IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Historically, systemd-tmpfiles was designed to manager temporary
files, but nowadays it has become a generic tool for managing
all kinds of files. To avoid user confusion, let's remove "temporary"
from the tool's description.
As discussed in #33349
(cherry picked from commit b5c8cc0a3b8e4e2fea0539d6420a76b524ea5735)
(cherry picked from commit 1a0e6961cfaed42bda542e111738c136f7b4d73f)
(cherry picked from commit c752efdfbac84cd62ddc54fc6ff7c58361f7f998)
SHA384 is pretty much the bank we actually *want* to use, since it's
faster to calculate than SHA256, hence at the very least, start
considering.
(cherry picked from commit acaca5ab250a51be6ba07768bee80bf0f7b462fa)
(cherry picked from commit 51390a1f41a762ef96d3c496d8a5d890d722907d)
(cherry picked from commit 5024b1b09634e7cee4308457ac327854740b0a4a)
Let's skip udev device scanning when activating a LUKS volume in
systemd-repart as we don't depend on any udev symlinks and don't
expect anything except repart to access the volume.
Suggested by https://github.com/systemd/systemd/issues/33129#issuecomment-2143390941.
(cherry picked from commit 726fc7ae696510b04c24810f691d34f5d20529d6)
(cherry picked from commit d316aed5d8e15fb5b13b5618f1b2d1d020b1e7bf)
(cherry picked from commit 1ccc38ebf91dc7e79115080c79d0375f1bea5ac3)
This check introduced in 91adc4db33f6 is intended to spare us from
encountering broken resolver behavior we don't want to deal with.
However if we aren't validating we more than likely don't know the state
of the upstream resolver's support for dnssec. Let's let clients try
these queries if they want.
This brings the behavior of sd-resolved in-line with previouly stated
change in the meaning of DNSSEC=no, which now means "don't validate"
rather than "don't validate, because the upstream resolver is declared to
be dnssec-unaware".
Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
(cherry picked from commit 364c948707afa097f6ad177b61c2b51a86c0089a)
(cherry picked from commit ba031f1fe86e36d7adc0340b047de32399c98bf7)
(cherry picked from commit 5299397e49536dae7903bc4f5bf11d375146261d)
This allows us to reserve a bunch of capacity ahead of time,
improving the performance of hwdb significantly thanks to not
having to reallocate so many times.
Before:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
==113297== Memcheck, a memory error detector
==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==113297== Command: ./systemd-hwdb update
==113297==
==113297==
==113297== HEAP SUMMARY:
==113297== in use at exit: 0 bytes in 0 blocks
==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated
==113297==
==113297== All heap blocks were freed -- no leaks are possible
==113297==
==113297== For lists of detected and suppressed errors, rerun with: -s
==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k
0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps
```
After:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
==112572== Memcheck, a memory error detector
==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==112572== Command: ./systemd-hwdb update
==112572==
==112572==
==112572== HEAP SUMMARY:
==112572== in use at exit: 0 bytes in 0 blocks
==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated
==112572==
==112572== All heap blocks were freed -- no leaks are possible
==112572==
==112572== For lists of detected and suppressed errors, rerun with: -s
==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k
0inputs+25264outputs (0major+57275minor)pagefaults 0swaps
```
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
(cherry picked from commit 621b10fe2c3203c537996e84c7c89b0ff994ad93)
(cherry picked from commit 514ef0f93b76cbe0ba6b4de07a7b21fd0c2b7bae)
(cherry picked from commit aa0dd89d3faebce3b051f1c63bb234ea8777dd60)
As per the suggestion in https://github.com/systemd/systemd/issues/33242.
This reduces the number of /dev/ttySXX device units generated in
mkosi from 32 to 4.
(cherry picked from commit dc38f9addd04c34d1fd743efc407bdebb3573d05)
(cherry picked from commit a3d94332a2b5128697373d3093c1cfa56649ec61)
(cherry picked from commit 639124214e0f5fb767716d0b2b7ee7a0c75a5c4a)
I do not think this is necessary, but all other places in
libsystemd-network we clear buffer before receive. Without this,
Coverity warns about use-of-uninitialized-values.
Let's silence Coverity.
Closes CID#1469721.
(cherry picked from commit 40f9fa0af4c3094d93e833e62f7e301cd453da62)
(cherry picked from commit 0d573787ea1610ba57a359cf437841f62b186e77)
(cherry picked from commit aa93c07b3a5701f13163b190ee4e6ffd4de32eb5)
Denials from AppArmor are raised as EACCES, so EPERM is not enough. Do
the same check as PrivateNetwork above.
