From: INSUN PYO <insun.pyo@samsung.com>
Date: Fri, 18 Sep 2020 06:04:53 +0000 (+0900)
Subject: Disable virtualization feature
X-Git-Tag: accepted/tizen/unified/20200923.024119^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F95%2F244395%2F5;p=platform%2Fupstream%2Fsystemd.git

Disable virtualization feature

1. Tizen does not support continer and vm.

2. Resolving Smack error.
==========================================================================================
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322

Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="environ" dev="proc" ino=12572
Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="sched" dev="proc" ino=12322

Jan 01 09:00:30 localhost audit[949]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=949 comm="systemctl" name="sched" dev="proc" ino=12322
==========================================================================================

Change-Id: I8b947a0de6c030fa7dd4f8d8b080b1f7783a4010
---

diff --git a/meson.build b/meson.build
index 6cf1f56..06002d6 100644
--- a/meson.build
+++ b/meson.build
@@ -1289,6 +1289,7 @@ conf.set10('ENABLE_REMOTE', have)
 
 foreach term : ['utmp',
                 'kdbus',
+                'virt',
                 'hibernate',
                 'environment-d',
                 'binfmt',
@@ -2427,13 +2428,15 @@ meson.add_install_script(meson_make_symlink,
                          join_paths(systemgeneratordir, exe_name),
                          join_paths(usergeneratordir, exe_name))
 
-exe = executable('systemd-detect-virt',
-                 'src/detect-virt/detect-virt.c',
-                 include_directories : includes,
-                 link_with : [libshared],
-                 install_rpath : rootlibexecdir,
-                 install : true)
-public_programs += exe
+if conf.get('ENABLE_VIRT') == 1
+        exe = executable('systemd-detect-virt',
+                         'src/detect-virt/detect-virt.c',
+                         include_directories : includes,
+                         link_with : [libshared],
+                         install_rpath : rootlibexecdir,
+                         install : true)
+        public_programs += exe
+endif
 
 exe = executable('systemd-delta',
                  'src/delta/delta.c',
@@ -3252,6 +3255,7 @@ foreach tuple : [
         ['blkid'],
         ['dbus'],
         ['kdbus'],
+        ['virt'],
         ['glib'],
         ['nss-myhostname'],
         ['nss-mymachines'],
diff --git a/meson_options.txt b/meson_options.txt
index 0866630..76b145f 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -318,6 +318,8 @@ option('tpm-pcrindex', type : 'integer', value : 8,
 
 option('kdbus', type : 'boolean', value : 'false',
        description : 'kdbus support')
+option('virt', type : 'boolean',
+       description : 'virtualization support')
 
 option('bashcompletiondir', type : 'string',
        description : 'directory for bash completion scripts ["no" disables]')
diff --git a/packaging/systemd.spec b/packaging/systemd.spec
index 518ffd6..89b7c49 100644
--- a/packaging/systemd.spec
+++ b/packaging/systemd.spec
@@ -12,6 +12,7 @@
 %define WITH_MACHINED 0
 %define WITH_DOC 0
 %define WITH_HOSTNAMED 0
+%define WITH_VIRT 0
 
 %define build_dir _build
 %define dbuspolicydir %{_datadir}/dbus-1
@@ -178,6 +179,9 @@ cp %{SOURCE9} .
 %define _vpath_builddir %{build_dir}
 %meson \
 	-Dkdbus=true \
+%if ! %{?WITH_VIRT}
+	-Dvirt=false \
+%endif
 %if ! %{WITH_RANDOMSEED}
 	-Drandomseed=false \
 %endif
@@ -420,12 +424,14 @@ chsmack %{_bindir}/systemd-cat -a "System::Tools"
 chsmack %{_bindir}/systemd-cgls -a "System::Tools"
 chsmack %{_bindir}/systemd-cgtop -a "System::Tools"
 chsmack %{_bindir}/systemd-delta -a "System::Tools"
-chsmack %{_bindir}/systemd-detect-virt -a "System::Tools"
 chsmack %{_bindir}/systemd-inhibit -a "System::Tools"
 chsmack %{_bindir}/udevadm -a "System::Tools"
 chsmack %{_bindir}/systemd-escape -a "System::Tools"
 chsmack %{_bindir}/systemd-path -a "System::Tools"
 chsmack %{_prefix}/lib/systemd/* -a "System::Tools"
+%if %{?WITH_VIRT}
+chsmack %{_bindir}/systemd-detect-virt -a "System::Tools"
+%endif
 
 %postun
 if [ $1 -ge 1 ] ; then
@@ -562,7 +568,6 @@ fi
 %{_bindir}/systemd-cgls
 %{_bindir}/systemd-cgtop
 %{_bindir}/systemd-delta
-%{_bindir}/systemd-detect-virt
 %{_bindir}/systemd-inhibit
 %{_bindir}/systemd-id128
 %{_bindir}/udevadm
@@ -573,6 +578,9 @@ fi
 %{_prefix}/lib/sysctl.d/*.conf
 %{_prefix}/lib/systemd/systemd
 %{_prefix}/lib/systemd/system
+%if %{?WITH_VIRT}
+%{_bindir}/systemd-detect-virt
+%endif
 
 %dir %{_prefix}/lib/systemd/system/basic.target.wants
 %dir %{_prefix}/lib/systemd/user
diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build
index 0d3022b..68872a7 100644
--- a/shell-completion/bash/meson.build
+++ b/shell-completion/bash/meson.build
@@ -23,7 +23,7 @@ if bashcompletiondir != 'no'
                  ['systemd-cgls',        ''],
                  ['systemd-cgtop',       ''],
                  ['systemd-delta',       ''],
-                 ['systemd-detect-virt', ''],
+                 ['systemd-detect-virt', 'ENABLE_VIRT'],
                  ['systemd-nspawn',      ''],
                  ['systemd-path',        ''],
                  ['systemd-run',         ''],
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 6ba880d..cdb0480 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -329,6 +329,7 @@ static int detect_vm_zvm(void) {
 
 /* Returns a short identifier for the various VM implementations */
 int detect_vm(void) {
+#if ENABLE_VIRT
         static thread_local int cached_found = _VIRTUALIZATION_INVALID;
         bool other = false;
         int r, dmi;
@@ -430,9 +431,13 @@ finish:
         cached_found = r;
         log_debug("Found VM virtualization %s", virtualization_to_string(r));
         return r;
+#else
+        return VIRTUALIZATION_NONE;
+#endif
 }
 
 int detect_container(void) {
+#if ENABLE_VIRT
         static const struct {
                 const char *value;
                 int id;
@@ -544,6 +549,9 @@ finish:
         log_debug("Found container virtualization %s.", virtualization_to_string(r));
         cached_found = r;
         return r;
+#else
+        return VIRTUALIZATION_NONE;
+#endif
 }
 
 int detect_virtualization(void) {