IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This restores the preference order from before 9e82a74. The code
previous to that change 'preferred' /boot over /boot/efi; that
commit changed it to check /boot/efi before checking /boot.
Changing this precedence could (and did, for me) have unexpected
effects - it seems safer to leave it how it was.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
(cherry picked from commit a5307e173bf86d695fe85b8e15e91126e8618a14)
Otherwise, systemd-homed-active.service will fail to deactivate all
homes because homectl can no longer talk to homed if dbus stops first.
As a result, /home cannot be umounted.
Doing this on systemd-homed-active.service instead works as well, but
systemd-homed will exit 1 if dbus is already shut down.
(cherry picked from commit e00a25a7b41bd45ab73b47cbd94b3af909b8f8a1)
BPF LSM is cgroup unaware and it's set up is happening in core manager.
It occures that the current implementation is too restrictive and causes
pid 1 to freeze.
Instead:
* in bpf_lsm_setup set manager->restrict_fs pointer last,
so it is an indicator that the set up was successful
* check for manager->restrict_fs before applying unit options
(cherry picked from commit 299d9417238e0727a48ebaabb5a9de0c908ec5c8)
The code was written unidiomatically, using r as a boolean value, and
confusing errno and r in some places. AFAICS, there wasn't any actual
problem: even in the one place where errno was used instead of r, it would
almost certainly be initialized.
It seems that some libbpf functions set errno, while others return the
error, possibly encoded. Since there are almost no docs, the only way to
know is to read the code of the function. To make matters worse, there is
a global libbpf_mode which can be set to change the convention. With
LIBBPF_STRICT_DIRECT_ERRS in libbpf_mode, some functions set errno while others
return a negative error, and the only way to know is to read the code, except
that the split is now different. We currently don't set
LIBBPF_STRICT_DIRECT_ERRS, but even the possibility makes everything harder
to grok.
This is all very error-prone. Let's at least add some asserts to make sure that
the returned values are as expected.
(cherry picked from commit b7cba81553d0d958f23182ba9ab1739842ff9f5a)
If something goes wrong with this test it may result in an unsafe
system restart. Let's avoid running it automatically.
See https://github.com/systemd/systemd/issues/22001.
(cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340)
If the action failed, we should log about the issue, and continue.
Exiting would bring the graphical session down, which of course is not
appreciated by users.
As documented in previous commits, a non-negative return from the callback
doesn't matter, so the callback is simplified a bit.
Fixes#21991.
(cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84)
Otherwise we might hit a window where the coredump happens before
midnight, but we check for it after midnight, which yields no results.
E.g.:
```
$ coredumpctl --no-legend --no-pager --file system.journal
Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a
$ coredumpctl --since 23:59:55 --no-legend --no-pager --file system.journal
No coredumps found.
$ coredumpctl --since "2022-01-04 23:59:59" --no-legend --no-pager --file system.journal
Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a
```
(cherry picked from commit 1b51599f29d245f2214349498bf2c1f0aa36873f)
The previous message was confusing errors. When we're rotating because
we've reached the file size limit, let's log a better message.
Fixes#22007.
(cherry picked from commit eff79e4e22e7c745fea259c4414f685363d9f16a)
This fixes a bug introduced by 0c674ce5f24a6e52561ec6520e43a1ca45d90f01.
Fixes#22004.
(cherry picked from commit e37d30f334830fab4decd52ef3c17fa09b7b0d92)
The check was added in 77547d5313ea916d2fb64ca5a8812734e9b50f92, but
it doesn't work as expected. Because the second part is wrapped in Optional(),
it would silently "succeed" when the lowercase digits were in the second part:
>>> from parse_hwdb import *
>>> g = 'v' + upperhex_word(4) + Optional('p' + upperhex_word(4))
>>> g.parseString('v04D8pE11C*')
(['v', '04D8', 'p', 'E11C'], {})
>>> g.parseString('v04D8pe11c*')
(['v', '04D8'], {})
The following matches are OK:
usb:v0627p0001:*QEMU USB Keyboard*
usb:v0627p0001:*
usb:v0627p0001*
usb:v0627*
(cherry picked from commit 1a37237e2ffe6dfe142224a9d9e8b24135e93244)
The code assume that meson's cpu_family can be mapped directly to
'-D__<cpu_family>__'. This works in a surprising number of cases, but not for a
few architectures. PPC uses "powerpc", and RISC-V omits the trailing underscores.
ARM and RISC-V require a second define too.
Fixes#21900.
(I don't think this matters too much: we need *something* so that gnu/stubs.h
can be successfully included. But we don't actually call syscalls or depend too
much on the host environment, so things should be fine as long as we don't get
a compilation error.)
(cherry picked from commit e897b07f97cf25e092a4cc8e1144e06564b45d53)
When the support for "synthetic errno" was added, we started truncating
the errno value to just the least significant byte. This is generally OK,
because errno values are defined up to ~130.
The docs don't really say what the maximum value is. But at least in principle
higher values could be added in the future. So let's stop truncating
the values needlessly.
The kernel (or libbpf?) have an error where they return 524 as an errno
value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would
confusingly truncate this to 12 (ENOMEM). It seems much nicer to let
strerror() give us "Unknown error 524" rather than to print the bogus
message about ENOMEM.
