IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.
https://bugzilla.redhat.com/show_bug.cgi?id=2152685
I went over the rest of the codebase, and it seems that other calls to
json_parse() don't have this problem.
(cherry picked from commit c5966ab5bf)
(cherry picked from commit 57ab4e2d47)
Let's enforce that callers pass AT_FDCWD as read_dfd to load_credential()
to avoid an assert() in read_full_file_full() if read_dfd is -1.
(cherry picked from commit 661e4251a5)
(cherry picked from commit d78dc885b0)
We would execute up to four hwdb match patterns (+ the keyboard builtin):
After the first hit, we would skip the other patterns, because of the GOTO="evdev_end"
action.
57bb707d48 (rules: Add extended evdev/input match
rules for event nodes with the same name), added an additional match with
":phys:<phys>:ev:<ev>" inserted. This breaks backwards compatibility for user
hwdb patterns, because we quit after the first match.
In general hwdb properties are "additive". We often have a general rule that
matches a wider class and then some specific overrides. E.g. in this particular
case, we have a match for all trackpoints, and then a bunch of model-specific
settings.
So let's change the rules to try all the match patterns and combine the
received properties. We execute builtin-keyboard once at the end, if there was
at least one match.
Fixes#25698. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2152226.
This also impacts other cases which I think would be very confusing for users.
Since we quit after a first successful match, if we had e.g. a match for
'evdev:input:b*v*p*' in out database, and the user added a match using
'evdev:name:*', which is the approach we document in the .hwdb files and which
users quite often use, it would be silently ignored. What's worse, if we added
our 'evdev:input:b*v*p*' match at a later point, user's match would stop
working. If we combine all the properties, we get more stable behaviour.
(cherry picked from commit 953c928c24)
(cherry picked from commit 4cfdb1c73b)
Otherwise, if a device is removed while switching root, then the
corresponding .device unit will never go to inactive state.
This replaces the code dropped by cf1ac0cfe4.
Fixes#25106.
(cherry picked from commit b6c86ae281)
(cherry picked from commit e3d9376692)
Upstream comment says this is for cf1… which is post-v251, but the buggy commit
was backported to v251-stable.
If an attribute is read but the value is not used (i.e. ret_value is NULL),
then sd_device_get_sysattr_value() mistakenly frees the read data even though
it is cached internally.
Fixes a bug introduced by acfc2a1d15.
Fixes#25702.
(cherry picked from commit eb18e7b782)
(cherry picked from commit aeb3653744)
This effectively reverts 5d0030310c.
With the commit 5d0030310c, networkd manages
addresses with the detailed hash and compare functions. But that causes
networkd cannot detect address update by the kernel or an external tool.
See issue
https://github.com/systemd/systemd/issues/481#issuecomment-1328132401.
With this commit, networkd (again) manages addresses in the way that the
kernel does. Hence, we can correctly detect address update.
(cherry picked from commit 42f8b6a808)
(cherry picked from commit 13de548fca)
Btrfs quotas are actually being enabled in systemd-importd via
setup_machine_directory(), not in systemd-{import,pull} where those
environment variables are checked. Therefore, also check them in
systemd-importd and avoid enabling quotas if requested by the user.
Fixes: #18421Fixes: #15903Fixes: #24387
(cherry picked from commit c7779a61ac)
(cherry picked from commit fcc174cbdd)
Non-negative return values of setup_machine_directory() were never used
and never had clear meaning, so do not distinguish between various
non-error conditions and just return 0 in all cases.
(cherry picked from commit e9231901a2)
(cherry picked from commit 6cb0724a06)
- add missing assertions,
- use size_t for buffser size or memory index,
- handle empty input more gracefully,
- return the length or the result string,
- fix off-by-one issue when the prefix is already long enough.
(cherry picked from commit c21b316964)
(cherry picked from commit acb0414a1f)
Inspired by #25664: let's check explicitly for NULL everywhere we do one
of those getXYZcon() calls.
We usually turn this into EOPNOTSUPP, as when selinux is off (which is
supposed to be the only case this can happen according to selinux docs)
we otherwise return EOPNOTSUPP in that case.
Note that in most cases we have an explicit mac_selinux_use() call
beforehand, hence this should mostly not be triggerable codepaths.
(cherry picked from commit af614e45c3)
(cherry picked from commit 6c869ad3bd)
Otherwise, the dry run isn't much use since it would be logged at debug
and not seen.
