git-history.diyao.me Git - systemd/.git/log

journal: don't remove the flushed flag when journald is stopped

Due to the fact that systemd-journal-flush.service has
"Requires=systemd-journald.service", this service is stopped too when journald
is requested to do so.

However stopping systemd-journal-flush.service implies that journald
relinquishes /var hence implicitly switching back to the volatile storage
mode and removing /run/systemd/journal/flushed.

If journald is started afterwards, it will run in volatile storage mode
regardless of the value of 'Storage=' as it believes now that /var is not yet
ready (because the flushed flag is missing).

Because this flag is mainly an indication for journald that the initialization
of /var/log/journal (during the boot process) has been done,
systemd-journal-flush.service shouldn't be tied to the state of journald itself
but to the state of /var/log/journal, hence to the state of the system.

(cherry picked from commit d5ee050ffc9d413253932d9340ade8c8fb111092)
(cherry picked from commit 8800d99d4fe4781b6ed265580b795b4a78a36fe8)

sd_bus_get_timeout: fix timeout value doc

The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.

(cherry picked from commit 25060a570c106cf5a14a3268bb0d38d9feb7fdab)
(cherry picked from commit 4d4b70277539f21c0dcbbac37bc75abe4c01d00f)

Bump the max number of inodes for /dev to 128k

Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2.

Apparently the previous limit set on the max number of inodes for /dev was too
small as a system with 4096 LUNs attached can consume up to 95k inodes for
symlinks:

  # /bin/df -i
  Filesystem                 Inodes  IUsed    IFree IUse% Mounted on
  devtmpfs                 49274377  95075 49179302    1% /dev

Hence this patch bumps the limit from 64k to 128k although the new limit is
still pretty arbitrary (that said, not sure if it really makes sense to put
such absolute limit number).

(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f)
(cherry picked from commit b1bb976219e4c63d4b8099a2820fedbedf0aa8a5)

cryptenroll: fix wrong error messages

PKCS#11 -> FIDO2 in cryptenroll-fido2.c

(cherry picked from commit 4b9aa29bc9ded35147f9fa77f77e13c3c6fa7fcf)
(cherry picked from commit a9149ef71dbfafd964b4e509690418be602c6eb6)

cgroup: don't emit BPF firewall warning when manager is in test mode

Support for BPF might not have been checked, since it's not necessary
in test mode (eg: running offline analysis of units). This causes an
assert:

Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting.

Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger
this assert while doing an offline analysis of a unit that has some
firewall/network restrictions set.

Skip the warning if the manager is in test mode.

(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2)
(cherry picked from commit f4472e406eaa1087534066d09a4b7f2fd1de2a06)

core/bpf-firewall: make bpf_firewall_supported() always set unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned

Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will
trigger an assertion.

(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211)
(cherry picked from commit 27028ef0f0bc128d14f41e233ad256687fd7e379)

Fixed typo

`ip set dev eth0` should be `ip link set dev eth0`

(cherry picked from commit 2ed6297f71a04839f23e460095da126112f5626d)
(cherry picked from commit 909b5af4bd37b34ef5aada86823bdac861c7db10)

sd-dhcp6-client: fix error handling

(cherry picked from commit 97e80ee4a86d4097fda78a01d8b64ad2085008f3)
(cherry picked from commit c766dc2f77ed15e41de70e5e5f03dc4650fa55de)

fix ConditionPathIsReadWrite when path does not exist.

(cherry picked from commit 7c4c9948d02ceda903ed4e4deea0d0084612625a)
(cherry picked from commit 80b7a4276abb832b6af1d1d060affb0988ab7fa0)

fix ConditionDirectoryNotEmpty when it comes to a Non-directory file

(cherry picked from commit 193105f2d0408e2d96265935174b3cf0f100ef2e)
(cherry picked from commit 10fc8b7775a8cfd9519a1c6628d813b1aa315a33)

test-journal-flush: do not croak on corrupted input files

We would fail if the input file was corrupted:
build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~
journal_file_copy_entry failed: Bad message
Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting.
[1] 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~

Let's skip some "reasonable" errors.

Fixes #17963.

(cherry picked from commit b4046d55570ff0e23d16f7e2912e7ef0a55b25d8)
(cherry picked from commit 0d98afa9548873669531fb3f8aa0f1ab56455411)

test-journal-flush: allow testing against specific files

>=0 → ==0 because sd_journal_open* are documented to return 0.

(cherry picked from commit 0fa167cd58b5a4ffe16a332131df70bf77edddbe)
(cherry picked from commit bb29932a4172810357597175a62cb4c8cbd1087c)

journal: Deduplicate entry items before they are stored in the entry object

If the iovec contains the same data more than once, we'll end up with
duplicate offsets in the items array. Let's make sure we remove any
duplicates before we store the items in an entry object.

