git-history.diyao.me Git - systemd/.git/log

shared/rm-rf: loop over nested directories instead of instead of recursing

To remove directory structures, we need to remove the innermost items first,
and then recursively remove higher-level directories. We would recursively
descend into directories and invoke rm_rf_children and rm_rm_children_inner.
This is problematic when too many directories are nested.

Instead, let's create a "TODO" queue. In the the queue, for each level we
hold the DIR* object we were working on, and the name of the directory. This
allows us to leave a partially-processed directory, and restart the removal
loop one level down. When done with the inner directory, we use the name to
unlinkat() it from the parent, and proceed with the removal of other items.

Because the nesting is increased by one level, it is best to view this patch
with -b/--ignore-space-change.

This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639.
The issue was reported and patches reviewed by Qualys Team.
Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.

(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1)
(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105)
(cherry picked from commit 6a28f8b55904c818b25e4db2e1511faac79fd471)

shared/rm_rf: refactor rm_rf() to shorten code a bit

(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69)
(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3)
(cherry picked from commit 811b137d6137cc3e8932599e6ef9254ba43ff5eb)

shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit

(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11)
(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a)
(cherry picked from commit 89395b63f04f1acc0db533c32637ea20379f97c0)

tmpfiles: 'st' may have been used uninitialized

(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca)
(cherry picked from commit 7563de501246dccf5a9ea229933481aa1e7bd5c9)

rm-rf: optionally fsync() after removing directory tree

(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2)
(cherry picked from commit 2426beacca09d84091759be45b25c88116302184)

rm-rf: refactor rm_rf_children(), split out body of directory iteration loop

This splits out rm_rf_children_inner() as body of the loop. We can use
that to implement rm_rf_child() for deleting one specific entry in a
directory.

(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74)
(cherry picked from commit ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab)

boot-timestamps: Discard firmware init time when running in a VM

Fixes: #22060
(cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e)
(cherry picked from commit 3c5c13f82c760c7067bb189484e1f672ff6713f6)
(cherry picked from commit 9ee300a0b6429b7af73f40edfb2330cbbd7828f3)

man: add missing example title in systemd.network(5)

Also rename the file to match the example being extended.

(cherry picked from commit 55ac274ef4c1661f3053ae3a709202c918365f3b)
(cherry picked from commit d1612a7163b2c2fa2499738040da39ab24ef1b63)
(cherry picked from commit 6703b3806afe3d61d8cd4f90bd2901ad584952dc)

seccomp: move arch_prctl to @default

It was reported as used by the linker:

> [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start.
> My local call stack (with LTO):
>
> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2)
> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2)
> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2)
> #3 _start (/usr/lib64/ld-linux-x86-64.so.2)
>
> Looking through the source, I think it's this (links for glibc 2.34):
> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features.
> - Then init_cpu_features calls get_cet_status.
> - At last, get_cet_status invokes arch_prctl.

Fixes #22033.

(cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453)
(cherry picked from commit d08f6ff204c8525f7533875128468afb8be60ae0)
(cherry picked from commit cf6d1dcc93ad7caedaa139d3c0377f7524fe1013)

homed: stop before stopping dbus

Otherwise, systemd-homed-active.service will fail to deactivate all
homes because homectl can no longer talk to homed if dbus stops first.
As a result, /home cannot be umounted.

Doing this on systemd-homed-active.service instead works as well, but
systemd-homed will exit 1 if dbus is already shut down.

(cherry picked from commit e00a25a7b41bd45ab73b47cbd94b3af909b8f8a1)
(cherry picked from commit 11f3040d0a1eee663acedda1bdb9aa450c22f2a4)
(cherry picked from commit e2012e0dd62b7bbfc0c07fc6bcbf63cc8910943a)

test-watchdog: mark as unsafe

If something goes wrong with this test it may result in an unsafe
system restart. Let's avoid running it automatically.

See https://github.com/systemd/systemd/issues/22001.

(cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340)
(cherry picked from commit 4c0ed19c520a8944f68f613edc3acbd0471dcc81)
(cherry picked from commit 7f7ad0e691eb2a05e7f319be8d098af760258dcd)

logind: do not propagate error in delayed action

If the action failed, we should log about the issue, and continue.
Exiting would bring the graphical session down, which of course is not
appreciated by users.

As documented in previous commits, a non-negative return from the callback
doesn't matter, so the callback is simplified a bit.

Fixes #21991.

(cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84)
(cherry picked from commit fb9bbbee6a3c09b75817f9f343176fa2170fdb31)
(cherry picked from commit e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36)

backlight: ignore error if the backlight device is already removed

Fixes #21997.

(cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7)
(cherry picked from commit b4c57e1b1c249f28f13a86637d8854c920bcf26d)
(cherry picked from commit a69c240157e2ca066130c12bb061e0065f2c2425)

basic/log: allow errno values higher than 255

When the support for "synthetic errno" was added, we started truncating
the errno value to just the least significant byte. This is generally OK,
because errno values are defined up to ~130.

The docs don't really say what the maximum value is. But at least in principle
higher values could be added in the future. So let's stop truncating
the values needlessly.

The kernel (or libbpf?) have an error where they return 524 as an errno
value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would
confusingly truncate this to 12 (ENOMEM). It seems much nicer to let
strerror() give us "Unknown error 524" rather than to print the bogus
message about ENOMEM.

(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93)
(cherry picked from commit cd686fe4c719bfb894bd24d673c51f19cea64643)
(cherry picked from commit fb824c90e5a83218e4252a2c21c7f365d0167458)

missing-syscall: add __NR_openat2

(cherry picked from commit d96ad9e8cb9fc8a9adfeebf69a645b809705daa0)
(cherry picked from commit cd88d010e862d26ce816eb3bd6735a80999ac41e)
(cherry picked from commit 31f64a65423414bf1d11fc9035450e9b6256858c)

missing_syscall: add riscv32 support

(cherry picked from commit fc75007b3258d2d5a6d25f03116493f17c3b8db8)

missing: add syscall wrappers for new mount API

(cherry picked from commit 84e8edec308dd157a013c811c3fa351fc0340f63)

basic/missing-syscall: sort syscalls alphabetically and add numbers for mount_setattr, move_mount, open_tree

(cherry picked from commit 9899580a586522330bdb657bf228402638b6dbc2)

basic/missing-syscall: add numbers for riscv (64-bit)

(cherry picked from commit 302beee342e388b771085bb4d19f271af9cbb235)

basic/missing-syscalls: only emit one warning about missing numbers

The ifdef pattern is the same for all syscalls, so most of the time, if one is
not defined, all others will too. So let's reduce the noise a bit and emit one
warning in case the support for the architecture is fully missing. (Current
template was copied over from before when we added numbers for each syscall by
hand and stopped making sense when we started generating the header from a
table that is expected to have all syscall numbers.)

(cherry picked from commit 94dfd85b0cc8d2271b9d1aedeb75d43123a94e85)

syscalls: update syscall definitions

(cherry picked from commit 0c718b1a67cd0d3512eafeb4659458694bf3865b)
(cherry picked from commit 7e338876577cb328632ce3e7753c0130b54dd7a2)
(cherry picked from commit f551941e5d7a39312903625d473e1d527358f0e1)

nss-myhostname: do not apply non-zero offset to null pointer

Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-1003216503.

(cherry picked from commit 92e9df9ca031b9b04487a46afd986ab3122183fd)
(cherry picked from commit a473bfb4332ad6b0a0894135c4de0f8cc324d378)
(cherry picked from commit 05189e8c961c6b4ac8ef79c8911cb56965a5034f)

nss-systemd: fix alignment of gr_mem

Follow-up for 1e65eb8f9b7d567462030b2e625998d77677e636.

Fixes #21935.

(cherry picked from commit 420a35c1fadfb4d67be6316436233d98b5688de5)
(cherry picked from commit 9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35)
(cherry picked from commit 649e83bb995eb067cce3e70f50e5d3ab54c9d47d)

nss-systemd: fix required buffer size calculation

This also fixes the pointer assigned to the gr_mem element of struct group.

Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534.

Fixes #21935.

(cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636)
(cherry picked from commit 17227e81ab8a9bdfac679d450ed35434435a6ff8)
(cherry picked from commit 5f78618a44a21197e727cd1c62da5aa8bf7e0610)

sysusers: use filename if /proc is not mounted

During system install, /proc may not be mounted yet.

Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217).

(cherry picked from commit b78d7f246899687a1697cdcebe93d8512c5e7c4b)
(cherry picked from commit 747b4f1ff8aac3a1b800b0a7ac0edef4af34da70)
(cherry picked from commit f78a48840205339157b186b7c8e576a3c690f6d9)

network: complete example for xfrm setup

(cherry picked from commit 0d03e672a97c6ee85f563648e1ff40c88ce81d85)
(cherry picked from commit 19bb2b8443598e80a4da391e70211d6576b2a144)
(cherry picked from commit 05301d05396d7288451237dee59f174f6430e34d)

systemd-run: ensure error logs suggest to use '--user' when appropriate

Before:

$ systemd-run --service-type=notify --user false
Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code.
See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details.

After:

$ systemd-run --service-type=notify --user false
Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code.
See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details.

Fixes https://github.com/systemd/systemd/issues/21933

(cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f)
(cherry picked from commit b59615dc76cf82bd1fca301220ee0b7961cbcacd)
(cherry picked from commit 8ece102d314cfe92aaa7a7afc853b6921da941c4)

dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one()

And pass it through to bus_wait_for_jobs()

(cherry picked from commit 86980de64bf8c03505eec729808f52f3b3042998)
(cherry picked from commit 0c4fe2e3dcde8225006a36cff643c112bd6c6523)
(cherry picked from commit 84188acc6fe4a2f04c91c2c4d7b20a3166caa63b)

random-util: use ssize_t for getrandom return value

This matches the prototype provided by glibc.

(cherry picked from commit 289b41aae7356b7a6c72ff4a3476193a084ff33f)
(cherry picked from commit 4d889024ef5ba1edc5d967a010a2551e0826e5d7)
(cherry picked from commit a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a)

sd-journal: fix segfault when match_new() fails

Fixes #21867.

(cherry picked from commit 39dfc0de05238410e2cd4d7c0176a3f3994cc563)
(cherry picked from commit 4bf497c3814e2f612cb055b838a656e6e14c0ed0)

sd-journal: free incomplete match on failure

(cherry picked from commit 418cce628cf28d4feaeda60241cf9781f8afbf1c)
(cherry picked from commit cd9b726453398bef20c66f30a454eb503f7bcb72)

machined: set TTYPath for container shell

TTYPath is needed for proper utmp registration of the shell to
receive wall messages.

(cherry picked from commit a9c97bbbfb271d68b2ca4f3aa346fdf5e9c70c27)
(cherry picked from commit 6076f379d6911abd69c9565cbbecc60d34be8ce8)

repart: use real disk start/end for bar production

Partitions are not always within our aligned scope. Bar printing
involves foreign partitions as well.

Fixes #21817.

(cherry picked from commit d8daed09f37bc9f8ecb9268a4e371f65aec8b24a)
(cherry picked from commit 0c3c3db042a24d11da7accf777029fbaf8db5a29)

journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74

(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67)
(cherry picked from commit c4d12459c6bc065bd255c9f5555ca20bf735e16a)

man: describe flags for record resolving

(cherry picked from commit c6f20515ab600098b5c2871bae2e9ecab3b41555)
(cherry picked from commit 38ece93488a76f6b258237e3346e32dd52bd471b)

man: describe $SYSTEMD_NSS_RESOLVE_VALIDATE

This variable has a pretty important effect, but we didn't mention it
anywhere in the docs. It was added in aee9d18c8d909eb7aca2838e4bce5da018b6a112.

(cherry picked from commit 1c4539afc08f2ce4af70d32e2dcd6a3fd414c0ef)
(cherry picked from commit 974b6848a76aafaca6654845b1f77e225cb3fccf)

basic: add a size check to format timex members properly

As of glibc-2.34, the size of members in struct timex varies depending on
the _TIME_BITS macro.

Fixes: https://github.com/systemd/systemd/issues/21826
(cherry picked from commit 9a723ed6e80e3078969567f7cb551535d2fb00bd)
(cherry picked from commit bbc11135c296dbd7fbb6f4d40a0cdfd8ccf69c22)

logind: add a comment with a reminder why we don't use ProtrectProc=

Follow-up for https://github.com/systemd/systemd/pull/21785

(cherry picked from commit ba679b8d567e2e5b347865800da421a1bb87df75)
(cherry picked from commit d370601b430e24afb460393c29b12af38a04ac35)

logind: allow to read /proc

User name and tty are used for wall messages. For that to work logind
must be able to poke around in proc entries of other processes.

(cherry picked from commit 60c5878dd4c57ae1b24dfa355128477df712c661)
(cherry picked from commit 4447128cb1a659fc29a37e63515d16b44f8f339f)

units: enable systemd-network-generator by default

It is used by udevd and networkd. Since udevd is enabled statically, let's also
change the preset to "on". networkd is opt-in, so let's pull in the generator
when enabling networkd too.

(cherry picked from commit e053f49272e46c2ba941cbd3fd8bf07b089b2917)
(cherry picked from commit 4bb783da4db8bba203df1bbd6f4eaf123c83e5fc)

meson: build network-generator unconditionally

The service also generates .link files for udevd.

(cherry picked from commit 987dd89c775815831ae21736fe60aef59cb7a6fa)
(cherry picked from commit 02826ab56115ee6bd3a1ad1162c1a3b99dd6538b)

unit: run network-generator before starting udevd

Otherwise, .link files generated by the service may not be loaded by
udevd.

