IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
(cherry picked from commit 0f849d0af983922e1571b958c9ca42f51e799190)
(cherry picked from commit e42f9add21da833ce2d26d4763c022aceec20853)
(cherry picked from commit f1d740fdb177b912c8a600cd786258f992313f08)
(cherry picked from commit 13cb5986312bf877dd301087f72c13e4b4a620f9)
(cherry picked from commit dd050420390c6557354b0e3aaecd52abc4bf906c)
(cherry picked from commit 4804ce148812b0f682e2c0fe16b4677ba0fc556d)
(cherry picked from commit 4db76e17a469c8f15ac818263c145c1b66356e79)
(cherry picked from commit 6ab20e9f3b047dc24e2c2c35e8df2159eb4691ba)
We need to include `<sys/stat.h>` for usage of the `struct stat` in
the Manager struct, much as we already include `<stdbool.h>` for C99
booleans.
This helps alleviate another minor build failure on non-glibc systems.
(cherry picked from commit 97207ac85cb8f8cba9459694255ff0396f020279)
(cherry picked from commit 2fb612371dfec40a90be975f9110341cac42300d)
(cherry picked from commit e88aec2c30d1fafcca457489bf2ecb7075431992)
(cherry picked from commit 9ef259dd4d8bd38634628a503226835ff6c50e6e)
Yet another new capability coming in Linux kernel v5.9.
Make sure we can recongize them even when built with older kernel headers.
(cherry picked from commit 94d21c2ef6cd6bb035d4c21c98ab001c0abd4cbe)
(cherry picked from commit 23529212447e6a836440e0729c3562d8e0d4c891)
(cherry picked from commit 31d80185883792a9dad1519ee147a3c9e02f960c)
(cherry picked from commit 34b4dc64c6358c4dd5989778db86c4d90dadb4c9)
Previously:
1. last_error wouldn't be updated with errors from is_dir;
2. We'd always issue a stat(), even for binaries without execute;
3. We used stat() instead of access(), which is cheaper.
This change avoids all of those, by only checking inside X_OK-positive
case whether access() works on the path with an extra slash appended.
Thanks to Lennart for the suggestion.
(cherry picked from commit 33e1a5d8d3f792e1d98377fe439e123231032ec7)
(cherry picked from commit a4236a27644705e58836f5d547d5aef50d568c11)
(cherry picked from commit 6a30d4e98032575d385a09d15782be74cbef6dfe)
(cherry picked from commit 0783b4f8cecda4f21e9021495377e2c807a32a5e)
Imagine $PATH /a:/b. There is an echo command at /b/echo. Under this
configuration, this works fine:
% systemd-run --user --scope echo .
Running scope as unit: run-rfe98e0574b424d63a641644af511ff30.scope
.
However, if I do `mkdir /a/echo`, this happens:
% systemd-run --user --scope echo .
Running scope as unit: run-rcbe9369537ed47f282ee12ce9f692046.scope
Failed to execute: Permission denied
We check whether the resulting file is executable for the performing
user, but of course, most directories are anyway, since that's needed to
list within it. As such, another is_dir() check is needed prior to
considering the search result final.
Another approach might be to check S_ISREG, but there may be more gnarly
edge cases there than just eliminating this obviously pathological
example, so let's just do this for now.
(cherry picked from commit 8b5cb69bc8b70d1dcc39ed2165907723099bd9d8)
(cherry picked from commit b7cef386bd1bc810f5bb12d84c2ec4d6428231e3)
(cherry picked from commit 0752452dc504be958c38af7d49ef5b729b28de5c)
(cherry picked from commit d0735d81d406d51d320b190e522979200f5b3a8e)
(cherry picked from commit dd47b25220f69f869679089da5cc848cf9cd0c78)
(cherry picked from commit 122945f315c8ccb1ecaf8384aff85931791d45d3)
(cherry picked from commit 7d250c485fe5c0974b226767b3744e0c543ae005)
(cherry picked from commit 436872f995d712736ca917aa903921448831bbe2)
(cherry picked from commit 45b156c1559da468f1c12aa5170858574c9b5831)
(cherry picked from commit 42fab2d454a33f11d545db1d5e90d73deaf4dd9e)
(cherry picked from commit 2d0e391967ac53e1b011c63304c7ade98a3797c7)
(cherry picked from commit 342dc4c15f30d0c9ef4558e5245bccfe2077376b)
(cherry picked from commit b6ce3d2c0152a17210bb7fd31bb92a289f181a57)
(cherry picked from commit ed3f97f9625f6349045a4b80581bbf76cc4fcdbd)
(cherry picked from commit 77dddecfd0ca9200d8d241d3baf8a00cb640bd75)
(cherry picked from commit fec0bb6df444c8dd9067ec93e1398476a5fef858)
It is possible that we will be running with an upgraded libseccomp, in which
case libseccomp might know the syscall name, even if the number is not known at
the time when systemd is being compiled. The guard only serves to break such
upgrades, by requiring that we also recompile systemd.
For s390-specific syscalls, use a define to exclude them, so that that we don't
try to filter them on other arches.
(cherry picked from commit 6da432fd542af5553742b905a0f87a825a28a399)
(cherry picked from commit 6a2d73638d8c710676107aedd7ad02abcb47975d)
(cherry picked from commit b92dbd67decb443cfc35b357fb6e627e4148aadf)
(cherry picked from commit 11a97bc230f62e8c94559ccf656d3e0236429561)
(cherry picked from commit 556a7bbed607ec8cbbf4affc5d862ef92403418e)
(cherry picked from commit 76331f86f630bd884f2e16a36d66c55b2b22c8e1)
(cherry picked from commit 6cf2ec5da11488c31415f94180ad799a0187ce6c)
(cherry picked from commit da0cc77b520cc8b1f96ad8f5124d7a70c4001e74)
(cherry picked from commit f3317336450e1145b97ae9e38bd626f3d4c88eb8)
(cherry picked from commit 946e4c43bb4ac189259b3cbc035400ca90a8148f)
(cherry picked from commit 31c85925a9c1de385be0a0bab3574bf3e2aa3987)
(cherry picked from commit 5c35bcf3291839f6223e5d3e123765164fce61bd)
The commit 1070d271fa8fa553d57dd5f74dd1e3f60732d0b9 which was supposed
too fix this does not seem to take effect any more. We get again 34%
compilation success rate while scanning systemd itself. Moreover, the
installed header file breaks compilation of programs that include it:
"/usr/include/systemd/_sd-common.h", line 23: error #35: #error directive: "Do
not include _sd-common.h directly; it is a private header."
# error "Do not include _sd-common.h directly; it is a private header."
^
(cherry picked from commit 4191b3282afbca9f1ef333f91bb6566c374da1fe)
(cherry picked from commit 5aec8fe54e47dbffc9ed705e4211f935bdca1550)
(cherry picked from commit 42f329455667e48131c2a8d3d63f5ce2211d9a92)
(cherry picked from commit d091e19bbdceafa915e63f71e13bb1e1955a62f5)
strv_env_get only returns the environment variable value. putenv expects
KEY=VALUE format strings. Use setenv instead to fix the use.
(cherry picked from commit 6f646e01755df587bb33dae4ca78cdaad5721f5e)
(cherry picked from commit b81504a3c76bfb3afd339cb74988892f9dccedd1)
(cherry picked from commit 492a8b34178cf851ded4f23815d1182025bbbf8a)
(cherry picked from commit d56055f47f5ba86e0f56126e364b1939d035001f)
Fixed below systemd codesonar warning.
isprint() is invoked here with an argument of signed
type char, but only has defined behavior for int arguments that are
either representable as unsigned char or equal to the value
of macro EOF(-1).
As per codesonar report, in a number of libc implementations, isprint()
function implemented using lookup tables (arrays): passing in a
negative value can result in a read underrun.
(cherry picked from commit e7e954243a17cceb5278aac6249ee0dcc119b1eb)
(cherry picked from commit 1b9c95bfbf7e5fc32e033851bf06f0a9f7f9f08b)
(cherry picked from commit 674a2beff0ac7b1cb0358401d6f64d726bca4e4f)
Builds with recent glibc would fail with:
../src/network/netdev/fou-tunnel.c: In function ‘config_parse_ip_protocol’:
../src/basic/macro.h:380:9: error: static assertion failed: "IPPROTO_MAX-1 <= UINT8_MAX"
380 | static_assert(expr, #expr)
| ^~~~~~~~~~~~~
../src/network/netdev/fou-tunnel.c:161:9: note: in expansion of macro ‘assert_cc’
161 | assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
| ^~~~~~~~~
This is because f9ac84f92f151e07586c55e14ed628d493a5929d (present in
glibc-2.31.9000-9.fc33.x86_64) added IPPROTO_MPTCP=262, following
v5.5-rc5-1002-gfaf391c382 in the kernel.
(cherry picked from commit 3d58d7328a6ecbc61d3494803d705edd8a108d72)
(cherry picked from commit c5e346905952fef0f163d91522dd43333f1f219d)
(cherry picked from commit cc8aeb9916ee5ea026bec4cec8543ecfd73ed458)
systemd-boot selects the last valid entry by default, not the first.
Fixes: #15256
(cherry picked from commit e6190e2882e1d6772a9e586fcc65c91d406e52fb)
(cherry picked from commit c5883bc08877d8bad10110434037a3c21950a71a)
(cherry picked from commit f047b0706c01f99c1b781f44b7b4d95ecdb8abe2)
We would parse numbers with base prefixes as user identifiers. For example,
"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
interpreted as UID==1000. This parsing was used also in cases where either a
user/group name or number may be specified. This means that names like
0x2b3bfa0 would be ambiguous: they are a valid user name according to our
documented relaxed rules, but they would also be parsed as numeric uids.
This behaviour is definitely not expected by users, since tools generally only
accept decimal numbers (e.g. id, getent passwd), while other tools only accept
user names and thus will interpret such strings as user names without even
attempting to convert them to numbers (su, ssh). So let's follow suit and only
accept numbers in decimal notation. Effectively this means that we will reject
such strings as a username/uid/groupname/gid where strict mode is used, and try
to look up a user/group with such a name in relaxed mode.
Since the function changed is fairly low-level and fairly widely used, this
affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
etc.
Fixes#15985.
(cherry picked from commit 156a5fd297b61bce31630d7a52c15614bf784843)
(cherry picked from commit 9498903de6c1f7b0c3e5f1654d0ee451a304c59d)
(cherry picked from commit 1d1f5006cbe239b29092602f59baa062f4ef95c6)
We need this for a follow up security fix.
(cherry picked from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e)
(cherry picked from commit 64126925181809e7c0b8916471186c0bfa19d6ce)
(cherry picked from commit b07d782047fecfa29d9d94cc826ed70eb2a3ab13)
The return type of callbacks was changed from int to an enum.
(cherry picked from commit d17eabb1052e7c8c432331a7a782845e36164f01)
(cherry picked from commit a91ed646aa698ff530770c836c174fb7b3a5e799)
(cherry picked from commit 7bc54463ced882ac31fd42b2e34a9e764330a31a)
Don't pass values from argv[] directly to child process forked using
safe_fork, because it clears argv[]. strdup them first.
(cherry picked from commit c315b79fb43a4d921a533ba0c2cb303324887993)
(cherry picked from commit ec9fd71358d617d5f178d42b82cf20f89973f687)
(cherry picked from commit 137d4487511b3221d3c9165326bf55f297dcd5a6)
(cherry picked from commit 98a349465291801537b644ff1478ac2daeeeba21)
(cherry picked from commit cd7d8bb96291a33c510cb8f9e7c7494af3d1b0b5)
We used to log the following error:
"Start job for unit user-1000.slice failed with 'canceled'"
which can be really misleading if the actual job failed at *stopping* a unit.
Indeed "Start" was hard coded but it was wrong since we can also fail with stop
jobs which are enqueued when a session is stopped.
(cherry picked from commit b39648ed47065202b343d1d4bde3232d81fdfecc)
(cherry picked from commit 8f0feac20f7d4c29a42839343308fcd602ec5b63)
(cherry picked from commit 6aae7f596afd62a72b18c92f464abc8bebbc8cba)
This documents the syntax
enable template@.service foo bar baz
that was introduced in #9901 to preset templated units.
(cherry picked from commit 1f667d8a7cff4355cd23ebebeb4d7179e3498eb8)
(cherry picked from commit d1d3f2aa1561a9a75ce58026ef0a6bd4c5b464ac)
(cherry picked from commit f4d5928122fe632b441145750a03d95fd8dd2cc6)
(cherry picked from commit 0b1b0a01ab22c088046634c46c496022e7e60673)
(cherry picked from commit 3c69813c69af90e75acf9a80047ecf5b075c138d)
(cherry picked from commit 148f7b147aaba46491cec23ec44e4e998a84900f)
This regression was introduced in #14913.
