summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Kiernan <alex.kiernan@gmail.com>2020-02-03 22:35:26 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-02-04 15:56:29 +0000
commit2c0e4daab9e3e3df160313a10e98efc55486b98d (patch)
tree1c7ae281b245aadc7e8d510c634df789c12e08e9
parentbb637cc802366865c8e1e219eadf24d5c80fff8b (diff)
downloadpoky-2c0e4daab9e3e3df160313a10e98efc55486b98d.tar.gz
systemd: Upgrade 243.2 -> 243.4-latest
Update to latest on the 243 stable branch. This includes (amongst other fixes) seccomp filter changes which fix failures with glibc 2.31, e.g. systemd-journald[543]: Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at src/basic/time-util.c:55, function now(). Aborting. Refresh: 0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch 0001-do-not-disable-buffer-in-writing-files.patch Drop 0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch, fixed in 5c0224c7bf3c ("Handle d_type == DT_UNKNOWN correctly"). Drop 0001-seccomp-more-comprehensive-protection-against-libsec.patch, fixed in 70e8c1978a9a ("seccomp: real syscall numbers are >= 0"). Drop 0004-rules-whitelist-hd-devices.patch and 0005-rules-watch-metadata-changes-in-ide-devices.patch which cause ide-cd to flap with tray open messages (and don't appear to be required any more) Commits from v243-stable: 70e8c1978a9a seccomp: real syscall numbers are >= 0 a0a1977d9a5d seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion 7f936c60d597 network: set ipv6 mtu after link-up or device mtu change b59d88cc62a4 man: fix typo in net-naming-scheme man page c5e5ac095821 man: fix typos (#14304) 9a2f26564d5a ipv4ll: do not reset conflict counter on restart bc9e1ebfdd3b Fix typo (duplicate "or") c6cb71b7e741 network: if /sys is rw, then udev should be around 67dcdfd95629 nspawn: do not fail if udev is not running a7938a1bc6d3 Create parent directories when creating systemd-private subdirs 53aa44f8738a network: do not return error but return UINT64_MAX if speed meter is disabled 65abf126744f core: swap priority can be negative b1cf452ff5f6 systemctl: enhance message about kexec missing kernel 07a0e5b42523 man: use mkswap@ instead of makeswap@ 57dc017c6bac journald: don't ask for the machine ID if we don't need it ac392a57c08c journalctl: pager_close() calls fflush(stdout) anyway as first thing ee7dfadc8237 journald: remove unused field 471073f1b52b journalctl: return EOPNOTSUPP if pcre is not enabled 002ededb61a0 man: drop reference to machined, add one for journald instead fd3bd4be3bff pid1: make TimeoutAbortSec settable for transient units eb2ef4d6643e pid1: fix setting of DefaultTimeoutAbortSec 1d75e29b2378 shared/ask-password-api: modify keyctl break value a16b1ee7e565 cryptsetup: reduce the chance that we will be OOM killed 4836fb010ae8 core: write out correct field name when creating transient service units 3e2c547f6d3c udevd: don't use monitor after manager_exit() d42f7d45a8e2 Revert "udevd: fix crash when workers time out after exit is signal caught" c9a287eee8fd man/systemd.link: Add missing verb *be* a67a3ae04b89 man: document all pager variables for systemctl and systemd 3a8fce3f38b6 core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange= fdffd284b682 core/service: downgrade "scheduling restart" message to debug 733e7f19d3cf travis: add missing closing quote sign 0d7b7817fc34 systemd-tmpfiles: don't install timer when service isn't installed either 0e7f83cd2b31 pam_systemd: prolong method call timeout when allocating session e51d9bf9e5ac man: add entry about SpeedMeter= aa1fc791c7a1 udev: silence warning about PROGRAM+= or IMPORT+= rules b9a619bb6738 udevadm: ignore EROFS and return earlier 1ec5b9f80cb5 basic: add vmware hypervisor detection from device-tree 7fa7080248aa umount: be happy if /proc/swaps doesn't exist 71ccd774bb33 shutdown: make logging more useful if NULL swap/mount table files are specified 38453c6d42e4 man: share description of $SYSTEMD_COLORS in other tools b50ca0152681 core: do not propagate polkit error to caller 99b72a66ca55 ask-password: don't hit assert() when we query pw which the user C-d and caching is enabled 288edd686911 man: mention $RUNTIME_DIRECTORY & friends in environment list 37aeadd433d3 cryptsetup-generator: guess whether the keyfile argument is two items or one a87e8fdc72d7 verify: fix segmentation fault 3aea728cd2d2 timedated: it might be that tzinfo files are just not installed cc103c72abc1 timedated: handle UTC specially, when generating /etc/localtime f5a4caa5418b time-util: treat /etc/localtime missing as UTC 2139d58652bb bpf: fix off-by-one in class whitelisting cb7693595db9 bpf: fix device type filter 56e1ba304b00 core: constify bpf program arrays b06b7ace92c1 run: propagate return code/status from the child 5db454b8031c udevd: fix crash when workers time out after exit is signal caught b774282a855e udev: ignore error caused by device disconnection 8d88a2ecd7ce udev: fix error code in the log message c41484a2f3d7 udev: ignore ENOENT when chmod_and_chown() device node f218b65b3246 udev: do not append newline when write attributes ce4d17ddbc16 time-util: uniquify timezone list, in case UTC is listed in timezone1970.tab, too 28f0b34c57bc time-util: always accept UTC as valid timezone 8b888d236007 seccomp: add all *time64 syscalls 53d8feeb2334 libblkid: open device in nonblock mode. b9478046b03d man: describe ordering in case of Conflicts= fa3e5bd2bbb4 man: put description of Wants= above Requires= bdebd2c325fc meson: remove strange dep that causes meson to enter infinite loop 26bc77d8e5af man: fix option typo in pam_systemd man page 