diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-12-12 02:54:13 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-12-12 02:54:13 +0000 |
| commit | a35fcc8b3fc340a6b874440b2a87e155c807ece5 (patch) | |
| tree | 02ca631dd69c05a4dfcbd98a0ed12e2b0d2cd035 | |
| parent | b7abaf7e217d7948f8101d25013189a9322dd6ef (diff) | |
automatic import of systemdopeneuler24.03_LTS
102 files changed, 11995 insertions, 0 deletions
@@ -0,0 +1 @@ +/systemd-255.tar.gz diff --git a/20-grubby.install b/20-grubby.install new file mode 100644 index 0000000..e059125 --- /dev/null +++ b/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-<version>.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/Don-t-set-AlternativeNamesPolicy-by-default.patch b/Don-t-set-AlternativeNamesPolicy-by-default.patch new file mode 100644 index 0000000..24fe54b --- /dev/null +++ b/Don-t-set-AlternativeNamesPolicy-by-default.patch @@ -0,0 +1,26 @@ +From 1e3f74b7ca5ead53c10e5b37cf8660651f32d181 Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Thu, 11 Aug 2022 19:53:35 +0800 +Subject: [PATCH] Don't set AlternativeNamesPolicy by default + +When a network adapter is renamed, the altname of the network adapter may be +set based on AlternativeNamesPolicy. As a result, the network adapter name +fails to be restored. For example, after enp4s0 is renamed tmp, udev sets the +altname of tmp to enp4s0. If you want to restore tmp to enp4s0, it will fail. +--- + network/99-default.link | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/network/99-default.link b/network/99-default.link +index 31aee37..db48c4d 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -12,5 +12,4 @@ OriginalName=* + + [Link] + NamePolicy=keep kernel database onboard slot path +-AlternativeNamesPolicy=database onboard slot path + MACAddressPolicy=none +-- +2.23.0 + diff --git a/Make-systemd-udevd.service-start-after-systemd-remou.patch b/Make-systemd-udevd.service-start-after-systemd-remou.patch new file mode 100644 index 0000000..18bdc37 --- /dev/null +++ b/Make-systemd-udevd.service-start-after-systemd-remou.patch @@ -0,0 +1,24 @@ +From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam <buildteam@openeuler.org> +Date: Tue, 29 Jan 2019 22:54:34 -0500 +Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service. +--- + units/systemd-udevd.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index 9ada3a6a74..17f15bba83 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -11,7 +11,7 @@ + Description=Rule-based Manager for Device Events and Files + Documentation=man:systemd-udevd.service(8) man:udev(7) + DefaultDependencies=no +-After=systemd-sysusers.service systemd-hwdb-update.service ++After=systemd-sysusers.service systemd-hwdb-update.service systemd-remount-fs.service + Before=sysinit.target + ConditionPathIsReadWrite=/sys + +-- +2.23.0 + diff --git a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch new file mode 100644 index 0000000..2d92a3b --- /dev/null +++ b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch @@ -0,0 +1,87 @@ +From a3d2f4261ef9a953904e3e21abafba0dad7daa77 Mon Sep 17 00:00:00 2001 +From: gaoyi <gaoyi15@huawei.com> +Date: Mon, 28 Sep 2020 22:36:37 +0800 +Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal + +When processing uevent events fails, retry it. +--- + src/udev/udev-manager.c | 35 +++++++++++++++++++++++++++++++++-- + 1 file changed, 33 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udev-manager.c b/src/udev/udev-manager.c +index 8077e51..88023c7 100644 +--- a/src/udev/udev-manager.c ++++ b/src/udev/udev-manager.c +@@ -36,6 +36,7 @@ + #include "udev-worker.h" + + #define WORKER_NUM_MAX UINT64_C(2048) ++#define UEVENT_MAX_RETRY_TIMES 3 + + #define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) + #define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) +@@ -50,6 +51,7 @@ typedef struct Event { + Manager *manager; + Worker *worker; + EventState state; ++ int retry; + + sd_device *dev; + +@@ -89,6 +91,32 @@ typedef struct Worker { + Event *event; + } Worker; + ++static bool event_retry(Event *event) { ++ if (!event) ++ return false; ++ ++ assert(event->manager); ++ ++ if (--event->retry < 0) { ++ log_device_error(event->dev, "Retry failed."); ++ return false; ++ } ++ ++ log_device_info(event->dev, "Retry %d times.", UEVENT_MAX_RETRY_TIMES - event->retry); ++ ++ event->timeout_warning_event = sd_event_source_unref(event->timeout_warning_event); ++ event->timeout_event = sd_event_source_unref(event->timeout_event); ++ ++ if (event->worker) { ++ event->worker->event = NULL; ++ event->worker = NULL; ++ } ++ ++ event->state = EVENT_QUEUED; ++ ++ return true; ++} ++ + static Event *event_free(Event *event) { + if (!event) + return NULL; +@@ -735,6 +763,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + .devpath_old = devpath_old, + .devnode = devnode, + .state = EVENT_QUEUED, ++ .retry = UEVENT_MAX_RETRY_TIMES, + }; + + if (!manager->events) { +@@ -1126,8 +1155,10 @@ static int on_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) { + device_delete_db(dev); + device_tag_index(dev, NULL, false); + +- /* Forward kernel event to libudev listeners */ +- udev_broadcast_result(manager->monitor, dev, result); ++ if (event_retry(worker->event) == false) { ++ /* Forward kernel event to libudev listeners */ ++ udev_broadcast_result(manager->monitor, dev, result); ++ } + } + + worker_free(worker); +-- +2.33.0 + diff --git a/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/Revert-core-one-step-back-again-for-nspawn-we-actual.patch new file mode 100644 index 0000000..2673f6b --- /dev/null +++ b/Revert-core-one-step-back-again-for-nspawn-we-actual.patch @@ -0,0 +1,43 @@ +From 9d0046ceca10911361137d6496987cb15ffff132 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Thu, 25 Jun 2015 09:20:59 +0200 +Subject: [PATCH] Revert "core: one step back again, for nspawn we + actually can't wait for cgroups running empty since systemd will get exactly + zero notifications about it" + +This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. + +https://bugzilla.redhat.com/show_bug.cgi?id=1141137 +https://github.com/systemd/systemd/pull/350 + +Resolves: #1703485 + +--- + src/core/unit.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 1cadcd4..10e314f 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4799,16 +4799,7 @@ int unit_kill_context( + + } else if (r > 0) { + +- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if +- * we are running in a container or if this is a delegation unit, simply because cgroup +- * notification is unreliable in these cases. It doesn't work at all in containers, and outside +- * of containers it can be confused easily by left-over directories in the cgroup — which +- * however should not exist in non-delegated units. On the unified hierarchy that's different, +- * there we get proper events. Hence rely on them. */ +- +- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 || +- (detect_container() == 0 && !unit_cgroup_delegate(u))) +- wait_for_exit = true; ++ wait_for_exit = true; + + if (send_sighup) { + set_free(pid_set); +-- +2.19.1 + diff --git a/Systemd-Add-sw64-architecture.patch b/Systemd-Add-sw64-architecture.patch new file mode 100644 index 0000000..2de2125 --- /dev/null +++ b/Systemd-Add-sw64-architecture.patch @@ -0,0 +1,864 @@ +From b9043cf1d074497cf77272dd9bf24c2098e56265 Mon Sep 17 00:00:00 2001 +From: rpm-build <rpm-build> +Date: Tue, 25 Oct 2022 15:26:32 +0800 +Subject: [PATCH] Systemd Add sw64 architecture + +Signed-off-by: rpm-build <rpm-build> +--- + src/basic/architecture.c | 4 + + src/basic/architecture.h | 4 + + src/basic/meson.build | 1 + + src/basic/missing_fcntl.h | 2 + + src/basic/missing_syscall_def.h | 33 ++ + src/basic/missing_syscalls.py | 2 + + src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++ + 7 files changed, 646 insertions(+) + create mode 100644 src/basic/syscalls-sw_64.txt + +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 773ee3c..59a4e31 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -49,6 +49,9 @@ Architecture uname_architecture(void) { + #elif defined(__alpha__) + { "alpha" , ARCHITECTURE_ALPHA }, + ++#elif defined(__sw_64__) ++ { "sw_64" , ARCHITECTURE_SW_64 }, ++ + #elif defined(__arc__) + { "arc", ARCHITECTURE_ARC }, + { "arceb", ARCHITECTURE_ARC_BE }, +@@ -145,6 +148,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { + [ARCHITECTURE_ARM] = "arm", + [ARCHITECTURE_ARM_BE] = "arm-be", + [ARCHITECTURE_ALPHA] = "alpha", ++ [ARCHITECTURE_SW_64] = "sw_64", + [ARCHITECTURE_ARC] = "arc", + [ARCHITECTURE_ARC_BE] = "arc-be", + [ARCHITECTURE_CRIS] = "cris", +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 096526a..4c4be03 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -11,6 +11,7 @@ + + typedef enum { + ARCHITECTURE_ALPHA, ++ ARCHITECTURE_SW_64, + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, + ARCHITECTURE_ARM, +@@ -142,6 +143,9 @@ Architecture uname_architecture(void); + #elif defined(__alpha__) + # define native_architecture() ARCHITECTURE_ALPHA + # define LIB_ARCH_TUPLE "alpha-linux-gnu" ++#elif defined(__sw_64__) ++# define native_architecture() ARCHITECTURE_SW_64 ++# define LIB_ARCH_TUPLE "sw_64-linux-gnu" + #elif defined(__aarch64__) + # if __BYTE_ORDER == __BIG_ENDIAN + # define native_architecture() ARCHITECTURE_ARM64_BE +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 7aae031..f0a0282 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -177,6 +177,7 @@ basic_sources += generated_gperf_headers + + arch_list = [ + 'alpha', ++ 'sw_64', + 'arc', + 'arm', + 'arm64', +diff --git a/src/basic/missing_fcntl.h b/src/basic/missing_fcntl.h +index 00937d2..fff662b 100644 +--- a/src/basic/missing_fcntl.h ++++ b/src/basic/missing_fcntl.h +@@ -45,6 +45,8 @@ + #ifndef __O_TMPFILE + #if defined(__alpha__) + #define __O_TMPFILE 0100000000 ++#elif defined(__sw_64__) ++#define __O_TMPFILE 0100000000 + #elif defined(__parisc__) || defined(__hppa__) + #define __O_TMPFILE 0400000000 + #elif defined(__sparc__) || defined(__sparc64__) +diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h +index 402fdd0..9680923 100644 +--- a/src/basic/missing_syscall_def.h ++++ b/src/basic/missing_syscall_def.h +@@ -10,6 +10,7 @@ + * template as the per-syscall blocks below. */ + # if defined(__aarch64__) + # elif defined(__alpha__) ++# elif defined(__sw_64__) + # elif defined(__arc__) || defined(__tilegx__) + # elif defined(__arm__) + # elif defined(__i386__) +@@ -47,6 +48,8 @@ + # define systemd_NR_bpf 280 + # elif defined(__alpha__) + # define systemd_NR_bpf 515 ++# elif defined(__sw_64__) ++# define systemd_NR_bpf 170 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_bpf 280 + # elif defined(__arm__) +@@ -115,6 +118,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); + # define systemd_NR_close_range 436 + # elif defined(__alpha__) + # define systemd_NR_close_range 546 ++# elif defined(__sw_64__) ++# define systemd_NR_close_range 283 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_close_range 436 + # elif defined(__arm__) +@@ -183,6 +188,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); + # define systemd_NR_copy_file_range 285 + # elif defined(__alpha__) + # define systemd_NR_copy_file_range 519 ++# elif defined(__sw_64__) ++# define systemd_NR_copy_file_range 515 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_copy_file_range 285 + # elif defined(__arm__) +@@ -251,6 +258,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); + # define systemd_NR_getrandom 278 + # elif defined(__alpha__) + # define systemd_NR_getrandom 511 ++# elif defined(__sw_64__) ++# define systemd_NR_getrandom 511 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_getrandom 278 + # elif defined(__arm__) +@@ -319,6 +328,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); + # define systemd_NR_memfd_create 279 + # elif defined(__alpha__) + # define systemd_NR_memfd_create 512 ++# elif defined(__sw_64__) ++# define systemd_NR_memfd_create 512 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_memfd_create 279 + # elif defined(__arm__) +@@ -387,6 +398,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); + # define systemd_NR_mount_setattr 442 + # elif defined(__alpha__) + # define systemd_NR_mount_setattr 552 ++# elif defined(__sw_64__) ++# define systemd_NR_mount_setattr 552 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_mount_setattr 442 + # elif defined(__arm__) +@@ -455,6 +468,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); + # define systemd_NR_move_mount 429 + # elif defined(__alpha__) + # define systemd_NR_move_mount 539 ++# elif defined(__sw_64__) ++# define systemd_NR_move_mount 276 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_move_mount 429 + # elif defined(__arm__) +@@ -523,6 +538,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); + # define systemd_NR_name_to_handle_at 264 + # elif defined(__alpha__) + # define systemd_NR_name_to_handle_at 497 ++# elif defined(__sw_64__) ++# define systemd_NR_name_to_handle_at 497 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_name_to_handle_at 264 + # elif defined(__arm__) +@@ -591,6 +608,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); + # define systemd_NR_open_tree 428 + # elif defined(__alpha__) + # define systemd_NR_open_tree 538 ++# elif defined(__sw_64__) ++# define systemd_NR_open_tree 275 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_open_tree 428 + # elif defined(__arm__) +@@ -659,6 +678,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); + # define systemd_NR_openat2 437 + # elif defined(__alpha__) + # define systemd_NR_openat2 547 ++# elif defined(__sw_64__) ++# define systemd_NR_openat2 284 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_openat2 437 + # elif defined(__arm__) +@@ -727,6 +748,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); + # define systemd_NR_pidfd_open 434 + # elif defined(__alpha__) + # define systemd_NR_pidfd_open 544 ++# elif defined(__sw_64__) ++# define systemd_NR_pidfd_open 281 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pidfd_open 434 + # elif defined(__arm__) +@@ -795,6 +818,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); + # define systemd_NR_pidfd_send_signal 424 + # elif defined(__alpha__) + # define systemd_NR_pidfd_send_signal 534 ++# elif defined(__sw_64__) ++# define systemd_NR_pidfd_send_signal 271 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pidfd_send_signal 424 + # elif defined(__arm__) +@@ -863,6 +888,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); + # define systemd_NR_pkey_mprotect 288 + # elif defined(__alpha__) + # define systemd_NR_pkey_mprotect 524 ++# elif defined(__sw_64__) ++# define systemd_NR_pkey_mprotect 288 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pkey_mprotect 288 + # elif defined(__arm__) +@@ -931,6 +958,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); + # define systemd_NR_renameat2 276 + # elif defined(__alpha__) + # define systemd_NR_renameat2 510 ++# elif defined(__sw_64__) ++# define systemd_NR_renameat2 510 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_renameat2 276 + # elif defined(__arm__) +@@ -999,6 +1028,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); + # define systemd_NR_setns 268 + # elif defined(__alpha__) + # define systemd_NR_setns 501 ++# elif defined(__sw_64__) ++# define systemd_NR_setns 501 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_setns 268 + # elif defined(__arm__) +@@ -1067,6 +1098,8 @@ assert_cc(__NR_setns == systemd_NR_setns); + # define systemd_NR_statx 291 + # elif defined(__alpha__) + # define systemd_NR_statx 522 ++# elif defined(__sw_64__) ++# define systemd_NR_statx 518 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_statx 291 + # elif defined(__arm__) +diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py +index 5ccf02a..a7bfe7e 100644 +--- a/src/basic/missing_syscalls.py ++++ b/src/basic/missing_syscalls.py +@@ -51,6 +51,8 @@ DEF_TEMPLATE_B = '''\ + # define systemd_NR_{syscall} {nr_arm64} + # elif defined(__alpha__) + # define systemd_NR_{syscall} {nr_alpha} ++# elif defined(__sw_64__) ++# define systemd_NR_{syscall} {nr_sw_64} + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_{syscall} {nr_arc} + # elif defined(__arm__) +diff --git a/src/basic/syscalls-sw_64.txt b/src/basic/syscalls-sw_64.txt +new file mode 100644 +index 0000000..5aef86b +--- /dev/null ++++ b/src/basic/syscalls-sw_64.txt +@@ -0,0 +1,600 @@ ++_llseek ++_newselect ++_sysctl 319 ++accept 99 ++accept4 502 ++access 33 ++acct 51 ++add_key 439 ++adjtimex 366 ++alarm ++arc_gettls ++arc_settls ++arc_usr_cmpxchg ++arch_prctl ++arm_fadvise64_64 ++atomic_barrier ++atomic_cmpxchg_32 ++bdflush 300 ++bind 104 ++bpf 515 ++brk 17 ++cachectl ++cacheflush ++capget 368 ++capset 369 ++chdir 12 ++chmod 15 ++chown 16 ++chown32 ++chroot 61 ++clock_adjtime 499 ++clock_adjtime64 ++clock_getres 421 ++clock_getres_time64 ++clock_gettime 420 ++clock_gettime64 ++clock_nanosleep 422 ++clock_nanosleep_time64 ++clock_settime 419 ++clock_settime64 ++clone 312 ++clone2 ++clone3 ++close 6 ++close_range 546 ++connect 98 ++copy_file_range 519 ++creat ++create_module 306 ++delete_module 308 ++dipc 373 ++dup 41 ++dup2 90 ++dup3 487 ++epoll_create 407 ++epoll_create1 486 ++epoll_ctl 408 ++epoll_ctl_old ++epoll_pwait 474 ++epoll_pwait2 551 ++epoll_wait 409 ++epoll_wait_old ++eventfd 478 ++eventfd2 485 ++exec_with_loader 25 ++execv ++execve 59 ++execveat 513 ++exit 1 ++exit_group 405 ++faccessat 462 ++faccessat2 549 ++fadvise64 413 ++fadvise64_64 ++fallocate 480 ++fanotify_init 494 ++fanotify_mark 495 ++fchdir 13 ++fchmod 124 ++fchmodat 461 ++fchown 123 ++fchown32 ++fchownat 453 ++fcntl 92 ++fcntl64 ++fdatasync 447 ++fgetxattr 387 ++finit_module 507 ++flistxattr 390 ++flock 131 ++fork 2 ++fp_udfiex_crtl ++fremovexattr 393 ++fsconfig 541 ++fsetxattr 384 ++fsmount 542 ++fsopen 540 ++fspick 543 ++fstat 91 ++fstat64 427 ++fstatat64 455 ++fstatfs 329 ++fstatfs64 529 ++fsync 95 ++ftruncate 130 ++ftruncate64 ++futex 394 ++futex_time64 ++futex_waitv 559 ++futimesat 454 ++get_kernel_syms 309 ++get_mempolicy 430 ++get_robust_list 467 ++get_thread_area ++getcpu 473 ++getcwd 367 ++getdents 305 ++getdents64 377 ++getdomainname ++getdtablesize 89 ++getegid 530 ++getegid32 ++geteuid 531 ++geteuid32 ++getgid 47 ++getgid32 ++getgroups 79 ++getgroups32 ++gethostname 87 ++getitimer 361 ++getpagesize 64 ++getpeername 141 ++getpgid 233 ++getpgrp 63 ++getpid 20 ++getpmsg ++getppid 532 ++getpriority 100 ++getrandom 511 ++getresgid 372 ++getresgid32 ++getresuid 344 ++getresuid32 ++getrlimit 144 ++getrusage 364 ++getsid 234 ++getsockname 150 ++getsockopt 118 ++gettid 378 ++gettimeofday 359 ++getuid 24 ++getuid32 ++getunwind ++getxattr 385 ++getxgid 47 ++getxpid 20 ++getxuid 24 ++idle ++init_module 307 ++inotify_add_watch 445 ++inotify_init 444 ++inotify_init1 489 ++inotify_rm_watch 446 ++io_cancel 402 ++io_destroy 399 ++io_getevents 400 ++io_pgetevents 523 ++io_pgetevents_time64 ++io_setup 398 ++io_submit 401 ++io_uring_enter 536 ++io_uring_register 537 ++io_uring_setup 535 ++ioctl 54 ++ioperm ++iopl ++ioprio_get 443 ++ioprio_set 442 ++ipc ++kcmp 506 ++kern_features ++kexec_file_load ++kexec_load 448 ++keyctl 441 ++kill 37 ++landlock_add_rule 555 ++landlock_create_ruleset 554 ++landlock_restrict_self 556 ++lchown 208 ++lchown32 ++lgetxattr 386 ++link 9 ++linkat 458 ++listen 106 ++listxattr 388 ++llistxattr 389 ++lookup_dcookie 406 ++lremovexattr 392 ++lseek 19 ++lsetxattr 383 ++lstat 68 ++lstat64 426 ++madvise 75 ++mbind 429 ++membarrier 517 ++memfd_create 512 ++memfd_secret ++memory_ordering ++migrate_pages 449 ++mincore 375 ++mkdir 136 ++mkdirat 451 ++mknod 14 ++mknodat 452 ++mlock 314 ++mlock2 518 ++mlockall 316 ++mmap 71 ++mmap2 ++modify_ldt ++mount 302 ++mount_setattr 552 ++move_mount 539 ++move_pages 472 ++mprotect 74 ++mq_getsetattr 437 ++mq_notify 436 ++mq_open 432 ++mq_timedreceive 435 ++mq_timedreceive_time64 ++mq_timedsend 434 ++mq_timedsend_time64 ++mq_unlink 433 ++mremap 341 ++msgctl 200 ++msgget 201 ++msgrcv 202 ++msgsnd 203 ++msync 217 ++multiplexer ++munlock 315 ++munlockall 317 ++munmap 73 ++name_to_handle_at 497 ++nanosleep 340 ++newfstatat ++nfsservctl 342 ++nice ++old_adjtimex 303 ++old_getpagesize ++oldfstat ++oldlstat ++oldolduname ++oldstat ++oldumount 321 ++olduname ++open 45 ++open_by_handle_at 498 ++open_tree 538 ++openat 450 ++openat2 547 ++or1k_atomic ++osf_adjtime 140 ++osf_afs_syscall 258 ++osf_alt_plock 181 ++osf_alt_setsid 188 ++osf_alt_sigpending 187 ++osf_asynch_daemon 163 ++osf_audcntl 252 ++osf_audgen 253 ++osf_chflags 34 ++osf_execve 11 ++osf_exportfs 169 ++osf_fchflags 35 ++osf_fdatasync 261 ++osf_fpathconf 248 ++osf_fstat 226 ++osf_fstatfs 161 ++osf_fstatfs64 228 ++osf_fuser 243 ++osf_getaddressconf 214 ++osf_getdirentries 159 ++osf_getdomainname 165 ++osf_getfh 164 ++osf_getfsstat 18 ++osf_gethostid 142 ++osf_getitimer 86 ++osf_getlogin 49 ++osf_getmnt 184 ++osf_getrusage 117 ++osf_getsysinfo 256 ++osf_gettimeofday 116 ++osf_kloadcall 223 ++osf_kmodcall 77 ++osf_lstat 225 ++osf_memcntl 260 ++osf_mincore 78 ++osf_mount 21 ++osf_mremap 65 ++osf_msfs_syscall 240 ++osf_msleep 215 ++osf_mvalid 213 ++osf_mwakeup 216 ++osf_naccept 30 ++osf_nfssvc 158 ++osf_ngetpeername 31 ++osf_ngetsockname 32 ++osf_nrecvfrom 29 ++osf_nrecvmsg 27 ++osf_nsendmsg 28 ++osf_ntp_adjtime 245 ++osf_ntp_gettime 246 ++osf_old_creat 8 ++osf_old_fstat 62 ++osf_old_getpgrp 81 ++osf_old_killpg 146 ++osf_old_lstat 40 ++osf_old_open 5 ++osf_old_sigaction 46 ++osf_old_sigblock 109 ++osf_old_sigreturn 139 ++osf_old_sigsetmask 110 ++osf_old_sigvec 108 ++osf_old_stat 38 ++osf_old_vadvise 72 ++osf_old_vtrace 115 ++osf_old_wait 84 ++osf_oldquota 149 ++osf_pathconf 247 ++osf_pid_block 153 ++osf_pid_unblock 154 ++osf_plock 107 ++osf_priocntlset 237 ++osf_profil 44 ++osf_proplist_syscall 244 ++osf_reboot 55 ++osf_revoke 56 ++osf_sbrk 69 ++osf_security 222 ++osf_select 93 ++osf_set_program_attributes 43 ++osf_set_speculative 239 ++osf_sethostid 143 ++osf_setitimer 83 ++osf_setlogin 50 ++osf_setsysinfo 257 ++osf_settimeofday 122 ++osf_shmat 209 ++osf_signal 218 ++osf_sigprocmask 48 ++osf_sigsendset 238 ++osf_sigstack 112 ++osf_sigwaitprim 157 ++osf_sstk 70 ++osf_stat 224 ++osf_statfs 160 ++osf_statfs64 227 ++osf_subsys_info 255 ++osf_swapctl 259 ++osf_swapon 199 ++osf_syscall 0 ++osf_sysinfo 241 ++osf_table 85 ++osf_uadmin 242 ++osf_usleep_thread 251 ++osf_uswitch 250 ++osf_utc_adjtime 220 ++osf_utc_gettime 219 ++osf_utimes 138 ++osf_utsname 207 ++osf_wait4 7 ++osf_waitid 236 ++pause ++pciconfig_iobase 376 ++pciconfig_read 345 ++pciconfig_write 346 ++perf_event_open 493 ++perfctr ++personality 324 ++pidfd_getfd 548 ++pidfd_open 544 ++pidfd_send_signal 534 ++pipe 42 ++pipe2 488 ++pivot_root 374 ++pkey_alloc 525 ++pkey_free 526 ++pkey_mprotect 524 ++poll 94 ++ppoll 464 ++ppoll_time64 ++prctl 348 ++pread64 349 ++preadv 490 ++preadv2 520 ++prlimit64 496 ++process_madvise 550 ++process_mrelease 558 ++process_vm_readv 504 ++process_vm_writev 505 ++pselect6 463 ++pselect6_time64 ++ptrace 26 ++pwrite64 350 ++pwritev 491 ++pwritev2 521 ++query_module 347 ++quotactl 148 ++quotactl_fd 553 ++read 3 ++readahead 379 ++readdir ++readlink 58 ++readlinkat 460 ++readv 120 ++reboot 311 ++recv 102 ++recvfrom 125 ++recvmmsg 479 ++recvmmsg_time64 ++recvmsg 113 ++remap_file_pages 410 ++removexattr 391 ++rename 128 ++renameat 457 ++renameat2 510 ++request_key 440 ++restart_syscall 412 ++riscv_flush_icache ++rmdir 137 ++rseq 527 ++rt_sigaction 352 ++rt_sigpending 354 ++rt_sigprocmask 353 ++rt_sigqueueinfo 356 ++rt_sigreturn 351 ++rt_sigsuspend 357 ++rt_sigtimedwait 355 ++rt_sigtimedwait_time64 ++rt_tgsigqueueinfo 492 ++rtas ++s390_guarded_storage ++s390_pci_mmio_read ++s390_pci_mmio_write ++s390_runtime_instr ++s390_sthyi ++sched_get_affinity ++sched_get_priority_max 335 ++sched_get_priority_min 336 ++sched_getaffinity 396 ++sched_getattr 509 ++sched_getparam 331 ++sched_getscheduler 333 ++sched_rr_get_interval 337 ++sched_rr_get_interval_time64 ++sched_set_affinity ++sched_setaffinity 395 ++sched_setattr 508 ++sched_setparam 330 ++sched_setscheduler 332 ++sched_yield 334 ++seccomp 514 ++select 358 ++semctl 204 ++semget 205 ++semop 206 ++semtimedop 423 ++semtimedop_time64 ++send 101 ++sendfile 370 ++sendfile64 ++sendmmsg 503 ++sendmsg 114 ++sendto 133 ++set_mempolicy 431 ++set_robust_list 466 ++set_thread_area ++set_tid_address 411 ++setdomainname 166 ++setfsgid 326 ++setfsgid32 ++setfsuid 325 ++setfsuid32 ++setgid 132 ++setgid32 ++setgroups 80 ++setgroups32 ++sethae 301 ++sethostname 88 ++setitimer 362 ++setns 501 ++setpgid 39 ++setpgrp 82 ++setpriority 96 ++setregid 127 ++setregid32 ++setresgid 371 ++setresgid32 ++setresuid 343 ++setresuid32 ++setreuid 126 ++setreuid32 ++setrlimit 145 ++setsid 147 ++setsockopt 105 ++settimeofday 360 ++setuid 23 ++setuid32 ++setxattr 382 ++sgetmask ++shmat 209 ++shmctl 210 ++shmdt 211 ++shmget 212 ++shutdown 134 ++sigaction 156 ++sigaltstack 235 ++signal ++signalfd 476 ++signalfd4 484 ++sigpending 52 ++sigprocmask ++sigreturn 103 ++sigsuspend 111 ++socket 97 ++socketcall ++socketpair 135 ++splice 468 ++spu_create ++spu_run ++ssetmask ++stat 67 ++stat64 425 ++statfs 328 ++statfs64 528 ++statx 522 ++stime ++subpage_prot ++swapcontext ++swapoff 304 ++swapon 322 ++switch_endian ++symlink 57 ++symlinkat 459 ++sync 36 ++sync_file_range 469 ++sync_file_range2 ++syncfs 500 ++sys_debug_setcontext ++syscall ++sysfs 254 ++sysinfo 318 ++syslog 310 ++sysmips ++tee 470 ++tgkill 424 ++time ++timer_create 414 ++timer_delete 418 ++timer_getoverrun 417 ++timer_gettime 416 ++timer_gettime64 ++timer_settime 415 ++timer_settime64 ++timerfd 477 ++timerfd_create 481 ++timerfd_gettime 483 ++timerfd_gettime64 ++timerfd_settime 482 ++timerfd_settime64 ++times 323 ++tkill 381 ++truncate 129 ++truncate64 ++ugetrlimit ++umask 60 ++umount 22 ++umount2 22 ++uname 339 ++unlink 10 ++unlinkat 456 ++unshare 465 ++uselib 313 ++userfaultfd 516 ++ustat 327 ++utime ++utimensat 475 ++utimensat_time64 ++utimes 363 ++utrap_install ++vfork 66 ++vhangup 76 ++vm86 ++vm86old ++vmsplice 471 ++wait4 365 ++waitid 438 ++waitpid ++write 4 ++writev 121 +-- +2.33.0 + diff --git a/activation-service-must-be-restarted-when-reactivated.patch b/activation-service-must-be-restarted-when-reactivated.patch new file mode 100644 index 0000000..b6ef28d --- /dev/null +++ b/activation-service-must-be-restarted-when-reactivated.patch @@ -0,0 +1,44 @@ +From 4acc8a3168e5f11b5308cf8558d68bf2a0503444 Mon Sep 17 00:00:00 2001 +From: huangkaibin <huangkaibin@huawei.com> +Date: Mon, 7 Aug 2017 17:06:30 +0800 +Subject: [PATCH] systemd: Activation service must be restarted when it is already started and re-actived +by dbus + +When dbus-daemon service is killed, every activation service must be restarted +to reestblished dbus connection between dbus-daemon and the service. +Otherwise, there will be problem on the dbus connection. This patch fix this +problem by set JobType to JOB_RESTART when it is re-actived in signal_activation_request function. +--- + src/core/dbus.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/core/dbus.c b/src/core/dbus.c +index 29524d4..38940ef 100644 +--- a/src/core/dbus.c ++++ b/src/core/dbus.c +@@ -152,6 +152,8 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd + const char *name; + Unit *u; + int r; ++ int jobtype; ++ Service *s = NULL; + + assert(message); + +@@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd + goto failed; + } + +- r = manager_add_job(m, JOB_START, u, JOB_REPLACE, NULL, &error, NULL); ++ jobtype = JOB_START; ++ s = SERVICE(u); ++ if(s && s->state != SERVICE_DEAD) { ++ jobtype = JOB_RESTART; ++ log_unit_info(u, "Service '%s' will be restarted to activate the service. The current service state is %d.", u->id, s->state); ++ } ++ r = manager_add_job(m, jobtype, u, JOB_REPLACE, NULL, &error, NULL); + if (r < 0) + goto failed; + +-- +1.8.3.1 diff --git a/add-a-new-switch-to-control-whether-udev-complies-wi.patch b/add-a-new-switch-to-control-whether-udev-complies-wi.patch new file mode 100644 index 0000000..d2b52d6 --- /dev/null +++ b/add-a-new-switch-to-control-whether-udev-complies-wi.patch @@ -0,0 +1,120 @@ +From 18c373e2686a9156a701ad440507172ec8bb13a3 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Fri, 7 Jul 2023 16:11:01 +0800 +Subject: [PATCH] Add a new switch to control whether udev complies with the + new SAT standards + +Reason: Original revisions of the SAT (SCSI-ATA Translation) specification, + udev will identify devices starting with 70 and ending with 00 1d as ATA devices, + rather than scsi devices, which may have a change in wwn id and affect user usage. + So Add a new switch to control whether udev complies with the new SAT standards + +--- + src/shared/udev-util.c | 17 ++++++++++++++++- + src/shared/udev-util.h | 1 + + src/udev/ata_id/ata_id.c | 18 ++++++++++++++++-- + 3 files changed, 33 insertions(+), 3 deletions(-) + +diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c +index cf28ba8..18f03db 100644 +--- a/src/shared/udev-util.c ++++ b/src/shared/udev-util.c +@@ -45,11 +45,17 @@ int udev_set_max_log_level(char *str) { + } + + int udev_parse_config(void) { ++ return udev_parse_config_full(NULL); ++} ++ ++int udev_parse_config_full(bool *ret_ignore_newer_SAT) { + _cleanup_free_ char *log_val = NULL; ++ _cleanup_free_ char *ignore_newer_SAT = NULL; + int r; + + r = parse_env_file(NULL, "/etc/udev/udev.conf", +- "udev_log", &log_val); ++ "udev_log", &log_val, ++ "ignore_newer_SAT", &ignore_newer_SAT); + if (r == -ENOENT) + return 0; + if (r < 0) +@@ -60,6 +66,15 @@ int udev_parse_config(void) { + log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r, + "Failed to set udev log level '%s', ignoring: %m", log_val); + ++ if (ret_ignore_newer_SAT && ignore_newer_SAT) { ++ r = parse_boolean(ignore_newer_SAT); ++ if (r < 0) ++ log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r, ++ "failed to parse ignore_newer_SAT=%s, ignoring.", ignore_newer_SAT); ++ else ++ *ret_ignore_newer_SAT = r; ++ } ++ + return 0; + } + +diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h +index 651d335..ee1dbe5 100644 +--- a/src/shared/udev-util.h ++++ b/src/shared/udev-util.h +@@ -8,6 +8,7 @@ + + int udev_set_max_log_level(char *str); + int udev_parse_config(void); ++int udev_parse_config_full(bool *ret_ignore_newer_SAT); + + int device_wait_for_initialization(sd_device *device, const char *subsystem, usec_t timeout_usec, sd_device **ret); + int device_wait_for_devlink(const char *path, const char *subsystem, usec_t timeout_usec, sd_device **ret); +diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c +index 0b1f0b7..92f87d9 100644 +--- a/src/udev/ata_id/ata_id.c ++++ b/src/udev/ata_id/ata_id.c +@@ -31,9 +31,13 @@ + #include "memory-util.h" + #include "udev-util.h" + #include "unaligned.h" ++#include "proc-cmdline.h" ++#include "string-util.h" + + #define COMMAND_TIMEOUT_MSEC (30 * 1000) + ++static bool arg_ignore_newer_SAT = false; ++ + static bool arg_export = false; + static const char *arg_device = NULL; + +@@ -159,7 +163,7 @@ static int disk_identify_command( + return log_debug_errno(errno, "ioctl v3 failed: %m"); + } else { + if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) && +- !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) ++ (arg_ignore_newer_SAT || !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d))) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "ioctl v4 failed: %m"); + } + +@@ -410,10 +414,20 @@ static int run(int argc, char *argv[]) { + int r; + + log_set_target(LOG_TARGET_AUTO); +- udev_parse_config(); ++ udev_parse_config_full(&arg_ignore_newer_SAT); + log_parse_environment(); + log_open(); + ++ /* When either ignore_newer_SAT in udev.conf or udev.ignore_newer_SAT in the kernel command line is true, ++ * set arg_ignore_newer_SAT to true and ignoring the new SAT standard ++ */ ++ if (!arg_ignore_newer_SAT) { ++ r = proc_cmdline_get_bool("udev.ignore_newer_SAT", /* flags = */ 0, &arg_ignore_newer_SAT); ++ if (r < 0) { ++ log_warning_errno(r, "Failed to parse udev.ignore_newer_SAT kernel command line argument, ignoring: %m"); ++ } ++ } ++ + r = parse_argv(argc, argv); + if (r <= 0) + return r; +-- +2.33.0 + diff --git a/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch new file mode 100644 index 0000000..f4259c9 --- /dev/null +++ b/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -0,0 +1,36 @@ +From f58c5ced373c2532b5cc44ba2e0c3a28b41472f2 Mon Sep 17 00:00:00 2001 +From: Jan Synacek <jsynacek@redhat.com> +Date: Tue, 15 May 2018 09:24:20 +0200 +Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's + will + +Conflict:adapt context; modify unit_add_dependency_by_name para because of +35d8c19ace6; don't modify because we need tmp.mount to be started when +basic.target is started. +Reference:https://git.centos.org/rpms/systemd/blob/4b8c80a811af8258c136f5e7000fc0cd0adf8dc5/f/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch + +Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather +adds an After relationship. + +Resolves: #1578772 + +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index fd84818..e30c14b 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1271,7 +1271,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { + * tmp.mount so /tmp being masked is supported. However there's no reason to treat + * /tmp specifically and masking other mount units should be handled more + * gracefully too, see PR#16894. */ +- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); ++ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return r; + +-- +2.23.0 + diff --git a/backport-CVE-2023-50387.patch b/backport-CVE-2023-50387.patch new file mode 100644 index 0000000..58a71cf --- /dev/null +++ b/backport-CVE-2023-50387.patch @@ -0,0 +1,189 @@ +From 1ebdb19ff194120109b08bbf888bdcc502f83211 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott <ronan@rjp.ie> +Date: Sat, 24 Feb 2024 18:21:24 -0700 +Subject: [PATCH] resolved: limit the number of signature validations in a + transaction + +It has been demonstrated that tolerating an unbounded number of dnssec +signature validations is a bad idea. It is easy for a maliciously +crafted DNS reply to contain as many keytag collisions as desired, +causing us to iterate every dnskey and signature combination in vain. + +The solution is to impose a maximum number of validations we will +tolerate. While collisions are not hard to craft, I still expect they +are unlikely in the wild so it should be safe to pick fairly small +values. + +Here two limits are imposed: one on the maximum number of invalid +signatures encountered per rrset, and another on the total number of +validations performed per transaction. + +(cherry picked from commit 67d0ce8843d612a2245d0966197d4f528b911b66) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1ebdb19ff194120109b08bbf888bdcc502f83211 + +--- + src/resolve/resolved-dns-dnssec.c | 16 ++++++++++++++-- + src/resolve/resolved-dns-dnssec.h | 9 ++++++++- + src/resolve/resolved-dns-transaction.c | 19 ++++++++++++++++--- + 3 files changed, 38 insertions(+), 6 deletions(-) + +diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c +index 2580c2333c..aa87820dca 100644 +--- a/src/resolve/resolved-dns-dnssec.c ++++ b/src/resolve/resolved-dns-dnssec.c +@@ -1169,6 +1169,7 @@ int dnssec_verify_rrset_search( + DnsResourceRecord **ret_rrsig) { + + bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false; ++ unsigned nvalidations = 0; + DnsResourceRecord *rrsig; + int r; + +@@ -1214,6 +1215,14 @@ int dnssec_verify_rrset_search( + if (realtime == USEC_INFINITY) + realtime = now(CLOCK_REALTIME); + ++ /* Have we seen an unreasonable number of invalid signaures? */ ++ if (nvalidations > DNSSEC_INVALID_MAX) { ++ if (ret_rrsig) ++ *ret_rrsig = NULL; ++ *result = DNSSEC_TOO_MANY_VALIDATIONS; ++ return (int) nvalidations; ++ } ++ + /* Yay, we found a matching RRSIG with a matching + * DNSKEY, awesome. Now let's verify all entries of + * the RRSet against the RRSIG and DNSKEY +@@ -1223,6 +1232,8 @@ int dnssec_verify_rrset_search( + if (r < 0) + return r; + ++ nvalidations++; ++ + switch (one_result) { + + case DNSSEC_VALIDATED: +@@ -1233,7 +1244,7 @@ int dnssec_verify_rrset_search( + *ret_rrsig = rrsig; + + *result = one_result; +- return 0; ++ return (int) nvalidations; + + case DNSSEC_INVALID: + /* If the signature is invalid, let's try another +@@ -1280,7 +1291,7 @@ int dnssec_verify_rrset_search( + if (ret_rrsig) + *ret_rrsig = NULL; + +- return 0; ++ return (int) nvalidations; + } + + int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) { +@@ -2564,6 +2575,7 @@ static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = { + [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary", + [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch", + [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server", ++ [DNSSEC_TOO_MANY_VALIDATIONS] = "too-many-validations", + }; + DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult); + +diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h +index 954bb3ef9d..29b90130a3 100644 +--- a/src/resolve/resolved-dns-dnssec.h ++++ b/src/resolve/resolved-dns-dnssec.h +@@ -9,12 +9,13 @@ typedef enum DnssecVerdict DnssecVerdict; + #include "resolved-dns-rr.h" + + enum DnssecResult { +- /* These five are returned by dnssec_verify_rrset() */ ++ /* These six are returned by dnssec_verify_rrset() */ + DNSSEC_VALIDATED, + DNSSEC_VALIDATED_WILDCARD, /* Validated via a wildcard RRSIG, further NSEC/NSEC3 checks necessary */ + DNSSEC_INVALID, + DNSSEC_SIGNATURE_EXPIRED, + DNSSEC_UNSUPPORTED_ALGORITHM, ++ DNSSEC_TOO_MANY_VALIDATIONS, + + /* These two are added by dnssec_verify_rrset_search() */ + DNSSEC_NO_SIGNATURE, +@@ -45,6 +46,12 @@ enum DnssecVerdict { + /* The longest digest we'll ever generate, of all digest algorithms we support */ + #define DNSSEC_HASH_SIZE_MAX (MAX(20, 32)) + ++/* The most invalid signatures we will tolerate for a single rrset */ ++#define DNSSEC_INVALID_MAX 5 ++ ++/* The total number of signature validations we will tolerate for a single transaction */ ++#define DNSSEC_VALIDATION_MAX 64 ++ + int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok); + int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig); + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index 6c931d71dc..8ff5653dff 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -3163,11 +3163,14 @@ static int dnssec_validate_records( + DnsTransaction *t, + Phase phase, + bool *have_nsec, ++ unsigned *nvalidations, + DnsAnswer **validated) { + + DnsResourceRecord *rr; + int r; + ++ assert(nvalidations); ++ + /* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */ + + DNS_ANSWER_FOREACH(rr, t->answer) { +@@ -3209,6 +3212,7 @@ static int dnssec_validate_records( + &rrsig); + if (r < 0) + return r; ++ *nvalidations += r; + + log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result)); + +@@ -3406,7 +3410,8 @@ static int dnssec_validate_records( + DNSSEC_SIGNATURE_EXPIRED, + DNSSEC_NO_SIGNATURE)) + manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key); +- else /* DNSSEC_MISSING_KEY or DNSSEC_UNSUPPORTED_ALGORITHM */ ++ else /* DNSSEC_MISSING_KEY, DNSSEC_UNSUPPORTED_ALGORITHM, ++ or DNSSEC_TOO_MANY_VALIDATIONS */ + manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key); + + /* This is a primary response to our question, and it failed validation. +@@ -3499,13 +3504,21 @@ int dns_transaction_validate_dnssec(DnsTransaction *t) { + return r; + + phase = DNSSEC_PHASE_DNSKEY; +- for (;;) { ++ for (unsigned nvalidations = 0;;) { + bool have_nsec = false; + +- r = dnssec_validate_records(t, phase, &have_nsec, &validated); ++ r = dnssec_validate_records(t, phase, &have_nsec, &nvalidations, &validated); + if (r <= 0) + return r; + ++ if (nvalidations > DNSSEC_VALIDATION_MAX) { ++ /* This reply requires an onerous number of signature validations to verify. Let's ++ * not waste our time trying, as this shouldn't happen for well-behaved domains ++ * anyway. */ ++ t->answer_dnssec_result = DNSSEC_TOO_MANY_VALIDATIONS; ++ return 0; ++ } ++ + /* Try again as long as we managed to achieve something */ + if (r == 1) + continue; +-- +2.33.0 + diff --git a/backport-CVE-2023-50868.patch b/backport-CVE-2023-50868.patch new file mode 100644 index 0000000..c50cfb4 --- /dev/null +++ b/backport-CVE-2023-50868.patch @@ -0,0 +1,39 @@ +From 572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott <ronan@rjp.ie> +Date: Sun, 25 Feb 2024 00:23:32 -0700 +Subject: [PATCH] resolved: reduce the maximum nsec3 iterations to 100 + +According to RFC9267, the 2500 value is not helpful, and in fact it can +be harmful to permit a large number of iterations. Combined with limits +on the number of signature validations, I expect this will mitigate the +impact of maliciously crafted domains designed to cause excessive +cryptographic work. + +(cherry picked from commit eba291124bc11f03732d1fc468db3bfac069f9cb) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 + +--- + src/resolve/resolved-dns-dnssec.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c +index aa87820dca..a192d82083 100644 +--- a/src/resolve/resolved-dns-dnssec.c ++++ b/src/resolve/resolved-dns-dnssec.c +@@ -28,8 +28,9 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL); + /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */ + #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE) + +-/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */ +-#define NSEC3_ITERATIONS_MAX 2500 ++/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value, but ++ * RFC9276 § 3.2 says that we should reduce the acceptable iteration count */ ++#define NSEC3_ITERATIONS_MAX 100 + + /* + * The DNSSEC Chain of trust: +-- +2.33.0 + diff --git a/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch b/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch new file mode 100644 index 0000000..143d742 --- /dev/null +++ b/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch @@ -0,0 +1,35 @@ +From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Fri, 8 Feb 2019 10:54:34 +0100 +Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter + from 1 to 2" + +Conflict:according def94437934 and 5d4fc0e665a, modify default.rp_filter +and *.rp_filter +Reference:https://github.com/systemd/systemd/commit/230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e + +This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1. + +Resolves: #1653824 +--- + sysctl.d/50-default.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 1b76b9d..2717a4d 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -26,8 +26,8 @@ kernel.core_uses_pid = 1 + kernel.core_uses_pid = 1 + + # Source route verification +-net.ipv4.conf.default.rp_filter = 2 +-net.ipv4.conf.*.rp_filter = 2 ++net.ipv4.conf.default.rp_filter = 1 ++net.ipv4.conf.*.rp_filter = 1 + -net.ipv4.conf.all.rp_filter + + # Do not accept source routing +-- +2.23.0 + diff --git a/backport-allow-override-default-log-level-by-environment-variable.patch b/backport-allow-override-default-log-level-by-environment-variable.patch new file mode 100644 index 0000000..37dfd9c --- /dev/null +++ b/backport-allow-override-default-log-level-by-environment-variable.patch @@ -0,0 +1,41 @@ +From cd6ec641deaf94e2eb2fcaf87b9236f65479ef3f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 6 Jan 2024 03:27:07 +0900 +Subject: [PATCH] udevadm: allow to override the default log level by + environment variable + +Previously, there was no way to override the log level for test and +test-builtin commands. Let's re-parse environment after setting the log +level to debug. Then, we can control the log level through environment +variable. + +(cherry picked from commit 7ba3e44651d43d8bc3644b991a060842649a34a7) +--- + src/udev/udevadm-test-builtin.c | 1 + + src/udev/udevadm-test.