IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The new calls work similarly, but enforce a that a common, fixed bus
path prefix is used.
This follows discussions with Simon McVittie on IRC that it should be a
good idea to make sure that people don't use the escaping applied here
too wildly as anything other than the last label of a bus path.
When run in an initrd and no root= argument is set (or is set to
root=gpt-auto) we will automatically look for the root partition on the
same disk the EFI ESP is located on.
Since we look for swap, /home and /srv on the disk the root partition is
located on, we hence have a fully discoverable chain:
Firmware discovers the EFI ESP partition → the initrd discovers the
root partition → the host OS discovers swap, /home, and /srv.
Note that this requires an EFI boot loader that sets the
LoaderDevicePartUUID EFI variable, such as Gummiboot.
The code for parsing these properties is shared with "systemctl
set-property", which means all the resource control settings are
immediately available.
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
Previously we expected the desktop environment to take an inhibitor
lock, but this opened a race on boot-up where logind might already be
running but no DE is active.
Hence, let's move checking for additional displays into logind. This
also opens up this logic for other DEs, given that only GNOME
implemented the inhibitor logic so far.
This partially reverts 41a55c46ab
Some specifications we want to stay compatibility actually document
/var/run, not /run, and we should stay compatible with that. In order to
make sure our D-Bus implementation works on any system, regardless if
running systemd or not, we should always use /var/run which is the
only path mandated by the D-Bus spec.
Similar, glibc hardcodes the utmp location to /var/run, and this is
exposed in _UTMP_PATH in limits.h, hence let's stay in sync with this
public API, too.
We simply do not support systems where /var/run is not a symlink → /run.
Hence both are equivalent. Staying compatible with upstream
specifications hence weighs more than cleaning up superficial
appearance.
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
This also changes the names to MTUBytes and BitsPerSecond, respectively. Notice
that the speed was mistakenly documented to be in bytes before this change.
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
Either it is shared across threads, or it is per-thread: decide.
Reading the source code, I see a thread_local identifier, so that's
that. But that does not yet preclude that a program may pass around
the pointer returned from the function among its own threads.
Do a best effort at saying so.
Issues fixed:
* missing words required by grammar
* duplicated or extraneous words
* inappropriate forms (e.g. singular/plural), and declinations
* orthographic misspellings
This adds the host side of the veth link to the given bridge.
Also refactor the creation of the veth interfaces a bit to set it up
from the host rather than the container. This simplifies the addition
to the bridge, but otherwise the behavior is unchanged.
Actually 'STDOUT' is something that doesn't appear anywhere: in the
stdlib we have 'stdin', and there's only the constant STDOUT_FILENO,
so there's no reason to use capitals. When refering to code,
STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in
other places they are replaced with normal phrases like standard
output, etc.
* standardize capitalization of STDIN, STDOUT, and STDERR
* reword some sentences for clarity
* reflow some very long lines to be shorter than ~80 characters
* add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
The behavior of this is a little cryptic in that $MAINPID must exit as
a direct result of receiving a signal in order for a listed signal to
be considered a success condition.
This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.
- Allow configuration of an errno error to return from blacklisted
syscalls, instead of immediately terminating a process.
- Fix parsing logic when libseccomp support is turned off
- Only keep the actual syscall set in the ExecContext, and generate the
string version only on demand.
This allows customization of the arguments used by less. The main
motivation is that some folks might not like having --no-init on every
invocation of less.
