SLFO-pool/systemd
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:d098e27f89be0694c6fedf6b7fd33142f61c5c0c4c5ca5e1607dd145231adeb4
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
compare: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

13 Commits
d098e27f89 ... 1.1

Author SHA256 Message Date
Adrian Schröter
fcc344749b Sync from SUSE:SLFO:1.1 systemd revision c87bb4a4162340f7e327a1d31b274578 2025-08-16 13:34:42 +02:00
Adrian Schröter
f5b80c41e6 Sync from SUSE:SLFO:1.1 systemd revision 5305178056ce5bd53350d998b50b35ef 2025-06-12 09:09:27 +02:00
Adrian Schröter
c1f6734b40 Sync from SUSE:SLFO:1.1 systemd revision c8b866fd6a6ebc919c71642fb83538f1 2025-05-09 08:30:17 +02:00
Adrian Schröter
31786e5bf6 Sync from SUSE:SLFO:1.1 systemd revision 41f23b982c443b6bb36c188ff209f4b1 2025-03-11 14:47:14 +01:00
Adrian Schröter
0159c86e80 Sync from SUSE:SLFO:Main systemd revision 717f834345a3e9dd5e11966b78076c4b 2025-02-20 10:06:48 +01:00
Adrian Schröter
938aeca38d Sync from SUSE:SLFO:Main systemd revision 05702c76bd91930adb313170794c6296 2025-01-16 10:19:37 +01:00
Adrian Schröter
01cda40971 Sync from SUSE:SLFO:Main systemd revision 7f7f627e0b1eb87fecb007ead41454aa 2024-12-27 16:00:52 +01:00
Adrian Schröter
0d163da47e Sync from SUSE:SLFO:Main systemd revision bfc711aac80d4920b48ad209bc2c9423 2024-12-04 09:27:41 +01:00
Adrian Schröter
7c4eb23411 Sync from SUSE:SLFO:1.1 systemd revision 6961d2e95ebed3678ad261c3a5874249 2024-10-23 09:58:24 +02:00
Adrian Schröter
0749fbfdff Sync from SUSE:SLFO:Main systemd revision 390d653de4477a8f2966339620c1ebf8 2024-09-13 16:07:08 +02:00
Adrian Schröter
9f286e27f0 Sync from SUSE:SLFO:Main systemd revision d15f0b8b2740712b30a4672d9975f304 2024-09-04 09:09:50 +02:00
Adrian Schröter
ca2a58aecc Sync from SUSE:SLFO:Main systemd revision 57f9c1238178e27816abf739ca2e9938 2024-08-21 17:35:56 +02:00
Adrian Schröter
8cbf0f83d7 Sync from SUSE:SLFO:Main systemd revision a132c5afc5b865b9d9e1ac2ec83fae47 2024-08-06 14:07:00 +02:00
27 changed files with 2004 additions and 1585 deletions
Expand all files Collapse all files

593
0001-udev-restore-some-legacy-symlinks-to-maintain-backwa.patch Normal file
View File

@@ -0,0 +1,593 @@
From 67c013cbccb32debeeaed7a943b9245ab82f128d Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 13 Sep 2024 12:16:12 +0200
Subject: [PATCH] udev: restore some legacy symlinks to maintain backward
compatibility
Extracted the openSUSE git repository, branch "compats/udev-compat-symlinks",
commit aa2d840a3b149497a0de95049482eb9f1c667a38.
---
meson.build | 1 +
rules.d/61-persistent-storage-compat.rules | 137 ++++++++
rules.d/meson.build | 1 +
src/udev/compat/meson.build | 14 +
src/udev/compat/path_id_compat.c | 378 +++++++++++++++++++++
5 files changed, 531 insertions(+)
create mode 100644 rules.d/61-persistent-storage-compat.rules
create mode 100644 src/udev/compat/meson.build
create mode 100644 src/udev/compat/path_id_compat.c
diff --git a/meson.build b/meson.build
index 2eaf69bb85..5ad90aaca2 100644
--- a/meson.build
+++ b/meson.build
@@ -2280,6 +2280,7 @@ subdir('src/libsystemd')
subdir('src/shared')
subdir('src/udev')
subdir('src/libudev')
+subdir('src/udev/compat') # must be after 'src/libudev' for the definition of 'libudev_basic'
subdir('src/cryptsetup/cryptsetup-tokens')
libsystemd = shared_library(
diff --git a/rules.d/61-persistent-storage-compat.rules b/rules.d/61-persistent-storage-compat.rules
new file mode 100644
index 0000000000..bd229f619b
--- /dev/null
+++ b/rules.d/61-persistent-storage-compat.rules
@@ -0,0 +1,137 @@
+# Do not edit this file, it will be overwritten on update.
+
+# This file contains *depecrated* rules kept only for backward
+# compatibility reasons. Indeed upstream has the bad habit to change
+# symlink naming schemes hence breaking systems using the old schemes.
+#
+# If your system uses one of the symlinks generated by these compat
+# rules (usually in /etc/fstab), we encourage you to replace the
+# relevant paths with the new ones (symlinks generated by
+# 60-persistent-storage.rules).
+#
+# You might check if your system relies on one of those compat symlinks
+# by disabling their creation at boot time. To do so, append
+# "udev.compat_symlink_generation=0" to the kernel command line. If
+# your system works flawlessly, there's a good chance that your system
+# doesn't rely on them and they could be disabled permanently.
+#
+# Thanks !
+#
+# Note: this rules file can rely on all ID_* variables (set by
+# 60-persistent-storage.rule) but should not overwrite them, see
+# bsc#1048679 for details.
+
+ACTION=="remove", GOTO="persistent_storage_end"
+
+SUBSYSTEM!="block", GOTO="persistent_storage_end"
+KERNEL!="nvme*|sd*", GOTO="persistent_storage_end"
+
+# ignore partitions that span the entire disk
+TEST=="whole_disk", GOTO="persistent_storage_end"
+
+#
+# The compat symlink generation number can be specified through the kernel
+# command line and in that case it will take precedence.
+#
+# Note: any non-supported values (including "0") will disable all generations
+# whereas no values specified will be equivalent to a value "1" and therefore
+# will request the creation of all compat symlinks (whatever their age).
+#
+IMPORT{cmdline}="udev.compat_symlink_generation"
+ENV{COMPAT_SYMLINK_GENERATION}="$env{udev.compat_symlink_generation}"
+
+#
+# Systems without the compat-symlinks-generation file are systems
+# installed before compat rules were created. They might be using
+# one of those compat symlinks (can be any generation).
+#
+ENV{COMPAT_SYMLINK_GENERATION}!="?*", IMPORT{file}="/usr/lib/udev/compat-symlink-generation"
+ENV{COMPAT_SYMLINK_GENERATION}!="?*", ENV{COMPAT_SYMLINK_GENERATION}="1"
+
+#
+# Generation #1
+#
+ENV{COMPAT_SYMLINK_GENERATION}!="1", GOTO="generation_2"
+
+# NVMe symlinks were introduced by a SUSE specific commit (bsc#944132) which
+# relied on scsi_id (unfortunately) and hence used the NVMe SCSI translation
+# layer. Later upstream added (by-id) symlinks for NVMe as well but reads the
+# device properties from its sysfs attributes instead. The symlinks names
+# generated in both cases are not identical so we still have to generate the
+# old ones for backward compatibly reasons.
+#
+# The SCSI translation layer for NVMe devices has been removed from the kernel
+# since 4.13, therefore we had to drop the use of scsi_id and use the sysfs
+# interface to mimic scsi_id and continue to generate the old compat symlinks.
+#
+# The rules below hopefully mimics the main cases only as it's impossible to
+# re-implement the exact behavior of scsi_id via udev rules.
+#
+# scsi_id acted differently depending on the NVMe revision implemented by a
+# device, which can lead to problems if the device firmware is
+# updated. Therefore symlinks for all NVMe revisions are generated now.
+#
+# Extra care is needed for whitespace handling. For example we can't use
+# %s{model} to retrieve the model string because udev strips any trailing
+# whitespaces and some plateforms (QEMU does that) might append such chars. In
+# those cases scsi_id was replacing them with a single trailing '_'. Therefore
+# the currently code retrieves the model string manually making sure to
+# preserve all characters so trailing whitespaces are still converted when the
+# symlink is created.
+
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_EUI_COMPAT}!="?*", ATTRS{eui}=="?*", ATTRS{eui}!="0000000000000000", \
+ PROGRAM=="/bin/sh -c 'eui=\"%s{eui}\"; echo $${eui// /}", ENV{ID_NVME_EUI_COMPAT}="2%c"
+
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_NGUID_COMPAT}!="?*", ATTRS{nguid}=="?*", \
+ PROGRAM=="/bin/sh -c 'nguid=\"%s{nguid}\"; echo $${nguid//-/}", ENV{ID_NVME_NGUID_COMPAT}="%c"
+
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_SERIAL_COMPAT}!="?*", ATTRS{model}=="?*", ATTRS{serial}=="?*", \
+ PROGRAM=="/bin/sh -c ' \
+ cd /sys/%p; \
+ while ! [ -f model ]; do \
+ cd ..; \
+ [ $$(pwd) = %S ] && exit 1; \
+ done; \
+ cut -c 1-16 model'", ENV{ID_NVME_SERIAL_COMPAT}="SNVMe_%c%s{serial}"
+
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_EUI_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_EUI_COMPAT}"
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_NGUID_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_NGUID_COMPAT}"
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_NVME_SERIAL_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_SERIAL_COMPAT}"
+
+KERNEL=="nvme*", ENV{DEVTYPE}=="partition", ENV{ID_NVME_EUI_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_EUI_COMPAT}-part%n"
+KERNEL=="nvme*", ENV{DEVTYPE}=="partition", ENV{ID_NVME_NGUID_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_NGUID_COMPAT}-part%n"
+KERNEL=="nvme*", ENV{DEVTYPE}=="partition", ENV{ID_NVME_SERIAL_COMPAT}=="?*", SYMLINK+="disk/by-id/nvme-$env{ID_NVME_SERIAL_COMPAT}-part%n"
+
+# Leap 42.3 ISO has a version of udev which suffers from bsc#1048679
+# (ID_SERIAL is set by the upstream rules making ID_BUS empty instead
+# of "nvme"). This lead to those odd symlinks with the "nvme" prefix
+# missing (bsc#1063249).
+#
+# They are actually only used by systems with Leap 42.3 initially
+# installed and with NVMe encrypted partitions.
+KERNEL=="nvme*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/-$env{ID_SERIAL}"
+KERNEL=="nvme*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/-$env{ID_SERIAL}-part%n"
+
+# SCSI compat links for ATA devices, removed by f6ba1a468cea (boo#769002)
+KERNEL=="sd*[!0-9]", ENV{ID_BUS}=="ata", PROGRAM=="scsi_id --whitelisted --replace-whitespace -p0x80 -d $devnode", RESULT=="?*", ENV{ID_SCSI_COMPAT}="$result", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}"
+KERNEL=="sd*[0-9]", ENV{ID_SCSI_COMPAT}=="?*", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}-part%n"
+
+# by-path (parent device path, compat version, only for ATA/NVMe/SAS bus) (bnc#916420)
+ENV{DEVTYPE}=="disk", ENV{ID_BUS}=="ata|nvme|scsi", DEVPATH!="*/virtual/*", IMPORT{program}="path_id_compat --compat=1 %p"
+ENV{DEVTYPE}=="disk", ENV{ID_PATH_COMPAT1}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_COMPAT1}"
+ENV{DEVTYPE}=="partition", ENV{ID_PATH_COMPAT1}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_COMPAT1}-part%n"
+
+# This restores the symlinks for SAS disks removed by 66bba0e701b95dc42e (bsc#1040153)
+ENV{DEVTYPE}=="disk", ENV{ID_BUS}=="ata|nvme|scsi", DEVPATH!="*/virtual/*", IMPORT{program}="path_id_compat --compat=2 %p"
+ENV{DEVTYPE}=="disk", ENV{ID_PATH_COMPAT2}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_COMPAT2}"
+ENV{DEVTYPE}=="partition", ENV{ID_PATH_COMPAT2}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_COMPAT2}-part%n"
+
+#
+# Generation #2
+#
+LABEL="generation_2"
+ENV{COMPAT_SYMLINK_GENERATION}!="1|2", GOTO="persistent_storage_end"
+
+# Currently no compat links of generation 2
+
+LABEL="persistent_storage_end"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 20fca222da..62f5fa844b 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -20,6 +20,7 @@ rules = [
'60-persistent-v4l.rules',
'60-sensor.rules',
'60-serial.rules',
+ '61-persistent-storage-compat.rules',
'70-camera.rules',
'70-joystick.rules',
'70-mouse.rules',
diff --git a/src/udev/compat/meson.build b/src/udev/compat/meson.build
new file mode 100644
index 0000000000..390d70d4fe
--- /dev/null
+++ b/src/udev/compat/meson.build
@@ -0,0 +1,14 @@
+foreach prog : ['path_id_compat.c']
+
+ executable(prog.split('.')[0],
+ prog,
+ include_directories : [includes,
+ libudev_includes],
+ dependencies : [userspace,
+ versiondep],
+ c_args : ['-DLOG_REALM=LOG_REALM_UDEV'],
+ link_with : [udev_link_with, libudev_basic],
+ install_rpath : udev_rpath,
+ install : true,
+ install_dir : udevlibexecdir)
+endforeach
diff --git a/src/udev/compat/path_id_compat.c b/src/udev/compat/path_id_compat.c
new file mode 100644
index 0000000000..f0d8e189fe
--- /dev/null
+++ b/src/udev/compat/path_id_compat.c
@@ -0,0 +1,378 @@
+/*
+ * path_id_compat.c: compose persistent device path (compat version)
+ *
+ * Copyright (C) 2009 Kay Sievers <kay.sievers@vrfy.org>
+ *
+ * Logic based on Hannes Reinecke's shell script.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <dirent.h>
+
+#include "libudev.h"
+#include "parse-util.h"
+#include "string-util.h"
+
+#define PATH_SIZE 16384
+#define SYSFS_PATH "/sys"
+
+static const char *compat_version_str = NULL;
+static unsigned compat_version;
+
+static int path_prepend(char **path, const char *fmt, ...)
+{
+ va_list va;
+ char *old;
+ char *pre;
+ int err;
+
+ old = *path;
+
+ va_start(va, fmt);
+ err = vasprintf(&pre, fmt, va);
+ va_end(va);
+ if (err < 0)
+ return err;
+
+ if (old != NULL) {
+ err = asprintf(path, "%s-%s", pre, old);
+ if (err < 0)
+ return err;
+ free(pre);
+ } else {
+ *path = pre;
+ }
+
+ free(old);
+ return 0;
+}
+
+/*
+** Linux only supports 32 bit luns.
+** See drivers/scsi/scsi_scan.c::scsilun_to_int() for more details.
+*/
+static int format_lun_number(struct udev_device *dev, char **path)
+{
+ unsigned long lun = strtoul(udev_device_get_sysnum(dev), NULL, 10);
+
+ /* address method 0, peripheral device addressing with bus id of zero */
+ if (lun < 256)
+ return path_prepend(path, "lun-%d", lun);
+
+ /* handle all other lun addressing methods by using a variant of the original lun format */
+ return path_prepend(path, "lun-0x%04x%04x00000000", (lun & 0xffff), (lun >> 16) & 0xffff);
+}
+
+static struct udev_device *skip_subsystem(struct udev_device *dev, const char *subsys)
+{
+ struct udev_device *parent = dev;
+
+ while (parent != NULL) {
+ const char *subsystem;
+
+ subsystem = udev_device_get_subsystem(parent);
+ if (subsystem == NULL || strcmp(subsystem, subsys) != 0)
+ break;
+ dev = parent;
+ parent = udev_device_get_parent(parent);
+ }
+ return dev;
+}
+
+static struct udev_device *handle_scsi_default(struct udev_device *parent, char **path)
+{
+ struct udev_device *hostdev;
+ int host, bus, target, lun;
+ const char *name;
+ char *base;
+ char *pos;
+ DIR *dir;
+ struct dirent *dent;
+ int basenum;
+
+ hostdev = udev_device_get_parent_with_subsystem_devtype(parent, "scsi", "scsi_host");
+ if (hostdev == NULL)
+ return NULL;
+
+ name = udev_device_get_sysname(parent);
+ if (sscanf(name, "%d:%d:%d:%d", &host, &bus, &target, &lun) != 4)
+ return NULL;
+
+ /* rebase host offset to get the local relative number */
+ basenum = -1;
+ base = strdup(udev_device_get_syspath(hostdev));
+ if (base == NULL)
+ return NULL;
+ pos = strrchr(base, '/');
+ if (pos == NULL) {
+ parent = NULL;
+ goto out;
+ }
+ pos[0] = '\0';
+ dir = opendir(base);
+ if (dir == NULL) {
+ parent = NULL;
+ goto out;
+ }
+ for (dent = readdir(dir); dent != NULL; dent = readdir(dir)) {
+ char *rest;
+ int i;
+
+ if (dent->d_name[0] == '.')
+ continue;
+ if (dent->d_type != DT_DIR && dent->d_type != DT_LNK)
+ continue;
+ if (strncmp(dent->d_name, "host", 4) != 0)
+ continue;
+ i = strtoul(&dent->d_name[4], &rest, 10);
+ if (rest[0] != '\0')
+ continue;
+ if (basenum == -1 || i < basenum)
+ basenum = i;
+ }
+ closedir(dir);
+ if (basenum == -1) {
+ parent = NULL;
+ goto out;
+ }
+ host -= basenum;
+
+ path_prepend(path, "scsi-%u:%u:%u:%u", host, bus, target, lun);
+out:
+ free(base);
+ return hostdev;
+}
+
+static struct udev_device *handle_ata(struct udev_device *parent, char **path)
+{
+ struct udev_device *hostdev;
+ int host, bus, target, lun;
+ const char *name;
+
+ hostdev = udev_device_get_parent_with_subsystem_devtype(parent, "scsi", "scsi_host");
+ if (hostdev == NULL)
+ return NULL;
+
+ name = udev_device_get_sysname(parent);
+ if (sscanf(name, "%d:%d:%d:%d", &host, &bus, &target, &lun) != 4)
+ return NULL;
+
+ path_prepend(path, "scsi-%u:%u:%u:%u", host, bus, target, lun);
+
+ return hostdev;
+}
+
+static struct udev_device *handle_scsi_sas(struct udev_device *parent, char **path)
+{
+ struct udev *udev = udev_device_get_udev(parent);
+ struct udev_device *targetdev;
+ struct udev_device *target_parent;
+ struct udev_device *sasdev;
+ struct udev_device *portdev;
+ struct dirent *dent;
+ DIR *dir;
+ const char *sas_address;
+ int tmp_phy_id, phy_id = 255;
+ char *lun = NULL;
+
+ targetdev = udev_device_get_parent_with_subsystem_devtype(parent, "scsi", "scsi_target");
+ if (!targetdev)
+ return NULL;
+
+ target_parent = udev_device_get_parent(targetdev);
+ if (!target_parent)
+ return NULL;
+
+ portdev = udev_device_get_parent(target_parent);
+ if (!portdev)
+ return NULL;
+
+ dir = opendir(udev_device_get_syspath(portdev));
+ if (!dir)
+ return NULL;
+
+ for (dent = readdir(dir); dent != NULL; dent = readdir(dir)) {
+ const char *name = dent->d_name;
+ char *phy_id_str;
+
+ if (dent->d_type != DT_LNK)
+ continue;
+
+ if (strncmp(dent->d_name, "phy", 3) != 0)
+ continue;
+
+ phy_id_str = strstr(name, ":");
+ if (phy_id_str == NULL)
+ continue;
+
+ phy_id_str++;
+
+ tmp_phy_id = atoi(phy_id_str);
+ if (tmp_phy_id >= 0 && tmp_phy_id < phy_id)
+ phy_id = tmp_phy_id;
+ }
+ closedir(dir);
+
+ if (phy_id == 255)
+ return NULL;
+
+ sasdev = udev_device_new_from_subsystem_sysname(udev, "sas_device",
+ udev_device_get_sysname(target_parent));
+ if (sasdev == NULL)
+ return NULL;
+
+ sas_address = udev_device_get_sysattr_value(sasdev, "sas_address");
+ if (sas_address == NULL) {
+ parent = NULL;
+ goto out;
+ }
+
+ format_lun_number(parent, &lun);
+
+ switch (compat_version) {
+ case 1:
+ path_prepend(path, "sas-phy%d-%s-%s", phy_id, sas_address, lun);
+ break;
+ case 2:
+ path_prepend(path, "sas-%s-%s", sas_address, lun);
+ break;
+ }
+
+ if (lun)
+ free(lun);
+out:
+ udev_device_unref(sasdev);
+ return parent;
+}
+
+static struct udev_device *handle_scsi(struct udev_device *parent, char **path)
+{
+ const char *devtype;
+ const char *name;
+
+ devtype = udev_device_get_devtype(parent);
+ if (devtype == NULL || strcmp(devtype, "scsi_device") != 0)
+ return parent;
+
+ /* lousy scsi sysfs does not have a "subsystem" for the transport */
+ name = udev_device_get_syspath(parent);
+
+ if (strstr(name, "/end_device-") != NULL) {
+ parent = handle_scsi_sas(parent, path);
+ goto out;
+ }
+
+ if (strstr(name, "/ata") != NULL) {
+ parent = handle_ata(parent, path);
+ goto out;
+ }
+
+ parent = handle_scsi_default(parent, path);
+out:
+ return parent;
+}
+
+int main(int argc, char **argv)
+{
+ static const struct option options[] = {
+ { "compat", required_argument, NULL, 'V' },
+ };
+ struct udev *udev;
+ struct udev_device *dev;
+ struct udev_device *parent;
+ char syspath[PATH_SIZE];
+ char *path = NULL;
+ int rc = 1;
+
+ for (;;) {
+ int option;
+
+ option = getopt_long(argc, argv, "v:", options, NULL);
+ if (option == -1)
+ break;
+
+ switch (option) {
+ case 'V':
+ compat_version_str = optarg;
+ break;
+ }
+ }
+
+ if (compat_version_str) {
+ if (safe_atou(compat_version_str, &compat_version) < 0) {
+ fprintf(stderr, "--compat takes an integer.\n");
+ goto exit2;
+ }
+ }
+
+ if (argv[optind] == NULL) {
+ fprintf(stderr, "No device specified\n");
+ rc = 2;
+ goto exit2;
+ }
+
+ udev = udev_new();
+ if (udev == NULL)
+ goto exit2;
+
+ snprintf(syspath, PATH_SIZE, "%s%s", SYSFS_PATH, argv[optind]);
+ dev = udev_device_new_from_syspath(udev, syspath);
+ if (dev == NULL) {
+ fprintf(stderr, "unable to access '%s'\n", argv[optind]);
+ rc = 3;
+ goto exit1;
+ }
+
+ /* walk up the chain of devices and compose path */
+ parent = dev;
+ while (parent != NULL) {
+ const char *subsys;
+
+ subsys = udev_device_get_subsystem(parent);
+
+ if (subsys == NULL) {
+ ;
+ } else if (strcmp(subsys, "scsi") == 0) {
+ parent = handle_scsi(parent, &path);
+ } else if (strcmp(subsys, "pci") == 0) {
+ path_prepend(&path, "pci-%s", udev_device_get_sysname(parent));
+ parent = skip_subsystem(parent, "pci");
+ }
+
+ parent = udev_device_get_parent(parent);
+ }
+
+ if (path != NULL) {
+ printf("ID_PATH_COMPAT%s=%s\n", strempty(compat_version_str), path);
+ free(path);
+ rc = 0;
+ }
+
+ udev_device_unref(dev);
+
+exit1:
+ udev_unref(udev);
+
+exit2:
+ return rc;
+}
--
2.43.0

