IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes https://github.com/systemd/systemd/issues/28514.
Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486:
> Whenever PAM is enabled for a service, we set up the PAM session and then
> fork off a process whose only job is to eventually close the PAM session when
> the service dies. That services we run with service privileges, both to
> minimize attack surface and because we want to use PR_SET_DEATHSIG to be get
> a notification via signal whenever the main process dies. But that only works
> if we have the same credentials as that main process.
>
> Now, if pam_systemd runs inside the PAM stack (which it normally does) it's
> session close hook will ask logind to synchronously end the session via a bus
> call. Currently that call is not accessible to unprivileged clients. And
> that's the part we need to relax: allow users to end their own sessions.
The check is implemented in a way that allows the kill if the sender is in
the target session.
I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to
be a convenient reproducer.
Before:
May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully.
May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied
May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope...
May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope.
May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit.
May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151.
After:
May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope...
May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope.
May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit.
May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153.
Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598.
It seems that with the call to ReleaseSession, we wait for the pam session
close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession
in pam_systemd, and things block on that, nothing is killed prematurely.
(cherry picked from commit fc0bb7ccc763ec79efe7a8a58220e9bc80f34f81)
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=2221337.
(cherry picked from commit 97ad9a336a7f121770e6b74e8411da7278847d4f)
This tmpfiles.d wants to write to sysfs, which is read-only in containers,
so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn
if the selinux policy package is instealled. Mask it, as it's not our
config file, we don't need it in the test.
(cherry picked from commit 6fd3496cfd0d28808b5489ee87f826c2130f5f0b)
(cherry picked from commit 2d975f64d40cff41f36792d92dde65a65fb0dd9d)
(cherry picked from commit 37e27eeec811af0a2d8f86b2b241669ef9ed31fa)
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture. Adding it fixes
the syscall being rejected in arm32 containers.
Fixes#35194
(cherry picked from commit 7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c)
(cherry picked from commit 964ced4100fb5f5b5d41b988512f681a1b0b20f7)
(cherry picked from commit 8bf58cddbfd6e9e1d6ebe1bedc5c821bb5b359b5)
We usually want to use "extended booleans" for cases like this, i.e.
that "off", "no" and "0" can be used interchangably for turning
something off.
(cherry picked from commit 62f3e2f84aa3413081fc1c1e1c3074fc9aeedbc9)
(cherry picked from commit 7a307c5939b0787727b144197090a0ae34cbd813)
(cherry picked from commit 4b384a35349624547b07ab4a33d8100306e79b01)
Otherwise the root inode will typically have what mkdtemp sets up, which
is something like 0700, which is weird and somewhat broken when trying
to look into containers from unpriv users.
(cherry picked from commit c18a1024643809c8f28799900af4e6202623f934)
(cherry picked from commit b4db0ca7534c12002717b3f198ae39907a078024)
(cherry picked from commit 65dca61ca06aa303413565f6d8e5009b5f7e2edb)
When registering we condition this on "arg_register". Let's do the same
when unregistering, otherwise we might end up trying to unregister a
machine we never registered.
(cherry picked from commit 0790f4e45f2f8c094bf929aa1fcaf4c7e9dbb001)
(cherry picked from commit 6f346ef75635b549166d1be04b1dcb620f1b724c)
(cherry picked from commit 85804e690d3531ca7582e7b9f52ca9cb1b9c9b6c)
When determining the poll events to wait for we need to take the queue
of pending messages that carry fds into account. Otherwise we might end
up not waking up if such an fd-carrying message is enqueued
asynchronously (i.e. not from a dispatch callback).
(cherry picked from commit 7b4b3a8f7b76f266438fafb225b7980db68a276e)
(cherry picked from commit b2751b9ae97704ca75fddf2dd79b3ad2605bf629)
(cherry picked from commit 03d691f8b74d25fc3bea3bd26fc7fe1e864121f7)
This page contains many short example codes. I do not think we should
add SPDX-License-Identifier for all codes.
Closes#35356.
(cherry picked from commit 6046cc3660810efcc6fe50b1c850ea642218245b)
(cherry picked from commit 6f2483eed8d790b94945aece37833c3604e3fc11)
(cherry picked from commit cb1077c9aa7779f35b3f5f8b5d226925079eb495)
Similar to c5ecf0949460dd0bf3211db128a385ce6375252e, but for io event source.
