diff --git a/0505-fedora-add-bridge-sysctl-configuration.patch b/0505-fedora-add-bridge-sysctl-configuration.patch deleted file mode 100644 index d6a1a0e..0000000 --- a/0505-fedora-add-bridge-sysctl-configuration.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 92f6fa8c02e7721120e712b8cc1d250ce940f51c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Oct 2014 01:49:10 -0400 -Subject: [PATCH] fedora: add bridge sysctl configuration - -Udev rule is added to load those settings when the bridge -module is loaded. - -https://bugzilla.redhat.com/show_bug.cgi?id=634736 ---- - Makefile.am | 8 ++++++-- - rules/.gitignore | 1 + - rules/99-bridge.rules.in | 9 +++++++++ - sysctl.d/50-bridge.conf | 4 ++++ - 4 files changed, 20 insertions(+), 2 deletions(-) - create mode 100644 rules/99-bridge.rules.in - create mode 100644 sysctl.d/50-bridge.conf - -diff --git a/Makefile.am b/Makefile.am -index e52db1793b..41e94575ef 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -445,7 +445,8 @@ CLEANFILES += \ - $(nodist_zshcompletion_DATA) - - dist_sysctl_DATA = \ -- sysctl.d/50-default.conf -+ sysctl.d/50-default.conf \ -+ sysctl.d/50-bridge.conf - - dist_systemunit_DATA = \ - units/graphical.target \ -@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \ - rules/95-udev-late.rules - - nodist_udevrules_DATA += \ -- rules/99-systemd.rules -+ rules/99-systemd.rules \ -+ rules/99-bridge.rules - - dist_udevhwdb_DATA = \ - hwdb/20-pci-vendor-model.hwdb \ -@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \ - - EXTRA_DIST += \ - rules/99-systemd.rules.in \ -+ rules/99-bridge.rules.in \ - src/udev/udev.pc.in - - CLEANFILES += \ - rules/99-systemd.rules \ -+ rules/99-bridge.rules \ - src/udev/udev.pc - - EXTRA_DIST += \ -diff --git a/rules/.gitignore b/rules/.gitignore -index 93a50ddd80..46c7f3ce91 100644 ---- a/rules/.gitignore -+++ b/rules/.gitignore -@@ -1 +1,2 @@ - /99-systemd.rules -+/99-bridge.rules -diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in -new file mode 100644 -index 0000000000..f46f96bd2e ---- /dev/null -+++ b/rules/99-bridge.rules.in -@@ -0,0 +1,9 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+# Apply sysctl settings to bridges -+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge" -diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf -new file mode 100644 -index 0000000000..b586bf15fa ---- /dev/null -+++ b/sysctl.d/50-bridge.conf -@@ -0,0 +1,4 @@ -+# Disable netfilter on bridges. -+net.bridge.bridge-nf-call-ip6tables = 0 -+net.bridge.bridge-nf-call-iptables = 0 -+net.bridge.bridge-nf-call-arptables = 0 diff --git a/0533-bus-proxyd-assorted-cleanups-and-fixes.patch b/0533-bus-proxyd-assorted-cleanups-and-fixes.patch new file mode 100644 index 0000000..accbfb4 --- /dev/null +++ b/0533-bus-proxyd-assorted-cleanups-and-fixes.patch @@ -0,0 +1,105 @@ +From e91c8c201931d6be8229d624c10ed9c7c210d470 Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Tue, 7 Oct 2014 17:58:29 +0200 +Subject: [PATCH] bus-proxyd: assorted cleanups and fixes + +Just some cleanups around policy checks that came up during review. +The code is still not productive. +--- + src/bus-proxyd/bus-policy.c | 23 +++++++++++++---------- + test/bus-policy/methods.conf | 2 +- + 2 files changed, 14 insertions(+), 11 deletions(-) + +diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c +index 2ff5d646f1..aea8541d50 100644 +--- a/src/bus-proxyd/bus-policy.c ++++ b/src/bus-proxyd/bus-policy.c +@@ -604,7 +604,10 @@ struct policy_check_filter { + int message_type; + const char *interface; + const char *path; +- const char *member; ++ union { ++ const char *name; ++ const char *member; ++ }; + char **names_strv; + Hashmap *names_hash; + }; +@@ -633,7 +636,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi + break; + } + +- if (i->message_type && (i->message_type != filter->message_type)) ++ if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type)) + break; + + if (i->path && !streq_ptr(i->path, filter->path)) +@@ -650,14 +653,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi + case POLICY_ITEM_OWN: + assert(filter->member); + +- if (streq(i->name, filter->member)) ++ if (streq(i->name, "*") || streq(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_OWN_PREFIX: + assert(filter->member); + +- if (startswith(i->name, filter->member)) ++ if (streq(i->name, "*") || startswith(i->name, filter->name)) + return is_permissive(i); + break; + +@@ -747,9 +750,9 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) { + bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) { + + struct policy_check_filter filter = { +- .class = POLICY_ITEM_OWN, +- .ucred = ucred, +- .member = name, ++ .class = POLICY_ITEM_OWN, ++ .ucred = ucred, ++ .name = name, + }; + + return policy_check(p, &filter) == ALLOW; +@@ -758,21 +761,21 @@ bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) { + bool policy_check_hello(Policy *p, const struct ucred *ucred) { + + struct policy_check_filter filter = { +- .class = POLICY_ITEM_USER, + .ucred = ucred, + }; + int user, group; + ++ filter.class = POLICY_ITEM_USER; + user = policy_check(p, &filter); + if (user == DENY) + return false; + + filter.class = POLICY_ITEM_GROUP; + group = policy_check(p, &filter); +- if (user == DUNNO && group == DUNNO) ++ if (group == DENY) + return false; + +- return !(user == DENY || group == DENY); ++ return !(user == DUNNO && group == DUNNO); + } + + bool policy_check_recv(Policy *p, +diff --git a/test/bus-policy/methods.conf b/test/bus-policy/methods.conf +index 4d4675ea10..4bc38f9151 100644 +--- a/test/bus-policy/methods.conf ++++ b/test/bus-policy/methods.conf +@@ -11,7 +11,7 @@ + + + +- ++ + + + diff --git a/0533-core-don-t-allow-enabling-if-unit-is-masked.patch b/0533-core-don-t-allow-enabling-if-unit-is-masked.patch deleted file mode 100644 index 64c80d5..0000000 --- a/0533-core-don-t-allow-enabling-if-unit-is-masked.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 85fa479ca5358d9472245eb0da6a86b5d644ccf9 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 7 Oct 2014 13:35:41 +0200 -Subject: [PATCH] core: don't allow enabling if unit is masked - ---- - src/shared/install.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/shared/install.c b/src/shared/install.c -index fa064c230f..945bb2748d 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -1516,6 +1516,19 @@ int unit_file_enable( - return r; - - STRV_FOREACH(i, files) { -+ UnitFileState state; -+ -+ state = unit_file_get_state(scope, root_dir, *i); -+ if (state < 0) { -+ log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); -+ return state; -+ } -+ -+ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { -+ log_error("Failed to enable unit: Unit %s is masked", *i); -+ return -ENOTSUP; -+ } -+ - r = install_info_add_auto(&c, *i); - if (r < 0) - return r; diff --git a/0534-core-don-t-allow-enabling-if-unit-is-masked.patch b/0534-core-don-t-allow-enabling-if-unit-is-masked.patch new file mode 100644 index 0000000..f46c6da --- /dev/null +++ b/0534-core-don-t-allow-enabling-if-unit-is-masked.patch @@ -0,0 +1,33 @@ +From f7101b7368dfe41dbc8b7203e06133cccb589c01 Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Tue, 7 Oct 2014 13:35:41 +0200 +Subject: [PATCH] core: don't allow enabling if unit is masked + +--- + src/shared/install.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/shared/install.c b/src/shared/install.c +index fa064c230f..945bb2748d 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1516,6 +1516,19 @@ int unit_file_enable( + return r; + + STRV_FOREACH(i, files) { ++ UnitFileState state; ++ ++ state = unit_file_get_state(scope, root_dir, *i); ++ if (state < 0) { ++ log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); ++ return state; ++ } ++ ++ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { ++ log_error("Failed to enable unit: Unit %s is masked", *i); ++ return -ENOTSUP; ++ } ++ + r = install_info_add_auto(&c, *i); + if (r < 0) + return r; diff --git a/0534-fedora-disable-resolv.conf-symlink.patch b/0534-fedora-disable-resolv.conf-symlink.patch deleted file mode 100644 index 66b5c96..0000000 --- a/0534-fedora-disable-resolv.conf-symlink.patch +++ /dev/null @@ -1,22 +0,0 @@ -From e2c48e9a4cff991e432472cd12a7b47a3049ece9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 3 Oct 2014 21:34:14 -0400 -Subject: [PATCH] fedora: disable resolv.conf symlink - ---- - tmpfiles.d/etc.conf.m4 | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 -index f567c8d6ea..125d6e0a17 100644 ---- a/tmpfiles.d/etc.conf.m4 -+++ b/tmpfiles.d/etc.conf.m4 -@@ -10,8 +10,5 @@ - L /etc/os-release - - - - ../usr/lib/os-release - L /etc/localtime - - - - ../usr/share/zoneinfo/UTC - L+ /etc/mtab - - - - ../proc/self/mounts --m4_ifdef(`ENABLE_RESOLVED', --L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf --) - C /etc/nsswitch.conf - - - - - C /etc/pam.d - - - - diff --git a/0535-fedora-add-bridge-sysctl-configuration.patch b/0535-fedora-add-bridge-sysctl-configuration.patch deleted file mode 100644 index 5824d10..0000000 --- a/0535-fedora-add-bridge-sysctl-configuration.patch +++ /dev/null @@ -1,87 +0,0 @@ -From ea3a099cb842beca5292d71e78f54c9dddde0ac6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Oct 2014 01:49:10 -0400 -Subject: [PATCH] fedora: add bridge sysctl configuration - -Udev rule is added to load those settings when the bridge -module is loaded. - -https://bugzilla.redhat.com/show_bug.cgi?id=634736 ---- - Makefile.am | 8 ++++++-- - rules/.gitignore | 1 + - rules/99-bridge.rules.in | 9 +++++++++ - sysctl.d/50-bridge.conf | 4 ++++ - 4 files changed, 20 insertions(+), 2 deletions(-) - create mode 100644 rules/99-bridge.rules.in - create mode 100644 sysctl.d/50-bridge.conf - -diff --git a/Makefile.am b/Makefile.am -index e52db1793b..41e94575ef 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -445,7 +445,8 @@ CLEANFILES += \ - $(nodist_zshcompletion_DATA) - - dist_sysctl_DATA = \ -- sysctl.d/50-default.conf -+ sysctl.d/50-default.conf \ -+ sysctl.d/50-bridge.conf - - dist_systemunit_DATA = \ - units/graphical.target \ -@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \ - rules/95-udev-late.rules - - nodist_udevrules_DATA += \ -- rules/99-systemd.rules -+ rules/99-systemd.rules \ -+ rules/99-bridge.rules - - dist_udevhwdb_DATA = \ - hwdb/20-pci-vendor-model.hwdb \ -@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \ - - EXTRA_DIST += \ - rules/99-systemd.rules.in \ -+ rules/99-bridge.rules.in \ - src/udev/udev.pc.in - - CLEANFILES += \ - rules/99-systemd.rules \ -+ rules/99-bridge.rules \ - src/udev/udev.pc - - EXTRA_DIST += \ -diff --git a/rules/.gitignore b/rules/.gitignore -index 93a50ddd80..46c7f3ce91 100644 ---- a/rules/.gitignore -+++ b/rules/.gitignore -@@ -1 +1,2 @@ - /99-systemd.rules -+/99-bridge.rules -diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in -new file mode 100644 -index 0000000000..f46f96bd2e ---- /dev/null -+++ b/rules/99-bridge.rules.in -@@ -0,0 +1,9 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+ -+# Apply sysctl settings to bridges -+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge" -diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf -new file mode 100644 -index 0000000000..b586bf15fa ---- /dev/null -+++ b/sysctl.d/50-bridge.conf -@@ -0,0 +1,4 @@ -+# Disable netfilter on bridges. -+net.bridge.bridge-nf-call-ip6tables = 0 -+net.bridge.bridge-nf-call-iptables = 0 -+net.bridge.bridge-nf-call-arptables = 0 diff --git a/0535-man-mention-docker-as-type-of-virtualization.patch b/0535-man-mention-docker-as-type-of-virtualization.patch new file mode 100644 index 0000000..7b97c86 --- /dev/null +++ b/0535-man-mention-docker-as-type-of-virtualization.patch @@ -0,0 +1,23 @@ +From 1e98337f26cb6805a684eff9bc5eb842512ac8fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Oct 2014 21:41:14 -0400 +Subject: [PATCH] man: mention docker as type of virtualization + +--- + man/systemd-detect-virt.xml | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index bdf220eb28..1e8230c555 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -74,7 +74,8 @@ + uml, + openvz, lxc, + lxc-libvirt, +- systemd-nspawn. ++ systemd-nspawn, ++ docker. + + If multiple virtualization solutions are used, + only the "innermost" is detected and identified. That diff --git a/0536-NEWS-update-for-217.patch b/0536-NEWS-update-for-217.patch new file mode 100644 index 0000000..1573bdd --- /dev/null +++ b/0536-NEWS-update-for-217.patch @@ -0,0 +1,100 @@ +From b62a309a47dd11e11729616767421397b6ca7053 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Oct 2014 22:01:37 -0400 +Subject: [PATCH] NEWS: update for 217 + +--- + NEWS | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 81 insertions(+) + +diff --git a/NEWS b/NEWS +index f52ee027a1..6d93787bf8 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,86 @@ + systemd System and Service Manager + ++CHANGES WITH 217: ++ ++ * journalctl gained option -t/--identifier to match on the ++ syslog identifier and --utc option to show timestamps in UTC ++ timezone. journalctl now also accepts -n/--lines=all to ++ disable line cap under a pager. ++ ++ * Services can notify the manager before they start a reload ++ (by sending RELOADING=1) or shutdown (by sending ++ STOPPING=1). This allows the manager to show the ++ internal state of daemons and closes a race condition ++ when the process is still running but has closed its ++ d-bus connection. ++ ++ * Services with Type=oneshot do not have to have any ++ ExecStart commands. ++ ++ * User units are now loaded also from ++ $XDG_RUNTIME_DIR/systemd/user/. This is similar to the ++ /run/systemd/user directory that was already previously ++ supported, but is under the control of the user. ++ ++ * A timeout for the start of the system can be configured. The ++ system can be configured to reboot or poweroff if the basic ++ system default target is not reached before the timeout (new ++ StartTimeoutSec=, StartTimeoutAction=, ++ StartTimeoutRebootArgument= options). ++ ++ * systemd-logind can be configured to also handle lid switch ++ events even when the machine is docked or multiple displays ++ are attached (HandleLidSwitchDocked= option). ++ ++ * A helper binary and a service have been added which can be ++ used to resume from hibernation in the initramfs. A ++ generator will parse the resume= option on the kernel ++ command-line to trigger resume. ++ ++ * systemd-evcat input debugging tool has been added. It will ++ print keys read for the input system and show modifier ++ status. ++ ++ * systemd-modeset graphics debugging tool will show undulating ++ rainbows on all connected displays. ++ ++ * A user console daemon systemd-consoled has been added. It is ++ a preview, and will so far open a single terminal on each ++ session of the user marked as Desktop=SYSTEMD-CONSOLE. ++ ++ * Route metrics can be specified for DHCP routes added by ++ systemd-networkd. ++ ++ * SELinux context of socket-actived services can be set from ++ the information provided by the remote peer ++ (SELinuxContextFromNet= option). ++ ++ * Userspace firmware loading support has been removed and ++ the minimum supported kernel version is thus bumped to 3.7. ++ ++ * Timeout for udev workers has been increased from 1 to 3 ++ minutes, but a warning will be printed after 1 minute to ++ help diagnose kernel modules that take a long time to load. ++ ++ * Udev rules can now remove tags with TAG-="foobar". ++ ++ * Readhead implementation has been removed. In many ++ circumstatances it didn't give expected benefits even for ++ rotational disk drives and was becoming less relevant in the ++ age of SSDs. ++ ++ * Swap units can use Discard= to specify discard options. ++ Discard options specified for swaps in /etc/fstab are now ++ respected. ++ ++ * Docker containers are now detected as a separate type of ++ virtualization. ++ ++ * The Password Agent protocol gained support for queries where ++ the user input is shown, useful e.g. for usernames. ++ systemd-ask-password gained a new --echo option to turn ++ that on. ++ + CHANGES WITH 216: + + * timedated no longer reads NTP implementation unit names from diff --git a/0537-unit-move-UnitDependency-to-unit-name.patch b/0537-unit-move-UnitDependency-to-unit-name.patch new file mode 100644 index 0000000..3f70c65 --- /dev/null +++ b/0537-unit-move-UnitDependency-to-unit-name.patch @@ -0,0 +1,235 @@ +From cb87a73b45503eaa6bead291423a529b00d27156 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Wed, 8 Oct 2014 11:58:57 +0200 +Subject: [PATCH] unit: move UnitDependency to unit-name + +--- + src/core/unit.c | 29 ---------------------------- + src/core/unit.h | 51 -------------------------------------------------- + src/shared/unit-name.c | 29 ++++++++++++++++++++++++++++ + src/shared/unit-name.h | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 80 insertions(+), 80 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 399d202738..0389e6e440 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3457,32 +3457,3 @@ static const char* const