IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.
Fixes#20139
Allows to pass a portable profile when doing offline analysis of
units. Especially useful for analyzing portable images, since a
lot of the security-relevant settings in those cases come from
the profiles, but they are not shipped in the portable images.
Let's not mention a redundant setting of "none". Let's instead only
mention "best-effort", which is the same. Also mention the default
settings properly.
(Also, while we are at it, don#t document the numeric alias, that's
totally redundant and harder to use, so no need to push people towards
it.)
This should make things a bit more robust since it ensures system
extension can only applied to the right environments. Right now three
different "scopes" are defined:
1. "system" (for regular OS systems, after the initrd transition)
2. "initrd" (for sysext images that apply to the initrd environment)
3. "portable" (for sysext images that apply to portable images)
If not specified we imply a default of "system portable", i.e. any image
where the field is not specified is implicitly OK for application to OS
images and for portable services – but not for initrds.
The argument names of methods under org.freedesktop.DBus.Properties and
org.freedesktop.DBus.Introspectable interfaces are specifies in D-Bus
specification[1]. They are:
org.freedesktop.DBus.Introspectable.Introspect (out STRING xml_data)
org.freedesktop.DBus.Properties.Get (in STRING interface_name,
in STRING property_name,
out VARIANT value);
org.freedesktop.DBus.Properties.Set (in STRING interface_name,
in STRING property_name,
in VARIANT value);
org.freedesktop.DBus.Properties.GetAll (in STRING interface_name,
out DICT<STRING,VARIANT> props);
sd-bus is using different argument names in the introspection document.
Usually this is not a problem but in case something tries to map the
argument names based on the introspection document to the position of
the arguments in the method call, then using names different than the
ones specified in the D-Bus specification is confusing.
So fix the names to match the D-Bus specification.
[1] https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-introspectable
This beefs up the DNS stub logic to listen on two IP addresses:
127.0.0.53 (as before) + 127.0.0.54 (new). When the latter is contact
our stub will operate in "bypass" mode only, i.e we'll try to pass DNS
requests as unmodified upstream as we can (and not do mDNS/LLMNR and
such, also no DNSSEC validation – but we'll still do DNS-over-TLS
wrapping).
This is supposed to be useful for container environments or tethering:
this stub could be exposed (via NAT redirect) to clients of this system
and we'll try to stay out of the way with doing too much DNS magic
ourselves, but still expose whatever the current DNS server is from
upstream under a stable address/port.
How to use this:
# iptables -t nat -I PREROUTING -p udp -i <interface> --dport 53 -j DNAT --to 127.0.0.54:53
# echo 1 > /proc/sys/net/ipv4/conf/<interface>/route_localnet
veritysetup-generator, fstab-generator: Setup and mount usr verity device when 'usrhash' (and optionally systemd.verity_usr_*) is present as kernel command line parameter
* man: document FIDO2 device removal
Indicate to users how to remove FIDO2 device in the --fido2-device=path section by setting path to an empty string (""). Tested on systemd 249 (249.6-3-arch)
Both linux kernel kernel and iproute2 uses int32 type for a link group
attribute and -1 has a special meaning, so setting it to 4294967295
would make it -1 in the linux kernel (and ip link cmd).
And while we are at it, make 'ssh-authorized-keys' verb properly
documented. Given that OpenSSH documents the interface in its man page
it's fine to just document our implementation of it too.
The manual incorrectly asserted that the properties in systemctl show
matched the the options in systemd-system.conf, which is not always true.
Add clarification on the equivalence of the properties in systemctl show
and systemd-system.conf
Fixed#21230
When using "capture : true" in custom_target()s the mode of the source
file is not preserved when the generated file is not installed and so
needs to be tweaked manually. Switch from output capture to creating the
target file and copy the permissions from the input file.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This introduces `ExitType=main|cgroup` for services.
Similar to how `Type` specifies the launch of a service, `ExitType` is
concerned with how systemd determines that a service exited.
- If set to `main` (the current behavior), the service manager will consider
the unit stopped when the main process exits.
- The `cgroup` exit type is meant for applications whose forking model is not
known ahead of time and which might not have a specific main process.
The service will stay running as long as at least one process in the cgroup
is running. This is intended for transient or automatically generated
services, such as graphical applications inside of a desktop environment.
Motivation for this is #16805. The original PR (#18782) was reverted (#20073)
after realizing that the exit status of "the last process in the cgroup" can't
reliably be known (#19385)
This version instead uses the main process exit status if there is one and just
listens to the cgroup empty event otherwise.
