packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!32 systemd update to version246

Browse Source 
Merge pull request !32 from fangxiuning/fxn
This commit is contained in:
openeuler-ci-bot 2020-06-18 22:04:05 +08:00 committed by Gitee
commit a5cb8872f2
41 changed files with 179 additions and 2017 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
0001-core-create-or-remove-unit-bus-name-slots-always-together.patch
View File

@ -1,108 +0,0 @@
From a5b07847950c603605acf85b472b210cd2da40fb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 16:48:18 +0100
Subject: [PATCH] core: create/remove unit bus name slots always together
When a service unit watches a bus name (i.e. because of BusName= being
set), then we do two things: we install a match slot to watch how its
ownership changes, and we inquire about the current owner. Make sure we
always do both together or neither.
This in particular fixes a corner-case memleak when destroying bus
connections, since we never freed the GetNameOwner() bus slots when
destroying a bus when they were still ongoing.
---
src/core/dbus.c | 11 ++++-------
src/core/unit.c | 32 +++++++++++++++++++++-----------
2 files changed, 25 insertions(+), 18 deletions(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3c40f29..cef1789 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -1051,13 +1051,10 @@ static void destroy_bus(Manager *m, sd_bus **bus) {
/* Make sure all bus slots watching names are released. */
HASHMAP_FOREACH(u, m->watch_bus, i) {
- if (!u->match_bus_slot)
- continue;
-
- if (sd_bus_slot_get_bus(u->match_bus_slot) != *bus)
- continue;
-
- u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+ if (u->match_bus_slot && sd_bus_slot_get_bus(u->match_bus_slot) == *bus)
+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+ if (u->get_name_owner_slot && sd_bus_slot_get_bus(u->get_name_owner_slot) == *bus)
+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
}
/* Get rid of tracked clients on this bus */
diff --git a/src/core/unit.c b/src/core/unit.c
index 5cf16c6..8781132 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3238,12 +3238,13 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
const char *match;
+ int r;
assert(u);
assert(bus);
assert(name);
- if (u->match_bus_slot)
+ if (u->match_bus_slot || u->get_name_owner_slot)
return -EBUSY;
match = strjoina("type='signal',"
@@ -3253,19 +3254,27 @@ int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
"member='NameOwnerChanged',"
"arg0='", name, "'");
- int r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
+ r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
if (r < 0)
return r;
- return sd_bus_call_method_async(bus,
- &u->get_name_owner_slot,
- "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus",
- "GetNameOwner",
- get_name_owner_handler,
- u,
- "s", name);
+ r = sd_bus_call_method_async(
+ bus,
+ &u->get_name_owner_slot,
+ "org.freedesktop.DBus",
+ "/org/freedesktop/DBus",
+ "org.freedesktop.DBus",
+ "GetNameOwner",
+ get_name_owner_handler,
+ u,
+ "s", name);
+ if (r < 0) {
+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+ return r;
+ }
+
+ log_unit_debug(u, "Watching D-Bus name '%s'.", name);
+ return 0;
}
int unit_watch_bus_name(Unit *u, const char *name) {
@@ -3288,6 +3297,7 @@ int unit_watch_bus_name(Unit *u, const char *name) {
r = hashmap_put(u->manager->watch_bus, name, u);
if (r < 0) {
u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
}
--
1.8.3.1

33
0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch
View File

@ -1,33 +0,0 @@
From 42837b8134844c1d08014e480f9497d165c57ef6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 16:31:48 +0100
Subject: [PATCH] core: don't check error parameter of get_name_owner_handler()
It's a *return* parameter, not an input parameter. Yes, this is a bit
confusing for method call replies, but we try to use the same message
handler for all incoming messages, hence the parameter. We are supposed
to write any error into it we encounter, if we want, and our caller will
log it, but that's it.
---
src/core/unit.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 03b4b57..c54abe9 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3218,11 +3218,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
- if (sd_bus_error_is_set(error)) {
- log_error("Failed to get name owner from bus: %s", error->message);
- return 0;
- }
-
e = sd_bus_message_get_error(message);
if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
return 0;
--
1.8.3.1

32
0001-core-dont-check-potentially-NULL-error.patch
View File

@ -1,32 +0,0 @@
From a54654ba700b1fc6f5cc92e88e2c5544fd7ad2fd Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 16:35:15 +0100
Subject: [PATCH] core: don't check potentially NULL error, it's not gonna work
anyway
---
src/core/unit.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index c54abe9..7ea0e8a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3219,11 +3219,10 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
e = sd_bus_message_get_error(message);
- if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
- return 0;
-
if (e) {
- log_error("Unexpected error response from GetNameOwner: %s", e->message);
+ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
+ log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message);
+
return 0;
}
--
1.8.3.1

