diff --git a/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch b/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch deleted file mode 100644 index eb7d1c1f18632415c8ccef564bb753310df4cbf7..0000000000000000000000000000000000000000 --- a/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch +++ /dev/null @@ -1,108 +0,0 @@ -From a5b07847950c603605acf85b472b210cd2da40fb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:48:18 +0100 -Subject: [PATCH] core: create/remove unit bus name slots always together - -When a service unit watches a bus name (i.e. because of BusName= being -set), then we do two things: we install a match slot to watch how its -ownership changes, and we inquire about the current owner. Make sure we -always do both together or neither. - -This in particular fixes a corner-case memleak when destroying bus -connections, since we never freed the GetNameOwner() bus slots when -destroying a bus when they were still ongoing. ---- - src/core/dbus.c | 11 ++++------- - src/core/unit.c | 32 +++++++++++++++++++++----------- - 2 files changed, 25 insertions(+), 18 deletions(-) - -diff --git a/src/core/dbus.c b/src/core/dbus.c -index 3c40f29..cef1789 100644 ---- a/src/core/dbus.c -+++ b/src/core/dbus.c -@@ -1051,13 +1051,10 @@ static void destroy_bus(Manager *m, sd_bus **bus) { - - /* Make sure all bus slots watching names are released. */ - HASHMAP_FOREACH(u, m->watch_bus, i) { -- if (!u->match_bus_slot) -- continue; -- -- if (sd_bus_slot_get_bus(u->match_bus_slot) != *bus) -- continue; -- -- u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ if (u->match_bus_slot && sd_bus_slot_get_bus(u->match_bus_slot) == *bus) -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ if (u->get_name_owner_slot && sd_bus_slot_get_bus(u->get_name_owner_slot) == *bus) -+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - } - - /* Get rid of tracked clients on this bus */ -diff --git a/src/core/unit.c b/src/core/unit.c -index 5cf16c6..8781132 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3238,12 +3238,13 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) { - const char *match; -+ int r; - - assert(u); - assert(bus); - assert(name); - -- if (u->match_bus_slot) -+ if (u->match_bus_slot || u->get_name_owner_slot) - return -EBUSY; - - match = strjoina("type='signal'," -@@ -3253,19 +3254,27 @@ int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) { - "member='NameOwnerChanged'," - "arg0='", name, "'"); - -- int r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u); -+ r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u); - if (r < 0) - return r; - -- return sd_bus_call_method_async(bus, -- &u->get_name_owner_slot, -- "org.freedesktop.DBus", -- "/org/freedesktop/DBus", -- "org.freedesktop.DBus", -- "GetNameOwner", -- get_name_owner_handler, -- u, -- "s", name); -+ r = sd_bus_call_method_async( -+ bus, -+ &u->get_name_owner_slot, -+ "org.freedesktop.DBus", -+ "/org/freedesktop/DBus", -+ "org.freedesktop.DBus", -+ "GetNameOwner", -+ get_name_owner_handler, -+ u, -+ "s", name); -+ if (r < 0) { -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ return r; -+ } -+ -+ log_unit_debug(u, "Watching D-Bus name '%s'.", name); -+ return 0; - } - - int unit_watch_bus_name(Unit *u, const char *name) { -@@ -3288,6 +3297,7 @@ int unit_watch_bus_name(Unit *u, const char *name) { - r = hashmap_put(u->manager->watch_bus, name, u); - if (r < 0) { - u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - return log_warning_errno(r, "Failed to put bus name to hashmap: %m"); - } - --- -1.8.3.1 - diff --git a/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch b/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch deleted file mode 100644 index dead4f2b9d026a369eea4e52bb2d29604ff4ac72..0000000000000000000000000000000000000000 --- a/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 42837b8134844c1d08014e480f9497d165c57ef6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:31:48 +0100 -Subject: [PATCH] core: don't check error parameter of get_name_owner_handler() - -It's a *return* parameter, not an input parameter. Yes, this is a bit -confusing for method call replies, but we try to use the same message -handler for all incoming messages, hence the parameter. We are supposed -to write any error into it we encounter, if we want, and our caller will -log it, but that's it. ---- - src/core/unit.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 03b4b57..c54abe9 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3218,11 +3218,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - -- if (sd_bus_error_is_set(error)) { -- log_error("Failed to get name owner from bus: %s", error->message); -- return 0; -- } -- - e = sd_bus_message_get_error(message); - if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) - return 0; --- -1.8.3.1 - diff --git a/0001-core-dont-check-potentially-NULL-error.patch b/0001-core-dont-check-potentially-NULL-error.patch deleted file mode 100644 index b3b60d4ceaddedc674d85ace50200e4b408e677a..0000000000000000000000000000000000000000 --- a/0001-core-dont-check-potentially-NULL-error.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a54654ba700b1fc6f5cc92e88e2c5544fd7ad2fd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:15 +0100 -Subject: [PATCH] core: don't check potentially NULL error, it's not gonna work - anyway - ---- - src/core/unit.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index c54abe9..7ea0e8a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3219,11 +3219,10 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - - e = sd_bus_message_get_error(message); -- if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -- return 0; -- - if (e) { -- log_error("Unexpected error response from GetNameOwner: %s", e->message); -+ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -+ log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); -+ - return 0; - } - --- -1.8.3.1 - diff --git a/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch b/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch deleted file mode 100644 index 6ed1791c28c02b0e6f844f57b3c89a7d30eae304..0000000000000000000000000000000000000000 --- a/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch +++ /dev/null @@ -1,331 +0,0 @@ -From fc67a943d989d5e74577adea9676cdc7928b08fc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 17:31:34 +0100 -Subject: [PATCH] core: drop initial ListNames() bus call from PID 1 - -Previously, when first connecting to the bus after connecting to it we'd -issue a ListNames() bus call to the driver to figure out which bus names -are currently active. This information was then used to initialize the -initial state for services that use BusName=. - -This change removes the whole code for this and replaces it with -something vastly simpler. - -First of all, the ListNames() call was issues synchronosuly, which meant -if dbus was for some reason synchronously calling into PID1 for some -reason we'd deadlock. As it turns out there's now a good chance it does: -the nss-systemd userdb hookup means that any user dbus-daemon resolves -might result in a varlink call into PID 1, and dbus resolves quite a lot -of users while parsing its policy. My original goal was to fix this -deadlock. - -But as it turns out we don't need the ListNames() call at all anymore, -since #12957 has been merged. That PR was supposed to fix a race where -asynchronous installation of bus matches would cause us missing the -initial owner of a bus name when a service is first started. It fixed it -(correctly) by enquiring with GetOwnerName() who currently owns the -name, right after installing the match. But this means whenever we start watching a bus name we anyway -issue a GetOwnerName() for it, and that means also when first connecting -to the bus we don't need to issue ListNames() anymore since that just -tells us the same info: which names are currently owned. - -hence, let's drop ListNames() and instead make better use of the -GetOwnerName() result: if it failed the name is not owned. - -Also, while we are at it, let's simplify the unit's owner_name_changed() -callback(): let's drop the "old_owner" argument. We never used that -besides logging, and it's hard to synthesize from just the return of a -GetOwnerName(), hence don't bother. ---- - src/core/dbus.c | 112 ----------------------------------------------------- - src/core/dbus.h | 2 - - src/core/manager.c | 4 -- - src/core/manager.h | 2 - - src/core/service.c | 15 ++----- - src/core/unit.c | 23 ++++++----- - src/core/unit.h | 2 +- - 7 files changed, 16 insertions(+), 144 deletions(-) - -diff --git a/src/core/dbus.c b/src/core/dbus.c -index cef1789..941219f 100644 ---- a/src/core/dbus.c -+++ b/src/core/dbus.c -@@ -719,114 +719,6 @@ static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void - return 0; - } - --static int manager_dispatch_sync_bus_names(sd_event_source *es, void *userdata) { -- _cleanup_strv_free_ char **names = NULL; -- Manager *m = userdata; -- const char *name; -- Iterator i; -- Unit *u; -- int r; -- -- assert(es); -- assert(m); -- assert(m->sync_bus_names_event_source == es); -- -- /* First things first, destroy the defer event so that we aren't triggered again */ -- m->sync_bus_names_event_source = sd_event_source_unref(m->sync_bus_names_event_source); -- -- /* Let's see if there's anything to do still? */ -- if (!m->api_bus) -- return 0; -- if (hashmap_isempty(m->watch_bus)) -- return 0; -- -- /* OK, let's sync up the names. Let's see which names are currently on the bus. */ -- r = sd_bus_list_names(m->api_bus, &names, NULL); -- if (r < 0) -- return log_error_errno(r, "Failed to get initial list of names: %m"); -- -- /* We have to synchronize the current bus names with the -- * list of active services. To do this, walk the list of -- * all units with bus names. */ -- HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) { -- Service *s = SERVICE(u); -- -- assert(s); -- -- if (!streq_ptr(s->bus_name, name)) { -- log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name); -- continue; -- } -- -- /* Check if a service's bus name is in the list of currently -- * active names */ -- if (strv_contains(names, name)) { -- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; -- const char *unique; -- -- /* If it is, determine its current owner */ -- r = sd_bus_get_name_creds(m->api_bus, name, SD_BUS_CREDS_UNIQUE_NAME, &creds); -- if (r < 0) { -- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get bus name owner %s: %m", name); -- continue; -- } -- -- r = sd_bus_creds_get_unique_name(creds, &unique); -- if (r < 0) { -- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get unique name for %s: %m", name); -- continue; -- } -- -- /* Now, let's compare that to the previous bus owner, and -- * if it's still the same, all is fine, so just don't -- * bother the service. Otherwise, the name has apparently -- * changed, so synthesize a name owner changed signal. */ -- -- if (!streq_ptr(unique, s->bus_name_owner)) -- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, unique); -- } else { -- /* So, the name we're watching is not on the bus. -- * This either means it simply hasn't appeared yet, -- * or it was lost during the daemon reload. -- * Check if the service has a stored name owner, -- * and synthesize a name loss signal in this case. */ -- -- if (s->bus_name_owner) -- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, NULL); -- } -- } -- -- return 0; --} -- --int manager_enqueue_sync_bus_names(Manager *m) { -- int r; -- -- assert(m); -- -- /* Enqueues a request to synchronize the bus names in a later event loop iteration. The callers generally don't -- * want us to invoke ->bus_name_owner_change() unit calls from their stack frames as this might result in event -- * dispatching on its own creating loops, hence we simply create a defer event for the event loop and exit. */ -- -- if (m->sync_bus_names_event_source) -- return 0; -- -- r = sd_event_add_defer(m->event, &m->sync_bus_names_event_source, manager_dispatch_sync_bus_names, m); -- if (r < 0) -- return log_error_errno(r, "Failed to create bus name synchronization event: %m"); -- -- r = sd_event_source_set_priority(m->sync_bus_names_event_source, SD_EVENT_PRIORITY_IDLE); -- if (r < 0) -- return log_error_errno(r, "Failed to set event priority: %m"); -- -- r = sd_event_source_set_enabled(m->sync_bus_names_event_source, SD_EVENT_ONESHOT); -- if (r < 0) -- return log_error_errno(r, "Failed to set even to oneshot: %m"); -- -- (void) sd_event_source_set_description(m->sync_bus_names_event_source, "manager-sync-bus-names"); -- return 0; --} -- - static int bus_setup_api(Manager *m, sd_bus *bus) { - Iterator i; - char *name; -@@ -910,10 +802,6 @@ int bus_init_api(Manager *m) { - - m->api_bus = TAKE_PTR(bus); - -- r = manager_enqueue_sync_bus_names(m); -- if (r < 0) -- return r; -- - return 0; - } - -diff --git a/src/core/dbus.h b/src/core/dbus.h -index f1c0fa8..d5ba653 100644 ---- a/src/core/dbus.h -+++ b/src/core/dbus.h -@@ -21,8 +21,6 @@ int bus_fdset_add_all(Manager *m, FDSet *fds); - void bus_track_serialize(sd_bus_track *t, FILE *f, const char *prefix); - int bus_track_coldplug(Manager *m, sd_bus_track **t, bool recursive, char **l); - --int manager_enqueue_sync_bus_names(Manager *m); -- - int bus_foreach_bus(Manager *m, sd_bus_track *subscribed2, int (*send_message)(sd_bus *bus, void *userdata), void *userdata); - - int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error); -diff --git a/src/core/manager.c b/src/core/manager.c -index 171ff04..dbd25af 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1373,7 +1373,6 @@ Manager* manager_free(Manager *m) { - sd_event_source_unref(m->jobs_in_progress_event_source); - sd_event_source_unref(m->run_queue_event_source); - sd_event_source_unref(m->user_lookup_event_source); -- sd_event_source_unref(m->sync_bus_names_event_source); - - safe_close(m->signal_fd); - safe_close(m->notify_fd); -@@ -1610,9 +1609,6 @@ static void manager_ready(Manager *m) { - manager_recheck_journal(m); - manager_recheck_dbus(m); - -- /* Sync current state of bus names with our set of listening units */ -- (void) manager_enqueue_sync_bus_names(m); -- - /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ - manager_catchup(m); - -diff --git a/src/core/manager.h b/src/core/manager.h -index 51df7f8..8ca8e38 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -219,8 +219,6 @@ struct Manager { - int user_lookup_fds[2]; - sd_event_source *user_lookup_event_source; - -- sd_event_source *sync_bus_names_event_source; -- - UnitFileScope unit_file_scope; - LookupPaths lookup_paths; - Hashmap *unit_id_map; -diff --git a/src/core/service.c b/src/core/service.c -index 49ad166..447c7af 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -4062,24 +4062,17 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { - return 1; - } - --static void service_bus_name_owner_change( -- Unit *u, -- const char *old_owner, -- const char *new_owner) { -+static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - - Service *s = SERVICE(u); - int r; - - assert(s); - -- assert(old_owner || new_owner); -- -- if (old_owner && new_owner) -- log_unit_debug(u, "D-Bus name %s changed owner from %s to %s", s->bus_name, old_owner, new_owner); -- else if (old_owner) -- log_unit_debug(u, "D-Bus name %s no longer registered by %s", s->bus_name, old_owner); -+ if (new_owner) -+ log_unit_debug(u, "D-Bus name %s now owned by %s", s->bus_name, new_owner); - else -- log_unit_debug(u, "D-Bus name %s now registered by %s", s->bus_name, new_owner); -+ log_unit_debug(u, "D-Bus name %s now not owned by anyone.", s->bus_name); - - s->bus_name_good = !!new_owner; - -diff --git a/src/core/unit.c b/src/core/unit.c -index 8781132..e137acc 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3185,24 +3185,21 @@ int unit_load_related_unit(Unit *u, const char *type, Unit **_found) { - } - - static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) { -- const char *name, *old_owner, *new_owner; -+ const char *new_owner; - Unit *u = userdata; - int r; - - assert(message); - assert(u); - -- r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner); -+ r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner); - if (r < 0) { - bus_log_parse_error(r); - return 0; - } - -- old_owner = empty_to_null(old_owner); -- new_owner = empty_to_null(new_owner); -- - if (UNIT_VTABLE(u)->bus_name_owner_change) -- UNIT_VTABLE(u)->bus_name_owner_change(u, old_owner, new_owner); -+ UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner)); - - return 0; - } -@@ -3223,15 +3220,17 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) - log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); - -- return 0; -- } -+ new_owner = NULL; -+ } else { -+ r = sd_bus_message_read(message, "s", &new_owner); -+ if (r < 0) -+ return bus_log_parse_error(r); - -- r = sd_bus_message_read(message, "s", &new_owner); -- if (r < 0) -- return bus_log_parse_error(r); -+ assert(!isempty(new_owner)); -+ } - - if (UNIT_VTABLE(u)->bus_name_owner_change) -- UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); -+ UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner); - - return 0; - } -diff --git a/src/core/unit.h b/src/core/unit.h -index c5d8170..4410014 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -530,7 +530,7 @@ typedef struct UnitVTable { - void (*notify_message)(Unit *u, const struct ucred *ucred, char **tags, FDSet *fds); - - /* Called whenever a name this Unit registered for comes or goes away. */ -- void (*bus_name_owner_change)(Unit *u, const char *old_owner, const char *new_owner); -+ void (*bus_name_owner_change)(Unit *u, const char *new_owner); - - /* Called for each property that is being set */ - int (*bus_set_property)(Unit *u, const char *name, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); --- -1.8.3.1 - diff --git a/0001-core-no-need-to-eat-up-error.patch b/0001-core-no-need-to-eat-up-error.patch deleted file mode 100644 index b0f8368ccf1116ef628053f8c702e254ef5f0f6f..0000000000000000000000000000000000000000 --- a/0001-core-no-need-to-eat-up-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5085ef0d711f1faaacddaf5519daeb150794ea99 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:44 +0100 -Subject: [PATCH] core: no need to eat up error - -This is a method call reply. We might as well propagate the error. The -worst that happens is that sd-bus logs about it. ---- - src/core/unit.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index be92d97..5cf16c6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3227,10 +3227,8 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - } - - r = sd_bus_message_read(message, "s", &new_owner); -- if (r < 0) { -- bus_log_parse_error(r); -- return 0; -- } -+ if (r < 0) -+ return bus_log_parse_error(r); - - if (UNIT_VTABLE(u)->bus_name_owner_change) - UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); --- -1.8.3.1 - diff --git a/0001-core-shorten-code-a-bit.patch b/0001-core-shorten-code-a-bit.patch deleted file mode 100644 index 765434c5de9757e557c4e6a9f74a15dbb31456a9..0000000000000000000000000000000000000000 --- a/0001-core-shorten-code-a-bit.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 17bda1f19d5394290d7552d9db0c423b207dc40a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:28 +0100 -Subject: [PATCH] core: shorten code a bit - -The return parameter here cannot be NULL, the bus call either succeeds -or fails but will never uceed and return an empty owner. ---- - src/core/unit.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 7ea0e8a..be92d97 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3232,8 +3232,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - return 0; - } - -- new_owner = empty_to_null(new_owner); -- - if (UNIT_VTABLE(u)->bus_name_owner_change) - UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); - --- -1.8.3.1 - diff --git a/0001-udev-ignore-error-caused-by-device-disconnection.patch b/0001-udev-ignore-error-caused-by-device-disconnection.patch deleted file mode 100644 index 26336b49a4a8ab6b5c860226aac42bd4af7de323..0000000000000000000000000000000000000000 --- a/0001-udev-ignore-error-caused-by-device-disconnection.patch +++ /dev/null @@ -1,71 +0,0 @@ -From b64b83d13eedfdfc616c16c4a108ef28bf6d3b33 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 12 Nov 2019 14:58:25 +0900 -Subject: [PATCH] udev: ignore error caused by device disconnection - -During an add or change event, the device may be disconnected. - -Fixes #13976. ---- - src/udev/udev-node.c | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 2d72570..a34b8d6 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -296,8 +296,11 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - else - mode |= S_IFCHR; - -- if (lstat(devnode, &stats) < 0) -+ if (lstat(devnode, &stats) < 0) { -+ if (errno == ENOENT) -+ return 0; /* this is necessarily racey, so ignore missing the device */ - return log_device_debug_errno(dev, errno, "cannot stat() node %s: %m", devnode); -+ } - - if ((mode != MODE_INVALID && (stats.st_mode & S_IFMT) != (mode & S_IFMT)) || stats.st_rdev != devnum) - return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -@@ -322,11 +325,13 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - r = chmod_and_chown(devnode, mode, uid, gid); - if (r < 0) -- log_device_warning_errno(dev, r, "Failed to set owner/mode of %s to uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m", -- devnode, -- uid_is_valid(uid) ? uid : stats.st_uid, -- gid_is_valid(gid) ? gid : stats.st_gid, -- mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777); -+ log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, -+ "Failed to set owner/mode of %s to uid=" UID_FMT -+ ", gid=" GID_FMT ", mode=%#o: %m", -+ devnode, -+ uid_is_valid(uid) ? uid : stats.st_uid, -+ gid_is_valid(gid) ? gid : stats.st_gid, -+ mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777); - } else - log_device_debug(dev, "Preserve permissions of %s, uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o", - devnode, -@@ -343,7 +348,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - q = mac_selinux_apply(devnode, label); - if (q < 0) -- log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label); -+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q, -+ "SECLABEL: failed to set SELinux label '%s': %m", label); - else - log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label); - -@@ -352,7 +358,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label); - if (q < 0) -- log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label); -+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q, -+ "SECLABEL: failed to set SMACK label '%s': %m", label); - else - log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label); - --- -1.8.3.1 - diff --git a/0001-udev-use-bfq-as-the-default-scheduler.patch b/0001-udev-use-bfq-as-the-default-scheduler.patch deleted file mode 100644 index bbb294b37e289629797c348265a79e72c6c2b7a3..0000000000000000000000000000000000000000 --- a/0001-udev-use-bfq-as-the-default-scheduler.