Accepting request 252537 from Base:System

- Add upstream patch
  0001-systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch 
  for bsc#893797

- Drop renaming virtual interfaces in a guest (bnc#898432).
  Add 1088-drop-renaming-of-virtual-interfaces-in-guest.patch 

- Rename patch 0001-infinit-timeout-for-kmod-loaded-modules.patch
  to patch 1087-infinit-timeout-for-kmod-loaded-modules.patch 
  and apply this one

- Change patch
  0003-mount-order-options-before-other-arguments-to-mount.patch
  to fix bsc#898240 

- Add upstream patches
  0001-Fix-warning-about-unused-variable-with-SELINUX.patch
  0002-bus-remove-unused-check.patch

- Add patch 0001-infinit-timeout-for-kmod-loaded-modules.patch to
  be able to avoid killing a running kmod/modprobe (bnc#889297) 

- Update patch 0001-bnc888612-logind-polkit-acpi.patch 

- Add upstream patches
  0001-login-pause-devices-before-acknowledging-VT-switches.patch
  May help that history of the shell is saved
  0001-nspawn-don-t-try-to-create-veth-link-with-too-long-i.patch
  0001-socket-introduce-SELinuxContextFromNet-option.patch (bsc#897801)
  0002-util-avoid-non-portable-__WORDSIZE.patch

OBS-URL: https://build.opensuse.org/request/show/252537
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=208
This commit is contained in:
Stephan Kulow 2014-09-28 17:56:47 +00:00 committed by Git OBS Bridge
parent e7c96ab7f3
commit 799437355d
15 changed files with 961 additions and 10 deletions

View File

@ -0,0 +1,31 @@
From 493d521d9ffe706741665a88ea14929913ea2eaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Sep 2014 09:22:40 -0400
Subject: [PATCH] Fix warning about unused variable with !SELINUX
src/shared/label.c:255:15: warning: unused variable 'l' [-Wunused-variable]
char *l = NULL;
^
---
src/shared/label.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git src/shared/label.c src/shared/label.c
index 02b41f0..b6af38d 100644
--- src/shared/label.c
+++ src/shared/label.c
@@ -252,9 +252,10 @@ fail:
int label_get_our_label(char **label) {
int r = -EOPNOTSUPP;
- char *l = NULL;
#ifdef HAVE_SELINUX
+ char *l = NULL;
+
r = getcon(&l);
if (r < 0)
return r;
--
1.7.9.2

View File

@ -5,7 +5,7 @@
Index: systemd-210/src/login/logind-action.c Index: systemd-210/src/login/logind-action.c
=================================================================== ===================================================================
--- systemd-210/src/login/logind-action.c --- systemd-210.orig/src/login/logind-action.c
+++ systemd-210/src/login/logind-action.c +++ systemd-210/src/login/logind-action.c
@@ -101,6 +101,11 @@ int manager_handle_action( @@ -101,6 +101,11 @@ int manager_handle_action(
@ -21,7 +21,7 @@ Index: systemd-210/src/login/logind-action.c
return 0; return 0;
Index: systemd-210/src/login/logind-dbus.c Index: systemd-210/src/login/logind-dbus.c
=================================================================== ===================================================================
--- systemd-210/src/login/logind-dbus.c --- systemd-210.orig/src/login/logind-dbus.c
+++ systemd-210/src/login/logind-dbus.c +++ systemd-210/src/login/logind-dbus.c
@@ -1469,9 +1469,11 @@ static int method_do_shutdown_or_sleep( @@ -1469,9 +1469,11 @@ static int method_do_shutdown_or_sleep(
sd_bus_error *error) { sd_bus_error *error) {
@ -43,7 +43,7 @@ Index: systemd-210/src/login/logind-dbus.c
- if (multiple_sessions) { - if (multiple_sessions) {
+ fd = open ("/run/systemd/acpi-shutdown", O_NOFOLLOW|O_PATH|O_CLOEXEC); + fd = open ("/run/systemd/acpi-shutdown", O_NOFOLLOW|O_PATH|O_CLOEXEC);
+ if (fd >= 0) { + if (fd >= 0) {
+ shutdown_through_acpi = ((fstat(fd,&buf) == 0) && (time(NULL) - buf.st_mtime <= 65)); + shutdown_through_acpi = ((fstat(fd,&buf) == 0) && (time(NULL) - buf.st_mtime <= 65) && !sleep_verb);
+ close(fd); + close(fd);
+ unlink ("/run/systemd/acpi-shutdown"); + unlink ("/run/systemd/acpi-shutdown");
+ } + }

