- Add after-local.service to run after.local late during the boot
process (bnc#778715). OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=450
This commit is contained in:
parent
3cb30e5b65
commit
be645c07e8
@ -1,139 +0,0 @@
|
|||||||
From 893fa014de0f73337ff4a4c9c531d6789b72f5bf Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
||||||
Date: Sun, 29 Sep 2013 14:40:58 +0200
|
|
||||||
Subject: [PATCH] Fix buffer overrun when enumerating files
|
|
||||||
|
|
||||||
https://bugs.freedesktop.org/show_bug.cgi?id=69887
|
|
||||||
|
|
||||||
Based-on-a-patch-by: Hans Petter Jansson <hpj@copyleft.no>
|
|
||||||
---
|
|
||||||
src/shared/util.c | 79 +++++++++++++++++-----------------------------------
|
|
||||||
src/test/test-util.c | 10 +++++++
|
|
||||||
2 files changed, 36 insertions(+), 53 deletions(-)
|
|
||||||
|
|
||||||
Index: systemd-207/src/shared/util.c
|
|
||||||
===================================================================
|
|
||||||
--- systemd-207.orig/src/shared/util.c
|
|
||||||
+++ systemd-207/src/shared/util.c
|
|
||||||
@@ -4435,38 +4435,31 @@ int dirent_ensure_type(DIR *d, struct di
|
|
||||||
}
|
|
||||||
|
|
||||||
int in_search_path(const char *path, char **search) {
|
|
||||||
- char **i, *parent;
|
|
||||||
+ char **i;
|
|
||||||
+ _cleanup_free_ char *parent = NULL;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
r = path_get_parent(path, &parent);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
- r = 0;
|
|
||||||
+ STRV_FOREACH(i, search)
|
|
||||||
+ if (path_equal(parent, *i))
|
|
||||||
+ return 1;
|
|
||||||
|
|
||||||
- STRV_FOREACH(i, search) {
|
|
||||||
- if (path_equal(parent, *i)) {
|
|
||||||
- r = 1;
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- free(parent);
|
|
||||||
-
|
|
||||||
- return r;
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int get_files_in_directory(const char *path, char ***list) {
|
|
||||||
- DIR *d;
|
|
||||||
- int r = 0;
|
|
||||||
- unsigned n = 0;
|
|
||||||
- char **l = NULL;
|
|
||||||
+ _cleanup_closedir_ DIR *d = NULL;
|
|
||||||
+ size_t bufsize = 0, n = 0;
|
|
||||||
+ _cleanup_strv_free_ char **l = NULL;
|
|
||||||
|
|
||||||
assert(path);
|
|
||||||
|
|
||||||
/* Returns all files in a directory in *list, and the number
|
|
||||||
* of files as return value. If list is NULL returns only the
|
|
||||||
- * number */
|
|
||||||
+ * number. */
|
|
||||||
|
|
||||||
d = opendir(path);
|
|
||||||
if (!d)
|
|
||||||
@@ -4478,11 +4471,9 @@ int get_files_in_directory(const char *p
|
|
||||||
int k;
|
|
||||||
|
|
||||||
k = readdir_r(d, &buf.de, &de);
|
|
||||||
- if (k != 0) {
|
|
||||||
- r = -k;
|
|
||||||
- goto finish;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
+ assert(k >= 0);
|
|
||||||
+ if (k > 0)
|
|
||||||
+ return -k;
|
|
||||||
if (!de)
|
|
||||||
break;
|
|
||||||
|
|
||||||
@@ -4492,43 +4483,25 @@ int get_files_in_directory(const char *p
|
|
||||||
continue;
|
|
||||||
|
|
||||||
if (list) {
|
|
||||||
- if ((unsigned) r >= n) {
|
|
||||||
- char **t;
|
|
||||||
-
|
|
||||||
- n = MAX(16, 2*r);
|
|
||||||
- t = realloc(l, sizeof(char*) * n);
|
|
||||||
- if (!t) {
|
|
||||||
- r = -ENOMEM;
|
|
||||||
- goto finish;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- l = t;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- assert((unsigned) r < n);
|
|
||||||
-
|
|
||||||
- l[r] = strdup(de->d_name);
|
|
||||||
- if (!l[r]) {
|
|
||||||
- r = -ENOMEM;
|
|
||||||
- goto finish;
|
|
||||||
- }
|
|
||||||
+ /* one extra slot is needed for the terminating NULL */
|
|
||||||
+ if (!GREEDY_REALLOC(l, bufsize, n + 2))
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+
|
|
||||||
+ l[n] = strdup(de->d_name);
|
|
||||||
+ if (!l[n])
|
|
||||||
+ return -ENOMEM;
|
|
||||||
|
|
||||||
- l[++r] = NULL;
|
|
||||||
+ l[++n] = NULL;
|
|
||||||
} else
|
|
||||||
- r++;
|
|
||||||
+ n++;
|
|
||||||
}
|
|
||||||
|
|
||||||
-finish:
|
|
||||||
- if (d)
|
|
||||||
- closedir(d);
|
|
||||||
-
|
|
||||||
- if (r >= 0) {
|
|
||||||
- if (list)
|
|
||||||
- *list = l;
|
|
||||||
- } else
|
|
||||||
- strv_free(l);
|
|
||||||
+ if (list) {
|
|
||||||
+ *list = l;
|
|
||||||
+ l = NULL; /* avoid freeing */
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- return r;
|
|
||||||
+ return n;
|
|
||||||
}
|
|
||||||
|
|
||||||
char *strjoin(const char *x, ...) {
|
|
@ -1,27 +0,0 @@
|
|||||||
From 8d7b5ca0a6cdab3e400ef084fa8a05d581d59b55 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gao feng <gaofeng@cn.fujitsu.com>
|
|
||||||
Date: Fri, 13 Sep 2013 11:17:05 +0800
|
|
||||||
Subject: [PATCH 1/7] cgroup: add the missing setting of variable's value
|
|
||||||
|
|
||||||
set the value of variable "r" to the return value
|
|
||||||
of cg_set_attribute.
|
|
||||||
---
|
|
||||||
src/core/cgroup.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
|
||||||
index 3eeb475..fba0b2f 100644
|
|
||||||
--- a/src/core/cgroup.c
|
|
||||||
+++ b/src/core/cgroup.c
|
|
||||||
@@ -264,7 +264,7 @@ void cgroup_context_apply(CGroupContext *c, CGroupControllerMask mask, const cha
|
|
||||||
log_error("Failed to set memory.limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
|
|
||||||
sprintf(buf, "%" PRIu64 "\n", c->memory_soft_limit);
|
|
||||||
- cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", buf);
|
|
||||||
+ r = cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", buf);
|
|
||||||
if (r < 0)
|
|
||||||
log_error("Failed to set memory.limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From ebab7f4535a077eb8168cb8f3a9fe899e56aba17 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gao feng <gaofeng@cn.fujitsu.com>
|
|
||||||
Date: Fri, 13 Sep 2013 11:17:06 +0800
|
|
||||||
Subject: [PATCH 2/7] cgroup: correct the log information
|
|
||||||
|
|
||||||
it should be memory.soft_limit_in_bytes.
|
|
||||||
---
|
|
||||||
src/core/cgroup.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
|
||||||
index fba0b2f..aee93ba 100644
|
|
||||||
--- a/src/core/cgroup.c
|
|
||||||
+++ b/src/core/cgroup.c
|
|
||||||
@@ -266,7 +266,7 @@ void cgroup_context_apply(CGroupContext *c, CGroupControllerMask mask, const cha
|
|
||||||
sprintf(buf, "%" PRIu64 "\n", c->memory_soft_limit);
|
|
||||||
r = cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", buf);
|
|
||||||
if (r < 0)
|
|
||||||
- log_error("Failed to set memory.limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
+ log_error("Failed to set memory.soft_limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (mask & CGROUP_DEVICE) {
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
|||||||
From bebbf30ef61e4cbc782731e48ad67613aab38ec6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gao feng <gaofeng@cn.fujitsu.com>
|
|
||||||
Date: Fri, 13 Sep 2013 14:43:04 +0800
|
|
||||||
Subject: [PATCH 3/7] cgroup: fix incorrectly setting memory cgroup
|
|
||||||
|
|
||||||
If the memory_limit of unit is -1, we should write "-1"
|
|
||||||
to the file memory.limit_in_bytes. not the (unit64_t) -1.
|
|
||||||
|
|
||||||
otherwise the memory.limit_in_bytes will be set to zero.
|
|
||||||
---
|
|
||||||
src/core/cgroup.c | 15 +++++++++++----
|
|
||||||
1 file changed, 11 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
|
||||||
index aee93ba..244baff 100644
|
|
||||||
--- a/src/core/cgroup.c
|
|
||||||
+++ b/src/core/cgroup.c
|
|
||||||
@@ -257,14 +257,21 @@ void cgroup_context_apply(CGroupContext *c, CGroupControllerMask mask, const cha
|
|
||||||
|
|
||||||
if (mask & CGROUP_MEMORY) {
|
|
||||||
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
|
|
||||||
+ if (c->memory_limit != (uint64_t) -1) {
|
|
||||||
+ sprintf(buf, "%" PRIu64 "\n", c->memory_limit);
|
|
||||||
+ r = cg_set_attribute("memory", path, "memory.limit_in_bytes", buf);
|
|
||||||
+ } else
|
|
||||||
+ r = cg_set_attribute("memory", path, "memory.limit_in_bytes", "-1");
|
|
||||||
|
|
||||||
- sprintf(buf, "%" PRIu64 "\n", c->memory_limit);
|
|
||||||
- r = cg_set_attribute("memory", path, "memory.limit_in_bytes", buf);
|
|
||||||
if (r < 0)
|
|
||||||
log_error("Failed to set memory.limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
|
|
||||||
- sprintf(buf, "%" PRIu64 "\n", c->memory_soft_limit);
|
|
||||||
- r = cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", buf);
|
|
||||||
+ if (c->memory_soft_limit != (uint64_t) -1) {
|
|
||||||
+ sprintf(buf, "%" PRIu64 "\n", c->memory_soft_limit);
|
|
||||||
+ r = cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", buf);
|
|
||||||
+ } else
|
|
||||||
+ r = cg_set_attribute("memory", path, "memory.soft_limit_in_bytes", "-1");
|
|
||||||
+
|
|
||||||
if (r < 0)
|
|
||||||
log_error("Failed to set memory.soft_limit_in_bytes on %s: %s", path, strerror(-r));
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 0465a409e0a3725b44b0801641a7497e2125e59e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
|
||||||
Date: Fri, 13 Sep 2013 14:12:55 +0200
|
|
||||||
Subject: [PATCH 4/7] random-seed: we should return errno of failed loop_write
|
|
||||||
|
|
||||||
---
|
|
||||||
src/random-seed/random-seed.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
|
|
||||||
index 4776c07..afbd500 100644
|
|
||||||
--- a/src/random-seed/random-seed.c
|
|
||||||
+++ b/src/random-seed/random-seed.c
|
|
||||||
@@ -157,7 +157,7 @@ int main(int argc, char *argv[]) {
|
|
||||||
r = loop_write(seed_fd, buf, (size_t) k, false);
|
|
||||||
if (r <= 0) {
|
|
||||||
log_error("Failed to write new random seed file: %s", r < 0 ? strerror(-r) : "short write");
|
|
||||||
- r = k == 0 ? -EIO : (int) k;
|
|
||||||
+ r = r == 0 ? -EIO : r;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From fa7341808def8efb736747299374745ae059f398 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
|
||||||
Date: Fri, 13 Sep 2013 14:31:17 +0200
|
|
||||||
Subject: [PATCH 5/7] core/cgroup: first print then free
|
|
||||||
|
|
||||||
---
|
|
||||||
src/core/cgroup.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
|
||||||
index 244baff..1f41efc 100644
|
|
||||||
--- a/src/core/cgroup.c
|
|
||||||
+++ b/src/core/cgroup.c
|
|
||||||
@@ -402,8 +402,8 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
|
|
||||||
is_in_hash = true;
|
|
||||||
|
|
||||||
if (r < 0) {
|
|
||||||
- free(path);
|
|
||||||
log_error("cgroup %s exists already: %s", path, strerror(-r));
|
|
||||||
+ free(path);
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From dec37dc9e875695c09cfc1ec5e55b5f68eaa39f4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tom Gundersen <teg@jklm.no>
|
|
||||||
Date: Fri, 13 Sep 2013 14:46:18 +0200
|
|
||||||
Subject: [PATCH 6/7] swap: fix reverse dependencies
|
|
||||||
|
|
||||||
Make sure swap.target correctly requires/wants the swap units.
|
|
||||||
|
|
||||||
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=69291.
|
|
||||||
|
|
||||||
Reported-by: Hussam Al-Tayeb
|
|
||||||
---
|
|
||||||
src/core/swap.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/swap.c b/src/core/swap.c
|
|
||||||
index 57d15eb..3950860 100644
|
|
||||||
--- a/src/core/swap.c
|
|
||||||
+++ b/src/core/swap.c
|
|
||||||
@@ -220,7 +220,7 @@ static int swap_add_default_dependencies(Swap *s) {
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!noauto) {
|
|
||||||
- r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, (nofail ? UNIT_WANTED_BY : UNIT_REQUIRED_BY),
|
|
||||||
+ r = unit_add_two_dependencies_by_name_inverse(UNIT(s), UNIT_AFTER, (nofail ? UNIT_WANTS : UNIT_REQUIRES),
|
|
||||||
SPECIAL_SWAP_TARGET, NULL, true);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From f90d045c9168a55bb22eef6fe8756b6a6d2c1e53 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lukas Nykryn <lnykryn@redhat.com>
|
|
||||||
Date: Fri, 13 Sep 2013 14:12:54 +0200
|
|
||||||
Subject: [PATCH 7/7] libudev: fix move_later comparison
|
|
||||||
|
|
||||||
At the beginning move_later is set to -1, but it is set to different
|
|
||||||
value only if expression !move_later is true.
|
|
||||||
---
|
|
||||||
src/libudev/libudev-enumerate.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
Index: systemd-207/src/libudev/libudev-enumerate.c
|
|
||||||
===================================================================
|
|
||||||
--- systemd-207.orig/src/libudev/libudev-enumerate.c
|
|
||||||
+++ systemd-207/src/libudev/libudev-enumerate.c
|
|
||||||
@@ -300,7 +300,7 @@ _public_ struct udev_list_entry *udev_en
|
|
||||||
/* skip to be delayed devices, and move the to
|
|
||||||
* the point where the prefix changes. We can
|
|
||||||
* only move one item at a time. */
|
|
||||||
- if (!move_later) {
|
|
||||||
+ if (move_later == -1) {
|
|
||||||
move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
|
|
||||||
|
|
||||||
if (move_later_prefix > 0) {
|
|
@ -1,90 +0,0 @@
|
|||||||
From 9981460a8f2d5587fef5216d556b5fb502281be6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tom Gundersen <teg@jklm.no>
|
|
||||||
Date: Mon, 16 Sep 2013 01:08:32 +0200
|
|
||||||
Subject: [PATCH 8/8] swap: create .wants symlink to 'auto' swap devices
|
|
||||||
|
|
||||||
As we load unit files lazily, we need to make sure something pulls in swap
|
|
||||||
units that should be started automatically, otherwise the default dependencies
|
|
||||||
will never be applied.
|
|
||||||
|
|
||||||
This partially reinstates code removed in
|
|
||||||
commit 64347fc2b983f33e7efb0fd2bb44e133fb9f30f4.
|
|
||||||
|
|
||||||
Also don't order swap devices after swap.target when they are 'nofail'.
