| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I happen to have a machine where /boot is not a separate mountpoint,
but rather just a directory under /. After upgrade to recent Fedora,
I found out that grub2 can't find any new kernels.
This happens because loadentry script generates kernel and initrd file
paths relative to /boot, while grub2 expects path to be relative to the
root of filesystem on which they are residing.
This commit fixes this issue by using stat's %m to find the mount point
of a partition holding the images, and using it as a prefix to be
removed from ENTRY_DIR_ABS.
Note that %m for stat requires coreutils 8.6, released in Oct 2010.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 1cdbff1c844ce46f1d84d8feeed426ebfd550988)
(cherry picked from commit 2ee1c57c4ff4fd3349cf03c2e89fbd18ca0b3a4a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
--image-path=/dev/some-block-device is not supported
The directory backend needs a file system path, and not a raw block
device. That's only supported for the LUKS2 backend.
Let's make this clearer in the man page and also generate a better error
message if attempted anyway.
Fixes: #17068
(cherry picked from commit f9d525ae558105bf7fd77ad76e4fdb135bb9f634)
(cherry picked from commit a2a8802abe1289e200213130764c81da2c4fbf4e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When exiting, let's explicitly wait for our worker processes to finish
first. That's useful if unmounting of /home/ is scheduled to happen
right after homed is down, as we then can be sure that the home
directories are properly unmounted and detached by the time homed is
fully terminated (otherwise it might happen that our worker gets killed
by the service manager, thus leaving the home directory and its backing
devices up/left for auto-clean which might be async).
Likely fixes #16842
(cherry picked from commit 9796a9fbad5bae4d66bb40d848f6245d1ee327d8)
(cherry picked from commit e1df274a76832d3b25a284a92790c5b85a1a88a7)
|
| |
|
|
|
| |
(cherry picked from commit 2fef50cd9eee59cea6145639f6bd464939fac624)
(cherry picked from commit f2763ff6cd9385e82171e17ed83a7698c7f561fd)
|
| |
|
|
|
|
|
|
| |
Let's verify that everything works the way we expect it to work, hence
check setsid() return code.
(cherry picked from commit efe426624046089b74b70708e61f304f3cd414a7)
(cherry picked from commit 6f9c8af500fd4362d656917703eab4f941e7e45a)
|
| |
|
|
|
| |
(cherry picked from commit 3afda7c7976c25db786948a961873fa5c2c8e0e9)
(cherry picked from commit 31875b3cb05a2de76054752d40a810e40c8dbe87)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Let's suppress the secondary arch data, since we never ever want to
mount it if we found the primary arch.
Previously we only suppressed in the Verity case, but there's little
reason to entertain the idea of a secondary arch in non-Verity
environments either, we are not going to use them, and should not do
decryption or anything like that.
(cherry picked from commit 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f)
(cherry picked from commit 418cf0e78c067f7249f4769f78c8c199d907935f)
|
| |
|
|
|
| |
(cherry picked from commit e29e5db7dff1442ef73cbcd0c898e11078e1042d)
(cherry picked from commit 1d17c00260a923188363fc32363ff8b6bae06230)
|
| |
|
|
|
|
|
|
|
| |
Different systems use different paths for it and users are confused when the
man page has a path different than the one on the local system.
https://bugzilla.redhat.com/show_bug.cgi?id=1876905
(cherry picked from commit c2ee27a5e7fa1c6a71341579baa2d941c6e3e6e6)
(cherry picked from commit 9353607ef3cff4902296268bab0ccc82dc8b04c2)
|
| |
|
|
|
|
|
|
|
|
| |
RC_LOCAL_SCRIPT_PATH_START and RC_LOCAL_SCRIPT_PATH_STOP were was originally
added in the conversion to meson based on the autotools name. In
44508946534eee032927c263b79464832656dd6e RC_LOCAL_SCRIPT_PATH_STOP was dropped.