View File

@ -0,0 +1,82 @@
Based on 2ec3ff668ff03410e94cfef8e3ee9384a8222211 Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Fri, 19 Sep 2014 13:26:39 +0200
Subject: [PATCH] login: pause devices before acknowledging VT switches
If a session controller does not need synchronous VT switches, we allow
them to pass VT control to logind, which acknowledges all VT switches
unconditionally. This works fine with all sessions using the dbus API,
but causes out-of-sync device use if we switch to legacy sessions that
are notified via VT signals. Those are processed before logind notices
the session-switch via sysfs. Therefore, leaving the old session still
active for a short amount of time.
This, in fact, may cause the legacy session to prepare graphics devices
before the old session was deactivated, and thus, maybe causing the old
session to interfer with graphics device usage.
Fix this by releasing devices immediately before acknowledging VT
switches. This way, sessions without VT handlers are required to support
async session switching (which they do in that case, anyway).
---
src/login/logind-session.c | 21 +++++++++++++++++++++
src/login/logind-session.h | 1 +
src/login/logind.c | 4 ++--
3 files changed, 24 insertions(+), 2 deletions(-)
--- src/login/logind-session.c
+++ src/login/logind-session.c 2014-09-24 07:40:45.786639180 +0000
@@ -1040,6 +1040,27 @@ void session_restore_vt(Session *s) {
s->vtfd = -1;
}
+void session_leave_vt(Session *s) {
+ assert(s);
+
+ /* This is called whenever we get a VT-switch signal from the kernel.
+ * We acknowledge all of them unconditionally. Note that session are
+ * free to overwrite those handlers and we only register them for
+ * sessions with controllers. Legacy sessions are not affected.
+ * However, if we switch from a non-legacy to a legacy session, we must
+ * make sure to pause all device before acknowledging the switch. We
+ * process the real switch only after we are notified via sysfs, so the
+ * legacy session might have already started using the devices. If we
+ * don't pause the devices before the switch, we might confuse the
+ * session we switch to. */
+
+ if (s->vtfd < 0)
+ return;
+
+ session_device_pause_all(s);
+ ioctl(s->vtfd, VT_RELDISP, 1);
+}
+
bool session_is_controller(Session *s, const char *sender) {
assert(s);
--- src/login/logind-session.h
+++ src/login/logind-session.h 2014-09-24 07:41:50.290236363 +0000
@@ -173,6 +173,7 @@ KillWho kill_who_from_string(const char
int session_mute_vt(Session *s);
void session_restore_vt(Session *s);
+void session_leave_vt(Session *s);
bool session_is_controller(Session *s, const char *sender);
int session_set_controller(Session *s, const char *sender, bool force);
--- src/login/logind.c
+++ src/login/logind.c 2014-09-24 00:00:00.000000000 +0000
@@ -743,11 +743,11 @@ static int manager_vt_switch(sd_event_so
}
if (active->vtfd >= 0) {
- ioctl(active->vtfd, VT_RELDISP, 1);
+ session_leave_vt(active);
} else {
LIST_FOREACH(sessions_by_seat, iter, m->seat0->sessions) {
if (iter->vtnr == active->vtnr && iter->vtfd >= 0) {
- ioctl(iter->vtfd, VT_RELDISP, 1);
+ session_leave_vt(iter);
break;
}
}

View File

@ -0,0 +1,21 @@
Based on c00524c9cc7fb498c7244350e25823b8352f078c Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Fri, 19 Sep 2014 23:02:00 +0200
Subject: [PATCH] nspawn: don't try to create veth link with too long ifname
Reported by: James Lott <james@lottspot.com>
---
src/nspawn/nspawn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- src/nspawn/nspawn.c
+++ src/nspawn/nspawn.c 2014-09-23 15:33:06.766236272 +0000
@@ -1383,7 +1383,7 @@ static int setup_veth(pid_t pid, char if
/* Use two different interface name prefixes depending whether
* we are in bridge mode or not. */
- snprintf(iface_name, IFNAMSIZ, "%s-%s",
+ snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
arg_network_bridge ? "vb" : "ve", arg_machine);
r = sd_rtnl_open(&rtnl, 0);

