IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The maximum number of processes a tasks on the system is usually lower
than what pid_t would allow, and is compiled into the kernel (and
documented in proc(5)). Let's add proper defines for that, so that
we can adjust the pid_max sysctl without fearing invalid accesses.
canonicalize_file_name() invocations were replaced by chase_symlinks() in
Decemeber 2016 with PR #4694, so we don't need this mention in the TODO anymore
The DHCPv6 client can obtain configuration parameters from a
DHCPv6 server through a rapid two-message exchange solicit and reply).
When the rapid commit option is enabled by both the DHCPv6 client and
the DHCPv6 server, the two-message exchange is used, rather than the default
four-method exchange (solicit, advertise, request, and reply). The two-message
exchange provides faster client configuration and is beneficial in environments
in which networks are under a heavy load.
Closes#5845
This happens to be almost the same moment as when we send READY=1 in the user
instance, but the logic is slightly different, since we log taint when
basic.target is reached in the system manager, but we send the notification
only in the user manager. So add a separate flag for this and propagate it
across reloads.
Fixes#7683.
The commit f14f1806e3 introduced CHASE_SAFE
flag. When the flag is set, then `fd_parent` may not be properly closed.
This sets `_cleanup_close_` attribute to `fd_parent`.
Thus, now `fd_parent` is always closed properly.
It was forbidden to create mount units for a symlink. But the reason is
that the mount unit needs to know the real path that will appear in
/proc/self/mountinfo. The kernel dereferences *all* the symlinks in the
path at mount time (I checked this with `mount -c` running under `strace`).
This will have no effect on most systems. As recommended by docs, most
systems use /etc/fstab, as opposed to native mount unit files.
fstab-generator dereferences symlinks for backwards compatibility.
A relatively minor issue regarding Time Of Check / Time Of Use also exists
here. I can't see how to get rid of it entirely. If we pass an absolute
path to mount, the racing process can replace it with a symlink. If we
chdir() to the mount point and pass ".", the racing process can move the
directory. The latter might potentially be nicer, except that it breaks
WorkingDirectory=.
I'm not saying the race is relevant to security - I just want to consider
how bad the effect is. Currently, it can make the mount unit active (and
hence the job return success), despite there never being a matching entry
in /proc/self/mountinfo. This wart will be removed in the next commit;
i.e. it will make the mount unit fail instead.
sd_journal_stream_fd() does not return the same file descriptor across
different calls. It can't possibly do so, because the file descriptor
is created using certain parameters passed by the caller.
Also the implementation clearly isn't doing this, it's just connecting
to a unix socket.
It opens exactly one file descriptor, and does not close it unless there
is a write failure. Nothing like "temporarily multiple file descriptors
may be open".
These restrictions are implied by systemd options used for
systemd-udevd.service, i.e. MountFlags=slave and
IPAddressDeny=any. However, there are users out there getting tripped by
this, so let's make things clear in the man page so the actual
restrictions we implement by default have better visibility.
Follow-up for e79eabdb1b. There was an
apparent contradiction:
man/systemd.unit says for Requires=:
Besides, with or without specifying After=, this unit will be deactivated
if one of the other units get deactivated.
Also, some unit types may deactivate on their own (for example, a service
process may decide to exit cleanly, or a device may be unplugged by the
user), which is not propagated to units having a Requires= dependency.
Fixes#7870.
When the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.
Closes#7792
The commit b1bfb84804 makes chase_symlinks()
recognize empty string for root as an invalid parameter. However,
empty root is often used e.g. systemd-nspawn.
This makes chase_symlinks() support empty string safely.
Fixes#7927.