Commit 44107547 authored by Chris Coulson's avatar Chris Coulson Committed by Simon McVittie
Browse files

Import Debian changes 237-3ubuntu10.9

systemd (237-3ubuntu10.9) bionic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst
parent acee940a
systemd (237-3ubuntu10.8) bionic; urgency=medium
* debian/extra/start-udev: ignore failure to set sync parameter.
On old kernels (e.g. v4.4) the file is available but appears to be
non-writable. Hide error messages and ignore failure to write out sync into the
parameters file. This does not regress https://pad.lv/1779815 since older
kernel did synchronous scan anyway. But it does resolve failure to start the
installer on old kernels. (LP: #1784454)
File: debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6
* cryptsetup: add support for sector-size= option (LP: #1776626)
File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639
* systemctl: correctly proceed to immediate shutdown if scheduling fails
(LP: #1670291)
File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3
* core: export environment when running generators.
Ensure that manager's environment (including e.g. PATH) is exported when
running generators. Otherwise, one is at a mercy of running without PATH which
can lead to buggy generator behaviour. (LP: #1771858)
Files:
- debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
- debian/patches/core-execute-generators-with-manager-s-environmnet.patch
- debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35
* networkd: add support to set IPv6MTUBytes (LP: #1671951)
File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:15:00 +0000
systemd (237-3ubuntu10.7) bionic-security; urgency=medium
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:00:20 +0000
systemd (237-3ubuntu10.9) bionic-security; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
resolve this completely
- CVE-2018-6954
[ Balint Reczey ]
* Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
- update debian/systemd.postinst
-- Chris Coulson <chris.coulson@canonical.com> Thu, 15 Nov 2018 20:45:11 +0000
systemd (237-3ubuntu10.6) bionic-security; urgency=medium
......
......@@ -9,10 +9,8 @@ Uploaders: Michael Biebl <biebl@debian.org>,
Martin Pitt <mpitt@debian.org>
Standards-Version: 4.1.3
Rules-Requires-Root: no
Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd -b ubuntu-bionic
Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd
XS-Vcs-Debian-Git: https://salsa.debian.org/systemd-team/systemd.git
XS-Vcs-Debian-Browser: https://salsa.debian.org/systemd-team/systemd
Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd
Build-Depends: debhelper (>= 10.4~),
pkg-config,
......@@ -78,7 +76,6 @@ Depends: ${shlibs:Depends},
mount (>= 2.26),
adduser,
procps,
Conflicts: systemd-shim, upstart
Breaks: apparmor (<< 2.9.2-1),
systemd-shim (<< 10-3~),
ifupdown (<< 0.8.5~),
......@@ -209,7 +206,7 @@ Depends: ${shlibs:Depends},
systemd (= ${binary:Version}),
libpam-runtime (>= 1.0.1-6),
dbus,
systemd-sysv
systemd-shim (>= 10-3~) | systemd-sysv
Description: system and service manager - PAM module
This package contains the PAM module which registers user sessions in
the systemd control group hierarchy for logind.
......
......@@ -11,7 +11,7 @@ fi
# This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf
# in the event that scsi_mod is built in to the kernel, not a module:
if [ -f /sys/module/scsi_mod/parameters/scan ]; then
echo sync > /sys/module/scsi_mod/parameters/scan >/dev/null || :
echo sync > /sys/module/scsi_mod/parameters/scan
fi
SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
......
From 8948b3415d762245ebf5e19d80b97d4d8cc208c1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Oct 2018 18:36:24 +0200
Subject: [PATCH] =?UTF-8?q?core:=20when=20deserializing=20state=20always?=
=?UTF-8?q?=20use=20read=5Fline(=E2=80=A6,=20LONG=5FLINE=5FMAX,=20?=
=?UTF-8?q?=E2=80=A6)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
---
src/core/job.c | 19 +++++++++++--------
src/core/manager.c | 41 ++++++++++++++++++++---------------------
src/core/unit.c | 34 ++++++++++++++++++----------------
src/core/unit.h | 2 +-
4 files changed, 50 insertions(+), 46 deletions(-)
Description: core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
Origin: upstream, https://github.com/poettering/systemd/commit/8948b3415d762245ebf5e19d80b97d4d8cc208c1
Bug-Ubuntu: https://launchpad.net/bugs/1796402
--- a/src/core/job.c
+++ b/src/core/job.c
......
From 5de6cce58b3e8b79239b6e83653459d91af6e57c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 11:26:59 +0200
Subject: [PATCH] chown-recursive: let's rework the recursive logic to use
O_PATH
That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands.
Fixes a vulnerability originally found by Jann Horn from Google.
CVE-2018-15687
LP: #1796692
https://bugzilla.redhat.com/show_bug.cgi?id=1639076
---
src/core/chown-recursive.c | 146 ++++++++++++++++++-------------------
1 file changed, 70 insertions(+), 76 deletions(-)
Description: chown-recursive: let's rework the recursive logic to use O_PATH
That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands.
Fixes a vulnerability originally found by Jann Horn from Google.
CVE-2018-15687
Origin: upstream, https://github.com/poettering/systemd/commit/5de6cce58b3e8b79239b6e83653459d91af6e57c
Bug-Ubuntu: https://launchpad.net/bugs/1796692
--- a/src/core/chown-recursive.c
+++ b/src/core/chown-recursive.c
......
From 936f6bdb803c432578e2cdcc5f93f3bfff93aff0 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 2 Mar 2018 17:19:32 +0100
Subject: [PATCH] tmpfiles: don't resolve pathnames when traversing recursively
Description: tmpfiles: don't resolve pathnames when traversing recursively
through directory trees
Otherwise we can be fooled if one path component is replaced underneath us.
Otherwise we can be fooled if one path component is replaced underneath us.
The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.
The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.
However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.
However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.
Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...
Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...
Fixes: #7986
Fixes: CVE-2018-6954
---
src/tmpfiles/tmpfiles.c | 363 ++++++++++++++++++++++++++--------------
1 file changed, 239 insertions(+), 124 deletions(-)
Fixes: CVE-2018-6954
Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0
Bug: https://github.com/systemd/systemd/issues/7986
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
......
This diff is collapsed.
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 19:51:23 +0100
Subject: core: execute environment_generators with manager's environment
(cherry picked from commit ea368f0bd2b77bbc67eab42471b470582f0bd6bc)
---
src/core/manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 7ccef8e..3afa39a 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3406,7 +3406,7 @@ static int manager_run_environment_generators(Manager *m) {
if (!generator_path_any(paths))
return 0;
- return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, NULL);
+ return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, m->environment);
}
static int manager_run_generators(Manager *m) {
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 19:52:30 +0100
Subject: core: execute generators with manager's environmnet
(cherry picked from commit a3156a8ee4d68b09715225cc04674eea7b5aaec4)
---
src/core/manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 3afa39a..0720ae2 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3438,7 +3438,7 @@ static int manager_run_generators(Manager *m) {
RUN_WITH_UMASK(0022)
execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC,
- NULL, NULL, (char**) argv, NULL);
+ NULL, NULL, (char**) argv, m->environment);
finish:
lookup_paths_trim_generator(&m->lookup_paths);
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Fri, 24 Aug 2018 16:37:45 +0100
Subject: cryptsetup: add support for sector-size= option (#8881)
Bug-Ubuntu: https://launchpad.net/bugs/1776626
(cherry picked from commit 9a63ee584da7c76e7945f3dbf386a093dbf40d8d)
---
man/crypttab.xml | 9 +++++++++
meson.build | 6 ++++++
src/cryptsetup/cryptsetup.c | 30 ++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index dc43257..f400114 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -283,6 +283,15 @@
option.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>sector-size=</option></term>
