v254 batch up to 8ce77b918e711b30a8e55e4f30ccf1a49dd0d623#462
Merged
bluca merged 22 commits intosystemd:v254-stablefrom Dec 22, 2024
Merged
v254 batch up to 8ce77b918e711b30a8e55e4f30ccf1a49dd0d623#462bluca merged 22 commits intosystemd:v254-stablefrom
bluca merged 22 commits intosystemd:v254-stablefrom
Conversation
TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from knot: notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0 Explicitly set nsec3-salt-length=8 to silence. (cherry picked from commit 59e5108) (cherry picked from commit 1b945fb) (cherry picked from commit 12686f3) (cherry picked from commit 6e5e510)
… containers have ambient caps: yes Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep Failed to drop auxiliary groups list: Operation not permitted Failed to change group ID: Operation not permitted Capabilities:cap_dac_override,cap_net_raw=ep Capabilities:cap_dac_override=ep Successfully forked off '(getambient)' as PID 12505. Skipping PR_SET_MM, as we don't have privileges. Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically. Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting. (getambient) terminated by signal ABRT. src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error Partially fixes #35552 (cherry picked from commit 058a076) (cherry picked from commit d80ab6a) (cherry picked from commit dbc8f9a) (cherry picked from commit 5c3f362)
…pace To reproduce, as an unprivileged user start a docker container and build and run the unit tests inside it: $ docker run --rm -ti debian:bookworm bash ... /* test_close_all_fds */ Successfully forked off '(caf-plain)' as PID 10496. Skipping PR_SET_MM, as we don't have privileges. (caf-plain) succeeded. Failed to fork off '(caf-noproc)': Operation not permitted Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting. Partially fixes #35552 (cherry picked from commit 630a2e7) (cherry picked from commit 5573ac7) (cherry picked from commit b8c8556) (cherry picked from commit 9818f55)
Document the fact that read-only properties may not have the flag SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the flag is accepted for writable properties. Based on the check in `add_object_vtable_internal` called by `sd_bus_add_object_vtable` (as of the current tip of the main branch f7f5ba0): case _SD_BUS_VTABLE_PROPERTY: { [...] if ([...] || [...] (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) { r = -EINVAL; goto fail; } (where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas `_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property). This was implemented in the commit adacb95 ("bus: introduce "trusted" bus concept and encode access control in object vtables") where `SD_BUS_VTABLE_UNPRIVILEGED` was introduced: Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note however that read access is unrestricted, as PropertiesChanged messages might send out the values anyway as an unrestricted broadcast. (cherry picked from commit 3ca09aa) (cherry picked from commit cd72703) (cherry picked from commit f694a84) (cherry picked from commit 0aea62b)
semaphore CI runs are always very close to the limit of 1hr, and often time out when it's particularly oversubscribed. Skip some low-value test cases to shorten the runtime. (cherry picked from commit e19cae1) (cherry picked from commit e768cf5) (cherry picked from commit 9552927) (cherry picked from commit f9033ba)
Initialize the start of the system-wide idle time with the time logind was initialized and not with the start of the Unix epoch. This means that systemd will not repport a unreasonable long idle time (around 54 years at the time of writing this), especially at in the early boot, while no login manager session, e.g,. gdm, had a chance to provide a more accurate start of the idle period. Fixes #35163 (cherry picked from commit 718b311) (cherry picked from commit 9d36809) (cherry picked from commit 77b963c) (cherry picked from commit cd6f07e)
…hin candidate to succeed quickly Fixes #22575, as suggested by poettering in #35514. Intended as a workaround for some buggy routers, which refuse to send empty replies. If systemd-resolved starts two DnsTransactions, one for A and one for AAAA, and the domain in question has no AAAA entry, then the server will send a reply for A and no reply for AAAA. Correct behavior for the server would be to send an empty reply for AAAA. systemd-resolved would previously keep retrying the AAAA transaction, and eventually timeout the whole query, returning an error to the caller. Now, if the server replies to one query and not another, we cut short the timeout and return the partial result. Returning the partial result allows the rest of the system to keep working. It matches how e.g. glibc libnss_dns behaves. (cherry picked from commit 0da73fa) (cherry picked from commit 1748265) (cherry picked from commit e65fd8e) (cherry picked from commit 3761ffa)
The issue is directly triggered by tzdata-2024b, where the setting of timezone started to fail and the tests stopped passing. But those timestamps in 1/1/1970 appear to have some problems already before: $ sudo date -s 'Thu 1970-01-01 13:00:01 WET' Thu Jan 1 03:00:01 PM EET 1970 $ sudo date -s 'Thu 1970-01-01 12:00:01 WET' date: cannot set date: Invalid argument Thu Jan 1 02:00:01 PM EET 1970 $ rpm -q tzdata tzdata-2024a-9.fc41.noarch The same issue appears with other timezones. So move the first timestamp one day forward to avoid the issue. After the previous problem is solved, we also get the problem already seen previously where the roundtrip returns a time that is off by one hour: @86401000000 → Fri 1970-01-02 00:00:01 WET → @82801000000 → Thu 1970-01-01 23:00:01 WET Assertion 'x / USEC_PER_SEC == y / USEC_PER_SEC' failed at src/test/test-time-util.c:415, function test_format_timestamp_impl(). Aborting. Extend the override to suppress this. (cherry picked from commit 3cf362f) (cherry picked from commit 43a99d4) (cherry picked from commit 98cf43b)
|
We were not able to find or create Copr project Unless the HTTP status code above is >= 500, please check your configuration for:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.