(cherry picked from commit 5ec9fbae64bef896368f744a875dd0437a4c42f2)
(cherry picked from commit 71976e91c5a887585b9fb8a162116824b141eecf)

mmap-cache: LIST_REMOVE() *after* w->unused_prev

The LIST_REMOVE() macro always assigns NULL to w->unused_prev,
meaning every time this window was in last_unused, the remainder
of the unused list was lost to the ether.

Turns out there's been a memory leak in journald after all, this
code has been there since at least 2013...

(cherry picked from commit b82aca89a5b366c4377b3b140e54313e817e8f57)
(cherry picked from commit 42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03)

journal: Remove entry seqnum revert logic

This actually causes mismatches between the header tail entry seqnum
and the last entry seqnum since when we revert the header seqnum, we
don't remove the entry object we added. If adding the entry object
itself fails, we don't need to revert the seqnum since it's never
incremented so let's remove this logic alltogether.

(cherry picked from commit b41b682bd6f1290caa4220291b22cae317cb6413)
(cherry picked from commit 06a0e8283ed87773795f28e58318d5d1b46b1088)

man: "-j", not "-J" is the shortcut for JSON mode in homectl

The code and --help text got this right, hence fix the man page

(cherry picked from commit 2a703778e9e7028ef110768f0d1e995007adf9cc)
(cherry picked from commit 41b526a1f80f66e5b15b34eea321a545ce69b8a7)

test: make test-execute pass on Linux 5.15

Linux 5.15 broke kernel API:

https://github.com/torvalds/linux/commit/e70344c05995a190a56bbd1a23dc2218bcc8c924

Previously setting IOPRIO_CLASS_NONE for a process would then report
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
breakage that our testsuite trips up on.

(I made some minimal effort to inform the kernel people about this API
breakage during the 5.15 rc phase, but noone was interested.)

Either way let's hadle this gracefully in our test suite and accept
"best-effort" too when "none" was set.

(This is only triggable if the tests are run on 5.15 with full privs)

(cherry picked from commit d9b8771108cf2955efc3852b477391017d2c599a)
(cherry picked from commit 8be872769b475b9a664ca8b26fb1bb0e246eeb65)

homework: fix a bad error propagation

(cherry picked from commit b05f4495bd374dc28d39ea43ac7cec3f0fea4071)
(cherry picked from commit e05915315fdf21ee51ec1501e02d04ba1e9af045)

shell-completion: add journalctl --facility

Fixes #21484.

(cherry picked from commit 989db9b399fb69bd6b991180a1f2d801124fdbd7)
(cherry picked from commit e05c51c96682379bef8e3d54318675cfaf3a9f43)

sd-bus: Fix standard method argument names

The argument names of methods under org.freedesktop.DBus.Properties and
org.freedesktop.DBus.Introspectable interfaces are specifies in D-Bus
specification[1]. They are:

  org.freedesktop.DBus.Introspectable.Introspect (out STRING xml_data)
  org.freedesktop.DBus.Properties.Get (in STRING interface_name,
                                       in STRING property_name,
                                       out VARIANT value);
  org.freedesktop.DBus.Properties.Set (in STRING interface_name,
                                       in STRING property_name,
                                       in VARIANT value);
  org.freedesktop.DBus.Properties.GetAll (in STRING interface_name,
                                          out DICT<STRING,VARIANT> props);

sd-bus is using different argument names in the introspection document.
Usually this is not a problem but in case something tries to map the
argument names based on the introspection document to the position of
the arguments in the method call, then using names different than the
ones specified in the D-Bus specification is confusing.

So fix the names to match the D-Bus specification.

[1] https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-introspectable

(cherry picked from commit 98503c6d0cae795be89efd74ccab821729c2143a)
(cherry picked from commit 989c3fc3a008ca9733284ac37f51edfb0ababf00)

virt: Fix the detection for Hyper-V VMs

Use product_version instead of product_name in DMI table and the string
"Hyper-V" to avoid misdetection.

Fixes: #21468

Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4)
(cherry picked from commit ba22ee4985c6ca690b84fdca36cf012b200a3c4e)

virt: Support detection for ARM64 Hyper-V guests

The detection of Microsoft Hyper-V VMs is done by cpuid currently,
however there is no cpuid on ARM64. And since ARM64 is now a supported
architecture for Microsoft Hyper-V guests[1], then use DMI tables to
detect a Hyper-V guest, which is more generic and works for ARM64.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467

(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87)
(cherry picked from commit 258968ba75bc27d4ea61967b9a27c1f139e89799)

resolved: clean up manager_write_resolv_conf() a bit

Let's downgrade log messages which are not fatal for the service to
LOG_WARNING.

And let's simplify clean-up by using _cleanup_(unlink_and_freep).

(cherry picked from commit e2ef1e9aea24d89d1e92fa4675ddc330029b48bf)
(cherry picked from commit e4f6e956abdca1b7f538845dae79e5afb708e2df)

resolved: make sure we don't hit an assert when dealing with incomplete DNSSD service definitions

Fixes: #21142
(cherry picked from commit 8cf9898a964693b8a3c40b502af0377ede746f4d)
(cherry picked from commit 018c8e8f67b699c5e5aadb73a3ddf3b8009a741a)

resolved: properly signal transient errors back to NSS stack

NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN,
and they can all be used in nsswitch.conf to route requests.

So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also
return TRYAGAIN in some cases, specifically the ones where we are
currntly unable to resolve a request but likely could later. i.e.
errors caused by networking issues or such.

Fixes: #20786
(cherry picked from commit ae78529fc75027b3487b64e0d22a572fd9c8ffeb)
(cherry picked from commit 7ab91cb307eb0a518f4a956674a108221538fc88)

resolved: fix ResolveService() hostname handling

Let's eat up special returns of dns_query_process_cname_many() when
storing hostname resolution results.

The rest of the code assumes only == 0 means success and != 0 means
error, but so far > 0 also could mean success, let's fix that.

Fixes: #21365 #21140

(This was originally broken in 1db8e6d1db0880de240e5598e28d24d708479434)

(cherry picked from commit 5a78106ad92d3f122f7ac653eecf767f0a8948cf)
(cherry picked from commit 70f465cb5d10b7bcd7bd7c326756d542e59c0e0b)

man: fix type in sd_bus_error_add_map() prototype

Fixes: #21467
(cherry picked from commit 988637841ee927bdb41d3872fc775ab3a782ab78)
(cherry picked from commit f95f68306398c741e759fe0c186b838b5d79219a)

FIDO2 device removal instructions (#21426)

* man: document FIDO2 device removal

Indicate to users how to remove FIDO2 device in the --fido2-device=path section by setting path to an empty string (""). Tested on systemd 249 (249.6-3-arch)

(cherry picked from commit 6d5ea0f127e60ca6c7ecc83eff4618111b7c831b)
(cherry picked from commit 45c0233e37a037396936124564a81dea542f6e43)

analyze: fix printing config when there is no main config file

Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the
main config file may be located in /usr or in other paths. But the code in
analyze.c was still assuming that it must be in /etc. Things mostly worked for
our own config files because we usually install a comments-only file in /etc,
but was not correct in the general case.

This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'.
In Fedora we distribute a config file in zram-generator-defaults.rpm that is in
/usr/lib, and 'cat-config' would refuse to show it because
/etc/systemd/zram-generator.conf does not exist.

The main config file is optional, but let's print an informative message
because this is a slightly unusual case.

The file paths that we printed were missing the root prefix.

(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323)
(cherry picked from commit 8621f957b6e3a7eed1c5965d332ad1c4c594f26e)

journal: Skip corrupt Data objects in sd_journal_get_data()

Similar to the change we made for sd_journal_enumerate_data(), let's
skip corrupt entry items and data objects in sd_journal_get_data().

(cherry picked from commit 8a799bed4c25be5792acf4d375bd2cdf0a4a3165)
(cherry picked from commit 2124893b258ffc23ae034bce388b61fb148c805f)

journal: Use separate variable for Data object in sd_journal_get_data()

A little cleanup to make the next change easier. We're not moving to a
new Entry object in the for loop so there's no danger of changing the
Entry object window.

(cherry picked from commit 847c7ee8c3c1a6cecd02501562b1afd8dd3c51de)
(cherry picked from commit a1ca5320ec74f5112d32338e3061a34f17c4b954)

journal: Skip over corrupt entry items in enumerate_data()

Similar to sd_journal_next(), if trying to access an entry item
offset's data results in EBADMSG, skip to the next entry item so
we handle corruption better.

Fixes #21407

(cherry picked from commit 5a94a2bf2b9c9ae362dd4a7c2e6b263c55545036)
(cherry picked from commit e8a54526d8a89097742d808a53956a54431ded06)

units: delay binfmt processing until after local-fs.target

Users may use rules that refer to binaries e.g. in /opt or /usr/local,
and those directories may be separate mount points. We don't need the
binfmt rules in early boot, so let's delay the service so that we can
rely on the full local filesystem being visible.

Fixes #21178.

(cherry picked from commit 0491ab5fcd1e8a7d6c532c591dabb98a9e6ed648)
(cherry picked from commit b564be5d5e8ac063a378e818af51a267e99bff0d)

seccomp: move mprotect to @default

With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:

Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 10 10:31:41 2021 +0200

    nptl: Move changing of stack permissions into ld.so

    All the stack lists are now in _rtld_global, so it is possible
    to change stack permissions directly from there, instead of
    calling into libpthread to do the change.

It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.

(cherry picked from commit 4728625490b70ac4a686b1655c08ad3fe7b97359)
(cherry picked from commit 0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f)

dhcp: fix assertion failure

Fixes #21671.

(cherry picked from commit 990d0aa98023140d1efc897c3dcd5e0599a60203)
(cherry picked from commit d59f045a9341f33df161a83a0a5428e137381206)

tests: add test case for UMask=+BindPaths= combination

Inspired by the test case described in #19899

(cherry picked from commit 875afa02fabe1dad5aa3d1e9bff89d493a369fd0)
(cherry picked from commit ae53f4b5e48860b473c4d05958486a77f84ecc6d)

namespace: make tmp dir handling code independent of umask too

Let's make all code in namespace.c robust towards weird umask. This
doesn't matter too much given that the parent dirs we deal here almost
certainly exist anyway, but let's clean this up anyway and make it fully
clean.

(cherry picked from commit 30443439274cc223583c6c57f7d9041e440e346f)
(cherry picked from commit 78858632566c30d2299bcdbd6efe3cbd1cc99d5a)

namespace: make whole namespace_setup() work regardless of configured umask

Let's reset the umask during the whole namespace_setup() logic, so that
all our mkdir() + mknod() are not subjected to whatever umask might
currently be set.

This mostly moves the umask save/restore logic out of
mount_private_dev() and into the stack frame of namespace_setup() that
is further out.

Fixes #19899

(cherry picked from commit cdf42f9bd40ff21a67d58b948efea055d56ad398)
(cherry picked from commit 569ef9413c2ef3275b45458367342112e5d5f991)

namespace: rebreak a few comments

(cherry picked from commit d73020f2420aa3f220481016829aaa2602abf081)
(cherry picked from commit bce7fb14df960aee57f0ad5c9c12a0d35c3e504e)

umask-util: add helper that resets umask until end of current code block

(cherry picked from commit 52f05ef21d7790f37bc3cd6e54fb9a4bcb16efa5)
(cherry picked from commit 77cfa37459fbd350c67c08597aaa5cc098fcc1ee)

binfmt: fix exit value

Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g.
systemd-binfmt --foobar would "succeed".

(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772)
(cherry picked from commit d4406e94a32d423d8a73deb7757fb09890afe2c4)

Change gendered terms to be gender-neutral (#21325)

Some typos are also fixed.

(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0)
(cherry picked from commit 3ba07929636e1a55c71767e40e23bf639b7a8db5)

docs: Clarify systemctl show manual

The manual incorrectly asserted that the properties in systemctl show
matched the the options in systemd-system.conf, which is not always true.

Add clarification on the equivalence of the properties in systemctl show
and systemd-system.conf

Fixed #21230

(cherry picked from commit c809e38732afcb3efc429fc5086f9c48e45ae635)
(cherry picked from commit 0e7dc0ae2c9be0dd390e6c34cb3128e53d714ab8)

sd-event: don't destroy inotify data structures from inotify event handler

This fixes a bad memory access when we destroy an inotify source handler
from the handler itself, and thus destroy the associated inotify_data
structures.

Fixes: #20177
(cherry picked from commit 53baf2efa420cab6c4b1904c9a0c46a0c4ec80a1)
(cherry picked from commit 439a271943aa182002e5fb64f1a216415e556472)

tree-wide: use sd_event_source_disable_unref() where we can

(cherry picked from commit 4f538d7b221de5707c1ff422e6e34be795535397)
(cherry picked from commit e53bfae86dfb909e0a2eb179328b61f4ed723639)

logind: downgrade message about /run/utmp missing to LOG_DEBUG

This isn't really anything to really complain about, let's debug log
about this, and continue quietly as if utmp was empty.

(cherry picked from commit 9830d716147c4e35026457027af95f303e690ae9)
(cherry picked from commit 5ac75f556c2ff3c28a815414dab92b58c3726dbd)

user-record: fix display of access mode

(cherry picked from commit 7cdd5c0d4c2213b791d8d22e7dd466a39e9c5db0)
(cherry picked from commit 9e318d9ff288b2b12b21a534d0cab3b4e153b462)

basic/mountpoint-util: detect erofs as a read-only FS

(cherry picked from commit fac2c3e97d80fb356eb50abb429bdb5ed36afcf1)
(cherry picked from commit 74af5a3696cd3747fa814a21eb1b3d7cae3dea56)

test-oomd-util: skip tests if cgroup memory controller is not available

Fixes #20593 and #20655.

(cherry picked from commit 8b2e22579a6549ab8423858819703fc142862bcb)
(cherry picked from commit 38787a985396277058a20ac0c6f66fd1377d0737)

scope: count successful cgroup additions when delegating via D-Bus

Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse
activation of scopes if no PIDs to add are left") all "systemd-run --scope
--user" calls fail because cgroup attachments delegated to the system instance
are not counted towards successful additions. Fix this by incrementing the
return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to
what happens when cg_attach() succeeds directly.

Note that this can *not* distinguish the case when
unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all
processes to attach are gone in the meantime, unlike the checks that commit
8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is
because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal
unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include
the number of successfully attached processes and is always NULL on success.