(cherry picked from commit 85e865082767c84ea689a74006947693f06b69af)
(cherry picked from commit bb79f4a76135adb30c4bf8420323e6f2e0ec06f9)

fstab-generator: do not remount /sys when running in a container

Closes #21744.

(cherry picked from commit 18f0eaafd7f180f5d0d2d65349835374146efdb3)
(cherry picked from commit cee7e40200b5eba60a5fed04fe006e8b48944fb2)

journactl: show info about journal range only at debug level (#21775)

The message that the "journal begins … ends …" has been always confusing to
users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even
more confusing, but really the change in b91ae210e62 didn't substantially change
this.)

When the range shown is limited (by -e, -f, --since, or other options), it
doesn't really matter to the user what the oldest entries are, since they are
purposefully limiting the range. In fact, if we are showing the last few
entries with -e or -f, knowing that many months the oldest entries have is
completely useless.

And when such options are *not* used, the first entry generally corresponds to
the beginning of the range shown, and the last entry corresponds to the end of
that range. So again, it's not particularly useful, except when debugging
journalctl or such. Let's just treat it as a debug message.

Fixes #21491.

(cherry picked from commit a2d7654f99eba250eddf988db262abef96ebbe7a)
(cherry picked from commit cc9ef67919c33b253bed86db415f5970e96440d9)

home: fix heap-use-after-free

`bus_home_emit_remove()` may be called from manager_free() -> home_free().
In that case, manager->bus is already unref()ed.

Fixes #21767.

(cherry picked from commit 2ff457720bd3bc59985e807b748f6305bdf27826)
(cherry picked from commit 5ed20345db356121bc72e0092c17b74e2de67ff7)

man: how to unset CPUQuota=

This description will help users who are trying to reset the already configured
CPUQuota= by trying incorrect ways such as CPUQuota=0 or CPUQUota=infinity.

(cherry picked from commit 17cfd6f96f43ec012b80b417878d87df85b07977)
(cherry picked from commit ab3095ef3d4ce8fe67cddae6b9698bbcb638a4d1)

Bump the max number of inodes for /tmp to a million too

Fixes #21626. (The bug report talks about /run, but the issue is actually with
/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking
packages, and 400k is not much. Let's raise is a bit.

(cherry picked from commit cac372a80177fb622806270eb0d810e4c6ad0c84)
(cherry picked from commit d76192946132ddd4b23d8ea823b8209cef850498)

resolve: remove server 'large' level

This removes the DNS_SERVER_FEATURE_LEVEL_LARGE, and sets the EDNS0
advertised max packet size as if always in 'large' mode.

Without this, we always send out EDNS0 opts that limit response sizes
to 512 bytes, thus the remote server will never send anything larger
and will always truncate responses larger than 512 bytes, forcing us
to drop from EDNS0 down to TCP, even though one of the primary benefits
of EDNS0 is larger packet sizes.

Fixes: #20993
(cherry picked from commit 526fce97afe130f71dba3bd4646196bbb1188b82)
(cherry picked from commit 0bc9811acfd2535bf8a7a16a3903a2c22df206c9)

resolved: indent tables for readability

Some of the tables in resolved were already doing using this convention. This
makes the rest of them do so too.

(cherry picked from commit e3e64a1abd2c333bb658470c0681a7a32f5702b7)

core/cgroup: use helper macro for bfq conversion

As suggested in https://github.com/systemd/systemd/pull/20522#discussion_r696699984.

(cherry picked from commit 311822ac28c99e2fb0e25286bdb72c9188314a66)
(cherry picked from commit d98169555c07668d999ac8ad62718da0ae9eec0f)

core/cgroup: set bfq.weight first, and fixes blkio.weight value

Fixes issues introduced by 29eb0eefd14afc9a2424781a28b376db47c3c570.

This also fixes the value sets to blkio.weight, that is, "default" is dropped.

Moreover, This also changes the logic for mapping weight -> bfq.weight,
to always matches the min, max, and default values.

Fixes #20519 and #21187.

(cherry picked from commit 17283ce7b6035775f125585d1b228226942daf4b)
(cherry picked from commit 55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f)

core: use correct level for CPU time log message

raise_level() takes the info condition as second argument and the notice
one as third. For the consumed CPU time these conditions are swapped.

Fixes: 37109b856aeb ("pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message")
(cherry picked from commit ef6bb4dd3e3bb9c210c310026b4d827a46acc762)
(cherry picked from commit 034a23c640c74856df76b3af5fdc4af5cb48256b)

fix DirectoryNotEmpty when it comes to a Non-directory file

(cherry picked from commit 5896a9ebdbe4d38c01390d0a5e82f9fcb4971059)
(cherry picked from commit 0fdcae09c44486e30e4fe0469606c02d034577be)

man: fix description of sd_uid_get_sessions

(cherry picked from commit 2f121b6fa1f6aa4c9bd699fce52f0b087abefd01)
(cherry picked from commit a8c9925516d51f06068f3f32c7e908ff467271e0)

journal: don't remove the flushed flag when journald is stopped

Due to the fact that systemd-journal-flush.service has
"Requires=systemd-journald.service", this service is stopped too when journald
is requested to do so.