80
0003-Drop-support-for-efivar-SystemdOptions.patch Normal file
View File

@@ -0,0 +1,80 @@
From 72d766c5a17fc31902b367e949c4d90193f823b9 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 22 Mar 2024 12:07:34 +0100
Subject: [PATCH] Drop support for efivar SystemdOptions
Upstream deprecated it and plan to drop it in the future.
Let's get ahead and drop it now as this feature might be used to gain access to
encrypted SLEM systems with unattended disk unlock and with secure boot
disabled.
[fbui: fixes bsc#1220338]
---
src/basic/efivars.c | 27 ++++++--------------------
src/boot/bootctl-systemd-efi-options.c | 4 ++++
2 files changed, 10 insertions(+), 21 deletions(-)
diff --git a/src/basic/efivars.c b/src/basic/efivars.c
index 9011ae29a3..01ab7e5092 100644
--- a/src/basic/efivars.c
+++ b/src/basic/efivars.c
@@ -351,29 +351,14 @@ SecureBootMode efi_get_secure_boot_mode(void) {
}
static int read_efi_options_variable(char **ret) {
- int r;
- /* In SecureBoot mode this is probably not what you want. As your cmdline is cryptographically signed
- * like when using Type #2 EFI Unified Kernel Images (https://uapi-group.org/specifications/specs/boot_loader_specification)
- * The user's intention is then that the cmdline should not be modified. You want to make sure that
- * the system starts up as exactly specified in the signed artifact.
- *
- * (NB: For testing purposes, we still check the $SYSTEMD_EFI_OPTIONS env var before accessing this
- * cache, even when in SecureBoot mode.) */
- if (is_efi_secure_boot()) {
- /* Let's be helpful with the returned error and check if the variable exists at all. If it
- * does, let's return a recognizable error (EPERM), and if not ENODATA. */
-
- if (access(EFIVAR_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), F_OK) < 0)
- return errno == ENOENT ? -ENODATA : -errno;
-
- return -EPERM;
- }
+ /* For SUSE distros, support for SystemdOptions has already been dropped as it might be a security
+ * concern for systems with unattended disk unlock and with disabled secure boot. */
- r = efi_get_variable_string(EFI_SYSTEMD_VARIABLE(SystemdOptions), ret);
- if (r == -ENOENT)
- return -ENODATA;
- return r;
+ if (access(EFIVAR_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), F_OK) < 0)
+ return errno == ENOENT ? -ENODATA : -errno;
+
+ return log_warning_errno(SYNTHETIC_ERRNO(EPERM), "Boot options passed via SystemdOptions EFI variable is no more supported, ignoring: %m");
}
int cache_efi_options_variable(void) {
diff --git a/src/boot/bootctl-systemd-efi-options.c b/src/boot/bootctl-systemd-efi-options.c
index 7f8308fc3d..216b99546f 100644
--- a/src/boot/bootctl-systemd-efi-options.c
+++ b/src/boot/bootctl-systemd-efi-options.c
@@ -6,6 +6,7 @@
#include "efi-loader.h"
int verb_systemd_efi_options(int argc, char *argv[], void *userdata) {
+#if 0
int r;
/* This is obsolete and subject to removal */
@@ -40,4 +41,7 @@ int verb_systemd_efi_options(int argc, char *argv[], void *userdata) {
}
return 0;
+#else
+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for the SystemdOptions EFI variable has been dropped.");
+#endif
}
--
2.35.3

62
0004-core-create-the-credential-directory-even-if-it-s-em.patch Normal file
View File

@@ -0,0 +1,62 @@
From fb180e4472b9f198df23b710a08a07949f0e6926 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Tue, 14 Jan 2025 17:29:05 +0100
Subject: [PATCH] core: create the credential directory even if it's empty
Otherwise it might confuse users of credentials such as util-linux.
Upstream addressed this issue in commit
cfbf7538d87023840c5574fa5b0452e5b0f42149, although it is unclear whether this
was intentional, as the commit message does not explicitly state so.
Backporting this commit is not feasible due to the significant number of
changes and reworks that have occurred in this area since version 254. This
also indicates that modifying this part of the code is relatively tricky.
Therefore, let's opt for the simplest approach and always mount the final
location even if the mount is empty.
[fbui: fixes bsc#1229228]
---
src/core/execute.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 7b7b97ae9c..1a61726939 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3424,24 +3424,15 @@ static int setup_credentials_internal(
return r;
if (workspace_mounted) {
- bool install;
-
/* Determine if we should actually install the prepared mount in the final location by bind
- * mounting it there. We do so only if the mount is not established there already, and if the
- * mount is actually non-empty (i.e. carries at least one credential). Not that in the best
- * case we are doing all this in a mount namespace, thus no one else will see that we
- * allocated a file system we are getting rid of again here. */
- if (final_mounted)
- install = false; /* already installed */
- else {
- r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
- if (r < 0)
- return r;
-
- install = r == 0; /* install only if non-empty */
- }
+ * mounting it there. We do so only if the mount is not established there already. Note that
+ * in the best case we are doing all this in a mount namespace, thus no one else will see
+ * that we allocated a file system we are getting rid of again here.
+ *
+ * SUSE: install even if not empty so $CREDENTIALS_DIRECTORY always points to an existing
+ * directory (bsc#1229228). */
- if (install) {
+ if (!final_mounted) { /* not already installed */
/* Make workspace read-only now, so that any bind mount we make from it defaults to read-only too */
r = mount_nofollow_verbose(LOG_DEBUG, NULL, workspace, NULL, MS_BIND|MS_REMOUNT|credentials_fs_mount_flags(/* ro= */ true), NULL);
if (r < 0)
--
2.43.0

63
1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch Normal file
View File

@@ -0,0 +1,63 @@
From f3bb23ff2b16a79a9cd6768bf4dc9d2187d8a546 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Mon, 10 Oct 2022 16:31:39 +0200
Subject: [PATCH] man: describe the net naming schemes specific to SLE
Fixes: bsc#1204179
---
man/systemd.net-naming-scheme.xml | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a8e23b1862..d8d6ded91b 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -483,6 +483,45 @@
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd).</para>
+
+ <title>SLE History</title>
+
+ <para>Additionally, the following "naming schemes" have also been defined on SLE products:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><constant>sle15-sp3</constant></term>
+
+ <listitem><para>This naming scheme is available since <varname>SLE15-SP3</varname> and is based on
+ the <constant>v238</constant> naming scheme described previously but also includes the following
+ changes.</para>
+
+ <para>When a PCI slot is associated with a PCI bridge that has multiple child network
+ controllers, the same value of the <varname>ID_NET_NAME_SLOT</varname> property might be derived
+ for those controllers. This would cause a naming conflict if the property is selected as the device
+ name. Now, we detect this situation and don't produce the <varname>ID_NET_NAME_SLOT</varname>
+ property.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>sle15-sp4</constant></term>
+
+ <listitem><para>Available since <varname>SLE15-SP4</varname> and is based on the
+ <constant>sle15-sp3</constant> naming scheme described previously but also includes the following
+ change.</para>
+
+ <para>PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation
+ of the <filename>function_id</filename> device attribute. This attribute is now used to build the
+ <varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
+ numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
+ property or none at all.</para>
+
+ <para>Some firmware and hypervisor implementations report unreasonable high numbers for the onboard
+ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381
+ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account
+ for that, the limit is increased to now 65535.</para></listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
--
2.43.0