View File

@ -0,0 +1,414 @@
Based on 16115b0a7b7cdf08fb38084d857d572d8a9088dc Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 24 Jul 2014 10:40:28 +0200
Subject: [PATCH] socket: introduce SELinuxContextFromNet option
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
---
man/systemd.socket.xml | 26 +++++++
src/core/execute.c | 30 +++++++--
src/core/execute.h | 1
src/core/load-fragment-gperf.gperf.m4 | 3
src/core/mount.c | 1
src/core/service.c | 4 -
src/core/service.h | 3
src/core/socket.c | 16 +++-
src/core/socket.h | 2
src/core/swap.c | 1
src/shared/label.c | 113 ++++++++++++++++++++++++++++++++++
src/shared/label.h | 2
12 files changed, 191 insertions(+), 11 deletions(-)
--- man/systemd.socket.xml
+++ man/systemd.socket.xml 2014-09-23 15:36:49.000000000 +0000
@@ -570,6 +570,32 @@
</varlistentry>
<varlistentry>
+ <term><varname>SELinuxContextFromNet=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. When true systemd will attempt
+ to figure out the SELinux label used
+ for the instantiated service from the
+ information handed by the peer over the
+ network. Note that only the security
+ level is used from the information
+ provided by the peer. Other parts of
+ the resulting SELinux context originate
+ from either the target binary that is
+ effectively triggered by socket unit
+ are taken from the value of the
+ <varname>SELinuxContext=</varname>
+ option.This configuration option only
+ affects sockets with
+ <varname>Accept=</varname> mode set to
+ <literal>true</literal>. Also note that
+ this option is useful only when
+ MLS/MCS SELinux policy is
+ deployed. Defaults to
+ <literal>false</literal>.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>PipeSize=</varname></term>
<listitem><para>Takes an size in
bytes. Controls the pipe buffer size
--- src/core/execute.c
+++ src/core/execute.c 2014-09-24 09:22:08.882735864 +0000
@@ -82,6 +82,7 @@
#include "selinux-util.h"
#include "errno-list.h"
#include "apparmor-util.h"
+#include "label.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
@@ -1123,6 +1124,7 @@ int exec_spawn(ExecCommand *command,
bool apply_chroot,
bool apply_tty_stdin,
bool confirm_spawn,
+ bool selinux_context_net,
CGroupControllerMask cgroup_supported,
const char *cgroup_path,
const char *unit_id,
@@ -1594,11 +1596,29 @@ int exec_spawn(ExecCommand *command,
#endif
#ifdef HAVE_SELINUX
- if (context->selinux_context && use_selinux()) {
- err = setexeccon(context->selinux_context);
- if (err < 0 && !context->selinux_context_ignore) {
- r = EXIT_SELINUX_CONTEXT;
- goto fail_child;
+ if (use_selinux()) {
+ if (context->selinux_context) {
+ err = setexeccon(context->selinux_context);
+ if (err < 0 && !context->selinux_context_ignore) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+ }
+
+ if (selinux_context_net && socket_fd >= 0) {
+ _cleanup_free_ char *label = NULL;
+
+ err = label_get_child_mls_label(socket_fd, command->path, &label);
+ if (err < 0) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+
+ err = setexeccon(label);
+ if (err < 0) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
}
}
#endif
--- src/core/execute.h
+++ src/core/execute.h 2014-09-23 15:46:26.000000000 +0000
@@ -195,6 +195,7 @@ int exec_spawn(ExecCommand *command,
bool apply_chroot,
bool apply_tty_stdin,
bool confirm_spawn,
+ bool selinux_context_net,
CGroupControllerMask cgroup_mask,
const char *cgroup_path,
const char *unit_id,
--- src/core/load-fragment-gperf.gperf.m4
+++ src/core/load-fragment-gperf.gperf.m4 2014-09-23 00:00:00.000000000 +0000
@@ -242,6 +242,9 @@ Socket.SmackLabelIPOut, config_
`Socket.SmackLabel, config_parse_warn_compat, 0, 0
Socket.SmackLabelIPIn, config_parse_warn_compat, 0, 0
Socket.SmackLabelIPOut, config_parse_warn_compat, 0, 0')
+m4_ifdef(`HAVE_SELINUX',
+`Socket.SELinuxContextFromNet, config_parse_bool, 0, offsetof(Socket, selinux_context_from_net)',
+`Socket.SELinuxContextFromNet, config_parse_warn_compat, 0, 0')
EXEC_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
CGROUP_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
KILL_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
--- src/core/mount.c
+++ src/core/mount.c 2014-09-24 09:16:26.234235379 +0000
@@ -785,6 +785,7 @@ static int mount_spawn(Mount *m, ExecCom
true,
true,
UNIT(m)->manager->confirm_spawn,
+ false,
UNIT(m)->manager->cgroup_supported,
UNIT(m)->cgroup_path,
UNIT(m)->id,
--- src/core/service.c
+++ src/core/service.c 2014-09-23 15:49:24.000000000 +0000
@@ -1856,6 +1856,7 @@ static int service_spawn(
apply_chroot,
apply_tty_stdin,
UNIT(s)->manager->confirm_spawn,
+ s->socket_fd_selinux_context_net,
UNIT(s)->manager->cgroup_supported,
path,
UNIT(s)->id,
@@ -3787,7 +3788,7 @@ static void service_bus_name_owner_chang
}
}
-int service_set_socket_fd(Service *s, int fd, Socket *sock) {
+int service_set_socket_fd(Service *s, int fd, Socket *sock, bool selinux_context_net) {
_cleanup_free_ char *peer = NULL;
int r;
@@ -3825,6 +3826,7 @@ int service_set_socket_fd(Service *s, in
}
s->socket_fd = fd;
+ s->socket_fd_selinux_context_net = selinux_context_net;
unit_ref_set(&s->accept_socket, UNIT(sock));
--- src/core/service.h
+++ src/core/service.h 2014-09-23 15:51:13.000000000 +0000
@@ -159,6 +159,7 @@ struct Service {
pid_t main_pid, control_pid;
int socket_fd;
+ bool socket_fd_selinux_context_net;
