IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
These library syms should be restricted to use only in tpm2-util.c,
and all other code should use simpler functions exported in tpm2-util.h.
Also move the Esys_Freep() cleanup function into tpm-util.c, and make
tpm2-tss symbols static.
If this module is loaded, sending readiness notifications from the
VM will fail with "no route to host" so let's blacklist the module
to prevent that from happening.
This option allows overriding the architecture that's used for the
architecture specific partition types. This is useful to allow
reusing the same repart configuration to produce the same image for
different architectures.
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
All users of loopback_setup() ignore the return values (with the notable
exception of the test cases). Hence let's adjust the log messaging to
always log at LOG_WARNING level at most, and suffix messages with ",
ignoring", to make clear these failures are ignored.
Previously, unprivileged mode for find_esp_and_warn() and
find_xbootldr_and_warn() could be enabled or disabled. With this change
it can also be set to negative in which case the functions will enable
it automatically if found to be executing without privileges.
This just moves te geteuid() check we often do for the param inside of
the functions.
At the same time internally in the functions we also pass around the
VerifyESPFlags field across the various functions instead of booleans.
Both changes are just refactoring. No changes in behaviour.
In b6033b7060 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time
In 24039e1207 support was added to create
/etc/credstore with perm 0700 from meson.build at build time.
This patch makes unifies the two parts:
1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
places (the build system still won't create them in /run/, since
that's pointless since not shipped, and the runtime won't create the
dirs below /usr/lib/, since that's not generically writable anyway).
2. Both at runtime and at build time we'll create the dirs with mode
0700. This is easier for packaging tools to handle since they
generally react pretty negatively on dirs they can't enumerate.
In 9b9f6aa412 (#27069)
we changed get_file_version to return 0 instead of 1 on success.
However we did not update the printing of the version number to
handle this change so we would never print the version number.
To appease the LTO overlords:
In file included from ../../../../src/basic/macro.h:446,
from ../../../../src/shared/blockdev-util.h:8,
from ../../../../src/shared/creds-util.c:11:
../../../../src/shared/creds-util.c: In function 'get_credential_host_secret':
../../../../src/shared/creds-util.c:379:52: error: '%s' directive argument is null [-Werror=format-overflow=]
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../src/basic/log.h:214:86: note: in definition of macro 'log_full_errno_zerook'
214 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~
../../../../src/basic/log.h:250:41: note: in expansion of macro 'log_full_errno'
250 | #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__)
| ^~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:33: note: in expansion of macro 'log_debug_errno'
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:74: note: format string is defined here
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~
cc1: some warnings being treated as errors
../../../../src/core/transaction.c: In function 'transaction_verify_order_one':
../../../../src/core/transaction.c:338:38: error: '%s' directive argument is null [-Werror=format-overflow=]
338 | sprintf(ans + size, "%s%s", unit_log_field, *unit_id);
| ^~
cc1: some warnings being treated as errors
Containers generally don't have permission to mknod() which is
required by test-udev so let's skip the test as well if we detect
we're running in a container.
