SLFO-pool/systemd
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

3 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
fcc344749b Sync from SUSE:SLFO:1.1 systemd revision c87bb4a4162340f7e327a1d31b274578 2025-08-16 13:34:42 +02:00
Adrian Schröter
f5b80c41e6 Sync from SUSE:SLFO:1.1 systemd revision 5305178056ce5bd53350d998b50b35ef 2025-06-12 09:09:27 +02:00
Adrian Schröter
c1f6734b40 Sync from SUSE:SLFO:1.1 systemd revision c8b866fd6a6ebc919c71642fb83538f1 2025-05-09 08:30:17 +02:00
11 changed files with 833 additions and 656 deletions
Expand all files Collapse all files

63
1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch Normal file
View File

@@ -0,0 +1,63 @@
From f3bb23ff2b16a79a9cd6768bf4dc9d2187d8a546 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Mon, 10 Oct 2022 16:31:39 +0200
Subject: [PATCH] man: describe the net naming schemes specific to SLE
Fixes: bsc#1204179
---
man/systemd.net-naming-scheme.xml | 39 +++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a8e23b1862..d8d6ded91b 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -483,6 +483,45 @@
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd).</para>
+
+ <title>SLE History</title>
+
+ <para>Additionally, the following "naming schemes" have also been defined on SLE products:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><constant>sle15-sp3</constant></term>
+
+ <listitem><para>This naming scheme is available since <varname>SLE15-SP3</varname> and is based on
+ the <constant>v238</constant> naming scheme described previously but also includes the following
+ changes.</para>
+
+ <para>When a PCI slot is associated with a PCI bridge that has multiple child network
+ controllers, the same value of the <varname>ID_NET_NAME_SLOT</varname> property might be derived
+ for those controllers. This would cause a naming conflict if the property is selected as the device
+ name. Now, we detect this situation and don't produce the <varname>ID_NET_NAME_SLOT</varname>
+ property.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>sle15-sp4</constant></term>
+
+ <listitem><para>Available since <varname>SLE15-SP4</varname> and is based on the
+ <constant>sle15-sp3</constant> naming scheme described previously but also includes the following
+ change.</para>
+
+ <para>PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation
+ of the <filename>function_id</filename> device attribute. This attribute is now used to build the
+ <varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
+ numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
+ property or none at all.</para>
+
+ <para>Some firmware and hypervisor implementations report unreasonable high numbers for the onboard
+ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381
+ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account
+ for that, the limit is increased to now 65535.</para></listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
--
2.43.0

