-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
989 additions
and
131 deletions.
There are no files selected for viewing
89 changes: 89 additions & 0 deletions
89
staging/systemd/0001-tmpfiles-make-purge-hard-to-mis-use.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| From 45cfee930ab4067348cea5244c9c2dc31c64d14d Mon Sep 17 00:00:00 2001 | ||
| From: Daan De Meyer <[email protected]> | ||
| Date: Tue, 23 Jul 2024 13:14:05 +0200 | ||
| Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use | ||
|
|
||
| Follow-up for https://github.com/systemd/systemd/pull/33383. | ||
| --- | ||
| src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++ | ||
| test/units/TEST-22-TMPFILES.18.sh | 4 ++-- | ||
| 2 files changed, 19 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c | ||
| index 5a4f989668..c5b544f1df 100644 | ||
| --- a/src/tmpfiles/tmpfiles.c | ||
| +++ b/src/tmpfiles/tmpfiles.c | ||
| @@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) { | ||
| ARG_IMAGE_POLICY, | ||
| ARG_REPLACE, | ||
| ARG_DRY_RUN, | ||
| + ARG_DESTROY_DATA, | ||
| ARG_NO_PAGER, | ||
| }; | ||
|
|
||
| @@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) { | ||
| { "replace", required_argument, NULL, ARG_REPLACE }, | ||
| { "dry-run", no_argument, NULL, ARG_DRY_RUN }, | ||
| { "no-pager", no_argument, NULL, ARG_NO_PAGER }, | ||
| + | ||
| + /* This is not documented on purpose. | ||
| + * If you think --purge should be allowed without jumping through hoops, | ||
| + * consider opening a bug report with the description of the use case. | ||
| + */ | ||
| + { "destroy-data", no_argument, NULL, ARG_DESTROY_DATA }, | ||
| + | ||
| {} | ||
| }; | ||
|
|
||
| int c, r; | ||
| + bool destroy_data = false; | ||
|
|
||
| assert(argc >= 0); | ||
| assert(argv); | ||
| @@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) { | ||
| arg_dry_run = true; | ||
| break; | ||
|
|
||
| + case ARG_DESTROY_DATA: | ||
| + destroy_data = true; | ||
| + break; | ||
| + | ||
| case ARG_NO_PAGER: | ||
| arg_pager_flags |= PAGER_DISABLE; | ||
| break; | ||
| @@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) { | ||
| return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | ||
| "Refusing --purge without specification of a configuration file."); | ||
|
|
||
| + if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data) | ||
| + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | ||
| + "Refusing --purge without --destroy-data."); | ||
| + | ||
| if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF) | ||
| return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | ||
| "Option --replace= is not supported with --cat-config/--tldr."); | ||
| diff --git a/test/units/TEST-22-TMPFILES.18.sh b/test/units/TEST-22-TMPFILES.18.sh | ||
| index c81f6bd0ef..dd536172d4 100755 | ||
| --- a/test/units/TEST-22-TMPFILES.18.sh | ||
| +++ b/test/units/TEST-22-TMPFILES.18.sh | ||
| @@ -24,7 +24,7 @@ test -f /tmp/somedir/somefile | ||
| grep -q baz /tmp/somedir/somefile | ||
| grep -q qux /tmp/someotherfile | ||
|
|
||
| -systemd-tmpfiles --purge - <<<"$c" | ||
| +systemd-tmpfiles --purge --destroy-data - <<<"$c" | ||
| test ! -f /tmp/somedir/somefile | ||
| test ! -d /tmp/somedir/ | ||
| grep -q qux /tmp/someotherfile | ||
| @@ -34,7 +34,7 @@ test ! -f /tmp/somedir/somefile | ||
| test ! -d /tmp/somedir/ | ||
| grep -q qux /tmp/someotherfile | ||
|
|
||
| -systemd-tmpfiles --create --purge - <<<"$c" | ||
| +systemd-tmpfiles --create --destroy-data --purge - <<<"$c" | ||
| test -f /tmp/somedir/somefile | ||
| grep -q baz /tmp/somedir/somefile | ||
| grep -q qux /tmp/someotherfile | ||
| -- | ||
| 2.47.0 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 | ||
| From: Yu Watanabe <[email protected]> | ||
| Date: Mon, 20 Feb 2023 12:00:30 +0900 | ||
| Subject: [PATCH] core/manager: run generators directly when we are in initrd | ||
|
|
||
| Some initrd system write files at ourside of /run, /etc, or other | ||
| allowed places. This is a kind of workaround, but in most cases, such | ||
| sandboxing is not necessary as the filesystem is on ramfs when we are in | ||
| initrd. | ||
|
|
||
| Fixes #26488. | ||
| --- | ||
| src/core/manager.c | 4 ++-- | ||
| 1 file changed, 2 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/src/core/manager.c b/src/core/manager.c | ||
| index 7b394794b0d4..306477c6e6c2 100644 | ||
| --- a/src/core/manager.c | ||
| +++ b/src/core/manager.c | ||
| @@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { | ||
| /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If | ||
| * we are the user manager, let's just execute the generators directly. We might not have the | ||
| * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. | ||
| - */ | ||
| - if (MANAGER_IS_USER(m)) { | ||
| + * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ | ||
| + if (MANAGER_IS_USER(m) || in_initrd()) { | ||
| r = manager_execute_generators(m, paths, /* remount_ro= */ false); | ||
| goto finish; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001 | ||
| From 9e3d6b193d79ce447cd329617ada941f331570a9 Mon Sep 17 00:00:00 2001 | ||
| From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <[email protected]> | ||
| Date: Tue, 9 Jan 2024 11:28:04 +0100 | ||
| Subject: [PATCH] journal: again create user journals for users with high uids | ||
|
|
@@ -39,13 +39,13 @@ revert the change to fix user systems. | |
|
|
||
| Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. | ||
| --- | ||
| src/basic/uid-alloc-range.c | 2 +- | ||
| src/basic/uid-classification.c | 2 +- | ||
| 1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
|
||
| diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c | ||
| index 669cb6d56f7be..7b724b7959f60 100644 | ||
| --- a/src/basic/uid-alloc-range.c | ||
| +++ b/src/basic/uid-alloc-range.c | ||
| diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c | ||
| index e2d2cebc6de27..2c8b06c0d3088 100644 | ||
| --- a/src/basic/uid-classification.c | ||
| +++ b/src/basic/uid-classification.c | ||
| @@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { | ||
|
|
||
| /* Returns true if the specified UID shall get its data stored in the system journal. */ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # do not edit this file, it will be overwritten on update | ||
|
|
||
| ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \ | ||
| KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ | ||
| ATTR{queue/scheduler}="bfq" |
Oops, something went wrong.