unit_active_state_table[_UNIT_ACTIVE_STATE_MAX] = { + }; + + DEFINE_STRING_TABLE_LOOKUP(unit_active_state, UnitActiveState); +- +-static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = { +- [UNIT_REQUIRES] = "Requires", +- [UNIT_REQUIRES_OVERRIDABLE] = "RequiresOverridable", +- [UNIT_REQUISITE] = "Requisite", +- [UNIT_REQUISITE_OVERRIDABLE] = "RequisiteOverridable", +- [UNIT_WANTS] = "Wants", +- [UNIT_BINDS_TO] = "BindsTo", +- [UNIT_PART_OF] = "PartOf", +- [UNIT_REQUIRED_BY] = "RequiredBy", +- [UNIT_REQUIRED_BY_OVERRIDABLE] = "RequiredByOverridable", +- [UNIT_WANTED_BY] = "WantedBy", +- [UNIT_BOUND_BY] = "BoundBy", +- [UNIT_CONSISTS_OF] = "ConsistsOf", +- [UNIT_CONFLICTS] = "Conflicts", +- [UNIT_CONFLICTED_BY] = "ConflictedBy", +- [UNIT_BEFORE] = "Before", +- [UNIT_AFTER] = "After", +- [UNIT_ON_FAILURE] = "OnFailure", +- [UNIT_TRIGGERS] = "Triggers", +- [UNIT_TRIGGERED_BY] = "TriggeredBy", +- [UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo", +- [UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom", +- [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf", +- [UNIT_REFERENCES] = "References", +- [UNIT_REFERENCED_BY] = "ReferencedBy", +-}; +- +-DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency); +diff --git a/src/core/unit.h b/src/core/unit.h +index 3e61067f84..a773762f36 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -28,7 +28,6 @@ + typedef struct Unit Unit; + typedef struct UnitVTable UnitVTable; + typedef enum UnitActiveState UnitActiveState; +-typedef enum UnitDependency UnitDependency; + typedef struct UnitRef UnitRef; + typedef struct UnitStatusMessageFormats UnitStatusMessageFormats; + +@@ -70,53 +69,6 @@ static inline bool UNIT_IS_INACTIVE_OR_FAILED(UnitActiveState t) { + return t == UNIT_INACTIVE || t == UNIT_FAILED; + } + +-enum UnitDependency { +- /* Positive dependencies */ +- UNIT_REQUIRES, +- UNIT_REQUIRES_OVERRIDABLE, +- UNIT_REQUISITE, +- UNIT_REQUISITE_OVERRIDABLE, +- UNIT_WANTS, +- UNIT_BINDS_TO, +- UNIT_PART_OF, +- +- /* Inverse of the above */ +- UNIT_REQUIRED_BY, /* inverse of 'requires' and 'requisite' is 'required_by' */ +- UNIT_REQUIRED_BY_OVERRIDABLE, /* inverse of 'requires_overridable' and 'requisite_overridable' is 'soft_required_by' */ +- UNIT_WANTED_BY, /* inverse of 'wants' */ +- UNIT_BOUND_BY, /* inverse of 'binds_to' */ +- UNIT_CONSISTS_OF, /* inverse of 'part_of' */ +- +- /* Negative dependencies */ +- UNIT_CONFLICTS, /* inverse of 'conflicts' is 'conflicted_by' */ +- UNIT_CONFLICTED_BY, +- +- /* Order */ +- UNIT_BEFORE, /* inverse of 'before' is 'after' and vice versa */ +- UNIT_AFTER, +- +- /* On Failure */ +- UNIT_ON_FAILURE, +- +- /* Triggers (i.e. a socket triggers a service) */ +- UNIT_TRIGGERS, +- UNIT_TRIGGERED_BY, +- +- /* Propagate reloads */ +- UNIT_PROPAGATES_RELOAD_TO, +- UNIT_RELOAD_PROPAGATED_FROM, +- +- /* Joins namespace of */ +- UNIT_JOINS_NAMESPACE_OF, +- +- /* Reference information for GC logic */ +- UNIT_REFERENCES, /* Inverse of 'references' is 'referenced_by' */ +- UNIT_REFERENCED_BY, +- +- _UNIT_DEPENDENCY_MAX, +- _UNIT_DEPENDENCY_INVALID = -1 +-}; +- + #include "manager.h" + #include "job.h" + +@@ -629,9 +581,6 @@ int unit_require_mounts_for(Unit *u, const char *path); + const char *unit_active_state_to_string(UnitActiveState i) _const_; + UnitActiveState unit_active_state_from_string(const char *s) _pure_; + +-const char *unit_dependency_to_string(UnitDependency i) _const_; +-UnitDependency unit_dependency_from_string(const char *s) _pure_; +- + /* Macros which append UNIT= or USER_UNIT= to the message */ + + #define log_full_unit(level, unit, ...) log_meta_object(level, __FILE__, __LINE__, __func__, getpid() == 1 ? "UNIT=" : "USER_UNIT=", unit, __VA_ARGS__) +diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c +index a2d62d3151..2ef85450e7 100644 +--- a/src/shared/unit-name.c ++++ b/src/shared/unit-name.c +@@ -592,3 +592,32 @@ int build_subslice(const char *slice, const char*name, char **subslice) { + *subslice = ret; + return 0; + } ++ ++static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = { ++ [UNIT_REQUIRES] = "Requires", ++ [UNIT_REQUIRES_OVERRIDABLE] = "RequiresOverridable", ++ [UNIT_REQUISITE] = "Requisite", ++ [UNIT_REQUISITE_OVERRIDABLE] = "RequisiteOverridable", ++ [UNIT_WANTS] = "Wants", ++ [UNIT_BINDS_TO] = "BindsTo", ++ [UNIT_PART_OF] = "PartOf", ++ [UNIT_REQUIRED_BY] = "RequiredBy", ++ [UNIT_REQUIRED_BY_OVERRIDABLE] = "RequiredByOverridable", ++ [UNIT_WANTED_BY] = "WantedBy", ++ [UNIT_BOUND_BY] = "BoundBy", ++ [UNIT_CONSISTS_OF] = "ConsistsOf", ++ [UNIT_CONFLICTS] = "Conflicts", ++ [UNIT_CONFLICTED_BY] = "ConflictedBy", ++ [UNIT_BEFORE] = "Before", ++ [UNIT_AFTER] = "After", ++ [UNIT_ON_FAILURE] = "OnFailure", ++ [UNIT_TRIGGERS] = "Triggers", ++ [UNIT_TRIGGERED_BY] = "TriggeredBy", ++ [UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo", ++ [UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom", ++ [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf", ++ [UNIT_REFERENCES] = "References", ++ [UNIT_REFERENCED_BY] = "ReferencedBy", ++}; ++ ++DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency); +diff --git a/src/shared/unit-name.h b/src/shared/unit-name.h +index d06d2b2353..daeb56a860 100644 +--- a/src/shared/unit-name.h ++++ b/src/shared/unit-name.h +@@ -29,6 +29,7 @@ + + typedef enum UnitType UnitType; + typedef enum UnitLoadState UnitLoadState; ++typedef enum UnitDependency UnitDependency; + + enum UnitType { + UNIT_SERVICE = 0, +@@ -59,6 +60,53 @@ enum UnitLoadState { + _UNIT_LOAD_STATE_INVALID = -1 + }; + ++enum UnitDependency { ++ /* Positive dependencies */ ++ UNIT_REQUIRES, ++ UNIT_REQUIRES_OVERRIDABLE, ++ UNIT_REQUISITE, ++ UNIT_REQUISITE_OVERRIDABLE, ++ UNIT_WANTS, ++ UNIT_BINDS_TO, ++ UNIT_PART_OF, ++ ++ /* Inverse of the above */ ++ UNIT_REQUIRED_BY, /* inverse of 'requires' and 'requisite' is 'required_by' */ ++ UNIT_REQUIRED_BY_OVERRIDABLE, /* inverse of 'requires_overridable' and 'requisite_overridable' is 'soft_required_by' */ ++ UNIT_WANTED_BY, /* inverse of 'wants' */ ++ UNIT_BOUND_BY, /* inverse of 'binds_to' */ ++ UNIT_CONSISTS_OF, /* inverse of 'part_of' */ ++ ++ /* Negative dependencies */ ++ UNIT_CONFLICTS, /* inverse of 'conflicts' is 'conflicted_by' */ ++ UNIT_CONFLICTED_BY, ++ ++ /* Order */ ++ UNIT_BEFORE, /* inverse of 'before' is 'after' and vice versa */ ++ UNIT_AFTER, ++ ++ /* On Failure */ ++ UNIT_ON_FAILURE, ++ ++ /* Triggers (i.e. a socket triggers a service) */ ++ UNIT_TRIGGERS, ++ UNIT_TRIGGERED_BY, ++ ++ /* Propagate reloads */ ++ UNIT_PROPAGATES_RELOAD_TO, ++ UNIT_RELOAD_PROPAGATED_FROM, ++ ++ /* Joins namespace of */ ++ UNIT_JOINS_NAMESPACE_OF, ++ ++ /* Reference information for GC logic */ ++ UNIT_REFERENCES, /* Inverse of 'references' is 'referenced_by' */ ++ UNIT_REFERENCED_BY, ++ ++ _UNIT_DEPENDENCY_MAX, ++ _UNIT_DEPENDENCY_INVALID = -1 ++}; ++ + const char *unit_type_to_string(UnitType i) _const_; + UnitType unit_type_from_string(const char *s) _pure_; + +@@ -112,3 +160,6 @@ char *unit_name_mangle(const char *name, enum unit_name_mangle allow_globs); + char *unit_name_mangle_with_suffix(const char *name, enum unit_name_mangle allow_globs, const char *suffix); + + int build_subslice(const char *slice, const char*name, char **subslice); ++ ++const char *unit_dependency_to_string(UnitDependency i) _const_; ++UnitDependency unit_dependency_from_string(const char *s) _pure_; diff --git a/0538-systemctl-add-add-wants-and-add-requires-verbs.patch b/0538-systemctl-add-add-wants-and-add-requires-verbs.patch new file mode 100644 index 0000000..9f96184 --- /dev/null +++ b/0538-systemctl-add-add-wants-and-add-requires-verbs.patch @@ -0,0 +1,595 @@ +From e94937df954451eb4aa63573f0d7404ed2db987e Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Wed, 8 Oct 2014 11:59:46 +0200 +Subject: [PATCH] systemctl: add add-wants and add-requires verbs + +--- + TODO | 1 - + man/systemctl.xml | 19 ++++++ + src/core/dbus-manager.c | 83 +++++++++++++++++---------- + src/core/org.freedesktop.systemd1.conf | 4 ++ + src/core/selinux-access.c | 29 ++++++++++ + src/core/selinux-access.h | 3 + + src/shared/install.c | 102 ++++++++++++++++++++++++++++++--- + src/shared/install.h | 2 + + src/systemctl/systemctl.c | 100 ++++++++++++++++++++++++++++++++ + 9 files changed, 303 insertions(+), 40 deletions(-) + +diff --git a/TODO b/TODO +index 10baa1cec3..b437166273 100644 +--- a/TODO ++++ b/TODO +@@ -461,7 +461,6 @@ Features: + - "systemctl mask" should find all names by which a unit is accessible + (i.e. by scanning for symlinks to it) and link them all to /dev/null + - systemctl list-unit-files should list generated files (and probably with a new state "generated" for them, or so) +- - systemctl: maybe add "systemctl add-wants" or so... + + * timer units: + - timer units should get the ability to trigger when: +diff --git a/man/systemctl.xml b/man/systemctl.xml +index b28a3b7e8a..b2aa17f22b 100644 +--- a/man/systemctl.xml ++++ b/man/systemctl.xml +@@ -1098,6 +1098,25 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service + + + ++ add-wants TARGET ++ NAME... ++ add-requires TARGET ++ NAME... ++ ++ ++ Adds Wants= resp. Requires= ++ dependency to the specified TARGET for ++ one or more units. ++ ++ This command honors , ++ , and ++ in a similar way as ++ enable. ++ ++ ++ ++ ++ + link FILENAME... + + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 533ce439a7..57db1c9f6a 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -1562,9 +1562,6 @@ static int method_enable_unit_files_generic( + sd_bus_error *error) { + + _cleanup_strv_free_ char **l = NULL; +-#ifdef HAVE_SELINUX +- char **i; +-#endif + UnitFileChange *changes = NULL; + unsigned n_changes = 0; + UnitFileScope scope; +@@ -1588,18 +1585,9 @@ static int method_enable_unit_files_generic( + if (r < 0) + return r; + +-#ifdef HAVE_SELINUX +- STRV_FOREACH(i, l) { +- Unit *u; +- +- u = manager_get_unit(m, *i); +- if (u) { +- r = selinux_unit_access_check(u, message, verb, error); +- if (r < 0) +- return r; +- } +- } +-#endif ++ r = selinux_unit_access_check_strv(l, message, m, verb, error); ++ if (r < 0) ++ return r; + + scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; + +@@ -1637,9 +1625,6 @@ static int method_mask_unit_files(sd_bus *bus, sd_bus_message *message, void *us + static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { + + _cleanup_strv_free_ char **l = NULL; +-#ifdef HAVE_SELINUX +- char **i; +-#endif + UnitFileChange *changes = NULL; + unsigned n_changes = 0; + Manager *m = userdata; +@@ -1674,18 +1659,9 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa + return -EINVAL; + } + +-#ifdef HAVE_SELINUX +- STRV_FOREACH(i, l) { +- Unit *u; +- +- u = manager_get_unit(m, *i); +- if (u) { +- r = selinux_unit_access_check(u, message, "enable", error); +- if (r < 0) +- return r; +- } +- } +-#endif ++ r = selinux_unit_access_check_strv(l, message, m, "enable", error); ++ if (r < 0) ++ return r; + + scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; + +@@ -1828,6 +1804,52 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo + return reply_unit_file_changes_and_free(m, bus, message, -1, changes, n_changes); + } + ++static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { ++ _cleanup_strv_free_ char **l = NULL; ++ Manager *m = userdata; ++ UnitFileChange *changes = NULL; ++ unsigned n_changes = 0; ++ UnitFileScope scope; ++ int runtime, force, r; ++ char *target; ++ char *type; ++ UnitDependency dep; ++ ++ assert(bus); ++ assert(message); ++ assert(m); ++ ++ r = bus_verify_manage_unit_files_async(m, message, error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ ++ ++ r = sd_bus_message_read_strv(message, &l); ++ if (r < 0) ++ return r; ++ ++ r = sd_bus_message_read(message, "ssbb", &target, &type, &runtime, &force); ++ if (r < 0) ++ return r; ++ ++ dep = unit_dependency_from_string(type); ++ if (dep < 0) ++ return -EINVAL; ++ ++ r = selinux_unit_access_check_strv(l, message, m, "enable", error); ++ if (r < 0) ++ return r; ++ ++ scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; ++ ++ r = unit_file_add_dependency(scope, runtime, NULL, l, target, dep, force, &changes, &n_changes); ++ if (r < 0) ++ return r; ++ ++ return reply_unit_file_changes_and_free(m, bus, message, -1, changes, n_changes); ++} ++ + const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_VTABLE_START(0), + +@@ -1918,6 +1940,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_METHOD("SetDefaultTarget", "sb", "a(sss)", method_set_default_target, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("GetDefaultTarget", NULL, "s", method_get_default_target, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("PresetAllUnitFiles", "sbb", "a(sss)", method_preset_all_unit_files, SD_BUS_VTABLE_UNPRIVILEGED), ++ SD_BUS_METHOD("AddDependencyUnitFiles", "asssbb", "a(sss)", method_add_dependency_unit_files, SD_BUS_VTABLE_UNPRIVILEGED), + + SD_BUS_SIGNAL("UnitNew", "so", 0), + SD_BUS_SIGNAL("UnitRemoved", "so", 0), +diff --git a/src/core/org.freedesktop.systemd1.conf b/src/core/org.freedesktop.systemd1.conf +index 3e1382524a..6a7a37ee92 100644 +--- a/src/core/org.freedesktop.systemd1.conf ++++ b/src/core/org.freedesktop.systemd1.conf +@@ -199,6 +199,10 @@ + send_member="PresetAllUnitFiles"/> + + ++ ++ + +diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c +index cdbfb83a1a..184f202c1e 100644 +--- a/src/core/selinux-access.c ++++ b/src/core/selinux-access.c +@@ -250,6 +250,27 @@ finish: + return r; + } + ++int selinux_unit_access_check_strv(char **units, ++ sd_bus_message *message, ++ Manager *m, ++ const char *permission, ++ sd_bus_error *error) { ++ char **i; ++ Unit *u; ++ int r; ++ ++ STRV_FOREACH(i, units) { ++ u = manager_get_unit(m, *i); ++ if (u) { ++ r = selinux_unit_access_check(u, message, permission, error); ++ if (r < 0) ++ return r; ++ } ++ } ++ ++ return 0; ++} ++ + #else + + int selinux_generic_access_check( +@@ -264,4 +285,12 @@ int selinux_generic_access_check( + void selinux_access_free(void) { + } + ++int selinux_unit_access_check_strv(char **units, ++ sd_bus_message *message, ++ Manager *m, ++ const char *permission, ++ sd_bus_error *error) { ++ return 0; ++} ++ + #endif +diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h +index 27d9e14591..6a4362a73c 100644 +--- a/src/core/selinux-access.h ++++ b/src/core/selinux-access.h +@@ -24,11 +24,14 @@ + #include "sd-bus.h" + #include "bus-error.h" + #include "bus-util.h" ++#include "manager.h" + + void selinux_access_free(void); + + int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); + ++int selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error); ++ + #ifdef HAVE_SELINUX + + #define selinux_access_check(message, permission, error) \ +diff --git a/src/shared/install.c b/src/shared/install.c +index 945bb2748d..ff5dcbac15 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1042,7 +1042,8 @@ static int unit_file_load( + InstallInfo *info, + const char *path, + const char *root_dir, +- bool allow_symlink) { ++ bool allow_symlink, ++ bool load) { + + const ConfigTableItem items[] = { + { "Install", "Alias", config_parse_strv, 0, &info->aliases }, +@@ -1064,6 +1065,11 @@ static int unit_file_load( + if (!isempty(root_dir)) + path = strappenda(root_dir, "/", path); + ++ if (!load) { ++ r = access(path, F_OK) ? -errno : 0; ++ return r; ++ } ++ + fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|(allow_symlink ? 