Dr. Werner Fink 2014-03-04 10:55:46 +00:00 committed by Git OBS Bridge
parent 24c0d37e00
commit b491f88205
9 changed files with 9 additions and 419 deletions

View File

@ -1,66 +0,0 @@
From 3b794314149e40afaf3c456285e1e529747b6560 Mon Sep 17 00:00:00 2001
From: Holger Schurig <holgerschurig@gmail.com>
Date: Thu, 20 Feb 2014 14:39:13 +0100
Subject: [PATCH] build-sys: Add setns() functions if not in the C library.
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
---
configure.ac | 5 +++--
src/shared/missing.h | 17 +++++++++++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git configure.ac configure.ac
index 05ee098..18df6d8 100644
--- configure.ac
+++ configure.ac
@@ -241,10 +241,11 @@ LIBS="$save_LIBS"
AC_CHECK_FUNCS([fanotify_init fanotify_mark])
AC_CHECK_FUNCS([__secure_getenv secure_getenv])
-AC_CHECK_DECLS([gettid, pivot_root, name_to_handle_at], [], [], [[#include <sys/types.h>
+AC_CHECK_DECLS([gettid, pivot_root, name_to_handle_at, setns], [], [], [[#include <sys/types.h>
#include <unistd.h>
#include <sys/mount.h>
-#include <fcntl.h>]])
+#include <fcntl.h>
+#include <sched.h>]])
# This makes sure pkg.m4 is available.
m4_pattern_forbid([^_?PKG_[A-Z_]+$],[*** pkg.m4 missing, please install pkg-config])
diff --git src/shared/missing.h src/shared/missing.h
index 2661285..3142306 100644
--- src/shared/missing.h
+++ src/shared/missing.h
@@ -28,6 +28,7 @@
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
+#include <errno.h>
#include <linux/oom.h>
#include <linux/input.h>
#include <linux/if_link.h>
@@ -353,3 +354,19 @@ static inline int name_to_handle_at(int fd, const char *name, struct file_handle
#endif
#endif
+
+#ifndef __NR_setns
+# if defined(__x86_64__)
+# define __NR_setns 308
+# elif defined(__i386__)
+# define __NR_setns 346
+# else
+# error "__NR_setns is not defined"
+# endif
+#endif
+
+#if !HAVE_DECL_SETNS
+static inline int setns(int fd, int nstype) {
+ return syscall(__NR_setns, fd, nstype);
+}
+#endif
--
1.7.7

View File

@ -1,32 +0,0 @@
From 8eea53dd45265d8cb92bfdb161a425a1668c10c0 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@zarb.org>
Date: Thu, 20 Feb 2014 16:07:08 +0100
Subject: [PATCH] build-sys: Fix compilation of nspawn when seccomp is not
enabled
---
Makefile.am | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git Makefile.am Makefile.am
index 85d51b4..56cdb85 100644
--- Makefile.am
+++ Makefile.am
@@ -1882,9 +1882,13 @@ systemd_nspawn_LDADD = \
libsystemd-capability.la \
libsystemd-internal.la \
libudev-internal.la \
- libsystemd-shared.la \
+ libsystemd-shared.la
+
+if HAVE_SECCOMP
+systemd_nspawn_LDADD += \
libsystemd-seccomp.la \
$(SECCOMP_LIBS)
+endif
# ------------------------------------------------------------------------------
systemd_run_SOURCES = \
--
1.7.7

