platform/upstream/systemd.git
12 months agosd-device: make devpath check stricter 58/300858/1 accepted/tizen/8.0/unified/20231108.165827
Yu Watanabe [Thu, 18 Feb 2021 15:41:08 +0000 (00:41 +0900)]
sd-device: make devpath check stricter

See assertion in sd_device_get_devpath().

(Backporting comment)
There sometimes and empty devpath comes from the function. See the
deviced commit, 2628c5aed5c0e712e1fbd7d571ef0b640f5afbec.

Original: upstream, https://github.com/systemd/systemd/pull/18684
Change-Id: I29816219b3fc40eb13c1bf4bbb5d84b9782da333
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
12 months agosd-device: do not cache an empty string but clear cache on failre 57/300857/1
Yu Watanabe [Thu, 18 Feb 2021 08:13:41 +0000 (17:13 +0900)]
sd-device: do not cache an empty string but clear cache on failre

And propagate the original error on write.
Note that some attributes are read-only.

Original: upstream, https://github.com/systemd/systemd/pull/18684
Change-Id: I995f86a156b5e974844e0fec9aabf384302a0c3b
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
15 months agotizen: Use openssl3 if needed 91/296091/2 accepted/tizen/8.0/unified/20231005.095555 accepted/tizen/unified/20230727.173047 accepted/tizen/unified/20230731.175303 tizen_8.0_m2_release
Karol Lewandowski [Wed, 19 Jul 2023 13:29:26 +0000 (15:29 +0200)]
tizen: Use openssl3 if needed

This commit updates ssl dependency to openssl3.

However, in default tizen configuration openssl is not
used at all as only component using it (systemd-resolved,
as enabled/disabled via -Dresolve=true/false) is disabled.

Change-Id: I3a51139cef21ce80acecfef84f5c3a47a7d7cca1

16 months agoFix to check if string is NULL or not 24/295024/3 accepted/tizen/unified/20230706.152155 accepted/tizen/unified/riscv/20230718.003643
wchang kim [Fri, 30 Jun 2023 02:21:39 +0000 (11:21 +0900)]
Fix to check if string is NULL or not

An error occured while trying to build for riscv64 using gcc-13:
 > [  105s] In file included from ../src/nspawn/test-nspawn-tables.c:4:
 > [  105s] ../src/shared/test-tables.h: In function '_test_table.constprop':
 > [  105s] ../src/shared/test-tables.h:30:42: error: '%s' directive argument is null [-Werror=format-overflow=]
 > [  105s]    30 |                         printf("%s: %d → %s → %d\n", name, i, val, rev);
 > [  105s]       |                                          ^~
 > [  105s] ../src/shared/test-tables.h:30:42: error: '%s' directive argument is null [-Werror=format-overflow=]
 > [  105s] cc1: some warnings being treated as errors

The "val" can be NULL but the original code does not checking it, so the
compiler is complaining about it.

To fix this issue, ternary operator for val was used:
 > printf("%s: %d → %s → %d\n", name, i, val ? val : "(null)", rev);

Change-Id: I8f1b2b45d152ec362977154f62e333807392da76
Signed-off-by: SangYoun Kwak <sy.kwak@samsung.com>
16 months agoAvoid passing NULL as format parameter 03/295003/1 accepted/tizen/unified/dev/20230726.115516
Łukasz Stelmach [Thu, 29 Jun 2023 11:05:23 +0000 (13:05 +0200)]
Avoid passing NULL as format parameter

GCC reported possible problem with passing NULL returned from
*_to_string() helpers as an argument for '%s' in a format string.

../src/core/job.c: In function 'job_finish_and_invalidate':
../src/core/job.c:976:27: error: '%s' directive argument is null [-Werror=format-overflow=]
  976 |         log_unit_debug(u, "Job %" PRIu32 " %s/%s finished, result=%s", j->id, u->id, job_type_to_string(t), job_result_to_string(result));
      |                           ^~~~~~~
../src/core/unit.h:878:190: note: in definition of macro 'log_unit_full'
  878 |                 _u ? log_object_internal(level, error, PROJECT_FILE, __LINE__, __func__, _u->manager->unit_log_field, _u->id, _u->manager->invocation_log_field, _u->invocation_id_string, ##__VA_ARGS__) : \
      |                                                                                                                                                                                              ^~~~~~~~~~~
../src/core/job.c:976:9: note: in expansion of macro 'log_unit_debug'
  976 |         log_unit_debug(u, "Job %" PRIu32 " %s/%s finished, result=%s", j->id, u->id, job_type_to_string(t), job_result_to_string(result));
      |         ^~~~~~~~~~~~~~

Wrapping the helpers in strna() prevents this from happening.

Further fixes may be applied depending on the outcomes of the discussion
on the systemd-devel mailing list.

Change-Id: Id73f2bc887f46bb07fc960d264953cd5dfce82de
Link: https://lists.freedesktop.org/archives/systemd-devel/2023-June/049215.html
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
19 months agoInclude <sys/mount.h> in decl_headers 67/290367/1 submit/tizen/20230428.093600
Łukasz Stelmach [Thu, 23 Mar 2023 21:15:04 +0000 (22:15 +0100)]
Include <sys/mount.h> in decl_headers

To properly decide whetehr to include <linux/fs.h> or not <sys/mount.h>
needs to be included too.

Change-Id: I897ad9cffd24f10fbfeda244101f3048239cfaac
Fixes: cbe32a421e ("glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36")
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
19 months agoDrop bundled copy of linux/if_arp.h 66/290366/1
Zbigniew Jędrzejewski-Szmek [Wed, 15 Sep 2021 14:33:05 +0000 (16:33 +0200)]
Drop bundled copy of linux/if_arp.h

As far as I can see, we use this to get a list of ARPHRD_* defines (used in
particular for Type= in .link files). If we drop our copy, and build against
old kernel headers, the user will have a shorter list of types available.  This
seems OK, and I don't think it's worth carrying our own version of this file
just to have newest possible entries.

7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd
have to update it every time the kernel adds new entries. But if we look at
the failure carefully:

src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’?
   65 | MCTP, ARPHRD_MCTP
      |                ^~
      |                ARPHRD_FCPP

we see that the list we were generating was from the system headers, so it was
only as good as the system headers anyway, without the newer entries in our
bundled copy, if there were any. So let's make things simpler by always using
system headers.

And if somebody wants to fix things so that we always have the newest list,
then we should just generate and store the converted list, not the full header.

Change-Id: I03616d75404bea068c2e56bf47417b0fb9cd32a0
Origin: upstream, https://github.com/systemd/systemd/commit/e7f46ee3ae1cc66a94b293957721d68dc09d7449
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
19 months agoFix an error on dlog-redirection 07/289907/2
Junghak Sung [Wed, 15 Mar 2023 07:39:30 +0000 (16:39 +0900)]
Fix an error on dlog-redirection

When both stdout and stderr are set as dlog, log tag and priority of
stderr is not set properly.

Change-Id: Ia14de6aeff3828aa0d6a27210fa96c53ee577c8d
Signed-off-by: Junghak Sung <jh1009.sung@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
20 months agoMerge changes from topic "CVE-2020-1712" into tizen accepted/tizen/unified/20230215.100705
Karol Lewandowski [Mon, 13 Feb 2023 13:29:08 +0000 (13:29 +0000)]
Merge changes from topic "CVE-2020-1712" into tizen

* changes:
  Fix typo in function name
  man: document the new sd_bus_enqueue_for_read() API call
  polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
  sd-bus: introduce API for re-enqueuing incoming messages
  polkit: use structured initialization
  polkit: on async pk requests, re-validate action/details
  polkit: reuse some common bus message appending code
  bus-polkit: rename return error parameter to ret_error
  shared: split out polkit stuff from bus-util.c → bus-polkit.c

21 months agoFix typo in function name 40/287440/3
Zbigniew Jędrzejewski-Szmek [Tue, 4 Feb 2020 17:39:04 +0000 (18:39 +0100)]
Fix typo in function name

Origin: upstream, https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
Change-Id: Ia51b9fa4c747fa80f4f6f7a7c44c7c5225b0f5b1
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agoman: document the new sd_bus_enqueue_for_read() API call 39/287439/3
Lennart Poettering [Wed, 22 Jan 2020 16:44:33 +0000 (17:44 +0100)]
man: document the new sd_bus_enqueue_for_read() API call

Origin: upstream, https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82
Change-Id: I40ea7e0d913bc80e96a4875818ae3d266e0cf70e
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agopolkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it 37/287437/3
Lennart Poettering [Wed, 22 Jan 2020 16:07:47 +0000 (17:07 +0100)]
polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it

Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.

Origin: upstream, https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
Change-Id: Ifaeb5142c9a574a04017167fbccc45388cc72956
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agosd-bus: introduce API for re-enqueuing incoming messages 38/287438/3
Lennart Poettering [Wed, 22 Jan 2020 16:05:17 +0000 (17:05 +0100)]
sd-bus: introduce API for re-enqueuing incoming messages

When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.

This might have other uses too, for example debugging.

(Resolve build error from cherry-pick) In libsystemd.sym, removed
unnecessary symbols:
  LIBSYSTEMD_245 {
  global:
          sd_bus_enqueue_for_read;
 -        sd_bus_message_dump;
 -        sd_bus_message_sensitive;
 -        sd_event_add_child_pidfd;
 -        sd_event_source_get_child_pidfd;
 -        sd_event_source_get_child_pidfd_own;
 -        sd_event_source_set_child_pidfd_own;
 -        sd_event_source_get_child_process_own;
 -        sd_event_source_set_child_process_own;
 -        sd_event_source_send_child_signal;
 -        sd_journal_open_namespace;
  } LIBSYSTEMD_243;

Origin: upstream, https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
Change-Id: Iad04610bf0b50be04bc870c7fc42b1d9c991cfa2
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agopolkit: use structured initialization 36/287436/3
Lennart Poettering [Wed, 22 Jan 2020 15:53:59 +0000 (16:53 +0100)]
polkit: use structured initialization

Origin: upstream, https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b
Change-Id: Ife9992a56217915576538fca72a1e1acafdd0eb5
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agopolkit: on async pk requests, re-validate action/details 35/287435/3
Lennart Poettering [Wed, 22 Jan 2020 15:52:10 +0000 (16:52 +0100)]
polkit: on async pk requests, re-validate action/details

When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.

Origin: upstream, https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab
Change-Id: I677423b7fba07222e39b7df965d3896f4d2f2875
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agopolkit: reuse some common bus message appending code 34/287434/3
Lennart Poettering [Wed, 22 Jan 2020 15:44:43 +0000 (16:44 +0100)]
polkit: reuse some common bus message appending code

Origin: upstream, https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59
Change-Id: Idbe75031d9e9c23248fe4174c9ad48c67caf2ca2
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agobus-polkit: rename return error parameter to ret_error 33/287433/3
Lennart Poettering [Wed, 22 Jan 2020 13:29:43 +0000 (14:29 +0100)]
bus-polkit: rename return error parameter to ret_error

Origin: upstream, https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e
Change-Id: Ife1bb544e3d0c868f62f37ea0172d1f105b710db
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agoshared: split out polkit stuff from bus-util.c → bus-polkit.c 32/287432/3
Lennart Poettering [Wed, 22 Jan 2020 10:39:22 +0000 (11:39 +0100)]
shared: split out polkit stuff from bus-util.c → bus-polkit.c

It's enough, complex stuff to warrant its own source file.

No other changes, just splitting out.

(Resolve build error from cherry-pick) In bus-util.c, leave fd-util.h
and proc-cmdline.h for code preprocessed by ENABLE_KDBUS macro.
 +#if ENABLE_KDBUS
 +#include "fd-util.h"
 +#include "proc-cmdline.h"
 +#endif

Origin: upstream, https://github.com/systemd/systemd/commit/269e4d2d6b75329ae39a71ebe2c14500e03cda95
Change-Id: I9cc9f51f614bf5f8059422cc1923aa88a5812560
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
21 months agoMake an assertion stricter (SVACE) 89/287189/1
Michal Bloch [Mon, 23 Jan 2023 18:32:00 +0000 (19:32 +0100)]
Make an assertion stricter (SVACE)

Change-Id: I88e5ea15729c2d65638b5eb208d7c2c800010f14

22 months agoglibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict... 38/285138/4
Rudi Heitbaum [Sat, 23 Jul 2022 10:38:49 +0000 (10:38 +0000)]
glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36

Origin: https://github.com/systemd/systemd/commit/3657d3a01c7e25ff86d7a4642065b367c4ff7484
Change-Id: I88e5ea15729c2d65638b5eb208d7c2c800010f13
Signed-off-by: Marek Pikuła <m.pikula@partner.samsung.com>
2 years agotizen: remove rules.d/60-persistent-v4l.rules 33/283133/1 accepted/tizen/unified/20221102.172732
Marek Szyprowski [Mon, 17 Oct 2022 14:12:03 +0000 (16:12 +0200)]
tizen: remove rules.d/60-persistent-v4l.rules

Calling v4lid sequentially on all /dev/videoX devices is known to cause
problems on various embedded/vendor kernels. Disable this by removing
60-persistent-v4l.rules udev rules. Vendor camera devices usually comes
with their own custom nubmering, so there is no need for such udev rule
anyway.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I6ccdf56eb6a10b341a9c5e330962bda97eed06ac

2 years agotizen: Change the SMACK label for systemd in the user session 97/277097/4 accepted/tizen_7.0_unified_hotfix tizen_7.0_hotfix accepted/tizen/7.0/unified/20221110.060818 accepted/tizen/7.0/unified/hotfix/20221116.111446 accepted/tizen/unified/20220726.012229 submit/tizen/20220715.061845 submit/tizen/20220720.034627 submit/tizen/20220721.112425 submit/tizen/20220725.022745 tizen_7.0_m2_release
Łukasz Stelmach [Wed, 29 Jun 2022 15:00:10 +0000 (17:00 +0200)]
tizen: Change the SMACK label for systemd in the user session

Change the SMACK label for systemd in the user session to
System::Privileged to avoid problems with handling
org.freedesktop.systemd1.Manager.GetUnitByPID method.

Change-Id: If9f30e57050f01004c56b85235ad50d49710ac53
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
2 years agotizen: Set DefaultSmackProcessLabel to User 96/277096/4
Łukasz Stelmach [Tue, 28 Jun 2022 15:15:37 +0000 (17:15 +0200)]
tizen: Set DefaultSmackProcessLabel to User

Run user session services with the User SMACK label instead of
System::Privileged inherited from systemd.

Change-Id: Ia3759dea4fb248aa88dcd303a4ae4a400d89f580
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
2 years agotizen: Set AmbientCapabilities in user@.service 95/277095/4
Łukasz Stelmach [Tue, 28 Jun 2022 13:31:24 +0000 (15:31 +0200)]
tizen: Set AmbientCapabilities in user@.service

Replace obsolete Capabilities option in user@.service with
AmbientCapabilities to provide appropriate set of capabilties for systemd
to manage user session.

According to capability set transformation rules described in
capabilities(7)

    if a process with nonzero user IDs performs an execve(2) then any
    capa‐ bilities that are present in its permitted and effective
    sets will be cleared.

This means that for systemd running with nonzero UID (i.e. as the user
session manager) to keep permitted and effective capability
sets non-empty without setting file capabilities for systemd it is
required to use ambient capabilities.

Using file capabilities for systemd may be a wrong choice in the long
term, because different sets of capabilities may be assigned to different
user sessions.

Change-Id: I479fbbcf153737dbf88340ef4eb4be15d707a9a4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
2 years agocore: drop ambient capabilities in user manager 45/277745/2
Łukasz Stelmach [Tue, 12 Jul 2022 11:57:32 +0000 (13:57 +0200)]
core: drop ambient capabilities in user manager

Ambient capabilities should not be passed implicitly to user
services. Dropping them does not affect other sets which are importat
for the manager itself to operate.

Change-Id: Ib3c4b2d59830537e89b5e85a196a4ca1a65fed77
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Forwarded: https://github.com/systemd/systemd/pull/23988

2 years agosmack: Add DefaultSmackProcessLabel to user.conf and system.conf 44/277744/2
Łukasz Stelmach [Wed, 6 Jul 2022 11:09:51 +0000 (13:09 +0200)]
smack: Add DefaultSmackProcessLabel to user.conf and system.conf

DefaultSmackProcessLabel tells systemd what label to assign to its child
process in case SmackProcessLabel is not set in the service file. By
default, when DefaultSmackProcessLabel is not set child processes inherit
label from systemd.

If DefaultSmackProcessLabel is set to "/" (which is an invalid character
for a SMACK label) the DEFAULT_SMACK_PROCESS_LABEL set during compilation
is ignored and systemd act as if the option was unset.

Change-Id: Ia432ed6de72476984d22412467da48cc851fd32a
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Origin: https://github.com/systemd/systemd/commit/aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a

2 years agobasic: Drop ambient inherited capabilities by default 43/277743/1
Kevin Kuehler [Sun, 24 Nov 2019 09:27:09 +0000 (01:27 -0800)]
basic: Drop ambient inherited capabilities by default

Modify the functions capability_update_inherited_set() and
capability_ambient_set_apply() to drop capabilities not explicitly
requested by the user.

Change-Id: I6e5c6426b946e652bc1fd0f75a8ae41bd2b9f8e2
Origin: https://github.com/systemd/systemd/commit/82d832b435a0ae799011aeec75584af8188fb8db
Signed-off-by: Łukasz Stelmach <l.stelmach@sasmsung.com>
2 years agocore: Fix memory leaks 70/276770/1
Łukasz Stelmach [Tue, 21 Jun 2022 10:12:01 +0000 (12:12 +0200)]
core: Fix memory leaks

arg_early_core_pattern and arg_watchdog_device hold pointers to memory
allocated with strdup() (inside path_make_absolute_cwd). The memory needs
to be freed in reset_arguments() during reload rather than forgotten.

Change-Id: I2ab2fb856ce9dae70443430d99279f4d4848231e
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Origin: https://github.com/systemd/systemd/commit/919ea64f69f710840c1bc93f0f7cb7c51aae45d0

2 years agoRefuse daemon-reload request during boot time 24/275824/1
Hyotaek Shim [Thu, 2 Jun 2022 07:53:13 +0000 (16:53 +0900)]
Refuse daemon-reload request during boot time

daemon-reload operations can empty the cgroup procs of transient unit,
resulting in user@5001.service stop.

org.freedesktop.systemd1.Manager.Reload
  V
unit_free()
  V
unit_unwatch_pid() Unit=user-5001.slice <-- tlm-sessiond
  V
/sys/fs/cgroup/systemd/user.slice/user-5001.slice/session-c1.scope becomes empty
  V
systemd-logind removes session-c1.scope by garbage collection
  V
user@5001.service stops

Change-Id: I6195ed25a99c8506534b3bc8d72fbf83906b107c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
2 years agoRemove StopWhenUnneeded=yes in user-runtime-dir@.service.in 71/275571/2
Hyotaek Shim [Thu, 26 May 2022 09:05:29 +0000 (18:05 +0900)]
Remove StopWhenUnneeded=yes in user-runtime-dir@.service.in

user-runtime-dir@.service should never stop.
When it stops,
user@5001.service(Requires=user-runtime-dir.service) stops accordingly.

Change-Id: I24f5780ab0eebcfbd2efa4c75141f817a9242bca
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
2 years agoRun booting-done.service as root:root System 31/274231/1 accepted/tizen/unified/20220526.143937 submit/tizen/20220425.073332 submit/tizen/20220426.010256 submit/tizen/20220525.001052
Hyotaek Shim [Mon, 25 Apr 2022 06:21:19 +0000 (15:21 +0900)]
Run booting-done.service as root:root System

booting-done.service should be privileged to be responsible for
checkpointing booting status not only for normal booting
but also for FOTA and recovery booting.

Change-Id: Ic17dd0559544c323dedfe7c9b5ad13d01bc65588
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
2 years agotizen: mount /run/user/UID with noexec 01/272801/1 accepted/tizen/unified/20220328.131541 accepted/tizen/unified/20220420.135441 submit/tizen/20220325.021552 submit/tizen/20220419.035135 submit/tizen/20220419.072132
Karol Lewandowski [Thu, 24 Mar 2022 16:03:56 +0000 (17:03 +0100)]
tizen: mount /run/user/UID with noexec

There is no point in having /run/user/UID mounted with exec, especially
that /run itself is mounted with noexec.

Change-Id: I16d46c3f3103205edf81764ca479ee0a569f90f7

2 years agoAdd cap_sys_chroot=i in user@.service 30/270630/1 accepted/tizen/unified/20220208.112111 submit/tizen/20220207.065417
Hyotaek Shim [Mon, 7 Feb 2022 06:43:35 +0000 (15:43 +0900)]
Add cap_sys_chroot=i in user@.service

[Problem]
Subject: FW: RE:(2) ~RE(3): [Debug Attach] Program Symbols Not Loading

+ Tomasz Swierczek

Hello Tomasz,

A problem has been reported that the "Debug Attach" function does not work in Tizen Studio.
(For more information, please refer to the mails below.)

This seems to be related to mount namespace separation operation.
If we revert https://review.tizen.org/gerrit/#/c/platform/core/appfw/launchpad/+/212712/ , it works well as expected.
It seems that the gdserver process requires setns operation to attach to the app process that is already in operation.

To solve this problem, capabilities need to be assigned to "gdserver" executable file, but it is pushed by tizen-studio
during the runtime of debugging, so "setcap" does not work because it has "sdk_user" permission.

There seems to be no solution at the moment, if you have any good ideas, please share them.

Thanks,
Jin-gyu Kim

[Solution]
Precondition : A. launchpad needs to know that the current request was made by the gdbserver.
               B. launchpad needs to know the pid of the target app process.
1. Add "cap_sys_chroot" to launchpad process. (It should be also included in user@.service as an inheritable option.)
2. If the current request is executed by the gdbserver, it's namespace needs to be equal to the target app process by using setns().
   - setns() requires the pid of target app process. (Please refer https://man7.org/linux/man-pages/man2/setns.2.html)
     example : int fd = open("/proc/1234/ns/mnt", O_RDONLY); setns(fd,0); // "/proc/[pid]/ns/mnt"
   - These must be executed before "security_manager_prepare_app()".

