- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446)

See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for
  details. 
  Now that the number of SUSE specific patches has been shrinked and
  is pretty low (12 at the time of this writing), they are no more
  tracked by the git repo and are now handled at the package
  level. Hence It is easier to maintain and identify them. This
  effectively means that SUSE/v246 will contain upstream commits only.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1113
This commit is contained in:
Franck Bui 2020-09-04 06:47:46 +00:00 committed by Git OBS Bridge
parent 47425fd6e2
commit c939ecec0c
18 changed files with 861 additions and 21 deletions

View File

@ -0,0 +1,80 @@
From f98af900e625b15862f9173a5c55662d4cee7356 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Mon, 29 Oct 2012 13:01:20 +0000
Subject: [PATCH 01/12] restore /var/run and /var/lock bind mount if they
aren't symlink
---
units/meson.build | 2 ++
units/var-lock.mount | 19 +++++++++++++++++++
units/var-run.mount | 19 +++++++++++++++++++
3 files changed, 40 insertions(+)
create mode 100644 units/var-lock.mount
create mode 100644 units/var-run.mount
diff --git a/units/meson.build b/units/meson.build
index 275daad3f4..dadc9432ef 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -150,6 +150,8 @@ units = [
['umount.target', ''],
['usb-gadget.target', ''],
['user.slice', ''],
+ ['var-run.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'],
+ ['var-lock.mount', 'HAVE_SYSV_COMPAT', 'local-fs.target.wants/'],
['var-lib-machines.mount', 'ENABLE_MACHINED',
'remote-fs.target.wants/ machines.target.wants/'],
]
diff --git a/units/var-lock.mount b/units/var-lock.mount
new file mode 100644
index 0000000000..07277adac3
--- /dev/null
+++ b/units/var-lock.mount
@@ -0,0 +1,19 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Lock Directory
+Before=local-fs.target
+# skip mounting if the directory does not exist or is a symlink
+ConditionPathIsDirectory=/var/lock
+ConditionPathIsSymbolicLink=!/var/lock
+
+[Mount]
+What=/run/lock
+Where=/var/lock
+Type=bind
+Options=bind
diff --git a/units/var-run.mount b/units/var-run.mount
new file mode 100644
index 0000000000..ab4da424c9
--- /dev/null
+++ b/units/var-run.mount
@@ -0,0 +1,19 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Runtime Directory
+Before=local-fs.target
+# skip mounting if the directory does not exist or is a symlink
+ConditionPathIsDirectory=/var/run
+ConditionPathIsSymbolicLink=!/var/run
+
+[Mount]
+What=/run
+Where=/var/run
+Type=bind
+Options=bind
--
2.26.2

View File

@ -0,0 +1,27 @@
From 59f2eadb29ac38803fd32fe52f1403343a7d74ac Mon Sep 17 00:00:00 2001
From: Thomas Blume <thomas.blume@suse.com>
Date: Tue, 25 Mar 2014 13:08:56 +0000
Subject: [PATCH 02/12] rc-local: fix ordering startup for
/etc/init.d/boot.local
[tblume: fixes bnc#869142]
---
units/rc-local.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/rc-local.service.in b/units/rc-local.service.in
index 78ce69e0ae..0bcea82bed 100644
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@@ -13,7 +13,7 @@
Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@
-After=network.target
+After=basic.target
[Service]
Type=forking
--
2.26.2

View File

@ -0,0 +1,43 @@
From f299a8180f1db0680b454c0e37696891361e3067 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Tue, 28 May 2013 15:17:35 +0200
Subject: [PATCH 03/12] strip the domain part from /etc/hostname when setting
system host name
[fbui: fixes bnc#820213]
[fbui: forwardported from bfd2462b8ddec591d953841ab22bb30bdc6f9085]
[fbui: adjust context and make sure that strip of the domain name is
only done when setting the system host name. Therefore it's
still possible to pass an FQDN to hostnamectl]
[fbui: I'm still not sure that it was the right thing to do. Other
possibility was to fix the installer to create a correct
/etc/hostname file. Need to investigate...]
---
src/core/hostname-setup.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/hostname-setup.c b/src/core/hostname-setup.c
index 6d047db838..1acc0c998b 100644
--- a/src/core/hostname-setup.c
+++ b/src/core/hostname-setup.c
@@ -39,8 +39,16 @@ int hostname_setup(void) {
enoent = true;
else
log_warning_errno(r, "Failed to read configured hostname: %m");
- } else
+ } else {
+ char *domain;
+
+ /* SUSE: strip the domain name */
+ domain = strchr(b, '.');
+ if (domain)
+ *domain = '\0';
+
hn = b;
+ }
}
if (isempty(hn)) {
--
2.26.2