|
|
||||||
---
|
|
||||||
src/core/swap.c | 8 ++++++--
|
|
||||||
src/fstab-generator/fstab-generator.c | 18 ++++++++++++++++--
|
|
||||||
2 files changed, 22 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/swap.c b/src/core/swap.c
|
|
||||||
index 3950860..76c7d45 100644
|
|
||||||
--- a/src/core/swap.c
|
|
||||||
+++ b/src/core/swap.c
|
|
||||||
@@ -220,8 +220,12 @@ static int swap_add_default_dependencies(Swap *s) {
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!noauto) {
|
|
||||||
- r = unit_add_two_dependencies_by_name_inverse(UNIT(s), UNIT_AFTER, (nofail ? UNIT_WANTS : UNIT_REQUIRES),
|
|
||||||
- SPECIAL_SWAP_TARGET, NULL, true);
|
|
||||||
+ if (nofail)
|
|
||||||
+ r = unit_add_dependency_by_name_inverse(UNIT(s),
|
|
||||||
+ UNIT_WANTS, SPECIAL_SWAP_TARGET, NULL, true);
|
|
||||||
+ else
|
|
||||||
+ r = unit_add_two_dependencies_by_name_inverse(UNIT(s),
|
|
||||||
+ UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SWAP_TARGET, NULL, true);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
|
|
||||||
index 6ebe8aa..b73dfa4 100644
|
|
||||||
--- a/src/fstab-generator/fstab-generator.c
|
|
||||||
+++ b/src/fstab-generator/fstab-generator.c
|
|
||||||
@@ -66,6 +66,7 @@ static int mount_find_pri(struct mntent *me, int *ret) {
|
|
||||||
static int add_swap(const char *what, struct mntent *me) {
|
|
||||||
_cleanup_free_ char *name = NULL, *unit = NULL, *lnk = NULL, *device = NULL;
|
|
||||||
_cleanup_fclose_ FILE *f = NULL;
|
|
||||||
+ bool noauto;
|
|
||||||
int r, pri = -1;
|
|
||||||
|
|
||||||
assert(what);
|
|
||||||
@@ -77,6 +78,8 @@ static int add_swap(const char *what, struct mntent *me) {
|
|
||||||
return pri;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ noauto = !!hasmntopt(me, "noauto");
|
|
||||||
+
|
|
||||||
name = unit_name_from_path(what, ".swap");
|
|
||||||
if (!name)
|
|
||||||
return log_oom();
|
|
||||||
@@ -97,8 +100,7 @@ static int add_swap(const char *what, struct mntent *me) {
|
|
||||||
fprintf(f,
|
|
||||||
"# Automatically generated by systemd-fstab-generator\n\n"
|
|
||||||
"[Unit]\n"
|
|
||||||
- "SourcePath=/etc/fstab\n"
|
|
||||||
- "\n"
|
|
||||||
+ "SourcePath=/etc/fstab\n\n"
|
|
||||||
"[Swap]\n"
|
|
||||||
"What=%s\n",
|
|
||||||
what);
|
|
||||||
@@ -114,6 +116,18 @@ static int add_swap(const char *what, struct mntent *me) {
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!noauto) {
|
|
||||||
+ lnk = strjoin(arg_dest, "/" SPECIAL_SWAP_TARGET ".wants/", name, NULL);
|
|
||||||
+ if (!lnk)
|
|
||||||
+ return log_oom();
|
|
||||||
+
|
|
||||||
+ mkdir_parents_label(lnk, 0755);
|
|
||||||
+ if (symlink(unit, lnk) < 0) {
|
|
||||||
+ log_error("Failed to create symlink %s: %m", lnk);
|
|
||||||
+ return -errno;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
|||||||
From 851d079d0172539bf904abb58edd80d7cfe487ca Mon Sep 17 00:00:00 2001
|
|
||||||
From: Colin Walters <walters@verbum.org>
|
|
||||||
Date: Thu, 22 Aug 2013 13:55:21 -0400
|
|
||||||
Subject: [PATCH 9/9] polkit: Avoid race condition in scraping /proc
|
|
||||||
|
|
||||||
If a calling process execve()s a setuid program, it can appear to be
|
|
||||||
uid 0. Since we're receiving requests over DBus, avoid this by simply
|
|
||||||
passing system-bus-name as a subject.
