Package: systemd / 242-7

Metadata

Package Version Patches format
systemd 242-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
socket util make sure flush_accept doesn t hang on unexpe.patch | (download)

src/basic/socket-util.c | 17 15 + 2 - 0 !
1 file changed, 15 insertions(+), 2 deletions(-)

 socket-util: make sure flush_accept() doesn't hang on unexpected
 EOPNOTSUPP

So apparently there are two reasons why accept() can return EOPNOTSUPP:
because the socket is not a listening stream socket (or similar), or
because the incoming TCP connection for some reason wasn't acceptable to
the host. THe latter should be a transient error, as suggested on
accept(2). The former however should be considered fatal for
flush_accept(). Let's fix this by explicitly checking whether the socket
is a listening socket beforehand.

(cherry picked from commit f3d75364fbebf2ddb6393e54db5e10b6f6234e14)

test add test for flush_accept.patch | (download)

src/test/test-socket-util.c | 62 62 + 0 - 0 !
1 file changed, 62 insertions(+)

 test: add test for flush_accept()

Fixes: #12335
(cherry picked from commit 5b116c37e14582ee6550c9157445d6bbd4ce1813)

meson stop creating .wants directories for multi user get.patch | (download)

src/core/meson.build | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 meson: stop creating .wants directories for
 {multi-user,getty}.target (#12569)

Since preset is supposed to be used to enable the services, there is no
need to pre-create those directories either.

Follow-up for #12164

(cherry picked from commit dadc7f2e43b163dd740832abd73b83245f716c1e)

Drop support for usr sbin halt.local.patch | (download)

docs/DISTRO_PORTING.md | 1 0 + 1 - 0 !
man/systemd-rc-local-generator.xml | 12 4 + 8 - 0 !
meson.build | 3 0 + 3 - 0 !
meson_options.txt | 2 0 + 2 - 0 !
src/rc-local-generator/rc-local-generator.c | 6 0 + 6 - 0 !
units/meson.build | 1 0 + 1 - 0 !
6 files changed, 4 insertions(+), 21 deletions(-)

 drop support for /usr/sbin/halt.local

/usr/sbin/halt.local is a Fedora/Red Hat anachronism from pre-systemd
times.

(cherry picked from commit 44508946534eee032927c263b79464832656dd6e)

random util eat up bad RDRAND values seen on AMD CPUs.patch | (download)

src/basic/random-util.c | 15 14 + 1 - 0 !
1 file changed, 14 insertions(+), 1 deletion(-)

 random-util: eat up bad rdrand values seen on amd cpus

An ugly, ugly work-around for #11810. And no, we shouldn't have to do
this. This is something for AMD, the firmware or the kernel to
fix/work-around, not us. But nonetheless, this should do it for now.

Fixes: #11810
(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077)

ask password prevent buffer overflow when reading from ke.patch | (download)

src/shared/ask-password-api.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ask-password: prevent buffer overflow when reading from keyring

When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.

That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)

core unset HOME that the kernel gives us.patch | (download)

src/core/main.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 core: unset home=/ that the kernel gives us

Partially fixes #12389.

%h would return "/" in a machine, but "/root" in a container. Let's fix
this by resetting $HOME to the expected value.

(cherry picked from commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db)

man add note that h u U are mostly useless.patch | (download)

man/systemd.unit.xml | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 man: add note that %h/%u/%u are mostly useless

Fixes #12389.

(cherry picked from commit b4e2407716731d1ce099bad1c2778f7a4424ed2e)

network ignore requested ipv6 addresses when ipv6 is disa.patch | (download)

src/network/networkd-address.c | 7 6 + 1 - 0 !
src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-ndisc.c | 4 2 + 2 - 0 !
3 files changed, 10 insertions(+), 5 deletions(-)

 network: ignore requested ipv6 addresses when ipv6 is disabled by
 sysctl

(cherry picked from commit 54a1a535bd60f13964bbddd8f381601e33e8e56f)

network ignore requested ipv6 route when ipv6 is disabled.patch | (download)

src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-ndisc.c | 12 6 + 6 - 0 !
src/network/networkd-route.c | 7 6 + 1 - 0 !
3 files changed, 14 insertions(+), 9 deletions(-)

 network: ignore requested ipv6 route when ipv6 is disabled by sysctl

(cherry picked from commit c442331750a2a9711036080f7590e190b9b0eb54)

network ignore requested ipv6 routing policy rule when ip.patch | (download)

src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-routing-policy-rule.c | 7 6 + 1 - 0 !
2 files changed, 8 insertions(+), 3 deletions(-)

 network: ignore requested ipv6 routing policy rule when ipv6 is
 disabled by sysctl

(cherry picked from commit 7ef7e5509b637e660e89ba8a938930ec01de6e54)

network read link specific sysctl value.patch | (download)

src/network/networkd-address.c | 2 1 + 1 - 0 !
src/network/networkd-link.c | 23 19 + 4 - 0 !
src/network/networkd-link.h | 4 4 + 0 - 0 !
src/network/networkd-manager.c | 17 0 + 17 - 0 !
src/network/networkd-manager.h | 4 0 + 4 - 0 !
src/network/networkd-route.c | 2 1 + 1 - 0 !
src/network/networkd-routing-policy-rule.c | 2 1 + 1 - 0 !
7 files changed, 26 insertions(+), 28 deletions(-)

 network: read link specific sysctl value

This introduce link_sysctl_ipv6_enabled() and replaces
manager_sysctl_ipv6_enabled() with it.

(cherry picked from commit bafa9641446852f7fa15ca12d08a223d345c78ea)

networkd fix link_up 12505.patch | (download)

src/network/networkd-link.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 networkd: fix link_up() (#12505)

Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.

Fixes the following error:
```
dummy-test: Could not bring up interface: Invalid argument
```

After reading the kernel code when we do a link up
```
net/core/rtnetlink.c
IFLA_AF_SPEC
 af_ops->set_link_af(dev, af);
  inet6_set_link_af
   if (tb[IFLA_INET6_ADDR_GEN_MODE])
             Here it looks for IFLA_INET6_ADDR_GEN_MODE
```
Since link up we didn't filling up that it's failing.

Closes #12504.

(cherry picked from commit 4eb086a38712ea98faf41e075b84555b11b54362)

network do not send ipv6 token to kernel.patch | (download)

src/network/networkd-link.c | 51 6 + 45 - 0 !
1 file changed, 6 insertions(+), 45 deletions(-)

 network: do not send ipv6 token to kernel

We disabled kernel RA support. Then, we should not send
IFLA_INET6_TOKEN.
Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.

Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and
4eb086a38712ea98faf41e075b84555b11b54362.

(cherry picked from commit 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f)

meson make nologin path build time configurable.patch | (download)

man/nss-mymachines.xml | 4 2 + 2 - 0 !
man/sysusers.d.xml | 4 2 + 2 - 0 !
meson.build | 1 1 + 0 - 0 !
meson_options.txt | 1 1 + 0 - 0 !
src/basic/user-util.c | 4 2 + 2 - 0 !
src/nss-mymachines/nss-mymachines.c | 4 2 + 2 - 0 !
src/nss-systemd/nss-systemd.c | 4 2 + 2 - 0 !
src/sysusers/sysusers.c | 2 1 + 1 - 0 !
src/test/test-user-util.c | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-1.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-10.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-11.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-12.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-2.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-3.expected-passwd | 8 4 + 4 - 0 !
test/TEST-21-SYSUSERS/test-4.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-5.expected-passwd | 34 17 + 17 - 0 !
test/TEST-21-SYSUSERS/test-6.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-7.expected-passwd | 10 5 + 5 - 0 !
test/TEST-21-SYSUSERS/test-8.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-9.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test.sh | 9 8 + 1 - 0 !
22 files changed, 61 insertions(+), 52 deletions(-)

 meson: make nologin path build time configurable

Some distros install nologin as /usr/sbin/nologin, others as
/sbin/nologin.
Since we can't really on merged-usr everywhere (where the path wouldn't
matter), make the path build time configurable via -Dnologin-path=.

Closes #13028

(cherry picked from commit 6db904625d413739c480ddbe7667d3f40acc4ae0)

core never propagate reload failure to service result.patch | (download)

src/core/service.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 core: never propagate reload failure to service result

Fixes: #11238
(cherry picked from commit d611cfa748aaf600832160132774074e808c82c7)

shared seccomp add sync_file_range2.patch | (download)

src/shared/seccomp-util.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 shared/seccomp: add sync_file_range2

Some architectures need the arguments to be reordered because of alignment
issues. Otherwise, it's the same as sync_file_range.

