IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Some distributions have started phasing out SHA1, which breaks
the systemd-measure test case in its current form. Let's make sure we
can use SHA1 for signing beforehand to mitigate this.
Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:
```
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem"
...
openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem"
writing RSA key
/usr/lib/systemd/systemd-measure sign --current --bank=sha1 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem"
Failed to initialize signature context.
```
[0] https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch
(cherry picked from commit d19e5540f20c78caa949ff33050b4a530cae1982)
reset_terminal_fd sets certain minimum required terminal attributes
that systemd relies on.
One of those attributes is `ONLCR` which ensures that when a new line
is sent to the terminal, that the cursor not only moves to the next
line, but also moves to the very beginning of that line.
In order for `ONLCR` to work, the terminal needs to perform output
post-processing. That requires an additional attribute, `OPOST`,
which reset_terminal_fd currently fails to ensure is set.
In most cases `OPOST` (and `ONLCR` actually) are both set anyway, so
it's not an issue, but it could be a problem if, e.g., the terminal was
put in raw mode by a program and the program unexpectedly died before
restoring settings.
This commit ensures when `ONLCR` is set `OPOST` is set too, which is
the only thing that really makes sense to do.
(cherry picked from commit 9fe26523a189435d75b9d745188e09c17928d89e)
Follow-up for da15f8406e9aeb7908e1d92c02d2ff5147c7788a which did the
change for systemd-networkd-wait-online.service, let's also do this for
systemd-networkd-wait-online@.service
(cherry picked from commit 51f3dc2234082c1ca9bdda403e4f355cab6be03b)
Otherwise, if a device is removed while switching root, then the
corresponding .device unit will never go to inactive state.
This replaces the code dropped by cf1ac0cfe44997747b0f857a1d0b67cea1298272.
Fixes#25106.
(cherry picked from commit b6c86ae28149c4abb2f0bd6acab13153382da9e7)
--recursive=no will overwrite possible -P or -k option hence making the
recursive disabling impossible.
Check what counting types the system supports (encoded in the ordering
of our enum) of and pick whatever user requests but is also supported.
Fixes: #25248
(cherry picked from commit 48600b3524afe05d0faa8a5c88b5aaa53b801199)
Filenames to store user linger requests are created with C-escaping.
When we enumerate the files to acquire ligering users, we use the
filenames verbatim. In the case C-escaping is not an identity map (such
as "DOMAIN\User"), we won't be able to start user instances of
such mangled users.
Unescape filenames when we treat them as usernames again.
Fixes: #25448
(cherry picked from commit f38e89c23ce52efa27bb47f5c3dafecdb987492b)
We don't want systemd-networkd-wait-online to start if systemd-networkd
is skipped due to condition failures. This is only guaranteed by BindsTo=
and not Requires=, so let's use BindsTo=
(cherry picked from commit da15f8406e9aeb7908e1d92c02d2ff5147c7788a)
A NULL Bitmap object is by all our code considered identical to an empty
bitmap. Hence let's remove the entirely unnecessary assert().
The assert() can be triggered if debug monitoring is used an an empty
NSEC or NSEC3 RR is included in an answer resolved returns.
it's not really a security issue since enabling debug monitoring is a
manual step requiring root privileges, that is off by default. Moreover,
it's a "clean" assert(), i.e. the worst that happens is tha a coredump
is generated and resolved restarted.
Fixes: #25449
(cherry picked from commit fb896517aeecc2a8ec16586a34a0249606eb9f66)
The EFI shell will pass the entire command line to the application it
starts, which includes the file path of the stub binary. This prevents
us from using the built-in cmdline if the command line is otherwise
empty.
Fortunately, the EFI shell registers a protocol on any images it starts
this way. The protocol even lets us access the args individually, making
it easy to strip the stub path off.
Fixes: #25201
(cherry picked from commit b17f3b3d8077ab6827549a123ac636d655fe8d4d)
This fixes some bugs that could lead to garbage getting appended to the
command line passed to the kernel:
1. The .cmdline section is not guaranteed to be NUL-terminated, but it
was used as if it was.
2. The conversion of the command line to ASCII that was passed to the
stub ate the NUL at the end.
3. LoadOptions is not guaranteed to be a NUL-terminated EFI string (it
really should be and generally always is, though).