0 : O_NOFOLLOW)); + if (fd < 0) + return -errno; +@@ -1092,7 +1098,8 @@ static int unit_file_search( + InstallInfo *info, + LookupPaths *paths, + const char *root_dir, +- bool allow_symlink) { ++ bool allow_symlink, ++ bool load) { + + char **p; + int r; +@@ -1102,7 +1109,7 @@ static int unit_file_search( + assert(paths); + + if (info->path) +- return unit_file_load(c, info, info->path, root_dir, allow_symlink); ++ return unit_file_load(c, info, info->path, root_dir, allow_symlink, load); + + assert(info->name); + +@@ -1113,7 +1120,7 @@ static int unit_file_search( + if (!path) + return -ENOMEM; + +- r = unit_file_load(c, info, path, root_dir, allow_symlink); ++ r = unit_file_load(c, info, path, root_dir, allow_symlink, load); + if (r >= 0) { + info->path = path; + path = NULL; +@@ -1142,7 +1149,7 @@ static int unit_file_search( + if (!path) + return -ENOMEM; + +- r = unit_file_load(c, info, path, root_dir, allow_symlink); ++ r = unit_file_load(c, info, path, root_dir, allow_symlink, load); + if (r >= 0) { + info->path = path; + path = NULL; +@@ -1175,7 +1182,7 @@ static int unit_file_can_install( + + assert_se(i = hashmap_first(c.will_install)); + +- r = unit_file_search(&c, i, paths, root_dir, allow_symlink); ++ r = unit_file_search(&c, i, paths, root_dir, allow_symlink, true); + + if (r >= 0) + r = +@@ -1402,7 +1409,7 @@ static int install_context_apply( + + assert_se(hashmap_move_one(c->have_installed, c->will_install, i->name) == 0); + +- q = unit_file_search(c, i, paths, root_dir, false); ++ q = unit_file_search(c, i, paths, root_dir, false, true); + if (q < 0) { + if (r >= 0) + r = q; +@@ -1443,7 +1450,7 @@ static int install_context_mark_for_removal( + + assert_se(hashmap_move_one(c->have_installed, c->will_install, i->name) == 0); + +- q = unit_file_search(c, i, paths, root_dir, false); ++ q = unit_file_search(c, i, paths, root_dir, false, true); + if (q == -ENOENT) { + /* do nothing */ + } else if (q < 0) { +@@ -1489,6 +1496,83 @@ static int install_context_mark_for_removal( + return r; + } + ++int unit_file_add_dependency( ++ UnitFileScope scope, ++ bool runtime, ++ const char *root_dir, ++ char **files, ++ char *target, ++ UnitDependency dep, ++ bool force, ++ UnitFileChange **changes, ++ unsigned *n_changes) { ++ ++ _cleanup_lookup_paths_free_ LookupPaths paths = {}; ++ _cleanup_(install_context_done) InstallContext c = {}; ++ _cleanup_free_ char *config_path = NULL; ++ char **i; ++ int r; ++ InstallInfo *info; ++ ++ assert(scope >= 0); ++ assert(scope < _UNIT_FILE_SCOPE_MAX); ++ ++ r = lookup_paths_init_from_scope(&paths, scope, root_dir); ++ if (r < 0) ++ return r; ++ ++ r = get_config_path(scope, runtime, root_dir, &config_path); ++ if (r < 0) ++ return r; ++ ++ STRV_FOREACH(i, files) { ++ UnitFileState state; ++ ++ state = unit_file_get_state(scope, root_dir, *i); ++ if (state < 0) { ++ log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); ++ return state; ++ } ++ ++ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { ++ log_error("Failed to enable unit: Unit %s is masked", *i); ++ return -ENOTSUP; ++ } ++ ++ r = install_info_add_auto(&c, *i); ++ if (r < 0) ++ return r; ++ } ++ ++ while ((info = hashmap_first(c.will_install))) { ++ r = hashmap_ensure_allocated(&c.have_installed, &string_hash_ops); ++ if (r < 0) ++ return r; ++ ++ assert_se(hashmap_move_one(c.have_installed, c.will_install, info->name) == 0); ++ ++ r = unit_file_search(&c, info, &paths, root_dir, false, false); ++ if (r < 0) ++ return r; ++ ++ if (dep == UNIT_WANTS) ++ r = strv_extend(&info->wanted_by, target); ++ else if (dep == UNIT_REQUIRES) ++ r = strv_extend(&info->required_by, target); ++ else ++ r = -EINVAL; ++ ++ if (r < 0) ++ return r; ++ ++ r = install_info_apply(info, &paths, config_path, root_dir, force, changes, n_changes); ++ if (r < 0) ++ return r; ++ } ++ ++ return 0; ++} ++ + int unit_file_enable( + UnitFileScope scope, + bool runtime, +@@ -1638,7 +1722,7 @@ int unit_file_set_default( + + assert_se(i = hashmap_first(c.will_install)); + +- r = unit_file_search(&c, i, &paths, root_dir, false); ++ r = unit_file_search(&c, i, &paths, root_dir, false, true); + if (r < 0) + return r; + +diff --git a/src/shared/install.h b/src/shared/install.h +index ff16d9f681..c0b4df69d5 100644 +--- a/src/shared/install.h ++++ b/src/shared/install.h +@@ -22,6 +22,7 @@ + ***/ + + #include "hashmap.h" ++#include "unit-name.h" + + typedef enum UnitFileScope { + UNIT_FILE_SYSTEM, +@@ -93,6 +94,7 @@ int unit_file_mask(UnitFileScope scope, bool runtime, const char *root_dir, char + int unit_file_unmask(UnitFileScope scope, bool runtime, const char *root_dir, char **files, UnitFileChange **changes, unsigned *n_changes); + int unit_file_set_default(UnitFileScope scope, const char *root_dir, const char *file, bool force, UnitFileChange **changes, unsigned *n_changes); + int unit_file_get_default(UnitFileScope scope, const char *root_dir, char **name); ++int unit_file_add_dependency(UnitFileScope scope, bool runtime, const char *root_dir, char **files, char *target, UnitDependency dep, bool force, UnitFileChange **changes, unsigned *n_changes); + + UnitFileState unit_file_get_state(UnitFileScope scope, const char *root_dir, const char *filename); + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 1c6fef484e..12175923e9 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -5288,6 +5288,100 @@ finish: + return r; + } + ++static int add_dependency(sd_bus *bus, char **args) { ++ _cleanup_strv_free_ char **names = NULL; ++ _cleanup_free_ char *target = NULL; ++ const char *verb = args[0]; ++ UnitDependency dep; ++ int r = 0; ++ ++ if (!args[1]) ++ return 0; ++ ++ target = unit_name_mangle_with_suffix(args[1], MANGLE_NOGLOB, ".target"); ++ if (!target) ++ return log_oom(); ++ ++ r = mangle_names(args+2, &names); ++ if (r < 0) ++ return r; ++ ++ if (streq(verb, "add-wants")) ++ dep = UNIT_WANTS; ++ else if (streq(verb, "add-requires")) ++ dep = UNIT_REQUIRES; ++ else ++ assert_not_reached("Unknown verb"); ++ ++ if (!bus || avoid_bus()) { ++ UnitFileChange *changes = NULL; ++ unsigned n_changes = 0; ++ ++ r = unit_file_add_dependency(arg_scope, arg_runtime, arg_root, names, target, dep, arg_force, &changes, &n_changes); ++ ++ if (r < 0) { ++ log_error("Can't add dependency: %s", strerror(-r)); ++ return r; ++ } ++ ++ if (!arg_quiet) ++ dump_unit_file_changes(changes, n_changes); ++ ++ unit_file_changes_free(changes, n_changes); ++ ++ } else { ++ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL, *m = NULL; ++ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; ++ ++ r = sd_bus_message_new_method_call( ++ bus, ++ &m, ++ "org.freedesktop.systemd1", ++ "/org/freedesktop/systemd1", ++ "org.freedesktop.systemd1.Manager", ++ "AddDependencyUnitFiles"); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append_strv(m, names); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append(m, "s", target); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append(m, "s", unit_dependency_to_string(dep)); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append(m, "b", arg_runtime); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_message_append(m, "b", arg_force); ++ if (r < 0) ++ return bus_log_create_error(r); ++ ++ r = sd_bus_call(bus, m, 0, &error, &reply); ++ if (r < 0) { ++ log_error("Failed to execute operation: %s", bus_error_message(&error, r)); ++ return r; ++ } ++ ++ r = deserialize_and_dump_unit_file_changes(reply); ++ if (r < 0) ++ return r; ++ ++ if (!arg_no_reload) ++ r = daemon_reload(bus, args); ++ else ++ r = 0; ++ } ++ ++ return r; ++} ++ + static int preset_all(sd_bus *bus, char **args) { + UnitFileChange *changes = NULL; + unsigned n_changes = 0; +@@ -5533,6 +5627,10 @@ static void systemctl_help(void) { + " unmask NAME... Unmask one or more units\n" + " link PATH... Link one or more units files into\n" + " the search path\n" ++ " add-wants TARGET NAME... Add 'Wants' dependency for the target\n" ++ " on specified one or more units\n" ++ " add-requires TARGET NAME... Add 'Requires' dependency for the target\n" ++ " on specified one or more units\n" + " get-default Get the name of the default target\n" + " set-default NAME Set the default target\n\n" + "Machine Commands:\n" +@@ -6543,6 +6641,8 @@ static int systemctl_main(sd_bus *bus, int argc, char *argv[], int bus_error) { + { "get-default", EQUAL, 1, get_default, NOBUS }, + { "set-property", MORE, 3, set_property }, + { "is-system-running", EQUAL, 1, is_system_running }, ++ { "add-wants", MORE, 3, add_dependency, NOBUS }, ++ { "add-requires", MORE, 3, add_dependency, NOBUS }, + {} + }, *verb = verbs; + diff --git a/0539-note-on-relative-symlink-in-os-release.patch b/0539-note-on-relative-symlink-in-os-release.patch new file mode 100644 index 0000000..2f17cd2 --- /dev/null +++ b/0539-note-on-relative-symlink-in-os-release.patch @@ -0,0 +1,33 @@ +From 5a94946cdf38d3574bd32cd3151b32003df60e6a Mon Sep 17 00:00:00 2001 +From: Rahul Sundaram +Date: Wed, 8 Oct 2014 01:42:59 -0400 +Subject: [PATCH] note on relative symlink in os-release + +--- + man/os-release.xml | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/man/os-release.xml b/man/os-release.xml +index 4e02f800b6..b298304943 100644 +--- a/man/os-release.xml ++++ b/man/os-release.xml +@@ -90,11 +90,15 @@ + files at the same + time. /usr/lib/os-release is the + recommended place to store OS release information as +- part of vendor trees. Frequently, +- /etc/os-release is simply a +- symlink to /usr/lib/os-release, ++ part of vendor trees. ++ /etc/os-release should be a ++ relative symlink to ++ /usr/lib/os-release, + to provide compatibility with applications only +- looking at /etc. ++ looking at /etc. A relative ++ symlink instead of an absolute symlink is ++ necessary to avoid breaking the link in a chroot or ++ initrd environment such as dracut. + + os-release contains data + that is defined by the operating system vendor and diff --git a/0540-nspawn-copy-dev-net-tun-from-host.patch b/0540-nspawn-copy-dev-net-tun-from-host.patch new file mode 100644 index 0000000..3db43d5 --- /dev/null +++ b/0540-nspawn-copy-dev-net-tun-from-host.patch @@ -0,0 +1,45 @@ +From 85614d663e4a09beee1c78aaa67f02943d50d5a0 Mon Sep 17 00:00:00 2001 +From: Tom Gundersen +Date: Wed, 8 Oct 2014 15:01:07 +0200 +Subject: [PATCH] nspawn: copy /dev/net/tun from host + +This enables tuntap support in the container (assumning the necessary capabilities are in place). +--- + src/nspawn/nspawn.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 34436b82a2..da4c116f36 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1101,7 +1101,8 @@ static int copy_devnodes(const char *dest) { + "full\0" + "random\0" + "urandom\0" +- "tty\0"; ++ "tty\0" ++ "net/tun\0"; + + const char *d; + int r = 0; +@@ -1132,10 +1133,17 @@ static int copy_devnodes(const char *dest) { + log_error("%s is not a char or block device, cannot copy", from); + return -EIO; + +- } else if (mknod(to, st.st_mode, st.st_rdev) < 0) { ++ } else { ++ r = mkdir_parents(to, 0775); ++ if (r < 0) { ++ log_error("Failed to create parent directory of %s: %s", to, strerror(-r)); ++ return -r; ++ } + +- log_error("mknod(%s) failed: %m", dest); +- return -errno; ++ if (mknod(to, st.st_mode, st.st_rdev) < 0) { ++ log_error("mknod(%s) failed: %m", dest); ++ return -errno; ++ } + } + } + diff --git a/0541-sd-bus-sync-kdbus.h-ABI-break.patch b/0541-sd-bus-sync-kdbus.h-ABI-break.patch new file mode 100644 index 0000000..ef9f4b2 --- /dev/null +++ b/0541-sd-bus-sync-kdbus.h-ABI-break.patch @@ -0,0 +1,145 @@ +From 40885bb29e3f39fc06787075f666a0ec2ac35361 Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Wed, 8 Oct 2014 15:32:41 +0200 +Subject: [PATCH] sd-bus: sync kdbus.h (ABI break) + +Sync kdbus.h once again. Two thing have changed: + + a) KDBUS_CMD_EP_* was renamed to KDBUS_CMD_ENDPOINT_* + b) struct kdbus_cmd_hello and struct kdbus_cmd_make gained a + 'features' bitfield (which is currently unused) +--- + src/libsystemd/sd-bus/bus-kernel.c | 19 ++++++++++--------- + src/libsystemd/sd-bus/kdbus.h | 16 ++++++++++------ + 2 files changed, 20 insertions(+), 15 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c +index b431d78139..c3dbc837d7 100644 +--- a/src/libsystemd/sd-bus/bus-kernel.c ++++ b/src/libsystemd/sd-bus/bus-kernel.c +@@ -1307,9 +1307,9 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { + return -errno; + } + +- /* The higher 32bit of the flags field are considered +- * 'incompatible flags'. Refuse them all for now. */ +- if (make->flags > 0xFFFFFFFFULL) { ++ /* The features field are considered 'incompatible flags'. ++ * Refuse them all for now. */ ++ if (make->features) { + safe_close(fd); + return -ENOTSUP; + } +@@ -1439,14 +1439,14 @@ int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char * + n->size = offsetof(struct kdbus_item, str) + strlen(ep_name) + 1; + strcpy(n->str, ep_name); + +- if (ioctl(fd, KDBUS_CMD_EP_MAKE, make) < 0) { ++ if (ioctl(fd, KDBUS_CMD_ENDPOINT_MAKE, make) < 0) { + safe_close(fd); + return -errno; + } + +- /* The higher 32bit of the flags field are considered +- * 'incompatible flags'. Refuse them all for now. */ +- if (make->flags > 0xFFFFFFFFULL) { ++ /* The features field are considered 'incompatible flags'. ++ * Refuse them all for now. */ ++ if (make->features) { + safe_close(fd); + return -ENOTSUP; + } +@@ -1503,7 +1503,7 @@ int bus_kernel_set_endpoint_policy(int fd, uid_t uid, BusEndpoint *ep) { + n = KDBUS_ITEM_NEXT(n); + } + +- r = ioctl(fd, KDBUS_CMD_EP_UPDATE, update); ++ r = ioctl(fd, KDBUS_CMD_ENDPOINT_UPDATE, update); + if (r < 0) + return -errno; + +@@ -1576,7 +1576,8 @@ int bus_kernel_make_starter( + + /* The higher 32bit of both flags fields are considered + * 'incompatible flags'. Refuse them all for now. */ +- if (hello->bus_flags > 0xFFFFFFFFULL || ++ if (hello->features || ++ hello->bus_flags > 0xFFFFFFFFULL || + hello->conn_flags > 0xFFFFFFFFULL) + return -ENOTSUP; + +diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h +index 8994b5673d..79a17f3449 100644 +--- a/src/libsystemd/sd-bus/kdbus.h ++++ b/src/libsystemd/sd-bus/kdbus.h +@@ -554,6 +554,7 @@ enum kdbus_attach_flags { + /** + * struct kdbus_cmd_hello - struct to say hello to kdbus + * @size: The total size of the structure ++ * @features: Feature negotiation bitmask + * @conn_flags: Connection flags (KDBUS_HELLO_*). + * @attach_flags: Mask of metadata to attach to each message sent + * (KDBUS_ATTACH_*) +@@ -573,6 +574,7 @@ enum kdbus_attach_flags { + */ + struct kdbus_cmd_hello { + __u64 size; ++ __u64 features; + __u64 conn_flags; + __u64 attach_flags; + __u64 bus_flags; +@@ -596,14 +598,16 @@ enum kdbus_make_flags { + /** + * struct kdbus_cmd_make - struct to make a bus, an endpoint or a domain + * @size: The total size of the struct ++ * @features: Feature negotiation bitmask + * @flags: Properties for the bus/ep/domain to create + * @items: Items describing details + * +- * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_EP_MAKE and +- * KDBUS_CMD_DOMAIN_MAKE ioctls. ++ * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_ENDPOINT_MAKE ++ * and KDBUS_CMD_DOMAIN_MAKE ioctls. + */ + struct kdbus_cmd_make { + __u64 size; ++ __u64 features; + __u64 flags; + struct kdbus_item items[0]; + } __attribute__((aligned(8))); +@@ -775,7 +779,7 @@ struct kdbus_cmd_match { + * is closed. + * @KDBUS_CMD_DOMAIN_MAKE: Similar to KDBUS_CMD_BUS_MAKE, but it creates a + * new kdbus domain. +- * @KDBUS_CMD_EP_MAKE: Creates a new named special endpoint to talk to ++ * @KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to + * the bus. Such endpoints usually carry a more + * restrictive policy and grant restricted access + * to specific applications. +@@ -811,7 +815,7 @@ struct kdbus_cmd_match { + * @KDBUS_CMD_CONN_UPDATE: Update the properties of a connection. Used to + * update the metadata subscription mask and + * policy. +- * @KDBUS_CMD_EP_UPDATE: Update the properties of a custom enpoint. Used ++ * @KDBUS_CMD_ENDPOINT_UPDATE: Update the properties of a custom enpoint. Used + * to update the policy. + * @KDBUS_CMD_MATCH_ADD: Install a match which broadcast messages should + * be delivered to the connection. +@@ -822,7 +826,7 @@ enum kdbus_ioctl_type { + struct kdbus_cmd_make), + KDBUS_CMD_DOMAIN_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x10, + struct kdbus_cmd_make), +- KDBUS_CMD_EP_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x20, ++ KDBUS_CMD_ENDPOINT_MAKE = _IOW(KDBUS_IOCTL_MAGIC, 0x20, + struct kdbus_cmd_make), + + KDBUS_CMD_HELLO = _IOWR(KDBUS_IOCTL_MAGIC, 0x30, +@@ -850,7 +854,7 @@ enum kdbus_ioctl_type { + KDBUS_CMD_CONN_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x61, + struct kdbus_cmd_update), + +- KDBUS_CMD_EP_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x71, ++ KDBUS_CMD_ENDPOINT_UPDATE = _IOW(KDBUS_IOCTL_MAGIC, 0x71, + struct kdbus_cmd_update), + + KDBUS_CMD_MATCH_ADD = _IOW(KDBUS_IOCTL_MAGIC, 0x80, diff --git a/0542-Update-TODO.patch b/0542-Update-TODO.patch new file mode 100644 index 0000000..7580321 --- /dev/null +++ b/0542-Update-TODO.patch @@ -0,0 +1,27 @@ +From 402696d787d252d6317e36c5be340d47578bb27b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 8 Oct 2014 21:32:30 +0200 +Subject: [PATCH] Update TODO + +--- + TODO | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/TODO b/TODO +index b437166273..7d205faa8d 100644 +--- a/TODO ++++ b/TODO +@@ -34,6 +34,13 @@ External: + + Features: + ++* bus-proxy: when passing messages from kdbus, make sure we properly ++ handle the case where a large number of fds is appended that we ++ cannot pass into sendmsg() of the AF_UNIX sokcet (which only accepts ++ 253 messages) ++ ++* check for validity of ucred fields in bus-proxy, like we do in journald ++ + * busctl: add a pcap writer, using LINKTYPE_DBUS/231 + + * man: maybe use the word "inspect" rather than "introspect"? diff --git a/0543-core-map-the-rescue-argument-to-rescue.target.patch b/0543-core-map-the-rescue-argument-to-rescue.target.patch new file mode 100644 index 0000000..b17c64e --- /dev/null +++ b/0543-core-map-the-rescue-argument-to-rescue.target.patch @@ -0,0 +1,24 @@ +From 5329ab10ffaf5b4a3fd6ebd9380b1ec09d05cfc8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= +Date: Tue, 7 Oct 2014 14:55:21 +0300 +Subject: [PATCH] core: map the 'rescue' argument to rescue.target + +Even though the 'emergency' and 'single' aliases come from sysvinit, the +lack of 'rescue' is still quite confusing (caught me by surprise for the +9th time yet) and inconsistent with `systemctl rescue` as well. +--- + src/core/main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 1a62e04c80..44373cc7ef 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -272,6 +272,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { + static const char * const rlmap[] = { + "emergency", SPECIAL_EMERGENCY_TARGET, + "-b", SPECIAL_EMERGENCY_TARGET, ++ "rescue", SPECIAL_RESCUE_TARGET, + "single", SPECIAL_RESCUE_TARGET, + "-s", SPECIAL_RESCUE_TARGET, + "s", SPECIAL_RESCUE_TARGET, diff --git a/0544-time-functions-named-internal-really-shouldn-t-be-ex.patch b/0544-time-functions-named-internal-really-shouldn-t-be-ex.patch new file mode 100644 index 0000000..6b037e9 --- /dev/null +++ b/0544-time-functions-named-internal-really-shouldn-t-be-ex.patch @@ -0,0 +1,143 @@ +From 5ab99e076c72a44f2e174e48abd9945cd0180d76 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 8 Oct 2014 