refactor systemd
Story: 2003768 Task: 27594 Package systemd-config is added to config customized config file of systemd. Several patches are converted to config files. These config files are based on systemd-219-57.el7.src.rpm. BuildRequires in system-config is set to equal "219-57.el7", to avoid system-config is missed check when do upgrade. So when do systemd upgrade, system-config need be upgraded also. "0003-spec-expand-_udevrulesdir-macro.patch" is removed which seems not needed. Test: Pass build and multi node deploy test. Confirmed related config file is the same as before. Change-Id: I879dc276f3280911d844cfa605c56ba03caabdad Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This commit is contained in:
Shuicheng Lin
@@ -1,27 +0,0 @@
|
||||
From f38825338641e2773b83bd24c824987ebe68f8d3 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH] [PATCH 02/10] WRS: 0003-spec-expand-_udevrulesdir-macro.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/systemd.spec
|
||||
---
|
||||
SPECS/systemd.spec | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index 3b2aa7f..6e1d7e1 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -1030,7 +1030,7 @@ rm -f %{buildroot}%{_prefix}/lib/systemd/network/*
|
||||
rm -f %{buildroot}%{_mandir}/man5/sysusers.d.5.gz
|
||||
rm -f %{buildroot}%{_mandir}/man8/systemd-sysusers.*
|
||||
|
||||
-install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT/%{_udevrulesdir}/
|
||||
+install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/udev/rules.d/
|
||||
|
||||
%pre
|
||||
getent group cdrom >/dev/null 2>&1 || groupadd -r -g 11 cdrom >/dev/null 2>&1 || :
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From 4fadd91b4153c4e7a462585e78139ee530b6b292 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH 1/7] WRS: 0007-Add-patch-for-journald-config.patch
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index 845d1dd..6c277f9 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -655,6 +655,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch
|
||||
|
||||
#WRS Patches
|
||||
Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
+Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
From 1f00385b6b64616f894aab1f31d41e3fdcb73055 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH 2/7] WRS: 0008-Add-patch-for-journald-config-rate-limit.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/systemd.spec
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index 6c277f9..ff9c519 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -656,6 +656,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch
|
||||
#WRS Patches
|
||||
Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch
|
||||
+Patch0704: 0704-Configure-journald-rate-limit.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From fddd11d477de4eced32cf40c0524a11a24994fa1 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH 3/7] WRS: 0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index ff9c519..e9fc3a4 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -657,6 +657,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch
|
||||
Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch
|
||||
Patch0704: 0704-Configure-journald-rate-limit.patch
|
||||
+Patch0705: 0705-remove-id-sas-path-symlink.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From f651db58b668b32e1f365eaeb35bcff12bcbc5ad Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH 4/7] 0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index e9fc3a4..e79f10e 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -658,6 +658,7 @@ Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch
|
||||
Patch0704: 0704-Configure-journald-rate-limit.patch
|
||||
Patch0705: 0705-remove-id-sas-path-symlink.patch
|
||||
+Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From 776961a3addc58b47e9b10bc29d07ae31f2853f8 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
||||
Subject: [PATCH 5/7] WRS: 0011-Add-patch-for-moving-vartmp-to-tmpfs.patch
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index e79f10e..acc059f 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -659,6 +659,7 @@ Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch
|
||||
Patch0704: 0704-Configure-journald-rate-limit.patch
|
||||
Patch0705: 0705-remove-id-sas-path-symlink.patch
|
||||
Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
+Patch0707: 0707-move-vartmp-to-tmpfs.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From 2d2e804d3d48f47c207a6a58d6932e1119f61f93 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 18:22:33 -0400
|
||||
Subject: [PATCH 6/7] meta patch for restricting tmpfs size
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index acc059f..6152e33 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -660,6 +660,7 @@ Patch0704: 0704-Configure-journald-rate-limit.patch
|
||||
Patch0705: 0705-remove-id-sas-path-symlink.patch
|
||||
Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
Patch0707: 0707-move-vartmp-to-tmpfs.patch
|
||||
+Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
