugged, if the device has not been mounted.
Fixes#23429.
[mwilck: cherry-picked from #23437]
(cherry picked from commit 4fc69e8a0949c2537019466f839d9b7aee5628c9)
(cherry picked from commit 131206de786cd5c4d82d7a49ec1f6e562775022d)
The issue #12953 is caused by the following:
On switching root,
- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT,
- deserialized_state == DEVICE_PLUGGED,
- enumerated_found == DEVICE_FOUND_MOUNT,
On switching root, most devices are not found by the enumeration process.
Hence, the device state is set to plugged by device_coldplug(), and then
changed to the dead state in device_catchup(). So the corresponding
mount point is unmounted. Later when the device is processed by udevd, it
will be changed to plugged state again.
The issue #23208 is caused by the fact that generated udev database in
initramfs and the main system are often different.
So, the two issues have the same root; we should not honor
DEVICE_FOUND_UDEV bit in the deserialized_found on switching root.
This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f.
Fixes#12953 and #23208.
Replaces #23215.
Co-authored-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 75d7b5989f99125e52d5c0e5656fa1cd0fae2405)
If file is world readable, then `read_full_file_full()` will warn
about that.
(cherry picked from commit d5ad2ec1d409e983cc8727f343137bfb8615a57d)
(cherry picked from commit c87c7e723193d6a19f0d8c195296b6f00eeb3b55)
`extract_first_word()` may return positive value on success.
(cherry picked from commit 6a35d52d786137f8f955d41dbc505a818169d904)
(cherry picked from commit 900af2155833107e502feade072694b402aa831e)
it's enabled units, and they might be started by various forms of
activation, not just "at boot".
Fix that.
(cherry picked from commit 0c772b1cc1f08bee260addbecb8adc6cdf4ddeef)
(cherry picked from commit 81d33ab7f60a5fe672f3869d97bf4e007aa49510)
This fixes formatting of JSON real values, and uses C locale for them.
It's kinda interesting that this wasn't noticed before: the C locale
object we allocated was not used, hence doing the dance had zero effect.
This makes "test-varlink" pass again on systems with non-C locale.
(My guess: noone noticed this because "long double" was used before by
the JSON code and that had no locale supporting printer or so?)
(cherry picked from commit 93258c7d72fae23c9f8103c98dd0e79a24838e26)
(cherry picked from commit 2e6e30a92f5a36f84cf068f2b3c31ced7d7a9865)
Follow-up for 33eac552ab22af58b303342b1fa912900fa42820.
Fixes#23825.
(cherry picked from commit 5ad08191d85d6dd058b9d07ccf37ae4b709564e5)
(cherry picked from commit 5478878067e8e06b8150a418f07c6874761c3515)
If Parallels virtualization is detected from DMI, then trust that over CPUID.
Fixes issue caused by 28b1a3eac252d471de4fbb6f317353af30d68878.
Fixes#23856.
(cherry picked from commit 840a49f3dcee9a5243f9a31ede2edaa0a3b89e26)
(cherry picked from commit 0c36233a84c0f6c9b46523390960e60a9adae37c)
Previously, even if there is buffered inotify data, sd_event_prepare()
did not process the data when there is no pending event source.
Fixes#23826.
(cherry picked from commit 067fc917026fd1fe601de0198c5ea7b3ba782d1e)
(cherry picked from commit 632ba5b2f09646152feef0182cc94fe1b05e15ed)
Without the terminating colon we wouldn't match anything, so the loop over
properties was skipped.
(cherry picked from commit 6b0485c29a28aa238cfd8ccf123bf6f4ff3507f2)
(cherry picked from commit 09e0ccf29327be2c27ed3e7b87e072180dd9d18d)
They are various cases where the same module might be repeatedly
loaded in a short time frame, for example if a service depending on a
module keep restarting, or if many instances of such service get
started at the same time. If this happend the modprobe@.service
instance will be marked as failed because it hit the restart limit.
Overall it doesn't seems to make much sense to have a restart limit on
the modprobe service so just disable it.
