IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#22575, as suggested by poettering in #35514.
Intended as a workaround for some buggy routers, which refuse to send empty
replies. If systemd-resolved starts two DnsTransactions, one for A and one
for AAAA, and the domain in question has no AAAA entry, then the server will
send a reply for A and no reply for AAAA. Correct behavior for the server would
be to send an empty reply for AAAA.
systemd-resolved would previously keep retrying the AAAA transaction, and
eventually timeout the whole query, returning an error to the caller.
Now, if the server replies to one query and not another, we cut short the
timeout and return the partial result. Returning the partial result allows
the rest of the system to keep working. It matches how e.g. glibc libnss_dns
behaves.
(cherry picked from commit 0da73fab56506ff1e4f8e59c167d27961f0fbf33)
(cherry picked from commit 1748265915e09120d75766baaa4516b2779140eb)
(cherry picked from commit e65fd8eb4b559ba621e2bd802894105ac1d575da)
(cherry picked from commit 3761ffa0c925c3183337df95a4c19ba7f96bfde1)
(cherry picked from commit 615ab029f47f77d6506c02597cbaf53ececc6451)
(cherry picked from commit a019470312737bf5f4aa7ff419b216c0f4783fe3)
Noticed while looking at #35641
(cherry picked from commit 0543b02cf8211353c0bb1065e09614f551944a41)
(cherry picked from commit b5dc1922f9bd0a64cf17be8c503baba58bf5ba82)
(cherry picked from commit d70b87ae322d16ee7aa8c15ea567ce5499f79df3)
(cherry picked from commit 549bf6fcb7fad4d98d7776f086b952be6f1007cf)
(cherry picked from commit 7fe7becd7b284425d5da99282647bd35348848ae)
(cherry picked from commit 75ec2e5b2db412ca9a3be806a25243f4a0fe3cc3)
This reverts commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4.
(cherry picked from commit 7406e0a3afafc1e1c994a88a4e988e94177e5550)
(cherry picked from commit 61e321c452309b6686b345ff3be363d37dfb21d6)
(cherry picked from commit 53fd63ac0791195756925ae4b8ac888c3b4ebf1f)
(cherry picked from commit ade1c0e23ecff32e6e743bbf935710536b915763)
(cherry picked from commit c5156e127e7cbcf1564a21648a7a991a9499cb4e)
(cherry picked from commit d7bc76c91d86314227a09024ec316f1ffa30f90a)
When semaphore is overloaded tests can take more than 1hr, bump
timeout
(cherry picked from commit 1855064d4eb95abe6909a93f72bee46658dad36b)
(cherry picked from commit 96b9fe831f888a0e9772a33acc752ebb822357b9)
(cherry picked from commit 54387482b9ddd164853ec7ffa45f67f8a698c69b)
(cherry picked from commit 5ac9650c84e185409b016e4185bbf92f84dcfa9b)
(cherry picked from commit 036b58ad6315cdab7f568e647411e3de9d0998cd)
(cherry picked from commit 8918ecb76b0856eaab28f26467c46fb4339b0794)
Initialize the start of the system-wide idle time with the time logind was
initialized and not with the start of the Unix epoch. This means that systemd
will not repport a unreasonable long idle time (around 54 years at the time of
writing this), especially at in the early boot, while no login manager session,
e.g,. gdm, had a chance to provide a more accurate start of the idle period.
Fixes#35163
(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6)
(cherry picked from commit 9d36809256c6d92c6d8358769479ad2c2b695664)
(cherry picked from commit 77b963c31712ef81786fcc6623fe1b10a46b62e0)
(cherry picked from commit cd6f07effafdcb9e1c903589a8cf398cd46b8acd)
(cherry picked from commit dcb86edde5ef3b70f68abb7ed8bb0be63f28485b)
(cherry picked from commit 331f36c35e728a5798e3170e2687defbdf2e9e22)
(cherry picked from commit 81e0693465402d2e72cb3ba1b28e25e3c4c0206a)
(cherry picked from commit 1fb4673a6977c6a694f786dbc6cf2ff1990794ff)
(cherry picked from commit 8f92f75ae7e87e07b63974533f7ec344291267f2)
(cherry picked from commit 543784efc384e362a7f77ffac78780fc7ba123ee)
(cherry picked from commit 27bb6c8917043b324e5fb183ca24bb5d0a935fea)
(cherry picked from commit 7b878c25441ee554293a24e576d3555f7f40d9fb)
This is handy for debugging.
