git-history.diyao.me Git - systemd/.git/log

kernel-install/90-loaderentry: fix when /boot is not mountpoint

I happen to have a machine where /boot is not a separate mountpoint,
but rather just a directory under /. After upgrade to recent Fedora,
I found out that grub2 can't find any new kernels.

This happens because loadentry script generates kernel and initrd file
paths relative to /boot, while grub2 expects path to be relative to the
root of filesystem on which they are residing.

This commit fixes this issue by using stat's %m to find the mount point
of a partition holding the images, and using it as a prefix to be
removed from ENTRY_DIR_ABS.

Note that %m for stat requires coreutils 8.6, released in Oct 2010.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 1cdbff1c844ce46f1d84d8feeed426ebfd550988)
(cherry picked from commit 2ee1c57c4ff4fd3349cf03c2e89fbd18ca0b3a4a)
(cherry picked from commit 325edff51a8f03c8c777a6c2762e7891266cc9dc)
(cherry picked from commit 3ceaa81c61b654ebf562464d142675bd4d57d7b6)

nspawn: fix fd leak on failure path

(cherry picked from commit 2fef50cd9eee59cea6145639f6bd464939fac624)
(cherry picked from commit f2763ff6cd9385e82171e17ed83a7698c7f561fd)
(cherry picked from commit 8bc7ff600f065106eed3cad5689ad5db6ab68583)
(cherry picked from commit ecbb5a4f6796cbb9d370ab881155ed1b29142c8f)

nspawn: check return of setsid()

Let's verify that everything works the way we expect it to work, hence
check setsid() return code.

(cherry picked from commit efe426624046089b74b70708e61f304f3cd414a7)
(cherry picked from commit 6f9c8af500fd4362d656917703eab4f941e7e45a)
(cherry picked from commit a049ddfc61e20b19fbb64d59602e25e8ccad140e)
(cherry picked from commit a09947ddd473bd5d73789a92db6a09c128bb6db9)

dissect: is_loop_device() returns negative on error, don't mistake that is true

(cherry picked from commit 3afda7c7976c25db786948a961873fa5c2c8e0e9)
(cherry picked from commit 31875b3cb05a2de76054752d40a810e40c8dbe87)
(cherry picked from commit 0dccd1f82b8f8b30bd6b059eba9254a08fa54861)
(cherry picked from commit 334f8e2e8fe07e1034d8ae1f94a02312ff19c0ce)

dissect: always invalidate secondary arch partitions if we found primary arch

Let's suppress the secondary arch data, since we never ever want to
mount it if we found the primary arch.

Previously we only suppressed in the Verity case, but there's little
reason to entertain the idea of a secondary arch in non-Verity
environments either, we are not going to use them, and should not do
decryption or anything like that.

(cherry picked from commit 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f)
(cherry picked from commit 418cf0e78c067f7249f4769f78c8c199d907935f)
(cherry picked from commit 7f2b6a50d3c47da8a697f50c0bc191902ebec069)
(cherry picked from commit b6efbbfb001a41c4e74a716f73c67abe8250594e)

util: wireguard is merged into upstream kernel

(cherry picked from commit e29e5db7dff1442ef73cbcd0c898e11078e1042d)
(cherry picked from commit 1d17c00260a923188363fc32363ff8b6bae06230)
(cherry picked from commit bc321efb7a1c253f1bf584d97303c447db68a8e8)
(cherry picked from commit dc5c5cd5c864aaae8c2695c2b833d556d8df0f98)

busctl: add missing shortopt -l

(cherry picked from commit 150c430fd499082164b6ddbd2f501e2333261a78)
(cherry picked from commit d08f6fddc0a04a212dff9da14f77e3923414c233)
(cherry picked from commit 277b8bb5981160b3cc6b0525414df6a5e1841b19)
(cherry picked from commit f4777883f987929a0c618355a9dec6649adebaed)

bootctl: handle if LoaderSystemToken is invalid for some reason

This points to some firmware issue, but we should still be able to
correct things if this happens. Hence log about this and fix it.

Fixes: #17041
(cherry picked from commit ad0b610b0c1c2595c32b6235e7ac5ad7fba6e0aa)
(cherry picked from commit a06cf9a5bad917b9ac6016c940c5f0f0238f266f)
(cherry picked from commit 387881ae21acc1022c5c8c17f273ecc254fffe24)
(cherry picked from commit 9f6249eb7fe14ea975dd9d48681408005f598fe4)

hashmap: make sure to initialize shared hash key atomically

if we allocate a bunch of hash tables all at the same time, with none
earlier than the other, there's a good chance we'll initialize the
shared hash key multiple times, so that some threads will see a
different shared hash key than others.

Let's fix that, and make sure really everyone sees the same hash key.

Fixes: #17007
(cherry picked from commit ae0b700a856c0ae460d271bb50dccfaae84dbcab)
(cherry picked from commit e662cf6d515daad19e70c3d85e244b213ac48997)
(cherry picked from commit 1557cfcf7ce1f2b9f2dbd28e1f9ee9fad606dec0)
(cherry picked from commit bda316cc0a2650f8bf1f1e8c60ef7a7e639189ec)

backlight: do not claim that ID_BACKLIGHT_CLAMP= property is not set

(cherry picked from commit 06d98bdc81b233584d4b225892d358f324b7030b)
(cherry picked from commit 8758580ef561d9889990c89283acf82f8a9a66dc)
(cherry picked from commit 1c12ac48ad030aebfb473078a283ba262cc35549)
(cherry picked from commit b80ea9e3da726f6d545534d83e80c4271914b491)

coredump: don't convert s → µs twice

We already append 000000 early on when parsing the cmdline args, let's
not do that a second time.

Fixes: #16919
(cherry picked from commit 64a5384fd2cde9b66a778c318036e7771f273f17)
(cherry picked from commit 2239965c299e53db961f4294ccd5cbbda4f377df)
(cherry picked from commit a46a8189e370a5f1b58f0cf7158386cee4555fb4)
(cherry picked from commit c829f6e7ca5a3480c5995deb96ee77643128e546)

firstboot: fill empty color if ansi_color unavailable from os-release

(cherry picked from commit ae0d36c161ef0b8bde08d37674eb500061245728)
(cherry picked from commit 61d29b7f8c57898ba1a15a8fab90fde7c95efbc6)
(cherry picked from commit fe01ff05031f58658b092f57c515a98956ebf218)
(cherry picked from commit bb9d872398f3d6d5dae4049d66669352c9d22e21)

resolved: make sure we initialize t->answer_errno before completing the transaction

We must have the error number around when completing the transaction.
Let's hence make sure we always initialize it *first* (we accidentally
did it once after).

