diff options
author | Alex Kiernan <alex.kiernan@gmail.com> | 2020-02-03 22:35:26 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-02-04 15:56:29 +0000 |
commit | 2c0e4daab9e3e3df160313a10e98efc55486b98d (patch) | |
tree | 1c7ae281b245aadc7e8d510c634df789c12e08e9 | |
parent | bb637cc802366865c8e1e219eadf24d5c80fff8b (diff) | |
download | poky-2c0e4daab9e3e3df160313a10e98efc55486b98d.tar.gz |
systemd: Upgrade 243.2 -> 243.4-latest
Update to latest on the 243 stable branch. This includes (amongst other
fixes) seccomp filter changes which fix failures with glibc 2.31, e.g.
systemd-journald[543]: Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at src/basic/time-util.c:55, function now(). Aborting.
Refresh:
0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0001-do-not-disable-buffer-in-writing-files.patch
Drop 0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch,
fixed in 5c0224c7bf3c ("Handle d_type == DT_UNKNOWN correctly").
Drop 0001-seccomp-more-comprehensive-protection-against-libsec.patch,
fixed in 70e8c1978a9a ("seccomp: real syscall numbers are >= 0").
Drop 0004-rules-whitelist-hd-devices.patch and
0005-rules-watch-metadata-changes-in-ide-devices.patch which cause
ide-cd to flap with tray open messages (and don't appear to be required
any more)
Commits from v243-stable:
70e8c1978a9a seccomp: real syscall numbers are >= 0
a0a1977d9a5d seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion
7f936c60d597 network: set ipv6 mtu after link-up or device mtu change
b59d88cc62a4 man: fix typo in net-naming-scheme man page
c5e5ac095821 man: fix typos (#14304)
9a2f26564d5a ipv4ll: do not reset conflict counter on restart
bc9e1ebfdd3b Fix typo (duplicate "or")
c6cb71b7e741 network: if /sys is rw, then udev should be around
67dcdfd95629 nspawn: do not fail if udev is not running
a7938a1bc6d3 Create parent directories when creating systemd-private subdirs
53aa44f8738a network: do not return error but return UINT64_MAX if speed meter is disabled
65abf126744f core: swap priority can be negative
b1cf452ff5f6 systemctl: enhance message about kexec missing kernel
07a0e5b42523 man: use mkswap@ instead of makeswap@
57dc017c6bac journald: don't ask for the machine ID if we don't need it
ac392a57c08c journalctl: pager_close() calls fflush(stdout) anyway as first thing
ee7dfadc8237 journald: remove unused field
471073f1b52b journalctl: return EOPNOTSUPP if pcre is not enabled
002ededb61a0 man: drop reference to machined, add one for journald instead
fd3bd4be3bff pid1: make TimeoutAbortSec settable for transient units
eb2ef4d6643e pid1: fix setting of DefaultTimeoutAbortSec
1d75e29b2378 shared/ask-password-api: modify keyctl break value
a16b1ee7e565 cryptsetup: reduce the chance that we will be OOM killed
4836fb010ae8 core: write out correct field name when creating transient service units
3e2c547f6d3c udevd: don't use monitor after manager_exit()
d42f7d45a8e2 Revert "udevd: fix crash when workers time out after exit is signal caught"
c9a287eee8fd man/systemd.link: Add missing verb *be*
a67a3ae04b89 man: document all pager variables for systemctl and systemd
3a8fce3f38b6 core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange=
fdffd284b682 core/service: downgrade "scheduling restart" message to debug
733e7f19d3cf travis: add missing closing quote sign
0d7b7817fc34 systemd-tmpfiles: don't install timer when service isn't installed either
0e7f83cd2b31 pam_systemd: prolong method call timeout when allocating session
e51d9bf9e5ac man: add entry about SpeedMeter=
aa1fc791c7a1 udev: silence warning about PROGRAM+= or IMPORT+= rules
b9a619bb6738 udevadm: ignore EROFS and return earlier
1ec5b9f80cb5 basic: add vmware hypervisor detection from device-tree
7fa7080248aa umount: be happy if /proc/swaps doesn't exist
71ccd774bb33 shutdown: make logging more useful if NULL swap/mount table files are specified
38453c6d42e4 man: share description of $SYSTEMD_COLORS in other tools
b50ca0152681 core: do not propagate polkit error to caller
99b72a66ca55 ask-password: don't hit assert() when we query pw which the user C-d and caching is enabled
288edd686911 man: mention $RUNTIME_DIRECTORY & friends in environment list
37aeadd433d3 cryptsetup-generator: guess whether the keyfile argument is two items or one
a87e8fdc72d7 verify: fix segmentation fault
3aea728cd2d2 timedated: it might be that tzinfo files are just not installed
cc103c72abc1 timedated: handle UTC specially, when generating /etc/localtime
f5a4caa5418b time-util: treat /etc/localtime missing as UTC
2139d58652bb bpf: fix off-by-one in class whitelisting
cb7693595db9 bpf: fix device type filter
56e1ba304b00 core: constify bpf program arrays
b06b7ace92c1 run: propagate return code/status from the child
5db454b8031c udevd: fix crash when workers time out after exit is signal caught
b774282a855e udev: ignore error caused by device disconnection
8d88a2ecd7ce udev: fix error code in the log message
c41484a2f3d7 udev: ignore ENOENT when chmod_and_chown() device node
f218b65b3246 udev: do not append newline when write attributes
ce4d17ddbc16 time-util: uniquify timezone list, in case UTC is listed in timezone1970.tab, too
28f0b34c57bc time-util: always accept UTC as valid timezone
8b888d236007 seccomp: add all *time64 syscalls
53d8feeb2334 libblkid: open device in nonblock mode.