bool permissions_start_only;
bool root_directory_start_only;
bool remain_after_exit;
@@ -204,7 +205,7 @@ extern const UnitVTable service_vtable;
struct Socket;
-int service_set_socket_fd(Service *s, int fd, struct Socket *socket);
+int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
const char* service_state_to_string(ServiceState i) _const_;
ServiceState service_state_from_string(const char *s) _pure_;
--- src/core/socket.c
+++ src/core/socket.c 2014-09-24 09:13:29.698735735 +0000
@@ -453,7 +453,8 @@ static void socket_dump(Unit *u, FILE *f
"%sBroadcast: %s\n"
"%sPassCredentials: %s\n"
"%sPassSecurity: %s\n"
- "%sTCPCongestion: %s\n",
+ "%sTCPCongestion: %s\n"
+ "%sSELinuxContextFromNet: %s\n",
prefix, socket_state_to_string(s->state),
prefix, socket_result_to_string(s->result),
prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
@@ -466,7 +467,8 @@ static void socket_dump(Unit *u, FILE *f
prefix, yes_no(s->broadcast),
prefix, yes_no(s->pass_cred),
prefix, yes_no(s->pass_sec),
- prefix, strna(s->tcp_congestion));
+ prefix, strna(s->tcp_congestion),
+ prefix, yes_no(s->selinux_context_from_net));
if (s->control_pid > 0)
fprintf(f,
@@ -1000,7 +1002,12 @@ static int socket_open_fds(Socket *s) {
if (p->type == SOCKET_SOCKET) {
- if (!know_label) {
+ if (!know_label && s->selinux_context_from_net) {
+ r = label_get_our_label(&label);
+ if (r < 0)
+ return r;
+ know_label = true;
+ } else if (!know_label) {
if ((r = socket_instantiate_service(s)) < 0)
return r;
@@ -1247,6 +1254,7 @@ static int socket_spawn(Socket *s, ExecC
true,
true,
UNIT(s)->manager->confirm_spawn,
+ s->selinux_context_from_net,
UNIT(s)->manager->cgroup_supported,
UNIT(s)->cgroup_path,
UNIT(s)->id,
@@ -1568,7 +1576,7 @@ static void socket_enter_running(Socket
unit_choose_id(UNIT(service), name);
- r = service_set_socket_fd(service, cfd, s);
+ r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
if (r < 0)
goto fail;
--- src/core/socket.h
+++ src/core/socket.h 2014-09-23 15:55:17.000000000 +0000
@@ -154,6 +154,8 @@ struct Socket {
char *smack;
char *smack_ip_in;
char *smack_ip_out;
+
+ bool selinux_context_from_net;
};
/* Called from the service code when collecting fds */
--- src/core/swap.c
+++ src/core/swap.c 2014-09-24 09:17:18.438735618 +0000
@@ -642,6 +642,7 @@ static int swap_spawn(Swap *s, ExecComma
true,
true,
UNIT(s)->manager->confirm_spawn,
+ false,
UNIT(s)->manager->cgroup_supported,
UNIT(s)->cgroup_path,
UNIT(s)->id,
--- src/shared/label.c
+++ src/shared/label.c 2014-09-23 00:00:00.000000000 +0000
@@ -31,6 +31,7 @@
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
+#include <selinux/context.h>
#endif
#include "label.h"
@@ -41,6 +42,12 @@
#include "smack-util.h"
#ifdef HAVE_SELINUX
+DEFINE_TRIVIAL_CLEANUP_FUNC(security_context_t, freecon);
+DEFINE_TRIVIAL_CLEANUP_FUNC(context_t, context_free);
+
+#define _cleanup_security_context_free_ _cleanup_(freeconp)
+#define _cleanup_context_free_ _cleanup_(context_freep)
+
static struct selabel_handle *label_hnd = NULL;
#endif
@@ -243,6 +250,112 @@ fail:
return r;
}
+int label_get_our_label(char **label) {
+ int r = -EOPNOTSUPP;
+ char *l = NULL;
+
+#ifdef HAVE_SELINUX
+ r = getcon(&l);
+ if (r < 0)
+ return r;
+
+ *label = l;
+#endif
+
+ return r;
+}
+
+int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
+ int r = -EOPNOTSUPP;
+
+#ifdef HAVE_SELINUX
+
+ _cleanup_security_context_free_ security_context_t mycon = NULL, peercon = NULL, fcon = NULL, ret = NULL;
+ _cleanup_context_free_ context_t pcon = NULL, bcon = NULL;
+ security_class_t sclass;
+
+ const char *range = NULL;
+
+ assert(socket_fd >= 0);
+ assert(exe);
+ assert(label);
+
+ r = getcon(&mycon);
+ if (r < 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = getpeercon(socket_fd, &peercon);
+ if (r < 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = getexeccon(&fcon);
+ if (r < 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (!fcon) {
+ /* If there is no context set for next exec let's use context
+ of target executable */
+ r = getfilecon(exe, &fcon);
+ if (r < 0) {
+ r = -errno;
+ goto out;
+ }
+ }
+
+ bcon = context_new(mycon);
+ if (!bcon) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ pcon = context_new(peercon);
+ if (!pcon) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ range = context_range_get(pcon);
+ if (!range) {
+ r = -errno;
+ goto out;
+ }
+
+ r = context_range_set(bcon, range);
+ if (r) {
+ r = -errno;
+ goto out;
+ }
+
+ freecon(mycon);
+ mycon = context_str(bcon);
+ if (!mycon) {
+ r = -errno;
+ goto out;
+ }
+
+ sclass = string_to_security_class("process");
+ r = security_compute_create(mycon, fcon, sclass, &ret);
+ if (r < 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ *label = ret;
+ r = 0;
+
+out:
+ if (r < 0 && security_getenforce() == 1)
+ return r;
+#endif
+ return r;
+}
+
int label_context_set(const char *path, mode_t mode) {
int r = 0;
--- src/shared/label.h
+++ src/shared/label.h 2014-09-23 00:00:00.000000000 +0000
@@ -40,6 +40,8 @@ void label_context_clear(void);
void label_free(const char *label);
int label_get_create_label_from_exe(const char *exe, char **label);
+int label_get_our_label(char **label);
+int label_get_child_mls_label(int socket_fd, const char *exec, char **label);
int label_mkdir(const char *path, mode_t mode);

View File

@ -0,0 +1,39 @@
From 9ed2a35e93f4a9e82585f860f54cdcbbdf3e1f86 Mon Sep 17 00:00:00 2001
From: Richard Weinberger <richard@nod.at>
Date: Tue, 9 Sep 2014 11:09:37 +0200
Subject: [PATCH] systemd-tmpfiles: Fix IGNORE_DIRECTORY_PATH age handling
If one has a config like:
d /tmp 1777 root root -
X /tmp/important_mount
All files below /tmp/important_mount will be deleted as the
/tmp/important_mount item will spuriously inherit a max age of 0
from /tmp.
/tmp has a max age of 0 but age_set is (of course) false.
This affects also the PrivateTmp feature of systemd.
All tmp files of such services will be deleted unconditionally
and can cause service failures and data loss.
Fix this by checking ->age_set in the IGNORE_DIRECTORY_PATH logic.
---
src/tmpfiles/tmpfiles.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/tmpfiles/tmpfiles.c src/tmpfiles/tmpfiles.c
index f9830c4..7eafd6b 100644
--- src/tmpfiles/tmpfiles.c
+++ src/tmpfiles/tmpfiles.c
@@ -1576,7 +1576,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) {
candidate_item = j;
}
- if (candidate_item) {
+ if (candidate_item && candidate_item->age_set) {
i->age = candidate_item->age;
i->age_set = true;
}
--
1.7.9.2

View File

@ -0,0 +1,29 @@
From 04c553e322680b6fcdf5b271e84b0b4b0ad8d5f9 Mon Sep 17 00:00:00 2001
From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Tue, 23 Sep 2014 21:34:21 +0200
Subject: [PATCH] bus: remove unused check
strerror_r does not return null here and even if it did we would have
problems already at the preceding strlen call.
Found by coverity. Fixes: CID#1237770
---
src/libsystemd/sd-bus/bus-error.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/libsystemd/sd-bus/bus-error.c src/libsystemd/sd-bus/bus-error.c
index c2e41fb..abdfd73 100644
--- src/libsystemd/sd-bus/bus-error.c
+++ src/libsystemd/sd-bus/bus-error.c
@@ -312,7 +312,7 @@ static void bus_error_strerror(sd_bus_error *e, int error) {
continue;
}
- if (!x || errno) {
+ if (errno) {
free(m);
return;
}
--
1.7.9.2

View File

@ -0,0 +1,25 @@
Based on 8507eb20b64010b26f23822cbf442bb0bf96511c Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <systemd@esmil.dk>
Date: Fri, 19 Sep 2014 20:26:53 +0200
Subject: [PATCH] util: avoid non-portable __WORDSIZE
Lets not unnecessarily rely on __WORDSIZE, which is not clearly specified
by any spec. Use explicit size comparisons if we're not interested in the
WORDSIZE, anyway.
(David: adjust commit message to explain why we do this)
---
src/shared/util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- src/shared/util.h
+++ src/shared/util.h 2014-09-24 06:58:11.378235669 +0000
@@ -166,7 +166,7 @@ int safe_atolli(const char *s, long long
int safe_atod(const char *s, double *ret_d);
-#if __WORDSIZE == 32
+#if LONG_MAX == INT_MAX
static inline int safe_atolu(const char *s, unsigned long *ret_u) {
assert_cc(sizeof(unsigned long) == sizeof(unsigned));
return safe_atou(s, (unsigned*) ret_u);

View File

@ -8,18 +8,18 @@ Subject: [PATCH] mount: order options before other arguments to mount
1 file changed, 6 insertions(+), 4 deletions(-) 1 file changed, 6 insertions(+), 4 deletions(-)
--- src/core/mount.c --- src/core/mount.c
+++ src/core/mount.c 2014-09-19 10:13:51.638238597 +0000 +++ src/core/mount.c 2014-09-25 13:43:44.926563278 +0000
@@ -947,10 +947,11 @@ static void mount_enter_mounting(Mount * @@ -947,10 +947,11 @@ static void mount_enter_mounting(Mount *
r = exec_command_set( r = exec_command_set(
m->control_command, m->control_command,
"/bin/mount", "/bin/mount",
- m->parameters_fragment.what,
- m->where,
+ "-n", + "-n",
"-t", m->parameters_fragment.fstype ? m->parameters_fragment.fstype : "auto", + "-t", m->parameters_fragment.fstype ? m->parameters_fragment.fstype : "auto",
m->parameters_fragment.options ? "-o" : NULL, m->parameters_fragment.options, + "-o", m->parameters_fragment.options ? m->parameters_fragment.options : "defaults",
+ m->parameters_fragment.what, m->parameters_fragment.what,
+ m->where, m->where,
- "-t", m->parameters_fragment.fstype ? m->parameters_fragment.fstype : "auto",
- m->parameters_fragment.options ? "-o" : NULL, m->parameters_fragment.options,
NULL); NULL);
else else
r = -ENOENT; r = -ENOENT;