Fixes: #11626
(cherry picked from commit fd8a30170342cfe245ea6acac392c2b224f0ae1b)
(cherry picked from commit 38ae73fafd39915e7b40fe311165fcec79fc0ee8)
(cherry picked from commit 54948d498a7b0ad446907ff51ecd549484d517bb)
(cherry picked from commit 156570cc774bd129e889c6a44c094189ac0e8fb1)

src/shared/dissect-image.c: fix build without blkdid (#16901)

N_DEVICE_NODE_LIST_ATTEMPTS is unconditionally used since version 246 and
https://github.com/systemd/systemd/commit/ac1f3ad05f7476ae58981dcba45dfeb2c0006824

However, this variable is only defined if HAVE_BLKID is set resulting in
the following build failure if cryptsetup is enabled but not libblkid:

../src/shared/dissect-image.c:1336:34: error: 'N_DEVICE_NODE_LIST_ATTEMPTS' undeclared (first use in this function)
1336 | for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) {
|

Fixes:
- http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd
(cherry picked from commit 28e2641a1aa506c5df93c7a0cb107aed8297b45e)
(cherry picked from commit d6b1e659b366283fe7c7961c3d1e1550c6b1b1eb)
(cherry picked from commit 2cba282b0c0d0cae7903f9953220efe798f5c7ec)
(cherry picked from commit 02bba02fa699732881d4ac771dc5b11c00ec459c)

analyze: fix error handling in one case

(cherry picked from commit 0f849d0af983922e1571b958c9ca42f51e799190)
(cherry picked from commit e42f9add21da833ce2d26d4763c022aceec20853)
(cherry picked from commit f1d740fdb177b912c8a600cd786258f992313f08)
(cherry picked from commit 13cb5986312bf877dd301087f72c13e4b4a620f9)

units: add missing usb-gadget.target

(cherry picked from commit dd050420390c6557354b0e3aaecd52abc4bf906c)
(cherry picked from commit 4804ce148812b0f682e2c0fe16b4677ba0fc556d)
(cherry picked from commit 4db76e17a469c8f15ac818263c145c1b66356e79)
(cherry picked from commit 6ab20e9f3b047dc24e2c2c35e8df2159eb4691ba)

login/logind: Include sys/stat.h for struct stat usage

We need to include `<sys/stat.h>` for usage of the `struct stat` in
the Manager struct, much as we already include `<stdbool.h>` for C99
booleans.

This helps alleviate another minor build failure on non-glibc systems.

(cherry picked from commit 97207ac85cb8f8cba9459694255ff0396f020279)
(cherry picked from commit 2fb612371dfec40a90be975f9110341cac42300d)
(cherry picked from commit e88aec2c30d1fafcca457489bf2ecb7075431992)
(cherry picked from commit 9ef259dd4d8bd38634628a503226835ff6c50e6e)

missing: Add new Linux capability

Yet another new capability coming in Linux kernel v5.9.
Make sure we can recongize them even when built with older kernel headers.

(cherry picked from commit 94d21c2ef6cd6bb035d4c21c98ab001c0abd4cbe)
(cherry picked from commit 23529212447e6a836440e0729c3562d8e0d4c891)
(cherry picked from commit 31d80185883792a9dad1519ee147a3c9e02f960c)
(cherry picked from commit 34b4dc64c6358c4dd5989778db86c4d90dadb4c9)

path: Improve $PATH search directory case

Previously:

1. last_error wouldn't be updated with errors from is_dir;
2. We'd always issue a stat(), even for binaries without execute;
3. We used stat() instead of access(), which is cheaper.

This change avoids all of those, by only checking inside X_OK-positive
case whether access() works on the path with an extra slash appended.
Thanks to Lennart for the suggestion.

(cherry picked from commit 33e1a5d8d3f792e1d98377fe439e123231032ec7)
(cherry picked from commit a4236a27644705e58836f5d547d5aef50d568c11)
(cherry picked from commit 6a30d4e98032575d385a09d15782be74cbef6dfe)
(cherry picked from commit 0783b4f8cecda4f21e9021495377e2c807a32a5e)

path: Skip directories when finalising $PATH search

Imagine $PATH /a:/b. There is an echo command at /b/echo. Under this
configuration, this works fine:

    % systemd-run --user --scope echo .
    Running scope as unit: run-rfe98e0574b424d63a641644af511ff30.scope
    .

However, if I do `mkdir /a/echo`, this happens:

    % systemd-run --user --scope echo .
    Running scope as unit: run-rcbe9369537ed47f282ee12ce9f692046.scope
    Failed to execute: Permission denied

We check whether the resulting file is executable for the performing
user, but of course, most directories are anyway, since that's needed to
list within it. As such, another is_dir() check is needed prior to
considering the search result final.

Another approach might be to check S_ISREG, but there may be more gnarly
edge cases there than just eliminating this obviously pathological
example, so let's just do this for now.

