Accepting request 265880 from Base:System
use --boot option in systemd-tmpfiles-setup-dev.service (bnc#908476) OBS-URL: https://build.opensuse.org/request/show/265880 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=212
This commit is contained in:
parent
5922abecd1
commit
e1d2ae1aad
23
0001-selinux-access-fix-broken-ternary-operator.patch
Normal file
23
0001-selinux-access-fix-broken-ternary-operator.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
Based on 1e648011b20c8126412d3cf2699d575d9ba9e0fe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lukas Nykryn <lnykryn@redhat.com>
|
||||||
|
Date: Fri, 21 Nov 2014 17:02:15 +0100
|
||||||
|
Subject: [PATCH] selinux-access: fix broken ternary operator
|
||||||
|
|
||||||
|
it seems to be a typo introduced by ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602
|
||||||
|
- _r = selinux_access_check(_b, _m, _u->source_path ?:_u->fragment_path, (permission), &_error); \
|
||||||
|
+ ({ Unit *_unit = (unit); selinux_generic_access_check(bus,message, _unit->fragment_path ?: _unit->fragment_path, permission,error); })
|
||||||
|
---
|
||||||
|
src/core/selinux-access.h | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- src/core/selinux-access.h
|
||||||
|
+++ src/core/selinux-access.h 2014-12-15 11:49:54.521518349 +0000
|
||||||
|
@@ -34,7 +34,7 @@ int selinux_generic_access_check(sd_bus
|
||||||
|
#define selinux_access_check(bus, message, permission, error) \
|
||||||
|
selinux_generic_access_check(bus, message, NULL, permission, error)
|
||||||
|
#define selinux_unit_access_check(unit, bus, message, permission, error) \
|
||||||
|
- ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); })
|
||||||
|
+ ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->source_path ?: _unit->fragment_path, permission, error); })
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
@ -0,0 +1,24 @@
|
|||||||
|
From 8c94052ee543c3598a3c7b0c46688150aa2c6168 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tom Gundersen <teg@jklm.no>
|
||||||
|
Date: Mon, 27 Oct 2014 17:15:42 +0100
|
||||||
|
Subject: [PATCH 1/2] units: tmpfiles-setup-dev - allow unsafe file creation to
|
||||||
|
happen in /dev at boot
|
||||||
|
|
||||||
|
This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.
|
||||||
|
---
|
||||||
|
units/systemd-tmpfiles-setup-dev.service.in | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in
|
||||||
|
index f3833fd..0123a03 100644
|
||||||
|
--- a/units/systemd-tmpfiles-setup-dev.service.in
|
||||||
|
+++ b/units/systemd-tmpfiles-setup-dev.service.in
|
||||||
|
@@ -17,4 +17,4 @@ ConditionCapability=CAP_SYS_MODULE
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
-ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create
|
||||||
|
+ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create --boot
|
||||||
|
--
|
||||||
|
2.1.2
|
||||||
|
|
24
0002-man-tmpfiles.d-recommend-using-b-and-c.patch
Normal file
24
0002-man-tmpfiles.d-recommend-using-b-and-c.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -Naur systemd-210/man/tmpfiles.d.xml systemd-210-mod/man/tmpfiles.d.xml
|
||||||
|
--- systemd-210/man/tmpfiles.d.xml 2014-12-16 10:16:51.269189374 +0100
|
||||||
|
+++ systemd-210-mod/man/tmpfiles.d.xml 2014-12-16 10:39:49.937552189 +0100
|
||||||
|
@@ -158,12 +158,18 @@
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>c</varname></term>
|
||||||
|
- <listitem><para>Create a character device node if it does not exist yet.</para></listitem>
|
||||||
|
+ <listitem><para>Create a character device node if it does not exist yet.
|
||||||
|
+ It is recommended to suffix this entry with an exclamation mark to only
|
||||||
|
+ create static device nodes at boot, as udev will not manage static device
|
||||||
|
+ nodes that are created at runtime.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>b</varname></term>
|
||||||
|
- <listitem><para>Create a block device node if it does not exist yet.</para></listitem>
|
||||||
|
+ <listitem><para>Create a block device node if it does not exist yet.