(cherry picked from commit a8fb09f57395613d472d7b555db6e0ce802a8c84)

bash completion don t sort syslog priorities.patch | (download)

shell-completion/bash/journalctl | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 bash-completion: don't sort syslog priorities

By default, the available completions are sorted alphabetically, which
is counterproductive in case of syslog priorities. Override the default
behavior using the `nosort` option

(cherry picked from commit f8f542482e1df9b99144becf74dfae13a4d4403d)

test bpf skip test when run inside containers.patch | (download)

src/test/test-bpf.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 test-bpf: skip test when run inside containers

The test reliably fails inside LXC and Docker when run on a new enough
kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
issue and apparently there is no real interest to get this fixed, so
let's skip this test.
As this also covers Travis CI, there is no need for this additional
check anymore.

See https://github.com/systemd/systemd/issues/9666

(cherry picked from commit 98a3c188a1511caae422b2c891f3cc016824eb81)

tests skip test bpf only when we re 100 sure it s run in .patch | (download)

src/test/test-bpf.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 tests: skip test-bpf only when we're 100% sure it's run in
 containers

This is just a follow-up to https://github.com/systemd/systemd/pull/12617.

(cherry picked from commit 6bd1457afe396864cc4b9884157a6126027ed85e)

network fix ListenPort in WireGuard section.patch | (download)

src/network/netdev/wireguard.c | 19 10 + 9 - 0 !
1 file changed, 10 insertions(+), 9 deletions(-)

 network: fix listenport= in [wireguard] section

This fixes a bug introduced by f1368a333e5e08575f0b45dfe41e936b106a8627.

Fixes #12377.

(cherry picked from commit a62b7bb79e9a2aa683624c32cde1c756d8466fb4)

Drop dbus activation stub service.patch | (download)

README | 4 1 + 3 - 0 !
src/core/meson.build | 2 0 + 2 - 0 !
src/core/org.freedesktop.systemd1.service | 13 0 + 13 - 0 !
units/meson.build | 3 0 + 3 - 0 !
4 files changed, 1 insertion(+), 21 deletions(-)

 drop dbus activation stub service

This fixes the following problem:

> At the very end of the boot, just after the first user logs in
> (usually using sddm / X) I get the following messages in my logs:
> Nov 18 07:02:33 samd dbus-daemon[2879]: [session uid=1000 pid=2877] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
> Nov 18 07:02:33 samd dbus-daemon[2879]: [session uid=1000 pid=2877] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1

These messages are caused by the "stub" service files that systemd
installs. It installed them because early versions of systemd activation
required them to exist.

Since dbus 1.11.0, a dbus-daemon that is run with --systemd-activation
automatically assumes that o.fd.systemd1 is an activatable
service. As a result, with a new enough dbus version,
/usr/share/dbus-1/services/org.freedesktop.systemd1.service and
/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service should
become unnecessary, and they can be removed.

dbus 1.11.0 was released 2015-12-02.

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914015
(cherry picked from commit 07125d24eedb71693b3bf2b1f0730cd01aaac2dd)

Revert core check start limit on condition checks too.patch | (download)

src/core/unit.c | 20 1 + 19 - 0 !
1 file changed, 1 insertion(+), 19 deletions(-)

 revert "core: check start limit on condition checks too"

This reverts commit 2de9b9793b91f492141f090dcc89445511e94bd4.

This check causes regressions, in particular our own units fail. Apparently, it
is enough for the unit to be referenced enough times:

$ journalctl -b -u systemd-ask-password-console.path
Aug 30 12:08:14 krowka systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped.
Aug 30 12:08:33 krowka systemd[1]: systemd-ask-password-console.path: Start request repeated too quickly.
Aug 30 12:08:33 krowka systemd[1]: Failed to start Dispatch Password Requests to Console Directory Watch.

