git-history.diyao.me Git - systemd/.git/log

manager: prohibit clone3() in seccomp filters

RestrictNamespaces should block clone3() like flatpak:
https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330

clone3() passes arguments in a structure referenced by a pointer, so we can't
filter on the flags as with clone(). Let's disallow the whole function call.

(cherry picked from commit 30193fe817d262bd64b9a271534792046f19d7f5)
(cherry picked from commit 32e7c65372945f0d3aa5d378dd1e832d62c51949)

resolve: fix typo in dns_class_is_pseudo()

(cherry picked from commit 98e5a6c93c6fcf94ba24dfb666c743ea35124290)
(cherry picked from commit c202d402d9572a8290f9a2ccd66b1dc419e54ee7)

sd-ipv4acd: actually drop the arp packet from one of the host interface

Fixes a bug in 7f77917c0effe92d5fed52503bceddabcb4667ba.

Fixes #23001.

(cherry picked from commit 239adf03846ae2174d7db9a243a6eda4c2e2f165)
(cherry picked from commit 9f689fda5474c464b0ac63dc7a821ba1e34736bc)

sd-event: make inotify event work after the process is forked

(cherry picked from commit fbae50904fdd906137c3d1a50b340ce011a3969f)
(cherry picked from commit e3d57bc3019cbb1d483ef2ef20b8ef957ed7c0fd)

sd-event: do not kill a child process from another child

(cherry picked from commit 86587c93b01ffa14ffdfff3cdf5ba0bfb555d839)
(cherry picked from commit a5fc32fa34f99d5854fb7810ea6096096896790a)

sd-event: do not update signal fd after PID is changed

Otherwise, child event source will not work after the process is forked
and the event source is unref()ed on the child process.

(cherry picked from commit 01e6af737494c9790edcc5521ea8c668565b797f)
(cherry picked from commit c36ab05b4f5b196091a2e1518f19e5800897e576)

sd-event: set pid to event source after all setup processes finished

Otherwise, the assertion in source_disconnect() may be triggered,

(cherry picked from commit 54988a27b9d1487e1690f94b79031ef61edd6651)
(cherry picked from commit e006b56c187facfd6cd5ca3979c4088159d551f1)

sd-event: rebreak comments

(cherry picked from commit 91c700713fef9af5b9f719e7968d7ce35c3e8f37)
(cherry picked from commit d2e3b5a84103f423d36b642c62b9681a6ce7e18b)

hwdb: fix parsing options

Fixes #22976.

(cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c)
(cherry picked from commit df6253cbda3e5d1b3c694de223cb7899f3aecc74)

core: command argument can be longer than PATH_MAX

Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4.

Fixes #22957.

(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e)
(cherry picked from commit 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd)

analyze: fix offline check for syscal filter

The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good

Fixes https://github.com/systemd/systemd/issues/22914

(cherry picked from commit dd51e725df9aec2847482131ef601e0215b371a0)
(cherry picked from commit b5dfdf0301c5042a6882fe03cb167968ba8e3ee5)

missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing

MOVE_MOUNT_T_EMPTY_PATH has been added to systemd 250 by [1]
but it's defined in kernel headers since version 5.2.

[1] c7bf079bbc19e3b409acc0c7acc3e14749211fe2

(cherry picked from commit 608c3b0293cac3cbb037b2d15c0a0f1e247eb71e)
(cherry picked from commit 72d0c6b171ebe81fee15af4c996ae62ac67f3b2d)

journal-remote: refuse to specify --trust option when gnutls is disabled

and check_permission() should not be called in that case.

Replaces #22847.

(cherry picked from commit f7adeaeb897f6d24c50250e2d5fdc9797964b81e)
(cherry picked from commit bba396d78ce4752b7446c014b5dfe9a521c870e0)

calendarspec: fix possibly skips next elapse

If the time unit changes after adding the repetition value, the
timer may skip the next elapse. This patch reset sub time units
to minimum value when upper unit is changed.

Fixes #22665.

(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c)
(cherry picked from commit 8d4c0d2383e72f30753bf33f206387bc03879ff8)

macro: account for negative values in DECIMAL_STR_WIDTH()

With negative numbers we wouldn't account for the minus sign, thus
returning a string with one character too short, triggering buffer
overflows in certain situations.

(cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d)
(cherry picked from commit 25b3c48ec5203a1220daaf33b8df6e50e79fd74a)

Add AV production controllers to hwdb and add uaccess

This adds support for AV production controller devices, such
as DJ tables, music-oriented key pads, and others.

The USB vendor and product IDs come from Mixxx, Ctlra, and
Ardour.

Fixes #20533

Co-developed-by: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
(cherry picked from commit f2c36c0e2445fa95ba109017d4b768b2fd825c43)
(cherry picked from commit 18c0096ec29c04f9be2aa05c5ffa9e88be8e0a39)

hwdb: Tag IR cameras as such

So that front-ends can ignore them if they wish to.

See https://gitlab.gnome.org/GNOME/cheese/-/merge_requests/4

(cherry picked from commit e78e11d8c59727aee2e6f03ce413ee73193e1937)

hwdb: Permit unsetting power/persist for USB devices

The USB persist feature allows devices that can retain their state when
powered down to work across suspend/resume. This is in particular useful
for USB drives.

However, the persist feature can get in the way for devices that are
unable to retain their state when power is lost. An example of such
stateful devices are fingerprint readers where USB persist should be
disabled to ensure userspace can detect whether the USB device had a
power loss during system suspend.

This will initially be used by the libfprint autosuspend hwdb.

Closes: #20754
(cherry picked from commit bd37360a210603cb2c27feb7602008c71ca2ab67)

hwdb: Allow console users access to rfkill

This rule has been shipped in Fedora's gnome-bluetooth package for 10
years and is used by the gnome-settings-daemon rfkill plugin (used by
gnome-bluetooth, gnome-shell, and gnome-control-center) to monitor
and change software rfkill switch settings.

(cherry picked from commit 213455e26a6e7fc7a84749474fe906c2a145babe)

hwdb: Allow end-users root-less access to USB analyzers

Procotol analyzers are external devices used to capture traffic over a
wire so that it could be analysed. End-users at the console should be
able to access those devices without requiring root access.

This change obsoletes the need to install Total Phase's "Linux drivers",
which are really just udev rules and hotplug usermap files to do that:
https://www.totalphase.com/products/usb-drivers-linux/

(cherry picked from commit 9e2dbfef479060ed850ccdd9cd82d3f0cda2b5c0)

pid1,cgroup-show: ignore -EOPNOTSUPP in cg_read_pid()

The function is called in recursion, and cgroup.procs in some subcgroups
may not be read.

Fixes #22089.

(cherry picked from commit 1fb50408ce23e67e0be94ead69c891d26b4823e2)
(cherry picked from commit 1b003bbc806198dbdd57b405d968f30565495e70)

stdio-bridge: make the error more straightforward

(cherry picked from commit a80f17844ef1d7c622d17cb4b41eb337d438fffb)
(cherry picked from commit 7fc41274e6720c655b68f0266a5d9168e5b1980a)

kernel-install: also remove modules.builtin.alias.bin

Fixes RHBZ#2016630.

(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca)
(cherry picked from commit fdcb1bf67371615f12c4b11283f2bd6a25bda019)

journal-file: if we are going down, don't use event loop to schedule post

The event loop is already shutting down, hence no point in using it
anymore, it's not going to run any further iteration.

(cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89)
(cherry picked from commit 6253eb576cdde2230b75f84532f745b4409f71ad)

journald: make sure SIGTERM handling doesn't get starved out

Fixes: #22642
(cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52)
(cherry picked from commit c901bc8680d1835737de116f2bf1f522bdb083c2)

network: s/confiured/configured/

A quick typo fix I noticed whilst debugging.

(cherry picked from commit e3d1ffcc48dfc72b44f4b63ebe25256698b23958)
(cherry picked from commit 037160fc69b9490f37c917b76befecdf233b77b8)

wait-online: make manager_link_is_online() return 0 when in unmanaged state

Previously, even if a link is in unmanaged state, the function may
returns positive value. So, even if all managed links are in the configured
sate but do not satisfy the online criteria, e.g., IPv4 address state,
then wait-online finishes with positive value.

This makes the function always return 0 for unmanaged state. So, at
least one managed link must satisfies the online criteria.

This also adds more comments and debugging logs.

Fixes #22246.