|
||||||
|
+ It is recommended to suffix this entry with an exclamation mark to only
|
||||||
|
+ create static device nodes at boot, as udev will not manage static device
|
||||||
|
+ nodes that re created at runtime.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
@ -0,0 +1,35 @@
|
|||||||
|
From c469089cf647ac740c7dcf09c463d2907b6d00eb Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Sat, 22 Nov 2014 20:21:56 -0500
|
||||||
|
Subject: [PATCH] systemctl: show BindsTo/BoundBy in list-dependencies
|
||||||
|
|
||||||
|
Suggested-by: Peter Mattern <matternp@arcor.de>
|
||||||
|
|
||||||
|
http://lists.freedesktop.org/archives/systemd-devel/2014-November/025437.html
|
||||||
|
---
|
||||||
|
src/systemctl/systemctl.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git src/systemctl/systemctl.c src/systemctl/systemctl.c
|
||||||
|
index 78b7c96..fd69c69 100644
|
||||||
|
--- src/systemctl/systemctl.c
|
||||||
|
+++ src/systemctl/systemctl.c
|
||||||
|
@@ -1480,11 +1480,13 @@ static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, cha
|
||||||
|
"RequiresOverridable\0"
|
||||||
|
"Requisite\0"
|
||||||
|
"RequisiteOverridable\0"
|
||||||
|
- "Wants\0",
|
||||||
|
+ "Wants\0"
|
||||||
|
+ "BindsTo\0",
|
||||||
|
[DEPENDENCY_REVERSE] = "RequiredBy\0"
|
||||||
|
"RequiredByOverridable\0"
|
||||||
|
"WantedBy\0"
|
||||||
|
- "PartOf\0",
|
||||||
|
+ "PartOf\0"
|
||||||
|
+ "BoundBy\0",
|
||||||
|
[DEPENDENCY_AFTER] = "After\0",
|
||||||
|
[DEPENDENCY_BEFORE] = "Before\0",
|
||||||
|
};
|
||||||
|
--
|
||||||
|
1.7.9.2
|
||||||
|
|
@ -0,0 +1,28 @@
|
|||||||
|
Based on 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 24 Nov 2014 09:11:12 -0500
|
||||||
|
Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified
|
||||||
|
|
||||||
|
For plain dm-crypt devices, the behavior of cryptsetup package is to
|
||||||
|
ignore the hash algorithm when a key file is provided. It seems wrong
|
||||||
|
to ignore a hash when it is explicitly specified, but we should default
|
||||||
|
to no hash if the keyfile is specified.
|
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=52630
|
||||||
|
---
|
||||||
|
src/cryptsetup/cryptsetup.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- src/cryptsetup/cryptsetup.c
|
||||||
|
+++ src/cryptsetup/cryptsetup.c 2014-12-15 12:00:17.554019752 +0000
|
||||||
|
@@ -386,7 +386,9 @@ static int attach_luks_or_plain(struct c
|
||||||
|
/* plain isn't a real hash type. it just means "use no hash" */
|
||||||
|
if (!streq(opt_hash, "plain"))
|
||||||
|
params.hash = opt_hash;
|
||||||
|
- } else
|
||||||
|
+ } else if (!key_file)
|
||||||
|
+ /* for CRYPT_PLAIN, the behaviour of cryptsetup
|
||||||
|
+ * package is to not hash when a key file is provided */
|
||||||
|
params.hash = "ripemd160";
|
||||||
|
|
||||||
|
if (opt_cipher) {
|
@ -0,0 +1,32 @@
|
|||||||
|
Based on e0312f4db08c7100bd00299614e87bedc759b366 Mon Sep 17 00:00:00 2001
|
||||||
|
Based on c21b92ffe7ef939dd32502ac912cf8ad1c5638fd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Schmidt <mschmidt@redhat.com>
|
||||||
|
Date: Thu, 27 Nov 2014 15:23:58 +0100
|
||||||
|
Subject: [PATCH] core: fix transaction destructiveness check once more
|
||||||
|
|
||||||
|
The previous fix e0312f4db "core: fix check for transaction
|
||||||
|
destructiveness" broke test-engine (noticed by Zbyszek).
|
||||||
|
Apparently I had a wrong idea of the intended semantics of --fail.
|
||||||
|
|
||||||
|
The manpage says the operation should fail if it "conflicts with a
|
||||||
|
pending job (more specifically: causes an already pending start job to
|
||||||
|
be reversed into a stop job or vice versa)".
|
||||||
|
|
||||||
|
So let's check job_type_is_conflicting, instead of !is_superset.
|
||||||
|
|
||||||
|
This makes both test-engine and TEST-03-JOBS pass again.
|
||||||
|
---
|
||||||
|
src/core/transaction.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- src/core/transaction.c
|
||||||
|
+++ src/core/transaction.c 2014-12-15 12:06:11.721518136 +0000
|
||||||
|
@@ -510,7 +510,7 @@ static int transaction_is_destructive(Tr
|
||||||
|
assert(!j->transaction_next);
|
||||||
|
|
||||||
|
if (j->unit->job && (mode == JOB_FAIL || j->unit->job->irreversible) &&
|
||||||
|
- !job_type_is_superset(j->type, j->unit->job->type)) {
|
||||||
|
+ job_type_is_conflicting(j->unit->job->type, j->type)) {
|
||||||
|
|
||||||
|
sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE, "Transaction is destructive.");
|
||||||
|
return -EEXIST;
|
@ -1,10 +0,0 @@
|
|||||||
diff -Naur systemd-208/units/systemd-tmpfiles-clean.service.in systemd-208-mod/units/systemd-tmpfiles-clean.service.in
|
|
||||||
--- systemd-208/units/systemd-tmpfiles-clean.service.in 2013-08-13 20:02:52.826756410 +0000
|
|
||||||
+++ systemd-208-mod/units/systemd-tmpfiles-clean.service.in 2014-02-21 13:34:56.456511025 +0000
|
|
||||||
@@ -19,5 +19,6 @@
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
+ExecStart=-@rootbindir@/systemd-tmpfiles-keep
|
|
||||||
ExecStart=@rootbindir@/systemd-tmpfiles --clean
|
|
||||||
IOSchedulingClass=idle
|
|
@ -17,9 +17,11 @@ claims to have named in a predictable way.
|
|||||||
src/udev/net/link-config.h | 1
|
src/udev/net/link-config.h | 1
|
||||||
5 files changed, 79 insertions(+), 11 deletions(-)
|
5 files changed, 79 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
--- man/udev.xml
|
Index: man/udev.xml
|
||||||
+++ man/udev.xml 2014-12-05 11:43:18.670867575 +0000
|
===================================================================
|
||||||
@@ -914,10 +914,21 @@
|
--- man/udev.xml.orig
|
||||||
|
+++ man/udev.xml
|
||||||
|
@@ -914,10 +914,12 @@
|
||||||
successful one is used. The name is not set directly, but
|
successful one is used. The name is not set directly, but
|
||||||
is exported to udev as the property <literal>ID_NET_NAME</literal>,
|
is exported to udev as the property <literal>ID_NET_NAME</literal>,
|
||||||
which is, by default, used by a udev rule to set
|
which is, by default, used by a udev rule to set
|
||||||
@ -29,28 +31,15 @@ claims to have named in a predictable way.
|
|||||||
+ The available policies are:
|
+ The available policies are:
|
||||||
</para>
|
</para>
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
- <varlistentry>
|
||||||
+ <term><literal>kernel</literal></term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>If the kernel claims that the name it
|
|
||||||
+ has set for a device is predictable, then
|
|
||||||
+ no renaming is performed.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
+ <varlistentry>
|
||||||
<term><literal>database</literal></term>
|
<term><literal>database</literal></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The name is set based on entries in the Hardware
|
<para>The name is set based on entries in the Hardware
|
||||||
--- network/99-default.link
|
Index: src/shared/missing.h
|
||||||
+++ network/99-default.link 2014-12-05 00:00:00.000000000 +0000
|
===================================================================
|
||||||
@@ -1,3 +1,3 @@
|
--- src/shared/missing.h.orig
|
||||||
[Link]
|
+++ src/shared/missing.h
|
||||||
-NamePolicy=database onboard slot path
|
|
||||||
+NamePolicy=kernel database onboard slot path
|
|
||||||
MACAddressPolicy=persistent
|
|
||||||
--- src/shared/missing.h
|
|
||||||
+++ src/shared/missing.h 2014-12-05 11:33:06.120057836 +0000
|
|
||||||
@@ -362,3 +362,24 @@ static inline int setns(int fd, int nsty
|
@@ -362,3 +362,24 @@ static inline int setns(int fd, int nsty
|
||||||
return syscall(__NR_setns, fd, nstype);
|
return syscall(__NR_setns, fd, nstype);
|
||||||
}
|
}
|
||||||
@ -76,8 +65,10 @@ claims to have named in a predictable way.
|
|||||||
+# define NET_NAME_RENAMED 4
|
+# define NET_NAME_RENAMED 4
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
--- src/udev/net/link-config.c
|
Index: src/udev/net/link-config.c
|
||||||
+++ src/udev/net/link-config.c 2014-12-05 11:36:51.658018542 +0000
|
===================================================================
|
||||||
|
--- src/udev/net/link-config.c.orig
|
||||||
|
+++ src/udev/net/link-config.c
|
||||||
@@ -20,10 +20,11 @@
|
@@ -20,10 +20,11 @@
|
||||||
***/
|
***/
|
||||||
|
|
||||||
@ -91,64 +82,44 @@ claims to have named in a predictable way.
|
|||||||
#include "link-config.h"
|
#include "link-config.h"
|
||||||
#include "ethtool-util.h"
|
#include "ethtool-util.h"
|
||||||
|
|
||||||
@@ -297,7 +298,33 @@ static bool mac_is_random(struct udev_de
|
@@ -297,23 +298,30 @@ static bool mac_is_random(struct udev_de
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
/* check for NET_ADDR_RANDOM */
|
/* check for NET_ADDR_RANDOM */
|
||||||
- return type == 1;
|
- return type == 1;
|
||||||
+ return type == NET_ADDR_RANDOM;
|
+ return type == NET_ADDR_RANDOM;
|
||||||
+}
|
}
|
||||||
+
|
|
||||||
+static bool should_rename(struct udev_device *device, bool respect_predictable) {
|
-static bool mac_is_permanent(struct udev_device *device) {
|
||||||
+ const char *s;
|
+static bool should_rename(struct udev_device *device) {
|
||||||
+ unsigned type;
|
const char *s;
|
||||||
+ int r;
|
unsigned type;
|
||||||
+
|
int r;
|
||||||
|
|
||||||
|
- s = udev_device_get_sysattr_value(device, "addr_assign_type");
|
||||||
+ s = udev_device_get_sysattr_value(device, "name_assign_type");
|
+ s = udev_device_get_sysattr_value(device, "name_assign_type");
|
||||||
+ if (!s)
|
if (!s)
|
||||||
|
- return true; /* if we don't know, assume it is permanent */
|
||||||
+ return true; /* if we don't know, assume we should rename */
|
+ return true; /* if we don't know, assume we should rename */
|
||||||
+ r = safe_atou(s, &type);
|
r = safe_atou(s, &type);
|
||||||
+ if (r < 0)
|
if (r < 0)
|
||||||
+ return true;
|
return true;
|
||||||
+
|
|
||||||
|
- /* check for NET_ADDR_PERM */
|
||||||
|
- return type == 0;
|
||||||
+ switch (type) {
|
+ switch (type) {
|
||||||
+ case NET_NAME_USER:
|
+ case NET_NAME_USER:
|
||||||
+ case NET_NAME_RENAMED:
|
+ case NET_NAME_RENAMED:
|
||||||
+ return false; /* these were already named by userspace, do not touch again */
|
+ return false; /* these were already named by userspace, do not touch again */
|
||||||
+ case NET_NAME_PREDICTABLE:
|
+ case NET_NAME_PREDICTABLE:
|
||||||
+ if (respect_predictable)
|
|
||||||
+ return false; /* the kernel claims to have given a predictable name */
|
|
||||||
+ /* fall through */
|
|
||||||
+ case NET_NAME_ENUM:
|
+ case NET_NAME_ENUM:
|
||||||
+ default:
|
+ default:
|
||||||
+ return true; /* the name is known to be bad, or of an unknown type */
|
+ return true; /* the name is known to be bad, or of an unknown type */
|
||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool mac_is_permanent(struct udev_device *device) {
|
#define HASH_KEY SD_ID128_MAKE(d3,1e,48,fa,90,fe,4b,4c,9d,af,d5,d7,a1,b1,2e,8a)
|
||||||
@@ -371,6 +398,7 @@ int link_config_apply(link_config_ctx *c
|
@@ -429,16 +437,16 @@ int link_config_apply(link_config_ctx *c
|
||||||
const char *new_name = NULL;
|
|
||||||
struct ether_addr generated_mac;
|
|
||||||
struct ether_addr *mac = NULL;
|
|
||||||
+ bool respect_predictable = false;
|
|
||||||
int r, ifindex;
|
|
||||||
|
|
||||||
assert(ctx);
|
|
||||||
@@ -406,8 +434,12 @@ int link_config_apply(link_config_ctx *c
|
|
||||||
if (ctx->enable_name_policy && config->name_policy) {
|
|
||||||
NamePolicy *policy;
|
|
||||||
|
|
||||||
- for (policy = config->name_policy; !new_name && *policy != _NAMEPOLICY_INVALID; policy++) {
|
|
||||||
+ for (policy = config->name_policy; !respect_predictable && !new_name &&
|
|
||||||
+ *policy != _NAMEPOLICY_INVALID; policy++) {
|
|
||||||
switch (*policy) {
|
|
||||||
+ case NAMEPOLICY_KERNEL:
|
|
||||||
+ respect_predictable = true;
|
|
||||||
+ break;
|
|
||||||
case NAMEPOLICY_DATABASE:
|
|
||||||
new_name = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE");
|
|
||||||
break;
|
|
||||||
@@ -429,12 +461,14 @@ int link_config_apply(link_config_ctx *c
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -158,32 +129,26 @@ claims to have named in a predictable way.
|
|||||||
- *name = config->name; /* a name was set manually in the config */
|
- *name = config->name; /* a name was set manually in the config */
|
||||||
- else
|
- else
|
||||||
- *name = NULL;
|
- *name = NULL;
|
||||||
+ if (should_rename(device, respect_predictable)) {
|
+ if (should_rename(device)) {
|
||||||
+ if (!new_name)
|
+ if (!new_name)
|
||||||
+ /* if not set by policy, fall back manually set name */
|
+ /* if not set by policy, fall back manually set name */
|
||||||
+ new_name = config->name;
|
+ new_name = config->name;
|
||||||
+ } else
|
+ } else
|
||||||
+ new_name = NULL;
|
+ new_name = NULL;
|
||||||
+
|
|
||||||
+ *name = new_name;
|
|
||||||
|
|
||||||
switch (config->mac_policy) {
|
switch (config->mac_policy) {
|
||||||
case MACPOLICY_PERSISTENT:
|
case MACPOLICY_PERSISTENT:
|
||||||
@@ -500,6 +534,7 @@ DEFINE_STRING_TABLE_LOOKUP(mac_policy, M
|
- if (!mac_is_permanent(device)) {
|
||||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_policy, mac_policy, MACPolicy, "Failed to parse MAC address policy");
|
+ if (mac_is_random(device)) {
|
||||||
|
r = get_mac(device, false, &generated_mac);
|
||||||
|
if (r == -ENOENT)
|
||||||
|
break;
|
||||||
|
@@ -467,6 +475,8 @@ int link_config_apply(link_config_ctx *c
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
static const char* const name_policy_table[] = {
|
+ *name = new_name;
|
||||||
+ [NAMEPOLICY_KERNEL] = "kernel",
|
+
|
||||||
[NAMEPOLICY_DATABASE] = "database",
|
return 0;
|
||||||
[NAMEPOLICY_ONBOARD] = "onboard",
|
}
|
||||||
[NAMEPOLICY_SLOT] = "slot",
|
|
||||||
--- src/udev/net/link-config.h
|
|
||||||
+++ src/udev/net/link-config.h 2014-12-05 00:00:00.000000000 +0000
|
|
||||||
@@ -39,6 +39,7 @@ typedef enum MACPolicy {
|
|
||||||
} MACPolicy;
|
|
||||||
|
|
||||||
typedef enum NamePolicy {
|
|
||||||
+ NAMEPOLICY_KERNEL,
|
|
||||||
NAMEPOLICY_DATABASE,
|
|
||||||
NAMEPOLICY_ONBOARD,
|
|
||||||
NAMEPOLICY_SLOT,
|
|
||||||
|
78
systemd-add-user-keep.patch
Normal file
78
systemd-add-user-keep.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
diff -Naur systemd-210/man/tmpfiles.d.xml systemd-210.mod/man/tmpfiles.d.xml
|
||||||
|
--- systemd-210/man/tmpfiles.d.xml 2014-12-18 09:40:29.403629407 +0100
|
||||||
|
+++ systemd-210.mod/man/tmpfiles.d.xml 2014-12-18 10:34:06.274130934 +0100
|
||||||
|
@@ -435,8 +435,12 @@
|
||||||
|
<varname>f</varname>, <varname>F</varname>,
|
||||||
|
and <varname>w</varname> may be used to
|
||||||
|
specify a short string that is written to the
|
||||||
|
- file, suffixed by a newline. Ignored for all
|
||||||
|
- other lines.</para>
|
||||||
|
+ file, suffixed by a newline.
|
||||||
|
+ For <varname>x</varname>, <varname>X</varname>
|
||||||
|
+ a comma separated list of usernames. If given,
|
||||||
|
+ only paths belonging to these users will be
|
||||||
|
+ excluded during directory cleanup.
|
||||||
|
+ Ignored for all other lines.</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
</refsect1>
|
||||||
|
diff -Naur systemd-210/src/tmpfiles/tmpfiles.c systemd-210.mod/src/tmpfiles/tmpfiles.c
|
||||||
|
--- systemd-210/src/tmpfiles/tmpfiles.c 2014-12-18 09:40:29.342629177 +0100
|
||||||
|
+++ systemd-210.mod/src/tmpfiles/tmpfiles.c 2014-12-18 11:58:16.686576974 +0100
|
||||||
|
@@ -263,6 +263,7 @@
|
||||||
|
struct timespec times[2];
|
||||||
|
bool deleted = false;
|
||||||
|
int r = 0;
|
||||||
|
+ Item *found = NULL;
|
||||||
|
|
||||||
|
while ((dent = readdir(d))) {
|
||||||
|
struct stat s;
|
||||||
|
@@ -306,11 +307,43 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Is there an item configured for this path? */
|
||||||
|
- if (hashmap_get(items, sub_path))
|
||||||
|
- continue;
|
||||||
|
-
|
||||||
|
- if (find_glob(globs, sub_path))
|
||||||
|
- continue;
|
||||||
|
+ found = hashmap_get(items, sub_path);
|
||||||
|
+
|
||||||
|
+ if (!found)
|
||||||
|
+ found = find_glob(globs, sub_path);
|
||||||
|
+
|
||||||
|
+ if (found) {
|
||||||
|
+ /* evaluate username arguments in ignore statements */
|
||||||
|
+ if (found->type == IGNORE_PATH || found->type == IGNORE_DIRECTORY_PATH) {
|
||||||
|
+ if (!found->argument)
|
||||||
|
+ continue;
|
||||||
|
+ else {
|
||||||
|
+ struct passwd *pw;
|
||||||
|
+ char *userfound = NULL, *args = strdup(found->argument);
|
||||||
|
+ bool match = false;
|
||||||
|
+ int uid = -1;
|
||||||
|
+
|
||||||
|
+ while ((userfound = strsep(&args, ","))) {
|
||||||
|
+ pw = getpwnam(userfound);
|
||||||
|
+
|
||||||
|
+ if (!pw)
|
||||||
|
+ log_error("Unknown user '%s' in ignore statement.", userfound);
|
||||||
|
+ else {
|
||||||
|
+ uid = pw->pw_uid;
|
||||||
|
+ if (s.st_uid == uid) {
|
||||||
|
+ match = true;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (match) {
|
||||||
|
+ found = NULL;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } else
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (S_ISDIR(s.st_mode)) {
|
||||||
|
|
@ -1,3 +1,47 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 18 13:47:36 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Use Robert's latest patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
which drops NAMEPOLICY_KERNEL as this breaks all on current
|
||||||
|
systems out there
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 17 14:57:42 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
|
- remove 0022-systemd-tmpfiles-ownerkeep.patch since this is now
|
||||||
|
implemented into the systemd-tmpfiles binary
|
||||||
|
- add user based ignore statements in tmpfiles removal directives
|
||||||
|
(bnc#903009)
|
||||||
|
add systemd-add-user-keep.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 16 09:45:38 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
|
- use --boot option in systemd-tmpfiles-setup-dev.service (bnc#908476)
|
||||||
|
add upstream patches:
|
||||||
|
0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch
|
||||||
|
0002-man-tmpfiles.d-recommend-using-b-and-c.patch (adapted)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 16 08:59:08 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Update patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
to Robert's version
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 15 15:02:22 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Add upstream patches
|
||||||
|
0001-selinux-access-fix-broken-ternary-operator.patch
|
||||||
|
0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch
|
||||||
|
0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch
|
||||||
|
0004-core-fix-transaction-destructiveness-check-once-more.patch
|
||||||
|
- Avoid old net devices naming scheme on openSUSE 13.2 and less
|
||||||
|
maybe caused by patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com
|
Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
@ -17,7 +61,6 @@ Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de
|
|||||||
- Add upstream patches
|
- Add upstream patches
|
||||||
0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
||||||
0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
||||||
1097-udev-link_setup-respect-kernel-name-assign-policy.patch
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com
|
Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com
|
||||||
|
@ -42,7 +42,6 @@
|
|||||||
%bcond_with udevsettle
|
%bcond_with udevsettle
|
||||||
%endif
|
%endif
|
||||||
%bcond_with systemgrps
|
%bcond_with systemgrps
|
||||||
%{expand: %%global has_tmpkeep %(type -p systemd-tmpfiles-keep &>/dev/null && echo 1 || echo 0)}
|
|
||||||
|
|
||||||
Name: systemd-mini
|
Name: systemd-mini
|
||||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||||
@ -396,8 +395,6 @@ Patch181: 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch
|
|||||||
Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch
|
Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch
|
||||||
# PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch werner@suse.com
|
# PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch werner@suse.com
|
||||||
Patch183: 0001-add-network-device-after-NFS-mount-units.patch
|
Patch183: 0001-add-network-device-after-NFS-mount-units.patch
|
||||||
# PATCH-FIX-SUSE 0022-systemd-tmpfiles-ownerkeep.patch
|
|
||||||
Patch184: 0022-systemd-tmpfiles-ownerkeep.patch
|
|
||||||
# PATCH-FIX-SUSE systemd-powerd-initctl-support.patch
|
# PATCH-FIX-SUSE systemd-powerd-initctl-support.patch
|
||||||
Patch185: systemd-powerd-initctl-support.patch
|
Patch185: systemd-powerd-initctl-support.patch
|
||||||
# PATCH-FIX-SUSE systemctl-set-default-target.patch
|
# PATCH-FIX-SUSE systemctl-set-default-target.patch
|
||||||
@ -1050,6 +1047,21 @@ Patch511: 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
|||||||
Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
||||||
# PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709)
|
# PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709)
|
||||||
Patch513: 513-nspawn-veth.patch
|
Patch513: 513-nspawn-veth.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/16
|
||||||
|
Patch518: 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/16
|
||||||
|
Patch519: 0002-man-tmpfiles.d-recommend-using-b-and-c.patch
|
||||||
|
# PATCH-FIX-SUSE systemd-add-user-keep.patch (bnc#903009)
|
||||||
|
Patch520: systemd-add-user-keep.patch
|
||||||
|
#
|
||||||
|
|
||||||
# UDEV PATCHES
|
# UDEV PATCHES
|
||||||
# ============
|
# ============
|
||||||
@ -1593,9 +1605,6 @@ cp %{SOURCE7} m4/
|
|||||||
%patch181 -p1
|
%patch181 -p1
|
||||||
%patch182 -p1
|
%patch182 -p1
|
||||||
%patch183 -p1
|
%patch183 -p1
|
||||||
%if 0%{?has_tmpkeep}
|
|
||||||
%patch184 -p1
|
|
||||||
%endif
|
|
||||||
%patch185 -p1
|
%patch185 -p1
|
||||||
%patch186 -p1
|
%patch186 -p1
|
||||||
%patch187 -p1
|
%patch187 -p1
|
||||||
@ -1925,6 +1934,13 @@ cp %{SOURCE7} m4/
|
|||||||
%patch511 -p0
|
%patch511 -p0
|
||||||
%patch512 -p0
|
%patch512 -p0
|
||||||
%patch513 -p1
|
%patch513 -p1
|
||||||
|
%patch514 -p0
|
||||||
|
%patch515 -p0
|
||||||
|
%patch516 -p0
|
||||||
|
%patch517 -p0
|
||||||
|
%patch518 -p1
|
||||||
|
%patch519 -p1
|
||||||
|
%patch520 -p1
|
||||||
|
|
||||||
# udev patches
|
# udev patches
|
||||||
%patch1001 -p1
|
%patch1001 -p1
|
||||||
|
@ -1,3 +1,47 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 18 13:47:36 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Use Robert's latest patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
which drops NAMEPOLICY_KERNEL as this breaks all on current
|
||||||
|
systems out there
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 17 14:57:42 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
|
- remove 0022-systemd-tmpfiles-ownerkeep.patch since this is now
|
||||||
|
implemented into the systemd-tmpfiles binary
|
||||||
|
- add user based ignore statements in tmpfiles removal directives
|
||||||
|
(bnc#903009)
|
||||||
|
add systemd-add-user-keep.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 16 09:45:38 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
|
- use --boot option in systemd-tmpfiles-setup-dev.service (bnc#908476)
|
||||||
|
add upstream patches:
|
||||||
|
0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch
|
||||||
|
0002-man-tmpfiles.d-recommend-using-b-and-c.patch (adapted)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 16 08:59:08 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Update patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
to Robert's version
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 15 15:02:22 UTC 2014 - werner@suse.de
|
||||||
|
|
||||||
|
- Add upstream patches
|
||||||
|
0001-selinux-access-fix-broken-ternary-operator.patch
|
||||||
|
0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch
|
||||||
|
0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch
|
||||||
|
0004-core-fix-transaction-destructiveness-check-once-more.patch
|
||||||
|
- Avoid old net devices naming scheme on openSUSE 13.2 and less
|
||||||
|
maybe caused by patch
|
||||||
|
1098-udev-link_setup-respect-kernel-name-assign-policy.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com
|
Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com
|
||||||
|
|
||||||
@ -17,7 +61,6 @@ Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de
|
|||||||
- Add upstream patches
|
- Add upstream patches
|
||||||
0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
||||||
0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
||||||
1097-udev-link_setup-respect-kernel-name-assign-policy.patch
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com
|
Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com
|
||||||
|
28
systemd.spec
28
systemd.spec
@ -40,7 +40,6 @@
|
|||||||
%bcond_with udevsettle
|
%bcond_with udevsettle
|
||||||
%endif
|
%endif
|
||||||
%bcond_with systemgrps
|
%bcond_with systemgrps
|
||||||
%{expand: %%global has_tmpkeep %(type -p systemd-tmpfiles-keep &>/dev/null && echo 1 || echo 0)}
|
|
||||||
|
|
||||||
Name: systemd
|
Name: systemd
|
||||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||||
@ -391,8 +390,6 @@ Patch181: 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch
|
|||||||
Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch
|
Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch
|
||||||
# PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch werner@suse.com
|
# PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch werner@suse.com
|
||||||
Patch183: 0001-add-network-device-after-NFS-mount-units.patch
|
Patch183: 0001-add-network-device-after-NFS-mount-units.patch
|
||||||
# PATCH-FIX-SUSE 0022-systemd-tmpfiles-ownerkeep.patch
|
|
||||||
Patch184: 0022-systemd-tmpfiles-ownerkeep.patch
|
|
||||||
# PATCH-FIX-SUSE systemd-powerd-initctl-support.patch
|
# PATCH-FIX-SUSE systemd-powerd-initctl-support.patch
|
||||||
Patch185: systemd-powerd-initctl-support.patch
|
Patch185: systemd-powerd-initctl-support.patch
|
||||||
# PATCH-FIX-SUSE systemctl-set-default-target.patch
|
# PATCH-FIX-SUSE systemctl-set-default-target.patch
|
||||||
@ -1045,6 +1042,21 @@ Patch511: 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch
|
|||||||
Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch
|
||||||
# PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709)
|
# PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709)
|
||||||
Patch513: 513-nspawn-veth.patch
|
Patch513: 513-nspawn-veth.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/15
|
||||||
|
Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/16
|
||||||
|
Patch518: 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch
|
||||||
|
# PATCH-FIX-UPSTREAM added at 2014/12/16
|
||||||
|
Patch519: 0002-man-tmpfiles.d-recommend-using-b-and-c.patch
|
||||||
|
# PATCH-FIX-SUSE systemd-add-user-keep.patch (bnc#903009)
|
||||||
|
Patch520: systemd-add-user-keep.patch
|
||||||
|
#
|
||||||
|
|
||||||
# UDEV PATCHES
|
# UDEV PATCHES
|
||||||
# ============
|
# ============
|
||||||
@ -1588,9 +1600,6 @@ cp %{SOURCE7} m4/
|
|||||||
%patch181 -p1
|
%patch181 -p1
|
||||||
%patch182 -p1
|
%patch182 -p1
|
||||||
%patch183 -p1
|
%patch183 -p1
|
||||||
%if 0%{?has_tmpkeep}
|
|
||||||
%patch184 -p1
|
|
||||||
%endif
|
|
||||||
%patch185 -p1
|
%patch185 -p1
|
||||||
%patch186 -p1
|
%patch186 -p1
|
||||||
%patch187 -p1
|
%patch187 -p1
|
||||||
@ -1920,6 +1929,13 @@ cp %{SOURCE7} m4/
|
|||||||
%patch511 -p0
|
%patch511 -p0
|
||||||
%patch512 -p0
|
%patch512 -p0
|
||||||
%patch513 -p1
|
%patch513 -p1
|
||||||
|
%patch514 -p0
|
||||||
|
%patch515 -p0
|
||||||
|
%patch516 -p0
|
||||||
|
%patch517 -p0
|
||||||
|
%patch518 -p1
|
||||||
|
%patch519 -p1
|
||||||
|
%patch520 -p1
|
||||||
|
|
||||||
# udev patches
|
# udev patches
|
||||||
%patch1001 -p1
|
%patch1001 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user