Luca Boccassi [Tue, 15 Feb 2022 01:21:01 +0000 (01:21 +0000)]
packit: build on and use Fedora 35 spec file
It's targeted to the v249 branch, while the rawhide one follows
the newest upstream release, and the command line options are not
compatible
Luca Boccassi [Tue, 15 Feb 2022 10:21:49 +0000 (10:21 +0000)]
Partially revert "sd-dhcp-server: refuse too large packet to send"
This test fails on this branch:
949/1228 fuzz-dhcp-server-relay-message_clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824_address,undefined FAIL 0.00s (exit status 127)12:43
--- command ---12:43
01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-
497239973127782412:43
--- stderr ---12:43
/usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined’: No such file or directory
This partially reverts commit
76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c.
(cherry picked from commit
e69b2a3a69d472e887633162111ed2a45f317eb9)
Luca Boccassi [Tue, 15 Feb 2022 10:20:34 +0000 (10:20 +0000)]
Revert "tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains"
The test fails on this branch:
948/1228 fuzz-dhcp-client_minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a_address,undefined FAIL 0.00s (exit status 127)12:43
--- command ---12:43
01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-client/minimized-from-
555a2b073b8d208655b68c294f8dfd592a11e50a12:43
--- stderr ---12:43
/usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined’: No such file or directory
This reverts commit
87728a590ad82391e76a275024c9039625ff2b67.
(cherry picked from commit
2614461383b344041b397870fb3662c79f2a7b75)
Zbigniew Jędrzejewski-Szmek [Sat, 15 Jan 2022 12:38:30 +0000 (13:38 +0100)]
sd-device: silence gcc warning with newest gcc
(cherry picked from commit
376ee2c312b87951028a0adff96b1052f32475fa)
(cherry picked from commit
18aff8c85720606e05826045b6799d19a7dcf08a)
Luca Boccassi [Tue, 15 Feb 2022 01:21:01 +0000 (01:21 +0000)]
packit: remove unsupported -Dcryptolib=openssl option
Introduced later, so it breaks the build on v249-stable
Zbigniew Jędrzejewski-Szmek [Wed, 7 Jul 2021 16:02:50 +0000 (18:02 +0200)]
sd-bus: allow numerical uids in -M user@.host
UIDs don't work well over ssh, but locally or with containers they are OK.
In particular, user@.service uses UIDs as identifiers, and it's nice to be
able to copy&paste that UID for interaction with the user's managers.
(cherry picked from commit
2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6)
Zbigniew Jędrzejewski-Szmek [Wed, 7 Jul 2021 16:01:03 +0000 (18:01 +0200)]
sd-bus: print debugging information if bus_container_connect_socket() fails
We would return the errno, but there are many steps, and without some
debugging info it's hard to figure out what exactly failed.
(cherry picked from commit
0c201ca945c64e97ba4961ded13ce38a63200468)
Zbigniew Jędrzejewski-Szmek [Wed, 7 Jul 2021 14:36:49 +0000 (16:36 +0200)]
sd-bus: print quoted commandline when in bus_socket_exec()
The arguments are where the interesting part is:
src/libsystemd/sd-bus/bus-socket.c:965: sd-bus: starting bus with systemd-run...
↓
src/libsystemd/sd-bus/bus-socket.c:972: sd-bus: starting bus with systemd-run -M.host -PGq --wait -pUser=1000 -pPAMName=login systemd-stdio-bridge "-punix:path=\${XDG_RUNTIME_DIR}/bus"
(cherry picked from commit
87fa2e21dd7a30d25ccda2df6b8446a82637b059)
Zbigniew Jędrzejewski-Szmek [Wed, 7 Jul 2021 14:28:19 +0000 (16:28 +0200)]
core: use the new quoting helper
(cherry picked from commit
8a62620ebe23945021075df7e1b0759102c286ae)
Zbigniew Jędrzejewski-Szmek [Wed, 7 Jul 2021 14:27:51 +0000 (16:27 +0200)]
basic/escape: add helper for quoting command lines
(cherry picked from commit
eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19)
Yu Watanabe [Thu, 10 Feb 2022 09:04:34 +0000 (18:04 +0900)]
test-network: add missing tests for bridge properties
(cherry picked from commit
b6d5dab7bbb8ecf4ce1229840085daa15ab4cf57)
(cherry picked from commit
ab30fe12edf4b859d38f4c5726b3eaa71aa5b3f7)
Yu Watanabe [Thu, 10 Feb 2022 08:47:14 +0000 (17:47 +0900)]
network: bridge: fix endian of vlan protocol
Fixes #22469.
(cherry picked from commit
6eb35be8e0fa5f1f00dddd558cf4dc3642d9e53e)
(cherry picked from commit
514a4c051ce6cceaa5417a2044e708bd5105131d)
Yu Watanabe [Sat, 5 Feb 2022 13:04:42 +0000 (22:04 +0900)]
resolve: use _cleanup_ attribute for freeing DnsQuery
(cherry picked from commit
c704288c473fa08820566fdb16c38726d24db026)
(cherry picked from commit
0533d1aab61b6a797d07c4c861acf5e87f8191e8)
Yu Watanabe [Sat, 5 Feb 2022 13:03:19 +0000 (22:03 +0900)]
resolve: fix possible memleak
Fortunately, unlike the issue fixed in the previous commit, the memleak
should be superficial and not become apparent, as the queries handled
here are managed by the stub stream, and will be freed when the stream
is closed.
Just for safety, and slightly reducing the runtime memory usage by the
stub stream.
(cherry picked from commit
fe8c5ce615ee2123f17b1f0b3728c439e19e4b5b)
(cherry picked from commit
4dbc210124b4303ecadb6cdb28a4a4c821e1150b)
Yu Watanabe [Sat, 5 Feb 2022 12:37:01 +0000 (21:37 +0900)]
resolve: fix potential memleak and use-after-free
When stub stream is closed early, then queries associated to the stream
are freed. Previously, the timer event source for queries may not be
disabled, hence may be triggered with already freed query.
See also dns_stub_stream_complete().
Note that we usually not set NULL or zero when freeing simple objects.
But, here DnsQuery is large and complicated object, and the element may
be referenced in subsequent freeing process in the future. Hence, for
safety, let's set NULL to the pointer.
(cherry picked from commit
73bfd7be042cc63e7649242b377ad494bf74ea4b)
(cherry picked from commit
d82bd80cf4e7659906a502735b20a45964b55a88)
Lennart Poettering [Tue, 1 Feb 2022 11:06:21 +0000 (12:06 +0100)]
util: another set of CVE-2021-4034 assert()s
It's a good idea that we validate argc/argv when we are supposed to
store them away.
(cherry picked from commit
007e03b284e8ffc0b92edb2122cd9d2d16f049ef)
(cherry picked from commit
dcba78244e5dc3a4b57fb978a2d21640164c89a2)
Luca Boccassi [Thu, 27 Jan 2022 14:08:05 +0000 (14:08 +0000)]
test: use mksquashfs -noappend
Makes the setup idempotent, as mksquashfs by default attempts to
append to an existing image
(cherry picked from commit
392d46d7a8f78169ff6b0d2740f82924e6fdc878)
(cherry picked from commit
44c4116557389ad86d5d204e290f8f2c57b7f009)
Yu Watanabe [Wed, 2 Feb 2022 05:05:45 +0000 (14:05 +0900)]
core/mount: fail early if directory cannot be created
Prompted by #22334.
(cherry picked from commit
e4de58c8231e47509ffeb3aa47620ca42f22d7f6)
(cherry picked from commit
1d7e0b68048ba0760f8fdf6a26c7a5017ac38569)
Lennart Poettering [Tue, 1 Feb 2022 17:11:04 +0000 (18:11 +0100)]
units: we need systemd-journald.service from systemd-journal-flush.service
This is a follow-up for
d5ee050ffc9d413253932d9340ade8c8fb111092, and
reintroduces a requirement dep from systemd-journal-flush.service onto
systemd-journald.service, but a weaker one than originally: a Wants= one
instead of a Requires= one.
Why? Simply because the service issues an IPC call to the journald,
hence it should pull it in. (Note that socket activation doesn't happen
for the Varlink socket it uses, hence we should pull in the service
itself.)
(cherry picked from commit
23b1e8d087c9e8c5a2cdcc6a91510a4e7ca8f72f)
(cherry picked from commit
9793254248a51bd2d19399bacb314e541cf2a4a0)
Yu Watanabe [Sun, 30 Jan 2022 20:19:09 +0000 (05:19 +0900)]
sd-dhcp-lease: fix memleak
Fixes https://github.com/systemd/systemd/pull/22294#issuecomment-
1024840811.
(cherry picked from commit
06cf04dff4dd6c69e527913ad137616c23861270)
(cherry picked from commit
ae95ca27bee2bef5bf53002873a254f1a0fe8b81)
Yu Watanabe [Tue, 1 Feb 2022 04:26:40 +0000 (13:26 +0900)]
test-network: set xfrm interface ID
This also unifies two tests for xfrm, and checks the output of
'ip link' command.
Fixes #22329.
(cherry picked from commit
020483b248b45b15eb93d2ae322d7f211c61e44d)
(cherry picked from commit
a5fc827b3a775f8553c95381ed49649beb86c5ea)
Yu Watanabe [Tue, 1 Feb 2022 04:00:51 +0000 (13:00 +0900)]
network: xfrm: refuse zero interface ID
Since kernel 5.17-rc1, 5.16.3, and 5.15.17 (more specifically,
https://github.com/torvalds/linux/commit/
8dce43919566f06e865f7e8949f5c10d8c2493f5)
the kernel refuses to create an xfrm interface with zero ID.
(cherry picked from commit
fd11005951920a0cee96f0c56f36d9ff8bc66a41)
(cherry picked from commit
1ef56ad928df3a8fb45b9dcdf3950035a6f699b7)
Conflicts:
src/network/netdev/xfrm.c
Lennart Poettering [Tue, 1 Feb 2022 12:50:28 +0000 (13:50 +0100)]
execute: document that the 'env' param is input *and* output
(cherry picked from commit
421bb42d1b366c00392ef5bbab6a67412295b6dc)
(cherry picked from commit
c4357f31da66b1917d3612d02c28adb300d4b0c6)
Lennart Poettering [Tue, 1 Feb 2022 12:50:13 +0000 (13:50 +0100)]
execute: line break comments a bit less aggressively
(cherry picked from commit
cafc5ca147cb05b90bd731661d8594c299601f79)
(cherry picked from commit
14567dc93d5c498bfaadd28478f59952f6da320c)
Lennart Poettering [Tue, 1 Feb 2022 12:49:56 +0000 (13:49 +0100)]
execute: use _cleanup_ logic where appropriate
(cherry picked from commit
46e5bbab5895b7137b03453dee08bd1c89c710e9)
(cherry picked from commit
9b2954b79435eaf54be208acdce8026b83bdc249)
Lennart Poettering [Tue, 1 Feb 2022 11:37:51 +0000 (12:37 +0100)]
pid1: pass PAM_DATA_SILENT to pam_end() in child
Fixes: #22318
(cherry picked from commit
7feb2b5737ad110eb3985e8e9d8189f18d1c5147)
(cherry picked from commit
9c560d201527ee064ae11784d6538ae544926181)
Yu Watanabe [Sat, 29 Jan 2022 20:38:35 +0000 (05:38 +0900)]
login: use bus_error_message() at one more place
(cherry picked from commit
80c8c786a314bceba180fac5506e72aa48c0764a)
(cherry picked from commit
048487c094a149e99b4067c8cd2d3974a8f17397)
Yu Watanabe [Sat, 29 Jan 2022 20:38:01 +0000 (05:38 +0900)]
core/unit: use bus_error_message() at one more place
(cherry picked from commit
33322185554799b08e94aca036dd109aaee52408)
(cherry picked from commit
81e59411161078f4f90d80e2e111755adc16db33)
Yu Watanabe [Sat, 29 Jan 2022 20:36:56 +0000 (05:36 +0900)]
bus-util: retrieve bus error from message
The error in argument is not input, but used for output.
