IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Follow-up for 33eac552ab22af58b303342b1fa912900fa42820.
Fixes#23825.
(cherry picked from commit 5ad08191d85d6dd058b9d07ccf37ae4b709564e5)
(cherry picked from commit 5478878067e8e06b8150a418f07c6874761c3515)
If Parallels virtualization is detected from DMI, then trust that over CPUID.
Fixes issue caused by 28b1a3eac252d471de4fbb6f317353af30d68878.
Fixes#23856.
(cherry picked from commit 840a49f3dcee9a5243f9a31ede2edaa0a3b89e26)
(cherry picked from commit 0c36233a84c0f6c9b46523390960e60a9adae37c)
Previously, even if there is buffered inotify data, sd_event_prepare()
did not process the data when there is no pending event source.
Fixes#23826.
(cherry picked from commit 067fc917026fd1fe601de0198c5ea7b3ba782d1e)
(cherry picked from commit 632ba5b2f09646152feef0182cc94fe1b05e15ed)
Without the terminating colon we wouldn't match anything, so the loop over
properties was skipped.
(cherry picked from commit 6b0485c29a28aa238cfd8ccf123bf6f4ff3507f2)
(cherry picked from commit 09e0ccf29327be2c27ed3e7b87e072180dd9d18d)
They are various cases where the same module might be repeatedly
loaded in a short time frame, for example if a service depending on a
module keep restarting, or if many instances of such service get
started at the same time. If this happend the modprobe@.service
instance will be marked as failed because it hit the restart limit.
Overall it doesn't seems to make much sense to have a restart limit on
the modprobe service so just disable it.
Fixes: #23742
(cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1)
(cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8)
Fixes build with musl:
| ../git/src/shared/dissect-image.c: In function 'mount_image_privately_interactively':
| ../git/src/shared/dissect-image.c:2986:34: error: 'LOCK_SH' undeclared (first use in this function)
| 2986 | r = loop_device_flock(d, LOCK_SH);
| | ^~~~~~~
(cherry picked from commit 19df770fe14da601d4e54e1592c11c10ffe4df5a)
(cherry picked from commit b7773908142cf158e959302de43dea148a02ebf8)
Commit 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue
length (#12633)") added the display of the number of RX and TX Queues to the
output of `networkctl status $DEV`. However the row description says "Queue
Length".
This patch fixes the output by replacing "Queue Length" by "Number of Queues".
Fixes: 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue length (#12633)")
(cherry picked from commit 25ed7633b1d231acf61246bbdca29faa80d7f00f)
(cherry picked from commit 16b8ae51b0eca798ad595f84de0dd4f392eff0ea)
@known is generated from syscall-list.txt, which generated from kernel
headers. So, some syscalls in @obsolete may not be listed in
syscall-list.txt.
(cherry picked from commit 6d6a08547c03f96dc798cda1ef4a8d3013d292d5)
(cherry picked from commit 996979f5137d3a890acec39f427019721a4add1d)
This reverts dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs
introduced by 1624114d74f55ad9791b7624b08d89d2339a68b3.
Previously,
- On online scan, the syscall filter was a string Hashmap, but it
might contain syscall name with errno or error action. Hence, we need
to drop the errno or error action in the string.
- On offline scan, the syscall filter was a Hashmap of syscall ID, so
hashmap_contains() with syscall name did not work. We need to convert
syscall IDs to syscall names.
- If hashmap_contains() in syscall_names_in_filter() is true, then
the syscall is allowed when the list is an allow-list, and vice versa.
Hence, the condition in syscall_names_in_filter() was errnously
inverted by dd51e725df9aec2847482131ef601e0215b371a0.
This makes syscalls are always stored with its name, instead of ID,
and also correct the condition.
Fixes#23663.
(cherry picked from commit 5862e5561c9bbe87ad201e8d6b2ce2d0f04e7c37)
(cherry picked from commit 20a265b4160c5c0bbfeed2a9e8a1ca0b41f8edc3)
Note, if `n != SIZE_MAX`, we cannot check the existence of the specified
string in the set without duplicating the string. And, set_consume() also
checks the existence of the string. Hence, it is not necessary to call
set_contains() if `n != SIZE_MAX`.
(cherry picked from commit cb649d12bf3283974305c98ecf51e4bf7596a8bf)
(cherry picked from commit a64c080ccf0e854c005798870783f3f02a3d843c)
We send/recv the set of payload uid, host uid, payload gid, host gid.
Hence, the index must be incremented with 4, instead of 2.
Fixes#23664.