545
1002-udev-persistent-net-rule-generator-support.patch Normal file
View File

@@ -0,0 +1,545 @@
From fa711abefe2d5f0a63895591044064908465f7af Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 18 Sep 2020 13:25:44 +0200
Subject: [PATCH 1002/1002] udev: persistent net rule generator support
This patch reintroduces the ability to rename a NIC even if the new name is
currently in use by another NIC. In such cases, udev waits until the new name
becomes available, while the previously named NIC is renamed in turn.
Additionally, this reintroduces the persistent net rule generator, ensuring
that names of new added NICs don't conflict with existing one and remain
persistent across reboots.
This patch is not required on systems where the predictable naming scheme is
enabled by default, as default NIC names can not conflict with each other.
To facilitate the migration of Micro-based systems to future versions, the
persistent net rule generator is enabled only when predictable network
interface names are explicitly disabled via the kernel command line option
net.ifnames=0.
[fbui: fixes bsc#1241190]
---
man/systemd-udevd.service.xml | 2 +-
rules.d/75-persistent-net-generator.rules | 125 ++++++++++++++
rules.d/meson.build | 1 +
src/libsystemd/sd-netlink/netlink-util.c | 43 ++++-
src/udev/meson.build | 4 +
.../rule_generator/rule_generator.functions | 113 +++++++++++++
src/udev/rule_generator/write_net_rules | 153 ++++++++++++++++++
7 files changed, 439 insertions(+), 2 deletions(-)
create mode 100644 rules.d/75-persistent-net-generator.rules
create mode 100644 src/udev/rule_generator/rule_generator.functions
create mode 100755 src/udev/rule_generator/write_net_rules
diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml
index 3107fb7ce9..7edfda0869 100644
--- a/man/systemd-udevd.service.xml
+++ b/man/systemd-udevd.service.xml
@@ -204,7 +204,7 @@
<term><varname>net.ifnames=</varname></term>
<listitem>
<para>Network interfaces are renamed to give them predictable names
- when possible. It is enabled by default; specifying 0 disables it.</para>
+ when possible. It is disabled by default; specifying 1 enables it.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/rules.d/75-persistent-net-generator.rules b/rules.d/75-persistent-net-generator.rules
new file mode 100644
index 0000000000..e231263349
--- /dev/null
+++ b/rules.d/75-persistent-net-generator.rules
@@ -0,0 +1,125 @@
+# do not edit this file, it will be overwritten on update
+
+# these rules generate rules for persistent network device naming
+#
+# variables used to communicate:
+# MATCHADDR MAC address used for the match
+# MATCHID bus_id used for the match
+# MATCHDRV driver name used for the match
+# MATCHIFTYPE interface type match
+# COMMENT comment to add to the generated rule
+# INTERFACE_NAME requested name supplied by external tool
+# INTERFACE_NEW new interface name returned by rule writer
+
+ACTION!="add", GOTO="persistent_net_generator_end"
+SUBSYSTEM!="net", GOTO="persistent_net_generator_end"
+
+# ignore the interface if a name has already been set
+NAME=="?*", GOTO="persistent_net_generator_end"
+
+# device name whitelist
+KERNEL!="eth*|ath*|wlan*[0-9]|msh*|ra*|sta*|ctc*|lcs*|hsi*", GOTO="persistent_net_generator_end"
+
+IMPORT{cmdline}="net.ifnames"
+ENV{net.ifnames}!="0", GOTO="persistent_net_generator_end"
+
+# read MAC address
+ENV{MATCHADDR}="$attr{address}"
+
+# match interface type
+ENV{MATCHIFTYPE}="$attr{type}"
+
+# detect virtualization (none is set if we are not a guest)
+ENV{ID_VIRT}="none", PROGRAM=="/usr/bin/systemd-detect-virt", RESULT=="?*", ENV{ID_VIRT}="$result"
+
+# KVM virtual interfaces, not to be confused with Realtek interfaces
+ENV{MATCHADDR}=="52:54:00:*", ENV{ID_VIRT}=="kvm", ENV{MATCHADDR}=""
+
+# ignore VMWare virtual interfaces
+ENV{MATCHADDR}=="00:0c:29:*|00:50:56:*", GOTO="persistent_net_generator_end"
+# ignore Hyper-V virtual interfaces
+ENV{MATCHADDR}=="00:15:5d:*", GOTO="persistent_net_generator_end"
+
+# These vendors are known to violate the local MAC address assignment scheme
+# Interlan, DEC (UNIBUS or QBUS), Apollo, Cisco, Racal-Datacom
+ENV{MATCHADDR}=="02:07:01:*", GOTO="globally_administered_whitelist"
+# 3Com
+ENV{MATCHADDR}=="02:60:60:*", GOTO="globally_administered_whitelist"
+# 3Com IBM PC; Imagen; Valid; Cisco; Apple
+ENV{MATCHADDR}=="02:60:8c:*", GOTO="globally_administered_whitelist"
+# Intel
+ENV{MATCHADDR}=="02:a0:c9:*", GOTO="globally_administered_whitelist"
+# Olivetti
+ENV{MATCHADDR}=="02:aa:3c:*", GOTO="globally_administered_whitelist"
+# CMC Masscomp; Silicon Graphics; Prime EXL
+ENV{MATCHADDR}=="02:cf:1f:*", GOTO="globally_administered_whitelist"
+# Prominet Corporation Gigabit Ethernet Switch
+ENV{MATCHADDR}=="02:e0:3b:*", GOTO="globally_administered_whitelist"
+# BTI (Bus-Tech, Inc.) IBM Mainframes
+ENV{MATCHADDR}=="02:e6:d3:*", GOTO="globally_administered_whitelist"
+# Realtek
+ENV{MATCHADDR}=="52:54:00:*", GOTO="globally_administered_whitelist"
+# Novell 2000
+ENV{MATCHADDR}=="52:54:4c:*", GOTO="globally_administered_whitelist"
+# Realtec
+ENV{MATCHADDR}=="52:54:ab:*", GOTO="globally_administered_whitelist"
+# Kingston Technologies
+ENV{MATCHADDR}=="e2:0c:0f:*", GOTO="globally_administered_whitelist"
+# Xensource
+ENV{MATCHADDR}=="00:16:3e:*", GOTO="globally_administered_whitelist"
+
+# ibmveth/ibmvnic like to use "locally administered" MAC addresses
+DRIVERS=="ibmveth", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+DRIVERS=="ibmvnic", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+
+# mlx4 on s390 uses to be a Mellanox SR-IOV function for an S/390 LPAR
+# where the physical function is controlled by the LPAR hypervisor
+# (unlike x86_64 KVM guest, where the physical function is controlled
+# by the linux host OS). In this case all virtual SR-IOV virtual
+# functions will have a "locally administered" MAC address and will
+# share the same bus (PCI) id (0000:00:00.0) unlike on on x86_64 where
+# the MAC addresses are random.
+DRIVERS=="mlx4_core", KERNELS=="0000:00:00.0", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+
+# match interface dev_id
+# HACK: for s390x qeth devices, if layer2 == 0, dont use dev_id
+ENV{LAYER2}="1", TEST=="device/layer2", ENV{LAYER2}="$attr{device/layer2}"
+ENV{LAYER2}!="0", ATTR{dev_id}=="?*", ENV{MATCHDEVID}="$attr{dev_id}"
+
+# do not use "locally administered" MAC address
+ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}=""
+
+# if mac is "locally administered", then use $id (KERNELS) and $driver (DRIVERS)
+ENV{MATCHADDR}=="", DRIVERS=="?*", SUBSYSTEMS=="pci|ccw", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver"
+
+# do not use empty address
+ENV{MATCHADDR}=="00:00:00:00:00:00", ENV{MATCHADDR}=""
+
+LABEL="globally_administered_whitelist"
+
+# build comment line for generated rule:
+SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device $attr{vendor}:$attr{device} ($driver)"
+SUBSYSTEMS=="ccw", ENV{COMMENT}="S/390 $driver device at $id"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="?*", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct} ($driver)"
+SUBSYSTEMS=="pcmcia", ENV{COMMENT}="PCMCIA device $attr{card_id}:$attr{manf_id} ($driver)"
+SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})"
+DRIVERS=="ibmveth", ENV{COMMENT}="ibmveth ($id)"
+DRIVERS=="ibmvnic", ENV{COMMENT}="ibmvnic ($id)"
+DRIVERS=="mlx4_core", ENV{COMMENT}="mlx4_core ($id)"
+
+# S/390 uses id matches only, do not use MAC address match
+SUBSYSTEMS=="ccwgroup", ENV{COMMENT}="S/390 $driver device at $id", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver", ENV{MATCHADDR}=""
+
+# see if we got enough data to create a rule
+ENV{MATCHADDR}=="", ENV{MATCHID}=="", ENV{INTERFACE_NAME}=="", GOTO="persistent_net_generator_end"
+
+# default comment
+ENV{COMMENT}=="", ENV{COMMENT}="net device ($attr{driver})"
+
+# write rule
+DRIVERS=="?*", IMPORT{program}="write_net_rules"
+
+# rename interface if needed
+ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}"
+
+LABEL="persistent_net_generator_end"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 20fca222da..736430a5b8 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -25,6 +25,7 @@ rules = [
'70-mouse.rules',
'70-touchpad.rules',
'75-net-description.rules',
+ '75-persistent-net-generator.rules',
'75-probe_mtd.rules',
'78-sound-card.rules',
'80-net-setup-link.rules',
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 81e0d7aa05..56d95f52ab 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -11,7 +11,8 @@
#include "process-util.h"
#include "strv.h"
-static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
+
+static int do_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
int r;
@@ -31,6 +32,46 @@ static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
return sd_netlink_call(*rtnl, message, 0, NULL);
}
+static int do_set_link_name_wait(sd_netlink **rtnl, int ifindex, const char *name) {
+ char tmp[IFNAMSIZ];
+ int r;
+
+ log_debug("ifindex %i: waiting for name %s to be released", ifindex, name);
+
+ /* free our own name, another process may wait for us */
+ snprintf(tmp, IFNAMSIZ, "rename%d", ifindex);
+ r = do_set_link_name(rtnl, ifindex, tmp);
+ if (r < 0)
+ return r;
+
+ log_debug("ifindex %i: while waiting, renamed to %s to release our own name", ifindex, tmp);
+
+ /* wait a maximum of 90 seconds for our target to become available */
+ for(int loop = 90 * 20; loop; loop--) {
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
+
+ nanosleep(&duration, NULL);
+
+ r = do_set_link_name(rtnl, ifindex, name);
+ if (r >= 0)
+ break;
+ if (r != -EEXIST)
+ break;
+ }
+
+ return r;
+}
+
+static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
+ int r;
+
+ r = do_set_link_name(rtnl, ifindex, name);
+ if (r >= 0 || r != -EEXIST)
+ return r;
+
+ return do_set_link_name_wait(rtnl, ifindex, name);
+}
+
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name, char* const *alternative_names) {
_cleanup_strv_free_ char **original_altnames = NULL, **new_altnames = NULL;
bool altname_deleted = false;
diff --git a/src/udev/meson.build b/src/udev/meson.build
index de988ac248..4704a4023d 100644
--- a/src/udev/meson.build
+++ b/src/udev/meson.build
@@ -222,3 +222,7 @@ tests += [
'base' : test_libudev_base,
},
]
+
+install_data('rule_generator/rule_generator.functions',
+ 'rule_generator/write_net_rules',
+ install_dir : udevlibexecdir)
diff --git a/src/udev/rule_generator/rule_generator.functions b/src/udev/rule_generator/rule_generator.functions
new file mode 100644
index 0000000000..087bc34ad3
--- /dev/null
+++ b/src/udev/rule_generator/rule_generator.functions
@@ -0,0 +1,113 @@
+# functions used by the udev rule generator
+
+# Copyright (C) 2006 Marco d'Itri <md@Linux.IT>
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+PATH='/usr/bin:/bin:/usr/sbin:/sbin'
+
+# Read a single line from file $1 in the $DEVPATH directory.
+# The function must not return an error even if the file does not exist.
+sysread() {
+ local file="$1"
+ [ -e "/sys$DEVPATH/$file" ] || return 0
+ local value
+ read value < "/sys$DEVPATH/$file" || return 0
+ echo "$value"
+}
+
+sysreadlink() {
+ local file="$1"
+ [ -e "/sys$DEVPATH/$file" ] || return 0
+ readlink -f /sys$DEVPATH/$file 2> /dev/null || true
+}
+
+# Return true if a directory is writeable.
+writeable() {
+ if ln -s test-link $1/.is-writeable 2> /dev/null; then
+ rm -f $1/.is-writeable
+ return 0
+ else
+ return 1
+ fi
+}
+
+# Create a lock file for the current rules file.
+lock_rules_file() {
+ RUNDIR="/run/udev"
+ [ -e "$RUNDIR" ] || return 0
+
+ RULES_LOCK="$RUNDIR/.lock-${RULES_FILE##*/}"
+
+ retry=30
+ while ! mkdir $RULES_LOCK 2> /dev/null; do
+ if [ $retry -eq 0 ]; then
+ echo "Cannot lock $RULES_FILE!" >&2
+ exit 2
+ fi
+ sleep 1
+ retry=$(($retry - 1))
+ done
+}
+
+unlock_rules_file() {
+ [ "$RULES_LOCK" ] || return 0
+ rmdir $RULES_LOCK || true
+}
+
+# Choose the real rules file if it is writeable or a temporary file if not.
+# Both files should be checked later when looking for existing rules.
+choose_rules_file() {
+ RUNDIR="/run/udev"
+ local tmp_rules_file="$RUNDIR/tmp-rules--${RULES_FILE##*/}"
+ [ -e "$RULES_FILE" -o -e "$tmp_rules_file" ] || PRINT_HEADER=1
+
+ if writeable ${RULES_FILE%/*}; then
+ RO_RULES_FILE='/dev/null'
+ else
+ RO_RULES_FILE=$RULES_FILE
+ RULES_FILE=$tmp_rules_file
+ fi
+}
+
+# Return the name of the first free device.
+raw_find_next_available() {
+ local links="$1"
+
+ local basename=${links%%[ 0-9]*}
+ local max=-1
+ for name in $links; do
+ local num=${name#$basename}
+ [ "$num" ] || num=0
+ [ $num -gt $max ] && max=$num
+ done
+
+ local max=$(($max + 1))
+ # "name0" actually is just "name"
+ [ $max -eq 0 ] && return
+ echo "$max"
+}
+
+# Find all rules matching a key (with action) and a pattern.
+find_all_rules() {
+ local key="$1"
+ local linkre="$2"
+ local match="$3"
+
+ local search='.*[[:space:],]'"$key"'"('"$linkre"')".*'
+ echo $(sed -n -r -e 's/^#.*//' -e "${match}s/${search}/\1/p" \
+ $RO_RULES_FILE \
+ $([ -e $RULES_FILE ] && echo $RULES_FILE) \
+ 2>/dev/null)
+}
diff --git a/src/udev/rule_generator/write_net_rules b/src/udev/rule_generator/write_net_rules
new file mode 100755
index 0000000000..27be878af9
--- /dev/null
+++ b/src/udev/rule_generator/write_net_rules
@@ -0,0 +1,153 @@
+#!/bin/sh -e
+
+# This script is run to create persistent network device naming rules
+# based on properties of the device.
+# If the interface needs to be renamed, INTERFACE_NEW=<name> will be printed
+# on stdout to allow udev to IMPORT it.
+
+# variables used to communicate:
+# MATCHADDR MAC address used for the match
+# MATCHID bus_id used for the match
+# MATCHDEVID dev_id used for the match
+# MATCHDRV driver name used for the match
+# MATCHIFTYPE interface type match
+# COMMENT comment to add to the generated rule
+# INTERFACE_NAME requested name supplied by external tool
+# INTERFACE_NEW new interface name returned by rule writer
+
+# Copyright (C) 2006 Marco d'Itri <md@Linux.IT>
+# Copyright (C) 2007 Kay Sievers <kay.sievers@vrfy.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# debug, if UDEV_LOG=<debug>
+if [ -n "$UDEV_LOG" ]; then
+ if [ "$UDEV_LOG" -ge 7 ]; then
+ set -x
+ fi
+fi
+
+RULES_FILE='/etc/udev/rules.d/70-persistent-net.rules'
+
+. /usr/lib/udev/rule_generator.functions
+
+interface_name_taken() {
+ local value="$(find_all_rules 'NAME=' $INTERFACE)"
+ if [ "$value" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+find_next_available() {
+ raw_find_next_available "$(find_all_rules 'NAME=' "$1")"
+}
+
+write_rule() {
+ local match="$1"
+ local name="$2"
+ local comment="$3"
+
+ {
+ if [ "$PRINT_HEADER" ]; then
+ PRINT_HEADER=
+ echo "# This file was automatically generated by the $0"
+ echo "# program, run by the persistent-net-generator.rules rules file."
+ echo "#"
+ echo "# You can modify it, as long as you keep each rule on a single"
+ echo "# line, and change only the value of the NAME= key."
+ fi
+
+ echo ""
+ [ "$comment" ] && echo "# $comment"
+ echo "SUBSYSTEM==\"net\", ACTION==\"add\"$match, NAME=\"$name\""
+ } >> $RULES_FILE
+}
+
+if [ -z "$INTERFACE" ]; then
+ echo "missing \$INTERFACE" >&2
+ exit 1
+fi
+
+# Prevent concurrent processes from modifying the file at the same time.
+lock_rules_file
+
+# Check if the rules file is writeable.
+choose_rules_file
+
+# the DRIVERS key is needed to not match bridges and VLAN sub-interfaces
+if [ "$MATCHADDR" ]; then
+ # Check if MACADDR doesn't exist already in the generated rules
+ MAC="$(/usr/bin/grep -w -o -C1 -m1 "$MATCHADDR" "$RULES_FILE" 2>/dev/null || true)"
+ if [ "$MAC" = "$MATCHADDR" ]; then
+ unlock_rules_file
+ exit 0
+ fi
+ match="$match, DRIVERS==\"?*\", ATTR{address}==\"$MATCHADDR\""
+fi
+
+if [ "$MATCHDRV" ]; then
+ match="$match, DRIVERS==\"$MATCHDRV\""
+fi
+
+if [ "$MATCHDEVID" ]; then
+ match="$match, ATTR{dev_id}==\"$MATCHDEVID\""
+fi
+
+if [ "$MATCHID" ]; then
+ # Check if KERNEL doesn't exist already in the generated rules
+ KERNEL="$(find_all_rules 'KERNELS==' "$MATCHID")"
+ if [ "$KERNEL" = "$MATCHID" ]; then
+ unlock_rules_file
+ exit 0
+ fi
+ match="$match, KERNELS==\"$MATCHID\""
+fi
+
+if [ "$MATCHIFTYPE" ]; then
+ match="$match, ATTR{type}==\"$MATCHIFTYPE\""
+fi
+
+if [ -z "$match" ]; then
+ echo "missing valid match" >&2
+ unlock_rules_file
+ exit 1
+fi
+
+basename=${INTERFACE%%[0-9]*}
+match="$match, KERNEL==\"$basename*\""
+
+if [ "$INTERFACE_NAME" ]; then
+ # external tools may request a custom name
+ COMMENT="$COMMENT (custom name provided by external tool)"
+ if [ "$INTERFACE_NAME" != "$INTERFACE" ]; then
+ INTERFACE=$INTERFACE_NAME;
+ echo "INTERFACE_NEW=$INTERFACE"
+ fi
+else
+ # if a rule using the current name already exists, find a new name
+ if interface_name_taken; then
+ INTERFACE="$basename$(find_next_available "$basename[0-9]*")"
+ # prevent INTERFACE from being "eth" instead of "eth0"
+ [ "$INTERFACE" = "${INTERFACE%%[ \[\]0-9]*}" ] && INTERFACE=${INTERFACE}0
+ echo "INTERFACE_NEW=$INTERFACE"
+ fi
+fi
+
+write_rule "$match" "$INTERFACE" "$COMMENT"
+
+unlock_rules_file
+
+exit 0
--
2.43.0

67
1003-journal-again-create-user-journals-for-users-with-hi.patch Normal file
View File

@@ -0,0 +1,67 @@
From 302e2fccdee655f135461df3426278a21d336d85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH 1022/1022] journal: again create user journals for users with
high uids
This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
in an additional check of uid_is_container(uid). The problem is that that change
is not backwards-compatible at all and very hard for users to handle.
There is no common agreement on mappings of high-range uids. Systemd declares
ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
but this is only a recent change and various sites allocated those ranges
in a different way, in particular FreeIPA uses (used?) uids from this range
for human users. On big sites with lots of users changing uids is obviously a
hard problem. We generally assume that uids cannot be "freed" and/or changed
and/or reused safely, so we shouldn't demand the same from others.
This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
huge problems for existing systems with were created with a different
definition and couldn't be easily updated. For that case, we added a
configuration time switch and we now parse /etc/login.defs to actually use the
value that is appropriate for the local system.
Unfortunately, login.defs doesn't have a concept of container allocation ranges
(and we don't have code to parse and use those nonexistent names either), so we
can't tell users to adjust logind.defs to work around the changed definition.
login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
because they are used to define where the add allocations for subuids, which is
generally a much smaller range. Maybe we should talk with other folks about
the appropriate allocation ranges and define some new settings in login.defs.
But this would require discussion and coordination with other projects first.
Actualy, it seems that this change was needed at all. The code in the container
does not log to the outside journal. It talks to its own journald, which does
journal splitting using its internal logic based on shifted uids. So let's
revert the change to fix user systems.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
Upstream PR: https://github.com/systemd/systemd/pull/30846
rhel-only: bugfix
Resolves: RHEL-70103
[fbui: fixes bsc#1242938]
---
src/basic/uid-alloc-range.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
index 669cb6d56f..7b724b7959 100644
--- a/src/basic/uid-alloc-range.c
+++ b/src/basic/uid-alloc-range.c
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
/* Returns true if the specified UID shall get its data stored in the system journal. */
- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
}
--
2.43.0

99
5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch Normal file
View File

@@ -0,0 +1,99 @@
From c98df489ad5c9331bf80c83f4fa2d45bbf0f93be Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Wed, 6 Mar 2024 11:39:00 +0100
Subject: [PATCH 5001/5001] 99-systemd.rules: rework SYSTEMD_READY logic for
device mapper
Device mapper devices are set up in multiple steps. The first step, which
generates the initial "add" event, only creates an empty container, which is
useless for higher layers. SYSTEMD_READY should be set to 0 on this event to
avoid premature device activation.
The event that matters is the "activation" event: the first "change" event on
which DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 is not set. When this event arrives,
the device is ready for being scanned by blkid and similar tools, and for being
activated by systemd.
Intermittent events with DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 should be ignored
as far as systemd or higher-level block layers are concerned. Previous device
properties and symlinks should be preserved: the device shouldn't be scanned or
activated, but shouldn't be deactivated, either. In particular, SYSTEM_READY
shouldn't be set to 0 if it wasn't set before, because that might cause mounted
file systems to be unmounted. Such intermittent events may occur any time,
before or after the "activation" event.
DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 can have multiple reasons. One possible reason
is that the device is suspended. There are other reasons that depend on the
device-mapper subsystem (LVM, multipath, dm-crypt, etc.).
The current systemd rule set
1) sets SYSTEMD_READY=0 if DM_UDEV_DISABLE_OTHER_RULES_FLAG is set in "add"
events;
2) imports SYSTEMD_READY from the udev db if DM_SUSPENDED is set, and jumps to systemd_end;
3) sets SYSTEMD_READY=1, otherwise.
This logic has several flaws:
* 1) can cause file systems to be unmounted if an coldplug event arrives while
a file system is suspended. This rule shouldn't be applied for coldplug events
or in general, "synthetic" add events;
* 2) evaluates DM_SUSPENDED=1, which is a device-mapper internal property.
It's wrong to infer that a device is accessible if DM_SUSPENDED=0.
The jump to systemd_end may cause properties and/or symlinks to be lost;
* 3) is superfluous, because SYSTEMD_READY=1 is equivalent with SYSTEMD_READY
being unset, and can create the wrong impression that the device was explicitly
activated.
This patch fixes the logic as follows:
- apply 1) only if DM_NAME is empty, which is only the case for the first
"genuine add" event;
- change 2) to use DM_UDEV_DISABLE_OTHER_RULES_FLAG instead of DM_SUSPENDED,
and remove the GOTO directive;
- remove 3).
Fixes: b7cf1b6 ("udev: use SYSTEMD_READY to mask uninitialized DM devices")
Fixes: 35a6750 ("rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#2747)")
Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit c072860593329293e19580b337504adb52248462)
[fbui: fixes bsc#1229518]
---
rules.d/99-systemd.rules.in | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index de1d2eff9e..65bc6e2945 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -20,19 +20,18 @@ SUBSYSTEM=="ubi", TAG+="systemd"
SUBSYSTEM=="block", TAG+="systemd"
-# We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY"
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end"
+# When a dm device is first created, it's just an empty container. Ignore it.
+# DM_NAME is not set in this case, but it's set on spurious "add" events that occur later.
+SUBSYSTEM=="block", ACTION=="add", KERNEL=="dm-*", ENV{DM_NAME}!="?*", ENV{SYSTEMD_READY}="0"
-SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+# DM_UDEV_DISABLE_OTHER_RULES_FLAG==1 means that the device shouldn't be probed.
+# Import previous SYSTEMD_READY state.
+SUBSYSTEM=="block", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}=="", IMPORT{db}="SYSTEMD_READY"
# Ignore encrypted devices with no identified superblock on it, since
# we are probably still calling mke2fs or mkswap on it.
SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-# Explicitly set SYSTEMD_READY=1 for DM devices that don't have it set yet, so that we always have something to import above
-SUBSYSTEM=="block", ENV{DM_UUID}=="?*", ENV{SYSTEMD_READY}=="", ENV{SYSTEMD_READY}="1"
-
# add symlink to GPT root disk
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"
--
2.43.0

283
5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
View File

@@ -1,283 +0,0 @@
From 14146f22cdcb6ecbf7d0f46a34843837a21aa118 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Jan 2024 11:30:14 +0100
Subject: [PATCH 5003/5011] cgroup: rename TasksMax structure to CGroupTasksMax
Almost all our enums/structs/funcs carry the CGroup prefix if they are
defined in cgroup.h, TasksMax so far does not, even though it is
exclusively used in cgroup context.
Change that.
(cherry picked from commit 94f0b13b1623c083ece9c0381bd1e65500dc1363)
[mkoutny: Adjust for missing struct UnitDefaults + contexts]
---
src/core/cgroup.c | 16 ++++++++--------
src/core/cgroup.h | 12 ++++++------
src/core/dbus-cgroup.c | 10 +++++-----
src/core/load-fragment.c | 10 +++++-----
src/core/main.c | 4 ++--
src/core/manager.c | 2 +-
src/core/manager.h | 2 +-
src/test/test-cgroup-mask.c | 2 +-
8 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 8a3059b042..5b7205a92e 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -51,7 +51,7 @@
* out specific attributes from us. */
#define LOG_LEVEL_CGROUP_WRITE(r) (IN_SET(abs(r), ENOENT, EROFS, EACCES, EPERM) ? LOG_DEBUG : LOG_WARNING)
-uint64_t tasks_max_resolve(const TasksMax *tasks_max) {
+uint64_t cgroup_tasks_max_resolve(const CGroupTasksMax *tasks_max) {
if (tasks_max->scale == 0)
return tasks_max->value;
@@ -170,7 +170,7 @@ void cgroup_context_init(CGroupContext *c) {
.blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID,
.startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID,
- .tasks_max = TASKS_MAX_UNSET,
+ .tasks_max = CGROUP_TASKS_MAX_UNSET,
.moom_swap = MANAGED_OOM_AUTO,
.moom_mem_pressure = MANAGED_OOM_AUTO,
@@ -562,7 +562,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"),
prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"),
prefix, c->memory_limit,
- prefix, tasks_max_resolve(&c->tasks_max),
+ prefix, cgroup_tasks_max_resolve(&c->tasks_max),
prefix, cgroup_device_policy_to_string(c->device_policy),
prefix, strempty(disable_controllers_str),
prefix, delegate_str,
@@ -1760,9 +1760,9 @@ static void cgroup_context_apply(
* which is desirable so that there's an official way to release control of the sysctl from
* systemd: set the limit to unbounded and reload. */
- if (tasks_max_isset(&c->tasks_max)) {
+ if (cgroup_tasks_max_isset(&c->tasks_max)) {
u->manager->sysctl_pid_max_changed = true;
- r = procfs_tasks_set_limit(tasks_max_resolve(&c->tasks_max));
+ r = procfs_tasks_set_limit(cgroup_tasks_max_resolve(&c->tasks_max));
} else if (u->manager->sysctl_pid_max_changed)
r = procfs_tasks_set_limit(TASKS_MAX);
else
@@ -1775,10 +1775,10 @@ static void cgroup_context_apply(
/* The attribute itself is not available on the host root cgroup, and in the container case we want to
* leave it for the container manager. */
if (!is_local_root) {
- if (tasks_max_isset(&c->tasks_max)) {
+ if (cgroup_tasks_max_isset(&c->tasks_max)) {
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
- xsprintf(buf, "%" PRIu64 "\n", tasks_max_resolve(&c->tasks_max));
+ xsprintf(buf, "%" PRIu64 "\n", cgroup_tasks_max_resolve(&c->tasks_max));
(void) set_attribute_and_warn(u, "pids", "pids.max", buf);
} else
(void) set_attribute_and_warn(u, "pids", "pids.max", "max\n");
@@ -1894,7 +1894,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES;
if (c->tasks_accounting ||
- tasks_max_isset(&c->tasks_max))
+ cgroup_tasks_max_isset(&c->tasks_max))
mask |= CGROUP_MASK_PIDS;
return CGROUP_MASK_EXTEND_JOINED(mask);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 9f1963b3f2..486957b545 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -9,20 +9,20 @@
#include "list.h"
#include "time-util.h"
-typedef struct TasksMax {
+typedef struct CGroupTasksMax {
/* If scale == 0, just use value; otherwise, value / scale.
* See tasks_max_resolve(). */
uint64_t value;
uint64_t scale;
-} TasksMax;
+} CGroupTasksMax;
-#define TASKS_MAX_UNSET ((TasksMax) { .value = UINT64_MAX, .scale = 0 })
+#define CGROUP_TASKS_MAX_UNSET ((CGroupTasksMax) { .value = UINT64_MAX, .scale = 0 })
-static inline bool tasks_max_isset(const TasksMax *tasks_max) {
+static inline bool cgroup_tasks_max_isset(const CGroupTasksMax *tasks_max) {
return tasks_max->value != UINT64_MAX || tasks_max->scale != 0;
}
-uint64_t tasks_max_resolve(const TasksMax *tasks_max);
+uint64_t cgroup_tasks_max_resolve(const CGroupTasksMax *tasks_max);
typedef struct CGroupContext CGroupContext;
typedef struct CGroupDeviceAllow CGroupDeviceAllow;
@@ -210,7 +210,7 @@ struct CGroupContext {
LIST_HEAD(CGroupSocketBindItem, socket_bind_deny);
/* Common */
- TasksMax tasks_max;
+ CGroupTasksMax tasks_max;
/* Settings for systemd-oomd */
ManagedOOMMode moom_swap;
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 5347525844..3c35673779 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -25,7 +25,7 @@
#include "percent-util.h"
#include "socket-util.h"
-BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
+BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_cgroup_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy);
@@ -994,7 +994,7 @@ static int bus_cgroup_set_cpu_weight(
static int bus_cgroup_set_tasks_max(
Unit *u,
const char *name,
- TasksMax *p,
+ CGroupTasksMax *p,
sd_bus_message *message,
UnitWriteFlags flags,
sd_bus_error *error) {
@@ -1013,7 +1013,7 @@ static int bus_cgroup_set_tasks_max(
"Value specified in %s is out of range", name);
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- *p = (TasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */
+ *p = (CGroupTasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */
unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
if (v == CGROUP_LIMIT_MAX)
@@ -1030,7 +1030,7 @@ static int bus_cgroup_set_tasks_max(
static int bus_cgroup_set_tasks_max_scale(
Unit *u,
const char *name,
- TasksMax *p,
+ CGroupTasksMax *p,
sd_bus_message *message,
UnitWriteFlags flags,
sd_bus_error *error) {
@@ -1049,7 +1049,7 @@ static int bus_cgroup_set_tasks_max_scale(
"Value specified in %s is out of range", name);
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- *p = (TasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */
+ *p = (CGroupTasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */
unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX);
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 86235fa5b6..18ba95a6c5 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3934,23 +3934,23 @@ int config_parse_tasks_max(
void *userdata) {
const Unit *u = userdata;
- TasksMax *tasks_max = data;
+ CGroupTasksMax *tasks_max = data;
uint64_t v;
int r;
if (isempty(rvalue)) {
- *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
+ *tasks_max = u ? u->manager->default_tasks_max : CGROUP_TASKS_MAX_UNSET;
return 0;
}
if (streq(rvalue, "infinity")) {
- *tasks_max = TASKS_MAX_UNSET;
+ *tasks_max = CGROUP_TASKS_MAX_UNSET;
return 0;
}
r = parse_permyriad(rvalue);
if (r >= 0)
- *tasks_max = (TasksMax) { r, 10000U }; /* r‱ */
+ *tasks_max = (CGroupTasksMax) { r, 10000U }; /* r‱ */
else {
r = safe_atou64(rvalue, &v);
if (r < 0) {
@@ -3963,7 +3963,7 @@ int config_parse_tasks_max(
return 0;
}
- *tasks_max = (TasksMax) { v };
+ *tasks_max = (CGroupTasksMax) { v };
}
return 0;
diff --git a/src/core/main.c b/src/core/main.c
index 14aa1f00c0..efe75d96b3 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -106,7 +106,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
static enum {
ACTION_RUN,
@@ -166,7 +166,7 @@ static bool arg_default_ip_accounting;
static bool arg_default_blockio_accounting;
static bool arg_default_memory_accounting;
static bool arg_default_tasks_accounting;
-static TasksMax arg_default_tasks_max;
+static CGroupTasksMax arg_default_tasks_max;
static usec_t arg_default_memory_pressure_threshold_usec;
static CGroupPressureWatch arg_default_memory_pressure_watch;
static sd_id128_t arg_machine_id;
diff --git a/src/core/manager.c b/src/core/manager.c
index 2ccb753888..5f4522392d 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -840,7 +840,7 @@ int manager_new(RuntimeScope runtime_scope, ManagerTestRunFlags test_run_flags,
.default_timer_accuracy_usec = USEC_PER_MINUTE,
.default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT,
.default_tasks_accounting = true,
- .default_tasks_max = TASKS_MAX_UNSET,
+ .default_tasks_max = CGROUP_TASKS_MAX_UNSET,
.default_timeout_start_usec = manager_default_timeout(runtime_scope),
.default_timeout_stop_usec = manager_default_timeout(runtime_scope),
.default_restart_usec = DEFAULT_RESTART_USEC,
diff --git a/src/core/manager.h b/src/core/manager.h
index a6c87dc852..e4b2393d06 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -375,7 +375,7 @@ struct Manager {
bool default_tasks_accounting;
bool default_ip_accounting;
- TasksMax default_tasks_max;
+ CGroupTasksMax default_tasks_max;
usec_t default_timer_accuracy_usec;
OOMPolicy default_oom_policy;
diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c
index c0bf585963..35b2599e86 100644
--- a/src/test/test-cgroup-mask.c
+++ b/src/test/test-cgroup-mask.c
@@ -58,7 +58,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) {
m->default_blockio_accounting =
m->default_io_accounting =
m->default_tasks_accounting = false;
- m->default_tasks_max = TASKS_MAX_UNSET;
+ m->default_tasks_max = CGROUP_TASKS_MAX_UNSET;
assert_se(manager_startup(m, NULL, NULL, NULL) >= 0);
--
2.35.3