(cherry picked from commit 3b703840d9)
(cherry picked from commit 0fdeb7c640)
getpidcon() might set con to NULL, even when it returned a 0 return
code[0]. The subsequent strlen(con) will then cause a segfault.
Alternatively the behaviour could also be changed in getpidcon. I
don't know whether the libselinux folks are comitted to the current
behaviour, but the getpidcon man page doesn't really make it obvious
this case could happen.
[0] fb7f35495f/libselinux/src/procattr.c (L155-L158)
(cherry picked from commit ff868eaade)
(cherry picked from commit 4119d25e62)
Issue:
When device is in bond mode and booting up, there is a probability of
set bond MAC address failed due to `Device or resource busy` error.
In systemd-networkd, set MAC address steps are:
1. Try to set MAC address to device.
2. If failed with `Device or resource busy`, then `Down` the device.
3. Try to set MAC address to device again.
Currently, Even down the bond device, the bond device is still return
`Device or resource busy` error. So the MAC address set failed.
The root cause is that this not enough to down the bond device. We need
to down all the slaves of the bond device.
About this descprition, we could use those commands to check:
```shell
We have two network devices: eth0, bond1, eth0 is slave of bond1.
They are all up.
1. Down bond1, and set MAC address to bond1.
~# ip link set bond1 down
~# ip link set bond1 address 00:11:22:33:44:55
ip: SIOCSIFHWADDR: Device or resource busy
2. Down eth0, and set MAC address to bond1.
~# ip link set eth0 down
~# ip link set bond1 address 00:11:22:33:44:55
Set okay.
```
Fix:
When setting the mac for the second time, if the device kind is bond,
then we need to down the slave devices of bond device.
Tested: Verified in a long time test( reboot cycles ).
Fixes: #25627
Signed-off-by: Jian Zhang <zhangjian.3032@bytedance.com>
(cherry picked from commit f1a69d5acc)
(cherry picked from commit 6405eba4b6)
When an interface goes to down, the kernel drops several routes
automatically, and at the same time networkd requests to remove
them, but the kernel sometimes does not respond the requests. Hence,
the routes cannot drop the REMOVING flag, and networkd will never try
to configure other routes which depend on the previously removed
routes even if they are already reconfigured.
With this patch, when networkd sends a request to configure a route
(or any other network settings), REMOVING flag for the route is dropped
without waiting for the reply about the previous remove request, as we
can expect it will appear even if it is already removed or under removing.
Fixes#24999.
(cherry picked from commit f4ee7b98c4)
(cherry picked from commit 8999727a82)
The journal has a mechanism to log to the runtime journal if it fails to
log to the system journal. This mechanism is not triggered when the file
system becomes read-only. We enable it here.
When appending an entry fails if shall_try_append_again returns true,
the journal is rotated. If the FS is read-only, rotation will fail and
s->system_journal will be set to NULL. After that, when find_journal
will try to open the journal since s->system_journal will be NULL, it
will open the runtime journal.
(cherry picked from commit 379864f890)
(cherry picked from commit 278a97708b)
If the RDATA is of zero length, the text representation contains only
the \# token and the single zero representing the length.
(cherry picked from commit 84f788d669)
(cherry picked from commit 44984e15bb)
When booting with debug logs, we print:
Setting '/proc/sys/fs/file-max' to '9223372036854775807
'
Setting '/proc/sys/fs/nr_open' to '2147483640
'
Couldn't write fs.nr_open as 2147483640, halving it.
Setting '/proc/sys/fs/nr_open' to '1073741816
'
Successfully bumped fs.nr_open to 1073741816
The strange formatting is because we explicitly appended a newline in those two
places. It seems that the kernel doesn't care. In fact, we have a few dozen other
writes to sysctl where we don't append a newline. So let's just drop those here
too, to make the code a bit simpler and avoid strange output in the logs.
(cherry picked from commit b47e0fac03)
(cherry picked from commit d59009dc1d)
reset_terminal_fd sets certain minimum required terminal attributes
that systemd relies on.
One of those attributes is `ONLCR` which ensures that when a new line
is sent to the terminal, that the cursor not only moves to the next
line, but also moves to the very beginning of that line.
In order for `ONLCR` to work, the terminal needs to perform output
post-processing. That requires an additional attribute, `OPOST`,
which reset_terminal_fd currently fails to ensure is set.
In most cases `OPOST` (and `ONLCR` actually) are both set anyway, so
it's not an issue, but it could be a problem if, e.g., the terminal was
put in raw mode by a program and the program unexpectedly died before
restoring settings.