(cherry picked from commit 91713841491d0d4775566ed59f621f0f9a2413b5)
(cherry picked from commit bcf740e4a3caa32b3a920512833b68fc6d530125)
(cherry picked from commit 0a4a3a8e3f8c2daedabba8ac0d785da55263467b)
(cherry picked from commit cc110c0ce654653765cbdbe7799b9f09d8bf23f7)
(cherry picked from commit 01ba55b882f7ebc3f813043b0ea4fc13b4c3bac0)
(cherry picked from commit 9e788905b817860fbbde13db685ab57ef76660d1)
This is an interesting event. Let's log about it.
(cherry picked from commit 11ee1bab60abde67cd0edc470c93c1afe10d975d)
(cherry picked from commit c189ecc7fe5039d98bbb448ab45ab0fa3842b3a3)
(cherry picked from commit 7054f66e6cd35c3fe68f3a9ba328d20e3813f4eb)
(cherry picked from commit d0684dfb9fcd81a1db9426204b44097724487225)
(cherry picked from commit a88e98a6092dbd3459f39c4917b36c699f058929)
(cherry picked from commit 7bdec4c526a9c607c9032f1547bf4a836c81928f)
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
(cherry picked from commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4)
(cherry picked from commit e768cf55b19caec6c8936050b245f398aba8b884)
(cherry picked from commit 9552927230915c96d4f995b9fca49e4eb78a02ec)
(cherry picked from commit f9033baefbd86be617b75455a37ef7eecda80a38)
(cherry picked from commit bfcb6d025a41e0ddcfa8d36d6115094185167b74)
(cherry picked from commit 0791d45abf99c87c9f0d50408d17f942e3c53dce)
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
(cherry picked from commit ae2f3af63962ba6e2f67cfce07c9fee61722e30e)
(cherry picked from commit 9fad72cc52bdec7f44337b1e48c23ee15fc08d77)
(cherry picked from commit 0102ff403ee230bdd7a0c2b38463d9292fb9c0ae)
(cherry picked from commit b879b06ed1498f88a01191f4e8422976a80db344)
(cherry picked from commit d548785ed8900a20ef898ae12ec6e95463d5aadd)
(cherry picked from commit a0167e9f47f80a67d907e7a51bc9f24da781f849)
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.
Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba019206cacd486b0892fec76f70f525e04d):
case _SD_BUS_VTABLE_PROPERTY: {
[...]
if ([...] ||
[...]
(v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).
This was implemented in the commit
adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
Note however that read access is unrestricted, as PropertiesChanged
messages might send out the values anyway as an unrestricted
broadcast.
(cherry picked from commit 3ca09aa4dd57327989eceb1298754601046ac041)
(cherry picked from commit cd727031a4daafe19f491df360c512433562f469)
(cherry picked from commit f694a84faf082ce4a18cc2478d7843bb2b7e7fc4)
(cherry picked from commit 0aea62ba3364192e70f426aaf1e8596f67fdc2c3)
(cherry picked from commit 413d82c4620b5e2bcc7001f98a9f90bc109c1998)
(cherry picked from commit a85962c6a008658080ab551415ac63fe9fee7552)
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:
$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
Partially fixes#35552
(cherry picked from commit 630a2e7ee195ca96e102acac8df67a278a879124)
(cherry picked from commit 5573ac7d9c52bed8d38480788b02639ede3881fc)
(cherry picked from commit b8c85564906a7808bebc04a95be08c9a0635f2f5)
(cherry picked from commit 9818f55a356d424531ee97085aaae42a4116d180)
(cherry picked from commit dcdd4a60704bd7247dc51201b14cdc9519bc9d54)
(cherry picked from commit c40e1d5e8e066cc320a6f6ad37dd06358664a712)
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:
notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
Explicitly set nsec3-salt-length=8 to silence.
(cherry picked from commit 59e5108fb4e61957cb40bb15ac7966d085d13af2)
(cherry picked from commit 1b945fb1a727f85be9230e43d2fdaf78d2567946)
(cherry picked from commit 12686f3f5aee20dbe7c4f21d6841fa87aca55eae)
(cherry picked from commit 6e5e510da7a94609bc74f5725cfc88ea239dea1a)
(cherry picked from commit cde944db32902a156e2ffaa61db62b1dc6ec8182)
(cherry picked from commit 48f5456cd39444d2df368f3ee6819f0a88f4acc2)
As gcc has trouble figuring this itself with -O2 and -Wmaybe-initialized.