Fixes https://github.com/systemd/systemd/issues/31037
Related to 06384eb3c5044f632f50304a0210a402460f1189
(cherry picked from commit cafe40ec8201db31c6d3519474ef40a72541d511)
(cherry picked from commit e4817103d0f32a3492608f14da6628d5c9b83197)
Follow-up for 677430b3c7fcd1b352eb66f19b8746741459b91a
(cherry picked from commit d8f5a310227e7c74548b7f6ca9aafd39af6a621f)
(cherry picked from commit 632b4934a0a0d0c048d94a3baab4668b58577a03)
With b9684a71fc (v5.19),
we cannot check partition scanning is enabled for a loopback block device
without checking the attribute.
(cherry picked from commit bab8c851daaa2a4ed9febb7cc958f701ee024151)
(cherry picked from commit ae7a07b9ff9066f549ea5ae95be5201d581ea0e8)
With 430cc5d3ab,
the value of GENHD_FL_NO_PART, previously named as GENHD_FL_NO_PART_SCAN,
is changed from 0x0200 to 0x0004. So, we need to check both flags.
(cherry picked from commit f0c2668c9934682a3b4ed5c228c05e26bb0ba1dc)
(cherry picked from commit 49b0f0ed08ec50d0ca9d19de657493800b72420b)
So, we need to try to read timezone several times.
Also, on failure, show journal of timedated instead of hostnamed,
as the timezone is handled by timedated.
Hopefully fixes#33007.
(cherry picked from commit 1ef586af237e685c32676e381a5ce8d4918f9225)
(cherry picked from commit 91d31ca3bcf929346ec872d387cd33030d4e1570)
Before:
/etc/kernel/install.conf:6: Unknown key name 'asdf' in section '(null)', ignoring.
After:
/etc/kernel/install.conf:6: Unknown key 'asdf', ignoring.
Also make the message a bit better.
(cherry picked from commit 600a7405a9a7cdf2d6a7e669df4fa6025924ba82)
(cherry picked from commit a2f32b99f354c3fc2d4e9b49c26f64357f5a0887)
When running in LXC with AppArmor we'll most likely get an error when creating
a network namespace due to a kernel regression in < v6.2 affecting AppArmor,
resulting in denials. Like other tests, avoid failing in case of permission
issues and handle it gracefully.
(cherry picked from commit 6ab21f20bd982bc1a9ece47dcffa1137a76cc48a)
(cherry picked from commit ff354605fc440100c2f6aac16a6cce79cf59eef8)
As per the documentation, EACCES is only returned when F_SETLK is
used, and only on some platforms, which doesn't seem to include
Linux:
https://github.com/torvalds/linux/blob/master/fs/locks.c
F_OFD_SETLK is documented to only return EAGAIN, and F_SETLKW/F_OFD_SETLKW
are blocking operations so this logic doesn't apply to them in the
first place.
Hence, only automatically convert EACCES into EAGAIN for F_SETLK
operations, and propagate the original error in the other cases.
This is important because in some cases we catch permission errors
and gracefully fallback, which is not possible if the original error
is lost.
This is an issue in practice because, due to a kernel bug present
before v6.2, AppArmor denies locking on file descriptors to LXC
containers. We support all currently maintained LTS kernels,
including v6.1, where despite a lot of effort and attempts over almost
a year, the bugfix still hasn't been backported, as it is complex and
requires large changes to AppArmor.
On affected kernels, all services running with PrivateNetwork=yes
fail and do not recover, instead of the normal behaviour of gracefully
downgrading to PrivateNetwork=no.
The integration tests in the Debian CI fail due to this issue:
https://ci.debian.net/packages/s/systemd/testing/arm64/46828037/
(cherry picked from commit 06384eb3c5044f632f50304a0210a402460f1189)
(cherry picked from commit 2af054219547b848c309d11cccc6ff11769fec1d)
On running cryptsetup, udevd detects two inotify events for the
underlying device. Running the test on enough fast host, the expected
symlinks based on UUID and disk label are created by the second event.
During processing a uevent for a device, udevd disables the inotify
watch for the device. If the test runs on slow system, the second
inotify event may comes during a udev worker processing the synthesized
uevent triggered by the first inotify event. Hence, no synthesized
uevent for the second inotify event will be generated, and the expected
symlinks will be never created.
