diff options
| -rw-r--r-- | meta/recipes-core/systemd/systemd-boot_243.4.bb (renamed from meta/recipes-core/systemd/systemd-boot_243.2.bb) | 0 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd.inc | 4 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch | 88 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch | 152 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch | 42 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch | 45 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd_243.4.bb (renamed from meta/recipes-core/systemd/systemd_243.2.bb) | 4 |
9 files changed, 45 insertions, 354 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot_243.2.bb b/meta/recipes-core/systemd/systemd-boot_243.4.bb index 515abc289b..515abc289b 100644 --- a/meta/recipes-core/systemd/systemd-boot_243.2.bb +++ b/meta/recipes-core/systemd/systemd-boot_243.4.bb diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 18f17d28ac..2fca6dca64 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -14,8 +14,10 @@ LICENSE = "GPLv2 & LGPLv2.1" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "fab6f010ac6c3bc93a10868de722d7c8c3622eb9" +SRCREV = "70e8c1978a9a688662eb1b3983370dd1cc415083" SRCBRANCH = "v243-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" +PV = "243.4+git${SRCPV}" + S = "${WORKDIR}/git" diff --git a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch index 73e65ff798..ea37680221 100644 --- a/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch +++ b/meta/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch @@ -24,10 +24,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> units/systemd-binfmt.service.in | 4 ++++ 3 files changed, 9 insertions(+), 4 deletions(-) -diff --git a/units/meson.build b/units/meson.build -index e1ee9f86c3..6bb7771b36 100644 ---- a/units/meson.build -+++ b/units/meson.build +Index: systemd-stable/units/meson.build +=================================================================== +--- systemd-stable.orig/units/meson.build ++++ systemd-stable/units/meson.build @@ -46,8 +46,7 @@ units = [ ['poweroff.target', '', 'runlevel0.target'], @@ -48,10 +48,10 @@ index e1ee9f86c3..6bb7771b36 100644 ['systemd-bless-boot.service', 'ENABLE_EFI HAVE_BLKID'], ['systemd-boot-check-no-failures.service', ''], ['systemd-boot-system-token.service', 'ENABLE_EFI', -diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount -index 30a6bc9918..4231f3b70f 100644 ---- a/units/proc-sys-fs-binfmt_misc.automount -+++ b/units/proc-sys-fs-binfmt_misc.automount +Index: systemd-stable/units/proc-sys-fs-binfmt_misc.automount +=================================================================== +--- systemd-stable.orig/units/proc-sys-fs-binfmt_misc.automount ++++ systemd-stable/units/proc-sys-fs-binfmt_misc.automount @@ -18,3 +18,6 @@ ConditionPathIsReadWrite=/proc/sys/ [Automount] @@ -59,19 +59,19 @@ index 30a6bc9918..4231f3b70f 100644 + +[Install] +WantedBy=sysinit.target -diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in -index e940c7c9ad..6be7f5cc9b 100644 ---- a/units/systemd-binfmt.service.in -+++ b/units/systemd-binfmt.service.in -@@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.htm +Index: systemd-stable/units/systemd-binfmt.service.in +=================================================================== +--- systemd-stable.orig/units/systemd-binfmt.service.in ++++ systemd-stable/units/systemd-binfmt.service.in +@@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems DefaultDependencies=no Conflicts=shutdown.target +Wants=proc-sys-fs-binfmt_misc.automount After=proc-sys-fs-binfmt_misc.automount + After=proc-sys-fs-binfmt_misc.mount Before=sysinit.target shutdown.target - ConditionPathIsReadWrite=/proc/sys/ -@@ -28,3 +29,6 @@ Type=oneshot +@@ -29,3 +30,6 @@ Type=oneshot RemainAfterExit=yes ExecStart=@rootlibexecdir@/systemd-binfmt TimeoutSec=90s diff --git a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch index 2f4daf8665..d6d68a09ac 100644 --- a/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch +++ b/meta/recipes-core/systemd/systemd/0001-do-not-disable-buffer-in-writing-files.patch @@ -38,11 +38,9 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com> src/vconsole/vconsole-setup.c | 2 +- 17 files changed, 36 insertions(+), 36 deletions(-) -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 7b5839ccd6..18f6e8ffc8 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c -@@ -860,7 +860,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { +@@ -860,7 +860,7 @@ int cg_attach(const char *controller, co xsprintf(c, PID_FMT "\n", pid); @@ -51,7 +49,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) return r; -@@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { +@@ -1142,7 +1142,7 @@ int cg_install_release_agent(const char sc = strstrip(contents); if (isempty(sc)) { @@ -60,7 +58,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) return r; } else if (!path_equal(sc, agent)) -@@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { +@@ -1160,7 +1160,7 @@ int cg_install_release_agent(const char sc = strstrip(contents); if (streq(sc, "0")) { @@ -69,7 +67,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) return r; -@@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const char *controller) { +@@ -1187,7 +1187,7 @@ int cg_uninstall_release_agent(const cha if (r < 0) return r; @@ -78,7 +76,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) return r; -@@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const char *controller) { +@@ -1197,7 +1197,7 @@ int cg_uninstall_release_agent(const cha if (r < 0) return r; @@ -87,7 +85,7 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) return r; -@@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri +@@ -2053,7 +2053,7 @@ int cg_set_attribute(const char *control if (r < 0) return r; @@ -105,11 +103,9 @@ index 7b5839ccd6..18f6e8ffc8 100644 if (r < 0) { log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); -diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c -index 42ce53d5aa..57512532a6 100644 --- a/src/basic/procfs-util.c +++ b/src/basic/procfs-util.c -@@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limit) { +@@ -86,13 +86,13 @@ int procfs_tasks_set_limit(uint64_t limi * decrease it, as threads-max is the much more relevant sysctl. */ if (limit > pid_max-1) { sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ @@ -125,11 +121,9 @@ index 42ce53d5aa..57512532a6 100644 if (r < 0) { uint64_t threads_max; -diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c -index 123d00e13e..e7ea78f349 100644 --- a/src/basic/smack-util.c +++ b/src/basic/smack-util.c -@@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { +@@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const return 0; p = procfs_file_alloca(pid, "attr/current"); @@ -138,8 +132,6 @@ index 123d00e13e..e7ea78f349 100644 if (r < 0) return r; -diff --git a/src/basic/util.c b/src/basic/util.c -index 93d610bc98..97dca64f73 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -294,7 +294,7 @@ void disable_coredumps(void) { @@ -151,11 +143,9 @@ index 93d610bc98..97dca64f73 100644 if (r < 0) log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); } -diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c -index aa9d811f2e..8c7f2dae7a 100644 --- a/src/binfmt/binfmt.c +++ b/src/binfmt/binfmt.c -@@ -48,7 +48,7 @@ static int delete_rule(const char *rule) { +@@ -48,7 +48,7 @@ static int delete_rule(const char *rule) if (!fn) return log_oom(); @@ -164,7 +154,7 @@ index aa9d811f2e..8c7f2dae7a 100644 } static int apply_rule(const char *rule) { -@@ -56,7 +56,7 @@ static int apply_rule(const char *rule) { +@@ -56,7 +56,7 @@ static int apply_rule(const char *rule) (void) delete_rule(rule); @@ -182,11 +172,9 @@ index aa9d811f2e..8c7f2dae7a 100644 STRV_FOREACH(f, files) { k = apply_file(*f, true); -diff --git a/src/core/main.c b/src/core/main.c -index bcce7178a8..4199cedab9 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1285,7 +1285,7 @@ static int bump_unix_max_dgram_qlen(void) { +@@ -1303,7 +1303,7 @@ static int bump_unix_max_dgram_qlen(void if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) return 0; @@ -195,7 +183,7 @@ index bcce7178a8..4199cedab9 100644 if (r < 0) return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump AF_UNIX datagram queue length, ignoring: %m"); -@@ -1509,7 +1509,7 @@ static void initialize_core_pattern(bool skip_setup) { +@@ -1527,7 +1527,7 @@ static void initialize_core_pattern(bool if (getpid_cached() != 1) return; @@ -204,11 +192,9 @@ index bcce7178a8..4199cedab9 100644 if (r < 0) log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern); } -diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c -index b95e6239d4..fdbdaaaccb 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c -@@ -325,17 +325,17 @@ int mac_smack_setup(bool *loaded_policy) { +@@ -327,17 +327,17 @@ int mac_smack_setup(bool *loaded_policy) } #ifdef SMACK_RUN_LABEL @@ -230,8 +216,6 @@ index b95e6239d4..fdbdaaaccb 100644 if (r < 0) log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); #endif -diff --git a/src/hibernate-resume/hibernate-resume.c b/src/hibernate-resume/hibernate-resume.c -index 17e7cd1a00..87a7667716 100644 --- a/src/hibernate-resume/hibernate-resume.c +++ b/src/hibernate-resume/hibernate-resume.c @@ -45,7 +45,7 @@ int main(int argc, char *argv[]) { @@ -243,11 +227,9 @@ index 17e7cd1a00..87a7667716 100644 if (r < 0) { log_error_errno(r, "Failed to write '%s' to /sys/power/resume: %m", major_minor); return EXIT_FAILURE; -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index c4a7f2f3d3..bcac758284 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c -@@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, +@@ -1849,7 +1849,7 @@ _public_ int sd_device_set_sysattr_value if (!value) return -ENOMEM; @@ -256,11 +238,9 @@ index c4a7f2f3d3..bcac758284 100644 if (r < 0) { if (r == -ELOOP) return -EINVAL; -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index 30b9a66334..cc1d577933 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c -@@ -1325,7 +1325,7 @@ static int trigger_device(Manager *m, sd_device *d) { +@@ -1323,7 +1323,7 @@ static int trigger_device(Manager *m, sd if (!t) return -ENOMEM; @@ -269,11 +249,9 @@ index 30b9a66334..cc1d577933 100644 } return 0; -diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c -index 0462b46413..7c53d41483 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c -@@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { +@@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified fn = strjoina(tree, cgroup, "/cgroup.procs"); sprintf(pid_string, PID_FMT, pid); @@ -282,11 +260,9 @@ index 0462b46413..7c53d41483 100644 if (r < 0) { log_error_errno(r, "Failed to move process: %m"); goto finish; -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 2aec8041f0..841542f2f3 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -2357,7 +2357,7 @@ static int reset_audit_loginuid(void) { +@@ -2403,7 +2403,7 @@ static int reset_audit_loginuid(void) { if (streq(p, "4294967295")) return 0; @@ -295,7 +271,7 @@ index 2aec8041f0..841542f2f3 100644 if (r < 0) { log_error_errno(r, "Failed to reset audit login UID. This probably means that your kernel is too\n" -@@ -3566,13 +3566,13 @@ static int setup_uid_map(pid_t pid) { +@@ -3612,13 +3612,13 @@ static int setup_uid_map(pid_t pid) { xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); xsprintf(line, UID_FMT " " UID_FMT " " UID_FMT "\n", 0, arg_uid_shift, arg_uid_range); @@ -311,11 +287,9 @@ index 2aec8041f0..841542f2f3 100644 if (r < 0) return log_error_errno(r, "Failed to write GID map: %m"); -diff --git a/src/shared/sysctl-util.c b/src/shared/sysctl-util.c -index 93bdcf11bf..68cddb7a9f 100644 --- a/src/shared/sysctl-util.c +++ b/src/shared/sysctl-util.c -@@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, const char *ifname, const char *property, c +@@ -88,7 +88,7 @@ int sysctl_write_ip_property(int af, con log_debug("Setting '%s' to '%s'", p, value); @@ -324,11 +298,9 @@ index 93bdcf11bf..68cddb7a9f 100644 } int sysctl_read(const char *property, char **content) { -diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index b9fe96635d..f168d7f890 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -54,7 +54,7 @@ static int write_hibernate_location_info(void) { +@@ -54,7 +54,7 @@ static int write_hibernate_location_info /* if it's a swap partition, we just write the disk to /sys/power/resume */ if (streq(type, "partition")) { @@ -337,7 +309,7 @@ index b9fe96635d..f168d7f890 100644 if (r < 0) return log_debug_errno(r, "Failed to write partition device to /sys/power/resume: %m"); -@@ -98,14 +98,14 @@ static int write_hibernate_location_info(void) { +@@ -98,14 +98,14 @@ static int write_hibernate_location_info offset = fiemap->fm_extents[0].fe_physical / page_size(); xsprintf(offset_str, "%" PRIu64, offset); @@ -363,7 +335,7 @@ index b9fe96635d..f168d7f890 100644 if (k >= 0) return 0; -@@ -140,7 +140,7 @@ static int write_state(FILE **f, char **states) { +@@ -140,7 +140,7 @@ static int write_state(FILE **f, char ** STRV_FOREACH(state, states) { int k; @@ -372,24 +344,20 @@ index b9fe96635d..f168d7f890 100644 if (k >= 0) return 0; log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); -diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c -index 77d95e513f..25ce4abfb1 100644 --- a/src/udev/udevadm-trigger.c +++ b/src/udev/udevadm-trigger.c -@@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set *settle_se +@@ -43,7 +43,7 @@ static int exec_list(sd_device_enumerato if (!filename) return log_oom(); - r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER); + r = write_string_file(filename, action, 0); if (r < 0) { - log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, - "Failed to write '%s' to '%s': %m", action, filename); -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index cb5123042a..ea309a9e7f 100644 + bool ignore = IN_SET(r, -ENOENT, -EACCES, -ENODEV, -EROFS); + --- a/src/udev/udevd.c +++ b/src/udev/udevd.c -@@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_device *dev, const char *syspath) { +@@ -1113,7 +1113,7 @@ static int synthesize_change_one(sd_devi filename = strjoina(syspath, "/uevent"); log_device_debug(dev, "device is closed, synthesising 'change' on %s", syspath); @@ -398,11 +366,9 @@ index cb5123042a..ea309a9e7f 100644 if (r < 0) return log_device_debug_errno(dev, r, "Failed to write 'change' to %s: %m", filename); return 0; -diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c -index 75d052ae70..5a15c939d8 100644 --- a/src/vconsole/vconsole-setup.c +++ b/src/vconsole/vconsole-setup.c -@@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { +@@ -117,7 +117,7 @@ static int toggle_utf8_vc(const char *na static int toggle_utf8_sysfs(bool utf8) { int r; diff --git a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch b/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch deleted file mode 100644 index f359d2879b..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-seccomp-more-comprehensive-protection-against-libsec.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Thu, 14 Nov 2019 17:51:30 +0100 -Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's - __NR_xyz namespace invasion - -A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the -same conditioning for all cases of our __NR_xyz use. - -Fixes: #14031 - -Reference: -https://github.com/systemd/systemd/pull/14032/commits/62f66fdbcc33580467c01b1f149474b6c973df5a - -Upstream-Status: Backport - -Signed-off-by: Ming Liu <liu.ming50@gmail.com> ---- - src/basic/missing_syscall.h | 10 +++++----- - src/test/test-seccomp.c | 19 ++++++++++--------- - 2 files changed, 15 insertions(+), 14 deletions(-) - -diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h -index 6d9b125..1255d8b 100644 ---- a/src/basic/missing_syscall.h -+++ b/src/basic/missing_syscall.h -@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c - - #if !HAVE_KCMP - static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) { --# ifdef __NR_kcmp -+# if defined __NR_kcmp && __NR_kcmp > 0 - return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2); - # else - errno = ENOSYS; -@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i - - #if !HAVE_KEYCTL - static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { --# ifdef __NR_keyctl -+# if defined __NR_keyctl && __NR_keyctl > 0 - return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5); - # else - errno = ENOSYS; -@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg - } - - static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) { --# ifdef __NR_add_key -+# if defined __NR_add_key && __NR_add_key > 0 - return syscall(__NR_add_key, type, description, payload, plen, ringid); - # else - errno = ENOSYS; -@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip - } - - static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) { --# ifdef __NR_request_key -+# if defined __NR_request_key && __NR_request_key > 0 - return syscall(__NR_request_key, type, description, callout_info, destringid); - # else - errno = ENOSYS; -@@ -496,7 +496,7 @@ enum { - static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask, - unsigned long maxnode) { - long i; --# ifdef __NR_set_mempolicy -+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0 - i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode); - # else - errno = ENOSYS; -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 018c20f..c669204 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -28,7 +28,8 @@ - #include "tmpfile-util.h" - #include "virt.h" - --#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) -+/* __NR_socket may be invalid due to libseccomp */ -+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) - /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, - * and we can't restrict it hence via seccomp. */ - # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 -@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) { - assert_se(pid >= 0); - - if (pid == 0) { --#if __NR__sysctl > 0 -+#if defined __NR__sysctl && __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, NULL) < 0); - assert_se(errno == EFAULT); - #endif - - assert_se(seccomp_protect_sysctl() >= 0); - --#if __NR__sysctl > 0 -+#if defined __NR__sysctl && __NR__sysctl > 0 - assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); - assert_se(errno == EPERM); - #endif -@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) { - assert_se(poll(NULL, 0, 0) == 0); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(access) >= 0 -+#if defined __NR_access && __NR_access > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); -@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(access) >= 0 -+#if defined __NR_access && __NR_access > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0); -@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(poll) >= 0 -+#if defined __NR_poll && __NR_poll > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0); -@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) { - s = hashmap_free(s); - - assert_se(s = hashmap_new(NULL)); --#if SCMP_SYS(poll) >= 0 -+#if defined __NR_poll && __NR_poll > 0 - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0); - #else - assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0); -@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) { - * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On - * other architectures, let's just fall back to the glibc call. */ - --#ifdef SYS_open -- return (int) syscall(SYS_open, path, flags, mode); -+#if defined __NR_open && __NR_open > 0 -+ return (int) syscall(__NR_open, path, flags, mode); - #else - return open(path, flags, mode); - #endif --- -2.7.4 - diff --git a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch b/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch deleted file mode 100644 index ba20a0bb46..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d0122c077d2d8fd0fd29b463c501e7ddf9177ff3 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Tue, 24 Sep 2019 17:04:50 +0800 -Subject: [PATCH] unit-file.c: consider symlink on filesystems like NFS - -Some filesystems do not fully support readdir, according to the manual, -so we should also consider DT_UNKNOWN to correctly handle symlinks. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - -Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/13637] ---- - src/shared/unit-file.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/shared/unit-file.c b/src/shared/unit-file.c -index 4a5f23e6c1..8373103000 100644 ---- a/src/shared/unit-file.c -+++ b/src/shared/unit-file.c -@@ -247,6 +247,7 @@ int unit_file_build_name_map( - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; - const char *suffix, *dst = NULL; - bool valid_unit_name; -+ struct stat sb; - - valid_unit_name = unit_name_is_valid(de->d_name, UNIT_NAME_ANY); - -@@ -279,7 +280,10 @@ int unit_file_build_name_map( - if (hashmap_contains(ids, de->d_name)) - continue; - -- if (de->d_type == DT_LNK) { -+ if (de->d_type == DT_LNK || -+ (de->d_type == DT_UNKNOWN && -+ lstat(filename, &sb) == 0 && -+ (sb.st_mode & S_IFMT) == S_IFLNK)) { - /* We don't explicitly check for alias loops here. unit_ids_map_get() which - * limits the number of hops should be used to access the map. */ - --- -2.17.1 - diff --git a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch b/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch deleted file mode 100644 index f9c5996ffb..0000000000 --- a/meta/recipes-core/systemd/systemd/0004-rules-whitelist-hd-devices.patch +++ /dev/null @@ -1,34 +0,0 @@ -From dc0a6a9fe4da9738efaba942233ad39da625a918 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Thu, 21 Feb 2019 16:28:21 +0800 -Subject: [PATCH 4/5] rules: whitelist hd* devices - -qemu by default emulates IDE and the linux-yocto kernel(s) use -CONFIG_IDE instead of the more modern libsata, so disks appear as -/dev/hd*. Patch rejected upstream because CONFIG_IDE is deprecated. - -Upstream-Status: Denied [https://github.com/systemd/systemd/pull/1276] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> -[rebased for systemd 241] -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> -[rebased for systemd 243] -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - rules/60-persistent-storage.rules | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules -index 7802b1c94f..c0534ae26a 100644 ---- a/rules/60-persistent-storage.rules -+++ b/rules/60-persistent-storage.rules -@@ -7,7 +7,7 @@ ACTION=="remove", GOTO="persistent_storage_end" - ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end" - - SUBSYSTEM!="block", GOTO="persistent_storage_end" --KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", GOTO="persistent_storage_end" -+KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", GOTO="persistent_storage_end" - - # ignore partitions that span the entire disk - TEST=="whole_disk", GOTO="persistent_storage_end" diff --git a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch b/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch deleted file mode 100644 index 96175b5b5e..0000000000 --- a/meta/recipes-core/systemd/systemd/0005-rules-watch-metadata-changes-in-ide-devices.patch +++ /dev/null @@ -1,45 +0,0 @@ -From d1bccc721dd8f43fee29c5df0e9b78345e69f4b6 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Thu, 21 Feb 2019 16:38:38 +0800 -Subject: [PATCH 5/5] rules: watch metadata changes in ide devices - -Formatting IDE storage does not trigger "change" uevents. As a result -clients using udev API don't get any updates afterwards and get outdated -information about the device. -... -root@qemux86-64:~# mkfs.ext4 -F /dev/hda1 -Creating filesystem with 262144 4k blocks and 65536 inodes -Filesystem UUID: 98791eb2-2bf3-47ad-b4d8-4cf7e914eee2 - -root@qemux86-64:~# ls /dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2 -ls: cannot access '/dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2': No such file or directory -... -Include hd* in a match for watch option assignment. - -Upstream-Status: Denied - -qemu by default emulates IDE and the linux-yocto kernel(s) use -CONFIG_IDE instead of the more modern libsata, so disks appear as -/dev/hd*. A similar patch rejected by upstream because CONFIG_IDE -is deprecated. - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> -[rebased for systemd 241] -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> -[rebased for systemd 243] -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - rules/60-block.rules | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rules/60-block.rules b/rules/60-block.rules -index 3134ab995e..cd72a494a1 100644 ---- a/rules/60-block.rules -+++ b/rules/60-block.rules -@@ -9,5 +9,5 @@ ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", - - # watch metadata changes, caused by tools closing the device node which was opened for writing - ACTION!="remove", SUBSYSTEM=="block", \ -- KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", \ -+ KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|hd*", \ - OPTIONS+="watch" diff --git a/meta/recipes-core/systemd/systemd_243.2.bb b/meta/recipes-core/systemd/systemd_243.4.bb index e31fac8c56..a0d10e03be 100644 --- a/meta/recipes-core/systemd/systemd_243.2.bb +++ b/meta/recipes-core/systemd/systemd_243.4.bb @@ -20,10 +20,6 @@ SRC_URI += "file://touchscreen.rules \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch \ file://0003-implment-systemd-sysv-install-for-OE.patch \ - file://0004-rules-whitelist-hd-devices.patch \ - file://0005-rules-watch-metadata-changes-in-ide-devices.patch \ - file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \ - file://0001-seccomp-more-comprehensive-protection-against-libsec.patch \ file://99-default.preset \ " |