IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We have very similar code for setting generic efi vars in sd-stub and
sd-boot. Let's share it.
This changes behaviour in a minor way: if you chainload multiple
versions of an sd-boot you'll see the efi vars of the first one now in
the OS, not of the last one.
But this should not matter, invocation like that should generally not
happen.
Let's do the section measurement first, before we use any data of it.
Let's bring up the boot splash next, so that it covers anything else we
might do.
Instead of keeping three parallel arrays of dt base, dt size and dt
filename, just introduce a proper structure and use an array of that,
greatly simplifying DT handling.
Let's make sure we validate that the DOS/PE header offsets are actually
reasonable, and do not cause overflows when added to the base addresses.
(This shouldn're really be a problem URL, since the DOS header offset is
16bit only, but let's be extra careful with this)
Let's put a limit on how much memory we'll allocate for the section. And
let's add a safety overflow check.
(This is more a theoretic than a real problem, since on all PE archs
NumberOfSections is 16bit only.)
The construct is a POSIX invention, but it's just so useful, let's also
define it in EFI mode, so that we can use similar constructs in EFI mode
and userspace.
We already had 'auth_admin_keep' for org.freedesktop.login1.reboot and similar
actions. If a user is allowed to perform an action, I think they should be
allowed to _block_ the same action. Guarding this by auth_admin follows the
general principle of not allowing fully unprivileged users to have too much say
over the machine.
It seems entirely reasonable to make a policy which e.g. allows block operations
for interactive users after authentication. The tool should support this, so that
more complicated local policies can be used.
Related to https://github.com/systemd/systemd/pull/30307.
This adds %q, %A and %M specifiers to tmpfiles:
- %A and %M were previously added to tmpfiles.d man page, but not to specifier_table
- %q is added via COMMON_SYSTEM_SPECIFIERS
