IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is a fix of #17751. Specifically:
1. Sort #include headers again
2. Remove tabs, as per coding style
3. Don't install fds in half-initialized objects
4. Use asynchronous_close() everywhere
That all said:
Quit frankly, I am not convinced we should do all this at all. If
close()ing of these input devices is really that slow, then this should
probably be fixed in the kernel, not worked around in userspace like
this.
(cherry picked from commit c74d5fe25d53263c143f0a9c2698d8bb483e398c)
Commit [1] added a workaround when unified cgroups are used but missed
legacy cgroups where there is the same issue.
[1] <2dbc45aea7>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 35e7a62ca32a30169a94693b831e53c832251984)
THis doesn't change the condition's logic at all, but is an attempt to
make things a bit more readable: instead of checking log_target !=
LOG_TARGET_AUTO let's actually list the targets where we want to
consider journal/syslog/kmsg, to make things a bit less confusing. After
all the message here is not to avoid them if LOG_TARGET_AUTO is set, but
to definitely do them in the other cases.
(cherry picked from commit ef9bddb79984aa1b9d605d44b8c0890e8289bef1)
The logic was changed in bc694c06e60505efeb09e5278a7b22cdfa23975e, let's
update the comment accordingly.
(cherry picked from commit 27ffec083140467a03f463a446c6d19dc5e437ab)
When running tests in a mkosi container, /run/systemd might not
exist yet in the container which causes test-execute to fail.
Fixes#17842.
(cherry picked from commit 77f16dbd6d93f2b4a96984254cca25cab03479af)
Either suppress the entry entirely, or not at all. But do not suppress
the "localhost" names we recognize, leaving the ones we do not in place.
On Fedora, where "localhost4.localdomain4" is among those listed in
/etc/hosts for 127.0.0.1 we'd thus otherwise drop the "localhost" but
keep the "localhost4.localdomain4" and then on reverse lookups only
return that, which is highly confusing.
(cherry picked from commit 9ca875e80c38d5bd9898cab61a612ad16d527a5a)
Make them rather fail than go to the network.
Previously we'd filter them on LLMNR (explicitly) and MDNS (implicitly,
because it doesn't have .local suffix), but not on DNS.
In order to make _gateway truly reliable, let's not allow it to go to
DNS either, and keep it local.
This is particular relevant, as clients can now request lookups without
local RR synthesis, where we'd rather have NXDOMAIN returned for
_gateway than have it hit the network.
(cherry picked from commit fbbc72189f7844df8500bb10a58988f70bf90c99)
Apparently 30s is a bit too long for some cases, see #5552. But not
caching SERVFAIL at all also breaks stuff, see explanation in
201d99584ed7af8078bb243ce2587e5455074713.
Let's try to find some middle ground, by lowering the cache timeout to
10s. This should be ample for the problem
201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as
half a miute, as #5552 complains.
Fixes: #5552
(cherry picked from commit 19bcef9dc3fde342f138394333ab04d7e44b7da2)
Apparently, IF_UNICAST_IF does not influence the routing decisions done
during connect(). But SO_BINDTODEVICE/SO_BINDTOINDEX does, which however
brings a lot of other semantics with it, we are not so interested in
(i.e. it doesn't not allow packets from any other iface to us, even if
routing otherwise allows it).
Hence, let's bind to the ifindex immediately before the connect() and
unbind right after again, so that we get the semantics we want, but not
the ones we don't.
Fixes: #11935
Replaces: #12004
(cherry picked from commit d301c52383ca7cfa6b7cda87d7a4209c234a532c)
This extracts the IP address (as union in_addr_union) from a socket
address (i.e. a struct sockaddr).
(cherry picked from commit 3132597182c806e5193aebb0b67cdc0f73154a51)
This follows more closely what web browsers do, and makes sure emojis in
domains work.
Fixes: #14483
(cherry picked from commit d80e72ec602c2af2983842ad87e4443fce89d423)
UML runs as a user-process so it can quite easily be ran inside of
another hypervisor, for instance inside a KVM instance. UML passes
through the CPUID from the host machine so in this case detect_vm
incorrectly identifies as running under KVM. So check we are running
a UML kernel first, before we check any other hypervisors.
Resolves: #17754
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
(cherry picked from commit c8037dbf05da586b6a210ac04f145d99f424971f)
We need to check for parent domains too. We did this correctly for the
system-wide NTA list, but not for the per-link one. Let's fix that.
(cherry picked from commit 7e8a93b77c3c4d4df1e8c3177dc9553c94fac759)
Follow-up for d448888924c1d4815cb97bcd5d94419812c053b9 and ca121e20c42219e3bc4e5cb63dcc96cc5eae2879.
Fixes#17568.
(cherry picked from commit 0f82a2ab5c8d812791aca9686bdcc45f39c62431)
This reverts the gist of da1921a5c396547261c8c7fcd94173346eb3b718 and
0d9fca76bb69e162265b2d25cb79f1890c0da31b (for ppc).
Quoting #17559:
> libseccomp 2.5 added socket syscall multiplexing on ppc64(el):
> https://github.com/seccomp/libseccomp/pull/229
>
> Like with i386, s390 and s390x this breaks socket argument filtering, so
> RestrictAddressFamilies doesn't work.
>
> This causes the unit test to fail:
> /* test_restrict_address_families */
> Operating on architecture: ppc
> Failed to install socket family rules for architecture ppc, skipping: Operation canceled
> Operating on architecture: ppc64
> Failed to add socket() rule for architecture ppc64, skipping: Invalid argument
> Operating on architecture: ppc64-le
> Failed to add socket() rule for architecture ppc64-le, skipping: Invalid argument
> Assertion 'fd < 0' failed at src/test/test-seccomp.c:424, function test_restrict_address_families(). Aborting.
