diff --git a/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch b/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch deleted file mode 100644 index eb7d1c1f18632415c8ccef564bb753310df4cbf7..0000000000000000000000000000000000000000 --- a/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch +++ /dev/null @@ -1,108 +0,0 @@ -From a5b07847950c603605acf85b472b210cd2da40fb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:48:18 +0100 -Subject: [PATCH] core: create/remove unit bus name slots always together - -When a service unit watches a bus name (i.e. because of BusName= being -set), then we do two things: we install a match slot to watch how its -ownership changes, and we inquire about the current owner. Make sure we -always do both together or neither. - -This in particular fixes a corner-case memleak when destroying bus -connections, since we never freed the GetNameOwner() bus slots when -destroying a bus when they were still ongoing. ---- - src/core/dbus.c | 11 ++++------- - src/core/unit.c | 32 +++++++++++++++++++++----------- - 2 files changed, 25 insertions(+), 18 deletions(-) - -diff --git a/src/core/dbus.c b/src/core/dbus.c -index 3c40f29..cef1789 100644 ---- a/src/core/dbus.c -+++ b/src/core/dbus.c -@@ -1051,13 +1051,10 @@ static void destroy_bus(Manager *m, sd_bus **bus) { - - /* Make sure all bus slots watching names are released. */ - HASHMAP_FOREACH(u, m->watch_bus, i) { -- if (!u->match_bus_slot) -- continue; -- -- if (sd_bus_slot_get_bus(u->match_bus_slot) != *bus) -- continue; -- -- u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ if (u->match_bus_slot && sd_bus_slot_get_bus(u->match_bus_slot) == *bus) -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ if (u->get_name_owner_slot && sd_bus_slot_get_bus(u->get_name_owner_slot) == *bus) -+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - } - - /* Get rid of tracked clients on this bus */ -diff --git a/src/core/unit.c b/src/core/unit.c -index 5cf16c6..8781132 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3238,12 +3238,13 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) { - const char *match; -+ int r; - - assert(u); - assert(bus); - assert(name); - -- if (u->match_bus_slot) -+ if (u->match_bus_slot || u->get_name_owner_slot) - return -EBUSY; - - match = strjoina("type='signal'," -@@ -3253,19 +3254,27 @@ int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) { - "member='NameOwnerChanged'," - "arg0='", name, "'"); - -- int r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u); -+ r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u); - if (r < 0) - return r; - -- return sd_bus_call_method_async(bus, -- &u->get_name_owner_slot, -- "org.freedesktop.DBus", -- "/org/freedesktop/DBus", -- "org.freedesktop.DBus", -- "GetNameOwner", -- get_name_owner_handler, -- u, -- "s", name); -+ r = sd_bus_call_method_async( -+ bus, -+ &u->get_name_owner_slot, -+ "org.freedesktop.DBus", -+ "/org/freedesktop/DBus", -+ "org.freedesktop.DBus", -+ "GetNameOwner", -+ get_name_owner_handler, -+ u, -+ "s", name); -+ if (r < 0) { -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ return r; -+ } -+ -+ log_unit_debug(u, "Watching D-Bus name '%s'.", name); -+ return 0; - } - - int unit_watch_bus_name(Unit *u, const char *name) { -@@ -3288,6 +3297,7 @@ int unit_watch_bus_name(Unit *u, const char *name) { - r = hashmap_put(u->manager->watch_bus, name, u); - if (r < 0) { - u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - return log_warning_errno(r, "Failed to put bus name to hashmap: %m"); - } - --- -1.8.3.1 - diff --git a/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch b/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch deleted file mode 100644 index dead4f2b9d026a369eea4e52bb2d29604ff4ac72..0000000000000000000000000000000000000000 --- a/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 42837b8134844c1d08014e480f9497d165c57ef6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:31:48 +0100 -Subject: [PATCH] core: don't check error parameter of get_name_owner_handler() - -It's a *return* parameter, not an input parameter. Yes, this is a bit -confusing for method call replies, but we try to use the same message -handler for all incoming messages, hence the parameter. We are supposed -to write any error into it we encounter, if we want, and our caller will -log it, but that's it. ---- - src/core/unit.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 03b4b57..c54abe9 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3218,11 +3218,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - -- if (sd_bus_error_is_set(error)) { -- log_error("Failed to get name owner from bus: %s", error->message); -- return 0; -- } -- - e = sd_bus_message_get_error(message); - if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) - return 0; --- -1.8.3.1 - diff --git a/0001-core-dont-check-potentially-NULL-error.patch b/0001-core-dont-check-potentially-NULL-error.patch deleted file mode 100644 index b3b60d4ceaddedc674d85ace50200e4b408e677a..0000000000000000000000000000000000000000 --- a/0001-core-dont-check-potentially-NULL-error.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a54654ba700b1fc6f5cc92e88e2c5544fd7ad2fd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:15 +0100 -Subject: [PATCH] core: don't check potentially NULL error, it's not gonna work - anyway - ---- - src/core/unit.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index c54abe9..7ea0e8a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3219,11 +3219,10 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot); - - e = sd_bus_message_get_error(message); -- if (sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -- return 0; -- - if (e) { -- log_error("Unexpected error response from GetNameOwner: %s", e->message); -+ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -+ log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); -+ - return 0; - } - --- -1.8.3.1 - diff --git a/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch b/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch deleted file mode 100644 index 6ed1791c28c02b0e6f844f57b3c89a7d30eae304..0000000000000000000000000000000000000000 --- a/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch +++ /dev/null @@ -1,331 +0,0 @@ -From fc67a943d989d5e74577adea9676cdc7928b08fc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 17:31:34 +0100 -Subject: [PATCH] core: drop initial ListNames() bus call from PID 1 - -Previously, when first connecting to the bus after connecting to it we'd -issue a ListNames() bus call to the driver to figure out which bus names -are currently active. This information was then used to initialize the -initial state for services that use BusName=. - -This change removes the whole code for this and replaces it with -something vastly simpler. - -First of all, the ListNames() call was issues synchronosuly, which meant -if dbus was for some reason synchronously calling into PID1 for some -reason we'd deadlock. As it turns out there's now a good chance it does: -the nss-systemd userdb hookup means that any user dbus-daemon resolves -might result in a varlink call into PID 1, and dbus resolves quite a lot -of users while parsing its policy. My original goal was to fix this -deadlock. - -But as it turns out we don't need the ListNames() call at all anymore, -since #12957 has been merged. That PR was supposed to fix a race where -asynchronous installation of bus matches would cause us missing the -initial owner of a bus name when a service is first started. It fixed it -(correctly) by enquiring with GetOwnerName() who currently owns the -name, right after installing the match. But this means whenever we start watching a bus name we anyway -issue a GetOwnerName() for it, and that means also when first connecting -to the bus we don't need to issue ListNames() anymore since that just -tells us the same info: which names are currently owned. - -hence, let's drop ListNames() and instead make better use of the -GetOwnerName() result: if it failed the name is not owned. - -Also, while we are at it, let's simplify the unit's owner_name_changed() -callback(): let's drop the "old_owner" argument. We never used that -besides logging, and it's hard to synthesize from just the return of a -GetOwnerName(), hence don't bother. ---- - src/core/dbus.c | 112 ----------------------------------------------------- - src/core/dbus.h | 2 - - src/core/manager.c | 4 -- - src/core/manager.h | 2 - - src/core/service.c | 15 ++----- - src/core/unit.c | 23 ++++++----- - src/core/unit.h | 2 +- - 7 files changed, 16 insertions(+), 144 deletions(-) - -diff --git a/src/core/dbus.c b/src/core/dbus.c -index cef1789..941219f 100644 ---- a/src/core/dbus.c -+++ b/src/core/dbus.c -@@ -719,114 +719,6 @@ static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void - return 0; - } - --static int manager_dispatch_sync_bus_names(sd_event_source *es, void *userdata) { -- _cleanup_strv_free_ char **names = NULL; -- Manager *m = userdata; -- const char *name; -- Iterator i; -- Unit *u; -- int r; -- -- assert(es); -- assert(m); -- assert(m->sync_bus_names_event_source == es); -- -- /* First things first, destroy the defer event so that we aren't triggered again */ -- m->sync_bus_names_event_source = sd_event_source_unref(m->sync_bus_names_event_source); -- -- /* Let's see if there's anything to do still? */ -- if (!m->api_bus) -- return 0; -- if (hashmap_isempty(m->watch_bus)) -- return 0; -- -- /* OK, let's sync up the names. Let's see which names are currently on the bus. */ -- r = sd_bus_list_names(m->api_bus, &names, NULL); -- if (r < 0) -- return log_error_errno(r, "Failed to get initial list of names: %m"); -- -- /* We have to synchronize the current bus names with the -- * list of active services. To do this, walk the list of -- * all units with bus names. */ -- HASHMAP_FOREACH_KEY(u, name, m->watch_bus, i) { -- Service *s = SERVICE(u); -- -- assert(s); -- -- if (!streq_ptr(s->bus_name, name)) { -- log_unit_warning(u, "Bus name has changed from %s → %s, ignoring.", s->bus_name, name); -- continue; -- } -- -- /* Check if a service's bus name is in the list of currently -- * active names */ -- if (strv_contains(names, name)) { -- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; -- const char *unique; -- -- /* If it is, determine its current owner */ -- r = sd_bus_get_name_creds(m->api_bus, name, SD_BUS_CREDS_UNIQUE_NAME, &creds); -- if (r < 0) { -- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get bus name owner %s: %m", name); -- continue; -- } -- -- r = sd_bus_creds_get_unique_name(creds, &unique); -- if (r < 0) { -- log_full_errno(r == -ENXIO ? LOG_DEBUG : LOG_ERR, r, "Failed to get unique name for %s: %m", name); -- continue; -- } -- -- /* Now, let's compare that to the previous bus owner, and -- * if it's still the same, all is fine, so just don't -- * bother the service. Otherwise, the name has apparently -- * changed, so synthesize a name owner changed signal. */ -- -- if (!streq_ptr(unique, s->bus_name_owner)) -- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, unique); -- } else { -- /* So, the name we're watching is not on the bus. -- * This either means it simply hasn't appeared yet, -- * or it was lost during the daemon reload. -- * Check if the service has a stored name owner, -- * and synthesize a name loss signal in this case. */ -- -- if (s->bus_name_owner) -- UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name_owner, NULL); -- } -- } -- -- return 0; --} -- --int manager_enqueue_sync_bus_names(Manager *m) { -- int r; -- -- assert(m); -- -- /* Enqueues a request to synchronize the bus names in a later event loop iteration. The callers generally don't -- * want us to invoke ->bus_name_owner_change() unit calls from their stack frames as this might result in event -- * dispatching on its own creating loops, hence we simply create a defer event for the event loop and exit. */ -- -- if (m->sync_bus_names_event_source) -- return 0; -- -- r = sd_event_add_defer(m->event, &m->sync_bus_names_event_source, manager_dispatch_sync_bus_names, m); -- if (r < 0) -- return log_error_errno(r, "Failed to create bus name synchronization event: %m"); -- -- r = sd_event_source_set_priority(m->sync_bus_names_event_source, SD_EVENT_PRIORITY_IDLE); -- if (r < 0) -- return log_error_errno(r, "Failed to set event priority: %m"); -- -- r = sd_event_source_set_enabled(m->sync_bus_names_event_source, SD_EVENT_ONESHOT); -- if (r < 0) -- return log_error_errno(r, "Failed to set even to oneshot: %m"); -- -- (void) sd_event_source_set_description(m->sync_bus_names_event_source, "manager-sync-bus-names"); -- return 0; --} -- - static int bus_setup_api(Manager *m, sd_bus *bus) { - Iterator i; - char *name; -@@ -910,10 +802,6 @@ int bus_init_api(Manager *m) { - - m->api_bus = TAKE_PTR(bus); - -- r = manager_enqueue_sync_bus_names(m); -- if (r < 0) -- return r; -- - return 0; - } - -diff --git a/src/core/dbus.h b/src/core/dbus.h -index f1c0fa8..d5ba653 100644 ---- a/src/core/dbus.h -+++ b/src/core/dbus.h -@@ -21,8 +21,6 @@ int bus_fdset_add_all(Manager *m, FDSet *fds); - void bus_track_serialize(sd_bus_track *t, FILE *f, const char *prefix); - int bus_track_coldplug(Manager *m, sd_bus_track **t, bool recursive, char **l); - --int manager_enqueue_sync_bus_names(Manager *m); -- - int bus_foreach_bus(Manager *m, sd_bus_track *subscribed2, int (*send_message)(sd_bus *bus, void *userdata), void *userdata); - - int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error); -diff --git a/src/core/manager.c b/src/core/manager.c -index 171ff04..dbd25af 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1373,7 +1373,6 @@ Manager* manager_free(Manager *m) { - sd_event_source_unref(m->jobs_in_progress_event_source); - sd_event_source_unref(m->run_queue_event_source); - sd_event_source_unref(m->user_lookup_event_source); -- sd_event_source_unref(m->sync_bus_names_event_source); - - safe_close(m->signal_fd); - safe_close(m->notify_fd); -@@ -1610,9 +1609,6 @@ static void manager_ready(Manager *m) { - manager_recheck_journal(m); - manager_recheck_dbus(m); - -- /* Sync current state of bus names with our set of listening units */ -- (void) manager_enqueue_sync_bus_names(m); -- - /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ - manager_catchup(m); - -diff --git a/src/core/manager.h b/src/core/manager.h -index 51df7f8..8ca8e38 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -219,8 +219,6 @@ struct Manager { - int user_lookup_fds[2]; - sd_event_source *user_lookup_event_source; - -- sd_event_source *sync_bus_names_event_source; -- - UnitFileScope unit_file_scope; - LookupPaths lookup_paths; - Hashmap *unit_id_map; -diff --git a/src/core/service.c b/src/core/service.c -index 49ad166..447c7af 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -4062,24 +4062,17 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { - return 1; - } - --static void service_bus_name_owner_change( -- Unit *u, -- const char *old_owner, -- const char *new_owner) { -+static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - - Service *s = SERVICE(u); - int r; - - assert(s); - -- assert(old_owner || new_owner); -- -- if (old_owner && new_owner) -- log_unit_debug(u, "D-Bus name %s changed owner from %s to %s", s->bus_name, old_owner, new_owner); -- else if (old_owner) -- log_unit_debug(u, "D-Bus name %s no longer registered by %s", s->bus_name, old_owner); -+ if (new_owner) -+ log_unit_debug(u, "D-Bus name %s now owned by %s", s->bus_name, new_owner); - else -- log_unit_debug(u, "D-Bus name %s now registered by %s", s->bus_name, new_owner); -+ log_unit_debug(u, "D-Bus name %s now not owned by anyone.", s->bus_name); - - s->bus_name_good = !!new_owner; - -diff --git a/src/core/unit.c b/src/core/unit.c -index 8781132..e137acc 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3185,24 +3185,21 @@ int unit_load_related_unit(Unit *u, const char *type, Unit **_found) { - } - - static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) { -- const char *name, *old_owner, *new_owner; -+ const char *new_owner; - Unit *u = userdata; - int r; - - assert(message); - assert(u); - -- r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner); -+ r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner); - if (r < 0) { - bus_log_parse_error(r); - return 0; - } - -- old_owner = empty_to_null(old_owner); -- new_owner = empty_to_null(new_owner); -- - if (UNIT_VTABLE(u)->bus_name_owner_change) -- UNIT_VTABLE(u)->bus_name_owner_change(u, old_owner, new_owner); -+ UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner)); - - return 0; - } -@@ -3223,15 +3220,17 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) - log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); - -- return 0; -- } -+ new_owner = NULL; -+ } else { -+ r = sd_bus_message_read(message, "s", &new_owner); -+ if (r < 0) -+ return bus_log_parse_error(r); - -- r = sd_bus_message_read(message, "s", &new_owner); -- if (r < 0) -- return bus_log_parse_error(r); -+ assert(!isempty(new_owner)); -+ } - - if (UNIT_VTABLE(u)->bus_name_owner_change) -- UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); -+ UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner); - - return 0; - } -diff --git a/src/core/unit.h b/src/core/unit.h -index c5d8170..4410014 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -530,7 +530,7 @@ typedef struct UnitVTable { - void (*notify_message)(Unit *u, const struct ucred *ucred, char **tags, FDSet *fds); - - /* Called whenever a name this Unit registered for comes or goes away. */ -- void (*bus_name_owner_change)(Unit *u, const char *old_owner, const char *new_owner); -+ void (*bus_name_owner_change)(Unit *u, const char *new_owner); - - /* Called for each property that is being set */ - int (*bus_set_property)(Unit *u, const char *name, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); --- -1.8.3.1 - diff --git a/0001-core-no-need-to-eat-up-error.patch b/0001-core-no-need-to-eat-up-error.patch deleted file mode 100644 index b0f8368ccf1116ef628053f8c702e254ef5f0f6f..0000000000000000000000000000000000000000 --- a/0001-core-no-need-to-eat-up-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5085ef0d711f1faaacddaf5519daeb150794ea99 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:44 +0100 -Subject: [PATCH] core: no need to eat up error - -This is a method call reply. We might as well propagate the error. The -worst that happens is that sd-bus logs about it. ---- - src/core/unit.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index be92d97..5cf16c6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3227,10 +3227,8 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - } - - r = sd_bus_message_read(message, "s", &new_owner); -- if (r < 0) { -- bus_log_parse_error(r); -- return 0; -- } -+ if (r < 0) -+ return bus_log_parse_error(r); - - if (UNIT_VTABLE(u)->bus_name_owner_change) - UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); --- -1.8.3.1 - diff --git a/0001-core-shorten-code-a-bit.patch b/0001-core-shorten-code-a-bit.patch deleted file mode 100644 index 765434c5de9757e557c4e6a9f74a15dbb31456a9..0000000000000000000000000000000000000000 --- a/0001-core-shorten-code-a-bit.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 17bda1f19d5394290d7552d9db0c423b207dc40a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Dec 2019 16:35:28 +0100 -Subject: [PATCH] core: shorten code a bit - -The return parameter here cannot be NULL, the bus call either succeeds -or fails but will never uceed and return an empty owner. ---- - src/core/unit.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 7ea0e8a..be92d97 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3232,8 +3232,6 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - return 0; - } - -- new_owner = empty_to_null(new_owner); -- - if (UNIT_VTABLE(u)->bus_name_owner_change) - UNIT_VTABLE(u)->bus_name_owner_change(u, NULL, new_owner); - --- -1.8.3.1 - diff --git a/0001-udev-ignore-error-caused-by-device-disconnection.patch b/0001-udev-ignore-error-caused-by-device-disconnection.patch deleted file mode 100644 index 26336b49a4a8ab6b5c860226aac42bd4af7de323..0000000000000000000000000000000000000000 --- a/0001-udev-ignore-error-caused-by-device-disconnection.patch +++ /dev/null @@ -1,71 +0,0 @@ -From b64b83d13eedfdfc616c16c4a108ef28bf6d3b33 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 12 Nov 2019 14:58:25 +0900 -Subject: [PATCH] udev: ignore error caused by device disconnection - -During an add or change event, the device may be disconnected. - -Fixes #13976. ---- - src/udev/udev-node.c | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 2d72570..a34b8d6 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -296,8 +296,11 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - else - mode |= S_IFCHR; - -- if (lstat(devnode, &stats) < 0) -+ if (lstat(devnode, &stats) < 0) { -+ if (errno == ENOENT) -+ return 0; /* this is necessarily racey, so ignore missing the device */ - return log_device_debug_errno(dev, errno, "cannot stat() node %s: %m", devnode); -+ } - - if ((mode != MODE_INVALID && (stats.st_mode & S_IFMT) != (mode & S_IFMT)) || stats.st_rdev != devnum) - return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -@@ -322,11 +325,13 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - r = chmod_and_chown(devnode, mode, uid, gid); - if (r < 0) -- log_device_warning_errno(dev, r, "Failed to set owner/mode of %s to uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m", -- devnode, -- uid_is_valid(uid) ? uid : stats.st_uid, -- gid_is_valid(gid) ? gid : stats.st_gid, -- mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777); -+ log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, -+ "Failed to set owner/mode of %s to uid=" UID_FMT -+ ", gid=" GID_FMT ", mode=%#o: %m", -+ devnode, -+ uid_is_valid(uid) ? uid : stats.st_uid, -+ gid_is_valid(gid) ? gid : stats.st_gid, -+ mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777); - } else - log_device_debug(dev, "Preserve permissions of %s, uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o", - devnode, -@@ -343,7 +348,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - q = mac_selinux_apply(devnode, label); - if (q < 0) -- log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label); -+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q, -+ "SECLABEL: failed to set SELinux label '%s': %m", label); - else - log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label); - -@@ -352,7 +358,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - - q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label); - if (q < 0) -- log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label); -+ log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q, -+ "SECLABEL: failed to set SMACK label '%s': %m", label); - else - log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label); - --- -1.8.3.1 - diff --git a/0001-udev-use-bfq-as-the-default-scheduler.patch b/0001-udev-use-bfq-as-the-default-scheduler.patch deleted file mode 100644 index bbb294b37e289629797c348265a79e72c6c2b7a3..0000000000000000000000000000000000000000 --- a/0001-udev-use-bfq-as-the-default-scheduler.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5ab4d083dbe0a1ae095875c4af6ac26749b67211 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Aug 2019 15:57:42 +0200 -Subject: [PATCH] udev: use bfq as the default scheduler - -As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. -Test results are that bfq seems to behave better and more consistently on -typical hardware. The kernel does not have a configuration option to set -the default scheduler, and it currently needs to be set by userspace. - -See the bug for more discussion and links. ---- - rules/60-block-scheduler.rules | 5 +++++ - rules/meson.build | 1 + - 2 files changed, 6 insertions(+) - create mode 100644 rules/60-block-scheduler.rules - -diff --git a/rules/60-block-scheduler.rules b/rules/60-block-scheduler.rules -new file mode 100644 -index 00000000000..480b941761f ---- /dev/null -+++ b/rules/60-block-scheduler.rules -@@ -0,0 +1,5 @@ -+# do not edit this file, it will be overwritten on update -+ -+ACTION=="add", SUBSYSTEM=="block", \ -+ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ -+ ATTR{queue/scheduler}="bfq" -diff --git a/rules/meson.build b/rules/meson.build -index b6a32ba77e2..1da958b4d46 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -2,6 +2,7 @@ - - rules = files(''' - 60-block.rules -+ 60-block-scheduler.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules diff --git a/1612-serialize-pids-for-scope-when-not-started.patch b/1612-serialize-pids-for-scope-when-not-started.patch deleted file mode 100644 index 3d51aa655ef056e06273c59ba7cc9876b813160f..0000000000000000000000000000000000000000 --- a/1612-serialize-pids-for-scope-when-not-started.patch +++ /dev/null @@ -1,89 +0,0 @@ -From a5c08598384d44ad3bce24ff63ab320b3b3e5292 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Wed, 31 Jan 2018 22:28:36 +0800 -Subject: [PATCH] systemd-core: Serialize pids for scope unit when it is not - started - -1. when a scope unit is initialized, and daemon-reload is performed before it is started, -pids (generally comes from dbus) belog to this scope will not be attached to the cgroup of this scope, -because these pids are not serialized and are lost during daemon-reload. -2. this patch fix this problem by serializing scope pids when the state of the scope is DEAD(the init state). ---- - src/core/scope.c | 33 +++++++++++++++++++++++++++++++++ - 1 file changed, 33 insertions(+) - -diff --git a/src/core/scope.c b/src/core/scope.c -index ae6614f..8d96ee1 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -194,6 +194,8 @@ static int scope_load(Unit *u) { - - static int scope_coldplug(Unit *u) { - Scope *s = SCOPE(u); -+ Iterator i; -+ void *pidp = NULL; - int r; - - assert(s); -@@ -214,6 +216,12 @@ static int scope_coldplug(Unit *u) { - bus_scope_track_controller(s); - - scope_set_state(s, s->deserialized_state); -+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { -+ SET_FOREACH(pidp, u->pids, i) { -+ log_unit_info(u, "Rewatch pid from serialized pids. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); -+ unit_watch_pid(u, PTR_TO_UINT32(pidp)); -+ } -+ } - return 0; - } - -@@ -396,6 +404,8 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) { - } - - static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { -+ Iterator i; -+ void *pidp = NULL; - Scope *s = SCOPE(u); - - assert(s); -@@ -408,6 +418,14 @@ static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { - if (s->controller) - unit_serialize_item(u, f, "controller", s->controller); - -+ /*serialize pids when scope is not started*/ -+ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { -+ SET_FOREACH(pidp, u->pids, i) { -+ log_unit_info(u, "scope is not started yet, pids are serialized. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); -+ unit_serialize_item_format(u, f, "scope_pids", PID_FMT, PTR_TO_UINT32(pidp)); -+ } -+ } -+ - return 0; - } - -@@ -443,6 +461,21 @@ static int scope_deserialize_item(Unit *u, const char *key, const char *value, F - if (r < 0) - log_oom(); - -+ } else if (streq(key, "scope_pids")) { -+ pid_t pid; -+ -+ if (parse_pid(value, &pid) < 0) -+ log_unit_debug(u, "Failed to parse scope-pid value %s.", value); -+ else { -+ if(!u->pids) { -+ r = set_ensure_allocated(&u->pids, NULL); -+ if (r < 0) -+ return r; -+ } -+ r = set_put(u->pids, pid); -+ if (r < 0) -+ return r; -+ } - } else - log_unit_debug(u, "Unknown serialization key: %s", key); - --- -1.8.3.1 - diff --git a/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch b/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch deleted file mode 100644 index d29e083491253fe95c06e0b35e564736a1cff97b..0000000000000000000000000000000000000000 --- a/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 650352c713aeb3b47807c9699ceeb168f9f880b8 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Tue, 13 Mar 2018 20:51:37 +0800 -Subject: [PATCH] systemd-core: Do not finish job during daemon reloading in - unit_notify. - -1. During daemon reload, a service unit will restore its state from dead to its deserialized state, -and unit_notify will be triggered to notify the state change. -Since JobRemove signal will not be sent during daemon-reload(see details of job_uninstall), -if one job is finished in unit_notify due to the deserialization of a service, the corresponding -job observers(such as systemctl) will not receive any JobRemove signals will hang forever. -2. The above problem will cause a systemctl command to hang forever by using the following steps to reproduce. -a) Ensuere a service(named A)is in running state. -b) execute "systemctl daemon-reload" and "systemctl start A" concurrently -c) the systemctl command will hang for it is in waiting for the JobRemoved signal, but not signals will come from systemd. -3. This patch fix this bug by not finishing job in unit_notify when it is in daemon reload. ---- - src/core/unit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 9e5f1a8..2da6f61 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1831,7 +1831,8 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag - - unit_update_on_console(u); - -- if (u->job) { -+ if (u->job && -+ !(m->n_reloading > 0 && u->job->state != JOB_RUNNING && os == UNIT_INACTIVE)) { /*do not finish job during daemon-reload*/ - unexpected = false; - - if (u->job->state == JOB_WAITING) --- -1.8.3.1 - diff --git a/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch b/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch deleted file mode 100644 index 05c9cf46404880e744ba65f88e5b390019a95321..0000000000000000000000000000000000000000 --- a/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 07e13151c566588b5f679e2576d3dfc2125c6e7c Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Sun, 22 Apr 2018 18:49:19 +0800 -Subject: [PATCH] systemd-core: nop_job of a unit must also be coldpluged after - deserization. - -When a unit is not in-active, and systemctl try-restart is executed for this unit, -systemd will do nothing for it and just accept it as a nop_job for the unit. -When then nop-job is still in the running queue, then daemon-reload is performed, this nop job -will be dropped from the unit since it is not coldpluged in the unit_coldplug function. -After then, the systemctl try-restart command will hang forever since no JOB_DONE dbus signal will be sent -to it from systemd. -This patch fix this problem by do coldplug for the nop_job in unit_coldplug function. ---- - src/core/unit.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 2da6f61..a862b79 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3028,10 +3028,17 @@ int unit_coldplug(Unit *u) { - r = q; - } - -- if (u->job) { -- q = job_coldplug(u->job); -- if (q < 0 && r >= 0) -- r = q; -+ if (u->job || u->nop_job) { -+ if (u->job) { -+ q = job_coldplug(u->job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } -+ if (u->nop_job) { -+ q = job_coldplug(u->nop_job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } - } - - return r; --- -1.8.3.1 - diff --git a/CVE-2020-1712-1.patch b/CVE-2020-1712-1.patch deleted file mode 100644 index 59aa7b8c041857f8aafcd266b4286c8622fcf429..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-1.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 7f56982289275ce84e20f0554475864953e6aaab Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:52:10 +0100 -Subject: [PATCH 1610/1760] polkit: on async pk requests, re-validate - action/details - -When we do an async pk request, let's store which action/details we used -for the original request, and when we are called for the second time, -let's compare. If the action/details changed, let's not allow the access -to go through. - -https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab - ---- - src/shared/bus-util.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index ce4ece6..4bfdd3a 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -318,6 +318,9 @@ int bus_test_polkit( - #if ENABLE_POLKIT - - typedef struct AsyncPolkitQuery { -+ char *action; -+ char **details; -+ - sd_bus_message *request, *reply; - sd_bus_message_handler_t callback; - void *userdata; -@@ -338,6 +341,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { - sd_bus_message_unref(q->request); - sd_bus_message_unref(q->reply); - -+ free(q->action); -+ strv_free(q->details); -+ - free(q); - } - -@@ -402,11 +408,17 @@ int bus_verify_polkit_async( - if (q) { - int authorized, challenge; - -- /* This is the second invocation of this function, and -- * there's already a response from polkit, let's -- * process it */ -+ /* This is the second invocation of this function, and there's already a response from -+ * polkit, let's process it */ - assert(q->reply); - -+ /* If the operation we want to authenticate changed between the first and the second time, -+ * let's not use this authentication, it might be out of date as the object and context we -+ * operate on might have changed. */ -+ if (!streq(q->action, action) || -+ !strv_equal(q->details, (char**) details)) -+ return -ESTALE; -+ - if (sd_bus_message_is_method_error(q->reply, NULL)) { - const sd_bus_error *e; - -@@ -512,6 +524,18 @@ int bus_verify_polkit_async( - q->callback = callback; - q->userdata = userdata; - -+ q->action = strdup(action); -+ if (!q->action) { -+ async_polkit_query_free(q); -+ return -ENOMEM; -+ } -+ -+ q->details = strv_copy((char**) details); -+ if (!q->details) { -+ async_polkit_query_free(q); -+ return -ENOMEM; -+ } -+ - r = hashmap_put(*registry, call, q); - if (r < 0) { - async_polkit_query_free(q); --- -2.19.1 - diff --git a/CVE-2020-1712-2.patch b/CVE-2020-1712-2.patch deleted file mode 100644 index 502b86e2c57aa4b7d22d884a73b0e9bc3ea02009..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-2.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1068447e6954dc6ce52f099ed174c442cb89ed54 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 17:05:17 +0100 -Subject: [PATCH 1612/1760] sd-bus: introduce API for re-enqueuing incoming - messages - -When authorizing via PolicyKit we want to process incoming method calls -twice: once to process and figure out that we need PK authentication, -and a second time after we aquired PK authentication to actually execute -the operation. With this new call sd_bus_enqueue_for_read() we have a -way to put an incoming message back into the read queue for this -purpose. - -This might have other uses too, for example debugging. - -https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 - ---- - src/libsystemd/sd-bus/sd-bus.c | 25 +++++++++++++++++++++++++ - src/systemd/sd-bus.h | 1 + - 2 files changed, 26 insertions(+) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 615346d..05593d1 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -4198,3 +4198,28 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) { - - return bus->close_on_exit; - } -+ -+ -+_public_ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { -+ int r; -+ -+ assert_return(bus, -EINVAL); -+ assert_return(bus = bus_resolve(bus), -ENOPKG); -+ assert_return(m, -EINVAL); -+ assert_return(m->sealed, -EINVAL); -+ assert_return(!bus_pid_changed(bus), -ECHILD); -+ -+ if (!BUS_IS_OPEN(bus->state)) -+ return -ENOTCONN; -+ -+ /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, -+ * where we want accept a message, then determine we need to interactively authenticate the user, and -+ * when we have that process the message again. */ -+ -+ r = bus_rqueue_make_room(bus); -+ if (r < 0) -+ return r; -+ -+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus); -+ return 0; -+} -diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h -index 84ceb62..2e104f8 100644 ---- a/src/systemd/sd-bus.h -+++ b/src/systemd/sd-bus.h -@@ -201,6 +201,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r); - int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r); - int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec); - int sd_bus_flush(sd_bus *bus); -+int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m); - - sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus); - sd_bus_message* sd_bus_get_current_message(sd_bus *bus); --- -2.19.1 - diff --git a/CVE-2020-1712-3.patch b/CVE-2020-1712-3.patch deleted file mode 100644 index ecd5d4df817c47d81e43812738debae7e5bcc81b..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-3.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 95f82ae9d774f3508ce89dcbdd0714ef7385df59 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:44:43 +0100 -Subject: [PATCH] polkit: reuse some common bus message appending code - -https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 - ---- - src/shared/bus-util.c | 56 ++++++++++++++++++++++++------------------- - 1 file changed, 32 insertions(+), 24 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 4bfdd3a..04153d6 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -211,6 +211,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) { - return sender_uid == good_user; - } - -+#if ENABLE_POLKIT -+static int bus_message_append_strv_key_value( -+ sd_bus_message *m, -+ const char **l) { -+ -+ const char **k, **v; -+ int r; -+ -+ assert(m); -+ -+ r = sd_bus_message_open_container(m, 'a', "{ss}"); -+ if (r < 0) -+ return r; -+ -+ STRV_FOREACH_PAIR(k, v, l) { -+ r = sd_bus_message_append(m, "{ss}", *k, *v); -+ if (r < 0) -+ return r; -+ } -+ -+ r = sd_bus_message_close_container(m); -+ if (r < 0) -+ return r; -+ -+ return r; -+} -+#endif -+ - int bus_test_polkit( - sd_bus_message *call, - int capability, -@@ -241,7 +269,7 @@ int bus_test_polkit( - _cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - int authorized = false, challenge = false; -- const char *sender, **k, **v; -+ const char *sender; - - sender = sd_bus_message_get_sender(call); - if (!sender) -@@ -265,17 +293,7 @@ int bus_test_polkit( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(request, 'a', "{ss}"); -- if (r < 0) -- return r; -- -- STRV_FOREACH_PAIR(k, v, details) { -- r = sd_bus_message_append(request, "{ss}", *k, *v); -- if (r < 0) -- return r; -- } -- -- r = sd_bus_message_close_container(request); -+ r = bus_message_append_strv_key_value(request, details); - if (r < 0) - return r; - -@@ -388,7 +406,7 @@ int bus_verify_polkit_async( - #if ENABLE_POLKIT - _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - AsyncPolkitQuery *q; -- const char *sender, **k, **v; -+ const char *sender; - sd_bus_message_handler_t callback; - void *userdata; - int c; -@@ -498,17 +516,7 @@ int bus_verify_polkit_async( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(pk, 'a', "{ss}"); -- if (r < 0) -- return r; -- -- STRV_FOREACH_PAIR(k, v, details) { -- r = sd_bus_message_append(pk, "{ss}", *k, *v); -- if (r < 0) -- return r; -- } -- -- r = sd_bus_message_close_container(pk); -+ r = bus_message_append_strv_key_value(pk, details); - if (r < 0) - return r; - --- -2.19.1 - diff --git a/CVE-2020-1712-4.patch b/CVE-2020-1712-4.patch deleted file mode 100644 index 17ccb888caf9ddf79f003b9168d2c47b002d5f48..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-4.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f4425c72c7395ec93ae00052916a66e2f60f200b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 16:53:59 +0100 -Subject: [PATCH] polkit: use structured initialization - -https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b - ---- - src/shared/bus-util.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 04153d6..0690a82 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -524,13 +524,15 @@ int bus_verify_polkit_async( - if (r < 0) - return r; - -- q = new0(AsyncPolkitQuery, 1); -+ q = new(AsyncPolkitQuery, 1); - if (!q) - return -ENOMEM; - -- q->request = sd_bus_message_ref(call); -- q->callback = callback; -- q->userdata = userdata; -+ *q = (AsyncPolkitQuery) { -+ .request = sd_bus_message_ref(call), -+ .callback = callback, -+ .userdata = userdata, -+ }; - - q->action = strdup(action); - if (!q->action) { --- -2.19.1 - diff --git a/CVE-2020-1712-5.patch b/CVE-2020-1712-5.patch deleted file mode 100644 index 616f36eaf3d5b8f6278cfdb4ed7029627aae501c..0000000000000000000000000000000000000000 --- a/CVE-2020-1712-5.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 637486261528e8aa3da9f26a4487dc254f4b7abb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 22 Jan 2020 17:07:47 +0100 -Subject: [PATCH 1613/1760] polkit: when authorizing via PK let's re-resolve - callback/userdata instead of caching it - -Previously, when doing an async PK query we'd store the original -callback/userdata pair and call it again after the PK request is -complete. This is problematic, since PK queries might be slow and in the -meantime the userdata might be released and re-acquired. Let's avoid -this by always traversing through the message handlers so that we always -re-resolve the callback and userdata pair and thus can be sure it's -up-to-date and properly valid. - -https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb - ---- - src/shared/bus-util.c | 75 ++++++++++++++++++++++++++++--------------- - 1 file changed, 50 insertions(+), 25 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 0690a82..41288a7 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -340,14 +340,13 @@ typedef struct AsyncPolkitQuery { - char **details; - - sd_bus_message *request, *reply; -- sd_bus_message_handler_t callback; -- void *userdata; - sd_bus_slot *slot; -+ - Hashmap *registry; -+ sd_event_source *defer_event_source; - } AsyncPolkitQuery; - - static void async_polkit_query_free(AsyncPolkitQuery *q) { -- - if (!q) - return; - -@@ -362,9 +361,22 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { - free(q->action); - strv_free(q->details); - -+ sd_event_source_disable_unref(q->defer_event_source); - free(q); - } - -+static int async_polkit_defer(sd_event_source *s, void *userdata) { -+ AsyncPolkitQuery *q = userdata; -+ -+ assert(s); -+ -+ /* This is called as idle event source after we processed the async polkit reply, hopefully after the -+ * method call we re-enqueued has been properly processed. */ -+ -+ async_polkit_query_free(q); -+ return 0; -+} -+ - static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { - _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; - AsyncPolkitQuery *q = userdata; -@@ -373,19 +385,45 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e - assert(reply); - assert(q); - -+ assert(q->slot); - q->slot = sd_bus_slot_unref(q->slot); -+ -+ assert(!q->reply); - q->reply = sd_bus_message_ref(reply); - -+ /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the -+ * whole message processing again, and thus re-validating and re-retrieving the "userdata" field -+ * again. -+ * -+ * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, -+ * i.e. after the second time the message is processed is complete. */ -+ -+ assert(!q->defer_event_source); -+ r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); -+ if (r < 0) -+ goto fail; -+ -+ r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); -+ if (r < 0) -+ goto fail; -+ -+ r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); -+ if (r < 0) -+ goto fail; -+ - r = sd_bus_message_rewind(q->request, true); -- if (r < 0) { -- r = sd_bus_reply_method_errno(q->request, r, NULL); -- goto finish; -- } -+ if (r < 0) -+ goto fail; - -- r = q->callback(q->request, q->userdata, &error_buffer); -- r = bus_maybe_reply_error(q->request, r, &error_buffer); -+ r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request); -+ if (r < 0) -+ goto fail; -+ -+ return 1; - --finish: -+fail: -+ log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); -+ (void) sd_bus_reply_method_errno(q->request, r, NULL); - async_polkit_query_free(q); - - return r; -@@ -406,11 +444,9 @@ int bus_verify_polkit_async( - #if ENABLE_POLKIT - _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - AsyncPolkitQuery *q; -- const char *sender; -- sd_bus_message_handler_t callback; -- void *userdata; - int c; - #endif -+ const char *sender; - int r; - - assert(call); -@@ -474,20 +510,11 @@ int bus_verify_polkit_async( - else if (r > 0) - return 1; - --#if ENABLE_POLKIT -- if (sd_bus_get_current_message(call->bus) != call) -- return -EINVAL; -- -- callback = sd_bus_get_current_handler(call->bus); -- if (!callback) -- return -EINVAL; -- -- userdata = sd_bus_get_current_userdata(call->bus); -- - sender = sd_bus_message_get_sender(call); - if (!sender) - return -EBADMSG; - -+#if ENABLE_POLKIT - c = sd_bus_message_get_allow_interactive_authorization(call); - if (c < 0) - return c; -@@ -530,8 +557,6 @@ int bus_verify_polkit_async( - - *q = (AsyncPolkitQuery) { - .request = sd_bus_message_ref(call), -- .callback = callback, -- .userdata = userdata, - }; - - q->action = strdup(action); --- -2.19.1 - diff --git a/Don-t-set-AlternativeNamesPolicy-by-default.patch b/Don-t-set-AlternativeNamesPolicy-by-default.patch new file mode 100644 index 0000000000000000000000000000000000000000..24fe54bf52e8d9270cca011a234c54bc97d66289 --- /dev/null +++ b/Don-t-set-AlternativeNamesPolicy-by-default.patch @@ -0,0 +1,26 @@ +From 1e3f74b7ca5ead53c10e5b37cf8660651f32d181 Mon Sep 17 00:00:00 2001 +From: xujing +Date: Thu, 11 Aug 2022 19:53:35 +0800 +Subject: [PATCH] Don't set AlternativeNamesPolicy by default + +When a network adapter is renamed, the altname of the network adapter may be +set based on AlternativeNamesPolicy. As a result, the network adapter name +fails to be restored. For example, after enp4s0 is renamed tmp, udev sets the +altname of tmp to enp4s0. If you want to restore tmp to enp4s0, it will fail. +--- + network/99-default.link | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/network/99-default.link b/network/99-default.link +index 31aee37..db48c4d 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -12,5 +12,4 @@ OriginalName=* + + [Link] + NamePolicy=keep kernel database onboard slot path +-AlternativeNamesPolicy=database onboard slot path + MACAddressPolicy=none +-- +2.23.0 + diff --git a/Make-systemd-udevd.service-start-after-systemd-remou.patch b/Make-systemd-udevd.service-start-after-systemd-remou.patch index d4dd22d652b92b06f08098a7628c7bab9eacbc5f..18bdc3763dc18c5d98597fedf79e47f68a914036 100644 --- a/Make-systemd-udevd.service-start-after-systemd-remou.patch +++ b/Make-systemd-udevd.service-start-after-systemd-remou.patch @@ -2,17 +2,16 @@ From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001 From: openEuler Buildteam Date: Tue, 29 Jan 2019 22:54:34 -0500 Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service. - --- units/systemd-udevd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index 6a3814e..3b09923 100644 +index 9ada3a6a74..17f15bba83 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -11,7 +11,7 @@ - Description=udev Kernel Device Manager + Description=Rule-based Manager for Device Events and Files Documentation=man:systemd-udevd.service(8) man:udev(7) DefaultDependencies=no -After=systemd-sysusers.service systemd-hwdb-update.service @@ -21,5 +20,5 @@ index 6a3814e..3b09923 100644 ConditionPathIsReadWrite=/sys -- -1.8.3.1 +2.23.0 diff --git a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch new file mode 100644 index 0000000000000000000000000000000000000000..2d92a3ba0ba31509562f92cf25c3ce16a43ee6f9 --- /dev/null +++ b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch @@ -0,0 +1,87 @@ +From a3d2f4261ef9a953904e3e21abafba0dad7daa77 Mon Sep 17 00:00:00 2001 +From: gaoyi +Date: Mon, 28 Sep 2020 22:36:37 +0800 +Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal + +When processing uevent events fails, retry it. +--- + src/udev/udev-manager.c | 35 +++++++++++++++++++++++++++++++++-- + 1 file changed, 33 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udev-manager.c b/src/udev/udev-manager.c +index 8077e51..88023c7 100644 +--- a/src/udev/udev-manager.c ++++ b/src/udev/udev-manager.c +@@ -36,6 +36,7 @@ + #include "udev-worker.h" + + #define WORKER_NUM_MAX UINT64_C(2048) ++#define UEVENT_MAX_RETRY_TIMES 3 + + #define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) + #define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) +@@ -50,6 +51,7 @@ typedef struct Event { + Manager *manager; + Worker *worker; + EventState state; ++ int retry; + + sd_device *dev; + +@@ -89,6 +91,32 @@ typedef struct Worker { + Event *event; + } Worker; + ++static bool event_retry(Event *event) { ++ if (!event) ++ return false; ++ ++ assert(event->manager); ++ ++ if (--event->retry < 0) { ++ log_device_error(event->dev, "Retry failed."); ++ return false; ++ } ++ ++ log_device_info(event->dev, "Retry %d times.", UEVENT_MAX_RETRY_TIMES - event->retry); ++ ++ event->timeout_warning_event = sd_event_source_unref(event->timeout_warning_event); ++ event->timeout_event = sd_event_source_unref(event->timeout_event); ++ ++ if (event->worker) { ++ event->worker->event = NULL; ++ event->worker = NULL; ++ } ++ ++ event->state = EVENT_QUEUED; ++ ++ return true; ++} ++ + static Event *event_free(Event *event) { + if (!event) + return NULL; +@@ -735,6 +763,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + .devpath_old = devpath_old, + .devnode = devnode, + .state = EVENT_QUEUED, ++ .retry = UEVENT_MAX_RETRY_TIMES, + }; + + if (!manager->events) { +@@ -1126,8 +1155,10 @@ static int on_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) { + device_delete_db(dev); + device_tag_index(dev, NULL, false); + +- /* Forward kernel event to libudev listeners */ +- udev_broadcast_result(manager->monitor, dev, result); ++ if (event_retry(worker->event) == false) { ++ /* Forward kernel event to libudev listeners */ ++ udev_broadcast_result(manager->monitor, dev, result); ++ } + } + + worker_free(worker); +-- +2.33.0 + diff --git a/Systemd-Add-sw64-architecture.patch b/Systemd-Add-sw64-architecture.patch new file mode 100644 index 0000000000000000000000000000000000000000..2de212554efc6d5b22a29e995abac0c4769e6aa2 --- /dev/null +++ b/Systemd-Add-sw64-architecture.patch @@ -0,0 +1,864 @@ +From b9043cf1d074497cf77272dd9bf24c2098e56265 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 25 Oct 2022 15:26:32 +0800 +Subject: [PATCH] Systemd Add sw64 architecture + +Signed-off-by: rpm-build +--- + src/basic/architecture.c | 4 + + src/basic/architecture.h | 4 + + src/basic/meson.build | 1 + + src/basic/missing_fcntl.h | 2 + + src/basic/missing_syscall_def.h | 33 ++ + src/basic/missing_syscalls.py | 2 + + src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++ + 7 files changed, 646 insertions(+) + create mode 100644 src/basic/syscalls-sw_64.txt + +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 773ee3c..59a4e31 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -49,6 +49,9 @@ Architecture uname_architecture(void) { + #elif defined(__alpha__) + { "alpha" , ARCHITECTURE_ALPHA }, + ++#elif defined(__sw_64__) ++ { "sw_64" , ARCHITECTURE_SW_64 }, ++ + #elif defined(__arc__) + { "arc", ARCHITECTURE_ARC }, + { "arceb", ARCHITECTURE_ARC_BE }, +@@ -145,6 +148,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { + [ARCHITECTURE_ARM] = "arm", + [ARCHITECTURE_ARM_BE] = "arm-be", + [ARCHITECTURE_ALPHA] = "alpha", ++ [ARCHITECTURE_SW_64] = "sw_64", + [ARCHITECTURE_ARC] = "arc", + [ARCHITECTURE_ARC_BE] = "arc-be", + [ARCHITECTURE_CRIS] = "cris", +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 096526a..4c4be03 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -11,6 +11,7 @@ + + typedef enum { + ARCHITECTURE_ALPHA, ++ ARCHITECTURE_SW_64, + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, + ARCHITECTURE_ARM, +@@ -142,6 +143,9 @@ Architecture uname_architecture(void); + #elif defined(__alpha__) + # define native_architecture() ARCHITECTURE_ALPHA + # define LIB_ARCH_TUPLE "alpha-linux-gnu" ++#elif defined(__sw_64__) ++# define native_architecture() ARCHITECTURE_SW_64 ++# define LIB_ARCH_TUPLE "sw_64-linux-gnu" + #elif defined(__aarch64__) + # if __BYTE_ORDER == __BIG_ENDIAN + # define native_architecture() ARCHITECTURE_ARM64_BE +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 7aae031..f0a0282 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -177,6 +177,7 @@ basic_sources += generated_gperf_headers + + arch_list = [ + 'alpha', ++ 'sw_64', + 'arc', + 'arm', + 'arm64', +diff --git a/src/basic/missing_fcntl.h b/src/basic/missing_fcntl.h +index 00937d2..fff662b 100644 +--- a/src/basic/missing_fcntl.h ++++ b/src/basic/missing_fcntl.h +@@ -45,6 +45,8 @@ + #ifndef __O_TMPFILE + #if defined(__alpha__) + #define __O_TMPFILE 0100000000 ++#elif defined(__sw_64__) ++#define __O_TMPFILE 0100000000 + #elif defined(__parisc__) || defined(__hppa__) + #define __O_TMPFILE 0400000000 + #elif defined(__sparc__) || defined(__sparc64__) +diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h +index 402fdd0..9680923 100644 +--- a/src/basic/missing_syscall_def.h ++++ b/src/basic/missing_syscall_def.h +@@ -10,6 +10,7 @@ + * template as the per-syscall blocks below. */ + # if defined(__aarch64__) + # elif defined(__alpha__) ++# elif defined(__sw_64__) + # elif defined(__arc__) || defined(__tilegx__) + # elif defined(__arm__) + # elif defined(__i386__) +@@ -47,6 +48,8 @@ + # define systemd_NR_bpf 280 + # elif defined(__alpha__) + # define systemd_NR_bpf 515 ++# elif defined(__sw_64__) ++# define systemd_NR_bpf 170 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_bpf 280 + # elif defined(__arm__) +@@ -115,6 +118,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); + # define systemd_NR_close_range 436 + # elif defined(__alpha__) + # define systemd_NR_close_range 546 ++# elif defined(__sw_64__) ++# define systemd_NR_close_range 283 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_close_range 436 + # elif defined(__arm__) +@@ -183,6 +188,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); + # define systemd_NR_copy_file_range 285 + # elif defined(__alpha__) + # define systemd_NR_copy_file_range 519 ++# elif defined(__sw_64__) ++# define systemd_NR_copy_file_range 515 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_copy_file_range 285 + # elif defined(__arm__) +@@ -251,6 +258,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); + # define systemd_NR_getrandom 278 + # elif defined(__alpha__) + # define systemd_NR_getrandom 511 ++# elif defined(__sw_64__) ++# define systemd_NR_getrandom 511 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_getrandom 278 + # elif defined(__arm__) +@@ -319,6 +328,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); + # define systemd_NR_memfd_create 279 + # elif defined(__alpha__) + # define systemd_NR_memfd_create 512 ++# elif defined(__sw_64__) ++# define systemd_NR_memfd_create 512 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_memfd_create 279 + # elif defined(__arm__) +@@ -387,6 +398,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); + # define systemd_NR_mount_setattr 442 + # elif defined(__alpha__) + # define systemd_NR_mount_setattr 552 ++# elif defined(__sw_64__) ++# define systemd_NR_mount_setattr 552 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_mount_setattr 442 + # elif defined(__arm__) +@@ -455,6 +468,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); + # define systemd_NR_move_mount 429 + # elif defined(__alpha__) + # define systemd_NR_move_mount 539 ++# elif defined(__sw_64__) ++# define systemd_NR_move_mount 276 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_move_mount 429 + # elif defined(__arm__) +@@ -523,6 +538,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); + # define systemd_NR_name_to_handle_at 264 + # elif defined(__alpha__) + # define systemd_NR_name_to_handle_at 497 ++# elif defined(__sw_64__) ++# define systemd_NR_name_to_handle_at 497 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_name_to_handle_at 264 + # elif defined(__arm__) +@@ -591,6 +608,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); + # define systemd_NR_open_tree 428 + # elif defined(__alpha__) + # define systemd_NR_open_tree 538 ++# elif defined(__sw_64__) ++# define systemd_NR_open_tree 275 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_open_tree 428 + # elif defined(__arm__) +@@ -659,6 +678,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); + # define systemd_NR_openat2 437 + # elif defined(__alpha__) + # define systemd_NR_openat2 547 ++# elif defined(__sw_64__) ++# define systemd_NR_openat2 284 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_openat2 437 + # elif defined(__arm__) +@@ -727,6 +748,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); + # define systemd_NR_pidfd_open 434 + # elif defined(__alpha__) + # define systemd_NR_pidfd_open 544 ++# elif defined(__sw_64__) ++# define systemd_NR_pidfd_open 281 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pidfd_open 434 + # elif defined(__arm__) +@@ -795,6 +818,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); + # define systemd_NR_pidfd_send_signal 424 + # elif defined(__alpha__) + # define systemd_NR_pidfd_send_signal 534 ++# elif defined(__sw_64__) ++# define systemd_NR_pidfd_send_signal 271 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pidfd_send_signal 424 + # elif defined(__arm__) +@@ -863,6 +888,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); + # define systemd_NR_pkey_mprotect 288 + # elif defined(__alpha__) + # define systemd_NR_pkey_mprotect 524 ++# elif defined(__sw_64__) ++# define systemd_NR_pkey_mprotect 288 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_pkey_mprotect 288 + # elif defined(__arm__) +@@ -931,6 +958,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); + # define systemd_NR_renameat2 276 + # elif defined(__alpha__) + # define systemd_NR_renameat2 510 ++# elif defined(__sw_64__) ++# define systemd_NR_renameat2 510 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_renameat2 276 + # elif defined(__arm__) +@@ -999,6 +1028,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); + # define systemd_NR_setns 268 + # elif defined(__alpha__) + # define systemd_NR_setns 501 ++# elif defined(__sw_64__) ++# define systemd_NR_setns 501 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_setns 268 + # elif defined(__arm__) +@@ -1067,6 +1098,8 @@ assert_cc(__NR_setns == systemd_NR_setns); + # define systemd_NR_statx 291 + # elif defined(__alpha__) + # define systemd_NR_statx 522 ++# elif defined(__sw_64__) ++# define systemd_NR_statx 518 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_statx 291 + # elif defined(__arm__) +diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py +index 5ccf02a..a7bfe7e 100644 +--- a/src/basic/missing_syscalls.py ++++ b/src/basic/missing_syscalls.py +@@ -51,6 +51,8 @@ DEF_TEMPLATE_B = '''\ + # define systemd_NR_{syscall} {nr_arm64} + # elif defined(__alpha__) + # define systemd_NR_{syscall} {nr_alpha} ++# elif defined(__sw_64__) ++# define systemd_NR_{syscall} {nr_sw_64} + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_{syscall} {nr_arc} + # elif defined(__arm__) +diff --git a/src/basic/syscalls-sw_64.txt b/src/basic/syscalls-sw_64.txt +new file mode 100644 +index 0000000..5aef86b +--- /dev/null ++++ b/src/basic/syscalls-sw_64.txt +@@ -0,0 +1,600 @@ ++_llseek ++_newselect ++_sysctl 319 ++accept 99 ++accept4 502 ++access 33 ++acct 51 ++add_key 439 ++adjtimex 366 ++alarm ++arc_gettls ++arc_settls ++arc_usr_cmpxchg ++arch_prctl ++arm_fadvise64_64 ++atomic_barrier ++atomic_cmpxchg_32 ++bdflush 300 ++bind 104 ++bpf 515 ++brk 17 ++cachectl ++cacheflush ++capget 368 ++capset 369 ++chdir 12 ++chmod 15 ++chown 16 ++chown32 ++chroot 61 ++clock_adjtime 499 ++clock_adjtime64 ++clock_getres 421 ++clock_getres_time64 ++clock_gettime 420 ++clock_gettime64 ++clock_nanosleep 422 ++clock_nanosleep_time64 ++clock_settime 419 ++clock_settime64 ++clone 312 ++clone2 ++clone3 ++close 6 ++close_range 546 ++connect 98 ++copy_file_range 519 ++creat ++create_module 306 ++delete_module 308 ++dipc 373 ++dup 41 ++dup2 90 ++dup3 487 ++epoll_create 407 ++epoll_create1 486 ++epoll_ctl 408 ++epoll_ctl_old ++epoll_pwait 474 ++epoll_pwait2 551 ++epoll_wait 409 ++epoll_wait_old ++eventfd 478 ++eventfd2 485 ++exec_with_loader 25 ++execv ++execve 59 ++execveat 513 ++exit 1 ++exit_group 405 ++faccessat 462 ++faccessat2 549 ++fadvise64 413 ++fadvise64_64 ++fallocate 480 ++fanotify_init 494 ++fanotify_mark 495 ++fchdir 13 ++fchmod 124 ++fchmodat 461 ++fchown 123 ++fchown32 ++fchownat 453 ++fcntl 92 ++fcntl64 ++fdatasync 447 ++fgetxattr 387 ++finit_module 507 ++flistxattr 390 ++flock 131 ++fork 2 ++fp_udfiex_crtl ++fremovexattr 393 ++fsconfig 541 ++fsetxattr 384 ++fsmount 542 ++fsopen 540 ++fspick 543 ++fstat 91 ++fstat64 427 ++fstatat64 455 ++fstatfs 329 ++fstatfs64 529 ++fsync 95 ++ftruncate 130 ++ftruncate64 ++futex 394 ++futex_time64 ++futex_waitv 559 ++futimesat 454 ++get_kernel_syms 309 ++get_mempolicy 430 ++get_robust_list 467 ++get_thread_area ++getcpu 473 ++getcwd 367 ++getdents 305 ++getdents64 377 ++getdomainname ++getdtablesize 89 ++getegid 530 ++getegid32 ++geteuid 531 ++geteuid32 ++getgid 47 ++getgid32 ++getgroups 79 ++getgroups32 ++gethostname 87 ++getitimer 361 ++getpagesize 64 ++getpeername 141 ++getpgid 233 ++getpgrp 63 ++getpid 20 ++getpmsg ++getppid 532 ++getpriority 100 ++getrandom 511 ++getresgid 372 ++getresgid32 ++getresuid 344 ++getresuid32 ++getrlimit 144 ++getrusage 364 ++getsid 234 ++getsockname 150 ++getsockopt 118 ++gettid 378 ++gettimeofday 359 ++getuid 24 ++getuid32 ++getunwind ++getxattr 385 ++getxgid 47 ++getxpid 20 ++getxuid 24 ++idle ++init_module 307 ++inotify_add_watch 445 ++inotify_init 444 ++inotify_init1 489 ++inotify_rm_watch 446 ++io_cancel 402 ++io_destroy 399 ++io_getevents 400 ++io_pgetevents 523 ++io_pgetevents_time64 ++io_setup 398 ++io_submit 401 ++io_uring_enter 536 ++io_uring_register 537 ++io_uring_setup 535 ++ioctl 54 ++ioperm ++iopl ++ioprio_get 443 ++ioprio_set 442 ++ipc ++kcmp 506 ++kern_features ++kexec_file_load ++kexec_load 448 ++keyctl 441 ++kill 37 ++landlock_add_rule 555 ++landlock_create_ruleset 554 ++landlock_restrict_self 556 ++lchown 208 ++lchown32 ++lgetxattr 386 ++link 9 ++linkat 458 ++listen 106 ++listxattr 388 ++llistxattr 389 ++lookup_dcookie 406 ++lremovexattr 392 ++lseek 19 ++lsetxattr 383 ++lstat 68 ++lstat64 426 ++madvise 75 ++mbind 429 ++membarrier 517 ++memfd_create 512 ++memfd_secret ++memory_ordering ++migrate_pages 449 ++mincore 375 ++mkdir 136 ++mkdirat 451 ++mknod 14 ++mknodat 452 ++mlock 314 ++mlock2 518 ++mlockall 316 ++mmap 71 ++mmap2 ++modify_ldt ++mount 302 ++mount_setattr 552 ++move_mount 539 ++move_pages 472 ++mprotect 74 ++mq_getsetattr 437 ++mq_notify 436 ++mq_open 432 ++mq_timedreceive 435 ++mq_timedreceive_time64 ++mq_timedsend 434 ++mq_timedsend_time64 ++mq_unlink 433 ++mremap 341 ++msgctl 200 ++msgget 201 ++msgrcv 202 ++msgsnd 203 ++msync 217 ++multiplexer ++munlock 315 ++munlockall 317 ++munmap 73 ++name_to_handle_at 497 ++nanosleep 340 ++newfstatat ++nfsservctl 342 ++nice ++old_adjtimex 303 ++old_getpagesize ++oldfstat ++oldlstat ++oldolduname ++oldstat ++oldumount 321 ++olduname ++open 45 ++open_by_handle_at 498 ++open_tree 538 ++openat 450 ++openat2 547 ++or1k_atomic ++osf_adjtime 140 ++osf_afs_syscall 258 ++osf_alt_plock 181 ++osf_alt_setsid 188 ++osf_alt_sigpending 187 ++osf_asynch_daemon 163 ++osf_audcntl 252 ++osf_audgen 253 ++osf_chflags 34 ++osf_execve 11 ++osf_exportfs 169 ++osf_fchflags 35 ++osf_fdatasync 261 ++osf_fpathconf 248 ++osf_fstat 226 ++osf_fstatfs 161 ++osf_fstatfs64 228 ++osf_fuser 243 ++osf_getaddressconf 214 ++osf_getdirentries 159 ++osf_getdomainname 165 ++osf_getfh 164 ++osf_getfsstat 18 ++osf_gethostid 142 ++osf_getitimer 86 ++osf_getlogin 49 ++osf_getmnt 184 ++osf_getrusage 117 ++osf_getsysinfo 256 ++osf_gettimeofday 116 ++osf_kloadcall 223 ++osf_kmodcall 77 ++osf_lstat 225 ++osf_memcntl 260 ++osf_mincore 78 ++osf_mount 21 ++osf_mremap 65 ++osf_msfs_syscall 240 ++osf_msleep 215 ++osf_mvalid 213 ++osf_mwakeup 216 ++osf_naccept 30 ++osf_nfssvc 158 ++osf_ngetpeername 31 ++osf_ngetsockname 32 ++osf_nrecvfrom 29 ++osf_nrecvmsg 27 ++osf_nsendmsg 28 ++osf_ntp_adjtime 245 ++osf_ntp_gettime 246 ++osf_old_creat 8 ++osf_old_fstat 62 ++osf_old_getpgrp 81 ++osf_old_killpg 146 ++osf_old_lstat 40 ++osf_old_open 5 ++osf_old_sigaction 46 ++osf_old_sigblock 109 ++osf_old_sigreturn 139 ++osf_old_sigsetmask 110 ++osf_old_sigvec 108 ++osf_old_stat 38 ++osf_old_vadvise 72 ++osf_old_vtrace 115 ++osf_old_wait 84 ++osf_oldquota 149 ++osf_pathconf 247 ++osf_pid_block 153 ++osf_pid_unblock 154 ++osf_plock 107 ++osf_priocntlset 237 ++osf_profil 44 ++osf_proplist_syscall 244 ++osf_reboot 55 ++osf_revoke 56 ++osf_sbrk 69 ++osf_security 222 ++osf_select 93 ++osf_set_program_attributes 43 ++osf_set_speculative 239 ++osf_sethostid 143 ++osf_setitimer 83 ++osf_setlogin 50 ++osf_setsysinfo 257 ++osf_settimeofday 122 ++osf_shmat 209 ++osf_signal 218 ++osf_sigprocmask 48 ++osf_sigsendset 238 ++osf_sigstack 112 ++osf_sigwaitprim 157 ++osf_sstk 70 ++osf_stat 224 ++osf_statfs 160 ++osf_statfs64 227 ++osf_subsys_info 255 ++osf_swapctl 259 ++osf_swapon 199 ++osf_syscall 0 ++osf_sysinfo 241 ++osf_table 85 ++osf_uadmin 242 ++osf_usleep_thread 251 ++osf_uswitch 250 ++osf_utc_adjtime 220 ++osf_utc_gettime 219 ++osf_utimes 138 ++osf_utsname 207 ++osf_wait4 7 ++osf_waitid 236 ++pause ++pciconfig_iobase 376 ++pciconfig_read 345 ++pciconfig_write 346 ++perf_event_open 493 ++perfctr ++personality 324 ++pidfd_getfd 548 ++pidfd_open 544 ++pidfd_send_signal 534 ++pipe 42 ++pipe2 488 ++pivot_root 374 ++pkey_alloc 525 ++pkey_free 526 ++pkey_mprotect 524 ++poll 94 ++ppoll 464 ++ppoll_time64 ++prctl 348 ++pread64 349 ++preadv 490 ++preadv2 520 ++prlimit64 496 ++process_madvise 550 ++process_mrelease 558 ++process_vm_readv 504 ++process_vm_writev 505 ++pselect6 463 ++pselect6_time64 ++ptrace 26 ++pwrite64 350 ++pwritev 491 ++pwritev2 521 ++query_module 347 ++quotactl 148 ++quotactl_fd 553 ++read 3 ++readahead 379 ++readdir ++readlink 58 ++readlinkat 460 ++readv 120 ++reboot 311 ++recv 102 ++recvfrom 125 ++recvmmsg 479 ++recvmmsg_time64 ++recvmsg 113 ++remap_file_pages 410 ++removexattr 391 ++rename 128 ++renameat 457 ++renameat2 510 ++request_key 440 ++restart_syscall 412 ++riscv_flush_icache ++rmdir 137 ++rseq 527 ++rt_sigaction 352 ++rt_sigpending 354 ++rt_sigprocmask 353 ++rt_sigqueueinfo 356 ++rt_sigreturn 351 ++rt_sigsuspend 357 ++rt_sigtimedwait 355 ++rt_sigtimedwait_time64 ++rt_tgsigqueueinfo 492 ++rtas ++s390_guarded_storage ++s390_pci_mmio_read ++s390_pci_mmio_write ++s390_runtime_instr ++s390_sthyi ++sched_get_affinity ++sched_get_priority_max 335 ++sched_get_priority_min 336 ++sched_getaffinity 396 ++sched_getattr 509 ++sched_getparam 331 ++sched_getscheduler 333 ++sched_rr_get_interval 337 ++sched_rr_get_interval_time64 ++sched_set_affinity ++sched_setaffinity 395 ++sched_setattr 508 ++sched_setparam 330 ++sched_setscheduler 332 ++sched_yield 334 ++seccomp 514 ++select 358 ++semctl 204 ++semget 205 ++semop 206 ++semtimedop 423 ++semtimedop_time64 ++send 101 ++sendfile 370 ++sendfile64 ++sendmmsg 503 ++sendmsg 114 ++sendto 133 ++set_mempolicy 431 ++set_robust_list 466 ++set_thread_area ++set_tid_address 411 ++setdomainname 166 ++setfsgid 326 ++setfsgid32 ++setfsuid 325 ++setfsuid32 ++setgid 132 ++setgid32 ++setgroups 80 ++setgroups32 ++sethae 301 ++sethostname 88 ++setitimer 362 ++setns 501 ++setpgid 39 ++setpgrp 82 ++setpriority 96 ++setregid 127 ++setregid32 ++setresgid 371 ++setresgid32 ++setresuid 343 ++setresuid32 ++setreuid 126 ++setreuid32 ++setrlimit 145 ++setsid 147 ++setsockopt 105 ++settimeofday 360 ++setuid 23 ++setuid32 ++setxattr 382 ++sgetmask ++shmat 209 ++shmctl 210 ++shmdt 211 ++shmget 212 ++shutdown 134 ++sigaction 156 ++sigaltstack 235 ++signal ++signalfd 476 ++signalfd4 484 ++sigpending 52 ++sigprocmask ++sigreturn 103 ++sigsuspend 111 ++socket 97 ++socketcall ++socketpair 135 ++splice 468 ++spu_create ++spu_run ++ssetmask ++stat 67 ++stat64 425 ++statfs 328 ++statfs64 528 ++statx 522 ++stime ++subpage_prot ++swapcontext ++swapoff 304 ++swapon 322 ++switch_endian ++symlink 57 ++symlinkat 459 ++sync 36 ++sync_file_range 469 ++sync_file_range2 ++syncfs 500 ++sys_debug_setcontext ++syscall ++sysfs 254 ++sysinfo 318 ++syslog 310 ++sysmips ++tee 470 ++tgkill 424 ++time ++timer_create 414 ++timer_delete 418 ++timer_getoverrun 417 ++timer_gettime 416 ++timer_gettime64 ++timer_settime 415 ++timer_settime64 ++timerfd 477 ++timerfd_create 481 ++timerfd_gettime 483 ++timerfd_gettime64 ++timerfd_settime 482 ++timerfd_settime64 ++times 323 ++tkill 381 ++truncate 129 ++truncate64 ++ugetrlimit ++umask 60 ++umount 22 ++umount2 22 ++uname 339 ++unlink 10 ++unlinkat 456 ++unshare 465 ++uselib 313 ++userfaultfd 516 ++ustat 327 ++utime ++utimensat 475 ++utimensat_time64 ++utimes 363 ++utrap_install ++vfork 66 ++vhangup 76 ++vm86 ++vm86old ++vmsplice 471 ++wait4 365 ++waitid 438 ++waitpid ++write 4 ++writev 121 +-- +2.33.0 + diff --git a/1602-activation-service-must-be-restarted-when-reactivated.patch b/activation-service-must-be-restarted-when-reactivated.patch similarity index 98% rename from 1602-activation-service-must-be-restarted-when-reactivated.patch rename to activation-service-must-be-restarted-when-reactivated.patch index a71eaa857c33af7dab199596c44a4fe2d848992f..b6ef28d926c8625b8d92685863a74800dc95ca07 100644 --- a/1602-activation-service-must-be-restarted-when-reactivated.patch +++ b/activation-service-must-be-restarted-when-reactivated.patch @@ -24,7 +24,7 @@ index 29524d4..38940ef 100644 + Service *s = NULL; assert(message); - assert(m); + @@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd goto failed; } diff --git a/add-a-new-switch-to-control-whether-udev-complies-wi.patch b/add-a-new-switch-to-control-whether-udev-complies-wi.patch new file mode 100644 index 0000000000000000000000000000000000000000..d2b52d618b37291bb1ffd905814ed2503c952feb --- /dev/null +++ b/add-a-new-switch-to-control-whether-udev-complies-wi.patch @@ -0,0 +1,120 @@ +From 18c373e2686a9156a701ad440507172ec8bb13a3 Mon Sep 17 00:00:00 2001 +From: wangyuhang +Date: Fri, 7 Jul 2023 16:11:01 +0800 +Subject: [PATCH] Add a new switch to control whether udev complies with the + new SAT standards + +Reason: Original revisions of the SAT (SCSI-ATA Translation) specification, + udev will identify devices starting with 70 and ending with 00 1d as ATA devices, + rather than scsi devices, which may have a change in wwn id and affect user usage. + So Add a new switch to control whether udev complies with the new SAT standards + +--- + src/shared/udev-util.c | 17 ++++++++++++++++- + src/shared/udev-util.h | 1 + + src/udev/ata_id/ata_id.c | 18 ++++++++++++++++-- + 3 files changed, 33 insertions(+), 3 deletions(-) + +diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c +index cf28ba8..18f03db 100644 +--- a/src/shared/udev-util.c ++++ b/src/shared/udev-util.c +@@ -45,11 +45,17 @@ int udev_set_max_log_level(char *str) { + } + + int udev_parse_config(void) { ++ return udev_parse_config_full(NULL); ++} ++ ++int udev_parse_config_full(bool *ret_ignore_newer_SAT) { + _cleanup_free_ char *log_val = NULL; ++ _cleanup_free_ char *ignore_newer_SAT = NULL; + int r; + + r = parse_env_file(NULL, "/etc/udev/udev.conf", +- "udev_log", &log_val); ++ "udev_log", &log_val, ++ "ignore_newer_SAT", &ignore_newer_SAT); + if (r == -ENOENT) + return 0; + if (r < 0) +@@ -60,6 +66,15 @@ int udev_parse_config(void) { + log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r, + "Failed to set udev log level '%s', ignoring: %m", log_val); + ++ if (ret_ignore_newer_SAT && ignore_newer_SAT) { ++ r = parse_boolean(ignore_newer_SAT); ++ if (r < 0) ++ log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r, ++ "failed to parse ignore_newer_SAT=%s, ignoring.", ignore_newer_SAT); ++ else ++ *ret_ignore_newer_SAT = r; ++ } ++ + return 0; + } + +diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h +index 651d335..ee1dbe5 100644 +--- a/src/shared/udev-util.h ++++ b/src/shared/udev-util.h +@@ -8,6 +8,7 @@ + + int udev_set_max_log_level(char *str); + int udev_parse_config(void); ++int udev_parse_config_full(bool *ret_ignore_newer_SAT); + + int device_wait_for_initialization(sd_device *device, const char *subsystem, usec_t timeout_usec, sd_device **ret); + int device_wait_for_devlink(const char *path, const char *subsystem, usec_t timeout_usec, sd_device **ret); +diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c +index 0b1f0b7..92f87d9 100644 +--- a/src/udev/ata_id/ata_id.c ++++ b/src/udev/ata_id/ata_id.c +@@ -31,9 +31,13 @@ + #include "memory-util.h" + #include "udev-util.h" + #include "unaligned.h" ++#include "proc-cmdline.h" ++#include "string-util.h" + + #define COMMAND_TIMEOUT_MSEC (30 * 1000) + ++static bool arg_ignore_newer_SAT = false; ++ + static bool arg_export = false; + static const char *arg_device = NULL; + +@@ -159,7 +163,7 @@ static int disk_identify_command( + return log_debug_errno(errno, "ioctl v3 failed: %m"); + } else { + if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) && +- !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) ++ (arg_ignore_newer_SAT || !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d))) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "ioctl v4 failed: %m"); + } + +@@ -410,10 +414,20 @@ static int run(int argc, char *argv[]) { + int r; + + log_set_target(LOG_TARGET_AUTO); +- udev_parse_config(); ++ udev_parse_config_full(&arg_ignore_newer_SAT); + log_parse_environment(); + log_open(); + ++ /* When either ignore_newer_SAT in udev.conf or udev.ignore_newer_SAT in the kernel command line is true, ++ * set arg_ignore_newer_SAT to true and ignoring the new SAT standard ++ */ ++ if (!arg_ignore_newer_SAT) { ++ r = proc_cmdline_get_bool("udev.ignore_newer_SAT", /* flags = */ 0, &arg_ignore_newer_SAT); ++ if (r < 0) { ++ log_warning_errno(r, "Failed to parse udev.ignore_newer_SAT kernel command line argument, ignoring: %m"); ++ } ++ } ++ + r = parse_argv(argc, argv); + if (r <= 0) + return r; +-- +2.33.0 + diff --git a/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch similarity index 38% rename from Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch rename to backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch index 63d6d3d35ff48f26a631deb7474e97c610ab5f3a..f4259c98c2c947e578cef040d7bdde6639f1e4ea 100644 --- a/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ b/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -4,40 +4,33 @@ Date: Tue, 15 May 2018 09:24:20 +0200 Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will +Conflict:adapt context; modify unit_add_dependency_by_name para because of +35d8c19ace6; don't modify because we need tmp.mount to be started when +basic.target is started. +Reference:https://git.centos.org/rpms/systemd/blob/4b8c80a811af8258c136f5e7000fc0cd0adf8dc5/f/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch + Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds an After relationship. Resolves: #1578772 --- - src/core/unit.c | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/unit.c b/src/core/unit.c -index 10e314f..bb4836a 100644 +index fd84818..e30c14b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -1036,13 +1036,14 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { - return 0; - - if (c->private_tmp) { -- const char *p; - -- FOREACH_STRING(p, "/tmp", "/var/tmp") { -- r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return r; -- } +@@ -1271,7 +1271,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { + * tmp.mount so /tmp being masked is supported. However there's no reason to treat + * /tmp specifically and masking other mount units should be handled more + * gracefully too, see PR#16894. */ +- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); + r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return r; -+ -+ r = unit_require_mounts_for(u, "/var/tmp", UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return r; - - r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE); if (r < 0) + return r; + -- -2.19.1 +2.23.0 diff --git a/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch b/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch similarity index 51% rename from Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch rename to backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch index 75b0f1b5341dd2899b0cee4f5678d35318826ac0..143d74220d4553a78677af90bdde963f5af3fcb3 100644 --- a/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +++ b/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch @@ -4,26 +4,32 @@ Date: Fri, 8 Feb 2019 10:54:34 +0100 Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2" +Conflict:according def94437934 and 5d4fc0e665a, modify default.rp_filter +and *.rp_filter +Reference:https://github.com/systemd/systemd/commit/230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e + This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1. Resolves: #1653824 --- - sysctl.d/50-default.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + sysctl.d/50-default.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf -index b0645f3..e263cf0 100644 +index 1b76b9d..2717a4d 100644 --- a/sysctl.d/50-default.conf +++ b/sysctl.d/50-default.conf -@@ -22,7 +22,7 @@ kernel.sysrq = 16 +@@ -26,8 +26,8 @@ kernel.core_uses_pid = 1 kernel.core_uses_pid = 1 # Source route verification --net.ipv4.conf.all.rp_filter = 2 -+net.ipv4.conf.all.rp_filter = 1 +-net.ipv4.conf.default.rp_filter = 2 +-net.ipv4.conf.*.rp_filter = 2 ++net.ipv4.conf.default.rp_filter = 1 ++net.ipv4.conf.*.rp_filter = 1 + -net.ipv4.conf.all.rp_filter # Do not accept source routing - net.ipv4.conf.all.accept_source_route = 0 -- -1.8.3.1 +2.23.0 diff --git a/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch b/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d0d493a5ce00f3b284a53c40a043d41d03bb5c9 --- /dev/null +++ b/backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch @@ -0,0 +1,65 @@ +From cba1060f8854fd9a11dac8e2b02126d2f3bb14ba Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 19 Feb 2024 13:04:28 +0900 +Subject: [PATCH] core/exec: do not crash with UtmpMode=user without User= + setting + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2264404. + +Replaces #31356. + +(cherry picked from commit d42b81f93f81e45f7a4053c6522ec3a2145ff136) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/cba1060f8854fd9a11dac8e2b02126d2f3bb14ba + +--- + src/core/exec-invoke.c | 12 +++++++++++- + src/shared/utmp-wtmp.c | 1 + + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c +index 70d963e269..9927e5d1e7 100644 +--- a/src/core/exec-invoke.c ++++ b/src/core/exec-invoke.c +@@ -4340,6 +4340,16 @@ int exec_invoke( + + #if ENABLE_UTMP + if (context->utmp_id) { ++ _cleanup_free_ char *username_alloc = NULL; ++ ++ if (!username && context->utmp_mode == EXEC_UTMP_USER) { ++ username_alloc = uid_to_name(uid_is_valid(uid) ? uid : saved_uid); ++ if (!username_alloc) { ++ *exit_status = EXIT_USER; ++ return log_oom(); ++ } ++ } ++ + const char *line = context->tty_path ? + (path_startswith(context->tty_path, "/dev/") ?: context->tty_path) : + NULL; +@@ -4348,7 +4358,7 @@ int exec_invoke( + context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : + context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : + USER_PROCESS, +- username); ++ username ?: username_alloc); + } + #endif + +diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c +index 6c3238a9c6..267b350276 100644 +--- a/src/shared/utmp-wtmp.c ++++ b/src/shared/utmp-wtmp.c +@@ -179,6 +179,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line + int r; + + assert(id); ++ assert(ut_type != USER_PROCESS || user); + + init_timestamp(&store, 0); + +-- +2.33.0 + diff --git a/backport-fix-typo-myself.patch b/backport-fix-typo-myself.patch new file mode 100644 index 0000000000000000000000000000000000000000..febfe316d17b68bd884c864187458815edb8e418 --- /dev/null +++ b/backport-fix-typo-myself.patch @@ -0,0 +1,23 @@ +From 693a28d7482355906501a910ae48b32979e46d8f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 8 Apr 2024 09:12:06 +0900 +Subject: [PATCH] nspawn: fix typo + +Follow-up for 0af7e294343b29d769c1bae6a8d390236560ec1a. +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 7edb45dd172cf..f4da91797e363 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -5095,7 +5095,7 @@ static int run_container( + if (arg_privileged) { + assert(userns_fd < 0); + +- /* If we have no user namespace then we'll clone and create a new mount namepsace right-away. */ ++ /* If we have no user namespace then we'll clone and create a new mount namespace right-away. */ + + *pid = raw_clone(SIGCHLD|CLONE_NEWNS); + if (*pid < 0) diff --git a/backport-resolved-limit-the-number-of-signature-validations-i.patch b/backport-resolved-limit-the-number-of-signature-validations-i.patch new file mode 100644 index 0000000000000000000000000000000000000000..58a71cf73b6283ae349e0dd4dacd40f5e2acc59a --- /dev/null +++ b/backport-resolved-limit-the-number-of-signature-validations-i.patch @@ -0,0 +1,189 @@ +From 1ebdb19ff194120109b08bbf888bdcc502f83211 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott +Date: Sat, 24 Feb 2024 18:21:24 -0700 +Subject: [PATCH] resolved: limit the number of signature validations in a + transaction + +It has been demonstrated that tolerating an unbounded number of dnssec +signature validations is a bad idea. It is easy for a maliciously +crafted DNS reply to contain as many keytag collisions as desired, +causing us to iterate every dnskey and signature combination in vain. + +The solution is to impose a maximum number of validations we will +tolerate. While collisions are not hard to craft, I still expect they +are unlikely in the wild so it should be safe to pick fairly small +values. + +Here two limits are imposed: one on the maximum number of invalid +signatures encountered per rrset, and another on the total number of +validations performed per transaction. + +(cherry picked from commit 67d0ce8843d612a2245d0966197d4f528b911b66) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1ebdb19ff194120109b08bbf888bdcc502f83211 + +--- + src/resolve/resolved-dns-dnssec.c | 16 ++++++++++++++-- + src/resolve/resolved-dns-dnssec.h | 9 ++++++++- + src/resolve/resolved-dns-transaction.c | 19 ++++++++++++++++--- + 3 files changed, 38 insertions(+), 6 deletions(-) + +diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c +index 2580c2333c..aa87820dca 100644 +--- a/src/resolve/resolved-dns-dnssec.c ++++ b/src/resolve/resolved-dns-dnssec.c +@@ -1169,6 +1169,7 @@ int dnssec_verify_rrset_search( + DnsResourceRecord **ret_rrsig) { + + bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false; ++ unsigned nvalidations = 0; + DnsResourceRecord *rrsig; + int r; + +@@ -1214,6 +1215,14 @@ int dnssec_verify_rrset_search( + if (realtime == USEC_INFINITY) + realtime = now(CLOCK_REALTIME); + ++ /* Have we seen an unreasonable number of invalid signaures? */ ++ if (nvalidations > DNSSEC_INVALID_MAX) { ++ if (ret_rrsig) ++ *ret_rrsig = NULL; ++ *result = DNSSEC_TOO_MANY_VALIDATIONS; ++ return (int) nvalidations; ++ } ++ + /* Yay, we found a matching RRSIG with a matching + * DNSKEY, awesome. Now let's verify all entries of + * the RRSet against the RRSIG and DNSKEY +@@ -1223,6 +1232,8 @@ int dnssec_verify_rrset_search( + if (r < 0) + return r; + ++ nvalidations++; ++ + switch (one_result) { + + case DNSSEC_VALIDATED: +@@ -1233,7 +1244,7 @@ int dnssec_verify_rrset_search( + *ret_rrsig = rrsig; + + *result = one_result; +- return 0; ++ return (int) nvalidations; + + case DNSSEC_INVALID: + /* If the signature is invalid, let's try another +@@ -1280,7 +1291,7 @@ int dnssec_verify_rrset_search( + if (ret_rrsig) + *ret_rrsig = NULL; + +- return 0; ++ return (int) nvalidations; + } + + int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) { +@@ -2564,6 +2575,7 @@ static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = { + [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary", + [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch", + [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server", ++ [DNSSEC_TOO_MANY_VALIDATIONS] = "too-many-validations", + }; + DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult); + +diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h +index 954bb3ef9d..29b90130a3 100644 +--- a/src/resolve/resolved-dns-dnssec.h ++++ b/src/resolve/resolved-dns-dnssec.h +@@ -9,12 +9,13 @@ typedef enum DnssecVerdict DnssecVerdict; + #include "resolved-dns-rr.h" + + enum DnssecResult { +- /* These five are returned by dnssec_verify_rrset() */ ++ /* These six are returned by dnssec_verify_rrset() */ + DNSSEC_VALIDATED, + DNSSEC_VALIDATED_WILDCARD, /* Validated via a wildcard RRSIG, further NSEC/NSEC3 checks necessary */ + DNSSEC_INVALID, + DNSSEC_SIGNATURE_EXPIRED, + DNSSEC_UNSUPPORTED_ALGORITHM, ++ DNSSEC_TOO_MANY_VALIDATIONS, + + /* These two are added by dnssec_verify_rrset_search() */ + DNSSEC_NO_SIGNATURE, +@@ -45,6 +46,12 @@ enum DnssecVerdict { + /* The longest digest we'll ever generate, of all digest algorithms we support */ + #define DNSSEC_HASH_SIZE_MAX (MAX(20, 32)) + ++/* The most invalid signatures we will tolerate for a single rrset */ ++#define DNSSEC_INVALID_MAX 5 ++ ++/* The total number of signature validations we will tolerate for a single transaction */ ++#define DNSSEC_VALIDATION_MAX 64 ++ + int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok); + int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig); + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index 6c931d71dc..8ff5653dff 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -3163,11 +3163,14 @@ static int dnssec_validate_records( + DnsTransaction *t, + Phase phase, + bool *have_nsec, ++ unsigned *nvalidations, + DnsAnswer **validated) { + + DnsResourceRecord *rr; + int r; + ++ assert(nvalidations); ++ + /* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */ + + DNS_ANSWER_FOREACH(rr, t->answer) { +@@ -3209,6 +3212,7 @@ static int dnssec_validate_records( + &rrsig); + if (r < 0) + return r; ++ *nvalidations += r; + + log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result)); + +@@ -3406,7 +3410,8 @@ static int dnssec_validate_records( + DNSSEC_SIGNATURE_EXPIRED, + DNSSEC_NO_SIGNATURE)) + manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key); +- else /* DNSSEC_MISSING_KEY or DNSSEC_UNSUPPORTED_ALGORITHM */ ++ else /* DNSSEC_MISSING_KEY, DNSSEC_UNSUPPORTED_ALGORITHM, ++ or DNSSEC_TOO_MANY_VALIDATIONS */ + manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key); + + /* This is a primary response to our question, and it failed validation. +@@ -3499,13 +3504,21 @@ int dns_transaction_validate_dnssec(DnsTransaction *t) { + return r; + + phase = DNSSEC_PHASE_DNSKEY; +- for (;;) { ++ for (unsigned nvalidations = 0;;) { + bool have_nsec = false; + +- r = dnssec_validate_records(t, phase, &have_nsec, &validated); ++ r = dnssec_validate_records(t, phase, &have_nsec, &nvalidations, &validated); + if (r <= 0) + return r; + ++ if (nvalidations > DNSSEC_VALIDATION_MAX) { ++ /* This reply requires an onerous number of signature validations to verify. Let's ++ * not waste our time trying, as this shouldn't happen for well-behaved domains ++ * anyway. */ ++ t->answer_dnssec_result = DNSSEC_TOO_MANY_VALIDATIONS; ++ return 0; ++ } ++ + /* Try again as long as we managed to achieve something */ + if (r == 1) + continue; +-- +2.33.0 + diff --git a/backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch b/backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch new file mode 100644 index 0000000000000000000000000000000000000000..c50cfb4d0d3cb156383b9333be0a5b409b7a52d7 --- /dev/null +++ b/backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch @@ -0,0 +1,39 @@ +From 572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott +Date: Sun, 25 Feb 2024 00:23:32 -0700 +Subject: [PATCH] resolved: reduce the maximum nsec3 iterations to 100 + +According to RFC9267, the 2500 value is not helpful, and in fact it can +be harmful to permit a large number of iterations. Combined with limits +on the number of signature validations, I expect this will mitigate the +impact of maliciously crafted domains designed to cause excessive +cryptographic work. + +(cherry picked from commit eba291124bc11f03732d1fc468db3bfac069f9cb) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 + +--- + src/resolve/resolved-dns-dnssec.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c +index aa87820dca..a192d82083 100644 +--- a/src/resolve/resolved-dns-dnssec.c ++++ b/src/resolve/resolved-dns-dnssec.c +@@ -28,8 +28,9 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL); + /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */ + #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE) + +-/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */ +-#define NSEC3_ITERATIONS_MAX 2500 ++/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value, but ++ * RFC9276 § 3.2 says that we should reduce the acceptable iteration count */ ++#define NSEC3_ITERATIONS_MAX 100 + + /* + * The DNSSEC Chain of trust: +-- +2.33.0 + diff --git a/backport-temporarily-disable-test-seccomp.patch b/backport-temporarily-disable-test-seccomp.patch new file mode 100644 index 0000000000000000000000000000000000000000..6af53ba24901a79e17ffea724b102d52cf45cdeb --- /dev/null +++ b/backport-temporarily-disable-test-seccomp.patch @@ -0,0 +1,24 @@ +From 03a991c00674787d649240adda11f2506f2fcedc Mon Sep 17 00:00:00 2001 +From: xujing +Date: Tue, 22 Feb 2022 20:33:40 +0800 +Subject: [PATCH] temporarily disable test-seccomp + +--- + src/test/test-seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 2d06098..a95deb8 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -1199,4 +1199,6 @@ TEST(restrict_suid_sgid) { + assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); + } + +-DEFINE_TEST_MAIN(LOG_DEBUG); ++int main(int argc, char *argv[]) { ++ return 77; ++} +-- +2.33.0 + diff --git a/bugfix-also-stop-machine-when-a-machine-un.patch b/bugfix-also-stop-machine-when-a-machine-un.patch new file mode 100644 index 0000000000000000000000000000000000000000..5d93a9103f8d98818b40b404302982c5227ae614 --- /dev/null +++ b/bugfix-also-stop-machine-when-a-machine-un.patch @@ -0,0 +1,145 @@ +From 89110c823f246d3d2c398652999826107da446bf Mon Sep 17 00:00:00 2001 +From: yangbin +Date: Tue, 7 Apr 2020 12:01:39 +0800 +Subject: [PATCH] systemd-machined: Also stop machine when a machine unit is + active but the leader process is exited + +When a VM machine is created in a scenario as below, it will remain in systemd-machined even though it has already been terminated by libvirtd. +1. libvirtd sends a request to systemd-machined with the leader(the PID of the vm) to create a machine. +2. systemd-machined directs the request to systemd +3. systemd constructs a scope and creates cgroup for the machine. the scope unit is then added to job queue and will be started later. +4. the leader process(the PID of the vm) is terminated by libvirtd(due some reason) before the scope is started. +5. Since the scope unit is yet not started, systemd will not destroy the scope althrough it is noticed with the signal event. +6. systemd starts the scope, and now the scope and machine is in active but no leader process exist. +7. systemd-machined will not stop and destroy the machine, and remains in system until the scope is stopped by others or the OS is restarted. + +This patch fix this problem by ansering yes to stop machine in machine_check_gc +when the machine unit is active but the leader process has already exited. + +Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0 +--- + src/machine/machine.c | 37 ++++++++++++++++++++++++++++++++++++- + src/machine/machined-dbus.c | 35 +++++++++++++++++++++++++++++++++++ + src/machine/machined.h | 1 + + 3 files changed, 72 insertions(+), 1 deletion(-) + +diff --git a/src/machine/machine.c b/src/machine/machine.c +index 44ff5c1..2519fd7 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -34,6 +34,7 @@ + #include "tmpfile-util.h" + #include "unit-name.h" + #include "user-util.h" ++#include "cgroup-util.h" + + DEFINE_TRIVIAL_CLEANUP_FUNC(Machine*, machine_free); + +@@ -534,6 +535,40 @@ int machine_finalize(Machine *m) { + return 0; + } + ++static bool machine_validate_unit(Machine *m) { ++ int r; ++ _cleanup_free_ char *unit = NULL; ++ _cleanup_free_ char *cgroup = NULL; ++ ++ r = cg_pid_get_unit(m->leader.pid, &unit); ++ if (!r && streq(m->unit, unit)) ++ return true; ++ ++ if (r == -ESRCH) { ++ /* the original leader may exit and be replaced with a new leader when qemu hotreplace is performed. ++ * so we don't return true here, otherwise the vm will be added to the gc list. ++ * */ ++ log_info("Machine unit is in active, but the leader process is exited. " ++ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader.pid, m->unit); ++ } else if (r) { ++ log_info_errno(r, "Can not get unit from cgroup. " ++ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader.pid, m->unit); ++ } else if (unit && !streq(m->unit, unit)) { ++ log_info("Machine unit name not match. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader.pid, m->unit, unit); ++ } ++ ++ r = manager_get_unit_cgroup_path(m->manager, m->unit, &cgroup); ++ if (!r && !isempty(cgroup) && cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) > 0) { ++ log_info("Cgroup is empty in the machine unit. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader.pid, m->unit); ++ /*The vm will be added to gc list only when there is no any process in the scope*/ ++ return false; ++ } ++ ++ return true; ++} ++ + bool machine_may_gc(Machine *m, bool drop_not_started) { + assert(m); + +@@ -546,7 +581,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { + if (m->scope_job && manager_job_is_active(m->manager, m->scope_job)) + return false; + +- if (m->unit && manager_unit_is_active(m->manager, m->unit)) ++ if (m->unit && manager_unit_is_active(m->manager, m->unit) && machine_validate_unit(m)) + return false; + + return true; +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 9fec047..938f42b 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -1514,3 +1514,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { + + return 0; + } ++ ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup) { ++ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_free_ char *path = NULL; ++ const char *cgroup_path = NULL; ++ int r; ++ ++ assert(manager); ++ assert(unit); ++ ++ path = unit_dbus_path_from_name(unit); ++ if (!path) ++ return -ENOMEM; ++ ++ r = sd_bus_get_property( ++ manager->bus, ++ "org.freedesktop.systemd1", ++ path, ++ endswith(unit, ".scope") ? "org.freedesktop.systemd1.Scope" : "org.freedesktop.systemd1.Service", ++ "ControlGroup", ++ &error, ++ &reply, ++ "s"); ++ if (r < 0) { ++ return r; ++ } ++ ++ r = sd_bus_message_read(reply, "s", &cgroup_path); ++ if (r < 0) ++ return -EINVAL; ++ *cgroup = strdup(cgroup_path); ++ ++ return 0; ++} +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 280c32b..6b8d98b 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -58,6 +58,7 @@ int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_erro + int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error); + int manager_unit_is_active(Manager *manager, const char *unit); + int manager_job_is_active(Manager *manager, const char *path); ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup); + + #if ENABLE_NSCD + int manager_enqueue_nscd_cache_flush(Manager *m); +-- +2.33.0 + diff --git a/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch b/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch new file mode 100644 index 0000000000000000000000000000000000000000..f1c63b46e39d48fe8b9c5b367bf3796808b83174 --- /dev/null +++ b/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch @@ -0,0 +1,40 @@ +From c003873099e47dccf2e57816291bd6b7de4a5790 Mon Sep 17 00:00:00 2001 +From: jiangchuangang +Date: Wed, 13 Jul 2022 21:39:06 +0800 +Subject: [PATCH] bugfix for cpuset and Delegate + +--- + src/core/cgroup.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 0e4c94d..e887d49 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1963,6 +1963,8 @@ static int unit_update_cgroup( + u->cgroup_enabled_mask = result_mask; + + migrate_mask = u->cgroup_realized_mask ^ target_mask; ++ if (u->type != UNIT_SLICE && FLAGS_SET(target_mask, CGROUP_MASK_CPUSET)) ++ migrate_mask |= CGROUP_MASK_CPUSET; + } + + /* Keep track that this is now realized */ +@@ -1977,9 +1979,11 @@ static int unit_update_cgroup( + * delegated units. + */ + if (cg_all_unified() == 0) { +- r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); +- if (r < 0) +- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ if (!unit_cgroup_delegate(u)) { ++ r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); ++ if (r < 0) ++ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ } + + is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); + r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); +-- +2.33.0 + diff --git a/change-NTP-server-to-x.pool.ntp.org.patch b/change-NTP-server-to-x.pool.ntp.org.patch new file mode 100644 index 0000000000000000000000000000000000000000..33798fd9fd8d02f6e4dbc98bcf4aa7a821531aea --- /dev/null +++ b/change-NTP-server-to-x.pool.ntp.org.patch @@ -0,0 +1,25 @@ +From bdf0536bace233a0da7e1ff094c8cb81ded18c38 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Tue, 23 Feb 2021 15:07:17 +0800 +Subject: [PATCH] change NTP server to x.pool.ntp.org + +--- + meson_options.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson_options.txt b/meson_options.txt +index 163c8df..ba7adf9 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -312,7 +312,7 @@ option('dns-servers', type : 'string', + value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google') + option('ntp-servers', type : 'string', + description : 'space-separated list of default NTP servers', +- value : 'time1.google.com time2.google.com time3.google.com time4.google.com') ++ value : '0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org') + option('support-url', type : 'string', + description : 'the support URL to show in catalog entries included in systemd', + value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel') +-- +2.27.0 + diff --git a/check-whether-command_prev-is-null-before-assigning-.patch b/check-whether-command_prev-is-null-before-assigning-.patch new file mode 100644 index 0000000000000000000000000000000000000000..06ebf8692c8a0507621622a769d1834e5b8bef7c --- /dev/null +++ b/check-whether-command_prev-is-null-before-assigning-.patch @@ -0,0 +1,35 @@ +From 5fe226b4378a2466d906ae45b8544f1003e9885a Mon Sep 17 00:00:00 2001 +From: yefei25 +Date: Wed, 8 Apr 2020 23:10:58 -0400 +Subject: [PATCH 1/2] check whether command_prev is null before assigning value + +--- + src/core/service.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 9a26271f72..3c255b3bcc 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2569,12 +2569,16 @@ static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, ExecC + assert(s); + assert(id >= 0); + assert(id < _SERVICE_EXEC_COMMAND_MAX); +- ++ if (!current) ++ return 0; + const ExecCommand *first = s->exec_command[id]; + + /* Figure out where we are in the list by walking back to the beginning */ +- for (const ExecCommand *c = current; c != first; c = c->command_prev) ++ for (const ExecCommand *c = current; c != first; c = c->command_prev) { + idx++; ++ if (!c->command_prev) ++ return idx; ++ } + + return idx; + } +-- +2.19.1 + diff --git a/core-add-OptionalLog-to-allow-users-change-log-level.patch b/core-add-OptionalLog-to-allow-users-change-log-level.patch new file mode 100644 index 0000000000000000000000000000000000000000..d3eda32eb3e847447b6fa2a6964ddf7d15341cd1 --- /dev/null +++ b/core-add-OptionalLog-to-allow-users-change-log-level.patch @@ -0,0 +1,140 @@ +From 637310cf1903f9072a391074a65855fc1c41ae2b Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Fri, 15 Apr 2022 09:28:15 +0800 +Subject: [PATCH] core: add OptionalLog to allow users change log level. +This adds log_optional* log_unit_optional* to log messages in LOG_INFO +or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no. +--- + src/basic/log.h | 2 ++ + src/core/dbus-manager.c | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 ++ + src/core/manager.h | 1 + + src/core/mount.c | 2 +- + src/core/system.conf.in | 1 + + src/core/unit.h | 2 ++ + 8 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/basic/log.h b/src/basic/log.h +index 9008d47..bf6aa8e 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -245,6 +245,7 @@ int log_emergency_level(void); + #define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__) + #define log_error(...) log_full(LOG_ERR, __VA_ARGS__) + #define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__) ++#define log_optional(use_info, ...) log_full(((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + /* Logging triggered by an errno-like error */ + #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__) +@@ -253,6 +254,7 @@ int log_emergency_level(void); + #define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__) + #define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__) + #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__) ++#define log_optional_errno(error, use_info, ...) log_full_errno(((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + /* This logs at the specified level the first time it is called, and then + * logs at debug. If the specified level is debug, this logs only the first +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 0f9d4e8..a644e86 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2963,6 +2963,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0), + SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0), ++ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, defaults.optional_log), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0), + SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0), +diff --git a/src/core/main.c b/src/core/main.c +index 96b0a11..c4379cf 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -617,6 +617,7 @@ static int parse_config_file(void) { + { "Manager", "LogColor", config_parse_color, 0, NULL }, + { "Manager", "LogLocation", config_parse_location, 0, NULL }, + { "Manager", "LogTime", config_parse_time, 0, NULL }, ++ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_defaults.optional_log }, + { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, + { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, +diff --git a/src/core/manager.c b/src/core/manager.c +index 3d14ea1..59170af 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.ip_accounting = defaults->ip_accounting; + + m->defaults.tasks_max = defaults->tasks_max; ++ m->defaults.optional_log = defaults->optional_log; + m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec; + + m->defaults.oom_policy = defaults->oom_policy; +@@ -4971,6 +4972,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .ip_accounting = false, + + .tasks_max = DEFAULT_TASKS_MAX, ++ .optional_log = false, + .timer_accuracy_usec = 1 * USEC_PER_MINUTE, + + .memory_pressure_watch = CGROUP_PRESSURE_WATCH_AUTO, +diff --git a/src/core/manager.h b/src/core/manager.h +index 93e9d2a..6dd1a18 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -181,6 +181,7 @@ typedef struct UnitDefaults { + usec_t memory_pressure_threshold_usec; + + char *smack_process_label; ++ bool optional_log; + + struct rlimit *rlimit[_RLIMIT_MAX]; + } UnitDefaults; +diff --git a/src/core/mount.c b/src/core/mount.c +index 52bd53e..26cade1 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -781,7 +781,7 @@ static void mount_set_state(Mount *m, MountState state) { + } + + if (state != old_state) +- log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); ++ log_unit_optional(UNIT(m), UNIT(m)->manager->defaults.optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); + + unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS); + } +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index dbdc47c..a55106c 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -22,6 +22,7 @@ + #LogColor=yes + #LogLocation=no + #LogTime=no ++#OptionalLog=no + #DumpCore=yes + #ShowStatus=yes + #CrashChangeVT=no +diff --git a/src/core/unit.h b/src/core/unit.h +index 60bc2e3..afa4387 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -1132,12 +1132,14 @@ int unit_compare_priority(Unit *a, Unit *b); + #define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__) + #define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__) + #define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__) ++#define log_unit_optional(unit, use_info, ...) log_unit_full(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + #define log_unit_debug_errno(unit, error, ...) log_unit_full_errno(unit, LOG_DEBUG, error, __VA_ARGS__) + #define log_unit_info_errno(unit, error, ...) log_unit_full_errno(unit, LOG_INFO, error, __VA_ARGS__) + #define log_unit_notice_errno(unit, error, ...) log_unit_full_errno(unit, LOG_NOTICE, error, __VA_ARGS__) + #define log_unit_warning_errno(unit, error, ...) log_unit_full_errno(unit, LOG_WARNING, error, __VA_ARGS__) + #define log_unit_error_errno(unit, error, ...) log_unit_full_errno(unit, LOG_ERR, error, __VA_ARGS__) ++#define log_unit_optional_errno(unit, use_info, error, ...) log_unit_full_errno(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + #if LOG_TRACE + # define log_unit_trace(...) log_unit_debug(__VA_ARGS__) +-- +2.33.0 + diff --git a/core-add-invalidate-cgroup-config.patch b/core-add-invalidate-cgroup-config.patch new file mode 100644 index 0000000000000000000000000000000000000000..3179d4c7100c38b0b64f8486c45103d030402424 --- /dev/null +++ b/core-add-invalidate-cgroup-config.patch @@ -0,0 +1,102 @@ +From d56b3978bbcd28246b3e3ce3f8c958ac95785dd7 Mon Sep 17 00:00:00 2001 +From: fangxiuning +Date: Wed, 22 Apr 2020 11:55:18 +0800 +Subject: + After systemd 239 version, a new feature is added to cgroups. +The processes started by users default to the cgroup group belonging +to user.slice, and the processes started by the system default to +system.slice. This is the direction of github systemd evolution. +However, there are still a large number of operations downstream +that systemd does not perceive to modify the cgroup group, +such as directly echo the process number to system.slice. + +For example: +1. sleep 1000 & +2. echo sleep pid > /sys/fs/cgroup/memory/system.slice/task +3. systemctl daemon-reload +4. cat /proc/sleep pid/cgroup +this kind of operation, systemd is not aware of it. +When systemctl disable service or systemctl daemon-reload operation +is executed, systemd will re-attach each process to its original +Under the group(user.slice). + +--- + src/core/main.c | 1 + + src/core/manager.c | 2 ++ + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit-serialize.c | 2 +- + 5 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index e9f56fa..964adb5 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -684,6 +684,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, ++ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_defaults.invalidate_cgroup }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, + { "Manager", "DefaultMemoryPressureWatch", config_parse_memory_pressure_watch, 0, &arg_defaults.memory_pressure_watch }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action }, +diff --git a/src/core/manager.c b/src/core/manager.c +index 59170af..57dd3d1 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.ip_accounting = defaults->ip_accounting; + + m->defaults.tasks_max = defaults->tasks_max; ++ m->defaults.invalidate_cgroup = defaults->invalidate_cgroup; + m->defaults.optional_log = defaults->optional_log; + m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec; + +@@ -4969,6 +4970,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, ++ .invalidate_cgroup = true, + .ip_accounting = false, + + .tasks_max = DEFAULT_TASKS_MAX, +diff --git a/src/core/manager.h b/src/core/manager.h +index 3c954af..0c9a2ea 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -173,6 +173,7 @@ typedef struct UnitDefaults { + + CGroupTasksMax tasks_max; + usec_t timer_accuracy_usec; ++ bool invalidate_cgroup; + + OOMPolicy oom_policy; + int oom_score_adjust; +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index a55106c..f48452d 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -78,6 +78,7 @@ DefaultLimitMEMLOCK=64M + #DefaultLimitNICE= + #DefaultLimitRTPRIO= + #DefaultLimitRTTIME= ++#DefaultInvalidateCgroup=yes + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index fe4221c..091e7b6 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -574,7 +574,7 @@ int unit_deserialize_state(Unit *u, FILE *f, FDSet *fds) { + /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings + * applied after we are done. For that we invalidate anything already realized, so that we can + * realize it again. */ +- if (u->cgroup_realized) { ++ if (u->cgroup_realized && u->manager->defaults.invalidate_cgroup) { + unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); + unit_invalidate_cgroup_bpf(u); + } +-- +2.33.0 + diff --git a/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch b/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch deleted file mode 100644 index c9a66d93967a5e3eb91971146a77cc2860afab65..0000000000000000000000000000000000000000 --- a/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 95100aa8fa3182f3b066bdc5927b0a78c37550aa Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Mon, 23 Jul 2018 17:58:18 +0800 -Subject: [PATCH] systemd-udevd: Call malloc_trim to return memory to OS - immediately in forked children. - -hen there are many events from kernel, memory used to store these events(in event_list) -will be large, may be up to 100M. The forked child process will have a copy of these events and -release them using free. But since glibc will release memory to OS immediately, and if this child process -is stuck due I/O waiting(in D state), these memory will never be released until it is recoveried from D-state. -When there are so many such child processes, it will eat up much memory from system. -This patch fix this problem by invoking glibc's malloc_trim to release memory immediately when the child is forked. ---- - meson.build | 6 ++++++ - src/udev/udevd.c | 12 ++++++++++++ - 2 files changed, 18 insertions(+) - -diff --git a/meson.build b/meson.build -index c14540a..5ee2fa7 100644 ---- a/meson.build -+++ b/meson.build -@@ -518,6 +518,12 @@ else - conf.set10('HAVE_GETRANDOM', have) - endif - -+if cc.has_function('malloc_trim', prefix : '''#include ''') -+ conf.set10('HAVE_MALLOC_TRIM', true) -+else -+ conf.set10('HAVE_MALLOC_TRIM', false) -+endif -+ - ##################################################################### - - sed = find_program('sed') -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index c1119c3..62f1c44 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -27,6 +27,9 @@ - #include - #include - #include -+#ifdef HAVE_MALLOC_TRIM -+#include -+#endif - - #include "sd-daemon.h" - #include "sd-event.h" -@@ -233,6 +236,15 @@ static void worker_spawn(Manager *manager, struct event *event) { - - manager->event = sd_event_unref(manager->event); - -+#ifdef HAVE_MALLOC_TRIM -+ /* unused memory inherits from parent has been freed, but it will -+ * not release to OS immediately. We do the optimization by invoking -+ * glibc's malloc_trim to force these unused memory to return to OS immediately. -+ * Otherwise when there are many forked process, it will eat up system's memory, -+ * and will cause OOM problem. -+ */ -+ malloc_trim(0); -+#endif - sigfillset(&mask); - fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC); - if (fd_signal < 0) { --- -1.8.3.1 - diff --git a/core-cgroup-support-cpuset.patch b/core-cgroup-support-cpuset.patch new file mode 100644 index 0000000000000000000000000000000000000000..e4afb1e5ebf28bd60bbcb4eb76cd7bdc819d0081 --- /dev/null +++ b/core-cgroup-support-cpuset.patch @@ -0,0 +1,990 @@ +From 2ea8175b3d8ec118fa0f42392485ce0f4308456a Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support cpuset + +This patch add support for cpuset subsystem. +--- + meson.build | 2 + + meson_options.txt | 3 + + src/basic/cgroup-util.c | 3 +- + src/basic/cgroup-util.h | 14 ++- + src/basic/string-util.c | 42 +++++++ + src/basic/string-util.h | 1 + + src/core/cgroup.c | 112 ++++++++++++++---- + src/core/cgroup.h | 14 ++- + src/core/dbus-cgroup.c | 60 ++++++++-- + src/core/dbus-manager.c | 1 + + src/core/execute-serialize.c | 44 +++---- + src/core/load-fragment-gperf.gperf.in | 13 +- + src/core/load-fragment.c | 69 +++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 15 ++- + src/shared/cpu-set-util.c | 1 + + src/test/test-cgroup-mask.c | 5 +- + .../fuzz-unit-file/directives-all.service | 5 + + 23 files changed, 338 insertions(+), 73 deletions(-) + +diff --git a/meson.build b/meson.build +index 7419e2b..614013b 100644 +--- a/meson.build ++++ b/meson.build +@@ -1578,6 +1578,7 @@ foreach term : ['analyze', + 'binfmt', + 'compat-mutable-uid-boundaries', + 'coredump', ++ 'cpuset-cgv1', + 'efi', + 'environment-d', + 'firstboot', +@@ -2853,6 +2854,7 @@ foreach tuple : [ + ['fexecve'], + ['standalone-binaries', get_option('standalone-binaries')], + ['coverage', get_option('b_coverage')], ++ ['cpuset-cgv1'], + ] + + if tuple.length() >= 2 +diff --git a/meson_options.txt b/meson_options.txt +index e708745..5fda5d9 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -514,3 +514,6 @@ option('bpf-compiler', type : 'combo', choices : ['clang', 'gcc'], + description: 'compiler used to build BPF programs') + option('bpf-framework', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' }, + description: 'build BPF programs from source code in restricted C') ++ ++option('cpuset-cgv1', type : 'boolean', value : 'true', ++ description : 'enable cgroup v1 cpuset support') +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 18b16ec..abd1f91 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2352,12 +2352,13 @@ bool fd_is_cgroup_fs(int fd) { + static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { + [CGROUP_CONTROLLER_CPU] = "cpu", + [CGROUP_CONTROLLER_CPUACCT] = "cpuacct", +- [CGROUP_CONTROLLER_CPUSET] = "cpuset", ++ [CGROUP_CONTROLLER_CPUSET2] = "cpuset2", + [CGROUP_CONTROLLER_IO] = "io", + [CGROUP_CONTROLLER_BLKIO] = "blkio", + [CGROUP_CONTROLLER_MEMORY] = "memory", + [CGROUP_CONTROLLER_DEVICES] = "devices", + [CGROUP_CONTROLLER_PIDS] = "pids", ++ [CGROUP_CONTROLLER_CPUSET] = "cpuset", + [CGROUP_CONTROLLER_BPF_FIREWALL] = "bpf-firewall", + [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", + [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index 6ab14c7..dd3df28 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -22,12 +22,13 @@ typedef enum CGroupController { + /* Original cgroup controllers */ + CGROUP_CONTROLLER_CPU, + CGROUP_CONTROLLER_CPUACCT, /* v1 only */ +- CGROUP_CONTROLLER_CPUSET, /* v2 only */ ++ CGROUP_CONTROLLER_CPUSET2, /* v2 only */ + CGROUP_CONTROLLER_IO, /* v2 only */ + CGROUP_CONTROLLER_BLKIO, /* v1 only */ + CGROUP_CONTROLLER_MEMORY, + CGROUP_CONTROLLER_DEVICES, /* v1 only */ + CGROUP_CONTROLLER_PIDS, ++ CGROUP_CONTROLLER_CPUSET, + + /* BPF-based pseudo-controllers, v2 only */ + CGROUP_CONTROLLER_BPF_FIREWALL, +@@ -49,12 +50,13 @@ typedef enum CGroupController { + typedef enum CGroupMask { + CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU), + CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT), +- CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), ++ CGROUP_MASK_CPUSET2 = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET2), + CGROUP_MASK_IO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_IO), + CGROUP_MASK_BLKIO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BLKIO), + CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY), + CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), + CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), ++ CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), + CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), + CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), + CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), +@@ -62,10 +64,14 @@ typedef enum CGroupMask { + CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES), + + /* All real cgroup v1 controllers */ +- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS ++#if ENABLE_CPUSET_CGV1 ++ | CGROUP_MASK_CPUSET ++#endif ++ , + + /* All real cgroup v2 controllers */ +- CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, + + /* All cgroup v2 BPF pseudo-controllers */ + CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND|CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES, +diff --git a/src/basic/string-util.c b/src/basic/string-util.c +index 7329bfa..0fecb40 100644 +--- a/src/basic/string-util.c ++++ b/src/basic/string-util.c +@@ -1295,6 +1295,48 @@ int string_contains_word_strv(const char *string, const char *separators, char * + return !!found; + } + ++int string_isvalid_interval(const char *instr) ++{ ++ const char *pstr = instr; /* tmp */ ++ const char *pstr_front = instr; /* front char */ ++ const char *pstr_behind = instr; /* behind char */ ++ ++ if (isempty(instr)) ++ { ++ return 1; ++ } ++ ++ while (*pstr != '\0') ++ { ++ /* behind */ ++ pstr_behind = pstr + 1; ++ ++ /* 0-3,4,6,7-10 */ ++ if (((*pstr < '0') || (*pstr > '9')) && ++ (*pstr != '-') && ++ (*pstr != ',')) ++ { ++ return 2; ++ } ++ ++ /* - , must is a num */ ++ if (('-' == *pstr) || (',' == *pstr)) ++ { ++ if ((*pstr_front < '0') || (*pstr_front > '9') || ++ (*pstr_behind < '0') || (*pstr_behind > '9')) ++ { ++ return 3; ++ } ++ } ++ ++ /* front */ ++ pstr_front = pstr; ++ pstr++; ++ } ++ ++ return 0; ++} ++ + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { + if (!s1 && !s2) + return true; +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index b6d8be3..c6773d3 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -270,6 +270,7 @@ static inline int string_contains_word(const char *string, const char *separator + return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); + } + ++int string_isvalid_interval(const char *instr); + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); + + char *string_replace_char(char *str, char old_char, char new_char); +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 78bc551..cd1e97d 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -91,8 +91,8 @@ bool unit_has_startup_cgroup_constraints(Unit *u) { + return c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID || + c->startup_io_weight != CGROUP_WEIGHT_INVALID || + c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID || +- c->startup_cpuset_cpus.set || +- c->startup_cpuset_mems.set || ++ c->startup_cpuset_cpus2.set || ++ c->startup_cpuset_mems2.set || + c->startup_memory_high_set || + c->startup_memory_max_set || + c->startup_memory_swap_max_set|| +@@ -293,10 +293,16 @@ void cgroup_context_done(CGroupContext *c) { + + c->restrict_network_interfaces = set_free_free(c->restrict_network_interfaces); + +- cpu_set_reset(&c->cpuset_cpus); +- cpu_set_reset(&c->startup_cpuset_cpus); +- cpu_set_reset(&c->cpuset_mems); +- cpu_set_reset(&c->startup_cpuset_mems); ++ if (c->cpuset_cpus) ++ c->cpuset_cpus = mfree(c->cpuset_cpus); ++ ++ if (c->cpuset_mems) ++ c->cpuset_mems = mfree(c->cpuset_mems); ++ ++ cpu_set_reset(&c->cpuset_cpus2); ++ cpu_set_reset(&c->startup_cpuset_cpus2); ++ cpu_set_reset(&c->cpuset_mems2); ++ cpu_set_reset(&c->startup_cpuset_mems2); + + c->delegate_subgroup = mfree(c->delegate_subgroup); + +@@ -496,7 +502,7 @@ CGroupDevicePermissions cgroup_device_permissions_from_string(const char *s) { + } + + void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +- _cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL, *startup_cpuset_mems = NULL; ++ _cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL, *startup_cpuset_mems2 = NULL; + CGroupContext *c; + struct in_addr_prefix *iaai; + +@@ -525,16 +531,17 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + /* "Delegate=" means "yes, but no controllers". Show this as "(none)". */ + const char *delegate_str = delegate_controllers_str ?: c->delegate ? "(none)" : "no"; + +- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus); +- startup_cpuset_cpus = cpu_set_to_range_string(&c->startup_cpuset_cpus); +- cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems); +- startup_cpuset_mems = cpu_set_to_range_string(&c->startup_cpuset_mems); ++ cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2); ++ startup_cpuset_cpus2 = cpu_set_to_range_string(&c->startup_cpuset_cpus2); ++ cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2); ++ startup_cpuset_mems2 = cpu_set_to_range_string(&c->startup_cpuset_mems2); + + fprintf(f, + "%sCPUAccounting: %s\n" + "%sIOAccounting: %s\n" + "%sBlockIOAccounting: %s\n" + "%sMemoryAccounting: %s\n" ++ "%sCPUSetAccounting: %s\n" + "%sTasksAccounting: %s\n" + "%sIPAccounting: %s\n" + "%sCPUWeight: %" PRIu64 "\n" +@@ -565,6 +572,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sStartupMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" ++ "%sCPUSetCpus=%s\n" ++ "%sCPUSetMems=%s\n" ++ "%sCPUSetCloneChildren=%s\n" ++ "%sCPUSetMemMigrate=%s\n" + "%sTasksMax: %" PRIu64 "\n" + "%sDevicePolicy: %s\n" + "%sDisableControllers: %s\n" +@@ -579,6 +590,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->io_accounting), + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), ++ prefix, yes_no(c->cpuset_accounting), + prefix, yes_no(c->tasks_accounting), + prefix, yes_no(c->ip_accounting), + prefix, c->cpu_weight, +@@ -587,10 +599,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->startup_cpu_shares, + prefix, FORMAT_TIMESPAN(c->cpu_quota_per_sec_usec, 1), + prefix, FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1), +- prefix, strempty(cpuset_cpus), +- prefix, strempty(startup_cpuset_cpus), +- prefix, strempty(cpuset_mems), +- prefix, strempty(startup_cpuset_mems), ++ prefix, strempty(cpuset_cpus2), ++ prefix, strempty(startup_cpuset_cpus2), ++ prefix, strempty(cpuset_mems2), ++ prefix, strempty(startup_cpuset_mems2), + prefix, c->io_weight, + prefix, c->startup_io_weight, + prefix, c->blockio_weight, +@@ -609,6 +621,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"), + prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"), + prefix, c->memory_limit, ++ prefix, c->cpuset_cpus, ++ prefix, c->cpuset_mems, ++ prefix, yes_no(c->cpuset_clone_children), ++ prefix, yes_no(c->cpuset_memory_migrate), + prefix, cgroup_tasks_max_resolve(&c->tasks_max), + prefix, cgroup_device_policy_to_string(c->device_policy), + prefix, strempty(disable_controllers_str), +@@ -1113,11 +1129,11 @@ static bool cgroup_context_has_cpu_shares(CGroupContext *c) { + } + + static bool cgroup_context_has_allowed_cpus(CGroupContext *c) { +- return c->cpuset_cpus.set || c->startup_cpuset_cpus.set; ++ return c->cpuset_cpus2.set || c->startup_cpuset_cpus2.set; + } + + static bool cgroup_context_has_allowed_mems(CGroupContext *c) { +- return c->cpuset_mems.set || c->startup_cpuset_mems.set; ++ return c->cpuset_mems2.set || c->startup_cpuset_mems2.set; + } + + uint64_t cgroup_context_cpu_weight(CGroupContext *c, ManagerState state) { +@@ -1144,18 +1160,18 @@ static uint64_t cgroup_context_cpu_shares(CGroupContext *c, ManagerState state) + + static CPUSet *cgroup_context_allowed_cpus(CGroupContext *c, ManagerState state) { + if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING, MANAGER_STOPPING) && +- c->startup_cpuset_cpus.set) +- return &c->startup_cpuset_cpus; ++ c->startup_cpuset_cpus2.set) ++ return &c->startup_cpuset_cpus2; + else +- return &c->cpuset_cpus; ++ return &c->cpuset_cpus2; + } + + static CPUSet *cgroup_context_allowed_mems(CGroupContext *c, ManagerState state) { + if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING, MANAGER_STOPPING) && +- c->startup_cpuset_mems.set) +- return &c->startup_cpuset_mems; ++ c->startup_cpuset_mems2.set) ++ return &c->startup_cpuset_mems2; + else +- return &c->cpuset_mems; ++ return &c->cpuset_mems2; + } + + usec_t cgroup_cpu_adjust_period(usec_t period, usec_t quota, usec_t resolution, usec_t max_period) { +@@ -1727,7 +1743,7 @@ static void cgroup_context_apply( + } + } + +- if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { ++ if ((apply_mask & CGROUP_MASK_CPUSET2) && !is_local_root) { + cgroup_apply_unified_cpuset(u, cgroup_context_allowed_cpus(c, state), "cpuset.cpus"); + cgroup_apply_unified_cpuset(u, cgroup_context_allowed_mems(c, state), "cpuset.mems"); + } +@@ -1902,6 +1918,45 @@ static void cgroup_context_apply( + } + } + ++ if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { ++ (void) set_attribute_and_warn(u, "cpuset", "cgroup.clone_children", one_zero(c->cpuset_clone_children)); ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.memory_migrate", one_zero(c->cpuset_memory_migrate)); ++ if (c->cpuset_cpus) { ++ if (streq(c->cpuset_cpus, "all")) { ++ _cleanup_free_ char *str_cpuset_cpus = NULL; ++ _cleanup_free_ char *cg_root_path_cpus = NULL; ++ r = cg_get_root_path(&cg_root_path_cpus); ++ if (r < 0) ++ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset cpus: %m"); ++ if (cg_root_path_cpus) { ++ r = cg_get_attribute("cpuset", cg_root_path_cpus, "cpuset.cpus", &str_cpuset_cpus); ++ if (r < 0) ++ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_cpus); ++ if (str_cpuset_cpus) ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", str_cpuset_cpus); ++ } ++ } else ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", c->cpuset_cpus); ++ } ++ if (c->cpuset_mems) { ++ if (streq(c->cpuset_mems, "all")) { ++ _cleanup_free_ char *str_cpuset_mems = NULL; ++ _cleanup_free_ char *cg_root_path_mems = NULL; ++ r = cg_get_root_path(&cg_root_path_mems); ++ if (r < 0) ++ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset mems: %m"); ++ if (cg_root_path_mems) { ++ r = cg_get_attribute("cpuset", cg_root_path_mems, "cpuset.mems", &str_cpuset_mems); ++ if (r < 0) ++ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_mems); ++ if (str_cpuset_mems) ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", str_cpuset_mems); ++ } ++ } else ++ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", c->cpuset_mems); ++ } ++ } ++ + /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of + * containers, where we leave this to the manager */ + if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && +@@ -2045,7 +2100,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + mask |= CGROUP_MASK_CPU; + + if (cgroup_context_has_allowed_cpus(c) || cgroup_context_has_allowed_mems(c)) +- mask |= CGROUP_MASK_CPUSET; ++ mask |= CGROUP_MASK_CPUSET2; + + if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c)) + mask |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO; +@@ -2055,6 +2110,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + unit_has_unified_memory_config(u)) + mask |= CGROUP_MASK_MEMORY; + ++ if (c->cpuset_accounting || ++ c->cpuset_cpus || ++ c->cpuset_mems) ++ mask |= CGROUP_MASK_CPUSET; ++ + if (c->device_allow || + c->device_policy != CGROUP_DEVICE_POLICY_AUTO) + mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; +@@ -4597,7 +4657,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { + if (!u->cgroup_path) + return -ENODATA; + +- if ((u->cgroup_realized_mask & CGROUP_MASK_CPUSET) == 0) ++ if ((u->cgroup_realized_mask & CGROUP_MASK_CPUSET2) == 0) + return -ENODATA; + + r = cg_all_unified(); +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index f1b674b..04a7f25 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -134,6 +134,7 @@ struct CGroupContext { + bool io_accounting; + bool blockio_accounting; + bool memory_accounting; ++ bool cpuset_accounting; + bool tasks_accounting; + bool ip_accounting; + +@@ -151,10 +152,10 @@ struct CGroupContext { + usec_t cpu_quota_per_sec_usec; + usec_t cpu_quota_period_usec; + +- CPUSet cpuset_cpus; +- CPUSet startup_cpuset_cpus; +- CPUSet cpuset_mems; +- CPUSet startup_cpuset_mems; ++ CPUSet cpuset_cpus2; ++ CPUSet startup_cpuset_cpus2; ++ CPUSet cpuset_mems2; ++ CPUSet startup_cpuset_mems2; + + uint64_t io_weight; + uint64_t startup_io_weight; +@@ -177,6 +178,11 @@ struct CGroupContext { + uint64_t memory_zswap_max; + uint64_t startup_memory_zswap_max; + ++ char *cpuset_cpus; ++ char *cpuset_mems; ++ bool cpuset_clone_children; ++ bool cpuset_memory_migrate; ++ + bool default_memory_min_set:1; + bool default_memory_low_set:1; + bool default_startup_memory_low_set:1; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 4237e69..05fd445 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -453,10 +453,10 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0), + SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), + SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), +- SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), +- SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0), +- SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), +- SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0), ++ SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus2), 0), ++ SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus2), 0), ++ SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems2), 0), ++ SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems2), 0), + SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), + SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), + SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), +@@ -488,6 +488,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), ++ SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), ++ SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), ++ SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), ++ SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), ++ SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), + SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), +@@ -1279,6 +1284,43 @@ int bus_cgroup_set_property( + if (streq(name, "MemoryLimitScale")) + return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error); + ++ if (streq(name, "CPUSetAccounting")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); ++ ++ if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { ++ const char *cpuset_str = NULL; ++ ++ r = sd_bus_message_read(message, "s", &cpuset_str); ++ if (r < 0) ++ return r; ++ ++ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { ++ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); ++ if (streq(name, "CPUSetCpus")) { ++ if (c->cpuset_cpus) ++ c->cpuset_cpus = mfree(c->cpuset_cpus); ++ c->cpuset_cpus = strdup(cpuset_str); ++ if (!c->cpuset_cpus) ++ return -ENOMEM; ++ unit_write_settingf(u, flags, name, "CPUSetCpus=%s", cpuset_str); ++ } else { ++ if (c->cpuset_mems) ++ c->cpuset_mems = mfree(c->cpuset_mems); ++ c->cpuset_mems = strdup(cpuset_str); ++ if (!c->cpuset_mems) ++ return -ENOMEM; ++ unit_write_settingf(u, flags, name, "CPUSetMems=%s", cpuset_str); ++ } ++ } ++ return 1; ++ } ++ ++ if (streq(name, "CPUSetCloneChildren")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_clone_children, CGROUP_MASK_CPUSET, message, flags, error); ++ ++ if (streq(name, "CPUSetMemMigrate")) ++ return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); ++ + if (streq(name, "TasksAccounting")) + return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); + +@@ -1358,13 +1400,13 @@ int bus_cgroup_set_property( + return -ENOMEM; + + if (streq(name, "AllowedCPUs")) +- set = &c->cpuset_cpus; ++ set = &c->cpuset_cpus2; + else if (streq(name, "StartupAllowedCPUs")) +- set = &c->startup_cpuset_cpus; ++ set = &c->startup_cpuset_cpus2; + else if (streq(name, "AllowedMemoryNodes")) +- set = &c->cpuset_mems; ++ set = &c->cpuset_mems2; + else if (streq(name, "StartupAllowedMemoryNodes")) +- set = &c->startup_cpuset_mems; ++ set = &c->startup_cpuset_mems2; + + assert(set); + +@@ -1372,7 +1414,7 @@ int bus_cgroup_set_property( + *set = new_set; + new_set = (CPUSet) {}; + +- unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); ++ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET2); + unit_write_settingf(u, flags, name, "%s=\n%s=%s", name, name, setstr); + } + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 745f5cc..fc49e7d 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -3005,6 +3005,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), +diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c +index 6c19cd4..e585188 100644 +--- a/src/core/execute-serialize.c ++++ b/src/core/execute-serialize.c +@@ -21,8 +21,8 @@ + + static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) { + _cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL, +- *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL, +- *startup_cpuset_mems = NULL; ++ *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL, ++ *startup_cpuset_mems2 = NULL; + char *iface; + struct in_addr_prefix *iaai; + int r; +@@ -96,35 +96,35 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) { + return r; + } + +- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus); +- if (!cpuset_cpus) ++ cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2); ++ if (!cpuset_cpus2) + return log_oom_debug(); + +- r = serialize_item(f, "exec-cgroup-context-allowed-cpus", cpuset_cpus); ++ r = serialize_item(f, "exec-cgroup-context-allowed-cpus", cpuset_cpus2); + if (r < 0) + return r; + +- startup_cpuset_cpus = cpu_set_to_range_string(&c->startup_cpuset_cpus); +- if (!startup_cpuset_cpus) ++ startup_cpuset_cpus2 = cpu_set_to_range_string(&c->startup_cpuset_cpus2); ++ if (!startup_cpuset_cpus2) + return log_oom_debug(); + +- r = serialize_item(f, "exec-cgroup-context-startup-allowed-cpus", startup_cpuset_cpus); ++ r = serialize_item(f, "exec-cgroup-context-startup-allowed-cpus", startup_cpuset_cpus2); + if (r < 0) + return r; + +- cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems); +- if (!cpuset_mems) ++ cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2); ++ if (!cpuset_mems2) + return log_oom_debug(); + +- r = serialize_item(f, "exec-cgroup-context-allowed-memory-nodes", cpuset_mems); ++ r = serialize_item(f, "exec-cgroup-context-allowed-memory-nodes", cpuset_mems2); + if (r < 0) + return r; + +- startup_cpuset_mems = cpu_set_to_range_string(&c->startup_cpuset_mems); +- if (!startup_cpuset_mems) ++ startup_cpuset_mems2 = cpu_set_to_range_string(&c->startup_cpuset_mems2); ++ if (!startup_cpuset_mems2) + return log_oom_debug(); + +- r = serialize_item(f, "exec-cgroup-context-startup-allowed-memory-nodes", startup_cpuset_mems); ++ r = serialize_item(f, "exec-cgroup-context-startup-allowed-memory-nodes", startup_cpuset_mems2); + if (r < 0) + return r; + +@@ -555,12 +555,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) { + if (r < 0) + return r; + } else if ((val = startswith(l, "exec-cgroup-context-allowed-cpus="))) { +- if (c->cpuset_cpus.set) ++ if (c->cpuset_cpus2.set) + return -EINVAL; /* duplicated */ + + r = parse_cpu_set_full( + val, +- &c->cpuset_cpus, ++ &c->cpuset_cpus2, + /* warn= */ false, + /* unit= */ NULL, + /* filename= */ NULL, +@@ -569,12 +569,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) { + if (r < 0) + return r; + } else if ((val = startswith(l, "exec-cgroup-context-startup-allowed-cpus="))) { +- if (c->startup_cpuset_cpus.set) ++ if (c->startup_cpuset_cpus2.set) + return -EINVAL; /* duplicated */ + + r = parse_cpu_set_full( + val, +- &c->startup_cpuset_cpus, ++ &c->startup_cpuset_cpus2, + /* warn= */ false, + /* unit= */ NULL, + /* filename= */ NULL, +@@ -583,12 +583,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) { + if (r < 0) + return r; + } else if ((val = startswith(l, "exec-cgroup-context-allowed-memory-nodes="))) { +- if (c->cpuset_mems.set) ++ if (c->cpuset_mems2.set) + return -EINVAL; /* duplicated */ + + r = parse_cpu_set_full( + val, +- &c->cpuset_mems, ++ &c->cpuset_mems2, + /* warn= */ false, + /* unit= */ NULL, + /* filename= */ NULL, +@@ -597,12 +597,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) { + if (r < 0) + return r; + } else if ((val = startswith(l, "exec-cgroup-context-startup-allowed-memory-nodes="))) { +- if (c->startup_cpuset_mems.set) ++ if (c->startup_cpuset_mems2.set) + return -EINVAL; /* duplicated */ + + r = parse_cpu_set_full( + val, +- &c->startup_cpuset_mems, ++ &c->startup_cpuset_mems2, + /* warn= */ false, + /* unit= */ NULL, + /* filename= */ NULL, +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 45f9ab0..1e46af4 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -194,10 +194,10 @@ + + {%- macro CGROUP_CONTEXT_CONFIG_ITEMS(type) -%} + {{type}}.Slice, config_parse_unit_slice, 0, 0 +-{{type}}.AllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) +-{{type}}.StartupAllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_cpus) +-{{type}}.AllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_mems) +-{{type}}.StartupAllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_mems) ++{{type}}.AllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_cpus2) ++{{type}}.StartupAllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_cpus2) ++{{type}}.AllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_mems2) ++{{type}}.StartupAllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_mems2) + {{type}}.CPUAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpu_accounting) + {{type}}.CPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.cpu_weight) + {{type}}.StartupCPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.startup_cpu_weight) +@@ -221,6 +221,11 @@ + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) ++{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) ++{{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) ++{{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) ++{{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) + {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 6e3a22b..cbc75e1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3904,6 +3904,75 @@ int config_parse_memory_limit( + return 0; + } + ++int config_parse_cpuset_cpumems( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) ++{ ++ char **pcpumems = data; ++ char *pinstr = NULL; ++ int iret = 0; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(data); ++ (void)section; ++ (void)section_line; ++ (void)ltype; ++ (void)userdata; ++ ++ if (!utf8_is_valid(rvalue)) ++ { ++ log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue); ++ return 0; ++ } ++ ++ if (0 == strcmp(rvalue, "all")) ++ { ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ { ++ return log_oom(); ++ } ++ ++ free(*pcpumems); ++ *pcpumems = pinstr; ++ ++ return 0; ++ } ++ ++ /* 0-2,4 */ ++ iret = string_isvalid_interval(rvalue); ++ if (0 != iret) ++ { ++ pinstr = NULL; ++ log_syntax(unit, LOG_ERR, filename, line, EINVAL, ++ "cpuset cpumems '%s' is invalid, Ignoring(%d).", ++ rvalue, iret); ++ } ++ else ++ { ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ { ++ return log_oom(); ++ } ++ } ++ ++ free(*pcpumems); ++ *pcpumems = pinstr; ++ ++ return 0; ++} ++ + int config_parse_tasks_max( + const char *unit, + const char *filename, +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index 6919805..0b77c8b 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -84,6 +84,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); + CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); ++CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); + CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup); +diff --git a/src/core/main.c b/src/core/main.c +index 62112dc..de3f536 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -678,6 +678,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting }, + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting }, ++ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, +diff --git a/src/core/manager.c b/src/core/manager.c +index ce20d6b..ef22fed 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4192,6 +4192,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + + m->defaults.cpu_accounting = defaults->cpu_accounting; + m->defaults.memory_accounting = defaults->memory_accounting; ++ m->defaults.cpuset_accounting = defaults->cpuset_accounting; + m->defaults.io_accounting = defaults->io_accounting; + m->defaults.blockio_accounting = defaults->blockio_accounting; + m->defaults.tasks_accounting = defaults->tasks_accounting; +@@ -4961,6 +4962,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + * controller to be enabled, so the default is to enable it unless we got told otherwise. */ + .cpu_accounting = cpu_accounting_is_cheap(), + .memory_accounting = MEMORY_ACCOUNTING_DEFAULT, ++ .cpuset_accounting = false, + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, +diff --git a/src/core/manager.h b/src/core/manager.h +index d96eb7b..e560811 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -165,6 +165,7 @@ typedef struct UnitDefaults { + bool memory_accounting; + bool io_accounting; + bool blockio_accounting; ++ bool cpuset_accounting; + bool tasks_accounting; + bool ip_accounting; + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 90109ad..69ea5d6 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -57,6 +57,7 @@ + #DefaultIOAccounting=no + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} ++#DefaultCpusetAccounting= + #DefaultTasksAccounting=yes + #DefaultTasksMax=80% + #DefaultLimitCPU= +diff --git a/src/core/unit.c b/src/core/unit.c +index 69fc998..38017d0 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -188,6 +188,7 @@ static void unit_init(Unit *u) { + cc->io_accounting = u->manager->defaults.io_accounting; + cc->blockio_accounting = u->manager->defaults.blockio_accounting; + cc->memory_accounting = u->manager->defaults.memory_accounting; ++ cc->cpuset_accounting = u->manager->defaults.cpuset_accounting; + cc->tasks_accounting = u->manager->defaults.tasks_accounting; + cc->ip_accounting = u->manager->defaults.ip_accounting; + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 4ee9706..a8f493e 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -566,7 +566,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "BlockIOAccounting", + "TasksAccounting", + "IPAccounting", +- "CoredumpReceive")) ++ "CoredumpReceive", ++ "CPUSetAccounting", ++ "CPUSetCloneChildren", ++ "CPUSetMemMigrate")) + return bus_append_parse_boolean(m, field, eq); + + if (STR_IN_SET(field, "CPUWeight", +@@ -672,6 +675,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + return bus_append_parse_size(m, field, eq, 1024); + } + ++ if (STR_IN_SET(field, "CPUSetCpus", "CPUSetMems")) { ++ if (string_isvalid_interval(eq) == 0 || streq(eq, "all")) ++ r = sd_bus_message_append(m, "(sv)", field, "s", eq); ++ else ++ r = -EINVAL; ++ if (r < 0) ++ return bus_log_create_error(r); ++ return 1; ++ } ++ + if (streq(field, "CPUQuota")) { + if (isempty(eq)) + r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); +diff --git a/src/shared/cpu-set-util.c b/src/shared/cpu-set-util.c +index d096576..356a46a 100644 +--- a/src/shared/cpu-set-util.c ++++ b/src/shared/cpu-set-util.c +@@ -7,6 +7,7 @@ + + #include "alloc-util.h" + #include "cpu-set-util.h" ++#include "cgroup-util.h" + #include "dirent-util.h" + #include "errno-util.h" + #include "extract-word.h" +diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c +index bfc8fac..37ec6d6 100644 +--- a/src/test/test-cgroup-mask.c ++++ b/src/test/test-cgroup-mask.c +@@ -55,6 +55,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { + * else. */ + m->defaults.cpu_accounting = + m->defaults.memory_accounting = ++ m->defaults.cpuset_accounting = + m->defaults.blockio_accounting = + m->defaults.io_accounting = + m->defaults.tasks_accounting = false; +@@ -140,10 +141,10 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { + + TEST(cg_mask_to_string) { + test_cg_mask_to_string_one(0, NULL); +- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); ++ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); + test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); + test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); +- test_cg_mask_to_string_one(CGROUP_MASK_CPUSET, "cpuset"); ++ test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2"); + test_cg_mask_to_string_one(CGROUP_MASK_IO, "io"); + test_cg_mask_to_string_one(CGROUP_MASK_BLKIO, "blkio"); + test_cg_mask_to_string_one(CGROUP_MASK_MEMORY, "memory"); +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 4bdc48a..0e953f2 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -52,6 +52,11 @@ BusName= + CoredumpFilter= + CPUAccounting= + CPUQuota= ++CPUSetAccounting= ++CPUSetCloneChildren= ++CPUSetCpus= ++CPUSetMemMigrate= ++CPUSetMems= + CPUShares= + CPUWeight= + CapabilityBoundingSet= +-- +2.41.0 + diff --git a/core-cgroup-support-default-slice-for-all-uni.patch b/core-cgroup-support-default-slice-for-all-uni.patch new file mode 100644 index 0000000000000000000000000000000000000000..ecfbf54018c443207e3a46ef954f498cd1605de0 --- /dev/null +++ b/core-cgroup-support-default-slice-for-all-uni.patch @@ -0,0 +1,217 @@ +From a25f206a49d8a3111ac42791b2eca8a3c9af4991 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 6 May 2021 09:38:55 +0800 +Subject: [PATCH] core-cgroup: support default slice for all units. + +With this patch, users can specify a default slice for all units by +adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf. +--- + src/core/main.c | 22 +++++++++++ + src/core/manager.h | 3 ++ + src/core/unit.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- + 3 files changed, 115 insertions(+), 8 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index c4379cf..e9f56fa 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -147,6 +147,7 @@ static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static CPUSet arg_cpu_affinity; + static NUMAPolicy arg_numa_policy; ++static char *arg_default_unit_slice = NULL; + static usec_t arg_clock_usec; + static void *arg_random_seed; + static size_t arg_random_seed_size; +@@ -688,6 +689,7 @@ static int parse_config_file(void) { + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_defaults.oom_policy }, + { "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL }, ++ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, + { "Manager", "ReloadLimitIntervalSec", config_parse_sec, 0, &arg_reload_limit_interval_sec }, + { "Manager", "ReloadLimitBurst", config_parse_unsigned, 0, &arg_reload_limit_burst }, + #if ENABLE_SMACK +@@ -756,6 +758,26 @@ static void set_manager_defaults(Manager *m) { + r = manager_transient_environment_add(m, arg_default_environment); + if (r < 0) + log_warning_errno(r, "Failed to add to transient environment, ignoring: %m"); ++ if (m->default_unit_slice) ++ { ++ free(m->default_unit_slice); ++ m->default_unit_slice = NULL; ++ } ++ ++ if (arg_default_unit_slice) ++ { ++ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strdup(arg_default_unit_slice); ++ if (!default_unit_slice_tmp) ++ log_oom(); ++ ++ m->default_unit_slice = default_unit_slice_tmp; ++ ++ /* free */ ++ free(arg_default_unit_slice); ++ arg_default_unit_slice = NULL; ++ } + } + + static void set_manager_settings(Manager *m) { +diff --git a/src/core/manager.h b/src/core/manager.h +index 6dd1a18..3c954af 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -23,6 +23,7 @@ typedef struct Unit Unit; + + /* Enforce upper limit how many names we allow */ + #define MANAGER_MAX_NAMES 131072 /* 128K */ ++#define DEFAULT_UNIT_NAME_LEN_MAX 32 + + /* On sigrtmin+18, private commands */ + enum { +@@ -481,6 +482,8 @@ struct Manager { + unsigned sigchldgen; + unsigned notifygen; + ++ char *default_unit_slice; ++ + VarlinkServer *varlink_server; + /* When we're a system manager, this object manages the subscription from systemd-oomd to PID1 that's + * used to report changes in ManagedOOM settings (systemd server - oomd client). When +diff --git a/src/core/unit.c b/src/core/unit.c +index c069018..24d7060 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3545,6 +3545,58 @@ int unit_set_slice(Unit *u, Unit *slice) { + return 1; + } + ++/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */ ++static bool slicename_is_valid(const char *slicename) { ++ const char *str_start = "system-"; ++ const char *str_end = ".slice"; ++ const char *str_tmp = NULL; ++ size_t len_in = 0; ++ size_t len_start = 0; ++ size_t len_end = 0; ++ size_t i = 0; ++ ++ if (isempty(slicename)) ++ return false; ++ ++ len_in = strlen(slicename); ++ len_start = strlen(str_start); ++ len_end = strlen(str_end); ++ ++ if (len_in > DEFAULT_UNIT_NAME_LEN_MAX) ++ return false; ++ ++ if (len_in <= len_start + len_end) ++ return false; ++ ++ /* system- */ ++ if (strncmp(slicename, str_start, len_start) != 0) ++ return false; ++ ++ str_tmp = slicename + len_start; ++ ++ len_in = strlen(str_tmp); ++ if (len_in <= len_end) ++ return false; ++ ++ /* .slice */ ++ if (!strneq(str_tmp + len_in - len_end, str_end, len_end)) ++ return false; ++ ++ /* a b c/A B C...and 0 1 2... */ ++ for (i = 0; i < (len_in - len_end); i++) { ++ char c = *(str_tmp + i); ++ ++ if ((c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9')) ++ continue; ++ else ++ return false; ++ } ++ ++ return true; ++} ++ + int unit_set_default_slice(Unit *u) { + const char *slice_name; + Unit *slice; +@@ -3558,6 +3610,20 @@ int unit_set_default_slice(Unit *u) { + if (UNIT_GET_SLICE(u)) + return 0; + ++ bool isdefaultslice = false; ++ char *default_unit_slice = u->manager->default_unit_slice; ++ ++ if (default_unit_slice) { ++ isdefaultslice = true; ++ ++ if (streq(default_unit_slice, SPECIAL_SYSTEM_SLICE)) ++ isdefaultslice = false; ++ else if (!slicename_is_valid(default_unit_slice)) { ++ log_error("default unit slice is error. slice name '%s' is invalid.", default_unit_slice); ++ isdefaultslice = false; ++ } ++ } ++ + if (u->instance) { + _cleanup_free_ char *prefix = NULL, *escaped = NULL; + +@@ -3575,24 +3641,40 @@ int unit_set_default_slice(Unit *u) { + if (!escaped) + return -ENOMEM; + +- if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = strjoina("system-", escaped, ".slice"); +- else ++ if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) { ++ _cleanup_free_ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strreplace(default_unit_slice, ".slice", "-"); ++ if (!default_unit_slice_tmp) ++ return -ENOMEM; ++ ++ slice_name = strjoina(default_unit_slice_tmp, escaped, ".slice"); ++ } else ++ slice_name = strjoina("system-", escaped, ".slice"); ++ } else + slice_name = strjoina("app-", escaped, ".slice"); + +- } else if (unit_is_extrinsic(u)) ++ } else if (unit_is_extrinsic(u)) { + /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in + * the root slice. They don't really belong in one of the subslices. */ + slice_name = SPECIAL_ROOT_SLICE; +- +- else if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = SPECIAL_SYSTEM_SLICE; +- else ++ isdefaultslice = false; ++ } else if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) ++ slice_name = default_unit_slice; ++ else ++ slice_name = SPECIAL_SYSTEM_SLICE; ++ } else { + slice_name = SPECIAL_APP_SLICE; ++ isdefaultslice = false; ++ } + + r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice); + if (r < 0) + return r; ++ if (isdefaultslice) ++ slice->default_dependencies=false; + + return unit_set_slice(u, slice); + } +-- +2.33.0 + diff --git a/core-cgroup-support-freezer.patch b/core-cgroup-support-freezer.patch new file mode 100644 index 0000000000000000000000000000000000000000..0850851d45c12527e5b131847bdbaafba9fb4a29 --- /dev/null +++ b/core-cgroup-support-freezer.patch @@ -0,0 +1,534 @@ +From 05a0f33b0d0a650b25ce7955a171d725f9c3f5f6 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support freezer. + +This patch add support for freezer subsystem. +--- + meson.build | 2 + + meson_options.txt | 3 ++ + src/basic/cgroup-util.c | 1 + + src/basic/cgroup-util.h | 5 +++ + src/core/cgroup.c | 16 +++++++ + src/core/cgroup.h | 4 ++ + src/core/dbus-cgroup.c | 29 +++++++++++++ + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 2 + + src/core/load-fragment.c | 33 ++++++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 1 + + src/core/manager.c | 2 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 11 +++++ + src/test/meson.build | 3 ++ + src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++ + src/test/test-cgroup-mask.c | 3 +- + .../fuzz-unit-file/directives-all.service | 2 + + 21 files changed, 164 insertions(+), 1 deletion(-) + create mode 100644 src/test/test-cgroup-freezer.c + +diff --git a/meson.build b/meson.build +index 614013b..8712bdb 100644 +--- a/meson.build ++++ b/meson.build +@@ -1582,6 +1582,7 @@ foreach term : ['analyze', + 'efi', + 'environment-d', + 'firstboot', ++ 'freezer-cgv1', + 'gshadow', + 'hibernate', + 'hostnamed', +@@ -2855,6 +2856,7 @@ foreach tuple : [ + ['standalone-binaries', get_option('standalone-binaries')], + ['coverage', get_option('b_coverage')], + ['cpuset-cgv1'], ++ ['freezer-cgv1'], + ] + + if tuple.length() >= 2 +diff --git a/meson_options.txt b/meson_options.txt +index 5fda5d9..b61d99d 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -517,3 +517,6 @@ option('bpf-framework', type : 'feature', deprecated : { 'true' : 'enabled', 'fa + + option('cpuset-cgv1', type : 'boolean', value : 'true', + description : 'enable cgroup v1 cpuset support') ++ ++option('freezer-cgv1', type : 'boolean', value : 'true', ++ description : 'enable cgroup v1 freezer support') +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index abd1f91..3e60488 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2359,6 +2359,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { + [CGROUP_CONTROLLER_DEVICES] = "devices", + [CGROUP_CONTROLLER_PIDS] = "pids", + [CGROUP_CONTROLLER_CPUSET] = "cpuset", ++ [CGROUP_CONTROLLER_FREEZER] = "freezer", + [CGROUP_CONTROLLER_BPF_FIREWALL] = "bpf-firewall", + [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", + [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index dd3df28..4389cce 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -29,6 +29,7 @@ typedef enum CGroupController { + CGROUP_CONTROLLER_DEVICES, /* v1 only */ + CGROUP_CONTROLLER_PIDS, + CGROUP_CONTROLLER_CPUSET, ++ CGROUP_CONTROLLER_FREEZER, + + /* BPF-based pseudo-controllers, v2 only */ + CGROUP_CONTROLLER_BPF_FIREWALL, +@@ -57,6 +58,7 @@ typedef enum CGroupMask { + CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), + CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), + CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), ++ CGROUP_MASK_FREEZER = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_FREEZER), + CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), + CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), + CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), +@@ -67,6 +69,9 @@ typedef enum CGroupMask { + CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS + #if ENABLE_CPUSET_CGV1 + | CGROUP_MASK_CPUSET ++#endif ++#if ENABLE_FREEZER_CGV1 ++ | CGROUP_MASK_FREEZER + #endif + , + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index cd1e97d..3e47f76 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -179,6 +179,7 @@ void cgroup_context_init(CGroupContext *c) { + .startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID, + + .tasks_max = CGROUP_TASKS_MAX_UNSET, ++ .freezer_state = NULL, + + .moom_swap = MANAGED_OOM_AUTO, + .moom_mem_pressure = MANAGED_OOM_AUTO, +@@ -304,6 +305,9 @@ void cgroup_context_done(CGroupContext *c) { + cpu_set_reset(&c->cpuset_mems2); + cpu_set_reset(&c->startup_cpuset_mems2); + ++ if (c->freezer_state) ++ c->freezer_state = mfree(c->freezer_state); ++ + c->delegate_subgroup = mfree(c->delegate_subgroup); + + nft_set_context_clear(&c->nft_set_context); +@@ -542,6 +546,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sBlockIOAccounting: %s\n" + "%sMemoryAccounting: %s\n" + "%sCPUSetAccounting: %s\n" ++ "%sFreezerAccounting=%s\n" + "%sTasksAccounting: %s\n" + "%sIPAccounting: %s\n" + "%sCPUWeight: %" PRIu64 "\n" +@@ -577,6 +582,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sCPUSetCloneChildren=%s\n" + "%sCPUSetMemMigrate=%s\n" + "%sTasksMax: %" PRIu64 "\n" ++ "%sFreezerState=%s\n" + "%sDevicePolicy: %s\n" + "%sDisableControllers: %s\n" + "%sDelegate: %s\n" +@@ -591,6 +597,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), + prefix, yes_no(c->cpuset_accounting), ++ prefix, yes_no(c->freezer_accounting), + prefix, yes_no(c->tasks_accounting), + prefix, yes_no(c->ip_accounting), + prefix, c->cpu_weight, +@@ -626,6 +633,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->cpuset_clone_children), + prefix, yes_no(c->cpuset_memory_migrate), + prefix, cgroup_tasks_max_resolve(&c->tasks_max), ++ prefix, c->freezer_state, + prefix, cgroup_device_policy_to_string(c->device_policy), + prefix, strempty(disable_controllers_str), + prefix, delegate_str, +@@ -1957,6 +1965,11 @@ static void cgroup_context_apply( + } + } + ++ if ((apply_mask & CGROUP_MASK_FREEZER) && !is_local_root) { ++ if (c->freezer_state) ++ (void) set_attribute_and_warn(u, "freezer", "freezer.state", c->freezer_state); ++ } ++ + /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of + * containers, where we leave this to the manager */ + if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && +@@ -2115,6 +2128,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + c->cpuset_mems) + mask |= CGROUP_MASK_CPUSET; + ++ if (c->freezer_accounting || c->freezer_state) ++ mask |= CGROUP_MASK_FREEZER; ++ + if (c->device_allow || + c->device_policy != CGROUP_DEVICE_POLICY_AUTO) + mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 04a7f25..7fb792a 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -135,6 +135,7 @@ struct CGroupContext { + bool blockio_accounting; + bool memory_accounting; + bool cpuset_accounting; ++ bool freezer_accounting; + bool tasks_accounting; + bool ip_accounting; + +@@ -228,6 +229,9 @@ struct CGroupContext { + /* Common */ + CGroupTasksMax tasks_max; + ++ /* Freezer */ ++ char *freezer_state; ++ + /* Settings for systemd-oomd */ + ManagedOOMMode moom_swap; + ManagedOOMMode moom_mem_pressure; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 05fd445..052049c 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -493,6 +493,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), + SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), + SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), ++ SD_BUS_PROPERTY("FreezerAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, freezer_accounting), 0), ++ SD_BUS_PROPERTY("FreezerState", "s", NULL, offsetof(CGroupContext, freezer_state), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), + SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), +@@ -1287,6 +1289,9 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetAccounting")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); + ++ if (streq(name, "FreezerAccounting")) ++ return bus_cgroup_set_boolean(u, name, &c->freezer_accounting, CGROUP_MASK_FREEZER, message, flags, error); ++ + if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { + const char *cpuset_str = NULL; + +@@ -1321,6 +1326,30 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetMemMigrate")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); + ++ if (streq(name, "FreezerState")) { ++ const char *state = NULL; ++ ++ r = sd_bus_message_read(message, "s", &state); ++ if (r < 0) ++ return r; ++ ++ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { ++ unit_invalidate_cgroup(u, CGROUP_MASK_FREEZER); ++ ++ if (c->freezer_state) { ++ free(c->freezer_state); ++ c->freezer_state = NULL; ++ } ++ ++ c->freezer_state = strdup(state); ++ if (!c->freezer_state) ++ return -ENOMEM; ++ ++ unit_write_settingf(u, flags, name, "FreezerState=%s", state); ++ } ++ return 1; ++ } ++ + if (streq(name, "TasksAccounting")) + return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index fc49e7d..0f9d4e8 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -3006,6 +3006,7 @@ const sd_bus_vtable bus_manager_vtable[] = { + SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), ++ SD_BUS_PROPERTY("DefaultFreezerAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.freezer_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 1e46af4..1e5b7ab 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -226,6 +226,8 @@ + {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) + {{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) + {{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) ++{{type}}.FreezerAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.freezer_accounting) ++{{type}}.FreezerState, config_parse_freezer_state, 0, offsetof({{type}}, cgroup_context.freezer_state) + {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) + {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) + {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index cbc75e1..8648fb1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3973,6 +3973,39 @@ int config_parse_cpuset_cpumems( + return 0; + } + ++int config_parse_freezer_state( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ ++ char **freezer_state = data; ++ char *pinstr = NULL; ++ ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ ++ if (!STR_IN_SET(rvalue, "FROZEN", "THAWED")) { ++ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Freezer state '%s' is invalid, Ignoring.", rvalue); ++ return 0; ++ } ++ ++ pinstr = strdup(rvalue); ++ if (!pinstr) ++ return log_oom(); ++ ++ free(*freezer_state); ++ *freezer_state = pinstr; ++ return 0; ++} ++ + int config_parse_tasks_max( + const char *unit, + const char *filename, +diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h +index 0b77c8b..f9ffbf4 100644 +--- a/src/core/load-fragment.h ++++ b/src/core/load-fragment.h +@@ -85,6 +85,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); + CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); + CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); ++CONFIG_PARSER_PROTOTYPE(config_parse_freezer_state); + CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate); + CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup); +diff --git a/src/core/main.c b/src/core/main.c +index de3f536..96b0a11 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -679,6 +679,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting }, + { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting }, ++ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max }, + { "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec }, +diff --git a/src/core/manager.c b/src/core/manager.c +index ef22fed..b29d4e1 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4193,6 +4193,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.cpu_accounting = defaults->cpu_accounting; + m->defaults.memory_accounting = defaults->memory_accounting; + m->defaults.cpuset_accounting = defaults->cpuset_accounting; ++ m->defaults.freezer_accounting = defaults->freezer_accounting; + m->defaults.io_accounting = defaults->io_accounting; + m->defaults.blockio_accounting = defaults->blockio_accounting; + m->defaults.tasks_accounting = defaults->tasks_accounting; +@@ -4963,6 +4964,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + .cpu_accounting = cpu_accounting_is_cheap(), + .memory_accounting = MEMORY_ACCOUNTING_DEFAULT, + .cpuset_accounting = false, ++ .freezer_accounting = false, + .io_accounting = false, + .blockio_accounting = false, + .tasks_accounting = true, +diff --git a/src/core/manager.h b/src/core/manager.h +index e560811..93e9d2a 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -166,6 +166,7 @@ typedef struct UnitDefaults { + bool io_accounting; + bool blockio_accounting; + bool cpuset_accounting; ++ bool freezer_accounting; + bool tasks_accounting; + bool ip_accounting; + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 69ea5d6..dbdc47c 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -58,6 +58,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultCpusetAccounting= ++#DefaultFreezerAccounting=no + #DefaultTasksAccounting=yes + #DefaultTasksMax=80% + #DefaultLimitCPU= +diff --git a/src/core/unit.c b/src/core/unit.c +index 38017d0..c069018 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -189,6 +189,7 @@ static void unit_init(Unit *u) { + cc->blockio_accounting = u->manager->defaults.blockio_accounting; + cc->memory_accounting = u->manager->defaults.memory_accounting; + cc->cpuset_accounting = u->manager->defaults.cpuset_accounting; ++ cc->freezer_accounting = u->manager->defaults.freezer_accounting; + cc->tasks_accounting = u->manager->defaults.tasks_accounting; + cc->ip_accounting = u->manager->defaults.ip_accounting; + +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index a8f493e..6390986 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -568,6 +568,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "IPAccounting", + "CoredumpReceive", + "CPUSetAccounting", ++ "FreezerAccounting", + "CPUSetCloneChildren", + "CPUSetMemMigrate")) + return bus_append_parse_boolean(m, field, eq); +@@ -685,6 +686,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + return 1; + } + ++ if (streq(field, "FreezerState")) { ++ if (STR_IN_SET(eq, "FROZEN", "THAWED")) ++ r = sd_bus_message_append(m, "(sv)", field, "s", eq); ++ else ++ r = -EINVAL; ++ if (r < 0) ++ return bus_log_create_error(r); ++ return 1; ++ } ++ + if (streq(field, "CPUQuota")) { + if (isempty(eq)) + r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); +diff --git a/src/test/meson.build b/src/test/meson.build +index a59461a..a7ca76e 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -484,6 +484,9 @@ executables += [ + 'sources' : files('test-cgroup-mask.c'), + 'dependencies' : common_test_dependencies, + }, ++ core_test_template + { ++ 'sources' : files('test-cgroup-freezer.c'), ++ }, + core_test_template + { + 'sources' : files('test-cgroup-unit-default.c'), + }, +diff --git a/src/test/test-cgroup-freezer.c b/src/test/test-cgroup-freezer.c +new file mode 100644 +index 0000000..a533d16 +--- /dev/null ++++ b/src/test/test-cgroup-freezer.c +@@ -0,0 +1,43 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ ++ ++#include "load-fragment.h" ++#include "string-util.h" ++ ++static void test_config_parse_freezer_state(void) { ++ /* int config_parse_freezer_state( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) */ ++ int r; ++ _cleanup_free_ char *pstate = NULL; ++ ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "FROZEN", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(streq(pstate, "FROZEN")); ++ ++ pstate = mfree(pstate); ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "THAWED", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(streq(pstate, "THAWED")); ++ ++ pstate = mfree(pstate); ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "test", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(!pstate); ++ ++ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "", &pstate, NULL); ++ assert_se(r >= 0); ++ assert_se(!pstate); ++} ++ ++int main(int argc, char *argv[]){ ++ test_config_parse_freezer_state(); ++ return 0; ++} +diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c +index 37ec6d6..e0574d9 100644 +--- a/src/test/test-cgroup-mask.c ++++ b/src/test/test-cgroup-mask.c +@@ -56,6 +56,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { + m->defaults.cpu_accounting = + m->defaults.memory_accounting = + m->defaults.cpuset_accounting = ++ m->defaults.freezer_accounting = + m->defaults.blockio_accounting = + m->defaults.io_accounting = + m->defaults.tasks_accounting = false; +@@ -141,7 +142,7 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { + + TEST(cg_mask_to_string) { + test_cg_mask_to_string_one(0, NULL); +- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); ++ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset freezer bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); + test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); + test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); + test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2"); +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 0e953f2..123c98e 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -115,6 +115,8 @@ FileDescriptorName= + FileDescriptorStoreMax= + ForceUnmount= + FreeBind= ++FreezerAccounting= ++FreezerState= + Group= + GuessMainPID= + IOAccounting= +-- +2.41.0 + diff --git a/core-cgroup-support-memorysw.patch b/core-cgroup-support-memorysw.patch new file mode 100644 index 0000000000000000000000000000000000000000..b219227155e817276a3ddc1a40367b1317d3ac2c --- /dev/null +++ b/core-cgroup-support-memorysw.patch @@ -0,0 +1,186 @@ +From cfb8a3cf09d9a958388ca1181bb92d9f77ab100e Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: [PATCH] core-cgroup: support memorysw + +Upstream systemd dosen't support setting memory.memsw.limit_in_bytes. +This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit. +--- + src/core/cgroup.c | 17 +++++++++++++++-- + src/core/cgroup.h | 1 + + src/core/dbus-cgroup.c | 4 ++++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/load-fragment.c | 2 ++ + src/shared/bus-print-properties.c | 2 +- + src/shared/bus-unit-util.c | 1 + + test/fuzz/fuzz-unit-file/directives-all.service | 1 + + 8 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 9e472ca..9de2283 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -171,6 +171,7 @@ void cgroup_context_init(CGroupContext *c) { + .startup_memory_zswap_max = CGROUP_LIMIT_MAX, + + .memory_limit = CGROUP_LIMIT_MAX, ++ .memory_memsw_limit = CGROUP_LIMIT_MAX, + + .io_weight = CGROUP_WEIGHT_INVALID, + .startup_io_weight = CGROUP_WEIGHT_INVALID, +@@ -577,6 +578,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryZSwapMax: %" PRIu64 "%s\n" + "%sStartupMemoryZSwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" ++ "%sMemoryMemswLimit=%" PRIu64 "\n" + "%sCPUSetCpus=%s\n" + "%sCPUSetMems=%s\n" + "%sCPUSetCloneChildren=%s\n" +@@ -628,6 +630,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"), + prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"), + prefix, c->memory_limit, ++ prefix, c->memory_memsw_limit, + prefix, c->cpuset_cpus, + prefix, c->cpuset_mems, + prefix, yes_no(c->cpuset_clone_children), +@@ -1908,14 +1911,17 @@ static void cgroup_context_apply( + + } else { + char buf[DECIMAL_STR_MAX(uint64_t) + 1]; +- uint64_t val; ++ uint64_t val, sw_val; + + if (unit_has_unified_memory_config(u)) { + val = c->memory_max; ++ sw_val = CGROUP_LIMIT_MAX; + if (val != CGROUP_LIMIT_MAX) + log_cgroup_compat(u, "Applying MemoryMax=%" PRIu64 " as MemoryLimit=", val); +- } else ++ } else { + val = c->memory_limit; ++ sw_val = c->memory_memsw_limit; ++ } + + if (val == CGROUP_LIMIT_MAX) + strncpy(buf, "-1\n", sizeof(buf)); +@@ -1923,6 +1929,12 @@ static void cgroup_context_apply( + xsprintf(buf, "%" PRIu64 "\n", val); + + (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf); ++ ++ if (sw_val == CGROUP_LIMIT_MAX) ++ strncpy(buf, "-1\n", sizeof(buf)); ++ else ++ xsprintf(buf, "%" PRIu64 "\n", sw_val); ++ (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf); + } + } + +@@ -2120,6 +2132,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + + if (c->memory_accounting || + c->memory_limit != CGROUP_LIMIT_MAX || ++ c->memory_memsw_limit != CGROUP_LIMIT_MAX || + unit_has_unified_memory_config(u)) + mask |= CGROUP_MASK_MEMORY; + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 7fb792a..b585fdb 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -219,6 +219,7 @@ struct CGroupContext { + LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths); + + uint64_t memory_limit; ++ uint64_t memory_memsw_limit; + + CGroupDevicePolicy device_policy; + LIST_HEAD(CGroupDeviceAllow, device_allow); +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 052049c..e0a64e4 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -488,6 +488,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), + SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), ++ SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0), + SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), + SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), +@@ -1243,6 +1244,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemoryLimit")) + return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); + ++ if (streq(name, "MemoryMemswLimit")) ++ return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error); ++ + if (streq(name, "MemoryMinScale")) { + r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); + if (r > 0) +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 1e5b7ab..160c891 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -221,6 +221,7 @@ + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) + {{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) + {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 8648fb1..aaf906f 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3891,6 +3891,8 @@ int config_parse_memory_limit( + c->startup_memory_swap_max_set = true; + } else if (streq(lvalue, "MemoryZSwapMax")) + c->memory_zswap_max = bytes; ++ else if (streq(lvalue, "MemoryMemswLimit")) ++ c->memory_memsw_limit = bytes; + else if (streq(lvalue, "StartupMemoryZSwapMax")) { + c->startup_memory_zswap_max = bytes; + c->startup_memory_zswap_max_set = true; +diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c +index 6704e1e..0cded0c 100644 +--- a/src/shared/bus-print-properties.c ++++ b/src/shared/bus-print-properties.c +@@ -164,7 +164,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + + bus_print_property_value(name, expected_value, flags, "[not set]"); + +- else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") && ++ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryMemswLimit") && + u == CGROUP_LIMIT_MAX) || + (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || + (startswith(name, "Limit") && u == UINT64_MAX) || +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 6390986..3f97ada 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -632,6 +632,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "MemorySwapMax", + "MemoryZSwapMax", + "MemoryLimit", ++ "MemoryMemswLimit", + "TasksMax")) { + + if (streq(eq, "infinity")) { +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 123c98e..397b5da 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -166,6 +166,7 @@ MemoryHigh= + MemoryLimit= + MemoryLow= + MemoryMax= ++MemoryMemswLimit= + MemoryPressureThresholdSec= + MemoryPressureWatch= + MemorySwapMax= +-- +2.33.0 + diff --git a/core-update-arg_default_rlimit-in-bump_rlimit.patch b/core-update-arg_default_rlimit-in-bump_rlimit.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b4e32732816fd6792645b594fe30c3b60f199ab --- /dev/null +++ b/core-update-arg_default_rlimit-in-bump_rlimit.patch @@ -0,0 +1,24 @@ +From a80954ddf69d90d3b02ab62fb025534862069dc3 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Wed, 24 Jun 2020 17:23:03 +0800 +Subject: [PATCH] core-update-arg_default_rlimit-in-bump_rlimit + +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index a58f65a..4762669 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -61,7 +61,7 @@ + #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} + #DefaultLimitAS= + #DefaultLimitNPROC= +-#DefaultLimitMEMLOCK=8M ++DefaultLimitMEMLOCK=64M + #DefaultLimitLOCKS= + #DefaultLimitSIGPENDING= + #DefaultLimitMSGQUEUE= +-- +2.23.0 diff --git a/dbus-execute-avoid-extra-strdup.patch b/dbus-execute-avoid-extra-strdup.patch deleted file mode 100644 index 3c0f80ff4640630bf3f4ae6b92dd924cb2b1ecc0..0000000000000000000000000000000000000000 --- a/dbus-execute-avoid-extra-strdup.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 66ca4903ca74604b193802635d36c48b0fcaf291 Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Thu, 2 Jan 2020 19:59:48 +0200 -Subject: [PATCH] dbus-execute: avoid extra strdup() - -bind_mount_add does the strdup(), so we can avoid -strdup()ing the strings. - -https://github.com/systemd/systemd/commit/66ca4903ca74604b193802635d36c48b0fcaf291 - ---- - src/core/dbus-execute.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 2be3db2..abd60ea 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -2370,7 +2370,7 @@ int bus_exec_context_set_transient_property( - return 1; - - } else if (STR_IN_SET(name, "BindPaths", "BindReadOnlyPaths")) { -- const char *source, *destination; -+ char *source, *destination; - int ignore_enoent; - uint64_t mount_flags; - bool empty = true; -@@ -2391,8 +2391,8 @@ int bus_exec_context_set_transient_property( - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts, - &(BindMount) { -- .source = strdup(source), -- .destination = strdup(destination), -+ .source = source, -+ .destination = destination, - .read_only = !!strstr(name, "ReadOnly"), - .recursive = !!(mount_flags & MS_REC), - .ignore_enoent = ignore_enoent, --- -2.19.1 - diff --git a/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch similarity index 64% rename from 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch rename to delay-to-restart-when-a-service-can-not-be-auto-restarted.patch index f45745214ade529976fb4d061059f06533703ab1..d0883d746135c28c5b66ae5958308306fc9c8f35 100644 --- a/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +++ b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch @@ -13,14 +13,14 @@ is same(both with 0), so the STOP job has no chance to be scheduled, and systemd to handle the time task. This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. --- - src/core/service.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) + src/core/service.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/core/service.c b/src/core/service.c -index ad9c028..8217447 100644 +index b9eb40c..47e9d63 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -1716,14 +1716,15 @@ fail: +@@ -2507,13 +2507,20 @@ fail: static void service_enter_restart(Service *s) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; int r; @@ -28,16 +28,20 @@ index ad9c028..8217447 100644 assert(s); - if (UNIT(s)->job && UNIT(s)->job->type == JOB_STOP) { + if (unit_has_job_type(UNIT(s), JOB_STOP)) { /* Don't restart things if we are going down anyway */ - log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); -- -- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); + log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); +- return; + restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; -+ r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); - if (r < 0) - goto fail; ++ r = service_arm_timer(s, /* relative= */ false, usec_add(now(CLOCK_MONOTONIC), restart_usec)); ++ if (r < 0) { ++ log_unit_warning(UNIT(s), "Failed to schedule restart job: %s", bus_error_message(&error, r)); ++ service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false); ++ return; ++ } + } + /* Any units that are bound to this service must also be restarted. We use JOB_START for ourselves -- -1.8.3.1 +2.33.0 diff --git a/delete-journal-files-except-system.journal-when-jour.patch b/delete-journal-files-except-system.journal-when-jour.patch new file mode 100644 index 0000000000000000000000000000000000000000..8379be42cac3590662100028b11c5d2c02ff8155 --- /dev/null +++ b/delete-journal-files-except-system.journal-when-jour.patch @@ -0,0 +1,184 @@ +From 02d47bd2108d46cf9790500a7568a7523df485f9 Mon Sep 17 00:00:00 2001 +From: xujing +Date: Fri, 26 Aug 2022 20:32:37 +0800 +Subject: [PATCH] delete journal files except system.journal when journal~ + is generated + +In the case of time change and system panic, the function of invoking +sd_journal_next to obtain logs may not meet expectations(rsyslog cannot obtain +logs). Therefore, when the journal~ file is generated, delete all journal files +except system.journal, to ensure that the sd_journal_next function meets user +expectations. +--- + meson.build | 2 ++ + src/basic/dirent-util.c | 24 +++++++++++++++++ + src/basic/dirent-util.h | 2 ++ + src/libsystemd/sd-journal/journal-file.c | 34 ++++++++++++++++++++++++ + src/libsystemd/sd-journal/sd-journal.c | 22 --------------- + 5 files changed, 62 insertions(+), 22 deletions(-) + +diff --git a/meson.build b/meson.build +index 7419e2b..4d6ce88 100644 +--- a/meson.build ++++ b/meson.build +@@ -1893,6 +1893,8 @@ basic_includes = include_directories( + 'src/basic', + 'src/fundamental', + 'src/systemd', ++ 'src/libsystemd/sd-id128', ++ 'src/libsystemd/sd-journal', + '.') + + libsystemd_includes = [basic_includes, include_directories( +diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c +index 17df6a2..e362554 100644 +--- a/src/basic/dirent-util.c ++++ b/src/basic/dirent-util.c +@@ -7,6 +7,8 @@ + #include "path-util.h" + #include "stat-util.h" + #include "string-util.h" ++#include "id128-util.h" ++#include "syslog-util.h" + + int dirent_ensure_type(int dir_fd, struct dirent *de) { + STRUCT_STATX_DEFINE(sx); +@@ -65,6 +67,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { + return endswith(de->d_name, suffix); + } + ++bool dirent_is_journal_subdir(const struct dirent *de) { ++ const char *e, *n; ++ assert(de); ++ ++ /* returns true if the specified directory entry looks like a directory that might contain journal ++ * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a ++ * namespace. */ ++ ++ if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) ++ return false; ++ ++ e = strchr(de->d_name, '.'); ++ if (!e) ++ return id128_is_valid(de->d_name); /* No namespace */ ++ ++ n = strndupa(de->d_name, e - de->d_name); ++ if (!id128_is_valid(n)) ++ return false; ++ ++ return log_namespace_name_valid(e + 1); ++} ++ + struct dirent *readdir_ensure_type(DIR *d) { + int r; + +diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h +index 0a2fcbf..de6edb2 100644 +--- a/src/basic/dirent-util.h ++++ b/src/basic/dirent-util.h +@@ -12,6 +12,8 @@ bool dirent_is_file(const struct dirent *de) _pure_; + bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) _pure_; + int dirent_ensure_type(int dir_fd, struct dirent *de); + ++bool dirent_is_journal_subdir(const struct dirent *de); ++ + struct dirent *readdir_ensure_type(DIR *d); + struct dirent *readdir_no_dot(DIR *dirp); + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 93a3717..40347e9 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -40,6 +40,7 @@ + #include "sync-util.h" + #include "user-util.h" + #include "xattr-util.h" ++#include "dirent-util.h" + + #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) + #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) +@@ -4385,8 +4386,35 @@ int journal_file_archive(JournalFile *f, char **ret_previous_path) { + return 0; + } + ++static void delete_dumped_journal_files(const char *path) { ++ _cleanup_closedir_ DIR *d = NULL; ++ ++ d = opendir(path); ++ if (!d) ++ return; ++ ++ FOREACH_DIRENT_ALL(de, d, return) { ++ if (IN_SET(de->d_type, DT_REG, DT_LNK, DT_UNKNOWN) && ++ (endswith(de->d_name, ".journal") || ++ endswith(de->d_name, ".journal~")) && ++ strcmp(de->d_name, "system.journal") != 0) ++ (void) unlinkat_deallocate(dirfd(d), de->d_name, 0); ++ ++ if (dirent_is_journal_subdir(de)) { ++ _cleanup_free_ char *sub_path = NULL; ++ ++ sub_path = path_join(path, de->d_name); ++ if (!sub_path) ++ continue; ++ ++ delete_dumped_journal_files(sub_path); ++ } ++ } ++} ++ + int journal_file_dispose(int dir_fd, const char *fname) { + _cleanup_free_ char *p = NULL; ++ dual_timestamp boot_timestamp; + + assert(fname); + +@@ -4407,6 +4435,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { + if (renameat(dir_fd, fname, dir_fd, p) < 0) + return -errno; + ++ dual_timestamp_now(&boot_timestamp); ++ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { ++ delete_dumped_journal_files("/var/log/journal"); ++ return 0; ++ } ++ + return 0; + } + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 494313d..33334ef 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -1647,28 +1647,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { + endswith(de->d_name, ".journal~"); + } + +-static bool dirent_is_journal_subdir(const struct dirent *de) { +- const char *e, *n; +- assert(de); +- +- /* returns true if the specified directory entry looks like a directory that might contain journal +- * files we might be interested in, i.e. is either a 128-bit ID or a 128-bit ID suffixed by a +- * namespace. */ +- +- if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) +- return false; +- +- e = strchr(de->d_name, '.'); +- if (!e) +- return id128_is_valid(de->d_name); /* No namespace */ +- +- n = strndupa_safe(de->d_name, e - de->d_name); +- if (!id128_is_valid(n)) +- return false; +- +- return log_namespace_name_valid(e + 1); +-} +- + static int directory_open(sd_journal *j, const char *path, DIR **ret) { + DIR *d; + +-- +2.33.0 + diff --git a/disable-initialize_clock.patch b/disable-initialize_clock.patch new file mode 100644 index 0000000000000000000000000000000000000000..6b1afcecf74fec5fe5debe2edc2ae1d594eb6260 --- /dev/null +++ b/disable-initialize_clock.patch @@ -0,0 +1,65 @@ +From fbd28b3b40701f1fda29707dfa09d1e481c4162c Mon Sep 17 00:00:00 2001 +From: hexiaowen +Date: Tue, 9 Jul 2019 19:13:43 +0800 +Subject: [PATCH] delete clock_apply_epoch + +resolved: apply epoch to system time from PID 1 + +For use in timesyncd we already defined a compile-time "epoch" value, which is based on the mtime of the NEWS file, and +specifies a point in time we know lies in the past at runtime. timesyncd uses this to filter out nonsensical timestamp +file data, and bump the system clock to a time that is after the build time of systemd. This patch adds similar bumping +code to earliest PID 1 initialization, so that the system never continues operation with a clock that is in the 1970ies +or even 1930s. we think it is ok when current system time is before build time. + +And, don't restore time when systemd-timesyncd started. + +--- + src/core/main.c | 12 ------------ + src/timesync/timesyncd.c | 8 -------- + 2 files changed, 20 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 4051a91..c6d16b2 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1627,18 +1627,6 @@ static void initialize_clock(void) { + */ + (void) clock_reset_timewarp(); + +- ClockChangeDirection change_dir; +- r = clock_apply_epoch(&change_dir); +- if (r > 0 && change_dir == CLOCK_CHANGE_FORWARD) +- log_info("System time before build time, advancing clock."); +- else if (r > 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_info("System time is further ahead than %s after build time, resetting clock to build time.", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); +- else if (r < 0 && change_dir == CLOCK_CHANGE_FORWARD) +- log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); +- else if (r < 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_error_errno(r, "Current system time is further ahead %s after build time, but cannot correct: %m", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); + } + + static void apply_clock_update(void) { +diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c +index e60742c..efe56fd 100644 +--- a/src/timesync/timesyncd.c ++++ b/src/timesync/timesyncd.c +@@ -121,14 +121,6 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { + if (ct > min) + return 0; + +- /* Not that it matters much, but we actually restore the clock to n+1 here rather than n, simply +- * because we read n as time previously already and we want to progress here, i.e. not report the +- * same time again. */ +- if (clock_settime(CLOCK_REALTIME, TIMESPEC_STORE(min+1)) < 0) { +- log_warning_errno(errno, "Failed to restore system clock, ignoring: %m"); +- return 0; +- } +- + log_struct(LOG_INFO, + "MESSAGE_ID=" SD_MESSAGE_TIME_BUMP_STR, + "REALTIME_USEC=" USEC_FMT, min+1, +-- +2.33.0 + diff --git a/fix-capsh-drop-but-ping-success.patch b/fix-capsh-drop-but-ping-success.patch index b112369900750f67226fc8e0e4d00164069a3254..eb82ea43707ed6cd23083aaae6272d37314e487f 100644 --- a/fix-capsh-drop-but-ping-success.patch +++ b/fix-capsh-drop-but-ping-success.patch @@ -18,12 +18,12 @@ index 41bd1f9..4d9bef8 100644 @@ -36,7 +36,7 @@ net.ipv4.conf.all.promote_secondaries = 1 # #define GID_T_MAX (((gid_t)~0U) >> 1) # That's not so bad because values between 2^31 and 2^32-1 are reserved on - # systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary + # systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary --net.ipv4.ping_group_range = 0 2147483647 +net.ipv4.ping_group_range = 1 0 # Fair Queue CoDel packet scheduler to fight bufferbloat - net.core.default_qdisc = fq_codel + -net.core.default_qdisc = fq_codel -- 1.8.3.1 diff --git a/fix-fd-leak-in-no-memory-condition.patch b/fix-fd-leak-in-no-memory-condition.patch deleted file mode 100644 index 256182bc3adcb3f245c833901a7733397ad5e2cc..0000000000000000000000000000000000000000 --- a/fix-fd-leak-in-no-memory-condition.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 43681c404794341a42ba0a34b9730103f4f2c560 Mon Sep 17 00:00:00 2001 -From: Gaurav -Date: Mon, 8 Apr 2019 10:13:26 +0530 -Subject: [PATCH] Fix fd leak in no memory condition - -In case of no memory situation, fd is not being close. -Please review. - -https://github.com/systemd/systemd/commit/43681c404794341a42ba0a34b9730103f4f2c560.patch - ---- - src/libsystemd/sd-event/sd-event.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 5adbcee..5d0e057 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -900,8 +900,10 @@ _public_ int sd_event_add_io( - assert_return(!event_pid_changed(e), -ECHILD); - - s = source_new(e, !ret, SOURCE_IO); -- if (!s) -+ if (!s) { -+ fd = safe_close(fd); - return -ENOMEM; -+ } - - s->wakeup = WAKEUP_EVENT_SOURCE; - s->io.fd = fd; --- -2.19.1 - diff --git a/1509-fix-journal-file-descriptors-leak-problems.patch b/fix-journal-file-descriptors-leak-problems.patch similarity index 77% rename from 1509-fix-journal-file-descriptors-leak-problems.patch rename to fix-journal-file-descriptors-leak-problems.patch index 8ea3a5cf2cc60ad3555190572099e3de55eea1ba..486699e069680012d23aeea5f55fe9101f1d2706 100644 --- a/1509-fix-journal-file-descriptors-leak-problems.patch +++ b/fix-journal-file-descriptors-leak-problems.patch @@ -8,21 +8,20 @@ of systemd-journald will removed jounal files) before journal directory notify w will not be closed properly. This patch fix this problem by removing and closing these deleted journal files after notify watching is added. --- - src/journal/sd-journal.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) + src/libsystemd/sd-journal/sd-journal.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) -diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c -index 004fe64..8be5481 100644 ---- a/src/journal/sd-journal.c -+++ b/src/journal/sd-journal.c -@@ -1436,6 +1436,18 @@ fail: +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 5728c53..1238652 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -1584,6 +1584,17 @@ fail: log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path); } +static void remove_nonexistent_journal_files(sd_journal *j) { -+ Iterator i; + JournalFile *f = NULL; -+ ORDERED_HASHMAP_FOREACH(f, j->files, i) { ++ ORDERED_HASHMAP_FOREACH(f, j->files) { + if(f->path && access(f->path, F_OK) < 0) { + log_debug("Remove not-existed file from the journal map: %s", f->path); + /*Its OK to remove entry from the hashmap although we are iterating on it.*/ @@ -34,7 +33,7 @@ index 004fe64..8be5481 100644 static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) { int r; -@@ -1464,6 +1476,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) +@@ -1612,6 +1623,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) (void) inotify_rm_watch(j->inotify_fd, m->wd); m->wd = -1; } @@ -48,7 +47,7 @@ index 004fe64..8be5481 100644 + remove_nonexistent_journal_files(j); } - static int add_directory(sd_journal *j, const char *prefix, const char *dirname) { + static int add_directory( -- -1.8.3.1 +2.27.0 diff --git a/fix-two-VF-virtual-machines-have-same-mac-address.patch b/fix-two-VF-virtual-machines-have-same-mac-address.patch index 7c5adce5e290842cdd0ad1c76f4e2068e7e201bc..f7b0335fe784019645127096662256a24b168c66 100644 --- a/fix-two-VF-virtual-machines-have-same-mac-address.patch +++ b/fix-two-VF-virtual-machines-have-same-mac-address.patch @@ -1,4 +1,3 @@ -From 48b21956443a03ac94f29480e213b05b86fcf525 Mon Sep 17 00:00:00 2001 From: fangxiuning Date: Thu, 5 Sep 2019 07:40:41 +0800 Subject: fix two vf virtual machine has same mac address @@ -27,22 +26,20 @@ and "locally administered" bits set. none Keeps the MAC address assigned by the kernel. - - --- network/99-default.link | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/99-default.link b/network/99-default.link -index 347d4b7..54f1f58 100644 +index dc7a42bf58..2b8f46a84c 100644 --- a/network/99-default.link +++ b/network/99-default.link -@@ -12,4 +12,4 @@ OriginalName=* - +@@ -13,4 +13,4 @@ OriginalName=* [Link] NamePolicy=keep kernel database onboard slot path + AlternativeNamesPolicy=database onboard slot path -MACAddressPolicy=persistent +MACAddressPolicy=none -- -1.8.3.1 +2.23.0 diff --git a/fuser-print-umount-message-to-reboot-umount-msg.patch b/fuser-print-umount-message-to-reboot-umount-msg.patch new file mode 100644 index 0000000000000000000000000000000000000000..662a4c6d8c983acee1aff25e8f563a1759cf266a --- /dev/null +++ b/fuser-print-umount-message-to-reboot-umount-msg.patch @@ -0,0 +1,228 @@ +From 224b51420b0e3b62cda4bb16f31c6d28e96c7123 Mon Sep 17 00:00:00 2001 +From: sunshihao +Date: Mon, 25 Jan 2021 14:42:23 +0800 +Subject: [PATCH] fuser: print umount info to /.reboot-umount-msg.log + +The patch tries to save which processes holds the mountpoint +persistently to /.reboot-umount-msg.log, when the system is +suspended during system restart. + +This patch change the value of DefaultDFXReboot that is set in +/etc/systemd/system.conf file from no to yes.The systemd reboot +feature will open when the process start. + +Signed-off-by: sunshihao +Signed-off-by: Zhiqiang Liu +Signed-off-by: lixiaokeng +--- + src/core/fuser.c | 57 +++++++++++++++++++++++++++++++++++++---- + src/core/fuser.h | 3 +++ + src/core/job.c | 38 +++++++++++++++++++++++++++ + src/core/system.conf.in | 2 +- + 4 files changed, 94 insertions(+), 6 deletions(-) + +diff --git a/src/core/fuser.c b/src/core/fuser.c +index e943469..94a0812 100644 +--- a/src/core/fuser.c ++++ b/src/core/fuser.c +@@ -383,6 +383,8 @@ static void print_matches(const struct name *name) { + static char P_cmd_long[MAX_COMM_LEN]; + char cmd_path[PATH_MAX]; + int r = 0; ++ FILE *fp = NULL; ++ int flag = 0; + + if (name == NULL) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, +@@ -390,11 +392,29 @@ static void print_matches(const struct name *name) { + return; + } + ++ /* Write the content in the back of previous one */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "a+"); ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } ++ + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\tUSER\t\tPID\tCOMMAND"); + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "%s:", name->filename); + ++ /* print the umount fail point to the /.reboot-umount-msg.log file */ ++ if (fp != NULL) { ++ if (strlen(name->filename) <= MOUNT_FILE_NAME_MAX_LEN) { ++ fprintf(fp, "%-20s\t", name->filename); ++ } else { ++ fprintf(fp, "%s\n\t\t\t", name->filename); ++ } ++ } ++ + for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { + if (pwent == NULL || pwent->pw_uid != pptr->uid) + pwent = getpwuid(pptr->uid); //get username +@@ -402,7 +422,7 @@ static void print_matches(const struct name *name) { + r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); + if (r <= 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); +- return; ++ goto out; + } + + read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); +@@ -415,22 +435,49 @@ static void print_matches(const struct name *name) { + if (pptr->command == NULL) + continue; + ++ if (flag > 0) { ++ if (fp != NULL) { ++ fprintf(fp, "\t\t\t"); ++ } ++ } else { ++ flag++; ++ } ++ + if (pwent != NULL) { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-d\t%-s\n", pwent->pw_name, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-s\t%-s\n", pwent->pw_name, "kernel", pptr->command); ++ } ++ } + } else { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-u\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-u\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); ++ } ++ } + } + } ++ ++out: ++ if (fp != NULL) { ++ fclose(fp); ++ } + } + + static void free_matched_procs(struct procs *matched_procs) { +diff --git a/src/core/fuser.h b/src/core/fuser.h +index b74b879..2729c9b 100644 +--- a/src/core/fuser.h ++++ b/src/core/fuser.h +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + + #include "manager.h" + +@@ -51,5 +52,7 @@ struct device { + #define MAX_COMM_LEN 1024 + #define PROC_MOUNTS "/proc/mounts" + #define PROC_SWAPS "/proc/swaps" ++#define REBOOT_UMOUNT_FILE_NAME "/.reboot-umount-msg.log" ++#define MOUNT_FILE_NAME_MAX_LEN 20 + + int fuser(const char *dir); +diff --git a/src/core/job.c b/src/core/job.c +index 34513bc..73c992a 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -31,6 +31,8 @@ + #include "mount.h" + #include "process-util.h" + ++bool g_first_print = true; ++ + Job* job_new_raw(Unit *unit) { + Job *j; + +@@ -734,6 +736,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + const char *ident, *format; + int r = 0; + pid_t pid; ++ FILE *fp = NULL; ++ time_t tmpt; ++ struct tm local_time; + + assert(u); + assert(t >= 0); +@@ -835,6 +840,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { + + Mount *m = MOUNT(u); ++ if (g_first_print) { ++ /* Overwrite previous content at the first time */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "w+"); ++ ++ /* Only get the local time once */ ++ tmpt = time(NULL); ++ if (!localtime_r(&tmpt, &local_time)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Get local time failed!"); ++ } ++ } ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (g_first_print && fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } else if (g_first_print) { ++ /* Only do this part one time */ ++ g_first_print = false; ++ ++ if (chmod(REBOOT_UMOUNT_FILE_NAME, S_IRUSR | S_IWUSR)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Set %s file attributes failed!", REBOOT_UMOUNT_FILE_NAME); ++ } ++ ++ fprintf(fp, "reboot time is %d/%d/%d-%d:%d:%d.\n", local_time.tm_year + 1900, ++ local_time.tm_mon + 1, local_time.tm_mday, local_time.tm_hour, ++ local_time.tm_min, local_time.tm_sec); ++ ++ fprintf(fp, "\n\t\t\tUSER\t\tPID\tCOMMAND\n"); ++ fclose(fp); ++ } ++ + + r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); + if (r < 0) { +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 3495b8e..74a25ce 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -80,7 +80,7 @@ DefaultLimitMEMLOCK=64M + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop +-#DefaultDFXReboot=no ++DefaultDFXReboot=yes + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= +-- +2.33.0 + diff --git a/journal-don-t-enable-systemd-journald-audit.socket-b.patch b/journal-don-t-enable-systemd-journald-audit.socket-b.patch deleted file mode 100644 index bdb9129b23351e99f83f56d8a2383c4caec5157c..0000000000000000000000000000000000000000 --- a/journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 7a650ee8d3faf79fd5ef866b69741880a3a42b8d Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Thu, 2 May 2019 14:11:54 +0200 -Subject: [PATCH] journal: don't enable systemd-journald-audit.socket - by default - -Resolves: #1699287 - ---- - units/systemd-journald.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 089bc38..7436619 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -31,7 +31,7 @@ RestrictAddressFamilies=AF_UNIX AF_NETLINK - RestrictNamespaces=yes - RestrictRealtime=yes - RestrictSUIDSGID=yes --Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket -+Sockets=systemd-journald.socket systemd-journald-dev-log.socket - StandardOutput=null - SystemCallArchitectures=native - SystemCallErrorNumber=EPERM --- -2.19.1 - diff --git a/journal-don-t-enable-systemd-journald-audit.socket.patch b/journal-don-t-enable-systemd-journald-audit.socket.patch new file mode 100644 index 0000000000000000000000000000000000000000..e51f64d750c221197a0c7127914adc81e15a2818 --- /dev/null +++ b/journal-don-t-enable-systemd-journald-audit.socket.patch @@ -0,0 +1,24 @@ +From 7a650ee8d3faf79fd5ef866b69741880a3a42b8d Mon Sep 17 00:00:00 2001 +From: Jan Synacek +Date: Thu, 2 May 2019 14:11:54 +0200 +Subject: [PATCH] journal: don't enable systemd-journald-audit.socket + +--- + presets/90-systemd.preset | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset +index 2b8db9d..25936d8 100644 +--- a/presets/90-systemd.preset ++++ b/presets/90-systemd.preset +@@ -24,7 +24,6 @@ enable systemd-homed.service + enable systemd-userdbd.socket + enable systemd-pstore.service + enable systemd-boot-update.service +-enable systemd-journald-audit.socket + + disable console-getty.service + disable debug-shell.service +-- +2.33.0 + diff --git a/keep-weight-consistent-with-the-set-value.patch b/keep-weight-consistent-with-the-set-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..24c3e99512a7957362e6f995cb627f20b003bb65 --- /dev/null +++ b/keep-weight-consistent-with-the-set-value.patch @@ -0,0 +1,36 @@ +From 7424b6c0f38d4a32fd96e74d7078707c026c6c66 Mon Sep 17 00:00:00 2001 +From: wangyuhang +Date: Thu, 9 Jun 2022 20:10:50 +0800 +Subject: [PATCH] keep weight consistent with the set value + +--- + src/core/cgroup.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4cac3f6..f6ae2ab 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1392,7 +1392,8 @@ static void set_io_weight(Unit *u, uint64_t weight) { + + assert(u); + +- (void) set_bfq_weight(u, "io", makedev(0, 0), weight); ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + + xsprintf(buf, "default %" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "io", "io.weight", buf); +@@ -1403,7 +1404,8 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { + + assert(u); + +- (void) set_bfq_weight(u, "blkio", makedev(0, 0), weight); ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); + + xsprintf(buf, "%" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); +-- +2.33.0 + diff --git a/let-the-child-of-one-unit-don-t-affect-each-other.patch b/let-the-child-of-one-unit-don-t-affect-each-other.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c8c4ea540added04d80ecaf98c8e4b7bd711fcc --- /dev/null +++ b/let-the-child-of-one-unit-don-t-affect-each-other.patch @@ -0,0 +1,83 @@ +From 8c9de291f2b782f5d7d40447f08553b5e325a34d Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Fri, 19 Mar 2021 01:29:01 +0800 +Subject: [PATCH] let the child of one unit don't affect each other. +This should only be used for .slice unit in the [Unit] section. +To reproduce the problem resolved by this patch, try the following steps: +1. start service A in a slice; +2. change the cgroup property by "echo 512 > service_a/cpu.shares"; +3. systemctl daemon-reload; +4. start service B in a slice; +5. check the cgroup property by "cat service_a/cpu.shares"; +With this directive enabled, the value will stay as 512; if disabled, +if will be restored to the default value of systemd. Defaults to "no". + +--- + src/core/cgroup.c | 3 +++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/unit-serialize.c | 2 ++ + src/core/unit.h | 2 ++ + 4 files changed, 8 insertions(+) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4eedaf7..ab6d602 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2618,6 +2618,9 @@ void unit_add_family_to_cgroup_realize_queue(Unit *u) { + + UNIT_FOREACH_DEPENDENCY(m, u, UNIT_ATOM_SLICE_OF) { + ++ if (u->independent_child) ++ continue; ++ + /* No point in doing cgroup application for units without active processes. */ + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) + continue; +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 0702aa0..76b1217 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -286,6 +286,7 @@ Unit.JoinsNamespaceOf, config_parse_unit_deps, + Unit.RequiresOverridable, config_parse_obsolete_unit_deps, UNIT_REQUIRES, 0 + Unit.RequisiteOverridable, config_parse_obsolete_unit_deps, UNIT_REQUISITE, 0 + Unit.RequiresMountsFor, config_parse_unit_requires_mounts_for, 0, 0 ++Unit.IndependentChild, config_parse_bool, 0, offsetof(Unit, independent_child) + Unit.StopWhenUnneeded, config_parse_bool, 0, offsetof(Unit, stop_when_unneeded) + Unit.RefuseManualStart, config_parse_bool, 0, offsetof(Unit, refuse_manual_start) + Unit.RefuseManualStop, config_parse_bool, 0, offsetof(Unit, refuse_manual_stop) +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index f3b3e70..b818181 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -801,6 +801,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + if (u->load_state == UNIT_LOADED) { + + fprintf(f, ++ "%s\tIndependentChild:%s\n" + "%s\tStopWhenUnneeded: %s\n" + "%s\tRefuseManualStart: %s\n" + "%s\tRefuseManualStop: %s\n" +@@ -808,6 +809,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + "%s\tOnSuccessJobMode: %s\n" + "%s\tOnFailureJobMode: %s\n" + "%s\tIgnoreOnIsolate: %s\n", ++ prefix, yes_no(u->independent_child), + prefix, yes_no(u->stop_when_unneeded), + prefix, yes_no(u->refuse_manual_start), + prefix, yes_no(u->refuse_manual_stop), +diff --git a/src/core/unit.h b/src/core/unit.h +index cb85dfc..439714a 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -350,6 +350,8 @@ typedef struct Unit { + sd_id128_t invocation_id; + char invocation_id_string[SD_ID128_STRING_MAX]; /* useful when logging */ + ++ bool independent_child; ++ + /* Garbage collect us we nobody wants or requires us anymore */ + bool stop_when_unneeded; + +-- +2.27.0 + diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/logind-set-RemoveIPC-to-false-by-default.patch index 846e34ee1e0028aadec3470466cea9f0717474e5..6474aaca716ad00409a89f3100647213fe4bbbbb 100644 --- a/logind-set-RemoveIPC-to-false-by-default.patch +++ b/logind-set-RemoveIPC-to-false-by-default.patch @@ -11,23 +11,23 @@ Resolves: #1523233 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/logind.conf.xml b/man/logind.conf.xml -index 4cbfd09..c6ff5c3 100644 +index 72f657c..0b5c060 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml -@@ -327,7 +327,7 @@ +@@ -363,7 +363,7 @@ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users -- are excluded from the effect of this setting. Defaults to yes. -+ are excluded from the effect of this setting. Defaults to no. - +- are excluded from the effect of this setting. Defaults to yes. ++ are excluded from the effect of this setting. Defaults to no. - + + diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 1d21e90..2ac7860 100644 +index f15008e..08ee25c 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c -@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) { +@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) { m->n_autovts = 6; m->reserve_vt = 6; @@ -37,17 +37,18 @@ index 1d21e90..2ac7860 100644 m->user_stop_delay = 10 * USEC_PER_SEC; diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 1029e29..c7346f9 100644 +index e5fe924..ead4fda 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in -@@ -32,6 +32,6 @@ - #IdleAction=ignore +@@ -45,7 +45,7 @@ #IdleActionSec=30min #RuntimeDirectorySize=10% + #RuntimeDirectoryInodesMax= -#RemoveIPC=yes +#RemoveIPC=no #InhibitorsMax=8192 #SessionsMax=8192 + #StopIdleSessionSec=infinity -- -2.19.1 +2.33.0 diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch index 5b2f120dcb90eb5c02125f7df08fad321dcfa15d..135f46b611e90c82631c93c1d127258a795c8ff3 100644 --- a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -1,50 +1,48 @@ -From bb46b12cbb84411e378cd45f2ac320a9ce53551c Mon Sep 17 00:00:00 2001 +From ad2da19e1e80a9ab9d0dfae17a74f5009e4d1898 Mon Sep 17 00:00:00 2001 From: openEuler Buildteam Date: Tue, 10 Mar 2020 21:01:43 +0800 Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value --- man/systemd-system.conf.xml | 2 +- - src/basic/cgroup-util.h | 4 ++-- + src/core/manager.c | 2 +- src/core/system.conf.in | 2 +- units/user-.slice.d/10-defaults.conf | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) + 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index e403fa5..afd51ed 100644 +index 3c06b65..72f366e 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml -@@ -360,7 +360,7 @@ +@@ -501,7 +501,7 @@ Configure the default value for the per-unit TasksMax= setting. See systemd.resource-control5 for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller -+ of slice units. Defaults to 80%, which equals 26214 with the kernel's defaults on the host, but might be smaller - in OS containers. - +- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= ++ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. + For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, +diff --git a/src/core/manager.c b/src/core/manager.c +index 45c8966..ce20d6b 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -114,7 +114,7 @@ + /* How many units and jobs to process of the bus queue before returning to the event loop. */ + #define MANAGER_BUS_MESSAGE_BUDGET 100U -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index a39ab45..f2f2c09 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -128,8 +128,8 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) { - } +-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */ - /* Default resource limits */ --#define DEFAULT_TASKS_MAX_PERCENTAGE 15U /* 15% of PIDs, 4915 on default settings */ --#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */ -+#define DEFAULT_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 4915 on default settings */ -+#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 80U /* 80% of PIDs, 10813 on default settings */ - - typedef enum CGroupUnified { - CGROUP_UNIFIED_UNKNOWN = -1, + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); + static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index 8112125..9e75b14 100644 +index 05eb681..472d1ca 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -51,7 +51,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@ +@@ -58,7 +58,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} #DefaultTasksAccounting=yes -#DefaultTasksMax=15% +#DefaultTasksMax=80% @@ -52,15 +50,15 @@ index 8112125..9e75b14 100644 #DefaultLimitFSIZE= #DefaultLimitDATA= diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf -index c81a00e..3b14c35 100644 +index f688eac..20c39ec 100644 --- a/units/user-.slice.d/10-defaults.conf +++ b/units/user-.slice.d/10-defaults.conf -@@ -14,4 +14,4 @@ After=systemd-user-sessions.service +@@ -13,4 +13,4 @@ Documentation=man:user@.service(5) StopWhenUnneeded=yes [Slice] -TasksMax=33% +TasksMax=80% -- -1.8.3.1 +2.33.0 diff --git a/print-the-process-status-to-console-when-shutdown.patch b/print-the-process-status-to-console-when-shutdown.patch new file mode 100644 index 0000000000000000000000000000000000000000..1669236b5890255d7450f308f0fe49fdb4cb4390 --- /dev/null +++ b/print-the-process-status-to-console-when-shutdown.patch @@ -0,0 +1,1280 @@ +From 5966f7a3b90ee25f23182e9320621a8477a40a51 Mon Sep 17 00:00:00 2001 +From: jiangchuangang +Date: Thu, 2 Sep 2021 12:14:19 +0800 +Subject: [PATCH] print process status to console when shutdown + +--- + src/basic/getopt-defs.h | 6 +- + src/basic/process-util.c | 58 ++++ + src/basic/process-util.h | 2 + + src/core/fuser.c | 506 +++++++++++++++++++++++++++++++++ + src/core/fuser.h | 55 ++++ + src/core/job.c | 36 +++ + src/core/main.c | 10 +- + src/core/manager.c | 4 + + src/core/manager.h | 2 + + src/core/meson.build | 1 + + src/core/system.conf.in | 1 + + src/shutdown/meson.build | 13 + + src/shutdown/process-status.c | 143 ++++++++++ + src/shutdown/process-status.h | 24 ++ + src/shutdown/shutdown.c | 43 +++ + src/shutdown/umount.c | 5 + + src/test/meson.build | 25 ++ + src/test/test-fuser.c | 14 + + src/test/test-process-status.c | 10 + + 19 files changed, 953 insertions(+), 5 deletions(-) + create mode 100644 src/core/fuser.c + create mode 100644 src/core/fuser.h + create mode 100644 src/shutdown/process-status.c + create mode 100644 src/shutdown/process-status.h + create mode 100644 src/test/test-fuser.c + create mode 100644 src/test/test-process-status.c + +diff --git a/src/basic/getopt-defs.h b/src/basic/getopt-defs.h +index 3efeb6d..dfd17b5 100644 +--- a/src/basic/getopt-defs.h ++++ b/src/basic/getopt-defs.h +@@ -37,7 +37,8 @@ + + #define SHUTDOWN_GETOPT_ARGS \ + ARG_EXIT_CODE, \ +- ARG_TIMEOUT ++ ARG_TIMEOUT, \ ++ ARG_DFX_REBOOT + + #define COMMON_GETOPT_OPTIONS \ + { "log-level", required_argument, NULL, ARG_LOG_LEVEL }, \ +@@ -72,4 +73,5 @@ + + #define SHUTDOWN_GETOPT_OPTIONS \ + { "exit-code", required_argument, NULL, ARG_EXIT_CODE }, \ +- { "timeout", required_argument, NULL, ARG_TIMEOUT } ++ { "timeout", required_argument, NULL, ARG_TIMEOUT }, \ ++ { "dfx-reboot", required_argument, NULL, ARG_DFX_REBOOT } +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 201c559..4e93c9b 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -2060,3 +2060,61 @@ static const char* const sched_policy_table[] = { + }; + + DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); ++ ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep) { ++ char path[PATH_MAX]; ++ _cleanup_close_ int fd = 0; ++ int len = 0; ++ unsigned n = 0; ++ ++ if (sz <= 0) ++ return 0; ++ ++ if (sz >= INT_MAX) ++ sz = INT_MAX-1; ++ ++ dst[0] = '\0'; ++ ++ len = snprintf(path, sizeof(path), "%s/%s", whom, what); ++ if (len <= 0 || (size_t)len >= sizeof(path)) ++ return 0; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) ++ return 0; ++ ++ for (;;) { ++ ssize_t r = read(fd, dst+n, sz-n); ++ ++ if (r == -1) { ++ if (errno == EINTR) ++ continue; ++ break; ++ } ++ ++ if (r <= 0) ++ break; ++ n += r; ++ ++ if (n == sz) { ++ --n; ++ break; ++ } ++ } ++ ++ if (n) { ++ unsigned i = n; ++ ++ while (i && dst[i-1] == '\0') ++ --i; ++ ++ while (i--) ++ if (dst[i] == '\n' || dst[i] == '\0') dst[i] = sep; ++ ++ if (dst[n-1] == ' ') ++ dst[n-1] = '\0'; ++ } ++ ++ dst[n] = '\0'; ++ return n; ++} +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index af6cba1..060c0c2 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -218,6 +218,8 @@ int setpriority_closest(int priority); + + _noreturn_ void freeze(void); + ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep); ++ + int get_process_threads(pid_t pid); + + int is_reaper_process(void); +diff --git a/src/core/fuser.c b/src/core/fuser.c +new file mode 100644 +index 0000000..e943469 +--- /dev/null ++++ b/src/core/fuser.c +@@ -0,0 +1,506 @@ ++#include "fuser.h" ++#include "process-util.h" ++ ++static int parse_dir(struct name *this_name, struct inode *match_inode) { ++ if ((this_name == NULL) || (match_inode == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse dir."); ++ return -1; ++ } ++ ++ if (stat(this_name->filename, &this_name->st) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't stat dir %s.", this_name->filename); ++ return -1; ++ } ++ ++ match_inode->name = this_name; ++ match_inode->device = this_name->st.st_dev; ++ match_inode->inode = this_name->st.st_ino; ++ ++ return 0; ++} ++ ++static int parse_mounts(struct name *this_name, struct device *match_device) { ++ if ((this_name == NULL) && (match_device == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse mounts."); ++ return -1; ++ } ++ ++ match_device->name = this_name; ++ ++ if (S_ISBLK(this_name->st.st_mode)) ++ match_device->device = this_name->st.st_rdev; ++ else ++ match_device->device = this_name->st.st_dev; ++ ++ return 0; ++} ++ ++static uid_t getpiduid(const pid_t pid) { ++ char pathname[PATH_MAX]; ++ struct stat st; ++ int r = 0; ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in getpiduid."); ++ return 0; ++ } ++ ++ if (stat(pathname, &st) != 0) ++ return 0; ++ ++ return st.st_uid; ++} ++ ++static struct stat *get_pidstat(const pid_t pid) { ++ char pathname[PATH_MAX]; ++ struct stat *st = NULL; ++ int r = 0; ++ ++ st = (struct stat *)malloc(sizeof(struct stat)); ++ if (st == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Malloc failed in get_pidstat."); ++ return NULL; ++ } ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d/cwd", pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in get_pidstat."); ++ return NULL; ++ } ++ ++ if (stat(pathname, st) != 0) { ++ free(st); ++ return NULL; ++ } ++ ++ return st; ++} ++ ++static void add_matched_proc(struct name *name, const pid_t pid, const uid_t uid) { ++ struct procs *pptr = NULL; ++ struct procs *last_proc = NULL; ++ char pathname[PATH_MAX]; ++ char cmdname[CMD_NAME_LEN + 1]; ++ char *cptr = NULL; ++ int cmdlen = 0; ++ FILE *fp = NULL; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be NULL."); ++ return; ++ } ++ ++ //find out wheather the pid already in pptr->pid ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ last_proc = pptr; ++ ++ if (pptr->pid == pid) ++ return; ++ } ++ ++ pptr = (struct procs *)malloc(sizeof(struct procs)); ++ if (pptr == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't malloc in add_matched_proc."); ++ return; ++ } ++ ++ pptr->pid = pid; ++ pptr->uid = uid; ++ pptr->username = NULL; ++ pptr->next = NULL; ++ pptr->command = NULL; ++ ++ if ((snprintf(pathname, sizeof(pathname), "/proc/%d/stat", pid) > 0) && ++ ((fp = fopen(pathname, "r")) != NULL) && (fscanf(fp, "%*d (%100[^)]", cmdname) == 1)) { ++ pptr->command = (char *)malloc(COMM_LEN + 1); ++ ++ if (pptr->command != NULL) { ++ cmdlen = 0; ++ ++ for (cptr = cmdname; cmdlen < COMM_LEN && *cptr; cptr++) { ++ if (isprint(*cptr)) { ++ pptr->command[cmdlen++] = *cptr; ++ } else if (cmdlen < (COMM_LEN - 4)) { ++ cmdlen += sprintf(&(pptr->command[cmdlen]), "\\%03o", (unsigned int)*cptr); ++ } ++ } ++ ++ pptr->command[cmdlen] = '\0'; ++ } ++ } ++ ++ if (last_proc == NULL) ++ name->matched_procs = pptr; ++ else ++ last_proc->next = pptr; ++ ++ if (fp) ++ fclose(fp); ++} ++ ++static void check_dir(const pid_t pid, const char *dirname, const struct device *dev, ++ const struct inode *ino, const uid_t uid) { ++ DIR *dirp = NULL; ++ dev_t thedev; ++ struct dirent *direntry = NULL; ++ struct stat st; ++ char dirpath[PATH_MAX]; ++ char filepath[PATH_MAX]; ++ int r = 0; ++ ++ if (dirname == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Dirname is NULL."); ++ return; ++ } ++ ++ r = snprintf(dirpath, sizeof(dirpath), "/proc/%d/%s", pid, dirname); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in check_dir."); ++ return; ++ } ++ ++ dirp = opendir(dirpath); ++ if (dirp == NULL) ++ return; ++ ++ while ((direntry = readdir(dirp)) != NULL) { ++ if (direntry->d_name[0] < '0' || direntry->d_name[0] > '9') ++ continue; ++ ++ snprintf(filepath, sizeof(filepath), "/proc/%d/%s/%s", ++ pid, dirname, direntry->d_name); ++ ++ if (stat(filepath, &st) != 0) ++ continue; ++ ++ thedev = st.st_dev; ++ ++ if ((dev != NULL) && (thedev == dev->device)) { ++ add_matched_proc(dev->name, pid, uid); ++ } ++ ++ if ((ino != NULL) && (thedev == ino->device)) { ++ if (st.st_ino == ino->inode) { ++ add_matched_proc(ino->name, pid, uid); ++ } ++ } ++ } //end while ++ ++ closedir(dirp); ++} ++ ++static int scan_procs(const struct name *name, const struct inode *ino, const struct device *dev) { ++ DIR *topproc_dir = NULL; ++ struct dirent *topproc_dent = NULL; ++ pid_t pid; ++ pid_t my_pid; ++ uid_t uid; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in scan_procs."); ++ return -1; ++ } ++ ++ if ((ino == NULL) && (dev == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Ino and dev should not be NULL in scan_procs."); ++ return -1; ++ } ++ ++ topproc_dir = opendir("/proc"); ++ if (topproc_dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open dir proc."); ++ return -1; ++ } ++ ++ my_pid = getpid(); ++ ++ while ((topproc_dent = readdir(topproc_dir)) != NULL) { ++ dev_t scan_dev; ++ struct stat *st = NULL; ++ ++ /* Not a process */ ++ if ((topproc_dent->d_name[0] < '0') || (topproc_dent->d_name[0] > '9')) ++ continue; ++ ++ pid = atoi(topproc_dent->d_name); ++ if (pid == my_pid) ++ continue; ++ ++ uid = getpiduid(pid); ++ ++ st = get_pidstat(pid); ++ scan_dev = st ? st->st_dev : 0; ++ ++ if ((dev != NULL) && (scan_dev == dev->device)) ++ add_matched_proc(dev->name, pid, uid); ++ ++ if ((ino != NULL) && (scan_dev == ino->device)) { ++ if (!st) ++ st = get_pidstat(pid); ++ ++ if (st && (st->st_dev == ino->device) && (st->st_ino == ino->inode)) ++ add_matched_proc(ino->name, pid, uid); ++ } ++ ++ if (st) ++ free(st); ++ ++ check_dir(pid, "fd", dev, ino, uid); ++ } // end while ++ ++ closedir(topproc_dir); ++ return 0; ++} ++ ++static void add_special_proc(struct name *name, const uid_t uid, const char *command) { ++ struct procs *pptr = NULL; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in add_special_proc."); ++ return; ++ } ++ ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ if (pptr->command != NULL && strcmp(pptr->command, command) == 0) ++ return; ++ } ++ ++ if ((pptr = malloc(sizeof(struct procs))) == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't allocate memory for add_special_proc() proc"); ++ return; ++ } ++ ++ pptr->pid = 0; ++ pptr->uid = uid; ++ pptr->next = name->matched_procs; ++ pptr->command = strdup(command); ++ ++ name->matched_procs = pptr; ++} ++ ++static void scan_mounts_and_swaps(const struct name *name, const struct inode *ino, ++ const struct device *dev, const char *file) { ++ FILE *fp = NULL; ++ char line[PATH_MAX]; ++ char *find_mountp = NULL; ++ char *find_space_mounts = NULL; ++ char *find_space_swaps = NULL; ++ struct stat st; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in scan_mounts_and_swaps."); ++ return; ++ } ++ ++ if ((ino == NULL) && (dev == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Ino and dev should not be null in scan_mounts_and_swaps."); ++ return; ++ } ++ ++ fp = fopen(file, "r"); ++ if (fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open file %s", file); ++ return; ++ } ++ ++ while (fgets(line, PATH_MAX, fp) != NULL) { ++ if (strcmp(file, PROC_MOUNTS) == 0) { ++ if ((find_mountp = strchr(line, ' ')) == NULL) ++ continue; ++ ++ find_mountp++; ++ ++ find_space_mounts = strchr(find_mountp, ' '); ++ if (find_space_mounts == NULL) ++ continue; ++ ++ *find_space_mounts = '\0'; ++ ++ if (stat(find_mountp, &st) != 0) ++ continue; ++ } else { ++ find_space_swaps = strchr(line, ' '); ++ if (find_space_swaps == NULL) ++ continue; ++ ++ *find_space_swaps = '\0'; ++ find_space_swaps++; ++ ++ while (*find_space_swaps == ' ') { ++ find_space_swaps++; ++ ++ if (*find_space_swaps == '\0') ++ continue; ++ } ++ ++ if (stat(line, &st) != 0) { ++ continue; ++ } ++ } ++ ++ if ((dev != NULL) && (st.st_dev == dev->device)) { ++ if (strcmp(file, PROC_MOUNTS) == 0) ++ add_special_proc(dev->name, 0, find_mountp); ++ ++ if (strcmp(file, PROC_SWAPS) == 0) ++ add_special_proc(dev->name, 0, line); ++ } ++ ++ if ((ino != NULL) && (st.st_dev == ino->device) && (st.st_ino == ino->inode)) { ++ if (strcmp(file, PROC_MOUNTS) == 0) ++ add_special_proc(ino->name, 0, find_mountp); ++ ++ if (strcmp(file, PROC_SWAPS) == 0) ++ add_special_proc(ino->name, 0, line); ++ } ++ } // end while ++ ++ fclose(fp); ++} ++ ++static void print_matches(const struct name *name) { ++ struct procs *pptr = NULL; ++ struct passwd *pwent = NULL; ++ static char P_cmd_long[MAX_COMM_LEN]; ++ char cmd_path[PATH_MAX]; ++ int r = 0; ++ ++ if (name == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Name should not be null in print_matches."); ++ return; ++ } ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\tUSER\t\tPID\tCOMMAND"); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s:", name->filename); ++ ++ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { ++ if (pwent == NULL || pwent->pw_uid != pptr->uid) ++ pwent = getpwuid(pptr->uid); //get username ++ ++ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); ++ return; ++ } ++ ++ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); ++ ++ if (strlen(P_cmd_long) != 0){ ++ free(pptr->command); ++ pptr->command = strdup(P_cmd_long); ++ } ++ ++ if (pptr->command == NULL) ++ continue; ++ ++ if (pwent != NULL) { ++ if (pptr->pid != 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); ++ else ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); ++ } else { ++ if (pptr->pid != 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); ++ else ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ } ++ } ++} ++ ++static void free_matched_procs(struct procs *matched_procs) { ++ struct procs *procs_tmp = NULL; ++ struct procs *procs_next = NULL; ++ ++ procs_tmp = matched_procs; ++ ++ while (procs_tmp != NULL) { ++ procs_next = procs_tmp->next; ++ ++ if (procs_tmp->command) ++ free(procs_tmp->command); ++ ++ free(procs_tmp); ++ ++ procs_tmp = procs_next; ++ } ++} ++ ++int fuser(const char *dir) { ++ struct name this_name; ++ struct inode match_inode; ++ struct device match_device; ++ int r = 0; ++ ++ if (dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Dir should not be NULL."); ++ return -1; ++ } ++ ++ this_name.matched_procs = NULL; ++ ++ this_name.filename = strdup(dir); //need to free ++ if (this_name.filename == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't allocate memory for fuser() this_name->filename."); ++ return -1; ++ } ++ ++ r = parse_dir(&this_name, &match_inode); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to parse file."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ r = parse_mounts(&this_name, &match_device); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to parse mounts."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ r = scan_procs(&this_name, &match_inode, &match_device); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s", "Failed to scan_procs."); ++ free(this_name.filename); ++ return -1; ++ } ++ ++ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_MOUNTS); ++ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_SWAPS); ++ print_matches(&this_name); ++ ++ free_matched_procs(this_name.matched_procs); ++ free(this_name.filename); ++ return 0; ++} +diff --git a/src/core/fuser.h b/src/core/fuser.h +new file mode 100644 +index 0000000..b74b879 +--- /dev/null ++++ b/src/core/fuser.h +@@ -0,0 +1,55 @@ ++#pragma once ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "manager.h" ++ ++struct procs { ++ pid_t pid; ++ uid_t uid; ++ char *username; ++ char *command; ++ struct procs *next; ++}; ++ ++struct name { ++ char *filename; ++ struct stat st; ++ struct procs *matched_procs; ++}; ++ ++struct inode { ++ struct name *name; ++ dev_t device; ++ ino_t inode; ++}; ++ ++struct device { ++ struct name *name; ++ dev_t device; ++}; ++ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif /* PATH_MAX */ ++ ++#define CMD_NAME_LEN 100 ++#define COMM_LEN 64 ++#define MAX_COMM_LEN 1024 ++#define PROC_MOUNTS "/proc/mounts" ++#define PROC_SWAPS "/proc/swaps" ++ ++int fuser(const char *dir); +diff --git a/src/core/job.c b/src/core/job.c +index e7d1f65..b86aadd 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -27,6 +27,9 @@ + #include "terminal-util.h" + #include "unit.h" + #include "virt.h" ++#include "fuser.h" ++#include "mount.h" ++#include "process-util.h" + + Job* job_new_raw(Unit *unit) { + Job *j; +@@ -729,6 +732,8 @@ static const char* job_done_mid(JobType type, JobResult result) { + static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult result) { + _cleanup_free_ char *free_ident = NULL; + const char *ident, *format; ++ int r = 0; ++ pid_t pid; + + assert(u); + assert(t >= 0); +@@ -825,6 +830,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + "See 'systemctl status %s' for details.", quoted); + } + } ++ ++ if (FLAGS_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->defaults.dfx_reboot && ++ ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { ++ ++ Mount *m = MOUNT(u); ++ ++ r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Failed to fork for fuser!"); ++ return; ++ } ++ if (r == 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "-------------fuser -mv %s----------------", m->where); ++ ++ r = fuser(m->where); ++ if (r < 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run fuser."); ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "%s","----------------------------------------------------------------------"); ++ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); ++ } ++ ++ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); ++ if (r == -ETIMEDOUT) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (fuser-shutdown)."); ++ (void) kill(pid, SIGKILL); ++ } ++ } + } + + static int job_perform_on_unit(Job **j) { +diff --git a/src/core/main.c b/src/core/main.c +index 96b0a11..ddbabaa 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -622,6 +622,7 @@ static int parse_config_file(void) { + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, + { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, ++ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_defaults.dfx_reboot }, + { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, + { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format }, + { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity }, +@@ -1471,7 +1472,8 @@ static int become_shutdown(int objective, int retval) { + + char log_level[STRLEN("--log-level=") + DECIMAL_STR_MAX(int)], + timeout[STRLEN("--timeout=") + DECIMAL_STR_MAX(usec_t) + STRLEN("us")], +- exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)]; ++ exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)], ++ dfx_reboot[STRLEN("--dfx-reboot=") + DECIMAL_STR_MAX(bool)]; + + _cleanup_strv_free_ char **env_block = NULL; + usec_t watchdog_timer = 0; +@@ -1482,15 +1484,17 @@ static int become_shutdown(int objective, int retval) { + + xsprintf(log_level, "--log-level=%d", log_get_max_level()); + xsprintf(timeout, "--timeout=%" PRI_USEC "us", arg_defaults.timeout_stop_usec); ++ xsprintf(dfx_reboot, "--dfx-reboot=%d", arg_defaults.dfx_reboot); + +- const char* command_line[10] = { ++ const char* command_line[11] = { + SYSTEMD_SHUTDOWN_BINARY_PATH, + table[objective], + log_level, + timeout, ++ dfx_reboot, + /* Note that the last position is a terminator and must contain NULL. */ + }; +- size_t pos = 4; ++ size_t pos = 5; + + assert(command_line[pos-1]); + assert(!command_line[pos]); +diff --git a/src/core/manager.c b/src/core/manager.c +index b29d4e1..53fd07d 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4206,6 +4206,8 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) { + m->defaults.oom_score_adjust = defaults->oom_score_adjust; + m->defaults.oom_score_adjust_set = defaults->oom_score_adjust_set; + ++ m->defaults.dfx_reboot = defaults->dfx_reboot; ++ + m->defaults.memory_pressure_watch = defaults->memory_pressure_watch; + m->defaults.memory_pressure_threshold_usec = defaults->memory_pressure_threshold_usec; + +@@ -4978,6 +4980,8 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) { + + .oom_policy = OOM_STOP, + .oom_score_adjust_set = false, ++ ++ .dfx_reboot = false, + }; + } + +diff --git a/src/core/manager.h b/src/core/manager.h +index 93e9d2a..19fb33b 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -177,6 +177,8 @@ typedef struct UnitDefaults { + int oom_score_adjust; + bool oom_score_adjust_set; + ++ bool dfx_reboot; ++ + CGroupPressureWatch memory_pressure_watch; + usec_t memory_pressure_threshold_usec; + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7701d3d..83103ef 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -68,6 +68,7 @@ libcore_sources = files( + 'unit-printf.c', + 'unit-serialize.c', + 'unit.c', ++ 'fuser.c', + ) + + if conf.get('BPF_FRAMEWORK') == 1 +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index dbdc47c..3495b8e 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -80,6 +80,7 @@ DefaultLimitMEMLOCK=64M + #DefaultMemoryPressureThresholdSec=200ms + #DefaultMemoryPressureWatch=auto + #DefaultOOMPolicy=stop ++#DefaultDFXReboot=no + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd..c932e28 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -1,5 +1,7 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + ++shutdown_includes = [includes, include_directories('.')] ++ + systemd_shutdown_sources = files( + 'detach-dm.c', + 'detach-loopback.c', +@@ -7,12 +9,18 @@ systemd_shutdown_sources = files( + 'detach-swap.c', + 'shutdown.c', + 'umount.c', ++ 'process-status.c', + ) + + executables += [ + libexec_template + { + 'name' : 'systemd-shutdown', + 'sources' : systemd_shutdown_sources, ++ 'include_directories' : core_includes, ++ 'link_with' : [ ++ libcore, ++ libshared ++ ], + 'dependencies' : libmount, + }, + libexec_template + { +@@ -34,6 +42,11 @@ executables += [ + 'detach-swap.c', + 'umount.c', + ), ++ 'include_directories' : core_includes, ++ 'link_with' : [ ++ libcore, ++ libshared ++ ], + 'dependencies' : libmount, + }, + ] +diff --git a/src/shutdown/process-status.c b/src/shutdown/process-status.c +new file mode 100644 +index 0000000..11837a2 +--- /dev/null ++++ b/src/shutdown/process-status.c +@@ -0,0 +1,143 @@ ++#include "process-status.h" ++#include "process-util.h" ++ ++static uid_t P_uid; ++static int P_pid; ++static int P_ppid; ++static char P_stat[COMM_LEN]; ++static char P_cmd_short[COMM_LEN]; ++static char P_user[COMM_LEN]; ++static char P_cmd_long[COMM_LEN]; ++ ++static int read_from_stat(int pid) { ++ char buf[PATH_MAX]; ++ char cmd_path[PATH_MAX]; ++ char pathname[PATH_MAX]; ++ int fd = 0; ++ struct stat st; ++ int r = 0; ++ ++ memset(buf, 0, sizeof(buf)); ++ memset(cmd_path, 0, sizeof(cmd_path)); ++ memset(pathname, 0, sizeof(pathname)); ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't snprintf /proc/%d.", pid); ++ return -1; ++ } ++ ++ if (stat(pathname, &st) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't stat %s.", pathname); ++ return -1; ++ } ++ ++ P_uid = st.st_uid; ++ ++ r = snprintf(buf, sizeof(buf), "/proc/%d/stat", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't snprintf /proc/%d/stat.", pid); ++ return -1; ++ } ++ ++ fd = open(buf, O_RDONLY, 0); ++ if (fd == -1) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't open %s.", buf); ++ return -1; ++ } ++ ++ r = read(fd, buf, sizeof(buf) - 1); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't read /proc/%d/stat.", pid); ++ close(fd); ++ return -1; ++ } ++ ++ r = sscanf(buf, "%d %s %s %d", &P_pid, P_cmd_short, P_stat, &P_ppid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't run sscanf."); ++ close(fd); ++ return -1; ++ } ++ ++ close(fd); ++ ++ if(P_pid != pid) ++ return -1; ++ ++ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pid); ++ if (r <= 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pid); ++ return -1; ++ } ++ ++ /* read from /proc/$pid/cmdline */ ++ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); ++ ++ return 0; ++} ++ ++static void do_user(void) { ++ struct passwd *p = NULL; ++ ++ p = getpwuid(P_uid); ++ if (p) { ++ snprintf(P_user, sizeof(P_user), "%s", p->pw_name); ++ } else { ++ snprintf(P_user, sizeof(P_user), "%u", P_uid); ++ } ++} ++ ++static void print_proc(void) { ++ if ((P_ppid != KTHREADD) && (strcmp(P_cmd_short, "(kthreadd)") != 0)) { ++ if (strlen(P_cmd_long) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_long); ++ } else { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_short); ++ } ++ } ++} ++ ++int process_status(void) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "-----------------------------------------------------------------"); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "USER\tPID\tPPID\tCMD"); ++ ++ struct dirent *ent = NULL; ++ DIR *dir = NULL; ++ ++ dir = opendir("/proc"); ++ if (dir == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "can't open /proc"); ++ return -1; ++ } ++ ++ while((ent = readdir(dir))){ ++ if (*ent->d_name < '0' || *ent->d_name > '9') ++ continue; ++ ++ if (read_from_stat(atoi(ent->d_name)) != 0) ++ continue; ++ ++ do_user(); ++ ++ print_proc(); ++ } ++ ++ closedir(dir); ++ ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", ++ "%s", "------------------------------------------------------------------"); ++ ++ return 0; ++} +diff --git a/src/shutdown/process-status.h b/src/shutdown/process-status.h +new file mode 100644 +index 0000000..2f4333d +--- /dev/null ++++ b/src/shutdown/process-status.h +@@ -0,0 +1,24 @@ ++#pragma once ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "manager.h" ++ ++#define COMM_LEN 512 ++ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ ++#define KTHREADD 2 ++ ++int process_status(void); +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index b976b7d..d6beb2d 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -48,13 +48,17 @@ + #include "umount.h" + #include "virt.h" + #include "watchdog.h" ++#include "process-status.h" + + #define SYNC_PROGRESS_ATTEMPTS 3 + #define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC) ++#define SHUTDOWN_TIMEOUT_MIN (0*USEC_PER_SEC) ++#define SHUTDOWN_TIMEOUT_INTERVAL (30*USEC_PER_SEC) + + static char* arg_verb; + static uint8_t arg_exit_code; + static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; ++static bool dfx_reboot = false; + + static int parse_argv(int argc, char *argv[]) { + enum { +@@ -82,6 +86,13 @@ static int parse_argv(int argc, char *argv[]) { + while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) + switch (c) { + ++ case ARG_DFX_REBOOT: ++ if (streq(optarg, "1")) { ++ dfx_reboot = true; ++ } ++ ++ break; ++ + case ARG_LOG_LEVEL: + r = log_set_max_level_from_string(optarg); + if (r < 0) +@@ -341,6 +352,9 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3]; + int cmd, r; ++ usec_t now_time, time_interval; ++ pid_t pid; ++ bool fork_failed = false; + + /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for + * example for logging. After all this tool's purpose is about detaching any pinned resources, and +@@ -432,8 +446,37 @@ int main(int argc, char *argv[]) { + need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false; + can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0; + ++ now_time = now(CLOCK_MONOTONIC); ++ time_interval = SHUTDOWN_TIMEOUT_MIN; + /* Unmount all mountpoints, swaps, and loopback devices */ + for (;;) { ++ if (dfx_reboot && (now(CLOCK_MONOTONIC) >= now_time + time_interval)) { ++ r = safe_fork("(process_status)", FORK_RESET_SIGNALS, &pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Failed to fork for process_status!"); ++ fork_failed = true; ++ } ++ if (r == 0) { ++ r = process_status(); ++ if (r < 0) ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run ps."); ++ ++ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); ++ } ++ ++ now_time = now(CLOCK_MONOTONIC); ++ time_interval = SHUTDOWN_TIMEOUT_INTERVAL; ++ ++ if (!fork_failed) { ++ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); ++ if (r == -ETIMEDOUT) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (process_status)."); ++ (void) kill(pid, SIGKILL); ++ } ++ } ++ } ++ + bool changed = false; + + (void) watchdog_ping(); +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index 1a9b99d..220ae2e 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -28,6 +28,7 @@ + #include "signal-util.h" + #include "umount.h" + #include "virt.h" ++#include "manager.h" + + static void mount_point_free(MountPoint **head, MountPoint *m) { + assert(head); +@@ -321,6 +322,7 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + pfd[0] = safe_close(pfd[0]); + + log_info("Unmounting '%s'.", m->path); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounting '%s'.", m->path); + + /* Start the mount operation here in the child Using MNT_FORCE causes some filesystems + * (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return +@@ -332,9 +334,12 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + (m->umount_lazily ? MNT_DETACH : MNT_FORCE))); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path); ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Failed to unmount '%s'.", m->path); + + if (r == -EBUSY && last_try) + log_umount_blockers(m->path); ++ } else { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounted '%s'.", m->path); + } + + (void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */ +diff --git a/src/test/meson.build b/src/test/meson.build +index a7ca76e..f9e1974 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -596,4 +596,29 @@ executables += [ + libudev_basic, + ], + }, ++ test_template + { ++ 'sources' : files( ++ 'test-process-status.c', ++ '../shutdown/process-status.c' ++ ), ++ 'link_with' : [ ++ libcore, ++ libshared, ++ ], ++ 'include_directories' : [ ++ shutdown_includes, ++ core_includes, ++ ] ++ }, ++ test_template + { ++ 'sources' : files( ++ 'test-fuser.c', ++ '../core/fuser.c' ++ ), ++ 'link_with' : [ ++ libcore, ++ libshared, ++ ], ++ 'include_directories' : core_includes, ++ }, + ] +diff --git a/src/test/test-fuser.c b/src/test/test-fuser.c +new file mode 100644 +index 0000000..1527b5b +--- /dev/null ++++ b/src/test/test-fuser.c +@@ -0,0 +1,14 @@ ++#include "fuser.h" ++#include "tests.h" ++ ++int main(int argc, char *argv[]){ ++ test_setup_logging(LOG_DEBUG); ++ ++ assert_se(fuser("/") == 0); ++ assert_se(fuser(NULL) < 0); ++ assert_se(fuser("/dev") == 0); ++ assert_se(fuser("/dev/empty/mountpoint") < 0); ++ assert_se(fuser("") < 0); ++ ++ return 0; ++} +diff --git a/src/test/test-process-status.c b/src/test/test-process-status.c +new file mode 100644 +index 0000000..4a4c3da +--- /dev/null ++++ b/src/test/test-process-status.c +@@ -0,0 +1,10 @@ ++#include "process-status.h" ++#include "tests.h" ++ ++int main(int argc, char *argv[]){ ++ ++ assert_se(process_status() == 0); ++ ++ return 0; ++ ++} +-- +2.33.0 + diff --git a/process-util-log-more-information-when-runnin.patch b/process-util-log-more-information-when-runnin.patch new file mode 100644 index 0000000000000000000000000000000000000000..6e0c022cdf7f7c84f77415f17abe8303fc2d5bbd --- /dev/null +++ b/process-util-log-more-information-when-runnin.patch @@ -0,0 +1,147 @@ +From f4b4008495211c60bda7e1edda45beb36a553bc7 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 14 Jan 2021 15:57:59 +0800 +Subject: [PATCH] process-util: log more information when running + systemctl. + + Print the PID and its cmdline to the system log when a process + runs systemctl command. +--- + src/basic/process-util.c | 31 +++++++++++++++++++++++++++++++ + src/basic/process-util.h | 1 + + src/systemctl/systemctl.c | 12 ++++++++++++ + src/test/test-process-util.c | 22 ++++++++++++++++++++++ + 4 files changed, 66 insertions(+) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 4e93c9b..78ad30b 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -54,6 +54,7 @@ + #include "stdio-util.h" + #include "string-table.h" + #include "string-util.h" ++#include "strv.h" + #include "terminal-util.h" + #include "user-util.h" + #include "utf8.h" +@@ -342,6 +343,36 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char * + return 0; + } + ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], const char * const *filter) { ++ bool is_filtered = false; ++ int r; ++ const char *arg_cmdline = "["; ++ _cleanup_free_ char *cmdline = NULL; ++ ++ r = pid_get_cmdline(pid, SIZE_MAX, 0, &cmdline); ++ if (r < 0) { ++ syslog(LOG_INFO, "Failed to get cmdline of PID %d. Ignoring.", pid); ++ return r; ++ } else { ++ for (int i = 0; i < argc; i++ ) { ++ if (filter && strv_find((char * const *) filter, argv[i])) { ++ is_filtered = true; ++ break; ++ } ++ if (i == 0) { ++ arg_cmdline = strjoina(arg_cmdline, argv[i]); ++ } else { ++ arg_cmdline = strjoina(arg_cmdline, " ", argv[i]); ++ } ++ } ++ if (!is_filtered) { ++ syslog(LOG_INFO, "%s] called by PID %d (%s)", arg_cmdline, pid, cmdline); ++ } ++ return 0; ++ } ++ ++} ++ + int container_get_leader(const char *machine, pid_t *pid) { + _cleanup_free_ char *s = NULL, *class = NULL; + const char *p; +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index 060c0c2..d211188 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -41,6 +41,7 @@ typedef enum ProcessCmdlineFlags { + + int pid_get_comm(pid_t pid, char **ret); + int pidref_get_comm(const PidRef *pid, char **ret); ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], const char * const *filter); + int pid_get_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret); + int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret); + int pid_get_cmdline_strv(pid_t pid, ProcessCmdlineFlags flags, char ***ret); +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index dd6f6c9..3b049c7 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -2,6 +2,7 @@ + + #include + #include ++#include + #include + + #include "sd-daemon.h" +@@ -1226,6 +1227,14 @@ static int run(int argc, char *argv[]) { + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; + _cleanup_(umount_and_freep) char *mounted_dir = NULL; + int r; ++ pid_t ppid; ++ const char * const filter[] = { ++ "status", "show", "cat", ++ "is-active", "is-failed", "is-enabled", "is-system-running", ++ "list-units", "list-sockets", "list-timers", "list-dependencies", ++ "list-unit-files", "list-machines", "list-jobs", ++ "get-default", "show-environment", NULL ++ }; + + setlocale(LC_ALL, ""); + log_setup(); +@@ -1239,6 +1248,9 @@ static int run(int argc, char *argv[]) { + if (r <= 0) + goto finish; + ++ ppid = getppid(); ++ (void) print_process_cmdline_with_arg(ppid, argc, argv, filter); ++ + if (proc_mounted() == 0) + log_full(arg_no_warn ? LOG_DEBUG : LOG_WARNING, + "%s%s/proc/ is not mounted. This is not a supported mode of operation. Please fix\n" +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 957e214..d9e9ab1 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -951,4 +951,26 @@ static int intro(void) { + return EXIT_SUCCESS; + } + ++TEST(print_process_cmdline_with_arg) { ++ pid_t pid = getpid(); ++ const char * const arg_filter_empty[] = {"", NULL}; ++ const char * const arg_filter_1_in[] = {"status", NULL}; ++ const char * const arg_filter_1_no[] = {"stop", NULL}; ++ const char * const arg_filter_2_in[] = {"restart", "status", NULL}; ++ const char * const arg_filter_2_no[] = {"restart", "stop", NULL}; ++ const char *arg_var_1[1] = {"systemctl"}; ++ const char *arg_var_10[10] = {"systemctl", "restart", "1", "2", "3", "4", "5", "6", "7", "8"}; ++ const char *arg_var_filter[3] = {"systemctl", "status", "dbus.service"}; ++ assert_se(print_process_cmdline_with_arg(pid, 0, NULL, NULL) >=0); ++ assert_se(print_process_cmdline_with_arg(pid, 1, (char **) arg_var_1, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 10, (char **) arg_var_10, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(897349, 1, (char **) arg_var_1, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(897349, 10, (char **) arg_var_10, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_empty) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_1_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_1_no) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_2_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, (char **) arg_var_filter, arg_filter_2_no) >= 0); ++} ++ + DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +-- +2.33.0 + diff --git a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch similarity index 58% rename from 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch rename to resolved-create-etc-resolv.conf-symlink-at-runtime.patch index aa238ee5db18d3147497938883c8637f80cf2a39..f28912715ae60357337b0bd77e011579fdbf48e7 100644 --- a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -10,39 +10,39 @@ If it exists, do nothing. In particular, if it is a broken symlink, we cannot really know if the administator configured it to point to a location used by some service that hasn't started yet, so we don't touch it in that case either. - + https://bugzilla.redhat.com/show_bug.cgi?id=1313085 --- - src/resolve/resolved.c | 4 ++++ - tmpfiles.d/etc.conf.m4 | 3 --- - 2 files changed, 4 insertions(+), 3 deletions(-) + src/resolve/resolved.c | 5 +++++ + tmpfiles.d/systemd-resolve.conf | 2 -- + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index 2ca9fbdc72..3c8a9ff12a 100644 +index d3bc902..a94d744 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c -@@ -49,6 +49,10 @@ static int run(int argc, char *argv[]) { - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most - * privileges are already dropped. */ - if (getuid() == 0) { +@@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Could not create runtime directory: %m"); + + r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); + if (r < 0 && errno != EEXIST) + log_warning_errno(errno, + "Could not create /etc/resolv.conf symlink: %m"); - - /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ ++ + /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ r = drop_privileges(uid, gid, -diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 -index f82e0b82ce..66a777bdb2 100644 ---- a/tmpfiles.d/etc.conf.m4 -+++ b/tmpfiles.d/etc.conf.m4 -@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts - m4_ifdef(`HAVE_SMACK_RUN_LABEL', - t /etc/mtab - - - - security.SMACK64=_ - )m4_dnl --m4_ifdef(`ENABLE_RESOLVE', + (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +index cb1c56d..ce3d1a6 100644 +--- a/tmpfiles.d/systemd-resolve.conf ++++ b/tmpfiles.d/systemd-resolve.conf +@@ -6,5 +6,3 @@ + # (at your option) any later version. + + # See tmpfiles.d(5) for details +- -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --)m4_dnl - C! /etc/nsswitch.conf - - - - - m4_ifdef(`HAVE_PAM', - C! /etc/pam.d - - - - +-- +2.33.0 + diff --git a/revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch b/revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch deleted file mode 100644 index 65c5162ec85b61920d291883cea7ec5ceb2960d1..0000000000000000000000000000000000000000 --- a/revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch +++ /dev/null @@ -1,93 +0,0 @@ -From e67cd21d7d174cdafd12beca4cfb6e19e61f6fb5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 8 Jul 2019 17:33:25 +0200 -Subject: [PATCH] analyze: add "unit-files" to dump the unit fragment map - -I'm not convinced that this is useful enough to be included... But it is -certainly nice when debugging. - -revert analyze add unit files to dump the unit fragment map ---- - src/analyze/analyze.c | 50 -------------------------------------------------- - 1 file changed, 50 deletions(-) - -diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c -index 322be1a..6de26f4 100644 ---- a/src/analyze/analyze.c -+++ b/src/analyze/analyze.c -@@ -1546,53 +1546,6 @@ static int get_or_set_log_target(int argc, char *argv[], void *userdata) { - return (argc == 1) ? get_log_target(argc, argv, userdata) : set_log_target(argc, argv, userdata); - } - --static bool strv_fnmatch_strv_or_empty(char* const* patterns, char **strv, int flags) { -- char **s; -- STRV_FOREACH(s, strv) -- if (strv_fnmatch_or_empty(patterns, *s, flags)) -- return true; -- -- return false; --} -- --static int do_unit_files(int argc, char *argv[], void *userdata) { -- _cleanup_(lookup_paths_free) LookupPaths lp = {}; -- _cleanup_hashmap_free_ Hashmap *unit_ids = NULL; -- _cleanup_hashmap_free_ Hashmap *unit_names = NULL; -- char **patterns = strv_skip(argv, 1); -- Iterator i; -- const char *k, *dst; -- char **v; -- int r; -- -- r = lookup_paths_init(&lp, arg_scope, 0, NULL); -- if (r < 0) -- return log_error_errno(r, "lookup_paths_init() failed: %m"); -- -- r = unit_file_build_name_map(&lp, &unit_ids, &unit_names, NULL); -- if (r < 0) -- return log_error_errno(r, "unit_file_build_name_map() failed: %m"); -- -- HASHMAP_FOREACH_KEY(dst, k, unit_ids, i) { -- if (!strv_fnmatch_or_empty(patterns, k, FNM_NOESCAPE) && -- !strv_fnmatch_or_empty(patterns, dst, FNM_NOESCAPE)) -- continue; -- -- printf("ids: %s → %s\n", k, dst); -- } -- -- HASHMAP_FOREACH_KEY(v, k, unit_names, i) { -- if (!strv_fnmatch_or_empty(patterns, k, FNM_NOESCAPE) && -- !strv_fnmatch_strv_or_empty(patterns, v, FNM_NOESCAPE)) -- continue; -- -- _cleanup_free_ char *j = strv_join(v, ", "); -- printf("aliases: %s ← %s\n", k, j); -- } -- -- return 0; --} -- - static int dump_unit_paths(int argc, char *argv[], void *userdata) { - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - int r; -@@ -2263,7 +2216,6 @@ static int help(int argc, char *argv[], void *userdata) { - " log-target [TARGET] Get/set logging target for manager\n" - " dump Output state serialization of service manager\n" - " cat-config Show configuration file and drop-ins\n" -- " unit-files List files and symlinks for units\n" - " unit-paths List load directories for units\n" - " exit-status [STATUS...] List exit status definitions\n" - " syscall-filter [NAME...] Print list of syscalls in seccomp filter\n" -@@ -2467,10 +2419,8 @@ static int run(int argc, char *argv[]) { - { "get-log-level", VERB_ANY, 1, 0, get_log_level }, - { "set-log-target", 2, 2, 0, set_log_target }, - { "get-log-target", VERB_ANY, 1, 0, get_log_target }, -- - { "dump", VERB_ANY, 1, 0, dump }, - { "cat-config", 2, VERB_ANY, 0, cat_config }, -- { "unit-files", VERB_ANY, VERB_ANY, 0, do_unit_files }, - { "unit-paths", 1, 1, 0, dump_unit_paths }, - { "exit-status", VERB_ANY, VERB_ANY, 0, dump_exit_status }, - { "syscall-filter", VERB_ANY, VERB_ANY, 0, dump_syscall_filters }, --- -1.8.3.1 - diff --git a/revert-pid1-drop-unit-caches-only-based-on-mtime.patch b/revert-pid1-drop-unit-caches-only-based-on-mtime.patch deleted file mode 100644 index e12236a743e689df5645a4553501162ef9fcc2c7..0000000000000000000000000000000000000000 --- a/revert-pid1-drop-unit-caches-only-based-on-mtime.patch +++ /dev/null @@ -1,289 +0,0 @@ -From 91e0ee5f16321656ed6f827742ecbeb2b36027f2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 10 Jul 2019 18:01:13 +0200 -Subject: [PATCH] pid1: drop unit caches only based on mtime - -v2: -- do not watch mtime of transient and generated dirs - - We'd reload the map after every transient unit we created, which we don't - need to do, since we create those units ourselves and know their fragment - path. - -revert pid1 drop unit caches only based on mtime ---- - src/analyze/analyze.c | 2 +- - src/core/load-fragment.c | 9 -------- - src/core/manager.c | 14 ++++++++++-- - src/core/manager.h | 1 - - src/shared/unit-file.c | 57 +---------------------------------------------- - src/shared/unit-file.h | 2 -- - src/systemctl/systemctl.c | 2 +- - src/test/test-unit-file.c | 13 +---------- - 8 files changed, 16 insertions(+), 84 deletions(-) - -diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c -index 4d81026..322be1a 100644 ---- a/src/analyze/analyze.c -+++ b/src/analyze/analyze.c -@@ -1569,7 +1569,7 @@ static int do_unit_files(int argc, char *argv[], void *userdata) { - if (r < 0) - return log_error_errno(r, "lookup_paths_init() failed: %m"); - -- r = unit_file_build_name_map(&lp, NULL, &unit_ids, &unit_names, NULL); -+ r = unit_file_build_name_map(&lp, &unit_ids, &unit_names, NULL); - if (r < 0) - return log_error_errno(r, "unit_file_build_name_map() failed: %m"); - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 8eaf8b3..9821a92 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -4605,15 +4605,6 @@ int unit_load_fragment(Unit *u) { - return 0; - } - -- /* Possibly rebuild the fragment map to catch new units */ -- r = unit_file_build_name_map(&u->manager->lookup_paths, -- &u->manager->unit_cache_mtime, -- &u->manager->unit_id_map, -- &u->manager->unit_name_map, -- &u->manager->unit_path_cache); -- if (r < 0) -- log_error_errno(r, "Failed to rebuild name map: %m"); -- - r = unit_file_find_fragment(u->manager->unit_id_map, - u->manager->unit_name_map, - u->id, -diff --git a/src/core/manager.c b/src/core/manager.c -index 5efcf45..8b1ce70 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -693,7 +693,6 @@ static void manager_free_unit_name_maps(Manager *m) { - m->unit_id_map = hashmap_free(m->unit_id_map); - m->unit_name_map = hashmap_free(m->unit_name_map); - m->unit_path_cache = set_free_free(m->unit_path_cache); -- m->unit_cache_mtime = 0; - } - - static int manager_setup_run_queue(Manager *m) { -@@ -1642,6 +1641,11 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - lookup_paths_log(&m->lookup_paths); - -+ manager_free_unit_name_maps(m); -+ r = unit_file_build_name_map(&m->lookup_paths, &m->unit_id_map, &m->unit_name_map, &m->unit_path_cache); -+ if (r < 0) -+ return log_error_errno(r, "Failed to build name map: %m"); -+ - { - /* This block is (optionally) done with the reloading counter bumped */ - _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; -@@ -2858,6 +2862,10 @@ int manager_loop(Manager *m) { - assert(m); - assert(m->objective == MANAGER_OK); /* Ensure manager_startup() has been called */ - -+ /* Release the path and unit name caches */ -+ manager_free_unit_name_maps(m); -+ // FIXME: once this happens, we cannot load any more units -+ - manager_check_finished(m); - - /* There might still be some zombies hanging around from before we were exec()'ed. Let's reap them. */ -@@ -3531,8 +3539,10 @@ int manager_reload(Manager *m) { - - lookup_paths_log(&m->lookup_paths); - -- /* We flushed out generated files, for which we don't watch mtime, so we should flush the old map. */ - manager_free_unit_name_maps(m); -+ r = unit_file_build_name_map(&m->lookup_paths, &m->unit_id_map, &m->unit_name_map, &m->unit_path_cache); -+ if (r < 0) -+ log_warning_errno(r, "Failed to build name map: %m"); - - /* First, enumerate what we can from kernel and suchlike */ - manager_enumerate_perpetual(m); -diff --git a/src/core/manager.h b/src/core/manager.h -index 815c5ec..9ca82ac 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -223,7 +223,6 @@ struct Manager { - Hashmap *unit_id_map; - Hashmap *unit_name_map; - Set *unit_path_cache; -- usec_t unit_cache_mtime; - - char **transient_environment; /* The environment, as determined from config files, kernel cmdline and environment generators */ - char **client_environment; /* Environment variables created by clients through the bus API */ -diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c -index 4a5f23e..bad92a3 100644 ---- a/src/shared/unit-file.c -+++ b/src/shared/unit-file.c -@@ -152,47 +152,8 @@ static int unit_ids_map_get( - return -ELOOP; - } - --static bool lookup_paths_mtime_exclude(const LookupPaths *lp, const char *path) { -- /* Paths that are under our exclusive control. Users shall not alter those directly. */ -- -- return streq_ptr(path, lp->generator) || -- streq_ptr(path, lp->generator_early) || -- streq_ptr(path, lp->generator_late) || -- streq_ptr(path, lp->transient) || -- streq_ptr(path, lp->persistent_control) || -- streq_ptr(path, lp->runtime_control); --} -- --static bool lookup_paths_mtime_good(const LookupPaths *lp, usec_t mtime) { -- char **dir; -- -- STRV_FOREACH(dir, (char**) lp->search_path) { -- struct stat st; -- -- if (lookup_paths_mtime_exclude(lp, *dir)) -- continue; -- -- /* Determine the latest lookup path modification time */ -- if (stat(*dir, &st) < 0) { -- if (errno == ENOENT) -- continue; -- -- log_debug_errno(errno, "Failed to stat %s, ignoring: %m", *dir); -- continue; -- } -- -- if (timespec_load(&st.st_mtim) > mtime) { -- log_debug_errno(errno, "Unit dir %s has changed, need to update cache.", *dir); -- return false; -- } -- } -- -- return true; --} -- - int unit_file_build_name_map( - const LookupPaths *lp, -- usec_t *cache_mtime, - Hashmap **ret_unit_ids_map, - Hashmap **ret_unit_names_map, - Set **ret_path_cache) { -@@ -210,12 +171,6 @@ int unit_file_build_name_map( - _cleanup_set_free_free_ Set *paths = NULL; - char **dir; - int r; -- usec_t mtime = 0; -- -- /* Before doing anything, check if the mtime that was passed is still valid. If -- * yes, do nothing. If *cache_time == 0, always build the cache. */ -- if (cache_mtime && *cache_mtime > 0 && lookup_paths_mtime_good(lp, *cache_mtime)) -- return 0; - - if (ret_path_cache) { - paths = set_new(&path_hash_ops); -@@ -226,7 +181,6 @@ int unit_file_build_name_map( - STRV_FOREACH(dir, (char**) lp->search_path) { - struct dirent *de; - _cleanup_closedir_ DIR *d = NULL; -- struct stat st; - - d = opendir(*dir); - if (!d) { -@@ -235,13 +189,6 @@ int unit_file_build_name_map( - continue; - } - -- /* Determine the latest lookup path modification time */ -- if (fstat(dirfd(d), &st) < 0) -- return log_error_errno(errno, "Failed to fstat %s: %m", *dir); -- -- if (!lookup_paths_mtime_exclude(lp, *dir)) -- mtime = MAX(mtime, timespec_load(&st.st_mtim)); -- - FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; -@@ -378,14 +325,12 @@ int unit_file_build_name_map( - basename(dst), src); - } - -- if (cache_mtime) -- *cache_mtime = mtime; - *ret_unit_ids_map = TAKE_PTR(ids); - *ret_unit_names_map = TAKE_PTR(names); - if (ret_path_cache) - *ret_path_cache = TAKE_PTR(paths); - -- return 1; -+ return 0; - } - - int unit_file_find_fragment( -diff --git a/src/shared/unit-file.h b/src/shared/unit-file.h -index 54cc787..52e17f7 100644 ---- a/src/shared/unit-file.h -+++ b/src/shared/unit-file.h -@@ -4,7 +4,6 @@ - #include - - #include "hashmap.h" --#include "time-util.h" - #include "unit-name.h" - - typedef enum UnitFileState UnitFileState; -@@ -43,7 +42,6 @@ int unit_validate_alias_symlink_and_warn(const char *filename, const char *targe - - int unit_file_build_name_map( - const LookupPaths *lp, -- usec_t *ret_time, - Hashmap **ret_unit_ids_map, - Hashmap **ret_unit_names_map, - Set **ret_path_cache); -diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index dcf76be..69063ee 100644 ---- a/src/systemctl/systemctl.c -+++ b/src/systemctl/systemctl.c -@@ -2594,7 +2594,7 @@ static int unit_find_paths( - _cleanup_set_free_free_ Set *names = NULL; - - if (!cached_name_map) { -- r = unit_file_build_name_map(lp, NULL, &cached_id_map, &cached_name_map, NULL); -+ r = unit_file_build_name_map(lp, &cached_id_map, &cached_name_map, NULL); - if (r < 0) - return r; - } -diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c -index 8bc5bf6..988ac15 100644 ---- a/src/test/test-unit-file.c -+++ b/src/test/test-unit-file.c -@@ -32,12 +32,10 @@ static void test_unit_file_build_name_map(char **ids) { - Iterator i; - const char *k, *dst; - char **v; -- usec_t mtime = 0; -- int r; - - assert_se(lookup_paths_init(&lp, UNIT_FILE_SYSTEM, 0, NULL) >= 0); - -- assert_se(unit_file_build_name_map(&lp, &mtime, &unit_ids, &unit_names, NULL) == 1); -+ assert_se(unit_file_build_name_map(&lp, &unit_ids, &unit_names, NULL) == 0); - - HASHMAP_FOREACH_KEY(dst, k, unit_ids, i) - log_info("ids: %s → %s", k, dst); -@@ -47,15 +45,6 @@ static void test_unit_file_build_name_map(char **ids) { - log_info("aliases: %s ← %s", k, j); - } - -- char buf[FORMAT_TIMESTAMP_MAX]; -- log_debug("Last modification time: %s", format_timestamp(buf, sizeof buf, mtime)); -- -- r = unit_file_build_name_map(&lp, &mtime, &unit_ids, &unit_names, NULL); -- assert_se(IN_SET(r, 0, 1)); -- if (r == 0) -- log_debug("Cache rebuild skipped based on mtime."); -- -- - char **id; - STRV_FOREACH(id, ids) { - const char *fragment, *name; --- -1.8.3.1 - diff --git a/revert-pid1-use-a-cache-for-all-unit-aliases.patch b/revert-pid1-use-a-cache-for-all-unit-aliases.patch deleted file mode 100644 index 7dc96a5a6b40b7830b81934adaa078c508b062b0..0000000000000000000000000000000000000000 --- a/revert-pid1-use-a-cache-for-all-unit-aliases.patch +++ /dev/null @@ -1,1226 +0,0 @@ -From e8630e695232bdfcd16b55f3faafb4329c961104 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 18 Jul 2019 13:11:28 +0200 -Subject: [PATCH] pid1: use a cache for all unit aliases - -This reworks how we load units from disk. Instead of chasing symlinks every -time we are asked to load a unit by name, we slurp all symlinks from disk -and build two hashmaps: -1. from unit name to either alias target, or fragment on disk - (if an alias, we put just the target name in the hashmap, if a fragment - we put an absolute path, so we can distinguish both). -2. from a unit name to all aliases - -Reading all this data can be pretty costly (40 ms) on my machine, so we keep it -around for reuse. - -The advantage is that we can reliably know what all the aliases of a given unit -are. This means we can reliably load dropins under all names. This fixes #11972. - -revert pid1 use a cache for all unit aliases ---- - src/core/load-fragment.c | 350 +++++++++++++++++++++++++++-------- - src/core/manager.c | 73 ++++++-- - src/core/manager.h | 2 - - src/core/unit.c | 3 - - src/shared/unit-file.c | 362 ------------------------------------- - src/shared/unit-file.h | 15 -- - src/systemctl/systemctl.c | 47 +++-- - src/test/test-unit-file.c | 40 ---- - test/TEST-15-DROPIN/test-dropin.sh | 33 ++-- - 9 files changed, 378 insertions(+), 547 deletions(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 9821a92..9dd86e8 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -4553,48 +4553,251 @@ int config_parse_ip_filter_bpf_progs( - return 0; - } - -+#define FOLLOW_MAX 8 -+ -+static int open_follow(char **filename, FILE **_f, Set *names, char **_final) { -+ char *id = NULL; -+ unsigned c = 0; -+ int fd, r; -+ FILE *f; -+ -+ assert(filename); -+ assert(*filename); -+ assert(_f); -+ assert(names); -+ -+ /* This will update the filename pointer if the loaded file is -+ * reached by a symlink. The old string will be freed. */ -+ -+ for (;;) { -+ char *target, *name; -+ -+ if (c++ >= FOLLOW_MAX) -+ return -ELOOP; -+ -+ path_simplify(*filename, false); -+ -+ /* Add the file name we are currently looking at to -+ * the names of this unit, but only if it is a valid -+ * unit name. */ -+ name = basename(*filename); -+ if (unit_name_is_valid(name, UNIT_NAME_ANY)) { -+ -+ id = set_get(names, name); -+ if (!id) { -+ id = strdup(name); -+ if (!id) -+ return -ENOMEM; -+ -+ r = set_consume(names, id); -+ if (r < 0) -+ return r; -+ } -+ } -+ -+ /* Try to open the file name, but don't if its a symlink */ -+ fd = open(*filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); -+ if (fd >= 0) -+ break; -+ -+ if (errno != ELOOP) -+ return -errno; -+ -+ /* Hmm, so this is a symlink. Let's read the name, and follow it manually */ -+ r = readlink_and_make_absolute(*filename, &target); -+ if (r < 0) -+ return r; -+ -+ free_and_replace(*filename, target); -+ } -+ -+ f = fdopen(fd, "r"); -+ if (!f) { -+ safe_close(fd); -+ return -errno; -+ } -+ -+ *_f = f; -+ *_final = id; -+ -+ return 0; -+} -+ - static int merge_by_names(Unit **u, Set *names, const char *id) { - char *k; - int r; - - assert(u); - assert(*u); -+ assert(names); - -- /* Let's try to add in all names that are aliases of this unit */ -+ /* Let's try to add in all symlink names we found */ - while ((k = set_steal_first(names))) { -- _cleanup_free_ _unused_ char *free_k = k; - -- /* First try to merge in the other name into our unit */ -+ /* First try to merge in the other name into our -+ * unit */ - r = unit_merge_by_name(*u, k); - if (r < 0) { - Unit *other; - -- /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way -- * round. */ -+ /* Hmm, we couldn't merge the other unit into -+ * ours? Then let's try it the other way -+ * round */ - -- other = manager_get_unit((*u)->manager, k); -- if (!other) -- return r; /* return previous failure */ -+ /* If the symlink name we are looking at is unit template, then -+ we must search for instance of this template */ -+ if (unit_name_is_valid(k, UNIT_NAME_TEMPLATE) && (*u)->instance) { -+ _cleanup_free_ char *instance = NULL; - -- r = unit_merge(other, *u); -- if (r < 0) -- return r; -+ r = unit_name_replace_instance(k, (*u)->instance, &instance); -+ if (r < 0) -+ return r; - -- *u = other; -- return merge_by_names(u, names, NULL); -+ other = manager_get_unit((*u)->manager, instance); -+ } else -+ other = manager_get_unit((*u)->manager, k); -+ -+ free(k); -+ -+ if (other) { -+ r = unit_merge(other, *u); -+ if (r >= 0) { -+ *u = other; -+ return merge_by_names(u, names, NULL); -+ } -+ } -+ -+ return r; - } - -- if (streq_ptr(id, k)) -+ if (id == k) - unit_choose_id(*u, id); -+ -+ free(k); -+ } -+ -+ return 0; -+} -+ -+static int load_from_path(Unit *u, const char *path) { -+ _cleanup_set_free_free_ Set *symlink_names = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ _cleanup_free_ char *filename = NULL; -+ char *id = NULL; -+ Unit *merged; -+ struct stat st; -+ int r; -+ -+ assert(u); -+ assert(path); -+ -+ symlink_names = set_new(&string_hash_ops); -+ if (!symlink_names) -+ return -ENOMEM; -+ -+ if (path_is_absolute(path)) { -+ -+ filename = strdup(path); -+ if (!filename) -+ return -ENOMEM; -+ -+ r = open_follow(&filename, &f, symlink_names, &id); -+ if (r < 0) { -+ filename = mfree(filename); -+ if (r != -ENOENT) -+ return r; -+ } -+ -+ } else { -+ char **p; -+ -+ STRV_FOREACH(p, u->manager->lookup_paths.search_path) { -+ -+ /* Instead of opening the path right away, we manually -+ * follow all symlinks and add their name to our unit -+ * name set while doing so */ -+ filename = path_make_absolute(path, *p); -+ if (!filename) -+ return -ENOMEM; -+ -+ if (u->manager->unit_path_cache && -+ !set_get(u->manager->unit_path_cache, filename)) -+ r = -ENOENT; -+ else -+ r = open_follow(&filename, &f, symlink_names, &id); -+ if (r >= 0) -+ break; -+ -+ /* ENOENT means that the file is missing or is a dangling symlink. -+ * ENOTDIR means that one of paths we expect to be is a directory -+ * is not a directory, we should just ignore that. -+ * EACCES means that the directory or file permissions are wrong. -+ */ -+ if (r == -EACCES) -+ log_debug_errno(r, "Cannot access \"%s\": %m", filename); -+ else if (!IN_SET(r, -ENOENT, -ENOTDIR)) -+ return r; -+ -+ filename = mfree(filename); -+ /* Empty the symlink names for the next run */ -+ set_clear_free(symlink_names); -+ } -+ } -+ -+ if (!filename) -+ /* Hmm, no suitable file found? */ -+ return 0; -+ -+ if (!unit_type_may_alias(u->type) && set_size(symlink_names) > 1) { -+ log_unit_warning(u, "Unit type of %s does not support alias names, refusing loading via symlink.", u->id); -+ return -ELOOP; -+ } -+ -+ merged = u; -+ r = merge_by_names(&merged, symlink_names, id); -+ if (r < 0) -+ return r; -+ -+ if (merged != u) { -+ u->load_state = UNIT_MERGED; -+ return 0; -+ } -+ -+ if (fstat(fileno(f), &st) < 0) -+ return -errno; -+ -+ if (null_or_empty(&st)) { -+ u->load_state = UNIT_MASKED; -+ u->fragment_mtime = 0; -+ } else { -+ u->load_state = UNIT_LOADED; -+ u->fragment_mtime = timespec_load(&st.st_mtim); -+ -+ /* Now, parse the file contents */ -+ r = config_parse(u->id, filename, f, -+ UNIT_VTABLE(u)->sections, -+ config_item_perf_lookup, load_fragment_gperf_lookup, -+ CONFIG_PARSE_ALLOW_INCLUDE, u); -+ if (r < 0) -+ return r; -+ } -+ -+ free_and_replace(u->fragment_path, filename); -+ -+ if (u->source_path) { -+ if (stat(u->source_path, &st) >= 0) -+ u->source_mtime = timespec_load(&st.st_mtim); -+ else -+ u->source_mtime = 0; - } - - return 0; - } - - int unit_load_fragment(Unit *u) { -- const char *fragment; -- _cleanup_set_free_free_ Set *names = NULL; - int r; -+ Iterator i; -+ const char *t; - - assert(u); - assert(u->load_state == UNIT_STUB); -@@ -4605,79 +4808,78 @@ int unit_load_fragment(Unit *u) { - return 0; - } - -- r = unit_file_find_fragment(u->manager->unit_id_map, -- u->manager->unit_name_map, -- u->id, -- &fragment, -- &names); -- if (r < 0 && r != -ENOENT) -+ /* First, try to find the unit under its id. We always look -+ * for unit files in the default directories, to make it easy -+ * to override things by placing things in /etc/systemd/system */ -+ r = load_from_path(u, u->id); -+ if (r < 0) - return r; - -- if (fragment) { -- /* Open the file, check if this is a mask, otherwise read. */ -- _cleanup_fclose_ FILE *f = NULL; -- struct stat st; -+ /* Try to find an alias we can load this with */ -+ if (u->load_state == UNIT_STUB) { -+ SET_FOREACH(t, u->names, i) { - -- /* Try to open the file name. A symlink is OK, for example for linked files or masks. We -- * expect that all symlinks within the lookup paths have been already resolved, but we don't -- * verify this here. */ -- f = fopen(fragment, "re"); -- if (!f) -- return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment); -+ if (t == u->id) -+ continue; - -- if (fstat(fileno(f), &st) < 0) -- return -errno; -+ r = load_from_path(u, t); -+ if (r < 0) -+ return r; - -- r = free_and_strdup(&u->fragment_path, fragment); -+ if (u->load_state != UNIT_STUB) -+ break; -+ } -+ } -+ -+ /* And now, try looking for it under the suggested (originally linked) path */ -+ if (u->load_state == UNIT_STUB && u->fragment_path) { -+ -+ r = load_from_path(u, u->fragment_path); - if (r < 0) - return r; - -- if (null_or_empty(&st)) { -- u->load_state = UNIT_MASKED; -- u->fragment_mtime = 0; -- } else { -- u->load_state = UNIT_LOADED; -- u->fragment_mtime = timespec_load(&st.st_mtim); -- -- /* Now, parse the file contents */ -- r = config_parse(u->id, fragment, f, -- UNIT_VTABLE(u)->sections, -- config_item_perf_lookup, load_fragment_gperf_lookup, -- CONFIG_PARSE_ALLOW_INCLUDE, u); -- if (r == -ENOEXEC) -- log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started."); -- if (r < 0) -- return r; -- } -+ if (u->load_state == UNIT_STUB) -+ /* Hmm, this didn't work? Then let's get rid -+ * of the fragment path stored for us, so that -+ * we don't point to an invalid location. */ -+ u->fragment_path = mfree(u->fragment_path); - } - -- /* We do the merge dance here because for some unit types, the unit might have aliases which are not -- * declared in the file system. In particular, this is true (and frequent) for device and swap units. -- */ -- Unit *merged; -- const char *id = u->id; -- _cleanup_free_ char *free_id = NULL; -+ /* Look for a template */ -+ if (u->load_state == UNIT_STUB && u->instance) { -+ _cleanup_free_ char *k = NULL; - -- if (fragment) { -- id = basename(fragment); -- if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) { -- assert(u->instance); /* If we're not trying to use a template for non-instanced unit, -- * this must be set. */ -+ r = unit_name_template(u->id, &k); -+ if (r < 0) -+ return r; - -- r = unit_name_replace_instance(id, u->instance, &free_id); -- if (r < 0) -- return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance); -- id = free_id; -+ r = load_from_path(u, k); -+ if (r < 0) { -+ if (r == -ENOEXEC) -+ log_unit_notice(u, "Unit configuration has fatal error, unit will not be started."); -+ return r; - } -- } - -- merged = u; -- r = merge_by_names(&merged, names, id); -- if (r < 0) -- return r; -+ if (u->load_state == UNIT_STUB) { -+ SET_FOREACH(t, u->names, i) { -+ _cleanup_free_ char *z = NULL; - -- if (merged != u) -- u->load_state = UNIT_MERGED; -+ if (t == u->id) -+ continue; -+ -+ r = unit_name_template(t, &z); -+ if (r < 0) -+ return r; -+ -+ r = load_from_path(u, z); -+ if (r < 0) -+ return r; -+ -+ if (u->load_state != UNIT_STUB) -+ break; -+ } -+ } -+ } - - return 0; - } -diff --git a/src/core/manager.c b/src/core/manager.c -index 8b1ce70..cfeaca6 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -689,12 +689,6 @@ static int manager_setup_prefix(Manager *m) { - return 0; - } - --static void manager_free_unit_name_maps(Manager *m) { -- m->unit_id_map = hashmap_free(m->unit_id_map); -- m->unit_name_map = hashmap_free(m->unit_name_map); -- m->unit_path_cache = set_free_free(m->unit_path_cache); --} -- - static int manager_setup_run_queue(Manager *m) { - int r; - -@@ -1383,7 +1377,7 @@ Manager* manager_free(Manager *m) { - strv_free(m->client_environment); - - hashmap_free(m->cgroup_unit); -- manager_free_unit_name_maps(m); -+ set_free_free(m->unit_path_cache); - - free(m->switch_root); - free(m->switch_root_init); -@@ -1487,6 +1481,56 @@ static void manager_catchup(Manager *m) { - } - } - -+static void manager_build_unit_path_cache(Manager *m) { -+ char **i; -+ int r; -+ -+ assert(m); -+ -+ set_free_free(m->unit_path_cache); -+ -+ m->unit_path_cache = set_new(&path_hash_ops); -+ if (!m->unit_path_cache) { -+ r = -ENOMEM; -+ goto fail; -+ } -+ -+ /* This simply builds a list of files we know exist, so that -+ * we don't always have to go to disk */ -+ -+ STRV_FOREACH(i, m->lookup_paths.search_path) { -+ _cleanup_closedir_ DIR *d = NULL; -+ struct dirent *de; -+ -+ d = opendir(*i); -+ if (!d) { -+ if (errno != ENOENT) -+ log_warning_errno(errno, "Failed to open directory %s, ignoring: %m", *i); -+ continue; -+ } -+ -+ FOREACH_DIRENT(de, d, r = -errno; goto fail) { -+ char *p; -+ -+ p = path_join(*i, de->d_name); -+ if (!p) { -+ r = -ENOMEM; -+ goto fail; -+ } -+ -+ r = set_consume(m->unit_path_cache, p); -+ if (r < 0) -+ goto fail; -+ } -+ } -+ -+ return; -+ -+fail: -+ log_warning_errno(r, "Failed to build unit path cache, proceeding without: %m"); -+ m->unit_path_cache = set_free_free(m->unit_path_cache); -+} -+ - static void manager_distribute_fds(Manager *m, FDSet *fds) { - Iterator i; - Unit *u; -@@ -1641,10 +1685,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - lookup_paths_log(&m->lookup_paths); - -- manager_free_unit_name_maps(m); -- r = unit_file_build_name_map(&m->lookup_paths, &m->unit_id_map, &m->unit_name_map, &m->unit_path_cache); -- if (r < 0) -- return log_error_errno(r, "Failed to build name map: %m"); -+ manager_build_unit_path_cache(m); - - { - /* This block is (optionally) done with the reloading counter bumped */ -@@ -2862,9 +2903,8 @@ int manager_loop(Manager *m) { - assert(m); - assert(m->objective == MANAGER_OK); /* Ensure manager_startup() has been called */ - -- /* Release the path and unit name caches */ -- manager_free_unit_name_maps(m); -- // FIXME: once this happens, we cannot load any more units -+ /* Release the path cache */ -+ m->unit_path_cache = set_free_free(m->unit_path_cache); - - manager_check_finished(m); - -@@ -3539,10 +3579,7 @@ int manager_reload(Manager *m) { - - lookup_paths_log(&m->lookup_paths); - -- manager_free_unit_name_maps(m); -- r = unit_file_build_name_map(&m->lookup_paths, &m->unit_id_map, &m->unit_name_map, &m->unit_path_cache); -- if (r < 0) -- log_warning_errno(r, "Failed to build name map: %m"); -+ manager_build_unit_path_cache(m); - - /* First, enumerate what we can from kernel and suchlike */ - manager_enumerate_perpetual(m); -diff --git a/src/core/manager.h b/src/core/manager.h -index 9ca82ac..daeb454 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -220,8 +220,6 @@ struct Manager { - - UnitFileScope unit_file_scope; - LookupPaths lookup_paths; -- Hashmap *unit_id_map; -- Hashmap *unit_name_map; - Set *unit_path_cache; - - char **transient_environment; /* The environment, as determined from config files, kernel cmdline and environment generators */ -diff --git a/src/core/unit.c b/src/core/unit.c -index f96e6e4..1b8d5d9 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -959,9 +959,6 @@ int unit_merge_by_name(Unit *u, const char *name) { - Unit *other; - int r; - -- /* Either add name to u, or if a unit with name already exists, merge it with u. -- * If name is a template, do the same for name@instance, where instance is u's instance. */ -- - assert(u); - assert(name); - -diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c -index bad92a3..cde38c4 100644 ---- a/src/shared/unit-file.c -+++ b/src/shared/unit-file.c -@@ -1,14 +1,7 @@ - /* SPDX-License-Identifier: LGPL-2.1+ */ - --#include "dirent-util.h" --#include "fd-util.h" --#include "fs-util.h" - #include "macro.h" --#include "path-lookup.h" --#include "set.h" --#include "stat-util.h" - #include "string-util.h" --#include "strv.h" - #include "unit-file.h" - - bool unit_type_may_alias(UnitType type) { -@@ -101,358 +94,3 @@ int unit_validate_alias_symlink_and_warn(const char *filename, const char *targe - - return 0; - } -- --#define FOLLOW_MAX 8 -- --static int unit_ids_map_get( -- Hashmap *unit_ids_map, -- const char *unit_name, -- const char **ret_fragment_path) { -- -- /* Resolve recursively until we hit an absolute path, i.e. a non-aliased unit. -- * -- * We distinguish the case where unit_name was not found in the hashmap at all, and the case where -- * some symlink was broken. -- * -- * If a symlink target points to an instance name, then we also check for the template. */ -- -- const char *id = NULL; -- int r; -- -- for (unsigned n = 0; n < FOLLOW_MAX; n++) { -- const char *t = hashmap_get(unit_ids_map, id ?: unit_name); -- if (!t) { -- _cleanup_free_ char *template = NULL; -- -- if (!id) -- return -ENOENT; -- -- r = unit_name_template(id, &template); -- if (r == -EINVAL) -- return -ENXIO; /* we failed to find the symlink target */ -- if (r < 0) -- return log_error_errno(r, "Failed to determine template name for %s: %m", id); -- -- t = hashmap_get(unit_ids_map, template); -- if (!t) -- return -ENXIO; -- -- /* We successfully switched from instanced name to a template, let's continue */ -- } -- -- if (path_is_absolute(t)) { -- if (ret_fragment_path) -- *ret_fragment_path = t; -- return 0; -- } -- -- id = t; -- } -- -- return -ELOOP; --} -- --int unit_file_build_name_map( -- const LookupPaths *lp, -- Hashmap **ret_unit_ids_map, -- Hashmap **ret_unit_names_map, -- Set **ret_path_cache) { -- -- /* Build two mappings: any name → main unit (i.e. the end result of symlink resolution), unit name → -- * all aliases (i.e. the entry for a given key is a a list of all names which point to this key). The -- * key is included in the value iff we saw a file or symlink with that name. In other words, if we -- * have a key, but it is not present in the value for itself, there was an alias pointing to it, but -- * the unit itself is not loadable. -- * -- * At the same, build a cache of paths where to find units. -- */ -- -- _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; -- _cleanup_set_free_free_ Set *paths = NULL; -- char **dir; -- int r; -- -- if (ret_path_cache) { -- paths = set_new(&path_hash_ops); -- if (!paths) -- return log_oom(); -- } -- -- STRV_FOREACH(dir, (char**) lp->search_path) { -- struct dirent *de; -- _cleanup_closedir_ DIR *d = NULL; -- -- d = opendir(*dir); -- if (!d) { -- if (errno != ENOENT) -- log_warning_errno(errno, "Failed to open \"%s\", ignoring: %m", *dir); -- continue; -- } -- -- FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { -- char *filename; -- _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; -- const char *suffix, *dst = NULL; -- bool valid_unit_name; -- -- valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY); -- -- /* We only care about valid units and dirs with certain suffixes, let's ignore the -- * rest. */ -- if (!valid_unit_name && -- !ENDSWITH_SET(de->d_name, ".wants", ".requires", ".d")) -- continue; -- -- filename = path_join(*dir, de->d_name); -- if (!filename) -- return log_oom(); -- -- if (ret_path_cache) { -- r = set_consume(paths, filename); -- if (r < 0) -- return log_oom(); -- /* We will still use filename below. This is safe because we know the set -- * holds a reference. */ -- } else -- _filename_free = filename; /* Make sure we free the filename. */ -- -- if (!valid_unit_name) -- continue; -- assert_se(suffix = strrchr(de->d_name, '.')); -- -- /* search_path is ordered by priority (highest first). If the name is already mapped -- * to something (incl. itself), it means that we have already seen it, and we should -- * ignore it here. */ -- if (hashmap_contains(ids, de->d_name)) -- continue; -- -- if (de->d_type == DT_LNK) { -- /* We don't explicitly check for alias loops here. unit_ids_map_get() which -- * limits the number of hops should be used to access the map. */ -- -- _cleanup_free_ char *target = NULL, *target_abs = NULL; -- -- r = readlinkat_malloc(dirfd(d), de->d_name, &target); -- if (r < 0) { -- log_warning_errno(r, "Failed to read symlink %s/%s, ignoring: %m", -- *dir, de->d_name); -- continue; -- } -- -- if (!path_is_absolute(target)) { -- target_abs = path_join(*dir, target); -- if (!target_abs) -- return log_oom(); -- -- free_and_replace(target, target_abs); -- } -- -- /* Get rid of "." and ".." components in target path */ -- r = chase_symlinks(target, lp->root_dir, CHASE_NOFOLLOW | CHASE_NONEXISTENT, &simplified); -- if (r < 0) { -- log_warning_errno(r, "Failed to resolve symlink %s pointing to %s, ignoring: %m", -- filename, target); -- continue; -- } -- -- /* Check if the symlink goes outside of our search path. -- * If yes, it's a linked unit file or mask, and we don't care about the target name. -- * Let's just store the link destination directly. -- * If not, let's verify that it's a good symlink. */ -- char *tail = path_startswith_strv(simplified, lp->search_path); -- if (tail) { -- bool self_alias; -- -- dst = basename(simplified); -- self_alias = streq(dst, de->d_name); -- -- if (is_path(tail)) -- log_full(self_alias ? LOG_DEBUG : LOG_WARNING, -- "Suspicious symlink %s→%s, treating as alias.", -- filename, simplified); -- -- r = unit_validate_alias_symlink_and_warn(filename, simplified); -- if (r < 0) -- continue; -- -- if (self_alias) { -- /* A self-alias that has no effect */ -- log_debug("%s: self-alias: %s/%s → %s, ignoring.", -- __func__, *dir, de->d_name, dst); -- continue; -- } -- -- log_debug("%s: alias: %s/%s → %s", __func__, *dir, de->d_name, dst); -- } else { -- dst = simplified; -- -- log_debug("%s: linked unit file: %s/%s → %s", __func__, *dir, de->d_name, dst); -- } -- -- } else { -- dst = filename; -- log_debug("%s: normal unit file: %s", __func__, dst); -- } -- -- r = hashmap_put_strdup(&ids, de->d_name, dst); -- if (r < 0) -- return log_warning_errno(r, "Failed to add entry to hashmap (%s→%s): %m", -- de->d_name, dst); -- } -- } -- -- /* Let's also put the names in the reverse db. */ -- Iterator it; -- const char *dummy, *src; -- HASHMAP_FOREACH_KEY(dummy, src, ids, it) { -- const char *dst; -- -- r = unit_ids_map_get(ids, src, &dst); -- if (r < 0) -- continue; -- -- if (null_or_empty_path(dst) != 0) -- continue; -- -- /* Do not treat instance symlinks that point to the template as aliases */ -- if (unit_name_is_valid(basename(dst), UNIT_NAME_TEMPLATE) && -- unit_name_is_valid(src, UNIT_NAME_INSTANCE)) -- continue; -- -- r = string_strv_hashmap_put(&names, basename(dst), src); -- if (r < 0) -- return log_warning_errno(r, "Failed to add entry to hashmap (%s→%s): %m", -- basename(dst), src); -- } -- -- *ret_unit_ids_map = TAKE_PTR(ids); -- *ret_unit_names_map = TAKE_PTR(names); -- if (ret_path_cache) -- *ret_path_cache = TAKE_PTR(paths); -- -- return 0; --} -- --int unit_file_find_fragment( -- Hashmap *unit_ids_map, -- Hashmap *unit_name_map, -- const char *unit_name, -- const char **ret_fragment_path, -- Set **ret_names) { -- -- const char *fragment = NULL; -- _cleanup_free_ char *template = NULL, *instance = NULL; -- _cleanup_set_free_free_ Set *names = NULL; -- char **t, **nnn; -- int r, name_type; -- -- /* Finds a fragment path, and returns the set of names: -- * if we have …/foo.service and …/foo-alias.service→foo.service, -- * and …/foo@.service and …/foo-alias@.service→foo@.service, -- * and …/foo@inst.service, -- * this should return: -- * foo.service → …/foo.service, {foo.service, foo-alias.service}, -- * foo-alias.service → …/foo.service, {foo.service, foo-alias.service}, -- * foo@.service → …/foo@.service, {foo@.service, foo-alias@.service}, -- * foo-alias@.service → …/foo@.service, {foo@.service, foo-alias@.service}, -- * foo@bar.service → …/foo@.service, {foo@bar.service, foo-alias@bar.service}, -- * foo-alias@bar.service → …/foo@.service, {foo@bar.service, foo-alias@bar.service}, -- * foo-alias@inst.service → …/foo@inst.service, {foo@inst.service, foo-alias@inst.service}. -- */ -- -- name_type = unit_name_to_instance(unit_name, &instance); -- if (name_type < 0) -- return name_type; -- -- names = set_new(&string_hash_ops); -- if (!names) -- return -ENOMEM; -- -- /* The unit always has its own name if it's not a template. */ -- if (IN_SET(name_type, UNIT_NAME_PLAIN, UNIT_NAME_INSTANCE)) { -- r = set_put_strdup(names, unit_name); -- if (r < 0) -- return r; -- } -- -- /* First try to load fragment under the original name */ -- r = unit_ids_map_get(unit_ids_map, unit_name, &fragment); -- if (r < 0 && !IN_SET(r, -ENOENT, -ENXIO)) -- return log_debug_errno(r, "Cannot load unit %s: %m", unit_name); -- -- if (fragment) { -- /* Add any aliases of the original name to the set of names */ -- nnn = hashmap_get(unit_name_map, basename(fragment)); -- STRV_FOREACH(t, nnn) { -- if (name_type == UNIT_NAME_INSTANCE && unit_name_is_valid(*t, UNIT_NAME_TEMPLATE)) { -- char *inst; -- -- r = unit_name_replace_instance(*t, instance, &inst); -- if (r < 0) -- return log_debug_errno(r, "Cannot build instance name %s+%s: %m", *t, instance); -- -- if (!streq(unit_name, inst)) -- log_debug("%s: %s has alias %s", __func__, unit_name, inst); -- -- log_info("%s: %s+%s → %s", __func__, *t, instance, inst); -- r = set_consume(names, inst); -- } else { -- if (!streq(unit_name, *t)) -- log_debug("%s: %s has alias %s", __func__, unit_name, *t); -- -- r = set_put_strdup(names, *t); -- } -- if (r < 0) -- return r; -- } -- } -- -- if (!fragment && name_type == UNIT_NAME_INSTANCE) { -- /* Look for a fragment under the template name */ -- -- r = unit_name_template(unit_name, &template); -- if (r < 0) -- return log_error_errno(r, "Failed to determine template name: %m"); -- -- r = unit_ids_map_get(unit_ids_map, template, &fragment); -- if (r < 0 && !IN_SET(r, -ENOENT, -ENXIO)) -- return log_debug_errno(r, "Cannot load template %s: %m", template); -- -- if (fragment) { -- /* Add any aliases of the original name to the set of names */ -- nnn = hashmap_get(unit_name_map, basename(fragment)); -- STRV_FOREACH(t, nnn) { -- _cleanup_free_ char *inst = NULL; -- const char *inst_fragment = NULL; -- -- r = unit_name_replace_instance(*t, instance, &inst); -- if (r < 0) -- return log_debug_errno(r, "Cannot build instance name %s+%s: %m", template, instance); -- -- /* Exclude any aliases that point in some other direction. */ -- r = unit_ids_map_get(unit_ids_map, inst, &inst_fragment); -- if (r < 0 && !IN_SET(r, -ENOENT, -ENXIO)) -- return log_debug_errno(r, "Cannot find instance fragment %s: %m", inst); -- -- if (inst_fragment && -- !streq(basename(inst_fragment), basename(fragment))) { -- log_debug("Instance %s has fragment %s and is not an alias of %s.", -- inst, inst_fragment, unit_name); -- continue; -- } -- -- if (!streq(unit_name, inst)) -- log_debug("%s: %s has alias %s", __func__, unit_name, inst); -- r = set_consume(names, TAKE_PTR(inst)); -- if (r < 0) -- return r; -- } -- } -- } -- -- *ret_fragment_path = fragment; -- *ret_names = TAKE_PTR(names); -- -- // FIXME: if instance, consider any unit names with different template name -- return 0; --} -diff --git a/src/shared/unit-file.h b/src/shared/unit-file.h -index 52e17f7..e57f472 100644 ---- a/src/shared/unit-file.h -+++ b/src/shared/unit-file.h -@@ -3,12 +3,10 @@ - - #include - --#include "hashmap.h" - #include "unit-name.h" - - typedef enum UnitFileState UnitFileState; - typedef enum UnitFileScope UnitFileScope; --typedef struct LookupPaths LookupPaths; - - enum UnitFileState { - UNIT_FILE_ENABLED, -@@ -39,16 +37,3 @@ bool unit_type_may_alias(UnitType type) _const_; - bool unit_type_may_template(UnitType type) _const_; - - int unit_validate_alias_symlink_and_warn(const char *filename, const char *target); -- --int unit_file_build_name_map( -- const LookupPaths *lp, -- Hashmap **ret_unit_ids_map, -- Hashmap **ret_unit_names_map, -- Set **ret_path_cache); -- --int unit_file_find_fragment( -- Hashmap *unit_ids_map, -- Hashmap *unit_name_map, -- const char *unit_name, -- const char **ret_fragment_path, -- Set **names); -diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 69063ee..48e0bad 100644 ---- a/src/systemctl/systemctl.c -+++ b/src/systemctl/systemctl.c -@@ -33,7 +33,6 @@ - #include "cgroup-util.h" - #include "copy.h" - #include "cpu-set-util.h" --#include "dirent-util.h" - #include "dropin.h" - #include "efivars.h" - #include "env-util.h" -@@ -167,18 +166,12 @@ static bool arg_jobs_before = false; - static bool arg_jobs_after = false; - static char **arg_clean_what = NULL; - --/* This is a global cache that will be constructed on first use. */ --static Hashmap *cached_id_map = NULL; --static Hashmap *cached_name_map = NULL; -- - STATIC_DESTRUCTOR_REGISTER(arg_wall, strv_freep); - STATIC_DESTRUCTOR_REGISTER(arg_root, freep); - STATIC_DESTRUCTOR_REGISTER(arg_types, strv_freep); - STATIC_DESTRUCTOR_REGISTER(arg_states, strv_freep); - STATIC_DESTRUCTOR_REGISTER(arg_properties, strv_freep); - STATIC_DESTRUCTOR_REGISTER(arg_clean_what, strv_freep); --STATIC_DESTRUCTOR_REGISTER(cached_id_map, hashmap_freep); --STATIC_DESTRUCTOR_REGISTER(cached_name_map, hashmap_freep); - - static int daemon_reload(int argc, char *argv[], void* userdata); - static int trivial_method(int argc, char *argv[], void *userdata); -@@ -2590,24 +2583,38 @@ static int unit_find_paths( - return log_error_errno(r, "Failed to get DropInPaths: %s", bus_error_message(&error, r)); - } - } else { -- const char *_path; -- _cleanup_set_free_free_ Set *names = NULL; -+ _cleanup_set_free_ Set *names = NULL; -+ _cleanup_free_ char *template = NULL; - -- if (!cached_name_map) { -- r = unit_file_build_name_map(lp, &cached_id_map, &cached_name_map, NULL); -- if (r < 0) -- return r; -- } -+ names = set_new(NULL); -+ if (!names) -+ return log_oom(); - -- r = unit_file_find_fragment(cached_id_map, cached_name_map, unit_name, &_path, &names); -+ r = unit_find_template_path(unit_name, lp, &path, &template); - if (r < 0) - return r; -+ if (r > 0) { -+ if (null_or_empty_path(path)) -+ /* The template is masked. Let's cut the process short. */ -+ return -ERFKILL; -+ -+ /* We found the unit file. If we followed symlinks, this name might be -+ * different then the unit_name with started with. Look for dropins matching -+ * that "final" name. */ -+ r = set_put(names, basename(path)); -+ } else if (!template) -+ /* No unit file, let's look for dropins matching the original name. -+ * systemd has fairly complicated rules (based on unit type and provenience), -+ * which units are allowed not to have the main unit file. We err on the -+ * side of including too many files, and always try to load dropins. */ -+ r = set_put(names, unit_name); -+ else -+ /* The cases where we allow a unit to exist without the main file are -+ * never valid for templates. Don't try to load dropins in this case. */ -+ goto not_found; - -- if (_path) { -- path = strdup(_path); -- if (!path) -- return log_oom(); -- } -+ if (r < 0) -+ return log_error_errno(r, "Failed to add unit name: %m"); - - if (ret_dropin_paths) { - r = unit_file_find_dropin_paths(arg_root, lp->search_path, NULL, -diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c -index 988ac15..b626b5f 100644 ---- a/src/test/test-unit-file.c -+++ b/src/test/test-unit-file.c -@@ -25,50 +25,10 @@ static void test_unit_validate_alias_symlink_and_warn(void) { - assert_se(unit_validate_alias_symlink_and_warn("/path/a.slice", "/other/b.slice") == -EINVAL); - } - --static void test_unit_file_build_name_map(char **ids) { -- _cleanup_(lookup_paths_free) LookupPaths lp = {}; -- _cleanup_hashmap_free_ Hashmap *unit_ids = NULL; -- _cleanup_hashmap_free_ Hashmap *unit_names = NULL; -- Iterator i; -- const char *k, *dst; -- char **v; -- -- assert_se(lookup_paths_init(&lp, UNIT_FILE_SYSTEM, 0, NULL) >= 0); -- -- assert_se(unit_file_build_name_map(&lp, &unit_ids, &unit_names, NULL) == 0); -- -- HASHMAP_FOREACH_KEY(dst, k, unit_ids, i) -- log_info("ids: %s → %s", k, dst); -- -- HASHMAP_FOREACH_KEY(v, k, unit_names, i) { -- _cleanup_free_ char *j = strv_join(v, ", "); -- log_info("aliases: %s ← %s", k, j); -- } -- -- char **id; -- STRV_FOREACH(id, ids) { -- const char *fragment, *name; -- Iterator it; -- _cleanup_set_free_free_ Set *names = NULL; -- log_info("*** %s ***", *id); -- r = unit_file_find_fragment(unit_ids, -- unit_names, -- *id, -- &fragment, -- &names); -- assert(r == 0); -- log_info("fragment: %s", fragment); -- log_info("names:"); -- SET_FOREACH(name, names, it) -- log_info(" %s", name); -- } --} -- - int main(int argc, char **argv) { - test_setup_logging(LOG_DEBUG); - - test_unit_validate_alias_symlink_and_warn(); -- test_unit_file_build_name_map(strv_skip(argv, 1)); - - return 0; - } -diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh -index 2cef5a3..f785680 100755 ---- a/test/TEST-15-DROPIN/test-dropin.sh -+++ b/test/TEST-15-DROPIN/test-dropin.sh -@@ -158,14 +158,14 @@ EOF - systemctl show -p Names,Requires bar@0 - systemctl show -p Names,Requires bar-alias@0 - check_ok bar@0 Names bar@0 -- check_ok bar@0 Names bar-alias@0 -+ check_ko bar@0 Names bar-alias@0 - - check_ok bar@0 After bar-template-after.device - - check_ok bar@0 Requires bar-0-requires.device -- check_ok bar@0 Requires bar-alias-0-requires.device -+ check_ko bar@0 Requires bar-alias-0-requires.device - check_ok bar@0 Requires bar-template-requires.device -- check_ok bar@0 Requires bar-alias-template-requires.device -+ check_ko bar@0 Requires bar-alias-template-requires.device - check_ko bar@0 Requires yup-template-requires.device - - check_ok bar-alias@0 After bar-template-after.device -@@ -181,15 +181,15 @@ EOF - systemctl show -p Names,Requires bar@1 - systemctl show -p Names,Requires bar-alias@1 - check_ok bar@1 Names bar@1 -- check_ok bar@1 Names bar-alias@1 -+ check_ko bar@1 Names bar-alias@1 - - check_ok bar@1 After bar-template-after.device - - check_ok bar@1 Requires bar-1-requires.device -- check_ok bar@1 Requires bar-alias-1-requires.device -+ check_ko bar@1 Requires bar-alias-1-requires.device - check_ok bar@1 Requires bar-template-requires.device - # See https://github.com/systemd/systemd/pull/13119#discussion_r308145418 -- check_ok bar@1 Requires bar-alias-template-requires.device -+ check_ko bar@1 Requires bar-alias-template-requires.device - check_ko bar@1 Requires yup-template-requires.device - check_ko bar@1 Requires yup-1-requires.device - -@@ -241,14 +241,14 @@ EOF - check_ko bar@3 Requires yup-template-requires.device - check_ko bar@3 Requires yup-3-requires.device - -- check_ko bar-alias@3 After bar-template-after.device -+ check_ok bar-alias@3 After bar-template-after.device - -- check_ko bar-alias@3 Requires bar-3-requires.device -+ check_ok bar-alias@3 Requires bar-3-requires.device - check_ok bar-alias@3 Requires bar-alias-3-requires.device -- check_ko bar-alias@3 Requires bar-template-requires.device -+ check_ok bar-alias@3 Requires bar-template-requires.device - check_ok bar-alias@3 Requires bar-alias-template-requires.device -- check_ok bar-alias@3 Requires yup-template-requires.device -- check_ok bar-alias@3 Requires yup-3-requires.device -+ check_ko bar-alias@3 Requires yup-template-requires.device -+ check_ko bar-alias@3 Requires yup-3-requires.device - - clear_services foo {bar,yup,bar-alias}@{,1,2,3} - } -@@ -267,7 +267,14 @@ test_alias_dropins () { - rm /etc/systemd/system/b1.service - clear_services a b - -- # Check that dependencies don't vary. -+ # A weird behavior: the dependencies for 'a' may vary. It can be -+ # changed by loading an alias... -+ # -+ # [1] 'a1' is loaded and then "renamed" into 'a'. 'a1' is therefore -+ # part of the names set so all its specific dropins are loaded. -+ # -+ # [2] 'a' is already loaded. 'a1' is simply only merged into 'a' so -+ # none of its dropins are loaded ('y' is missing from the deps). - echo "*** test 2" - create_services a x y - mkdir -p /etc/systemd/system/a1.service.wants/ -@@ -278,7 +285,7 @@ test_alias_dropins () { - check_ok a1 Wants y.service - systemctl start a - check_ok a1 Wants x.service # see [2] -- check_ok a1 Wants y.service -+ check_ko a1 Wants y.service - systemctl stop a x y - rm /etc/systemd/system/a1.service - --- -1.8.3.1 - diff --git a/revert-rpm-restart-services-in-posttrans.patch b/revert-rpm-restart-services-in-posttrans.patch new file mode 100644 index 0000000000000000000000000000000000000000..01e6f751cbe1d2b717c739f2e5411f77b83ccedb --- /dev/null +++ b/revert-rpm-restart-services-in-posttrans.patch @@ -0,0 +1,31 @@ +From 3b2ba67cfc83905a88e3ebb88a2b43222a06e869 Mon Sep 17 00:00:00 2001 +From: wangyuhang +Date: Fri, 17 Jun 2022 14:26:16 +0800 +Subject: [PATCH] revert rpm: restart services in %posttrans +Reason:In version 22.03, if we do not add 'systemctl reload or restart --marked' in +%transfiletriggerpostun, %systemd_postun_with_restart will not restart the +service. In order to maintain compatibility with version 20.03, revert the commit +and use the version 20.03 scheme + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fa97d2fcf64e0558054bee673f734f523373b146 +--- + src/rpm/macros.systemd.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in +index 8880078..b1a297e 100644 +--- a/src/rpm/macros.systemd.in ++++ b/src/rpm/macros.systemd.in +@@ -89,7 +89,7 @@ fi \ + %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ + if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ + # Package upgrade, not uninstall \ +- {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ ++ %{_bindir}/systemctl try-restart %{?*} || : \ + fi \ + %{nil} + +-- +2.33.0 + diff --git a/revert-shared-unit-file-add-a-function-to-validate-u.patch b/revert-shared-unit-file-add-a-function-to-validate-u.patch deleted file mode 100644 index 89667563b160521dffa303b42674de1b8a3b53a9..0000000000000000000000000000000000000000 --- a/revert-shared-unit-file-add-a-function-to-validate-u.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 7d1e91d1a9504ab1bc03894038f90a8e87a4e982 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 2 Apr 2019 11:22:56 +0200 -Subject: [PATCH] shared/unit-file: add a function to validate unit alias - symlinks - -It turns out most possible symlinks are invalid, because the type has to match, -and template units can only be linked to template units. - -I'm not sure if the existing code made the same checks consistently. At least -I don't see the same rules expressed in a single place. - -revert shared unit file add a function to validate unit alias symlinks ---- - src/shared/unit-file.c | 73 ----------------------------------------------- - src/shared/unit-file.h | 2 -- - src/test/meson.build | 4 --- - src/test/test-unit-file.c | 34 ---------------------- - 4 files changed, 113 deletions(-) - delete mode 100644 src/test/test-unit-file.c - -diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c -index cde38c4..deed7dc 100644 ---- a/src/shared/unit-file.c -+++ b/src/shared/unit-file.c -@@ -1,7 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1+ */ - - #include "macro.h" --#include "string-util.h" - #include "unit-file.h" - - bool unit_type_may_alias(UnitType type) { -@@ -22,75 +21,3 @@ bool unit_type_may_template(UnitType type) { - UNIT_TIMER, - UNIT_PATH); - } -- --int unit_validate_alias_symlink_and_warn(const char *filename, const char *target) { -- const char *src, *dst; -- _cleanup_free_ char *src_instance = NULL, *dst_instance = NULL; -- UnitType src_unit_type, dst_unit_type; -- int src_name_type, dst_name_type; -- -- /* Check if the *alias* symlink is valid. This applies to symlinks like -- * /etc/systemd/system/dbus.service → dbus-broker.service, but not to .wants or .requires symlinks -- * and such. Neither does this apply to symlinks which *link* units, i.e. symlinks to outside of the -- * unit lookup path. -- * -- * -EINVAL is returned if the something is wrong with the source filename or the source unit type is -- * not allowed to symlink, -- * -EXDEV if the target filename is not a valid unit name or doesn't match the source. -- */ -- -- src = basename(filename); -- dst = basename(target); -- -- /* src checks */ -- -- src_name_type = unit_name_to_instance(src, &src_instance); -- if (src_name_type < 0) -- return log_notice_errno(src_name_type, -- "%s: not a valid unit name \"%s\": %m", filename, src); -- -- src_unit_type = unit_name_to_type(src); -- assert(src_unit_type >= 0); /* unit_name_to_instance() checked the suffix already */ -- -- if (!unit_type_may_alias(src_unit_type)) -- return log_notice_errno(SYNTHETIC_ERRNO(EINVAL), -- "%s: symlinks are not allowed for units of this type, rejecting.", -- filename); -- -- if (src_name_type != UNIT_NAME_PLAIN && -- !unit_type_may_template(src_unit_type)) -- return log_notice_errno(SYNTHETIC_ERRNO(EINVAL), -- "%s: templates not allowed for %s units, rejecting.", -- filename, unit_type_to_string(src_unit_type)); -- -- /* dst checks */ -- -- dst_name_type = unit_name_to_instance(dst, &dst_instance); -- if (dst_name_type < 0) -- return log_notice_errno(dst_name_type == -EINVAL ? SYNTHETIC_ERRNO(EXDEV) : dst_name_type, -- "%s points to \"%s\" which is not a valid unit name: %m", -- filename, dst); -- -- if (!(dst_name_type == src_name_type || -- (src_name_type == UNIT_NAME_INSTANCE && dst_name_type == UNIT_NAME_TEMPLATE))) -- return log_notice_errno(SYNTHETIC_ERRNO(EXDEV), -- "%s: symlink target name type \"%s\" does not match source, rejecting.", -- filename, dst); -- -- if (dst_name_type == UNIT_NAME_INSTANCE) { -- assert(src_instance); -- assert(dst_instance); -- if (!streq(src_instance, dst_instance)) -- return log_notice_errno(SYNTHETIC_ERRNO(EXDEV), -- "%s: unit symlink target \"%s\" instance name doesn't match, rejecting.", -- filename, dst); -- } -- -- dst_unit_type = unit_name_to_type(dst); -- if (dst_unit_type != src_unit_type) -- return log_notice_errno(SYNTHETIC_ERRNO(EXDEV), -- "%s: symlink target \"%s\" has incompatible suffix, rejecting.", -- filename, dst); -- -- return 0; --} -diff --git a/src/shared/unit-file.h b/src/shared/unit-file.h -index e57f472..2b9df65 100644 ---- a/src/shared/unit-file.h -+++ b/src/shared/unit-file.h -@@ -35,5 +35,3 @@ enum UnitFileScope { - - bool unit_type_may_alias(UnitType type) _const_; - bool unit_type_may_template(UnitType type) _const_; -- --int unit_validate_alias_symlink_and_warn(const char *filename, const char *target); -diff --git a/src/test/meson.build b/src/test/meson.build -index de31e97..5625e68 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -137,10 +137,6 @@ tests += [ - [], - 'ENABLE_EFI'], - -- [['src/test/test-unit-file.c'], -- [], -- []], -- - [['src/test/test-unit-name.c', - 'src/test/test-helper.c'], - [libcore, -diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c -deleted file mode 100644 -index b626b5f..0000000 ---- a/src/test/test-unit-file.c -+++ /dev/null -@@ -1,34 +0,0 @@ --/* SPDX-License-Identifier: LGPL-2.1+ */ -- --#include "path-lookup.h" --#include "set.h" --#include "strv.h" --#include "tests.h" --#include "unit-file.h" -- --static void test_unit_validate_alias_symlink_and_warn(void) { -- log_info("/* %s */", __func__); -- -- assert_se(unit_validate_alias_symlink_and_warn("/path/a.service", "/other/b.service") == 0); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a.service", "/other/b.socket") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a.service", "/other/b.foobar") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@.service", "/other/b@.service") == 0); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@.service", "/other/b@.socket") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@XXX.service", "/other/b@YYY.service") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@XXX.service", "/other/b@YYY.socket") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@.service", "/other/b@YYY.service") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@XXX.service", "/other/b@XXX.service") == 0); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@XXX.service", "/other/b@.service") == 0); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@.service", "/other/b.service") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a.service", "/other/b@.service") == -EXDEV); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a@.slice", "/other/b.slice") == -EINVAL); -- assert_se(unit_validate_alias_symlink_and_warn("/path/a.slice", "/other/b.slice") == -EINVAL); --} -- --int main(int argc, char **argv) { -- test_setup_logging(LOG_DEBUG); -- -- test_unit_validate_alias_symlink_and_warn(); -- -- return 0; --} --- -1.8.3.1 - diff --git a/rules-add-elevator-kernel-command-line-parameter.patch b/rules-add-elevator-kernel-command-line-parameter.patch index 9b2c69ef346250de1962790f7183a32d10e55785..4e5f12616f1a04ed272e7ec65ad8fadbce67d6ab 100644 --- a/rules-add-elevator-kernel-command-line-parameter.patch +++ b/rules-add-elevator-kernel-command-line-parameter.patch @@ -6,17 +6,16 @@ Subject: [PATCH] rules: add elevator= kernel command line parameter Kernel removed the elevator= option Resolves: #1670126 - --- - rules/40-elevator.rules | 20 ++++++++++++++++++++ + rules.d/40-elevator.rules | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) - create mode 100644 rules/40-elevator.rules + create mode 100644 rules.d/40-elevator.rules -diff --git a/rules/40-elevator.rules b/rules/40-elevator.rules +diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules new file mode 100644 -index 0000000..dbe8fc8 +index 0000000000..5f615bf51a --- /dev/null -+++ b/rules/40-elevator.rules ++++ b/rules.d/40-elevator.rules @@ -0,0 +1,20 @@ +# We aren't adding devices skip the elevator check +ACTION!="add", GOTO="sched_out" @@ -39,5 +38,5 @@ index 0000000..dbe8fc8 + +LABEL="sched_out" -- -1.8.3.1 +2.23.0 diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch index a9a20f1462bd6603e2687c0277cedddc7ac4b019..19893e37501075a92fd324d05eecd1d4e224c2cd 100644 --- a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +++ b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch @@ -6,16 +6,16 @@ Subject: rules: add rule for naming Dell iDRAC USB Virtual NIC Related: #1523227 --- - rules/73-idrac.rules | 6 ++++++ - rules/meson.build | 1 + + rules.d/73-idrac.rules | 6 ++++++ + rules.d/meson.build | 1 + 2 files changed, 7 insertions(+) - create mode 100644 rules/73-idrac.rules + create mode 100644 rules.d/73-idrac.rules -diff --git a/rules/73-idrac.rules b/rules/73-idrac.rules +diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules new file mode 100644 index 0000000..d67fc42 --- /dev/null -+++ b/rules/73-idrac.rules ++++ b/rules.d/73-idrac.rules @@ -0,0 +1,6 @@ +# do not edit this file, it will be overwritten on update + @@ -23,18 +23,18 @@ index 0000000..d67fc42 +# with terminates in the iDRAC. Help identify this with 'idrac' + +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" -diff --git a/rules/meson.build b/rules/meson.build -index e7e4362..e04a18a 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -17,6 +17,7 @@ rules = files(''' - 70-joystick.rules - 70-mouse.rules - 70-touchpad.rules -+ 73-idrac.rules - 75-net-description.rules - 75-probe_mtd.rules - 78-sound-card.rules +diff --git a/rules.d/meson.build b/rules.d/meson.build +index cba9dd4..39e174d 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -24,6 +24,7 @@ rules = [ + '70-joystick.rules', + '70-mouse.rules', + '70-touchpad.rules', ++ '73-idrac.rules', + '75-net-description.rules', + '75-probe_mtd.rules', + '78-sound-card.rules', -- -1.8.3.1 +2.33.0 diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/rules-add-the-rule-that-adds-elevator-kernel-command.patch index dd20b73f0b16b12f0cafbbdaa7aca5f06c369cb4..741d154c5e73b5703326c00b711dec52228c3477 100644 --- a/rules-add-the-rule-that-adds-elevator-kernel-command.patch +++ b/rules-add-the-rule-that-adds-elevator-kernel-command.patch @@ -7,21 +7,23 @@ Subject: [PATCH] rules: add the rule that adds elevator= kernel Resolves: #1670126 --- - rules/meson.build | 1 + - 1 file changed, 1 insertion(+) + rules.d/meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/rules/meson.build b/rules/meson.build -index 1da958b..043313a 100644 ---- a/rules/meson.build -+++ b/rules/meson.build -@@ -1,6 +1,7 @@ - # SPDX-License-Identifier: LGPL-2.1+ +diff --git a/rules.d/meson.build b/rules.d/meson.build +index 6a78e78..3e5c90b 100644 +--- a/rules.d/meson.build ++++ b/rules.d/meson.build +@@ -5,7 +5,8 @@ install_data( + install_dir : udevrulesdir) - rules = files(''' -+ 40-elevator.rules - 60-block.rules - 60-block-scheduler.rules - 60-cdrom_id.rules + rules = [ +- [files('60-autosuspend.rules', ++ [files('40-elevator.rules', ++ '60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', + '60-dmi-id.rules', -- -2.19.1 +2.33.0 diff --git a/sd-bus-properly-initialize-containers.patch b/sd-bus-properly-initialize-containers.patch index a6583b82977dfeb64437b1849de90e7f0724c834..3f74b2ee38598a2aafb43cae177f0e0d26e4dee7 100644 --- a/sd-bus-properly-initialize-containers.patch +++ b/sd-bus-properly-initialize-containers.patch @@ -15,17 +15,17 @@ Related: #1635435 1 file changed, 1 insertion(+) diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index eb029e4..e0c8338 100644 +index 9719f97..ec6cd57 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c -@@ -2051,6 +2051,7 @@ _public_ int sd_bus_message_open_container( +@@ -1783,6 +1783,7 @@ _public_ int sd_bus_message_open_container( .enclosing = type, .signature = TAKE_PTR(signature), .array_size = array_size, -+ .peeked_signature = NULL, ++ .peeked_signature = NULL, .before = before, .begin = begin, - .need_offsets = need_offsets, + }; -- -2.19.1 +2.33.0 diff --git a/sd-journal-close-journal-files-that-were-deleted-by-.patch b/sd-journal-close-journal-files-that-were-deleted-by-.patch deleted file mode 100644 index 4d6247fe6581093d519b72841175a870e6a1e062..0000000000000000000000000000000000000000 --- a/sd-journal-close-journal-files-that-were-deleted-by-.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= -Date: Tue, 4 Feb 2020 14:23:14 +0100 -Subject: [PATCH] sd-journal: close journal files that were deleted by journald - before we've setup inotify watch -url:https://github.com/systemd/systemd/commit/28ca867abdb20d0e4ac1901e2ed669cdb41ea3f6.patch - -Fixes #14695 ---- - src/journal/journal-file.c | 2 +- - src/journal/journal-file.h | 1 + - src/journal/sd-journal.c | 15 +++++++++++++++ - 3 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c -index 505191999b..bd53635860 100644 ---- a/src/journal/journal-file.c -+++ b/src/journal/journal-file.c -@@ -601,7 +601,7 @@ static int journal_file_verify_header(JournalFile *f) { - return 0; - } - --static int journal_file_fstat(JournalFile *f) { -+int journal_file_fstat(JournalFile *f) { - int r; - - assert(f); -diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h -index 502f1f567d..cf0f7691fb 100644 ---- a/src/journal/journal-file.h -+++ b/src/journal/journal-file.h -@@ -145,6 +145,7 @@ int journal_file_open( - int journal_file_set_offline(JournalFile *f, bool wait); - bool journal_file_is_offlining(JournalFile *f); - JournalFile* journal_file_close(JournalFile *j); -+int journal_file_fstat(JournalFile *f); - DEFINE_TRIVIAL_CLEANUP_FUNC(JournalFile*, journal_file_close); - - int journal_file_open_reliably( -diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c -index bced8af3e3..3fa98dfda2 100644 ---- a/src/journal/sd-journal.c -+++ b/src/journal/sd-journal.c -@@ -2661,6 +2661,8 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) { - assert_return(!journal_pid_changed(j), -ECHILD); - - if (j->inotify_fd < 0) { -+ Iterator i; -+ JournalFile *f; - - /* This is the first invocation, hence create the - * inotify watch */ -@@ -2668,6 +2670,19 @@ _public_ int sd_journal_wait(sd_journal *j, uint64_t timeout_usec) { - if (r < 0) - return r; - -+ /* Server might have done some vacuuming while we weren't watching. -+ Get rid of the deleted files now so they don't stay around indefinitely. */ -+ ORDERED_HASHMAP_FOREACH(f, j->files, i) { -+ r = journal_file_fstat(f); -+ if (r < 0) { -+ log_debug_errno(r,"Failed to fstat() journal file '%s' : %m", f->path); -+ continue; -+ } -+ -+ if (f->last_stat.st_nlink <= 0) -+ remove_file_real(j, f); -+ } -+ - /* The journal might have changed since the context - * object was created and we weren't watching before, - * hence don't wait for anything, and return --- -2.19.1 - diff --git a/sense_data.py b/sense_data.py new file mode 100644 index 0000000000000000000000000000000000000000..043c2dbede94519d0d0302ab4088d9562e9a26fb --- /dev/null +++ b/sense_data.py @@ -0,0 +1,267 @@ +#!/usr/bin/env python + +import sys +import os +import re +import ctypes +import fcntl +import string + +MEET_NEWER_SAT = 0 +wwn = ctypes.c_uint64() + +BSG_PROTOCOL_SCSI = 0 # +BSG_SUB_PROTOCOL_SCSI_CMD = 0 # + +SG_DXFER_FROM_DEV = -3 # SCSI READ command + +ASCII_S = 83 # 'S' +ASCII_Q = 81 # 'Q' +SG_IO = 0x2285 # + + +""" +INQUIRY Command +https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100293068j.pdf +3.6.1 Section +""" + + +class inquiry_cmd(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + ("opcode", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("pagecode", ctypes.c_ubyte), + ("alloc_len_3", ctypes.c_ubyte), + ("alloc_len_4", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + ] + + +""" +ATA PASS-THROUGH (12) command +https://www.t10.org/ftp/t10/document.04/04-262r8.pdf +13.2.2 Section +""" + + +class ata_cmd_12(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + ("opcode", ctypes.c_ubyte), + ("protocol", ctypes.c_ubyte), + ("flags", ctypes.c_ubyte), + ("features", ctypes.c_ubyte), + ("sector_count", ctypes.c_ubyte), + ("lba_low", ctypes.c_ubyte), + ("lba_mid", ctypes.c_ubyte), + ("lba_high", ctypes.c_ubyte), + ("device", ctypes.c_ubyte), + ("command", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + ] + + +""" +ref: include/scsi/sg.h +""" + + +class sgio_hdr(ctypes.Structure): + _pack_ = 1 + _fields_ = [ + # [i] 'S' for SCSI generic (required) + ("interface_id", ctypes.c_int), + ("dxfer_direction", ctypes.c_int), # [i] data transfer direction + # [i] SCSI command length ( <= 16 bytes) + ("cmd_len", ctypes.c_ubyte), + ("mx_sb_len", ctypes.c_ubyte), # [i] max length to write to sbp + ("iovec_count", ctypes.c_ushort), # [i] 0 implies no scatter gather + ("dxfer_len", ctypes.c_uint), # [i] byte count of data transfer + # [i], [*io] points to data transfer memory + ("dxferp", ctypes.c_void_p), + # [i], [*i] points to command to perform + ("cmdp", ctypes.c_void_p), + # [i], [*o] points to sense_buffer memory + ("sbp", ctypes.c_void_p), + # [i] MAX_UINT->no timeout (unit: millisec) + ("timeout", ctypes.c_uint), + ("flags", ctypes.c_uint), # [i] 0 -> default, see SG_FLAG... + # [i->o] unused internally (normally) + ("pack_id", ctypes.c_int), + ("usr_ptr", ctypes.c_void_p), # [i->o] unused internally + ("status", ctypes.c_ubyte), # [o] scsi status + ("masked_status", ctypes.c_ubyte), # [o] shifted, masked scsi status + # [o] messaging level data (optional) + ("msg_status", ctypes.c_ubyte), + # [o] byte count actually written to sbp + ("sb_len_wr", ctypes.c_ubyte), + ("host_status", ctypes.c_ushort), # [o] errors from host adapter + ("driver_status", ctypes.c_ushort), # [o] errors from software driver + # [o] dxfer_len - actual_transferred + ("resid", ctypes.c_int), + # [o] time taken by cmd (unit: millisec) + ("duration", ctypes.c_uint), + ("info", ctypes.c_uint) # [o] auxiliary information + ] + + +def from_bytes(bytes_in_array, byteorder="big", signed=False): + if byteorder == "little": + little_ordered = list(bytes_in_array) + elif byteorder == "big": + little_ordered = list(reversed(bytes_in_array)) + else: + raise ValueError("byteorder must be either 'little' or 'big'") + + n = sum(b << i*8 for i, b in enumerate(little_ordered)) + if signed and little_ordered and (little_ordered[-1] & 0x80): + n -= 1 << 8*len(little_ordered) + + return n + + +def disk_scsi_inquiry_command(dev, buf): + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = inquiry_cmd(opcode=0x12, + reserved=0, + pagecode=0, + alloc_len_3=(buf_len >> 8), + alloc_len_4=(buf_len & 0xff), + control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if io_hdr.status != 0 or io_hdr.host_status != 0 or io_hdr.driver_status != 0 or ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + return True + + +def disk_identify_command(dev, buf): + global MEET_NEWER_SAT + MEET_NEWER_SAT = 0 + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = ata_cmd_12(opcode=0xa1, protocol=(4 << 1), flags=0x2e, + features=0, sector_count=1, lba_low=0, lba_mid=0, lba_high=0, + device=0 & 0x4F, command=0xEC, reserved=0, control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + if sense[0] == b'\x72' and sense[8] == b'\x09' and sense[9] == b'\x0c': + return True + + if sense[0] == b'\x70' and sense[12] == b'\x00' and sense[13] == b'\x1d': + MEET_NEWER_SAT = 1 + return True + + return False + + +def disk_identify(dev): + identify = ctypes.c_buffer(512) + inquiry_buf = ctypes.c_buffer(36) + ret = disk_scsi_inquiry_command(dev=dev, buf=inquiry_buf) + if not ret: + return False + + peripheral_device_type = from_bytes( + bytearray(inquiry_buf[0]), byteorder="little") & 0x1f + if peripheral_device_type == 0x05: + return False + + if not (peripheral_device_type == 0x00 or peripheral_device_type == 0x14): + return False + + if not disk_identify_command(dev=dev, buf=identify): + return False + + global wwn + wwn = ctypes.c_uint64() + identify = bytearray(identify) + wwn = from_bytes( + [identify[108 * 2], identify[108 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[109 * 2], identify[109 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[110 * 2], identify[110 * 2 + 1]], byteorder="little") + wwn = wwn << 16 + wwn |= from_bytes( + [identify[111 * 2], identify[111 * 2 + 1]], byteorder="little") + + return True + + +def check_ata_disk(): + ret = False + + for filename in os.listdir("/dev/"): + if not re.match("sd.*[^0-9]$|sr.*", filename): + continue + + if not disk_identify("/dev/"+filename): + continue + + global MEET_NEWER_SAT + if MEET_NEWER_SAT == 0: + continue + + for root, dirs, files in os.walk("/dev/disk/by-id/"): + global wwn + wwn_id = "wwn-0x%x" % wwn + if wwn_id not in files: + print("The wwn_id of device(%s) will change to 0x%x" % + ("/dev/"+filename, wwn)) + ret = True + + return ret + + +if __name__ == "__main__": + # exit with "1" if there is at least one disk's wwn_id will change from scsi_id to ata_id + if check_ata_disk(): + exit(1) + exit(0) diff --git a/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch b/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch new file mode 100644 index 0000000000000000000000000000000000000000..7c7f99bf0b69b8b07369be535db2d96da1384249 --- /dev/null +++ b/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch @@ -0,0 +1,39 @@ +From 22f8c4c2a22d9766d86b23429bd404a0864b0a9e Mon Sep 17 00:00:00 2001 +From: linfeilong +Date: Sat, 21 Oct 2017 14:48:18 +0800 +Subject: [PATCH] set forwardtowall no to avoid emerg log shown on shell + +--- + man/journald.conf.xml | 2 +- + src/journal/journald.