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5ab4d083dbe0a1ae095875c4af6ac26749b67211 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Aug 2019 15:57:42 +0200 -Subject: [PATCH] udev: use bfq as the default scheduler - -As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. -Test results are that bfq seems to behave better and more consistently on -typical hardware. The kernel does not have a configuration option to set -the default scheduler, and it currently needs to be set by userspace. - -See the bug for more discussion and links. ---- - rules/60-block-scheduler.rules | 5 +++++ - rules/meson.build | 1 + - 2 files changed, 6 insertions(+) - create mode 100644 rules/60-block-scheduler.rules - -diff --git a/rules/60-block-scheduler.rules b/rules/60-block-scheduler.rules -new file mode 100644 -index 00000000000..480b941761f ---- /dev/null -+++ b/rules/60-block-scheduler.rules -@@ -0,0 +1,5 @@ -+# do not edit this file, it will be overwritten on update -+ -+ACTION=="add", SUBSYSTEM=="block", \ -+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ATTR{queue/scheduler}="bfq" -diff --git a/rules/meson.build b/rules/meson.build -index b6a32ba77e2..1da958b4d46 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -2,6 +2,7 @@ - - rules = files(''' - 60-block.rules -+ 60-block-scheduler.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules diff --git a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch index aa238ee5db18d3147497938883c8637f80cf2a39..bb17fc1867fd464eccec7580bb21404e80c71b8b 100644 --- a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -10,28 +10,29 @@ If it exists, do nothing. In particular, if it is a broken symlink, we cannot really know if the administator configured it to point to a location used by some service that hasn't started yet, so we don't touch it in that case either. - + https://bugzilla.redhat.com/show_bug.cgi?id=1313085 --- - src/resolve/resolved.c | 4 ++++ + src/resolve/resolved.c | 5 +++++ tmpfiles.d/etc.conf.m4 | 3 --- - 2 files changed, 4 insertions(+), 3 deletions(-) + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index 2ca9fbdc72..3c8a9ff12a 100644 +index 50989a6b0a..95a51a574a 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c -@@ -49,6 +49,10 @@ static int run(int argc, char *argv[]) { - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most - * privileges are already dropped. */ - if (getuid() == 0) { +@@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Could not create runtime directory: %m"); + + r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); + if (r < 0 && errno != EEXIST) + log_warning_errno(errno, + "Could not create /etc/resolv.conf symlink: %m"); - ++ /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ r = drop_privileges(uid, gid, + (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 index f82e0b82ce..66a777bdb2 100644 --- a/tmpfiles.d/etc.conf.m4 @@ -46,3 +47,6 @@ index f82e0b82ce..66a777bdb2 100644 C! /etc/nsswitch.conf - - - - m4_ifdef(`HAVE_PAM', C! /etc/pam.d - - - - +-- +2.23.0 + diff --git a/1509-fix-journal-file-descriptors-leak-problems.patch b/1509-fix-journal-file-descriptors-leak-problems.patch index 8ea3a5cf2cc60ad3555190572099e3de55eea1ba..59e89df219096e02fa1d3bc9c77a600eeeb87abb 100644 --- a/1509-fix-journal-file-descriptors-leak-problems.patch +++ b/1509-fix-journal-file-descriptors-leak-problems.patch @@ -12,10 +12,10 @@ after notify watching is added. 1 file changed, 20 insertions(+) diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c -index 004fe64..8be5481 100644 +index 80cd80f356..de2ad4607d 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c -@@ -1436,6 +1436,18 @@ fail: +@@ -1578,6 +1578,18 @@ fail: log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path); } @@ -34,7 +34,7 @@ index 004fe64..8be5481 100644 static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) { int r; -@@ -1464,6 +1476,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) +@@ -1606,6 +1618,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) (void) inotify_rm_watch(j->inotify_fd, m->wd); m->wd = -1; } @@ -48,7 +48,7 @@ index 004fe64..8be5481 100644 + remove_nonexistent_journal_files(j); } - static int add_directory(sd_journal *j, const char *prefix, const char *dirname) { + static int add_directory( -- -1.8.3.1 +2.23.0 diff --git a/1605-update-rtc-with-system-clock-when-shutdown.patch b/1605-update-rtc-with-system-clock-when-shutdown.patch index 86a87e457bf0e9774d8c537dc2c5bd1d914c9d16..1c60cee44430e49d6b93d3f6c7d0c79abb8c4cf2 100644 --- a/1605-update-rtc-with-system-clock-when-shutdown.patch +++ b/1605-update-rtc-with-system-clock-when-shutdown.patch @@ -1,17 +1,16 @@ -m a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 +From a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 From: update-rtc-with-system-clock-when-shutdown Date: Sat, 2 Feb 2019 02:54:52 -0500 Subject: [PATCH] Module: modification summary - --- units/hwclock-save.service.in | 19 +++++++++++++++++++ units/meson.build | 2 ++ - + 2 files changed, 21 insertions(+) create mode 100644 units/hwclock-save.service.in diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in new file mode 100644 -index 0000000..db33418 +index 0000000000..db33418932 --- /dev/null +++ b/units/hwclock-save.service.in @@ -0,0 +1,19 @@ @@ -35,10 +34,10 @@ index 0000000..db33418 +WantedBy=default.target + diff --git a/units/meson.build b/units/meson.build -index e4ac6ce..67126d6 100644 +index c641900c66..63fc331921 100644 --- a/units/meson.build +++ b/units/meson.build -@@ -211,6 +211,8 @@ in_units = [ +@@ -220,6 +220,8 @@ in_units = [ 'sysinit.target.wants/'], ['systemd-update-done.service', '', 'sysinit.target.wants/'], @@ -48,5 +47,5 @@ index e4ac6ce..67126d6 100644 'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'], ['systemd-update-utmp.service', 'ENABLE_UTMP', -- -1.8.3.1 +2.23.0 diff --git a/1612-serialize-pids-for-scope-when-not-started.patch b/1612-serialize-pids-for-scope-when-not-started.patch deleted file mode 100644 index 3d51aa655ef056e06273c59ba7cc9876b813160f..0000000000000000000000000000000000000000 --- a/1612-serialize-pids-for-scope-when-not-started.patch +++ /dev/null @@ -1,89 +0,0 @@ -From a5c08598384d44ad3bce24ff63ab320b3b3e5292 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Wed, 31 Jan 2018 22:28:36 +0800 -Subject: [PATCH] systemd-core: Serialize pids for scope unit when it is not - started - -1. when a scope unit is initialized, and daemon-reload is performed before it is started, -pids (generally comes from dbus) belog to this scope will not be attached to the cgroup of this scope, -because these pids are not serialized and are lost during daemon-reload. -2. this patch fix this problem by serializing scope pids when the state of the scope is DEAD(the init state). ---- - src/core/scope.c | 33 +++++++++++++++++++++++++++++++++ - 1 file changed, 33 insertions(+) - -diff --git a/src/core/scope.c b/src/core/scope.c -index ae6614f..8d96ee1 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -194,6 +194,8 @@ static int scope_load(Unit *u) { - - static int scope_coldplug(Unit *u) { - Scope *s = SCOPE(u); -+ Iterator i; -+ void *pidp = NULL; - int r; - - assert(s); -@@ -214,6 +216,12 @@ static int scope_coldplug(Unit *u) { - bus_scope_track_controller(s); - - scope_set_state(s, s->deserialized_state); -+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { -+ SET_FOREACH(pidp, u->pids, i) { -+ log_unit_info(u, "Rewatch pid from serialized pids. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); -+ unit_watch_pid(u, PTR_TO_UINT32(pidp)); -+ } -+ } - return 0; - } - -@@ -396,6 +404,8 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) { - } - - static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { -+ Iterator i; -+ void *pidp = NULL; - Scope *s = SCOPE(u); - - assert(s); -@@ -408,6 +418,14 @@ static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { - if (s->controller) - unit_serialize_item(u, f, "controller", s->controller); - -+ /*serialize pids when scope is not started*/ -+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { -+ SET_FOREACH(pidp, u->pids, i) { -+ log_unit_info(u, "scope is not started yet, pids are serialized. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); -+ unit_serialize_item_format(u, f, "scope_pids", PID_FMT, PTR_TO_UINT32(pidp)); -+ } -+ } -+ - return 0; - } - -@@ -443,6 +461,21 @@ static int scope_deserialize_item(Unit *u, const char *key, const char *value, F - if (r < 0) - log_oom(); - -+ } else if (streq(key, "scope_pids")) { -+ pid_t pid; -+ -+ if (parse_pid(value, &pid) < 0) -+ log_unit_debug(u, "Failed to parse scope-pid value %s.", value); -+ else { -+ if(!u->pids) { -+ r = set_ensure_allocated(&u->pids, NULL); -+ if (r < 0) -+ return r; -+ } -+ r = set_put(u->pids, pid); -+ if (r < 0) -+ return r; -+ } - } else - log_unit_debug(u, "Unknown serialization key: %s", key); - --- -1.8.3.1 - diff --git a/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch b/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch deleted file mode 100644 index d29e083491253fe95c06e0b35e564736a1cff97b..0000000000000000000000000000000000000000 --- a/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 650352c713aeb3b47807c9699ceeb168f9f880b8 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Tue, 13 Mar 2018 20:51:37 +0800 -Subject: [PATCH] systemd-core: Do not finish job during daemon reloading in - unit_notify. - -1. During daemon reload, a service unit will restore its state from dead to its deserialized state, -and unit_notify will be triggered to notify the state change. -Since JobRemove signal will not be sent during daemon-reload(see details of job_uninstall), -if one job is finished in unit_notify due to the deserialization of a service, the corresponding -job observers(such as systemctl) will not receive any JobRemove signals will hang forever. -2. The above problem will cause a systemctl command to hang forever by using the following steps to reproduce. -a) Ensuere a service(named A)is in running state. -b) execute "systemctl daemon-reload" and "systemctl start A" concurrently -c) the systemctl command will hang for it is in waiting for the JobRemoved signal, but not signals will come from systemd. -3. This patch fix this bug by not finishing job in unit_notify when it is in daemon reload. ---- - src/core/unit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 9e5f1a8..2da6f61 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1831,7 +1831,8 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag - - unit_update_on_console(u); - -- if (u->job) { -+ if (u->job && -+ !(m->n_reloading > 0 && u->job->state != JOB_RUNNING && os == UNIT_INACTIVE)) { /*do not finish job during daemon-reload*/ - unexpected = false; - - if (u->job->state == JOB_WAITING) --- -1.8.3.1 - diff --git a/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch index f45745214ade529976fb4d061059f06533703ab1..c362dde60230cf90eaa8cf7c8aa74315c1096c93 100644 --- a/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +++ b/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch @@ -13,14 +13,14 @@ is same(both with 0), so the STOP job has no chance to be scheduled, and systemd to handle the time task. This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. --- - src/core/service.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) + src/core/service.