View File

@ -0,0 +1,124 @@
From b46d43bf980afe13cfff39fc2876aed10f33db1d Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Thu, 14 Apr 2016 15:42:02 +0200
Subject: [PATCH 04/12] tmpfiles: support exclude statements based on file
ownership
SUSE supported tmpfile cleanups based on file ownership before systemd.
So this feature needs to be available in systemd.
This was part of fate#314974
[tblume: suse-only patch ported from SLES12-SP1 commit e769a63907ae4b]
[tblume: part of fate#314974]
---
man/tmpfiles.d.xml | 4 +++-
src/tmpfiles/tmpfiles.c | 49 ++++++++++++++++++++++++++++++++---------
2 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index b9e9eee96c..b90ae01345 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -605,7 +605,9 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
suffixed by a newline. For <varname>C</varname>, specifies the source file or directory. For <varname>t</varname>
and <varname>T</varname>, determines extended attributes to be set. For <varname>a</varname> and
<varname>A</varname>, determines ACL attributes to be set. For <varname>h</varname> and <varname>H</varname>,
- determines the file attributes to set. Ignored for all other lines.</para>
+ determines the file attributes to set. For <varname>x</varname> and <varname>X</varname> a comma separated list
+ of usernames. If given, only paths belonging to these users will be excluded during directory cleanup. Ignored
+ for all other lines.</para>
<para>This field can contain specifiers, see below.</para>
</refsect2>
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 2404e36bf2..349653c786 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -14,6 +14,8 @@
#include <sysexits.h>
#include <time.h>
#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
#include "sd-path.h"
@@ -505,6 +507,7 @@ static int dir_cleanup(
struct stat s;
usec_t age;
_cleanup_free_ char *sub_path = NULL;
+ Item *found;
if (dot_or_dot_dot(dent->d_name))
continue;
@@ -546,15 +549,41 @@ static int dir_cleanup(
goto finish;
}
- /* Is there an item configured for this path? */
- if (ordered_hashmap_get(items, sub_path)) {
- log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
- continue;
- }
+ /* evaluate username arguments in ignore statements */
+ found = find_glob(globs, sub_path);
- if (find_glob(globs, sub_path)) {
- log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
- continue;
+ if (i->type == CREATE_DIRECTORY && found && found->argument) {
+ struct passwd *pw;
+ char *userfound = NULL, *args = strdup(found->argument);
+ bool match = false;
+
+ while ((userfound = strsep(&args, ","))) {
+ pw = getpwnam(userfound);
+
+ if (pw) {
+ if (s.st_uid == pw->pw_uid) {
+ match = true;
+ break;
+ }
+ }
+ }
+
+ if (match) {
+ log_debug("Ignoring \"%s\" of user \"%s\".", sub_path, pw->pw_name);
+ match=false;
+ continue;
+ }
+ } else {
+ /* Is there an item configured for this path? */
+ if (ordered_hashmap_get(items, sub_path)) {
+ log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
+ continue;
+ }
+
+ if (found) {
+ log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
+ continue;
+ }
}
if (S_ISDIR(s.st_mode)) {
@@ -2637,8 +2666,6 @@ static int parse_line(
case EMPTY_DIRECTORY:
case TRUNCATE_DIRECTORY:
case CREATE_FIFO:
- case IGNORE_PATH:
- case IGNORE_DIRECTORY_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
case ADJUST_MODE:
@@ -2649,6 +2676,8 @@ static int parse_line(
break;
+ case IGNORE_PATH:
+ case IGNORE_DIRECTORY_PATH:
case CREATE_FILE:
case TRUNCATE_FILE:
break;
--
2.26.2

View File

@ -0,0 +1,29 @@
From 8e95d5534e9a577529ac49aaec610e6ceefec0b9 Mon Sep 17 00:00:00 2001
From: Robert Milasan <rmilasan@suse.com>
Date: Sat, 12 Jul 2014 14:20:36 +0200
Subject: [PATCH 05/12] udev: create default symlinks for primary cd_dvd drive
Imported from SLE12-SP1, commit 4f8bacfbffd7049608b5076.
[rmilasan: fixes bnc#783054]
---
rules.d/60-cdrom_id.rules | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/rules.d/60-cdrom_id.rules b/rules.d/60-cdrom_id.rules
index 288f8ce2f9..578c77441c 100644
--- a/rules.d/60-cdrom_id.rules
+++ b/rules.d/60-cdrom_id.rules
@@ -25,5 +25,9 @@ IMPORT{program}="cdrom_id --lock-media $devnode"
ENV{DISK_MEDIA_CHANGE}=="?*", ENV{ID_CDROM_MEDIA}!="?*", ENV{SYSTEMD_READY}="0"
KERNEL=="sr0", SYMLINK+="cdrom", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM}=="1", SYMLINK+="cdrom", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_CD_RW}=="1", SYMLINK+="cdrw", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100"
+KERNEL=="sr0", ENV{ID_CDROM_DVD_RW}=="1", SYMLINK+="dvdrw", OPTIONS+="link_priority=-100"
LABEL="cdrom_end"
--
2.26.2

View File

@ -0,0 +1,123 @@
From f9521480d5dc5af747fecc9adc4c617e473e5494 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 26 May 2016 08:59:41 +0200
Subject: [PATCH 06/12] sysv-generator: add (back) support for SysV scripts for
the early boot
For the record, the upstream support was removed by commit
3cdebc217c42c8529086f2965319b6a48eaaeabe.
The sysv-generator has some weirdos: for example a service at the rc0
runlevel won't be started during shutdown since it will get both
"WantedBy=poweroff.target" and "Conflicts=shutdown.target".
Anyways what's the current patch implements the following:
- a symlink /etc/init.d/boot.d/S??boot.foo will add
"WantedBy/Before=sysinit.target" constraints and make sure that the
default dependencies added by systemd are turned off.
- a symlink /etc/init.d/boot.d/K??boot.foo will add
"Conflicts/Before=shutdown.target" so "foo" service will be stopped
like any other regular services. If this symlink is not installed
however, "foo" will be stopped lately during the systemd killing
spree.
This is a forward-port of commit 29db8537e1ca10796797d9854d1 in SP1.
[Since v232]
Support for S* symlinks in runlevel 0 or 6 has been completely and silently
removed by 788d2b088b13a2444b9eb2ea82c0cc57d9f0980f. Since it was already
broken as pointed out above, this probably wasn't really used and therefore
no one will really care. So let's drop it too.
However this has the side effect to make the support of early sysv scripts more
difficult. To make things easy, the support of K* symlinks in boot.d/ has been
removed too: this is probably not used (anymore) (at least intentionally).
The consequence is that early sysv services are stopped during shutdown at
the same time as 'normal' services.
---
src/sysv-generator/sysv-generator.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index a2c72d1009..1c01008967 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -31,6 +31,9 @@ static const struct {
const char *path;
const char *target;
} rcnd_table[] = {
+ /* SUSE style boot.d */
+ { "boot.d", SPECIAL_SYSINIT_TARGET },
+
/* Standard SysV runlevels for start-up */
{ "rc1.d", SPECIAL_RESCUE_TARGET },
{ "rc2.d", SPECIAL_MULTI_USER_TARGET },
@@ -57,6 +60,7 @@ typedef struct SysvStub {
bool has_lsb;
bool reload;
bool loaded;
+ bool early;
} SysvStub;
static void free_sysvstub(SysvStub *s) {
@@ -147,6 +151,12 @@ static int generate_unit_file(SysvStub *s) {
fprintf(f, "Description=%s\n", t);
}
+ if (s->early) {
+ fprintf(f, "DefaultDependencies=no\n");
+ fprintf(f, "Conflicts=%s\n", SPECIAL_SHUTDOWN_TARGET);
+ fprintf(f, "Before=%s\n", SPECIAL_SHUTDOWN_TARGET);
+ }
+
STRV_FOREACH(p, s->before)
fprintf(f, "Before=%s\n", *p);
STRV_FOREACH(p, s->after)
@@ -213,6 +223,10 @@ static char *sysv_translate_name(const char *name) {
_cleanup_free_ char *c = NULL;
char *res;
+ if (startswith(name, "boot."))
+ /* Drop SuSE-style boot. prefix */
+ name += 5;
+
c = strdup(name);
if (!c)
return NULL;
@@ -289,6 +303,11 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
return 1;
}
+ /* Strip "boot." prefix from file name for comparison (Suse specific) */
+ e = startswith(filename, "boot.");
+ if (e)
+ filename += 5;
+
/* Strip ".sh" suffix from file name for comparison */
filename_no_sh = strdupa(filename);
e = endswith(filename_no_sh, ".sh");
@@ -676,6 +695,9 @@ static int fix_order(SysvStub *s, Hashmap *all_services) {
if (other->sysv_start_priority < 0)
continue;
+ if (s->early != other->early)
+ continue;
+
/* If both units have modern headers we don't care
* about the priorities */
if (s->has_lsb && other->has_lsb)
@@ -800,6 +822,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) {
.sysv_start_priority = -1,
.name = TAKE_PTR(name),
.path = TAKE_PTR(fpath),
+ .early = !!startswith(de->d_name, "boot."),
};
r = hashmap_put(all_services, service->name, service);
--
2.26.2