545
1002-udev-persistent-net-rule-generator-support.patch Normal file
View File

@@ -0,0 +1,545 @@
From fa711abefe2d5f0a63895591044064908465f7af Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 18 Sep 2020 13:25:44 +0200
Subject: [PATCH 1002/1002] udev: persistent net rule generator support
This patch reintroduces the ability to rename a NIC even if the new name is
currently in use by another NIC. In such cases, udev waits until the new name
becomes available, while the previously named NIC is renamed in turn.
Additionally, this reintroduces the persistent net rule generator, ensuring
that names of new added NICs don't conflict with existing one and remain
persistent across reboots.
This patch is not required on systems where the predictable naming scheme is
enabled by default, as default NIC names can not conflict with each other.
To facilitate the migration of Micro-based systems to future versions, the
persistent net rule generator is enabled only when predictable network
interface names are explicitly disabled via the kernel command line option
net.ifnames=0.
[fbui: fixes bsc#1241190]
---
man/systemd-udevd.service.xml | 2 +-
rules.d/75-persistent-net-generator.rules | 125 ++++++++++++++
rules.d/meson.build | 1 +
src/libsystemd/sd-netlink/netlink-util.c | 43 ++++-
src/udev/meson.build | 4 +
.../rule_generator/rule_generator.functions | 113 +++++++++++++
src/udev/rule_generator/write_net_rules | 153 ++++++++++++++++++
7 files changed, 439 insertions(+), 2 deletions(-)
create mode 100644 rules.d/75-persistent-net-generator.rules
create mode 100644 src/udev/rule_generator/rule_generator.functions
create mode 100755 src/udev/rule_generator/write_net_rules
diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml
index 3107fb7ce9..7edfda0869 100644
--- a/man/systemd-udevd.service.xml
+++ b/man/systemd-udevd.service.xml
@@ -204,7 +204,7 @@
<term><varname>net.ifnames=</varname></term>
<listitem>
<para>Network interfaces are renamed to give them predictable names
- when possible. It is enabled by default; specifying 0 disables it.</para>
+ when possible. It is disabled by default; specifying 1 enables it.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/rules.d/75-persistent-net-generator.rules b/rules.d/75-persistent-net-generator.rules
new file mode 100644
index 0000000000..e231263349
--- /dev/null
+++ b/rules.d/75-persistent-net-generator.rules
@@ -0,0 +1,125 @@
+# do not edit this file, it will be overwritten on update
+
+# these rules generate rules for persistent network device naming
+#
+# variables used to communicate:
+# MATCHADDR MAC address used for the match
+# MATCHID bus_id used for the match
+# MATCHDRV driver name used for the match
+# MATCHIFTYPE interface type match
+# COMMENT comment to add to the generated rule
+# INTERFACE_NAME requested name supplied by external tool
+# INTERFACE_NEW new interface name returned by rule writer
+
+ACTION!="add", GOTO="persistent_net_generator_end"
+SUBSYSTEM!="net", GOTO="persistent_net_generator_end"
+
+# ignore the interface if a name has already been set
+NAME=="?*", GOTO="persistent_net_generator_end"
+
+# device name whitelist
+KERNEL!="eth*|ath*|wlan*[0-9]|msh*|ra*|sta*|ctc*|lcs*|hsi*", GOTO="persistent_net_generator_end"
+
+IMPORT{cmdline}="net.ifnames"
+ENV{net.ifnames}!="0", GOTO="persistent_net_generator_end"
+
+# read MAC address
+ENV{MATCHADDR}="$attr{address}"
+
+# match interface type
+ENV{MATCHIFTYPE}="$attr{type}"
+
+# detect virtualization (none is set if we are not a guest)
+ENV{ID_VIRT}="none", PROGRAM=="/usr/bin/systemd-detect-virt", RESULT=="?*", ENV{ID_VIRT}="$result"
+
+# KVM virtual interfaces, not to be confused with Realtek interfaces
+ENV{MATCHADDR}=="52:54:00:*", ENV{ID_VIRT}=="kvm", ENV{MATCHADDR}=""
+
+# ignore VMWare virtual interfaces
+ENV{MATCHADDR}=="00:0c:29:*|00:50:56:*", GOTO="persistent_net_generator_end"
+# ignore Hyper-V virtual interfaces
+ENV{MATCHADDR}=="00:15:5d:*", GOTO="persistent_net_generator_end"
+
+# These vendors are known to violate the local MAC address assignment scheme
+# Interlan, DEC (UNIBUS or QBUS), Apollo, Cisco, Racal-Datacom
+ENV{MATCHADDR}=="02:07:01:*", GOTO="globally_administered_whitelist"
+# 3Com
+ENV{MATCHADDR}=="02:60:60:*", GOTO="globally_administered_whitelist"
+# 3Com IBM PC; Imagen; Valid; Cisco; Apple
+ENV{MATCHADDR}=="02:60:8c:*", GOTO="globally_administered_whitelist"
+# Intel
+ENV{MATCHADDR}=="02:a0:c9:*", GOTO="globally_administered_whitelist"
+# Olivetti
+ENV{MATCHADDR}=="02:aa:3c:*", GOTO="globally_administered_whitelist"
+# CMC Masscomp; Silicon Graphics; Prime EXL
+ENV{MATCHADDR}=="02:cf:1f:*", GOTO="globally_administered_whitelist"
+# Prominet Corporation Gigabit Ethernet Switch
+ENV{MATCHADDR}=="02:e0:3b:*", GOTO="globally_administered_whitelist"
+# BTI (Bus-Tech, Inc.) IBM Mainframes
+ENV{MATCHADDR}=="02:e6:d3:*", GOTO="globally_administered_whitelist"
+# Realtek
+ENV{MATCHADDR}=="52:54:00:*", GOTO="globally_administered_whitelist"
+# Novell 2000
+ENV{MATCHADDR}=="52:54:4c:*", GOTO="globally_administered_whitelist"
+# Realtec
+ENV{MATCHADDR}=="52:54:ab:*", GOTO="globally_administered_whitelist"
+# Kingston Technologies
+ENV{MATCHADDR}=="e2:0c:0f:*", GOTO="globally_administered_whitelist"
+# Xensource
+ENV{MATCHADDR}=="00:16:3e:*", GOTO="globally_administered_whitelist"
+
+# ibmveth/ibmvnic like to use "locally administered" MAC addresses
+DRIVERS=="ibmveth", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+DRIVERS=="ibmvnic", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+
+# mlx4 on s390 uses to be a Mellanox SR-IOV function for an S/390 LPAR
+# where the physical function is controlled by the LPAR hypervisor
+# (unlike x86_64 KVM guest, where the physical function is controlled
+# by the linux host OS). In this case all virtual SR-IOV virtual
+# functions will have a "locally administered" MAC address and will
+# share the same bus (PCI) id (0000:00:00.0) unlike on on x86_64 where
+# the MAC addresses are random.
+DRIVERS=="mlx4_core", KERNELS=="0000:00:00.0", ENV{MATCHADDR}="$attr{address}", GOTO="globally_administered_whitelist"
+
+# match interface dev_id
+# HACK: for s390x qeth devices, if layer2 == 0, dont use dev_id
+ENV{LAYER2}="1", TEST=="device/layer2", ENV{LAYER2}="$attr{device/layer2}"
+ENV{LAYER2}!="0", ATTR{dev_id}=="?*", ENV{MATCHDEVID}="$attr{dev_id}"
+
+# do not use "locally administered" MAC address
+ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}=""
+
+# if mac is "locally administered", then use $id (KERNELS) and $driver (DRIVERS)
+ENV{MATCHADDR}=="", DRIVERS=="?*", SUBSYSTEMS=="pci|ccw", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver"
+
+# do not use empty address
+ENV{MATCHADDR}=="00:00:00:00:00:00", ENV{MATCHADDR}=""
+
+LABEL="globally_administered_whitelist"
+
+# build comment line for generated rule:
+SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device $attr{vendor}:$attr{device} ($driver)"
+SUBSYSTEMS=="ccw", ENV{COMMENT}="S/390 $driver device at $id"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="?*", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct} ($driver)"
+SUBSYSTEMS=="pcmcia", ENV{COMMENT}="PCMCIA device $attr{card_id}:$attr{manf_id} ($driver)"
+SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})"
+DRIVERS=="ibmveth", ENV{COMMENT}="ibmveth ($id)"
+DRIVERS=="ibmvnic", ENV{COMMENT}="ibmvnic ($id)"
+DRIVERS=="mlx4_core", ENV{COMMENT}="mlx4_core ($id)"
+
+# S/390 uses id matches only, do not use MAC address match
+SUBSYSTEMS=="ccwgroup", ENV{COMMENT}="S/390 $driver device at $id", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver", ENV{MATCHADDR}=""
+
+# see if we got enough data to create a rule
+ENV{MATCHADDR}=="", ENV{MATCHID}=="", ENV{INTERFACE_NAME}=="", GOTO="persistent_net_generator_end"
+
+# default comment
+ENV{COMMENT}=="", ENV{COMMENT}="net device ($attr{driver})"
+
+# write rule
+DRIVERS=="?*", IMPORT{program}="write_net_rules"
+
+# rename interface if needed
+ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}"
+
+LABEL="persistent_net_generator_end"
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 20fca222da..736430a5b8 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -25,6 +25,7 @@ rules = [
'70-mouse.rules',
'70-touchpad.rules',
'75-net-description.rules',
+ '75-persistent-net-generator.rules',
'75-probe_mtd.rules',
'78-sound-card.rules',
'80-net-setup-link.rules',
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 81e0d7aa05..56d95f52ab 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -11,7 +11,8 @@