(cherry picked from commit cd7fcda54333dc95116a434cffc591f21edddbb2)
(cherry picked from commit 056fcd4e318aa664bd36950bf6c2dae4647c96c7)

wait-online: rename Manager elements

(cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd)
(cherry picked from commit 397ede8dcd29f35350c015f1d945e50c88476a93)

test-network: check if actually alternative name is set

Fixes #21404.

(cherry picked from commit b36caceb889b2614b09bb96d839b216ee60dc3f7)

memory-id: Work-around incorrect "Number of slots"

In some BIOSes, the "Number of slots or sockets available for Memory
Devices in this array" is incorrectly set to the number of memory array
that's populated.

Work-around this problem by outputting the number of sockets after
having parsed them so that consumers of this data can carry on expecting
an accurate number in this property.

This fixes the number of memory slots advertised for the HP Z600.

See https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1686

(cherry picked from commit d48bf01636d322443f69845da2f40bea70317c92)
(cherry picked from commit 1072a9382b94bacd76decd9cb0ae601ef48e9939)

TEST-29: do not pass -q to mk/unsquashfs, not supported on CentOS 8

(cherry picked from commit 963c560a2939c79ba9896280cb5660fea64c94cf)
(cherry picked from commit 042bf8d0e6caa31579d92b3a6d0b0d8bedb0889a)

portable: add return parameter to GetImageMetadataWithExtensions

The complaint was that the output array was used for two kinds of data, and the
input flag decided whether this extra data should be included. The flag is
removed, and instead the old method is changed to include the data always as
a separate parameter.

This breaks backward compatibility, but the old method is effectively broken
and does not appear to be used yet, at least in open source code, by
searching on codesearch.debian.net and github.com.

Fixes #22404.

Co-authored-by: Luca Boccassi <bluca@debian.org>
(cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3)
(cherry picked from commit 00b5aa8d741ad17f6b8f5f03d901b038e3a27d04)

portable: inline one variable declaration

(cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0)
(cherry picked from commit 06d466a05c69e39058f109700c8a6c10bd4c2c89)

portablectl: reorder if branches to match previous conditional in the same function

One is a ternary op, the other an normal conditional, but they should still use
the same order of branches.

(cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf)
(cherry picked from commit 7856dc310906cb8b09d27b7175b322129bd619b6)

TEST-29: trim output a bit

IIUC, pipefail doesn't matter for a sequence of commands joined with &&, and we
don't have any pipes. And such a failing expression also does not trigger an
exit, so the set +e/set -e were noops.

(cherry picked from commit 13391986b50e76cc58744c44ccb8124e48fd3c3d)
(cherry picked from commit 931d00d350c1313076b57ed7d28021659575b885)

portable: add flag to return extension-releases in GetImageMetadataWithExtensions

Return the name of each extension and the associated extension-release
file, and pretty-print them in 'portablectl inspect', if a new flag
is passed.

$ portablectl inspect --extension app2 --extension app0  minimal app0 app1
(Matching unit files with prefixes 'app0', 'app1'.)
Image:
        /run/portables/minimal.raw
Portable Service:
        n/a
Operating System:
        Debian GNU/Linux 10 (buster)
Extension:
        /run/portables/app2.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Extension:
        /run/portables/app0.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Unit files:
        app0.service

(cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e)
(cherry picked from commit a87fdd2af22128bce621508315ed5126a8d11f45)

test: rename service used in TEST-29-PORTABLE to avoid conflict

There's an app0.service in the extension app0.raw, so don't use the same
name for a unit in minimal.raw

(cherry picked from commit d76f0de746f4ee7c9014f42b531ba0449b834214)

test: use a less restrictive portable profile when running w/ sanitizers

Since f833df3 we now actually use the seccomp rules defined in portable
profiles. However, the default one is too restrictive for sanitizers, as
it blocks certain syscall required by LSan. Mitigate this by using the
'trusted' profile when running TEST-29-PORTABLE under sanitizers.

portable: move profile search helper to path-lookup

Will be used in systemd-analyze later

(cherry picked from commit 13c02e7bd54e4420c392bd76c0fcf1846c10f99c)

portabled: refactor extraction/validation into a common helper

(cherry picked from commit 9ff61565be1efe5cc962964cde1af2278e554e9e)

portabled: validate SYSEXT_LEVEL when attaching

When attaching a portable service with extensions, immediately validate
that the os-release and extension-release metadata values match, rather
than letting it fail when the units are started

(cherry picked from commit 239ac0c7f72c30cab2e84d395d064c3b7384ff84)

portabled: error out if there are no units only after parsing all images

It's ok if the OS image doesn't have matching units, if we find them
in the extensions. Tidies up the parsing logic a bit.

