IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
RouteTable=off was introduced to provide consistency with wg-quick
command. This makes the RouteTable= settings accepts other negative
boolean values.
(cherry picked from commit e135559d805e749a0a1f8d1396cf71f6edd94831)
Previously, we'd try to handle corruption by bumping the index even
if it was an entry array object that was corrupted (which we can't
deal with).
Now, we only try to deal with corrupted entry objects by moving the
corruption handling into generic_array_get().
On top, we also add an additional check for -EADDRNOTAVAIL which can
also be caused by corrupted journal data.
(cherry picked from commit 8d801e35cb155faa08235a5af8b4d6ad60715837)
In particular, mention the contract the generator has with external
ExecCondition= binaries that may be provided by desktop environments.
But, also mention all the other relevant keys. In particular
X-systemd-skip= is important to be documented.
(cherry picked from commit 048d46999995847095e3b7a513ba0627e0179dec)
LocateDevicePath() advances the device path pointer, making it invalid
when freed.
(cherry picked from commit 41b74a18b2879e37b1e084f7ab6bd276ce30c6c9)
The commit b89a3758e92894162e3c2dcb594a55acff3274d5 made the validity
check of the received message stricter. E.g. if the client received a
message with broken NTP server option, then the entire message is
dropped.
This relaxes the check. If some non-critical options are broken, then
ignore the options, but the message itself is still accepted.
Fixes#22099.
(cherry picked from commit 0ac9daa4a169f627f5b3f85a4cdcdbd2c2b2e2ca)
Allowing -e to be used to view the last logs of a previous boot seems
like a useful feature so let's not discard -b options anymore when
followed by -e.
Fixes#22107
(cherry picked from commit 4d6455c0754e31ddc9590c7b9c9a373d82ec0ed4)
If a desktop specific ExecCondition= binary does not exist, this just
means that the desktop environment is not available. As such, it is not
an error condition that should prevent the service from being installed
in the .wants target.
Fix this by simply returning zero.
(cherry picked from commit 6d0aef1dd15088e7379681b3bd93c3cb450f3c55)
Lennart's blog is now mostly of historical interest, and the wiki
landing page has been replaced by systemd.io.
(cherry picked from commit 2777a4a3bfe153cb675d3d66b383a26043c187b8)
All those pages contain a redirect at the top of the page, so it doesn't
make much sense to tell people to take the detour. Linking directly will
also increase the search rankings of the new pages.
(cherry picked from commit a794a4d87219367e8b24469fcafce83a9f224080)
log_parse_environment() uses should_parse_proc_cmdline() to determine whether
it should parse settings from the kernel command line. But the checks that
should_parse_proc_cmdline() apply to the whole process, and we could get a positive
answer also when log_parse_environment() was called from one of the nss modules.
In case of nss-modules, we don't want to look at the kernel command line.
log_parse_environment_variables() that only looks at the environment variables
is split out and used in the nss modules.
Fixes#22020.
(cherry picked from commit a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7)
log_parse_environment() stopped being a macro in 9fdee66f2d9.
As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020,
the comment was out of date.
(cherry picked from commit 56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9)
* sd-bus/man: document EBUSY error in bus_message_read
The EBUSY error can be returned from sd_bus_exit_container(), and, if
that happens, it will be propogated upwards towards bus_message_read. In
terms of documentation, this means that bus_message_read's man page
can't just include the error text for sd_bus_message_read_basic, as
reading basic types exclusively doesn't have the potential for this
error.
sd_bus_message_read_basic's error documentation isn't incorrect when
applied to sd_bus_message_read, it's just incomplete. While EBUSY is
documented in sd_bus_message_open_container.xml,
it's explanation is unique to the sd_bus_message_exit_container function
and makes for poor documentation of the general read API.
(cherry picked from commit a1a03fa54bfb45315eefaa49ceb38a21aceafde8)
Since bpf_can_link_lsm_program return value is boolean, the expression
`r < 0` is always false.
(cherry picked from commit ccfc534deed2f3873c967851497af10d8a1ee01c)
BPF_RAW_TRACEPOINT_OPEN is expected to work only on x86 and x86_64,
since BPF trampoline is implemented only on these architectures.
Attach probing by bpf_program__attach_lsm already happens in
`bpf_lsm_supported`. The resulting pointer can store libbpf error and
that is the case for unsupported architectures.
Add libbpf error check to `bpf_lsm_supported` so execution does not
reach the point where unit startup fails.
(cherry picked from commit f409aa5c6363144c9711226319614f3b248d9828)
To remove directory structures, we need to remove the innermost items first,
and then recursively remove higher-level directories. We would recursively
descend into directories and invoke rm_rf_children and rm_rm_children_inner.
This is problematic when too many directories are nested.
Instead, let's create a "TODO" queue. In the the queue, for each level we
hold the DIR* object we were working on, and the name of the directory. This
allows us to leave a partially-processed directory, and restart the removal
loop one level down. When done with the inner directory, we use the name to
unlinkat() it from the parent, and proceed with the removal of other items.
Because the nesting is increased by one level, it is best to view this patch
with -b/--ignore-space-change.
This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639.
The issue was reported and patches reviewed by Qualys Team.
Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.
(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1)
Units would fail to start, incl. systemd-journald.service and systemd-udevd.service.
Since unit->manager->restrict_fs will be set if and only if we can use it,
we can just check for that and remove the other checks.
Follow-up for 299d9417238e0727a48ebaabb5a9de0c908ec5c8.
(cherry picked from commit 46004616a12dcdaf11020b8d58f956a006c9d9cf)
Dangling symlinks get pruned when packaging up the installation
directory. Just store empty files instead, and compare the names
rather than the content for .requires/.wants - the filename is
what is important anyway, the content is ignored.
Fixes#22059
(cherry picked from commit e683878c0f03a4ffa123e37b27933fbf7e144901)
It was reported as used by the linker:
> [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start.
> My local call stack (with LTO):
>
> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2)
> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2)
> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2)
> #3 _start (/usr/lib64/ld-linux-x86-64.so.2)
>
> Looking through the source, I think it's this (links for glibc 2.34):
> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features.
> - Then init_cpu_features calls get_cet_status.
> - At last, get_cet_status invokes arch_prctl.
Fixes#22033.
(cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453)
This restores the preference order from before 9e82a74. The code
previous to that change 'preferred' /boot over /boot/efi; that
commit changed it to check /boot/efi before checking /boot.
Changing this precedence could (and did, for me) have unexpected
effects - it seems safer to leave it how it was.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
(cherry picked from commit a5307e173bf86d695fe85b8e15e91126e8618a14)
Otherwise, systemd-homed-active.service will fail to deactivate all
homes because homectl can no longer talk to homed if dbus stops first.
As a result, /home cannot be umounted.
Doing this on systemd-homed-active.service instead works as well, but
systemd-homed will exit 1 if dbus is already shut down.
(cherry picked from commit e00a25a7b41bd45ab73b47cbd94b3af909b8f8a1)
BPF LSM is cgroup unaware and it's set up is happening in core manager.
It occures that the current implementation is too restrictive and causes
pid 1 to freeze.
Instead:
* in bpf_lsm_setup set manager->restrict_fs pointer last,
so it is an indicator that the set up was successful
* check for manager->restrict_fs before applying unit options
(cherry picked from commit 299d9417238e0727a48ebaabb5a9de0c908ec5c8)
The code was written unidiomatically, using r as a boolean value, and
confusing errno and r in some places. AFAICS, there wasn't any actual
problem: even in the one place where errno was used instead of r, it would
almost certainly be initialized.
It seems that some libbpf functions set errno, while others return the
error, possibly encoded. Since there are almost no docs, the only way to
know is to read the code of the function. To make matters worse, there is
a global libbpf_mode which can be set to change the convention. With
LIBBPF_STRICT_DIRECT_ERRS in libbpf_mode, some functions set errno while others
return a negative error, and the only way to know is to read the code, except
that the split is now different. We currently don't set
LIBBPF_STRICT_DIRECT_ERRS, but even the possibility makes everything harder
to grok.
This is all very error-prone. Let's at least add some asserts to make sure that
the returned values are as expected.
(cherry picked from commit b7cba81553d0d958f23182ba9ab1739842ff9f5a)