|
|
||||||
---
|
|
||||||
src/shared/polkit.c | 31 +++++--------------------------
|
|
||||||
1 file changed, 5 insertions(+), 26 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/shared/polkit.c b/src/shared/polkit.c
|
|
||||||
index cea7074..1c5e9e3 100644
|
|
||||||
--- a/src/shared/polkit.c
|
|
||||||
+++ b/src/shared/polkit.c
|
|
||||||
@@ -38,12 +38,8 @@ int verify_polkit(
|
|
||||||
|
|
||||||
#ifdef ENABLE_POLKIT
|
|
||||||
DBusMessage *m = NULL, *reply = NULL;
|
|
||||||
- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
|
|
||||||
+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
|
|
||||||
uint32_t flags = interactive ? 1 : 0;
|
|
||||||
- pid_t pid_raw;
|
|
||||||
- uint32_t pid_u32;
|
|
||||||
- unsigned long long starttime_raw;
|
|
||||||
- uint64_t starttime_u64;
|
|
||||||
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
|
|
||||||
int r;
|
|
||||||
dbus_bool_t authorized = FALSE, challenge = FALSE;
|
|
||||||
@@ -68,14 +64,6 @@ int verify_polkit(
|
|
||||||
|
|
||||||
#ifdef ENABLE_POLKIT
|
|
||||||
|
|
||||||
- pid_raw = bus_get_unix_process_id(c, sender, error);
|
|
||||||
- if (pid_raw == 0)
|
|
||||||
- return -EINVAL;
|
|
||||||
-
|
|
||||||
- r = get_starttime_of_pid(pid_raw, &starttime_raw);
|
|
||||||
- if (r < 0)
|
|
||||||
- return r;
|
|
||||||
-
|
|
||||||
m = dbus_message_new_method_call(
|
|
||||||
"org.freedesktop.PolicyKit1",
|
|
||||||
"/org/freedesktop/PolicyKit1/Authority",
|
|
||||||
@@ -86,22 +74,13 @@ int verify_polkit(
|
|
||||||
|
|
||||||
dbus_message_iter_init_append(m, &iter_msg);
|
|
||||||
|
|
||||||
- pid_u32 = (uint32_t) pid_raw;
|
|
||||||
- starttime_u64 = (uint64_t) starttime_raw;
|
|
||||||
-
|
|
||||||
if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
|
|
||||||
- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
|
|
||||||
+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
|
|
||||||
!dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
|
|
||||||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
|
|
||||||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
|
|
||||||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
|
|
||||||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
|
|
||||||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
|
|
||||||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
|
|
||||||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
|
|
||||||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
|
|
||||||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
|
|
||||||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
|
|
||||||
+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
|
|
||||||
+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
|
|
||||||
+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
|
|
||||||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
|
|
||||||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
|
|
||||||
!dbus_message_iter_close_container(&iter_struct, &iter_array) ||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,74 +0,0 @@
|
|||||||
From 7400b9d2e99938d17b281d7df43680eade18666e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lennart Poettering <lennart@poettering.net>
|
|
||||||
Date: Tue, 1 Oct 2013 05:06:56 +0200
|
|
||||||
Subject: [PATCH] core: whenever a new PID is passed to us, make sure we watch
|
|
||||||
it
|
|
||||||
|
|
||||||
---
|
|
||||||
src/core/service.c | 21 +++++++++++++++------
|
|
||||||
1 file changed, 15 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/core/service.c b/src/core/service.c
|
|
||||||
index 24b7bef..6792024 100644
|
|
||||||
--- a/src/core/service.c
|
|
||||||
+++ b/src/core/service.c
|
|
||||||
@@ -191,7 +191,13 @@ static int service_set_main_pid(Service *s, pid_t pid) {
|
|
||||||
if (pid == getpid())
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
- service_unwatch_main_pid(s);
|
|
||||||
+ if (s->main_pid == pid && s->main_pid_known)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (s->main_pid != pid) {
|
|
||||||
+ service_unwatch_main_pid(s);
|
|
||||||
+ exec_status_start(&s->main_exec_status, pid);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
s->main_pid = pid;
|
|
||||||
s->main_pid_known = true;
|
|
||||||