View File

@ -0,0 +1,29 @@
From 0adc3f402aeeadd73a0977ca6a1bc65d3d4201c1 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
Date: Tue, 2 Jun 2015 13:33:24 +0000
Subject: [PATCH 07/12] networkd: make network.service an alias of
systemd-networkd.service
NetworkManager and wicked does this already. This is needed by yast2
and other parts of the system.
[fixes boo#933092]
---
units/systemd-networkd.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 2673146841..083a35b912 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -50,6 +50,7 @@ User=systemd-network
[Install]
WantedBy=multi-user.target
+Alias=network.service
Also=systemd-networkd.socket
Alias=dbus-org.freedesktop.network1.service
--
2.26.2

View File

@ -0,0 +1,73 @@
From a32292849ca2837f99d6801da26b8d8e401831c4 Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Wed, 4 May 2016 17:40:04 +0200
Subject: [PATCH 08/12] sysv-generator: translate "Required-Start" into a
"Wants" dependency
[tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch]
[fbui: this is needed probably because insserv's behavior has been
sadly changed since SLE11: it now doesn't failed if a
dependency listed by Required-Start is missing.]
[fbui: according to Werner "This should fix bnc#858864 and
bnc#857204." (see Base:System changelog)]
---
src/sysv-generator/sysv-generator.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index 1c01008967..7a58be9287 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -258,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
"remote_fs", SPECIAL_REMOTE_FS_TARGET,
"syslog", NULL,
"time", SPECIAL_TIME_SYNC_TARGET,
+ "all", SPECIAL_DEFAULT_TARGET,
};
const char *filename;
@@ -272,6 +273,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
filename = basename(s->path);
+ n = *name == '+' ? ++name : name;
n = *name == '$' ? name + 1 : name;
for (i = 0; i < ELEMENTSOF(table); i += 2) {
@@ -408,7 +410,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
for (;;) {
_cleanup_free_ char *word = NULL, *m = NULL;
- bool is_before;
+ bool is_before, is_wanted;
r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX);
if (r < 0)
@@ -421,6 +423,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
continue;
is_before = startswith_no_case(full_text, "X-Start-Before:");
+ is_wanted = startswith_no_case(full_text, "Required-Start:");
if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) {
/* the network-online target is special, as it needs to be actively pulled in */
@@ -429,8 +432,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
return log_oom();
r = strv_extend(&s->wants, m);
- } else
+ } else {
r = strv_extend(is_before ? &s->before : &s->after, m);
+
+ if (is_wanted)
+ r = strv_extend(&s->wants, m);
+ }
+
if (r < 0)
return log_oom();
}
--
2.26.2

