IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Poll fds associated with the bus instead of hardcoding stdin/stdout.
This is consequential under socket activation, when the provided fd
should be used instead of stdin/stdout.
(cherry picked from commit 9d1c28b2d8422df700e7d94339ac6052a6755c6c)
(cherry picked from commit 59f5a4323468befbdca2bae7907219eaf8852f9a)
(cherry picked from commit a398d18e797d5b4dec6d265e753f8b688ffcd570)
(cherry picked from commit 0ae29e637c76a41d6e0ddf9f41d4c5e46b398d92)
(cherry picked from commit fb92304041cd203d2ca84cc28721dea5e1355c4e)
This effectively reverts the commit f70e5620b6ac319beac1d5ce26331bdc48d25daa,
as the entry seems to match multiple models.
Fixes#35691.
(cherry picked from commit 52a2b049476b374dea2efa22d39c5a1944125c47)
(cherry picked from commit 685de97882c3e44569b0fd2268c3cc065d9c158e)
(cherry picked from commit 75d331f22b45055a8d3c6ef7ca3b61767ccf800d)
(cherry picked from commit ffcc64601e2379deb83e756b8d5e5f38342b9937)
New version of mdadm now asks a second question, so send 'y' twice
to it in the test scripts
[ 5.253483] TEST-64-UDEV-STORAGE.sh[684]: + echo y
[ 5.254412] TEST-64-UDEV-STORAGE.sh[685]: + mdadm --create /dev/md/mdmirror --name mdmirror --uuid aaaaaaaa:bbbbbbbb:cccccccc:00000001 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm0 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm1 -v -f --level=1 --raid-devices=2
[ 5.254759] TEST-64-UDEV-STORAGE.sh[685]: To optimalize recovery speed, it is recommended to enable write-indent bitmap, do you want to enable it now? [y/N]? mdadm: Note: this array has metadata at the start and
[ 5.255085] TEST-64-UDEV-STORAGE.sh[685]: may not be suitable as a boot device. If you plan to
[ 5.255418] TEST-64-UDEV-STORAGE.sh[685]: store '/boot' on this device please ensure that
[ 5.255745] TEST-64-UDEV-STORAGE.sh[685]: your boot-loader understands md/v1.x metadata, or use
[ 5.256285] TEST-64-UDEV-STORAGE.sh[685]: --metadata=0.90
[ 5.256672] TEST-64-UDEV-STORAGE.sh[685]: mdadm: size set to 64512K
[ 5.257063] TEST-64-UDEV-STORAGE.sh[685]: Continue creating array [y/N]? mdadm: create aborted.
This is backward compatible with the older version that asks just one
question
(cherry picked from commit 16406420ea449b75e70a7dced05d7b98bc0f5376)
(cherry picked from commit b2320ced3873981f1215eddb597cfa4aad5bd1b6)
(cherry picked from commit 812725926dde76baf306eefb788a951176b33977)
(cherry picked from commit 133b50d7f1cd0c78838dd555585a9c68b857149d)
Follow-up for ff68472a20c208121b69ea13586f3105a219bc14
(cherry picked from commit 5ce8d7d83902e920a34488c4193d9bc4b5bb70ae)
(cherry picked from commit 6f30e56bf3e5272e83cff11d153ae70c3ffb7624)
(cherry picked from commit 4a9f42e19782a9d6ab8b444511fa2a319ea1a804)
(cherry picked from commit b030bfba78d06f90759226eadfded84f0543ddcf)
Previously, when /etc/locale.conf is unchanged, locales were loaded from
possibly outdated environment variable.
Fixes a bug introduced by 018befcff6b51f8a50ca232e1984d34526037241 (v253).
Fixes#35717.
(cherry picked from commit 80797bbb919b3ccde4e51b349f3ca70c1157053e)
(cherry picked from commit d00cc09bf0c23c9bb376e1280773f7996ab7820e)
(cherry picked from commit d19d42b570e0ca6101f6f35b7f2f97557c7fa80f)
(cherry picked from commit 79b3378c33ecbc52264ac795b125b1cca2316466)
unit_file_add_dependency() asserts, so check before calling it that the
type is expected, or return EINVAL to the caller.
root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1
Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC):
systemd[1]: Caught <ABRT>, from our own process.