However stopping systemd-journal-flush.service implies that journald
relinquishes /var hence implicitly switching back to the volatile storage
mode and removing /run/systemd/journal/flushed.

If journald is started afterwards, it will run in volatile storage mode
regardless of the value of 'Storage=' as it believes now that /var is not yet
ready (because the flushed flag is missing).

Because this flag is mainly an indication for journald that the initialization
of /var/log/journal (during the boot process) has been done,
systemd-journal-flush.service shouldn't be tied to the state of journald itself
but to the state of /var/log/journal, hence to the state of the system.

(cherry picked from commit d5ee050ffc9d413253932d9340ade8c8fb111092)
(cherry picked from commit 8800d99d4fe4781b6ed265580b795b4a78a36fe8)

sd_bus_get_timeout: fix timeout value doc

The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.

(cherry picked from commit 25060a570c106cf5a14a3268bb0d38d9feb7fdab)
(cherry picked from commit 4d4b70277539f21c0dcbbac37bc75abe4c01d00f)

Bump the max number of inodes for /dev to 128k

Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2.

Apparently the previous limit set on the max number of inodes for /dev was too
small as a system with 4096 LUNs attached can consume up to 95k inodes for
symlinks:

  # /bin/df -i
  Filesystem                 Inodes  IUsed    IFree IUse% Mounted on
  devtmpfs                 49274377  95075 49179302    1% /dev

Hence this patch bumps the limit from 64k to 128k although the new limit is
still pretty arbitrary (that said, not sure if it really makes sense to put
such absolute limit number).

(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f)
(cherry picked from commit b1bb976219e4c63d4b8099a2820fedbedf0aa8a5)

cryptenroll: fix wrong error messages

PKCS#11 -> FIDO2 in cryptenroll-fido2.c

(cherry picked from commit 4b9aa29bc9ded35147f9fa77f77e13c3c6fa7fcf)
(cherry picked from commit a9149ef71dbfafd964b4e509690418be602c6eb6)

cgroup: don't emit BPF firewall warning when manager is in test mode

Support for BPF might not have been checked, since it's not necessary
in test mode (eg: running offline analysis of units). This causes an
assert:

Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting.

Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger
this assert while doing an offline analysis of a unit that has some
firewall/network restrictions set.

Skip the warning if the manager is in test mode.

(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2)
(cherry picked from commit f4472e406eaa1087534066d09a4b7f2fd1de2a06)

core/bpf-firewall: make bpf_firewall_supported() always set unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned

Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will
trigger an assertion.

(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211)
(cherry picked from commit 27028ef0f0bc128d14f41e233ad256687fd7e379)

Fixed typo

`ip set dev eth0` should be `ip link set dev eth0`

(cherry picked from commit 2ed6297f71a04839f23e460095da126112f5626d)
(cherry picked from commit 909b5af4bd37b34ef5aada86823bdac861c7db10)

sd-dhcp6-client: fix error handling

(cherry picked from commit 97e80ee4a86d4097fda78a01d8b64ad2085008f3)
(cherry picked from commit c766dc2f77ed15e41de70e5e5f03dc4650fa55de)

fix ConditionPathIsReadWrite when path does not exist.

(cherry picked from commit 7c4c9948d02ceda903ed4e4deea0d0084612625a)
(cherry picked from commit 80b7a4276abb832b6af1d1d060affb0988ab7fa0)

fix ConditionDirectoryNotEmpty when it comes to a Non-directory file

(cherry picked from commit 193105f2d0408e2d96265935174b3cf0f100ef2e)
(cherry picked from commit 10fc8b7775a8cfd9519a1c6628d813b1aa315a33)

test-journal-flush: do not croak on corrupted input files

We would fail if the input file was corrupted:
build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~
journal_file_copy_entry failed: Bad message
Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting.
[1] 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~

Let's skip some "reasonable" errors.

Fixes #17963.

(cherry picked from commit b4046d55570ff0e23d16f7e2912e7ef0a55b25d8)
(cherry picked from commit 0d98afa9548873669531fb3f8aa0f1ab56455411)

test-journal-flush: allow testing against specific files

>=0 → ==0 because sd_journal_open* are documented to return 0.

