retitle 696116 unblock: systemd/44-7 thanks On 16.12.2012 23:13, Michael Biebl wrote: > Please unblock package systemd > > systemd (44-6) unstable; urgency=low
There was another important regression fix which was uploaded in the mean time.
Full changelog:
systemd (44-7) unstable; urgency=low
* Fix a regression in the init-functions hook wrt reload handling that was
introduced when dropping the X-Interactive hack. Closes: #696355
-- Michael Biebl <bi...@debian.org> Fri, 21 Dec 2012 00:00:12 +0100
systemd (44-6) unstable; urgency=low
[ Michael Biebl ]
* No longer ship the /sys directory in the systemd package since it is
provided by base-files nowadays.
* Don't run udev rules if systemd is not active.
* Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
migration so don't run the debian-fixup script on every boot.
[ Tollef Fog Heen ]
* Prevent the systemd package from being removed if it's the active init
system, since that doesn't work.
[ Michael Biebl ]
* Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
Those directories are user-writable which could lead to DoS by filling up
/run. Closes: #635131
-- Michael Biebl <bi...@debian.org> Sun, 16 Dec 2012 21:58:37 +0100
Complete and updated debdiff is attached.
Cheers,
Michael
unblock systemd/44-7
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
diff --git a/debian/changelog b/debian/changelog
index 4912043..af9bc1a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,30 @@
+systemd (44-7) unstable; urgency=low
+
+ * Fix a regression in the init-functions hook wrt reload handling that was
+ introduced when dropping the X-Interactive hack. Closes: #696355
+
+ -- Michael Biebl <bi...@debian.org> Fri, 21 Dec 2012 00:00:12 +0100
+
+systemd (44-6) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * No longer ship the /sys directory in the systemd package since it is
+ provided by base-files nowadays.
+ * Don't run udev rules if systemd is not active.
+ * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
+ migration so don't run the debian-fixup script on every boot.
+
+ [ Tollef Fog Heen ]
+ * Prevent the systemd package from being removed if it's the active init
+ system, since that doesn't work.
+
+ [ Michael Biebl ]
+ * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
+ Those directories are user-writable which could lead to DoS by filling up
+ /run. Closes: #635131
+
+ -- Michael Biebl <bi...@debian.org> Sun, 16 Dec 2012 21:58:37 +0100
+
systemd (44-5) unstable; urgency=low
* Team upload.
@@ -8,7 +35,7 @@ systemd (44-5) unstable; urgency=low
when restarting libvirtd. Closes: #688635.
* Avoid reloading services when shutting down, since that won't work and
makes no sense. Thanks to Michael Stapelberg for the patch.
- Closes: #624599.
+ Closes: #635777.
* Try to determine which init scripts support the reload action
heuristically. Closes: #686115, #650382.
diff --git a/debian/debian-fixup.service b/debian/debian-fixup.service
index 70840ae..2fa4f97 100644
--- a/debian/debian-fixup.service
+++ b/debian/debian-fixup.service
@@ -3,6 +3,9 @@ Description=Various fixups to make systemd work better on Debian
Before=var-run.mount var-lock.mount sysinit.target
After=remount-rootfs.service
DefaultDependencies=no
+ConditionPathIsSymbolicLink=|!/etc/mtab
+ConditionPathIsSymbolicLink=|!/var/run
+ConditionPathIsSymbolicLink=|!/var/lock
[Service]
ExecStart=/lib/systemd/debian-fixup
diff --git a/debian/init-functions.d/40-systemd b/debian/init-functions.d/40-systemd
index 5ab4d8d..0452d3d 100644
--- a/debian/init-functions.d/40-systemd
+++ b/debian/init-functions.d/40-systemd
@@ -21,6 +21,8 @@ if [ -e /sys/fs/cgroup/systemd ]; then
_use_systemctl=1
# Some services can't reload through the .service file,
# but can through the init script.
+ prog=${0##*/}
+ service="${prog%.sh}.service"
if [ "$(systemctl -p CanReload show $service 2>/dev/null)" = "CanReload=no" ] && [ "$1" = "reload" ]; then
_use_systemctl=0
fi
diff --git a/debian/systemd.dirs b/debian/systemd.dirs
index b85b0b6..e2358f6 100644
--- a/debian/systemd.dirs
+++ b/debian/systemd.dirs
@@ -1,3 +1,2 @@
var/lib/systemd
var/log/journal
-sys
diff --git a/debian/systemd.install b/debian/systemd.install
index 102e3f2..4d2e7b4 100644
--- a/debian/systemd.install
+++ b/debian/systemd.install
@@ -46,3 +46,5 @@ debian/debian-fixup lib/systemd/
debian/debian-fixup.service lib/systemd/system
debian/tmpfiles.d/debian.conf usr/lib/tmpfiles.d
debian/ifup@.service lib/systemd/system
+debian/units/run-lock.mount lib/systemd/system/
+debian/units/run-user.mount lib/systemd/system/
diff --git a/debian/systemd.links b/debian/systemd.links
index 55a7306..c8999b2 100644
--- a/debian/systemd.links
+++ b/debian/systemd.links
@@ -59,3 +59,7 @@
/lib/systemd/system/debian-fixup.service /lib/systemd/system/sysinit.target.wants/debian-fixup.service
# Compat symlink
/lib/systemd/systemd /bin/systemd
+
+# Mount separate tmpfs file systems for /run/user and /run/lock
+/lib/systemd/system/run-user.mount /lib/systemd/system/local-fs.target.wants/run-user.mount
+/lib/systemd/system/run-lock.mount /lib/systemd/system/local-fs.target.wants/run-lock.mount
diff --git a/debian/systemd.prerm b/debian/systemd.prerm
new file mode 100644
index 0000000..e067387
--- /dev/null
+++ b/debian/systemd.prerm
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+set -e
+
+#
+# Prevent systemd from being removed if it's the active init. That
+# will not work.
+#
+
+if [ "$1" = "remove" ] && [ -e /sys/fs/cgroup/systemd ]; then
+ echo "systemd is the active init system, please switch to another before removing systemd."
+ exit 1
+fi
+
+
+#DEBHELPER#
diff --git a/debian/units/run-lock.mount b/debian/units/run-lock.mount
new file mode 100644
index 0000000..1c133e4
--- /dev/null
+++ b/debian/units/run-lock.mount
@@ -0,0 +1,9 @@
+[Unit]
+Description=Lock Directory
+Before=local-fs.target
+
+[Mount]
+What=tmpfs
+Where=/run/lock
+Type=tmpfs
+Options=nodev,noexec,nosuid,size=5242880
diff --git a/debian/units/run-user.mount b/debian/units/run-user.mount
new file mode 100644
index 0000000..1b04c99
--- /dev/null
+++ b/debian/units/run-user.mount
@@ -0,0 +1,9 @@
+[Unit]
+Description=User Runtime Directory
+Before=local-fs.target
+
+[Mount]
+What=tmpfs
+Where=/run/user
+Type=tmpfs
+Options=nodev,noexec,nosuid,size=104857600,mode=0755
diff --git a/src/99-systemd.rules.in b/src/99-systemd.rules.in
index d306f71..55c00c0 100644
--- a/src/99-systemd.rules.in
+++ b/src/99-systemd.rules.in
@@ -6,6 +6,7 @@
# (at your option) any later version.
ACTION=="remove", GOTO="systemd_end"
+TEST!="/sys/fs/cgroup/systemd", GOTO="systemd_end"
SUBSYSTEM=="tty", KERNEL=="tty[0-9]|tty1[0-2]", TAG+="systemd"
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*", TAG+="systemd"
diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules
index 6932492..62f91d4 100644
--- a/src/login/70-uaccess.rules
+++ b/src/login/70-uaccess.rules
@@ -7,6 +7,7 @@
ACTION=="remove", GOTO="uaccess_end"
ENV{MAJOR}=="", GOTO="uaccess_end"
+TEST!="/sys/fs/cgroup/systemd", GOTO="uaccess_end"
# PTP/MTP protocol devices, cameras, portable media players
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="", ENV{DEVTYPE}=="usb_device", IMPORT{program}="usb_id --export %p"
diff --git a/src/login/71-seat.rules b/src/login/71-seat.rules
index 04ccac7..9ae0089 100644
--- a/src/login/71-seat.rules
+++ b/src/login/71-seat.rules
@@ -6,6 +6,7 @@
# (at your option) any later version.
ACTION=="remove", GOTO="seat_end"
+TEST!="/sys/fs/cgroup/systemd", GOTO="seat_end"
TAG=="uaccess", SUBSYSTEM!="sound", TAG+="seat"
SUBSYSTEM=="sound", KERNEL=="card*", TAG+="seat"
diff --git a/src/login/73-seat-late.rules.in b/src/login/73-seat-late.rules.in
index 0847932..3796495 100644
--- a/src/login/73-seat-late.rules.in
+++ b/src/login/73-seat-late.rules.in
@@ -6,6 +6,7 @@
# (at your option) any later version.
ACTION=="remove", GOTO="seat_late_end"
+TEST!="/sys/fs/cgroup/systemd", GOTO="seat_late_end"
ENV{ID_SEAT}=="", ENV{ID_AUTOSEAT}=="1", ENV{ID_FOR_SEAT}!="", ENV{ID_SEAT}="seat-$env{ID_FOR_SEAT}"
ENV{ID_SEAT}=="", IMPORT{parent}="ID_SEAT"
signature.asc
Description: OpenPGP digital signature