(cherry picked from commit
853b94863cf26d084454edd63ce987cc7ab0505a)
(cherry picked from commit
b9e144629bdb7c3d4535fb0a0ad8639140a25034)
Luca Boccassi [Fri, 28 Jan 2022 22:56:10 +0000 (22:56 +0000)]
core: don't fail on EEXIST when creating mount point
systemd[1016]: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory
systemd[1016]: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists
(cherry picked from commit
9d6d4c305ab8d65aab7f546450d7331f760b7259)
(cherry picked from commit
ae8bc570a81e1286eb5b59a77ef179a500b95f9d)
Evgeny Vereshchagin [Sat, 29 Jan 2022 03:16:40 +0000 (03:16 +0000)]
sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
=================================================================
==81071==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c)
#1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13
#2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13
#3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16
#4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21
#5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21
#6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33
#7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13
#8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13
#9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16
#10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379)
#11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f)
#12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade)
#13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86)
#14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
(cherry picked from commit
9591c0a8b3496d0e5cbbfe7c75161ba80089c143)
(cherry picked from commit
7dc0f80588f371a62a56a75bf27eab2c515becf3)
Evgeny Vereshchagin [Sat, 29 Jan 2022 03:18:31 +0000 (03:18 +0000)]
tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains
(cherry picked from commit
998ec39b1d20a40453a3b47f7eb68feacefd65d9)
(cherry picked from commit
ba335f6f40b58ea4050471a5051ceacfbff71f08)
Evgeny Vereshchagin [Sat, 29 Jan 2022 02:08:39 +0000 (02:08 +0000)]
sd-dhcp-lease: fix an infinite loop found by the fuzzer
(cherry picked from commit
86b06c666be8b7afb45541d35aa4d0ecb38056d1)
(cherry picked from commit
426807c54b9500b806eaaf50d32c7c936510706c)
Donald Chan [Fri, 28 Jan 2022 22:53:46 +0000 (22:53 +0000)]
basic: mac_[selinux,smack]_apply_fd does not work when applying labels
Commit
a7fdc6c introduced a regression where file descriptors are opened
using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail
with a -EBADF (Bad file descriptor) error.
Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and
call setxattr() or setfilecon() instead.
Signed-off-by: Donald Chan <hoiho@amazon.com>
(cherry picked from commit
a718364e9d9242cc2111c9860f2ab5bb9bb26db9)
(cherry picked from commit
9f596964f6e403b089450dc083724b48fb4b4bb1)
Yu Watanabe [Fri, 28 Jan 2022 02:53:49 +0000 (11:53 +0900)]
sd-dhcp-server: refuse too large packet to send
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134.
(cherry picked from commit
71df50a9734f7006bc1ac8be59ca81c797b39c35)
(cherry picked from commit
530a18d49361ade6d3f09abb78f8f901753a4cda)
Arfrever Frehtes Taifersar Arahesis [Thu, 27 Jan 2022 00:00:00 +0000 (00:00 +0000)]
logind.conf: Fix name of option: RuntimeDirectoryInodes -> RuntimeDirectoryInodesMax
(cherry picked from commit
a42a93830fcc18da073a5ac06f93c386efc9109d)
(cherry picked from commit
5b20a2b19c847b8ad8b354f1b735fbbaf88d2f8f)
Christian Brauner [Mon, 24 Jan 2022 09:12:57 +0000 (10:12 +0100)]
core/namespace: s/normalize_mounts()/drop_unused_mounts()
Rename the normalize_mounts() helper to drop_unused_mounts. All the
helpers called in there get rid of mounts that are unused for a variety
of reasons. And whereas the helpers are aptly prefixed with "drop" the
overall helper isn't and instead uses "normalize".
Make it more obvious what the helper actually does by renaming it from
normalize_mounts() to drop_unused_mounts(). Readers of code calling this
helper will immediately see that it will get rid of unused mounts.
Link: https://github.com/systemd/systemd/issues/22206
(cherry picked from commit
fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa)
(cherry picked from commit
09936a7ec92c859b3c4c9520ecd49c2909a8b35c)
Christian Brauner [Fri, 21 Jan 2022 12:08:19 +0000 (13:08 +0100)]
core/namespace: allow using ProtectSubset=pid and ProtectHostname=true together
If a service requests both ProtectSubset=pid and ProtectHostname=true
then it will currently fail to start. The ProcSubset=pid option
instructs systemd to mount procfs for the service with subset=pid which
hides all entries other than /proc/<pid>. Consequently trying to
interact with the two files /proc/sys/kernel/{hostname,domainname}
covered by ProtectHostname=true will fail.
Fix this by only performing this check when ProtectSubset=pid is not
requested. Essentially ProtectSubset=pid implies/provides
ProtectHostname=true.
(cherry picked from commit
1361f015773e3b4d74e382edf1565f3315a3396b)
(cherry picked from commit
a727941affa7821592d503c8a5033c92d615f64c)
Martin Wilck [Thu, 20 Jan 2022 13:31:45 +0000 (14:31 +0100)]
udevadm: cleanup-db: don't delete information for kept db entries
devices with the db_persist property won't be deleted during database
cleanup. This applies to dm and md devices in particular.
For such devices, we should also keep the files under /run/udev/links,
/run/udev/tags, and /run/udev/watch, to make sure that after restart,
udevd has the same information about the devices as it did before
the cleanup.
If we don't do this, a lower-priority device that is discovered in
the coldplug phase may take over symlinks from a device that persisted.
Not removing the watches also enables udevd to resume watching a device
after restart.
Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit
7ec624147a41d80f8e492c9fe19a24e2cda58c25)
(cherry picked from commit
ef7ceef26adb714ef44b2fbc07a219c05a012b42)
Martin Wilck [Fri, 21 Jan 2022 09:44:26 +0000 (10:44 +0100)]
udevadm: cleanup_dir: use dot_or_dot_dot()
which is safer than just checking dent[0].
Also, fix two style issues.
(cherry picked from commit
28d6e8545151d413f8614db9fa790f9f9edbb045)
(cherry picked from commit
494e3c0def197abd4ec88f7b0c3ba331a708d81e)
Anita Zhang [Wed, 19 Jan 2022 21:26:01 +0000 (13:26 -0800)]
oomd: handle situations when no cgroups are killed
Currently if systemd-oomd doesn't kill anything in a selected cgroup, it
selects a new candidate immediately. But if a selected cgroup wasn't killed,
it is likely due to it disappearing or getting cleaned up between the time
it was selected as a candidate and getting sent SIGKILL(s). We should handle
it as though systemd-oomd did perform a kill so that it will check
swap/pressure again before it tries to select a new candidate.
(cherry picked from commit
914d4e99f43761f1ce77b520850cf096aa5196cd)
(cherry picked from commit
c4d89cd602b94ab3baac746395c797ec4da43679)
Anita Zhang [Wed, 19 Jan 2022 18:40:46 +0000 (10:40 -0800)]
oomd: fix race with path unavailability when killing cgroups
There can be a situation where systemd-oomd would kill all of the processes
in a cgroup, pid1 would clean up that cgroup, and systemd-oomd would get
ENODEV trying to iterate the cgroup a final time to ensure it was empty.
systemd-oomd sees this as an error and immediately picks a new candidate even
though pressure may have recovered. To counter this, check and handle
path unavailability errnos specially.
Fixes: #22030
(cherry picked from commit
2ee209466bb51f39ae9df7fec4d5594ce8cfa3f0)
(cherry picked from commit
0456e3aaaae7c21a037f4d3c758463c3ba4d167c)
Yu Watanabe [Wed, 19 Jan 2022 20:24:31 +0000 (05:24 +0900)]
resolve: fix assertion triggered when r == 0
Fixes #22178.
(cherry picked from commit
98b1eb711cfc70776fefd3d4ec437a6a4f9aeff2)
(cherry picked from commit
740dd39e070b3b827cbac37df2a40d61bd9cdb89)
Luca Boccassi [Wed, 19 Jan 2022 00:08:57 +0000 (00:08 +0000)]
core: refuse to mount ExtensionImages if the base layer doesn't at least have ID in os-release
We can't match an extension if we don't at least have an ID,
so refuse to continue
(cherry picked from commit
78ab2b5064a0f87579ce5430f9cb83bba0db069a)
(cherry picked from commit
179bd47f04c538ed1f2c1de2cf2c18f17b027a51)
Luca Boccassi [Wed, 19 Jan 2022 00:01:48 +0000 (00:01 +0000)]
dissect-image: validate extension-release even if the host has only ID in os-release
A rolling distro won't set VERSION_ID or SYSEXT_LEVEL in os-release,
which means we skip validation of ExtensionImages.
Validate even with just an ID, the lower level helper already
recognizes and accepts this use case.
Fixes https://github.com/systemd/systemd/issues/22146
(cherry picked from commit
37361f46d571ad0b71ef99dec6a9b76edbab38bb)
(cherry picked from commit
0dab9e5f057380322755e90ee4d35716d5bf6232)
Luca Boccassi [Wed, 19 Jan 2022 00:27:45 +0000 (00:27 +0000)]
sysext: use LO_FLAGS_PARTSCAN when opening image
Jan 17 12:34:59 myguest1 (sd-sysext)[486]: Device '/var/lib/extensions/myext.raw' is loopback block device with partition scanning turned off, please turn it on.
Fixes https://github.com/systemd/systemd/issues/22146
(cherry picked from commit
70a5c6dce0872b3bb0a39be250adde86a0c8f35c)
(cherry picked from commit
4ef7122f3c3328aa01e1ed187a793e7b1595ee87)
Topi Miettinen [Sat, 27 Nov 2021 10:51:39 +0000 (12:51 +0200)]
namespace: allow ProcSubset=pid with some ProtectKernel options
In case `/proc` is successfully mounted with pid tree subset only due to
`ProcSubset=pid`, the protective mounts for `ProtectKernelTunables=yes` and
`ProtectKernelLogs=yes` to non-pid `/proc` paths are failing because the paths
don't exist. But the pid only option may have failed gracefully (for example
because of ancient kernel), so let's try the mounts but it's not fatal if they
don't succeed.
(cherry picked from commit
788e720181aead8c85ba30fc7ec9a1455a865cbe)
Yu Watanabe [Tue, 21 Dec 2021 11:10:09 +0000 (20:10 +0900)]
meson: fix cross compiling
(cherry picked from commit
3112d756a36993900b70fbff98e69a2a43b970a8)
Daan De Meyer [Wed, 12 Jan 2022 14:44:50 +0000 (14:44 +0000)]
journal: Skip data objects with invalid offsets
We already skip invalid objects, but don't yet skip invalid offsets.
Let's skip these as well to improve robustness when we're dealing with
corrupted journals.
