import systemd-256-8.el10

40aae7b1 · importbot · a2a7751f · 40aae7b1 · 40aae7b1 · 40aae7b1
Commit 40aae7b1 authored 7 months ago by importbot
--- a/SOURCES/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+++ b/SOURCES/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+From 352f8ad0bfdd8a41f6aa34e3e43038ae75eedf73 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 15 May 2018 09:24:20 +0200
+Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
+
+rhel-only: policy
+
+Related: RHEL-40924
+---
+ units/basic.target | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/units/basic.target b/units/basic.target
+index d8cdd5ac14..9eae0782a2 100644
+--- a/units/basic.target
+++ b/units/basic.target
+@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
+ # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
+ # we support that unit being masked, and this should not be considered an error.
+ RequiresMountsFor=/var /var/tmp
+-Wants=tmp.mount
+# RHEL-only: Disable /tmp on tmpfs.
+#Wants=tmp.mount
--- a/SOURCES/0073-unit-don-t-add-Requires-for-tmp.mount.patch
+++ b/SOURCES/0073-unit-don-t-add-Requires-for-tmp.mount.patch
+From e794e570a50392b503549befb65bc8cac0a29869 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 5 Sep 2016 12:47:09 +0200
+Subject: [PATCH] unit: don't add Requires for tmp.mount
+
+rhel-only: policy
+
+Related: RHEL-40924
+---
+ src/core/mount.c | 2 +-
+ src/core/unit.c  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index ebafcafa92..9edb2d47eb 100644
+--- a/src/core/mount.c
+++ b/src/core/mount.c
+@@ -313,7 +313,7 @@ static int mount_add_mount_dependencies(Mount *m) {
+                         if (r < 0)
+                                 return r;
+ 
+-                        if (UNIT(m)->fragment_path) {
+                        if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
+                                 /* If we have fragment configuration, then make this dependency required/wanted */
+                                 r = unit_add_dependency(
+                                                 other,
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 0ec5dcaf75..a5556ba462 100644
+--- a/src/core/unit.c
+++ b/src/core/unit.c
+@@ -1544,7 +1544,7 @@ static int unit_add_mount_dependencies(Unit *u) {
+                                         return r;
+                                 changed = changed || r > 0;
+ 
+-                                if (m->fragment_path) {
+                                if (m->fragment_path && !streq(m->id, "tmp.mount")) {
+                                         r = unit_add_dependency(
+                                                         u,
+                                                         unit_mount_dependency_type_to_dependency_type(t),
--- a/SOURCES/0074-units-add-Install-section-to-tmp.mount.patch
+++ b/SOURCES/0074-units-add-Install-section-to-tmp.mount.patch
+From de0e2fde86a7eebbc5c11bb5e4d40d9ab6621ed1 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 22 Jan 2019 10:28:42 +0100
+Subject: [PATCH] units: add [Install] section to tmp.mount
+
+rhel-only: policy
+
+Related: RHEL-40924
+---
+ units/tmp.mount | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/units/tmp.mount b/units/tmp.mount
+index 896040524a..d7beaa8d14 100644
+--- a/units/tmp.mount
+++ b/units/tmp.mount
+@@ -23,3 +23,7 @@ What=tmpfs
+ Where=/tmp
+ Type=tmpfs
+ Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m
+
+# Make 'systemctl enable tmp.mount' work:
+[Install]
+WantedBy=local-fs.target
--- a/SOURCES/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+++ b/SOURCES/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+From 571c902adb894bfff481de4591a56a16add2670b Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 22 Sep 2021 14:38:00 +0200
+Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
+
+rhel-only: policy
+
+Related: RHEL-40924
+---
+ units/meson.build | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/units/meson.build b/units/meson.build
+index b231341a1f..39fa6f42c0 100644
+--- a/units/meson.build
+++ b/units/meson.build
+@@ -761,10 +761,7 @@ units = [
+         { 'file' : 'time-set.target' },
+         { 'file' : 'time-sync.target' },
+         { 'file' : 'timers.target' },
+-        {
+-          'file' : 'tmp.mount',
+-          'symlinks' : ['local-fs.target.wants/'],
+-        },
+        { 'file' : 'tmp.mount' },
+         { 'file' : 'tpm2.target' },
+         { 'file' : 'umount.target' },
+         { 'file' : 'usb-gadget.target' },
--- a/SOURCES/10-timeout-abort.conf
+++ b/SOURCES/10-timeout-abort.conf
-# This file is part of the systemd package.
-# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
-#
-# To facilitate debugging when a service fails to stop cleanly,
-# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
-# the time allotted. This will cause the service to be terminated with SIGABRT
-# and a coredump to be generated.
-#
-# To undo this configuration change, create a mask file:
-#   sudo mkdir -p /etc/systemd/system/service.d
-#   sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
-
-[Service]
-TimeoutStopFailureMode=abort
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -48,7 +48,7 @@ Url:            https://systemd.io
 # Allow users to specify the version and release when building the rpm by 
 # setting the %%version_override and %%release_override macros.
 Version:        %{?version_override}%{!?version_override:256}
-Release:        6%{?dist}
+Release:        8%{?dist}

 %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)

@@ -83,7 +83,7 @@ Source13:       .abignore

 Source14:       10-oomd-defaults.conf
 Source15:       10-oomd-per-slice-defaults.conf
-Source16:       10-timeout-abort.conf
+
 Source17:       10-map-count.conf

 Source21:       macros.sysusers
@@ -177,6 +177,10 @@ Patch0068: 0068-taint-remove-unused-variable-usr_sbin.patch
 Patch0069: 0069-packit-drop-the-libarchive-workaround.patch
 Patch0070: 0070-packit-drop-the-dependency-on-python3-zstd.patch
 Patch0071: 0071-coredump-by-default-process-and-store-core-files-up-.patch
+Patch0072: 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+Patch0073: 0073-unit-don-t-add-Requires-for-tmp.mount.patch
+Patch0074: 0074-units-add-Install-section-to-tmp.mount.patch
+Patch0075: 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch

 # Downstream-only patches (9000–9999)

@@ -739,6 +743,7 @@ CONFIGURE_OPTS=(
        -Dsbat-distro-url=mailto:secalert@redhat.com
        -Dsshconfdir=no
        -Dsshdconfdir=no
+        -Duserdb=false
 )

 %if %{without lto}
@@ -756,8 +761,6 @@ if ! diff -u %{SOURCE1} ${new_triggers}; then
   sleep 5
 fi

-sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
-
 %install
 %meson_install

@@ -859,9 +862,6 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
 install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
 install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}
-# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
-install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16}
-install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf

 # https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17}
@@ -944,7 +944,7 @@ if [ $1 -ge 1 ]; then
  systemd-tmpfiles --create &>/dev/null || :
 fi

-%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service
+%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service

 # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)

@@ -1107,6 +1107,16 @@ rm -f .file-list-*
 rm -f %{name}.lang

 %changelog
+* Tue Jul 23 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-8
+- Avoid /tmp being mounted as tmpfs without the user's will (RHEL-40924)
+- unit: don't add Requires for tmp.mount (RHEL-40924)
+- units: add [Install] section to tmp.mount (RHEL-40924)
+- units: don't enable tmp.mount statically in local-fs.target (RHEL-40924)
+
+* Mon Jul 22 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-7
+- drop 10-timeout-abort.conf snippet (RHEL-46280)
+- don't ship systemd-userdbd (RHEL-46280)
+
 * Fri Jul 19 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-6
 - doc: add downstream CONTRIBUTING document (RHEL-40924)
 - ci: allow `policy` as rhel-only keyword (RHEL-40924)