Commit b3308cbf authored by Dimitri John Ledkov's avatar Dimitri John Ledkov Committed by Simon McVittie
Browse files

Import Debian changes 237-3ubuntu5

systemd (237-3ubuntu5) bionic; urgency=medium

  * Drop old keyring/invocation_id patch, which made keyring setup be skipped in containers.
  * Use new patch, which sets up session keyring without relying on chown operation.
  * Drop systemd.prerm safety check.
    On Ubuntu, systemd is the only choice, and is essential, via init ->
    systemd-sysv -> systemd dependency chain, thus removing systemd is already
    quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
  * Detect Masked unit with drop-ins. (LP: #1752722)
  * wait-online: do not wait, if no links are managed (neither configured, or failed).
    (LP: #1728181)
  * journald.service: set Nice=-1 to dodge watchdog on soft lockups.
    (LP: #1696970)
  * Refresh all patches.
parent e656a800
systemd (237-3ubuntu5) bionic; urgency=medium
* Drop old keyring/invocation_id patch, which made keyring setup be skipped in containers.
* Use new patch, which sets up session keyring without relying on chown operation.
* Drop systemd.prerm safety check.
On Ubuntu, systemd is the only choice, and is essential, via init ->
systemd-sysv -> systemd dependency chain, thus removing systemd is already
quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
* Detect Masked unit with drop-ins. (LP: #1752722)
* wait-online: do not wait, if no links are managed (neither configured, or failed).
(LP: #1728181)
* journald.service: set Nice=-1 to dodge watchdog on soft lockups.
(LP: #1696970)
* Refresh all patches.
-- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 26 Mar 2018 15:55:25 +0100
systemd (237-3ubuntu4) bionic; urgency=medium
* systemd-sysv-install: fix name initialisation.
......
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon, 27 Apr 2015 15:29:13 +0200
Subject: Revert "core: one step back again,
for nspawn we actually can't wait for cgroups running empty since
systemd will get exactly zero notifications about it"
for nspawn we actually can't wait for cgroups running empty since systemd
will get exactly zero notifications about it"
This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.
......
......@@ -26,7 +26,7 @@ index d0befba..c3ed2da 100644
strscpy(name, IFNAMSIZ, event->name);
r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
+ r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
+ if (r >= 0) {
+ log_debug("renamed network interface %s to %s\n", oldname, name);
+ goto out;
......@@ -38,7 +38,7 @@ index d0befba..c3ed2da 100644
+
+ /* free our own name, another process may wait for us */
+ snprintf(name, IFNAMSIZ, "rename%u", udev_device_get_ifindex(dev));
+ r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
if (r < 0)
- return log_error_errno(r, "Error changing net interface name '%s' to '%s': %m", oldname, name);
+ goto out;
......
......@@ -14,10 +14,10 @@ LP: #1576341
1 file changed, 1 insertion(+)
diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in
index 29d0674..7bb5477 100644
index 2e5b75e..fb3e30b 100644
--- a/units/systemd-remount-fs.service.in
+++ b/units/systemd-remount-fs.service.in
@@ -15,6 +15,7 @@ After=systemd-fsck-root.service
@@ -17,6 +17,7 @@ After=systemd-fsck-root.service
Before=local-fs-pre.target local-fs.target shutdown.target
Wants=local-fs-pre.target
ConditionPathExists=/etc/fstab
......
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Tue, 26 Sep 2017 10:23:09 -0400
Subject: core: unlink the invocation id key, if cannot change keyring owner
KEYCTL_CHOWN fails under unpriviledged usernamespace containers that drop
CAP_SYS_ADMIN (eg. LXD, OpenVZ, etc). Because kernel checks the capability in
the initial namespace, rather than in the user namespace. Thus if KEYCTL_CHOWN
operation is required, but will be impossible to perform, unlink the key and
thus skip the keyring setup.
