thirdparty/systemd
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

merge into: thirdparty:main
Branches Tags
thirdparty:main
thirdparty:pandory
thirdparty:wip/hadess/logitech-hidraw
thirdparty:revert-20598-order_noauto
...
pull from: thirdparty:pandory
Branches Tags
thirdparty:pandory
thirdparty:main
thirdparty:wip/hadess/logitech-hidraw
thirdparty:revert-20598-order_noauto
Sign in to create a new pull request.

1 commit
main ... pandory

Author SHA1 Message Date
dajoho
22be5a0953 Pandory modifications: - add support for compilation on older compilers/kernels which don't have a few of the requried constants defined. - this systemd is only used for udev and the modified code-segments are not in use. This is only so we can compile and copy the udev libraries. 2023-07-06 10:16:07 +00:00
13 changed files with 34 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/analyze/analyze-security.c
View file

@ -1207,7 +1207,7 @@ static const struct security_assessor security_assessor_table[] = {
.weight = 25,
.range = 1,
.assess = assess_capability_bounding_set,
.parameter = (UINT64_C(1) << CAP_BLOCK_SUSPEND),
.parameter = (UINT64_C(1) << 1),
},
{
.id = "CapabilityBoundingSet=~CAP_WAKE_ALARM",

4
src/basic/arphrd-util.c
View file

@ -37,8 +37,8 @@ size_t arphrd_to_hw_addr_len(uint16_t arphrd) {
case ARPHRD_IPGRE:
return sizeof(struct in_addr);
case ARPHRD_TUNNEL6:
case ARPHRD_IP6GRE:
return sizeof(struct in6_addr);
// case ARPHRD_IP6GRE:
// return sizeof(struct in6_addr);
default:
return 0;
}

5
src/basic/filesystems-gperf.gperf
View file

@ -33,7 +33,6 @@ binder, {BINDERFS_SUPER_MAGIC}
binfmt_misc, {BINFMTFS_MAGIC}
bpf, {BPF_FS_MAGIC}
btrfs, {BTRFS_SUPER_MAGIC}
btrfs_test_fs, {BTRFS_TEST_MAGIC}
# cpuset's magic got reassigned to cgroupfs
cpuset, {CGROUP_SUPER_MAGIC}
ceph, {CEPH_SUPER_MAGIC}
@ -52,7 +51,6 @@ devpts, {DEVPTS_SUPER_MAGIC}
devtmpfs, {TMPFS_MAGIC}
dmabuf, {DMA_BUF_MAGIC}
ecryptfs, {ECRYPTFS_SUPER_MAGIC}
efivarfs, {EFIVARFS_MAGIC}
efs, {EFS_SUPER_MAGIC}
erofs, {EROFS_SUPER_MAGIC_V1}
# ext2 + ext3 + ext4 use the same magic
@ -60,7 +58,6 @@ ext2, {EXT2_SUPER_MAGIC}
ext3, {EXT3_SUPER_MAGIC}
ext4, {EXT4_SUPER_MAGIC}
exfat, {EXFAT_SUPER_MAGIC}
f2fs, {F2FS_SUPER_MAGIC}
# fuseblk is so closely related to fuse that it shares the same magic
fuseblk, {FUSE_SUPER_MAGIC}
fuse, {FUSE_SUPER_MAGIC}
@ -68,7 +65,6 @@ fusectl, {FUSE_CTL_SUPER_MAGIC}
# gfs is an old version of gfs2 and reuses the magic
gfs, {GFS2_MAGIC}
gfs2, {GFS2_MAGIC}
hostfs, {HOSTFS_SUPER_MAGIC}
hpfs, {HPFS_SUPER_MAGIC}
hugetlbfs, {HUGETLBFS_MAGIC}
iso9660, {ISOFS_SUPER_MAGIC}
@ -107,7 +103,6 @@ secretmem, {SECRETMEM_MAGIC}
securityfs, {SECURITYFS_MAGIC}
selinuxfs, {SELINUX_MAGIC}
shiftfs, {SHIFTFS_MAGIC}
smackfs, {SMACK_MAGIC}
# smb3 is an alias for cifs
smb3, {CIFS_SUPER_MAGIC}
# smbfs was removed from the kernel in 2010, the magic remains

