IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Change f887eab1da85d0053321d43228042d90720eb77e conditionalized the
building of ther kenel-install man page in the generated meson output,
instead of the source in the XML markup. Thus, whenever the rules file
is updated the conditionalization is lost. Correct that.
Follow-up for: f887eab1da85d0053321d43228042d90720eb77e
This can be problematic especially when there's no more free disk
space. Consider the following:.
When disk space becomes sparse, writting to the system journal can lead to
error. In this case journald attempts to make room by rotating the journals,
which consists in archiving online journals and opening new ones.
However opening new files is likely to fail too and in this case
journal_file_open() leaves half initialized file around but in online
state. Then the error is propagated and journald switches into volatile mode.
Next time a new message is received by journald, it tries to open the
persistent system journal file to switch automatically back to persistent
mode.
When opening the system journal, journal_file_open(), called by
managed_journal_file_open_reliably(), finds the persistent system journal left
previously and assumes that it was uncleanly closed and considers it as
corrupted. The error is reported to managed_journal_file_open_reliably(), which
backs the file up and attempts to create a new system file, which fails and
leaves a corrupted system file again.
Since this is done for each message received by journald, /var/log/message can
be filled with backup files pretty quickly.
To prevent this, the patch makes sure to delete the newly created file in case
of error.
These days we have a mechanism for safely returning errnos in enum
types, via definining -ERRNO_MAX as one special enu value. Let's use
that for Virtualization.
No change in behaviour, just some typesafety improvement.
Let's avoid extending the virtualization with an "alias" entry that has
the same string assigned as another.
The only reason this was done was to make the patch small that added a
second CPUID vendor string for kvm to the vm_table[] array. Let's
instead rework the array to use struct elements that match up strings
with ids. Given the array was previously mostly sparse this should be a
general improvement.
Fixes: #22950
Follow-up for: #22945
This adds another symlink for block devices:
/dev/disk/by-diskseq/<number>
where the number is the diskseq number as exposed by the kernel. It's
useful for apps because they can use it to open a device by diskseq, in
a way that is safe against device node reuse. I.e. if a device node path
like this is passed to an app it could open the device node via the
symlink and also parse the diskseq from the path. Once the device is
opened it could compare the parsed diskseq with the one returned by
BLKGETDISKSEQ on the open node, and if it matches they know they are
talking to the right device.
Fixes: #22906
The three functions for reading cwd, exe and root symlinks of processes
already share a common core: get_process_link_contents(). Let's refactor
that a bit, and move formatting of the /proc/self/ path into this helper
function instead of doing that in the caller, thus sharing more code.
While we are at it, make the return parameters optional, in case the
information if the links are readable is interesting, but the contents
is not. (This also means safe_getcwd() and readlinkat_malloc() are
updated to make the return parameter optional, as these are called by
the relevant three functions)
Containers generally have a smaller UID range assigned than host
systems. Let's visualize this in the user/group tables. We insert
markers for unavailable regions. This way display is identical to status
quo ante on host systems, but in containers unavailable ranges will be
shown as that.
And while we are at it, also hide well-known UID ranges when they are
outside of userns uid_map range. This is mostly about the "container"
range. It's pointless showing the cotnainer range (i.e. a range UID >
65535) if that range isn#t available in the container anyway.
This will taint systemd if invoked in containers that do not have the
full 16bit range of UIDs defined.
we pretty much need uid root…nobody to be defined for a variety of
purposes, hence let's add this taint flag. Of course taints are
graceful, but it at least communicates the mess in some way...
The former checks if one UID is inside the uid range set. The latter
checks if a full UID range is inside the uid range set. The former is
hence a special case of the latter.
I regularly run my tests also as root, since some of the tested code
uses privileged APIs. The test-resolved-stream so far tried to run its
tests in a user/network namespace if that can be allocated. This caused
the tests to fail on my system where once the user namespace is opened
access to the build tree in my $HOME is prohibited (due to restricted
access modes on my home dir). Let's add a check for that: before
actually isolating the test in a user/network namespace, let's see if
that would make it impossible for us to access the build tree (which we
need to do load the TLS certificates the test requires).
This should make the test pass when run as root from a build tree with
restrictive access mode.