(cherry picked from commit 8b5cb69bc8b70d1dcc39ed2165907723099bd9d8)
(cherry picked from commit b7cef386bd1bc810f5bb12d84c2ec4d6428231e3)
(cherry picked from commit 0752452dc504be958c38af7d49ef5b729b28de5c)
(cherry picked from commit d0735d81d406d51d320b190e522979200f5b3a8e)

rules: don't install 80-drivers.rules when kmod is disabled

(cherry picked from commit dd47b25220f69f869679089da5cc848cf9cd0c78)
(cherry picked from commit 122945f315c8ccb1ecaf8384aff85931791d45d3)
(cherry picked from commit 7d250c485fe5c0974b226767b3744e0c543ae005)
(cherry picked from commit 436872f995d712736ca917aa903921448831bbe2)

zsh: correct journalctl command completion parsing

(cherry picked from commit 45b156c1559da468f1c12aa5170858574c9b5831)
(cherry picked from commit 42fab2d454a33f11d545db1d5e90d73deaf4dd9e)
(cherry picked from commit 2d0e391967ac53e1b011c63304c7ade98a3797c7)
(cherry picked from commit 342dc4c15f30d0c9ef4558e5245bccfe2077376b)

basic/missing_syscall: fix syscall numbers for arm64 :(

(cherry picked from commit b6ce3d2c0152a17210bb7fd31bb92a289f181a57)
(cherry picked from commit ed3f97f9625f6349045a4b80581bbf76cc4fcdbd)
(cherry picked from commit 77dddecfd0ca9200d8d241d3baf8a00cb640bd75)
(cherry picked from commit fec0bb6df444c8dd9067ec93e1398476a5fef858)

shared/install: fix preset operations for non-service instantiated units

Fixes https://github.com/coreos/ignition/issues/1064.

(cherry picked from commit 47ab95fe4315b3f7ee5a3694460a744bb88c52fd)
(cherry picked from commit ba6e7f7c46d916a7eacddc17edb8be3e4f4dd67e)
(cherry picked from commit 79638f63d6ddfe75f05d6936baff5de7f4253fe2)
(cherry picked from commit bea900bb318c094f2bc029a73afdfa02cc56911c)

user-runtime-dir: deal gracefully with missing logind properties

Fixes: #16685
(cherry picked from commit 5d1e68b49489574ef57947c5f1adfc761547eea9)
(cherry picked from commit 6cd058f305dce7aa6b20d88496b80a5dd25745d3)
(cherry picked from commit 590b9f585c77848b6df1d254dc51bb736cfc192d)
(cherry picked from commit 677fb2b663e25484e91f16ffad16c118c46e7879)

shared/seccomp: do not use ifdef guards around textual syscall names

It is possible that we will be running with an upgraded libseccomp, in which
case libseccomp might know the syscall name, even if the number is not known at
the time when systemd is being compiled. The guard only serves to break such
upgrades, by requiring that we also recompile systemd.

For s390-specific syscalls, use a define to exclude them, so that that we don't
try to filter them on other arches.

(cherry picked from commit 6da432fd542af5553742b905a0f87a825a28a399)
(cherry picked from commit 6a2d73638d8c710676107aedd7ad02abcb47975d)
(cherry picked from commit b92dbd67decb443cfc35b357fb6e627e4148aadf)
(cherry picked from commit 11a97bc230f62e8c94559ccf656d3e0236429561)

machine-id-setup: don't use KVM or container manager supplied uuid if in chroot env

Fixes: #16758
(cherry picked from commit 1f894e682cb34d8d713378d01dc0565b7b5a245f)
(cherry picked from commit 7355ac9689e9213e0d4a1f1ed7f41e736842ec5c)
(cherry picked from commit 52634dadb58d48527f758fe2604ca677e4fe5d3c)
(cherry picked from commit d411a4d6a629095bb234e8f8451c18c0a70fe3e2)

analyze-security: do not assign badness to filtered-out syscalls

Fixes #16451, https://bugzilla.redhat.com/show_bug.cgi?id=1856273.

(cherry picked from commit 01ecb3674ad3650bcbb14155b2dcbd4b9f4ed57e)
(cherry picked from commit 8b62cadf368cf017ad3c7921e6b39ddd664f74e2)
(cherry picked from commit 1997c2788855ab359abf7a1667164042e4936aa9)
(cherry picked from commit 9b078df0ba01f2bcfde54aee698500a3804ec71e)

load-fragment: fix grammar in error messages

(cherry picked from commit 556a7bbed607ec8cbbf4affc5d862ef92403418e)
(cherry picked from commit 76331f86f630bd884f2e16a36d66c55b2b22c8e1)
(cherry picked from commit 6cf2ec5da11488c31415f94180ad799a0187ce6c)
(cherry picked from commit da0cc77b520cc8b1f96ad8f5124d7a70c4001e74)

test: accept that char device 0/0 can now be created witout privileges

Fixes: #16721
(cherry picked from commit 5b5ce6298e5a1c09beacd5c963e2350979cbf94a)
(cherry picked from commit f44ec1de15ca64babe4d6686765333b326036cb8)
(cherry picked from commit 9d3eb2111555a3a485db68cb331c08ab9fbeeb12)
(cherry picked from commit 74d7c53e5fd3edcd568b05197868714ac1a22e0c)

tools/make-man-index: fix purpose text that contains tags

(cherry picked from commit f3317336450e1145b97ae9e38bd626f3d4c88eb8)
(cherry picked from commit 946e4c43bb4ac189259b3cbc035400ca90a8148f)
(cherry picked from commit 31c85925a9c1de385be0a0bab3574bf3e2aa3987)
(cherry picked from commit 5c35bcf3291839f6223e5d3e123765164fce61bd)

Newer Glibc use faccessat2 to implement faccessat

cf https://repo.or.cz/glibc.git/commit/3d3ab573a5f3071992cbc4f57d50d1d29d55bde2

This cause breakage on Fedora Rawhide: https://bugzilla.redhat.com/show_bug.cgi?id=1869030

(cherry picked from commit bcf08acbffdee0d6360d3c31d268e73d0623e5dc)
(cherry picked from commit 0d026c9b0d2fbf62d0a69aa1715ccb4f7c6dc2fe)
(cherry picked from commit 458129fa078ef0128f0cc255293139efbe032417)
(cherry picked from commit da1eb548fbb674d9d11fb6137956fec2b155a066)

_sd-common.h: avoid parsing errors with Coverity

The commit 1070d271fa8fa553d57dd5f74dd1e3f60732d0b9 which was supposed
too fix this does not seem to take effect any more.  We get again 34%
compilation success rate while scanning systemd itself.  Moreover, the
installed header file breaks compilation of programs that include it:

"/usr/include/systemd/_sd-common.h", line 23: error #35: #error directive: "Do
          not include _sd-common.h directly; it is a private header."
  #  error "Do not include _sd-common.h directly; it is a private header."
     ^

(cherry picked from commit 4191b3282afbca9f1ef333f91bb6566c374da1fe)
(cherry picked from commit 5aec8fe54e47dbffc9ed705e4211f935bdca1550)
(cherry picked from commit 42f329455667e48131c2a8d3d63f5ce2211d9a92)
(cherry picked from commit d091e19bbdceafa915e63f71e13bb1e1955a62f5)

nspawn: Fix incorrect usage of putenv

strv_env_get only returns the environment variable value. putenv expects
KEY=VALUE format strings. Use setenv instead to fix the use.