(cherry picked from commit 05ab439a62de8bb47e4137d2a8a473a307ccfb33)
(cherry picked from commit 20037219b702dd34b9b34050bf64030d4f93db98)
Fixes: CID#1469712
CID 1469712 (#1 of 1): Unused value (UNUSED_VALUE)
returned_value: Assigning value from sd_id128_from_string(word + 2, &boot_id) to r here,
but that stored value is overwritten before it can be used.
(cherry picked from commit c9f5ac0917409cd9eb3d55b72c2443d9b5374709)
(cherry picked from commit 73a327d2f4cca00bdca61ee4f1103ad120b74368)
The USB ID v0483pDF11 is used by the ROM code in many STMicroelectronics
devices (for firmware download) and not just signal analyzers.
(cherry picked from commit 5d049ff9204b9aad48c62c296def4daa4b53005e)
(cherry picked from commit adcd34515687e7e150d71d2ee45da74208d26f2f)
dns_label_unescape() does not nul-terminate the buffer if it does not
have enough space. Hence, if a lable is enough long, then strjoin()
triggers buffer-overflow.
Fixes#23705.
(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a)
(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321)
We would use a relative path, looking for globs like
'lib/systemd/libsystemd-shared-*.so' under the build directory, and never find
anything.
The test was supposed to find library in the current installation. But we
cannot assume that the right library is installed, so the test only printed the
result for manual inspection. Thus nobody noticed when it broke. I think it
broke in c6134d3e2f1d1d17b32b6e06556cd0c5429bc78a, path-util: get rid of prefix_root().
But that commit doesn't compile because of changes in meson, so this is just
a guess.
Before:
/* test_systemd_installation_has_version */
Current installation has systemd >= 0: no
Current installation has systemd >= 231: no
Current installation has systemd >= 249: no
Current installation has systemd >= 999: no
With the fix:
$ build/test-nspawn-util
/* test_systemd_installation_has_version */
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK).
Current installation has systemd >= 0: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK).
Current installation has systemd >= 231: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (OK).
Current installation has systemd >= 251: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old).
Current installation has systemd >= 999: no
$ build/test-nspawn-util /var/lib/machines/rawhide
/* test_systemd_installation_has_version */
/* test_systemd_installation_has_version */
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 0: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 231: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 251: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old).
Found libsystemd shared at "/var/lib/machines/rawhide/usr/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old).
/var/lib/machines/rawhide has systemd >= 999: no
While at it, NULSTR_FOREACH → FOREACH_STRING.
(cherry picked from commit 0643001c2838d244a8698ea782414115034804bc)
See a2b0cd3f5ab3f450e74e2085ad20372a05451c74. When -Dshared-lib-tag is used,
libsystemd-shared.so and libsystemd-core.so get a suffix which breaks the
parsing done by systemd_installation_has_version(). We can assume that the
tag will be something like "251-rc1-1.fc37" that is currently used in Fedora.
(Anything that does *not* start with the version would be completely crazy.)
By switching to strverscmp_improved() we simplify the code and fix comparisons
with such versions.
$ build/test-nspawn-util /var/lib/machines/rawhide
...
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251-rc1-1.fc37 (OK).
/var/lib/machines/rawhide has systemd >= 251: yes
...
I noticed this when I started a systemd-nspawn container with Redora rawhide
and got the message "Not running with unified cgroup hierarchy, LSM BPF is not
supported". I thought the message is in error, but it was actually correct:
nspawn was misdetecting that the container does not sport new-enough systemd
to support cgroups-v2.
(cherry picked from commit 7e6821ed4e09d68c45858ba463a013eb7593c2c6)
This function implements a heuristic that is only used by nspawn. It doesn't
belong in basic. I opted for a new file "nspawn-utils.c", because it seems
likely that we'll need some other new utilities like that in the future.
No functional change.
(cherry picked from commit c9394f4f93b9a6baa54f9d1c953035f26dcee253)
The commit 1cf4ed142d6c1e2b9dc6a0bc74b6a83ae30b0f8e makes the IPv4 ACD
enabled unconditionally for IPv4 link-local addresses even if users
explicitly disable ACD.
This makes the IPv4 ACD is enabled by default, but honor user setting.
Fixes#22763.
(cherry picked from commit 2859932bd64d61a89f85fa027762bc16961fcf53)
1449b0f8a96b27 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.
Fixes https://github.com/systemd/systemd/issues/23224
(cherry picked from commit e22f2cfa5e79135d9abf53152a292357fe807dc9)
People (and build systems) sometimes set flags through -Dc_args=… or $CFLAGS.
