| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Fixes #20241.
(cherry picked from commit c347a98272bd1b81682c266b9720fad107b96ab0)
|
| |
|
|
|
|
|
|
|
| |
For some setups, kernel refuses to set bridge configs with -EOPNOTSUPP.
See kernel's rtnl_bridge_setlink() in net/core/rtnetlink.c.
Fixes #20373.
(cherry picked from commit 1171f3f030319155914c2bb90655f46653f88cbf)
|
| |
|
|
| |
(cherry picked from commit 17d808a8bf55471009f5e0e1ccb06b1ffccdfa1a)
|
| |
|
|
|
|
|
|
|
| |
This fixes e.g. the following log message:
---
systemd[1]: -.slice: Failed to migrate controller cgroups from , ignoring: Read-only file system
---
(cherry picked from commit 6178e2f88956e1900f445908ed053865cc22e879)
|
| |
|
|
| |
(cherry picked from commit 0cddb53c85588fbfb8043f622895c7bd15819198)
|
| |
|
|
|
|
|
|
| |
This partially reverts 192a9d95ea3e058afd824d38a9cea16ad0a84a57 (#19432).
Fixes #20305.
(cherry picked from commit 74c1ab841fbad9d4f237c819577fcd1d46a072b6)
|
| |
|
|
|
|
| |
Dare to be different ¯\_(ツ)_/¯
(cherry picked from commit ed802c44da7918ba1c14944b711a20b14d9e0fd4)
|
| |
|
|
|
|
|
| |
Since we can build --bootable=no images without dracut->systemd, we need
to add systemd runtime dependencies explicitely.
(cherry picked from commit f2bb8857cd093eb9bd5e1dad6fb996a0a4463556)
|
| |
|
|
|
|
|
|
| |
configured by NDisc
Fixes #20244.
(cherry picked from commit 10e417b3eac03c1bcd0b5f3d5c24291ac644e164)
|
| |
|
|
|
|
| |
It makes it easier to diagnose what the generated units actually do.
(cherry picked from commit d53285d551d883bb9f097eca0942e8c585e33470)
|
| |
|
|
|
|
|
| |
In general our commands print help on --help, but here this would trigger
the error that two arguments are needed. Let's make this more user-friendly.
(cherry picked from commit 5d5e43cc33637a12f743f17294cfbd3ede08a1b3)
|
| |
|
|
|
|
| |
* `<sys/poll.h>` is not specified in POSIX
(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c)
|
| |
|
|
|
|
| |
* `<sys/fcntl.h>` is not specified in POSIX
(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
s390x uses BRAS(L) instead of CALL(Q), e.g.:
```
1009528: c0 e5 ff ff f8 a0 brasl %r14,1008668 <__asan_report_load1@plt>
10095f0: c0 e5 ff ff ea ec brasl %r14,1006bc8 <__asan_stack_malloc_4@plt>
10097f8: c0 e5 ff ff f8 f8 brasl %r14,10089e8 <__asan_report_load8@plt>
```
x86_64 for reference:
```
4011f3: e8 48 fe ff ff callq 401040 <__asan_report_load1@plt>
401227: e8 24 fe ff ff callq 401050 <__asan_report_load8@plt>
401251: e8 da fd ff ff callq 401030 <__asan_init@plt>
```
(cherry picked from commit 8bf79f05532162d19fe6ee211297cff81b4f9874)
|
| |
|
|
|
|
|
|
| |
We call "systemctl set-property … Markers=+needs-restart" and this should
also work for globs, e.g. "user@*.service" or "syncthing@*.service".
https://bugzilla.redhat.com/show_bug.cgi?id=1986258
(cherry picked from commit 23a0ffa59f9cb26c4b016c9fd1a3a70da2607f61)
|
| |
|
|
|
|
|
|
|
|
|
| |
The text used "unit's view" to mean mount namespace. But we talk about
mount namespaces in the later part of the paragraph anyway, so trying to
use an "approachable term" only makes the whole thing harder to understand.