31
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
View File

@@ -1,31 +0,0 @@
From c44ecd40ed4b4221dd9f03f5c2090d994889064c Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 23 Jan 2024 11:30:15 +0100
Subject: [PATCH 5004/5011] bus-print-properties: ignore CGROUP_LIMIT_MAX for
Memory*{Current, Peak}
MemoryCurrent and MemoryAvailable are shown as "[not set]" when UINT64_MAX
(unset). Let's do the same for the newly-added Memory*{Current,Peak} properties.
(cherry picked from commit 3f362012ce0034dc14d3c1a1c2a3a64a11efa9da)
[mkoutny: Drop MemoryPeak=]
---
src/shared/bus-print-properties.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index db41ad2495..46724c98fa 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -158,6 +158,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
(STR_IN_SET(name, "CPUShares", "StartupCPUShares") && u == CGROUP_CPU_SHARES_INVALID) ||
(STR_IN_SET(name, "BlockIOWeight", "StartupBlockIOWeight") && u == CGROUP_BLKIO_WEIGHT_INVALID) ||
(STR_IN_SET(name, "MemoryCurrent", "TasksCurrent") && u == UINT64_MAX) ||
+ (startswith(name, "Memory") && ENDSWITH_SET(name, "Current") && u == CGROUP_LIMIT_MAX) ||
(endswith(name, "NSec") && u == UINT64_MAX))
bus_print_property_value(name, expected_value, flags, "[not set]");
--
2.35.3

38
5005-bus-print-properties-prettify-more-unset-properties.patch
View File

@@ -1,38 +0,0 @@
From 278ef74e90a13821fc2209eb09de768035e14478 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 23 Jan 2024 11:30:16 +0100
Subject: [PATCH 5005/5011] bus-print-properties: prettify more unset
properties
(cherry picked from commit bfb6b1214a8da947cb82fed2eec3d7f2b1c6175f)
[mkoutny: Handle MemoryAvailable= separately.]
---
src/shared/bus-print-properties.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index 46724c98fa..f74d8994ad 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -157,13 +157,15 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
else if ((STR_IN_SET(name, "CPUWeight", "StartupCPUWeight", "IOWeight", "StartupIOWeight") && u == CGROUP_WEIGHT_INVALID) ||
(STR_IN_SET(name, "CPUShares", "StartupCPUShares") && u == CGROUP_CPU_SHARES_INVALID) ||
(STR_IN_SET(name, "BlockIOWeight", "StartupBlockIOWeight") && u == CGROUP_BLKIO_WEIGHT_INVALID) ||
- (STR_IN_SET(name, "MemoryCurrent", "TasksCurrent") && u == UINT64_MAX) ||
+ (STR_IN_SET(name, "MemoryCurrent", "MemoryAvailable", "TasksCurrent") && u == UINT64_MAX) ||
(startswith(name, "Memory") && ENDSWITH_SET(name, "Current") && u == CGROUP_LIMIT_MAX) ||
+ (startswith(name, "IO") && ENDSWITH_SET(name, "Bytes", "Operations") && u == UINT64_MAX) ||
(endswith(name, "NSec") && u == UINT64_MAX))
bus_print_property_value(name, expected_value, flags, "[not set]");
- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) ||
+ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
+ u == CGROUP_LIMIT_MAX) ||
(STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) ||
(startswith(name, "Limit") && u == UINT64_MAX) ||
(startswith(name, "DefaultLimit") && u == UINT64_MAX))
--
2.35.3

607
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
View File

@@ -1,607 +0,0 @@
From 9c86b2c20823dce7f8303648f7e8a8d76342d1d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:17 +0100
Subject: [PATCH 5006/5011] cgroup: Add EffectiveMemoryMax=,
EffectiveMemoryHigh= and EffectiveTasksMax= properties
Users become perplexed when they run their workload in a unit with no
explicit limits configured (moreover, listing the limit property would
even show it's infinity) but they experience unexpected resource
limitation.
The memory and pid limits come as the most visible, therefore add new
unit read-only properties:
- EffectiveMemoryMax=,
- EffectiveMemoryHigh=,
- EffectiveTasksMax=.
These properties represent the most stringent limit systemd is aware of
for the given unit -- and that is typically(*) the effective value.
Implement the properties by simply traversing all parents in the
leaf-slice tree and picking the minimum value. Note that effective
limits are thus defined even for units that don't enable explicit
accounting (because of the hierarchy).
(*) The evasive case is when systemd runs in a cgroupns and cannot
reason about outer setup. Complete solution would need kernel support.
(cherry picked from commit 4fb0d2dc140c9a2c01c236d2a8dc09a44157e896)
[mkoutny: adjust context, drop unapplicable XML]
[mkoutny: fixes jsc#PED-5659]
---
man/org.freedesktop.systemd1.xml | 108 ++++++++++++++++++++++++++++++
man/systemd.resource-control.xml | 11 ++-
src/core/cgroup.c | 48 +++++++++++++
src/core/cgroup.h | 13 ++++
src/core/dbus-unit.c | 25 +++++++
src/shared/bus-print-properties.c | 6 +-
6 files changed, 206 insertions(+), 5 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 2e357539fb..02db33626d 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -2716,6 +2716,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -2724,6 +2728,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -3335,6 +3341,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -3343,6 +3353,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -3963,6 +3975,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -3971,6 +3987,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -4748,6 +4766,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -4756,6 +4778,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -5377,6 +5401,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -5385,6 +5413,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -5983,6 +6013,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -5991,6 +6025,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -6643,6 +6679,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -6651,6 +6691,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -7200,6 +7242,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -7208,6 +7254,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -7724,6 +7772,10 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -7732,6 +7784,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -8511,6 +8565,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -8519,6 +8577,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -9054,6 +9114,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -9062,6 +9126,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -9564,6 +9630,10 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -9572,6 +9642,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -10210,6 +10282,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -10218,6 +10294,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -10381,6 +10459,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -10389,6 +10471,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -10557,6 +10641,10 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -10565,6 +10653,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
@@ -10759,6 +10849,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveMemoryHigh = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@@ -10767,6 +10861,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+ readonly t EffectiveTasksMax = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@@ -10950,6 +11046,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<!--property MemoryCurrent is not documented!-->
+ <!--property EffectiveMemoryMax is not documented!-->
+
+ <!--property EffectiveMemoryHigh is not documented!-->
+
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
@@ -10958,6 +11058,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<!--property TasksCurrent is not documented!-->
+ <!--property EffectiveTasksMax is not documented!-->
+
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
@@ -11156,6 +11258,10 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
+
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
@@ -11164,6 +11270,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 3c17efbe16..5b7900af87 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -392,7 +392,9 @@ CPUWeight=20 DisableControllers=cpu / \
system. If assigned the
special value <literal>infinity</literal>, no memory throttling is applied. This controls the
<literal>memory.high</literal> control group attribute. For details about this control group attribute, see
- <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para>
+ <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
+ The effective configuration is reported as <varname>EffectiveMemoryHigh=</varname>
+ (see also <varname>EffectiveMemoryMax=</varname>).</para>
<para>While <varname>StartupMemoryHigh=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryHigh=</varname> applies to normal runtime of the system, and if the former is not set also to
@@ -418,7 +420,9 @@ CPUWeight=20 DisableControllers=cpu / \
percentage value may be specified, which is taken relative to the installed physical memory on the system. If
assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
- <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para>
+ <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
+ The effective configuration is reported as <varname>EffectiveMemoryMax=</varname> (the value is
+ the most stringent limit of the unit and parent slices).</para>
<para>While <varname>StartupMemoryMax=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryMax=</varname> applies to normal runtime of the system, and if the former is not set also to
@@ -534,7 +538,8 @@ CPUWeight=20 DisableControllers=cpu / \
limit is applied. This controls the <literal>pids.max</literal> control group attribute. For
details about this control group attribute, the
<ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid">pids controller
- </ulink>.</para>
+ </ulink>.
+ The effective configuration is reported as <varname>EffectiveTasksMax=</varname>.</para>
<para>The system default for this setting may be controlled with
<varname>DefaultTasksMax=</varname> in
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 5b7205a92e..0842036559 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4000,6 +4000,46 @@ int unit_get_ip_accounting(
return r;
}
+static uint64_t unit_get_effective_limit_one(Unit *u, CGroupLimitType type) {
+ CGroupContext *cc;
+
+ assert(u);
+ assert(UNIT_HAS_CGROUP_CONTEXT(u));
+
+ cc = unit_get_cgroup_context(u);
+ switch (type) {
+ /* Note: on legacy/hybrid hierarchies memory_max stays CGROUP_LIMIT_MAX unless configured
+ * explicitly. Effective value of MemoryLimit= (cgroup v1) is not implemented. */
+ case CGROUP_LIMIT_MEMORY_MAX:
+ return cc->memory_max;
+ case CGROUP_LIMIT_MEMORY_HIGH:
+ return cc->memory_high;
+ case CGROUP_LIMIT_TASKS_MAX:
+ return cgroup_tasks_max_resolve(&cc->tasks_max);
+ default:
+ assert_not_reached();
+ }
+}
+
+int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret) {
+ uint64_t infimum;
+
+ assert(u);
+ assert(ret);
+ assert(type >= 0);
+ assert(type < _CGROUP_LIMIT_TYPE_MAX);
+
+ if (!UNIT_HAS_CGROUP_CONTEXT(u))
+ return -EINVAL;
+
+ infimum = unit_get_effective_limit_one(u, type);
+ for (Unit *slice = UNIT_GET_SLICE(u); slice; slice = UNIT_GET_SLICE(slice))
+ infimum = MIN(infimum, unit_get_effective_limit_one(slice, type));
+
+ *ret = infimum;
+ return 0;
+}
+
static int unit_get_io_accounting_raw(Unit *u, uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) {
static const char *const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
[CGROUP_IO_READ_BYTES] = "rbytes=",
@@ -4418,3 +4458,11 @@ static const char* const cgroup_pressure_watch_table[_CGROUP_PRESSURE_WATCH_MAX]
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(cgroup_pressure_watch, CGroupPressureWatch, CGROUP_PRESSURE_WATCH_ON);
+
+static const char *const cgroup_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
+ [CGROUP_LIMIT_MEMORY_MAX] = "EffectiveMemoryMax",
+ [CGROUP_LIMIT_MEMORY_HIGH] = "EffectiveMemoryHigh",
+ [CGROUP_LIMIT_TASKS_MAX] = "EffectiveTasksMax",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(cgroup_limit_type, CGroupLimitType);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 486957b545..a19a2fffa3 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -245,6 +245,15 @@ typedef enum CGroupIOAccountingMetric {
_CGROUP_IO_ACCOUNTING_METRIC_INVALID = -EINVAL,
} CGroupIOAccountingMetric;
+/* Used for limits whose value sets have infimum */
+typedef enum CGroupLimitType {
+ CGROUP_LIMIT_MEMORY_MAX,
+ CGROUP_LIMIT_MEMORY_HIGH,
+ CGROUP_LIMIT_TASKS_MAX,
+ _CGROUP_LIMIT_TYPE_MAX,
+ _CGROUP_LIMIT_INVALID = -EINVAL,
+} CGroupLimitType;
+
typedef struct Unit Unit;
typedef struct Manager Manager;
@@ -337,6 +346,7 @@ int unit_get_tasks_current(Unit *u, uint64_t *ret);
int unit_get_cpu_usage(Unit *u, nsec_t *ret);
int unit_get_io_accounting(Unit *u, CGroupIOAccountingMetric metric, bool allow_cache, uint64_t *ret);
int unit_get_ip_accounting(Unit *u, CGroupIPAccountingMetric metric, uint64_t *ret);
+int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret);
int unit_reset_cpu_accounting(Unit *u);
int unit_reset_ip_accounting(Unit *u);
@@ -378,3 +388,6 @@ FreezerAction freezer_action_from_string(const char *s) _pure_;
const char* cgroup_pressure_watch_to_string(CGroupPressureWatch a) _const_;
CGroupPressureWatch cgroup_pressure_watch_from_string(const char *s) _pure_;
+
+const char* cgroup_limit_type_to_string(CGroupLimitType m) _const_;
+CGroupLimitType cgroup_limit_type_from_string(const char *s) _pure_;
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index ed376cec87..b4509a990e 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1438,6 +1438,28 @@ static int property_get_io_counter(
return sd_bus_message_append(reply, "t", value);
}
+static int property_get_effective_limit(
+ sd_bus *bus,
+ const char *path,
+ const char *interface,
+ const char *property,
+ sd_bus_message *reply,
+ void *userdata,
+ sd_bus_error *error) {
+
+ uint64_t value = CGROUP_LIMIT_MAX;
+ Unit *u = ASSERT_PTR(userdata);
+ ssize_t type;
+
+ assert(bus);
+ assert(reply);
+ assert(property);
+
+ assert_se((type = cgroup_limit_type_from_string(property)) >= 0);
+ (void) unit_get_effective_limit(u, type, &value);
+ return sd_bus_message_append(reply, "t", value);
+}
+
int bus_unit_method_attach_processes(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
@@ -1557,10 +1579,13 @@ const sd_bus_vtable bus_unit_cgroup_vtable[] = {
SD_BUS_PROPERTY("ControlGroupId", "t", NULL, offsetof(Unit, cgroup_id), 0),
SD_BUS_PROPERTY("MemoryCurrent", "t", property_get_current_memory, 0, 0),
SD_BUS_PROPERTY("MemoryAvailable", "t", property_get_available_memory, 0, 0),
+ SD_BUS_PROPERTY("EffectiveMemoryMax", "t", property_get_effective_limit, 0, 0),
+ SD_BUS_PROPERTY("EffectiveMemoryHigh", "t", property_get_effective_limit, 0, 0),
SD_BUS_PROPERTY("CPUUsageNSec", "t", property_get_cpu_usage, 0, 0),
SD_BUS_PROPERTY("EffectiveCPUs", "ay", property_get_cpuset_cpus, 0, 0),
SD_BUS_PROPERTY("EffectiveMemoryNodes", "ay", property_get_cpuset_mems, 0, 0),
SD_BUS_PROPERTY("TasksCurrent", "t", property_get_current_tasks, 0, 0),
+ SD_BUS_PROPERTY("EffectiveTasksMax", "t", property_get_effective_limit, 0, 0),
SD_BUS_PROPERTY("IPIngressBytes", "t", property_get_ip_counter, 0, 0),
SD_BUS_PROPERTY("IPIngressPackets", "t", property_get_ip_counter, 0, 0),
SD_BUS_PROPERTY("IPEgressBytes", "t", property_get_ip_counter, 0, 0),
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index f74d8994ad..62bbc598bb 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -164,9 +164,11 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
bus_print_property_value(name, expected_value, flags, "[not set]");
- else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
+ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin",
+ "MemoryHigh", "MemoryMax",
+ "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
u == CGROUP_LIMIT_MAX) ||
- (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) ||
+ (endswith(name, "TasksMax") && u == UINT64_MAX) ||
(startswith(name, "Limit") && u == UINT64_MAX) ||
(startswith(name, "DefaultLimit") && u == UINT64_MAX))
--
2.35.3

97
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
View File

@@ -1,97 +0,0 @@
From 46451a18828473edaf7e9873a084f26f0c827a3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:18 +0100
Subject: [PATCH 5007/5011] test: Convert rlimit test to subtest of generic
limit testing
No functional change intended. Preparation for new tests.
(cherry picked from commit 834ca54624ae1d61ec4fcf3a63b10271c38c4860)
[mkoutny: fixes jsc#PED-5659]
---
test/units/testsuite-05.rlimit.sh | 25 +++++++++++++++++++++++++
test/units/testsuite-05.service | 2 +-
test/units/testsuite-05.sh | 22 +++-------------------
3 files changed, 29 insertions(+), 20 deletions(-)
create mode 100755 test/units/testsuite-05.rlimit.sh
diff --git a/test/units/testsuite-05.rlimit.sh b/test/units/testsuite-05.rlimit.sh
new file mode 100755
index 0000000000..bbf3adbe65
--- /dev/null
+++ b/test/units/testsuite-05.rlimit.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+P=/run/systemd/system.conf.d
+mkdir $P
+
+cat >$P/rlimits.conf <<EOF
+[Manager]
+DefaultLimitNOFILE=10000:16384
+EOF
+
+systemctl daemon-reload
+
+[[ "$(systemctl show -P DefaultLimitNOFILESoft)" = "10000" ]]
+[[ "$(systemctl show -P DefaultLimitNOFILE)" = "16384" ]]
+
+[[ "$(systemctl show -P LimitNOFILESoft testsuite-05.service)" = "10000" ]]
+[[ "$(systemctl show -P LimitNOFILE testsuite-05.service)" = "16384" ]]
+
+# shellcheck disable=SC2016
+systemd-run --wait -t bash -c '[[ "$(ulimit -n -S)" = "10000" ]]'
+# shellcheck disable=SC2016
+systemd-run --wait -t bash -c '[[ "$(ulimit -n -H)" = "16384" ]]'
diff --git a/test/units/testsuite-05.service b/test/units/testsuite-05.service
index ab72d8fe27..cf32accb8c 100644
--- a/test/units/testsuite-05.service
+++ b/test/units/testsuite-05.service
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
-Description=TEST-05-RLIMITS
+Description=TEST-05-LIMITS
[Service]
ExecStartPre=rm -f /failed /testok
diff --git a/test/units/testsuite-05.sh b/test/units/testsuite-05.sh
index 870845d14b..9c2a033aa9 100755
--- a/test/units/testsuite-05.sh
+++ b/test/units/testsuite-05.sh
@@ -3,25 +3,9 @@
set -eux
set -o pipefail
-P=/run/systemd/system.conf.d
-mkdir $P
+# shellcheck source=test/units/test-control.sh
+. "$(dirname "$0")"/test-control.sh
-cat >$P/rlimits.conf <<EOF
-[Manager]
-DefaultLimitNOFILE=10000:16384
-EOF
-
-systemctl daemon-reload
-
-[[ "$(systemctl show -P DefaultLimitNOFILESoft)" = "10000" ]]
-[[ "$(systemctl show -P DefaultLimitNOFILE)" = "16384" ]]
-
-[[ "$(systemctl show -P LimitNOFILESoft testsuite-05.service)" = "10000" ]]
-[[ "$(systemctl show -P LimitNOFILE testsuite-05.service)" = "16384" ]]
-
-# shellcheck disable=SC2016
-systemd-run --wait -t bash -c '[[ "$(ulimit -n -S)" = "10000" ]]'
-# shellcheck disable=SC2016
-systemd-run --wait -t bash -c '[[ "$(ulimit -n -H)" = "16384" ]]'
+run_subtests
touch /testok
--
2.35.3

111
5008-test-Add-effective-cgroup-limits-testing.patch
View File

@@ -1,111 +0,0 @@
From d0c92dae23e409f6a29f70f039455c08610c943f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:19 +0100
Subject: [PATCH 5008/5011] test: Add effective cgroup limits testing
(cherry picked from commit ce35bb95c7b6fe9a48d2b8628bd690279b17fffa)
[mkoutny: fixes jsc#PED-5659]
---
test/units/testsuite-05.effective-limit.sh | 68 ++++++++++++++++++++++
test/units/util.sh | 9 +++
2 files changed, 77 insertions(+)
create mode 100755 test/units/testsuite-05.effective-limit.sh
diff --git a/test/units/testsuite-05.effective-limit.sh b/test/units/testsuite-05.effective-limit.sh
new file mode 100755
index 0000000000..3ff8e83140
--- /dev/null
+++ b/test/units/testsuite-05.effective-limit.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+pre=test05
+cat >/run/systemd/system/"$pre"alpha.slice <<EOF
+[Slice]
+MemoryMax=40M
+MemoryHigh=40M
+TasksMax=400
+EOF
+
+cat >/run/systemd/system/"$pre"alpha-beta.slice <<EOF
+[Slice]
+MemoryMax=10M
+MemoryHigh=10M
+TasksMax=100
+EOF
+
+cat >/run/systemd/system/"$pre"alpha-beta-gamma.slice <<EOF
+[Slice]
+MemoryMax=20M
+MemoryHigh=20M
+TasksMax=200
+EOF
+
+systemctl daemon-reload
+
+srv=probe.service
+slc0="$pre"alpha.slice
+slc="$pre"alpha-beta-gamma.slice
+
+systemd-run --unit "$srv" --slice "$slc" \
+ -p MemoryMax=5M \
+ -p MemoryHigh=5M \
+ -p TasksMax=50 \
+ sleep inf
+
+# Compare with inequality because test can run in a constrained container
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "50"
+
+systemctl stop "$srv"
+
+systemd-run --unit "$srv" --slice "$slc" \
+ sleep inf
+
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "10485760"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "10485760"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "100"
+
+systemctl set-property "$slc0" \
+ MemoryMax=5M \
+ MemoryHigh=5M \
+ TasksMax=50
+
+assert_le "$(systemctl show -P EffectiveMemoryMax "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveMemoryHigh "$srv")" "5242880"
+assert_le "$(systemctl show -P EffectiveTasksMax "$srv")" "50"
+
+systemctl stop "$srv"
+
+rm -f /run/systemd/system/"$pre"* || :
diff --git a/test/units/util.sh b/test/units/util.sh
index 932fe1e603..7af98bb45e 100755
--- a/test/units/util.sh
+++ b/test/units/util.sh
@@ -26,6 +26,15 @@ assert_eq() {(
fi
)}
+assert_le() {(
+ set +ex
+
+ if [[ "${1:?}" -gt "${2:?}" ]]; then
+ echo "FAIL: '$1' > '$2'" >&2
+ exit 1
+ fi
+)}
+
assert_in() {(
set +ex
--
2.35.3

56
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
View File

@@ -1,56 +0,0 @@
From edfd70ab2c5490131fcf5a4348e31c19251d3479 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:20 +0100
Subject: [PATCH 5009/5011] cgroup: Restrict effective limits with global
resource provision
Global resource (whole system or root cg's (e.g. in a container)) is
also a well-defined limit for memory and tasks, take it into account
when calculating effective limits.
(cherry picked from commit 93f8e88d23bd383b5134f32c1e2ee315ac3a38c8)
[mkoutny: fixes jsc#PED-5659]
---
man/systemd.resource-control.xml | 2 +-
src/core/cgroup.c | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 5b7900af87..ded4722e7a 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -422,7 +422,7 @@ CPUWeight=20 DisableControllers=cpu / \
<literal>memory.max</literal> control group attribute. For details about this control group attribute, see
<ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.
The effective configuration is reported as <varname>EffectiveMemoryMax=</varname> (the value is
- the most stringent limit of the unit and parent slices).</para>
+ the most stringent limit of the unit and parent slices and it is capped by physical memory).</para>
<para>While <varname>StartupMemoryMax=</varname> applies to the startup and shutdown phases of the system,
<varname>MemoryMax=</varname> applies to normal runtime of the system, and if the former is not set also to
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 0842036559..a53d90486c 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4006,6 +4006,17 @@ static uint64_t unit_get_effective_limit_one(Unit *u, CGroupLimitType type) {
assert(u);
assert(UNIT_HAS_CGROUP_CONTEXT(u));
+ if (unit_has_name(u, SPECIAL_ROOT_SLICE))
+ switch (type) {
+ case CGROUP_LIMIT_MEMORY_MAX:
+ case CGROUP_LIMIT_MEMORY_HIGH:
+ return physical_memory();
+ case CGROUP_LIMIT_TASKS_MAX:
+ return system_tasks_max();
+ default:
+ assert_not_reached();
+ }
+
cc = unit_get_cgroup_context(u);
switch (type) {
/* Note: on legacy/hybrid hierarchies memory_max stays CGROUP_LIMIT_MAX unless configured
--
2.35.3

64
5010-cgroup-Rename-effective-limits-internal-table.patch
View File

@@ -1,64 +0,0 @@
From 0c3448f0e341e3e1f23722e4275c4fdd4062d280 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Tue, 23 Jan 2024 11:30:21 +0100
Subject: [PATCH 5010/5011] cgroup: Rename effective limits internal table
Post-merge fixup of commit 4fb0d2dc14 ("cgroup: Add EffectiveMemoryMax=,
EffectiveMemoryHigh= and EffectiveTasksMax= properties"), no functional
change intended.
(cherry picked from commit 8ad614890bba66b5f6b590d6a3e1b8b04a920126)
[mkoutny: adjust context]
[mkoutny: fixes jsc#PED-5659]
---
src/core/cgroup.c | 4 ++--
src/core/cgroup.h | 4 ++--
src/core/dbus-unit.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index a53d90486c..2d8d61a26d 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4470,10 +4470,10 @@ static const char* const cgroup_pressure_watch_table[_CGROUP_PRESSURE_WATCH_MAX]
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(cgroup_pressure_watch, CGroupPressureWatch, CGROUP_PRESSURE_WATCH_ON);
-static const char *const cgroup_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
+static const char *const cgroup_effective_limit_type_table[_CGROUP_LIMIT_TYPE_MAX] = {
[CGROUP_LIMIT_MEMORY_MAX] = "EffectiveMemoryMax",
[CGROUP_LIMIT_MEMORY_HIGH] = "EffectiveMemoryHigh",
[CGROUP_LIMIT_TASKS_MAX] = "EffectiveTasksMax",
};
-DEFINE_STRING_TABLE_LOOKUP(cgroup_limit_type, CGroupLimitType);
+DEFINE_STRING_TABLE_LOOKUP(cgroup_effective_limit_type, CGroupLimitType);
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index a19a2fffa3..9ff650abcf 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -389,5 +389,5 @@ FreezerAction freezer_action_from_string(const char *s) _pure_;
const char* cgroup_pressure_watch_to_string(CGroupPressureWatch a) _const_;
CGroupPressureWatch cgroup_pressure_watch_from_string(const char *s) _pure_;
-const char* cgroup_limit_type_to_string(CGroupLimitType m) _const_;
-CGroupLimitType cgroup_limit_type_from_string(const char *s) _pure_;
+const char* cgroup_effective_limit_type_to_string(CGroupLimitType m) _const_;
+CGroupLimitType cgroup_effective_limit_type_from_string(const char *s) _pure_;
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index b4509a990e..da22e8f524 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1455,7 +1455,7 @@ static int property_get_effective_limit(
assert(reply);
assert(property);
- assert_se((type = cgroup_limit_type_from_string(property)) >= 0);
+ assert_se((type = cgroup_effective_limit_type_from_string(property)) >= 0);
(void) unit_get_effective_limit(u, type, &value);
return sd_bus_message_append(reply, "t", value);
}
--
2.35.3

1
baselibs.conf
View File

@@ -8,3 +8,4 @@ systemd
-/usr/lib/cryptsetup
libsystemd0
libudev1
systemd-devel

2
files.experimental
View File

@@ -5,6 +5,8 @@
%if %{with sd_boot}
%dir %{_unitdir}/initrd.target.wants
%endif
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/oomd.conf
%{_bindir}/oomctl
%{_bindir}/systemd-repart
%{_datadir}/bash-completion/completions/oomctl

3
files.journal-remote
View File

@@ -4,6 +4,9 @@
%dir %{_sysconfdir}/systemd/journal-remote.conf.d
%dir %{_sysconfdir}/systemd/journal-upload.conf.d
%ghost %dir %{_localstatedir}/log/journal/remote
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/journal-remote.conf
%ghost %{_sysconfdir}/systemd/journal-upload.conf
%{_datadir}/systemd/gatewayd
%{_datadir}/systemd/gatewayd/browse.html
%{_mandir}/man5/journal-remote.conf.5.gz

2
files.network
View File

@@ -5,6 +5,8 @@
%dir %{_sysconfdir}/systemd/network
%dir %{_sysconfdir}/systemd/networkd.conf.d
%dir %{_systemd_util_dir}/network
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/networkd.conf
%{_bindir}/networkctl
%{_datadir}/bash-completion/completions/networkctl
%{_datadir}/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml

5
files.systemd
View File

@@ -87,6 +87,11 @@
%ghost %config(noreplace) %{_sysconfdir}/machine-info
%ghost %dir %attr(2755, root, systemd-journal) %{_localstatedir}/log/journal
%ghost %{_localstatedir}/lib/systemd/catalog/database
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/journald.conf
%ghost %{_sysconfdir}/systemd/logind.conf
%ghost %{_sysconfdir}/systemd/system.conf
%ghost %{_sysconfdir}/systemd/user.conf
%license LICENSE.GPL2
%license LICENSE.LGPL2.1
%{_bindir}/busctl

12
files.udev
View File

@@ -33,6 +33,11 @@
%ghost %attr(644, root, root) %{_prefix}/lib/udev/compat-symlink-generation
%ghost %config(noreplace) %{_sysconfdir}/vconsole.conf
%ghost %{_localstatedir}/lib/systemd/backlight
# Main config files have been replaced in favor of drop-ins.
%ghost %{_sysconfdir}/systemd/pstore.conf
%ghost %{_sysconfdir}/systemd/sleep.conf
%ghost %{_sysconfdir}/systemd/timesyncd.conf
%ghost %{_sysconfdir}/udev/iocost.conf
%if %{without bootstrap}
%{_bindir}/kernel-install
%{_bindir}/systemd-cryptenroll
@@ -150,8 +155,12 @@
%{_prefix}/lib/udev/iocost
%{_prefix}/lib/udev/iocost.conf
%{_prefix}/lib/udev/mtd_probe
%{_prefix}/lib/udev/path_id_compat
%{_prefix}/lib/udev/rule_generator.functions
%{_prefix}/lib/udev/rules.d/75-persistent-net-generator.rules
%{_prefix}/lib/udev/scsi_id
%{_prefix}/lib/udev/v4l_id
%{_prefix}/lib/udev/write_net_rules
%{_systemd_util_dir}/network/99-default.link
%{_systemd_util_dir}/ntp-units.d/80-systemd-timesync.list
%{_systemd_util_dir}/pstore.conf
@@ -222,10 +231,12 @@
%{_udevhwdbdir}/70-analyzers.hwdb
%{_udevhwdbdir}/70-av-production.hwdb
%{_udevhwdbdir}/70-cameras.hwdb
%{_udevhwdbdir}/70-hardware-wallets.hwdb
%{_udevhwdbdir}/70-joystick.hwdb
%{_udevhwdbdir}/70-mouse.hwdb
%{_udevhwdbdir}/70-pda.hwdb
%{_udevhwdbdir}/70-pointingstick.hwdb
%{_udevhwdbdir}/70-software-radio.hwdb
%{_udevhwdbdir}/70-sound-card.hwdb
%{_udevhwdbdir}/70-touchpad.hwdb
%{_udevhwdbdir}/80-ieee1394-unit-function.hwdb
@@ -246,6 +257,7 @@
%{_udevrulesdir}/60-persistent-v4l.rules
%{_udevrulesdir}/60-sensor.rules
%{_udevrulesdir}/60-serial.rules
%{_udevrulesdir}/61-persistent-storage-compat.rules
%{_udevrulesdir}/64-btrfs.rules
%{_udevrulesdir}/70-camera.rules
%{_udevrulesdir}/70-joystick.rules

