[systemd/f17] minimize the difference from 44-4, fix F17 blocker
Michal Schmidt
michich at fedoraproject.org
Tue Apr 24 00:36:39 UTC 2012
commit c5da69aa921b8cfced7e58733ac77e69743b2443
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Tue Apr 24 02:29:43 2012 +0200
minimize the difference from 44-4, fix F17 blocker
Revert most of the patches added in 44-5. F17 has 44-4 right now so let's
try to minimize the risk of breakage before GA release. Apply only:
- the fix for CVE-2012-1174
- the PAGE_SIZE build fix
- fix for a blocker bug (processes killed on libvirt restart, #805942)
Fixes for less important bugs will be pushed post F17 GA.
...E_SIZE-is-not-known-on-ppc-and-other-arch.patch | 6 +-
0002-man-fix-parameter-name-for-sd_uid_xxx.patch | 62 -
...ow-passing-more-than-one-config-file-name.patch | 68 -
...lace-control-command-in-subcgroup-control.patch | 574 +++++++
...d-drop-lib-from-search-path-if-we-don-t-h.patch | 55 -
...ccept-multiple-passed-configuration-files.patch | 76 -
0006-man-updates-to-sysctl.d-5.patch | 92 --
...ct-with-immediate-rotation-to-a-couple-of.patch | 49 -
...nt-the-securityfs-filesystem-at-early-sta.patch | 95 --
...d-support-for-loading-IMA-custom-policies.patch | 281 ----
0011-man-systemd-cat-1-typo-fix.patch | 24 -
0012-binfmt-fix-apply-loop.patch | 24 -
...d-sparse-support-to-detect-endianness-bug.patch | 379 -----
0014-update-TODO.patch | 23 -
...d-extend-comment-about-X11-socket-symlink.patch | 26 -
...close-FIFO-before-ending-sessions-cleanly.patch | 154 --
...an-minor-typo-in-reference-to-manual-page.patch | 23 -
0018-build-sys-fix-make-dist-check.patch | 25 -
...loginctl-drop-systemd-prefix-in-binary-na.patch | 1724 --------------------
0020-build-sys-do-not-set-CFLAGS-directly.patch | 135 --
0021-build-sys-separate-ldflags-from-cflags.patch | 43 -
0022-man-don-t-claim-f-was-short-for-follow.patch | 22 -
0023-journalctl-add-local-switch.patch | 103 --
0024-cat-fix-priority-type.patch | 24 -
...t-rid-of-var-run.mount-and-var-lock.mount.patch | 121 --
...perly-handle-if-we-interleave-files-with-.patch | 38 -
...ob-fix-loss-of-ordering-with-restart-jobs.patch | 144 --
...-debug-prints-where-job-type-gets-changed.patch | 67 -
systemd.spec | 44 +-
29 files changed, 593 insertions(+), 3908 deletions(-)
---
diff --git a/0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch b/0002-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
similarity index 92%
rename from 0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
rename to 0002-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
index 43f5f20..fd191a9 100644
--- a/0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
+++ b/0002-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
@@ -1,4 +1,4 @@
-From 618df2ac0d2343694e5eddda2e0899cdd9aeaab3 Mon Sep 17 00:00:00 2001
+From f906d0aa8f75dd704706d52222c04a2aa714fa4a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart at poettering.net>
Date: Wed, 21 Mar 2012 23:47:44 +0100
Subject: [PATCH] journal: PAGE_SIZE is not known on ppc and other archs
@@ -10,7 +10,7 @@ Let's use NAME_MAX, as suggested by Dan Walsh
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/journal/journald.c b/src/journal/journald.c
-index d27cb60..87390bd 100644
+index baad3ab..f9694cb 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -29,7 +29,6 @@
@@ -21,7 +21,7 @@ index d27cb60..87390bd 100644
#include <systemd/sd-journal.h>
#include <systemd/sd-login.h>
-@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) {
+@@ -2141,10 +2140,20 @@ static int process_event(Server *s, struct epoll_event *ev) {
size_t label_len = 0;
union {
struct cmsghdr cmsghdr;
diff --git a/0003-service-place-control-command-in-subcgroup-control.patch b/0003-service-place-control-command-in-subcgroup-control.patch
new file mode 100644
index 0000000..d9fa33b
--- /dev/null
+++ b/0003-service-place-control-command-in-subcgroup-control.patch
@@ -0,0 +1,574 @@
+From 015a571a7076644648e46b3fba89fdb69a6adf54 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart at poettering.net>
+Date: Fri, 13 Apr 2012 23:24:47 +0200
+Subject: [PATCH] service: place control command in subcgroup control/
+
+Previously, we were brutally and onconditionally killing all processes
+in a service's cgroup before starting the service anew, in order to
+ensure that StartPre lines cannot be misused to spawn long-running
+processes.
