Skip to content
Snippets Groups Projects
Commit 608f1c33 authored by Apertis CI's avatar Apertis CI
Browse files

Merge updates from debian/buster

parents 3bcab76c ddb38744
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 896 additions and 16 deletions
debian/changelog
+ 68
0
View file @ 608f1c33
systemd (241-7~deb10u4co1) UNRELEASED; urgency=medium
* PLEASE SUMMARIZE remaining Apertis changes
-- root <ritesh.sarraf@collabora.co.uk> Tue, 26 May 2020 11:41:53 +0000
systemd (241-7~deb10u4) buster; urgency=medium
* polkit: when authorizing via PolicyKit re-resolve callback/userdata
instead of caching it.
This fixes a heap use-after-free vulnerability in systemd, when
asynchronous PolicyKit queries are performed while handling DBus messages.
CVE-2020-1712 (Closes: #950732)
* Install 60-block.rules in udev-udeb and initramfs-tools.
The block device rules were split out from 60-persistent-storage.rules
into its own rules file in v220. Those rules ensure that change events
are emitted and the udev db is updated after metadata changes.
Thanks to Pascal Hambourg (Closes: #958397)
-- Michael Biebl <biebl@debian.org> Mon, 27 Apr 2020 19:02:57 +0200
systemd (241-7~deb10u3) buster; urgency=medium
* core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX.
Since kernel 5.2 (but also stable kernels like 4.19.53) the kernel
thankfully returns proper errors when we write a value out of range to
the sysctl. Which however breaks writing ULONG_MAX to request the
maximum value. Hence let's write the new maximum value instead,
LONG_MAX. (Closes: #945018)
* core: change ownership/mode of the execution directories also for static
users.
This ensures that execution directories like CacheDirectory and
StateDirectory are properly chowned to the user specified in User= before
launching the service. (Closes: #919231)
-- Michael Biebl <biebl@debian.org> Wed, 29 Jan 2020 19:07:53 +0100
systemd (241-7~deb10u2) buster; urgency=medium
* core: never propagate reload failure to service result.
Fixes a regression introduced in v239 where the main process of a
service unit gets killed on reload if ExecReload fails. (Closes: #936032)
* shared/seccomp: add sync_file_range2.
Some architectures need the arguments to be reordered because of alignment
issues. Otherwise, it's the same as sync_file_range.
Fixes sync_file_range failures in nspawn containers on arm, ppc.
(Closes: #935091)
* core: factor root_directory application out of apply_working_directory.
Fixes RootDirectory not working when used in combination with User.
(Closes: #939408)
* shared/bus-util: drop trusted annotation from
bus_open_system_watch_bind_with_description().
This ensures that access controls on systemd-resolved's D-Bus interface
are enforced properly.
(CVE-2019-15718, Closes: #939353)
* login: add a missing error check for session_set_leader()
Fixes assertion due to insufficient function return check.
(Closes: #939998)
* d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
(Closes: #934589)
* d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space
* namespace: make MountFlags=shared work again (Closes: #939551)
* mount/generators: do not make unit wanted by its device unit.
Among other things, this fixes StopWhenUnneeded=true being broken for
mount units. (Closes: #941758)
-- Michael Biebl <biebl@debian.org> Wed, 16 Oct 2019 15:24:54 +0200
systemd (241-7~deb10u1co4) apertis; urgency=medium
* AppArmor: Fix conflict with chaiwala-apparmor-profiles
......
debian/extra/initramfs-tools/hooks/udev
+ 2
1
View file @ 608f1c33
......@@ -28,7 +28,8 @@ if [ -d /etc/systemd/network ]; then
fi
mkdir -p "$DESTDIR/lib/udev/rules.d/"
for rules in 50-firmware.rules 50-udev-default.rules 60-persistent-storage.rules \
for rules in 50-firmware.rules 50-udev-default.rules \
60-block.rules 60-persistent-storage.rules \
61-persistent-storage-android.rules 71-seat.rules 73-special-net-names.rules \
73-usb-net-by-mac.rules 75-net-description.rules \
80-net-setup-link.rules 80-drivers.rules; do
......
debian/extra/rules/73-usb-net-by-mac.rules
+ 7
2
View file @ 608f1c33
# Use MAC based names for network interfaces which are directly or indirectly
# on USB and have an universally administered (stable) MAC address (second bit
# is 0). Don't do this when ifnames is disabled via kernel command line or
# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules).
# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules)
# or if the interface name was provided by user-space.
ACTION=="remove", GOTO="usb_net_by_mac_end"
SUBSYSTEM!="net", GOTO="usb_net_by_mac_end"
ATTR{name_assign_type}=="3", GOTO="usb_net_by_mac_end"
IMPORT{cmdline}="net.ifnames"
ENV{net.ifnames}=="0", GOTO="usb_net_by_mac_end"
ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", NAME=="", \
SUBSYSTEMS=="usb", NAME=="", \
ATTR{address}=="?[014589cd]:*", \
TEST!="/etc/udev/rules.d/80-net-setup-link.rules", \
TEST!="/etc/systemd/network/99-default.link", \
......
debian/gbp.conf
+ 2
1
View file @ 608f1c33
[DEFAULT]
pristine-tar = True
patch-numbers = False
debian-branch = buster
debian-branch = debian/buster
upstream-branch = upstream/latest
[dch]
full = True
......
debian/patches/Fix-typo-in-function-name.patch 0 → 100644
+ 77
0
View file @ 608f1c33
From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 4 Feb 2020 18:39:04 +0100
Subject: Fix typo in function name
(cherry picked from commit bc130b6858327b382b07b3985cf48e2aa9016b2d)
(cherry picked from commit b4eb8848240c3540180e4768216a0b884a5ed783)
(cherry picked from commit f14fa558ae9e139c94ee3af4a1ef1df313b2ff66)
(cherry picked from commit dd8aa0871d9cafa60a916d4ec01dd82d64edf7ed)
---
TODO | 2 +-
src/libsystemd/sd-bus/bus-message.h | 2 +-
src/libsystemd/sd-bus/sd-bus.c | 8 ++++----
src/shared/bus-polkit.c | 2 +-
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/TODO b/TODO
index 462db57..327fead 100644
--- a/TODO
+++ b/TODO
@@ -138,7 +138,7 @@ Features:
* the a-posteriori stopping of units bound to units that disappeared logic
should be reworked: there should be a queue of units, and we should only
- enqeue stop jobs from a defer event that processes queue instead of
+ enqueue stop jobs from a defer event that processes queue instead of
right-away when we find a unit that is bound to one that doesn't exist
anymore. (similar to how the stop-unneeded queue has been reworked the same
way)
diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h
index 7fd3f11..849d638 100644
--- a/src/libsystemd/sd-bus/bus-message.h
+++ b/src/libsystemd/sd-bus/bus-message.h
@@ -211,4 +211,4 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m);
void bus_message_set_sender_driver(sd_bus *bus, sd_bus_message *m);
void bus_message_set_sender_local(sd_bus *bus, sd_bus_message *m);
-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m);
+int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m);
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 94380af..c20adcf 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -4145,7 +4145,7 @@ _public_ int sd_bus_get_close_on_exit(sd_bus *bus) {
return bus->close_on_exit;
}
-int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) {
+int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) {
int r;
assert_return(bus, -EINVAL);
@@ -4157,9 +4157,9 @@ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) {
if (!BUS_IS_OPEN(bus->state))
return -ENOTCONN;
- /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication,
- * where we want accept a message, then determine we need to interactively authenticate the user, and
- * when we have that process the message again. */
+ /* Re-enqueue a message for reading. This is primarily useful for PolicyKit-style authentication,
+ * where we accept a message, then determine we need to interactively authenticate the user, and then
+ * we want to process the message again. */
r = bus_rqueue_make_room(bus);
if (r < 0)
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 02c11aa..d1d2456 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -236,7 +236,7 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
if (r < 0)
goto fail;
- r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request);
+ r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request);
if (r < 0)
goto fail;
debian/patches/bus-polkit-rename-return-error-parameter-to-ret_error.patch 0 → 100644
+ 67
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 14:29:43 +0100
Subject: bus-polkit: rename return error parameter to ret_error
(cherry picked from commit 773b1a7916bfce3aa2a21ecf534d475032e8528e)
(cherry picked from commit 5b2442d5c3ec1c86a3a8d1c1abe3234a570ba5e6)
(cherry picked from commit 4441844d5889a39d9d059c30e5d94c916d9d6735)
(cherry picked from commit 816d5e2d6dd83a3bd0ff56a352295831cb937198)
---
src/shared/bus-polkit.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index da4aee5..f93aa17 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -37,7 +37,7 @@ int bus_test_polkit(
