Accepting request 96193 from Base:System

- Remove storage-after-cryptsetup.service, add
  storage-after-cryptsetup.patch instead to prevent dependency
  cycle (bnc#722539).
- Add delay-fsck-cryptsetup-after-md-lvm-dmraid.patch: ensure
  fsck/cryptsetup is run after lvm/md/dmraid have landed
  (bnc#724912).
- Add cron-tty-pam.patch: Fix cron filling logs (bnc#731358).
- Add do_not_warn_pidfile.patch: Fix PID warning in logs
  (bnc#732912).
- Add mount-swap-log.patch: Ensure swap and mount output is
  redirected to default log target (rhb#750032).
- Add color-on-boot.patch: ensure colored status are displayed at
  boot time.
- Update modules_on_boot.patch to fix bnc#732041.
- Replace private_tmp_crash.patch with log_on_close.patch, better
  upstream fix for bnc#699829 and fix bnc#731719.
- Update vconsole patch to fix memleaks and crash (bnc#734527).
- Add handle-racy-daemon.patch: fix warnings with sendmail
  (bnc#732912).
- Add new-lsb-headers.patch: support PIDFile: and
  X-Systemd-RemainAfterExit: header in initscript (bnc#727771).
- Update bootsplash services to not start if vga= is missing from
  cmdline (bnc#727771)
- Add lock-opensuse.patch: disable /var/lock/{subsys,lockdev} and
  change default permissions on /var/lock (bnc#733523).
- Add garbage_collect_units: ensure error units are correctly
  garbage collected (rhb#680122).
- Add crypt-loop-file.patch: add support for crypt file loop
  (bnc#730496).

OBS-URL: https://build.opensuse.org/request/show/96193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=84
This commit is contained in:
Stephan Kulow 2011-12-12 15:59:25 +00:00 committed by Git OBS Bridge
parent 021c08f8c6
commit fd27f5b8ab
22 changed files with 2483 additions and 54 deletions

View File

@ -7,10 +7,10 @@ Subject: [PATCH] handle disable_caplock and compose_table and kbd_rate
src/vconsole-setup.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 121 insertions(+), 3 deletions(-)
diff --git a/src/vconsole-setup.c b/src/vconsole-setup.c
index c5f3628..6603a75 100644
--- a/src/vconsole-setup.c
+++ b/src/vconsole-setup.c
Index: systemd-37/src/vconsole-setup.c
===================================================================
--- systemd-37.orig/src/vconsole-setup.c
+++ systemd-37/src/vconsole-setup.c
@@ -40,6 +40,7 @@
#include "log.h"
#include "macro.h"
@ -30,7 +30,7 @@ index c5f3628..6603a75 100644
int i = 0;
pid_t pid;
@@ -99,6 +100,8 @@ static int load_keymap(const char *vc, const char *map, const char *map_toggle,
@@ -99,6 +100,8 @@ static int load_keymap(const char *vc, c
args[i++] = map;
if (map_toggle)
args[i++] = map_toggle;
@ -39,16 +39,17 @@ index c5f3628..6603a75 100644
args[i++] = NULL;
if ((pid = fork()) < 0) {
@@ -150,6 +153,96 @@ static int load_font(const char *vc, const char *font, const char *map, const ch
@@ -150,6 +153,101 @@ static int load_font(const char *vc, con
return 0;
}
+#ifdef TARGET_SUSE
+static int load_compose_table(const char *vc, const char *compose_table, pid_t *_pid) {
+ const char *args[1024];
+ int i = 0;
+ int i = 0, j = 0;
+ pid_t pid;
+ char **strv_compose_table = NULL;
+ char *to_free[1024];
+
+ if (isempty(compose_table)) {
+ /* An empty map means no compose table*/
@ -79,7 +80,7 @@ index c5f3628..6603a75 100644
+ }
+ asprintf(&arg, "compose.%s",*name);
+ compose_loaded = true;
+ args[i++] = arg;
+ args[i++] = to_free[j++] = arg;
+
+ }
+ strv_free(strv_compose_table);
@ -95,6 +96,10 @@ index c5f3628..6603a75 100644
+ }
+
+ *_pid = pid;
+
+ for (i=0 ; i < j ; i++)
+ free (to_free[i]);
+
+ return 0;
+}
+
@ -136,7 +141,7 @@ index c5f3628..6603a75 100644
int main(int argc, char **argv) {
const char *vc;
char *vc_keymap = NULL;
@@ -163,8 +256,16 @@ int main(int argc, char **argv) {
@@ -163,8 +261,16 @@ int main(int argc, char **argv) {
#ifdef TARGET_MANDRIVA
char *vc_keytable = NULL;
#endif
@ -153,7 +158,7 @@ index c5f3628..6603a75 100644
int r = EXIT_FAILURE;
pid_t font_pid = 0, keymap_pid = 0;
@@ -265,6 +366,10 @@ int main(int argc, char **argv) {
@@ -265,6 +371,10 @@ int main(int argc, char **argv) {
#elif defined(TARGET_SUSE)
if ((r = parse_env_file("/etc/sysconfig/keyboard", NEWLINE,
"KEYTABLE", &vc_keymap,
@ -164,15 +169,15 @@ index c5f3628..6603a75 100644
NULL)) < 0) {
if (r != -ENOENT)
@@ -280,6 +385,7 @@ int main(int argc, char **argv) {
@@ -280,6 +390,7 @@ int main(int argc, char **argv) {
if (r != -ENOENT)
log_warning("Failed to read /etc/sysconfig/console: %s", strerror(-r));
}
+ disable_capslock = strcasecmp(vc_kbd_disable_caps_lock, "YES") == 0;
+ disable_capslock = vc_kbd_disable_caps_lock && strcasecmp(vc_kbd_disable_caps_lock, "YES") == 0;
#elif defined(TARGET_ARCH)
if ((r = parse_env_file("/etc/rc.conf", NEWLINE,
@@ -436,7 +542,11 @@ int main(int argc, char **argv) {
@@ -436,7 +547,11 @@ int main(int argc, char **argv) {
if (!utf8)
disable_utf8(fd);
@ -185,7 +190,7 @@ index c5f3628..6603a75 100644
load_font(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0)
r = EXIT_SUCCESS;
@@ -444,6 +554,14 @@ finish:
@@ -444,6 +559,14 @@ finish:
if (keymap_pid > 0)
wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
@ -200,6 +205,16 @@ index c5f3628..6603a75 100644
if (font_pid > 0)
wait_for_terminate_and_warn(KBD_SETFONT, font_pid);
--
1.7.3.4
@@ -451,6 +574,12 @@ finish:
free(vc_font);
free(vc_font_map);
free(vc_font_unimap);
+#ifdef TARGET_SUSE
+ free(vc_kbd_delay);
+ free(vc_kbd_rate);
+ free(vc_kbd_disable_caps_lock);
+ free(vc_compose_table);
+#endif
if (fd >= 0)
close_nointr_nofail(fd);