b9478046b03d man: describe ordering in case of Conflicts=
fa3e5bd2bbb4 man: put description of Wants= above Requires=
bdebd2c325fc meson: remove strange dep that causes meson to enter infinite loop
26bc77d8e5af man: fix option typo in pam_systemd man page
9c12127e3d2e man: save pull-raw example file without underscores
4c106cbcf1af man: small grammatical/word choice fixes to crypttab man page
03cc374fca74 shared/format-table: disable ellipsization when piped
0a5497d3fa4b sd-device-enumerator: do not return error when a device is removed
7b0d0331d051 bootctl: create leading dirs when "bootctl random-seed" is called if needed
5aab35aac9db core, job: fix breakage of ordering dependencies by systemctl reload command
cd86ae937305 journalctl: allow running vacuum on remote journals, too
fc0451bc0a3f allow an empty DefaultInstance= in configuration files
587266c24aae man/systemd.net-naming-scheme: fix typo
e0e63f0f9bb9 nspawn: respect quiet on capabilities warning
37e50c05b564 nspawn: mangle slice name
4fefc493541e mkosi: Find hostname command on Arch Linux
c430e8affba4 Fix mkosi on Arch Linux
1765b8d803dd Update to Fedora31
0b9a2a9a9868 sd-boot: Silence compiler warning when building with -O2
24e02f8d49b6 sd-boot: Don't loudly complain if RNG protocol isn't available
14e377ef3519 sd-boot: Only disable optimization on debug builds
a39008ddecb9 meson: correct man page deps
4c1dcc06fa30 sd-event: don't invalidate source type on disconnect
fb89ee34cedc analyze: fix minor memleak
a449299bc087 analyze: sort list of unknown syscalls kernel implements
51ea58a04b18 seccomp: add new Linux 5.3 syscalls to syscall filter lists
819695c8b027 resolved: check for IP in certificate when using DoT with GnuTLS
37f817e21097 resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
32056809baa2 coverity: replace python with jq
d2b4d7ee17de network-generator: Add missing help for --root
f1b18c206208 modules-load: do not fail service if modules are not present
606de6626714 pid1: order .automount units after local-fs-pre.target
1366b81f2bc5 shared/install: failing with -ELOOP can be due to the use of an alias in install_error()
84d5cd699e25 shared/install: fix error codes returned by install_context_apply()
417779c58a86 man: alias names can't be used with enable command
00af6c447f25 resolved: set stream type during DnsStream creation
66dd9d7d25fd sd-device: allow sd_device_get_devtype to be called with NULL arg and do not assert
048f9da1a4b3 Remove unused plymouth_running() function
34fa67bbe732 machine-id-setup: avoid unexpected aborting
24c99fa2ef3d test-socket-util: avoid writing past the defined buffer
ce82233f99b3 test: drop duplicated 's'
75a0e7209114 nspawn: fix handling of --console=help
f41a282875fc Revert "sysusers: properly mark generated accounts as locked"
fc2dceac6172 Remove unprintable non-ASCII char from special glyph ASCII fallback table
dedf5b511e6f logind: fix emission of PropertiesChanged for users
6e3cfe2e58f5 logind: fix emission of PropertiesChanged on seats
a9152084d7e9 resolved: fix connection failures with TLS 1.3 and GnuTLS
961879ed9ddb udev: tag any display devices as master-of-seat when nomodeset is used
8aa7bafa1295 systemd-fsck: fix systemd-fsck/fsck pipe bad closure
19590e289ace ceph is a network filesystem
339606ad9e99 portabled: allow to detach an image with a unit in linked-runtime state
bd9692734ac5 network: ndisc: do not drop all prefixes when a prefix matches a blacklist
5e6d4f8b79e0 systemctl: fix memleak caused by wrong cleanup func
47d0e23d26af udev: fix memleak caused by wrong cleanup function
a6fb0542c5ef parse_hwdb: fix compatibility with pyparsing 2.4.*
cb1d892f1780 parse_hwdb: process files in order
ef677436aa20 test: Pass personality test even when i686 userland runs on x86_64 kernel
3f6398c450b8 docs: fix inadvertent change in uid range
25bb377a73e7 cgroup: fix typo in BPF firewall support warning message
6d97aca0d503 fix build with compilers with default stack-protector enabled
fbad077cec34 nspawn: surrender controlling terminal to PID2 when using the PID1 stub
0553c3c66889 pid1: fix DefaultTasksMax initialization
f406a691a722 src/core/automount: use DirectoryMode when calling mkdir -p
20438f96c326 udevadm trigger: do not propagate EACCES and ENODEV
6480630bc397 hwdb: Correct WWWW Pattern In Documentation Comment
9d8e889810b5 nspawn: consistenly fail if parsing the environment fails
40e169b30423 nspawn: default to unified hierarchy if --as-pid2 is used
b5df1037a0c0 cgroup: Mark memory protections as explicitly set in transient units
f14e3e02cca7 cgroup: Respect DefaultMemoryMin when setting memory.min
ea248e53bf76 cgroup: Check ancestor memory min for unified memory config
de1d25a506db cgroup: docs: memory.high doc fixups
2ab45f38d8c4 cgroup: docs: Mention unbounded protection for memory.{low,min}
19a43dc38a13 Consider smb3 as remote filesystem
5c0224c7bf3c Handle d_type == DT_UNKNOWN correctly
8282bc61df10 util-lib: Don't propagate EACCES from find_binary PATH lookup to caller
9d0ae987a634 network: drop noisy log message
f67f0e4ec45a Updated log message when the timesync happens for the first time (#13624)
e151bf467494 units: make systemd-binfmt.service easier to work with no autofs
2b8e574d8242 Corect man page reference in systemd-nologin.conf comments
a0577353f191 man: Add a missing space in machinectl(1)
693e98398869 log: Add missing "%" in "%m" log format strings
ea7151b8c435 pid1: do not warn if /run/systemd/relabel-extra.d/ doesn't exist
b90549290e33 man: fix typo
(From OE-Core rev: 48a061c1da0745ca2263cfcfb9041d67cd018193)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/systemd/systemd-boot_243.4.bb (renamed from meta/recipes-core/systemd/systemd-boot_243.2.bb) | 0 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd.inc | 4 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch | 30 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch | 88 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch | 152 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch | 42 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch | 34 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch | 45 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd_243.4.bb (renamed from meta/recipes-core/systemd/systemd_243.2.bb) | 4 |