const char **details,
uid_t good_user,
bool *_challenge,
- sd_bus_error *e) {
+ sd_bus_error *ret_error) {
int r;
@@ -102,11 +102,11 @@ int bus_test_polkit(
if (r < 0)
return r;
- r = sd_bus_call(call->bus, request, 0, e, &reply);
+ r = sd_bus_call(call->bus, request, 0, ret_error, &reply);
if (r < 0) {
/* Treat no PK available as access denied */
- if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
- sd_bus_error_free(e);
+ if (sd_bus_error_has_name(ret_error, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
+ sd_bus_error_free(ret_error);
return -EACCES;
}
@@ -196,7 +196,7 @@ int bus_verify_polkit_async(
bool interactive,
uid_t good_user,
Hashmap **registry,
- sd_bus_error *error) {
+ sd_bus_error *ret_error) {
#if ENABLE_POLKIT
_cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
@@ -237,7 +237,7 @@ int bus_verify_polkit_async(
return -EACCES;
/* Copy error from polkit reply */
- sd_bus_error_copy(error, e);
+ sd_bus_error_copy(ret_error, e);
return -sd_bus_error_get_errno(e);
}
@@ -251,7 +251,7 @@ int bus_verify_polkit_async(
return 1;
if (challenge)
- return sd_bus_error_set(error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+ return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
return -EACCES;
}
debian/patches/bus-util-treat-org.freedesktop.DBus.Error.ServiceUnknown-.patch 0 → 100644
+ 34
0
View file @ 608f1c33
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 4 Apr 2019 13:35:29 +0900
Subject: bus-util: treat org.freedesktop.DBus.Error.ServiceUnknown nicely
when polkit does not exist
Fixes #12209.
(cherry picked from commit 8c69fe79df6394f6b8b8d0bb536a265caf417868)
(cherry picked from commit 0bb488b22144aeb87d93e97123f71babe116261f)
---
src/shared/bus-util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 9d31fba..a406dd8 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -410,14 +410,14 @@ int bus_verify_polkit_async(
if (sd_bus_message_is_method_error(q->reply, NULL)) {
const sd_bus_error *e;
- /* Copy error from polkit reply */
e = sd_bus_message_get_error(q->reply);
- sd_bus_error_copy(error, e);
/* Treat no PK available as access denied */
if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN))
return -EACCES;
+ /* Copy error from polkit reply */
+ sd_bus_error_copy(error, e);
return -sd_bus_error_get_errno(e);
}
debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch 0 → 100644
+ 85
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Mar 2019 17:19:30 +0100
Subject: core: change ownership/mode of the execution directories also for
static users
It's probably unexpected if we do a recursive chown() when dynamic users
are used but not on static users.
hence, let's tweak the logic slightly, and recursively chown in both
cases, except when operating on the configuration directory.
Fixes: #11842
(cherry picked from commit 206e9864de460dd79d9edd7bedb47dee168765e1)
---
src/core/execute.c | 47 ++++++++++++++++++++++++++---------------------
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 5486e37..5c3930e 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2151,37 +2151,42 @@ static int setup_exec_directory(
if (r < 0)
goto fail;
- /* Lock down the access mode */
- if (chmod(pp, context->directories[type].mode) < 0) {
- r = -errno;
- goto fail;
- }
} else {
r = mkdir_label(p, context->directories[type].mode);
if (r < 0) {
- struct stat st;
-
if (r != -EEXIST)
goto fail;
- if (stat(p, &st) < 0) {
- r = -errno;
- goto fail;
- }
- if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0)
- log_warning("%s \'%s\' already exists but the mode is different. "
- "(filesystem: %o %sMode: %o)",
- exec_directory_type_to_string(type), *rt,
- st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
- if (!context->dynamic_user)
+ if (type == EXEC_DIRECTORY_CONFIGURATION) {
+ struct stat st;
+
+ /* Don't change the owner/access mode of the configuration directory,
+ * as in the common case it is not written to by a service, and shall
+ * not be writable. */
+
+ if (stat(p, &st) < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ /* Still complain if the access mode doesn't match */
+ if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0)
+ log_warning("%s \'%s\' already exists but the mode is different. "
+ "(File system: %o %sMode: %o)",
+ exec_directory_type_to_string(type), *rt,
+ st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
+
continue;
+ }
}
}
- /* Don't change the owner of the configuration directory, as in the common case it is not written to by