View File

@ -3,7 +3,9 @@ Description=Terminate bootsplash
After=xdm.service rc-local.service bootsplash-startup.service
Before=getty@tty1.service
DefaultDependencies=no
Names=plymout-quit-wait.service
Names=plymouth-quit-wait.service
ConditionKernelCommandLine=splash=silent
ConditionKernelCommandLine=vga
[Service]
ExecStart=/lib/systemd/systemd-bootsplash 5

View File

@ -2,6 +2,7 @@
Description=Start bootsplash
DefaultDependencies=no
ConditionKernelCommandLine=splash=silent
ConditionKernelCommandLine=vga
[Service]
ExecStart=/lib/systemd/systemd-bootsplash 0

131
color-on-boot.patch Normal file
View File

@ -0,0 +1,131 @@
From 5831e9b726ab6e76b28a94861a014d3bc2aa3015 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Thu, 10 Nov 2011 12:53:39 +0100
Subject: [PATCH] job: colored status messages on boot
The lack or green/red status marks on boot has been described by some
users as "critical", "dramatic", "dealbreaker", "showstopper". Seriously.
---
src/job.c | 13 +++++++------
src/unit.c | 24 ++++++++++++++++++++----
src/unit.h | 2 +-
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/src/job.c b/src/job.c
index 20971da..1520d81 100644
--- a/src/job.c
+++ b/src/job.c
@@ -484,19 +484,20 @@ static void job_print_status_message(Unit *u, JobType t, JobResult result) {
switch (result) {
case JOB_DONE:
- unit_status_printf(u, "Started %s.\n", unit_description(u));
+ unit_status_printf(u, ANSI_HIGHLIGHT_GREEN_ON " OK " ANSI_HIGHLIGHT_OFF, "Started %s", unit_description(u));
break;
case JOB_FAILED:
- unit_status_printf(u, "Starting %s " ANSI_HIGHLIGHT_ON "failed" ANSI_HIGHLIGHT_OFF ", see 'systemctl status %s' for details.\n", unit_description(u), u->meta.id);
+ unit_status_printf(u, ANSI_HIGHLIGHT_ON "FAILED" ANSI_HIGHLIGHT_OFF, "Failed to start %s", unit_description(u));
+ unit_status_printf(u, NULL, "See 'systemctl status %s' for details.", u->meta.id);
break;
case JOB_DEPENDENCY:
- unit_status_printf(u, "Starting %s " ANSI_HIGHLIGHT_ON "aborted" ANSI_HIGHLIGHT_OFF " because a dependency failed.\n", unit_description(u));
+ unit_status_printf(u, ANSI_HIGHLIGHT_ON " ABORT" ANSI_HIGHLIGHT_OFF, "Dependency failed. Aborted start of %s", unit_description(u));
break;
case JOB_TIMEOUT:
- unit_status_printf(u, "Starting %s " ANSI_HIGHLIGHT_ON "timed out" ANSI_HIGHLIGHT_OFF ".\n", unit_description(u), u->meta.id);
+ unit_status_printf(u, ANSI_HIGHLIGHT_ON " TIME " ANSI_HIGHLIGHT_OFF, "Timed out starting %s", unit_description(u));
break;
default:
@@ -508,12 +509,12 @@ static void job_print_status_message(Unit *u, JobType t, JobResult result) {
switch (result) {
case JOB_TIMEOUT:
- unit_status_printf(u, "Stopping %s " ANSI_HIGHLIGHT_ON "timed out" ANSI_HIGHLIGHT_OFF ".\n", unit_description(u), u->meta.id);
+ unit_status_printf(u, ANSI_HIGHLIGHT_ON " TIME " ANSI_HIGHLIGHT_OFF, "Timed out stopping %s", unit_description(u));
break;
case JOB_DONE:
case JOB_FAILED:
- unit_status_printf(u, "Stopped %s.\n", unit_description(u));
+ unit_status_printf(u, ANSI_HIGHLIGHT_GREEN_ON " OK " ANSI_HIGHLIGHT_OFF, "Stopped %s", unit_description(u));
break;
default:
diff --git a/src/unit.c b/src/unit.c
index 903a8e4..ad4063b 100644
--- a/src/unit.c
+++ b/src/unit.c
@@ -924,7 +924,7 @@ int unit_start(Unit *u) {
unit_add_to_dbus_queue(u);
- unit_status_printf(u, "Starting %s...\n", unit_description(u));
+ unit_status_printf(u, NULL, "Starting %s...", unit_description(u));
return UNIT_VTABLE(u)->start(u);
}
@@ -966,7 +966,7 @@ int unit_stop(Unit *u) {
unit_add_to_dbus_queue(u);
- unit_status_printf(u, "Stopping %s...\n", unit_description(u));
+ unit_status_printf(u, NULL, "Stopping %s...", unit_description(u));
return UNIT_VTABLE(u)->stop(u);
}
@@ -2426,8 +2426,11 @@ int unit_coldplug(Unit *u) {
return 0;
}
-void unit_status_printf(Unit *u, const char *format, ...) {
+void unit_status_printf(Unit *u, const char *status, const char *format, ...) {
va_list ap;
+ char *s, *e;
+ int err;
+ const unsigned emax = status ? 80 - (sizeof("[ OK ]")-1) : 80;
assert(u);
assert(format);
@@ -2442,8 +2445,21 @@ void unit_status_printf(Unit *u, const char *format, ...) {
return;
va_start(ap, format);
- status_vprintf(format, ap);
+ err = vasprintf(&s, format, ap);
va_end(ap);
+ if (err < 0)
+ return;
+
+ e = ellipsize(s, emax, 100);
+ free(s);
+ if (!e)
+ return;
+
+ if (status)
+ status_printf("%s%*s[%s]\n", e, emax - strlen(e), "", status);
+ else
+ status_printf("%s\n", e);
+ free(e);
}
bool unit_need_daemon_reload(Unit *u) {
diff --git a/src/unit.h b/src/unit.h
index 7da5723..b32c1a7 100644
--- a/src/unit.h
+++ b/src/unit.h
@@ -512,7 +512,7 @@ int unit_add_node_link(Unit *u, const char *what, bool wants);
int unit_coldplug(Unit *u);
-void unit_status_printf(Unit *u, const char *format, ...);
+void unit_status_printf(Unit *u, const char *status, const char *format, ...);
bool unit_need_daemon_reload(Unit *u);
--
1.7.7