This also fixes the inconsistent mangling of the command line. If the
.cmdline section was used ASCII controls chars (new lines in particular)
would not be converted to spaces.
As part of this commit, we optimize conversion for the generic code
instead of the (deprecated) EFI handover protocol. Previously we would
convert to ASCII/UTF-8 and then back to EFI string for the (now) default
generic code path. Instead we now convert to EFI string and mangle that
back to ASCII in the EFI handover protocol path.
(cherry picked from commit 927ebebe588970fa2dd082a0daaef246229f009b)
Pass getuid() instead of literal `0` as auid, since user session
managers also issue audit messages on SELinux denials.
(cherry picked from commit c826b7ef3272157167a5c9d493e9672f00d84b98)
Since f7725647bb41c3398a867f139efe526efe8aa1b3 when dissecting a disk
image we operate with fds to the device nodes in question wherever we
can. This includes when we fork off fsck, where we pass a /proc/self/fd/
path as argument. This only works if we keep that fd open however and
disable O_CLOEXEC on the fd. Hence do so, and fix fsck this way.
(Without this, all fsck will fail, since the fd path is invalid)
(cherry picked from commit f8ab781223bcb0330ee4499b879a62e84fee313e)
Often the fds that shall stay around in the child shall be passed
to a process over execve(), hence add an option to explicitly disable
O_CLOEXEC on them in the child.
(cherry picked from commit 981cfbe046297a18f2cb115ef81202f3bd68d2a3)
let's handle gracefully if fds in the specified array are already
invalidated (i.e. negative). This is handy when putting together arrays
on the fly.
(cherry picked from commit d11c14a9817f6561a30d96d8faea126a4c811af8)
In provision.conf we ship:
d- /root :0700 root :root -
d- /root/.ssh :0700 root :root -
These are allowed to fail, for example on a read-only filesystem. But they still
log at error level, which is annoying and gets flagged. Tune those specific errors
down to info.
There are likely more that could be tuned down, but the important thing is to cover
the tmpfiles.d that we ship right now.
Before:
$ echo -e "d- /root :0700 root :root - \nd- /root/.ssh :0700 root :root -" | SYSTEMD_LOG_LEVEL=err build/systemd-tmpfiles --root=/tmp/img --create -
Failed to create directory or subvolume "/tmp/img/root": Read-only file system
Failed to open path '/tmp/img/root': No such file or directory
$
After:
$ echo -e "d- /root :0700 root :root - \nd- /root/.ssh :0700 root :root -" | SYSTEMD_LOG_LEVEL=err build/systemd-tmpfiles --root=/tmp/img --create -
$
(cherry picked from commit 244c2a8344c01e94cd9bdf835de998b89bc53179)
strv_make_nulstr() is documented to always return a valid nulstr,
but if the input is `NULL` we return a string terminated with only
a single NUL terminator, so let's fix that and always terminate the
resulting string with two NUL bytes.
(cherry picked from commit 5ea173a91b2093664a9ebb9add678edd6f5d1efd)
Follow-up for #25368.
Let's consider ENOENT an expected error, and just debug log about it
(though, let's suffix it with `, ignoring.`). All other errors will log
loudly, as they are unexpected errors.
(cherry picked from commit af1bed8e83c3d380d1eb0b9147684b76d1ee4df0)
To make consistent with the printed boot id below and other tools e.g.
efibootmgr.
(cherry picked from commit a7dcb75c539dd5bb69b72e47c820fe79c794409a)
Fixes a bug introduced by f7725647bb41c3398a867f139efe526efe8aa1b3.
Hopefully fixes#25348.
(cherry picked from commit 088377e0920a3785e7926f2ed382810836480ae6)
This patch fixes the following build failure:
meson.build:3853:8: ERROR: Unknown variable "test_kernel_install_sh".
Fixes#25432.
(cherry picked from commit cc77a56532ddb59770e8312fc1b9954b0b135e72)
If no root= switch is specified on the kernel command line we'll use the
root disk on which the partition the LoaderDevicePartUUID efi var is
located – as long as that partition is an ESP. Let's slightly liberalize
that and also allow it if that partition is an XBOOTLDR partition. This
ensures that UKIs spawned directly from XBOOTLDR work the same as those
from the ESP.