9 files changed, 45 insertions, 354 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot_243.2.bb b/meta/recipes-core/systemd/systemd-boot_243.4.bb index 515abc289b..515abc289b 100644 --- a/meta/recipes-core/systemd/systemd-boot_243.2.bb +++ b/meta/recipes-core/systemd/systemd-boot_243.4.bb | |||
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 18f17d28ac..2fca6dca64 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc | |||
@@ -14,8 +14,10 @@ LICENSE = "GPLv2 & LGPLv2.1" | |||
14 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ | 14 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ |
15 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" | 15 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" |
16 | 16 | ||
17 | SRCREV = "fab6f010ac6c3bc93a10868de722d7c8c3622eb9" | 17 | SRCREV = "70e8c1978a9a688662eb1b3983370dd1cc415083" |
18 | SRCBRANCH = "v243-stable" | 18 | SRCBRANCH = "v243-stable" |
19 | SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" | 19 | SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" |
20 | 20 | ||
21 | PV = "243.4+git${SRCPV}" | ||
22 | |||
21 | S = "${WORKDIR}/git" | 23 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch index 73e65ff798..ea37680221 100644 --- a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch +++ b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch | |||
@@ -24,10 +24,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> | |||
24 | units/systemd-binfmt.service.in | 4 ++++ | 24 | units/systemd-binfmt.service.in | 4 ++++ |
25 | 3 files changed, 9 insertions(+), 4 deletions(-) | 25 | 3 files changed, 9 insertions(+), 4 deletions(-) |
26 | 26 | ||
27 | diff --git a/units/meson.build b/units/meson.build | 27 | Index: systemd-stable/units/meson.build |
28 | index e1ee9f86c3..6bb7771b36 100644 | 28 | =================================================================== |
29 | --- a/units/meson.build | 29 | --- systemd-stable.orig/units/meson.build |
30 | +++ b/units/meson.build | 30 | +++ systemd-stable/units/meson.build |
31 | @@ -46,8 +46,7 @@ units = [ | 31 | @@ -46,8 +46,7 @@ units = [ |
32 | ['poweroff.target', '', | 32 | ['poweroff.target', '', |
33 | 'runlevel0.target'], | 33 | 'runlevel0.target'], |
@@ -48,10 +48,10 @@ index e1ee9f86c3..6bb7771b36 100644 | |||
48 | ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], | 48 | ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], |
49 | ['systemd-boot-check-no-failures.service', ''], | 49 | ['systemd-boot-check-no-failures.service', ''], |
50 | ['systemd-boot-system-token.service', 'ENABLE_EFI', | 50 | ['systemd-boot-system-token.service', 'ENABLE_EFI', |
51 | diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount | 51 | Index: systemd-stable/units/proc-sys-fs-binfmt_misc.automount |
52 | index 30a6bc9918..4231f3b70f 100644 | 52 | =================================================================== |
53 | --- a/units/proc-sys-fs-binfmt_misc.automount | 53 | --- systemd-stable.orig/units/proc-sys-fs-binfmt_misc.automount |
54 | +++ b/units/proc-sys-fs-binfmt_misc.automount | 54 | +++ systemd-stable/units/proc-sys-fs-binfmt_misc.automount |
55 | @@ -18,3 +18,6 @@ ConditionPathIsReadWrite=/proc/sys/ | 55 | @@ -18,3 +18,6 @@ ConditionPathIsReadWrite=/proc/sys/ |
56 | 56 | ||
57 | [Automount] | 57 | [Automount] |
@@ -59,19 +59,19 @@ index 30a6bc9918..4231f3b70f 100644 | |||
59 | + | 59 | + |
60 | +[Install] | 60 | +[Install] |
61 | +WantedBy=sysinit.target | 61 | +WantedBy=sysinit.target |
62 | diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in | 62 | Index: systemd-stable/units/systemd-binfmt.service.in |
63 | index e940c7c9ad..6be7f5cc9b 100644 | 63 | =================================================================== |
64 | --- a/units/systemd-binfmt.service.in | 64 | --- systemd-stable.orig/units/systemd-binfmt.service.in |
65 | +++ b/units/systemd-binfmt.service.in | 65 | +++ systemd-stable/units/systemd-binfmt.service.in |
66 | @@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.htm | 66 | @@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc |
67 | Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems | 67 | Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems |
68 | DefaultDependencies=no | 68 | DefaultDependencies=no |
69 | Conflicts=shutdown.target | 69 | Conflicts=shutdown.target |
70 | +Wants=proc-sys-fs-binfmt_misc.automount | 70 | +Wants=proc-sys-fs-binfmt_misc.automount |
71 | After=proc-sys-fs-binfmt_misc.automount | 71 | After=proc-sys-fs-binfmt_misc.automount |
72 | After=proc-sys-fs-binfmt_misc.mount | ||
72 | Before=sysinit.target shutdown.target | 73 | Before=sysinit.target shutdown.target |
73 | ConditionPathIsReadWrite=/proc/sys/ | 74 | @@ -29,3 +30,6 @@ Type=oneshot |
74 | @@ -28,3 +29,6 @@ Type=oneshot | ||
75 | RemainAfterExit=yes | 75 | RemainAfterExit=yes |
76 | ExecStart=@rootlibexecdir@/systemd-binfmt | 76 | ExecStart=@rootlibexecdir@/systemd-binfmt |
77 | TimeoutSec=90s | 77 | TimeoutSec=90s |
diff --git a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch index 2f4daf8665..d6d68a09ac 100644 --- a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch +++ b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch | |||
@@ -38,11 +38,9 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> | |||
38 | src/vconsole/vconsole-setup.c | 2 +- | 38 | src/vconsole/vconsole-setup.c | 2 +- |
39 | 17 files changed, 36 insertions(+), 36 deletions(-) | 39 | 17 files changed, 36 insertions(+), 36 deletions(-) |
40 | 40 | ||
41 | diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c | ||
42 | index 7b5839ccd6..18f6e8ffc8 100644 | ||
43 | --- a/src/basic/cgroup-util.c | 41 | --- a/src/basic/cgroup-util.c |
44 | +++ b/src/basic/cgroup-util.c | 42 | +++ b/src/basic/cgroup-util.c |
45 | @@ -860,7 +860,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { | 43 | @@ -860,7 +860,7 @@ int cg_attach(const char *controller, co |
46 | 44 | ||
47 | xsprintf(c, PID_FMT "\n", pid); | 45 | xsprintf(c, PID_FMT "\n", pid); |
48 | 46 | ||
@@ -51,7 +49,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
51 | if (r < 0) | 49 | if (r < 0) |
52 | return r; | 50 | return r; |
53 | 51 | ||
54 | @@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { | 52 | @@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char |
55 | 53 | ||
56 | sc = strstrip(contents); | 54 | sc = strstrip(contents); |
57 | if (isempty(sc)) { | 55 | if (isempty(sc)) { |
