diff --git a/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/0001-util-never-follow-symlinks-in-rm_rf_children.patch new file mode 100644 index 0000000..a9a54f0 --- /dev/null +++ b/0001-util-never-follow-symlinks-in-rm_rf_children.patch @@ -0,0 +1,30 @@ +From 3496aedb2c09bd464964ee70cbf9cff2919dac5b Mon Sep 17 00:00:00 2001 +From: Michal Schmidt +Date: Fri, 2 Mar 2012 10:39:10 +0100 +Subject: [PATCH] util: never follow symlinks in rm_rf_children() + +The function checks if the entry is a directory before recursing, but +there is a window between the check and the open, during which the +directory could be replaced with a symlink. + +CVE-2012-1174 +https://bugzilla.redhat.com/show_bug.cgi?id=803358 +(cherry picked from commit 5ebff5337594d690b322078c512eb222d34aaa82) +--- + src/util.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 20cbc2b..dfc1dc6 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) { + if (is_dir) { + int subdir_fd; + +- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) { ++ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); ++ if (subdir_fd < 0) { + if (ret == 0 && errno != ENOENT) + ret = -errno; + continue; diff --git a/0002-man-fix-parameter-name-for-sd_uid_xxx.patch b/0002-man-fix-parameter-name-for-sd_uid_xxx.patch new file mode 100644 index 0000000..a58f8d2 --- /dev/null +++ b/0002-man-fix-parameter-name-for-sd_uid_xxx.patch @@ -0,0 +1,62 @@ +From 3cb385fec1784f7176b0087f8fc3a59933dadc28 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 20 Mar 2012 15:28:35 +0100 +Subject: [PATCH] man: fix parameter name for sd_uid_xxx() (cherry picked from + commit bd08f2422491169e92dc0899d5ba848fcae4c15c) + +--- + TODO | 4 ++++ + man/sd_uid_get_state.xml | 8 ++++---- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/TODO b/TODO +index d33ae7f..3e11f70 100644 +--- a/TODO ++++ b/TODO +@@ -18,6 +18,10 @@ Bugfixes: + + Features: + ++* show getty in container mode, not sulogin ++ ++* support container_ttys= ++ + * journald: make configurable "store-on-var", "store-on-run", "dont-store", "auto" + (store-persistent, store-volatile?) + +diff --git a/man/sd_uid_get_state.xml b/man/sd_uid_get_state.xml +index 6777625..9249021 100644 +--- a/man/sd_uid_get_state.xml ++++ b/man/sd_uid_get_state.xml +@@ -56,27 +56,27 @@ + + + int sd_uid_get_state +- uid_t pid ++ uid_t uid + char** state + + + + int sd_uid_is_on_seat +- uid_t pid ++ uid_t uid + int require_active + const char* seat + + + + int sd_uid_get_sessions +- uid_t pid ++ uid_t uid + int require_active + char*** sessions + + + + int sd_uid_get_seats +- uid_t pid ++ uid_t uid + int require_active + char*** seats + diff --git a/0003-bmfmt-allow-passing-more-than-one-config-file-name.patch b/0003-bmfmt-allow-passing-more-than-one-config-file-name.patch new file mode 100644 index 0000000..d6c8791 --- /dev/null +++ b/0003-bmfmt-allow-passing-more-than-one-config-file-name.patch @@ -0,0 +1,68 @@ +From ae4105c8963bfc8b3373b646cb8bdd5af18b83c1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 20 Mar 2012 15:29:49 +0100 +Subject: [PATCH] bmfmt: allow passing more than one config file name (cherry + picked from commit + 133176702a03e5f6264f35c403dd7720d9e05c3f) + +--- + src/binfmt/binfmt.c | 25 +++++++++++++++---------- + 1 files changed, 15 insertions(+), 10 deletions(-) + +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 0e60618..28925ac 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -118,11 +118,6 @@ finish: + int main(int argc, char *argv[]) { + int r = 0; + +- if (argc > 2) { +- log_error("This program expects one or no arguments."); +- return EXIT_FAILURE; +- } +- + log_set_target(LOG_TARGET_AUTO); + log_parse_environment(); + log_open(); +@@ -130,25 +125,35 @@ int main(int argc, char *argv[]) { + umask(0022); + + if (argc > 1) { +- r = apply_file(argv[1], false); ++ int i; ++ ++ for (i = 1; i < argc; i++) { ++ int k; ++ ++ k = apply_file(argv[1], false); ++ if (k < 0 && r == 0) ++ r = k; ++ } + } else { + char **files, **f; + +- /* Flush out all rules */ +- write_one_line_file("/proc/sys/fs/binfmt_misc/status", "-1"); +- + r = conf_files_list(&files, ".conf", + "/etc/binfmt.d", + "/run/binfmt.d", + "/usr/local/lib/binfmt.d", + "/usr/lib/binfmt.d", ++#ifdef HAVE_SPLIT_USR ++ "/lib/binfmt.d", ++#endif + NULL); +- + if (r < 0) { + log_error("Failed to enumerate binfmt.d files: %s", strerror(-r)); + goto finish; + } + ++ /* Flush out all rules */ ++ write_one_line_file("/proc/sys/fs/binfmt_misc/status", "-1"); ++ + STRV_FOREACH(f, files) { + int k; + diff --git a/0004-modules-load-drop-lib-from-search-path-if-we-don-t-h.patch b/0004-modules-load-drop-lib-from-search-path-if-we-don-t-h.patch new file mode 100644 index 0000000..0b93352 --- /dev/null +++ b/0004-modules-load-drop-lib-from-search-path-if-we-don-t-h.patch @@ -0,0 +1,55 @@ +From 12a8bd3e7f87fa6f94b08b01e37c2f9f71c94719 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 20 Mar 2012 15:30:42 +0100 +Subject: [PATCH] modules-load: drop /lib from search path if we don't have it + split off (cherry picked from commit + 4e2075ceea72b3e7e753bf5c6c0e8c4a3b68cdd9) + +--- + src/modules-load.c | 11 ++++++++--- + 1 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/modules-load.c b/src/modules-load.c +index 77fe3ea..ff1f690 100644 +--- a/src/modules-load.c ++++ b/src/modules-load.c +@@ -58,7 +58,8 @@ int main(int argc, char *argv[]) { + + umask(0022); + +- if (!(ctx = kmod_new(NULL, NULL))) { ++ ctx = kmod_new(NULL, NULL); ++ if (!ctx) { + log_error("Failed to allocate memory for kmod."); + goto finish; + } +@@ -72,7 +73,9 @@ int main(int argc, char *argv[]) { + "/run/modules-load.d", + "/usr/local/lib/modules-load.d", + "/usr/lib/modules-load.d", ++#ifdef HAVE_SPLIT_USR + "/lib/modules-load.d", ++#endif + NULL) < 0) { + log_error("Failed to enumerate modules-load.d files: %s", strerror(-r)); + goto finish; +@@ -99,7 +102,7 @@ int main(int argc, char *argv[]) { + struct kmod_list *itr, *modlist = NULL; + int err; + +- if (!(fgets(line, sizeof(line), f))) ++ if (!fgets(line, sizeof(line), f)) + break; + + l = strstrip(line); +@@ -114,7 +117,9 @@ int main(int argc, char *argv[]) { + } + + kmod_list_foreach(itr, modlist) { +- struct kmod_module *mod = kmod_module_get_module(itr); ++ struct kmod_module *mod; ++ ++ mod = kmod_module_get_module(itr); + err = kmod_module_probe_insert_module(mod, probe_flags, + NULL, NULL, NULL, NULL); + diff --git a/0005-sysctl-accept-multiple-passed-configuration-files.patch b/0005-sysctl-accept-multiple-passed-configuration-files.patch new file mode 100644 index 0000000..0831196 --- /dev/null +++ b/0005-sysctl-accept-multiple-passed-configuration-files.patch @@ -0,0 +1,76 @@ +From ea02d6190130f19f33374a46c8861109bdd563d6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 20 Mar 2012 15:31:09 +0100 +Subject: [PATCH] sysctl: accept multiple passed configuration files (cherry + picked from commit + de19ece73860e90a10029fbc4c4f6d3b296f1a1e) + +--- + src/sysctl.c | 28 +++++++++++++++++----------- + 1 files changed, 17 insertions(+), 11 deletions(-) + +diff --git a/src/sysctl.c b/src/sysctl.c +index 852ec91..17c6719 100644 +--- a/src/sysctl.c ++++ b/src/sysctl.c +@@ -219,28 +219,34 @@ int main(int argc, char *argv[]) { + if (r <= 0) + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; + +- if (argc-optind > 1) { +- log_error("This program expects one or no arguments."); +- return EXIT_FAILURE; +- } +- + log_set_target(LOG_TARGET_AUTO); + log_parse_environment(); + log_open(); + + umask(0022); + +- if (argc > optind) +- r = apply_file(argv[optind], false); +- else { ++ if (argc > optind) { ++ int i; ++ ++ for (i = optind; i < argc; i++) { ++ int k; ++ ++ k = apply_file(argv[i], false); ++ if (k < 0 && r == 0) ++ r = k; ++ } ++ } else { + char **files, **f; ++ int k; + + r = conf_files_list(&files, ".conf", + "/etc/sysctl.d", + "/run/sysctl.d", + "/usr/local/lib/sysctl.d", + "/usr/lib/sysctl.d", ++#ifdef HAVE_SPLIT_USR + "/lib/sysctl.d", ++#endif + NULL); + if (r < 0) { + log_error("Failed to enumerate sysctl.d files: %s", strerror(-r)); +@@ -248,14 +254,14 @@ int main(int argc, char *argv[]) { + } + + STRV_FOREACH(f, files) { +- int k; +- + k = apply_file(*f, true); + if (k < 0 && r == 0) + r = k; + } + +- apply_file("/etc/sysctl.conf", true); ++ k = apply_file("/etc/sysctl.conf", true); ++ if (k < 0 && r == 0) ++ r = k; + + strv_free(files); + } diff --git a/0006-man-updates-to-sysctl.d-5.patch b/0006-man-updates-to-sysctl.d-5.patch new file mode 100644 index 0000000..3316387 --- /dev/null +++ b/0006-man-updates-to-sysctl.d-5.patch @@ -0,0 +1,92 @@ +From 171ac2d5ed66383127c437c7dd39dac69f10db14 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 21 Mar 2012 23:32:02 +0100 +Subject: [PATCH] man: updates to sysctl.d(5) (cherry picked from commit + 95f77929d8d94480015cd7383a5504cf9ebf2fa5) + +--- + man/sysctl.d.xml | 65 ++++++++++++++++++++++++++++++++--------------------- + 1 files changed, 39 insertions(+), 26 deletions(-) + +diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml +index 9c108b0..20f2e24 100644 +--- a/man/sysctl.d.xml ++++ b/man/sysctl.d.xml +@@ -54,38 +54,51 @@ + + Description + +- systemd uses configuration files +- from the above directories to configure ++ systemd uses configuration ++ files from the above directories to configure + sysctl8 +- kernel parameters to load during boot. ++ kernel parameters during boot. + + + + Configuration Format + +- The configuration files should simply contain a +- list of variable assignments, separated by +- newlines. Empty lines and lines whose first +- non-whitespace character is # or ; are ignored. +- +- Note that both / and . are accepted as +- separators in sysctl variable names. +- +- Each configuration file is named in the style of +- <program>.conf. +- Files in /etc/ overwrite +- files with the same name in /usr/lib/. +- Files in /run overwrite files with +- the same name in /etc/ and +- /usr/lib/. Packages should install their +- configuration files in /usr/lib/, files +- in /etc/ are reserved for the local +- administration, which possibly decides to overwrite the +- configurations installed from packages. All files are sorted +- by filename in alphabetical order, regardless in which of the +- directories they reside, to ensure that a specific +- configuration file takes precedence over another file with +- an alphabetically later name. ++ The configuration files contain a list of ++ variable assignments, separated by newlines. Empty ++ lines and lines whose first non-whitespace character ++ is # or ; are ignored. ++ ++ Note that both / and . are accepted as label ++ separators within sysctl variable ++ names. kernel.domainname=foo and ++ kernel/domainname=foo hence are ++ entirely equivalent. ++ ++ Each configuration file shall be named in the ++ style of <program>.conf. ++ Files in /run/ override files ++ with the same name in /usr/lib/. ++ Files in /etc override files with ++ the same name in /run/ and ++ /usr/lib/. Packages should ++ install their configuration files in ++ /usr/lib/. Files in ++ /etc/ are reserved for the local ++ administrator, who may use this logic to override the ++ configuration installed by vendor packages. All ++ configuration files are sorted by their name in ++ alphabetical order, regardless in which of the ++ directories they reside, to guarantee that a specific ++ configuration file takes precedence over another file ++ with an alphabetically earlier name, if both files ++ contain the same variable setting. ++ ++ If the administrator wants to disable a ++ configuration file supplied by the vendor the ++ recommended way is to place a symlink to ++ /dev/null in ++ /etc/sysctl.d carrying with the ++ same name. + + + diff --git a/0007-journal-react-with-immediate-rotation-to-a-couple-of.patch b/0007-journal-react-with-immediate-rotation-to-a-couple-of.patch new file mode 100644 index 0000000..904fc6e --- /dev/null +++ b/0007-journal-react-with-immediate-rotation-to-a-couple-of.patch @@ -0,0 +1,49 @@ +From 0cabeb9af382be288363ac4466499cae3c534b51 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 21 Mar 2012 23:40:51 +0100 +Subject: [PATCH] journal: react with immediate rotation to a couple of more + errors (cherry picked from commit + 0071d9f1db6dc9a1035cf5afb81455b67ed462f6) + +--- + src/journal/journal-file.c | 5 ++++- + src/journal/journald.c | 10 +++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index 474dd5c..5d540a7 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -1887,7 +1887,10 @@ int journal_file_open_reliably( + char *p; + + r = journal_file_open(fname, flags, mode, template, ret); +- if (r != -EBADMSG) ++ if (r != -EBADMSG && /* corrupted */ ++ r != -ENODATA && /* truncated */ ++ r != -EHOSTDOWN && /* other machine */ ++ r != -EPROTONOSUPPORT) /* incompatible feature */ + return r; + + if ((flags & O_ACCMODE) == O_RDONLY) +diff --git a/src/journal/journald.c b/src/journal/journald.c +index baad3ab..d27cb60 100644 +--- a/src/journal/journald.c ++++ b/src/journal/journald.c +@@ -609,7 +609,15 @@ retry: + else { + r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL); + +- if ((r == -EBADMSG || r == -E2BIG) && !vacuumed) { ++ if ((r == -E2BIG || /* hit limit */ ++ r == -EFBIG || /* hit fs limit */ ++ r == -EDQUOT || /* quota hit */ ++ r == -ENOSPC || /* disk full */ ++ r == -EBADMSG || /* corrupted */ ++ r == -ENODATA || /* truncated */ ++ r == -EHOSTDOWN || /* other machine */ ++ r == -EPROTONOSUPPORT) && /* unsupported feature */ ++ !vacuumed) { + + if (r == -E2BIG) + log_info("Allocation limit reached, rotating."); diff --git a/0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch b/0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch new file mode 100644 index 0000000..43f5f20 --- /dev/null +++ b/0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch @@ -0,0 +1,46 @@ +From 618df2ac0d2343694e5eddda2e0899cdd9aeaab3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 21 Mar 2012 23:47:44 +0100 +Subject: [PATCH] journal: PAGE_SIZE is not known on ppc and other archs + +Let's use NAME_MAX, as suggested by Dan Walsh +(cherry picked from commit 7264278fbbdc1dc6c30fedc902d1337594aa6ff6) +--- + src/journal/journald.c | 15 ++++++++++++--- + 1 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/journal/journald.c b/src/journal/journald.c +index d27cb60..87390bd 100644 +--- a/src/journal/journald.c ++++ b/src/journal/journald.c +@@ -29,7 +29,6 @@ + #include + #include + #include +-#include + + #include + #include +@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) { + size_t label_len = 0; + union { + struct cmsghdr cmsghdr; ++ ++ /* We use NAME_MAX space for the ++ * SELinux label here. The kernel ++ * currently enforces no limit, but ++ * according to suggestions from the ++ * SELinux people this will change and ++ * it will probably be identical to ++ * NAME_MAX. For now we use that, but ++ * this should be updated one day when ++ * the final limit is known.