View File

@ -1,180 +0,0 @@
--- systemd-209/Makefile.am
+++ systemd-209/Makefile.am 2014-02-28 10:24:53.634235909 +0000
@@ -1091,6 +1091,12 @@ systemd_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+systemd_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
dist_pkgsysconf_DATA += \
src/core/system.conf \
src/core/user.conf
@@ -1187,6 +1193,12 @@ test_engine_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_engine_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_job_type_SOURCES = \
src/test/test-job-type.c
@@ -1194,18 +1206,36 @@ test_job_type_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_job_type_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_ns_SOURCES = \
src/test/test-ns.c
test_ns_LDADD = \
libsystemd-core.la
+if HAVE_SECCOMP
+test_ns_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_loopback_SOURCES = \
src/test/test-loopback.c
test_loopback_LDADD = \
libsystemd-core.la
+if HAVE_SECCOMP
+test_loopback_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_hostname_SOURCES = \
src/test/test-hostname.c
@@ -1230,6 +1260,12 @@ test_unit_name_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_unit_name_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_unit_file_SOURCES = \
src/test/test-unit-file.c
@@ -1237,12 +1273,24 @@ test_unit_file_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_unit_file_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_utf8_SOURCES = \
src/test/test-utf8.c
test_utf8_LDADD = \
libsystemd-shared.la
+if HAVE_SECCOMP
+test_utf8_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_util_SOURCES = \
src/test/test-util.c
@@ -1255,6 +1303,12 @@ test_tmpfiles_SOURCES = \
test_tmpfiles_LDADD = \
libsystemd-shared.la
+if HAVE_SECCOMP
+test_tmpfiles_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_namespace_SOURCES = \
src/test/test-namespace.c
@@ -1289,6 +1343,12 @@ test_tables_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_tables_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_prioq_SOURCES = \
src/test/test-prioq.c
@@ -1374,6 +1434,12 @@ test_cgroup_mask_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_cgroup_mask_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_cgroup_util_SOURCES = \
src/test/test-cgroup-util.c
@@ -1388,12 +1454,24 @@ test_env_replace_SOURCES = \
test_env_replace_LDADD = \
libsystemd-shared.la
+if HAVE_SECCOMP
+test_env_replace_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_strbuf_SOURCES = \
src/test/test-strbuf.c
test_strbuf_LDADD = \
libsystemd-shared.la
+if HAVE_SECCOMP
+test_strbuf_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
test_strv_SOURCES = \
src/test/test-strv.c
@@ -1440,6 +1518,12 @@ test_sched_prio_LDADD = \
libsystemd-core.la \
$(RT_LIBS)
+if HAVE_SECCOMP
+test_sched_prio_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SECCOMP_CFLAGS)
+endif
+
# ------------------------------------------------------------------------------
## .PHONY so it always rebuilds it
.PHONY: coverage lcov-run lcov-report coverage-sync

View File

@ -1,30 +0,0 @@
From 9ac441c0f40a10a6c498398e5876a5256b833e31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20B=C3=A4chler?= <thomas@archlinux.org>
Date: Fri, 21 Feb 2014 11:20:24 +0100
Subject: [PATCH] sd-event: Fix systemd crash when using timer units.
There was a copy-paste error introduced in commit c2ba3ad6604ef2e189d7e0a36d6911116e84d3ab
which causes the following error when using timer units:
Assertion '(x->type == SOURCE_MONOTONIC && y->type == SOURCE_MONOTONIC) || (x->type == SOURCE_REALTIME && y->type == SOURCE_REALTIME)'
failed at src/libsystemd/sd-event/sd-event.c:264, function latest_time_prioq_compare(). Aborting.
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git src/libsystemd/sd-event/sd-event.c src/libsystemd/sd-event/sd-event.c
index 25dfd17..1f039bc 100644
--- src/libsystemd/sd-event/sd-event.c
+++ src/libsystemd/sd-event/sd-event.c
@@ -771,7 +771,7 @@ _public_ int sd_event_add_realtime(sd_event *e,
sd_event_time_handler_t callback,
void *userdata) {
- return event_add_time_internal(e, ret, SOURCE_REALTIME, &e->realtime_fd, CLOCK_REALTIME, &e->realtime_earliest, &e->monotonic_latest, usec, accuracy, callback, userdata);
+ return event_add_time_internal(e, ret, SOURCE_REALTIME, &e->realtime_fd, CLOCK_REALTIME, &e->realtime_earliest, &e->realtime_latest, usec, accuracy, callback, userdata);
}
static int event_update_signal_fd(sd_event *e) {
--
1.7.7

View File

@ -1,43 +0,0 @@
From 37f78db2f4a33474fc349f406b0a0a48e9c573a2 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 21 Feb 2014 03:29:00 +0100
Subject: [PATCH] selinux: Don't attempt to load policy in initramfs if it
doesn't exist
Currently on at least Fedora, SELinux policy does not come in the
initramfs. systemd will attempt to load *both* in the initramfs and
in the real root.
Now, the selinux_init_load_policy() API has a regular error return
value, as well as an "enforcing" boolean. To determine enforcing
state, it looks for /etc/selinux/config as well as the presence of
"enforcing=" on the kernel command line.
Ordinarily, neither of those exist in the initramfs, so it will return
"unknown" for enforcing, and systemd will simply ignore the failure to
load policy.
---
src/core/selinux-setup.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git src/core/selinux-setup.c src/core/selinux-setup.c
index 7a32ed5..9a5d6b2 100644
--- src/core/selinux-setup.c
+++ src/core/selinux-setup.c
@@ -58,6 +58,13 @@ int selinux_setup(bool *loaded_policy) {
cb.func_log = null_log;
selinux_set_callback(SELINUX_CB_LOG, cb);
+ /* Don't load policy in the initrd if we don't appear to have
+ * it. For the real root, we check below if we've already
+ * loaded policy, and return gracefully.
+ */
+ if (in_initrd() && access(selinux_path(), F_OK) < 0)
+ return 0;
+
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
--
1.7.7