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 44fd0d2..8d38fe3 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -292,7 +292,7 @@ + traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall + messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is + enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, +- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel ++ these four configs are all disabled. These settings may be overridden at boot time with the kernel + command line options systemd.journald.forward_to_syslog, + systemd.journald.forward_to_kmsg, + systemd.journald.forward_to_console, and +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 2f1c661..17dda27 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -32,7 +32,7 @@ + #ForwardToSyslog=no + #ForwardToKMsg=no + #ForwardToConsole=no +-#ForwardToWall=yes ++ForwardToWall=no + #TTYPath=/dev/console + #MaxLevelStore=debug + #MaxLevelSyslog=debug +-- +2.19.1 + diff --git a/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch b/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch new file mode 100644 index 0000000000000000000000000000000000000000..da49b050ec845e2db23c82ca682f41ad3bbb698d --- /dev/null +++ b/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch @@ -0,0 +1,46 @@ +From 14b69596b0bff64f7482d93ea3f043520a716921 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 8 Jun 2023 20:02:50 +0800 +Subject: [PATCH] set the cpuset.cpus/mems of machine.slice to all by default + This is necessary after merging core-cgroup-support-cpuset.patch. + +When creating a vm, libvirt will issue a dbus method_call to +systemd-machined. systemd-machined will start transient unit +usually named xxx.scope with Delegate=1 set after receiving +the method_call. If Delegate=1 is set, systemd will create +machine.slice in /sys/fs/cgroup for every cgroup subsystem, this +includes cpuset. cpuset is different, you can't migrate processes +to the created directory unless you have set proper cpuset.cpus +and cpuset.mems. + +Without this patch, libvirt sees machine.slice, it won't check +if cpuset.cpus or cpuset.mems is valid, and just migrate the vm +process to machine.slice. This action will fail because core-cgroup +-support-cpuset.patch only supports create the machine.slice +directory when Delegate=1 is set, but won't set cpuset.cpus +and cpuset.mems automatically. + +Now we have this patch, it will make systemd automatically set +cpuset.cpus and cpuset.mems according to /sys/fs/cgroup/cpuset/{ +cpuset.cpus, cpuset.mems}. Then libvirt can migrate vm processes +freely. +--- + units/machine.slice | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/units/machine.slice b/units/machine.slice +index 501d353..8d87851 100644 +--- a/units/machine.slice ++++ b/units/machine.slice +@@ -11,3 +11,8 @@ + Description=Virtual Machine and Container Slice + Documentation=man:systemd.special(7) + Before=slices.target ++ ++[Slice] ++CPUSetCpus=all ++CPUSetMems=all ++CPUSetCloneChildren=1 +-- +2.33.0 + diff --git a/shutdown-reboot-when-recieve-crash-signal.patch b/shutdown-reboot-when-recieve-crash-signal.patch new file mode 100644 index 0000000000000000000000000000000000000000..1081e8ca0dc5d715a5270ad4aad01027ec00e13d --- /dev/null +++ b/shutdown-reboot-when-recieve-crash-signal.patch @@ -0,0 +1,63 @@ +From 3ac4d1fc1a067afc0e0d4ca37a44ac252ee8b96b Mon Sep 17 00:00:00 2001 +From: xujing +Date: Tue, 8 Feb 2022 21:02:31 +0800 +Subject: [PATCH] shutdown: reboot when recieve crash signal + +--- + src/shutdown/shutdown.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index d6beb2d..ed1ce93 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -321,6 +321,26 @@ static void bump_sysctl_printk_log_level(int min_level) { + log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); + } + ++_noreturn_ static void crash(int sig) { ++ if (getpid_cached() != 1) ++ /* Pass this on immediately, if this is not PID 1 */ ++ (void) raise(sig); ++ else { ++ bool in_container = detect_container() > 0; ++ ++ log_info("Recieve signal %d.", sig); ++ ++ broadcast_signal(SIGTERM, true, true, arg_timeout); ++ broadcast_signal(SIGKILL, true, false, arg_timeout); ++ ++ if (!in_container) ++ sync_with_progress(); ++ ++ log_info("Rebooting now."); ++ (void) reboot(RB_AUTOBOOT); ++ } ++} ++ + static void init_watchdog(void) { + const char *s; + int r; +@@ -355,6 +375,19 @@ int main(int argc, char *argv[]) { + usec_t now_time, time_interval; + pid_t pid; + bool fork_failed = false; ++ static const struct sigaction sa = { ++ .sa_handler = crash, ++ .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ ++ }; ++ ++ (void) reset_all_signal_handlers(); ++ (void) ignore_signals(SIGNALS_IGNORE, -1); ++ ++ /* We ignore the return value here, since, we don't mind if we ++ * cannot set up a crash handler */ ++ r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); ++ if (r < 0) ++ log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m"); + + /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for + * example for logging. After all this tool's purpose is about detaching any pinned resources, and +-- +2.33.0 + diff --git a/support-disable-cgroup-controllers-we-don-t-want.patch b/support-disable-cgroup-controllers-we-don-t-want.patch new file mode 100644 index 0000000000000000000000000000000000000000..2211b5ef037ea561a805bd4f1b65ef896a4aaaa6 --- /dev/null +++ b/support-disable-cgroup-controllers-we-don-t-want.patch @@ -0,0 +1,216 @@ +From ef31366523d784d92f25abd99b3782acda29a01c Mon Sep 17 00:00:00 2001 +From: xujing +Date: Fri, 8 Jul 2022 19:47:45 +0800 +Subject: [PATCH] support disable cgroup controllers we don't want + +--- + src/basic/cgroup-util.c | 14 +++++++++++ + src/basic/cgroup-util.h | 1 + + src/core/cgroup.c | 1 + + src/core/main.c | 7 ++++++ + src/core/manager.h | 2 ++ + src/core/system.conf.in | 1 + + src/shared/conf-parser.c | 54 ++++++++++++++++++++++++++++++++++++++++ + src/shared/conf-parser.h | 1 + + 8 files changed, 81 insertions(+) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 3e60488..a555437 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2115,6 +2115,20 @@ int cg_mask_supported(CGroupMask *ret) { + return cg_mask_supported_subtree(root, ret); + } + ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret) { ++ int r; ++ ++ r = cg_all_unified(); ++ if (r < 0) ++ return r; ++ ++ /* We only care CGROUP_V1 */ ++ if (r == 0) ++ *ret &= ~disabled; ++ ++ return 0; ++} ++ + int cg_kernel_controllers(Set **ret) { + _cleanup_set_free_ Set *controllers = NULL; + _cleanup_fclose_ FILE *f = NULL; +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index eb7ace5..3eb14b8 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -303,6 +303,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); + + int cg_mask_supported(CGroupMask *ret); + int cg_mask_supported_subtree(const char *root, CGroupMask *ret); ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret); + int cg_mask_from_string(const char *s, CGroupMask *ret); + int cg_mask_to_string(CGroupMask mask, char **ret); + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 775ece5..88c976a 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -3922,6 +3922,7 @@ int manager_setup_cgroup(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m"); + m->cgroup_supported |= mask; ++ m->system_cgroup_supported = m->cgroup_supported; + + /* 10. Log which controllers are supported */ + for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) +diff --git a/src/core/main.c b/src/core/main.c +index 964adb5..8f01780 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -143,6 +143,7 @@ static bool arg_no_new_privs; + static nsec_t arg_timer_slack_nsec; + static Set* arg_syscall_archs; + static FILE* arg_serialization; ++static CGroupMask arg_disable_cgroup_controllers; + static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static CPUSet arg_cpu_affinity; +@@ -675,6 +676,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_defaults.rlimit }, + { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_defaults.rlimit }, + { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_defaults.rlimit }, ++ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, + { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_defaults.cpu_accounting }, + { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_defaults.io_accounting }, + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting }, +@@ -743,6 +745,10 @@ static void set_manager_defaults(Manager *m) { + + assert(m); + ++ m->cgroup_disabled = arg_disable_cgroup_controllers; ++ m->cgroup_supported = m->system_cgroup_supported; ++ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported); ++ + /* Propagates the various default unit property settings into the manager object, i.e. properties + * that do not affect the manager itself, but are just what newly allocated units will have set if + * they haven't set anything else. (Also see set_manager_settings() for the settings that affect the +@@ -2518,6 +2524,7 @@ static void reset_arguments(void) { + + /* arg_runtime_scope — ignore */ + ++ arg_disable_cgroup_controllers = 0; + arg_dump_core = true; + arg_crash_chvt = -1; + arg_crash_shell = false; +diff --git a/src/core/manager.h b/src/core/manager.h +index 0c9a2ea..65cc0c9 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -354,6 +354,8 @@ struct Manager { + /* Data specific to the cgroup subsystem */ + Hashmap *cgroup_unit; + CGroupMask cgroup_supported; ++ CGroupMask system_cgroup_supported; ++ CGroupMask cgroup_disabled; + char *cgroup_root; + + /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */ +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index f48452d..8ffc48e 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -54,6 +54,7 @@ + #DefaultStartLimitIntervalSec=10s + #DefaultStartLimitBurst=5 + #DefaultEnvironment= ++#DisableCGroupControllers=no + #DefaultCPUAccounting=yes + #DefaultIOAccounting=no + #DefaultIPAccounting=no +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index 59a529d..8382271 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -10,6 +10,7 @@ + #include "alloc-util.h" + #include "conf-files.h" + #include "conf-parser.h" ++#include "cgroup-util.h" + #include "constants.h" + #include "dns-domain.h" + #include "escape.h" +@@ -1634,6 +1635,59 @@ int config_parse_rlimit( + return 0; + } + ++int config_parse_cgroup( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(data); ++ ++ CGroupMask *disabled_mask = data; ++ int r; ++ ++ for (;;) { ++ _cleanup_free_ char *word = NULL; ++ CGroupController cc; ++ int yes_or_no = 0; ++ ++ r = extract_first_word(&rvalue, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE); ++ if (r == 0) ++ break; ++ if (r == -ENOMEM) ++ return log_oom(); ++ if (r < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); ++ break; ++ } ++ ++ yes_or_no = parse_boolean(word); ++ if (yes_or_no == 0) { ++ *disabled_mask = 0; ++ break; ++ } else if (yes_or_no == 1) { ++ *disabled_mask = CGROUP_MASK_V1; ++ break; ++ } ++ ++ cc = cgroup_controller_from_string(word); ++ if (cc < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DisableCGroupControllers, ignoring: %s", word); ++ break; ++ } ++ *disabled_mask |= CGROUP_CONTROLLER_TO_MASK(cc); ++ } ++ return 0; ++} ++ + int config_parse_permille( + const char* unit, + const char *filename, +diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h +index a1768cd..8e7c987 100644 +--- a/src/shared/conf-parser.h ++++ b/src/shared/conf-parser.h +@@ -214,6 +214,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames); + CONFIG_PARSER_PROTOTYPE(config_parse_ip_port); + CONFIG_PARSER_PROTOTYPE(config_parse_mtu); + CONFIG_PARSER_PROTOTYPE(config_parse_rlimit); ++CONFIG_PARSER_PROTOTYPE(config_parse_cgroup); + CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addr); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addrs); +-- +2.33.0 + diff --git a/systemd-243.tar.gz b/systemd-255.tar.gz similarity index 40% rename from systemd-243.tar.gz rename to systemd-255.tar.gz index 9fab5204916001a54480524525e74ecc103caea9..0120d9ce98c613ba3f8a8d8b1709978fd7b8cbe0 100644 Binary files a/systemd-243.tar.gz and b/systemd-255.tar.gz differ diff --git a/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch b/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch deleted file mode 100644 index 62ec61d75cb3f16dc4f76e3f7aa34e7e4c468241..0000000000000000000000000000000000000000 --- a/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch +++ /dev/null @@ -1,52 +0,0 @@ -From bec31cf5f0037dd049299e8665e03fc74024e357 Mon Sep 17 00:00:00 2001 -From: Alin Popa -Date: Fri, 14 Feb 2020 09:33:43 +0100 -Subject: [PATCH] systemd: Fix busctl crash on aarch64 when setting output - table format - -The enum used for column names is integer type while table_set_display() is parsing -arguments on size_t alignment which may result in assert in table_set_display() if -the size between types missmatch. This patch cast the enums to size_t. -An alternative solution would be to change the table_set_display() function -arguments to unsigned type. ---- - src/busctl/busctl.c | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c -index 5f3d5dd..b4e133f 100644 ---- a/src/busctl/busctl.c -+++ b/src/busctl/busctl.c -@@ -212,9 +212,27 @@ static int list_bus_names(int argc, char **argv, void *userdata) { - return log_error_errno(r, "Failed to set sort column: %m"); - - if (arg_show_machine) -- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, COLUMN_MACHINE, (size_t) -1); -+ r = table_set_display(table, (size_t) COLUMN_NAME, -+ (size_t) COLUMN_PID, -+ (size_t) COLUMN_PROCESS, -+ (size_t) COLUMN_USER, -+ (size_t) COLUMN_CONNECTION, -+ (size_t) COLUMN_UNIT, -+ (size_t) COLUMN_SESSION, -+ (size_t) COLUMN_DESCRIPTION, -+ (size_t) COLUMN_MACHINE, -+ (size_t) -1); - else -- r = table_set_display(table, COLUMN_NAME, COLUMN_PID, COLUMN_PROCESS, COLUMN_USER, COLUMN_CONNECTION, COLUMN_UNIT, COLUMN_SESSION, COLUMN_DESCRIPTION, (size_t) -1); -+ r = table_set_display(table, (size_t) COLUMN_NAME, -+ (size_t) COLUMN_PID, -+ (size_t) COLUMN_PROCESS, -+ (size_t) COLUMN_USER, -+ (size_t) COLUMN_CONNECTION, -+ (size_t) COLUMN_UNIT, -+ (size_t) COLUMN_SESSION, -+ (size_t) COLUMN_DESCRIPTION, -+ (size_t) -1); -+ - if (r < 0) - return log_error_errno(r, "Failed to set columns to display: %m"); - --- -1.8.3.1 - diff --git a/systemd-change-time-log-level.patch b/systemd-change-time-log-level.patch index 80c7db6c1cebc0f26998f5a3223055608193cbe7..0a482fa1d3f34fc1e772039a5f04a2d80cc85b15 100644 --- a/systemd-change-time-log-level.patch +++ b/systemd-change-time-log-level.patch @@ -6,27 +6,30 @@ Subject: [PATCH] systemd: change time log level Signed-off-by: yefei25 --- - src/core/manager.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + src/core/manager.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 32c340f..29eccd8 100644 +index 7b39479..1619f8c 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -2681,11 +2681,11 @@ static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint - - assert(m); - assert(m->time_change_fd == fd); +@@ -2937,11 +2937,11 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t + static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { + Manager *m = ASSERT_PTR(userdata); + Unit *u; - - log_struct(LOG_DEBUG, -+ if (getpid_cached() == 1) { -+ log_struct(LOG_INFO, - "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, - LOG_MESSAGE("Time has been changed")); +- "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, +- LOG_MESSAGE("Time has been changed")); - ++ if (getpid_cached() == 1) { ++ log_struct(LOG_INFO, ++ "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, ++ LOG_MESSAGE("Time has been changed")); + } /* Restart the watch */ (void) manager_setup_time_change(m); - --- -2.19.1 + +-- +2.33.0 + diff --git a/1610-add-new-rules-for-lower-priority-events-to-preempt.patch b/systemd-core-Add-new-rules-for-lower-priority-events.patch similarity index 68% rename from 1610-add-new-rules-for-lower-priority-events-to-preempt.patch rename to systemd-core-Add-new-rules-for-lower-priority-events.patch index 8715946f1fc36d41d6ed338bdce9ce4b2765216b..d541c5b6b8554bb78e9688380a15a9d8caae72b2 100644 --- a/1610-add-new-rules-for-lower-priority-events-to-preempt.patch +++ b/systemd-core-Add-new-rules-for-lower-priority-events.patch @@ -1,6 +1,6 @@ -From 49f6a75e648c113fa9985675f47f78a4cd57c084 Mon Sep 17 00:00:00 2001 +From 135dce487e4637e8afc4090334ccb2cb9feccdf1 Mon Sep 17 00:00:00 2001 From: yangbin -Date: Fri, 26 Jul 2019 10:02:58 +0800 +Date: Fri, 3 Apr 2020 11:56:41 +0800 Subject: [PATCH] systemd-core: Add new rules for lower priority events to preempt over higher priority events @@ -18,17 +18,19 @@ b) If a lower priority gets into pending for 10 times in consecutive, it can pre c) If a lower priority is in pending, and is not dispatched over 50 iteration, it can preempt over higher priority events. d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues. --- - src/core/mount.c | 4 ++ - src/libsystemd/sd-event/sd-event.c | 87 ++++++++++++++++++++++++++++++ - src/systemd/sd-event.h | 1 + - 3 files changed, 92 insertions(+) + src/core/mount.c | 4 ++ + src/libsystemd/libsystemd.sym | 1 + + src/libsystemd/sd-event/event-source.h | 5 ++ + src/libsystemd/sd-event/sd-event.c | 81 ++++++++++++++++++++++++++ + src/systemd/sd-event.h | 1 + + 5 files changed, 92 insertions(+) diff --git a/src/core/mount.c b/src/core/mount.c -index 1b94ab4..78b6e30 100644 +index ded322d..52bd53e 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -1742,6 +1742,10 @@ static void mount_enumerate(Manager *m) { - goto fail; +@@ -2077,6 +2077,10 @@ static void mount_enumerate(Manager *m) { + goto fail; } + r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); @@ -38,13 +40,41 @@ index 1b94ab4..78b6e30 100644 (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); } +diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym +index 4113920..daeb3e8 100644 +--- a/src/libsystemd/libsystemd.sym ++++ b/src/libsystemd/libsystemd.sym +@@ -681,6 +681,7 @@ LIBSYSTEMD_243 { + global: + sd_bus_object_vtable_format; + sd_event_source_disable_unref; ++ sd_event_source_set_preempt_dispatch_count; + } LIBSYSTEMD_241; + + LIBSYSTEMD_245 { +diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h +index f4e38d7..279a15d 100644 +--- a/src/libsystemd/sd-event/event-source.h ++++ b/src/libsystemd/sd-event/event-source.h +@@ -71,6 +71,11 @@ struct sd_event_source { + uint64_t pending_iteration; + uint64_t prepare_iteration; + ++ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ ++ unsigned pending_count; /*times of pending not dispatched*/ ++ unsigned dispatched_count; /*consecutive dispatched count*/ ++ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ ++ + sd_event_destroy_t destroy_callback; + sd_event_handler_t ratelimit_expire_callback; + diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index d53b9a7..7e33061 100644 +index 288798a..d53a7a1 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c -@@ -26,6 +26,11 @@ +@@ -39,6 +39,11 @@ + #include "strxcpyx.h" #include "time-util.h" - #include "util.h" +#define DEFAULT_PREEMPTED_ITERATION_COUNT (3) +#define DEFAULT_PREEMPT_DISPATCH_COUNT (10) @@ -53,20 +83,8 @@ index d53b9a7..7e33061 100644 + #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) - typedef enum EventSourceType { -@@ -103,6 +108,11 @@ struct sd_event_source { - uint64_t pending_iteration; - uint64_t prepare_iteration; - -+ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ -+ unsigned pending_count; /*times of pending not dispatched*/ -+ unsigned dispatched_count; /*consecutive dispatched count*/ -+ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ -+ - sd_event_destroy_t destroy_callback; - - LIST_FIELDS(sd_event_source, sources); -@@ -301,6 +311,11 @@ struct sd_event { + static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) { +@@ -169,6 +174,11 @@ struct sd_event { LIST_HEAD(sd_event_source, sources); @@ -75,10 +93,10 @@ index d53b9a7..7e33061 100644 + * for it may have been freed already.*/ + void *last_source; + - usec_t last_run, last_log; - unsigned delays[sizeof(usec_t) * 8]; - }; -@@ -314,8 +329,42 @@ static sd_event *event_resolve(sd_event *e) { + sd_event_source *sigint_event_source, *sigterm_event_source; + + usec_t last_run_usec, last_log_usec; +@@ -186,6 +196,39 @@ static sd_event *event_resolve(sd_event *e) { return e == SD_EVENT_DEFAULT ? default_event : e; } @@ -117,22 +135,19 @@ index d53b9a7..7e33061 100644 + static int pending_prioq_compare(const void *a, const void *b) { const sd_event_source *x = a, *y = b; -+ int r; - - assert(x->pending); - assert(y->pending); -@@ -326,6 +375,10 @@ static int pending_prioq_compare(const void *a, const void *b) { - if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF) - return 1; + int r; +@@ -203,6 +246,10 @@ static int pending_prioq_compare(const void *a, const void *b) { + if (r != 0) + return r; + r = preempt_prioq_compare(a, b); -+ if(r) ++ if(r != 0) + return r; + /* Lower priority values first */ - if (x->priority < y->priority) - return -1; -@@ -1030,6 +1083,17 @@ static int source_set_pending(sd_event_source *s, bool b) { + r = CMP(x->priority, y->priority); + if (r != 0) +@@ -1132,6 +1179,17 @@ static int source_set_pending(sd_event_source *s, bool b) { assert(s); assert(s->type != SOURCE_EXIT); @@ -150,23 +165,23 @@ index d53b9a7..7e33061 100644 if (s->pending == b) return 0; -@@ -1097,6 +1161,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t - .type = type, - .pending_index = PRIOQ_IDX_NULL, - .prepare_index = PRIOQ_IDX_NULL, -+ .preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT, - }; +@@ -1218,6 +1276,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t + s->type = type; + s->pending_index = PRIOQ_IDX_NULL; + s->prepare_index = PRIOQ_IDX_NULL; ++ s->preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT; if (!floating) -@@ -2263,6 +2328,7 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) { - return r; - } + sd_event_ref(e); +@@ -2894,6 +2953,7 @@ static int event_source_offline( + s->enabled = enabled; + s->ratelimited = ratelimited; -+ s->pending_count = 0; - switch (s->type) { ++ s->pending_count = 0; + switch (s->type) { - case SOURCE_IO: -@@ -3055,6 +3121,19 @@ static int process_inotify(sd_event *e) { + case SOURCE_IO: +@@ -4006,6 +4066,19 @@ static int process_inotify(sd_event *e) { return done; } @@ -183,10 +198,10 @@ index d53b9a7..7e33061 100644 + s->pending_count = 0; +} + - static int source_dispatch(sd_event_source *s) { - EventSourceType saved_type; - int r = 0; -@@ -3095,6 +3174,7 @@ static int source_dispatch(sd_event_source *s) { + static int process_memory_pressure(sd_event_source *s, uint32_t revents) { + assert(s); + assert(s->type == SOURCE_MEMORY_PRESSURE); +@@ -4179,6 +4252,7 @@ static int source_dispatch(sd_event_source *s) { return r; } @@ -194,29 +209,32 @@ index d53b9a7..7e33061 100644 s->dispatching = true; switch (s->type) { -@@ -3793,3 +3873,10 @@ _public_ int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_d - - return !!s->destroy_callback; +@@ -5193,6 +5267,13 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) { + return s->ratelimited; } -+ + +_public_ int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count) { + assert_return(s, -EINVAL); + + s->preempt_dispatch_count = count; + return 0; +} ++ + _public_ int sd_event_source_leave_ratelimit(sd_event_source *s) { + int r; + diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h -index 7fcae4a..fdf9108 100644 +index 49d6975..dd2c147 100644 --- a/src/systemd/sd-event.h +++ b/src/systemd/sd-event.h -@@ -143,6 +143,7 @@ int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid); - int sd_event_source_get_inotify_mask(sd_event_source *s, uint32_t *ret); - int sd_event_source_set_destroy_callback(sd_event_source *s, sd_event_destroy_t callback); - int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_destroy_t *ret); +@@ -172,6 +172,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b); + int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst); + int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst); + int sd_event_source_is_ratelimited(sd_event_source *s); +int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count); + int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback); + int sd_event_source_leave_ratelimit(sd_event_source *s); - /* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */ - _SD_DEFINE_POINTER_CLEANUP_FUNC(sd_event, sd_event_unref); -- -2.17.1 +2.33.0 diff --git a/systemd-core-Close-and-free-dbus-when-bus-authentica.patch b/systemd-core-Close-and-free-dbus-when-bus-authentica.patch deleted file mode 100644 index 114f5413a70fdad0afb793d6b2c156557ace87aa..0000000000000000000000000000000000000000 --- a/systemd-core-Close-and-free-dbus-when-bus-authentica.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1245ae05c6e2ca7a2af055f9c44f19a0db2971a5 Mon Sep 17 00:00:00 2001 -From: yangbin -Date: Thu, 15 Aug 2019 15:24:03 +0800 -Subject: [PATCH 3/3] systemd-core: Close and free dbus when bus authenticating - timedout - -1. when timedout happened on authenticating a private dbus(can be established by systemctl command), -this dbus will never be freed and closed, and will left on systemd permanently even through the client -(for example, systemctl command) has closed the connection. This is because when timedout happend, -the event and also the timer to watch dbus actions is disabled by sd_event_source_set_enabled -from source_dispatch function, and systemd can do nothing on it since this dbus will not be activated again. -2. If a private dbus staying on authenticating state, and when systemd sends a signal message, it will also -add this message to the message write queue of this bus and will never send it out because the dbus is not in running. -systemd does this for it believe that the bus will change from authenticating to running sometime, but actually it will not. -3. When many private dbuses are left as authenticating and many signal messages are sent from dbus, it will eat up our memory -to hold these dbuses and messages, and memory usage of systemd will grow very fast. -4. This patch fix this problem by closing and freeing the dbus when authenticating timedout. ---- - src/libsystemd/sd-bus/sd-bus.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 05cb4c3..65cf449 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -2946,6 +2946,11 @@ static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priorit - if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) { - bus_enter_closing(bus); - r = 1; -+ } else if(r == -ETIMEDOUT && !bus->is_system) { -+ /*close dbus directly when timedout happened and it is a private dbus*/ -+ log_info("Private bus is closed due authentication timedout."); -+ bus_enter_closing(bus); -+ r = 1; - } else if (r < 0) - return r; - --- -2.17.1 - diff --git a/1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch b/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch similarity index 100% rename from 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch rename to systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch diff --git a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch new file mode 100644 index 0000000000000000000000000000000000000000..2ff7fe37667c0bc8a3f132eb1291dfaa94387ebd --- /dev/null +++ b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch @@ -0,0 +1,66 @@ +From 6aa35d7d911b6895043f222293703ef7cf60aca1 Mon Sep 17 00:00:00 2001 +From: yefei25 +Date: Thu, 5 Mar 2020 21:45:36 +0800 +Subject: [PATCH] systemd: solve that rsyslog reads journal's object of +size 0 + + +Signed-off-by: yefei25 + +--- + src/libsystemd/sd-journal/journal-file.c | 5 +++-- + src/libsystemd/sd-journal/sd-journal.c | 7 ++++++- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 2ead295..9962d3b 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -898,8 +898,9 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) { + le64toh(o->tag.epoch), offset); + + break; ++ default: ++ return -EBADMSG; + } +- + return 0; + } + +@@ -1804,7 +1805,7 @@ int journal_file_data_payload( + } + + size = le64toh(READ_NOW(o->object.size)); +- if (size < journal_file_data_payload_offset(f)) ++ if (size == 0 || o->object.type == 0 || size < journal_file_data_payload_offset(f)) + return -EBADMSG; + + size -= journal_file_data_payload_offset(f); +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 898218e..f6090dd 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -114,6 +114,10 @@ static void init_location(Location *l, LocationType type, JournalFile *f, Object + assert(IN_SET(type, LOCATION_DISCRETE, LOCATION_SEEK)); + assert(f); + ++ if(o->object.type != OBJECT_ENTRY || o->object.size == 0){ ++ return; ++ } ++ + *l = (Location) { + .type = type, + .seqnum = le64toh(o->entry.seqnum), +@@ -851,7 +855,8 @@ static int real_journal_next(sd_journal *j, direction_t direction) { + return r; + + set_location(j, new_file, o); +- ++ if(o->object.size == 0) ++ return -EBADMSG; + return 1; + } + +-- +2.33.0 + diff --git a/systemd.spec b/systemd.spec index 931a9444fda7e6309ae8853607a8d7be38e4043b..df5218f86219445f43836ccb8f320e45ccab3274 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,3 +1,4 @@ +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} %global __requires_exclude pkg-config %global pkgdir %{_prefix}/lib/systemd %global system_unit_dir %{pkgdir}/system @@ -13,19 +14,25 @@ %global efi_arch x64 %endif +%ifarch ppc64le +%global efi_arch ppc64 +%endif + +%ifarch %{ix86} x86_64 aarch64 +%global have_gnu_efi 1 +%endif + Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 243 -Release: 21 +Version: 255 +Release: 8 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz Source3: purge-nobody-user - Source4: yum-protect-systemd.conf - Source5: inittab Source6: sysctl.conf.README Source7: systemd-journal-remote.xml @@ -35,89 +42,105 @@ Source11: 20-grubby.install Source12: systemd-user Source13: rc.local -Source100: udev-40-openEuler.rules -Source101: udev-55-persistent-net-generator.rules -Source102: udev-56-net-sriov-names.rules -Source103: udev-61-openeuler-persistent-storage.rules -Source104: net-set-sriov-names -Source105: rule_generator.functions -Source106: write_net_rules -Source107: detect_virt - -Patch0001: 0001-udev-use-bfq-as-the-default-scheduler.patch -Patch0002: 0001-udev-ignore-error-caused-by-device-disconnection.patch -Patch0003: 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch -Patch0004: 0001-core-dont-check-potentially-NULL-error.patch -Patch0005: 0001-core-shorten-code-a-bit.patch -Patch0006: 0001-core-no-need-to-eat-up-error.patch -Patch0007: 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch -Patch0008: 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch -Patch0009: 1605-update-rtc-with-system-clock-when-shutdown.patch -Patch0010: 1603-udev-add-actions-while-rename-netif-failed.patch -Patch0011: CVE-2020-1712-1.patch -Patch0012: CVE-2020-1712-2.patch -Patch0013: CVE-2020-1712-3.patch -Patch0014: CVE-2020-1712-4.patch -Patch0015: CVE-2020-1712-5.patch -Patch0016: sd-journal-close-journal-files-that-were-deleted-by-.patch -Patch0017: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0018: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch0019: logind-set-RemoveIPC-to-false-by-default.patch -Patch0020: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch0021: unit-don-t-add-Requires-for-tmp.mount.patch -Patch0022: Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch -Patch2023: rules-add-elevator-kernel-command-line-parameter.patch -Patch2024: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch2025: units-add-Install-section-to-tmp.mount.patch -Patch0026: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch0027: udev-virsh-shutdown-vm.patch -Patch0028: fix-fd-leak-in-no-memory-condition.patch -Patch0029: dbus-execute-avoid-extra-strdup.patch -Patch0030: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0031: sd-bus-properly-initialize-containers.patch -Patch0032: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch0033: journal-don-t-enable-systemd-journald-audit.socket-b.patch - -# The patch of 0026~0029 resolve the pid1 memory leaks -Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch -Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch -Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch -Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch - -Patch0038: systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch - -#openEuler -Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch -Patch9003: 1602-activation-service-must-be-restarted-when-reactivated.patch -Patch9004: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch -#Patch9004: 1612-serialize-pids-for-scope-when-not-started.patch -#Patch9005: 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch -Patch9007: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch -Patch9008: 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch -#Patch9006: core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch -#Patch9009: systemd-core-Close-and-free-dbus-when-bus-authentica.patch -Patch9009: systemd-change-time-log-level.patch -Patch9010: fix-capsh-drop-but-ping-success.patch -Patch9011: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Source100: udev-40-generic.rules +Source101: udev-55-persistent-net-generator.rules +Source102: udev-56-net-sriov-names.rules +Source104: net-set-sriov-names +Source105: rule_generator.functions +Source106: write_net_rules +Source107: detect_virt +Source108: sense_data.py + +Patch6001: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +Patch6002: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch6003: backport-temporarily-disable-test-seccomp.patch +Patch6004: backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch +Patch6005: backport-resolved-limit-the-number-of-signature-validations-i.patch +Patch6006: backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch +Patch6007: backport-fix-typo-myself.patch + +Patch9008: update-rtc-with-system-clock-when-shutdown.patch +Patch9009: udev-add-actions-while-rename-netif-failed.patch +Patch9010: fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch9011: logind-set-RemoveIPC-to-false-by-default.patch +Patch9012: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch9013: unit-don-t-add-Requires-for-tmp.mount.patch +Patch9014: rules-add-elevator-kernel-command-line-parameter.patch +Patch9015: rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch9016: units-add-Install-section-to-tmp.mount.patch +Patch9017: Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch9018: udev-virsh-shutdown-vm.patch +Patch9019: sd-bus-properly-initialize-containers.patch +Patch9020: Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch9021: systemd-change-time-log-level.patch +Patch9022: fix-capsh-drop-but-ping-success.patch +Patch9023: resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch9024: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch9025: fix-journal-file-descriptors-leak-problems.patch +Patch9026: activation-service-must-be-restarted-when-reactivated.patch +Patch9027: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +Patch9028: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9029: disable-initialize_clock.patch +Patch9030: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +Patch9031: check-whether-command_prev-is-null-before-assigning-.patch +Patch9032: revert-rpm-restart-services-in-posttrans.patch +Patch9033: Don-t-set-AlternativeNamesPolicy-by-default.patch +Patch9034: change-NTP-server-to-x.pool.ntp.org.patch +Patch9035: keep-weight-consistent-with-the-set-value.patch +Patch9036: core-update-arg_default_rlimit-in-bump_rlimit.patch +Patch9037: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch +Patch9038: core-cgroup-support-cpuset.patch +Patch9039: core-cgroup-support-freezer.patch +Patch9040: core-cgroup-support-memorysw.patch +Patch9041: systemd-core-Add-new-rules-for-lower-priority-events.patch +Patch9042: bugfix-also-stop-machine-when-a-machine-un.patch +Patch9043: print-the-process-status-to-console-when-shutdown.patch +Patch9044: Retry-to-handle-the-uevent-when-worker-is-terminated.patch +Patch9045: treat-underscore-as-valid-hostname-char.patch +Patch9046: process-util-log-more-information-when-runnin.patch +Patch9047: fuser-print-umount-message-to-reboot-umount-msg.patch +Patch9048: shutdown-reboot-when-recieve-crash-signal.patch +Patch9049: core-add-OptionalLog-to-allow-users-change-log-level.patch +Patch9050: core-cgroup-support-default-slice-for-all-uni.patch +Patch9051: core-add-invalidate-cgroup-config.patch +Patch9052: let-the-child-of-one-unit-don-t-affect-each-other.patch +Patch9053: support-disable-cgroup-controllers-we-don-t-want.patch +Patch9054: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch +Patch9055: delete-journal-files-except-system.journal-when-jour.patch +Patch9056: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch +Patch9057: add-a-new-switch-to-control-whether-udev-complies-wi.patch +Patch9058: journal-don-t-enable-systemd-journald-audit.socket.patch + +Patch9801: Systemd-Add-sw64-architecture.patch BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel -BuildRequires: audit-libs-devel, cryptsetup-devel, dbus-devel, libacl-devel +BuildRequires: audit-libs-devel, dbus-devel, libacl-devel BuildRequires: gobject-introspection-devel, libblkid-devel, xz-devel, xz -BuildRequires: lz4-devel, lz4, bzip2-devel, libidn2-devel, libcurl-devel -BuildRequires: kmod-devel, elfutils-devel, libgcrypt-devel, libgpg-error-devel -BuildRequires: gnutls-devel, qrencode-devel, libmicrohttpd-devel, libxkbcommon-devel +BuildRequires: lz4-devel, lz4, bzip2-devel, libidn2-devel +BuildRequires: kmod-devel, libgcrypt-devel, libgpg-error-devel +BuildRequires: gnutls-devel, libxkbcommon-devel BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel -BuildRequires: gnu-efi gnu-efi-devel -BuildRequires: valgrind-devel, util-linux +BuildRequires: python3-jinja2 +BuildRequires: libpwquality-devel +BuildRequires: cryptsetup-devel +%ifarch %{valgrind_arches} +%ifnarch loongarch64 +BuildRequires: valgrind-devel +%endif +%endif +BuildRequires: util-linux +BuildRequires: chrpath + +Requires: %{name}-libs = %{version}-%{release} Requires(post): coreutils Requires(post): sed Requires(post): acl Requires(post): grep -Requires(post): openssl +Requires(post): openssl-libs Requires(pre): coreutils Requires(pre): /usr/bin/getent Requires(pre): /usr/sbin/groupadd @@ -133,26 +156,9 @@ Obsoletes: systemd-sysv < 206 Obsoletes: %{name} < 229-5 Provides: systemd-sysv = 206 Conflicts: initscripts < 9.56.1 -Conflicts: fedora-release < 23-0.12 -Recommends: %{name}-help -#libs -Obsoletes: libudev < 183 -Obsoletes: systemd < 185-4 -Conflicts: systemd < 185-4 -Obsoletes: systemd-compat-libs < 230 -Obsoletes: nss-myhostname < 0.4 -Provides: nss-myhostname = 0.4 -Provides: nss-myhostname%{_isa} = 0.4 -Requires(post): coreutils -Requires(post): sed -Requires(post): grep -Requires(post): /usr/bin/getent - -Provides: %{name}-pam Provides: %{name}-rpm-config -Obsoletes: %{name}-pam -Obsoletes: %{name}-rpm-config +Obsoletes: %{name}-rpm-config < 243 %description systemd is a system and service manager that runs as PID 1 and starts @@ -222,42 +228,82 @@ License: LGPLv2+ %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, machinectl, systemd-machined, -and systemd-importd. +This package contains machinectl, systemd-machined. -%package journal-remote -# Name is the same as in Debian -Summary: Tools to send journal events over the network +%package resolved +Summary: Network Name Resolution manager +License: LGPLv2+ Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent + +%description resolved +systemd-resolve is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package nspawn +Summary: Spawn a command or OS in a light-weight container License: LGPLv2+ -Requires(pre): /usr/bin/getent -Requires: firewalld -Provides: %{name}-journal-gateway = %{version}-%{release} -Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} -Obsoletes: %{name}-journal-gateway < 227-7 - -%description journal-remote -Programs to forward journal entries over the network, using encrypted HTTP, -and to write journal files from serialized journal contents. - -%package udev-compat -Summary: Udev rules compatibility with NetworkManager -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description nspawn +systemd-nspawn may be used to run a command or OS in a light-weight namespace +container. In many ways it is similar to chroot, but more powerful since it +fully virtualizes the file system hierarchy, as well as the process tree, the +various IPC subsystems and the host and domain name. + +%package networkd +Summary: System daemon that manages network configurations +Requires: %{name}%{?_isa} = %{version}-%{release} License: LGPLv2+ -Requires(pre): /usr/bin/getent -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd + +%description networkd +systemd-networkd is a system service that manages networks. It detects +and configures network devices as they appear, as well as creating virtual +network devices. + +%package timesyncd +Summary: Network Time Synchronization +License: LGPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun):systemd +Requires(postun):systemd +Requires(pre): /usr/bin/getent -%description udev-compat -systemd-udev-compat is a set of udev rules which conflict with NetworkManager. -If users choose to use the network-scripts to manager the network, the package can be used -to do somethings when down or up nics or disk. +%description timesyncd +systemd-timesyncd is a system service that may be used to synchronize +the local system clock with a remote Network Time Protocol (NTP) server. +It also saves the local time to disk every time the clock has been +synchronized and uses this to possibly advance the system realtime clock +on subsequent reboots to ensure it (roughly) monotonically advances even +if the system lacks a battery-buffered RTC chip. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. %package_help %prep -%autosetup -n %{name}-%{version} -p1 -Sgit +%autosetup -n %{name}-%{version} -p1 -Sgit -N +# DO NOT USE "%patch -R" TO REVERT A PATCH. If your patch is only used in +# specific scenarios or architectures, please put it after Patch9800 and +# use "%ifarch" to patch it after applying all other patches. +%autopatch -M 9800 +%ifarch sw_64 +%autopatch 9801 +%endif %build @@ -265,35 +311,35 @@ CONFIGURE_OPTS=( -Dsysvinit-path=/etc/rc.d/init.d -Drc-local=/etc/rc.d/rc.local -Ddev-kvm-mode=0666 - -Dkmod=true - -Dxkbcommon=true - -Dblkid=true - -Dseccomp=true + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dseccomp=enabled -Dima=true - -Dselinux=true - -Dapparmor=false - -Dpolkit=true - -Dxz=true - -Dzlib=true - -Dbzip2=true - -Dlz4=true - -Dpam=true - -Dacl=true - -Dsmack=true - -Dgcrypt=true - -Daudit=true - -Delfutils=true - -Dlibcryptsetup=true - -Delfutils=true - -Dqrencode=true - -Dgnutls=true - -Dmicrohttpd=true - -Dlibidn2=true - -Dlibiptc=true - -Dlibcurl=true + -Dselinux=enabled + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=enabled + -Dzlib=enabled + -Dbzip2=enabled + -Dlz4=enabled + -Dpam=enabled + -Dacl=enabled + -Dsmack=false + -Dgcrypt=enabled + -Daudit=enabled + -Delfutils=disabled + -Dlibcryptsetup=enabled + -Dlibcryptsetup-plugins=disabled + -Dqrencode=disabled + -Dgnutls=enabled + -Dmicrohttpd=disabled + -Dlibidn2=enabled + -Dlibidn=disabled + -Dlibiptc=disabled + -Dlibcurl=disabled -Defi=true - -Dgnu-efi=true - -Dtpm=true + -Dtpm=false -Dhwdb=true -Dsysusers=true -Ddefault-kill-user-processes=false @@ -303,13 +349,55 @@ CONFIGURE_OPTS=( -Dusers-gid=100 -Dnobody-user=nobody -Dnobody-group=nobody - -Dsplit-usr=false -Dsplit-bin=true -Db_lto=true -Db_ndebug=false - -Dman=true + -Dman=enabled -Dversion-tag=v%{version}-%{release} - -Ddefault-hierarchy=legacy + -Ddefault-hierarchy=legacy + -Ddefault-dnssec=allow-downgrade + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=yes + -Ddefault-llmnr=yes + -Dhtml=disabled + -Dlibfido2=disabled + -Dopenssl=disabled + -Dtpm2=disabled + -Dzstd=disabled + -Dbpf-framework=disabled + -Drepart=disabled + -Dcompat-mutable-uid-boundaries=false + -Dfexecve=false + -Dstandalone-binaries=false + -Dstatic-libsystemd=false + -Dstatic-libudev=false + -Dfirstboot=false + -Dsysext=false + -Dhomed=disabled + -Dquotacheck=false + -Dxdg-autostart=false + -Dimportd=disabled + -Dbacklight=false + -Drfkill=false + -Dpstore=false + -Dportabled=false + -Doomd=false + -Duserdb=false + -Dtime-epoch=0 + -Dmode=release + -Durlify=false + -Dlink-journalctl-shared=false + -Dlink-boot-shared=false + -Dpwquality=disabled + -Dpasswdqc=disabled + -Dxenctrl=disabled + -Dbootloader=disabled + -Dukify=disabled + -Dsysupdate=disabled + -Dremote=disabled + -Dstoragetm=false + -Dvmspawn=disabled + -Dlink-portabled-shared=false ) %meson "${CONFIGURE_OPTS[@]}" @@ -364,27 +452,20 @@ mkdir -p %{buildroot}%{pkgdir}/system-sleep/ # Make sure directories in /var exist mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight -mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger mkdir -p %{buildroot}%{_localstatedir}/lib/private mkdir -p %{buildroot}%{_localstatedir}/log/private mkdir -p %{buildroot}%{_localstatedir}/cache/private -mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync -ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload mkdir -p %{buildroot}%{_localstatedir}/log/journal touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock -touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state # Install yum protection fragment install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf -install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} - # Restore systemd-user pam config from before "removal of Fedora-specific bits" install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} @@ -411,17 +492,26 @@ mkdir -p %{buildroot}%{_sysconfdir}/rc.d/ install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/rc.d/rc.local ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local -install -m 0644 %{SOURCE100} %{buildroot}/%{_udevrulesdir}/40-openEuler.rules -install -m 0644 %{SOURCE101} %{buildroot}/%{_udevrulesdir}/55-persistent-net-generator.rules -install -m 0644 %{SOURCE102} %{buildroot}/%{_udevrulesdir}/56-net-sriov-names.rules -install -m 0644 %{SOURCE103} %{buildroot}/%{_udevrulesdir}/61-openeuler-persistent-storage.rules -install -m 0755 %{SOURCE104} %{buildroot}/usr/lib/udev -install -m 0755 %{SOURCE105} %{buildroot}/usr/lib/udev -install -m 0755 %{SOURCE106} %{buildroot}/usr/lib/udev -install -m 0755 %{SOURCE107} %{buildroot}/usr/lib/udev +install -m 0644 %{SOURCE100} %{buildroot}/%{_udevrulesdir}/40-%{vendor}.rules +install -m 0500 %{SOURCE108} %{buildroot}/usr/lib/udev + +# remove rpath info +for file in $(find %{buildroot}/ -executable -type f -exec file {} ';' | grep "\" | awk -F ':' '{print $1}') +do + if [ ! -u "$file" ]; then + if [ -w "$file" ]; then + chrpath -d $file + fi + fi +done +# add rpath path _libdir/systemd in ld.so.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d +echo "%{_libdir}/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %check +%ifnarch loongarch64 %ninja_test -C %{_vpath_builddir} +%endif ############################################################################################# # -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ @@ -549,23 +639,21 @@ getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2 getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : +%pre networkd getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || : getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || : +%pre resolved getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : %post +/sbin/ldconfig systemd-machine-id-setup &>/dev/null || : systemctl daemon-reexec &>/dev/null || : journalctl --update-catalog &>/dev/null || : systemd-tmpfiles --create &>/dev/null || : -# create /var/log/journal only on initial installation, -# and only if it's writable (it won't be in rpm-ostree). -if [ $1 -eq 1 ] && [ -w %{_localstatedir} ]; then - mkdir -p %{_localstatedir}/log/journal -fi # Make sure new journal files will be owned by the "systemd-journal" group machine_id=$(cat /etc/machine-id 2>/dev/null) @@ -584,6 +672,9 @@ if [ $1 -eq 1 ] ; then systemctl preset-all &>/dev/null || : fi +%postun +/sbin/ldconfig + %post libs %{?ldconfig} @@ -634,7 +725,7 @@ fi %{?ldconfig:%postun -p %ldconfig} -%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket %preun if [ $1 -eq 0 ] ; then @@ -644,20 +735,32 @@ if [ $1 -eq 0 ] ; then serial-getty@.service \ console-getty.service \ debug-shell.service \ + >/dev/null || : +fi + + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : +fi + +%preun networkd +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ systemd-networkd.service \ systemd-networkd-wait-online.service \ - systemd-resolved.service \ >/dev/null || : fi -%pre udev +%pre timesyncd getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || : getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || : -%post udev +%post timesyncd # Move old stuff around in /var/lib mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null -mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null if [ -L %{_localstatedir}/lib/systemd/timesync ]; then rm %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync @@ -666,7 +769,10 @@ if [ -f %{_localstatedir}/lib/systemd/clock ] ; then mkdir -p %{_localstatedir}/lib/systemd/timesync mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. fi +# devided from post and preun stage of udev that included in macro udev_services +%systemd_post systemd-timesyncd.service +%post udev udevadm hwdb --update &>/dev/null %systemd_post %udev_services %{_systemddir}/systemd-random-seed save 2>&1 @@ -679,6 +785,10 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && if [ -f "/usr/lib/udev/rules.d/50-udev-default.rules" ]; then sed -i 's/KERNEL=="kvm", GROUP="kvm", MODE="0666"/KERNEL=="kvm", GROUP="kvm", MODE="0660"/g' /usr/lib/udev/rules.d/50-udev-default.rules fi +%{_bindir}/systemctl daemon-reload &>/dev/null || : + +%preun timesyncd +%systemd_preun systemd-timesyncd.service %preun udev %systemd_preun %udev_services @@ -688,34 +798,6 @@ fi # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) %systemd_postun_with_restart systemd-udevd.service -%pre journal-remote -getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || : -getent passwd systemd-journal-remote &>/dev/null || useradd -r -l -g systemd-journal-remote -d %{_localstatedir}/log/journal/remote -s /sbin/nologin -c "Journal Remote" systemd-journal-remote &>/dev/null || : - -%post journal-remote -%systemd_post systemd-journal-gatewayd.socket systemd-journal-gatewayd.service -%systemd_post systemd-journal-remote.socket systemd-journal-remote.service -%systemd_post systemd-journal-upload.service -%firewalld_reload - -%preun journal-remote -%systemd_preun systemd-journal-gatewayd.socket systemd-journal-gatewayd.service -%systemd_preun systemd-journal-remote.socket systemd-journal-remote.service -%systemd_preun systemd-journal-upload.service -if [ $1 -eq 1 ] ; then - if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then - mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload - mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. - rmdir %{_localstatedir}/lib/systemd/journal-upload || : - fi -fi - -%postun journal-remote -%systemd_postun_with_restart systemd-journal-gatewayd.service -%systemd_postun_with_restart systemd-journal-remote.service -%systemd_postun_with_restart systemd-journal-upload.service -%firewalld_reload - %files -f %{name}.lang %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE.* @@ -739,7 +821,6 @@ fi %ghost %dir /var/log/journal %ghost %attr(0664,root,utmp) /var/log/wtmp -/var/log/README %ghost %attr(0600,root,utmp) /var/log/btmp %ghost %attr(0700,root,root) %dir /var/log/private %ghost %attr(0664,root,utmp) /var/run/utmp @@ -754,15 +835,16 @@ fi /usr/sbin/reboot /usr/sbin/halt /usr/sbin/telinit -/usr/sbin/resolvconf /usr/sbin/init /usr/sbin/runlevel /usr/sbin/poweroff /usr/sbin/shutdown +/usr/sbin/mount.ddi %dir /usr/share/systemd %dir /usr/share/factory %dir /usr/share/factory/etc /usr/share/factory/etc/issue +/usr/share/factory/etc/locale.conf /usr/share/factory/etc/nsswitch.conf %dir /usr/share/factory/etc/pam.d /usr/share/factory/etc/pam.d/other @@ -771,37 +853,33 @@ fi /usr/share/systemd/kbd-model-map /usr/share/bash-completion/completions/localectl /usr/share/bash-completion/completions/systemd-path -/usr/share/bash-completion/completions/portablectl /usr/share/bash-completion/completions/systemd-run /usr/share/bash-completion/completions/systemd-cat -/usr/share/bash-completion/completions/resolvectl /usr/share/bash-completion/completions/coredumpctl /usr/share/bash-completion/completions/systemd-delta /usr/share/bash-completion/completions/systemd-cgls -/usr/share/bash-completion/completions/systemd-resolve -/usr/share/bash-completion/completions/networkctl /usr/share/bash-completion/completions/systemd-detect-virt /usr/share/bash-completion/completions/hostnamectl /usr/share/bash-completion/completions/systemd-cgtop /usr/share/bash-completion/completions/systemctl /usr/share/bash-completion/completions/journalctl /usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/systemd-dissect /usr/share/bash-completion/completions/loginctl /usr/share/bash-completion/completions/timedatectl /usr/share/bash-completion/completions/busctl +/usr/share/bash-completion/completions/systemd-cryptenroll /usr/share/zsh/site-functions/_loginctl /usr/share/zsh/site-functions/_systemd-inhibit /usr/share/zsh/site-functions/_journalctl /usr/share/zsh/site-functions/_systemd-delta /usr/share/zsh/site-functions/_systemd-tmpfiles -/usr/share/zsh/site-functions/_resolvectl /usr/share/zsh/site-functions/_systemctl /usr/share/zsh/site-functions/_systemd-run /usr/share/zsh/site-functions/_sd_outputmodes /usr/share/zsh/site-functions/_sd_unit_files /usr/share/zsh/site-functions/_sd_machines /usr/share/zsh/site-functions/_coredumpctl -/usr/share/zsh/site-functions/_networkctl /usr/share/zsh/site-functions/_timedatectl /usr/share/zsh/site-functions/_busctl /usr/share/zsh/site-functions/_systemd @@ -809,50 +887,56 @@ fi /usr/share/zsh/site-functions/_hostnamectl /usr/share/zsh/site-functions/_sd_hosts_or_user_at_host /usr/share/zsh/site-functions/_localectl -/usr/share/dbus-1/system-services/org.freedesktop.portable1.service /usr/share/dbus-1/system-services/org.freedesktop.login1.service /usr/share/dbus-1/system-services/org.freedesktop.locale1.service -/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service /usr/share/dbus-1/system-services/org.freedesktop.hostname1.service -/usr/share/dbus-1/system-services/org.freedesktop.network1.service /usr/share/dbus-1/system-services/org.freedesktop.timedate1.service -/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf /usr/share/dbus-1/system.d/org.freedesktop.timedate1.conf /usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf /usr/share/dbus-1/system.d/org.freedesktop.login1.conf /usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf /usr/share/dbus-1/system.d/org.freedesktop.locale1.conf -/usr/share/dbus-1/system.d/org.freedesktop.portable1.conf -/usr/share/dbus-1/system.d/org.freedesktop.network1.conf /usr/share/pkgconfig/systemd.pc /usr/share/pkgconfig/udev.pc /usr/share/polkit-1/actions/org.freedesktop.hostname1.policy -/usr/share/polkit-1/actions/org.freedesktop.portable1.policy /usr/share/polkit-1/actions/org.freedesktop.timedate1.policy -/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy /usr/share/polkit-1/actions/org.freedesktop.login1.policy -/usr/share/polkit-1/actions/org.freedesktop.network1.policy /usr/share/polkit-1/actions/org.freedesktop.locale1.policy -/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.LogControl1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Seat.