@@ -60,7 +58,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
60 | if (r < 0) | 58 | if (r < 0) |
61 | return r; | 59 | return r; |
62 | } else if (!path_equal(sc, agent)) | 60 | } else if (!path_equal(sc, agent)) |
63 | @@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { | 61 | @@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char |
64 | 62 | ||
65 | sc = strstrip(contents); | 63 | sc = strstrip(contents); |
66 | if (streq(sc, "0")) { | 64 | if (streq(sc, "0")) { |
@@ -69,7 +67,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
69 | if (r < 0) | 67 | if (r < 0) |
70 | return r; | 68 | return r; |
71 | 69 | ||
72 | @@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const char *controller) { | 70 | @@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const cha |
73 | if (r < 0) | 71 | if (r < 0) |
74 | return r; | 72 | return r; |
75 | 73 | ||
@@ -78,7 +76,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
78 | if (r < 0) | 76 | if (r < 0) |
79 | return r; | 77 | return r; |
80 | 78 | ||
81 | @@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const char *controller) { | 79 | @@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const cha |
82 | if (r < 0) | 80 | if (r < 0) |
83 | return r; | 81 | return r; |
84 | 82 | ||
@@ -87,7 +85,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
87 | if (r < 0) | 85 | if (r < 0) |
88 | return r; | 86 | return r; |
89 | 87 | ||
90 | @@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri | 88 | @@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *control |
91 | if (r < 0) | 89 | if (r < 0) |
92 | return r; | 90 | return r; |
93 | 91 | ||
@@ -105,11 +103,9 @@ index 7b5839ccd6..18f6e8ffc8 100644 | |||
105 | if (r < 0) { | 103 | if (r < 0) { |
106 | log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", | 104 | log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", |
107 | FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); | 105 | FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); |
108 | diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c | ||
109 | index 42ce53d5aa..57512532a6 100644 | ||
110 | --- a/src/basic/procfs-util.c | 106 | --- a/src/basic/procfs-util.c |
111 | +++ b/src/basic/procfs-util.c | 107 | +++ b/src/basic/procfs-util.c |
112 | @@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limit) { | 108 | @@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limi |
113 | * decrease it, as threads-max is the much more relevant sysctl. */ | 109 | * decrease it, as threads-max is the much more relevant sysctl. */ |
114 | if (limit > pid_max-1) { | 110 | if (limit > pid_max-1) { |
115 | sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ | 111 | sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ |
@@ -125,11 +121,9 @@ index 42ce53d5aa..57512532a6 100644 | |||
125 | if (r < 0) { | 121 | if (r < 0) { |
126 | uint64_t threads_max; | 122 | uint64_t threads_max; |
127 | 123 | ||
128 | diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c | ||
129 | index 123d00e13e..e7ea78f349 100644 | ||
130 | --- a/src/basic/smack-util.c | 124 | --- a/src/basic/smack-util.c |
131 | +++ b/src/basic/smack-util.c | 125 | +++ b/src/basic/smack-util.c |
132 | @@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { | 126 | @@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const |
133 | return 0; | 127 | return 0; |
134 | 128 | ||
135 | p = procfs_file_alloca(pid, "attr/current"); | 129 | p = procfs_file_alloca(pid, "attr/current"); |
@@ -138,8 +132,6 @@ index 123d00e13e..e7ea78f349 100644 | |||
138 | if (r < 0) | 132 | if (r < 0) |
139 | return r; | 133 | return r; |
140 | 134 | ||
141 | diff --git a/src/basic/util.c b/src/basic/util.c | ||
142 | index 93d610bc98..97dca64f73 100644 | ||
143 | --- a/src/basic/util.c | 135 | --- a/src/basic/util.c |
144 | +++ b/src/basic/util.c | 136 | +++ b/src/basic/util.c |
145 | @@ -294,7 +294,7 @@ void disable_coredumps(void) { | 137 | @@ -294,7 +294,7 @@ void disable_coredumps(void) { |
@@ -151,11 +143,9 @@ index 93d610bc98..97dca64f73 100644 | |||
151 | if (r < 0) | 143 | if (r < 0) |
152 | log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); | 144 | log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); |
153 | } | 145 | } |
154 | diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c | ||
155 | index aa9d811f2e..8c7f2dae7a 100644 | ||
156 | --- a/src/binfmt/binfmt.c | 146 | --- a/src/binfmt/binfmt.c |
157 | +++ b/src/binfmt/binfmt.c | 147 | +++ b/src/binfmt/binfmt.c |
158 | @@ -48,7 +48,7 @@ static int delete_rule(const char *rule) { | 148 | @@ -48,7 +48,7 @@ static int delete_rule(const char *rule) |
159 | if (!fn) | 149 | if (!fn) |
160 | return log_oom(); | 150 | return log_oom(); |
161 | 151 | ||
@@ -164,7 +154,7 @@ index aa9d811f2e..8c7f2dae7a 100644 | |||
164 | } | 154 | } |
165 | 155 | ||
166 | static int apply_rule(const char *rule) { | 156 | static int apply_rule(const char *rule) { |
167 | @@ -56,7 +56,7 @@ static int apply_rule(const char *rule) { | 157 | @@ -56,7 +56,7 @@ static int apply_rule(const char *rule) |
168 | 158 | ||
169 | (void) delete_rule(rule); | 159 | (void) delete_rule(rule); |
170 | 160 | ||
@@ -182,11 +172,9 @@ index aa9d811f2e..8c7f2dae7a 100644 | |||
182 | 172 | ||
183 | STRV_FOREACH(f, files) { | 173 | STRV_FOREACH(f, files) { |
184 | k = apply_file(*f, true); | 174 | k = apply_file(*f, true); |
185 | diff --git a/src/core/main.c b/src/core/main.c | ||
186 | index bcce7178a8..4199cedab9 100644 | ||
187 | --- a/src/core/main.c | 175 | --- a/src/core/main.c |
188 | +++ b/src/core/main.c | 176 | +++ b/src/core/main.c |
189 | @@ -1285,7 +1285,7 @@ static int bump_unix_max_dgram_qlen(void) { | 177 | @@ -1303,7 +1303,7 @@ static int bump_unix_max_dgram_qlen(void |
190 | if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) | 178 | if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) |
191 | return 0; | 179 | return 0; |
192 | 180 | ||
@@ -195,7 +183,7 @@ index bcce7178a8..4199cedab9 100644 | |||
195 | if (r < 0) | 183 | if (r < 0) |
196 | return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, | 184 | return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, |
197 | "Failed to bump AF_UNIX datagram queue length, ignoring: %m"); | 185 | "Failed to bump AF_UNIX datagram queue length, ignoring: %m"); |
198 | @@ -1509,7 +1509,7 @@ static void initialize_core_pattern(bool skip_setup) { | 186 | @@ -1527,7 +1527,7 @@ static void initialize_core_pattern(bool |
199 | if (getpid_cached() != 1) | 187 | if (getpid_cached() != 1) |
200 | return; | 188 | return; |
201 | 189 | ||
@@ -204,11 +192,9 @@ index bcce7178a8..4199cedab9 100644 | |||
204 | if (r < 0) | 192 | if (r < 0) |
205 | log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern); | 193 | log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern); |
206 | } | 194 | } |
207 | diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c | ||
208 | index b95e6239d4..fdbdaaaccb 100644 | ||
209 | --- a/src/core/smack-setup.c | 195 | --- a/src/core/smack-setup.c |
210 | +++ b/src/core/smack-setup.c | 196 | +++ b/src/core/smack-setup.c |
211 | @@ -325,17 +325,17 @@ int mac_smack_setup(bool *loaded_policy) { | 197 | @@ -327,17 +327,17 @@ int mac_smack_setup(bool *loaded_policy) |
212 | } | 198 | } |
213 | 199 | ||
214 | #ifdef SMACK_RUN_LABEL | 200 | #ifdef SMACK_RUN_LABEL |
@@ -230,8 +216,6 @@ index b95e6239d4..fdbdaaaccb 100644 | |||
230 | if (r < 0) | 216 | if (r < 0) |
231 | log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); | 217 | log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); |
232 | #endif | 218 | #endif |
233 | diff --git a/src/hibernate-resume/hibernate-resume.c b/src/hibernate-resume/hibernate-resume.c | ||
234 | index 17e7cd1a00..87a7667716 100644 | ||
235 | --- a/src/hibernate-resume/hibernate-resume.c | 219 | --- a/src/hibernate-resume/hibernate-resume.c |
236 | +++ b/src/hibernate-resume/hibernate-resume.c | 220 | +++ b/src/hibernate-resume/hibernate-resume.c |
237 | @@ -45,7 +45,7 @@ int main(int argc, char *argv[]) { | 221 | @@ -45,7 +45,7 @@ int main(int argc, char *argv[]) { |
@@ -243,11 +227,9 @@ index 17e7cd1a00..87a7667716 100644 | |||
243 | if (r < 0) { | 227 | if (r < 0) { |
244 | log_error_errno(r, "Failed to write '%s' to /sys/power/resume: %m", major_minor); | 228 | log_error_errno(r, "Failed to write '%s' to /sys/power/resume: %m", major_minor); |
245 | return EXIT_FAILURE; | 229 | return EXIT_FAILURE; |
246 | diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c | ||
247 | index c4a7f2f3d3..bcac758284 100644 | ||
248 | --- a/src/libsystemd/sd-device/sd-device.c | 230 | --- a/src/libsystemd/sd-device/sd-device.c |
249 | +++ b/src/libsystemd/sd-device/sd-device.c | 231 | +++ b/src/libsystemd/sd-device/sd-device.c |
250 | @@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, | 232 | @@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value |
251 | if (!value) | 233 | if (!value) |
252 | return -ENOMEM; | 234 | return -ENOMEM; |
253 | 235 | ||
@@ -256,11 +238,9 @@ index c4a7f2f3d3..bcac758284 100644 | |||
256 | if (r < 0) { | 238 | if (r < 0) { |
257 | if (r == -ELOOP) | 239 | if (r == -ELOOP) |
258 | return -EINVAL; | 240 | return -EINVAL; |
259 | diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c | ||
260 | index 30b9a66334..cc1d577933 100644 | ||
261 | --- a/src/login/logind-dbus.c | 241 | --- a/src/login/logind-dbus.c |
262 | +++ b/src/login/logind-dbus.c | 242 | +++ b/src/login/logind-dbus.c |
263 | @@ -1325,7 +1325,7 @@ static int trigger_device(Manager *m, sd_device *d) { | 243 | @@ -1323,7 +1323,7 @@ static int trigger_device(Manager *m, sd |
264 | if (!t) | 244 | if (!t) |
265 | return -ENOMEM; | 245 | return -ENOMEM; |
266 | 246 | ||
@@ -269,11 +249,9 @@ index 30b9a66334..cc1d577933 100644 | |||
269 | } | 249 | } |
270 | 250 | ||
271 | return 0; | 251 | return 0; |
272 | diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c | ||
273 | index 0462b46413..7c53d41483 100644 | ||
274 | --- a/src/nspawn/nspawn-cgroup.c | 252 | --- a/src/nspawn/nspawn-cgroup.c |
275 | +++ b/src/nspawn/nspawn-cgroup.c | 253 | +++ b/src/nspawn/nspawn-cgroup.c |
276 | @@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { | 254 | @@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified |
277 | fn = strjoina(tree, cgroup, "/cgroup.procs"); | 255 | fn = strjoina(tree, cgroup, "/cgroup.procs"); |
278 | 256 | ||
279 | sprintf(pid_string, PID_FMT, pid); | 257 | sprintf(pid_string, PID_FMT, pid); |
@@ -282,11 +260,9 @@ index 0462b46413..7c53d41483 100644 | |||
282 | if (r < 0) { | 260 | if (r < 0) { |
283 | log_error_errno(r, "Failed to move process: %m"); | 261 | log_error_errno(r, "Failed to move process: %m"); |
284 | goto finish; | 262 | goto finish; |
285 | diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c | ||
286 | index 2aec8041f0..841542f2f3 100644 | ||
287 | --- a/src/nspawn/nspawn.c | 263 | --- a/src/nspawn/nspawn.c |
288 | +++ b/src/nspawn/nspawn.c | 264 | +++ b/src/nspawn/nspawn.c |
289 | @@ -2357,7 +2357,7 @@ static int reset_audit_loginuid(void) { | 265 | @@ -2403,7 +2403,7 @@ static int reset_audit_loginuid(void) { |
290 | if (streq(p, "4294967295")) | 266 | if (streq(p, "4294967295")) |
291 | return 0; | 267 | return 0; |
292 | 268 | ||
@@ -295,7 +271,7 @@ index 2aec8041f0..841542f2f3 100644 | |||
295 | if (r < 0) { | 271 | if (r < 0) { |
296 | log_error_errno(r, | 272 | log_error_errno(r, |
297 | "Failed to reset audit login UID. This probably means that your kernel is too\n" | 273 | "Failed to reset audit login UID. This probably means that your kernel is too\n" |
298 | @@ -3566,13 +3566,13 @@ static int setup_uid_map(pid_t pid) { | 274 | @@ -3612,13 +3612,13 @@ static int setup_uid_map(pid_t pid) { |
299 | 275 | ||
300 | xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); | 276 | xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); |
301 | xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range); | 277 | xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range); |
@@ -311,11 +287,9 @@ index 2aec8041f0..841542f2f3 100644 | |||
311 | if (r < 0) | 287 | if (r < 0) |
312 | return log_error_errno(r, "Failed to write GID map: %m"); | 288 | return log_error_errno(r, "Failed to write GID map: %m"); |
313 | 289 | ||
314 | diff --git a/src/shared/sysctl-util.c b/src/shared/sysctl-util.c | ||
315 | index 93bdcf11bf..68cddb7a9f 100644 | ||
316 | --- a/src/shared/sysctl-util.c | 290 | --- a/src/shared/sysctl-util.c |
317 | +++ b/src/shared/sysctl-util.c | 291 | +++ b/src/shared/sysctl-util.c |
318 | @@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, const char *ifname, const char *property, c | 292 | @@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, con |
319 | 293 | ||
320 | log_debug("Setting '%s' to '%s'", p, value); | 294 | log_debug("Setting '%s' to '%s'", p, value); |
321 | 295 | ||
@@ -324,11 +298,9 @@ index 93bdcf11bf..68cddb7a9f 100644 | |||
324 | } | 298 | } |
325 | 299 | ||
326 | int sysctl_read(const char *property, char **content) { | 300 | int sysctl_read(const char *property, char **content) { |
327 | diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c | ||
328 | index b9fe96635d..f168d7f890 100644 | ||
329 | --- a/src/sleep/sleep.c | 301 | --- a/src/sleep/sleep.c |
330 | +++ b/src/sleep/sleep.c | 302 | +++ b/src/sleep/sleep.c |
331 | @@ -54,7 +54,7 @@ static int write_hibernate_location_info(void) { | 303 | @@ -54,7 +54,7 @@ static int write_hibernate_location_info |
332 | 304 | ||
333 | /* if it's a swap partition, we just write the disk to /sys/power/resume */ | 305 | /* if it's a swap partition, we just write the disk to /sys/power/resume */ |
334 | if (streq(type, "partition")) { | 306 | if (streq(type, "partition")) { |
@@ -337,7 +309,7 @@ index b9fe96635d..f168d7f890 100644 | |||
337 | if (r < 0) | 309 | if (r < 0) |
338 | return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m"); | 310 | return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m"); |
339 | 311 | ||
340 | @@ -98,14 +98,14 @@ static int write_hibernate_location_info(void) { | 312 | @@ -98,14 +98,14 @@ static int write_hibernate_location_info |
341 | 313 | ||
342 | offset = fiemap->fm_extents[0].fe_physical / page_size(); | 314 | offset = fiemap->fm_extents[0].fe_physical / page_size(); |
343 | xsprintf(offset_str, "%" PRIu64, offset); | 315 | xsprintf(offset_str, "%" PRIu64, offset); |
@@ -363,7 +335,7 @@ index b9fe96635d..f168d7f890 100644 | |||
363 | if (k >= 0) | 335 | if (k >= 0) |
364 | return 0; | 336 | return 0; |
365 | 337 | ||
366 | @@ -140,7 +140,7 @@ static int write_state(FILE **f, char **states) { | 338 | @@ -140,7 +140,7 @@ static int write_state(FILE **f, char ** |
367 | STRV_FOREACH(state, states) { | 339 | STRV_FOREACH(state, states) { |
368 | int k; | 340 | int k; |
369 | 341 | ||
@@ -372,24 +344,20 @@ index b9fe96635d..f168d7f890 100644 | |||
372 | if (k >= 0) | 344 | if (k >= 0) |
373 | return 0; | 345 | return 0; |
374 | log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); | 346 | log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); |
375 | diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c | ||
376 | index 77d95e513f..25ce4abfb1 100644 | ||
377 | --- a/src/udev/udevadm-trigger.c | 347 | --- a/src/udev/udevadm-trigger.c |
378 | +++ b/src/udev/udevadm-trigger.c | 348 | +++ b/src/udev/udevadm-trigger.c |
379 | @@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set *settle_se | 349 | @@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerato |
380 | if (!filename) | 350 | if (!filename) |
381 | return log_oom(); | 351 | return log_oom(); |
382 | 352 | ||
383 | - r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); | 353 | - r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); |
384 | + r = write_string_file(filename, action, 0); | 354 | + r = write_string_file(filename, action, 0); |
385 | if (r < 0) { | 355 | if (r < 0) { |
386 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, | 356 | bool ignore = IN_SET(r, -ENOENT, -EACCES, -ENODEV, -EROFS); |
387 | "Failed to write '%s' to '%s': %m", action, filename); | 357 | |
388 | diff --git a/src/udev/udevd.c b/src/udev/udevd.c | ||
389 | index cb5123042a..ea309a9e7f 100644 | ||
390 | --- a/src/udev/udevd.c | 358 | --- a/src/udev/udevd.c |
391 | +++ b/src/udev/udevd.c | 359 | +++ b/src/udev/udevd.c |
392 | @@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_device *dev, const char *syspath) { | 360 | @@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_devi |
393 | 361 | ||
394 | filename = strjoina(syspath, "/uevent"); | 362 | filename = strjoina(syspath, "/uevent"); |
395 | log_device_debug(dev, "device is closed, synthesising 'change' on %s", syspath); | 363 | log_device_debug(dev, "device is closed, synthesising 'change' on %s", syspath); |
@@ -398,11 +366,9 @@ index cb5123042a..ea309a9e7f 100644 | |||
398 | if (r < 0) | 366 | if (r < 0) |
399 | return log_device_debug_errno(dev, r, "Failed to write 'change' to %s: %m", filename); | 367 | return log_device_debug_errno(dev, r, "Failed to write 'change' to %s: %m", filename); |
400 | return 0; | 368 | return 0; |
401 | diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c | ||
402 | index 75d052ae70..5a15c939d8 100644 | ||
403 | --- a/src/vconsole/vconsole-setup.c | 369 | --- a/src/vconsole/vconsole-setup.c |
404 | +++ b/src/vconsole/vconsole-setup.c | 370 | +++ b/src/vconsole/vconsole-setup.c |
405 | @@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { | 371 | @@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *na |
406 | static int toggle_utf8_sysfs(bool utf8) { | 372 | static int toggle_utf8_sysfs(bool utf8) { |
407 | int r; | 373 | int r; |
408 | 374 | ||
diff --git a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch b/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch deleted file mode 100644 index f359d2879b..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch +++ /dev/null | |||
@@ -1,152 +0,0 @@ | |||
1 | From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001 | ||
2 | From: Lennart Poettering <lennart@poettering.net> | ||
3 | Date: Thu, 14 Nov 2019 17:51:30 +0100 | ||
4 | Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's | ||
5 | __NR_xyz namespace invasion | ||
6 | |||
7 | A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the | ||
8 | same conditioning for all cases of our __NR_xyz use. | ||
9 | |||
10 | Fixes: #14031 | ||
11 | |||
12 | Reference: | ||
13 | https://github.com/systemd/systemd/pull/14032/commits/62f66fdbcc33580467c01b1f149474b6c973df5a | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | |||
17 | Signed-off-by: Ming Liu <liu.ming50@gmail.com> | ||
18 | --- | ||
19 | src/basic/missing_syscall.h | 10 +++++----- | ||
20 | src/test/test-seccomp.c | 19 ++++++++++--------- | ||
21 | 2 files changed, 15 insertions(+), 14 deletions(-) | ||
22 | |||
23 | diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h | ||
24 | index 6d9b125..1255d8b 100644 | ||