- * a service, and shall not be writable. */
- if (type == EXEC_DIRECTORY_CONFIGURATION)
- continue;
+ /* Lock down the access mode (we use chmod_and_chown() to make this idempotent. We don't
+ * specifiy UID/GID here, so that path_chown_recursive() can optimize things depending on the
+ * current UID/GID ownership.) */
+ r = chmod_and_chown(pp ?: p, context->directories[type].mode, UID_INVALID, GID_INVALID);
+ if (r < 0)
+ goto fail;
/* Then, change the ownership of the whole tree, if necessary */
r = path_chown_recursive(pp ?: p, uid, gid);
debian/patches/core-factor-root_directory-application-out-of-apply_worki.patch 0 → 100644
+ 89
0
View file @ 608f1c33
From: Joerg Behrmann <behrmann@physik.fu-berlin.de>
Date: Fri, 21 Jun 2019 13:51:53 +0200
Subject: core: factor root_directory application out of
apply_working_directory
Fixes: #12498
(cherry picked from commit fa97f63067a05b4e793fd4e0a2b54797459b4812)
---
src/core/execute.c | 38 ++++++++++++++++++++++++++++----------
1 file changed, 28 insertions(+), 10 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index a708231..47518f4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2480,7 +2480,6 @@ static int apply_working_directory(
const ExecContext *context,
const ExecParameters *params,
const char *home,
- const bool needs_mount_ns,
int *exit_status) {
const char *d, *wd;
@@ -2502,15 +2501,9 @@ static int apply_working_directory(
else
wd = "/";
- if (params->flags & EXEC_APPLY_CHROOT) {
- if (!needs_mount_ns && context->root_directory)
- if (chroot(context->root_directory) < 0) {
- *exit_status = EXIT_CHROOT;
- return -errno;
- }
-
+ if (params->flags & EXEC_APPLY_CHROOT)
d = wd;
- } else
+ else
d = prefix_roota(context->root_directory, wd);
if (chdir(d) < 0 && !context->working_directory_missing_ok) {
@@ -2521,6 +2514,26 @@ static int apply_working_directory(
return 0;
}
+static int apply_root_directory(
+ const ExecContext *context,
+ const ExecParameters *params,
+ const bool needs_mount_ns,
+ int *exit_status) {
+
+ assert(context);
+ assert(exit_status);
+
+ if (params->flags & EXEC_APPLY_CHROOT) {
+ if (!needs_mount_ns && context->root_directory)
+ if (chroot(context->root_directory) < 0) {
+ *exit_status = EXIT_CHROOT;
+ return -errno;
+ }
+ }
+
+ return 0;
+}
+
static int setup_keyring(
const Unit *u,
const ExecContext *context,
@@ -3425,6 +3438,11 @@ static int exec_child(
}
}
+ /* chroot to root directory first, before we lose the ability to chroot */
+ r = apply_root_directory(context, params, needs_mount_namespace, exit_status);
+ if (r < 0)
+ return log_unit_error_errno(unit, r, "Chrooting to the requested root directory failed: %m");
+
if (needs_setuid) {
if (context->user) {
r = enforce_user(context, uid);
@@ -3457,7 +3475,7 @@ static int exec_child(
/* Apply working directory here, because the working directory might be on NFS and only the user running
* this service might have the correct privilege to change to the working directory */
- r = apply_working_directory(context, params, home, needs_mount_namespace, exit_status);
+ r = apply_working_directory(context, params, home, exit_status);
if (r < 0)
return log_unit_error_errno(unit, r, "Changing to the requested working directory failed: %m");
debian/patches/core-never-propagate-reload-failure-to-service-result.patch 0 → 100644
+ 23
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Jul 2019 19:16:33 +0200
Subject: core: never propagate reload failure to service result
Fixes: #11238
(cherry picked from commit d611cfa748aaf600832160132774074e808c82c7)
---
src/core/service.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 324dcf2..5f5bcb3 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -3335,7 +3335,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
service_exec_command_to_string(s->control_command_id),
code, status);
- if (s->result == SERVICE_SUCCESS)
+ if (s->state != SERVICE_RELOAD && s->result == SERVICE_SUCCESS)
s->result = f;
if (s->control_command &&
debian/patches/core-set-fs.file-max-sysctl-to-LONG_MAX-rather-than-ULONG.patch 0 → 100644
+ 34
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 17 Jun 2019 10:51:25 +0200
Subject: core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX
Since kernel 5.2 the kernel thankfully returns proper errors when we
write a value out of range to the sysctl. Which however breaks writing
ULONG_MAX to request the maximum value. Hence let's write the new
maximum value instead, LONG_MAX.
