IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We might inherit a max rlim value that's larger than the kernel's
maximum (nr_open). This will cause setrlimit() to fail as the given
maximum is larger than the kernel's maximum. To get around this,
let's limit the max rlim we pass to rlimit() to the value of nr_open.
Should fix#28965
(cherry picked from commit f470dafddcd688c3ea6031d4bbcbf934fd094711)
We set FORK_CLOSE_ALL_FDS, so we should also set FORK_REOPEN_LOG to
reopen the log in the child process so we don't miss any logging
messages.
(cherry picked from commit fbc6a7557120fbb97d781a5d2c640a3c55c3000f)
or else it would output 'Unknown config setting [UKI] SecureBootCerificate=' or just an error outright if not overrode.
(cherry picked from commit c766e05f292182b73e52db7044decc125c453d6f)
This currently makes unit_file_get_default() fail if the default
target is transient which shouldn't make us fail to get the default
unit.
(cherry picked from commit 3c1c52f2c9e67fe60b36325be7292ff0baaf808b)
The specs call this TCG PC Client Platform Firmware Profile
Specification says this PCR is owned by the Host Platform Manufacturer,
at various places. Hence let's give it that name.
(cherry picked from commit b060b9a492e161d0f59721b9a22cce528c967a40)
We conditionalize behavior based on whether these paths have trailing
slashes or not, so let's make sure we keep them intact.
(cherry picked from commit d10eccbd7717441538859e0a0c68ecc61289bb69)
Sometimes its useful to keep a trailing slash in the path so let's
add path_simplify_full() and a flag to do just that.
(cherry picked from commit 4541d045b2cc2834add853f06293d4474ac403e4)
Setting USEC_INFINITY to timer event source should not cause any
problem. But, disabling timer event source should be preferable.
[zjs: simplify the call to sd_event_source_set_enabled()]
(cherry picked from commit 57d2b6a96f997c23bed37d74c6da087fb06081d2)
This reverts commit 1483892a421ca34bc841a8e8b1f385744c0407ed.
As the commit says, it does not solve the race. Moreover, it introduces
an regression #28410.
Also, checking by `path_is_mount_point()` may trigger automount. From
statx(2),
> AT_NO_AUTOMOUNT
> Don't automount the terminal ("basename") component of pathname
> if it is a directory that is an automount point.
Similar statements can be found in fstatat(2), which is used in the
fallback call for statx() in glibc, and name_to_handle_at(2), which is
used as the fallback when statx() failed.
So, `path_is_mount_point()` may _do_ trigger automount for parent paths.
That should be avoided especially on shutdown.
The original issue #25527 that is 'fixed' by the commit is not serious,
and should be fixed by making umount command handle path gracefully:
https://github.com/util-linux/util-linux/issues/2132Fixes#28410.
(cherry picked from commit e323d2e463270ef556aeb753455bdf01a22af46d)
install_subdir() does not copy symlinks but copies the file they
point to. We also get a very ugly warning in the meson install
output:
"""
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
"""
Let's fix both problems at once by using rsync which does the right
thing. Verified by running systemd-dissect --mtree on both the install
output before and after and all the symlinks are now correctly preserved.
(cherry picked from commit cc2a0d85d2733b0a3285e16ca8a869cad84a03ec)
An error reply from polkit is a valid case and should not be propagated
as failure of async_polkit_callback(). It should only be saved here.
It'll be returned by bus_verify_polkit_async() later, when it's called
for the same method again.
Follow-up for #26365.
(cherry picked from commit 45b1c015b0eaff65b1f34e0ba8d072939eaa3926)
exec_child() is supposed to set *exit_status when returning failure.
Unfortunately, we didn't do that in two cases. The result would be:
- a bogus error message "Failed at step SUCCESS spawning foo: …",
- a bogus success exit status.
Bugs introduced in 390902012c5177b6b01bc634b2e9c704073d9e7d and
ad21e542b20f0fb292d1958d3a759bf3403522c2.
The code is reworked to add some asserts and not set exit_status in the caller
so that it's clearer (also to the compiler) that it needs to be set.
