diff --git a/0001-virt-rework-container-detection-logic.patch b/0001-virt-rework-container-detection-logic.patch new file mode 100644 index 00000000..4adc20a2 --- /dev/null +++ b/0001-virt-rework-container-detection-logic.patch @@ -0,0 +1,159 @@ +Based on fdd25311706bd32580ec4d43211cdf4665d2f9de Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 28 May 2014 18:37:11 +0800 +Subject: [PATCH] virt: rework container detection logic + +Instead of accessing /proc/1/environ directly, trying to read the +$container variable from it, let's make PID 1 save the contents of that +variable to /run/systemd/container. This allows us to detect containers +without the need for CAP_SYS_PTRACE, which allows us to drop it from a +number of daemons and from the file capabilities of systemd-detect-virt. + +Also, don't consider chroot a container technology anymore. After all, +we don't consider file system namespaces container technology anymore, +and hence chroot() should be considered a container even less. +--- + Makefile.am | 3 --- + configure.ac | 2 -- + src/core/main.c | 12 ++++++++++++ + src/shared/virt.c | 48 ++++++++++++++++++++++++++++++------------------ + 4 files changed, 42 insertions(+), 23 deletions(-) + +diff --git Makefile.am Makefile.am +index 5b26bc3..f66ef42 100644 +--- Makefile.am ++++ Makefile.am +@@ -1798,9 +1798,6 @@ systemd_detect_virt_SOURCES = \ + systemd_detect_virt_LDADD = \ + libsystemd-shared.la + +-systemd-detect-virt-install-hook: +- -$(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt +- + INSTALL_EXEC_HOOKS += \ + systemd-detect-virt-install-hook + +--- configure.ac ++++ configure.ac 2014-06-03 14:16:45.046237826 +0000 +@@ -68,8 +68,6 @@ AC_PATH_PROG([XSLTPROC], [xsltproc]) + AC_PATH_PROG([QUOTAON], [quotaon], [/usr/sbin/quotaon]) + AC_PATH_PROG([QUOTACHECK], [quotacheck], [/usr/sbin/quotacheck]) + +-AC_PATH_PROG([SETCAP], [setcap], [/usr/sbin/setcap]) +- + AC_PATH_PROG([KILL], [kill], [/usr/bin/kill]) + + AC_PATH_PROG([KMOD], [kmod], [/usr/bin/kmod]) +diff --git src/core/main.c src/core/main.c +index 77cc2fb..d5d1ee2 100644 +--- src/core/main.c ++++ src/core/main.c +@@ -1261,6 +1261,16 @@ static int status_welcome(void) { + isempty(pretty_name) ? "Linux" : pretty_name); + } + ++static int write_container_id(void) { ++ const char *c; ++ ++ c = getenv("container"); ++ if (isempty(c)) ++ return 0; ++ ++ return write_string_file("/run/systemd/container", c); ++} ++ + int main(int argc, char *argv[]) { + Manager *m = NULL; + int r, retval = EXIT_FAILURE; +@@ -1544,6 +1554,8 @@ int main(int argc, char *argv[]) { + if (virtualization) + log_info("Detected virtualization '%s'.", virtualization); + ++ write_container_id(); ++ + log_info("Detected architecture '%s'.", architecture_to_string(uname_architecture())); + + if (in_initrd()) +diff --git src/shared/virt.c src/shared/virt.c +index 0db0514..1e227c5 100644 +--- src/shared/virt.c ++++ src/shared/virt.c +@@ -217,8 +217,8 @@ int detect_container(const char **id) { + static thread_local int cached_found = -1; + static thread_local const char *cached_id = NULL; + +- _cleanup_free_ char *e = NULL; +- const char *_id = NULL; ++ _cleanup_free_ char *m = NULL; ++ const char *_id = NULL, *e = NULL; + int r; + + if (_likely_(cached_found >= 0)) { +@@ -229,17 +229,6 @@ int detect_container(const char **id) { + return cached_found; + } + +- /* Unfortunately many of these operations require root access +- * in one way or another */ +- +- r = running_in_chroot(); +- if (r < 0) +- return r; +- if (r > 0) { +- _id = "chroot"; +- goto finish; +- } +- + /* /proc/vz exists in container and outside of the container, + * /proc/bc only outside of the container. */ + if (access("/proc/vz", F_OK) >= 0 && +@@ -249,11 +238,32 @@ int detect_container(const char **id) { + goto finish; + } + +- r = getenv_for_pid(1, "container", &e); +- if (r < 0) +- return r; +- if (r == 0) +- goto finish; ++ if (getpid() == 1) { ++ /* If we are PID 1 we can just check our own ++ * environment variable */ ++ ++ e = getenv("container"); ++ if (isempty(e)) { ++ r = 0; ++ goto finish; ++ } ++ } else { ++ ++ /* Otherwise, PID 1 dropped this information into a ++ * file in /run. This is better than accessing ++ * /proc/1/environ, since we don't need CAP_SYS_PTRACE ++ * for that. */ ++ ++ r = read_one_line_file("/run/systemd/container", &m); ++ if (r == -ENOENT) { ++ r = 0; ++ goto finish; ++ } ++ if (r < 0) ++ return r; ++ ++ e = m; ++ } + + /* We only recognize a selected few here, since we want to + * enforce a redacted namespace */ +@@ -266,6 +276,8 @@ int detect_container(const char **id) { + else + _id = "other"; + ++ r = 1; ++ + finish: + cached_found = r; + +-- +1.7.9.2 + diff --git a/0002-fsck-include-device-name-in-the-message-about-missin.patch b/0002-fsck-include-device-name-in-the-message-about-missin.patch new file mode 100644 index 00000000..7ec3506f --- /dev/null +++ b/0002-fsck-include-device-name-in-the-message-about-missin.patch @@ -0,0 +1,26 @@ +Based on 8d2a6145334257c8a9ceabc9dd52dff06cca818e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 26 May 2014 23:03:11 -0400 +Subject: [PATCH] fsck: include device name in the message about missing fsck + +--- + src/fsck/fsck.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- src/fsck/fsck.c ++++ src/fsck/fsck.c 2014-06-03 14:15:15.746235301 +0000 +@@ -284,10 +284,12 @@ int main(int argc, char *argv[]) { + r = access(checker, X_OK); + if (r < 0) { + if (errno == ENOENT) { +- log_info("%s doesn't exist, not checking file system.", checker); ++ log_info("%s doesn't exist, not checking file system on %s", ++ checker, device); + return EXIT_SUCCESS; + } else +- log_warning("%s cannot be used: %m", checker); ++ log_warning("%s cannot be used for %s: %m", ++ checker, device); + } + } + diff --git a/0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch b/0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch new file mode 100644 index 00000000..15c8d7f5 --- /dev/null +++ b/0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch @@ -0,0 +1,26 @@ +From d8e40d62ab871a87fde421c4b246bb45bc3cbe2d Mon Sep 17 00:00:00 2001 +From: Jonathan Liu +Date: Thu, 29 May 2014 01:17:25 +1000 +Subject: [PATCH] units: use KillMode=mixed for systemd-nspawn@.service + +This causes the container to shut down cleanly when the service is +stopped. +--- + units/systemd-nspawn@.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git units/systemd-nspawn@.service.in units/systemd-nspawn@.service.in +index ff36e90..e373628 100644 +--- units/systemd-nspawn@.service.in ++++ units/systemd-nspawn@.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1) + + [Service] + ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i ++KillMode=mixed + Type=notify + + [Install] +-- +1.7.9.2 + diff --git a/0004-util-ignore_file-should-not-allow-files-ending-with.patch b/0004-util-ignore_file-should-not-allow-files-ending-with.patch new file mode 100644 index 00000000..a30b4c4f --- /dev/null +++ b/0004-util-ignore_file-should-not-allow-files-ending-with.patch @@ -0,0 +1,28 @@ +From 93f1a06374e335e8508d89e1bdaadf45be6ab777 Mon Sep 17 00:00:00 2001 +From: Thomas Hindoe Paaboel Andersen +Date: Sat, 31 May 2014 21:36:23 +0200 +Subject: [PATCH] util: ignore_file should not allow files ending with '~' + +ignore_file currently allows any file ending with '~' while it +seems that the opposite was intended: +a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08 +--- + src/shared/util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/shared/util.c src/shared/util.c +index 0c27394..17b0ae1 100644 +--- src/shared/util.c ++++ src/shared/util.c +@@ -1371,7 +1371,7 @@ bool ignore_file(const char *filename) { + assert(filename); + + if (endswith(filename, "~")) +- return false; ++ return true; + + return ignore_file_allow_backup(filename); + } +-- +1.7.9.2 + diff --git a/0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch b/0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch new file mode 100644 index 00000000..aa77e4cc --- /dev/null +++ b/0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch @@ -0,0 +1,26 @@ +From 267b3e41df5a2181f2911433539f81de2fa1511a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Thu, 29 May 2014 14:17:37 -0400 +Subject: [PATCH] tty-ask-password-agent: Do tell what directory we failed to + open + +--- + .../tty-ask-password-agent.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/tty-ask-password-agent/tty-ask-password-agent.c src/tty-ask-password-agent/tty-ask-password-agent.c +index 3203474..55a2215 100644 +--- src/tty-ask-password-agent/tty-ask-password-agent.c ++++ src/tty-ask-password-agent/tty-ask-password-agent.c +@@ -501,7 +501,7 @@ static int show_passwords(void) { + if (errno == ENOENT) + return 0; + +- log_error("opendir(): %m"); ++ log_error("opendir(/run/systemd/ask-password): %m"); + return -errno; + } + +-- +1.7.9.2 + diff --git a/0007-keyboard-add-Plantronics-.Audio-mute-button.patch b/0007-keyboard-add-Plantronics-.Audio-mute-button.patch new file mode 100644 index 00000000..53c701bd --- /dev/null +++ b/0007-keyboard-add-Plantronics-.Audio-mute-button.patch @@ -0,0 +1,32 @@ +From 9e3dbf6b2b99d0e16989d9cedb458729db5a60c3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 1 Jun 2014 14:01:23 -0400 +Subject: [PATCH] keyboard: add Plantronics .Audio mute button + +https://bugs.freedesktop.org/show_bug.cgi?id=79495 +--- + hwdb/60-keyboard.hwdb | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git hwdb/60-keyboard.hwdb hwdb/60-keyboard.hwdb +index 05e6a04..d053766 100644 +--- hwdb/60-keyboard.hwdb ++++ hwdb/60-keyboard.hwdb +@@ -866,6 +866,14 @@ keyboard:dmi:bvn*:bvr*:bd*:svnOQO*Inc.*:pnOQO*Model*2*:pvr* + KEYBOARD_KEY_f3=volumeup + + ########################################################### ++# Plantronics ++########################################################### ++ ++# Plantronics .Audio 626 DSP ++keyboard:usb:v047fpC006* ++ KEYBOARD_KEY_b002f=f20 # Microphone mute button; should be micmute ++ ++########################################################### + # Quanta + ########################################################### + +-- +1.7.9.2 + diff --git a/1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch b/1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch new file mode 100644 index 00000000..75da64fa --- /dev/null +++ b/1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch @@ -0,0 +1,31 @@ +From a52ec8ed881537627869afa8f0486db7e20ce2db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Fri, 30 May 2014 13:16:56 -0400 +Subject: [PATCH] udev-builtin-keyboard: do tell on which device EVIOCSKEYCODE + failed. + +I am getting + +"Error calling EVIOCSKEYCODE (scan code 0xc022d, key code 418): Invalid +argument", the error message does not tell on which specific device the +problem is, add that info. +--- + src/udev/udev-builtin-keyboard.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/udev/udev-builtin-keyboard.c src/udev/udev-builtin-keyboard.c +index 614e44e..9b66bfd 100644 +--- src/udev/udev-builtin-keyboard.c ++++ src/udev/udev-builtin-keyboard.c +@@ -143,7 +143,7 @@ static int builtin_keyboard(struct udev_device *dev, int argc, char *argv[], boo + log_debug("keyboard: mapping scan code %d (0x%x) to key code %d (0x%x)", + map[i].scan, map[i].scan, map[i].key, map[i].key); + if (ioctl(fd, EVIOCSKEYCODE, &map[i]) < 0) +- log_error("Error calling EVIOCSKEYCODE (scan code 0x%x, key code %d): %m", map[i].scan, map[i].key); ++ log_error("Error calling EVIOCSKEYCODE on device node '%s' (scan code 0x%x, key code %d): %m", node, map[i].scan, map[i].key); + } + + /* install list of force-release codes */ +-- +1.7.9.2 + diff --git a/1024-udev-always-close-lock-file-descriptor.patch b/1024-udev-always-close-lock-file-descriptor.patch new file mode 100644 index 00000000..1ed41230 --- /dev/null +++ b/1024-udev-always-close-lock-file-descriptor.patch @@ -0,0 +1,48 @@ +From 3d06f4183470d42361303086ed9dedd29c0ffc1b Mon Sep 17 00:00:00 2001 +From: Kay Sievers +Date: Tue, 3 Jun 2014 10:46:51 +0200 +Subject: [PATCH] udev: always close lock file descriptor + +https://bugs.freedesktop.org/show_bug.cgi?id=79576 +--- + src/udev/udevd.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git src/udev/udevd.c src/udev/udevd.c +index 1c9488e..819ea3b 100644 +--- src/udev/udevd.c ++++ src/udev/udevd.c +@@ -301,6 +301,7 @@ static void worker_new(struct event *event) + if (fd_lock >= 0 && flock(fd_lock, LOCK_SH|LOCK_NB) < 0) { + log_debug("Unable to flock(%s), skipping event handling: %m", udev_device_get_devnode(d)); + err = -EWOULDBLOCK; ++ fd_lock = safe_close(fd_lock); + goto skip; + } + } +@@ -317,8 +318,7 @@ static void worker_new(struct event *event) + udev_device_update_db(dev); + } + +- if (fd_lock >= 0) +- close(fd_lock); ++ safe_close(fd_lock); + + /* send processed event back to libudev listeners */ + udev_monitor_send_device(worker_monitor, NULL, dev); +@@ -377,10 +377,8 @@ skip: + } + out: + udev_device_unref(dev); +- if (fd_signal >= 0) +- close(fd_signal); +- if (fd_ep >= 0) +- close(fd_ep); ++ safe_close(fd_signal); ++ safe_close(fd_ep); + close(fd_inotify); + close(worker_watch[WRITE_END]); + udev_rules_unref(rules); +-- +1.7.9.2 + diff --git a/systemd.changes b/systemd.changes index d61f0d1a..2d39c6ed 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Jun 3 14:23:40 UTC 2014 - werner@suse.de + +- Add upstream patches + 0001-virt-rework-container-detection-logic.patch + 0002-fsck-include-device-name-in-the-message-about-missin.patch + 0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch + 0004-util-ignore_file-should-not-allow-files-ending-with.patch + 0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch +- Add upstream patches to update keyboard data base + 0007-keyboard-add-Plantronics-.Audio-mute-button.patch +- Add upstream patches for udev + 1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch + 1024-udev-always-close-lock-file-descriptor.patch + ------------------------------------------------------------------- Fri May 30 07:35:07 UTC 2014 - rmilasan@suse.com diff --git a/systemd.spec b/systemd.spec index 17b10ce1..472ce207 100644 --- a/systemd.spec +++ b/systemd.spec @@ -33,6 +33,7 @@ Summary: A System and Session Manager License: LGPL-2.1+ Group: System/Base BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: acl BuildRequires: audit-devel %if %{with compat_libs} # See gold_archs in binutils.spec @@ -506,6 +507,18 @@ Patch259: 0004-socket-properly-handle-if-our-service-vanished-durin.patch Patch260: 0001-Do-not-unescape-unit-names-in-Install-section.patch # PATCHFIX-UPSTREAM added at 2014/05/27 Patch261: 0002-analyze-run-use-bus_open_transport_systemd-instead-o.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch262: 0001-virt-rework-container-detection-logic.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch263: 0002-fsck-include-device-name-in-the-message-about-missin.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch264: 0003-units-use-KillMode-mixed-for-systemd-nspawn-.service.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch265: 0004-util-ignore_file-should-not-allow-files-ending-with.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch266: 0006-tty-ask-password-agent-Do-tell-what-directory-we-fai.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch267: 0007-keyboard-add-Plantronics-.Audio-mute-button.patch # UDEV PATCHES # ============ @@ -557,6 +570,10 @@ Patch1020: 1020-udev-keyboard-also-hook-into-change-events.patch Patch1021: 1021-udev-re-add-persistent-net-rules.patch # PATCHFIX-UPSTREAM 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch Patch1022: 1022-udev-remove-seqnum-API-and-all-assumptions-about-seq.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch1023: 1023-udev-builtin-keyboard-do-tell-on-which-device-EVIOCS.patch +# PATCHFIX-UPSTREAM added at 2014/06/03 +Patch1024: 1024-udev-always-close-lock-file-descriptor.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -965,6 +982,12 @@ cp %{SOURCE7} m4/ %patch259 -p0 %patch260 -p0 %patch261 -p0 +%patch262 -p0 +%patch263 -p0 +%patch264 -p0 +%patch265 -p0 +%patch266 -p0 +%patch267 -p0 # udev patches %patch1001 -p1 @@ -990,6 +1013,8 @@ cp %{SOURCE7} m4/ %patch1020 -p0 %patch1021 -p1 %patch1022 -p1 +%patch1023 -p0 +%patch1024 -p0 # ensure generate files are removed rm -f units/emergency.service