/cc @brauner
Fixes: #12803
(cherry picked from commit 6e2f78948403a4cce45b9e34311c9577c624f066)
---
src/core/main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index bc7fcc6..255e204 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1200,9 +1200,9 @@ static void bump_file_max_and_nr_open(void) {
#endif
#if BUMP_PROC_SYS_FS_FILE_MAX
- /* I so wanted to use STRINGIFY(ULONG_MAX) here, but alas we can't as glibc/gcc define that as
- * "(0x7fffffffffffffffL * 2UL + 1UL)". Seriously. 😢 */
- if (asprintf(&t, "%lu\n", ULONG_MAX) < 0) {
+ /* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where
+ * different but the operation would fail silently.) */
+ if (asprintf(&t, "%li\n", LONG_MAX) < 0) {
log_oom();
return;
}
debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
+ 1
1
View file @ 608f1c33
......@@ -19,7 +19,7 @@ Bug-Debian: https://bugs.debian.org/815020
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index bc7fcc6..87bee9f 100644
index 255e204..7f8dfe4 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2459,8 +2459,6 @@ int main(int argc, char *argv[]) {
......
debian/patches/debian/Use-Debian-specific-config-files.patch
+ 11
11
View file @ 608f1c33
......@@ -80,10 +80,10 @@ index aa4a89c..8f36bbe 100644
char *s;
diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
index 6b6b32a..cb63d45 100644
index c203c7a..f4ee123 100644
--- a/src/locale/keymap-util.c
+++ b/src/locale/keymap-util.c
@@ -95,6 +95,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) {
@@ -97,6 +97,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) {
int locale_read_data(Context *c, sd_bus_message *m) {
struct stat st;
int r;
......@@ -91,7 +91,7 @@ index 6b6b32a..cb63d45 100644
/* Do not try to re-read the file within single bus operation. */
if (m) {
@@ -105,7 +106,11 @@ int locale_read_data(Context *c, sd_bus_message *m) {
@@ -107,7 +108,11 @@ int locale_read_data(Context *c, sd_bus_message *m) {
c->locale_cache = sd_bus_message_ref(m);
}
......@@ -104,7 +104,7 @@ index 6b6b32a..cb63d45 100644
if (r < 0 && errno != ENOENT)
return -errno;
@@ -120,7 +125,7 @@ int locale_read_data(Context *c, sd_bus_message *m) {
@@ -122,7 +127,7 @@ int locale_read_data(Context *c, sd_bus_message *m) {
c->locale_mtime = t;
context_free_locale(c);
......@@ -113,7 +113,7 @@ index 6b6b32a..cb63d45 100644
"LANG", &c->locale[VARIABLE_LANG],
"LANGUAGE", &c->locale[VARIABLE_LANGUAGE],
"LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE],
@@ -201,8 +206,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) {
@@ -203,8 +208,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) {
}
int x11_read_data(Context *c, sd_bus_message *m) {
......@@ -122,7 +122,7 @@ index 6b6b32a..cb63d45 100644
struct stat st;
usec_t t;
int r;
@@ -216,7 +219,7 @@ int x11_read_data(Context *c, sd_bus_message *m) {
@@ -218,7 +221,7 @@ int x11_read_data(Context *c, sd_bus_message *m) {
c->x11_cache = sd_bus_message_ref(m);
}
......@@ -131,7 +131,7 @@ index 6b6b32a..cb63d45 100644
if (errno != ENOENT)
return -errno;
@@ -233,61 +236,14 @@ int x11_read_data(Context *c, sd_bus_message *m) {
@@ -235,61 +238,14 @@ int x11_read_data(Context *c, sd_bus_message *m) {
c->x11_mtime = t;
context_free_x11(c);
......@@ -200,7 +200,7 @@ index 6b6b32a..cb63d45 100644
return 0;
}
@@ -296,9 +252,18 @@ int locale_write_data(Context *c, char ***settings) {
@@ -298,9 +254,18 @@ int locale_write_data(Context *c, char ***settings) {
_cleanup_strv_free_ char **l = NULL;
struct stat st;
int r, p;
......@@ -219,7 +219,7 @@ index 6b6b32a..cb63d45 100644
for (p = 0; p < _VARIABLE_LC_MAX; p++) {
_cleanup_free_ char *t = NULL;
char **u;
@@ -321,20 +286,20 @@ int locale_write_data(Context *c, char ***settings) {
@@ -323,20 +288,20 @@ int locale_write_data(Context *c, char ***settings) {
}
if (strv_isempty(l)) {
......@@ -243,7 +243,7 @@ index 6b6b32a..cb63d45 100644
c->locale_mtime = timespec_load(&st.st_mtim);
return 0;
@@ -402,70 +367,104 @@ int vconsole_write_data(Context *c) {
@@ -404,70 +369,104 @@ int vconsole_write_data(Context *c) {
}
int x11_write_data(Context *c) {
......@@ -392,7 +392,7 @@ index 6b6b32a..cb63d45 100644
return r;
}
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index 324d4a4..4d54ac3 100644
index 398d4f4..d681d58 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -215,6 +215,7 @@ static int context_read_data(Context *c) {
......