(cherry picked from commit 5fa01ac0369f0f225ab1e1f90f6b7058cc4deaaf)
If someone reads /run/host/os-release at the exact same time it is being updated, and it
is large enough, they might read a half-written file. This is very unlikely as
os-release is typically small and very rarely changes, but it is not
impossible.
Bind mount a staging directory instead of the file, and symlink the file
into into, so that we can do atomic file updates and close this gap.
Atomic replacement creates a new inode, so existing bind mounts would
continue to see the old file, and only new services would see the new file.
The indirection via the directory allows to work around this, as the
directory is fixed and never changes so the bind mount is always valid,
and its content is shared with all existing services.
Fixes https://github.com/systemd/systemd/issues/28794
Follow-up for 3f37a82545d461ab
(cherry picked from commit 663e27564ff4529b04da0ddc96804eb4e084a043)
The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug.
The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked.
(Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO).
(cherry picked from commit 5007942477ecfb69702f542cb6770ea4b5bc1e57)
We call dir_is_empty() to check if the directory is empty but don't
take the result into account when returning from the function.
(cherry picked from commit e36c6210b7e1509206514dccedb73f7a1a5c4de1)
This makes tmpfiles, sysusers, and udevd invoked in the following order:
1. systemd-tmpfiles-setup-dev-early.service
Create device nodes gracefully, that is, create device nodes anyway
by ignoring unknown users and groups.
2. systemd-sysusers.service
Create users and groups, to make later invocations of tmpfiles and
udevd can resolve necessary users and groups.
3. systemd-tmpfiles-setup-dev.service
Adjust owners of previously created device nodes.
4. systemd-udevd.service
Process all devices. Especially to make block devices active and can
be mountable.
5. systemd-tmpfiles-setup.service
Setup basic filesystem.
Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
Fixes#28653.
Replaces #28681 and #28732.
(cherry picked from commit bb7f485f4bddd57bbf50739bafa43d127bab59d6)
Otherwise if the os-release file shrinks between updates, there
will be a merge of the two.
Also remove redundant ENOENT check.
Follow-up for 3f37a82545d461ab
(cherry picked from commit bf85c2395e3ed5628b58f86a478e99132288130d)
Follow-up for: 947d836a6e86f1936250ff8e3c67fa33b92a597f
(I guess in the original patch authors usecase the root fs actually
*does* remain in memory, but that's a special case and does not belong
in the man pages this way).
(cherry picked from commit 579fbe5b789cbee10546f6274c39be311e71e49c)
This change makes sure a data copy using copy_bytes() does not exceed the
max_bytes value when using COPY_HOLES and max_bytes stops before the next
data section.
(cherry picked from commit c2dfcbd48e780e49bfc11f1c34077f6c98891e40)
On openSUSE with BTRFS, /root has to be mounted as dedicated subvolume to avoid
restoring it when a rollback of the system happens.
(cherry picked from commit 487ae08b85048f86e72e86d6c601d4c558b6cb8a)
This is a magic string, and we should avoid stepping into the territory
of normal keymap names with that, given that users can pick names
otherwise freely.
Hence, prefix the name with a special char to avoid any namespace
issues.
Follow-up for: #28660
(cherry picked from commit bf77d59772722e96508df91bd24e1b6940b3edfb)
We must go through finish, to undo the destruction of the final elements
of the iovw properly.
(cherry picked from commit 946dc7c635f050129896d1515c08a81504af2421)
The gnu-efi definition of the struct uses [1], our local one [0] to size
the filename array. Let's avoid an ambiguity and use offsetof() so that
this difference doesn't matter. Also, doing it this way makes very clear
to the read what happens here: it's a structure with a variable size
suffix.
(cherry picked from commit 490b4486a752d8d2a10eb4c10d5af523ea539f5e)
This is a follow-up for #28596.
I think the suggestion to use Type=exec uses too strong wording:
Type=exec has non-trivial drawbacks over Type=simple, and they deserve
to be mentioned.
Hence drop the <emphasis> and turn this around so that Type=exec is
*recommended*, but Type=simple is not expressly discouraged, because
there are plenty reasons to use it.
Add a brief discussion where Type=simple might be preferable.
Also, fix the outright unruth that Type=exec was the "simplest and
fastest", because it certainly is a lot, but not that.
(cherry picked from commit e5e900edcd3b245499379201072cbb69346e9798)
The command is deprecated, as per NEWS of 254. Let's go one step further
and remove it from the help text and man page, so that people are not
inspired to use it at this time anymore.
This is how we usually have done this before: remove it from visibility,
but support it for a while still.
(cherry picked from commit 0de0ed6e89823c8834a94682bfd5e366aee9930b)
Follow-up for #26089 and #28505
Currently, if default-keymap is not empty, there's no way
to ask vconsole-setup to retain the kernel keymap. Let's
accept a special value "kernel" for that purpose.
Addresses the problem mentioned in https://github.com/systemd/systemd/pull/28505#issuecomment-1663681665
(cherry picked from commit ef7f5baae8224960f78651e8a3cf4c1f1b870a31)
Kernel patch [1] fixed bugs in rfkill handling on MSI Wind U100. Now
that the HW rfkill reports the correct state, and the SW rfkill is
controllable from userspace, it's necessary to mute KEY_WLAN and
KEY_BLUETOOTH generated on HW rfkill state changes. Otherwise, the
userspace will react to these keys and toggle the SW rfkill as well,
which is not desired, because the user may end up with non-functional
radios if HW and SW rfkills are out of sync.
Blocking these keycodes doesn't impair user experience, because the
desktop environment can still react to HW rfkill events and act
accordingly (for example, show notifications).
While at it, use "unknown" instead of "reserved" to mute keys, to avoid
the "atkbd serio0: Unknown key pressed" flood in dmesg.
[1]: https://lore.kernel.org/all/20230721145423.161057-1-maxtram95@gmail.com/
(cherry picked from commit fa8216e20605ff42054ee316201a13ac6cdd4cd1)
Otherwise, the check below is always fail.
```
if (FLAGS_SET(query_flags, SD_RESOLVED_NO_STALE) && j->until_valid < current)
```
Follow-up for 5ed91481abea382dc486507556e5cdf0f36b796f.
(cherry picked from commit 6756b61626afc343f8b6824f41bef67bb442f1d7)
This reverts commit 33b91308c26ca5d512e43b6b32d596a2c9237d04.
The commit b42482af904ae0b94a6e4501ec595448f0ba1c06 dropped
'--exclude-prefix=/dev' from systemd-tmpfiles-setup.service. So, the
possibly later invocation of the service changes the permission set by
udevd.
As commmented in the head of this file, settings should be consistent
with udev rules. Only missing entry here is vfio. Let's re-add the
entry for the device.
Addresses https://github.com/systemd/systemd/pull/28681#issuecomment-1666949888.
(cherry picked from commit ca15b59f1f37cad54e82edb3042e8a035fc6ab18)
Decrease devlink priority for encrypted partitions, and make the priority for
decrypted DM devices relatively higher. This is for the case that an encrypted
partition and its decrypted DM device have the same label.
(cherry picked from commit c4521fc17bb33d10bf5aca3f87f6a394dfecf423)
Fixes a bug introduced by 08b04ec7e72b7327b4803809732b1b8fce8dd069 and
953006dcb0a37a57aed0e762ff6289700e8689e8.
Fixes#28725.
(cherry picked from commit 685e0dd1924cce44327040b08a8980af2192bf59)
Otherwise, we silently ignore the received packet and that makes hard to
debug issue.
(cherry picked from commit 809da721f0167f88234e55a342e82023019e2341)
Otherwise, manager_parse_dns_server_string_and_warn() or
manager_parse_search_domains_and_warn() will trigger assertion.
(cherry picked from commit 91acee9906e973365109b1b1d5e880ced9aeae65)
If emergency.target is started while initrd-parse-etc.service/start is queued,
the initrd-parse-etc job did not get canceled. In parallel to the emergency
units, it eventually runs the service, which starts initrd-cleanup.service,
which in turn isolates initrd-switch-root.target. This stops the emergency
units and effectively starts the initrd boot process again, which likely
fails again like the initial attempt. The system is thus stuck in an endless
loop, never really reaching emergency.target.
With this conflict added, starting emergency.target automatically cancels
initrd-parse-etc.service/start, avoiding the loop.
(cherry picked from commit 327cd2d3db703555f8d572b4cd055fbe55e1068b)