(cherry picked from commit 7bf5ec4538cd4c77979dd9d09d9e9429a0a3535c)

dissect-image: add extension-specific validation flag

Allows callers to specify which image type they are looking for

(cherry picked from commit 9ccb531a5f99a7f399f352e79079188957f5a170)

journalctl: advertise --header a bit more

Fixes #2738.

(cherry picked from commit 367a5e8a67bbc2b5e03ca1a3e5a601ef49b5bd2a)
(cherry picked from commit 7302937a08dcc33186eaf4bc3e7bc58af4979ffe)

man: describe UNIT=/USER_UNIT=

Fixes 17538.

(cherry picked from commit c1d1742a7f6a65f60dce1a4f22a22d443493757c)
(cherry picked from commit f1928ef819f4e9537c6e52e83f961eb2660e92e7)

man: tweak description of auto/noauto

I think the current behaviour is stupid: 'x-systemd.automount,noauto' should
mean that we create the units, but don't add .mount or .automount to any targets.
Instead, we completely ignore 'noauto'. But let's at least describe the
implementation.

Text suggested by dpartrid in the bug.

Fixes #21040.

(cherry picked from commit 55fabe92e2efb1a907d4c3c93dc63b96ff5b6860)
(cherry picked from commit 6802c4dc8aa31fb07980d5479800b10c488192f1)

man: describe capability checks on the bus

A description of SD_BUS_VTABLE_CAPABILITY is added, and the discussion
on SD_BUS_VTABLE_UNPRIVILEGED in expanded. I think it would be nice
to add longer description of how access is checked (maybe in sd-bus(3)),
but I'm leaving that for later. I think the text that was added here
describes everything, even if tersely.

Fixes #21882.

(cherry picked from commit b4e7d7555e6266ff566a17eb5f616b365771028f)
(cherry picked from commit dd5ddebef57fb07273e1920d5d6337909ae2f0e2)

man: fix formatting of macros in sd_bus_add_object

docbook would convert the newline to a space before the first argument:
SD_BUS_METHOD_WITH_ARGS( member, args, result, handler)

And we need each item in a separate <para>, otherwise they'll all be in
one line.

(cherry picked from commit 3c080282e928a7edfcdb74feb2139ef1ac6f2ad0)
(cherry picked from commit 8e4c2215851c59eecda513b48820049656192231)

man: say that we ignore ignored options

Fixes #22057.

(cherry picked from commit 382586894b9c09974aa734a1f77d3f6f69126d76)
(cherry picked from commit 61c143b08c802b069543d938ef85f425ad9ba402)

man: drop outdated info about polkit in pid1

Fixes #22648.

(cherry picked from commit 46d362f406e1a75fc8f924b9b16d5d352be6d081)
(cherry picked from commit b634a0a6157f84a292f279a83cc8b1a2f283db10)

devnode-acl: use _cleanup_ to free acl_t

(cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe)
(cherry picked from commit 543c73300e3b9298e5316555bf4df6ff7dfc210f)

core: check size before mmap

The data type off_t can be 64 on 32 bit systems if they have large
file support. Since mmap expects a size_t with 32 bits as second
argument truncation could occur. At worst these huge files could
lead to mmaps smaller than the previous check for small files.

This in turn shouldn't have a lot of impact because mmap allocates
at page size boundaries. This also made the PAGE_ALIGN call in
open_mmap unneeded. In fact it was neither in sync with other mmap
calls nor with its own munmap counterpart in error path.

If such large files are encountered, which is very unlikely in these
code paths, treat them with the same error as if they are too small.

(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7)
(cherry picked from commit 6b37adf4a16c8f7e917dfd9f19dab259cda878b2)

file-hierarchy: Document /sys/fs/cgroup

file-hierarchy does not mention anything about the expected mountpoint
for cgroups. This may lead some software to believe it will need to
search for it (e.g. by scanning mountinfo) rather than just looking in
the canonical location.

Document the canonical mountpoint as /sys/fs/cgroup. Also provide
information on the non-default configurations, but
make it clear that in such configurations if cgroup2 is mounted (hybrid
mode) it won't have resource controllers attached. This will help
software know if it should fall back to /sys/fs/cgroup/unified or just
ignore that case.

(cherry picked from commit c8aeb9d672fac7ac2d1e350431b7b4e734b90a5d)
(cherry picked from commit 3dc6881d87ddf2451a8671a2c3d97642ca340ca4)

man: recommend built-in platform.freedesktop_os_release() in our page

Python gained support for reading os-release, let's advertise it a bit more.
Our open-coded example is still useful, but let's not suggest it as the
default implementation.

I added quotes around the printed string because it looks a bit better
this way.

(cherry picked from commit ee6fd6a50922d2b27c97084e1c3f9872d495c273)
(cherry picked from commit d4dd289f821d29415f0057266da48f184a51bb1c)

mkosi: Remove Arch nspawn workaround

This has been fixed so the workaround can be removed.

(cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d)
(cherry picked from commit f0cc6d2f99b2510c57fa36ad7f28cc42c0b724b3)

meson: Drop required libfdisk version to 2.32

We initially pinned this to 2.33 in
e71f5585b9b0580428f9530d0a485265c9c25165 because libfdisk 2.32 in
CentOS 8 didn't have
https://github.com/karelzak/util-linux/commit/2f35c1ead621f42f32f7777232568cb03185b473
backported.

If we check now, we can see it has been backported
(https://git.centos.org/rpms/util-linux/blob/c8s/f/SOURCES/0048-libfdisk-count-gaps-to-possible-size-when-resize.patch)
which means we can drop the required version to 2.32 instead of 2.33.

(cherry picked from commit baec7d782b07414f0c13ba3a0b0b526973e04923)
(cherry picked from commit e517b37922df332f2c3224de15e2a094177bf864)

udev-builtin-input_id: don't label absolute mice as pointing sticks

The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device
with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin
to incorrectly label it as pointing stick (all i2c mice are
tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4).

Fix this by adding a separate variable for absolute pointing
devices like the VMmouse USB mouse or this Getac tablet - this way we
skip the pointing stick check.

See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743
for recordings.

(cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1)
(cherry picked from commit ea5701eb64ff40f915567ae4088ffb7efc0f4155)

man: adjust command for Fedora installations

glibc now has Suggests:glibc-minimal-langpack, so we don't
need to mention it ourselves.

--repo=… is a nicer alternative to --disablerepo=* --enablerepo=….
It also avoids the issue with quoting.

Let's exclude weak deps, but install systemd-networkd, so the container
can configure networking if necessary.

(cherry picked from commit 8c4db5629c877425b2f46e414a94a8f24280a9d3)
(cherry picked from commit c1cdb13193e6a95de2d89f8c0e080333c4110321)

journal-send: close fd on exit when running with valgrind

Fixes an issue reported in #22576.

(cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6)
(cherry picked from commit a7ec2be1509372974f44f1d98bf243a155cd203f)

test-journal-send: close fd opend by syslog()

Fixes an issue reported in #22576.

(cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1)
(cherry picked from commit 4d24a369908f9915757632fa196deda14c172f9e)

unit: escape %

Fixes #22601.

(cherry picked from commit 6e4d122ad1db11ca898de183f898f731c4839d4a)
(cherry picked from commit 02bebaef30bcb155c508a341b47ee5bcbb432bea)

clang-format: we actually typically use 16ch continuation indentation

We use 8 for blocks, and 16 for continuation in most cases afaics, hence
say so in .clang-format too

(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85)
(cherry picked from commit 4a90c12f4f09f23e071e649422754f04eda6d273)

test: fix file descriptor leak in test-psi-util

Fixes an issue reported in #22576.

(cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0)
(cherry picked from commit 81d3e2abff5f4234e06ceb6590d0c9939d8d97b4)

test: fix file descriptor leak in test-tmpfiles.c

Also fixes a typo in assertion.

Fixes an issure reported in #22576.

(cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff)
(cherry picked from commit d9189c31117e159f7bae9233863aa88a02159e14)

test: fix file descriptor leak in test-fs-util

Fixes an issue reported in #22576.

(cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a)
(cherry picked from commit cfe1cd0a066b29e5508b4a2c388fd919fd5e0c9f)

test: fix file descriptor leak in test-oomd-util

Fixes an issue reported in #22576.

(cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba)
(cherry picked from commit 55ec995341e6a2d554bc69a1eddb097d21d8084f)

test: fix file descriptor leak in test-catalog

Fixes an issue reported in #22576.

(cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b)
(cherry picked from commit 92b86911c0c877e6b61d06dfe3ad20046e10d8e8)

test-oomd-util: fix conditional jump on uninitialised value

Fixes #22577.

(cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57)
(cherry picked from commit b10cc2de7dc6ac8d7d72d576100dd3a37ddb588a)

test-oomd-util: style fixlets

(cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f)
(cherry picked from commit 1343c2efd5401aa52f7790fff4ad7e2d70173f01)

core: really skip automatic restart when a JOB_STOP job is pending

It's not clear why we rescheduled a service auto restart while a stop job for
the unit was pending. The comment claims that the unit shouldn't be restarted
but the code did reschedule an auto restart meanwhile.

In practice that was rarely an issue because the service waited for the next
auto restart to be rescheduled, letting the queued stop job to be proceed and
service_stop() to be called preventing the next restart to complete.

However when RestartSec=0, the timer expired right away making PID1 to
reschedule the unit again, making the timer expired right away... and so
on. This busy loop prevented PID1 to handle any queued jobs (and hence giving
no chance to the start rate limiting to trigger), which made the busy loop last
forever.

This patch breaks this loop by skipping the reschedule of the unit auto restart
and hence not depending on the value of u->restart_usec anymore.

Fixes: #13667
(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332)
(cherry picked from commit 2198c08d0786c5cec1b39283831969b2cc1adf40)

systemctl: make `--timestamp=` affect the `show` verb as well

Currently the `--timestamp=` option has no effect on timestamps shown by
`systemctl show`, let's fix that.

Spotted in #22567.

Before:
```
$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp=
ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET
StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
ConditionTimestamp=Sat 2021-12-11 15:25:57 CET
AssertTimestamp=Sat 2021-12-11 15:25:57 CET
```

After:
```
$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp=
ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC
StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC
InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC
ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC
ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC
InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC
ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC
AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC

```

(cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca)
(cherry picked from commit e59c381e2321ae9e476c550d5a3d43a1fd0493ac)

pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon

There's currently a deadlock between PID 1 and dbus-daemon: in some
cases dbus-daemon will do NSS lookups (which are blocking) at the same
time PID 1 synchronously blocks on some call to dbus-daemon. Let's break
that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon,
which will disable synchronously blocking varlink calls from nss-systemd
to PID 1.

In the long run we should fix this differently: remove all synchronous
calls to dbus-daemon from PID 1. This is not trivial however: so far we
had the rule that synchronous calls from PID 1 to the dbus broker are OK
as long as they only go to interfaces implemented by the broke itself
rather than services reachable through it. Given that the relationship
between PID 1 and dbus is kinda special anyway, this was considered
acceptable for the sake of simplicity, since we quite often need
metadata about bus peers from the broker, and the asynchronous logic
would substantially complicate even the simplest method handlers.

This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS=
(which is a similar hack to deal with deadlocks between nss-systemd and
dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code
was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to
solve a similar problem, hence it's an obvious piece of code to rework
like this.

Issue originally tracked down by Lukas Märdian. This patch is inspired
and closely based on his patch:

https://github.com/systemd/systemd/pull/22038

Fixes: #15316
Co-authored-by: Lukas Märdian <slyon@ubuntu.com>
(cherry picked from commit de90700f36f2126528f7ce92df0b5b5d5e277558)
(cherry picked from commit 367041af816d48d4852140f98fd0ba78ed83f9e4)

docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it

It was removed back in 1684c56f40f020e685e70b3d1785d596ff16f892

Follow-up for: 1684c56f40f020e685e70b3d1785d596ff16f892

(cherry picked from commit cec16155e3dab4f123ba073223477a4ef2cf10f9)
(cherry picked from commit 4ec9aec4b695e1f0a26dc9cd55719c2f91ebdd6a)

pid1: lookup owning PID of BusName= name of services asynchronously

A first step of removing blocking calls to the D-Bus broker from PID 1.
There's a lot more to got (i.e. grep src/core/ for sd_bus_creds
basically), but it's a start.

Removing blocking calls to D-Bus broker deals systematicallly with
deadlocks caused by dbus-daemon blocking on synchronous IPC calls back
to PID1 (e.g. Varlink calls through nss-systemd). Bugs such as #15316.

Also-see: https://github.com/systemd/systemd/pull/22038#issuecomment-1042958390
(cherry picked from commit e39eb045a502d599e6cd3fda7a46020dd438d018)
(cherry picked from commit cf390149cb25248169c482e315a1a7ff02eaf956)

pid1: watch bus name always when we have it

Previously we'd only watch configured service bus names if Type=dbus was
set. Let's also watch it for other types. This is useful to pick up the
main PID of such a service. In fact the code to pick it up was already
in place, alas it didn't do anything given the signal was never received
for it. Fix that.

(It's also useful for debugging)

(cherry picked from commit 1e8b312e5a22538f91defb89cf2997e09e106297)
(cherry picked from commit a51e540b278827c0fc59760b9c77cd42cbddc0d2)

resolve: synthesize empty domain only when A and/or AAAA key is requested

Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231).

Before this commit.
---
$ dig -t SRV '.'

; <<>> DiG 9.16.24-RH <<>> -t SRV .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;. IN SRV

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Feb 04 12:01:09 JST 2022
;; MSG SIZE rcvd: 28
---

After this commit.
---
$ dig -t SRV '.'

; <<>> DiG 9.16.24-RH <<>> -t SRV .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;. IN SRV

;; AUTHORITY SECTION:
. 86394 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400

;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Feb 04 12:00:12 JST 2022
;; MSG SIZE rcvd: 103
---

Fixes #22401.

(cherry picked from commit 30fa3aa1fa56d9a1a4f3a26c0bc02253d44dfa0f)
(cherry picked from commit d57147ef5698c50e02e5e74df8d0936230032cfe)

resolve: make dns_scope_good_domain() take DnsQuery*

(cherry picked from commit 176a9a2cca47f7c1553d96f7dd51c2193a269dbc)
(cherry picked from commit 54ab65f5f3da22985126dc3ae846a777d6b555a9)

resolve: drop never matched condition

As dns_scope_good_domain() does not return negative errno.

(cherry picked from commit 830f50ab1e03fa7ee262876ed42023d10e89688d)
(cherry picked from commit 499115dbc3408f9a85160099e114bbaf0bacfe84)

resolve: synthesize null address, IPv4 broadcast address, or invalid domain

These are filtered in `dns_scope_good_domain()`, but not synthesized.

Fixes #22229.

(cherry picked from commit 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c)
(cherry picked from commit 89b439ee00e3fbee47cda3f790cbf320538cae7f)

resolve: synthesize empty name

Do not return any error for empty name. Just returns empty answer.

Before:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 05:49:30 JST 2022
;; MSG SIZE rcvd: 28
---

After:
---
$ dig .

; <<>> DiG 9.16.24-RH <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 24 06:05:02 JST 2022
;; MSG SIZE rcvd: 28
---

Replaces #22197.

Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854).

(cherry picked from commit 3b2ac14ac45bef01cf489c3231b868936866444b)
(cherry picked from commit 0fd3ccca64402eaec9535d0288d888f7fcacb9b8)

dns-domain: re-introduce dns_name_is_empty()

(cherry picked from commit 7bdf41983044268b4bc2f9d34462db7f89ba284a)
(cherry picked from commit df08c12062dfd9903edec371598412a47a3055e0)

packit: drop unnumbered patches as well

(cherry picked from commit 729c6b6af8e3cef259b80746f7f7f10cc63d309f)
(cherry picked from commit 477b85f43871c78fce053ebbd9592bf71d49dd30)

sd-dhcp-server: rename server_send_nak() -> server_send_nak_or_ignore()

And logs error in the function.

(cherry picked from commit eb5bff9c9de2bd218f5ac431e3aead4b5747ecd9)
(cherry picked from commit 7f36fb25d5c6681dbabb067a9fb083bfad37a804)

tree-wide: mark set-but-not-used variables as unused to make LLVM happy

LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which
trips over some intentionally set-but-not-used variables or variables
attached to cleanup handlers with side effects (`_cleanup_umask_`,
`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.):

```
../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable]
        _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL;
                                                     ^
                                                     1 error generated.
```

(cherry picked from commit d7ac09520be8f0d3d94df3dd4fd8a6e7404c0174)

ci: fix clang-13 installation

For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...

```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found

$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'llvm-13' has no installation candidate
```

(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077)
(cherry picked from commit fa6e263273905cfc9e4528e8175ace3d19d881e3)

ci: replace apt-key with signed-by

to limit the scope of the key to apt.llvm.org only.

This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/

(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da)
(cherry picked from commit c92297a20c13b7e15b0026b1f36ebe99d86cfce8)

resolve: add reference of the original bus message to the aux queries

Otherwise, the error in aux queries cannot be replied.

Fixes #22477.

(cherry picked from commit 08275791d85a1852e79951212f6cbbc727db789a)
(cherry picked from commit 919d398668d2baa1873e61f7f502fac910a9d606)

resolve: refuse AF_UNSPEC when resolving address

Fixes #22480.

(cherry picked from commit 0234f0c0531682e7f28a4ef51852c102c6e97267)
(cherry picked from commit 084c88983eaecbf23e113db5a7ee11f94b60472b)

ci: use the system llvm-11 package on Focal

ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
provided by the apt.llvm.org repositories. Let's use the system
llvm package if available in such cases to avoid that.

(cherry picked from commit 1c71302f70c7d0712d49b5214f5f29b4d6a2c73e)

packit: build on and use Fedora 35 spec file

It's targeted to the v249 branch, while the rawhide one follows
the newest upstream release, and the command line options are not
compatible

Partially revert "sd-dhcp-server: refuse too large packet to send"

This test fails on this branch:

949/1228 fuzz-dhcp-server-relay-message_clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824_address,undefined FAIL 0.00s (exit status 127)12:43
--- command ---12:43
01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-497239973127782412:43
--- stderr ---12:43
/usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined’: No such file or directory

This partially reverts commit 76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c.

(cherry picked from commit e69b2a3a69d472e887633162111ed2a45f317eb9)

Revert "tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains"

The test fails on this branch:

948/1228 fuzz-dhcp-client_minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a_address,undefined FAIL 0.00s (exit status 127)12:43
--- command ---12:43
01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a12:43
--- stderr ---12:43
/usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined’: No such file or directory

This reverts commit 87728a590ad82391e76a275024c9039625ff2b67.

(cherry picked from commit 2614461383b344041b397870fb3662c79f2a7b75)

sd-device: silence gcc warning with newest gcc

(cherry picked from commit 376ee2c312b87951028a0adff96b1052f32475fa)
(cherry picked from commit 18aff8c85720606e05826045b6799d19a7dcf08a)

packit: remove unsupported -Dcryptolib=openssl option

Introduced later, so it breaks the build on v249-stable

sd-bus: allow numerical uids in -M user@.host

UIDs don't work well over ssh, but locally or with containers they are OK.
In particular, user@.service uses UIDs as identifiers, and it's nice to be
able to copy&paste that UID for interaction with the user's managers.

(cherry picked from commit 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6)

sd-bus: print debugging information if bus_container_connect_socket() fails

We would return the errno, but there are many steps, and without some
debugging info it's hard to figure out what exactly failed.

(cherry picked from commit 0c201ca945c64e97ba4961ded13ce38a63200468)

sd-bus: print quoted commandline when in bus_socket_exec()

The arguments are where the interesting part is:
src/libsystemd/sd-bus/bus-socket.c:965: sd-bus: starting bus with systemd-run...
↓
src/libsystemd/sd-bus/bus-socket.c:972: sd-bus: starting bus with systemd-run -M.host -PGq --wait -pUser=1000 -pPAMName=login systemd-stdio-bridge "-punix:path=\${XDG_RUNTIME_DIR}/bus"

(cherry picked from commit 87fa2e21dd7a30d25ccda2df6b8446a82637b059)

core: use the new quoting helper

(cherry picked from commit 8a62620ebe23945021075df7e1b0759102c286ae)

basic/escape: add helper for quoting command lines

(cherry picked from commit eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19)

test-network: add missing tests for bridge properties

(cherry picked from commit b6d5dab7bbb8ecf4ce1229840085daa15ab4cf57)
(cherry picked from commit ab30fe12edf4b859d38f4c5726b3eaa71aa5b3f7)