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/service.c b/src/core/service.c -index ad9c028..8217447 100644 +index 340b655059..fba3b3a3f1 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -1716,14 +1716,15 @@ fail: +@@ -2264,6 +2264,7 @@ fail: static void service_enter_restart(Service *s) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; int r; @@ -28,10 +28,10 @@ index ad9c028..8217447 100644 assert(s); - if (UNIT(s)->job && UNIT(s)->job->type == JOB_STOP) { +@@ -2271,7 +2272,8 @@ static void service_enter_restart(Service *s) { /* Don't restart things if we are going down anyway */ log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); -- + - r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); + restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; + r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); @@ -39,5 +39,5 @@ index ad9c028..8217447 100644 goto fail; -- -1.8.3.1 +2.23.0 diff --git a/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch b/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch deleted file mode 100644 index 05c9cf46404880e744ba65f88e5b390019a95321..0000000000000000000000000000000000000000 --- a/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 07e13151c566588b5f679e2576d3dfc2125c6e7c Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Sun, 22 Apr 2018 18:49:19 +0800 -Subject: [PATCH] systemd-core: nop_job of a unit must also be coldpluged after - deserization. - -When a unit is not in-active, and systemctl try-restart is executed for this unit, -systemd will do nothing for it and just accept it as a nop_job for the unit. -When then nop-job is still in the running queue, then daemon-reload is performed, this nop job -will be dropped from the unit since it is not coldpluged in the unit_coldplug function. -After then, the systemctl try-restart command will hang forever since no JOB_DONE dbus signal will be sent -to it from systemd. -This patch fix this problem by do coldplug for the nop_job in unit_coldplug function. ---- - src/core/unit.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 2da6f61..a862b79 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3028,10 +3028,17 @@ int unit_coldplug(Unit *u) { - r = q; - } - -- if (u->job) { -- q = job_coldplug(u->job); -- if (q < 0 && r >= 0) -- r = q; -+ if (u->job || u->nop_job) { -+ if (u->job) { -+ q = job_coldplug(u->job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } -+ if (u->nop_job) { -+ q = job_coldplug(u->nop_job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } - } - - return r; --- -1.8.3.1 - diff --git a/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch index 63d6d3d35ff48f26a631deb7474e97c610ab5f3a..5bbf0546fcf6536589e09bbd2e1c80427037cf9b 100644 --- a/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ b/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -8,17 +8,16 @@ Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds an After relationship. Resolves: #1578772 - --- src/core/unit.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c -index 10e314f..bb4836a 100644 +index 2b86fdedfd..2c804c8486 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -1036,13 +1036,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { - return 0; +@@ -1090,13 +1090,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { + } if (c->private_tmp) { - const char *p; @@ -39,5 +38,5 @@ index 10e314f..bb4836a 100644 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE); if (r < 0) -- -2.19.1 +2.23.0 diff --git a/CVE-2020-1712-1.patch b/CVE-2020-1712-1.patch deleted file mode 100644 index 59aa7b8c041857f8aafcd266b4286c8622fcf429..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-1.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 7f56982289275ce84e20f0554475864953e6aaab Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:52:10 +0100 -Subject: [PATCH 1610/1760] polkit: on async pk requests, re-validate - action/details - -When we do an async pk request, let's store which action/details we used -for the original request, and when we are called for the second time, -let's compare. If the action/details changed, let's not allow the access -to go through. - -https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab - ---- - src/shared/bus-util.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index ce4ece6..4bfdd3a 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -318,6 +318,9 @@ int bus_test_polkit( - #if ENABLE_POLKIT - - typedef struct AsyncPolkitQuery { -+ char *action; -+ char **details; -+ - sd_bus_message *request, *reply; - sd_bus_message_handler_t callback; - void *userdata; -@@ -338,6 +341,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { - sd_bus_message_unref(q->request); - sd_bus_message_unref(q->reply); - -+ free(q->action); -+ strv_free(q->details); -+ - free(q); - } - -@@ -402,11 +408,17 @@ int bus_verify_polkit_async( - if (q) { - int authorized, challenge; - -- /* This is the second invocation of this function, and -- * there's already a response from polkit, let's -- * process it */ -+ /* This is the second invocation of this function, and there's already a response from -+ * polkit, let's process it */ - assert(q->reply); - -+ /* If the operation we want to authenticate changed between the first and the second time, -+ * let's not use this authentication, it might be out of date as the object and context we -+ * operate on might have changed. */ -+ if (!streq(q->action, action) || -+ !strv_equal(q->details, (char**) details)) -+ return -ESTALE; -+ - if (sd_bus_message_is_method_error(q->reply, NULL)) { - const sd_bus_error *e; - -@@ -512,6 +524,18 @@ int bus_verify_polkit_async( - q->callback = callback; - q->userdata = userdata; - -+ q->action = strdup(action); -+ if (!q->action) { -+ async_polkit_query_free(q); -+ return -ENOMEM; -+ } -+ -+ q->details = strv_copy((char**) details); -+ if (!q->details) { -+ async_polkit_query_free(q); -+ return -ENOMEM; -+ } -+ - r = hashmap_put(*registry, call, q); - if (r < 0) { - async_polkit_query_free(q); --- -2.19.1 - diff --git a/CVE-2020-1712-2.patch b/CVE-2020-1712-2.patch deleted file mode 100644 index 502b86e2c57aa4b7d22d884a73b0e9bc3ea02009..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-2.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1068447e6954dc6ce52f099ed174c442cb89ed54 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 17:05:17 +0100 -Subject: [PATCH 1612/1760] sd-bus: introduce API for re-enqueuing incoming - messages - -When authorizing via PolicyKit we want to process incoming method calls -twice: once to process and figure out that we need PK authentication, -and a second time after we aquired PK authentication to actually execute -the operation. With this new call sd_bus_enqueue_for_read() we have a -way to put an incoming message back into the read queue for this -purpose. - -This might have other uses too, for example debugging. - -https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 - ---- - src/libsystemd/sd-bus/sd-bus.c | 25 +++++++++++++++++++++++++ - src/systemd/sd-bus.h | 1 + - 2 files changed, 26 insertions(+) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 615346d..05593d1 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -4198,3 +4198,28 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) { - - return bus->close_on_exit; - } -+ -+ -+_public_ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { -+ int r; -+ -+ assert_return(bus, -EINVAL); -+ assert_return(bus = bus_resolve(bus), -ENOPKG); -+ assert_return(m, -EINVAL); -+ assert_return(m->sealed, -EINVAL); -+ assert_return(!bus_pid_changed(bus), -ECHILD); -+ -+ if (!BUS_IS_OPEN(bus->state)) -+ return -ENOTCONN; -+ -+ /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, -+ * where we want accept a message, then determine we need to interactively authenticate the user, and -+ * when we have that process the message again. */ -+ -+ r = bus_rqueue_make_room(bus); -+ if (r < 0) -+ return r; -+ -+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus); -+ return 0; -+} -diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h -index 84ceb62..2e104f8 100644 ---- a/src/systemd/sd-bus.h -+++ b/src/systemd/sd-bus.h -@@ -201,6 +201,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r); - int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r); - int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec); - int sd_bus_flush(sd_bus *bus); -+int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m); - - sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus); - sd_bus_message* sd_bus_get_current_message(sd_bus *bus); --- -2.19.1 - diff --git a/CVE-2020-1712-3.patch b/CVE-2020-1712-3.patch deleted file mode 100644 index ecd5d4df817c47d81e43812738debae7e5bcc81b..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-3.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 95f82ae9d774f3508ce89dcbdd0714ef7385df59 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:44:43 +0100 -Subject: [PATCH] polkit: reuse some common bus message appending code - -https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 - ---- - src/shared/bus-util.c | 56 ++++++++++++++++++++++++------------------- - 1 file changed, 32 insertions(+), 24 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 4bfdd3a..04153d6 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -211,6 +211,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) { - return sender_uid == good_user; - } - -+#if ENABLE_POLKIT -+static int bus_message_append_strv_key_value( -+ sd_bus_message *m, -+ const char **l) { -+ -+ const char **k, **v; -+ int r; -+ -+ assert(m); -+ -+ r = sd_bus_message_open_container(m, 'a', "{ss}"); -+ if (r < 0) -+ return r; -+ -+ STRV_FOREACH_PAIR(k, v, l) { -+ r = sd_bus_message_append(m, "{ss}", *k, *v); -+ if (r < 0) -+ return r; -+ } -+ -+ r = sd_bus_message_close_container(m); -+ if (r < 0) -+ return r; -+ -+ return r; -+} -+#endif -+ - int bus_test_polkit( - sd_bus_message *call, - int capability, -@@ -241,7 +269,7 @@ int bus_test_polkit( - _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - int authorized = false, challenge = false; -- const char *sender, **k, **v; -+ const char *sender; - - sender = sd_bus_message_get_sender(call); - if (!sender) -@@ -265,17 +293,7 @@ int bus_test_polkit( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(request, 'a', "{ss}"); -- if (r < 0) -- return r; -- -- STRV_FOREACH_PAIR(k, v, details) { -- r = sd_bus_message_append(request, "{ss}", *k, *v); -- if (r < 0) -- return r; -- } -- -- r = sd_bus_message_close_container(request); -+ r = bus_message_append_strv_key_value(request, details); - if (r < 0) - return r; - -@@ -388,7 +406,7 @@ int bus_verify_polkit_async( - #if ENABLE_POLKIT - _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - AsyncPolkitQuery *q; -- const char *sender, **k, **v; -+ const char *sender; - sd_bus_message_handler_t callback; - void *userdata; - int c; -@@ -498,17 +516,7 @@ int bus_verify_polkit_async( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(pk, 'a', "{ss}"); -- if (r < 0) -- return r; -- -- STRV_FOREACH_PAIR(k, v, details) { -- r = sd_bus_message_append(pk, "{ss}", *k, *v); -- if (r < 0) -- return r; -- } -- -- r = sd_bus_message_close_container(pk); -+ r = bus_message_append_strv_key_value(pk, details); - if (r < 0) - return r; - --- -2.19.1 - diff --git a/CVE-2020-1712-4.patch b/CVE-2020-1712-4.patch deleted file mode 100644 index 17ccb888caf9ddf79f003b9168d2c47b002d5f48..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-4.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f4425c72c7395ec93ae00052916a66e2f60f200b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:53:59 +0100 -Subject: [PATCH] polkit: use structured initialization - -https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b - ---- - src/shared/bus-util.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 04153d6..0690a82 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -524,13 +524,15 @@ int bus_verify_polkit_async( - if (r < 0) - return r; - -- q = new0(AsyncPolkitQuery, 1); -+ q = new(AsyncPolkitQuery, 1); - if (!q) - return -ENOMEM; - -- q->request = sd_bus_message_ref(call); -- q->callback = callback; -- q->userdata = userdata; -+ *q = (AsyncPolkitQuery) { -+ .request = sd_bus_message_ref(call), -+ .callback = callback, -+ .userdata = userdata, -+ }; - - q->action = strdup(action); - if (!q->action) { --- -2.19.1 - diff --git a/CVE-2020-1712-5.patch b/CVE-2020-1712-5.patch deleted file mode 100644 index 616f36eaf3d5b8f6278cfdb4ed7029627aae501c..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-5.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 637486261528e8aa3da9f26a4487dc254f4b7abb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 17:07:47 +0100 -Subject: [PATCH 1613/1760] polkit: when authorizing via PK let's re-resolve - callback/userdata instead of caching it - -Previously, when doing an async PK query we'd store the original -callback/userdata pair and call it again after the PK request is -complete. This is problematic, since PK queries might be slow and in the -meantime the userdata might be released and re-acquired. Let's avoid -this by always traversing through the message handlers so that we always -re-resolve the callback and userdata pair and thus can be sure it's -up-to-date and properly valid. - -https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb - ---- - src/shared/bus-util.c | 75 ++++++++++++++++++++++++++++--------------- - 1 file changed, 50 insertions(+), 25 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 0690a82..41288a7 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -340,14 +340,13 @@ typedef struct AsyncPolkitQuery { - char **details; - - sd_bus_message *request, *reply; -- sd_bus_message_handler_t callback; -- void *userdata; - sd_bus_slot *slot; -+ - Hashmap *registry; -+ sd_event_source *defer_event_source; - } AsyncPolkitQuery; - - static void async_polkit_query_free(AsyncPolkitQuery *q) { -- - if (!q) - return; - -@@ -362,9 +361,22 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { - free(q->action); - strv_free(q->details); - -+ sd_event_source_disable_unref(q->defer_event_source); - free(q); - } - -+static int async_polkit_defer(sd_event_source *s, void *userdata) { -+ AsyncPolkitQuery *q = userdata; -+ -+ assert(s); -+ -+ /* This is called as idle event source after we processed the async polkit reply, hopefully after the -+ * method call we re-enqueued has been properly processed. */ -+ -+ async_polkit_query_free(q); -+ return 0; -+} -+ - static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { - _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; - AsyncPolkitQuery *q = userdata; -@@ -373,19 +385,45 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e - assert(reply); - assert(q); - -+ assert(q->slot); - q->slot = sd_bus_slot_unref(q->slot); -+ -+ assert(!q->reply); - q->reply = sd_bus_message_ref(reply); - -+ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the -+ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field -+ * again. -+ * -+ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, -+ * i.e. after the second time the message is processed is complete. */ -+ -+ assert(!q->defer_event_source); -+ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); -+ if (r < 0) -+ goto fail; -+ -+ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); -+ if (r < 0) -+ goto fail; -+ -+ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); -+ if (r < 0) -+ goto fail; -+ - r = sd_bus_message_rewind(q->request, true); -- if (r < 0) { -- r = sd_bus_reply_method_errno(q->request, r, NULL); -- goto finish; -- } -+ if (r < 0) -+ goto fail; - -- r = q->callback(q->request, q->userdata, &error_buffer); -- r = bus_maybe_reply_error(q->request, r, &error_buffer); -+ r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request); -+ if (r < 0) -+ goto fail; -+ -+ return 1; - --finish: -+fail: -+ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); -+ (void) sd_bus_reply_method_errno(q->request, r, NULL); - async_polkit_query_free(q); - - return r; -@@ -406,11 +444,9 @@ int bus_verify_polkit_async( - #if ENABLE_POLKIT - _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - AsyncPolkitQuery *q; -- const char *sender; -- sd_bus_message_handler_t callback; -- void *userdata; - int c; - #endif -+ const char *sender; - int r; - - assert(call); -@@ -474,20 +510,11 @@ int bus_verify_polkit_async( - else if (r > 0) - return 1; - --#if ENABLE_POLKIT -- if (sd_bus_get_current_message(call->bus) != call) -- return -EINVAL; -- -- callback = sd_bus_get_current_handler(call->bus); -- if (!callback) -- return -EINVAL; -- -- userdata = sd_bus_get_current_userdata(call->bus); -- - sender = sd_bus_message_get_sender(call); - if (!sender) - return -EBADMSG; - -+#if ENABLE_POLKIT - c = sd_bus_message_get_allow_interactive_authorization(call); - if (c < 0) - return c; -@@ -530,8 +557,6 @@ int bus_verify_polkit_async( - - *q = (AsyncPolkitQuery) { - .request = sd_bus_message_ref(call), -- .callback = callback, -- .userdata = userdata, - }; - - q->action = strdup(action); --- -2.19.1 - diff --git a/Make-systemd-udevd.service-start-after-systemd-remou.patch b/Make-systemd-udevd.service-start-after-systemd-remou.patch index d4dd22d652b92b06f08098a7628c7bab9eacbc5f..18bdc3763dc18c5d98597fedf79e47f68a914036 100644 --- a/Make-systemd-udevd.service-start-after-systemd-remou.patch +++ b/Make-systemd-udevd.service-start-after-systemd-remou.patch @@ -2,17 +2,16 @@ From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001 From: openEuler Buildteam Date: Tue, 29 Jan 2019 22:54:34 -0500 Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service. - --- units/systemd-udevd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index 6a3814e..3b09923 100644 +index 9ada3a6a74..17f15bba83 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -11,7 +11,7 @@ - Description=udev Kernel Device Manager + Description=Rule-based Manager for Device Events and Files Documentation=man:systemd-udevd.service(8) man:udev(7) DefaultDependencies=no -After=systemd-sysusers.service systemd-hwdb-update.service @@ -21,5 +20,5 @@ index 6a3814e..3b09923 100644 ConditionPathIsReadWrite=/sys -- -1.8.3.1 +2.23.0 diff --git a/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch b/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch deleted file mode 100644 index 75b0f1b5341dd2899b0cee4f5678d35318826ac0..0000000000000000000000000000000000000000 --- a/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Fri, 8 Feb 2019 10:54:34 +0100 -Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter - from 1 to 2" - -This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1. - -Resolves: #1653824 ---- - sysctl.d/50-default.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf -index b0645f3..e263cf0 100644 ---- a/sysctl.d/50-default.conf -+++ b/sysctl.d/50-default.conf -@@ -22,7 +22,7 @@ kernel.sysrq = 16 - kernel.core_uses_pid = 1 - - # Source route verification --net.ipv4.conf.all.rp_filter = 2 -+net.ipv4.conf.all.rp_filter = 1 - - # Do not accept source routing - net.ipv4.conf.all.accept_source_route = 0 --- -1.8.3.1 - diff --git a/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch b/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch deleted file mode 100644 index c9a66d93967a5e3eb91971146a77cc2860afab65..0000000000000000000000000000000000000000 --- a/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 95100aa8fa3182f3b066bdc5927b0a78c37550aa Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Mon, 23 Jul 2018 17:58:18 +0800 -Subject: [PATCH] systemd-udevd: Call malloc_trim to return memory to OS - immediately in forked children. - -hen there are many events from kernel, memory used to store these events(in event_list) -will be large, may be up to 100M. The forked child process will have a copy of these events and -release them using free. But since glibc will release memory to OS immediately, and if this child process -is stuck due I/O waiting(in D state), these memory will never be released until it is recoveried from D-state. -When there are so many such child processes, it will eat up much memory from system. -This patch fix this problem by invoking glibc's malloc_trim to release memory immediately when the child is forked. ---- - meson.build | 6 ++++++ - src/udev/udevd.c | 12 ++++++++++++ - 2 files changed, 18 insertions(+) - -diff --git a/meson.build b/meson.build -index c14540a..5ee2fa7 100644 ---- a/meson.build -+++ b/meson.build -@@ -518,6 +518,12 @@ else - conf.set10('HAVE_GETRANDOM', have) - endif - -+if cc.has_function('malloc_trim', prefix : '''#include ''') -+ conf.set10('HAVE_MALLOC_TRIM', true) -+else -+ conf.set10('HAVE_MALLOC_TRIM', false) -+endif -+ - ##################################################################### - - sed = find_program('sed') -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index c1119c3..62f1c44 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -27,6 +27,9 @@ - #include - #include - #include -+#ifdef HAVE_MALLOC_TRIM -+#include -+#endif - - #include "sd-daemon.h" - #include "sd-event.h" -@@ -233,6 +236,15 @@ static void worker_spawn(Manager *manager, struct event *event) { - - manager->event = sd_event_unref(manager->event); - -+#ifdef HAVE_MALLOC_TRIM -+ /* unused memory inherits from parent has been freed, but it will -+ * not release to OS immediately. We do the optimization by invoking -+ * glibc's malloc_trim to force these unused memory to return to OS immediately. -+ * Otherwise when there are many forked process, it will eat up system's memory, -+ * and will cause OOM problem. -+ */ -+ malloc_trim(0); -+#endif - sigfillset(&mask); - fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC); - if (fd_signal < 0) { --- -1.8.3.1 - diff --git a/dbus-execute-avoid-extra-strdup.patch b/dbus-execute-avoid-extra-strdup.patch deleted file mode 100644 index 3c0f80ff4640630bf3f4ae6b92dd924cb2b1ecc0..0000000000000000000000000000000000000000 --- a/dbus-execute-avoid-extra-strdup.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 66ca4903ca74604b193802635d36c48b0fcaf291 Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Thu, 2 Jan 2020 19:59:48 +0200 -Subject: [PATCH] dbus-execute: avoid extra strdup() - -bind_mount_add does the strdup(), so we can avoid -strdup()ing the strings. - -https://github.com/systemd/systemd/commit/66ca4903ca74604b193802635d36c48b0fcaf291 - ---- - src/core/dbus-execute.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 2be3db2..abd60ea 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2370,7 +2370,7 @@ int bus_exec_context_set_transient_property( - return 1; - - } else if (STR_IN_SET(name, "BindPaths", "BindReadOnlyPaths")) { -- const char *source, *destination; -+ char *source, *destination; - int ignore_enoent; - uint64_t mount_flags; - bool empty = true; -@@ -2391,8 +2391,8 @@ int bus_exec_context_set_transient_property( - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts, - &(BindMount) { -- .source = strdup(source), -- .destination = strdup(destination), -+ .source = source, -+ .destination = destination, - .read_only = !!strstr(name, "ReadOnly"), - .recursive = !!(mount_flags & MS_REC), - .ignore_enoent = ignore_enoent, --- -2.19.1 - diff --git a/fix-fd-leak-in-no-memory-condition.patch b/fix-fd-leak-in-no-memory-condition.patch deleted file mode 100644 index 256182bc3adcb3f245c833901a7733397ad5e2cc..0000000000000000000000000000000000000000 --- a/fix-fd-leak-in-no-memory-condition.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 43681c404794341a42ba0a34b9730103f4f2c560 Mon Sep 17 00:00:00 2001 -From: Gaurav -Date: Mon, 8 Apr 2019 10:13:26 +0530 -Subject: [PATCH] Fix fd leak in no memory condition - -In case of no memory situation, fd is not being close. -Please review. - -https://github.com/systemd/systemd/commit/43681c404794341a42ba0a34b9730103f4f2c560.patch - ---- - src/libsystemd/sd-event/sd-event.