IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If /etc/passwd and/or /etc/shadow exist but don't have an existing root entry,
one needs to be added. Previously this only worked if the files didn't exist.
(cherry picked from commit 2319154a6bec7b8c42e901dfacaefe95bf4e3750)
(cherry picked from commit 847dd914d0ee0e6f3ca576891b82896ee3e68d99)
Although locked and empty passwords in /etc/passwd are treated the same, in all
other cases the entry is configured to read the password from /etc/shadow.
(cherry picked from commit 5088de9daa156a095e79684c658f9035db971538)
(cherry picked from commit 21d270d38f821915949e3c13950637994c33d34f)
Several features were not being tested or weren't being evaluated thoroughly.
(cherry picked from commit 38688bbc8ffb16a449a41cab344c27f6b1e74cd3)
(cherry picked from commit fdf270a89e22ca9b0171153479cfda0c7922699e)
To avoid conflicts with user .network file for the wlan interface with Bond=.
See https://github.com/systemd/systemd/issues/19832#issuecomment-857661200.
(cherry picked from commit e2becab08506d8a085f4c18231c7f354db16df9f)
(cherry picked from commit ad861b6ae6ee9660912f03f73f771c98f426753c)
A PE image's memory footprint might be larger than its file size due
to uninitialized memory sections. Normally all PE headers should be
parsed to check the actual required size, but the legacy EFI handover
protocol is only used for x86 Linux bzImages, so we know only the last
section will require extra memory. Use SizeOfImage from the PE header
and if it is larger than the file size, allocate and zero extra memory
before using it.
Fixes https://github.com/systemd/systemd/issues/33816
(cherry picked from commit 19812661f1f65ebe777d1626b5abf6475faababc)
(cherry picked from commit 84111f8916340e3e67d8166eb1d9938da94ce669)
Otherwise, when an interface gained its carrier, the interface may not
have matching .network file yet, then link_reconfigure_impl() returns
zero, and link_handle_bound_by_list() is skipped.
Fixes#33837.
(cherry picked from commit 36b8ad085c6902631ad7054bffbda33d6d168823)
(cherry picked from commit 0d98178abb5ea470d03d05680e58ff0e59fe69bd)
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd)
(cherry picked from commit 812fc38b9147232862263e482ce19bec71137b95)
Even if a timespan specified to IgnoreCarrierLoss= for an interface,
when the carrier of the interface lost, bound interfaces might be bring
down immediately.
Let's also postpone bringing down bound interfaces with the specified
timespan.
(cherry picked from commit e8eaed0240d642e70c567b08f3593e4cf45a255a)
(cherry picked from commit 9468a6ea47cfb8412875923d09b8a8ae6ee02119)
Similar to the implementation of cgroup.kill in the kernel, let's
skip kernel threads in cg_kill_items() as trying to kill kernel
threads as an unprivileged process will fail with EPERM and doesn't
do anything when running privileged.
(cherry picked from commit 0fbb569de1dcc06118dba006cf7a40caf6cd94d0)
(cherry picked from commit 3d90344e941f10b6fe7b1a315b79ca09c4451a86)
On CentOS/Fedora, dracut is configured to write the initrd to
/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well
if no initrds were supplied.
(cherry picked from commit b56920e36c5692c0dde701bfb48330653a9c62c9)
(cherry picked from commit 1cb21b2cb194501464c52c1f32ae55f593689cc3)
If we're running from within a container, we're very likely not going
to want to use the kernel command line from /proc/cmdline, so let's add
a check to see if we're running from a container to decide whether we'll
use the kernel command line from /proc/cmdline.
(cherry picked from commit 35c01ec59e0c2e6bd06cb18ca2ff612c6a7ea35d)
(cherry picked from commit c386327fc851863abf4c27076bd368dfc55b83a0)
- Improve wording for explanation when these variables are inherited
- Clarify that these variables are not placed in the process environment block,
so /proc/PID/environ cannot be used as a debugging tool
(cherry picked from commit 6c1e0823b04525716d9ee0031a2b6735d3f7dfa4)
(cherry picked from commit 5cf0c45f64079430b0b7c12ad323f238386260b0)
The new file, modules.weakdep, generated by depmod to get the weak
dpendencies information can be present
(05828b4a6e),
so remove it like the other similar files.
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
(cherry picked from commit eef4cd51f94d837bd0e71512c831634a2902522d)
(cherry picked from commit 0cdec6e1fef4174c0d04aaca195ab56750437535)
TEST-46-HOMED fails on ext4 because the filesystem is deemed to small
for activation by cryptsetup. Let's bump the minimal filesystem size for
ext4 a bit to be in the same ballpark as ext4 and btrfs to avoid weird
errors due to impossibly small filesystems.