$ journalctl -b -u systemd-firstboot.service
-- Logs begin at Sun 2019-04-21 12:39:21 CEST, end at Fri 2019-08-30 12:23:06 CEST. --
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in First Boot Wizard being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in First Boot Wizard being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in First Boot Wizard being skipped.
Aug 30 12:08:33 krowka systemd[1]: Condition check resulted in First Boot Wizard being skipped.
Aug 30 12:08:33 krowka systemd[1]: systemd-firstboot.service: Start request repeated too quickly.
Aug 30 12:08:33 krowka systemd[1]: Failed to start First Boot Wizard.

And the same for other units.

Fixes #13434.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935829

(cherry picked from commit 5af6aa58aaf537fef8be32c03a02e0a20a83875d)

sleep properly pass verb to sleep script.patch | (download)

src/sleep/sleep.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 sleep: properly pass verb to sleep script

Another fall-out from our rewriting of argv[] now.

Fixes: #12782
(cherry picked from commit 98dc9d1f8f02ef968140a2d55ed91528e1ef8056)

core factor root_directory application out of apply_worki.patch | (download)

src/core/execute.c | 38 28 + 10 - 0 !
1 file changed, 28 insertions(+), 10 deletions(-)

 core: factor root_directory application out of
 apply_working_directory

Fixes: #12498
(cherry picked from commit fa97f63067a05b4e793fd4e0a2b54797459b4812)

shared bus util drop trusted annotation from bus_open_sys.patch | (download)

src/shared/bus-util.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 shared/bus-util: drop trusted annotation from
 bus_open_system_watch_bind_with_description()

https://bugzilla.redhat.com/show_bug.cgi?id=1746057

This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
is also used in timesyncd, but it has no methods, only read-only properties, and
in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
polkit checks.

(cherry picked from commit 35e528018f315798d3bffcb592b32a0d8f5162bd)

debian/Use Debian specific config files.patch | (download)

src/basic/time-util.c | 21 19 + 2 - 0 !
src/core/locale-setup.c | 21 21 + 0 - 0 !
src/locale/keymap-util.c | 210 105 + 105 - 0 !
src/timedate/timedated.c | 10 10 + 0 - 0 !
4 files changed, 155 insertions(+), 107 deletions(-)

 use debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

debian/Bring tmpfiles.d tmp.conf in line with Debian defaul.patch | (download)

tmpfiles.d/tmp.conf | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 bring tmpfiles.d/tmp.conf in line with debian defaults

Closes: #675422

debian/Make run lock tmpfs an API fs.patch | (download)

src/core/mount-setup.c | 2 2 + 0 - 0 !
tmpfiles.d/legacy.conf | 1 0 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 make /run/lock tmpfs an api fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392

debian/Add support for TuxOnIce hibernation.patch | (download)

src/shared/sleep-config.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add support for tuxonice hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

debian/Re enable journal forwarding to syslog.patch | (download)

man/journald.conf.xml | 2 1 + 1 - 0 !
src/journal/journald-server.c | 1 1 + 0 - 0 !
src/journal/journald.conf | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 2 deletions(-)

 re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

  http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.

debian/Don t enable audit by default.patch | (download)

src/journal/journald-audit.c | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528

debian/Only start logind if dbus is installed.patch | (download)

units/systemd-logind.service.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 only start logind if dbus is installed

logind fails to start in environments without dbus, such as LXC containers or
servers. Add a startup condition to avoid the very noisy startup failure.

Part of #772700

debian/fsckd daemon for inter fsckd communication.patch | (download)

man/rules/meson.build | 1 1 + 0 - 0 !
man/systemd-fsckd.service.xml | 162 162 + 0 - 0 !
meson.build | 8 8 + 0 - 0 !
po/POTFILES.in | 1 1 + 0 - 0 !
src/fsckd/fsckd.c | 690 690 + 0 - 0 !
units/meson.build | 2 2 + 0 - 0 !
units/systemd-fsck-root.service.in | 2 2 + 0 - 0 !
units/systemd-fsck@.service.in | 3 2 + 1 - 0 !
units/systemd-fsckd.service.in | 17 17 + 0 - 0 !
units/systemd-fsckd.socket | 15 15 + 0 - 0 !
10 files changed, 900 insertions(+), 1 deletion(-)

 fsckd daemon for inter-fsckd communication

Global logic:
Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
progress report. systemd-fsckd then computes and writes to /dev/console the
number of devices currently being checked and the minimum fsck progress.