(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93)
The COREDUMP_EXE attribute is "optional", i.e. we continue to process the
crash even if we didn't acquire it. The coredump generation code assumed
that it is always available:
#5 endswith at ../src/fundamental/string-util-fundamental.c:41
[ endswith() is called with NULL here, and an assertion fails. ]
#6 submit_coredump at ../src/coredump/coredump.c:823
#7 process_socket at ../src/coredump/coredump.c:1038
#8 run at ../src/coredump/coredump.c:1413
We use the exe path for loop detection, and also (ultimately) pass it to
dwfl_core_file_report(). The latter seems to be fine will NULL, so let's just
change our code to look at COMM, which should be more reliable anyway.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2036517.
(cherry picked from commit c790632cabf5691b0910fc6b7a5c6af31a7786aa)
The flag is now only used in test-sysctl-util.c, and it should be
replaced with uname(), because of the same reason as the previous
commit.
(cherry picked from commit 9383fa08bd263277d9a17a8999c3497458f273e3)
Previously, sethostname_idempotent_full() calls gethostname_full() with
GET_HOSTNAME_ALLOW_NONE and GET_HOSTNAME_ALLOW_LOCALHOST flags. That
intended to get any values set by kernel. But, that does not work, as
the hostname may be empty.
Let's simplify the logic. The function sethostname_idempotent_full()
intends to set the requested hostname only when the current hostname
is different from the requested one. So, no check in getostname_full()
is required. Hence, simply use the result of uname() here.
Fixes#21896.
(cherry picked from commit d8d6b2275f7b7a5b58c6b0d89b78c927333c6af9)
Not aligning these can create gaps in the section table. Some
firmware does not handle this nicely resulting in secure boot
signature fails.
Using objcopy ensures that any new sections in the future will be
properly aligned.
Fixes: #21956
(cherry picked from commit 75747c8a399967fa5d815a8f70f724436d035652)
This fixes a bug introduced by eaba9bb3e69635d2c490c5e1b0d262b763753e1d.
The commit mistakenly drops 'x' in ID_NET_NAME_MAC, and adds colons.
The colons were dropped by the commit dfa4876c417e2a9935d58100d44d94bb41cd5bfb,
but the missing 'x' was not added at that time.
Follow-up for dfa4876c417e2a9935d58100d44d94bb41cd5bfb.
(cherry picked from commit 60e930fc3e6eb8a36fbc184773119eb8d2f30364)
Meson would generate the following compile test:
#define crypt_set_metadata_size meson_disable_define_of_crypt_set_metadata_size
#include <limits.h>
#undef crypt_set_metadata_size
#ifdef __cplusplus
extern "C"
#endif
char crypt_set_metadata_size (void);
#if defined __stub_crypt_set_metadata_size || defined __stub___crypt_set_metadata_size
fail fail fail this function is not going to work
#endif
int main(void) {
return crypt_set_metadata_size ();
}
This works fine when the identifier being queried is an actual function. But
crypt_token_max() is an inline function, so getting the address would fail,
leading to a false negative result. Complation would fail because the function
would be defined twice.
With this patch, the check is changed to include the header:
#include <libcryptsetup.h>
#include <limits.h>
#if defined __stub_crypt_set_metadata_size || defined __stub___crypt_set_metadata_size
fail fail fail this function is not going to work
#endif
int main(void) {
void *a = (void*) &crypt_set_metadata_size;
long long b = (long long) a;
return (int) b;
}
which seems to work correctly.
(cherry picked from commit aac8071730bd0bca3c2289bda628b1ef7a2591d2)
But handle them gracefully. Otherwise, when the route to the address is
being configured, kernel refuse the route.
Note that kernel's wireguard module handle e.g. 192.168.10.3/24 as
192.168.10.0/24.
Fixes#21929.
(cherry picked from commit af670fc635d1b7cd987fdb1acaf35d74c370e73f)
This also fixes the pointer assigned to the gr_mem element of struct group.
Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534.
Fixes#21935.
(cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636)
Before:
$ systemd-run --service-type=notify --user false
Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code.
See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details.
After:
$ systemd-run --service-type=notify --user false
Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code.
See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details.
Fixes https://github.com/systemd/systemd/issues/21933
(cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f)
The data seems to be properly aligned in real BCD stores, so it
should be fine to just reject bad ones.
Fixes: #21917
(cherry picked from commit 1cadb35fd68f0255e50627dffd25c83e7e2081e5)
This fixes a bug introduced by 6d9326595592f98e8126eacb4176acd8c3516d5c.
The commit makes several functions skipped if the manager is already
in finished state, as
> In manager_check_finished(), more steps are skipped if MANAGER_IS_FINISHED().
> Those steps are idempotent, but no need to waste cycles trying to do them
> more than once.
However, the idle pipe may be re-opened after manager is finished:
manager_dispatch_run_queue() -> manager_watch_idle_pipe().
So, the closing the pipe is not idempotent here.
Fixes#21889.
(cherry picked from commit 9c1b17c3dc1541df02118ee3aaf6dd5dd540cdc2)