To prevent the issue, we need to lock the device during cryptsetup
command is running.
Fixes#32913.
(cherry picked from commit be43c9b0295120e508de1afd739af6fb7603186a)
(cherry picked from commit 640dbad3e75b0c67ed1f6c1afd02ceb313a0d8c8)
Otherwise, when stopping the service, the last command may not be
started yet, and the service manager may not send SIGTERM signal to the
last command, but send SIGKILL on timeout.
===
May 21 08:23:24 test19-exit-cgroup.sh[437]: + disown
May 21 08:23:24 test19-exit-cgroup.sh[438]: + sleep infinity
May 21 08:23:24 test19-exit-cgroup.sh[437]: + systemd-notify --ready
May 21 08:23:24 test19-exit-cgroup.sh[437]: + sleep infinity
May 21 08:23:24 test19-exit-cgroup.sh[441]: + systemctl stop one
May 21 08:23:24 test19-exit-cgroup.sh[443]: + sleep infinity
(snip)
May 21 08:23:24 systemd[1]: one.service: Changed running -> stop-sigterm
May 21 08:23:24 systemd[1]: Stopping one.service - /tmp/test19-exit-cgroup.sh "systemctl stop one"...
May 21 08:23:24 systemd[1]: Received SIGCHLD from PID 441 (systemctl).
May 21 08:23:24 systemd[1]: Child 437 (bash) died (code=killed, status=15/TERM)
May 21 08:23:24 systemd[1]: one.service: Child 437 belongs to one.service.
May 21 08:23:24 systemd[1]: one.service: Main process exited, code=killed, status=15/TERM (success)
May 21 08:23:24 systemd[1]: Child 439 (bash) died (code=killed, status=15/TERM)
May 21 08:23:24 systemd[1]: one.service: Child 439 belongs to one.service.
May 21 08:23:24 systemd[1]: Child 441 (systemctl) died (code=killed, status=15/TERM)
May 21 08:23:24 systemd[1]: one.service: Child 441 belongs to one.service.
May 21 08:23:24 systemd[1]: Child 442 (bash) died (code=killed, status=15/TERM)
May 21 08:23:24 systemd[1]: one.service: Child 442 belongs to one.service.
(snip)
May 21 08:24:54 systemd[1]: one.service: State 'stop-sigterm' timed out. Killing.
May 21 08:24:54 systemd[1]: one.service: Killing process 443 (sleep) with signal SIGKILL.
May 21 08:24:54 systemd[1]: one.service: Changed stop-sigterm -> stop-sigkill
May 21 08:24:54 systemd[1]: Received SIGCHLD from PID 443 (sleep).
May 21 08:24:54 systemd[1]: Child 443 (sleep) died (code=killed, status=9/KILL)
May 21 08:24:54 systemd[1]: one.service: Child 443 belongs to one.service.
May 21 08:24:54 systemd[1]: one.service: Control group is empty.
May 21 08:24:54 systemd[1]: one.service: Failed with result 'timeout'.
May 21 08:24:54 systemd[1]: one.service: Service restart not allowed.
May 21 08:24:54 systemd[1]: one.service: Changed stop-sigkill -> failed
May 21 08:24:54 systemd[1]: one.service: Job 738 one.service/stop finished, result=done
May 21 08:24:54 systemd[1]: Stopped one.service - /tmp/test19-exit-cgroup.sh "systemctl stop one".
May 21 08:24:54 systemd[1]: one.service: Unit entered failed state.
May 21 08:24:54 systemd[1]: one.service: Releasing resources...
===
Fixes#32947.
(cherry picked from commit a5edb9b7b1366812d5bf558c95a433dae96d7b75)
(cherry picked from commit 139395d7332de385b28ece7a61473d9f854e080f)
Fixes https://github.com/systemd/systemd/issues/32680#issuecomment-2120974685.
===
May 21 02:45:08 TEST-74-AUX-UTILS.sh[2475]: + mountpoint /tmp/tmp.eaRV7lSbX2/mnt
May 21 02:45:08 TEST-74-AUX-UTILS.sh[2476]: /tmp/tmp.eaRV7lSbX2/mnt is not a mountpoint
May 21 02:45:08 TEST-74-AUX-UTILS.sh[2449]: + systemd-mount /dev/loop0 /tmp/tmp.eaRV7lSbX2/mnt
May 21 02:45:08 systemd-mount[2477]: Failed to start transient mount unit: Unit tmp-tmp.eaRV7lSbX2-mnt.mount was already loaded or has a fragment file.
===
(cherry picked from commit 4a8ca3c6d595598f64cf532fad2c98ef7481f6a4)
(cherry picked from commit 1a6a2d8f2476f2468ac96bd973bbc890eaa9f996)
Follow-up for ade0789fabbf01b95bf54d32f8cab1217a753f03
The change in behavior was partly intentional, as I think
if both --wait and --pty are used, manually disconnecting
from PTY forwarder should not result in systemd-run exiting
with "Finished with ..." log. But we should check for
--wait here.
Closes#32953
(cherry picked from commit 2b4a691c32aadbc45491c8b243ec3cf7ed910f55)
(cherry picked from commit 46561305cba2fcb64726616e88c7b33b2f23c988)
Fixup for e3828d7103a99a15a1e947ba3063294ead590631, as requested in
https://github.com/systemd/systemd/pull/32892#issuecomment-2117903328.
(cherry picked from commit 055b465a3f56f9d53370a47b91af9cc2ffad4470)
(cherry picked from commit 78e023aa021d44083a5f1213dadb32f5d0706b17)
Makes it easier to switch for debuggin
(cherry picked from commit 5002b576d8d3d338df90f7d51543f44dd571f388)
(cherry picked from commit c64e96061b2f84c3e97e810cf7d3a1fe94550409)
Due to the bug in kernel 6.9 caused by
8debcf5832,
the net_id udev builtin does not work for netdevsim interface.
So, eni99np1 cannot be used with kernel 6.9 anymore.
Workaround for #32910.
(cherry picked from commit f1f1be71feacb3b5d2fb89e2f6421c23b9320fbd)
(cherry picked from commit 221b2783ba305f4e7c7c8ea8b32cbd2106499c65)
Fixes a bug introduced by 1ddb263d21099ae42195c2bc382bdf72a7f24f82.
Note, this requires the previous two commits, and cannot backport without them.
Note, before the previous commit, the use-after-free could be triggered
only by Rename() DBus method, and could not by RenameImage(), as we did not
cache Image object when RenameImage() method is called. And machinectl
always uses RenameImage(). Hence, the issue could be triggered only when
Rename() DBus method is explicitly called by e.g. busctl.
With the previous commit, the Image object passed to the function is
always cached. Hence, the issue could be triggered even with machinectl
command, and this fix is important.
(cherry picked from commit 3b1b2d4e3d544c593399e914fd1c3a5f61d7e827)
(cherry picked from commit c937169b0ef8403bb7a35741e2587dc5473601b8)
Previously, Image objects were only cached when reading properties or
methods in the org.freedesktop.machine1.Image interface are called.
This makes that, when a method in the main interface (org.freedesktop.machine1)
for an image is called, also acquire the Image object from the cache,
and if not cached, create Image object and put into the cache, like we
do for org.freedesktop.machine1.Image.
Otherwise, if some properties of an image are updated by methods in the main
interface, e.g. MarkImageReadOnly(), the changes do not applied to the cached
Image object, and subsequent read of proerties through the interface for the
image, e.g. ReadOnly property, may provide outdated values.
Follow-up for 1ddb263d21099ae42195c2bc382bdf72a7f24f82.
Fixes#32888.
(cherry picked from commit c6aeb9b596749b263145346c7fa2c6bf7fbd3867)
(cherry picked from commit bf270a3b06eff023b13e252d1d9c1876449b79e1)
Preparation for the next commit. No functional change.
(cherry picked from commit 6d917da1409eae3b6988ed56cc4812252058ecdb)
(cherry picked from commit aa6822f2bdca04feb0f3d7224da2d29b02578fb9)
Same as the previous commit, but for SetLimit DBus method vs Limit
property and friends.
(cherry picked from commit 96ac6d3fccfe84eeda806da3d132a1374f8b5216)
(cherry picked from commit a2349e8ce6b511f24b2ecea58be5ada820a41058)
Otherwise, ReadOnly DBus property in org.freedesktop.machine1.Image or
org.freedesktop.portable1.Image will not be updated by MarkReadOnly DBus
method.
(cherry picked from commit 608c321f232105966e509265c13ae061c03b9f77)
(cherry picked from commit c16f4aaf6588238b979bbab74e0327c736eb16f6)
The rationale is similar to 40e1f4ea7458a0a80eaf1ef356e52bfe0835412e.