Fixes https://github.com/systemd/systemd/issues/35882
(cherry picked from commit d87dc74e8f1a30d72a0f202e411400bab34ab55a)
(cherry picked from commit b6792202f31c4e83d23a944b845e1f17fc14f619)
(cherry picked from commit c65056e1318fe20cf9b62771ffa589abe2c21a76)
(cherry picked from commit 4d47117b05f2bd836c465c3efdee69c5a573e8d6)
Also
- use ASSERT_XYZ() macros,
- log tzname[] on failure.
(cherry picked from commit 3f1d499964abb6a4c0141d7ea8f852829880adff)
(cherry picked from commit 11d70500171ca6dbbad8ecf9b1cf0d29e1d6d1ed)
(cherry picked from commit 1d4bde5a40a9a1d4dcb89b240a1b80c226866ade)
(cherry picked from commit b07b4cee88d7565c20e5ed3ec27bb183659f7edc)
The issue is directly triggered by tzdata-2024b, where the setting of timezone
started to fail and the tests stopped passing. But those timestamps in 1/1/1970
appear to have some problems already before:
$ sudo date -s 'Thu 1970-01-01 13:00:01 WET'
Thu Jan 1 03:00:01 PM EET 1970
$ sudo date -s 'Thu 1970-01-01 12:00:01 WET'
date: cannot set date: Invalid argument
Thu Jan 1 02:00:01 PM EET 1970
$ rpm -q tzdata
tzdata-2024a-9.fc41.noarch
The same issue appears with other timezones. So move the first timestamp one
day forward to avoid the issue.
After the previous problem is solved, we also get the problem already seen
previously where the roundtrip returns a time that is off by one hour:
@86401000000 → Fri 1970-01-02 00:00:01 WET → @82801000000 → Thu 1970-01-01 23:00:01 WET
Assertion 'x / USEC_PER_SEC == y / USEC_PER_SEC' failed at src/test/test-time-util.c:415, function test_format_timestamp_impl(). Aborting.
Extend the override to suppress this.
(cherry picked from commit 3cf362f6f57b7d0b5f6b86a49316303b0dda7599)
(cherry picked from commit 43a99d49dd8af29526df5de9c00d0fdcb57171c1)
(cherry picked from commit 98cf43bf9ad6515be85a42ed49cfec0a2ba13822)
Fixes#22575, as suggested by poettering in #35514.
Intended as a workaround for some buggy routers, which refuse to send empty
replies. If systemd-resolved starts two DnsTransactions, one for A and one
for AAAA, and the domain in question has no AAAA entry, then the server will
send a reply for A and no reply for AAAA. Correct behavior for the server would
be to send an empty reply for AAAA.
systemd-resolved would previously keep retrying the AAAA transaction, and
eventually timeout the whole query, returning an error to the caller.
Now, if the server replies to one query and not another, we cut short the
timeout and return the partial result. Returning the partial result allows
the rest of the system to keep working. It matches how e.g. glibc libnss_dns
behaves.
(cherry picked from commit 0da73fab56506ff1e4f8e59c167d27961f0fbf33)
(cherry picked from commit 1748265915e09120d75766baaa4516b2779140eb)
(cherry picked from commit e65fd8eb4b559ba621e2bd802894105ac1d575da)
(cherry picked from commit 3761ffa0c925c3183337df95a4c19ba7f96bfde1)
If a specified unit does not exist, then it is definitely not masked.
Fixes#35632.