(cherry picked from commit 0fa167cd58b5a4ffe16a332131df70bf77edddbe)
(cherry picked from commit bb29932a4172810357597175a62cb4c8cbd1087c)

journal: Deduplicate entry items before they are stored in the entry object

If the iovec contains the same data more than once, we'll end up with
duplicate offsets in the items array. Let's make sure we remove any
duplicates before we store the items in an entry object.

(cherry picked from commit 5ec9fbae64bef896368f744a875dd0437a4c42f2)
(cherry picked from commit 71976e91c5a887585b9fb8a162116824b141eecf)

mmap-cache: LIST_REMOVE() *after* w->unused_prev

The LIST_REMOVE() macro always assigns NULL to w->unused_prev,
meaning every time this window was in last_unused, the remainder
of the unused list was lost to the ether.

Turns out there's been a memory leak in journald after all, this
code has been there since at least 2013...

(cherry picked from commit b82aca89a5b366c4377b3b140e54313e817e8f57)
(cherry picked from commit 42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03)

journal: Remove entry seqnum revert logic

This actually causes mismatches between the header tail entry seqnum
and the last entry seqnum since when we revert the header seqnum, we
don't remove the entry object we added. If adding the entry object
itself fails, we don't need to revert the seqnum since it's never
incremented so let's remove this logic alltogether.

(cherry picked from commit b41b682bd6f1290caa4220291b22cae317cb6413)
(cherry picked from commit 06a0e8283ed87773795f28e58318d5d1b46b1088)

man: "-j", not "-J" is the shortcut for JSON mode in homectl

The code and --help text got this right, hence fix the man page

(cherry picked from commit 2a703778e9e7028ef110768f0d1e995007adf9cc)
(cherry picked from commit 41b526a1f80f66e5b15b34eea321a545ce69b8a7)

test: make test-execute pass on Linux 5.15

Linux 5.15 broke kernel API:

https://github.com/torvalds/linux/commit/e70344c05995a190a56bbd1a23dc2218bcc8c924

Previously setting IOPRIO_CLASS_NONE for a process would then report
IOPRIO_CLASS_NONE back. But since 5.15 it reports IOPRIO_CLASS_BE
instead. Since IOPRIO_CLASS_NONE is an alias for a special setting of
IOPRIO_CLASS_BE this makes some sense, but it's also a kernel API
breakage that our testsuite trips up on.

(I made some minimal effort to inform the kernel people about this API
breakage during the 5.15 rc phase, but noone was interested.)

Either way let's hadle this gracefully in our test suite and accept
"best-effort" too when "none" was set.

(This is only triggable if the tests are run on 5.15 with full privs)

(cherry picked from commit d9b8771108cf2955efc3852b477391017d2c599a)
(cherry picked from commit 8be872769b475b9a664ca8b26fb1bb0e246eeb65)

homework: fix a bad error propagation

(cherry picked from commit b05f4495bd374dc28d39ea43ac7cec3f0fea4071)
(cherry picked from commit e05915315fdf21ee51ec1501e02d04ba1e9af045)

shell-completion: add journalctl --facility

Fixes #21484.

(cherry picked from commit 989db9b399fb69bd6b991180a1f2d801124fdbd7)
(cherry picked from commit e05c51c96682379bef8e3d54318675cfaf3a9f43)

sd-bus: Fix standard method argument names

The argument names of methods under org.freedesktop.DBus.Properties and
org.freedesktop.DBus.Introspectable interfaces are specifies in D-Bus
specification[1]. They are:

  org.freedesktop.DBus.Introspectable.Introspect (out STRING xml_data)
  org.freedesktop.DBus.Properties.Get (in STRING interface_name,
                                       in STRING property_name,
                                       out VARIANT value);
  org.freedesktop.DBus.Properties.Set (in STRING interface_name,
                                       in STRING property_name,
                                       in VARIANT value);
  org.freedesktop.DBus.Properties.GetAll (in STRING interface_name,
                                          out DICT<STRING,VARIANT> props);

sd-bus is using different argument names in the introspection document.
Usually this is not a problem but in case something tries to map the
argument names based on the introspection document to the position of
the arguments in the method call, then using names different than the
ones specified in the D-Bus specification is confusing.

So fix the names to match the D-Bus specification.

[1] https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-introspectable

(cherry picked from commit 98503c6d0cae795be89efd74ccab821729c2143a)
(cherry picked from commit 989c3fc3a008ca9733284ac37f51edfb0ababf00)

virt: Fix the detection for Hyper-V VMs

Use product_version instead of product_name in DMI table and the string
"Hyper-V" to avoid misdetection.

