Ubuntu
systemd package

~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-noble

  1. Git
  2. lp:~ubuntu-core-dev/ubuntu/+source/systemd
  3. ubuntu-noble
Last commit made on 2024-06-14
Get this branch:
git clone -b ubuntu-noble https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu-noble
Repository:
lp:~ubuntu-core-dev/ubuntu/+source/systemd

Recent commits

802283c... by Nick Rosbrook

Release systemd 255.4-1ubuntu8.2

eb5ef9f... by Nick Rosbrook

debian/extra: ship nice.conf for journald, not logind (LP: #2067927)

c9ff548... by Nick Rosbrook

cgroup-util: allow cg_read_pid() to skip unmapped (zero) pids

(LP: #2067922)

ac54981... by Nick Rosbrook

mountpoint-util: Deal with kernel API breakage in "norecovery" mount option

Also include fixup commit
055b465a3f ("shared/mountpoint-util: for old kernels, assume "norecovery" is supported by btrfs").

(LP: #2067907)

e9f841f... by Nick Rosbrook

Release systemd 255.4-1ubuntu8.1

30d979d... by Nick Rosbrook

test: check for kernel.apparmor_restrict_unprivileged_userns (LP: #2065964)

bba2a1f... by Nick Rosbrook

switch-root: use MS_MOVE for /run when switchig from initrd (LP: #2064096)

Before commit 7c764d4599 ("switch-root: always use MS_BIND to move api vfs over"),
when switching root from an initrd, the old procfs, sysfs, /dev/ and
/run would be moved using MS_MOVE. According to that commit, this change
was mostly a simplification because systemd already cleans up the old
mount hierarchy before the switch root, and no longer needed to rely on
the clean up side-effect of MS_MOVE.

However, this change broke some systemd services that also have an
associated AppArmor profile. For example, in Ubuntu, rsyslog has an
AppArmor profile configured, and when it tries to access
/run/systemd/notify during start up (after the switch root has
occurred), we see the denial:

 audit: type=1400 audit(1714740096.740:159): apparmor="DENIED" operation="sendmsg" class="file" info="Failed name lookup - disconnected path" error=-13 profile="rsyslogd" name="systemd/notify" [...]

The difference in MS_BIND vs MS_MOVE affects the view that AppArmor has
of the mount tree. With MS_BIND, AppArmor will not know that e.g.
/run/systemd/notify is in the current mount tree after the pivot_root,
because it is tracking this path from the old root. But with MS_MOVE,
the original mount is preserved and does not affect AppArmor's view.

Ultimately, this is most likely something that should be addressed in
AppArmor, but that is not going to happen in the short term. For now,
just go back to MS_MOVE when switching from the initrd.

Gbp-Dch: Short

2e82736... by Nick Rosbrook

debian/systemd.postinst: don't restart user managers if too old (LP: #2054761)

Restarting user managers this way was added in v250. Upgrades to Noble
are supported from Mantic (systemd released as 253.5-1ubuntu6), and
Jammy (systemd released as 249.11-0ubuntu3). Do not try to restart user
managers on upgrades from Jammy, as it will end up killing the whole user
session.

Gbp-Dch: Short

1218f54... by Nick Rosbrook

debian/systemd-resolved.postinst: ignore cp failure (LP: #2047975)

In come cases, copying /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf
will fail, despite the checks that happen beforehand. In particular,
this can happen if a user disabled the stub-resolver, and in doing so,
made /etc/resolv.conf a symlink to /run/systemd/resolve/resolv.conf.
This is unnecessary because systemd-resolved will make stub-resolv.conf
a symlink to resolv.conf if DNSStubListener=no. In these cases, it is
safe to just ignore the cp because it is unnecssary to begin with.

Gbp-Dch: Short

8f3f273... by Nick Rosbrook

Release systemd 255.4-1ubuntu8