The current_file variable can be NULL, as, for example, with the
following commands:
* journalctl --list-boots
* journalctl -b -1 --no-pager
Since current_file is only checked for pointer equality with f, removing
the assertion is safe here.
(cherry picked from commit 8d0726fcd7b72f2a6f75dd731cbf7c8d4df107ef)
(cherry picked from commit e8df08cfdb20e31066559c53420d7fd56b31ec01)
(cherry picked from commit a713f52ddb09e8ef606c12e559d787355c67aa7e)
When having a service which intentionally outputs multiple equal lines,
all these messages might be inserted with the same timestamp.
journalctl has a mechanism to avoid duplicate lines, which might be in
different journal files.
This patch allows duplicate lines, if they are from the same file.
(cherry picked from commit b6849042d610da90d5821a03967d648d424f7864)
(cherry picked from commit 2867dfbf70a5d761f662fe4b7c81a67e19df008b)
(cherry picked from commit d25598854dd7f517db160b5e377d379e34e72f28)
Add SECLABEL{selinux}="some value" cause udevadm crash
systemd-udevd[x]: Worker [x] terminated by signal 11 (SEGV)
It happens since 25de7aa7b90 (Yu Watanabe 2019-04-25 01:21:11 +0200)
when udev rules processing changed to token model. Yu forgot store
attr to SECLABEL token so fix it.
(cherry picked from commit 0335d110afc08baf47d76b7011ce02510dfdd524)
(cherry picked from commit d58988be7fab2bf3e037ccf175f3cace41f82b80)
(cherry picked from commit 037a0fa5d06db080b8b5d1ae96ce067ee207f335)
In case the dissected image has a filesystem, don't scan for partitions. This
avoids problems with services using a `RootImage=` in early boot when udevd is
not yet started.
(cherry picked from commit 0108c42f59dd5848f6b561f260dc6ff3e19d651b)
(cherry picked from commit 98f8a718c161d45b0001ee68f2ec7d111da79397)
(cherry picked from commit 9de06cd65af80173140989b0b8338fe7411bf488)
(cherry picked from commit 1cee1c52833fb6e3829e510109404852a17e5bdd)
(cherry picked from commit ffccc15f725fe8d9d39a44978168cc483820d750)
(cherry picked from commit 1ea52d91c80b9012f4f76e660122e04ef3f86bc8)
ARM toolchains will sometimes optimize otherwise floating-point-free
code with floating point and SIMD instructions. This was happening with
systemd-bootarm.efi and it was causing U-Boot to crash and reset the
CPU. U-Boot does not support the ARM VFP floating point coprocessor,
which is an optional piece of hardware anyway [1].
Ensure the compiler does not generate FP/SIMD instructions by supplying
the `-mgeneral-regs-only` option when building for ARM [2].
The other option you often see to solve these problems is
`-msoft-float`, but that changes the ABI and prevents linking with
libgnuefi.
[1] https://lists.denx.de/pipermail/u-boot/2011-February/087736.html
[2] https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html#index-mgeneral-regs-only-1
(cherry picked from commit 1ad6056239b70ce69ea70108cf4e49a05a9c2a1d)
(cherry picked from commit 73678d2307042a45ceb3d7fe2fd182f6f6ec3f2d)
(cherry picked from commit 869614a5515fd21c7c639cdbf5d96889f4316463)
This makes changes similar to the parent commit, but for hibernate-resume-generator.
If resume= is specified on the kernel command line, we'll set JobRunningTimeoutSec=0
for the device. This matches what we do for the root device.
In practice, other timeouts will take effect. For example dracut tries (and
fails :[ ) to start dracut-emergency.service after some time.
Fixes#7242, https://bugzilla.redhat.com/show_bug.cgi?id=1705522.
(cherry picked from commit ff757c9d294153a26a9dd2d9817d1985656f3002)
(cherry picked from commit bb598b56eb3cef6dc07b260dc205c67aa11b1196)
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
(cherry picked from commit 637486261528e8aa3da9f26a4487dc254f4b7abb)
(cherry picked from commit e2d4cb9843c50eff76e9104fec6b448c0d7c8814)
When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.
This might have other uses too, for example debugging.
(cherry picked from commit 1068447e6954dc6ce52f099ed174c442cb89ed54)
zjs: patch modified to not make the function public
(cherry picked from commit 83bfc0d8dd026814d23e3fdfa46806394f775526)
