diff --git a/0001-journal-again-create-user-journals-for-users-with-hi.patch b/0001-journal-again-create-user-journals-for-users-with-hi.patch new file mode 100644 index 0000000..41e34b6 --- /dev/null +++ b/0001-journal-again-create-user-journals-for-users-with-hi.patch @@ -0,0 +1,58 @@ +From 87d4f23ce4f82c39890e094bee05098d3a99d8f0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 9 Jan 2024 11:28:04 +0100 +Subject: [PATCH] journal: again create user journals for users with high uids + +This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d +'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped +in an additional check of uid_is_container(uid). The problem is that that change +is not backwards-compatible at all and very hard for users to handle. +There is no common agreement on mappings of high-range uids. Systemd declares +ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/, +but this is only a recent change and various sites allocated those ranges +in a different way, in particular FreeIPA uses (used?) uids from this range +for human users. On big sites with lots of users changing uids is obviously a +hard problem. We generally assume that uids cannot be "freed" and/or changed +and/or reused safely, so we shouldn't demand the same from others. + +This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN / +SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing +huge problems for existing systems with were created with a different +definition and couldn't be easily updated. For that case, we added a +configuration time switch and we now parse /etc/login.defs to actually use the +value that is appropriate for the local system. + +Unfortunately, login.defs doesn't have a concept of container allocation ranges +(and we don't have code to parse and use those nonexistent names either), so we +can't tell users to adjust logind.defs to work around the changed definition. + +login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing, +because they are used to define where the add allocations for subuids, which is +generally a much smaller range. Maybe we should talk with other folks about +the appropriate allocation ranges and define some new settings in login.defs. +But this would require discussion and coordination with other projects first. + +Actualy, it seems that this change was needed at all. The code in the container +does not log to the outside journal. It talks to its own journald, which does +journal splitting using its internal logic based on shifted uids. So let's +revert the change to fix user systems. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843. +--- + src/basic/uid-alloc-range.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c +index 669cb6d56f..7b724b7959 100644 +--- a/src/basic/uid-alloc-range.c ++++ b/src/basic/uid-alloc-range.c +@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) { + + /* Returns true if the specified UID shall get its data stored in the system journal. */ + +- return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); ++ return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; + } +-- +2.46.0 + diff --git a/sources b/sources index 1482dea..22f3499 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a +SHA512 (systemd-254.20.tar.gz) = 072a5b516c74e7d53c459f22fee9efbf11bf4a9504ee6e60a9ae7075623487a0764b49d770205413c8662cdb9a467dabc3dae2ed07ccf313f24355e1edc3090c diff --git a/systemd.spec b/systemd.spec index b2d550a..6058e8f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,7 +35,7 @@ Name: systemd Url: https://systemd.io %if %{without inplace} -Version: 254.5 +Version: 254.20 %else # determine the build information from local checkout Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') @@ -124,8 +124,12 @@ Patch0012: 0003-ci-add-test-for-poll-limit.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2251843 +# https://github.com/systemd/systemd/pull/30846 +Patch0491: 0001-journal-again-create-user-journals-for-users-with-hi.patch + # Adjust upstream config to use our shared stack -Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch +Patch0492: fedora-use-system-auth-in-pam-systemd-user.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1070,6 +1074,24 @@ fi %preun networkd %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service +%postun networkd +%systemd_postun_with_restart systemd-networkd.service +%systemd_postun systemd-networkd-wait-online.service + +%post resolved +[ $1 -eq 1 ] || exit 0 +# Initial installation + +touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation + +# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 +if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then + echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." + exit 0 +fi + +%systemd_post systemd-resolved.service + %preun resolved if [ $1 -eq 0 ] ; then systemctl disable --quiet \ @@ -1085,19 +1107,8 @@ if [ $1 -eq 0 ] ; then fi fi -%post resolved -[ $1 -eq 1 ] || exit 0 -# Initial installation - -touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation - -# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263 -if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then - echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd." - exit 0 -fi - -%systemd_post systemd-resolved.service +%postun resolved +%systemd_postun_with_restart systemd-resolved.service %posttrans resolved [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0