Change-Id: Ief42b5e40259fa074ec110cfac957508dcb468d3
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
2 years agotizen: ensure standard reboot/poweroff not return to shell 03/270103/5 accepted/tizen/unified/20220204.132338 submit/tizen/20220203.172509
Karol Lewandowski [Tue, 25 Jan 2022 17:20:21 +0000 (18:20 +0100)]
tizen: ensure standard reboot/poweroff not return to shell

Change-Id: Iece3b236f3f2848179dacd3a7ac8afdb008af482

2 years agoFix build error regarding meson 0.60.3 upgrade 86/269286/3 accepted/tizen/unified/20220117.135001 submit/tizen/20220113.094646
Hyotaek Shim [Wed, 12 Jan 2022 09:42:00 +0000 (18:42 +0900)]
Fix build error regarding meson 0.60.3 upgrade

The new guideline is to use 'and' instead of '+'.

Change-Id: I92634e5d06d31858b1cac3eccd5e57625fdce28a
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
2 years agoAdd device_board_set_boot_success in booting-done.service 24/269024/4
Hyotaek Shim [Thu, 6 Jan 2022 11:32:30 +0000 (20:32 +0900)]
Add device_board_set_boot_success in booting-done.service

/usr/bin/device_board_set_boot_success reports boot success to the bootloader.
If boot success is not reported for, e.g., 10-times booting in a row,
bootloader recovers the system.

-- Bootloader --
If (BOOT_SUCCESS flag is set) {
Clear the BOOT_SUCCESS flag
BOOT_FAIL_COUNT = 0
} Else {
If (++ BOOT_FAIL_COUNT > 10) {
BOOT_FAIL_COUNT = 0
Restore to the other partitions (e.g., b -> a)
Proceed to the recovery booting (ramdisk-recovery, bootmode="recovery")
          }
}

Proceed to the normal booting (ramdisk, bootmode="")

Change-Id: I581c5dbcf216806dfcff826bbdf7ca82dc944676
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
3 years agoMerge "spec: remove unused dbus.target.wants" into tizen accepted/tizen/6.5/unified/20211029.015012 accepted/tizen/unified/20210804.085608 submit/tizen/20210802.233210 submit/tizen_6.5/20211028.163901 tizen_6.5.m2_release
Hyotaek Shim [Mon, 2 Aug 2021 02:10:53 +0000 (02:10 +0000)]
Merge "spec: remove unused dbus.target.wants" into tizen

3 years agospec: remove unused dbus.target.wants 46/259446/3
INSUN PYO [Tue, 8 Jun 2021 06:33:09 +0000 (15:33 +0900)]
spec: remove unused dbus.target.wants

Change-Id: Ibf05bd9901ce98110c7bb48e62810b8fd6baaf9c

3 years agosystemd: fix smack error 58/260758/3
INSUN PYO [Fri, 2 Jul 2021 04:34:32 +0000 (13:34 +0900)]
systemd: fix smack error

A user systemd session accesses /proc/1/sched to detect container.

Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:14 localhost audit[636]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=636 comm="systemd" name="sched" dev="proc" ino=12247
Jan 01 09:00:23 localhost audit[915]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=915 comm="systemctl" name="sched" dev="proc" ino=12247

Change-Id: I0d6f632b090582888c45f309c8a8bf06f4f0f510

3 years agoudev: add "Requires: acl" dependency 69/259369/3
INSUN PYO [Mon, 7 Jun 2021 02:06:33 +0000 (11:06 +0900)]
udev: add "Requires: acl" dependency

input udev rule uses /usr/bin/setfacl command.
===============================================================================================n
55-udev-smack-default.rules:SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*|ts[0-9]*|uinput",
        GROUP="input", SECLABEL{smack}="*", RUN+="/usr/bin/setfacl -m group:priv_keygrab:r %N"
===============================================================================================

Change-Id: I041cfda0c1ef58f02dea8e2ec9fc004121a42cd8

3 years agobasic/unit-name: do not use strdupa() on a path 87/261687/2 accepted/tizen/unified/20210727.124539 submit/tizen/20210726.050348
Zbigniew Jędrzejewski-Szmek [Wed, 23 Jun 2021 09:46:41 +0000 (11:46 +0200)]
basic/unit-name: do not use strdupa() on a path

The path may have unbounded length, for example through a fuse mount.

CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.

https://bugzilla.redhat.com/show_bug.cgi?id=1970887

The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.

Change-Id: I4e2d3a82bbc4f53845cca6186c62588d8894566e

3 years agospec: remove deprecated pc files 50/252750/6 accepted/tizen/unified/20210723.122823 submit/tizen/20210722.020409 submit/tizen/20210722.025331
INSUN PYO [Tue, 2 Feb 2021 06:18:21 +0000 (15:18 +0900)]
spec: remove deprecated pc files

 - /usr/lib/pkgconfig/libsystemd-daemon.pc
 - /usr/lib/pkgconfig/libsystemd-id128.pc
 - /usr/lib/pkgconfig/libsystemd-journal.pc
 - /usr/lib/pkgconfig/libsystemd-login.pc

Change-Id: I4e2d3a82bbc4f53845cca6186c62588d8894566f

3 years agoRedirect stdout/stderr to dlog by default 79/256579/4 accepted/tizen/unified/20210701.122836 submit/tizen/20210630.085725
Hyotaek Shim [Wed, 7 Apr 2021 10:55:13 +0000 (19:55 +0900)]
Redirect stdout/stderr to dlog by default

Change-Id: I5682de7dce014f76f403406ef73c7bd5a9661d5f
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
3 years agoEnable virtualization feature 14/260514/2 accepted/tizen/unified/20210629.130206 submit/tizen/20210628.062124
INSUN PYO [Mon, 28 Jun 2021 05:51:22 +0000 (14:51 +0900)]
Enable virtualization feature

From now on, tizen supports docker.

Change-Id: I2ec4d5a9266fb5190279e57906a056d090b8eb9a

3 years agoRemove final.target dependency from reboot sequence 47/259547/2 accepted/tizen/unified/20210611.145118 submit/tizen/20210610.022051
Hyotaek Shim [Wed, 9 Jun 2021 10:42:35 +0000 (19:42 +0900)]
Remove final.target dependency from reboot sequence

Change-Id: I289839f05abd3830691119ac8c9a8a7c370e757e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
3 years agobasic/cap-list: parse/print numerical capabilities 19/259319/1 accepted/tizen/unified/20210607.124406 submit/tizen/20210604.102811
Zbigniew Jędrzejewski-Szmek [Thu, 9 Jul 2020 21:15:47 +0000 (23:15 +0200)]
basic/cap-list: parse/print numerical capabilities

We would refuse to print capabilities which were didn't have a name
for. The kernel adds new capabilities from time to time, most recently
cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
"Failed to parse bus message: Invalid argument" because
capability_set_to_string_alloc() would fail with -EINVAL. So let's
print such capabilities in hexadecimal:

CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
  cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
  cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
  cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
  0x17 0x18 0x19 0x1a ...

For symmetry, also allow capabilities that we don't know to be specified.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.

Change-Id: I9cb97a37024d9781fdf3bc741eb1cdc801e91bb5

3 years agoRevert "Description : adding force option to reboot command." 43/258343/1 accepted/tizen/unified/20210528.134728 submit/tizen/20210528.010751
Karol Lewandowski [Thu, 13 May 2021 14:28:15 +0000 (16:28 +0200)]
Revert "Description : adding force option to reboot command."

This reverts commit e03bd8dae27026782e1cf524b78f87637238cf5c.

