Commit acee940a authored by Dimitri John Ledkov's avatar Dimitri John Ledkov Committed by Simon McVittie
Browse files

Import Debian changes 237-3ubuntu10.8

systemd (237-3ubuntu10.8) bionic; urgency=medium

  * debian/extra/start-udev: ignore failure to set sync parameter.
    On old kernels (e.g. v4.4) the file is available but appears to be
    non-writable. Hide error messages and ignore failure to write out sync into the
    parameters file. This does not regress https://pad.lv/1779815 since older
    kernel did synchronous scan anyway. But it does resolve failure to start the
    installer on old kernels. (LP: #1784454)
    File: debian/extra/start-udev
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083

  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9

  * units: Disable journald Watchdog (LP: #1773148)
    File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6

  * cryptsetup: add support for sector-size= option (LP: #1776626)
    File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab

  * Re-add support for /etc/writable for core18. (LP: #1778936)
    Author: Michael Vogt
    File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639

  * systemctl: correctly proceed to immediate shutdown if scheduling fails
    (LP: #1670291)
    File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3

  * core: export environment when running generators.
    Ensure that manager's environment (including e.g. PATH) is exported when
    running generators. Otherwise, one is at a mercy of running without PATH which
    can lead to buggy generator behaviour. (LP: #1771858)
    Files:
    - debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
    - debian/patches/core-execute-generators-with-manager-s-environmnet.patch
    - debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35

  * networkd: add support to set IPv6MTUBytes (LP: #1671951)
    File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7

  * Specify Ubuntu's Vcs-Git
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a

systemd (237-3ubuntu10.7) bionic-security; urgency=medium

  * debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
    (LP: #1803391)
    Author: Balint Reczey
    File: debian/systemd.postinst
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
parent a375a3e2
systemd (237-3ubuntu10.8) bionic; urgency=medium
* debian/extra/start-udev: ignore failure to set sync parameter.
On old kernels (e.g. v4.4) the file is available but appears to be
non-writable. Hide error messages and ignore failure to write out sync into the
parameters file. This does not regress https://pad.lv/1779815 since older
kernel did synchronous scan anyway. But it does resolve failure to start the
installer on old kernels. (LP: #1784454)
File: debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6
* cryptsetup: add support for sector-size= option (LP: #1776626)
File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639
* systemctl: correctly proceed to immediate shutdown if scheduling fails
(LP: #1670291)
File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3
* core: export environment when running generators.
Ensure that manager's environment (including e.g. PATH) is exported when
running generators. Otherwise, one is at a mercy of running without PATH which
can lead to buggy generator behaviour. (LP: #1771858)
Files:
- debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
- debian/patches/core-execute-generators-with-manager-s-environmnet.patch
- debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35
* networkd: add support to set IPv6MTUBytes (LP: #1671951)
File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:15:00 +0000
systemd (237-3ubuntu10.7) bionic-security; urgency=medium
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:00:20 +0000
systemd (237-3ubuntu10.6) bionic-security; urgency=medium systemd (237-3ubuntu10.6) bionic-security; urgency=medium
* SECURITY UPDATE: reexec state injection * SECURITY UPDATE: reexec state injection
......
...@@ -9,8 +9,10 @@ Uploaders: Michael Biebl <biebl@debian.org>, ...@@ -9,8 +9,10 @@ Uploaders: Michael Biebl <biebl@debian.org>,
Martin Pitt <mpitt@debian.org> Martin Pitt <mpitt@debian.org>
Standards-Version: 4.1.3 Standards-Version: 4.1.3
Rules-Requires-Root: no Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd -b ubuntu-bionic
Vcs-Browser: https://salsa.debian.org/systemd-team/systemd Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd
XS-Vcs-Debian-Git: https://salsa.debian.org/systemd-team/systemd.git
XS-Vcs-Debian-Browser: https://salsa.debian.org/systemd-team/systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd Homepage: https://www.freedesktop.org/wiki/Software/systemd
Build-Depends: debhelper (>= 10.4~), Build-Depends: debhelper (>= 10.4~),
pkg-config, pkg-config,
...@@ -76,6 +78,7 @@ Depends: ${shlibs:Depends}, ...@@ -76,6 +78,7 @@ Depends: ${shlibs:Depends},
mount (>= 2.26), mount (>= 2.26),
adduser, adduser,
procps, procps,
Conflicts: systemd-shim, upstart
Breaks: apparmor (<< 2.9.2-1), Breaks: apparmor (<< 2.9.2-1),
systemd-shim (<< 10-3~), systemd-shim (<< 10-3~),
ifupdown (<< 0.8.5~), ifupdown (<< 0.8.5~),
...@@ -206,7 +209,7 @@ Depends: ${shlibs:Depends}, ...@@ -206,7 +209,7 @@ Depends: ${shlibs:Depends},
systemd (= ${binary:Version}), systemd (= ${binary:Version}),
libpam-runtime (>= 1.0.1-6), libpam-runtime (>= 1.0.1-6),
dbus, dbus,
systemd-shim (>= 10-3~) | systemd-sysv systemd-sysv
Description: system and service manager - PAM module Description: system and service manager - PAM module
This package contains the PAM module which registers user sessions in This package contains the PAM module which registers user sessions in
the systemd control group hierarchy for logind. the systemd control group hierarchy for logind.
......
...@@ -11,7 +11,7 @@ fi ...@@ -11,7 +11,7 @@ fi
# This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf # This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf
# in the event that scsi_mod is built in to the kernel, not a module: # in the event that scsi_mod is built in to the kernel, not a module:
if [ -f /sys/module/scsi_mod/parameters/scan ]; then if [ -f /sys/module/scsi_mod/parameters/scan ]; then
echo sync > /sys/module/scsi_mod/parameters/scan echo sync > /sys/module/scsi_mod/parameters/scan >/dev/null || :
fi fi
SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
......
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 19:51:23 +0100
Subject: core: execute environment_generators with manager's environment
(cherry picked from commit ea368f0bd2b77bbc67eab42471b470582f0bd6bc)
---
src/core/manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 7ccef8e..3afa39a 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3406,7 +3406,7 @@ static int manager_run_environment_generators(Manager *m) {
if (!generator_path_any(paths))
return 0;
- return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, NULL);
+ return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, m->environment);
}
static int manager_run_generators(Manager *m) {
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 19:52:30 +0100
Subject: core: execute generators with manager's environmnet
(cherry picked from commit a3156a8ee4d68b09715225cc04674eea7b5aaec4)
---
src/core/manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 3afa39a..0720ae2 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3438,7 +3438,7 @@ static int manager_run_generators(Manager *m) {
RUN_WITH_UMASK(0022)
execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC,
- NULL, NULL, (char**) argv, NULL);
+ NULL, NULL, (char**) argv, m->environment);
finish:
lookup_paths_trim_generator(&m->lookup_paths);
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Fri, 24 Aug 2018 16:37:45 +0100
Subject: cryptsetup: add support for sector-size= option (#8881)
Bug-Ubuntu: https://launchpad.net/bugs/1776626
(cherry picked from commit 9a63ee584da7c76e7945f3dbf386a093dbf40d8d)
---
man/crypttab.xml | 9 +++++++++
meson.build | 6 ++++++
src/cryptsetup/cryptsetup.c | 30 ++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index dc43257..f400114 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -283,6 +283,15 @@
option.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>sector-size=</option></term>
+
+ <listitem><para>Specifies the sector size in bytes. See
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default value of this
+ option.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>swap</option></term>
diff --git a/meson.build b/meson.build
index b9e59ec..08c15ca 100644
--- a/meson.build
+++ b/meson.build
@@ -940,11 +940,17 @@ if want_libcryptsetup != 'false' and not fuzzer_build
version : '>= 1.6.0',
required : want_libcryptsetup == 'true')
have = libcryptsetup.found()
+ have_sector = cc.has_member(
+ 'struct crypt_params_plain',
+ 'sector_size',
+ prefix : '#include <libcryptsetup.h>')
else
have = false
+ have_sector = false
libcryptsetup = []
endif
conf.set10('HAVE_LIBCRYPTSETUP', have)
+conf.set10('HAVE_LIBCRYPTSETUP_SECTOR_SIZE', have_sector)
want_libcurl = get_option('libcurl')
if want_libcurl != 'false' and not fuzzer_build
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 7255ff4..8a3d562 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -41,10 +41,14 @@
/* internal helper */
#define ANY_LUKS "LUKS"
+/* as in src/cryptsetup.h */
+#define CRYPT_SECTOR_SIZE 512
+#define CRYPT_MAX_SECTOR_SIZE 4096
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
static char *arg_cipher = NULL;
static unsigned arg_key_size = 0;
+static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
static int arg_key_slot = CRYPT_ANY_SLOT;
static unsigned arg_keyfile_size = 0;
static uint64_t arg_keyfile_offset = 0;
@@ -104,6 +108,29 @@ static int parse_one_option(const char *option) {
arg_key_size /= 8;
+ } else if ((val = startswith(option, "sector-size="))) {
+
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
+ r = safe_atou(val, &arg_sector_size);
+ if (r < 0) {
+ log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
+ return 0;
+ }
+
+ if (arg_sector_size % 2) {
+ log_error("sector-size= not a multiple of 2, ignoring.");
+ return 0;
+ }
+
+ if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) {
+ log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
+ return 0;
+ }
+#else
+ log_error("sector-size= is not supported, compiled with old libcryptsetup.");
+ return 0;
+#endif
+
} else if ((val = startswith(option, "key-slot="))) {
arg_type = ANY_LUKS;
@@ -490,6 +517,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
+#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
+ .sector_size = arg_sector_size,
+#endif
};
const char *cipher, *cipher_mode;
_cleanup_free_ char *truncated_cipher = NULL;
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Sat, 26 Apr 2014 23:49:32 +0200
Subject: Support system-image read-only /etc
On Ubuntu Phone with readonly /etc we symlink
/etc/{adjtime,localtime,timezone,hostname,machine-info} to /etc/writable/, so
we need to update those files instead if the original files are symlinks into
/etc/writable/.
Forwarded: OMGno, this is a rather nasty hack until we fix system-image to get a writable /etc
Bug-Ubuntu: https://launchpad.net/bugs/1227520
---
src/hostname/hostnamed.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 1c8c769..c92d792 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -31,6 +31,7 @@
#include "hostname-util.h"
#include "parse-util.h"
#include "path-util.h"
+#include "fs-util.h"
#include "selinux-util.h"
#include "strv.h"
#include "user-util.h"
@@ -76,6 +77,25 @@ static void context_free(Context *c) {
bus_verify_polkit_async_registry_free(c->polkit_registry);
}
+/* Hack for Ubuntu phone: check if path is an existing symlink to
+ * /etc/writable; if it is, update that instead */
+static const char* writable_filename(const char *path) {
+ ssize_t r;
+ static char realfile_buf[PATH_MAX];
+ _cleanup_free_ char *realfile = NULL;
+ const char *result = path;
+ int orig_errno = errno;
+
+ r = readlink_and_make_absolute(path, &realfile);
+ if (r >= 0 && startswith(realfile, "/etc/writable")) {
+ snprintf(realfile_buf, sizeof(realfile_buf), "%s", realfile);
+ result = realfile_buf;
+ }
+
+ errno = orig_errno;
+ return result;
+}
+
static int context_read_data(Context *c) {
int r;
struct utsname u;
@@ -303,12 +323,12 @@ static int context_write_data_static_hostname(Context *c) {
if (isempty(c->data[PROP_STATIC_HOSTNAME])) {
- if (unlink("/etc/hostname") < 0)
+ if (unlink(writable_filename("/etc/hostname")) < 0)
return errno == ENOENT ? 0 : -errno;
return 0;
}
- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]);
+ return write_string_file_atomic_label(writable_filename("/etc/hostname"), c->data[PROP_STATIC_HOSTNAME]);
}
static int context_write_data_machine_info(Context *c) {
@@ -354,13 +374,13 @@ static int context_write_data_machine_info(Context *c) {
}
if (strv_isempty(l)) {
- if (unlink("/etc/machine-info") < 0)
+ if (unlink(writable_filename("/etc/machine-info")) < 0)
return errno == ENOENT ? 0 : -errno;
return 0;
}
- return write_env_file_label("/etc/machine-info", l);
+ return write_env_file_label(writable_filename("/etc/machine-info"), l);
}
static int property_get_icon_name(
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Thu, 4 Oct 2018 15:25:50 +0100
Subject: units: Disable journald Watchdog
https://github.com/systemd/systemd/issues/9079
LP: #1773148
---
units/systemd-journald.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 24c0150..4d2d7a7 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -23,7 +23,6 @@ Restart=always
RestartSec=0
StandardOutput=null
Nice=-1
-WatchdogSec=3min
FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
MemoryDenyWriteExecute=yes
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Wed, 12 Sep 2018 18:19:13 +0100
Subject: exec-util: in execute_directories, support initial exec environment
(cherry picked from commit 78ec1bb436fb18df3b56212c442cc4775a136d1a)
---
src/basic/exec-util.c | 13 +++++++++----
src/basic/exec-util.h | 3 ++-
src/core/manager.c | 4 ++--
src/core/shutdown.c | 2 +-
src/sleep/sleep.c | 4 ++--
src/test/test-exec-util.c | 43 ++++++++++++++++++++++++++++++++++++-------
6 files changed, 52 insertions(+), 17 deletions(-)
diff --git a/src/basic/exec-util.c b/src/basic/exec-util.c
index 0829b3d..f13de4f 100644
--- a/src/basic/exec-util.c
+++ b/src/basic/exec-util.c
@@ -92,11 +92,12 @@ static int do_execute(
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
int output_fd,
- char *argv[]) {
+ char *argv[],
+ char *envp[]) {
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_strv_free_ char **paths = NULL;
- char **path;
+ char **path, **e;
int r;
/* We fork this all off from a child process so that we can somewhat cleanly make
@@ -121,6 +122,9 @@ static int do_execute(
if (timeout != USEC_INFINITY)
alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
+ STRV_FOREACH(e, envp)
+ putenv(*e);
+
STRV_FOREACH(path, paths) {
_cleanup_free_ char *t = NULL;
_cleanup_close_ int fd = -1;
@@ -187,7 +191,8 @@ int execute_directories(
usec_t timeout,
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
- char *argv[]) {
+ char *argv[],
+ char *envp[]) {
char **dirs = (char**) directories;
_cleanup_close_ int fd = -1;
@@ -218,7 +223,7 @@ int execute_directories(
if (r < 0)
return r;
if (r == 0) {
- r = do_execute(dirs, timeout, callbacks, callback_args, fd, argv);
+ r = do_execute(dirs, timeout, callbacks, callback_args, fd, argv, envp);
_exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
}
diff --git a/src/basic/exec-util.h b/src/basic/exec-util.h
index d69bec7..e89d5e5 100644
--- a/src/basic/exec-util.h
+++ b/src/basic/exec-util.h
@@ -36,6 +36,7 @@ int execute_directories(
usec_t timeout,
gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
void* const callback_args[_STDOUT_CONSUME_MAX],
- char *argv[]);
+ char *argv[],
+ char *envp[]);
extern const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX];
diff --git a/src/core/manager.c b/src/core/manager.c
index dee9508..7ccef8e 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3406,7 +3406,7 @@ static int manager_run_environment_generators(Manager *m) {
if (!generator_path_any(paths))
return 0;
- return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL);
+ return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, NULL);
}
static int manager_run_generators(Manager *m) {
@@ -3438,7 +3438,7 @@ static int manager_run_generators(Manager *m) {
RUN_WITH_UMASK(0022)
execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC,
- NULL, NULL, (char**) argv);
+ NULL, NULL, (char**) argv, NULL);
finish:
lookup_paths_trim_generator(&m->lookup_paths);
diff --git a/src/core/shutdown.c b/src/core/shutdown.c
index cc31b33..d78e9f9 100644
--- a/src/core/shutdown.c
+++ b/src/core/shutdown.c
@@ -444,7 +444,7 @@ int main(int argc, char *argv[]) {
arguments[0] = NULL;
arguments[1] = arg_verb;
arguments[2] = NULL;
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL);
if (!in_container && !in_initrd() &&
access("/run/initramfs/shutdown", X_OK) == 0) {
diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
index 1163a0f..3db679a 100644
--- a/src/sleep/sleep.c
+++ b/src/sleep/sleep.c
@@ -182,7 +182,7 @@ static int execute(char **modes, char **states) {
return r;
}
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL);
log_struct(LOG_INFO,
"MESSAGE_ID=" SD_MESSAGE_SLEEP_START_STR,
@@ -201,7 +201,7 @@ static int execute(char **modes, char **states) {
NULL);
arguments[1] = (char*) "post";
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL);
return r;
}
diff --git a/src/test/test-exec-util.c b/src/test/test-exec-util.c
index bd9c809..169dcc0 100644
--- a/src/test/test-exec-util.c
+++ b/src/test/test-exec-util.c
@@ -35,6 +35,7 @@
#include "fs-util.h"
#include "log.h"
#include "macro.h"
+#include "path-util.h"
#include "rm-rf.h"
#include "string-util.h"
#include "strv.h"
@@ -134,9 +135,9 @@ static void test_execute_directory(bool gather_stdout) {
assert_se(chmod(mask2e, 0755) == 0);
if (gather_stdout)
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, ignore_stdout, ignore_stdout_args, NULL);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, ignore_stdout, ignore_stdout_args, NULL, NULL);
else
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, NULL);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, NULL, NULL);
assert_se(chdir(template_lo) == 0);
assert_se(access("it_works", F_OK) >= 0);
@@ -201,7 +202,7 @@ static void test_execution_order(void) {
assert_se(chmod(override, 0755) == 0);
assert_se(chmod(masked, 0755) == 0);
- execute_directories(dirs, DEFAULT_TIMEOUT_USEC, ignore_stdout, ignore_stdout_args, NULL);
+ execute_directories(dirs, DEFAULT_TIMEOUT_USEC, ignore_stdout, ignore_stdout_args, NULL, NULL);
assert_se(read_full_file(output, &contents, NULL) >= 0);
assert_se(streq(contents, "30-override\n80-foo\n90-bar\nlast\n"));
@@ -284,7 +285,7 @@ static void test_stdout_gathering(void) {
assert_se(chmod(name2, 0755) == 0);
assert_se(chmod(name3, 0755) == 0);
- r = execute_directories(dirs, DEFAULT_TIMEOUT_USEC, gather_stdout, args, NULL);
+ r = execute_directories(dirs, DEFAULT_TIMEOUT_USEC, gather_stdout, args, NULL, NULL);
assert_se(r >= 0);
log_info("got: %s", output);
@@ -295,7 +296,7 @@ static void test_stdout_gathering(void) {
static void test_environment_gathering(void) {
char template[] = "/tmp/test-exec-util.XXXXXXX", **p;
const char *dirs[] = {template, NULL};
- const char *name, *name2, *name3;
+ const char *name, *name2, *name3, *old;
int r;
char **tmp = NULL; /* this is only used in the forked process, no cleanup here */
@@ -341,7 +342,32 @@ static void test_environment_gathering(void) {
assert_se(chmod(name2, 0755) == 0);
assert_se(chmod(name3, 0755) == 0);
- r = execute_directories(dirs, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL);
+ /* When booting in containers or without initramfs there might not be
+ * any PATH in the environ and if there is no PATH /bin/sh built-in
+ * PATH may leak and override systemd's DEFAULT_PATH which is not
+ * good. Force our own PATH in environment, to prevent expansion of sh
+ * built-in $PATH */
+ old = getenv("PATH");
+ r = setenv("PATH", "no-sh-built-in-path", 1);
+ assert_se(r >= 0);
+
+ r = execute_directories(dirs, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL, NULL);
+ assert_se(r >= 0);
+
+ STRV_FOREACH(p, env)
+ log_info("got env: \"%s\"", *p);
+
+ assert_se(streq(strv_env_get(env, "A"), "22:23:24"));
+ assert_se(streq(strv_env_get(env, "B"), "12"));
+ assert_se(streq(strv_env_get(env, "C"), "001"));
+ assert_se(streq(strv_env_get(env, "PATH"), "no-sh-built-in-path:/no/such/file"));
+
+ /* now retest with "default" path passed in, as created by