Fixes: #23742
(cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1)
(cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8)
Fixes build with musl:
| ../git/src/shared/dissect-image.c: In function 'mount_image_privately_interactively':
| ../git/src/shared/dissect-image.c:2986:34: error: 'LOCK_SH' undeclared (first use in this function)
| 2986 | r = loop_device_flock(d, LOCK_SH);
| | ^~~~~~~
(cherry picked from commit 19df770fe14da601d4e54e1592c11c10ffe4df5a)
(cherry picked from commit b7773908142cf158e959302de43dea148a02ebf8)
Commit 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue
length (#12633)") added the display of the number of RX and TX Queues to the
output of `networkctl status $DEV`. However the row description says "Queue
Length".
This patch fixes the output by replacing "Queue Length" by "Number of Queues".
Fixes: 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue length (#12633)")
(cherry picked from commit 25ed7633b1d231acf61246bbdca29faa80d7f00f)
(cherry picked from commit 16b8ae51b0eca798ad595f84de0dd4f392eff0ea)
@known is generated from syscall-list.txt, which generated from kernel
headers. So, some syscalls in @obsolete may not be listed in
syscall-list.txt.
(cherry picked from commit 6d6a08547c03f96dc798cda1ef4a8d3013d292d5)
(cherry picked from commit 996979f5137d3a890acec39f427019721a4add1d)
This reverts dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs
introduced by 1624114d74f55ad9791b7624b08d89d2339a68b3.
Previously,
- On online scan, the syscall filter was a string Hashmap, but it
might contain syscall name with errno or error action. Hence, we need
to drop the errno or error action in the string.
- On offline scan, the syscall filter was a Hashmap of syscall ID, so
hashmap_contains() with syscall name did not work. We need to convert
syscall IDs to syscall names.
- If hashmap_contains() in syscall_names_in_filter() is true, then
the syscall is allowed when the list is an allow-list, and vice versa.
Hence, the condition in syscall_names_in_filter() was errnously
inverted by dd51e725df9aec2847482131ef601e0215b371a0.
This makes syscalls are always stored with its name, instead of ID,
and also correct the condition.
Fixes#23663.
(cherry picked from commit 5862e5561c9bbe87ad201e8d6b2ce2d0f04e7c37)
(cherry picked from commit 20a265b4160c5c0bbfeed2a9e8a1ca0b41f8edc3)
Note, if `n != SIZE_MAX`, we cannot check the existence of the specified
string in the set without duplicating the string. And, set_consume() also
checks the existence of the string. Hence, it is not necessary to call
set_contains() if `n != SIZE_MAX`.
(cherry picked from commit cb649d12bf3283974305c98ecf51e4bf7596a8bf)
(cherry picked from commit a64c080ccf0e854c005798870783f3f02a3d843c)
We send/recv the set of payload uid, host uid, payload gid, host gid.
Hence, the index must be incremented with 4, instead of 2.
Fixes#23664.
(cherry picked from commit 05ab439a62de8bb47e4137d2a8a473a307ccfb33)
(cherry picked from commit 20037219b702dd34b9b34050bf64030d4f93db98)
Fixes: CID#1469712
CID 1469712 (#1 of 1): Unused value (UNUSED_VALUE)
returned_value: Assigning value from sd_id128_from_string(word + 2, &boot_id) to r here,
but that stored value is overwritten before it can be used.
(cherry picked from commit c9f5ac0917409cd9eb3d55b72c2443d9b5374709)
(cherry picked from commit 73a327d2f4cca00bdca61ee4f1103ad120b74368)
The USB ID v0483pDF11 is used by the ROM code in many STMicroelectronics
devices (for firmware download) and not just signal analyzers.
(cherry picked from commit 5d049ff9204b9aad48c62c296def4daa4b53005e)
(cherry picked from commit adcd34515687e7e150d71d2ee45da74208d26f2f)
dns_label_unescape() does not nul-terminate the buffer if it does not
have enough space. Hence, if a lable is enough long, then strjoin()
triggers buffer-overflow.
Fixes#23705.
(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a)
(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321)