#include "process-util.h"
#include "strv.h"
-static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
+
+static int do_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
int r;
@@ -31,6 +32,46 @@ static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
return sd_netlink_call(*rtnl, message, 0, NULL);
}
+static int do_set_link_name_wait(sd_netlink **rtnl, int ifindex, const char *name) {
+ char tmp[IFNAMSIZ];
+ int r;
+
+ log_debug("ifindex %i: waiting for name %s to be released", ifindex, name);
+
+ /* free our own name, another process may wait for us */
+ snprintf(tmp, IFNAMSIZ, "rename%d", ifindex);
+ r = do_set_link_name(rtnl, ifindex, tmp);
+ if (r < 0)
+ return r;
+
+ log_debug("ifindex %i: while waiting, renamed to %s to release our own name", ifindex, tmp);
+
+ /* wait a maximum of 90 seconds for our target to become available */
+ for(int loop = 90 * 20; loop; loop--) {
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
+
+ nanosleep(&duration, NULL);
+
+ r = do_set_link_name(rtnl, ifindex, name);
+ if (r >= 0)
+ break;
+ if (r != -EEXIST)
+ break;
+ }
+
+ return r;
+}
+
+static int set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
+ int r;
+
+ r = do_set_link_name(rtnl, ifindex, name);
+ if (r >= 0 || r != -EEXIST)
+ return r;
+
+ return do_set_link_name_wait(rtnl, ifindex, name);
+}
+
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name, char* const *alternative_names) {
_cleanup_strv_free_ char **original_altnames = NULL, **new_altnames = NULL;
bool altname_deleted = false;
diff --git a/src/udev/meson.build b/src/udev/meson.build
index de988ac248..4704a4023d 100644
--- a/src/udev/meson.build
+++ b/src/udev/meson.build
@@ -222,3 +222,7 @@ tests += [
'base' : test_libudev_base,
},
]
+
+install_data('rule_generator/rule_generator.functions',
+ 'rule_generator/write_net_rules',
+ install_dir : udevlibexecdir)
diff --git a/src/udev/rule_generator/rule_generator.functions b/src/udev/rule_generator/rule_generator.functions
new file mode 100644
index 0000000000..087bc34ad3
--- /dev/null
+++ b/src/udev/rule_generator/rule_generator.functions
@@ -0,0 +1,113 @@
+# functions used by the udev rule generator
+
+# Copyright (C) 2006 Marco d'Itri <md@Linux.IT>
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+PATH='/usr/bin:/bin:/usr/sbin:/sbin'
+
+# Read a single line from file $1 in the $DEVPATH directory.
+# The function must not return an error even if the file does not exist.
+sysread() {
+ local file="$1"
+ [ -e "/sys$DEVPATH/$file" ] || return 0
+ local value
+ read value < "/sys$DEVPATH/$file" || return 0
+ echo "$value"
+}
+
+sysreadlink() {
+ local file="$1"
+ [ -e "/sys$DEVPATH/$file" ] || return 0
+ readlink -f /sys$DEVPATH/$file 2> /dev/null || true
+}
+
+# Return true if a directory is writeable.
+writeable() {
+ if ln -s test-link $1/.is-writeable 2> /dev/null; then
+ rm -f $1/.is-writeable
+ return 0
+ else
+ return 1
+ fi
+}
+
+# Create a lock file for the current rules file.
+lock_rules_file() {
+ RUNDIR="/run/udev"
+ [ -e "$RUNDIR" ] || return 0
+
+ RULES_LOCK="$RUNDIR/.lock-${RULES_FILE##*/}"
+
+ retry=30
+ while ! mkdir $RULES_LOCK 2> /dev/null; do
+ if [ $retry -eq 0 ]; then
+ echo "Cannot lock $RULES_FILE!" >&2
+ exit 2
+ fi
+ sleep 1
+ retry=$(($retry - 1))
+ done
+}
+
+unlock_rules_file() {
+ [ "$RULES_LOCK" ] || return 0
+ rmdir $RULES_LOCK || true
+}
+
+# Choose the real rules file if it is writeable or a temporary file if not.
+# Both files should be checked later when looking for existing rules.
+choose_rules_file() {
+ RUNDIR="/run/udev"
+ local tmp_rules_file="$RUNDIR/tmp-rules--${RULES_FILE##*/}"
+ [ -e "$RULES_FILE" -o -e "$tmp_rules_file" ] || PRINT_HEADER=1
+
+ if writeable ${RULES_FILE%/*}; then
+ RO_RULES_FILE='/dev/null'
+ else
+ RO_RULES_FILE=$RULES_FILE
+ RULES_FILE=$tmp_rules_file
+ fi
+}
+
+# Return the name of the first free device.
+raw_find_next_available() {
+ local links="$1"
+
+ local basename=${links%%[ 0-9]*}
+ local max=-1
+ for name in $links; do
+ local num=${name#$basename}
+ [ "$num" ] || num=0
+ [ $num -gt $max ] && max=$num
+ done
+
+ local max=$(($max + 1))
+ # "name0" actually is just "name"
+ [ $max -eq 0 ] && return
+ echo "$max"
+}
+
+# Find all rules matching a key (with action) and a pattern.
+find_all_rules() {
+ local key="$1"
+ local linkre="$2"
+ local match="$3"
+
+ local search='.*[[:space:],]'"$key"'"('"$linkre"')".*'
+ echo $(sed -n -r -e 's/^#.*//' -e "${match}s/${search}/\1/p" \
+ $RO_RULES_FILE \
+ $([ -e $RULES_FILE ] && echo $RULES_FILE) \
+ 2>/dev/null)
+}
diff --git a/src/udev/rule_generator/write_net_rules b/src/udev/rule_generator/write_net_rules
new file mode 100755
index 0000000000..27be878af9
--- /dev/null
+++ b/src/udev/rule_generator/write_net_rules
@@ -0,0 +1,153 @@
+#!/bin/sh -e
+
+# This script is run to create persistent network device naming rules
+# based on properties of the device.
+# If the interface needs to be renamed, INTERFACE_NEW=<name> will be printed
+# on stdout to allow udev to IMPORT it.
+
+# variables used to communicate:
+# MATCHADDR MAC address used for the match
+# MATCHID bus_id used for the match
+# MATCHDEVID dev_id used for the match
+# MATCHDRV driver name used for the match
+# MATCHIFTYPE interface type match
+# COMMENT comment to add to the generated rule
+# INTERFACE_NAME requested name supplied by external tool
+# INTERFACE_NEW new interface name returned by rule writer
+
+# Copyright (C) 2006 Marco d'Itri <md@Linux.IT>
+# Copyright (C) 2007 Kay Sievers <kay.sievers@vrfy.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# debug, if UDEV_LOG=<debug>
+if [ -n "$UDEV_LOG" ]; then
+ if [ "$UDEV_LOG" -ge 7 ]; then
+ set -x
+ fi
+fi
+
+RULES_FILE='/etc/udev/rules.d/70-persistent-net.rules'
+
+. /usr/lib/udev/rule_generator.functions
+
+interface_name_taken() {
+ local value="$(find_all_rules 'NAME=' $INTERFACE)"
+ if [ "$value" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+find_next_available() {
+ raw_find_next_available "$(find_all_rules 'NAME=' "$1")"
+}
+
+write_rule() {
+ local match="$1"
+ local name="$2"
+ local comment="$3"
+
+ {
+ if [ "$PRINT_HEADER" ]; then
+ PRINT_HEADER=
+ echo "# This file was automatically generated by the $0"
+ echo "# program, run by the persistent-net-generator.rules rules file."
+ echo "#"
+ echo "# You can modify it, as long as you keep each rule on a single"
+ echo "# line, and change only the value of the NAME= key."
+ fi
+
+ echo ""
+ [ "$comment" ] && echo "# $comment"
+ echo "SUBSYSTEM==\"net\", ACTION==\"add\"$match, NAME=\"$name\""
+ } >> $RULES_FILE
+}
+
+if [ -z "$INTERFACE" ]; then
+ echo "missing \$INTERFACE" >&2
+ exit 1
+fi
+
+# Prevent concurrent processes from modifying the file at the same time.
+lock_rules_file
+
+# Check if the rules file is writeable.
+choose_rules_file
+
+# the DRIVERS key is needed to not match bridges and VLAN sub-interfaces
+if [ "$MATCHADDR" ]; then
+ # Check if MACADDR doesn't exist already in the generated rules
+ MAC="$(/usr/bin/grep -w -o -C1 -m1 "$MATCHADDR" "$RULES_FILE" 2>/dev/null || true)"
+ if [ "$MAC" = "$MATCHADDR" ]; then
+ unlock_rules_file
+ exit 0
+ fi
+ match="$match, DRIVERS==\"?*\", ATTR{address}==\"$MATCHADDR\""
+fi
+
+if [ "$MATCHDRV" ]; then
+ match="$match, DRIVERS==\"$MATCHDRV\""
+fi
+
+if [ "$MATCHDEVID" ]; then
+ match="$match, ATTR{dev_id}==\"$MATCHDEVID\""
+fi
+
+if [ "$MATCHID" ]; then
+ # Check if KERNEL doesn't exist already in the generated rules
+ KERNEL="$(find_all_rules 'KERNELS==' "$MATCHID")"
+ if [ "$KERNEL" = "$MATCHID" ]; then
+ unlock_rules_file
+ exit 0
+ fi
+ match="$match, KERNELS==\"$MATCHID\""
+fi
+
+if [ "$MATCHIFTYPE" ]; then
+ match="$match, ATTR{type}==\"$MATCHIFTYPE\""
+fi
+
+if [ -z "$match" ]; then
+ echo "missing valid match" >&2
+ unlock_rules_file
+ exit 1
+fi
+
+basename=${INTERFACE%%[0-9]*}
+match="$match, KERNEL==\"$basename*\""
+
+if [ "$INTERFACE_NAME" ]; then
+ # external tools may request a custom name
+ COMMENT="$COMMENT (custom name provided by external tool)"
+ if [ "$INTERFACE_NAME" != "$INTERFACE" ]; then
+ INTERFACE=$INTERFACE_NAME;
+ echo "INTERFACE_NEW=$INTERFACE"
+ fi
+else
+ # if a rule using the current name already exists, find a new name
+ if interface_name_taken; then
+ INTERFACE="$basename$(find_next_available "$basename[0-9]*")"
+ # prevent INTERFACE from being "eth" instead of "eth0"
+ [ "$INTERFACE" = "${INTERFACE%%[ \[\]0-9]*}" ] && INTERFACE=${INTERFACE}0
+ echo "INTERFACE_NEW=$INTERFACE"
+ fi
+fi
+
+write_rule "$match" "$INTERFACE" "$COMMENT"
+
+unlock_rules_file
+
+exit 0
--
2.43.0

