IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel
doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over
the network namespace.
So the mounting /sys as a tmpfs code introduced in
d8fc6a000f doesn't work with user
namespaces if we don't use private-net. The reason is that we mount
sysfs inside the container and we're in the network namespace of the host
but we don't have CAP_SYS_ADMIN over that namespace.
To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use
private network and ignore the /sys-as-a-tmpfs code if we find that /sys
is already mounted as sysfs.
Fixes#1555
`systemd-tmpfiles --clean ./some.conf` doesn't work:
Failed to open './some.conf', ignoring: No such file or directory
`systemd-tmpfiles --clean $(realpath ./some.conf)` works fine.
This reverts commit 409c2a13fd.
It breaks the bootup of systems which enable smack at compile time, but have no
smack enabled in the kernel. This needs a different solution.
Let's use strjoina() rather than strjoin() for construct dbus match
strings.
Also, while we are at it, fix parameter ordering, so that our functions
always put the object first, like it is customary for OO-like
programming.
pthread APIs (unlike the rest of libc) return their errors as positive
error codes directly from the functions, rather than using errno. Let's
make sure we always handle things that way.
Clear up how we pass fd owner ship to proxy and bus objects. Document
that ownership is passed of the fds in question even in case of failing
constructors, and that callers should forget about fds pass into the
proxy object.
The alternative would be to duplicate the fds, but given that fds are a
relatively scarce and heavy resource let's better avoid that.
Fixes#1591.
Track the number of matches installed for a given multicast group, and leave the
group once no matches depend on it.
In order to handle passed-in sockets that are already members of multicast groups
we initialize the refcount based on the membership once we take over the socket.
This way we will leave the socket in the state we found it once we finish with
it.
On kernels that do not fully support reading out the multicast group membership
we fall back to never leaving any groups (as before).