View File

@ -0,0 +1,60 @@
From 7fc80ccccaa6f7b98af8bcd899a97d561777ff94 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 10 Jun 2016 15:19:57 +0200
Subject: [PATCH 09/12] pid1: handle console specificities/weirdness for s390
arch
The 3270 console on S/390 can do color but not the 3215 console.
Partial forward port of
0001-On_s390_con3270_disable_ANSI_colour_esc.patch from SLE12-SP1. A
bunch of the previous code has been dropped since some changes
imported from upsteam made them uneeded.
The remaining bits are probably hackish but at least they are now
minimal.
It was an attempt to address bnc#860937. And yes turning the console
color mode off by passing $TERM=dumb via the kernel command line would
have been much more easier and enough.
This is actually implemented by recent systemd. There's also another
command line option: systemd.log_color=off.
See also a short discussion which happened on @systemd-maintainers
whose $subject is "[PATCH] support conmode setting on command line".
[ fbui: fixes bsc#860937 ]
---
src/basic/terminal-util.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index 6cacde90ba..1a03902acc 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -780,7 +780,20 @@ bool tty_is_vc_resolve(const char *tty) {
}
const char *default_term_for_tty(const char *tty) {
- return tty && tty_is_vc_resolve(tty) ? "linux" : "vt220";
+ if (tty && tty_is_vc_resolve(tty))
+ return "linux";
+
+#if defined (__s390__) || defined (__s390x__)
+ if (tty && tty_is_console(tty)) {
+ _cleanup_free_ char *mode = NULL;
+
+ /* Simply return "dumb" in case of OOM. */
+ (void) proc_cmdline_get_key("conmode", 0, &mode);
+ (void) proc_cmdline_value_missing("conmode", mode);
+ return streq_ptr(mode, "3270") ? "ibm327x" : "dumb";
+ }
+#endif
+ return "vt220";
}
int fd_columns(int fd) {
--
2.26.2

View File

@ -0,0 +1,80 @@
From aeb4ca8cf65ee8f22cf7635fea2c501c015fc906 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 29 Jun 2016 17:55:35 +0200
Subject: [PATCH 10/12] journald: disable audit support completely from the
journal
This patch not only prevents journald to enable audit system
unconditionally very early at boot but also prevents it to receive
audit messages for the audit netlink and to push them into the
journal.
The first reason is that when journald enables kernel audit, it does
not disable syscall audit (it doesn't load the audit rules), which
introduced a global performance hit. This can be minimized if audit
service is started but that's not the case for all systems.
The second reason is that for systems where audit was disabled by
default they will suddenly have audit enabled (unless audit=0 was
already passed to the kernel command line). This means tons of audit
messages will be sent to dmesg, syslog, journal files, etc...
Note also that audit messages are duplicated in the journal since they
are received both from kmsg and from the audit netlink. A related bug
report can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=1160046.
This basically reverts the following upstream commits:
- 875c2e220e2611165e09051c4747971811f1de58
- 4d9ced9956755901238fede6fc5a3d7e4e816aa6
Upstream issue:
https://github.com/systemd/systemd/issues/959
So disable all of this for now until a better option is found or
someone comes up with a real use case.
Also drop systemd-journald-audit.socket, indeed audit-logs-in-journal 'feature'
has been removed but the socket was still shipped and was statically
enabled. Therefore if auditd service was enabled, incoming messages could be
queued up to 128M and were never read (hence freed) by journald.
[fbui: fixes bsc#984034]
[fbui: fixes bsc#1109252]
---
src/journal/journald-server.c | 4 ++--
units/meson.build | 2 --
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 5865bf9809..14934080cd 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -2384,8 +2384,8 @@ int server_init(Server *s, const char *namespace) {
if (r < 0)
return r;
- /* Unless we got *some* sockets and not audit, open audit socket */
- if (s->audit_fd >= 0 || no_sockets) {
+ /* Suse: disable audit messages in journal entirely. */
+ if (false && no_sockets) {
r = server_open_audit(s);
if (r < 0)
return r;
diff --git a/units/meson.build b/units/meson.build
index dadc9432ef..a31acd3b05 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -110,8 +110,6 @@ units = [
'sysinit.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
- ['systemd-journald-audit.socket', '',
- 'sockets.target.wants/'],
['systemd-journald-dev-log.socket', '',
'sockets.target.wants/'],
['systemd-journald.socket', '',
--
2.26.2

