IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It always was the intention to expose this as trusted field _TID=, i.e.
automatically determine it from journald via some SCM_xyz field or so,
but this is never happened, and it's unlikely this will be added anytime
soon to the kernel either, hence let's just generate this sender side,
even if it means it's untrusted.
Adds support for LUKS detached header device on kernel
command line. It's introduced via extension to existing
luks.options 'header=' argument beyond colon (see examples
below). If LUKS header device is specified it's expected
to contain filesystem with LUKS header image on a path
specified in the first part of header specification.
The second parameter 'luks.data' specifies LUKS data device
supposed to be paired with detached LUKS header (note that
encrypted LUKS data device with detached header is unrecognisable
by standard blkid probe).
This adds support for LUKS encrypted rootfs partition with
detached header. It can also be used for initializing online LUKS2
encryption of data device.
Examples:
luks.data=<luks_uuid>=/dev/sdz
luks.data=<luks_uuid>=/dev/vg/lv
luks.data=<luks_uuid>=/dev/mapper/lv
luks.data=<luks_uuid>=PARTUUID=<part_uuid>
luks.data=<luks_uuid>=PARTLABEL=<part_uuid>
luks.options=<luks_uuid>=header=/header/path:UUID=<fs_uuid>
luks.options=<luks_uuid>=header=/header/path:PARTUUID=<part_uuid>
luks.options=<luks_uuid>=header=/header/path:PARTLABEL=<part_label>
luks.options=<luks_uuid>=header=/header/path:LABEL=<fs_label>
luks.options=<luks_uuid>=header=/header/path:/dev/sdx
luks.options=<luks_uuid>=header=/header/path:/dev/vg/lv
The '/header/path' is considered to be relative location within
filesystem residing on the header device specified beyond colon
character
The directory backend needs a file system path, and not a raw block
device. That's only supported for the LUKS2 backend.
Let's make this clearer in the man page and also generate a better error
message if attempted anyway.
Fixes: #17068
By default we'll run a container in --console=interactive and
--console=read-only mode depending if we are invoked on a tty or not so
that the container always gets a /dev/console allocated, i.e is always
suitable to run a full init system /as those typically expect a
/dev/console to exist).
With the new --console=autopipe mode we do something similar, but
slightly different: when not invoked on a tty we'll use --console=pipe.
This means, if you invoke some tool in a container with this you'll get
full inetractivity if you invoke it on a tty but things will also be
very nicely pipeable. OTOH you cannot invoke a full init system like
this, because you might or might not become a /dev/console this way...
Prompted-by: #17070
(I named this "autopipe" rather than "auto" or so, since the default
mode probably should be named "auto" one day if we add a name for it,
and this is so similar to "auto" except that it uses pipes in the
non-tty case).
3e5f04bf6468fcb79c080f02b0eab08f258bff0c was trying to do the right thing, but
the resulting list does not match the autogenerated order (which is the same as
the order in vtable definition). I assume the addition was done manually. Fix
the order so that dbus-docs-fresh test is not unhappy.
With new directive SystemCallLog= it's possible to list system calls to be
logged. This can be used for auditing or temporarily when constructing system
call filters.
---
v5: drop intermediary, update HASHMAP_FOREACH_KEY() use
v4: skip useless debug messages, actually parse directive
v3: don't declare unused variables with old libseccomp
v2: fix build without seccomp or old libseccomp
Define explicit action "kill" for SystemCallErrorNumber=.
In addition to errno code, allow specifying "kill" as action for
SystemCallFilter=.
---
v7: seccomp_parse_errno_or_action() returns -EINVAL if !HAVE_SECCOMP
v6: use streq_ptr(), let errno_to_name() handle bad values, kill processes,
init syscall_errno
v5: actually use seccomp_errno_or_action_to_string(), don't fail bus unit
parsing without seccomp
v4: fix build without seccomp
v3: drop log action
v2: action -> number
Mention the JSON user record stuff. Mention pam_umask explicitly.
Mention that UMask= of the per-user user@.service instance can be used
too.
Fixes: #16963
Heavily inspired by #15622. This adds:
systemctl service-log-level systemd-resolved
systemctl service-log-level systemd-resolved info
systemctl service-log-target systemd-resolved
systemctl service-log-target systemd-resolved console
We already have systemctl verbs log-level, log-target, and service-watchdogs.
Those two new verbs tie nicely into this scheme.
The manual states that a persistent timer triggers it's service
immediately on activation to catch up with missed invocations, but since
PR #11608 it is no longer the case if RandomizedDelaySec= is set to a
non-zero value.
Closes#12624.
The formatting in systemd.socket.xml is updated a bit.
Currently in_addr_port_ifindex_name_to_string() always prints the ifindex
numerically. This is not super useful since the interface numbers are
semi-random. Should we use interface names in preference?
KEY_RESTART is widely used in Linux to indicate device reboot.
So lets handle it in the same fashion as KEY_POWER.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
The list was rather ad hoc, with "reset-failed" sandwiched between
"help" and "list-dependencies". Since a person will usually either want
to introspect state in various ways or modify state in a certain way, let's
put all the introspection commands together and all the ones that actually
have an effect second.
