Accepting request 234299 from Base:System
- Make baselibs.conf aware to use the appropiate %post and %postun scriptlets which includes pam-config (bnc#877674) - Add upstram patches 0001-core-close-socket-fds-asynchronously.patch 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch 0003-core-make-sure-to-serialize-jobs-for-all-units.patch - Add upstram patches 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch to avoid that in pam session unwanted file descriptors are inherited - Make baselibs.conf aware to use the appropiate %post and %postun scriptlets which includes pam-config (bnc#877674) - Add upstram patches 0001-core-close-socket-fds-asynchronously.patch 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch 0003-core-make-sure-to-serialize-jobs-for-all-units.patch - Add upstram patches 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch to avoid that in pam session unwanted file descriptors are inherited OBS-URL: https://build.opensuse.org/request/show/234299 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=187
This commit is contained in:
commit
ee936cd82e
74
0001-core-close-socket-fds-asynchronously.patch
Normal file
74
0001-core-close-socket-fds-asynchronously.patch
Normal file
@ -0,0 +1,74 @@
|
||||
Based on 574634bcacb01efe15ca2742effd461a5b7afb5f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 13 May 2014 23:22:13 +0200
|
||||
Subject: [PATCH] core: close socket fds asynchronously
|
||||
|
||||
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018928.html
|
||||
---
|
||||
src/core/async.c | 22 ++++++++++++++++++++++
|
||||
src/core/service.c | 5 +++--
|
||||
2 files changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
--- src/core/service.c
|
||||
+++ src/core/service.c 2014-05-16 11:41:50.150735247 +0000
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <unistd.h>
|
||||
#include <sys/reboot.h>
|
||||
|
||||
+#include "async.h"
|
||||
#include "manager.h"
|
||||
#include "unit.h"
|
||||
#include "service.h"
|
||||
@@ -240,7 +241,7 @@ static void service_close_socket_fd(Serv
|
||||
if (s->socket_fd < 0)
|
||||
return;
|
||||
|
||||
- close_nointr_nofail(s->socket_fd);
|
||||
+ asynchronous_close(s->socket_fd);
|
||||
s->socket_fd = -1;
|
||||
}
|
||||
|
||||
@@ -2767,7 +2768,7 @@ static int service_deserialize_item(Unit
|
||||
else {
|
||||
|
||||
if (s->socket_fd >= 0)
|
||||
- close_nointr_nofail(s->socket_fd);
|
||||
+ asynchronous_close(s->socket_fd);
|
||||
s->socket_fd = fdset_remove(fds, fd);
|
||||
}
|
||||
} else if (streq(key, "main-exec-status-pid")) {
|
||||
--- src/core/async.c
|
||||
+++ src/core/async.c 2014-05-07 09:40:35.000000000 +0000
|
||||
@@ -24,6 +24,7 @@
|
||||
|
||||
#include "async.h"
|
||||
#include "log.h"
|
||||
+#include "util.h"
|
||||
|
||||
int asynchronous_job(void* (*func)(void *p), void *arg) {
|
||||
pthread_attr_t a;
|
||||
@@ -70,3 +71,24 @@ int asynchronous_sync(void) {
|
||||
|
||||
return asynchronous_job(sync_thread, NULL);
|
||||
}
|
||||
+
|
||||
+static void *close_thread(void *p) {
|
||||
+ close_nointr_nofail(PTR_TO_INT(p));
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+int asynchronous_close(int fd) {
|
||||
+ int r;
|
||||
+
|
||||
+ /* This is supposed to behave similar to safe_close(), but
|
||||
+ * actually invoke close() asynchronously, so that it will
|
||||
+ * never block. Ideally the kernel would have an API for this,
|
||||
+ * but it doesn't, so we work around it, and hide this as a
|
||||
+ * far away as we can. */
|
||||
+
|
||||
+ r = asynchronous_job(close_thread, INT_TO_PTR(fd));
|
||||
+ if (r < 0)
|
||||
+ close_nointr_nofail(fd);
|
||||
+
|
||||
+ return -1;
|
||||
+}
|
39
0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
Normal file
39
0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From ead349509e325aad720bb0349521a9e56e2ac7c0 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 13 May 2014 16:40:53 +0200
|
||||
Subject: [PATCH] replace more dup() by F_DUPFD_CLOEXEC
|
||||
|
||||
---
|
||||
src/login/inhibit.c | 2 +-
|
||||
src/shared/install.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git src/login/inhibit.c src/login/inhibit.c
|
||||
index 48c2ec4..ae3afdf 100644
|
||||
--- src/login/inhibit.c
|
||||
+++ src/login/inhibit.c
|
||||
@@ -64,7 +64,7 @@ static int inhibit(sd_bus *bus, sd_bus_error *error) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- r = dup(fd);
|
||||
+ r = fcntl(fd, F_DUPFD_CLOEXEC, 3);
|
||||
if (r < 0)
|
||||
return -errno;
|
||||
|
||||
diff --git src/shared/install.c src/shared/install.c
|
||||
index acfba25..9ce9403 100644
|
||||
--- src/shared/install.c
|
||||
+++ src/shared/install.c
|
||||
@@ -332,7 +332,7 @@ static int remove_marked_symlinks(
|
||||
int q, cfd;
|
||||
deleted = false;
|
||||
|
||||
- cfd = dup(fd);
|
||||
+ cfd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
|
||||
if (cfd < 0) {
|
||||
r = -errno;
|
||||
break;
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -0,0 +1,28 @@
|
||||
From 301f9684e6465df5d0590f6c571fe3229ded966d Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Thu, 15 May 2014 18:30:07 +0200
|
||||
Subject: [PATCH] logind: bring polkit policy for hibernate in line with
|
||||
suspend/poweroff/reboot
|
||||
|
||||
THere's no reason why hibernate should be better protected then
|
||||
suspendor poweroff, so sync the policies.
|
||||
---
|
||||
src/login/org.freedesktop.login1.policy.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git src/login/org.freedesktop.login1.policy.in src/login/org.freedesktop.login1.policy.in
|
||||
index b96d32d..b8e90f1 100644
|
||||
--- src/login/org.freedesktop.login1.policy.in
|
||||
+++ src/login/org.freedesktop.login1.policy.in
|
||||
@@ -254,7 +254,7 @@
|
||||
<defaults>
|
||||
<allow_any>auth_admin_keep</allow_any>
|
||||
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||
- <allow_active>auth_admin_keep</allow_active>
|
||||
+ <allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate>
|
||||
</action>
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -0,0 +1,26 @@
|
||||
From 85c08dc013f9f99b58bc9b79284af0b35304237b Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Tue, 13 May 2014 16:35:34 +0200
|
||||
Subject: [PATCH] pam_systemd: use F_DUPFD_CLOEXEC when dupping session fds
|
||||
|
||||
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019034.html
|
||||
---
|
||||
src/login/pam-module.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git src/login/pam-module.c src/login/pam-module.c
|
||||
index 9873dd5..1259457 100644
|
||||
--- src/login/pam-module.c
|
||||
+++ src/login/pam-module.c
|
||||
@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||
}
|
||||
|
||||
if (session_fd >= 0) {
|
||||
- session_fd = dup(session_fd);
|
||||
+ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
|
||||
if (session_fd < 0) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
|
||||
return PAM_SESSION_ERR;
|
||||
--
|
||||
1.7.9.2
|
||||
|
118
0003-core-make-sure-to-serialize-jobs-for-all-units.patch
Normal file
118
0003-core-make-sure-to-serialize-jobs-for-all-units.patch
Normal file
@ -0,0 +1,118 @@
|
||||
From 9bdb98c59451ed090f8d35d470a54710f389ce71 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 16 May 2014 01:15:03 +0200
|
||||
Subject: [PATCH] core: make sure to serialize jobs for all units
|
||||
|
||||
Previously we wouldn't serialize jobs for units that themselves have
|
||||
nothing to serialize.
|
||||
|
||||
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
|
||||
---
|
||||
src/core/manager.c | 3 ---
|
||||
src/core/unit.c | 43 +++++++++++++++++++++----------------------
|
||||
2 files changed, 21 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git src/core/manager.c src/core/manager.c
|
||||
index 1e3e127..d0af674 100644
|
||||
--- src/core/manager.c
|
||||
+++ src/core/manager.c
|
||||
@@ -2131,9 +2131,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
|
||||
if (u->id != t)
|
||||
continue;
|
||||
|
||||
- if (!unit_can_serialize(u))
|
||||
- continue;
|
||||
-
|
||||
/* Start marker */
|
||||
fputs(u->id, f);
|
||||
fputc('\n', f);
|
||||
diff --git src/core/unit.c src/core/unit.c
|
||||
index c4ed923..41651ba 100644
|
||||
--- src/core/unit.c
|
||||
+++ src/core/unit.c
|
||||
@@ -2288,25 +2288,25 @@ bool unit_can_serialize(Unit *u) {
|
||||
}
|
||||
|
||||
int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
|
||||
- ExecRuntime *rt;
|
||||
int r;
|
||||
|
||||
assert(u);
|
||||
assert(f);
|
||||
assert(fds);
|
||||
|
||||
- if (!unit_can_serialize(u))
|
||||
- return 0;
|
||||
-
|
||||
- r = UNIT_VTABLE(u)->serialize(u, f, fds);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
+ if (unit_can_serialize(u)) {
|
||||
+ ExecRuntime *rt;
|
||||
|
||||
- rt = unit_get_exec_runtime(u);
|
||||
- if (rt) {
|
||||
- r = exec_runtime_serialize(rt, u, f, fds);
|
||||
+ r = UNIT_VTABLE(u)->serialize(u, f, fds);
|
||||
if (r < 0)
|
||||
return r;
|
||||
+
|
||||
+ rt = unit_get_exec_runtime(u);
|
||||
+ if (rt) {
|
||||
+ r = exec_runtime_serialize(rt, u, f, fds);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ }
|
||||
}
|
||||
|
||||
dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
|
||||
@@ -2368,17 +2368,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
|
||||
}
|
||||
|
||||
int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
|
||||
- size_t offset;
|
||||
ExecRuntime **rt = NULL;
|
||||
+ size_t offset;
|
||||
int r;
|
||||
|
||||
assert(u);
|
||||
assert(f);
|
||||
assert(fds);
|
||||
|
||||
- if (!unit_can_serialize(u))
|
||||
- return 0;
|
||||
-
|
||||
offset = UNIT_VTABLE(u)->exec_runtime_offset;
|
||||
if (offset > 0)
|
||||
rt = (ExecRuntime**) ((uint8_t*) u + offset);
|
||||
@@ -2503,17 +2500,19 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (rt) {
|
||||
- r = exec_runtime_deserialize_item(rt, u, l, v, fds);
|
||||
+ if (unit_can_serialize(u)) {
|
||||
+ if (rt) {
|
||||
+ r = exec_runtime_deserialize_item(rt, u, l, v, fds);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ if (r > 0)
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
|
||||
if (r < 0)
|
||||
return r;
|
||||
- if (r > 0)
|
||||
- continue;
|
||||
}
|
||||
-
|
||||
- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -1,6 +1,10 @@
|
||||
systemd
|
||||
supplements "packageand(systemd:pam-<targettype>)"
|
||||
-/lib/systemd/system/
|
||||
post "<prefix>%{_sbindir}/pam-config -a --systemd || :"
|
||||
# postun "if [ "$1" == "0" ]; then"
|
||||
# postun "<prefix>%{_sbindir}/pam-config -d --systemd || :"
|
||||
# postun "fi"
|
||||
libudev0
|
||||
libgudev-1_0-0
|
||||
libudev1
|
||||
|
@ -1,3 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri May 16 12:00:12 UTC 2014 - werner@suse.de
|
||||
|
||||
- Make baselibs.conf aware to use the appropiate %post and %postun
|
||||
scriptlets which includes pam-config (bnc#877674)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 16 11:47:06 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstram patches
|
||||
0001-core-close-socket-fds-asynchronously.patch
|
||||
0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
|
||||
0003-core-make-sure-to-serialize-jobs-for-all-units.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 14 07:37:08 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstram patches
|
||||
0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
|
||||
0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
|
||||
to avoid that in pam session unwanted file descriptors are inherited
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 13 08:28:05 UTC 2014 - werner@suse.de
|
||||
|
||||
|
@ -429,6 +429,16 @@ Patch217: 0004-backlight-warn-if-kernel-exposes-backlight-device-wi.patch
|
||||
Patch218: 0005-backlight-handle-saved-brightness-exceeding-max-brig.patch
|
||||
# PATCH-FIX-SUSE Do not poison kmsg ring buffer with systemd/udev messages (bnc#877021)
|
||||
Patch219: log-target-null-instead-kmsg.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/14
|
||||
Patch220: 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/14
|
||||
Patch221: 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch222: 0001-core-close-socket-fds-asynchronously.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch223: 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch224: 0003-core-make-sure-to-serialize-jobs-for-all-units.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -833,6 +843,11 @@ cp %{SOURCE7} m4/
|
||||
%patch217 -p0
|
||||
%patch218 -p0
|
||||
%patch219 -p1
|
||||
%patch220 -p0
|
||||
%patch221 -p0
|
||||
%patch222 -p0
|
||||
%patch223 -p0
|
||||
%patch224 -p0
|
||||
|
||||
# udev patches
|
||||
%patch1001 -p1
|
||||
|
@ -1,3 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri May 16 12:00:12 UTC 2014 - werner@suse.de
|
||||
|
||||
- Make baselibs.conf aware to use the appropiate %post and %postun
|
||||
scriptlets which includes pam-config (bnc#877674)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 16 11:47:06 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstram patches
|
||||
0001-core-close-socket-fds-asynchronously.patch
|
||||
0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
|
||||
0003-core-make-sure-to-serialize-jobs-for-all-units.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 14 07:37:08 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstram patches
|
||||
0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
|
||||
0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
|
||||
to avoid that in pam session unwanted file descriptors are inherited
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 13 08:28:05 UTC 2014 - werner@suse.de
|
||||
|
||||
|
15
systemd.spec
15
systemd.spec
@ -424,6 +424,16 @@ Patch217: 0004-backlight-warn-if-kernel-exposes-backlight-device-wi.patch
|
||||
Patch218: 0005-backlight-handle-saved-brightness-exceeding-max-brig.patch
|
||||
# PATCH-FIX-SUSE Do not poison kmsg ring buffer with systemd/udev messages (bnc#877021)
|
||||
Patch219: log-target-null-instead-kmsg.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/14
|
||||
Patch220: 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/14
|
||||
Patch221: 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch222: 0001-core-close-socket-fds-asynchronously.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch223: 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/05/16
|
||||
Patch224: 0003-core-make-sure-to-serialize-jobs-for-all-units.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -828,6 +838,11 @@ cp %{SOURCE7} m4/
|
||||
%patch217 -p0
|
||||
%patch218 -p0
|
||||
%patch219 -p1
|
||||
%patch220 -p0
|
||||
%patch221 -p0
|
||||
%patch222 -p0
|
||||
%patch223 -p0
|
||||
%patch224 -p0
|
||||
|
||||
# udev patches
|
||||
%patch1001 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user