Revert one patch that is causing selinux troubles

4047e4fb7b got things very wrong.
The trick with "[ $1 -eq 1 ]" doesn't work for transaction triggers
because the argument is not provided by rpm. We need to use a state
file to propagate the information from %post to %posttrans.

(cherry picked from commit bab6dfc23a)

0001-Revert-units-allow-systemd-userdbd-to-change-process.patch

@@ -0,0 +1,28 @@
+From cc89389775b230e51d6e7a7e3e65f8a1928dbf2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 2 Feb 2023 13:03:32 +0100
+Subject: [PATCH] Revert "units: allow systemd-userdbd to change process name"
+
+This reverts commit 9357d2342981a8b4fcfa2d170b7749c27d364fdd.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2166509
+---
+ units/systemd-userdbd.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in
+index b57661100c..84dea04f55 100644
+--- a/units/systemd-userdbd.service.in
++++ b/units/systemd-userdbd.service.in
+@@ -16,7 +16,7 @@ Before=sysinit.target
+ DefaultDependencies=no
+ 
+ [Service]
+-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE
++CapabilityBoundingSet=CAP_DAC_READ_SEARCH
+ ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd
+ IPAddressDeny=any
+ LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
+-- 
+2.39.1
+

sources

@@ -1 +1 @@
-SHA512 (systemd-250.3.tar.gz) = 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5
+SHA512 (systemd-250.10.tar.gz) = 1453be225411af46670852d6f7fb64e6b8b85a1bc521fafbc0134f2107145997fb241a88e1018a029b73bcd74bb79ebe67b71507f8d90c3921bc39fd486f1799

split-files.py

@@ -28,7 +28,7 @@ o_resolve = open('.file-list-resolve', 'w')
 o_tests = open('.file-list-tests', 'w')
 o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
 o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
-o_rest = open('.file-list-rest', 'w')
+o_main = open('.file-list-main', 'w')
 for file in files(buildroot):
     n = file.path[1:]
     if re.match(r'''/usr/(share|include)$|
@@ -58,7 +58,11 @@ for file in files(buildroot):
         o = o_rpm_macros
     elif '/usr/lib/systemd/tests' in n:
         o = o_tests
-    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
+    elif re.search(r'/libsystemd-shared-.*\.so$', n):
+        o = o_main
+    elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
+        o = o_udev
+    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n):
         o = o_devel
     elif re.search(r'''journal-(remote|gateway|upload)|
                        systemd-remote\.conf|
@@ -66,6 +70,7 @@ for file in files(buildroot):
                        /var/log/journal/remote
     ''', n, re.X):
         o = o_remote
+
     elif re.search(r'''mymachines|
                        machinectl|
                        systemd-nspawn|
@@ -77,12 +82,16 @@ for file in files(buildroot):
                        org.freedesktop.(import|machine)1
     ''', n, re.X):
         o = o_container
+
     elif re.search(r'''/usr/lib/systemd/network/80-|
                        networkd|
                        networkctl|
-                       org.freedesktop.network1
+                       org.freedesktop.network1|
+                       systemd\.network|
+                       systemd\.netdev
     ''', n, re.X):
         o = o_networkd
+
     elif '.so.' in n:
         o = o_libs
 
@@ -101,8 +110,8 @@ for file in files(buildroot):
                        modules-load|
                        timesync|
                        crypttab|
+                       cryptenroll|
                        cryptsetup|
-                       libcryptsetup-token-systemd|
                        kmod|
                        quota|
                        pstore|
@@ -152,7 +161,7 @@ for file in files(buildroot):
             assert False, 'Found .standalone not belonging to known packages'
 
     else:
-        o = o_rest
+        o = o_main
 
     if n in known_files:
         prefix = ' '.join(known_files[n].split()[:-1])

systemd.spec

@@ -30,8 +30,8 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 %if %{without inplace}
-Version:        250.3
-Release:        3%{?dist}
+Version:        250.10
+Release:        2%{?dist}
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -88,15 +88,17 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 
 # Backports of patches from upstream (0000–0499)
 #
-# Any patches which are "in preparation" upstream should be listed
-# here, rather than in the next section. Packit CI will drop any
-# patches in this range before applying upstream pull requests.
+# Any patches which are "in preparation" upstream should be listed here, rather
+# than in the next section. Packit CI will drop any patches in this range before
+# applying upstream pull requests.
 
+Patch0001:      0001-Revert-units-allow-systemd-userdbd-to-change-process.patch
 
-# Downstream-only patches (5000–9999)
+# This is a downstream-only patch, but we don't want it in packit builds.
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
-Patch0500:      use-bfq-scheduler.patch
+Patch0499:      use-bfq-scheduler.patch
 
+# Other downstream-only patches (5000–9999)
 # https://github.com/systemd/systemd/pull/17050
 Patch0501:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
@@ -173,12 +175,9 @@ BuildRequires:  perl
 BuildRequires:  perl(IPC::SysV)
 
 Requires(post): coreutils
-Requires(post): sed
-Requires(post): acl
 Requires(post): grep
 # systemd-machine-id-setup requires libssl
 Requires(post): openssl-libs
-Requires(pre):  coreutils
 Requires:       dbus >= 1.9.18
 Requires:       %{name}-pam = %{version}-%{release}
 Requires:       (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
@@ -198,6 +197,8 @@ Provides:       system-setup-keyboard = 0.9
 Obsoletes:      systemd-sysv < 206
 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394)
 Obsoletes:      %{name} < 249~~
+# https://bugzilla.redhat.com/show_bug.cgi?id=2051019
+Conflicts:      %{name}-udev < %{version}-%{release}
 Provides:       systemd-sysv = 206
 Conflicts:      initscripts < 9.56.1
 %if 0%{?fedora}
@@ -206,9 +207,9 @@ Conflicts:      fedora-release < 23-0.12
 Obsoletes:      timedatex < 0.6-3
 Provides:       timedatex = 0.6-3
 Conflicts:      %{name}-standalone-tmpfiles < %{version}-%{release}^
-Obsoletes:      %{name}-standalone-tmpfiles < %{version}-%{release}^
+Provides:       %{name}-tmpfiles = %{version}-%{release}
 Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
-Obsoletes:      %{name}-standalone-sysusers < %{version}-%{release}^
+Provides:       %{name}-sysusers = %{version}-%{release}
 
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 Recommends:     libidn2.so.0%{?elf_suffix}
@@ -255,10 +256,6 @@ Obsoletes:      systemd-compat-libs < 230
 Obsoletes:      nss-myhostname < 0.4
 Provides:       nss-myhostname = 0.4
 Provides:       nss-myhostname%{_isa} = 0.4
-Requires(post): coreutils
-Requires(post): sed
-Requires(post): grep
-Requires(post): /usr/bin/getent
 
 %description libs
 Libraries for systemd and udev.
@@ -310,6 +307,8 @@ Obsoletes:      systemd < 245.6-1
 Provides:       udev = %{version}
 Provides:       udev%{_isa} = %{version}
 Obsoletes:      udev < 183
+# https://bugzilla.redhat.com/show_bug.cgi?id=2051019
+Conflicts:      %{name} < %{version}-%{release}
 
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
@@ -399,12 +398,11 @@ devices.
 
 %package resolved
 Summary:        Network Name Resolution manager
-Requires(post): %{name}
-Requires(post): grep
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 Obsoletes:      %{name} < 249~~
 Requires:       libidn2.so.0%{?elf_suffix}
 Requires:       libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
+Requires(posttrans): grep
 
 %description resolved
 systemd-resolved is a system service that provides network name resolution to
@@ -432,6 +430,7 @@ useful to test systemd internals.
 
 %package standalone-tmpfiles
 Summary:       Standalone tmpfiles binary for use in non-systemd systems
+Provides:      %{name}-tmpfiles = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-tmpfiles
@@ -441,6 +440,7 @@ package and is meant for use in non-systemd systems.
 
 %package standalone-sysusers
 Summary:       Standalone sysusers binary for use in non-systemd systems
+Provides:      %{name}-sysusers = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-sysusers
@@ -526,7 +526,7 @@ CONFIGURE_OPTS=(
         -Dversion-tag=v%{version}-%{release}
         -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"]
         -Ddefault-dnssec=no
-        -Ddefault-dns-over-tls=opportunistic
+        -Ddefault-dns-over-tls=no
         # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
         -Ddefault-mdns=no
         -Ddefault-llmnr=resolve
@@ -695,10 +695,10 @@ python3 %{SOURCE2} %buildroot <<EOF
 /usr/lib/systemd/purge-nobody-user
 %ghost %config(noreplace) /etc/vconsole.conf
 %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf
-%ghost %attr(0664,root,utmp) /run/utmp
-%ghost %attr(0664,root,utmp) /var/log/wtmp
-%ghost %attr(0660,root,utmp) /var/log/btmp
-%ghost %attr(0664,root,utmp) %verify(not md5 size mtime) /var/log/lastlog
+%ghost %attr(0664,root,root) %verify(not group) /run/utmp
+%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp
+%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp
+%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog
 %ghost %config(noreplace) /etc/hostname
 %ghost %config(noreplace) /etc/localtime
 %ghost %config(noreplace) /etc/locale.conf
@@ -718,7 +718,7 @@ python3 %{SOURCE2} %buildroot <<EOF
 %ghost %dir /var/lib/systemd/linger
 %ghost /var/lib/systemd/random-seed
 %ghost %dir /var/lib/systemd/rfkill
-%ghost %dir %attr(2755, root, systemd-journal) %verify(not mode) /var/log/journal
+%ghost %dir %verify(not mode group) /var/log/journal
 %ghost %dir /var/log/journal/remote
 %ghost %attr(0700,root,root) %dir /var/log/private
 EOF
@@ -826,27 +826,6 @@ fi
 # a different package version.
 systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
 
-%post libs
-%{?ldconfig}
-
-# check if nobody or nfsnobody is defined
-export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
-if getent passwd nfsnobody &>/dev/null; then
-   test -f /etc/systemd/dont-synthesize-nobody || {
-       echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody'
-       mkdir -p /etc/systemd || :
-       : >/etc/systemd/dont-synthesize-nobody || :
-   }
-elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then
-   test -f /etc/systemd/dont-synthesize-nobody || {
-       echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody'
-       mkdir -p /etc/systemd || :
-       : >/etc/systemd/dont-synthesize-nobody || :
-   }
-fi
-
-%{?ldconfig:%postun libs -p %ldconfig}
-
 %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service}
 
 %post udev
@@ -939,7 +918,10 @@ if [ $1 -eq 0 ] ; then
 fi
 
 %post resolved
-[ $1 -gt 1 ] && exit 0
+[ $1 -eq 1 ] || exit 0
+# Initial installation
+
+touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
 
 # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
 if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
@@ -949,11 +931,18 @@ fi
 
 %systemd_post systemd-resolved.service
 
+%posttrans resolved
+[ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0
+rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
+# Initial installation
+
 # Create /etc/resolv.conf symlink.
-# We would also create it using tmpfiles, but let's do this here
-# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
-# does not do this, because it's marked with ! and we don't specify --boot.)
-# https://bugzilla.redhat.com/show_bug.cgi?id=1873856
+# (https://bugzilla.redhat.com/show_bug.cgi?id=1873856)
+#
+# We would also create it using tmpfiles, but let's do this here too
+# before NetworkManager gets a chance. (systemd-tmpfiles invocation
+# above does not do this, because the line is marked with ! and
+# tmpfiles is invoked without --boot in the scriptlet.)
 #
 # *Create* the symlink if nothing is present yet.
 # (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
@@ -968,17 +957,17 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
    ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null |
         grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$'; then
 
-  if ! test -e /etc/resolv.conf; then
-    ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+  if ! test -e /etc/resolv.conf && ! test -L /etc/resolv.conf; then
+    ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || :
   elif test -d /run/systemd/system/ &&
      ! mountpoint /etc/resolv.conf &>/dev/null; then
-    ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+    ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || :
   fi
 fi
 
 %global _docdir_fmt %{name}
 
-%files -f %{name}.lang -f .file-list-rest
+%files -f %{name}.lang -f .file-list-main
 %doc %{_pkgdocdir}
 %exclude %{_pkgdocdir}/LICENSE*
 # Only the licenses texts for the licenses in License line are included.
@@ -1031,6 +1020,66 @@ fi
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
+* Thu Feb  2 2023 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 250.10-2
+- Revert one patch that is causing selinux troubles (#2166509 reported in F37)
+
+* Wed Feb  1 2023 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 250.10-1
+- Various small fixes (compilation fixes with new kernel headers, gcc,
+  -D_FORTIFY_SOURCE=3, allow swap endianness change, fixes to output and logs,
+  various fixlets in systemd-resolved, other small issues).
+
+* Sun Jan 29 2023 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 250.10-1
+- Do not touch /etc/resolv.conf on upgrades (#2074122)
+
+* Tue Dec 20 2022 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 250.9-1
+- Latest bugfix release with a bunch of fixes (homed, networkd, manager,
+  resolved, documentation): rhbz#2133792, rhbz#2135778, rhbz#2152685,
+  and also #2031810, #2121106.
+- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel
+  setting
+
+* Thu Jul 14 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.8-1
+- Latest upstream bugfix version
+- Expose /usr/share/user-tmpfiles.d via pkgconfig (#2098553)
+
+* Thu Jun  2 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.7-1
+- A bunch of man page fixes, a few memory-access correctness fixes,
+  suppress messages about bpf setup in the user manager (#2084955)
+
+* Wed May 25 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.6-1
+- Latest upstream bugfix release (a bunch of memory accesses and leaks
+  fixed based on fuzzer reports, documentation clarifications,
+  #2038634, #2086166, #2084955, #2071034)
+- Add Conflicts for older systemd and systemd-udev versions to fix issue with
+  files being moved between subpackages (rhbz#2051019)
+- Supress errors from useradd/groupadd (#2090129)
+
+* Fri May 20 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.5-1
+- Latest upstream bugfix release (one was skipped because we were in freeze)
+- Run sysusers and hwdb and catalog updates also if systemd is not running
+  (#2085481)
+
+* Fri Mar 18 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-8
+- Fix the wrong file assignment done in previous version
+
+* Thu Mar 17 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-7
+- Move libcryptsetup plugins to -udev (#2064804)
+
+* Mon Mar 14 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 250.3-7
+- Disable default DNS over TLS (#1889901)
+
+* Thu Feb 24 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-6
+- Avoid trying to create the symlink if there's a dangling symlink already in
+  place (#2058388)
+
+* Wed Feb 23 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-5
+- Move part of %%post scriptlet for resolved to %%posttrans (#2018913)
+- Specify owner of utmp/wtmp/btmp/lastlog as root in the rpm listing
+
+* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-4
+- Drop scriptlet for handling nobody user upgrades from Fedora <28
+- Specify owner of /var/log/journal as root in the rpm listing (#2018913)
+
 * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-3
 - Add pam_namespace to systemd-user pam config (rhbz#2053098)
 

sysusers.generate-pre.sh

@@ -19,15 +19,15 @@ user() {
     if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
         cat <<EOF
 getent passwd '$user' >/dev/null || \\
-    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
+    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
 EOF
     else
         cat <<EOF
-if ! getent passwd '$user' >/dev/null ; then
-    if ! getent passwd '$uid' >/dev/null ; then
-        useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+if ! getent passwd '$user' >/dev/null; then
+    if ! getent passwd '$uid' >/dev/null; then
+        useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || :
     else
-        useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+        useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' || :
     fi
 fi
 
@@ -40,11 +40,11 @@ group() {
     gid="$2"
     if [ "$gid" = '-' ]; then
         cat <<-EOF
-	getent group '$group' >/dev/null || groupadd -r '$group'
+	getent group '$group' >/dev/null || groupadd -r '$group' || :
 	EOF
     else
         cat <<-EOF
-	getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
+	getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
 	EOF
     fi
 }

triggers.systemd

@@ -55,23 +55,17 @@ fi
 # This script will process files installed in /usr/lib/sysusers.d to create
 # specified users automatically. The priority is set such that it
 # will run before the tmpfiles file trigger.
-if test -d "/run/systemd/system"; then
-  systemd-sysusers || :
-fi
+systemd-sysusers || :
 
 %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
 # This script will automatically invoke hwdb update if files have been
 # installed or updated in /usr/lib/udev/hwdb.d.
-if test -d "/run/systemd/system"; then
-  systemd-hwdb update || :
-fi
+systemd-hwdb update || :
 
 %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
 # This script will automatically invoke journal catalog update if files
 # have been installed or updated in /usr/lib/systemd/catalog.
-if test -d "/run/systemd/system"; then
-  journalctl --update-catalog || :
-fi
+journalctl --update-catalog || :
 
 %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
 # This script will automatically apply binfmt rules if files have been

use-bfq-scheduler.patch

@@ -1,4 +1,4 @@
-From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
+From b506a814bdd5d86461d9e4087f99a05753b238e4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 14 Aug 2019 15:57:42 +0200
 Subject: [PATCH] udev: use bfq as the default scheduler
@@ -20,22 +20,21 @@ new file mode 100644
 index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,5 @@
 +# do not edit this file, it will be overwritten on update
 +
-+ACTION=="add", SUBSYSTEM=="block", \
++ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
-+  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
-index ca4445d774..38d6aa6970 100644
+index e6533e001a..bfa26904d0 100644
 --- a/rules.d/meson.build
 +++ b/rules.d/meson.build
-@@ -3,6 +3,7 @@
- rules = files('''
-         60-autosuspend.rules
-         60-block.rules
-+        60-block-scheduler.rules
-         60-cdrom_id.rules
-         60-drm.rules
-         60-evdev.rules
+@@ -7,6 +7,7 @@ install_data(
+ rules = files(
+         '60-autosuspend.rules',
+         '60-block.rules',
++        '60-block-scheduler.rules',
+         '60-cdrom_id.rules',
+         '60-drm.rules',
+         '60-evdev.rules',