packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync patches from systemd community

Browse Source
This commit is contained in:
h30032433 2023-12-18 16:49:22 +08:00
parent 1209759dab
commit 6109ccfff3
10 changed files with 592 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch Normal file
View File

@ -0,0 +1,42 @@
From f60488f72e3c6839e3e77e4d35ceaad5367494b1 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 25 Aug 2023 13:55:36 +0200
Subject: [PATCH] Limit rlim_max in rlimit_nofile_safe() to nr_open
We might inherit a max rlim value that's larger than the kernel's
maximum (nr_open). This will cause setrlimit() to fail as the given
maximum is larger than the kernel's maximum. To get around this,
let's limit the max rlim we pass to rlimit() to the value of nr_open.
Should fix #28965
(cherry picked from commit f470dafddcd688c3ea6031d4bbcbf934fd094711)
(cherry picked from commit a980b83fe07521e4654d68331c31db3a4459412c)
(cherry picked from commit 30ce78cb1adff6a53bfaee57da4f208f35896dbe)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/f60488f72e3c6839e3e77e4d35ceaad5367494b1
---
src/basic/rlimit-util.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c
index 33dfde9d6c..e150976f75 100644
--- a/src/basic/rlimit-util.c
+++ b/src/basic/rlimit-util.c
@@ -401,7 +401,11 @@ int rlimit_nofile_safe(void) {
if (rl.rlim_cur <= FD_SETSIZE)
return 0;
- rl.rlim_cur = FD_SETSIZE;
+ /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in
+ * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To
+ * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */
+ rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
+ rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);
--
2.33.0

76
backport-bus-add-some-minimal-bounds-check-on-signatures.patch Normal file
View File

@ -0,0 +1,76 @@
From 475d2dd9758b1c82b8f079386c08cdec8bb23b5a Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 16 Jul 2023 01:10:47 +0100
Subject: [PATCH] bus: add some minimal bounds check on signatures
CID#1491292
CID#1491291
CID#1491290
CID#1491289
CID#1491284
CID#1491281
CID#1491280
CID#1491278
(cherry picked from commit d80cc39558ec7e596d594d1aadc4df81262611f8)
(cherry picked from commit a518ea9ff1fe55c7bb5e4f391858a57d66b779d0)
(cherry picked from commit b7531639dc75261de8957b2ddac6012d8fe2559f)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/475d2dd9758b1c82b8f079386c08cdec8bb23b5a
---
src/busctl/busctl.c | 5 ++++-
src/libsystemd/sd-bus/bus-message.c | 6 ++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
index 9e46cc2e96..c52a8d5912 100644
--- a/src/busctl/busctl.c
+++ b/src/busctl/busctl.c
@@ -1621,8 +1621,11 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
p--;
r = signature_element_length(signature, &k);
- if (r < 0)
+ if (r < 0 || k < 2) {
+ if (r >= 0 && k < 2)
+ r = -ERANGE;
return log_error_errno(r, "Invalid struct/dict entry signature: %m");
+ }
{
char s[k-1];
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index 3262c07c6d..cbc99c1bd8 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -2009,6 +2009,8 @@ _public_ int sd_bus_message_appendv(
r = signature_element_length(t, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k - 1];
@@ -3452,6 +3454,8 @@ _public_ int sd_bus_message_readv(
r = signature_element_length(t, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k - 1];
@@ -3632,6 +3636,8 @@ _public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) {
r = signature_element_length(types, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k-1];
--
2.33.0

155
backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch Normal file
View File

@ -0,0 +1,155 @@
From 2d2b66b0bec607ce246a55a8c77805cea86ead4c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 29 Apr 2023 04:31:53 +0900
Subject: [PATCH] core/path: do not enqueue new job in .trigger_notify callback
Otherwise,
1. X.path triggered X.service, and the service has waiting start job,
2. systemctl stop X.service
3. the waiting start job is cancelled to install new stop job,
4. path_trigger_notify() is called, and may reinstall new start job,
5. the stop job cannot be installed, and triggeres assertion.
So, instead, let's add a defer event source, then enqueue the new start
job after the stop (or any other type) job finished.
Fixes https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906.
(cherry picked from commit bc6377762c210d1bdd7fd2465930731d87dda576)
(cherry picked from commit 03f2a8921ee0671710f920896c0234b9793c07c5)
Conflict:code context adaptation and ASSERT_PTR function adaptation
Reference:https://github.com/systemd/systemd-stable/commit/2d2b66b0bec607ce246a55a8c77805cea86ead4c
---
src/core/path.c | 68 +++++++++++++++++++++++++++++++++++++++++++++----
src/core/path.h | 2 ++
2 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/src/core/path.c b/src/core/path.c
index a8b2b6ae8f..a8144c344d 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -10,6 +10,7 @@
#include "dbus-path.h"
#include "dbus-unit.h"
#include "escape.h"
+#include "event-util.h"
#include "fd-util.h"
#include "fs-util.h"
#include "glob-util.h"
@@ -300,6 +301,7 @@ static void path_done(Unit *u) {
assert(p);
+ p->trigger_notify_event_source = sd_event_source_disable_unref(p->trigger_notify_event_source);
path_free_specs(p);
}
@@ -575,6 +577,9 @@ static void path_enter_waiting(Path *p, bool initial, bool from_trigger_notify)
Unit *trigger;
int r;
+ if (p->trigger_notify_event_source)
+ (void) event_source_disable(p->trigger_notify_event_source);
+
/* If the triggered unit is already running, so are we */
trigger = UNIT_TRIGGER(UNIT(p));
if (trigger && !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(trigger))) {
@@ -799,8 +804,29 @@ fail:
return 0;
}
-static void path_trigger_notify(Unit *u, Unit *other) {
+static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer);
+
+static int path_trigger_notify_on_defer(sd_event_source *s, void *userdata) {
+ Path *p = userdata;
+ Unit *trigger;
+
+ assert(p);
+ assert(s);
+
+ trigger = UNIT_TRIGGER(UNIT(p));
+ if (!trigger) {
+ log_unit_error(UNIT(p), "Unit to trigger vanished.");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return 0;
+ }
+
+ path_trigger_notify_impl(UNIT(p), trigger, /* on_defer = */ true);
+ return 0;
+}
+
+static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer) {
Path *p = PATH(u);
+ int r;
assert(u);
assert(other);
@@ -826,13 +851,46 @@ static void path_trigger_notify(Unit *u, Unit *other) {
if (p->state == PATH_RUNNING &&
UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
- log_unit_debug(UNIT(p), "Got notified about unit deactivation.");
- path_enter_waiting(p, false, true);
+ if (!on_defer)
+ log_unit_debug(u, "Got notified about unit deactivation.");
} else if (p->state == PATH_WAITING &&
!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
- log_unit_debug(UNIT(p), "Got notified about unit activation.");
- path_enter_waiting(p, false, true);
+ if (!on_defer)
+ log_unit_debug(u, "Got notified about unit activation.");
+ } else
+ return;
+
+ if (on_defer) {
+ path_enter_waiting(p, /* initial = */ false, /* from_trigger_notify = */ true);
+ return;
}
+
+ /* Do not call path_enter_waiting() directly from path_trigger_notify(), as this may be called by
+ * job_install() -> job_finish_and_invalidate() -> unit_trigger_notify(), and path_enter_waiting()
+ * may install another job and will trigger assertion in job_install().
+ * https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906
+ * Hence, first setup defer event source here, and call path_enter_waiting() slightly later. */
+ if (p->trigger_notify_event_source) {
+ r = sd_event_source_set_enabled(p->trigger_notify_event_source, SD_EVENT_ONESHOT);
+ if (r < 0) {
+ log_unit_warning_errno(u, r, "Failed to enable event source for triggering notify: %m");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return;
+ }
+ } else {
+ r = sd_event_add_defer(u->manager->event, &p->trigger_notify_event_source, path_trigger_notify_on_defer, p);
+ if (r < 0) {
+ log_unit_warning_errno(u, r, "Failed to allocate event source for triggering notify: %m");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return;
+ }
+
+ (void) sd_event_source_set_description(p->trigger_notify_event_source, "path-trigger-notify");
+ }
+}
+
+static void path_trigger_notify(Unit *u, Unit *other) {
+ path_trigger_notify_impl(u, other, /* on_defer = */ false);
}
static void path_reset_failed(Unit *u) {
diff --git a/src/core/path.h b/src/core/path.h
index c76103cc12..cb5b662911 100644
--- a/src/core/path.h
+++ b/src/core/path.h
@@ -65,6 +65,8 @@ struct Path {
PathResult result;
RateLimit trigger_limit;
+
+ sd_event_source *trigger_notify_event_source;
};
void path_free_specs(Path *p);
--
2.33.0

47
backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch Normal file
View File

@ -0,0 +1,47 @@
From c685e2c8e86f3541a94f09c3aa912a4022bd3056 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 24 Aug 2023 09:00:04 +0200
Subject: [PATCH] hostname: Make sure we pass error to
bus_verify_polkit_async()
Fixes #28943
(cherry picked from commit b56ee692334231f0312c2fd142b9f2a84da14ac9)
(cherry picked from commit d38ba62059c7d28dbd259699df224ec19a10f4aa)
(cherry picked from commit 6691b54958c27f0f0557b9a8a9d834e1d99c9465)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/c685e2c8e86f3541a94f09c3aa912a4022bd3056
---
src/hostname/hostnamed.c | 2 +-
src/shared/bus-polkit.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 3585ac1f47..0c798346e0 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1194,7 +1194,7 @@ static int method_describe(sd_bus_message *m, void *userdata, sd_bus_error *erro
false,
UID_INVALID,
&c->polkit_registry,
- NULL);
+ error);
if (r == 0)
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 85b907faa9..dc0a26eb43 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -263,6 +263,7 @@ int bus_verify_polkit_async(
assert(call);
assert(action);
assert(registry);
+ assert(ret_error);
r = check_good_user(call, good_user);
if (r != 0)
--
2.33.0

68
backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch Normal file
View File

@ -0,0 +1,68 @@
From a6eca1755cb3ff0e20f33baf4f9b3805dd6f6486 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] resolved: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by manager_recv() which can legitimately return 1 without errno
semantics, so fix this by moving ERRNO_IS_DISCONNECT() invocation to the
branch where the return value is known to be negative.
(cherry picked from commit 0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3)
(cherry picked from commit 791dbff59b073ce049801319c58218c5f1063220)
Conflict:code context adaptation
Reference:https://github.com/systemd/systemd-stable/commit/a6eca1755cb3ff0e20f33baf4f9b3805dd6f6486
---
src/resolve/resolved-dns-transaction.c | 27 ++++++++++++--------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 2bf7c2e783..e068a37cba 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -1411,25 +1411,22 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use
assert(t->scope);
r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p);
- if (ERRNO_IS_DISCONNECT(r)) {
- usec_t usec;
-
- /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the
- * next recvmsg(). Treat this like a lost packet. */
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r)) {
+ usec_t usec;
- log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
- assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
- dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level);
+ /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the
+ * next recvmsg(). Treat this like a lost packet. */
- dns_transaction_close_connection(t, /* use_graveyard = */ false);
+ log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
+ assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
+ dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level);
- if (dns_transaction_limited_retry(t)) /* Try a different server */
- return 0;
+ dns_transaction_close_connection(t, /* use_graveyard = */ false);
- dns_transaction_complete_errno(t, r);
- return 0;
- }
- if (r < 0) {
+ if (dns_transaction_limited_retry(t)) /* Try a different server */
+ return 0;
+ }
dns_transaction_complete_errno(t, r);
return 0;
}
--
2.33.0

51
backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch Normal file
View File

@ -0,0 +1,51 @@
From d4d356c6c2ed5ea0b15c6fd49a29badb022c217e Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] sd-bus: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by bus_socket_process_watch_bind(), bus_socket_process_opening(),
and bus_socket_process_authenticating() which can legitimately return
positive values without errno semantics, so fix this by moving the
ERRNO_IS_DISCONNECT() invocation to the branch where the return value
is known to be negative.
(cherry picked from commit bb228f0ebc9b691ee2a871bffbf949936568f3ea)
(cherry picked from commit 920568b7e213162babcbe0c0cdd4e2fe28882ebd)
Conflict:code context adaptation
Reference:https://github.com/systemd/systemd-stable/commit/d4d356c6c2ed5ea0b15c6fd49a29badb022c217e
---
src/libsystemd/sd-bus/sd-bus.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index d6a3177d39..d2c68688ad 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -3236,11 +3236,13 @@ static int bus_process_internal(sd_bus *bus, sd_bus_message **ret) {
assert_not_reached("Unknown state");
}
- if (ERRNO_IS_DISCONNECT(r)) {
- bus_enter_closing(bus);
- r = 1;
- } else if (r < 0)
- return r;
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r)) {
+ bus_enter_closing(bus);
+ r = 1;
+ } else
+ return r;
+ }
if (ret)
*ret = NULL;
--
2.33.0

46
backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch Normal file
View File

@ -0,0 +1,46 @@
From 6306373d92d077a4dc9873fb7bf7f6d29586d4c3 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] socket: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by socket_acquire_peer() which can legitimately return 1
without errno semantics, so fix this by moving ERRNO_IS_DISCONNECT()
invocation to the branch where the return value is known to be negative.
(cherry picked from commit d5f8890bbf375075c7042b31ff6e79ad491df04c)
(cherry picked from commit ebce7284fd515cc43ec90d231aadc342af5ea2d9)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/6306373d92d077a4dc9873fb7bf7f6d29586d4c3
---
src/core/socket.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index f18ef4416d..e86e9c85b8 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2361,10 +2361,12 @@ static void socket_enter_running(Socket *s, int cfd_in) {
if (s->max_connections_per_source > 0) {
r = socket_acquire_peer(s, cfd, &p);
- if (ERRNO_IS_DISCONNECT(r))
- return;
- if (r < 0) /* We didn't have enough resources to acquire peer information, let's fail. */
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r))
+ return;
+ /* We didn't have enough resources to acquire peer information, let's fail. */
goto fail;
+ }
if (r > 0 && p->n_ref > s->max_connections_per_source) {
_cleanup_free_ char *t = NULL;
--
2.33.0

36
backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch Normal file
View File

@ -0,0 +1,36 @@
From 90f2e0ad8651fef84c4a1fe99a66d1a4f43b941d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 28 Sep 2022 18:09:29 +0900
Subject: [PATCH] udev-builtin-net_id: fix potential buffer overflow
(cherry picked from commit 5660e68d651545b43e13a51b068e64022637a6c6)
(cherry picked from commit a987b0f12133bcb5ab73000109468871bfbab3c2)
(cherry picked from commit 22bd243c808d27b6b7725465ebcb21fac72020a8)
Conflict:code context adaptation
Reference:https://github.com/systemd/systemd-stable/commit/90f2e0ad8651fef84c4a1fe99a66d1a4f43b941d
---
src/udev/udev-builtin-net_id.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index d4e9dcb60d..6425494f9c 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -804,11 +804,11 @@ static int names_usb(sd_device *dev, NetNames *names) {
/* append USB config number, suppress the common config == 1 */
if (!streq(config, "1"))
- l = strpcpyl(&s, sizeof(names->usb_ports), "c", config, NULL);
+ l = strpcpyl(&s, l, "c", config, NULL);
/* append USB interface number, suppress the interface == 0 */
if (!streq(interf, "0"))
- l = strpcpyl(&s, sizeof(names->usb_ports), "i", interf, NULL);
+ l = strpcpyl(&s, l, "i", interf, NULL);
if (l == 0)
return -ENAMETOOLONG;
--
2.33.0

49
backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch Normal file
View File

@ -0,0 +1,49 @@
From b45b5700c6be73c3da030a943cc69997f209b887 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 26 Sep 2023 09:52:05 +0200
Subject: [PATCH] udev: raise RLIMIT_NOFILE as high as we can
We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE
to what the service manager allows us, which is quite a lot these days.
udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus
ensuring that forked off processes get their RLIMIT_NOFILE soft limit
reset to 1K for compat with crappy old select().
Replaces: #29298
Fixes: #28583
(cherry picked from commit 1617424ce76d797d081dd6cb1082b954c4d2bf38)
(cherry picked from commit c98a24bdbdb830a5081d5ec972d62d08547d7255)
(cherry picked from commit b60cf1f7f489e25c730e21c4c17f968330846325)
Conflict:code context adaptation
Reference:https://github.com/systemd/systemd-stable/commit/b45b5700c6be73c3da030a943cc69997f209b887
---
src/udev/udevd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index c83c59516b..2095062b93 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -55,6 +55,7 @@
#include "pretty-print.h"
#include "proc-cmdline.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "socket-util.h"
@@ -2040,6 +2041,9 @@ int run_udevd(int argc, char *argv[]) {
if (r < 0)
return r;
+ /* Make sure we can have plenty fds (for example for pidfds) */
+ (void) rlimit_nofile_bump(-1);
+
r = mkdir_errno_wrapper("/run/udev", 0755);
if (r < 0 && r != -EEXIST)
return log_error_errno(r, "Failed to create /run/udev: %m");
--
2.33.0

23
systemd.spec
View File

@ -21,7 +21,7 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 249
Release: 59
Release: 60
License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager
@ -589,6 +589,15 @@ Patch6540: backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.pa
Patch6541: backport-core-unit-update-bidirectional-dependency-simultaneo.patch
Patch6542: backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch
Patch6543: backport-units-modprobe-.service-don-t-unescape-instance-name.patch
Patch6544: backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch
Patch6545: backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6546: backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6547: backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6548: backport-bus-add-some-minimal-bounds-check-on-signatures.patch
Patch6549: backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch
Patch6550: backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch
Patch6551: backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch
Patch6552: backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch
Patch9001: update-rtc-with-system-clock-when-shutdown.patch
Patch9002: udev-add-actions-while-rename-netif-failed.patch
@ -2085,6 +2094,18 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
%{_libdir}/security/pam_systemd.so
%changelog
* Mon Dec 18 2023 huyubiao <huyubiao@huawei.com> - 249-60
- backport: sync patches from systemd community
add backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch
backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch
backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch
backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch
backport-bus-add-some-minimal-bounds-check-on-signatures.patch
backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch
backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch
backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch
backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch
* Tue Dec 12 2023 hongjinghao <hongjinghao@huawei.com> - 249-59
- backport: sync patches from systemd community