Ubuntu
systemd package

~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-noble

  1. Git
  2. lp:~ubuntu-core-dev/ubuntu/+source/systemd
  3. ubuntu-noble
Last commit made on 2024-05-17
Get this branch:
git clone -b ubuntu-noble https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu-noble
Repository:
lp:~ubuntu-core-dev/ubuntu/+source/systemd

Recent commits

e9f841f... by Nick Rosbrook

Release systemd 255.4-1ubuntu8.1

30d979d... by Nick Rosbrook

test: check for kernel.apparmor_restrict_unprivileged_userns (LP: #2065964)

bba2a1f... by Nick Rosbrook

switch-root: use MS_MOVE for /run when switchig from initrd (LP: #2064096)

Before commit 7c764d4599 ("switch-root: always use MS_BIND to move api vfs over"),
when switching root from an initrd, the old procfs, sysfs, /dev/ and
/run would be moved using MS_MOVE. According to that commit, this change
was mostly a simplification because systemd already cleans up the old
mount hierarchy before the switch root, and no longer needed to rely on
the clean up side-effect of MS_MOVE.

However, this change broke some systemd services that also have an
associated AppArmor profile. For example, in Ubuntu, rsyslog has an
AppArmor profile configured, and when it tries to access
/run/systemd/notify during start up (after the switch root has
occurred), we see the denial:

 audit: type=1400 audit(1714740096.740:159): apparmor="DENIED" operation="sendmsg" class="file" info="Failed name lookup - disconnected path" error=-13 profile="rsyslogd" name="systemd/notify" [...]

The difference in MS_BIND vs MS_MOVE affects the view that AppArmor has
of the mount tree. With MS_BIND, AppArmor will not know that e.g.
/run/systemd/notify is in the current mount tree after the pivot_root,
because it is tracking this path from the old root. But with MS_MOVE,
the original mount is preserved and does not affect AppArmor's view.

Ultimately, this is most likely something that should be addressed in
AppArmor, but that is not going to happen in the short term. For now,
just go back to MS_MOVE when switching from the initrd.

Gbp-Dch: Short

2e82736... by Nick Rosbrook

debian/systemd.postinst: don't restart user managers if too old (LP: #2054761)

Restarting user managers this way was added in v250. Upgrades to Noble
are supported from Mantic (systemd released as 253.5-1ubuntu6), and
Jammy (systemd released as 249.11-0ubuntu3). Do not try to restart user
managers on upgrades from Jammy, as it will end up killing the whole user
session.

Gbp-Dch: Short

1218f54... by Nick Rosbrook

debian/systemd-resolved.postinst: ignore cp failure (LP: #2047975)

In come cases, copying /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf
will fail, despite the checks that happen beforehand. In particular,
this can happen if a user disabled the stub-resolver, and in doing so,
made /etc/resolv.conf a symlink to /run/systemd/resolve/resolv.conf.
This is unnecessary because systemd-resolved will make stub-resolv.conf
a symlink to resolv.conf if DNSStubListener=no. In these cases, it is
safe to just ignore the cp because it is unnecssary to begin with.

Gbp-Dch: Short

8f3f273... by Nick Rosbrook

Release systemd 255.4-1ubuntu8

fc81bb6... by Nick Rosbrook

copy: ignore -EOPNOTSUPP from copy_file_range() (LP: #2058179)

4e89c3a... by Steve Langasek

Import Debian changes 255.4-1ubuntu7

systemd (255.4-1ubuntu7) noble; urgency=medium
.
  * No-change rebuild against libssl3t64
.
systemd (255.4-1ubuntu6) noble; urgency=medium
.
  * No-change rebuild for CVE-2024-3094

64067a0... by Steve Langasek

Import Debian changes 255.4-1ubuntu5

systemd (255.4-1ubuntu5) noble; urgency=medium
.
  * No-change rebuild against libcurl4t64
.
systemd (255.4-1ubuntu4) noble; urgency=medium
.
  * No-change rebuild against libssl3t64
.
systemd (255.4-1ubuntu3) noble; urgency=medium
.
  * No-change rebuild against libssl3t64

f2969b6... by Nick Rosbrook

Release systemd 255.4-1ubuntu2