IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We treat any negative value as "invalid fd", but signalfd only
accepts -1.
(cherry picked from commit cbff793ffb)
(cherry picked from commit 54c840ea58)
(cherry picked from commit 4178457f0e)
If the page size of a swap space doesn't match the page size of the
currently running kernel, swapon will fail. Let's instruct it to
reinitialize the swap space instead.
(cherry picked from commit cc137d53e3)
(cherry picked from commit a0ac79bce9)
(cherry picked from commit 8be5a12c71)
This ensures that services with `RemainAfterExit` but without any
process running won't cause failure during freeze.
(cherry picked from commit fcb0878f75)
(cherry picked from commit 2eb040f36f)
(cherry picked from commit 9a0bd2ff70)
Explicitly set __attribute__ ((noinline)) so that the compiler does not
attempt to inline expand_to_usable, even with LTO.
(cherry picked from commit 4f79f545b3)
(cherry picked from commit e998c9d7c1)
(cherry picked from commit 4014688458)
systemd uses malloc_usable_size() everywhere to use memory blocks
obtained through malloc, but that is abuse since the
malloc_usable_size() interface isn't meant for this kind of use, it is
for diagnostics only. This is also why systemd behaviour is flaky when
built with _FORTIFY_SOURCE.
One way to make this more standard (and hence safer) is to, at every
malloc_usable_size() call, also 'reallocate' the block so that the
compiler can see the larger size. This is done through a dummy
reallocator whose only purpose is to tell the compiler about the larger
usable size, it doesn't do any actual reallocation.
Florian Weimer pointed out that this doesn't solve the problem of an
allocator potentially growing usable size at will, which will break the
implicit assumption in systemd use that the value returned remains
constant as long as the object is valid. The safest way to fix that is
for systemd to step away from using malloc_usable_size() like this.
Resolves#22801.
(cherry picked from commit 7929e180aa)
(cherry picked from commit 34b9eddfc1)
(cherry picked from commit 70653ebeb6)
gcc 13 -Wenum-int-mismatch reminds us that enum != int
(cherry picked from commit e14afe31c3)
(cherry picked from commit ba5f7915d2)
(cherry picked from commit 85ad47e172)
Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
(cherry picked from commit aa70dd624b)
(cherry picked from commit b1b7667a44)
(cherry picked from commit ecb0b018d2)
This reverts commit 64f0e53851.
On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote:
> That patch made things worse and is disfunctional for both, usb drive and
> password.
>
> No idea if more patches are needed, but this build does not unlock a drive
> at all, if usb is configured.
(cherry picked from commit 253cc95c64)
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.
https://bugzilla.redhat.com/show_bug.cgi?id=2152685
I went over the rest of the codebase, and it seems that other calls to
json_parse() don't have this problem.
(cherry picked from commit c5966ab5bf)
(cherry picked from commit 57ab4e2d47)
(cherry picked from commit 6208326afb)
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
(cherry picked from commit 3e4d0f6cf9)
(cherry picked from commit 9b75a3d050)
(cherry picked from commit efca5283dc)
If udevd broadcasts a processed device with huge amount of properties,
then clients cannot receive the device.
Fixes#24987.
(cherry picked from commit efbd4b3ca8)
(cherry picked from commit cf21555d6d)
Previously, interfaces are partially reconfigured in a spurious way.
Let's use the same way as `networkctl reconfigure`.
Hopefully fixes#14987 and #24997.
(cherry picked from commit a39a9ac806)
(cherry picked from commit 7eefd2fbb7)
Previously, ata_id might not be able to retrieve attributes correctly,
and properties from usb_id were used as a fallback. See issue #24921
and PR #24923. To keep backward compatibility, still we need to create
symlinks based on USB serial.
Fixes#25179.
(cherry picked from commit 479da1107a)
(cherry picked from commit b61fcaca1b)
When reboot is invoked, the -p/--poweroff option is intentionally
ignored. Update the man page to reflect this exception.
(cherry picked from commit 6dfaeac370)
(cherry picked from commit c339e8d71b)
Note that -O0 is deliberately filtered out as we have to compile with at
least -O1 due to #24202.
Fixes: #24323
(cherry picked from commit 7aa4762ce2)
(cherry picked from commit 23d66a03de)
In https://github.com/containers/podman/issues/16107, starting of a transient
slice unit fails because there's a "global" drop-in
/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by
systemd-oomd-defaults package to install some default oomd policy). This means
that the unit_is_pristine() check fails and starting of the unit is forbidden.
It seems pretty clear to me that dropins at any other level then the unit
should be ignored in this check: we now have multiple layers of drop-ins
(for each level of the cgroup path, and also "global" ones for a specific
unit type). If we install a "global" drop-in, we wouldn't be able to start
any transient units of that type, which seems undesired.
In principle we could reject dropins at the unit level, but I don't think that
is useful. The whole reason for drop-ins is that they are "add ons", and there
isn't any particular reason to disallow them for transient units. It would also
make things harder to implement and describe: one place for drop-ins is good,
but another is bad. (And as a corner case: for instanciated units, a drop-in
in the template would be acceptable, but a instance-specific drop-in bad?)
Thus, $subject.
While at it, adjust the message. All the conditions in unit_is_pristine()
essentially mean that it wasn't loaded (e.g. it might be in an error state),
and that it doesn't have a fragment path (now that drop-ins are acceptable).
If there's a job for it, it necessarilly must have been loaded. If it is
merged into another unit, it also was loaded and found to be an alias.
Based on the discussion in the bugs, it seems that the current message
is far from obvious ;)
Fixes https://github.com/containers/podman/issues/16107,
https://bugzilla.redhat.com/show_bug.cgi?id=2133792.
(cherry picked from commit 1f83244641)
(cherry picked from commit 98a45608c4)
Not not IN_SET(…) is just too much for my poor brain. Let's invert
the expression to make it easier to undertand.
(cherry picked from commit b146a7345b)
(cherry picked from commit 228cd82d2c)
Semi-quoting https://github.com/systemd/systemd/issues/25057:
clang-16 has made the choice to turn on -Werror=implicit-function-declaration,implicit-int.
(See Gentoo's tracker bug https://bugs.gentoo.org/870412).
Added in commit 132c73b57a, systemd now does a
check to see if libatomic is needed with some compile/link tests with e.g.
__atomic_exchange_1, but the tests don't provide a prototype for
__atomic_exchange_1 so with clang-16 the test fails, breaking the build.
Let's simplify things by linking to libatomic unconditionally if it is found
and seems to work. If actually unneeded, it might be dropped via --as-needed.
This seems to work with gcc and clang.
declare_dependency() is used instead of cc.find_library(), because the latter
picks up a symlink in gcc private directory (e.g.
/usr/lib/gcc/x86_64-redhat-linux/12/libatomic.so), and we don't want that.
Fixes#25057.
(cherry picked from commit 96f8c63601)
(cherry picked from commit d61ccd0252)
We would deadlock when passing the data back from the forked-off process that
was doing backtrace generation back to the coredump parent. This is because we
fork the child and wait for it to exit. The child tries to write too much data
to the output pipe, and and after the first 64k blocks on the parent because
the pipe is full. The bug surfaced in Fedora because of a combination of four
factors:
- 87707784c7 was backported to v251.5, which
allowed coredump processing to be successful.
- 1a0281a3eb was NOT backported, so the output
was very verbose.
- Fedora has the ELF package metadata available, so a lot of output can be
generated. Most other distros just don't have the information.
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
are generated for it.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
The code is changed to try to write data opportunistically. If we get partial
information, that is still logged. In is generally better to log partial
backtrace information than nothing at all.
(cherry picked from commit 076b807be4)
(cherry picked from commit 087cbfd936)
It is useful to distinguish if json_parse_file() got no input or invalid input.
Use different return codes for the two cases.
(cherry picked from commit 87a16eb8b5)
(cherry picked from commit ab587aaf8e)
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.
Result of the mess that is #25052.
(cherry picked from commit 8f598a4635)
(cherry picked from commit d1066f33b5)
They didn't actually change API between major versions, so let's
support the previous version as well so we can add CentOS 8 Stream
back to CI.
(cherry picked from commit 3f5225d7f3)
(cherry picked from commit e2a07cdac6)
The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
argument, so we need to call manager_is_on_external_power(). Otherwise
the function pointer is interpreted as a boolean and always returns
true:
```
$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
b true
$ /lib/systemd/systemd-ac-power --verbose
no
```
Thanks: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
(cherry picked from commit 63168cb517)
(cherry picked from commit 3028e05955)
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.
While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.
(cherry picked from commit 734f96b849)
(cherry picked from commit 5da595db39)
This also moves the check for writable paths from test-execute to TEST-34.
Closes#10337.
(cherry picked from commit f01f70a9a3)
(cherry picked from commit 40053e60f5)
The very basic functinality of StateDirectory= or friends is creating
specified directories. That should work if one entry is a subdirectory
of another. However, it does not when combined with DynamicUser=yes.
To support such case, this adds ExecDirectoryItem.only_create flag, and
if it is set PID1 only create private directory, and not create the symlink
to the private directory.
Fixes#24783.
(cherry picked from commit a2ab603cc4)
(cherry picked from commit 0ba2e4bb69)
Follow-up for 211a3d87fb.
Previously, although ExecDirectoryItem.symlinks is strv, it always
contains at most one symlink.
(cherry picked from commit 564e5c9878)
(cherry picked from commit 1de3cb97ee)
Even if a bonding master interface has carrier, the underlying slave
interfaces may not. In such a case, sending solicitation fails with
-ENOBUS. Here, let's unconditionally ignore errors, as anyway we will
send a solicitation later.
Fixes#24717.
(cherry picked from commit 852bf93826)
(cherry picked from commit d7b83b9986)
We would fail with an assert in sd_bus_message_enter_container() afterwards.
(cherry picked from commit 5475e963c5)
(cherry picked from commit e0ba044985)
