IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We treat any negative value as "invalid fd", but signalfd only
accepts -1.
(cherry picked from commit cbff793ffb280d9d11e5d7b1dc3964276491bee8)
(cherry picked from commit 54c840ea58c578060e941f754a4fed2931483820)
(cherry picked from commit 4178457f0ec07452f856894988e5490bbc91cc36)
If the page size of a swap space doesn't match the page size of the
currently running kernel, swapon will fail. Let's instruct it to
reinitialize the swap space instead.
(cherry picked from commit cc137d53e36da5e57b060be5e621864f572b2cac)
(cherry picked from commit a0ac79bce9255cf33b0f208b18d888f0f700133c)
(cherry picked from commit 8be5a12c7170ed7e7b4303c16573e463ef997e23)
(cherry picked from commit 5e5fce3e918ebba5d0cbf0b64bb97f0eaeae70a3)
(cherry picked from commit 613994c10b19f02c0764aa1d5865730f3af99267)
(cherry picked from commit 46a7e30cb9f274763657d40193c2a03a02c687ab)
This ensures that services with `RemainAfterExit` but without any
process running won't cause failure during freeze.
(cherry picked from commit fcb0878f7563df9701a4d066378995c0b7ec32be)
(cherry picked from commit 2eb040f36f65c316c0d015d024faf9d27db10821)
(cherry picked from commit 9a0bd2ff7004fbc3c801430ec48054a48ae77b59)
Explicitly set __attribute__ ((noinline)) so that the compiler does not
attempt to inline expand_to_usable, even with LTO.
(cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4)
(cherry picked from commit e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4)
(cherry picked from commit 40146884585707fb5e84055d4882f735caac469b)
systemd uses malloc_usable_size() everywhere to use memory blocks
obtained through malloc, but that is abuse since the
malloc_usable_size() interface isn't meant for this kind of use, it is
for diagnostics only. This is also why systemd behaviour is flaky when
built with _FORTIFY_SOURCE.
One way to make this more standard (and hence safer) is to, at every
malloc_usable_size() call, also 'reallocate' the block so that the
compiler can see the larger size. This is done through a dummy
reallocator whose only purpose is to tell the compiler about the larger
usable size, it doesn't do any actual reallocation.
Florian Weimer pointed out that this doesn't solve the problem of an
allocator potentially growing usable size at will, which will break the
implicit assumption in systemd use that the value returned remains
constant as long as the object is valid. The safest way to fix that is
for systemd to step away from using malloc_usable_size() like this.
Resolves#22801.
(cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758)
(cherry picked from commit 34b9eddfc12936917fab000b780a451d6277c2b4)
(cherry picked from commit 70653ebeb6aa09ca6e3bad5aacf8ff950bf6d001)
gcc 13 -Wenum-int-mismatch reminds us that enum != int
(cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43)
(cherry picked from commit ba5f7915d25a400f0651bc9e8546a3ec6a738eaa)
(cherry picked from commit 85ad47e172dcba386234a93103cb6b9f3a77fefc)
Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
(cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc)
(cherry picked from commit b1b7667a44c4e8635b6d8dc070fb2446187fcdc5)
(cherry picked from commit ecb0b018d25fa7489c2535f32660a882fc44d3b7)
This reverts commit 64f0e5385139a86f2df7f78fa67ade2075726db5.
On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote:
> That patch made things worse and is disfunctional for both, usb drive and
> password.
>
> No idea if more patches are needed, but this build does not unlock a drive
> at all, if usb is configured.
(cherry picked from commit 253cc95c6439f348bbc39c1fa663880387054d6b)
This function does not expect a password, but a key file path. The
cryptsetup helper binary even calls it that.
No Code changes.
Follow up on: 6e41f4dd916293f35d7d35cea7eed1807d7ea771
Fixes: https://github.com/systemd/systemd/security/code-scanning/81
(cherry picked from commit b7de9651db7bdbb42befa653791980daa50448bb)
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.
https://bugzilla.redhat.com/show_bug.cgi?id=2152685
I went over the rest of the codebase, and it seems that other calls to
json_parse() don't have this problem.
(cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e)
(cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc)
(cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b)
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c)
(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57)
(cherry picked from commit 510a146634f3e095b34e2a26023b1b1f99dcb8c0)
(cherry picked from commit cc2eb7a9b5fd6d9dd8ea35fb045ce6e5e16e1187)
(cherry picked from commit cb044d734c44cd3c05a6e438b5b995b2a9cfa73c)
If udevd broadcasts a processed device with huge amount of properties,
then clients cannot receive the device.
Fixes#24987.
(cherry picked from commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2)
(cherry picked from commit cf21555d6df5d9eed0bf5699262deb6e9388b63b)
Follow-up to c9615f7352 and 70666e28a1.