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 5adbcee..5d0e057 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -900,8 +900,10 @@ _public_ int sd_event_add_io( - assert_return(!event_pid_changed(e), -ECHILD); - - s = source_new(e, !ret, SOURCE_IO); -- if (!s) -+ if (!s) { -+ fd = safe_close(fd); - return -ENOMEM; -+ } - - s->wakeup = WAKEUP_EVENT_SOURCE; - s->io.fd = fd; --- -2.19.1 - diff --git a/fix-two-VF-virtual-machines-have-same-mac-address.patch b/fix-two-VF-virtual-machines-have-same-mac-address.patch index 7c5adce5e290842cdd0ad1c76f4e2068e7e201bc..f7b0335fe784019645127096662256a24b168c66 100644 --- a/fix-two-VF-virtual-machines-have-same-mac-address.patch +++ b/fix-two-VF-virtual-machines-have-same-mac-address.patch @@ -1,4 +1,3 @@ -From 48b21956443a03ac94f29480e213b05b86fcf525 Mon Sep 17 00:00:00 2001 From: fangxiuning Date: Thu, 5 Sep 2019 07:40:41 +0800 Subject: fix two vf virtual machine has same mac address @@ -27,22 +26,20 @@ and "locally administered" bits set. none Keeps the MAC address assigned by the kernel. - - --- network/99-default.link | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/99-default.link b/network/99-default.link -index 347d4b7..54f1f58 100644 +index dc7a42bf58..2b8f46a84c 100644 --- a/network/99-default.link +++ b/network/99-default.link -@@ -12,4 +12,4 @@ OriginalName=* - +@@ -13,4 +13,4 @@ OriginalName=* [Link] NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path -MACAddressPolicy=persistent +MACAddressPolicy=none -- -1.8.3.1 +2.23.0 diff --git a/journal-don-t-enable-systemd-journald-audit.socket-b.patch b/journal-don-t-enable-systemd-journald-audit.socket-b.patch index bdb9129b23351e99f83f56d8a2383c4caec5157c..f81ffb3ee4296a0a1d4f8e1dffd3d0befa2549b2 100644 --- a/journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ b/journal-don-t-enable-systemd-journald-audit.socket-b.patch @@ -11,18 +11,18 @@ Resolves: #1699287 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 089bc38..7436619 100644 +index 0cb1bfa3ca..fa7348aa79 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in -@@ -31,7 +31,7 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK - RestrictNamespaces=yes - RestrictRealtime=yes +@@ -34,7 +34,7 @@ RestrictRealtime=yes RestrictSUIDSGID=yes + RuntimeDirectory=systemd/journal + RuntimeDirectoryPreserve=yes -Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket +Sockets=systemd-journald.socket systemd-journald-dev-log.socket StandardOutput=null SystemCallArchitectures=native SystemCallErrorNumber=EPERM -- -2.19.1 +2.23.0 diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/logind-set-RemoveIPC-to-false-by-default.patch index 846e34ee1e0028aadec3470466cea9f0717474e5..02df6b3588d3c027eac9aebe05b40933bc92e318 100644 --- a/logind-set-RemoveIPC-to-false-by-default.patch +++ b/logind-set-RemoveIPC-to-false-by-default.patch @@ -11,10 +11,10 @@ Resolves: #1523233 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/logind.conf.xml b/man/logind.conf.xml -index 4cbfd09..c6ff5c3 100644 +index b00daf366d..a9fed78aa6 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml -@@ -327,7 +327,7 @@ +@@ -340,7 +340,7 @@ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users @@ -24,10 +24,10 @@ index 4cbfd09..c6ff5c3 100644 diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 1d21e90..2ac7860 100644 +index 4289461df6..556945be20 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c -@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) { +@@ -35,7 +35,7 @@ void manager_reset_config(Manager *m) { m->n_autovts = 6; m->reserve_vt = 6; @@ -37,17 +37,17 @@ index 1d21e90..2ac7860 100644 m->user_stop_delay = 10 * USEC_PER_SEC; diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 1029e29..c7346f9 100644 +index ed1084b06e..07ff0d195e 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in -@@ -32,6 +32,6 @@ - #IdleAction=ignore +@@ -33,6 +33,6 @@ #IdleActionSec=30min #RuntimeDirectorySize=10% + #RuntimeDirectoryInodes=400k -#RemoveIPC=yes +#RemoveIPC=no #InhibitorsMax=8192 #SessionsMax=8192 -- -2.19.1 +2.23.0 diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch deleted file mode 100644 index 5b2f120dcb90eb5c02125f7df08fad321dcfa15d..0000000000000000000000000000000000000000 --- a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ /dev/null @@ -1,66 +0,0 @@ -From bb46b12cbb84411e378cd45f2ac320a9ce53551c Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Tue, 10 Mar 2020 21:01:43 +0800 -Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value - ---- - man/systemd-system.conf.xml | 2 +- - src/basic/cgroup-util.h | 4 ++-- - src/core/system.conf.in | 2 +- - units/user-.slice.d/10-defaults.conf | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index e403fa5..afd51ed 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -360,7 +360,7 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller -+ of slice units. Defaults to 80%, which equals 26214 with the kernel's defaults on the host, but might be smaller - in OS containers. - - -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index a39ab45..f2f2c09 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -128,8 +128,8 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) { - } - - /* Default resource limits */ --#define DEFAULT_TASKS_MAX_PERCENTAGE 15U /* 15% of PIDs, 4915 on default settings */ --#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */ -+#define DEFAULT_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 4915 on default settings */ -+#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 10813 on default settings */ - - typedef enum CGroupUnified { - CGROUP_UNIFIED_UNKNOWN = -1, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index 8112125..9e75b14 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -51,7 +51,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@ - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=80% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= -diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf -index c81a00e..3b14c35 100644 ---- a/units/user-.slice.d/10-defaults.conf -+++ b/units/user-.slice.d/10-defaults.conf -@@ -14,4 +14,4 @@ After=systemd-user-sessions.service - StopWhenUnneeded=yes - - [Slice] --TasksMax=33% -+TasksMax=80% --- -1.8.3.1 - diff --git a/rules-add-elevator-kernel-command-line-parameter.patch b/rules-add-elevator-kernel-command-line-parameter.patch index 9b2c69ef346250de1962790f7183a32d10e55785..4e5f12616f1a04ed272e7ec65ad8fadbce67d6ab 100644 --- a/rules-add-elevator-kernel-command-line-parameter.patch +++ b/rules-add-elevator-kernel-command-line-parameter.patch @@ -6,17 +6,16 @@ Subject: [PATCH] rules: add elevator= kernel command line parameter Kernel removed the elevator= option Resolves: #1670126 - --- - rules/40-elevator.rules | 20 ++++++++++++++++++++ + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) - create mode 100644 rules/40-elevator.rules + create mode 100644 rules.d/40-elevator.rules -diff --git a/rules/40-elevator.rules b/rules/40-elevator.rules +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules new file mode 100644 -index 0000000..dbe8fc8 +index 0000000000..5f615bf51a --- /dev/null -+++ b/rules/40-elevator.rules ++++ b/rules.d/40-elevator.rules @@ -0,0 +1,20 @@ +# We aren't adding devices skip the elevator check +ACTION!="add", GOTO="sched_out" @@ -39,5 +38,5 @@ index 0000000..dbe8fc8 + +LABEL="sched_out" -- -1.8.3.1 +2.23.0 diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch index a9a20f1462bd6603e2687c0277cedddc7ac4b019..af9c43cabaf031a9c4102bc56c44e2fef218b869 100644 --- a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +++ b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch @@ -6,16 +6,16 @@ Subject: rules: add rule for naming Dell iDRAC USB Virtual NIC Related: #1523227 --- - rules/73-idrac.rules | 6 ++++++ - rules/meson.build | 1 + + rules.d/73-idrac.rules | 6 ++++++ + rules.d/meson.build | 1 + 2 files changed, 7 insertions(+) - create mode 100644 rules/73-idrac.rules + create mode 100644 rules.d/73-idrac.rules -diff --git a/rules/73-idrac.rules b/rules/73-idrac.rules +diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules new file mode 100644 -index 0000000..d67fc42 +index 0000000000..d67fc425b1 --- /dev/null -+++ b/rules/73-idrac.rules ++++ b/rules.d/73-idrac.rules @@ -0,0 +1,6 @@ +# do not edit this file, it will be overwritten on update + @@ -23,11 +23,11 @@ index 0000000..d67fc42 +# with terminates in the iDRAC. Help identify this with 'idrac' + +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" -diff --git a/rules/meson.build b/rules/meson.build -index e7e4362..e04a18a 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -17,6 +17,7 @@ rules = files(''' +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 13d1d330cf..b06edf0621 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -18,6 +18,7 @@ rules = files(''' 70-joystick.rules 70-mouse.rules 70-touchpad.rules @@ -36,5 +36,5 @@ index e7e4362..e04a18a 100644 75-probe_mtd.rules 78-sound-card.rules -- -1.8.3.1 +2.23.0 diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/rules-add-the-rule-that-adds-elevator-kernel-command.patch index dd20b73f0b16b12f0cafbbdaa7aca5f06c369cb4..55a84ae966e6156c7a13fa78dacc9ad989239286 100644 --- a/rules-add-the-rule-that-adds-elevator-kernel-command.patch +++ b/rules-add-the-rule-that-adds-elevator-kernel-command.patch @@ -7,21 +7,21 @@ Subject: [PATCH] rules: add the rule that adds elevator= kernel Resolves: #1670126 --- - rules/meson.build | 1 + + rules.d/meson.build | 1 + 1 file changed, 1 insertion(+) -diff --git a/rules/meson.build b/rules/meson.build -index 1da958b..043313a 100644 ---- a/rules/meson.build -+++ b/rules/meson.build +diff --git a/rules.d/meson.build b/rules.d/meson.build +index b06edf0621..bd65424a0d 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build @@ -1,6 +1,7 @@ # SPDX-License-Identifier: LGPL-2.1+ rules = files(''' + 40-elevator.rules 60-block.rules - 60-block-scheduler.rules 60-cdrom_id.rules + 60-drm.rules -- -2.19.1 +2.23.0 diff --git a/sd-journal-close-journal-files-that-were-deleted-by-.patch b/sd-journal-close-journal-files-that-were-deleted-by-.patch deleted file mode 100644 index 4d6247fe6581093d519b72841175a870e6a1e062..0000000000000000000000000000000000000000 --- a/sd-journal-close-journal-files-that-were-deleted-by-.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= -Date: Tue, 4 Feb 2020 14:23:14 +0100 -Subject: [PATCH] sd-journal: close journal files that were deleted by journald - before we've setup inotify watch -url:https://github.com/systemd/systemd/commit/28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6.patch - -Fixes #14695 ---- - src/journal/journal-file.c | 2 +- - src/journal/journal-file.h | 1 + - src/journal/sd-journal.c | 15 +++++++++++++++ - 3 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c -index 505191999b..bd53635860 100644 ---- a/src/journal/journal-file.c -+++ b/src/journal/journal-file.c -@@ -601,7 +601,7 @@ static int journal_file_verify_header(JournalFile *f) { - return 0; - } - --static int journal_file_fstat(JournalFile *f) { -+int journal_file_fstat(JournalFile *f) { - int r; - - assert(f); -diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h -index 502f1f567d..cf0f7691fb 100644 ---- a/src/journal/journal-file.h -+++ b/src/journal/journal-file.h -@@ -145,6 +145,7 @@ int journal_file_open( - int journal_file_set_offline(JournalFile *f, bool wait); - bool journal_file_is_offlining(JournalFile *f); - JournalFile* journal_file_close(JournalFile *j); -+int journal_file_fstat(JournalFile *f); - DEFINE_TRIVIAL_CLEANUP_FUNC(JournalFile*, journal_file_close); - - int journal_file_open_reliably( -diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c -index bced8af3e3..3fa98dfda2 100644 ---- a/src/journal/sd-journal.c -+++ b/src/journal/sd-journal.c -@@ -2661,6 +2661,8 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) { - assert_return(!journal_pid_changed(j), -ECHILD); - - if (j->inotify_fd < 0) { -+ Iterator i; -+ JournalFile *f; - - /* This is the first invocation, hence create the - * inotify watch */ -@@ -2668,6 +2670,19 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) { - if (r < 0) - return r; - -+ /* Server might have done some vacuuming while we weren't watching. -+ Get rid of the deleted files now so they don't stay around indefinitely. */ -+ ORDERED_HASHMAP_FOREACH(f, j->files, i) { -+ r = journal_file_fstat(f); -+ if (r < 0) { -+ log_debug_errno(r,"Failed to fstat() journal file '%s' : %m", f->path); -+ continue; -+ } -+ -+ if (f->last_stat.st_nlink <= 0) -+ remove_file_real(j, f); -+ } -+ - /* The journal might have changed since the context - * object was created and we weren't watching before, - * hence don't wait for anything, and return --- -2.19.1 - diff --git a/seccomp-more-comprehensive-protection-against-libsec.patch b/seccomp-more-comprehensive-protection-against-libsec.patch deleted file mode 100644 index 8e28c85f3e67c4ad4d05e5fa60c3d6d503ddd3e1..0000000000000000000000000000000000000000 --- a/seccomp-more-comprehensive-protection-against-libsec.