Fixes: #21297

(cherry picked from commit c65417a01121301fdf7f8514ee7663d287af3a72)
(cherry picked from commit be509064edba9863521a77a4a20a6e1a0971693e)

test: use kbd-mode-map we ship in one more test case

Follow-up for be0cc2ce6c947aafadb3f42dba405269f670b31c.

Fixes https://github.com/systemd/systemd/pull/19670#issuecomment-965817823.

(cherry picked from commit a914901d38e01b90e21883b6a2ca1bec21997201)
(cherry picked from commit 8bc32a5843ba616c8552e25a929e9fd1f2cabd52)

process-util: wait for processes we killed even if killing failed

The processes might be zombies in which case killing will fail, but
reaping them still matters.

(cherry picked from commit 2c1612100daae9cef1b71c06ae4c4ec5f9378f09)
(cherry picked from commit deda69dad784f9c4367533555ff4d7bf6308c0ff)

test-keymap-util: always use kbd-model-map we ship

This test makes assumptions on the availability of some mappings contained in
kbd-model-map and therefore strongly relies on the version shipped by
upstream. IOW the test is likely to fail if it's installed on a system with a
more comprehensive kbd-model-map.

This patch makes the upstream kbd-model-map file available via a symlink in
test/testdata/test-keymap-util dir and makes sure that this specific version is
always used by test-keymap-util regardless of whether the test is installed and
run on a different system or directly run (optionally via meson) from the
project working dir.

(cherry picked from commit be0cc2ce6c947aafadb3f42dba405269f670b31c)
(cherry picked from commit f97480d98d642064294bbaaf49ca7c65767f6cfd)

man: document cryptenroll limitations

Let's document this for now. We should be able to lift these limitations
sooner or later, at which point we can drop this documentation again.

These two limitations are a pitfall that people should be aware of,
before going FIDO2-only.

See: #20230 #19208
(cherry picked from commit 0bada3f8b72e07bc8926b28957681abb5622039a)
(cherry picked from commit 17555384e5ea114a6e207561ec8050b906498f74)

core: ignore failure on setting smack process label when allowed

(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732)
(cherry picked from commit 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d)

execute: respect selinux_context_ignore

When `SELinuxContext=` parameter is prefixed with `-`, the documentation states
that any errors determining or changing context should be ignored, but this
doesn't actually happen and the service may fail with `229/SELINUX_CONTEXT`.

Fix by adding checks to `context->selinux_context_ignore`.

Closes: #21057
(cherry picked from commit 2ad2925de5f258d128ec8cdb07f10f3c52fa4fcf)
(cherry picked from commit 38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef)

systemctl: only fall back to local cgroup display if we talk to local systemd

Otherwise we likely show rubbish because even in local containers we
nowadays have cgroup namespacing, hence we likely can't access the
cgroup tree from the host at the same place as inside the container.

(cherry picked from commit 35ac0260db7b896604d156e9638ad15700083508)
(cherry picked from commit 08693ce568f0967046b669fcd99ba0939a1df86d)

scope: refuse activation of scopes if no PIDs to add are left

If all processes we are supposed to add are gone by the time we are
ready to do so, let's fail.

THis is heavily based on Cunlong Li's work, who thankfully tracked this
down.

Replaces: #20577
(cherry picked from commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3)
(cherry picked from commit 7ecb1b82d9b55a081d81b2802695fd21293ce029)

core: normalize 'r' variable handling in unit_attach_pids_to_cgroup() a bit

The 'r' variable is our "go-to" variable for error return codes, all
across our codebase. In unit_attach_pids_to_cgroup() it was so far used
in a strange way for most of the function: instead of directly storing
the error codes of functions we call we'd store it in a local variable
'q' instead, and propagate it to 'r' only in some cases finally we'd
return the ultimate result of 'r'.

Let's normalize this a bit: let's always store error return values in
'r', and then use 'ret' as the variable to sometimes propagate errors
to, and then return that.

This also allows us to get rid of one local variable.

No actual codeflow changes, just some renaming of variables that allows
us to remove one.

(cherry picked from commit db4229d12f48663400802171b336c7cadbbe04ef)
(cherry picked from commit 84ec6a0043f7a447157753fb12e991ebce6e14b7)

man: document that daemons can close fds they receive via sd_listen_fds() if they like

Fixes: #18872
(cherry picked from commit c896eb7ad65f4dbe968fdf01fa51e9ef4d2d11ed)
(cherry picked from commit 04e07e55723a92bfc0cd4e84482cbef96604e706)

man: document how nss-resolve and systemd-resolved communicate

Fixes: #20925
(cherry picked from commit 1d697549887d68953058049fcd833fa93a74402a)
(cherry picked from commit 65aca93f2c64155b029388a69a768c37f0614e93)

man: clarify the situation of unit templates regarding "systemctl list-units" + "systemctl list-unit-files"

Fixes: #21075
(cherry picked from commit 7ea5e82f6ac78704f1554be9040b84bac75c2ec1)
(cherry picked from commit 37ade0494a2ca154b107b79766d45f242eacb1cf)

test: do not use alloca() in function call

(cherry picked from commit 4150584e63562616e16242f7b1016c0e642fb59e)
(cherry picked from commit 5f326b0388d4b0a7fcab8cedca255e93a6e311f4)

hwdb: Allow console users access to media* nodes

Newer webcams and video devices have controls only available through
/dev/media* nodes. Make sure they're accessible in the same way as
/dev/video* nodes.

Closes: #21054
(cherry picked from commit 63fbfc598f9f6d3ce34cc00a7687089dab24daff)
(cherry picked from commit 920d0d1b14dfb94788a5b2794860cac583b982c3)

change indicator used for later versions of VirtualBox (#21127)

Detection of VirtualBox is accomplished in the existing code by *either* `innotek GmbH`
or `Oracle Corporation` existing in any of:

- /sys/class/dmi/id/product_name
- /sys/class/dmi/id/sys_vendor
- /sys/class/dmi/id/board_vendor
- /sys/class/dmi/id/bios_vendor

With Oracle's physical servers, both `/sys/class/dmi/id/sys_vendor` and
`/sys/class/dmi/id/board_vendor` contain `Oracle Corporation`, so those
servers are detected as `oracle` (VirtualBox).

VirtualBox has the following values in the latest versions:

- /sys/class/dmi/id/product_name: `VirtualBox`
- /sys/class/dmi/id/sys_vendor: `innotek GmbH`
- /sys/class/dmi/id/board_vendor: `Oracle Corporation`
- /sys/class/dmi/id/bios_vendor: `innotek GmbH`

Presumably the existing check for `innotek GmbH` is meant to detect
older versions of VirtualBox, while changing the second checked value
from `Oracle Corporation` to `VirtualBox` will reliably detect later and future
versions.

(cherry picked from commit cfee6b955154c30be31ffcf0e3b7b89374a52fff)
(cherry picked from commit 7459b7f4a63de87a6e76e9187893c65291b7931f)

json: do something remotely reasonable when we see NaN/infinity

JSON doesn't have NaN/infinity/-infinity concepts in the spec.
Implementations vary what they do with it. JSON5 + Python simply
generate special words "NAN" and "Inifinity" from it. Others generate
"null" for it.

At this point we never actually want to output this, so let's be
conservative and generate RFC compliant JSON, i.e. convert to null.

One day should JSON5 actually become a thing we can revisit this, but in
that case we should implement things via a flag, and only optinally
process nan/infinity/-infinity.

This patch is extremely simple: whenever accepting a
nan/infinity/-infinity from outside it converts it to NULL. I.e. we
convert on input, not output.

(cherry picked from commit 8f1daefce6e952f2fad9510e5101b5fc675d363f)
(cherry picked from commit 06444b314b863facdb173f10f2d1ff11196755d2)

stat-util: specify O_DIRECTORY when reopening dir in dir_is_empty_at()

That way we can fail earlier if the specified fd is not actually a
directory.

(Also, it's not exactly according to standards to open things without
either O_RDONLY/O_RDWR...)

(cherry picked from commit b9d06522631a22d242374dc44a74c3b6459e3cb3)
(cherry picked from commit e1e32516f98a1f39ce763545de9a8664526d0b8a)

varlink: disconnect varlink link in one more case

Previously we'd possibly see POLLHUP on a varlink link, and continue to
run epoll on it even though we have nothing to read nor write anymore.

Let's fix that, and once we know that there's nothing to write anymore
(or we saw a write error already) we'll disconnect after POLLHUP.

Fixes: #20062
(cherry picked from commit 7c26a631ad8bf91016db156b7d299ca68fd7866e)
(cherry picked from commit 968f2f3f5a76b05142e1de447bb79f4f97868721)

network: route: fix possible overflow in conversion usec_t -> uint32_t

(cherry picked from commit ff43dddab7260c9220eaea2a545514772c0e581f)
(cherry picked from commit 7a9b38919302e98cebc2c6233fd09d0c07ae41dc)

utmp: remove /dev from line

utmp(5) says `ut_line` is the device name minus the leading "/dev/". Therefore,
remove it. Without that, when using UtmpMode=user, we get `/dev/tty` in the
output of `last`/`w`.

(cherry picked from commit 33331d116db2eaf1189ea56ee4b36540179ac3dd)
(cherry picked from commit 09534e85b5c51c664077637e7e8c7c68dec52972)

homed,shutdown: call valgrind magic after LOOP_GET_STATUS64

valgrind doesn't understand LOOP_GET_STATUS64. We already work around
this in various placed, via VALGRIND_MAKE_MEM_DEFINE(), but we forgot
three places. Let's fix that.