67
1003-journal-again-create-user-journals-for-users-with-hi.patch Normal file
View File

@@ -0,0 +1,67 @@
From 302e2fccdee655f135461df3426278a21d336d85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH 1022/1022] journal: again create user journals for users with
high uids
This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
in an additional check of uid_is_container(uid). The problem is that that change
is not backwards-compatible at all and very hard for users to handle.
There is no common agreement on mappings of high-range uids. Systemd declares
ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
but this is only a recent change and various sites allocated those ranges
in a different way, in particular FreeIPA uses (used?) uids from this range
for human users. On big sites with lots of users changing uids is obviously a
hard problem. We generally assume that uids cannot be "freed" and/or changed
and/or reused safely, so we shouldn't demand the same from others.
This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
huge problems for existing systems with were created with a different
definition and couldn't be easily updated. For that case, we added a
configuration time switch and we now parse /etc/login.defs to actually use the
value that is appropriate for the local system.
Unfortunately, login.defs doesn't have a concept of container allocation ranges
(and we don't have code to parse and use those nonexistent names either), so we
can't tell users to adjust logind.defs to work around the changed definition.
login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
because they are used to define where the add allocations for subuids, which is
generally a much smaller range. Maybe we should talk with other folks about
the appropriate allocation ranges and define some new settings in login.defs.
But this would require discussion and coordination with other projects first.
Actualy, it seems that this change was needed at all. The code in the container
does not log to the outside journal. It talks to its own journald, which does
journal splitting using its internal logic based on shifted uids. So let's
revert the change to fix user systems.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
Upstream PR: https://github.com/systemd/systemd/pull/30846
rhel-only: bugfix
Resolves: RHEL-70103
[fbui: fixes bsc#1242938]
---
src/basic/uid-alloc-range.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
index 669cb6d56f..7b724b7959 100644
--- a/src/basic/uid-alloc-range.c
+++ b/src/basic/uid-alloc-range.c
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
/* Returns true if the specified UID shall get its data stored in the system journal. */
- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
+ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
}
--
2.43.0

