Dr. Werner Fink 2014-06-03 14:25:18 +00:00 committed by Git OBS Bridge
parent 71fc98101c
commit 6dee85e780
10 changed files with 416 additions and 0 deletions

View File

@ -0,0 +1,159 @@
Based on fdd25311706bd32580ec4d43211cdf4665d2f9de Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 May 2014 18:37:11 +0800
Subject: [PATCH] virt: rework container detection logic
Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.
Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
---
Makefile.am | 3 ---
configure.ac | 2 --
src/core/main.c | 12 ++++++++++++
src/shared/virt.c | 48 ++++++++++++++++++++++++++++++------------------
4 files changed, 42 insertions(+), 23 deletions(-)
diff --git Makefile.am Makefile.am
index 5b26bc3..f66ef42 100644
--- Makefile.am
+++ Makefile.am
@@ -1798,9 +1798,6 @@ systemd_detect_virt_SOURCES = \
systemd_detect_virt_LDADD = \
libsystemd-shared.la
-systemd-detect-virt-install-hook:
- -$(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt
-
INSTALL_EXEC_HOOKS += \
systemd-detect-virt-install-hook
--- configure.ac
+++ configure.ac 2014-06-03 14:16:45.046237826 +0000
@@ -68,8 +68,6 @@ AC_PATH_PROG([XSLTPROC], [xsltproc])
AC_PATH_PROG([QUOTAON], [quotaon], [/usr/sbin/quotaon])
AC_PATH_PROG([QUOTACHECK], [quotacheck], [/usr/sbin/quotacheck])
-AC_PATH_PROG([SETCAP], [setcap], [/usr/sbin/setcap])
-
AC_PATH_PROG([KILL], [kill], [/usr/bin/kill])
AC_PATH_PROG([KMOD], [kmod], [/usr/bin/kmod])
diff --git src/core/main.c src/core/main.c
index 77cc2fb..d5d1ee2 100644
--- src/core/main.c
+++ src/core/main.c
@@ -1261,6 +1261,16 @@ static int status_welcome(void) {
isempty(pretty_name) ? "Linux" : pretty_name);
}
+static int write_container_id(void) {
+ const char *c;
+
+ c = getenv("container");
+ if (isempty(c))
+ return 0;
+
+ return write_string_file("/run/systemd/container", c);
+}
+
int main(int argc, char *argv[]) {
Manager *m = NULL;
int r, retval = EXIT_FAILURE;
@@ -1544,6 +1554,8 @@ int main(int argc, char *argv[]) {
if (virtualization)
log_info("Detected virtualization '%s'.", virtualization);
+ write_container_id();
+
log_info("Detected architecture '%s'.", architecture_to_string(uname_architecture()));
if (in_initrd())
diff --git src/shared/virt.c src/shared/virt.c
index 0db0514..1e227c5 100644
--- src/shared/virt.c
+++ src/shared/virt.c
@@ -217,8 +217,8 @@ int detect_container(const char **id) {
static thread_local int cached_found = -1;
static thread_local const char *cached_id = NULL;
- _cleanup_free_ char *e = NULL;
- const char *_id = NULL;
+ _cleanup_free_ char *m = NULL;
+ const char *_id = NULL, *e = NULL;
int r;
if (_likely_(cached_found >= 0)) {
@@ -229,17 +229,6 @@ int detect_container(const char **id) {
return cached_found;
}
- /* Unfortunately many of these operations require root access
- * in one way or another */
-
- r = running_in_chroot();
- if (r < 0)
- return r;
- if (r > 0) {
- _id = "chroot";
- goto finish;
- }
-
/* /proc/vz exists in container and outside of the container,
* /proc/bc only outside of the container. */
if (access("/proc/vz", F_OK) >= 0 &&
@@ -249,11 +238,32 @@ int detect_container(const char **id) {
goto finish;
}
- r = getenv_for_pid(1, "container", &e);
- if (r < 0)
- return r;
- if (r == 0)
- goto finish;
+ if (getpid() == 1) {
+ /* If we are PID 1 we can just check our own
+ * environment variable */
+
+ e = getenv("container");
+ if (isempty(e)) {
+ r = 0;
+ goto finish;
+ }
+ } else {
+
+ /* Otherwise, PID 1 dropped this information into a
+ * file in /run. This is better than accessing
+ * /proc/1/environ, since we don't need CAP_SYS_PTRACE
+ * for that. */
+
+ r = read_one_line_file("/run/systemd/container", &m);
+ if (r == -ENOENT) {
+ r = 0;
+ goto finish;
+ }
+ if (r < 0)
+ return r;
+
+ e = m;
+ }
/* We only recognize a selected few here, since we want to
* enforce a redacted namespace */
@@ -266,6 +276,8 @@ int detect_container(const char **id) {
else
_id = "other";
+ r = 1;
+
finish:
cached_found = r;
--
1.7.9.2

