Commit 72872a35 authored by Dimitri John Ledkov's avatar Dimitri John Ledkov
Browse files

Refresh patches.

parent 0267d12f
......@@ -2,7 +2,7 @@ systemd (237-1ubuntu1) bionic; urgency=medium
* Remaining delta from Debian:
- ship dhclient enter hook for dhclient integration with resolved
- ship resolvconf integration via stub-resolv.conf
- Use stub-resolv.conf as the default provider of /etc/resolv.conf
- ship s390x virtio interface names migration
- do not disable systemd-resolved upon libnss-resolve removal
- do not remount fs in containers, for non-degrated boot
......
......@@ -7,11 +7,9 @@ Subject: UBUNTU: drop unrelated settings from sysctl defaults shipped by
sysctl.d/50-default.conf | 22 ----------------------
1 file changed, 22 deletions(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index aff9930..e21f20b 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -11,31 +11,9 @@
@@ -11,28 +11,8 @@
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.
......@@ -26,15 +24,12 @@ index aff9930..e21f20b 100644
-kernel.core_uses_pid = 1
-
-# Source route verification
-net.ipv4.conf.default.rp_filter = 1
-net.ipv4.conf.all.rp_filter = 1
-
-# Do not accept source routing
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.all.accept_source_route = 0
-
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
# Fair Queue CoDel packet scheduler to fight bufferbloat
......
......@@ -11,16 +11,14 @@ unpriviledged user namespaced containers.
src/test/test-process-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 0f0e2cb..10ffcf8 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -379,7 +379,7 @@ static void test_rename_process_now(const char *p, int ret) {
@@ -381,7 +381,7 @@
assert_se(get_process_cmdline(0, 0, false, &cmdline) >= 0);
/* we cannot expect cmdline to be renamed properly without privileges */
- if (geteuid() == 0) {
+ if (geteuid() == 0 && !running_in_userns()) {
log_info("cmdline = <%s>", cmdline);
assert_se(strneq(p, cmdline, strlen("test-process-util")));
assert_se(strneq(p, cmdline, STRLEN("test-process-util")));
assert_se(startswith(p, cmdline));
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Thu, 20 Jul 2017 22:56:33 +0100
Subject: resolved: create private stub resolve file for integration with
resolvconf
This creates a second private resolve.conf file which lists the stub resolver
and the resolved acquired search domains.
This file is then supplied to resolvconf, such that non-nss using software does
name resolution via stub resolver, with search domains information.
In the future, this may become the default resolv.conf on Ubuntu.
---
src/resolve/resolved-resolv-conf.c | 40 +++++++++++++++++++++++-
src/resolve/resolved-resolv-conf.h | 1 +
units/meson.build | 2 ++
units/systemd-resolved-update-resolvconf.path | 2 ++
units/systemd-resolved-update-resolvconf.service | 7 +++++
units/systemd-resolved.service.in | 1 +
6 files changed, 52 insertions(+), 1 deletion(-)
create mode 100644 units/systemd-resolved-update-resolvconf.path
create mode 100644 units/systemd-resolved-update-resolvconf.service
diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c
index e3d6a33..bcc935a 100644
--- a/src/resolve/resolved-resolv-conf.c
+++ b/src/resolve/resolved-resolv-conf.c
@@ -66,6 +66,12 @@ int manager_read_resolv_conf(Manager *m) {
st.st_ino == own.st_ino)
return 0;
+ /* Is it symlinked to our own stub file? */
+ if (stat(PRIVATE_STUB_RESOLV_CONF, &own) >= 0 &&
+ st.st_dev == own.st_dev &&
+ st.st_ino == own.st_ino)
+ return 0;
+
f = fopen("/etc/resolv.conf", "re");
if (!f) {
if (errno == ENOENT)
@@ -234,11 +240,27 @@ static int write_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *doma
return fflush_and_check(f);
}
+static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *domains) {
+ Iterator i;
+
+ fputs("# This file is managed by man:systemd-resolved(8). Do not edit.\n#\n"
+ "# 127.0.0.53 is the systemd-resolved stub resolver.\n"
+ "# run \"systemd-resolve --status\" to see details about the actual nameservers.\n"