(cherry picked from commit b58b00e4c33474505009c8118d6cfdf29a2c6cb1)
(cherry picked from commit 48b404d546e6cb6d32d9cb346bbd43760311790b)
(cherry picked from commit 1461f520042dda644a0e9b1795265b72d385b142)
(cherry picked from commit 8ab5882ca8c2da09ee119ba09e460d21f838e017)
Noticed while looking at #35641
(cherry picked from commit 0543b02cf8211353c0bb1065e09614f551944a41)
(cherry picked from commit b5dc1922f9bd0a64cf17be8c503baba58bf5ba82)
(cherry picked from commit d70b87ae322d16ee7aa8c15ea567ce5499f79df3)
(cherry picked from commit 549bf6fcb7fad4d98d7776f086b952be6f1007cf)
This reverts commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4.
(cherry picked from commit 7406e0a3afafc1e1c994a88a4e988e94177e5550)
(cherry picked from commit 61e321c452309b6686b345ff3be363d37dfb21d6)
(cherry picked from commit 53fd63ac0791195756925ae4b8ac888c3b4ebf1f)
(cherry picked from commit ade1c0e23ecff32e6e743bbf935710536b915763)
When semaphore is overloaded tests can take more than 1hr, bump
timeout
(cherry picked from commit 1855064d4eb95abe6909a93f72bee46658dad36b)
(cherry picked from commit 96b9fe831f888a0e9772a33acc752ebb822357b9)
(cherry picked from commit 54387482b9ddd164853ec7ffa45f67f8a698c69b)
(cherry picked from commit 5ac9650c84e185409b016e4185bbf92f84dcfa9b)
Initialize the start of the system-wide idle time with the time logind was
initialized and not with the start of the Unix epoch. This means that systemd
will not repport a unreasonable long idle time (around 54 years at the time of
writing this), especially at in the early boot, while no login manager session,
e.g,. gdm, had a chance to provide a more accurate start of the idle period.
Fixes#35163
(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6)
(cherry picked from commit 9d36809256c6d92c6d8358769479ad2c2b695664)
(cherry picked from commit 77b963c31712ef81786fcc6623fe1b10a46b62e0)
(cherry picked from commit cd6f07effafdcb9e1c903589a8cf398cd46b8acd)
(cherry picked from commit 81e0693465402d2e72cb3ba1b28e25e3c4c0206a)
(cherry picked from commit 1fb4673a6977c6a694f786dbc6cf2ff1990794ff)
(cherry picked from commit 8f92f75ae7e87e07b63974533f7ec344291267f2)
(cherry picked from commit 543784efc384e362a7f77ffac78780fc7ba123ee)
Otherwise --help/--version/etc which exit immediately will do pointless work
(cherry picked from commit 60d23b7f4ae26d934e5748d30bb7ae956f3ad83d)
(cherry picked from commit 29cdad871ea5febb64336b43f08aab5ac15ab4cb)
(cherry picked from commit 80e4e3122dc7ee01012d9e0a5f68a3c8faa72572)
(cherry picked from commit 06b1c4b9c269ee29c15ded5be34b1064c7b8bdc9)
This is handy for debugging.
(cherry picked from commit 91713841491d0d4775566ed59f621f0f9a2413b5)
(cherry picked from commit bcf740e4a3caa32b3a920512833b68fc6d530125)
(cherry picked from commit 0a4a3a8e3f8c2daedabba8ac0d785da55263467b)
(cherry picked from commit cc110c0ce654653765cbdbe7799b9f09d8bf23f7)
This is an interesting event. Let's log about it.
(cherry picked from commit 11ee1bab60abde67cd0edc470c93c1afe10d975d)
(cherry picked from commit c189ecc7fe5039d98bbb448ab45ab0fa3842b3a3)
(cherry picked from commit 7054f66e6cd35c3fe68f3a9ba328d20e3813f4eb)
(cherry picked from commit d0684dfb9fcd81a1db9426204b44097724487225)
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
(cherry picked from commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4)
(cherry picked from commit e768cf55b19caec6c8936050b245f398aba8b884)
(cherry picked from commit 9552927230915c96d4f995b9fca49e4eb78a02ec)
(cherry picked from commit f9033baefbd86be617b75455a37ef7eecda80a38)
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
(cherry picked from commit ae2f3af63962ba6e2f67cfce07c9fee61722e30e)
(cherry picked from commit 9fad72cc52bdec7f44337b1e48c23ee15fc08d77)
(cherry picked from commit 0102ff403ee230bdd7a0c2b38463d9292fb9c0ae)
(cherry picked from commit b879b06ed1498f88a01191f4e8422976a80db344)
Document the fact that read-only properties may not have the flag
SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
flag is accepted for writable properties.