Currently, we only pass TTYPath=/dev/pts/... to
the transient service spawned by systemd-run.
This is a bit problematic though, when ExecStartPre=
or ExecStopPost= is used. Since when these control
processes get to run, the main process is not yet
started/has already exited, hence the slave suffers
from the same vhangup problem as the mentioned commit.
By passing the slave fd in, the service manager will
hold the fd open as long as the service is alive.
Fixes#32916
(cherry picked from commit 28459ba1f4df824d5ef7f7d1a9acb6953ea24045)
(cherry picked from commit 182b80bede28ef6e9c0d0edd34c56a467d22dee5)
Follow-up for 6c2d47d6d3ad25ffd7527c7f4de31457ee1b25d8.
Fixes the following unexpected skip:
```
[ 6.163670] TEST-64-UDEV-STORAGE.sh[596]: + modinfo btrfs
[ 6.164102] TEST-64-UDEV-STORAGE.sh[726]: /usr/lib/systemd/tests/testdata/units/TEST-64-UDEV-STORAGE.sh: line 726: modinfo: command not found
[ 6.164683] TEST-64-UDEV-STORAGE.sh[727]: + echo 'This test requires the btrfs kernel module but it is not installed, skipping the test'
[ 6.165069] TEST-64-UDEV-STORAGE.sh[728]: + tee --append /skipped
[ 6.166801] TEST-64-UDEV-STORAGE.sh[728]: This test requires the btrfs kernel module but it is not installed, skipping the test
[ 6.167177] TEST-64-UDEV-STORAGE.sh[596]: + exit 77
```
(cherry picked from commit 2569e790f6352797f8e326ed472f49479791a2ac)
(cherry picked from commit 0868f29eae4e1577eb494808a7875df69845f50c)
"norecovery" was deprecated for btrfs in
74ef00185e
and removed in
a1912f7121.
Let's drop our assumption that btrfs supports "norecovery" and first query for the
new name of the option followed by querying for the old name.
(cherry picked from commit e3828d7103a99a15a1e947ba3063294ead590631)
(cherry picked from commit c267ea9a89cb5f2fe29ae9f93c703ce9dc07cbb0)
If a session in closing state, the user state will be in online.
Fixes#32698.
(cherry picked from commit fc5112580a0eafe1f4f56ec35522578b7e76bca5)
(cherry picked from commit ec0a8c8d469356faab5db4e116bd9d4bedfefffb)
Otherwise we log a noisy error when we get ECONNRESET.
(cherry picked from commit 2540036979b341f22567e848e6698cbe993932e3)
(cherry picked from commit 51c2887c850fcc0326233c5b1aaf60ce5182e397)
If tests are run during build time, without an already installed
systemd they fail to resolve the sysusersdir and tpmfilesdir pkg-config variables.
(cherry picked from commit 2aee829fc88fdde3983080de5c56fa06eb678280)
(cherry picked from commit 936576d0f5300d3f5b455246acbba729b558659b)
We want to eanble running tests as part of the build, but
our builds run in VMs with networking disabled.
(cherry picked from commit 19614a08d13fb8e0e73f1cb5859f8011e7df2394)
(cherry picked from commit 1b75c5144544aa7153317209339c552d948d4b12)
If we destroy both an event loop and a curl contect object at the same
time, then we get into this weird situation where curl wants us to
reconfigure a timout event source right before destruction, which
sd-event will refuse however, since it is already being shutdown.
Hence, catch that and simply don't bother adjusting the timeout, since
we cannot get back from there anyway.
(cherry picked from commit c5ecf0949460dd0bf3211db128a385ce6375252e)
(cherry picked from commit 73164d4819afdb3d0870c3d5ce769d1e0a90347a)
The state might be "freezing-by-parent" as well so let's take that
into account.
Fixes#32746
(cherry picked from commit 034e85c5f3608b8ae48ab1ad76b8af0b2c2fd3e5)
(cherry picked from commit 33a8ea65ca28b67a1faf766143e2847be5dd379e)
Follow-up for 9de324c3c919f20fd49e1d25579f5a66cac0eaa0.
(cherry picked from commit a937fa96ac121bc8c1e74c3014c6bc0f2a597aeb)
(cherry picked from commit 29868fb1238a7127b4f939f5693732eeb96f7aba)
