IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I expected this to work, but our tests did not cover this
explicitly.
(cherry picked from commit 8eb491f499)
(cherry picked from commit 7c0ac515c8)
(cherry picked from commit 36c35e765d)
This effectively reverts commit ff86c92e30,
and re-apply 49f3ee7e74.
The change was dropped due to the process name was not correctly logged,
but the issue was fixed by dd15e4cb57.
Let's set the child process name again.
(cherry picked from commit e955a7f460)
(cherry picked from commit 62055cfd4b)
(cherry picked from commit a87c01d202)
Our logging uses program_invocation_short_name. Without this patch,
logs from forked client may become broken; spuriously truncated or
the short invocation name is not completely shown in the log.
(cherry picked from commit dd15e4cb57)
(cherry picked from commit ce4726468d)
(cherry picked from commit 7a862d9d1a)
If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL.
If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL)
which segfaults pid 1.
This is triggered by eg. "systemctl status crond" in RHEL9 if
/etc/systemd/system/crond.service
-> /ram/etc/systemd/system/crond.service
-> /usr/lib/systemd/system/.crond.service.blah.blah
-> /usr/lib/systemd/system/crond.service
(cherry picked from commit 19cfda9fc3)
(cherry picked from commit 015b0ca928)
(cherry picked from commit 9a906fae89)
In https://bugzilla.redhat.com/show_bug.cgi?id=2156900 sysusers was reporting a
conflict between the following lines:
u root 0:0 "Super User" /root /bin/bash
u root 0 "Super User" /root
The problem is that those configurations are indeed not equivalent. If group 0
exists with a different name, the first line would just create the user, but the
second line would create a 'root' group with a different GID. The second
behaviour seems definitely wrong. (Or at least more confusing in practice than
the first one. The system is in a strange shape, but the second approach takes
an additional step than is worse than doing nothing.)
When this line was initially added, we didn't have the uid:gid functionality for
'u', so we didn't think about this too much. But now we do, so we should use it.
$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'g foobar 0'
Creating group 'foobar' with GID 0.
$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0 "Zuper zuper"'
src/sysusers/sysusers.c:1365: Creating group 'root' with GID 999.
src/sysusers/sysusers.c:1115: Suggested user ID 0 for root already used.
src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 999 and GID 999.
vs.
$ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0:0 "Zuper zuper"'
src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 0 and GID 0.
(cherry picked from commit 49bb7fe5f8)
(cherry picked from commit 8ad3d68acd)
(cherry picked from commit c8b6bc7530)
Despite popular belief, the default file extracted by GNU tar is not stdin. It
is the value of the TAPE environment variable, falling back on a compile-time
constant. On my system, the default value is /dev/full, which causes tar to
just spin forever due to --ignore-zeros. Always specifying this flag is the
safe thing to do.
~$ tar --show-defaults
--format=gnu -f/dev/full -b20 --quoting-style=escape
--rmt-command=/usr/sbin/grmt
See also: ``(tar)defaults'', available via Info viewers, and in HTML form at:
https://www.gnu.org/s/tar/manual/html_node/defaults.html
(cherry picked from commit 181eea677d)
(cherry picked from commit 817b8441c4)
(cherry picked from commit 48f3e2d5c5)
If we receive a header only message, and the server is running in relay
mode, then the assertion was triggered.
Fixes#26151.
(cherry picked from commit b52031dbbc)
(cherry picked from commit 7aeb2a8d4e)
(cherry picked from commit 41fdc8ed32)
If we don't have CAP_NET_BIND_SERVICE, we won't be able to bind
the stub listener socket, so let's skip creating it and log a warning.
We do the same for the extra stubs if they're configured on privileged
ports.
(cherry picked from commit 0398c084ef)
(cherry picked from commit ab877f7072)
(cherry picked from commit 2a36784277)
If we're in a user namespace but not unsharing the network namespace,
we won't be able to bind any privileged ports even with
CAP_NET_BIND_SERVICE, so let's drop it from the retained capabilities
so services can condition themselves on that.
(cherry picked from commit 2642d22adc)
(cherry picked from commit 3a49291f4b)
(cherry picked from commit 5037e0d27b)
Add a test that verifies a deleted alternative name is restored on error
in rtnl_set_link_name().
(cherry picked from commit b338a8bb40)
(cherry picked from commit 7299341bd1)
(cherry picked from commit 37df773b23)
If a current alternative name is to be used to rename a network
interface, the alternative name must be removed first. If interface
renaming fails, restore the alternative name that was deleted if
necessary.
(cherry picked from commit 4d600667f8)
(cherry picked from commit 42d8817bd6)
(cherry picked from commit a536073a62)
Commit 434a348380 ("netlink: do not fail when new interface name is
already used as an alternative name") added logic to set the old
interface name as an alternative name, but only when the new name is
currently an alternative name. This is not the desired outcome in most
cases, and the important part of this commit was to delete the new name
from the list of alternative names if necessary.