331
0001-core-drop-initial-ListNames-bus-call-from-PID1.patch
View File

@ -1,331 +0,0 @@
From fc67a943d989d5e74577adea9676cdc7928b08fc Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 17:31:34 +0100
Subject: [PATCH] core: drop initial ListNames() bus call from PID 1
Previously, when first connecting to the bus after connecting to it we'd
issue a ListNames() bus call to the driver to figure out which bus names
are currently active. This information was then used to initialize the
initial state for services that use BusName=.
This change removes the whole code for this and replaces it with
something vastly simpler.
First of all, the ListNames() call was issues synchronosuly, which meant
if dbus was for some reason synchronously calling into PID1 for some
reason we'd deadlock. As it turns out there's now a good chance it does:
the nss-systemd userdb hookup means that any user dbus-daemon resolves
might result in a varlink call into PID 1, and dbus resolves quite a lot
of users while parsing its policy. My original goal was to fix this
deadlock.
But as it turns out we don't need the ListNames() call at all anymore,
since #12957 has been merged. That PR was supposed to fix a race where
asynchronous installation of bus matches would cause us missing the
initial owner of a bus name when a service is first started. It fixed it
(correctly) by enquiring with GetOwnerName() who currently owns the
name, right after installing the match. But this means whenever we start watching a bus name we anyway
issue a GetOwnerName() for it, and that means also when first connecting
to the bus we don't need to issue ListNames() anymore since that just
tells us the same info: which names are currently owned.
hence, let's drop ListNames() and instead make better use of the
GetOwnerName() result: if it failed the name is not owned.
Also, while we are at it, let's simplify the unit's owner_name_changed()
callback(): let's drop the "old_owner" argument. We never used that
besides logging, and it's hard to synthesize from just the return of a
GetOwnerName(), hence don't bother.
---
src/core/dbus.c | 112 -----------------------------------------------------
src/core/dbus.h | 2 -
src/core/manager.c | 4 --
src/core/manager.h | 2 -
src/core/service.c | 15 ++-----
src/core/unit.c | 23 ++++++-----
src/core/unit.h | 2 +-
7 files changed, 16 insertions(+), 144 deletions(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index cef1789..941219f 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -719,114 +719,6 @@ static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void
return 0;
}
-static int manager_dispatch_sync_bus_names(sd_event_source *es, void *userdata) {
- _cleanup_strv_free_ char **names = NULL;
- Manager *m = userdata;
- const char *name;
- Iterator i;
- Unit *u;
- int r;
-
- assert(es);
- assert(m);
- assert(m->sync_bus_names_event_source == es);
-
- /* First things first, destroy the defer event so that we aren't triggered again */
- m->sync_bus_names_event_source = sd_event_source_unref(m->sync_bus_names_event_source);
-
- /* Let's see if there's anything to do still? */
- if (!m->api_bus)
- return 0;
- if (hashmap_isempty(m->watch_bus))
- return 0;
-
- /* OK, let's sync up the names. Let's see which names are currently on the bus. */
- r = sd_bus_list_names(m->api_bus, &names, NULL);
- if (r < 0)
- return log_error_errno(r, "Failed to get initial list of names: %m");
-
- /* We have to synchronize the current bus names with the
- * list of active services. To do this, walk the list of
- * all units with bus names. */
- HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) {
- Service *s = SERVICE(u);
-
- assert(s);
-
- if (!streq_ptr(s->bus_name, name)) {
- log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name);
- continue;
- }
-
- /* Check if a service's bus name is in the list of currently
- * active names */
- if (strv_contains(names, name)) {
- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
- const char *unique;
-
- /* If it is, determine its current owner */
- r = sd_bus_get_name_creds(m->api_bus, name, SD_BUS_CREDS_UNIQUE_NAME, &creds);
- if (r < 0) {
- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get bus name owner %s: %m", name);
- continue;
- }
-
- r = sd_bus_creds_get_unique_name(creds, &unique);
- if (r < 0) {
- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get unique name for %s: %m", name);
- continue;
- }
-
- /* Now, let's compare that to the previous bus owner, and
- * if it's still the same, all is fine, so just don't
- * bother the service. Otherwise, the name has apparently
- * changed, so synthesize a name owner changed signal. */
-
- if (!streq_ptr(unique, s->bus_name_owner))
- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, unique);
- } else {
- /* So, the name we're watching is not on the bus.
- * This either means it simply hasn't appeared yet,
- * or it was lost during the daemon reload.
- * Check if the service has a stored name owner,
- * and synthesize a name loss signal in this case. */
-
- if (s->bus_name_owner)
- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, NULL);
- }
- }
-
- return 0;
-}
-
-int manager_enqueue_sync_bus_names(Manager *m) {
- int r;
-
- assert(m);
-
- /* Enqueues a request to synchronize the bus names in a later event loop iteration. The callers generally don't
- * want us to invoke ->bus_name_owner_change() unit calls from their stack frames as this might result in event
- * dispatching on its own creating loops, hence we simply create a defer event for the event loop and exit. */
-
- if (m->sync_bus_names_event_source)
- return 0;
-
- r = sd_event_add_defer(m->event, &m->sync_bus_names_event_source, manager_dispatch_sync_bus_names, m);
- if (r < 0)
- return log_error_errno(r, "Failed to create bus name synchronization event: %m");
-
- r = sd_event_source_set_priority(m->sync_bus_names_event_source, SD_EVENT_PRIORITY_IDLE);
- if (r < 0)
- return log_error_errno(r, "Failed to set event priority: %m");
-
- r = sd_event_source_set_enabled(m->sync_bus_names_event_source, SD_EVENT_ONESHOT);
- if (r < 0)
- return log_error_errno(r, "Failed to set even to oneshot: %m");
-
- (void) sd_event_source_set_description(m->sync_bus_names_event_source, "manager-sync-bus-names");
- return 0;
-}
-
static int bus_setup_api(Manager *m, sd_bus *bus) {
Iterator i;
char *name;
@@ -910,10 +802,6 @@ int bus_init_api(Manager *m) {
m->api_bus = TAKE_PTR(bus);
- r = manager_enqueue_sync_bus_names(m);
- if (r < 0)
- return r;
-
return 0;
}
diff --git a/src/core/dbus.h b/src/core/dbus.h
index f1c0fa8..d5ba653 100644
--- a/src/core/dbus.h
+++ b/src/core/dbus.h
@@ -21,8 +21,6 @@ int bus_fdset_add_all(Manager *m, FDSet *fds);
void bus_track_serialize(sd_bus_track *t, FILE *f, const char *prefix);
int bus_track_coldplug(Manager *m, sd_bus_track **t, bool recursive, char **l);
-int manager_enqueue_sync_bus_names(Manager *m);
-
int bus_foreach_bus(Manager *m, sd_bus_track *subscribed2, int (*send_message)(sd_bus *bus, void *userdata), void *userdata);
int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error);
diff --git a/src/core/manager.c b/src/core/manager.c
index 171ff04..dbd25af 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1373,7 +1373,6 @@ Manager* manager_free(Manager *m) {
sd_event_source_unref(m->jobs_in_progress_event_source);
sd_event_source_unref(m->run_queue_event_source);
sd_event_source_unref(m->user_lookup_event_source);
- sd_event_source_unref(m->sync_bus_names_event_source);
safe_close(m->signal_fd);
safe_close(m->notify_fd);
@@ -1610,9 +1609,6 @@ static void manager_ready(Manager *m) {
manager_recheck_journal(m);
manager_recheck_dbus(m);
- /* Sync current state of bus names with our set of listening units */
- (void) manager_enqueue_sync_bus_names(m);
-
/* Let's finally catch up with any changes that took place while we were reloading/reexecing */
manager_catchup(m);
diff --git a/src/core/manager.h b/src/core/manager.h
index 51df7f8..8ca8e38 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -219,8 +219,6 @@ struct Manager {
int user_lookup_fds[2];
sd_event_source *user_lookup_event_source;
- sd_event_source *sync_bus_names_event_source;
-
UnitFileScope unit_file_scope;
LookupPaths lookup_paths;
Hashmap *unit_id_map;
diff --git a/src/core/service.c b/src/core/service.c
index 49ad166..447c7af 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -4062,24 +4062,17 @@ static int service_get_timeout(Unit *u, usec_t *timeout) {
return 1;
}
-static void service_bus_name_owner_change(
- Unit *u,
- const char *old_owner,
- const char *new_owner) {
+static void service_bus_name_owner_change(Unit *u, const char *new_owner) {
Service *s = SERVICE(u);
int r;
assert(s);
- assert(old_owner || new_owner);
-
- if (old_owner && new_owner)
- log_unit_debug(u, "D-Bus name %s changed owner from %s to %s", s->bus_name, old_owner, new_owner);
- else if (old_owner)
- log_unit_debug(u, "D-Bus name %s no longer registered by %s", s->bus_name, old_owner);
+ if (new_owner)
+ log_unit_debug(u, "D-Bus name %s now owned by %s", s->bus_name, new_owner);
else
- log_unit_debug(u, "D-Bus name %s now registered by %s", s->bus_name, new_owner);
+ log_unit_debug(u, "D-Bus name %s now not owned by anyone.", s->bus_name);
s->bus_name_good = !!new_owner;
diff --git a/src/core/unit.c b/src/core/unit.c
index 8781132..e137acc 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3185,24 +3185,21 @@ int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
}
static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
- const char *name, *old_owner, *new_owner;
+ const char *new_owner;
Unit *u = userdata;
int r;
assert(message);
assert(u);
- r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner);
+ r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner);
if (r < 0) {
bus_log_parse_error(r);
return 0;
}
- old_owner = empty_to_null(old_owner);
- new_owner = empty_to_null(new_owner);
-
if (UNIT_VTABLE(u)->bus_name_owner_change)
- UNIT_VTABLE(u)->bus_name_owner_change(u, old_owner, new_owner);
+ UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner));
return 0;
}
@@ -3223,15 +3220,17 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message);
- return 0;
- }
+ new_owner = NULL;
+ } else {
+ r = sd_bus_message_read(message, "s", &new_owner);
+ if (r < 0)
+ return bus_log_parse_error(r);
- r = sd_bus_message_read(message, "s", &new_owner);
- if (r < 0)
- return bus_log_parse_error(r);
+ assert(!isempty(new_owner));
+ }
if (UNIT_VTABLE(u)->bus_name_owner_change)
- UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner);
+ UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner);
return 0;
}
diff --git a/src/core/unit.h b/src/core/unit.h
index c5d8170..4410014 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -530,7 +530,7 @@ typedef struct UnitVTable {
void (*notify_message)(Unit *u, const struct ucred *ucred, char **tags, FDSet *fds);
/* Called whenever a name this Unit registered for comes or goes away. */
- void (*bus_name_owner_change)(Unit *u, const char *old_owner, const char *new_owner);
+ void (*bus_name_owner_change)(Unit *u, const char *new_owner);
/* Called for each property that is being set */
int (*bus_set_property)(Unit *u, const char *name, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
--
1.8.3.1

31
0001-core-no-need-to-eat-up-error.patch
View File

@ -1,31 +0,0 @@
From 5085ef0d711f1faaacddaf5519daeb150794ea99 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 16:35:44 +0100
Subject: [PATCH] core: no need to eat up error
This is a method call reply. We might as well propagate the error. The
worst that happens is that sd-bus logs about it.
---
src/core/unit.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index be92d97..5cf16c6 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3227,10 +3227,8 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
}
r = sd_bus_message_read(message, "s", &new_owner);
- if (r < 0) {
- bus_log_parse_error(r);
- return 0;
- }
+ if (r < 0)
+ return bus_log_parse_error(r);
if (UNIT_VTABLE(u)->bus_name_owner_change)
UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner);
--
1.8.3.1

27
0001-core-shorten-code-a-bit.patch
View File

@ -1,27 +0,0 @@
From 17bda1f19d5394290d7552d9db0c423b207dc40a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2019 16:35:28 +0100
Subject: [PATCH] core: shorten code a bit
The return parameter here cannot be NULL, the bus call either succeeds
or fails but will never uceed and return an empty owner.
---
src/core/unit.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 7ea0e8a..be92d97 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3232,8 +3232,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu
return 0;
}
- new_owner = empty_to_null(new_owner);
-
if (UNIT_VTABLE(u)->bus_name_owner_change)
UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner);
--
1.8.3.1

71
0001-udev-ignore-error-caused-by-device-disconnection.patch
View File

@ -1,71 +0,0 @@
From b64b83d13eedfdfc616c16c4a108ef28bf6d3b33 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 12 Nov 2019 14:58:25 +0900
Subject: [PATCH] udev: ignore error caused by device disconnection
During an add or change event, the device may be disconnected.
Fixes #13976.
---
src/udev/udev-node.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 2d72570..a34b8d6 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -296,8 +296,11 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
else
mode |= S_IFCHR;
- if (lstat(devnode, &stats) < 0)
+ if (lstat(devnode, &stats) < 0) {
+ if (errno == ENOENT)
+ return 0; /* this is necessarily racey, so ignore missing the device */
return log_device_debug_errno(dev, errno, "cannot stat() node %s: %m", devnode);
+ }
if ((mode != MODE_INVALID && (stats.st_mode & S_IFMT) != (mode & S_IFMT)) || stats.st_rdev != devnum)
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
@@ -322,11 +325,13 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
r = chmod_and_chown(devnode, mode, uid, gid);
if (r < 0)
- log_device_warning_errno(dev, r, "Failed to set owner/mode of %s to uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m",
- devnode,
- uid_is_valid(uid) ? uid : stats.st_uid,
- gid_is_valid(gid) ? gid : stats.st_gid,
- mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777);
+ log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r,
+ "Failed to set owner/mode of %s to uid=" UID_FMT
+ ", gid=" GID_FMT ", mode=%#o: %m",
+ devnode,
+ uid_is_valid(uid) ? uid : stats.st_uid,
+ gid_is_valid(gid) ? gid : stats.st_gid,
+ mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777);
} else
log_device_debug(dev, "Preserve permissions of %s, uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o",
devnode,
@@ -343,7 +348,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
q = mac_selinux_apply(devnode, label);
if (q < 0)
- log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label);
+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q,
+ "SECLABEL: failed to set SELinux label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label);
@@ -352,7 +358,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label);
if (q < 0)
- log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label);
+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q,
+ "SECLABEL: failed to set SMACK label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label);
--
1.8.3.1

40
0001-udev-use-bfq-as-the-default-scheduler.patch
View File

@ -1,40 +0,0 @@
From 5ab4d083dbe0a1ae095875c4af6ac26749b67211 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Aug 2019 15:57:42 +0200
Subject: [PATCH] udev: use bfq as the default scheduler
As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
Test results are that bfq seems to behave better and more consistently on
typical hardware. The kernel does not have a configuration option to set
the default scheduler, and it currently needs to be set by userspace.
See the bug for more discussion and links.
---
rules/60-block-scheduler.rules | 5 +++++
rules/meson.build | 1 +
2 files changed, 6 insertions(+)
create mode 100644 rules/60-block-scheduler.rules
diff --git a/rules/60-block-scheduler.rules b/rules/60-block-scheduler.rules
new file mode 100644
index 00000000000..480b941761f
--- /dev/null
+++ b/rules/60-block-scheduler.rules
@@ -0,0 +1,5 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION=="add", SUBSYSTEM=="block", \
+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
+ ATTR{queue/scheduler}="bfq"
diff --git a/rules/meson.build b/rules/meson.build
index b6a32ba77e2..1da958b4d46 100644
--- a/rules/meson.build
+++ b/rules/meson.build
@@ -2,6 +2,7 @@
rules = files('''
60-block.rules
+ 60-block-scheduler.rules
60-cdrom_id.rules
60-drm.rules
60-evdev.rules

