-
-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v252 batch #341
Merged
Merged
v252 batch #341
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes a bug introduced by 0843ec6. Fixes systemd/systemd#29145. (In upstream, the issue is fixed by 8d3c5b3). (cherry picked from commit 10397b6)
"/dev" or "/dev/" is the mount point, not a device path. In particular, 'systemctl status /dev' clearly does not refer to a device, so let's tweak the code a bit to say that those are not device paths. (Treating "/../dev" same as "/dev" would be also be reasonable, but that requires chase(), which requires disk access, which we don't want to do from this lightweight function.) (cherry picked from commit 8f1998b) (cherry picked from commit fc13a26) (cherry picked from commit 3cbdcfd)
I was missing an example of how to use cryptenroll. We have that, but in another page. Instead of repeating, let's just direct the user to the right place. Also, reformat synopsis to the "official" non-nested syntax. (cherry picked from commit 38e3c61) (cherry picked from commit ddfbdad) (cherry picked from commit bf19ea3)
kernel-install uses do_execute(). We would log whenever a spawned child finished, but we would not log anything when the child is launched. When the children log output without a prefix (as the kernel-install plugins do), it is hard to see where that output is coming from. (cherry picked from commit 9ec4f7c) (cherry picked from commit da0536a) (cherry picked from commit 6064d89)
…nored Before this fix, when recursive-errors was set to 'no' during a systemd-analyze verification, the parent slice was checked regardless. The 'no' setting means that, only the specified unit should be looked at and verified and errors in the slices should be ignored. This commit fixes that issue. Example: Say we have a sample.service file: [Unit] Description=Sample Service [Service] ExecStart=/bin/echo "a" Slice=support.slice Before Change: systemd-analyze verify --recursive-errors=no maanya/sample.service Assertion 'u' failed at src/core/unit.c:153, function unit_has_name(). Aborting. Aborted (core dumped) After Change: systemd-analyze verify --recursive-errors=no maanya/sample.service {No errors} (cherry picked from commit f660c7f) (cherry picked from commit e48c57c) (cherry picked from commit 3f5729a)
note that this slightly changes the semantic of assert when NDEBUG is defined. if there's an extern function call (without attribute pure or similar) then the compiler has to assume it has side effects and still emit the function call. whereas the old assert guaranteed that nothing will be evaluated on NDEBUG. Closes: systemd/systemd#29408 (cherry picked from commit be16668) (cherry picked from commit a9b83fc) (cherry picked from commit 2b408a6)
…y (#28885) When verifying seals produced with forward secure sealing, the verification currently does not check that old entries are only sealed with the key for their epoch and not a more recent one. This missing check allows an attacker to remove seals, and create new ones with the currently available key, and verify will claim everything is in order, although all entries could have been modified. This resolves CVE-2023-31439. Co-authored-by: Felix Dörre <[email protected]> (cherry picked from commit 3846d3a) (cherry picked from commit ea67d47) (cherry picked from commit e140c1d)
The device-mapper driver can return a wild variety of errors when trying to activate the same dm-verity volume concurrently, as it might happen with an image. There is a fallback logic in place, but the original return code was clobbered when userspace signature check was added. Add it back. Follow-up for c2fa92e (cherry picked from commit ace0712) (cherry picked from commit c2155c1) (cherry picked from commit 39a3d75)
According to the respective change in the DPS: <uapi-group/specifications#86> Signed-off-by: Roland Hieber <[email protected]> (cherry picked from commit 7c6dd20) (cherry picked from commit 9f415a6) (cherry picked from commit 5cacdfd)
…evel cgroup We have the "tasks.max" cgroup attribute only if we run in a cgroup namespace, but not on the host. Hence let's handle ENODATA silently simply to reduce the debug noise generated. (cherry picked from commit bde7e12) (cherry picked from commit d3a5c9f) (cherry picked from commit 44e3e23)
…e client is stopped Follow-up for fc35a9f. Fixes the issue systemd/systemd#29472 (comment). (cherry picked from commit 9bd91e3) (cherry picked from commit f453cbc) (cherry picked from commit 073d2db)
…monitor_new() As suggested at systemd/systemd#29872 (comment): > socket memory is these days accounted to the process that owns a socket, > hence we shouldn't be too concerned that this might waste memory. (cherry picked from commit eba449f) (cherry picked from commit 2a1fc60) (cherry picked from commit ae3bc45)
…9837) Previously only the first entered passphrase would be used. Add the ability to check all the passwords entered by the user. The total number of passwords entered is still limited by passphrase entry limit. (cherry picked from commit b55ca26) (cherry picked from commit cdb24cb) (cherry picked from commit c1a090f)
If we're waiting for the debugger process to exit and receive SIGTERM, propagate it to all processes in our process group, including the debugger, so we can follow it up with a proper cleanup. Resolves: #28772 (cherry picked from commit b260346) (cherry picked from commit d42ab01) (cherry picked from commit 000b9e7)
On a system with a shared home directory, I'm getting a bunch of warnings: systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.signal.Signal.desktop: not generating unit, error parsing Exec= line: No such file or directory systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/im.riot.Riot.desktop: not generating unit, error parsing Exec= line: No such file or directory systemd-xdg-autostart-generator[76]: Exec binary '/usr/libexec/gnome-tweak-tool-lid-inhibitor' does not exist: No such file or directory systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/ignore-lid-switch-tweak.desktop: not generating unit, error parsing Exec= line: No such file or directory systemd-xdg-autostart-generator[76]: Exec binary '/usr/bin/flatpak' does not exist: No such file or directory systemd-xdg-autostart-generator[76]: /home/zbyszek/.config/autostart/org.telegram.desktop.desktop: not generating unit, error parsing Exec= line: No such file or directory This isn't really a problem. Let's just print an info message. (cherry picked from commit ed73914) (cherry picked from commit fc31aba) (cherry picked from commit 20a7677)
41e4ce0 shortened existing sleeps, which resulted in the check being sometimes done before the property had a chance to update. Let's do what what we do with the rest of the checks and retry it a couple of times. Resolves: #29923 (cherry picked from commit 4e55082) (cherry picked from commit 3572445) (cherry picked from commit c77b806)
This completes/corrects the documentation for the following fields: COREDUMP_CGROUP= - doc where wrong, actually covered COREDUMP_PROC_CGROUP= COREDUMP_CMDLINE= → undocumented so far COREDUMP_PROC_CGROUP= → docs where there but incorrectly assigned to COREDUMP_CGROUP= COREDUMP_PROC_AUXV= → undocumented so far COREDUMP_SESSION= → undocumented so far Fixes: #29832 (cherry picked from commit a9d54de) (cherry picked from commit be694c8) (cherry picked from commit 1c09ddd)
Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will fail if the process is unprivileged. If it succeeds, it assumes that the process is privileged and setresuid and setresgid will succeed. However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if the process is unprivileged. Guard against that by checking for permission errors in setresuid and setresgid and skipping the full test if so. Fixes #22896. (cherry picked from commit 9217255) (cherry picked from commit 413849e) (cherry picked from commit a052d11)
Currently, we round minimum sizes up and maximum size down, whereas it should be the opposite as the current approach means that if the same size is used for min and max, the min size will end up bigger than the max size after rounding. (cherry picked from commit 6563aed) (cherry picked from commit 5d001f4) (cherry picked from commit 26e3d68)
git restore -s origin/main hwdb.d/ test/hwdb.d test/hwdb-test.sh (cherry picked from commit 3862a47)
github-actions
bot
added
documentation
hwdb
journal-remote
network
resolve
systemctl
udev
units
labels
Nov 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.