View File

@ -0,0 +1,135 @@
---
src/udev/udev-event.c | 42 ++++++++++++++++++++++++++++++++++++++++++
src/udev/udev.h | 1 +
src/udev/udevd.c | 23 +++++++++++++++++++++--
3 files changed, 64 insertions(+), 2 deletions(-)
--- src/udev/udev-event.c
+++ src/udev/udev-event.c 2014-09-24 14:32:53.115639820 +0000
@@ -959,6 +959,46 @@ void udev_event_execute_rules(struct ude
}
}
+#ifdef HAVE_KMOD
+static inline void udev_check_and_set_kmod(enum udev_builtin_cmd builtin_cmd, struct udev_event *event) {
+ char filename[UTIL_PATH_SIZE];
+ switch (builtin_cmd) {
+ case UDEV_BUILTIN_KMOD:
+ snprintf(filename, sizeof(filename), "/run/udev/kmod/%u", (unsigned)getpid());
+ touch(filename);
+ default:
+ break;
+ }
+}
+
+static inline void udev_check_and_unset_kmod(enum udev_builtin_cmd builtin_cmd, struct udev_event *event) {
+ char filename[UTIL_PATH_SIZE];
+ switch (builtin_cmd) {
+ case UDEV_BUILTIN_KMOD:
+ snprintf(filename, sizeof(filename), "/run/udev/kmod/%u", (unsigned)getpid());
+ unlink(filename);
+ default:
+ break;
+ }
+}
+
+bool udev_check_for_kmod(pid_t pid) {
+ char filename[UTIL_PATH_SIZE];
+ struct stat st;
+ snprintf(filename, sizeof(filename), "/run/udev/kmod/%u", (unsigned)pid);
+ if (stat(filename, &st) == 0) {
+ return true;
+ }
+ return false;
+}
+#else
+# define udev_set_kmod (a,b)
+# define udev_unset_kmod(a,b)
+bool udev_check_for_kmod(pid_t pid) {
+ return false;
+}
+#endif
+
void udev_event_execute_run(struct udev_event *event, usec_t timeout_usec, usec_t timeout_warn_usec, const sigset_t *sigmask) {
struct udev_list_entry *list_entry;
@@ -970,7 +1010,9 @@ void udev_event_execute_run(struct udev_
char command[UTIL_PATH_SIZE];
udev_event_apply_format(event, cmd, command, sizeof(command));
+ udev_check_and_set_kmod(builtin_cmd, event);
udev_builtin_run(event->dev, builtin_cmd, command, false);
+ udev_check_and_unset_kmod(builtin_cmd, event);
} else {
char program[UTIL_PATH_SIZE];
char **envp;
--- src/udev/udevd.c
+++ src/udev/udevd.c 2014-09-24 15:02:30.895592379 +0000
@@ -76,6 +76,7 @@ static int children_max;
static int exec_delay;
static usec_t event_timeout_usec = 180 * USEC_PER_SEC;
static usec_t event_timeout_warn_usec = 180 * USEC_PER_SEC / 3;
+static bool event_killkmod = false;
static sigset_t sigmask_orig;
static UDEV_LIST(event_list);
static UDEV_LIST(worker_list);
@@ -1017,6 +1018,12 @@ static void kernel_cmdline_options(struc
}
event_timeout_usec *= USEC_PER_SEC;
event_timeout_warn_usec = (event_timeout_usec / 3) ? : 1;
+ } else if (startswith(opt, "udev.killkmod=")) {
+ r = parse_boolean(opt + 14);
+ if (r < 0)
+ log_warning("Invalid udev.killkmod Ignoring: %s", opt + 14);
+ else
+ event_killkmod = r;
}
free(s);
@@ -1065,7 +1072,7 @@ int main(int argc, char *argv[]) {
}
for (;;) {
- int option, r;
+ int option;
option = getopt_long(argc, argv, "c:de:DtN:hV", options, NULL);
if (option == -1)
@@ -1356,6 +1363,12 @@ int main(int argc, char *argv[]) {
udev_list_node_init(&event_list);
udev_list_node_init(&worker_list);
+ r = mkdir_p("/run/udev/kmod", 0755);
+ if (r < 0 && errno != EEXIST) {
+ log_error("could not create /run/udev/kmod: %m");
+ goto exit;
+ }
+
for (;;) {
static usec_t last_usec;
struct epoll_event ev[8];
@@ -1440,7 +1453,13 @@ int main(int argc, char *argv[]) {
if (worker->state != WORKER_RUNNING)
continue;
-
+#ifdef HAVE_KMOD
+ if (udev_check_for_kmod(worker->pid)) {
+ log_debug("worker [%u] %s is using kmod", worker->pid, worker->event->devpath);
+ if (!event_killkmod)
+ continue;
+ }
+#endif
ts = now(CLOCK_MONOTONIC);
if ((ts - worker->event_start_usec) > event_timeout_warn_usec) {
--- src/udev/udev.h
+++ src/udev/udev.h 2014-09-24 14:33:33.824008084 +0000
@@ -88,6 +88,7 @@ int udev_event_spawn(struct udev_event *
char *result, size_t ressize);
void udev_event_execute_rules(struct udev_event *event, usec_t timeout_usec, usec_t timeout_warn_usec,
struct udev_rules *rules, const sigset_t *sigset);
+bool udev_check_for_kmod(pid_t pid);
void udev_event_execute_run(struct udev_event *event, usec_t timeout_usec, usec_t timeout_warn_usec, const sigset_t *sigset);
int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]);

