Commit 9140fce0 authored by Jon Severinsson's avatar Jon Severinsson
Browse files

Update Debian patches to apply on top of v208-stable.

parent 87c35578
systemd (208-6) UNRELEASED; urgency=medium
* Add v208-stable patch series.
- Update Debian patches to apply on top of v208-stable.
-- Jon Severinsson <jon@severinsson.net> Sun, 06 Jul 2014 18:00:00 +0200
......
......@@ -8,7 +8,7 @@ Closes: #675422
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
index 3b534a1..74bc677 100644
index f0312ef..445ba5c 100644
--- a/tmpfiles.d/tmp.conf
+++ b/tmpfiles.d/tmp.conf
@@ -8,8 +8,8 @@
......@@ -21,4 +21,4 @@ index 3b534a1..74bc677 100644
+#d /var/tmp 1777 root root 30d
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-*
x /tmp/systemd-*.service-*
......@@ -11,13 +11,13 @@ Bug-Debian: http://bugs.debian.org/657948
1 file changed, 1 insertion(+)
diff --git a/rules/80-drivers.rules b/rules/80-drivers.rules
index 0b22d73..0163ba8 100644
index 8551f47..f764075 100644
--- a/rules/80-drivers.rules
+++ b/rules/80-drivers.rules
@@ -9,5 +9,6 @@ SUBSYSTEM=="memstick", RUN{builtin}="kmod load ms_block mspro_block"
SUBSYSTEM=="i2o", RUN{builtin}="kmod load i2o_block"
SUBSYSTEM=="module", KERNEL=="parport_pc", RUN{builtin}="kmod load ppdev"
KERNEL=="mtd*ro", ENV{MTD_FTL}=="smartmedia", RUN{builtin}="kmod load sm_ftl"
@@ -9,5 +9,6 @@ SUBSYSTEM=="memstick", RUN{builtin}+="kmod load ms_block mspro_block"
SUBSYSTEM=="i2o", RUN{builtin}+="kmod load i2o_block"
SUBSYSTEM=="module", KERNEL=="parport_pc", RUN{builtin}+="kmod load ppdev"
KERNEL=="mtd*ro", ENV{MTD_FTL}=="smartmedia", RUN{builtin}+="kmod load sm_ftl"
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg"
LABEL="drivers_end"
......@@ -8,7 +8,7 @@ Subject: Make 99-systemd.rules check for /run/systemd/systemd instead of the
1 file changed, 1 insertion(+)
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
index bbb7d0c..152eed1 100644
index 713e052..8d3b306 100644
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -6,6 +6,7 @@
......@@ -17,5 +17,5 @@ index bbb7d0c..152eed1 100644
ACTION=="remove", GOTO="systemd_end"
+TEST!="/run/systemd/system", GOTO="systemd_end"
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*", TAG+="systemd"
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*", TAG+="systemd"
......@@ -8,18 +8,18 @@ Subject: Make systemctl enable/disable call update-rc.d for sysv init scripts
1 file changed, 6 insertions(+), 15 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index bb7ada9..a5624a8 100644
index 517257b..2a69c65 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -4221,7 +4221,6 @@ static int set_environment(DBusConnection *bus, char **args) {
static int enable_sysv_units(char **args) {
@@ -4224,7 +4224,6 @@ static int set_environment(DBusConnection *bus, char **args) {
static int enable_sysv_units(const char *verb, char **args) {
int r = 0;
-#if defined(HAVE_SYSV_COMPAT) && defined(HAVE_CHKCONFIG)
const char *verb = args[0];
unsigned f = 1, t = 1;
LookupPaths paths = {};
@@ -4230,8 +4229,9 @@ static int enable_sysv_units(char **args) {
@@ -4232,8 +4231,9 @@ static int enable_sysv_units(const char *verb, char **args) {
return 0;
if (!streq(verb, "enable") &&
......@@ -31,7 +31,7 @@ index bb7ada9..a5624a8 100644
return 0;
/* Processes all SysV units, and reshuffles the array so that
@@ -4247,7 +4247,7 @@ static int enable_sysv_units(char **args) {
@@ -4249,7 +4249,7 @@ static int enable_sysv_units(const char *verb, char **args) {
_cleanup_free_ char *p = NULL, *q = NULL;
bool found_native = false, found_sysv;
unsigned c = 1;
......@@ -40,7 +40,7 @@ index bb7ada9..a5624a8 100644
char **k, *l;
int j;
pid_t pid;
@@ -4280,9 +4280,6 @@ static int enable_sysv_units(char **args) {
@@ -4282,9 +4282,6 @@ static int enable_sysv_units(const char *verb, char **args) {
break;
}
......@@ -50,7 +50,7 @@ index bb7ada9..a5624a8 100644
if (!isempty(arg_root))
asprintf(&p, "%s/" SYSTEM_SYSVINIT_PATH "/%s", arg_root, name);
else
@@ -4301,15 +4298,10 @@ static int enable_sysv_units(char **args) {
@@ -4303,15 +4300,10 @@ static int enable_sysv_units(const char *verb, char **args) {
/* Mark this entry, so that we don't try enabling it as native unit */
args[f] = (char*) "";
......@@ -68,7 +68,7 @@ index bb7ada9..a5624a8 100644
argv[c] = NULL;
l = strv_join((char**)argv, " ");
@@ -4375,7 +4367,6 @@ finish:
@@ -4377,7 +4369,6 @@ finish:
args[t] = NULL;
......
......@@ -10,19 +10,19 @@ $local_fs, too.
---
Makefile.am | 1 +
man/systemd.special.xml | 35 +++++++++++++++++++++++++++++++++++
src/core/service.c | 16 +++++++++-------
src/core/service.c | 12 +++++-------
src/core/special.h | 3 ++-
units/syslog.socket | 5 ++++-
units/syslog.target | 19 +++++++++++++++++++
units/systemd-journald.socket | 2 +-
7 files changed, 71 insertions(+), 10 deletions(-)
7 files changed, 67 insertions(+), 10 deletions(-)
create mode 100644 units/syslog.target
diff --git a/Makefile.am b/Makefile.am
index 43f1ec6..909bf58 100644
index df2bdf5..23056d9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -415,6 +415,7 @@ dist_systemunit_DATA = \
@@ -423,6 +423,7 @@ dist_systemunit_DATA = \
units/smartcard.target \
units/systemd-ask-password-wall.path \
units/systemd-ask-password-console.path \
......@@ -31,10 +31,10 @@ index 43f1ec6..909bf58 100644
units/systemd-udevd-kernel.socket \
units/system-update.target \
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 863a029..0876ccc 100644
index 4dd7d97..a7302c0 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -97,6 +97,7 @@
@@ -98,6 +98,7 @@
<filename>swap.target</filename>,
<filename>sysinit.target</filename>,
<filename>syslog.socket</filename>,
......@@ -42,7 +42,7 @@ index 863a029..0876ccc 100644
<filename>system-update.target</filename>,
<filename>time-sync.target</filename>,
<filename>timers.target</filename>,
@@ -367,6 +368,27 @@
@@ -368,6 +369,27 @@
that have the
<option>auto</option> mount
option set.</para>
......@@ -70,7 +70,7 @@ index 863a029..0876ccc 100644
</listitem>
</varlistentry>
<varlistentry>
@@ -675,6 +697,19 @@
@@ -676,6 +698,19 @@
</listitem>
</varlistentry>
<varlistentry>
......@@ -91,10 +91,10 @@ index 863a029..0876ccc 100644
<listitem>
<para>A special target unit
diff --git a/src/core/service.c b/src/core/service.c
index 6792024..47587d0 100644
index 9fd58fa..fbe0428 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -332,8 +332,7 @@ static void service_done(Unit *u) {
@@ -334,8 +334,7 @@ static void service_done(Unit *u) {
static char *sysv_translate_name(const char *name) {
char *r;
......@@ -104,17 +104,13 @@ index 6792024..47587d0 100644
return NULL;
if (endswith(name, ".sh"))
@@ -356,12 +355,16 @@ static int sysv_translate_facility(const char *name, const char *filename, char
@@ -358,12 +357,12 @@ static int sysv_translate_facility(const char *name, const char *filename, char
static const char * const table[] = {
/* LSB defined facilities */
- "local_fs", NULL,
+ "local_fs", SPECIAL_LOCAL_FS_TARGET,
+ /* Due to unfortunate name selection in Mandriva,
+ * $network is provided by network-up which is ordered
+ * after network which actually starts interfaces.
+ * To break the loop, just ignore it */
"network", SPECIAL_NETWORK_TARGET,
"network", SPECIAL_NETWORK_ONLINE_TARGET,
"named", SPECIAL_NSS_LOOKUP_TARGET,
"portmap", SPECIAL_RPCBIND_TARGET,
"remote_fs", SPECIAL_REMOTE_FS_TARGET,
......@@ -123,7 +119,7 @@ index 6792024..47587d0 100644
"time", SPECIAL_TIME_SYNC_TARGET,
};
@@ -382,9 +385,8 @@ static int sysv_translate_facility(const char *name, const char *filename, char
@@ -384,9 +383,8 @@ static int sysv_translate_facility(const char *name, const char *filename, char
if (!table[i+1])
return 0;
......
......@@ -12,7 +12,7 @@ Path courtesy of Steve Langasek.
1 file changed, 112 insertions(+), 107 deletions(-)
diff --git a/src/locale/localed.c b/src/locale/localed.c
index e160c04..d6c7977 100644
index b9b98f4..eed35b0 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -202,6 +202,24 @@ static int read_data_locale(void) {
......@@ -214,6 +214,24 @@ index e160c04..d6c7977 100644
+ u = strv_env_set(l, t);
+ free(t);
+ strv_free(l);
+
+ if (!u)
+ return -ENOMEM;
+
+ l = u;
+ }
+
+ if (isempty(state.x11_variant)) {
+ l = strv_env_unset(l, "XKBVARIANT");
+ } else {
+ if (asprintf(&t, "XKBVARIANT=%s", state.x11_variant) < 0) {
+ strv_free(l);
+ return -ENOMEM;
+ }
+
+ u = strv_env_set(l, t);
+ free(t);
+ strv_free(l);
- fchmod(fileno(f), 0644);
+ if (!u)
......@@ -229,10 +247,10 @@ index e160c04..d6c7977 100644
- if (!isempty(state.x11_layout))
- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", state.x11_layout);
+ if (isempty(state.x11_variant)) {
+ l = strv_env_unset(l, "XKBVARIANT");
+ if (isempty(state.x11_options)) {
+ l = strv_env_unset(l, "XKBOPTIONS");
+ } else {
+ if (asprintf(&t, "XKBVARIANT=%s", state.x11_variant) < 0) {
+ if (asprintf(&t, "XKBOPTIONS=%s", state.x11_options) < 0) {
+ strv_free(l);
+ return -ENOMEM;
+ }
......@@ -255,13 +273,8 @@ index e160c04..d6c7977 100644
- fputs("EndSection\n", f);
- fflush(f);
+ if (isempty(state.x11_options)) {
+ l = strv_env_unset(l, "XKBOPTIONS");
+ } else {
+ if (asprintf(&t, "XKBOPTIONS=%s", state.x11_options) < 0) {
+ strv_free(l);
+ return -ENOMEM;
+ }
+ if (strv_isempty(l)) {
+ strv_free(l);
- if (ferror(f) || rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
- r = -errno;
......@@ -269,27 +282,14 @@ index e160c04..d6c7977 100644
- unlink(temp_path);
- } else
- r = 0;
+ u = strv_env_set(l, t);
+ free(t);
+ strv_free(l);
+
+ if (!u)
+ return -ENOMEM;
- fclose(f);
- free(temp_path);
+ l = u;
+ }
+
+ if (strv_isempty(l)) {
+ strv_free(l);
+
+ if (unlink("/etc/default/keyboard") < 0)
+ return errno == ENOENT ? 0 : -errno;
+
+ return 0;
+ }
+
- fclose(f);
- free(temp_path);
+ r = write_env_file("/etc/default/keyboard", l);
+ strv_free(l);
......