(cherry picked from commit 48f462547d63e1d03bee612e1c77073263e71293)
(cherry picked from commit bf6bd21f7c887ffa4591ed0cee00b234835ca2be)

userdb: fix type to pass to connect()

Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275.

(cherry picked from commit c14e57356f1e82c35bf3a3e8aaeac134b545801b)
(cherry picked from commit 667eab61d4c5520d7875de5df489ec68a4c9f123)

dm-verity: Remove usage of integrity

There is a difference between dm-verity and dm-integrity. Remove
usage of integrity from verity documentation in man pages and
target files.

(cherry picked from commit 9a2a6ec4e31abe4b58b140767a82200f79c8645f)
(cherry picked from commit 884f5b748a5434946d4c9fbe39ba2c88371e0071)

homework: don't bother with BLKRRPART on images that aren't block devices

We currently call this ioctl even if we are backed by a regular file,
which is actually the common case. While this doesn't really hurt, it
does result in very confusing logs.

(cherry picked from commit 6a1301d8c97dc650e4355bb7c193f5821b3383a8)
(cherry picked from commit 7b3ff9a957630535ec58aeca7e41e6c63fa99114)

homework: fix incorrect error variable use

(cherry picked from commit 82fb0911fc0aa2aaf39428ef36e78898ece2b4ea)
(cherry picked from commit 3e9dbda7d5efbe642e6254cc086b4cf54c862618)

import: turn off weird protocols in curl

Let's lock things down a bit and now allow curl's weirder protocols to
be used with our use. i.e. stick to http:// + https:// + file:// and
turn everything else off. (Gopher!)

This is cde that interfaces with the network after all, and we better
shouldn't support protocols needlessly that are much less tested.

(Given that HTTP redirects (and other redirects) exist, this should give
us a security benefit, since we will then be sure that noone can forward
us to a weird protocol, which we never tested, and other people test
neither)

(cherry picked from commit 55b90ee00b78a449c8f187a5e8141f8ccb100bf4)
(cherry picked from commit 4d8fd88b9641fce81272f60f556543f713175403)

link: Stop prefixing features with "the"

(cherry picked from commit f20710c74c08bf69472f62c886e5bdd5e38c87a5)
(cherry picked from commit 08c7dfd68e9d79edf4e9cfe405d7f234bcd12324)

src/boot/efi/linux: fix linux_exec prototype

Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to
it. linux_efi_handover(), which is called by linux_exec(), also expects an
EFI_HANDLE.

(cherry picked from commit d48f9174cf211a235193963a06b3d28537fc6529)
(cherry picked from commit a825ced57fa8533ba54fec4c4476400e122ddbc3)

discover-image: pass the right fd to fd_getcrtime()

(cherry picked from commit 12a7f04a2b9135a4751dba71e2f688525d7c93e7)
(cherry picked from commit 64b025686f36ae4385811be6f81d5f7d94da3437)

shell-completion: add missing uevent actions for udevadm

(cherry picked from commit 74614801f6bd33dfb2c051fa6b6d7c899c695cf6)
(cherry picked from commit 0750673e02562f6c91f6875e99cc9163a05a5116)

unit: coldplug both job and nop_job if possible

Sometimes, both job and nop_job are deserialized. In this case,
if we only cold plug the job, the nop_job will also stuck in the
job list.

(cherry picked from commit 7dbd330c7ef28852db0fb044503ed6f072477d50)
(cherry picked from commit 213ae9db6274227636fdca6731511499ed933e61)

network: allow users to forbid passthru MACVLAN from putting its link into promiscuous mode

While we haven't implemented a key for users to set MACVLAN/MACVTAP flags,
we can at least allow them to make use of the Promiscuous= key of
the corresponding link to set the nopromisc flag.

(cherry picked from commit 17a6a4ae2e7104a1105a0cef0ba049799f3ef6bc)
(cherry picked from commit 1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23)

Don't open /var journals in volatile mode when runtime_journal==NULL

(cherry picked from commit d64441b669932ab97fbbfc71cb143045f690039e)
(cherry picked from commit 00e7f0994a39852ab1adabfb7e19ff2634e916a0)

resolved: retry on SERVFAIL before downgrading feature level

The SERVFAIL RCODE can be generated for many reasons which may not be related
to lack of feature support. For example, the Stubby resolver generates
SERVFAIL when a request times out. Such transient failures can cause
unnecessary downgrades to both the transaction and the server's feature level.
The consequences of this are especially severe if the server is in DNSSEC
strict mode. In this case repeated downgrades eventually cause the server to
stop resolving entirely with the error "incompatible-server".

To avoid unnecessary downgrades the request should be retried once with the
current level before the transaction's feature level is downgraded.

(cherry picked from commit 8a33aa199dc1cea14494469ac9d7d08dc6721df1)
(cherry picked from commit 8280bec34df8e35592f4a4a549127471a9199231)

sd-boot: Rework console input handling

Fixes: #15847
Probably fixes: #19191

(cherry picked from commit e98d271e57f3d0356e444b6ea2d48836ee2769b0)

sd-boot: Fix possible null pointer dereference

Auto entries are showing garbage for the version in print_status()
because StrDuplicate does not expect null pointers.

(cherry picked from commit b52fafb26d90b77cfc259fcbdab3c95a571bacb1)
(cherry picked from commit 872d101c2308e07c523fd6ca84bd774447f05b7e)

sd-boot: Unify error handling

log_error_stall() and log_error_status_stall() will ensure the user has
a chance to catch an error message by stalling and also forcing a
lightred/black color on it. Also, convert several Print() calls to it
since they are actually error messages.

(cherry picked from commit 8aba0eec499b762657f528988c2f093ac490620d)

Fix the "Failed to open random seed ..." message.

When boot ArchLinux from Ventoy, it always print `Failed to open random seed file: write protected.`
As Ventoy emulate the ISO file as a read-only CDROM, I didn't test with a real physical CDROM drive, but maybe it also has such problem.
As we use `EFI_FILE_MODE_WRITE` to open the `loader\random-seed` file, so I think it's better to check the result with both `EFI_WRITE_PROTECTED` and `EFI_NOT_FOUND`.

(cherry picked from commit 2846007ecfb1fc84005b942167d394294c707d7b)
(cherry picked from commit c1b4ee2e0fd28a0c802a3694107613e1689d1c96)

sd-dhcp6-client: ignore IAs whose IAID do not match client's IAID

But do not refuse whole message.

(cherry picked from commit 469fd57f181e2a8d93f01662418ca998e1239ea5)

coredumpctl: stop truncating information about coredump

With the changes to limit that print 'Found module …' over and over, we were
hitting the journal field message limit, effectively truncating the info output.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488.

(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e)
(cherry picked from commit 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c)

Revert "core: Check unit start rate limiting earlier"

This reverts commit 1f77dbfaaedcb8bdecc6610fa96f7fed80bfb8d8.

This was causing problems during boot, see
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6,
https://bugzilla.redhat.com/show_bug.cgi?id=2013386.

localed: use PROJECT_FILE rather than __FILE__ for logging

All our log.h code uses PROJECT_FILE for this, let's hence use it here
too.

(cherry picked from commit 11c8b1f1031d368358286f4bb26abebd73cd2868)
(cherry picked from commit 00b0393e65252bf631670604f58b844780b08c50)

coredump: Don't log an error if D-Bus isn't running

coredumpctl could be used in a chroot where D-Bus isn't running. If
that's the case, we shouldn't consider it an error if we can't connect
to the D-Bus daemon so let's reduce the severity of the error we log
when we can't connect to D-Bus because the socket doesn't exist.

(cherry picked from commit 414bd2e786f9912f51b82e5fe4a1126179a5652a)
(cherry picked from commit 6745eaa6308b835e2c5e68d49e9bece29fd37fa2)

core/service: also check path in exec commands

(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
(cherry picked from commit b3978cf401306a793c7531299a5e9b3c63e53a27)

core: fix SIGABRT on empty exec command argv

This verifies that the argv part of any exec_command parameters that
are sent through dbus is not empty at deserialization time.

There is an additional check in service.c service_verify() that again
checks if all exec_commands are correctly populated, after the service
has been loaded, whether through dbus or otherwise.

Fixes #20933.

(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
(cherry picked from commit 7a58bf7aac8b2c812ee0531b0cc426e0067edd35)

user-record: disable two pbkdf fields that don't apply for pkbdf2

Fixes: #20830
(cherry picked from commit 8b4f88d13681c6dec839de06c668d32374d44724)
(cherry picked from commit 5ee578fd13809e08fbda1a9bca2256ffd24e9857)

basic/env-util: correctly parse extended vars after non-extended vars (#20941)

(cherry picked from commit 5ef97a712236f0ddddec52665c0aea7d4e6d3c13)
(cherry picked from commit 74583cad5a3bf4051b879b8b1ac53934027ef485)

repart: use right error variable

(cherry picked from commit 8ac04a65477b59c9143b635c0c0daa5152d9b466)
(cherry picked from commit b57f76bff912de738a8da8feceb298160bebab26)

sleep: don't skip resume device with low priority/available space

this fixes hibernation when there's a higher priority swap preceding
the resume swap in /proc/swaps.

fixes #19486

(cherry picked from commit 936a7cb66a0b423e75ceef87f02537067ad17002)
(cherry picked from commit 20c776c5e92201e01d4bfbea4ecbc4df758bcf09)

mount-util: fix fd_is_mount_point() when both the parent and directory are network fs

The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.

(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d)
(cherry picked from commit 8de173ff933510200ac3db77f1ae713f2c4acdc3)