Before:
```
➜ systemd git:(main) build/journalctl -r -n 5 --file ~/Downloads/system@
0005d2b275abaaf8-
f243a2818cb39b98.journal_
Failed to get journal fields: Cannot assign requested address
-- No entries --
```
After:
```
➜ systemd git:(main) ✗ build/journalctl -r -n 5 --file ~/Downloads/system@
0005d2b275abaaf8-
f243a2818cb39b98.journal_
Dec 09 08:32:38 snowball3 NetworkManager[911]: <info> [
1639038758.1464] device (wlp1s0): supplicant interface state: scanning -> authenticating
Dec 09 08:32:38 snowball3 kernel: wlp1s0: send auth to ec:a9:40:79:fb:ad (try 1/3)
Dec 09 08:32:38 snowball3 kernel: wlp1s0: authenticate with ec:a9:40:79:fb:ad
Dec 09 08:32:38 snowball3 wpa_supplicant[1003]: wlp1s0: SME: Trying to authenticate with ec:a9:40:79:fb:ad (SSID='UPC949397B' freq=5500 MHz)
```
(cherry picked from commit
df207ccb7be02b1ca6bdd0a2066a898e5b24ee86)
(cherry picked from commit
556f46aa3b17f4ed6768521137405297c8a99d35)
Benjamin Berg [Mon, 10 Jan 2022 11:35:46 +0000 (12:35 +0100)]
xdg-autostart-service: Ignore missing desktop-sepcific condition binary
If a desktop specific ExecCondition= binary does not exist, this just
means that the desktop environment is not available. As such, it is not
an error condition that should prevent the service from being installed
in the .wants target.
Fix this by simply returning zero.
(cherry picked from commit
6d0aef1dd15088e7379681b3bd93c3cb450f3c55)
(cherry picked from commit
19fbd7764da2e23a89e27b4d95afd77b99f4be87)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 10:32:53 +0000 (11:32 +0100)]
man+docs: adjust links to the new page
(cherry picked from commit
717e92ceb96471251f8242ad4f4c45cc2c68ecc9)
(cherry picked from commit
704d859eeb20fea27cec10c7c6cdb47c59413138)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 09:42:22 +0000 (10:42 +0100)]
policy files: adjust landing page link
(cherry picked from commit
d6e2c1ab7158d52425d3cb72459c5624db12368c)
(cherry picked from commit
944d8d9050b96e690054224e796254dfc18e6681)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 09:39:00 +0000 (10:39 +0100)]
docs: use https:// for fd.o links
(cherry picked from commit
931bc1957b13817fcb0ffe69958dd562202c8e4c)
(cherry picked from commit
e7ed0ba895e53109c1d6f225d7d53605cad8bd8c)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 09:33:57 +0000 (10:33 +0100)]
README: link to the new page
Lennart's blog is now mostly of historical interest, and the wiki
landing page has been replaced by systemd.io.
(cherry picked from commit
2777a4a3bfe153cb675d3d66b383a26043c187b8)
(cherry picked from commit
26271c128ae2b519ecf25ad6cc07e9cf4051c92b)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 09:33:10 +0000 (10:33 +0100)]
NEWS: adjust links to moved pages
All those pages contain a redirect at the top of the page, so it doesn't
make much sense to tell people to take the detour. Linking directly will
also increase the search rankings of the new pages.
(cherry picked from commit
a794a4d87219367e8b24469fcafce83a9f224080)
(cherry picked from commit
2b075f74cb23ba838a29c4b5b898437c8294ddf9)
yangmingtai [Tue, 11 Jan 2022 12:22:11 +0000 (20:22 +0800)]
fix test-string-util failed when locale is not utf8
(cherry picked from commit
647082cf7f07a87c65601626e86c3ed9f78fb387)
(cherry picked from commit
32f33c9474ab89061d799a92a1273b106468e8c6)
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 21:22:21 +0000 (22:22 +0100)]
Revert "core: Add trigger limit for path units"
This reverts commit
4c63c3b00aac56390a44e4c0a9d056426d6ff81d.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 21:21:14 +0000 (22:21 +0100)]
Revert "core: Check unit start rate limiting earlier"
This reverts commit
a82b93092bdd3901a22375a820bfa09db8a39978.
This previous commit.
Zbigniew Jędrzejewski-Szmek [Wed, 12 Jan 2022 21:19:37 +0000 (22:19 +0100)]
Revert "Reintroduce ExitType"
This reverts commit
31b7eefb6c3c8e3da74ef18d864e64d72f542e16.
I included this patch because it is important to fix starting of user units
under KDE [1], but I got lost in all the attempts and reverts, and the backport
is broken [2]. I'll try to do a better backport later.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=
1956022
[2] https://bugzilla.redhat.com/show_bug.cgi?id=
2039888
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jan 2022 19:45:42 +0000 (20:45 +0100)]
Reintroduce ExitType
This introduces `ExitType=main|cgroup` for services.
Similar to how `Type` specifies the launch of a service, `ExitType` is
concerned with how systemd determines that a service exited.
- If set to `main` (the current behavior), the service manager will consider
the unit stopped when the main process exits.
- The `cgroup` exit type is meant for applications whose forking model is not
known ahead of time and which might not have a specific main process.
The service will stay running as long as at least one process in the cgroup
is running. This is intended for transient or automatically generated
services, such as graphical applications inside of a desktop environment.
Motivation for this is #16805. The original PR (#18782) was reverted (#20073)
after realizing that the exit status of "the last process in the cgroup" can't
reliably be known (#19385)
This version instead uses the main process exit status if there is one and just
listens to the cgroup empty event otherwise.
The advantages of a service with `ExitType=cgroup` over scopes are:
- Integrated logging / stdout redirection
- Avoids the race / synchronisation issue between launch and scope creation
- More extensive use of drop-ins and thus distro-level configuration:
by moving from scopes to services we can have drop ins that will affect
properties that can only be set during service creation,
like `OOMPolicy` and security-related properties
- It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously
only services can be used in the generator, not scopes.
[1] https://bugs.kde.org/show_bug.cgi?id=433299
(cherry picked from commit
596e447076b27d103a30c26a68626e9820ac705b)
Daan De Meyer [Tue, 24 Aug 2021 15:46:47 +0000 (16:46 +0100)]
core: Check unit start rate limiting earlier
Fixes #17433. Currently, if any of the validations we do before we
check start rate limiting fail, we can still enter a busy loop as
no rate limiting gets applied. A common occurence of this scenario
is path units triggering a service that fails a condition check.
To fix the issue, we simply move up start rate limiting checks to
be the first thing we do when starting a unit. To achieve this,
we add a new method to the unit vtable and implement it for the
relevant unit types so that we can do the start rate limit checks
earlier on.
(cherry picked from commit
9727f2427ff6b2e1f4ab927cc57ad8e888f04e95)
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jan 2022 12:36:39 +0000 (13:36 +0100)]
nss: only read logging config from environment variables
log_parse_environment() uses should_parse_proc_cmdline() to determine whether
it should parse settings from the kernel command line. But the checks that
should_parse_proc_cmdline() apply to the whole process, and we could get a positive
answer also when log_parse_environment() was called from one of the nss modules.
In case of nss-modules, we don't want to look at the kernel command line.
log_parse_environment_variables() that only looks at the environment variables
is split out and used in the nss modules.
Fixes #22020.
(cherry picked from commit
a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7)
Zbigniew Jędrzejewski-Szmek [Tue, 11 Jan 2022 12:23:27 +0000 (13:23 +0100)]
nss: drop dummy setup_logging() helpers
log_parse_environment() stopped being a macro in
9fdee66f2d9.
As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020,
the comment was out of date.
(cherry picked from commit
56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9)
Daan De Meyer [Fri, 17 Dec 2021 19:01:31 +0000 (20:01 +0100)]
core: Add trigger limit for path units
When conditions fail on a service unit, a path unit can cause
PID 1 to busy loop as it keeps trying to activate the service unit.
To avoid this from happening, add a trigger limit to the path unit,
identical to the trigger limit we have for socket units.
Initially, let's start with a high limit and not make it configurable.
If needed, we can add properties to configure the rate limit similar
to the ones we have for socket units.
(cherry picked from commit
aaae822b37aa3ca39aebb516fdc6bef36d730c25)
Zbigniew Jędrzejewski-Szmek [Tue, 30 Nov 2021 21:29:05 +0000 (22:29 +0100)]
shared/rm-rf: loop over nested directories instead of instead of recursing
To remove directory structures, we need to remove the innermost items first,
and then recursively remove higher-level directories. We would recursively
descend into directories and invoke rm_rf_children and rm_rm_children_inner.
This is problematic when too many directories are nested.
Instead, let's create a "TODO" queue. In the the queue, for each level we
hold the DIR* object we were working on, and the name of the directory. This
allows us to leave a partially-processed directory, and restart the removal
loop one level down. When done with the inner directory, we use the name to
unlinkat() it from the parent, and proceed with the removal of other items.
Because the nesting is increased by one level, it is best to view this patch
with -b/--ignore-space-change.
This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=
2024639.
The issue was reported and patches reviewed by Qualys Team.
Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.
(cherry picked from commit
5b1cf7a9be37e20133c0208005274ce4a5b5c6a1)
(cherry picked from commit
911516e1614e435755814ada5fc6064fa107a105)
Zbigniew Jędrzejewski-Szmek [Tue, 23 Nov 2021 15:56:42 +0000 (16:56 +0100)]
shared/rm_rf: refactor rm_rf() to shorten code a bit
(cherry picked from commit
84ced330020c0bae57bd4628f1f44eec91304e69)
(cherry picked from commit
664529efa9431edc043126013ea54e6c399ae2d3)
Zbigniew Jędrzejewski-Szmek [Tue, 23 Nov 2021 14:55:45 +0000 (15:55 +0100)]
shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
(cherry picked from commit
3bac86abfa1b1720180840ffb9d06b3d54841c11)
(cherry picked from commit
47741ff9eae6311a03e4d3d837128191826a4a3a)
Zbigniew Jędrzejewski-Szmek [Tue, 23 Nov 2021 14:05:58 +0000 (15:05 +0100)]
tmpfiles: 'st' may have been used uninitialized
(cherry picked from commit
160dadc0350c77d612aa9d5569f57d9bc84c3dca)
Lennart Poettering [Tue, 5 Oct 2021 08:32:56 +0000 (10:32 +0200)]
rm-rf: optionally fsync() after removing directory tree
(cherry picked from commit
bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2)
Lennart Poettering [Tue, 26 Jan 2021 15:30:06 +0000 (16:30 +0100)]
rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
This splits out rm_rf_children_inner() as body of the loop. We can use
that to implement rm_rf_child() for deleting one specific entry in a
directory.
(cherry picked from commit
1f0fb7d544711248cba34615e43c5a76bc902d74)
Jan Janssen [Sun, 9 Jan 2022 13:22:15 +0000 (14:22 +0100)]
boot-timestamps: Discard firmware init time when running in a VM
Fixes: #22060
(cherry picked from commit
f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e)
(cherry picked from commit
3c5c13f82c760c7067bb189484e1f672ff6713f6)
Zbigniew Jędrzejewski-Szmek [Fri, 7 Jan 2022 08:52:19 +0000 (09:52 +0100)]
man: add missing example title in systemd.network(5)
Also rename the file to match the example being extended.
(cherry picked from commit
55ac274ef4c1661f3053ae3a709202c918365f3b)
(cherry picked from commit
d1612a7163b2c2fa2499738040da39ab24ef1b63)
Zbigniew Jędrzejewski-Szmek [Fri, 7 Jan 2022 14:23:55 +0000 (15:23 +0100)]
seccomp: move arch_prctl to @default
It was reported as used by the linker:
> [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start.
> My local call stack (with LTO):
>
> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2)
> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2)
> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2)
> #3 _start (/usr/lib64/ld-linux-x86-64.so.2)
>
> Looking through the source, I think it's this (links for glibc 2.34):
> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features.
> - Then init_cpu_features calls get_cet_status.
> - At last, get_cet_status invokes arch_prctl.
Fixes #22033.
(cherry picked from commit
5f02870a74aa3a758115cc9bd6d68f239caf8453)
(cherry picked from commit
d08f6ff204c8525f7533875128468afb8be60ae0)
Yu Watanabe [Wed, 5 Jan 2022 13:06:03 +0000 (22:06 +0900)]
fstab-generator: also skip other network filesystems and live image
(cherry picked from commit
155e1bb4e7cf87191007488cf6a68a558a16eca1)
(cherry picked from commit
41134e766aa2a0f6f013d46689215c5ec86a7e5d)
Yu Watanabe [Wed, 5 Jan 2022 10:24:46 +0000 (19:24 +0900)]
fstab-generator: skip root directory handling when nfsroot is requested
Fixes RHBZ#
2037233 (https://bugzilla.redhat.com/show_bug.cgi?id=
2037233).
(cherry picked from commit
77b8e92de8264c0b656a7d2fb437dd8d598ab597)
(cherry picked from commit
7ca41c509e6549abbfc753e560c822b5e32a63cc)
Markus Weippert [Tue, 4 Jan 2022 12:56:11 +0000 (13:56 +0100)]
homed: stop before stopping dbus
Otherwise, systemd-homed-active.service will fail to deactivate all
homes because homectl can no longer talk to homed if dbus stops first.
As a result, /home cannot be umounted.
Doing this on systemd-homed-active.service instead works as well, but
systemd-homed will exit 1 if dbus is already shut down.
(cherry picked from commit
e00a25a7b41bd45ab73b47cbd94b3af909b8f8a1)
(cherry picked from commit
11f3040d0a1eee663acedda1bdb9aa450c22f2a4)
Mike Gilbert [Wed, 5 Jan 2022 04:43:10 +0000 (23:43 -0500)]
test-watchdog: mark as unsafe
If something goes wrong with this test it may result in an unsafe
system restart. Let's avoid running it automatically.
See https://github.com/systemd/systemd/issues/22001.
(cherry picked from commit
70652c2a6fa9c06c7faac62f41c72e2e4eaa9340)
(cherry picked from commit
4c0ed19c520a8944f68f613edc3acbd0471dcc81)
Zbigniew Jędrzejewski-Szmek [Wed, 5 Jan 2022 14:10:33 +0000 (15:10 +0100)]
logind: do not propagate error in delayed action
If the action failed, we should log about the issue, and continue.
Exiting would bring the graphical session down, which of course is not
appreciated by users.
As documented in previous commits, a non-negative return from the callback
doesn't matter, so the callback is simplified a bit.
Fixes #21991.
(cherry picked from commit
8207b8321bbbcbd19a345deb77d455d98e6ffb84)
(cherry picked from commit
fb9bbbee6a3c09b75817f9f343176fa2170fdb31)
Yu Watanabe [Wed, 5 Jan 2022 09:26:46 +0000 (18:26 +0900)]
backlight: ignore error if the backlight device is already removed
Fixes #21997.
(cherry picked from commit
f0f65087834198d4dabf8b389ddc34223400aab7)
(cherry picked from commit
b4c57e1b1c249f28f13a86637d8854c920bcf26d)
Zbigniew Jędrzejewski-Szmek [Tue, 4 Jan 2022 09:39:53 +0000 (10:39 +0100)]
hwdb: fix check for uppercasedness of match patterns
The check was added in
77547d5313ea916d2fb64ca5a8812734e9b50f92, but
it doesn't work as expected. Because the second part is wrapped in Optional(),
it would silently "succeed" when the lowercase digits were in the second part:
>>> from parse_hwdb import *
>>> g = 'v' + upperhex_word(4) + Optional('p' + upperhex_word(4))
>>> g.parseString('v04D8pE11C*')
(['v', '04D8', 'p', 'E11C'], {})
>>> g.parseString('v04D8pe11c*')
(['v', '04D8'], {})
The following matches are OK:
usb:v0627p0001:*QEMU USB Keyboard*
usb:v0627p0001:*
usb:v0627p0001*
usb:v0627*
(cherry picked from commit
1a37237e2ffe6dfe142224a9d9e8b24135e93244)
(cherry picked from commit
697ec43fc5b0dcefbad92e5616eaa5f3407d407f)
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jan 2022 16:53:29 +0000 (17:53 +0100)]
basic/log: allow errno values higher than 255
When the support for "synthetic errno" was added, we started truncating
the errno value to just the least significant byte. This is generally OK,
because errno values are defined up to ~130.
The docs don't really say what the maximum value is. But at least in principle
higher values could be added in the future. So let's stop truncating
the values needlessly.
The kernel (or libbpf?) have an error where they return 524 as an errno
value (https://bugzilla.redhat.com/show_bug.cgi?id=
2036145). We would
confusingly truncate this to 12 (ENOMEM). It seems much nicer to let
strerror() give us "Unknown error 524" rather than to print the bogus
message about ENOMEM.
(cherry picked from commit
5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93)
(cherry picked from commit
cd686fe4c719bfb894bd24d673c51f19cea64643)
Yu Watanabe [Sun, 2 Jan 2022 18:44:50 +0000 (03:44 +0900)]
missing-syscall: add __NR_openat2
(cherry picked from commit
d96ad9e8cb9fc8a9adfeebf69a645b809705daa0)
(cherry picked from commit
cd88d010e862d26ce816eb3bd6735a80999ac41e)
Yu Watanabe [Sun, 2 Jan 2022 18:48:10 +0000 (03:48 +0900)]
syscalls: update syscall definitions
(cherry picked from commit
0c718b1a67cd0d3512eafeb4659458694bf3865b)
(cherry picked from commit
7e338876577cb328632ce3e7753c0130b54dd7a2)
Yu Watanabe [Fri, 31 Dec 2021 00:13:00 +0000 (09:13 +0900)]
nss-myhostname: do not apply non-zero offset to null pointer
Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-
1003216503.
(cherry picked from commit
92e9df9ca031b9b04487a46afd986ab3122183fd)
(cherry picked from commit
a473bfb4332ad6b0a0894135c4de0f8cc324d378)
Yu Watanabe [Thu, 30 Dec 2021 21:59:42 +0000 (06:59 +0900)]
nss-systemd: fix alignment of gr_mem
Follow-up for
1e65eb8f9b7d567462030b2e625998d77677e636.
