diff --git a/1011-check-4-valid-kmsg-device.patch b/1011-check-4-valid-kmsg-device.patch new file mode 100644 index 00000000..ffb36937 --- /dev/null +++ b/1011-check-4-valid-kmsg-device.patch @@ -0,0 +1,70 @@ +From: Werner Fink +Date: Thu, 21 Nov 2013 11:50:32 +0000 +Subject: [PATCH] Avoid busy systemd-journald + +Avoid a busy systemd-journald due polling a broken /dec/kmsg in lxc +environments. + +--- + journald-kmsg.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +Index: systemd-208/src/journal/journald-kmsg.c +=================================================================== +--- systemd-208/src/journal/journald-kmsg.c ++++ systemd-208/src/journal/journald-kmsg.c 2013-11-21 13:30:22.930735683 +0000 +@@ -23,7 +23,9 @@ + #include + #include + #include ++#include + #include ++#include + + #include + #include +@@ -377,20 +379,43 @@ int server_flush_dev_kmsg(Server *s) { + + int server_open_dev_kmsg(Server *s) { + struct epoll_event ev; ++ struct stat st; + + assert(s); + + s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); + if (s->dev_kmsg_fd < 0) { +- log_warning("Failed to open /dev/kmsg, ignoring: %m"); ++ /* Do not warn as it may not exists in LXC environments */ ++ if (errno != ENOENT) ++ log_warning("Failed to open /dev/kmsg, ignoring: %m"); + return 0; + } + ++ if (fstat(s->dev_kmsg_fd, &st) < 0) { ++ log_error("Failed to stat /dev/kmsg fd, ignoring: %m"); ++ close_nointr_nofail(s->dev_kmsg_fd); ++ s->dev_kmsg_fd = -1; ++ return 0; ++ } ++ ++ if (!S_ISCHR(st.st_mode) || major(st.st_rdev) != 1 || minor(st.st_rdev) != 11) { ++ int old_errno = errno; ++ errno = ENODEV; ++ log_warning("Irregular device /dev/kmsg, ignoring: %m"); ++ errno = old_errno; ++ close_nointr_nofail(s->dev_kmsg_fd); ++ s->dev_kmsg_fd = -1; ++ return 0; ++ } ++ + zero(ev); + ev.events = EPOLLIN; + ev.data.fd = s->dev_kmsg_fd; + if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) { + ++ close_nointr_nofail(s->dev_kmsg_fd); ++ s->dev_kmsg_fd = -1; ++ + /* This will fail with EPERM on older kernels where + * /dev/kmsg is not readable. */ + if (errno == EPERM) diff --git a/1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch b/1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch new file mode 100644 index 00000000..59d166ae --- /dev/null +++ b/1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch @@ -0,0 +1,168 @@ +Based on upstream baae0358f349870544884e405e82e4be7d8add9f +| From: Lennart Poettering +| Date: Tue, 26 Nov 2013 04:05:00 +0000 +| Subject: pam_systemd: do not set XDG_RUNTIME_DIR if the session's original user is not the same as the newly logged in one +| It's better not to set any XDG_RUNTIME_DIR at all rather than one of a +| different user. So let's do this. +--- systemd-208/src/login/logind-dbus.c ++++ systemd-208/src/login/logind-dbus.c 2013-11-26 13:37:05.730735774 +0000 +@@ -523,6 +523,7 @@ static int bus_manager_create_session(Ma + DBUS_TYPE_OBJECT_PATH, &path, + DBUS_TYPE_STRING, &session->user->runtime_path, + DBUS_TYPE_UNIX_FD, &fifo_fd, ++ DBUS_TYPE_UINT32, &session->user->uid, + DBUS_TYPE_STRING, &cseat, + DBUS_TYPE_UINT32, &vtnr, + DBUS_TYPE_BOOLEAN, &exists, +--- systemd-208/src/login/logind-session-dbus.c ++++ systemd-208/src/login/logind-session-dbus.c 2013-11-26 13:36:07.478236401 +0000 +@@ -755,6 +755,7 @@ int session_send_create_reply(Session *s + DBUS_TYPE_OBJECT_PATH, &path, + DBUS_TYPE_STRING, &s->user->runtime_path, + DBUS_TYPE_UNIX_FD, &fifo_fd, ++ DBUS_TYPE_UINT32, &s->user->uid, + DBUS_TYPE_STRING, &cseat, + DBUS_TYPE_UINT32, &vtnr, + DBUS_TYPE_BOOLEAN, &exists, +--- systemd-208/src/login/pam-module.c ++++ systemd-208/src/login/pam-module.c 2013-11-26 14:32:20.194235777 +0000 +@@ -93,24 +93,18 @@ static int get_user_data( + assert(ret_username); + assert(ret_pw); + +- r = audit_loginuid_from_pid(0, &uid); +- if (r >= 0) +- pw = pam_modutil_getpwuid(handle, uid); +- else { +- r = pam_get_user(handle, &username, NULL); +- if (r != PAM_SUCCESS) { +- pam_syslog(handle, LOG_ERR, "Failed to get user name."); +- return r; +- } +- +- if (isempty(username)) { +- pam_syslog(handle, LOG_ERR, "User name not valid."); +- return PAM_AUTH_ERR; +- } ++ r = pam_get_user(handle, &username, NULL); ++ if (r != PAM_SUCCESS) { ++ pam_syslog(handle, LOG_ERR, "Failed to get user name."); ++ return r; ++ } + +- pw = pam_modutil_getpwnam(handle, username); ++ if (isempty(username)) { ++ pam_syslog(handle, LOG_ERR, "User name not valid."); ++ return PAM_AUTH_ERR; + } + ++ pw = pam_modutil_getpwnam(handle, username); + if (!pw) { + pam_syslog(handle, LOG_ERR, "Failed to get user data."); + return PAM_USER_UNKNOWN; +@@ -123,16 +117,14 @@ static int get_user_data( + } + + static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) { +- _cleanup_free_ char *p = NULL; +- int r; +- _cleanup_close_ int fd = -1; + union sockaddr_union sa = { + .un.sun_family = AF_UNIX, + }; ++ _cleanup_free_ char *p = NULL, *tty = NULL; ++ _cleanup_close_ int fd = -1; + struct ucred ucred; + socklen_t l; +- _cleanup_free_ char *tty = NULL; +- int v; ++ int v, r; + + assert(display); + assert(vtnr); +@@ -194,13 +186,12 @@ _public_ PAM_EXTERN int pam_sm_open_sess + dbus_bool_t remote, existing; + int r; + uint32_t vtnr = 0; ++ uid_t original_uid; + + assert(handle); + + dbus_error_init(&error); + +- /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */ +- + /* Make this a NOP on non-logind systems */ + if (!logind_running()) + return PAM_SUCCESS; +@@ -213,6 +204,9 @@ _public_ PAM_EXTERN int pam_sm_open_sess + goto finish; + } + ++ if (debug) ++ pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); ++ + r = get_user_data(handle, &username, &pw); + if (r != PAM_SUCCESS) + goto finish; +@@ -374,7 +368,11 @@ _public_ PAM_EXTERN int pam_sm_open_sess + if (debug) + pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: " + "uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s", +- uid, pid, service, type, class, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host); ++ pw->pw_uid, pid, ++ strempty(service), ++ type, class, ++ seat, vtnr, tty, display, ++ yes_no(remote), remote_user, remote_host); + + reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error); + if (!reply) { +@@ -388,6 +386,7 @@ _public_ PAM_EXTERN int pam_sm_open_sess + DBUS_TYPE_OBJECT_PATH, &object_path, + DBUS_TYPE_STRING, &runtime_path, + DBUS_TYPE_UNIX_FD, &session_fd, ++ DBUS_TYPE_UINT32, &original_uid, + DBUS_TYPE_STRING, &seat, + DBUS_TYPE_UINT32, &vtnr, + DBUS_TYPE_BOOLEAN, &existing, +@@ -399,8 +398,8 @@ _public_ PAM_EXTERN int pam_sm_open_sess + + if (debug) + pam_syslog(handle, LOG_DEBUG, "Reply from logind: " +- "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u", +- id, object_path, runtime_path, session_fd, seat, vtnr); ++ "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u", ++ id, object_path, runtime_path, session_fd, seat, vtnr, original_uid); + + r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0); + if (r != PAM_SUCCESS) { +@@ -408,10 +407,24 @@ _public_ PAM_EXTERN int pam_sm_open_sess + goto finish; + } + +- r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); +- if (r != PAM_SUCCESS) { +- pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); +- goto finish; ++ if (original_uid == pw->pw_uid) { ++ /* Don't set $XDG_RUNTIME_DIR if the user we now ++ * authenticated for does not match the original user ++ * of the session. We do this in order not to result ++ * in privileged apps clobbering the runtime directory ++ * unnecessarily. */ ++ ++ r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); ++ if (r != PAM_SUCCESS) { ++ pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); ++ goto finish; ++ } ++ } else { ++ (void) unsetenv("XDG_RUNTIME_DIR"); ++ r = pam_putenv(handle, "XDG_RUNTIME_DIR"); ++ if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) { ++ pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir."); ++ } + } + + if (!isempty(seat)) { diff --git a/U_logind_revert_lazy_session_activation_on_non_vt_seats.patch b/U_logind_revert_lazy_session_activation_on_non_vt_seats.patch new file mode 100644 index 00000000..fca524f5 --- /dev/null +++ b/U_logind_revert_lazy_session_activation_on_non_vt_seats.patch @@ -0,0 +1,26 @@ +From 3fdb2494c1e24c0a020f5b54022d2c751fd26f50 Mon Sep 17 00:00:00 2001 +From: David Herrmann +Date: Thu, 28 Nov 2013 09:52:18 +0000 +Subject: login: revert lazy session-activation on non-VT seats + +Existing applications like gdm already depend on new sessions to get +immediately activated on seats without VTs. Fixes a bug reported as: + [systemd-devel] systemd 208:trouble with inactive user sessions at non-seat0 seats + +This patch restores the original behavior. We either need to add a new +flag for session-creation or some other heuristic to avoid activating new +sessions in the future. +--- +--- a/src/login/logind-seat.c 2013-11-28 11:30:49.624623090 -0200 ++++ b/src/login/logind-seat.c 2013-11-28 11:31:46.668792391 -0200 +@@ -420,8 +420,8 @@ + seat_send_changed(s, "Sessions\0"); + + /* On seats with VTs, the VT logic defines which session is active. On +- * seats without VTs, we automatically activate the first session. */ +- if (!seat_has_vts(s) && !s->active) ++ * seats without VTs, we automatically activate new sessions. */ ++ if (!seat_has_vts(s)) + seat_set_active(s, session); + + return 0; diff --git a/systemd.changes b/systemd.changes index c5a10894..2171b924 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Nov 28 10:25:58 UTC 2013 - lbsousajr@gmail.com + +- Add U_logind_revert_lazy_session_activation_on_non_vt_seats.patch + * See: http://cgit.freedesktop.org/systemd/systemd/commit/?id=3fdb2494c1e24c0a020f5b54022d2c751fd26f50 + +------------------------------------------------------------------- +Tue Nov 26 15:12:58 UTC 2013 - werner@suse.de + +- Add patch + 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch + to avoid (xdg-)su to set XDG_RUNTIME_DIR to the original user and + avoid that e.g. pulseaudio will create /run/user//pulse owned + by root (bnc#852015) + +------------------------------------------------------------------- +Thu Nov 21 12:27:11 UTC 2013 - werner@suse.de + +- Add patch + 1011-check-4-valid-kmsg-device.patch + to avoid a busy systemd-journald (bnc#851393) + ------------------------------------------------------------------- Wed Nov 6 09:42:05 UTC 2013 - werner@suse.de diff --git a/systemd.spec b/systemd.spec index 62f08f07..3ec76694 100644 --- a/systemd.spec +++ b/systemd.spec @@ -258,6 +258,11 @@ Patch1008: 1008-add-msft-compability-rules.patch Patch1009: 1009-make-xsltproc-use-correct-ROFF-links.patch # PATCH-FIX-OPENSUSE 1010-do-not-install-sulogin-unit-with-poweroff.patch -- Avoid installing console-shell.service (bnc#849071) Patch1010: 1010-do-not-install-sulogin-unit-with-poweroff.patch +# PATCH-FIX-OPENSUSE 1011-check-4-valid-kmsg-device.patch -- Avoid busy systemd-journald (bnc#851393) +Patch1011: 1011-check-4-valid-kmsg-device.patch +# PATCH-FIX-PSTREAM 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch +Patch1012: 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch +Patch1013: U_logind_revert_lazy_session_activation_on_non_vt_seats.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -534,6 +539,9 @@ cp %{SOURCE7} m4/ %endif %patch1009 -p1 %patch1010 -p1 +%patch1011 -p1 +%patch1012 -p1 +%patch1013 -p1 # ensure generate files are removed rm -f units/emergency.service