git-history.diyao.me Git - systemd/.git/log

Revert "udev: run link_update() with increased retry count in second invocation"

This reverts commit 1f3165bda13c8572c8c31d23c998835c4e2ad8f3.

Related: #1942299

pam-systemd: use secure_getenv() rather than getenv()

And explain why in a comment.

(cherry picked from commit 83d4ab55336ff8a0643c6aa627b31e351a24040a)

CVE-2019-3842

Resolves: #1687514

udev: run link_update() with increased retry count in second invocation

In PR #17431 we have introduced retry loop in link_update() in order to
maximize the chance that we end up with correct target when there are
multiple contenders for given symlink.

Number of iterations in retry loop is either 1 or
LINK_UPDATE_MAX_RETRIES, depending on the value of 'initialized' db
flag. When device appears for the first time we need to set the
flag before calling link_update() via update_devnode() for the second
time to make sure we run the second invocation with higher retry loop
counter.

(cherry picked from commit 996c83903da5bf8b371314b4207ff97afeef65a4)

Related: #1931947

core: prevent excessive /proc/self/mountinfo parsing

(cherry picked from commit d586f642fd90e3bb378f7b6d3e3a64a753e51756)

Resolves: #1819868

test: add ratelimiting test

(Taken from Michal's #17274 by Lennart, and slightly adjusted)

(cherry picked from commit 68d890651781904a4c762ac866af36e30c4f7ff8)

Related: #1819868

sd-event: add ability to ratelimit event sources

Let's a concept of "rate limiting" to event sources: if specific event
sources fire too often in some time interval temporarily take them
offline, and take them back online once the interval passed.

This is a simple scheme of avoiding starvation of event sources if some
event source fires too often.

This introduces the new conceptual states of "offline" and "online" for
event sources: an event source is "online" only when enabled *and* not
ratelimited, and offline in all other cases. An event source that is
online hence has its fds registered in the epoll, its signals in the
signalfd and so on.

(cherry picked from commit b6d5481b3d9f7c9b1198ab54b54326ec73e855bf)

Related: #1819868

sd-event: increase n_enabled_child_sources just once

Neither source_child_pidfd_register() nor event_make_signal_data() look at
n_enabled_child_sources.

(cherry picked from commit ac9f2640cb9c107b43f47bba7e068d3b92b5337b)

Related: #1819868

sd-event: update state at the end in event_source_enable

Coverity in CID#1435966 was complaining that s->enabled is not "restored" in
all cases. But the code was actually correct, since it should only be
"restored" in the error paths. But let's still make this prettier by not setting
the state before all operations that may fail are done.

We need to set .enabled for the prioq reshuffling operations, so move those down.

No functional change intended.

(cherry picked from commit d2eafe61ca07f8300dc741a0491a914213fa2b6b)

Related: #1819868

sd-event: remove earliest_index/latest_index into common part of event source objects

So far we used these fields to organize the earliest/latest timer event
priority queue. In a follow-up commit we want to introduce ratelimiting
to event sources, at which point we want any kind of event source to be
able to trigger time wakeups, and hence they all need to be included in
the earliest/latest prioqs. Thus, in preparation let's make this
generic.

No change in behaviour, just some shifting around of struct members from
the type-specific to the generic part.

(cherry picked from commit f41315fceb5208c496145cda2d6c865a5458ce44)

Related: #1819868

sd-event: follow coding style with naming return parameter

(cherry picked from commit cad143a8f26976a23e634d5e1ecfb7d7ba75c3bf)

Related: #1819868

sd-event: ref event loop while in sd_event_prepare() ot sd_event_run()

sd_event_prepare() invokes callbacks that might drop the last user ref
on our event loop. Let's make sure we keep an explicit ref around it, so
that we won't end up with an invalid pointer. Similar in sd_event_run().

Basically, any function that is publically callable that might end up
invoking callbacks should ref the relevant objects to be protected
against callbacks destroying these objects while we still want to access
them. We did this correctly in sd_event_dispatch() and sd_event_loop(),
but these are not the only ones which are callable from the outside.

(cherry picked from commit f814c871e65df8552a055dd887bc94b074037833)

Related: #1819868

sd-event: refuse running default event loops in any other thread than the one they are default for

(cherry picked from commit e544601536ac13a288d7476f4400c7b0f22b7ea1)

Related: #1819868

sd-event: let's suffix last_run/last_log with "_usec"

Otherwise it's a bit confusing what this is about: two timestamps.

(cherry picked from commit e6a7bee538f6638c2d5ca2afc66bf47cba3f075c)

Related: #1819868

sd-event: fix delays assert brain-o (#17790)

s/sizeof/ELEMENTSOF/

Bug introduced in 34b87517749caa4142b19eb3c63bdf349fafbc49.

(cherry picked from commit cb9d621ebbfa30bbd620c17e143daeb0d78c12f0)

Related: #1819868

sd-event: split out code to add/remove timer event sources to earliest/latest prioq

Just some refactoring that makes code prettier, and will come handy
later, because we can reuse these functions at more places.

(cherry picked from commit 1e45e3fecc303e7ae9946220c742f69675e99c34)

Related: #1819868

sd-event: split clock data allocation out of sd_event_add_time()

Just some simple refactoring, that will make things easier for us later.
But it looks better this way even without the later function reuse.

(cherry picked from commit 41c63f36c3352af8bebf03b6181f5d866431d0af)

Related: #1819868

sd-event: mention that two debug logged events are ignored

(cherry picked from commit f80a5d6a86dc2346f406ee086ba179879afaab70)

Related: #1819868

sd-event: split out enable and disable codepaths from sd_event_source_set_enabled()

So far half of sd_event_source_set_enabled() was doing enabling, the
other half was doing disabling. Let's split that into two separate
calls.

(This also adds a new shortcut to sd_event_source_set_enabled(): if the
caller toggles between "ON" and "ONESHOT" we'll now shortcut this, since
the event source is already enabled in that case and shall remain
enabled.)

This heavily borrows and is inspired from Michal Sekletár's #17284
refactoring.

(cherry picked from commit ddfde737b546c17e54182028153aa7f7e78804e3)

Related: #1819868

sd-event: split out helper functions for reshuffling prioqs

We typically don't just reshuffle a single prioq at once, but always
two. Let's add two helper functions that do this, and reuse them
everywhere.

(Note that this drops one minor optimization:
sd_event_source_set_time_accuracy() previously only reshuffled the
"latest" prioq, since changing the accuracy has no effect on the
earliest time of an event source, just the latest time an event source
can run. This optimization is removed to simplify things, given that
it's not really worth the effort as prioq_reshuffle() on properly
ordered prioqs has practically zero cost O(1)).

(Slightly generalized, commented and split out of #17284 by Lennart)

(cherry picked from commit e1951c16a8fbe5b0b9ecc08f4f835a806059d28f)

Related: #1819868

test/sys-script.py: add missing DEVNAME entries to uevents

Resolves: #1931947

Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||"

This effectively reverts commits 03bc565e6e3249385c4e1ca0ae27670ca2ad9a41
and 03b766cc937ffa4dcb7cfb25b2ac20d8a00cb6db.

Resolves: #1931947

test/udev-test: gracefully exit when imports fail

In Fedora rawhide various perl modules are now available as separate
packages that are not pulled in by dependencies. If we don't have some
package, skip the tests.

This ugly code is apparently the way to do conditional imports:
https://www.cs.ait.ac.th/~on/O/oreilly/perl/cookbook/ch12_03.htm.

(cherry picked from commit d40763838278246e2073d15ca927ee700e583afc)

Related: #1642728

test/udev_test.pl: add "expected good" count

Since 'test/udev-test.pl: count "good" results', we know how many
checks succeeded. Add an "expected good" count to make that number
more meaningful.

(cherry picked from commit cbeb23d863d540408cd1fb274d78213f59639df2)

Related: #1642728

test/udev-test.pl: suppress umount error message at startup

umount emits an error message "no mount point specified" if the
tmpfs isn't mounted yet, which is the normal case.
Suppress that by redirecting stderr.

(cherry picked from commit f1cb0860549e775be5f91237b5a3b97698dd14dd)

Related: #1642728

test/udev-test.pl: generator for large list of block devices

Manually listing all devices in the test definition becomes cumbersome with
lots of devices. Add a function that scans on all block devices in
the test sysfs and generates a list of devices to test.

(cherry picked from commit eb44d715ebee2fe11288433b99f8e1dc5fdac84a)

Related: #1642728

test/udev-test.pl: add repeat count

for easier reproduction of sporadic test failures.

(cherry picked from commit 2ab0a8d00bc48d3531e953d938db889d8a932d65)

Related: #1642728

tests/udev-test.pl: add multiple device test

Add 4 new tests using multiple devices. Number 2-4 use many
devices claiming the same symlink, where only one device has
a higher priority thatn the others. They fail sporadically with
the current code, if a race condition causes the symlink to point
to the wrong device. Test 4 is like test 2 with sleeps in between,
it's much less likely to fail.

(cherry picked from commit 4a0ec82daf32446519e1d86329bb802325b82104)

Related: #1642728

test/udev-test.pl: count "good" results

This is helpful to catch possible regressions in the test.
Also, don't count wait() errors, they are likely not udev errors.

(cherry picked from commit b95c43982ab7d0253b552ad56cffb3d68fcbb4f6)

Related: #1642728

test/udev-test.pl: merge import parent tests into one

As we can test multiple devices and multiple links per device
in one test now, these two tests can be merged into one.

(cherry picked from commit a96cd21d31cb7af211862768e133b50b085634e7)

Related: #1642728

test/udev-test.pl: merge "space and var with space" tests

As we can check multiple links in a single test now, these 3
tests can be merged into one.

(cherry picked from commit 2084fe0d3290c525ecb9faa07d07c3abc2488e59)

Related: #1642728

test/udev-test.pl: remove bogus rules from magic subsys test

These rules have survived from an ancient version of the code
and save no purpose any more.

(cherry picked from commit 86634df43b715f3f77c7de73a3ef6566e5cdf571)

Related: #1642728

test/udev-test.pl: Make some tests a little harder

Add some rules that make it a bit harder to pass, mainly the
non-existence checks.

(cherry picked from commit 06d4d4e24e7d0b51120b165e540d278842e8b1a3)

Related: #1642728

test/udev-test.pl: last_rule is unsupported

the "last_rule" option hasn't been supported for some time.
Therefore this test fails if a "not_exp_links" attribute is added,
as it should be. Mark it appropriately.

(cherry picked from commit 17cce031531a5d3f38a27374c99d1bdba5959dbd)

Related: #1642728

test/udev-test.pl: fix wrong test descriptions

udev hasn't supported renaming device nodes for some time.

(cherry picked from commit 46bc71b2b73f8a1e27dc5e142730e9877dd05e3e)

Related: #1642728

test/udev-test.pl: allow checking multiple symlinks

Instead of testing the existence or non-exisitence of just a single
symlink, allow testing of several links per device.

Change the test definitions accordingly.

(cherry picked from commit e62acc3159935781f05fa59c48e5a74e85c61ce2)

Related: #1642728

test/udev-test.pl: test correctness of symlink targets

Test if symlinks are created correctly by comparing the symlink
targets to the devnode path. This implies (for the symlink) that
major/minor numbers and permissions are correct, as we have tested
that on the devnode already.

(cherry picked from commit 997683c8f152e1c139a7ce537de81a0aeae4627f)

Related: #1642728

test/udev-test.pl: use computed devnode name

More often than not, the created devnode is the basename of the
sysfs entry. The "devnode" device may be used to override the
auto-detected node name.

Permissions and major/minor number are now verified on the devnode
itself, not on symlinks.

For those tests where exp_name is set to the computed devnode name,
the explicit "exp_name" can be removed. "exp_name" is only required for
symlinks.

This allows separate testing for devnodes and symlinks an a follow-up
patch.

(cherry picked from commit f0dccf01a7b4e72278e14effd74782ea83d0a73b)

Related: #1642728

test/udev-test.pl: allow concurrent additions and removals

Allow testing cases where multiple devices are added and removed
simultaneously. Tests are started as synchronously as possible using a
semaphore, in order to test possible race conditions. If this isn't desired,
the test parameter "sleep_us" can be set to the number of microseconds to wait
between udev invocations.

(cherry picked from commit 09a4062d70b3a10d022e40066e2adf09df05bbbc)

Related: #1642728

test/udev-test.pl: create rules only once

It's not necessary to write the rules for every udev run, as we
now may have many (rather than just 2) per test.

(cherry picked from commit af7ee3eae689f9c31b49ea13758ad9c901918ce3)

Related: #1642728

test/udev-test.pl: allow multiple devices per test

Allow testing cases where multiple devices are added and removed.
This implies a change of the data structure: every test allows
for multiple devices to be added, and "exp_name" etc. are now properties
of the device, not of the test.

(cherry picked from commit 255c05b72455dcad1b5552d12a813b31f68201a7)

Related: #1642728

udev-test: do not rely on "mail" group being defined

"audio" should be there, at least we declare it. "mail" nowadays is less
likely to exist than in the past.

Fixes one of the items in #16942.

(cherry picked from commit a9030b81c154c3ec92227d04cad6b13cc1125608)

Related: #1642728

test: add test case for multi matches when use "||"

Signed-off-by: gaoyi <ymuemc@163.com>
(cherry picked from commit 0d3a8bc7ebd76591e14f7098b4266fd2065ac4db)

Related: #1642728

test: add test cases for empty string match

(cherry picked from commit 48d26c90852c22ec94be961f5fbdcf462bb9a6e8)

Related: #1642728

test/udev-test.pl: cleanup if skipping test

In Ubuntu CI, udev-test.pl is run from the debian/test/udev script,
in a test dir created for it; but udev-test.pl setup mounts a
dir, so if it doesn't cleanup/unmount before exiting, the test dir
autopkgtest created for it can't be removed, and autopkgtest
aborts the entire test suite, for example this output (from a
test run inside an armhf container):

autopkgtest [12:45:36]: test udev: [-----------------------
umount: test/tmpfs: no mount point specified.
mknod: test/tmpfs/dev/null: Operation not permitted
unable to create test/tmpfs/dev/null at ./udev-test.pl line 1611.
Failed to set up the environment, skipping the test at ./udev-test.pl line 1731.
autopkgtest [12:45:41]: test udev: -----------------------]
autopkgtest [12:45:44]: test udev: - - - - - - - - - - results - - - - - - - - - -
udev FAIL non-zero exit status 77
rm: cannot remove '/tmp/autopkgtest.ocPFA6/autopkgtest_tmp/test/tmpfs': Device or resource busy
autopkgtest [12:46:22]: ERROR: "rm -rf /tmp/autopkgtest.ocPFA6/udev-artifacts /tmp/autopkgtest.ocPFA6/autopkgtest_tmp" failed with stderr "rm:

(cherry picked from commit abb9cc50afb3949c442849f43301fb33578f3888)

Related: #1642728

test-udev: fix alignment and drop unnecessary white spaces

(cherry picked from commit 3dd2d524141d09d57443ae339e1a77d7ce40f847)

Related: #1642728

test-udev: add more tests for line continuation

(cherry picked from commit 84a0819c9d89a2ddb195a5d975ae1fd5c62fde3c)

Related: #1642728

test-udev: add more tests for line continuations and comments

(cherry picked from commit d35976c670b0e5c2d4081b781e5af88c0689ff00)

Related: #1642728

test-udev: use proper semantics for too long line with continuation

Follow-up for 1e797cf596df50a6bdd8cbf8e9b2467a3a934171.

(cherry picked from commit e37a5d90b0c624b95f8d0c3400288fec60417ec4)

Related: #1642728

test-udev: add a testcase of too long line

(cherry picked from commit 1e797cf596df50a6bdd8cbf8e9b2467a3a934171)

Related: #1642728

udev-test: check if permitted to create block device nodes

(cherry picked from commit dbfbc6c4e34366033cb340e8b0c3cbca683ff6f5)

Related: #1642728

udev-test: fix missing directory test/run

Fixes the following error:

Failed to mount test /run: No such file or directory

By the time command "./test-udev check" calls function "fake_filesystems",
directory "test/run" must be present.