We don't need to use such a long name.
(cherry picked from commit 452d2dfd52f1cc686395663a6cd4c778306bd309)
(cherry picked from commit f2b9345cd2d717fb227e4c6775134e83d09e4790)
|
| |
|
|
|
|
|
|
| |
With this change, only manager_connect() in timesync.d uses AI_ADDRCONFIG. There
we are connecting to a remove server, so the flag is appropriate.
(cherry picked from commit 7e5f1d4b3fb02075762a55063edf9e510142e4c9)
(cherry picked from commit b0fff9012a0d58624ae656b766be93655ff83f8d)
|
| |
|
|
|
|
|
|
|
|
|
| |
By settings AI_ADDRCONFIG in hints we cannot for example resolve "localhost"
when the local machine only has a loopback interface. This seems like an
unnecessary restriction, drop it.
Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1839007.
(cherry picked from commit d0e5db44d9e1cf61ca75c8a86ffed19cc1b7fe5f)
(cherry picked from commit 5e8bf33de11c36e78f66cd5648a7643a417c561c)
|
| |
|
|
|
|
|
|
| |
Otherwise a 'Before=remote-fs.target' dependency is added to the mount unit
which defeats the purpose of 'bg' option.
(cherry picked from commit e66d2eeeeb4332ca94aeb62e95ec76f1f17ee9b7)
(cherry picked from commit ad77a988f2ef7f8adb2b4d54b9fc37a48f6a52df)
|
| |
|
|
|
| |
(cherry picked from commit 150c430fd499082164b6ddbd2f501e2333261a78)
(cherry picked from commit d08f6fddc0a04a212dff9da14f77e3923414c233)
|
| |
|
|
|
|
|
|
|
| |
fd_[gs]et_rcvbuf
In case the first getsockopt() call changes the value.
(cherry picked from commit 67f5ae2d6986d0271fa6223a68fe0104957de863)
(cherry picked from commit 64d58480ac2e5da611d181beab22ee4b4299f522)
|
| |
|
|
|
|
|
| |
Coverity CID#1432701.
(cherry picked from commit 649bde89caccdb1187ac744bd76051fdcd687218)
(cherry picked from commit 0046c5833423ef0ff523b01b130b9cbfc54d58ab)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already do this for socket and automount units, do it for path units
too: if the triggered service keeps hitting the start limit, then fail
the triggering unit too, so that we don#t busy loop forever.
(Note that this leaves only timer units out in the cold for this kind of
protection, but it shouldn't matter there, as they are naturally
protected against busy loops: they are scheduled by time anyway).
Fixes: #16669
(cherry picked from commit 47ab8f73e3468b6e5a48218eacdb830e978d2cfd)
(cherry picked from commit 689d2e061bd7b04f75104067e5ff0046f357f9b8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 4c2ef3276735ad9f7fccf33f5bdcbe7d8751e7ec we enabled propagating
triggered unit state to the triggering unit for service units in more
load states, so that we don't accidentally stop tracking state
correctly.
Do the same for our other triggering unit states: automounts, paths, and
timers.
Also, make this an assertion rather than a simple test. After all it
should never happen that we get called for half-loaded units or units of
the wrong type. The load routines should already have made this
impossible.
(cherry picked from commit 0377cd2936ae5cac0c9d76a4b58889f121c097c4)
(cherry picked from commit 2f53d690ead37ee48b64ab650697f2f8be7c0ceb)
|
| |
|
|
|
|
|
|
|
| |
This points to some firmware issue, but we should still be able to
correct things if this happens. Hence log about this and fix it.
Fixes: #17041
(cherry picked from commit ad0b610b0c1c2595c32b6235e7ac5ad7fba6e0aa)
(cherry picked from commit a06cf9a5bad917b9ac6016c940c5f0f0238f266f)
|
| |
|
|
|
| |
(cherry picked from commit df8b14b59119c61f660037710bbb3899db441ef7)
(cherry picked from commit e2c0023dd2c18500ffa9a07522b9a860f358311f)
|
| |
|
|
|
|
|
|
|
| |
against each other
Should hopefully make regressions on this unlikely.