From 151218c66280ec3984daf0a476e7b5cac69d305a Mon Sep 17 00:00:00 2001
|
||||
From: Andy Ning <andy.ning@windriver.com>
|
||||
Date: Wed, 28 Mar 2018 14:20:39 -0400
|
||||
Subject: [PATCH 7/7] fix systemd tmpfiles ACL warnings
|
||||
|
||||
---
|
||||
SPECS/systemd.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index 6152e33..ffd0770 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -661,6 +661,7 @@ Patch0705: 0705-remove-id-sas-path-symlink.patch
|
||||
Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
Patch0707: 0707-move-vartmp-to-tmpfs.patch
|
||||
Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch
|
||||
+Patch0709: 0709-fix-systemd-tmpfiles-ACL-warnings.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,12 +1,4 @@
|
||||
0001-update-package-versioning-for-TIS-format.patch
|
||||
0003-spec-expand-_udevrulesdir-macro.patch
|
||||
0004-Protect-sections-of-systemd-post-from-running-on-pat.patch
|
||||
0005-spec-millisec-in-syslog-date.patch
|
||||
0007-Add-patch-for-journald-config.patch
|
||||
0008-Add-patch-for-journald-config-rate-limit.patch
|
||||
0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch
|
||||
0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
0011-Add-patch-for-moving-vartmp-to-tmpfs.patch
|
||||
0012-Add-patch-for-restricting-tmpfs-size.patch
|
||||
0013-fix-systemd-tmpfiles-ACL-warnings.patch
|
||||
0014-fix-build-error-for-unused-variable.patch
|
||||
update-package-versioning-for-TIS-format.patch
|
||||
Protect-sections-of-systemd-post-from-running-on-pat.patch
|
||||
spec-millisec-in-syslog-date.patch
|
||||
fix-build-error-for-unused-variable.patch
|
||||
|
||||
@@ -15,7 +15,7 @@ index 6e1d7e1..6a04c16 100644
|
||||
@@ -1159,6 +1159,7 @@ fi
|
||||
rm -f /etc/sysconfig/i18n >/dev/null 2>&1 || :
|
||||
rm -f /etc/sysconfig/keyboard >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
+if [ $1 -eq 1 ]; then
|
||||
# Migrate HOSTNAME= from /etc/sysconfig/network
|
||||
if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then
|
||||
@@ -25,13 +25,13 @@ index 6e1d7e1..6a04c16 100644
|
||||
fi
|
||||
sed -i '/^HOSTNAME=/d' /etc/sysconfig/network >/dev/null 2>&1 || :
|
||||
+fi
|
||||
|
||||
|
||||
# Migrate the old systemd-setup-keyboard X11 configuration fragment
|
||||
if [ ! -e /etc/X11/xorg.conf.d/00-keyboard.conf ] ; then
|
||||
@@ -1174,6 +1176,7 @@ else
|
||||
rm -f /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
|
||||
+if [ 1 -eq 0 ] ; then # TIS: Skip this. We don't want myhostname in nsswitch.conf
|
||||
# sed-fu to add myhostname to the hosts line of /etc/nsswitch.conf
|
||||
# Only do that when installing, not when updating.
|
||||
@@ -41,9 +41,9 @@ index 6e1d7e1..6a04c16 100644
|
||||
' /etc/nsswitch.conf >/dev/null 2>&1 || :
|
||||
fi
|
||||
+fi
|
||||
|
||||
|
||||
%posttrans
|
||||
# Convert old /etc/sysconfig/desktop settings
|
||||
--
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
From 6aead74fb56ae75cc16be507165d3fc75c38fac0 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Thu, 9 Aug 2018 18:40:36 +0800
|
||||
Subject: [PATCH] Add 0710-fix-build-error-for-unused-variable.patch
|
||||
Subject: [PATCH] Add 0702-fix-build-error-for-unused-variable.patch
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
@@ -12,14 +12,14 @@ diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
||||
index ffd0770..3f7cc10 100644
|
||||
--- a/SPECS/systemd.spec
|
||||
+++ b/SPECS/systemd.spec
|
||||
@@ -662,6 +662,7 @@ Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
|
||||
Patch0707: 0707-move-vartmp-to-tmpfs.patch
|
||||
Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch
|
||||
Patch0709: 0709-fix-systemd-tmpfiles-ACL-warnings.patch
|
||||
+Patch0710: 0710-fix-build-error-for-unused-variable.patch
|
||||
|
||||
@@ -655,6 +655,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch
|
||||
|
||||
#WRS Patches
|
||||
Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
+Patch0702: 0702-fix-build-error-for-unused-variable.patch
|
||||
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
--
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -16,13 +16,13 @@ index 6a04c16..845d1dd 100644
|
||||
@@ -653,6 +653,9 @@ Patch0611: 0611-sd-journal-make-sure-it-s-safe-to-call-sd_journal_pr.patch
|
||||
Patch0612: 0612-journalctl-Periodically-call-sd_journal_process-in-j.patch
|
||||
Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch
|
||||
|
||||
|
||||
+#WRS Patches
|
||||
+Patch0701: 0701-inject-millisec-in-syslog-date.patch
|
||||
+
|
||||
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
|
||||
|
||||
|
||||
BuildRequires: libcap-devel
|
||||
--
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -22,6 +22,6 @@ index 6bdbb74..3b2aa7f 100644
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: A System and Service Manager
|
||||
--
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -19,8 +19,8 @@ index 33062ea..fd4e070 100644
|
||||
- time_t t;
|
||||
- struct tm *tm;
|
||||
char *ident_buf = NULL;
|
||||
|
||||
|
||||
assert(s);
|
||||
--
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
From b628fac8eec011503e5f86f17d9e68b7a2cc1e56 Mon Sep 17 00:00:00 2001
|
||||
From: Don Penney <don.penney@windriver.com>
|
||||
Date: Tue, 7 Mar 2017 13:17:56 -0500
|
||||
Subject: [PATCH] Configure journald to forward to syslog
|
||||
|
||||
---
|
||||
src/journal/journald.conf | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
|
||||
index 3907dfb..ef86ffe 100644
|
||||
--- a/src/journal/journald.conf
|
||||
+++ b/src/journal/journald.conf
|
||||
@@ -12,7 +12,7 @@
|
||||
# See journald.conf(5) for details.
|
||||
|
||||
[Journal]
|
||||
-#Storage=auto
|
||||
+Storage=none
|
||||
#Compress=yes
|
||||
#Seal=yes
|
||||
#SplitMode=uid
|
||||
@@ -27,7 +27,7 @@
|
||||
#RuntimeMaxFileSize=
|
||||
#MaxRetentionSec=
|
||||
#MaxFileSec=1month
|
||||
-#ForwardToSyslog=yes
|
||||
+ForwardToSyslog=yes
|
||||
#ForwardToKMsg=no
|
||||
#ForwardToConsole=no
|
||||
#ForwardToWall=yes
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
From e5057bed6636f4ba4ec3d72ed5966e8dcd17200b Mon Sep 17 00:00:00 2001
|
||||
From: Tao Liu <tao.liu@windriver.com>
|
||||
Date: Mon, 15 May 2017 16:46:28 -0500
|
||||
Subject: [PATCH 1/1] CGTS-6814: syslog occasionally dropping logs Configure
|
||||
Configure the journald rate limit to 5000 messages within 30 seconds.
|
||||
This limit is required to support SM managed processes that share the limit.
|
||||
|
||||
---
|
||||
src/journal/journald.conf | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
|
||||
index ef86ffe..2e7180e 100644
|
||||
--- a/src/journal/journald.conf
|
||||
+++ b/src/journal/journald.conf
|
||||
@@ -17,8 +17,8 @@ Storage=none
|
||||
#Seal=yes
|
||||
#SplitMode=uid
|
||||
#SyncIntervalSec=5m
|
||||
-#RateLimitInterval=30s
|
||||
-#RateLimitBurst=1000
|
||||
+RateLimitInterval=30s
|
||||
+RateLimitBurst=5000
|
||||
#SystemMaxUse=
|
||||
#SystemKeepFree=
|
||||
#SystemMaxFileSize=
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
From 3bc9bedbcc6dedd5b68875ce572884c686abce65 Mon Sep 17 00:00:00 2001
|
||||
From: Irina Mihai <irina.mihai@windriver.com>
|
||||
Date: Mon, 15 May 2017 18:58:48 +0000
|
||||
Subject: [PATCH] [PATCH] Remove ID_SAS_PATH rule
|
||||
|
||||
---
|
||||
rules/60-persistent-storage.rules | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
|
||||
index ba61963..f690034 100644
|
||||
--- a/rules/60-persistent-storage.rules
|
||||
+++ b/rules/60-persistent-storage.rules
|
||||
@@ -65,9 +65,7 @@ KERNEL=="mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+=
|
||||
# by-path (parent device path)
|
||||
ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id"
|
||||
ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}"
|
||||
-ENV{DEVTYPE}=="disk", ENV{ID_SAS_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_SAS_PATH}"
|
||||
ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n"
|
||||
-ENV{DEVTYPE}=="partition", ENV{ID_SAS_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_SAS_PATH}-part%n"
|
||||
|
||||
# skip unpartitioned removable media devices from drivers which do not send "change" events
|
||||
ENV{DEVTYPE}=="disk", KERNEL!="sd*|sr*", ATTR{removable}=="1", GOTO="persistent_storage_end"
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
From 65c3c74fd119db0309d68430ed89652666c884d5 Mon Sep 17 00:00:00 2001
|
||||
From: systemd team <systemd-maint@redhat.com>
|
||||
Date: Tue, 10 Oct 2017 17:06:10 -0400
|
||||
Subject: fix ACL warnings from systemd tmpfiles set
|
||||
|
||||
---
|
||||
tmpfiles.d/systemd.conf.m4 | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
|
||||
index 0575408..d984912 100644
|
||||
--- a/tmpfiles.d/systemd.conf.m4
|
||||
+++ b/tmpfiles.d/systemd.conf.m4
|
||||
@@ -27,8 +27,8 @@ d /run/log 0755 root root -
|
||||
z /run/log/journal 2755 root systemd-journal - -
|
||||
Z /run/log/journal/%m ~2750 root systemd-journal - -
|
||||
m4_ifdef(`HAVE_ACL',``
|
||||
-a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
|
||||
-A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
|
||||
+a+ /run/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
+A+ /run/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
'')m4_dnl
|
||||
|
||||
z /var/log/journal 2755 root systemd-journal - -
|
||||
@@ -37,8 +37,8 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
|
||||
m4_ifdef(`HAVE_ACL',``
|
||||
a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x
|
||||
-a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
|
||||
-a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
|
||||
+a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
+a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
|
||||
'')m4_dnl
|
||||
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
From e73dc9f146c7f29e7b08ddcbae3b89c6b573760f Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Mon, 25 Sep 2017 16:26:54 -0400
|
||||
Subject: [PATCH] US103091: IMA System Configuration
|
||||
|
||||
Since /tmp is now mounted on tmpfs, we will make /var/tmp as a simlink
|
||||
on /tmp. Ensure that the var.tmp subdir (within /tmp), to which /var/tmp
|
||||
is similinked, does not get clobbered during cleanup
|
||||
---
|
||||
tmpfiles.d/tmp.conf | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
|
||||
index ffdd82f..530866b 100644
|
||||
--- a/tmpfiles.d/tmp.conf
|
||||
+++ b/tmpfiles.d/tmp.conf
|
||||
@@ -9,10 +9,12 @@
|
||||
|
||||
# Clear tmp directories separately, to make them easier to override
|
||||
v /tmp 1777 root root 10d
|
||||
-v /var/tmp 1777 root root 30d
|
||||
+v /tmp/var.tmp 1777 root root 30d
|
||||
+L+ /var/tmp - - - - /tmp/var.tmp
|
||||
|
||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||
x /tmp/systemd-private-%b-*
|
||||
X /tmp/systemd-private-%b-*/tmp
|
||||
x /var/tmp/systemd-private-%b-*
|
||||
X /var/tmp/systemd-private-%b-*/tmp
|
||||
+X /tmp/var.tmp
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
From e7b8b0d6308c2afcdbd17733226e7aaf7f876b09 Mon Sep 17 00:00:00 2001
|
||||
From: systemd team <systemd-maint@redhat.com>
|
||||
Date: Thu, 12 Oct 2017 18:06:58 -0400
|
||||
Subject: [PATCH] set a 1GB size restriction on tpmfs, to prevent OOM Kernel
|
||||
failures
|
||||
|
||||
---
|
||||
units/tmp.mount | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/units/tmp.mount b/units/tmp.mount
|
||||
index af0cf4a..eda2334 100644
|
||||
--- a/units/tmp.mount
|
||||
+++ b/units/tmp.mount
|
||||
@@ -18,7 +18,7 @@ Before=local-fs.target umount.target
|
||||
What=tmpfs
|
||||
Where=/tmp
|
||||
Type=tmpfs
|
||||
-Options=mode=1777,strictatime
|
||||
+Options=mode=1777,strictatime,size=1G
|
||||
|
||||
# Make 'systemctl enable tmp.mount' work:
|
||||
[Install]
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
From be01680d0b1df9d88e173cd2ee3eb60295bcdd47 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Ning <andy.ning@windriver.com>
|
||||
Date: Wed, 28 Mar 2018 14:06:57 -0400
|
||||
Subject: fix systemd tmpfiles ACL warnings
|
||||
|
||||
systemd tmpfiles configuration file append ACLs to journal log
|
||||
directories/files to give access permissions to no-exist group "adm",
|
||||
causing systemd-tmpfiles-setup service to generate ACL parsing warnings.
|
||||
|
||||
The patch fixed these warnings by replacing group "adm" with "wrs_protected".
|
||||
This also gives wrs_protected group members (including wrsroot) access to
|
||||
journal logs.
|
||||
|
||||
Note: this issue has been fixed before PIKE rebase. After the rebase the
|
||||
original fix is no longer enough.
|
||||
---
|
||||
tmpfiles.d/systemd.conf.m4 | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
|
||||
index d984912..cdf0bf1 100644
|
||||
--- a/tmpfiles.d/systemd.conf.m4
|
||||
+++ b/tmpfiles.d/systemd.conf.m4
|
||||
@@ -35,11 +35,11 @@ z /var/log/journal 2755 root systemd-journal - -
|
||||
z /var/log/journal/%m 2755 root systemd-journal - -
|
||||
z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
|
||||
m4_ifdef(`HAVE_ACL',``
|
||||
-a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x
|
||||
-a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x
|
||||
+a+ /var/log/journal - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
+a+ /var/log/journal - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
-a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
|
||||
+a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r--
|
||||
'')m4_dnl
|
||||
|
||||
d /var/lib/systemd 0755 root root -
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
Reference in New Issue
Block a user