(cherry picked from commit 1e5548c0e0962424b6ca5fdfd35c866b70760c8f)

Related: #1642728

udev-test: fix test skip condition

When there is a failure to setup the environment, the following happens:

1. Command "./test-udev check" exits with non-zero code.
2. Perl function "system" returns the code.
3. The code is evaluated as true by Perl.

Then we stop the test.

(cherry picked from commit 7935dae547caf164d807237f1009a9e9fa510337)

Related: #1642728

udev-test: skip the test only if it can't setup its environment

This is basically a replacement for 0eb3cc88504b5d8f74.

(cherry picked from commit 110a13202eab6d92678abcde08372d4afac1cc45)

Related: #1642728

udev-test: remove a check for whether the test is run in a container

It's too broad a check that prevents the test from running on Travis CI.

(cherry picked from commit 881886ef08d50951159633248b0f73977c5d6924)

Related: #1642728

test: missing "die"

Follow-up for a41ff38b0999fb83464309a29b8f39450b8d4b85.

(cherry picked from commit 11d93952ea806de2b6e9fb381153115cccc7b5e8)

Related: #1642728

test: create /dev/null in test-udev.pl

(cherry picked from commit a41ff38b0999fb83464309a29b8f39450b8d4b85)

Related: #1642728

udev: make algorithm that selects highest priority devlink less susceptible to race conditions

Previously it was very likely, when multiple contenders for the symlink
appear in parallel, that algorithm would select wrong symlink (i.e. one
with lower-priority).

Now the algorithm is much more defensive and when we detect change in
set of contenders for the symlink we reevaluate the selection. Same
happens when new symlink replaces already existing symlink that points
to different device node.

Resolves: #1642728

basic/stat-util: make mtime check stricter and use entire timestamp

Note that st_mtime member of struct stat is defined as follows,

#define st_mtime st_mtim.tv_sec

Hence we omitted checking nanosecond part of the timestamp (struct
timespec) and possibly would miss modifications that happened within the
same second.

(cherry picked from commit a59b0a9f768f6e27b25f4f1bab6de08842e78d74)

Related: #1642728

udev/net_id: give RHEL-8.4 naming scheme a name

Follow-up for bb6114af097da0cd9c5081e42db718559130687f

Related: #1827462

selinux: add trigger for policy reload to refresh internal selabel cache

Reload the internal selabel cache automatically on SELinux policy reloads so non pid-1 daemons are participating.

Run the reload function `mac_selinux_reload()` not manually on daemon-reload, but rather pass it as callback to libselinux.
Trigger the callback prior usage of the systemd internal selabel cache by depleting the selinux netlink socket via `avc_netlink_check_nb()`.

Improves: a9dfac21ec85 ("core: reload SELinux label cache on daemon-reload")
Improves: #13363
(cherry picked from commit 61f3e897f13101f29fb8027e8839498a469ad58e)

Related: #1888912

selinux: introduce mac_selinux_create_file_prepare_at()

(cherry picked from commit 7e531a5265687aef5177b070c36ca4ceab42e768)

Related: #1888912

core: reload SELinux label cache on daemon-reload

Reloading the SELinux label cache here enables a light-wight follow-up of a SELinux policy change, e.g. adding a label for a RuntimeDirectory.

Closes: #13363
(cherry picked from commit a9dfac21ec850eb5dcaf1ae9ef729389e4c12802)

Resolves: #1888912

units: make sure initrd-cleanup.service terminates before switching to rootfs

A follow-up for commit a8cb1dc3e0fa81aff.

Commit a8cb1dc3e0fa81aff made sure that initrd-cleanup.service won't be stopped
when initrd-switch-root.target is isolated.

However even with this change, it might happen that initrd-cleanup.service
survives the switch to rootfs (since it has no ordering constraints against
initrd-switch-root.target) and is stopped right after when default.target is
isolated. This led to initrd-cleanup.service entering in failed state as it
happens when oneshot services are stopped.

This patch along with a8cb1dc3e0fa81aff should fix issue #4343.

Fixes: #4343
(cherry picked from commit e2c7c94ea35fe7e669afb51bfc2251158b522ea5)

Related: #1657810

cgroup: Also set blkio.bfq.weight

Commit [1] added a workaround when unified cgroups are used but missed
legacy cgroups where there is the same issue.