432
5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch
View File

@@ -1,432 +0,0 @@
From 6e10bdf37ad6b318de9a37416a3a80656d407006 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 8 Dec 2023 12:33:06 +0100
Subject: [PATCH 5004/5004] udev: allow/denylist for reading sysfs attributes
when composing a NIC name
Users can currently pick specific versions of NIC naming, but that
does not guarantee that NIC names won't change after the kernel adds
a new sysfs attribute.
This patch allows for an allow/deny list of sysfs attributes
that could be used when composing the name.
These lists can be supplied as an hwdb entry in the form of
/etc/udev/hwdb.d/50-net-naming-allowlist.hwdb
net:naming:drvirtio_net
ID_NET_NAME_ALLOW=0
ID_NET_NAME_ALLOW_ACPI_INDEX=1
ID_NET_NAME_ALLOW_ADDR_ASSIGN_TYPE=1
ID_NET_NAME_ALLOW_ADDRESS=1
ID_NET_NAME_ALLOW_ARI_ENABLED=1
ID_NET_NAME_ALLOW_DEV_PORT=1
ID_NET_NAME_ALLOW_FUNCTION_ID=1
ID_NET_NAME_ALLOW_IFLINK=1
ID_NET_NAME_ALLOW_INDEX=1
ID_NET_NAME_ALLOW_LABEL=1
ID_NET_NAME_ALLOW_PHYS_PORT_NAME=1
ID_NET_NAME_ALLOW_TYPE=1
(cherry picked from commit 3b2e7dc5a285edbbb1bf6aed2d88b889d801613f)
[fbui: adjust context]
[fbui: fixes bsc#1234015]
---
man/systemd.net-naming-scheme.xml | 69 ++++++++++++++++++++++++++
rules.d/75-net-description.rules | 2 +
src/shared/netif-naming-scheme.c | 81 +++++++++++++++++++++++++++++++
src/shared/netif-naming-scheme.h | 7 +++
src/udev/udev-builtin-net_id.c | 38 +++++++--------
5 files changed, 178 insertions(+), 19 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index 3d997535d4..a8e23b1862 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -485,6 +485,45 @@
particular version of systemd).</para>
</refsect1>
+ <refsect1>
+ <title>Limiting the use of specific sysfs attributes</title>
+
+ <para>When creating names for network cards, some naming schemes use data from sysfs populated
+ by the kernel. This means that although a specific naming scheme in udev is picked,
+ the network card's name can still change when a new kernel version adds a new sysfs attribute.
+ For example if kernel starts setting the <constant>phys_port_name</constant>, udev will append the
+ "<constant>n</constant><replaceable>phys_port_name</replaceable>" suffix to the device name.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><varname>ID_NET_NAME_ALLOW=<replaceable>BOOL</replaceable></varname></term>
+
+ <listitem><para>This evironment value sets a fallback policy for reading a sysfs attribute.
+ If set to <constant>0</constant> udev will not read any sysfs attribute by default, unless it is
+ explicitly allowlisted, see below. If set to <constant>1</constant> udev can use any sysfs attribute
+ unless it is explicitly forbidden. The default value is <constant>1</constant>.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ID_NET_NAME_ALLOW_<replaceable>sysfsattr</replaceable>=<replaceable>BOOL</replaceable></varname></term>
+
+ <listitem><para>This evironment value explicitly states if udev shall use the specified
+ <replaceable>sysfsattr</replaceable>, when composing the device name.</para>
+
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>With these options, users can set an allowlist or denylist for sysfs attributes. To create
+ an allowlist, the user needs to set <varname>ID_NET_NAME_ALLOW=0</varname> for the device and then list
+ the allowed attributes with the
+ <varname>ID_NET_NAME_ALLOW_<replaceable>sysfsattr</replaceable>=1</varname>
+ options. In case of a denylist, the user needs to provide the list of denied attributes with
+ the <varname>ID_NET_NAME_ALLOW_<replaceable>sysfsattr</replaceable>=0</varname> options.</para>
+ </refsect1>
+
<refsect1>
<title>Examples</title>
@@ -571,6 +610,36 @@ ID_NET_NAME_PATH=enp0s29u1u2</programlisting>
ID_NET_NAME_MAC=enx026d3c00000a
ID_NET_NAME_PATH=encf5f0</programlisting>
</example>
+
+ <example>
+ <title>Set an allowlist for reading sysfs attributes for network card naming</title>
+
+ <programlisting><filename>/etc/udev/hwdb.d/50-net-naming-allowlist.hwdb</filename>
+net:naming:drvirtio_net:*
+ ID_NET_NAME_ALLOW=0
+ ID_NET_NAME_ALLOW_ACPI_INDEX=1
+ ID_NET_NAME_ALLOW_ADDR_ASSIGN_TYPE=1
+ ID_NET_NAME_ALLOW_ADDRESS=1
+ ID_NET_NAME_ALLOW_ARI_ENABLED=1
+ ID_NET_NAME_ALLOW_DEV_PORT=1
+ ID_NET_NAME_ALLOW_FUNCTION_ID=1
+ ID_NET_NAME_ALLOW_IFLINK=1
+ ID_NET_NAME_ALLOW_INDEX=1
+ ID_NET_NAME_ALLOW_LABEL=1
+ ID_NET_NAME_ALLOW_PHYS_PORT_NAME=1
+ ID_NET_NAME_ALLOW_TYPE=1</programlisting>
+ </example>
+
+ <example>
+ <title>Set a denylist so that specified sysfs attribute are ignored</title>
+
+ <programlisting><filename>/etc/udev/hwdb.d/50-net-naming-denylist.hwdb</filename>
+net:naming:drvirtio_net:*
+ ID_NET_NAME_ALLOW=1
+ ID_NET_NAME_ALLOW_DEV_PORT=0
+ ID_NET_NAME_ALLOW_PHYS_PORT_NAME=0
+ </programlisting>
+ </example>
</refsect1>
<refsect1>
diff --git a/rules.d/75-net-description.rules b/rules.d/75-net-description.rules
index 7e62f8b26b..5ba70a6545 100644
--- a/rules.d/75-net-description.rules
+++ b/rules.d/75-net-description.rules
@@ -3,6 +3,8 @@
ACTION=="remove", GOTO="net_end"
SUBSYSTEM!="net", GOTO="net_end"
+IMPORT{builtin}="hwdb 'net:naming:dr$env{ID_NET_DRIVER}:'"
+
IMPORT{builtin}="net_id"
SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
index b6a97527d8..77c0bcd57a 100644
--- a/src/shared/netif-naming-scheme.c
+++ b/src/shared/netif-naming-scheme.c
@@ -1,6 +1,9 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "sd-device.h"
+
#include "alloc-util.h"
+#include "device-private.h"
#include "netif-naming-scheme.h"
#include "proc-cmdline.h"
#include "string-util.h"
@@ -106,3 +109,81 @@ static const char* const alternative_names_policy_table[_NAMEPOLICY_MAX] = {
};
DEFINE_STRING_TABLE_LOOKUP(alternative_names_policy, NamePolicy);
+
+static int naming_sysattr_allowed_by_default(sd_device *dev) {
+ int r;
+
+ assert(dev);
+
+ r = device_get_property_bool(dev, "ID_NET_NAME_ALLOW");
+ if (r == -ENOENT)
+ return true;
+
+ return r;
+}
+
+static int naming_sysattr_allowed(sd_device *dev, const char *sysattr) {
+ char *sysattr_property;
+ int r;
+
+ assert(dev);
+ assert(sysattr);
+
+ sysattr_property = strjoina("ID_NET_NAME_ALLOW_", sysattr);
+ ascii_strupper(sysattr_property);
+
+ r = device_get_property_bool(dev, sysattr_property);
+ if (r == -ENOENT)
+ /* If ID_NET_NAME_ALLOW is not set or set to 1 default is to allow */
+ return naming_sysattr_allowed_by_default(dev);
+
+ return r;
+}
+
+int device_get_sysattr_int_filtered(sd_device *device, const char *sysattr, int *ret_value) {
+ int r;
+
+ r = naming_sysattr_allowed(device, sysattr);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return -ENOENT;
+
+ return device_get_sysattr_int(device, sysattr, ret_value);
+}
+
+int device_get_sysattr_unsigned_filtered(sd_device *device, const char *sysattr, unsigned *ret_value) {
+ int r;
+
+ r = naming_sysattr_allowed(device, sysattr);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return -ENOENT;
+
+ return device_get_sysattr_unsigned(device, sysattr, ret_value);
+}
+
+int device_get_sysattr_bool_filtered(sd_device *device, const char *sysattr) {
+ int r;
+
+ r = naming_sysattr_allowed(device, sysattr);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return -ENOENT;
+
+ return device_get_sysattr_bool(device, sysattr);
+}
+
+int device_get_sysattr_value_filtered(sd_device *device, const char *sysattr, const char **ret_value) {
+ int r;
+
+ r = naming_sysattr_allowed(device, sysattr);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return -ENOENT;
+
+ return sd_device_get_sysattr_value(device, sysattr, ret_value);