9c12127e3d2e man: save pull-raw example file without underscores 4c106cbcf1af man: small grammatical/word choice fixes to crypttab man page 03cc374fca74 shared/format-table: disable ellipsization when piped 0a5497d3fa4b sd-device-enumerator: do not return error when a device is removed 7b0d0331d051 bootctl: create leading dirs when "bootctl random-seed" is called if needed 5aab35aac9db core, job: fix breakage of ordering dependencies by systemctl reload command cd86ae937305 journalctl: allow running vacuum on remote journals, too fc0451bc0a3f allow an empty DefaultInstance= in configuration files 587266c24aae man/systemd.net-naming-scheme: fix typo e0e63f0f9bb9 nspawn: respect quiet on capabilities warning 37e50c05b564 nspawn: mangle slice name 4fefc493541e mkosi: Find hostname command on Arch Linux c430e8affba4 Fix mkosi on Arch Linux 1765b8d803dd Update to Fedora31 0b9a2a9a9868 sd-boot: Silence compiler warning when building with -O2 24e02f8d49b6 sd-boot: Don't loudly complain if RNG protocol isn't available 14e377ef3519 sd-boot: Only disable optimization on debug builds a39008ddecb9 meson: correct man page deps 4c1dcc06fa30 sd-event: don't invalidate source type on disconnect fb89ee34cedc analyze: fix minor memleak a449299bc087 analyze: sort list of unknown syscalls kernel implements 51ea58a04b18 seccomp: add new Linux 5.3 syscalls to syscall filter lists 819695c8b027 resolved: check for IP in certificate when using DoT with GnuTLS 37f817e21097 resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS 32056809baa2 coverity: replace python with jq d2b4d7ee17de network-generator: Add missing help for --root f1b18c206208 modules-load: do not fail service if modules are not present 606de6626714 pid1: order .automount units after local-fs-pre.target 1366b81f2bc5 shared/install: failing with -ELOOP can be due to the use of an alias in install_error() 84d5cd699e25 shared/install: fix error codes returned by install_context_apply() 417779c58a86 man: alias names can't be used with enable command 00af6c447f25 resolved: set stream type during DnsStream creation 66dd9d7d25fd sd-device: allow sd_device_get_devtype to be called with NULL arg and do not assert 048f9da1a4b3 Remove unused plymouth_running() function 34fa67bbe732 machine-id-setup: avoid unexpected aborting 24c99fa2ef3d test-socket-util: avoid writing past the defined buffer ce82233f99b3 test: drop duplicated 's' 75a0e7209114 nspawn: fix handling of --console=help f41a282875fc Revert "sysusers: properly mark generated accounts as locked" fc2dceac6172 Remove unprintable non-ASCII char from special glyph ASCII fallback table dedf5b511e6f logind: fix emission of PropertiesChanged for users 6e3cfe2e58f5 logind: fix emission of PropertiesChanged on seats a9152084d7e9 resolved: fix connection failures with TLS 1.3 and GnuTLS 961879ed9ddb udev: tag any display devices as master-of-seat when nomodeset is used 8aa7bafa1295 systemd-fsck: fix systemd-fsck/fsck pipe bad closure 19590e289ace ceph is a network filesystem 339606ad9e99 portabled: allow to detach an image with a unit in linked-runtime state bd9692734ac5 network: ndisc: do not drop all prefixes when a prefix matches a blacklist 5e6d4f8b79e0 systemctl: fix memleak caused by wrong cleanup func 47d0e23d26af udev: fix memleak caused by wrong cleanup function a6fb0542c5ef parse_hwdb: fix compatibility with pyparsing 2.4.* cb1d892f1780 parse_hwdb: process files in order ef677436aa20 test: Pass personality test even when i686 userland runs on x86_64 kernel 3f6398c450b8 docs: fix inadvertent change in uid range 25bb377a73e7 cgroup: fix typo in BPF firewall support warning message 6d97aca0d503 fix build with compilers with default stack-protector enabled fbad077cec34 nspawn: surrender controlling terminal to PID2 when using the PID1 stub 0553c3c66889 pid1: fix DefaultTasksMax initialization f406a691a722 src/core/automount: use DirectoryMode when calling mkdir -p 20438f96c326 udevadm trigger: do not propagate EACCES and ENODEV 6480630bc397 hwdb: Correct WWWW Pattern In Documentation Comment 9d8e889810b5 nspawn: consistenly fail if parsing the environment fails 40e169b30423 nspawn: default to unified hierarchy if --as-pid2 is used b5df1037a0c0 cgroup: Mark memory protections as explicitly set in transient units f14e3e02cca7 cgroup: Respect DefaultMemoryMin when setting memory.min ea248e53bf76 cgroup: Check ancestor memory min for unified memory config de1d25a506db cgroup: docs: memory.high doc fixups 2ab45f38d8c4 cgroup: docs: Mention unbounded protection for memory.{low,min} 19a43dc38a13 Consider smb3 as remote filesystem 5c0224c7bf3c Handle d_type == DT_UNKNOWN correctly 8282bc61df10 util-lib: Don't propagate EACCES from find_binary PATH lookup to caller 9d0ae987a634 network: drop noisy log message f67f0e4ec45a Updated log message when the timesync happens for the first time (#13624) e151bf467494 units: make systemd-binfmt.service easier to work with no autofs 2b8e574d8242 Corect man page reference in systemd-nologin.conf comments a0577353f191 man: Add a missing space in machinectl(1) 693e98398869 log: Add missing "%" in "%m" log format strings ea7151b8c435 pid1: do not warn if /run/systemd/relabel-extra.d/ doesn't exist b90549290e33 man: fix typo (From OE-Core rev: 48a061c1da0745ca2263cfcfb9041d67cd018193) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/systemd/systemd-boot_243.4.bb (renamed from meta/recipes-core/systemd/systemd-boot_243.2.bb)0
-rw-r--r--meta/recipes-core/systemd/systemd.inc4
-rw-r--r--meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch30
-rw-r--r--meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch88
-rw-r--r--meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch152
-rw-r--r--meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch42
-rw-r--r--meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch34
-rw-r--r--meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch45
-rw-r--r--meta/recipes-core/systemd/systemd_243.4.bb (renamed from meta/recipes-core/systemd/systemd_243.2.bb)4
9 files changed, 45 insertions, 354 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot_243.2.bb b/meta/recipes-core/systemd/systemd-boot_243.4.bb
index 515abc289b..515abc289b 100644
--- a/meta/recipes-core/systemd/systemd-boot_243.2.bb
+++ b/meta/recipes-core/systemd/systemd-boot_243.4.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 18f17d28ac..2fca6dca64 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -14,8 +14,10 @@ LICENSE = "GPLv2 & LGPLv2.1"
14LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ 14LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
15 file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" 15 file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
16 16
17SRCREV = "fab6f010ac6c3bc93a10868de722d7c8c3622eb9" 17SRCREV = "70e8c1978a9a688662eb1b3983370dd1cc415083"
18SRCBRANCH = "v243-stable" 18SRCBRANCH = "v243-stable"
19SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" 19SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}"
20 20
21PV = "243.4+git${SRCPV}"
22
21S = "${WORKDIR}/git" 23S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
index 73e65ff798..ea37680221 100644
--- a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
+++ b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
@@ -24,10 +24,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
24 units/systemd-binfmt.service.in | 4 ++++ 24 units/systemd-binfmt.service.in | 4 ++++
25 3 files changed, 9 insertions(+), 4 deletions(-) 25 3 files changed, 9 insertions(+), 4 deletions(-)
26 26
27diff --git a/units/meson.build b/units/meson.build 27Index: systemd-stable/units/meson.build
28index e1ee9f86c3..6bb7771b36 100644 28===================================================================
29--- a/units/meson.build 29--- systemd-stable.orig/units/meson.build
30+++ b/units/meson.build 30+++ systemd-stable/units/meson.build
31@@ -46,8 +46,7 @@ units = [ 31@@ -46,8 +46,7 @@ units = [
32 ['poweroff.target', '', 32 ['poweroff.target', '',
33 'runlevel0.target'], 33 'runlevel0.target'],
@@ -48,10 +48,10 @@ index e1ee9f86c3..6bb7771b36 100644
48 ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], 48 ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'],
49 ['systemd-boot-check-no-failures.service', ''], 49 ['systemd-boot-check-no-failures.service', ''],
50 ['systemd-boot-system-token.service', 'ENABLE_EFI', 50 ['systemd-boot-system-token.service', 'ENABLE_EFI',
51diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount 51Index: systemd-stable/units/proc-sys-fs-binfmt_misc.automount
52index 30a6bc9918..4231f3b70f 100644 52===================================================================
53--- a/units/proc-sys-fs-binfmt_misc.automount 53--- systemd-stable.orig/units/proc-sys-fs-binfmt_misc.automount
54+++ b/units/proc-sys-fs-binfmt_misc.automount 54+++ systemd-stable/units/proc-sys-fs-binfmt_misc.automount
55@@ -18,3 +18,6 @@ ConditionPathIsReadWrite=/proc/sys/ 55@@ -18,3 +18,6 @@ ConditionPathIsReadWrite=/proc/sys/
56 56
57 [Automount] 57 [Automount]
@@ -59,19 +59,19 @@ index 30a6bc9918..4231f3b70f 100644
59+ 59+
60+[Install] 60+[Install]
61+WantedBy=sysinit.target 61+WantedBy=sysinit.target
62diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in 62Index: systemd-stable/units/systemd-binfmt.service.in
63index e940c7c9ad..6be7f5cc9b 100644 63===================================================================
64--- a/units/systemd-binfmt.service.in 64--- systemd-stable.orig/units/systemd-binfmt.service.in
65+++ b/units/systemd-binfmt.service.in 65+++ systemd-stable/units/systemd-binfmt.service.in
66@@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.htm 66@@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc
67 Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems 67 Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
68 DefaultDependencies=no 68 DefaultDependencies=no
69 Conflicts=shutdown.target 69 Conflicts=shutdown.target
70+Wants=proc-sys-fs-binfmt_misc.automount 70+Wants=proc-sys-fs-binfmt_misc.automount
71 After=proc-sys-fs-binfmt_misc.automount 71 After=proc-sys-fs-binfmt_misc.automount
72 After=proc-sys-fs-binfmt_misc.mount
72 Before=sysinit.target shutdown.target 73 Before=sysinit.target shutdown.target
73 ConditionPathIsReadWrite=/proc/sys/ 74@@ -29,3 +30,6 @@ Type=oneshot
74@@ -28,3 +29,6 @@ Type=oneshot
75 RemainAfterExit=yes 75 RemainAfterExit=yes
76 ExecStart=@rootlibexecdir@/systemd-binfmt 76 ExecStart=@rootlibexecdir@/systemd-binfmt
77 TimeoutSec=90s 77 TimeoutSec=90s
diff --git a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch
index 2f4daf8665..d6d68a09ac 100644
--- a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch
@@ -38,11 +38,9 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
38 src/vconsole/vconsole-setup.c | 2 +- 38 src/vconsole/vconsole-setup.c | 2 +-
39 17 files changed, 36 insertions(+), 36 deletions(-) 39 17 files changed, 36 insertions(+), 36 deletions(-)
40 40
41diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
42index 7b5839ccd6..18f6e8ffc8 100644
43--- a/src/basic/cgroup-util.c 41--- a/src/basic/cgroup-util.c
44+++ b/src/basic/cgroup-util.c 42+++ b/src/basic/cgroup-util.c
45@@ -860,7 +860,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { 43@@ -860,7 +860,7 @@ int cg_attach(const char *controller, co
46 44
47 xsprintf(c, PID_FMT "\n", pid); 45 xsprintf(c, PID_FMT "\n", pid);
48 46
@@ -51,7 +49,7 @@ index 7b5839ccd6..18f6e8ffc8 100644
51 if (r < 0) 49 if (r < 0)
52 return r; 50 return r;
53 51
54@@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { 52@@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char
55 53
56 sc = strstrip(contents); 54 sc = strstrip(contents);
57 if (isempty(sc)) { 55 if (isempty(sc)) {
@@ -60,7 +58,7 @@ index 7b5839ccd6..18f6e8ffc8 100644
60 if (r < 0) 58 if (r < 0)
61 return r; 59 return r;
62 } else if (!path_equal(sc, agent)) 60 } else if (!path_equal(sc, agent))
63@@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { 61@@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char
64 62
65 sc = strstrip(contents); 63 sc = strstrip(contents);
66 if (streq(sc, "0")) { 64 if (streq(sc, "0")) {
@@ -69,7 +67,7 @@ index 7b5839ccd6..18f6e8ffc8 100644
69 if (r < 0) 67 if (r < 0)
70 return r; 68 return r;
71 69
72@@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const char *controller) { 70@@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const cha
73 if (r < 0) 71 if (r < 0)
74 return r; 72 return r;
75 73
@@ -78,7 +76,7 @@ index 7b5839ccd6..18f6e8ffc8 100644
78 if (r < 0) 76 if (r < 0)
79 return r; 77 return r;
80 78
81@@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const char *controller) { 79@@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const cha
82 if (r < 0) 80 if (r < 0)
83 return r; 81 return r;
84 82
@@ -87,7 +85,7 @@ index 7b5839ccd6..18f6e8ffc8 100644
87 if (r < 0) 85 if (r < 0)
88 return r; 86 return r;
89 87
90@@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri 88@@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *control
91 if (r < 0) 89 if (r < 0)
92 return r; 90 return r;
93 91
@@ -105,11 +103,9 @@ index 7b5839ccd6..18f6e8ffc8 100644
105 if (r < 0) { 103 if (r < 0) {
106 log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", 104 log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m",
107 FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); 105 FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs);
108diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
109index 42ce53d5aa..57512532a6 100644
110--- a/src/basic/procfs-util.c 106--- a/src/basic/procfs-util.c
111+++ b/src/basic/procfs-util.c 107+++ b/src/basic/procfs-util.c
112@@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limit) { 108@@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limi
113 * decrease it, as threads-max is the much more relevant sysctl. */ 109 * decrease it, as threads-max is the much more relevant sysctl. */
114 if (limit > pid_max-1) { 110 if (limit > pid_max-1) {
115 sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ 111 sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */
@@ -125,11 +121,9 @@ index 42ce53d5aa..57512532a6 100644
125 if (r < 0) { 121 if (r < 0) {
126 uint64_t threads_max; 122 uint64_t threads_max;
127 123
128diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
129index 123d00e13e..e7ea78f349 100644
130--- a/src/basic/smack-util.c 124--- a/src/basic/smack-util.c
131+++ b/src/basic/smack-util.c 125+++ b/src/basic/smack-util.c
132@@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { 126@@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const
133 return 0; 127 return 0;
134 128
135 p = procfs_file_alloca(pid, "attr/current"); 129 p = procfs_file_alloca(pid, "attr/current");
@@ -138,8 +132,6 @@ index 123d00e13e..e7ea78f349 100644
138 if (r < 0) 132 if (r < 0)
139 return r; 133 return r;
140 134
141diff --git a/src/basic/util.c b/src/basic/util.c
142index 93d610bc98..97dca64f73 100644
143--- a/src/basic/util.c 135--- a/src/basic/util.c
144+++ b/src/basic/util.c 136+++ b/src/basic/util.c
145@@ -294,7 +294,7 @@ void disable_coredumps(void) { 137@@ -294,7 +294,7 @@ void disable_coredumps(void) {
@@ -151,11 +143,9 @@ index 93d610bc98..97dca64f73 100644
151 if (r < 0) 143 if (r < 0)
152 log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); 144 log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
153 } 145 }
154diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
155index aa9d811f2e..8c7f2dae7a 100644
156--- a/src/binfmt/binfmt.c 146--- a/src/binfmt/binfmt.c
157+++ b/src/binfmt/binfmt.c 147+++ b/src/binfmt/binfmt.c
158@@ -48,7 +48,7 @@ static int delete_rule(const char *rule) { 148@@ -48,7 +48,7 @@ static int delete_rule(const char *rule)
159 if (!fn) 149 if (!fn)
160 return log_oom(); 150 return log_oom();
161 151
@@ -164,7 +154,7 @@ index aa9d811f2e..8c7f2dae7a 100644
164 } 154 }
165 155
166 static int apply_rule(const char *rule) { 156 static int apply_rule(const char *rule) {
167@@ -56,7 +56,7 @@ static int apply_rule(const char *rule) { 157@@ -56,7 +56,7 @@ static int apply_rule(const char *rule)
168 158
169 (void) delete_rule(rule); 159 (void) delete_rule(rule);
170 160
@@ -182,11 +172,9 @@ index aa9d811f2e..8c7f2dae7a 100644
182 172
183 STRV_FOREACH(f, files) { 173 STRV_FOREACH(f, files) {
184 k = apply_file(*f, true); 174 k = apply_file(*f, true);
185diff --git a/src/core/main.c b/src/core/main.c
186index bcce7178a8..4199cedab9 100644
187--- a/src/core/main.c 175--- a/src/core/main.c
188+++ b/src/core/main.c 176+++ b/src/core/main.c
189@@ -1285,7 +1285,7 @@ static int bump_unix_max_dgram_qlen(void) { 177@@ -1303,7 +1303,7 @@ static int bump_unix_max_dgram_qlen(void
