From 22471415ffccf3509a2e1bf0606e37dae92f1bc5 Mon Sep 17 00:00:00 2001 From: fly_fzc <2385803914@qq.com> Date: Mon, 26 May 2025 15:17:29 +0800 Subject: [PATCH] sync patches from systemd community (cherry picked from commit fe41285e04d17b247115e0369a2b856399d6e13b) --- ...the-pty-slave-fd-to-transient-servic.patch | 152 ++++++++++++++++++ ...he-pty-slave-fd-to-transient-service.patch | 53 ++++++ systemd.spec | 9 +- 3 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch create mode 100644 backport-run-pass-the-pty-slave-fd-to-transient-service.patch diff --git a/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch b/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch new file mode 100644 index 0000000..f1fb762 --- /dev/null +++ b/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch @@ -0,0 +1,152 @@ +From 639c922ede94852f83ccd930b28a382075f1da8f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 6 Jun 2024 13:30:09 +0200 +Subject: [PATCH] run: do not pass the pty slave fd to transient service in a + machine + +Follow-up for 28459ba1f4df824d5ef7f7d1a9acb6953ea24045 + +The pty path returned by OpenMachinePTY() cannot be opened from outside +the machine, hence let's use the plain Standard{Input,Output,Error}=tty +in such a case. This means if --machine= is specified, #32916 would occur. +A comprehensive fix requires a new dbus method in machined, which shall +be material for v257. + +See also: https://github.com/systemd/systemd/pull/33216#discussion_r1628020429 + +Replaces #33216 + +Co-authored-by: Mike Yuan +(cherry picked from commit ddef3ec87c1f63fed868f769d246b0b3d6877f88) +--- + src/run/run.c | 48 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 31 insertions(+), 17 deletions(-) + +diff --git a/src/run/run.c b/src/run/run.c +index 14cc9f9514..659f525db7 100644 +--- a/src/run/run.c ++++ b/src/run/run.c +@@ -748,7 +748,7 @@ static int transient_kill_set_properties(sd_bus_message *m) { + return 0; + } + +-static int transient_service_set_properties(sd_bus_message *m, const char *pty_path) { ++static int transient_service_set_properties(sd_bus_message *m, const char *pty_path, int pty_fd) { + bool send_term = false; + int r; + +@@ -758,6 +758,7 @@ static int transient_service_set_properties(sd_bus_message *m, const char *pty_p + bool use_ex_prop = arg_expand_environment == 0; + + assert(m); ++ assert(pty_path || pty_fd < 0); + + r = transient_unit_set_properties(m, UNIT_SERVICE, arg_property); + if (r < 0) +@@ -808,18 +809,22 @@ static int transient_service_set_properties(sd_bus_message *m, const char *pty_p + } + + if (pty_path) { +- _cleanup_close_ int pty_slave = -EBADF; +- +- pty_slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC); +- if (pty_slave < 0) +- return pty_slave; ++ r = sd_bus_message_append(m, "(sv)", "TTYPath", "s", pty_path); ++ if (r < 0) ++ return bus_log_create_error(r); + +- r = sd_bus_message_append(m, +- "(sv)(sv)(sv)(sv)", +- "StandardInputFileDescriptor", "h", pty_slave, +- "StandardOutputFileDescriptor", "h", pty_slave, +- "StandardErrorFileDescriptor", "h", pty_slave, +- "TTYPath", "s", pty_path); ++ if (pty_fd >= 0) ++ r = sd_bus_message_append(m, ++ "(sv)(sv)(sv)", ++ "StandardInputFileDescriptor", "h", pty_fd, ++ "StandardOutputFileDescriptor", "h", pty_fd, ++ "StandardErrorFileDescriptor", "h", pty_fd); ++ else ++ r = sd_bus_message_append(m, ++ "(sv)(sv)(sv)", ++ "StandardInput", "s", "tty", ++ "StandardOutput", "s", "tty", ++ "StandardError", "s", "tty"); + if (r < 0) + return bus_log_create_error(r); + +@@ -1185,7 +1190,8 @@ static int make_transient_service_unit( + sd_bus *bus, + sd_bus_message **message, + const char *service, +- const char *pty_path) { ++ const char *pty_path, ++ int pty_fd) { + + _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; + int r; +@@ -1212,7 +1218,7 @@ static int make_transient_service_unit( + if (r < 0) + return bus_log_create_error(r); + +- r = transient_service_set_properties(m, pty_path); ++ r = transient_service_set_properties(m, pty_path, pty_fd); + if (r < 0) + return r; + +@@ -1301,7 +1307,7 @@ static int start_transient_service(sd_bus *bus) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL; + _cleanup_free_ char *service = NULL, *pty_path = NULL; +- _cleanup_close_ int master = -EBADF; ++ _cleanup_close_ int master = -EBADF, slave = -EBADF; + int r; + + assert(bus); +@@ -1320,6 +1326,10 @@ static int start_transient_service(sd_bus *bus) { + if (unlockpt(master) < 0) + return log_error_errno(errno, "Failed to unlock tty: %m"); + ++ slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC); ++ if (slave < 0) ++ return log_error_errno(slave, "Failed to open pty slave: %m"); ++ + } else if (arg_transport == BUS_TRANSPORT_MACHINE) { + _cleanup_(sd_bus_unrefp) sd_bus *system_bus = NULL; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *pty_reply = NULL; +@@ -1349,6 +1359,9 @@ static int start_transient_service(sd_bus *bus) { + pty_path = strdup(s); + if (!pty_path) + return log_oom(); ++ ++ // FIXME: Introduce OpenMachinePTYEx() that accepts ownership/permission as param ++ // and additionally returns the pty fd, for #33216 and #32999 + } else + assert_not_reached(); + } +@@ -1375,9 +1388,10 @@ static int start_transient_service(sd_bus *bus) { + return r; + } + +- r = make_transient_service_unit(bus, &m, service, pty_path); ++ r = make_transient_service_unit(bus, &m, service, pty_path, slave); + if (r < 0) + return r; ++ slave = safe_close(slave); + + polkit_agent_open_if_enabled(arg_transport, arg_ask_password); + +@@ -1802,7 +1816,7 @@ static int make_transient_trigger_unit( + if (r < 0) + return bus_log_create_error(r); + +- r = transient_service_set_properties(m, NULL); ++ r = transient_service_set_properties(m, /* pty_path = */ NULL, /* pty_fd = */ -EBADF); + if (r < 0) + return r; + +-- +2.33.0 + diff --git a/backport-run-pass-the-pty-slave-fd-to-transient-service.patch b/backport-run-pass-the-pty-slave-fd-to-transient-service.patch new file mode 100644 index 0000000..a55be37 --- /dev/null +++ b/backport-run-pass-the-pty-slave-fd-to-transient-service.patch @@ -0,0 +1,53 @@ +From 182b80bede28ef6e9c0d0edd34c56a467d22dee5 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sun, 19 May 2024 09:07:21 +0800 +Subject: [PATCH] run: pass the pty slave fd to transient service + +The rationale is similar to 40e1f4ea7458a0a80eaf1ef356e52bfe0835412e. + +Currently, we only pass TTYPath=/dev/pts/... to +the transient service spawned by systemd-run. +This is a bit problematic though, when ExecStartPre= +or ExecStopPost= is used. Since when these control +processes get to run, the main process is not yet +started/has already exited, hence the slave suffers +from the same vhangup problem as the mentioned commit. + +By passing the slave fd in, the service manager will +hold the fd open as long as the service is alive. + +Fixes #32916 + +(cherry picked from commit 28459ba1f4df824d5ef7f7d1a9acb6953ea24045) +--- + src/run/run.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/run/run.c b/src/run/run.c +index 3b8d331b35..1b9fb41d7c 100644 +--- a/src/run/run.c ++++ b/src/run/run.c +@@ -808,11 +808,17 @@ static int transient_service_set_properties(sd_bus_message *m, const char *pty_p + } + + if (pty_path) { ++ _cleanup_close_ int pty_slave = -EBADF; ++ ++ pty_slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC); ++ if (pty_slave < 0) ++ return pty_slave; ++ + r = sd_bus_message_append(m, + "(sv)(sv)(sv)(sv)", +- "StandardInput", "s", "tty", +- "StandardOutput", "s", "tty", +- "StandardError", "s", "tty", ++ "StandardInputFileDescriptor", "h", pty_slave, ++ "StandardOutputFileDescriptor", "h", pty_slave, ++ "StandardErrorFileDescriptor", "h", pty_slave, + "TTYPath", "s", pty_path); + if (r < 0) + return bus_log_create_error(r); +-- +2.33.0 + diff --git a/systemd.spec b/systemd.spec index 7208029..be166da 100644 --- a/systemd.spec +++ b/systemd.spec @@ -25,7 +25,7 @@ Name: systemd Url: https://systemd.io/ Version: 255 -Release: 41 +Release: 42 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -103,6 +103,8 @@ Patch6649: backport-execute-free-syscall_log-hashmap-when-done.patch Patch6650: backport-logind-let-system-wide-idle-begin-at-the-time-logind.patch Patch6651: backport-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch Patch6652: backport-CVE-2023-7008.patch +Patch6653: backport-run-pass-the-pty-slave-fd-to-transient-service.patch +Patch6654: backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch @@ -1689,6 +1691,11 @@ fi %{_unitdir}/veritysetup.target %changelog +* Mon May 26 2025 fuanan - 255-42 +- backport: sync patches from systemd community + add backport-run-pass-the-pty-slave-fd-to-transient-service.patch + backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch + * Mon Apr 28 2025 zhangyao - 255-41 - actually check authenticated flag of SOA transaction in resolved -- Gitee