+}
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
index 707c0d26f3..03dc854786 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
@@ -3,6 +3,8 @@
#include <stdbool.h>
+#include "sd-device.h"
+
#include "macro.h"
/* So here's the deal: net_id is supposed to be an exercise in providing stable names for network devices. However, we
@@ -90,3 +92,8 @@ NamePolicy name_policy_from_string(const char *p) _pure_;
const char *alternative_names_policy_to_string(NamePolicy p) _const_;
NamePolicy alternative_names_policy_from_string(const char *p) _pure_;
+
+int device_get_sysattr_int_filtered(sd_device *device, const char *sysattr, int *ret_value);
+int device_get_sysattr_unsigned_filtered(sd_device *device, const char *sysattr, unsigned *ret_value);
+int device_get_sysattr_bool_filtered(sd_device *device, const char *sysattr);
+int device_get_sysattr_value_filtered(sd_device *device, const char *sysattr, const char **ret_value);
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 7eaaf9530e..1997053eb9 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -145,7 +145,7 @@ static int get_dev_port(sd_device *dev, bool fallback_to_dev_id, unsigned *ret)
/* Get kernel provided port index for the case when multiple ports on a single PCI function. */
- r = device_get_sysattr_unsigned(dev, "dev_port", &v);
+ r = device_get_sysattr_unsigned_filtered(dev, "dev_port", &v);
if (r < 0)
return r;
if (r > 0) {
@@ -161,7 +161,7 @@ static int get_dev_port(sd_device *dev, bool fallback_to_dev_id, unsigned *ret)
if (fallback_to_dev_id) {
unsigned iftype;
- r = device_get_sysattr_unsigned(dev, "type", &iftype);
+ r = device_get_sysattr_unsigned_filtered(dev, "type", &iftype);
if (r < 0)
return r;
@@ -169,7 +169,7 @@ static int get_dev_port(sd_device *dev, bool fallback_to_dev_id, unsigned *ret)
}
if (fallback_to_dev_id)
- return device_get_sysattr_unsigned(dev, "dev_id", ret);
+ return device_get_sysattr_unsigned_filtered(dev, "dev_id", ret);
/* Otherwise, return the original index 0. */
*ret = 0;
@@ -186,7 +186,7 @@ static int get_port_specifier(sd_device *dev, bool fallback_to_dev_id, char **re
assert(ret);
/* First, try to use the kernel provided front panel port name for multiple port PCI device. */
- r = sd_device_get_sysattr_value(dev, "phys_port_name", &phys_port_name);
+ r = device_get_sysattr_value_filtered(dev, "phys_port_name", &phys_port_name);
if (r >= 0 && !isempty(phys_port_name)) {
if (naming_scheme_has(NAMING_SR_IOV_R)) {
int vf_id = -1;
@@ -248,10 +248,10 @@ static int pci_get_onboard_index(sd_device *dev, unsigned *ret) {
assert(ret);
/* ACPI _DSM — device specific method for naming a PCI or PCI Express device */
- r = device_get_sysattr_unsigned(dev, "acpi_index", &idx);
+ r = device_get_sysattr_unsigned_filtered(dev, "acpi_index", &idx);
if (r < 0)
/* SMBIOS type 41 — Onboard Devices Extended Information */
- r = device_get_sysattr_unsigned(dev, "index", &idx);
+ r = device_get_sysattr_unsigned_filtered(dev, "index", &idx);
if (r < 0)
return r;
@@ -291,7 +291,7 @@ static int dev_pci_onboard(sd_device *dev, const LinkInfo *info, NetNames *names
idx, strna(port),
special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(names->pci_onboard));
- if (sd_device_get_sysattr_value(names->pcidev, "label", &names->pci_onboard_label) >= 0)
+ if (device_get_sysattr_value_filtered(names->pcidev, "label", &names->pci_onboard_label) >= 0)
log_device_debug(dev, "Onboard label from PCI device: %s", names->pci_onboard_label);
else
names->pci_onboard_label = NULL;
@@ -328,7 +328,7 @@ static int is_pci_multifunction(sd_device *dev) {
static bool is_pci_ari_enabled(sd_device *dev) {
const char *a;
- if (sd_device_get_sysattr_value(dev, "ari_enabled", &a) < 0)
+ if (device_get_sysattr_value_filtered(dev, "ari_enabled", &a) < 0)
return false;
return streq(a, "1");
@@ -337,7 +337,7 @@ static bool is_pci_ari_enabled(sd_device *dev) {
static bool is_pci_bridge(sd_device *dev) {
const char *v, *p;
- if (sd_device_get_sysattr_value(dev, "modalias", &v) < 0)
+ if (device_get_sysattr_value_filtered(dev, "modalias", &v) < 0)
return false;
if (!startswith(v, "pci:"))
@@ -377,7 +377,7 @@ static int parse_hotplug_slot_from_function_id(sd_device *dev, int slots_dirfd,
if (!naming_scheme_has(NAMING_SLOT_FUNCTION_ID))
return 0;
- if (sd_device_get_sysattr_value(dev, "function_id", &attr) < 0)
+ if (device_get_sysattr_value_filtered(dev, "function_id", &attr) < 0)
return 0;
r = safe_atou64(attr, &function_id);
@@ -438,7 +438,7 @@ static int pci_get_hotplug_slot_from_address(
if (!path)
return -ENOMEM;
- if (sd_device_get_sysattr_value(pci, path, &address) < 0)
+ if (device_get_sysattr_value_filtered(pci, path, &address) < 0)
continue;
/* match slot address with device by stripping the function */
@@ -787,7 +787,7 @@ static int names_devicetree(sd_device *dev, const char *prefix, bool test) {
if (!alias_index)
continue;
- if (sd_device_get_sysattr_value(aliases_dev, alias, &alias_path) < 0)
+ if (device_get_sysattr_value_filtered(aliases_dev, alias, &alias_path) < 0)
continue;
if (!path_equal(ofnode_path, alias_path))
@@ -806,7 +806,7 @@ static int names_devicetree(sd_device *dev, const char *prefix, bool test) {
}
/* ...but make sure we don't have an alias conflict */
- if (i == 0 && sd_device_get_sysattr_value(aliases_dev, conflict, NULL) >= 0)
+ if (i == 0 && device_get_sysattr_value_filtered(aliases_dev, conflict, NULL) >= 0)
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
"Ethernet alias conflict: ethernet and ethernet0 both exist");
@@ -1077,7 +1077,7 @@ static int names_mac(sd_device *dev, const char *prefix, bool test) {
assert(dev);
assert(prefix);
- r = device_get_sysattr_unsigned(dev, "type", &iftype);
+ r = device_get_sysattr_unsigned_filtered(dev, "type", &iftype);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to read 'type' attribute: %m");
@@ -1089,7 +1089,7 @@ static int names_mac(sd_device *dev, const char *prefix, bool test) {
"Not generating MAC name for infiniband device.");
/* check for NET_ADDR_PERM, skip random MAC addresses */
- r = device_get_sysattr_unsigned(dev, "addr_assign_type", &assign_type);
+ r = device_get_sysattr_unsigned_filtered(dev, "addr_assign_type", &assign_type);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to read/parse addr_assign_type: %m");
@@ -1097,7 +1097,7 @@ static int names_mac(sd_device *dev, const char *prefix, bool test) {
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL),
"addr_assign_type=%u, MAC address is not permanent.", assign_type);
- r = sd_device_get_sysattr_value(dev, "address", &s);
+ r = device_get_sysattr_value_filtered(dev, "address", &s);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to read 'address' attribute: %m");
@@ -1147,7 +1147,7 @@ static int names_netdevsim(sd_device *dev, const char *prefix, bool test) {
if (r < 0)
return r;
- r = sd_device_get_sysattr_value(dev, "phys_port_name", &phys_port_name);
+ r = device_get_sysattr_value_filtered(dev, "phys_port_name", &phys_port_name);
if (r < 0)
return r;
if (isempty(phys_port_name))
@@ -1227,7 +1227,7 @@ static int get_ifname_prefix(sd_device *dev, const char **ret) {
assert(dev);
assert(ret);
- r = device_get_sysattr_unsigned(dev, "type", &iftype);
+ r = device_get_sysattr_unsigned_filtered(dev, "type", &iftype);
if (r < 0)
return r;
@@ -1274,7 +1274,7 @@ static int get_link_info(sd_device *dev, LinkInfo *info) {
if (r < 0)
return r;
- r = device_get_sysattr_int(dev, "iflink", &info->iflink);
+ r = device_get_sysattr_int_filtered(dev, "iflink", &info->iflink);
if (r < 0)
return r;
--
2.43.0

4
files.udev
View File

@@ -156,8 +156,11 @@
%{_prefix}/lib/udev/iocost.conf
%{_prefix}/lib/udev/mtd_probe
%{_prefix}/lib/udev/path_id_compat
%{_prefix}/lib/udev/rule_generator.functions
%{_prefix}/lib/udev/rules.d/75-persistent-net-generator.rules
%{_prefix}/lib/udev/scsi_id
%{_prefix}/lib/udev/v4l_id
%{_prefix}/lib/udev/write_net_rules
%{_systemd_util_dir}/network/99-default.link
%{_systemd_util_dir}/ntp-units.d/80-systemd-timesync.list
%{_systemd_util_dir}/pstore.conf
@@ -233,6 +236,7 @@
%{_udevhwdbdir}/70-mouse.hwdb
%{_udevhwdbdir}/70-pda.hwdb
%{_udevhwdbdir}/70-pointingstick.hwdb
%{_udevhwdbdir}/70-software-radio.hwdb
%{_udevhwdbdir}/70-sound-card.hwdb
%{_udevhwdbdir}/70-touchpad.hwdb
%{_udevhwdbdir}/80-ieee1394-unit-function.hwdb

211
fixlet-systemd-post.sh
View File

@@ -4,215 +4,6 @@
# updated.
#
# /etc/sysconfig/console | /etc/vconsole.conf
# -------------------------+---------------------
# CONSOLE_FONT | FONT
# CONSOLE_SCREENMAP | FONT_MAP
# CONSOLE_UNICODEMAP | FONT_UNIMAP
migrate_locale () {
local migrated=""
if ! test -f /etc/sysconfig/console; then
return
fi
source /etc/sysconfig/console || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$CONSOLE_FONT" && test -z "$FONT"; then
echo "FONT=$CONSOLE_FONT" >>/etc/vconsole.conf
migrated+="CONSOLE_FONT "
fi
if test -n "$CONSOLE_SCREENMAP" && test -z "$FONT_MAP"; then
echo "FONT_MAP=$CONSOLE_SCREENMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_SCREENMAP "
fi
if test -n "$CONSOLE_UNICODEMAP" && test -z "$FONT_UNIMAP"; then
echo "FONT_UNIMAP=$CONSOLE_UNICODEMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_UNICODEMAP "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/console have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please edit /etc/vconsole.conf if you need to tune these settings"
echo >&2 "as /etc/sysconfig/console won't be considered anymore."
echo >&2
fi
}
# /etc/sysconfig/keyboard | /etc/vconsole.conf
# -------------------------+---------------------
# KEYTABLE | KEYMAP
migrate_keyboard () {
local migrated=""
if ! test -f /etc/sysconfig/keyboard; then
return
fi
source /etc/sysconfig/keyboard || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$KEYTABLE" && test -z "$KEYMAP"; then
echo "KEYMAP=$KEYTABLE" >>/etc/vconsole.conf
migrated+="KEYTABLE "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/keyboard have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please use localectl(1) if you need to tune these settings since"
echo >&2 "/etc/sysconfig/keyboard won't be considered anymore."
echo >&2
fi
}
# According to
# https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_suse_l10n.html,
# variables in /etc/sysconfig/language are supposed to be passed to the users'
# shell *only*. However it seems that there has been some confusion and they
# ended up configuring the system-wide locale as well. The logic followed by
# systemd was implemented in commit 01c4b6f4f0d951d17f6873f68156ecd7763429c6,
# which was reverted. The code below follows the same logic to migrate content
# of /etc/sysconfig/language into locale.conf.
migrate_language () {
local lang=
local migrated=false
if ! test -f /etc/sysconfig/language; then
return
fi
source /etc/sysconfig/language || return
lang=$(grep ^LANG= /etc/locale.conf 2>/dev/null)
lang=${lang#LANG=}
case "$ROOT_USES_LANG" in
yes)
if test -z "$lang" && test -n "$RC_LANG"; then
echo "LANG=$RC_LANG" >>/etc/locale.conf
migrated=true
fi
;;
ctype)
if ! grep -q ^LC_CTYPE= /etc/locale.conf 2>/dev/null; then
: ${lc_ctype:="$lang"}
: ${lc_ctype:="$RC_LC_CTYPE"}
: ${lc_ctype:="$RC_LANG"}
if test -n "$lc_ctype"; then
echo "LC_CTYPE=$lc_ctype" >>/etc/locale.conf
migrated=true
fi
fi
;;
esac
if $migrated; then
echo >&2 "The content of /etc/sysconfig/language has been migrated into"
echo >&2 "/etc/locale.conf. The former file is now only used for setting"
echo >&2 "the locale used by user's shells. The system-wide locale is"
echo >&2 "only read from /etc/locale.conf since now."
echo >&2
echo >&2 "Please only use localectl(1) or YaST if you need to change the"
echo >&2 "settings of the *system-wide* locale from now."
fi
}
#
# Migrate old i18n settings previously configured in /etc/sysconfig to the new
# locations used by systemd (/etc/locale.conf, /etc/vconsole.conf, ...). Recent
# versions of systemd parse the new locations only.
#
# This is needed both at package updates and package installations because we
# might be upgrading from a system which was running SysV init (systemd package
# is being installed).
#
# Note: run only once.
#
migrate_sysconfig_i18n() {
local tagfile=/var/lib/systemd/rpm/systemd-i18n_migrated
local -i rv=0
if [ -e $tagfile ]; then
return 0
fi
# The marker could have been incorrectly put in /usr/lib.
mv /usr/lib/systemd/scripts/.migrate-sysconfig-i18n.sh~done $tagfile &>/dev/null
# The tag files have been moved to /var/lib/systemd/rpm later.
mv /var/lib/systemd/i18n-migrated $tagfile &>/dev/null
if [ -e $tagfile ]; then
return 0
fi
touch $tagfile
migrate_locale; rv+=$?
migrate_keyboard; rv+=$?
migrate_language; rv+=$?
if [ $rv -gt 0 ]; then
echo >&2 "Failed to migrate i18n settings from /etc/sysconfig, ignoring."
fi
return $rv
}
#
# This function is supposed to be called from the %post section of the main
# package. It contains all the fixups needed when the system was running a
# version of systemd older than v210.
#
# All hacks can potentially break the admin settings since they work in /etc.
#
fix_pre_210() {
local tagfile=/var/lib/systemd/rpm/systemd-pre_210_fixed
if [ -e $tagfile ]; then
return 0
fi
touch $tagfile
#
# During migration from sysvinit to systemd, we used to set the systemd
# default target to one of the 'runlevel*.target' after reading the
# default runlevel from /etc/inittab. We don't do that anymore because
# in most cases using the graphical.target target, which is the default,
# will do the right thing. Moreover the runlevel targets are considered
# as deprecated, so we convert them into "true" systemd targets instead
# here.
#
if target=$(readlink /etc/systemd/system/default.target); then
target=$(basename $target)
case "$target" in
runlevel?.target)
echo "Default target is '$target' but use of runlevels is deprecated, converting"
systemctl --no-reload set-default $target
esac
fi
#
# Migrate any symlink which may refer to the old path (ie /lib/systemd).
#
for f in $(find /etc/systemd/system -type l -xtype l); do
new_target="/usr$(readlink $f)"
[ -f "$new_target" ] && ln -s -f "$new_target" "$f"
done
}
#
# /etc/machine-id might have been created writeable incorrectly (boo#1092269).
#
@@ -303,8 +94,6 @@ EOF
r=0
fix_machine_id_perms || r=1
fix_pre_210 || r=1
migrate_sysconfig_i18n || r=1
fix_bsc_1020601 || r=1
fix_issue_11329 || r=1
drop_after_local_support || r=1

BIN
systemd-254.23+suse.76.gd7a56d70fb.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
systemd-254.27+suse.93.g247091bc99.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

132
systemd.changes
View File

@@ -1,3 +1,132 @@
-------------------------------------------------------------------
Thu Jul 31 15:12:43 UTC 2025 - Franck Bui <fbui@suse.com>
- Remove the script used to help migrating the language and locale settings
located in /etc/sysconfig/language on old systems to the systemd default
locations (bsc#1247074)
The script was introduced more than 7 years ago and all systems running TW
should have been migrated since then. Moreover the installer supports the
systemd default locations since approximately SLE15.
-------------------------------------------------------------------
Mon Jul 7 09:50:24 UTC 2025 - Franck Bui <fbui@suse.com>
- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
offline update.
-------------------------------------------------------------------
Thu Jul 3 14:56:27 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 247091bc99ba506cee501b520d1d0a11d772fc13 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/aa12f501ae4749c542a091028d848796da4ef51b...247091bc99ba506cee501b520d1d0a11d772fc13
-------------------------------------------------------------------
Thu Jul 3 14:42:11 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit aa12f501ae4749c542a091028d848796da4ef51b
aa12f501ae logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
e8b17d11bc sd-journal: drop to use Hashmap to manage journal files per boot ID
ea80273738 tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
a5b3b5344f sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
5fa0600b34 sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
737e8193e7 sd-journal: cache last entry offset and journal file state
057dca426f sd-journal: fix typo in function name
-------------------------------------------------------------------
Mon Jun 2 11:24:58 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 656494acfaf4b7ac5f3137c09b96b8c4bf08f7d0 (merge of v254.25)
This merge includes the following fix:
7fc7aa5a4d coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/41d2be2fb502e62e671db2b22ee330af8fade7e2...656494acfaf4b7ac5f3137c09b96b8c4bf08f7d0
-------------------------------------------------------------------
Mon Jun 2 10:20:27 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 41d2be2fb502e62e671db2b22ee330af8fade7e2
41d2be2fb5 Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel" (SUSE specific)
-------------------------------------------------------------------
Fri May 16 10:26:33 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 806c21e22ba4e3038817c20da19633b483b3ee80
806c21e22b umount: do not move busy network mounts (bsc#1236177)
-------------------------------------------------------------------
Fri May 9 13:27:00 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit ebdfa3e44e0c85febfa3b35fc8843f8db6f3fb10
ebdfa3e44e man/pstore.conf: pstore.conf template is not always installed in /etc
304ed20aab man: coredump.conf template is not always installed in /etc (bsc#1237496)
-------------------------------------------------------------------
Fri May 9 13:00:40 UTC 2025 - Franck Bui <fbui@suse.com>
- Add 1003-journal-again-create-user-journals-for-users-with-hi.patch (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
-------------------------------------------------------------------
Fri Apr 25 11:15:16 UTC 2025 - Franck Bui <fbui@suse.com>
- Add 1002-udev-persistent-net-rule-generator-support.patch (bsc#1241190)
This re-adds back the support for the persistent net name rules as well as
their generator since predictable naming scheme is still disabled by default
on Micro (via the `net.ifnames=0` boot option).
-------------------------------------------------------------------
Wed Mar 19 17:40:45 UTC 2025 - Franck Bui <fbui@suse.com>
- Maintain the network device naming scheme used on SLE15 (jsc#PED-12317)
This shouldn't cause problems as predictable naming schemes are disabled on
SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default).
Add 1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch for the
description of these schemes in the relevant man page.
-------------------------------------------------------------------
Wed Mar 19 17:29:47 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 09b7477895b79c7a3604a7e1aa71eeb3d401e65c
09b7477895 udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- Drop 5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch
The path has been merged into the SUSE/v254 branch.
-------------------------------------------------------------------
Wed Mar 19 17:00:57 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit 0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 (merge of v254.24)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991
-------------------------------------------------------------------
Wed Mar 19 16:38:25 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit b4693652f317dbae80e31b978f51e695a23fa3d0
b4693652f3 journald: close runtime journals before their parent directory removed
044d051f0c journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
-------------------------------------------------------------------
Wed Jan 15 17:38:26 UTC 2025 - Franck Bui <fbui@suse.com>
@@ -8,6 +137,7 @@ Wed Jan 15 16:35:55 UTC 2025 - Franck Bui <fbui@suse.com>
- Import commit d7a56d70fb052f738442c2874b072d6514242050 (merge of v254.23)
eab1d9753b stdio-bridge: fix polled fds
f028f2298e hwdb: comment out the entry for Logitech MX Keys for Mac
e808cbdd6d test: answer 2nd mdadm --create question for compat with new version
bf01f3d692 core/unit-serialize: fix serialization of markers
@@ -31,8 +161,6 @@ Mon Dec 23 09:00:16 UTC 2024 - Franck Bui <fbui@suse.com>
- Import commit 8752ef2f258c62470bef3bb24ca1ef3a969ac474 (merge of v254.22)
This merge includes the following fix:
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e107182cb3dd1702b291d0455bdabcb7db28e537...8752ef2f258c62470bef3bb24ca1ef3a969ac474

14
systemd.spec
View File

@@ -18,14 +18,14 @@
%global flavor @BUILD_FLAVOR@%{nil}
%define archive_version +suse.76.gd7a56d70fb
%define archive_version +suse.93.g247091bc99
%if 0%{?version_override}
%define systemd_major %version_override
%define systemd_minor %{nil}
%else
%define systemd_major 254
%define systemd_minor 23
%define systemd_minor 27
%endif
%define systemd_version %{systemd_major}%{?systemd_minor:.%{systemd_minor}}
@@ -208,7 +208,6 @@ Source212: files.portable
# only relevant for SUSE distros. Special rewards for those who will manage to
# get rid of one of them !
#
Patch1: 0001-udev-restore-some-legacy-symlinks-to-maintain-backwa.patch
Patch2: 0003-Drop-support-for-efivar-SystemdOptions.patch
Patch3: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
%if %{with sysvcompat}
@@ -217,6 +216,12 @@ Patch5: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
%endif
Patch6: 0004-core-create-the-credential-directory-even-if-it-s-em.patch
# Patches listed below are SLE specific.
Patch1000: 0001-udev-restore-some-legacy-symlinks-to-maintain-backwa.patch
Patch1001: 1001-man-describe-the-net-naming-schemes-specific-to-SLE.patch
Patch1002: 1002-udev-persistent-net-rule-generator-support.patch
Patch1003: 1003-journal-again-create-user-journals-for-users-with-hi.patch
%if %{without upstream}
# Patches listed below are put in quarantine. Normally all changes must go to
# upstream first and then are cherry-picked in the SUSE git repository. But for
@@ -227,7 +232,6 @@ Patch5001: 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch
Patch5002: 5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
%endif
Patch5003: 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch
Patch5004: 5004-udev-allow-denylist-for-reading-sysfs-attributes-whe.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
@@ -745,6 +749,8 @@ export CFLAGS="%{optflags} -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
-Dutmp=false \
-Ddefault-hierarchy=unified \
-Ddefault-kill-user-processes=false \
-Dextra-net-naming-schemes=sle15-sp3=v238+bridge_no_slot,sle15-sp4=sle15-sp3+slot_function_id+16bit_index \
-Ddefault-net-naming-scheme=sle15-sp4 \
-Dpamconfdir=no \
-Dpamlibdir=%{_pam_moduledir} \
-Dxinitrcdir=%{xinitconfdir}/xinitrc.d \

15
triggers.systemd
View File

@@ -72,7 +72,7 @@ end
-- This script will process files installed in /usr/lib/sysusers.d to create
-- specified users automatically. The priority is set such that it
-- will run before the tmpfiles file trigger.
-- Note: /run is never mounted during transactional updates.
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-sysusers"))
end
@@ -81,13 +81,19 @@ end
%transfiletriggerin -P 1000700 -n udev -p <lua> -- /usr/lib/udev/hwdb.d
-- This script will automatically invoke hwdb update if files have been
-- installed or updated in /usr/lib/udev/hwdb.d.
assert(rpm.execute("systemd-hwdb", "update"))
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-hwdb", "update"))
end
%endif
%transfiletriggerin -P 1000700 -p <lua> -- /usr/lib/systemd/catalog
-- This script will automatically invoke journal catalog update if files
-- have been installed or updated in /usr/lib/systemd/catalog.
assert(rpm.execute("journalctl", "--update-catalog"))
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("journalctl", "--update-catalog"))
end
%transfiletriggerin -P 1000700 -p <lua> -- /usr/lib/binfmt.d
-- This script will automatically apply binfmt rules if files have been
@@ -105,7 +111,7 @@ end
-- This script will process files installed in /usr/lib/tmpfiles.d to create
-- tmpfiles automatically. The priority is set such that it will run
-- after the sysusers file trigger, but before any other triggers.
-- Note: /run is never mounted during transactional updates.
-- Note: this should be skipped during offline updates.
if posix.access("/run/systemd/system") then
assert(rpm.execute("systemd-tmpfiles", "--create"))
end
@@ -122,6 +128,7 @@ end
%transfiletriggerin -P 1000500 -p <lua> -- /usr/lib/sysctl.d
-- This script will automatically apply sysctl rules if files have been
-- installed or updated in /usr/lib/sysctl.d.
-- Note: this should be skipped if executed in a chroot environment.
if posix.access("/run/systemd/system") then
pid = posix.fork()
if pid == 0 then