IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
For issue #34257.
(cherry picked from commit 56d6ebd40468e2a743b39ad7d87b0675bdf9a042)
(cherry picked from commit 69282da9aab90c2dc1e440b04af5b2163779515a)
As the seed is used by context_load_partition_table() -> derive_uuid().
Fixes#34257.
(cherry picked from commit b8a8000aba4620a1d93ac1d04dbb86050d9c5fe8)
(cherry picked from commit f85a4fba330822c44f9b2deb527acecc03bcfed9)
Also do not chown if a device node is bind-mounted.
Fixes#34243.
(cherry picked from commit efedb6b0f3cff37950112fd37cb750c16d599bc7)
(cherry picked from commit a23591891b9e85107f39d103eabbb5bc9a6ced6f)
Otherwise, when merging multiple directory trees, the output becomes
unreproducible as the directory timestamps will be changed to the current
time when copying identical directories from the second tree.
We introduce a new copy flag to achieve this behavior.
(cherry picked from commit d850a544bc1f895decb452160c97a884a20b12b7)
(cherry picked from commit d5640c4f8583de2752a7f4e03006a1fa74942da1)
When the bypass logic is invoked, such as for queries to the stub with
the DO bit set, be certain to clear the AD bit in the reply before
forwarding it if the answer is not known to be authentic.
(cherry picked from commit 13e15dae9f0b4566d3ea2ed058a5dd44751216da)
(cherry picked from commit 3a2be652282db2d55d5e28546e6c9a594fb8c43e)
arg_root defaults to null, so if --root isn't given, this would try reading
etc/machine-info from the current working directory, which is likely to fail.
Fixes: 77db9ef2ab ("boot: Make sure we take --root into account everywhere.")
(cherry picked from commit 0452779b0054f5c2724b745b1db33bba1ac8e677)
(cherry picked from commit 8d7eef9ee5ead7c7b47b2ad4418529ac5cf17bb3)
In apply_one_mount(), in the MOUNT_EXTENSION_DIRECTORY case,
char **extension_release was used as a return pointer twice but only
cleaned up once in the end. Fix it by removing duplicate code that
was causing this issue.
Fixes issue introduced in 55ea4ef096543d2bceea9315868d5aca945d7a57.
(cherry picked from commit 010ea061fceb84d36259d576f52c09b940d0d615)
(cherry picked from commit 83f30941731ca454309c566edbfe3b3bfeaf8453)
Builds with kernels headers < 4.14 fail with:
../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
^~~~~~~~~~~~~~~~~~~
LOOP_SET_DIRECT_IO
Fixes: https://github.com/systemd/systemd/issues/33341
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
(cherry picked from commit 56ab1c54497d9fac74380ff9e11aaf931a917d2b)
(cherry picked from commit 0730ec4f3ecbbb550864ff0dbadeeeb5e271eb50)
Unprivileged users often make themselves root by unsharing a user namespace
and then mapping their current user to root which does not require privileges.
Let's make sure our tests don't fail in such an environment by adding checks
where required to see if we're not running in a user namespace with only a
single user.
(cherry picked from commit ef31767ed7e21672a50b77e7b3935948aaba114c)
(cherry picked from commit ec5cdf9ba0e003de6f824a000c0bbe46fb4e0925)
PTP device symlink creation rules are currently executed only when the
udev action is 'add'. If a user reloads the rules and runs the udevadm
trigger command to reapply changes, the symlink may be deleted, which
can prevent the chronyd service from restarting properly.
Signed-off-by: Chengen Du <chengen.du@canonical.com>
(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
(cherry picked from commit 2a328ce80923baa55925c99a923c40ec46b86243)
Bit 60 is the one corresponding to ReadOnly, not 50. Fix this.
(cherry picked from commit 932cc94436e653d0487c29e0dd44685610cd7bcb)
(cherry picked from commit 2665618555d08fc3877043cac392f1b6573811b7)
Let's mention that the new mount API may be used to establish new
mounts in a container without needing the /run/host/incoming directory.
(cherry picked from commit 74cc5e2041a2c32e1824b32316bd95f2c8a811f5)
(cherry picked from commit 65eff444c4fa7be5eb1be71c5d94ab8732167e11)
The nice value is part of struct sched_attr, and consequently invoking
sched_setattr() after setpriority() would clobber the nice value with
the default (as we are not setting it in struct sched_attr).
It would be best to combine both calls, but for now simply invoke
setpriority() after sched_setattr() to make sure Nice= remains effective
when used together with CPUSchedulingPolicy=.
(cherry picked from commit 711a157738b3dcd29a5ebc8f498eb46bfac59652)
(cherry picked from commit b628d4dfa61234d28ffaa648ec09c5e9972f832a)
When unit_need_daemon_reload() calls unit_find_dropin_paths() to check
for new drop-in configs, the manager's unit path cache is used to limit
which directories are considered. If a new drop-in directory is created,
it may not be in the unit path cache, and hence unit_need_daemon_reload()
may return false, despite a new drop-in being present. However, if a
unit path cache is not given to unit_file_find_dropin_paths() at all,
then it behaves as if the target path was found in the unit path cache.
So, to fix this, adapt unit_find_dropin_paths() to take a boolean
argument indicating whether or not to pass along the unit path cache.
Set this to false in unit_need_daemon_reload().
Fixes#31752
(cherry picked from commit 82c482d573c9d2f3ab36f7be8d32772f90f2c335)
(cherry picked from commit 6f57f9b8aa4084179c82c98ec654315a63532fe9)
We generally don't care about library debuginfo so let's just disable
debuginfod so it doesn't get in the way when debugging.
We use /root/.gdbinit as the systemwide gdbinit location is distribution
specific.
(cherry picked from commit 2561e2a35601383bfba30da58d378303cb9e39aa)
(cherry picked from commit afcc3f39a3fba9129325cdec0511bb63e0ba68c5)
With af1a6db58fde8f64edcf7d27e1f3b636c999934c, now we can build with the
option.
(cherry picked from commit f548bc4011bcdab008b125b9d0993817efa00718)
(cherry picked from commit 772549666cf291d85c28d3bfc1ab2b7227422d4f)
gcc15 has -Wunterminated-string-initialization in -Wextra and
warns about string constants that are not null terminated even though
the functions do do out of bounds access.
Silence the warnings by simply not providing an explicit size.
(cherry picked from commit af1a6db58fde8f64edcf7d27e1f3b636c999934c)
(cherry picked from commit ca09bc33e8b2cbc7c410c300b6df5cf3ce437a3b)
When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:
u foo -
u bar -:foo
when both foo and bar are new users.
Fixes#33547
(cherry picked from commit 18a8f03e5160ca3828d327d9bbd1b32f26d792a3)
(cherry picked from commit edf52384c2e99cd5af9bcd4ae4b13fd8f79596d3)
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock predict --pcr=1+2+3+4+5+16
Will result in:
...
Floating point exception
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock make-policy --pcr=1+2+3+4+5+16
Will result to this (partial) log:
...
Predicted future PCRs in 133us.
[]
...
Written policy digest 0000000000000000000000000000000000000000000000000000000000000000 to NV index 0x1921da6
...
So, add missing checks to handle gracefully cases where there's no variant
inside the component.
Signed-off-by: Arnaud Patard <arnaud.patard@collabora.com>
(cherry picked from commit e7a93e75219b22424bab95fe45982f5eef21d581)
(cherry picked from commit 74f830e048beab8b48c4a25dcb8666a861981aec)
Let's explicitly pass the value to -fstrict-flex-arrays. This does
not change behavior but it does (selfishly) make my error not bug
out with an error saying -fstrict-flex-arrays does not exist.
(cherry picked from commit ad723ca3e5bd41d2d884760375534910bb55d9b3)
(cherry picked from commit 2925fc2c6f4b13a2f098912fa3d44ad31e9f2cf0)
Otherwise, read_stripped_line() would spuriously drop trailing spaces.
Fixes#33924
(cherry picked from commit 9be46b1da8b01c3f47e6c050185f2b45484d6300)
(cherry picked from commit c3ede0cfe78c4d70cfbeb333897969e27a6c6dda)
Follow-up for af7417ac7b07bc01232982bf46e9d72e69e7f820.
Closes#33596.
(cherry picked from commit 1c0130e8dc3c99d5a85be41e9172adb0ff0cf7fd)
(cherry picked from commit ce940b62acfca1f229818d82edee07986c05b50c)
Prompted by #33702.
(cherry picked from commit 347c8822d1a8a5b70624920b3de2a91d4e0fca91)
(cherry picked from commit ab4e1faca6e5128a3c32d93eedd5609709da8229)
Add a section which lists the known confidential virtual machine
technologies.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
(cherry picked from commit 037510812fbcaf689b5b107a85f3a031d15dc505)
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.
This can be detected through a simple sysfs attribute.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
(cherry picked from commit 7a6d4cdc483c3cff03342d8c69b10c6792192171)
We have different impls of detect_confidential_virtualization per
architecture. The detection is cached in the x86_64 impl, and as we
add support for more targets, we want to use caching for all. It thus
makes sense to split caching out into an architecture independent
method.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
(cherry picked from commit a1359ac94068580b4a12b2714a590a8ac1d30cae)
tcp reset / icmp port-unreachable are markedly different conditions than
packet loss. It doesn't make much sense to retry in this case. It's
actually not clear if there is any benefit at all retrying tcp
connections, which were presumably already retried as necessary by the
tcp stack.
(cherry picked from commit ddd710a355acc698b48159f3e501dda5a7dc2704)
(cherry picked from commit f5376fea7de173e9369e8af569fc6ecabd0d7282)
Fixes CID#1548022 and CID#1548075.
(cherry picked from commit f7012a93a7f04fa29c7933a4963aa17fcf120e97)
(cherry picked from commit 11c15905cd4759b89a1da63d05772c1f7c3744a4)
The kernel might start returning -EINVAL when trying to open pidfd's
for kernel threads so let's not try to open pidfd's for kernel threads.
(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058)
(cherry picked from commit f1d4e79eff71102199d864175efb7a2353c36502)
Each log context field can expand to up to three iovecs (key, value
and newline) so let's fix the size calculation to take this into
account.
(cherry picked from commit fc83ff3f55ee53fd9101d4e45736f3f996ee7ca6)
(cherry picked from commit f2edebce25779018beca0acd28457864869c2546)
All messages logged from exec_spawn() are attributed to the unit
and as such we should set the log level to the unit's max log level
for the duration of the function.
(cherry picked from commit 7881f485c9f57b1c7de4308eeab54458890c5c19)
(cherry picked from commit 4fd349953ea1d1ed580ecb94e5c0bf98c59d0fac)
Remove an early return that prevents --prompt-root-password or
--prompt-root-shell and systemd.firstboot=off using credentials. In that case,
arg_prompt_root_password and arg_prompt_root_shell will be false, but the
prompt helpers still need to be called to read the credentials. Furthermore, if
only the root shell has been set, don't overwrite the root password.
(cherry picked from commit 35bc4c34240afdd55e117b909f26fa9a5dc54f3b)
(cherry picked from commit b5448c16f8f7a67da5266bec7d5c6677cc34ab24)