Let's use the precise term.
Some paragraph-breaking and re-indentation is done too.
(cherry picked from commit e04eae5e1c43c050e0707d3fcfdc16691b761d61)
|
| |
|
|
| |
(cherry picked from commit dab1fe1a8e4d47784b6bf7b440d4b3ba6e70940d)
|
| |
|
|
|
|
|
|
| |
There is some inconsistency, partially caused by the awkward naming
of the docs/ pages. But let's be consistent and use the "official" title.
If we ever change plural↔singular, we should use the same form everywhere.
(cherry picked from commit d6029680df7c4991e37662467668816a83c0b806)
|
| |
|
|
|
|
| |
Fixes #20297.
(cherry picked from commit be0d27ee0c2a2cce39490b8cfc0e7d995fbd7644)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739
In general, we shouldn't blanket move syscalls like this into @default,
given that glibc actually does have fallbacks, afaics. However, as
long as the syscalls are "read-only" and thus benign, I figure it's a
safe thing to do. But we should probably stick to a "if in doubt, don't"
rule, and put these syscalls in @system-service as default, but not into
@default.
I think in the real world @system-service is the sensible group people
should use, and not @default actually.
(cherry picked from commit 7df660e45682af5c40a236abe1bdc5ddcf3b3533)
|
| |
|
|
|
|
|
|
|
|
| |
It's included in @default now, since
14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service
pulls that in we can drop it from @system-service.
Follow-up for #20191
(cherry picked from commit 67347f37407489a68e12da8f75b78ae1d1168de9)
|
| |
|
|
|
|
|
|
|
|
| |
This header provides definitions for NET_NAME_UNKNOWN ånd NET_NAME_ENUM
Fixes build issue found with non-glibc systems
../git/src/network/networkd-link.c:1203:52: error: 'NET_NAME_UNKNOWN' undeclared (first use in this function)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2a0d07d6a0d5be63c6c10cb0789412f584858ec1)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
```
testsuite-60.sh[759]: + grep -q '(mount-monitor-dispatch) entered rate limit'
testsuite-60.sh[571]: + sleep 5
testsuite-60.sh[761]: ++ date -u +%s
testsuite-60.sh[571]: + [[ 1627037066 -le 1627037061 ]]
testsuite-60.sh[571]: /usr/lib/systemd/tests/testdata/units/testsuite-60.sh: line 41: entered_rl: unbound variable
```
(cherry picked from commit f571d9d5f051f7dbaee8d0dbf32e5a93180285e9)
|
| |
|
|
| |
(cherry picked from commit d2e84b601805ae89cf8cb1b383b30c7c97cac73d)
|
| |
|
|
|
|
| |
We don't need to modify the image, and the loopback device is already set to read-only.
(cherry picked from commit f6f4ec7951f429e8a470f8912cbeacde8fa1206e)
|
| |
|
|
|
|
| |
glibc master uses getrandom in malloc since https://sourceware.org/git/?p=glibc.git;a=commit;h=fc859c304898a5ec72e0ba5269ed136ed0ea10e1 , getrandom should be in the default set so to avoid all non trivial programs to fallback to a PRNG.
(cherry picked from commit 14f4b1b568907350d023d1429c1aa4aaa8925f22)
|
| |
|
|
|
| |
Fixes: #18599
(cherry picked from commit feac9a1d1bf3f59adaa85f58b655ec01a111a29a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Observed as a crash on binaries built with gcc-master:
```
3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0,
elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157
4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=<optimized out>,
name=0x5573b901a620 "/a", start=<optimized out>, arg=0x7fffc688f790)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:306
5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0,
callback=callback@entry=0x5573b8841eb0 <module_callback>, arg=arg@entry=0x7fffc688f790, offset=offset@entry=0)
at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86
6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850,
executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366
7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850,
ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:406
8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990,
input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827
9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041
10 run (argv=<optimized out>, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416
11 main (argc=-964101648, argv=<optimized out>) at ../systemd-stable-249.2/src/coredump/coredump.c:1422
```
Happens only on enabled elfutils symbolizer.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
(cherry picked from commit 1da3eef262078905ec14c707eeab655a17ae8bd2)
|
| |
|
|
| |
(cherry picked from commit 946f7ce32cef44d9bfcf2dc594bb193341434f57)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nss-resolve also looks in /etc/hosts, and has the same local hostname
resolving logic as nss-myhostname. We shouldn't recommend another order
than nss-resolve uses internally.
