IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about
less now), and we automatically enable secure mode in certain cases, but not
otherwise.
This approach is more nuanced, but should provide a better experience for
users:
- Previusly we would set LESSSECURE=1 and trust the pager to make use of
it. But this has an effect only on less. We need to not start pagers which
are insecure when in secure mode. In particular more is like that and is a
very popular pager.
- We don't enable secure mode always, which means that those other pagers can
reasonably used.
- We do the right thing by default, but the user has ultimate control by
setting SYSTEMD_PAGERSECURE.
Fixes#5666.
v2:
- also check $PKEXEC_UID
v3:
- use 'sd_pid_get_owner_uid() != geteuid()' as the condition
(cherry picked from commit 0a42426d797406b4b01a0d9c13bb759c2629d108)
Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.
Prompted by #5666
(cherry picked from commit 612ebf6c913dd0e4197c44909cb3157f5c51a2f0)
Currently systemd-detect-virt fails to detect running under PowerVM.
Add code to detect PowerVM based on code in util-linux.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
(cherry picked from commit 3224e38bb6b3287ca253cbafb460a150544d5818)
The usual: "empty string" is meaningless in this context. We are not assigning
DestinationPort="". Just say "unset".
Fixes#17240.
(cherry picked from commit e6fd398d61a9810d53a2a5a30294500718e43286)
"keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with
an internal secret key" instead.
For #17177.
(cherry picked from commit e0c60bf6a0065ba447b50fcb1bb171725e8bd00d)
It can be one of "foreign", "missing", "stub", "static", "uplink",
depending on how /etc/resolv.conf is set up:
foreign → someone/something else manages /etc/resolv.conf,
systemd-resolved is just the consumer
missing → /etc/resolv.conf is missing altogether
stub/static/uplink → the file is managed by resolved, with the
well-known modes
Fixes: #17159
(cherry picked from commit 4261ab654c0df009b5a37a30593d58d47fec617f)
Missed in #15426. Otherwise, it ends up only taking the first two rows
of the table, in no section.
(cherry picked from commit 45ba6a585321cc655ce53d22d631747961330d69)
The directory backend needs a file system path, and not a raw block
device. That's only supported for the LUKS2 backend.
Let's make this clearer in the man page and also generate a better error
message if attempted anyway.
Fixes: #17068
(cherry picked from commit f9d525ae558105bf7fd77ad76e4fdb135bb9f634)
Different systems use different paths for it and users are confused when the
man page has a path different than the one on the local system.
https://bugzilla.redhat.com/show_bug.cgi?id=1876905
(cherry picked from commit c2ee27a5e7fa1c6a71341579baa2d941c6e3e6e6)
The manual states that a persistent timer triggers it's service
immediately on activation to catch up with missed invocations, but since
PR #11608 it is no longer the case if RandomizedDelaySec= is set to a
non-zero value.
(cherry picked from commit 5501da15ba34284e50c10ccd6b3ffa8838bb431b)
Let's make sure the sd_listen_fd() docs are really found from the
.socket file documentation as well as the FileDescriptorStoreMax=
documentation.
Let's also emphasize that that's where the order in which the fds are
passed are documented.
Fixes: #16647
(cherry picked from commit df2f58176d0093f5798240d4d0a69aba21a8f2e2)
Let's document the discrepancy between the Sec and USec suffixing of
unit files and D-Bus properties at three places: in "systemctl show"
(where it already was briefly mentioned), in the D-Bus interface
description (at one place at least, i.e. the most prominent of
properties that encapsulate time values, there are many more) and in the
general man page explaining time values.
By documenting this at all three places I think we now do as much as we
can do about this highlighting the discrepancy of the naming and the
reasons behind it.
Fixes: #2047
(cherry picked from commit 3c719357dcd56d4c826ec6a4e6870111c2ee8a36)
The fix from cb263973acf83de22a86f08fe502a9cbd6c01d2b was made the other way around,
i.e. `SIGKILL` was changed to `SIGUSR1`, but the sentence is about a "termination signal", i.e. `SIGKILL`, not `SIGUSR1`.
(cherry picked from commit be3f62faf5d498aaab4cf6ceb3ca56e0d994ddf5)
We forgot to do this before the release :(
Relavant commits are:
4e11ddfdd3c1f93721b8ca534e33e16ced32ff06,
0bb007f7a23c41e23481373ded47ee3ddcf8f26b,
a3d19f5d99c44940831a33df8b5bece4aaf749f7,
bf760801804e55b045aed54bf9b1d0b0131be3f2,
4793c31083031e729e6eb17b87b540a3944bba3b.
Suitable for backporting.
(cherry picked from commit 9653108f1135ad5105fbe71ccf6f818aeb7aa5f8)
Fix a presumed copy&paste error. SetLockedHint corresponds to the "locked hint", not the "idle hint".
(cherry picked from commit 07b4f4496868578e56932a292de0f0b1881ecc84)
99e015e28c8322bf714f45cd1defcf20ac2103c5 missed to update the example
below - DHCPv6.AssignAcquiredDelegatedPrefixAddress was moved to
DHCPv6PrefixDelegation.Assign.
As it already defaulted to true since it's introduction in
9efa8a3cff9948d3a78597b74dca75c805716de4, there's no need to explicitly
list it at all.
There are a lot of edge cases that the current implementation
doesn't handle, especially in cases where one of passwd/shadow
exists and the other doesn't exist. For example, if
--root-password is specified, we will write /etc/shadow but
won't add a root entry to /etc/passwd if there is none.
To fix some of these issues, we constrain systemd-firstboot to
only modify /etc/passwd and /etc/shadow if both do not exist
already (or --force) is specified. On top of that, we calculate
all necessary information for both passwd and shadow upfront so
we can take it all into account when writing the actual files.
If no root password options are given --force is specified or both
files do not exist, we lock the root account for security purposes.
This reverts commit 0b578036301d7c3f2dab8df1f31f0121552a4e10.
From https://github.com/systemd/systemd/pull/16503#issuecomment-660212813:
systemd-vconsole-setup (the binary) is supposed to run asynchronously by udev
therefore ordering early interactive services after systemd-vconsole-setup.service
has basically no effect.
Let's remove this paragraph. It's better to say nothing than to give pointless
advice.
Let's use the new flag wherever we read key material/passphrases/hashes
off disk, so that people can plug in their own IPC service as backend if
they like, easily.
(My main goal was actually to support this for crypttab key files — i.e.
that you can specify AF_UNIX sockets as third column in crypttab — but
that's harder to implement, since the keys are read via libcryptsetup's
API, not ours.)