Let's catch this common case too. meson will set c_args from $CFLAGS, so we
only need to check the former.
(cherry picked from commit b528a62863961658165091985b565cf7be48ea98)
This reverts commit a068aceafbffcba85398cce636c25d659265087a.
https://github.com/systemd/systemd/pull/23236 fixes a regression introduced
by this patch. But there was a bunch of follow-ups, and unrelated fixups…
So let's just revert this instead.
This fixes a minor bug introduced by 10af8bb24b39a815079f6bf31b449c6e5aaa2adf.
Before the commit, the interface group was set only when Group= is explicitly
specified, otherwise the interface group was kept. However, after the commit,
we need to specify Group= with an empty string to keep the current interface
group.
(cherry picked from commit cee683394328ae271348fad93c3474b5784bcc78)
../src/journal-remote/microhttpd-util.c: In function ‘check_permissions’:
../src/journal-remote/microhttpd-util.c:301:5: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn]
301 | int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Fixes#23630.
(cherry picked from commit b547241728487c0dca22780241b04964f2eb37af)
(cherry picked from commit ad74be8f3746dcca066860cbb23befada4af84c6)
Sometimes we want to suppress strerror() message because the are providing
something better. But in those cases, it seems it was just forgotten.
(cherry picked from commit 2e09b2235a27df3ada3542a2402b6e1727fc2c6c)
(cherry picked from commit b9f0194aabcce280121fb2f657e38e12f1f0a5b9)
$ build/test-socket-bind
...
libbpf: load bpf program failed: Operation not permitted
libbpf: failed to load program 'sd_bind4'
libbpf: failed to load object 'socket_bind_bpf'
libbpf: failed to load BPF skeleton 'socket_bind_bpf': -1
Failed to load BPF object: Operation not permitted
Now all lines with "libbpf:" are at debug level and will be hidden by
default.
Partially fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955#c14
(i.e. the error that was exposed when the initial error was fixed.)
(cherry picked from commit 44005a5778ca66848bf7e8dfe4c51ae62919bd69)
(cherry picked from commit eceaa72f8786f378a63df442d1466b46afd3cb7b)
DnsPacket.ifindex=1 (loopback) is normalized to 0 whenever a message is
received on the loopback iface, so for both listeners, 127.0.0.53 and
127.0.0.54, the ifindex will be set to 0 by manager_recv() for queries
that have a local origin.
Replies to such local messages need to set a proper ifindex in any
case, as the supplied source-address would otherwise be ignored in
manager_ipv4_send() (CMSG generation is skipped due to ifindex > 0 check).
Note that this change only forces `ifindex` to loopback if it was actually
normalized to `0` before (due to a loopback detection) in order to keep the
nat-to-127.0.0.54-from-another-interface usecase that was described in
a8d09063447568d87288a8e868fe386c1da7ce09 intact.
Also note that nat is not supported for the main stub 127.0.0.53 which is
why forcing LOOPBACK_IFINDEX was/is fine for that case.
Fixes#23495
(cherry picked from commit dfa14e2859418593b2f9bfae8936d780148c4e6a)
(cherry picked from commit 7ee5cde34348fb5f75577d2fdfa000f33ea7876c)
After sending a SIGKILL to a process, the process might disappear from
`cgroup.threads` but still show up in `cgroup.procs` and still remains in the
cgroup and cause migrating new processes to `Delegate=yes` cgroups to fail with
`-EBUSY`. This is especially likely for heavyweight processes that consume more
kernel CPU time to clean up.
Fix this by only returning 0 when both `cgroup.threads` and
`cgroup.procs` are empty.
(cherry picked from commit 37f0289bf5f2283c187032f83c33ea955b75f119)
(cherry picked from commit 1961d84ab55c18cfd908a3a80d60455aea96f369)
Include this header to fix errors when including hwdb-internal.h:
../src/libsystemd/sd-hwdb/hwdb-internal.h:16:21: error: field ‘st’ has incomplete type
16 | struct stat st;
(cherry picked from commit 9745b51c73c78a63003b4cb6e0714829144d297c)
(cherry picked from commit f00716615d54711f0fd584568f04615e4a206c05)
Fixes#22966. Since there are competing conventions, let's not
change our code, but make the docs match what is implemented.
(cherry picked from commit b72308d34440530df3bb8b6b3d272dfc303d1d37)
(cherry picked from commit cfd6a14c7d21fc4e4b0d8a5b684127b69231fa96)