(cherry picked from commit 55f99c26c678b4bf4fb697a57d540b0266aa3f49)
(cherry picked from commit 251b96c9b5c8424c1a3bc2a91e3aaff03cdb14d8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
with shell
In shell, inside of double quotes only a select few chars should be
escaped. If other chars are escaped this has no effect. Correct the list
of chars that need such escaping.
Also, make sure we can read back the stuff we wrote out without loss.
Fixes: #16788
(cherry picked from commit de008e537dc6e3504f988fa9bd358f783016df8a)
(cherry picked from commit 4d1922d8bb42540b20ede62958d8b4d426f86b5d)
|
| |
|
|
|
| |
(cherry picked from commit 6fe3196350fdb8715aabd315f8252c307da6661c)
(cherry picked from commit 281581cd7437dac5a3f787b7ea73b0bab53bd1e6)
|
| |
|
|
|
|
|
|
| |
needs to deactivate
Fixes: #16378
(cherry picked from commit 415f8a5bfed4604e4a1bc275682d51af3ad3b611)
(cherry picked from commit 366d38d8ed9e1f8ca06c765d1e569b06dfb4de70)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
if we allocate a bunch of hash tables all at the same time, with none
earlier than the other, there's a good chance we'll initialize the
shared hash key multiple times, so that some threads will see a
different shared hash key than others.
Let's fix that, and make sure really everyone sees the same hash key.
Fixes: #17007
(cherry picked from commit ae0b700a856c0ae460d271bb50dccfaae84dbcab)
(cherry picked from commit e662cf6d515daad19e70c3d85e244b213ac48997)
|
| |
|
|
|
|
|
|
|
|
| |
The manual states that a persistent timer triggers it's service
immediately on activation to catch up with missed invocations, but since
PR #11608 it is no longer the case if RandomizedDelaySec= is set to a
non-zero value.
(cherry picked from commit 5501da15ba34284e50c10ccd6b3ffa8838bb431b)
(cherry picked from commit fb2afc5f30c76965c3a2b5a0f3cc6170b59a6fa4)
|
| |
|
|
|
| |
(cherry picked from commit 06d98bdc81b233584d4b225892d358f324b7030b)
(cherry picked from commit 8758580ef561d9889990c89283acf82f8a9a66dc)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When 4dfaa528d45 was first commited its callers relied on `errno` instead of the
return value for error reporting. Which worked fine, since internally
under all conditions base were set — even if ugly and not inline with
our coding style. Things then got broken in
f8606626ed3c2582e06543550d58fe9886cdca5f where suddenly additional
syscalls might end up being done in the function, thus corrupting `errno`.
(cherry picked from commit dee00c1939c6194404c15a80650d0c04bb01b0db)
(cherry picked from commit 57fc184a6cf8433b5fb353c699b1d3866c93062a)
|
| |
|
|
|
| |
(cherry picked from commit d8ea7f838b1199d240d522ee3ce05d1c263b7ad4)
(cherry picked from commit 3e2c8066817da42063f19153db4fe7c7fe1f837f)
|
| |
|
|
|
|
|
|
|
| |
cryptsetup: Fix null pointer dereference
Fix null pointer dereference in the pkcs11 related code of systemd-cryptsetup
(cherry picked from commit 664ad0f6f54257643fa069d9e1e9cad0f6fd7cc3)
(cherry picked from commit f3da0180170deac1a95f8c08c007046227cdbfc7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The securebit keep-caps retains the capabilities in the permitted set
over an UID change (ambient capabilities are cleared though).
Setting the keep-caps securebit after the uid change and before execve
doesn't make sense as it is cleared during execve and there is no
additional user ID change after this point.
Altough the documentation (man 7 capabilities) is ambigious, keep-caps
is reset during execve although keep-caps-locked is set. After execve
only keep-caps-locked is set and keep-caps is cleared.
(cherry picked from commit 198dc1784514b800c3e69153839084a55ebf2e84)
(cherry picked from commit 6f65eaf9c2643e0d9e22357f41f0b3d29e18075a)
|
| |
|
|
|
|
|
| |
The comments on the code for ambient capabilities was wrong/outdated.
(cherry picked from commit 16fcb1918a0e4514b1d0d78259d4ffd646b5da59)
(cherry picked from commit 08338a234e381223416d536867199b2f9a2ed30a)
|
| |
|
|
|
| |
(cherry picked from commit d157714b6819d9e4faa93ef64a5041d5a8ae4779)
(cherry picked from commit f0e6d9876d7931936eaa832a0fd0b11ee516d750)
|
| |
|
|
|
| |
(cherry picked from commit 8ed6f81ba3b7be55d20a5d703c9aa7d4018b80ed)
(cherry picked from commit 35766dc61b56378dc556ee7900e043ced98ab50c)
|
| |
|
|
|
| |
(cherry picked from commit 38104ee2a545a0e06fc261c0161aed322285f363)
(cherry picked from commit 2f6406914b3e30e21ee5318eac640b2a76c75c81)
|
| |
|
|
|
| |
(cherry picked from commit ab54f12b783eea891d6414fbc14cd6fe7cbe4c80)
(cherry picked from commit 07671aa4cc8f0211e77b8227e89d5b73ad7121c0)
|
| |
|
|
|
| |
(cherry picked from commit 09c69ecaeb2c63b2b7e20728c4f4704bbb464a9c)
(cherry picked from commit d4bea73972fb7443b3c02261e2c9c174f0ff92f8)
|
| |
|
|
|
| |
(cherry picked from commit a718b951ac2c2186db22311b611b7e7ccdc30915)
(cherry picked from commit 7db399be1e621a331f68be055b1a89e10a64b8cb)
|
| |
|
|
|
| |
(cherry picked from commit 3b4e123173ba1e4cb6af504d98e0c018d9ccfc8a)
(cherry picked from commit 8c8d188e853f893c64593111a3949c64cfca8380)
|
| |
|
|
|
|
|
| |
Follow-up for bf331d87171b7750d1c72ab0b140a240c0cf32c3.
(cherry picked from commit d31f33e3c9f6ea3bdc873ee52f4398edbec74527)
(cherry picked from commit 3bf7797f1f5d2c97d3b4c108ca487f8d337e8af2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
than the kernel limit
The commit 10ce2e0681ac16e7bb3619b7bb1a72a6f98a2f2c inverts the order of
SO_{RCV,SND}BUFFORCE and SO_{RCV,SND}BUF. However, setting buffer size with
SO_{RCV,SND}BUF does not fail even if the requested size is larger than
the kernel limit. Hence, SO_{RCV,SND}BUFFORCE will not use anymore and
the buffer size is always limited by the kernel limit even if we have
the priviledge to ignore the limit.
This makes the buffer size is checked after configuring it with
SO_{RCV,SND}BUF, and if it is still not sufficient, then try to set it
with FORCE command. With this commit, if we have enough priviledge, the
requested buffer size is correctly set.
Hopefully fixes #14417.
(cherry picked from commit b92f350789e33942be0cf85af22a580c1fd483d6)
(cherry picked from commit 4dcae666889ae9469e4406c0bcaffadbc01c4f66)
|
| |
|
|
|
| |
(cherry picked from commit 1263c85ef32ea35969748cd4304cd1a51d19e8d1)
(cherry picked from commit 4b6b523946e4e7235ec2e200026efed5d6137fa8)
|
| |
|
|
|
| |
(cherry picked from commit 8c63924c8d1eeb5a173669b8b06230bfe721f139)
(cherry picked from commit b4be8edb455dbeac98840c79fbb5217bbef067b4)
|
| |
|
|
|
|
|
|
| |
And add a comment for the existing cases where things aren't clear
already.