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 14 Nov 2019 17:51:30 +0100 -Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's - __NR_xyz namespace invasion - -A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the -same conditioning for all cases of our __NR_xyz use. - -Fixes: #14031 ---- - src/basic/missing_syscall.h | 10 +++++----- - src/test/test-seccomp.c | 19 ++++++++++--------- - 2 files changed, 15 insertions(+), 14 deletions(-) - -diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h -index 6d9b125..1255d8b 100644 ---- a/src/basic/missing_syscall.h -+++ b/src/basic/missing_syscall.h -@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c - - #if !HAVE_KCMP - static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) { --# ifdef __NR_kcmp -+# if defined __NR_kcmp && __NR_kcmp > 0 - return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2); - # else - errno = ENOSYS; -@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i - - #if !HAVE_KEYCTL - static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { --# ifdef __NR_keyctl -+# if defined __NR_keyctl && __NR_keyctl > 0 - return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5); - # else - errno = ENOSYS; -@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg - } - - static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) { --# ifdef __NR_add_key -+# if defined __NR_add_key && __NR_add_key > 0 - return syscall(__NR_add_key, type, description, payload, plen, ringid); - # else - errno = ENOSYS; -@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip - } - - static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) { --# ifdef __NR_request_key -+# if defined __NR_request_key && __NR_request_key > 0 - return syscall(__NR_request_key, type, description, callout_info, destringid); - # else - errno = ENOSYS; -@@ -496,7 +496,7 @@ enum { - static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask, - unsigned long maxnode) { - long i; --# ifdef __NR_set_mempolicy -+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0 - i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode); - # else - errno = ENOSYS; -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 018c20f..c669204 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -28,7 +28,8 @@ - #include "tmpfile-util.h" - #include "virt.h" - --#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) -+/* __NR_socket may be invalid due to libseccomp */ -+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) - /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, - * and we can't restrict it hence via seccomp. */ - # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 -@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) { - assert_se(pid >= 0); - - if (pid == 0) { --#if __NR__sysctl > 0 -+#if defined __NR__sysctl && __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, NULL) < 0); - assert_se(errno == EFAULT); - #endif - - assert_se(seccomp_protect_sysctl() >= 0); - --#if __NR__sysctl > 0 -+#if defined __NR__sysctl && __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); - assert_se(errno == EPERM); - #endif -@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) { - assert_se(poll(NULL, 0, 0) == 0); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(access) >= 0 -+#if defined __NR_access && __NR_access > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); -@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(access) >= 0 -+#if defined __NR_access && __NR_access > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0); -@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(poll) >= 0 -+#if defined __NR_poll && __NR_poll > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0); -@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(poll) >= 0 -+#if defined __NR_poll && __NR_poll > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0); -@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) { - * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On - * other architectures, let's just fall back to the glibc call. */ - --#ifdef SYS_open -- return (int) syscall(SYS_open, path, flags, mode); -+#if defined __NR_open && __NR_open > 0 -+ return (int) syscall(__NR_open, path, flags, mode); - #else - return open(path, flags, mode); - #endif --- -1.8.3.1 - diff --git a/systemd-243.tar.gz b/systemd-246.tar.gz similarity index 49% rename from systemd-243.tar.gz rename to systemd-246.tar.gz index 9fab5204916001a54480524525e74ecc103caea9..4c3983feaa45256505a8248d815ccc6a3e718370 100644 Binary files a/systemd-243.tar.gz and b/systemd-246.tar.gz differ diff --git a/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch b/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch deleted file mode 100644 index 62ec61d75cb3f16dc4f76e3f7aa34e7e4c468241..0000000000000000000000000000000000000000 --- a/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch +++ /dev/null @@ -1,52 +0,0 @@ -From bec31cf5f0037dd049299e8665e03fc74024e357 Mon Sep 17 00:00:00 2001 -From: Alin Popa -Date: Fri, 14 Feb 2020 09:33:43 +0100 -Subject: [PATCH] systemd: Fix busctl crash on aarch64 when setting output - table format - -The enum used for column names is integer type while table_set_display() is parsing -arguments on size_t alignment which may result in assert in table_set_display() if -the size between types missmatch. This patch cast the enums to size_t. -An alternative solution would be to change the table_set_display() function -arguments to unsigned type. ---- - src/busctl/busctl.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c -index 5f3d5dd..b4e133f 100644 ---- a/src/busctl/busctl.c -+++ b/src/busctl/busctl.c -@@ -212,9 +212,27 @@ static int list_bus_names(int argc, char **argv, void *userdata) { - return log_error_errno(r, "Failed to set sort column: %m"); - - if (arg_show_machine) -- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, COLUMN_MACHINE, (size_t) -1); -+ r = table_set_display(table, (size_t) COLUMN_NAME, -+ (size_t) COLUMN_PID, -+ (size_t) COLUMN_PROCESS, -+ (size_t) COLUMN_USER, -+ (size_t) COLUMN_CONNECTION, -+ (size_t) COLUMN_UNIT, -+ (size_t) COLUMN_SESSION, -+ (size_t) COLUMN_DESCRIPTION, -+ (size_t) COLUMN_MACHINE, -+ (size_t) -1); - else -- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, (size_t) -1); -+ r = table_set_display(table, (size_t) COLUMN_NAME, -+ (size_t) COLUMN_PID, -+ (size_t) COLUMN_PROCESS, -+ (size_t) COLUMN_USER, -+ (size_t) COLUMN_CONNECTION, -+ (size_t) COLUMN_UNIT, -+ (size_t) COLUMN_SESSION, -+ (size_t) COLUMN_DESCRIPTION, -+ (size_t) -1); -+ - if (r < 0) - return log_error_errno(r, "Failed to set columns to display: %m"); - --- -1.8.3.1 - diff --git a/systemd-core-Close-and-free-dbus-when-bus-authentica.patch b/systemd-core-Close-and-free-dbus-when-bus-authentica.patch deleted file mode 100644 index 114f5413a70fdad0afb793d6b2c156557ace87aa..0000000000000000000000000000000000000000 --- a/systemd-core-Close-and-free-dbus-when-bus-authentica.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1245ae05c6e2ca7a2af055f9c44f19a0db2971a5 Mon Sep 17 00:00:00 2001 -From: yangbin -Date: Thu, 15 Aug 2019 15:24:03 +0800 -Subject: [PATCH 3/3] systemd-core: Close and free dbus when bus authenticating - timedout - -1. when timedout happened on authenticating a private dbus(can be established by systemctl command), -this dbus will never be freed and closed, and will left on systemd permanently even through the client -(for example, systemctl command) has closed the connection. This is because when timedout happend, -the event and also the timer to watch dbus actions is disabled by sd_event_source_set_enabled -from source_dispatch function, and systemd can do nothing on it since this dbus will not be activated again. -2. If a private dbus staying on authenticating state, and when systemd sends a signal message, it will also -add this message to the message write queue of this bus and will never send it out because the dbus is not in running. -systemd does this for it believe that the bus will change from authenticating to running sometime, but actually it will not. -3. When many private dbuses are left as authenticating and many signal messages are sent from dbus, it will eat up our memory -to hold these dbuses and messages, and memory usage of systemd will grow very fast. -4. This patch fix this problem by closing and freeing the dbus when authenticating timedout. ---- - src/libsystemd/sd-bus/sd-bus.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 05cb4c3..65cf449 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -2946,6 +2946,11 @@ static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priorit - if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) { - bus_enter_closing(bus); - r = 1; -+ } else if(r == -ETIMEDOUT && !bus->is_system) { -+ /*close dbus directly when timedout happened and it is a private dbus*/ -+ log_info("Private bus is closed due authentication timedout."); -+ bus_enter_closing(bus); -+ r = 1; - } else if (r < 0) - return r; - --- -2.17.1 - diff --git a/systemd.spec b/systemd.spec index 8d7c993a8375462303387d0785b5c2a06d4cbe2f..fd7bd3e65482087545983bb783f448c2589d1b1e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,10 +13,14 @@ %global efi_arch x64 %endif +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 243 -Release: 23 +Version: 246 +Release: 1 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -44,62 +48,36 @@ Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt -Patch0001: 0001-udev-use-bfq-as-the-default-scheduler.patch -Patch0002: 0001-udev-ignore-error-caused-by-device-disconnection.patch -Patch0003: 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch -Patch0004: 0001-core-dont-check-potentially-NULL-error.patch -Patch0005: 0001-core-shorten-code-a-bit.patch -Patch0006: 0001-core-no-need-to-eat-up-error.patch -Patch0007: 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch -Patch0008: 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch -Patch0009: 1605-update-rtc-with-system-clock-when-shutdown.patch -Patch0010: 1603-udev-add-actions-while-rename-netif-failed.patch -Patch0011: CVE-2020-1712-1.patch -Patch0012: CVE-2020-1712-2.patch -Patch0013: CVE-2020-1712-3.patch -Patch0014: CVE-2020-1712-4.patch -Patch0015: CVE-2020-1712-5.patch -Patch0016: sd-journal-close-journal-files-that-were-deleted-by-.patch -Patch0017: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0018: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch0019: logind-set-RemoveIPC-to-false-by-default.patch -Patch0020: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch0021: unit-don-t-add-Requires-for-tmp.mount.patch -Patch0022: Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch -Patch2023: rules-add-elevator-kernel-command-line-parameter.patch -Patch2024: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch2025: units-add-Install-section-to-tmp.mount.patch -Patch0026: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch0027: udev-virsh-shutdown-vm.patch -Patch0028: fix-fd-leak-in-no-memory-condition.patch -Patch0029: dbus-execute-avoid-extra-strdup.patch -Patch0030: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0031: sd-bus-properly-initialize-containers.patch -Patch0032: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch0033: journal-don-t-enable-systemd-journald-audit.socket-b.patch - -# The patch of 0026~0029 resolve the pid1 memory leaks -Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch -Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch -Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch -Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch - -Patch0038: systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch -Patch0039: seccomp-more-comprehensive-protection-against-libsec.patch +Patch0001: 1605-update-rtc-with-system-clock-when-shutdown.patch +Patch0002: 1603-udev-add-actions-while-rename-netif-failed.patch +Patch0003: fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch0004: logind-set-RemoveIPC-to-false-by-default.patch +Patch0005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch0006: unit-don-t-add-Requires-for-tmp.mount.patch +Patch0007: rules-add-elevator-kernel-command-line-parameter.patch +Patch0008: rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch0009: units-add-Install-section-to-tmp.mount.patch +Patch0010: Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch0011: udev-virsh-shutdown-vm.patch +Patch0012: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0013: sd-bus-properly-initialize-containers.patch +Patch0014: Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch0015: journal-don-t-enable-systemd-journald-audit.socket-b.patch + +## The patch of 0026~0029 resolve the pid1 memory leaks +#Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch +#Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch +#Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch +#Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch #openEuler -Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch -Patch9003: 1602-activation-service-must-be-restarted-when-reactivated.patch -Patch9004: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch -#Patch9004: 1612-serialize-pids-for-scope-when-not-started.patch -#Patch9005: 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch -Patch9007: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch -Patch9008: 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch -#Patch9006: core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch -#Patch9009: systemd-core-Close-and-free-dbus-when-bus-authentica.patch -Patch9009: systemd-change-time-log-level.patch -Patch9010: fix-capsh-drop-but-ping-success.patch -Patch9011: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch9001: 1509-fix-journal-file-descriptors-leak-problems.patch +Patch9002: 1602-activation-service-must-be-restarted-when-reactivated.patch +Patch9003: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +Patch9004: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9005: systemd-change-time-log-level.patch +Patch9006: fix-capsh-drop-but-ping-success.patch +Patch9007: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel @@ -111,8 +89,14 @@ BuildRequires: gnutls-devel, qrencode-devel, libmicrohttpd-devel, libxkbcommon- BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel +%if 0%{?have_gnu_efi} BuildRequires: gnu-efi gnu-efi-devel -BuildRequires: valgrind-devel, util-linux +%endif + +%ifarch %{valgrind_arches} +BuildRequires: valgrind-devel +%endif +BuildRequires: util-linux Requires: %{name}-libs = %{version}-%{release} Requires(post): coreutils @@ -280,7 +264,9 @@ CONFIGURE_OPTS=( -Dlibiptc=true -Dlibcurl=true -Defi=true +%if 0%{?have_gnu_efi} -Dgnu-efi=true +%endif -Dtpm=true -Dhwdb=true -Dsysusers=true @@ -706,6 +692,7 @@ fi %files -f %{name}.lang %doc %{_pkgdocdir} +%exclude /usr/lib/systemd/tests %exclude %{_pkgdocdir}/LICENSE.* %license LICENSE.GPL2 LICENSE.LGPL2.1 %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants @@ -857,6 +844,7 @@ fi /usr/bin/systemd-sysusers /usr/bin/systemd-tty-ask-password-agent /usr/bin/busctl +/usr/bin/userdbctl %dir /usr/lib/environment.d %dir /usr/lib/binfmt.d %dir /usr/lib/tmpfiles.d @@ -896,7 +884,7 @@ fi %dir %{_systemddir}/user-environment-generators %{_systemddir}/systemd-shutdown %{_systemddir}/systemd-portabled -%{_systemddir}/libsystemd-shared-243.so +%{_systemddir}/libsystemd-shared-245.so %{_systemddir}/systemd-reply-password %dir %{_systemddir}/system-generators %dir %{_systemddir}/system @@ -1116,6 +1104,16 @@ fi %{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket %{_unitdir}/sockets.target.wants/systemd-journald.socket %{_unitdir}/sockets.target.wants/systemd-initctl.socket +%{_unitdir}/blockdev@.target +%{_unitdir}/sys-kernel-tracing.mount +%{_unitdir}/sysinit.target.wants/sys-kernel-tracing.mount +%{_unitdir}/system-systemd\x2dcryptsetup.slice +%{_unitdir}/systemd-journald-varlink@.socket +%{_unitdir}/systemd-journald@.service +%{_unitdir}/systemd-journald@.socket +%{_unitdir}/systemd-userdbd.service +%{_unitdir}/systemd-userdbd.socket +%{_unitdir}/modprobe@.service %{_systemddir}/system-generators/systemd-fstab-generator %{_systemddir}/system-generators/systemd-sysv-generator %{_systemddir}/system-generators/systemd-rc-local-generator @@ -1144,7 +1142,12 @@ fi %{_userunitdir}/systemd-tmpfiles-clean.timer %{_userunitdir}/sockets.target %{_userunitdir}/smartcard.target +%{_systemddir}/systemd-userdbd +%{_systemddir}/systemd-userwork %{_systemddir}/network/80-container-host0.network +%{_systemddir}/network/80-wifi-adhoc.network +%{_systemddir}/network/80-wifi-ap.network.example +%{_systemddir}/network/80-wifi-station.network.example %{_systemddir}/catalog/systemd.fr.catalog %{_systemddir}/catalog/systemd.be.catalog %{_systemddir}/catalog/systemd.bg.catalog @@ -1157,6 +1160,9 @@ fi %{_systemddir}/catalog/systemd.zh_TW.catalog %{_systemddir}/catalog/systemd.ru.catalog %{_systemddir}/catalog/systemd.catalog +%{_systemddir}/systemd-xdg-autostart-condition +%{_systemddir}/user-generators/systemd-xdg-autostart-generator +%{_systemddir}/user/xdg-desktop-autostart.target /usr/lib/sysctl.d/50-coredump.conf /usr/lib/sysctl.d/50-default.conf /usr/lib/sysctl.d/50-pid-max.conf @@ -1172,6 +1178,7 @@ fi /usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/static-nodes-permissions.conf /usr/lib/tmpfiles.d/var.conf +/usr/lib/tmpfiles.d/systemd-pstore.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d @@ -1209,17 +1216,17 @@ fi %dir /etc/xdg/systemd %config(noreplace) /etc/xdg/systemd/user -/usr/lib64/security/pam_systemd.so +%{_libdir}/security/pam_systemd.so /usr/lib/rpm/macros.d/macros.systemd %files libs -/usr/lib64/libnss_systemd.so.2 -/usr/lib64/libnss_resolve.so.2 -/usr/lib64/libnss_myhostname.so.2 -/usr/lib64/libsystemd.so.0 -/usr/lib64/libsystemd.so.0.27.0 -/usr/lib64/libudev.so.1 -/usr/lib64/libudev.so.1.6.15 +%{_libdir}/libnss_systemd.so.2 +%{_libdir}/libnss_resolve.so.2 +%{_libdir}/libnss_myhostname.so.2 +%{_libdir}/libsystemd.so.0 +%{_libdir}/libsystemd.so.* +%{_libdir}/libudev.so.1 +%{_libdir}/libudev.so.* %files devel /usr/share/man/man3/* @@ -1237,10 +1244,11 @@ fi /usr/include/systemd/sd-id128.h /usr/include/systemd/sd-bus.h /usr/include/systemd/sd-login.h -/usr/lib64/libudev.so -/usr/lib64/libsystemd.so -/usr/lib64/pkgconfig/libsystemd.pc -/usr/lib64/pkgconfig/libudev.pc +/usr/include/systemd/sd-path.h +%{_libdir}/libudev.so +%{_libdir}/libsystemd.so +%{_libdir}/pkgconfig/libsystemd.pc +%{_libdir}/pkgconfig/libudev.pc %files udev %ghost %dir /var/lib/systemd/backlight @@ -1265,7 +1273,6 @@ fi %dir /usr/lib/udev %dir /usr/lib/kernel %dir /usr/lib/modules-load.d -%dir %{_systemddir}/boot %{_systemddir}/systemd-timesyncd %{_systemddir}/systemd-growfs %{_systemddir}/systemd-modules-load @@ -1329,9 +1336,12 @@ fi %{_systemddir}/system-generators/systemd-hibernate-resume-generator %{_systemddir}/system-generators/systemd-gpt-auto-generator %{_systemddir}/ntp-units.d/80-systemd-timesync.list +%if 0%{?have_gnu_efi} +%dir %{_systemddir}/boot %dir %{_systemddir}/boot/efi %{_systemddir}/boot/efi/systemd-boot%{efi_arch}.efi %{_systemddir}/boot/efi/linux%{efi_arch}.efi.stub +%endif %{_systemddir}/network/99-default.link %dir /usr/lib/kernel/install.d /usr/lib/kernel/install.d/20-grubby.install @@ -1344,6 +1354,7 @@ fi /usr/lib/udev/cdrom_id /usr/lib/udev/mtd_probe /usr/lib/udev/scsi_id +/usr/lib/udev/fido_id %dir /usr/lib/udev/hwdb.d %{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb %{_udevhwdbdir}/70-touchpad.hwdb @@ -1363,6 +1374,7 @@ fi %{_udevhwdbdir}/70-joystick.hwdb %{_udevhwdbdir}/60-sensor.hwdb %{_udevhwdbdir}/70-mouse.hwdb +%{_udevhwdbdir}/60-input-id.hwdb %{_udevrulesdir}/40-openEuler.rules %{_udevrulesdir}/40-elevator.rules %{_udevrulesdir}/73-idrac.rules @@ -1381,7 +1393,6 @@ fi %{_udevrulesdir}/60-persistent-v4l.rules %{_udevrulesdir}/70-joystick.rules %{_udevrulesdir}/70-power-switch.rules -%{_udevrulesdir}/60-block-scheduler.rules %{_udevrulesdir}/60-persistent-storage.rules %{_udevrulesdir}/80-net-setup-link.rules %{_udevrulesdir}/60-evdev.rules @@ -1395,6 +1406,9 @@ fi %{_udevrulesdir}/99-systemd.rules %{_udevrulesdir}/60-persistent-storage-tape.rules %{_udevrulesdir}/50-udev-default.rules +%{_udevrulesdir}/60-autosuspend-chromiumos.rules +%{_udevrulesdir}/60-fido-id.rules +%{_udevrulesdir}/61-autosuspend-manual.rules /usr/lib/modprobe.d/systemd.conf %ghost %config(noreplace) /etc/vconsole.conf %dir /etc/udev @@ -1415,11 +1429,13 @@ fi /usr/share/zsh/site-functions/_systemd-nspawn /usr/share/dbus-1/system-services/org.freedesktop.import1.service /usr/share/dbus-1/system-services/org.freedesktop.machine1.service +/usr/share/dbus-1/services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service /usr/share/dbus-1/system.d/org.freedesktop.import1.conf /usr/share/dbus-1/system.d/org.freedesktop.machine1.conf /usr/share/polkit-1/actions/org.freedesktop.import1.policy /usr/share/polkit-1/actions/org.freedesktop.machine1.policy -/usr/lib64/libnss_mymachines.so.2 +%{_libdir}/libnss_mymachines.so.2 /usr/bin/machinectl /usr/bin/systemd-nspawn %{_systemddir}/systemd-import @@ -1441,6 +1457,7 @@ fi %{_unitdir}/remote-fs.target.wants/var-lib-machines.mount %{_systemddir}/network/80-container-vz.network %{_systemddir}/network/80-container-ve.network +%{_systemddir}/network/80-vm-vt.network /usr/lib/tmpfiles.d/systemd-nspawn.conf %files journal-remote @@ -1478,6 +1495,12 @@ fi %exclude /usr/share/man/man3/* %changelog +* Fri Jun 12 2020 openEuler Buildteam - 246-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to release 246 + * Thu May 28 2020 openEuler Buildteam - 243-23 - Type:enhancement - ID:NA diff --git a/units-add-Install-section-to-tmp.mount.patch b/units-add-Install-section-to-tmp.mount.patch index b1a615a0decf92a4dafbb8f7f3a2f36eef6b8f06..78ec31a844dd961e334c12193695022625eb16e4 100644 --- a/units-add-Install-section-to-tmp.mount.patch +++ b/units-add-Install-section-to-tmp.mount.patch @@ -9,17 +9,17 @@ Resolves: #1667065 1 file changed, 4 insertions(+) diff --git a/units/tmp.mount b/units/tmp.mount -index 742d863..b558047 100644 +index 7066e52261..b3966dfd37 100644 --- a/units/tmp.mount +++ b/units/tmp.mount -@@ -22,3 +22,7 @@ What=tmpfs +@@ -23,3 +23,7 @@ What=tmpfs Where=/tmp Type=tmpfs - Options=mode=1777,strictatime,nosuid,nodev + Options=mode=1777,strictatime,nosuid,nodev,size=10%,nr_inodes=400k + +# Make 'systemctl enable tmp.mount' work: +[Install] +WantedBy=local-fs.target -- -1.8.3.1 +2.23.0