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/udev/udevadm-test-builtin.c b/src/udev/udevadm-test-builtin.c +index f5498a1e5b1..088b4da3c1a 100644 +--- a/src/udev/udevadm-test-builtin.c ++++ b/src/udev/udevadm-test-builtin.c +@@ -78,6 +78,7 @@ int builtin_main(int argc, char *argv[], void *userdata) { + int r; + + log_set_max_level(LOG_DEBUG); ++ log_parse_environment(); + + r = parse_argv(argc, argv); + if (r <= 0) +diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c +index 809143ede0b..e1afd7d29e6 100644 +--- a/src/udev/udevadm-test.c ++++ b/src/udev/udevadm-test.c +@@ -95,6 +95,7 @@ int test_main(int argc, char *argv[], void *userdata) { + int r; + + log_set_max_level(LOG_DEBUG); ++ log_parse_environment(); + + r = parse_argv(argc, argv); + if (r <= 0) diff --git a/backport-bash-completion-add-systemctl-service-log-level-target.patch b/backport-bash-completion-add-systemctl-service-log-level-target.patch new file mode 100644 index 0000000..17cea61 --- /dev/null +++ b/backport-bash-completion-add-systemctl-service-log-level-target.patch @@ -0,0 +1,46 @@ +From 8bfc0e2d5ca09985900e8a2494b797f3086e9649 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Wed, 27 Dec 2023 16:59:03 +0100 +Subject: [PATCH] bash completion: add systemctl service-log-level/target + +(cherry picked from commit 79272d3098597686d9e796bd946ea272304fd720) +--- + shell-completion/bash/systemctl.in | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in +index 03c3b701504..ef8cd8f4be2 100644 +--- a/shell-completion/bash/systemctl.in ++++ b/shell-completion/bash/systemctl.in +@@ -236,6 +236,8 @@ _systemctl () { + [MACHINES]='list-machines' + [LOG_LEVEL]='log-level' + [LOG_TARGET]='log-target' ++ [SERVICE_LOG_LEVEL]='service-log-level' ++ [SERVICE_LOG_TARGET]='service-log-target' + [SERVICE_WATCHDOGS]='service-watchdogs' + ) + +@@ -365,6 +367,22 @@ _systemctl () { + comps='debug info notice warning err crit alert emerg' + elif __contains_word "$verb" ${VERBS[LOG_TARGET]}; then + comps='console journal kmsg journal-or-kmsg null' ++ elif __contains_word "$verb" ${VERBS[SERVICE_LOG_LEVEL]}; then ++ if __contains_word "$prev" ${VERBS[SERVICE_LOG_LEVEL]}; then ++ comps=$( __get_all_unit_files $mode "$cur" ) ++ elif __contains_word "$prev" debug info notice warning err crit alert emerg; then ++ return 0 ++ else ++ comps='debug info notice warning err crit alert emerg' ++ fi ++ elif __contains_word "$verb" ${VERBS[SERVICE_LOG_TARGET]}; then ++ if __contains_word "$prev" ${VERBS[SERVICE_LOG_TARGET]}; then ++ comps=$( __get_all_unit_files $mode "$cur" ) ++ elif __contains_word "$prev" console journal kmsg journal-or-kmsg null; then ++ return 0 ++ else ++ comps='console journal kmsg journal-or-kmsg null' ++ fi + elif __contains_word "$verb" ${VERBS[SERVICE_WATCHDOGS]}; then + comps='on off' + fi diff --git a/backport-core-escape-spaces-in-paths-during-serialization.patch b/backport-core-escape-spaces-in-paths-during-serialization.patch new file mode 100644 index 0000000..59313fa --- /dev/null +++ b/backport-core-escape-spaces-in-paths-during-serialization.patch @@ -0,0 +1,164 @@ +From d7942fe5fc197d1eb77986b5c73b5c36d82e141e Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Fri, 5 Jan 2024 20:39:40 +0100 +Subject: [PATCH] core: escape spaces in paths during serialization + +Otherwise we split them incorrectly when deserializing them. + +Resolves: #30747 + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d7942fe5fc197d1eb77986b5c73b5c36d82e141e + +--- + src/core/execute-serialize.c | 17 ++++++------ + test/units/testsuite-07.exec-context.sh | 36 ++++++++++++++++--------- + 2 files changed, 32 insertions(+), 21 deletions(-) + +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 55d24094f7..dd48ad3f65 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -1930,7 +1930,7 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { + FOREACH_ARRAY(i, c->directories[dt].items, c->directories[dt].n_items) { + _cleanup_free_ char *path_escaped = NULL; + +- path_escaped = shell_escape(i->path, ":"); ++ path_escaped = shell_escape(i->path, ":" WHITESPACE); + if (!path_escaped) + return log_oom_debug(); + +@@ -1943,7 +1943,7 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { + STRV_FOREACH(d, i->symlinks) { + _cleanup_free_ char *link_escaped = NULL; + +- link_escaped = shell_escape(*d, ":"); ++ link_escaped = shell_escape(*d, ":" WHITESPACE); + if (!link_escaped) + return log_oom_debug(); + +@@ -2264,11 +2264,11 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { + FOREACH_ARRAY(mount, c->bind_mounts, c->n_bind_mounts) { + _cleanup_free_ char *src_escaped = NULL, *dst_escaped = NULL; + +- src_escaped = shell_escape(mount->source, ":"); ++ src_escaped = shell_escape(mount->source, ":" WHITESPACE); + if (!src_escaped) + return log_oom_debug(); + +- dst_escaped = shell_escape(mount->destination, ":"); ++ dst_escaped = shell_escape(mount->destination, ":" WHITESPACE); + if (!dst_escaped) + return log_oom_debug(); + +@@ -2455,11 +2455,11 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { + FOREACH_ARRAY(mount, c->mount_images, c->n_mount_images) { + _cleanup_free_ char *s = NULL, *source_escaped = NULL, *dest_escaped = NULL; + +- source_escaped = shell_escape(mount->source, " "); ++ source_escaped = shell_escape(mount->source, WHITESPACE); + if (!source_escaped) + return log_oom_debug(); + +- dest_escaped = shell_escape(mount->destination, " "); ++ dest_escaped = shell_escape(mount->destination, WHITESPACE); + if (!dest_escaped) + return log_oom_debug(); + +@@ -2496,7 +2496,7 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { + FOREACH_ARRAY(mount, c->extension_images, c->n_extension_images) { + _cleanup_free_ char *s = NULL, *source_escaped = NULL; + +- source_escaped = shell_escape(mount->source, ":"); ++ source_escaped = shell_escape(mount->source, ":" WHITESPACE); + if (!source_escaped) + return log_oom_debug(); + +@@ -2847,7 +2847,8 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { + _cleanup_free_ char *tuple = NULL, *path = NULL, *only_create = NULL; + const char *p; + +- r = extract_first_word(&val, &tuple, WHITESPACE, EXTRACT_RETAIN_ESCAPE); ++ /* Use EXTRACT_UNESCAPE_RELAX here, as we unescape the colons in subsequent calls */ ++ r = extract_first_word(&val, &tuple, WHITESPACE, EXTRACT_UNESCAPE_SEPARATORS|EXTRACT_UNESCAPE_RELAX); + if (r < 0) + return r; + if (r == 0) +diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh +index c84974f1de..dd63163008 100755 +--- a/test/units/testsuite-07.exec-context.sh ++++ b/test/units/testsuite-07.exec-context.sh +@@ -93,6 +93,13 @@ systemd-run --wait --pipe -p BindPaths="/etc /home:/mnt:norbind -/foo/bar/baz:/u + bash -xec "mountpoint /etc; test -d /etc/systemd; mountpoint /mnt; ! mountpoint /usr" + systemd-run --wait --pipe -p BindReadOnlyPaths="/etc /home:/mnt:norbind -/foo/bar/baz:/usr:rbind" \ + bash -xec "test ! -w /etc; test ! -w /mnt; ! mountpoint /usr" ++# Make sure we properly serialize/deserialize paths with spaces ++# See: https://github.com/systemd/systemd/issues/30747 ++touch "/tmp/test file with spaces" ++systemd-run --wait --pipe -p TemporaryFileSystem="/tmp" -p BindPaths="/etc /home:/mnt:norbind /tmp/test\ file\ with\ spaces" \ ++ bash -xec "mountpoint /etc; test -d /etc/systemd; mountpoint /mnt; stat '/tmp/test file with spaces'" ++systemd-run --wait --pipe -p TemporaryFileSystem="/tmp" -p BindPaths="/etc /home:/mnt:norbind /tmp/test\ file\ with\ spaces:/tmp/destination\ wi\:th\ spaces" \ ++ bash -xec "mountpoint /etc; test -d /etc/systemd; mountpoint /mnt; stat '/tmp/destination wi:th spaces'" + + # Check if we correctly serialize, deserialize, and set directives that + # have more complex internal handling +@@ -206,18 +213,20 @@ fi + + # {Cache,Configuration,Logs,Runtime,State}Directory= + ARGUMENTS=( +- -p CacheDirectory="foo/bar/baz" ++ -p CacheDirectory="foo/bar/baz also\ with\ spaces" + -p CacheDirectory="foo" + -p CacheDirectory="context" + -p CacheDirectoryMode="0123" + -p CacheDirectoryMode="0666" +- -p ConfigurationDirectory="context/foo also_context/bar context/nested/baz" ++ -p ConfigurationDirectory="context/foo also_context/bar context/nested/baz context/semi\:colon" + -p ConfigurationDirectoryMode="0400" + -p LogsDirectory="context/foo" + -p LogsDirectory="" + -p LogsDirectory="context/a/very/nested/logs/dir" +- -p RuntimeDirectory="context" +- -p RuntimeDirectory="also_context" ++ -p RuntimeDirectory="context/with\ spaces" ++ # Note: {Runtime,State,Cache,Logs}Directory= directives support the directory:symlink syntax, which ++ # requires an additional level of escaping for the colon character ++ -p RuntimeDirectory="also_context:a\ symlink\ with\ \\\:\ col\\\:ons\ and\ \ spaces" + -p RuntimeDirectoryPreserve=yes + -p StateDirectory="context" + -p StateDirectory="./././././././context context context" +@@ -226,21 +235,22 @@ ARGUMENTS=( + + rm -rf /run/context + systemd-run --wait --pipe "${ARGUMENTS[@]}" \ +- bash -xec '[[ $CACHE_DIRECTORY == /var/cache/context:/var/cache/foo:/var/cache/foo/bar/baz ]]; +- [[ $(stat -c "%a" ${CACHE_DIRECTORY##*:}) == 666 ]]' ++ bash -xec '[[ $CACHE_DIRECTORY == "/var/cache/also with spaces:/var/cache/context:/var/cache/foo:/var/cache/foo/bar/baz" ]]; ++ [[ $(stat -c "%a" "${CACHE_DIRECTORY##*:}") == 666 ]]' + systemd-run --wait --pipe "${ARGUMENTS[@]}" \ +- bash -xec '[[ $CONFIGURATION_DIRECTORY == /etc/also_context/bar:/etc/context/foo:/etc/context/nested/baz ]]; +- [[ $(stat -c "%a" ${CONFIGURATION_DIRECTORY##*:}) == 400 ]]' ++ bash -xec '[[ $CONFIGURATION_DIRECTORY == /etc/also_context/bar:/etc/context/foo:/etc/context/nested/baz:/etc/context/semi:colon ]]; ++ [[ $(stat -c "%a" "${CONFIGURATION_DIRECTORY%%:*}") == 400 ]]' + systemd-run --wait --pipe "${ARGUMENTS[@]}" \ + bash -xec '[[ $LOGS_DIRECTORY == /var/log/context/a/very/nested/logs/dir:/var/log/context/foo ]]; +- [[ $(stat -c "%a" ${LOGS_DIRECTORY##*:}) == 755 ]]' ++ [[ $(stat -c "%a" "${LOGS_DIRECTORY##*:}") == 755 ]]' + systemd-run --wait --pipe "${ARGUMENTS[@]}" \ +- bash -xec '[[ $RUNTIME_DIRECTORY == /run/also_context:/run/context ]]; +- [[ $(stat -c "%a" ${RUNTIME_DIRECTORY##*:}) == 755 ]]; +- [[ $(stat -c "%a" ${RUNTIME_DIRECTORY%%:*}) == 755 ]]' ++ bash -xec '[[ $RUNTIME_DIRECTORY == "/run/also_context:/run/context/with spaces" ]]; ++ [[ $(stat -c "%a" "${RUNTIME_DIRECTORY##*:}") == 755 ]]; ++ [[ $(stat -c "%a" "${RUNTIME_DIRECTORY%%:*}") == 755 ]]' + systemd-run --wait --pipe "${ARGUMENTS[@]}" \ + bash -xec '[[ $STATE_DIRECTORY == /var/lib/context ]]; [[ $(stat -c "%a" $STATE_DIRECTORY) == 0 ]]' +-test -d /run/context ++test -d "/run/context/with spaces" ++test -s "/run/a symlink with : col:ons and spaces" + rm -rf /var/{cache,lib,log}/context /etc/{also_,}context + + # Limit*= +-- +2.43.0 + diff --git a/backport-core-escape-spaces-when-serializing-as-well.patch b/backport-core-escape-spaces-when-serializing-as-well.patch new file mode 100644 index 0000000..7d3328e --- /dev/null +++ b/backport-core-escape-spaces-when-serializing-as-well.patch @@ -0,0 +1,77 @@ +From 5b1aa0e19a6df603336894604a85df74204d04f9 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Mon, 12 Feb 2024 18:32:03 +0100 +Subject: [PATCH] core: escape spaces when serializing as well + +Otherwise they might get stripped when reading the serialized data back. + +Resolves: #31214 + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5b1aa0e19a6df603336894604a85df74204d04f9 + +--- + src/shared/serialize.c | 2 +- + test/units/testsuite-07.exec-context.sh | 33 +++++++++++++++++++++++++ + 2 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/src/shared/serialize.c b/src/shared/serialize.c +index 7099f67f92..483cbc7419 100644 +--- a/src/shared/serialize.c ++++ b/src/shared/serialize.c +@@ -46,7 +46,7 @@ int serialize_item_escaped(FILE *f, const char *key, const char *value) { + if (!value) + return 0; + +- c = cescape(value); ++ c = xescape(value, " "); + if (!c) + return log_oom(); + +diff --git a/test/units/testsuite-07.exec-context.sh b/test/units/testsuite-07.exec-context.sh +index dd63163008..e1e4367cc6 100755 +--- a/test/units/testsuite-07.exec-context.sh ++++ b/test/units/testsuite-07.exec-context.sh +@@ -338,6 +338,39 @@ if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && ker + (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys) + fi + ++# Make sure we properly (de)serialize various string arrays, including whitespaces ++# See: https://github.com/systemd/systemd/issues/31214 ++systemd-run --wait --pipe -p Environment="FOO='bar4 '" \ ++ bash -xec '[[ $FOO == "bar4 " ]]' ++systemd-run --wait --pipe -p Environment="FOO='bar4 ' BAR='\n\n'" \ ++ bash -xec "[[ \$FOO == 'bar4 ' && \$BAR == $'\n\n' ]]" ++systemd-run --wait --pipe -p Environment='FOO="bar4 \\ "' -p Environment="BAR='\n\t'" \ ++ bash -xec "[[ \$FOO == 'bar4 \\ ' && \$BAR == $'\n\t' ]]" ++TEST_ENV_FILE="/tmp/test-env-file-$RANDOM- " ++cat >"$TEST_ENV_FILE" <<EOF ++FOO="env file " ++BAR=" ++ " ++EOF ++systemd-run --wait --pipe cat "$TEST_ENV_FILE" ++systemd-run --wait --pipe -p ReadOnlyPaths="'$TEST_ENV_FILE'" \ ++ bash -xec '[[ ! -w "$TEST_ENV_FILE" ]]' ++systemd-run --wait --pipe -p PrivateTmp=yes -p BindReadOnlyPaths="'$TEST_ENV_FILE':'/tmp/bar- '" \ ++ bash -xec '[[ -e "/tmp/bar- " && ! -w "/tmp/bar- " ]]' ++systemd-run --wait --pipe -p EnvironmentFile="$TEST_ENV_FILE" \ ++ bash -xec "[[ \$FOO == 'env file ' && \$BAR == $'\n ' ]]" ++rm -f "$TEST_ENV_FILE" ++# manager_serialize()/manager_deserialize() uses similar machinery ++systemctl unset-environment FOO_WITH_SPACES ++systemctl set-environment FOO_WITH_SPACES="foo " FOO_WITH_TABS="foo\t\t\t" ++systemctl show-environment ++systemctl show-environment | grep -F "FOO_WITH_SPACES=$'foo '" ++systemctl show-environment | grep -F "FOO_WITH_TABS=$'foo\\\\t\\\\t\\\\t'" ++systemctl daemon-reexec ++systemctl show-environment ++systemctl show-environment | grep -F "FOO_WITH_SPACES=$'foo '" ++systemctl show-environment | grep -F "FOO_WITH_TABS=$'foo\\\\t\\\\t\\\\t'" ++ + # Ensure that clean-up codepaths work correctly if activation ultimately fails + touch /run/not-a-directory + mkdir /tmp/root +-- +2.43.0 + diff --git a/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch b/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch new file mode 100644 index 0000000..1d0d493 --- /dev/null +++ b/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch @@ -0,0 +1,65 @@ +From cba1060f8854fd9a11dac8e2b02126d2f3bb14ba Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 19 Feb 2024 13:04:28 +0900 +Subject: [PATCH] core/exec: do not crash with UtmpMode=user without User= + setting + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2264404. + +Replaces #31356. + +(cherry picked from commit d42b81f93f81e45f7a4053c6522ec3a2145ff136) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/cba1060f8854fd9a11dac8e2b02126d2f3bb14ba + +--- + src/core/exec-invoke.c | 12 +++++++++++- + src/shared/utmp-wtmp.c | 1 + + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c +index 70d963e269..9927e5d1e7 100644 +--- a/src/core/exec-invoke.c ++++ b/src/core/exec-invoke.c +@@ -4340,6 +4340,16 @@ int exec_invoke( + + #if ENABLE_UTMP + if (context->utmp_id) { ++ _cleanup_free_ char *username_alloc = NULL; ++ ++ if (!username && context->utmp_mode == EXEC_UTMP_USER) { ++ username_alloc = uid_to_name(uid_is_valid(uid) ? uid : saved_uid); ++ if (!username_alloc) { ++ *exit_status = EXIT_USER; ++ return log_oom(); ++ } ++ } ++ + const char *line = context->tty_path ? + (path_startswith(context->tty_path, "/dev/") ?: context->tty_path) : + NULL; +@@ -4348,7 +4358,7 @@ int exec_invoke( + context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : + context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : + USER_PROCESS, +- username); ++ username ?: username_alloc); + } + #endif + +diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c +index 6c3238a9c6..267b350276 100644 +--- a/src/shared/utmp-wtmp.c ++++ b/src/shared/utmp-wtmp.c +@@ -179,6 +179,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line + int r; + + assert(id); ++ assert(ut_type != USER_PROCESS || user); + + init_timestamp(&store, 0); + +-- +2.33.0 + diff --git a/backport-fix-analyze-q-option-invalid-issue.patch b/backport-fix-analyze-q-option-invalid-issue.patch new file mode 100644 index 0000000..7d48459 --- /dev/null +++ b/backport-fix-analyze-q-option-invalid-issue.patch @@ -0,0 +1,52 @@ +From b0d294099790e75b0d8a1c90847895f5c7925354 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com> +Date: Tue, 9 Jan 2024 09:05:50 +0100 +Subject: [PATCH] analyze: fix -q option + +Follow-up to 52117f5af831a816c47ceebb83c8244ee93b72fe + +(cherry picked from commit 7c0e0bbb6b13d70500da79ce0270ed6da09327a0) +--- + man/systemd-analyze.xml | 1 + + shell-completion/bash/systemd-analyze | 2 +- + src/analyze/analyze.c | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml +index 2f2873452ac..63232ad1f02 100644 +--- a/man/systemd-analyze.xml ++++ b/man/systemd-analyze.xml +@@ -1481,6 +1481,7 @@ NR NAME SHA256 + <xi:include href="user-system-options.xml" xpointer="machine" /> + + <varlistentry> ++ <term><option>-q</option></term> + <term><option>--quiet</option></term> + + <listitem><para>Suppress hints and other non-essential output.</para> +diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze +index 8ecf9935715..1fde67218b9 100644 +--- a/shell-completion/bash/systemd-analyze ++++ b/shell-completion/bash/systemd-analyze +@@ -57,7 +57,7 @@ _systemd_analyze() { + + local -A OPTS=( + [STANDALONE]='-h --help --version --system --user --global --order --require --no-pager +- --man=no --generators=yes --quiet' ++ --man=no --generators=yes -q --quiet' + [ARG]='-H --host -M --machine --fuzz --from-pattern --to-pattern --root' + ) + +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index d2be144f4f4..ba95bbaba59 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -360,7 +360,7 @@ static int parse_argv(int argc, char *argv[]) { + assert(argc >= 0); + assert(argv); + +- while ((c = getopt_long(argc, argv, "hH:M:U:", options, NULL)) >= 0) ++ while ((c = getopt_long(argc, argv, "hH:M:U:q", options, NULL)) >= 0) + switch (c) { + + case 'h': diff --git a/backport-fix-cgtop-sscanf-return-code-checks.patch b/backport-fix-cgtop-sscanf-return-code-checks.patch new file mode 100644 index 0000000..59ddb47 --- /dev/null +++ b/backport-fix-cgtop-sscanf-return-code-checks.patch @@ -0,0 +1,30 @@ +From bab356f5a0b8d4a43a71076c2333ff4da7ed737e Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Fri, 19 Jan 2024 15:12:49 +0000 +Subject: [PATCH] cgtop: fix sscanf return code checks + +sscanf can return EOF on error, so check that we get a result instead. + +CodeQL#2386 and CodeQL#2387 + +(cherry picked from commit 204d52c4b79eb19d2919cb5214e999c58a6679c6) +--- + src/cgtop/cgtop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c +index e34da7cf728..ca514554408 100644 +--- a/src/cgtop/cgtop.c ++++ b/src/cgtop/cgtop.c +@@ -310,9 +310,9 @@ static int process( + + if (all_unified) { + while (!isempty(l)) { +- if (sscanf(l, "rbytes=%" SCNu64, &k)) ++ if (sscanf(l, "rbytes=%" SCNu64, &k) == 1) + rd += k; +- else if (sscanf(l, "wbytes=%" SCNu64, &k)) ++ else if (sscanf(l, "wbytes=%" SCNu64, &k) == 1) + wr += k; + + l += strcspn(l, WHITESPACE); diff --git a/backport-fix-conf-parser-oom-check-issue.patch b/backport-fix-conf-parser-oom-check-issue.patch new file mode 100644 index 0000000..689f06b --- /dev/null +++ b/backport-fix-conf-parser-oom-check-issue.patch @@ -0,0 +1,23 @@ +From 4dc646fa1ae83c570801a22d256e39eb3508a17b Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com> +Date: Tue, 30 Jan 2024 11:59:54 +0100 +Subject: [PATCH] conf-parser: fix OOM check + +(cherry picked from commit 0fa25bd5f4789e8b37be5dd7927bab81c18c2dcd) +--- + src/shared/conf-parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index 59a529d4bcb..e8ecd9bc794 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -466,7 +466,7 @@ int hashmap_put_stats_by_path(Hashmap **stats_by_path, const char *path, const s + return -ENOMEM; + + path_copy = strdup(path); +- if (!path) ++ if (!path_copy) + return -ENOMEM; + + r = hashmap_put(*stats_by_path, path_copy, st_copy); diff --git a/backport-fix-homed-log-message-typo-error.patch b/backport-fix-homed-log-message-typo-error.patch new file mode 100644 index 0000000..8ed943e --- /dev/null +++ b/backport-fix-homed-log-message-typo-error.patch @@ -0,0 +1,23 @@ +From 5df96d470fea91b29279e3ae7ff31deff907f751 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com> +Date: Tue, 12 Mar 2024 15:22:43 +0100 +Subject: [PATCH] homed: fix typo + +(cherry picked from commit d3d880e558e608de351c0b518c10953cba2ed0b3) +--- + src/home/homed-manager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c +index c4525310fc2..b8bef53db52 100644 +--- a/src/home/homed-manager.c ++++ b/src/home/homed-manager.c +@@ -1040,7 +1040,7 @@ static int manager_bind_varlink(Manager *m) { + assert(!m->userdb_service); + r = path_extract_filename(socket_path, &m->userdb_service); + if (r < 0) +- return log_error_errno(r, "Failed to extra filename from socket path '%s': %m", socket_path); ++ return log_error_errno(r, "Failed to extract filename from socket path '%s': %m", socket_path); + + /* Avoid recursion */ + if (setenv("SYSTEMD_BYPASS_USERDB", m->userdb_service, 1) < 0) diff --git a/backport-fix-log-message-not-match-glob-patterns-passed-to-disable-command.patch b/backport-fix-log-message-not-match-glob-patterns-passed-to-disable-command.patch new file mode 100644 index 0000000..b6dde46 --- /dev/null +++ b/backport-fix-log-message-not-match-glob-patterns-passed-to-disable-command.patch @@ -0,0 +1,27 @@ +From 819f3f0be986848d0b1ed82166e1244a6bd6d508 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 May 2024 15:14:37 +0900 +Subject: [PATCH] systemctl: fix log message when glob patterns passed to + disable command and friends + +Fixes #32599. + +(cherry picked from commit 1cca93f7f33547629cc174ec3690a2d40971d021) +--- + src/systemctl/systemctl-enable.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-enable.c b/src/systemctl/systemctl-enable.c +index 7d9b7c794a1..fc746b2b2be 100644 +--- a/src/systemctl/systemctl-enable.c ++++ b/src/systemctl/systemctl-enable.c +@@ -71,7 +71,8 @@ int verb_enable(int argc, char *argv[], void *userdata) { + if (!argv[1]) + return 0; + +- r = mangle_names("to enable", strv_skip(argv, 1), &names); ++ const char *operation = strjoina("to ", verb); ++ r = mangle_names(operation, strv_skip(argv, 1), &names); + if (r < 0) + return r; + diff --git a/backport-fix-memory-leak-in-cryptsetup-generator.patch b/backport-fix-memory-leak-in-cryptsetup-generator.patch new file mode 100644 index 0000000..14421ce --- /dev/null +++ b/backport-fix-memory-leak-in-cryptsetup-generator.patch @@ -0,0 +1,25 @@ +From 7ce0104da894efd4d43f25ae1f0e3454d085d9c8 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 31 May 2024 11:33:12 +0200 +Subject: [PATCH 7020/9500] cryptsetup-generator: Fix memory leak + +--- + src/cryptsetup/cryptsetup-generator.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 904e4cd..1446ea3 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -578,6 +578,8 @@ static crypto_device* crypt_device_free(crypto_device *d) { + free(d->uuid); + free(d->keyfile); + free(d->keydev); ++ free(d->headerdev); ++ free(d->datadev); + free(d->name); + free(d->options); + return mfree(d); +-- +2.33.0 + diff --git a/backport-install-allow-removing-symlinks-even-for-units-that-.patch b/backport-install-allow-removing-symlinks-even-for-units-that-.patch new file mode 100644 index 0000000..f817e02 --- /dev/null +++ b/backport-install-allow-removing-symlinks-even-for-units-that-.patch @@ -0,0 +1,74 @@ +From 5163c9b1e56293b1bb2803420613c5b374570892 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Fri, 7 Jun 2024 21:39:45 +0100 +Subject: [PATCH] install: allow removing symlinks even for units that are gone + +If a symlink is leftover, still allow cleaning it up via 'disable'. This +happens when a unit is stopped and removed, but not disabled, and a reload +has already happened. At that point, cleaning up the old symlinks becomes +impossible through the APIs, and needs to be done manually. Always allow +cleaning up symlinks, if they exist, by only erroring out if there is an +OOM. + +Follow-up for f31f10a6207efc9ae9e0b1f73975b5b610914017 + +Conflict:Adaptation TEST-26-SYSTEMCTL.sh to testsuite-26.sh +Reference:https://github.com/systemd/systemd/commit/5163c9b1e56293b1bb2803420613c5b374570892 + +--- + src/shared/install.c | 14 ++++++++++---- + test/units/testsuite-26.sh | 6 ++++++ + 2 files changed, 16 insertions(+), 4 deletions(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 0f4dab4..62d9c3c 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -2224,7 +2224,9 @@ static int install_context_mark_for_removal( + else { + log_debug_errno(r, "Unit %s not found, removing name.", i->name); + r = install_changes_add(changes, n_changes, r, i->path ?: i->name, NULL); +- if (r < 0) ++ /* In case there's no unit, we still want to remove any leftover symlink, even if ++ * the unit might have been removed already, hence treating ENOENT as non-fatal. */ ++ if (r != -ENOENT) + return r; + } + } else if (r < 0) { +@@ -2822,9 +2824,13 @@ static int do_unit_file_disable( + r = install_info_add(&ctx, *name, NULL, lp->root_dir, /* auxiliary= */ false, &info); + if (r >= 0) + r = install_info_traverse(&ctx, lp, info, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, NULL); +- +- if (r < 0) +- return install_changes_add(changes, n_changes, r, *name, NULL); ++ if (r < 0) { ++ r = install_changes_add(changes, n_changes, r, *name, NULL); ++ /* In case there's no unit, we still want to remove any leftover symlink, even if ++ * the unit might have been removed already, hence treating ENOENT as non-fatal. */ ++ if (r != -ENOENT) ++ return r; ++ } + + /* If we enable multiple units, some with install info and others without, + * the "empty [Install] section" warning is not shown. Let's make the behavior +diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh +index 1e11c42..d08b03a 100755 +--- a/test/units/testsuite-26.sh ++++ b/test/units/testsuite-26.sh +@@ -311,6 +311,12 @@ systemctl cat "$UNIT_NAME" + systemctl help "$UNIT_NAME" + systemctl service-watchdogs + systemctl service-watchdogs "$(systemctl service-watchdogs)" ++# Ensure that the enablement symlinks can still be removed after the user is gone, to avoid having leftovers ++systemctl enable "$UNIT_NAME" ++systemctl stop "$UNIT_NAME" ++rm -f "/usr/lib/systemd/system/$UNIT_NAME" ++systemctl daemon-reload ++systemctl disable "$UNIT_NAME" + + # show/set-environment + # Make sure PATH is set +-- +2.33.0 + diff --git a/backport-login-user-runtime-dir-properly-check-for-mount-poin.patch b/backport-login-user-runtime-dir-properly-check-for-mount-poin.patch new file mode 100644 index 0000000..474737a --- /dev/null +++ b/backport-login-user-runtime-dir-properly-check-for-mount-poin.patch @@ -0,0 +1,32 @@ +From 4c3e455c093c274e3ccbc4662e47a72c3f43a34d Mon Sep 17 00:00:00 2001 +From: Mike Yuan <me@yhndnzj.com> +Date: Mon, 5 Feb 2024 04:53:14 +0800 +Subject: [PATCH] login/user-runtime-dir: properly check for mount point + +(cherry picked from commit 561d8793058bba886d71f96fa157ca77cd6b5c23) +(cherry picked from commit 0ec2d29241b9d5d77630ba5ad7fa1cf4f632e1f6) +(cherry picked from commit ad9eafcc8264976b762efe4d0ce70f924d2be0bc) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/4c3e455c093c274e3ccbc4662e47a72c3f43a34d + +--- + src/login/user-runtime-dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c +index f96a2d8662..c74d8b8d0e 100644 +--- a/src/login/user-runtime-dir.c ++++ b/src/login/user-runtime-dir.c +@@ -66,7 +66,7 @@ static int user_mkdir_runtime_path( + if (r < 0) + return log_error_errno(r, "Failed to create /run/user: %m"); + +- if (path_is_mount_point(runtime_path, NULL, 0) >= 0) ++ if (path_is_mount_point(runtime_path, NULL, 0) > 0) + log_debug("%s is already a mount point", runtime_path); + else { + char options[sizeof("mode=0700,uid=,gid=,size=,nr_inodes=,smackfsroot=*") +-- +2.33.0 + diff --git a/backport-main-pass-the-right-error-variable.patch b/backport-main-pass-the-right-error-variable.patch new file mode 100644 index 0000000..117d28a --- /dev/null +++ b/backport-main-pass-the-right-error-variable.patch @@ -0,0 +1,25 @@ +From 56d0ed476290b51d8e3eb305a8fbfdfe7a873be8 Mon Sep 17 00:00:00 2001 +From: rpm-build <rpm-build> +Date: Tue, 21 May 2024 16:58:39 +0800 +Subject: [PATCH] main: pass the right error variable + +--- + src/core/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 534c14a..a63e954 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2517,7 +2517,7 @@ static void setenv_manager_environment(void) { + + r = putenv_dup(*p, true); + if (r < 0) +- log_warning_errno(errno, "Failed to setenv \"%s\", ignoring: %m", *p); ++ log_warning_errno(r, "Failed to setenv \"%s\", ignoring: %m", *p); + } + } + +-- +2.27.0 + diff --git a/backport-mount-optimize-mountinfo-traversal-by-decoupling-dev.patch b/backport-mount-optimize-mountinfo-traversal-by-decoupling-dev.patch new file mode 100644 index 0000000..daa0afa --- /dev/null +++ b/backport-mount-optimize-mountinfo-traversal-by-decoupling-dev.patch @@ -0,0 +1,50 @@ +From 00ad3f02275b507a753495ace5e5f84cb38b604d Mon Sep 17 00:00:00 2001 +From: Chen Guanqiao <chen.chenchacha@foxmail.com> +Date: Wed, 2 Oct 2024 13:10:21 +0800 +Subject: [PATCH] mount: optimize mountinfo traversal by decoupling device + discovery + +In mount_load_proc_self_mountinfo(), device_found_node() is synchronously called +during the traversal of mountinfo entries. When there are a large number of +mount points, and the device types are not significantly different, this results +in excessive time consumption during device discovery, causing a performance +bottleneck. This issue is particularly prominent on servers with a large number +of cores in IDC. + +This patch decouples device discovery from the mountinfo traversal process, +avoiding redundant device operations. As a result, it significantly improves +performance, especially in environments with numerous mount points. + +Signed-off-by: Chen Guanqiao <chen.chenchacha@foxmail.com> +--- + src/core/mount.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 28701df231..5261b80957 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1857,6 +1857,7 @@ static int mount_setup_unit( + static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; + _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; ++ _cleanup_set_free_ Set *devices = NULL; + int r; + + assert(m); +@@ -1883,7 +1884,11 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + if (!device || !path) + continue; + +- device_found_node(m, device, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT); ++ /* Just to achieve device name uniqueness. Note that the suppresion of the duplicate ++ * processing is merely an optimization, hence in case of OOM (unlikely) we'll just process ++ * it twice. */ ++ if (set_put_strdup_full(&devices, &path_hash_ops_free, device) != 0) ++ device_found_node(m, device, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT); + + (void) mount_setup_unit(m, device, path, options, fstype, set_flags); + } +-- +2.33.0 + diff --git a/backport-network-networkd-address-don-t-set-up-firewall-rules.patch b/backport-network-networkd-address-don-t-set-up-firewall-rules.patch new file mode 100644 index 0000000..d4bebb2 --- /dev/null +++ b/backport-network-networkd-address-don-t-set-up-firewall-rules.patch @@ -0,0 +1,31 @@ +From 58c6e75f263a1562f5550221af1ec1a9b6046143 Mon Sep 17 00:00:00 2001 +From: Topi Miettinen <toiwoton@gmail.com> +Date: Mon, 4 Dec 2023 21:49:12 +0200 +Subject: [PATCH] network/networkd-address: don't set up firewall rules here + +Don't set up firewall rules when we're just initializing the firewall context +for NFT sets. + +Fixes: #30257 +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/58c6e75f263a1562f5550221af1ec1a9b6046143 +--- + src/network/networkd-address.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index c1a8cd884..707113767 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -645,7 +645,7 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon + assert(nft_set_context); + + if (!address->link->manager->fw_ctx) { +- r = fw_ctx_new(&address->link->manager->fw_ctx); ++ r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false); + if (r < 0) + return; + } +-- +2.33.0 + diff --git a/backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch b/backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch new file mode 100644 index 0000000..2d1c9c9 --- /dev/null +++ b/backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch @@ -0,0 +1,57 @@ +From cc2030f928981947db8fb9ec185a82024abab2c4 Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Wed, 16 Oct 2024 15:19:09 +0800 +Subject: [PATCH] pid1: add env var to override default mount rate limit + interval + +Similar to 24a4542c. 24a4542c can only be set 1 in 1s at most, +sometimes we may need to set to something else(such as 1 in 2s). +So it's best to let the user decide. + +This also allows users to solve #34690. + +Signed-off-by: xujing <xujing125@huawei.com> +--- + src/core/mount.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index ead9b46..f4bc6eb 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1875,6 +1875,7 @@ static void mount_enumerate(Manager *m) { + mnt_init_debug(0); + + if (!m->mount_monitor) { ++ usec_t mount_rate_limit_interval = 1 * USEC_PER_SEC; + unsigned mount_rate_limit_burst = 5; + int fd; + +@@ -1916,14 +1917,21 @@ static void mount_enumerate(Manager *m) { + } + + /* Let users override the default (5 in 1s), as it stalls the boot sequence on busy systems. */ +- const char *e = secure_getenv("SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST"); ++ const char *e = secure_getenv("SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_INTERVAL_SEC"); ++ if (e) { ++ r = parse_sec(e, &mount_rate_limit_interval); ++ if (r < 0) ++ log_debug_errno(r, "Invalid value in $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_INTERVAL_SEC, ignoring: %s", e); ++ } ++ ++ e = secure_getenv("SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST"); + if (e) { + r = safe_atou(e, &mount_rate_limit_burst); + if (r < 0) +- log_debug("Invalid value in $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST, ignoring: %s", e); ++ log_debug_errno(r, "Invalid value in $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST, ignoring: %s", e); + } + +- r = sd_event_source_set_ratelimit(m->mount_event_source, 1 * USEC_PER_SEC, mount_rate_limit_burst); ++ r = sd_event_source_set_ratelimit(m->mount_event_source, mount_rate_limit_interval, mount_rate_limit_burst); + if (r < 0) { + log_error_errno(r, "Failed to enable rate limit for mount events: %m"); + goto fail; +-- +2.33.0 + diff --git a/backport-repart-fix-memory-leak.patch b/backport-repart-fix-memory-leak.patch new file mode 100644 index 0000000..5b87d38 --- /dev/null +++ b/backport-repart-fix-memory-leak.patch @@ -0,0 +1,24 @@ +From a81f5ffd40081441dafc678fe83d185436dde35a Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com> +Date: Tue, 18 Jun 2024 14:07:50 +0200 +Subject: [PATCH 7351/9500] repart: fix memory leak + +--- + src/partition/repart.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 473c83a..7ba2aad 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -181,6 +181,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep); + STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep); + STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep); + STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep); ++STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep); + STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); + STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep); + STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep); +-- +2.33.0 + diff --git a/backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-source.patch b/backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-source.patch new file mode 100644 index 0000000..1250f84 --- /dev/null +++ b/backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-source.patch @@ -0,0 +1,152 @@ +From 2c30104f8344406e71b792a8691af60af3afe177 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 2 Jul 2024 09:55:57 +0800 +Subject: [PATCH] sd-event: fix fd leak when fd is owned by IO event source + When an IO event source owns relevant fd, replacing with a new fd leaks the + previously assigned fd. === sd_event_add_io(event, &s, fd, ...); + sd_event_source_set_io_fd_own(s, true); sd_event_source_set_io_fd(s, new_fd); + <-- The previous fd is not closed. sd_event_source_unref(s); <-- new_fd is + closed as expected. === + +Without the change, valgrind reports the leak: +==998589== +==998589== FILE DESCRIPTORS: 4 open (3 std) at exit. +==998589== Open file descriptor 4: +==998589== at 0x4F119AB: pipe2 (in /usr/lib64/libc.so.6) +==998589== by 0x408830: test_sd_event_source_set_io_fd (test-event.c:862) +==998589== by 0x403302: run_test_table (tests.h:171) +==998589== by 0x408E31: main (test-event.c:935) +==998589== +==998589== +==998589== HEAP SUMMARY: +==998589== in use at exit: 0 bytes in 0 blocks +==998589== total heap usage: 33,305 allocs, 33,305 frees, 1,283,581 bytes allocated +==998589== +==998589== All heap blocks were freed -- no leaks are possible +==998589== +==998589== For lists of detected and suppressed errors, rerun with: -s +==998589== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) + +(cherry picked from commit 2fa4805) +(cherry picked from commit 6d2dd43) +(cherry picked from commit 5f8cf63) + +Conflict:test case adaptation +Reference:https://github.com/systemd/systemd-stable/commit/a4bb56c61a7bfef9bab3380b3c18709ab8fef3d8 +--- + man/sd_event_add_io.xml | 24 ++++++++++++++---------- + src/libsystemd/sd-event/sd-event.c | 17 ++++++++--------- + src/libsystemd/sd-event/test-event.c | 18 ++++++++++++++++++ + 3 files changed, 40 insertions(+), 19 deletions(-) + +diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml +index da0fa58..9d4fd27 100644 +--- a/man/sd_event_add_io.xml ++++ b/man/sd_event_add_io.xml +@@ -216,16 +216,20 @@ + source object and returns the non-negative file descriptor + or a negative error number on error (see below).</para> + +- <para><function>sd_event_source_set_io_fd()</function> +- changes the UNIX file descriptor of an I/O event source created +- previously with <function>sd_event_add_io()</function>. It takes +- the event source object and the new file descriptor.</para> +- +- <para><function>sd_event_source_set_io_fd_own()</function> controls whether the file descriptor of the event source +- shall be closed automatically when the event source is freed, i.e. whether it shall be considered 'owned' by the +- event source object. By default it is not closed automatically, and the application has to do this on its own. The +- <parameter>b</parameter> parameter is a boolean parameter: if zero, the file descriptor is not closed automatically +- when the event source is freed, otherwise it is closed.</para> ++ <para><function>sd_event_source_set_io_fd()</function> changes the UNIX file descriptor of an I/O event ++ source created previously with <function>sd_event_add_io()</function>. It takes the event source object ++ and the new file descriptor. If the event source takes the ownership of the previous file descriptor, ++ that is, <function>sd_event_source_set_io_fd_own()</function> was called for the event source with a ++ non-zero value, then the previous file descriptor will be closed and the event source will also take the ++ ownership of the new file descriptor on success.</para> ++ ++ <para><function>sd_event_source_set_io_fd_own()</function> controls whether the file descriptor of the ++ event source shall be closed automatically when the event source is freed (or when the file descriptor ++ assigned to the event source is replaced by <function>sd_event_source_set_io_fd()</function>), i.e. ++ whether it shall be considered 'owned' by the event source object. By default it is not closed ++ automatically, and the application has to do this on its own. The <parameter>b</parameter> parameter is a ++ boolean parameter: if zero, the file descriptor is not closed automatically when the event source is ++ freed, otherwise it is closed.</para> + + <para><function>sd_event_source_get_io_fd_own()</function> may be used to query the current setting of the file + descriptor ownership boolean flag as set with <function>sd_event_source_set_io_fd_own()</function>. It returns +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index d53a7a1..0b59f63 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -2696,7 +2696,7 @@ _public_ int sd_event_source_get_io_fd(sd_event_source *s) { + } + + _public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) { +- int r; ++ int saved_fd, r; + + assert_return(s, -EINVAL); + assert_return(fd >= 0, -EBADF); +@@ -2706,16 +2706,12 @@ _public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) { + if (s->io.fd == fd) + return 0; + +- if (event_source_is_offline(s)) { +- s->io.fd = fd; +- s->io.registered = false; +- } else { +- int saved_fd; ++ saved_fd = s->io.fd; ++ s->io.fd = fd; + +- saved_fd = s->io.fd; +- assert(s->io.registered); ++ assert(event_source_is_offline(s) == !s->io.registered); + +- s->io.fd = fd; ++ if (s->io.registered) { + s->io.registered = false; + + r = source_io_register(s, s->enabled, s->io.events); +@@ -2727,6 +2723,9 @@ _public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) { + + (void) epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, saved_fd, NULL); + } ++ ++ if (s->io.owned) ++ safe_close(saved_fd); + + return 0; + } +diff --git a/src/libsystemd/sd-event/test-event.c b/src/libsystemd/sd-event/test-event.c +index 63d3ee7..695b0ed 100644 +--- a/src/libsystemd/sd-event/test-event.c ++++ b/src/libsystemd/sd-event/test-event.c +@@ -809,6 +809,24 @@ TEST(inotify_process_buffered_data) { + assert_se(sd_event_wait(e, 0) == 0); + } + ++TEST(sd_event_source_set_io_fd) { ++ _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL; ++ _cleanup_(sd_event_unrefp) sd_event *e = NULL; ++ _cleanup_close_pair_ int pfd_a[2] = { -EBADF, -EBADF }, pfd_b[2] = { -EBADF, -EBADF }; ++ ++ assert_se(sd_event_default(&e) >= 0); ++ ++ assert_se(pipe2(pfd_a, O_CLOEXEC) >= 0); ++ assert_se(pipe2(pfd_b, O_CLOEXEC) >= 0); ++ ++ assert_se(sd_event_add_io(e, &s, pfd_a[0], EPOLLIN, NULL, INT_TO_PTR(-ENOANO)) >= 0); ++ assert_se(sd_event_source_set_io_fd_own(s, true) >= 0); ++ TAKE_FD(pfd_a[0]); ++ ++ assert_se(sd_event_source_set_io_fd(s, pfd_b[0]) >= 0); ++ TAKE_FD(pfd_b[0]); ++} ++ + TEST(fork) { + _cleanup_(sd_event_unrefp) sd_event *e = NULL; + int r; +-- +2.27.0 + diff --git a/backport-systemctl-fix-printing-of-RootImageOptions.patch b/backport-systemctl-fix-printing-of-RootImageOptions.patch new file mode 100644 index 0000000..f841729 --- /dev/null +++ b/backport-systemctl-fix-printing-of-RootImageOptions.patch @@ -0,0 +1,49 @@ +From 64d833dfa6bcac6d4c991447bfd63d6bcda1ba6b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 27 Sep 2024 20:17:12 +0200 +Subject: [PATCH] systemctl: fix printing of RootImageOptions + +The type is a(ss), so a custom printer is required. + +Fixes https://github.com/systemd/systemd/issues/33967. + +(cherry picked from commit 69c751c61cb2b386afe51f03b58f8f7ceeeb643e) +(cherry picked from commit 28ced52894cf6921d1fe9831f2def29de164e189) +--- + src/systemctl/systemctl-show.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 5d1eb492e1..7fe7f423f6 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -1742,6 +1742,29 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m + return bus_log_parse_error(r); + + return 1; ++ ++ } else if (streq(name, "RootImageOptions")) { ++ const char *a, *p; ++ ++ /* In config files, the syntax allows the partition name to be omitted. Here, we ++ * always print the partition name, also because we have no way of knowing if it was ++ * originally omitted or not. We also print the partitions on separate lines. */ ++ ++ r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(ss)"); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ while ((r = sd_bus_message_read(m, "(ss)", &a, &p)) > 0) ++ bus_print_property_valuef(name, expected_value, flags, "%s:%s", a, p); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ r = sd_bus_message_exit_container(m); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ return 1; ++ + } else if (streq(name, "MountImages")) { + _cleanup_free_ char *paths = NULL; + diff --git a/backport-temporarily-disable-test-seccomp.patch b/backport-temporarily-disable-test-seccomp.patch new file mode 100644 index 0000000..6af53ba --- /dev/null +++ b/backport-temporarily-disable-test-seccomp.patch @@ -0,0 +1,24 @@ +From 03a991c00674787d649240adda11f2506f2fcedc Mon Sep 17 00:00:00 2001 +From: xujing <xujing99@huawei.com> +Date: Tue, 22 Feb 2022 20:33:40 +0800 +Subject: [PATCH] temporarily disable test-seccomp + +--- + src/test/test-seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 2d06098..a95deb8 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -1199,4 +1199,6 @@ TEST(restrict_suid_sgid) { + assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); + } + +-DEFINE_TEST_MAIN(LOG_DEBUG); ++int main(int argc, char *argv[]) { ++ return 77; ++} +-- +2.33.0 + diff --git a/backport-unit-check-for-correct-function-in-vtable.patch b/backport-unit-check-for-correct-function-in-vtable.patch new file mode 100644 index 0000000..181ffa1 --- /dev/null +++ b/backport-unit-check-for-correct-function-in-vtable.patch @@ -0,0 +1,25 @@ +From 891be0c2e7da8d95217e25e91cf1216b46be73fd Mon Sep 17 00:00:00 2001 +From: Mike Yuan <me@yhndnzj.com> +Date: Wed, 17 Jan 2024 17:20:29 +0800 +Subject: [PATCH] core/unit: check for correct function in vtable + +Prompted by https://github.com/systemd/systemd/pull/30974/commits/61e44e01325eca50e88fc9cd400ee340081e9134 + +(cherry picked from commit 18cf8411b712e7264c56d80369c8945491af90ee) +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 41f3bdb226a..2fc9f5ad2d3 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -6605,7 +6605,7 @@ int activation_details_append_pair(ActivationDetails *details, char ***strv) { + return r; + } + +- if (ACTIVATION_DETAILS_VTABLE(details)->append_env) { ++ if (ACTIVATION_DETAILS_VTABLE(details)->append_pair) { + r = ACTIVATION_DETAILS_VTABLE(details)->append_pair(details, strv); + if (r < 0) + return r; diff --git a/backport-user-util-validate-the-right-field.patch b/backport-user-util-validate-the-right-field.patch new file mode 100644 index 0000000..250212a --- /dev/null +++ b/backport-user-util-validate-the-right-field.patch @@ -0,0 +1,32 @@ +From 3db209c9567c728c13b5d901e81f151ed1d2b0f7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 19 Jan 2024 11:32:26 +0100 +Subject: [PATCH] user-util: validate the right field + +(cherry picked from commit 829854afa5e38db30be207fc8f8f80705e623795) +(cherry picked from commit 624984ff423a98f1fd66e64ddfe3a8972d2f911f) +(cherry picked from commit 641b8d700694984e40199008b059a65184dc946b) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/3db209c9567c728c13b5d901e81f151ed1d2b0f7 + +--- + src/basic/user-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/user-util.c b/src/basic/user-util.c +index 519ab70118..c81d19409d 100644 +--- a/src/basic/user-util.c ++++ b/src/basic/user-util.c +@@ -314,7 +314,7 @@ int get_user_creds( + if (shell) { + if (FLAGS_SET(flags, USER_CREDS_CLEAN) && + (isempty(p->pw_shell) || +- !path_is_valid(p->pw_dir) || ++ !path_is_valid(p->pw_shell) || + !path_is_absolute(p->pw_shell) || + is_nologin_shell(p->pw_shell))) + *shell = NULL; +-- +2.33.0 + diff --git a/bugfix-also-stop-machine-when-a-machine-un.patch b/bugfix-also-stop-machine-when-a-machine-un.patch new file mode 100644 index 0000000..5d93a91 --- /dev/null +++ b/bugfix-also-stop-machine-when-a-machine-un.patch @@ -0,0 +1,145 @@ +From 89110c823f246d3d2c398652999826107da446bf Mon Sep 17 00:00:00 2001 +From: yangbin <robin.yb@huawei.com> +Date: Tue, 7 Apr 2020 12:01:39 +0800 +Subject: [PATCH] systemd-machined: Also stop machine when a machine unit is + active but the leader process is exited + +When a VM machine is created in a scenario as below, it will remain in systemd-machined even though it has already been terminated by libvirtd. +1. libvirtd sends a request to systemd-machined with the leader(the PID of the vm) to create a machine. +2. systemd-machined directs the request to systemd +3. systemd constructs a scope and creates cgroup for the machine. the scope unit is then added to job queue and will be started later. +4. the leader process(the PID of the vm) is terminated by libvirtd(due some reason) before the scope is started. +5. Since the scope unit is yet not started, systemd will not destroy the scope althrough it is noticed with the signal event. +6. systemd starts the scope, and now the scope and machine is in active but no leader process exist. +7. systemd-machined will not stop and destroy the machine, and remains in system until the scope is stopped by others or the OS is restarted. + +This patch fix this problem by ansering yes to stop machine in machine_check_gc +when the machine unit is active but the leader process has already exited. + +Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0 +--- + src/machine/machine.c | 37 ++++++++++++++++++++++++++++++++++++- + src/machine/machined-dbus.c | 35 +++++++++++++++++++++++++++++++++++ + src/machine/machined.h | 1 + + 3 files changed, 72 insertions(+), 1 deletion(-) + +diff --git a/src/machine/machine.c b/src/machine/machine.c +index 44ff5c1..2519fd7 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -34,6 +34,7 @@ + #include "tmpfile-util.h" + #include "unit-name.h" + #include "user-util.h" ++#include "cgroup-util.h" + + DEFINE_TRIVIAL_CLEANUP_FUNC(Machine*, machine_free); + +@@ -534,6 +535,40 @@ int machine_finalize(Machine *m) { + return 0; + } + ++static bool machine_validate_unit(Machine *m) { ++ int r; ++ _cleanup_free_ char *unit = NULL; ++ _cleanup_free_ char *cgroup = NULL; ++ ++ r = cg_pid_get_unit(m->leader.pid, &unit); ++ if (!r && streq(m->unit, unit)) ++ return true; ++ ++ if (r == -ESRCH) { ++ /* the original leader may exit and be replaced with a new leader when qemu hotreplace is performed. ++ * so we don't return true here, otherwise the vm will be added to the gc list. ++ * */ ++ log_info("Machine unit is in active, but the leader process is exited. " ++ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader.pid, m->unit); ++ } else if (r) { ++ log_info_errno(r, "Can not get unit from cgroup. " ++ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader.pid, m->unit); ++ } else if (unit && !streq(m->unit, unit)) { ++ log_info("Machine unit name not match. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader.pid, m->unit, unit); ++ } ++ ++ r = manager_get_unit_cgroup_path(m->manager, m->unit, &cgroup); ++ if (!r && !isempty(cgroup) && cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) > 0) { ++ log_info("Cgroup is empty in the machine unit. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader.pid, m->unit); ++ /*The vm will be added to gc list only when there is no any process in the scope*/ ++ return false; ++ } ++ ++ return true; ++} ++ + bool machine_may_gc(Machine *m, bool drop_not_started) { + assert(m); + +@@ -546,7 +581,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { + if (m->scope_job && manager_job_is_active(m->manager, m->scope_job)) + return false; + +- if (m->unit && manager_unit_is_active(m->manager, m->unit)) ++ if (m->unit && manager_unit_is_active(m->manager, m->unit) && machine_validate_unit(m)) + return false; + + return true; +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 9fec047..938f42b 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -1514,3 +1514,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { + + return 0; + } ++ ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup) { ++ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_free_ char *path = NULL; ++ const char *cgroup_path = NULL; ++ int r; ++ ++ assert(manager); ++ assert(unit); ++ ++ path = unit_dbus_path_from_name(unit); ++ if (!path) ++ return -ENOMEM; ++ ++ r = sd_bus_get_property( ++ manager->bus, ++ "org.freedesktop.systemd1", ++ path, ++ endswith(unit, ".scope") ? "org.freedesktop.systemd1.Scope" : "org.freedesktop.systemd1.Service", ++ "ControlGroup", ++ &error, ++ &reply, ++ "s"); ++ if (r < 0) { ++ return r; ++ } ++ ++ r = sd_bus_message_read(reply, "s", &cgroup_path); ++ if (r < 0) ++ return -EINVAL; ++ *cgroup = strdup(cgroup_path); ++ ++ return 0; ++} +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 280c32b..6b8d98b 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -58,6 +58,7 @@ int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_erro + int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error); + int manager_unit_is_active(Manager *manager, const char *unit); + int manager_job_is_active(Manager *manager, const char *path); ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup); + + #if ENABLE_NSCD + int manager_enqueue_nscd_cache_flush(Manager *m); +-- +2.33.0 + diff --git a/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch b/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch new file mode 100644 index 0000000..2f1b02c --- /dev/null +++ b/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch @@ -0,0 +1,40 @@ +From c003873099e47dccf2e57816291bd6b7de4a5790 Mon Sep 17 00:00:00 2001 +From: jiangchuangang <jiangchuangang@huawei.com> +Date: Wed, 13 Jul 2022 21:39:06 +0800 +Subject: [PATCH] bugfix for cpuset and Delegate + +--- + src/core/cgroup.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 0e4c94d..e887d49 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1963,6 +1963,8 @@ static int unit_update_cgroup( + u->cgroup_enabled_mask = result_mask; + + migrate_mask = u->cgroup_realized_mask ^ target_mask; ++ if (u->type != UNIT_SLICE && FLAGS_SET(target_mask, CGROUP_MASK_CPUSET) && cg_all_unified() == 0) ++ migrate_mask |= CGROUP_MASK_CPUSET; + } + + /* Keep track that this is now realized */ +@@ -1977,9 +1979,11 @@ static int unit_update_cgroup( + * delegated units. + */ + if (cg_all_unified() == 0) { +- r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); +- if (r < 0) +- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ if (!unit_cgroup_delegate(u)) { ++ r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); ++ if (r < 0) ++ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ } + + is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); + r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); +-- +2.33.0 + diff --git a/change-NTP-server-to-x.pool.ntp.org.patch b/change-NTP-server-to-x.pool.ntp.org.patch new file mode 100644 index 0000000..33798fd --- /dev/null +++ b/change-NTP-server-to-x.pool.ntp.org.patch @@ -0,0 +1,25 @@ +From bdf0536bace233a0da7e1ff094c8cb81ded18c38 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 23 Feb 2021 15:07:17 +0800 +Subject: [PATCH] change NTP server to x.pool.ntp.org + +--- + meson_options.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson_options.txt b/meson_options.txt +index 163c8df..ba7adf9 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -312,7 +312,7 @@ option('dns-servers', type : 'string', + value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google') + option('ntp-servers', type : 'string', + description : 'space-separated list of default NTP servers', +- value : 'time1.google.com time2.google.com time3.google.com time4.google.com') ++ value : '0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org') + option('support-url', type : 'string', + description : 'the support URL to show in catalog entries included in systemd', + value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel') +-- +2.27.0 + diff --git a/check-whether-command_prev-is-null-before-assigning-.patch b/check-whether-command_prev-is-null-before-assigning-.patch new file mode 100644 index 0000000..06ebf86 --- /dev/null +++ b/check-whether-command_prev-is-null-before-assigning-.patch @@ -0,0 +1,35 @@ +From 5fe226b4378a2466d906ae45b8544f1003e9885a Mon Sep 17 00:00:00 2001 +From: yefei25 <yefei25@huawei.com> +Date: Wed, 8 Apr 2020 23:10:58 -0400 +Subject: [PATCH 1/2] check whether command_prev is null before assigning value + +--- + src/core/service.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 9a26271f72..3c255b3bcc 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2569,12 +2569,16 @@ static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, ExecC + assert(s); + assert(id >= 0); + assert(id < _SERVICE_EXEC_COMMAND_MAX); +- ++ if (!current) ++ return 0; + const ExecCommand *first = s->exec_command[id]; + + /* Figure out where we are in the list by walking back to the beginning */ +- for (const ExecCommand *c = current; c != first; c = c->command_prev) ++ for (const ExecCommand *c = current; c != first; c = c->command_prev) { + idx++; ++ if (!c->command_prev) ++ return idx; ++ } + + return idx; + } +-- +2.19.1 + diff --git a/core-add-OptionalLog-to-allow-users-change-log-level.patch b/core-add-OptionalLog-to-allow-users-change-log-level.patch new file mode 100644 index 0000000..d3eda32 --- /dev/null +++ b/core-add-OptionalLog-to-allow-users-change-log-level.patch @@ -0,0 +1,140 @@ +From 637310cf1903f9072a391074a65855fc1c41ae2b Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Fri, 15 Apr 2022 09:28:15 +0800 +Subject: [PATCH] core: add OptionalLog to allow users change log level. +This adds log_optional* log_unit_optional* to log messages in LOG_INFO +or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no. +--- + src/basic/log.h | 2 ++ + src/core/dbus-manager.c | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 ++ + src/core/manager.h | 1 + + src/core/mount.c | 2 +- + src/core/system.conf.in | 1 + + src/core/unit.h | 2 ++ + 8 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/basic/log.h b/src/basic/log.h +index 9008d47..bf6aa8e 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -245,6 +245,7 @@ int log_emergency_level(void); + #define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__) + #define log_error(...) log_full(LOG_ERR, __VA_ARGS__) + #define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__) ++#define log_optional(use_info, ...) log_full(((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + /* Logging triggered by an errno-like error */ + #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__) +@@ -253,6 +254,7 @@ int log_emergency_level(void); + #define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__) + #define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__) + #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__) ++#define log_optional_errno(error, use_info, ...) log_full_errno(((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + /* This logs at the specified level the first time it is called, and then + * logs at debug. If the specified level is debug, this logs only the first +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 0f9d4e8..a644e86 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2963,6 +2963,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0), + SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0), ++ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, defaults.optional_log), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0), + SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0), +diff --git a/src/core/main.c b/src/core/main.c +index 96b0a11..c4379cf 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -617,6 +617,7 @@ static int parse_config_file(void) { + { "Manager", "LogColor", config_parse_color, 0, NULL }, + { "Manager", "LogLocation", config_parse_location, 0, NULL }, + { "Manager", "LogTime", config_parse_time, 0, NULL }, ++ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_defaults.optional_log }, + { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, + { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, +diff --git a/src/core/manager.c b/src/core/manager.c +index 3d14ea1..59170af 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.ip_accounting = defaults->ip_accounting; + + m->defaults.tasks_max = defaults->tasks_max; ++ m->defaults.optional_log = defaults->optional_log; + m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec; + + m->defaults.oom_policy = defaults->oom_policy; +@@ -4971,6 +4972,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .ip_accounting = false, + + .tasks_max = DEFAULT_TASKS_MAX, ++ .optional_log = false, + .timer_accuracy_usec = 1 * USEC_PER_MINUTE, + + .memory_pressure_watch = CGROUP_PRESSURE_WATCH_AUTO, +diff --git a/src/core/manager.h b/src/core/manager.h +index 93e9d2a..6dd1a18 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -181,6 +181,7 @@ typedef struct UnitDefaults { + usec_t memory_pressure_threshold_usec; + + char *smack_process_label; ++ bool optional_log; + + struct rlimit *rlimit[_RLIMIT_MAX]; + } UnitDefaults; +diff --git a/src/core/mount.c b/src/core/mount.c +index 52bd53e..26cade1 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -781,7 +781,7 @@ static void mount_set_state(Mount *m, MountState state) { + } + + if (state != old_state) +- log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); ++ log_unit_optional(UNIT(m), UNIT(m)->manager->defaults.optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); + + unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS); + } +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index dbdc47c..a55106c 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -22,6 +22,7 @@ + #LogColor=yes + #LogLocation=no + #LogTime=no ++#OptionalLog=no + #DumpCore=yes + #ShowStatus=yes + #CrashChangeVT=no +diff --git a/src/core/unit.h b/src/core/unit.h +index 60bc2e3..afa4387 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -1132,12 +1132,14 @@ int unit_compare_priority(Unit *a, Unit *b); + #define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__) + #define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__) + #define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__) ++#define log_unit_optional(unit, use_info, ...) log_unit_full(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + #define log_unit_debug_errno(unit, error, ...) log_unit_full_errno(unit, LOG_DEBUG, error, __VA_ARGS__) + #define log_unit_info_errno(unit, error, ...) log_unit_full_errno(unit, LOG_INFO, error, __VA_ARGS__) + #define log_unit_notice_errno(unit, error, ...) log_unit_full_errno(unit, LOG_NOTICE, error, __VA_ARGS__) + #define log_unit_warning_errno(unit, error, ...) log_unit_full_errno(unit, LOG_WARNING, error, __VA_ARGS__) + #define log_unit_error_errno(unit, error, ...) log_unit_full_errno(unit, LOG_ERR, error, __VA_ARGS__) ++#define log_unit_optional_errno(unit, use_info, error, ...) log_unit_full_errno(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + #if LOG_TRACE + # define log_unit_trace(...) log_unit_debug(__VA_ARGS__) +-- +2.33.0 + diff --git a/core-add-invalidate-cgroup-config.patch b/core-add-invalidate-cgroup-config.patch new file mode 100644 index 0000000..3179d4c --- /dev/null +++ b/core-add-invalidate-cgroup-config.patch @@ -0,0 +1,102 @@ +From d56b3978bbcd28246b3e3ce3f8c958ac95785dd7 Mon Sep 17 00:00:00 2001 +From: fangxiuning <fangxiuning@huawei.com> +Date: Wed, 22 Apr 2020 11:55:18 +0800 +Subject: + After systemd 239 version, a new feature is added to cgroups. +The processes started by users default to the cgroup group belonging +to user.slice, and the processes started by the system default to +system.slice. This is the direction of github systemd evolution. +However, there are still a large number of operations downstream +that systemd does not perceive to modify the cgroup group, +such as directly echo the process number to system.slice. + +For example: +1. sleep 1000 & +2. echo sleep pid > /sys/fs/cgroup/memory/system.slice/task +3. systemctl daemon-reload +4. cat /proc/sleep pid/cgroup +this kind of operation, systemd is not aware of it. +When systemctl disable service or systemctl daemon-reload operation +is executed, systemd will re-attach each process to its original +Under the group(user.slice). + +--- + src/core/main.c | 1 + + src/core/manager.c | 2 ++ + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit-serialize.c | 2 +- + 5 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index e9f56fa..964adb5 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -684,6 +684,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, ++ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_defaults.invalidate_cgroup }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, + { "Manager", "DefaultMemoryPressureWatch", config_parse_memory_pressure_watch, 0, &arg_defaults.memory_pressure_watch }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action }, +diff --git a/src/core/manager.c b/src/core/manager.c +index 59170af..57dd3d1 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.ip_accounting = defaults->ip_accounting; + + m->defaults.tasks_max = defaults->tasks_max; ++ m->defaults.invalidate_cgroup = defaults->invalidate_cgroup; + m->defaults.optional_log = defaults->optional_log; + m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec; + +@@ -4969,6 +4970,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, ++ .invalidate_cgroup = true, + .ip_accounting = false, + + .tasks_max = DEFAULT_TASKS_MAX, +diff --git a/src/core/manager.h b/src/core/manager.h +index 3c954af..0c9a2ea 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -173,6 +173,7 @@ typedef struct UnitDefaults { + + CGroupTasksMax tasks_max; + usec_t timer_accuracy_usec; ++ bool invalidate_cgroup; + + OOMPolicy oom_policy; + int oom_score_adjust; +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index a55106c..f48452d 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -78,6 +78,7 @@ DefaultLimitMEMLOCK=64M + #DefaultLimitNICE= + #DefaultLimitRTPRIO= + #DefaultLimitRTTIME= ++#DefaultInvalidateCgroup=yes + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index fe4221c..091e7b6 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -574,7 +574,7 @@ int unit_deserialize_state(Unit *u, FILE *f, FDSet *fds) { + /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings + * applied after we are done. For that we invalidate anything already realized, so that we can + * realize it again. */ +- if (u->cgroup_realized) { ++ if (u->cgroup_realized && u->manager->defaults.invalidate_cgroup) { + unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); + unit_invalidate_cgroup_bpf(u); + } +-- +2.33.0 + diff --git a/core-cgroup-support-cpuset.patch b/core-cgroup-support-cpuset.patch new file mode 100644 index 0000000..84560b6 --- /dev/null +++ b/core-cgroup-support-cpuset.patch @@ -0,0 +1,615 @@ +From 8fc496f1e5b6d71d29eb446e02f6317bdc45c7c2 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support cpuset + +This patch add support for cpuset subsystem. +--- + meson.build | 2 + + meson_options.txt | 3 + + src/basic/cgroup-util.h | 8 ++- + src/basic/string-util.c | 42 +++++++++++ + src/basic/string-util.h | 1 + + src/core/cgroup.c | 62 ++++++++++++++++- + src/core/cgroup.h | 6 ++ + src/core/dbus-cgroup.c | 42 +++++++++++ + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 5 ++ + src/core/load-fragment.c | 69 +++++++++++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 15 +++- + src/shared/cpu-set-util.c | 1 + + src/test/test-cgroup-mask.c | 1 + + .../fuzz-unit-file/directives-all.service | 5 ++ + 21 files changed, 264 insertions(+), 6 deletions(-) + +diff --git a/meson.build b/meson.build +index 7419e2b..614013b 100644 +--- a/meson.build ++++ b/meson.build +@@ -1578,6 +1578,7 @@ foreach term : ['analyze', + 'binfmt', + 'compat-mutable-uid-boundaries', + 'coredump', ++ 'cpuset-cgv1', + 'efi', + 'environment-d', + 'firstboot', +@@ -2853,6 +2854,7 @@ foreach tuple : [ + ['fexecve'], + ['standalone-binaries', get_option('standalone-binaries')], + ['coverage', get_option('b_coverage')], ++ ['cpuset-cgv1'], + ] + + if tuple.length() >= 2 +diff --git a/meson_options.txt b/meson_options.txt +index e708745..5fda5d9 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -514,3 +514,6 @@ option('bpf-compiler', type : 'combo', choices : ['clang', 'gcc'], + description: 'compiler used to build BPF programs') + option('bpf-framework', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' }, + description: 'build BPF programs from source code in restricted C') ++ ++option('cpuset-cgv1', type : 'boolean', value : 'true', ++ description : 'enable cgroup v1 cpuset support') +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index 6ab14c7..831f8ce 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -22,7 +22,7 @@ typedef enum CGroupController { + /* Original cgroup controllers */ + CGROUP_CONTROLLER_CPU, + CGROUP_CONTROLLER_CPUACCT, /* v1 only */ +- CGROUP_CONTROLLER_CPUSET, /* v2 only */ ++ CGROUP_CONTROLLER_CPUSET, + CGROUP_CONTROLLER_IO, /* v2 only */ + CGROUP_CONTROLLER_BLKIO, /* v1 only */ + CGROUP_CONTROLLER_MEMORY, +@@ -62,7 +62,11 @@ typedef enum CGroupMask { + CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES), + + /* All real cgroup v1 controllers */ +- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS ++#if ENABLE_CPUSET_CGV1 ++ | CGROUP_MASK_CPUSET ++#endif ++ , + + /* All real cgroup v2 controllers */ + CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, +diff --git a/src/basic/string-util.c b/src/basic/string-util.c +index 7329bfa..0fecb40 100644 +--- a/src/basic/string-util.c ++++ b/src/basic/string-util.c +@@ -1295,6 +1295,48 @@ int string_contains_word_strv(const char *string, const char *separators, char * + return !!found; + } + ++int string_isvalid_interval(const char *instr) ++{ ++ const char *pstr = instr; /* tmp */ ++ const char *pstr_front = instr; /* front char */ ++ const char *pstr_behind = instr; /* behind char */ ++ ++ if (isempty(instr)) ++ { ++ return 1; ++ } ++ ++ while (*pstr != '\0') ++ { ++ /* behind */ ++ pstr_behind = pstr + 1; ++ ++ /* 0-3,4,6,7-10 */ ++ if (((*pstr < '0') || (*pstr > '9')) && ++ (*pstr != '-') && ++ (*pstr != ',')) ++ { ++ return 2; ++ } ++ ++ /* - , must is a num */ ++ if (('-' == *pstr) || (',' == *pstr)) ++ { ++ if ((*pstr_front < '0') || (*pstr_front > '9') || ++ (*pstr_behind < '0') || (*pstr_behind > '9')) ++ { ++ return 3; ++ } ++ } ++ ++ /* front */ ++ pstr_front = pstr; ++ pstr++; ++ } ++ ++ return 0; ++} ++ + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { + if (!s1 && !s2) + return true; +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index b6d8be3..c6773d3 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -270,6 +270,7 @@ static inline int string_contains_word(const char *string, const char *separator + return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); + } + ++int string_isvalid_interval(const char *instr); + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); + + char *string_replace_char(char *str, char old_char, char new_char); +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 78bc551..3154fd3 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -293,6 +293,12 @@ void cgroup_context_done(CGroupContext *c) { + + c->restrict_network_interfaces = set_free_free(c->restrict_network_interfaces); + ++ if (c->cpuset_cpus_v1) ++ c->cpuset_cpus_v1 = mfree(c->cpuset_cpus_v1); ++ ++ if (c->cpuset_mems_v1) ++ c->cpuset_mems_v1 = mfree(c->cpuset_mems_v1); ++ + cpu_set_reset(&c->cpuset_cpus); + cpu_set_reset(&c->startup_cpuset_cpus); + cpu_set_reset(&c->cpuset_mems); +@@ -535,6 +541,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sIOAccounting: %s\n" + "%sBlockIOAccounting: %s\n" + "%sMemoryAccounting: %s\n" ++ "%sCPUSetAccounting: %s\n" + "%sTasksAccounting: %s\n" + "%sIPAccounting: %s\n" + "%sCPUWeight: %" PRIu64 "\n" +@@ -565,6 +572,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sStartupMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" ++ "%sCPUSetCpus=%s\n" ++ "%sCPUSetMems=%s\n" ++ "%sCPUSetCloneChildren=%s\n" ++ "%sCPUSetMemMigrate=%s\n" + "%sTasksMax: %" PRIu64 "\n" + "%sDevicePolicy: %s\n" + "%sDisableControllers: %s\n" +@@ -579,6 +590,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->io_accounting), + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), ++ prefix, yes_no(c->cpuset_accounting), + prefix, yes_no(c->tasks_accounting), + prefix, yes_no(c->ip_accounting), + prefix, c->cpu_weight, +@@ -609,6 +621,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"), + prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"), + prefix, c->memory_limit, ++ prefix, c->cpuset_cpus_v1, ++ prefix, c->cpuset_mems_v1, ++ prefix, yes_no(c->cpuset_clone_children), ++ prefix, yes_no(c->cpuset_memory_migrate), + prefix, cgroup_tasks_max_resolve(&c->tasks_max), + prefix, cgroup_device_policy_to_string(c->device_policy), + prefix, strempty(disable_controllers_str), +@@ -1728,8 +1744,47 @@ static void cgroup_context_apply( + } + + if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { +- cgroup_apply_unified_cpuset(u, cgroup_context_allowed_cpus(c, state), "cpuset.cpus"); +- cgroup_apply_unified_cpuset(u, cgroup_context_allowed_mems(c, state), "cpuset.mems"); ++ if (cg_all_unified() == 0) { ++ (void) set_attribute_and_warn(u, "cpuset", "cgroup.clone_children", one_zero(c->cpuset_clone_children)); ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.memory_migrate", one_zero(c->cpuset_memory_migrate)); ++ if (c->cpuset_cpus_v1) { ++ if (streq(c->cpuset_cpus_v1, "all")) { ++ _cleanup_free_ char *str_cpuset_cpus = NULL; ++ _cleanup_free_ char *cg_root_path_cpus = NULL; ++ r = cg_get_root_path(&cg_root_path_cpus); ++ if (r < 0) ++ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset cpus: %m"); ++ if (cg_root_path_cpus) { ++ r = cg_get_attribute("cpuset", cg_root_path_cpus, "cpuset.cpus", &str_cpuset_cpus); ++ if (r < 0) ++ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_cpus); ++ if (str_cpuset_cpus) ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", str_cpuset_cpus); ++ } ++ } else ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", c->cpuset_cpus_v1); ++ } ++ if (c->cpuset_mems_v1) { ++ if (streq(c->cpuset_mems_v1, "all")) { ++ _cleanup_free_ char *str_cpuset_mems = NULL; ++ _cleanup_free_ char *cg_root_path_mems = NULL; ++ r = cg_get_root_path(&cg_root_path_mems); ++ if (r < 0) ++ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset mems: %m"); ++ if (cg_root_path_mems) { ++ r = cg_get_attribute("cpuset", cg_root_path_mems, "cpuset.mems", &str_cpuset_mems); ++ if (r < 0) ++ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_mems); ++ if (str_cpuset_mems) ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", str_cpuset_mems); ++ } ++ } else ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", c->cpuset_mems_v1); ++ } ++ } else { ++ cgroup_apply_unified_cpuset(u, cgroup_context_allowed_cpus(c, state), "cpuset.cpus"); ++ cgroup_apply_unified_cpuset(u, cgroup_context_allowed_mems(c, state), "cpuset.mems"); ++ } + } + + /* The 'io' controller attributes are not exported on the host's root cgroup (being a pure cgroup v2 +@@ -2044,7 +2099,8 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + c->cpu_quota_per_sec_usec != USEC_INFINITY) + mask |= CGROUP_MASK_CPU; + +- if (cgroup_context_has_allowed_cpus(c) || cgroup_context_has_allowed_mems(c)) ++ if (cgroup_context_has_allowed_cpus(c) || cgroup_context_has_allowed_mems(c) || ++ c->cpuset_accounting || c->cpuset_cpus_v1 || c->cpuset_mems_v1) + mask |= CGROUP_MASK_CPUSET; + + if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c)) +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index f1b674b..a4bd959 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -134,6 +134,7 @@ struct CGroupContext { + bool io_accounting; + bool blockio_accounting; + bool memory_accounting; ++ bool cpuset_accounting; + bool tasks_accounting; + bool ip_accounting; + +@@ -177,6 +178,11 @@ struct CGroupContext { + uint64_t memory_zswap_max; + uint64_t startup_memory_zswap_max; + ++ char *cpuset_cpus_v1; ++ char *cpuset_mems_v1; ++ bool cpuset_clone_children; ++ bool cpuset_memory_migrate; ++ + bool default_memory_min_set:1; + bool default_memory_low_set:1; + bool default_startup_memory_low_set:1; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 4237e69..e82d56e 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -488,6 +488,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), ++ SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), ++ SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus_v1), 0), ++ SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems_v1), 0), ++ SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), ++ SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), + SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), +@@ -1279,6 +1284,43 @@ int bus_cgroup_set_property( + if (streq(name, "MemoryLimitScale")) + return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error); + ++ if (streq(name, "CPUSetAccounting")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); ++ ++ if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { ++ const char *cpuset_str = NULL; ++ ++ r = sd_bus_message_read(message, "s", &cpuset_str); ++ if (r < 0) ++ return r; ++ ++ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { ++ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); ++ if (streq(name, "CPUSetCpus")) { ++ if (c->cpuset_cpus_v1) ++ c->cpuset_cpus_v1 = mfree(c->cpuset_cpus_v1); ++ c->cpuset_cpus_v1 = strdup(cpuset_str); ++ if (!c->cpuset_cpus_v1) ++ return -ENOMEM; ++ unit_write_settingf(u, flags, name, "CPUSetCpus=%s", cpuset_str); ++ } else { ++ if (c->cpuset_mems_v1) ++ c->cpuset_mems_v1 = mfree(c->cpuset_mems_v1); ++ c->cpuset_mems_v1 = strdup(cpuset_str); ++ if (!c->cpuset_mems_v1) ++ return -ENOMEM; ++ unit_write_settingf(u, flags, name, "CPUSetMems=%s", cpuset_str); ++ } ++ } ++ return 1; ++ } ++ ++ if (streq(name, "CPUSetCloneChildren")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_clone_children, CGROUP_MASK_CPUSET, message, flags, error); ++ ++ if (streq(name, "CPUSetMemMigrate")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); ++ + if (streq(name, "TasksAccounting")) + return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 745f5cc..fc49e7d 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -3005,6 +3005,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 45f9ab0..62c4027 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -221,6 +221,11 @@ + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) ++{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus_v1) ++{{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems_v1) ++{{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) ++{{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) + {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 6e3a22b..cbc75e1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3904,6 +3904,75 @@ int config_parse_memory_limit( + return 0; + } + ++int config_parse_cpuset_cpumems( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) ++{ ++ char **pcpumems = data; ++ char *pinstr = NULL; ++ int iret = 0; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(data); ++ (void)section; ++ (void)section_line; ++ (void)ltype; ++ (void)userdata; ++ ++ if (!utf8_is_valid(rvalue)) ++ { ++ log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue); ++ return 0; ++ } ++ ++ if (0 == strcmp(rvalue, "all")) ++ { ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ { ++ return log_oom(); ++ } ++ ++ free(*pcpumems); ++ *pcpumems = pinstr; ++ ++ return 0; ++ } ++ ++ /* 0-2,4 */ ++ iret = string_isvalid_interval(rvalue); ++ if (0 != iret) ++ { ++ pinstr = NULL; ++ log_syntax(unit, LOG_ERR, filename, line, EINVAL, ++ "cpuset cpumems '%s' is invalid, Ignoring(%d).", ++ rvalue, iret); ++ } ++ else ++ { ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ { ++ return log_oom(); ++ } ++ } ++ ++ free(*pcpumems); ++ *pcpumems = pinstr; ++ ++ return 0; ++} ++ + int config_parse_tasks_max( + const char *unit, + const char *filename, +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index 6919805..0b77c8b 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -84,6 +84,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); + CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); ++CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); + CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup); +diff --git a/src/core/main.c b/src/core/main.c +index bfdcc13..724593a 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -678,6 +678,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting }, + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting }, ++ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, +diff --git a/src/core/manager.c b/src/core/manager.c +index ce20d6b..ef22fed 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4192,6 +4192,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + + m->defaults.cpu_accounting = defaults->cpu_accounting; + m->defaults.memory_accounting = defaults->memory_accounting; ++ m->defaults.cpuset_accounting = defaults->cpuset_accounting; + m->defaults.io_accounting = defaults->io_accounting; + m->defaults.blockio_accounting = defaults->blockio_accounting; + m->defaults.tasks_accounting = defaults->tasks_accounting; +@@ -4961,6 +4962,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + * controller to be enabled, so the default is to enable it unless we got told otherwise. */ + .cpu_accounting = cpu_accounting_is_cheap(), + .memory_accounting = MEMORY_ACCOUNTING_DEFAULT, ++ .cpuset_accounting = false, + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, +diff --git a/src/core/manager.h b/src/core/manager.h +index d96eb7b..e560811 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -165,6 +165,7 @@ typedef struct UnitDefaults { + bool memory_accounting; + bool io_accounting; + bool blockio_accounting; ++ bool cpuset_accounting; + bool tasks_accounting; + bool ip_accounting; + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 90109ad..69ea5d6 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -57,6 +57,7 @@ + #DefaultIOAccounting=no + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} ++#DefaultCpusetAccounting= + #DefaultTasksAccounting=yes + #DefaultTasksMax=80% + #DefaultLimitCPU= +diff --git a/src/core/unit.c b/src/core/unit.c +index 3d60904..e38a535 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -188,6 +188,7 @@ static void unit_init(Unit *u) { + cc->io_accounting = u->manager->defaults.io_accounting; + cc->blockio_accounting = u->manager->defaults.blockio_accounting; + cc->memory_accounting = u->manager->defaults.memory_accounting; ++ cc->cpuset_accounting = u->manager->defaults.cpuset_accounting; + cc->tasks_accounting = u->manager->defaults.tasks_accounting; + cc->ip_accounting = u->manager->defaults.ip_accounting; + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 4ee9706..a8f493e 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -566,7 +566,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "BlockIOAccounting", + "TasksAccounting", + "IPAccounting", +- "CoredumpReceive")) ++ "CoredumpReceive", ++ "CPUSetAccounting", ++ "CPUSetCloneChildren", ++ "CPUSetMemMigrate")) + return bus_append_parse_boolean(m, field, eq); + + if (STR_IN_SET(field, "CPUWeight", +@@ -672,6 +675,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + return bus_append_parse_size(m, field, eq, 1024); + } + ++ if (STR_IN_SET(field, "CPUSetCpus", "CPUSetMems")) { ++ if (string_isvalid_interval(eq) == 0 || streq(eq, "all")) ++ r = sd_bus_message_append(m, "(sv)", field, "s", eq); ++ else ++ r = -EINVAL; ++ if (r < 0) ++ return bus_log_create_error(r); ++ return 1; ++ } ++ + if (streq(field, "CPUQuota")) { + if (isempty(eq)) + r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); +diff --git a/src/shared/cpu-set-util.c b/src/shared/cpu-set-util.c +index d096576..356a46a 100644 +--- a/src/shared/cpu-set-util.c ++++ b/src/shared/cpu-set-util.c +@@ -7,6 +7,7 @@ + + #include "alloc-util.h" + #include "cpu-set-util.h" ++#include "cgroup-util.h" + #include "dirent-util.h" + #include "errno-util.h" + #include "extract-word.h" +diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c +index bfc8fac..5dd569f 100644 +--- a/src/test/test-cgroup-mask.c ++++ b/src/test/test-cgroup-mask.c +@@ -55,6 +55,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { + * else. */ + m->defaults.cpu_accounting = + m->defaults.memory_accounting = ++ m->defaults.cpuset_accounting = + m->defaults.blockio_accounting = + m->defaults.io_accounting = + m->defaults.tasks_accounting = false; +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 4bdc48a..0e953f2 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -52,6 +52,11 @@ BusName= + CoredumpFilter= + CPUAccounting= + CPUQuota= ++CPUSetAccounting= ++CPUSetCloneChildren= ++CPUSetCpus= ++CPUSetMemMigrate= ++CPUSetMems= + CPUShares= + CPUWeight= + CapabilityBoundingSet= +-- +2.23.0 + diff --git a/core-cgroup-support-default-slice-for-all-uni.patch b/core-cgroup-support-default-slice-for-all-uni.patch new file mode 100644 index 0000000..ecfbf54 --- /dev/null +++ b/core-cgroup-support-default-slice-for-all-uni.patch @@ -0,0 +1,217 @@ +From a25f206a49d8a3111ac42791b2eca8a3c9af4991 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:55 +0800 +Subject: [PATCH] core-cgroup: support default slice for all units. + +With this patch, users can specify a default slice for all units by +adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf. +--- + src/core/main.c | 22 +++++++++++ + src/core/manager.h | 3 ++ + src/core/unit.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- + 3 files changed, 115 insertions(+), 8 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index c4379cf..e9f56fa 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -147,6 +147,7 @@ static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static CPUSet arg_cpu_affinity; + static NUMAPolicy arg_numa_policy; ++static char *arg_default_unit_slice = NULL; + static usec_t arg_clock_usec; + static void *arg_random_seed; + static size_t arg_random_seed_size; +@@ -688,6 +689,7 @@ static int parse_config_file(void) { + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_defaults.oom_policy }, + { "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL }, ++ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, + { "Manager", "ReloadLimitIntervalSec", config_parse_sec, 0, &arg_reload_limit_interval_sec }, + { "Manager", "ReloadLimitBurst", config_parse_unsigned, 0, &arg_reload_limit_burst }, + #if ENABLE_SMACK +@@ -756,6 +758,26 @@ static void set_manager_defaults(Manager *m) { + r = manager_transient_environment_add(m, arg_default_environment); + if (r < 0) + log_warning_errno(r, "Failed to add to transient environment, ignoring: %m"); ++ if (m->default_unit_slice) ++ { ++ free(m->default_unit_slice); ++ m->default_unit_slice = NULL; ++ } ++ ++ if (arg_default_unit_slice) ++ { ++ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strdup(arg_default_unit_slice); ++ if (!default_unit_slice_tmp) ++ log_oom(); ++ ++ m->default_unit_slice = default_unit_slice_tmp; ++ ++ /* free */ ++ free(arg_default_unit_slice); ++ arg_default_unit_slice = NULL; ++ } + } + + static void set_manager_settings(Manager *m) { +diff --git a/src/core/manager.h b/src/core/manager.h +index 6dd1a18..3c954af 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -23,6 +23,7 @@ typedef struct Unit Unit; + + /* Enforce upper limit how many names we allow */ + #define MANAGER_MAX_NAMES 131072 /* 128K */ ++#define DEFAULT_UNIT_NAME_LEN_MAX 32 + + /* On sigrtmin+18, private commands */ + enum { +@@ -481,6 +482,8 @@ struct Manager { + unsigned sigchldgen; + unsigned notifygen; + ++ char *default_unit_slice; ++ + VarlinkServer *varlink_server; + /* When we're a system manager, this object manages the subscription from systemd-oomd to PID1 that's + * used to report changes in ManagedOOM settings (systemd server - oomd client). When +diff --git a/src/core/unit.c b/src/core/unit.c +index c069018..24d7060 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3545,6 +3545,58 @@ int unit_set_slice(Unit *u, Unit *slice) { + return 1; + } + ++/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */ ++static bool slicename_is_valid(const char *slicename) { ++ const char *str_start = "system-"; ++ const char *str_end = ".slice"; ++ const char *str_tmp = NULL; ++ size_t len_in = 0; ++ size_t len_start = 0; ++ size_t len_end = 0; ++ size_t i = 0; ++ ++ if (isempty(slicename)) ++ return false; ++ ++ len_in = strlen(slicename); ++ len_start = strlen(str_start); ++ len_end = strlen(str_end); ++ ++ if (len_in > DEFAULT_UNIT_NAME_LEN_MAX) ++ return false; ++ ++ if (len_in <= len_start + len_end) ++ return false; ++ ++ /* system- */ ++ if (strncmp(slicename, str_start, len_start) != 0) ++ return false; ++ ++ str_tmp = slicename + len_start; ++ ++ len_in = strlen(str_tmp); ++ if (len_in <= len_end) ++ return false; ++ ++ /* .slice */ ++ if (!strneq(str_tmp + len_in - len_end, str_end, len_end)) ++ return false; ++ ++ /* a b c/A B C...and 0 1 2... */ ++ for (i = 0; i < (len_in - len_end); i++) { ++ char c = *(str_tmp + i); ++ ++ if ((c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9')) ++ continue; ++ else ++ return false; ++ } ++ ++ return true; ++} ++ + int unit_set_default_slice(Unit *u) { + const char *slice_name; + Unit *slice; +@@ -3558,6 +3610,20 @@ int unit_set_default_slice(Unit *u) { + if (UNIT_GET_SLICE(u)) + return 0; + ++ bool isdefaultslice = false; ++ char *default_unit_slice = u->manager->default_unit_slice; ++ ++ if (default_unit_slice) { ++ isdefaultslice = true; ++ ++ if (streq(default_unit_slice, SPECIAL_SYSTEM_SLICE)) ++ isdefaultslice = false; ++ else if (!slicename_is_valid(default_unit_slice)) { ++ log_error("default unit slice is error. slice name '%s' is invalid.", default_unit_slice); ++ isdefaultslice = false; ++ } ++ } ++ + if (u->instance) { + _cleanup_free_ char *prefix = NULL, *escaped = NULL; + +@@ -3575,24 +3641,40 @@ int unit_set_default_slice(Unit *u) { + if (!escaped) + return -ENOMEM; + +- if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = strjoina("system-", escaped, ".slice"); +- else ++ if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) { ++ _cleanup_free_ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strreplace(default_unit_slice, ".slice", "-"); ++ if (!default_unit_slice_tmp) ++ return -ENOMEM; ++ ++ slice_name = strjoina(default_unit_slice_tmp, escaped, ".slice"); ++ } else ++ slice_name = strjoina("system-", escaped, ".slice"); ++ } else + slice_name = strjoina("app-", escaped, ".slice"); + +- } else if (unit_is_extrinsic(u)) ++ } else if (unit_is_extrinsic(u)) { + /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in + * the root slice. They don't really belong in one of the subslices. */ + slice_name = SPECIAL_ROOT_SLICE; +- +- else if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = SPECIAL_SYSTEM_SLICE; +- else ++ isdefaultslice = false; ++ } else if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) ++ slice_name = default_unit_slice; ++ else ++ slice_name = SPECIAL_SYSTEM_SLICE; ++ } else { + slice_name = SPECIAL_APP_SLICE; ++ isdefaultslice = false; ++ } + + r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice); + if (r < 0) + return r; ++ if (isdefaultslice) ++ slice->default_dependencies=false; + + return unit_set_slice(u, slice); + } +-- +2.33.0 + diff --git a/core-cgroup-support-freezer.patch b/core-cgroup-support-freezer.patch new file mode 100644 index 0000000..093b89f --- /dev/null +++ b/core-cgroup-support-freezer.patch @@ -0,0 +1,534 @@ +From 05a0f33b0d0a650b25ce7955a171d725f9c3f5f6 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support freezer. + +This patch add support for freezer subsystem. +--- + meson.build | 2 + + meson_options.txt | 3 ++ + src/basic/cgroup-util.c | 1 + + src/basic/cgroup-util.h | 5 +++ + src/core/cgroup.c | 16 +++++++ + src/core/cgroup.h | 4 ++ + src/core/dbus-cgroup.c | 29 +++++++++++++ + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 2 + + src/core/load-fragment.c | 33 ++++++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 11 +++++ + src/test/meson.build | 3 ++ + src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++ + src/test/test-cgroup-mask.c | 3 +- + .../fuzz-unit-file/directives-all.service | 2 + + 21 files changed, 164 insertions(+), 1 deletion(-) + create mode 100644 src/test/test-cgroup-freezer.c + +diff --git a/meson.build b/meson.build +index 614013b..8712bdb 100644 +--- a/meson.build ++++ b/meson.build +@@ -1582,6 +1582,7 @@ foreach term : ['analyze', + 'efi', + 'environment-d', + 'firstboot', ++ 'freezer-cgv1', + 'gshadow', + 'hibernate', + 'hostnamed', +@@ -2855,6 +2856,7 @@ foreach tuple : [ + ['standalone-binaries', get_option('standalone-binaries')], + ['coverage', get_option('b_coverage')], + ['cpuset-cgv1'], ++ ['freezer-cgv1'], + ] + + if tuple.length() >= 2 +diff --git a/meson_options.txt b/meson_options.txt +index 5fda5d9..b61d99d 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -517,3 +517,6 @@ option('bpf-framework', type : 'feature', deprecated : { 'true' : 'enabled', 'fa + + option('cpuset-cgv1', type : 'boolean', value : 'true', + description : 'enable cgroup v1 cpuset support') ++ ++option('freezer-cgv1', type : 'boolean', value : 'true', ++ description : 'enable cgroup v1 freezer support') +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index abd1f91..3e60488 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2359,6 +2359,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { + [CGROUP_CONTROLLER_MEMORY] = "memory", + [CGROUP_CONTROLLER_DEVICES] = "devices", + [CGROUP_CONTROLLER_PIDS] = "pids", ++ [CGROUP_CONTROLLER_FREEZER] = "freezer", + [CGROUP_CONTROLLER_BPF_FIREWALL] = "bpf-firewall", + [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", + [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index dd3df28..4389cce 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -29,6 +29,7 @@ typedef enum CGroupController { + CGROUP_CONTROLLER_MEMORY, + CGROUP_CONTROLLER_DEVICES, /* v1 only */ + CGROUP_CONTROLLER_PIDS, ++ CGROUP_CONTROLLER_FREEZER, /* v1 only */ + + /* BPF-based pseudo-controllers, v2 only */ + CGROUP_CONTROLLER_BPF_FIREWALL, +@@ -57,6 +58,7 @@ typedef enum CGroupMask { + CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY), + CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), + CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), ++ CGROUP_MASK_FREEZER = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_FREEZER), + CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), + CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), + CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), +@@ -67,6 +69,9 @@ typedef enum CGroupMask { + CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS + #if ENABLE_CPUSET_CGV1 + | CGROUP_MASK_CPUSET ++#endif ++#if ENABLE_FREEZER_CGV1 ++ | CGROUP_MASK_FREEZER + #endif + , + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index cd1e97d..3e47f76 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -179,6 +179,7 @@ void cgroup_context_init(CGroupContext *c) { + .startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID, + + .tasks_max = CGROUP_TASKS_MAX_UNSET, ++ .freezer_state_v1 = NULL, + + .moom_swap = MANAGED_OOM_AUTO, + .moom_mem_pressure = MANAGED_OOM_AUTO, +@@ -304,6 +305,9 @@ void cgroup_context_done(CGroupContext *c) { + cpu_set_reset(&c->cpuset_mems); + cpu_set_reset(&c->startup_cpuset_mems); + ++ if (c->freezer_state_v1) ++ c->freezer_state_v1 = mfree(c->freezer_state_v1); ++ + c->delegate_subgroup = mfree(c->delegate_subgroup); + + nft_set_context_clear(&c->nft_set_context); +@@ -542,6 +546,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sBlockIOAccounting: %s\n" + "%sMemoryAccounting: %s\n" + "%sCPUSetAccounting: %s\n" ++ "%sFreezerAccounting=%s\n" + "%sTasksAccounting: %s\n" + "%sIPAccounting: %s\n" + "%sCPUWeight: %" PRIu64 "\n" +@@ -577,6 +582,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sCPUSetCloneChildren=%s\n" + "%sCPUSetMemMigrate=%s\n" + "%sTasksMax: %" PRIu64 "\n" ++ "%sFreezerState=%s\n" + "%sDevicePolicy: %s\n" + "%sDisableControllers: %s\n" + "%sDelegate: %s\n" +@@ -591,6 +597,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), + prefix, yes_no(c->cpuset_accounting), ++ prefix, yes_no(c->freezer_accounting), + prefix, yes_no(c->tasks_accounting), + prefix, yes_no(c->ip_accounting), + prefix, c->cpu_weight, +@@ -626,6 +633,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->cpuset_clone_children), + prefix, yes_no(c->cpuset_memory_migrate), + prefix, cgroup_tasks_max_resolve(&c->tasks_max), ++ prefix, c->freezer_state_v1, + prefix, cgroup_device_policy_to_string(c->device_policy), + prefix, strempty(disable_controllers_str), + prefix, delegate_str, +@@ -1957,6 +1965,11 @@ static void cgroup_context_apply( + } + } + ++ if ((apply_mask & CGROUP_MASK_FREEZER) && !is_local_root && cg_all_unified() == 0) { ++ if (c->freezer_state_v1) ++ (void) set_attribute_and_warn(u, "freezer", "freezer.state", c->freezer_state_v1); ++ } ++ + /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of + * containers, where we leave this to the manager */ + if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && +@@ -2115,6 +2128,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + unit_has_unified_memory_config(u)) + mask |= CGROUP_MASK_MEMORY; + ++ if (c->freezer_accounting || c->freezer_state_v1) ++ mask |= CGROUP_MASK_FREEZER; ++ + if (c->device_allow || + c->device_policy != CGROUP_DEVICE_POLICY_AUTO) + mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 