Fixes #6281
(cherry picked from commit e4945f3a577ac9233c0e71349b6c139899e742fc)
---
src/basic/missing.h | 8 ++++++++
src/core/execute.c | 14 ++++++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 352d2b0..8e1d45e 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -1132,6 +1132,14 @@ typedef int32_t key_serial_t;
#define KEYCTL_LINK 8
#endif
+#ifndef KEYCTL_LINK
+#define KEYCTL_LINK 8
+#endif
+
+#ifndef KEYCTL_UNLINK
+#define KEYCTL_UNLINK 9
+#endif
+
#ifndef KEYCTL_READ
#define KEYCTL_READ 11
#endif
diff --git a/src/core/execute.c b/src/core/execute.c
index 749ed32..e1b31b9 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2399,12 +2399,15 @@ static int setup_keyring(
uid_t uid, gid_t gid) {
key_serial_t keyring;
+ key_serial_t key;
int r;
assert(u);
assert(context);
assert(p);
+ key = -1;
+
/* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that
* each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond
* that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be
@@ -2434,8 +2437,6 @@ static int setup_keyring(
/* Populate they keyring with the invocation ID by default. */
if (!sd_id128_is_null(u->invocation_id)) {
- key_serial_t key;
-
key = add_key("user", "invocation_id", &u->invocation_id, sizeof(u->invocation_id), KEY_SPEC_SESSION_KEYRING);
if (key == -1)
log_unit_debug_errno(u, errno, "Failed to add invocation ID to keyring, ignoring: %m");
@@ -2449,8 +2450,13 @@ static int setup_keyring(
/* And now, make the keyring owned by the service's user */
if (uid_is_valid(uid) || gid_is_valid(gid))
- if (keyctl(KEYCTL_CHOWN, keyring, uid, gid, 0) < 0)
- return log_unit_error_errno(u, errno, "Failed to change ownership of session keyring: %m");
+ if (keyctl(KEYCTL_CHOWN, keyring, uid, gid, 0) < 0) {
+ log_unit_error_errno(u, errno, "Failed to change ownership of session keyring: %m");
+ /* well, the kernel didn't - cause the kernel is borked */
+ if (keyctl(KEYCTL_UNLINK, key, keyring, 0, 0) < 0)
+ log_unit_debug_errno(u, errno, "Failed to unlink (clean-up) key, after failing to change ownership: %m");
+ return 0;
+ }
/* When requested link the user keyring into the session keyring. */
if (context->keyring_mode == EXEC_KEYRING_SHARED) {
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Tue, 13 Mar 2018 23:03:37 +0000
Subject: core: use setreuid/setregid trick to create session keyring with
right ownership
Re-use the hacks used to link user keyring, when creating the session
keyring. This way changing ownership of the keyring is not required, and thus
incovation_id can be correctly created in restricted environments.
Creating invocation_id with root permissions works and linking it into session
keyring works, as at that point session keyring is possessed.
Simple way to validate this is with following commands:
$ journalctl -f &
$ sudo systemd-run --uid 1000 /bin/sh -c 'keyctl describe @s; keyctl list @s; keyctl read `keyctl search @s user invocation_id`'
which now works in LXD containers as well as on the host.
Fixes: https://github.com/systemd/systemd/issues/7655
---
src/core/execute.c | 95 ++++++++++++++++++++++++++----------------------------
1 file changed, 46 insertions(+), 49 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 0b5aa53..75fd8c9 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2444,6 +2444,8 @@ static int setup_keyring(
key_serial_t keyring;
int r;
+ uid_t saved_uid;
+ gid_t saved_gid;
assert(u);
assert(context);
@@ -2462,6 +2464,26 @@ static int setup_keyring(
if (context->keyring_mode == EXEC_KEYRING_INHERIT)
return 0;
+ /* Acquiring a reference to the user keyring is nasty. We briefly change identity in order to get things set up
+ * properly by the kernel. If we don't do that then we can't create it atomically, and that sucks for parallel
+ * execution. This mimics what pam_keyinit does, too. Setting up session keyring, to be owned by the right user
+ * & group is just as nasty as acquiring a reference to the user keyring. */
+
+ saved_uid = getuid();
+ saved_gid = getgid();
+
+ if (gid_is_valid(gid) && gid != saved_gid) {
+ if (setregid(gid, -1) < 0)
+ return log_unit_error_errno(u, errno, "Failed to change GID for user keyring: %m");
+ }
+
+ if (uid_is_valid(uid) && uid != saved_uid) {
+ if (setreuid(uid, -1) < 0) {
+ (void) setregid(saved_gid, -1);
+ return log_unit_error_errno(u, errno, "Failed to change UID for user keyring: %m");
+ }
+ }
+
keyring = keyctl(KEYCTL_JOIN_SESSION_KEYRING, 0, 0, 0, 0);
if (keyring == -1) {
if (errno == ENOSYS)
@@ -2476,49 +2498,8 @@ static int setup_keyring(
return 0;
}
- /* Populate they keyring with the invocation ID by default. */
- if (!sd_id128_is_null(u->invocation_id)) {
- key_serial_t key;
-
- key = add_key("user", "invocation_id", &u->invocation_id, sizeof(u->invocation_id), KEY_SPEC_SESSION_KEYRING);
- if (key == -1)
- log_unit_debug_errno(u, errno, "Failed to add invocation ID to keyring, ignoring: %m");
- else {
- if (keyctl(KEYCTL_SETPERM, key,
- KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH|
- KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH, 0, 0) < 0)
- return log_unit_error_errno(u, errno, "Failed to restrict invocation ID permission: %m");
- }
- }
-
- /* And now, make the keyring owned by the service's user */
- if (uid_is_valid(uid) || gid_is_valid(gid))
- if (keyctl(KEYCTL_CHOWN, keyring, uid, gid, 0) < 0)
- return log_unit_error_errno(u, errno, "Failed to change ownership of session keyring: %m");
-
/* When requested link the user keyring into the session keyring. */
if (context->keyring_mode == EXEC_KEYRING_SHARED) {
- uid_t saved_uid;
- gid_t saved_gid;
-
- /* Acquiring a reference to the user keyring is nasty. We briefly change identity in order to get things
- * set up properly by the kernel. If we don't do that then we can't create it atomically, and that
- * sucks for parallel execution. This mimics what pam_keyinit does, too.*/
-
- saved_uid = getuid();
- saved_gid = getgid();
-
- if (gid_is_valid(gid) && gid != saved_gid) {
- if (setregid(gid, -1) < 0)
- return log_unit_error_errno(u, errno, "Failed to change GID for user keyring: %m");
- }
-
- if (uid_is_valid(uid) && uid != saved_uid) {
- if (setreuid(uid, -1) < 0) {
- (void) setregid(saved_gid, -1);
- return log_unit_error_errno(u, errno, "Failed to change UID for user keyring: %m");
- }
- }
if (keyctl(KEYCTL_LINK,
KEY_SPEC_USER_KEYRING,
@@ -2531,17 +2512,33 @@ static int setup_keyring(
return log_unit_error_errno(u, r, "Failed to link user keyring into session keyring: %m");
}
+ }
- if (uid_is_valid(uid) && uid != saved_uid) {
- if (setreuid(saved_uid, -1) < 0) {
- (void) setregid(saved_gid, -1);
- return log_unit_error_errno(u, errno, "Failed to change UID back for user keyring: %m");
- }
+ /* Restore uid/gid back */
+ if (uid_is_valid(uid) && uid != saved_uid) {
+ if (setreuid(saved_uid, -1) < 0) {
+ (void) setregid(saved_gid, -1);
+ return log_unit_error_errno(u, errno, "Failed to change UID back for user keyring: %m");
}
+ }
+
+ if (gid_is_valid(gid) && gid != saved_gid) {
+ if (setregid(saved_gid, -1) < 0)
+ return log_unit_error_errno(u, errno, "Failed to change GID back for user keyring: %m");
+ }
- if (gid_is_valid(gid) && gid != saved_gid) {
- if (setregid(saved_gid, -1) < 0)
- return log_unit_error_errno(u, errno, "Failed to change GID back for user keyring: %m");
+ /* Populate they keyring with the invocation ID by default, as original saved_uid. */
+ if (!sd_id128_is_null(u->invocation_id)) {
+ key_serial_t key;
+
+ key = add_key("user", "invocation_id", &u->invocation_id, sizeof(u->invocation_id), KEY_SPEC_SESSION_KEYRING);
+ if (key == -1)
+ log_unit_debug_errno(u, errno, "Failed to add invocation ID to keyring, ignoring: %m");
+ else {
+ if (keyctl(KEYCTL_SETPERM, key,
+ KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH|
+ KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH, 0, 0) < 0)
+ return log_unit_error_errno(u, errno, "Failed to restrict invocation ID permission: %m");
}
}
......@@ -4,9 +4,11 @@ Subject: UBUNTU: drop unrelated settings from sysctl defaults shipped by
systemd.
---
sysctl.d/50-default.conf | 22 ----------------------
1 file changed, 22 deletions(-)
sysctl.d/50-default.conf | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index e263cf0..36ae524 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -11,28 +11,8 @@
......
......@@ -8,10 +8,10 @@ Subject: UBUNTU: drop using kvm for qemu tests,
1 file changed, 4 deletions(-)
diff --git a/test/test-functions b/test/test-functions
index 92388dc..095c6d7 100644
index 22066d9..ab0f87e 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -136,10 +136,6 @@ $KERNEL_APPEND \
@@ -148,10 +148,6 @@ $KERNEL_APPEND \
QEMU_OPTIONS="$QEMU_OPTIONS -initrd $INITRD"
fi
......
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Mon, 26 Mar 2018 13:41:15 +0100
Subject: journald.service: set Nice=-1 to dodge watchdog on soft lockups.
LP: #1696970
(cherry picked from commit c5b77c35b4ec0e1812702240f272fbeea3ad4152)
---
units/systemd-journald.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index df76fe4..24c0150 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -22,6 +22,7 @@ ExecStart=@rootlibexecdir@/systemd-journald
Restart=always
RestartSec=0
StandardOutput=null
+Nice=-1
WatchdogSec=3min
FileDescriptorStoreMax=4224
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
......@@ -11,9 +11,11 @@ unpriviledged user namespaced containers.
src/test/test-process-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 72edcbb..8286b66 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -381,7 +381,7 @@
@@ -381,7 +381,7 @@ static void test_rename_process_now(const char *p, int ret) {
assert_se(get_process_cmdline(0, 0, false, &cmdline) >= 0);
/* we cannot expect cmdline to be renamed properly without privileges */
......
......@@ -28,10 +28,10 @@ Without this patch tests fail on default Ubuntu installs.
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/test/test-functions b/test/test-functions
index 745c0a9..2957de5 100644
index ab0f87e..0b7575b 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -424,9 +424,8 @@ install_execs() {
@@ -432,9 +432,8 @@ install_execs() {
export PKG_CONFIG_PATH=$BUILD_DIR/src/core/
systemdsystemunitdir=$(pkg-config --variable=systemdsystemunitdir systemd)
systemduserunitdir=$(pkg-config --variable=systemduserunitdir systemd)
......
......@@ -10,10 +10,10 @@ really have no need for vga or seabios in this case.
1 file changed, 1 insertion(+)
diff --git a/test/test-functions b/test/test-functions
index 24fd3f2..b347321 100644
index 0b7575b..f5f789c 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -129,6 +129,7 @@ $KERNEL_APPEND \
@@ -140,6 +140,7 @@ $KERNEL_APPEND \
-net none \
-m 512M \
-nographic \
......
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Mon, 26 Mar 2018 13:17:01 +0100
Subject: wait-online: exit, if no links are managed.
(cherry picked from commit 19d11f607ac0f8b1e31f72a8e9d3d44371b9dadb)
---
src/network/wait-online/manager.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c
index 05f030d..aa963cb 100644
--- a/src/network/wait-online/manager.c
+++ b/src/network/wait-online/manager.c
@@ -54,6 +54,7 @@ bool manager_all_configured(Manager *m) {
Link *l;
char **ifname;
bool one_ready = false;
+ bool none_managed = true;
/* wait for all the links given on the command line to appear */
STRV_FOREACH(ifname, m->interfaces) {
@@ -84,6 +85,11 @@ bool manager_all_configured(Manager *m) {
return false;
}
+ if (STR_IN_SET(l->state, "configured", "failed")) {
+ log_info("managing: %s", l->ifname);
+ none_managed = false;
+ }
+
if (l->operational_state &&
STR_IN_SET(l->operational_state, "degraded", "routable"))
/* we wait for at least one link to be ready,
@@ -91,7 +97,7 @@ bool manager_all_configured(Manager *m) {
one_ready = true;
}
- return one_ready;
+ return one_ready || none_managed;
}
static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
......@@ -23,10 +23,10 @@ Users may override this setting in the .network files by specifying
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index ba7631c..56a925d 100644
index 80d2802..d91346e 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -297,7 +297,7 @@
@@ -310,7 +310,7 @@
<literal>IPv6AcceptRA=</literal>.</para>
<para>Furthermore, note that by default the domain name
......@@ -35,7 +35,7 @@ index ba7631c..56a925d 100644
See option <option>UseDomains=</option> below.</para>
<para>See the <literal>[DHCP]</literal> section below for further configuration options for the DHCP client
@@ -1132,7 +1132,7 @@
@@ -1192,7 +1192,7 @@
the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name received from
the DHCP server will be used for routing DNS queries only, but not for searching, similar to the effect of
the <option>Domains=</option> setting when the argument is prefixed with <literal>~</literal>. Defaults to
......@@ -44,7 +44,7 @@ index ba7631c..56a925d 100644
<para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
of all host names, in particular of single-label names. It is generally safer to use the supplied domain
@@ -1281,7 +1281,7 @@
@@ -1355,7 +1355,7 @@
the effect of the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name
received via IPv6 RA will be used for routing DNS queries only, but not for searching, similar to the
effect of the <option>Domains=</option> setting when the argument is prefixed with
......@@ -54,7 +54,7 @@ index ba7631c..56a925d 100644
<para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
of all host names, in particular of single-label names. It is generally safer to use the supplied domain
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 1738b5e..348a8a2 100644
index 2dc3de3..e320c04 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -213,6 +213,7 @@ static int network_load_one(Manager *manager, const char *filename) {
......@@ -65,7 +65,7 @@ index 1738b5e..348a8a2 100644
/* To enable/disable RFC7844 Anonymity Profiles */
network->dhcp_anonymize = false;
network->dhcp_route_metric = DHCP_ROUTE_METRIC;
@@ -256,6 +257,7 @@ static int network_load_one(Manager *manager, const char *filename) {
@@ -260,6 +261,7 @@ static int network_load_one(Manager *manager, const char *filename) {
network->proxy_arp = -1;
network->arp = -1;
network->ipv6_accept_ra_use_dns = true;
......
......@@ -11,10 +11,10 @@ environments. This is similar to how OOMScoreAdjust is treated.
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 36dbc28..749ed32 100644
index 0df3971..0b5aa53 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2905,11 +2905,17 @@ static int exec_child(
@@ -2953,11 +2953,17 @@ static int exec_child(
}
}
......
......@@ -9,10 +9,10 @@ As it fails to start in an unpriviledged container.
1 file changed, 1 insertion(+)
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket
index 541f2cf..6ee8621 100644
index cb8b774..6649934 100644
--- a/units/systemd-journald-audit.socket
+++ b/units/systemd-journald-audit.socket
@@ -12,6 +12,7 @@ DefaultDependencies=no
@@ -14,6 +14,7 @@ DefaultDependencies=no
Before=sockets.target
ConditionSecurity=audit
ConditionCapability=CAP_AUDIT_READ
......
From: Michael Stapelberg <stapelberg@debian.org>
Date: Sat, 21 Dec 2013 18:49:10 +0100
Subject: =?utf-8?q?don=E2=80=99t_try_to_start_autovt_units_when_not_runnin?=
=?utf-8?q?g_with_systemd_as_pid_1?=
Subject: =?utf-8?q?don=E2=80=99t_try_to_start_autovt_units_when_not_running?=
=?utf-8?q?_with_systemd_as_pid_1?=
Closes: #726466
---
......
From: Filipe Brandenburger <filbranden@google.com>
Date: Thu, 1 Mar 2018 17:48:15 -0800
Subject: install: detect masked unit with drop-ins
Before this fix, a unit with drop-ins will not be reported as masked by
`systemctl is-enabled` or `systemctl list-unit-files`.
(cherry picked from commit 9639b1752cf97eeee93d2a3dbc8531d6d4d4bc2e)
---
src/shared/install.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/shared/install.c b/src/shared/install.c
index 026aa32..9628ac6 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1461,6 +1461,9 @@ static int unit_file_search(
return -ENOENT;
}
+ if (info->type == UNIT_FILE_TYPE_MASKED)
+ return result;
+
/* Search for drop-in directories */
dropin_dir_name = strjoina(info->name, ".d");
......@@ -9,6 +9,8 @@ meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch
test-test-functions-Debian-Ubuntu-now-ship-95-dm-notify.r.patch
test-test-functions-on-PP64-use-vmlinux.patch
test-test-functions-on-PPC64-use-hvc0-console.patch
test-masked-unit-with-drop-ins.patch
install-detect-masked-unit-with-drop-ins.patch
debian/Use-Debian-specific-config-files.patch
debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch
debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch
......@@ -38,7 +40,6 @@ debian/Skip-starting-systemd-remount-fs.service-in-containers.patch
debian/Ubuntu-UseDomains-by-default.patch
debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch
debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch
debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch
debian/UBUNTU-test-test-functions-drop-all-prefixes.patch
......@@ -47,3 +48,6 @@ debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch
debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch
debian/UBUNTU-test-fs-utils-detect-container.patch
debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch
debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
From: Filipe Brandenburger <filbranden@google.com>
Date: Thu, 1 Mar 2018 21:07:27 -0800
Subject: test: masked unit with drop-ins
(cherry picked from commit 67348e791dd0c546965e48cc091f1e8245b9260d)
---
test/TEST-15-DROPIN/test-dropin.sh | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
index 9d8af99..ab0a58c 100755
--- a/test/TEST-15-DROPIN/test-dropin.sh
+++ b/test/TEST-15-DROPIN/test-dropin.sh
@@ -179,6 +179,16 @@ test_masked_dropins () {