mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-31 17:17:43 +03:00
Merge pull request #26424 from ldv-alt/fix-typos
Fix a few typos in NEWS, docs and comments
This commit is contained in:
commit
fff1edc9f9
8
NEWS
8
NEWS
@ -167,7 +167,7 @@ CHANGES WITH 253 in spe:
|
||||
yet. (This feature has no security implications, because the code is
|
||||
still privileged and can trivially exit the sandbox.)
|
||||
|
||||
* The system manager manager will now parse a new "vmm.notify_socket"
|
||||
* The system manager will now parse a new "vmm.notify_socket"
|
||||
system credential, which may be supplied to a VM via SMBIOS. If
|
||||
found, the manager will send a "READY=1" notification on the
|
||||
specified socket after boot is complete. This allows readiness
|
||||
@ -180,7 +180,7 @@ CHANGES WITH 253 in spe:
|
||||
with something custom, so this change has limited effect.)
|
||||
|
||||
* A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
|
||||
can can be used to override the mount units burst late limit for
|
||||
can be used to override the mount units burst late limit for
|
||||
parsing '/proc/self/mountinfo', which was introduced in v249.
|
||||
Defaults to 5.
|
||||
|
||||
@ -1769,7 +1769,7 @@ CHANGES WITH 251:
|
||||
|
||||
* A new build-time configuration setting default-user-shell= can be
|
||||
used to set the default shell for user records and nspawn shell
|
||||
invocations (instead of of the default /bin/bash).
|
||||
invocations (instead of the default /bin/bash).
|
||||
|
||||
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
|
||||
information dynamically at runtime via IPC.
|
||||
@ -2457,7 +2457,7 @@ CHANGES WITH 250:
|
||||
now also owned by the system group "sgx".
|
||||
|
||||
* A new build-time meson option "extra-net-naming-schemes=" has been
|
||||
added to define additional naming schemes schemes for udev's network
|
||||
added to define additional naming schemes for udev's network
|
||||
interface naming logic. This is useful for enterprise distributions
|
||||
and similar which want to pin the schemes of certain distribution
|
||||
releases under a specific name and previously had to patch the
|
||||
|
12
TODO
12
TODO
@ -209,7 +209,7 @@ Features:
|
||||
|
||||
* in journald: whenever we start a new journal file because the boot ID
|
||||
changed, let's generate a recognizable log record containing info about old
|
||||
and new new ID. Then, when displaying log stream in journalctl look for these
|
||||
and new ID. Then, when displaying log stream in journalctl look for these
|
||||
records, to be able to order them.
|
||||
|
||||
* timesyncd: when saving/restoring clock try to take boot time into account.
|
||||
@ -744,11 +744,11 @@ Features:
|
||||
protections of the root OS are weakened after interactive confirmation, to
|
||||
allow hackers to allow their own stuff. idea: allow entering developer mode
|
||||
only via explicit choice in boot menu: i.e. add explicit boot menu item for
|
||||
it. when developer mode is entered generate a key pair in the TPM2, and add
|
||||
it. When developer mode is entered, generate a key pair in the TPM2, and add
|
||||
the public part of it automatically to keychain of valid code signature keys
|
||||
on subsequent boots. Then provide a tool to sign code with the key in the
|
||||
TPM2. Ensure that boot menu item is only way to enter developer mode, by
|
||||
binding it to locality/PCRs so that that keys cannot be generated otherwise.
|
||||
TPM2. Ensure that boot menu item is the only way to enter developer mode, by
|
||||
binding it to locality/PCRs so that keys cannot be generated otherwise.
|
||||
|
||||
* services: add support for cryptographically unlocking per-service directories
|
||||
via TPM2. Specifically, for StateDirectory= (and related dirs) use fscrypt to
|
||||
@ -996,7 +996,7 @@ Features:
|
||||
mounted from host. maybe put this in systemd-user-sessions.service?
|
||||
|
||||
* drop dependency on libcap, replace by direct syscalls based on
|
||||
CapabilityQuintet we already have. (This likely allows us drop drop libcap
|
||||
CapabilityQuintet we already have. (This likely allows us to drop libcap
|
||||
dep in the base OS image)
|
||||
|
||||
* sysext: automatically activate sysext images dropped in via new sd-stub
|
||||
@ -1144,7 +1144,7 @@ Features:
|
||||
|
||||
* credentials system:
|
||||
- acquire from EFI variable?
|
||||
- acquire via via ask-password?
|
||||
- acquire via ask-password?
|
||||
- acquire creds via keyring?
|
||||
- pass creds via keyring?
|
||||
- pass creds via memfd?
|
||||
|
@ -34,7 +34,7 @@ purpose. Specifically, the following features are provided:
|
||||
environment variables the credential data is not propagated down the process
|
||||
tree. Instead each time a credential is accessed an access check is enforced
|
||||
by the kernel. If the service is using file system namespacing the loaded
|
||||
credential data is invisible to any other services.
|
||||
credential data is invisible to all other services.