25 | --- a/src/basic/missing_syscall.h | ||
26 | +++ b/src/basic/missing_syscall.h | ||
27 | @@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c | ||
28 | |||
29 | #if !HAVE_KCMP | ||
30 | static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) { | ||
31 | -# ifdef __NR_kcmp | ||
32 | +# if defined __NR_kcmp && __NR_kcmp > 0 | ||
33 | return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2); | ||
34 | # else | ||
35 | errno = ENOSYS; | ||
36 | @@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i | ||
37 | |||
38 | #if !HAVE_KEYCTL | ||
39 | static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { | ||
40 | -# ifdef __NR_keyctl | ||
41 | +# if defined __NR_keyctl && __NR_keyctl > 0 | ||
42 | return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5); | ||
43 | # else | ||
44 | errno = ENOSYS; | ||
45 | @@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg | ||
46 | } | ||
47 | |||
48 | static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) { | ||
49 | -# ifdef __NR_add_key | ||
50 | +# if defined __NR_add_key && __NR_add_key > 0 | ||
51 | return syscall(__NR_add_key, type, description, payload, plen, ringid); | ||
52 | # else | ||
53 | errno = ENOSYS; | ||
54 | @@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip | ||
55 | } | ||
56 | |||
57 | static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) { | ||
58 | -# ifdef __NR_request_key | ||
59 | +# if defined __NR_request_key && __NR_request_key > 0 | ||
60 | return syscall(__NR_request_key, type, description, callout_info, destringid); | ||
61 | # else | ||
62 | errno = ENOSYS; | ||
63 | @@ -496,7 +496,7 @@ enum { | ||
64 | static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask, | ||
65 | unsigned long maxnode) { | ||
66 | long i; | ||
67 | -# ifdef __NR_set_mempolicy | ||
68 | +# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0 | ||
69 | i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode); | ||
70 | # else | ||
71 | errno = ENOSYS; | ||
72 | diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c | ||
73 | index 018c20f..c669204 100644 | ||
74 | --- a/src/test/test-seccomp.c | ||
75 | +++ b/src/test/test-seccomp.c | ||
76 | @@ -28,7 +28,8 @@ | ||
77 | #include "tmpfile-util.h" | ||
78 | #include "virt.h" | ||
79 | |||
80 | -#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) | ||
81 | +/* __NR_socket may be invalid due to libseccomp */ | ||
82 | +#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) | ||
83 | /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, | ||
84 | * and we can't restrict it hence via seccomp. */ | ||
85 | # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 | ||
86 | @@ -304,14 +305,14 @@ static void test_protect_sysctl(void) { | ||
87 | assert_se(pid >= 0); | ||
88 | |||
89 | if (pid == 0) { | ||
90 | -#if __NR__sysctl > 0 | ||
91 | +#if defined __NR__sysctl && __NR__sysctl > 0 | ||
92 | assert_se(syscall(__NR__sysctl, NULL) < 0); | ||
93 | assert_se(errno == EFAULT); | ||
94 | #endif | ||
95 | |||
96 | assert_se(seccomp_protect_sysctl() >= 0); | ||
97 | |||
98 | -#if __NR__sysctl > 0 | ||
99 | +#if defined __NR__sysctl && __NR__sysctl > 0 | ||
100 | assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); | ||
101 | assert_se(errno == EPERM); | ||
102 | #endif | ||
103 | @@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) { | ||
104 | assert_se(poll(NULL, 0, 0) == 0); | ||
105 | |||
106 | assert_se(s = hashmap_new(NULL)); | ||
107 | -#if SCMP_SYS(access) >= 0 | ||
108 | +#if defined __NR_access && __NR_access > 0 | ||
109 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); | ||
110 | #else | ||
111 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); | ||
112 | @@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) { | ||
113 | s = hashmap_free(s); | ||
114 | |||
115 | assert_se(s = hashmap_new(NULL)); | ||
116 | -#if SCMP_SYS(access) >= 0 | ||
117 | +#if defined __NR_access && __NR_access > 0 | ||
118 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0); | ||
119 | #else | ||
120 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0); | ||
121 | @@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) { | ||
122 | s = hashmap_free(s); | ||
123 | |||
124 | assert_se(s = hashmap_new(NULL)); | ||
125 | -#if SCMP_SYS(poll) >= 0 | ||
126 | +#if defined __NR_poll && __NR_poll > 0 | ||
127 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0); | ||
128 | #else | ||
129 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0); | ||
130 | @@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) { | ||
131 | s = hashmap_free(s); | ||
132 | |||
133 | assert_se(s = hashmap_new(NULL)); | ||
134 | -#if SCMP_SYS(poll) >= 0 | ||
135 | +#if defined __NR_poll && __NR_poll > 0 | ||
136 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0); | ||
137 | #else | ||
138 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0); | ||
139 | @@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) { | ||
140 | * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On | ||
141 | * other architectures, let's just fall back to the glibc call. */ | ||
142 | |||
143 | -#ifdef SYS_open | ||
144 | - return (int) syscall(SYS_open, path, flags, mode); | ||
145 | +#if defined __NR_open && __NR_open > 0 | ||
146 | + return (int) syscall(__NR_open, path, flags, mode); | ||
147 | #else | ||
148 | return open(path, flags, mode); | ||
149 | #endif | ||
150 | -- | ||
151 | 2.7.4 | ||
152 | |||
diff --git a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch b/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch deleted file mode 100644 index ba20a0bb46..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From d0122c077d2d8fd0fd29b463c501e7ddf9177ff3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Tue, 24 Sep 2019 17:04:50 +0800 | ||
4 | Subject: [PATCH] unit-file.c: consider symlink on filesystems like NFS | ||
5 | |||
6 | Some filesystems do not fully support readdir, according to the manual, | ||
7 | so we should also consider DT_UNKNOWN to correctly handle symlinks. | ||
8 | |||
9 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
10 | |||
11 | Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/13637] | ||
12 | --- | ||
13 | src/shared/unit-file.c | 6 +++++- | ||
14 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c | ||
17 | index 4a5f23e6c1..8373103000 100644 | ||