(cherry picked from commit 080afbb57c)
(cherry picked from commit 3dc5b19f10)
(cherry picked from commit facb873e6f)
When configuring a link's alternative names, the link's new name to-be
is not allowed to be included because interface renaming will fail if
the new name is already present as an alternative name. However,
rtnl_set_link_name will delete the conflicting alternative name before
renaming the device, if necessary.
Allow the new link name to be set as an alternative name before the
device is renamed. This means that if the rename is later skipped (i.e.
because the link is already up), then the name can at least still be
present as an alternative name.
(cherry picked from commit d0b31efc1a)
(cherry picked from commit 7918496dcf)
(cherry picked from commit ba896a6de0)
This ensures that cg_kill_items returns the correct value to let the
manager know that a process was killed.
(cherry picked from commit 500cd2e83b)
(cherry picked from commit 86686e4292)
(cherry picked from commit 64d7289214)
Linux kernel's bpf-next contains BPF LSM support for s390x. systemd's
test-bpf-lsm currently fails with this kernel.
This is an endianness issue: in the restrict_fs bpf program,
magic_number has type unsigned long (64 bits on s390x), but magic_map
keys are uint32_t (32 bits). Accessing magic_map using 64-bit keys may
work by accident on little-endian systems, but fails hard on big-endian
ones.
Fix by casting magic_number to uint32_t.
(cherry picked from commit 907046282c)
(cherry picked from commit f62e7b4704)
(cherry picked from commit 25cb55890e)
RFC3442 specifies option 121 (Classless Static Routes) that allow a DHCP
server to push arbitrary routes to a client. It has a Local Subnet
Routes section expliciting the behavior of routes with a null (0.0.0.0)
gateway.
Such routes are to be installed on the interface with a Link scope, to
mark them as directly available on the link without any gateway.
Networkd currently drops those routes, which is against the RFC, as
Linux has proper support for such routes.
Fixes: 7f20627 ("network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network")
(cherry picked from commit 1d84a3c779)
(cherry picked from commit b0f514ba56)
(cherry picked from commit ee6475d318)
"resolvectl status" shows per-link DNS servers separately from global
ones. When querying the global list, it will contain both per-link and
global servers however. Thus, to not show duplicate info we filter all
entries that actually have a non-zero ifindex set (under the assumption
that that's a per-link server).
This doesn't work if people configured 127.0.0.1 as global server
though, as we'll add ifindex 1 to it since
6e32414a66 unconditionally even for global
servers.
Let's address that by excluding entries with ifindex 1 from suppression.
This is safe as resolved ignores loopback ifaces, hence never will have
per-link servers on ifindex 1.
Note that this splits up the "with_ifindex" parameter into a second
parameter "only_global", since they semantically do two different
things. One controls whether we shall expect/parse an ifindex dbus
field. The other controls whether we shall filter all ifindex values set
!= 0. These are effectively always used in conjunction hence making them
the same actually worked. However this is utterly confusing I think,
which as I guess is resulting in the confusion around #25796 (which
removes the whole check)
Replaces: #25796
(cherry picked from commit 889a1b9f4e)
(cherry picked from commit b71ade8779)
(cherry picked from commit fa04709a3d)
This ensures that udev scripts using `TAG-="..."` and expecting later
udev rules to honor it will work properly. An use case is removing the
`uaccess` tag from a device without overriding the original file and
ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later.
(cherry picked from commit 3102499039)
(cherry picked from commit 7d4ea095d5)
(cherry picked from commit ca948c9601)
The text said /dev/tty* as a whole was the VT subsystem and that VT is
not supported in containers.
But that's not accurate as /dev/tty* will match /dev/tty too and that
one device node is special and is not related to VT: it always points to
the current process own controlling tty, regardless what that is.
hence, rewrite /dev/tty* as /dev/tty[0-9]*.
(cherry picked from commit 6ae5c39af1)
(cherry picked from commit f3d620f5d2)
(cherry picked from commit b4e56b13a9)
We want to make use of that when formatting file systems, hence let's
pull in these modules explicitly.
(This is necessary because we are an early boot service that might run
before systemd-tmpfiles-dev.service, which creates /dev/loop-control and
/dev/mapper/control.)
Alternatively we could just order ourselves after
systemd-tmpfiles-dev.service, but I think there's value in adding an
explicit minimal ordering here, since we know what we'll need.
Fixes: #25775
(cherry picked from commit ce7dcfd6b0)
(cherry picked from commit 3856b97f8b)
(cherry picked from commit 208153c32b)
The test depends on /sys being writable, so let's skip it when /sys
is read-only.
(cherry picked from commit 34b5977015)
(cherry picked from commit 4dc37994e2)
(cherry picked from commit 0acf4d71e0)
linux/btrfs.h needs to be included after sys/mount.h, as since [0]
linux/btrfs.h includes linux/fs.h causing build errors:
```
In file included from /usr/include/linux/fs.h:19,
from ../src/basic/linux/btrfs.h:29,
from ../src/partition/growfs.c:6:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
35 | MS_RDONLY = 1, /* Mount read-only. */
| ^~~~~~~~~
[1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o
ninja: build stopped: subcommand failed.
```
See: https://github.com/systemd/systemd/issues/8507
[0] a28135303a
(cherry picked from commit ed614f17fc)
(cherry picked from commit 8f84df0da3)
(cherry picked from commit 1fc632e151)
IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's
reflect that change to fix build with newer kernels:
```
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10:
../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror]
16 | #define IPPROTO_L2TP 115
|
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3:
/usr/include/netinet/in.h:85: note: this is the location of the previous definition
85 | #define IPPROTO_L2TP IPPROTO_L2TP
|
cc1: all warnings being treated as errors
```
When at it, update the rest of the headers we ship as well.
[0] 65b32f801b
(cherry picked from commit a95ff98ec4)
(cherry picked from commit 240513ceca)
(cherry picked from commit 4bc291c1d4)
If we add a drop-in for init.scope (e.g.: to set some memory limit),
it will be loaded long after the cgroup has already been realized.
Do it again when creating the special unit.
(cherry picked from commit 020b2e41ea)
(cherry picked from commit 786b7a7208)
(cherry picked from commit ffa329c45c)
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:
```
[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[ 226.332965] testsuite-71.sh[576]: + set +ex
[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[ 228.910782] sh[577]: + systemctl poweroff --no-block
[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 237.931415] systemd[1]: Failed to start testsuite-71.service.
[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[ 238.181030] systemd[1]: Reached target testsuite.target.
```
Let's override the timeout in sd-bus as well to mitigate this.
Follow-up to c78d18215b.
(cherry picked from commit e0cbb73911)
(cherry picked from commit e4ed752f23)
(cherry picked from commit f69dc64d38)
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
(cherry picked from commit b9f976fb45)
(cherry picked from commit 80e8340ec4)
(cherry picked from commit fd260cb37e)
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.
Fixes#25984.
(cherry picked from commit 841dfd3dc0)
(cherry picked from commit a674a398e7)
(cherry picked from commit 088d6c8521)
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
(cherry picked from commit 218cfe2335)
(cherry picked from commit 25e30725d7)
(cherry picked from commit 48251e428f)
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2). This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.
This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.
Non-root users can now create per-user credentials with:
export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
systemd-creds setup
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f27)
(cherry picked from commit 432ec5a654)
(cherry picked from commit d7c8b1b709)
CURLOPT_PROTOCOLS [0] was deprecated in libcurl 7.85.0 with
CURLOPT_PROTOCOLS_STR [1] as a replacement, causing build warnings/errors:
../build/src/import/curl-util.c: In function ‘curl_glue_make’:
../build/src/import/curl-util.c:255:9: error: ‘CURLOPT_PROTOCOLS’ is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations]
255 | if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK)
| ^~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/curl-util.c:6:
/usr/include/curl/curl.h:1749:3: note: declared here
1749 | CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181,
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since there's no grace period between the two symbols, let's resort
to a light if-def-ery to resolve this.
[0] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html
[1] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html
(cherry picked from commit e61a4c0b7c)
(cherry picked from commit 14f573175a)
(cherry picked from commit 4768110a2e)
CURLINFO_PROTOCOL has been deprecated in curl 7.85.0 causing compilation
warnings/errors:
../build/src/import/pull-job.c: In function ‘pull_job_curl_on_finished’:
../build/src/import/pull-job.c:142:9: error: ‘CURLINFO_PROTOCOL’ is deprecated: since 7.85.0. Use CURLINFO_SCHEME [-Werror=deprecated-declarations]
142 | code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
| ^~~~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/pull-job.h:6,
from ../build/src/import/pull-common.h:7,
from ../build/src/import/pull-job.c:16:
/usr/include/curl/curl.h:2896:3: note: declared here
2896 | CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME")
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since both CURLINFO_SCHEME and CURLINFO_PROTOCOL were introduced in
the same curl version (7.52.0 [0][1]) we don't have to worry about
backwards compatibility.
[0] https://curl.se/libcurl/c/CURLINFO_SCHEME.html
[1] https://curl.se/libcurl/c/CURLINFO_PROTOCOL.html
(cherry picked from commit 2285c462eb)
(cherry picked from commit 4ab37502b3)
(cherry picked from commit c2be553868)
Inspired by #25957 there's one other place where we don't guard
acl_free() calls with a NULL check.
Fix that.
(cherry picked from commit 34680637e8)
(cherry picked from commit 4dabf90526)
(cherry picked from commit d8b4ac7a17)