View File

@ -1,40 +0,0 @@
From 9bd9f43fceff79796f6d2a3fb19f7a711a3f3ec5 Mon Sep 17 00:00:00 2001
From: Daniel Mack <zonque@gmail.com>
Date: Fri, 21 Feb 2014 11:39:38 +0100
Subject: [PATCH] shared/architecture.h: fix preprocessor directives
Use 'if defined()', not 'ifdef defined()'. Fixes the following warning.
CC src/shared/architecture.lo
In file included from src/shared/architecture.c:24:0:
src/shared/architecture.h:89:17: warning: extra tokens at end of #ifdef
directive [enabled by default]
# ifdef defined(WORDS_BIGENDIAN)
^
---
src/shared/architecture.h | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git src/shared/architecture.h src/shared/architecture.h
index fcfc45a..58a8164 100644
--- src/shared/architecture.h
+++ src/shared/architecture.h
@@ -80,13 +80,13 @@ Architecture uname_architecture(void);
#elif defined(__alpha__)
# define native_architecture() ARCHITECTURE_ALPHA
#elif defined(__aarch64__)
-# ifdef defined(WORDS_BIGENDIAN)
+# if defined(WORDS_BIGENDIAN)
# define native_architecture() ARCHITECTURE_ARM64_BE
# else
# define native_architecture() ARCHITECTURE_ARM64
# endif
#elif defined(__arm__)
-# ifdef defined(WORDS_BIGENDIAN)
+# if defined(WORDS_BIGENDIAN)
# define native_architecture() ARCHITECTURE_ARM_BE
# else
# define native_architecture() ARCHITECTURE_ARM
--
1.7.7

View File

@ -1,27 +0,0 @@
From 7143555ce8f94b002d06b9b058d7d90c3a4901a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 24 Feb 2014 08:02:28 -0500
Subject: [PATCH] units/serial-getty@.service: add [Install] section
This makes it easier to manually enable and disable
specific gettys, and also mirrors getty@.service.
http://lists.freedesktop.org/archives/systemd-devel/2014-February/017329.html
---
units/serial-getty@.service.m4 | 3 +++
1 file changed, 3 insertions(+)
diff --git units/serial-getty@.service.m4 units/serial-getty@.service.m4
index 0e612bb..e94cdb4 100644
--- systemd-209/units/serial-getty@.service.m4
+++ systemd-209/units/serial-getty@.service.m4
@@ -33,3 +33,6 @@ TTYVHangup=yes
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
+
+[Install]
+WantedBy=getty.target
--
1.7.9.2

View File

@ -56,7 +56,13 @@ Mon Mar 3 13:58:11 UTC 2014 - werner@suse.de
libsystemd-daemon.so do not make use of IFUNC
anymore.
- Dropped systemd patches as those are fixed upstream:
* 0001-nspawn-fix-detection-of-missing-proc-self-loginuid.patch
* 0001-units-serial-getty-.service-add-Install-section.patch
* 0001-shared-architecture.h-fix-preprocessor-directives.patch
* 0001-selinux-Don-t-attempt-to-load-policy-in-initramfs-if.patch
* 0001-sd-event-Fix-systemd-crash-when-using-timer-units.patchc
* 0001-make-tests-with-libseccomp-work.patch
* 0001-build-sys-Fix-compilation-of-nspawn-when-seccomp-is-.patch
* 0001-units-serial-getty-.service-add-Install-section.patch
- Dropped patches as those do not work anymore
* 1006-udev-always-rename-network.patch
- Renamed systemd patches as seen from git log:

View File

@ -217,6 +217,7 @@ Patch117: 0001-make-209-working-on-older-dist.patch
Patch119: 0001-make-fortify-happy-with-ppoll.patch
# PATCH-FIX-SUSE 0001-avoid-abort-due-timeout-at-user-service.patch werner@suse.com
Patch120: 0001-avoid-abort-due-timeout-at-user-service.patch
# PATCH-FIX-USTREAM added at 2014/0303
Patch121: 0001-nspawn-fix-detection-of-missing-proc-self-loginuid.patch
# PATCH-FIX-USTREAM added at 2014/0303
@ -243,6 +244,7 @@ Patch131: 0012-login-Allow-calling-org.freedesktop.login1.Seat.Swit.patch
Patch132: 0013-login-set-pos-slot-to-fallback-on-pos-eviction.patch
# PATCH-FIX-USTREAM added at 2014/0303
Patch133: 0014-login-fix-pos-array-allocation.patch
# PATCH-FIX-OPENSUSE 1009-make-xsltproc-use-correct-ROFF-links.patch -- Make ROFF links working again in manual pages (bnc#842844)
Patch1009: 1009-make-xsltproc-use-correct-ROFF-links.patch
# PATCH-FIX-OPENSUSE 1010-do-not-install-sulogin-unit-with-poweroff.patch -- Avoid installing console-shell.service (bnc#849071)