From a682f5187635fd6a7f4dca16ac2644d885535df0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 2 Mar 2025 22:57:31 +0100 Subject: [PATCH 1/3] rpm: fix formating of %postun selinux macro Unfortunately it can't handle wrapped lines (macro gets \ literally and takes it as a policy name), do one long line. QubesOS/qubes-issues#9663 --- rpm_spec/core-agent.spec.in | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index d44e1d5c..5d02da9b 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -431,10 +431,7 @@ a VM with SELinux enforcing, as is the default on Red Hat-family distributions. %postun selinux if [ "$1" -eq 0 ]; then - %selinux_modules_uninstall \ - %{_datadir}/selinux/packages/qubes-qfile-unpacker.pp \ - %{_datadir}/selinux/packages/qubes-xendriverdomain.pp \ - %{_datadir}/selinux/packages/qubes-misc.pp + %selinux_modules_uninstall %{_datadir}/selinux/packages/qubes-qfile-unpacker.pp %{_datadir}/selinux/packages/qubes-xendriverdomain.pp %{_datadir}/selinux/packages/qubes-misc.pp fi || : %pre selinux From 2fc6c541405795620bea70ecba81da906a0dae03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Mar 2025 03:12:17 +0100 Subject: [PATCH 2/3] Disable systemd-userdbd It's not relevant a qube (that has only local user database). And also it causes issues distribution upgrade (when the service is being re-started, while socket is still up, all user lookups take a long time eventually causing timeouts of service restart). QubesOS/qubes-issues#9807 --- vm-systemd/75-qubes-vm.preset | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vm-systemd/75-qubes-vm.preset b/vm-systemd/75-qubes-vm.preset index ed50fb6c..db019da4 100644 --- a/vm-systemd/75-qubes-vm.preset +++ b/vm-systemd/75-qubes-vm.preset @@ -57,6 +57,8 @@ disable upower.service disable colord.service disable wpa_supplicant@.service disable dkms.service +disable systemd-userdbd.service +disable systemd-userdbd.socket enable qubes-relabel-root.service enable qubes-relabel-rw.service From 4aec5a05e5073d46634b3f867ccd7b35f9029215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Mar 2025 03:15:16 +0100 Subject: [PATCH 3/3] Remove drop-ins for systemd-userdbd Now that it's always disabled, drop-ins are not needed anymore. --- Makefile | 2 -- debian/qubes-core-agent.install | 2 -- rpm_spec/core-agent.spec.in | 2 -- vm-systemd/systemd-userdbd.service.d/30_qubes.conf | 5 ----- vm-systemd/systemd-userdbd.socket.d/30_qubes.conf | 5 ----- 5 files changed, 16 deletions(-) delete mode 100644 vm-systemd/systemd-userdbd.service.d/30_qubes.conf delete mode 100644 vm-systemd/systemd-userdbd.socket.d/30_qubes.conf diff --git a/Makefile b/Makefile index d7aff0c1..c6774d1e 100644 --- a/Makefile +++ b/Makefile @@ -59,8 +59,6 @@ SYSTEM_DROPINS += abrtd.service SYSTEM_DROPINS += bluetooth.service SYSTEM_DROPINS += systemd-nsresourced.service SYSTEM_DROPINS += systemd-nsresourced.socket -SYSTEM_DROPINS += systemd-userdbd.service -SYSTEM_DROPINS += systemd-userdbd.socket SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service SYSTEM_DROPINS_NETWORKING += tinyproxy.service diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index 9eed7c1d..78748c23 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -112,8 +112,6 @@ lib/systemd/system/systemd-timesyncd.service.d/30_qubes.conf lib/systemd/system/systemd-logind.service.d/30_qubes.conf lib/systemd/system/systemd-nsresourced.service.d/30_qubes.conf lib/systemd/system/systemd-nsresourced.socket.d/30_qubes.conf -lib/systemd/system/systemd-userdbd.service.d/30_qubes.conf -lib/systemd/system/systemd-userdbd.socket.d/30_qubes.conf lib/systemd/resolved.conf.d/30_resolved-no-mdns-or-llmnr.conf lib/systemd/system/home.mount lib/systemd/system/usr-local.mount diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index 5d02da9b..eccd322c 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -1312,8 +1312,6 @@ The Qubes core startup configuration for SystemD init. %_unitdir/sysinit.target.d/30_qubes.conf %_unitdir/systemd-nsresourced.service.d/30_qubes.conf %_unitdir/systemd-nsresourced.socket.d/30_qubes.conf -%_unitdir/systemd-userdbd.service.d/30_qubes.conf -%_unitdir/systemd-userdbd.socket.d/30_qubes.conf %dir %_userunitdir/*.service.d %_userunitdir/tracker-extract-3.service.d/30_qubes.conf %_userunitdir/tracker-miner-fs-3.service.d/30_qubes.conf diff --git a/vm-systemd/systemd-userdbd.service.d/30_qubes.conf b/vm-systemd/systemd-userdbd.service.d/30_qubes.conf deleted file mode 100644 index eb1a9bf8..00000000 --- a/vm-systemd/systemd-userdbd.service.d/30_qubes.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -# Needs to be started as it creates /var/run/qubes-service/* files -After=qubes-sysinit.service -ConditionPathExists=!/var/run/qubes-service/minimal-netvm -ConditionPathExists=!/var/run/qubes-service/minimal-usbvm diff --git a/vm-systemd/systemd-userdbd.socket.d/30_qubes.conf b/vm-systemd/systemd-userdbd.socket.d/30_qubes.conf deleted file mode 100644 index eb1a9bf8..00000000 --- a/vm-systemd/systemd-userdbd.socket.d/30_qubes.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -# Needs to be started as it creates /var/run/qubes-service/* files -After=qubes-sysinit.service -ConditionPathExists=!/var/run/qubes-service/minimal-netvm -ConditionPathExists=!/var/run/qubes-service/minimal-usbvm