View File

@ -0,0 +1,11 @@
Index: systemd-210/src/udev/rule_generator/76-net-sriov-names.rules
===================================================================
--- systemd-210.orig/src/udev/rule_generator/76-net-sriov-names.rules
+++ systemd-210/src/udev/rule_generator/76-net-sriov-names.rules
@@ -15,6 +15,5 @@ SUBSYSTEM=="net", SUBSYSTEMS=="pci", ACT
# rename interface if needed
ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}"
-ENV{INTERFACE_NEW}=="", DRIVERS=="cxgb4vf|igbvf|ixgbevf", NAME="vf$attr{ifindex}"
LABEL="net-sriov-names_end"

View File

@ -1,3 +1,58 @@
-------------------------------------------------------------------
Fri Sep 26 16:11:10 UTC 2014 - werner@suse.de
- Add upstream patch
0001-systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch
for bsc#893797
-------------------------------------------------------------------
Fri Sep 26 09:34:22 UTC 2014 - rmilasan@suse.com
- Drop renaming virtual interfaces in a guest (bnc#898432).
Add 1088-drop-renaming-of-virtual-interfaces-in-guest.patch
-------------------------------------------------------------------
Thu Sep 25 14:08:35 UTC 2014 - werner@suse.de
- Rename patch 0001-infinit-timeout-for-kmod-loaded-modules.patch
to patch 1087-infinit-timeout-for-kmod-loaded-modules.patch
and apply this one
-------------------------------------------------------------------
Thu Sep 25 13:45:46 UTC 2014 - werner@suse.de
- Change patch
0003-mount-order-options-before-other-arguments-to-mount.patch
to fix bsc#898240
-------------------------------------------------------------------
Thu Sep 25 09:06:14 UTC 2014 - werner@suse.de
- Add upstream patches
0001-Fix-warning-about-unused-variable-with-SELINUX.patch
0002-bus-remove-unused-check.patch
-------------------------------------------------------------------
Wed Sep 24 15:05:49 UTC 2014 - werner@suse.de
- Add patch 0001-infinit-timeout-for-kmod-loaded-modules.patch to
be able to avoid killing a running kmod/modprobe (bnc#889297)
-------------------------------------------------------------------
Wed Sep 24 08:36:42 UTC 2014 - werner@suse.de
- Update patch 0001-bnc888612-logind-polkit-acpi.patch
-------------------------------------------------------------------
Wed Sep 24 07:47:54 UTC 2014 - werner@suse.de
- Add upstream patches
0001-login-pause-devices-before-acknowledging-VT-switches.patch
May help that history of the shell is saved
0001-nspawn-don-t-try-to-create-veth-link-with-too-long-i.patch
0001-socket-introduce-SELinuxContextFromNet-option.patch (bsc#897801)
0002-util-avoid-non-portable-__WORDSIZE.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 19 13:08:14 UTC 2014 - werner@suse.de Fri Sep 19 13:08:14 UTC 2014 - werner@suse.de

View File

@ -888,6 +888,20 @@ Patch428: 0005-shared-label.h-add-missing-stdio.h-include.patch
Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch
# PATCH-FIX-SUSE AUDIT-0: Power button press at gdm login should not prompt for credentials (bnc#888612) # PATCH-FIX-SUSE AUDIT-0: Power button press at gdm login should not prompt for credentials (bnc#888612)
Patch430: 0001-bnc888612-logind-polkit-acpi.patch Patch430: 0001-bnc888612-logind-polkit-acpi.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24 -- May help that history of the shell is saved
Patch431: 0001-login-pause-devices-before-acknowledging-VT-switches.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24
Patch432: 0001-nspawn-don-t-try-to-create-veth-link-with-too-long-i.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24 (bsc#897801)
Patch433: 0001-socket-introduce-SELinuxContextFromNet-option.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24
Patch434: 0002-util-avoid-non-portable-__WORDSIZE.patch
# PATCH-FIX-UPSTREAM added at 2014/09/25
Patch435: 0001-Fix-warning-about-unused-variable-with-SELINUX.patch
# PATCH-FIX-UPSTREAM added at 2014/09/25
Patch436: 0002-bus-remove-unused-check.patch
# PATCH-FIX-UPSTREAM added at 2014/09/26
Patch437: 0001-systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch
# UDEV PATCHES # UDEV PATCHES
# ============ # ============
@ -1067,6 +1081,10 @@ Patch1084: 1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch
Patch1085: 1085-udev-fix-typos.patch Patch1085: 1085-udev-fix-typos.patch
# PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch
Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch
# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch
Patch1087: 1087-infinit-timeout-for-kmod-loaded-modules.patch
# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
Patch1088: 1088-drop-renaming-of-virtual-interfaces-in-guest.patch
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -1658,6 +1676,13 @@ cp %{SOURCE7} m4/
%patch428 -p0 %patch428 -p0
%patch429 -p0 %patch429 -p0
%patch430 -p1 %patch430 -p1
%patch431 -p0
%patch432 -p0
%patch433 -p0
%patch434 -p0
%patch435 -p0
%patch436 -p0
%patch437 -p0
# udev patches # udev patches
%patch1001 -p1 %patch1001 -p1
@ -1775,6 +1800,8 @@ cp %{SOURCE7} m4/
%patch1084 -p0 %patch1084 -p0
%patch1085 -p0 %patch1085 -p0
%patch1086 -p0 %patch1086 -p0
%patch1087 -p0
%patch1088 -p1
# remove patch backups # remove patch backups
find -name '*.orig' -exec rm -f '{}' \+ find -name '*.orig' -exec rm -f '{}' \+