When nss-resolve is used, there's no possibility to override
nss-myhostname hosts via DNS *anyway*.
On top of that, it's not a good idea to allow DNS to override local
hostnames as all - at least not something we should advertise in the
docs.
Followup of f918c67d38ba6ccd4eb0dc657f3f3155e5010cae /
https://github.com/systemd/systemd/pull/16754.
(cherry picked from commit ce266330fc3bd6767451ac3400336cd9acebe9c1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we reexec the manager in a container, we lose configuration settings on
the kernel command line:
$ systemd-nspawn -M rawhide -b systemd.status-unit-format=name systemd.show-status=yes
...
# tr '\0' ' ' </proc/1/cmdline
/usr/lib/systemd/systemd systemd.status_unit_format=combined systemd.show-status=yes
# sudo systemctl daemon-reexec
# tr '\0' ' ' </proc/1/cmdline
/usr/lib/systemd/systemd --system --deserialize 20
This means that after daemon-reexec, the settings that we gain from the
commandline are reset to defaults.
So let's reeexecute with the original arguments copied over, modulo some
filtering.
(cherry picked from commit 846f1da465beda990c1c01346311393f485df467)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When two fields were added to the vtable.x.start struct, no initializers
for these were added to SD_BUS_VTABLE_END which also (ab)used that
struct (albeit sneakily by using non-designated initialization).
While C tolerates this, C++ prohibits these missing initializers, and
both g++ and clang++ will complain when using -Wextra.
This patch gives SD_BUS_VTABLE_END its own case in the union and
clarifies its initialization.
I tested the behaviour of g++ 10.2 and clang 11 in various cases. Both will warn
(-Wmissing-field-initializers, implied by -Wextra) if you provide initializers for some
but not all fields of a struct. Declaring x.end as empty struct or using an empty initializer
{} to initialize the union or one of its members is valid C++ but not C, although both gcc
and clang accept it without warning (even at -Wall -Wextra -std=c90/c++11) unless you
use -pedantic (which requires -std=c99/c++2a to support designated initializers).
Interestingly, .x = { .start = { 0, 0, NULL } } is the only initializer I found for the union
(among candidates for SD_BUS_VTABLE_END) where gcc doesn't zero-fill it entirely
when allocated on stack, it looked like it did in all other cases (I only examined this on
32-bit arm). clang always seems to initialize all bytes of the union.
[zjs: test case:
$ cat vtable-test.cc
#include "sd-bus.h"
const sd_bus_vtable vtable[] = {
SD_BUS_VTABLE_END
};
$ g++ -I src/systemd/ -Wall -Wmissing-field-initializers -c vtable-test.cc
vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::<unnamed union>::<unnamed struct>::features’ [-Wmissing-field-initializers]
5 | };
| ^
vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::<unnamed union>::<unnamed struct>::vtable_format_reference’ [-Wmissing-field-initializers]
$ clang++ -I src/systemd/ -Wmissing-field-initializers -c vtable-test.cc
vtable-test.cc:4:4: warning: missing field 'features' initializer [-Wmissing-field-initializers]
SD_BUS_VTABLE_END
^
src/systemd/sd-bus-vtable.h:188:28: note: expanded from macro 'SD_BUS_VTABLE_END'
.x = { { 0 } }, \
^
1 warning generated.
Both warnings are gone with the patch.]
