IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Otherwise, when merging multiple directory trees, the output becomes
unreproducible as the directory timestamps will be changed to the current
time when copying identical directories from the second tree.
We introduce a new copy flag to achieve this behavior.
(cherry picked from commit d850a544bc)
When the bypass logic is invoked, such as for queries to the stub with
the DO bit set, be certain to clear the AD bit in the reply before
forwarding it if the answer is not known to be authentic.
(cherry picked from commit 13e15dae9f)
This partially reverts 52bcc872b5.
We explicitly support running without user manager,
hence only user-runtime-dir@.service should be
required.
Fixes#33405
(cherry picked from commit 26f78eff69)
arg_root defaults to null, so if --root isn't given, this would try reading
etc/machine-info from the current working directory, which is likely to fail.
Fixes: 77db9ef2ab ("boot: Make sure we take --root into account everywhere.")
(cherry picked from commit 0452779b00)
In apply_one_mount(), in the MOUNT_EXTENSION_DIRECTORY case,
char **extension_release was used as a return pointer twice but only
cleaned up once in the end. Fix it by removing duplicate code that
was causing this issue.
Fixes issue introduced in 55ea4ef096.
(cherry picked from commit 010ea061fc)
In some kernels (specifically, 5.4) even though the clone3 syscall is
supported, setting CLONE_INTO_CGROUP is not. The error message returned
in this case is E2BIG.
If posix_spawn_wrapper encounters this error, it does not retry, and
cannot spawn any programs in said kernels.
This commit adds a check for the E2BIG error and retries pidfd_spawn()
without the POSIX_SPAWN_SETCGROUP flag.
If we encounter an E2BIG error, and the pidfd_spawn() succeeds after
removing the POSIX_SPAWN_SETCGROUP flag, then we cache the result so
that we do not retry every time.
Originally, this issue was reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077204.
Signed-off-by: Kornilios Kourtis <kornilios@gmail.com>
(cherry picked from commit 7ac58157ca)
Builds with kernels headers < 4.14 fail with:
../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
^~~~~~~~~~~~~~~~~~~
LOOP_SET_DIRECT_IO
Fixes: https://github.com/systemd/systemd/issues/33341
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
(cherry picked from commit 56ab1c5449)
After 3976c43092 (#31423), IPMasquerade=
implies only per-interface IP forwarding. That means, nspawn users need
to manually enable IPv4/IPv6Forwarding= in networkd.conf when
--network-veth or friend is used. Even the change was announced in NEWS,
the change itself breaks backward compatibility and extremely reduces
usability.
Let's make the setting imply the global setting again.
Fixes#34010.
(cherry picked from commit 0b695febb2)
When running unprivileged, checking /proc/1/root doesn't work because
it requires privileges. Instead, let's add an environment variable so
the process that chroot's can tell (systemd) subprocesses whether
they're running in a chroot or not.
(cherry picked from commit 2701c2f67d)
Unprivileged users often make themselves root by unsharing a user namespace
and then mapping their current user to root which does not require privileges.
Let's make sure our tests don't fail in such an environment by adding checks
where required to see if we're not running in a user namespace with only a
single user.
(cherry picked from commit ef31767ed7)
PTP device symlink creation rules are currently executed only when the
udev action is 'add'. If a user reloads the rules and runs the udevadm
trigger command to reapply changes, the symlink may be deleted, which
can prevent the chronyd service from restarting properly.
Signed-off-by: Chengen Du <chengen.du@canonical.com>
(cherry picked from commit 6bd12be3fa)
Let's mention that the new mount API may be used to establish new
mounts in a container without needing the /run/host/incoming directory.
(cherry picked from commit 74cc5e2041)
We initially read from temp file, then strip it, and write
back to it. If the file suddenly disappeared during the process,
it indicates someone else is touching our temp file
behind our back. Let's not silently continue.
(cherry picked from commit 3b5b2ff8fa)
The nice value is part of struct sched_attr, and consequently invoking
sched_setattr() after setpriority() would clobber the nice value with
the default (as we are not setting it in struct sched_attr).
It would be best to combine both calls, but for now simply invoke
setpriority() after sched_setattr() to make sure Nice= remains effective
when used together with CPUSchedulingPolicy=.
(cherry picked from commit 711a157738)
When unit_need_daemon_reload() calls unit_find_dropin_paths() to check
for new drop-in configs, the manager's unit path cache is used to limit
which directories are considered. If a new drop-in directory is created,
it may not be in the unit path cache, and hence unit_need_daemon_reload()
may return false, despite a new drop-in being present. However, if a
unit path cache is not given to unit_file_find_dropin_paths() at all,
then it behaves as if the target path was found in the unit path cache.
So, to fix this, adapt unit_find_dropin_paths() to take a boolean
argument indicating whether or not to pass along the unit path cache.
Set this to false in unit_need_daemon_reload().
Fixes#31752
(cherry picked from commit 82c482d573)
We generally don't care about library debuginfo so let's just disable
debuginfod so it doesn't get in the way when debugging.
We use /root/.gdbinit as the systemwide gdbinit location is distribution
specific.
(cherry picked from commit 2561e2a356)
gcc15 has -Wunterminated-string-initialization in -Wextra and
warns about string constants that are not null terminated even though
the functions do do out of bounds access.
Silence the warnings by simply not providing an explicit size.
(cherry picked from commit af1a6db58f)
When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:
u foo -
u bar -:foo
when both foo and bar are new users.
Fixes#33547
(cherry picked from commit 18a8f03e51)
This fixes the following assertion:
===
SYSTEMD_LOG_LEVEL=debug systemctl --user -H foo --boot-loader-entry=help
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Ignoring.
Failed to connect to bus: Operation not supported
===
Fixes a bug introduced by 97af80c5a7.
Fixes#33661.
Fixes oss-fuzz#70153.
(cherry picked from commit 1056457d11)
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock predict --pcr=1+2+3+4+5+16
Will result in:
...
Floating point exception
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock make-policy --pcr=1+2+3+4+5+16
Will result to this (partial) log:
...
Predicted future PCRs in 133us.
[]
...
Written policy digest 0000000000000000000000000000000000000000000000000000000000000000 to NV index 0x1921da6
...
So, add missing checks to handle gracefully cases where there's no variant
inside the component.
Signed-off-by: Arnaud Patard <arnaud.patard@collabora.com>
(cherry picked from commit e7a93e7521)
OpenSUSE's busybox has a bunch of Provides for basic tools that cause
it to get pulled into images unless the corresponding tool is explicitly
installed so let's add explicit tools to make sure we don't get busybox.
(cherry picked from commit 857e4528f5)
Rebuilding the integration test every time is very slow. Let's
introduce a way to iterate on an integration test without rebuilding
the image every time. By making a btrfs snapshot before we run the
integration test, we can then systemctl soft-reboot after running
the test to restore the rootfs to a pristine state before running
the test again.
As /run/nextroot will get nuked on reboot or soft-reboot, we introduce
a tmpfiles snippet to make sure it is recreated every (soft-)reboot
and adapt the existing tests to deal with this new symlink.
(cherry picked from commit af153e36ae)
The next commit will introduce a way to iterate on integration
tests which depends on btrfs specific features.
We leave CentOS on ext4 as its kernel does not support btrfs.
(cherry picked from commit edc6592e53)
TEST_SHELL can be used to get a shell in the integration test
environment without actually immediately starting the test.
(cherry picked from commit dd1c01b20f)