*/ + uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) + + CMSG_SPACE(sizeof(struct timeval)) + +- CMSG_SPACE(sizeof(int)) + +- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */ ++ CMSG_SPACE(sizeof(int)) + /* fd */ ++ CMSG_SPACE(NAME_MAX)]; /* selinux label */ + } control; + ssize_t n; + int v; diff --git a/0009-systemd-mount-the-securityfs-filesystem-at-early-sta.patch b/0009-systemd-mount-the-securityfs-filesystem-at-early-sta.patch new file mode 100644 index 0000000..064a2a5 --- /dev/null +++ b/0009-systemd-mount-the-securityfs-filesystem-at-early-sta.patch @@ -0,0 +1,95 @@ +From 9f0b100352e3f14b212b8758613d8a8220e67846 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Thu, 15 Mar 2012 19:06:10 +0100 +Subject: [PATCH] systemd: mount the securityfs filesystem at early stage + +This is an S/MIME signed message + +The mount of the securityfs filesystem is now performed in the main systemd +executable as it is used by IMA to provide the interface for loading custom +policies. The unit file 'units/sys-kernel-security.mount' has been removed +because it is not longer necessary. + +Signed-off-by: Roberto Sassu +Acked-by: Gianluca Ramunno +(cherry picked from commit 160481f68d0a5f26f75c04fb576fb854fd5416a5) +--- + Makefile.am | 3 --- + src/mount-setup.c | 6 ++++-- + units/sys-kernel-security.mount | 17 ----------------- + 3 files changed, 4 insertions(+), 22 deletions(-) + delete mode 100644 units/sys-kernel-security.mount + +diff --git a/Makefile.am b/Makefile.am +index 079c118..af295a0 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -291,7 +291,6 @@ dist_systemunit_DATA = \ + units/dev-mqueue.mount \ + units/sys-kernel-config.mount \ + units/sys-kernel-debug.mount \ +- units/sys-kernel-security.mount \ + units/sys-fs-fuse-connections.mount \ + units/var-run.mount \ + units/media.mount \ +@@ -2349,7 +2348,6 @@ systemd-install-data-hook: + dev-mqueue.mount \ + sys-kernel-config.mount \ + sys-kernel-debug.mount \ +- sys-kernel-security.mount \ + sys-fs-fuse-connections.mount \ + systemd-modules-load.service \ + systemd-tmpfiles-setup.service \ +@@ -2359,7 +2357,6 @@ systemd-install-data-hook: + $(LN_S) ../dev-mqueue.mount dev-mqueue.mount && \ + $(LN_S) ../sys-kernel-config.mount sys-kernel-config.mount && \ + $(LN_S) ../sys-kernel-debug.mount sys-kernel-debug.mount && \ +- $(LN_S) ../sys-kernel-security.mount sys-kernel-security.mount && \ + $(LN_S) ../sys-fs-fuse-connections.mount sys-fs-fuse-connections.mount && \ + $(LN_S) ../systemd-modules-load.service systemd-modules-load.service && \ + $(LN_S) ../systemd-tmpfiles-setup.service systemd-tmpfiles-setup.service && \ +diff --git a/src/mount-setup.c b/src/mount-setup.c +index 7c14ea8..aaffb65 100644 +--- a/src/mount-setup.c ++++ b/src/mount-setup.c +@@ -51,13 +51,15 @@ typedef struct MountPoint { + } MountPoint; + + /* The first three entries we might need before SELinux is up. The +- * other ones we can delay until SELinux is loaded. */ +-#define N_EARLY_MOUNT 3 ++ * fourth (securityfs) is needed by IMA to load a custom policy. The ++ * other ones we can delay until SELinux and IMA are loaded. */ ++#define N_EARLY_MOUNT 4 + + static const MountPoint mount_table[] = { + { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, + { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, + { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true }, ++ { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, + { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true }, + { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false }, + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV, true }, +diff --git a/units/sys-kernel-security.mount b/units/sys-kernel-security.mount +deleted file mode 100644 +index 80cd761..0000000 +--- a/units/sys-kernel-security.mount ++++ /dev/null +@@ -1,17 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Security File System +-DefaultDependencies=no +-ConditionPathExists=/sys/kernel/security +-Before=sysinit.target +- +-[Mount] +-What=securityfs +-Where=/sys/kernel/security +-Type=securityfs diff --git a/0010-main-added-support-for-loading-IMA-custom-policies.patch b/0010-main-added-support-for-loading-IMA-custom-policies.patch new file mode 100644 index 0000000..2e44ad8 --- /dev/null +++ b/0010-main-added-support-for-loading-IMA-custom-policies.patch @@ -0,0 +1,281 @@ +From 9281cdd00b1a07d499040b8778af023c7cb8342b Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Thu, 15 Mar 2012 19:06:11 +0100 +Subject: [PATCH] main: added support for loading IMA custom policies + +This is an S/MIME signed message + +The new function ima_setup() loads an IMA custom policy from a file in the +default location '/etc/ima/ima-policy', if present, and writes it to the +path 'ima/policy' in the security filesystem. This function is executed +at early stage in order to avoid that some file operations are not measured +by IMA and it is placed after the initialization of SELinux because IMA +needs the latter (or other security modules) to understand LSM-specific +rules. This feature is enabled by default and can be disabled by providing +the option '--disable-ima' to the configure script. + +Signed-off-by: Roberto Sassu +Acked-by: Gianluca Ramunno +(cherry picked from commit 816115863962548a9a0d9fbfe429c7f8e685beac) +--- + Makefile.am | 1 + + configure.ac | 14 +++++++ + src/build.h | 8 +++- + src/ima-setup.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + src/ima-setup.h | 29 ++++++++++++++ + src/main.c | 6 ++- + 6 files changed, 171 insertions(+), 2 deletions(-) + create mode 100644 src/ima-setup.c + create mode 100644 src/ima-setup.h + +diff --git a/Makefile.am b/Makefile.am +index af295a0..36a385f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -516,6 +516,7 @@ libsystemd_core_la_SOURCES = \ + src/mount-setup.c \ + src/hostname-setup.c \ + src/selinux-setup.c \ ++ src/ima-setup.c \ + src/loopback-setup.c \ + src/kmod-setup.c \ + src/locale-setup.c \ +diff --git a/configure.ac b/configure.ac +index 629e505..976020d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -127,6 +127,19 @@ PKG_CHECK_MODULES(UDEV, [ libudev >= 172 ]) + PKG_CHECK_MODULES(DBUS, [ dbus-1 >= 1.3.2 ]) + PKG_CHECK_MODULES(KMOD, [ libkmod >= 5 ]) + ++have_ima=yes ++AC_ARG_ENABLE([ima], AS_HELP_STRING([--disable-ima],[Disable optional IMA support]), ++ [case "${enableval}" in ++ yes) have_ima=yes ;; ++ no) have_ima=no ;; ++ *) AC_MSG_ERROR(bad value ${enableval} for --disable-ima) ;; ++ esac], ++ [have_ima=yes]) ++ ++if test "x${have_ima}" != xno ; then ++ AC_DEFINE(HAVE_IMA, 1, [Define if IMA is available]) ++fi ++ + have_selinux=no + AC_ARG_ENABLE(selinux, AS_HELP_STRING([--disable-selinux], [Disable optional SELINUX support])) + if test "x$enable_selinux" != "xno"; then +@@ -629,6 +642,7 @@ AC_MSG_RESULT([ + tcpwrap: ${have_tcpwrap} + PAM: ${have_pam} + AUDIT: ${have_audit} ++ IMA: ${have_ima} + SELinux: ${have_selinux} + XZ: ${have_xz} + ACL: ${have_acl} +diff --git a/src/build.h b/src/build.h +index 50cd79d..0619013 100644 +--- a/src/build.h ++++ b/src/build.h +@@ -46,6 +46,12 @@ + #define _SELINUX_FEATURE_ "-SELINUX" + #endif + ++#ifdef HAVE_IMA ++#define _IMA_FEATURE_ "+IMA" ++#else ++#define _IMA_FEATURE_ "-IMA" ++#endif ++ + #ifdef HAVE_SYSV_COMPAT + #define _SYSVINIT_FEATURE_ "+SYSVINIT" + #else +@@ -58,6 +64,6 @@ + #define _LIBCRYPTSETUP_FEATURE_ "-LIBCRYPTSETUP" + #endif + +-#define SYSTEMD_FEATURES _PAM_FEATURE_ " " _LIBWRAP_FEATURE_ " " _AUDIT_FEATURE_ " " _SELINUX_FEATURE_ " " _SYSVINIT_FEATURE_ " " _LIBCRYPTSETUP_FEATURE_ ++#define SYSTEMD_FEATURES _PAM_FEATURE_ " " _LIBWRAP_FEATURE_ " " _AUDIT_FEATURE_ " " _SELINUX_FEATURE_ " " _IMA_FEATURE_ " " _SYSVINIT_FEATURE_ " " _LIBCRYPTSETUP_FEATURE_ + + #endif +diff --git a/src/ima-setup.c b/src/ima-setup.c +new file mode 100644 +index 0000000..03e43dc +--- /dev/null ++++ b/src/ima-setup.c +@@ -0,0 +1,115 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2010 Lennart Poettering ++ Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy ++ TORSEC group -- http://security.polito.it ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with systemd; If not, see . ++***/ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "ima-setup.h" ++#include "mount-setup.h" ++#include "macro.h" ++#include "util.h" ++#include "log.h" ++#include "label.h" ++ ++#define IMA_SECFS_DIR "/sys/kernel/security/ima" ++#define IMA_SECFS_POLICY IMA_SECFS_DIR "/policy" ++#define IMA_POLICY_PATH "/etc/ima/ima-policy" ++ ++int ima_setup(void) { ++ ++#ifdef HAVE_IMA ++ struct stat st; ++ ssize_t policy_size = 0, written = 0; ++ char *policy; ++ int policyfd = -1, imafd = -1; ++ int result = 0; ++ ++#ifndef HAVE_SELINUX ++ /* Mount the securityfs filesystem */ ++ mount_setup_early(); ++#endif ++ ++ if (stat(IMA_POLICY_PATH, &st) < 0) ++ return 0; ++ ++ policy_size = st.st_size; ++ if (stat(IMA_SECFS_DIR, &st) < 0) { ++ log_debug("IMA support is disabled in the kernel, ignoring."); ++ return 0; ++ } ++ ++ if (stat(IMA_SECFS_POLICY, &st) < 0) { ++ log_error("Another IMA custom policy has already been loaded, " ++ "ignoring."); ++ return 0; ++ } ++ ++ policyfd = open(IMA_POLICY_PATH, O_RDONLY|O_CLOEXEC); ++ if (policyfd < 0) { ++ log_error("Failed to open the IMA custom policy file %s (%m), " ++ "ignoring.", IMA_POLICY_PATH); ++ return 0; ++ } ++ ++ imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC); ++ if (imafd < 0) { ++ log_error("Failed to open the IMA kernel interface %s (%m), " ++ "ignoring.", IMA_SECFS_POLICY); ++ goto out; ++ } ++ ++ policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd, 0); ++ if (policy == MAP_FAILED) { ++ log_error("mmap() failed (%m), freezing"); ++ result = -errno; ++ goto out; ++ } ++ ++ written = loop_write(imafd, policy, (size_t)policy_size, false); ++ if (written != policy_size) { ++ log_error("Failed to load the IMA custom policy file %s (%m), " ++ "ignoring.", IMA_POLICY_PATH); ++ goto out_mmap; ++ } ++ ++ log_info("Successfully loaded the IMA custom policy %s.", ++ IMA_POLICY_PATH); ++out_mmap: ++ munmap(policy, policy_size); ++out: ++ if (policyfd >= 0) ++ close_nointr_nofail(policyfd); ++ if (imafd >= 0) ++ close_nointr_nofail(imafd); ++ if (result) ++ return result; ++#endif /* HAVE_IMA */ ++ ++ return 0; ++} +diff --git a/src/ima-setup.h b/src/ima-setup.h +new file mode 100644 +index 0000000..7d677cf +--- /dev/null ++++ b/src/ima-setup.h +@@ -0,0 +1,29 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++#ifndef fooimasetuphfoo ++#define fooimasetuphfoo ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2010 Lennart Poettering ++ Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy ++ TORSEC group -- http://security.polito.it ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with systemd; If not, see . ++***/ ++ ++int ima_setup(void); ++ ++#endif +diff --git a/src/main.c b/src/main.c +index ed317b4..7ae8841 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -41,6 +41,7 @@ + #include "kmod-setup.h" + #include "locale-setup.h" + #include "selinux-setup.h" ++#include "ima-setup.h" + #include "machine-id-setup.h" + #include "load-fragment.h" + #include "fdset.h" +@@ -1203,9 +1204,12 @@ int main(int argc, char *argv[]) { + arg_running_as = MANAGER_SYSTEM; + log_set_target(detect_container(NULL) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_JOURNAL_OR_KMSG); + +- if (!is_reexec) ++ if (!is_reexec) { + if (selinux_setup(&loaded_policy) < 0) + goto finish; ++ if (ima_setup() < 0) ++ goto finish; ++ } + + log_open(); + diff --git a/0011-man-systemd-cat-1-typo-fix.patch b/0011-man-systemd-cat-1-typo-fix.patch new file mode 100644 index 0000000..7738d79 --- /dev/null +++ b/0011-man-systemd-cat-1-typo-fix.patch @@ -0,0 +1,24 @@ +From d9e0101e7168205d7c89d3167768714d24e755be Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 00:35:19 +0100 +Subject: [PATCH] man: systemd-cat(1) typo fix + +Noticed by Sergey Ptashnick +(cherry picked from commit 9adf646d0ae85192027319e2f47f2d092a298d99) +--- + man/systemd-cat.xml | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/man/systemd-cat.xml b/man/systemd-cat.xml +index 5e5431f..350a345 100644 +--- a/man/systemd-cat.xml ++++ b/man/systemd-cat.xml +@@ -66,7 +66,7 @@ + generates to the journal. + + If no parameter is passed +- systemd-command will write ++ systemd-cat will write + everything it reads from standard input (STDIN) to the journal. + + If parameters are passed they are executed as diff --git a/0012-binfmt-fix-apply-loop.patch b/0012-binfmt-fix-apply-loop.patch new file mode 100644 index 0000000..3c35fd9 --- /dev/null +++ b/0012-binfmt-fix-apply-loop.patch @@ -0,0 +1,24 @@ +From f0bd52e567edb38d1648865bd86aaf37c2e1166d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 00:35:42 +0100 +Subject: [PATCH] binfmt: fix apply loop + +Noticed by Sergey Ptashnick +(cherry picked from commit 170dcb7bd575f61aa75ce55d7fc0183ace6b8b76) +--- + src/binfmt/binfmt.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 28925ac..3c8d815 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -130,7 +130,7 @@ int main(int argc, char *argv[]) { + for (i = 1; i < argc; i++) { + int k; + +- k = apply_file(argv[1], false); ++ k = apply_file(argv[i], false); + if (k < 0 && r == 0) + r = k; + } diff --git a/0013-add-sparse-support-to-detect-endianness-bug.patch b/0013-add-sparse-support-to-detect-endianness-bug.patch new file mode 100644 index 0000000..35f398c --- /dev/null +++ b/0013-add-sparse-support-to-detect-endianness-bug.patch @@ -0,0 +1,379 @@ +From c29bdf1fac1d1e51c317e627cf0f7db7339a9a69 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Fri, 16 Mar 2012 11:59:04 +0100 +Subject: [PATCH] add sparse support to detect endianness bug + +le16/32/64_t type should be used when storing little-endian value + +header to integrate with sparse from Josh Triplett +(cherry picked from commit 4fd052aede13eb3041277c54ac2f5dee6e6c29cf) +--- + src/journal/journal-def.h | 74 +++++++++++++++++----------------- + src/journal/journal-file.c | 15 ++++--- + src/journal/journal-file.h | 1 + + src/journal/journal-internal.h | 2 +- + src/journal/journald.c | 5 +- + src/journal/sd-journal.c | 10 +++-- + src/journal/sparse-endian.h | 87 ++++++++++++++++++++++++++++++++++++++++ + 7 files changed, 143 insertions(+), 51 deletions(-) + create mode 100644 src/journal/sparse-endian.h + +diff --git a/src/journal/journal-def.h b/src/journal/journal-def.h +index 964e0c2..9cb8051 100644 +--- a/src/journal/journal-def.h ++++ b/src/journal/journal-def.h +@@ -22,7 +22,7 @@ + along with systemd; If not, see . + ***/ + +-#include ++#include "sparse-endian.h" + + #include + +@@ -60,48 +60,48 @@ _packed_ struct ObjectHeader { + uint8_t type; + uint8_t flags; + uint8_t reserved[6]; +- uint64_t size; ++ le64_t size; + uint8_t payload[]; + }; + + _packed_ struct DataObject { + ObjectHeader object; +- uint64_t hash; +- uint64_t next_hash_offset; +- uint64_t next_field_offset; +- uint64_t entry_offset; /* the first array entry we store inline */ +- uint64_t entry_array_offset; +- uint64_t n_entries; ++ le64_t hash; ++ le64_t next_hash_offset; ++ le64_t next_field_offset; ++ le64_t entry_offset; /* the first array entry we store inline */ ++ le64_t entry_array_offset; ++ le64_t n_entries; + uint8_t payload[]; + }; + + _packed_ struct FieldObject { + ObjectHeader object; +- uint64_t hash; +- uint64_t next_hash_offset; +- uint64_t head_data_offset; +- uint64_t tail_data_offset; ++ le64_t hash; ++ le64_t next_hash_offset; ++ le64_t head_data_offset; ++ le64_t tail_data_offset; + uint8_t payload[]; + }; + + _packed_ struct EntryItem { +- uint64_t object_offset; +- uint64_t hash; ++ le64_t object_offset; ++ le64_t hash; + }; + + _packed_ struct EntryObject { + ObjectHeader object; +- uint64_t seqnum; +- uint64_t realtime; +- uint64_t monotonic; ++ le64_t seqnum; ++ le64_t realtime; ++ le64_t monotonic; + sd_id128_t boot_id; +- uint64_t xor_hash; ++ le64_t xor_hash; + EntryItem items[]; + }; + + _packed_ struct HashItem { +- uint64_t head_hash_offset; +- uint64_t tail_hash_offset; ++ le64_t head_hash_offset; ++ le64_t tail_hash_offset; + }; + + _packed_ struct HashTableObject { +@@ -111,8 +111,8 @@ _packed_ struct HashTableObject { + + _packed_ struct EntryArrayObject { + ObjectHeader object; +- uint64_t next_entry_array_offset; +- uint64_t items[]; ++ le64_t next_entry_array_offset; ++ le64_t items[]; + }; + + union Object { +@@ -145,21 +145,21 @@ _packed_ struct Header { + sd_id128_t machine_id; + sd_id128_t boot_id; + sd_id128_t seqnum_id; +- uint64_t arena_offset; +- uint64_t arena_size; +- uint64_t data_hash_table_offset; /* for looking up data objects */ +- uint64_t data_hash_table_size; +- uint64_t field_hash_table_offset; /* for looking up field objects */ +- uint64_t field_hash_table_size; +- uint64_t tail_object_offset; +- uint64_t n_objects; +- uint64_t n_entries; +- uint64_t seqnum; +- uint64_t first_seqnum; +- uint64_t entry_array_offset; +- uint64_t head_entry_realtime; +- uint64_t tail_entry_realtime; +- uint64_t tail_entry_monotonic; ++ le64_t arena_offset; ++ le64_t arena_size; ++ le64_t data_hash_table_offset; /* for looking up data objects */ ++ le64_t data_hash_table_size; ++ le64_t field_hash_table_offset; /* for looking up field objects */ ++ le64_t field_hash_table_size; ++ le64_t tail_object_offset; ++ le64_t n_objects; ++ le64_t n_entries; ++ le64_t seqnum; ++ le64_t first_seqnum; ++ le64_t entry_array_offset; ++ le64_t head_entry_realtime; ++ le64_t tail_entry_realtime; ++ le64_t tail_entry_monotonic; + }; + + #endif +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index 5d540a7..c7ebcdb 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -793,8 +793,8 @@ static uint64_t journal_file_entry_array_n_items(Object *o) { + } + + static int link_entry_into_array(JournalFile *f, +- uint64_t *first, +- uint64_t *idx, ++ le64_t *first, ++ le64_t *idx, + uint64_t p) { + int r; + uint64_t n = 0, ap = 0, q, i, a, hidx; +@@ -857,9 +857,9 @@ static int link_entry_into_array(JournalFile *f, + } + + static int link_entry_into_array_plus_one(JournalFile *f, +- uint64_t *extra, +- uint64_t *first, +- uint64_t *idx, ++ le64_t *extra, ++ le64_t *first, ++ le64_t *idx, + uint64_t p) { + + int r; +@@ -873,7 +873,7 @@ static int link_entry_into_array_plus_one(JournalFile *f, + if (*idx == 0) + *extra = htole64(p); + else { +- uint64_t i; ++ le64_t i; + + i = htole64(le64toh(*idx) - 1); + r = link_entry_into_array(f, first, &i, p); +@@ -2144,7 +2144,8 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + items = alloca(sizeof(EntryItem) * n); + + for (i = 0; i < n; i++) { +- uint64_t le_hash, l, h; ++ uint64_t l, h; ++ le64_t le_hash; + size_t t; + void *data; + Object *u; +diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h +index 4d6e140..57d66ca 100644 +--- a/src/journal/journal-file.h ++++ b/src/journal/journal-file.h +@@ -26,6 +26,7 @@ + + #include + ++#include "sparse-endian.h" + #include "journal-def.h" + #include "util.h" + +diff --git a/src/journal/journal-internal.h b/src/journal/journal-internal.h +index e5914bf..17f1d31 100644 +--- a/src/journal/journal-internal.h ++++ b/src/journal/journal-internal.h +@@ -35,7 +35,7 @@ typedef struct Match Match; + struct Match { + char *data; + size_t size; +- uint64_t le_hash; ++ le64_t le_hash; + + LIST_FIELDS(Match, matches); + }; +diff --git a/src/journal/journald.c b/src/journal/journald.c +index 87390bd..f0f5103 100644 +--- a/src/journal/journald.c ++++ b/src/journal/journald.c +@@ -1258,6 +1258,7 @@ static void process_native_message( + p = e + 1; + continue; + } else { ++ le64_t l_le; + uint64_t l; + char *k; + +@@ -1266,8 +1267,8 @@ static void process_native_message( + break; + } + +- memcpy(&l, e + 1, sizeof(uint64_t)); +- l = le64toh(l); ++ memcpy(&l_le, e + 1, sizeof(uint64_t)); ++ l = le64toh(l_le); + + if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 || + e[1+sizeof(uint64_t)+l] != '\n') { +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index 86ac267..e9cd26e 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -108,7 +108,7 @@ static int same_field(const void *_a, size_t s, const void *_b, size_t t) { + + _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { + Match *m, *after = NULL; +- uint64_t le_hash; ++ le64_t le_hash; + + if (!j) + return -EINVAL; +@@ -356,7 +356,7 @@ static int find_location(sd_journal *j, JournalFile *f, direction_t direction, O + Object *c, *d; + uint64_t cp, dp; + +- r = journal_file_find_data_object_with_hash(f, m->data, m->size, m->le_hash, &d, &dp); ++ r = journal_file_find_data_object_with_hash(f, m->data, m->size, le64toh(m->le_hash), &d, &dp); + if (r <= 0) + return r; + +@@ -1349,7 +1349,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + + n = journal_file_entry_n_items(o); + for (i = 0; i < n; i++) { +- uint64_t p, l, le_hash; ++ uint64_t p, l; ++ le64_t le_hash; + size_t t; + + p = le64toh(o->entry.items[i].object_offset); +@@ -1410,7 +1411,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + + _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) { + JournalFile *f; +- uint64_t p, l, n, le_hash; ++ uint64_t p, l, n; ++ le64_t le_hash; + int r; + Object *o; + size_t t; +diff --git a/src/journal/sparse-endian.h b/src/journal/sparse-endian.h +new file mode 100644 +index 0000000..eb4dbf3 +--- /dev/null ++++ b/src/journal/sparse-endian.h +@@ -0,0 +1,87 @@ ++/* Copyright (c) 2012 Josh Triplett ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to ++ * deal in the Software without restriction, including without limitation the ++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or ++ * sell copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS ++ * IN THE SOFTWARE. ++ */ ++#ifndef SPARSE_ENDIAN_H ++#define SPARSE_ENDIAN_H ++ ++#include ++#include ++ ++#ifdef __CHECKER__ ++#define __bitwise __attribute__((bitwise)) ++#define __force __attribute__((force)) ++#else ++#define __bitwise ++#define __force ++#endif ++ ++typedef uint16_t __bitwise le16_t; ++typedef uint16_t __bitwise be16_t; ++typedef uint32_t __bitwise le32_t; ++typedef uint32_t __bitwise be32_t; ++typedef uint64_t __bitwise le64_t; ++typedef uint64_t __bitwise be64_t; ++ ++#undef htobe16 ++#undef htole16 ++#undef be16toh ++#undef le16toh ++#undef htobe32 ++#undef htole32 ++#undef be32toh ++#undef le32toh ++#undef htobe64 ++#undef htole64 ++#undef be64toh ++#undef le64toh ++ ++#if __BYTE_ORDER == __LITTLE_ENDIAN ++#define bswap_16_on_le(x) __bswap_16(x) ++#define bswap_32_on_le(x) __bswap_32(x) ++#define bswap_64_on_le(x) __bswap_64(x) ++#define bswap_16_on_be(x) (x) ++#define bswap_32_on_be(x) (x) ++#define bswap_64_on_be(x) (x) ++#elif __BYTE_ORDER == __BIG_ENDIAN ++#define bswap_16_on_le(x) (x) ++#define bswap_32_on_le(x) (x) ++#define bswap_64_on_le(x) (x) ++#define bswap_16_on_be(x) __bswap_16(x) ++#define bswap_32_on_be(x) __bswap_32(x) ++#define bswap_64_on_be(x) __bswap_64(x) ++#endif ++ ++static inline le16_t htole16(uint16_t value) { return (le16_t __force) bswap_16_on_be(value); } ++static inline le32_t htole32(uint32_t value) { return (le32_t __force) bswap_32_on_be(value); } ++static inline le64_t htole64(uint64_t value) { return (le64_t __force) bswap_64_on_be(value); } ++ ++static inline be16_t htobe16(uint16_t value) { return (be16_t __force) bswap_16_on_le(value); } ++static inline be32_t htobe32(uint32_t value) { return (be32_t __force) bswap_32_on_le(value); } ++static inline be64_t htobe64(uint64_t value) { return (be64_t __force) bswap_64_on_le(value); } ++ ++static inline uint16_t le16toh(le16_t value) { return bswap_16_on_be((uint16_t __force)value); } ++static inline uint32_t le32toh(le32_t value) { return bswap_32_on_be((uint32_t __force)value); } ++static inline uint64_t le64toh(le64_t value) { return bswap_64_on_be((uint64_t __force)value); } ++ ++static inline uint16_t be16toh(be16_t value) { return bswap_16_on_le((uint16_t __force)value); } ++static inline uint32_t be32toh(be32_t value) { return bswap_32_on_le((uint32_t __force)value); } ++static inline uint64_t be64toh(be64_t value) { return bswap_64_on_le((uint64_t __force)value); } ++ ++#endif /* SPARSE_ENDIAN_H */ diff --git a/0014-update-TODO.patch b/0014-update-TODO.patch new file mode 100644 index 0000000..edbe5f2 --- /dev/null +++ b/0014-update-TODO.patch @@ -0,0 +1,23 @@ +From 45f7f5413c6767689492b6a981942e168cffbbff Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 01:42:34 +0100 +Subject: [PATCH] update TODO (cherry picked from commit + 6ba383fa49e01302dfeae1f5083bb942b055628b) + +--- + TODO | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/TODO b/TODO +index 3e11f70..176c2a7 100644 +--- a/TODO ++++ b/TODO +@@ -18,6 +18,8 @@ Bugfixes: + + Features: + ++* add man page documenting all kernel cmdline options, including stuff like fsck.mode= ++ + * show getty in container mode, not sulogin + + * support container_ttys= diff --git a/0015-logind-extend-comment-about-X11-socket-symlink.patch b/0015-logind-extend-comment-about-X11-socket-symlink.patch new file mode 100644 index 0000000..c8fcd78 --- /dev/null +++ b/0015-logind-extend-comment-about-X11-socket-symlink.patch @@ -0,0 +1,26 @@ +From 37b4f8f1e56788e55e18cd855c8c96b15f894015 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 01:43:36 +0100 +Subject: [PATCH] logind: extend comment about X11 socket symlink (cherry + picked from commit + c9d8629baa09f853fbcc44972c9748e70562270c) + +--- + src/login/logind-session.c | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index af9c12d..4e0af86 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -391,6 +391,10 @@ static int session_link_x11_socket(Session *s) { + return -ENOENT; + } + ++ /* Note that this cannot be in a subdir to avoid ++ * vulnerabilities since we are privileged but the runtime ++ * path is owned by the user */ ++ + t = strappend(s->user->runtime_path, "/X11-display"); + if (!t) { + log_error("Out of memory"); diff --git a/0016-logind-close-FIFO-before-ending-sessions-cleanly.patch b/0016-logind-close-FIFO-before-ending-sessions-cleanly.patch new file mode 100644 index 0000000..b205ed9 --- /dev/null +++ b/0016-logind-close-FIFO-before-ending-sessions-cleanly.patch @@ -0,0 +1,154 @@ +From 4887f9ab1f8b585fad235d1bbd5407a5fda84402 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 02:06:40 +0100 +Subject: [PATCH] logind: close FIFO before ending sessions cleanly + +For clean session endings ask logind explicitly to get rid of the FIFO +before closing it so that the FIFO logic doesn't result in su/sudo to be +terminated immediately. +(cherry picked from commit 75c8e3cffd7da8eede614cf61384957af2c82a29) +--- + src/login/logind-dbus.c | 30 ++++++++++++++++++++ + src/login/pam-module.c | 71 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 98 insertions(+), 3 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index d8f4d89..ea6b89f 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -80,6 +80,9 @@ + " \n" \ + " \n" \ + " \n" \ ++ " \n" \ ++ " \n" \ ++ " \n" \ + " \n" \ + " \n" \ + " \n" \ +@@ -1075,6 +1078,33 @@ static DBusHandlerResult manager_message_handler( + if (r < 0) + return bus_send_error_reply(connection, message, &error, r); + ++ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) { ++ const char *name; ++ Session *session; ++ ++ if (!dbus_message_get_args( ++ message, ++ &error, ++ DBUS_TYPE_STRING, &name, ++ DBUS_TYPE_INVALID)) ++ return bus_send_error_reply(connection, message, &error, -EINVAL); ++ ++ session = hashmap_get(m->sessions, name); ++ if (!session) ++ return bus_send_error_reply(connection, message, &error, -ENOENT); ++ ++ /* We use the FIFO to detect stray sessions where the ++ process invoking PAM dies abnormally. We need to make ++ sure that that process is not killed if at the clean ++ end of the session it closes the FIFO. Hence, with ++ this call explicitly turn off the FIFO logic, so that ++ the PAM code can finish clean up on its own */ ++ session_remove_fifo(session); ++ ++ reply = dbus_message_new_method_return(message); ++ if (!reply) ++ goto oom; ++ + } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) { + const char *name; + Session *session; +diff --git a/src/login/pam-module.c b/src/login/pam-module.c +index 8544413..4106d2b 100644 +--- a/src/login/pam-module.c ++++ b/src/login/pam-module.c +@@ -414,7 +414,6 @@ _public_ PAM_EXTERN int pam_sm_open_session( + "/org/freedesktop/login1", + "org.freedesktop.login1.Manager", + "CreateSession"); +- + if (!m) { + pam_syslog(handle, LOG_ERR, "Could not allocate create session message."); + r = PAM_BUF_ERR; +@@ -620,11 +619,77 @@ _public_ PAM_EXTERN int pam_sm_close_session( + int argc, const char **argv) { + + const void *p = NULL; ++ const char *id; ++ DBusConnection *bus = NULL; ++ DBusMessage *m = NULL, *reply = NULL; ++ DBusError error; ++ int r; + +- pam_get_data(handle, "systemd.session-fd", &p); ++ assert(handle); ++ ++ dbus_error_init(&error); ++ ++ id = pam_getenv(handle, "XDG_SESSION_ID"); ++ if (id) { ++ ++ /* Before we go and close the FIFO we need to tell ++ * logind that this is a clean session shutdown, so ++ * that it doesn't just go and slaughter us ++ * immediately after closing the fd */ ++ ++ bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error); ++ if (!bus) { ++ pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error)); ++ r = PAM_SESSION_ERR; ++ goto finish; ++ } ++ ++ m = dbus_message_new_method_call( ++ "org.freedesktop.login1", ++ "/org/freedesktop/login1", ++ "org.freedesktop.login1.Manager", ++ "ReleaseSession"); ++ if (!m) { ++ pam_syslog(handle, LOG_ERR, "Could not allocate release session message."); ++ r = PAM_BUF_ERR; ++ goto finish; ++ } ++ ++ if (!dbus_message_append_args(m, ++ DBUS_TYPE_STRING, &id, ++ DBUS_TYPE_INVALID)) { ++ pam_syslog(handle, LOG_ERR, "Could not attach parameters to message."); ++ r = PAM_BUF_ERR; ++ goto finish; ++ } + ++ reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error); ++ if (!reply) { ++ pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error)); ++ r = PAM_SESSION_ERR; ++ goto finish; ++ } ++ } ++ ++ r = PAM_SUCCESS; ++ ++finish: ++ pam_get_data(handle, "systemd.session-fd", &p); + if (p) + close_nointr(PTR_TO_INT(p) - 1); + +- return PAM_SUCCESS; ++ dbus_error_free(&error); ++ ++ if (bus) { ++ dbus_connection_close(bus); ++ dbus_connection_unref(bus); ++ } ++ ++ if (m) ++ dbus_message_unref(m); ++ ++ if (reply) ++ dbus_message_unref(reply); ++ ++ return r; + } diff --git a/0017-man-minor-typo-in-reference-to-manual-page.patch b/0017-man-minor-typo-in-reference-to-manual-page.patch new file mode 100644 index 0000000..38f81d7 --- /dev/null +++ b/0017-man-minor-typo-in-reference-to-manual-page.patch @@ -0,0 +1,23 @@ +From 7d34f8bdf72bd6482b2662ec26ec1d55db365bb9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= +Date: Sat, 24 Mar 2012 15:06:00 +0200 +Subject: [PATCH] man: minor typo in reference to manual page (cherry picked + from commit 6ad548625e53cb4fcf1fd092b44707777d6a5071) + +--- + src/login/systemd-logind.conf | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/login/systemd-logind.conf b/src/login/systemd-logind.conf +index 9909804..a8d9833 100644 +--- a/src/login/systemd-logind.conf ++++ b/src/login/systemd-logind.conf +@@ -5,7 +5,7 @@ + # the Free Software Foundation; either version 2 of the License, or + # (at your option) any later version. + # +-# See system-logind.conf(5) for details ++# See systemd-logind.conf(5) for details + + [Login] + #NAutoVTs=6 diff --git a/0018-build-sys-fix-make-dist-check.patch b/0018-build-sys-fix-make-dist-check.patch new file mode 100644 index 0000000..b3aa4cd --- /dev/null +++ b/0018-build-sys-fix-make-dist-check.patch @@ -0,0 +1,25 @@ +From 9a62688d4ff44fbedf62621a431428f441b44bce Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 26 Mar 2012 20:56:54 +0200 +Subject: [PATCH] build-sys: fix make dist-check (cherry picked from commit + c64c338e31f6e96f20560a426dce3cda0a0cc3ab) + +--- + Makefile.am | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 36a385f..ab22a30 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -651,7 +651,9 @@ EXTRA_DIST += \ + src/spawn-agent.h \ + src/acl-util.h \ + src/logs-show.h \ +- src/utf8.h ++ src/utf8.h \ ++ src/journal/sparse-endian.h \ ++ src/ima-setup.h + + MANPAGES = \ + man/systemd.1 \ diff --git a/0019-journalctl-loginctl-drop-systemd-prefix-in-binary-na.patch b/0019-journalctl-loginctl-drop-systemd-prefix-in-binary-na.patch new file mode 100644 index 0000000..928f3ad --- /dev/null +++ b/0019-journalctl-loginctl-drop-systemd-prefix-in-binary-na.patch @@ -0,0 +1,1724 @@ +From 249a12f4e0b0bf4a223a34fac9f6240966058e98 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 26 Mar 2012 20:58:47 +0200 +Subject: [PATCH] journalctl,loginctl: drop systemd- prefix in binary names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Let's make things a bit easier to type, drop the systemd- prefix for +journalctl and loginctl, but provide the old names for compat. + +All systemd binaries are hence now prefixed with "systemd-" with the +exception of the three primary user interface binaries: + +systemctl +loginctl +journalctl + +For those three we do provide systemd-xyz names as well, via symlinks: + +systemd-systemctl → systemctl +systemd-loginctl → loginctl +systemd-journalctl → journalctl + +We do this only for the *primary* user tools, in order to avoid +unnecessary namespace problems. That means tools like systemd-notify +stay the way they are. +(cherry picked from commit 169c4f65131fbc7bcb51e7d5487a715cdcd0e0eb) +--- + Makefile.am | 56 ++++-- + TODO | 4 + + man/journalctl.xml | 253 +++++++++++++++++++++++ + man/loginctl.xml | 458 +++++++++++++++++++++++++++++++++++++++++ + man/systemctl.xml | 7 +- + man/systemd-journalctl.xml | 252 ---------------------- + man/systemd-journald.conf.xml | 2 +- + man/systemd-loginctl.xml | 457 ---------------------------------------- + man/systemd-logind.conf.xml | 2 +- + man/systemd.exec.xml | 3 +- + 10 files changed, 766 insertions(+), 728 deletions(-) + create mode 100644 man/journalctl.xml + create mode 100644 man/loginctl.xml + delete mode 100644 man/systemd-journalctl.xml + delete mode 100644 man/systemd-loginctl.xml + +diff --git a/Makefile.am b/Makefile.am +index ab22a30..6825f8c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -697,16 +697,22 @@ MANPAGES = \ + man/systemd-cat.1 \ + man/systemd-machine-id-setup.1 \ + man/systemd-journald.conf.5 \ +- man/systemd-journalctl.1 ++ man/journalctl.1 + + MANPAGES_ALIAS = \ + man/reboot.8 \ + man/poweroff.8 \ +- man/init.1 ++ man/init.1 \ ++ man/systemd-systemctl.1 \ ++ man/systemd-loginctl.1 \ ++ man/systemd-journalctl.1 + + man/reboot.8: man/halt.8 + man/poweroff.8: man/halt.8 + man/init.1: man/systemd.1 ++man/systemd-systemctl.1: man/systemctl.1 ++man/systemd-loginctl.1: man/loginctl.1 ++man/systemd-journalctl.1: man/journalctl.1 + + XML_FILES = \ + ${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}} +@@ -986,6 +992,14 @@ systemctl_LDADD = \ + libsystemd-id128.la \ + $(DBUS_LIBS) + ++systemctl-install-hook: ++ cd $(DESTDIR)$(rootbindir) && \ ++ rm -f systemd-systemctl && \ ++ $(LN_S) systemctl systemd-systemctl ++ ++INSTALL_EXEC_HOOKS += \ ++ systemctl-install-hook ++ + systemd_notify_SOURCES = \ + src/notify.c \ + src/readahead/sd-readahead.c +@@ -1260,26 +1274,34 @@ systemd_cat_LDADD = \ + libsystemd-basic.la \ + libsystemd-journal.la + +-systemd_journalctl_SOURCES = \ ++journalctl_SOURCES = \ + src/journal/journalctl.c \ + src/pager.c \ + src/logs-show.c + +-systemd_journalctl_LDADD = \ ++journalctl_LDADD = \ + libsystemd-basic.la \ + libsystemd-journal.la \ + libsystemd-id128.la + + if HAVE_XZ +-systemd_journalctl_SOURCES += \ ++journalctl_SOURCES += \ + src/journal/compress.c +-systemd_journalctl_CFLAGS = \ ++journalctl_CFLAGS = \ + $(AM_CFLAGS) \ + $(XZ_CFLAGS) +-systemd_journalctl_LDADD += \ ++journalctl_LDADD += \ + $(XZ_LIBS) + endif + ++journalctl-install-hook: ++ cd $(DESTDIR)$(rootbindir) && \ ++ rm -f systemd-journalctl && \ ++ $(LN_S) journalctl systemd-journalctl ++ ++INSTALL_EXEC_HOOKS += \ ++ journalctl-install-hook ++ + test_journal_SOURCES = \ + src/journal/test-journal.c \ + src/journal/sd-journal.c \ +@@ -1366,7 +1388,7 @@ rootlibexec_PROGRAMS += \ + systemd-journald + + rootbin_PROGRAMS += \ +- systemd-journalctl ++ journalctl + + bin_PROGRAMS += \ + systemd-cat +@@ -1866,7 +1888,7 @@ rootlibexec_PROGRAMS += \ + systemd-logind \ + systemd-user-sessions + +-systemd_loginctl_SOURCES = \ ++loginctl_SOURCES = \ + src/login/loginctl.c \ + src/login/sysfs-show.c \ + src/dbus-common.c \ +@@ -1874,18 +1896,26 @@ systemd_loginctl_SOURCES = \ + src/cgroup-util.c \ + src/pager.c + +-systemd_loginctl_CFLAGS = \ ++loginctl_CFLAGS = \ + $(AM_CFLAGS) \ + $(DBUS_CFLAGS) \ + $(UDEV_CFLAGS) + +-systemd_loginctl_LDADD = \ ++loginctl_LDADD = \ + libsystemd-basic.la \ + $(DBUS_LIBS) \ + $(UDEV_LIBS) + + rootbin_PROGRAMS += \ +- systemd-loginctl ++ loginctl ++ ++loginctl-install-hook: ++ cd $(DESTDIR)$(rootbindir) && \ ++ rm -f systemd-loginctl && \ ++ $(LN_S) loginctl systemd-loginctl ++ ++INSTALL_EXEC_HOOKS += \ ++ loginctl-install-hook + + test_login_SOURCES = \ + src/login/test-login.c +@@ -2050,7 +2080,7 @@ nodist_udevrules_DATA += \ + MANPAGES += \ + man/systemd-logind.conf.5 \ + man/sd-login.7 \ +- man/systemd-loginctl.1 \ ++ man/loginctl.1 \ + man/sd_login_monitor_new.3 \ + man/sd_pid_get_session.3 \ + man/sd_uid_get_state.3 \ +diff --git a/TODO b/TODO +index 176c2a7..7f19c3a 100644 +--- a/TODO ++++ b/TODO +@@ -18,6 +18,10 @@ Bugfixes: + + Features: + ++* ensure that logind sets the syslog facility to AUTH when logging ++ ++* when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting ++ + * add man page documenting all kernel cmdline options, including stuff like fsck.mode= + + * show getty in container mode, not sulogin +diff --git a/man/journalctl.xml b/man/journalctl.xml +new file mode 100644 +index 0000000..c4d2a7e +--- /dev/null ++++ b/man/journalctl.xml +@@ -0,0 +1,253 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ journalctl ++ systemd ++ ++ ++ ++ Developer ++ Lennart ++ Poettering ++ lennart@poettering.net ++ ++ ++ ++ ++ ++ journalctl ++ 1 ++ ++ ++ ++ journalctl ++ systemd-journalctl ++ Query the systemd journal ++ ++ ++ ++ ++ journalctl OPTIONS MATCH ++ ++ ++ ++ ++ Description ++ ++ journalctl may be ++ used to query the contents of the ++ systemd1 ++ journal. ++ ++ If called without parameter will show the full ++ contents of the journal, starting with the oldest ++ entry collected. ++ ++ If a match argument is passed the output is ++ filtered accordingly. A match is in the format ++ FIELD=VALUE, ++ e.g. _SYSTEMD_UNIT=httpd.service. ++ ++ Output is interleaved from all accessible ++ journal files, whether they are rotated or currently ++ being written, and regardless whether they belong to the ++ system itself or are accessible user journals. ++ ++ All users are granted access to their private ++ per-user journals. However, by default only root and ++ users who are members of the adm ++ group get access to the system journal and the ++ journals of other users. ++ ++ ++ ++ Options ++ ++ The following options are understood: ++ ++ ++ ++ ++ ++ ++ Prints a short help ++ text and exits. ++ ++ ++ ++ ++ ++ Prints a short version ++ string and exits. ++ ++ ++ ++ ++ ++ Do not pipe output into a ++ pager. ++ ++ ++ ++ ++ ++ ++ Show all fields in ++ full, even if they include unprintable ++ characters or are very ++ long. ++ ++ ++ ++ ++ ++ ++ Show only most recent ++ journal entries, and continously print ++ new entries as they are appended to ++ the journal. ++ ++ ++ ++ ++ ++ ++ Controls the number of ++ journal lines to show, counting from ++ the most recent ones. Takes a positive ++ integer argument. In follow mode ++ defaults to 10, otherwise is unset ++ thus not limiting how many lines are ++ shown. ++ ++ ++ ++ ++ ++ Show all stored output ++ lines, even in follow mode. Undoes the ++ effect of ++ . ++ ++ ++ ++ ++ ++ ++ Controls the ++ formatting of the journal entries that are ++ shown. Takes one of ++ short, ++ short-monotonic, ++ verbose, ++ export, ++ json, ++ cat. short ++ is the default and generates an output ++ that is mostly identical to the ++ formatting of classic syslog log ++ files, showing one line per journal ++ entry. short-monotonic ++ is very similar but shows monotonic ++ timestamps instead of wallclock ++ timestamps. verbose ++ shows the full structered entry items ++ with all ++ fiels. export ++ serializes the journal into a binary ++ (but mostly text-based) stream ++ suitable for backups and network ++ transfer. json ++ formats entries as JSON data ++ structures. cat ++ generates a very terse output only ++ showing the actual message of each ++ journal entry with no meta data, not ++ even a timestamp. ++ ++ ++ ++ ++ ++ ++ Suppresses any warning ++ message regarding inaccessable system ++ journals when run as normal ++ user. ++ ++ ++ ++ ++ ++ Instead of showing ++ journal contents generate a new 128 ++ bit ID suitable for identifying ++ messages. This is intended for usage ++ by developers who need a new ++ identifier for a new message they ++ introduce and want to make ++ recognizable. Will print the new ID in ++ three different formats which can be ++ copied into source code or ++ similar. ++ ++ ++ ++ ++ ++ ++ Exit status ++ ++ On success 0 is returned, a non-zero failure ++ code otherwise. ++ ++ ++ ++ Environment ++ ++ ++ ++ $SYSTEMD_PAGER ++ Pager to use when ++ is not given; ++ overrides $PAGER. Setting ++ this to an empty string or the value ++ cat is equivalent to passing ++ . ++ ++ ++ ++ ++ ++ See Also ++ ++ systemd1, ++ systemctl1, ++ systemd-journald.conf5 ++ ++ ++ ++ +diff --git a/man/loginctl.xml b/man/loginctl.xml +new file mode 100644 +index 0000000..be72cc3 +--- /dev/null ++++ b/man/loginctl.xml +@@ -0,0 +1,458 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ loginctl ++ systemd ++ ++ ++ ++ Developer ++ Lennart ++ Poettering ++ lennart@poettering.net ++ ++ ++ ++ ++ ++ loginctl ++ 1 ++ ++ ++ ++ loginctl ++ systemd-loginctl ++ Control the systemd login manager ++ ++ ++ ++ ++ loginctl OPTIONS COMMAND NAME ++ ++ ++ ++ ++ Description ++ ++ loginctl may be used to ++ introspect and control the state of the ++ systemd1 ++ login manager. ++ ++ ++ ++ Options ++ ++ The following options are understood: ++ ++ ++ ++ ++ ++ ++ Prints a short help ++ text and exits. ++ ++ ++ ++ ++ ++ Prints a short version ++ string and exits. ++ ++ ++ ++ ++ ++ ++ When showing ++ session/user/ properties, limit ++ display to certain properties as ++ specified as argument. If not ++ specified all set properties are ++ shown. The argument should be a ++ property name, such as ++ Sessions. If ++ specified more than once all ++ properties with the specified names ++ are shown. ++ ++ ++ ++ ++ ++ ++ When showing ++ unit/job/manager properties, show all ++ properties regardless whether they are ++ set or not. ++ ++ ++ ++ ++ ++ ++ Do not pipe output into a ++ pager. ++ ++ ++ ++ ++ ++ When used with ++ kill-session, ++ choose which processes to kill. Must ++ be one of , or ++ to select whether ++ to kill only the leader process of the ++ session or all processes of the ++ session. If omitted defaults to ++ . ++ ++ ++ ++ ++ ++ ++ When used with ++ kill-session or ++ kill-user, choose ++ which signal to send to selected ++ processes. Must be one of the well ++ known signal specifiers such as ++ SIGTERM, SIGINT or SIGSTOP. If omitted ++ defaults to ++ . ++ ++ ++ ++ ++ ++ ++ Execute operation ++ remotely. Specify a hostname, or ++ username and hostname separated by @, ++ to connect to. This will use SSH to ++ talk to the remote login manager ++ instance. ++ ++ ++ ++ ++ ++ ++ Acquire privileges via ++ PolicyKit before executing the ++ operation. ++ ++ ++ ++ The following commands are understood: ++ ++ ++ ++ list-sessions ++ ++ List current sessions. ++ ++ ++ ++ session-status [ID...] ++ ++ Show terse runtime ++ status information about one or more ++ sessions. This function is intended to ++ generate human-readable output. If you ++ are looking for computer-parsable ++ output, use ++ show-session ++ instead. ++ ++ ++ ++ show-session [ID...] ++ ++ Show properties of one ++ or more sessions or the manager ++ itself. If no argument is specified ++ properties of the manager will be ++ shown. If a session ID is specified ++ properties of the session is shown. By ++ default, empty properties are ++ suppressed. Use ++ to show those too. To select specific ++ properties to show use ++ . This ++ command is intended to be used ++ whenever computer-parsable output is ++ required. Use ++ session-status if ++ you are looking for formatted ++ human-readable ++ output. ++ ++ ++ ++ activate [ID...] ++ ++ Activate one or more ++ sessions. This brings one or more ++ sessions into the foreground, if ++ another session is currently in the ++ foreground on the respective ++ seat. ++ ++ ++ ++ lock-session [ID...] ++ unlock-session [ID...] ++ ++ Activates/deactivates ++ the screen lock on one or more ++ sessions, if the session supports it. ++ ++ ++ ++ terminate-session [ID...] ++ ++ Terminates a ++ session. This kills all processes of ++ the session and deallocates all ++ resources attached to the ++ session. ++ ++ ++ ++ kill-session [ID...] ++ ++ Send a signal to one ++ or more processes of the session. Use ++ to select ++ which process to kill. Use ++ to select ++ the signal to send. ++ ++ ++ ++ list-users ++ ++ List currently logged ++ in users. ++ ++ ++ ++ user-status [USER...] ++ ++ Show terse runtime ++ status information about one or more ++ logged in users. This function is ++ intended to generate human-readable ++ output. If you are looking for ++ computer-parsable output, use ++ show-user ++ instead. Users may be specified by ++ their usernames or numeric user ++ IDs. ++ ++ ++ ++ show-user [USER...] ++ ++ Show properties of one ++ or more users or the manager ++ itself. If no argument is specified ++ properties of the manager will be ++ shown. If a user is specified ++ properties of the user is shown. By ++ default, empty properties are ++ suppressed. Use ++ to show those too. To select specific ++ properties to show use ++ . This ++ command is intended to be used ++ whenever computer-parsable output is ++ required. Use ++ user-status if ++ you are looking for formatted ++ human-readable ++ output. ++ ++ ++ ++ enable-linger [USER...] ++ disable-linger [USER...] ++ ++ Enable/disable user ++ lingering for one or more users. If ++ enabled for a specific user a user ++ manager is spawned for him/her at ++ boot, and kept around after ++ logouts. This allows users who aren't ++ logged in to run long-running ++ services. ++ ++ ++ ++ terminate-user [USER...] ++ ++ Terminates all ++ sessions of a user. This kills all ++ processes of all sessions of the user ++ and deallocates all runtime resources ++ attached to the ++ user. ++ ++ ++ ++ kill-user [USER...] ++ ++ Send a signal to all ++ processes of a user. Use ++ to select ++ the signal to send. ++ ++ ++ ++ list-seats ++ ++ List currently ++ available seats on the local ++ system. ++ ++ ++ ++ seat-status [NAME...] ++ ++ Show terse runtime ++ status information about one or more ++ seats. This function is ++ intended to generate human-readable ++ output. If you are looking for ++ computer-parsable output, use ++ show-seat ++ instead. ++ ++ ++ ++ show-seat [NAME...] ++ ++ Show properties of one ++ or more seats or the manager ++ itself. If no argument is specified ++ properties of the manager will be ++ shown. If a seat is specified ++ properties of the seat are shown. By ++ default, empty properties are ++ suppressed. Use ++ to show those too. To select specific ++ properties to show use ++ . This ++ command is intended to be used ++ whenever computer-parsable output is ++ required. Use ++ seat-status if you ++ are looking for formatted ++ human-readable ++ output. ++ ++ ++ ++ attach [NAME] [DEVICE...] ++ ++ Attach one or more ++ devices to a seat. The devices should ++ be specified via device paths in the ++ /sys file ++ system. To create a new seat attach at ++ least one graphics card to a ++ previously unused seat names. seat ++ names may consist only of a-z, A-Z, ++ 0-9, "-" and "_" and must be prefixed ++ with "seat". To drop assignment of a ++ device to a specific seat just ++ reassign it to a different seat, or ++ use ++ flush-devices. ++ ++ ++ ++ flush-devices ++ ++ Removes all device ++ assignments previously created with ++ attach. After this ++ call only automatically generated ++ seats will remain and all seat ++ hardware is assigned to ++ them. ++ ++ ++ ++ terminate-seat [NAME...] ++ ++ Terminates all ++ sessions on a seat. This kills all ++ processes of all sessions on a seat and ++ deallocates all runtime resources ++ attached to them. ++ ++ ++ ++ ++ ++ ++ Exit status ++ ++ On success 0 is returned, a non-zero failure ++ code otherwise. ++ ++ ++ ++ Environment ++ ++ ++ ++ $SYSTEMD_PAGER ++ Pager to use when ++ is not given; ++ overrides $PAGER. Setting ++ this to an empty string or the value ++ cat is equivalent to passing ++ . ++ ++ ++ ++ ++ ++ See Also ++ ++ systemd1, ++ systemctl1, ++ systemd-logind.conf5 ++ ++ ++ ++ +diff --git a/man/systemctl.xml b/man/systemctl.xml +index c467ed8..ffe0164 100644 +--- a/man/systemctl.xml ++++ b/man/systemctl.xml +@@ -44,6 +44,7 @@ + + + systemctl ++ systemd-systemctl + Control the systemd system and service manager + + +@@ -448,7 +449,7 @@ + formatting of the journal entries that + are shown. For the available choices + see +- systemd-journalctl1. Defaults ++ journalctl1. Defaults + to + short. + +@@ -1179,8 +1180,8 @@ + + systemd1, + systemadm1, +- systemd-journalctl1, +- systemd-loginctl1, ++ journalctl1, ++ loginctl1, + systemd.unit5, + systemd.special7, + wall1 +diff --git a/man/systemd-journalctl.xml b/man/systemd-journalctl.xml +deleted file mode 100644 +index 1441eca..0000000 +--- a/man/systemd-journalctl.xml ++++ /dev/null +@@ -1,252 +0,0 @@ +- +- +- +- +- +- +- +- +- systemd-journalctl +- systemd +- +- +- +- Developer +- Lennart +- Poettering +- lennart@poettering.net +- +- +- +- +- +- systemd-journalctl +- 1 +- +- +- +- systemd-journalctl +- Query the systemd journal +- +- +- +- +- systemd-journalctl OPTIONS MATCH +- +- +- +- +- Description +- +- systemd-journalctl may be +- used to query the contents of the +- systemd1 +- journal. +- +- If called without parameter will show the full +- contents of the journal, starting with the oldest +- entry collected. +- +- If a match argument is passed the output is +- filtered accordingly. A match is in the format +- FIELD=VALUE, +- e.g. _SYSTEMD_UNIT=httpd.service. +- +- Output is interleaved from all accessible +- journal files, whether they are rotated or currently +- being written, and regardless whether they belong to the +- system itself or are accessible user journals. +- +- All users are granted access to their private +- per-user journals. However, by default only root and +- users who are members of the adm +- group get access to the system journal and the +- journals of other users. +- +- +- +- Options +- +- The following options are understood: +- +- +- +- +- +- +- Prints a short help +- text and exits. +- +- +- +- +- +- Prints a short version +- string and exits. +- +- +- +- +- +- Do not pipe output into a +- pager. +- +- +- +- +- +- +- Show all fields in +- full, even if they include unprintable +- characters or are very +- long. +- +- +- +- +- +- +- Show only most recent +- journal entries, and continously print +- new entries as they are appended to +- the journal. +- +- +- +- +- +- +- Controls the number of +- journal lines to show, counting from +- the most recent ones. Takes a positive +- integer argument. In follow mode +- defaults to 10, otherwise is unset +- thus not limiting how many lines are +- shown. +- +- +- +- +- +- Show all stored output +- lines, even in follow mode. Undoes the +- effect of +- . +- +- +- +- +- +- +- Controls the +- formatting of the journal entries that are +- shown. Takes one of +- short, +- short-monotonic, +- verbose, +- export, +- json, +- cat. short +- is the default and generates an output +- that is mostly identical to the +- formatting of classic syslog log +- files, showing one line per journal +- entry. short-monotonic +- is very similar but shows monotonic +- timestamps instead of wallclock +- timestamps. verbose +- shows the full structered entry items +- with all +- fiels. export +- serializes the journal into a binary +- (but mostly text-based) stream +- suitable for backups and network +- transfer. json +- formats entries as JSON data +- structures. cat +- generates a very terse output only +- showing the actual message of each +- journal entry with no meta data, not +- even a timestamp. +- +- +- +- +- +- +- Suppresses any warning +- message regarding inaccessable system +- journals when run as normal +- user. +- +- +- +- +- +- Instead of showing +- journal contents generate a new 128 +- bit ID suitable for identifying +- messages. This is intended for usage +- by developers who need a new +- identifier for a new message they +- introduce and want to make +- recognizable. Will print the new ID in +- three different formats which can be +- copied into source code or +- similar. +- +- +- +- +- +- +- Exit status +- +- On success 0 is returned, a non-zero failure +- code otherwise. +- +- +- +- Environment +- +- +- +- $SYSTEMD_PAGER +- Pager to use when +- is not given; +- overrides $PAGER. Setting +- this to an empty string or the value +- cat is equivalent to passing +- . +- +- +- +- +- +- See Also +- +- systemd1, +- systemctl1, +- systemd-journald.conf5 +- +- +- +- +diff --git a/man/systemd-journald.conf.xml b/man/systemd-journald.conf.xml +index f3cd4db..37dae68 100644 +--- a/man/systemd-journald.conf.xml ++++ b/man/systemd-journald.conf.xml +@@ -246,7 +246,7 @@ + See Also + + systemd1, +- systemd-journalctl1, ++ journalctl1, + systemd.conf5 + + +diff --git a/man/systemd-loginctl.xml b/man/systemd-loginctl.xml +deleted file mode 100644 +index 6a28276..0000000 +--- a/man/systemd-loginctl.xml ++++ /dev/null +@@ -1,457 +0,0 @@ +- +- +- +- +- +- +- +- +- systemd-loginctl +- systemd +- +- +- +- Developer +- Lennart +- Poettering +- lennart@poettering.net +- +- +- +- +- +- systemd-loginctl +- 1 +- +- +- +- systemd-loginctl +- Control the systemd login manager +- +- +- +- +- systemd-loginctl OPTIONS COMMAND NAME +- +- +- +- +- Description +- +- systemd-loginctl may be used to +- introspect and control the state of the +- systemd1 +- login manager. +- +- +- +- Options +- +- The following options are understood: +- +- +- +- +- +- +- Prints a short help +- text and exits. +- +- +- +- +- +- Prints a short version +- string and exits. +- +- +- +- +- +- +- When showing +- session/user/ properties, limit +- display to certain properties as +- specified as argument. If not +- specified all set properties are +- shown. The argument should be a +- property name, such as +- Sessions. If +- specified more than once all +- properties with the specified names +- are shown. +- +- +- +- +- +- +- When showing +- unit/job/manager properties, show all +- properties regardless whether they are +- set or not. +- +- +- +- +- +- +- Do not pipe output into a +- pager. +- +- +- +- +- +- When used with +- kill-session, +- choose which processes to kill. Must +- be one of , or +- to select whether +- to kill only the leader process of the +- session or all processes of the +- session. If omitted defaults to +- . +- +- +- +- +- +- +- When used with +- kill-session or +- kill-user, choose +- which signal to send to selected +- processes. Must be one of the well +- known signal specifiers such as +- SIGTERM, SIGINT or SIGSTOP. If omitted +- defaults to +- . +- +- +- +- +- +- +- Execute operation +- remotely. Specify a hostname, or +- username and hostname separated by @, +- to connect to. This will use SSH to +- talk to the remote login manager +- instance. +- +- +- +- +- +- +- Acquire privileges via +- PolicyKit before executing the +- operation. +- +- +- +- The following commands are understood: +- +- +- +- list-sessions +- +- List current sessions. +- +- +- +- session-status [ID...] +- +- Show terse runtime +- status information about one or more +- sessions. This function is intended to +- generate human-readable output. If you +- are looking for computer-parsable +- output, use +- show-session +- instead. +- +- +- +- show-session [ID...] +- +- Show properties of one +- or more sessions or the manager +- itself. If no argument is specified +- properties of the manager will be +- shown. If a session ID is specified +- properties of the session is shown. By +- default, empty properties are +- suppressed. Use +- to show those too. To select specific +- properties to show use +- . This +- command is intended to be used +- whenever computer-parsable output is +- required. Use +- session-status if +- you are looking for formatted +- human-readable +- output. +- +- +- +- activate [ID...] +- +- Activate one or more +- sessions. This brings one or more +- sessions into the foreground, if +- another session is currently in the +- foreground on the respective +- seat. +- +- +- +- lock-session [ID...] +- unlock-session [ID...] +- +- Activates/deactivates +- the screen lock on one or more +- sessions, if the session supports it. +- +- +- +- terminate-session [ID...] +- +- Terminates a +- session. This kills all processes of +- the session and deallocates all +- resources attached to the +- session. +- +- +- +- kill-session [ID...] +- +- Send a signal to one +- or more processes of the session. Use +- to select +- which process to kill. Use +- to select +- the signal to send. +- +- +- +- list-users +- +- List currently logged +- in users. +- +- +- +- user-status [USER...] +- +- Show terse runtime +- status information about one or more +- logged in users. This function is +- intended to generate human-readable +- output. If you are looking for +- computer-parsable output, use +- show-user +- instead. Users may be specified by +- their usernames or numeric user +- IDs. +- +- +- +- show-user [USER...] +- +- Show properties of one +- or more users or the manager +- itself. If no argument is specified +- properties of the manager will be +- shown. If a user is specified +- properties of the user is shown. By +- default, empty properties are +- suppressed. Use +- to show those too. To select specific +- properties to show use +- . This +- command is intended to be used +- whenever computer-parsable output is +- required. Use +- user-status if +- you are looking for formatted +- human-readable +- output. +- +- +- +- enable-linger [USER...] +- disable-linger [USER...] +- +- Enable/disable user +- lingering for one or more users. If +- enabled for a specific user a user +- manager is spawned for him/her at +- boot, and kept around after +- logouts. This allows users who aren't +- logged in to run long-running +- services. +- +- +- +- terminate-user [USER...] +- +- Terminates all +- sessions of a user. This kills all +- processes of all sessions of the user +- and deallocates all runtime resources +- attached to the +- user. +- +- +- +- kill-user [USER...] +- +- Send a signal to all +- processes of a user. Use +- to select +- the signal to send. +- +- +- +- list-seats +- +- List currently +- available seats on the local +- system. +- +- +- +- seat-status [NAME...] +- +- Show terse runtime +- status information about one or more +- seats. This function is +- intended to generate human-readable +- output. If you are looking for +- computer-parsable output, use +- show-seat +- instead. +- +- +- +- show-seat [NAME...] +- +- Show properties of one +- or more seats or the manager +- itself. If no argument is specified +- properties of the manager will be +- shown. If a seat is specified +- properties of the seat are shown. By +- default, empty properties are +- suppressed. Use +- to show those too. To select specific +- properties to show use +- . This +- command is intended to be used +- whenever computer-parsable output is +- required. Use +- seat-status if you +- are looking for formatted +- human-readable +- output. +- +- +- +- attach [NAME] [DEVICE...] +- +- Attach one or more +- devices to a seat. The devices should +- be specified via device paths in the +- /sys file +- system. To create a new seat attach at +- least one graphics card to a +- previously unused seat names. seat +- names may consist only of a-z, A-Z, +- 0-9, "-" and "_" and must be prefixed +- with "seat". To drop assignment of a +- device to a specific seat just +- reassign it to a different seat, or +- use +- flush-devices. +- +- +- +- flush-devices +- +- Removes all device +- assignments previously created with +- attach. After this +- call only automatically generated +- seats will remain and all seat +- hardware is assigned to +- them. +- +- +- +- terminate-seat [NAME...] +- +- Terminates all +- sessions on a seat. This kills all +- processes of all sessions on a seat and +- deallocates all runtime resources +- attached to them. +- +- +- +- +- +- +- Exit status +- +- On success 0 is returned, a non-zero failure +- code otherwise. +- +- +- +- Environment +- +- +- +- $SYSTEMD_PAGER +- Pager to use when +- is not given; +- overrides $PAGER. Setting +- this to an empty string or the value +- cat is equivalent to passing +- . +- +- +- +- +- +- See Also +- +- systemd1, +- systemctl1, +- systemd-logind.conf5 +- +- +- +- +diff --git a/man/systemd-logind.conf.xml b/man/systemd-logind.conf.xml +index 4b02815..27c11c2 100644 +--- a/man/systemd-logind.conf.xml ++++ b/man/systemd-logind.conf.xml +@@ -167,7 +167,7 @@ + See Also + + systemd1, +- systemd-loginctl1, ++ loginctl1, + systemd.conf5 + + +diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml +index ac0f89f..e6f49c9 100644 +--- a/man/systemd.exec.xml ++++ b/man/systemd.exec.xml +@@ -397,7 +397,7 @@ + dmesg1. + connects it with the journal which is + accessible via +- systemd-journalctl1 ++ journalctl1 + (Note that everything that is written + to syslog or kmsg is implicitly stored + in the journal as well, those options +@@ -1094,6 +1094,7 @@ + + systemd1, + systemctl8, ++ journalctl8, + systemd.unit5, + systemd.service5, + systemd.socket5, diff --git a/0020-build-sys-do-not-set-CFLAGS-directly.patch b/0020-build-sys-do-not-set-CFLAGS-directly.patch new file mode 100644 index 0000000..313f7a2 --- /dev/null +++ b/0020-build-sys-do-not-set-CFLAGS-directly.patch @@ -0,0 +1,135 @@ +From 4dc3672f0e238c3236202c95e893b81eb7ca5e0c Mon Sep 17 00:00:00 2001 +From: Lucas De Marchi +Date: Mon, 19 Mar 2012 13:20:42 -0300 +Subject: [PATCH] build-sys: do not set CFLAGS directly + +Set a separate variable for adding warning flags. Build systems are not +supposed to change CFLAGS and LDFLAGS, these are user variables. + +Reference: http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html +(cherry picked from commit eb2e280f9c59b66965c9316eadc4c113a13ca744) +--- + Makefile.am | 2 + + configure.ac | 3 +- + m4/attributes.m4 | 65 +++++++++++++++++------------------------------------ + 3 files changed, 25 insertions(+), 45 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 6825f8c..5c19dbb 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -106,6 +106,8 @@ AM_CPPFLAGS = \ + -I $(top_srcdir)/src/journal \ + -I $(top_srcdir)/src/systemd + ++AM_CFLAGS = $(WARNINGFLAGS) ++ + if TARGET_GENTOO + AM_CPPFLAGS += \ + -DKBD_LOADKEYS=\"/usr/bin/loadkeys\" \ +diff --git a/configure.ac b/configure.ac +index 976020d..03ed1f7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -60,7 +60,7 @@ if test -z "$GPERF" ; then + AC_MSG_ERROR([*** gperf not found]) + fi + +-CC_CHECK_CFLAGS_APPEND([ \ ++CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -pipe \ + -Wall \ + -W \ +@@ -105,6 +105,7 @@ CC_CHECK_CFLAGS_APPEND([ \ + -fdata-sections \ + -Wl,--as-needed \ + -Wl,--gc-sections]) ++AC_SUBST([WARNINGFLAGS], $with_cflags) + + LT_PREREQ(2.2) + LT_INIT +diff --git a/m4/attributes.m4 b/m4/attributes.m4 +index 9d561c2..e354375 100644 +--- a/m4/attributes.m4 ++++ b/m4/attributes.m4 +@@ -1,6 +1,7 @@ + dnl Macros to check the presence of generic (non-typed) symbols. + dnl Copyright (c) 2006-2008 Diego Pettenò + dnl Copyright (c) 2006-2008 xine project ++dnl Copyright (c) 2012 Lucas De Marchi + dnl + dnl This program is free software; you can redistribute it and/or modify + dnl it under the terms of the GNU General Public License as published by +@@ -32,52 +33,28 @@ dnl distribute a modified version of the Autoconf Macro, you may extend + dnl this special exception to the GPL to apply to your modified version as + dnl well. + +-dnl Check if the flag is supported by compiler +-dnl CC_CHECK_CFLAGS_SILENT([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) +- +-AC_DEFUN([CC_CHECK_CFLAGS_SILENT], [ +- AC_CACHE_VAL(AS_TR_SH([cc_cv_cflags_$1]), +- [ac_save_CFLAGS="$CFLAGS" +- CFLAGS="$CFLAGS $1" +- AC_COMPILE_IFELSE([AC_LANG_SOURCE([int a;])], +- [eval "AS_TR_SH([cc_cv_cflags_$1])='yes'"], +- [eval "AS_TR_SH([cc_cv_cflags_$1])='no'"]) +- CFLAGS="$ac_save_CFLAGS" +- ]) +- +- AS_IF([eval test x$]AS_TR_SH([cc_cv_cflags_$1])[ = xyes], +- [$2], [$3]) +-]) +- +-dnl Check if the flag is supported by compiler (cacheable) +-dnl CC_CHECK_CFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) +- +-AC_DEFUN([CC_CHECK_CFLAGS], [ +- AC_CACHE_CHECK([if $CC supports $1 flag], +- AS_TR_SH([cc_cv_cflags_$1]), +- CC_CHECK_CFLAGS_SILENT([$1]) dnl Don't execute actions here! +- ) +- +- AS_IF([eval test x$]AS_TR_SH([cc_cv_cflags_$1])[ = xyes], +- [$2], [$3]) +-]) +- +-dnl CC_CHECK_CFLAG_APPEND(FLAG, [action-if-found], [action-if-not-found]) +-dnl Check for CFLAG and appends them to CFLAGS if supported +-AC_DEFUN([CC_CHECK_CFLAG_APPEND], [ +- AC_CACHE_CHECK([if $CC supports $1 flag], +- AS_TR_SH([cc_cv_cflags_$1]), +- CC_CHECK_CFLAGS_SILENT([$1]) dnl Don't execute actions here! +- ) +- +- AS_IF([eval test x$]AS_TR_SH([cc_cv_cflags_$1])[ = xyes], +- [CFLAGS="$CFLAGS $1"; DEBUG_CFLAGS="$DEBUG_CFLAGS $1"; $2], [$3]) ++dnl Check if FLAG in ENV-VAR is supported by compiler and append it ++dnl to WHERE-TO-APPEND variable ++dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG]) ++ ++AC_DEFUN([CC_CHECK_FLAG_APPEND], [ ++ AC_CACHE_CHECK([if $CC supports flag $3 in envvar $2], ++ AS_TR_SH([cc_cv_$2_$3]), ++ [eval "AS_TR_SH([cc_save_$2])='${$2}'" ++ eval "AS_TR_SH([$2])='$3'" ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([int a = 0; int main(void) { return a; } ])], ++ [eval "AS_TR_SH([cc_cv_$2_$3])='yes'"], ++ [eval "AS_TR_SH([cc_cv_$2_$3])='no'"]) ++ eval "AS_TR_SH([$2])='$cc_save_$2'"]) ++ ++ AS_IF([eval test x$]AS_TR_SH([cc_cv_$2_$3])[ = xyes], ++ [eval "$1='${$1} $3'"]) + ]) + +-dnl CC_CHECK_CFLAGS_APPEND([FLAG1 FLAG2], [action-if-found], [action-if-not]) +-AC_DEFUN([CC_CHECK_CFLAGS_APPEND], [ +- for flag in $1; do +- CC_CHECK_CFLAG_APPEND($flag, [$2], [$3]) ++dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2]) ++AC_DEFUN([CC_CHECK_FLAGS_APPEND], [ ++ for flag in $3; do ++ CC_CHECK_FLAG_APPEND($1, $2, $flag) + done + ]) + diff --git a/0021-build-sys-separate-ldflags-from-cflags.patch b/0021-build-sys-separate-ldflags-from-cflags.patch new file mode 100644 index 0000000..77ad30d --- /dev/null +++ b/0021-build-sys-separate-ldflags-from-cflags.patch @@ -0,0 +1,43 @@ +From 2a01e5dcb958413a47413056dc0b1355afcefc08 Mon Sep 17 00:00:00 2001 +From: Lucas De Marchi +Date: Mon, 19 Mar 2012 13:20:43 -0300 +Subject: [PATCH] build-sys: separate ldflags from cflags (cherry picked from + commit 9e7adc3ae1133fa08a468768a490812299fad030) + +--- + Makefile.am | 1 + + configure.ac | 7 +++++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 5c19dbb..d563cfd 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -107,6 +107,7 @@ AM_CPPFLAGS = \ + -I $(top_srcdir)/src/systemd + + AM_CFLAGS = $(WARNINGFLAGS) ++AM_LDFLAGS = $(GCLDFLAGS) + + if TARGET_GENTOO + AM_CPPFLAGS += \ +diff --git a/configure.ac b/configure.ac +index 03ed1f7..0c70bae 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -102,10 +102,13 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -fno-strict-aliasing \ + -fvisibility=hidden \ + -ffunction-sections \ +- -fdata-sections \ ++ -fdata-sections]) ++AC_SUBST([WARNINGFLAGS], $with_cflags) ++ ++CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ + -Wl,--as-needed \ + -Wl,--gc-sections]) +-AC_SUBST([WARNINGFLAGS], $with_cflags) ++AC_SUBST([GCLDFLAGS], $with_ldflags) + + LT_PREREQ(2.2) + LT_INIT diff --git a/0022-man-don-t-claim-f-was-short-for-follow.patch b/0022-man-don-t-claim-f-was-short-for-follow.patch new file mode 100644 index 0000000..1940908 --- /dev/null +++ b/0022-man-don-t-claim-f-was-short-for-follow.patch @@ -0,0 +1,22 @@ +From dca8f897441d8dea1230a9063eca7508adc54fa7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 26 Mar 2012 23:51:56 +0200 +Subject: [PATCH] man: don't claim -f was short for --follow (cherry picked + from commit 0aed10889b42ac3adc1954eb07c8653784f46e58) + +--- + man/systemctl.xml | 1 - + 1 files changed, 0 insertions(+), 1 deletions(-) + +diff --git a/man/systemctl.xml b/man/systemctl.xml +index ffe0164..25b9266 100644 +--- a/man/systemctl.xml ++++ b/man/systemctl.xml +@@ -431,7 +431,6 @@ + + + +- + + When used with + status continously diff --git a/0023-journalctl-add-local-switch.patch b/0023-journalctl-add-local-switch.patch new file mode 100644 index 0000000..87b7b8c --- /dev/null +++ b/0023-journalctl-add-local-switch.patch @@ -0,0 +1,103 @@ +From 7597d725aedc4bce6dc5ad20350d4f8e17b756d9 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 27 Mar 2012 00:14:29 +0200 +Subject: [PATCH] journalctl: add --local switch (cherry picked from commit + 2bd3c38a44c5c3acbf5afdb9c0bcbaf4a72dac3f) + +--- + TODO | 2 ++ + man/journalctl.xml | 8 ++++++++ + src/journal/journalctl.c | 13 ++++++++++--- + 3 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/TODO b/TODO +index 7f19c3a..2fe676a 100644 +--- a/TODO ++++ b/TODO +@@ -18,6 +18,8 @@ Bugfixes: + + Features: + ++* Make -f in systemctl enable both --follow and --force ++ + * ensure that logind sets the syslog facility to AUTH when logging + + * when a service has the same env var set twice we actually store it twice and return that in systemctl show -p... We should only show the last setting +diff --git a/man/journalctl.xml b/man/journalctl.xml +index c4d2a7e..efceefa 100644 +--- a/man/journalctl.xml ++++ b/man/journalctl.xml +@@ -200,6 +200,14 @@ + + + ++ ++ ++ ++ Show only locally ++ generated messages. ++ ++ ++ + + + Instead of showing +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index f90b2dd..01dceca 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -46,6 +46,7 @@ static int arg_lines = -1; + static bool arg_no_tail = false; + static bool arg_new_id128 = false; + static bool arg_quiet = false; ++static bool arg_local = false; + + static int help(void) { + +@@ -61,7 +62,8 @@ static int help(void) { + " -o --output=STRING Change journal output mode (short, short-monotonic,\n" + " verbose, export, json, cat)\n" + " -q --quiet Don't show privilege warning\n" +- " --new-id128 Generate a new 128 Bit id\n", ++ " --new-id128 Generate a new 128 Bit id\n" ++ " -l --local Only local entries\n", + program_invocation_short_name); + + return 0; +@@ -87,6 +89,7 @@ static int parse_argv(int argc, char *argv[]) { + { "no-tail", no_argument, NULL, ARG_NO_TAIL }, + { "new-id128", no_argument, NULL, ARG_NEW_ID128 }, + { "quiet", no_argument, NULL, 'q' }, ++ { "local", no_argument, NULL, 'l' }, + { NULL, 0, NULL, 0 } + }; + +@@ -95,7 +98,7 @@ static int parse_argv(int argc, char *argv[]) { + assert(argc >= 0); + assert(argv); + +- while ((c = getopt_long(argc, argv, "hfo:an:q", options, NULL)) >= 0) { ++ while ((c = getopt_long(argc, argv, "hfo:an:ql", options, NULL)) >= 0) { + + switch (c) { + +@@ -150,6 +153,10 @@ static int parse_argv(int argc, char *argv[]) { + arg_quiet = true; + break; + ++ case 'l': ++ arg_local = true; ++ break; ++ + case '?': + return -EINVAL; + +@@ -216,7 +223,7 @@ int main(int argc, char *argv[]) { + log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off."); + #endif + +- r = sd_journal_open(&j, 0); ++ r = sd_journal_open(&j, arg_local ? SD_JOURNAL_LOCAL_ONLY : 0); + if (r < 0) { + log_error("Failed to open journal: %s", strerror(-r)); + goto finish; diff --git a/0024-cat-fix-priority-type.patch b/0024-cat-fix-priority-type.patch new file mode 100644 index 0000000..bee6217 --- /dev/null +++ b/0024-cat-fix-priority-type.patch @@ -0,0 +1,24 @@ +From 1a00e659a6c001d2241b7f6478fcdb850469adcc Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 27 Mar 2012 00:20:48 +0200 +Subject: [PATCH] cat: fix priority type + +Needs to be "int", not "char". Spotted by Frederic Crozat. +(cherry picked from commit d508ac0ba0c43efa8caacdd8050970efb1e30243) +--- + src/journal/cat.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/journal/cat.c b/src/journal/cat.c +index 31d76f3..f0a6666 100644 +--- a/src/journal/cat.c ++++ b/src/journal/cat.c +@@ -33,7 +33,7 @@ + #include "build.h" + + static char *arg_identifier = NULL; +-static char arg_priority = LOG_INFO; ++static int arg_priority = LOG_INFO; + static bool arg_level_prefix = true; + + static int help(void) { diff --git a/0025-units-get-rid-of-var-run.mount-and-var-lock.mount.patch b/0025-units-get-rid-of-var-run.mount-and-var-lock.mount.patch new file mode 100644 index 0000000..7c2c692 --- /dev/null +++ b/0025-units-get-rid-of-var-run.mount-and-var-lock.mount.patch @@ -0,0 +1,121 @@ +From fc3db84daaf5612dac1a9c09b1ec188a3ec2c3d3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 27 Mar 2012 17:11:00 +0200 +Subject: [PATCH] units: get rid of var-run.mount and var-lock.mount + +Since a number of distribitions don't need this compat glue anymore drop +it from systemd upstream. Distributions which still haven't converted +to /run can steal these unit files from the git history if they need to. +(cherry picked from commit 55d029addf7d97b15faacea597a4ff65542aaf0e) + +Conflicts: + + Makefile.am +--- + Makefile.am | 14 -------------- + units/var-lock.mount | 19 ------------------- + units/var-run.mount | 19 ------------------- + 3 files changed, 0 insertions(+), 52 deletions(-) + delete mode 100644 units/var-lock.mount + delete mode 100644 units/var-run.mount + +diff --git a/Makefile.am b/Makefile.am +index d563cfd..63bb817 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -295,7 +295,6 @@ dist_systemunit_DATA = \ + units/sys-kernel-config.mount \ + units/sys-kernel-debug.mount \ + units/sys-fs-fuse-connections.mount \ +- units/var-run.mount \ + units/media.mount \ + units/remount-rootfs.service \ + units/printer.target \ +@@ -308,11 +307,6 @@ dist_systemunit_DATA = \ + units/systemd-ask-password-console.path \ + units/syslog.target + +-if HAVE_SYSV_COMPAT +-dist_systemunit_DATA += \ +- units/var-lock.mount +-endif +- + nodist_systemunit_DATA = \ + units/getty@.service \ + units/serial-getty@.service \ +@@ -2341,12 +2335,10 @@ systemd-install-data-hook: + rm -f systemd-remount-api-vfs.service \ + fsck-root.service \ + remount-rootfs.service \ +- var-run.mount \ + media.mount && \ + $(LN_S) ../systemd-remount-api-vfs.service systemd-remount-api-vfs.service && \ + $(LN_S) ../fsck-root.service fsck-root.service && \ + $(LN_S) ../remount-rootfs.service remount-rootfs.service && \ +- $(LN_S) ../var-run.mount var-run.mount && \ + $(LN_S) ../media.mount media.mount ) + ( cd $(DESTDIR)$(userunitdir) && \ + rm -f shutdown.target sockets.target bluetooth.target printer.target sound.target && \ +@@ -2506,12 +2498,6 @@ if TARGET_MAGEIA + $(LN_S) $(systemunitdir)/display-manager.service display-manager.service ) + endif + +-if HAVE_SYSV_COMPAT +- ( cd $(DESTDIR)$(systemunitdir)/local-fs.target.wants && \ +- rm -f var-lock.mount && \ +- $(LN_S) ../var-lock.mount var-lock.mount ) +-endif +- + install-exec-hook: $(INSTALL_EXEC_HOOKS) + + uninstall-hook: $(UNINSTALL_EXEC_HOOKS) +diff --git a/units/var-lock.mount b/units/var-lock.mount +deleted file mode 100644 +index 07277ad..0000000 +--- a/units/var-lock.mount ++++ /dev/null +@@ -1,19 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Lock Directory +-Before=local-fs.target +-# skip mounting if the directory does not exist or is a symlink +-ConditionPathIsDirectory=/var/lock +-ConditionPathIsSymbolicLink=!/var/lock +- +-[Mount] +-What=/run/lock +-Where=/var/lock +-Type=bind +-Options=bind +diff --git a/units/var-run.mount b/units/var-run.mount +deleted file mode 100644 +index ab4da42..0000000 +--- a/units/var-run.mount ++++ /dev/null +@@ -1,19 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Runtime Directory +-Before=local-fs.target +-# skip mounting if the directory does not exist or is a symlink +-ConditionPathIsDirectory=/var/run +-ConditionPathIsSymbolicLink=!/var/run +- +-[Mount] +-What=/run +-Where=/var/run +-Type=bind +-Options=bind diff --git a/0026-journal-properly-handle-if-we-interleave-files-with-.patch b/0026-journal-properly-handle-if-we-interleave-files-with-.patch new file mode 100644 index 0000000..01092c5 --- /dev/null +++ b/0026-journal-properly-handle-if-we-interleave-files-with-.patch @@ -0,0 +1,38 @@ +From 508157bef06840c3df94bfd2dc8fa5f65af950f6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 27 Mar 2012 18:50:34 +0200 +Subject: [PATCH] journal: properly handle if we interleave files with + different boot ids + +If we try to locate a monotonic time in a file that doesn't have any +entries with the matching boot id, then don't fail on it, simply +fall back to calendar time. +(cherry picked from commit 6030831d5b85539a2a209b6d3a6f28b400207d78) +--- + src/journal/sd-journal.c | 12 ++++++++++-- + 1 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index e9cd26e..92ba578 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -325,9 +325,17 @@ static int find_location(sd_journal *j, JournalFile *f, direction_t direction, O + else if (j->current_location.seqnum_set && + sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id)) + r = journal_file_move_to_entry_by_seqnum(f, j->current_location.seqnum, direction, &o, &p); +- else if (j->current_location.monotonic_set) ++ else if (j->current_location.monotonic_set) { + r = journal_file_move_to_entry_by_monotonic(f, j->current_location.boot_id, j->current_location.monotonic, direction, &o, &p); +- else if (j->current_location.realtime_set) ++ ++ if (r == -ENOENT) { ++ /* boot id unknown in this file */ ++ if (j->current_location.realtime_set) ++ r = journal_file_move_to_entry_by_realtime(f, j->current_location.realtime, direction, &o, &p); ++ else ++ r = journal_file_next_entry(f, NULL, 0, direction, &o, &p); ++ } ++ } else if (j->current_location.realtime_set) + r = journal_file_move_to_entry_by_realtime(f, j->current_location.realtime, direction, &o, &p); + else + r = journal_file_next_entry(f, NULL, 0, direction, &o, &p); diff --git a/0027-job-fix-loss-of-ordering-with-restart-jobs.patch b/0027-job-fix-loss-of-ordering-with-restart-jobs.patch new file mode 100644 index 0000000..dc62a7e --- /dev/null +++ b/0027-job-fix-loss-of-ordering-with-restart-jobs.patch @@ -0,0 +1,144 @@ +From 9c53948822726352c65cbe74da919106da957993 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt +Date: Wed, 28 Mar 2012 00:42:27 +0200 +Subject: [PATCH] job: fix loss of ordering with restart jobs + +Suppose that foo.service/start is a job waiting on other job bar.service/start +to finish. And then foo.service/restart is enqueued (not using +--ignore-dependencies). + +Currently this makes foo.service start immediately, forgetting about the +ordering to bar.service. + +The runnability check for JOB_RESTART jobs looks only at dependencies for +stopping. That's actually correct, because restart jobs should be treated the +same as stop jobs at first. The bug is that job_run_and_invalidate() does not +treat them exactly the same as stop jobs. unit_start() gets called without +checking for the runnability of the converted JOB_START job. + +The fix is to simplify the switch in job_run_and_invalidate(). Handle +JOB_RESTART identically to JOB_STOP. +Also simplify the handling of JOB_TRY_RESTART - just convert it to JOB_RESTART +if the unit is active and let it fall through to the JOB_RESTART case. +Similarly for JOB_RELOAD_OR_START - have a fall through to JOB_START. + +In job_finish_and_invalidate() it's not necessary to check for JOB_TRY_RESTART +with JOB_DONE, because JOB_TRY_RESTART jobs will have been converted to +JOB_RESTART already. + +Speeding up the restart of services in "auto-restart" state still works as +before. + +Improves: https://bugzilla.redhat.com/show_bug.cgi?id=753586 +but it's still not perfect. With this fix the try-restart action will wait for +the restart to complete in the right order, but the optimal behaviour would be +to finish quickly (without disturbing the start job). +(cherry picked from commit dd17d38879503f018fdf6bbff822970afcddb6f1) +--- + src/job.c | 64 ++++++++++++++++++++----------------------------------------- + 1 files changed, 21 insertions(+), 43 deletions(-) + +diff --git a/src/job.c b/src/job.c +index e57286f..d43ce8e 100644 +--- a/src/job.c ++++ b/src/job.c +@@ -387,14 +387,21 @@ int job_run_and_invalidate(Job *j) { + + switch (j->type) { + ++ case JOB_RELOAD_OR_START: ++ if (unit_active_state(j->unit) == UNIT_ACTIVE) { ++ j->type = JOB_RELOAD; ++ r = unit_reload(j->unit); ++ break; ++ } ++ j->type = JOB_START; ++ /* fall through */ ++ + case JOB_START: + r = unit_start(j->unit); + +- /* If this unit cannot be started, then simply +- * wait */ ++ /* If this unit cannot be started, then simply wait */ + if (r == -EBADR) + r = 0; +- + break; + + case JOB_VERIFY_ACTIVE: { +@@ -408,11 +415,19 @@ int job_run_and_invalidate(Job *j) { + break; + } + ++ case JOB_TRY_RESTART: ++ if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(j->unit))) { ++ r = -ENOEXEC; ++ break; ++ } ++ j->type = JOB_RESTART; ++ /* fall through */ ++ + case JOB_STOP: ++ case JOB_RESTART: + r = unit_stop(j->unit); + +- /* If this unit cannot stopped, then simply +- * wait. */ ++ /* If this unit cannot stopped, then simply wait. */ + if (r == -EBADR) + r = 0; + break; +@@ -421,43 +436,6 @@ int job_run_and_invalidate(Job *j) { + r = unit_reload(j->unit); + break; + +- case JOB_RELOAD_OR_START: +- if (unit_active_state(j->unit) == UNIT_ACTIVE) { +- j->type = JOB_RELOAD; +- r = unit_reload(j->unit); +- } else { +- j->type = JOB_START; +- r = unit_start(j->unit); +- +- if (r == -EBADR) +- r = 0; +- } +- break; +- +- case JOB_RESTART: { +- UnitActiveState t = unit_active_state(j->unit); +- if (t == UNIT_INACTIVE || t == UNIT_FAILED || t == UNIT_ACTIVATING) { +- j->type = JOB_START; +- r = unit_start(j->unit); +- } else +- r = unit_stop(j->unit); +- break; +- } +- +- case JOB_TRY_RESTART: { +- UnitActiveState t = unit_active_state(j->unit); +- if (t == UNIT_INACTIVE || t == UNIT_FAILED || t == UNIT_DEACTIVATING) +- r = -ENOEXEC; +- else if (t == UNIT_ACTIVATING) { +- j->type = JOB_START; +- r = unit_start(j->unit); +- } else { +- j->type = JOB_RESTART; +- r = unit_stop(j->unit); +- } +- break; +- } +- + default: + assert_not_reached("Unknown job type"); + } +@@ -536,7 +514,7 @@ int job_finish_and_invalidate(Job *j, JobResult result) { + job_add_to_dbus_queue(j); + + /* Patch restart jobs so that they become normal start jobs */ +- if (result == JOB_DONE && (j->type == JOB_RESTART || j->type == JOB_TRY_RESTART)) { ++ if (result == JOB_DONE && j->type == JOB_RESTART) { + + log_debug("Converting job %s/%s -> %s/%s", + j->unit->id, job_type_to_string(j->type), diff --git a/0028-job-add-debug-prints-where-job-type-gets-changed.patch b/0028-job-add-debug-prints-where-job-type-gets-changed.patch new file mode 100644 index 0000000..dfdcaf3 --- /dev/null +++ b/0028-job-add-debug-prints-where-job-type-gets-changed.patch @@ -0,0 +1,67 @@ +From 3b5680806cc525123904eacd917e749018a18e1a Mon Sep 17 00:00:00 2001 +From: Michal Schmidt +Date: Wed, 28 Mar 2012 01:26:04 +0200 +Subject: [PATCH] job: add debug prints where job type gets changed (cherry + picked from commit + bbd1a8374f90605319d0404ebb423795337161bd) + +--- + src/job.c | 20 ++++++++++++-------- + 1 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/job.c b/src/job.c +index d43ce8e..8e944b3 100644 +--- a/src/job.c ++++ b/src/job.c +@@ -355,6 +355,14 @@ bool job_is_runnable(Job *j) { + return true; + } + ++static void job_change_type(Job *j, JobType newtype) { ++ log_debug("Converting job %s/%s -> %s/%s", ++ j->unit->id, job_type_to_string(j->type), ++ j->unit->id, job_type_to_string(newtype)); ++ ++ j->type = newtype; ++} ++ + int job_run_and_invalidate(Job *j) { + int r; + uint32_t id; +@@ -389,11 +397,11 @@ int job_run_and_invalidate(Job *j) { + + case JOB_RELOAD_OR_START: + if (unit_active_state(j->unit) == UNIT_ACTIVE) { +- j->type = JOB_RELOAD; ++ job_change_type(j, JOB_RELOAD); + r = unit_reload(j->unit); + break; + } +- j->type = JOB_START; ++ job_change_type(j, JOB_START); + /* fall through */ + + case JOB_START: +@@ -420,7 +428,7 @@ int job_run_and_invalidate(Job *j) { + r = -ENOEXEC; + break; + } +- j->type = JOB_RESTART; ++ job_change_type(j, JOB_RESTART); + /* fall through */ + + case JOB_STOP: +@@ -516,12 +524,8 @@ int job_finish_and_invalidate(Job *j, JobResult result) { + /* Patch restart jobs so that they become normal start jobs */ + if (result == JOB_DONE && j->type == JOB_RESTART) { + +- log_debug("Converting job %s/%s -> %s/%s", +- j->unit->id, job_type_to_string(j->type), +- j->unit->id, job_type_to_string(JOB_START)); +- ++ job_change_type(j, JOB_START); + j->state = JOB_WAITING; +- j->type = JOB_START; + + job_add_to_run_queue(j); + diff --git a/systemd-PAGE_SIZE.patch b/systemd-PAGE_SIZE.patch deleted file mode 100644 index 623bea1..0000000 --- a/systemd-PAGE_SIZE.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 21 Mar 2012 22:47:44 +0000 -Subject: journal: PAGE_SIZE is not known on ppc and other archs - -Let's use NAME_MAX, as suggested by Dan Walsh ---- -diff --git a/src/journal/journald.c b/src/journal/journald.c -index d27cb60..87390bd 100644 ---- a/src/journal/journald.c -+++ b/src/journal/journald.c -@@ -29,7 +29,6 @@ - #include - #include - #include --#include - - #include - #include -@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) { - size_t label_len = 0; - union { - struct cmsghdr cmsghdr; -+ -+ /* We use NAME_MAX space for the -+ * SELinux label here. The kernel -+ * currently enforces no limit, but -+ * according to suggestions from the -+ * SELinux people this will change and -+ * it will probably be identical to -+ * NAME_MAX. For now we use that, but -+ * this should be updated one day when -+ * the final limit is known.*/ - uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) + - CMSG_SPACE(sizeof(struct timeval)) + -- CMSG_SPACE(sizeof(int)) + -- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */ -+ CMSG_SPACE(sizeof(int)) + /* fd */ -+ CMSG_SPACE(NAME_MAX)]; /* selinux label */ - } control; - ssize_t n; - int v; --- -cgit v0.9.0.2-2-gbebe diff --git a/systemd.spec b/systemd.spec index 528307e..6ad102c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -3,7 +3,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 44 -Release: 4%{?gitcommit:.git%{gitcommit}}%{?dist} +Release: 5%{?gitcommit:.git%{gitcommit}}%{?dist} License: GPLv2+ Group: System Environment/Base Summary: A System and Service Manager @@ -29,11 +29,11 @@ BuildRequires: intltool >= 0.40.0 BuildRequires: gperf BuildRequires: xz-devel BuildRequires: kmod-devel >= 5 -%if %{defined gitcommit} + BuildRequires: automake BuildRequires: autoconf BuildRequires: libtool -%endif + Requires(post): authconfig Requires(post): coreutils Requires(post): gawk @@ -58,7 +58,34 @@ Source2: systemd-sysv-convert Source3: udlfb.conf # Stop-gap, just to ensure things work fine with rsyslog without having to change the package right-away Source4: listen.conf -Patch0: systemd-PAGE_SIZE.patch +Patch0001: 0001-util-never-follow-symlinks-in-rm_rf_children.patch +Patch0002: 0002-man-fix-parameter-name-for-sd_uid_xxx.patch +Patch0003: 0003-bmfmt-allow-passing-more-than-one-config-file-name.patch +Patch0004: 0004-modules-load-drop-lib-from-search-path-if-we-don-t-h.patch +Patch0005: 0005-sysctl-accept-multiple-passed-configuration-files.patch +Patch0006: 0006-man-updates-to-sysctl.d-5.patch +Patch0007: 0007-journal-react-with-immediate-rotation-to-a-couple-of.patch +Patch0008: 0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch +Patch0009: 0009-systemd-mount-the-securityfs-filesystem-at-early-sta.patch +Patch0010: 0010-main-added-support-for-loading-IMA-custom-policies.patch +Patch0011: 0011-man-systemd-cat-1-typo-fix.patch +Patch0012: 0012-binfmt-fix-apply-loop.patch +Patch0013: 0013-add-sparse-support-to-detect-endianness-bug.patch +Patch0014: 0014-update-TODO.patch +Patch0015: 0015-logind-extend-comment-about-X11-socket-symlink.patch +Patch0016: 0016-logind-close-FIFO-before-ending-sessions-cleanly.patch +Patch0017: 0017-man-minor-typo-in-reference-to-manual-page.patch +Patch0018: 0018-build-sys-fix-make-dist-check.patch +Patch0019: 0019-journalctl-loginctl-drop-systemd-prefix-in-binary-na.patch +Patch0020: 0020-build-sys-do-not-set-CFLAGS-directly.patch +Patch0021: 0021-build-sys-separate-ldflags-from-cflags.patch +Patch0022: 0022-man-don-t-claim-f-was-short-for-follow.patch +Patch0023: 0023-journalctl-add-local-switch.patch +Patch0024: 0024-cat-fix-priority-type.patch +Patch0025: 0025-units-get-rid-of-var-run.mount-and-var-lock.mount.patch +Patch0026: 0026-journal-properly-handle-if-we-interleave-files-with-.patch +Patch0027: 0027-job-fix-loss-of-ordering-with-restart-jobs.patch +Patch0028: 0028-job-add-debug-prints-where-job-type-gets-changed.patch # For sysvinit tools Obsoletes: SysVinit < 2.86-24, sysvinit < 2.86-24 @@ -130,10 +157,16 @@ at boot. %prep %setup -q %{?gitcommit:-n %{name}-git%{gitcommit}} -%patch0 -p1 +set +x +for p in %{patches}; do + echo "Applying $p" + patch -p1 < $p +done +set -x %build %{?gitcommit: ./autogen.sh } +autoreconf -i %configure --with-distro=fedora --disable-static make %{?_smp_mflags} @@ -324,10 +357,13 @@ mv /etc/systemd/system/default.target.save /etc/systemd/system/default.target >/ %{_prefix}/lib/systemd/systemd %{_bindir}/systemd %{_bindir}/systemctl +%{_bindir}/loginctl +%{_bindir}/journalctl %{_bindir}/systemd-notify %{_bindir}/systemd-ask-password %{_bindir}/systemd-tty-ask-password-agent %{_bindir}/systemd-machine-id-setup +%{_bindir}/systemd-systemctl %{_bindir}/systemd-loginctl %{_bindir}/systemd-journalctl %{_bindir}/systemd-tmpfiles @@ -414,6 +450,10 @@ mv /etc/systemd/system/default.target.save /etc/systemd/system/default.target >/ %{_bindir}/systemd-analyze %changelog +* Fri Mar 30 2012 Michal Schmidt - 44-5 +- Post-v44 patches from upstream git, except the changes of /media, /tmp + mountpoints and the gtk removal. + * Wed Mar 28 2012 Michal Schmidt - 44-4 - Add triggers from Bill Nottingham to correct the damage done by the obsoleted systemd-units's preun scriptlet (#807457).