The advantages of a service with `ExitType=cgroup` over scopes are:
- Integrated logging / stdout redirection
- Avoids the race / synchronisation issue between launch and scope creation
- More extensive use of drop-ins and thus distro-level configuration:
by moving from scopes to services we can have drop ins that will affect
properties that can only be set during service creation,
like `OOMPolicy` and security-related properties
- It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously
only services can be used in the generator, not scopes.
[1] https://bugs.kde.org/show_bug.cgi?id=433299
In some cases an offline analysis should ignore some fields, for example
a portable service in an image will never list RootImage/RootDirectory, as
they are added at runtime, and thus can be skipped.
Let's document this for now. We should be able to lift these limitations
sooner or later, at which point we can drop this documentation again.
These two limitations are a pitfall that people should be aware of,
before going FIDO2-only.
See: #20230#19208
Those devices show up as /sys/devices/vif-N, let's use that number
to name them enXN.
Without this, all schemes fail and they keep the kernel names, which can
be racy.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To prevent situations like in #17602 from happening, let's drop
direct recursive template dependencies. These will almost certainly
lead to infinite recursion so let's drop them immediately to avoid
instantiating potentially thousands of irrelevant units.
Example of a template that would lead to infinite recursion which
is caught by this check:
notify@.service:
```
[Unit]
Wants=notify@%n.service
```
When combined with a tmpfs on /run or /var/lib, allows to create
arbitrary and ephemeral symlinks for StateDirectory or RuntimeDirectory.
This is especially useful when sharing these directories between
different services, to make the same state/runtime directory 'backend'
appear as different names to each service, so that they can be added/removed
to a sharing agreement transparently, without code changes.
An example (simplified, but real) use case:
foo.service:
StateDirectory=foo
bar.service:
StateDirectory=bar
foo.service.d/shared.conf:
StateDirectory=
StateDirectory=shared:foo
bar.service.d/shared.conf:
StateDirectory=
StateDirectory=shared:bar
foo and bar use respectively /var/lib/foo and /var/lib/bar. Then
the orchestration layer decides to stop this sharing, the drop-in
can be removed. The services won't need any update and will keep
working and being able to store state, transparently.
To keep backward compatibility, new DBUS messages are added.
This is useful since certain shares can only be mounted with additional
mount flags. For example the SMB share in modern AVM Fritz!Boxes
requires "noserverino" to be set to work from Linux.
Allow specifying CIFS services in the format //host/service/subdir/… to
allow multiple homedirs on the same share, and not in the main dir of
the share.
All other backends allow placing the data store at arbitrary places,
let's allow this too for the CIFS backend. This is particularly useful
for testing.
The setting is completely meaningless, as WithoutRA= and UseDelegatedPrefix=
in [DHCPv6] section, and DHCPv6Client= in [IPv6AcceptRA] section control
the behavior.
Previously, the prefix delegation is enabled when at least one
downstream interfaces request it. But, when the DHCPv6 client on the
upstream interface is configured, some downstream interfaces may not
exist yet, nor have .network file assigned.
Also, if a system has thousands of interfaces, then the previous logic
introduce O(n^2) search.
This makes the prefix delegation is always enabled, except when it is
explicitly disabled. Hopefully, that should not break anything, as the
DHCPv6 server should ignore the prefix delegation request if the server
do not have any prefix to delegate.
This is useful if the auto-firmware setting has been disabled. The
keys used here are based on what the majority of firmware employ in
the wild.
This also ensures there's a chance for the user to discover this in
case they were too slow during POST or simply used the wrong ones.
This is supposed to be used by package/image builders such as mkosi to
speed up building, since it allows us to suppress sync() inside a
container.
This does what Debian's eatmydata tool does, but for a container, and
via seccomp (instead of LD_PRELOAD).
When Assign= in [DHCPv6PrefixDelegation] is enabled, then the kernel
will create the prefix route for the assigned address with metric 256.
When Assign= is disabled, then the kernel will create the route with
metric 1024.
For the default value, we should choose a smaller value (higher priority)
than 1024, as the unreachable routes for delegated prefix will be
configured with 1024.
This adds support for dm integrity targets and an associated
/etc/integritytab file which is required as the dm integrity device
super block doesn't include all of the required metadata to bring up
the device correctly. See integritytab man page for details.