[1] <https://github.com/systemd/systemd/commit/2dbc45aea747f25cc1c3848fded2ec0062f96bcf>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 35e7a62ca32a30169a94693b831e53c832251984)

Resolves: #1657810

use link to RHEL-8 docs

RHEL-only

Related: #1623116

unit: make UNIT() cast function deal with NULL pointers

Fixes: #10681
(cherry picked from commit bbf11206230d1b089118971f98a047151cb5c4fa)

Related: #1871827

ci: move jobs from Travis CI to GH Actions

The OSS version of Travis CI is going to be merged with the commercial
one soon, essentially dropping the free tier, so let's move the CI jobs
to GitHub Actions to keep them up.

rhel-only
Related: #1871827

ci: use quay.io instead of Docker Hub to avoid rate limits

Docker Hub introduced rate limits for anonymous users (100 requests per
six hours), which break our CI in the busier periods. Let's try to use
the quay.io CentOS image to mitigate this.

rhel-only
Related: #1871827

ci: PowerTools repo was renamed to powertools in RHEL 8.3

See: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes

rhel-only
Related: #1871827

resolved: tweak cmsg calculation

We ask for the TTL, then have enough space for it.

We probably can drop the extra cmsg space now, but let's figure that out
another time, since the extra cmsg space is used elsewhere in resolved
as well.

(cherry picked from commit 08ab18618ec59022582f1513c0718ba369f5ba85)

Related: #1887181

core: add new PassPacketInfo= socket unit property

(cherry picked from commit a3d19f5d99c44940831a33df8b5bece4aaf749f7)

Resolves: #1887181

socket-util: add generic socket_pass_pktinfo() helper

The helper turns on the protocol specific "packet info" structure cmsg
for three relevant protocols we know.

(cherry picked from commit 35a3eb9bdc95d1e6ba25bc65c78959ea104e45a1)

Related: #1887181

introduce setsockopt_int() helper

As suggested by @heftig:

https://github.com/systemd/systemd/commit/6d5e65f6454212cd400d0ebda34978a9f20cc26a#commitcomment-30938667
(cherry picked from commit 2ff48e981e6cd1ccbfae49943274d9c8319a5e5d)

Related: #1887181

shared/install: fix preset operations for non-service instantiated units

Fixes https://github.com/coreos/ignition/issues/1064.

(cherry picked from commit 47ab95fe4315b3f7ee5a3694460a744bb88c52fd)

Related: #1812972

docs: Add syntax for templated units to systemd.preset man page

This documents the syntax

enable template@.service foo bar baz

that was introduced in #9901 to preset templated units.

(cherry picked from commit 1f667d8a7cff4355cd23ebebeb4d7179e3498eb8)

Related: #1812972

test: fix a memleak

Follow-up for #9901.

Fixes #9968.

(cherry picked from commit efa146369398fdb73f1cd177eb2522822ebf559c)

Related: #1812972

install: small refactor to combine two function calls into one function

Combine consecutive function calls of install_info_discover and
install_info_may_process into one short helper function.

(cherry picked from commit 1e475a0ab4c46eb07f3df3fb24f5a7c3e1fa20b1)

Related: #1812972

install: allow instantiated units to be enabled via presets

This patch implements https://github.com/systemd/systemd/issues/9421.

The .preset file now is able to take a rule in the format of:(e.g)
enable foo@.service bar0 bar1 bar2

In the above example, when preset-all is called, all three instances of
foo@bar0.service, foo@bar1.service and foo@bar2.service will be enabled.

When preset is called on a single service(e.g: foo@bar1.service), only
the mentioned one(foo@bar1.service) will be enabled.

Tests are added for future regression.

(cherry picked from commit 4c9565eea534cd233a913c8c21f7920dba229743)

Resolves: #1812972

tree-wide: port various bits over to locale_is_installed()

(cherry picked from commit a00a78b84e2ab352b3144bfae8bc578d172303be)

Resolves: #1755287

test: add test case for locale_is_installed()

(cherry picked from commit b45b0a69bb7ef3e6e66d443eae366b6d1c387cab)

Related: #1755287

locale-util: add new helper locale_is_installed()

This new helper checks whether the specified locale is installed. It's
distinct from locale_is_valid() which just superficially checks if a
string looks like something that could be a valid locale.