(cherry picked from commit 6f646e01755df587bb33dae4ca78cdaad5721f5e)
(cherry picked from commit b81504a3c76bfb3afd339cb74988892f9dccedd1)
(cherry picked from commit 492a8b34178cf851ded4f23815d1182025bbbf8a)
(cherry picked from commit d56055f47f5ba86e0f56126e364b1939d035001f)

udev: fix codesonar warnings

Fixed below systemd codesonar warning.
isprint() is invoked here with an argument of signed
type char, but only has defined behavior for int arguments that are
either representable as unsigned char or equal to the value
of macro EOF(-1).

As per codesonar report, in a number of libc implementations, isprint()
function implemented using lookup tables (arrays): passing in a
negative value can result in a read underrun.

(cherry picked from commit e7e954243a17cceb5278aac6249ee0dcc119b1eb)
(cherry picked from commit 1b9c95bfbf7e5fc32e033851bf06f0a9f7f9f08b)
(cherry picked from commit 674a2beff0ac7b1cb0358401d6f64d726bca4e4f)

sd-boot: fix -Wpointer-sign warning

(cherry picked from commit efda8aebcb0e3731ba56fa11499f318a50ea4e30)
(cherry picked from commit 16477684d2922b17c63e6799225bf2b92a020a80)

network: fix static assertion on IPPROTO_MAX range

Builds with recent glibc would fail with:
../src/network/netdev/fou-tunnel.c: In function ‘config_parse_ip_protocol’:
../src/basic/macro.h:380:9: error: static assertion failed: "IPPROTO_MAX-1 <= UINT8_MAX"
  380 |         static_assert(expr, #expr)
      |         ^~~~~~~~~~~~~
../src/network/netdev/fou-tunnel.c:161:9: note: in expansion of macro ‘assert_cc’
  161 |         assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
      |         ^~~~~~~~~

This is because f9ac84f92f151e07586c55e14ed628d493a5929d (present in
glibc-2.31.9000-9.fc33.x86_64) added IPPROTO_MPTCP=262, following
v5.5-rc5-1002-gfaf391c382 in the kernel.

(cherry picked from commit 3d58d7328a6ecbc61d3494803d705edd8a108d72)
(cherry picked from commit c5e346905952fef0f163d91522dd43333f1f219d)
(cherry picked from commit cc8aeb9916ee5ea026bec4cec8543ecfd73ed458)

sd-boot: fix menu ordering with boot counting

systemd-boot selects the last valid entry by default, not the first.

Fixes: #15256
(cherry picked from commit e6190e2882e1d6772a9e586fcc65c91d406e52fb)
(cherry picked from commit c5883bc08877d8bad10110434037a3c21950a71a)
(cherry picked from commit f047b0706c01f99c1b781f44b7b4d95ecdb8abe2)

basic/user-util: always use base 10 for user/group numbers

We would parse numbers with base prefixes as user identifiers. For example,
"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
interpreted as UID==1000. This parsing was used also in cases where either a
user/group name or number may be specified. This means that names like
0x2b3bfa0 would be ambiguous: they are a valid user name according to our
documented relaxed rules, but they would also be parsed as numeric uids.

This behaviour is definitely not expected by users, since tools generally only
accept decimal numbers (e.g. id, getent passwd), while other tools only accept
user names and thus will interpret such strings as user names without even
attempting to convert them to numbers (su, ssh). So let's follow suit and only
accept numbers in decimal notation. Effectively this means that we will reject
such strings as a username/uid/groupname/gid where strict mode is used, and try
to look up a user/group with such a name in relaxed mode.

Since the function changed is fairly low-level and fairly widely used, this
affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
etc.

Fixes #15985.

(cherry picked from commit 156a5fd297b61bce31630d7a52c15614bf784843)
(cherry picked from commit 9498903de6c1f7b0c3e5f1654d0ee451a304c59d)
(cherry picked from commit 1d1f5006cbe239b29092602f59baa062f4ef95c6)

parse-util: backport safe_atou32_full()

We need this for a follow up security fix.

(cherry picked from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e)
(cherry picked from commit 64126925181809e7c0b8916471186c0bfa19d6ce)
(cherry picked from commit b07d782047fecfa29d9d94cc826ed70eb2a3ab13)

Fix build with µhttpd 0.9.71

The return type of callbacks was changed from int to an enum.

(cherry picked from commit d17eabb1052e7c8c432331a7a782845e36164f01)
(cherry picked from commit a91ed646aa698ff530770c836c174fb7b3a5e799)
(cherry picked from commit 7bc54463ced882ac31fd42b2e34a9e764330a31a)

makefs: strdup arguments to mkfs

Don't pass values from argv[] directly to child process forked using
safe_fork, because it clears argv[]. strdup them first.

(cherry picked from commit c315b79fb43a4d921a533ba0c2cb303324887993)
(cherry picked from commit ec9fd71358d617d5f178d42b82cf20f89973f687)

network-generator: allow empty hostname

Fixes #14319.

(cherry picked from commit 21a925a4ac7955e7d7e6cfd477e96d3a2aaee7db)
(cherry picked from commit efd5b1d443fee81a48939e3f86e7feb338f26211)

kernel-install: strip BOOT_IMAGE= from kernel options

https://bugzilla.redhat.com/show_bug.cgi?id=1716164.
(cherry picked from commit e60228bf68427c0c0f96f816ee9124fd39585038)
(cherry picked from commit 2095b6a279cfe6e9688c5c357d550289dfcd8e8d)

davfs is a network file system

(cherry picked from commit 137d4487511b3221d3c9165326bf55f297dcd5a6)
(cherry picked from commit 98a349465291801537b644ff1478ac2daeeeba21)
(cherry picked from commit cd7d8bb96291a33c510cb8f9e7c7494af3d1b0b5)

logind: log a more accurate error when we failed at session creation

We used to log the following error:

"Start job for unit user-1000.slice failed with 'canceled'"

which can be really misleading if the actual job failed at *stopping* a unit.