(cherry picked from commit 0a87b834972c154b7f03738d165e5459f87a3352)
(cherry picked from commit 205da628190f098d8ba41696ad25d2bf11f51c40)
(cherry picked from commit e749fa6744840d8f7366419ce707c12b2e7d652c)
(cherry picked from commit d06f35adf75a3e9e52822069cceafd0a4f42b74d)
Fixes https://github.com/systemd/systemd/issues/28514.
Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486:
> Whenever PAM is enabled for a service, we set up the PAM session and then
> fork off a process whose only job is to eventually close the PAM session when
> the service dies. That services we run with service privileges, both to
> minimize attack surface and because we want to use PR_SET_DEATHSIG to be get
> a notification via signal whenever the main process dies. But that only works
> if we have the same credentials as that main process.
>
> Now, if pam_systemd runs inside the PAM stack (which it normally does) it's
> session close hook will ask logind to synchronously end the session via a bus
> call. Currently that call is not accessible to unprivileged clients. And
> that's the part we need to relax: allow users to end their own sessions.
The check is implemented in a way that allows the kill if the sender is in
the target session.
I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to
be a convenient reproducer.
Before:
May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully.
May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied
May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope...
May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope.
May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit.
May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151.
After:
May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope...
May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope.
May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit.
May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153.
Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598.
It seems that with the call to ReleaseSession, we wait for the pam session
close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession
in pam_systemd, and things block on that, nothing is killed prematurely.
(cherry picked from commit fc0bb7ccc763ec79efe7a8a58220e9bc80f34f81)
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=2221337.
(cherry picked from commit 97ad9a336a7f121770e6b74e8411da7278847d4f)
(cherry picked from commit 39f457fe60605e8b138eafdd468d1a4e67bb952c)
(cherry picked from commit 5d9f8b2ba57eb99bff64b077a1e43f0385bdbff3)
This tmpfiles.d wants to write to sysfs, which is read-only in containers,
so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn
if the selinux policy package is instealled. Mask it, as it's not our
config file, we don't need it in the test.
(cherry picked from commit 6fd3496cfd0d28808b5489ee87f826c2130f5f0b)
(cherry picked from commit 2d975f64d40cff41f36792d92dde65a65fb0dd9d)
(cherry picked from commit 37e27eeec811af0a2d8f86b2b241669ef9ed31fa)
(cherry picked from commit 464d495cc2381b12a57748fc771426b5290a37e4)
(cherry picked from commit 4a4e4c6569b0ab31167ddc85210c0b86a394b3bf)
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture. Adding it fixes
the syscall being rejected in arm32 containers.
Fixes#35194
(cherry picked from commit 7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c)
(cherry picked from commit 964ced4100fb5f5b5d41b988512f681a1b0b20f7)
(cherry picked from commit 8bf58cddbfd6e9e1d6ebe1bedc5c821bb5b359b5)
(cherry picked from commit a775463cf1fd84d34542b752e09bacf322daf31e)
(cherry picked from commit 49e993e55ddac9c2fda0553cf0cf8227b98491e5)
We usually want to use "extended booleans" for cases like this, i.e.
that "off", "no" and "0" can be used interchangably for turning
something off.
(cherry picked from commit 62f3e2f84aa3413081fc1c1e1c3074fc9aeedbc9)
(cherry picked from commit 7a307c5939b0787727b144197090a0ae34cbd813)
(cherry picked from commit 4b384a35349624547b07ab4a33d8100306e79b01)
(cherry picked from commit 39f5e423a2251a19c8f37df053d911c6d4f0c973)
(cherry picked from commit 460b17eb91e09d342af3525dae0195dce32b7a79)
When registering we condition this on "arg_register". Let's do the same
when unregistering, otherwise we might end up trying to unregister a
machine we never registered.
(cherry picked from commit 0790f4e45f2f8c094bf929aa1fcaf4c7e9dbb001)
(cherry picked from commit 6f346ef75635b549166d1be04b1dcb620f1b724c)
(cherry picked from commit 85804e690d3531ca7582e7b9f52ca9cb1b9c9b6c)
(cherry picked from commit 342c67d8ab64b433cd1b8ab95258e8e5b4daa661)
(cherry picked from commit 3c585568e727167af9807cca53e843cf5e104fcb)
This page contains many short example codes. I do not think we should
add SPDX-License-Identifier for all codes.
Closes#35356.
(cherry picked from commit 6046cc3660810efcc6fe50b1c850ea642218245b)
(cherry picked from commit 6f2483eed8d790b94945aece37833c3604e3fc11)
(cherry picked from commit cb1077c9aa7779f35b3f5f8b5d226925079eb495)
(cherry picked from commit 238f1f1dc5ecbdee65fd12bbd4a8dc2f850cc826)
(cherry picked from commit 92aeef580c2acf09afae237e008c3f8cdf5cf59b)
Similar to c5ecf0949460dd0bf3211db128a385ce6375252e, but for io event source.
Fixes#35322.
(cherry picked from commit 5b2926d9414f4333153ebe0bf169e1dd76129119)
(cherry picked from commit ce997e944f66da452ed01b86b838508ee132abb7)
(cherry picked from commit 5749fc1b29702dffaf5b548df357891d8486376d)
(cherry picked from commit e6119cabe5a5af5dd08500a4d558575b95ec3fba)
(cherry picked from commit aee584c30f16986346bdd1483a971a7bee1a6720)
It's the PID that is wrong, not the UID/GID, be precise.
(cherry picked from commit 95116bdfd5d45cc1a7c6588e6b8bdcb0d0e007a6)
(cherry picked from commit 95c20d0b627654626924eadaf65bc1825bb38701)
(cherry picked from commit 5b6e91434eb6b253514516044e372f744ac2e364)
(cherry picked from commit b2d59a99c35ffcfcd0c61045ac1bd3b04a76dab4)
(cherry picked from commit 91a643a2a8a175b6c362f4314daf1022996003f0)
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.
(cherry picked from commit 5598454a3f8fc13257e0313d999e6ac9684082e1)
(cherry picked from commit eb841e9b8eb5ec47c46617b288135b2119694ea0)
(cherry picked from commit 59d4a05e3bfcce8cf495e0e39e29f36849273c68)
(cherry picked from commit dc845754adeb410e4c8d6b10de6909a6c19c1ade)
(cherry picked from commit 59b7b0d318c522856afb55478a4552817da74f32)
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
(cherry picked from commit e412fc5e042b8f642bcba42f5c175124583e05ae)
(cherry picked from commit aed4e9045656eb7934e3171a6fe442f7df4c4180)
(cherry picked from commit 421c23f4fae2522f0ed9fc094836303b8faadc83)
(cherry picked from commit de65927ffe3f16bd43fc02e43971e6fa7991a7f1)
(cherry picked from commit 1191cc3d55a76e94bb38e3565591328973fea91f)
(cherry picked from commit a04d42821bb5350b0ffa82834e50e9b679279854)
(cherry picked from commit 03b993a9bfd97d42ebc0b3713e583c806c89e632)
(cherry picked from commit acb760fbe811781dcc262c59ac3c5a540fd10531)
(cherry picked from commit 90fd71a695de523e27bb9d46f23074200d770032)
(cherry picked from commit 2625c00e8c341454228d7b0bb8888409f161ac81)
```
$ systemd-cryptenroll /dev/vda3
SLOT TYPE
0 password
$ systemd-cryptenroll --wipe-slot 1 /dev/vda3
Failed to wipe slot 1, continuing: No such file or directory
```
(cherry picked from commit 2b251491debf9cab695f5f34da9908ca46f085fe)
(cherry picked from commit 4a3d55a032053525ab331e4af6f95ec2dc053ee9)
(cherry picked from commit ade617cf3db3844bcd9cb3beccfc1f978bdf3a94)
(cherry picked from commit b265ca1792412e5033dd0cfeb5e47f5b889f0728)
(cherry picked from commit b2f6a1235417c7067614a88a1db91e4690bd1fe3)
"systemctl status systemd-logind" otherwise looks a bit weird, since the
tasks and the fdstore lines are so close to each other but formatted
quite differently when it comes to coloring.
(cherry picked from commit 54646b1ca95373dfa3ebe5d6e7e27deeed9e77b0)
(cherry picked from commit ff4b66be4a35fd21ef001bbf6492e3e1f837ee1c)
(cherry picked from commit e00cc22e30b61b3e2e6b50bea3c569dd7c48c42d)
(cherry picked from commit e9179d051ad431e868c28b1daea0cacbcf2c21ab)
(cherry picked from commit f7538e8222b1c4530b3466ef684b517999afe756)
(cherry picked from commit bae936b418e08063b68c95f4df53c3cd4f70e881)
(cherry picked from commit bdf3f9b8f274d958befa54c95811910013b39a80)
(cherry picked from commit 809b265172dd391e7fe4c105e5979e07b832a180)
(cherry picked from commit 0368c1484d9a24290c69338f339bbf6fa85cbc7c)
(cherry picked from commit d11c49dd64cd0981229fa7584f07f24ca04299f5)
We use the $WATCHDOG_USEC variable for two very closely uses: as part of
the sd_watchdog_enabled() protocol for implementing service watchdogs.