22
0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
View File

@ -10,28 +10,29 @@ If it exists, do nothing. In particular, if it is a broken symlink,
we cannot really know if the administator configured it to point to
a location used by some service that hasn't started yet, so we
don't touch it in that case either.
https://bugzilla.redhat.com/show_bug.cgi?id=1313085
---
src/resolve/resolved.c | 4 ++++
src/resolve/resolved.c | 5 +++++
tmpfiles.d/etc.conf.m4 | 3 ---
2 files changed, 4 insertions(+), 3 deletions(-)
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index 2ca9fbdc72..3c8a9ff12a 100644
index 50989a6b0a..95a51a574a 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -49,6 +49,10 @@ static int run(int argc, char *argv[]) {
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume most
* privileges are already dropped. */
if (getuid() == 0) {
@@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) {
if (r < 0)
return log_error_errno(r, "Could not create runtime directory: %m");
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno,
+ "Could not create /etc/resolv.conf symlink: %m");
+
/* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
r = drop_privileges(uid, gid,
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index f82e0b82ce..66a777bdb2 100644
--- a/tmpfiles.d/etc.conf.m4
@ -46,3 +47,6 @@ index f82e0b82ce..66a777bdb2 100644
C! /etc/nsswitch.conf - - - -
m4_ifdef(`HAVE_PAM',
C! /etc/pam.d - - - -
--
2.23.0

10
1509-fix-journal-file-descriptors-leak-problems.patch
View File

@ -12,10 +12,10 @@ after notify watching is added.
1 file changed, 20 insertions(+)
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 004fe64..8be5481 100644
index 80cd80f356..de2ad4607d 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -1436,6 +1436,18 @@ fail:
@@ -1578,6 +1578,18 @@ fail:
log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path);
}
@ -34,7 +34,7 @@ index 004fe64..8be5481 100644
static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) {
int r;
@@ -1464,6 +1476,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask)
@@ -1606,6 +1618,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask)
(void) inotify_rm_watch(j->inotify_fd, m->wd);
m->wd = -1;
}
@ -48,7 +48,7 @@ index 004fe64..8be5481 100644
+ remove_nonexistent_journal_files(j);
}
static int add_directory(sd_journal *j, const char *prefix, const char *dirname) {
static int add_directory(
--
1.8.3.1
2.23.0

13
1605-update-rtc-with-system-clock-when-shutdown.patch
View File

@ -1,17 +1,16 @@
m a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001
From a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001
From: update-rtc-with-system-clock-when-shutdown
Date: Sat, 2 Feb 2019 02:54:52 -0500
Subject: [PATCH] Module: modification summary
---
units/hwclock-save.service.in | 19 +++++++++++++++++++
units/meson.build | 2 ++
2 files changed, 21 insertions(+)
create mode 100644 units/hwclock-save.service.in
diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in
new file mode 100644
index 0000000..db33418
index 0000000000..db33418932
--- /dev/null
+++ b/units/hwclock-save.service.in
@@ -0,0 +1,19 @@
@ -35,10 +34,10 @@ index 0000000..db33418
+WantedBy=default.target
+
diff --git a/units/meson.build b/units/meson.build
index e4ac6ce..67126d6 100644
index c641900c66..63fc331921 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -211,6 +211,8 @@ in_units = [
@@ -220,6 +220,8 @@ in_units = [
'sysinit.target.wants/'],
['systemd-update-done.service', '',
'sysinit.target.wants/'],
@ -48,5 +47,5 @@ index e4ac6ce..67126d6 100644
'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'],
['systemd-update-utmp.service', 'ENABLE_UTMP',
--
1.8.3.1
2.23.0

89
1612-serialize-pids-for-scope-when-not-started.patch
View File

@ -1,89 +0,0 @@
From a5c08598384d44ad3bce24ff63ab320b3b3e5292 Mon Sep 17 00:00:00 2001
From: huangkaibin <huangkaibin@huawei.com>
Date: Wed, 31 Jan 2018 22:28:36 +0800
Subject: [PATCH] systemd-core: Serialize pids for scope unit when it is not
started
1. when a scope unit is initialized, and daemon-reload is performed before it is started,
pids (generally comes from dbus) belog to this scope will not be attached to the cgroup of this scope,
because these pids are not serialized and are lost during daemon-reload.
2. this patch fix this problem by serializing scope pids when the state of the scope is DEAD(the init state).
---
src/core/scope.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/src/core/scope.c b/src/core/scope.c
index ae6614f..8d96ee1 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -194,6 +194,8 @@ static int scope_load(Unit *u) {
static int scope_coldplug(Unit *u) {
Scope *s = SCOPE(u);
+ Iterator i;
+ void *pidp = NULL;
int r;
assert(s);
@@ -214,6 +216,12 @@ static int scope_coldplug(Unit *u) {
bus_scope_track_controller(s);
scope_set_state(s, s->deserialized_state);
+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) {
+ SET_FOREACH(pidp, u->pids, i) {
+ log_unit_info(u, "Rewatch pid from serialized pids. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp));
+ unit_watch_pid(u, PTR_TO_UINT32(pidp));
+ }
+ }
return 0;
}
@@ -396,6 +404,8 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) {
}
static int scope_serialize(Unit *u, FILE *f, FDSet *fds) {
+ Iterator i;
+ void *pidp = NULL;
Scope *s = SCOPE(u);
assert(s);
@@ -408,6 +418,14 @@ static int scope_serialize(Unit *u, FILE *f, FDSet *fds) {
if (s->controller)
unit_serialize_item(u, f, "controller", s->controller);
+ /*serialize pids when scope is not started*/
+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) {
+ SET_FOREACH(pidp, u->pids, i) {
+ log_unit_info(u, "scope is not started yet, pids are serialized. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp));
+ unit_serialize_item_format(u, f, "scope_pids", PID_FMT, PTR_TO_UINT32(pidp));
+ }
+ }
+
return 0;
}
@@ -443,6 +461,21 @@ static int scope_deserialize_item(Unit *u, const char *key, const char *value, F
if (r < 0)
log_oom();
+ } else if (streq(key, "scope_pids")) {
+ pid_t pid;
+
+ if (parse_pid(value, &pid) < 0)
+ log_unit_debug(u, "Failed to parse scope-pid value %s.", value);
+ else {
+ if(!u->pids) {
+ r = set_ensure_allocated(&u->pids, NULL);
+ if (r < 0)
+ return r;
+ }
+ r = set_put(u->pids, pid);
+ if (r < 0)
+ return r;
+ }
} else
log_unit_debug(u, "Unknown serialization key: %s", key);
--
1.8.3.1

37
1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch
View File

@ -1,37 +0,0 @@
From 650352c713aeb3b47807c9699ceeb168f9f880b8 Mon Sep 17 00:00:00 2001
From: huangkaibin <huangkaibin@huawei.com>
Date: Tue, 13 Mar 2018 20:51:37 +0800
Subject: [PATCH] systemd-core: Do not finish job during daemon reloading in
unit_notify.
1. During daemon reload, a service unit will restore its state from dead to its deserialized state,
and unit_notify will be triggered to notify the state change.
Since JobRemove signal will not be sent during daemon-reload(see details of job_uninstall),
if one job is finished in unit_notify due to the deserialization of a service, the corresponding
job observers(such as systemctl) will not receive any JobRemove signals will hang forever.
2. The above problem will cause a systemctl command to hang forever by using the following steps to reproduce.
a) Ensuere a service(named A)is in running state.
b) execute "systemctl daemon-reload" and "systemctl start A" concurrently
c) the systemctl command will hang for it is in waiting for the JobRemoved signal, but not signals will come from systemd.
3. This patch fix this bug by not finishing job in unit_notify when it is in daemon reload.
---
src/core/unit.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 9e5f1a8..2da6f61 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1831,7 +1831,8 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag
unit_update_on_console(u);
- if (u->job) {
+ if (u->job &&
+ !(m->n_reloading > 0 && u->job->state != JOB_RUNNING && os == UNIT_INACTIVE)) { /*do not finish job during daemon-reload*/
unexpected = false;
if (u->job->state == JOB_WAITING)
--
1.8.3.1

14
1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch
View File

@ -13,14 +13,14 @@ is same(both with 0), so the STOP job has no chance to be scheduled, and systemd
to handle the time task.
This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled.
---
src/core/service.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
src/core/service.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index ad9c028..8217447 100644
index 340b655059..fba3b3a3f1 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1716,14 +1716,15 @@ fail:
@@ -2264,6 +2264,7 @@ fail:
static void service_enter_restart(Service *s) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
@ -28,10 +28,10 @@ index ad9c028..8217447 100644
assert(s);
if (UNIT(s)->job && UNIT(s)->job->type == JOB_STOP) {
@@ -2271,7 +2272,8 @@ static void service_enter_restart(Service *s) {
/* Don't restart things if we are going down anyway */
log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart.");
-
- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec));
+ restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec;
+ r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec));
@ -39,5 +39,5 @@ index ad9c028..8217447 100644
goto fail;
--
1.8.3.1
2.23.0