236
fixlet-systemd-post.sh
View File

@@ -4,215 +4,6 @@
# updated.
#
# /etc/sysconfig/console | /etc/vconsole.conf
# -------------------------+---------------------
# CONSOLE_FONT | FONT
# CONSOLE_SCREENMAP | FONT_MAP
# CONSOLE_UNICODEMAP | FONT_UNIMAP
migrate_locale () {
local migrated=""
if ! test -f /etc/sysconfig/console; then
return
fi
source /etc/sysconfig/console || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$CONSOLE_FONT" && test -z "$FONT"; then
echo "FONT=$CONSOLE_FONT" >>/etc/vconsole.conf
migrated+="CONSOLE_FONT "
fi
if test -n "$CONSOLE_SCREENMAP" && test -z "$FONT_MAP"; then
echo "FONT_MAP=$CONSOLE_SCREENMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_SCREENMAP "
fi
if test -n "$CONSOLE_UNICODEMAP" && test -z "$FONT_UNIMAP"; then
echo "FONT_UNIMAP=$CONSOLE_UNICODEMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_UNICODEMAP "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/console have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please edit /etc/vconsole.conf if you need to tune these settings"
echo >&2 "as /etc/sysconfig/console won't be considered anymore."
echo >&2
fi
}
# /etc/sysconfig/keyboard | /etc/vconsole.conf
# -------------------------+---------------------
# KEYTABLE | KEYMAP
migrate_keyboard () {
local migrated=""
if ! test -f /etc/sysconfig/keyboard; then
return
fi
source /etc/sysconfig/keyboard || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$KEYTABLE" && test -z "$KEYMAP"; then
echo "KEYMAP=$KEYTABLE" >>/etc/vconsole.conf
migrated+="KEYTABLE "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/keyboard have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please use localectl(1) if you need to tune these settings since"
echo >&2 "/etc/sysconfig/keyboard won't be considered anymore."
echo >&2
fi
}
# According to
# https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_suse_l10n.html,
# variables in /etc/sysconfig/language are supposed to be passed to the users'
# shell *only*. However it seems that there has been some confusion and they
# ended up configuring the system-wide locale as well. The logic followed by
# systemd was implemented in commit 01c4b6f4f0d951d17f6873f68156ecd7763429c6,
# which was reverted. The code below follows the same logic to migrate content
# of /etc/sysconfig/language into locale.conf.
migrate_language () {
local lang=
local migrated=false
if ! test -f /etc/sysconfig/language; then
return
fi
source /etc/sysconfig/language || return
lang=$(grep ^LANG= /etc/locale.conf 2>/dev/null)
lang=${lang#LANG=}
case "$ROOT_USES_LANG" in
yes)
if test -z "$lang" && test -n "$RC_LANG"; then
echo "LANG=$RC_LANG" >>/etc/locale.conf
migrated=true
fi
;;
ctype)
if ! grep -q ^LC_CTYPE= /etc/locale.conf 2>/dev/null; then
: ${lc_ctype:="$lang"}
: ${lc_ctype:="$RC_LC_CTYPE"}
: ${lc_ctype:="$RC_LANG"}
if test -n "$lc_ctype"; then
echo "LC_CTYPE=$lc_ctype" >>/etc/locale.conf
migrated=true
fi
fi
;;
esac
if $migrated; then
echo >&2 "The content of /etc/sysconfig/language has been migrated into"
echo >&2 "/etc/locale.conf. The former file is now only used for setting"
echo >&2 "the locale used by user's shells. The system-wide locale is"
echo >&2 "only read from /etc/locale.conf since now."
echo >&2
echo >&2 "Please only use localectl(1) or YaST if you need to change the"
echo >&2 "settings of the *system-wide* locale from now."
fi
}
#
# Migrate old i18n settings previously configured in /etc/sysconfig to the new
# locations used by systemd (/etc/locale.conf, /etc/vconsole.conf, ...). Recent
# versions of systemd parse the new locations only.
#
# This is needed both at package updates and package installations because we
# might be upgrading from a system which was running SysV init (systemd package
# is being installed).
#
# Note: run only once.
#
migrate_sysconfig_i18n() {
local tagfile=/var/lib/systemd/rpm/systemd-i18n_migrated
local -i rv=0
if [ -e $tagfile ]; then
return 0
fi
# The marker could have been incorrectly put in /usr/lib.
mv /usr/lib/systemd/scripts/.migrate-sysconfig-i18n.sh~done $tagfile &>/dev/null
# The tag files have been moved to /var/lib/systemd/rpm later.
mv /var/lib/systemd/i18n-migrated $tagfile &>/dev/null
if [ -e $tagfile ]; then
return 0
fi
touch $tagfile
migrate_locale; rv+=$?
migrate_keyboard; rv+=$?
migrate_language; rv+=$?
if [ $rv -gt 0 ]; then
echo >&2 "Failed to migrate i18n settings from /etc/sysconfig, ignoring."
fi
return $rv
}
#
# This function is supposed to be called from the %post section of the main
# package. It contains all the fixups needed when the system was running a
# version of systemd older than v210.
#
# All hacks can potentially break the admin settings since they work in /etc.
#
fix_pre_210() {
local tagfile=/var/lib/systemd/rpm/systemd-pre_210_fixed
if [ -e $tagfile ]; then
return 0
fi
touch $tagfile
#
# During migration from sysvinit to systemd, we used to set the systemd
# default target to one of the 'runlevel*.target' after reading the
# default runlevel from /etc/inittab. We don't do that anymore because
# in most cases using the graphical.target target, which is the default,
# will do the right thing. Moreover the runlevel targets are considered
# as deprecated, so we convert them into "true" systemd targets instead
# here.
#
if target=$(readlink /etc/systemd/system/default.target); then
target=$(basename $target)
case "$target" in
runlevel?.target)
echo "Default target is '$target' but use of runlevels is deprecated, converting"
systemctl --no-reload set-default $target
esac
fi
#
# Migrate any symlink which may refer to the old path (ie /lib/systemd).
#
for f in $(find /etc/systemd/system -type l -xtype l); do
new_target="/usr$(readlink $f)"
[ -f "$new_target" ] && ln -s -f "$new_target" "$f"
done
}
#
# /etc/machine-id might have been created writeable incorrectly (boo#1092269).
#
@@ -276,10 +67,33 @@ drop_after_local_support() {
fi
}
#
# We have stopped shipping the main config files in /etc but we don't try to
# clean them up automatically as it can have unexepected side effects
# (bsc#1226415). Instead we simply suggest users to convert them (if they exist)
# into drop-ins.
#
# Note: run at each package update
#
check_config_files () {
config_files=(systemd/journald.conf systemd/logind.conf systemd/system.conf systemd/user.conf
systemd/pstore.conf systemd/sleep.conf systemd/timesyncd.conf systemd/coredump.conf
systemd/journal-remote.conf systemd/journal-upload.conf systemd/networkd.conf
systemd/resolved.conf systemd/oomd.conf udev/iocost.conf)
for f in ${config_files[*]}; do
[ -e /etc/$f ] || continue
cat >&2 <<EOF
Main configuration files are deprecated in favor of drop-ins.
Hence we suggest you to remove /etc/$f if it doesn't contain any customization or convert it into drop-in otherwise.
For more details, please visit https://en.opensuse.org/Systemd#Configuration.
EOF
done
}
r=0
fix_machine_id_perms || r=1
fix_pre_210 || r=1
migrate_sysconfig_i18n || r=1
fix_bsc_1020601 || r=1
fix_issue_11329 || r=1
drop_after_local_support || r=1

BIN
systemd-254.27+suse.93.g247091bc99.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
systemd-v254.9+suse.30.g31f1148f75.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

405
systemd.changes
View File

@@ -1,3 +1,407 @@
-------------------------------------------------------------------
Thu Jul 31 15:12:43 UTC 2025 - Franck Bui <fbui@suse.com>
- Remove the script used to help migrating the language and locale settings
located in /etc/sysconfig/language on old systems to the systemd default
locations (bsc#1247074)
The script was introduced more than 7 years ago and all systems running TW
should have been migrated since then. Moreover the installer supports the
systemd default locations since approximately SLE15.
-------------------------------------------------------------------
Mon Jul 7 09:50:24 UTC 2025 - Franck Bui <fbui@suse.com>
- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
offline update.
-------------------------------------------------------------------
Thu Jul 3 14:56:27 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 247091bc99ba506cee501b520d1d0a11d772fc13 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/aa12f501ae4749c542a091028d848796da4ef51b...247091bc99ba506cee501b520d1d0a11d772fc13
-------------------------------------------------------------------
Thu Jul 3 14:42:11 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit aa12f501ae4749c542a091028d848796da4ef51b
aa12f501ae logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
e8b17d11bc sd-journal: drop to use Hashmap to manage journal files per boot ID
ea80273738 tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
a5b3b5344f sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
5fa0600b34 sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
737e8193e7 sd-journal: cache last entry offset and journal file state
057dca426f sd-journal: fix typo in function name
-------------------------------------------------------------------
Mon Jun 2 11:24:58 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 656494acfaf4b7ac5f3137c09b96b8c4bf08f7d0 (merge of v254.25)
This merge includes the following fix:
7fc7aa5a4d coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/41d2be2fb502e62e671db2b22ee330af8fade7e2...656494acfaf4b7ac5f3137c09b96b8c4bf08f7d0
-------------------------------------------------------------------
Mon Jun 2 10:20:27 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 41d2be2fb502e62e671db2b22ee330af8fade7e2
41d2be2fb5 Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel" (SUSE specific)
-------------------------------------------------------------------
Fri May 16 10:26:33 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 806c21e22ba4e3038817c20da19633b483b3ee80
806c21e22b umount: do not move busy network mounts (bsc#1236177)
-------------------------------------------------------------------
Fri May 9 13:27:00 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit ebdfa3e44e0c85febfa3b35fc8843f8db6f3fb10
ebdfa3e44e man/pstore.conf: pstore.conf template is not always installed in /etc
304ed20aab man: coredump.conf template is not always installed in /etc (bsc#1237496)
-------------------------------------------------------------------
Fri May 9 13:00:40 UTC 2025 - Franck Bui <fbui@suse.com>
- Add 1003-journal-again-create-user-journals-for-users-with-hi.patch (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
-------------------------------------------------------------------
Fri Apr 25 11:15:16 UTC 2025 - Franck Bui <fbui@suse.com>
- Add 1002-udev-persistent-net-rule-generator-support.patch (bsc#1241190)
This re-adds back the support for the persistent net name rules as well as
their generator since predictable naming scheme is still disabled by default
on Micro (via the `net.ifnames=0` boot option).
-------------------------------------------------------------------
Wed Mar 19 17:40:45 UTC 2025 - Franck Bui <fbui@suse.com>
- Maintain the network device naming scheme used on SLE15 (jsc#PED-12317)
This shouldn't cause problems as predictable naming schemes are disabled on
SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default).
Add 1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch for the
description of these schemes in the relevant man page.
-------------------------------------------------------------------
Wed Mar 19 17:29:47 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 09b7477895b79c7a3604a7e1aa71eeb3d401e65c
09b7477895 udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- Drop 5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch
The path has been merged into the SUSE/v254 branch.
-------------------------------------------------------------------
Wed Mar 19 17:00:57 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 (merge of v254.24)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991
-------------------------------------------------------------------
Wed Mar 19 16:38:25 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit b4693652f317dbae80e31b978f51e695a23fa3d0
b4693652f3 journald: close runtime journals before their parent directory removed
044d051f0c journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
-------------------------------------------------------------------
Wed Jan 15 17:38:26 UTC 2025 - Franck Bui <fbui@suse.com>
- Add 0004-core-create-the-credential-directory-even-if-it-s-em.patch (bsc#1229228)
-------------------------------------------------------------------
Wed Jan 15 16:35:55 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit d7a56d70fb052f738442c2874b072d6514242050 (merge of v254.23)
eab1d9753b stdio-bridge: fix polled fds
f028f2298e hwdb: comment out the entry for Logitech MX Keys for Mac
e808cbdd6d test: answer 2nd mdadm --create question for compat with new version
bf01f3d692 core/unit-serialize: fix serialization of markers
f043ab6f34 locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
71efbe69b6 core: fix assert when AddDependencyUnitFiles is called with invalid parameter
-------------------------------------------------------------------
Tue Dec 24 08:42:25 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- Fix systemd-network recommending libidn2-devel (boo#1234765)
-------------------------------------------------------------------
Mon Dec 23 13:21:31 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 679c57667db0e755271f392775908d18e4976406
679c57667d tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (boo#1233752 bsc#1234313)
-------------------------------------------------------------------
Mon Dec 23 09:00:16 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 8752ef2f258c62470bef3bb24ca1ef3a969ac474 (merge of v254.22)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e107182cb3dd1702b291d0455bdabcb7db28e537...8752ef2f258c62470bef3bb24ca1ef3a969ac474
-------------------------------------------------------------------
Mon Dec 16 09:45:24 UTC 2024 - Franck Bui <fbui@suse.com>
- Add 5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch (bsc#1234015)
Temporarily add this patch. It will be integrated in the git repository if no
issues are reported in the coming months.
-------------------------------------------------------------------
Mon Dec 16 09:19:48 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 807fe764111b5a74cc8618b8e4ec437a0dec91ff
807fe76411 udev: add new builtin net_driver
3a48b5f21d udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
5359c1d6d4 udev-builtin-net_id: split-out get_pci_slot_specifiers()
1cd915ac7b udev-builtin-net_id: introduce get_port_specifier() helper function
72a4218155 udev-builtin-net_id: split out get_dev_port() and make its failure critical
f6c721b4da udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
9e16c3cf27 udev-builtin-net_id: return earlier when hotplug slot is not found
4851355767 udev-builtin-net_id: skip non-directory entry earlier
a571e5f1dd udev-builtin-net_id: make names_xen() self-contained
9acc241d5f udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
ca8a431b55 udev-builtin-net_id: make names_netdevsim() self-contained
a66251d666 udev-builtin-net_id: make names_platform() self-contained
1e834d7157 udev-builtin-net_id: make names_vio() self-contained
8b236dcd7a udev-builtin-net_id: make names_ccw() self-contained
7d70e2fa7d udev-builtin-net_id: make dev_devicetree_onboard() self-contained
46158a6e91 udev-builtin-net_id: make names_mac() self-contained
7789e7f886 udev-builtin-net_id: split out get_ifname_prefix()
9b0062a667 udev-builtin-net_id: swap arguments for streq() and friends
181a775b40 udev-builtin-net_id: drop unused value from NetNameType
Refactoring to prepare for backporting the filtering mechanism of specific
sysfs attributes during predictable NIC name generation.
-------------------------------------------------------------------
Tue Dec 3 13:56:36 UTC 2024 - Franck Bui <fbui@suse.com>
- Add 0003-Drop-support-for-efivar-SystemdOptions.patch (bsc#1220338)
Upstream deprecated it and plan to drop it in the future.
Let's get ahead and drop it now as this feature is unlikely to be used on SUSE
distros and it might be used to gain access to encrypted SLEM systems with
unattended disk unlock and with secure boot disabled.
-------------------------------------------------------------------
Tue Dec 3 09:52:45 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit e107182cb3dd1702b291d0455bdabcb7db28e537 (merge of v254.21)
This merge includes the following fix:
a467a411f pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/a3aa27ac6649cb096b3c87c8ac61a6950bfa3567...e107182cb3dd1702b291d0455bdabcb7db28e537
-------------------------------------------------------------------
Wed Nov 27 08:43:39 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit a3aa27ac6649cb096b3c87c8ac61a6950bfa3567 (merge of v254.20)
This merge includes the following fix:
8b6ae951d3 udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/ae14c7765524a3c84ce8a65d6a3a4db2be981f69...a3aa27ac6649cb096b3c87c8ac61a6950bfa3567
-------------------------------------------------------------------
Mon Oct 21 12:12:55 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit ae14c7765524a3c84ce8a65d6a3a4db2be981f69 (merge of v254.19)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/87f11f092e2a63f6b9af98871ea716dab54f8b58...ae14c7765524a3c84ce8a65d6a3a4db2be981f69
-------------------------------------------------------------------
Wed Oct 2 14:56:59 UTC 2024 - Franck Bui <fbui@suse.com>
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-------------------------------------------------------------------
Fri Sep 13 14:11:06 UTC 2024 - Franck Bui <fbui@suse.com>
- Add 0001-udev-restore-some-legacy-symlinks-to-maintain-backwa.patch
Given that SLE16 will be based on SLFO, we have no choice but to continue
supporting these compat symlinks. This compatibility code is no longer
maintained in the Git repository though, as we primarily backport upstream
commits these days. Additionally, the compat code rarely changes and often
causes conflicts when merged into recent versions of systemd.
-------------------------------------------------------------------
Wed Sep 11 11:59:27 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 87f11f092e2a63f6b9af98871ea716dab54f8b58 (merge of v254.18)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/0512d0d1fc0b54a84964281708036a46ab39c153...87f11f092e2a63f6b9af98871ea716dab54f8b58
-------------------------------------------------------------------
Thu Aug 29 15:38:50 UTC 2024 - Franck Bui <fbui@suse.com>
- Add 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch (bsc#1229518)
-------------------------------------------------------------------
Thu Aug 29 12:37:22 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 0512d0d1fc0b54a84964281708036a46ab39c153
0512d0d1fc cgroup: Rename effective limits internal table (jsc#PED-5659)
765846b70b cgroup: Restrict effective limits with global resource provision (jsc#PED-5659)
e29909088b test: Add effective cgroup limits testing (jsc#PED-5659)
beacac6df0 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659)
e3b789e512 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659)
5aa063ae16 bus-print-properties: prettify more unset properties
a53122c9bd bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current, Peak}
8418791441 cgroup: rename TasksMax structure to CGroupTasksMax
- Drop 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
5005-bus-print-properties-prettify-more-unset-properties.patch
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
5008-test-Add-effective-cgroup-limits-testing.patch
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
5010-cgroup-Rename-effective-limits-internal-table.patch
These patches have been merged in the SUSE/254 branch.
-------------------------------------------------------------------
Tue Aug 27 08:08:10 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
-------------------------------------------------------------------
Wed Aug 21 08:39:51 UTC 2024 - Franck Bui <fbui@suse.com>
- Make the 32bit version of libudev.so available again (bsc#1228223)
The symlink for building 32bit applications was mistakenly dropped when the
content of libudev-devel was merged into systemd-devel.
Provide the 32bit flavor of systemd-devel again, which should restore the plug
and play support in Wine for 32bit windows applications.
-------------------------------------------------------------------
Mon Aug 19 16:18:23 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 5aa182660dff86fe9d5cba61b0c6542bb2f2db23 (merge of v254.17)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/981815f400481fc28508e4de7395e8c1632f3c60...5aa182660dff86fe9d5cba61b0c6542bb2f2db23
-------------------------------------------------------------------
Mon Aug 19 12:33:31 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 981815f400481fc28508e4de7395e8c1632f3c60 (merge of v254.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f...981815f400481fc28508e4de7395e8c1632f3c60
-------------------------------------------------------------------
Mon Jul 22 12:29:11 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
-------------------------------------------------------------------
Wed Jul 17 08:21:21 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f (merge of v254.15)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b...8acd7e2a9524d0a8db7976b4e1f10d6f0bd0441f
-------------------------------------------------------------------
Thu Jul 11 17:48:32 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b (merge of v254.14)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e87183896e2dbb0b2a78709c9ae0e37911b7fbcd...10392b9b7c013cbc6c3dc70d8c623e22b0a7c78b
-------------------------------------------------------------------
Thu Jul 11 17:45:27 UTC 2024 - Franck Bui <fbui@suse.com>
- testsuite: move a misplaced %endif
-------------------------------------------------------------------
Thu Jul 11 15:50:51 UTC 2024 - Franck Bui <fbui@suse.com>
- Don't automatically clean unmodified config files up (bsc#1226415)
Relying on the presence of .rpmsave for detecting unmodified main config files
couldn't work as it created a time window in which some of the systemd
services were restarted with no config file. That had the bad side effect to
restart them with the upstream defaults, ignoring any user's customization.
-------------------------------------------------------------------
Thu Jul 11 14:07:44 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit e87183896e2dbb0b2a78709c9ae0e37911b7fbcd (merge of v254.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/952e82f83554e8f49b2246799dddc38257a0893a...e87183896e2dbb0b2a78709c9ae0e37911b7fbcd
-------------------------------------------------------------------
Thu Jul 11 12:56:31 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 952e82f83554e8f49b2246799dddc38257a0893a
d317008225 gpt-auto-generator: be more defensive when checking the presence of ESP in fstab
fed117d448 journalctl: explicitly check < 0 for error
41d9e82099 journalctl: make --until work again with --after-cursor and --lines (bsc#1221906)
-------------------------------------------------------------------
Thu Jul 11 10:40:35 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 67a66ebcb994882ebfe0e9de3765628969e50067 (merge of v254.10)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/31f1148f75a1155d3eb37fd1a450096d669ec65b...67a66ebcb994882ebfe0e9de3765628969e50067
-------------------------------------------------------------------
Thu Jul 11 10:17:37 UTC 2024 - Franck Bui <fbui@suse.com>
- Make sure systemd-sysvcompat replaces systemd-sysvinit on upgrades (bsc#1218110)
-------------------------------------------------------------------
Thu Feb 22 09:47:41 UTC 2024 - Franck Bui <fbui@suse.com>
@@ -1062,6 +1466,7 @@ Mon Nov 14 11:15:06 UTC 2022 - Franck Bui <fbui@suse.com>
- upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723)
- upstream commit 9102c625a673a3246d7e73d8737f3494446bad4e (bsc#1204968 CVE-2022-3821)
- upstream commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2 (bsc#1213873)
- upstream commit f562abe2963bad241d34e0b308e48cf114672c84 (bsc#1226414)
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch

106
systemd.spec
View File

@@ -18,14 +18,14 @@
%global flavor @BUILD_FLAVOR@%{nil}
%define archive_version +suse.30.g31f1148f75
%define archive_version +suse.93.g247091bc99
%if 0%{?version_override}
%define systemd_major %version_override
%define systemd_minor %{nil}
%else
%define systemd_major 254
%define systemd_minor 9
%define systemd_minor 27
%endif
%define systemd_version %{systemd_major}%{?systemd_minor:.%{systemd_minor}}
@@ -76,20 +76,6 @@
%bcond_without filetriggers
%bcond_with split_usr
# We stopped shipping main config files in /etc but we have to restore any
# config files that might have been backed up by rpm during the migration of the
# main config files from /etc to /usr. This needs to be done in %%posttrans
# because the .rpmsave files are created when the *old* package version is
# removed. This is not needed by ALP and will be dropped from Factory near the
# end of 2024.
%define restore_rpmsave() \
if [ -e %{_sysconfdir}/%{1}.rpmsave ] && [ ! -e %{_sysconfdir}/%{1} ]; then \
echo >&2 "Restoring %{_sysconfdir}/%1. Please consider moving your customizations in a drop-in instead." \
echo >&2 "For more details, visit https://en.opensuse.org/Systemd#Configuration." \
mv -v %{_sysconfdir}/%{1}.rpmsave %{_sysconfdir}/%{1} || : \
fi \
%{nil}
Name: systemd%{?mini}
URL: http://www.freedesktop.org/wiki/Software/systemd
# Allow users to specify the version and release when building the rpm by
@@ -180,13 +166,11 @@ Obsoletes: nss-myhostname < %{version}-%{release}
Provides: nss-myhostname = %{version}-%{release}
Provides: systemd-logger = %{version}-%{release}
Obsoletes: systemd-logger < %{version}-%{release}
Provides: systemd-sysvinit = %{version}-%{release}
Obsoletes: systemd-sysvinit < %{version}-%{release}
Provides: systemd-analyze = %{version}-%{release}
Obsoletes: pm-utils <= 1.4.1
Obsoletes: suspend <= 1.0
Obsoletes: systemd-analyze < 201
Source0: systemd-v%{version}%{archive_version}.tar.xz
Source0: systemd-%{version}%{archive_version}.tar.xz
Source1: systemd-rpmlintrc
Source2: systemd-user
Source3: systemd-update-helper
@@ -224,14 +208,21 @@ Source212: files.portable
# only relevant for SUSE distros. Special rewards for those who will manage to
# get rid of one of them !
#
Patch2: 0003-Drop-support-for-efivar-SystemdOptions.patch
Patch3: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
%if %{with sysvcompat}
Patch4: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Patch5: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
%endif
Patch6: 0004-core-create-the-credential-directory-even-if-it-s-em.patch
# Patches listed below are SLE specific.
Patch1000: 0001-udev-restore-some-legacy-symlinks-to-maintain-backwa.patch
Patch1001: 1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch
Patch1002: 1002-udev-persistent-net-rule-generator-support.patch
Patch1003: 1003-journal-again-create-user-journals-for-users-with-hi.patch
%if %{without upstream}
# Patches listed below are put in quarantine. Normally all changes must go to
# upstream first and then are cherry-picked in the SUSE git repository. But for
# very few cases, some stuff might be broken in upstream and need to be fixed or
@@ -239,17 +230,8 @@ Patch5: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
# will be removed as soon as a proper fix will be merged by upstream.
Patch5001: 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch
Patch5002: 5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
# jsc#PED-5659
Patch5003: 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
Patch5004: 5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
Patch5005: 5005-bus-print-properties-prettify-more-unset-properties.patch
Patch5006: 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
Patch5007: 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
Patch5008: 5008-test-Add-effective-cgroup-limits-testing.patch
Patch5009: 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
Patch5010: 5010-cgroup-Rename-effective-limits-internal-table.patch
%endif
Patch5003: 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
@@ -285,8 +267,8 @@ developing and building applications linking to these libraries.
Summary: SySV and LSB init script support for systemd (deprecated)
License: LGPL-2.1-or-later
Requires: %{name} = %{version}-%{release}
Provides: systemd-sysvinit:%{_sbindir}/runlevel
Provides: systemd-sysvinit:%{_sbindir}/telinit
Provides: systemd-sysvinit = %{version}-%{release}
Obsoletes: systemd-sysvinit < %{version}-%{release}
%description sysvcompat
This package ships the necessary files that enable minimal SysV and LSB init
@@ -499,7 +481,7 @@ License: LGPL-2.1-or-later
Requires: %{name} = %{version}-%{release}
%systemd_requires
# This Recommends because some symbols of libidn2 are dlopen()ed by resolved
Recommends: pkgconfig(libidn2)
Recommends: libidn2
BuildRequires: pkgconfig(libidn2)
BuildRequires: pkgconfig(openssl)
Obsoletes: nss-resolve < %{version}-%{release}
@@ -616,6 +598,7 @@ Recommends: tpm2.0-tools
%if %{with resolved}
# Optional dep for knot needed by TEST-75-RESOLVED
Recommends: knot
%endif
%if %{with selinux}
# Optional deps needed by TEST-06-SELINUX (otherwise skipped)
Recommends: selinux-policy-devel
@@ -626,7 +609,6 @@ Recommends: selinux-policy-targeted
# image, see install_missing_libraries() for details.
Requires: libidn2
Requires: pkgconfig(libidn2)
%endif
%if %{with experimental}
Requires: libpwquality1
Requires: libqrencode4
@@ -740,7 +722,7 @@ The HTML documentation for systemd.
%endif
%prep
%autosetup -p1 -n systemd-v%{version}%{archive_version}
%autosetup -p1 -n systemd-%{version}%{archive_version}
%build
# Disable _FORTIFY_SOURCE=3 as it get confused by the use of
@@ -767,6 +749,8 @@ export CFLAGS="%{optflags} -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
-Dutmp=false \
-Ddefault-hierarchy=unified \
-Ddefault-kill-user-processes=false \
-Dextra-net-naming-schemes=sle15-sp3=v238+bridge_no_slot,sle15-sp4=sle15-sp3+slot_function_id+16bit_index \
-Ddefault-net-naming-scheme=sle15-sp4 \
-Dpamconfdir=no \
-Dpamlibdir=%{_pam_moduledir} \
-Dxinitrcdir=%{xinitconfdir}/xinitrc.d \
@@ -1061,9 +1045,9 @@ rm -f %{buildroot}%{_journalcatalogdir}/*
rm -fr %{buildroot}%{_docdir}/systemd
%endif
# Don't drop %%pre section even if it becomes empty: the build process of
# installation images uses a hardcoded list of packages with a %%pre that needs
# to be run during the build and complains if it can't find one.
# Don't drop the 'pre' section even if it becomes empty: the build process of
# installation images uses a hardcoded list of packages with a 'pre' section
# that needs to be run during the build and complains if it can't find one.
%pre
# We don't really need to enable these units explicitely since during
# installation `systemctl preset-all` is executed at the end of the install
@@ -1110,7 +1094,8 @@ systemd-tmpfiles --create || :
journalctl --update-catalog || :
%endif
# See the comment in %%pre about why we need to call %%systemd_pre.
# See the comment in the 'pre' section about why we need to call 'systemd_pre'
# macro.
%systemd_post remote-fs.target
%systemd_post getty@.service
%systemd_post systemd-journald-audit.socket
@@ -1128,12 +1113,6 @@ journalctl --update-catalog || :
%systemd_postun_with_restart systemd-timedated.service
%systemd_postun_with_restart systemd-userdbd.service
%posttrans
%restore_rpmsave systemd/journald.conf
%restore_rpmsave systemd/logind.conf
%restore_rpmsave systemd/system.conf
%restore_rpmsave systemd/user.conf
%pre -n udev%{?mini}
# Units listed below can be enabled at installation accoding to their preset
# setting.
@@ -1167,31 +1146,13 @@ fi
%postun -n udev%{?mini}
%regenerate_initrd_post
# The order of the units being restarted is important here because there's
# currently no way to queue multiple jobs into a single transaction
# atomically. Therefore systemctl will create 3 restart jobs that can be handled
# by PID1 separately and if the jobs for the sockets are being handled first
# then starting them again will fail as the service is still active hence the
# sockets held by udevd. However if the restart job for udevd is handled first,
# there should be enough time to queue the socket jobs before the stop job for
# udevd is processed. Hence PID1 will automatically sort the restart jobs
# correctly by stopping the service then the sockets and then by starting the
# sockets and the unit.
#
# Note that when systemd-udevd is restarted, there will always be a short time
# frame where no socket will be listening to the events sent by the kernel, no
# matter if the socket unit is restarted in first or not.
%systemd_postun_with_restart systemd-udevd.service systemd-udevd-{control,kernel}.socket
# Restarting udev socket units along with udevd is not safe (bsc#1228809).
%systemd_postun_with_restart systemd-udevd.service
%systemd_postun_with_restart systemd-timesyncd.service
%systemd_postun systemd-pstore.service
%posttrans -n udev%{?mini}
%regenerate_initrd_posttrans
%restore_rpmsave systemd/pstore.conf
%restore_rpmsave systemd/sleep.conf
%restore_rpmsave systemd/timesyncd.conf
%restore_rpmsave udev/iocost.conf
%ldconfig_scriptlets -n libsystemd0%{?mini}
%ldconfig_scriptlets -n libudev%{?mini}1
@@ -1252,10 +1213,6 @@ fi
%systemd_postun_with_restart systemd-journal-gatewayd.service
%systemd_postun_with_restart systemd-journal-remote.service
%systemd_postun_with_restart systemd-journal-upload.service
%posttrans journal-remote
%restore_rpmsave systemd/journal-remote.conf
%restore_rpmsave systemd/journal-upload.conf
%endif
%if %{with networkd} || %{with resolved}
@@ -1304,10 +1261,6 @@ fi
%ldconfig
%systemd_postun systemd-resolved.service
%endif
%posttrans network
%restore_rpmsave systemd/networkd.conf
%restore_rpmsave systemd/resolved.conf
%endif
%if %{with homed}
@@ -1349,26 +1302,19 @@ fi
%if %{with experimental}
%pre experimental
%systemd_pre systemd-homed.service
%systemd_pre systemd-oomd.service systemd-oomd.socket
%post experimental
%if %{without filetriggers}
%sysusers_create systemd-oom.conf
%endif
%systemd_post systemd-homed.service
%systemd_post systemd-oomd.service systemd-oomd.socket
%preun experimental
%systemd_preun systemd-homed.service
%systemd_preun systemd-oomd.service systemd-oomd.socket
%postun experimental
%systemd_postun systemd-homed.service
%systemd_postun systemd-oomd.service systemd-oomd.socket
%posttrans experimental
%restore_rpmsave systemd/oomd.conf
%endif
# File trigger definitions

15
triggers.systemd
View File

@@ -72,7 +72,7 @@ end
-- This script will process files installed in /usr/lib/sysusers.d to create
-- specified users automatically. The priority is set such that it
-- will run before the tmpfiles file trigger.
-- Note: /run is never mounted during transactional updates.
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-sysusers"))
end
@@ -81,13 +81,19 @@ end
%transfiletriggerin -P 1000700 -n udev -p <lua> -- /usr/lib/udev/hwdb.d
-- This script will automatically invoke hwdb update if files have been
-- installed or updated in /usr/lib/udev/hwdb.d.
assert(rpm.execute("systemd-hwdb", "update"))
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-hwdb", "update"))
end
%endif
%transfiletriggerin -P 1000700 -p <lua> -- /usr/lib/systemd/catalog
-- This script will automatically invoke journal catalog update if files
-- have been installed or updated in /usr/lib/systemd/catalog.
assert(rpm.execute("journalctl", "--update-catalog"))
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("journalctl", "--update-catalog"))
end
%transfiletriggerin -P 1000700 -p <lua> -- /usr/lib/binfmt.d
-- This script will automatically apply binfmt rules if files have been
@@ -105,7 +111,7 @@ end
-- This script will process files installed in /usr/lib/tmpfiles.d to create
-- tmpfiles automatically. The priority is set such that it will run
-- after the sysusers file trigger, but before any other triggers.
-- Note: /run is never mounted during transactional updates.
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-tmpfiles", "--create"))
end
@@ -122,6 +128,7 @@ end
%transfiletriggerin -P 1000500 -p <lua> -- /usr/lib/sysctl.d
-- This script will automatically apply sysctl rules if files have been
-- installed or updated in /usr/lib/sysctl.d.
-- Note: this should be skipped if executed in a chroot environment.
if posix.access("/run/systemd/system") then
pid = posix.fork()
if pid == 0 then