IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If one field in a specific column has a maximum size limit, other fields
in the same column might affected by it and get less than they asked
for. Let's make sure we can handle this, and don't assert on this
because surprisingly we got less than what we asked for.
(cherry picked from commit 2cd9f773e29873df1b9f9b09c6c4f78853b16215)
(cherry picked from commit db3aaa0a661c993994194a60f1a24a1495496bab)
Aaargh. See the comment in the code.
Apparently the range is like that:
$ sudo bash -c 'echo "default 1001" >/sys/fs/cgroup/user.slice/io.bfq.weight'
bash: line 0: echo: write error: Numerical result out of range
$ uname -r
5.11.0-0.rc4.129.fc34.x86_64
(cherry picked from commit 29eb0eefd14afc9a2424781a28b376db47c3c570)
(cherry picked from commit c3ba9cb8f1b3ea0211123e1ae8e00bf7494ba233)
An (imperfect) fix for #14760.
This makes collisions unlikely, but still theoretically possible.
Fixes: #14760
(cherry picked from commit ac3bc1b819b66f925145629a5c2ccb0a098f0446)
Let's use uint32_t everywhere to maintain the seqno, since that's what
the kernel does. Prviously in the reply_callback logic we used 64bit,
for no apparent reason.
Using 32bit also provides us with the benefit that we can avoid using
uint64_hash_ops, and can use trivial_hash_ops instead for the reply
hashmap, so that we can store the seqno in the key pointer directly.
While we are at it, let's make sure we never run into serial collisions
internally (32bit is a lot, but not that much), and let's put a limit on
outstanding serials, to catch programming errors.
(cherry picked from commit b522c4b92a1a8999e008002f0a30acbaf58b55e4)
Apparently, there are plenty routers in place that report an incorrect
RR count in the packets: they declare more RRs than are actually
included.
Let's accept these responses, but let's downgrade them to baseline, i.e.
let's suppress OPT in this case: if they don't even get the RR count
right, let's operate on the absolute baseline, and not bother with
anything fancier such as EDNS.
Prompted-by: https://github.com/systemd/systemd/issues/12841#issuecomment-724063973Fixes: #3980
Most likely fixes: #12841
(cherry picked from commit 18674159ebbf622a9e6e5a45cc36b38f74dae315)
(cherry picked from commit fdfffdaf20a18a50c9a6d858359cf4af6d2f4c8b)
Follow-up for 4ea8b443de. The logic that manages DnsQueryCandidate is rather
complicated: a calls to dns_query_complete() that wants to destroy a
DnsQueryCandidate can be nested inside a deep chain of calls. Using reference
counts seems like the simplest approach.
DnsSearchDomain already uses reference counting.
This patch effectively brings dns_query_candidate_go() to the state before
4ea8b443de, but wraps the iteration over DnsQueryCandidate.transactions in
dns_query_candidate_ref+dns_query_candidate_unref.
(cherry picked from commit 0e0fd08fc832b8f42e567d722d388eba086da5ff)
(cherry picked from commit ab9f7e1a51005f12d3bac83b86716d9d33048eb7)
When dns_transaction_complete() manages to resolve a query, it invalidates the
query candidate object. It shall not be accessed afterwards.
We have the following chain of calls:
dns_query_candidate_go → dns_transaction_go → dns_transaction_prepare → dns_cache_lookup (success: 1)
→ dns_transaction_complete
After returning back to dns_query_candidate_go(), we'd attempt to continue
iteration over the list of transactions attached to the query candidate,
accessing already freed (and overwritten) memory:
(gdb) bt
0 0x00007f637297cf47 in hashmap_iterate_entry (i=0x7ffe7e15cc90, h=0x706f746b73656465) at ../src/basic/hashmap.c:703
1 _hashmap_iterate (h=0x706f746b73656465, i=i@entry=0x7ffe7e15cc90, value=value@entry=0x7ffe7e15cc88,
key=key@entry=0x0) at ../src/basic/hashmap.c:712
2 0x00007f637297d01b in set_iterate (s=<optimized out>, i=i@entry=0x7ffe7e15cc90, value=value@entry=0x7ffe7e15cc88)
at ../src/basic/hashmap.c:733
hence we crash
3 0x0000557bc99eb80f in dns_query_candidate_go (c=c@entry=0x557bcaf86890) at ../src/resolve/resolved-dns-query.c:139
...but c is not valid here in the second iteration of the loop
4 0x0000557bc99eb720 in dns_query_candidate_notify (c=0x557bcaf86890) at ../src/resolve/resolved-dns-query.c:271
c was valid here at entry...