Plymouth and user interaction:
Forward the progress to plymouth and support canellation of in progress fsck.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.

Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
  checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
  displaying the information above. It can be overridden by plymouth themes
  supporting i18n.

Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.

Send a message to signal to user what key we are grabbing for fsck cancel.

Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.

Misc:
systemd-fsckd stops on idle when no fsck is connected.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part. Adapt existing fsck man page.

Note that fsckd had lived in the upstream tree for a while, but was removed.
More information at
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
-

debian/Skip filesystem check if already done by the initram.patch | (download)

src/fstab-generator/fstab-generator.c | 11 8 + 3 - 0 !
units/systemd-fsck-root.service.in | 1 1 + 0 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 skip filesystem check if already done by the initramfs

Newer versions of initramfs-tools already fsck and mount / and /usr in
the initramfs. Skip the filesystem check in this case.

Based on a previous patch by Michael Biebl <biebl@debian.org>.

Closes: #782522
Closes: #810748

debian/Revert core one step back again for nspawn we actual.patch | (download)

src/core/unit.c | 11 1 + 10 - 0 !
1 file changed, 1 insertion(+), 10 deletions(-)

 revert "core: one step back again,
 for nspawn we actually can't wait for cgroups running empty since systemd
 will get exactly zero notifications about it"

This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.

Bug-Debian: https://bugs.debian.org/784720
Bug-Ubuntu: https://launchpad.net/bugs/1448259
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137

debian/Revert core set RLIMIT_CORE to unlimited by default.patch | (download)

src/core/main.c | 2 0 + 2 - 0 !
sysctl.d/50-coredump.conf.in | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

 revert "core: set rlimit_core to unlimited by default"

Partially revert commit 15a900327ab as this completely breaks core dumps
without systemd-coredump. It's also contradicting core(8), and it's not
systemd's place to redefine the kernel definitions of core files.

Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
*file*, but the kernel deliberately ignores it for piping), so set a static
2^63 core size limit for systemd-coredump to go back to the previous behaviour
(otherwise the change above would break systemd-coredump).

Bug-Debian: https://bugs.debian.org/815020

debian/Revert core enable TasksMax for all services by default a.patch | (download)

man/systemd-system.conf.xml | 3 1 + 2 - 0 !
src/core/system.conf.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 3 deletions(-)

 revert "core: enable tasksmax= for all services by default,
 and set it to 512"

This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.

Introducing a default limit on number of threads broke a lot of software which
regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
indefinite number of subtasks that are not in a scope, like LXC or cron.

15% is way too much for most "simple" services, and it's too little for others
such as the ones mentioned above. There is also no particular rationale about
any particular global limit, so even if we'd bump it higher we'd just make the
limit even less useful while still breaking software.

It is both much safer and also much more effective in terms of guarding against
berserk programs/bugs/unintended fork bombs etc. to set limits in units
individually. Once someone looks at one, this is then a great time to also flip
on the other resource and privilege limitations that systemd offers.

Bug: https://github.com/systemd/systemd/issues/3211
Bug-Debian: https://bugs.debian.org/823530
Bug-Ubuntu: https://launchpad.net/bugs/1578080

debian/Let graphical session pre.target be manually started.patch | (download)

units/user/graphical-session-pre.target | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 let graphical-session-pre.target be manually started

This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.

debian/Add env variable for machine ID path.patch | (download)

src/libsystemd/sd-id128/sd-id128.c | 2 1 + 1 - 0 !
src/test/test-fs-util.c | 11 7 + 4 - 0 !
2 files changed, 8 insertions(+), 5 deletions(-)

 add env variable for machine id path

During package build, in minimal chroots, or other systems which do not already
have an /etc/machine-id we get six test failures. Introduce a
$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
other than /etc/machine-id, so that the unit tests are independent from the
environment.

Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
/etc/passwd instead which is created by base-files.

Closes: #851445

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344

debian/Drop seccomp system call filter for udev.patch | (download)

units/systemd-udevd.service.in | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 drop seccomp system call filter for udev

The seccomp based system call whitelist requires at least systemd 239 to
be the active init and during a dist-upgrade we can't guarantee that
systemd has been fully configured before udev is restarted.

This partially reverts upstream commit
ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.

Once buster is released, this patch can be dropped.

Closes: #903224