IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Follow-up for 64f3419ec1f56a93b6dd48137ca40c945fc06c59.
If the input timestamp is too old (say, 1min since 1970-01-01), then
parse_timestamp() may fail on a timezone with positive shift e.g.
JST (UTC+9). Moreover, even if parse_timestamp() succeeds, its result
'y' and 'usec_sub_unsigned(x, 2 * USEC_PER_DAY)' are both zero, and
the assertion will be triggered.
Fixes#26172.
This will be used by Tpm2Handle instances, which is added in later patches.
The refcounting allows the context to be retained until all Tpm2Handles have
been cleaned up, and the initial ref is released, before cleaning the context.
The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR
banks, while the 'primary_alg' functions operate on asymmetric algs, and are
not specific to primary keys.
If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL.
If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL)
which segfaults pid 1.
This is triggered by eg. "systemctl status crond" in RHEL9 if
/etc/systemd/system/crond.service
-> /ram/etc/systemd/system/crond.service
-> /usr/lib/systemd/system/.crond.service.blah.blah
-> /usr/lib/systemd/system/crond.service
Config options are -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec=.
Existing -Dupdate-helper-user-timeout= is renamed to -Dupdate-helper-user-timeout-sec=
for consistency. All three options take an integer value in seconds. The
renaming and type-change of the option is a small compat break, but it's just
at compile time and result in a clear error message. I also doubt that anyone was
actually using the option.
This commit separates the user manager timeouts, but keeps them unchanged at 90 s.
The timeout for the user manager is set to 4/3*user-timeout, which means that it
is still 120 s.
Fedora wants to experiment with lower timeouts, but doing this via a patch would
be annoying and more work than necessary. Let's make this easy to configure.
This allows sysusers to operate with --root that is an empty directory.
It may be useful to, for example, populate the user database before installing
anything else.
firstboot was already doing this, so drop the duplicated call there.
We keep adding fields to the header, and it's fine reading files with
different header sizes, as we check via the size if the fields we need
are included. However, let's be stricter when writing journal files than
when reading, and insist that the header structure in the file actually
matches our expectations. Refuse otherwise, so that a new file is
created after rotation that then matches our expectations.
This makes sure that mismatch in header size is treated exactly as
unknown "compatible" flags, which is our other mechanism to allow
extending the journal file format in a non-breaking way.
RFC3442 specifies option 121 (Classless Static Routes) that allow a DHCP
server to push arbitrary routes to a client. It has a Local Subnet
Routes section expliciting the behavior of routes with a null (0.0.0.0)
gateway.
Such routes are to be installed on the interface with a Link scope, to
mark them as directly available on the link without any gateway.
Networkd currently drops those routes, which is against the RFC, as
Linux has proper support for such routes.
Fixes: 7f20627 ("network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network")
The usual story:
$ diff -u <(pahole build/systemd-sysusers.0) <(pahole build/systemd-sysusers)
/* size: 80, cachelines: 2, members: 15 */
- /* sum members: 68, holes: 1, sum holes: 4 */
- /* sum bitfield members: 5 bits (0 bytes) */
- /* padding: 7 */
- /* bit_padding: 3 bits */
+ /* sum members: 73, holes: 1, sum holes: 4 */
+ /* padding: 3 */
/* last cacheline: 16 bytes */
Effectively, because of padding, we were not saving anything. We're not putting
struct Item in arrays, but when allocating on the heap, we're going to round up to
normal alignment too.
The code becomes shorter (and quicker):
$ size build/systemd-sysusers{,.0}
text data bss dec hex filename
79967 2040 264 82271 1415f build/systemd-sysusers.0
79726 2040 264 82030 1406e build/systemd-sysusers
(In case you're wondering, I wrote this long commit message for a very simple
change on purpose: I want to deflate the bitfield cargo cult a bit.)
Linux kernel's bpf-next contains BPF LSM support for s390x. systemd's
test-bpf-lsm currently fails with this kernel.
This is an endianness issue: in the restrict_fs bpf program,
magic_number has type unsigned long (64 bits on s390x), but magic_map
keys are uint32_t (32 bits). Accessing magic_map using 64-bit keys may
work by accident on little-endian systems, but fails hard on big-endian
ones.
Fix by casting magic_number to uint32_t.
Despite popular belief, the default file extracted by GNU tar is not stdin. It
is the value of the TAPE environment variable, falling back on a compile-time
constant. On my system, the default value is /dev/full, which causes tar to
just spin forever due to --ignore-zeros. Always specifying this flag is the
safe thing to do.
~$ tar --show-defaults
--format=gnu -f/dev/full -b20 --quoting-style=escape
--rmt-command=/usr/sbin/grmt
See also: ``(tar)defaults'', available via Info viewers, and in HTML form at:
https://www.gnu.org/s/tar/manual/html_node/defaults.html
When using --private-users, we have to create bind mount points as
the user that will become root in the user namespace, so let's take
that into account.
Before this commit, if virtual console keymap is unchanged, localed just
returns without modifying anything. However, the X11 part may need updating.
So we should check for both and ensure they are unmodified.
Replaces #26190.
This also makes x11_convert_to_vconsole() changed in the same way.
Then, their callers update Context if necessary.
No functional change, just preparation for later commits.