This commit ensures when `ONLCR` is set `OPOST` is set too, which is
the only thing that really makes sense to do.
(cherry picked from commit 9fe26523a1)
(cherry picked from commit 787b2c32f3)
Follow-up for da15f8406e which did the
change for systemd-networkd-wait-online.service, let's also do this for
systemd-networkd-wait-online@.service
(cherry picked from commit 51f3dc2234)
(cherry picked from commit c7bf13b2d9)
--recursive=no will overwrite possible -P or -k option hence making the
recursive disabling impossible.
Check what counting types the system supports (encoded in the ordering
of our enum) of and pick whatever user requests but is also supported.
Fixes: #25248
(cherry picked from commit 48600b3524)
(cherry picked from commit b97c1c427c)
Filenames to store user linger requests are created with C-escaping.
When we enumerate the files to acquire ligering users, we use the
filenames verbatim. In the case C-escaping is not an identity map (such
as "DOMAIN\User"), we won't be able to start user instances of
such mangled users.
Unescape filenames when we treat them as usernames again.
Fixes: #25448
(cherry picked from commit f38e89c23c)
(cherry picked from commit 6cbf72a8d9)
We don't want systemd-networkd-wait-online to start if systemd-networkd
is skipped due to condition failures. This is only guaranteed by BindsTo=
and not Requires=, so let's use BindsTo=
(cherry picked from commit da15f8406e)
(cherry picked from commit 01a39e96b5)
Pass getuid() instead of literal `0` as auid, since user session
managers also issue audit messages on SELinux denials.
(cherry picked from commit c826b7ef32)
(cherry picked from commit 475c130003)
strv_make_nulstr() is documented to always return a valid nulstr,
but if the input is `NULL` we return a string terminated with only
a single NUL terminator, so let's fix that and always terminate the
resulting string with two NUL bytes.
(cherry picked from commit 5ea173a91b)
(cherry picked from commit 0916514b8c)
It's only used to avoid BLKDISCARD on individual partitions at the moment.
It can take a lot of time to run on very slow devices, so avoid it for
them too.
(cherry picked from commit 0dce448bbc)
(cherry picked from commit d5e3625a61)
When attaching and /etc/systemd/system.attached can't be created or used
(eg: dead symlink) the logs are pretty much useless as even at debug
level there's no indication of what is going wrong.
Add some debug logs, and return a more specific error string over D-Bus.
(cherry picked from commit 80d95fcd6e)
(cherry picked from commit 79f161ac65)
Sometimes, RTM_NEWLINK message with carrier is received earlier than
NL80211_CMD_CONNECT. To make SSID= or other WiFi related settings in
[Match] section work, let's try to reconfigure the interface.
Fixes a bug introduced by 96f5f9ef9a.
Fixes#25384.
(cherry picked from commit 8a4ad01a72)
(cherry picked from commit da01d83ab4)
ussually if you specify a DNS server on some interface then we'll use
that interface to talk to it. Let's override this for localhost
addresses, as they only really make sense on "lo".
Fixes: #25397
(cherry picked from commit 6e32414a66)
(cherry picked from commit d337ac02d6)
We only allow a selected subset of syscalls from nspawn containers
and don't list any time64 variants (needed for 32-bit arches when
built using TIME_BITS=64, which is relatively new).
We allow sched_rr_get_interval which cpython's test suite makes
use of, but we don't allow sched_rr_get_interval_time64.
The test failures when run in an arm32 nspawn container on an arm64 host
were as follows:
```
======================================================================
ERROR: test_sched_rr_get_interval (test.test_posix.PosixTester.test_sched_rr_get_interval)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/tmp/portage/dev-lang/python-3.11.0_p1/work/Python-3.11.0/Lib/test/test_posix.py", line 1180, in test_sched_rr_get_interval
interval = posix.sched_rr_get_interval(0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 1] Operation not permitted
```
Then strace showed:
```
sched_rr_get_interval_time64(0, 0xffbbd4a0) = -1 EPERM (Operation not permitted)
```
This appears to be the only time64 syscall that isn't already included one of
the sets listed in nspawn-seccomp.c that has a non-time64 variant. Checked
over each of the time64 syscalls known to systemd and verified that none
of the others had a non-time64-variant whitelisted in nspawn other than
sched_rr_get_interval.
Bug: https://bugs.gentoo.org/880131
(cherry picked from commit b9e7f22c2d)
(cherry picked from commit 2b52748d45)