5 0x0000557bc99efe28 in dns_transaction_complete (t=0x557bcac072f0, state=<optimized out>)
at ../src/resolve/resolved-dns-transaction.c:350
t is a valid transaction (11481 in the backtrace below)
6 0x0000557bc99f1efb in dns_transaction_process_reply (t=0x557bcac072f0, p=<optimized out>)
at ../src/resolve/resolved-dns-transaction.c:1171
7 0x0000557bc99f2d41 in on_dns_packet (s=<optimized out>, fd=<optimized out>, revents=<optimized out>,
userdata=0x557bcac072f0) at ../src/resolve/resolved-dns-transaction.c:1223
8 0x00007f6372a25217 in source_dispatch (s=s@entry=0x557bcb162c50) at ../src/libsystemd/sd-event/sd-event.c:3181
9 0x00007f6372a254fd in sd_event_dispatch (e=0x557bcb15b050) at ../src/libsystemd/sd-event/sd-event.c:3620
10 0x00007f6372a267c8 in sd_event_run (e=e@entry=0x557bcb15b050, timeout=timeout@entry=18446744073709551615)
at ../src/libsystemd/sd-event/sd-event.c:3678
11 0x00007f6372a269ef in sd_event_loop (e=0x557bcb15b050) at ../src/libsystemd/sd-event/sd-event.c:3700
12 0x0000557bc99ddc14 in run (argc=<optimized out>, argv=<optimized out>) at ../src/resolve/resolved.c:92
13 0x0000557bc99d260a in main (argc=<optimized out>, argv=<optimized out>) at ../src/resolve/resolved.c:99
xxx.name.net systemd-resolved[31705]: Got message type=method_call sender=:1.3644 destination=org.freedesktop.resolve1 path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 signature=isit error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: idn2_lookup_u8: xxx → xxx
xxx.name.net systemd-resolved[31705]: Looking up RR for xxx IN A.
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=1102 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=1103 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3324 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=1103 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Cache miss for xxx.name.net IN A
xxx.name.net systemd-resolved[31705]: Transaction 11481 for <xxx.name.net IN A> scope dns on enp42s0/*.
xxx.name.net systemd-resolved[31705]: Using feature level UDP for transaction 11481.
xxx.name.net systemd-resolved[31705]: Using DNS server 192.168.1.1 for transaction 11481.
xxx.name.net systemd-resolved[31705]: Sending query packet with id 11481 of size 35.
xxx.name.net systemd-resolved[31705]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3324 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=1102 signature= error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.3644' successfully installed.
xxx.name.net systemd-resolved[31705]: Processing incoming packet on transaction 11481 (rcode=NXDOMAIN).
xxx.name.net systemd-resolved[31705]: Not caching negative entry without a SOA record: xxx.name.net IN A
xxx.name.net systemd-resolved[31705]: Transaction 11481 for <xxx.name.net IN A> on scope dns on enp42s0/* now complete with <rcode-failure> from network (unsigned).
xxx.name.net systemd-resolved[31705]: Positive cache hit for xxx.lan IN A
xxx.name.net systemd-resolved[31705]: Transaction 64364 for <xxx.lan IN A> on scope dns on enp42s0/* now complete with <success> from cache (unsigned).
xxx.name.net systemd-resolved[31705]: Sent message type=method_return sender=n/a destination=:1.3644 path=n/a interface=n/a member=n/a cookie=1104 reply_cookie=2 signature=a(iiay)st error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=1105 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Freeing transaction 64364.
xxx.name.net systemd[1]: systemd-resolved.service: Main process exited, code=dumped, status=11/SEGV
xxx.name.net systemd[1]: systemd-resolved.service: Failed with result 'core-dump'.
Fixes#16168, https://bugzilla.redhat.com/show_bug.cgi?id=1895937.
(cherry picked from commit 4ea8b443de8be0f7a932f325dfafa1ee2a843795)
(cherry picked from commit 64317106aed94a6fb758ab6b08ba490873fc5227)
So the currentl and only fd_is_mount_point() check is actually entirely
bogus: it passes "/" as filename argument, but that's not actually a
a valid filename, but an absolute path.
fd_is_mount_point() is written in a way tha the fd refers to a directory
and the specified path is a file directly below it that shall be
checked. The test call actually violated that rule, but still expected
success.
Let's fix this, and check for this explicitly, and refuse it.
Let's extend the test and move it to test-mountpoint-util.c where the
rest of the tests for related calls are placed.
Replaces: #18004Fixes: #17950
(cherry picked from commit 95231c7215c3ff14c491eb1d2a93312a8fe0c4f6)
(cherry picked from commit 551dd873b0bdfb9e7e47431b2933c8b910228f0c)
Apparently SELinux inserts control data into AF_UNIX datagrams where we
don't expect it, thus miscalculating the control data. This looks like
something to fix in SELinux, but we still should handle this gracefully
and just drop the offending datagram and continue.
recvmsg_safe() actually already drops the datagram, it's just a matter
of actually ignoring EXFULL (which it generates if control data is too
large) in the right places.
This does this wherever an AF_UNIX/SOCK_DGRAM socket is used with
recvmsg_safe() that is not just internal communication.
Fixes: #17795
Follow-up for: 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1
(cherry picked from commit 741bfd7f4e60fdc07ecaadbd93f1196dbee657ca)
(cherry picked from commit b7e0ac754eba3c91b76dc7b92802716144b569b8)
This variable (a.k.a. rootlibexecdir), was exposed through the .pc file, but
not as rpm macro.
The .pc file must be located in the package that provides libraries, which
pulls in a lot of dependencies. In Fedora, the macros are split out to a
separate package so that other packages which need to refer to some systemd
path but don't otherwise require it, can only pull in the (much smaller and
dependency-less) macros package. zram-generator uses the path to specify the
location of systemd-makefs, so by using the rpm macro we'll be able to use
a much smaller buildroot.
(cherry picked from commit 3bc66bfa0136e370a8f7b06c3b69a52f5636ef82)
(cherry picked from commit 490b9ae9dd786e0924cab59d578bb3d69a174079)
Previously, if an interface does not have SSID, e.g. run in mesh-point
type, then the wifi iftype obtained by the netlink call was ignored.
Fixes#18059.
(cherry picked from commit a66a402da471f6230ab8674fd2c1df6d918773b5)
(cherry picked from commit fc4eae72f8dd34a334b2707614d9c07974d4d604)
It looks like zero'ing the struct is not enough, and with some level
of optimizations there is still non-zero padding left over.
Switch to member-by-member initialization. Also convert all remaining
bpf_attr variables in other files.
(cherry picked from commit 9ca600e2bfacc52a65c89f3485723b2c27394e55)
(cherry picked from commit 95ee2c6b481b7a1f953cb720c35df568b7a6cb70)
(apparently overlayfs has issues with xattrs, hence don't require that
/usr supports xattrs)
(cherry picked from commit 84319c5c07e7283f31930c799dfd948d251d9b73)
(cherry picked from commit 3dcf950663f906db8a9baa465bd2ac384e832a46)
When building with Clang and using structured initialization, the
bpf_attr union is not zero-padded, so the kernel misdetects it as
an unsupported extension.
zero it until Clang's behaviour matches GCC. Do not skip the test
on Github Actions anymore.
(cherry picked from commit 28abf5ad3483a417d3d4de561533d282493a7f2a)
(cherry picked from commit 94bb28590b21f37bcd9b831029af05a8a78f49ef)
unset-environment is completed with variable names in the environment block.
set-environment the same, but suffixed with "=".
import-environment is completed with variable names in the client environment.
(cherry picked from commit 341992081b6ece1adba270e239f96c9840884885)
(cherry picked from commit 6db2ae66185d8feffe5a19841cff64835afae136)
I mean, the old code at least used O_PATH, but still, we shouldn't
allocate/close an fd if we don't have to.
(cherry picked from commit 15308e5083391f6a1b9ce25c5b7323f37544eab8)
(cherry picked from commit a2f0da2de006c74bca64b3ce5b023e99bcca4498)
commit 15d7ab87c4e5917f5788f1f8dce327a1e272bea3 introduced the
change to add an 'alias' state, but it was wired to systemctl
only when running in 'client-side' mode. Return success as
expected and documented also when running in 'server-mode'.
Fixes https://github.com/systemd/systemd/issues/18134
(cherry picked from commit bf3b428f73eb51f4abb64a80ea5be346b9eeb2fe)
(cherry picked from commit 7c63e5ed58fc5d0cf2653e614fee2765b495085a)
Explicitly document the behavior introduced in #7437: when picking a new
UID shift base with "-U", a hash of the machine name will be tried
before falling back to fully random UID base candidates.
(cherry picked from commit 68709a636c838e0754b49caa6ff2d4168e3c99c8)
(cherry picked from commit 4032a1358897ecaf4e485399b03c6186fb2c90e9)
This explicitly documents the default `UTC` timezone which is used
by systemd and (other softwares) when `/etc/localtime` is not present.
Ref: https://github.com/systemd/systemd/blob/v247/src/basic/time-util.c#L1460-L1469
(cherry picked from commit 3d909037e3bb86bb14ceef98325b2759b938a4b3)
(cherry picked from commit a580023f1da331bd454ea72cad146215b255e0d0)
`AllowedIPs=` only affects "routing inside the network interface
itself", as in, which wireguard peer packets with a specific destination
address are sent to, and what source addresses are accepted from which
peer.
To cause packets to be sent via wireguard in first place, a route via
that interface needs to be added - either in the `[Routes]` section on
the `.network` matching the wireguard interface, or outside of networkd.
This is a common cause of misunderstanding, because tools like wg-quick
also add routes to the interface. However, those tools are meant as a
"extremely simple script for easily bringing up a WireGuard interface,
suitable for a few common use cases (from their manpage).
Networkd also should support other usecases - like setting AllowedIPs to
0.0.0.0/0 and ::/0 and having a dynamic routing protocol setting more
specific routes (or the user manually setting them).
Reported-In: https://github.com/systemd/systemd/issues/14176
(cherry picked from commit c6b90e5c5e54e98b6aed38677f77d8491f2e49c8)
(cherry picked from commit 14475e0e793be33bfad371c6d3545c7448f78730)
Upgrading to qemu 5.2 breaks TEST-36-NUMAPOLICY like:
qemu-system-x86_64: total memory for NUMA nodes (0x0) should
equal RAM size (0x20000000)
Use the new (as in >=2014) form of memdev in test 36:
-object memory-backend-ram,id=mem0,size=512M -numa node,memdev=mem0,nodeid=0
Since some target systems are as old as qemu 1.5.3 (CentOS7) but the new
kind to specify was added in qemu 2.1 this needs to add version parsing and
add the argument only when qemu is >=5.2.
Fixes#17986.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
(cherry picked from commit 43b49470d1f2808555c07f64cd0a1529b7ddd559)
(cherry picked from commit b7171ae4bdb5c827c1ab0c97934b75f3169af8bb)
Previously, we'd already have explicit logging for the case where
$XDG_RUNTIME_DIR is not set. Let's also add some explicit logging for
the EPERM/ACCESS case. Let's also in both cases suggest the
--machine=<user>@.host syntax.
And while we are at it, let's remove side-effects from the macro.
By checking for both the EPERM/EACCES case and the $XDG_RUNTIME_DIR case
we will now catch both the cases where people use "su" to issue a
"systemctl --user" operation, and those where they (more correctly, but
still not good enough) call "su -".
Fixes: #17901
(cherry picked from commit 1ecb46724cae151606bc825f0e39f14d4dfe1a0e)
(cherry picked from commit 36bc4a18fd8117cab0d4ff02eac89579a86cd399)
So far when asked for augmented bus credentials and the process was
already gone we'd fail fatally. Let's make this graceful instead, and
never allow augmenting fail due to PID having vanished — unless the
augmenting is the explicit and only purpose of the requested operation.
This should be safe as clients have to explicitly query the acquired
creds anyway and handle if they couldn't be acquired. Moreover we
already handle permission problems gracefully, thus clients must be
ready to deal with missing creds.
This is useful to make selinux authorization work for short-lived client
proceses. PReviously we'd augment creds to have more info to log about
(the selinux decision would not be based on augmented data however,
because that'd be unsafe), and would fail if we couldn't get it. Now,
we'll try to acquire the data, but if we cannot acquire it, we'll still
do the selinux check, except that logging will be more limited.
(cherry picked from commit f8ecc2c00df7bd810557f3056ec12f6a0730812d)
(cherry picked from commit a1b1ef65a4371e8aec4b0df1326e4cb5de005e80)
For unknown reasons, sd-bus has trouble connecting to the filtered
D-Bus system proxy exported by Flatpak and the connection to the
bus is closed during authentication. Don't mistake this for a remote
error - that was causing a hard "not found" failure rather than a fallback.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1912131 for background.
This commit adds support for disabling the read and write
workqueues with the new crypttab options no-read-workqueue
and no-write-workqueue. These correspond to the cryptsetup
options --perf-no_read_workqueue and --perf-no_write_workqueue
respectively.
(cherry picked from commit 227acf0009bde2cd7f8bc371615b05e84137847d)
There are two ways in swich sd_login_* functions acquire data:
some are derived from the cgroup path, but others use the data serialized
by logind.
When the tests are executed under Fedora's mock, without systemd-spawn
but instead in a traditional chroot, test-login gets confused:
the "outside" cgroup path is visible, so sd_pid_get_unit() and
sd_pid_get_session() work, but sd_session_is_active() and other functions
that need logind data fail.
Such a buildroot setup is fairly bad, but it can be encountered in the wild, so
let's just skip the tests in that case.
/* Information printed is from the live system */
sd_pid_get_unit(0, …) → "session-237.scope"
sd_pid_get_user_unit(0, …) → "n/a"
sd_pid_get_slice(0, …) → "user-1000.slice"
sd_pid_get_session(0, …) → "237"
sd_pid_get_owner_uid(0, …) → 1000
sd_pid_get_cgroup(0, …) → "/user.slice/user-1000.slice/session-237.scope"
sd_uid_get_display(1000, …) → "(null)"
sd_uid_get_sessions(1000, …) → [0] ""
sd_uid_get_seats(1000, …) → [0] ""
Assertion 'r >= 0' failed at src/libsystemd/sd-login/test-login.c:104, function test_login(). Aborting.
(cherry picked from commit ac5644635dba54ce5eb0ff394fc0bc772a984849)
(based on 4275f1c95e730ca9422463be29747ad4b6b1fb91)
Follow-up for ac24e418d9bc988ecf114c464701b35934948178.
The original motivation of the commit and RFE #15339 is to start dhcpv6
client in managed mode when neither M nor O flag is set in the RA.
But, previously, if the setting is set to "always", then the DHCPv6
client is always started in managed mode even if O flag is set in the
RA. Such the behavior breaks RFC 7084.
(cherry picked from commit 0e686feaff71465e3220f234871f66a39f0f57ad)
These two judgement can't judge that two entries are repeating fully.
So i think seqnum is needed to make full judgement.
(cherry picked from commit b17f651a17cd6ec0ceac7835f2f8607fbd9ddb95)
(cherry picked from commit 60fc09f5db900d622aa956fdc98283f149b4a8b2)
Use symlink_atomic_label() instead of symlink_atomic() as the symlink
may need a different label than the parent directory.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
(cherry picked from commit 7b87bece5ded3e8f068df8402901198c069ab5cf)
(cherry picked from commit 029331f56a1b6e4fb2823a56a108f741a576d7af)
Support gcc 8 on arm
(cherry picked from commit 361f41645cdf920d431e2d68dcfa3f98088c2e03)
(cherry picked from commit cb17e9874fb881d0147d44b29163e35471cf00f6)
reallocarray() is defined in stdlib.h, so that would be right header to
check for its presense.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5bb20fd3d33f7e866a0845f15c1ab5b595147f1e)
(cherry picked from commit 1d8cfe817861a0b0de2b561f6770e33d1242db63)
In some cases it is not defined. Eg in a yocto build:
src/systemd/meson.build:61:15: ERROR: Unknown variable cxx.
(cherry picked from commit 442bc2afee6c5f731c7b3e76ccab7301703a45a7)
(cherry picked from commit dad90a476e667b9c570cf236c90b50ccae7e8817)
The recent bug report indicated a race at device creation and the
sound.target dependencies, and the cause turned out to be the condition
of the sound.target trigger. Currently it's set for "card*", but this
is actually the parent object; i.e. the sound.target is triggered before
the sound devices are created.
For assuring the whole sound device creations beforehand, we need to use
"controlC*" instead of "card*"; as already described in
78-sound-card.rules, this is guaranteed to be the last device, and can
be used as a synchronization point.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1179363
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit 5926e592fa5e6290b9f4588939945869adb5c55f)