View File

@ -0,0 +1,45 @@
From e5b3d1d00bbdbcb168889699c462bf01b58062a5 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 6 Jul 2017 15:48:10 +0200
Subject: [PATCH 11/12] core: disable session keyring per system sevice
entirely for now
Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this
feature has to be disabled.
openSUSE is still not ready for enabling the keyring stuff (see
bsc#1081947). Some services got fixed (sshd, getty@.service) but some still
haven't (xdm, login, ...)
So leave it disabled again otherwise different users might end up using the
same session keyring - the one created for the service used for logging in
(sshd, getty@.service, xdm, etc...)
The integration of pam_keyinit is tracked here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081947
See also:
https://github.com/systemd/systemd/pull/6286
[fbui: fixes boo#1045886]
---
src/core/execute.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index 2a4840a3a9..aefd4eaff1 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2779,6 +2779,9 @@ static int setup_keyring(
assert(context);
assert(p);
+ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */
+ return 0;
+
/* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that
* each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond
* that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be
--
2.26.2

View File

@ -0,0 +1,53 @@
From 90d84a96aca84b39f6aabda048703dc7c0e79ef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Mar 2016 17:06:17 -0500
Subject: [PATCH 12/12] resolved: create /etc/resolv.conf symlink at runtime
If the symlink doesn't exists, and we are being started, let's
create it to provie name resolution.
If it exists, do nothing. In particular, if it is a broken symlink,
we cannot really know if the administator configured it to point to
a location used by some service that hasn't started yet, so we
don't touch it in that case either.
https://bugzilla.redhat.com/show_bug.cgi?id=1313085
---
src/resolve/resolved.c | 6 ++++++
tmpfiles.d/etc.conf.m4 | 3 ---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index 16477f28d6..3922804039 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -53,6 +53,12 @@ static int run(int argc, char *argv[]) {
if (r < 0)
return log_error_errno(r, "Cannot resolve user name %s: %m", user);
+ /* As we're root, we can create /etc/resolv.conf symlink if it doesn't exist already */
+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
+ if (r < 0 && errno != EEXIST)
+ log_warning_errno(errno,
+ "Could not create /etc/resolv.conf symlink: %m");
+
/* As we're root, we can create the directory where resolv.conf will live */
r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE);
if (r < 0)
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index f82e0b82ce..66a777bdb2 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
m4_ifdef(`HAVE_SMACK_RUN_LABEL',
t /etc/mtab - - - - security.SMACK64=_
)m4_dnl
-m4_ifdef(`ENABLE_RESOLVE',
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
-)m4_dnl
C! /etc/nsswitch.conf - - - -
m4_ifdef(`HAVE_PAM',
C! /etc/pam.d - - - -
--
2.26.2

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Wed Sep 2 10:14:10 UTC 2020 - Franck Bui <fbui@suse.com>
- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446)
See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for
details.
Now that the number of SUSE specific patches has been shrinked and
is pretty low (12 at the time of this writing), they are no more
tracked by the git repo and are now handled at the package
level. Hence It is easier to maintain and identify them. This
effectively means that SUSE/v246 will contain upstream commits only.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com> Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>