......@@ -9,11 +9,11 @@ over the upstream 50-udev-default.rules.
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules
index f764789..a033a52 100644
index 23ca088..7e2d2ff 100644
--- a/rules/50-udev-default.rules
+++ b/rules/50-udev-default.rules
@@ -17,8 +17,11 @@ SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666"
SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620"
@@ -20,8 +20,11 @@ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
+KERNEL=="mISDNtimer", GROUP="dialout"
......@@ -22,9 +22,9 @@ index f764789..a033a52 100644
SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+KERNEL=="nvram", GROUP="kmem", MODE="0640"
SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640"
SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640"
@@ -53,7 +56,7 @@ SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom"
SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664"
@@ -54,7 +57,7 @@ SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom"
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom"
KERNEL=="sch[0-9]*", GROUP="cdrom"
KERNEL=="pktcdvd[0-9]*", GROUP="cdrom"
......@@ -33,7 +33,7 @@ index f764789..a033a52 100644
SUBSYSTEM=="scsi_generic|scsi_tape", SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="tape"
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="0", GROUP="disk"
@@ -68,4 +71,13 @@ KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
@@ -71,4 +74,13 @@ KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
......
......@@ -12,33 +12,33 @@ paths. Closes: #721347
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4f26092..eb700ac 100644
index 9605b38..b7f8a74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,16 +67,16 @@ AC_PROG_GCC_TRADITIONAL
AC_PATH_PROG([M4], [m4])
AC_PATH_PROG([XSLTPROC], [xsltproc])
-AC_PATH_PROG([QUOTAON], [quotaon], [/usr/sbin/quotaon])
-AC_PATH_PROG([QUOTACHECK], [quotacheck], [/usr/sbin/quotacheck])
+AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon])
+AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck])
-AC_PATH_PROG([QUOTAON], [quotaon], [/usr/sbin/quotaon], [$PATH:/usr/sbin:/sbin])
-AC_PATH_PROG([QUOTACHECK], [quotacheck], [/usr/sbin/quotacheck], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck], [$PATH:/usr/sbin:/sbin])
-AC_PATH_PROG([SETCAP], [setcap], [/usr/sbin/setcap])
+AC_PATH_PROG([SETCAP], [setcap], [/sbin/setcap])
-AC_PATH_PROG([SETCAP], [setcap], [/usr/sbin/setcap], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([SETCAP], [setcap], [/sbin/setcap], [$PATH:/usr/sbin:/sbin])
-AC_PATH_PROG([KILL], [kill], [/usr/bin/kill])
+AC_PATH_PROG([KILL], [kill], [/bin/kill])
-AC_PATH_PROG([KILL], [kill], [/usr/bin/kill], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([KILL], [kill], [/bin/kill], [$PATH:/usr/sbin:/sbin])
-AC_PATH_PROG([KMOD], [kmod], [/usr/bin/kmod])
+AC_PATH_PROG([KMOD], [kmod], [/bin/kmod])
-AC_PATH_PROG([KMOD], [kmod], [/usr/bin/kmod], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([KMOD], [kmod], [/bin/kmod], [$PATH:/usr/sbin:/sbin])
-AC_PATH_PROG([KEXEC], [kexec], [/usr/sbin/kexec])
+AC_PATH_PROG([KEXEC], [kexec], [/sbin/kexec])
-AC_PATH_PROG([KEXEC], [kexec], [/usr/sbin/kexec], [$PATH:/usr/sbin:/sbin])
+AC_PATH_PROG([KEXEC], [kexec], [/sbin/kexec], [$PATH:/usr/sbin:/sbin])
# gtkdocize greps for '^GTK_DOC_CHECK', so it needs to be on its own line
m4_ifdef([GTK_DOC_CHECK], [
@@ -790,13 +790,13 @@ AC_ARG_WITH(kbd-loadkeys,
AS_IF([! ln --relative --help > /dev/null 2>&1], [AC_MSG_ERROR([*** ln doesn't support --relative ***])])
@@ -792,13 +792,13 @@ AC_ARG_WITH(kbd-loadkeys,
AS_HELP_STRING([--with-kbd-loadkeys=PATH],
[Path to loadkeys]),
[KBD_LOADKEYS="$withval"],
......