190 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) 178 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
191 return 0; 179 return 0;
192 180
@@ -195,7 +183,7 @@ index bcce7178a8..4199cedab9 100644
195 if (r < 0) 183 if (r < 0)
196 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, 184 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
197 "Failed to bump AF_UNIX datagram queue length, ignoring: %m"); 185 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
198@@ -1509,7 +1509,7 @@ static void initialize_core_pattern(bool skip_setup) { 186@@ -1527,7 +1527,7 @@ static void initialize_core_pattern(bool
199 if (getpid_cached() != 1) 187 if (getpid_cached() != 1)
200 return; 188 return;
201 189
@@ -204,11 +192,9 @@ index bcce7178a8..4199cedab9 100644
204 if (r < 0) 192 if (r < 0)
205 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern); 193 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern);
206 } 194 }
207diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
208index b95e6239d4..fdbdaaaccb 100644
209--- a/src/core/smack-setup.c 195--- a/src/core/smack-setup.c
210+++ b/src/core/smack-setup.c 196+++ b/src/core/smack-setup.c
211@@ -325,17 +325,17 @@ int mac_smack_setup(bool *loaded_policy) { 197@@ -327,17 +327,17 @@ int mac_smack_setup(bool *loaded_policy)
212 } 198 }
213 199
214 #ifdef SMACK_RUN_LABEL 200 #ifdef SMACK_RUN_LABEL
@@ -230,8 +216,6 @@ index b95e6239d4..fdbdaaaccb 100644
230 if (r < 0) 216 if (r < 0)
231 log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); 217 log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
232 #endif 218 #endif
233diff --git a/src/hibernate-resume/hibernate-resume.c b/src/hibernate-resume/hibernate-resume.c
234index 17e7cd1a00..87a7667716 100644
235--- a/src/hibernate-resume/hibernate-resume.c 219--- a/src/hibernate-resume/hibernate-resume.c
236+++ b/src/hibernate-resume/hibernate-resume.c 220+++ b/src/hibernate-resume/hibernate-resume.c
237@@ -45,7 +45,7 @@ int main(int argc, char *argv[]) { 221@@ -45,7 +45,7 @@ int main(int argc, char *argv[]) {
@@ -243,11 +227,9 @@ index 17e7cd1a00..87a7667716 100644
243 if (r < 0) { 227 if (r < 0) {
244 log_error_errno(r, "Failed to write '%s' to /sys/power/resume: %m", major_minor); 228 log_error_errno(r, "Failed to write '%s' to /sys/power/resume: %m", major_minor);
245 return EXIT_FAILURE; 229 return EXIT_FAILURE;
246diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
247index c4a7f2f3d3..bcac758284 100644
248--- a/src/libsystemd/sd-device/sd-device.c 230--- a/src/libsystemd/sd-device/sd-device.c
249+++ b/src/libsystemd/sd-device/sd-device.c 231+++ b/src/libsystemd/sd-device/sd-device.c
250@@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, 232@@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value
251 if (!value) 233 if (!value)
252 return -ENOMEM; 234 return -ENOMEM;
253 235
@@ -256,11 +238,9 @@ index c4a7f2f3d3..bcac758284 100644
256 if (r < 0) { 238 if (r < 0) {
257 if (r == -ELOOP) 239 if (r == -ELOOP)
258 return -EINVAL; 240 return -EINVAL;
259diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
260index 30b9a66334..cc1d577933 100644
261--- a/src/login/logind-dbus.c 241--- a/src/login/logind-dbus.c
262+++ b/src/login/logind-dbus.c 242+++ b/src/login/logind-dbus.c
263@@ -1325,7 +1325,7 @@ static int trigger_device(Manager *m, sd_device *d) { 243@@ -1323,7 +1323,7 @@ static int trigger_device(Manager *m, sd
264 if (!t) 244 if (!t)
265 return -ENOMEM; 245 return -ENOMEM;
266 246
@@ -269,11 +249,9 @@ index 30b9a66334..cc1d577933 100644
269 } 249 }
270 250
271 return 0; 251 return 0;
272diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
273index 0462b46413..7c53d41483 100644
274--- a/src/nspawn/nspawn-cgroup.c 252--- a/src/nspawn/nspawn-cgroup.c
275+++ b/src/nspawn/nspawn-cgroup.c 253+++ b/src/nspawn/nspawn-cgroup.c
276@@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { 254@@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified
277 fn = strjoina(tree, cgroup, "/cgroup.procs"); 255 fn = strjoina(tree, cgroup, "/cgroup.procs");
278 256
279 sprintf(pid_string, PID_FMT, pid); 257 sprintf(pid_string, PID_FMT, pid);
@@ -282,11 +260,9 @@ index 0462b46413..7c53d41483 100644
282 if (r < 0) { 260 if (r < 0) {
283 log_error_errno(r, "Failed to move process: %m"); 261 log_error_errno(r, "Failed to move process: %m");
284 goto finish; 262 goto finish;
285diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
286index 2aec8041f0..841542f2f3 100644
287--- a/src/nspawn/nspawn.c 263--- a/src/nspawn/nspawn.c
288+++ b/src/nspawn/nspawn.c 264+++ b/src/nspawn/nspawn.c
289@@ -2357,7 +2357,7 @@ static int reset_audit_loginuid(void) { 265@@ -2403,7 +2403,7 @@ static int reset_audit_loginuid(void) {
290 if (streq(p, "4294967295")) 266 if (streq(p, "4294967295"))
291 return 0; 267 return 0;
292 268
@@ -295,7 +271,7 @@ index 2aec8041f0..841542f2f3 100644
295 if (r < 0) { 271 if (r < 0) {
296 log_error_errno(r, 272 log_error_errno(r,
297 "Failed to reset audit login UID. This probably means that your kernel is too\n" 273 "Failed to reset audit login UID. This probably means that your kernel is too\n"
298@@ -3566,13 +3566,13 @@ static int setup_uid_map(pid_t pid) { 274@@ -3612,13 +3612,13 @@ static int setup_uid_map(pid_t pid) {
299 275
300 xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); 276 xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
301 xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range); 277 xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range);
@@ -311,11 +287,9 @@ index 2aec8041f0..841542f2f3 100644
311 if (r < 0) 287 if (r < 0)
312 return log_error_errno(r, "Failed to write GID map: %m"); 288 return log_error_errno(r, "Failed to write GID map: %m");
313 289
314diff --git a/src/shared/sysctl-util.c b/src/shared/sysctl-util.c
315index 93bdcf11bf..68cddb7a9f 100644
316--- a/src/shared/sysctl-util.c 290--- a/src/shared/sysctl-util.c
317+++ b/src/shared/sysctl-util.c 291+++ b/src/shared/sysctl-util.c
318@@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, const char *ifname, const char *property, c 292@@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, con
319 293
320 log_debug("Setting '%s' to '%s'", p, value); 294 log_debug("Setting '%s' to '%s'", p, value);
321 295
@@ -324,11 +298,9 @@ index 93bdcf11bf..68cddb7a9f 100644
324 } 298 }
325 299
326 int sysctl_read(const char *property, char **content) { 300 int sysctl_read(const char *property, char **content) {
327diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
328index b9fe96635d..f168d7f890 100644
329--- a/src/sleep/sleep.c 301--- a/src/sleep/sleep.c
330+++ b/src/sleep/sleep.c 302+++ b/src/sleep/sleep.c
331@@ -54,7 +54,7 @@ static int write_hibernate_location_info(void) { 303@@ -54,7 +54,7 @@ static int write_hibernate_location_info
332 304
333 /* if it's a swap partition, we just write the disk to /sys/power/resume */ 305 /* if it's a swap partition, we just write the disk to /sys/power/resume */
334 if (streq(type, "partition")) { 306 if (streq(type, "partition")) {
@@ -337,7 +309,7 @@ index b9fe96635d..f168d7f890 100644
337 if (r < 0) 309 if (r < 0)
338 return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m"); 310 return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m");
339 311
340@@ -98,14 +98,14 @@ static int write_hibernate_location_info(void) { 312@@ -98,14 +98,14 @@ static int write_hibernate_location_info
341 313
342 offset = fiemap->fm_extents[0].fe_physical / page_size(); 314 offset = fiemap->fm_extents[0].fe_physical / page_size();
343 xsprintf(offset_str, "%" PRIu64, offset); 315 xsprintf(offset_str, "%" PRIu64, offset);
@@ -363,7 +335,7 @@ index b9fe96635d..f168d7f890 100644
363 if (k >= 0) 335 if (k >= 0)
364 return 0; 336 return 0;
365 337
366@@ -140,7 +140,7 @@ static int write_state(FILE **f, char **states) { 338@@ -140,7 +140,7 @@ static int write_state(FILE **f, char **
367 STRV_FOREACH(state, states) { 339 STRV_FOREACH(state, states) {
368 int k; 340 int k;
369 341
@@ -372,24 +344,20 @@ index b9fe96635d..f168d7f890 100644
372 if (k >= 0) 344 if (k >= 0)
373 return 0; 345 return 0;
374 log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); 346 log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state);
375diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c
376index 77d95e513f..25ce4abfb1 100644
377--- a/src/udev/udevadm-trigger.c 347--- a/src/udev/udevadm-trigger.c
378+++ b/src/udev/udevadm-trigger.c 348+++ b/src/udev/udevadm-trigger.c
379@@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set *settle_se 349@@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerato
380 if (!filename) 350 if (!filename)
381 return log_oom(); 351 return log_oom();
382 352
383- r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); 353- r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER);
384+ r = write_string_file(filename, action, 0); 354+ r = write_string_file(filename, action, 0);
385 if (r < 0) { 355 if (r < 0) {
386 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, 356 bool ignore = IN_SET(r, -ENOENT, -EACCES, -ENODEV, -EROFS);
387 "Failed to write '%s' to '%s': %m", action, filename); 357
388diff --git a/src/udev/udevd.c b/src/udev/udevd.c
389index cb5123042a..ea309a9e7f 100644
390--- a/src/udev/udevd.c 358--- a/src/udev/udevd.c
391+++ b/src/udev/udevd.c 359+++ b/src/udev/udevd.c
392@@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_device *dev, const char *syspath) { 360@@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_devi
393 361
394 filename = strjoina(syspath, "/uevent"); 362 filename = strjoina(syspath, "/uevent");
395 log_device_debug(dev, "device is closed, synthesising 'change' on %s", syspath); 363 log_device_debug(dev, "device is closed, synthesising 'change' on %s", syspath);
@@ -398,11 +366,9 @@ index cb5123042a..ea309a9e7f 100644
398 if (r < 0) 366 if (r < 0)
399 return log_device_debug_errno(dev, r, "Failed to write 'change' to %s: %m", filename); 367 return log_device_debug_errno(dev, r, "Failed to write 'change' to %s: %m", filename);
400 return 0; 368 return 0;
401diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
402index 75d052ae70..5a15c939d8 100644
403--- a/src/vconsole/vconsole-setup.c 369--- a/src/vconsole/vconsole-setup.c
404+++ b/src/vconsole/vconsole-setup.c 370+++ b/src/vconsole/vconsole-setup.c
405@@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { 371@@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *na
406 static int toggle_utf8_sysfs(bool utf8) { 372 static int toggle_utf8_sysfs(bool utf8) {
407 int r; 373 int r;
408 374
diff --git a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch b/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch
deleted file mode 100644
index f359d2879b..0000000000
--- a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch
+++ /dev/null
@@ -1,152 +0,0 @@
1From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
2From: Lennart Poettering <lennart@poettering.net>
3Date: Thu, 14 Nov 2019 17:51:30 +0100
4Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
5 __NR_xyz namespace invasion
6
7A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
8same conditioning for all cases of our __NR_xyz use.