View File

@ -26,7 +26,7 @@
##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! #####
%define mini -mini %define mini -mini
%define min_kernel_version 4.5 %define min_kernel_version 4.5
%define suse_version +suse.51.ga4e393eecb %define suse_version +suse.20.gf1344d5b7f
%bcond_with gnuefi %bcond_with gnuefi
%if 0%{?bootstrap} %if 0%{?bootstrap}
@ -55,7 +55,7 @@
Name: systemd-mini Name: systemd-mini
URL: http://www.freedesktop.org/wiki/Software/systemd URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 245.7 Version: 246.4
Release: 0 Release: 0
Summary: A System and Session Manager Summary: A System and Session Manager
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
@ -159,12 +159,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh Source101: scripts-systemd-upgrade-from-pre-210.sh
Source102: scripts-systemd-migrate-sysconfig-i18n.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh
# Patches listed in here are put in quarantine. Normally all # Patches listed below are SUSE specific and should be kept at its
# changes must go to upstream first and then are cherry-picked in the # minimum. We try hard to push our changes to upstream but sometimes
# SUSE git repository. But in very few cases, some stuff might be # they are only relevant for SUSE distros. Special rewards for those
# broken in upstream and need an urgent fix. Even in this case, the # who will manage to get rid of one of them !
# patches are temporary and should be removed as soon as a fix is Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
# merged by upstream. Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch
Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# Patches listed below are put in quarantine. Normally all changes
# must go to upstream first and then are cherry-picked in the SUSE git
# repository. But in very few cases, some stuff might be broken in
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -604,8 +621,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot
ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt
ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown
ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff
%if %{with sysvcompat}
ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit
ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
%endif
# Make sure we don't ship static enablement symlinks in /etc during # Make sure we don't ship static enablement symlinks in /etc during
# installation, presets should be honoured instead. # installation, presets should be honoured instead.
@ -1282,7 +1301,7 @@ fi
%{_mandir}/man7/[bdfks]* %{_mandir}/man7/[bdfks]*
%{_mandir}/man8/kern* %{_mandir}/man8/kern*
%{_mandir}/man8/pam_* %{_mandir}/man8/pam_*
%{_mandir}/man8/systemd-[a-gik-tv]* %{_mandir}/man8/systemd-[a-gik-tvx]*
%{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-h[aioy]*
%{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-journald*
%{_mandir}/man8/systemd-u[ps]* %{_mandir}/man8/systemd-u[ps]*
@ -1359,15 +1378,19 @@ fi
/sbin/halt /sbin/halt
/sbin/shutdown /sbin/shutdown
/sbin/poweroff /sbin/poweroff
%if %{with sysvcompat}
/sbin/telinit /sbin/telinit
/sbin/runlevel /sbin/runlevel
%endif
%{_sbindir}/init %{_sbindir}/init
%{_sbindir}/reboot %{_sbindir}/reboot
%{_sbindir}/halt %{_sbindir}/halt
%{_sbindir}/shutdown %{_sbindir}/shutdown
%{_sbindir}/poweroff %{_sbindir}/poweroff
%if %{with sysvcompat}
%{_sbindir}/telinit %{_sbindir}/telinit
%{_sbindir}/runlevel %{_sbindir}/runlevel
%endif
%if ! 0%{?bootstrap} %if ! 0%{?bootstrap}
%{_mandir}/man1/init.1* %{_mandir}/man1/init.1*
%{_mandir}/man8/halt.8* %{_mandir}/man8/halt.8*

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e0cce0a5990f8ddc03e1dcdb1af7f20331e3e885596710f8a68563882c50d31e
size 6301856

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:707b0dca1d9dd0fa8c8858090b5e14d9741bacda2c4d0a1745707b57b395b254
size 6548244

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Wed Sep 2 10:14:10 UTC 2020 - Franck Bui <fbui@suse.com>
- Upgrade to v246.4 (commit f1344d5b7f31e98aedb01e606f41d74d3caaf446)
See https://github.com/openSUSE/systemd/blob/SUSE/v246/NEWS for
details.
Now that the number of SUSE specific patches has been shrinked and
is pretty low (12 at the time of this writing), they are no more
tracked by the git repo and are now handled at the package
level. Hence It is easier to maintain and identify them. This
effectively means that SUSE/v246 will contain upstream commits only.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com> Thu Aug 27 12:51:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>

View File

@ -24,7 +24,7 @@
%define bootstrap 0 %define bootstrap 0
%define mini %nil %define mini %nil
%define min_kernel_version 4.5 %define min_kernel_version 4.5
%define suse_version +suse.51.ga4e393eecb %define suse_version +suse.20.gf1344d5b7f
%bcond_with gnuefi %bcond_with gnuefi
%if 0%{?bootstrap} %if 0%{?bootstrap}
@ -53,7 +53,7 @@
Name: systemd Name: systemd
URL: http://www.freedesktop.org/wiki/Software/systemd URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 245.7 Version: 246.4
Release: 0 Release: 0
Summary: A System and Session Manager Summary: A System and Session Manager
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
@ -157,12 +157,29 @@ Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh Source101: scripts-systemd-upgrade-from-pre-210.sh
Source102: scripts-systemd-migrate-sysconfig-i18n.sh Source102: scripts-systemd-migrate-sysconfig-i18n.sh
# Patches listed in here are put in quarantine. Normally all # Patches listed below are SUSE specific and should be kept at its
# changes must go to upstream first and then are cherry-picked in the # minimum. We try hard to push our changes to upstream but sometimes
# SUSE git repository. But in very few cases, some stuff might be # they are only relevant for SUSE distros. Special rewards for those
# broken in upstream and need an urgent fix. Even in this case, the # who will manage to get rid of one of them !
# patches are temporary and should be removed as soon as a fix is Patch1: 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
# merged by upstream. Patch2: 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
Patch3: 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
Patch4: 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
Patch10: 0010-journald-disable-audit-support-completely-from-the-j.patch
Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# Patches listed below are put in quarantine. Normally all changes
# must go to upstream first and then are cherry-picked in the SUSE git
# repository. But in very few cases, some stuff might be broken in
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -602,8 +619,10 @@ ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot
ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt
ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown ln -s ../usr/bin/systemctl %{buildroot}/sbin/shutdown
ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff ln -s ../usr/bin/systemctl %{buildroot}/sbin/poweroff
%if %{with sysvcompat}
ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit ln -s ../usr/bin/systemctl %{buildroot}/sbin/telinit
ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel ln -s ../usr/bin/systemctl %{buildroot}/sbin/runlevel
%endif
# Make sure we don't ship static enablement symlinks in /etc during # Make sure we don't ship static enablement symlinks in /etc during
# installation, presets should be honoured instead. # installation, presets should be honoured instead.
@ -1280,7 +1299,7 @@ fi
%{_mandir}/man7/[bdfks]* %{_mandir}/man7/[bdfks]*
%{_mandir}/man8/kern* %{_mandir}/man8/kern*
%{_mandir}/man8/pam_* %{_mandir}/man8/pam_*
%{_mandir}/man8/systemd-[a-gik-tv]* %{_mandir}/man8/systemd-[a-gik-tvx]*
%{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-h[aioy]*
%{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-journald*
%{_mandir}/man8/systemd-u[ps]* %{_mandir}/man8/systemd-u[ps]*
@ -1357,15 +1376,19 @@ fi
/sbin/halt /sbin/halt
/sbin/shutdown /sbin/shutdown
/sbin/poweroff /sbin/poweroff
%if %{with sysvcompat}
/sbin/telinit /sbin/telinit
/sbin/runlevel /sbin/runlevel
%endif
%{_sbindir}/init %{_sbindir}/init
%{_sbindir}/reboot %{_sbindir}/reboot
%{_sbindir}/halt %{_sbindir}/halt
%{_sbindir}/shutdown %{_sbindir}/shutdown
%{_sbindir}/poweroff %{_sbindir}/poweroff
%if %{with sysvcompat}
%{_sbindir}/telinit %{_sbindir}/telinit
%{_sbindir}/runlevel %{_sbindir}/runlevel
%endif
%if ! 0%{?bootstrap} %if ! 0%{?bootstrap}
%{_mandir}/man1/init.1* %{_mandir}/man1/init.1*
%{_mandir}/man8/halt.8* %{_mandir}/man8/halt.8*