(Note that this makes no difference if sd-boot is in the mix, as in that
case LoaderDevicePartUUID is always set to the ESP, as that's where
sd-boot is located, and sd-boot will set the var first, sd-stub will
only set it later if it#s not set yet.)
(cherry picked from commit e4cb147a2e230a4a0b804c3e70f2692a5e2fd698)
It's only used to avoid BLKDISCARD on individual partitions at the moment.
It can take a lot of time to run on very slow devices, so avoid it for
them too.
(cherry picked from commit 0dce448bbc97c861520c287b01d632b887442925)
When attaching and /etc/systemd/system.attached can't be created or used
(eg: dead symlink) the logs are pretty much useless as even at debug
level there's no indication of what is going wrong.
Add some debug logs, and return a more specific error string over D-Bus.
(cherry picked from commit 80d95fcd6e1947a7887b96b22a32dbca115baac9)
This conditional with !empty_or_root(ctx->path) always returns false
because the most recent oomd_cgroup_context_acquire() call was with the
root cgroup. Make sure this test case can be reached by checking cgroup
instead of ctx->path.
While here, use an unused uid (61183) instead of the nobody uid so the
test case does not fail in unprivileged LXD containers.
(cherry picked from commit f05bcc18941eef5c2f93cfa06660eb06e0dc4c55)
Commit 652a4efb66a ("oomd: loosen the restriction on ManagedOOMPreference")
made the change to allow ManagedOOMPreference on a cgroup candidate when
the monitored cgroup and cgroup candidate are owned by the same user.
The commit assumed that this check was sufficient to continue allowing
ManagedOOMPreference on all cgroups owned by root. However, it caused a
regression for unprivileged LXD containers where e.g. /sys/fs/cgroup is
owned by nobody (uid=65534).
Fix this by explicitly allowing the ManagedOOMPreference if uid == 0 in
oomd_fetch_cgroup_oom_preference().
(cherry picked from commit 89186093485b52ca957d17842fc1f7c87958454a)
Sometimes, RTM_NEWLINK message with carrier is received earlier than
NL80211_CMD_CONNECT. To make SSID= or other WiFi related settings in
[Match] section work, let's try to reconfigure the interface.
Fixes a bug introduced by 96f5f9ef9a1ba5146d3357c1548fb675d3bd5b68.
Fixes#25384.
(cherry picked from commit 8a4ad01a72481a6a7c0309064dd2dbd814818c94)
The second argument to _printf_() specifies where the arguments start. We need to
use 0 in two cases: when the args in a va_list and can't be checked, and with journald
logging functions which accept multiple format strings with multiple argument sets,
which the _printf_ checker does not understand. But strv_extendf() can be checked.
(cherry picked from commit 400102ec91aa3404848a04f49a43d49e1a181708)
ussually if you specify a DNS server on some interface then we'll use
that interface to talk to it. Let's override this for localhost
addresses, as they only really make sense on "lo".
Fixes: #25397
(cherry picked from commit 6e32414a66ff8dbcef233981a7066684d903ee9f)
We only allow a selected subset of syscalls from nspawn containers
and don't list any time64 variants (needed for 32-bit arches when
built using TIME_BITS=64, which is relatively new).
We allow sched_rr_get_interval which cpython's test suite makes
use of, but we don't allow sched_rr_get_interval_time64.
The test failures when run in an arm32 nspawn container on an arm64 host
were as follows:
```
======================================================================
ERROR: test_sched_rr_get_interval (test.test_posix.PosixTester.test_sched_rr_get_interval)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/tmp/portage/dev-lang/python-3.11.0_p1/work/Python-3.11.0/Lib/test/test_posix.py", line 1180, in test_sched_rr_get_interval
interval = posix.sched_rr_get_interval(0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 1] Operation not permitted
```
Then strace showed:
```
sched_rr_get_interval_time64(0, 0xffbbd4a0) = -1 EPERM (Operation not permitted)
```
This appears to be the only time64 syscall that isn't already included one of
the sets listed in nspawn-seccomp.c that has a non-time64 variant. Checked
over each of the time64 syscalls known to systemd and verified that none
of the others had a non-time64-variant whitelisted in nspawn other than
sched_rr_get_interval.
Bug: https://bugs.gentoo.org/880131
(cherry picked from commit b9e7f22c2d80930cad36ae53e66e42a2996dca4a)