+
+On logind-less systems this has the effect that restarting sshd
+necessarily calls all active ssh sessions, which is usually not
+desirable.
+
+With this patch control processes for a service are placed in a
+sub-cgroup called "control/". When starting a service anew we simply
+kill this cgroup, but not the main cgroup, in order to avoid killing any
+long-running non-control processes from previous runs.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=805942
+(cherry picked from commit ecedd90fcdf647f9a7b56b4934b65e30b2979b04)
+
+Conflicts:
+
+ TODO
+---
+ src/cgroup.c | 52 ++++++++++++++---
+ src/cgroup.h | 8 +-
+ src/execute.c | 5 +-
+ src/execute.h | 1 +
+ src/mount.c | 7 ++-
+ src/service.c | 175 +++++++++++++++++++++++++++++++-------------------------
+ src/socket.c | 7 ++-
+ src/swap.c | 7 ++-
+ 8 files changed, 163 insertions(+), 99 deletions(-)
+
+diff --git a/src/cgroup.c b/src/cgroup.c
+index 1f6139e..a4eb6ed 100644
+--- a/src/cgroup.c
++++ b/src/cgroup.c
+@@ -108,26 +108,43 @@ void cgroup_bonding_trim_list(CGroupBonding *first, bool delete_root) {
+ cgroup_bonding_trim(b, delete_root);
+ }
+
+-int cgroup_bonding_install(CGroupBonding *b, pid_t pid) {
++
++int cgroup_bonding_install(CGroupBonding *b, pid_t pid, const char *cgroup_suffix) {
++ char *p = NULL;
++ const char *path;
+ int r;
+
+ assert(b);
+ assert(pid >= 0);
+
+- if ((r = cg_create_and_attach(b->controller, b->path, pid)) < 0)
++ if (cgroup_suffix) {
++ p = join(b->path, "/", cgroup_suffix, NULL);
++ if (!p)
++ return -ENOMEM;
++
++ path = p;
++ } else
++ path = b->path;
++
++ r = cg_create_and_attach(b->controller, path, pid);
++ free(p);
++
++ if (r < 0)
+ return r;
+
+ b->realized = true;
+ return 0;
+ }
+
+-int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid) {
++int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid, const char *cgroup_suffix) {
+ CGroupBonding *b;
+ int r;
+
+- LIST_FOREACH(by_unit, b, first)
+- if ((r = cgroup_bonding_install(b, pid)) < 0 && b->essential)
++ LIST_FOREACH(by_unit, b, first) {
++ r = cgroup_bonding_install(b, pid, cgroup_suffix);
++ if (r < 0 && b->essential)
+ return r;
++ }
+
+ return 0;
+ }
+@@ -176,7 +193,11 @@ int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t
+ return 0;
+ }
+
+-int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) {
++int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s, const char *cgroup_suffix) {
++ char *p = NULL;
++ const char *path;
++ int r;
++
+ assert(b);
+ assert(sig >= 0);
+
+@@ -184,10 +205,22 @@ int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) {
+ if (!b->ours)
+ return 0;
+
+- return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s);
++ if (cgroup_suffix) {
++ p = join(b->path, "/", cgroup_suffix, NULL);
++ if (!p)
++ return -ENOMEM;
++
++ path = p;
++ } else
++ path = b->path;
++
++ r = cg_kill_recursive(b->controller, path, sig, sigcont, true, false, s);
++ free(p);
++
++ return r;
+ }
+
+-int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) {
++int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s, const char *cgroup_suffix) {
+ CGroupBonding *b;
+ Set *allocated_set = NULL;
+ int ret = -EAGAIN, r;
+@@ -200,7 +233,8 @@ int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s
+ return -ENOMEM;
+
+ LIST_FOREACH(by_unit, b, first) {
+- if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) {
++ r = cgroup_bonding_kill(b, sig, sigcont, s, cgroup_suffix);
++ if (r < 0) {
+ if (r == -EAGAIN || r == -ESRCH)
+ continue;
+
+diff --git a/src/cgroup.h b/src/cgroup.h
+index 5faa7dc..35ae52b 100644
+--- a/src/cgroup.h
++++ b/src/cgroup.h
+@@ -56,8 +56,8 @@ int cgroup_bonding_realize_list(CGroupBonding *first);
+ void cgroup_bonding_free(CGroupBonding *b, bool trim);
+ void cgroup_bonding_free_list(CGroupBonding *first, bool trim);
+
+-int cgroup_bonding_install(CGroupBonding *b, pid_t pid);
+-int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid);
++int cgroup_bonding_install(CGroupBonding *b, pid_t pid, const char *suffix);
++int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid, const char *suffix);
+
+ int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid);
+ int cgroup_bonding_set_group_access_list(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid);
+@@ -65,8 +65,8 @@ int cgroup_bonding_set_group_access_list(CGroupBonding *b, mode_t mode, uid_t ui
+ int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid, int sticky);
+ int cgroup_bonding_set_task_access_list(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid, int sticky);
+
+-int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s);
+-int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s);
++int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s, const char *suffix);
++int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s, const char *suffix);
+
+ void cgroup_bonding_trim(CGroupBonding *first, bool delete_root);
+ void cgroup_bonding_trim_list(CGroupBonding *first, bool delete_root);
+diff --git a/src/execute.c b/src/execute.c
+index dab4856..14a3efb 100644
+--- a/src/execute.c
++++ b/src/execute.c
+@@ -961,6 +961,7 @@ int exec_spawn(ExecCommand *command,
+ bool confirm_spawn,
+ CGroupBonding *cgroup_bondings,
+ CGroupAttribute *cgroup_attributes,
++ const char *cgroup_suffix,
+ pid_t *ret) {
+
+ pid_t pid;
+@@ -1153,7 +1154,7 @@ int exec_spawn(ExecCommand *command,
+ }
+
+ if (cgroup_bondings) {
+- err = cgroup_bonding_install_list(cgroup_bondings, 0);
++ err = cgroup_bonding_install_list(cgroup_bondings, 0, cgroup_suffix);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+@@ -1504,7 +1505,7 @@ int exec_spawn(ExecCommand *command,
+ * sure that when we kill the cgroup the process will be
+ * killed too). */
+ if (cgroup_bondings)
+- cgroup_bonding_install_list(cgroup_bondings, pid);
++ cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix);
+
+ log_debug("Forked %s as %lu", command->path, (unsigned long) pid);
+
+diff --git a/src/execute.h b/src/execute.h
+index 0d7e7dd..b8522a0 100644
+--- a/src/execute.h
++++ b/src/execute.h
+@@ -192,6 +192,7 @@ int exec_spawn(ExecCommand *command,
+ bool confirm_spawn,
+ struct CGroupBonding *cgroup_bondings,
+ struct CGroupAttribute *cgroup_attributes,
++ const char *cgroup_suffix,
+ pid_t *ret);
+
+ void exec_command_done(ExecCommand *c);
+diff --git a/src/mount.c b/src/mount.c
+index ed0f819..a46edf4 100644
+--- a/src/mount.c
++++ b/src/mount.c
+@@ -804,6 +804,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
+ UNIT(m)->manager->confirm_spawn,
+ UNIT(m)->cgroup_bondings,
+ UNIT(m)->cgroup_attributes,
++ NULL,
+ &pid)) < 0)
+ goto fail;
+
+@@ -874,7 +875,8 @@ static void mount_enter_signal(Mount *m, MountState state, MountResult f) {
+ if ((r = set_put(pid_set, LONG_TO_PTR(m->control_pid))) < 0)
+ goto fail;
+
+- if ((r = cgroup_bonding_kill_list(UNIT(m)->cgroup_bondings, sig, true, pid_set)) < 0) {
++ r = cgroup_bonding_kill_list(UNIT(m)->cgroup_bondings, sig, true, pid_set, NULL);
++ if (r < 0) {
+ if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+ log_warning("Failed to kill control group: %s", strerror(-r));
+ } else if (r > 0)
+@@ -1832,7 +1834,8 @@ static int mount_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError
+ goto finish;
+ }
+
+- if ((q = cgroup_bonding_kill_list(UNIT(m)->cgroup_bondings, signo, false, pid_set)) < 0)
++ q = cgroup_bonding_kill_list(UNIT(m)->cgroup_bondings, signo, false, pid_set, NULL);
++ if (q < 0)
+ if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+ r = q;
+ }
+diff --git a/src/service.c b/src/service.c
+index 8b5c0b0..807ffb9 100644
+--- a/src/service.c
++++ b/src/service.c
+@@ -1686,6 +1686,7 @@ static int service_spawn(
+ bool apply_chroot,
+ bool apply_tty_stdin,
+ bool set_notify_socket,
++ bool is_control,
+ pid_t *_pid) {
+
+ pid_t pid;
+@@ -1767,6 +1768,7 @@ static int service_spawn(
+ UNIT(s)->manager->confirm_spawn,
+ UNIT(s)->cgroup_bondings,
+ UNIT(s)->cgroup_attributes,
++ is_control ? "control" : NULL,
+ &pid);
+
+ if (r < 0)
+@@ -1886,15 +1888,17 @@ static void service_enter_stop_post(Service *s, ServiceResult f) {
+ if ((s->control_command = s->exec_command[SERVICE_EXEC_STOP_POST])) {
+ s->control_command_id = SERVICE_EXEC_STOP_POST;
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- true,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ true,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+
+@@ -1952,7 +1956,8 @@ static void service_enter_signal(Service *s, ServiceState state, ServiceResult f
+ if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
+ goto fail;
+
+- if ((r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set)) < 0) {
++ r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set, NULL);
++ if (r < 0) {
+ if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+ log_warning("Failed to kill control group: %s", strerror(-r));
+ } else if (r > 0)
+@@ -2001,15 +2006,17 @@ static void service_enter_stop(Service *s, ServiceResult f) {
+ if ((s->control_command = s->exec_command[SERVICE_EXEC_STOP])) {
+ s->control_command_id = SERVICE_EXEC_STOP;
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- false,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ false,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ service_set_state(s, SERVICE_STOP);
+@@ -2054,15 +2061,17 @@ static void service_enter_start_post(Service *s) {
+ if ((s->control_command = s->exec_command[SERVICE_EXEC_START_POST])) {
+ s->control_command_id = SERVICE_EXEC_START_POST;
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- false,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ false,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ service_set_state(s, SERVICE_START_POST);
+@@ -2094,7 +2103,7 @@ static void service_enter_start(Service *s) {
+ /* We want to ensure that nobody leaks processes from
+ * START_PRE here, so let's go on a killing spree, People
+ * should not spawn long running processes from START_PRE. */
+- cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
++ cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL, "control");
+
+ if (s->type == SERVICE_FORKING) {
+ s->control_command_id = SERVICE_EXEC_START;
+@@ -2108,15 +2117,17 @@ static void service_enter_start(Service *s) {
+ c = s->main_command = s->exec_command[SERVICE_EXEC_START];
+ }
+
+- if ((r = service_spawn(s,
+- c,
+- s->type == SERVICE_FORKING || s->type == SERVICE_DBUS || s->type == SERVICE_NOTIFY,
+- true,
+- true,
+- true,
+- true,
+- s->notify_access != NOTIFY_NONE,
+- &pid)) < 0)
++ r = service_spawn(s,
++ c,
++ s->type == SERVICE_FORKING || s->type == SERVICE_DBUS || s->type == SERVICE_NOTIFY,
++ true,
++ true,
++ true,
++ true,
++ s->notify_access != NOTIFY_NONE,
++ false,
++ &pid);
++ if (r < 0)
+ goto fail;
+
+ if (s->type == SERVICE_SIMPLE) {
+@@ -2168,19 +2179,21 @@ static void service_enter_start_pre(Service *s) {
+
+ /* Before we start anything, let's clear up what might
+ * be left from previous runs. */
+- cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
++ cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL, "control");
+
+ s->control_command_id = SERVICE_EXEC_START_PRE;
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- true,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ true,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ service_set_state(s, SERVICE_START_PRE);
+@@ -2233,15 +2246,17 @@ static void service_enter_reload(Service *s) {
+ if ((s->control_command = s->exec_command[SERVICE_EXEC_RELOAD])) {
+ s->control_command_id = SERVICE_EXEC_RELOAD;
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- false,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ false,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ service_set_state(s, SERVICE_RELOAD);
+@@ -2268,16 +2283,18 @@ static void service_run_next_control(Service *s) {
+ s->control_command = s->control_command->command_next;
+ service_unwatch_control_pid(s);
+
+- if ((r = service_spawn(s,
+- s->control_command,
+- true,
+- false,
+- !s->permissions_start_only,
+- !s->root_directory_start_only,
+- s->control_command_id == SERVICE_EXEC_START_PRE ||
+- s->control_command_id == SERVICE_EXEC_STOP_POST,
+- false,
+- &s->control_pid)) < 0)
++ r = service_spawn(s,
++ s->control_command,
++ true,
++ false,
++ !s->permissions_start_only,
++ !s->root_directory_start_only,
++ s->control_command_id == SERVICE_EXEC_START_PRE ||
++ s->control_command_id == SERVICE_EXEC_STOP_POST,
++ false,
++ true,
++ &s->control_pid);
++ if (r < 0)
+ goto fail;
+
+ return;
+@@ -2310,15 +2327,17 @@ static void service_run_next_main(Service *s) {
+ s->main_command = s->main_command->command_next;
+ service_unwatch_main_pid(s);
+
+- if ((r = service_spawn(s,
+- s->main_command,
+- false,
+- true,
+- true,
+- true,
+- true,
+- s->notify_access != NOTIFY_NONE,
+- &pid)) < 0)
++ r = service_spawn(s,
++ s->main_command,
++ false,
++ true,
++ true,
++ true,
++ true,
++ s->notify_access != NOTIFY_NONE,
++ false,
++ &pid);
++ if (r < 0)
+ goto fail;
+
+ service_set_main_pid(s, pid);
+@@ -3644,8 +3663,8 @@ static int service_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusErro
+ r = q;
+ goto finish;
+ }
+-
+- if ((q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set)) < 0)
++ q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set, NULL);
++ if (q < 0)
+ if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+ r = q;
+ }
+diff --git a/src/socket.c b/src/socket.c
+index 1cd98e2..5df5b11 100644
+--- a/src/socket.c
++++ b/src/socket.c
+@@ -1149,6 +1149,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ UNIT(s)->manager->confirm_spawn,
+ UNIT(s)->cgroup_bondings,
+ UNIT(s)->cgroup_attributes,
++ NULL,
+ &pid);
+
+ strv_free(argv);
+@@ -1239,7 +1240,8 @@ static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
+ if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
+ goto fail;
+
+- if ((r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set)) < 0) {
++ r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set, NULL);
++ if (r < 0) {
+ if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+ log_warning("Failed to kill control group: %s", strerror(-r));
+ } else if (r > 0)
+@@ -2125,7 +2127,8 @@ static int socket_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError
+ goto finish;
+ }
+
+- if ((q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set)) < 0)
++ q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set, NULL);
++ if (q < 0)
+ if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+ r = q;
+ }
+diff --git a/src/swap.c b/src/swap.c
+index 9c72732..2d39b4c 100644
+--- a/src/swap.c
++++ b/src/swap.c
+@@ -621,6 +621,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
+ UNIT(s)->manager->confirm_spawn,
+ UNIT(s)->cgroup_bondings,
+ UNIT(s)->cgroup_attributes,
++ NULL,
+ &pid)) < 0)
+ goto fail;
+
+@@ -690,7 +691,8 @@ static void swap_enter_signal(Swap *s, SwapState state, SwapResult f) {
+ if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
+ goto fail;
+
+- if ((r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set)) < 0) {
++ r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set, NULL);
++ if (r < 0) {
+ if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
+ log_warning("Failed to kill control group: %s", strerror(-r));
+ } else if (r > 0)
+@@ -1321,7 +1323,8 @@ static int swap_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError *
+ goto finish;
+ }
+
+- if ((q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set)) < 0)
++ q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set, NULL);
++ if (q < 0)
+ if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+ r = q;
+ }
diff --git a/systemd.spec b/systemd.spec
index 6ad102c..008ce92 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -3,7 +3,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 44
-Release: 5%{?gitcommit:.git%{gitcommit}}%{?dist}
+Release: 6%{?gitcommit:.git%{gitcommit}}%{?dist}
License: GPLv2+
Group: System Environment/Base
Summary: A System and Service Manager
@@ -59,33 +59,8 @@ Source3: udlfb.conf
# Stop-gap, just to ensure things work fine with rsyslog without having to change the package right-away
Source4: listen.conf
Patch0001: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
-Patch0002: 0002-man-fix-parameter-name-for-sd_uid_xxx.patch
-Patch0003: 0003-bmfmt-allow-passing-more-than-one-config-file-name.patch
-Patch0004: 0004-modules-load-drop-lib-from-search-path-if-we-don-t-h.patch
-Patch0005: 0005-sysctl-accept-multiple-passed-configuration-files.patch
-Patch0006: 0006-man-updates-to-sysctl.d-5.patch
-Patch0007: 0007-journal-react-with-immediate-rotation-to-a-couple-of.patch
-Patch0008: 0008-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
-Patch0009: 0009-systemd-mount-the-securityfs-filesystem-at-early-sta.patch
-Patch0010: 0010-main-added-support-for-loading-IMA-custom-policies.patch
-Patch0011: 0011-man-systemd-cat-1-typo-fix.patch
-Patch0012: 0012-binfmt-fix-apply-loop.patch
-Patch0013: 0013-add-sparse-support-to-detect-endianness-bug.patch
-Patch0014: 0014-update-TODO.patch
-Patch0015: 0015-logind-extend-comment-about-X11-socket-symlink.patch
-Patch0016: 0016-logind-close-FIFO-before-ending-sessions-cleanly.patch
-Patch0017: 0017-man-minor-typo-in-reference-to-manual-page.patch
-Patch0018: 0018-build-sys-fix-make-dist-check.patch
-Patch0019: 0019-journalctl-loginctl-drop-systemd-prefix-in-binary-na.patch
-Patch0020: 0020-build-sys-do-not-set-CFLAGS-directly.patch
-Patch0021: 0021-build-sys-separate-ldflags-from-cflags.patch
-Patch0022: 0022-man-don-t-claim-f-was-short-for-follow.patch
-Patch0023: 0023-journalctl-add-local-switch.patch
-Patch0024: 0024-cat-fix-priority-type.patch
-Patch0025: 0025-units-get-rid-of-var-run.mount-and-var-lock.mount.patch
-Patch0026: 0026-journal-properly-handle-if-we-interleave-files-with-.patch
-Patch0027: 0027-job-fix-loss-of-ordering-with-restart-jobs.patch
-Patch0028: 0028-job-add-debug-prints-where-job-type-gets-changed.patch
+Patch0002: 0002-journal-PAGE_SIZE-is-not-known-on-ppc-and-other-arch.patch
+Patch0003: 0003-service-place-control-command-in-subcgroup-control.patch
# For sysvinit tools
Obsoletes: SysVinit < 2.86-24, sysvinit < 2.86-24
@@ -240,6 +215,11 @@ rm -f %{buildroot}%{_prefix}/lib/sysctl.d/coredump.conf
# Let rsyslog read from /proc/kmsg for now
sed -i -e 's/\#ImportKernel=yes/ImportKernel=no/' %{buildroot}%{_sysconfdir}/systemd/systemd-journald.conf
+# Add forward-compatible command names
+ln -s systemd-loginctl %{buildroot}%{_bindir}/loginctl
+ln -s systemd-journalctl %{buildroot}%{_bindir}/journalctl
+ln -s systemctl %{buildroot}%{_bindir}/systemd-systemctl
+
%post
/sbin/ldconfig
/usr/bin/systemd-machine-id-setup > /dev/null 2>&1 || :
@@ -450,6 +430,14 @@ mv /etc/systemd/system/default.target.save /etc/systemd/system/default.target >/
%{_bindir}/systemd-analyze
%changelog
+* Tue Apr 24 2012 Michal Schmidt <mschmidt at redhat.com> - 44-6
+- Revert most of the patches added in 44-5. F17 has 44-4 right now so let's
+ try to minimize the risk of breakage before GA release. Apply only:
+ - the fix for CVE-2012-1174
+ - the PAGE_SIZE build fix
+ - fix for a blocker bug (processes killed on libvirt restart, #805942)
+ Fixes for less important bugs will be pushed post F17 GA.
+
* Fri Mar 30 2012 Michal Schmidt <mschmidt at redhat.com> - 44-5
- Post-v44 patches from upstream git, except the changes of /media, /tmp
mountpoints and the gtk removal.
More information about the scm-commits
mailing list