View File

@ -0,0 +1,26 @@
Based on 8d2a6145334257c8a9ceabc9dd52dff06cca818e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 26 May 2014 23:03:11 -0400
Subject: [PATCH] fsck: include device name in the message about missing fsck
---
src/fsck/fsck.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- src/fsck/fsck.c
+++ src/fsck/fsck.c 2014-06-03 14:15:15.746235301 +0000
@@ -284,10 +284,12 @@ int main(int argc, char *argv[]) {
r = access(checker, X_OK);
if (r < 0) {
if (errno == ENOENT) {
- log_info("%s doesn't exist, not checking file system.", checker);
+ log_info("%s doesn't exist, not checking file system on %s",
+ checker, device);
return EXIT_SUCCESS;
} else
- log_warning("%s cannot be used: %m", checker);
+ log_warning("%s cannot be used for %s: %m",
+ checker, device);
}
}

View File

@ -0,0 +1,26 @@
From d8e40d62ab871a87fde421c4b246bb45bc3cbe2d Mon Sep 17 00:00:00 2001
From: Jonathan Liu <net147@gmail.com>
Date: Thu, 29 May 2014 01:17:25 +1000
Subject: [PATCH] units: use KillMode=mixed for systemd-nspawn@.service
This causes the container to shut down cleanly when the service is
stopped.
---
units/systemd-nspawn@.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git units/systemd-nspawn@.service.in units/systemd-nspawn@.service.in
index ff36e90..e373628 100644
--- units/systemd-nspawn@.service.in
+++ units/systemd-nspawn@.service.in
@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1)
[Service]
ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i
+KillMode=mixed
Type=notify
[Install]
--
1.7.9.2

View File

@ -0,0 +1,28 @@
From 93f1a06374e335e8508d89e1bdaadf45be6ab777 Mon Sep 17 00:00:00 2001
From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Sat, 31 May 2014 21:36:23 +0200
Subject: [PATCH] util: ignore_file should not allow files ending with '~'
ignore_file currently allows any file ending with '~' while it
seems that the opposite was intended:
a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
---
src/shared/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/shared/util.c src/shared/util.c
index 0c27394..17b0ae1 100644
--- src/shared/util.c
+++ src/shared/util.c
@@ -1371,7 +1371,7 @@ bool ignore_file(const char *filename) {
assert(filename);
if (endswith(filename, "~"))
- return false;
+ return true;
return ignore_file_allow_backup(filename);
}
--
1.7.9.2

View File

@ -0,0 +1,26 @@
From 267b3e41df5a2181f2911433539f81de2fa1511a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Thu, 29 May 2014 14:17:37 -0400
Subject: [PATCH] tty-ask-password-agent: Do tell what directory we failed to
open
---
.../tty-ask-password-agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/tty-ask-password-agent/tty-ask-password-agent.c src/tty-ask-password-agent/tty-ask-password-agent.c
index 3203474..55a2215 100644
--- src/tty-ask-password-agent/tty-ask-password-agent.c
+++ src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -501,7 +501,7 @@ static int show_passwords(void) {
if (errno == ENOENT)
return 0;
- log_error("opendir(): %m");
+ log_error("opendir(/run/systemd/ask-password): %m");
return -errno;
}
--
1.7.9.2

View File

@ -0,0 +1,32 @@
From 9e3dbf6b2b99d0e16989d9cedb458729db5a60c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 1 Jun 2014 14:01:23 -0400
Subject: [PATCH] keyboard: add Plantronics .Audio mute button
https://bugs.freedesktop.org/show_bug.cgi?id=79495
---
hwdb/60-keyboard.hwdb | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git hwdb/60-keyboard.hwdb hwdb/60-keyboard.hwdb
index 05e6a04..d053766 100644
--- hwdb/60-keyboard.hwdb
+++ hwdb/60-keyboard.hwdb
@@ -866,6 +866,14 @@ keyboard:dmi:bvn*:bvr*:bd*:svnOQO*Inc.*:pnOQO*Model*2*:pvr*
KEYBOARD_KEY_f3=volumeup
###########################################################
+# Plantronics
+###########################################################
+
+# Plantronics .Audio 626 DSP
+keyboard:usb:v047fpC006*
+ KEYBOARD_KEY_b002f=f20 # Microphone mute button; should be micmute
+
+###########################################################
# Quanta
###########################################################
--
1.7.9.2

View File

@ -0,0 +1,31 @@
From a52ec8ed881537627869afa8f0486db7e20ce2db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Fri, 30 May 2014 13:16:56 -0400
Subject: [PATCH] udev-builtin-keyboard: do tell on which device EVIOCSKEYCODE
failed.
I am getting
"Error calling EVIOCSKEYCODE (scan code 0xc022d, key code 418): Invalid
argument", the error message does not tell on which specific device the
problem is, add that info.
---
src/udev/udev-builtin-keyboard.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/udev/udev-builtin-keyboard.c src/udev/udev-builtin-keyboard.c
index 614e44e..9b66bfd 100644
--- src/udev/udev-builtin-keyboard.c
+++ src/udev/udev-builtin-keyboard.c
@@ -143,7 +143,7 @@ static int builtin_keyboard(struct udev_device *dev, int argc, char *argv[], boo
log_debug("keyboard: mapping scan code %d (0x%x) to key code %d (0x%x)",
map[i].scan, map[i].scan, map[i].key, map[i].key);
if (ioctl(fd, EVIOCSKEYCODE, &map[i]) < 0)
- log_error("Error calling EVIOCSKEYCODE (scan code 0x%x, key code %d): %m", map[i].scan, map[i].key);
+ log_error("Error calling EVIOCSKEYCODE on device node '%s' (scan code 0x%x, key code %d): %m", node, map[i].scan, map[i].key);
}
/* install list of force-release codes */
--
1.7.9.2

View File

@ -0,0 +1,48 @@
From 3d06f4183470d42361303086ed9dedd29c0ffc1b Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Tue, 3 Jun 2014 10:46:51 +0200
Subject: [PATCH] udev: always close lock file descriptor
https://bugs.freedesktop.org/show_bug.cgi?id=79576
---
src/udev/udevd.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git src/udev/udevd.c src/udev/udevd.c
index 1c9488e..819ea3b 100644
--- src/udev/udevd.c
+++ src/udev/udevd.c
@@ -301,6 +301,7 @@ static void worker_new(struct event *event)
if (fd_lock >= 0 && flock(fd_lock, LOCK_SH|LOCK_NB) < 0) {
log_debug("Unable to flock(%s), skipping event handling: %m", udev_device_get_devnode(d));
err = -EWOULDBLOCK;
+ fd_lock = safe_close(fd_lock);
goto skip;
}
}
@@ -317,8 +318,7 @@ static void worker_new(struct event *event)
udev_device_update_db(dev);
}
- if (fd_lock >= 0)
- close(fd_lock);
+ safe_close(fd_lock);
/* send processed event back to libudev listeners */
udev_monitor_send_device(worker_monitor, NULL, dev);
@@ -377,10 +377,8 @@ skip:
}
out:
udev_device_unref(dev);
- if (fd_signal >= 0)
- close(fd_signal);
- if (fd_ep >= 0)
- close(fd_ep);
+ safe_close(fd_signal);
+ safe_close(fd_ep);
close(fd_inotify);
close(worker_watch[WRITE_END]);
udev_rules_unref(rules);
--
1.7.9.2

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Jun 3 14:23:40 UTC 2014 - werner@suse.de
- Add upstream patches
0001-virt-rework-container-detection-logic.patch
0002-fsck-include-device-name-in-the-message-about-missin.patch
0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch
0004-util-ignore_file-should-not-allow-files-ending-with.patch
0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch
- Add upstream patches to update keyboard data base
0007-keyboard-add-Plantronics-.Audio-mute-button.patch
- Add upstream patches for udev
1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch
1024-udev-always-close-lock-file-descriptor.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri May 30 07:35:07 UTC 2014 - rmilasan@suse.com Fri May 30 07:35:07 UTC 2014 - rmilasan@suse.com

View File

@ -33,6 +33,7 @@ Summary: A System and Session Manager
License: LGPL-2.1+ License: LGPL-2.1+
Group: System/Base Group: System/Base
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: acl
BuildRequires: audit-devel BuildRequires: audit-devel
%if %{with compat_libs} %if %{with compat_libs}
# See gold_archs in binutils.spec # See gold_archs in binutils.spec
@ -506,6 +507,18 @@ Patch259: 0004-socket-properly-handle-if-our-service-vanished-durin.patch
Patch260: 0001-Do-not-unescape-unit-names-in-Install-section.patch Patch260: 0001-Do-not-unescape-unit-names-in-Install-section.patch
# PATCHFIX-UPSTREAM added at 2014/05/27 # PATCHFIX-UPSTREAM added at 2014/05/27
Patch261: 0002-analyze-run-use-bus_open_transport_systemd-instead-o.patch Patch261: 0002-analyze-run-use-bus_open_transport_systemd-instead-o.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch262: 0001-virt-rework-container-detection-logic.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch263: 0002-fsck-include-device-name-in-the-message-about-missin.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch264: 0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch265: 0004-util-ignore_file-should-not-allow-files-ending-with.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch266: 0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch267: 0007-keyboard-add-Plantronics-.Audio-mute-button.patch
# UDEV PATCHES # UDEV PATCHES
# ============ # ============
@ -557,6 +570,10 @@ Patch1020: 1020-udev-keyboard-also-hook-into-change-events.patch
Patch1021: 1021-udev-re-add-persistent-net-rules.patch Patch1021: 1021-udev-re-add-persistent-net-rules.patch
# PATCHFIX-UPSTREAM 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch # PATCHFIX-UPSTREAM 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch
Patch1022: 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch Patch1022: 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch1023: 1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch
# PATCHFIX-UPSTREAM added at 2014/06/03
Patch1024: 1024-udev-always-close-lock-file-descriptor.patch
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -965,6 +982,12 @@ cp %{SOURCE7} m4/
%patch259 -p0 %patch259 -p0
%patch260 -p0 %patch260 -p0
%patch261 -p0 %patch261 -p0
%patch262 -p0
%patch263 -p0
%patch264 -p0
%patch265 -p0
%patch266 -p0
%patch267 -p0
# udev patches # udev patches
%patch1001 -p1 %patch1001 -p1
@ -990,6 +1013,8 @@ cp %{SOURCE7} m4/
%patch1020 -p0 %patch1020 -p0
%patch1021 -p1 %patch1021 -p1
%patch1022 -p1 %patch1022 -p1
%patch1023 -p0
%patch1024 -p0
# ensure generate files are removed # ensure generate files are removed
rm -f units/emergency.service rm -f units/emergency.service