@@ -205,8 +211,6 @@ static int service_set_main_pid(Service *s, pid_t pid) {
|
|
||||||
} else
|
|
||||||
s->main_pid_alien = false;
|
|
||||||
|
|
||||||
- exec_status_start(&s->main_exec_status, pid);
|
|
||||||
-
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -2696,8 +2700,10 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
|
||||||
|
|
||||||
if (parse_pid(value, &pid) < 0)
|
|
||||||
log_debug_unit(u->id, "Failed to parse main-pid value %s", value);
|
|
||||||
- else
|
|
||||||
- service_set_main_pid(s, (pid_t) pid);
|
|
||||||
+ else {
|
|
||||||
+ service_set_main_pid(s, pid);
|
|
||||||
+ unit_watch_pid(UNIT(s), pid);
|
|
||||||
+ }
|
|
||||||
} else if (streq(key, "main-pid-known")) {
|
|
||||||
int b;
|
|
||||||
|
|
||||||
@@ -3389,6 +3395,7 @@ static void service_notify_message(Unit *u, pid_t pid, char **tags) {
|
|
||||||
log_debug_unit(u->id,
|
|
||||||
"%s: got %s", u->id, e);
|
|
||||||
service_set_main_pid(s, pid);
|
|
||||||
+ unit_watch_pid(UNIT(s), pid);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -3685,8 +3692,10 @@ static void service_bus_query_pid_done(
|
|
||||||
(s->state == SERVICE_START ||
|
|
||||||
s->state == SERVICE_START_POST ||
|
|
||||||
s->state == SERVICE_RUNNING ||
|
|
||||||
- s->state == SERVICE_RELOAD))
|
|
||||||
+ s->state == SERVICE_RELOAD)){
|
|
||||||
service_set_main_pid(s, pid);
|
|
||||||
+ unit_watch_pid(UNIT(s), pid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
int service_set_socket_fd(Service *s, int fd, Socket *sock) {
|
|
||||||
--
|
|
||||||
1.8.4
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
From 4469ff4adebbed4778e7fe767f0165776c1ba62a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andrey Borzenkov <arvidjaar@gmail.com>
|
|
||||||
Date: Sun, 29 Sep 2013 15:37:30 +0400
|
|
||||||
Subject: [PATCH] set IgnoreOnIsolate=true for systemd-cryptsetup@.service
|
|
||||||
|
|
||||||
When crypttab contains noauto, cryptsetup service does not have any
|
|
||||||
explicit dependencies. If service is started later manually (directly or via
|
|
||||||
mount dependency) it will be stopped on isolate.
|
|
||||||
|
|
||||||
mount units already have IgnoreOnIsolate set by default. Set it by
|
|
||||||
default for cryptsetup units as well.
|
|
||||||
---
|
|
||||||
src/cryptsetup/cryptsetup-generator.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
Index: systemd-207/src/cryptsetup/cryptsetup-generator.c
|
|
||||||
===================================================================
|
|
||||||
--- systemd-207.orig/src/cryptsetup/cryptsetup-generator.c
|
|
||||||
+++ systemd-207/src/cryptsetup/cryptsetup-generator.c
|
|
||||||
@@ -111,6 +111,7 @@ static int create_disk(
|
|
||||||
"Conflicts=umount.target\n"
|
|
||||||
"DefaultDependencies=no\n"
|
|
||||||
"BindsTo=dev-mapper-%i.device\n"
|
|
||||||
+ "IgnoreOnIsolate=true\n"
|
|
||||||
"After=md.service dmraid.service\n"
|
|
||||||
"After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
|
|
||||||
f);
|
|
@ -51,6 +51,8 @@ Wed Oct 2 08:03:30 UTC 2013 - fcrozat@suse.com
|
|||||||
Revert-service-drop-support-for-SysV-scripts-for-the-early.patch.
|
Revert-service-drop-support-for-SysV-scripts-for-the-early.patch.
|
||||||
- Own more ghost files.
|
- Own more ghost files.
|
||||||
- Do not run pam-config in systemd-mini %post.
|
- Do not run pam-config in systemd-mini %post.
|
||||||
|
- Add after-local.service to run after.local late during the boot
|
||||||
|
process (bnc#778715).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 1 17:09:01 UTC 2013 - fcrozat@suse.com
|
Tue Oct 1 17:09:01 UTC 2013 - fcrozat@suse.com
|
||||||
|
@ -51,6 +51,8 @@ Wed Oct 2 08:03:30 UTC 2013 - fcrozat@suse.com
|
|||||||
Revert-service-drop-support-for-SysV-scripts-for-the-early.patch.
|
Revert-service-drop-support-for-SysV-scripts-for-the-early.patch.
|
||||||
- Own more ghost files.
|
- Own more ghost files.
|
||||||
- Do not run pam-config in systemd-mini %post.
|
- Do not run pam-config in systemd-mini %post.
|
||||||
|
- Add after-local.service to run after.local late during the boot
|
||||||
|
process (bnc#778715).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 1 17:09:01 UTC 2013 - fcrozat@suse.com
|
Tue Oct 1 17:09:01 UTC 2013 - fcrozat@suse.com
|
||||||
|
Loading…
Reference in New Issue
Block a user