IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
On Fedora the sshd-session binary is under /usr/libexec/openssh/ so
cover this path as well in the old framework.
Follow-up for aaa7b36bd1.
(cherry picked from commit ce2344bbee)
We document that when multiple credentials of the same name are found,
we use the first one found so let's actually implement that behavior.
(cherry picked from commit 3de13e6148)
Credentials are written to a temporary file and renamed to the
destination with renameat() which will replace existing files so
EEXIST should not happen so drop the handling for EEXIST.
(cherry picked from commit 2c2ed3272b)
The kernel might start returning -EINVAL when trying to open pidfd's
for kernel threads so let's not try to open pidfd's for kernel threads.
(cherry picked from commit ead48ec35c)
Each log context field can expand to up to three iovecs (key, value
and newline) so let's fix the size calculation to take this into
account.
(cherry picked from commit fc83ff3f55)
All messages logged from exec_spawn() are attributed to the unit
and as such we should set the log level to the unit's max log level
for the duration of the function.
(cherry picked from commit 7881f485c9)
Remove an early return that prevents --prompt-root-password or
--prompt-root-shell and systemd.firstboot=off using credentials. In that case,
arg_prompt_root_password and arg_prompt_root_shell will be false, but the
prompt helpers still need to be called to read the credentials. Furthermore, if
only the root shell has been set, don't overwrite the root password.
(cherry picked from commit 35bc4c3424)
If /etc/passwd and/or /etc/shadow exist but don't have an existing root entry,
one needs to be added. Previously this only worked if the files didn't exist.
(cherry picked from commit 2319154a6b)
Although locked and empty passwords in /etc/passwd are treated the same, in all
other cases the entry is configured to read the password from /etc/shadow.
(cherry picked from commit 5088de9daa)
A PE image's memory footprint might be larger than its file size due
to uninitialized memory sections. Normally all PE headers should be
parsed to check the actual required size, but the legacy EFI handover
protocol is only used for x86 Linux bzImages, so we know only the last
section will require extra memory. Use SizeOfImage from the PE header
and if it is larger than the file size, allocate and zero extra memory
before using it.
Fixes https://github.com/systemd/systemd/issues/33816
(cherry picked from commit 19812661f1)
Otherwise, when an interface gained its carrier, the interface may not
have matching .network file yet, then link_reconfigure_impl() returns
zero, and link_handle_bound_by_list() is skipped.
Fixes#33837.
(cherry picked from commit 36b8ad085c)
This reverts commit ffef01acdd.
Similar to 2d393b1b6d ("network: IPv6 Compliance: Router Advertisement
Processing, Reachable Time [v6LC.2.2.15]"),
Extract from: https://www.ietf.org/rfc/rfc4861.html#section-4.2, p.21,
first paragraph:
The Router Lifetime applies only to
the router's usefulness as a default router; it
does not apply to information contained in other
message fields or options.
So it does not make sense to prevent DHCPv6 when Router Lifetime is 0.
Fixes#33357.
(cherry picked from commit 7767896d12)
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9d7be044ca)
Even if a timespan specified to IgnoreCarrierLoss= for an interface,
when the carrier of the interface lost, bound interfaces might be bring
down immediately.
Let's also postpone bringing down bound interfaces with the specified
timespan.
(cherry picked from commit e8eaed0240)
This is similar to what we do for veth interfaces in remove_veth_links().
When a container rebooted, macvlan interfaces created by the previous
boot may still exist in the kernel, and that causes -EADDRINUSE after
reboot.
Hopefully fixes#680.
(cherry picked from commit 1bfa47418e)
Similar to the implementation of cgroup.kill in the kernel, let's
skip kernel threads in cg_kill_items() as trying to kill kernel
threads as an unprivileged process will fail with EPERM and doesn't
do anything when running privileged.
(cherry picked from commit 0fbb569de1)
On CentOS/Fedora, dracut is configured to write the initrd to
/boot/initramfs-$KERNEL_VERSION...img so let's check for that as well
if no initrds were supplied.
(cherry picked from commit b56920e36c)
If we're running from within a container, we're very likely not going
to want to use the kernel command line from /proc/cmdline, so let's add
a check to see if we're running from a container to decide whether we'll
use the kernel command line from /proc/cmdline.
(cherry picked from commit 35c01ec59e)
- Improve wording for explanation when these variables are inherited
- Clarify that these variables are not placed in the process environment block,
so /proc/PID/environ cannot be used as a debugging tool
(cherry picked from commit 6c1e0823b0)
The new file, modules.weakdep, generated by depmod to get the weak
dpendencies information can be present
(05828b4a6e),
so remove it like the other similar files.
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
(cherry picked from commit eef4cd51f9)
This probably rarely helped anyway, but it also in some cases interferes
with auxiliary dnssec queries where the authoritative nameserver does
not support EDNS0/DNSSEC.
Fixes: ac6844460c ("resolved: support RFC 8914 EDE error codes")
(cherry picked from commit cd2ce31adb)
It means: a) user cannot be created, something's wrong in the
test environment -> fail the test; b) user already exists, we shall not
continue and delete (foreign) user.
(cherry picked from commit 3e6e3e6d40)
TEST-46-HOMED fails on ext4 because the filesystem is deemed to small
for activation by cryptsetup. Let's bump the minimal filesystem size for
ext4 a bit to be in the same ballpark as ext4 and btrfs to avoid weird
errors due to impossibly small filesystems.
Also use U64_MB while we're touching this.
(cherry picked from commit ae07feb401)
There are multiple subtests, just move them around into functions
(leveraging the testcase_* convention) to make space for new related
subtests.
(cherry picked from commit 4f0541dc59)
This allows mkosi to combine fstab.extra with its own fstab.extra so
that it doesn't override the one we pass for the test.
(cherry picked from commit ebe17e3f9e)
EINVAL should be used when a function is called with an invalid
argument. Here, the signal is not a function argument.
Follow-up for 7a64c5f23e.
(cherry picked from commit ab9af70edb)
The signalfd_siginfo struct is received from outside via a FD, hence
assert() is not appropriate way to check it. Just do a normal runtime
check.
(cherry picked from commit 7a64c5f23e)
Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos,
because of the two's-complement negative value representation.
Subsequently, ERRNO= is not logged for most of our own code.
Let's fix this, by formatting all synthetic errnos as positive.
Then, treat all negative values as non-synthetic.
While at it, mark the evaluation order explicitly, and remove
unneeded comment.
Fixes#33800
(cherry picked from commit 268f58076f)
We don't need to allow non-root, and the policy needs to specify destination
and interface too, to narrow it down
Follow-up for 7b5c38a91d
(cherry picked from commit a4c436c9d8)
This fixes
commit 9b0688f491
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue Jan 9 10:52:49 2024 +0900
virt: add Google Compute Engine support
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 9ffdfc67c6)