22:37:45 +0200 +Subject: [PATCH] time: functions named "internal" really shouldn't be exported + +Also, let's try to make function names descriptive, instead of using +bools for flags. +--- + src/journal/journalctl.c | 22 +++++++++++++++------- + src/shared/logs-show.c | 4 +++- + src/shared/time-util.c | 16 ++++++++++++++-- + src/shared/time-util.h | 5 +++-- + 4 files changed, 35 insertions(+), 12 deletions(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 816934ee6b..feb53bd203 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -127,6 +127,14 @@ static void pager_open_if_enabled(void) { + pager_open(arg_pager_end); + } + ++static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) { ++ ++ if (arg_utc) ++ return format_timestamp_utc(buf, l, t); ++ ++ return format_timestamp(buf, l, t); ++} ++ + static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) { + sd_id128_t id = SD_ID128_NULL; + int off = 0, r; +@@ -890,8 +898,8 @@ static int list_boots(sd_journal *j) { + printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n", + w, i - count + 1, + SD_ID128_FORMAT_VAL(id->id), +- format_timestamp_internal(a, sizeof(a), id->first, arg_utc), +- format_timestamp_internal(b, sizeof(b), id->last, arg_utc)); ++ format_timestamp_maybe_utc(a, sizeof(a), id->first), ++ format_timestamp_maybe_utc(b, sizeof(b), id->last)); + } + + return 0; +@@ -1502,8 +1510,8 @@ static int verify(sd_journal *j) { + if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) { + if (validated > 0) { + log_info("=> Validated from %s to %s, final %s entries not sealed.", +- format_timestamp_internal(a, sizeof(a), first, arg_utc), +- format_timestamp_internal(b, sizeof(b), validated, arg_utc), ++ format_timestamp_maybe_utc(a, sizeof(a), first), ++ format_timestamp_maybe_utc(b, sizeof(b), validated), + format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0)); + } else if (last > 0) + log_info("=> No sealing yet, %s of entries not sealed.", +@@ -1898,11 +1906,11 @@ int main(int argc, char *argv[]) { + if (r > 0) { + if (arg_follow) + printf("-- Logs begin at %s. --\n", +- format_timestamp_internal(start_buf, sizeof(start_buf), start, arg_utc)); ++ format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start)); + else + printf("-- Logs begin at %s, end at %s. --\n", +- format_timestamp_internal(start_buf, sizeof(start_buf), start, arg_utc), +- format_timestamp_internal(end_buf, sizeof(end_buf), end, arg_utc)); ++ format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start), ++ format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end)); + } + } + +diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c +index e30e6865ac..3d742491c9 100644 +--- a/src/shared/logs-show.c ++++ b/src/shared/logs-show.c +@@ -447,7 +447,9 @@ static int output_verbose( + } + + fprintf(f, "%s [%s]\n", +- format_timestamp_us(ts, sizeof(ts), realtime, flags & OUTPUT_UTC), ++ flags & OUTPUT_UTC ? ++ format_timestamp_us_utc(ts, sizeof(ts), realtime) : ++ format_timestamp_us(ts, sizeof(ts), realtime), + cursor); + + JOURNAL_FOREACH_DATA_RETVAL(j, data, length, r) { +diff --git a/src/shared/time-util.c b/src/shared/time-util.c +index 09f4a21354..433c262dfa 100644 +--- a/src/shared/time-util.c ++++ b/src/shared/time-util.c +@@ -152,7 +152,7 @@ struct timeval *timeval_store(struct timeval *tv, usec_t u) { + return tv; + } + +-char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc) { ++static char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc) { + struct tm tm; + time_t sec; + +@@ -178,7 +178,11 @@ char *format_timestamp(char *buf, size_t l, usec_t t) { + return format_timestamp_internal(buf, l, t, false); + } + +-char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc) { ++char *format_timestamp_utc(char *buf, size_t l, usec_t t) { ++ return format_timestamp_internal(buf, l, t, true); ++} ++ ++static char *format_timestamp_internal_us(char *buf, size_t l, usec_t t, bool utc) { + struct tm tm; + time_t sec; + +@@ -203,6 +207,14 @@ char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc) { + return buf; + } + ++char *format_timestamp_us(char *buf, size_t l, usec_t t) { ++ return format_timestamp_internal_us(buf, l, t, false); ++} ++ ++char *format_timestamp_us_utc(char *buf, size_t l, usec_t t) { ++ return format_timestamp_internal_us(buf, l, t, true); ++} ++ + char *format_timestamp_relative(char *buf, size_t l, usec_t t) { + const char *s; + usec_t n, d; +diff --git a/src/shared/time-util.h b/src/shared/time-util.h +index 16cc593cf5..05369d295b 100644 +--- a/src/shared/time-util.h ++++ b/src/shared/time-util.h +@@ -84,9 +84,10 @@ struct timespec *timespec_store(struct timespec *ts, usec_t u); + usec_t timeval_load(const struct timeval *tv) _pure_; + struct timeval *timeval_store(struct timeval *tv, usec_t u); + +-char *format_timestamp_internal(char *buf, size_t l, usec_t t, bool utc); + char *format_timestamp(char *buf, size_t l, usec_t t); +-char *format_timestamp_us(char *buf, size_t l, usec_t t, bool utc); ++char *format_timestamp_utc(char *buf, size_t l, usec_t t); ++char *format_timestamp_us(char *buf, size_t l, usec_t t); ++char *format_timestamp_us_utc(char *buf, size_t l, usec_t t); + char *format_timestamp_relative(char *buf, size_t l, usec_t t); + char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy); + diff --git a/0545-util-avoid-double-close-of-fd.patch b/0545-util-avoid-double-close-of-fd.patch new file mode 100644 index 0000000..edf1a67 --- /dev/null +++ b/0545-util-avoid-double-close-of-fd.patch @@ -0,0 +1,29 @@ +From 6f53e671aa7539cab02c9f739d84d28a343ca5bc Mon Sep 17 00:00:00 2001 +From: Thomas Hindoe Paaboel Andersen +Date: Wed, 8 Oct 2014 23:57:32 +0200 +Subject: [PATCH] util: avoid double close of fd + +We could end with a double close if we close the fd loop and flush_fd +fails. That would make us goto fail and there we close the fd once +again. This patch sets the fd to the return value for safe_close: -1 +A fd with negative value will be ignored by the next call to +safe_close. + +CID#996223 +--- + src/shared/util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/util.c b/src/shared/util.c +index bbd9bd11d6..5f6249eb04 100644 +--- a/src/shared/util.c ++++ b/src/shared/util.c +@@ -2074,7 +2074,7 @@ int acquire_terminal( + * ended our handle will be dead. It's important that + * we do this after sleeping, so that we don't enter + * an endless loop. */ +- safe_close(fd); ++ fd = safe_close(fd); + } + + safe_close(notify); diff --git a/0546-man-systemctl-document-enable-on-masked-units.patch b/0546-man-systemctl-document-enable-on-masked-units.patch new file mode 100644 index 0000000..5e5c1fa --- /dev/null +++ b/0546-man-systemctl-document-enable-on-masked-units.patch @@ -0,0 +1,34 @@ +From 751ea8deaf96cabd4f1321735cd86535840a3faf Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Wed, 8 Oct 2014 08:04:52 +0200 +Subject: [PATCH] man/systemctl: document enable on masked units + +--- + man/systemctl.xml | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/man/systemctl.xml b/man/systemctl.xml +index b2aa17f22b..61a23de7d7 100644 +--- a/man/systemctl.xml ++++ b/man/systemctl.xml +@@ -924,6 +924,9 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service + the system, or for all future logins of all users, or only this + boot. Note that in the last case, no systemd daemon + configuration is reloaded. ++ ++ Using enable on masked units ++ results in an error. + + + +@@ -1080,8 +1083,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service + /dev/null, making it impossible to + start them. This is a stronger version of + disable, since it prohibits all kinds of +- activation of the unit, including manual activation. Use +- this option with care. This honors the ++ activation of the unit, including enablement and manual ++ activation. Use this option with care. This honors the + option to only mask temporarily + until the next reboot of the system. + diff --git a/0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch b/0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch new file mode 100644 index 0000000..aae98a5 --- /dev/null +++ b/0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch @@ -0,0 +1,210 @@ +From 4807d2d068ae9fc08b87121fc0a574394f8acc5b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 4 Oct 2014 22:57:43 -0400 +Subject: [PATCH] sd-event: be more careful when enabling/disabling signals + +When a child event is disabled (in order to be freed) and there is no +SIGCHLD signal event, sd_event_source_set_enabled will disable SIGCHLD +even if there are other child events. + +Also remove some unneeded signalfd updates. + +https://bugs.freedesktop.org/show_bug.cgi?id=84659 + +Based-on-a-patch-by: Hristo Venev +--- + src/libsystemd/sd-event/sd-event.c | 86 ++++++++++++++++++++++++++++---------- + 1 file changed, 63 insertions(+), 23 deletions(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 4c67ee87e1..c5f062b3e0 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -590,6 +590,14 @@ static struct clock_data* event_get_clock_data(sd_event *e, EventSourceType t) { + } + } + ++static bool need_signal(sd_event *e, int signal) { ++ return (e->signal_sources && e->signal_sources[signal] && ++ e->signal_sources[signal]->enabled != SD_EVENT_OFF) ++ || ++ (signal == SIGCHLD && ++ e->n_enabled_child_sources > 0); ++} ++ + static void source_disconnect(sd_event_source *s) { + sd_event *event; + +@@ -626,11 +634,13 @@ static void source_disconnect(sd_event_source *s) { + + case SOURCE_SIGNAL: + if (s->signal.sig > 0) { +- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0) +- assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0); +- + if (s->event->signal_sources) + s->event->signal_sources[s->signal.sig] = NULL; ++ ++ /* If the signal was on and now it is off... */ ++ if (s->enabled != SD_EVENT_OFF && !need_signal(s->event, s->signal.sig)) { ++ assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0); ++ } + } + + break; +@@ -640,10 +650,12 @@ static void source_disconnect(sd_event_source *s) { + if (s->enabled != SD_EVENT_OFF) { + assert(s->event->n_enabled_child_sources > 0); + s->event->n_enabled_child_sources--; +- } + +- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD]) +- assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0); ++ /* We know the signal was on, if it is off now... */ ++ if (!need_signal(s->event, SIGCHLD)) { ++ assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0); ++ } ++ } + + hashmap_remove(s->event->child_sources, INT_TO_PTR(s->child.pid)); + } +@@ -963,6 +975,7 @@ _public_ int sd_event_add_signal( + sd_event_source *s; + sigset_t ss; + int r; ++ bool previous; + + assert_return(e, -EINVAL); + assert_return(sig > 0, -EINVAL); +@@ -987,6 +1000,8 @@ _public_ int sd_event_add_signal( + } else if (e->signal_sources[sig]) + return -EBUSY; + ++ previous = need_signal(e, sig); ++ + s = source_new(e, !ret, SOURCE_SIGNAL); + if (!s) + return -ENOMEM; +@@ -997,9 +1012,10 @@ _public_ int sd_event_add_signal( + s->enabled = SD_EVENT_ON; + + e->signal_sources[sig] = s; +- assert_se(sigaddset(&e->sigset, sig) == 0); + +- if (sig != SIGCHLD || e->n_enabled_child_sources == 0) { ++ if (!previous) { ++ assert_se(sigaddset(&e->sigset, sig) == 0); ++ + r = event_update_signal_fd(e); + if (r < 0) { + source_free(s); +@@ -1023,6 +1039,7 @@ _public_ int sd_event_add_child( + + sd_event_source *s; + int r; ++ bool previous; + + assert_return(e, -EINVAL); + assert_return(pid > 1, -EINVAL); +@@ -1039,6 +1056,8 @@ _public_ int sd_event_add_child( + if (hashmap_contains(e->child_sources, INT_TO_PTR(pid))) + return -EBUSY; + ++ previous = need_signal(e, SIGCHLD); ++ + s = source_new(e, !ret, SOURCE_CHILD); + if (!s) + return -ENOMEM; +@@ -1057,9 +1076,9 @@ _public_ int sd_event_add_child( + + e->n_enabled_child_sources ++; + +- assert_se(sigaddset(&e->sigset, SIGCHLD) == 0); ++ if (!previous) { ++ assert_se(sigaddset(&e->sigset, SIGCHLD) == 0); + +- if (!e->signal_sources || !e->signal_sources[SIGCHLD]) { + r = event_update_signal_fd(e); + if (r < 0) { + source_free(s); +@@ -1437,23 +1456,32 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) { + } + + case SOURCE_SIGNAL: ++ assert(need_signal(s->event, s->signal.sig)); ++ + s->enabled = m; +- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0) { ++ ++ if (!need_signal(s->event, s->signal.sig)) { + assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0); +- event_update_signal_fd(s->event); ++ ++ (void) event_update_signal_fd(s->event); ++ /* If disabling failed, we might get a spurious event, ++ * but otherwise nothing bad should happen. */ + } + + break; + + case SOURCE_CHILD: ++ assert(need_signal(s->event, SIGCHLD)); ++ + s->enabled = m; + + assert(s->event->n_enabled_child_sources > 0); + s->event->n_enabled_child_sources--; + +- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD]) { ++ if (!need_signal(s->event, SIGCHLD)) { + assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0); +- event_update_signal_fd(s->event); ++ ++ (void) event_update_signal_fd(s->event); + } + + break; +@@ -1501,22 +1529,34 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) { + } + + case SOURCE_SIGNAL: +- s->enabled = m; +- +- if (s->signal.sig != SIGCHLD || s->event->n_enabled_child_sources == 0) { ++ /* Check status before enabling. */ ++ if (!need_signal(s->event, s->signal.sig)) { + assert_se(sigaddset(&s->event->sigset, s->signal.sig) == 0); +- event_update_signal_fd(s->event); ++ ++ r = event_update_signal_fd(s->event); ++ if (r < 0) { ++ s->enabled = SD_EVENT_OFF; ++ return r; ++ } + } ++ ++ s->enabled = m; + break; + + case SOURCE_CHILD: ++ /* Check status before enabling. */ + if (s->enabled == SD_EVENT_OFF) { +- s->event->n_enabled_child_sources++; +- +- if (!s->event->signal_sources || !s->event->signal_sources[SIGCHLD]) { +- assert_se(sigaddset(&s->event->sigset, SIGCHLD) == 0); +- event_update_signal_fd(s->event); ++ if (!need_signal(s->event, SIGCHLD)) { ++ assert_se(sigaddset(&s->event->sigset, s->signal.sig) == 0); ++ ++ r = event_update_signal_fd(s->event); ++ if (r < 0) { ++ s->enabled = SD_EVENT_OFF; ++ return r; ++ } + } ++ ++ s->event->n_enabled_child_sources++; + } + + s->enabled = m; diff --git a/0548-sd-event-also-update-signal-mask-when-disconnecting-.patch b/0548-sd-event-also-update-signal-mask-when-disconnecting-.patch new file mode 100644 index 0000000..cc4fc44 --- /dev/null +++ b/0548-sd-event-also-update-signal-mask-when-disconnecting-.patch @@ -0,0 +1,109 @@ +From f95387cda829bc053992c398789ce3aa6f42f81e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 4 Oct 2014 23:17:45 -0400 +Subject: [PATCH] sd-event: also update signal mask when disconnecting sources + +--- + src/libsystemd/sd-event/sd-event.c | 68 +++++++++++++++++++++----------------- + 1 file changed, 38 insertions(+), 30 deletions(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index c5f062b3e0..80a2ae97e8 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -598,6 +598,36 @@ static bool need_signal(sd_event *e, int signal) { + e->n_enabled_child_sources > 0); + } + ++static int event_update_signal_fd(sd_event *e) { ++ struct epoll_event ev = {}; ++ bool add_to_epoll; ++ int r; ++ ++ assert(e); ++ ++ add_to_epoll = e->signal_fd < 0; ++ ++ r = signalfd(e->signal_fd, &e->sigset, SFD_NONBLOCK|SFD_CLOEXEC); ++ if (r < 0) ++ return -errno; ++ ++ e->signal_fd = r; ++ ++ if (!add_to_epoll) ++ return 0; ++ ++ ev.events = EPOLLIN; ++ ev.data.ptr = INT_TO_PTR(SOURCE_SIGNAL); ++ ++ r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->signal_fd, &ev); ++ if (r < 0) { ++ e->signal_fd = safe_close(e->signal_fd); ++ return -errno; ++ } ++ ++ return 0; ++} ++ + static void source_disconnect(sd_event_source *s) { + sd_event *event; + +@@ -640,6 +670,10 @@ static void source_disconnect(sd_event_source *s) { + /* If the signal was on and now it is off... */ + if (s->enabled != SD_EVENT_OFF && !need_signal(s->event, s->signal.sig)) { + assert_se(sigdelset(&s->event->sigset, s->signal.sig) == 0); ++ ++ (void) event_update_signal_fd(s->event); ++ /* If disabling failed, we might get a spurious event, ++ * but otherwise nothing bad should happen. */ + } + } + +@@ -654,6 +688,10 @@ static void source_disconnect(sd_event_source *s) { + /* We know the signal was on, if it is off now... */ + if (!need_signal(s->event, SIGCHLD)) { + assert_se(sigdelset(&s->event->sigset, SIGCHLD) == 0); ++ ++ (void) event_update_signal_fd(s->event); ++ /* If disabling failed, we might get a spurious event, ++ * but otherwise nothing bad should happen. */ + } + } + +@@ -929,36 +967,6 @@ fail: + return r; + } + +-static int event_update_signal_fd(sd_event *e) { +- struct epoll_event ev = {}; +- bool add_to_epoll; +- int r; +- +- assert(e); +- +- add_to_epoll = e->signal_fd < 0; +- +- r = signalfd(e->signal_fd, &e->sigset, SFD_NONBLOCK|SFD_CLOEXEC); +- if (r < 0) +- return -errno; +- +- e->signal_fd = r; +- +- if (!add_to_epoll) +- return 0; +- +- ev.events = EPOLLIN; +- ev.data.ptr = INT_TO_PTR(SOURCE_SIGNAL); +- +- r = epoll_ctl(e->epoll_fd, EPOLL_CTL_ADD, e->signal_fd, &ev); +- if (r < 0) { +- e->signal_fd = safe_close(e->signal_fd); +- return -errno; +- } +- +- return 0; +-} +- + static int signal_exit_callback(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { + assert(s); + diff --git a/0549-update-TODO.patch b/0549-update-TODO.patch new file mode 100644 index 0000000..f98a1c3 --- /dev/null +++ b/0549-update-TODO.patch @@ -0,0 +1,24 @@ +From 706d97503df83d141d241b645d2c920d691b3d62 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 9 Oct 2014 01:46:31 +0200 +Subject: [PATCH] update TODO + +--- + TODO | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/TODO b/TODO +index 7d205faa8d..45c08f0942 100644 +--- a/TODO ++++ b/TODO +@@ -34,6 +34,10 @@ External: + + Features: + ++* man: document that corrupted journal files is nothing to act on ++ ++* systemctl isolate should use ".target" as completion suffix, not ".service" ++ + * bus-proxy: when passing messages from kdbus, make sure we properly + handle the case where a large number of fds is appended that we + cannot pass into sendmsg() of the AF_UNIX sokcet (which only accepts diff --git a/0550-systemctl-suggest-xe-not-xn.patch b/0550-systemctl-suggest-xe-not-xn.patch new file mode 100644 index 0000000..27c7b28 --- /dev/null +++ b/0550-systemctl-suggest-xe-not-xn.patch @@ -0,0 +1,36 @@ +From b923047d73f412be40ba162e0b664cff3c17a480 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 8 Oct 2014 20:22:51 -0400 +Subject: [PATCH] systemctl: suggest -xe not -xn + +https://bugzilla.redhat.com/show_bug.cgi?id=1150289 +--- + src/systemctl/systemctl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 12175923e9..cdaefa52b9 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -2350,18 +2350,18 @@ static int check_wait_response(WaitData *d) { + else if (streq(d->result, "canceled")) + log_error("Job for %s canceled.", strna(d->name)); + else if (streq(d->result, "dependency")) +- log_error("A dependency job for %s failed. See 'journalctl -xn' for details.", strna(d->name)); ++ log_error("A dependency job for %s failed. See 'journalctl -xe' for details.", strna(d->name)); + else if (!streq(d->result, "done") && !streq(d->result, "skipped")) { + if (d->name) { + bool quotes; + + quotes = chars_intersect(d->name, SHELL_NEED_QUOTES); + +- log_error("Job for %s failed. See \"systemctl status %s%s%s\" and \"journalctl -xn\" for details.", ++ log_error("Job for %s failed. See \"systemctl status %s%s%s\" and \"journalctl -xe\" for details.", + d->name, + quotes ? "'" : "", d->name, quotes ? "'" : ""); + } else +- log_error("Job failed. See \"journalctl -xn\" for details."); ++ log_error("Job failed. See \"journalctl -xe\" for details."); + } + } + diff --git a/0551-sd-bus-check-return-value-of-asprintf.patch b/0551-sd-bus-check-return-value-of-asprintf.patch new file mode 100644 index 0000000..482e577 --- /dev/null +++ b/0551-sd-bus-check-return-value-of-asprintf.patch @@ -0,0 +1,27 @@ +From b1543c4c93855b61b40118e9f14a0423dac2e078 Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Thu, 9 Oct 2014 11:26:09 +0200 +Subject: [PATCH] sd-bus: check return value of asprintf() + +Check for OOM conditions of asprintf() in bus_set_address_user(). +--- + src/libsystemd/sd-bus/sd-bus.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index bc4376fb51..549f9e0943 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -1163,7 +1163,11 @@ int bus_set_address_user(sd_bus *b) { + #endif + } else { + #ifdef ENABLE_KDBUS +- asprintf(&b->address, KERNEL_USER_BUS_FMT, getuid()); ++ int r; ++ ++ r = asprintf(&b->address, KERNEL_USER_BUS_FMT, getuid()); ++ if (r < 0) ++ return -ENOMEM; + #else + return -ECONNREFUSED; + #endif diff --git a/0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch b/0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch new file mode 100644 index 0000000..7c869df --- /dev/null +++ b/0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch @@ -0,0 +1,40 @@ +From 2134b5ef6b5c944036d051381f4bd7b7e61ef373 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 9 Oct 2014 11:36:34 +0200 +Subject: [PATCH] man: SyslogIdentifier= has an effect on journal logging too + +--- + man/systemd.exec.xml | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml +index 939983fb7e..e9af4abd6d 100644 +--- a/man/systemd.exec.xml ++++ b/man/systemd.exec.xml +@@ -572,15 +572,19 @@ + + SyslogIdentifier= + Sets the process name +- to prefix log lines sent to syslog or +- the kernel log buffer with. If not set, +- defaults to the process name of the +- executed process. This option is only +- useful when ++ to prefix log lines sent to the ++ logging system or the kernel log ++ buffer with. If not set, defaults to ++ the process name of the executed ++ process. This option is only useful ++ when + StandardOutput= or + StandardError= are +- set to or +- . ++ set to , ++ or ++ (or to the same ++ settings in combination with ++ ). + + + SyslogFacility= diff --git a/0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch b/0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch new file mode 100644 index 0000000..f1e0454 --- /dev/null +++ b/0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch @@ -0,0 +1,50 @@ +From 374738d55b2bc4ab07c22f9a0be95a76de1c9478 Mon Sep 17 00:00:00 2001 +From: Lukasz Skalski +Date: Thu, 9 Oct 2014 11:02:47 +0200 +Subject: [PATCH] logind: mount per-user tmpfs with 'smackfsroot=*' for smack + enabled systems + +--- + src/login/logind-user.c | 8 +++++++- + units/systemd-logind.service.in | 2 +- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/login/logind-user.c b/src/login/logind-user.c +index d48eca47f0..3847496c15 100644 +--- a/src/login/logind-user.c ++++ b/src/login/logind-user.c +@@ -37,6 +37,7 @@ + #include "conf-parser.h" + #include "clean-ipc.h" + #include "logind-user.h" ++#include "smack-util.h" + + User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) { + User *u; +@@ -325,7 +326,12 @@ static int user_mkdir_runtime_path(User *u) { + + mkdir(p, 0700); + +- if (asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size) < 0) { ++ if (use_smack()) ++ r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size); ++ else ++ r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size); ++ ++ if (r < 0) { + r = log_oom(); + goto fail; + } +diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in +index c6cbd1c8df..f087e99ce2 100644 +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-logind + Restart=always + RestartSec=0 + BusName=org.freedesktop.login1 +-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG ++CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG + WatchdogSec=1min + + # Increase the default a bit in order to allow many simultaneous diff --git a/0554-bus-policy-move-name-list-iteration-to-policy-users.patch b/0554-bus-policy-move-name-list-iteration-to-policy-users.patch new file mode 100644 index 0000000..ba987d5 --- /dev/null +++ b/0554-bus-policy-move-name-list-iteration-to-policy-users.patch @@ -0,0 +1,185 @@ +From d46fbfb48deff83943355992e55f9ef4431ff5ef Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Thu, 9 Oct 2014 13:26:53 +0200 +Subject: [PATCH] bus-policy: move name list iteration to policy users + +We need to figure out which of the possible names satisfied the policy, +so we cannot do the iteration in check_policy_item() but have to leave it +to the users. + +Test cases amended accordingly. +--- + src/bus-proxyd/bus-policy.c | 29 ++++++++++------------------- + src/bus-proxyd/bus-policy.h | 4 ++-- + src/bus-proxyd/test-bus-policy.c | 21 +++++++-------------- + 3 files changed, 19 insertions(+), 35 deletions(-) + +diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c +index aea8541d50..625f5ddaee 100644 +--- a/src/bus-proxyd/bus-policy.c ++++ b/src/bus-proxyd/bus-policy.c +@@ -602,14 +602,10 @@ struct policy_check_filter { + int class; + const struct ucred *ucred; + int message_type; ++ const char *name; + const char *interface; + const char *path; +- union { +- const char *name; +- const char *member; +- }; +- char **names_strv; +- Hashmap *names_hash; ++ const char *member; + }; + + static int is_permissive(PolicyItem *i) { +@@ -628,13 +624,8 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi + case POLICY_ITEM_SEND: + case POLICY_ITEM_RECV: + +- if (i->name) { +- if (filter->names_hash && !hashmap_contains(filter->names_hash, i->name)) +- break; +- +- if (filter->names_strv && !strv_contains(filter->names_strv, i->name)) +- break; +- } ++ if (i->name && !streq_ptr(i->name, filter->name)) ++ break; + + if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type)) + break; +@@ -651,14 +642,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi + return is_permissive(i); + + case POLICY_ITEM_OWN: +- assert(filter->member); ++ assert(filter->name); + + if (streq(i->name, "*") || streq(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_OWN_PREFIX: +- assert(filter->member); ++ assert(filter->name); + + if (streq(i->name, "*") || startswith(i->name, filter->name)) + return is_permissive(i); +@@ -780,8 +771,8 @@ bool policy_check_hello(Policy *p, const struct ucred *ucred) { + + bool policy_check_recv(Policy *p, + const struct ucred *ucred, +- Hashmap *names, + int message_type, ++ const char *name, + const char *path, + const char *interface, + const char *member) { +@@ -789,8 +780,8 @@ bool policy_check_recv(Policy *p, + struct policy_check_filter filter = { + .class = POLICY_ITEM_RECV, + .ucred = ucred, +- .names_hash = names, + .message_type = message_type, ++ .name = name, + .interface = interface, + .path = path, + .member = member, +@@ -801,8 +792,8 @@ bool policy_check_recv(Policy *p, + + bool policy_check_send(Policy *p, + const struct ucred *ucred, +- char **names, + int message_type, ++ const char *name, + const char *path, + const char *interface, + const char *member) { +@@ -810,8 +801,8 @@ bool policy_check_send(Policy *p, + struct policy_check_filter filter = { + .class = POLICY_ITEM_SEND, + .ucred = ucred, +- .names_strv = names, + .message_type = message_type, ++ .name = name, + .interface = interface, + .path = path, + .member = member, +diff --git a/src/bus-proxyd/bus-policy.h b/src/bus-proxyd/bus-policy.h +index 5b4d9d0c10..64fe1ffac5 100644 +--- a/src/bus-proxyd/bus-policy.h ++++ b/src/bus-proxyd/bus-policy.h +@@ -80,15 +80,15 @@ bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name); + bool policy_check_hello(Policy *p, const struct ucred *ucred); + bool policy_check_recv(Policy *p, + const struct ucred *ucred, +- Hashmap *names, + int message_type, ++ const char *name, + const char *path, + const char *interface, + const char *member); + bool policy_check_send(Policy *p, + const struct ucred *ucred, +- char **names, + int message_type, ++ const char *name, + const char *path, + const char *interface, + const char *member); +diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c +index 5267788b70..c9a027e877 100644 +--- a/src/bus-proxyd/test-bus-policy.c ++++ b/src/bus-proxyd/test-bus-policy.c +@@ -63,8 +63,6 @@ int main(int argc, char *argv[]) { + + Policy p = {}; + struct ucred ucred = {}; +- char **names_strv; +- Hashmap *names_hash; + + /* Ownership tests */ + assert_se(test_policy_load(&p, "ownerships.conf") == 0); +@@ -93,32 +91,27 @@ int main(int argc, char *argv[]) { + + /* Signaltest */ + assert_se(test_policy_load(&p, "signals.conf") == 0); +- names_strv = STRV_MAKE("bli.bla.blubb"); + + ucred.uid = 0; +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_SIGNAL, NULL, "/an/object/path", NULL) == true); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == true); + + ucred.uid = 1; +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_SIGNAL, NULL, "/an/object/path", NULL) == false); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == false); + + policy_free(&p); + + /* Method calls */ + assert_se(test_policy_load(&p, "methods.conf") == 0); +- names_strv = STRV_MAKE("org.test.test1"); + policy_dump(&p); + + ucred.uid = 0; + +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "bli.bla.blubb", "Member") == false); +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "bli.bla.blubb", "Member") == false); +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int1", "Member") == true); +- assert_se(policy_check_send(&p, &ucred, names_strv, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int2", "Member") == true); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == true); ++ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == true); + +- names_hash = hashmap_new(&string_hash_ops); +- assert(names_hash != NULL); +- assert_se(hashmap_put(names_hash, "org.test.test3", NULL) >= 0); +- assert_se(policy_check_recv(&p, &ucred, names_hash, SD_BUS_MESSAGE_METHOD_CALL, "/an/object/path", "org.test.int3", "Member111") == true); ++ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test3", "/an/object/path", "org.test.int3", "Member111") == true); + + policy_free(&p); + diff --git a/0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch b/0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch new file mode 100644 index 0000000..1663e26 --- /dev/null +++ b/0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch @@ -0,0 +1,122 @@ +From ee3a5027f7c56df2ef47a774970433d7045c9e9f Mon Sep 17 00:00:00 2001 +From: Patrik Flykt +Date: Wed, 8 Oct 2014 11:00:07 +0300 +Subject: [PATCH] sd-dhcp6-lease: Name the structure containing IAADDR data + +With this change the DHCP6_OPTION_IAADDR_LEN define can be removed in +favor of using sizeof(). Using the name of the struct and sizeof() +makes it clearer how much and what data is being copied from the +DHCPv6 message. +--- + src/libsystemd-network/dhcp6-internal.h | 2 +- + src/libsystemd-network/dhcp6-option.c | 21 ++++++++++----------- + src/libsystemd-network/sd-dhcp6-lease.c | 10 ++++++---- + 3 files changed, 17 insertions(+), 16 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h +index 94e3a5d408..6cc0aa8a8d 100644 +--- a/src/libsystemd-network/dhcp6-internal.h ++++ b/src/libsystemd-network/dhcp6-internal.h +@@ -38,7 +38,7 @@ struct DHCP6Address { + struct in6_addr address; + be32_t lifetime_preferred; + be32_t lifetime_valid; +- } _packed_; ++ } iaaddr _packed_; + }; + + struct DHCP6IA { +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index e9b382c170..e6a31778f4 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -32,7 +32,6 @@ + #define DHCP6_OPTION_HDR_LEN 4 + #define DHCP6_OPTION_IA_NA_LEN 12 + #define DHCP6_OPTION_IA_TA_LEN 4 +-#define DHCP6_OPTION_IAADDR_LEN 24 + + static int option_append_hdr(uint8_t **buf, size_t *buflen, uint16_t optcode, + size_t optlen) { +@@ -111,16 +110,16 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) { + + LIST_FOREACH(addresses, addr, ia->addresses) { + r = option_append_hdr(buf, buflen, DHCP6_OPTION_IAADDR, +- DHCP6_OPTION_IAADDR_LEN); ++ sizeof(addr->iaaddr)); + if (r < 0) + return r; + +- memcpy(*buf, &addr->address, DHCP6_OPTION_IAADDR_LEN); ++ memcpy(*buf, &addr->iaaddr, sizeof(addr->iaaddr)); + +- *buf += DHCP6_OPTION_IAADDR_LEN; +- *buflen -= DHCP6_OPTION_IAADDR_LEN; ++ *buf += sizeof(addr->iaaddr); ++ *buflen -= sizeof(addr->iaaddr); + +- ia_addrlen += DHCP6_OPTION_HDR_LEN + DHCP6_OPTION_IAADDR_LEN; ++ ia_addrlen += DHCP6_OPTION_HDR_LEN + sizeof(addr->iaaddr); + } + + r = option_append_hdr(&ia_hdr, &ia_buflen, ia->type, len + ia_addrlen); +@@ -192,7 +191,7 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype, + case DHCP6_OPTION_IA_NA: + + if (*buflen < DHCP6_OPTION_IA_NA_LEN + DHCP6_OPTION_HDR_LEN + +- DHCP6_OPTION_IAADDR_LEN) { ++ sizeof(addr->iaaddr)) { + r = -ENOBUFS; + goto error; + } +@@ -214,7 +213,7 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype, + + case DHCP6_OPTION_IA_TA: + if (*buflen < DHCP6_OPTION_IA_TA_LEN + DHCP6_OPTION_HDR_LEN + +- DHCP6_OPTION_IAADDR_LEN) { ++ sizeof(addr->iaaddr)) { + r = -ENOBUFS; + goto error; + } +@@ -250,10 +249,10 @@ int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype, + + LIST_INIT(addresses, addr); + +- memcpy(&addr->address, *buf, DHCP6_OPTION_IAADDR_LEN); ++ memcpy(&addr->iaaddr, *buf, sizeof(addr->iaaddr)); + +- lt_valid = be32toh(addr->lifetime_valid); +- lt_pref = be32toh(addr->lifetime_valid); ++ lt_valid = be32toh(addr->iaaddr.lifetime_valid); ++ lt_pref = be32toh(addr->iaaddr.lifetime_valid); + + if (!lt_valid || lt_pref > lt_valid) { + log_dhcp6_client(client, "IA preferred %ds > valid %ds", +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index b9d0503642..e2715ea659 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -41,7 +41,7 @@ int dhcp6_lease_ia_rebind_expire(const DHCP6IA *ia, uint32_t *expire) { + assert_return(expire, -EINVAL); + + LIST_FOREACH(addresses, addr, ia->addresses) { +- t = be32toh(addr->lifetime_valid); ++ t = be32toh(addr->iaaddr.lifetime_valid); + if (valid < t) + valid = t; + } +@@ -156,9 +156,11 @@ int sd_dhcp6_lease_get_next_address(sd_dhcp6_lease *lease, + if (!lease->addr_iter) + return -ENOMSG; + +- memcpy(addr, &lease->addr_iter->address, sizeof(struct in6_addr)); +- *lifetime_preferred = be32toh(lease->addr_iter->lifetime_preferred); +- *lifetime_valid = be32toh(lease->addr_iter->lifetime_valid); ++ memcpy(addr, &lease->addr_iter->iaaddr.address, ++ sizeof(struct in6_addr)); ++ *lifetime_preferred = ++ be32toh(lease->addr_iter->iaaddr.lifetime_preferred); ++ *lifetime_valid = be32toh(lease->addr_iter->iaaddr.lifetime_valid); + + lease->addr_iter = lease->addr_iter->addresses_next; + diff --git a/0556-socket-proxyd-Unchecked-return-value-from-library.patch b/0556-socket-proxyd-Unchecked-return-value-from-library.patch new file mode 100644 index 0000000..facaa18 --- /dev/null +++ b/0556-socket-proxyd-Unchecked-return-value-from-library.patch @@ -0,0 +1,24 @@ +From 25dbe4f50f93fb6398844ba67ea197f76adc237a Mon Sep 17 00:00:00 2001 +From: Susant Sahani +Date: Thu, 9 Oct 2014 19:01:11 +0530 +Subject: [PATCH] socket-proxyd: Unchecked return value from library + +CID 1237543 (#1 of 1): Unchecked return value from library +(CHECKED_RETURN) +--- + src/socket-proxy/socket-proxyd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c +index ff2b24f452..3041903757 100644 +--- a/src/socket-proxy/socket-proxyd.c ++++ b/src/socket-proxy/socket-proxyd.c +@@ -125,7 +125,7 @@ static int connection_create_pipes(Connection *c, int buffer[2], size_t *sz) { + return -errno; + } + +- fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE); ++ (void) fcntl(buffer[0], F_SETPIPE_SZ, BUFFER_SIZE); + + r = fcntl(buffer[0], F_GETPIPE_SZ); + if (r < 0) { diff --git a/0557-bus-proxy-allow-getpeersec-to-fail.patch b/0557-bus-proxy-allow-getpeersec-to-fail.patch new file mode 100644 index 0000000..cb7a009 --- /dev/null +++ b/0557-bus-proxy-allow-getpeersec-to-fail.patch @@ -0,0 +1,28 @@ +From 7ff3bb4e47fe287997ba24a3b3ae719bd9043d74 Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Thu, 9 Oct 2014 15:40:17 +0200 +Subject: [PATCH] bus-proxy: allow getpeersec() to fail + +getpeersec() will fail for non-SELinux enabled machines, so don't make that +a hard error. +--- + src/bus-proxyd/bus-proxyd.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c +index ce571fa753..4f44825679 100644 +--- a/src/bus-proxyd/bus-proxyd.c ++++ b/src/bus-proxyd/bus-proxyd.c +@@ -1152,11 +1152,7 @@ int main(int argc, char *argv[]) { + goto finish; + } + +- r = getpeersec(in_fd, &peersec); +- if (r < 0) { +- log_error("Failed to get security creds: %s", strerror(-r)); +- goto finish; +- } ++ (void) getpeersec(in_fd, &peersec); + } + + if (arg_drop_privileges) { diff --git a/0558-update-TODO.patch b/0558-update-TODO.patch new file mode 100644 index 0000000..2dfec02 --- /dev/null +++ b/0558-update-TODO.patch @@ -0,0 +1,22 @@ +From 384a4be2b00cb95ce215dd343cc9aa77adc9b1ec Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 9 Oct 2014 16:51:31 +0200 +Subject: [PATCH] update TODO + +--- + TODO | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/TODO b/TODO +index 45c08f0942..dc20954582 100644 +--- a/TODO ++++ b/TODO +@@ -34,6 +34,8 @@ External: + + Features: + ++* maybe support a new very "soft" reboot mode, that simply kills all processes, disassembles everything, flushes /run and sysvipc, and then reexecs systemd again ++ + * man: document that corrupted journal files is nothing to act on + + * systemctl isolate should use ".target" as completion suffix, not ".service" diff --git a/0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch b/0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch new file mode 100644 index 0000000..74187d1 --- /dev/null +++ b/0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch @@ -0,0 +1,31 @@ +From 6041a7ee2c1bbff6301082f192fc1b0882400d42 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt +Date: Thu, 9 Oct 2014 17:27:57 +0200 +Subject: [PATCH] service: enter SERVICE_STOP_SIGTERM state after getting + "STOPPING=1" + +SERVICE_STOP would mean we're running the ExecStop command. That's not +the case with "STOPPING=1". +Instead we should enter the same state as if we just told the service +to stop, i.e. SERVICE_STOP_SIGTERM. + +This fixes a bug where voluntarily exiting services would hang around in +deactivating state until timeout. +--- + src/core/service.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 395e0ca8c6..f551061366 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1227,7 +1227,8 @@ static void service_enter_stop_by_notify(Service *s) { + if (s->timeout_stop_usec > 0) + service_arm_timer(s, s->timeout_stop_usec); + +- service_set_state(s, SERVICE_STOP); ++ /* The service told us it's stopping, so it's as if we SIGTERM'd it. */ ++ service_set_state(s, SERVICE_STOP_SIGTERM); + } + + static void service_enter_stop(Service *s, ServiceResult f) { diff --git a/0560-man-document-the-new-rescue-kernel-command-line-opti.patch b/0560-man-document-the-new-rescue-kernel-command-line-opti.patch new file mode 100644 index 0000000..822b2ef --- /dev/null +++ b/0560-man-document-the-new-rescue-kernel-command-line-opti.patch @@ -0,0 +1,49 @@ +From f280bcfb21aacce03abf17b3ad732c1351df42b9 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 9 Oct 2014 18:26:47 +0200 +Subject: [PATCH] man: document the new "rescue" kernel command line option + +--- + man/kernel-command-line.xml | 1 + + man/systemd.xml | 8 +++++--- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml +index 3263b77cea..2552c79c11 100644 +--- a/man/kernel-command-line.xml ++++ b/man/kernel-command-line.xml +@@ -154,6 +154,7 @@ + + -b + emergency ++ rescue + single + s + S +diff --git a/man/systemd.xml b/man/systemd.xml +index 0d017575b6..bf7a7a6f67 100644 +--- a/man/systemd.xml ++++ b/man/systemd.xml +@@ -1125,17 +1125,19 @@ + + + +- -b + emergency ++ -b + + Boot into emergency + mode. This is equivalent to + systemd.unit=emergency.target +- and provided for compatibility +- reasons and to be easier to type. ++ and provided for compatibility reasons ++ and to be easier to ++ type. + + + ++ rescue + single + s + S diff --git a/0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch b/0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch new file mode 100644 index 0000000..d5c5cb7 --- /dev/null +++ b/0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch @@ -0,0 +1,98 @@ +From 360af4cf6f18469df97c11af4cd5696e0ca8b3ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 22:44:29 -0400 +Subject: [PATCH] sd-journal: do not reset sd_j_enumerate_unique position on + error + +systemctl would call sd_j_enumerate_unique() interleaved with +sd_j_next(). But the latter can remove a file if it detects an +error in it. In those circumstances sd_j_enumerate_unique would +restart with the first file in hashmap. With many corrupted files +sd_j_enumerate_unique might iterate over the list multiple times. + +Avoid this by jumping to the next file in unique list if possible, +or setting a flag that tells sd_j_enumerate_unique that it is done +otherwise. +--- + src/journal/journal-internal.h | 4 ++++ + src/journal/sd-journal.c | 18 ++++++++++++------ + 2 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h +index 2f1f7fc771..e591fb61f8 100644 +--- a/src/journal/journal-internal.h ++++ b/src/journal/journal-internal.h +@@ -124,6 +124,10 @@ struct sd_journal { + + bool on_network; + bool no_new_files; ++ bool unique_file_lost; /* File we were iterating over got ++ removed, and there were no more ++ files, so sd_j_enumerate_unique ++ will return a value equal to 0. */ + + size_t data_threshold; + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index 1fc9f01d0a..b72a0867e7 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -1375,8 +1375,11 @@ static void remove_file_real(sd_journal *j, JournalFile *f) { + } + + if (j->unique_file == f) { +- j->unique_file = NULL; ++ /* Jump to the next unique_file or NULL if that one was last */ ++ j->unique_file = hashmap_next(j->files, j->unique_file->path); + j->unique_offset = 0; ++ if (!j->unique_file) ++ j->unique_file_lost = true; + } + + journal_file_close(f); +@@ -2490,6 +2493,7 @@ _public_ int sd_journal_query_unique(sd_journal *j, const char *field) { + j->unique_field = f; + j->unique_file = NULL; + j->unique_offset = 0; ++ j->unique_file_lost = false; + + return 0; + } +@@ -2506,9 +2510,13 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + k = strlen(j->unique_field); + + if (!j->unique_file) { ++ if (j->unique_file_lost) ++ return 0; ++ + j->unique_file = hashmap_first(j->files); + if (!j->unique_file) + return 0; ++ + j->unique_offset = 0; + } + +@@ -2538,13 +2546,10 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + + /* We reached the end of the list? Then start again, with the next file */ + if (j->unique_offset == 0) { +- JournalFile *n; +- +- n = hashmap_next(j->files, j->unique_file->path); +- if (!n) ++ j->unique_file = hashmap_next(j->files, j->unique_file->path); ++ if (!j->unique_file) + return 0; + +- j->unique_file = n; + continue; + } + +@@ -2632,6 +2637,7 @@ _public_ void sd_journal_restart_unique(sd_journal *j) { + + j->unique_file = NULL; + j->unique_offset = 0; ++ j->unique_file_lost = false; + } + + _public_ int sd_journal_reliable_fd(sd_journal *j) { diff --git a/0562-sd-journal-change-check-to-assert.patch b/0562-sd-journal-change-check-to-assert.patch new file mode 100644 index 0000000..e6ae368 --- /dev/null +++ b/0562-sd-journal-change-check-to-assert.patch @@ -0,0 +1,25 @@ +From 853bd5cc72a0d4cbdd07cc3cabc65bef333a0c71 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 22:51:35 -0400 +Subject: [PATCH] sd-journal: change check to assert + +As of 0f99f74a14 'sd-journal: verify that object start with the field +name' this condition should never happen. +--- + src/journal/journalctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index feb53bd203..7f4bc3229c 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -838,8 +838,7 @@ static int list_boots(sd_journal *j) { + return r; + + SD_JOURNAL_FOREACH_UNIQUE(j, data, length) { +- if (length < strlen("_BOOT_ID=")) +- continue; ++ assert(startswith(data, "_BOOT_ID=")); + + if (!GREEDY_REALLOC(all_ids, allocated, count + 1)) + return log_oom(); diff --git a/0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch b/0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch new file mode 100644 index 0000000..dc4c945 --- /dev/null +++ b/0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch @@ -0,0 +1,296 @@ +From 06cc69d44c8ff2b652527357f28acd4cbe77c814 Mon Sep 17 00:00:00 2001 +From: Jan Janssen +Date: Sat, 6 Sep 2014 10:36:34 +0200 +Subject: [PATCH] sd-journal: fix sd_journal_enumerate_unique skipping values + +sd_journal_enumerate_unique will lock its mmap window to prevent it +from being released by calling mmap_cache_get with keep_always=true. +This call may return windows that are wider, but compatible with the +parameters provided to it. + +This can result in a mismatch where the window to be released cannot +properly be selected, because we have more than one window matching the +parameters of mmap_cache_release. Therefore, introduce a release_cookie +to be used when releasing the window. + +https://bugs.freedesktop.org/show_bug.cgi?id=79380 +--- + src/journal/journal-file.c | 2 +- + src/journal/journal-file.h | 11 ++++------- + src/journal/journal-verify.c | 2 +- + src/journal/mmap-cache.c | 32 +++++++++++++++++++------------- + src/journal/mmap-cache.h | 8 +++----- + src/journal/sd-journal.c | 11 ++++++----- + src/journal/test-mmap-cache.c | 10 +++++----- + 7 files changed, 39 insertions(+), 37 deletions(-) + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index f25cda6ddc..038b437e1f 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -391,7 +391,7 @@ static int journal_file_move_to(JournalFile *f, int context, bool keep_always, u + return -EADDRNOTAVAIL; + } + +- return mmap_cache_get(f->mmap, f->fd, f->prot, context, keep_always, offset, size, &f->last_stat, ret); ++ return mmap_cache_get(f->mmap, f->fd, f->prot, context, keep_always, offset, size, &f->last_stat, ret, NULL); + } + + static uint64_t minimum_header_size(Object *o) { +diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h +index 6b4bf0d5ae..fa5b943e46 100644 +--- a/src/journal/journal-file.h ++++ b/src/journal/journal-file.h +@@ -212,17 +212,14 @@ static unsigned type_to_context(int type) { + return type > 0 && type < _OBJECT_TYPE_MAX ? type : 0; + } + +-static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) { ++static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset, void **release_cookie) { + unsigned context = type_to_context(o->object.type); + uint64_t s = le64toh(o->object.size); + + return mmap_cache_get(f->mmap, f->fd, f->prot, context, true, +- offset, s, &f->last_stat, NULL); ++ offset, s, &f->last_stat, NULL, release_cookie); + } + +-static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) { +- unsigned context = type_to_context(o->object.type); +- uint64_t s = le64toh(o->object.size); +- +- return mmap_cache_release(f->mmap, f->fd, f->prot, context, offset, s); ++static inline int journal_file_object_release(JournalFile *f, void *release_cookie) { ++ return mmap_cache_release(f->mmap, f->fd, release_cookie); + } +diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c +index b4e8f73c41..f74adcbc89 100644 +--- a/src/journal/journal-verify.c ++++ b/src/journal/journal-verify.c +@@ -368,7 +368,7 @@ static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) { + + c = (a + b) / 2; + +- r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z); ++ r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z, NULL); + if (r < 0) + return r; + +diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c +index 2d268fc332..b7db6f1da5 100644 +--- a/src/journal/mmap-cache.c ++++ b/src/journal/mmap-cache.c +@@ -352,7 +352,8 @@ static int try_context( + bool keep_always, + uint64_t offset, + size_t size, +- void **ret) { ++ void **ret, ++ void **release_cookie) { + + Context *c; + +@@ -381,6 +382,8 @@ static int try_context( + + if (ret) + *ret = (uint8_t*) c->window->ptr + (offset - c->window->offset); ++ if (keep_always && release_cookie) ++ *release_cookie = c->window; + return 1; + } + +@@ -392,7 +395,8 @@ static int find_mmap( + bool keep_always, + uint64_t offset, + size_t size, +- void **ret) { ++ void **ret, ++ void **release_cookie) { + + FileDescriptor *f; + Window *w; +@@ -425,6 +429,8 @@ static int find_mmap( + + if (ret) + *ret = (uint8_t*) w->ptr + (offset - w->offset); ++ if (keep_always && release_cookie) ++ *release_cookie = c->window; + return 1; + } + +@@ -437,7 +443,8 @@ static int add_mmap( + uint64_t offset, + size_t size, + struct stat *st, +- void **ret) { ++ void **ret, ++ void **release_cookie) { + + uint64_t woffset, wsize; + Context *c; +@@ -521,6 +528,8 @@ static int add_mmap( + + if (ret) + *ret = (uint8_t*) w->ptr + (offset - w->offset); ++ if (keep_always && release_cookie) ++ *release_cookie = c->window; + return 1; + + outofmem: +@@ -537,7 +546,8 @@ int mmap_cache_get( + uint64_t offset, + size_t size, + struct stat *st, +- void **ret) { ++ void **ret, ++ void **release_cookie) { + + int r; + +@@ -547,14 +557,14 @@ int mmap_cache_get( + assert(size > 0); + + /* Check whether the current context is the right one already */ +- r = try_context(m, fd, prot, context, keep_always, offset, size, ret); ++ r = try_context(m, fd, prot, context, keep_always, offset, size, ret, release_cookie); + if (r != 0) { + m->n_hit ++; + return r; + } + + /* Search for a matching mmap */ +- r = find_mmap(m, fd, prot, context, keep_always, offset, size, ret); ++ r = find_mmap(m, fd, prot, context, keep_always, offset, size, ret, release_cookie); + if (r != 0) { + m->n_hit ++; + return r; +@@ -563,16 +573,13 @@ int mmap_cache_get( + m->n_missed++; + + /* Create a new mmap */ +- return add_mmap(m, fd, prot, context, keep_always, offset, size, st, ret); ++ return add_mmap(m, fd, prot, context, keep_always, offset, size, st, ret, release_cookie); + } + + int mmap_cache_release( + MMapCache *m, + int fd, +- int prot, +- unsigned context, +- uint64_t offset, +- size_t size) { ++ void *release_cookie) { + + FileDescriptor *f; + Window *w; +@@ -580,7 +587,6 @@ int mmap_cache_release( + assert(m); + assert(m->n_ref > 0); + assert(fd >= 0); +- assert(size > 0); + + f = hashmap_get(m->fds, INT_TO_PTR(fd + 1)); + if (!f) +@@ -589,7 +595,7 @@ int mmap_cache_release( + assert(f->fd == fd); + + LIST_FOREACH(by_fd, w, f->windows) +- if (window_matches(w, fd, prot, offset, size)) ++ if (w == release_cookie) + break; + + if (!w) +diff --git a/src/journal/mmap-cache.h b/src/journal/mmap-cache.h +index 647555a73e..76e5316248 100644 +--- a/src/journal/mmap-cache.h ++++ b/src/journal/mmap-cache.h +@@ -40,14 +40,12 @@ int mmap_cache_get( + uint64_t offset, + size_t size, + struct stat *st, +- void **ret); ++ void **ret, ++ void **release_cookie); + int mmap_cache_release( + MMapCache *m, + int fd, +- int prot, +- unsigned context, +- uint64_t offset, +- size_t size); ++ void *release_cookie); + void mmap_cache_close_fd(MMapCache *m, int fd); + void mmap_cache_close_context(MMapCache *m, unsigned context); + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index b72a0867e7..479444c8df 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -2528,6 +2528,7 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + size_t ol; + bool found; + int r; ++ void *release_cookie; + + /* Proceed to next data object in the field's linked list */ + if (j->unique_offset == 0) { +@@ -2568,7 +2569,7 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + return -EBADMSG; + } + +- r = journal_file_object_keep(j->unique_file, o, j->unique_offset); ++ r = journal_file_object_keep(j->unique_file, o, j->unique_offset, &release_cookie); + if (r < 0) + return r; + +@@ -2616,13 +2617,13 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + found = true; + } + +- if (found) +- continue; +- +- r = journal_file_object_release(j->unique_file, o, j->unique_offset); ++ r = journal_file_object_release(j->unique_file, release_cookie); + if (r < 0) + return r; + ++ if (found) ++ continue; ++ + r = return_data(j, j->unique_file, o, data, l); + if (r < 0) + return r; +diff --git a/src/journal/test-mmap-cache.c b/src/journal/test-mmap-cache.c +index b7bb260fcf..778e884c3f 100644 +--- a/src/journal/test-mmap-cache.c ++++ b/src/journal/test-mmap-cache.c +@@ -49,23 +49,23 @@ int main(int argc, char *argv[]) { + assert(z >= 0); + unlink(pz); + +- r = mmap_cache_get(m, x, PROT_READ, 0, false, 1, 2, NULL, &p); ++ r = mmap_cache_get(m, x, PROT_READ, 0, false, 1, 2, NULL, &p, NULL); + assert(r >= 0); + +- r = mmap_cache_get(m, x, PROT_READ, 0, false, 2, 2, NULL, &q); ++ r = mmap_cache_get(m, x, PROT_READ, 0, false, 2, 2, NULL, &q, NULL); + assert(r >= 0); + + assert((uint8_t*) p + 1 == (uint8_t*) q); + +- r = mmap_cache_get(m, x, PROT_READ, 1, false, 3, 2, NULL, &q); ++ r = mmap_cache_get(m, x, PROT_READ, 1, false, 3, 2, NULL, &q, NULL); + assert(r >= 0); + + assert((uint8_t*) p + 2 == (uint8_t*) q); + +- r = mmap_cache_get(m, x, PROT_READ, 0, false, 16ULL*1024ULL*1024ULL, 2, NULL, &p); ++ r = mmap_cache_get(m, x, PROT_READ, 0, false, 16ULL*1024ULL*1024ULL, 2, NULL, &p, NULL); + assert(r >= 0); + +- r = mmap_cache_get(m, x, PROT_READ, 1, false, 16ULL*1024ULL*1024ULL+1, 2, NULL, &q); ++ r = mmap_cache_get(m, x, PROT_READ, 1, false, 16ULL*1024ULL*1024ULL+1, 2, NULL, &q, NULL); + assert(r >= 0); + + assert((uint8_t*) p + 1 == (uint8_t*) q); diff --git a/0564-journalctl-use-pager-for-list-boots.patch b/0564-journalctl-use-pager-for-list-boots.patch new file mode 100644 index 0000000..b4182a4 --- /dev/null +++ b/0564-journalctl-use-pager-for-list-boots.patch @@ -0,0 +1,22 @@ +From cab9b000f28a940e92d1d4241d967cad94c650e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 19:52:31 -0400 +Subject: [PATCH] journalctl: use pager for --list-boots + +--- + src/journal/journalctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 7f4bc3229c..328e40b416 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -837,6 +837,8 @@ static int list_boots(sd_journal *j) { + if (r < 0) + return r; + ++ pager_open_if_enabled(); ++ + SD_JOURNAL_FOREACH_UNIQUE(j, data, length) { + assert(startswith(data, "_BOOT_ID=")); + diff --git a/0565-systemctl-remove-casts-in-formatting.patch b/0565-systemctl-remove-casts-in-formatting.patch new file mode 100644 index 0000000..4ea6091 --- /dev/null +++ b/0565-systemctl-remove-casts-in-formatting.patch @@ -0,0 +1,66 @@ +From 8c06592fa10c08d94f0841548516e72d08366e85 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 22:57:56 -0400 +Subject: [PATCH] systemctl: remove casts in formatting + +--- + src/systemctl/systemctl.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index cdaefa52b9..8d6d162d15 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -2186,7 +2186,7 @@ static int cancel_job(sd_bus *bus, char **args) { + NULL, + "u", id); + if (r < 0) { +- log_error("Failed to cancel job %u: %s", (unsigned) id, bus_error_message(&error, r)); ++ log_error("Failed to cancel job %"PRIu32": %s", id, bus_error_message(&error, r)); + return r; + } + } +@@ -3409,7 +3409,7 @@ static void print_status_info( + + if (i->main_pid > 0 || i->control_pid > 0) { + if (i->main_pid > 0) { +- printf(" Main PID: %u", (unsigned) i->main_pid); ++ printf(" Main PID: "PID_FMT, i->main_pid); + + if (i->running) { + _cleanup_free_ char *comm = NULL; +@@ -3440,7 +3440,7 @@ static void print_status_info( + if (i->control_pid > 0) { + _cleanup_free_ char *c = NULL; + +- printf(" %8s: %u", i->main_pid ? "" : " Control", (unsigned) i->control_pid); ++ printf(" %8s: "PID_FMT, i->main_pid ? "" : " Control", i->control_pid); + + get_process_comm(i->control_pid, &c); + if (c) +@@ -3828,7 +3828,7 @@ static int print_property(const char *name, sd_bus_message *m, const char *conte + return bus_log_parse_error(r); + + if (u > 0) +- printf("%s=%u\n", name, (unsigned) u); ++ printf("%s=%"PRIu32"\n", name, u); + else if (arg_all) + printf("%s=\n", name); + +@@ -3999,14 +3999,14 @@ static int print_property(const char *name, sd_bus_message *m, const char *conte + + tt = strv_join(info.argv, " "); + +- printf("%s={ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid=%u ; code=%s ; status=%i%s%s }\n", ++ printf("%s={ path=%s ; argv[]=%s ; ignore_errors=%s ; start_time=[%s] ; stop_time=[%s] ; pid="PID_FMT" ; code=%s ; status=%i%s%s }\n", + name, + strna(info.path), + strna(tt), + yes_no(info.ignore), + strna(format_timestamp(timestamp1, sizeof(timestamp1), info.start_timestamp)), + strna(format_timestamp(timestamp2, sizeof(timestamp2), info.exit_timestamp)), +- (unsigned) info. pid, ++ info.pid, + sigchld_code_to_string(info.code), + info.status, + info.code == CLD_EXITED ? "" : "/", diff --git a/0566-man-clarify-what-microsoft-and-oracle-stand-for.patch b/0566-man-clarify-what-microsoft-and-oracle-stand-for.patch new file mode 100644 index 0000000..b473f80 --- /dev/null +++ b/0566-man-clarify-what-microsoft-and-oracle-stand-for.patch @@ -0,0 +1,30 @@ +From b3a2a7ceb7b0db3003c205bc49853fd62df155dc Mon Sep 17 00:00:00 2001 +From: Rahul Sundaram +Date: Thu, 9 Oct 2014 22:14:36 -0400 +Subject: [PATCH] man: clarify what "microsoft" and "oracle" stand for + +https://bugzilla.redhat.com/show_bug.cgi?id=1150477 +--- + man/systemd-detect-virt.xml | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index 1e8230c555..d3969e1f82 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -68,10 +68,11 @@ + virtualization technology. The following technologies + are currently identified: qemu, + kvm, vmware, +- microsoft, +- oracle, xen, +- bochs, chroot, +- uml, ++ microsoft (Hyper-V, also known as ++ Viridian or Windows Server Virtualization), ++ oracle (VirtualBox), ++ xen, bochs, ++ chroot, uml, + openvz, lxc, + lxc-libvirt, + systemd-nspawn, diff --git a/0567-Update-TODO.patch b/0567-Update-TODO.patch new file mode 100644 index 0000000..5e079b3 --- /dev/null +++ b/0567-Update-TODO.patch @@ -0,0 +1,33 @@ +From afea8d3853d0f76b3845729ff00e75d281f43a1b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Oct 2014 20:01:02 -0400 +Subject: [PATCH] Update TODO + +--- + TODO | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/TODO b/TODO +index dc20954582..69ed60eaff 100644 +--- a/TODO ++++ b/TODO +@@ -11,6 +11,7 @@ Bugfixes: + * properly handle .mount unit state tracking when two mount points are stacked one on top of another on the exact same mount point. + + After killing 'systemd --user', systemctl restart user@... fails. ++/run/user/1000/systemd/notify has to be removed manually. + + ExecStart with unicode characters fails in strv_split_quoted: + +@@ -18,6 +19,11 @@ ExecStart with unicode characters fails in strv_split_quoted: + Environment=ONE='one' "TWO='two two' too" THREE= + ExecStart=/bin/python3 -c 'import sys;print(sys.argv)' $ONE $TWO $THREE + ++MEMORY return code is overloaded for syntax errors in the commandline. ++str_split_quoted() should return a real return code, so spawn_child can ++report the failure properly. ++ ++ + External: + * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros. + diff --git a/0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch b/0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch new file mode 100644 index 0000000..5479468 --- /dev/null +++ b/0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch @@ -0,0 +1,36 @@ +From 4f47bb8c5e5f234c614dc14532a9483328e61002 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 22:25:01 -0500 +Subject: [PATCH] build-sys: use -Wno-typedef-redefinition only for clang + +Our checks for -Wno-xxx switches do not work with gcc [1]. + +[1] https://gcc.gnu.org/wiki/FAQ#wnowarning +--- + configure.ac | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index caf1f0e54e..d04f6f464f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -183,7 +183,6 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -Wno-unused-result \ +- -Wno-typedef-redefinition \ + -Werror=overflow \ + -Wdate-time \ + -Wnested-externs \ +@@ -198,6 +197,11 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -fstack-protector-strong \ + -fPIE \ + --param=ssp-buffer-size=4]) ++ ++AS_CASE([$CC], [*clang*], ++ [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ ++ -Wno-typedef-redefinition])]) ++ + AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], + [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -flto -ffat-lto-objects])], diff --git a/0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch b/0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch new file mode 100644 index 0000000..beaf22b --- /dev/null +++ b/0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch @@ -0,0 +1,26 @@ +From 65e3a2cf7c3b399853dd309f702ca5078b7d16ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 9 Oct 2014 22:30:45 -0500 +Subject: [PATCH] build-sys: use -Wno-gnu-variable-sized-type-not-at-end under + clang + +Otherwise we get useless warnings about journal code. +--- + configure.ac | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index d04f6f464f..945adfcbee 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -200,7 +200,9 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + + AS_CASE([$CC], [*clang*], + [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ +- -Wno-typedef-redefinition])]) ++ -Wno-typedef-redefinition \ ++ -Wno-gnu-variable-sized-type-not-at-end \ ++ ])]) + + AS_CASE([$CFLAGS], [*-O[[12345\ ]]*], + [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ diff --git a/0570-systemd-hibernate-resume-.service-remove-unnecessary.patch b/0570-systemd-hibernate-resume-.service-remove-unnecessary.patch new file mode 100644 index 0000000..c9c1c92 --- /dev/null +++ b/0570-systemd-hibernate-resume-.service-remove-unnecessary.patch @@ -0,0 +1,28 @@ +From 5516ae44198b5128f2afd93c7fb7973f89e2bfd9 Mon Sep 17 00:00:00 2001 +From: Ivan Shapovalov +Date: Thu, 9 Oct 2014 23:52:26 -0400 +Subject: [PATCH] systemd-hibernate-resume@.service: remove unnecessary + ordering + +They were left from an early review iteration, when hibernate-resume +functionality was intended to work also outside of initramfs. +Now this is not the case, and these dependencies became redundant +as systemd-fsck-root.service can never be part of initramfs, and +systemd-remount-fs.service makes little sense in it. +--- + units/systemd-hibernate-resume@.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/systemd-hibernate-resume@.service.in b/units/systemd-hibernate-resume@.service.in +index 6db584dc4d..65e8eb83f1 100644 +--- a/units/systemd-hibernate-resume@.service.in ++++ b/units/systemd-hibernate-resume@.service.in +@@ -12,7 +12,7 @@ DefaultDependencies=no + BindsTo=%i.device + Wants=local-fs-pre.target + After=%i.device +-Before=local-fs-pre.target systemd-remount-fs.service systemd-fsck-root.service ++Before=local-fs-pre.target + ConditionPathExists=/etc/initrd-release + + [Service] diff --git a/0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch b/0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch new file mode 100644 index 0000000..f5a16ab --- /dev/null +++ b/0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch @@ -0,0 +1,24 @@ +From 864e17068ce9acf418d42a625141884293170952 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 10 Oct 2014 11:11:25 +0200 +Subject: [PATCH] nspawn: actually allow access to /dev/net/tun in the + container + +It's not sufficient to just copy the device node over, we need to update +the policy for it too. +--- + src/nspawn/nspawn.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index da4c116f36..f04d326131 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1558,6 +1558,7 @@ static int register_machine(pid_t pid, int local_ifindex) { + "/dev/random", "rwm", + "/dev/urandom", "rwm", + "/dev/tty", "rwm", ++ "/dev/net/tun", "rwm", + /* Allow the container + * access to ptys. However, + * do not permit the diff --git a/0572-man-rework-VM-container-identifier-list-into-a-table.patch b/0572-man-rework-VM-container-identifier-list-into-a-table.patch new file mode 100644 index 0000000..29ece2e --- /dev/null +++ b/0572-man-rework-VM-container-identifier-list-into-a-table.patch @@ -0,0 +1,139 @@ +From a9d9ad1fa7d528f49ecf9c971f840b5fe135119d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 10 Oct 2014 12:29:08 +0200 +Subject: [PATCH] man: rework VM/container identifier list into a table, and + include descriptions for all entries + +(also remove chroot from the list, we don't detect that anymore) +--- + man/systemd-detect-virt.xml | 110 +++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 98 insertions(+), 12 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index d3969e1f82..e167bddd07 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -66,17 +66,102 @@ + When executed without + will print a short identifier for the detected + virtualization technology. The following technologies +- are currently identified: qemu, +- kvm, vmware, +- microsoft (Hyper-V, also known as +- Viridian or Windows Server Virtualization), +- oracle (VirtualBox), +- xen, bochs, +- chroot, uml, +- openvz, lxc, +- lxc-libvirt, +- systemd-nspawn, +- docker. ++ are currently identified: ++ ++ ++ Known VM virtualization technologies ++ ++ ++ ++ ++ ++ ID ++ VM Product ++ ++ ++ ++ ++ qemu ++ QEMU software virtualization ++ ++ ++ kvm ++ Linux KVM kernel virtual machine ++ ++ ++ ++ vmware ++ VMware Workstation or Server, and related products ++ ++ ++ ++ microsoft ++ Hyper-V, also known as Viridian or Windows Server Virtualization ++ ++ ++ ++ oracle ++ Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems) ++ ++ ++ ++ xen ++ Xen hypervisor ++ ++ ++ ++ bochs ++ Bochs Emulator ++ ++ ++ ++ uml ++ User-mode Linux ++ ++ ++ ++ ++
++ ++ ++ Known container virtualization technologies ++ ++ ++ ++ ++ ++ ID ++ Container Product ++ ++ ++ ++ ++ openvz ++ OpenVZ/Virtuozzo ++ ++ ++ ++ lxc ++ Linux container implementation by LXC ++ ++ ++ ++ lxc-libvirt ++ Linux container implementation by libvirt ++ ++ ++ ++ systemd-nspawn ++ systemd's minimal container implementation, see systemd-nspawn1 ++ ++ ++ ++ docker ++ Docker container manager ++ ++ ++ ++
+ + If multiple virtualization solutions are used, + only the "innermost" is detected and identified. That +@@ -135,7 +220,8 @@ + + See Also + +- systemd1 ++ systemd1, ++ systemd-nspawn1 + + + diff --git a/0573-man-include-zVM-in-systemd-detect-virt-list.patch b/0573-man-include-zVM-in-systemd-detect-virt-list.patch new file mode 100644 index 0000000..4dcfdf4 --- /dev/null +++ b/0573-man-include-zVM-in-systemd-detect-virt-list.patch @@ -0,0 +1,59 @@ +From 26d32dc5ee6d288108001f3fb7d45e25be441e14 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 10 Oct 2014 12:36:57 +0200 +Subject: [PATCH] man: include zVM in systemd-detect-virt list + +--- + man/systemd-detect-virt.xml | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index e167bddd07..eed0fe0ce9 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -69,7 +69,7 @@ + are currently identified: + + +- Known VM virtualization technologies ++ Known VM virtualization technologies (i.e. full hardware virtualization) + + + +@@ -84,12 +84,18 @@ + qemu + QEMU software virtualization + ++ + + kvm + Linux KVM kernel virtual machine + + + ++ zvm ++ s390 z/VM ++ ++ ++ + vmware + VMware Workstation or Server, and related products + +@@ -106,7 +112,7 @@ + + + xen +- Xen hypervisor ++ Xen hypervisor (only domU, not dom0) + + + +@@ -124,7 +130,7 @@ +