Based on the check in `add_object_vtable_internal` called by
`sd_bus_add_object_vtable` (as of the current tip of the main branch
f7f5ba019206cacd486b0892fec76f70f525e04d):
case _SD_BUS_VTABLE_PROPERTY: {
[...]
if ([...] ||
[...]
(v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).
This was implemented in the commit
adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus
concept and encode access control in object vtables") where
`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
Note however that read access is unrestricted, as PropertiesChanged
messages might send out the values anyway as an unrestricted
broadcast.
(cherry picked from commit 3ca09aa4dd57327989eceb1298754601046ac041)
(cherry picked from commit cd727031a4daafe19f491df360c512433562f469)
(cherry picked from commit f694a84faf082ce4a18cc2478d7843bb2b7e7fc4)
(cherry picked from commit 0aea62ba3364192e70f426aaf1e8596f67fdc2c3)
To reproduce, as an unprivileged user start a docker container and build
and run the unit tests inside it:
$ docker run --rm -ti debian:bookworm bash
...
/* test_close_all_fds */
Successfully forked off '(caf-plain)' as PID 10496.
Skipping PR_SET_MM, as we don't have privileges.
(caf-plain) succeeded.
Failed to fork off '(caf-noproc)': Operation not permitted
Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
Partially fixes#35552
(cherry picked from commit 630a2e7ee195ca96e102acac8df67a278a879124)
(cherry picked from commit 5573ac7d9c52bed8d38480788b02639ede3881fc)
(cherry picked from commit b8c85564906a7808bebc04a95be08c9a0635f2f5)
(cherry picked from commit 9818f55a356d424531ee97085aaae42a4116d180)
have ambient caps: yes
Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Failed to drop auxiliary groups list: Operation not permitted
Failed to change group ID: Operation not permitted
Capabilities:cap_dac_override,cap_net_raw=ep
Capabilities:cap_dac_override=ep
Successfully forked off '(getambient)' as PID 12505.
Skipping PR_SET_MM, as we don't have privileges.
Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
(getambient) terminated by signal ABRT.
src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error
Partially fixes#35552
(cherry picked from commit 058a07635f3ff70cc99943dcf4f2a079bc9c28b9)
(cherry picked from commit d80ab6aed678ed89327d86ced9fedd24b5baccd3)
(cherry picked from commit dbc8f9aa9b08ec8e04612cf85721261c21b3a346)
(cherry picked from commit 5c3f362061613c53b03bcb4ca5d633e810a16617)
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
knot:
notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
Explicitly set nsec3-salt-length=8 to silence.
(cherry picked from commit 59e5108fb4e61957cb40bb15ac7966d085d13af2)
(cherry picked from commit 1b945fb1a727f85be9230e43d2fdaf78d2567946)
(cherry picked from commit 12686f3f5aee20dbe7c4f21d6841fa87aca55eae)
(cherry picked from commit 6e5e510da7a94609bc74f5725cfc88ea239dea1a)
As gcc has trouble figuring this itself with -O2 and -Wmaybe-initialized.
(cherry picked from commit 0a87b834972c154b7f03738d165e5459f87a3352)
(cherry picked from commit 205da628190f098d8ba41696ad25d2bf11f51c40)
Follow-up for 13b67b61b3b4a5356f5d1b29b51137b8e336aa55
(cherry picked from commit 3baab23b25aa679c20b2397f2c6e0ca7b89ed14c)
(cherry picked from commit 16d3a644b70735bca2e897dcfd987b5b9cd6821f)
Let's shutdown the write end and wait for EOF from the other side
before continuing to make sure that the receiver has received all
data we sent on the socket.
(cherry picked from commit 13b67b61b3b4a5356f5d1b29b51137b8e336aa55)
(cherry picked from commit b15490ceead50dd7506ec8dbb3defbc1f93315e6)
Fixes https://github.com/systemd/systemd/issues/28514.
Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486:
> Whenever PAM is enabled for a service, we set up the PAM session and then
> fork off a process whose only job is to eventually close the PAM session when
> the service dies. That services we run with service privileges, both to
> minimize attack surface and because we want to use PR_SET_DEATHSIG to be get
> a notification via signal whenever the main process dies. But that only works
> if we have the same credentials as that main process.
>
> Now, if pam_systemd runs inside the PAM stack (which it normally does) it's
> session close hook will ask logind to synchronously end the session via a bus
> call. Currently that call is not accessible to unprivileged clients. And
> that's the part we need to relax: allow users to end their own sessions.
The check is implemented in a way that allows the kill if the sender is in
the target session.
I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to
be a convenient reproducer.
Before:
May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully.
May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied
May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope...
May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope.
May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully.
May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit.
May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151.
After:
May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope...
May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully.
May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope.
May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit.
May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153.
Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598.
It seems that with the call to ReleaseSession, we wait for the pam session
close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession
in pam_systemd, and things block on that, nothing is killed prematurely.
(cherry picked from commit fc0bb7ccc763ec79efe7a8a58220e9bc80f34f81)
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=2221337.
(cherry picked from commit 97ad9a336a7f121770e6b74e8411da7278847d4f)
This tmpfiles.d wants to write to sysfs, which is read-only in containers,
so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn
if the selinux policy package is instealled. Mask it, as it's not our
config file, we don't need it in the test.
(cherry picked from commit 6fd3496cfd0d28808b5489ee87f826c2130f5f0b)
(cherry picked from commit 2d975f64d40cff41f36792d92dde65a65fb0dd9d)
(cherry picked from commit 37e27eeec811af0a2d8f86b2b241669ef9ed31fa)
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture. Adding it fixes
the syscall being rejected in arm32 containers.
Fixes#35194
(cherry picked from commit 7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c)
(cherry picked from commit 964ced4100fb5f5b5d41b988512f681a1b0b20f7)
(cherry picked from commit 8bf58cddbfd6e9e1d6ebe1bedc5c821bb5b359b5)
We usually want to use "extended booleans" for cases like this, i.e.
that "off", "no" and "0" can be used interchangably for turning
something off.
(cherry picked from commit 62f3e2f84aa3413081fc1c1e1c3074fc9aeedbc9)
(cherry picked from commit 7a307c5939b0787727b144197090a0ae34cbd813)
(cherry picked from commit 4b384a35349624547b07ab4a33d8100306e79b01)
Otherwise the root inode will typically have what mkdtemp sets up, which
is something like 0700, which is weird and somewhat broken when trying
to look into containers from unpriv users.
(cherry picked from commit c18a1024643809c8f28799900af4e6202623f934)
(cherry picked from commit b4db0ca7534c12002717b3f198ae39907a078024)
(cherry picked from commit 65dca61ca06aa303413565f6d8e5009b5f7e2edb)
When registering we condition this on "arg_register". Let's do the same
when unregistering, otherwise we might end up trying to unregister a
machine we never registered.
(cherry picked from commit 0790f4e45f2f8c094bf929aa1fcaf4c7e9dbb001)
(cherry picked from commit 6f346ef75635b549166d1be04b1dcb620f1b724c)
(cherry picked from commit 85804e690d3531ca7582e7b9f52ca9cb1b9c9b6c)
When determining the poll events to wait for we need to take the queue
of pending messages that carry fds into account. Otherwise we might end
up not waking up if such an fd-carrying message is enqueued
asynchronously (i.e. not from a dispatch callback).
(cherry picked from commit 7b4b3a8f7b76f266438fafb225b7980db68a276e)
(cherry picked from commit b2751b9ae97704ca75fddf2dd79b3ad2605bf629)
(cherry picked from commit 03d691f8b74d25fc3bea3bd26fc7fe1e864121f7)
This page contains many short example codes. I do not think we should
add SPDX-License-Identifier for all codes.
Closes#35356.
(cherry picked from commit 6046cc3660810efcc6fe50b1c850ea642218245b)
(cherry picked from commit 6f2483eed8d790b94945aece37833c3604e3fc11)
(cherry picked from commit cb1077c9aa7779f35b3f5f8b5d226925079eb495)
Similar to c5ecf0949460dd0bf3211db128a385ce6375252e, but for io event source.
Fixes#35322.
(cherry picked from commit 5b2926d9414f4333153ebe0bf169e1dd76129119)
(cherry picked from commit ce997e944f66da452ed01b86b838508ee132abb7)
(cherry picked from commit 5749fc1b29702dffaf5b548df357891d8486376d)
It's the PID that is wrong, not the UID/GID, be precise.
(cherry picked from commit 95116bdfd5d45cc1a7c6588e6b8bdcb0d0e007a6)
(cherry picked from commit 95c20d0b627654626924eadaf65bc1825bb38701)
(cherry picked from commit 5b6e91434eb6b253514516044e372f744ac2e364)
Otherwise, the ioctl() may fail with EBUSY.
Follow-up for b4b66b26620bfaf5818c95d5cffafd85207694e7.
Hopefully fixes#35243.
(cherry picked from commit b76730f3fe0e824db001b38c8ea848302be786ee)
(cherry picked from commit b30364a0378881c6f0d0ff3124f56f4da989d91c)
(cherry picked from commit bb1823d3ffcf432b5175ef24049b65e7b348705b)
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.
(cherry picked from commit 5598454a3f8fc13257e0313d999e6ac9684082e1)
(cherry picked from commit eb841e9b8eb5ec47c46617b288135b2119694ea0)
(cherry picked from commit 59d4a05e3bfcce8cf495e0e39e29f36849273c68)
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
(cherry picked from commit e412fc5e042b8f642bcba42f5c175124583e05ae)
(cherry picked from commit aed4e9045656eb7934e3171a6fe442f7df4c4180)
(cherry picked from commit 421c23f4fae2522f0ed9fc094836303b8faadc83)
systemd-sysext has the same check, but it was forgotten for confexts.
Needed to activate confexts from the ESP in the initrd.
(cherry picked from commit fe077a1a582a43a6378ff29452a373cc7d393764)
(cherry picked from commit fec28cb4f94c033f42480b0b99ac30bd2bdae046)
(cherry picked from commit a95efebffcfd61a7be7af9c99be658f565498f85)
(cherry picked from commit a04d42821bb5350b0ffa82834e50e9b679279854)
(cherry picked from commit 03b993a9bfd97d42ebc0b3713e583c806c89e632)
(cherry picked from commit acb760fbe811781dcc262c59ac3c5a540fd10531)
```
$ systemd-cryptenroll /dev/vda3
SLOT TYPE
0 password
$ systemd-cryptenroll --wipe-slot 1 /dev/vda3
Failed to wipe slot 1, continuing: No such file or directory
```
(cherry picked from commit 2b251491debf9cab695f5f34da9908ca46f085fe)
(cherry picked from commit 4a3d55a032053525ab331e4af6f95ec2dc053ee9)
(cherry picked from commit ade617cf3db3844bcd9cb3beccfc1f978bdf3a94)
"systemctl status systemd-logind" otherwise looks a bit weird, since the
tasks and the fdstore lines are so close to each other but formatted
quite differently when it comes to coloring.
(cherry picked from commit 54646b1ca95373dfa3ebe5d6e7e27deeed9e77b0)
(cherry picked from commit ff4b66be4a35fd21ef001bbf6492e3e1f837ee1c)
(cherry picked from commit e00cc22e30b61b3e2e6b50bea3c569dd7c48c42d)
(cherry picked from commit bae936b418e08063b68c95f4df53c3cd4f70e881)
(cherry picked from commit bdf3f9b8f274d958befa54c95811910013b39a80)
(cherry picked from commit 809b265172dd391e7fe4c105e5979e07b832a180)