46
1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch
View File

@ -1,46 +0,0 @@
From 07e13151c566588b5f679e2576d3dfc2125c6e7c Mon Sep 17 00:00:00 2001
From: huangkaibin <huangkaibin@huawei.com>
Date: Sun, 22 Apr 2018 18:49:19 +0800
Subject: [PATCH] systemd-core: nop_job of a unit must also be coldpluged after
deserization.
When a unit is not in-active, and systemctl try-restart is executed for this unit,
systemd will do nothing for it and just accept it as a nop_job for the unit.
When then nop-job is still in the running queue, then daemon-reload is performed, this nop job
will be dropped from the unit since it is not coldpluged in the unit_coldplug function.
After then, the systemctl try-restart command will hang forever since no JOB_DONE dbus signal will be sent
to it from systemd.
This patch fix this problem by do coldplug for the nop_job in unit_coldplug function.
---
src/core/unit.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 2da6f61..a862b79 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3028,10 +3028,17 @@ int unit_coldplug(Unit *u) {
r = q;
}
- if (u->job) {
- q = job_coldplug(u->job);
- if (q < 0 && r >= 0)
- r = q;
+ if (u->job || u->nop_job) {
+ if (u->job) {
+ q = job_coldplug(u->job);
+ if (q < 0 && r >= 0)
+ r = q;
+ }
+ if (u->nop_job) {
+ q = job_coldplug(u->nop_job);
+ if (q < 0 && r >= 0)
+ r = q;
+ }
}
return r;
--
1.8.3.1

9
Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
View File

@ -8,17 +8,16 @@ Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
adds an After relationship.
Resolves: #1578772
---
src/core/unit.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 10e314f..bb4836a 100644
index 2b86fdedfd..2c804c8486 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1036,13 +1036,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
return 0;
@@ -1090,13 +1090,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
}
if (c->private_tmp) {
- const char *p;
@ -39,5 +38,5 @@ index 10e314f..bb4836a 100644
r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
if (r < 0)
--
2.19.1
2.23.0

84
CVE-2020-1712-1.patch
View File

@ -1,84 +0,0 @@
From 7f56982289275ce84e20f0554475864953e6aaab Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 16:52:10 +0100
Subject: [PATCH 1610/1760] polkit: on async pk requests, re-validate
action/details
When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.
https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab
---
src/shared/bus-util.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index ce4ece6..4bfdd3a 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -318,6 +318,9 @@ int bus_test_polkit(
#if ENABLE_POLKIT
typedef struct AsyncPolkitQuery {
+ char *action;
+ char **details;
+
sd_bus_message *request, *reply;
sd_bus_message_handler_t callback;
void *userdata;
@@ -338,6 +341,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
sd_bus_message_unref(q->request);
sd_bus_message_unref(q->reply);
+ free(q->action);
+ strv_free(q->details);
+
free(q);
}
@@ -402,11 +408,17 @@ int bus_verify_polkit_async(
if (q) {
int authorized, challenge;
- /* This is the second invocation of this function, and
- * there's already a response from polkit, let's
- * process it */
+ /* This is the second invocation of this function, and there's already a response from
+ * polkit, let's process it */
assert(q->reply);
+ /* If the operation we want to authenticate changed between the first and the second time,
+ * let's not use this authentication, it might be out of date as the object and context we
+ * operate on might have changed. */
+ if (!streq(q->action, action) ||
+ !strv_equal(q->details, (char**) details))
+ return -ESTALE;
+
if (sd_bus_message_is_method_error(q->reply, NULL)) {
const sd_bus_error *e;
@@ -512,6 +524,18 @@ int bus_verify_polkit_async(
q->callback = callback;
q->userdata = userdata;
+ q->action = strdup(action);
+ if (!q->action) {
+ async_polkit_query_free(q);
+ return -ENOMEM;
+ }
+
+ q->details = strv_copy((char**) details);
+ if (!q->details) {
+ async_polkit_query_free(q);
+ return -ENOMEM;
+ }
+
r = hashmap_put(*registry, call, q);
if (r < 0) {
async_polkit_query_free(q);
--
2.19.1

70
CVE-2020-1712-2.patch
View File

@ -1,70 +0,0 @@
From 1068447e6954dc6ce52f099ed174c442cb89ed54 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 17:05:17 +0100
Subject: [PATCH 1612/1760] sd-bus: introduce API for re-enqueuing incoming
messages
When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.
This might have other uses too, for example debugging.
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
---
src/libsystemd/sd-bus/sd-bus.c | 25 +++++++++++++++++++++++++
src/systemd/sd-bus.h | 1 +
2 files changed, 26 insertions(+)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 615346d..05593d1 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -4198,3 +4198,28 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) {
return bus->close_on_exit;
}
+
+
+_public_ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) {
+ int r;
+
+ assert_return(bus, -EINVAL);
+ assert_return(bus = bus_resolve(bus), -ENOPKG);
+ assert_return(m, -EINVAL);
+ assert_return(m->sealed, -EINVAL);
+ assert_return(!bus_pid_changed(bus), -ECHILD);
+
+ if (!BUS_IS_OPEN(bus->state))
+ return -ENOTCONN;
+
+ /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication,
+ * where we want accept a message, then determine we need to interactively authenticate the user, and
+ * when we have that process the message again. */
+
+ r = bus_rqueue_make_room(bus);
+ if (r < 0)
+ return r;
+
+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus);
+ return 0;
+}
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
index 84ceb62..2e104f8 100644
--- a/src/systemd/sd-bus.h
+++ b/src/systemd/sd-bus.h
@@ -201,6 +201,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r);
int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
int sd_bus_flush(sd_bus *bus);
+int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m);
sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
--
2.19.1

109
CVE-2020-1712-3.patch
View File

@ -1,109 +0,0 @@
From 95f82ae9d774f3508ce89dcbdd0714ef7385df59 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 16:44:43 +0100
Subject: [PATCH] polkit: reuse some common bus message appending code
https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59
---
src/shared/bus-util.c | 56 ++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 24 deletions(-)
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 4bfdd3a..04153d6 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -211,6 +211,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
return sender_uid == good_user;
}
+#if ENABLE_POLKIT
+static int bus_message_append_strv_key_value(
+ sd_bus_message *m,
+ const char **l) {
+
+ const char **k, **v;
+ int r;
+
+ assert(m);
+
+ r = sd_bus_message_open_container(m, 'a', "{ss}");
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH_PAIR(k, v, l) {
+ r = sd_bus_message_append(m, "{ss}", *k, *v);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_bus_message_close_container(m);
+ if (r < 0)
+ return r;
+
+ return r;
+}
+#endif
+
int bus_test_polkit(
sd_bus_message *call,
int capability,
@@ -241,7 +269,7 @@ int bus_test_polkit(
_cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
int authorized = false, challenge = false;
- const char *sender, **k, **v;
+ const char *sender;
sender = sd_bus_message_get_sender(call);
if (!sender)
@@ -265,17 +293,7 @@ int bus_test_polkit(
if (r < 0)
return r;
- r = sd_bus_message_open_container(request, 'a', "{ss}");
- if (r < 0)
- return r;
-
- STRV_FOREACH_PAIR(k, v, details) {
- r = sd_bus_message_append(request, "{ss}", *k, *v);
- if (r < 0)
- return r;
- }
-
- r = sd_bus_message_close_container(request);
+ r = bus_message_append_strv_key_value(request, details);
if (r < 0)
return r;
@@ -388,7 +406,7 @@ int bus_verify_polkit_async(
#if ENABLE_POLKIT
_cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
- const char *sender, **k, **v;
+ const char *sender;
sd_bus_message_handler_t callback;
void *userdata;
int c;
@@ -498,17 +516,7 @@ int bus_verify_polkit_async(
if (r < 0)
return r;
- r = sd_bus_message_open_container(pk, 'a', "{ss}");
- if (r < 0)
- return r;
-
- STRV_FOREACH_PAIR(k, v, details) {
- r = sd_bus_message_append(pk, "{ss}", *k, *v);
- if (r < 0)
- return r;
- }
-
- r = sd_bus_message_close_container(pk);
+ r = bus_message_append_strv_key_value(pk, details);
if (r < 0)
return r;
--
2.19.1

38
CVE-2020-1712-4.patch
View File

@ -1,38 +0,0 @@
From f4425c72c7395ec93ae00052916a66e2f60f200b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 16:53:59 +0100
Subject: [PATCH] polkit: use structured initialization
https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b
---
src/shared/bus-util.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 04153d6..0690a82 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -524,13 +524,15 @@ int bus_verify_polkit_async(
if (r < 0)
return r;
- q = new0(AsyncPolkitQuery, 1);
+ q = new(AsyncPolkitQuery, 1);
if (!q)
return -ENOMEM;
- q->request = sd_bus_message_ref(call);
- q->callback = callback;
- q->userdata = userdata;
+ *q = (AsyncPolkitQuery) {
+ .request = sd_bus_message_ref(call),
+ .callback = callback,
+ .userdata = userdata,
+ };
q->action = strdup(action);
if (!q->action) {
--
2.19.1

