V254 stable batch #315

Follow-up for #26089 and #28505 Currently, if default-keymap is not empty, there's no way to ask vconsole-setup to retain the kernel keymap. Let's accept a special value "kernel" for that purpose. Addresses the problem mentioned in systemd/systemd#28505 (comment) (cherry picked from commit ef7f5ba)

(cherry picked from commit 7e48f3b)

The command is deprecated, as per NEWS of 254. Let's go one step further and remove it from the help text and man page, so that people are not inspired to use it at this time anymore. This is how we usually have done this before: remove it from visibility, but support it for a while still. (cherry picked from commit 0de0ed6)

This is a follow-up for #28596. I think the suggestion to use Type=exec uses too strong wording: Type=exec has non-trivial drawbacks over Type=simple, and they deserve to be mentioned. Hence drop the <emphasis> and turn this around so that Type=exec is *recommended*, but Type=simple is not expressly discouraged, because there are plenty reasons to use it. Add a brief discussion where Type=simple might be preferable. Also, fix the outright unruth that Type=exec was the "simplest and fastest", because it certainly is a lot, but not that. (cherry picked from commit e5e900e)

…alled on SUSE (cherry picked from commit 372d40f)

…have to write it to disk first Prompted by: #28740 (cherry picked from commit 85ec1b6)

…I_FILE_INFO prefix size The gnu-efi definition of the struct uses [1], our local one [0] to size the filename array. Let's avoid an ambiguity and use offsetof() so that this difference doesn't matter. Also, doing it this way makes very clear to the read what happens here: it's a structure with a variable size suffix. (cherry picked from commit 490b448)

We must go through finish, to undo the destruction of the final elements of the iovw properly. (cherry picked from commit 946dc7c)

…to leave keymap untouched This is a magic string, and we should avoid stepping into the territory of normal keymap names with that, given that users can pick names otherwise freely. Hence, prefix the name with a special char to avoid any namespace issues. Follow-up for: #28660 (cherry picked from commit bf77d59)

On openSUSE with BTRFS, /root has to be mounted as dedicated subvolume to avoid restoring it when a rollback of the system happens. (cherry picked from commit 487ae08)

This change makes sure a data copy using copy_bytes() does not exceed the max_bytes value when using COPY_HOLES and max_bytes stops before the next data section. (cherry picked from commit c2dfcbd)

…ey are just kept "mounted" Follow-up for: 947d836 (I guess in the original patch authors usecase the root fs actually *does* remain in memory, but that's a special case and does not belong in the man pages this way). (cherry picked from commit 579fbe5)

Otherwise if the os-release file shrinks between updates, there will be a merge of the two. Also remove redundant ENOENT check. Follow-up for 3f37a82 (cherry picked from commit bf85c23)

This makes tmpfiles, sysusers, and udevd invoked in the following order: 1. systemd-tmpfiles-setup-dev-early.service Create device nodes gracefully, that is, create device nodes anyway by ignoring unknown users and groups. 2. systemd-sysusers.service Create users and groups, to make later invocations of tmpfiles and udevd can resolve necessary users and groups. 3. systemd-tmpfiles-setup-dev.service Adjust owners of previously created device nodes. 4. systemd-udevd.service Process all devices. Especially to make block devices active and can be mountable. 5. systemd-tmpfiles-setup.service Setup basic filesystem. Follow-up for b42482a. Fixes #28653. Replaces #28681 and #28732. (cherry picked from commit bb7f485)

Follow-up for bb7f485. (cherry picked from commit cf5d2df)

Signed-off-by: Rahil Bhimjiani <rahil3108@gmail.com> (cherry picked from commit f5263dd)

Follow-up for f1f331a (cherry picked from commit 031a399)

We call dir_is_empty() to check if the directory is empty but don't take the result into account when returning from the function. (cherry picked from commit e36c621)

(cherry picked from commit eeee486)

…ociated with the token The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug. The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked. (Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO). (cherry picked from commit 5007942)

…e condition If someone reads /run/host/os-release at the exact same time it is being updated, and it is large enough, they might read a half-written file. This is very unlikely as os-release is typically small and very rarely changes, but it is not impossible. Bind mount a staging directory instead of the file, and symlink the file into into, so that we can do atomic file updates and close this gap. Atomic replacement creates a new inode, so existing bind mounts would continue to see the old file, and only new services would see the new file. The indirection via the directory allows to work around this, as the directory is fixed and never changes so the bind mount is always valid, and its content is shared with all existing services. Fixes systemd/systemd#28794 Follow-up for 3f37a82 (cherry picked from commit 663e275)

exec_child() is supposed to set *exit_status when returning failure. Unfortunately, we didn't do that in two cases. The result would be: - a bogus error message "Failed at step SUCCESS spawning foo: …", - a bogus success exit status. Bugs introduced in 3909020 and ad21e54. The code is reworked to add some asserts and not set exit_status in the caller so that it's clearer (also to the compiler) that it needs to be set. (cherry picked from commit 5fa01ac)

(cherry picked from commit 973d6be)

… we are in confidential vms (cherry picked from commit fab0eeb)

(cherry picked from commit c1b2e1a)

An error reply from polkit is a valid case and should not be propagated as failure of async_polkit_callback(). It should only be saved here. It'll be returned by bus_verify_polkit_async() later, when it's called for the same method again. Follow-up for #26365. (cherry picked from commit 45b1c01)

Fixes #28943 (cherry picked from commit b56ee69)

install_subdir() does not copy symlinks but copies the file they point to. We also get a very ugly warning in the meson install output: """ Warning: trying to copy a symlink that points to a file. This will copy the file, but this will be changed in a future version of Meson to copy the symlink as is. Please update your build definitions so that it will not break when the change happens. """ Let's fix both problems at once by using rsync which does the right thing. Verified by running systemd-dissect --mtree on both the install output before and after and all the symlinks are now correctly preserved. (cherry picked from commit cc2a0d8)

…nse" This reverts commit 1483892. As the commit says, it does not solve the race. Moreover, it introduces an regression #28410. Also, checking by `path_is_mount_point()` may trigger automount. From statx(2), > AT_NO_AUTOMOUNT > Don't automount the terminal ("basename") component of pathname > if it is a directory that is an automount point. Similar statements can be found in fstatat(2), which is used in the fallback call for statx() in glibc, and name_to_handle_at(2), which is used as the fallback when statx() failed. So, `path_is_mount_point()` may _do_ trigger automount for parent paths. That should be avoided especially on shutdown. The original issue #25527 that is 'fixed' by the commit is not serious, and should be fixed by making umount command handle path gracefully: util-linux/util-linux#2132 Fixes #28410. (cherry picked from commit e323d2e)

Setting USEC_INFINITY to timer event source should not cause any problem. But, disabling timer event source should be preferable. [zjs: simplify the call to sd_event_source_set_enabled()] (cherry picked from commit 57d2b6a)

Sometimes its useful to keep a trailing slash in the path so let's add path_simplify_full() and a flag to do just that. (cherry picked from commit 4541d04)

(cherry picked from commit ce60b3a)

We conditionalize behavior based on whether these paths have trailing slashes or not, so let's make sure we keep them intact. (cherry picked from commit d10eccb)

…RT_QUEUED Follow-up for 09d04ad Fixes #28856 (cherry picked from commit c068650)

The specs call this TCG PC Client Platform Firmware Profile Specification says this PCR is owned by the Host Platform Manufacturer, at various places. Hence let's give it that name. (cherry picked from commit b060b9a)

This currently makes unit_file_get_default() fail if the default target is transient which shouldn't make us fail to get the default unit. (cherry picked from commit 3c1c52f)

Prompted by: #28902 (cherry picked from commit 1126841)

(cherry picked from commit c4d281f)

or else it would output 'Unknown config setting [UKI] SecureBootCerificate=' or just an error outright if not overrode. (cherry picked from commit c766e05)

We set FORK_CLOSE_ALL_FDS, so we should also set FORK_REOPEN_LOG to reopen the log in the child process so we don't miss any logging messages. (cherry picked from commit fbc6a75)

We might inherit a max rlim value that's larger than the kernel's maximum (nr_open). This will cause setrlimit() to fail as the given maximum is larger than the kernel's maximum. To get around this, let's limit the max rlim we pass to rlimit() to the value of nr_open. Should fix #28965 (cherry picked from commit f470daf)

Fixes #28928. (cherry picked from commit 7abb0ee)

See documentation at: https://manpages.debian.org/testing/pkgconf/pkg.m4.7.en.html Without this the macro was not always correctly resolved so the correct command was not used in the rest of the snippet. (cherry picked from commit c91d636)

Chronyd and similar time services, when using PTP devices, may need the BindsTo/After directives to ensure the devices are available before starting. Tag PTP devices with systemd to allow for wider adoption. Signed-off-by: Chris Patterson <cpatterson@microsoft.com> (cherry picked from commit 23cbe90)

session_leave_vt may be called after the VT device was hung up, which will cause vt_release to fail with -EIO. This is known to cause an issue with GNOME 44 on Fedora where gdm-session-worker sometimes freezes when trying to switch to VT 1 after a `loginctl terminate-user` operation. Fix this by reopening the VT in session_leave_vt if we get an -EIO. (cherry picked from commit 99d4ad7)

Fixup for 7d48154 and a3f758b. (cherry picked from commit d3f8b75)

Inspired by systemd/systemd#28997. Noticed by Alvin Alvarado <alvin@striczkof.io>. (cherry picked from commit 594e27b)

The type of a file descriptor is `int`, not `pid_t`. This should not have any effects on API consumers as `pid_t` is already typedef'd as `int` on all glibc-based systems. (cherry picked from commit 904b8bb)

If there are no "ManagedOOMSwap" entries to monitor, then the event source can be completely disabled. This scenario appears to be common and avoiding the wake-ups can save idle energy consumption. This was discovered while using Sysprof for various GNOME 45 performance tuning. systemd-oomd goes from waking up a few times a second to no wake-ups helping keep a laptop in deep(er) sleep. Signed-off-by: Christian Hergert <chergert@redhat.com> (cherry picked from commit b63beb4)

…behavior guarantee With the old boot ID update behavior there's no way to compare the boot ID of a new entry to be written with the boot ID of the last entry in the journal in a performant manner, and therefore no way to determine if monotonic clock value consistency checking is needed. Refuse to open journal files without the new boot ID update behavior guarantee to simplify consistency checking. (cherry picked from commit 2f766ac)

The monotonic clock value consistency should only be checked if the boot ID is the same as the last journal entry, and requiring that the current boot ID be the same as the boot ID of the last entry is not necessary for ensuring deterministic bisection as we already enforce strict ordering of the real time clock value in a single journal file. This fixes an issue where a new journal file is unnecessarily created every boot, potentially wasting storage space. (cherry picked from commit addcecf)

(cherry picked from commit 05ebcbd)

Resolves: #29048 (cherry picked from commit 97e2785)

When icmp6_receive() fails, then the source address is not initialized yet. (cherry picked from commit 4674f40)

- Rename the argument for storing the sender address, - allow to call it with NULL for ret_xyz, - reduce needless copy of timestamp when the message does not have timestamp. (cherry picked from commit 5121163)

Fixes #29050. (cherry picked from commit 4961f56)

…seats When the user tries to attach a device lacking ID_FOR_SEAT they currently get a very cryptic error message. Let's improve the situation a bit. Still a bit cryptic maybe, but much less so. Inspired-by: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049469.html Inspired-by: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049484.html Also-see: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049470.html Also-see: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049489.html (cherry picked from commit 08237f0)

f2fs is actively maintained upstream, and popular in certain device categories (phones, embedded), so allow-list by default. Fixes systemd/systemd#29026 (cherry picked from commit ee6cf8e)

(cherry picked from commit bd6c95c)

For a userns root user to be able to access the credentials, both the uid and gid of the credentials directory have to be mapped into the userns. Currently, the credentials directory group is root, which we obviously do not want to map in to a userns, so let's make sure that the credentials directory and files are owned by the service group instead, which can generally be safely mapped into the userns. Since we use permissions mode 0600, this shouldn't cause any change in who is able to access the credentials. Fixes #28747 (cherry picked from commit 3a78b0e)

Otherwise, we get redefinition errors if <net/if.h> is included later on by another header. (cherry picked from commit 2af02e6)

Currently, we mount via file descriptors using /proc/self/fd. This works, but it means that in /proc/mounts and various other files, the source of the mount will be listed as /proc/self/fd/xxx. For other software that parses these files, /proc/self/fd/xxx doesn't mean anything, or worse, it means the completely wrong thing, as it will refer to one of their own file descriptors instead. Let's improve the situation by using /proc/pid/fd instead. This allows processes parsing /proc/mounts to do the right thing more often than not. One scenario where even this doesn't work if when containers are involved, as with the pid namespace unshared, even /proc/pid/fd will mean the wrong thing, but it's no worse than /proc/self/fd which will always means the wrong thing. This also doesn't work if we mount via file descriptor and then exit, as the pid will be gone, but it does work as long as the process that did the mount is alive, which makes it useful for systemd-dissect --with for example if the program we run in the image wants to parse /proc/mounts. (cherry picked from commit 4419735)

… specified Follow-up for 2f091b1. Fixes #28844. (cherry picked from commit 927e20f)

When running on non-native userland architecture via systemd-nspawn and qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL. Fixes #28901. [zjs: add a comment in the code] (cherry picked from commit 4680187)

No need to disable arch completely, let's just disable keyring checking to get CI working again for now. (cherry picked from commit 16173ab)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

V254 stable batch #315

V254 stable batch #315

Commits on Sep 6, 2023