And as part of the protocol between the service manager and
systemd-shutdown across the PID 1 execve() transition during shutdown.
Apparently some exitrds tools got confused by the latter use. Let's
address that by setting $WATCHDOG_PID to 1, in accordance to the
sd_watchdog_enabled() protocol to make clear this is only intended for
PID 1 and nothing else.
Replaces: #35135
(cherry picked from commit 4b20ae9a0e914e61d6bac095e5fc9664510ac03e)
(cherry picked from commit cf7b3cc18225ef8824f9cac9c88b7ea0b0dce3cd)
(cherry picked from commit cab88476b2b00693463992c051a0464f6bba7c85)
(cherry picked from commit fa467a411fcc5159c40a28ed302695e7321e6b73)
(cherry picked from commit 39fde5faa9622553ae32f2cb416e2922c46ccb81)
In this branch it's testsuite-xy.foo, not TEST-XY-FOO
Follow-up for dffa62c85fb644c649f68b2c8f02b1d8440d2a9d
(cherry picked from commit 14e32845b59b71568f9772bdfd3d053e8cb8d497)
(cherry picked from commit 5b199c6e23da7a3e120d5a3b55b7934e2d15cfe7)
Follow-up for efedb6b0f3cff37950112fd37cb750c16d599bc7.
Closes#35116.
(cherry picked from commit 985ea98e7f90c92fcc0b8441fafb190353d2feb8)
Really rewritten from scratch.
(cherry picked from commit 04ee5e25a1082d4c6c0c52a154d5ad5fc959a853)
(cherry picked from commit 45b39f98c9abfcf305641d697392aacbf5e022d0)
(cherry picked from commit c25b73f93b369861259244e5a8c55cf82d97adb8)
(cherry picked from commit 2ba27c38fe13000d94cad41f24bb0023c0fb35e7)
(cherry picked from commit 2a774f064815573efc33d43dfe3548590e42e9c2)
(cherry picked from commit 56cc8acf45dbff227d1713d509bc3b71386df5d8)
(cherry picked from commit 2e956d084024b7cc984528719e866b3d9f2f59eb)
(cherry picked from commit d3132ec4944279f1c8f4968888710ba821083e56)
(cherry picked from commit fb8b0b6192d414bc81c066a85b3f53e8490ec6ca)
(cherry picked from commit 9eee6b1b3f00d46459eebefb70be50ea6af30ddb)
(cherry picked from commit f3baba94425e6ccaf7a672903148dbb2b9e022f7)
(cherry picked from commit be571ff64808c30c1d5566600c86084768138bc4)
(cherry picked from commit ca169c9e8be3ade4627acdb9460663a755cb9a64)
(cherry picked from commit 6bad63a0d0ba4f69514dc5343edf22e69db94acf)
Outside of x86, some machines (e.g. Apple silicon, AMD Opteron A1100) have
physical memory mapped above 4GiB, meaning this allocation will fail, causing
the entire boot process to fail on these machines.
This commit makes it so that the below-4GB address space allocation requirement
is only set on x86 platforms, and not on other platforms (that don't have the
specific Linux x86 boot protocol), thereby fixing boot on those that have no
memory mapped below 4GiB in their address space.
Tested on an Apple silicon M1 laptop and an AMD x86_64 desktop tower.
Fixes: #35026
Manual backport of 6e207b370e91e681efb08c497a6c8ad78e3c8d83.
(cherry picked from commit a9d9db7f4e4a75f6dbda5c31fbbf325eff9d63b4)
(cherry picked from commit 8923d937684dba17a84dc3693e77adeb4a4f4ec8)
(cherry picked from commit 6f0a01d3c01da0dae1eb744429b77b3d310a24ff)
(cherry picked from commit 9601ac90fe5b314a79b470b392348152d29d4fd6)
The concept of synthetic errnos is about logging, which
is irrelevant irt bus error and we don't do any special
treatment in sd-bus for them, meaning the value propagated
would be spurious.
(cherry picked from commit 2f2058da0b88535cb3a95fc98e7b2f1ae4d35601)
(cherry picked from commit 018c7fb18ae8aff5414d5e74cb41fb98b72c0554)
(cherry picked from commit 39c2b7fd58d4b96fc4f5fe0d5ebbfcc3cf1c3f80)
(cherry picked from commit 06be1bfc838edc803096321e403021c005404283)
(cherry picked from commit bddd7a10ad591461e6a095cb7e41c056a212c6c0)
It seems there is no restriction for local and remote addresses.
Fixes#34930.
(cherry picked from commit 5e48fd0506ed6212c9db2276d5845ab77aa9bce4)
(cherry picked from commit 3093ac05abcaf5a43f75ec1d5702ed226cc3ce31)
(cherry picked from commit 81c84336f47e1bcfa3b63ae4eb3889e249537e64)
(cherry picked from commit 6f19e9fa9cb6350fd69685b44878cc94357f9ad1)
(cherry picked from commit 2e68de29d17f2a9cb0fa6cbe139000a4b6517daa)
`loginctl kill-session --kill-whom=leader <N>` (or the D-Bus equivalent)
doesn't work because logind ends up calling `KillUnit(..., "main", ...)`
on a scope unit and these don't have a `MainPID` property. Here, I just
make it send a signal to the `Leader` directly.
(cherry picked from commit 8254755091847105c33e473c62cdc7621ed275bc)
(cherry picked from commit c89c5d04f33dbc5c6dfb67b8bc58cbd3d924b434)
(cherry picked from commit 80efb1da3f073daec9f84dd83571a7b98451f953)
(cherry picked from commit 94b234df968b9ebfd7fd57f45982f3fee6a61f9d)
(cherry picked from commit bf4d3b243bb877ad0d38847e33722212546cf5d6)
To keep align with the logic used in udev_rules_parse_file(), we also
should skip the empty udev rules file while collecting the stats during
manager reload. Otherwise all udev rules files will be parsed again whenever
reloading udev manager with an empty udev rules file. It's time consuming
and the following uevents will fail with timeout.
(cherry picked from commit 2ae79a31b7c7947e2c16e18eb85ac5607ebc40b6)
(cherry picked from commit 688eb20fdb9c4bcc6d205323f9cec119d6273169)
(cherry picked from commit 484d31a58d7b820fa83a70a9f654b907130eec75)
(cherry picked from commit 8b6ae951d389cf9e2caccd752afdd32dcdca2ed3)
(cherry picked from commit e0b8d7341e9c96b9000453d971e071db7cb276ee)
Processes can easily survive the first kill operation we execute, hence
we shouldn't make strong claims about them having exited already. Let's
just say "likely" hence.
Fixes: #15032
(cherry picked from commit ac804bc2f8d814d2afcdccd88f7469ac320da1c8)
(cherry picked from commit 307a6332a63dd0f6addbc5c77d21f72ce4578070)
(cherry picked from commit b38386ae2bff5cc55a83094a625a026e23a69e0c)
(cherry picked from commit e23cbecd7fbec8a99c7fc466d49c69724fcdee68)
(cherry picked from commit 3ddb7955eb82c786239fbe46b77fbf5c6d258ce2)
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.
Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
(cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890)
(cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1)
(cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa)
(cherry picked from commit 17a3a8e91be80c93347458a1a6508bc19646607d)
(cherry picked from commit 12e76a56375696484d84c601dddc9dad58762174)
log_info appears to be the preferred method to convey information from
tests. Convert all the printfs to log_info to follow this standard.
(cherry picked from commit 38557d9ffbc6351b8980faf90d54619790436d43)
(cherry picked from commit 4ea84288480115f7175a8cfc61d03e3a712396b8)
(cherry picked from commit cfa083d450b2cd21676651d9489fbcf4dfd1b9f1)
(cherry picked from commit 6dda2e10a0b289089c2a65b09821ab9541b70a59)
(cherry picked from commit b9caa340e8c94059eceaf969dd4753bbcac81a01)
Users will generally know what a qrcode is, so let's not treat them as dumb and
explain that it can be scanned. OTOH, we should say what the qrcode contains
and it is useful to give a hint why the users would want to scan it. Reword
messages accordingly.
(Also, don't say "to your phone", when somebody might be using a stolen phone,
or something else then a phone.)
(cherry picked from commit 10faa40ba781cf499258a3b37de02dd643822dc6)
(cherry picked from commit fefd60bf7ad9f361c85395ab38f10482f3007f15)
(cherry picked from commit 4ca8f5e68dc86606890806d7c17ae71d17e1cd9a)
(cherry picked from commit d415c1d8a321d13012081a7f31533db064311b1a)
(cherry picked from commit 617136c95cdd6af5b74c618ed1aca6d16ca7b428)
