IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If we're waiting for the debugger process to exit and receive SIGTERM,
propagate it to all processes in our process group, including the
debugger, so we can follow it up with a proper cleanup.
Resolves: #28772
Let's make kernel-install a bit easier to use:
If the kernel version is not specified, let's imply "uname -r", so that
we regnerate the entries for the current kernel.
If the kernel image is not specified let's imply using
/usr/lib/modules/$version/vmlinuz, i.e. the location distros like Fedora
drop the kernel into, which we generally recommend people to use.
If the kernel is not found there, don't try to automatically pick the
kernel path, and fail, as before.
Let's be friendly in what we accept: whenever we define a JSON
structure, let's also allow decimal strings where we want an integer.
This patch purely replaces JSON_VARIANT_UNSIGNED by
_JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that
we'll happily accept any type in json_dispatch(), so that
json_dispatch_uint64() and related tools can do their thing.
This does not switch over OCI (as a JSON structure not defined by us).
JSON famously is problematic with integers beyond 53 bits, because
JavaScript stores everything in double precision floating points.
Various implementations in other languages can deal with signed 64 bit
integers, and a few can deal with unsigned 64bit too (like ours).
Typically program that need more then 53 bit of accuracy encode integers
as decimal strings, to make sure that even if consumers can't really
process larger values they at least won't corrupt the data while passing
it along. This is also recommended by JSON-I (RFC 7493)
To maximize compatibility with other implementations let's add 1st class
parsing support for such objects in the json_dispatch() API.
This makes json_dispatch_uint64() and related calls parse such
integers-formatted-as-decimal-strings as uint64_t. This logic will only
be enabled if the "type" field of JsonDispatch is left unspecified (i.e.
set to negative/_JSON_VARIANT_TYPE_INVALID) though, hence alone does not
change anything in effect.
This purely is about consuming such values, whether we should genreate
them also is a discussion for a separate PR.
When starting a service with a non-root user and a SystemCallFilter and
other settings (like ProtectClock), the no_new_privs flag should not be set.
Also, test that CapabilityBoundingSet behaves correctly, since we need
to preserve some capabilities to do the seccomp filter and restore the
ones set by the service before executing.
Until now, using any form of seccomp while being unprivileged (User=)
resulted in systemd enabling no_new_privs.
There's no need for doing this because:
* We trust the filters we apply
* If User= is set and a process wants to apply a new seccomp filter, it
will need to set no_new_privs itself
An example of application that might want seccomp + !no_new_privs is a
program that wants to run as an unprivileged user but uses file
capabilities to start a web server on a privileged port while
benefitting from a restrictive seccomp profile.
We now keep the privileges needed to do seccomp before calling
enforce_user() and drop them after the seccomp filters are applied.
If the syscall filter doesn't allow the needed syscalls to drop the
privileges, we keep the previous behavior by enabling no_new_privs.
With ResolveUnicastSingleLabel=yes, a scope's search domains are affixed to the
query even when a routing domain matches the single-label query name,
preventing the use of dotless single-label domains entirely.
This changes dns_scope_name_wants_search_domain() to return false when the
scope contains an exact match of the single-label name in the query, allowing
lookups for dotless domains with ResolveUnicastSingleLabel enabled.
Let's wait for the "latest" message systemd-bsod prints to the console
to appear, otherwise we might be too fast and take a console snapshot
before it contains all the information:
[ 44.237788] testsuite-04.sh[1744]: + setterm --term linux --dump --file /tmp/console.dump
[ 44.246089] systemd-bsod[1858]: QR code could not be printed, ignoring: Operation not supported
[ 44.305692] testsuite-04.sh[1744]: + grep -aq 'The current boot has failed' /tmp/console.dump
[ 44.308047] testsuite-04.sh[1744]: + grep -aq 'Service emergency message' /tmp/console.dump
[ 44.311200] testsuite-04.sh[1744]: + grep -aq 'Press any key to exit' /tmp/console.dump
[ 44.314359] testsuite-04.sh[1744]: + at_exit
[ 44.315087] testsuite-04.sh[1744]: + local EC=1
[ 44.315945] testsuite-04.sh[1744]: + [[ 1 -ne 0 ]]
[ 44.316647] testsuite-04.sh[1744]: + [[ -e /tmp/console.dump ]]
[ 44.318305] testsuite-04.sh[1744]: + cat /tmp/console.dump
[ 44.319320] testsuite-04.sh[1871]: The current boot has failed!
[ 44.319970] testsuite-04.sh[1871]: Service emergency message
<ulinks> contents are used to generate a SEE ALSO section at the
bottom of a man page, so we need to include the title, without additional
words, in the content.
As pointed out in https://github.com/systemd/systemd/issues/29814, we need to
use phrases are are meaningful on their own, because the man page formatter
creates a list at the bottom. With <ulink>see docs</ulink>, we end up with:
NOTES:
1. see docs
https://some.url/page
2. see docs
https://some.url/page2
which is not very useful :(
Also, the text inside the tag should not include punctuation.
Python helper:
from xml_helper import xml_parse
for p in glob.glob('../man/*.xml'):
t = xml_parse(p)
ulinks = t.iterfind('.//ulink')
for ulink in ulinks:
if ulink.text is None: continue
text = ' '.join(ulink.text.split())
print(f'{p}: {text}')
We're not going ahead with the corresponding change in mkosi
after all so revert the preparatory change in systemd as well.
This reverts commit f756bcdf17.
Linux's Control Group v2 interfaces exposes memory.peak, which contains the
"max memory usage recorded for the cgroup and its descendants since the
creation of the cgroup."
This commit adds a new property "MemoryPeak" for units and makes "systemctl
show" display this value if it is available.
Fixes#29878.
Signed-off-by: Florian Schmaus <flo@geekplace.eu>
Also, don't panic when both optional arguments are empty. This should
make the syntax compatible-ish with the dracut one from dracut.cmdline(7).
Resolves: #29855
Previously only the first entered passphrase would be used. Add the ability to check all the passwords entered by the user. The total number of passwords entered is still limited by passphrase entry limit.