164
CVE-2020-1712-5.patch
View File

@ -1,164 +0,0 @@
From 637486261528e8aa3da9f26a4487dc254f4b7abb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 17:07:47 +0100
Subject: [PATCH 1613/1760] polkit: when authorizing via PK let's re-resolve
callback/userdata instead of caching it
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
---
src/shared/bus-util.c | 75 ++++++++++++++++++++++++++++---------------
1 file changed, 50 insertions(+), 25 deletions(-)
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 0690a82..41288a7 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -340,14 +340,13 @@ typedef struct AsyncPolkitQuery {
char **details;
sd_bus_message *request, *reply;
- sd_bus_message_handler_t callback;
- void *userdata;
sd_bus_slot *slot;
+
Hashmap *registry;
+ sd_event_source *defer_event_source;
} AsyncPolkitQuery;
static void async_polkit_query_free(AsyncPolkitQuery *q) {
-
if (!q)
return;
@@ -362,9 +361,22 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
free(q->action);
strv_free(q->details);
+ sd_event_source_disable_unref(q->defer_event_source);
free(q);
}
+static int async_polkit_defer(sd_event_source *s, void *userdata) {
+ AsyncPolkitQuery *q = userdata;
+
+ assert(s);
+
+ /* This is called as idle event source after we processed the async polkit reply, hopefully after the
+ * method call we re-enqueued has been properly processed. */
+
+ async_polkit_query_free(q);
+ return 0;
+}
+
static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
_cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
AsyncPolkitQuery *q = userdata;
@@ -373,19 +385,45 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
assert(reply);
assert(q);
+ assert(q->slot);
q->slot = sd_bus_slot_unref(q->slot);
+
+ assert(!q->reply);
q->reply = sd_bus_message_ref(reply);
+ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the
+ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field
+ * again.
+ *
+ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again,
+ * i.e. after the second time the message is processed is complete. */
+
+ assert(!q->defer_event_source);
+ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q);
+ if (r < 0)
+ goto fail;
+
+ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE);
+ if (r < 0)
+ goto fail;
+
+ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT);
+ if (r < 0)
+ goto fail;
+
r = sd_bus_message_rewind(q->request, true);
- if (r < 0) {
- r = sd_bus_reply_method_errno(q->request, r, NULL);
- goto finish;
- }
+ if (r < 0)
+ goto fail;
- r = q->callback(q->request, q->userdata, &error_buffer);
- r = bus_maybe_reply_error(q->request, r, &error_buffer);
+ r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request);
+ if (r < 0)
+ goto fail;
+
+ return 1;
-finish:
+fail:
+ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
+ (void) sd_bus_reply_method_errno(q->request, r, NULL);
async_polkit_query_free(q);
return r;
@@ -406,11 +444,9 @@ int bus_verify_polkit_async(
#if ENABLE_POLKIT
_cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
- const char *sender;
- sd_bus_message_handler_t callback;
- void *userdata;
int c;
#endif
+ const char *sender;
int r;
assert(call);
@@ -474,20 +510,11 @@ int bus_verify_polkit_async(
else if (r > 0)
return 1;
-#if ENABLE_POLKIT
- if (sd_bus_get_current_message(call->bus) != call)
- return -EINVAL;
-
- callback = sd_bus_get_current_handler(call->bus);
- if (!callback)
- return -EINVAL;
-
- userdata = sd_bus_get_current_userdata(call->bus);
-
sender = sd_bus_message_get_sender(call);
if (!sender)
return -EBADMSG;
+#if ENABLE_POLKIT
c = sd_bus_message_get_allow_interactive_authorization(call);
if (c < 0)
return c;
@@ -530,8 +557,6 @@ int bus_verify_polkit_async(
*q = (AsyncPolkitQuery) {
.request = sd_bus_message_ref(call),
- .callback = callback,
- .userdata = userdata,
};
q->action = strdup(action);
--
2.19.1

7
Make-systemd-udevd.service-start-after-systemd-remou.patch
View File

@ -2,17 +2,16 @@ From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Tue, 29 Jan 2019 22:54:34 -0500
Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service.
---
units/systemd-udevd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 6a3814e..3b09923 100644
index 9ada3a6a74..17f15bba83 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -11,7 +11,7 @@
Description=udev Kernel Device Manager
Description=Rule-based Manager for Device Events and Files
Documentation=man:systemd-udevd.service(8) man:udev(7)
DefaultDependencies=no
-After=systemd-sysusers.service systemd-hwdb-update.service
@ -21,5 +20,5 @@ index 6a3814e..3b09923 100644
ConditionPathIsReadWrite=/sys
--
1.8.3.1
2.23.0

29
Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch
View File

@ -1,29 +0,0 @@
From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 8 Feb 2019 10:54:34 +0100
Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter
from 1 to 2"
This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1.
Resolves: #1653824
---
sysctl.d/50-default.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index b0645f3..e263cf0 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -22,7 +22,7 @@ kernel.sysrq = 16
kernel.core_uses_pid = 1
# Source route verification
-net.ipv4.conf.all.rp_filter = 2
+net.ipv4.conf.all.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0
--
1.8.3.1

67
core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch
View File

@ -1,67 +0,0 @@
From 95100aa8fa3182f3b066bdc5927b0a78c37550aa Mon Sep 17 00:00:00 2001
From: huangkaibin <huangkaibin@huawei.com>
Date: Mon, 23 Jul 2018 17:58:18 +0800
Subject: [PATCH] systemd-udevd: Call malloc_trim to return memory to OS
immediately in forked children.
hen there are many events from kernel, memory used to store these events(in event_list)
will be large, may be up to 100M. The forked child process will have a copy of these events and
release them using free. But since glibc will release memory to OS immediately, and if this child process
is stuck due I/O waiting(in D state), these memory will never be released until it is recoveried from D-state.
When there are so many such child processes, it will eat up much memory from system.
This patch fix this problem by invoking glibc's malloc_trim to release memory immediately when the child is forked.
---
meson.build | 6 ++++++
src/udev/udevd.c | 12 ++++++++++++
2 files changed, 18 insertions(+)
diff --git a/meson.build b/meson.build
index c14540a..5ee2fa7 100644
--- a/meson.build
+++ b/meson.build
@@ -518,6 +518,12 @@ else
conf.set10('HAVE_GETRANDOM', have)
endif
+if cc.has_function('malloc_trim', prefix : '''#include <malloc.h>''')
+ conf.set10('HAVE_MALLOC_TRIM', true)
+else
+ conf.set10('HAVE_MALLOC_TRIM', false)
+endif
+
#####################################################################
sed = find_program('sed')
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index c1119c3..62f1c44 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -27,6 +27,9 @@
#include <sys/time.h>
#include <sys/wait.h>
#include <unistd.h>
+#ifdef HAVE_MALLOC_TRIM
+#include <malloc.h>
+#endif
#include "sd-daemon.h"
#include "sd-event.h"
@@ -233,6 +236,15 @@ static void worker_spawn(Manager *manager, struct event *event) {
manager->event = sd_event_unref(manager->event);
+#ifdef HAVE_MALLOC_TRIM
+ /* unused memory inherits from parent has been freed, but it will
+ * not release to OS immediately. We do the optimization by invoking
+ * glibc's malloc_trim to force these unused memory to return to OS immediately.
+ * Otherwise when there are many forked process, it will eat up system's memory,
+ * and will cause OOM problem.
+ */
+ malloc_trim(0);
+#endif
sigfillset(&mask);
fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
if (fd_signal < 0) {
--
1.8.3.1

41
dbus-execute-avoid-extra-strdup.patch
View File

@ -1,41 +0,0 @@
From 66ca4903ca74604b193802635d36c48b0fcaf291 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Thu, 2 Jan 2020 19:59:48 +0200
Subject: [PATCH] dbus-execute: avoid extra strdup()
bind_mount_add does the strdup(), so we can avoid
strdup()ing the strings.
https://github.com/systemd/systemd/commit/66ca4903ca74604b193802635d36c48b0fcaf291
---
src/core/dbus-execute.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 2be3db2..abd60ea 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -2370,7 +2370,7 @@ int bus_exec_context_set_transient_property(
return 1;
} else if (STR_IN_SET(name, "BindPaths", "BindReadOnlyPaths")) {
- const char *source, *destination;
+ char *source, *destination;
int ignore_enoent;
uint64_t mount_flags;
bool empty = true;
@@ -2391,8 +2391,8 @@ int bus_exec_context_set_transient_property(
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
&(BindMount) {
- .source = strdup(source),
- .destination = strdup(destination),
+ .source = source,
+ .destination = destination,
.read_only = !!strstr(name, "ReadOnly"),
.recursive = !!(mount_flags & MS_REC),
.ignore_enoent = ignore_enoent,
--
2.19.1

33
fix-fd-leak-in-no-memory-condition.patch
View File

@ -1,33 +0,0 @@
From 43681c404794341a42ba0a34b9730103f4f2c560 Mon Sep 17 00:00:00 2001
From: Gaurav <g.gupta@samsung.com>
Date: Mon, 8 Apr 2019 10:13:26 +0530
Subject: [PATCH] Fix fd leak in no memory condition
In case of no memory situation, fd is not being close.
Please review.
https://github.com/systemd/systemd/commit/43681c404794341a42ba0a34b9730103f4f2c560.patch
---
src/libsystemd/sd-event/sd-event.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 5adbcee..5d0e057 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -900,8 +900,10 @@ _public_ int sd_event_add_io(
assert_return(!event_pid_changed(e), -ECHILD);
s = source_new(e, !ret, SOURCE_IO);
- if (!s)
+ if (!s) {
+ fd = safe_close(fd);
return -ENOMEM;
+ }
s->wakeup = WAKEUP_EVENT_SOURCE;
s->io.fd = fd;
--
2.19.1

11
fix-two-VF-virtual-machines-have-same-mac-address.patch
View File

@ -1,4 +1,3 @@
From 48b21956443a03ac94f29480e213b05b86fcf525 Mon Sep 17 00:00:00 2001
From: fangxiuning <fangxiuning@huawei.com>
Date: Thu, 5 Sep 2019 07:40:41 +0800
Subject: fix two vf virtual machine has same mac address
@ -27,22 +26,20 @@ and "locally administered" bits set.
none
Keeps the MAC address assigned by the kernel.
---
network/99-default.link | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/network/99-default.link b/network/99-default.link
index 347d4b7..54f1f58 100644
index dc7a42bf58..2b8f46a84c 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -12,4 +12,4 @@ OriginalName=*
@@ -13,4 +13,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none
--
1.8.3.1
2.23.0

10
journal-don-t-enable-systemd-journald-audit.socket-b.patch
View File

@ -11,18 +11,18 @@ Resolves: #1699287
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 089bc38..7436619 100644
index 0cb1bfa3ca..fa7348aa79 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -31,7 +31,7 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
@@ -34,7 +34,7 @@ RestrictRealtime=yes
RestrictSUIDSGID=yes
RuntimeDirectory=systemd/journal
RuntimeDirectoryPreserve=yes
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
StandardOutput=null
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
--
2.19.1
2.23.0

16
logind-set-RemoveIPC-to-false-by-default.patch
View File

@ -11,10 +11,10 @@ Resolves: #1523233
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 4cbfd09..c6ff5c3 100644
index b00daf366d..a9fed78aa6 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -327,7 +327,7 @@
@@ -340,7 +340,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
@ -24,10 +24,10 @@ index 4cbfd09..c6ff5c3 100644
</variablelist>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 1d21e90..2ac7860 100644
index 4289461df6..556945be20 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
@@ -35,7 +35,7 @@ void manager_reset_config(Manager *m) {
m->n_autovts = 6;
m->reserve_vt = 6;
@ -37,17 +37,17 @@ index 1d21e90..2ac7860 100644
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index 1029e29..c7346f9 100644
index ed1084b06e..07ff0d195e 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -32,6 +32,6 @@
#IdleAction=ignore
@@ -33,6 +33,6 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodes=400k
-#RemoveIPC=yes
+#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
--
2.19.1
2.23.0

