Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(RHEL-71409) Rebase rhel-only patches on top of v257 #47

Merged
merged 30 commits into from
Dec 17, 2024

Conversation

jamacku
Copy link
Member

@jamacku jamacku commented Dec 16, 2024

No description provided.

@jamacku jamacku added this to the RHEL-10.0 milestone Dec 16, 2024
@jamacku jamacku force-pushed the rebase257 branch 5 times, most recently from bea03a9 to 28ea94a Compare December 16, 2024 13:25
@jamacku jamacku changed the title Rebase rhel-only patches on top of v257 (RHEL-71409) Rebase rhel-only patches on top of v257 Dec 16, 2024
@jamacku jamacku requested a review from msekletar December 17, 2024 07:00
keszybz and others added 22 commits December 17, 2024 08:14
This effectively reverts a change in 115d514
'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
in an additional check of uid_is_container(uid). The problem is that that change
is not backwards-compatible at all and very hard for users to handle.
There is no common agreement on mappings of high-range uids. Systemd declares
ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
but this is only a recent change and various sites allocated those ranges
in a different way, in particular FreeIPA uses (used?) uids from this range
for human users. On big sites with lots of users changing uids is obviously a
hard problem. We generally assume that uids cannot be "freed" and/or changed
and/or reused safely, so we shouldn't demand the same from others.

This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
huge problems for existing systems with were created with a different
definition and couldn't be easily updated. For that case, we added a
configuration time switch and we now parse /etc/login.defs to actually use the
value that is appropriate for the local system.

Unfortunately, login.defs doesn't have a concept of container allocation ranges
(and we don't have code to parse and use those nonexistent names either), so we
can't tell users to adjust logind.defs to work around the changed definition.

login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
because they are used to define where the add allocations for subuids, which is
generally a much smaller range. Maybe we should talk with other folks about
the appropriate allocation ranges and define some new settings in login.defs.
But this would require discussion and coordination with other projects first.

Actualy, it seems that this change was needed at all. The code in the container
does not log to the outside journal. It talks to its own journald, which does
journal splitting using its internal logic based on shifted uids. So let's
revert the change to fix user systems.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.

rhel-only: bugfix

Related: RHEL-40924
Follow-up for systemd/systemd#33383.

rhel-only: bugfix

Related: RHEL-40924
Adjust upstream config to use our shared stack

rhel-only: feature

Related: RHEL-40924
Also add RHEL8,9,10 versions to version-info.xml file

rhel-only: feature

Resolves: RHEL-22621
Also split rules into 40-redhat-hotplug.rules, 40-redhat-s390.rules and 40-redhat.rules.

rhel-only: feature

Resolves: RHEL-40360
RHEL-only: bugfix

Related: RHEL-40924
I think this was the intent of commit 91b684c,
just network-online.target didn't exist back then.

RHEL-only: bugfix

Related: RHEL-40924
RHEL-only: feature

Related: RHEL-40924
RHEL-only: policy

Related: RHEL-40924
Kernel removed the elevator= option, so let's reintroduce
it for rhel8 via udev rule.

RHEL-only: feature

Related: RHEL-40924
This should be hopefully high enough even for the very big deployments.

RHEL-only: feature

Related: RHEL-40924
While stable MAC address for interface types that don't have the
address provided by HW could be useful it also breaks LACP based bonds.
Let's err on the side of caution and don't change the MAC address from
udev.

RHEL-only: policy

Related: RHEL-40924
In rhel10 we will have separate bin and sbin

RHEL-only: policy

Resolves: RHEL-46277
We noticed that some people are installing systemd* and then
have daemons they don't need running. So let's remove resolved
from presets so its usage is a bit more deliberate

RHEL-only: policy

Resolves: RHEL-46576
follow-up to redhat-plumbers@13a0702

rhel-only: policy

Related: RHEL-40924
As it's not needed anymore.

rhel-only: ci

Related: RHEL-40924
This brings policy inline with RHEL-9.

rhel-only: policy

Related: RHEL-46778
rhel-only: policy

Related: RHEL-40924
lnykryn and others added 6 commits December 17, 2024 08:14
rhel-only: policy

Related: RHEL-40924
rhel-only: policy

Related: RHEL-40924
rhel-only: policy

Resolves: RHEL-44416
rhel-only: policy
Related: RHEL-55728
It seems that virtio devices always have "0" in
the firmware_node/sun. And because of that, udev will
always name the device ens0, which leads to collisions.
So let's disable it for now.

rhel-only: policy
Resolves: RHEL-55728
Copy link

github-actions bot commented Dec 17, 2024

Commit validation

Tracker - RHEL-40924, RHEL-22621, RHEL-40360, RHEL-46277, RHEL-46576, RHEL-46778, RHEL-44416, RHEL-55728, RHEL-44417, RHEL-71409

The following commits meet all requirements

commit upstream
ca398e5 - journal: again create user journals for users with high uids rhel-only: bugfix
1c134fd - tmpfiles: make --purge hard to (mis-)use rhel-only: bugfix
5520a6c - fedora: use system-auth in pam systemd-user rhel-only: feature
aa39fab - net-naming-scheme: start rhel10 naming and include rhel8 and rhel9 one… rhel-only: feature
f0ff83d - rules: copy 40-redhat.rules from RHEL 9 rhel-only: feature
a12e849 - logind: set RemoveIPC to false by default RHEL-only: bugfix
746039e - tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink RHEL-only: bugfix
afd027d - rc-local: order after network-online.target RHEL-only: bugfix
c141ec7 - random-util: increase random seed size to 1024 RHEL-only: feature
897e591 - journal: don't enable systemd-journald-audit.socket by default RHEL-only: feature
fd97f26 - journald.conf: don't touch current audit settings RHEL-only: policy
c60eb7f - rules: add elevator= kernel command line parameter RHEL-only: feature
5e2ca95 - pid1: bump DefaultTasksMax to 80% of the kernel pid.max value RHEL-only: feature
8bb5210 - udev/net-setup-link: change the default MACAddressPolicy to "none" RHEL-only: policy
1ed224d - core: decrease log level of messages about use of KillMode=none RHEL-only: bugfix
13a982b - taint: remove unmerged-bin RHEL-only: policy
626d0a7 - presets: remove resolved RHEL-only: policy
a591795 - _ ci: run mkosi test only for Fedora and CentOS Stream_ rhel-only: ci
7009da8 - taint: remove unused variable usr_sbin rhel-only: policy
0423015 - packit: drop the libarchive workaround rhel-only: ci
d02d43f - coredump: by default process and store core files up to 1GiB rhel-only: policy
6d810a8 - Avoid /tmp being mounted as tmpfs without the user's will rhel-only: policy
800b8d9 - unit: don't add Requires for tmp.mount rhel-only: policy
fccc047 - units: add [Install] section to tmp.mount rhel-only: policy
3e9dcb8 - units: don't enable tmp.mount statically in local-fs.target rhel-only: policy
b2a5b1e - netif-naming-scheme: add rhel-9.5 scheme rhel-only: policy
8580e8d - netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta rhel-only: policy
7b82fe6 - net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN rhel-only: policy
2319036 - netif-naming-scheme: introduce rhel-10.0 scheme rhel-only: policy
863a553 - profile.d: don't bail if $SHELL* variables are unset_ systemd/systemd@12e33d3

Tracker validation

🔴 Missing tracker or Unknown tracker type; type: 'unknown'


Pull Request validation

Failed

🔴 Failed or pending checks - rpm-build:centos-stream-10-x86_64[failure]
🔴 Review - Missing review from a member (1 required)

jamacku and others added 2 commits December 17, 2024 09:40
rhel-only: policy

Related: RHEL-44417
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:

    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

For example:

    $ cat > foo.sh <<EOF
    #!/bin/sh
    set -u

    source /etc/profile
    EOF
    $ chmod 700 foo.sh
    $ ./foo.sh
    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.

[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html

(cherry picked from commit 12e33d332b3f8754f4d5d0d21d5d3f0de8adc54c)

Related: RHEL-71409
@jamacku jamacku marked this pull request as ready for review December 17, 2024 14:25
@jamacku jamacku merged commit 2a6fbf9 into redhat-plumbers:main Dec 17, 2024
26 of 27 checks passed
@jamacku jamacku deleted the rebase257 branch December 17, 2024 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants