Package: systemd / 238-5

Metadata

Package Version Patches format
systemd 238-5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
test cgroup util bail out when running under mock 8365.patch | (download)

src/test/test-cgroup-util.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 test-cgroup-util: bail out when running under mock (#8365)

The builds were failing in Fedora koji, where something strange is mounted
on /sys/fs/cgroup.

Also closes https://github.com/systemd/systemd/issues/8383.

(cherry picked from commit 18ce247c4cd0238de3425923ddab2309990c263a)

core do not free stack allocated strings.patch | (download)

src/core/mount-setup.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 core: do not free heap-allocated strings

Fixes #8387.

basic macros rename noreturn into _noreturn_ 8456.patch | (download)

src/basic/log.c | 4 2 + 2 - 0 !
src/basic/log.h | 4 2 + 2 - 0 !
src/basic/macro.h | 19 9 + 10 - 0 !
src/basic/process-util.c | 2 1 + 1 - 0 !
src/basic/process-util.h | 2 1 + 1 - 0 !
src/core/main.c | 4 2 + 2 - 0 !
src/journal/test-journal-interleaving.c | 2 1 + 1 - 0 !
src/shared/pager.c | 2 1 + 1 - 0 !
src/udev/collect/collect.c | 2 1 + 1 - 0 !
9 files changed, 20 insertions(+), 21 deletions(-)

 basic/macros: rename noreturn into _noreturn_ (#8456)

"noreturn" is reserved and can be used in other header files we include:

  [   16s] In file included from /usr/include/gcrypt.h:30:0,
  [   16s]                  from ../src/journal/journal-file.h:26,
  [   16s]                  from ../src/journal/journal-vacuum.c:31:
  [   16s] /usr/include/gpg-error.h:1544:46: error: expected ',' or ';' before ')' token
  [   16s]  void gpgrt_log_bug (const char *fmt, ...)    GPGRT_ATTR_NR_PRINTF(1,2);

Here we include grcrypt.h (which in turns include gpg-error.h) *after* we
"noreturn" was defined in macro.h.

(cherry picked from commit 848e863acc51ecfb0f3955c498874588201d9130)

units Fix SuccessAction that belongs to Unit section not .patch | (download)

units/system-update-cleanup.service.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 units: fix successaction that belongs to [unit] section not
 [Service] section (#8478)

(cherry picked from commit 94a1d03e27811e06045cdfba2e0fc7180964dc0e)

udev net id Fix check for address to keep interface names.patch | (download)

src/udev/udev-builtin-net_id.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 udev/net-id: fix check for address to keep interface names stable
 (#8458)

This was a bug inadvertently added by commit 73fc96c8ac0aa9.

The intent of the check is to "match slot address with device by
stripping the function" (as the comment above states it), for example
match network device PCI address 0000:05:00.0 (including a .0 for
function) to PCI slot address 0000:05:00, but changing that to a streq()
call prevented the match.

Change that to startswith(), which should both fix the bug and make the
intent of the check more clear and prevent unintentional bugs from being
introduced by future refactorings.

(cherry picked from commit 8eebb6a9e5e74ec0ef40902e2da53d24559b94a4)

core when reloading delay any actions on journal and dbus.patch | (download)

src/core/unit.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 core: when reloading,
 delay any actions on journal and dbus connections

manager_recheck_journal() and manager_recheck_dbus() would be called to early
while we were deserialiazing units, before the systemd-journald.service and
dbus.service have been deserialized. In effect we'd disable logging to the
journald and close the bus connection. The first is not very noticable, it
mostly means that logs emitted during deserialization are lost. The second is
more noticeable, because manager_recheck_dbus() would call bus_done_api() and
bus_done_system() and close dbus connections. Logging and bus connection would
then be restored later after the respective units have been deserialized.

This is easily reproduced by calling:
  $ sudo gdbus call --system --dest org.freedesktop.systemd1 --object-path /org/freedesktop/systemd1 --method "org.freedesktop.systemd1.Manager.Reload"
which works fine before 8559b3b75cb, and then starts failing with:
  Error: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Remote peer disconnected

None of this should happen, and we should delay changing state until after
deserialization is complete when reloading. manager_reload() already included
the calls to manager_recheck_journal() and manager_recheck_dbus(), so the
connection state will be updated after deserialization during reloading is done.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1554578.

(cherry picked from commit e63ebf71edd7947f29389c72e851d8df5c7bedda)

units initctl move the fifo to run initctl to match sysvi.patch | (download)

units/systemd-initctl.service.in | 2 1 + 1 - 0 !
units/systemd-initctl.socket | 4 2 + 2 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 units: initctl: move the fifo to /run/initctl to match sysvinit

The fifo location was moved in sysvinit-2.89.

http://git.savannah.nongnu.org/cgit/sysvinit.git/commit/?id=80dbcf3de3c1b83aeaa713a8fe5b8d35d8649af2
(cherry picked from commit 4d8c7c1b3a5feebca948a3b8663f5be887b57731)

systemctl try opening run initctl before dev initctl.patch | (download)

src/systemctl/systemctl.c | 11 8 + 3 - 0 !
1 file changed, 8 insertions(+), 3 deletions(-)

 systemctl: try opening /run/initctl before /dev/initctl

This ensures compatability with old/new sysvinit.

http://git.savannah.nongnu.org/cgit/sysvinit.git/commit/?id=80dbcf3de3c1b83aeaa713a8fe5b8d35d8649af2
(cherry picked from commit 83c76e8c385cefa05f8177992ba8cb7b75950249)

core dont t remount sys fs cgroup for relabel if not need.patch | (download)

src/core/mount-setup.c | 42 33 + 9 - 0 !
1 file changed, 33 insertions(+), 9 deletions(-)

 core: dont't remount /sys/fs/cgroup for relabel if not needed
 (#8595)

The initial fix for relabelling the cgroup filesystem for
SELinux delivered in commit 8739f23e3 was based on the assumption that
the cgroup filesystem is already populated once mount_setup() is
executed, which was true for my system. What I wasn't aware is that this
is the case only when another instance of systemd was running before
this one, which can happen if systemd is used in the initrd (for ex. by
dracut).

In case of a clean systemd start-up the cgroup filesystem is actually
being populated after mount_setup() and does not need relabelling as at
that moment the SELinux policy is already loaded. Since however the root
cgroup filesystem was remounted read-only in the meantime this operation
will now fail.

To fix this check for the filesystem mount flags before relabelling and
only remount ro->rw->ro if necessary and leave the filesystem read-write
otherwise.

Fixes #7901.

(cherry picked from commit 6f7729c1767998110c4460c85c94435c5782a613)

sd bus do not try to close already closed fd 8392.patch | (download)

src/libsystemd/sd-bus/bus-socket.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 sd-bus: do not try to close already closed fd (#8392)

Fixes #8376, which is introduced by 2b33ab0957f453a06b58e4bee482f2c2d4e100c1.

(cherry picked from commit 280029d18f470a64403d68717eef1be5274ff8af)

core don t include libmount.h in a header file 8580.patch | (download)

src/core/dbus-execute.c | 1 1 + 0 - 0 !
src/core/manager.h | 3 2 + 1 - 0 !
src/core/mount.c | 2 2 + 0 - 0 !
3 files changed, 5 insertions(+), 1 deletion(-)

 core: don't include libmount.h in a header file (#8580)

linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_*
definitions.

To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h
should be included. And missing.h must be included last.

Without this, building systemd may fail with:

In file included from [...]/libmount/libmount.h:31:0,
                 from ../systemd-238/src/core/manager.h:23,
                 from ../systemd-238/src/core/emergency-action.h:37,
                 from ../systemd-238/src/core/unit.h:34,
                 from ../systemd-238/src/core/dbus-timer.h:25,
                 from ../systemd-238/src/core/timer.c:26:
[...]/sys/mount.h:57:2: error: expected identifier before numeric constant

(cherry picked from commit 227b8a762fea1458547be2cdf0e6e4aac0079730)

meson avoid warning about comparison of bool and string.patch | (download)

meson.build | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 meson: avoid warning about comparison of bool and string

login change variable type of enable_wall_messages as it .patch | (download)

src/login/logind-dbus.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 login: change variable type of enable_wall_messages as it matches
 Manager.enable_wall_messages

(cherry picked from commit c9482b88228db25c77ad61e119f61308af8fe2e9)

login do not wall message on cancelling shutdown when Man.patch | (download)

src/login/logind-dbus.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 login: do not wall message on cancelling shutdown when
 Manager.enable_wall_messages is false

Fixes #8904.

(cherry picked from commit 6e78fa4afd474dae984f3ee4a8477c623296a519)

debian/Use Debian specific config files.patch | (download)

src/basic/time-util.c | 21 19 + 2 - 0 !
src/core/locale-setup.c | 22 22 + 0 - 0 !
src/locale/keymap-util.c | 203 108 + 95 - 0 !
src/timedate/timedated.c | 10 10 + 0 - 0 !
4 files changed, 159 insertions(+), 97 deletions(-)

 use debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

debian/don t try to start autovt units when not running wit.patch | (download)

src/login/logind-core.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 =?utf-8?q?don=e2=80=99t_try_to_start_autovt_units_when_not_running?=
 =?utf-8?q?_with_systemd_as_pid_1?=

Closes: #726466

debian/Make logind hostnamed localed timedated D Bus activa.patch | (download)

src/hostname/org.freedesktop.hostname1.service | 2 1 + 1 - 0 !
src/locale/org.freedesktop.locale1.service | 2 1 + 1 - 0 !
src/login/org.freedesktop.login1.service | 2 1 + 1 - 0 !
src/timedate/org.freedesktop.timedate1.service | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 4 deletions(-)

 make logind/hostnamed/localed/timedated d-bus activatable

We want to use those services outside of systemd, so we make them
activatable via D-Bus.

debian/Start logind on demand via libpam systemd.patch | (download)

src/login/pam_systemd.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 start logind on demand via libpam-systemd

Don't make pam_sm_open_session() a NOP if logind is not running. Trying
to access logind via D-Bus will start it on demand.

debian/Make sd_login_monitor_new work for logind without sy.patch | (download)

src/libsystemd/sd-login/sd-login.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 make sd_login_monitor_new() work for logind without systemd

Fix sd_login_monitor_new() to not fail if there is no
/sys/fs/cgroup/systemd/machine; that only exists when running with systemd as
PID 1.

Bug-Ubuntu: https://launchpad.net/bugs/1400203

debian/Bring tmpfiles.d tmp.conf in line with Debian defaul.patch | (download)

tmpfiles.d/tmp.conf | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 bring tmpfiles.d/tmp.conf in line with debian defaults

Closes: #675422

debian/Make run lock tmpfs an API fs.patch | (download)

src/core/mount-setup.c | 2 2 + 0 - 0 !
tmpfiles.d/legacy.conf | 1 0 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 make /run/lock tmpfs an api fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392

debian/Revert udev network device renaming immediately give.patch | (download)

src/udev/udev-event.c | 41 38 + 3 - 0 !
1 file changed, 38 insertions(+), 3 deletions(-)

 revert "udev: network device renaming - immediately give up if the
 target name isn't available"

This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.

We need to keep supporting systems with 75-persistent-net-generator.rules
generated names for a while after switching to net.ifnames. Re-apply this old
hack to make the renaming less likely to fail.

debian/Add support for TuxOnIce hibernation.patch | (download)

src/shared/sleep-config.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add support for tuxonice hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

debian/Re enable journal forwarding to syslog.patch | (download)

man/journald.conf.xml | 2 1 + 1 - 0 !
src/journal/journald-server.c | 1 1 + 0 - 0 !
src/journal/journald.conf | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 2 deletions(-)

 re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

  http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.

debian/Don t enable audit by default.patch | (download)

src/journal/journald-audit.c | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528

debian/Only start logind if dbus is installed.patch | (download)

units/systemd-logind.service.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 only start logind if dbus is installed

logind fails to start in environments without dbus, such as LXC containers or
servers. Add a startup condition to avoid the very noisy startup failure.

Part of #772700

debian/cgroup don t trim cgroup trees created by someone el.patch | (download)

src/basic/cgroup-util.c | 2 0 + 2 - 0 !
src/core/cgroup.c | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

 cgroup: don't trim cgroup trees created by someone else

In cases when there is a cgroup tree in a controller hierarchy which was
not created by us, but it looks like it was (i.e. cgroup path is the
same as the one in systemd's named hierarchy) we shouldn't delete it.

debian/fsckd daemon for inter fsckd communication.patch | (download)

man/rules/meson.build | 1 1 + 0 - 0 !
man/systemd-fsckd.service.xml | 162 162 + 0 - 0 !
meson.build | 8 8 + 0 - 0 !
po/POTFILES.in | 1 1 + 0 - 0 !
src/fsckd/fsckd.c | 690 690 + 0 - 0 !
units/meson.build | 2 2 + 0 - 0 !
units/systemd-fsck-root.service.in | 2 2 + 0 - 0 !
units/systemd-fsck@.service.in | 3 2 + 1 - 0 !
units/systemd-fsckd.service.in | 17 17 + 0 - 0 !
units/systemd-fsckd.socket | 15 15 + 0 - 0 !
10 files changed, 900 insertions(+), 1 deletion(-)

 fsckd daemon for inter-fsckd communication

Global logic:
Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
progress report. systemd-fsckd then computes and writes to /dev/console the
number of devices currently being checked and the minimum fsck progress.

Plymouth and user interaction:
Forward the progress to plymouth and support canellation of in progress fsck.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.

Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
  checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
  displaying the information above. It can be overridden by plymouth themes
  supporting i18n.

Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.

Send a message to signal to user what key we are grabbing for fsck cancel.

Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.

Misc:
systemd-fsckd stops on idle when no fsck is connected.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part. Adapt existing fsck man page.

Note that fsckd had lived in the upstream tree for a while, but was removed.
More information at
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
-

debian/Skip filesystem check if already done by the initram.patch | (download)

src/fstab-generator/fstab-generator.c | 11 8 + 3 - 0 !
units/systemd-fsck-root.service.in | 1 1 + 0 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 skip filesystem check if already done by the initramfs

Newer versions of initramfs-tools already fsck and mount / and /usr in
the initramfs. Skip the filesystem check in this case.

Based on a previous patch by Michael Biebl <biebl@debian.org>.

Closes: #782522
Closes: #810748

debian/Revert core one step back again for nspawn we actual.patch | (download)

src/core/unit.c | 11 1 + 10 - 0 !
1 file changed, 1 insertion(+), 10 deletions(-)

 revert "core: one step back again,
 for nspawn we actually can't wait for cgroups running empty since systemd
 will get exactly zero notifications about it"

This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.

Bug-Debian: https://bugs.debian.org/784720
Bug-Ubuntu: https://launchpad.net/bugs/1448259
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137

debian/Revert core set RLIMIT_CORE to unlimited by default.patch | (download)

src/core/main.c | 2 0 + 2 - 0 !
sysctl.d/50-coredump.conf.in | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

 revert "core: set rlimit_core to unlimited by default"

Partially revert commit 15a900327ab as this completely breaks core dumps
without systemd-coredump. It's also contradicting core(8), and it's not
systemd's place to redefine the kernel definitions of core files.

Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
*file*, but the kernel deliberately ignores it for piping), so set a static
2^63 core size limit for systemd-coredump to go back to the previous behaviour
(otherwise the change above would break systemd-coredump).

Bug-Debian: https://bugs.debian.org/815020

debian/Revert core enable TasksMax for all services by default a.patch | (download)

man/systemd-system.conf.xml | 3 1 + 2 - 0 !
src/core/system.conf.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 3 deletions(-)

 revert "core: enable tasksmax= for all services by default,
 and set it to 512"

This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.

Introducing a default limit on number of threads broke a lot of software which
regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
indefinite number of subtasks that are not in a scope, like LXC or cron.

15% is way too much for most "simple" services, and it's too little for others
such as the ones mentioned above. There is also no particular rationale about
any particular global limit, so even if we'd bump it higher we'd just make the
limit even less useful while still breaking software.

It is both much safer and also much more effective in terms of guarding against
berserk programs/bugs/unintended fork bombs etc. to set limits in units
individually. Once someone looks at one, this is then a great time to also flip
on the other resource and privilege limitations that systemd offers.

Bug: https://github.com/systemd/systemd/issues/3211
Bug-Debian: https://bugs.debian.org/823530
Bug-Ubuntu: https://launchpad.net/bugs/1578080

debian/Let graphical session pre.target be manually started.patch | (download)

units/user/graphical-session-pre.target | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 let graphical-session-pre.target be manually started

This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.

debian/Add env variable for machine ID path.patch | (download)

src/libsystemd/sd-id128/sd-id128.c | 2 1 + 1 - 0 !
src/test/test-fs-util.c | 9 5 + 4 - 0 !
2 files changed, 6 insertions(+), 5 deletions(-)

 add env variable for machine id path

During package build, in minimal chroots, or other systems which do not already
have an /etc/machine-id we get six test failures. Introduce a
$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
other than /etc/machine-id, so that the unit tests are independent from the
environment.

Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
/etc/issue instead which is from base-files.

Closes: #851445

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344

debian/Avoid requiring a kvm system group.patch | (download)

rules/50-udev-default.rules.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 avoid requiring a "kvm" system group

This group is not universally available and as a result generates a
warning during boot:

 systemd-udevd: Specified group 'kvm' unknown

As kvm is only really useful if the qemu package is installed and this
package already takes care of setting up the proper permissions for
/dev/kvm, drop this rule from 50-udev-default.rules.

See https://github.com/systemd/systemd/issues/6360

debian/Revert udev rules Permission changes for dev dri renderD.patch | (download)

meson.build | 2 0 + 2 - 0 !
meson_options.txt | 2 0 + 2 - 0 !
rules/50-udev-default.rules.in | 5 1 + 4 - 0 !
src/login/70-uaccess.rules | 2 1 + 1 - 0 !
4 files changed, 2 insertions(+), 9 deletions(-)

 revert "udev-rules: permission changes for /dev/dri/renderd*"

This would introduce a new system group "render". As the name is rather
generic, this needs further discussion first, so revert this change for
now.

This reverts commit 4e15a7343cb389e97f3eb4f49699161862d8b8b2.