Fixes: #21468

Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4)
(cherry picked from commit ba22ee4985c6ca690b84fdca36cf012b200a3c4e)

virt: Support detection for ARM64 Hyper-V guests

The detection of Microsoft Hyper-V VMs is done by cpuid currently,
however there is no cpuid on ARM64. And since ARM64 is now a supported
architecture for Microsoft Hyper-V guests[1], then use DMI tables to
detect a Hyper-V guest, which is more generic and works for ARM64.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467

(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87)
(cherry picked from commit 258968ba75bc27d4ea61967b9a27c1f139e89799)

resolved: clean up manager_write_resolv_conf() a bit

Let's downgrade log messages which are not fatal for the service to
LOG_WARNING.

And let's simplify clean-up by using _cleanup_(unlink_and_freep).

(cherry picked from commit e2ef1e9aea24d89d1e92fa4675ddc330029b48bf)
(cherry picked from commit e4f6e956abdca1b7f538845dae79e5afb708e2df)

resolved: make sure we don't hit an assert when dealing with incomplete DNSSD service definitions

Fixes: #21142
(cherry picked from commit 8cf9898a964693b8a3c40b502af0377ede746f4d)
(cherry picked from commit 018c8e8f67b699c5e5aadb73a3ddf3b8009a741a)

resolved: properly signal transient errors back to NSS stack

NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN,
and they can all be used in nsswitch.conf to route requests.

So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also
return TRYAGAIN in some cases, specifically the ones where we are
currntly unable to resolve a request but likely could later. i.e.
errors caused by networking issues or such.

Fixes: #20786
(cherry picked from commit ae78529fc75027b3487b64e0d22a572fd9c8ffeb)
(cherry picked from commit 7ab91cb307eb0a518f4a956674a108221538fc88)

resolved: fix ResolveService() hostname handling

Let's eat up special returns of dns_query_process_cname_many() when
storing hostname resolution results.

The rest of the code assumes only == 0 means success and != 0 means
error, but so far > 0 also could mean success, let's fix that.

Fixes: #21365 #21140

(This was originally broken in 1db8e6d1db0880de240e5598e28d24d708479434)

(cherry picked from commit 5a78106ad92d3f122f7ac653eecf767f0a8948cf)
(cherry picked from commit 70f465cb5d10b7bcd7bd7c326756d542e59c0e0b)

man: fix type in sd_bus_error_add_map() prototype

Fixes: #21467
(cherry picked from commit 988637841ee927bdb41d3872fc775ab3a782ab78)
(cherry picked from commit f95f68306398c741e759fe0c186b838b5d79219a)

FIDO2 device removal instructions (#21426)

* man: document FIDO2 device removal

Indicate to users how to remove FIDO2 device in the --fido2-device=path section by setting path to an empty string (""). Tested on systemd 249 (249.6-3-arch)

(cherry picked from commit 6d5ea0f127e60ca6c7ecc83eff4618111b7c831b)
(cherry picked from commit 45c0233e37a037396936124564a81dea542f6e43)

analyze: fix printing config when there is no main config file

Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the
main config file may be located in /usr or in other paths. But the code in
analyze.c was still assuming that it must be in /etc. Things mostly worked for
our own config files because we usually install a comments-only file in /etc,
but was not correct in the general case.

This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'.
In Fedora we distribute a config file in zram-generator-defaults.rpm that is in
/usr/lib, and 'cat-config' would refuse to show it because
/etc/systemd/zram-generator.conf does not exist.

The main config file is optional, but let's print an informative message
because this is a slightly unusual case.

The file paths that we printed were missing the root prefix.

(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323)
(cherry picked from commit 8621f957b6e3a7eed1c5965d332ad1c4c594f26e)

journal: Skip corrupt Data objects in sd_journal_get_data()

Similar to the change we made for sd_journal_enumerate_data(), let's
skip corrupt entry items and data objects in sd_journal_get_data().

(cherry picked from commit 8a799bed4c25be5792acf4d375bd2cdf0a4a3165)
(cherry picked from commit 2124893b258ffc23ae034bce388b61fb148c805f)

journal: Use separate variable for Data object in sd_journal_get_data()

A little cleanup to make the next change easier. We're not moving to a
new Entry object in the for loop so there's no danger of changing the
Entry object window.

(cherry picked from commit 847c7ee8c3c1a6cecd02501562b1afd8dd3c51de)
(cherry picked from commit a1ca5320ec74f5112d32338e3061a34f17c4b954)

journal: Skip over corrupt entry items in enumerate_data()

Similar to sd_journal_next(), if trying to access an entry item
offset's data results in EBADMSG, skip to the next entry item so
we handle corruption better.

Fixes #21407

(cherry picked from commit 5a94a2bf2b9c9ae362dd4a7c2e6b263c55545036)
(cherry picked from commit e8a54526d8a89097742d808a53956a54431ded06)

units: delay binfmt processing until after local-fs.target

Users may use rules that refer to binaries e.g. in /opt or /usr/local,
and those directories may be separate mount points. We don't need the
binfmt rules in early boot, so let's delay the service so that we can
rely on the full local filesystem being visible.

Fixes #21178.

(cherry picked from commit 0491ab5fcd1e8a7d6c532c591dabb98a9e6ed648)
(cherry picked from commit b564be5d5e8ac063a378e818af51a267e99bff0d)

seccomp: move mprotect to @default

With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4:

Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 10 10:31:41 2021 +0200

    nptl: Move changing of stack permissions into ld.so

    All the stack lists are now in _rtld_global, so it is possible
    to change stack permissions directly from there, instead of
    calling into libpthread to do the change.

It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.

(cherry picked from commit 4728625490b70ac4a686b1655c08ad3fe7b97359)
(cherry picked from commit 0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f)

dhcp: fix assertion failure

Fixes #21671.

(cherry picked from commit 990d0aa98023140d1efc897c3dcd5e0599a60203)
(cherry picked from commit d59f045a9341f33df161a83a0a5428e137381206)

tests: add test case for UMask=+BindPaths= combination

Inspired by the test case described in #19899

(cherry picked from commit 875afa02fabe1dad5aa3d1e9bff89d493a369fd0)
(cherry picked from commit ae53f4b5e48860b473c4d05958486a77f84ecc6d)

namespace: make tmp dir handling code independent of umask too

Let's make all code in namespace.c robust towards weird umask. This
doesn't matter too much given that the parent dirs we deal here almost
certainly exist anyway, but let's clean this up anyway and make it fully
clean.

(cherry picked from commit 30443439274cc223583c6c57f7d9041e440e346f)
(cherry picked from commit 78858632566c30d2299bcdbd6efe3cbd1cc99d5a)

namespace: make whole namespace_setup() work regardless of configured umask

Let's reset the umask during the whole namespace_setup() logic, so that
all our mkdir() + mknod() are not subjected to whatever umask might
currently be set.

This mostly moves the umask save/restore logic out of
mount_private_dev() and into the stack frame of namespace_setup() that
is further out.

Fixes #19899

(cherry picked from commit cdf42f9bd40ff21a67d58b948efea055d56ad398)
(cherry picked from commit 569ef9413c2ef3275b45458367342112e5d5f991)

namespace: rebreak a few comments

(cherry picked from commit d73020f2420aa3f220481016829aaa2602abf081)
(cherry picked from commit bce7fb14df960aee57f0ad5c9c12a0d35c3e504e)

umask-util: add helper that resets umask until end of current code block

(cherry picked from commit 52f05ef21d7790f37bc3cd6e54fb9a4bcb16efa5)
(cherry picked from commit 77cfa37459fbd350c67c08597aaa5cc098fcc1ee)

binfmt: fix exit value

Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g.
systemd-binfmt --foobar would "succeed".

(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772)
(cherry picked from commit d4406e94a32d423d8a73deb7757fb09890afe2c4)

Change gendered terms to be gender-neutral (#21325)

Some typos are also fixed.

(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0)
(cherry picked from commit 3ba07929636e1a55c71767e40e23bf639b7a8db5)

docs: Clarify systemctl show manual

The manual incorrectly asserted that the properties in systemctl show
matched the the options in systemd-system.conf, which is not always true.

Add clarification on the equivalence of the properties in systemctl show
and systemd-system.conf

Fixed #21230

(cherry picked from commit c809e38732afcb3efc429fc5086f9c48e45ae635)
(cherry picked from commit 0e7dc0ae2c9be0dd390e6c34cb3128e53d714ab8)

sd-event: don't destroy inotify data structures from inotify event handler

This fixes a bad memory access when we destroy an inotify source handler
from the handler itself, and thus destroy the associated inotify_data
structures.

Fixes: #20177
(cherry picked from commit 53baf2efa420cab6c4b1904c9a0c46a0c4ec80a1)
(cherry picked from commit 439a271943aa182002e5fb64f1a216415e556472)

tree-wide: use sd_event_source_disable_unref() where we can

(cherry picked from commit 4f538d7b221de5707c1ff422e6e34be795535397)
(cherry picked from commit e53bfae86dfb909e0a2eb179328b61f4ed723639)

logind: downgrade message about /run/utmp missing to LOG_DEBUG

This isn't really anything to really complain about, let's debug log
about this, and continue quietly as if utmp was empty.

(cherry picked from commit 9830d716147c4e35026457027af95f303e690ae9)
(cherry picked from commit 5ac75f556c2ff3c28a815414dab92b58c3726dbd)