(cherry picked from commit 654eaa403070d3c897454a5190603fda4071c3ff)
|
| |
|
|
|
|
| |
Prestige And Modern
(cherry picked from commit 30c9faff0d74ceb0cbafb8ecdd8573bc479984dc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
|
| |
|
|
|
|
| |
Correct resoulution with resolution.
(cherry picked from commit b838bc11268ea461e8c58ce69e2f781be1821aa1)
|
| |
|
|
| |
(cherry picked from commit 3f49d1faf59acaa85aa5ad502c39b1a601d58d26)
|
| |
|
|
|
|
| |
It's already listed along with others (Tunnel, VLAN, etc.) and its description matches those. The duplication was introduced by commit c3006a485c9c35c0ab947479ff1dd7149fda9750.
(cherry picked from commit 534b5abce12847abc896fba24cafb99c101a2987)
|
| |
|
|
| |
(cherry picked from commit 6dc57047ff0f1f9e98938ffb172dae06e6868b94)
|
| |
|
|
|
|
| |
Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.
(cherry picked from commit 85e424c0c852fcb92d108494a6efa9dd0ce943b2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #20189. We would only log at debug level and return failure, which looks
like a noop for the user.
('help' accepts multiple arguments and will show multiple concatenated man
pages in that case. Actually, it will also show multiple concatenated man pages
if the Documentation= setting lists multiple pages. I don't think it's very
terribly useful, but, meh, I don't think we can do much better. If a user
requests a help for a two services, one known and one unknown, there'll now be
a line in the output. It's not very user friendly, but not exactly wrong too.)
(cherry picked from commit 75312ada5324d8adae3f3a0ed97f0acfc8b8bde5)
|
| |
|
|
|
|
| |
Updated manpage for sd_bus_set_property and sd_bus_set_propertyv. In the old manpage, these functions included the parameter sd_bus_message **reply when the actual function had no such argument.
(cherry picked from commit 4226dfafbac2167e1441a7a65d00c29c5016d4fb)
|
| |
|
|
|
|
|
|
|
|
| |
* Fixed typo
Before, the file claimed that some systemd units are created "from other
configuration". It should have read "from other configuration files".
Co-authored-by: Nozz <nozolo90@gmail.com>
(cherry picked from commit a814eae728a5e238e39d4a9d952ce8e309fa38fd)
|
| |
|
|
|
|
|
| |
Since 23f8e01 we always kept binaries unstripped, since $STRIP_BINARIES
is unset by default.
(cherry picked from commit e68e473ba2d6383155c49337c3c5f2c0d3fb0b5f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes the ldconfig.service might take a bit longer to finish,
causing spurious test timeouts:
```
[ 1025.858923] systemd[24]: ldconfig.service: Executing: /sbin/ldconfig -X
...
[ 1043.883620] systemd[1]: ldconfig.service: Main process exited, code=exited, status=0/SUCCESS (success)
...
Trying to halt container. Send SIGTERM again to trigger immediate
termination.
Container TEST-52-HONORFIRSTSHUTDOWN terminated by signal KILL.
E: Test timed out after 20s
```
(cherry picked from commit 7fb4ee7aa5b6ffdf2e1e8e50a18630aa30f16505)
|
| |
|
|
|
|
| |
"ESP" is "EFI system partition", so "ESP partition" is redundant.
(cherry picked from commit 250db1bf02b9fd73f2e0604acddbc20937c67d19)
|
| |
|
|
|
|
|
|
|
| |
fixes assertion failure on arm:
systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting.
(cherry picked from commit 105a4245ff13d588e1e848e8ee3cffd6185bd0ae)
(cherry picked from commit 4a44597bdd725f504ebd520b0deef7797dc46daa)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").
Replaces: #20153
This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.
This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
|
| |\
| |
| | |
Preparations for v249
|
| | |
| |
| |
| | |
Follow-up for 33f899bd479534b0a920ce427cdf06739028f5ab
|