Indeed "Start" was hard coded but it was wrong since we can also fail with stop
jobs which are enqueued when a session is stopped.

(cherry picked from commit b39648ed47065202b343d1d4bde3232d81fdfecc)
(cherry picked from commit 8f0feac20f7d4c29a42839343308fcd602ec5b63)
(cherry picked from commit 6aae7f596afd62a72b18c92f464abc8bebbc8cba)

docs: Add syntax for templated units to systemd.preset man page

This documents the syntax

enable template@.service foo bar baz

that was introduced in #9901 to preset templated units.

(cherry picked from commit 1f667d8a7cff4355cd23ebebeb4d7179e3498eb8)
(cherry picked from commit d1d3f2aa1561a9a75ce58026ef0a6bd4c5b464ac)
(cherry picked from commit f4d5928122fe632b441145750a03d95fd8dd2cc6)

man: add a tiny bit of markup

(cherry picked from commit 0b1b0a01ab22c088046634c46c496022e7e60673)
(cherry picked from commit 3c69813c69af90e75acf9a80047ecf5b075c138d)
(cherry picked from commit 148f7b147aaba46491cec23ec44e4e998a84900f)

test: wait a bit after starting the test service

otherwise we might end up being faster than the unit itself, causing
unexpected fails, like:

```
testsuite.sh[297]: + systemctl start issue_14566_test
testsuite.sh[297]: + systemctl status issue_14566_test
testsuite.sh[304]: ● issue_14566_test.service - Issue 14566 Repro
testsuite.sh[304]:      Loaded: loaded (/etc/systemd/system/issue_14566_test.service; static; vendor preset: enabled)
testsuite.sh[304]:      Active: active (running) since Sat 2020-03-14 02:02:23 UTC; 417ms ago
testsuite.sh[304]:    Main PID: 301 ((repro.sh))
testsuite.sh[304]:       Tasks: 1 (limit: 535)
testsuite.sh[304]:      Memory: 180.0K
testsuite.sh[304]:         CPU: 122ms
testsuite.sh[304]:      CGroup: /system.slice/issue_14566_test.service
testsuite.sh[304]:              └─301 [(repro.sh)]
testsuite.sh[307]: ++ cat /leakedtestpid
testsuite.sh[307]: cat: /leakedtestpid: No such file or directory
testsuite.sh[297]: + leaked_pid=
```

(cherry picked from commit 197298ff9fc930de450330095cc5b67d165d0801)
(cherry picked from commit e110f4dacb6d56fc9d99456422c2cff7e54ae7f0)
(cherry picked from commit dbe16df9cd50dc6c3662fb90295edebb37c2fdad)

fix journalctl regression (#15099)

This regression was introduced in #14913.

The current_file variable can be NULL, as, for example, with the
following commands:

* journalctl --list-boots
* journalctl -b -1 --no-pager

Since current_file is only checked for pointer equality with f, removing
the assertion is safe here.

(cherry picked from commit 8d0726fcd7b72f2a6f75dd731cbf7c8d4df107ef)
(cherry picked from commit e8df08cfdb20e31066559c53420d7fd56b31ec01)
(cherry picked from commit a713f52ddb09e8ef606c12e559d787355c67aa7e)

core: transition to FINAL_SIGTERM state after ExecStopPost=

Fixes #14566

(cherry picked from commit c1566ef0d22ed786b9ecf4c476e53b8a91e67578)
(cherry picked from commit b7f2308bda4942d1b8e10250db6836fe4fc0d8b8)
(cherry picked from commit 49e7c3b617613306211cc8e28e68d4e5be8fbec4)

journalctl: show duplicate entries if they are from the same file (#14898)

When having a service which intentionally outputs multiple equal lines,
all these messages might be inserted with the same timestamp.

journalctl has a mechanism to avoid duplicate lines, which might be in
different journal files.

This patch allows duplicate lines, if they are from the same file.

(cherry picked from commit b6849042d610da90d5821a03967d648d424f7864)
(cherry picked from commit 2867dfbf70a5d761f662fe4b7c81a67e19df008b)
(cherry picked from commit d25598854dd7f517db160b5e377d379e34e72f28)

udev: fix SECLABEL{selinux} issue (#15064)

Add SECLABEL{selinux}="some value" cause udevadm crash
systemd-udevd[x]: Worker [x] terminated by signal 11 (SEGV)

It happens since 25de7aa7b90 (Yu Watanabe 2019-04-25 01:21:11 +0200)
when udev rules processing changed to token model. Yu forgot store
attr to SECLABEL token so fix it.

(cherry picked from commit 0335d110afc08baf47d76b7011ce02510dfdd524)
(cherry picked from commit d58988be7fab2bf3e037ccf175f3cace41f82b80)
(cherry picked from commit 037a0fa5d06db080b8b5d1ae96ce067ee207f335)

dissect-image: avoid scanning partitions

In case the dissected image has a filesystem, don't scan for partitions. This
avoids problems with services using a `RootImage=` in early boot when udevd is
not yet started.

(cherry picked from commit 0108c42f59dd5848f6b561f260dc6ff3e19d651b)
(cherry picked from commit 98f8a718c161d45b0001ee68f2ec7d111da79397)
(cherry picked from commit 9de06cd65af80173140989b0b8338fe7411bf488)

Support compiling with clang and gnu11 standard

Signed-off-by: Denis Pronin <dannftk@yandex.ru>
(cherry picked from commit 36e0d89a88c51ba879a2d7e2f90ea9b38333e2c0)
(cherry picked from commit 9251cac7b2969691fbf50d77e8c61052c1f7e4d5)
(cherry picked from commit 16cac70094259ba0602b4cb103f02f04d2d9b304)

Typo fix

(cherry picked from commit 1cee1c52833fb6e3829e510109404852a17e5bdd)
(cherry picked from commit ffccc15f725fe8d9d39a44978168cc483820d750)
(cherry picked from commit 1ea52d91c80b9012f4f76e660122e04ef3f86bc8)

boot: Ensure ARM UEFI binary does not contain FP/SIMD instructions

ARM toolchains will sometimes optimize otherwise floating-point-free
code with floating point and SIMD instructions. This was happening with
systemd-bootarm.efi and it was causing U-Boot to crash and reset the
CPU. U-Boot does not support the ARM VFP floating point coprocessor,
which is an optional piece of hardware anyway [1].

Ensure the compiler does not generate FP/SIMD instructions by supplying
the `-mgeneral-regs-only` option when building for ARM [2].

The other option you often see to solve these problems is
`-msoft-float`, but that changes the ABI and prevents linking with
libgnuefi.

[1] https://lists.denx.de/pipermail/u-boot/2011-February/087736.html
[2] https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html#index-mgeneral-regs-only-1

(cherry picked from commit 1ad6056239b70ce69ea70108cf4e49a05a9c2a1d)
(cherry picked from commit 73678d2307042a45ceb3d7fe2fd182f6f6ec3f2d)
(cherry picked from commit 869614a5515fd21c7c639cdbf5d96889f4316463)

Revert "Support Plugable UD-PRO8 dock"

This reverts commit 98c03090274a067806090e2974fd2091f8206457.

See https://github.com/systemd/systemd/issues/14822.

hibernate-resume-generator: wait "infinitely" for the resume device

This makes changes similar to the parent commit, but for hibernate-resume-generator.
If resume= is specified on the kernel command line, we'll set JobRunningTimeoutSec=0
for the device. This matches what we do for the root device.

In practice, other timeouts will take effect. For example dracut tries (and
fails :[ ) to start dracut-emergency.service after some time.

Fixes #7242, https://bugzilla.redhat.com/show_bug.cgi?id=1705522.

(cherry picked from commit ff757c9d294153a26a9dd2d9817d1985656f3002)
(cherry picked from commit bb598b56eb3cef6dc07b260dc205c67aa11b1196)

hwdb: update to v245-rc1

The change in 419a8a2dabb4184080d06f583f9539780ec10ec6 is not included.
Addition of XKB_FIXED_MODEL is also excluded.

Fix typo in function name

(cherry picked from commit bc130b6858327b382b07b3985cf48e2aa9016b2d)
(cherry picked from commit b4eb8848240c3540180e4768216a0b884a5ed783)

polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it

Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.

(cherry picked from commit 637486261528e8aa3da9f26a4487dc254f4b7abb)
(cherry picked from commit e2d4cb9843c50eff76e9104fec6b448c0d7c8814)

sd-bus: introduce API for re-enqueuing incoming messages

When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.

This might have other uses too, for example debugging.

(cherry picked from commit 1068447e6954dc6ce52f099ed174c442cb89ed54)

zjs: patch modified to not make the function public
(cherry picked from commit 83bfc0d8dd026814d23e3fdfa46806394f775526)

polkit: use structured initialization

(cherry picked from commit f4425c72c7395ec93ae00052916a66e2f60f200b)
(cherry picked from commit 5926f9f1723fd753a0c524ed96a13538c851395e)

polkit: on async pk requests, re-validate action/details

When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.

(cherry picked from commit 7f56982289275ce84e20f0554475864953e6aaab)
(cherry picked from commit 0697d0d972c8d91395eb539a8e87e4aec8b37b75)

polkit: reuse some common bus message appending code

(cherry picked from commit 95f82ae9d774f3508ce89dcbdd0714ef7385df59)
(cherry picked from commit 2589995acdb297a073270b54d8fff54b98fa57e9)

bus-polkit: rename return error parameter to ret_error

(cherry picked from commit 773b1a7916bfce3aa2a21ecf534d475032e8528e)
(cherry picked from commit 5b2442d5c3ec1c86a3a8d1c1abe3234a570ba5e6)

shared: split out polkit stuff from bus-util.c → bus-polkit.c

It's enough, complex stuff to warrant its own source file.

No other changes, just splitting out.

(cherry picked from commit 269e4d2d6b75329ae39a71ebe2c14500e03cda95)
(cherry picked from commit 0a19ff7004e4a567566a0a7be6b050cf34c0bfe5)

test: adapt to the new capsh format

Since libcap v2.29 the format of cap_to_text() has been changed which
makes certain `test-execute` subtest fail. Let's remove the offending
part of the output (dropped capabilities) to make it compatible with
both the old and the new libcap.

(cherry picked from commit 9569e385036c05c0bf9fbccdbf3d131161398e2e)
(cherry picked from commit 1325dfb5778dedd3ca5274d3383e7c27121fa60a)

meson: update efi path detection to gnu-efi-3.0.11

Fixes systemd build in Fedora rawhide.

The old ldsdir option is not useful, because both the directory and the
file name changed. Let's remove the option and try to autodetect the file
name. If this turns out to be not enough, a new option to simply specify
the full path to the file can be added.

F31:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib64/gnuefi/elf_x64_efi.lds
         EFI crt0:                          /usr/lib64/gnuefi/crt0-efi-x64.o
         EFI include directory:             /usr/include/efi
F32:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib/gnuefi/x64/efi.lds
         EFI crt0:                          /usr/lib/gnuefi/x64/crt0.o
         EFI include directory:             /usr/include/efi
(cherry picked from commit ce4121c6ff92c1c368874bd451b73fa9b1ddec4a)
(cherry picked from commit 3538fafb471478453ca80f6ebd8b4e980909f4cf)

presets: "disable" all passive targets by default

Officially we default to a "enable *", even though pretty much everybody
overrides this with "disable *". We have a bunch of targets and services which
should not be enabled by default. In case the default policy is not overriden,
our passive units would be enabled by presets, which is generally not useful at
all. So let's explicitly mark them as disabled.

Note that this effectively changes very little. E.g. on Fedora, all the units
listed in this patch were "disabled" already.

Fixes #14648.

(cherry picked from commit 61c3e2c8bfc28cea5b52d8643fac3d85f4c571d2)
(cherry picked from commit 3034855a5b62a0f9174c80ec500f9d1b9fc05238)

shared/sysctl-util: normalize repeated slashes or dots to a single value

We use those strings as hash keys. While writing "a...b" looks strange,
"a///b" does not look so strange. Both syntaxes would actually result in the
value being correctly written to the file, but they would confuse our
de-deplication over keys. So let's normalize. Output also becomes nicer.