66
pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
View File

@ -1,66 +0,0 @@
From bb46b12cbb84411e378cd45f2ac320a9ce53551c Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Tue, 10 Mar 2020 21:01:43 +0800
Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value
---
man/systemd-system.conf.xml | 2 +-
src/basic/cgroup-util.h | 4 ++--
src/core/system.conf.in | 2 +-
units/user-.slice.d/10-defaults.conf | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index e403fa5..afd51ed 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -360,7 +360,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller
+ of slice units. Defaults to 80%, which equals 26214 with the kernel's defaults on the host, but might be smaller
in OS containers.</para></listitem>
</varlistentry>
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index a39ab45..f2f2c09 100644
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -128,8 +128,8 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) {
}
/* Default resource limits */
-#define DEFAULT_TASKS_MAX_PERCENTAGE 15U /* 15% of PIDs, 4915 on default settings */
-#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */
+#define DEFAULT_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 4915 on default settings */
+#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 10813 on default settings */
typedef enum CGroupUnified {
CGROUP_UNIFIED_UNKNOWN = -1,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 8112125..9e75b14 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -51,7 +51,7 @@
#DefaultBlockIOAccounting=no
#DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=80%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=
diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf
index c81a00e..3b14c35 100644
--- a/units/user-.slice.d/10-defaults.conf
+++ b/units/user-.slice.d/10-defaults.conf
@@ -14,4 +14,4 @@ After=systemd-user-sessions.service
StopWhenUnneeded=yes
[Slice]
-TasksMax=33%
+TasksMax=80%
--
1.8.3.1

13
rules-add-elevator-kernel-command-line-parameter.patch
View File

@ -6,17 +6,16 @@ Subject: [PATCH] rules: add elevator= kernel command line parameter
Kernel removed the elevator= option
Resolves: #1670126
---
rules/40-elevator.rules | 20 ++++++++++++++++++++
rules.d/40-elevator.rules | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 rules/40-elevator.rules
create mode 100644 rules.d/40-elevator.rules
diff --git a/rules/40-elevator.rules b/rules/40-elevator.rules
diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
new file mode 100644
index 0000000..dbe8fc8
index 0000000000..5f615bf51a
--- /dev/null
+++ b/rules/40-elevator.rules
+++ b/rules.d/40-elevator.rules
@@ -0,0 +1,20 @@
+# We aren't adding devices skip the elevator check
+ACTION!="add", GOTO="sched_out"
@ -39,5 +38,5 @@ index 0000000..dbe8fc8
+
+LABEL="sched_out"
--
1.8.3.1
2.23.0

24
rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
View File

@ -6,16 +6,16 @@ Subject: rules: add rule for naming Dell iDRAC USB Virtual NIC
Related: #1523227
---
rules/73-idrac.rules | 6 ++++++
rules/meson.build | 1 +
rules.d/73-idrac.rules | 6 ++++++
rules.d/meson.build | 1 +
2 files changed, 7 insertions(+)
create mode 100644 rules/73-idrac.rules
create mode 100644 rules.d/73-idrac.rules
diff --git a/rules/73-idrac.rules b/rules/73-idrac.rules
diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules
new file mode 100644
index 0000000..d67fc42
index 0000000000..d67fc425b1
--- /dev/null
+++ b/rules/73-idrac.rules
+++ b/rules.d/73-idrac.rules
@@ -0,0 +1,6 @@
+# do not edit this file, it will be overwritten on update
+
@ -23,11 +23,11 @@ index 0000000..d67fc42
+# with terminates in the iDRAC. Help identify this with 'idrac'
+
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
diff --git a/rules/meson.build b/rules/meson.build
index e7e4362..e04a18a 100644
--- a/rules/meson.build
+++ b/rules/meson.build
@@ -17,6 +17,7 @@ rules = files('''
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 13d1d330cf..b06edf0621 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -18,6 +18,7 @@ rules = files('''
70-joystick.rules
70-mouse.rules
70-touchpad.rules
@ -36,5 +36,5 @@ index e7e4362..e04a18a 100644
75-probe_mtd.rules
78-sound-card.rules
--
1.8.3.1
2.23.0

14
rules-add-the-rule-that-adds-elevator-kernel-command.patch
View File

@ -7,21 +7,21 @@ Subject: [PATCH] rules: add the rule that adds elevator= kernel
Resolves: #1670126
---
rules/meson.build | 1 +
rules.d/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/meson.build b/rules/meson.build
index 1da958b..043313a 100644
--- a/rules/meson.build
+++ b/rules/meson.build
diff --git a/rules.d/meson.build b/rules.d/meson.build
index b06edf0621..bd65424a0d 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1+
rules = files('''
+ 40-elevator.rules
60-block.rules
60-block-scheduler.rules
60-cdrom_id.rules
60-drm.rules
--
2.19.1
2.23.0

75
sd-journal-close-journal-files-that-were-deleted-by-.patch
View File

@ -1,75 +0,0 @@
From 28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= <msekleta@redhat.com>
Date: Tue, 4 Feb 2020 14:23:14 +0100
Subject: [PATCH] sd-journal: close journal files that were deleted by journald
before we've setup inotify watch
url:https://github.com/systemd/systemd/commit/28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6.patch
Fixes #14695
---
src/journal/journal-file.c | 2 +-
src/journal/journal-file.h | 1 +
src/journal/sd-journal.c | 15 +++++++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 505191999b..bd53635860 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -601,7 +601,7 @@ static int journal_file_verify_header(JournalFile *f) {
return 0;
}
-static int journal_file_fstat(JournalFile *f) {
+int journal_file_fstat(JournalFile *f) {
int r;
assert(f);
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index 502f1f567d..cf0f7691fb 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -145,6 +145,7 @@ int journal_file_open(
int journal_file_set_offline(JournalFile *f, bool wait);
bool journal_file_is_offlining(JournalFile *f);
JournalFile* journal_file_close(JournalFile *j);
+int journal_file_fstat(JournalFile *f);
DEFINE_TRIVIAL_CLEANUP_FUNC(JournalFile*, journal_file_close);
int journal_file_open_reliably(
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index bced8af3e3..3fa98dfda2 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -2661,6 +2661,8 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) {
assert_return(!journal_pid_changed(j), -ECHILD);
if (j->inotify_fd < 0) {
+ Iterator i;
+ JournalFile *f;
/* This is the first invocation, hence create the
* inotify watch */
@@ -2668,6 +2670,19 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) {
if (r < 0)
return r;
+ /* Server might have done some vacuuming while we weren't watching.
+ Get rid of the deleted files now so they don't stay around indefinitely. */
+ ORDERED_HASHMAP_FOREACH(f, j->files, i) {
+ r = journal_file_fstat(f);
+ if (r < 0) {
+ log_debug_errno(r,"Failed to fstat() journal file '%s' : %m", f->path);
+ continue;
+ }
+
+ if (f->last_stat.st_nlink <= 0)
+ remove_file_real(j, f);
+ }
+
/* The journal might have changed since the context
* object was created and we weren't watching before,
* hence don't wait for anything, and return
--
2.19.1

145
seccomp-more-comprehensive-protection-against-libsec.patch
View File

@ -1,145 +0,0 @@
From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Nov 2019 17:51:30 +0100
Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
__NR_xyz namespace invasion
A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
same conditioning for all cases of our __NR_xyz use.
Fixes: #14031
---
src/basic/missing_syscall.h | 10 +++++-----
src/test/test-seccomp.c | 19 ++++++++++---------
2 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
index 6d9b125..1255d8b 100644
--- a/src/basic/missing_syscall.h
+++ b/src/basic/missing_syscall.h
@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
#if !HAVE_KCMP
static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
-# ifdef __NR_kcmp
+# if defined __NR_kcmp && __NR_kcmp > 0
return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
# else
errno = ENOSYS;
@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
#if !HAVE_KEYCTL
static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
-# ifdef __NR_keyctl
+# if defined __NR_keyctl && __NR_keyctl > 0
return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
# else
errno = ENOSYS;
@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
}
static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
-# ifdef __NR_add_key
+# if defined __NR_add_key && __NR_add_key > 0
return syscall(__NR_add_key, type, description, payload, plen, ringid);
# else
errno = ENOSYS;
@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
}
static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
-# ifdef __NR_request_key
+# if defined __NR_request_key && __NR_request_key > 0
return syscall(__NR_request_key, type, description, callout_info, destringid);
# else
errno = ENOSYS;
@@ -496,7 +496,7 @@ enum {
static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
unsigned long maxnode) {
long i;
-# ifdef __NR_set_mempolicy
+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
# else
errno = ENOSYS;
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 018c20f..c669204 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -28,7 +28,8 @@
#include "tmpfile-util.h"
#include "virt.h"
-#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
+/* __NR_socket may be invalid due to libseccomp */
+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
/* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
* and we can't restrict it hence via seccomp. */
# define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
assert_se(pid >= 0);
if (pid == 0) {
-#if __NR__sysctl > 0
+#if defined __NR__sysctl && __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
assert_se(errno == EFAULT);
#endif
assert_se(seccomp_protect_sysctl() >= 0);
-#if __NR__sysctl > 0
+#if defined __NR__sysctl && __NR__sysctl > 0
assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
assert_se(errno == EPERM);
#endif
@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
assert_se(poll(NULL, 0, 0) == 0);
assert_se(s = hashmap_new(NULL));
-#if SCMP_SYS(access) >= 0
+#if defined __NR_access && __NR_access > 0
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
#else
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
s = hashmap_free(s);
assert_se(s = hashmap_new(NULL));
-#if SCMP_SYS(access) >= 0
+#if defined __NR_access && __NR_access > 0
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
#else
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
s = hashmap_free(s);
assert_se(s = hashmap_new(NULL));
-#if SCMP_SYS(poll) >= 0
+#if defined __NR_poll && __NR_poll > 0
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
#else
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
s = hashmap_free(s);
assert_se(s = hashmap_new(NULL));
-#if SCMP_SYS(poll) >= 0
+#if defined __NR_poll && __NR_poll > 0
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
#else
assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
* testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
* other architectures, let's just fall back to the glibc call. */
-#ifdef SYS_open
- return (int) syscall(SYS_open, path, flags, mode);
+#if defined __NR_open && __NR_open > 0
+ return (int) syscall(__NR_open, path, flags, mode);
#else
return open(path, flags, mode);
#endif
--
1.8.3.1

BIN
systemd-243.tar.gz
View File

Binary file not shown.

