IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This makes tmpfiles, sysusers, and udevd invoked in the following order:
1. systemd-tmpfiles-setup-dev-early.service
Create device nodes gracefully, that is, create device nodes anyway
by ignoring unknown users and groups.
2. systemd-sysusers.service
Create users and groups, to make later invocations of tmpfiles and
udevd can resolve necessary users and groups.
3. systemd-tmpfiles-setup-dev.service
Adjust owners of previously created device nodes.
4. systemd-udevd.service
Process all devices. Especially to make block devices active and can
be mountable.
5. systemd-tmpfiles-setup.service
Setup basic filesystem.
Follow-up for b42482af90.
Fixes#28653.
Replaces #28681 and #28732.
This reverts commits 112a41b6ec,
3178698bb5, and
b768379e8b.
The commit 112a41b6ec introduces #28765,
as systemd-tmpfiles-setup.service has ordering after local-fs.target,
but usually the target requires block devices processed by udevd.
Hence, the service can only start after the block devices timed out.
Fixes#28765.
Otherwise if the os-release file shrinks between updates, there
will be a merge of the two.
Also remove redundant ENOENT check.
Follow-up for 3f37a82545
Follow-up for: 947d836a6e
(I guess in the original patch authors usecase the root fs actually
*does* remain in memory, but that's a special case and does not belong
in the man pages this way).
This change makes sure a data copy using copy_bytes() does not exceed the
max_bytes value when using COPY_HOLES and max_bytes stops before the next
data section.
Previously, we did not check error from iovw_put(). If it fails, the
target iovw may have no iov or partial iovs from the journal importar.
So, the finalization may cause underflow and may access and free invalid
memory.
Follow-up for 946dc7c635.
This is a magic string, and we should avoid stepping into the territory
of normal keymap names with that, given that users can pick names
otherwise freely.
Hence, prefix the name with a special char to avoid any namespace
issues.
Follow-up for: #28660
The gnu-efi definition of the struct uses [1], our local one [0] to size
the filename array. Let's avoid an ambiguity and use offsetof() so that
this difference doesn't matter. Also, doing it this way makes very clear
to the read what happens here: it's a structure with a variable size
suffix.
ignore_padding= was only added in a recent version of pefile. Let's
set length= to the virtual size instead which is what ignore_padding
does behind the scenes so we're compatible with older versions of
pefile.
Originally, the source code was copied under /root/src.
This home directory is part of root FS and the new mkosi building
paradigm has only ephemeral root FS that is generated lazily.
Any files placed on the root FS in the build environment are that
excluded from the final image.
It is useful to have source codes available in the image's runtime (not
build time) environment for debugging.
ExtraTrees= as used currently are ineffective, so change the destination
to copy files under /usr to achieve the intention.
gdb sees source files as:
> 1354 ../src/src/systemctl/systemctl.c: No such file or directory.
Modify gdb configration in the built image accordingly (that file cannot
be in /root neither) to resolve to the moved sources.
(Commit fdecbf7 ("Enable unprivileged image builds") envisions bind
mounting or virtiofsd for nspawn or qemu containers respectively.)
Let's not check the fd type beforehand, let's instead gracefully handle
if we get EPERM back from epoll_ctl() because the fd doesn't do epoll.
THis should be safer and more generic.
The epoll_ctl(2) man page clearly documents EPERM is being returned in
this case, hence it's safe to check for exactly that case.
Follow-up for: #28644
This is a follow-up for #28596.
I think the suggestion to use Type=exec uses too strong wording:
Type=exec has non-trivial drawbacks over Type=simple, and they deserve
to be mentioned.
Hence drop the <emphasis> and turn this around so that Type=exec is
*recommended*, but Type=simple is not expressly discouraged, because
there are plenty reasons to use it.
Add a brief discussion where Type=simple might be preferable.
Also, fix the outright unruth that Type=exec was the "simplest and
fastest", because it certainly is a lot, but not that.
For a userns root user to be able to access the credentials, both
the uid and gid of the credentials directory have to be mapped into
the userns. Currently, the credentials directory group is root, which
we obviously do not want to map in to a userns, so let's make sure
that the credentials directory and files are owned by the service
group instead, which can generally be safely mapped into the userns.
Since we use permissions mode 0600, this shouldn't cause any change
in who is able to access the credentials.
Fixes#28747
