IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We initially read from temp file, then strip it, and write
back to it. If the file suddenly disappeared during the process,
it indicates someone else is touching our temp file
behind our back. Let's not silently continue.
(cherry picked from commit 3b5b2ff8fa6413afc2e5a058ea8281a58a4c691d)
The nice value is part of struct sched_attr, and consequently invoking
sched_setattr() after setpriority() would clobber the nice value with
the default (as we are not setting it in struct sched_attr).
It would be best to combine both calls, but for now simply invoke
setpriority() after sched_setattr() to make sure Nice= remains effective
when used together with CPUSchedulingPolicy=.
(cherry picked from commit 711a157738b3dcd29a5ebc8f498eb46bfac59652)
When unit_need_daemon_reload() calls unit_find_dropin_paths() to check
for new drop-in configs, the manager's unit path cache is used to limit
which directories are considered. If a new drop-in directory is created,
it may not be in the unit path cache, and hence unit_need_daemon_reload()
may return false, despite a new drop-in being present. However, if a
unit path cache is not given to unit_file_find_dropin_paths() at all,
then it behaves as if the target path was found in the unit path cache.
So, to fix this, adapt unit_find_dropin_paths() to take a boolean
argument indicating whether or not to pass along the unit path cache.
Set this to false in unit_need_daemon_reload().
Fixes#31752
(cherry picked from commit 82c482d573c9d2f3ab36f7be8d32772f90f2c335)
We generally don't care about library debuginfo so let's just disable
debuginfod so it doesn't get in the way when debugging.
We use /root/.gdbinit as the systemwide gdbinit location is distribution
specific.
(cherry picked from commit 2561e2a35601383bfba30da58d378303cb9e39aa)
gcc15 has -Wunterminated-string-initialization in -Wextra and
warns about string constants that are not null terminated even though
the functions do do out of bounds access.
Silence the warnings by simply not providing an explicit size.
(cherry picked from commit af1a6db58fde8f64edcf7d27e1f3b636c999934c)
When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:
u foo -
u bar -:foo
when both foo and bar are new users.
Fixes#33547
(cherry picked from commit 18a8f03e5160ca3828d327d9bbd1b32f26d792a3)
This fixes the following assertion:
===
SYSTEMD_LOG_LEVEL=debug systemctl --user -H foo --boot-loader-entry=help
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Ignoring.
Failed to connect to bus: Operation not supported
===
Fixes a bug introduced by 97af80c5a7029c3f92e982dcf9338b9e67ad9cde.
Fixes#33661.
Fixes oss-fuzz#70153.
(cherry picked from commit 1056457d1132e78cbf914e8abfa661465b952412)
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock predict --pcr=1+2+3+4+5+16
Will result in:
...
Floating point exception
Running the following commands:
# mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
# /usr/lib/systemd/systemd-pcrlock make-policy --pcr=1+2+3+4+5+16
Will result to this (partial) log:
...
Predicted future PCRs in 133us.
[]
...
Written policy digest 0000000000000000000000000000000000000000000000000000000000000000 to NV index 0x1921da6
...
So, add missing checks to handle gracefully cases where there's no variant
inside the component.
Signed-off-by: Arnaud Patard <arnaud.patard@collabora.com>
(cherry picked from commit e7a93e75219b22424bab95fe45982f5eef21d581)
OpenSUSE's busybox has a bunch of Provides for basic tools that cause
it to get pulled into images unless the corresponding tool is explicitly
installed so let's add explicit tools to make sure we don't get busybox.
(cherry picked from commit 857e4528f5fe556bbe98e32ffcde8932d0d80f83)
Rebuilding the integration test every time is very slow. Let's
introduce a way to iterate on an integration test without rebuilding
the image every time. By making a btrfs snapshot before we run the
integration test, we can then systemctl soft-reboot after running
the test to restore the rootfs to a pristine state before running
the test again.
As /run/nextroot will get nuked on reboot or soft-reboot, we introduce
a tmpfiles snippet to make sure it is recreated every (soft-)reboot
and adapt the existing tests to deal with this new symlink.
(cherry picked from commit af153e36ae67c242251951c12d6d6b6ae4783845)
The next commit will introduce a way to iterate on integration
tests which depends on btrfs specific features.
We leave CentOS on ext4 as its kernel does not support btrfs.
(cherry picked from commit edc6592e532806fe9ac28400138d5d4e1492a7d0)
Debian uses /usr/bin/login from the shadow package instead of util-linux
which doesn't support credentials. Let's enable autologin the old
fashioned way for now.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833256
(cherry picked from commit ea696c5f5300c240ae2749f7791aaa78837d556b)
TEST_SHELL can be used to get a shell in the integration test
environment without actually immediately starting the test.
(cherry picked from commit dd1c01b20fb8eef6a4d41ac7f0d3d83399e27593)
- Add the required options to make the package managers non interactive
- Use apt-get instead of apt
- Remove --reinstall from apt-get command so we only install newer packages
- Add --needed to pacman command so we only install newer packages
(cherry picked from commit 5f5b6fa9017c7c5de1e8a3e6b8888fd71a1d3862)
Not required anymore as we don't do /usr only anymore and the symlink
will be created by the debian systemd package.
(cherry picked from commit 63bafef12ba867010507963d5aac67f4d64d85e9)
As at this stage, a persistent journal file has been already opened, and
saved seqnum has been reset, and any later journal entries will be stored
to the file. Hence we should not open the runtime journal file by
server_system_journal_open() again.
(cherry picked from commit b55027efe41b266df4c4704e924fff7dfb32ad70)
The setting is about vacuuming archived journal files. It is not
necessary to rotate the current journal. Note, journal file rotation is
controlled by MaxFileSec=.
Fixes#31315.
(cherry picked from commit b63c18db03d0c120ba9eaa2aa9d0d43d80eea02b)
Let's explicitly pass the value to -fstrict-flex-arrays. This does
not change behavior but it does (selfishly) make my error not bug
out with an error saying -fstrict-flex-arrays does not exist.
(cherry picked from commit ad723ca3e5bd41d2d884760375534910bb55d9b3)
Otherwise, read_stripped_line() would spuriously drop trailing spaces.
Fixes#33924
(cherry picked from commit 9be46b1da8b01c3f47e6c050185f2b45484d6300)
Add a section which lists the known confidential virtual machine
technologies.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.
This can be detected through a simple sysfs attribute.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
We have different impls of detect_confidential_virtualization per
architecture. The detection is cached in the x86_64 impl, and as we
add support for more targets, we want to use caching for all. It thus
makes sense to split caching out into an architecture independent
method.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
Since, at least the old framework, checks for the presence of the file
at the end and marks the whole test as skipped if it exists.
Resolves: systemd/systemd-centos-ci#728
(cherry picked from commit 4d1fbe53c1cc9b04acd897c728d996191daa618d)
tcp reset / icmp port-unreachable are markedly different conditions than
packet loss. It doesn't make much sense to retry in this case. It's
actually not clear if there is any benefit at all retrying tcp
connections, which were presumably already retried as necessary by the
tcp stack.
(cherry picked from commit ddd710a355acc698b48159f3e501dda5a7dc2704)
On Fedora the sshd-session binary is under /usr/libexec/openssh/ so
cover this path as well in the old framework.
Follow-up for aaa7b36bd15ca3a96a1e11a557482b0bc59c769f.
(cherry picked from commit ce2344bbee468c7d524e508a8ff7f5f7ae85acb5)
We document that when multiple credentials of the same name are found,
we use the first one found so let's actually implement that behavior.
(cherry picked from commit 3de13e6148731ae9c36885afd78b1421e6f16305)
Credentials are written to a temporary file and renamed to the
destination with renameat() which will replace existing files so
EEXIST should not happen so drop the handling for EEXIST.
(cherry picked from commit 2c2ed3272b992b6eb13864e49847c943e42be00f)
The kernel might start returning -EINVAL when trying to open pidfd's
for kernel threads so let's not try to open pidfd's for kernel threads.
(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058)
Each log context field can expand to up to three iovecs (key, value
and newline) so let's fix the size calculation to take this into
account.
(cherry picked from commit fc83ff3f55ee53fd9101d4e45736f3f996ee7ca6)
All messages logged from exec_spawn() are attributed to the unit
and as such we should set the log level to the unit's max log level
for the duration of the function.
(cherry picked from commit 7881f485c9f57b1c7de4308eeab54458890c5c19)
Remove an early return that prevents --prompt-root-password or
--prompt-root-shell and systemd.firstboot=off using credentials. In that case,
arg_prompt_root_password and arg_prompt_root_shell will be false, but the
prompt helpers still need to be called to read the credentials. Furthermore, if
only the root shell has been set, don't overwrite the root password.
(cherry picked from commit 35bc4c34240afdd55e117b909f26fa9a5dc54f3b)
If /etc/passwd and/or /etc/shadow exist but don't have an existing root entry,
one needs to be added. Previously this only worked if the files didn't exist.
(cherry picked from commit 2319154a6bec7b8c42e901dfacaefe95bf4e3750)
Although locked and empty passwords in /etc/passwd are treated the same, in all
other cases the entry is configured to read the password from /etc/shadow.
(cherry picked from commit 5088de9daa156a095e79684c658f9035db971538)