(cherry picked from commit ae07feb401ff70b122650ac01041021703d4b8ad)
(cherry picked from commit 161286e989a497537f7f38741dfe722dc2762a2e)
EINVAL should be used when a function is called with an invalid
argument. Here, the signal is not a function argument.
Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9.
(cherry picked from commit ab9af70edb23f2a66e93e2e16f87cd98873885b7)
(cherry picked from commit 84f0eda3781f49ff7f3035861b02fe247b89d65e)
The signalfd_siginfo struct is received from outside via a FD, hence
assert() is not appropriate way to check it. Just do a normal runtime
check.
(cherry picked from commit 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9)
(cherry picked from commit 7a48ea958bf146a45cb4a3b7ff7aeb5885469196)
Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos,
because of the two's-complement negative value representation.
Subsequently, ERRNO= is not logged for most of our own code.
Let's fix this, by formatting all synthetic errnos as positive.
Then, treat all negative values as non-synthetic.
While at it, mark the evaluation order explicitly, and remove
unneeded comment.
Fixes#33800
(cherry picked from commit 268f58076f7e0258dce75f521d08199092279853)
(cherry picked from commit 4ad6b2631d73a574859a62d33715a7bdef810bcf)
This fixes
commit 9b0688f491674b53ef7a52bdf561a430c53673d6
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue Jan 9 10:52:49 2024 +0900
virt: add Google Compute Engine support
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e)
(cherry picked from commit b077417713ea6df028d61287c042abc235fc0c41)
The tests haven't been renamed in this branch
Follow-up for 0f518750a44dc4b2987ecc0cea4b3d848ac46ee9
Follow-up for 971345aa4e0f4050dac0cade09abaa9c1fbc7050
Follow-up for 6906c028e83b77b35eaaf87b27d0fe5c6e1984b7
The mentioned commit uses access() to check if varlink socket
already exists in the filesystem, but that isn't sufficient.
> Varlink sockets are not serialized until v252, so upgrading from
> v251 or older means we will not listen anymore on the varlink sockets.
>
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074789
> for more details as this was found when updating from Debian Bullseye to a new version.
After this commit, the set up of varlink_server is effectively
split into two steps. manager_varlink_init_system(), which is
called after deserialization, would no longer skip listening
even if Manager.varlink_server is in place, but actually
check if we're listening on desired sockets.
Then, manager_deserialize() can be switched back to using
manager_setup_varlink_server().
Alternative to #33817
Co-authored-by: Luca Boccassi <bluca@debian.org>
(cherry picked from commit d4e5c66ed469c822ca5346c7a445ec1446b1d17f)
(cherry picked from commit b825a8be0b7b857a715e982cee861e8ae6995ee8)
The page was written when systemd-repart was primarily intended to be used on a
running system. But nowadays it's more often used to create images, so extend
that part of the description.
While at it, fix some whitespace issues and trim some overly complicated sentences.
(cherry picked from commit d202ea57549248c4246c8f453a2ff88a4c2a7e1e)
(cherry picked from commit e60d01bdbf0d31d32d4bf1e36d5c40e16c84fafb)
Certainly on systemd 252 at least a configuration of
```
MemorySwapMax=40%
```
is supported but this was missing from the man page.
Only MemoryMax was documented as supporting a %.
(cherry picked from commit 8af38e5b0475f514141d314088dcf9fffd7edc37)
(cherry picked from commit 766af3f782299a7cbfba24a4333444ac008c17d2)
It is unnecessary, which will mess the completion.
(cherry picked from commit 733518b41350ce781c7e41a4c866eafb9e549e1f)
(cherry picked from commit fd2a6ea0a8d4b535e4ac3645772b946906e02c7d)
We'll *always* hit ENEOENT when iterating through SMBIOS type #11
fields, on the last one. it's very confusing to debug log about that,
let's just not do it.
(cherry picked from commit 5202ee42d5da0ae3a6655d2bc959a19d8c347e9d)
(cherry picked from commit 995c702a347d16cfad4605f3982d5278616ea1f8)
Follow-up for 19a44dfe4525ab01caf593a9c2beada4b412910d
If a drop-in is set from upper level, e.g. global unit_type.d/,
even if a unit is masked, its dropin_paths would still be partially
populated. However, unit_need_daemon_reload() would always
compare u->dropin_paths with empty strv in case of masked units,
resulting in it always returning true. Instead, let's ignore
dropins entirely here.
Fixes#33672
(cherry picked from commit 11b3775f514f521f353741ff6ac4d66cf0e928e8)
(cherry picked from commit 6a3cb4cd11119cf8d3ed29d076c223b0fe491f98)
If there is an error with the execv call in fork_agent the
program exits without any meaningful log message. Log the
command and errno so the user gets more information about
the failure.
