IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Inspired by https://github.com/systemd/systemd/pull/24024 this is
another user mode helper, where this might be an issue. hence let's
rather be safe than sorry, and also connect stdin/stdout/stderr
explicitly with /dev/null.
Since the general generator logic was established in the rewrite in
07719a21b6, generators would always write to /tmp
by default. I think this not a good default at all, because generators write a
bunch of files and would create a mess in /tmp. And for debugging, one
generally needs to remove all the files in the output directory, because
generators will complain in the output paths are already present. Thus the
approach of disabling console logging and writing many files to /tmp when
invoked with no arguments is not nice, so let's disallow operation with no
args.
But when debugging, one generally does not care about the separate output dirs
(most generators use only one). Thus the general pattern I use is something
like:
rm -rf /tmp/x && mkdir /tmp/x && build/some-generator /tmp/{x,x,x}
This commit allows only one directory to be specified and simplifies this to:
rm -rf /tmp/x && mkdir /tmp/x && build/some-generator /tmp/x
This is useful to use "f" or "w" to write arbitrary binary files to
disk, or files with newlines and similar (for example to provision SSH
host keys and similar).
When invoked as the coredump handler by the kernel, systemd-coredump's
stdout and stderr streams are closed. This is dangerous as this means
the fd's can get reallocated, leading to hard to debug errors such as
log messages ending up being appended to a compressed coredump file.
To avoid such issues in the future, let's bind stdout/stderr to
/dev/null so the file descriptors can't get used for anything else.
This imports credentials also via SMBIOS' "OEM vendor string" section,
similar to the existing import logic from fw_cfg.
Functionality-wise this is very similar to the existing fw_cfg logic,
both of which are easily settable on the qemu command line.
Pros and cons of each:
SMBIOS OEM vendor strings:
- pro: fast, because memory mapped
- pro: somewhat VMM independent, at least in theory
- pro: qemu upstream sees this as the future
- pro: no additional kernel module needed
- con: strings only, thus binary data is base64 encoded
fw_cfg:
- pro: has been supported for longer in qemu
- pro: supports binary data
- con: slow, because IO port based
- con: only qemu
- con: requires qemu_fw_cfg.ko kernel module
- con: qemu upstream sees this as legacy
This can be useful for users of slow block devices.
For example, the persistent-storage rules are needed for USB floppy
drives be recognized by udisks2, but the extra blkid calls cause
thrashing for 25+ seconds after every disk change.
With this change, a user wishing to avoid the extra blkid invocation(s)
could create /etc/udev/rules.d/55-floppy-noprobe.rules as follows:
# Don't probe PC floppy drives
SUBSYSTEM=="block", KERNEL=="fd*", \
ENV{UDEV_DISABLE_PERSISTENT_STORAGE_BLKID_FLAG}="1"
# Don't probe USB floppy drives
SUBSYSTEM=="block", SUBSYSTEMS=="usb", \
ATTRS{bInterfaceClass}=="08", ATTRS{bInterfaceSubClass}=="04", \
ENV{UDEV_DISABLE_PERSISTENT_STORAGE_BLKID_FLAG}="1"
I didn't exclude floppies by default in this change, because floppy
devices are also emulated by some BIOSes/hypervisors in some cases, and
I don't know how many systems would fail to boot if /dev/disk/by-uuid/*
became unavailable for 'floppy disks' on those systems.
Commented reasoning on why it's safe to replace
__sync_bool_compare_and_swap with __atomic_compare_exchange_n in each
location even though the latter has an additional side effect.
__sync_synchronize should be equivalent to __atomic_thread_fence with
__ATOMIC_SEQ_CST memory ordering.
This one is rather tricky, but changing the initialization of
current_val should give this the same effect. Based on ffmpeg's change
here: https://ffmpeg.org/pipermail/ffmpeg-devel/2014-October/164556.html
Quoting from them:
> The second reason is __atomic_compare_exchange_n(), and how it differs from
> __sync_val_compare_and_swap().
> While the latter returns *ptr as it was before the operation, the former
> doesn't and instead copies *ptr to oldval if the result of the
> comparison is false. This means that returning oldval will match the old behavoir
> without having to change the wrapper.
> A disassemble example from libavutil/buffer.o however hints that the
> __atomic function may be slower because of it writting oldval.
Let's not allow anyone to look into /root/ if we create it via the
base-filesystem logic. i.e. change 0755 → 0750 as default access mode
for /root/, in case we create it if it happens to be missing.
This allows growfs to expand the filesystem even when the underlying
block device cannot be expanded. This has been useful for example on
LUKS devices that have already been expanded using systemd-repart.
This works around the following error:
```
root@mobian:/home/mobian# /usr/lib/systemd/systemd-growfs /
crypt_resize() of /dev/block/179:2 failed: Operation not permitted
```