Fixes#35322.
(cherry picked from commit 5b2926d9414f4333153ebe0bf169e1dd76129119)
(cherry picked from commit ce997e944f66da452ed01b86b838508ee132abb7)
(cherry picked from commit 5749fc1b29702dffaf5b548df357891d8486376d)
It's the PID that is wrong, not the UID/GID, be precise.
(cherry picked from commit 95116bdfd5d45cc1a7c6588e6b8bdcb0d0e007a6)
(cherry picked from commit 95c20d0b627654626924eadaf65bc1825bb38701)
(cherry picked from commit 5b6e91434eb6b253514516044e372f744ac2e364)
Otherwise, the ioctl() may fail with EBUSY.
Follow-up for b4b66b26620bfaf5818c95d5cffafd85207694e7.
Hopefully fixes#35243.
(cherry picked from commit b76730f3fe0e824db001b38c8ea848302be786ee)
(cherry picked from commit b30364a0378881c6f0d0ff3124f56f4da989d91c)
(cherry picked from commit bb1823d3ffcf432b5175ef24049b65e7b348705b)
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.
(cherry picked from commit 5598454a3f8fc13257e0313d999e6ac9684082e1)
(cherry picked from commit eb841e9b8eb5ec47c46617b288135b2119694ea0)
(cherry picked from commit 59d4a05e3bfcce8cf495e0e39e29f36849273c68)
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
(cherry picked from commit e412fc5e042b8f642bcba42f5c175124583e05ae)
(cherry picked from commit aed4e9045656eb7934e3171a6fe442f7df4c4180)
(cherry picked from commit 421c23f4fae2522f0ed9fc094836303b8faadc83)
systemd-sysext has the same check, but it was forgotten for confexts.
Needed to activate confexts from the ESP in the initrd.
(cherry picked from commit fe077a1a582a43a6378ff29452a373cc7d393764)
(cherry picked from commit fec28cb4f94c033f42480b0b99ac30bd2bdae046)
(cherry picked from commit a95efebffcfd61a7be7af9c99be658f565498f85)
(cherry picked from commit a04d42821bb5350b0ffa82834e50e9b679279854)
(cherry picked from commit 03b993a9bfd97d42ebc0b3713e583c806c89e632)
(cherry picked from commit acb760fbe811781dcc262c59ac3c5a540fd10531)
```
$ systemd-cryptenroll /dev/vda3
SLOT TYPE
0 password
$ systemd-cryptenroll --wipe-slot 1 /dev/vda3
Failed to wipe slot 1, continuing: No such file or directory
```
(cherry picked from commit 2b251491debf9cab695f5f34da9908ca46f085fe)
(cherry picked from commit 4a3d55a032053525ab331e4af6f95ec2dc053ee9)
(cherry picked from commit ade617cf3db3844bcd9cb3beccfc1f978bdf3a94)
"systemctl status systemd-logind" otherwise looks a bit weird, since the
tasks and the fdstore lines are so close to each other but formatted
quite differently when it comes to coloring.
(cherry picked from commit 54646b1ca95373dfa3ebe5d6e7e27deeed9e77b0)
(cherry picked from commit ff4b66be4a35fd21ef001bbf6492e3e1f837ee1c)
(cherry picked from commit e00cc22e30b61b3e2e6b50bea3c569dd7c48c42d)
(cherry picked from commit bae936b418e08063b68c95f4df53c3cd4f70e881)
(cherry picked from commit bdf3f9b8f274d958befa54c95811910013b39a80)
(cherry picked from commit 809b265172dd391e7fe4c105e5979e07b832a180)
We use the $WATCHDOG_USEC variable for two very closely uses: as part of
the sd_watchdog_enabled() protocol for implementing service watchdogs.
And as part of the protocol between the service manager and
systemd-shutdown across the PID 1 execve() transition during shutdown.
Apparently some exitrds tools got confused by the latter use. Let's
address that by setting $WATCHDOG_PID to 1, in accordance to the
sd_watchdog_enabled() protocol to make clear this is only intended for
PID 1 and nothing else.
Replaces: #35135
(cherry picked from commit 4b20ae9a0e914e61d6bac095e5fc9664510ac03e)
(cherry picked from commit cf7b3cc18225ef8824f9cac9c88b7ea0b0dce3cd)
(cherry picked from commit cab88476b2b00693463992c051a0464f6bba7c85)
The mkosi action.yaml links systemd main, and instealls an hard-coded
set of binaries. ukify now depends on the new systemd-keyutil, which
cannot be in that list. Link it manually.
(cherry picked from commit 8f24348e7216d67548f931a9258363deebfbaa18)
The test does not work on older releases, so revert the change as we
cannot validate it properly.
This reverts commit 3888d11d2da1d6b63d321cfbd93086e1222dcad5.
(cherry picked from commit 3e302689c386b7cc800239c80578b96068dcc711)
Follow-up for efedb6b0f3cff37950112fd37cb750c16d599bc7.
Closes#35116.
(cherry picked from commit 985ea98e7f90c92fcc0b8441fafb190353d2feb8)
Really rewritten from scratch.
(cherry picked from commit 04ee5e25a1082d4c6c0c52a154d5ad5fc959a853)
(cherry picked from commit 45b39f98c9abfcf305641d697392aacbf5e022d0)
(cherry picked from commit 2a774f064815573efc33d43dfe3548590e42e9c2)
(cherry picked from commit 56cc8acf45dbff227d1713d509bc3b71386df5d8)
(cherry picked from commit 2e956d084024b7cc984528719e866b3d9f2f59eb)
(cherry picked from commit 9eee6b1b3f00d46459eebefb70be50ea6af30ddb)
(cherry picked from commit f3baba94425e6ccaf7a672903148dbb2b9e022f7)
(cherry picked from commit be571ff64808c30c1d5566600c86084768138bc4)
Let's put a time-out on this syncing.
Inspired-by: #34289#34283
(cherry picked from commit b4b66b26620bfaf5818c95d5cffafd85207694e7)
(cherry picked from commit dbf933478f16d68b61150b845c4f897ae3b7a91a)
(cherry picked from commit 74667d46bacfb13f04d53e1dbbfdbcd06f319622)
This is preparation for reusing the logic for syncing DM and other
devices with a timeout applied.
(cherry picked from commit 13b5225d6278af15e84ebd1889f04cfe81b47787)
(cherry picked from commit 05df6c341951e40aca02cb116002b05ec2a26c16)
(cherry picked from commit be91329e17b338f60d52b552f554ff6ba5574bed)
Also, ignore the error on caller's side.
(cherry picked from commit 758760a3610e3c6674de8a1d51b12b991eafef7c)
(cherry picked from commit 489cf962ada63e3d26d8f91b589aff170bc65317)
(cherry picked from commit f11fa8399c7a8a55e830888d754480fde5e220f6)
Outside of x86, some machines (e.g. Apple silicon, AMD Opteron A1100) have
physical memory mapped above 4GiB, meaning this allocation will fail, causing
the entire boot process to fail on these machines.
This commit makes it so that the below-4GB address space allocation requirement
is only set on x86 platforms, and not on other platforms (that don't have the
specific Linux x86 boot protocol), thereby fixing boot on those that have no
memory mapped below 4GiB in their address space.
Tested on an Apple silicon M1 laptop and an AMD x86_64 desktop tower.
Fixes: #35026
Manual backport of 6e207b370e91e681efb08c497a6c8ad78e3c8d83.
(cherry picked from commit a9d9db7f4e4a75f6dbda5c31fbbf325eff9d63b4)
(cherry picked from commit 8923d937684dba17a84dc3693e77adeb4a4f4ec8)
The concept of synthetic errnos is about logging, which
is irrelevant irt bus error and we don't do any special
treatment in sd-bus for them, meaning the value propagated
would be spurious.
(cherry picked from commit 2f2058da0b88535cb3a95fc98e7b2f1ae4d35601)
(cherry picked from commit 018c7fb18ae8aff5414d5e74cb41fb98b72c0554)
(cherry picked from commit 39c2b7fd58d4b96fc4f5fe0d5ebbfcc3cf1c3f80)
It seems there is no restriction for local and remote addresses.
Fixes#34930.