BIN
systemd-246.tar.gz Normal file
View File

Binary file not shown.

52
systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch
View File

@ -1,52 +0,0 @@
From bec31cf5f0037dd049299e8665e03fc74024e357 Mon Sep 17 00:00:00 2001
From: Alin Popa <alin.popa@bmw.de>
Date: Fri, 14 Feb 2020 09:33:43 +0100
Subject: [PATCH] systemd: Fix busctl crash on aarch64 when setting output
table format
The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
An alternative solution would be to change the table_set_display() function
arguments to unsigned type.
---
src/busctl/busctl.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
index 5f3d5dd..b4e133f 100644
--- a/src/busctl/busctl.c
+++ b/src/busctl/busctl.c
@@ -212,9 +212,27 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
return log_error_errno(r, "Failed to set sort column: %m");
if (arg_show_machine)
- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, COLUMN_MACHINE, (size_t) -1);
+ r = table_set_display(table, (size_t) COLUMN_NAME,
+ (size_t) COLUMN_PID,
+ (size_t) COLUMN_PROCESS,
+ (size_t) COLUMN_USER,
+ (size_t) COLUMN_CONNECTION,
+ (size_t) COLUMN_UNIT,
+ (size_t) COLUMN_SESSION,
+ (size_t) COLUMN_DESCRIPTION,
+ (size_t) COLUMN_MACHINE,
+ (size_t) -1);
else
- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, (size_t) -1);
+ r = table_set_display(table, (size_t) COLUMN_NAME,
+ (size_t) COLUMN_PID,
+ (size_t) COLUMN_PROCESS,
+ (size_t) COLUMN_USER,
+ (size_t) COLUMN_CONNECTION,
+ (size_t) COLUMN_UNIT,
+ (size_t) COLUMN_SESSION,
+ (size_t) COLUMN_DESCRIPTION,
+ (size_t) -1);
+
if (r < 0)
return log_error_errno(r, "Failed to set columns to display: %m");
--
1.8.3.1

40
systemd-core-Close-and-free-dbus-when-bus-authentica.patch
View File

@ -1,40 +0,0 @@
From 1245ae05c6e2ca7a2af055f9c44f19a0db2971a5 Mon Sep 17 00:00:00 2001
From: yangbin <robin.yb@huawei.com>
Date: Thu, 15 Aug 2019 15:24:03 +0800
Subject: [PATCH 3/3] systemd-core: Close and free dbus when bus authenticating
timedout
1. when timedout happened on authenticating a private dbus(can be established by systemctl command),
this dbus will never be freed and closed, and will left on systemd permanently even through the client
(for example, systemctl command) has closed the connection. This is because when timedout happend,
the event and also the timer to watch dbus actions is disabled by sd_event_source_set_enabled
from source_dispatch function, and systemd can do nothing on it since this dbus will not be activated again.
2. If a private dbus staying on authenticating state, and when systemd sends a signal message, it will also
add this message to the message write queue of this bus and will never send it out because the dbus is not in running.
systemd does this for it believe that the bus will change from authenticating to running sometime, but actually it will not.
3. When many private dbuses are left as authenticating and many signal messages are sent from dbus, it will eat up our memory
to hold these dbuses and messages, and memory usage of systemd will grow very fast.
4. This patch fix this problem by closing and freeing the dbus when authenticating timedout.
---
src/libsystemd/sd-bus/sd-bus.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 05cb4c3..65cf449 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -2946,6 +2946,11 @@ static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priorit
if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) {
bus_enter_closing(bus);
r = 1;
+ } else if(r == -ETIMEDOUT && !bus->is_system) {
+ /*close dbus directly when timedout happened and it is a private dbus*/
+ log_info("Private bus is closed due authentication timedout.");
+ bus_enter_closing(bus);
+ r = 1;
} else if (r < 0)
return r;
--
2.17.1