>
> The socket filters can't be added so `socket(AF_UNIX, SOCK_DGRAM, 0);` still
> works, triggering the assertion.
Fixes#17559.
(cherry picked from commit d5923e38bc0e6cf9d7620ed5f1f8606fe7fe1168)
This test assumes capability_list_length() is an invalid cap number,
but that isn't true if the running kernel supports more caps than we were
compiled with, which results in the test failing.
Instead use cap_last_cap() + 1.
If cap_last_cap() is 63, there are no more 'invalid' cap numbers to test with,
so the invalid cap number test part is skipped.
(cherry picked from commit ebc815cd1c647faa934a446ceea91ff4bc9dffa4)
If /sys/class/OOO node is created and destroyed during booting (kernle driver initialization fails),
systemd-udev-trigger.service fails due to race condition.
***** race condition ***********************************************************************************
1. kernel driver create /sys/class/OOO
2. systemd-udev-trigger.service execues "/usr/bin/udevadm trigger --type=devices --action=add"
3. device_enumerator_scan_devices() => enumerator_scan_devices_all() => enumerator_scan_dir("class") =>
opendir("/sys/class") and iterate all subdirs ==> enumerator_scan_dir_and_add_devices("/sys/class/OOO")
4. kernel driver fails and destroy /sys/class/OOO
5. enumerator_scan_dir_and_add_devices("/sys/class/OOO") fails in opendir("/sys/class/OOO")
6. "systemd-udev-trigger.service" fails
7. udev coldplug fails and some device units not ready
8. mount units asociated with device units fail
9. local-fs.target fails
10. enters emergency mode
********************************************************************************************************
***** status of systemd-udev-trigger.service unit ******************************************************
$ systemctl status systemd-udev-trigger.service
systemd-udev-trigger.service - udev Coldplug all Devices
Loaded: loaded (/usr/lib/systemd/system/systemd-udev-trigger.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-01-02 13:16:54 KST; 22min ago
Docs: man:udev(7)
man:systemd-udevd.service(8)
Process: 2162 ExecStart=/usr/bin/udevadm trigger --type=subsystems --action=add (code=exited, status=0/SUCCESS)
Process: 2554 ExecStart=/usr/bin/udevadm trigger --type=devices --action=add (code=exited, status=1/FAILURE)
Main PID: 2554 (code=exited, status=1/FAILURE)
Jan 02 13:16:54 localhost udevadm[2554]: Failed to scan devices: No such file or directory
Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Failed with result 'exit-code'.
Jan 02 13:16:54 localhost systemd[1]: Failed to start udev Coldplug all Devices.
*******************************************************************************************************
***** journal log with Environment=SYSTEMD_LOG_LEVEL=debug in systemd-udev-trigger.service ***********
Jan 01 21:57:20 localhost udevadm[2039]: sd-device-enumerator: Scanning /sys/bus
Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scan all dirs
Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/bus
Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/class
Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Failed to scan /sys/class: No such file or directory
Jan 01 21:57:21 localhost udevadm[2522]: Failed to scan devices: No such file or directory
*******************************************************************************************************
(cherry picked from commit cfb6197bc31eb6b2631dec7bf8d7a253e7891016)
Commit 42cc2855ba2fe4c6f5d incorrectly removed the condition on sysfs in both
sys-fs-fuse-connections.mount and sys-kernel-config.mount. However there are
still needed in case modprobe of one of these modules is intentionally skipped
(due to lack of privs for example).
This patch restores the 2 conditions which should be safe for the common case,
since all conditions are only checked after all deps ordered before are
complete.
Follow-up for 42cc2855ba2fe4c6f5dc863507a1c843611350a0.
(cherry picked from commit 07ccf434e77b17b20d773ce8b2637083cd4fdafc)
As, both MOUNT_MOUNTING and MOUNT_MOUNTING_DONE are mapped to
UNIT_ACTIVATING.
Fixes#17570.
(cherry picked from commit db39a62784e8f857a67cb4a83ade28a906f79679)
These three syscalls are internally used by libc's memory allocation
logic, i.e. ultimately back malloc(). Allocating a bit of memory is so
basic, it should just be in the default set.
This fixes a couple of issues with asan/msan and the seccomp tests: when
asan/msan is used some additional, large memory allocations take place
in the background, and unless mmap/mmap2/brk are allowlisted these will
fail, aborting the test prematurely.
(cherry picked from commit 5abede3247591248718026cb8be6cd231de7728b)
udev requests to start the fs mount units when their respective module is
loaded. For that it monitors uevents of type "ADD" for the relevant fs modules.
However the uevent is sent by the kernel too early, ie before the init() of the
module is called hence before directories in /sys/fs/ are created.
This patch workarounds adds "Requires/After=modprobe@<fs-module>.service" to
the mount unit, which means that modprobe(8) will be called once the fs module
is announced to be loaded. This sounds pointless, but given that modprobe only
returns after the initialization of the module is complete, it should
workaround the issue.
As a side effect, the module will be automatically loaded if the mount unit is
started manually.
Fixes#17586.
(cherry picked from commit 42cc2855ba2fe4c6f5dc863507a1c843611350a0)
This reverts commit 9cbf1e58f9629af5c6b56777ee73dc6320306d6d.
The presence of /sys/module/%I directory can't be used to assert that the load
of a given module is complete and therefore the call to modprobe(8) can be
skipped. Indeed this directory is created before the init() function of the
module is called.
Users of modprobe@.service needs to be sure that once this service returns the
module is fully operational.
(cherry picked from commit b3e32582f67c68896b6b05893b138a975fa26454)