(cherry picked from commit 5e48fd0506ed6212c9db2276d5845ab77aa9bce4)
(cherry picked from commit 3093ac05abcaf5a43f75ec1d5702ed226cc3ce31)
(cherry picked from commit 81c84336f47e1bcfa3b63ae4eb3889e249537e64)
`loginctl kill-session --kill-whom=leader <N>` (or the D-Bus equivalent)
doesn't work because logind ends up calling `KillUnit(..., "main", ...)`
on a scope unit and these don't have a `MainPID` property. Here, I just
make it send a signal to the `Leader` directly.
(cherry picked from commit 8254755091847105c33e473c62cdc7621ed275bc)
(cherry picked from commit c89c5d04f33dbc5c6dfb67b8bc58cbd3d924b434)
(cherry picked from commit 80efb1da3f073daec9f84dd83571a7b98451f953)
To keep align with the logic used in udev_rules_parse_file(), we also
should skip the empty udev rules file while collecting the stats during
manager reload. Otherwise all udev rules files will be parsed again whenever
reloading udev manager with an empty udev rules file. It's time consuming
and the following uevents will fail with timeout.
(cherry picked from commit 2ae79a31b7c7947e2c16e18eb85ac5607ebc40b6)
(cherry picked from commit 688eb20fdb9c4bcc6d205323f9cec119d6273169)
(cherry picked from commit 484d31a58d7b820fa83a70a9f654b907130eec75)
Processes can easily survive the first kill operation we execute, hence
we shouldn't make strong claims about them having exited already. Let's
just say "likely" hence.
Fixes: #15032
(cherry picked from commit ac804bc2f8d814d2afcdccd88f7469ac320da1c8)
(cherry picked from commit 307a6332a63dd0f6addbc5c77d21f72ce4578070)
(cherry picked from commit b38386ae2bff5cc55a83094a625a026e23a69e0c)
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.
Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
(cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890)
(cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1)
(cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa)
(cherry picked from commit c53df275d512a219806a181de3bd57f02dc38dab)
(cherry picked from commit 59f5de450a99d876d3af17d6430779976d1d8af4)
(cherry picked from commit ef1982e1e7b7689e89ea2d435d4369d053419c71)
log_info appears to be the preferred method to convey information from
tests. Convert all the printfs to log_info to follow this standard.
(cherry picked from commit 38557d9ffbc6351b8980faf90d54619790436d43)
(cherry picked from commit 4ea84288480115f7175a8cfc61d03e3a712396b8)
(cherry picked from commit cfa083d450b2cd21676651d9489fbcf4dfd1b9f1)
Users will generally know what a qrcode is, so let's not treat them as dumb and
explain that it can be scanned. OTOH, we should say what the qrcode contains
and it is useful to give a hint why the users would want to scan it. Reword
messages accordingly.
(Also, don't say "to your phone", when somebody might be using a stolen phone,
or something else then a phone.)
(cherry picked from commit 10faa40ba781cf499258a3b37de02dd643822dc6)
(cherry picked from commit fefd60bf7ad9f361c85395ab38f10482f3007f15)
(cherry picked from commit 4ca8f5e68dc86606890806d7c17ae71d17e1cd9a)
Otherwise, with recent additions, the MAINPIDFDID= generated by
systemd-notify would mismatch with overridden MAINPID=.
(cherry picked from commit c3ecb747f1e35f609f15fc94ad4d5e5ca0bda4a2)
(cherry picked from commit b2496d151ae093974e6ecd3a6b3299e1ba5f3e23)
(cherry picked from commit e0bb603e3e9f6c44af9126b65961851f04f6b339)
This makes it easier to diagnose why colors are disabled.
(cherry picked from commit b137b2979868e2de5fb5c26e90bacee33597b8e7)
(cherry picked from commit bbdb5f97a96e5942bb055770366e0d48c3ee8540)
(cherry picked from commit f120804bb746113d911e8bdf53616aa21a6ecf6b)
The journal handles multi-line messages nicely, and they are easier
to read. Drop the recycling symbol, there is no circular process here,
we go from a to b and never back to a again.
(cherry picked from commit bb56c27fc81da2777cd7064a0b88ca011eced509)
(cherry picked from commit 6a4ff7a5c1591f8fe1aa3a3ab435d01e30c08b81)
(cherry picked from commit bf6dd565d2073a34c0bc1714adb832fe2b993de6)