debian/patches/execute-remove-one-redundant-comparison-check.patch 0 → 100644
+ 29
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Mar 2019 17:01:46 +0100
Subject: execute: remove one redundant comparison check
(cherry picked from commit d484580ca6f0e79abe6f3f5c677323a22d9e22d7)
---
src/core/execute.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index f2a4c54..5486e37 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2158,11 +2158,12 @@ static int setup_exec_directory(
}
} else {
r = mkdir_label(p, context->directories[type].mode);
- if (r < 0 && r != -EEXIST)
- goto fail;
- if (r == -EEXIST) {
+ if (r < 0) {
struct stat st;
+ if (r != -EEXIST)
+ goto fail;
+
if (stat(p, &st) < 0) {
r = -errno;
goto fail;
debian/patches/login-add-a-missing-error-check-for-session_set_leader.patch 0 → 100644
+ 29
0
View file @ 608f1c33
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 14 Feb 2019 10:59:13 +0900
Subject: login: add a missing error check for session_set_leader()
session_set_leader() may fail. If it fails, then manager_start_scope()
will trigger assertion.
This may be related to RHBZ#1663704.
(cherry picked from commit fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe)
---
src/login/logind-dbus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 8ab498f..b9ea370 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -790,7 +790,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
goto fail;
session_set_user(session, user);
- session_set_leader(session, leader);
+ r = session_set_leader(session, leader);
+ if (r < 0)
+ goto fail;
session->type = t;
session->class = c;
debian/patches/mount-generators-do-not-make-unit-wanted-by-its-device-un.patch 0 → 100644
+ 58
0
View file @ 608f1c33
From: Tom Yan <tom.ty89@gmail.com>
Date: Wed, 9 Jan 2019 23:35:24 +0800
Subject: mount/generators: do not make unit wanted by its device unit
As device units will be reloaded by systemd whenever the corresponding device generates a "changed" event, if the mount unit / cryptsetup service is wanted by its device unit, the former can be restarted by systemd unexpectedly after the user stopped them explicitly. It is not sensible at all and can be considered dangerous. Neither is the behaviour conventional (as `auto` in fstab should only affect behaviour on boot and `mount -a`) or ever documented at all (not even in systemd, see systemd.mount(5) and crypttab(5)).
(cherry picked from commit 142b8142d7bb84f07ac33fc00527a4d48ac8ef9f)
---
src/core/mount.c | 6 +-----
src/cryptsetup/cryptsetup-generator.c | 4 ----
2 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index c31cad6..7064fa1 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -338,7 +338,6 @@ static int mount_add_mount_dependencies(Mount *m) {
}
static int mount_add_device_dependencies(Mount *m) {
- bool device_wants_mount;
UnitDependencyMask mask;
MountParameters *p;
UnitDependency dep;
@@ -368,9 +367,6 @@ static int mount_add_device_dependencies(Mount *m) {
if (path_equal(m->where, "/"))
return 0;
- device_wants_mount =
- mount_is_auto(p) && !mount_is_automount(p) && MANAGER_IS_SYSTEM(UNIT(m)->manager);
-
/* Mount units from /proc/self/mountinfo are not bound to devices
* by default since they're subject to races when devices are
* unplugged. But the user can still force this dep with an
@@ -381,7 +377,7 @@ static int mount_add_device_dependencies(Mount *m) {
/* We always use 'what' from /proc/self/mountinfo if mounted */
mask = m->from_proc_self_mountinfo ? UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT : UNIT_DEPENDENCY_FILE;
- r = unit_add_node_dependency(UNIT(m), p->what, device_wants_mount, dep, mask);
+ r = unit_add_node_dependency(UNIT(m), p->what, false, dep, mask);
if (r < 0)
return r;
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 8759a26..ea18e84 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -287,10 +287,6 @@ static int create_disk(
return log_error_errno(r, "Failed to write unit file %s: %m", n);
if (!noauto) {
- r = generator_add_symlink(arg_dest, d, "wants", n);
- if (r < 0)
- return r;
-
r = generator_add_symlink(arg_dest,
netdev ? "remote-cryptsetup.target" : "cryptsetup.target",
nofail ? "wants" : "requires", n);
debian/patches/mount-remove-unused-mount_is_auto-and-mount_is_automount.patch 0 → 100644
+ 34
0
View file @ 608f1c33
From: Tom Yan <tom.ty89@gmail.com>
Date: Thu, 10 Jan 2019 00:19:43 +0800
Subject: mount: remove unused mount_is_auto and mount_is_automount
(cherry picked from commit d0fe45cb151774827a3aca4ea5a19856dec9f600)
---
src/core/mount.c | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 7064fa1..8da818b 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -101,20 +101,6 @@ static bool mount_is_bind(const MountParameters *p) {
return false;
}
-static bool mount_is_auto(const MountParameters *p) {
- assert(p);
-
- return !fstab_test_option(p->options, "noauto\0");
-}
-
-static bool mount_is_automount(const MountParameters *p) {
- assert(p);
-
- return fstab_test_option(p->options,
- "comment=systemd.automount\0"
- "x-systemd.automount\0");
-}
-
static bool mount_is_bound_to_device(const Mount *m) {
const MountParameters *p;
debian/patches/namespace-make-MountFlags-shared-work-again.patch 0 → 100644
+ 58
0
View file @ 608f1c33
From: Franck Bui <fbui@suse.com>
Date: Wed, 13 Feb 2019 18:45:36 +0100
Subject: namespace: make MountFlags=shared work again
Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is
unconditionnally turned to slave which breaks units that are using explicitly
MountFlags=shared (and no other options that would implicitly require a slave
root mountpoint).
Here is a test case:
$ systemctl cat test-shared-mount-flag.service
# /etc/systemd/system/test-shared-mount-flag.service
[Service]
Type=simple
ExecStartPre=/usr/bin/mkdir -p /mnt/tmp
ExecStart=/bin/sh -c "/usr/bin/mount -t tmpfs -o size=10M none /mnt/tmp && sleep infinity"
ExecStop=-/bin/sh -c "/usr/bin/umount /mnt/tmp"
MountFlags=shared
$ systemctl start test-shared-mount-flag.service
$ findmnt /mnt/tmp
$
Mount on /mnt/tmp is not visible from the host although MountFlags=shared was
used.
This patch fixes that and turns the root mountpoint to slave when it's really
required.
(cherry picked from commit 37ed15d7edaf59a1fc7c9e3552cd93a83f3814ef)
---
src/core/execute.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 47518f4..f2a4c54 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1839,7 +1839,7 @@ static bool exec_needs_mount_namespace(
if (context->n_temporary_filesystems > 0)
return true;
- if (context->mount_flags != 0)
+ if (!IN_SET(context->mount_flags, 0, MS_SHARED))
return true;
if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
@@ -2435,6 +2435,9 @@ static int apply_mount_namespace(
else
ns_info = (NamespaceInfo) {};
+ if (context->mount_flags == MS_SHARED)
+ log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
+
r = setup_namespace(root_dir, root_image,
&ns_info, context->read_write_paths,
needs_sandboxing ? context->read_only_paths : NULL,
debian/patches/polkit-on-async-pk-requests-re-validate-action-details.patch 0 → 100644
+ 81
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 16:52:10 +0100
Subject: polkit: on async pk requests, re-validate action/details
When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.
