udev: Fix by-uuid symlink for ubifs volumes

ubifs volumes have a UUID and the built-in blkid is able to determine
it.  The disk/by-uuid symlink isn't created because ubifs volumes are
not on block devices but on SUBSYSTEM="ubi" devices.  See #20071.

Allow ubi subsystem devices to be processed by the persistent storage
rules too.  The kernel device name matching already allows ubi* to pass.
The existing rules are sufficient to create the link.

The links look like other by-uuid symlinks, for example:
/dev/disk/by-uuid/9a136158-585b-4ba4-9b70-cbaf2cf78a1c -> ../../ubi0_1

man/systemd.socket.xml

@@ -629,10 +629,12 @@
          resulting SELinux context originate from either the target
          binary that is effectively triggered by socket unit or from
          the value of the <varname>SELinuxContext=</varname> option.
-         This configuration option only affects sockets with
+         This configuration option applies only when activated service
-         <varname>Accept=</varname> mode set to
+         is passed in single socket file descriptor, i.e. service
-         <literal>yes</literal>. Also note that this option is useful
+         instances that have standard input connected to a socket or
-         only when MLS/MCS SELinux policy is deployed. Defaults to
+         services triggered by exactly one socket unit. Also note
+         that this option is useful only when MLS/MCS SELinux policy
+         is deployed. Defaults to
          <literal>false</literal>. </para></listitem>
       </varlistentry>
 

po/ru.po

@@ -5,20 +5,23 @@
 # Julia Dronova <juliette.tux@gmail.com>, 2013.
 # Sergey Ptashnick <0comffdiz@inbox.ru>, 2013-2018.
 # Vladimir Yerilov <openmindead@gmail.com>, 2020.
+# Alexey Rubtsov <rushills@gmail.com>, 2021.
 msgid ""
 msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2021-01-08 17:48+0100\n"
-"PO-Revision-Date: 2020-03-03 16:05+1000\n"
+"PO-Revision-Date: 2021-07-02 09:04+0000\n"
-"Last-Translator: Vladimir Yerilov <openmindead@gmail.com>\n"
+"Last-Translator: Alexey Rubtsov <rushills@gmail.com>\n"
+"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
+"master/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Lokalize 19.12.2\n"
+"X-Generator: Weblate 4.7.1\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -178,7 +181,7 @@ msgstr "Импортировать образ виртуальной машин
 msgid "Authentication is required to import a VM or container image"
 msgstr ""
 "Чтобы импортировать образ виртуальной машины или контейнера, необходимо "
-"пройти аутентификацию."
+"пройти аутентификацию"
 
 #: src/import/org.freedesktop.import1.policy:32
 msgid "Export a VM or container image"
@@ -188,7 +191,7 @@ msgstr "Экспортировать образ виртуальной маши
 msgid "Authentication is required to export a VM or container image"
 msgstr ""
 "Чтобы экспортировать образ виртуальной машины или контейнера, необходимо "
-"пройти аутентификацию."
+"пройти аутентификацию"
 
 #: src/import/org.freedesktop.import1.policy:42
 msgid "Download a VM or container image"
@@ -198,7 +201,7 @@ msgstr "Загрузить образ виртуальной машины или
 msgid "Authentication is required to download a VM or container image"
 msgstr ""
 "Чтобы загрузить образ виртуальной машины или контейнера, необходимо пройти "
-"аутентификацию."
+"аутентификацию"
 
 #: src/locale/org.freedesktop.locale1.policy:22
 msgid "Set system locale"
@@ -329,24 +332,18 @@ msgstr ""
 "крышки ноутбука, необходимо пройти аутентификацию."
 
 #: src/login/org.freedesktop.login1.policy:117
-#, fuzzy
-#| msgid "Allow applications to inhibit system handling of the power key"
 msgid "Allow applications to inhibit system handling of the reboot key"
 msgstr ""
 "Разрешить приложениям устанавливать блокировку обработки нажатий на кнопку "
-"выключения"
+"перезагрузки"
 
 #: src/login/org.freedesktop.login1.policy:118
-#, fuzzy
-#| msgid ""
-#| "Authentication is required for an application to inhibit system handling "
-#| "of the power key."
 msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the reboot key."
 msgstr ""
 "Чтобы разрешить приложениям устанавливать блокировку обработки нажатий на "
-"кнопку выключения, необходимо пройти аутентификацию."
+"кнопку перезагрузки, необходимо пройти аутентификацию."
 
 #: src/login/org.freedesktop.login1.policy:128
 msgid "Allow non-logged-in user to run programs"
@@ -642,7 +639,7 @@ msgstr "Отправить сообщение на все терминалы"
 #: src/login/org.freedesktop.login1.policy:397
 msgid "Authentication is required to set a wall message"
 msgstr ""
-"Чтобы отправить сообщение на все терминалы, необходимо пройти аутентификацию."
+"Чтобы отправить сообщение на все терминалы, необходимо пройти аутентификацию"
 
 #: src/login/org.freedesktop.login1.policy:406
 msgid "Change Session"
@@ -844,14 +841,13 @@ msgstr ""
 
 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr ""
+msgstr "Сервер DHCP посылает сообщение о принудительном обновлении"
 
 #: src/network/org.freedesktop.network1.policy:144
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
 msgstr ""
-"Чтобы отправить сообщение на все терминалы, необходимо пройти аутентификацию."
+"Чтобы отправить сообщение о принудительном обновлении, необходимо пройти "
+"аутентификацию."
 
 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
@@ -919,7 +915,7 @@ msgstr "Зарегистрировать службу в DNS-SD"
 #: src/resolve/org.freedesktop.resolve1.policy:23
 msgid "Authentication is required to register a DNS-SD service"
 msgstr ""
-"Чтобы зарегистрировать службу в DNS-SD, необходимо пройти аутентификацию."
+"Чтобы зарегистрировать службу в DNS-SD, необходимо пройти аутентификацию"
 
 #: src/resolve/org.freedesktop.resolve1.policy:33
 msgid "Unregister a DNS-SD service"
@@ -927,7 +923,7 @@ msgstr "Удалить службу из DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:34
 msgid "Authentication is required to unregister a DNS-SD service"
-msgstr "Чтобы удалить службу из DNS-SD, необходимо пройти аутентификацию."
+msgstr "Чтобы удалить службу из DNS-SD, необходимо пройти аутентификацию"
 
 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
@@ -1024,12 +1020,8 @@ msgstr ""
 "пройти аутентификацию."
 
 #: src/core/dbus-unit.c:757
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to send a UNIX signal to the processes of "
-#| "'$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
 msgstr ""
-"Чтобы отправить сигнал UNIX процессам юнита «$(unit)», необходимо пройти "
+"Чтобы отправить сигнал заморозки или разморозки процессам юнита «$(unit)», "
-"аутентификацию."
+"необходимо пройти аутентификацию."

rules.d/60-persistent-storage.rules

@@ -6,7 +6,7 @@
 ACTION=="remove", GOTO="persistent_storage_end"
 ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end"
 
-SUBSYSTEM!="block", GOTO="persistent_storage_end"
+SUBSYSTEM!="block|ubi", GOTO="persistent_storage_end"
 KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*", GOTO="persistent_storage_end"
 
 # ignore partitions that span the entire disk

src/basic/procfs-util.c

@@ -201,7 +201,8 @@ int procfs_cpu_get_usage(nsec_t *ret) {
         return 0;
 }
 
-int convert_meminfo_value_to_uint64_bytes(char *word, uint64_t *ret) {
+int convert_meminfo_value_to_uint64_bytes(const char *word, uint64_t *ret) {
+        _cleanup_free_ char *w = NULL;
         char *digits, *e;
         uint64_t v;
         size_t n;
@@ -210,9 +211,13 @@ int convert_meminfo_value_to_uint64_bytes(char *word, uint64_t *ret) {
         assert(word);
         assert(ret);
 
+        w = strdup(word);
+        if (!w)
+                return -ENOMEM;
+
         /* Determine length of numeric value */
-        n = strspn(word, WHITESPACE);
+        n = strspn(w, WHITESPACE);
-        digits = word + n;
+        digits = w + n;
         n = strspn(digits, DIGITS);
         if (n == 0)
                 return -EINVAL;
@@ -232,6 +237,9 @@ int convert_meminfo_value_to_uint64_bytes(char *word, uint64_t *ret) {
         if (v == UINT64_MAX)
                 return -EINVAL;
 
+        if (v > UINT64_MAX/1024)
+                return -EOVERFLOW;
+
         *ret = v * 1024U;
         return 0;
 }

src/basic/procfs-util.h

@@ -16,5 +16,4 @@ static inline int procfs_memory_get_used(uint64_t *ret) {
         return procfs_memory_get(NULL, ret);
 }
 
-/* This function destroys "word" (it'll be truncated to perform conversion) */
+int convert_meminfo_value_to_uint64_bytes(const char *word, uint64_t *ret);
-int convert_meminfo_value_to_uint64_bytes(char *word, uint64_t *ret);

src/core/execute.c

@@ -4345,13 +4345,24 @@ static int exec_child(
         }
 
 #if HAVE_SELINUX
-        if (needs_sandboxing && use_selinux && params->selinux_context_net && socket_fd >= 0) {
+        if (needs_sandboxing && use_selinux && params->selinux_context_net) {
-                r = mac_selinux_get_child_mls_label(socket_fd, executable, context->selinux_context, &mac_selinux_context_net);
+                int fd = -1;
+
+                if (socket_fd >= 0)
+                        fd = socket_fd;
+                else if (params->n_socket_fds == 1)
+                        /* If stdin is not connected to a socket but we are triggered by exactly one socket unit then we
+                         * use context from that fd to compute the label. */
+                        fd = params->fds[0];
+
+                if (fd >= 0) {
+                        r = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context, &mac_selinux_context_net);
                         if (r < 0) {
                                 *exit_status = EXIT_SELINUX_CONTEXT;
                                 return log_unit_error_errno(unit, r, "Failed to determine SELinux context: %m");
                         }
                 }
+        }
 #endif
 
         /* We repeat the fd closing here, to make sure that nothing is leaked from the PAM modules. Note that we are

src/network/wait-online/wait-online.c

@@ -223,6 +223,8 @@ static int run(int argc, char *argv[]) {
                                       "STATUS=Failed to wait for network connectivity...");
 
         r = sd_event_loop(m->event);
+        if (r == -ETIMEDOUT)
+                return log_error_errno(r, "Timeout occured while waiting for network connectivity.");
         if (r < 0)
                 return log_error_errno(r, "Event loop failed: %m");
 

src/oom/oomd-util.c

@@ -129,7 +129,7 @@ bool oomd_mem_free_below(const OomdSystemContext *ctx, int threshold_permyriad)
         assert(threshold_permyriad <= 10000);
 
         mem_threshold = ctx->mem_total * threshold_permyriad / (uint64_t) 10000;
-        return (ctx->mem_total - ctx->mem_used) < mem_threshold;
+        return LESS_BY(ctx->mem_total, ctx->mem_used) < mem_threshold;
 }
 
 bool oomd_swap_free_below(const OomdSystemContext *ctx, int threshold_permyriad) {
@@ -375,6 +375,14 @@ int oomd_system_context_acquire(const char *proc_meminfo_path, OomdSystemContext
         uint64_t mem_free, swap_free;
         int r;
 
+        enum {
+                MEM_TOTAL = 1U << 0,
+                MEM_FREE = 1U << 1,
+                SWAP_TOTAL = 1U << 2,
+                SWAP_FREE = 1U << 3,
+                ALL = MEM_TOTAL|MEM_FREE|SWAP_TOTAL|SWAP_FREE,
+        };
+
         assert(proc_meminfo_path);
         assert(ret);
 
@@ -393,16 +401,16 @@ int oomd_system_context_acquire(const char *proc_meminfo_path, OomdSystemContext
                         return -EINVAL;
 
                 if ((word = startswith(line, "MemTotal:"))) {
-                        field_filled |= 1U << 0;
+                        field_filled |= MEM_TOTAL;
                         r = convert_meminfo_value_to_uint64_bytes(word, &ctx.mem_total);
                 } else if ((word = startswith(line, "MemFree:"))) {
-                        field_filled |= 1U << 1;
+                        field_filled |= MEM_FREE;
                         r = convert_meminfo_value_to_uint64_bytes(word, &mem_free);
                 } else if ((word = startswith(line, "SwapTotal:"))) {
-                        field_filled |= 1U << 2;
+                        field_filled |= SWAP_TOTAL;
                         r = convert_meminfo_value_to_uint64_bytes(word, &ctx.swap_total);
                 } else if ((word = startswith(line, "SwapFree:"))) {
-                        field_filled |= 1U << 3;
+                        field_filled |= SWAP_FREE;
                         r = convert_meminfo_value_to_uint64_bytes(word, &swap_free);
                 } else
                         continue;
@@ -410,11 +418,11 @@ int oomd_system_context_acquire(const char *proc_meminfo_path, OomdSystemContext
                 if (r < 0)
                         return log_debug_errno(r, "Error converting '%s' from %s to uint64_t: %m", line, proc_meminfo_path);
 
-                if (field_filled == 15U)
+                if (field_filled == ALL)
                         break;
         }
 
-        if (field_filled != 15U)
+        if (field_filled != ALL)
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "%s is missing expected fields", proc_meminfo_path);
 
         if (mem_free > ctx.mem_total)

src/shared/parse-socket-bind-item.c

@@ -12,6 +12,7 @@ static int parse_af_token(
                 int *ip_protocol,
                 uint16_t *nr_ports,
                 uint16_t *port_min) {
+
         int af;
 
         assert(token);
@@ -31,6 +32,7 @@ static int parse_ip_protocol_token(
                 int *ip_protocol,
                 uint16_t *nr_ports,
                 uint16_t *port_min) {
+
         int proto;
 
         assert(token);
@@ -50,6 +52,7 @@ static int parse_ip_ports_token(
                 int *ip_protocol,
                 uint16_t *nr_ports,
                 uint16_t *port_min) {
+
         assert(token);
         assert(nr_ports);
         assert(port_min);
@@ -82,6 +85,7 @@ int parse_socket_bind_item(
                 int *ip_protocol,
                 uint16_t *nr_ports,
                 uint16_t *port_min) {
+
         /* Order of token parsers is important. */
         const parse_token_f parsers[] = {
                 &parse_af_token,
@@ -134,7 +138,7 @@ int parse_socket_bind_item(
         if (r < 0)
                 return r;
 
-        /* Parsers applied succesfully, but end of the string not reached. */
+        /* Parsers applied successfully, but end of the string not reached. */
         if (p)
                 return -EINVAL;