IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
https://github.com/mesonbuild/meson/issues/8641
Our CI started to fail. Even if the change is reverted in meson,
we need a quick workaround here.
(cherry picked from commit 7c5fd25119a495009ea62f79e5daec34cc464628)
(cherry picked from commit f6435a07c1ca4b895573eba4a64dcf4bef3fb92b)
There are two ambiguity in the original description:
1. It will delay all RUN instructions, include builtin.
2. It will delay before running RUN, not each of RUN{program} instructions.
(cherry picked from commit 45f5efdea7e5e94bd47fc24b9bd404c77b5771a0)
(cherry picked from commit cb92f5601ad169e8f86a61319b73a8fd9e19950b)
Unlike many other small/big letter combos, this one has the recursive
version attached to the lowercase letter.
(cherry picked from commit 3dd61ee5be0291380d341571e138713d2f89125a)
(cherry picked from commit ba8032c414dcf7c627cee3e979654bc5e294def3)
Similar to `ProcessSizeMax`. The defaults in percentages can be misunderstood to mean the values for these parameters will be in percentages.
(cherry picked from commit 88c2c8a0ba13de31061a22a352410c18ffacab9a)
(cherry picked from commit a9ab73ca9f79d0830e71716359a9710fc165ccca)
When using hidepid=invisible on procfs, the kernel will check if the
gid of the process trying to access /proc is the same as the gid of
the process that mounted the /proc instance, or if it has the ptrace
capability:
https://github.com/torvalds/linux/blob/v5.10/fs/proc/base.c#L723https://github.com/torvalds/linux/blob/v5.10/fs/proc/root.c#L155
Given we set up the /proc instance as root for system services,
The same restriction applies to CAP_SYS_PTRACE, if a process runs with
it then hidepid=invisible has no effect.
ProtectProc effectively can only be used with User= or DynamicUser=yes,
without CAP_SYS_PTRACE.
Update the documentation to explicitly state these limitations.
Fixes#18997
(cherry picked from commit 301e7cd047c8d07715d5dc37f713e8aa031581b4)
systemd.unit(5) is a wall of text. And this particular feature can be very useful
in the context of resource control. Let's avertise this cool feature a bit more.
Fixes#17900.
(cherry picked from commit a8136f1bc03d1bdf93b9071b4f82123b81a05c8e)
Commit 83f72cd65fb8 ("man,docs: document the new unit file directory for
attached images") updated the docs and man page with the new unit file
directory for attached images but included a system.attached ->
systemd.attached typo in the man page portion of the change. Fix the
typo to document the correct path.
(cherry picked from commit e4d54220a1ffa6629c0aad717a8b7601c0319657)
This was changed in commit 482efedc081b0c4bf2e77a3dee6b979d9c9a5765,
which was released in v243, to only enable and never disable IPv6.
Signed-off-by: Richard Laager <rlaager@wiktel.com>
(cherry picked from commit f542f3b2ed3cf3e71692d1736f3fdd0ebdc226ef)
Fixup NameSeviceSwitch -> NameServiceSwitch spelling error in
documentation.
Found through inspection of documentation.
(cherry picked from commit afe6a9c48e956c8ddfaa0f201cf371b01a22f970)
While not really "wrong", the text we had could use a little editing.
Fixes#18458.
(cherry picked from commit a7a1887869695f16a1114c355c13d731ed7be109)
Actually, systemd takes the minimum of
* a) the maximum tasks value the kernel allows on this architecture
* b) the cgroups pids_max attribute for the system
* c) the kernel's configured maximum PID value
to calculate the DefaultTasksMax. Here, kernel.thread-max should also be methioned.
(cherry picked from commit 9c587d66187976de49e2d2028cebe1aef5b77b9c)
So far, we would allow certain control characters (NL since
b4346b9a77bc6129dd3e, TAB since 6294aa76d818e831de45), but not others. Having
other control characters in environment variable *value* is expected and widely
used, for various prompts like $LESS, $LESS_TERMCAP_*, and other similar
variables. The typical environment exported by bash already contains a dozen or
so such variables, so programs need to handle them.
We handle then correctly too, for example in 'systemctl show-environment',
since 804ee07c1370d49aa9a. But we would still disallow setting such variables
by the user, in unit file Environment= and in set-environment/import-environment
operations. This is unexpected and confusing and doesn't help with anything
because such variables are present in the environment through other means.
When printing such variables, 'show-environment' escapes all special
characters, so variables with control characters are plainly visible.
In other uses, e.g. 'cat -v' can be used in similar fashion. This would already
need to be done to suppress color codes starting with \[.
Note that we still forbid invalid utf-8 with this patch. (Control characters
are valid, since they are valid 7-bit ascii.) I'm not sure if we should do
that, but since people haven't been actually asking for invalid utf-8, and only
for control characters, and invalid utf-8 causes other issues, I think it's OK
to leave this unchanged.
Fixes#4446, https://gitlab.gnome.org/GNOME/gnome-session/-/issues/45.
(cherry picked from commit 30927a24848c4d727f7619cc74b878f098cdd724)
This adds a general description of "philosphy" of keeping the environemnt
block small and hints about systemd-run -P env.
The list of generated variables is split out to a subsection. Viewing
the patch with ignoring whitespace changes is recommended.
We don't ignore invalid assignments (except in import-environment to some
extent), previous description was wrong.
For https://bugzilla.redhat.com/show_bug.cgi?id=1912046#c17.
(cherry picked from commit 82651d5b6b20ef959252e0a6845b906788235c70)
The unit files are located at path /usr/lib/systemd/system.
This fixes the path reference to the unit file by adding the missing
path component system.
(cherry picked from commit 0215f04a7ebd1ab1da4b4279d5057953ae1ebcaa)
Explicitly document the behavior introduced in #7437: when picking a new
UID shift base with "-U", a hash of the machine name will be tried
before falling back to fully random UID base candidates.
(cherry picked from commit 68709a636c838e0754b49caa6ff2d4168e3c99c8)
`AllowedIPs=` only affects "routing inside the network interface
itself", as in, which wireguard peer packets with a specific destination
address are sent to, and what source addresses are accepted from which
peer.
To cause packets to be sent via wireguard in first place, a route via
that interface needs to be added - either in the `[Routes]` section on
the `.network` matching the wireguard interface, or outside of networkd.
This is a common cause of misunderstanding, because tools like wg-quick
also add routes to the interface. However, those tools are meant as a
"extremely simple script for easily bringing up a WireGuard interface,
suitable for a few common use cases (from their manpage).
Networkd also should support other usecases - like setting AllowedIPs to
0.0.0.0/0 and ::/0 and having a dynamic routing protocol setting more
specific routes (or the user manually setting them).
Reported-In: https://github.com/systemd/systemd/issues/14176
(cherry picked from commit c6b90e5c5e54e98b6aed38677f77d8491f2e49c8)
This commit adds support for disabling the read and write
workqueues with the new crypttab options no-read-workqueue
and no-write-workqueue. These correspond to the cryptsetup
options --perf-no_read_workqueue and --perf-no_write_workqueue
respectively.
(cherry picked from commit 227acf0009bde2cd7f8bc371615b05e84137847d)
