IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It is necessary to install the selinux policy in the initramfs
so that userland is entered with the correct label.
SELinuxRelabel defaults to auto, which will skip if the relabelling
command is not installed and will treat failure to relabel as non-fatal.
We can't force it on because root privileges are required if the labels
don't exist on the host system and we would like to be able to
cross-build from other distributions.
Since we are already committed to relabelling on first boot
there is no value in even trying to label.
Other distributions may be able to install selinux
but they are not expected to use it.
The distribution is tested rather than whether selinux is enabled
because it is expected to work on CentOS and Fedora
and we want it to fail noisily.
According to the documentation in systemd.resource-control(5),
resource-control options may be used in mount, scope, service,
slice, socket and swap units.
While e.g. systemd.service(5) includes that information,
documentation for some other units does not.
The most problematic example is systemd.slice(5).
Its documentation states a slice unit may only contain [Install]
and [Unit] sections, while actually it may contain also a [Slice]
section with options from systemd.resource-control(5).
units/user/app.slice is an example of a slice unit having a [Slice]
section.
Some people are just sad, sad lost souls who don't like even the tiniest
ray of color in their life. Let's add an env var knob for allowing them
to turn the background tinting off, to drive the last bit of color from
their life so that they can stay in their grey grey life.
Otherwise, if a service unit that requests LogNamespace= stopped before
systemd-journald@.service is started, logs generated by the service will be
lost, as systemd-journald@.socket is stopped and
systemd-journald@.service will never started.
To prevent the issue, let's introduce another implicit dependency to
a oneshot service that explicitly synchronizes a namespaced journal file
when the log namespace is not needed anymore.
Fixes#32604.
The recently merged PR #32295 introduced support for the credProtect
extension, but in doing so, it broke the discoverability of credentials
by setting the policy to FIDO_CRED_PROT_UV_REQUIRED for UV-less,
PIN-protected credentials. This policy would require us to pass the PIN
to the token in the pre-flight request to be able to discover it,
which defeats the purpose of pre-flight requests as they're supposed
to be non-interactive.
This commit restricts the usage of credProtect to UV credentials only.
Looks like since [0] the Super-Linter repo was moved to
super-linter/super-linter and github/super-linter is just a fork, so
let's update the reference accordingly.
[0] 59fac7946c
The multi status feature requires $GITHUB_TOKEN, and since [0] it
defaults to true. Since we don't need it, let's explicitly disable the
feature.
[0] e6e6e1fa5f
Previously, _SOURCE_REALTIME_TIMESTAMP was only used for realtime
timestamp, and _SOURCE_MONOTONIC_TIMESTAMP was for monotonic.
This make these journal field used more aggressively. If we need
realtime timestamp, but an entry has only _SOURCE_MONOTONIC_TIMESTAMP,
then now realtime timestamp is calculated based on
_SOURCE_MONOTONIC_TIMESTAMP and the header dual timestamp.
Similary, monotonic timestamp is obtained from
_SOURCE_REALTIME_TIMESTAMP and the header dual timestamp.
This should change shown timestamps not so much in most cases, but may
be improve the situation such as #32492.
- Kernel: linux-6.8.8-arch
- systemd: 255.5-3-arch
- Laptop: Samsung GalaxyBook - NP550XDA-KF1BR
This is the solution to a problem with the Samsung GalaxyBook in which some Media keys,
when pressed and released, get stuck as if they are hold.
If the parent zone uses a non-opt-out method that provides authenticated
negative DS replies, we still can't expect signatures from the child
zone. sd-resolved was using the authenticated status of the DS reply to
require signatures for CNAMEs, even though it had already proved that no
signature exists.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
Previously, sd-resolved unnecessarily requested SOA records for each dns
label in the query, even though they are not needed for the chain of
trust. Since 47690634f157, only the necessary records are queried when
validating.
This is actually a problem in allow-downgrade mode, since we will no
longer attempt a query for a record that we know is signed a priori, and
will therefore never update our belief about the state of dnssec support
in the recursive resolver.
Rectify this by reintroducing a query for the root zone SOA in the
allow-downgrade case, specifically to test that the resolver attaches
the RRSIGs which we know must exist.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
With the current algorithm, we can end up removing entries from the
qdisc/tclass sets while having multiple open iterators over the sets at
various positions which leads to assertion failures in the hashmap logic
as it's only safe to remove the "current" entry.
To avoid the problem, let's split up marking and dropping of tclasses
and qdiscs. First, we recursively iterate tclasses/qdiscs and mark all
that need to be removed. Next, we iterate once over tclasses and qdiscs
and remove all marked entries.
Fixes 632d321050f58fe1b5bed7cfe769d212377c0301
We have e.g. 25-default.link in test-network/ which becomes a broken
symlink when installed so let's not copy the symlinks but follow them
instead so they don't become broken.
some changes succeeded
Follow-up for a82b8b3dc80619c3275ad8180069289b411206d0
We don't need to invalidate the unit file state
if all operations failed.
Also, emit UnitFilesChanged signal as long as
some operations succeeded.