81
cron-tty-pam.patch Normal file
View File

@ -0,0 +1,81 @@
From 1dc995370987660ff045ff4d7cf512da0390cf96 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Sat, 19 Nov 2011 01:14:11 +0100
Subject: [PATCH 1/2] pam-module: use the correct session type "unspecified"
logind does not understand "other".
---
src/pam-module.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/pam-module.c b/src/pam-module.c
index dd05f93..e650886 100644
--- a/src/pam-module.c
+++ b/src/pam-module.c
@@ -472,7 +472,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
get_seat_from_display(display, &seat, &vtnr);
type = !isempty(display) ? "x11" :
- !isempty(tty) ? "tty" : "other";
+ !isempty(tty) ? "tty" : "unspecified";
remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
--
1.7.7
From 1a4459d63323cdfdb8751077e555ddbbf80564b1 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Sat, 19 Nov 2011 01:17:46 +0100
Subject: [PATCH 2/2] pam-module: treat "cron" in PAM_TTY as empty tty
cron sets PAM_TTY to "cron" and it has been doing it for a long time.
It cannot be changed because user configurations may depend on it.
https://bugzilla.redhat.com/show_bug.cgi?id=727315
---
src/logind-session.c | 4 ++--
src/pam-module.c | 4 ++++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/logind-session.c b/src/logind-session.c
index b0a09e3..63ee758 100644
--- a/src/logind-session.c
+++ b/src/logind-session.c
@@ -536,7 +536,7 @@ int session_start(Session *s) {
if (r < 0)
return r;
- log_full(s->display || s->tty ? LOG_INFO : LOG_DEBUG,
+ log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG,
"New session %s of user %s.", s->id, s->user->name);
/* Create cgroup */
@@ -659,7 +659,7 @@ int session_stop(Session *s) {
assert(s);
if (s->started)
- log_full(s->display || s->tty ? LOG_INFO : LOG_DEBUG,
+ log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG,
"Removed session %s.", s->id);
/* Kill cgroup */
diff --git a/src/pam-module.c b/src/pam-module.c
index e650886..46b7bec 100644
--- a/src/pam-module.c
+++ b/src/pam-module.c
@@ -463,6 +463,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (isempty(display))
display = tty;
tty = "";
+ } else if (streq(tty, "cron")) {
+ /* cron has been setting PAM_TTY to "cron" for a very long time
+ * and it cannot stop doing that for compatibility reasons. */
+ tty = "";
}
if (!isempty(cvtnr))
--
1.7.7

76
crypt-loop-file.patch Normal file
View File

@ -0,0 +1,76 @@
Index: systemd-37/src/cryptsetup-generator.c
===================================================================
--- systemd-37.orig/src/cryptsetup-generator.c
+++ systemd-37/src/cryptsetup-generator.c
@@ -138,7 +138,7 @@ static int create_disk(
const char *password,
const char *options) {
- char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
+ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL, *path_file = NULL;
int r;
FILE *f = NULL;
bool noauto, nofail;
@@ -167,10 +167,50 @@ static int create_disk(
goto fail;
}
- if (!(d = unit_name_from_path(u, ".device"))) {
- r = -ENOMEM;
- log_error("Failed to allocate device name.");
- goto fail;
+ if (!startswith(device,"/dev/")) {
+
+ if (!(d = unit_name_build_escape("cryptsetup", name, ".path"))) {
+ r = -ENOMEM;
+ log_error("Failed to allocate path name.");
+ goto fail;
+ }
+
+ if (asprintf(&path_file, "%s/%s", arg_dest, d) < 0) {
+ r = -ENOMEM;
+ log_error("Failed to allocate unit file name.");
+ goto fail;
+ }
+
+ if (!(f = fopen(path_file, "wxe"))) {
+ r = -errno;
+ log_error("Failed to create unit file: %m");
+ goto fail;
+ }
+
+ fprintf(f,
+ "[Unit]\n"
+ "Description=Cryptography Setup for %s\n"
+ "DefaultDependencies=no\n"
+ "[Path]\n"
+ "PathExists=%s\n",
+ device, device);
+
+ fflush(f);
+
+ if (ferror(f)) {
+ r = -errno;
+ log_error("Failed to write file: %m");
+ goto fail;
+ }
+
+ f = NULL;
+ } else {
+
+ if (!(d = unit_name_from_path(u, ".device"))) {
+ r = -ENOMEM;
+ log_error("Failed to allocate device name.");
+ goto fail;
+ }
}
if (!(f = fopen(p, "wxe"))) {
@@ -300,6 +340,7 @@ fail:
free(n);
free(d);
free(e);
+ free(path_file);
free(from);
free(to);

View File

@ -0,0 +1,38 @@
From c6170719e7afbcecc04e8939e93e9678529e6391 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Wed, 9 Nov 2011 11:10:49 +0100
Subject: [PATCH] delay fsck / cryptsetup after md / dmraid / lvm are started
---
src/cryptsetup-generator.c | 1 +
units/fsck@.service.in | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/cryptsetup-generator.c b/src/cryptsetup-generator.c
index 14fcce8..e62f0e0 100644
--- a/src/cryptsetup-generator.c
+++ b/src/cryptsetup-generator.c
@@ -186,6 +186,7 @@ static int create_disk(
"DefaultDependencies=no\n"
"BindTo=%s dev-mapper-%%i.device\n"
"After=systemd-readahead-collect.service systemd-readahead-replay.service %s\n"
+ "After=md.service dmraid.service lvm.service\n"
"Before=umount.target\n",
d, d);
diff --git a/units/fsck@.service.in b/units/fsck@.service.in
index e1f7736..c1870ce 100644
--- a/units/fsck@.service.in
+++ b/units/fsck@.service.in
@@ -9,7 +9,7 @@
Description=File System Check on %f
DefaultDependencies=no
BindTo=%i.device
-After=systemd-readahead-collect.service systemd-readahead-replay.service %i.device
+After=systemd-readahead-collect.service systemd-readahead-replay.service %i.device lvm.service md.service dmraid.service
Before=shutdown.target
[Service]
--
1.7.7

60
do_not_warn_pidfile.patch Normal file
View File

@ -0,0 +1,60 @@
From c5419d4239ceb4c3bd0263a0a810cf24a072b3c0 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Thu, 10 Nov 2011 09:55:47 +0100
Subject: [PATCH] service: don't warn if the pidfile still exists after
SIGCHLD
A service that drops its privileges may not be able to remove it when it
exits. The stale pidfile is not a problem as long as the service
carefully recognizes it on its next start.
systemd would produce a warning after the service exits:
PID ... read from file ... does not exist. Your service or init
script might be broken.
Silence the warning in this case. Still warn if this error is detected
when loading the pidfile after service start.
Noticed by Miroslav Lichvar in
https://bugzilla.redhat.com/show_bug.cgi?id=752396
---
src/service.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/service.c b/src/service.c
index eb475d9..6fc2484 100644
--- a/src/service.c
+++ b/src/service.c
@@ -1290,7 +1290,7 @@ static void service_dump(Unit *u, FILE *f, const char *prefix) {
free(p2);
}
-static int service_load_pid_file(Service *s, bool warn_if_missing) {
+static int service_load_pid_file(Service *s, bool may_warn) {
char *k;
int r;
pid_t pid;
@@ -1301,7 +1301,7 @@ static int service_load_pid_file(Service *s, bool warn_if_missing) {
return -ENOENT;
if ((r = read_one_line_file(s->pid_file, &k)) < 0) {
- if (warn_if_missing)
+ if (may_warn)
log_warning("Failed to read PID file %s after %s. The service might be broken.",
s->pid_file, service_state_to_string(s->state));
return r;
@@ -1314,8 +1314,9 @@ static int service_load_pid_file(Service *s, bool warn_if_missing) {
return r;
if (kill(pid, 0) < 0 && errno != EPERM) {
- log_warning("PID %lu read from file %s does not exist. Your service or init script might be broken.",
- (unsigned long) pid, s->pid_file);
+ if (may_warn)
+ log_warning("PID %lu read from file %s does not exist. Your service or init script might be broken.",
+ (unsigned long) pid, s->pid_file);
return -ESRCH;
}
--
1.7.7

View File

@ -0,0 +1,29 @@
From 9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Tue, 6 Dec 2011 00:47:28 +0100
Subject: [PATCH] unit: garbage collect units with load error
Units that failed to load were never cleaned up. It was possible to
reach the 128K limit of units by attempting to load a bunch of nonsense.
Bug observed by Reartes Guillermo in
https://bugzilla.redhat.com/show_bug.cgi?id=680122
---
src/unit.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/unit.c b/src/unit.c
index 2a549e2..018e986 100644
--- a/src/unit.c
+++ b/src/unit.c
@@ -858,6 +858,7 @@ fail:
u->meta.load_state = UNIT_ERROR;
u->meta.load_error = r;
unit_add_to_dbus_queue(u);
+ unit_add_to_gc_queue(u);
log_debug("Failed to load configuration for %s: %s", u->meta.id, strerror(-r));
--
1.7.7

1066
handle-racy-daemon.patch Normal file

File diff suppressed because it is too large Load Diff

16
lock-opensuse.patch Normal file
View File

@ -0,0 +1,16 @@
Index: systemd-37/tmpfiles.d/legacy.conf
===================================================================
--- systemd-37.orig/tmpfiles.d/legacy.conf
+++ systemd-37/tmpfiles.d/legacy.conf
@@ -17,6 +17,8 @@
# On modern systems a BSD file lock is a better choice if
# serialization is needed on those devices.
-d /run/lock 0755 root root -
-d /run/lock/subsys 0755 root root -
-d /run/lock/lockdev 0775 root lock -
+# changed for openSUSE : only /run/lock should be available
+
+d /run/lock 0775 root lock -
+#d /run/lock/subsys 0755 root root -
+#d /run/lock/lockdev 0775 root lock -

586
log_on_close.patch Normal file
View File

@ -0,0 +1,586 @@
From 4d8a7798e7f12c6400495cbc4d0ad57ed20ce90a Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Wed, 16 Nov 2011 23:45:01 +0100
Subject: [PATCH 1/3] execute: avoid logging to closed fds
Several functions called from the "sd(EXEC)" process try to log messages
when all the file descriptors are already closed, including the logging
ones. The logging functions do not expect their fds to be closed and
they hit an assertion failure. The failure wants to be logged too,
so there is an infinite recursion, ended by a SIGSEGV.
When we close all fds, we must let log.c know about it.
---
src/execute.c | 1 +
src/log.c | 4 ++++
src/log.h | 1 +
3 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/execute.c b/src/execute.c
index 250d53a..0651014 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1016,6 +1016,7 @@ int exec_spawn(ExecCommand *command,
/* Close sockets very early to make sure we don't
* block init reexecution because it cannot bind its
* sockets */
+ log_forget_fds();
if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
socket_fd >= 0 ? 1 : n_fds) < 0) {
r = EXIT_FDS;
diff --git a/src/log.c b/src/log.c
index b8ce122..5c5b734 100644
--- a/src/log.c
+++ b/src/log.c
@@ -237,6 +237,10 @@ void log_close(void) {
log_close_syslog();
}
+void log_forget_fds(void) {
+ console_fd = kmsg_fd = syslog_fd = -1;
+}
+
void log_set_max_level(int level) {
assert((level & LOG_PRIMASK) == level);
diff --git a/src/log.h b/src/log.h
index c402afb..9942e3e 100644
--- a/src/log.h
+++ b/src/log.h
@@ -57,6 +57,7 @@ int log_get_max_level(void);
int log_open(void);
void log_close(void);
+void log_forget_fds(void);
void log_close_syslog(void);
void log_close_kmsg(void);
--
1.7.7
From 9ba353983adc026b75a503c1381f6e5c8062f3e0 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Thu, 17 Nov 2011 00:16:22 +0100
Subject: [PATCH 2/3] execute: make setup_pam() return -errno when possible
The only caller currently checks if the result is non-zero,
so nothing changes there.
---
src/execute.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/execute.c b/src/execute.c
index 0651014..2039861 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -716,6 +716,7 @@ static int setup_pam(
pam_handle_t *handle = NULL;
sigset_t ss, old_ss;
int pam_code = PAM_SUCCESS;
+ int err;
char **e = NULL;
bool close_session = false;
pid_t pam_pid = 0, parent_pid;
@@ -835,6 +836,11 @@ static int setup_pam(
return 0;
fail:
+ if (pam_code != PAM_SUCCESS)
+ err = -EPERM; /* PAM errors do not map to errno */
+ else
+ err = -errno;
+
if (handle) {
if (close_session)
pam_code = pam_close_session(handle, PAM_DATA_SILENT);
@@ -851,7 +857,7 @@ fail:
kill(pam_pid, SIGCONT);
}
- return EXIT_PAM;
+ return err;
}
#endif
--
1.7.7
From 4c2630ebf23b6348174f0bdf1110e90efe45259c Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Thu, 17 Nov 2011 00:21:16 +0100
Subject: [PATCH 3/3] execute: log errors from "sd(EXEC)"
To give the administrator more hints about failures occuring in spawning
of commands than just the exit code, log the strerror.
All fds are closed, so reopen the log.
Related-to: https://bugzilla.redhat.com/show_bug.cgi?id=752901
---
src/execute.c | 138 +++++++++++++++++++++++++++++++++++++++--------------
src/exit-status.c | 3 +
src/exit-status.h | 3 +-
3 files changed, 107 insertions(+), 37 deletions(-)
diff --git a/src/execute.c b/src/execute.c
index 2039861..481725d 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -989,7 +989,7 @@ int exec_spawn(ExecCommand *command,
}
if (pid == 0) {
- int i;
+ int i, err;
sigset_t ss;
const char *username = NULL, *home = NULL;
uid_t uid = (uid_t) -1;
@@ -1015,6 +1015,7 @@ int exec_spawn(ExecCommand *command,
if (sigemptyset(&ss) < 0 ||
sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
+ err = -errno;
r = EXIT_SIGNAL_MASK;
goto fail_child;
}
@@ -1023,14 +1024,16 @@ int exec_spawn(ExecCommand *command,
* block init reexecution because it cannot bind its
* sockets */
log_forget_fds();
- if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
- socket_fd >= 0 ? 1 : n_fds) < 0) {
+ err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
+ socket_fd >= 0 ? 1 : n_fds);
+ if (err < 0) {
r = EXIT_FDS;
goto fail_child;
}
if (!context->same_pgrp)
if (setsid() < 0) {
+ err = -errno;
r = EXIT_SETSID;
goto fail_child;
}
@@ -1038,12 +1041,14 @@ int exec_spawn(ExecCommand *command,
if (context->tcpwrap_name) {
if (socket_fd >= 0)
if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
+ err = -EACCES;
r = EXIT_TCPWRAP;
goto fail_child;
}
for (i = 0; i < (int) n_fds; i++) {
if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
+ err = -EACCES;
r = EXIT_TCPWRAP;
goto fail_child;
}
@@ -1059,11 +1064,14 @@ int exec_spawn(ExecCommand *command,
/* Set up terminal for the question */
if ((r = setup_confirm_stdio(context,
- &saved_stdin, &saved_stdout)))
+ &saved_stdin, &saved_stdout))) {
+ err = -errno;
goto fail_child;
+ }
/* Now ask the question. */
if (!(line = exec_command_line(argv))) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1072,18 +1080,21 @@ int exec_spawn(ExecCommand *command,
free(line);
if (r < 0 || response == 'n') {
+ err = -ECANCELED;
r = EXIT_CONFIRM;
goto fail_child;
} else if (response == 's') {
- r = 0;
+ err = r = 0;
goto fail_child;
}
/* Release terminal for the question */
if ((r = restore_confirm_stdio(context,
&saved_stdin, &saved_stdout,
- &keep_stdin, &keep_stdout)))
+ &keep_stdin, &keep_stdout))) {
+ err = -errno;
goto fail_child;
+ }
}
/* If a socket is connected to STDIN/STDOUT/STDERR, we
@@ -1091,28 +1102,35 @@ int exec_spawn(ExecCommand *command,
if (socket_fd >= 0)
fd_nonblock(socket_fd, false);
- if (!keep_stdin)
- if (setup_input(context, socket_fd, apply_tty_stdin) < 0) {
+ if (!keep_stdin) {
+ err = setup_input(context, socket_fd, apply_tty_stdin);
+ if (err < 0) {
r = EXIT_STDIN;
goto fail_child;
}
+ }
- if (!keep_stdout)
- if (setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
+ if (!keep_stdout) {
+ err = setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
+ if (err < 0) {
r = EXIT_STDOUT;
goto fail_child;
}
+ }
- if (setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
+ err = setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
+ if (err < 0) {
r = EXIT_STDERR;
goto fail_child;
}
- if (cgroup_bondings)
- if (cgroup_bonding_install_list(cgroup_bondings, 0) < 0) {
+ if (cgroup_bondings) {
+ err = cgroup_bonding_install_list(cgroup_bondings, 0);
+ if (err < 0) {
r = EXIT_CGROUP;
goto fail_child;
}
+ }
if (context->oom_score_adjust_set) {
char t[16];
@@ -1133,6 +1151,7 @@ int exec_spawn(ExecCommand *command,
if (write_one_line_file("/proc/self/oom_adj", t) < 0
&& errno != EACCES) {
+ err = -errno;
r = EXIT_OOM_ADJUST;
goto fail_child;
}
@@ -1141,6 +1160,7 @@ int exec_spawn(ExecCommand *command,
if (context->nice_set)
if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
+ err = -errno;
r = EXIT_NICE;
goto fail_child;
}
@@ -1153,6 +1173,7 @@ int exec_spawn(ExecCommand *command,
if (sched_setscheduler(0, context->cpu_sched_policy |
(context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), &param) < 0) {
+ err = -errno;
r = EXIT_SETSCHEDULER;
goto fail_child;
}
@@ -1160,18 +1181,21 @@ int exec_spawn(ExecCommand *command,
if (context->cpuset)
if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
+ err = -errno;
r = EXIT_CPUAFFINITY;
goto fail_child;
}
if (context->ioprio_set)
if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
+ err = -errno;
r = EXIT_IOPRIO;
goto fail_child;
}
if (context->timer_slack_nsec_set)
if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
+ err = -errno;
r = EXIT_TIMERSLACK;
goto fail_child;
}
@@ -1181,36 +1205,45 @@ int exec_spawn(ExecCommand *command,
if (context->user) {
username = context->user;
- if (get_user_creds(&username, &uid, &gid, &home) < 0) {
+ err = get_user_creds(&username, &uid, &gid, &home);
+ if (err < 0) {
r = EXIT_USER;
goto fail_child;
}
- if (is_terminal_input(context->std_input))
- if (chown_terminal(STDIN_FILENO, uid) < 0) {
+ if (is_terminal_input(context->std_input)) {
+ err = chown_terminal(STDIN_FILENO, uid);
+ if (err < 0) {
r = EXIT_STDIN;
goto fail_child;
}
+ }
- if (cgroup_bondings && context->control_group_modify)
- if (cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid) < 0 ||
- cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid) < 0) {
+ if (cgroup_bondings && context->control_group_modify) {
+ err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid);
+ if (err >= 0)
+ err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid);
+ if (err < 0) {
r = EXIT_CGROUP;
goto fail_child;
}
+ }
}
- if (apply_permissions)
- if (enforce_groups(context, username, gid) < 0) {
+ if (apply_permissions) {
+ err = enforce_groups(context, username, gid);
+ if (err < 0) {
r = EXIT_GROUP;
goto fail_child;
}
+ }
umask(context->umask);
#ifdef HAVE_PAM
if (context->pam_name && username) {
- if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) != 0) {
+ err = setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds);
+ if (err < 0) {
r = EXIT_PAM;
goto fail_child;
}
@@ -1218,6 +1251,7 @@ int exec_spawn(ExecCommand *command,
#endif
if (context->private_network) {
if (unshare(CLONE_NEWNET) < 0) {
+ err = -errno;
r = EXIT_NETWORK;
goto fail_child;
}
@@ -1229,23 +1263,28 @@ int exec_spawn(ExecCommand *command,
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||
context->mount_flags != MS_SHARED ||
- context->private_tmp)
- if ((r = setup_namespace(
- context->read_write_dirs,
- context->read_only_dirs,
- context->inaccessible_dirs,
- context->private_tmp,
- context->mount_flags)) < 0)
+ context->private_tmp) {
+ err = setup_namespace(context->read_write_dirs,
+ context->read_only_dirs,
+ context->inaccessible_dirs,
+ context->private_tmp,
+ context->mount_flags);
+ if (err < 0) {
+ r = EXIT_NAMESPACE;
goto fail_child;
+ }
+ }
if (apply_chroot) {
if (context->root_directory)
if (chroot(context->root_directory) < 0) {
+ err = -errno;
r = EXIT_CHROOT;
goto fail_child;
}
if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
+ err = -errno;
r = EXIT_CHDIR;
goto fail_child;
}
@@ -1256,11 +1295,13 @@ int exec_spawn(ExecCommand *command,
if (asprintf(&d, "%s/%s",
context->root_directory ? context->root_directory : "",
context->working_directory ? context->working_directory : "") < 0) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
if (chdir(d) < 0) {
+ err = -errno;
free(d);
r = EXIT_CHDIR;
goto fail_child;
@@ -1271,9 +1312,12 @@ int exec_spawn(ExecCommand *command,
/* We repeat the fd closing here, to make sure that
* nothing is leaked from the PAM modules */
- if (close_all_fds(fds, n_fds) < 0 ||
- shift_fds(fds, n_fds) < 0 ||
- flags_fds(fds, n_fds, context->non_blocking) < 0) {
+ err = close_all_fds(fds, n_fds);
+ if (err >= 0)
+ err = shift_fds(fds, n_fds);
+ if (err >= 0)
+ err = flags_fds(fds, n_fds, context->non_blocking);
+ if (err < 0) {
r = EXIT_FDS;
goto fail_child;
}
@@ -1285,22 +1329,27 @@ int exec_spawn(ExecCommand *command,
continue;
if (setrlimit(i, context->rlimit[i]) < 0) {
+ err = -errno;
r = EXIT_LIMITS;
goto fail_child;
}
}
- if (context->capability_bounding_set_drop)
- if (do_capability_bounding_set_drop(context->capability_bounding_set_drop) < 0) {
+ if (context->capability_bounding_set_drop) {
+ err = do_capability_bounding_set_drop(context->capability_bounding_set_drop);
+ if (err < 0) {
r = EXIT_CAPABILITIES;
goto fail_child;
}
+ }
- if (context->user)
- if (enforce_user(context, uid) < 0) {
+ if (context->user) {
+ err = enforce_user(context, uid);
+ if (err < 0) {
r = EXIT_USER;
goto fail_child;
}
+ }
/* PR_GET_SECUREBITS is not privileged, while
* PR_SET_SECUREBITS is. So to suppress
@@ -1308,18 +1357,21 @@ int exec_spawn(ExecCommand *command,
* PR_SET_SECUREBITS unless necessary. */
if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
+ err = -errno;
r = EXIT_SECUREBITS;
goto fail_child;
}
if (context->capabilities)
if (cap_set_proc(context->capabilities) < 0) {
+ err = -errno;
r = EXIT_CAPABILITIES;
goto fail_child;
}
}
if (!(our_env = new0(char*, 7))) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1327,12 +1379,14 @@ int exec_spawn(ExecCommand *command,
if (n_fds > 0)
if (asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
if (home)
if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1340,6 +1394,7 @@ int exec_spawn(ExecCommand *command,
if (username)
if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
asprintf(our_env + n_env++, "USER=%s", username) < 0) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1348,6 +1403,7 @@ int exec_spawn(ExecCommand *command,
context->std_output == EXEC_OUTPUT_TTY ||
context->std_error == EXEC_OUTPUT_TTY)
if (!(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1362,11 +1418,13 @@ int exec_spawn(ExecCommand *command,
files_env,
pam_env,
NULL))) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
if (!(final_argv = replace_env_argv(argv, final_env))) {
+ err = -ENOMEM;
r = EXIT_MEMORY;
goto fail_child;
}
@@ -1374,9 +1432,17 @@ int exec_spawn(ExecCommand *command,
final_env = strv_env_clean(final_env);
execve(command->path, final_argv, final_env);
+ err = -errno;
r = EXIT_EXEC;
fail_child:
+ if (r != 0) {
+ log_open();
+ log_warning("Failed at step %s spawning %s: %s",
+ exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
+ command->path, strerror(-err));
+ }
+
strv_free(our_env);
strv_free(final_env);
strv_free(pam_env);
diff --git a/src/exit-status.c b/src/exit-status.c
index 8ed1a0e..ab8907d 100644
--- a/src/exit-status.c
+++ b/src/exit-status.c
@@ -119,6 +119,9 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
case EXIT_NETWORK:
return "NETWORK";
+
+ case EXIT_NAMESPACE:
+ return "NAMESPACE";
}
}
diff --git a/src/exit-status.h b/src/exit-status.h
index 3e977b1..44ef879 100644
--- a/src/exit-status.h
+++ b/src/exit-status.h
@@ -65,7 +65,8 @@ typedef enum ExitStatus {
EXIT_STDERR,
EXIT_TCPWRAP,
EXIT_PAM,
- EXIT_NETWORK
+ EXIT_NETWORK,
+ EXIT_NAMESPACE
} ExitStatus;
--
1.7.7