Fixes: #33418
Signed-off-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
(cherry picked from commit a408d4453145621902b9a3ef78a552f83b09bd8d)
(cherry picked from commit 7fcfb73d71ed1d4230f58de1a94790e0c28719ea)
If building with clang and clang does not support bpf, then enabling
-Dbpf-framework=enabled would silently drop the feature (even printing
bpf-framework: enabled in the meson build recap, and no message anywhere
that'd hint at the failure!)
This is unexpected, so add check to fail hard in this case.
All other code paths (gcc, missing bpftool) properly check for the
option, but it is not as easy for a custom command so check explicitly
(cherry picked from commit 8da20e3fe2a544979922cea457de3031aa74d64c)
(cherry picked from commit d6f8575f1e771ec667ed6821fa89ac679dab119d)
Make the warning for oneshot services (where RuntimeMaxSec= has no
effect) more actionable by pointing to the directive people can use
instead to effectively limit their runtime.
(cherry picked from commit 8c4aa0f1c6a78b35712fa6a7acf6d755d0c0bd86)
(cherry picked from commit 468b0646342986c6cc9bd797b4ba189dc488ee8d)
This is a common case, and nothing noteworthy at all. For example, if we
establish an enumerator for listing all devices tagged by some tag, then
the per-tag dir is not going to exist if there are currently no devices
tagged that way, but that's a really common case, and doesn't really
deserve any mention, not even at debug level.
(cherry picked from commit a68c97a54527cacaeeac0c117493639fc455ef5e)
(cherry picked from commit 8aa9e60f89f84a90fb364ee66cf62432a6b877ba)
Prompted by #33737
The intention of b37e8184a5a376749fbf68674ed6d7a4fc9901aa
is to expose sd_id128_get_app_specific() on command line.
But combining that with GPT type list makes little sense.
(cherry picked from commit fa96c55b7b0d19a7f72908ee7d3f8a1ef630be96)
(cherry picked from commit 86ec58a55c62e974a4f0cc345fac3fd84817399f)
Same as the other aliases. Allows chaining commands like:
$ systemd-id128 show -P root-$(dpkg-architecture --query DEB_HOST_ARCH)
4f68bce3e8cd4db196e7fbcaf984b709
(cherry picked from commit f0b151ce864371da06a4d4a63a2a8b5282817b7e)
(cherry picked from commit b60d5bc1b774f900dc5c5d45faed17e919bdf0b3)
When boot counting is enabled, adding a new loader entry or UKI can conflict
with an existing one that has booted successfully and therefore has its boot
counter removed. systemd-bless-boot will fail to bless the new successful boot,
since a file without a boot counter already exists. Since kernel-install will
clobber existing files without boot counting, we should therefore remove files
without a boot count as well, when we add a file with one.
Fixes: #33504
(cherry picked from commit 99d4575e541fa1fb00dc80f7aad572f3a66db461)
(cherry picked from commit b78618540659a40c4c26aa588b3cd8b9c46116d1)
This is VFAT world after all.
(cherry picked from commit 764faf60400bafb1764b728aafe0dcf4cbf07364)
(cherry picked from commit 18143edf3e582d6b8c2933f5c181c9b29146023a)
Addons are called addons, say so. And some other fixes.
(cherry picked from commit 40d9c16d1ee98c16af5804bab256b62c37feac3b)
(cherry picked from commit 78fcf31f08664371d2df58f9cf43d68a74a347ec)
Otherwise they will pull down the disk too, which we don't want on soft-reboot
(cherry picked from commit bbb0b72849ebbeeb8e252d9aeed94521df4f0ae8)
(cherry picked from commit 1747350ffd05e2588b808d17befbc36072207c3c)
Symlink created by Alias will use the value as the file name.
(cherry picked from commit 3f0e7fd4fd1d20e3f4be18f485c76d25ce10f41b)
(cherry picked from commit a68188e985d29e46cfa6eb2e17419fad90f0b287)
When watching a given pathspec, systemd unconditionally installs
IN_ATTRIB watches to track the link count of the resolved file. This
way, we are notified if the watched path disappears, even if the
resolved file inode is not removed.
Similarly, systemd installs inotify watches on each parent directory, to
be notified when the specified path appears. However, for these watches
IN_ATTRIB is an unnecessary addition to the mask. In inotify, IN_ATTRIB
on a directory is emitted whenever the attributes of any child changes,
which, for many paths, has the potential to cause a high number of
spurious wakeups in systemd. Let's remove IN_ATTRIB from the mask when
installing watches on the parent directories of the specified path.
(cherry picked from commit 8bf8c7d83dcffffa55b5f534fb98db6b01315dc1)
(cherry picked from commit fa2b2da1466ff225363c1a0492b1b43c1d01dd8a)
