diff --git a/5000-core-manager-run-generators-directly-when-we-are-in-.patch b/5000-core-manager-run-generators-directly-when-we-are-in-.patch new file mode 100644 index 00000000..20c0b682 --- /dev/null +++ b/5000-core-manager-run-generators-directly-when-we-are-in-.patch @@ -0,0 +1,34 @@ +From 9d0f728f65e6c3ad586e276c1ed3c2cd8cc944be Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH 5000/5000] core/manager: run generators directly when we are + in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 380a4e30d7..6135205761 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } +-- +2.35.3 + diff --git a/systemd.changes b/systemd.changes index 44418ba8..c87c37ca 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 9 10:38:10 UTC 2023 - Franck Bui + +- Add 5000-core-manager-run-generators-directly-when-we-are-in-.patch, a + temporary workaround until https://github.com/dracutdevs/dracut/issues/2211 is + fixed in dracut. + ------------------------------------------------------------------- Mon Mar 6 10:08:33 UTC 2023 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 8a445b56..a4b18fcc 100644 --- a/systemd.spec +++ b/systemd.spec @@ -209,9 +209,10 @@ Patch12: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Patches listed below are put in quarantine. Normally all changes must go to # upstream first and then are cherry-picked in the SUSE git repository. But for -# very few cases, some stuff might be broken in upstream and need to be fixed -# quickly. But even in these cases, the patches are temporary and should be -# removed as soon as a fix is merged by upstream. +# very few cases, some stuff might be broken in upstream and need to be fixed or +# worked around quickly. In these cases, the patches are added temporarily and +# will be removed as soon as a proper fix will be merged by upstream. +Patch5000: 5000-core-manager-run-generators-directly-when-we-are-in-.patch %description Systemd is a system and service manager, compatible with SysV and LSB