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Session.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.User.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Automount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Device.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Job.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Mount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Path.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Scope.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Service.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Slice.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Socket.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Swap.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Target.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Timer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Unit.xml +/usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml /usr/bin/systemd-machine-id-setup /usr/bin/localectl /usr/bin/systemd-path -/usr/bin/portablectl /usr/bin/systemd-run -/usr/bin/systemd-firstboot /usr/bin/systemd-escape /usr/bin/systemd-tmpfiles /usr/bin/systemd-cat /usr/bin/systemd-inhibit /usr/bin/systemd-ask-password -/usr/bin/resolvectl /usr/bin/systemd-notify -/usr/bin/coredumpctl /usr/bin/systemd-delta /usr/bin/systemd-cgls -/usr/bin/systemd-resolve -/usr/bin/networkctl /usr/bin/systemd-stdio-bridge /usr/bin/systemd-detect-virt /usr/bin/systemd-socket-activate @@ -864,19 +948,27 @@ fi /usr/bin/systemctl /usr/bin/journalctl /usr/bin/systemd-analyze +/usr/bin/systemd-dissect /usr/bin/loginctl /usr/bin/timedatectl /usr/bin/systemd-sysusers /usr/bin/systemd-tty-ask-password-agent /usr/bin/busctl +/usr/bin/coredumpctl +/usr/bin/systemd-ac-power +/usr/bin/systemd-creds +/usr/bin/varlinkctl +/usr/bin/systemd-cryptenroll +/usr/bin/systemd-cryptsetup %dir /usr/lib/environment.d %dir /usr/lib/binfmt.d %dir /usr/lib/tmpfiles.d %dir /usr/lib/sysctl.d %dir /usr/lib/systemd %dir /usr/lib/sysusers.d -/usr/lib/sysusers.d/systemd.conf /usr/lib/sysusers.d/basic.conf +/usr/lib/sysusers.d/systemd-coredump.conf +/usr/lib/sysusers.d/systemd-journal.conf /usr/lib/systemd/system/hwclock-save.service /usr/lib/systemd/system/sysinit.target.wants/hwclock-save.service %{_systemddir}/systemd-update-done @@ -889,67 +981,48 @@ fi %{_systemddir}/systemd-cgroups-agent %{_systemddir}/systemd-sulogin-shell %{_systemddir}/systemd-boot-check-no-failures -%dir %{_systemddir}/ntp-units.d %{_systemddir}/systemd-user-sessions %{_systemddir}/systemd-sysctl -%{_systemddir}/systemd-networkd-wait-online %{_systemddir}/systemd-socket-proxyd -%{_systemddir}/systemd-ac-power %{_systemddir}/systemd-hostnamed -%{_systemddir}/systemd-bless-boot %{_systemddir}/systemd-localed +%{_systemddir}/systemd-sysroot-fstab-check +%{_systemddir}/systemd-update-helper %dir %{_systemddir}/user %{_systemddir}/systemd-volatile-root %{_systemddir}/systemd-journald %{_systemddir}/systemd-user-runtime-dir %{_systemddir}/systemd-logind -%{_systemddir}/systemd-networkd %dir %{_systemddir}/system-preset %dir %{_systemddir}/user-environment-generators %{_systemddir}/systemd-shutdown -%{_systemddir}/systemd-portabled -%{_systemddir}/libsystemd-shared-243.so +%{_libdir}/systemd/libsystemd-core-*.so +%{_libdir}/systemd/libsystemd-shared*.so %{_systemddir}/systemd-reply-password %dir %{_systemddir}/system-generators %dir %{_systemddir}/system -%{_systemddir}/systemd-export %{_systemddir}/systemd-fsck %{_systemddir}/systemd-timedated %dir %{_systemddir}/user-generators -%dir %{_systemddir}/portable %{_systemddir}/systemd %dir %{_systemddir}/user-preset %{_systemddir}/systemd-coredump -%{_systemddir}/resolv.conf -%{_systemddir}/systemd-dissect +%{_systemddir}/systemd-cryptsetup +%{_systemddir}/systemd-integritysetup %{_systemddir}/systemd-veritysetup %{_systemddir}/systemd-network-generator -%{_systemddir}/systemd-time-wait-sync -%{_systemddir}/systemd-pstore -%{_systemddir}/systemd-resolved %{_systemddir}/systemd-binfmt %{_systemddir}/user-preset/90-systemd.preset -%dir %{_systemddir}/portable/profile -%dir %{_systemddir}/portable/profile/strict -%dir %{_systemddir}/portable/profile/nonetwork -%dir %{_systemddir}/portable/profile/trusted -%dir %{_systemddir}/portable/profile/default -%{_systemddir}/portable/profile/default/service.conf -%{_systemddir}/portable/profile/trusted/service.conf -%{_systemddir}/portable/profile/nonetwork/service.conf -%{_systemddir}/portable/profile/strict/service.conf -%{_unitdir}/systemd-networkd.socket %{_unitdir}/systemd-binfmt.service %{_unitdir}/systemd-machine-id-commit.service %dir %{_unitdir}/basic.target.wants %{_unitdir}/systemd-coredump.socket +%{_unitdir}/systemd-coredump@.service %{_unitdir}/ctrl-alt-del.target %{_unitdir}/systemd-tmpfiles-setup.service -%{_unitdir}/systemd-time-wait-sync.service %{_unitdir}/rpcbind.target %{_unitdir}/systemd-update-done.service %{_unitdir}/dev-hugepages.mount -%{_unitdir}/systemd-firstboot.service %dir %{_unitdir}/sockets.target.wants %dir %{_unitdir}/dbus.target.wants %{_unitdir}/network.target @@ -959,7 +1032,6 @@ fi %{_unitdir}/syslog.socket %{_unitdir}/systemd-localed.service %{_unitdir}/systemd-ask-password-console.service -%{_unitdir}/systemd-pstore.service %{_unitdir}/exit.target %{_unitdir}/systemd-ask-password-console.path %{_unitdir}/systemd-logind.service @@ -976,7 +1048,6 @@ fi %{_unitdir}/sigpwr.target %dir %{_unitdir}/runlevel3.target.wants %{_unitdir}/reboot.target -%{_unitdir}/systemd-boot-system-token.service %{_unitdir}/systemd-user-sessions.service %{_unitdir}/systemd-journald-dev-log.socket %{_unitdir}/systemd-journald.socket @@ -1009,12 +1080,10 @@ fi %{_unitdir}/systemd-update-utmp.service %dir %{_unitdir}/rescue.target.wants %{_unitdir}/bluetooth.target -%{_unitdir}/systemd-networkd-wait-online.service %{_unitdir}/systemd-ask-password-wall.path %{_unitdir}/emergency.service %{_unitdir}/network-pre.target %{_unitdir}/rescue.service -%{_unitdir}/systemd-bless-boot.service %{_unitdir}/sys-kernel-config.mount %{_unitdir}/systemd-journald.service %dir %{_unitdir}/runlevel2.target.wants @@ -1029,7 +1098,6 @@ fi %{_unitdir}/systemd-update-utmp-runlevel.service %{_unitdir}/network-online.target %{_unitdir}/systemd-initctl.socket -%{_unitdir}/systemd-coredump@.service %{_unitdir}/time-sync.target %{_unitdir}/runlevel5.target %{_unitdir}/paths.target @@ -1039,6 +1107,25 @@ fi %{_unitdir}/umount.target %{_unitdir}/initrd-switch-root.service %{_unitdir}/initrd.target +%dir %{_unitdir}/initrd.target.wants +%{_systemddir}/system-generators/systemd-cryptsetup-generator +%{_systemddir}/system-generators/systemd-integritysetup-generator +%{_systemddir}/system-generators/systemd-veritysetup-generator +%{_unitdir}/cryptsetup-pre.target +%{_unitdir}/cryptsetup.target +%{_unitdir}/initrd-root-device.target.wants/remote-cryptsetup.target +%{_unitdir}/initrd-root-device.target.wants/remote-veritysetup.target +%{_unitdir}/integritysetup-pre.target +%{_unitdir}/integritysetup.target +%{_unitdir}/remote-cryptsetup.target +%{_unitdir}/remote-veritysetup.target +%{_unitdir}/sysinit.target.wants/cryptsetup.target +%{_unitdir}/sysinit.target.wants/integritysetup.target +%{_unitdir}/sysinit.target.wants/veritysetup.target +%{_unitdir}/system-systemd\x2dcryptsetup.slice +%{_unitdir}/system-systemd\x2dveritysetup.slice +%{_unitdir}/veritysetup-pre.target +%{_unitdir}/veritysetup.target %{_unitdir}/ldconfig.service %{_unitdir}/initrd-root-device.target %{_unitdir}/default.target @@ -1052,28 +1139,28 @@ fi %{_unitdir}/runlevel4.target %{_unitdir}/serial-getty@.service %{_unitdir}/sysinit.target -%{_unitdir}/dbus-org.freedesktop.portable1.service %{_unitdir}/rc-local.service %{_unitdir}/debug-shell.service %{_unitdir}/dev-mqueue.mount %{_unitdir}/emergency.target -%{_unitdir}/systemd-portabled.service %{_unitdir}/dbus-org.freedesktop.timedate1.service %{_unitdir}/runlevel1.target %dir %{_unitdir}/remote-fs.target.wants %{_unitdir}/dbus-org.freedesktop.hostname1.service -%{_unitdir}/systemd-networkd.service %{_unitdir}/runlevel0.target %{_unitdir}/user.slice %{_unitdir}/systemd-journal-catalog-update.service %{_unitdir}/local-fs-pre.target %{_unitdir}/systemd-halt.service -%{_unitdir}/systemd-resolved.service %{_unitdir}/container-getty@.service %{_unitdir}/slices.target %{_unitdir}/systemd-network-generator.service %{_unitdir}/autovt@.service %dir %{_unitdir}/user-.slice.d +%dir %{_unitdir}/user@.service.d +%dir %{_unitdir}/user@0.service.d +%{_unitdir}/user@.service.d/10-login-barrier.conf +%{_unitdir}/user@0.service.d/10-login-barrier.conf %{_unitdir}/systemd-boot-check-no-failures.service %{_unitdir}/halt.target %{_unitdir}/system-update-cleanup.service @@ -1099,11 +1186,9 @@ fi %{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup.service %{_unitdir}/sysinit.target.wants/systemd-update-done.service %{_unitdir}/sysinit.target.wants/dev-hugepages.mount -%{_unitdir}/sysinit.target.wants/systemd-firstboot.service %{_unitdir}/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount %{_unitdir}/sysinit.target.wants/systemd-ask-password-console.path %{_unitdir}/sysinit.target.wants/sys-kernel-debug.mount -%{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service %{_unitdir}/sysinit.target.wants/systemd-journal-flush.service %{_unitdir}/sysinit.target.wants/systemd-update-utmp.service %{_unitdir}/sysinit.target.wants/sys-kernel-config.mount @@ -1123,17 +1208,28 @@ fi %{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path %{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service %{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf -%{_unitdir}/sockets.target.wants/systemd-coredump.socket -%{_unitdir}/sockets.target.wants/systemd-journald-audit.socket %{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket %{_unitdir}/sockets.target.wants/systemd-journald.socket %{_unitdir}/sockets.target.wants/systemd-initctl.socket +%{_unitdir}/sockets.target.wants/systemd-coredump.socket +%{_unitdir}/blockdev@.target +%{_unitdir}/sys-kernel-tracing.mount +%{_unitdir}/sysinit.target.wants/sys-kernel-tracing.mount +%{_unitdir}/systemd-journald-varlink@.socket +%{_unitdir}/systemd-journald@.service +%{_unitdir}/systemd-journald@.socket +%{_unitdir}/modprobe@.service +%{_unitdir}/factory-reset.target +%{_unitdir}/initrd-usr-fs.target +%{_unitdir}/soft-reboot.target +%{_unitdir}/systemd-soft-reboot.service +%{_systemddir}/systemd-battery-check +%{_unitdir}/systemd-battery-check.service +%{_systemddir}/systemd-executor %{_systemddir}/system-generators/systemd-fstab-generator %{_systemddir}/system-generators/systemd-sysv-generator %{_systemddir}/system-generators/systemd-rc-local-generator -%{_systemddir}/system-generators/systemd-bless-boot-generator %{_systemddir}/system-generators/systemd-debug-generator -%{_systemddir}/system-generators/systemd-veritysetup-generator %{_systemddir}/system-generators/systemd-run-generator %{_systemddir}/system-generators/systemd-system-update-generator %{_systemddir}/system-generators/systemd-getty-generator @@ -1156,27 +1252,14 @@ fi %{_userunitdir}/systemd-tmpfiles-clean.timer %{_userunitdir}/sockets.target %{_userunitdir}/smartcard.target -%{_systemddir}/network/80-container-host0.network -%{_systemddir}/catalog/systemd.fr.catalog -%{_systemddir}/catalog/systemd.be.catalog -%{_systemddir}/catalog/systemd.bg.catalog -%{_systemddir}/catalog/systemd.de.catalog -%{_systemddir}/catalog/systemd.pt_BR.catalog -%{_systemddir}/catalog/systemd.it.catalog -%{_systemddir}/catalog/systemd.be@latin.catalog -%{_systemddir}/catalog/systemd.pl.catalog -%{_systemddir}/catalog/systemd.zh_CN.catalog -%{_systemddir}/catalog/systemd.zh_TW.catalog -%{_systemddir}/catalog/systemd.ru.catalog -%{_systemddir}/catalog/systemd.catalog -/usr/lib/sysctl.d/50-coredump.conf +%{_systemddir}/catalog/systemd*.catalog /usr/lib/sysctl.d/50-default.conf /usr/lib/sysctl.d/50-pid-max.conf +/usr/lib/sysctl.d/50-coredump.conf /usr/lib/tmpfiles.d/systemd-tmp.conf /usr/lib/tmpfiles.d/systemd-nologin.conf /usr/lib/tmpfiles.d/systemd.conf /usr/lib/tmpfiles.d/journal-nocow.conf -/usr/lib/tmpfiles.d/portables.conf /usr/lib/tmpfiles.d/x11.conf /usr/lib/tmpfiles.d/tmp.conf /usr/lib/tmpfiles.d/home.conf @@ -1184,6 +1267,8 @@ fi /usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/static-nodes-permissions.conf /usr/lib/tmpfiles.d/var.conf +/usr/lib/tmpfiles.d/credstore.conf +/usr/lib/tmpfiles.d/provision.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d @@ -1198,20 +1283,17 @@ fi %ghost %config(noreplace) /etc/machine-info %ghost %config(noreplace) /etc/machine-id %ghost %config(noreplace) /etc/hostname -%dir /etc/systemd/network %config(noreplace) /etc/systemd/user.conf -%config(noreplace) /etc/systemd/coredump.conf %dir /etc/systemd/user %config(noreplace) /etc/systemd/logind.conf -%config(noreplace) /etc/systemd/networkd.conf -%config(noreplace) /etc/systemd/resolved.conf %config(noreplace) /etc/systemd/journald.conf -%config(noreplace) /etc/systemd/pstore.conf +%config(noreplace) /etc/systemd/coredump.conf %dir /etc/systemd/system %config(noreplace) /etc/systemd/system.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf %config(noreplace) /etc/X11/xinit/xinitrc.d/50-systemd-user.sh %config(noreplace) /etc/pam.d/systemd-user +/usr/lib/pam.d/systemd-user %config(noreplace) /etc/sysctl.d/99-sysctl.conf %config(noreplace) /etc/dnf/protected.d/systemd.conf %dir /etc/rc.d/init.d @@ -1220,18 +1302,24 @@ fi %config(noreplace) /etc/rc.d/init.d/README %dir /etc/xdg/systemd %config(noreplace) /etc/xdg/systemd/user - -/usr/lib64/security/pam_systemd.so +%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf /usr/lib/rpm/macros.d/macros.systemd +/usr/lib/modprobe.d/README +/usr/lib/sysctl.d/README +/usr/lib/systemd/system/first-boot-complete.target +/usr/lib/systemd/user/app.slice +/usr/lib/systemd/user/background.slice +/usr/lib/systemd/user/session.slice +/usr/lib/sysusers.d/README +/usr/lib/tmpfiles.d/README +/usr/share/bash-completion/completions/systemd-id128 +/usr/share/zsh/site-functions/_systemd-path %files libs -/usr/lib64/libnss_systemd.so.2 -/usr/lib64/libnss_resolve.so.2 -/usr/lib64/libnss_myhostname.so.2 -/usr/lib64/libsystemd.so.0 -/usr/lib64/libsystemd.so.0.27.0 -/usr/lib64/libudev.so.1 -/usr/lib64/libudev.so.1.6.15 +%{_libdir}/libnss_systemd.so.2 +%{_libdir}/libnss_myhostname.so.2 +%{_libdir}/libsystemd.so.* +%{_libdir}/libudev.so.* %files devel /usr/share/man/man3/* @@ -1249,113 +1337,107 @@ fi /usr/include/systemd/sd-id128.h /usr/include/systemd/sd-bus.h /usr/include/systemd/sd-login.h -/usr/lib64/libudev.so -/usr/lib64/libsystemd.so -/usr/lib64/pkgconfig/libsystemd.pc -/usr/lib64/pkgconfig/libudev.pc +/usr/include/systemd/sd-path.h +/usr/include/systemd/sd-gpt.h +%{_libdir}/libudev.so +%{_libdir}/libsystemd.so +%{_libdir}/pkgconfig/libsystemd.pc +%{_libdir}/pkgconfig/libudev.pc %files udev -%ghost %dir /var/lib/systemd/backlight -%ghost %dir /var/lib/systemd/timesync -%ghost %dir /var/lib/systemd/rfkill +%exclude /usr/share/bash-completion/completions/kernel-install +%exclude /usr/share/zsh/site-functions/_kernel-install +%exclude /usr/bin/kernel-install +%exclude /usr/lib/kernel/install.d/90-loaderentry.install +%exclude /usr/lib/kernel/install.d/50-depmod.install +%exclude /usr/lib/kernel/install.d/20-grubby.install +%exclude /usr/lib/kernel/install.d/90-uki-copy.install +%exclude /usr/lib/kernel/install.conf +%exclude %dir /etc/kernel/install.d +%exclude %dir /etc/kernel +%exclude %dir /usr/lib/kernel +%exclude %dir /usr/lib/kernel/install.d +%exclude /usr/bin/bootctl +%exclude /usr/share/zsh/site-functions/_bootctl +%exclude /usr/share/bash-completion/completions/bootctl +%exclude %{_unitdir}/usb-gadget.target %ghost /var/lib/systemd/random-seed -%ghost /var/lib/systemd/timesync/clock +# exclude redundant compilation for python file +%exclude /usr/lib/udev/__pycache__/* + +/etc/modules-load.d /usr/sbin/udevadm /usr/share/bash-completion/completions/udevadm -/usr/share/bash-completion/completions/bootctl -/usr/share/bash-completion/completions/kernel-install -/usr/share/zsh/site-functions/_bootctl /usr/share/zsh/site-functions/_udevadm -/usr/share/zsh/site-functions/_kernel-install -/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service -/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf /usr/bin/systemd-hwdb /usr/bin/udevadm -/usr/bin/bootctl -/usr/bin/kernel-install %dir /usr/lib/modprobe.d %dir /usr/lib/udev -%dir /usr/lib/kernel %dir /usr/lib/modules-load.d -%dir %{_systemddir}/boot -%{_systemddir}/systemd-timesyncd %{_systemddir}/systemd-growfs %{_systemddir}/systemd-modules-load %dir %{_systemddir}/system-sleep %{_systemddir}/systemd-makefs %{_systemddir}/systemd-remount-fs -%{_systemddir}/systemd-backlight %{_systemddir}/systemd-hibernate-resume %{_systemddir}/systemd-random-seed %{_systemddir}/systemd-sleep -%{_systemddir}/systemd-cryptsetup %{_systemddir}/systemd-udevd -%{_systemddir}/systemd-quotacheck -%{_systemddir}/systemd-rfkill %{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-growfs-root.service +%{_unitdir}/systemd-growfs@.service %{_unitdir}/systemd-udevd.service %{_unitdir}/initrd-udevadm-cleanup-db.service -%{_unitdir}/systemd-rfkill.socket %{_unitdir}/systemd-suspend.service %{_unitdir}/suspend-then-hibernate.target %{_unitdir}/systemd-modules-load.service %{_unitdir}/systemd-tmpfiles-setup-dev.service %{_unitdir}/systemd-vconsole-setup.service %{_unitdir}/systemd-hibernate.service -%{_unitdir}/systemd-backlight@.service %dir %{_unitdir}/systemd-udev-trigger.service.d %{_unitdir}/systemd-random-seed.service -%{_unitdir}/systemd-quotacheck.service -%{_unitdir}/systemd-timesyncd.service %{_unitdir}/systemd-udevd-control.socket %{_unitdir}/hibernate.target %{_unitdir}/systemd-remount-fs.service %{_unitdir}/suspend.target %{_unitdir}/systemd-hybrid-sleep.service -%{_unitdir}/systemd-rfkill.service %{_unitdir}/systemd-suspend-then-hibernate.service -%{_unitdir}/cryptsetup-pre.target %{_unitdir}/hybrid-sleep.target -%{_unitdir}/quotaon.service %{_unitdir}/systemd-hwdb-update.service -%{_unitdir}/systemd-hibernate-resume@.service %{_unitdir}/systemd-udev-settle.service %{_unitdir}/sleep.target %{_unitdir}/kmod-static-nodes.service %{_unitdir}/systemd-udevd-kernel.socket -%{_unitdir}/remote-cryptsetup.target -%{_unitdir}/cryptsetup.target %{_unitdir}/systemd-udev-trigger.service +%{_unitdir}/systemd-hibernate-resume.service +%{_unitdir}/systemd-tmpfiles-setup-dev-early.service %{_unitdir}/sysinit.target.wants/systemd-udevd.service %{_unitdir}/sysinit.target.wants/systemd-modules-load.service %{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev.service %{_unitdir}/sysinit.target.wants/systemd-random-seed.service %{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service -%{_unitdir}/sysinit.target.wants/cryptsetup.target %{_unitdir}/sysinit.target.wants/systemd-udev-trigger.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev-early.service %{_unitdir}/systemd-udev-trigger.service.d/systemd-udev-trigger-no-reload.conf %{_unitdir}/sockets.target.wants/systemd-udevd-control.socket %{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket -%{_systemddir}/system-generators/systemd-cryptsetup-generator +%{_unitdir}/initrd.target.wants/systemd-battery-check.service %{_systemddir}/system-generators/systemd-hibernate-resume-generator %{_systemddir}/system-generators/systemd-gpt-auto-generator -%{_systemddir}/ntp-units.d/80-systemd-timesync.list -%dir %{_systemddir}/boot/efi -%{_systemddir}/boot/efi/systemd-boot%{efi_arch}.efi -%{_systemddir}/boot/efi/linux%{efi_arch}.efi.stub %{_systemddir}/network/99-default.link -%dir /usr/lib/kernel/install.d -/usr/lib/kernel/install.d/20-grubby.install -/usr/lib/kernel/install.d/00-entry-directory.install -/usr/lib/kernel/install.d/90-loaderentry.install -/usr/lib/kernel/install.d/50-depmod.install /usr/lib/udev/v4l_id -%dir /usr/lib/udev/rules.d /usr/lib/udev/ata_id /usr/lib/udev/cdrom_id /usr/lib/udev/mtd_probe /usr/lib/udev/scsi_id +/usr/lib/udev/fido_id +%ifnarch sw_64 riscv64 ppc64le +/usr/lib/udev/dmi_memory_id +%endif +/usr/lib/udev/sense_data.py +/usr/lib/udev/iocost + %dir /usr/lib/udev/hwdb.d %{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb %{_udevhwdbdir}/70-touchpad.hwdb @@ -1375,7 +1457,23 @@ fi %{_udevhwdbdir}/70-joystick.hwdb %{_udevhwdbdir}/60-sensor.hwdb %{_udevhwdbdir}/70-mouse.hwdb -%{_udevrulesdir}/40-openEuler.rules +%{_udevhwdbdir}/60-input-id.hwdb +%{_udevhwdbdir}/60-autosuspend-chromiumos.hwdb +%{_udevhwdbdir}/60-autosuspend.hwdb +%{_udevhwdbdir}/20-dmi-id.hwdb +%{_udevhwdbdir}/60-autosuspend-fingerprint-reader.hwdb +%{_udevhwdbdir}/60-seat.hwdb +%{_udevhwdbdir}/80-ieee1394-unit-function.hwdb +%{_udevhwdbdir}/70-analyzers.hwdb +%{_udevhwdbdir}/70-av-production.hwdb +%{_udevhwdbdir}/70-cameras.hwdb +%{_udevhwdbdir}/70-pda.hwdb +%{_udevhwdbdir}/70-sound-card.hwdb +%{_udevhwdbdir}/README + +%dir /usr/lib/udev/rules.d +%{_udevrulesdir}/60-autosuspend.rules +%{_udevrulesdir}/40-%{vendor}.rules %{_udevrulesdir}/40-elevator.rules %{_udevrulesdir}/73-idrac.rules %{_udevrulesdir}/60-block.rules @@ -1393,7 +1491,6 @@ fi %{_udevrulesdir}/60-persistent-v4l.rules %{_udevrulesdir}/70-joystick.rules %{_udevrulesdir}/70-power-switch.rules -%{_udevrulesdir}/60-block-scheduler.rules %{_udevrulesdir}/60-persistent-storage.rules %{_udevrulesdir}/80-net-setup-link.rules %{_udevrulesdir}/60-evdev.rules @@ -1407,89 +1504,530 @@ fi %{_udevrulesdir}/99-systemd.rules %{_udevrulesdir}/60-persistent-storage-tape.rules %{_udevrulesdir}/50-udev-default.rules +%{_udevrulesdir}/60-fido-id.rules +%{_udevrulesdir}/81-net-dhcp.rules +%{_udevrulesdir}/60-infiniband.rules +%{_udevrulesdir}/70-camera.rules +%ifnarch sw_64 riscv64 ppc64le +%{_udevrulesdir}/70-memory.rules +%endif +%{_udevrulesdir}/60-dmi-id.rules +%{_udevrulesdir}/60-persistent-storage-mtd.rules +%{_udevrulesdir}/90-iocost.rules +%{_udevrulesdir}/README + /usr/lib/modprobe.d/systemd.conf +/usr/share/factory/etc/vconsole.conf %ghost %config(noreplace) /etc/vconsole.conf %dir /etc/udev %dir /etc/kernel -%dir /etc/modules-load.d -%config(noreplace) /etc/systemd/timesyncd.conf %config(noreplace) /etc/systemd/sleep.conf -%dir /etc/kernel/install.d %ghost /etc/udev/hwdb.bin %dir /etc/udev/rules.d %config(noreplace) /etc/udev/udev.conf +%config(noreplace) /etc/udev/iocost.conf %dir /etc/udev/hwdb.d %files container /usr/share/bash-completion/completions/machinectl -/usr/share/bash-completion/completions/systemd-nspawn /usr/share/zsh/site-functions/_machinectl -/usr/share/zsh/site-functions/_systemd-nspawn -/usr/share/dbus-1/system-services/org.freedesktop.import1.service /usr/share/dbus-1/system-services/org.freedesktop.machine1.service -/usr/share/dbus-1/system.d/org.freedesktop.import1.conf +/usr/share/dbus-1/services/org.freedesktop.systemd1.service +/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service /usr/share/dbus-1/system.d/org.freedesktop.machine1.conf -/usr/share/polkit-1/actions/org.freedesktop.import1.policy /usr/share/polkit-1/actions/org.freedesktop.machine1.policy -/usr/lib64/libnss_mymachines.so.2 +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Image.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Machine.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Manager.xml +%{_libdir}/libnss_mymachines.so.2 /usr/bin/machinectl -/usr/bin/systemd-nspawn -%{_systemddir}/systemd-import %{_systemddir}/systemd-machined -%{_systemddir}/systemd-importd -%{_systemddir}/systemd-import-fs -%{_systemddir}/systemd-pull -%{_systemddir}/import-pubring.gpg %{_unitdir}/systemd-machined.service -%{_unitdir}/dbus-org.freedesktop.import1.service %{_unitdir}/var-lib-machines.mount -%{_unitdir}/systemd-importd.service %{_unitdir}/dbus-org.freedesktop.machine1.service %{_unitdir}/machine.slice %{_unitdir}/machines.target %dir %{_unitdir}/machines.target.wants -%{_unitdir}/systemd-nspawn@.service %{_unitdir}/machines.target.wants/var-lib-machines.mount %{_unitdir}/remote-fs.target.wants/var-lib-machines.mount -%{_systemddir}/network/80-container-vz.network -%{_systemddir}/network/80-container-ve.network -/usr/lib/tmpfiles.d/systemd-nspawn.conf - -%files journal-remote -%ghost %dir /var/log/journal/remote -%ghost /var/lib/systemd/journal-upload -%ghost %dir /var/lib/private/systemd/journal-upload -%ghost /var/lib/private/systemd/journal-upload/state -%dir /usr/share/systemd/gatewayd -/usr/share/systemd/gatewayd/browse.html -/usr/lib/sysusers.d/systemd-remote.conf -%{_systemddir}/systemd-journal-upload -%{_systemddir}/systemd-journal-gatewayd -%{_systemddir}/systemd-journal-remote -%{_unitdir}/systemd-journal-upload.service -%{_unitdir}/systemd-journal-gatewayd.service -%{_unitdir}/systemd-journal-gatewayd.socket -%{_unitdir}/systemd-journal-remote.socket -%{_unitdir}/systemd-journal-remote.service -/usr/lib/firewalld/services/systemd-journal-remote.xml -/usr/lib/firewalld/services/systemd-journal-gatewayd.xml -%config(noreplace) /etc/systemd/journal-remote.conf -%config(noreplace) /etc/systemd/journal-upload.conf - -%files udev-compat -%{_udevrulesdir}/55-persistent-net-generator.rules -%{_udevrulesdir}/56-net-sriov-names.rules -%{_udevrulesdir}/61-openeuler-persistent-storage.rules -/usr/lib/udev/rule_generator.functions -/usr/lib/udev/write_net_rules -/usr/lib/udev/net-set-sriov-names -/usr/lib/udev/detect_virt +%{_systemddir}/network/80-vm-vt.network %files help /usr/share/man/*/* %exclude /usr/share/man/man3/* +%files resolved +/usr/sbin/resolvconf +/usr/bin/resolvectl +/usr/share/bash-completion/completions/resolvectl +/usr/share/zsh/site-functions/_resolvectl +/usr/share/bash-completion/completions/systemd-resolve +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.DnssdService.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Manager.xml +/usr/bin/systemd-resolve +%{_systemddir}/resolv.conf +%{_systemddir}/systemd-resolved +%config(noreplace) /etc/systemd/resolved.conf +%{_libdir}/libnss_resolve.so.2 +%{_unitdir}/systemd-resolved.service +/usr/lib/sysusers.d/systemd-resolve.conf +/usr/lib/tmpfiles.d/systemd-resolve.conf + +%files nspawn +/usr/share/bash-completion/completions/systemd-nspawn +/usr/share/zsh/site-functions/_systemd-nspawn +/usr/bin/systemd-nspawn +%{_unitdir}/systemd-nspawn@.service +/usr/lib/tmpfiles.d/systemd-nspawn.conf + +%files networkd +/usr/share/bash-completion/completions/networkctl +/usr/share/zsh/site-functions/_networkctl +/usr/share/dbus-1/system-services/org.freedesktop.network1.service +/usr/share/dbus-1/system.d/org.freedesktop.network1.conf +/usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Network.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv4Client.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv6Client.xml +/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/bin/networkctl +%{_systemddir}/systemd-networkd-wait-online +%{_systemddir}/systemd-networkd +%{_unitdir}/systemd-networkd.socket +%{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd-wait-online@.service +%{_unitdir}/systemd-networkd.service +%{_systemddir}/network/80-container-host0.network +%dir /etc/systemd/network +%config(noreplace) /etc/systemd/networkd.conf +%{_systemddir}/network/80-container-vz.network +%{_systemddir}/network/80-container-ve.network +%{_systemddir}/network/80-wifi-adhoc.network +%{_systemddir}/network/80-wifi-ap.network.example +%{_systemddir}/network/80-wifi-station.network.example +%{_systemddir}/network/80-6rd-tunnel.network +%{_systemddir}/network/80-container-vb.network +%{_systemddir}/network/80-auto-link-local.network.example +%{_systemddir}/network/89-ethernet.network.example +/usr/lib/sysusers.d/systemd-network.conf +/usr/lib/tmpfiles.d/systemd-network.conf + +%files timesyncd +%dir %{_systemddir}/ntp-units.d +%{_systemddir}/systemd-time-wait-sync +%{_unitdir}/systemd-time-wait-sync.service +%ghost %dir /var/lib/systemd/timesync +%ghost /var/lib/systemd/timesync/clock +/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service +/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +/usr/share/polkit-1/actions/org.freedesktop.timesync1.policy +%{_systemddir}/systemd-timesyncd +%{_unitdir}/systemd-timesyncd.service +%{_systemddir}/ntp-units.d/80-systemd-timesync.list +%config(noreplace) /etc/systemd/timesyncd.conf +/usr/lib/sysusers.d/systemd-timesync.conf + +%files pam +%{_libdir}/security/pam_systemd.so +%{_libdir}/security/pam_systemd_loadkey.so + %changelog +* Sat Apr 13 2024 licunlong - 255-8 +- sync upstream patch + +* Wed Mar 27 2024 huyubiao - 255-7 +- DESC:add backport-core-exec-do-not-crash-with-UtmpMode-user-without-Us.patch + backport-resolved-limit-the-number-of-signature-validations-i.patch + backport-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch + +* Mon Mar 18 2024 huyubiao - 255-6 +- switch systemd back to cgroup v1 to prevent the docker.service startup failure + +* Fri Mar 1 2024 huyubiao - 255-5 +- move the architecture patches after Patch9800 (excluding Patch9800) + +* Thu Feb 29 2024 licunlong - 255-4 +- fix the compilation warning caused by misusing const + +* Wed Feb 28 2024 huyubiao - 255-3 +- 1.add cpuset-cgv1 and freezer-cgv1 macros and enabled by default + 2.add missing sw_64 macro in prep phase + +* Sun Feb 18 2024 huyubiao - 255-2 +- allow underscore in hostname + +* Mon Jan 22 2024 huyubiao - 255-1 +- update systemd to v255 + +* Thu Dec 28 2023 wangyuhang - 253-10 +- actually check authenticated flag of SOA transaction in resolved + +* Thu Dec 21 2023 xujing - 253-9 +- backport: fix /boot unmounted issue when the device is suspended during boot time + +* Mon Dec 18 2023 huyubiao - 253-8 +- backport: sync patches from systemd community + add backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch + backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-bus-add-some-minimal-bounds-check-on-signatures.patch + backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch + backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch + backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch + backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch + +* Tue Dec 12 2023 hongjinghao - 253-7 +- backport: sync patches from systemd community + +* Thu Nov 30 2023 jiahua.yu - 253-6 +- init support for ppc64le + +* Fri Sep 15 2023 hongjinghao - 253-5 +- journal: don't enable systemd-journald-audit.socket + +* Thu Aug 17 2023 wangyuhang - 253-4 +- add a new switch to control whether udev complies with the new SAT standards + and add sense_data.py to check if the device meets the new SAT standards + fix compilation failure with - O0 option + +* Mon Jul 31 2023 huyubiao - 253-3 +- sync the patch from v249 + +* Sat Jul 29 2023 huyubiao - 253-2 +- fix the dynamic library cannot be found + +* Thu Jul 20 2023 huyubiao - 253-1 +- systemd update to v253 + +* Thu Jun 15 2023 hongjinghao - 249-52 +- backport: sync patches from systemd community + +* Mon Jun 12 2023 chenjiayi - 249-51 +- backport upstream patches to fix event loss when the whole disk is locked + +* Thu Jun 8 2023 licunlong - 249-50 +- set the cpuset.cpus/mems of machine.slice to all by default + +* Wed Mar 22 2023 hongjinghao - 249-49 +- backport: sync patches from systemd community + +* Tue Mar 7 2023 wangyuhang -249-48 +- fix symlinks to NVMe drives are missing in /dev/disk/by-path + +* Tue Feb 28 2023 misaka00251 -249-47 +- Exclude riscv64 unsupported files for now, might add them back later + +* Thu Jan 19 2023 yangmingtai -249-46 +- delete unused patch files + +* Fri Jan 13 2023 yangmingtai -249-45 +- backport patches from upstream and add patchs to enhance compatibility + and features + +* Wed Dec 28 2022 huyubiao - 249-44 +- fix CVE-2022-4415 + +* Mon Dec 12 2022 huajingyun - 249-43 +- Add loongarch for missing_syscall_def.h + +* Wed Nov 23 2022 yangmingtai -249-42 +- 1.change /etc/systemd/journald.conf ForwardToWall to no + 2.change DefaultLimitMEMLOCK to 64M + 3.replace openEuler to vendor + 4.delete useless file udev-61-openeuler-persistent-storage.rules + +* Tue Nov 15 2022 huajingyun - 249-41 +- Add loongarch64 architecture + +* Mon Nov 7 2022 yangmingtai -249-40 +- fix CVE-2022-3821 + +* Thu Oct 27 2022 wuzx - 249-39 +- Add sw64 architecture + +* Mon Oct 10 2022 wangyuhang -249-38 +- backport: sync systemd-stable-249 patches from systemd community + +* Thu Sep 29 2022 yangmingtai -249-37 +- 1.change default ntp server + 2.correct the default value of RuntimeDirectoryInodesMax + +* Fri Sep 16 2022 yangmingtai -249-36 +- revert:delete the initrd-usr-fs.target + +* Wed Sep 14 2022 xujing -249-35 +- revert add ProtectClock=yes + +* Fri Sep 2 2022 Wenchao Hao -249-34 +- scsi_id: retry inquiry ioctl if host_byte is DID_TRANSPORT_DISRUPTED + +* Thu Sep 1 2022 hongjinghao - 249-33 +- 1. Don't set AlternativeNamesPolicy by default + 2. fix systemd-journald coredump + +* Tue Aug 02 2022 zhukeqian -249-32 +- core: replace slice dependencies as they get added + +* Wed Jun 22 2022 zhangyao -249-31 +- fix don't preset systemd-timesyncd when install systemd-udev + +* Tue Jun 21 2022 zhangyao -249-30 +- fix Avoid /tmp being mounted as tmpfs without the user's will + +* Tue Jun 21 2022 wangyuhang -249-29 +- fix build fail on meson-0.6 + 1. delete invalid meson build option + 2. meson.build: change operator combining bools from + to and + +* Fri Jun 17 2022 wangyuhang -249-28 +- revert rpm: restart services in %posttrans + fix spelling errors in systemd.spec, fdev -> udev + +* Wed Jun 01 2022 licunlong -249-27 +- move udev{rules, hwdb, program} to systemd-udev. + +* Mon Apr 18 2022 xujing - 249-26 +- rename patches name and use patch from upstream + +* Tue Apr 12 2022 xujing - 249-25 +- core: skip change device to dead in manager_catchup during booting + +* Tue Apr 12 2022 xujing - 249-24 +- print the real reason for link update + +* Tue Apr 12 2022 xujing - 249-23 +- check whether command_prev is null before assigning value + +* Mon Apr 11 2022 xujing - 249-22 +- solve that rsyslog reads journal's object of size 0 + +* Mon Apr 11 2022 xujing - 249-21 +- disable initialize_clock + +* Fri Apr 8 2022 xujing - 249-20 +- fix name of option: RuntimeDirectoryInodes + +* Fri Apr 8 2022 wangyuhang - 249-19 +- set dnssec to be allow-downgrade by default + set mdns to be yes by default + set llmnr to be yes by default + +* Sat Apr 2 2022 xujing - 249-18 +- set urlify to be disabled by default + +* Thu Mar 31 2022 xujing - 249-17 +- set DEFAULT_TASKS_MAX to 80% and set mode to release + +* Wed Mar 23 2022 xujing - 249-16 +- systemd-journald: Fix journal file descriptors leak problems. + systemd: Activation service must be restarted when it is already started and re-actived by dbus + systemd-core: fix problem of dbus service can not be started + systemd-core: Delay to restart when a service can not be auto-restarted when there is one STOP_JOB for the service + core: fix SIGABRT on empty exec command argv + journalctl: never fail at flushing when the flushed flag is set + timesync: fix wrong type for receiving timestamp in nanoseconds + udev: fix potential memleak + +* Fri Mar 18 2022 yangmingtai - 249-15 +- fix systemctl reload systemd-udevd failed + +* Thu Mar 17 2022 xujing - 249-14 +- pid1 bump DefaultTasksMax to 80% of the kernel pid.max value + +* Thu Mar 17 2022 xujing - 249-13 +- allow more inodes in /dev an /tmp + +* Fri Mar 11 2022 yangmingtai - 249-12 +- disable some features + +* Thu Mar 10 2022 xujing - 249-11 +- core: use empty_to_root for cgroup path in log messages + +* Tue Mar 1 2022 yangmingtai - 249-10 +- revert :core map io.bfq.weight to 1..1000 + +* Tue Mar 1 2022 duyiwei - 249-9 +- change %systemd_requires to %{?systemd_requires} + +* Tue Feb 22 2022 xujing - 249-8 +- temporarily disable test-seccomp and ensure some features disabled + +* Tue Feb 15 2022 yangmingtai - 249-7 +- disable rename function of net interface + +* Tue Feb 15 2022 yangmingtai - 249-6 +- nop_job of a unit must also be coldpluged after deserization + +* Tue Feb 15 2022 yangmingtai - 249-5 +- fix CVE-2021-3997 and CVE-2021-33910 + +* Tue Feb 8 2022 yangmingtai - 249-4 +- fix ConditionDirectoryNotEmpty,ConditionPathIsReadWrite and DirectoryNotEmpty + +* Tue Feb 8 2022 yangmingtai - 249-3 +- do not make systemd-cpredump sub packages + +* Mon Dec 27 2021 yangmingtai - 249-2 +- delete useless Provides and Obsoletes + +* Wed Dec 8 2021 yangmingtai - 249-1 +- systemd update to v249 + +* Tue Dec 28 2021 licunlong - 248-15 +- fix typo: disable not denable. + +* Wed Dec 01 2021 licunlong - 248-14 +- disable systemd-{timesyncd, networkd, resolved} by default + +* Thu Sep 16 2021 ExtinctFire - 248-13 +- core: fix free undefined pointer when strdup failed in the first loop + +* Mon Sep 6 2021 yangmingtai - 248-12 +- move postun to correct position + +* Sat Sep 4 2021 yangmingtai - 248-11 +- systemd delete rpath + +* Mon Aug 30 2021 yangmingtai - 248-10 +- enable some patches and delete unused patches + +* Thu Aug 26 2021 xujing - 248-9 +- enable some patches to fix bugs + +* Mon Aug 16 2021 yangmingtai - 248-8 +- udev: exec daemon-reload after installation + +* Thu Jul 22 2021 yangmingtai - 248-7 +- fix CVE-2021-33910 + +* Thu Jun 03 2021 shenyangyang - 248-6 +- change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 + +* Mon May 31 2021 hexiaowen - 248-5 +- fix typo + +* Wed May 19 2021 fangxiuning - 248-4 +- journald: enforce longer line length limit during "setup" phase of stream protocol + +* Fri Apr 30 2021 hexiaowen - 248-3 +- delete unused rebase-patch + +* Fri Apr 30 2021 hexiaowen - 248-2 +- delete unused patches + +* Fri Apr 30 2021 hexiaowen - 248-1 +- Rebase to version 248 + +* Wed Mar 31 2021 fangxiuning - 246-15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix userdata double free + +* Wed Mar 3 2021 shenyangyang - 246-14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix Failed to migrate controller cgroups from *: Permission denied + +* Sat Feb 27 2021 shenyangyang - 246-13 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:xdg autostart Lower most info messages to debug level + +* Sat Feb 27 2021 gaoyi - 246-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:just configure DefaultTasksMax when install + +* Tue Jan 26 2021 extinctfire - 246-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix login timeout 2 minutes + +* Fri Dec 18 2020 overweight - 246-10 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix 40-openEuler.rules for memory offline + +* Wed Dec 16 2020 shenyangyang - 246-9 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:do not create /var/log/journal on initial installation + +* Wed Nov 25 2020 shenyangyang - 246-8 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:don't enable systemd-journald-audit.socket by default + +* Thu Sep 17 2020 openEuler Buildteam - 246-7 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches and rebase to bded6f + +* Fri Sep 11 2020 openEuler Buildteam - 246-6 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:delete unneed patches + +* Wed Sep 9 2020 openEuler Buildteam - 246-5 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:set default tasks max to 85% + +* Wed Sep 9 2020 openEuler Buildteam - 246-4 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix error handling on readv + +* Sat Aug 01 2020 openEuler Buildteam - 246-3 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to real release 246 + +* Tue Jul 7 2020 openEuler Buildteam - 246-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix buffer overrun when urlifying. + +* Fri Jun 12 2020 openEuler Buildteam - 246-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to release 246 + +* Thu May 28 2020 openEuler Buildteam - 243-23 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add requirement of systemd to libs + +* Mon May 11 2020 openEuler Buildteam - 243-22 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:solve the build failure caused by the upgrade of libseccomp + * Mon Apr 27 2020 openEuler Buildteam - 243-21 - Type:enhancement - ID:NA @@ -1887,7 +2425,7 @@ fi - Type:bugfix - ID:NA - SUG:restart -- DESC:do not create /var/log/journal on initial installation refer to redhat8 +- DESC:do not create /var/log/journal on initial installation * Sat Feb 02 2019 Yi Cang - 239-3.h3 - Type:enhance diff --git a/systemd.yaml b/systemd.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6104b32da120cf9f0688b5bef75b9dec829a3bc7 --- /dev/null +++ b/systemd.yaml @@ -0,0 +1,5 @@ +--- +version_control: github +src_repo: systemd/systemd +tag_prefix: ^v +seperator: . diff --git a/treat-underscore-as-valid-hostname-char.patch b/treat-underscore-as-valid-hostname-char.patch new file mode 100644 index 0000000000000000000000000000000000000000..6472129de2ee8cba67d65818d6a7b7e23c431364 --- /dev/null +++ b/treat-underscore-as-valid-hostname-char.patch @@ -0,0 +1,72 @@ +From c04904a4f54f8949a6a7821a0859e2732366259b Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Tue, 24 Nov 2020 19:57:38 +0800 +Subject: [PATCH] treat underscore as valid hostname char + +--- + src/basic/hostname-util.c | 14 ++++++++++++-- + test/test-network-generator-conversion.sh | 2 +- + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c +index e743033..8464164 100644 +--- a/src/basic/hostname-util.c ++++ b/src/basic/hostname-util.c +@@ -80,6 +80,16 @@ bool valid_ldh_char(char c) { + c == '-'; + } + ++static bool hostname_valid_char(char c) { ++ return ++ (c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9') || ++ c == '-' || ++ c == '_' || ++ c == '.'; ++} ++ + bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { + unsigned n_dots = 0; + const char *p; +@@ -116,7 +126,7 @@ bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { + hyphen = true; + + } else { +- if (!valid_ldh_char(*p)) ++ if (!hostname_valid_char(*p)) + return false; + + dot = false; +@@ -158,7 +168,7 @@ char* hostname_cleanup(char *s) { + dot = false; + hyphen = true; + +- } else if (valid_ldh_char(*p)) { ++ } else if (hostname_valid_char(*p)) { + *(d++) = *p; + dot = false; + hyphen = false; +diff --git a/test/test-network-generator-conversion.sh b/test/test-network-generator-conversion.sh +index 6224a4d..05ef833 100755 +--- a/test/test-network-generator-conversion.sh ++++ b/test/test-network-generator-conversion.sh +@@ -283,6 +283,7 @@ COMMAND_LINES=( + "ip=:::::dhcp99:dhcp6:10.0.0.128:[fdef:c400:bd01:1096::bbbb]" + "ip=::::::any" + "ip=::::::ibft" ++ "ip=10.0.0.1:::255.255.255.0:valid_hostname:foo99:off" + ) + for cmdline in "${COMMAND_LINES[@]}"; do + check_one_long "$cmdline" +@@ -294,7 +295,6 @@ INVALID_COMMAND_LINES=( + "ip=:::::::foo" + "ip=10.0.0:::255.255.255.0::foo99:off" + "ip=10.0.0.1:::255.255.255::foo99:off" +- "ip=10.0.0.1:::255.255.255.0:invalid_hostname:foo99:off" + "ip=10.0.0.1:::255.255.255.0::verylonginterfacename:off" + "ip=:::::dhcp99:dhcp6:0" + "ip=:::::dhcp99:dhcp6:-1" +-- +2.39.1 + diff --git a/udev-40-openEuler.rules b/udev-40-generic.rules similarity index 94% rename from udev-40-openEuler.rules rename to udev-40-generic.rules index ed85acbb7d70abfdcc829aeee52da3e342258ae8..dcf0ef0e390fdda40681a9a2c96063929583c77a 100644 --- a/udev-40-openEuler.rules +++ b/udev-40-generic.rules @@ -4,7 +4,8 @@ SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" # Memory hotadd request -SUBSYSTEM!="memory", ACTION!="add", GOTO="memory_hotplug_end" +SUBSYSTEM!="memory", GOTO="memory_hotplug_end" +ACTION!="add", GOTO="memory_hotplug_end" PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end" ENV{.state}="online" diff --git a/udev-61-openeuler-persistent-storage.rules b/udev-61-openeuler-persistent-storage.rules deleted file mode 100644 index 50d751531bda10816006320d6bd1bb9e799020d1..0000000000000000000000000000000000000000 --- a/udev-61-openeuler-persistent-storage.rules +++ /dev/null @@ -1,3 +0,0 @@ -# scsi compat links for ATA devices -KERNEL=="sd*[!0-9]", ENV{ID_BUS}=="ata", PROGRAM="scsi_id --whitelisted --replace-whitespace -p0x80 -d$tempnode", RESULT=="?*", ENV{ID_SCSI_COMPAT}="$result", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}" -KERNEL=="sd*[0-9]", ENV{ID_SCSI_COMPAT}=="?*", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}-part%n" diff --git a/1603-udev-add-actions-while-rename-netif-failed.patch b/udev-add-actions-while-rename-netif-failed.patch similarity index 41% rename from 1603-udev-add-actions-while-rename-netif-failed.patch rename to udev-add-actions-while-rename-netif-failed.patch index 6d829466f00f9c933e1c4b907877fbfbbb5fb704..cf40deda4c9befcb166ac2f609b188fb0046bf68 100644 --- a/1603-udev-add-actions-while-rename-netif-failed.patch +++ b/udev-add-actions-while-rename-netif-failed.patch @@ -3,77 +3,99 @@ From: systemd team Date: Tue, 7 Mar 2017 08:20:10 +0000 Subject: [PATCH] udev-add-actions-while-rename-netif-failed --- - src/udev/udev-event.c | 42 ++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 38 insertions(+), 4 deletions(-) + src/udev/udev-event.c | 51 +++++++++++++++++++++++++++++++++++++------ + 1 file changed, 44 insertions(+), 7 deletions(-) diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 8cfa2cd..46bbcb1 100644 +index ed22c8b..a387517 100644 --- a/src/udev/udev-event.c +++ b/src/udev/udev-event.c -@@ -788,6 +788,7 @@ static int rename_netif(UdevEvent *event) { - sd_device *dev = event->dev; - const char *oldname; +@@ -1,5 +1,6 @@ + /* SPDX-License-Identifier: GPL-2.0-or-later */ + ++#include + #include "alloc-util.h" + #include "device-internal.h" + #include "device-private.h" +@@ -10,6 +11,7 @@ + #include "path-util.h" + #include "string-util.h" + #include "strv.h" ++#include "strxcpyx.h" + #include "udev-event.h" + #include "udev-node.h" + #include "udev-trace.h" +@@ -107,6 +109,7 @@ static int rename_netif(UdevEvent *event) { + const char *s; + sd_device *dev; int ifindex, r; + char name[IFNAMSIZ]; - - if (!event->name) - return 0; /* No new name is requested. */ -@@ -808,10 +809,43 @@ static int rename_netif(UdevEvent *event) { - if (r < 0) - return log_device_error_errno(dev, r, "Failed to get ifindex: %m"); - -- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); + + assert(event); + +@@ -177,21 +180,55 @@ static int rename_netif(UdevEvent *event) { + goto revert; + } + +- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames); + strscpy(name, IFNAMSIZ, event->name); + -+ r = rtnl_set_link_name(&event->rtnl, ifindex, name); - if (r < 0) -- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", -- ifindex, oldname, event->name); -+ { ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames); + if (r < 0) { + if (r == -EBUSY) { + log_device_info(event->dev_db_clone, + "Network interface '%s' is already up, cannot rename to '%s'.", + old_sysname, event->name); + r = 0; +- } else +- log_device_error_errno(event->dev_db_clone, r, +- "Failed to rename network interface %i from '%s' to '%s': %m", +- ifindex, old_sysname, event->name); +- goto revert; ++ goto revert; ++ } + int loop; + if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; + } + -+ snprintf(name, IFNAMSIZ, "rename%u", ifindex); -+ r = rtnl_set_link_name(&event->rtnl, ifindex, name); ++ snprintf(name, IFNAMSIZ, "rename%d", ifindex); ++ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames); + if (r < 0) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; + } + -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, name); + + /* wait 90 seconds for our target to become available */ + loop = 90 * 20; + while (loop--) { + const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 }; + -+ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); ++ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames); + if (r == 0) { + log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, name, event->name); -+ return 0; ++ goto revert; + } + + if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); ++ goto revert; + } + log_debug( "wait for netif '%s' to become free, loop=%i\n", + event->name, (90 * 20) - loop); + nanosleep(&duration, NULL); + } -+ } - - /* Set ID_RENAMING boolean property here, and drop it in the corresponding move uevent later. */ - r = device_add_property(dev, "ID_RENAMING", "1"); -@@ -822,7 +856,7 @@ static int rename_netif(UdevEvent *event) { - if (r < 0) - return log_device_warning_errno(dev, r, "Failed to update properties with new name '%s': %m", event->name); - -- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); ++ + } +- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); return 1; - } --- -2.19.1 + + revert: +-- +2.33.0 diff --git a/udev-virsh-shutdown-vm.patch b/udev-virsh-shutdown-vm.patch index 194093109b6bf6e35be30c0bba885996e69f2566..f261c3eae9067be317dd2b18b61b05cbb41b5a83 100644 --- a/udev-virsh-shutdown-vm.patch +++ b/udev-virsh-shutdown-vm.patch @@ -4,13 +4,13 @@ Date: Thu, 31 Jan 2019 02:24:16 -0500 Subject: [PATCH] systemd:virsh shutdown vm --- - src/login/70-power-switch.rules | 1 + + rules.d/70-power-switch.rules | 1 + 1 file changed, 1 insertion(+) -diff --git a/src/login/70-power-switch.rules b/src/login/70-power-switch.rules -index d69e65b..cb77f7a 100644 ---- a/src/login/70-power-switch.rules -+++ b/src/login/70-power-switch.rules +diff --git a/rules.d/70-power-switch.rules b/rules.d/70-power-switch.rules +index 3fb954a..bc79410 100644 +--- a/rules.d/70-power-switch.rules ++++ b/rules.d/70-power-switch.rules @@ -11,5 +11,6 @@ ACTION=="remove", GOTO="power_switch_end" SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_SWITCH}=="1", TAG+="power-switch" @@ -19,5 +19,5 @@ index d69e65b..cb77f7a 100644 LABEL="power_switch_end" -- -1.8.3.1 +2.33.0 diff --git a/unit-don-t-add-Requires-for-tmp.mount.patch b/unit-don-t-add-Requires-for-tmp.mount.patch index 99d5db276304c942b71c5b206f5be9be567b5c61..6247515f68f336f9b298b16cb6af7c88e6d41eac 100644 --- a/unit-don-t-add-Requires-for-tmp.mount.patch +++ b/unit-don-t-add-Requires-for-tmp.mount.patch @@ -14,8 +14,8 @@ index c9f756c..721d8d6 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1421,7 +1421,7 @@ static int unit_add_mount_dependencies(Unit *u) { - if (r < 0) return r; + changed = changed || r > 0; - if (m->fragment_path) { + if (m->fragment_path && !streq(m->id, "tmp.mount")) { diff --git a/units-add-Install-section-to-tmp.mount.patch b/units-add-Install-section-to-tmp.mount.patch index b1a615a0decf92a4dafbb8f7f3a2f36eef6b8f06..b7c1fd46ef23731e46be87c342141f59a4008c31 100644 --- a/units-add-Install-section-to-tmp.mount.patch +++ b/units-add-Install-section-to-tmp.mount.patch @@ -9,17 +9,17 @@ Resolves: #1667065 1 file changed, 4 insertions(+) diff --git a/units/tmp.mount b/units/tmp.mount -index 742d863..b558047 100644 +index cf68378..66d9a32 100644 --- a/units/tmp.mount +++ b/units/tmp.mount -@@ -22,3 +22,7 @@ What=tmpfs +@@ -23,3 +23,7 @@ What=tmpfs Where=/tmp Type=tmpfs - Options=mode=1777,strictatime,nosuid,nodev + Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m + +# Make 'systemctl enable tmp.mount' work: +[Install] +WantedBy=local-fs.target -- -1.8.3.1 +2.23.0 diff --git a/1605-update-rtc-with-system-clock-when-shutdown.patch b/update-rtc-with-system-clock-when-shutdown.patch similarity index 61% rename from 1605-update-rtc-with-system-clock-when-shutdown.patch rename to update-rtc-with-system-clock-when-shutdown.patch index 86a87e457bf0e9774d8c537dc2c5bd1d914c9d16..ba4dff64b5c2258e103eb849d97a4794b3e90bd6 100644 --- a/1605-update-rtc-with-system-clock-when-shutdown.patch +++ b/update-rtc-with-system-clock-when-shutdown.patch @@ -1,12 +1,11 @@ -m a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 +From a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 From: update-rtc-with-system-clock-when-shutdown Date: Sat, 2 Feb 2019 02:54:52 -0500 Subject: [PATCH] Module: modification summary - --- units/hwclock-save.service.in | 19 +++++++++++++++++++ - units/meson.build | 2 ++ - + units/meson.build | 4 ++++ + 2 files changed, 23 insertions(+) create mode 100644 units/hwclock-save.service.in diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in @@ -35,18 +34,20 @@ index 0000000..db33418 +WantedBy=default.target + diff --git a/units/meson.build b/units/meson.build -index e4ac6ce..67126d6 100644 +index e7bfb7f..159d337 100644 --- a/units/meson.build +++ b/units/meson.build -@@ -211,6 +211,8 @@ in_units = [ - 'sysinit.target.wants/'], - ['systemd-update-done.service', '', - 'sysinit.target.wants/'], -+ ['hwclock-save.service', '', -+ 'sysinit.target.wants/'], - ['systemd-update-utmp-runlevel.service', 'ENABLE_UTMP HAVE_SYSV_COMPAT', - 'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'], - ['systemd-update-utmp.service', 'ENABLE_UTMP', +@@ -653,6 +653,10 @@ units = [ + 'file' : 'systemd-update-done.service.in', + 'symlinks' : ['sysinit.target.wants/'], + }, ++ { ++ 'file' : 'hwclock-save.service.in', ++ 'symlinks' : ['sysinit.target.wants/'], ++ }, + { + 'file' : 'systemd-update-utmp-runlevel.service.in', + 'conditions' : ['ENABLE_UTMP', 'HAVE_SYSV_COMPAT'], -- -1.8.3.1 +2.33.0