18 | --- a/src/shared/unit-file.c | ||
19 | +++ b/src/shared/unit-file.c | ||
20 | @@ -247,6 +247,7 @@ int unit_file_build_name_map( | ||
21 | _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; | ||
22 | const char *suffix, *dst = NULL; | ||
23 | bool valid_unit_name; | ||
24 | + struct stat sb; | ||
25 | |||
26 | valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY); | ||
27 | |||
28 | @@ -279,7 +280,10 @@ int unit_file_build_name_map( | ||
29 | if (hashmap_contains(ids, de->d_name)) | ||
30 | continue; | ||
31 | |||
32 | - if (de->d_type == DT_LNK) { | ||
33 | + if (de->d_type == DT_LNK || | ||
34 | + (de->d_type == DT_UNKNOWN && | ||
35 | + lstat(filename, &sb) == 0 && | ||
36 | + (sb.st_mode & S_IFMT) == S_IFLNK)) { | ||
37 | /* We don't explicitly check for alias loops here. unit_ids_map_get() which | ||
38 | * limits the number of hops should be used to access the map. */ | ||
39 | |||
40 | -- | ||
41 | 2.17.1 | ||
42 | |||
diff --git a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch b/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch deleted file mode 100644 index f9c5996ffb..0000000000 --- a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | From dc0a6a9fe4da9738efaba942233ad39da625a918 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Thu, 21 Feb 2019 16:28:21 +0800 | ||
4 | Subject: [PATCH 4/5] rules: whitelist hd* devices | ||
5 | |||
6 | qemu by default emulates IDE and the linux-yocto kernel(s) use | ||
7 | CONFIG_IDE instead of the more modern libsata, so disks appear as | ||
8 | /dev/hd*. Patch rejected upstream because CONFIG_IDE is deprecated. | ||
9 | |||
10 | Upstream-Status: Denied [https://github.com/systemd/systemd/pull/1276] | ||
11 | |||
12 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | ||
13 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
14 | [rebased for systemd 241] | ||
15 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
16 | [rebased for systemd 243] | ||
17 | Signed-off-by: Scott Murray <scott.murray@konsulko.com> | ||
18 | --- | ||
19 | rules/60-persistent-storage.rules | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules | ||
23 | index 7802b1c94f..c0534ae26a 100644 | ||
24 | --- a/rules/60-persistent-storage.rules | ||
25 | +++ b/rules/60-persistent-storage.rules | ||
26 | @@ -7,7 +7,7 @@ ACTION=="remove", GOTO="persistent_storage_end" | ||
27 | ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end" | ||
28 | |||
29 | SUBSYSTEM!="block", GOTO="persistent_storage_end" | ||
30 | -KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", GOTO="persistent_storage_end" | ||
31 | +KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", GOTO="persistent_storage_end" | ||
32 | |||
33 | # ignore partitions that span the entire disk | ||
34 | TEST=="whole_disk", GOTO="persistent_storage_end" | ||
diff --git a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch b/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch deleted file mode 100644 index 96175b5b5e..0000000000 --- a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | From d1bccc721dd8f43fee29c5df0e9b78345e69f4b6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Thu, 21 Feb 2019 16:38:38 +0800 | ||
4 | Subject: [PATCH 5/5] rules: watch metadata changes in ide devices | ||
5 | |||
6 | Formatting IDE storage does not trigger "change" uevents. As a result | ||
7 | clients using udev API don't get any updates afterwards and get outdated | ||
8 | information about the device. | ||
9 | ... | ||
10 | root@qemux86-64:~# mkfs.ext4 -F /dev/hda1 | ||
11 | Creating filesystem with 262144 4k blocks and 65536 inodes | ||
12 | Filesystem UUID: 98791eb2-2bf3-47ad-b4d8-4cf7e914eee2 | ||
13 | |||
14 | root@qemux86-64:~# ls /dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2 | ||
15 | ls: cannot access '/dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2': No such file or directory | ||
16 | ... | ||
17 | Include hd* in a match for watch option assignment. | ||
18 | |||
19 | Upstream-Status: Denied | ||
20 | |||
21 | qemu by default emulates IDE and the linux-yocto kernel(s) use | ||
22 | CONFIG_IDE instead of the more modern libsata, so disks appear as | ||
23 | /dev/hd*. A similar patch rejected by upstream because CONFIG_IDE | ||
24 | is deprecated. | ||
25 | |||
26 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
27 | [rebased for systemd 241] | ||
28 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
29 | [rebased for systemd 243] | ||
30 | Signed-off-by: Scott Murray <scott.murray@konsulko.com> | ||
31 | --- | ||
32 | rules/60-block.rules | 2 +- | ||
33 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
34 | |||
35 | diff --git a/rules/60-block.rules b/rules/60-block.rules | ||
36 | index 3134ab995e..cd72a494a1 100644 | ||
37 | --- a/rules/60-block.rules | ||
38 | +++ b/rules/60-block.rules | ||
39 | @@ -9,5 +9,5 @@ ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", | ||
40 | |||
41 | # watch metadata changes, caused by tools closing the device node which was opened for writing | ||
42 | ACTION!="remove", SUBSYSTEM=="block", \ | ||
43 | - KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", \ | ||
44 | + KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", \ | ||
45 | OPTIONS+="watch" | ||
diff --git a/meta/recipes-core/systemd/systemd_243.2.bb b/meta/recipes-core/systemd/systemd_243.4.bb index e31fac8c56..a0d10e03be 100644 --- a/meta/recipes-core/systemd/systemd_243.2.bb +++ b/meta/recipes-core/systemd/systemd_243.4.bb | |||
@@ -20,10 +20,6 @@ SRC_URI += "file://touchscreen.rules \ | |||
20 | file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ | 20 | file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ |
21 | file://0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch \ | 21 | file://0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch \ |
22 | file://0003-implment-systemd-sysv-install-for-OE.patch \ | 22 | file://0003-implment-systemd-sysv-install-for-OE.patch \ |
23 | file://0004-rules-whitelist-hd-devices.patch \ | ||
24 | file://0005-rules-watch-metadata-changes-in-ide-devices.patch \ | ||
25 | file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \ | ||
26 | file://0001-seccomp-more-comprehensive-protection-against-libsec.patch \ | ||
27 | file://99-default.preset \ | 23 | file://99-default.preset \ |
28 | " | 24 | " |
29 | 25 | ||