(cherry picked from commit 1ca1bb03dec9ae3e8d734bd40eeb60210ffd7a0a)
(cherry picked from commit ee42e84968e9a69e8dfc9d25839477227d697cbb)
Previously, interfaces are partially reconfigured in a spurious way.
Let's use the same way as `networkctl reconfigure`.
Hopefully fixes#14987 and #24997.
(cherry picked from commit a39a9ac8065c29330207838b70fe388bde2bc254)
(cherry picked from commit 7eefd2fbb718fde3a03456d7468f72bb86043816)
As reported by @holtmann
(cherry picked from commit 6032283b2fcc4ff6713eb84433a170a71ff84641)
(cherry picked from commit d94f19781816a03178e67b24f4d8d879e7ebcb6d)
Previously, ata_id might not be able to retrieve attributes correctly,
and properties from usb_id were used as a fallback. See issue #24921
and PR #24923. To keep backward compatibility, still we need to create
symlinks based on USB serial.
Fixes#25179.
(cherry picked from commit 479da1107a0d4e2f7ef5cd938512b87a0e45f180)
(cherry picked from commit b61fcaca1b4243f3adac7eb6b6dc39585f1c03a4)
Fixes#25177.
Co-authored-by: Steve Ramage <gitcommits@sjrx.net>
(cherry picked from commit 1d87f03a6e62476b996bccaba62af329aa40ba1c)
(cherry picked from commit 6fc2f387af6ad276a117b49c8e6fb6c8f5039df1)
When reboot is invoked, the -p/--poweroff option is intentionally
ignored. Update the man page to reflect this exception.
(cherry picked from commit 6dfaeac3704c68a1e297cef0c08e5b6ee1dbf3b7)
(cherry picked from commit c339e8d71b4702a443339077b39b061848460c8d)
Note that -O0 is deliberately filtered out as we have to compile with at
least -O1 due to #24202.
Fixes: #24323
(cherry picked from commit 7aa4762ce274a1c9a59902b972fa4fdee1b22715)
(cherry picked from commit 23d66a03dec8640e8f8603686c6d0a739084a823)
In https://github.com/containers/podman/issues/16107, starting of a transient
slice unit fails because there's a "global" drop-in
/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by
systemd-oomd-defaults package to install some default oomd policy). This means
that the unit_is_pristine() check fails and starting of the unit is forbidden.
It seems pretty clear to me that dropins at any other level then the unit
should be ignored in this check: we now have multiple layers of drop-ins
(for each level of the cgroup path, and also "global" ones for a specific
unit type). If we install a "global" drop-in, we wouldn't be able to start
any transient units of that type, which seems undesired.
In principle we could reject dropins at the unit level, but I don't think that
is useful. The whole reason for drop-ins is that they are "add ons", and there
isn't any particular reason to disallow them for transient units. It would also
make things harder to implement and describe: one place for drop-ins is good,
but another is bad. (And as a corner case: for instanciated units, a drop-in
in the template would be acceptable, but a instance-specific drop-in bad?)
Thus, $subject.
While at it, adjust the message. All the conditions in unit_is_pristine()
essentially mean that it wasn't loaded (e.g. it might be in an error state),
and that it doesn't have a fragment path (now that drop-ins are acceptable).
If there's a job for it, it necessarilly must have been loaded. If it is
merged into another unit, it also was loaded and found to be an alias.
Based on the discussion in the bugs, it seems that the current message
is far from obvious ;)
Fixes https://github.com/containers/podman/issues/16107,
https://bugzilla.redhat.com/show_bug.cgi?id=2133792.
(cherry picked from commit 1f83244641f13a9cb28fdac7e3c17c5446242dfb)
(cherry picked from commit 98a45608c4bf5aa1ba9b603ac2e5730f13659d88)
Not not IN_SET(…) is just too much for my poor brain. Let's invert
the expression to make it easier to undertand.
(cherry picked from commit b146a7345b69de16e88347acadb3783ffeeaad9d)
(cherry picked from commit 228cd82d2cc9c24d42b2f025c24bfd29e1ce10c3)
Semi-quoting https://github.com/systemd/systemd/issues/25057:
clang-16 has made the choice to turn on -Werror=implicit-function-declaration,implicit-int.
(See Gentoo's tracker bug https://bugs.gentoo.org/870412).
Added in commit 132c73b57ad1d363e97e1f4720f0e920826f34e1, systemd now does a
check to see if libatomic is needed with some compile/link tests with e.g.
__atomic_exchange_1, but the tests don't provide a prototype for
__atomic_exchange_1 so with clang-16 the test fails, breaking the build.
Let's simplify things by linking to libatomic unconditionally if it is found
and seems to work. If actually unneeded, it might be dropped via --as-needed.