View File

@ -7,10 +7,10 @@ Subject: [PATCH] module-load: handle SUSE /etc/sysconfig/kernel module list
src/modules-load.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/src/modules-load.c b/src/modules-load.c
index 8dd98f7..73ef5f5 100644
--- a/src/modules-load.c
+++ b/src/modules-load.c
Index: systemd-37/src/modules-load.c
===================================================================
--- systemd-37.orig/src/modules-load.c
+++ systemd-37/src/modules-load.c
@@ -36,6 +36,9 @@ int main(int argc, char *argv[]) {
char **arguments = NULL;
unsigned n_arguments = 0, n_allocated = 0;
@ -74,6 +74,15 @@ index 8dd98f7..73ef5f5 100644
return r;
}
--
1.7.3.4
Index: systemd-37/units/systemd-modules-load.service.in
===================================================================
--- systemd-37.orig/units/systemd-modules-load.service.in
+++ systemd-37/units/systemd-modules-load.service.in
@@ -11,6 +11,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
Before=sysinit.target shutdown.target
+ConditionPathExists=|/etc/sysconfig/kernel
ConditionDirectoryNotEmpty=|/lib/modules-load.d
ConditionDirectoryNotEmpty=|/usr/lib/modules-load.d
ConditionDirectoryNotEmpty=|/usr/local/lib/modules-load.d

54
mount-swap-log.patch Normal file
View File

@ -0,0 +1,54 @@
From f6cebb3bd5a00d79c8131637c0f6796a75e6af99 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Sat, 19 Nov 2011 02:47:09 +0100
Subject: [PATCH] let mount and swap units log to the configured defaults
Related-to: https://bugzilla.redhat.com/show_bug.cgi?id=750032
---
src/mount.c | 6 ++++--
src/swap.c | 5 +++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/mount.c b/src/mount.c
index f9cfe91..47422cc 100644
--- a/src/mount.c
+++ b/src/mount.c
@@ -68,8 +68,10 @@ static void mount_init(Unit *u) {
/* The stdio/kmsg bridge socket is on /, in order to avoid a
* dep loop, don't use kmsg logging for -.mount */
- if (!unit_has_name(u, "-.mount"))
- m->exec_context.std_output = EXEC_OUTPUT_KMSG;
+ if (!unit_has_name(u, "-.mount")) {
+ m->exec_context.std_output = u->meta.manager->default_std_output;
+ m->exec_context.std_error = u->meta.manager->default_std_error;
+ }
/* We need to make sure that /bin/mount is always called in
* the same process group as us, so that the autofs kernel
diff --git a/src/swap.c b/src/swap.c
index 54a8640..4fa30a3 100644
--- a/src/swap.c
+++ b/src/swap.c
@@ -74,7 +74,7 @@ static void swap_unset_proc_swaps(Swap *s) {
s->parameters_proc_swaps.what = NULL;
}
- static void swap_init(Unit *u) {
+static void swap_init(Unit *u) {
Swap *s = SWAP(u);
assert(s);
@@ -83,7 +83,8 @@ static void swap_unset_proc_swaps(Swap *s) {
s->timeout_usec = DEFAULT_TIMEOUT_USEC;
exec_context_init(&s->exec_context);
- s->exec_context.std_output = EXEC_OUTPUT_KMSG;
+ s->exec_context.std_output = u->meta.manager->default_std_output;
+ s->exec_context.std_error = u->meta.manager->default_std_error;
s->parameters_etc_fstab.priority = s->parameters_proc_swaps.priority = s->parameters_fragment.priority = -1;
--
1.7.7

65
new-lsb-headers.patch Normal file
View File

@ -0,0 +1,65 @@
Index: systemd-37/src/service.c
===================================================================
--- systemd-37.orig/src/service.c
+++ systemd-37/src/service.c
@@ -116,6 +116,7 @@ static void service_init(Unit *u) {
#ifdef HAVE_SYSV_COMPAT
s->sysv_start_priority = -1;
s->sysv_start_priority_from_rcnd = -1;
+ s->sysv_remain_after_exit_heuristic = true;
#endif
s->socket_fd = -1;
s->guess_main_pid = true;
@@ -805,6 +806,31 @@ static int service_load_sysv_path(Servic
} else
state = LSB;
+ } else if (startswith_no_case(t, "PIDFile:")) {
+ char *fn;
+
+ state = LSB;
+
+ fn = strstrip(t+8);
+ if (!path_is_absolute(fn)) {
+ log_warning("[%s:%u] PID file not absolute. Ignoring.", path, line);
+ continue;
+ }
+
+ if (!(fn = strdup(fn))) {
+ r = -ENOMEM;
+ goto finish;
+ }
+
+ free(s->pid_file);
+ s->pid_file = fn;
+ s->sysv_remain_after_exit_heuristic = false;
+ } else if (startswith_no_case(t, "X-Systemd-RemainAfterExit:")) {
+ char *j;
+
+ state = LSB;
+ if ((j = strstrip(t+26)) && *j)
+ s->sysv_remain_after_exit_heuristic = !parse_boolean(j);
}
}
}
@@ -2017,7 +2043,7 @@ static void service_enter_running(Servic
if ((main_pid_ok > 0 || (main_pid_ok < 0 && cgroup_ok != 0)) &&
(s->bus_name_good || s->type != SERVICE_DBUS)) {
#ifdef HAVE_SYSV_COMPAT
- if (s->sysv_enabled && !s->pid_file)
+ if (s->sysv_enabled && !s->pid_file && s->sysv_remain_after_exit_heuristic)
s->remain_after_exit = false;
#endif
service_set_state(s, SERVICE_RUNNING);
Index: systemd-37/src/service.h
===================================================================
--- systemd-37.orig/src/service.h
+++ systemd-37/src/service.h
@@ -139,6 +139,7 @@ struct Service {
#ifdef HAVE_SYSV_COMPAT
bool sysv_has_lsb:1;
bool sysv_enabled:1;
+ bool sysv_remain_after_exit_heuristic:1;
int sysv_start_priority_from_rcnd;
int sysv_start_priority;

View File

@ -1,12 +0,0 @@
Index: systemd-37/src/namespace.c
===================================================================
--- systemd-37.orig/src/namespace.c
+++ systemd-37/src/namespace.c
@@ -157,7 +157,6 @@ static int apply_mount(Path *p, const ch
}
if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) {
- log_debug("Successfully mounted %s to %s", what, where);
/* The bind mount will always inherit the original
* flags. If we want to set any flag we need

View File

@ -0,0 +1,132 @@
From b9841589cf16950af7d123ecd128b84464d15a1d Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Mon, 7 Nov 2011 18:04:20 +0100
Subject: [PATCH] force lvm restart after cryptsetup target is reached
---
src/cryptsetup-generator.c | 80 ++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 80 insertions(+), 0 deletions(-)
diff --git a/src/cryptsetup-generator.c b/src/cryptsetup-generator.c
index a48b7a4..14fcce8 100644
--- a/src/cryptsetup-generator.c
+++ b/src/cryptsetup-generator.c
@@ -22,12 +22,14 @@
#include <string.h>
#include <errno.h>
#include <unistd.h>
+#include <stdlib.h>
#include "log.h"
#include "util.h"
#include "unit-name.h"
const char *arg_dest = "/tmp";
+bool random_seed = false;
static bool has_option(const char *haystack, const char *needle) {
const char *f = haystack;
@@ -58,6 +60,78 @@ static bool has_option(const char *haystack, const char *needle) {
return false;
}
+static int create_storage_after_cryptsetup (void) {
+ int r;
+ char *to = NULL, *p = NULL;
+ FILE *f = NULL;
+
+ if (asprintf(&p, "%s/storage-after-cryptsetup.service", arg_dest) < 0) {
+ r = -ENOMEM;
+ log_error("Failed to allocate unit file name.");
+ goto fail;
+ }
+
+ if (!(f = fopen(p, "wxe"))) {
+ r = -errno;
+ log_error("Failed to create unit file: %m");
+ goto fail;
+ }
+
+ fprintf(f,
+ "[Unit]\n"
+ "Description=Restart storage after cryptsetup\n"
+ "DefaultDependencies=no\n"
+ "After=cryptsetup.target\n"
+ "Wants=cryptsetup.target\n"
+ "Before=shutdown.target\n");
+ if (!random_seed) {
+ fprintf(f, "After=local-fs.target\n");
+ }
+
+ fprintf(f,
+ "\n[Service]\n"
+ "RemainAfterExit=true\n"
+ "Type=oneshot\n"
+ "TimeoutSec=0\n"
+ "ExecStart=/bin/systemctl restart lvm.service\n");
+
+ fflush(f);
+
+ if (ferror(f)) {
+ r = -errno;
+ log_error("Failed to write file: %m");
+ goto fail;
+ }
+
+ if (asprintf(&to, "%s/local-fs.target.wants/storage-after-cryptsetup.service", arg_dest) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ mkdir_parents(to, 0755);
+
+ if (symlink("../storage-after-cryptsetup.service", to) < 0) {
+ log_error("Failed to create symlink ../storage-after-cryptsetup.service to '%s': %m", to);
+ r = -errno;
+ goto fail;
+ }
+
+ free(to);
+ to = NULL;
+
+ r = 0;
+ system ("TMPDIR=/run /usr/bin/sed -e 's/\\(After=.*\\) local-fs.target\\(.*\\)/\\1\\2/g' /lib/systemd/system/systemd-random-seed-load.service > /etc/systemd/system/systemd-random-seed-load.service ");
+fail:
+
+ free(p);
+ free(to);
+
+ if (f)
+ fclose(f);
+
+ return r;
+}
+
static int create_disk(
const char *name,
const char *device,
@@ -122,8 +196,11 @@ static int create_disk(
if (password && (streq(password, "/dev/urandom") ||
streq(password, "/dev/random") ||
streq(password, "/dev/hw_random")))
+ {
fprintf(f,
"After=systemd-random-seed-load.service\n");
+ random_seed = true;
+ }
else
fprintf(f,
"Before=local-fs.target\n");
@@ -293,6 +370,9 @@ int main(int argc, char *argv[]) {
free(options);
}
+ if (create_storage_after_cryptsetup () < 0)
+ r = EXIT_FAILURE;
+
finish:
return r;
}
--
1.7.7

View File

@ -1,12 +0,0 @@
[Unit]
Description=Restart storage after crypsetup
DefaultDependencies=no
Before=local-fs.target shutdown.target
After=cryptsetup.target
Wants=cryptsetup.target
[Service]
RemainAfterExit=true
Type=oneshot
TimeoutSec=0
ExecStart=/bin/systemctl restart lvm.service

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Wed Dec 7 15:15:07 UTC 2011 - fcrozat@suse.com
- Remove storage-after-cryptsetup.service, add
storage-after-cryptsetup.patch instead to prevent dependency
cycle (bnc#722539).
- Add delay-fsck-cryptsetup-after-md-lvm-dmraid.patch: ensure
fsck/cryptsetup is run after lvm/md/dmraid have landed
(bnc#724912).
- Add cron-tty-pam.patch: Fix cron filling logs (bnc#731358).
- Add do_not_warn_pidfile.patch: Fix PID warning in logs
(bnc#732912).
- Add mount-swap-log.patch: Ensure swap and mount output is
redirected to default log target (rhb#750032).
- Add color-on-boot.patch: ensure colored status are displayed at
boot time.
- Update modules_on_boot.patch to fix bnc#732041.
- Replace private_tmp_crash.patch with log_on_close.patch, better
upstream fix for bnc#699829 and fix bnc#731719.
- Update vconsole patch to fix memleaks and crash (bnc#734527).
- Add handle-racy-daemon.patch: fix warnings with sendmail
(bnc#732912).
- Add new-lsb-headers.patch: support PIDFile: and
X-Systemd-RemainAfterExit: header in initscript (bnc#727771).
- Update bootsplash services to not start if vga= is missing from
cmdline (bnc#727771)
- Add lock-opensuse.patch: disable /var/lock/{subsys,lockdev} and
change default permissions on /var/lock (bnc#733523).
- Add garbage_collect_units: ensure error units are correctly
garbage collected (rhb#680122).
- Add crypt-loop-file.patch: add support for crypt file loop
(bnc#730496).
-------------------------------------------------------------------
Sat Nov 19 15:40:38 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Fri Nov 4 14:44:18 UTC 2011 - fcrozat@suse.com

View File

@ -31,6 +31,7 @@ BuildRequires: audit-devel
BuildRequires: gperf
BuildRequires: libcap-devel
BuildRequires: libacl-devel
BuildRequires: libtool
BuildRequires: tcpd-devel
BuildRequires: pam-devel
BuildRequires: libcryptsetup-devel

View File

@ -1,3 +1,36 @@
-------------------------------------------------------------------
Wed Dec 7 15:15:07 UTC 2011 - fcrozat@suse.com
- Remove storage-after-cryptsetup.service, add
storage-after-cryptsetup.patch instead to prevent dependency
cycle (bnc#722539).
- Add delay-fsck-cryptsetup-after-md-lvm-dmraid.patch: ensure
fsck/cryptsetup is run after lvm/md/dmraid have landed
(bnc#724912).
- Add cron-tty-pam.patch: Fix cron filling logs (bnc#731358).
- Add do_not_warn_pidfile.patch: Fix PID warning in logs
(bnc#732912).
- Add mount-swap-log.patch: Ensure swap and mount output is
redirected to default log target (rhb#750032).
- Add color-on-boot.patch: ensure colored status are displayed at
boot time.
- Update modules_on_boot.patch to fix bnc#732041.
- Replace private_tmp_crash.patch with log_on_close.patch, better
upstream fix for bnc#699829 and fix bnc#731719.
- Update vconsole patch to fix memleaks and crash (bnc#734527).
- Add handle-racy-daemon.patch: fix warnings with sendmail
(bnc#732912).
- Add new-lsb-headers.patch: support PIDFile: and
X-Systemd-RemainAfterExit: header in initscript (bnc#727771).
- Update bootsplash services to not start if vga= is missing from
cmdline (bnc#727771)
- Add lock-opensuse.patch: disable /var/lock/{subsys,lockdev} and
change default permissions on /var/lock (bnc#733523).
- Add garbage_collect_units: ensure error units are correctly
garbage collected (rhb#680122).
- Add crypt-loop-file.patch: add support for crypt file loop
(bnc#730496).
-------------------------------------------------------------------
Sat Nov 19 15:40:38 UTC 2011 - coolo@suse.com

View File

@ -62,7 +62,6 @@ Source7: systemd-bootsplash
Source8: bootsplash-startup.service
Source9: bootsplash-quit.service
Source10: bootsplash-shutdown.service
Source11: storage-after-cryptsetup.service
Patch1: 0001-Add-bootsplash-handling-for-password-dialogs.patch
# handle SUSE specific kbd settings
Patch6: 0001-handle-disable_caplock-and-compose_table-and-kbd_rat.patch
@ -72,9 +71,13 @@ Patch10: 0001-service-Fix-dependencies-added-when-parsing-insserv..patch
Patch13: 0001-service-flags-sysv-service-with-detected-pid-as-Rema.patch
Patch15: support-sysvinit.patch
Patch16: modules_on_boot.patch
Patch17: private_tmp_crash.patch
Patch18: systemctl-completion-fix.patch
Patch19: avoid-random-seed-cycle.patch
Patch22: new-lsb-headers.patch
Patch23: storage-after-cryptsetup.patch
Patch24: delay-fsck-cryptsetup-after-md-lvm-dmraid.patch
Patch31: lock-opensuse.patch
Patch33: crypt-loop-file.patch
# Upstream First - Policy:
# Never add any patches to this package without the upstream commit id
@ -82,6 +85,13 @@ Patch19: avoid-random-seed-cycle.patch
# an exception will be silently removed with the next version update.
Patch20: crash-isolating.patch
Patch21: no-tmpfs-fsck.patch
Patch25: cron-tty-pam.patch
Patch26: do_not_warn_pidfile.patch
Patch27: mount-swap-log.patch
Patch28: color-on-boot.patch
Patch29: log_on_close.patch
Patch30: handle-racy-daemon.patch
Patch32: garbage_collect_units.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -132,11 +142,22 @@ Plymouth integration for systemd
%patch13 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%build
autoreconf -fiv
@ -168,12 +189,11 @@ install -m755 %{S:3} -D %{buildroot}%{_sbindir}/systemd-sysv-convert
# do not install, code has been fixed, might be useful in the future
#install -m755 %{S:5} %{buildroot}/lib/systemd/system-generators
install -m755 %{S:7} %{buildroot}/lib/systemd/
install -m644 %{S:8} %{S:9} %{S:10} %{S:11} %{buildroot}/lib/systemd/system/
install -m644 %{S:8} %{S:9} %{S:10} %{buildroot}/lib/systemd/system/
ln -s ../bootsplash-startup.service %{buildroot}/lib/systemd/system/basic.target.wants/
ln -s ../bootsplash-quit.service %{buildroot}/lib/systemd/system/multi-user.target.wants/
ln -s ../bootsplash-shutdown.service %{buildroot}/lib/systemd/system/shutdown.target.wants/
ln -s ../bootsplash-shutdown.service %{buildroot}/lib/systemd/system/reboot.target.wants/
ln -s ../storage-after-cryptsetup.service %{buildroot}/lib/systemd/system/local-fs.target.wants/
ln -s ../bin/systemd %{buildroot}/sbin/init
ln -s ../bin/systemctl %{buildroot}/sbin/reboot
ln -s ../bin/systemctl %{buildroot}/sbin/halt