167
systemd.spec
View File

@ -13,10 +13,14 @@
%global efi_arch x64
%endif
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
%endif
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 243
Release: 23
Version: 246
Release: 1
License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager
@ -44,62 +48,36 @@ Source105: rule_generator.functions
Source106: write_net_rules
Source107: detect_virt
Patch0001: 0001-udev-use-bfq-as-the-default-scheduler.patch
Patch0002: 0001-udev-ignore-error-caused-by-device-disconnection.patch
Patch0003: 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch
Patch0004: 0001-core-dont-check-potentially-NULL-error.patch
Patch0005: 0001-core-shorten-code-a-bit.patch
Patch0006: 0001-core-no-need-to-eat-up-error.patch
Patch0007: 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch
Patch0008: 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch
Patch0009: 1605-update-rtc-with-system-clock-when-shutdown.patch
Patch0010: 1603-udev-add-actions-while-rename-netif-failed.patch
Patch0011: CVE-2020-1712-1.patch
Patch0012: CVE-2020-1712-2.patch
Patch0013: CVE-2020-1712-3.patch
Patch0014: CVE-2020-1712-4.patch
Patch0015: CVE-2020-1712-5.patch
Patch0016: sd-journal-close-journal-files-that-were-deleted-by-.patch
Patch0017: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
Patch0018: fix-two-VF-virtual-machines-have-same-mac-address.patch
Patch0019: logind-set-RemoveIPC-to-false-by-default.patch
Patch0020: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
Patch0021: unit-don-t-add-Requires-for-tmp.mount.patch
Patch0022: Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch
Patch2023: rules-add-elevator-kernel-command-line-parameter.patch
Patch2024: rules-add-the-rule-that-adds-elevator-kernel-command.patch
Patch2025: units-add-Install-section-to-tmp.mount.patch
Patch0026: Make-systemd-udevd.service-start-after-systemd-remou.patch
Patch0027: udev-virsh-shutdown-vm.patch
Patch0028: fix-fd-leak-in-no-memory-condition.patch
Patch0029: dbus-execute-avoid-extra-strdup.patch
Patch0030: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch0031: sd-bus-properly-initialize-containers.patch
Patch0032: Revert-core-one-step-back-again-for-nspawn-we-actual.patch
Patch0033: journal-don-t-enable-systemd-journald-audit.socket-b.patch
Patch0001: 1605-update-rtc-with-system-clock-when-shutdown.patch
Patch0002: 1603-udev-add-actions-while-rename-netif-failed.patch
Patch0003: fix-two-VF-virtual-machines-have-same-mac-address.patch
Patch0004: logind-set-RemoveIPC-to-false-by-default.patch
Patch0005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch
Patch0006: unit-don-t-add-Requires-for-tmp.mount.patch
Patch0007: rules-add-elevator-kernel-command-line-parameter.patch
Patch0008: rules-add-the-rule-that-adds-elevator-kernel-command.patch
Patch0009: units-add-Install-section-to-tmp.mount.patch
Patch0010: Make-systemd-udevd.service-start-after-systemd-remou.patch
Patch0011: udev-virsh-shutdown-vm.patch
Patch0012: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch0013: sd-bus-properly-initialize-containers.patch
Patch0014: Revert-core-one-step-back-again-for-nspawn-we-actual.patch
Patch0015: journal-don-t-enable-systemd-journald-audit.socket-b.patch
# The patch of 0026~0029 resolve the pid1 memory leaks
Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch
Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch
Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch
Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch
Patch0038: systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch
Patch0039: seccomp-more-comprehensive-protection-against-libsec.patch
## The patch of 0026~0029 resolve the pid1 memory leaks
#Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch
#Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch
#Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch
#Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch
#openEuler
Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch
Patch9003: 1602-activation-service-must-be-restarted-when-reactivated.patch
Patch9004: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch
#Patch9004: 1612-serialize-pids-for-scope-when-not-started.patch
#Patch9005: 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch
Patch9007: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch
Patch9008: 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch
#Patch9006: core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch
#Patch9009: systemd-core-Close-and-free-dbus-when-bus-authentica.patch
Patch9009: systemd-change-time-log-level.patch
Patch9010: fix-capsh-drop-but-ping-success.patch
Patch9011: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch9001: 1509-fix-journal-file-descriptors-leak-problems.patch
Patch9002: 1602-activation-service-must-be-restarted-when-reactivated.patch
Patch9003: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch
Patch9004: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch
Patch9005: systemd-change-time-log-level.patch
Patch9006: fix-capsh-drop-but-ping-success.patch
Patch9007: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
BuildRequires: gcc, gcc-c++
BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel
@ -111,8 +89,14 @@ BuildRequires: gnutls-devel, qrencode-devel, libmicrohttpd-devel, libxkbcommon-
BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf
BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18
BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel
%if 0%{?have_gnu_efi}
BuildRequires: gnu-efi gnu-efi-devel
BuildRequires: valgrind-devel, util-linux
%endif
%ifarch %{valgrind_arches}
BuildRequires: valgrind-devel
%endif
BuildRequires: util-linux
Requires: %{name}-libs = %{version}-%{release}
Requires(post): coreutils
@ -280,7 +264,9 @@ CONFIGURE_OPTS=(
-Dlibiptc=true
-Dlibcurl=true
-Defi=true
%if 0%{?have_gnu_efi}
-Dgnu-efi=true
%endif
-Dtpm=true
-Dhwdb=true
-Dsysusers=true
@ -706,6 +692,7 @@ fi
%files -f %{name}.lang
%doc %{_pkgdocdir}
%exclude /usr/lib/systemd/tests
%exclude %{_pkgdocdir}/LICENSE.*
%license LICENSE.GPL2 LICENSE.LGPL2.1
%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants
@ -857,6 +844,7 @@ fi
/usr/bin/systemd-sysusers
/usr/bin/systemd-tty-ask-password-agent
/usr/bin/busctl
/usr/bin/userdbctl
%dir /usr/lib/environment.d
%dir /usr/lib/binfmt.d
%dir /usr/lib/tmpfiles.d
@ -896,7 +884,7 @@ fi
%dir %{_systemddir}/user-environment-generators
%{_systemddir}/systemd-shutdown
%{_systemddir}/systemd-portabled
%{_systemddir}/libsystemd-shared-243.so
%{_systemddir}/libsystemd-shared-245.so
%{_systemddir}/systemd-reply-password
%dir %{_systemddir}/system-generators
%dir %{_systemddir}/system
@ -1116,6 +1104,16 @@ fi
%{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket
%{_unitdir}/sockets.target.wants/systemd-journald.socket
%{_unitdir}/sockets.target.wants/systemd-initctl.socket
%{_unitdir}/blockdev@.target
%{_unitdir}/sys-kernel-tracing.mount
%{_unitdir}/sysinit.target.wants/sys-kernel-tracing.mount
%{_unitdir}/system-systemd\x2dcryptsetup.slice
%{_unitdir}/systemd-journald-varlink@.socket
%{_unitdir}/systemd-journald@.service
%{_unitdir}/systemd-journald@.socket
%{_unitdir}/systemd-userdbd.service
%{_unitdir}/systemd-userdbd.socket
%{_unitdir}/modprobe@.service
%{_systemddir}/system-generators/systemd-fstab-generator
%{_systemddir}/system-generators/systemd-sysv-generator
%{_systemddir}/system-generators/systemd-rc-local-generator
@ -1144,7 +1142,12 @@ fi
%{_userunitdir}/systemd-tmpfiles-clean.timer
%{_userunitdir}/sockets.target
%{_userunitdir}/smartcard.target
%{_systemddir}/systemd-userdbd
%{_systemddir}/systemd-userwork
%{_systemddir}/network/80-container-host0.network
%{_systemddir}/network/80-wifi-adhoc.network
%{_systemddir}/network/80-wifi-ap.network.example
%{_systemddir}/network/80-wifi-station.network.example
%{_systemddir}/catalog/systemd.fr.catalog
%{_systemddir}/catalog/systemd.be.catalog
%{_systemddir}/catalog/systemd.bg.catalog
@ -1157,6 +1160,9 @@ fi
%{_systemddir}/catalog/systemd.zh_TW.catalog
%{_systemddir}/catalog/systemd.ru.catalog
%{_systemddir}/catalog/systemd.catalog
%{_systemddir}/systemd-xdg-autostart-condition
%{_systemddir}/user-generators/systemd-xdg-autostart-generator
%{_systemddir}/user/xdg-desktop-autostart.target
/usr/lib/sysctl.d/50-coredump.conf
/usr/lib/sysctl.d/50-default.conf
/usr/lib/sysctl.d/50-pid-max.conf
@ -1172,6 +1178,7 @@ fi
/usr/lib/tmpfiles.d/legacy.conf
/usr/lib/tmpfiles.d/static-nodes-permissions.conf
/usr/lib/tmpfiles.d/var.conf
/usr/lib/tmpfiles.d/systemd-pstore.conf
/usr/lib/environment.d/99-environment.conf
%ghost %config(noreplace) /etc/localtime
%dir /etc/rc.d
@ -1209,17 +1216,17 @@ fi
%dir /etc/xdg/systemd
%config(noreplace) /etc/xdg/systemd/user
/usr/lib64/security/pam_systemd.so
%{_libdir}/security/pam_systemd.so
/usr/lib/rpm/macros.d/macros.systemd
%files libs
/usr/lib64/libnss_systemd.so.2
/usr/lib64/libnss_resolve.so.2
/usr/lib64/libnss_myhostname.so.2
/usr/lib64/libsystemd.so.0
/usr/lib64/libsystemd.so.0.27.0
/usr/lib64/libudev.so.1
/usr/lib64/libudev.so.1.6.15
%{_libdir}/libnss_systemd.so.2
%{_libdir}/libnss_resolve.so.2
%{_libdir}/libnss_myhostname.so.2
%{_libdir}/libsystemd.so.0
%{_libdir}/libsystemd.so.*
%{_libdir}/libudev.so.1
%{_libdir}/libudev.so.*
%files devel
/usr/share/man/man3/*
@ -1237,10 +1244,11 @@ fi
/usr/include/systemd/sd-id128.h
/usr/include/systemd/sd-bus.h
/usr/include/systemd/sd-login.h
/usr/lib64/libudev.so
/usr/lib64/libsystemd.so
/usr/lib64/pkgconfig/libsystemd.pc
/usr/lib64/pkgconfig/libudev.pc
/usr/include/systemd/sd-path.h
%{_libdir}/libudev.so
%{_libdir}/libsystemd.so
%{_libdir}/pkgconfig/libsystemd.pc
%{_libdir}/pkgconfig/libudev.pc
%files udev
%ghost %dir /var/lib/systemd/backlight
@ -1265,7 +1273,6 @@ fi
%dir /usr/lib/udev
%dir /usr/lib/kernel
%dir /usr/lib/modules-load.d
%dir %{_systemddir}/boot
%{_systemddir}/systemd-timesyncd
%{_systemddir}/systemd-growfs
%{_systemddir}/systemd-modules-load
@ -1329,9 +1336,12 @@ fi
%{_systemddir}/system-generators/systemd-hibernate-resume-generator
%{_systemddir}/system-generators/systemd-gpt-auto-generator
%{_systemddir}/ntp-units.d/80-systemd-timesync.list
%if 0%{?have_gnu_efi}
%dir %{_systemddir}/boot
%dir %{_systemddir}/boot/efi
%{_systemddir}/boot/efi/systemd-boot%{efi_arch}.efi
%{_systemddir}/boot/efi/linux%{efi_arch}.efi.stub
%endif
%{_systemddir}/network/99-default.link
%dir /usr/lib/kernel/install.d
/usr/lib/kernel/install.d/20-grubby.install
@ -1344,6 +1354,7 @@ fi
/usr/lib/udev/cdrom_id
/usr/lib/udev/mtd_probe
/usr/lib/udev/scsi_id
/usr/lib/udev/fido_id
%dir /usr/lib/udev/hwdb.d
%{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb
%{_udevhwdbdir}/70-touchpad.hwdb
@ -1363,6 +1374,7 @@ fi
%{_udevhwdbdir}/70-joystick.hwdb
%{_udevhwdbdir}/60-sensor.hwdb
%{_udevhwdbdir}/70-mouse.hwdb
%{_udevhwdbdir}/60-input-id.hwdb
%{_udevrulesdir}/40-openEuler.rules
%{_udevrulesdir}/40-elevator.rules
%{_udevrulesdir}/73-idrac.rules
@ -1381,7 +1393,6 @@ fi
%{_udevrulesdir}/60-persistent-v4l.rules
%{_udevrulesdir}/70-joystick.rules
%{_udevrulesdir}/70-power-switch.rules
%{_udevrulesdir}/60-block-scheduler.rules
%{_udevrulesdir}/60-persistent-storage.rules
%{_udevrulesdir}/80-net-setup-link.rules
%{_udevrulesdir}/60-evdev.rules
@ -1395,6 +1406,9 @@ fi
%{_udevrulesdir}/99-systemd.rules
%{_udevrulesdir}/60-persistent-storage-tape.rules
%{_udevrulesdir}/50-udev-default.rules
%{_udevrulesdir}/60-autosuspend-chromiumos.rules
%{_udevrulesdir}/60-fido-id.rules
%{_udevrulesdir}/61-autosuspend-manual.rules
/usr/lib/modprobe.d/systemd.conf
%ghost %config(noreplace) /etc/vconsole.conf
%dir /etc/udev
@ -1415,11 +1429,13 @@ fi
/usr/share/zsh/site-functions/_systemd-nspawn
/usr/share/dbus-1/system-services/org.freedesktop.import1.service
/usr/share/dbus-1/system-services/org.freedesktop.machine1.service
/usr/share/dbus-1/services/org.freedesktop.systemd1.service
/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service
/usr/share/dbus-1/system.d/org.freedesktop.import1.conf
/usr/share/dbus-1/system.d/org.freedesktop.machine1.conf
/usr/share/polkit-1/actions/org.freedesktop.import1.policy
/usr/share/polkit-1/actions/org.freedesktop.machine1.policy
/usr/lib64/libnss_mymachines.so.2
%{_libdir}/libnss_mymachines.so.2
/usr/bin/machinectl
/usr/bin/systemd-nspawn
%{_systemddir}/systemd-import
@ -1441,6 +1457,7 @@ fi
%{_unitdir}/remote-fs.target.wants/var-lib-machines.mount
%{_systemddir}/network/80-container-vz.network
%{_systemddir}/network/80-container-ve.network
%{_systemddir}/network/80-vm-vt.network
/usr/lib/tmpfiles.d/systemd-nspawn.conf
%files journal-remote
@ -1478,6 +1495,12 @@ fi
%exclude /usr/share/man/man3/*
%changelog
* Fri Jun 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:Update to release 246
* Thu May 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-23
- Type:enhancement
- ID:NA

8
units-add-Install-section-to-tmp.mount.patch
View File

@ -9,17 +9,17 @@ Resolves: #1667065
1 file changed, 4 insertions(+)
diff --git a/units/tmp.mount b/units/tmp.mount
index 742d863..b558047 100644
index 7066e52261..b3966dfd37 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount
@@ -22,3 +22,7 @@ What=tmpfs
@@ -23,3 +23,7 @@ What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,nosuid,nodev
Options=mode=1777,strictatime,nosuid,nodev,size=10%,nr_inodes=400k
+
+# Make 'systemctl enable tmp.mount' work:
+[Install]
+WantedBy=local-fs.target
--
1.8.3.1
2.23.0