+
+ <listitem><para>Specifies the sector size in bytes. See
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default value of this
+ option.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>swap</option></term>
diff --git a/meson.build b/meson.build
index b9e59ec..08c15ca 100644
--- a/meson.build
+++ b/meson.build
@@ -940,11 +940,17 @@ if want_libcryptsetup != 'false' and not fuzzer_build
version : '>= 1.6.0',
required : want_libcryptsetup == 'true')
have = libcryptsetup.found()
+ have_sector = cc.has_member(
+ 'struct crypt_params_plain',
+ 'sector_size',
+ prefix : '#include <libcryptsetup.h>')
else
have = false
+ have_sector = false
libcryptsetup = []
endif
conf.set10('HAVE_LIBCRYPTSETUP', have)
+conf.set10('HAVE_LIBCRYPTSETUP_SECTOR_SIZE', have_sector)
want_libcurl = get_option('libcurl')
if want_libcurl != 'false' and not fuzzer_build
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 7255ff4..8a3d562 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -41,10 +41,14 @@
/* internal helper */
#define ANY_LUKS "LUKS"
+/* as in src/cryptsetup.h */
+#define CRYPT_SECTOR_SIZE 512
+#define CRYPT_MAX_SECTOR_SIZE 4096
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
static char *arg_cipher = NULL;
static unsigned arg_key_size = 0;
+static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
static int arg_key_slot = CRYPT_ANY_SLOT;
static unsigned arg_keyfile_size = 0;
static uint64_t arg_keyfile_offset = 0;
@@ -104,6 +108,29 @@ static int parse_one_option(const char *option) {
arg_key_size /= 8;
+ } else if ((val = startswith(option, "sector-size="))) {
+
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
+ r = safe_atou(val, &arg_sector_size);
+ if (r < 0) {
+ log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
+ return 0;
+ }
+
+ if (arg_sector_size % 2) {
+ log_error("sector-size= not a multiple of 2, ignoring.");
+ return 0;
+ }
+
+ if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) {
+ log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
+ return 0;
+ }
+#else
+ log_error("sector-size= is not supported, compiled with old libcryptsetup.");
+ return 0;
+#endif
+
} else if ((val = startswith(option, "key-slot="))) {
arg_type = ANY_LUKS;
@@ -490,6 +517,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
+ .sector_size = arg_sector_size,
+#endif
};
const char *cipher, *cipher_mode;
_cleanup_free_ char *truncated_cipher = NULL;
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Sat, 26 Apr 2014 23:49:32 +0200
Subject: Support system-image read-only /etc
On Ubuntu Phone with readonly /etc we symlink
/etc/{adjtime,localtime,timezone,hostname,machine-info} to /etc/writable/, so
we need to update those files instead if the original files are symlinks into
/etc/writable/.
Forwarded: OMGno, this is a rather nasty hack until we fix system-image to get a writable /etc
Bug-Ubuntu: https://launchpad.net/bugs/1227520
---
src/hostname/hostnamed.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 1c8c769..c92d792 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -31,6 +31,7 @@
#include "hostname-util.h"
#include "parse-util.h"
#include "path-util.h"
+#include "fs-util.h"
#include "selinux-util.h"
#include "strv.h"
#include "user-util.h"
@@ -76,6 +77,25 @@ static void context_free(Context *c) {
bus_verify_polkit_async_registry_free(c->polkit_registry);
}
+/* Hack for Ubuntu phone: check if path is an existing symlink to
+ * /etc/writable; if it is, update that instead */
+static const char* writable_filename(const char *path) {
+ ssize_t r;
+ static char realfile_buf[PATH_MAX];
+ _cleanup_free_ char *realfile = NULL;
+ const char *result = path;
+ int orig_errno = errno;
+
+ r = readlink_and_make_absolute(path, &realfile);
+ if (r >= 0 && startswith(realfile, "/etc/writable")) {
+ snprintf(realfile_buf, sizeof(realfile_buf), "%s", realfile);
+ result = realfile_buf;
+ }
+
+ errno = orig_errno;
+ return result;
+}
+
static int context_read_data(Context *c) {
int r;
struct utsname u;
@@ -303,12 +323,12 @@ static int context_write_data_static_hostname(Context *c) {
if (isempty(c->data[PROP_STATIC_HOSTNAME])) {
- if (unlink("/etc/hostname") < 0)
+ if (unlink(writable_filename("/etc/hostname")) < 0)
return errno == ENOENT ? 0 : -errno;
return 0;
}
- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]);
+ return write_string_file_atomic_label(writable_filename("/etc/hostname"), c->data[PROP_STATIC_HOSTNAME]);
}
static int context_write_data_machine_info(Context *c) {
@@ -354,13 +374,13 @@ static int context_write_data_machine_info(Context *c) {
}
if (strv_isempty(l)) {
- if (unlink("/etc/machine-info") < 0)
+ if (unlink(writable_filename("/etc/machine-info")) < 0)
return errno == ENOENT ? 0 : -errno;
return 0;
}
- return write_env_file_label("/etc/machine-info", l);
+ return write_env_file_label(writable_filename("/etc/machine-info"), l);
}
static int property_get_icon_name(
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Thu, 4 Oct 2018 15:25:50 +0100
Subject: units: Disable journald Watchdog
https://github.com/systemd/systemd/issues/9079
LP: #1773148
---
units/systemd-journald.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 24c0150..4d2d7a7 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -23,7 +23,6 @@ Restart=always
RestartSec=0
StandardOutput=null
Nice=-1
-WatchdogSec=3min
FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
MemoryDenyWriteExecute=yes
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 18:19:13 +0100
Subject: exec-util: in execute_directories, support initial exec environment
(cherry picked from commit 78ec1bb436fb18df3b56212c442cc4775a136d1a)
---
src/basic/exec-util.c | 13 +++++++++----
src/basic/exec-util.h | 3 ++-
src/core/manager.c | 4 ++--
src/core/shutdown.c | 2 +-
src/sleep/sleep.c | 4 ++--
src/test/test-exec-util.c | 43 ++++++++++++++++++++++++++++++++++++-------
6 files changed, 52 insertions(+), 17 deletions(-)
diff --git a/src/basic/exec-util.c b/src/basic/exec-util.c
index 0829b3d..f13de4f 100644
--- a/src/basic/exec-util.c
+++ b/src/basic/exec-util.c
@@ -92,11 +92,12 @@ static int do_execute(
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
int output_fd,
- char *argv[]) {
+ char *argv[],
+ char *envp[]) {
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_strv_free_ char **paths = NULL;
- char **path;
+ char **path, **e;
int r;
/* We fork this all off from a child process so that we can somewhat cleanly make
@@ -121,6 +122,9 @@ static int do_execute(
if (timeout != USEC_INFINITY)
alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
+ STRV_FOREACH(e, envp)
+ putenv(*e);
+
STRV_FOREACH(path, paths) {
_cleanup_free_ char *t = NULL;
_cleanup_close_ int fd = -1;
@@ -187,7 +191,8 @@ int execute_directories(
usec_t timeout,
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
- char *argv[]) {
+ char *argv[],
+ char *envp[]) {
char **dirs = (char**) directories;
_cleanup_close_ int fd = -1;
@@ -218,7 +223,7 @@ int execute_directories(
if (r < 0)
return r;
if (r == 0) {
- r = do_execute(dirs, timeout, callbacks, callback_args, fd, argv);
+ r = do_execute(dirs, timeout, callbacks, callback_args, fd, argv, envp);
_exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
}
diff --git a/src/basic/exec-util.h b/src/basic/exec-util.h
index d69bec7..e89d5e5 100644
--- a/src/basic/exec-util.h
+++ b/src/basic/exec-util.h
@@ -36,6 +36,7 @@ int execute_directories(
usec_t timeout,
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
- char *argv[]);
+ char *argv[],
+ char *envp[]);
extern const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX];
diff --git a/src/core/manager.c b/src/core/manager.c
index dee9508..7ccef8e 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3406,7 +3406,7 @@ static int manager_run_environment_generators(Manager *m) {
if (!generator_path_any(paths))
return 0;
- return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL);
+ return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, NULL);
}
static int manager_run_generators(Manager *m) {
@@ -3438,7 +3438,7 @@ static int manager_run_generators(Manager *m) {