(RHEL-40924) Backport RHEL only patches

man/logind.conf.xml

@@ -374,7 +374,7 @@
         user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
         last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
         well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
-        are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para>
+        are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para>
 
         <xi:include href="version-info.xml" xpointer="v212"/></listitem>
       </varlistentry>

man/systemd-system.conf.xml

@@ -520,10 +520,10 @@
         <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
         <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         for details. This setting applies to all unit types that support resource control settings, with the exception
-        of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+        of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
         and root cgroup <varname>pids.max</varname>.
         Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
-        For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
+        For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
         but might be greater in other systems or smaller in OS containers.</para>
 
         <xi:include href="version-info.xml" xpointer="v228"/></listitem>

man/systemd.link.xml

@@ -1386,7 +1386,7 @@ OriginalName=*
 [Link]
 NamePolicy=keep kernel database onboard slot path
 AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent</programlisting>
+MACAddressPolicy=none</programlisting>
     </example>
 
     <example>

network/99-default.link

@@ -12,4 +12,4 @@ OriginalName=*
 [Link]
 NamePolicy=keep kernel database onboard slot path
 AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

presets/90-systemd.preset

@@ -21,7 +21,6 @@ enable systemd-boot-update.service
 enable systemd-confext.service
 enable systemd-homed.service
 enable systemd-homed-activate.service
-enable systemd-journald-audit.socket
 enable systemd-mountfsd.socket
 enable systemd-network-generator.service
 enable systemd-networkd.service

rules.d/40-elevator.rules

@@ -0,0 +1,20 @@
+# We aren't adding devices skip the elevator check
+ACTION!="add", GOTO="sched_out"
+
+SUBSYSTEM!="block", GOTO="sched_out"
+ENV{DEVTYPE}!="disk", GOTO="sched_out"
+
+# Technically, dm-multipath can be configured to use an I/O scheduler.
+# However, there are races between the 'add' uevent and the linking in
+# of the queue/scheduler sysfs file.  For now, just skip dm- devices.
+KERNEL=="dm-*|md*", GOTO="sched_out"
+
+# Skip bio-based devices, which don't support an I/O scheduler.
+ATTR{queue/scheduler}=="none", GOTO="sched_out"
+
+# If elevator= is specified on the kernel command line, change the
+# scheduler to the one specified.
+IMPORT{cmdline}="elevator"
+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
+
+LABEL="sched_out"

rules.d/meson.build

@@ -8,6 +8,7 @@ rules = [
         [files('40-redhat-hotplug.rules',
                '40-redhat-s390.rules',
                '40-redhat.rules',
+               '40-elevator.rules',
                '60-autosuspend.rules',
                '60-block.rules',
                '60-cdrom_id.rules',

src/basic/random-util.h

@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) {
 }
 
 /* Some limits on the pool sizes when we deal with the kernel random pool */
-#define RANDOM_POOL_SIZE_MIN 32U
+#define RANDOM_POOL_SIZE_MIN 1024U
 #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
 #define RANDOM_EFI_SEED_SIZE 32U
 

src/core/load-fragment.c

@@ -868,7 +868,7 @@ int config_parse_kill_mode(
         }
 
         if (m == KILL_NONE)
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                log_syntax(unit, LOG_DEBUG, filename, line, 0,
                            "Unit uses KillMode=none. "
                            "This is unsafe, as it disables systemd's process lifecycle management for the service. "
                            "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "

src/core/manager.c

@@ -117,7 +117,7 @@
 /* How many units and jobs to process of the bus queue before returning to the event loop. */
 #define MANAGER_BUS_MESSAGE_BUDGET 100U
 
-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */
 
 static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
 static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);

src/core/system.conf.in

@@ -59,7 +59,7 @@
 #DefaultIPAccounting=no
 #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
 #DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=80%
 #DefaultLimitCPU=
 #DefaultLimitFSIZE=
 #DefaultLimitDATA=

src/core/unit.c

@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata)
 
         /* During start we print a warning */
 
-        log_unit_warning(userdata,
+        log_unit_debug(userdata,
                          "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
                          "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
                          pid->pid, strna(comm));

src/journal/journald.conf

@@ -47,4 +47,4 @@
 #MaxLevelSocket=debug
 #LineMax=48K
 #ReadKMsg=yes
-#Audit=yes
+Audit=

src/login/logind-core.c

@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) {
 
         m->n_autovts = 6;
         m->reserve_vt = 6;
-        m->remove_ipc = true;
+        m->remove_ipc = false;
         m->inhibit_delay_max = 5 * USEC_PER_SEC;
         m->user_stop_delay = 10 * USEC_PER_SEC;
 

src/login/logind.conf.in

@@ -46,7 +46,7 @@
 #IdleActionSec=30min
 #RuntimeDirectorySize=10%
 #RuntimeDirectoryInodesMax=
-#RemoveIPC=yes
+#RemoveIPC=no
 #InhibitorsMax=8192
 #SessionsMax=8192
 #StopIdleSessionSec=infinity

test/fuzz/fuzz-link-parser/99-default.link

@@ -9,4 +9,4 @@
 
 [Link]
 NamePolicy=keep kernel database onboard slot path
-MACAddressPolicy=persistent
+MACAddressPolicy=none

tmpfiles.d/meson.build

@@ -10,7 +10,6 @@ files = [['README',               ''],
          ['systemd-nologin.conf', 'HAVE_PAM'],
          ['systemd-nspawn.conf',  'ENABLE_MACHINED'],
          ['systemd-pstore.conf',  'ENABLE_PSTORE'],
-         ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
          ['systemd-tmp.conf',     ''],
          ['tmp.conf',             ''],
          ['x11.conf',             ''],

units/rc-local.service.in

@@ -13,7 +13,8 @@
 Description={{RC_LOCAL_PATH}} Compatibility
 Documentation=man:systemd-rc-local-generator(8)
 ConditionFileIsExecutable={{RC_LOCAL_PATH}}
-After=network.target
+After=network-online.target
+Wants=network-online.target
 
 [Service]
 Type=forking