IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
systemd-run --scope --user failed to run in system 249.6, cf. #21297. Add tests
for systemd-run --scope and systemd-run --scope --user to make sure this does
not regress again.
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.
It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
I think we should stick to the rule that stuff defined in
types-fundamental.h either:
1. adds a prefixed concept "sd_xyz" that maps differently in the two
environments
2. adds a non-prefixed concept "xyz" that adds a type otherwise missing
in one of the two environments but with the same definition as in the
other.
i.e. if have have some concept that might differ the way its set up in
the two environments it really should be prefixed by "sd_" to make clear
it has semantics we defined. Only drop the prefix if it really means the
exact same thin in all environments.
Now, sd_bool is defined prefixed, because its either mapped to "BOOLEAN"
(which is an integer) in UEFI or "bool" (which is C99 _Bool) in
userspace. size_t is not defined prefixed, because it's mapped to the
same thing ultimately (on the UEFI its mapped to UINTN, but that in turn
is defined as being the type for the size of memory objects, thus it's
really the same as userspace size_t).
So far "true" and "false" where defined unprefixed even though they map
to values of different types. typeof(true) in userspace would reveal
_Bool, but typeof(false) in UEFI would reveal BOOLEAN. The distinction
actually does matter in comparisons (i.e. (_Bool) 1 == (_Bool) 2 holds
while (BOOLEAN) 1 == (BOOLEAN) 2 does not hold).
Hence, let's add sd_true and sd_false, thus indicating we defined our
own concept here, and it has similar but different semantics in UEFI and
in userspace.
"type.h" is a very generic name, but this header is very specific to
making the "fundaemtnal" stuff work, it maps genric types in two
distinct ways. Hence let's make clear in the header name already what
this is about.
Let's make sure IMAGE_ID/IMAGE_VERSION are properly honoured, and
explain in a long comment why.
Let's also use ID= field again, which was lost by accident.
(While we are at it do some minimal OOM checks wherever we touch
something)
Unfortunately they forgot the "const" decoration on the MetaiMatch()
prototype, but let that omission not leak into our code, let's hide it
away in the innermost use.
Up until now the main reason why we didn't proceed with starting the
unit was exceed start limit burst. However, for unit types like mounts
the other reason could be effective ratelimit on /proc/self/mountinfo
event source. That means our mount unit state may not reflect current
kernel state. Hence, we need to attempt to re-run the start job again
after ratelimit on event source expires.
As we will be introducing another reason than start limit let's rename
the virtual function that implements the check.
Since commit 8d3e4ac7cd ("scope: refuse
activation of scopes if no PIDs to add are left") all "systemd-run --scope
--user" calls fail because cgroup attachments delegated to the system instance
are not counted towards successful additions. Fix this by incrementing the
return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to
what happens when cg_attach() succeeds directly.
Note that this can *not* distinguish the case when
unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all
processes to attach are gone in the meantime, unlike the checks that commit
8d3e4ac7cd adds for the system instance. This is
because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal
unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include
the number of successfully attached processes and is always NULL on success.
Fixes: #21297
to let Dependabot keep track of them using SHAs
codeql-actions doesn't point to SHAs because it isn't clear
whether Dependabot supports their release cycle mentioned
at https://github.com/github/codeql-action/issues/307
And while we are at it, make 'ssh-authorized-keys' verb properly
documented. Given that OpenSSH documents the interface in its man page
it's fine to just document our implementation of it too.
Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup
controllers realization does more harm than good, because:
* Realization happens early on boot, the mount point may not be ready at
the time. That happens if mounts are made by a .mount unit (the issue we
encountered).
* BPF filesystem may be mounted on another point.
Remove the check. Instead verify that path provided by BPFProgram= is
within BPF fs when unit properties are parsed.
Split in two commits for simple backport.