|
||||
|
||||
4. Service credentials may be acquired from files on disk, specified as literal
|
||||
strings in unit files, acquired from another service dynamically via an
|
||||
|
@ -28,7 +28,7 @@ avoiding an unnecessary synchronization point.
|
||||
## Network management services: `network.target`
|
||||
|
||||
`network.target` indicates that the network management stack has been started.
|
||||
Ordering after it it has little meaning during start-up: whether any network
|
||||
Ordering after it has little meaning during start-up: whether any network
|
||||
interfaces are already configured when it is reached is not defined.
|
||||
|
||||
Its primary purpose is for ordering things properly at shutdown: since the
|
||||
|
@ -212,7 +212,7 @@ object. The following fields are currently defined:
|
||||
|
||||
`userName` → The UNIX user name for this record. Takes a string with a valid
|
||||
UNIX user name. This field is the only mandatory field, all others are
|
||||
optional. Corresponds with the `pw_name` field of of `struct passwd` and the
|
||||
optional. Corresponds with the `pw_name` field of `struct passwd` and the
|
||||
`sp_namp` field of `struct spwd` (i.e. the shadow user record stored in
|
||||
`/etc/shadow`). See [User/Group Name Syntax](USER_NAMES.md) for
|
||||
the (relaxed) rules the various systemd components enforce on user/group names.
|
||||
|
@ -77,7 +77,7 @@
|
||||
from the kernel entropy pool.</para></listitem>
|
||||
|
||||
<listitem><para>In userspace the <filename>systemd-boot-random-seed.service</filename> service updates
|
||||
the boot loader random seed with a new value derived from the kernel kernel entropy pool.</para></listitem>
|
||||
the boot loader random seed with a new value derived from the kernel entropy pool.</para></listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>This logic should ensure that the kernel's entropy pool is seeded during earliest bool already, if
|
||||
|
@ -418,7 +418,7 @@ typedef struct {
|
||||
|
||||
assert_cc(sizeof(dummy_t) == 0);
|
||||
|
||||
/* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for for
|
||||
/* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for
|
||||
* loops that count down from a high pointer until some base. A naive loop would implement this like this:
|
||||
*
|
||||
* for (p = end-1; p >= base; p--) …
|
||||
|
@ -329,7 +329,7 @@ int unit_file_resolve_symlink(
|
||||
|
||||
assert(path_is_absolute(simplified));
|
||||
|
||||
/* Check if the symlink remain inside of of our search path.
|
||||
/* Check if the symlink remain inside of our search path.
|
||||
* If yes, it is an alias. Verify that it is valid.
|
||||
*
|
||||
* If no, then this is a linked unit file or mask, and we don't care about the target name
|
||||
|
@ -892,7 +892,7 @@ static int device_setup_units(Manager *m, sd_device *dev, Set **ready_units, Set
|
||||
|
||||
/* First, process the main (that is, points to the syspath) and (real, not symlink) devnode units. */
|
||||
if (device_for_action(dev, SD_DEVICE_REMOVE))
|
||||
/* If the device is removed, the main and devnode units units will be removed by
|
||||
/* If the device is removed, the main and devnode units will be removed by
|
||||
* device_update_found_by_sysfs() in device_dispatch_io(). Hence, it is not necessary to
|
||||
* store them to not_ready_units, and we have nothing to do here.
|
||||
*
|
||||
|
@ -2994,7 +2994,7 @@ static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32
|
||||
* on services that want to own the console exclusively without our interference. */
|
||||
m->no_console_output = m->n_on_console > 0;
|
||||
|
||||
/* Acknowledge the child's request, and let all all other children know too that they shouldn't wait
|
||||
/* Acknowledge the child's request, and let all other children know too that they shouldn't wait
|
||||
* any longer by closing the pipes towards them, which is what they are waiting for. */
|
||||
manager_close_idle_pipe(m);
|
||||
|
||||
|
@ -2242,7 +2242,7 @@ static int home_get_disk_status_luks(
|
||||
* that case the image is pre-allocated and thus appears all used from the host PoV but is not used
|
||||
* up at all yet from the user's PoV.
|
||||
*
|
||||
* That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
|
||||
* That said, we use the stat() reported loopback file size as upper boundary: our footprint can
|
||||
* never be larger than what we take up on the lowest layers. */
|
||||
|
||||
if (disk_size != UINT64_MAX && disk_size > disk_free) {
|
||||
|
@ -1807,7 +1807,7 @@ static int oci_seccomp_args(const char *name, JsonVariant *v, JsonDispatchFlags
|
||||
|
||||
expected = p->op == SCMP_CMP_MASKED_EQ ? 4 : 3;
|
||||
if (r != expected)
|
||||
json_log(e, flags|JSON_WARNING, 0, "Wrong number of system call arguments for JSON data data, ignoring.");
|
||||
json_log(e, flags|JSON_WARNING, 0, "Wrong number of system call arguments for JSON data, ignoring.");
|
||||
|
||||
/* Note that we are a bit sloppy here and do not insist that SCMP_CMP_MASKED_EQ gets two datum values,
|
||||
* and the other only one. That's because buildah for example by default calls things with
|
||||
|
@ -2516,7 +2516,7 @@ static int setup_kmsg(int fd_inner_socket) {
|
||||
|
||||
BLOCK_WITH_UMASK(0000);
|
||||
|
||||
/* We create the kmsg FIFO as as temporary file in /run, but immediately delete it after bind mounting it to
|
||||
/* We create the kmsg FIFO as a temporary file in /run, but immediately delete it after bind mounting it to
|
||||
* /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves
|
||||
* differently from /dev/kmsg in that writing blocks when nothing is reading. In order to avoid any problems
|
||||
* with containers deadlocking due to this we simply make /dev/kmsg unavailable to the container. */
|
||||
|
@ -351,7 +351,7 @@ static int run(int argc, char *argv[]) {
|
||||
return r;
|
||||
|
||||
/* Handle each pstore file */
|
||||
/* Sort files lexigraphically ascending, generally needed by all */
|
||||
/* Sort files lexicographically ascending, generally needed by all */
|
||||
typesafe_qsort(list.entries, list.n_entries, compare_pstore_entries);
|
||||
|
||||
/* Process known file types */
|
||||
|
@ -348,7 +348,7 @@ static int dnssec_ecdsa_verify_raw(
|
||||
if (!s)
|
||||
return -EIO;
|
||||
|
||||
/* TODO: We should eventually use use the EVP API once it supports ECDSA signature verification */
|
||||
/* TODO: We should eventually use the EVP API once it supports ECDSA signature verification */
|
||||
|
||||
sig = ECDSA_SIG_new();
|
||||
if (!sig)
|
||||
|
@ -2868,7 +2868,7 @@ static int normalize_linked_files(
|
||||
char ***ret_files) {
|
||||
|
||||
/* This is similar to normalize_filenames()/normalize_names() in src/systemctl/,
|
||||
* but operates on real unit names. For each argument we we look up the actual path
|
||||
* but operates on real unit names. For each argument we look up the actual path
|
||||
* where the unit is found. This way linked units can be re-enabled successfully. */
|
||||
|
||||
_cleanup_strv_free_ char **files = NULL, **names = NULL;
|
||||
|
@ -488,7 +488,7 @@ static int fido2_use_hmac_hash_specific_token(
|
||||
* it gracefully (also see below.) */
|
||||
|
||||
if (has_up && (required & (FIDO2ENROLL_UP|FIDO2ENROLL_UP_IF_NEEDED)) == FIDO2ENROLL_UP_IF_NEEDED) {
|
||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
||||
log_notice("%s%sGot unsupported option error when user presence test is turned off. Trying with user presence test turned on.",
|
||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
||||
emoji_enabled() ? " " : "");
|
||||
retry_with_up = true;
|
||||
@ -957,7 +957,7 @@ int fido2_generate_hmac_hash(
|
||||
* slightly more defensively. */
|
||||
|
||||
if (has_up && !FLAGS_SET(lock_with, FIDO2ENROLL_UP)) {
|
||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
||||
log_notice("%s%sGot unsupported option error when user presence test is turned off. Trying with user presence test turned on.",
|
||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
||||
emoji_enabled() ? " " : "");
|
||||
retry_with_up = true;
|
||||
|
@ -38,7 +38,7 @@ static void test_xescape_full_one(bool eight_bits) {
|
||||
if (i >= full_fit)
|
||||
assert_se(streq(t, escaped));
|
||||
else if (i >= 3) {
|
||||
/* We need up to four columns, so up to three three columns may be wasted */
|
||||
/* We need up to four columns, so up to three columns may be wasted */
|
||||
assert_se(strlen(t) == i || strlen(t) == i - 1 || strlen(t) == i - 2 || strlen(t) == i - 3);
|
||||
assert_se(strneq(t, escaped, i - 3) || strneq(t, escaped, i - 4) ||
|
||||
strneq(t, escaped, i - 5) || strneq(t, escaped, i - 6));
|
||||
|
@ -518,7 +518,7 @@ def make_uki(opts):
|
||||
uki = UKI(opts.stub)
|
||||
initrd = join_initrds(opts.initrd)
|
||||
|
||||
# TODO: derive public key from from opts.pcr_private_keys?
|
||||
# TODO: derive public key from opts.pcr_private_keys?
|
||||
pcrpkey = opts.pcrpkey
|
||||
if pcrpkey is None:
|
||||
if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1:
|
||||
|
@ -9,7 +9,7 @@ MaxAgeSec=9
|
||||
AgeingTimeSec=9
|
||||
ForwardDelaySec=9
|
||||
Priority=9
|
||||
#GroupForwardMask=9 # This interferes other other settings
|
||||
#GroupForwardMask=9 # This interferes with other settings
|
||||
DefaultPVID=9
|
||||
MulticastQuerier=yes
|
||||
MulticastSnooping=yes
|
||||
|
Loading…
Reference in New Issue
Block a user