View File

@ -1,3 +1,58 @@
-------------------------------------------------------------------
Fri Sep 26 16:11:10 UTC 2014 - werner@suse.de
- Add upstream patch
0001-systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch
for bsc#893797
-------------------------------------------------------------------
Fri Sep 26 09:34:22 UTC 2014 - rmilasan@suse.com
- Drop renaming virtual interfaces in a guest (bnc#898432).
Add 1088-drop-renaming-of-virtual-interfaces-in-guest.patch
-------------------------------------------------------------------
Thu Sep 25 14:08:35 UTC 2014 - werner@suse.de
- Rename patch 0001-infinit-timeout-for-kmod-loaded-modules.patch
to patch 1087-infinit-timeout-for-kmod-loaded-modules.patch
and apply this one
-------------------------------------------------------------------
Thu Sep 25 13:45:46 UTC 2014 - werner@suse.de
- Change patch
0003-mount-order-options-before-other-arguments-to-mount.patch
to fix bsc#898240
-------------------------------------------------------------------
Thu Sep 25 09:06:14 UTC 2014 - werner@suse.de
- Add upstream patches
0001-Fix-warning-about-unused-variable-with-SELINUX.patch
0002-bus-remove-unused-check.patch
-------------------------------------------------------------------
Wed Sep 24 15:05:49 UTC 2014 - werner@suse.de
- Add patch 0001-infinit-timeout-for-kmod-loaded-modules.patch to
be able to avoid killing a running kmod/modprobe (bnc#889297)
-------------------------------------------------------------------
Wed Sep 24 08:36:42 UTC 2014 - werner@suse.de
- Update patch 0001-bnc888612-logind-polkit-acpi.patch
-------------------------------------------------------------------
Wed Sep 24 07:47:54 UTC 2014 - werner@suse.de
- Add upstream patches
0001-login-pause-devices-before-acknowledging-VT-switches.patch
May help that history of the shell is saved
0001-nspawn-don-t-try-to-create-veth-link-with-too-long-i.patch
0001-socket-introduce-SELinuxContextFromNet-option.patch (bsc#897801)
0002-util-avoid-non-portable-__WORDSIZE.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 19 13:08:14 UTC 2014 - werner@suse.de Fri Sep 19 13:08:14 UTC 2014 - werner@suse.de

View File

@ -883,6 +883,20 @@ Patch428: 0005-shared-label.h-add-missing-stdio.h-include.patch
Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch
# PATCH-FIX-SUSE AUDIT-0: Power button press at gdm login should not prompt for credentials (bnc#888612) # PATCH-FIX-SUSE AUDIT-0: Power button press at gdm login should not prompt for credentials (bnc#888612)
Patch430: 0001-bnc888612-logind-polkit-acpi.patch Patch430: 0001-bnc888612-logind-polkit-acpi.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24 -- May help that history of the shell is saved
Patch431: 0001-login-pause-devices-before-acknowledging-VT-switches.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24
Patch432: 0001-nspawn-don-t-try-to-create-veth-link-with-too-long-i.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24 (bsc#897801)
Patch433: 0001-socket-introduce-SELinuxContextFromNet-option.patch
# PATCH-FIX-UPSTREAM added at 2014/09/24
Patch434: 0002-util-avoid-non-portable-__WORDSIZE.patch
# PATCH-FIX-UPSTREAM added at 2014/09/25
Patch435: 0001-Fix-warning-about-unused-variable-with-SELINUX.patch
# PATCH-FIX-UPSTREAM added at 2014/09/25
Patch436: 0002-bus-remove-unused-check.patch
# PATCH-FIX-UPSTREAM added at 2014/09/26
Patch437: 0001-systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch
# UDEV PATCHES # UDEV PATCHES
# ============ # ============
@ -1062,6 +1076,10 @@ Patch1084: 1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch
Patch1085: 1085-udev-fix-typos.patch Patch1085: 1085-udev-fix-typos.patch
# PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch
Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch
# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch
Patch1087: 1087-infinit-timeout-for-kmod-loaded-modules.patch
# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
Patch1088: 1088-drop-renaming-of-virtual-interfaces-in-guest.patch
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -1653,6 +1671,13 @@ cp %{SOURCE7} m4/
%patch428 -p0 %patch428 -p0
%patch429 -p0 %patch429 -p0
%patch430 -p1 %patch430 -p1
%patch431 -p0
%patch432 -p0
%patch433 -p0
%patch434 -p0
%patch435 -p0
%patch436 -p0
%patch437 -p0
# udev patches # udev patches
%patch1001 -p1 %patch1001 -p1
@ -1770,6 +1795,8 @@ cp %{SOURCE7} m4/
%patch1084 -p0 %patch1084 -p0
%patch1085 -p0 %patch1085 -p0
%patch1086 -p0 %patch1086 -p0
%patch1087 -p0
%patch1088 -p1
# remove patch backups # remove patch backups
find -name '*.orig' -exec rm -f '{}' \+ find -name '*.orig' -exec rm -f '{}' \+