04a7f25..7fb792a 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -135,6 +135,7 @@ struct CGroupContext { + bool blockio_accounting; + bool memory_accounting; + bool cpuset_accounting; ++ bool freezer_accounting; + bool tasks_accounting; + bool ip_accounting; + +@@ -228,6 +229,9 @@ struct CGroupContext { + /* Common */ + CGroupTasksMax tasks_max; + ++ /* Freezer */ ++ char *freezer_state_v1; ++ + /* Settings for systemd-oomd */ + ManagedOOMMode moom_swap; + ManagedOOMMode moom_mem_pressure; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 05fd445..052049c 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -493,6 +493,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems_v1), 0), + SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), + SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), ++ SD_BUS_PROPERTY("FreezerAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, freezer_accounting), 0), ++ SD_BUS_PROPERTY("FreezerState", "s", NULL, offsetof(CGroupContext, freezer_state_v1), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), + SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), +@@ -1287,6 +1289,9 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetAccounting")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); + ++ if (streq(name, "FreezerAccounting")) ++ return bus_cgroup_set_boolean(u, name, &c->freezer_accounting, CGROUP_MASK_FREEZER, message, flags, error); ++ + if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { + const char *cpuset_str = NULL; + +@@ -1321,6 +1326,30 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetMemMigrate")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); + ++ if (streq(name, "FreezerState")) { ++ const char *state = NULL; ++ ++ r = sd_bus_message_read(message, "s", &state); ++ if (r < 0) ++ return r; ++ ++ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { ++ unit_invalidate_cgroup(u, CGROUP_MASK_FREEZER); ++ ++ if (c->freezer_state_v1) { ++ free(c->freezer_state_v1); ++ c->freezer_state_v1 = NULL; ++ } ++ ++ c->freezer_state_v1 = strdup(state); ++ if (!c->freezer_state_v1) ++ return -ENOMEM; ++ ++ unit_write_settingf(u, flags, name, "FreezerState=%s", state); ++ } ++ return 1; ++ } ++ + if (streq(name, "TasksAccounting")) + return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index fc49e7d..0f9d4e8 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -3006,6 +3006,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("DefaultFreezerAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.freezer_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 1e46af4..1e5b7ab 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -226,6 +226,8 @@ + {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems_v1) + {{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) + {{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) ++{{type}}.FreezerAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.freezer_accounting) ++{{type}}.FreezerState, config_parse_freezer_state, 0, offsetof({{type}}, cgroup_context.freezer_state_v1) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) + {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index cbc75e1..8648fb1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3973,6 +3973,39 @@ int config_parse_cpuset_cpumems( + return 0; + } + ++int config_parse_freezer_state( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ ++ char **freezer_state = data; ++ char *pinstr = NULL; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ ++ if (!STR_IN_SET(rvalue, "FROZEN", "THAWED")) { ++ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Freezer state '%s' is invalid, Ignoring.", rvalue); ++ return 0; ++ } ++ ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ return log_oom(); ++ ++ free(*freezer_state); ++ *freezer_state = pinstr; ++ return 0; ++} ++ + int config_parse_tasks_max( + const char *unit, + const char *filename, +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index 0b77c8b..f9ffbf4 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -85,6 +85,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); + CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); + CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); ++CONFIG_PARSER_PROTOTYPE(config_parse_freezer_state); + CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup); +diff --git a/src/core/main.c b/src/core/main.c +index de3f536..96b0a11 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -679,6 +679,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting }, + { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting }, ++ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, +diff --git a/src/core/manager.c b/src/core/manager.c +index ef22fed..b29d4e1 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4193,6 +4193,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.cpu_accounting = defaults->cpu_accounting; + m->defaults.memory_accounting = defaults->memory_accounting; + m->defaults.cpuset_accounting = defaults->cpuset_accounting; ++ m->defaults.freezer_accounting = defaults->freezer_accounting; + m->defaults.io_accounting = defaults->io_accounting; + m->defaults.blockio_accounting = defaults->blockio_accounting; + m->defaults.tasks_accounting = defaults->tasks_accounting; +@@ -4963,6 +4964,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .cpu_accounting = cpu_accounting_is_cheap(), + .memory_accounting = MEMORY_ACCOUNTING_DEFAULT, + .cpuset_accounting = false, ++ .freezer_accounting = false, + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, +diff --git a/src/core/manager.h b/src/core/manager.h +index e560811..93e9d2a 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -166,6 +166,7 @@ typedef struct UnitDefaults { + bool io_accounting; + bool blockio_accounting; + bool cpuset_accounting; ++ bool freezer_accounting; + bool tasks_accounting; + bool ip_accounting; + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 69ea5d6..dbdc47c 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -58,6 +58,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultCpusetAccounting= ++#DefaultFreezerAccounting=no + #DefaultTasksAccounting=yes + #DefaultTasksMax=80% + #DefaultLimitCPU= +diff --git a/src/core/unit.c b/src/core/unit.c +index 38017d0..c069018 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -189,6 +189,7 @@ static void unit_init(Unit *u) { + cc->blockio_accounting = u->manager->defaults.blockio_accounting; + cc->memory_accounting = u->manager->defaults.memory_accounting; + cc->cpuset_accounting = u->manager->defaults.cpuset_accounting; ++ cc->freezer_accounting = u->manager->defaults.freezer_accounting; + cc->tasks_accounting = u->manager->defaults.tasks_accounting; + cc->ip_accounting = u->manager->defaults.ip_accounting; + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index a8f493e..6390986 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -568,6 +568,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "IPAccounting", + "CoredumpReceive", + "CPUSetAccounting", ++ "FreezerAccounting", + "CPUSetCloneChildren", + "CPUSetMemMigrate")) + return bus_append_parse_boolean(m, field, eq); +@@ -685,6 +686,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + return 1; + } + ++ if (streq(field, "FreezerState")) { ++ if (STR_IN_SET(eq, "FROZEN", "THAWED")) ++ r = sd_bus_message_append(m, "(sv)", field, "s", eq); ++ else ++ r = -EINVAL; ++ if (r < 0) ++ return bus_log_create_error(r); ++ return 1; ++ } ++ + if (streq(field, "CPUQuota")) { + if (isempty(eq)) + r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); +diff --git a/src/test/meson.build b/src/test/meson.build +index a59461a..a7ca76e 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -484,6 +484,9 @@ executables += [ + 'sources' : files('test-cgroup-mask.c'), + 'dependencies' : common_test_dependencies, + }, ++ core_test_template + { ++ 'sources' : files('test-cgroup-freezer.c'), ++ }, + core_test_template + { + 'sources' : files('test-cgroup-unit-default.c'), + }, +diff --git a/src/test/test-cgroup-freezer.c b/src/test/test-cgroup-freezer.c +new file mode 100644 +index 0000000..a533d16 +--- /dev/null ++++ b/src/test/test-cgroup-freezer.c +@@ -0,0 +1,43 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ ++ ++#include "load-fragment.h" ++#include "string-util.h" ++ ++static void test_config_parse_freezer_state(void) { ++ /* int config_parse_freezer_state( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) */ ++ int r; ++ _cleanup_free_ char *pstate = NULL; ++ ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "FROZEN", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(streq(pstate, "FROZEN")); ++ ++ pstate = mfree(pstate); ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "THAWED", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(streq(pstate, "THAWED")); ++ ++ pstate = mfree(pstate); ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "test", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(!pstate); ++ ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(!pstate); ++} ++ ++int main(int argc, char *argv[]){ ++ test_config_parse_freezer_state(); ++ return 0; ++} +diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c +index 37ec6d6..e0574d9 100644 +--- a/src/test/test-cgroup-mask.c ++++ b/src/test/test-cgroup-mask.c +@@ -56,6 +56,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { + m->defaults.cpu_accounting = + m->defaults.memory_accounting = + m->defaults.cpuset_accounting = ++ m->defaults.freezer_accounting = + m->defaults.blockio_accounting = + m->defaults.io_accounting = + m->defaults.tasks_accounting = false; +@@ -141,7 +142,7 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { + + TEST(cg_mask_to_string) { + test_cg_mask_to_string_one(0, NULL); +- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); ++ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids freezer bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); + test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); + test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); + test_cg_mask_to_string_one(CGROUP_MASK_CPUSET, "cpuset"); +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 0e953f2..123c98e 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -115,6 +115,8 @@ FileDescriptorName= + FileDescriptorStoreMax= + ForceUnmount= + FreeBind= ++FreezerAccounting= ++FreezerState= + Group= + GuessMainPID= + IOAccounting= +-- +2.41.0 + diff --git a/core-cgroup-support-memorysw.patch b/core-cgroup-support-memorysw.patch new file mode 100644 index 0000000..991c359 --- /dev/null +++ b/core-cgroup-support-memorysw.patch @@ -0,0 +1,186 @@ +From cfb8a3cf09d9a958388ca1181bb92d9f77ab100e Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support memorysw + +Upstream systemd dosen't support setting memory.memsw.limit_in_bytes. +This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit. +--- + src/core/cgroup.c | 17 +++++++++++++++-- + src/core/cgroup.h | 1 + + src/core/dbus-cgroup.c | 4 ++++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/load-fragment.c | 2 ++ + src/shared/bus-print-properties.c | 2 +- + src/shared/bus-unit-util.c | 1 + + test/fuzz/fuzz-unit-file/directives-all.service | 1 + + 8 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 9e472ca..9de2283 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -171,6 +171,7 @@ void cgroup_context_init(CGroupContext *c) { + .startup_memory_zswap_max = CGROUP_LIMIT_MAX, + + .memory_limit = CGROUP_LIMIT_MAX, ++ .memory_memsw_limit = CGROUP_LIMIT_MAX, + + .io_weight = CGROUP_WEIGHT_INVALID, + .startup_io_weight = CGROUP_WEIGHT_INVALID, +@@ -577,6 +578,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sStartupMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" ++ "%sMemoryMemswLimit=%" PRIu64 "\n" + "%sCPUSetCpus=%s\n" + "%sCPUSetMems=%s\n" + "%sCPUSetCloneChildren=%s\n" +@@ -628,6 +630,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"), + prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"), + prefix, c->memory_limit, ++ prefix, c->memory_memsw_limit, + prefix, c->cpuset_cpus_v1, + prefix, c->cpuset_mems_v1, + prefix, yes_no(c->cpuset_clone_children), +@@ -1908,14 +1911,17 @@ static void cgroup_context_apply( + + } else { + char buf[DECIMAL_STR_MAX(uint64_t) + 1]; +- uint64_t val; ++ uint64_t val, sw_val; + + if (unit_has_unified_memory_config(u)) { + val = c->memory_max; ++ sw_val = CGROUP_LIMIT_MAX; + if (val != CGROUP_LIMIT_MAX) + log_cgroup_compat(u, "Applying MemoryMax=%" PRIu64 " as MemoryLimit=", val); +- } else ++ } else { + val = c->memory_limit; ++ sw_val = c->memory_memsw_limit; ++ } + + if (val == CGROUP_LIMIT_MAX) + strncpy(buf, "-1\n", sizeof(buf)); +@@ -1923,6 +1929,12 @@ static void cgroup_context_apply( + xsprintf(buf, "%" PRIu64 "\n", val); + + (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf); ++ ++ if (sw_val == CGROUP_LIMIT_MAX) ++ strncpy(buf, "-1\n", sizeof(buf)); ++ else ++ xsprintf(buf, "%" PRIu64 "\n", sw_val); ++ (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf); + } + } + +@@ -2120,6 +2132,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + + if (c->memory_accounting || + c->memory_limit != CGROUP_LIMIT_MAX || ++ c->memory_memsw_limit != CGROUP_LIMIT_MAX || + unit_has_unified_memory_config(u)) + mask |= CGROUP_MASK_MEMORY; + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 7fb792a..b585fdb 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -219,6 +219,7 @@ struct CGroupContext { + LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths); + + uint64_t memory_limit; ++ uint64_t memory_memsw_limit; + + CGroupDevicePolicy device_policy; + LIST_HEAD(CGroupDeviceAllow, device_allow); +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 052049c..e0a64e4 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -488,6 +488,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), ++ SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0), + SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), + SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus_v1), 0), + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems_v1), 0), +@@ -1243,6 +1244,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemoryLimit")) + return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); + ++ if (streq(name, "MemoryMemswLimit")) ++ return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error); ++ + if (streq(name, "MemoryMinScale")) { + r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); + if (r > 0) +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 1e5b7ab..160c891 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -221,6 +221,7 @@ + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) + {{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus_v1) + {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems_v1) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 8648fb1..aaf906f 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3891,6 +3891,8 @@ int config_parse_memory_limit( + c->startup_memory_swap_max_set = true; + } else if (streq(lvalue, "MemoryZSwapMax")) + c->memory_zswap_max = bytes; ++ else if (streq(lvalue, "MemoryMemswLimit")) ++ c->memory_memsw_limit = bytes; + else if (streq(lvalue, "StartupMemoryZSwapMax")) { + c->startup_memory_zswap_max = bytes; + c->startup_memory_zswap_max_set = true; +diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c +index 6704e1e..0cded0c 100644 +--- a/src/shared/bus-print-properties.c ++++ b/src/shared/bus-print-properties.c +@@ -164,7 +164,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + + bus_print_property_value(name, expected_value, flags, "[not set]"); + +- else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") && ++ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryMemswLimit") && + u == CGROUP_LIMIT_MAX) || + (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || + (startswith(name, "Limit") && u == UINT64_MAX) || +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 6390986..3f97ada 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -632,6 +632,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "MemorySwapMax", + "MemoryZSwapMax", + "MemoryLimit", ++ "MemoryMemswLimit", + "TasksMax")) { + + if (streq(eq, "infinity")) { +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 123c98e..397b5da 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -166,6 +166,7 @@ MemoryHigh= + MemoryLimit= + MemoryLow= + MemoryMax= ++MemoryMemswLimit= + MemoryPressureThresholdSec= + MemoryPressureWatch= + MemorySwapMax= +-- +2.33.0 + diff --git a/core-update-arg_default_rlimit-in-bump_rlimit.patch b/core-update-arg_default_rlimit-in-bump_rlimit.patch new file mode 100644 index 0000000..0b4e327 --- /dev/null +++ b/core-update-arg_default_rlimit-in-bump_rlimit.patch @@ -0,0 +1,24 @@ +From a80954ddf69d90d3b02ab62fb025534862069dc3 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Wed, 24 Jun 2020 17:23:03 +0800 +Subject: [PATCH] core-update-arg_default_rlimit-in-bump_rlimit + +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index a58f65a..4762669 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -61,7 +61,7 @@ + #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} + #DefaultLimitAS= + #DefaultLimitNPROC= +-#DefaultLimitMEMLOCK=8M ++DefaultLimitMEMLOCK=64M + #DefaultLimitLOCKS= + #DefaultLimitSIGPENDING= + #DefaultLimitMSGQUEUE= +-- +2.23.0 diff --git a/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch new file mode 100644 index 0000000..d0883d7 --- /dev/null +++ b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch @@ -0,0 +1,47 @@ +From 9315c29e4fdfa19c90bb483a364b017881f5cef7 Mon Sep 17 00:00:00 2001 +From: huangkaibin <huangkaibin@huawei.com> +Date: Sat, 21 Apr 2018 17:18:19 +0800 +Subject: [PATCH] systemd-core: Delay to restart when a service can not be + auto-restarted when there is one STOP_JOB for the service + +When a service current has a STOP job has not scheduled yet, +and also if the service is already scheduled with an auto-restart +with restart-second configured as 0, the service will not be restarted successfully, +and systemd will go into an endless loop to restart the service. +This is because restart-second is 0 and timer task has higher priority than IO tasks when there priority +is same(both with 0), so the STOP job has no chance to be scheduled, and systemd will go into the endless loop +to handle the time task. +This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. +--- + src/core/service.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index b9eb40c..47e9d63 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2507,13 +2507,20 @@ fail: + static void service_enter_restart(Service *s) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + int r; ++ int restart_usec; + + assert(s); + + if (unit_has_job_type(UNIT(s), JOB_STOP)) { + /* Don't restart things if we are going down anyway */ + log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); +- return; ++ restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; ++ r = service_arm_timer(s, /* relative= */ false, usec_add(now(CLOCK_MONOTONIC), restart_usec)); ++ if (r < 0) { ++ log_unit_warning(UNIT(s), "Failed to schedule restart job: %s", bus_error_message(&error, r)); ++ service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false); ++ return; ++ } + } + + /* Any units that are bound to this service must also be restarted. We use JOB_START for ourselves +-- +2.33.0 + diff --git a/delete-journal-files-except-system.journal-when-jour.patch b/delete-journal-files-except-system.journal-when-jour.patch new file mode 100644 index 0000000..8379be4 --- /dev/null +++ b/delete-journal-files-except-system.journal-when-jour.patch @@ -0,0 +1,184 @@ +From 02d47bd2108d46cf9790500a7568a7523df485f9 Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Fri, 26 Aug 2022 20:32:37 +0800 +Subject: [PATCH] delete journal files except system.journal when journal~ + is generated + +In the case of time change and system panic, the function of invoking +sd_journal_next to obtain logs may not meet expectations(rsyslog cannot obtain +logs). Therefore, when the journal~ file is generated, delete all journal files +except system.journal, to ensure that the sd_journal_next function meets user +expectations. +--- + meson.build | 2 ++ + src/basic/dirent-util.c | 24 +++++++++++++++++ + src/basic/dirent-util.h | 2 ++ + src/libsystemd/sd-journal/journal-file.c | 34 ++++++++++++++++++++++++ + src/libsystemd/sd-journal/sd-journal.c | 22 --------------- + 5 files changed, 62 insertions(+), 22 deletions(-) + +diff --git a/meson.build b/meson.build +index 7419e2b..4d6ce88 100644 +--- a/meson.build ++++ b/meson.build +@@ -1893,6 +1893,8 @@ basic_includes = include_directories( + 'src/basic', + 'src/fundamental', + 'src/systemd', ++ 'src/libsystemd/sd-id128', ++ 'src/libsystemd/sd-journal', + '.') + + libsystemd_includes = [basic_includes, include_directories( +diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c +index 17df6a2..e362554 100644 +--- a/src/basic/dirent-util.c ++++ b/src/basic/dirent-util.c +@@ -7,6 +7,8 @@ + #include "path-util.h" + #include "stat-util.h" + #include "string-util.h" ++#include "id128-util.h" ++#include "syslog-util.h" + + int dirent_ensure_type(int dir_fd, struct dirent *de) { + STRUCT_STATX_DEFINE(sx); +@@ -65,6 +67,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { + return endswith(de->d_name, suffix); + } + ++bool dirent_is_journal_subdir(const struct dirent *de) { ++ const char *e, *n; ++ assert(de); ++ ++ /* returns true if the specified directory entry looks like a directory that might contain journal ++ * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a ++ * namespace. */ ++ ++ if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) ++ return false; ++ ++ e = strchr(de->d_name, '.'); ++ if (!e) ++ return id128_is_valid(de->d_name); /* No namespace */ ++ ++ n = strndupa(de->d_name, e - de->d_name); ++ if (!id128_is_valid(n)) ++ return false; ++ ++ return log_namespace_name_valid(e + 1); ++} ++ + struct dirent *readdir_ensure_type(DIR *d) { + int r; + +diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h +index 0a2fcbf..de6edb2 100644 +--- a/src/basic/dirent-util.h ++++ b/src/basic/dirent-util.h +@@ -12,6 +12,8 @@ bool dirent_is_file(const struct dirent *de) _pure_; + bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) _pure_; + int dirent_ensure_type(int dir_fd, struct dirent *de); + ++bool dirent_is_journal_subdir(const struct dirent *de); ++ + struct dirent *readdir_ensure_type(DIR *d); + struct dirent *readdir_no_dot(DIR *dirp); + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 93a3717..40347e9 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -40,6 +40,7 @@ + #include "sync-util.h" + #include "user-util.h" + #include "xattr-util.h" ++#include "dirent-util.h" + + #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) + #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) +@@ -4385,8 +4386,35 @@ int journal_file_archive(JournalFile *f, char **ret_previous_path) { + return 0; + } + ++static void delete_dumped_journal_files(const char *path) { ++ _cleanup_closedir_ DIR *d = NULL; ++ ++ d = opendir(path); ++ if (!d) ++ return; ++ ++ FOREACH_DIRENT_ALL(de, d, return) { ++ if (IN_SET(de->d_type, DT_REG, DT_LNK, DT_UNKNOWN) && ++ (endswith(de->d_name, ".journal") || ++ endswith(de->d_name, ".journal~")) && ++ strcmp(de->d_name, "system.journal") != 0) ++ (void) unlinkat_deallocate(dirfd(d), de->d_name, 0); ++ ++ if (dirent_is_journal_subdir(de)) { ++ _cleanup_free_ char *sub_path = NULL; ++ ++ sub_path = path_join(path, de->d_name); ++ if (!sub_path) ++ continue; ++ ++ delete_dumped_journal_files(sub_path); ++ } ++ } ++} ++ + int journal_file_dispose(int dir_fd, const char *fname) { + _cleanup_free_ char *p = NULL; ++ dual_timestamp boot_timestamp; + + assert(fname); + +@@ -4407,6 +4435,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { + if (renameat(dir_fd, fname, dir_fd, p) < 0) + return -errno; + ++ dual_timestamp_now(&boot_timestamp); ++ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { ++ delete_dumped_journal_files("/var/log/journal"); ++ return 0; ++ } ++ + return 0; + } + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 494313d..33334ef 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -1647,28 +1647,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { + endswith(de->d_name, ".journal~"); + } + +-static bool dirent_is_journal_subdir(const struct dirent *de) { +- const char *e, *n; +- assert(de); +- +- /* returns true if the specified directory entry looks like a directory that might contain journal +- * files we might be interested in, i.e. is either a 128-bit ID or a 128-bit ID suffixed by a +- * namespace. */ +- +- if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) +- return false; +- +- e = strchr(de->d_name, '.'); +- if (!e) +- return id128_is_valid(de->d_name); /* No namespace */ +- +- n = strndupa_safe(de->d_name, e - de->d_name); +- if (!id128_is_valid(n)) +- return false; +- +- return log_namespace_name_valid(e + 1); +-} +- + static int directory_open(sd_journal *j, const char *path, DIR **ret) { + DIR *d; + +-- +2.33.0 + diff --git a/detect_virt b/detect_virt new file mode 100644 index 0000000..a436b62 --- /dev/null +++ b/detect_virt @@ -0,0 +1,4 @@ +#!/bin/bash + +VIRT_PLATFORM="$(/usr/bin/systemd-detect-virt)" +echo "$VIRT_PLATFORM" diff --git a/disable-initialize_clock.patch b/disable-initialize_clock.patch new file mode 100644 index 0000000..6b1afce --- /dev/null +++ b/disable-initialize_clock.patch @@ -0,0 +1,65 @@ +From fbd28b3b40701f1fda29707dfa09d1e481c4162c Mon Sep 17 00:00:00 2001 +From: hexiaowen<hexiaowen@huawei.com> +Date: Tue, 9 Jul 2019 19:13:43 +0800 +Subject: [PATCH] delete clock_apply_epoch + +resolved: apply epoch to system time from PID 1 + +For use in timesyncd we already defined a compile-time "epoch" value, which is based on the mtime of the NEWS file, and +specifies a point in time we know lies in the past at runtime. timesyncd uses this to filter out nonsensical timestamp +file data, and bump the system clock to a time that is after the build time of systemd. This patch adds similar bumping +code to earliest PID 1 initialization, so that the system never continues operation with a clock that is in the 1970ies +or even 1930s. we think it is ok when current system time is before build time. + +And, don't restore time when systemd-timesyncd started. + +--- + src/core/main.c | 12 ------------ + src/timesync/timesyncd.c | 8 -------- + 2 files changed, 20 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 4051a91..c6d16b2 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1627,18 +1627,6 @@ static void initialize_clock(void) { + */ + (void) clock_reset_timewarp(); + +- ClockChangeDirection change_dir; +- r = clock_apply_epoch(&change_dir); +- if (r > 0 && change_dir == CLOCK_CHANGE_FORWARD) +- log_info("System time before build time, advancing clock."); +- else if (r > 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_info("System time is further ahead than %s after build time, resetting clock to build time.", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); +- else if (r < 0 && change_dir == CLOCK_CHANGE_FORWARD) +- log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); +- else if (r < 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_error_errno(r, "Current system time is further ahead %s after build time, but cannot correct: %m", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); + } + + static void apply_clock_update(void) { +diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c +index e60742c..efe56fd 100644 +--- a/src/timesync/timesyncd.c ++++ b/src/timesync/timesyncd.c +@@ -121,14 +121,6 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { + if (ct > min) + return 0; + +- /* Not that it matters much, but we actually restore the clock to n+1 here rather than n, simply +- * because we read n as time previously already and we want to progress here, i.e. not report the +- * same time again. */ +- if (clock_settime(CLOCK_REALTIME, TIMESPEC_STORE(min+1)) < 0) { +- log_warning_errno(errno, "Failed to restore system clock, ignoring: %m"); +- return 0; +- } +- + log_struct(LOG_INFO, + "MESSAGE_ID=" SD_MESSAGE_TIME_BUMP_STR, + "REALTIME_USEC=" USEC_FMT, min+1, +-- +2.33.0 + diff --git a/fix-capsh-drop-but-ping-success.patch b/fix-capsh-drop-but-ping-success.patch new file mode 100644 index 0000000..eb82ea4 --- /dev/null +++ b/fix-capsh-drop-but-ping-success.patch @@ -0,0 +1,29 @@ +From c20f91b6d99ac98a7d883e77f609e52482fe7c3b Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam <buildteam@openeuler.org> +Date: Fri, 17 Jan 2020 23:00:49 +0800 +Subject: [PATCH] change +fix capsh --drop=cap_net_raw -- -c "/bin/ping -c 1 localhost" +but ping success, the reson is github issue. + +https://github.com/systemd/systemd/pull/13141/commits/0a8ce60ee87de9a817284b31c6ccba062664057f + +--- + sysctl.d/50-default.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 41bd1f9..4d9bef8 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -36,7 +36,7 @@ net.ipv4.conf.all.promote_secondaries = 1 + # #define GID_T_MAX (((gid_t)~0U) >> 1) + # That's not so bad because values between 2^31 and 2^32-1 are reserved on + # systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary +--net.ipv4.ping_group_range = 0 2147483647 ++net.ipv4.ping_group_range = 1 0 + + # Fair Queue CoDel packet scheduler to fight bufferbloat + -net.core.default_qdisc = fq_codel +-- +1.8.3.1 + diff --git a/fix-journal-file-descriptors-leak-problems.patch b/fix-journal-file-descriptors-leak-problems.patch new file mode 100644 index 0000000..486699e --- /dev/null +++ b/fix-journal-file-descriptors-leak-problems.patch @@ -0,0 +1,53 @@ +From 4f8cec1924bf00532f5350d9a4d7af8e853241fe Mon Sep 17 00:00:00 2001 +From: huangkaibin <huangkaibin@huawei.com> +Date: Thu, 28 Jun 2018 20:23:45 +0800 +Subject: [PATCH] systemd-journald: Fix journal file descriptors leak problems. + +Journal files opened and then be removed by external programs(for example, the journal rotation +of systemd-journald will removed jounal files) before journal directory notify watching is added +will not be closed properly. This patch fix this problem by removing and closing these deleted journal files +after notify watching is added. +--- + src/libsystemd/sd-journal/sd-journal.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 5728c53..1238652 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -1584,6 +1584,17 @@ fail: + log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path); + } + ++static void remove_nonexistent_journal_files(sd_journal *j) { ++ JournalFile *f = NULL; ++ ORDERED_HASHMAP_FOREACH(f, j->files) { ++ if(f->path && access(f->path, F_OK) < 0) { ++ log_debug("Remove not-existed file from the journal map: %s", f->path); ++ /*Its OK to remove entry from the hashmap although we are iterating on it.*/ ++ remove_file_real(j, f); ++ } ++ } ++} ++ + static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) { + int r; + +@@ -1612,6 +1623,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) + (void) inotify_rm_watch(j->inotify_fd, m->wd); + m->wd = -1; + } ++ ++ /* ++ * Before event watching, there were some files opened and if some of these opened files were ++ * deleted due to the journal rotation of systemd-jounald, they will become leaking files and will ++ * never be closed until the process exited. ++ * So here we remove these deleted files from the journal after event watching. ++ */ ++ remove_nonexistent_journal_files(j); + } + + static int add_directory( +-- +2.27.0 + diff --git a/fix-two-VF-virtual-machines-have-same-mac-address.patch b/fix-two-VF-virtual-machines-have-same-mac-address.patch new file mode 100644 index 0000000..f7b0335 --- /dev/null +++ b/fix-two-VF-virtual-machines-have-same-mac-address.patch @@ -0,0 +1,45 @@ +From: fangxiuning <fangxiuning@huawei.com> +Date: Thu, 5 Sep 2019 07:40:41 +0800 +Subject: fix two vf virtual machine has same mac address +through 82599,hns3 physical network cart vf two virtual machine, +two virtual machine have the same mac address. + +MACAddressPolicy= +The policy by which the MAC address should be set. The available +policies are: + +persistent +If the hardware has a persistent MAC address, as most hardware should, +and if it is used by the kernel, nothing is done. Otherwise, a new MAC +address is generated which is guaranteed to be the same on every boot +for the given machine and the given device, but which is otherwise random. +This feature depends on ID_NET_NAME_* properties to exist for the link. +On hardware where these properties are not set, the generation of a +persistent MAC address will fail. + + +random +If the kernel is using a random MAC address, nothing is done. Otherwise, +a new address is randomly generated each time the device appears, +typically at boot. Either way, the random address will have the "unicast" +and "locally administered" bits set. + +none +Keeps the MAC address assigned by the kernel. +--- + network/99-default.link | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/network/99-default.link b/network/99-default.link +index dc7a42bf58..2b8f46a84c 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -13,4 +13,4 @@ OriginalName=* + [Link] + NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path +-MACAddressPolicy=persistent ++MACAddressPolicy=none +-- +2.23.0 + diff --git a/fuser-print-umount-message-to-reboot-umount-msg.patch b/fuser-print-umount-message-to-reboot-umount-msg.patch new file mode 100644 index 0000000..662a4c6 --- /dev/null +++ b/fuser-print-umount-message-to-reboot-umount-msg.patch @@ -0,0 +1,228 @@ +From 224b51420b0e3b62cda4bb16f31c6d28e96c7123 Mon Sep 17 00:00:00 2001 +From: sunshihao <sunshihao@huawei.com> +Date: Mon, 25 Jan 2021 14:42:23 +0800 +Subject: [PATCH] fuser: print umount info to /.reboot-umount-msg.log + +The patch tries to save which processes holds the mountpoint +persistently to /.reboot-umount-msg.log, when the system is +suspended during system restart. + +This patch change the value of DefaultDFXReboot that is set in +/etc/systemd/system.conf file from no to yes.The systemd reboot +feature will open when the process start. + +Signed-off-by: sunshihao <sunshihao@huawei.com> +Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> +Signed-off-by: lixiaokeng <lixiaokeng@huawei.com> +--- + src/core/fuser.c | 57 +++++++++++++++++++++++++++++++++++++---- + src/core/fuser.h | 3 +++ + src/core/job.c | 38 +++++++++++++++++++++++++++ + src/core/system.conf.in | 2 +- + 4 files changed, 94 insertions(+), 6 deletions(-) + +diff --git a/src/core/fuser.c b/src/core/fuser.c +index e943469..94a0812 100644 +--- a/src/core/fuser.c ++++ b/src/core/fuser.c +@@ -383,6 +383,8 @@ static void print_matches(const struct name *name) { + static char P_cmd_long[MAX_COMM_LEN]; + char cmd_path[PATH_MAX]; + int r = 0; ++ FILE *fp = NULL; ++ int flag = 0; + + if (name == NULL) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, +@@ -390,11 +392,29 @@ static void print_matches(const struct name *name) { + return; + } + ++ /* Write the content in the back of previous one */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "a+"); ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } ++ + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\tUSER\t\tPID\tCOMMAND"); + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "%s:", name->filename); + ++ /* print the umount fail point to the /.reboot-umount-msg.log file */ ++ if (fp != NULL) { ++ if (strlen(name->filename) <= MOUNT_FILE_NAME_MAX_LEN) { ++ fprintf(fp, "%-20s\t", name->filename); ++ } else { ++ fprintf(fp, "%s\n\t\t\t", name->filename); ++ } ++ } ++ + for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { + if (pwent == NULL || pwent->pw_uid != pptr->uid) + pwent = getpwuid(pptr->uid); //get username +@@ -402,7 +422,7 @@ static void print_matches(const struct name *name) { + r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); + if (r <= 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); +- return; ++ goto out; + } + + read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); +@@ -415,22 +435,49 @@ static void print_matches(const struct name *name) { + if (pptr->command == NULL) + continue; + ++ if (flag > 0) { ++ if (fp != NULL) { ++ fprintf(fp, "\t\t\t"); ++ } ++ } else { ++ flag++; ++ } ++ + if (pwent != NULL) { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-d\t%-s\n", pwent->pw_name, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-s\t%-s\n", pwent->pw_name, "kernel", pptr->command); ++ } ++ } + } else { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-u\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-u\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); ++ } ++ } + } + } ++ ++out: ++ if (fp != NULL) { ++ fclose(fp); ++ } + } + + static void free_matched_procs(struct procs *matched_procs) { +diff --git a/src/core/fuser.h b/src/core/fuser.h +index b74b879..2729c9b 100644 +--- a/src/core/fuser.h ++++ b/src/core/fuser.h +@@ -14,6 +14,7 @@ + #include <string.h> + #include <limits.h> + #include <errno.h> ++#include <time.h> + + #include "manager.h" + +@@ -51,5 +52,7 @@ struct device { + #define MAX_COMM_LEN 1024 + #define PROC_MOUNTS "/proc/mounts" + #define PROC_SWAPS "/proc/swaps" ++#define REBOOT_UMOUNT_FILE_NAME "/.reboot-umount-msg.log" ++#define MOUNT_FILE_NAME_MAX_LEN 20 + + int fuser(const char *dir); +diff --git a/src/core/job.c b/src/core/job.c +index 34513bc..73c992a 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -31,6 +31,8 @@ + #include "mount.h" + #include "process-util.h" + ++bool g_first_print = true; ++ + Job* job_new_raw(Unit *unit) { + Job *j; + +@@ -734,6 +736,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + const char *ident, *format; + int r = 0; + pid_t pid; ++ FILE *fp = NULL; ++ time_t tmpt; ++ struct tm local_time; + + assert(u); + assert(t >= 0); +@@ -835,6 +840,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { + + Mount *m = MOUNT(u); ++ if (g_first_print) { ++ /* Overwrite previous content at the first time */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "w+"); ++ ++ /* Only get the local time once */ ++ tmpt = time(NULL); ++ if (!localtime_r(&tmpt, &local_time)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Get local time failed!"); ++ } ++ } ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (g_first_print && fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } else if (g_first_print) { ++ /* Only do this part one time */ ++ g_first_print = false; ++ ++ if (chmod(REBOOT_UMOUNT_FILE_NAME, S_IRUSR | S_IWUSR)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Set %s file attributes failed!", REBOOT_UMOUNT_FILE_NAME); ++ } ++ ++ fprintf(fp, "reboot time is %d/%d/%d-%d:%d:%d.\n", local_time.tm_year + 1900, ++ local_time.tm_mon + 1, local_time.tm_mday, local_time.tm_hour, ++ local_time.tm_min, local_time.tm_sec); ++ ++ fprintf(fp, "\n\t\t\tUSER\t\tPID\tCOMMAND\n"); ++ fclose(fp); ++ } ++ + + r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); + if (r < 0) { +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 3495b8e..74a25ce 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -80,7 +80,7 @@ DefaultLimitMEMLOCK=64M + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop +-#DefaultDFXReboot=no ++DefaultDFXReboot=yes + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= +-- +2.33.0 + @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/journal-don-t-enable-systemd-journald-audit.socket.patch b/journal-don-t-enable-systemd-journald-audit.socket.patch new file mode 100644 index 0000000..e51f64d --- /dev/null +++ b/journal-don-t-enable-systemd-journald-audit.socket.patch @@ -0,0 +1,24 @@ +From 7a650ee8d3faf79fd5ef866b69741880a3a42b8d Mon Sep 17 00:00:00 2001 +From: Jan Synacek <jsynacek@redhat.com> +Date: Thu, 2 May 2019 14:11:54 +0200 +Subject: [PATCH] journal: don't enable systemd-journald-audit.socket + +--- + presets/90-systemd.preset | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset +index 2b8db9d..25936d8 100644 +--- a/presets/90-systemd.preset ++++ b/presets/90-systemd.preset +@@ -24,7 +24,6 @@ enable systemd-homed.service + enable systemd-userdbd.socket + enable systemd-pstore.service + enable systemd-boot-update.service +-enable systemd-journald-audit.socket + + disable console-getty.service + disable debug-shell.service +-- +2.33.0 + diff --git a/keep-weight-consistent-with-the-set-value.patch b/keep-weight-consistent-with-the-set-value.patch new file mode 100644 index 0000000..24c3e99 --- /dev/null +++ b/keep-weight-consistent-with-the-set-value.patch @@ -0,0 +1,36 @@ +From 7424b6c0f38d4a32fd96e74d7078707c026c6c66 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Thu, 9 Jun 2022 20:10:50 +0800 +Subject: [PATCH] keep weight consistent with the set value + +--- + src/core/cgroup.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4cac3f6..f6ae2ab 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1392,7 +1392,8 @@ static void set_io_weight(Unit *u, uint64_t weight) { + + assert(u); + +- (void) set_bfq_weight(u, "io", makedev(0, 0), weight); ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + + xsprintf(buf, "default %" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "io", "io.weight", buf); +@@ -1403,7 +1404,8 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { + + assert(u); + +- (void) set_bfq_weight(u, "blkio", makedev(0, 0), weight); ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); + + xsprintf(buf, "%" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); +-- +2.33.0 + diff --git a/let-the-child-of-one-unit-don-t-affect-each-other.patch b/let-the-child-of-one-unit-don-t-affect-each-other.patch new file mode 100644 index 0000000..5c8c4ea --- /dev/null +++ b/let-the-child-of-one-unit-don-t-affect-each-other.patch @@ -0,0 +1,83 @@ +From 8c9de291f2b782f5d7d40447f08553b5e325a34d Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Fri, 19 Mar 2021 01:29:01 +0800 +Subject: [PATCH] let the child of one unit don't affect each other. +This should only be used for .slice unit in the [Unit] section. +To reproduce the problem resolved by this patch, try the following steps: +1. start service A in a slice; +2. change the cgroup property by "echo 512 > service_a/cpu.shares"; +3. systemctl daemon-reload; +4. start service B in a slice; +5. check the cgroup property by "cat service_a/cpu.shares"; +With this directive enabled, the value will stay as 512; if disabled, +if will be restored to the default value of systemd. Defaults to "no". + +--- + src/core/cgroup.c | 3 +++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/unit-serialize.c | 2 ++ + src/core/unit.h | 2 ++ + 4 files changed, 8 insertions(+) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4eedaf7..ab6d602 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2618,6 +2618,9 @@ void unit_add_family_to_cgroup_realize_queue(Unit *u) { + + UNIT_FOREACH_DEPENDENCY(m, u, UNIT_ATOM_SLICE_OF) { + ++ if (u->independent_child) ++ continue; ++ + /* No point in doing cgroup application for units without active processes. */ + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) + continue; +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 0702aa0..76b1217 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -286,6 +286,7 @@ Unit.JoinsNamespaceOf, config_parse_unit_deps, + Unit.RequiresOverridable, config_parse_obsolete_unit_deps, UNIT_REQUIRES, 0 + Unit.RequisiteOverridable, config_parse_obsolete_unit_deps, UNIT_REQUISITE, 0 + Unit.RequiresMountsFor, config_parse_unit_requires_mounts_for, 0, 0 ++Unit.IndependentChild, config_parse_bool, 0, offsetof(Unit, independent_child) + Unit.StopWhenUnneeded, config_parse_bool, 0, offsetof(Unit, stop_when_unneeded) + Unit.RefuseManualStart, config_parse_bool, 0, offsetof(Unit, refuse_manual_start) + Unit.RefuseManualStop, config_parse_bool, 0, offsetof(Unit, refuse_manual_stop) +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index f3b3e70..b818181 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -801,6 +801,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + if (u->load_state == UNIT_LOADED) { + + fprintf(f, ++ "%s\tIndependentChild:%s\n" + "%s\tStopWhenUnneeded: %s\n" + "%s\tRefuseManualStart: %s\n" + "%s\tRefuseManualStop: %s\n" +@@ -808,6 +809,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + "%s\tOnSuccessJobMode: %s\n" + "%s\tOnFailureJobMode: %s\n" + "%s\tIgnoreOnIsolate: %s\n", ++ prefix, yes_no(u->independent_child), + prefix, yes_no(u->stop_when_unneeded), + prefix, yes_no(u->refuse_manual_start), + prefix, yes_no(u->refuse_manual_stop), +diff --git a/src/core/unit.h b/src/core/unit.h +index cb85dfc..439714a 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -350,6 +350,8 @@ typedef struct Unit { + sd_id128_t invocation_id; + char invocation_id_string[SD_ID128_STRING_MAX]; /* useful when logging */ + ++ bool independent_child; ++ + /* Garbage collect us we nobody wants or requires us anymore */ + bool stop_when_unneeded; + +-- +2.27.0 + diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/logind-set-RemoveIPC-to-false-by-default.patch new file mode 100644 index 0000000..6474aac --- /dev/null +++ b/logind-set-RemoveIPC-to-false-by-default.patch @@ -0,0 +1,54 @@ +From 0b3833d6c3b751c6dfb40eeb2ef852984c58f546 Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam <buildteam@openeuler.org> +Date: Wed, 1 Aug 2018 10:58:28 +0200 +Subject: logind: set RemoveIPC to false by default + +Resolves: #1523233 +--- + man/logind.conf.xml | 2 +- + src/login/logind-core.c | 2 +- + src/login/logind.conf.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 72f657c..0b5c060 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -363,7 +363,7 @@ + user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the + last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as + well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users +- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para> ++ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para> + + <xi:include href="version-info.xml" xpointer="v212"/></listitem> + </varlistentry> +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index f15008e..08ee25c 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) { + + m->n_autovts = 6; + m->reserve_vt = 6; +- m->remove_ipc = true; ++ m->remove_ipc = false; + m->inhibit_delay_max = 5 * USEC_PER_SEC; + m->user_stop_delay = 10 * USEC_PER_SEC; + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index e5fe924..ead4fda 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -45,7 +45,7 @@ + #IdleActionSec=30min + #RuntimeDirectorySize=10% + #RuntimeDirectoryInodesMax= +-#RemoveIPC=yes ++#RemoveIPC=no + #InhibitorsMax=8192 + #SessionsMax=8192 + #StopIdleSessionSec=infinity +-- +2.33.0 + diff --git a/macros.sysusers b/macros.sysusers new file mode 100644 index 0000000..d8d8c1d --- /dev/null +++ b/macros.sysusers @@ -0,0 +1,10 @@ +# RPM macros for packages creating system accounts +# +# Turn a sysusers.d file into macros specified by +# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation + +%sysusers_requires_compat Requires(pre): shadow-utils + +%sysusers_create_compat() \ +%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \ +%{nil} diff --git a/net-set-sriov-names b/net-set-sriov-names new file mode 100644 index 0000000..573a6cc --- /dev/null +++ b/net-set-sriov-names @@ -0,0 +1,79 @@ +#!/bin/bash -e +# +# This script is run to rename virtual interfaces +# + +if [ -n "$UDEV_LOG" ]; then + if [ "$UDEV_LOG" -ge 7 ]; then + set -x + fi +fi + +# according to dev_new_index(), ifindex is within [1, INT_MAX] +int_max=$(/usr/bin/getconf INT_MAX) +ifindex_before() { + a=$1 + b=$2 + + ((0 < (b - a) && (b - a) < int_max / 2 || + -1 * int_max < (b - a) && (b - a) < -1 * int_max / 2)) +} + +rename_interface() { + local src_net=$1 + local dest_net=$2 + local err=0 + + /sbin/ip link set dev $src_net down + /sbin/ip link set dev $src_net name $dest_net +} + +if [ -z "$INTERFACE" ]; then + echo "missing \$INTERFACE" >&2 + exit 1 +fi + +if [ -e "/sys/class/net/$INTERFACE/device/physfn" ]; then + pf=$(ls -1 "/sys/class/net/$INTERFACE/device/physfn/net") + if [ $(echo "$pf" | wc -l) -ne 1 ]; then + echo "too many pf's" >&2 + exit 1 + fi + read vfindex < "/sys/class/net/$INTERFACE/ifindex" + read pfindex < "/sys/class/net/$pf/ifindex" + if ifindex_before $pfindex $vfindex; then + bus_info=$(basename $(readlink "/sys/class/net/$INTERFACE/device")) + for virtfn in "/sys/class/net/$pf/device/"virtfn*; do + if [ "$(basename $(readlink "$virtfn"))" = "$bus_info" ]; then + vfnum=$(basename "$virtfn") + vfnum=${vfnum#virtfn} + echo "INTERFACE_NEW=$pf.vf$vfnum" + exit 0 + fi + done + fi +fi + +read pfindex < "/sys/class/net/$INTERFACE/ifindex" +shopt -s nullglob +for virtfn in "/sys/class/net/$INTERFACE/device/"virtfn*; do + vf=$(ls -1 "$virtfn/net") + if [ $(echo "$vf" | wc -l) -ne 1 ]; then + echo "too many vf's" >&2 + exit 1 + fi + read vfindex < "/sys/class/net/$vf/ifindex" + if ifindex_before $vfindex $pfindex; then + vfnum=$(basename "$virtfn") + vfnum=${vfnum#virtfn} + if [ "$INTERFACE_NEW" ]; then + new_name=$INTERFACE_NEW + else + new_name=$INTERFACE + fi + new_name="$new_name.vf$vfnum" + if [ "$vf" != "$new_name" ]; then + rename_interface "$vf" "$new_name" + fi + fi +done diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch new file mode 100644 index 0000000..135f46b --- /dev/null +++ b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -0,0 +1,64 @@ +From ad2da19e1e80a9ab9d0dfae17a74f5009e4d1898 Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam <buildteam@openeuler.org> +Date: Tue, 10 Mar 2020 21:01:43 +0800 +Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value + +--- + man/systemd-system.conf.xml | 2 +- + src/core/manager.c | 2 +- + src/core/system.conf.in | 2 +- + units/user-.slice.d/10-defaults.conf | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index 3c06b65..72f366e 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -501,7 +501,7 @@ + <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See + <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname> ++ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname> + and root cgroup <varname>pids.max</varname>. + Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores. + For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915, +diff --git a/src/core/manager.c b/src/core/manager.c +index 45c8966..ce20d6b 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -114,7 +114,7 @@ + /* How many units and jobs to process of the bus queue before returning to the event loop. */ + #define MANAGER_BUS_MESSAGE_BUDGET 100U + +-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */ + + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); + static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 05eb681..472d1ca 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -58,7 +58,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax=80% + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= +diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf +index f688eac..20c39ec 100644 +--- a/units/user-.slice.d/10-defaults.conf ++++ b/units/user-.slice.d/10-defaults.conf +@@ -13,4 +13,4 @@ Documentation=man:user@.service(5) + StopWhenUnneeded=yes + + [Slice] +-TasksMax=33% ++TasksMax=80% +-- +2.33.0 + diff --git a/print-the-process-status-to-console-when-shutdown.patch b/print-the-process-status-to-console-when-shutdown.patch new file mode 100644 index 0000000..1669236 --- /dev/null +++ b/print-the-process-status-to-console-when-shutdown.patch @@ -0,0 +1,1280 @@ +From 5966f7a3b90ee25f23182e9320621a8477a40a51 Mon Sep 17 00:00:00 2001 +From: jiangchuangang <jiangchuangang@huawei.com> +Date: Thu, 2 Sep 2021 12:14:19 +0800 +Subject: [PATCH] print process status to console when shutdown + +--- + src/basic/getopt-defs.h | 6 +- + src/basic/process-util.c | 58 ++++ + src/basic/process-util.h | 2 + + src/core/fuser.c | 506 +++++++++++++++++++++++++++++++++ + src/core/fuser.h | 55 ++++ + src/core/job.c | 36 +++ + src/core/main.c | 10 +- + src/core/manager.c | 4 + + src/core/manager.h | 2 + + src/core/meson.build | 1 + + src/core/system.conf.in | 1 + + src/shutdown/meson.build | 13 + + src/shutdown/process-status.c | 143 ++++++++++ + src/shutdown/process-status.h | 24 ++ + src/shutdown/shutdown.c | 43 +++ + src/shutdown/umount.c | 5 + + src/test/meson.build | 25 ++ + src/test/test-fuser.c | 14 + + src/test/test-process-status.c | 10 + + 19 files changed, 953 insertions(+), 5 deletions(-) + create mode 100644 src/core/fuser.c + create mode 100644 src/core/fuser.h + create mode 100644 src/shutdown/process-status.c + create mode 100644 src/shutdown/process-status.h + create mode 100644 src/test/test-fuser.c + create mode 100644 src/test/test-process-status.c + +diff --git a/src/basic/getopt-defs.h b/src/basic/getopt-defs.h +index 3efeb6d..dfd17b5 100644 +--- a/src/basic/getopt-defs.h ++++ b/src/basic/getopt-defs.h +@@ -37,7 +37,8 @@ + + #define SHUTDOWN_GETOPT_ARGS \ + ARG_EXIT_CODE, \ +- ARG_TIMEOUT ++ ARG_TIMEOUT, \ ++ ARG_DFX_REBOOT + + #define COMMON_GETOPT_OPTIONS \ + { "log-level", required_argument, NULL, ARG_LOG_LEVEL }, \ +@@ -72,4 +73,5 @@ + + #define SHUTDOWN_GETOPT_OPTIONS \ + { "exit-code", required_argument, NULL, ARG_EXIT_CODE }, \ +- { "timeout", required_argument, NULL, ARG_TIMEOUT } ++ { "timeout", required_argument, NULL, ARG_TIMEOUT }, \ ++ { "dfx-reboot", required_argument, NULL, ARG_DFX_REBOOT } +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 201c559..4e93c9b 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -2060,3 +2060,61 @@ static const char* const sched_policy_table[] = { + }; + + DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); ++ ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep) { ++ char path[PATH_MAX]; ++ _cleanup_close_ int fd = 0; ++ int len = 0; ++ unsigned n = 0; ++ ++ if (sz <= 0) ++ return 0; ++ ++ if (sz >= INT_MAX) ++ sz = INT_MAX-1; ++ ++ dst[0] = '\0'; ++ ++ len = snprintf(path, sizeof(path), "%s/%s", whom, what); ++ if (len <= 0 || (size_t)len >= sizeof(path)) ++ return 0; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) ++ return 0; ++ ++ for (;;) { ++ ssize_t r = read(fd, dst+n, sz-n); ++ ++ if (r == -1) { ++ if (errno == EINTR) ++ continue; ++ break; ++ } ++ ++ if (r <= 0) ++ break; ++ n += r; ++ ++ if (n == sz) { ++ --n; ++ break; ++ } ++ } ++ ++ if (n) { ++ unsigned i = n; ++ ++ while (i && dst[i-1] == '\0') ++ --i; ++ ++ while (i--) ++ if (dst[i] == '\n' || dst[i] == '\0') dst[i] = sep; ++ ++ if (dst[n-1] == ' ') ++ dst[n-1] = '\0'; ++ } ++ ++ dst[n] = '\0'; ++ return n; ++} +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index af6cba1..060c0c2 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -218,6 +218,8 @@ int setpriority_closest(int priority); + + _noreturn_ void freeze(void); + ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep); ++ + int get_process_threads(pid_t pid); + + int is_reaper_process(void); +diff --git a/src/core/fuser.c b/src/core/fuser.c +new file mode 100644 +index 0000000..e943469 +--- /dev/null ++++ b/src/core/fuser.c +@@ -0,0 +1,506 @@ ++#include "fuser.h" ++#include "process-util.h" ++ ++static int parse_dir(struct name *this_name, struct inode *match_inode) { ++ if ((this_name == NULL) || (match_inode == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse dir."); ++ return -1; ++ } ++ ++ if (stat(this_name->filename, &this_name->st) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't stat dir %s.", this_name->filename); ++ return -1; ++ } ++ ++ match_inode->name = this_name; ++ match_inode->device = this_name->st.st_dev; ++ match_inode->inode = this_name->st.st_ino; ++ ++ return 0; ++} ++ ++static int parse_mounts(struct name *this_name, struct device *match_device) { ++ if ((this_name == NULL) && (match_device == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse mounts."); ++ return -1; ++ } ++ ++ match_device->name = this_name; ++ ++ if (S_ISBLK(this_name->st.st_mode)) ++ match_device->device = this_name->st.st_rdev; ++ else ++ match_device->device = this_name->st.st_dev; ++ ++ return 0; ++} ++ ++static uid_t getpiduid(const pid_t pid) { ++ char pathname[PATH_MAX]; ++ struct stat st; ++ int r = 0; ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in getpiduid."); ++ return 0; ++ } ++ ++ if (stat(pathname, &st) != 0) ++ return 0; ++ ++ return st.st_uid; ++} ++ ++static struct stat *get_pidstat(const pid_t pid) { ++ char pathname[PATH_MAX]; ++ struct stat *st = NULL; ++ int r = 0; ++ ++ st = (struct stat *)malloc(sizeof(struct stat)); ++ if (st == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Malloc failed in get_pidstat."); ++ return NULL; ++ } ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d/cwd", pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in get_pidstat."); ++ return NULL; ++ } ++ ++ if (stat(pathname, st) != 0) { ++ free(st); ++ return NULL; ++ } ++ ++ return st; ++} ++ ++static void add_matched_proc(struct name *name, const pid_t pid, const uid_t uid) { ++ struct procs *pptr = NULL; ++ struct procs *last_proc = NULL; ++ char pathname[PATH_MAX]; ++ char cmdname[CMD_NAME_LEN + 1]; ++ char *cptr = NULL; ++ int cmdlen = 0; ++ FILE *fp = NULL; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be NULL."); ++ return; ++ } ++ ++ //find out wheather the pid already in pptr->pid ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ last_proc = pptr; ++ ++ if (pptr->pid == pid) ++ return; ++ } ++ ++ pptr = (struct procs *)malloc(sizeof(struct procs)); ++ if (pptr == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't malloc in add_matched_proc."); ++ return; ++ } ++ ++ pptr->pid = pid; ++ pptr->uid = uid; ++ pptr->username = NULL; ++ pptr->next = NULL; ++ pptr->command = NULL; ++ ++ if ((snprintf(pathname, sizeof(pathname), "/proc/%d/stat", pid) > 0) && ++ ((fp = fopen(pathname, "r")) != NULL) && (fscanf(fp, "%*d (%100[^)]", cmdname) == 1)) { ++ pptr->command = (char *)malloc(COMM_LEN + 1); ++ ++ if (pptr->command != NULL) { ++ cmdlen = 0; ++ ++ for (cptr = cmdname; cmdlen < COMM_LEN && *cptr; cptr++) { ++ if (isprint(*cptr)) { ++ pptr->command[cmdlen++] = *cptr; ++ } else if (cmdlen < (COMM_LEN - 4)) { ++ cmdlen += sprintf(&(pptr->command[cmdlen]), "\\%03o", (unsigned int)*cptr); ++ } ++ } ++ ++ pptr->command[cmdlen] = '\0'; ++ } ++ } ++ ++ if (last_proc == NULL) ++ name->matched_procs = pptr; ++ else ++ last_proc->next = pptr; ++ ++ if (fp) ++ fclose(fp); ++} ++ ++static void check_dir(const pid_t pid, const char *dirname, const struct device *dev, ++ const struct inode *ino, const uid_t uid) { ++ DIR *dirp = NULL; ++ dev_t thedev; ++ struct dirent *direntry = NULL; ++ struct stat st; ++ char dirpath[PATH_MAX]; ++ char filepath[PATH_MAX]; ++ int r = 0; ++ ++ if (dirname == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Dirname is NULL."); ++ return; ++ } ++ ++ r = snprintf(dirpath, sizeof(dirpath), "/proc/%d/%s", pid, dirname); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in check_dir."); ++ return; ++ } ++ ++ dirp = opendir(dirpath); ++ if (dirp == NULL) ++ return; ++ ++ while ((direntry = readdir(dirp)) != NULL) { ++ if (direntry->d_name[0] < '0' || direntry->d_name[0] > '9') ++ continue; ++ ++ snprintf(filepath, sizeof(filepath), "/proc/%d/%s/%s", ++ pid, dirname, direntry->d_name); ++ ++ if (stat(filepath, &st) != 0) ++ continue; ++ ++ thedev = st.st_dev; ++ ++ if ((dev != NULL) && (thedev == dev->device)) { ++ add_matched_proc(dev->name, pid, uid); ++ } ++ ++ if ((ino != NULL) && (thedev == ino->device)) { ++ if (st.st_ino == ino->inode) { ++ add_matched_proc(ino->name, pid, uid); ++ } ++ } ++ } //end while ++ ++ closedir(dirp); ++} ++ ++static int scan_procs(const struct name *name, const struct inode *ino, const struct device *dev) { ++ DIR *topproc_dir = NULL; ++ struct dirent *topproc_dent = NULL; ++ pid_t pid; ++ pid_t my_pid; ++ uid_t uid; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in scan_procs."); ++ return -1; ++ } ++ ++ if ((ino == NULL) && (dev == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Ino and dev should not be NULL in scan_procs."); ++ return -1; ++ } ++ ++ topproc_dir = opendir("/proc"); ++ if (topproc_dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open dir proc."); ++ return -1; ++ } ++ ++ my_pid = getpid(); ++ ++ while ((topproc_dent = readdir(topproc_dir)) != NULL) { ++ dev_t scan_dev; ++ struct stat *st = NULL; ++ ++ /* Not a process */ ++ if ((topproc_dent->d_name[0] < '0') || (topproc_dent->d_name[0] > '9')) ++ continue; ++ ++ pid = atoi(topproc_dent->d_name); ++ if (pid == my_pid) ++ continue; ++ ++ uid = getpiduid(pid); ++ ++ st = get_pidstat(pid); ++ scan_dev = st ? st->st_dev : 0; ++ ++ if ((dev != NULL) && (scan_dev == dev->device)) ++ add_matched_proc(dev->name, pid, uid); ++ ++ if ((ino != NULL) && (scan_dev == ino->device)) { ++ if (!st) ++ st = get_pidstat(pid); ++ ++ if (st && (st->st_dev == ino->device) && (st->st_ino == ino->inode)) ++ add_matched_proc(ino->name, pid, uid); ++ } ++ ++ if (st) ++ free(st); ++ ++ check_dir(pid, "fd", dev, ino, uid); ++ } // end while ++ ++ closedir(topproc_dir); ++ return 0; ++} ++ ++static void add_special_proc(struct name *name, const uid_t uid, const char *command) { ++ struct procs *pptr = NULL; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in add_special_proc."); ++ return; ++ } ++ ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ if (pptr->command != NULL && strcmp(pptr->command, command) == 0) ++ return; ++ } ++ ++ if ((pptr = malloc(sizeof(struct procs))) == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't allocate memory for add_special_proc() proc"); ++ return; ++ } ++ ++ pptr->pid = 0; ++ pptr->uid = uid; ++ pptr->next = name->matched_procs; ++ pptr->command = strdup(command); ++ ++ name->matched_procs = pptr; ++} ++ ++static void scan_mounts_and_swaps(const struct name *name, const struct inode *ino, ++ const struct device *dev, const char *file) { ++ FILE *fp = NULL; ++ char line[PATH_MAX]; ++ char *find_mountp = NULL; ++ char *find_space_mounts = NULL; ++ char *find_space_swaps = NULL; ++ struct stat st; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in scan_mounts_and_swaps."); ++ return; ++ } ++ ++ if ((ino == NULL) && (dev == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Ino and dev should not be null in scan_mounts_and_swaps."); ++ return; ++ } ++ ++ fp = fopen(file, "r"); ++ if (fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open file %s", file); ++ return; ++ } ++ ++ while (fgets(line, PATH_MAX, fp) != NULL) { ++ if (strcmp(file, PROC_MOUNTS) == 0) { ++ if ((find_mountp = strchr(line, ' ')) == NULL) ++ continue; ++ ++ find_mountp++; ++ ++ find_space_mounts = strchr(find_mountp, ' '); ++ if (find_space_mounts == NULL) ++ continue; ++ ++ *find_space_mounts = '\0'; ++ ++ if (stat(find_mountp, &st) != 0) ++ continue; ++ } else { ++ find_space_swaps = strchr(line, ' '); ++ if (find_space_swaps == NULL) ++ continue; ++ ++ *find_space_swaps = '\0'; ++ find_space_swaps++; ++ ++ while (*find_space_swaps == ' ') { ++ find_space_swaps++; ++ ++ if (*find_space_swaps == '\0') ++ continue; ++ } ++ ++ if (stat(line, &st) != 0) { ++ continue; ++ } ++ } ++ ++ if ((dev != NULL) && (st.st_dev == dev->device)) { ++ if (strcmp(file, PROC_MOUNTS) == 0) ++ add_special_proc(dev->name, 0, find_mountp); ++ ++ if (strcmp(file, PROC_SWAPS) == 0) ++ add_special_proc(dev->name, 0, line); ++ } ++ ++ if ((ino != NULL) && (st.st_dev == ino->device) && (st.st_ino == ino->inode)) { ++ if (strcmp(file, PROC_MOUNTS) == 0) ++ add_special_proc(ino->name, 0, find_mountp); ++ ++ if (strcmp(file, PROC_SWAPS) == 0) ++ add_special_proc(ino->name, 0, line); ++ } ++ } // end while ++ ++ fclose(fp); ++} ++ ++static void print_matches(const struct name *name) { ++ struct procs *pptr = NULL; ++ struct passwd *pwent = NULL; ++ static char P_cmd_long[MAX_COMM_LEN]; ++ char cmd_path[PATH_MAX]; ++ int r = 0; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in print_matches."); ++ return; ++ } ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\tUSER\t\tPID\tCOMMAND"); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s:", name->filename); ++ ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ if (pwent == NULL || pwent->pw_uid != pptr->uid) ++ pwent = getpwuid(pptr->uid); //get username ++ ++ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); ++ return; ++ } ++ ++ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); ++ ++ if (strlen(P_cmd_long) != 0){ ++ free(pptr->command); ++ pptr->command = strdup(P_cmd_long); ++ } ++ ++ if (pptr->command == NULL) ++ continue; ++ ++ if (pwent != NULL) { ++ if (pptr->pid != 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); ++ else ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); ++ } else { ++ if (pptr->pid != 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); ++ else ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ } ++ } ++} ++ ++static void free_matched_procs(struct procs *matched_procs) { ++ struct procs *procs_tmp = NULL; ++ struct procs *procs_next = NULL; ++ ++ procs_tmp = matched_procs; ++ ++ while (procs_tmp != NULL) { ++ procs_next = procs_tmp->next; ++ ++ if (procs_tmp->command) ++ free(procs_tmp->command); ++ ++ free(procs_tmp); ++ ++ procs_tmp = procs_next; ++ } ++} ++ ++int fuser(const char *dir) { ++ struct name this_name; ++ struct inode match_inode; ++ struct device match_device; ++ int r = 0; ++ ++ if (dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Dir should not be NULL."); ++ return -1; ++ } ++ ++ this_name.matched_procs = NULL; ++ ++ this_name.filename = strdup(dir); //need to free ++ if (this_name.filename == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't allocate memory for fuser() this_name->filename."); ++ return -1; ++ } ++ ++ r = parse_dir(&this_name, &match_inode); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to parse file."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ r = parse_mounts(&this_name, &match_device); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to parse mounts."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ r = scan_procs(&this_name, &match_inode, &match_device); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to scan_procs."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_MOUNTS); ++ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_SWAPS); ++ print_matches(&this_name); ++ ++ free_matched_procs(this_name.matched_procs); ++ free(this_name.filename); ++ return 0; ++} +diff --git a/src/core/fuser.h b/src/core/fuser.h +new file mode 100644 +index 0000000..b74b879 +--- /dev/null ++++ b/src/core/fuser.h +@@ -0,0 +1,55 @@ ++#pragma once ++ ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <stdio.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> ++#include <stdlib.h> ++#include <dirent.h> ++#include <ctype.h> ++#include <unistd.h> ++#include <pwd.h> ++#include <string.h> ++#include <limits.h> ++#include <errno.h> ++ ++#include "manager.h" ++ ++struct procs { ++ pid_t pid; ++ uid_t uid; ++ char *username; ++ char *command; ++ struct procs *next; ++}; ++ ++struct name { ++ char *filename; ++ struct stat st; ++ struct procs *matched_procs; ++}; ++ ++struct inode { ++ struct name *name; ++ dev_t device; ++ ino_t inode; ++}; ++ ++struct device { ++ struct name *name; ++ dev_t device; ++}; ++ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif /* PATH_MAX */ ++ ++#define CMD_NAME_LEN 100 ++#define COMM_LEN 64 ++#define MAX_COMM_LEN 1024 ++#define PROC_MOUNTS "/proc/mounts" ++#define PROC_SWAPS "/proc/swaps" ++ ++int fuser(const char *dir); +diff --git a/src/core/job.c b/src/core/job.c +index e7d1f65..b86aadd 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -27,6 +27,9 @@ + #include "terminal-util.h" + #include "unit.h" + #include "virt.h" ++#include "fuser.h" ++#include "mount.h" ++#include "process-util.h" + + Job* job_new_raw(Unit *unit) { + Job *j; +@@ -729,6 +732,8 @@ static const char* job_done_mid(JobType type, JobResult result) { + static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult result) { + _cleanup_free_ char *free_ident = NULL; + const char *ident, *format; ++ int r = 0; ++ pid_t pid; + + assert(u); + assert(t >= 0); +@@ -825,6 +830,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + "See 'systemctl status %s' for details.", quoted); + } + } ++ ++ if (FLAGS_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->defaults.dfx_reboot && ++ ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { ++ ++ Mount *m = MOUNT(u); ++ ++ r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Failed to fork for fuser!"); ++ return; ++ } ++ if (r == 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "-------------fuser -mv %s----------------", m->where); ++ ++ r = fuser(m->where); ++ if (r < 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run fuser."); ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s","----------------------------------------------------------------------"); ++ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); ++ } ++ ++ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); ++ if (r == -ETIMEDOUT) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (fuser-shutdown)."); ++ (void) kill(pid, SIGKILL); ++ } ++ } + } + + static int job_perform_on_unit(Job **j) { +diff --git a/src/core/main.c b/src/core/main.c +index 96b0a11..ddbabaa 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -622,6 +622,7 @@ static int parse_config_file(void) { + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, + { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, ++ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_defaults.dfx_reboot }, + { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, + { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format }, + { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity }, +@@ -1471,7 +1472,8 @@ static int become_shutdown(int objective, int retval) { + + char log_level[STRLEN("--log-level=") + DECIMAL_STR_MAX(int)], + timeout[STRLEN("--timeout=") + DECIMAL_STR_MAX(usec_t) + STRLEN("us")], +- exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)]; ++ exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)], ++ dfx_reboot[STRLEN("--dfx-reboot=") + DECIMAL_STR_MAX(bool)]; + + _cleanup_strv_free_ char **env_block = NULL; + usec_t watchdog_timer = 0; +@@ -1482,15 +1484,17 @@ static int become_shutdown(int objective, int retval) { + + xsprintf(log_level, "--log-level=%d", log_get_max_level()); + xsprintf(timeout, "--timeout=%" PRI_USEC "us", arg_defaults.timeout_stop_usec); ++ xsprintf(dfx_reboot, "--dfx-reboot=%d", arg_defaults.dfx_reboot); + +- const char* command_line[10] = { ++ const char* command_line[11] = { + SYSTEMD_SHUTDOWN_BINARY_PATH, + table[objective], + log_level, + timeout, ++ dfx_reboot, + /* Note that the last position is a terminator and must contain NULL. */ + }; +- size_t pos = 4; ++ size_t pos = 5; + + assert(command_line[pos-1]); + assert(!command_line[pos]); +diff --git a/src/core/manager.c b/src/core/manager.c +index b29d4e1..53fd07d 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4206,6 +4206,8 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.oom_score_adjust = defaults->oom_score_adjust; + m->defaults.oom_score_adjust_set = defaults->oom_score_adjust_set; + ++ m->defaults.dfx_reboot = defaults->dfx_reboot; ++ + m->defaults.memory_pressure_watch = defaults->memory_pressure_watch; + m->defaults.memory_pressure_threshold_usec = defaults->memory_pressure_threshold_usec; + +@@ -4978,6 +4980,8 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + + .oom_policy = OOM_STOP, + .oom_score_adjust_set = false, ++ ++ .dfx_reboot = false, + }; + } + +diff --git a/src/core/manager.h b/src/core/manager.h +index 93e9d2a..19fb33b 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -177,6 +177,8 @@ typedef struct UnitDefaults { + int oom_score_adjust; + bool oom_score_adjust_set; + ++ bool dfx_reboot; ++ + CGroupPressureWatch memory_pressure_watch; + usec_t memory_pressure_threshold_usec; + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7701d3d..83103ef 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -68,6 +68,7 @@ libcore_sources = files( + 'unit-printf.c', + 'unit-serialize.c', + 'unit.c', ++ 'fuser.c', + ) + + if conf.get('BPF_FRAMEWORK') == 1 +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index dbdc47c..3495b8e 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -80,6 +80,7 @@ DefaultLimitMEMLOCK=64M + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop ++#DefaultDFXReboot=no + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd..c932e28 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -1,5 +1,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++shutdown_includes = [includes, include_directories('.')] ++ + systemd_shutdown_sources = files( + 'detach-dm.c', + 'detach-loopback.c', +@@ -7,12 +9,18 @@ systemd_shutdown_sources = files( + 'detach-swap.c', + 'shutdown.c', + 'umount.c', ++ 'process-status.c', + ) + + executables += [ + libexec_template + { + 'name' : 'systemd-shutdown', + 'sources' : systemd_shutdown_sources, ++ 'include_directories' : core_includes, ++ 'link_with' : [ ++ libcore, ++ libshared ++ ], + 'dependencies' : libmount, + }, + libexec_template + { +@@ -34,6 +42,11 @@ executables += [ + 'detach-swap.c', + 'umount.c', + ), ++ 'include_directories' : core_includes, ++ 'link_with' : [ ++ libcore, ++ libshared ++ ], + 'dependencies' : libmount, + }, + ] +diff --git a/src/shutdown/process-status.c b/src/shutdown/process-status.c +new file mode 100644 +index 0000000..11837a2 +--- /dev/null ++++ b/src/shutdown/process-status.c +@@ -0,0 +1,143 @@ ++#include "process-status.h" ++#include "process-util.h" ++ ++static uid_t P_uid; ++static int P_pid; ++static int P_ppid; ++static char P_stat[COMM_LEN]; ++static char P_cmd_short[COMM_LEN]; ++static char P_user[COMM_LEN]; ++static char P_cmd_long[COMM_LEN]; ++ ++static int read_from_stat(int pid) { ++ char buf[PATH_MAX]; ++ char cmd_path[PATH_MAX]; ++ char pathname[PATH_MAX]; ++ int fd = 0; ++ struct stat st; ++ int r = 0; ++ ++ memset(buf, 0, sizeof(buf)); ++ memset(cmd_path, 0, sizeof(cmd_path)); ++ memset(pathname, 0, sizeof(pathname)); ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't snprintf /proc/%d.", pid); ++ return -1; ++ } ++ ++ if (stat(pathname, &st) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't stat %s.", pathname); ++ return -1; ++ } ++ ++ P_uid = st.st_uid; ++ ++ r = snprintf(buf, sizeof(buf), "/proc/%d/stat", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't snprintf /proc/%d/stat.", pid); ++ return -1; ++ } ++ ++ fd = open(buf, O_RDONLY, 0); ++ if (fd == -1) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open %s.", buf); ++ return -1; ++ } ++ ++ r = read(fd, buf, sizeof(buf) - 1); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't read /proc/%d/stat.", pid); ++ close(fd); ++ return -1; ++ } ++ ++ r = sscanf(buf, "%d %s %s %d", &P_pid, P_cmd_short, P_stat, &P_ppid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't run sscanf."); ++ close(fd); ++ return -1; ++ } ++ ++ close(fd); ++ ++ if(P_pid != pid) ++ return -1; ++ ++ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pid); ++ return -1; ++ } ++ ++ /* read from /proc/$pid/cmdline */ ++ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); ++ ++ return 0; ++} ++ ++static void do_user(void) { ++ struct passwd *p = NULL; ++ ++ p = getpwuid(P_uid); ++ if (p) { ++ snprintf(P_user, sizeof(P_user), "%s", p->pw_name); ++ } else { ++ snprintf(P_user, sizeof(P_user), "%u", P_uid); ++ } ++} ++ ++static void print_proc(void) { ++ if ((P_ppid != KTHREADD) && (strcmp(P_cmd_short, "(kthreadd)") != 0)) { ++ if (strlen(P_cmd_long) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_long); ++ } else { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_short); ++ } ++ } ++} ++ ++int process_status(void) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "-----------------------------------------------------------------"); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "USER\tPID\tPPID\tCMD"); ++ ++ struct dirent *ent = NULL; ++ DIR *dir = NULL; ++ ++ dir = opendir("/proc"); ++ if (dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "can't open /proc"); ++ return -1; ++ } ++ ++ while((ent = readdir(dir))){ ++ if (*ent->d_name < '0' || *ent->d_name > '9') ++ continue; ++ ++ if (read_from_stat(atoi(ent->d_name)) != 0) ++ continue; ++ ++ do_user(); ++ ++ print_proc(); ++ } ++ ++ closedir(dir); ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "------------------------------------------------------------------"); ++ ++ return 0; ++} +diff --git a/src/shutdown/process-status.h b/src/shutdown/process-status.h +new file mode 100644 +index 0000000..2f4333d +--- /dev/null ++++ b/src/shutdown/process-status.h +@@ -0,0 +1,24 @@ ++#pragma once ++ ++#include <fcntl.h> ++#include <stdio.h> ++#include <dirent.h> ++#include <string.h> ++#include <pwd.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <sys/stat.h> ++#include <limits.h> ++#include <errno.h> ++ ++#include "manager.h" ++ ++#define COMM_LEN 512 ++ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ ++#define KTHREADD 2 ++ ++int process_status(void); +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index b976b7d..d6beb2d 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -48,13 +48,17 @@ + #include "umount.h" + #include "virt.h" + #include "watchdog.h" ++#include "process-status.h" + + #define SYNC_PROGRESS_ATTEMPTS 3 + #define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC) ++#define SHUTDOWN_TIMEOUT_MIN (0*USEC_PER_SEC) ++#define SHUTDOWN_TIMEOUT_INTERVAL (30*USEC_PER_SEC) + + static char* arg_verb; + static uint8_t arg_exit_code; + static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; ++static bool dfx_reboot = false; + + static int parse_argv(int argc, char *argv[]) { + enum { +@@ -82,6 +86,13 @@ static int parse_argv(int argc, char *argv[]) { + while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) + switch (c) { + ++ case ARG_DFX_REBOOT: ++ if (streq(optarg, "1")) { ++ dfx_reboot = true; ++ } ++ ++ break; ++ + case ARG_LOG_LEVEL: + r = log_set_max_level_from_string(optarg); + if (r < 0) +@@ -341,6 +352,9 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3]; + int cmd, r; ++ usec_t now_time, time_interval; ++ pid_t pid; ++ bool fork_failed = false; + + /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for + * example for logging. After all this tool's purpose is about detaching any pinned resources, and +@@ -432,8 +446,37 @@ int main(int argc, char *argv[]) { + need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false; + can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0; + ++ now_time = now(CLOCK_MONOTONIC); ++ time_interval = SHUTDOWN_TIMEOUT_MIN; + /* Unmount all mountpoints, swaps, and loopback devices */ + for (;;) { ++ if (dfx_reboot && (now(CLOCK_MONOTONIC) >= now_time + time_interval)) { ++ r = safe_fork("(process_status)", FORK_RESET_SIGNALS, &pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Failed to fork for process_status!"); ++ fork_failed = true; ++ } ++ if (r == 0) { ++ r = process_status(); ++ if (r < 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run ps."); ++ ++ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); ++ } ++ ++ now_time = now(CLOCK_MONOTONIC); ++ time_interval = SHUTDOWN_TIMEOUT_INTERVAL; ++ ++ if (!fork_failed) { ++ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); ++ if (r == -ETIMEDOUT) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (process_status)."); ++ (void) kill(pid, SIGKILL); ++ } ++ } ++ } ++ + bool changed = false; + + (void) watchdog_ping(); +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index 1a9b99d..220ae2e 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -28,6 +28,7 @@ + #include "signal-util.h" + #include "umount.h" + #include "virt.h" ++#include "manager.h" + + static void mount_point_free(MountPoint **head, MountPoint *m) { + assert(head); +@@ -321,6 +322,7 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + pfd[0] = safe_close(pfd[0]); + + log_info("Unmounting '%s'.", m->path); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounting '%s'.", m->path); + + /* Start the mount operation here in the child Using MNT_FORCE causes some filesystems + * (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return +@@ -332,9 +334,12 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + (m->umount_lazily ? MNT_DETACH : MNT_FORCE))); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Failed to unmount '%s'.", m->path); + + if (r == -EBUSY && last_try) + log_umount_blockers(m->path); ++ } else { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounted '%s'.", m->path); + } + + (void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */ +diff --git a/src/test/meson.build b/src/test/meson.build +index a7ca76e..f9e1974 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -596,4 +596,29 @@ executables += [ + libudev_basic, + ], + }, ++ test_template + { ++ 'sources' : files( ++ 'test-process-status.c', ++ '../shutdown/process-status.c' ++ ), ++ 'link_with' : [ ++ libcore, ++ libshared, ++ ], ++ 'include_directories' : [ ++ shutdown_includes, ++ core_includes, ++ ] ++ }, ++ test_template + { ++ 'sources' : files( ++ 'test-fuser.c', ++ '../core/fuser.c' ++ ), ++ 'link_with' : [ ++ libcore, ++ libshared, ++ ], ++ 'include_directories' : core_includes, ++ }, + ] +diff --git a/src/test/test-fuser.c b/src/test/test-fuser.c +new file mode 100644 +index 0000000..1527b5b +--- /dev/null ++++ b/src/test/test-fuser.c +@@ -0,0 +1,14 @@ ++#include "fuser.h" ++#include "tests.h" ++ ++int main(int argc, char *argv[]){ ++ test_setup_logging(LOG_DEBUG); ++ ++ assert_se(fuser("/") == 0); ++ assert_se(fuser(NULL) < 0); ++ assert_se(fuser("/dev") == 0); ++ assert_se(fuser("/dev/empty/mountpoint") < 0); ++ assert_se(fuser("") < 0); ++ ++ return 0; ++} +diff --git a/src/test/test-process-status.c b/src/test/test-process-status.c +new file mode 100644 +index 0000000..4a4c3da +--- /dev/null ++++ b/src/test/test-process-status.c +@@ -0,0 +1,10 @@ ++#include "process-status.h" ++#include "tests.h" ++ ++int main(int argc, char *argv[]){ ++ ++ assert_se(process_status() == 0); ++ ++ return 0; ++ ++} +-- +2.33.0 + diff --git a/process-util-log-more-information-when-runnin.patch b/process-util-log-more-information-when-runnin.patch new file mode 100644 index 0000000..6e0c022 --- /dev/null +++ b/process-util-log-more-information-when-runnin.patch @@ -0,0 +1,147 @@ +From f4b4008495211c60bda7e1edda45beb36a553bc7 Mon Sep 17 00:00:00 2001 +From: licunlong<licunlong1@huawei.com> +Date: Thu, 14 Jan 2021 15:57:59 +0800 +Subject: [PATCH] process-util: log more information when running + systemctl. + + Print the PID and its cmdline to the system log when a process + runs systemctl command. +--- + src/basic/process-util.c | 31 +++++++++++++++++++++++++++++++ + src/basic/process-util.h | 1 + + src/systemctl/systemctl.c | 12 ++++++++++++ + src/test/test-process-util.c | 22 ++++++++++++++++++++++ + 4 files changed, 66 insertions(+) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 4e93c9b..78ad30b 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -54,6 +54,7 @@ + #include "stdio-util.h" + #include "string-table.h" + #include "string-util.h" ++#include "strv.h" + #include "terminal-util.h" + #include "user-util.h" + #include "utf8.h" +@@ -342,6 +343,36 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char * + return 0; + } + ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], const char * const *filter) { ++ bool is_filtered = false; ++ int r; ++ const char *arg_cmdline = "["; ++ _cleanup_free_ char *cmdline = NULL; ++ ++ r = pid_get_cmdline(pid, SIZE_MAX, 0, &cmdline); ++ if (r < 0) { ++ syslog(LOG_INFO, "Failed to get cmdline of PID %d. Ignoring.", pid); ++ return r; ++ } else { ++ for (int i = 0; i < argc; i++ ) { ++ if (filter && strv_find((char * const *) filter, argv[i])) { ++ is_filtered = true; ++ break; ++ } ++ if (i == 0) { ++ arg_cmdline = strjoina(arg_cmdline, argv[i]); ++ } else { ++ arg_cmdline = strjoina(arg_cmdline, " ", argv[i]); ++ } ++ } ++ if (!is_filtered) { ++ syslog(LOG_INFO, "%s] called by PID %d (%s)", arg_cmdline, pid, cmdline); ++ } ++ return 0; ++ } ++ ++} ++ + int container_get_leader(const char *machine, pid_t *pid) { + _cleanup_free_ char *s = NULL, *class = NULL; + const char *p; +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index 060c0c2..d211188 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -41,6 +41,7 @@ typedef enum ProcessCmdlineFlags { + + int pid_get_comm(pid_t pid, char **ret); + int pidref_get_comm(const PidRef *pid, char **ret); ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], const char * const *filter); + int pid_get_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret); + int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret); + int pid_get_cmdline_strv(pid_t pid, ProcessCmdlineFlags flags, char ***ret); +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index dd6f6c9..3b049c7 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -2,6 +2,7 @@ + + #include <getopt.h> + #include <locale.h> ++#include <sys/types.h> + #include <unistd.h> + + #include "sd-daemon.h" +@@ -1226,6 +1227,14 @@ static int run(int argc, char *argv[]) { + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; + _cleanup_(umount_and_freep) char *mounted_dir = NULL; + int r; ++ pid_t ppid; ++ const char * const filter[] = { ++ "status", "show", "cat", ++ "is-active", "is-failed", "is-enabled", "is-system-running", ++ "list-units", "list-sockets", "list-timers", "list-dependencies", ++ "list-unit-files", "list-machines", "list-jobs", ++ "get-default", "show-environment", NULL ++ }; + + setlocale(LC_ALL, ""); + log_setup(); +@@ -1239,6 +1248,9 @@ static int run(int argc, char *argv[]) { + if (r <= 0) + goto finish; + ++ ppid = getppid(); ++ (void) print_process_cmdline_with_arg(ppid, argc, argv, filter); ++ + if (proc_mounted() == 0) + log_full(arg_no_warn ? LOG_DEBUG : LOG_WARNING, + "%s%s/proc/ is not mounted. This is not a supported mode of operation. Please fix\n" +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 957e214..d9e9ab1 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -951,4 +951,26 @@ static int intro(void) { + return EXIT_SUCCESS; + } + ++TEST(print_process_cmdline_with_arg) { ++ pid_t pid = getpid(); ++ const char * const arg_filter_empty[] = {"", NULL}; ++ const char * const arg_filter_1_in[] = {"status", NULL}; ++ const char * const arg_filter_1_no[] = {"stop", NULL}; ++ const char * const arg_filter_2_in[] = {"restart", "status", NULL}; ++ const char * const arg_filter_2_no[] = {"restart", "stop", NULL}; ++ const char *arg_var_1[1] = {"systemctl"}; ++ const char *arg_var_10[10] = {"systemctl", "restart", "1", "2", "3", "4", "5", "6", "7", "8"}; ++ const char *arg_var_filter[3] = {"systemctl", "status", "dbus.service"}; ++ assert_se(print_process_cmdline_with_arg(pid, 0, NULL, NULL) >=0); ++ assert_se(print_process_cmdline_with_arg(pid, 1, (char **) arg_var_1, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 10, (char **) arg_var_10, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(897349, 1, (char **) arg_var_1, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(897349, 10, (char **) arg_var_10, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_empty) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_1_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_1_no) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_2_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_2_no) >= 0); ++} ++ + DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +-- +2.33.0 + diff --git a/purge-nobody-user b/purge-nobody-user new file mode 100644 index 0000000..66404fe --- /dev/null +++ b/purge-nobody-user @@ -0,0 +1,101 @@ +#!/bin/bash -eu + +if [ $UID -ne 0 ]; then + echo "WARNING: This script needs to run as root to be effective" + exit 1 +fi + +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 + +if [ "${1:-}" = "--ignore-journal" ]; then + shift + ignore_journal=1 +else + ignore_journal=0 +fi + +echo "Checking processes..." +if ps h -u 99 | grep .; then + echo "ERROR: ps reports processes with UID 99!" + exit 2 +fi +echo "... not found" + +echo "Checking UTMP..." +if w -h 199 | grep . ; then + echo "ERROR: w reports UID 99 as active!" + exit 2 +fi +if w -h nobody | grep . ; then + echo "ERROR: w reports user nobody as active!" + exit 2 +fi +echo "... not found" + +echo "Checking the journal..." +if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then + echo "ERROR: journalctl reports messages from UID 99 in current boot!" + exit 2 +fi +echo "... not found" + +echo "Looking for files in /etc, /run, /tmp, and /var..." +if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then + echo "ERROR: found files belonging to UID 99" + exit 2 +fi +echo "... not found" + +echo "Checking if nobody is defined correctly..." +if getent passwd nobody | + grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; +then + echo "OK, nothing to do." + exit 0 +else + echo "NOTICE: User nobody is not defined correctly" +fi + +echo "Checking if nfsnobody or something else is using the uid..." +if getent passwd 65534 | grep . ; then + echo "NOTICE: will have to remove this user" +else + echo "... not found" +fi + +if [ "${1:-}" = "-x" ]; then + if getent passwd nobody >/dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/rc.local b/rc.local new file mode 100644 index 0000000..a7e0ad2 --- /dev/null +++ b/rc.local @@ -0,0 +1,13 @@ +#!/bin/bash +# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES +# +# It is highly advisable to create own systemd services or udev rules +# to run scripts during boot instead of using this file. +# +# In contrast to previous versions due to parallel execution during boot +# this script will NOT be run after all other services. +# +# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure +# that this script will be executed during boot. + +touch /var/lock/subsys/local diff --git a/resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch new file mode 100644 index 0000000..f289127 --- /dev/null +++ b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -0,0 +1,48 @@ +From 0c670fec00f3d5c103d9b7415d4e0510c61ad006 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 11 Mar 2016 17:06:17 -0500 +Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime + +If the symlink doesn't exists, and we are being started, let's +create it to provie name resolution. + +If it exists, do nothing. In particular, if it is a broken symlink, +we cannot really know if the administator configured it to point to +a location used by some service that hasn't started yet, so we +don't touch it in that case either. + +https://bugzilla.redhat.com/show_bug.cgi?id=1313085 +--- + src/resolve/resolved.c | 5 +++++ + tmpfiles.d/systemd-resolve.conf | 2 -- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c +index d3bc902..a94d744 100644 +--- a/src/resolve/resolved.c ++++ b/src/resolve/resolved.c +@@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Could not create runtime directory: %m"); + ++ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); ++ if (r < 0 && errno != EEXIST) ++ log_warning_errno(errno, ++ "Could not create /etc/resolv.conf symlink: %m"); ++ + /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ + r = drop_privileges(uid, gid, + (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +index cb1c56d..ce3d1a6 100644 +--- a/tmpfiles.d/systemd-resolve.conf ++++ b/tmpfiles.d/systemd-resolve.conf +@@ -6,5 +6,3 @@ + # (at your option) any later version. + + # See tmpfiles.d(5) for details +- +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +-- +2.33.0 + diff --git a/revert-rpm-restart-services-in-posttrans.patch b/revert-rpm-restart-services-in-posttrans.patch new file mode 100644 index 0000000..01e6f75 --- /dev/null +++ b/revert-rpm-restart-services-in-posttrans.patch @@ -0,0 +1,31 @@ +From 3b2ba67cfc83905a88e3ebb88a2b43222a06e869 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Fri, 17 Jun 2022 14:26:16 +0800 +Subject: [PATCH] revert rpm: restart services in %posttrans +Reason:In version 22.03, if we do not add 'systemctl reload or restart --marked' in +%transfiletriggerpostun, %systemd_postun_with_restart will not restart the +service. In order to maintain compatibility with version 20.03, revert the commit +and use the version 20.03 scheme + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fa97d2fcf64e0558054bee673f734f523373b146 +--- + src/rpm/macros.systemd.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 8880078..b1a297e 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -89,7 +89,7 @@ fi \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ + if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package upgrade, not uninstall \ +- {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ ++ %{_bindir}/systemctl try-restart %{?*} || : \ + fi \ + %{nil} + +-- +2.33.0 + diff --git a/rule_generator.functions b/rule_generator.functions new file mode 100644 index 0000000..ca290cc --- /dev/null +++ b/rule_generator.functions @@ -0,0 +1,107 @@ +# functions used by the udev rule generator +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation version 2 of the License. + +PATH='/usr/sbin:/usr/bin' + +# Read a single line from file $1 in the $DEVPATH directory. +# The function must not return an error even if the file does not exist. +sysread() { + local file="$1" + [ -e "/sys$DEVPATH/$file" ] || return 0 + local value + read value < "/sys$DEVPATH/$file" || return 0 + echo "$value" +} + +sysreadlink() { + local file="$1" + [ -e "/sys$DEVPATH/$file" ] || return 0 + readlink -f /sys$DEVPATH/$file 2> /dev/null || true +} + +# Return true if a directory is writeable. +writeable() { + if ln -s test-link $1/.is-writeable 2> /dev/null; then + rm -f $1/.is-writeable + return 0 + else + return 1 + fi +} + +# Create a lock file for the current rules file. +lock_rules_file() { + [ -e /dev/.udev/ ] || return 0 + + RULES_LOCK="/dev/.udev/.lock-${RULES_FILE##*/}" + + retry=30 + while ! mkdir $RULES_LOCK 2> /dev/null; do + if [ $retry -eq 0 ]; then + echo "Cannot lock $RULES_FILE!" >&2 + exit 2 + fi + sleep 1 + retry=$(($retry - 1)) + done +} + +unlock_rules_file() { + [ "$RULES_LOCK" ] || return 0 + rmdir $RULES_LOCK || true +} + +# Choose the real rules file if it is writeable or a temporary file if not. +# Both files should be checked later when looking for existing rules. +choose_rules_file() { + local tmp_rules_file="/dev/.udev/tmp-rules--${RULES_FILE##*/}" + [ -e "$RULES_FILE" -o -e "$tmp_rules_file" ] || PRINT_HEADER=1 + + local retry=5 + while :; + do + if [ $retry -eq 0 ]; then + echo "$RULES_FILE not writeable!" >&2 + exit 2 + elif writeable ${RULES_FILE%/*}; then + RO_RULES_FILE='/dev/null' + break + fi + sleep 1 + retry=$(($retry - 1)) + done +} + +# Return the name of the first free device. +raw_find_next_available() { + local links="$1" + + local basename=${links%%[ 0-9]*} + local max=-1 + for name in $links; do + local num=${name#$basename} + [ "$num" ] || num=0 + [ $num -gt $max ] && max=$num + done + + local max=$(($max + 1)) + # "name0" actually is just "name" + [ $max -eq 0 ] && return + echo "$max" +} + +# Find all rules matching a key (with action) and a pattern. +find_all_rules() { + local key="$1" + local linkre="$2" + local match="$3" + + local search='.*[[:space:],]'"$key"'"('"$linkre"')".*' + echo $(sed -n -r -e 's/^#.*//' -e "${match}s/${search}/\1/p" \ + $RO_RULES_FILE \ + $([ -e $RULES_FILE ] && echo $RULES_FILE) \ + 2>/dev/null) +} diff --git a/rules-add-elevator-kernel-command-line-parameter.patch b/rules-add-elevator-kernel-command-line-parameter.patch new file mode 100644 index 0000000..4e5f126 --- /dev/null +++ b/rules-add-elevator-kernel-command-line-parameter.patch @@ -0,0 +1,42 @@ +From 1255584bb0a595fb555af7e14230ab1b7aa6adcd Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Tue, 12 Feb 2019 16:58:16 +0100 +Subject: [PATCH] rules: add elevator= kernel command line parameter + +Kernel removed the elevator= option + +Resolves: #1670126 +--- + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + create mode 100644 rules.d/40-elevator.rules + +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules +new file mode 100644 +index 0000000000..5f615bf51a +--- /dev/null ++++ b/rules.d/40-elevator.rules +@@ -0,0 +1,20 @@ ++# We aren't adding devices skip the elevator check ++ACTION!="add", GOTO="sched_out" ++ ++SUBSYSTEM!="block", GOTO="sched_out" ++ENV{DEVTYPE}!="disk", GOTO="sched_out" ++ ++# Technically, dm-multipath can be configured to use an I/O scheduler. ++# However, there are races between the 'add' uevent and the linking in ++# of the queue/scheduler sysfs file. For now, just skip dm- devices. ++KERNEL=="dm-*|md*", GOTO="sched_out" ++ ++# Skip bio-based devices, which don't support an I/O scheduler. ++ATTR{queue/scheduler}=="none", GOTO="sched_out" ++ ++# If elevator= is specified on the kernel command line, change the ++# scheduler to the one specified. ++IMPORT{cmdline}="elevator" ++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" ++ ++LABEL="sched_out" +-- +2.23.0 + diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch new file mode 100644 index 0000000..19893e3 --- /dev/null +++ b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch @@ -0,0 +1,40 @@ +From 2991b22f5f40a66ad1cc088e502e7f40ae1806c2 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Mon, 22 Sep 2014 07:53:52 +0200 +Subject: rules: add rule for naming Dell iDRAC USB Virtual NIC + as 'idrac' + +Related: #1523227 +--- + rules.d/73-idrac.rules | 6 ++++++ + rules.d/meson.build | 1 + + 2 files changed, 7 insertions(+) + create mode 100644 rules.d/73-idrac.rules + +diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules +new file mode 100644 +index 0000000..d67fc42 +--- /dev/null ++++ b/rules.d/73-idrac.rules +@@ -0,0 +1,6 @@ ++# do not edit this file, it will be overwritten on update ++ ++# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC ++# with terminates in the iDRAC. Help identify this with 'idrac' ++ ++ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" +diff --git a/rules.d/meson.build b/rules.d/meson.build +index cba9dd4..39e174d 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -24,6 +24,7 @@ rules = [ + '70-joystick.rules', + '70-mouse.rules', + '70-touchpad.rules', ++ '73-idrac.rules', + '75-net-description.rules', + '75-probe_mtd.rules', + '78-sound-card.rules', +-- +2.33.0 + diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/rules-add-the-rule-that-adds-elevator-kernel-command.patch new file mode 100644 index 0000000..741d154 --- /dev/null +++ b/rules-add-the-rule-that-adds-elevator-kernel-command.patch @@ -0,0 +1,29 @@ +From 16d1f6e5122038fa24392e166a0a88c6cab41dd0 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Tue, 26 Feb 2019 15:22:38 +0100 +Subject: [PATCH] rules: add the rule that adds elevator= kernel + command line parameter + +Resolves: #1670126 + +--- + rules.d/meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 6a78e78..3e5c90b 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,7 +5,8 @@ install_data( + install_dir : udevrulesdir) + + rules = [ +- [files('60-autosuspend.rules', ++ [files('40-elevator.rules', ++ '60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', + '60-dmi-id.rules', +-- +2.33.0 + diff --git a/sd-bus-properly-initialize-containers.patch b/sd-bus-properly-initialize-containers.patch new file mode 100644 index 0000000..3f74b2e --- /dev/null +++ b/sd-bus-properly-initialize-containers.patch @@ -0,0 +1,31 @@ +From 220a60a61a91153fd8e49e58884b9b0b904888f6 Mon Sep 17 00:00:00 2001 +From: Jan Synacek <jsynacek@redhat.com> +Date: Wed, 31 Oct 2018 12:50:19 +0100 +Subject: [PATCH] sd-bus: properly initialize containers + +Fixes a SIGSEGV introduced by commit 38a5315a3a6fab745d8c86ff9e486faaf50b28d1. +The same problem doesn't exist upstream, as the container structure +there is initialized using a compound literal, which is zeroed out by +default. + +Related: #1635435 + +--- + src/libsystemd/sd-bus/bus-message.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 9719f97..ec6cd57 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -1783,6 +1783,7 @@ _public_ int sd_bus_message_open_container( + .enclosing = type, + .signature = TAKE_PTR(signature), + .array_size = array_size, ++ .peeked_signature = NULL, + .before = before, + .begin = begin, + }; +-- +2.33.0 + diff --git a/sense_data.py b/sense_data.py new file mode 100644 index 0000000..043c2db --- /dev/null +++ b/sense_data.py @@ -0,0 +1,267 @@ +#!/usr/bin/env python + +import sys +import os +import re +import ctypes +import fcntl +import string + +MEET_NEWER_SAT = 0 +wwn = ctypes.c_uint64() + +BSG_PROTOCOL_SCSI = 0 # <linux/bsg.h> +BSG_SUB_PROTOCOL_SCSI_CMD = 0 # <linux/bsg.h> + +SG_DXFER_FROM_DEV = -3 # SCSI READ command + +ASCII_S = 83 # 'S' +ASCII_Q = 81 # 'Q' +SG_IO = 0x2285 # <scsi/sg.h> + + +""" +INQUIRY Command +https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100293068j.pdf +3.6.1 Section +""" + + +class inquiry_cmd(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + ("opcode", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("pagecode", ctypes.c_ubyte), + ("alloc_len_3", ctypes.c_ubyte), + ("alloc_len_4", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + ] + + +""" +ATA PASS-THROUGH (12) command +https://www.t10.org/ftp/t10/document.04/04-262r8.pdf +13.2.2 Section +""" + + +class ata_cmd_12(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + ("opcode", ctypes.c_ubyte), + ("protocol", ctypes.c_ubyte), + ("flags", ctypes.c_ubyte), + ("features", ctypes.c_ubyte), + ("sector_count", ctypes.c_ubyte), + ("lba_low", ctypes.c_ubyte), + ("lba_mid", ctypes.c_ubyte), + ("lba_high", ctypes.c_ubyte), + ("device", ctypes.c_ubyte), + ("command", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + ] + + +""" +ref: include/scsi/sg.h +""" + + +class sgio_hdr(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + # [i] 'S' for SCSI generic (required) + ("interface_id", ctypes.c_int), + ("dxfer_direction", ctypes.c_int), # [i] data transfer direction + # [i] SCSI command length ( <= 16 bytes) + ("cmd_len", ctypes.c_ubyte), + ("mx_sb_len", ctypes.c_ubyte), # [i] max length to write to sbp + ("iovec_count", ctypes.c_ushort), # [i] 0 implies no scatter gather + ("dxfer_len", ctypes.c_uint), # [i] byte count of data transfer + # [i], [*io] points to data transfer memory + ("dxferp", ctypes.c_void_p), + # [i], [*i] points to command to perform + ("cmdp", ctypes.c_void_p), + # [i], [*o] points to sense_buffer memory + ("sbp", ctypes.c_void_p), + # [i] MAX_UINT->no timeout (unit: millisec) + ("timeout", ctypes.c_uint), + ("flags", ctypes.c_uint), # [i] 0 -> default, see SG_FLAG... + # [i->o] unused internally (normally) + ("pack_id", ctypes.c_int), + ("usr_ptr", ctypes.c_void_p), # [i->o] unused internally + ("status", ctypes.c_ubyte), # [o] scsi status + ("masked_status", ctypes.c_ubyte), # [o] shifted, masked scsi status + # [o] messaging level data (optional) + ("msg_status", ctypes.c_ubyte), + # [o] byte count actually written to sbp + ("sb_len_wr", ctypes.c_ubyte), + ("host_status", ctypes.c_ushort), # [o] errors from host adapter + ("driver_status", ctypes.c_ushort), # [o] errors from software driver + # [o] dxfer_len - actual_transferred + ("resid", ctypes.c_int), + # [o] time taken by cmd (unit: millisec) + ("duration", ctypes.c_uint), + ("info", ctypes.c_uint) # [o] auxiliary information + ] + + +def from_bytes(bytes_in_array, byteorder="big", signed=False): + if byteorder == "little": + little_ordered = list(bytes_in_array) + elif byteorder == "big": + little_ordered = list(reversed(bytes_in_array)) + else: + raise ValueError("byteorder must be either 'little' or 'big'") + + n = sum(b << i*8 for i, b in enumerate(little_ordered)) + if signed and little_ordered and (little_ordered[-1] & 0x80): + n -= 1 << 8*len(little_ordered) + + return n + + +def disk_scsi_inquiry_command(dev, buf): + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = inquiry_cmd(opcode=0x12, + reserved=0, + pagecode=0, + alloc_len_3=(buf_len >> 8), + alloc_len_4=(buf_len & 0xff), + control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if io_hdr.status != 0 or io_hdr.host_status != 0 or io_hdr.driver_status != 0 or ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + return True + + +def disk_identify_command(dev, buf): + global MEET_NEWER_SAT + MEET_NEWER_SAT = 0 + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = ata_cmd_12(opcode=0xa1, protocol=(4 << 1), flags=0x2e, + features=0, sector_count=1, lba_low=0, lba_mid=0, lba_high=0, + device=0 & 0x4F, command=0xEC, reserved=0, control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + if sense[0] == b'\x72' and sense[8] == b'\x09' and sense[9] == b'\x0c': + return True + + if sense[0] == b'\x70' and sense[12] == b'\x00' and sense[13] == b'\x1d': + MEET_NEWER_SAT = 1 + return True + + return False + + +def disk_identify(dev): + identify = ctypes.c_buffer(512) + inquiry_buf = ctypes.c_buffer(36) + ret = disk_scsi_inquiry_command(dev=dev, buf=inquiry_buf) + if not ret: + return False + + peripheral_device_type = from_bytes( + bytearray(inquiry_buf[0]), byteorder="little") & 0x1f + if peripheral_device_type == 0x05: + return False + + if not (peripheral_device_type == 0x00 or peripheral_device_type == 0x14): + return False + + if not disk_identify_command(dev=dev, buf=identify): + return False + + global wwn + wwn = ctypes.c_uint64() + identify = bytearray(identify) + wwn = from_bytes( + [identify[108 * 2], identify[108 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[109 * 2], identify[109 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[110 * 2], identify[110 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[111 * 2], identify[111 * 2 + 1]], byteorder="little") + + return True + + +def check_ata_disk(): + ret = False + + for filename in os.listdir("/dev/"): + if not re.match("sd.*[^0-9]$|sr.*", filename): + continue + + if not disk_identify("/dev/"+filename): + continue + + global MEET_NEWER_SAT + if MEET_NEWER_SAT == 0: + continue + + for root, dirs, files in os.walk("/dev/disk/by-id/"): + global wwn + wwn_id = "wwn-0x%x" % wwn + if wwn_id not in files: + print("The wwn_id of device(%s) will change to 0x%x" % + ("/dev/"+filename, wwn)) + ret = True + + return ret + + +if __name__ == "__main__": + # exit with "1" if there is at least one disk's wwn_id will change from scsi_id to ata_id + if check_ata_disk(): + exit(1) + exit(0) diff --git a/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch b/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch new file mode 100644 index 0000000..7c7f99b --- /dev/null +++ b/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch @@ -0,0 +1,39 @@ +From 22f8c4c2a22d9766d86b23429bd404a0864b0a9e Mon Sep 17 00:00:00 2001 +From: linfeilong <linfeilong@huawei.com> +Date: Sat, 21 Oct 2017 14:48:18 +0800 +Subject: [PATCH] set forwardtowall no to avoid emerg log shown on shell + +--- + man/journald.conf.xml | 2 +- + src/journal/journald.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 44fd0d2..8d38fe3 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -292,7 +292,7 @@ + traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall + messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is + enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, +- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel ++ these four configs are all disabled. These settings may be overridden at boot time with the kernel + command line options <literal>systemd.journald.forward_to_syslog</literal>, + <literal>systemd.journald.forward_to_kmsg</literal>, + <literal>systemd.journald.forward_to_console</literal>, and +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 2f1c661..17dda27 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -32,7 +32,7 @@ + #ForwardToSyslog=no + #ForwardToKMsg=no + #ForwardToConsole=no +-#ForwardToWall=yes ++ForwardToWall=no + #TTYPath=/dev/console + #MaxLevelStore=debug + #MaxLevelSyslog=debug +-- +2.19.1 + diff --git a/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch b/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch new file mode 100644 index 0000000..da49b05 --- /dev/null +++ b/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch @@ -0,0 +1,46 @@ +From 14b69596b0bff64f7482d93ea3f043520a716921 Mon Sep 17 00:00:00 2001 +From: rpm-build <rpm-build> +Date: Thu, 8 Jun 2023 20:02:50 +0800 +Subject: [PATCH] set the cpuset.cpus/mems of machine.slice to all by default + This is necessary after merging core-cgroup-support-cpuset.patch. + +When creating a vm, libvirt will issue a dbus method_call to +systemd-machined. systemd-machined will start transient unit +usually named xxx.scope with Delegate=1 set after receiving +the method_call. If Delegate=1 is set, systemd will create +machine.slice in /sys/fs/cgroup for every cgroup subsystem, this +includes cpuset. cpuset is different, you can't migrate processes +to the created directory unless you have set proper cpuset.cpus +and cpuset.mems. + +Without this patch, libvirt sees machine.slice, it won't check +if cpuset.cpus or cpuset.mems is valid, and just migrate the vm +process to machine.slice. This action will fail because core-cgroup +-support-cpuset.patch only supports create the machine.slice +directory when Delegate=1 is set, but won't set cpuset.cpus +and cpuset.mems automatically. + +Now we have this patch, it will make systemd automatically set +cpuset.cpus and cpuset.mems according to /sys/fs/cgroup/cpuset/{ +cpuset.cpus, cpuset.mems}. Then libvirt can migrate vm processes +freely. +--- + units/machine.slice | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/units/machine.slice b/units/machine.slice +index 501d353..8d87851 100644 +--- a/units/machine.slice ++++ b/units/machine.slice +@@ -11,3 +11,8 @@ + Description=Virtual Machine and Container Slice + Documentation=man:systemd.special(7) + Before=slices.target ++ ++[Slice] ++CPUSetCpus=all ++CPUSetMems=all ++CPUSetCloneChildren=1 +-- +2.33.0 + diff --git a/shutdown-reboot-when-recieve-crash-signal.patch b/shutdown-reboot-when-recieve-crash-signal.patch new file mode 100644 index 0000000..1081e8c --- /dev/null +++ b/shutdown-reboot-when-recieve-crash-signal.patch @@ -0,0 +1,63 @@ +From 3ac4d1fc1a067afc0e0d4ca37a44ac252ee8b96b Mon Sep 17 00:00:00 2001 +From: xujing <xujing99@huawei.com> +Date: Tue, 8 Feb 2022 21:02:31 +0800 +Subject: [PATCH] shutdown: reboot when recieve crash signal + +--- + src/shutdown/shutdown.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index d6beb2d..ed1ce93 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -321,6 +321,26 @@ static void bump_sysctl_printk_log_level(int min_level) { + log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); + } + ++_noreturn_ static void crash(int sig) { ++ if (getpid_cached() != 1) ++ /* Pass this on immediately, if this is not PID 1 */ ++ (void) raise(sig); ++ else { ++ bool in_container = detect_container() > 0; ++ ++ log_info("Recieve signal %d.", sig); ++ ++ broadcast_signal(SIGTERM, true, true, arg_timeout); ++ broadcast_signal(SIGKILL, true, false, arg_timeout); ++ ++ if (!in_container) ++ sync_with_progress(); ++ ++ log_info("Rebooting now."); ++ (void) reboot(RB_AUTOBOOT); ++ } ++} ++ + static void init_watchdog(void) { + const char *s; + int r; +@@ -355,6 +375,19 @@ int main(int argc, char *argv[]) { + usec_t now_time, time_interval; + pid_t pid; + bool fork_failed = false; ++ static const struct sigaction sa = { ++ .sa_handler = crash, ++ .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ ++ }; ++ ++ (void) reset_all_signal_handlers(); ++ (void) ignore_signals(SIGNALS_IGNORE, -1); ++ ++ /* We ignore the return value here, since, we don't mind if we ++ * cannot set up a crash handler */ ++ r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); ++ if (r < 0) ++ log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m"); + + /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for + * example for logging. After all this tool's purpose is about detaching any pinned resources, and +-- +2.33.0 + @@ -0,0 +1 @@ +521cda27409a9edf0370c128fae3e690 systemd-255.tar.gz diff --git a/support-disable-cgroup-controllers-we-don-t-want.patch b/support-disable-cgroup-controllers-we-don-t-want.patch new file mode 100644 index 0000000..2211b5e --- /dev/null +++ b/support-disable-cgroup-controllers-we-don-t-want.patch @@ -0,0 +1,216 @@ +From ef31366523d784d92f25abd99b3782acda29a01c Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Fri, 8 Jul 2022 19:47:45 +0800 +Subject: [PATCH] support disable cgroup controllers we don't want + +--- + src/basic/cgroup-util.c | 14 +++++++++++ + src/basic/cgroup-util.h | 1 + + src/core/cgroup.c | 1 + + src/core/main.c | 7 ++++++ + src/core/manager.h | 2 ++ + src/core/system.conf.in | 1 + + src/shared/conf-parser.c | 54 ++++++++++++++++++++++++++++++++++++++++ + src/shared/conf-parser.h | 1 + + 8 files changed, 81 insertions(+) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 3e60488..a555437 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2115,6 +2115,20 @@ int cg_mask_supported(CGroupMask *ret) { + return cg_mask_supported_subtree(root, ret); + } + ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret) { ++ int r; ++ ++ r = cg_all_unified(); ++ if (r < 0) ++ return r; ++ ++ /* We only care CGROUP_V1 */ ++ if (r == 0) ++ *ret &= ~disabled; ++ ++ return 0; ++} ++ + int cg_kernel_controllers(Set **ret) { + _cleanup_set_free_ Set *controllers = NULL; + _cleanup_fclose_ FILE *f = NULL; +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index eb7ace5..3eb14b8 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -303,6 +303,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); + + int cg_mask_supported(CGroupMask *ret); + int cg_mask_supported_subtree(const char *root, CGroupMask *ret); ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret); + int cg_mask_from_string(const char *s, CGroupMask *ret); + int cg_mask_to_string(CGroupMask mask, char **ret); + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 775ece5..88c976a 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -3922,6 +3922,7 @@ int manager_setup_cgroup(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m"); + m->cgroup_supported |= mask; ++ m->system_cgroup_supported = m->cgroup_supported; + + /* 10. Log which controllers are supported */ + for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) +diff --git a/src/core/main.c b/src/core/main.c +index 964adb5..8f01780 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -143,6 +143,7 @@ static bool arg_no_new_privs; + static nsec_t arg_timer_slack_nsec; + static Set* arg_syscall_archs; + static FILE* arg_serialization; ++static CGroupMask arg_disable_cgroup_controllers; + static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static CPUSet arg_cpu_affinity; +@@ -675,6 +676,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_defaults.rlimit }, + { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_defaults.rlimit }, + { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_defaults.rlimit }, ++ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, + { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_defaults.cpu_accounting }, + { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_defaults.io_accounting }, + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting }, +@@ -743,6 +745,10 @@ static void set_manager_defaults(Manager *m) { + + assert(m); + ++ m->cgroup_disabled = arg_disable_cgroup_controllers; ++ m->cgroup_supported = m->system_cgroup_supported; ++ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported); ++ + /* Propagates the various default unit property settings into the manager object, i.e. properties + * that do not affect the manager itself, but are just what newly allocated units will have set if + * they haven't set anything else. (Also see set_manager_settings() for the settings that affect the +@@ -2518,6 +2524,7 @@ static void reset_arguments(void) { + + /* arg_runtime_scope — ignore */ + ++ arg_disable_cgroup_controllers = 0; + arg_dump_core = true; + arg_crash_chvt = -1; + arg_crash_shell = false; +diff --git a/src/core/manager.h b/src/core/manager.h +index 0c9a2ea..65cc0c9 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -354,6 +354,8 @@ struct Manager { + /* Data specific to the cgroup subsystem */ + Hashmap *cgroup_unit; + CGroupMask cgroup_supported; ++ CGroupMask system_cgroup_supported; ++ CGroupMask cgroup_disabled; + char *cgroup_root; + + /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */ +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index f48452d..8ffc48e 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -54,6 +54,7 @@ + #DefaultStartLimitIntervalSec=10s + #DefaultStartLimitBurst=5 + #DefaultEnvironment= ++#DisableCGroupControllers=no + #DefaultCPUAccounting=yes + #DefaultIOAccounting=no + #DefaultIPAccounting=no +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index 59a529d..8382271 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -10,6 +10,7 @@ + #include "alloc-util.h" + #include "conf-files.h" + #include "conf-parser.h" ++#include "cgroup-util.h" + #include "constants.h" + #include "dns-domain.h" + #include "escape.h" +@@ -1634,6 +1635,59 @@ int config_parse_rlimit( + return 0; + } + ++int config_parse_cgroup( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(data); ++ ++ CGroupMask *disabled_mask = data; ++ int r; ++ ++ for (;;) { ++ _cleanup_free_ char *word = NULL; ++ CGroupController cc; ++ int yes_or_no = 0; ++ ++ r = extract_first_word(&rvalue, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE); ++ if (r == 0) ++ break; ++ if (r == -ENOMEM) ++ return log_oom(); ++ if (r < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); ++ break; ++ } ++ ++ yes_or_no = parse_boolean(word); ++ if (yes_or_no == 0) { ++ *disabled_mask = 0; ++ break; ++ } else if (yes_or_no == 1) { ++ *disabled_mask = CGROUP_MASK_V1; ++ break; ++ } ++ ++ cc = cgroup_controller_from_string(word); ++ if (cc < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DisableCGroupControllers, ignoring: %s", word); ++ break; ++ } ++ *disabled_mask |= CGROUP_CONTROLLER_TO_MASK(cc); ++ } ++ return 0; ++} ++ + int config_parse_permille( + const char* unit, + const char *filename, +diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h +index a1768cd..8e7c987 100644 +--- a/src/shared/conf-parser.h ++++ b/src/shared/conf-parser.h +@@ -214,6 +214,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames); + CONFIG_PARSER_PROTOTYPE(config_parse_ip_port); + CONFIG_PARSER_PROTOTYPE(config_parse_mtu); + CONFIG_PARSER_PROTOTYPE(config_parse_rlimit); ++CONFIG_PARSER_PROTOTYPE(config_parse_cgroup); + CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addr); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addrs); +-- +2.33.0 + diff --git a/sysctl.conf.README b/sysctl.conf.README new file mode 100644 index 0000000..41c0c41 --- /dev/null +++ b/sysctl.conf.README @@ -0,0 +1,10 @@ +# sysctl settings are defined through files in +# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. +# +# Vendors settings live in /usr/lib/sysctl.d/. +# To override a whole file, create a new file with the same in +# /etc/sysctl.d/ and put new settings there. To override +# only specific settings, add a file with a lexically later +# name in /etc/sysctl.d/ and put new settings there. +# +# For more information, see sysctl.conf(5) and sysctl.d(5). diff --git a/systemd-change-time-log-level.patch b/systemd-change-time-log-level.patch new file mode 100644 index 0000000..0a482fa --- /dev/null +++ b/systemd-change-time-log-level.patch @@ -0,0 +1,35 @@ +From 7ca51ff9a4213025070f29c7814bba82984b90e7 Mon Sep 17 00:00:00 2001 +From: yefei25 <yefei25@huawei.com> +Date: Tue, 19 Nov 2019 21:49:52 +0800 +Subject: [PATCH] systemd: change time log level + + +Signed-off-by: yefei25 <yefei25@huawei.com> +--- + src/core/manager.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b39479..1619f8c 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -2937,11 +2937,11 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t + static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { + Manager *m = ASSERT_PTR(userdata); + Unit *u; +- +- log_struct(LOG_DEBUG, +- "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, +- LOG_MESSAGE("Time has been changed")); +- ++ if (getpid_cached() == 1) { ++ log_struct(LOG_INFO, ++ "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, ++ LOG_MESSAGE("Time has been changed")); ++ } + /* Restart the watch */ + (void) manager_setup_time_change(m); + +-- +2.33.0 + diff --git a/systemd-core-Add-new-rules-for-lower-priority-events.patch b/systemd-core-Add-new-rules-for-lower-priority-events.patch new file mode 100644 index 0000000..d541c5b --- /dev/null +++ b/systemd-core-Add-new-rules-for-lower-priority-events.patch @@ -0,0 +1,240 @@ +From 135dce487e4637e8afc4090334ccb2cb9feccdf1 Mon Sep 17 00:00:00 2001 +From: yangbin <robin.yb@huawei.com> +Date: Fri, 3 Apr 2020 11:56:41 +0800 +Subject: [PATCH] systemd-core: Add new rules for lower priority events to + preempt over higher priority events + +1. When a high priority event happenes very frequent, and this event takes long time for execution,systemd will get into busy for handling this event only, and lower priority events will have no any change to dispatch and run. + +2. One example is the event for /proc/self/mountinfo, which have a very high priority with -10. +When there are many mountpoints in mountinfo(for example, there may be many netns mountpoints),this event will take long time to finish. +Then if now there are mountpoints in repeating mounting and unmounting(for example, /run/user/uid mountpoint will be mounted then unmounted when for one su command), +this event will take all time of systemd, and lower priority lower events will not be dispatched anyway. +This will case a very severity problem that zombie process will not be reaped, for the evnet for reaping zombies has a lower priority of -6. + +3. This patch fix this problem by add the following rules to allow lower priority events to preempt over higher priority events. +a) If a higher priority event has already been execute for a certain count in consecutive, it can be preempted by lower priority events. The default value for this count is 10, and can be configured through 'sd_event_source_set_preempt_dispatch_count'. +b) If a lower priority gets into pending for 10 times in consecutive, it can preempt over higher priority events. +c) If a lower priority is in pending, and is not dispatched over 50 iteration, it can preempt over higher priority events. +d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues. +--- + src/core/mount.c | 4 ++ + src/libsystemd/libsystemd.sym | 1 + + src/libsystemd/sd-event/event-source.h | 5 ++ + src/libsystemd/sd-event/sd-event.c | 81 ++++++++++++++++++++++++++ + src/systemd/sd-event.h | 1 + + 5 files changed, 92 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index ded322d..52bd53e 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -2077,6 +2077,10 @@ static void mount_enumerate(Manager *m) { + goto fail; + } + ++ r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); ++ if (r < 0) ++ goto fail; ++ + (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); + } + +diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym +index 4113920..daeb3e8 100644 +--- a/src/libsystemd/libsystemd.sym ++++ b/src/libsystemd/libsystemd.sym +@@ -681,6 +681,7 @@ LIBSYSTEMD_243 { + global: + sd_bus_object_vtable_format; + sd_event_source_disable_unref; ++ sd_event_source_set_preempt_dispatch_count; + } LIBSYSTEMD_241; + + LIBSYSTEMD_245 { +diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h +index f4e38d7..279a15d 100644 +--- a/src/libsystemd/sd-event/event-source.h ++++ b/src/libsystemd/sd-event/event-source.h +@@ -71,6 +71,11 @@ struct sd_event_source { + uint64_t pending_iteration; + uint64_t prepare_iteration; + ++ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ ++ unsigned pending_count; /*times of pending not dispatched*/ ++ unsigned dispatched_count; /*consecutive dispatched count*/ ++ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ ++ + sd_event_destroy_t destroy_callback; + sd_event_handler_t ratelimit_expire_callback; + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 288798a..d53a7a1 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -39,6 +39,11 @@ + #include "strxcpyx.h" + #include "time-util.h" + ++#define DEFAULT_PREEMPTED_ITERATION_COUNT (3) ++#define DEFAULT_PREEMPT_DISPATCH_COUNT (10) ++#define DEFAULT_PREEMPT_PENDING_COUNT (10) ++#define DEFAULT_PREEMPT_ITERATION_COUNT (30) ++ + #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) + + static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) { +@@ -169,6 +174,11 @@ struct sd_event { + + LIST_HEAD(sd_event_source, sources); + ++ /*last dispatched source, its type is sd_event_source, ++ * here use void to avoid accessing its members, ++ * for it may have been freed already.*/ ++ void *last_source; ++ + sd_event_source *sigint_event_source, *sigterm_event_source; + + usec_t last_run_usec, last_log_usec; +@@ -186,6 +196,39 @@ static sd_event *event_resolve(sd_event *e) { + return e == SD_EVENT_DEFAULT ? default_event : e; + } + ++static int preempt_prioq_compare(const sd_event_source *x, const sd_event_source *y) { ++ if((x->priority > SD_EVENT_PRIORITY_NORMAL && x->type != SOURCE_DEFER) ++ || (y->priority > SD_EVENT_PRIORITY_NORMAL && y->type != SOURCE_DEFER)) { ++ return 0; /*only high priority evnets can preempt*/ ++ } ++ ++ if(x->priority <= y->priority) { ++ if(x->dispatched_count >= x->preempt_dispatch_count) ++ return 1; ++ if(y->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*y has lower priority, but its pending count is greater than x, so y wins*/ ++ if(y->pending_count >= (x->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return 1; ++ /*y has lower priority, but is in pending longer than x, so y wins*/ ++ if(x->pending_iteration >= (y->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return 1; ++ } ++ } else { ++ if(y->dispatched_count >= y->preempt_dispatch_count) ++ return -1; ++ if(x->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*x has lower priority, but its pending count is greater than y, so x wins*/ ++ if(x->pending_count >= (y->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return -1; ++ /*x has lower priority, but is in pending longer than y, so x wins*/ ++ if(y->pending_iteration >= (x->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ + static int pending_prioq_compare(const void *a, const void *b) { + const sd_event_source *x = a, *y = b; + int r; +@@ -203,6 +246,10 @@ static int pending_prioq_compare(const void *a, const void *b) { + if (r != 0) + return r; + ++ r = preempt_prioq_compare(a, b); ++ if(r != 0) ++ return r; ++ + /* Lower priority values first */ + r = CMP(x->priority, y->priority); + if (r != 0) +@@ -1132,6 +1179,17 @@ static int source_set_pending(sd_event_source *s, bool b) { + assert(s); + assert(s->type != SOURCE_EXIT); + ++ if (b && s->pending == b) ++ s->pending_count++; ++ else ++ s->pending_count = (b ? 1 : 0); ++ if (b && s->preempted_iteration && ++ (s->pending_count >= DEFAULT_PREEMPTED_ITERATION_COUNT || ++ s->event->iteration >= (s->preempted_iteration + DEFAULT_PREEMPTED_ITERATION_COUNT)) ) { ++ s->dispatched_count = 0; ++ s->preempted_iteration = 0; ++ } ++ + if (s->pending == b) + return 0; + +@@ -1218,6 +1276,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t + s->type = type; + s->pending_index = PRIOQ_IDX_NULL; + s->prepare_index = PRIOQ_IDX_NULL; ++ s->preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT; + + if (!floating) + sd_event_ref(e); +@@ -2894,6 +2953,7 @@ static int event_source_offline( + s->enabled = enabled; + s->ratelimited = ratelimited; + ++ s->pending_count = 0; + switch (s->type) { + + case SOURCE_IO: +@@ -4006,6 +4066,19 @@ static int process_inotify(sd_event *e) { + return done; + } + ++static void source_dispatch_pre(sd_event_source *s) { ++ if(s->event->last_source == s) { ++ s->dispatched_count++; ++ if(s->dispatched_count >= s->preempt_dispatch_count) ++ s->preempted_iteration = s->event->iteration; ++ } else { ++ s->preempted_iteration = 0; ++ s->dispatched_count = 0; ++ } ++ s->event->last_source = s; ++ s->pending_count = 0; ++} ++ + static int process_memory_pressure(sd_event_source *s, uint32_t revents) { + assert(s); + assert(s->type == SOURCE_MEMORY_PRESSURE); +@@ -4179,6 +4252,7 @@ static int source_dispatch(sd_event_source *s) { + return r; + } + ++ source_dispatch_pre(s); + s->dispatching = true; + + switch (s->type) { +@@ -5193,6 +5267,13 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) { + return s->ratelimited; + } + ++_public_ int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count) { ++ assert_return(s, -EINVAL); ++ ++ s->preempt_dispatch_count = count; ++ return 0; ++} ++ + _public_ int sd_event_source_leave_ratelimit(sd_event_source *s) { + int r; + +diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h +index 49d6975..dd2c147 100644 +--- a/src/systemd/sd-event.h ++++ b/src/systemd/sd-event.h +@@ -172,6 +172,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b); + int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst); + int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst); + int sd_event_source_is_ratelimited(sd_event_source *s); ++int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count); + int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback); + int sd_event_source_leave_ratelimit(sd_event_source *s); + +-- +2.33.0 + diff --git a/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch b/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch new file mode 100644 index 0000000..5075453 --- /dev/null +++ b/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch @@ -0,0 +1,40 @@ +From bf589755bd5b084f1b5dd099ea3e4917ac9911fd Mon Sep 17 00:00:00 2001 +From: huangkaibin <huangkaibin@huawei.com> +Date: Thu, 14 Sep 2017 12:54:01 +0800 +Subject: [PATCH] systemd-core: fix problem of dbus service can not be started + when dbus is dead and state of system dbus of systemd stay in + BUS_AUTHENTICATING. + +When systemd starts a dbus communication, it will first authenticate the bus by communicating with polkitd service, and then enter running state. +But if authenticating can not be establised within 25s(default timeout seconds) since authenticating starts +(maybe caused by polkitd service or dbus service can not be activated in time), the dbus state in systemd side will stays in BUS_AUTHENTICATING state, +and systemd will enter a mad state that it will handle authenticating(in bus_process_internal function) very frequently and will have no any change to +service for events of restarting services(by systemctl restart dbus.service --no-ask-password --no-block). So that the dbus service will never be restarted successfully. +systemd will enter such a state is caused by the timeout setting in sd_bus_get_timeout function. When in BUS_AUTHENTICATING state, the timeout is set +to a fix value of bus->auth_timeout(authenticating start time + 25s), if auth_timeout is an expired time, but not a furture time, systemd will always service +for the callback of function of dbus(time_callback) with no any delay when it got its chance, and leave no chance for events of restarting services. +This patch fix this problem by fixing the timeout to a furture time when bus->auth_timeout is expired. +--- + src/libsystemd/sd-bus/sd-bus.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index b0a3237..ca626d3 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -2267,7 +2267,11 @@ _public_ int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec) { + switch (bus->state) { + + case BUS_AUTHENTICATING: +- *timeout_usec = bus->auth_timeout; ++ //delay 1 second to ensure it is a furture time but not an expired time ++ if(bus->auth_timeout <= now(CLOCK_MONOTONIC)) ++ *timeout_usec = now(CLOCK_MONOTONIC) + USEC_PER_SEC; ++ else ++ *timeout_usec = bus->auth_timeout; + return 1; + + case BUS_RUNNING: +-- +1.8.3.1 + diff --git a/systemd-journal-gatewayd.xml b/systemd-journal-gatewayd.xml new file mode 100644 index 0000000..a1b400c --- /dev/null +++ b/systemd-journal-gatewayd.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>systemd-journal-gatewayd</short> + <description>Journal Gateway Service</description> + <port protocol="tcp" port="19531"/> +</service> diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>systemd-journal-remote</short> + <description>Journal Remote Sink</description> + <port protocol="tcp" port="19532"/> +</service> diff --git a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch new file mode 100644 index 0000000..2ff7fe3 --- /dev/null +++ b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch @@ -0,0 +1,66 @@ +From 6aa35d7d911b6895043f222293703ef7cf60aca1 Mon Sep 17 00:00:00 2001 +From: yefei25 <yefei25@huawei.com> +Date: Thu, 5 Mar 2020 21:45:36 +0800 +Subject: [PATCH] systemd: solve that rsyslog reads journal's object of +size 0 + + +Signed-off-by: yefei25 <yefei25@huawei.com> + +--- + src/libsystemd/sd-journal/journal-file.c | 5 +++-- + src/libsystemd/sd-journal/sd-journal.c | 7 ++++++- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 2ead295..9962d3b 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -898,8 +898,9 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) { + le64toh(o->tag.epoch), offset); + + break; ++ default: ++ return -EBADMSG; + } +- + return 0; + } + +@@ -1804,7 +1805,7 @@ int journal_file_data_payload( + } + + size = le64toh(READ_NOW(o->object.size)); +- if (size < journal_file_data_payload_offset(f)) ++ if (size == 0 || o->object.type == 0 || size < journal_file_data_payload_offset(f)) + return -EBADMSG; + + size -= journal_file_data_payload_offset(f); +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 898218e..f6090dd 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -114,6 +114,10 @@ static void init_location(Location *l, LocationType type, JournalFile *f, Object + assert(IN_SET(type, LOCATION_DISCRETE, LOCATION_SEEK)); + assert(f); + ++ if(o->object.type != OBJECT_ENTRY || o->object.size == 0){ ++ return; ++ } ++ + *l = (Location) { + .type = type, + .seqnum = le64toh(o->entry.seqnum), +@@ -851,7 +855,8 @@ static int real_journal_next(sd_journal *j, direction_t direction) { + return r; + + set_location(j, new_file, o); +- ++ if(o->object.size == 0) ++ return -EBADMSG; + return 1; + } + +-- +2.33.0 + diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000..cc287df --- /dev/null +++ b/systemd.spec @@ -0,0 +1,2588 @@ +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} +%global __requires_exclude pkg-config +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user +%global _docdir_fmt %{name} +%global _systemddir /usr/lib/systemd + +%ifarch aarch64 +%global efi_arch aa64 +%endif + +%ifarch x86_64 +%global efi_arch x64 +%endif + +%ifarch ppc64le +%global efi_arch ppc64 +%endif + +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + +Name: systemd +Url: https://systemd.io/ +Version: 255 +Release: 32 +License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later +Summary: System and Service Manager + + +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source3: purge-nobody-user +Source4: yum-protect-systemd.conf +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: rc.local +Source14: macros.sysusers +Source15: sysusers.generate-pre.sh + +Source100: udev-40-generic.rules +Source101: udev-55-persistent-net-generator.rules +Source102: udev-56-net-sriov-names.rules +Source104: net-set-sriov-names +Source105: rule_generator.functions +Source106: write_net_rules +Source107: detect_virt +Source108: sense_data.py + +Patch6001: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +Patch6002: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch6003: backport-temporarily-disable-test-seccomp.patch +Patch6004: backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch +Patch6005: backport-CVE-2023-50387.patch +Patch6006: backport-CVE-2023-50868.patch +Patch6007: backport-fix-analyze-q-option-invalid-issue.patch +Patch6008: backport-allow-override-default-log-level-by-environment-variable.patch +Patch6009: backport-login-user-runtime-dir-properly-check-for-mount-poin.patch +Patch6010: backport-user-util-validate-the-right-field.patch +Patch6011: backport-fix-conf-parser-oom-check-issue.patch +Patch6012: backport-unit-check-for-correct-function-in-vtable.patch +Patch6013: backport-fix-homed-log-message-typo-error.patch +Patch6014: backport-bash-completion-add-systemctl-service-log-level-target.patch +Patch6015: backport-fix-log-message-not-match-glob-patterns-passed-to-disable-command.patch +Patch6016: backport-main-pass-the-right-error-variable.patch +Patch6017: backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-source.patch +Patch6018: backport-fix-cgtop-sscanf-return-code-checks.patch +Patch6019: backport-core-escape-spaces-in-paths-during-serialization.patch +Patch6020: backport-core-escape-spaces-when-serializing-as-well.patch +Patch6021: backport-network-networkd-address-don-t-set-up-firewall-rules.patch +Patch6022: backport-mount-optimize-mountinfo-traversal-by-decoupling-dev.patch +Patch6023: backport-systemctl-fix-printing-of-RootImageOptions.patch +Patch6024: backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch +Patch6025: backport-install-allow-removing-symlinks-even-for-units-that-.patch + +Patch9008: update-rtc-with-system-clock-when-shutdown.patch +Patch9009: udev-add-actions-while-rename-netif-failed.patch +Patch9010: fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch9011: logind-set-RemoveIPC-to-false-by-default.patch +Patch9012: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch9013: unit-don-t-add-Requires-for-tmp.mount.patch +Patch9014: rules-add-elevator-kernel-command-line-parameter.patch +Patch9015: rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch9016: units-add-Install-section-to-tmp.mount.patch +Patch9017: Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch9018: udev-virsh-shutdown-vm.patch +Patch9019: sd-bus-properly-initialize-containers.patch +Patch9020: Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch9021: systemd-change-time-log-level.patch +Patch9022: fix-capsh-drop-but-ping-success.patch +Patch9023: resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch9024: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch9025: fix-journal-file-descriptors-leak-problems.patch +Patch9026: activation-service-must-be-restarted-when-reactivated.patch +Patch9027: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +Patch9028: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9029: disable-initialize_clock.patch +Patch9030: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +Patch9031: check-whether-command_prev-is-null-before-assigning-.patch +Patch9032: revert-rpm-restart-services-in-posttrans.patch +Patch9033: Don-t-set-AlternativeNamesPolicy-by-default.patch +Patch9034: change-NTP-server-to-x.pool.ntp.org.patch +Patch9035: keep-weight-consistent-with-the-set-value.patch +Patch9036: core-update-arg_default_rlimit-in-bump_rlimit.patch +Patch9037: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch +Patch9038: core-cgroup-support-cpuset.patch +Patch9039: core-cgroup-support-freezer.patch +Patch9040: core-cgroup-support-memorysw.patch +Patch9041: systemd-core-Add-new-rules-for-lower-priority-events.patch +Patch9042: bugfix-also-stop-machine-when-a-machine-un.patch +Patch9043: print-the-process-status-to-console-when-shutdown.patch +Patch9044: Retry-to-handle-the-uevent-when-worker-is-terminated.patch +Patch9045: treat-underscore-as-valid-hostname-char.patch +Patch9046: process-util-log-more-information-when-runnin.patch +Patch9047: fuser-print-umount-message-to-reboot-umount-msg.patch +Patch9048: shutdown-reboot-when-recieve-crash-signal.patch +Patch9049: core-add-OptionalLog-to-allow-users-change-log-level.patch +Patch9050: core-cgroup-support-default-slice-for-all-uni.patch +Patch9051: core-add-invalidate-cgroup-config.patch +Patch9052: let-the-child-of-one-unit-don-t-affect-each-other.patch +Patch9053: support-disable-cgroup-controllers-we-don-t-want.patch +Patch9054: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch +Patch9055: delete-journal-files-except-system.journal-when-jour.patch +Patch9056: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch +Patch9057: add-a-new-switch-to-control-whether-udev-complies-wi.patch +Patch9058: journal-don-t-enable-systemd-journald-audit.socket.patch + +Patch9801: Systemd-Add-sw64-architecture.patch +Patch9802: backport-repart-fix-memory-leak.patch +Patch9803: backport-fix-memory-leak-in-cryptsetup-generator.patch + +BuildRequires: gcc, gcc-c++ +BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel +BuildRequires: audit-libs-devel, dbus-devel, libacl-devel +BuildRequires: gobject-introspection-devel, libblkid-devel, xz-devel, xz +BuildRequires: lz4-devel, lz4, bzip2-devel, libidn2-devel +BuildRequires: kmod-devel, libgcrypt-devel, libgpg-error-devel +BuildRequires: gnutls-devel, libxkbcommon-devel +BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf +BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 +BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel +BuildRequires: python3-jinja2 +BuildRequires: libpwquality-devel +BuildRequires: cryptsetup-devel + +%ifarch %{valgrind_arches} +%ifnarch loongarch64 +BuildRequires: valgrind-devel +%endif +%endif +BuildRequires: util-linux +BuildRequires: chrpath + +Requires: %{name}-libs = %{version}-%{release} +Requires: dbus >= 1.9.18 +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +Requires(post): openssl-libs +Requires(pre): coreutils +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Recommends: diffutils +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +Obsoletes: systemd-sysv < 206 +Obsoletes: %{name} < 229-5 +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 + +Provides: %{name}-rpm-config +Obsoletes: %{name}-rpm-config < 243 + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch +Conflicts: systemd < 255-28 + +%description rpm-macros +Just the definitions of rpm macros. + +%package devel +Summary: Development headers for systemd +License: LGPL-2.1-or-later AND MIT +Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-pam = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package libs +Summary: systemd libraries +License: LGPL-2.1-or-later AND MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +%description libs +Libraries for systemd and udev. + +%package udev +Summary: Rule-based device node and kernel event manager +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Recommends: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Recommends: kbd +License: LGPL-2.1-or-later + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name} < 229-5 +License: LGPL-2.1-or-later + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains machinectl, systemd-machined. + +%package resolved +Summary: Network Name Resolution manager +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description resolved +systemd-resolve is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package nspawn +Summary: Spawn a command or OS in a light-weight container +License: LGPL-2.1-or-later +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description nspawn +systemd-nspawn may be used to run a command or OS in a light-weight namespace +container. In many ways it is similar to chroot, but more powerful since it +fully virtualizes the file system hierarchy, as well as the process tree, the +various IPC subsystems and the host and domain name. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPL-2.1-or-later +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package timesyncd +Summary: Network Time Synchronization +License: LGPL-2.1-or-later +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description timesyncd +systemd-timesyncd is a system service that may be used to synchronize +the local system clock with a remote Network Time Protocol (NTP) server. +It also saves the local time to disk every time the clock has been +synchronized and uses this to possibly advance the system realtime clock +on subsequent reboots to ensure it (roughly) monotonically advances even +if the system lacks a battery-buffered RTC chip. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package cryptsetup +Summary: systemd cryptsetup module +Requires: %{name} = %{version}-%{release} +License: LGPL-2.1-or-later + +%description cryptsetup +systemd-cryptsetup is used to set up (with attach) and tear down (with detach) access to an encrypted block device. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 -Sgit -N +# DO NOT USE "%patch -R" TO REVERT A PATCH. If your patch is only used in +# specific scenarios or architectures, please put it after Patch9800 and +# use "%ifarch" to patch it after applying all other patches. +%autopatch -M 9800 +%ifarch sw_64 +%autopatch 9801 +%endif + +%build + +CONFIGURE_OPTS=( + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Ddev-kvm-mode=0666 + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dseccomp=enabled + -Dima=true + -Dselinux=enabled + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=enabled + -Dzlib=enabled + -Dbzip2=enabled + -Dlz4=enabled + -Dpam=enabled + -Dacl=enabled + -Dsmack=false + -Dgcrypt=enabled + -Daudit=enabled + -Delfutils=disabled + -Dlibcryptsetup=enabled + -Dlibcryptsetup-plugins=disabled + -Dqrencode=disabled + -Dgnutls=enabled + -Dmicrohttpd=disabled + -Dlibidn2=enabled + -Dlibidn=disabled + -Dlibiptc=disabled + -Dlibcurl=disabled + -Defi=true + -Dtpm=false + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dtests=true + -Dinstall-tests=false + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dsplit-bin=true + -Db_lto=true + -Db_ndebug=false + -Dman=enabled + -Dversion-tag=v%{version}-%{release} + -Ddefault-hierarchy=legacy + -Ddefault-dnssec=allow-downgrade + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=yes + -Ddefault-llmnr=yes + -Dhtml=disabled + -Dlibfido2=disabled + -Dopenssl=disabled + -Dtpm2=disabled + -Dzstd=disabled + -Dbpf-framework=disabled + -Drepart=disabled + -Dcompat-mutable-uid-boundaries=false + -Dfexecve=false + -Dstandalone-binaries=false + -Dstatic-libsystemd=false + -Dstatic-libudev=false + -Dfirstboot=false + -Dsysext=false + -Dhomed=disabled + -Dquotacheck=false + -Dxdg-autostart=false + -Dimportd=disabled + -Dbacklight=false + -Drfkill=false + -Dpstore=false + -Dportabled=false + -Doomd=false + -Duserdb=false + -Dtime-epoch=0 + -Dmode=release + -Durlify=false + -Dlink-journalctl-shared=false + -Dlink-boot-shared=false + -Dpwquality=disabled + -Dpasswdqc=disabled + -Dxenctrl=disabled + -Dbootloader=disabled + -Dukify=disabled + -Dsysupdate=disabled + -Dremote=disabled + -Dstoragetm=false + -Dvmspawn=disabled + -Dlink-portabled-shared=false +) + +%meson "${CONFIGURE_OPTS[@]}" +%meson_build + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}%{_localstatedir}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf <<EOF +[Service] +PrivateDevices=no +EOF + +install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11} + +install -D -t %{buildroot}%{_systemddir}/ %{SOURCE3} + +#sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}%{_systemddir}/tests/run-unit-tests.py + +%find_lang %{name} + +# Install rc.local +mkdir -p %{buildroot}%{_sysconfdir}/rc.d/ +install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/rc.d/rc.local +ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local + +install -m 0644 %{SOURCE100} %{buildroot}/%{_udevrulesdir}/40-%{vendor}.rules +install -m 0500 %{SOURCE108} %{buildroot}/usr/lib/udev + +install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE14} +install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE15} + +# remove rpath info +for file in $(find %{buildroot}/ -executable -type f -exec file {} ';' | grep "\<ELF\>" | awk -F ':' '{print $1}') +do + if [ ! -u "$file" ]; then + if [ -w "$file" ]; then + chrpath -d $file + fi + fi +done +# add rpath path _libdir/systemd in ld.so.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d +echo "%{_libdir}/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf + +%check +%ifnarch loongarch64 +%ninja_test -C %{_vpath_builddir} +%endif + +############################################################################################# +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# Copyright 2015 Zbigniew Jędrzejewski-Szmek +# Copyright 2018 Neal Gompa +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see <http://www.gnu.org/licenses/>. + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.13.0 + +%transfiletriggerin -P 900900 -- %{_systemddir}/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d /run/systemd/system; then + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerun -- %{_systemddir}/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. %transfiletriggerpostun would be ideal, but it does not get +# executed for some reason. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. %transfiletriggerun gets the right list of files +# but it is invoked too early (before changes happen). +# %filetriggerpostun happens at the right time, but it fires for +# every package. +# To execute the reload at the right time, we create a state +# file in %transfiletriggerun and execute the daemon-reload in +# the first %filetriggerpostun. + +if test -d "/run/systemd/system"; then + mkdir -p "%{_localstatedir}/lib/rpm-state/systemd" + touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload" +fi + +%filetriggerpostun -P 1000100 -- %{_systemddir}/system /etc/systemd/system +if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then + rm -rf "%{_localstatedir}/lib/rpm-state/systemd" + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d /run/systemd/system; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d /run/systemd/system; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d /run/systemd/system; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -- %{_systemddir}/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in %{_systemddir}/catalog. +if test -d /run/systemd/system; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d /run/systemd/system; then + %{_systemddir}/systemd-sysctl || : +fi + +%transfiletriggerin -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d /run/systemd/system; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + %{_systemddir}/systemd-binfmt || : +fi + +%pre +getent group cdrom &>/dev/null || groupadd -r -g 11 cdrom &>/dev/null || : +getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || : +getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || : +getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || : +getent group input &>/dev/null || groupadd -r input &>/dev/null || : +getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || : +getent group render &>/dev/null || groupadd -r render &>/dev/null || : +getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || : + +getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : +getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : + +%pre networkd +getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || : +getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || : + +%pre resolved +getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : +getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : + +%post +/sbin/ldconfig +systemd-machine-id-setup &>/dev/null || : +systemctl daemon-reexec &>/dev/null || : +journalctl --update-catalog &>/dev/null || : +systemd-tmpfiles --create &>/dev/null || : + + +# Make sure new journal files will be owned by the "systemd-journal" group +machine_id=$(cat /etc/machine-id 2>/dev/null) +chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : +chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : + +# Apply ACL to the journal directory +setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172 +if [ $1 -eq 1 ] ; then + systemctl preset-all &>/dev/null || : +fi + +%postun +/sbin/ldconfig + +%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # sed-fu to add myhostname to hosts line + grep -E -q '^hosts:.* myhostname' "$1" || + sed -i.bak -e ' + /^hosts:/ !b + /\<myhostname\>/ b + s/[[:blank:]]*$/ myhostname/ + ' "$1" &>/dev/null || : + + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1: \2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' | grep -v 'nobody:[x*]:65534:65534:.*:/:/usr/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket + +%preun +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + remote-fs.target \ + getty@.service \ + serial-getty@.service \ + console-getty.service \ + debug-shell.service \ + >/dev/null || : +fi + + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%preun networkd +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-networkd.service \ + systemd-networkd-wait-online.service \ + >/dev/null || : +fi + +%pre timesyncd +getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || : +getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || : + +%post timesyncd +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi +# devided from post and preun stage of udev that included in macro udev_services +%systemd_post systemd-timesyncd.service + +%post udev +udevadm hwdb --update &>/dev/null +%systemd_post %udev_services +%{_systemddir}/systemd-random-seed save 2>&1 + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +if [ -f "/usr/lib/udev/rules.d/50-udev-default.rules" ]; then + sed -i 's/KERNEL=="kvm", GROUP="kvm", MODE="0666"/KERNEL=="kvm", GROUP="kvm", MODE="0660"/g' /usr/lib/udev/rules.d/50-udev-default.rules +fi +%{_bindir}/systemctl daemon-reload &>/dev/null || : + +%preun timesyncd +%systemd_preun systemd-timesyncd.service + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Only restart systemd-udev, to run the upgraded dameon. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service + +%files -f %{name}.lang +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%ghost %dir /var/log/journal +%ghost %attr(0664,root,utmp) /var/log/wtmp +%ghost %attr(0600,root,utmp) /var/log/btmp +%ghost %attr(0700,root,root) %dir /var/log/private +%ghost %attr(0664,root,utmp) /var/run/utmp +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%dir /var/lib/systemd +%dir /var/lib/systemd/catalog +%ghost %dir /var/lib/systemd/coredump +%ghost %dir /var/lib/systemd/linger +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/private/systemd +/usr/sbin/reboot +/usr/sbin/halt +/usr/sbin/telinit +/usr/sbin/init +/usr/sbin/runlevel +/usr/sbin/poweroff +/usr/sbin/shutdown +/usr/sbin/mount.ddi +%dir /usr/share/systemd +%dir /usr/share/factory +%dir /usr/share/factory/etc +/usr/share/factory/etc/issue +/usr/share/factory/etc/locale.conf +/usr/share/factory/etc/nsswitch.conf +%dir /usr/share/factory/etc/pam.d +/usr/share/factory/etc/pam.d/other +/usr/share/factory/etc/pam.d/system-auth +/usr/share/systemd/language-fallback-map +/usr/share/systemd/kbd-model-map +/usr/share/bash-completion/completions/localectl +/usr/share/bash-completion/completions/systemd-path +/usr/share/bash-completion/completions/systemd-run +/usr/share/bash-completion/completions/systemd-cat +/usr/share/bash-completion/completions/coredumpctl +/usr/share/bash-completion/completions/systemd-delta +/usr/share/bash-completion/completions/systemd-cgls +/usr/share/bash-completion/completions/systemd-detect-virt +/usr/share/bash-completion/completions/hostnamectl +/usr/share/bash-completion/completions/systemd-cgtop +/usr/share/bash-completion/completions/systemctl +/usr/share/bash-completion/completions/journalctl +/usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/systemd-dissect +/usr/share/bash-completion/completions/loginctl +/usr/share/bash-completion/completions/timedatectl +/usr/share/bash-completion/completions/busctl +/usr/share/zsh/site-functions/_loginctl +/usr/share/zsh/site-functions/_systemd-inhibit +/usr/share/zsh/site-functions/_journalctl +/usr/share/zsh/site-functions/_systemd-delta +/usr/share/zsh/site-functions/_systemd-tmpfiles +/usr/share/zsh/site-functions/_systemctl +/usr/share/zsh/site-functions/_systemd-run +/usr/share/zsh/site-functions/_sd_outputmodes +/usr/share/zsh/site-functions/_sd_unit_files +/usr/share/zsh/site-functions/_sd_machines +/usr/share/zsh/site-functions/_coredumpctl +/usr/share/zsh/site-functions/_timedatectl +/usr/share/zsh/site-functions/_busctl +/usr/share/zsh/site-functions/_systemd +/usr/share/zsh/site-functions/_systemd-analyze +/usr/share/zsh/site-functions/_hostnamectl +/usr/share/zsh/site-functions/_sd_hosts_or_user_at_host +/usr/share/zsh/site-functions/_localectl +/usr/share/dbus-1/system-services/org.freedesktop.login1.service +/usr/share/dbus-1/system-services/org.freedesktop.locale1.service +/usr/share/dbus-1/system-services/org.freedesktop.hostname1.service +/usr/share/dbus-1/system-services/org.freedesktop.timedate1.service +/usr/share/dbus-1/system.d/org.freedesktop.timedate1.conf +/usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf +/usr/share/dbus-1/system.d/org.freedesktop.login1.conf +/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf +/usr/share/dbus-1/system.d/org.freedesktop.locale1.conf +/usr/share/pkgconfig/systemd.pc +/usr/share/pkgconfig/udev.pc +/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy +/usr/share/polkit-1/actions/org.freedesktop.timedate1.policy +/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy +/usr/share/polkit-1/actions/org.freedesktop.login1.policy +/usr/share/polkit-1/actions/org.freedesktop.locale1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.LogControl1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Seat.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Session.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.User.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Automount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Device.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Job.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Mount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Path.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Scope.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Service.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Slice.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Socket.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Swap.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Target.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Timer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Unit.xml +/usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml +/usr/bin/systemd-machine-id-setup +/usr/bin/localectl +/usr/bin/systemd-path +/usr/bin/systemd-run +/usr/bin/systemd-escape +/usr/bin/systemd-tmpfiles +/usr/bin/systemd-cat +/usr/bin/systemd-inhibit +/usr/bin/systemd-ask-password +/usr/bin/systemd-notify +/usr/bin/systemd-delta +/usr/bin/systemd-cgls +/usr/bin/systemd-stdio-bridge +/usr/bin/systemd-detect-virt +/usr/bin/systemd-socket-activate +/usr/bin/hostnamectl +/usr/bin/systemd-mount +/usr/bin/systemd-umount +/usr/bin/systemd-cgtop +/usr/bin/systemd-id128 +/usr/bin/systemctl +/usr/bin/journalctl +/usr/bin/systemd-analyze +/usr/bin/systemd-dissect +/usr/bin/loginctl +/usr/bin/timedatectl +/usr/bin/systemd-sysusers +/usr/bin/systemd-tty-ask-password-agent +/usr/bin/busctl +/usr/bin/coredumpctl +/usr/bin/systemd-ac-power +/usr/bin/systemd-creds +/usr/bin/varlinkctl +%dir /usr/lib/environment.d +%dir /usr/lib/binfmt.d +%dir /usr/lib/tmpfiles.d +%dir /usr/lib/sysctl.d +%dir /usr/lib/systemd +%dir /usr/lib/sysusers.d +/usr/lib/sysusers.d/basic.conf +/usr/lib/sysusers.d/systemd-coredump.conf +/usr/lib/sysusers.d/systemd-journal.conf +/usr/lib/systemd/system/hwclock-save.service +/usr/lib/systemd/system/sysinit.target.wants/hwclock-save.service +%{_systemddir}/systemd-update-done +%{_systemddir}/systemd-update-utmp +%{_systemddir}/systemd-initctl +%{_systemddir}/purge-nobody-user +%dir %{_systemddir}/system-shutdown +%dir %{_systemddir}/catalog +%dir %{_systemddir}/network +%{_systemddir}/systemd-cgroups-agent +%{_systemddir}/systemd-sulogin-shell +%{_systemddir}/systemd-boot-check-no-failures +%{_systemddir}/systemd-user-sessions +%{_systemddir}/systemd-sysctl +%{_systemddir}/systemd-socket-proxyd +%{_systemddir}/systemd-hostnamed +%{_systemddir}/systemd-localed +%{_systemddir}/systemd-sysroot-fstab-check +%{_systemddir}/systemd-update-helper +%dir %{_systemddir}/user +%{_systemddir}/systemd-volatile-root +%{_systemddir}/systemd-journald +%{_systemddir}/systemd-user-runtime-dir +%{_systemddir}/systemd-logind +%dir %{_systemddir}/system-preset +%dir %{_systemddir}/user-environment-generators +%{_systemddir}/systemd-shutdown +%{_libdir}/systemd/libsystemd-core-*.so +%{_libdir}/systemd/libsystemd-shared*.so +%{_systemddir}/systemd-reply-password +%dir %{_systemddir}/system-generators +%dir %{_systemddir}/system +%{_systemddir}/systemd-fsck +%{_systemddir}/systemd-timedated +%dir %{_systemddir}/user-generators +%{_systemddir}/systemd +%dir %{_systemddir}/user-preset +%{_systemddir}/systemd-coredump +%{_systemddir}/systemd-network-generator +%{_systemddir}/systemd-binfmt +%{_systemddir}/user-preset/90-systemd.preset +%{_unitdir}/systemd-binfmt.service +%{_unitdir}/systemd-machine-id-commit.service +%dir %{_unitdir}/basic.target.wants +%{_unitdir}/systemd-coredump.socket +%{_unitdir}/systemd-coredump@.service +%{_unitdir}/ctrl-alt-del.target +%{_unitdir}/systemd-tmpfiles-setup.service +%{_unitdir}/rpcbind.target +%{_unitdir}/systemd-update-done.service +%{_unitdir}/dev-hugepages.mount +%dir %{_unitdir}/sockets.target.wants +%dir %{_unitdir}/dbus.target.wants +%{_unitdir}/network.target +%{_unitdir}/system-update-pre.target +%{_unitdir}/shutdown.target +%{_unitdir}/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/syslog.socket +%{_unitdir}/systemd-localed.service +%{_unitdir}/systemd-ask-password-console.service +%{_unitdir}/exit.target +%{_unitdir}/systemd-ask-password-console.path +%{_unitdir}/systemd-logind.service +%{_unitdir}/graphical.target +%{_unitdir}/systemd-initctl.service +%{_unitdir}/multi-user.target +%{_unitdir}/swap.target +%{_unitdir}/sys-kernel-debug.mount +%{_unitdir}/systemd-tmpfiles-clean.service +%{_unitdir}/basic.target +%{_unitdir}/remote-fs-pre.target +%{_unitdir}/systemd-journald-audit.socket +%{_unitdir}/getty@.service +%{_unitdir}/sigpwr.target +%dir %{_unitdir}/runlevel3.target.wants +%{_unitdir}/reboot.target +%{_unitdir}/systemd-user-sessions.service +%{_unitdir}/systemd-journald-dev-log.socket +%{_unitdir}/systemd-journald.socket +%{_unitdir}/time-set.target +%{_unitdir}/getty.target +%{_unitdir}/systemd-kexec.service +%{_unitdir}/remote-fs.target +%{_unitdir}/systemd-ask-password-wall.service +%{_unitdir}/poweroff.target +%{_unitdir}/runlevel2.target +%dir %{_unitdir}/runlevel5.target.wants +%{_unitdir}/initrd-fs.target +%{_unitdir}/runlevel6.target +%{_unitdir}/systemd-journal-flush.service +%{_unitdir}/initrd-cleanup.service +%{_unitdir}/systemd-timedated.service +%{_unitdir}/user-runtime-dir@.service +%{_unitdir}/nss-lookup.target +%{_unitdir}/tmp.mount +%dir %{_unitdir}/systemd-hostnamed.service.d +%{_unitdir}/timers.target +%{_unitdir}/systemd-fsck@.service +%{_unitdir}/printer.target +%{_unitdir}/systemd-reboot.service +%{_unitdir}/systemd-volatile-root.service +%dir %{_unitdir}/multi-user.target.wants +%{_unitdir}/sound.target +%{_unitdir}/kexec.target +%{_unitdir}/initrd-root-fs.target +%{_unitdir}/systemd-update-utmp.service +%dir %{_unitdir}/rescue.target.wants +%{_unitdir}/bluetooth.target +%{_unitdir}/systemd-ask-password-wall.path +%{_unitdir}/emergency.service +%{_unitdir}/network-pre.target +%{_unitdir}/rescue.service +%{_unitdir}/sys-kernel-config.mount +%{_unitdir}/systemd-journald.service +%dir %{_unitdir}/runlevel2.target.wants +%dir %{_unitdir}/syslog.target.wants +%{_unitdir}/console-getty.service +%dir %{_unitdir}/timers.target.wants +%{_unitdir}/systemd-sysusers.service +%dir %{_unitdir}/runlevel4.target.wants +%dir %{_unitdir}/graphical.target.wants +%{_unitdir}/systemd-fsck-root.service +%{_unitdir}/dbus-org.freedesktop.login1.service +%{_unitdir}/systemd-update-utmp-runlevel.service +%{_unitdir}/network-online.target +%{_unitdir}/systemd-initctl.socket +%{_unitdir}/time-sync.target +%{_unitdir}/runlevel5.target +%{_unitdir}/paths.target +%dir %{_unitdir}/runlevel1.target.wants +%{_unitdir}/systemd-exit.service +%{_unitdir}/rescue.target +%{_unitdir}/umount.target +%{_unitdir}/initrd-switch-root.service +%{_unitdir}/initrd.target +%dir %{_unitdir}/initrd.target.wants +%{_unitdir}/ldconfig.service +%{_unitdir}/initrd-root-device.target +%{_unitdir}/default.target +%{_unitdir}/boot-complete.target +%dir %{_unitdir}/sysinit.target.wants +%{_unitdir}/systemd-tmpfiles-clean.timer +%{_unitdir}/user@.service +%{_unitdir}/final.target +%{_unitdir}/sys-fs-fuse-connections.mount +%{_unitdir}/getty-pre.target +%{_unitdir}/runlevel4.target +%{_unitdir}/serial-getty@.service +%{_unitdir}/sysinit.target +%{_unitdir}/rc-local.service +%{_unitdir}/debug-shell.service +%{_unitdir}/dev-mqueue.mount +%{_unitdir}/emergency.target +%{_unitdir}/dbus-org.freedesktop.timedate1.service +%{_unitdir}/runlevel1.target +%dir %{_unitdir}/remote-fs.target.wants +%{_unitdir}/dbus-org.freedesktop.hostname1.service +%{_unitdir}/runlevel0.target +%{_unitdir}/user.slice +%{_unitdir}/systemd-journal-catalog-update.service +%{_unitdir}/local-fs-pre.target +%{_unitdir}/systemd-halt.service +%{_unitdir}/container-getty@.service +%{_unitdir}/slices.target +%{_unitdir}/systemd-network-generator.service +%{_unitdir}/autovt@.service +%dir %{_unitdir}/user-.slice.d +%dir %{_unitdir}/user@.service.d +%dir %{_unitdir}/user@0.service.d +%{_unitdir}/user@.service.d/10-login-barrier.conf +%{_unitdir}/user@0.service.d/10-login-barrier.conf +%{_unitdir}/systemd-boot-check-no-failures.service +%{_unitdir}/halt.target +%{_unitdir}/system-update-cleanup.service +%dir %{_unitdir}/local-fs.target.wants +%{_unitdir}/proc-sys-fs-binfmt_misc.mount +%{_unitdir}/dbus-org.freedesktop.locale1.service +%{_unitdir}/initrd-switch-root.target +%{_unitdir}/initrd-parse-etc.service +%{_unitdir}/nss-user-lookup.target +%{_unitdir}/sockets.target +%dir %{_unitdir}/default.target.wants +%{_unitdir}/systemd-poweroff.service +%{_unitdir}/systemd-sysctl.service +%{_unitdir}/runlevel3.target +%{_unitdir}/local-fs.target +%{_unitdir}/smartcard.target +%{_unitdir}/systemd-hostnamed.service +%{_unitdir}/system-update.target +%{_unitdir}/local-fs.target.wants/tmp.mount +%{_unitdir}/user-.slice.d/10-defaults.conf +%{_unitdir}/sysinit.target.wants/systemd-binfmt.service +%{_unitdir}/sysinit.target.wants/systemd-machine-id-commit.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup.service +%{_unitdir}/sysinit.target.wants/systemd-update-done.service +%{_unitdir}/sysinit.target.wants/dev-hugepages.mount +%{_unitdir}/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/sysinit.target.wants/systemd-ask-password-console.path +%{_unitdir}/sysinit.target.wants/sys-kernel-debug.mount +%{_unitdir}/sysinit.target.wants/systemd-journal-flush.service +%{_unitdir}/sysinit.target.wants/systemd-update-utmp.service +%{_unitdir}/sysinit.target.wants/sys-kernel-config.mount +%{_unitdir}/sysinit.target.wants/systemd-journald.service +%{_unitdir}/sysinit.target.wants/systemd-sysusers.service +%{_unitdir}/sysinit.target.wants/ldconfig.service +%{_unitdir}/sysinit.target.wants/sys-fs-fuse-connections.mount +%{_unitdir}/sysinit.target.wants/dev-mqueue.mount +%{_unitdir}/sysinit.target.wants/systemd-journal-catalog-update.service +%{_unitdir}/sysinit.target.wants/systemd-sysctl.service +%{_unitdir}/graphical.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/timers.target.wants/systemd-tmpfiles-clean.timer +%{_unitdir}/rescue.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/multi-user.target.wants/systemd-logind.service +%{_unitdir}/multi-user.target.wants/systemd-user-sessions.service +%{_unitdir}/multi-user.target.wants/getty.target +%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path +%{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf +%{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket +%{_unitdir}/sockets.target.wants/systemd-journald.socket +%{_unitdir}/sockets.target.wants/systemd-initctl.socket +%{_unitdir}/sockets.target.wants/systemd-coredump.socket +%{_unitdir}/blockdev@.target +%{_unitdir}/sys-kernel-tracing.mount +%{_unitdir}/sysinit.target.wants/sys-kernel-tracing.mount +%{_unitdir}/systemd-journald-varlink@.socket +%{_unitdir}/systemd-journald@.service +%{_unitdir}/systemd-journald@.socket +%{_unitdir}/modprobe@.service +%{_unitdir}/factory-reset.target +%{_unitdir}/initrd-usr-fs.target +%{_unitdir}/soft-reboot.target +%{_unitdir}/systemd-soft-reboot.service +%{_systemddir}/systemd-battery-check +%{_unitdir}/systemd-battery-check.service +%{_systemddir}/systemd-executor +%{_systemddir}/system-generators/systemd-fstab-generator +%{_systemddir}/system-generators/systemd-sysv-generator +%{_systemddir}/system-generators/systemd-rc-local-generator +%{_systemddir}/system-generators/systemd-debug-generator +%{_systemddir}/system-generators/systemd-run-generator +%{_systemddir}/system-generators/systemd-system-update-generator +%{_systemddir}/system-generators/systemd-getty-generator +%{_systemddir}/user-environment-generators/30-systemd-environment-d-generator +%{_systemddir}/system-preset/90-systemd.preset +%{_userunitdir}/systemd-tmpfiles-setup.service +%{_userunitdir}/graphical-session.target +%{_userunitdir}/shutdown.target +%{_userunitdir}/exit.target +%{_userunitdir}/systemd-tmpfiles-clean.service +%{_userunitdir}/basic.target +%{_userunitdir}/timers.target +%{_userunitdir}/printer.target +%{_userunitdir}/sound.target +%{_userunitdir}/bluetooth.target +%{_userunitdir}/graphical-session-pre.target +%{_userunitdir}/paths.target +%{_userunitdir}/systemd-exit.service +%{_userunitdir}/default.target +%{_userunitdir}/systemd-tmpfiles-clean.timer +%{_userunitdir}/sockets.target +%{_userunitdir}/smartcard.target +%{_systemddir}/catalog/systemd*.catalog +/usr/lib/sysctl.d/50-default.conf +/usr/lib/sysctl.d/50-pid-max.conf +/usr/lib/sysctl.d/50-coredump.conf +/usr/lib/tmpfiles.d/systemd-tmp.conf +/usr/lib/tmpfiles.d/systemd-nologin.conf +/usr/lib/tmpfiles.d/systemd.conf +/usr/lib/tmpfiles.d/journal-nocow.conf +/usr/lib/tmpfiles.d/x11.conf +/usr/lib/tmpfiles.d/tmp.conf +/usr/lib/tmpfiles.d/home.conf +/usr/lib/tmpfiles.d/etc.conf +/usr/lib/tmpfiles.d/legacy.conf +/usr/lib/tmpfiles.d/static-nodes-permissions.conf +/usr/lib/tmpfiles.d/var.conf +/usr/lib/tmpfiles.d/credstore.conf +/usr/lib/tmpfiles.d/provision.conf +/usr/lib/environment.d/99-environment.conf +%ghost %config(noreplace) /etc/localtime +%dir /etc/rc.d +%dir /etc/binfmt.d +%dir /etc/tmpfiles.d +%dir /etc/sysctl.d +%ghost %config(noreplace) /etc/locale.conf +%config(noreplace) /etc/sysctl.conf +%ghost %config(noreplace) /etc/crypttab +%dir /etc/systemd +/etc/inittab +%ghost %config(noreplace) /etc/machine-info +%ghost %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/hostname +%config(noreplace) /etc/systemd/user.conf +%dir /etc/systemd/user +%config(noreplace) /etc/systemd/logind.conf +%config(noreplace) /etc/systemd/journald.conf +%config(noreplace) /etc/systemd/coredump.conf +%dir /etc/systemd/system +%config(noreplace) /etc/systemd/system.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%config(noreplace) /etc/X11/xinit/xinitrc.d/50-systemd-user.sh +%config(noreplace) /etc/pam.d/systemd-user +/usr/lib/pam.d/systemd-user +%config(noreplace) /etc/sysctl.d/99-sysctl.conf +%config(noreplace) /etc/dnf/protected.d/systemd.conf +%dir /etc/rc.d/init.d +%config(noreplace) /etc/rc.d/rc.local +%config(noreplace) /etc/rc.local +%config(noreplace) /etc/rc.d/init.d/README +%dir /etc/xdg/systemd +%config(noreplace) /etc/xdg/systemd/user +%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf +/usr/lib/modprobe.d/README +/usr/lib/sysctl.d/README +/usr/lib/systemd/system/first-boot-complete.target +/usr/lib/systemd/user/app.slice +/usr/lib/systemd/user/background.slice +/usr/lib/systemd/user/session.slice +/usr/lib/sysusers.d/README +/usr/lib/tmpfiles.d/README +/usr/share/bash-completion/completions/systemd-id128 +/usr/share/zsh/site-functions/_systemd-path + +%files libs +%{_libdir}/libnss_systemd.so.2 +%{_libdir}/libnss_myhostname.so.2 +%{_libdir}/libsystemd.so.* +%{_libdir}/libudev.so.* + +%files rpm-macros +%{_rpmconfigdir}/sysusers.generate-pre.sh +%{_rpmmacrodir}/macros.systemd +%{_rpmmacrodir}/macros.sysusers + +%files devel +/usr/share/man/man3/* +%dir /usr/include/systemd +/usr/include/libudev.h +/usr/include/systemd/sd-event.h +/usr/include/systemd/_sd-common.h +/usr/include/systemd/sd-bus-vtable.h +/usr/include/systemd/sd-daemon.h +/usr/include/systemd/sd-hwdb.h +/usr/include/systemd/sd-device.h +/usr/include/systemd/sd-messages.h +/usr/include/systemd/sd-journal.h +/usr/include/systemd/sd-bus-protocol.h +/usr/include/systemd/sd-id128.h +/usr/include/systemd/sd-bus.h +/usr/include/systemd/sd-login.h +/usr/include/systemd/sd-path.h +/usr/include/systemd/sd-gpt.h +%{_libdir}/libudev.so +%{_libdir}/libsystemd.so +%{_libdir}/pkgconfig/libsystemd.pc +%{_libdir}/pkgconfig/libudev.pc + +%files udev +%exclude /usr/share/bash-completion/completions/kernel-install +%exclude /usr/share/zsh/site-functions/_kernel-install +%exclude /usr/bin/kernel-install +%exclude /usr/lib/kernel/install.d/90-loaderentry.install +%exclude /usr/lib/kernel/install.d/50-depmod.install +%exclude /usr/lib/kernel/install.d/20-grubby.install +%exclude /usr/lib/kernel/install.d/90-uki-copy.install +%exclude /usr/lib/kernel/install.conf +%exclude %dir /etc/kernel/install.d +%exclude %dir /etc/kernel +%exclude %dir /usr/lib/kernel +%exclude %dir /usr/lib/kernel/install.d +%exclude /usr/bin/bootctl +%exclude /usr/share/zsh/site-functions/_bootctl +%exclude /usr/share/bash-completion/completions/bootctl +%exclude %{_unitdir}/usb-gadget.target +%ghost /var/lib/systemd/random-seed + +/etc/modules-load.d +/usr/sbin/udevadm +/usr/share/bash-completion/completions/udevadm +/usr/share/zsh/site-functions/_udevadm +/usr/bin/systemd-hwdb +/usr/bin/udevadm +%dir /usr/lib/modprobe.d +%dir /usr/lib/udev +%dir /usr/lib/modules-load.d +%{_systemddir}/systemd-growfs +%{_systemddir}/systemd-modules-load +%dir %{_systemddir}/system-sleep +%{_systemddir}/systemd-makefs +%{_systemddir}/systemd-remount-fs +%{_systemddir}/systemd-hibernate-resume +%{_systemddir}/systemd-random-seed +%{_systemddir}/systemd-sleep +%{_systemddir}/systemd-udevd +%{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-growfs-root.service +%{_unitdir}/systemd-growfs@.service +%{_unitdir}/systemd-udevd.service +%{_unitdir}/initrd-udevadm-cleanup-db.service +%{_unitdir}/systemd-suspend.service +%{_unitdir}/suspend-then-hibernate.target +%{_unitdir}/systemd-modules-load.service +%{_unitdir}/systemd-tmpfiles-setup-dev.service +%{_unitdir}/systemd-vconsole-setup.service +%{_unitdir}/systemd-hibernate.service +%dir %{_unitdir}/systemd-udev-trigger.service.d +%{_unitdir}/systemd-random-seed.service +%{_unitdir}/systemd-udevd-control.socket +%{_unitdir}/hibernate.target +%{_unitdir}/systemd-remount-fs.service +%{_unitdir}/suspend.target +%{_unitdir}/systemd-hybrid-sleep.service +%{_unitdir}/systemd-suspend-then-hibernate.service +%{_unitdir}/hybrid-sleep.target +%{_unitdir}/systemd-hwdb-update.service +%{_unitdir}/systemd-udev-settle.service +%{_unitdir}/sleep.target +%{_unitdir}/kmod-static-nodes.service +%{_unitdir}/systemd-udevd-kernel.socket +%{_unitdir}/systemd-udev-trigger.service +%{_unitdir}/systemd-hibernate-resume.service +%{_unitdir}/systemd-tmpfiles-setup-dev-early.service +%{_unitdir}/sysinit.target.wants/systemd-udevd.service +%{_unitdir}/sysinit.target.wants/systemd-modules-load.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev.service +%{_unitdir}/sysinit.target.wants/systemd-random-seed.service +%{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service +%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service +%{_unitdir}/sysinit.target.wants/systemd-udev-trigger.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev-early.service +%{_unitdir}/systemd-udev-trigger.service.d/systemd-udev-trigger-no-reload.conf +%{_unitdir}/sockets.target.wants/systemd-udevd-control.socket +%{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket +%{_unitdir}/initrd.target.wants/systemd-battery-check.service +%{_systemddir}/system-generators/systemd-hibernate-resume-generator +%{_systemddir}/system-generators/systemd-gpt-auto-generator +%{_systemddir}/network/99-default.link +/usr/lib/udev/v4l_id +/usr/lib/udev/ata_id +/usr/lib/udev/cdrom_id +/usr/lib/udev/mtd_probe +/usr/lib/udev/scsi_id +/usr/lib/udev/fido_id +%ifnarch sw_64 riscv64 ppc64le +/usr/lib/udev/dmi_memory_id +%endif +/usr/lib/udev/sense_data.py +/usr/lib/udev/iocost + +%dir /usr/lib/udev/hwdb.d +%{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb +%{_udevhwdbdir}/70-touchpad.hwdb +%{_udevhwdbdir}/60-evdev.hwdb +%{_udevhwdbdir}/20-net-ifname.hwdb +%{_udevhwdbdir}/20-acpi-vendor.hwdb +%{_udevhwdbdir}/20-usb-classes.hwdb +%{_udevhwdbdir}/20-sdio-vendor-model.hwdb +%{_udevhwdbdir}/60-keyboard.hwdb +%{_udevhwdbdir}/20-pci-vendor-model.hwdb +%{_udevhwdbdir}/20-pci-classes.hwdb +%{_udevhwdbdir}/20-OUI.hwdb +%{_udevhwdbdir}/20-sdio-classes.hwdb +%{_udevhwdbdir}/20-usb-vendor-model.hwdb +%{_udevhwdbdir}/70-pointingstick.hwdb +%{_udevhwdbdir}/20-vmbus-class.hwdb +%{_udevhwdbdir}/70-joystick.hwdb +%{_udevhwdbdir}/60-sensor.hwdb +%{_udevhwdbdir}/70-mouse.hwdb +%{_udevhwdbdir}/60-input-id.hwdb +%{_udevhwdbdir}/60-autosuspend-chromiumos.hwdb +%{_udevhwdbdir}/60-autosuspend.hwdb +%{_udevhwdbdir}/20-dmi-id.hwdb +%{_udevhwdbdir}/60-autosuspend-fingerprint-reader.hwdb +%{_udevhwdbdir}/60-seat.hwdb +%{_udevhwdbdir}/80-ieee1394-unit-function.hwdb +%{_udevhwdbdir}/70-analyzers.hwdb +%{_udevhwdbdir}/70-av-production.hwdb +%{_udevhwdbdir}/70-cameras.hwdb +%{_udevhwdbdir}/70-pda.hwdb +%{_udevhwdbdir}/70-sound-card.hwdb +%{_udevhwdbdir}/README + +%dir /usr/lib/udev/rules.d +%{_udevrulesdir}/60-autosuspend.rules +%{_udevrulesdir}/40-%{vendor}.rules +%{_udevrulesdir}/40-elevator.rules +%{_udevrulesdir}/73-idrac.rules +%{_udevrulesdir}/60-block.rules +%{_udevrulesdir}/60-input-id.rules +%{_udevrulesdir}/71-seat.rules +%{_udevrulesdir}/73-seat-late.rules +%{_udevrulesdir}/80-drivers.rules +%{_udevrulesdir}/60-cdrom_id.rules +%{_udevrulesdir}/64-btrfs.rules +%{_udevrulesdir}/60-drm.rules +%{_udevrulesdir}/70-mouse.rules +%{_udevrulesdir}/70-touchpad.rules +%{_udevrulesdir}/60-persistent-alsa.rules +%{_udevrulesdir}/75-net-description.rules +%{_udevrulesdir}/60-persistent-v4l.rules +%{_udevrulesdir}/70-joystick.rules +%{_udevrulesdir}/70-power-switch.rules +%{_udevrulesdir}/60-persistent-storage.rules +%{_udevrulesdir}/80-net-setup-link.rules +%{_udevrulesdir}/60-evdev.rules +%{_udevrulesdir}/60-sensor.rules +%{_udevrulesdir}/60-serial.rules +%{_udevrulesdir}/90-vconsole.rules +%{_udevrulesdir}/78-sound-card.rules +%{_udevrulesdir}/70-uaccess.rules +%{_udevrulesdir}/60-persistent-input.rules +%{_udevrulesdir}/75-probe_mtd.rules +%{_udevrulesdir}/99-systemd.rules +%{_udevrulesdir}/60-persistent-storage-tape.rules +%{_udevrulesdir}/50-udev-default.rules +%{_udevrulesdir}/60-fido-id.rules +%{_udevrulesdir}/81-net-dhcp.rules +%{_udevrulesdir}/60-infiniband.rules +%{_udevrulesdir}/70-camera.rules +%ifnarch sw_64 riscv64 ppc64le +%{_udevrulesdir}/70-memory.rules +%endif +%{_udevrulesdir}/60-dmi-id.rules +%{_udevrulesdir}/60-persistent-storage-mtd.rules +%{_udevrulesdir}/90-iocost.rules +%{_udevrulesdir}/README + +/usr/lib/modprobe.d/systemd.conf +/usr/share/factory/etc/vconsole.conf +%ghost %config(noreplace) /etc/vconsole.conf +%dir /etc/udev +%dir /etc/kernel +%config(noreplace) /etc/systemd/sleep.conf +%ghost /etc/udev/hwdb.bin +%dir /etc/udev/rules.d +%config(noreplace) /etc/udev/udev.conf +%config(noreplace) /etc/udev/iocost.conf +%dir /etc/udev/hwdb.d + +%files container +/usr/share/bash-completion/completions/machinectl +/usr/share/zsh/site-functions/_machinectl +/usr/share/dbus-1/system-services/org.freedesktop.machine1.service +/usr/share/dbus-1/services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system.d/org.freedesktop.machine1.conf +/usr/share/polkit-1/actions/org.freedesktop.machine1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Image.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Machine.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Manager.xml +%{_libdir}/libnss_mymachines.so.2 +/usr/bin/machinectl +%{_systemddir}/systemd-machined +%{_unitdir}/systemd-machined.service +%{_unitdir}/var-lib-machines.mount +%{_unitdir}/dbus-org.freedesktop.machine1.service +%{_unitdir}/machine.slice +%{_unitdir}/machines.target +%dir %{_unitdir}/machines.target.wants +%{_unitdir}/machines.target.wants/var-lib-machines.mount +%{_unitdir}/remote-fs.target.wants/var-lib-machines.mount +%{_systemddir}/network/80-vm-vt.network + +%files help +/usr/share/man/*/* +%exclude /usr/share/man/man3/* + +%files resolved +/usr/sbin/resolvconf +/usr/bin/resolvectl +/usr/share/bash-completion/completions/resolvectl +/usr/share/zsh/site-functions/_resolvectl +/usr/share/bash-completion/completions/systemd-resolve +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.DnssdService.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Manager.xml +/usr/bin/systemd-resolve +%{_systemddir}/resolv.conf +%{_systemddir}/systemd-resolved +%config(noreplace) /etc/systemd/resolved.conf +%{_libdir}/libnss_resolve.so.2 +%{_unitdir}/systemd-resolved.service +/usr/lib/sysusers.d/systemd-resolve.conf +/usr/lib/tmpfiles.d/systemd-resolve.conf + +%files nspawn +/usr/share/bash-completion/completions/systemd-nspawn +/usr/share/zsh/site-functions/_systemd-nspawn +/usr/bin/systemd-nspawn +%{_unitdir}/systemd-nspawn@.service +/usr/lib/tmpfiles.d/systemd-nspawn.conf + +%files networkd +/usr/share/bash-completion/completions/networkctl +/usr/share/zsh/site-functions/_networkctl +/usr/share/dbus-1/system-services/org.freedesktop.network1.service +/usr/share/dbus-1/system.d/org.freedesktop.network1.conf +/usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Network.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv4Client.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv6Client.xml +/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/bin/networkctl +%{_systemddir}/systemd-networkd-wait-online +%{_systemddir}/systemd-networkd +%{_unitdir}/systemd-networkd.socket +%{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd-wait-online@.service +%{_unitdir}/systemd-networkd.service +%{_systemddir}/network/80-container-host0.network +%dir /etc/systemd/network +%config(noreplace) /etc/systemd/networkd.conf +%{_systemddir}/network/80-container-vz.network +%{_systemddir}/network/80-container-ve.network +%{_systemddir}/network/80-wifi-adhoc.network +%{_systemddir}/network/80-wifi-ap.network.example +%{_systemddir}/network/80-wifi-station.network.example +%{_systemddir}/network/80-6rd-tunnel.network +%{_systemddir}/network/80-container-vb.network +%{_systemddir}/network/80-auto-link-local.network.example +%{_systemddir}/network/89-ethernet.network.example +/usr/lib/sysusers.d/systemd-network.conf +/usr/lib/tmpfiles.d/systemd-network.conf + +%files timesyncd +%dir %{_systemddir}/ntp-units.d +%{_systemddir}/systemd-time-wait-sync +%{_unitdir}/systemd-time-wait-sync.service +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service +/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +/usr/share/polkit-1/actions/org.freedesktop.timesync1.policy +%{_systemddir}/systemd-timesyncd +%{_unitdir}/systemd-timesyncd.service +%{_systemddir}/ntp-units.d/80-systemd-timesync.list +%config(noreplace) /etc/systemd/timesyncd.conf +/usr/lib/sysusers.d/systemd-timesync.conf + +%files pam +%{_libdir}/security/pam_systemd.so +%{_libdir}/security/pam_systemd_loadkey.so + +%files cryptsetup +/usr/share/bash-completion/completions/systemd-cryptenroll +/usr/bin/systemd-cryptenroll +/usr/bin/systemd-cryptsetup +%{_systemddir}/systemd-cryptsetup +%{_systemddir}/systemd-integritysetup +%{_systemddir}/systemd-veritysetup +%{_systemddir}/system-generators/systemd-cryptsetup-generator +%{_systemddir}/system-generators/systemd-integritysetup-generator +%{_systemddir}/system-generators/systemd-veritysetup-generator +%{_unitdir}/cryptsetup-pre.target +%{_unitdir}/cryptsetup.target +%{_unitdir}/initrd-root-device.target.wants/remote-cryptsetup.target +%{_unitdir}/initrd-root-device.target.wants/remote-veritysetup.target +%{_unitdir}/integritysetup-pre.target +%{_unitdir}/integritysetup.target +%{_unitdir}/remote-cryptsetup.target +%{_unitdir}/remote-veritysetup.target +%{_unitdir}/sysinit.target.wants/cryptsetup.target +%{_unitdir}/sysinit.target.wants/integritysetup.target +%{_unitdir}/sysinit.target.wants/veritysetup.target +%{_unitdir}/system-systemd\x2dcryptsetup.slice +%{_unitdir}/system-systemd\x2dveritysetup.slice +%{_unitdir}/veritysetup-pre.target +%{_unitdir}/veritysetup.target + +%changelog +* Tue Nov 26 2024 zhangyao <zhangyao108@huawei.com> - 255-32 +- fix the systemctl disable cannot delete residuals symlink after the unit is deleted + +* Mon Nov 11 2024 xujing <xujing125@huawei.com> - 255-31 +- pid1: add env var to override default mount rate limit interval + +* Fri Nov 8 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-30 +- backport: fix systemctl printing of RootImageOptions issue + +* Thu Nov 07 2024 xujing <xujing125@huawei.com> - 255-29 +- optimize mountinfo traversal by decoupling device discovery + +* Fri Nov 01 2024 Funda Wang <fundawang@yeah.net> - 255-28 +- split out systemd-rpm-macros sub package for compatible with fedora +- add helper script and macros for creating users and groups using dynamic allocation + +* Wed Oct 30 2024 niuwanli <niuwanli@cqsoftware.com.cn> - 255-27 +- Add dbus requires for systemd-logind.service + +* Wed Oct 23 2024 xiaozai <xiaozai@kylinos.cn> - 255-26 +- DESC:fix memory leak in src/cryptsetup/cryptsetup-generator.c + +* Mon Oct 21 2024 xiaozai <xiaozai@kylinos.cn> - 255-25 +- DESC:fix memory leak in src/partition/repart.c + +* Mon Sep 23 2024 xujing <xujing125@huawei.com> - 255-24 +- DESC:fix cgroup v2 cpuset function error and optimize the code of cpuset and freezer + +* Wed Sep 11 2024 zhangyao <zhangyao108@huawei.com> - 255-23 +- DESC:network networkd address does not set up firewall rules + add backport-network-networkd-address-don-t-set-up-firewall-rules.patch + +* Tue Sep 10 2024 huyubiao <huyubiao@huawei.com> - 255-22 +- DESC:escape spaces during serialization + +* Tue Aug 13 2024 huyubiao <huyubiao@huawei.com> - 255-21 +- DESC:dont create dont-synthesize-nobody when login shell is /sbin/nologin or /usr/sbin/nologin + +* Fri Jul 26 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-20 +- backport: fix cgtop sscanf return code checks + +* Tue Jul 2 2024 dufuhang <dufuhang@kylinos.cn> - 255-19 +- sd-event: fix fd leak when fd is owned by IO event source + +* Thu Jun 13 2024 wangyuhang <wangyuhang27@huawei.com> - 255-18 +- extract systemd-cryptsetup + +* Tue May 21 2024 dufuhang <dufuhang@kylinos.cn> - 255-17 +- main: pass the right error variable + +* Thu May 16 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-16 +- Fix log message print not match when glob patterns passed to disable service + +* Thu May 9 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-15 +- Add bash completion for systemctl service-log-level/target + +* Wed May 8 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-14 +- backport: sync patches from systemd community + add backport-fix-conf-parser-oom-check-issue.patch + backport-unit-check-for-correct-function-in-vtable.patch + backport-fix-homed-log-message-typo-error.patch + +* Mon Apr 29 2024 huyubiao <huyubiao@huawei.com> - 255-13 +- add backport-login-user-runtime-dir-properly-check-for-mount-poin.patch + backport-user-util-validate-the-right-field.patch + +* Thu Apr 25 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-12 +- udevadm: allow override default log level for udevadm test-builtin commands + by environment variable + +* Wed Apr 24 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-11 +- Fix systemd-analyze -q option invalid issue + +* Thu Apr 18 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-10 +- Fix warning for file not found during rpm packaging + +* Wed Apr 17 2024 huyubiao <huyubiao@huawei.com> - 255-9 +- fix CVE-2023-50387 and CVE-2023-50868 + +* Mon Apr 08 2024 GuoCe <guoce@kylinos.cn> - 255-8 +- Update outdated URL + +* Wed Mar 27 2024 huyubiao <huyubiao@huawei.com> - 255-7 +- DESC:add backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch + backport-resolved-limit-the-number-of-signature-validations-i.patch + backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch + +* Mon Mar 18 2024 huyubiao <huyubiao@huawei.com> - 255-6 +- switch systemd back to cgroup v1 to prevent the docker.service startup failure + +* Fri Mar 1 2024 huyubiao <huyubiao@huawei.com> - 255-5 +- move the architecture patches after Patch9800 (excluding Patch9800) + +* Thu Feb 29 2024 licunlong <licunlong@huawei.com> - 255-4 +- fix the compilation warning caused by misusing const + +* Wed Feb 28 2024 huyubiao <huyubiao@huawei.com> - 255-3 +- 1.add cpuset-cgv1 and freezer-cgv1 macros and enabled by default + 2.add missing sw_64 macro in prep phase + +* Sun Feb 18 2024 huyubiao <huyubiao@huawei.com> - 255-2 +- allow underscore in hostname + +* Mon Jan 22 2024 huyubiao <huyubiao@huawei.com> - 255-1 +- update systemd to v255 + +* Thu Dec 28 2023 wangyuhang <wangyuhang27@huawei.com> - 253-10 +- actually check authenticated flag of SOA transaction in resolved + +* Thu Dec 21 2023 xujing <xujing125@huawei.com> - 253-9 +- backport: fix /boot unmounted issue when the device is suspended during boot time + +* Mon Dec 18 2023 huyubiao <huyubiao@huawei.com> - 253-8 +- backport: sync patches from systemd community + add backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch + backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-bus-add-some-minimal-bounds-check-on-signatures.patch + backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch + backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch + backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch + backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch + +* Tue Dec 12 2023 hongjinghao <hongjinghao@huawei.com> - 253-7 +- backport: sync patches from systemd community + +* Thu Nov 30 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 253-6 +- init support for ppc64le + +* Fri Sep 15 2023 hongjinghao <hongjinghao@huawei.com> - 253-5 +- journal: don't enable systemd-journald-audit.socket + +* Thu Aug 17 2023 wangyuhang <wangyuhang27@huawei.com> - 253-4 +- add a new switch to control whether udev complies with the new SAT standards + and add sense_data.py to check if the device meets the new SAT standards + fix compilation failure with - O0 option + +* Mon Jul 31 2023 huyubiao <huyubiao@huawei.com> - 253-3 +- sync the patch from v249 + +* Sat Jul 29 2023 huyubiao <huyubiao@huawei.com> - 253-2 +- fix the dynamic library cannot be found + +* Thu Jul 20 2023 huyubiao <huyubiao@huawei.com> - 253-1 +- systemd update to v253 + +* Thu Jun 15 2023 hongjinghao <hongjinghao@huawei.com> - 249-52 +- backport: sync patches from systemd community + +* Mon Jun 12 2023 chenjiayi <chenjiayi22@huawei.com> - 249-51 +- backport upstream patches to fix event loss when the whole disk is locked + +* Thu Jun 8 2023 licunlong <licunlong1@huawei.com> - 249-50 +- set the cpuset.cpus/mems of machine.slice to all by default + +* Wed Mar 22 2023 hongjinghao <hongjinghao@huawei.comg> - 249-49 +- backport: sync patches from systemd community + +* Tue Mar 7 2023 wangyuhang <wangyuhang27@huawei.com> -249-48 +- fix symlinks to NVMe drives are missing in /dev/disk/by-path + +* Tue Feb 28 2023 misaka00251 <liuxin@iscas.ac.cn> -249-47 +- Exclude riscv64 unsupported files for now, might add them back later + +* Thu Jan 19 2023 yangmingtai <yangmingtai@huawei.com> -249-46 +- delete unused patch files + +* Fri Jan 13 2023 yangmingtai <yangmingtai@huawei.com> -249-45 +- backport patches from upstream and add patchs to enhance compatibility + and features + +* Wed Dec 28 2022 huyubiao<huyubiao@huawei.com> - 249-44 +- fix CVE-2022-4415 + +* Mon Dec 12 2022 huajingyun<huajingyun@loongson.cn> - 249-43 +- Add loongarch for missing_syscall_def.h + +* Wed Nov 23 2022 yangmingtai <yangmingtai@huawei.com> -249-42 +- 1.change /etc/systemd/journald.conf ForwardToWall to no + 2.change DefaultLimitMEMLOCK to 64M + 3.replace openEuler to vendor + 4.delete useless file udev-61-openeuler-persistent-storage.rules + +* Tue Nov 15 2022 huajingyun<huajingyun@loongson.cn> - 249-41 +- Add loongarch64 architecture + +* Mon Nov 7 2022 yangmingtai <yangmingtai@huawei.com> -249-40 +- fix CVE-2022-3821 + +* Thu Oct 27 2022 wuzx<wuzx1226@qq.com> - 249-39 +- Add sw64 architecture + +* Mon Oct 10 2022 wangyuhang <wangyuhang27@huawei.com> -249-38 +- backport: sync systemd-stable-249 patches from systemd community + +* Thu Sep 29 2022 yangmingtai <yangmingtai@huawei.com> -249-37 +- 1.change default ntp server + 2.correct the default value of RuntimeDirectoryInodesMax + +* Fri Sep 16 2022 yangmingtai <yangmingtai@huawei.com> -249-36 +- revert:delete the initrd-usr-fs.target + +* Wed Sep 14 2022 xujing <xujing125@huawei.com> -249-35 +- revert add ProtectClock=yes + +* Fri Sep 2 2022 Wenchao Hao <haowenchao@huawei.com> -249-34 +- scsi_id: retry inquiry ioctl if host_byte is DID_TRANSPORT_DISRUPTED + +* Thu Sep 1 2022 hongjinghao<hongjinghao@huawei.com> - 249-33 +- 1. Don't set AlternativeNamesPolicy by default + 2. fix systemd-journald coredump + +* Tue Aug 02 2022 zhukeqian<zhukeqian1@huawei.com> -249-32 +- core: replace slice dependencies as they get added + +* Wed Jun 22 2022 zhangyao<zhangyao108@huawei.com> -249-31 +- fix don't preset systemd-timesyncd when install systemd-udev + +* Tue Jun 21 2022 zhangyao<zhangyao108@huawei.com> -249-30 +- fix Avoid /tmp being mounted as tmpfs without the user's will + +* Tue Jun 21 2022 wangyuhang<wangyuhang27@huawei.com> -249-29 +- fix build fail on meson-0.6 + 1. delete invalid meson build option + 2. meson.build: change operator combining bools from + to and + +* Fri Jun 17 2022 wangyuhang<wangyuhang27@huawei.com> -249-28 +- revert rpm: restart services in %posttrans + fix spelling errors in systemd.spec, fdev -> udev + +* Wed Jun 01 2022 licunlong<licunlong1@huawei.com> -249-27 +- move udev{rules, hwdb, program} to systemd-udev. + +* Mon Apr 18 2022 xujing <xujing99@huawei.com> - 249-26 +- rename patches name and use patch from upstream + +* Tue Apr 12 2022 xujing <xujing99@huawei.com> - 249-25 +- core: skip change device to dead in manager_catchup during booting + +* Tue Apr 12 2022 xujing <xujing99@huawei.com> - 249-24 +- print the real reason for link update + +* Tue Apr 12 2022 xujing <xujing99@huawei.com> - 249-23 +- check whether command_prev is null before assigning value + +* Mon Apr 11 2022 xujing <xujing99@huawei.com> - 249-22 +- solve that rsyslog reads journal's object of size 0 + +* Mon Apr 11 2022 xujing <xujing99@huawei.com> - 249-21 +- disable initialize_clock + +* Fri Apr 8 2022 xujing <xujing99@huawei.com> - 249-20 +- fix name of option: RuntimeDirectoryInodes + +* Fri Apr 8 2022 wangyuhang <wangyuhang27@huawei.com> - 249-19 +- set dnssec to be allow-downgrade by default + set mdns to be yes by default + set llmnr to be yes by default + +* Sat Apr 2 2022 xujing <xujing99@huawei.com> - 249-18 +- set urlify to be disabled by default + +* Thu Mar 31 2022 xujing <xujing99@huawei.com> - 249-17 +- set DEFAULT_TASKS_MAX to 80% and set mode to release + +* Wed Mar 23 2022 xujing <xujing99@huawei.com> - 249-16 +- systemd-journald: Fix journal file descriptors leak problems. + systemd: Activation service must be restarted when it is already started and re-actived by dbus + systemd-core: fix problem of dbus service can not be started + systemd-core: Delay to restart when a service can not be auto-restarted when there is one STOP_JOB for the service + core: fix SIGABRT on empty exec command argv + journalctl: never fail at flushing when the flushed flag is set + timesync: fix wrong type for receiving timestamp in nanoseconds + udev: fix potential memleak + +* Fri Mar 18 2022 yangmingtai <yangmingtai@huawei.com> - 249-15 +- fix systemctl reload systemd-udevd failed + +* Thu Mar 17 2022 xujing <xujing99@huawei.com> - 249-14 +- pid1 bump DefaultTasksMax to 80% of the kernel pid.max value + +* Thu Mar 17 2022 xujing <xujing99@huawei.com> - 249-13 +- allow more inodes in /dev an /tmp + +* Fri Mar 11 2022 yangmingtai <yangmingtai@huawei.com> - 249-12 +- disable some features + +* Thu Mar 10 2022 xujing <xujing99@huawei.com> - 249-11 +- core: use empty_to_root for cgroup path in log messages + +* Tue Mar 1 2022 yangmingtai <yangmingtai@huawei.com> - 249-10 +- revert :core map io.bfq.weight to 1..1000 + +* Tue Mar 1 2022 duyiwei <duyiwei@kylinos.cn> - 249-9 +- change %systemd_requires to %{?systemd_requires} + +* Tue Feb 22 2022 xujing <xujing99@huawei.com> - 249-8 +- temporarily disable test-seccomp and ensure some features disabled + +* Tue Feb 15 2022 yangmingtai <yangmingtai@huawei.com> - 249-7 +- disable rename function of net interface + +* Tue Feb 15 2022 yangmingtai <yangmingtai@huawei.com> - 249-6 +- nop_job of a unit must also be coldpluged after deserization + +* Tue Feb 15 2022 yangmingtai <yangmingtai@huawei.com> - 249-5 +- fix CVE-2021-3997 and CVE-2021-33910 + +* Tue Feb 8 2022 yangmingtai <yangmingtai@huawei.com> - 249-4 +- fix ConditionDirectoryNotEmpty,ConditionPathIsReadWrite and DirectoryNotEmpty + +* Tue Feb 8 2022 yangmingtai <yangmingtai@huawei.com> - 249-3 +- do not make systemd-cpredump sub packages + +* Mon Dec 27 2021 yangmingtai <yangmingtai@huawei.com> - 249-2 +- delete useless Provides and Obsoletes + +* Wed Dec 8 2021 yangmingtai <yangmingtai@huawei.com> - 249-1 +- systemd update to v249 + +* Tue Dec 28 2021 licunlong <licunlong1@huawei.com> - 248-15 +- fix typo: disable not denable. + +* Wed Dec 01 2021 licunlong <licunlong1@huawei.com> - 248-14 +- disable systemd-{timesyncd, networkd, resolved} by default + +* Thu Sep 16 2021 ExtinctFire <shenyining_00@126.com> - 248-13 +- core: fix free undefined pointer when strdup failed in the first loop + +* Mon Sep 6 2021 yangmingtai <yangmingtai@huawei.com> - 248-12 +- move postun to correct position + +* Sat Sep 4 2021 yangmingtai <yangmingtai@huawei.com> - 248-11 +- systemd delete rpath + +* Mon Aug 30 2021 yangmingtai <yangmingtai@huawei.com> - 248-10 +- enable some patches and delete unused patches + +* Thu Aug 26 2021 xujing <xujing99@huawei.com> - 248-9 +- enable some patches to fix bugs + +* Mon Aug 16 2021 yangmingtai <yangmingtai@huawei.com> - 248-8 +- udev: exec daemon-reload after installation + +* Thu Jul 22 2021 yangmingtai <yangmingtai@huawei.com> - 248-7 +- fix CVE-2021-33910 + +* Thu Jun 03 2021 shenyangyang <shenyangyang4@huawei.com> - 248-6 +- change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 + +* Mon May 31 2021 hexiaowen<hexiaowen@huawei.com> - 248-5 +- fix typo + +* Wed May 19 2021 fangxiuning <fangxiuning@huawei.com> - 248-4 +- journald: enforce longer line length limit during "setup" phase of stream protocol + +* Fri Apr 30 2021 hexiaowen <hexiaowen@huawei.com> - 248-3 +- delete unused rebase-patch + +* Fri Apr 30 2021 hexiaowen <hexiaowen@huawei.com> - 248-2 +- delete unused patches + +* Fri Apr 30 2021 hexiaowen <hexiaowen@huawei.com> - 248-1 +- Rebase to version 248 + +* Wed Mar 31 2021 fangxiuning <fangxiuning@huawei.com> - 246-15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix userdata double free + +* Wed Mar 3 2021 shenyangyang <shenyangyang4@huawei.com> - 246-14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix Failed to migrate controller cgroups from *: Permission denied + +* Sat Feb 27 2021 shenyangyang <shenyangyang4@huawei.com> - 246-13 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:xdg autostart Lower most info messages to debug level + +* Sat Feb 27 2021 gaoyi <ymuemc@163.com> - 246-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:just configure DefaultTasksMax when install + +* Tue Jan 26 2021 extinctfire <shenyining_00@126.com> - 246-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix login timeout 2 minutes + +* Fri Dec 18 2020 overweight <hexiaowen@huawei.com> - 246-10 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix 40-openEuler.rules for memory offline + +* Wed Dec 16 2020 shenyangyang <shenyangyang4@huawei.com> - 246-9 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:do not create /var/log/journal on initial installation + +* Wed Nov 25 2020 shenyangyang <shenyangyang4@huawei.com> - 246-8 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:don't enable systemd-journald-audit.socket by default + +* Thu Sep 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-7 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches and rebase to bded6f + +* Fri Sep 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-6 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches + +* Wed Sep 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-5 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:set default tasks max to 85% + +* Wed Sep 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-4 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix error handling on readv + +* Sat Aug 01 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-3 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to real release 246 + +* Tue Jul 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix buffer overrun when urlifying. + +* Fri Jun 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 246-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to release 246 + +* Thu May 28 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-23 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add requirement of systemd to libs + +* Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-22 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:solve the build failure caused by the upgrade of libseccomp + +* Mon Apr 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-21 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:resolve memleak of pid1 and add some patches + +* Thu Apr 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-20 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete redundant info in spec + +* Wed Mar 25 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-19 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add patch of CVE-2020-1714-5 + +* Fri Mar 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-18 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix two vf visual machines have the same mac address + +* Tue Mar 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-17 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix CVE-2020-1712 and close journal files that were deleted by journald + before we've setup inotify watch and bump pim_max to 80% + +* Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-16 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add 1603-udev-add-actions-while-rename-netif-failed.patch + +* Sat Feb 29 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-15 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update rtc with system clock when shutdown + +* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-14 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:enable tests + +* Mon Feb 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:modify kvm authority 0660 and fix dbus daemon restart need 90s after killed + +* Tue Jan 21 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-12 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add systemd-libs + +* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix resolv.conf has symlink default + +* Fri Jan 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-10 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix capsh drop but ping success and udev ignore error caused by device disconnection + +* Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-9 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded obsoletes + +* Wed Jan 08 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-8 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded patchs + +* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 243-7 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded source + +* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 243-6 +- Type:NA +- ID:NA +- SUG:NA +- DESC:modify name of persistent-storage.rules + +* Fri Dec 20 2019 jiangchuangang<jiangchuangang@huawei.com> - 243-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change time log level + +* Fri Nov 22 2019 shenyangyang<shenyangyang4@huawei.com> - 243-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add efi_arch to solve build problem of x86 + +* Sat Sep 28 2019 guoxiaoqi<guoxiaoqi2@huawei.com> - 243-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify default-hierarchy + +* Tue Sep 24 2019 shenyangyang<shenyangyang4@huawei.com> - 243-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:revise requires + +* Thu Sep 12 2019 hexiaowen <hexiaowen@huawei.com> - 243-1 +- Update to release 243 + +* Tue Sep 10 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h43 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert fix two vf visual machines have the same mac address + +* Wed Sep 04 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h42 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix two vf visual machines have the same mac address + +* Sat Aug 31 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h41 +- Type:NA +- ID:NA +- SUG:NA +- DESC:timeout waiting for scaning on device 8:3 + +* Mon Aug 26 2019 shenyangyang<shenyangyang4@huawei.com> - 239-3.h40 +- Type:NA +- ID:NA +- SUG:NA +- DESC:remove sensetive info + +* Wed Aug 21 2019 yangbin<robin.yb@huawei.com> - 239-3.h39 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Mon Aug 19 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h38 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Thu Jul 25 2019 yangbin<robin.yb@huawei.com> - 239-3.h37 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change CPUSetMemMigrate type to bool + +* Tue Jul 23 2019 yangbin<robin.yb@huawei.com> - 239-3.h36 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add systemd cgroup config for cpuset and freezon + +* Thu Jul 18 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h35 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: change support URL shown in the catalog entries + +* Tue Jul 09 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h34 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add systemd dependency requires openssl-libs + +* Tue Jul 09 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h33 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: login: use parse_uid() when unmounting user runtime directory + +* Tue Jul 9 2019 fangxiuning<fangxiuning@huawei.com> - 239-3.h32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix timedatectl set-timezone, UTC time wrong + +* Wed Jun 19 2019 cangyi<cangyi@huawei.com> - 239-3.h31 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Tue Jun 18 2019 cangyi<cangyi@huawei.com> - 239-3.h30 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: revert fix memleak on invalid message + +* Mon Jun 17 2019 wenjun<wenjun8@huawei.com> - 239-3.h29 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert h26 + +* Mon Jun 17 2019 cangyi<cangyi@huawei.com> - 239-3.h28 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Wed Jun 12 2019 cangyi<cangyi@huawei.com> - 239-3.h27 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix warnings + +* Tue Jun 11 2019 wenjun<wenjun8@huawei.com> - 239-3.h26 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix race between daemon-reload and other commands,remove useless patch + +* Mon Jun 10 2019 gaoyi<gaoyi15@huawei.com> - 239-3.h25 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:repair the test test-journal-syslog + https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 + +* Tue Jun 04 2019 gaoyi<gaoyi15@huawei.com> - 239-3.h24 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:backport CVE-2019-3844 CVE-2019-3843 + +* Mon Jun 3 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h23 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix CVE + +* Wed May 22 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix button_open sd_event_source leak + +* Mon May 20 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h21 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Fri May 17 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h20 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Thu May 16 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h19 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h17 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 liuzhiqiang<liuzhiqiang26@huawei.com> - 239-3.h16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:remove 86-network.rules and its ifup-hotplug script + +* Sun May 12 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:rename patches + +* Thu Apr 4 2019 luochunsheng<luochunsheng@huawei.com> - 239-3.h11 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:remove sensitive information + +* Wed Mar 27 2019 wangjia<wangjia55@huawei.com> - 239-3.h10 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: rollback patch 1610-add-new-rules-for-lower-priority-events-to-preempt.patch, + this patch caused mount failed + +* Fri Mar 22 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h9 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: Open source fragment reference rectification + +* Thu Mar 21 2019 wangxiao<wangxiao65@huawei.com> - 239-3.h8 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: systemctl-fix-assert-for-failed-mktime-conversion.patch + network-link-Fix-logic-error-in-matching-devices-by-.patch + bus-socket-Fix-line_begins-to-accept-word-matching-f.patch + networkd-fix-overflow-check.patch + resolve-fix-memleak.patch + syslog-fix-segfault-in-syslog_parse_priority.patch + journald-free-the-allocated-memory-before-returning-.patch + resolvectl-free-the-block-of-memory-hashed-points-to.patch + util-do-not-use-stack-frame-for-parsing-arbitrary-in.patch + dynamic-user-fix-potential-segfault.patch + journald-fixed-assertion-failure-when-system-journal.patch + core-socket-fix-memleak-in-the-error-paths-in-usbffs.patch + systemd-do-not-pass-.wants-fragment-path-to-manager_.patch + verbs-reset-optind-10116.patch + network-fix-memleak-about-routing-policy.patch + network-fix-memleak-around-Network.dhcp_vendor_class.patch + sd-dhcp-lease-fix-memleaks.patch + meson-use-the-host-architecture-compiler-linker-for-.patch + dhcp6-fix-an-off-by-one-error-in-dhcp6_option_parse_.patch + bus-message-use-structured-initialization-to-avoid-u.patch + bus-message-do-not-crash-on-message-with-a-string-of.patch + bus-message-fix-skipping-of-array-fields-in-gvariant.patch + basic-hexdecoct-check-for-overflow.patch + journal-upload-add-asserts-that-snprintf-does-not-re.patch + bus-unit-util-fix-parsing-of-IPAddress-Allow-Deny.patch + terminal-util-extra-safety-checks-when-parsing-COLUM.patch + core-handle-OOM-during-deserialization-always-the-sa.patch + systemd-nspawn-do-not-crash-on-var-log-journal-creat.patch + core-don-t-create-Requires-for-workdir-if-missing-ok.patch + chown-recursive-let-s-rework-the-recursive-logic-to-.patch + network-fix-segfault-in-manager_free.patch + network-fix-possible-memleak-caused-by-multiple-sett.patch + network-fix-memleak-in-config_parse_hwaddr.patch + network-fix-memleak-abot-Address.label.patch + tmpfiles-fix-minor-memory-leak-on-error-path.patch + udevd-explicitly-set-default-value-of-global-variabl.patch + udev-handle-sd_is_socket-failure.patch + basic-remove-an-assertion-from-cunescape_one.patch + debug-generator-fix-minor-memory-leak.patch + journald-check-whether-sscanf-has-changed-the-value-.patch + coredumpctl-fix-leak-of-bus-connection.patch + vconsole-Don-t-skip-udev-call-for-dummy-device.patch + mount-don-t-propagate-errors-from-mount_setup_unit-f.patch + sd-device-fix-segfault-when-error-occurs-in-device_n.patch + boot-efi-use-a-wildcard-section-copy-for-final-EFI-g.patch + basic-hexdecoct-be-more-careful-in-overflow-check.patch + +* Fri Mar 15 2019 wangjia<wangjia55@huawei.com> - 239-3.h7 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: modify RemoveIPC to false by default value + +* Wed Mar 13 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h6 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: add rc.local + +* Fri Mar 8 2019 hexiaowen<hexiaowen@huawei.com> - 239-3.h5 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: disable-initialize_clock + +* Sat Feb 09 2019 xuchunmei<xuchunmei@huawei.com> - 239-3.h4 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:do not create /var/log/journal on initial installation + +* Sat Feb 02 2019 Yi Cang<cangyi@huawei.com> - 239-3.h3 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + +* Tue Jan 29 2019 Yining Shen<shenyining@huawei.com> - 239-3.h2 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + journald-fix-allocate-failed-journal-file.patch + 1602-activation-service-must-be-restarted-when-reactivated.patch + 1509-fix-journal-file-descriptors-leak-problems.patch + 2016-set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch + 1612-serialize-pids-for-scope-when-not-started.patch + 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch + 1617-bus-cookie-must-wrap-around-to-1.patch + 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch + 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch + 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch + 1611-systemd-core-fix-problem-on-forking-service.patch + uvp-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch + uvp-bugfix-also-stop-machine-when-unit-in-active-but-leader-exited.patch + +* Mon Dec 10 2018 Zhipeng Xie<xiezhipeng1@huawei.com> - 239-3.h1 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:fix obs build fail + +* Mon Dec 10 2018 hexiaowen <hexiaowen@huawei.com> - 239-1 +- Package init diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh new file mode 100644 index 0000000..4a87d53 --- /dev/null +++ b/sysusers.generate-pre.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*- + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin + + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat <<-EOF + getent passwd '$user' >/dev/null || \\ + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + EOF + else + cat <<-EOF + if ! getent passwd ${user@Q} >/dev/null; then + if ! getent passwd ${uid@Q} >/dev/null; then + useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + else + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + fi + fi + + EOF + fi +} + +group() { + group="$1" + gid="$2" + + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || : + EOF + else + cat <<-EOF + getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || : + EOF + fi +} + +usermod() { + user="$1" + group="$2" + + cat <<-EOF + if getent group ${group@Q} >/dev/null; then + usermod -a -G ${group@Q} '$user' || : + fi + EOF +} + +parse() { + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + if [[ "${arr[2]}" == *":"* ]]; then + user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" + else + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + fi + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" +done diff --git a/treat-underscore-as-valid-hostname-char.patch b/treat-underscore-as-valid-hostname-char.patch new file mode 100644 index 0000000..6472129 --- /dev/null +++ b/treat-underscore-as-valid-hostname-char.patch @@ -0,0 +1,72 @@ +From c04904a4f54f8949a6a7821a0859e2732366259b Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 24 Nov 2020 19:57:38 +0800 +Subject: [PATCH] treat underscore as valid hostname char + +--- + src/basic/hostname-util.c | 14 ++++++++++++-- + test/test-network-generator-conversion.sh | 2 +- + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c +index e743033..8464164 100644 +--- a/src/basic/hostname-util.c ++++ b/src/basic/hostname-util.c +@@ -80,6 +80,16 @@ bool valid_ldh_char(char c) { + c == '-'; + } + ++static bool hostname_valid_char(char c) { ++ return ++ (c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9') || ++ c == '-' || ++ c == '_' || ++ c == '.'; ++} ++ + bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { + unsigned n_dots = 0; + const char *p; +@@ -116,7 +126,7 @@ bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { + hyphen = true; + + } else { +- if (!valid_ldh_char(*p)) ++ if (!hostname_valid_char(*p)) + return false; + + dot = false; +@@ -158,7 +168,7 @@ char* hostname_cleanup(char *s) { + dot = false; + hyphen = true; + +- } else if (valid_ldh_char(*p)) { ++ } else if (hostname_valid_char(*p)) { + *(d++) = *p; + dot = false; + hyphen = false; +diff --git a/test/test-network-generator-conversion.sh b/test/test-network-generator-conversion.sh +index 6224a4d..05ef833 100755 +--- a/test/test-network-generator-conversion.sh ++++ b/test/test-network-generator-conversion.sh +@@ -283,6 +283,7 @@ COMMAND_LINES=( + "ip=:::::dhcp99:dhcp6:10.0.0.128:[fdef:c400:bd01:1096::bbbb]" + "ip=::::::any" + "ip=::::::ibft" ++ "ip=10.0.0.1:::255.255.255.0:valid_hostname:foo99:off" + ) + for cmdline in "${COMMAND_LINES[@]}"; do + check_one_long "$cmdline" +@@ -294,7 +295,6 @@ INVALID_COMMAND_LINES=( + "ip=:::::::foo" + "ip=10.0.0:::255.255.255.0::foo99:off" + "ip=10.0.0.1:::255.255.255::foo99:off" +- "ip=10.0.0.1:::255.255.255.0:invalid_hostname:foo99:off" + "ip=10.0.0.1:::255.255.255.0::verylonginterfacename:off" + "ip=:::::dhcp99:dhcp6:0" + "ip=:::::dhcp99:dhcp6:-1" +-- +2.39.1 + diff --git a/udev-40-generic.rules b/udev-40-generic.rules new file mode 100644 index 0000000..dcf0ef0 --- /dev/null +++ b/udev-40-generic.rules @@ -0,0 +1,45 @@ +# do not edit this file, it will be overwritten on update + +# CPU hotadd request +SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + +# Memory hotadd request +SUBSYSTEM!="memory", GOTO="memory_hotplug_end" +ACTION!="add", GOTO="memory_hotplug_end" +PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end" + +ENV{.state}="online" +ATTR{state}=="offline", ATTR{state}="$env{.state}" + +LABEL="memory_hotplug_end" + +# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded +ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" + +# load SCSI generic (sg) driver +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" + +# Rule for prandom character device node permissions +KERNEL=="prandom", MODE="0644" + + +# Rules for creating the ID_PATH for SCSI devices based on the CCW bus +# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN> +# +ACTION=="remove", GOTO="zfcp_scsi_device_end" + +# +# Set environment variable "ID_ZFCP_BUS" to "1" if the devices +# (both disk and partition) are SCSI devices based on FCP devices +# +KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" + +# For SCSI disks +KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" + + +# For partitions on a SCSI disk +KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" + +LABEL="zfcp_scsi_device_end" diff --git a/udev-55-persistent-net-generator.rules b/udev-55-persistent-net-generator.rules new file mode 100644 index 0000000..8aa39d0 --- /dev/null +++ b/udev-55-persistent-net-generator.rules @@ -0,0 +1,104 @@ +# do not edit this file, it will be overwritten on update + +# these rules generate rules for persistent network device naming +# +# variables used to communicate: +# MATCHADDR MAC address used for the match +# MATCHID bus_id used for the match +# MATCHDRV driver name used for the match +# MATCHIFTYPE interface type match +# COMMENT comment to add to the generated rule +# INTERFACE_NAME requested name supplied by external tool +# INTERFACE_NEW new interface name returned by rule writer + +ACTION!="add", GOTO="persistent_net_generator_end" +SUBSYSTEM!="net", GOTO="persistent_net_generator_end" + +# ignore the interface if a name has already been set +NAME=="?*", GOTO="persistent_net_generator_end" + +# device name whitelist +KERNEL!="eth*|ath*|wlan*[0-9]|msh*|ra*|sta*|ctc*|lcs*|hsi*", GOTO="persistent_net_generator_end" + +# when net.ifnames=0 is not set in command line ,do not generate net-name rules +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}!="0",SUBSYSTEMS=="pci", GOTO="persistent_net_generator_end" + +# ignore Xen virtual interfaces +#SUBSYSTEMS=="xen", GOTO="persistent_net_generator_end" + +# check if running in a guest +PROGRAM=="detect_virt", RESULT=="?*", ENV{VIRTPLATFORM}="$result" + +# read MAC address +ENV{MATCHADDR}="$attr{address}" + +# match interface type +ENV{MATCHIFTYPE}="$attr{type}" + +# These vendors are known to violate the local MAC address assignment scheme +# Interlan, DEC (UNIBUS or QBUS), Apollo, Cisco, Racal-Datacom +ENV{MATCHADDR}=="02:07:01:*", GOTO="globally_administered_whitelist" +# 3Com +ENV{MATCHADDR}=="02:60:60:*", GOTO="globally_administered_whitelist" +# 3Com IBM PC; Imagen; Valid; Cisco; Apple +ENV{MATCHADDR}=="02:60:8c:*", GOTO="globally_administered_whitelist" +# Intel +ENV{MATCHADDR}=="02:a0:c9:*", GOTO="globally_administered_whitelist" +# Olivetti +ENV{MATCHADDR}=="02:aa:3c:*", GOTO="globally_administered_whitelist" +# CMC Masscomp; Silicon Graphics; Prime EXL +ENV{MATCHADDR}=="02:cf:1f:*", GOTO="globally_administered_whitelist" +# Prominet Corporation Gigabit Ethernet Switch +ENV{MATCHADDR}=="02:e0:3b:*", GOTO="globally_administered_whitelist" +# BTI (Bus-Tech, Inc.) IBM Mainframes +ENV{MATCHADDR}=="02:e6:d3:*", GOTO="globally_administered_whitelist" +# Realtek +ENV{MATCHADDR}=="52:54:00:*", GOTO="globally_administered_whitelist" +# Novell 2000 +ENV{MATCHADDR}=="52:54:4c:*", GOTO="globally_administered_whitelist" +# Realtec +ENV{MATCHADDR}=="52:54:ab:*", GOTO="globally_administered_whitelist" +# Kingston Technologies +ENV{MATCHADDR}=="e2:0c:0f:*", GOTO="globally_administered_whitelist" + +# match interface dev_id +ATTR{dev_id}=="?*", ENV{MATCHDEVID}="$attr{dev_id}" + +# do not use "locally administered" MAC address +#ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}="" + +# do not use "locally administered" MAC address only on host +ENV{VIRTPLATFORM}=="none", ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}="" + +# do not use empty address +ENV{MATCHADDR}=="00:00:00:00:00:00", ENV{MATCHADDR}="" + +LABEL="globally_administered_whitelist" + +# build comment line for generated rule: +SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device $attr{vendor}:$attr{device} ($driver)" +SUBSYSTEMS=="usb", ATTRS{idVendor}=="?*", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct} ($driver)" +SUBSYSTEMS=="pcmcia", ENV{COMMENT}="PCMCIA device $attr{card_id}:$attr{manf_id} ($driver)" +SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})" + +# ibmveth likes to use "locally administered" MAC addresses +DRIVERS=="ibmveth", ENV{MATCHADDR}="$attr{address}", ENV{COMMENT}="ibmveth ($id)" + +# S/390 uses id matches only, do not use MAC address match +SUBSYSTEMS=="ccwgroup", ENV{COMMENT}="S/390 $driver device at $id", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver", ENV{MATCHADDR}="", ENV{MATCHDEVID}="" + +# see if we got enough data to create a rule +ENV{MATCHADDR}=="", ENV{MATCHID}=="", ENV{INTERFACE_NAME}=="", GOTO="persistent_net_generator_end" + +# default comment +ENV{COMMENT}=="", ENV{COMMENT}="net device ($attr{driver})" + +# write rule +DRIVERS=="?*", IMPORT{program}="write_net_rules" + +# rename interface if needed +ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" + +LABEL="persistent_net_generator_end" + diff --git a/udev-56-net-sriov-names.rules b/udev-56-net-sriov-names.rules new file mode 100644 index 0000000..e562b2c --- /dev/null +++ b/udev-56-net-sriov-names.rules @@ -0,0 +1,17 @@ +# do not edit this file, it will be overwritten on update +# +# rename SRIOV virtual function interfaces + +ACTION=="remove", GOTO="net-sriov-names_end" + +# when net.ifnames=0 is not set in command line ,do not generate net-name rules +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}!="0",SUBSYSTEMS=="pci", GOTO="net-sriov-names_end" + +SUBSYSTEM=="net", SUBSYSTEMS=="pci", ACTION=="add", NAME=="?*", ENV{INTERFACE_NEW}="$name" +SUBSYSTEM=="net", SUBSYSTEMS=="pci", ACTION=="add", IMPORT{program}="net-set-sriov-names" + +# rename interface if needed +ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" + +LABEL="net-sriov-names_end" diff --git a/udev-add-actions-while-rename-netif-failed.patch b/udev-add-actions-while-rename-netif-failed.patch new file mode 100644 index 0000000..cf40ded --- /dev/null +++ b/udev-add-actions-while-rename-netif-failed.patch @@ -0,0 +1,101 @@ +From e21318d22359c7160ea7c7f4a610b28a30d48c84 Mon Sep 17 00:00:00 2001 +From: systemd team <systemd-maint@redhat.com> +Date: Tue, 7 Mar 2017 08:20:10 +0000 +Subject: [PATCH] udev-add-actions-while-rename-netif-failed +--- + src/udev/udev-event.c | 51 +++++++++++++++++++++++++++++++++++++------ + 1 file changed, 44 insertions(+), 7 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index ed22c8b..a387517 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -1,5 +1,6 @@ + /* SPDX-License-Identifier: GPL-2.0-or-later */ + ++#include <net/if.h> + #include "alloc-util.h" + #include "device-internal.h" + #include "device-private.h" +@@ -10,6 +11,7 @@ + #include "path-util.h" + #include "string-util.h" + #include "strv.h" ++#include "strxcpyx.h" + #include "udev-event.h" + #include "udev-node.h" + #include "udev-trace.h" +@@ -107,6 +109,7 @@ static int rename_netif(UdevEvent *event) { + const char *s; + sd_device *dev; + int ifindex, r; ++ char name[IFNAMSIZ]; + + assert(event); + +@@ -177,21 +180,55 @@ static int rename_netif(UdevEvent *event) { + goto revert; + } + +- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames); ++ strscpy(name, IFNAMSIZ, event->name); ++ ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames); + if (r < 0) { + if (r == -EBUSY) { + log_device_info(event->dev_db_clone, + "Network interface '%s' is already up, cannot rename to '%s'.", + old_sysname, event->name); + r = 0; +- } else +- log_device_error_errno(event->dev_db_clone, r, +- "Failed to rename network interface %i from '%s' to '%s': %m", +- ifindex, old_sysname, event->name); +- goto revert; ++ goto revert; ++ } ++ int loop; ++ if (r != -EEXIST) { ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; ++ } ++ ++ snprintf(name, IFNAMSIZ, "rename%d", ifindex); ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames); ++ if (r < 0) { ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; ++ } ++ ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, name); ++ ++ /* wait 90 seconds for our target to become available */ ++ loop = 90 * 20; ++ while (loop--) { ++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 }; ++ ++ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames); ++ if (r == 0) { ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, name, event->name); ++ goto revert; ++ } ++ ++ if (r != -EEXIST) { ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); ++ goto revert; ++ } ++ log_debug( "wait for netif '%s' to become free, loop=%i\n", ++ event->name, (90 * 20) - loop); ++ nanosleep(&duration, NULL); ++ } ++ + } + +- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); + return 1; + + revert: +-- +2.33.0 + diff --git a/udev-virsh-shutdown-vm.patch b/udev-virsh-shutdown-vm.patch new file mode 100644 index 0000000..f261c3e --- /dev/null +++ b/udev-virsh-shutdown-vm.patch @@ -0,0 +1,23 @@ +From 3d5e0620b4a3298620c8d985cec42772c7f77c6d Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam <buildteam@openeuler.org> +Date: Thu, 31 Jan 2019 02:24:16 -0500 +Subject: [PATCH] systemd:virsh shutdown vm + +--- + rules.d/70-power-switch.rules | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rules.d/70-power-switch.rules b/rules.d/70-power-switch.rules +index 3fb954a..bc79410 100644 +--- a/rules.d/70-power-switch.rules ++++ b/rules.d/70-power-switch.rules +@@ -11,5 +11,6 @@ ACTION=="remove", GOTO="power_switch_end" + + SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_SWITCH}=="1", TAG+="power-switch" + SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_KEY}=="1", TAG+="power-switch" ++SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", ATTRS{keys}=="116", TAG+="power-switch" + + LABEL="power_switch_end" +-- +2.33.0 + diff --git a/unit-don-t-add-Requires-for-tmp.mount.patch b/unit-don-t-add-Requires-for-tmp.mount.patch new file mode 100644 index 0000000..6247515 --- /dev/null +++ b/unit-don-t-add-Requires-for-tmp.mount.patch @@ -0,0 +1,27 @@ +From 03e52d33bbdea731eaa79545bb1d30c5b21abe3d Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Mon, 5 Sep 2016 12:47:09 +0200 +Subject: [PATCH] unit: don't add Requires for tmp.mount + +Resolves: #1619292 + +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index c9f756c..721d8d6 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1421,7 +1421,7 @@ static int unit_add_mount_dependencies(Unit *u) { + return r; + changed = changed || r > 0; + +- if (m->fragment_path) { ++ if (m->fragment_path && !streq(m->id, "tmp.mount")) { + r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); + if (r < 0) + return r; +-- +1.8.3.1 + diff --git a/units-add-Install-section-to-tmp.mount.patch b/units-add-Install-section-to-tmp.mount.patch new file mode 100644 index 0000000..b7c1fd4 --- /dev/null +++ b/units-add-Install-section-to-tmp.mount.patch @@ -0,0 +1,25 @@ +From bb3d205bea1c83cbd0e27b504f5f1faa884fb602 Mon Sep 17 00:00:00 2001 +From: Jan Synacek <jsynacek@redhat.com> +Date: Tue, 22 Jan 2019 10:28:42 +0100 +Subject: [PATCH] units: add [Install] section to tmp.mount + +Resolves: #1667065 +--- + units/tmp.mount | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/units/tmp.mount b/units/tmp.mount +index cf68378..66d9a32 100644 +--- a/units/tmp.mount ++++ b/units/tmp.mount +@@ -23,3 +23,7 @@ What=tmpfs + Where=/tmp + Type=tmpfs + Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m ++ ++# Make 'systemctl enable tmp.mount' work: ++[Install] ++WantedBy=local-fs.target +-- +2.23.0 + diff --git a/update-rtc-with-system-clock-when-shutdown.patch b/update-rtc-with-system-clock-when-shutdown.patch new file mode 100644 index 0000000..ba4dff6 --- /dev/null +++ b/update-rtc-with-system-clock-when-shutdown.patch @@ -0,0 +1,53 @@ +From a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 +From: update-rtc-with-system-clock-when-shutdown +Date: Sat, 2 Feb 2019 02:54:52 -0500 +Subject: [PATCH] Module: modification summary +--- + units/hwclock-save.service.in | 19 +++++++++++++++++++ + units/meson.build | 4 ++++ + 2 files changed, 23 insertions(+) + create mode 100644 units/hwclock-save.service.in + +diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in +new file mode 100644 +index 0000000..db33418 +--- /dev/null ++++ b/units/hwclock-save.service.in +@@ -0,0 +1,19 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it+ ++# under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Update RTC With System Clock ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/true ++ExecStop=/sbin/hwclock --systohc ++RemainAfterExit=yes ++ ++[Install] ++WantedBy=default.target ++ +diff --git a/units/meson.build b/units/meson.build +index e7bfb7f..159d337 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -653,6 +653,10 @@ units = [ + 'file' : 'systemd-update-done.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, ++ { ++ 'file' : 'hwclock-save.service.in', ++ 'symlinks' : ['sysinit.target.wants/'], ++ }, + { + 'file' : 'systemd-update-utmp-runlevel.service.in', + 'conditions' : ['ENABLE_UTMP', 'HAVE_SYSV_COMPAT'], +-- +2.33.0 + diff --git a/write_net_rules b/write_net_rules new file mode 100644 index 0000000..5626820 --- /dev/null +++ b/write_net_rules @@ -0,0 +1,134 @@ +#!/bin/sh -e +# +# Copyright (C) 2006 Marco d'Itri <md@Linux.IT> +# Copyright (C) 2007 Kay Sievers <kay.sievers@vrfy.org> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation version 2 of the License. +# +# This script is run to create persistent network device naming rules +# based on properties of the device. +# If the interface needs to be renamed, INTERFACE_NEW=<name> will be printed +# on stdout to allow udev to IMPORT it. + +# variables used to communicate: +# MATCHADDR MAC address used for the match +# MATCHID bus_id used for the match +# MATCHDEVID dev_id used for the match +# MATCHDRV driver name used for the match +# MATCHIFTYPE interface type match +# COMMENT comment to add to the generated rule +# INTERFACE_NAME requested name supplied by external tool +# INTERFACE_NEW new interface name returned by rule writer + +RULES_FILE='/etc/udev/rules.d/50-persistent-net.rules' + +. /usr/lib/udev/rule_generator.functions + +interface_name_taken() { + local value="$(find_all_rules 'NAME=' $INTERFACE)" + if [ "$value" ]; then + return 0 + else + return 1 + fi +} + +find_next_available() { + raw_find_next_available "$(find_all_rules 'NAME=' "$1")" +} + +write_rule() { + local match="$1" + local name="$2" + local comment="$3" + + { + if [ "$PRINT_HEADER" ]; then + PRINT_HEADER= + echo "# This file was automatically generated by the $0" + echo "# program, run by the persistent-net-generator.rules rules file." + echo "#" + echo "# You can modify it, as long as you keep each rule on a single" + echo "# line, and change only the value of the NAME= key." + fi + + echo "" + [ "$comment" ] && echo "# $comment" + echo "SUBSYSTEM==\"net\", ACTION==\"add\"$match, NAME=\"$name\"" + } >> $RULES_FILE +} + +if [ -z "$INTERFACE" ]; then + echo "missing \$INTERFACE" >&2 + exit 1 +fi + +mkdir -p /dev/.udev + +# Prevent concurrent processes from modifying the file at the same time. +lock_rules_file + +# Check if the rules file is writeable. +choose_rules_file + +# the DRIVERS key is needed to not match bridges and VLAN sub-interfaces +if [ "$MATCHADDR" ]; then + match="$match, DRIVERS==\"?*\", ATTR{address}==\"$MATCHADDR\"" +fi + +if [ "$MATCHDRV" ]; then + match="$match, DRIVERS==\"$MATCHDRV\"" +fi + +if [ "$MATCHDEVID" ]; then + match="$match, ATTR{dev_id}==\"$MATCHDEVID\"" +fi + +if [ "$MATCHID" ]; then + match="$match, KERNELS==\"$MATCHID\"" +fi + +if [ "$MATCHIFTYPE" ]; then + match="$match, ATTR{type}==\"$MATCHIFTYPE\"" +fi + +if [ -z "$match" ]; then + echo "missing valid match" >&2 + unlock_rules_file + exit 1 +fi + +basename=${INTERFACE%%[0-9]*} +match="$match, KERNEL==\"$basename*\"" + +if [ "$INTERFACE_NAME" ]; then + # external tools may request a custom name + COMMENT="$COMMENT (custom name provided by external tool)" + if [ "$INTERFACE_NAME" != "$INTERFACE" ]; then + INTERFACE=$INTERFACE_NAME; + echo "INTERFACE_NEW=$INTERFACE" + fi +else + # if a rule using the current name already exists, find a new name + if interface_name_taken; then + INTERFACE="$basename$(find_next_available "$basename[0-9]*")" + echo "INTERFACE_NEW=$INTERFACE" + fi +fi + +if [ "$MATCHADDR" ]; then + mac_found=0 + grep -qE "^\s*[^#].*==\"$MATCHADDR\"" "$RULES_FILE" || mac_found=$? + if [ $mac_found -ne 0 ]; then + # only add new rules while mac address not found + write_rule "$match" "$INTERFACE" "$COMMENT" + fi +else + write_rule "$match" "$INTERFACE" "$COMMENT" +fi + +unlock_rules_file + +exit 0 diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev |