Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2014-12-21 12:03:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd" Changes: -------- --- /work/SRC/openSUSE:Factory/systemd/systemd-mini.changes 2014-12-16 14:46:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.systemd.new/systemd-mini.changes 2014-12-21 12:02:25.000000000 +0100 @@ -1,0 +2,44 @@ +Thu Dec 18 13:47:36 UTC 2014 - [email protected] + +- Use Robert's latest patch + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + which drops NAMEPOLICY_KERNEL as this breaks all on current + systems out there + +------------------------------------------------------------------- +Wed Dec 17 14:57:42 UTC 2014 - [email protected] + +- remove 0022-systemd-tmpfiles-ownerkeep.patch since this is now + implemented into the systemd-tmpfiles binary +- add user based ignore statements in tmpfiles removal directives + (bnc#903009) + add systemd-add-user-keep.patch + +------------------------------------------------------------------- +Tue Dec 16 09:45:38 UTC 2014 - [email protected] + +- use --boot option in systemd-tmpfiles-setup-dev.service (bnc#908476) + add upstream patches: + 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch + 0002-man-tmpfiles.d-recommend-using-b-and-c.patch (adapted) + +------------------------------------------------------------------- +Tue Dec 16 08:59:08 UTC 2014 - [email protected] + +- Update patch + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + to Robert's version + +------------------------------------------------------------------- +Mon Dec 15 15:02:22 UTC 2014 - [email protected] + +- Add upstream patches + 0001-selinux-access-fix-broken-ternary-operator.patch + 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch + 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch + 0004-core-fix-transaction-destructiveness-check-once-more.patch +- Avoid old net devices naming scheme on openSUSE 13.2 and less + maybe caused by patch + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + +------------------------------------------------------------------- @@ -20 +63,0 @@ - 1097-udev-link_setup-respect-kernel-name-assign-policy.patch systemd.changes: same change Old: ---- 0022-systemd-tmpfiles-ownerkeep.patch New: ---- 0001-selinux-access-fix-broken-ternary-operator.patch 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch 0002-man-tmpfiles.d-recommend-using-b-and-c.patch 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch 0004-core-fix-transaction-destructiveness-check-once-more.patch systemd-add-user-keep.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.wv3j6z/_old 2014-12-21 12:02:32.000000000 +0100 +++ /var/tmp/diff_new_pack.wv3j6z/_new 2014-12-21 12:02:32.000000000 +0100 @@ -42,7 +42,6 @@ %bcond_with udevsettle %endif %bcond_with systemgrps -%{expand: %%global has_tmpkeep %(type -p systemd-tmpfiles-keep &>/dev/null && echo 1 || echo 0)} Name: systemd-mini Url: http://www.freedesktop.org/wiki/Software/systemd @@ -396,8 +395,6 @@ Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch # PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch [email protected] Patch183: 0001-add-network-device-after-NFS-mount-units.patch -# PATCH-FIX-SUSE 0022-systemd-tmpfiles-ownerkeep.patch -Patch184: 0022-systemd-tmpfiles-ownerkeep.patch # PATCH-FIX-SUSE systemd-powerd-initctl-support.patch Patch185: systemd-powerd-initctl-support.patch # PATCH-FIX-SUSE systemctl-set-default-target.patch @@ -1050,6 +1047,21 @@ Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch # PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709) Patch513: 513-nspawn-veth.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch +# PATCH-FIX-UPSTREAM added at 2014/12/16 +Patch518: 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch +# PATCH-FIX-UPSTREAM added at 2014/12/16 +Patch519: 0002-man-tmpfiles.d-recommend-using-b-and-c.patch +# PATCH-FIX-SUSE systemd-add-user-keep.patch (bnc#903009) +Patch520: systemd-add-user-keep.patch +# # UDEV PATCHES # ============ @@ -1593,9 +1605,6 @@ %patch181 -p1 %patch182 -p1 %patch183 -p1 -%if 0%{?has_tmpkeep} -%patch184 -p1 -%endif %patch185 -p1 %patch186 -p1 %patch187 -p1 @@ -1925,6 +1934,13 @@ %patch511 -p0 %patch512 -p0 %patch513 -p1 +%patch514 -p0 +%patch515 -p0 +%patch516 -p0 +%patch517 -p0 +%patch518 -p1 +%patch519 -p1 +%patch520 -p1 # udev patches %patch1001 -p1 ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.wv3j6z/_old 2014-12-21 12:02:32.000000000 +0100 +++ /var/tmp/diff_new_pack.wv3j6z/_new 2014-12-21 12:02:32.000000000 +0100 @@ -40,7 +40,6 @@ %bcond_with udevsettle %endif %bcond_with systemgrps -%{expand: %%global has_tmpkeep %(type -p systemd-tmpfiles-keep &>/dev/null && echo 1 || echo 0)} Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd @@ -391,8 +390,6 @@ Patch182: 0019-make-completion-smart-to-be-able-to-redirect.patch # PATCH-FIX-SUSE 0001-add-network-device-after-NFS-mount-units.patch [email protected] Patch183: 0001-add-network-device-after-NFS-mount-units.patch -# PATCH-FIX-SUSE 0022-systemd-tmpfiles-ownerkeep.patch -Patch184: 0022-systemd-tmpfiles-ownerkeep.patch # PATCH-FIX-SUSE systemd-powerd-initctl-support.patch Patch185: systemd-powerd-initctl-support.patch # PATCH-FIX-SUSE systemctl-set-default-target.patch @@ -1045,6 +1042,21 @@ Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch # PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709) Patch513: 513-nspawn-veth.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch +# PATCH-FIX-UPSTREAM added at 2014/12/16 +Patch518: 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch +# PATCH-FIX-UPSTREAM added at 2014/12/16 +Patch519: 0002-man-tmpfiles.d-recommend-using-b-and-c.patch +# PATCH-FIX-SUSE systemd-add-user-keep.patch (bnc#903009) +Patch520: systemd-add-user-keep.patch +# # UDEV PATCHES # ============ @@ -1588,9 +1600,6 @@ %patch181 -p1 %patch182 -p1 %patch183 -p1 -%if 0%{?has_tmpkeep} -%patch184 -p1 -%endif %patch185 -p1 %patch186 -p1 %patch187 -p1 @@ -1920,6 +1929,13 @@ %patch511 -p0 %patch512 -p0 %patch513 -p1 +%patch514 -p0 +%patch515 -p0 +%patch516 -p0 +%patch517 -p0 +%patch518 -p1 +%patch519 -p1 +%patch520 -p1 # udev patches %patch1001 -p1 ++++++ 0001-selinux-access-fix-broken-ternary-operator.patch ++++++ Based on 1e648011b20c8126412d3cf2699d575d9ba9e0fe Mon Sep 17 00:00:00 2001 From: Lukas Nykryn <[email protected]> Date: Fri, 21 Nov 2014 17:02:15 +0100 Subject: [PATCH] selinux-access: fix broken ternary operator it seems to be a typo introduced by ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602 - _r = selinux_access_check(_b, _m, _u->source_path ?:_u->fragment_path, (permission), &_error); \ + ({ Unit *_unit = (unit); selinux_generic_access_check(bus,message, _unit->fragment_path ?: _unit->fragment_path, permission,error); }) --- src/core/selinux-access.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- src/core/selinux-access.h +++ src/core/selinux-access.h 2014-12-15 11:49:54.521518349 +0000 @@ -34,7 +34,7 @@ int selinux_generic_access_check(sd_bus #define selinux_access_check(bus, message, permission, error) \ selinux_generic_access_check(bus, message, NULL, permission, error) #define selinux_unit_access_check(unit, bus, message, permission, error) \ - ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); }) + ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->source_path ?: _unit->fragment_path, permission, error); }) #else ++++++ 0001-units-tmpfiles-setup-dev-allow-unsafe-file-creation-.patch ++++++ >From 8c94052ee543c3598a3c7b0c46688150aa2c6168 Mon Sep 17 00:00:00 2001 From: Tom Gundersen <[email protected]> Date: Mon, 27 Oct 2014 17:15:42 +0100 Subject: [PATCH 1/2] units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot. --- units/systemd-tmpfiles-setup-dev.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in index f3833fd..0123a03 100644 --- a/units/systemd-tmpfiles-setup-dev.service.in +++ b/units/systemd-tmpfiles-setup-dev.service.in @@ -17,4 +17,4 @@ ConditionCapability=CAP_SYS_MODULE [Service] Type=oneshot RemainAfterExit=yes -ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create +ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create --boot -- 2.1.2 ++++++ 0002-man-tmpfiles.d-recommend-using-b-and-c.patch ++++++ diff -Naur systemd-210/man/tmpfiles.d.xml systemd-210-mod/man/tmpfiles.d.xml --- systemd-210/man/tmpfiles.d.xml 2014-12-16 10:16:51.269189374 +0100 +++ systemd-210-mod/man/tmpfiles.d.xml 2014-12-16 10:39:49.937552189 +0100 @@ -158,12 +158,18 @@ <varlistentry> <term><varname>c</varname></term> - <listitem><para>Create a character device node if it does not exist yet.</para></listitem> + <listitem><para>Create a character device node if it does not exist yet. + It is recommended to suffix this entry with an exclamation mark to only + create static device nodes at boot, as udev will not manage static device + nodes that are created at runtime.</para></listitem> </varlistentry> <varlistentry> <term><varname>b</varname></term> - <listitem><para>Create a block device node if it does not exist yet.</para></listitem> + <listitem><para>Create a block device node if it does not exist yet. + It is recommended to suffix this entry with an exclamation mark to only + create static device nodes at boot, as udev will not manage static device + nodes that re created at runtime.</para></listitem> </varlistentry> <varlistentry> ++++++ 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch ++++++ >From c469089cf647ac740c7dcf09c463d2907b6d00eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <[email protected]> Date: Sat, 22 Nov 2014 20:21:56 -0500 Subject: [PATCH] systemctl: show BindsTo/BoundBy in list-dependencies Suggested-by: Peter Mattern <[email protected]> http://lists.freedesktop.org/archives/systemd-devel/2014-November/025437.html --- src/systemctl/systemctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git src/systemctl/systemctl.c src/systemctl/systemctl.c index 78b7c96..fd69c69 100644 --- src/systemctl/systemctl.c +++ src/systemctl/systemctl.c @@ -1480,11 +1480,13 @@ static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, cha "RequiresOverridable\0" "Requisite\0" "RequisiteOverridable\0" - "Wants\0", + "Wants\0" + "BindsTo\0", [DEPENDENCY_REVERSE] = "RequiredBy\0" "RequiredByOverridable\0" "WantedBy\0" - "PartOf\0", + "PartOf\0" + "BoundBy\0", [DEPENDENCY_AFTER] = "After\0", [DEPENDENCY_BEFORE] = "Before\0", }; -- 1.7.9.2 ++++++ 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch ++++++ Based on 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <[email protected]> Date: Mon, 24 Nov 2014 09:11:12 -0500 Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630 --- src/cryptsetup/cryptsetup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- src/cryptsetup/cryptsetup.c +++ src/cryptsetup/cryptsetup.c 2014-12-15 12:00:17.554019752 +0000 @@ -386,7 +386,9 @@ static int attach_luks_or_plain(struct c /* plain isn't a real hash type. it just means "use no hash" */ if (!streq(opt_hash, "plain")) params.hash = opt_hash; - } else + } else if (!key_file) + /* for CRYPT_PLAIN, the behaviour of cryptsetup + * package is to not hash when a key file is provided */ params.hash = "ripemd160"; if (opt_cipher) { ++++++ 0004-core-fix-transaction-destructiveness-check-once-more.patch ++++++ Based on e0312f4db08c7100bd00299614e87bedc759b366 Mon Sep 17 00:00:00 2001 Based on c21b92ffe7ef939dd32502ac912cf8ad1c5638fd Mon Sep 17 00:00:00 2001 From: Michal Schmidt <[email protected]> Date: Thu, 27 Nov 2014 15:23:58 +0100 Subject: [PATCH] core: fix transaction destructiveness check once more The previous fix e0312f4db "core: fix check for transaction destructiveness" broke test-engine (noticed by Zbyszek). Apparently I had a wrong idea of the intended semantics of --fail. The manpage says the operation should fail if it "conflicts with a pending job (more specifically: causes an already pending start job to be reversed into a stop job or vice versa)". So let's check job_type_is_conflicting, instead of !is_superset. This makes both test-engine and TEST-03-JOBS pass again. --- src/core/transaction.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- src/core/transaction.c +++ src/core/transaction.c 2014-12-15 12:06:11.721518136 +0000 @@ -510,7 +510,7 @@ static int transaction_is_destructive(Tr assert(!j->transaction_next); if (j->unit->job && (mode == JOB_FAIL || j->unit->job->irreversible) && - !job_type_is_superset(j->type, j->unit->job->type)) { + job_type_is_conflicting(j->unit->job->type, j->type)) { sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE, "Transaction is destructive."); return -EEXIST; ++++++ 1098-udev-link_setup-respect-kernel-name-assign-policy.patch ++++++ --- /var/tmp/diff_new_pack.wv3j6z/_old 2014-12-21 12:02:33.000000000 +0100 +++ /var/tmp/diff_new_pack.wv3j6z/_new 2014-12-21 12:02:33.000000000 +0100 @@ -17,9 +17,11 @@ src/udev/net/link-config.h | 1 5 files changed, 79 insertions(+), 11 deletions(-) ---- man/udev.xml -+++ man/udev.xml 2014-12-05 11:43:18.670867575 +0000 -@@ -914,10 +914,21 @@ +Index: man/udev.xml +=================================================================== +--- man/udev.xml.orig ++++ man/udev.xml +@@ -914,10 +914,12 @@ successful one is used. The name is not set directly, but is exported to udev as the property <literal>ID_NET_NAME</literal>, which is, by default, used by a udev rule to set @@ -29,28 +31,15 @@ + The available policies are: </para> <variablelist> - <varlistentry> -+ <term><literal>kernel</literal></term> -+ <listitem> -+ <para>If the kernel claims that the name it -+ has set for a device is predictable, then -+ no renaming is performed. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> +- <varlistentry> ++ <varlistentry> <term><literal>database</literal></term> <listitem> <para>The name is set based on entries in the Hardware ---- network/99-default.link -+++ network/99-default.link 2014-12-05 00:00:00.000000000 +0000 -@@ -1,3 +1,3 @@ - [Link] --NamePolicy=database onboard slot path -+NamePolicy=kernel database onboard slot path - MACAddressPolicy=persistent ---- src/shared/missing.h -+++ src/shared/missing.h 2014-12-05 11:33:06.120057836 +0000 +Index: src/shared/missing.h +=================================================================== +--- src/shared/missing.h.orig ++++ src/shared/missing.h @@ -362,3 +362,24 @@ static inline int setns(int fd, int nsty return syscall(__NR_setns, fd, nstype); } @@ -76,8 +65,10 @@ +# define NET_NAME_RENAMED 4 +#endif + ---- src/udev/net/link-config.c -+++ src/udev/net/link-config.c 2014-12-05 11:36:51.658018542 +0000 +Index: src/udev/net/link-config.c +=================================================================== +--- src/udev/net/link-config.c.orig ++++ src/udev/net/link-config.c @@ -20,10 +20,11 @@ ***/ @@ -91,64 +82,44 @@ #include "link-config.h" #include "ethtool-util.h" -@@ -297,7 +298,33 @@ static bool mac_is_random(struct udev_de +@@ -297,23 +298,30 @@ static bool mac_is_random(struct udev_de return false; /* check for NET_ADDR_RANDOM */ - return type == 1; + return type == NET_ADDR_RANDOM; -+} -+ -+static bool should_rename(struct udev_device *device, bool respect_predictable) { -+ const char *s; -+ unsigned type; -+ int r; -+ + } + +-static bool mac_is_permanent(struct udev_device *device) { ++static bool should_rename(struct udev_device *device) { + const char *s; + unsigned type; + int r; + +- s = udev_device_get_sysattr_value(device, "addr_assign_type"); + s = udev_device_get_sysattr_value(device, "name_assign_type"); -+ if (!s) + if (!s) +- return true; /* if we don't know, assume it is permanent */ + return true; /* if we don't know, assume we should rename */ -+ r = safe_atou(s, &type); -+ if (r < 0) -+ return true; -+ + r = safe_atou(s, &type); + if (r < 0) + return true; + +- /* check for NET_ADDR_PERM */ +- return type == 0; + switch (type) { + case NET_NAME_USER: + case NET_NAME_RENAMED: + return false; /* these were already named by userspace, do not touch again */ + case NET_NAME_PREDICTABLE: -+ if (respect_predictable) -+ return false; /* the kernel claims to have given a predictable name */ -+ /* fall through */ + case NET_NAME_ENUM: + default: + return true; /* the name is known to be bad, or of an unknown type */ + } } - static bool mac_is_permanent(struct udev_device *device) { -@@ -371,6 +398,7 @@ int link_config_apply(link_config_ctx *c - const char *new_name = NULL; - struct ether_addr generated_mac; - struct ether_addr *mac = NULL; -+ bool respect_predictable = false; - int r, ifindex; - - assert(ctx); -@@ -406,8 +434,12 @@ int link_config_apply(link_config_ctx *c - if (ctx->enable_name_policy && config->name_policy) { - NamePolicy *policy; - -- for (policy = config->name_policy; !new_name && *policy != _NAMEPOLICY_INVALID; policy++) { -+ for (policy = config->name_policy; !respect_predictable && !new_name && -+ *policy != _NAMEPOLICY_INVALID; policy++) { - switch (*policy) { -+ case NAMEPOLICY_KERNEL: -+ respect_predictable = true; -+ break; - case NAMEPOLICY_DATABASE: - new_name = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE"); - break; -@@ -429,12 +461,14 @@ int link_config_apply(link_config_ctx *c + #define HASH_KEY SD_ID128_MAKE(d3,1e,48,fa,90,fe,4b,4c,9d,af,d5,d7,a1,b1,2e,8a) +@@ -429,16 +437,16 @@ int link_config_apply(link_config_ctx *c } } @@ -158,32 +129,26 @@ - *name = config->name; /* a name was set manually in the config */ - else - *name = NULL; -+ if (should_rename(device, respect_predictable)) { ++ if (should_rename(device)) { + if (!new_name) + /* if not set by policy, fall back manually set name */ + new_name = config->name; + } else + new_name = NULL; -+ -+ *name = new_name; switch (config->mac_policy) { case MACPOLICY_PERSISTENT: -@@ -500,6 +534,7 @@ DEFINE_STRING_TABLE_LOOKUP(mac_policy, M - DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_policy, mac_policy, MACPolicy, "Failed to parse MAC address policy"); +- if (!mac_is_permanent(device)) { ++ if (mac_is_random(device)) { + r = get_mac(device, false, &generated_mac); + if (r == -ENOENT) + break; +@@ -467,6 +475,8 @@ int link_config_apply(link_config_ctx *c + return r; + } + ++ *name = new_name; ++ + return 0; + } - static const char* const name_policy_table[] = { -+ [NAMEPOLICY_KERNEL] = "kernel", - [NAMEPOLICY_DATABASE] = "database", - [NAMEPOLICY_ONBOARD] = "onboard", - [NAMEPOLICY_SLOT] = "slot", ---- src/udev/net/link-config.h -+++ src/udev/net/link-config.h 2014-12-05 00:00:00.000000000 +0000 -@@ -39,6 +39,7 @@ typedef enum MACPolicy { - } MACPolicy; - - typedef enum NamePolicy { -+ NAMEPOLICY_KERNEL, - NAMEPOLICY_DATABASE, - NAMEPOLICY_ONBOARD, - NAMEPOLICY_SLOT, ++++++ systemd-add-user-keep.patch ++++++ diff -Naur systemd-210/man/tmpfiles.d.xml systemd-210.mod/man/tmpfiles.d.xml --- systemd-210/man/tmpfiles.d.xml 2014-12-18 09:40:29.403629407 +0100 +++ systemd-210.mod/man/tmpfiles.d.xml 2014-12-18 10:34:06.274130934 +0100 @@ -435,8 +435,12 @@ <varname>f</varname>, <varname>F</varname>, and <varname>w</varname> may be used to specify a short string that is written to the - file, suffixed by a newline. Ignored for all - other lines.</para> + file, suffixed by a newline. + For <varname>x</varname>, <varname>X</varname> + a comma separated list of usernames. If given, + only paths belonging to these users will be + excluded during directory cleanup. + Ignored for all other lines.</para> </refsect2> </refsect1> diff -Naur systemd-210/src/tmpfiles/tmpfiles.c systemd-210.mod/src/tmpfiles/tmpfiles.c --- systemd-210/src/tmpfiles/tmpfiles.c 2014-12-18 09:40:29.342629177 +0100 +++ systemd-210.mod/src/tmpfiles/tmpfiles.c 2014-12-18 11:58:16.686576974 +0100 @@ -263,6 +263,7 @@ struct timespec times[2]; bool deleted = false; int r = 0; + Item *found = NULL; while ((dent = readdir(d))) { struct stat s; @@ -306,11 +307,43 @@ } /* Is there an item configured for this path? */ - if (hashmap_get(items, sub_path)) - continue; - - if (find_glob(globs, sub_path)) - continue; + found = hashmap_get(items, sub_path); + + if (!found) + found = find_glob(globs, sub_path); + + if (found) { + /* evaluate username arguments in ignore statements */ + if (found->type == IGNORE_PATH || found->type == IGNORE_DIRECTORY_PATH) { + if (!found->argument) + continue; + else { + struct passwd *pw; + char *userfound = NULL, *args = strdup(found->argument); + bool match = false; + int uid = -1; + + while ((userfound = strsep(&args, ","))) { + pw = getpwnam(userfound); + + if (!pw) + log_error("Unknown user '%s' in ignore statement.", userfound); + else { + uid = pw->pw_uid; + if (s.st_uid == uid) { + match = true; + break; + } + } + } + if (match) { + found = NULL; + continue; + } + } + } else + continue; + } if (S_ISDIR(s.st_mode)) { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