(cherry picked from commit 7f56982289275ce84e20f0554475864953e6aaab)
(cherry picked from commit 0697d0d972c8d91395eb539a8e87e4aec8b37b75)
(cherry picked from commit 54791aff01aa93a8b621808d80ab506b54f245c8)
(cherry picked from commit 70d0f5ea5952a0cedd84c352070613df4ba5fc8f)
---
src/shared/bus-polkit.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 81193b8..6343dd6 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -155,6 +155,9 @@ int bus_test_polkit(
#if ENABLE_POLKIT
typedef struct AsyncPolkitQuery {
+ char *action;
+ char **details;
+
sd_bus_message *request, *reply;
sd_bus_message_handler_t callback;
void *userdata;
@@ -175,6 +178,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
sd_bus_message_unref(q->request);
sd_bus_message_unref(q->reply);
+ free(q->action);
+ strv_free(q->details);
+
free(q);
}
@@ -239,11 +245,17 @@ int bus_verify_polkit_async(
if (q) {
int authorized, challenge;
- /* This is the second invocation of this function, and
- * there's already a response from polkit, let's
- * process it */
+ /* This is the second invocation of this function, and there's already a response from
+ * polkit, let's process it */
assert(q->reply);
+ /* If the operation we want to authenticate changed between the first and the second time,
+ * let's not use this authentication, it might be out of date as the object and context we
+ * operate on might have changed. */
+ if (!streq(q->action, action) ||
+ !strv_equal(q->details, (char**) details))
+ return -ESTALE;
+
if (sd_bus_message_is_method_error(q->reply, NULL)) {
const sd_bus_error *e;
@@ -339,6 +351,18 @@ int bus_verify_polkit_async(
q->callback = callback;
q->userdata = userdata;
+ q->action = strdup(action);
+ if (!q->action) {
+ async_polkit_query_free(q);
+ return -ENOMEM;
+ }
+
+ q->details = strv_copy((char**) details);
+ if (!q->details) {
+ async_polkit_query_free(q);
+ return -ENOMEM;
+ }
+
r = hashmap_put(*registry, call, q);
if (r < 0) {
async_polkit_query_free(q);
debian/patches/polkit-reuse-some-common-bus-message-appending-code.patch 0 → 100644
+ 107
0
View file @ 608f1c33
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Jan 2020 16:44:43 +0100
Subject: polkit: reuse some common bus message appending code
(cherry picked from commit 95f82ae9d774f3508ce89dcbdd0714ef7385df59)
(cherry picked from commit 2589995acdb297a073270b54d8fff54b98fa57e9)
(cherry picked from commit 81532beddcc3b7946a573e15641742c452c66db7)
(cherry picked from commit 18b7b7fe307f03928bfea3ef0663048b7be6e4fb)
---
src/shared/bus-polkit.c | 56 ++++++++++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 24 deletions(-)
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index f93aa17..81193b8 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -30,6 +30,34 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
return sender_uid == good_user;
}
+#if ENABLE_POLKIT
+static int bus_message_append_strv_key_value(
+ sd_bus_message *m,
+ const char **l) {
+
+ const char **k, **v;
+ int r;
+
+ assert(m);
+
+ r = sd_bus_message_open_container(m, 'a', "{ss}");
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH_PAIR(k, v, l) {
+ r = sd_bus_message_append(m, "{ss}", *k, *v);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_bus_message_close_container(m);
+ if (r < 0)
+ return r;
+
+ return r;
+}
+#endif
+
int bus_test_polkit(
sd_bus_message *call,
int capability,
@@ -60,7 +88,7 @@ int bus_test_polkit(
_cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
int authorized = false, challenge = false;
- const char *sender, **k, **v;
+ const char *sender;
sender = sd_bus_message_get_sender(call);
if (!sender)
@@ -84,17 +112,7 @@ int bus_test_polkit(
if (r < 0)
return r;
- r = sd_bus_message_open_container(request, 'a', "{ss}");
- if (r < 0)
- return r;
-
- STRV_FOREACH_PAIR(k, v, details) {
- r = sd_bus_message_append(request, "{ss}", *k, *v);
- if (r < 0)
- return r;
- }
-
- r = sd_bus_message_close_container(request);
+ r = bus_message_append_strv_key_value(request, details);
if (r < 0)
return r;
@@ -201,7 +219,7 @@ int bus_verify_polkit_async(
#if ENABLE_POLKIT
_cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
- const char *sender, **k, **v;
+ const char *sender;
sd_bus_message_handler_t callback;
void *userdata;
int c;
@@ -305,17 +323,7 @@ int bus_verify_polkit_async(
if (r < 0)
return r;
- r = sd_bus_message_open_container(pk, 'a', "{ss}");
- if (r < 0)
- return r;
-
- STRV_FOREACH_PAIR(k, v, details) {
- r = sd_bus_message_append(pk, "{ss}", *k, *v);
- if (r < 0)
- return r;
- }
-
- r = sd_bus_message_close_container(pk);
+ r = bus_message_append_strv_key_value(pk, details);
if (r < 0)
return r;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
Apertis Website Terms of Use Privacy Policy