35
src/basic/process-util.c
View file

@ -284,37 +284,6 @@ static int update_argv(const char name[], size_t l) {
strncpy(nn, name, nn_size);
/* Now, let's tell the kernel about this new memory */
if (prctl(PR_SET_MM, PR_SET_MM_ARG_START, (unsigned long) nn, 0, 0) < 0) {
if (ERRNO_IS_PRIVILEGE(errno))
return log_debug_errno(errno, "PR_SET_MM_ARG_START failed: %m");
/* HACK: prctl() API is kind of dumb on this point. The existing end address may already be
* below the desired start address, in which case the kernel may have kicked this back due
* to a range-check failure (see linux/kernel/sys.c:validate_prctl_map() to see this in
* action). The proper solution would be to have a prctl() API that could set both start+end
* simultaneously, or at least let us query the existing address to anticipate this condition
* and respond accordingly. For now, we can only guess at the cause of this failure and try
* a workaround--which will briefly expand the arg space to something potentially huge before
* resizing it to what we want. */
log_debug_errno(errno, "PR_SET_MM_ARG_START failed, attempting PR_SET_MM_ARG_END hack: %m");
if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) nn + l + 1, 0, 0) < 0) {
r = log_debug_errno(errno, "PR_SET_MM_ARG_END hack failed, proceeding without: %m");
(void) munmap(nn, nn_size);
return r;
}
if (prctl(PR_SET_MM, PR_SET_MM_ARG_START, (unsigned long) nn, 0, 0) < 0)
return log_debug_errno(errno, "PR_SET_MM_ARG_START still failed, proceeding without: %m");
} else {
/* And update the end pointer to the new end, too. If this fails, we don't really know what
* to do, it's pretty unlikely that we can rollback, hence we'll just accept the failure,
* and continue. */
if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) nn + l + 1, 0, 0) < 0)
log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m");
}
if (mm)
(void) munmap(mm, mm_size);
@ -324,8 +293,8 @@ static int update_argv(const char name[], size_t l) {
strncpy(mm, name, mm_size);
/* Update the end pointer, continuing regardless of any failure. */
if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0)
log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m");
//if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0)
// log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m");
}
can_do = true;

10
src/core/execute.c
View file

@ -5002,11 +5002,11 @@ static int exec_child(
}
}
if (context_has_no_new_privileges(context))
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
*exit_status = EXIT_NO_NEW_PRIVILEGES;
return log_unit_error_errno(unit, errno, "Failed to disable new privileges: %m");
}
//if (context_has_no_new_privileges(context))
//if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// *exit_status = EXIT_NO_NEW_PRIVILEGES;
// return log_unit_error_errno(unit, errno, "Failed to disable new privileges: %m");
//}
#if HAVE_SECCOMP
r = apply_address_families(unit, context);

8
src/core/main.c
View file

@ -2193,10 +2193,10 @@ static int initialize_runtime(
}
if (arg_system && arg_no_new_privs) {
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
*ret_error_message = "Failed to disable new privileges";
return log_emergency_errno(errno, "Failed to disable new privileges: %m");
}
//if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// *ret_error_message = "Failed to disable new privileges";
// return log_emergency_errno(errno, "Failed to disable new privileges: %m");
//}
}
if (arg_syscall_archs) {

8
src/core/socket.c
View file

@ -8,7 +8,7 @@
#include <sys/epoll.h>
#include <sys/stat.h>
#include <unistd.h>
#include <linux/sctp.h>
//include <linux/sctp.h>
#include "alloc-util.h"
#include "bpf-firewall.h"
@ -997,9 +997,9 @@ static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
if (s->no_delay) {
if (s->socket_protocol == IPPROTO_SCTP) {
r = setsockopt_int(fd, SOL_SCTP, SCTP_NODELAY, true);
if (r < 0)
log_unit_warning_errno(UNIT(s), r, "SCTP_NODELAY failed: %m");
//r = setsockopt_int(fd, SOL_SCTP, SCTP_NODELAY, true);
//if (r < 0)
// log_unit_warning_errno(UNIT(s), r, "SCTP_NODELAY failed: %m");
} else {
r = setsockopt_int(fd, SOL_TCP, TCP_NODELAY, true);
if (r < 0)