This seems to work with gcc and clang.
declare_dependency() is used instead of cc.find_library(), because the latter
picks up a symlink in gcc private directory (e.g.
/usr/lib/gcc/x86_64-redhat-linux/12/libatomic.so), and we don't want that.
Fixes#25057.
(cherry picked from commit 96f8c63601a33a7e9e47397be2de811e00477ad8)
(cherry picked from commit d61ccd0252c532596c72bb1161d67b5b47ffb1a3)
We would deadlock when passing the data back from the forked-off process that
was doing backtrace generation back to the coredump parent. This is because we
fork the child and wait for it to exit. The child tries to write too much data
to the output pipe, and and after the first 64k blocks on the parent because
the pipe is full. The bug surfaced in Fedora because of a combination of four
factors:
- 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which
allowed coredump processing to be successful.
- 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output
was very verbose.
- Fedora has the ELF package metadata available, so a lot of output can be
generated. Most other distros just don't have the information.
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
are generated for it.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
The code is changed to try to write data opportunistically. If we get partial
information, that is still logged. In is generally better to log partial
backtrace information than nothing at all.
(cherry picked from commit 076b807be472630692c5348c60d0c2b7b28ad437)
(cherry picked from commit 087cbfd9362d15eaa389060baa64bc40d1d7fbd0)
It is useful to distinguish if json_parse_file() got no input or invalid input.
Use different return codes for the two cases.
(cherry picked from commit 87a16eb8b54002a49f12944fc09ce45d0cbadf45)
(cherry picked from commit ab587aaf8e104202e2f5d215950e8f494ce08629)
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.
Result of the mess that is #25052.
(cherry picked from commit 8f598a463571608cbeb1b562afcadf2db335a530)
(cherry picked from commit d1066f33b53ec6a51166008c3116d722ed9c75c0)
They didn't actually change API between major versions, so let's
support the previous version as well so we can add CentOS 8 Stream
back to CI.
(cherry picked from commit 3f5225d7f301f70c9418122cf1e1989ccb33ea76)
(cherry picked from commit e2a07cdac6c2750c4d2d771da8c708cb1626b314)
This system call is harmless because it only enforces ordering between stores
and instruction cache fetch.
fixed#24991
Related: https://github.com/felixonmars/archriscv-packages/issues/1840
Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
(cherry picked from commit 09925036cf2b5a5c4cf680422a38c427ca692cd6)
(cherry picked from commit 8be601f7ef4d650adfa78356dbe83f8c6aee2f62)
The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
argument, so we need to call manager_is_on_external_power(). Otherwise
the function pointer is interpreted as a boolean and always returns
true:
```
$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
b true
$ /lib/systemd/systemd-ac-power --verbose
no
```
Thanks: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150)
(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9)
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.
While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.
(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1)
(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5)
This also moves the check for writable paths from test-execute to TEST-34.
Closes#10337.
(cherry picked from commit f01f70a9a3f3609c0c8bdbaa4b0b4abbb2b43993)
(cherry picked from commit 40053e60f5bfd51c0effb5869172cebe8cbe9228)
The very basic functinality of StateDirectory= or friends is creating
specified directories. That should work if one entry is a subdirectory
of another. However, it does not when combined with DynamicUser=yes.
To support such case, this adds ExecDirectoryItem.only_create flag, and
if it is set PID1 only create private directory, and not create the symlink
to the private directory.
Fixes#24783.
(cherry picked from commit a2ab603cc42e1484c799f76a233b077c17db91cb)
(cherry picked from commit 0ba2e4bb6943545a4e43855970a3a3102dffbbc0)
Follow-up for 211a3d87fb1fe971dc42a47b4c5cc167def8ab4e.
Previously, although ExecDirectoryItem.symlinks is strv, it always
contains at most one symlink.
(cherry picked from commit 564e5c987877f7e481d896c7fd82e8e5a69addc2)
(cherry picked from commit 1de3cb97ee0157dd53e583b369a41e55d3ca8977)
Even if a bonding master interface has carrier, the underlying slave
interfaces may not. In such a case, sending solicitation fails with
-ENOBUS. Here, let's unconditionally ignore errors, as anyway we will
send a solicitation later.
Fixes#24717.
(cherry picked from commit 852bf93826b151be8b85d894071d95eb3b0d4498)
(cherry picked from commit d7b83b99862fd51226ec2960d65a6e3fdc8dfeed)
We would fail with an assert in sd_bus_message_enter_container() afterwards.
(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5)
(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc)
In general, log_syntax_internal() must keep errno unchanged. But the
call to log_syntax_callback() was added outside of the block protected
by PROTECT_ERRNO.
(cherry picked from commit 6b7834fe5de3de690e6efb9467c61691c4b2f30f)
(cherry picked from commit 40742ac74f6b8c0dd2b87a34817cf1b74f089ad1)