Add test.

(cherry picked from commit f3b136a4847a0993e2dc1197779160dca4da6dac)
(cherry picked from commit c2e304681929fea79ce8e9c5a1e00cd2f293a72d)

dhcp6: do not use T1 and T2 longer than one provided by the lease

Fixes #12623.

(cherry picked from commit 9de8a4259eaebf4635142474e016b90ce5be5181)
(cherry picked from commit 6f4364046f90430aeede4789f016ae1644a292bf)

network: fix implicit type conversion warning by GCC-10

Fixes part of #14691.

(cherry picked from commit a44956c94a93fe34b5398ed9aefcf0fc705d4fa6)
(cherry picked from commit 0ed6cda28dffc19dd3f6e08d3f16e4135de253b5)

bootspec: parse random-seed-mode line in loader.conf

Fixes #14657.

(cherry picked from commit fe5a698f7646735335a97cc429ebe5d79f67fb70)
(cherry picked from commit f6a5c02d26b1687bdc34ed595c64b7c7c24b6525)

sd-boot: fix typo

Fixes #14657.

(cherry picked from commit a14c18ba7b4e85f34bd48c5a778ea5eafe5c8688)
(cherry picked from commit ddc5dca8a73b6c4317b8540b388116cd63b0697f)

test: Synchronize journal before reading from it

There's a race condition in the sysuser test where it may try to read
entries from the journal before they are available. Fix it by adding a
`journalctl --sync` call.

BugLink: https://bugs.launchpad.net/bugs/1776654
(cherry picked from commit 37b9966e2525790843ab302a5b8009853a7905a0)
(cherry picked from commit 2bbbe9ae41ab7037555ceb18f457ba84fa7241ba)

sd-bus: fix introspection bug in signal parameter names

(cherry picked from commit 58abbbcc6bcedc4eebd1f5c7733cd41518e1f2e3)
(cherry picked from commit 072485d661d73e8834dc667deea2c5aaa6527977)

efi: fix build.

```
ninja -C build
ninja: Entering directory `build'
[29/101] Generating systemd_boot.so with a custom command.
FAILED: src/boot/efi/systemd_boot.so
/usr/bin/ld -o src/boot/efi/systemd_boot.so -T /usr/lib64/gnuefi/elf_x64_efi.lds -shared -Bsymbolic -nostdlib -znocombreloc -L /usr/lib64 /usr/lib64/gnuefi/crt0-efi-x64.o src/boot/efi/disk.c.o src/boot/efi/graphics.c.o src/boot/efi/measure.c.o src/boot/efi/pe.c.o src/boot/efi/util.c.o src/boot/efi/boot.c.o src/boot/efi/console.c.o src/boot/efi/crc32.c.o src/boot/efi/random-seed.c.o src/boot/efi/sha256.c.o src/boot/efi/shim.c.o -lefi -lgnuefi /usr/lib/gcc/x86_64-redhat-linux/10/libgcc.a
/usr/bin/ld: src/boot/efi/graphics.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/pe.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/util.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/boot.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/console.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/random-seed.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
/usr/bin/ld: src/boot/efi/shim.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: multiple definition of `loader_guid'; src/boot/efi/disk.c.o:/home/sus/tt/systemd/build/../src/boot/efi/util.h:58: first defined here
[31/101] Generating stub.c.o with a custom command.
ninja: build stopped: subcommand failed.
make: *** [Makefile:2: all] Error 1

```

(cherry picked from commit 8bdda551dab5579a14db1d66f34356d45d5cda16)
(cherry picked from commit 80af3cf5e36b256a8eb9fdadc82c81fb3a11c189)

generator: order growfs for the root fs after systemd-remount-fs

Fixes: #14603
(cherry picked from commit 18e6e8635f06ac8d935ed5494ea65c6dac6af90f)
(cherry picked from commit d7ede1ade56426db83523523e473ed52133c39af)

loginctl: use /org/freedesktop/login1/session/auto when "lock-session" is called without argument

This way we'll use the "display" session automatically, and that makes
the call work when invoked from user@.service.

Fixes: #13614
(cherry picked from commit dc084399fad28cc98e7bcdb9074141c97e863bee)
(cherry picked from commit e9904998213dcb4d5f268f3e8b1390299a1100f0)

Documentation update for x-systemd.{before,after}

A minor clarification in the manual page is made.

Signed-off-by: Antonio Russo <antonio.e.russo@gmail.com>
(cherry picked from commit 81248e7f3e83a24cbbc8d2a09a01abf55e81bcda)
(cherry picked from commit 82dd4caf014c97eb9d7ab9da2841f7866e91bd98)

man: fix typo in systemd.netdev Xfrm example

The first section header in that example should probably be `[NetDev]` and not `[Xfrm]`.

(cherry picked from commit a15e1a5df0c943ec5414014e54719bd1259fd00a)
(cherry picked from commit a60459764d9d4a3a7a32332768d9dbfb9f311dfc)

timesyncd: log louder when we refuse a server due to root distance

This is something people should know about, since it's caused by
misconfiguration.

Fixes: #13912
(cherry picked from commit ce96c9cb1a8f81ff4bbc40f5a98d003d6ffacb57)
(cherry picked from commit fc053e2dfb3f094f71580a2647c029f1976445d3)

resolved: drop DNSSEC root key that is not valid anymore

I guess we can drop this now, the key is no longer valid until
2019-01-11, hence there's no point in still including it in our trust
anchor.

(cherry picked from commit f1f20764f9e52d6825867b2852206ed6cfcabbb9)
(cherry picked from commit af0e630693fa9268124d0f8d0e71bbe069994c1f)

journal: don't use startswith() on something that is not a NUL-terminated string

Otherwise we might access memory coming after it that is not valid or
allocated.

Fixes: #14114
(cherry picked from commit e0567bc8adfe027052b78b40efb57d543924f138)
(cherry picked from commit ae59f1666ca62b94355cc6d126e8fcf67f0715ca)

test: add test for https://github.com/systemd/systemd/issues/14560

(cherry picked from commit e56a8790a0bf9021d693daef037cd6af85badf0d)
(cherry picked from commit 536ef6d72bc6cd76f3aff02d3bbbd17810216cce)

core: make sure StandardInput=file: doesn't get dup'ed to stdout/stderr by default

Fixes: #14560
(cherry picked from commit 3b7f79dc9fc5557074ebe4a3b060e8dcf8cdcc0f)
(cherry picked from commit b78fe3c1b1a81435248deaffe7ee4b594b55b64b)

pkgconf: add full generator paths

(cherry picked from commit fc57f105d9e2b2e9e95bb739d23fa7711b5fa4b3)
(cherry picked from commit a1561a08f2d5af9ebc68916ce0cb430091a64bce)

tree-wide: we forgot to destroy some bus errors

(cherry picked from commit 7e284b054ec599012f0dad6a745f6b52eba87853)
(cherry picked from commit e5f2d11489ec4852f1ad45a1271f502d20602126)

mount: make checks on perpetual mount units more lax

We don#t really care where perpetual mounts are mounted from, since they
have to exist since before we run anyway.

(cherry picked from commit 0879fbd6fedc2f813aebcb1a4eba005a99525bde)
(cherry picked from commit ea67fd42067b0c4fa9ac7e74b646e3790eccfb82)

core: never allow perpetual units to be masked

Fixes: #14550
(cherry picked from commit 88414eed6f45f738ae765d9f72d67c6dc5a51950)
(cherry picked from commit 2f23c648bce479ed275b8f337e399880b5795711)

typo: "May modify to" -> "May modify"

(cherry picked from commit 287cf2d802263c909553689869b2146c67bb765f)
(cherry picked from commit 9ba11dffb09a7f4b63be8a5970fb51d600b53087)

sysctl: downgrade message when we have no permission

We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.

Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.

https://bugzilla.redhat.com/show_bug.cgi?id=1609806
(cherry picked from commit 32458cc9687c1b60ff0f22c0e71da93ce78b1534)
(cherry picked from commit 4c2d72b53091ed8d8e362dca052e5b9fa8325d96)

Clarify journald.conf MaxLevelStore documentation

'stored on disk' gives the impression that this option affects only
permanent storage, even though it affects everything the journal
records, regardless of the storage type.
Use 'stored in the journal' to avoid confusion.

(cherry picked from commit c97ae2b29036af29480ee506a072525917f5d41f)
(cherry picked from commit c001a285a3a2edfd344756e636f18f226fc291c4)

logind: refuse overriding idle hint on tty sessions

Previously we'd allow marking TTY sessions as idle, but when the user
tried to unmark it as idle again it we'd just revert to automatic TTY
atime idle detection, thus making it impossible to mark the session as
non-idle, unless its TTY is atime-touched all the time. But of course,
marking a session as idle is pretty much fatal if you never can mark it
as non-idle again.

This change is triggred by bug reports such as this:

https://github.com/systemd/systemd/issues/14053

With this patch we will now output a clean, clear error message if a
client tries to manipulate the idle state of a non-graphical session.
This means we now have clear rules: "manual" idle logic for graphical
sessions, and TTY based ones for all others that have a TTY of some
form.

I considered allowing the idle state to be overriden both ways for tty
sessions but that's problematic: for sessions that are temporarily
upgraded from tty to graphical and thus suddenly want to manage their
own idle state we'd need to a way to detect when the upgrade goes away
and thus we should revert to old behaviour. Without reverting to the
previous TTY idle auto-magic we'd otherwise be stuck in an eternally
idle or eternally non-idle state, with really bad effects in case
auto-suspend is used. Thus, let's instead generate a proper error
message, saying clearly we don't support it.

(Also includes some other fixes and clean-ups in related code)

Closes: #14053
(cherry picked from commit be2bb14f00441d9e4a26f94834518db3829e83ed)
(cherry picked from commit 45d52c7615fdc3aefb97a13a8d8f4aa90ad7205e)

cgroup: update only siblings that got realized once

Fixes: #14475
Replaces: #14554
(cherry picked from commit e1e98911a818ad3b46c6a1c26d759df590bef476)
(cherry picked from commit b1a0be45b4ee20a2ca4426ff6a9d9fce0664960c)

mount: mark an existing "mounting" unit from /proc/self/mountinfo as "just_mounted"

When starting a mount unit, systemd invokes mount command and moves the
unit's internal state to "mounting".  Then it watches for updates of
/proc/self/mountinfo.  When the expected mount entry newly appears in
mountinfo, the unit internal state is changed to "mounting-done".
Finally, when systemd finds the mount command has finished, it checks
whether the unit internal state is "mounting-done" and changes the state
to "mounted".
If the state was not "mounting-done" in the last step though mount command
was successfully finished, the unit is marked as "failed" with following
log messages:
  Mount process finished, but there is no mount.
  Failed with result 'protocol'.

If daemon-reload is done in parallel with starting mount unit, it is
possible that things happen in following order and result in above failure.
  1. the mount unit state changes to "mounting"
  2. daemon-reload saves the unit state
  3. kernel completes the mount and /proc/self/mountinfo is updated
  4. daemon-reload restores the saved unit state, that is "mounting"
  5. systemd notices the mount command has finished but the unit state
     is still "mounting" though it should be "mounting-done"

mount_setup_existing_unit() should take into account that MOUNT_MOUNTING
is transitional state and set MOUNT_PROC_JUST_MOUNTED flag if the unit
comes from /proc/self/mountinfo so that mount_process_proc_self_mountinfo()
later can make state transition from "mounting" to "mounting-done".

Fixes: #10872
(cherry picked from commit 1d086a6e59729635396204fc05234f1d3caa0847)
(cherry picked from commit e6d694254fe115cc04852732172959998e051b87)

journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)

(cherry picked from commit 23b392166388003530fef02ac5758c91315a707b)
(cherry picked from commit d8fd38769c36ef9b2e5e122c345bca05ef2be88f)

journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse

(cherry picked from commit 3ac9cac7f7a34c3713b49841ee75ef9c9357e7e4)
(cherry picked from commit cd19bd31d8081f4a97201a20cdaee1fb1d3fafdd)