9
10Fixes: #14031
11
12Reference:
13https://github.com/systemd/systemd/pull/14032/commits/62f66fdbcc33580467c01b1f149474b6c973df5a
14
15Upstream-Status: Backport
16
17Signed-off-by: Ming Liu <liu.ming50@gmail.com>
18---
19 src/basic/missing_syscall.h | 10 +++++-----
20 src/test/test-seccomp.c | 19 ++++++++++---------
21 2 files changed, 15 insertions(+), 14 deletions(-)
22
23diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
24index 6d9b125..1255d8b 100644
25--- a/src/basic/missing_syscall.h
26+++ b/src/basic/missing_syscall.h
27@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
28
29 #if !HAVE_KCMP
30 static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
31-# ifdef __NR_kcmp
32+# if defined __NR_kcmp && __NR_kcmp > 0
33 return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
34 # else
35 errno = ENOSYS;
36@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
37
38 #if !HAVE_KEYCTL
39 static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
40-# ifdef __NR_keyctl
41+# if defined __NR_keyctl && __NR_keyctl > 0
42 return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
43 # else
44 errno = ENOSYS;
45@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
46 }
47
48 static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
49-# ifdef __NR_add_key
50+# if defined __NR_add_key && __NR_add_key > 0
51 return syscall(__NR_add_key, type, description, payload, plen, ringid);
52 # else
53 errno = ENOSYS;
54@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
55 }
56
57 static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
58-# ifdef __NR_request_key
59+# if defined __NR_request_key && __NR_request_key > 0
60 return syscall(__NR_request_key, type, description, callout_info, destringid);
61 # else
62 errno = ENOSYS;
63@@ -496,7 +496,7 @@ enum {
64 static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
65 unsigned long maxnode) {
66 long i;
67-# ifdef __NR_set_mempolicy
68+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
69 i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
70 # else
71 errno = ENOSYS;
72diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
73index 018c20f..c669204 100644
74--- a/src/test/test-seccomp.c
75+++ b/src/test/test-seccomp.c
76@@ -28,7 +28,8 @@
77 #include "tmpfile-util.h"
78 #include "virt.h"
79
80-#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
81+/* __NR_socket may be invalid due to libseccomp */
82+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
83 /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
84 * and we can't restrict it hence via seccomp. */
85 # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
86@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
87 assert_se(pid >= 0);
88
89 if (pid == 0) {
90-#if __NR__sysctl > 0
91+#if defined __NR__sysctl && __NR__sysctl > 0
92 assert_se(syscall(__NR__sysctl, NULL) < 0);
93 assert_se(errno == EFAULT);
94 #endif
95
96 assert_se(seccomp_protect_sysctl() >= 0);
97
98-#if __NR__sysctl > 0
99+#if defined __NR__sysctl && __NR__sysctl > 0
100 assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
101 assert_se(errno == EPERM);
102 #endif
103@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
104 assert_se(poll(NULL, 0, 0) == 0);
105
106 assert_se(s = hashmap_new(NULL));
107-#if SCMP_SYS(access) >= 0
108+#if defined __NR_access && __NR_access > 0
109 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
110 #else
111 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
112@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
113 s = hashmap_free(s);
114
115 assert_se(s = hashmap_new(NULL));
116-#if SCMP_SYS(access) >= 0
117+#if defined __NR_access && __NR_access > 0
118 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
119 #else
120 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
121@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
122 s = hashmap_free(s);
123
124 assert_se(s = hashmap_new(NULL));
125-#if SCMP_SYS(poll) >= 0
126+#if defined __NR_poll && __NR_poll > 0
127 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
128 #else
129 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
130@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
131 s = hashmap_free(s);
132
133 assert_se(s = hashmap_new(NULL));
134-#if SCMP_SYS(poll) >= 0
135+#if defined __NR_poll && __NR_poll > 0
136 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
137 #else
138 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
139@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
140 * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
141 * other architectures, let's just fall back to the glibc call. */
142
143-#ifdef SYS_open
144- return (int) syscall(SYS_open, path, flags, mode);
145+#if defined __NR_open && __NR_open > 0
146+ return (int) syscall(__NR_open, path, flags, mode);
147 #else
148 return open(path, flags, mode);
149 #endif
150--
1512.7.4
152
diff --git a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch b/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch
deleted file mode 100644
index ba20a0bb46..0000000000
--- a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1From d0122c077d2d8fd0fd29b463c501e7ddf9177ff3 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Tue, 24 Sep 2019 17:04:50 +0800
4Subject: [PATCH] unit-file.c: consider symlink on filesystems like NFS
5
6Some filesystems do not fully support readdir, according to the manual,
7so we should also consider DT_UNKNOWN to correctly handle symlinks.
8
9Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
10
11Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/13637]
12---
13 src/shared/unit-file.c | 6 +++++-
14 1 file changed, 5 insertions(+), 1 deletion(-)
15
16diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c
17index 4a5f23e6c1..8373103000 100644
18--- a/src/shared/unit-file.c
19+++ b/src/shared/unit-file.c
20@@ -247,6 +247,7 @@ int unit_file_build_name_map(
21 _cleanup_free_ char *_filename_free = NULL, *simplified = NULL;
22 const char *suffix, *dst = NULL;
23 bool valid_unit_name;
24+ struct stat sb;
25
26 valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY);
27
28@@ -279,7 +280,10 @@ int unit_file_build_name_map(
29 if (hashmap_contains(ids, de->d_name))
30 continue;
31
32- if (de->d_type == DT_LNK) {
33+ if (de->d_type == DT_LNK ||
34+ (de->d_type == DT_UNKNOWN &&
35+ lstat(filename, &sb) == 0 &&
36+ (sb.st_mode & S_IFMT) == S_IFLNK)) {
37 /* We don't explicitly check for alias loops here. unit_ids_map_get() which
38 * limits the number of hops should be used to access the map. */
39
40--
412.17.1
42
diff --git a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch b/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch
deleted file mode 100644
index f9c5996ffb..0000000000
--- a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From dc0a6a9fe4da9738efaba942233ad39da625a918 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 21 Feb 2019 16:28:21 +0800
4Subject: [PATCH 4/5] rules: whitelist hd* devices
5
6qemu by default emulates IDE and the linux-yocto kernel(s) use
7CONFIG_IDE instead of the more modern libsata, so disks appear as
8/dev/hd*. Patch rejected upstream because CONFIG_IDE is deprecated.
9
10Upstream-Status: Denied [https://github.com/systemd/systemd/pull/1276]
11
12Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
13Signed-off-by: Khem Raj <raj.khem@gmail.com>
14[rebased for systemd 241]
15Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
16[rebased for systemd 243]
17Signed-off-by: Scott Murray <scott.murray@konsulko.com>
18---
19 rules/60-persistent-storage.rules | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
23index 7802b1c94f..c0534ae26a 100644
24--- a/rules/60-persistent-storage.rules
25+++ b/rules/60-persistent-storage.rules
26@@ -7,7 +7,7 @@ ACTION=="remove", GOTO="persistent_storage_end"
27 ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end"
28
29 SUBSYSTEM!="block", GOTO="persistent_storage_end"
30-KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", GOTO="persistent_storage_end"
31+KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", GOTO="persistent_storage_end"
32
33 # ignore partitions that span the entire disk
34 TEST=="whole_disk", GOTO="persistent_storage_end"
diff --git a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch b/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch
deleted file mode 100644
index 96175b5b5e..0000000000
--- a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From d1bccc721dd8f43fee29c5df0e9b78345e69f4b6 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 21 Feb 2019 16:38:38 +0800
4Subject: [PATCH 5/5] rules: watch metadata changes in ide devices
5
6Formatting IDE storage does not trigger "change" uevents. As a result
7clients using udev API don't get any updates afterwards and get outdated
8information about the device.
9...
10root@qemux86-64:~# mkfs.ext4 -F /dev/hda1
11Creating filesystem with 262144 4k blocks and 65536 inodes
12Filesystem UUID: 98791eb2-2bf3-47ad-b4d8-4cf7e914eee2
13
14root@qemux86-64:~# ls /dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2
15ls: cannot access '/dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2': No such file or directory
16...
17Include hd* in a match for watch option assignment.
18
19Upstream-Status: Denied
20
21qemu by default emulates IDE and the linux-yocto kernel(s) use
22CONFIG_IDE instead of the more modern libsata, so disks appear as
23/dev/hd*. A similar patch rejected by upstream because CONFIG_IDE
24is deprecated.
25
26Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
27[rebased for systemd 241]
28Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
29[rebased for systemd 243]
30Signed-off-by: Scott Murray <scott.murray@konsulko.com>
31---
32 rules/60-block.rules | 2 +-
33 1 file changed, 1 insertion(+), 1 deletion(-)
34
35diff --git a/rules/60-block.rules b/rules/60-block.rules
36index 3134ab995e..cd72a494a1 100644
37--- a/rules/60-block.rules
38+++ b/rules/60-block.rules
39@@ -9,5 +9,5 @@ ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block",
40
41 # watch metadata changes, caused by tools closing the device node which was opened for writing
42 ACTION!="remove", SUBSYSTEM=="block", \
43- KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", \
44+ KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", \
45 OPTIONS+="watch"
diff --git a/meta/recipes-core/systemd/systemd_243.2.bb b/meta/recipes-core/systemd/systemd_243.4.bb
index e31fac8c56..a0d10e03be 100644
--- a/meta/recipes-core/systemd/systemd_243.2.bb
+++ b/meta/recipes-core/systemd/systemd_243.4.bb
@@ -20,10 +20,6 @@ SRC_URI += "file://touchscreen.rules \
20 file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ 20 file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
21 file://0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch \ 21 file://0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch \
22 file://0003-implment-systemd-sysv-install-for-OE.patch \ 22 file://0003-implment-systemd-sysv-install-for-OE.patch \
23 file://0004-rules-whitelist-hd-devices.patch \
24 file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
25 file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \
26 file://0001-seccomp-more-comprehensive-protection-against-libsec.patch \
27 file://99-default.preset \ 23 file://99-default.preset \
28 " 24 "
29 25