From: Michael Stapelberg <stapelberg@debian.org>
Date: Sun, 9 Feb 2014 11:07:09 +0100
Subject: fix remaining reference to systemd-logind.conf
---
man/systemd-inhibit.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml
index cac0ef6..f915fb8 100644
--- a/man/systemd-inhibit.xml
+++ b/man/systemd-inhibit.xml
@@ -158,7 +158,7 @@
time elapses, the lock is ignored and
the operation executed. The time limit
may be specified in
- <citerefentry><refentrytitle>systemd-logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note
+ <citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note
that <literal>delay</literal> is only
available for <literal>sleep</literal>
and
From: Michael Stapelberg <stapelberg@debian.org>
Date: Sun, 19 Jan 2014 18:40:56 +0100
Subject: =?utf-8?q?fix_systemctl_enable/disable/=E2=80=A6_error_message_?=
=?utf-8?q?=E2=80=9CFailed_to_issue_method_call=3A?=
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
No such file or directory”
The bug affected only non-native services, i.e. LSB SysV init scripts,
with isc-dhcp-server.service being an example for this commit message.
The bug was introduced with commit
fdcb1bce7b16f69c4d63451816e2c7f824d090b4. The issue is that
enable_unit() would not return even though the SysV init script was
disabled by enable_sysv_units(). enable_unit() then tried to
disable a native systemd unit called isc-dhcp-server.service, even
though there is no such native unit. This is what caused the “no such
file or directory” error message.
Closes: #734809
---
src/systemctl/systemctl.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 357ceac..78bdeb2 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -4459,10 +4459,6 @@ static int enable_unit(DBusConnection *bus, char **args) {
dbus_error_init(&error);
- r = enable_sysv_units(args);
- if (r < 0)
- return r;
-
if (!args[1])
return 0;
@@ -4470,6 +4466,13 @@ static int enable_unit(DBusConnection *bus, char **args) {
if (r < 0)
goto finish;
+ r = enable_sysv_units(args);
+ if (r < 0)
+ return r;
+
+ if (!args[1])
+ return 0;
+
if (!bus || avoid_bus()) {
if (streq(verb, "enable")) {
r = unit_file_enable(arg_scope, arg_runtime, arg_root, mangled_names, arg_force, &changes, &n_changes);
......@@ -14,7 +14,7 @@ Closes: #724797
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 9efccb9..a7bbb61 100644
index 0d954a2..f10fc11 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -142,9 +142,7 @@ static bool mount_is_network(struct mntent *me) {
......@@ -27,4 +27,4 @@ index 9efccb9..a7bbb61 100644
+ return hasmntopt(me, "x-initrd.mount");
}
static int add_mount(
static int add_fsck(FILE *f, const char *what, const char *where, const char *type, int passno) {
From: Michael Stapelberg <stapelberg@debian.org>
Date: Thu, 27 Feb 2014 22:12:05 +0100
Subject: pam: Check $XDG_RUNTIME_DIR owner
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
from Ubuntu’s patches/pam-check-runtime-dir-user.patch:
From: Martin Pitt <martinpitt@gnome.org>
Date: Wed, 13 Nov 2013 13:02:28 +0100
Subject: [PATCH] pam: Check $XDG_RUNTIME_DIR owner
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html requires
that $XDG_RUNTIME_DIR "MUST be owned by the user, and he MUST be the only one
having read and write access to it.".
Don't set an existing $XDG_RUNTIME_DIR in the PAM module if it isn't owned by
the session user. Otherwise su sessions get a runtime dir from a different user
which leads to either permission errors or scribbling over the other user's
files.
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=753882
Bug-Ubuntu: https://launchpad.net/bugs/1197395
---
src/login/pam-module.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 49296b5..b5862a8 100644
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -194,6 +194,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
dbus_bool_t remote, existing;
int r;
uint32_t vtnr = 0;
+ struct stat st;
assert(handle);
@@ -408,11 +409,25 @@ _public_ PAM_EXTERN int pam_sm_open_session(
goto finish;
}
- r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
- if (r != PAM_SUCCESS) {
- pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
+ /* only set $XDG_RUNTIME_DIR if it is owned by the target user, as per
+ * XDG basedir-spec; this avoids su sessions to scribble over a runtime
+ * dir of a different user */
+ r = lstat(runtime_path, &st);
+ if (r != 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to stat runtime dir: %s", strerror(errno));
+ r = PAM_SYSTEM_ERR;
goto finish;
}
+ if (st.st_uid == uid) {
+ r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
+ if (r != PAM_SUCCESS) {
+ pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
+ goto finish;
+ }
+ } else if (debug) {
+ pam_syslog(handle, LOG_DEBUG, "Runtime dir %s is not owned by the target uid %u, ignoring.",
+ runtime_path, uid);
+ }
if (!isempty(seat)) {
r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
......@@ -486,11 +486,9 @@ Also-redirect-to-update-rc.d-when-not-using-.service.patch
systemctl-don-t-skip-native-units-when-enabling-disa.patch
systemctl-call-update-rc.d-enable-disable-not-defaul.patch
Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch
fix-systemctl-enable-disable-error-message-Failed-to.patch
don-t-try-to-start-autovt-units-when-not-running-wit.patch
timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch
fstab-generator-don-t-rely-on-usr-being-mounted-in-t.patch
fix-remaining-reference-to-systemd-logind.conf.patch
Make-hostnamed-localed-timedated-D-Bus-activatable.patch
Update-localed-to-use-the-Debian-config-files.patch
Add-note-to-udev.conf-that-changes-to-that-file-requ.patch
......@@ -503,7 +501,6 @@ Make-99-systemd.rules-check-for-run-systemd-systemd-.patch
Make-net.ifnames-opt-in-instead-of-opt-out.patch
Don-t-move-libgudev-to-lib.patch
Use-different-default-paths-for-various-binaries.patch
pam-Check-XDG_RUNTIME_DIR-owner.patch
Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch
Avoid-reloading-services-when-shutting-down.patch
Avoid-reload-and-re-start-requests-during-early-boot.patch
......
......@@ -15,10 +15,10 @@ Move it to udevlibexecdir instead.
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 7d1f408..631bfde 100644
index 82ef4ce..1eb643d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2388,7 +2388,7 @@ INSTALL_DATA_HOOKS += \
@@ -2417,7 +2417,7 @@ INSTALL_DATA_HOOKS += \
hwdb-update-hook
hwdb-remove-hook:
......@@ -28,10 +28,10 @@ index 7d1f408..631bfde 100644
# ------------------------------------------------------------------------------
TESTS += \
diff --git a/man/udevadm.xml b/man/udevadm.xml
index d0b257d..75a73c2 100644
index 112652c..ed9062d 100644
--- a/man/udevadm.xml
+++ b/man/udevadm.xml
@@ -424,13 +424,13 @@
@@ -439,13 +439,13 @@
</refsect2>
<refsect2><title>udevadm hwdb <optional>options</optional></title>
......@@ -49,7 +49,7 @@ index d0b257d..75a73c2 100644
udev daemon will detect a new database on its own and does not need to be
notified about it.</para>
diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c
index de1cb83..274282d 100644
index ba43b9f..d4ea076 100644
--- a/src/libudev/libudev-hwdb.c
+++ b/src/libudev/libudev-hwdb.c
@@ -275,30 +275,30 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
......@@ -59,41 +59,41 @@ index de1cb83..274282d 100644
- hwdb->f = fopen("/etc/udev/hwdb.bin", "re");
+ hwdb->f = fopen(UDEVLIBEXECDIR "/hwdb.bin", "re");
if (!hwdb->f) {
- log_debug("error reading /etc/udev/hwdb.bin: %m");
+ log_debug("error reading " UDEVLIBEXECDIR "/hwdb.bin: %m");
- udev_dbg(udev, "error reading /etc/udev/hwdb.bin: %m");
+ udev_dbg(udev, "error reading " UDEVLIBEXECDIR "/hwdb.bin: %m");