Description is not enough to keep this, and quite likely the
problem is long gone.

Tizen uses it's own shutdown program (deviced-shutdown) from
around Tizen 5.x, which handles the shutdown sequence exactly
as wanted.

Right now it actually causes more harm than good, as it makes
impossible to run any action for two out of four "shutdown"
actions.

Change-Id: I871ffa573fefbb280a5b23e4cd62727dda478eb5

3 years agotizen: Do not use shutdown.target for shutdown 00/258100/1
Karol Lewandowski [Mon, 10 May 2021 13:58:27 +0000 (15:58 +0200)]
tizen: Do not use shutdown.target for shutdown

shutdown.target is special unit to which systemd automatically adds
Conflicts= with for every unit.

By removing the relation to this target in shutdown units we practically
change the shutdown to use only explicitly configured units.

Change-Id: I93a43cdb3875250920e3e49817ffcd6f7f7725b6

3 years agoRevert "Temporarily remove dlog_connect_fd()" 00/257200/1
Hyotaek Shim [Wed, 21 Apr 2021 05:39:48 +0000 (05:39 +0000)]
Revert "Temporarily remove dlog_connect_fd()"

This reverts commit 34e316b4345a71a353c0ff622975144e0af98515.

Change-Id: I4f86bdfda8dd0a4b99dcb02bd2ad0a32a0602f93

3 years agoTemporarily remove dlog_connect_fd() 69/257169/1 accepted/tizen/unified/20210421.101211 submit/tizen/20210420.085549
Hyotaek Shim [Tue, 20 Apr 2021 08:49:14 +0000 (17:49 +0900)]
Temporarily remove dlog_connect_fd()

Change-Id: Iba815676531a7561c4c4f7c12263464b1dba7f22
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
3 years agoUse new dlog-redirect-stdout api function 66/256766/1 submit/tizen/20210419.103606
Karol Lewandowski [Mon, 12 Apr 2021 12:51:17 +0000 (14:51 +0200)]
Use new dlog-redirect-stdout api function

Change-Id: I5bcc23a74950d2d8ae0db2ecabf5ea14d358b0ec

3 years agoAdd "dlog|journal" output redirection option 90/256590/1
Michal Bloch [Wed, 7 Apr 2021 12:54:42 +0000 (14:54 +0200)]
Add "dlog|journal" output redirection option

Journal seems to default to /dev/null even when not explicitly
specified, so there is no separate "dlog|journal|null".

Change-Id: I5682de7dce014f76f403406ef73c7bd5a9661d5e

3 years agoMerge "Basic PoC for DLog stdout redirector" into tizen accepted/tizen/unified/20210328.230635 submit/tizen/20210324.095642 submit/tizen/20210326.090524
Karol Lewandowski [Wed, 24 Mar 2021 21:16:40 +0000 (21:16 +0000)]
Merge "Basic PoC for DLog stdout redirector" into tizen

3 years agoBasic PoC for DLog stdout redirector 04/255204/3
Michal Bloch [Mon, 8 Feb 2021 14:06:03 +0000 (15:06 +0100)]
Basic PoC for DLog stdout redirector

Set Standard{Output,Error}=dlog in a service file,
or DefaultStandard{Output,Error}=dlog for global.

Note that setting the global default should only
really be done if DLog is working under the Android
Logger backend, since the Pipe backend daemon is
not really available early on which can make early
daemons fail.

Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bbb

3 years agosystemd: Fix busctl crash on aarch64 when setting output table format 87/255687/1 accepted/tizen/unified/20210324.124406 submit/tizen/20210323.013050
Alin Popa [Fri, 14 Feb 2020 08:33:43 +0000 (09:33 +0100)]
systemd: Fix busctl crash on aarch64 when setting output table format

The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
It also fixes all other occurences for table_set_display() and
table_set_sort().

Change-Id: Ie225491ae3f9752183d6ea7993d02ef450ed6ab6

3 years agosystemd: Fix busctl crash on aarch64 when setting output table format 77/255677/1 submit/tizen/20210322.103524
Alin Popa [Fri, 14 Feb 2020 08:33:43 +0000 (09:33 +0100)]
systemd: Fix busctl crash on aarch64 when setting output table format

The enum used for column names is integer type while table_set_display() is parsing
arguments on size_t alignment which may result in assert in table_set_display() if
the size between types missmatch. This patch cast the enums to size_t.
An alternative solution would be to change the table_set_display() function
arguments to unsigned type.

Change-Id: I862db0168d58ecb3b7ee7dcf7f751be5a6121fd9

3 years agounit: fix serial console baudrate to 115200 24/254524/1 accepted/tizen/unified/20210309.140734 submit/tizen/20210308.075822
INSUN PYO [Thu, 4 Mar 2021 06:22:39 +0000 (15:22 +0900)]
unit: fix serial console baudrate to 115200

Due to noise coming into the serial console or other abnormal behavior,
agetty changes the baudrate in the following order: 115200, 38400, 9600.

Since tizen only uses 115200 baudrate, this is fixed.

It is reported in the DA.

Change-Id: Icf7224d1fabd4cdb45971ac9314ed4d19d220bb1

3 years agospec: depend on libdbuspolicy1 81/253481/1 accepted/tizen/unified/20210223.065504 submit/tizen/20210222.053410 submit/tizen/20210222.105934
Adrian Szyndela [Thu, 11 Feb 2021 08:08:26 +0000 (09:08 +0100)]
spec: depend on libdbuspolicy1

kdbus.h is being moved to libdbuspolicy1 package.

Change-Id: Ib9009bc7fdc5c407d6e9349a028a81322294d2d7

3 years agodelayed: rework dealyed service without capability of /usr/bin/touch 00/248900/3 accepted/tizen/unified/20201224.151528 submit/tizen/20201223.002921
INSUN PYO [Thu, 3 Dec 2020 06:07:43 +0000 (15:07 +0900)]
delayed: rework dealyed service without capability of /usr/bin/touch

VD security remove capability of /usr/bin/touch. (cap_dac_override=ei)

Change permision and group of /run/systemd/system
from 0755/root/root to 0775/root/systemf_fw.

Change-Id: I6e2189c2cd0d4a86db995651b43a4dcdc25fcabf

3 years agotizen: Search for configuration files in /hal dir 02/248702/7 accepted/tizen/unified/20201210.124556 submit/tizen/20201209.021155
Karol Lewandowski [Tue, 1 Dec 2020 11:34:31 +0000 (12:34 +0100)]
tizen: Search for configuration files in /hal dir

Since Tizen 6.5, a HAL image is mounted on the /hal directory,
which contains hardware-specific configurations and drivers,
for better portability of Tizen.

This is the priority of path searching for configuration file.
 1. /etc/
 2. /run/
 3. /usr/local/lib/
 4. /usr/lib/
 5. /hal/lib/

When the same file exists, the higher priority file is used.
In this case, "/etc" is the highest priority.

Because hal can never override platform,
hal has a lower priority than platform.

Change-Id: Ie5e6cf98e64b4317bda23d49571b5c0f60084569
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Change search order for /hal to be searched last ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
3 years agosysctl: delete unnecessary sysctl-tizen-override.conf 14/249114/1
INSUN PYO [Mon, 7 Dec 2020 07:26:51 +0000 (16:26 +0900)]
sysctl: delete unnecessary sysctl-tizen-override.conf

/proc/sys/net/core/default_qdisc has only pfifo_fast values in all targets.
(TM1, TW2, TW3, RPI3, RPI4, ARTIK, EMUL)

If this conf does not exist, there is warning journal log and this is not harmful.
"Jan 01 11:36:16 localhost systemd-sysctl[208]: Couldn't write 'pfifo_fast' to 'net/core/default_qdisc', ignoring: No such file or directory"

Change-Id: I970dc97fc0771b1ef3fce1ef05b5f6a2d6b22778

3 years agodelayed: remove unused file 84/248884/1 accepted/tizen/unified/20201207.123254 submit/tizen/20201203.052657
INSUN PYO [Thu, 3 Dec 2020 04:30:38 +0000 (13:30 +0900)]
delayed: remove unused file

Change-Id: Ifacc46fcc5c7ec7bb52f9b4f47ed5ea98aa5fd5a

3 years agoDelayed target: add delaying the start of delayed.target #2 08/248408/3 submit/tizen/20201127.004502
INSUN PYO [Thu, 26 Nov 2020 05:21:57 +0000 (14:21 +0900)]
Delayed target: add delaying the start of delayed.target #2

Delay time is also applied to user systemd.
System systemd is already applied.

Change-Id: I8da0c1f224a74d45badd82f2ac1dda13cb8febbb

3 years agosd-device-enumerator: do not return error when a device is removed 61/248361/1
INSUN PYO [Thu, 19 Nov 2020 01:49:04 +0000 (10:49 +0900)]
sd-device-enumerator: do not return error when a device is removed

If /sys/class/OOO node is created and destroyed during booting (kernle driver initialization fails),
systemd-udev-trigger.service fails due to race condition.

***** race condition ***********************************************************************************
 1. kernel driver create /sys/class/OOO
 2. systemd-udev-trigger.service execues "/usr/bin/udevadm trigger --type=devices --action=add"

 3. device_enumerator_scan_devices() => enumerator_scan_devices_all() => enumerator_scan_dir("class") =>
    opendir("/sys/class") and iterate all subdirs ==> enumerator_scan_dir_and_add_devices("/sys/class/OOO")

 4. kernel driver fails and destroy /sys/class/OOO
 5. enumerator_scan_dir_and_add_devices("/sys/class/OOO") fails in opendir("/sys/class/OOO")

 6. "systemd-udev-trigger.service" fails
 7. udev coldplug fails and some device units not ready
 8. mount units asociated with device units fail
 9. local-fs.target fails
 10. enters emergency mode
********************************************************************************************************

***** status of systemd-udev-trigger.service unit ******************************************************
$ systemctl status systemd-udev-trigger.service
 systemd-udev-trigger.service - udev Coldplug all Devices
   Loaded: loaded (/usr/lib/systemd/system/systemd-udev-trigger.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2020-01-02 13:16:54 KST; 22min ago
     Docs: man:udev(7)
           man:systemd-udevd.service(8)
  Process: 2162 ExecStart=/usr/bin/udevadm trigger --type=subsystems --action=add (code=exited, status=0/SUCCESS)
  Process: 2554 ExecStart=/usr/bin/udevadm trigger --type=devices --action=add (code=exited, status=1/FAILURE)
  Main PID: 2554 (code=exited, status=1/FAILURE)

  Jan 02 13:16:54 localhost udevadm[2554]: Failed to scan devices: No such file or directory
  Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Main process exited, code=exited, status=1/FAILURE
  Jan 02 13:16:54 localhost systemd[1]: systemd-udev-trigger.service: Failed with result 'exit-code'.
  Jan 02 13:16:54 localhost systemd[1]: Failed to start udev Coldplug all Devices.
*******************************************************************************************************

***** journal log with Environment=SYSTEMD_LOG_LEVEL=debug in systemd-udev-trigger.service  ***********
  Jan 01 21:57:20 localhost udevadm[2039]: sd-device-enumerator: Scanning /sys/bus
  Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scan all dirs
  Jan 01 21:57:20 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/bus
  Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Scanning /sys/class
  Jan 01 21:57:21 localhost udevadm[2522]: sd-device-enumerator: Failed to scan /sys/class: No such file or directory
  Jan 01 21:57:21 localhost udevadm[2522]: Failed to scan devices: No such file or directory
*******************************************************************************************************

Change-Id: Iefc64406a72e5facf1f9c48ea2f36fdadf18891d

3 years agospec: fix typo in %postun script 80/247880/1
INSUN PYO [Wed, 18 Nov 2020 04:07:24 +0000 (13:07 +0900)]
spec: fix typo in %postun script

Change-Id: Ib4b6481a67646e02f59a622c42ca84f26616a394

3 years agoDelayed target: add delaying the start of delayed.target 75/246175/6 accepted/tizen/unified/20201113.130833 submit/tizen/20201112.063443
INSUN PYO [Mon, 26 Oct 2020 09:14:28 +0000 (18:14 +0900)]
Delayed target: add delaying the start of delayed.target

If /etc/systemd/delayed-target.conf exists and has DelayedTargetWait environment value,
delayed.target starts after DelayedTargetWait seconds.

If the /tmp/.systemd_delayed_target_wait file is created within the delayed time,
delayed.target starts immediately.

Change-Id: I4ad1ff6a8084ed9db7d630f533a9348b41decbf0

4 years agopackaging: Align alternatives setup with fedora-recommended scheme 95/246195/3 accepted/tizen/unified/20201106.130134 submit/tizen/20201103.015640 submit/tizen/20201104.011652
Karol Lewandowski [Mon, 26 Oct 2020 14:37:15 +0000 (15:37 +0100)]
packaging: Align alternatives setup with fedora-recommended scheme

Change-Id: I5ff9241180d32fb936a19dadfea9fa7d174a1dee

4 years agoAdd an api for early initialization of input udev 21/246321/3 accepted/tizen/unified/20201103.051952 submit/tizen/20201030.074029 submit/tizen/20201102.045342
Hyotaek Shim [Wed, 28 Oct 2020 07:36:05 +0000 (16:36 +0900)]
Add an api for early initialization of input udev

KERNEL[3.864698] add      /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2
UDEV  [6.541278] add      /devices/virtual/rc/rc1/input2 (input)
DEVPATH=/devices/virtual/rc/rc1/input2

For fast input accessing, input udev should be set up early,
so that udev_device_get_is_initialized(input_udev_dev) check can be skipped before UDEV [6.541278].

Change-Id: I8182f856b0169f9c434bb360a49cfef109485c94
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
4 years agoRestore 'Default Dependendies' to system-default-target-done.service and system-delay... 31/245431/2 submit/tizen/20201027.002610
INSUN PYO [Thu, 8 Oct 2020 10:24:47 +0000 (19:24 +0900)]
Restore 'Default Dependendies' to system-default-target-done.service and system-delayed-target-trigger.service

Add 'Requires=sysinit.target' and 'After=sysinit.target basic.target'

Two dependencies prevent those service from running in emergency mode,
because sysinit.target always fails in emergency mode.

Change-Id: I7602100652f478b3d66fcba215659f39a63694e2

4 years agoEmergency mode: add emergency-target-holder.service 26/245326/4
INSUN PYO [Wed, 7 Oct 2020 03:13:45 +0000 (12:13 +0900)]
Emergency mode: add emergency-target-holder.service

The emergency-target-holder.service prevents emergency.target from completing.
If emergency.target is not completed,
other services that are not intended can not be run in emergency mode.

Detailed information.
============================================================================================================================
1. If local-fs.target fails, emergency.target is started by 'OnFailure=emergency.target'.

2. By 'OnFailureJobMode=replace-irreversibly' option,
   emergency.target cannot be canceled until completion.

3. When starting a new service by any activation(dbus, path, socket) in emergency mode,
   sysinit.target is always checked and started by 'DefaultDependency=yes'.

4. sysinit.target stops emergency.target because of the 'Conflicts=emergency.target' setting.

5. However, emergency.target can not be stopped
   because it started with 'replace-irreversibly' and not finished yet.

6. So sysinit.target can not be started.

7. New service can not be run because sysinit.target could not be started.
============================================================================================================================

Logs when running new services after applying this patch
=============================================================================================================================
bash-3.2# systemctl start deviced.service
Failed to start deviced.service: Transaction for deviced.service/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status deviced.service' for details.

bash-3.2# systemctl start sysinit.target
Failed to start sysinit.target: Transaction for sysinit.target/start is destructive (emergency.target has 'start' job queued, but 'stop' is included in transaction).
See system logs and 'systemctl status sysinit.target' for details.
==============================================================================================================================

Change-Id: I2cefadd7228d463fe1755e0c475f4563d98c8260

4 years agopackaging: Fixup removal of pamconsole-tmp.conf 25/245625/1
Karol Lewandowski [Tue, 13 Oct 2020 08:52:24 +0000 (10:52 +0200)]
packaging: Fixup removal of pamconsole-tmp.conf

Change-Id: Id8c736f5d00823a67446df98e19f8e9faa6536ca

4 years agoRemove unused file pamconsole-tmp.conf 23/245423/1
INSUN PYO [Thu, 8 Oct 2020 10:06:46 +0000 (19:06 +0900)]
Remove unused file pamconsole-tmp.conf

Change-Id: I0c737140c57588a2e8dc936b0e371040ab20e3d2

4 years agopackaging: Ensure systemd-shutdown is owned by systemd 73/245073/1 accepted/tizen_6.0_unified_hotfix tizen_6.0_hotfix accepted/tizen/6.0/unified/20201030.103459 accepted/tizen/6.0/unified/hotfix/20201103.045313 accepted/tizen/unified/20201005.101323 submit/tizen/20200930.122135 submit/tizen_6.0/20201029.205504 submit/tizen_6.0_hotfix/20201102.192904 submit/tizen_6.0_hotfix/20201103.115104 tizen_6.0.m2_release
Karol Lewandowski [Wed, 30 Sep 2020 11:37:47 +0000 (13:37 +0200)]
packaging: Ensure systemd-shutdown is owned by systemd

Change-Id: I37ced8706c8bb86e465226b01fffe9976edbf08c

4 years agopackaging: Drop unused kernel-install utility 79/244979/1
Karol Lewandowski [Mon, 28 Sep 2020 13:53:24 +0000 (15:53 +0200)]
packaging: Drop unused kernel-install utility

Change-Id: I73301481613fbefc77374fcc42297d10eebe3795

4 years agoAlternativize shutdown command et al. 80/244680/2
Mateusz Majewski [Thu, 17 Sep 2020 05:50:10 +0000 (07:50 +0200)]
Alternativize shutdown command et al.

Change-Id: I43030af64c1791ffbc99aeb3906a5517edbd3670

4 years agopackaging: Do not require WITH_... macros to be explicitly defined 35/244635/2 accepted/tizen/unified/20200925.140238 submit/tizen/20200924.053356
Karol Lewandowski [Tue, 22 Sep 2020 13:52:02 +0000 (15:52 +0200)]
packaging: Do not require WITH_... macros to be explicitly defined

Change-Id: I1496d79b626da11085caceec32e1748bb5b16836

4 years agospec: fix feature macro typo 23/244623/4
INSUN PYO [Tue, 22 Sep 2020 11:33:59 +0000 (20:33 +0900)]
spec: fix feature macro typo

Change-Id: Ifccdcf1561a32d04526d8ccf8ea76586b5a1c85c

4 years agoDisable virtualization feature 95/244395/5 accepted/tizen/unified/20200923.024119 submit/tizen/20200922.102932
INSUN PYO [Fri, 18 Sep 2020 06:04:53 +0000 (15:04 +0900)]
Disable virtualization feature

1. Tizen does not support continer and vm.

2. Resolving Smack error.
==========================================================================================
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322
Jan 01 09:00:19 localhost audit[591]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=591 comm="systemd" name="sched" dev="proc" ino=12322

Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="environ" dev="proc" ino=12572
Jan 01 09:00:19 localhost audit[535]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=535 comm="tlm-sessiond" name="sched" dev="proc" ino=12322

Jan 01 09:00:30 localhost audit[949]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System::Privileged" requested=r pid=949 comm="systemctl" name="sched" dev="proc" ino=12322
==========================================================================================

Change-Id: I8b947a0de6c030fa7dd4f8d8b080b1f7783a4010

4 years agospec: disable ldconfig feature 70/244570/1
INSUN PYO [Tue, 22 Sep 2020 04:32:57 +0000 (13:32 +0900)]
spec: disable ldconfig feature

A ldconfig.service is not able to run because / is mounted as RO.

Change-Id: I36d579b147a74df2a2efb0349958f76f65f710a0

4 years agoAdd Conflicts=emergency.service in system-delayed-target-trigger.service 28/242528/1 accepted/tizen/unified/20200828.121457 submit/tizen/20200827.121012
Hyotaek Shim [Thu, 27 Aug 2020 11:42:09 +0000 (20:42 +0900)]
Add Conflicts=emergency.service in system-delayed-target-trigger.service

Change-Id: Ib742d57963db8cfba2a091d4de1562ab0b95fc7a
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
4 years agoDo not log reboots to utmp 18/241218/1 accepted/tizen/unified/20200820.034651 accepted/tizen/unified/20200824.025956 submit/tizen/20200819.013928 submit/tizen/20200820.014911
Karol Lewandowski [Tue, 18 Aug 2020 20:51:28 +0000 (22:51 +0200)]
Do not log reboots to utmp

This functionality is not used by Tizen services.  Users can find
reboots using standard log facilities (journal).

Change-Id: Ie8926606ebb386684ba321ef4560eaec9143e4cf

4 years agoFix wait-target-done.c 34/237934/4 sandbox/songinha/history accepted/tizen/unified/20200721.142303 submit/tizen/20200707.064531 submit/tizen/20200713.021000
Youngjae Cho [Mon, 6 Jul 2020 23:22:57 +0000 (08:22 +0900)]
Fix wait-target-done.c

1. Change inotify fd to nonblock.
2. Change timeout to use alarm(). And make it encompass
   the whole process, which now includes wd allocation.
3. Add dependency with tlm.service to
   system-delayed-target-trigger.service
4. Add journal log.

Change-Id: Ibec5e4f4030e26235dbba6610a5142d0e29e423f
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
4 years agoRemove unused systemd-remount-fs.service and systemd-fstab-generator 72/237072/1 accepted/tizen/unified/20200625.110525 accepted/tizen/unified/20200703.014557 submit/tizen/20200625.013725 submit/tizen/20200702.060520
INSUN PYO [Wed, 24 Jun 2020 23:57:14 +0000 (08:57 +0900)]
Remove unused systemd-remount-fs.service and systemd-fstab-generator

Tizen no longer uses /etc/fstab.
So we don't need systemd-remount-fs.service and systemd-fstab-generager to handle /etc/fstab.

Change-Id: I64a3655f69f80d161b00fad40aef6b0235e71977

4 years agospec: remove unused service 96/236696/2
INSUN PYO [Fri, 19 Jun 2020 10:05:51 +0000 (19:05 +0900)]
spec: remove unused service

 - /usr/lib/systemd/systemd-volatile-root
 - /usr/lib/systemd/system/systemd-volatile-root.service

Change-Id: Ib3cf266a5ed7bc53ee16a97d7514bfb0bcabd498

4 years agoApply SmackProcessLabel=System to system-update-cleanup.service 86/236686/1
INSUN PYO [Fri, 19 Jun 2020 08:38:02 +0000 (17:38 +0900)]
Apply SmackProcessLabel=System to system-update-cleanup.service

Change-Id: Ie8fd3b105508ff233d28c9f7e8f97beb12d1b1d7

4 years agoApply SmackProcessLabel=System to systemd-boot-check-no-failures.service 66/236666/1 accepted/tizen/unified/20200625.110600 submit/tizen/20200622.002220
INSUN PYO [Fri, 19 Jun 2020 07:07:05 +0000 (16:07 +0900)]
Apply SmackProcessLabel=System to systemd-boot-check-no-failures.service

Change-Id: I25ff0d8d40a64ee9e9faa87db5ff2ce09bc9e976

4 years agospec: disable hibernate feature 63/236663/1
INSUN PYO [Fri, 19 Jun 2020 06:44:15 +0000 (15:44 +0900)]
spec: disable hibernate feature

Change-Id: Iecb223fc98412d8635b724ca6fc8952457820e45

4 years agospec: disable EFI feature 68/236568/5
INSUN PYO [Thu, 18 Jun 2020 06:35:09 +0000 (15:35 +0900)]
spec: disable EFI feature

Change-Id: Ia4b0612f77c5bde4615af615bf8747168bb9abda

4 years agoApply SmackProcessLabel=System to systemd-OOO.service 66/236566/3
INSUN PYO [Thu, 18 Jun 2020 06:24:09 +0000 (15:24 +0900)]
Apply SmackProcessLabel=System to systemd-OOO.service

 - systemd-exit.service
 - systemd-poweroff.service
 - systemd-reboot.service

Change-Id: Ic5cde17a34fd75ca0157a56dc66534f23db62a15

4 years agoRevert: Mask individual .wants/.requires symlinks v2 58/236558/1 accepted/tizen/unified/20200619.121755 submit/tizen/20200618.104247
ingi2-kim [Wed, 10 Jun 2020 10:33:11 +0000 (19:33 +0900)]
Revert: Mask individual .wants/.requires symlinks v2

Fix issue that drop-in was not applied

Change-Id: I2ed5723a75cf0a5da6bd53faa9713a603985da7b
Signed-off-by: ingi2-kim <ingi2.kim@samsung.com>
4 years agoRevert "test: add test for prefix unit loading" 82/236082/3 submit/tizen/20200617.084905
Adrian Szyndela [Fri, 12 Jun 2020 13:06:54 +0000 (15:06 +0200)]
Revert "test: add test for prefix unit loading"

This reverts commit 7ce49e656b1377713ade999dfe381807a78313cd.

The previous revert (6927aa2bc09726ff1f071770a8ce0c2ea6430b6b)
reverts more than it is described within its description. As it is
a base for some of subsequent commits in the upstream, they are
silently removed, probably because of conflict resolving.

Prefix unit loading is a feature that is a victim of such silent removal.
Therefore, the feature test is also (temporarily, I hope) removed with
this commit.

Change-Id: Ie82e5a54852ea08c8b3f0561f304fab6f3434aaf

4 years agoRevert: Mask individual .wants/.requires symlinks 82/235882/4
ingi2-kim [Mon, 8 Jun 2020 08:11:34 +0000 (17:11 +0900)]
Revert: Mask individual .wants/.requires symlinks

Revert below patches due to performance issue (Avoid increasing IO count)

Refer : https://github.com/systemd/systemd/pull/5231
 - core/load-dropin: add more sanity checks on .wants/.requires symlinks
 - core: drop code that is now unused
 - core: implement masking of .wants/.requires symlinks
 - core: when loading .wants and .requires, follow the same logic as .d conf dropins

Change-Id: I9f6712d9df2c6bb25ab736ae6b6d1f5adbf2a691
Signed-off-by: ingi2-kim <ingi2.kim@samsung.com>
4 years agoRevert: Rework unit loading to take into account all aliases 73/236473/1
INSUN PYO [Tue, 9 Jun 2020 00:55:24 +0000 (09:55 +0900)]
Revert: Rework unit loading to take into account all aliases

Revert below patches due to increasing unit loading time (UnitsLoadFinishTimestamp - UnitsLoadStartTimestamp)

Refer: https://github.com/systemd/systemd/pull/13119/commits
 - test-unit-file: allow printing of information about specific units
 - pid1: drop unit caches only based on mtime
 - analyze: add "unit-files" to dump the unit fragment map
 - core: restore initialization of u->source_mtime
 - pid1: use a cache for all unit aliases
 - shared/unit-file: add a function to validate unit alias symlinks
 - TEST-15-DROPIN: add test for details of unit aliasing

Change-Id: I1bff89f5851544cda7522bd3ceb398499dac57d4

4 years agoApply ASLR for send-booting-done and wait-target-done 63/235863/2 accepted/tizen/unified/20200611.134758 submit/tizen/20200610.110735
Hyotaek Shim [Wed, 10 Jun 2020 10:56:29 +0000 (19:56 +0900)]
Apply ASLR for send-booting-done and wait-target-done

Change-Id: I80b6c67671a4c8ebb1cb4afa5d8065a164554800
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
4 years agoRevert "core/path: fix spurious triggering of PathExists= on restart/reload" 99/233699/1 accepted/tizen/unified/20200609.153536 submit/tizen/20200518.101955 submit/tizen/20200608.114627
INSUN PYO [Mon, 18 May 2020 09:21:13 +0000 (18:21 +0900)]
Revert "core/path: fix spurious triggering of PathExists= on restart/reload"

This reverts commit d7cf8c24d4ef6ed4c9d711ee82ba57a529baad34.

Change-Id: Ice828460a04862ad41495826566c0be1485bce63

4 years agoFix delayed.target 36/232536/6
Youngjae Cho [Wed, 6 May 2020 06:39:03 +0000 (15:39 +0900)]
Fix delayed.target

Add binary wait-target-done.c for waiting creation of *.done file.

Change-Id: I0d87c574086073b28aa52dccca3e760914e2abbd
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
4 years agoDelayed target: check interval is changed from 1 second to 0.2 seconds. 15/231315/1 submit/tizen/20200429.062821
INSUN PYO [Tue, 21 Apr 2020 07:11:15 +0000 (16:11 +0900)]
Delayed target: check interval is changed from 1 second to 0.2 seconds.

Change-Id: I2206ada9509d503ac02733d0cb0c1539d932b184
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
4 years agospec: fix indent in systemd.spec 88/230888/5
INSUN PYO [Thu, 16 Apr 2020 00:04:39 +0000 (09:04 +0900)]
spec: fix indent in systemd.spec

Change-Id: I7b48f4cd8e66e3c52a23305d48466c75e5443845
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
4 years agotest-bus-async-match: remove unused variables 76/230976/1
Adrian Szyndela [Thu, 16 Apr 2020 08:52:54 +0000 (10:52 +0200)]
test-bus-async-match: remove unused variables

Change-Id: I0b900a9b0b04767123110ebcb88174d45fdc8ca3

4 years agosdbus: kdbus tests: improve mt-safety 28/230828/4
Maciej Slodczyk [Tue, 14 Apr 2020 10:54:12 +0000 (12:54 +0200)]
sdbus: kdbus tests: improve mt-safety

Change-Id: I09d0eea89920d3af549f2e10b2a1dbdd7a9b4cf2
Signed-off-by: Maciej Slodczyk <m.slodczyk2@partner.samsung.com>