Heavily inspired by @jsynacek's #13964.

Replaces: #13964
(cherry picked from commit 23fa786ca67ed3a32930ff1a7b175ac823db187c)

Related: #1755287

log: Prefer logging to CLI unless JOURNAL_STREAM is set

(cherry picked from commit bc694c06e60505efeb09e5278a7b22cdfa23975e)

Resolves: #1865840

remove references of non-existent man pages

This is a follow-up to commit 8ad89170001c9aba8849630ddb5da81d9e24a1bc,
which introduced the man page change.

Resolves: #1876807

fix typo in ProtectSystem= option

This was introduced by commit d9ae3222cfbd5d2a48e6dbade6617085cc76f1c1 .

Resolves: #1871139

udev/net_id: don't generate slot based names if multiple devices might claim the same slot

(cherry picked from commit 2c8ec0095e6fd2e72879d4915ff8a9e5c0664d0b)

Resolves: #1827462

udev/net_id: parse _SUN ACPI index as a signed integer

Negative value means there is no match between a PCI device and any of
the slots. In the following commit we will extend this and value of 0
will indicate that there is a match between some slot and PCI device,
but that device is a PCI bridge.

(cherry picked from commit 3e545ae5abcf258791eacbee60c829c100a33274)

Related: #1827462

man: describe naming schemes in a new man page

I decided to make this a separate man page because it is freakin' long.
This content could equally well go in systemd-udevd.service(8), systemd.link(5),
or a new man page for the net_id builtin.

v2:
- rename to systemd.net-naming-scheme
- add udevadm test-builtin net_id example

(cherry picked from commit 0b1e5b6ed8c6b9a2bc53709eb75e381d360f05bf)

Related: #1827462

[msekleta: I've removed parts that describe features which are not
available in RHEL-8]

meson: make net.naming-scheme= default configurable

This is useful for distributions, where the stability of interface names should
be preseved after an upgrade of systemd. So when some specific release of the
distro is made available, systemd defaults to the latest & greatest naming
scheme, and subsequent updates set the same default. This default may still
be overriden through the kernel and env var options.

A special value "latest" is also allowed. Without a specific name, it is harder
to verride from meson. In case of 'combo' options, meson reads the default
during the initial configuration, and "remembers" this choice. When systemd is
updated, old build/ directories could keep the old default, which would be
annoying. Hence, "latest" is introduced to make it explicit, yet follow the
upstream. This is actually useful for the user too, because it may be used
as an override, without having to actually specify a version.

(cherry picked from commit 06da5c63dd697ea4087e76c6d809b60b5780b87c)

Related: #1827462

[msekleta: note that our default is not latest but rhel-8.0]

udev: introduce udev net_id "naming schemes"

With this we can stabilize how naming works for network interfaces. A
user can request through a kernel cmdline option or an env var which
scheme to follow. The idea is that installers use this to set into stone
(a very soft stone though) the scheme used during installation so that
interface naming doesn't change afterwards anymore.

Why use env vars and kernel cmdline options, and not a config file of
its own?

Well, first of all there's no obvious existing one to use. But more
importantly: I have the feeling that this logic is kind of an incomplete
hack, and I simply don't want to do advertise this as a perfectly
working solution. So far we used env vars for the non-so-official
options and proper config files for the official stuff. Given how
incomplete this logic is (i.e. the big variable for naming remains the
kernel, which might expose sysfs attributes in newer versions that we
check for and didn't exist in older versions — and other problems like
this), I am simply not confident in giving this first-class exposure in
a primary configuration file.

Fixes: #10448

(cherry-picked from commit f7e81fd96fdfe0ac6dcdb72de43f7cb4720e363a)

Related: #1827462

[msekleta: note that we are introducing our own naming schemes based on
RHEL-8 minor versions. Also we are not backporting all naming scheme
features that appeared in the original commit. We are backporting only
features relevant for v239 while original commit also converted
changes introduced in v240 into naming scheme flags.]

man: mention System Administrator's Guide in systemctl manpage

(cherry picked from commit d4582346f47064de24470b5f92e418966004925f)

Resolves: #1623116

user-util: rework how we validate user names

This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.

The idea is that we use strict mode whenver we allocate a new user
(i.e. in sysusers.d or homed), while "relaxed" mode is when we process
users registered elsewhere, (i.e. userdb, logind, …)

The requirements on user name validity vary wildly. SSSD thinks its fine
to embedd "@" for example, while the suggested NAME_REGEX field on
Debian does not even allow uppercase chars…

This effectively liberaralizes a lot what we expect from usernames.

The code that warns about questionnable user names is now optional and
only used at places such as unit file parsing, so that it doesn't show
up on every userdb query, but only when processing configuration files
that know better.

Fixes: #15149 #15090
(cherry picked from commit 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb)

Resolves: #1848373

user-util: switch order of checks in valid_user_group_name_or_id_full()

When we are supposed to accept numeric UIDs formatted as string, then
let's check that first, before passing things on to
valid_user_group_name_full(), since that might log about, and not the
other way round.

See: #15201
Follow-up for: 93c23c9297e48e594785e0bb9c51504aae5fbe3e

(cherry picked from commit a85daa0dfb3eb03be9845760e90e54b9af8fb00e)

Related: #1848373

shared/user-util: allow usernames with dots in specific fields

People do have usernames with dots, and it makes them very unhappy that systemd
doesn't like their that. It seems that there is no actual problem with allowing
dots in the username. In particular chown declares ":" as the official
separator, and internally in systemd we never rely on "." as the seperator
between user and group (nor do we call chown directly). Using dots in the name
is probably not a very good idea, but we don't need to care. Debian tools
(adduser) do not allow users with dots to be created.

This patch allows *existing* names with dots to be used in User, Group,
SupplementaryGroups, SocketUser, SocketGroup fields, both in unit files and on
the command line. DynamicUsers and sysusers still follow the strict policy.
user@.service and tmpfiles already allowed arbitrary user names, and this
remains unchanged.

Fixes #12754.

(cherry picked from commit ae480f0b09aec815b64579bb1828ea935d8ee236)

Related: #1848373

user-util: Allow names starting with a digit

In 1a29610f5fa1bcb2eeb37d2c6b79d8d1a6dbb865 the change inadvertedly
disabled names with digit as the first character. This follow-up change
allows a digit as the first character in compat mode.

Fixes: #15141
(cherry picked from commit 93c23c9297e48e594785e0bb9c51504aae5fbe3e)

Related: #1848373

shared/user-util: emit a warning on names with dots

(cherry picked from commit 88e2ed0b5bf6f08f5a2d4d64b1fefdc7192b9aac)

Related: #1848373

shared/user-util: add compat forms of user name checking functions

New functions are called valid_user_group_name_compat() and
valid_user_group_name_or_id_compat() and accept dots in the user
or group name. No functional change except the tests.

(cherry picked from commit 1a29610f5fa1bcb2eeb37d2c6b79d8d1a6dbb865)

This completes previous partial cherry-pick of the same commit (commit
76176de0889c3e8b9b3a176da24e4f8dbbd380a3).

Related: #1848373

tests: beef up integer parsing tests

(cherry picked from commit 53c6db99fa4b52f97e19977f21d3133f8ceb3dcd)

Related: #1848373

parse-util: also parse integers prefixed with 0b and 0o

Let's adopt Python 3 style 0b and 0x syntaxes, because it makes a ton of
sense, in particular in bitmask settings.

(cherry picked from commit fc80cabcf584a8b486bdff5be0c074fec4059cdc)

Related: #1848373

strv: add new macro STARTSWITH_SET()

This is to startswith() what PATH_STARTSWITH_SET() is to
path_startswith().

Or in other words, checks if the specified string has any of the listed
prefixes, and if so, returns the remainder of the string.

(cherry picked from commit 52f1552073047195d51901f7e5a5a4fa3189034e)

Related: #1848373

user-util: be stricter in parse_uid()

Let's refuse "+" and "-" prefixed UIDs. Let's refuse whitespace-prefixed
UIDS, Let's refuse zero-prefixed UIDs. Let's be safe than sorry.

(cherry picked from commit f5979b63cc305ba217dfd174b1bf0583bcf75a73)

Related: #1848373