(cherry picked from commit 7b9da3861a2d27dd31c360674947005a19f3cbe7)

No need to disable arch completely, let's just disable keyring checking
to get CI working again for now.

(cherry picked from commit 16173ab1aa0e8d1032fa477178efe5957a47e5e4)

When running on non-native userland architecture via systemd-nspawn
and qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with
EINVAL.

Fixes #28901.

[zjs: add a comment in the code]

(cherry picked from commit 468018703ce1c0f123240fb6ba9b8b0b90f12930)

Follow-up for 2f091b1b.

Fixes #28844.

(cherry picked from commit 927e20fa4976c7b68c95814f3706cd4e89ac28c8)

Currently, we mount via file descriptors using /proc/self/fd. This
works, but it means that in /proc/mounts and various other files,
the source of the mount will be listed as /proc/self/fd/xxx. For other
software that parses these files, /proc/self/fd/xxx doesn't mean anything,
or worse, it means the completely wrong thing, as it will refer to one of
their own file descriptors instead.

Let's improve the situation by using /proc/pid/fd instead. This allows
processes parsing /proc/mounts to do the right thing more often than not.
One scenario where even this doesn't work if when containers are involved,
as with the pid namespace unshared, even /proc/pid/fd will mean the wrong
thing, but it's no worse than /proc/self/fd which will always means the wrong
thing.

This also doesn't work if we mount via file descriptor and then exit, as the pid will
be gone, but it does work as long as the process that did the mount is alive, which
makes it useful for systemd-dissect --with for example if the program we run in the
image wants to parse /proc/mounts.

(cherry picked from commit 4419735822d72744dad1c76a57463561b332897a)

Otherwise, we get redefinition errors if <net/if.h> is included later
on by another header.

(cherry picked from commit 2af02e61657aa513aa7b6df7fd1a04b13f853cef)

For a userns root user to be able to access the credentials, both
the uid and gid of the credentials directory have to be mapped into
the userns. Currently, the credentials directory group is root, which
we obviously do not want to map in to a userns, so let's make sure
that the credentials directory and files are owned by the service
group instead, which can generally be safely mapped into the userns.

Since we use permissions mode 0600, this shouldn't cause any change
in who is able to access the credentials.

Fixes #28747

(cherry picked from commit 3a78b0e9c4ccf050fe2dd8c8fdfda9f3961a93a4)

(cherry picked from commit bd6c95c00b7a25b4d360bac22d3a3bc54132c415)

f2fs is actively maintained upstream, and popular in certain device
categories (phones, embedded), so allow-list by default.

Fixes https://github.com/systemd/systemd/issues/29026

(cherry picked from commit ee6cf8eaf1770d9a32e6f80bb9d37b64c838e230)

When the user tries to attach a device lacking ID_FOR_SEAT they
currently get a very cryptic error message. Let's improve the situation
a bit. Still a bit cryptic maybe, but much less so.

Inspired-by: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049469.html
Inspired-by: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049484.html
Also-see: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049470.html
Also-see: https://lists.freedesktop.org/archives/systemd-devel/2023-September/049489.html
(cherry picked from commit 08237f062e9a2020c6d457a4112e363ee9ff879d)

Fixes #29050.

(cherry picked from commit 4961f5664647ee32fe9f2c8981cdd7852e511a09)

- Rename the argument for storing the sender address,
- allow to call it with NULL for ret_xyz,
- reduce needless copy of timestamp when the message does not have
  timestamp.

(cherry picked from commit 512116383215c2f61172dd20e45871ff5d16c030)

When icmp6_receive() fails, then the source address is not initialized yet.

(cherry picked from commit 4674f407b2a96baaed4c8226342bccb313463717)

Resolves: #29048
(cherry picked from commit 97e2785292d6c9ff35887126876f631f6d23b23c)

(cherry picked from commit 05ebcbd5c54ffaa59ce6855b8cb9907ee4e43a86)

The monotonic clock value consistency should only be checked if the boot
ID is the same as the last journal entry, and requiring that the current
boot ID be the same as the boot ID of the last entry is not necessary
for ensuring deterministic bisection as we already enforce strict
ordering of the real time clock value in a single journal file.

This fixes an issue where a new journal file is unnecessarily created
every boot, potentially wasting storage space.

(cherry picked from commit addcecf6f4686811b63d48d51398d887c2c4bb68)

With the old boot ID update behavior there's no way to compare the boot
ID of a new entry to be written with the boot ID of the last entry in
the journal in a performant manner, and therefore no way to determine if
monotonic clock value consistency checking is needed. Refuse to open
journal files without the new boot ID update behavior guarantee to
simplify consistency checking.

(cherry picked from commit 2f766aca1e1398288e01b26a69eb02a7b831ab00)

If there are no "ManagedOOMSwap" entries to monitor, then the event source
can be completely disabled. This scenario appears to be common and avoiding
the wake-ups can save idle energy consumption.

This was discovered while using Sysprof for various GNOME 45 performance
tuning. systemd-oomd goes from waking up a few times a second to no
wake-ups helping keep a laptop in deep(er) sleep.

Signed-off-by: Christian Hergert <chergert@redhat.com>
(cherry picked from commit b63beb4d283438be2b0f5c62757ab0db7dee8d65)

The type of a file descriptor is `int`, not `pid_t`. This should not
have any effects on API consumers as `pid_t` is already typedef'd as
`int` on all glibc-based systems.

(cherry picked from commit 904b8bb5a8da4aa0257f7730e4fbaa7ba7c67742)

Inspired by https://github.com/systemd/systemd/pull/28997.
Noticed by Alvin Alvarado <alvin@striczkof.io>.

(cherry picked from commit 594e27b0bc896a84017db02227e45e172186d1a5)

Fixup for 7d481546acc8dbd9be05fe7a901e5598487aec02 and
a3f758b3.

(cherry picked from commit d3f8b754d45036c954869248adc90fd78bb3ac18)

session_leave_vt may be called after the VT device was hung up, which
will cause vt_release to fail with -EIO. This is known to cause an issue
with GNOME 44 on Fedora where gdm-session-worker sometimes freezes when
trying to switch to VT 1 after a `loginctl terminate-user` operation.

Fix this by reopening the VT in session_leave_vt if we get an -EIO.

(cherry picked from commit 99d4ad71b72045d6352ba221105843fc6b600717)

Chronyd and similar time services, when using PTP devices, may need
the BindsTo/After directives to ensure the devices are available
before starting.  Tag PTP devices with systemd to allow for wider
adoption.

Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
(cherry picked from commit 23cbe90d7db6b569ae2fc18ad88f99f8ef505593)

See documentation at: https://manpages.debian.org/testing/pkgconf/pkg.m4.7.en.html

Without this the macro was not always correctly resolved so the correct command was not used in the rest of the snippet.

(cherry picked from commit c91d636fadc07169641e8a96a2c60083a15e0f77)

Fixes #28928.

(cherry picked from commit 7abb0eef8fe4510e04c365778489af01ad562587)

We might inherit a max rlim value that's larger than the kernel's
maximum (nr_open). This will cause setrlimit() to fail as the given
maximum is larger than the kernel's maximum. To get around this,
let's limit the max rlim we pass to rlimit() to the value of nr_open.

Should fix #28965

(cherry picked from commit f470dafddcd688c3ea6031d4bbcbf934fd094711)

We set FORK_CLOSE_ALL_FDS, so we should also set FORK_REOPEN_LOG to
reopen the log in the child process so we don't miss any logging
messages.

(cherry picked from commit fbc6a7557120fbb97d781a5d2c640a3c55c3000f)

or else it would output 'Unknown config setting [UKI] SecureBootCerificate=' or just an error outright if not overrode.

(cherry picked from commit c766e05f292182b73e52db7044decc125c453d6f)

(cherry picked from commit c4d281fa1a6a99208daef2b80f57bcad37a6eaab)

Prompted by: #28902

(cherry picked from commit 1126841553a28f22eb6bc55eeed8af8d98610f71)

This currently makes unit_file_get_default() fail if the default
target is transient which shouldn't make us fail to get the default
unit.

(cherry picked from commit 3c1c52f2c9e67fe60b36325be7292ff0baaf808b)

The specs call this TCG PC Client Platform Firmware Profile
Specification says this PCR is owned by the Host Platform Manufacturer,
at various places. Hence let's give it that name.

(cherry picked from commit b060b9a492e161d0f59721b9a22cce528c967a40)

Follow-up for 09d04ad3

Fixes #28856

(cherry picked from commit c068650fcfc69aebb35be1c71f35dbc25b22030a)

We conditionalize behavior based on whether these paths have trailing
slashes or not, so let's make sure we keep them intact.

(cherry picked from commit d10eccbd7717441538859e0a0c68ecc61289bb69)

(cherry picked from commit ce60b3a40a89bb5d116003343c56c55a0da9f8fb)

Sometimes its useful to keep a trailing slash in the path so let's
add path_simplify_full() and a flag to do just that.

(cherry picked from commit 4541d045b2cc2834add853f06293d4474ac403e4)

Setting USEC_INFINITY to timer event source should not cause any
problem. But, disabling timer event source should be preferable.

[zjs: simplify the call to sd_event_source_set_enabled()]

(cherry picked from commit 57d2b6a96f997c23bed37d74c6da087fb06081d2)

This reverts commit 1483892a.

As the commit says, it does not solve the race. Moreover, it introduces
an regression #28410.

Also, checking by `path_is_mount_point()` may trigger automount. From
statx(2),
> AT_NO_AUTOMOUNT
>     Don't automount the terminal ("basename") component of pathname
>     if it is a directory that is an automount point.
Similar statements can be found in fstatat(2), which is used in the
fallback call for statx() in glibc, and name_to_handle_at(2), which is
used as the fallback when statx() failed.
So, `path_is_mount_point()` may _do_ trigger automount for parent paths.
That should be avoided especially on shutdown.

The original issue #25527 that is 'fixed' by the commit is not serious,
and should be fixed by making umount command handle path gracefully:
https://github.com/util-linux/util-linux/issues/2132

Fixes #28410.

(cherry picked from commit e323d2e463270ef556aeb753455bdf01a22af46d)

install_subdir() does not copy symlinks but copies the file they
point to. We also get a very ugly warning in the meson install
output:

"""
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
"""

Let's fix both problems at once by using rsync which does the right
thing. Verified by running systemd-dissect --mtree on both the install
output before and after and all the symlinks are now correctly preserved.

(cherry picked from commit cc2a0d85d2733b0a3285e16ca8a869cad84a03ec)

Fixes #28943

(cherry picked from commit b56ee692334231f0312c2fd142b9f2a84da14ac9)