4
src/libsystemd/sd-netlink/netlink-message-nfnl.c
View file

@ -15,10 +15,10 @@
static bool nfproto_is_valid(int nfproto) {
return IN_SET(nfproto,
NFPROTO_UNSPEC,
NFPROTO_INET,
//NFPROTO_INET,
NFPROTO_IPV4,
NFPROTO_ARP,
NFPROTO_NETDEV,
//NFPROTO_NETDEV,
NFPROTO_BRIDGE,
NFPROTO_IPV6,
NFPROTO_DECNET);

8
src/libsystemd/sd-netlink/netlink-types-rtnl.c
View file

@ -971,10 +971,10 @@ static const NLAPolicy rtnl_neigh_policies[] = {
[NDA_LLADDR] = BUILD_POLICY(ETHER_ADDR),
[NDA_CACHEINFO] = BUILD_POLICY_WITH_SIZE(BINARY, sizeof(struct nda_cacheinfo)),
[NDA_PROBES] = BUILD_POLICY(U32),
[NDA_VLAN] = BUILD_POLICY(U16),
[NDA_PORT] = BUILD_POLICY(U16),
[NDA_VNI] = BUILD_POLICY(U32),
[NDA_IFINDEX] = BUILD_POLICY(U32),
//[NDA_VLAN] = BUILD_POLICY(U16),
//[NDA_PORT] = BUILD_POLICY(U16),
//[NDA_VNI] = BUILD_POLICY(U32),
//[NDA_IFINDEX] = BUILD_POLICY(U32),
};
DEFINE_POLICY_SET(rtnl_neigh);

4
src/nspawn/nspawn-patch-uid.c
View file

@ -271,13 +271,13 @@ static int is_fs_fully_userns_compatible(const struct statfs *sfs) {
F_TYPE_EQUAL(sfs->f_type, CGROUP2_SUPER_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, DEBUGFS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, DEVPTS_SUPER_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, EFIVARFS_MAGIC) ||
//F_TYPE_EQUAL(sfs->f_type, EFIVARFS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, HUGETLBFS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, MQUEUE_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, PROC_SUPER_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, PSTOREFS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, SELINUX_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, SMACK_MAGIC) ||
//F_TYPE_EQUAL(sfs->f_type, SMACK_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, SECURITYFS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, BPF_FS_MAGIC) ||
F_TYPE_EQUAL(sfs->f_type, TRACEFS_MAGIC) ||

8
src/nspawn/nspawn-stub-pid1.c
View file

@ -21,11 +21,11 @@ static int reset_environ(const char *new_environment, size_t length) {
start = (unsigned long) new_environment;
end = start + length;
if (prctl(PR_SET_MM, PR_SET_MM_ENV_START, start, 0, 0) < 0)
return -errno;
//if (prctl(PR_SET_MM, PR_SET_MM_ENV_START, start, 0, 0) < 0)
// return -errno;
if (prctl(PR_SET_MM, PR_SET_MM_ENV_END, end, 0, 0) < 0)
return -errno;
//if (prctl(PR_SET_MM, PR_SET_MM_ENV_END, end, 0, 0) < 0)
// return -errno;
return 0;
}

6
src/nspawn/nspawn.c
View file

@ -3446,9 +3446,9 @@ static int inner_child(
if (r < 0)
return log_error_errno(r, "Dropping capabilities failed: %m");
if (arg_no_new_privileges)
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
return log_error_errno(errno, "Failed to disable new privileges: %m");
//if (arg_no_new_privileges)
// if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
// return log_error_errno(errno, "Failed to disable new privileges: %m");
/* LXC sets container=lxc, so follow the scheme here */
envp[n_env++] = strjoina("container=", arg_container_service_name);

2
src/shared/blockdev-util.c
View file

@ -632,7 +632,7 @@ int block_device_resize_partition(
};
struct blkpg_ioctl_arg ba = {
.op = BLKPG_RESIZE_PARTITION,
.op = 1,
.data = &bp,
.datalen = sizeof(bp),
};