(cherry picked from commit d161680e7afb7ae01593ffc5deb6c02bbc08ed19)
(cherry picked from commit 5ce47fb4913b64e2d52a00a09b764161e1f6001b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On systems that boot without initrd on a btrfs root file systems the
BTRFS_IOC_DEV_INFO ioctl returns /dev/root as backing device. That
sucks, since that is not a real device visible to userspace.
Since this has been that way since forever, and it doesn't look like the
kernel will get fixed soon for this, let's at least generate a useful
error message in this case.
This is not a bug fix, just a tweak to make this more recognizable.
Once the kernel gets fixed to report the correct device nodes in this
case, in a way userspace can make sense of them things will magically
work for systemd, too.
(Note that this doesn't add a log message about this to really all cases
we call get_device() in, but just the main ones that are called in early
boot context, after all all there's no benefit in seeing this message
too many times.)
https://github.com/systemd/systemd/issues/16953
https://bugs.freedesktop.org/show_bug.cgi?id=84689
https://bugzilla.kernel.org/show_bug.cgi?id=89721
(cherry picked from commit 67f0ac8c79bb08451a70ee314daf06ee081ef24d)
(cherry picked from commit 8ea6ec18e785599e357eecebc44a726cccc126e3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
log_debug still returns 0. I think it is legitimate to use 'return log_debug()' to
return 0. It is different than the other functions, since we often want to supress
errors logged at debug level. This case is quite common in the codebase and
we could use 'return log_debug_errno()' to make the code more consise.
For all other variants, a separate return line is required.
Previous commit changes all the non-conforming instances, now we can make it mandatory.
(cherry picked from commit 44f0dd628ce4ca9565b0e02b8cb63ed8272529cd)
(cherry picked from commit e1ff4947d25bd3b9cb6a4362566cb65ae257b0aa)
|
| |
|
|
|
|
|
|
|
|
|
| |
In various cases, we would say 'return log_warning()' or 'return log_error()'. Those
functions return 0 if no error is passed in. For log_warning or log_error this doesn't
make sense, and we generally want to propagate the error. In the few cases where
the error should be ignored, I think it's better to split it in two, and call 'return 0'
on a separate line.
(cherry picked from commit c413bb28df0996be99fd6b3f2335dfe8739d62fb)
(cherry picked from commit 8019995e9af9c6d7b5985198cedccd24eda3e26e)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All backslashes that should be single in shell syntax need to be written as "\\" because
our parser will remove one level of quoting. Also, single quotes were doubly nested, which
cannot work.
Should fix the following message:
test-execute/exec-dynamicuser-statedir.service:16: Ignoring unknown escape sequences: "test $$(find / \( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc \) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d \\n) = /var/lib/private/quux/pief/var/lib/private/waldo"
(cherry picked from commit 0b3861d2247fd96ca1ff018bbf35c8465c43323c)
(cherry picked from commit 932f4c3e8b0a1278226a38434e4817a76c0c44f3)
|
| |
|
|
|
|
|
| |
Fixes #16958.
(cherry picked from commit fc706b4816f75c01bd78bd5936e5f8740405093a)
(cherry picked from commit 16b9426f7052df4b4d8f313a5f2e0b485bdd5dba)
|
| |
|
|
|
|
|
|
|
| |
Remember the secret if the for_state is FIXATING_FOR_ACTIVATION or
FIXATING_FOR_ACQUIRE. This fixes login failures when logging in
to an unfixated user.
(cherry picked from commit 3d3d6e10daee37cd0636e15c2d4f29f14354cd72)
(cherry picked from commit fecb3f00c450c83f2ad27bfdab7fa5f8d49f27e7)
|