+ + +- Known container virtualization technologies ++ Known container virtualization technologies (i.e. shared kernel virtualization) + + + diff --git a/0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch b/0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch new file mode 100644 index 0000000..724babf --- /dev/null +++ b/0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch @@ -0,0 +1,39 @@ +From e737ef153c41435f1ad42b51233eedfb279e2ff7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 10 Oct 2014 12:37:21 +0200 +Subject: [PATCH] man: reference table in systemd-detect-virt(1) from + ConditionVirtualization= documentation + +--- + man/systemd.unit.xml | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index ec7ca5634e..e9395ff16f 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -1018,13 +1018,17 @@ + openvz, + lxc, + lxc-libvirt, +- systemd-nspawn to +- test against a specific +- implementation. If multiple +- virtualization technologies are nested, +- only the innermost is considered. The +- test may be negated by prepending an +- exclamation mark. ++ systemd-nspawn, ++ docker to test ++ against a specific implementation. See ++ systemd-detect-virt1 ++ for a full list of known ++ virtualization technologies and their ++ identifiers. If multiple ++ virtualization technologies are ++ nested, only the innermost is ++ considered. The test may be negated by ++ prepending an exclamation mark. + + ConditionHost= + may be used to match against the diff --git a/0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch b/0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch new file mode 100644 index 0000000..0cf5c4b --- /dev/null +++ b/0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch @@ -0,0 +1,44 @@ +From 82279e696605fe4eeadd1ca3744c76c8790f885b Mon Sep 17 00:00:00 2001 +From: Lukasz Skalski +Date: Fri, 10 Oct 2014 12:29:04 +0200 +Subject: [PATCH] kdbus: fix buffer overflow in bus_get_owner_kdbus() function + +Commit 710fc9779b7c (kdbus repo) introduced attaching items[] +instead of name[] in kdbus_cmd_conn_info struct. Commit 581fe6c81 +(systemd repo) caught up with this change, but item size was not +properly calculated. +--- + src/libsystemd/sd-bus/bus-control.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c +index dbd94fc46b..7b106a3274 100644 +--- a/src/libsystemd/sd-bus/bus-control.c ++++ b/src/libsystemd/sd-bus/bus-control.c +@@ -398,7 +398,7 @@ static int bus_get_owner_kdbus( + struct kdbus_cmd_conn_info *cmd; + struct kdbus_conn_info *conn_info; + struct kdbus_item *item; +- size_t size; ++ size_t size, l; + uint64_t m, id; + int r; + +@@ -410,13 +410,12 @@ static int bus_get_owner_kdbus( + cmd = alloca0_align(size, 8); + cmd->id = id; + } else { +- size_t item_size = KDBUS_ITEM_HEADER_SIZE + strlen(name) + 1; +- +- size = offsetof(struct kdbus_cmd_conn_info, items) + item_size; ++ l = strlen(name) + 1; ++ size = offsetof(struct kdbus_cmd_conn_info, items) + KDBUS_ITEM_SIZE(l); + cmd = alloca0_align(size, 8); +- cmd->items[0].size = item_size; ++ cmd->items[0].size = KDBUS_ITEM_HEADER_SIZE + l; + cmd->items[0].type = KDBUS_ITEM_NAME; +- strcpy(cmd->items[0].str, name); ++ memcpy(cmd->items[0].str, name, l); + } + + cmd->size = size; diff --git a/0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch b/0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch new file mode 100644 index 0000000..7fa7259 --- /dev/null +++ b/0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch @@ -0,0 +1,228 @@ +From 9f103625b145a397e67c3714766775b615c8b587 Mon Sep 17 00:00:00 2001 +From: Tobias Hunger +Date: Thu, 9 Oct 2014 21:37:17 +0200 +Subject: [PATCH] fstab-generator: Honor mount.usr*= on kernel command line + +This allows to configure boot loader entries for systems where the +root and usr filesystems are in different subvolumes (or even on +different drives). +--- + man/systemd-fstab-generator.xml | 76 ++++++++++++++++++++++++++++- + src/fstab-generator/fstab-generator.c | 90 +++++++++++++++++++++++++++++++++-- + 2 files changed, 160 insertions(+), 6 deletions(-) + +diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml +index e3cf5d2bfb..65b48eea07 100644 +--- a/man/systemd-fstab-generator.xml ++++ b/man/systemd-fstab-generator.xml +@@ -104,9 +104,83 @@ + (initrd) while + fstab= is + honored by both the main system and +- the initrd. ++ the initrd. + ++ ++ root= ++ ++ Takes the root filesystem to mount ++ in the initrd. ++ root= is ++ honored by the initrd. ++ ++ ++ rootfstype= ++ ++ Takes the root filesystem type that ++ will be passed to the mount command. ++ rootfstype= is ++ honored by the initrd. ++ ++ ++ rootflags= ++ ++ Takes the root filesystem mount options ++ to use. rootflags= is ++ honored by the initrd. ++ ++ ++ mount.usr= ++ ++ Takes the /usr ++ filesystem to be mounted by the initrd. If ++ mount.usrfstype= or ++ mount.usrflags= is set, then ++ mount.usr= will default to the value set in ++ root=. ++ ++ Otherwise this parameter defaults to the ++ /usr entry ++ found in /etc/fstab on the root ++ filesystem. ++ ++ mount.usr= is honored by the initrd. ++ ++ ++ ++ mount.usrfstype= ++ ++ Takes the /usr ++ filesystem type that will be passed to the mount ++ command. If mount.usr= or ++ mount.usrflags= is set, then ++ mount.usrfstype= will default to the value set in ++ rootfstype=. ++ ++ Otherwise this value will be read from the ++ /usr entry in ++ /etc/fstab on the root filesystem. ++ ++ mount.usrfstype= is ++ honored by the initrd. ++ ++ ++ mount.usrflags= ++ ++ Takes the /usr ++ filesystem mount options to use. If ++ mount.usr= or ++ mount.usrfstype= is set, then ++ mount.usrflages= will default to the value set in ++ rootflags=. + ++ Otherwise this value will be read from the ++ /usr entry in ++ /etc/fstab on the root filesystem. ++ ++ mount.usrflags= is ++ honored by the initrd. ++ + + + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index b75bbb7998..32a8f9bd51 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -43,6 +43,9 @@ static char *arg_root_what = NULL; + static char *arg_root_fstype = NULL; + static char *arg_root_options = NULL; + static int arg_root_rw = -1; ++static char *arg_usr_what = NULL; ++static char *arg_usr_fstype = NULL; ++static char *arg_usr_options = NULL; + + + static int mount_find_pri(struct mntent *me, int *ret) { +@@ -494,12 +497,64 @@ static int add_root_mount(void) { + "/proc/cmdline"); + } + ++static int add_usr_mount(void) { ++ _cleanup_free_ char *what = NULL; ++ const char *opts; ++ ++ if (!arg_usr_what && !arg_usr_fstype && !arg_usr_options) ++ return 0; ++ ++ if (arg_root_what && !arg_usr_what) { ++ arg_usr_what = strdup(arg_root_what); ++ ++ if (!arg_usr_what) ++ return log_oom(); ++ } ++ ++ if (arg_root_fstype && !arg_usr_fstype) { ++ arg_usr_fstype = strdup(arg_root_fstype); ++ ++ if (!arg_usr_fstype) ++ return log_oom(); ++ } ++ ++ if (arg_root_options && !arg_usr_options) { ++ arg_usr_options = strdup(arg_root_options); ++ ++ if (!arg_usr_options) ++ return log_oom(); ++ } ++ ++ if (!arg_usr_what || !arg_usr_options) ++ return 0; ++ ++ what = fstab_node_to_udev_node(arg_usr_what); ++ if (!path_is_absolute(what)) { ++ log_debug("Skipping entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype)); ++ return -1; ++ } ++ ++ opts = arg_usr_options; ++ ++ log_debug("Found entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype)); ++ return add_mount(what, ++ "/sysroot/usr", ++ arg_usr_fstype, ++ opts, ++ 1, ++ false, ++ false, ++ false, ++ SPECIAL_INITRD_ROOT_FS_TARGET, ++ "/proc/cmdline"); ++} ++ + static int parse_proc_cmdline_item(const char *key, const char *value) { + int r; + +- /* root= and roofstype= may occur more than once, the last +- * instance should take precedence. In the case of multiple +- * rootflags= the arguments should be concatenated */ ++ /* root=, usr=, usrfstype= and roofstype= may occur more than once, the last ++ * instance should take precedence. In the case of multiple rootflags= ++ * or usrflags= the arguments should be concatenated */ + + if (STR_IN_SET(key, "fstab", "rd.fstab") && value) { + +@@ -531,6 +586,28 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { + free(arg_root_options); + arg_root_options = o; + ++ } else if (streq(key, "mount.usr") && value) { ++ ++ if (free_and_strdup(&arg_usr_what, value) < 0) ++ return log_oom(); ++ ++ } else if (streq(key, "mount.usrfstype") && value) { ++ ++ if (free_and_strdup(&arg_usr_fstype, value) < 0) ++ return log_oom(); ++ ++ } else if (streq(key, "mount.usrflags") && value) { ++ char *o; ++ ++ o = arg_usr_options ? ++ strjoin(arg_usr_options, ",", value, NULL) : ++ strdup(value); ++ if (!o) ++ return log_oom(); ++ ++ free(arg_usr_options); ++ arg_usr_options = o; ++ + } else if (streq(key, "rw") && !value) + arg_root_rw = true; + else if (streq(key, "ro") && !value) +@@ -559,9 +636,12 @@ int main(int argc, char *argv[]) { + if (parse_proc_cmdline(parse_proc_cmdline_item) < 0) + return EXIT_FAILURE; + +- /* Always honour root= in the kernel command line if we are in an initrd */ +- if (in_initrd()) ++ /* Always honour root= and usr= in the kernel command line if we are in an initrd */ ++ if (in_initrd()) { + r = add_root_mount(); ++ if (r == 0) ++ r = add_usr_mount(); ++ } + + /* Honour /etc/fstab only when that's enabled */ + if (arg_fstab_enabled) { diff --git a/0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch b/0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch new file mode 100644 index 0000000..8accd7b --- /dev/null +++ b/0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch @@ -0,0 +1,49 @@ +From 0fff82e5f867f9494ed631736964d9abfe672673 Mon Sep 17 00:00:00 2001 +From: Emil Renner Berthing +Date: Thu, 18 Sep 2014 15:24:55 +0200 +Subject: [PATCH] mount-setup: skip relabelling when SELinux and SMACK not + supported + +This is also the only place where FTW_ACTIONRETVAL is used, so +this makes systemd compile without SELinux or SMACK support +when the standard library doesn't support this extension. +--- + src/core/mount-setup.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index 23a66d2e95..8e91217828 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -351,6 +351,7 @@ int mount_cgroup_controllers(char ***join_controllers) { + return 0; + } + ++#if defined(HAVE_SELINUX) || defined(HAVE_SMACK) + static int nftw_cb( + const char *fpath, + const struct stat *sb, +@@ -372,6 +373,7 @@ static int nftw_cb( + + return FTW_CONTINUE; + }; ++#endif + + int mount_setup(bool loaded_policy) { + int r; +@@ -384,6 +386,7 @@ int mount_setup(bool loaded_policy) { + return r; + } + ++#if defined(HAVE_SELINUX) || defined(HAVE_SMACK) + /* Nodes in devtmpfs and /run need to be manually updated for + * the appropriate labels, after mounting. The other virtual + * API file systems like /sys and /proc do not need that, they +@@ -402,6 +405,7 @@ int mount_setup(bool loaded_policy) { + log_info("Relabelled /dev and /run in %s.", + format_timespan(timespan, sizeof(timespan), after_relabel - before_relabel, 0)); + } ++#endif + + /* Create a few default symlinks, which are normally created + * by udevd, but some scripts might need them before we start diff --git a/fedora-add-bridge-sysctl-configuration.patch b/fedora-add-bridge-sysctl-configuration.patch new file mode 100644 index 0000000..539df79 --- /dev/null +++ b/fedora-add-bridge-sysctl-configuration.patch @@ -0,0 +1,87 @@ +From 30353eb466fe1ef768dc7bc1ccc1239b97dab70c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Oct 2014 01:49:10 -0400 +Subject: [PATCH] fedora: add bridge sysctl configuration + +Udev rule is added to load those settings when the bridge +module is loaded. + +https://bugzilla.redhat.com/show_bug.cgi?id=634736 +--- + Makefile.am | 8 ++++++-- + rules/.gitignore | 1 + + rules/99-bridge.rules.in | 9 +++++++++ + sysctl.d/50-bridge.conf | 4 ++++ + 4 files changed, 20 insertions(+), 2 deletions(-) + create mode 100644 rules/99-bridge.rules.in + create mode 100644 sysctl.d/50-bridge.conf + +diff --git a/Makefile.am b/Makefile.am +index e52db1793b..41e94575ef 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -445,7 +445,8 @@ CLEANFILES += \ + $(nodist_zshcompletion_DATA) + + dist_sysctl_DATA = \ +- sysctl.d/50-default.conf ++ sysctl.d/50-default.conf \ ++ sysctl.d/50-bridge.conf + + dist_systemunit_DATA = \ + units/graphical.target \ +@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \ + rules/95-udev-late.rules + + nodist_udevrules_DATA += \ +- rules/99-systemd.rules ++ rules/99-systemd.rules \ ++ rules/99-bridge.rules + + dist_udevhwdb_DATA = \ + hwdb/20-pci-vendor-model.hwdb \ +@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \ + + EXTRA_DIST += \ + rules/99-systemd.rules.in \ ++ rules/99-bridge.rules.in \ + src/udev/udev.pc.in + + CLEANFILES += \ + rules/99-systemd.rules \ ++ rules/99-bridge.rules \ + src/udev/udev.pc + + EXTRA_DIST += \ +diff --git a/rules/.gitignore b/rules/.gitignore +index 93a50ddd80..46c7f3ce91 100644 +--- a/rules/.gitignore ++++ b/rules/.gitignore +@@ -1 +1,2 @@ + /99-systemd.rules ++/99-bridge.rules +diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in +new file mode 100644 +index 0000000000..f46f96bd2e +--- /dev/null ++++ b/rules/99-bridge.rules.in +@@ -0,0 +1,9 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++# Apply sysctl settings to bridges ++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge" +diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf +new file mode 100644 +index 0000000000..b586bf15fa +--- /dev/null ++++ b/sysctl.d/50-bridge.conf +@@ -0,0 +1,4 @@ ++# Disable netfilter on bridges. ++net.bridge.bridge-nf-call-ip6tables = 0 ++net.bridge.bridge-nf-call-iptables = 0 ++net.bridge.bridge-nf-call-arptables = 0 diff --git a/fedora-disable-resolv.conf-symlink.patch b/fedora-disable-resolv.conf-symlink.patch new file mode 100644 index 0000000..b80ce12 --- /dev/null +++ b/fedora-disable-resolv.conf-symlink.patch @@ -0,0 +1,22 @@ +From 6da80d4bbfaa3d8a2a8952995a108d6dbd6a1e3f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 3 Oct 2014 21:34:14 -0400 +Subject: [PATCH] fedora: disable resolv.conf symlink + +--- + tmpfiles.d/etc.conf.m4 | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 +index f567c8d6ea..125d6e0a17 100644 +--- a/tmpfiles.d/etc.conf.m4 ++++ b/tmpfiles.d/etc.conf.m4 +@@ -10,8 +10,5 @@ + L /etc/os-release - - - - ../usr/lib/os-release + L /etc/localtime - - - - ../usr/share/zoneinfo/UTC + L+ /etc/mtab - - - - ../proc/self/mounts +-m4_ifdef(`ENABLE_RESOLVED', +-L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf +-) + C /etc/nsswitch.conf - - - - + C /etc/pam.d - - - - diff --git a/systemd.spec b/systemd.spec index a9fa295..797e8bf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 216 -Release: 9%{?gitcommit:.git%{gitcommit}}%{?dist} +Release: 10%{?gitcommit:.git%{gitcommit}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager @@ -571,10 +571,54 @@ Patch0529: 0529-man-move-commandline-parsing-to-a-separate-section.patch Patch0530: 0530-man-document-stripping-of-quotes.patch Patch0531: 0531-Update-TODO.patch Patch0532: 0532-proc-sys-prefixes-are-not-necessary-for-sysctl-anymo.patch -Patch0533: 0533-core-don-t-allow-enabling-if-unit-is-masked.patch -Patch0534: 0534-fedora-disable-resolv.conf-symlink.patch -Patch0535: 0535-fedora-add-bridge-sysctl-configuration.patch - +Patch0533: 0533-bus-proxyd-assorted-cleanups-and-fixes.patch +Patch0534: 0534-core-don-t-allow-enabling-if-unit-is-masked.patch +Patch0535: 0535-man-mention-docker-as-type-of-virtualization.patch +Patch0536: 0536-NEWS-update-for-217.patch +Patch0537: 0537-unit-move-UnitDependency-to-unit-name.patch +Patch0538: 0538-systemctl-add-add-wants-and-add-requires-verbs.patch +Patch0539: 0539-note-on-relative-symlink-in-os-release.patch +Patch0540: 0540-nspawn-copy-dev-net-tun-from-host.patch +Patch0541: 0541-sd-bus-sync-kdbus.h-ABI-break.patch +Patch0542: 0542-Update-TODO.patch +Patch0543: 0543-core-map-the-rescue-argument-to-rescue.target.patch +Patch0544: 0544-time-functions-named-internal-really-shouldn-t-be-ex.patch +Patch0545: 0545-util-avoid-double-close-of-fd.patch +Patch0546: 0546-man-systemctl-document-enable-on-masked-units.patch +Patch0547: 0547-sd-event-be-more-careful-when-enabling-disabling-sig.patch +Patch0548: 0548-sd-event-also-update-signal-mask-when-disconnecting-.patch +Patch0549: 0549-update-TODO.patch +Patch0550: 0550-systemctl-suggest-xe-not-xn.patch +Patch0551: 0551-sd-bus-check-return-value-of-asprintf.patch +Patch0552: 0552-man-SyslogIdentifier-has-an-effect-on-journal-loggin.patch +Patch0553: 0553-logind-mount-per-user-tmpfs-with-smackfsroot-for-sma.patch +Patch0554: 0554-bus-policy-move-name-list-iteration-to-policy-users.patch +Patch0555: 0555-sd-dhcp6-lease-Name-the-structure-containing-IAADDR-.patch +Patch0556: 0556-socket-proxyd-Unchecked-return-value-from-library.patch +Patch0557: 0557-bus-proxy-allow-getpeersec-to-fail.patch +Patch0558: 0558-update-TODO.patch +Patch0559: 0559-service-enter-SERVICE_STOP_SIGTERM-state-after-getti.patch +Patch0560: 0560-man-document-the-new-rescue-kernel-command-line-opti.patch +Patch0561: 0561-sd-journal-do-not-reset-sd_j_enumerate_unique-positi.patch +Patch0562: 0562-sd-journal-change-check-to-assert.patch +Patch0563: 0563-sd-journal-fix-sd_journal_enumerate_unique-skipping-.patch +Patch0564: 0564-journalctl-use-pager-for-list-boots.patch +Patch0565: 0565-systemctl-remove-casts-in-formatting.patch +Patch0566: 0566-man-clarify-what-microsoft-and-oracle-stand-for.patch +Patch0567: 0567-Update-TODO.patch +Patch0568: 0568-build-sys-use-Wno-typedef-redefinition-only-for-clan.patch +Patch0569: 0569-build-sys-use-Wno-gnu-variable-sized-type-not-at-end.patch +Patch0570: 0570-systemd-hibernate-resume-.service-remove-unnecessary.patch +Patch0571: 0571-nspawn-actually-allow-access-to-dev-net-tun-in-the-c.patch +Patch0572: 0572-man-rework-VM-container-identifier-list-into-a-table.patch +Patch0573: 0573-man-include-zVM-in-systemd-detect-virt-list.patch +Patch0574: 0574-man-reference-table-in-systemd-detect-virt-1-from-Co.patch +Patch0575: 0575-kdbus-fix-buffer-overflow-in-bus_get_owner_kdbus-fun.patch +Patch0576: 0576-fstab-generator-Honor-mount.usr-on-kernel-command-li.patch +Patch0577: 0577-mount-setup-skip-relabelling-when-SELinux-and-SMACK-.patch + +Patch0998: fedora-disable-resolv.conf-symlink.patch +Patch0999: fedora-add-bridge-sysctl-configuration.patch # kernel-install patch for grubby, drop if grubby is obsolete Patch1000: kernel-install-grubby.patch @@ -1354,9 +1398,13 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd %{_datadir}/systemd/gatewayd %changelog +* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10 +- Fix a problem with voluntary daemon exits and some other bugs + (#1150477, #1095962, #1150289) + * Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9 - Update to latest git, but without the readahead removal patch - (#1114786, #1141137) + (#1114786, #634736) * Wed Oct 01 2014 Kay Sievers - 216-8 - revert "don't reset selinux context during CHANGE events"