Fixes #21935.
(cherry picked from commit
420a35c1fadfb4d67be6316436233d98b5688de5)
(cherry picked from commit
9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35)
Yu Watanabe [Thu, 30 Dec 2021 15:31:51 +0000 (00:31 +0900)]
nss-systemd: fix required buffer size calculation
This also fixes the pointer assigned to the gr_mem element of struct group.
Fixes a bug introduced by
47fd7fa6c650d7a0ac41bc89747e3b866ffb9534.
Fixes #21935.
(cherry picked from commit
1e65eb8f9b7d567462030b2e625998d77677e636)
(cherry picked from commit
17227e81ab8a9bdfac679d450ed35434435a6ff8)
Yu Watanabe [Thu, 30 Dec 2021 15:11:01 +0000 (00:11 +0900)]
sysusers: use filename if /proc is not mounted
During system install, /proc may not be mounted yet.
Fixes RHBZ#
2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=
2036217).
(cherry picked from commit
b78d7f246899687a1697cdcebe93d8512c5e7c4b)
(cherry picked from commit
747b4f1ff8aac3a1b800b0a7ac0edef4af34da70)
Noel Kuntze [Thu, 30 Dec 2021 11:49:23 +0000 (12:49 +0100)]
network: complete example for xfrm setup
(cherry picked from commit
0d03e672a97c6ee85f563648e1ff40c88ce81d85)
(cherry picked from commit
19bb2b8443598e80a4da391e70211d6576b2a144)
Luca Boccassi [Thu, 30 Dec 2021 00:54:32 +0000 (00:54 +0000)]
systemd-run: ensure error logs suggest to use '--user' when appropriate
Before:
$ systemd-run --service-type=notify --user false
Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code.
See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details.
After:
$ systemd-run --service-type=notify --user false
Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code.
See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details.
Fixes https://github.com/systemd/systemd/issues/21933
(cherry picked from commit
466f2351bbb5c0fdc9f153e35506570e59b14c5f)
(cherry picked from commit
b59615dc76cf82bd1fca301220ee0b7961cbcacd)
Luca Boccassi [Thu, 30 Dec 2021 00:53:29 +0000 (00:53 +0000)]
dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one()
And pass it through to bus_wait_for_jobs()
(cherry picked from commit
86980de64bf8c03505eec729808f52f3b3042998)
(cherry picked from commit
0c4fe2e3dcde8225006a36cff643c112bd6c6523)
Mike Gilbert [Sat, 25 Dec 2021 00:20:36 +0000 (19:20 -0500)]
random-util: use ssize_t for getrandom return value
This matches the prototype provided by glibc.
(cherry picked from commit
289b41aae7356b7a6c72ff4a3476193a084ff33f)
(cherry picked from commit
4d889024ef5ba1edc5d967a010a2551e0826e5d7)
Yu Watanabe [Thu, 23 Dec 2021 12:45:29 +0000 (21:45 +0900)]
sd-journal: fix segfault when match_new() fails
Fixes #21867.
(cherry picked from commit
39dfc0de05238410e2cd4d7c0176a3f3994cc563)
Yu Watanabe [Thu, 23 Dec 2021 12:35:29 +0000 (21:35 +0900)]
sd-journal: free incomplete match on failure
(cherry picked from commit
418cce628cf28d4feaeda60241cf9781f8afbf1c)
Ludwig Nussel [Tue, 21 Dec 2021 10:38:49 +0000 (11:38 +0100)]
machined: set TTYPath for container shell
TTYPath is needed for proper utmp registration of the shell to
receive wall messages.
(cherry picked from commit
a9c97bbbfb271d68b2ca4f3aa346fdf5e9c70c27)
Tom Yan [Sun, 19 Dec 2021 17:30:38 +0000 (01:30 +0800)]
repart: use real disk start/end for bar production
Partitions are not always within our aligned scope. Bar printing
involves foreign partitions as well.
Fixes #21817.
(cherry picked from commit
d8daed09f37bc9f8ecb9268a4e371f65aec8b24a)
Yu Watanabe [Mon, 20 Dec 2021 11:48:32 +0000 (20:48 +0900)]
journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74
(cherry picked from commit
30df858f43b14a55c6650b43bea12cbf2cc0bc67)
Zbigniew Jędrzejewski-Szmek [Sat, 18 Dec 2021 16:03:43 +0000 (17:03 +0100)]
man: correctly document default for DNSSEC= and DNSoverTLS=
https://bugzilla.redhat.com/show_bug.cgi?id=
1926323
(cherry picked from commit
e803cf21393c9e49cb47903365f436a07a6fa3ba)
Zbigniew Jędrzejewski-Szmek [Tue, 14 Dec 2021 18:39:36 +0000 (19:39 +0100)]
man: describe flags for record resolving
(cherry picked from commit
c6f20515ab600098b5c2871bae2e9ecab3b41555)
Zbigniew Jędrzejewski-Szmek [Tue, 14 Dec 2021 17:48:25 +0000 (18:48 +0100)]
man: describe $SYSTEMD_NSS_RESOLVE_VALIDATE
This variable has a pretty important effect, but we didn't mention it
anywhere in the docs. It was added in
aee9d18c8d909eb7aca2838e4bce5da018b6a112.
(cherry picked from commit
1c4539afc08f2ce4af70d32e2dcd6a3fd414c0ef)
Mike Gilbert [Mon, 20 Dec 2021 00:39:37 +0000 (19:39 -0500)]
basic: add a size check to format timex members properly
As of glibc-2.34, the size of members in struct timex varies depending on
the _TIME_BITS macro.
Fixes: https://github.com/systemd/systemd/issues/21826
(cherry picked from commit
9a723ed6e80e3078969567f7cb551535d2fb00bd)
projects / systemd / .git / log