IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
See commit 1f0958f640b87175cd547c1e69084cfe54a22e9d .
(cherry picked from commit f055cf77862bc580f3afbfaac161d1c060f39411)
(cherry picked from commit c86f4f5f287258938d0c30354040c3b034b0c066)
Prompted by #9473.
(cherry picked from commit b63dae3168209a06cefe2b9916667b7754b7de34)
(cherry picked from commit 438777cc00ccf2c05f8a05fa02907aa7be547719)
This was changed in commit 482efedc081b0c4bf2e77a3dee6b979d9c9a5765,
which was released in v243, to only enable and never disable IPv6.
Signed-off-by: Richard Laager <rlaager@wiktel.com>
(cherry picked from commit f542f3b2ed3cf3e71692d1736f3fdd0ebdc226ef)
(cherry picked from commit 807d6dd157e67648dfb7ad8f8ff85a0b0a3db829)
Explicitly document the behavior introduced in #7437: when picking a new
UID shift base with "-U", a hash of the machine name will be tried
before falling back to fully random UID base candidates.
(cherry picked from commit 68709a636c838e0754b49caa6ff2d4168e3c99c8)
(cherry picked from commit 4032a1358897ecaf4e485399b03c6186fb2c90e9)
This explicitly documents the default `UTC` timezone which is used
by systemd and (other softwares) when `/etc/localtime` is not present.
Ref: https://github.com/systemd/systemd/blob/v247/src/basic/time-util.c#L1460-L1469
(cherry picked from commit 3d909037e3bb86bb14ceef98325b2759b938a4b3)
(cherry picked from commit a580023f1da331bd454ea72cad146215b255e0d0)
`AllowedIPs=` only affects "routing inside the network interface
itself", as in, which wireguard peer packets with a specific destination
address are sent to, and what source addresses are accepted from which
peer.
To cause packets to be sent via wireguard in first place, a route via
that interface needs to be added - either in the `[Routes]` section on
the `.network` matching the wireguard interface, or outside of networkd.
This is a common cause of misunderstanding, because tools like wg-quick
also add routes to the interface. However, those tools are meant as a
"extremely simple script for easily bringing up a WireGuard interface,
suitable for a few common use cases (from their manpage).
Networkd also should support other usecases - like setting AllowedIPs to
0.0.0.0/0 and ::/0 and having a dynamic routing protocol setting more
specific routes (or the user manually setting them).
Reported-In: https://github.com/systemd/systemd/issues/14176
(cherry picked from commit c6b90e5c5e54e98b6aed38677f77d8491f2e49c8)
(cherry picked from commit 14475e0e793be33bfad371c6d3545c7448f78730)
This commit adds support for disabling the read and write
workqueues with the new crypttab options no-read-workqueue
and no-write-workqueue. These correspond to the cryptsetup
options --perf-no_read_workqueue and --perf-no_write_workqueue
respectively.
(cherry picked from commit 227acf0009bde2cd7f8bc371615b05e84137847d)
Follow-up for ac24e418d9bc988ecf114c464701b35934948178.
The original motivation of the commit and RFE #15339 is to start dhcpv6
client in managed mode when neither M nor O flag is set in the RA.
But, previously, if the setting is set to "always", then the DHCPv6
client is always started in managed mode even if O flag is set in the
RA. Such the behavior breaks RFC 7084.
(cherry picked from commit 0e686feaff71465e3220f234871f66a39f0f57ad)
We do not allow machine names with "_", so the command would fail as written.
Share the example with the systemd-nspawn page instead.
(cherry picked from commit 5fadff3352cfeb82844b6d475056bb18f2eba0dc)
The phrase "routing domains" is used to mean both route-only domains and search
domains. Route-only domains are always called like that, and not just "route domains".
Some paragraphs are reordered to describe synthetisized records first, then
LLMNR, then various ways quries are routed.
Fixes#8928, hopefully.
(cherry picked from commit 9e1804b24c2fc75cd049b967d0f6411b6b42fecb)
We would return ENOENT, which is extremely confusing. Strace is not helpful because
no *file* is actually missing. So let's add some logs at debug level and also use
a custom return code. Let all user-facing utilities print a custom error message
in that case.
(cherry picked from commit ab4a88eb920e2f64a79a60c1ea9aecb7907a9635)
The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about
less now), and we automatically enable secure mode in certain cases, but not
otherwise.
This approach is more nuanced, but should provide a better experience for
users:
- Previusly we would set LESSSECURE=1 and trust the pager to make use of
it. But this has an effect only on less. We need to not start pagers which
are insecure when in secure mode. In particular more is like that and is a
very popular pager.
- We don't enable secure mode always, which means that those other pagers can
reasonably used.
- We do the right thing by default, but the user has ultimate control by
setting SYSTEMD_PAGERSECURE.
Fixes#5666.
v2:
- also check $PKEXEC_UID
v3:
- use 'sd_pid_get_owner_uid() != geteuid()' as the condition
(cherry picked from commit 0a42426d797406b4b01a0d9c13bb759c2629d108)
Some extra safety when invoked via "sudo". With this we address a
genuine design flaw of sudo, and we shouldn't need to deal with this.
But it's still a good idea to disable this surface given how exotic it
is.
Prompted by #5666
(cherry picked from commit 612ebf6c913dd0e4197c44909cb3157f5c51a2f0)
Currently systemd-detect-virt fails to detect running under PowerVM.
Add code to detect PowerVM based on code in util-linux.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
(cherry picked from commit 3224e38bb6b3287ca253cbafb460a150544d5818)
The usual: "empty string" is meaningless in this context. We are not assigning
DestinationPort="". Just say "unset".
Fixes#17240.
(cherry picked from commit e6fd398d61a9810d53a2a5a30294500718e43286)
"keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with
an internal secret key" instead.
For #17177.
(cherry picked from commit e0c60bf6a0065ba447b50fcb1bb171725e8bd00d)
It can be one of "foreign", "missing", "stub", "static", "uplink",
depending on how /etc/resolv.conf is set up:
foreign → someone/something else manages /etc/resolv.conf,
systemd-resolved is just the consumer
missing → /etc/resolv.conf is missing altogether
stub/static/uplink → the file is managed by resolved, with the
well-known modes
Fixes: #17159
(cherry picked from commit 4261ab654c0df009b5a37a30593d58d47fec617f)
