v255 batch up to f3a13eca4ed6b4852153179a2197ee797bbbe898#477
Merged
bluca merged 61 commits intosystemd:v255-stablefrom May 18, 2025
Merged
v255 batch up to f3a13eca4ed6b4852153179a2197ee797bbbe898#477bluca merged 61 commits intosystemd:v255-stablefrom
bluca merged 61 commits intosystemd:v255-stablefrom
Conversation
(cherry picked from commit eda75b2) (cherry picked from commit 551aee593050ef9219466db05e8d7ba195d19f9b) (cherry picked from commit cc0ef08a48e0cf775c45d0f88c6be7b4fa30cb14)
If it fails, we'd submit the errno to supervisor via sd_notify() later. (cherry picked from commit 550f471) (cherry picked from commit e19548b78f2c7e2e921403d3ce8543143c313209) (cherry picked from commit ed7abadcf8ab834b8b1d111d20685c6edd085e00)
…ng root Follow-up for aaa27e2 The commit described about system potentially becoming undebuggable after switching into broken root or whatnot. But notably we can never activate emergency.target after do_reexecute() failure, since the Manager has been destructed. Plus, for a normal reexecution the fallback shell logic triggered on non-existent /sbin/init is kinda useful. Let's hence guard the extra check behind switch-root. Also, move the check below /run/nextroot/ detection. (cherry picked from commit 93e1948) (cherry picked from commit 1df135924796cf6790ec3f7848527349a5b760cc) (cherry picked from commit ce4495819fbb3ef0bc4df87e9acd7c5e62e82874)
For these objectives we ought to execve() at the end, i.e. if we ever hit the return path something went wrong in do_reexecute(). Let's properly report that via retval. (cherry picked from commit 590e0e3) (cherry picked from commit efcd9c6e62dbc66e5bc70046e8ad1df2ad97947f) (cherry picked from commit 1282484941ca8e65de1586f15fcb09ad897f20e0)
If a network mount returns EBUSY on umount, the logic introduced in 6dc68a0 causes shutdown to hang indefinitely on `fstatat()` (i.e., within `is_dir(m->path, true)`). Hence, skip this logic for network mounts (following the same motivation we use to skip read-only mounts in this kind of file systems). Fixes 6dc68a0 (cherry picked from commit cef2181) (cherry picked from commit 18dde3dd2aa8f05ecf950dab313efd5baf064625) (cherry picked from commit b7cb53a368fb998b9251e7c453d4e59a4d35a9d2)
So far /run/systemd/ was created as side-effect of initializing the D-Bus client/server. But in one of the next commits we'll suppress connecting to D-Bus in test runs, hence let's move the logic our of the D-Bus code and into manager_startup(). Then, also drop creating it again and again in PID 1 at various places, and just rely on it to exist. (cherry picked from commit e75fbee) (cherry picked from commit a4bb3316e0324c343a036a6fb87d57381af4b824) (cherry picked from commit d0c4baba4cff48415fae5f21d191e235279d9e21)
This thing should not be "live", hence don't try to connect to the bus, or bind the private bus socket. Fixes: #36540 (cherry picked from commit 71a737d) (cherry picked from commit b4565a757f858ec3b45fe44574b2cd7dc8f7ac90) (cherry picked from commit 071fd1744e2f3302e54f0e96db2a7cf10c0963ba)
(cherry picked from commit 66c2a2e) (cherry picked from commit 830b30814a0079d9689261c8916692cf7e9dfd56) (cherry picked from commit d04e76a0c38afc1f80f46498f3426c5df9367e95)
…y@.service on s390x Path of the 3270 console in /sys is "/sys/class/tty/3270!tty1" but its device node is "/dev/3270/tty1". (cherry picked from commit dbe61d9) (cherry picked from commit 23dc4450cddd5ee89d291600e226a3615b56a185) (cherry picked from commit 7b4d672e07747b1dd7f596248fc479088e4485ad)
We didn't check the number of arguments first, hence ended up outputting some ugly complaints with `(null)` in a format string. And what's worse accepted any number of arguments, where we'd ignore all but the first two though. (cherry picked from commit e5dfe2c) (cherry picked from commit 81b821d08ceb5feec4b879d59c194897a957eb5e) (cherry picked from commit 3fc144d45c37bddc930858953aeafb2062fe73c7)
Don't shortcut if we don't have the necessary environment variables set in sd_bus_open_user_machine(). (cherry picked from commit 9e34c34) (cherry picked from commit bd06aa555603f877774942dcda4664e8e44f21fd) (cherry picked from commit 71cca3e39c63038ace72be1cb3955a5546caf607)
…m empty notification queue A unit might be pending in the empty queue still when we add a PID to the cgroup. At that point, let's explicitly remove the unit from that queue. Fixes: #36781 (cherry picked from commit bb16097) (cherry picked from commit 13b011f0e84bd30d524a10e0dd839b508b8e0011) (cherry picked from commit c834d98ddfb568a26ee4920b7431d384cbcbb069)
It is not necessary to clear previous keymap assignment, as `localectl set-keymap` will anyway overwrite the previous assignment. This drops the unnecessary restart of systemd-localed in the loop. The mkosi test image contains about 500~700 keymaps. The test performance is greatly improved by reducing the number of restarts, especially when the test is running with sanitizers. On Fedora 41 with sanitizers, Before: 1/1 systemd:integration-tests / TEST-73-LOCALE OK 1157.50s After: 1/1 systemd:integration-tests / TEST-73-LOCALE OK 104.43s (cherry picked from commit d8a3535) (cherry picked from commit 614a284f472c0f162f1ea93092c1b03646138f0b) (cherry picked from commit 593df05716174359dfc2d861fabed6e304974a1e)
(cherry picked from commit 0b0cb6f) (cherry picked from commit aba08e3edb180b620e5152cdbc2bd8922adc8680) (cherry picked from commit 6300dc3179a9f5657b755e38e2ddc96d9499a4dc)
…utside, 32bit inside, handle that properly (cherry picked from commit ed13622) (cherry picked from commit e3b16c73ae0263ded58297e0ed7a080c76217e71) (cherry picked from commit e40142c1abdff8475e689f219447d4093f3f2bae)
Closes #36839. (cherry picked from commit dadaad1) (cherry picked from commit 1c56f9ec438944ff46d1e3849b30d6ad6cbba237) (cherry picked from commit db50b5e50ed1e9fa1b70daafd23f1ce2538c5696)
(cherry picked from commit b065ff0) (cherry picked from commit 694aa0115d77e41dbda80891d8a4b766313adfae) (cherry picked from commit 00e48cb057cff5caa84ba532e67004faa25310fe)
(cherry picked from commit 7a468f2) (cherry picked from commit 2a35f220477ca655d1f49f119348e3f216405d54) (cherry picked from commit 47315320d5e165437eb63570c22557c72e09079b)
This changed in e3e6f99. Closes systemd/systemd#36761. (cherry picked from commit 4dd94e5) (cherry picked from commit 65b3d7f08a8ecf66164eaafba9e467e558e4cf59) (cherry picked from commit faa5d159df0b19ff03fcf6928a80a2e4d01011ae)
(cherry picked from commit 521b6bb) (cherry picked from commit 03605d767ffcd446da876a97de967d4d8b56272c) (cherry picked from commit 92d03c858c59b94d13049ff04da2135c1f22c4dd)
(cherry picked from commit 6941bf6) (cherry picked from commit 287ebf79ce6f13f0ee19baefd84be029d6e64315) (cherry picked from commit 85c0915904cdf7408429d132f6d1c3eccc0c2671)
When the test fails due to nvme-cli/kernel issues it's hard to report it upstream as there's not enough details, add verbose flags (cherry picked from commit ebc0514) (cherry picked from commit b87f618a30cb664326d2211d8dd7b30a442318b4) (cherry picked from commit 3747d200cc187a3365ef8b875b7f45cf6a5023d5)
Fixes #36908. (cherry picked from commit c70a113) (cherry picked from commit c4eeb99c2192e9318566d045af985712dfd3d02c) (cherry picked from commit 38f3c44762f67f633494c0a134968a22f2745e99)
(cherry picked from commit 75b16ac) (cherry picked from commit 0a0e4d9bf5817d8f9a36d8dbb4a0d8eaad43dc82) (cherry picked from commit f084ad2db957830f1bda55c0befa3c4780d08ed9)
…time (cherry picked from commit da24983) (cherry picked from commit 88a0d3dfcb7f5769ac1b1add3d66d9699252dfe0) (cherry picked from commit 37ada4a1f5cfd1ca191e228a0ece01a2035126d4)
…rent/child functions The test "hangs" and times out on some arm64 machines. It actually works as expected, but the machine has 2016 children under /sys/devices/system/memory/, and the tests do a double loop over this, which is slow enough to hit the 120 s limit. Add a limit on the number of iterations. Another option would be to exclude "memory" subsystem. But we may have other subsystems which have the same problem in the future, so I think it'll be more robust to not try to limit the fix to a specific subsystem. (cherry picked from commit 74cb65e) (cherry picked from commit e35435b0a11e6c61c8c43b0cf8dc65a563b4a670) (cherry picked from commit 1f71726206006ff18ea0f96b109faff37dcc48f2)
(cherry picked from commit 2fb438c) (cherry picked from commit a9b4a0f3a56ffaa96d0e9824446bf15588ed6ff0) (cherry picked from commit f50eca199f37d87c27a18cc91d3059eb7b46ef6f)
bind9 9.21 removed the deprecated 'managed-keys', swap it with 'trust-anchors' if the version is 9.21 or newer [ 20.654086] TEST-75-RESOLVED.sh[1217]: + delv -a /etc/bind.keys @ns1.unsigned.test signed.test [ 20.654425] TEST-75-RESOLVED.sh[1218]: + tee /tmp/tmp.D4LNomAKqY [ 20.672599] TEST-75-RESOLVED.sh[1218]: ;; /etc/bind.keys:1: option 'managed-keys' no longer exists (cherry picked from commit 5f8e529) (cherry picked from commit 85df0981b27c59649fa75916ba1efb4fe820a4dd) (cherry picked from commit 80d4bc9577d8f3fda68e3eb25d4dba8cb8ba47f0)
(cherry picked from commit e8939eb) (cherry picked from commit 8acffbf0abfcaa4de82a81e62d0acee7b896f122) (cherry picked from commit acb447f2c389a6cf0d2cd454e43b89498a174c8c)
The functions `sd_bus_emit_interfaces_added_strv`, `sd_bus_emit_interfaces_removed_strv` and `sd_bus_emit_properties_changed_strv` take an `char **` not `const char **` as last argument. See `src/systemd/sd-bus.h` for the function definition. (cherry picked from commit 3f75684) (cherry picked from commit 196a1c3ccb81033e1b54076ba984bfbbbe0dd9de) (cherry picked from commit 62a63713776037a1e054be1c7bd4aa1e7de4fa3d)
This updates the example output of list-sockets command. (cherry picked from commit f7586ab) (cherry picked from commit fc078eda7b0a53e0bac3450101c2a6027a6220f5) (cherry picked from commit f3b35f7daa52038cdcaadb227d8a8e4927f96556)
See runlevel_to_target() in src/shared/unit-file.c. (cherry picked from commit 70fd998) (cherry picked from commit 9e2a25fad629dd9d676c829b8b15e76bda6b5460) (cherry picked from commit 8fc23b469004a8e03d40c613d32dff14d3ad016a)
To make the test work even when systemd is built without SysV compat. (cherry picked from commit b4d5115) (cherry picked from commit 094865105c10534d6bda3003ffbbea02c00794fd) (cherry picked from commit 1efc8390517000f4ba24bfb706bb236bf59025c2)
(cherry picked from commit d93292b) (cherry picked from commit df3529008ef31b4312b7c7e6fab39868f6499a5a) (cherry picked from commit f71d4856a21ba5fe926f7207aacbfed36b6b0799)
`clock_nanosleep()` returns error codes directly, rather than using `errno`. Ensure that we use those codes, rather than checking for `<0`. (cherry picked from commit 8166075) (cherry picked from commit b61ef0b632991b6083c1bb19a014f4925629d8f7) (cherry picked from commit 2629f2a4928725135432510735bb9f9f71cf3df2)
The previous commit removed the UINT_MAX check for the fd array. Let's now re-add one, but at a better place, and with a more useful limit. As it turns out the kernel does not allow passing more than 253 fds at the same time, hence use that as limit. And do so immediately before calculating the control buffer size, so that we catch multiplication overflows. (cherry picked from commit cb42df5) (cherry picked from commit 3fe78b02280d11746afc979dfed561dbc3fc2554)
…arlink message 253 is the max number of fds one can send at once on a Linux AF_UNIX socket. Hence refuse to send more early. (cherry picked from commit 92c52a9) (cherry picked from commit d80f2b149cb282c9a0737a6cdf847be2ee81bfeb) (cherry picked from commit 9916985d8dc9d725aa2855327a49649e405deb7d)
Document effect of the SR-IOV section in .link vs .network files and restructure the SR-IOV section introduction for clarity. (cherry picked from commit 8e24558) (cherry picked from commit 3a668aae1398762438b9ffee75622e552f9d7f11) (cherry picked from commit f930bd1c74cc49dacf6d99e2ec4eff550f92d0ca)
Otherwise passing invalid data means asserts get hit instead of handling it gracefully. Other verbs already do the same checks. busctl get-property org.freedesktop.systemd1 '*' org.freedesktop.systemd1.Manager Version Assertion 'object_path_is_valid(path)' failed at src/libsystemd/sd-bus/bus-message.c:562, function sd_bus_message_new_method_call(). Aborting. Aborted (core dumped) (cherry picked from commit b16e6fd) (cherry picked from commit 6961d8ac6e0cc8d81c20c7de07595834ffabd556) (cherry picked from commit da7c0fc714a015dd9d7e8c1d622aa10f2f016111)
Document .link .network and .netdev file type distinctions in early introductory text, and document distro-specific need to sync link files with early-boot copies, see Debian bug 1005282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005282 for an example. (cherry picked from commit a50fa2a) (cherry picked from commit 1f654739f8a05110b68461cf483d5c07b2ef7723) (cherry picked from commit 1e96e999377b03e052a0379223e40255aa767df8)
(cherry picked from commit 0cf03a3) (cherry picked from commit e76121a0d2eb288ea02c61b9359b86053fd6ee5f) (cherry picked from commit a5fb520700e0501d9480336b1101578ca02e67ff)
Currently, Fedora's systemd RPM doesn't own systemenvgeneratordir (ie., /usr/lib/systemd/system-environment-generators) [1] because it's not created when systemd is installed. In contrast, userenvgeneratordir (ie., /usr/lib/systemd/user-environment-generators) is created, unless the environment-d Meson option is explicitly disabled. While this can be worked around elsewhere, it's better if the upstream build system created the directories consistently. It will avoid repetition, and prevent silly bugs or deviations from creeping in. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2284085 (cherry picked from commit ab46feb) (cherry picked from commit bd27edd3de9b3b30f7225994a799e46fba930568) (cherry picked from commit f38abc546d09f99eb011b2bfe8605ac7259baf02)
The existing text grew organically as features were added and was not very organized. Reorder it and break into paragraphs grouped by topic. The description of the :errno syntax is replaced by a short reference to the SystemCallErrorNumber= setting. This makes the text shorter and makes it easier to explain how the two settings combine. (cherry picked from commit 802d23f) (cherry picked from commit 0ff20b0486f39579c3296ff51c4f09515889a9f2) (cherry picked from commit 7e3a6097931f7e16e9d1c743fc34b4e0e4234d86)
The text is reordered and broken into more paragraphs. A recommendation to combine RestrictAddressFamilies= with SystemCallFilter=@service is added. (cherry picked from commit 2dc4e87) (cherry picked from commit 523197c2432b265275a3ec9ff76aa7f617e07eb7) (cherry picked from commit 5692ca2f5fdd51ff32bb27df0867cf3fde4c84bd)
On Linux, read() on a message queue descriptor returns the message queue statistics, not the actual message queue data. We need to use mq_receive() to drain the queues instead. Fixes a problem where a POSIX message queue socket unit with messages in the queue at shutdown time could result in a hang on reboot/shutdown. (cherry picked from commit ffb6adb) (cherry picked from commit 4ab235b029f2107ed53f6580a7b57a48b63b4035) (cherry picked from commit 5ac9982bda6429bceb64358f84f5174d4dd0a1b8)
(cherry picked from commit 0425fc5) (cherry picked from commit 764be0a316a5a8ac1cb46aa748c12c70e23355cb) (cherry picked from commit 0c6309e8e48fd541faf9489e551787506e3ed125)
…nt` (#37409) Co-authored-by: Eisuke Kawashima <e-kwsm@users.noreply.github.com> (cherry picked from commit 6d07d23) (cherry picked from commit 11c16d414ebbcb13e39971d90ece4a1e0db183d2) (cherry picked from commit 003a0bb9e3bfef9ab99ce409ea08d6fb544440d0)
(cherry picked from commit 5689365) (cherry picked from commit cca8e2077f982e5cf636137a92eb7f177a0b4a29) (cherry picked from commit ae2226ba0d62f9e3132a75639d96211680b337c2)
(cherry picked from commit 652e4dd) (cherry picked from commit 2d5982e4f2c76e41fa1d5524fcbcdfcbecdf656c) (cherry picked from commit f768adde986f08372be45648d90a972f2d0b6b89)
(cherry picked from commit 68b6289) (cherry picked from commit f9e68aa2b5dd14e0be29d13ea0c45f50bfe6b986) (cherry picked from commit bf275c73ee0e4293d710b90d467f693eb7d3581b)
The existing description was not *wrong*, but it was a bit muddled. Let's reorder the text to give a short intro and then describe what the options actually do and the clear "true" and "false" cases first, and then describe autodetection. Related to https://yeswehack.com/vulnerability-center/reports/346802. (cherry picked from commit 718dbdb) (cherry picked from commit d8659058f40186f07799bc2a8e624aece33412ac) (cherry picked from commit f75ad1137ef43bb7a65fd598c807945476631411)
$PAGER wasn't documented, but actually we treat it same as $SYSTEMD_PAGER, except for lower priority. And the two variables can be used to disable the pager, even if $SYSTEMD_PAGERSECURE is not set. Behaviour is (obviously) not changed by this patch, it intentionally just updates the docs to match the code. (cherry picked from commit b6b7817) (cherry picked from commit affb45d6b2dfdb3a87da2e0241be8c5c5c9a9d8f) (cherry picked from commit ab19d19d3e89a270e40b9b9cff845581d3d9e3a4)
This returns to the original approach proposed in systemd/systemd#17270. After review, the approach was changed to use sd_pid_get_owner_uid() instead. Back then, when running in a typical graphical session, sd_pid_get_owner_uid() would usually return the user UID, and when running under sudo, geteuid() would return 0, so we'd trigger the secure path. sudo may allocate a new session if is invoked outside of a session (depending on the PAM config). Since nowadays desktop environments usually start the user shell through user units, the typical shell in a terminal emulator is not part of a session, and when sudo is invoked, a new session is allocated, and sd_pid_get_owner_uid() returns 0 too. Technically, the code still works as documented in the man page, but in the common case, it doesn't do the expected thing. $ build/test-sd-login |& rg 'get_(owner_uid|cgroup|session)' sd_pid_get_session(0) → No data available sd_pid_get_owner_uid(0) → 1000 sd_pid_get_cgroup(0) → /user.slice/user-1000.slice/user@1000.service/app.slice/app-ghostty-transient-5088.scope/surfaces/556FAF50BA40.scope $ sudo build/test-sd-login |& rg 'get_(owner_uid|cgroup|session)' sd_pid_get_session(0) → c289 sd_pid_get_owner_uid(0) → 0 sd_pid_get_cgroup(0) → /user.slice/user-0.slice/session-c289.scope I think it's worth checking for sudo because it is a common case used by users. There obviously are other mechanims, so the man page is extended to say that only some common mechanisms are supported, and to (again) recommend setting SYSTEMD_LESSSECURE explicitly. The other option would be to set "secure mode" by default. But this would create an inconvenience for users doing the right thing, running systemctl and other tools directly, because then they can't run privileged commands from the pager, e.g. to save the output to a file. (Or the user would need to explicitly set SYSTEMD_LESSSECURE. One option would be to set it always in the environment and to rely on sudo and other tools stripping it from the environment before running privileged code. But that is also fairly fragile and it obviously relies on the user doing a complicated setup to support a fairly common use case. I think this decreases usability of the system quite a bit. I don't think we should build solutions that work in priniciple, but are painfully inconvenient in common cases.) Fixes https://yeswehack.com/vulnerability-center/reports/346802. Also see polkit-org/polkit#562, which adds support for $SUDO_UID/$SUDO_GID to pkexec. (cherry picked from commit cd93478) (cherry picked from commit b93f53c122124582fa80ae246343791063d65074) (cherry picked from commit f3a13eca4ed6b4852153179a2197ee797bbbe898)
The tools from main are no longer compatible with images built in this stable branch. Ubuntu 24.04 ships with v255 which is good enough, so restore those binaries.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.