+ "nameserver 127.0.0.53\n\n", f);
+
+ if (!ordered_set_isempty(domains))
+ write_resolv_conf_search(domains, f);
+
+ return fflush_and_check(f);
+}
+
int manager_write_resolv_conf(Manager *m) {
_cleanup_ordered_set_free_ OrderedSet *dns = NULL, *domains = NULL;
_cleanup_free_ char *temp_path = NULL;
+ _cleanup_free_ char *temp_path_stub = NULL;
_cleanup_fclose_ FILE *f = NULL;
+ _cleanup_fclose_ FILE *f_stub = NULL;
int r;
assert(m);
@@ -258,8 +280,11 @@ int manager_write_resolv_conf(Manager *m) {
r = fopen_temporary_label(PRIVATE_RESOLV_CONF, PRIVATE_RESOLV_CONF, &f, &temp_path);
if (r < 0)
return log_warning_errno(r, "Failed to open private resolv.conf file for writing: %m");
-
+ r = fopen_temporary_label(PRIVATE_STUB_RESOLV_CONF, PRIVATE_STUB_RESOLV_CONF, &f_stub, &temp_path_stub);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to open private stub-resolv.conf file for writing: %m");
(void) fchmod(fileno(f), 0644);
+ (void) fchmod(fileno(f_stub), 0644);
r = write_resolv_conf_contents(f, dns, domains);
if (r < 0) {
@@ -272,11 +297,24 @@ int manager_write_resolv_conf(Manager *m) {
goto fail;
}
+ r = write_stub_resolv_conf_contents(f_stub, dns, domains);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write private stub-resolv.conf contents: %m");
+ goto fail;
+ }
+
+ if (rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF) < 0) {
+ r = log_error_errno(errno, "Failed to move private stub-resolv.conf file into place: %m");
+ goto fail;
+ }
+
return 0;
fail:
(void) unlink(PRIVATE_RESOLV_CONF);
(void) unlink(temp_path);
+ (void) unlink(PRIVATE_STUB_RESOLV_CONF);
+ (void) unlink(temp_path_stub);
return r;
}
diff --git a/src/resolve/resolved-resolv-conf.h b/src/resolve/resolved-resolv-conf.h
index 75fa080..e2ddeb6 100644
--- a/src/resolve/resolved-resolv-conf.h
+++ b/src/resolve/resolved-resolv-conf.h
@@ -22,6 +22,7 @@
#include "resolved-manager.h"
#define PRIVATE_RESOLV_CONF "/run/systemd/resolve/resolv.conf"
+#define PRIVATE_STUB_RESOLV_CONF "/run/systemd/resolve/stub-resolv.conf"
int manager_read_resolv_conf(Manager *m);
int manager_write_resolv_conf(Manager *m);
diff --git a/units/meson.build b/units/meson.build
index 32dbdcc..5ee5897 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -95,6 +95,8 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-resolved-update-resolvconf.path', '',],
+ ['systemd-resolved-update-resolvconf.service', '',],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
'timers.target.wants/'],
diff --git a/units/systemd-resolved-update-resolvconf.path b/units/systemd-resolved-update-resolvconf.path
new file mode 100644
index 0000000..ae0d1af
--- /dev/null
+++ b/units/systemd-resolved-update-resolvconf.path
@@ -0,0 +1,2 @@
+[Path]
+PathChanged=/run/systemd/resolve/stub-resolv.conf
diff --git a/units/systemd-resolved-update-resolvconf.service b/units/systemd-resolved-update-resolvconf.service
new file mode 100644
index 0000000..ebec5d8
--- /dev/null
+++ b/units/systemd-resolved-update-resolvconf.service
@@ -0,0 +1,7 @@
+[Unit]
+ConditionPathExists=/run/resolvconf/enable-updates
+ConditionFileIsExecutable=/sbin/resolvconf
+
+[Service]
+Type=oneshot
+ExecStart=+-/bin/sh -c 'cat /run/systemd/resolve/stub-resolv.conf | /sbin/resolvconf -a systemd-resolved'
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index 4b5cc83..f77427d 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -15,6 +15,7 @@ DefaultDependencies=no
After=systemd-networkd.service network.target
Before=network-online.target nss-lookup.target
Wants=nss-lookup.target
+Wants=systemd-resolved-update-resolvconf.path
[Service]
Type=notify
......@@ -25,7 +25,6 @@ debian/Avoid-requiring-a-kvm-system-group.patch
debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
debian/Skip-starting-systemd-remount-fs.service-in-containers.patch
debian/Ubuntu-UseDomains-by-default.patch
debian/Ubuntu-resolved-resolvconf-integration.patch
debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment