IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Typically if PK is not present we want to treat this as "denied". But
sometimes it makes sense to treat this case as "allowed".
In particular the combination POLKIT_ALWAYS_QUERY and
POLKIT_DEFAULT_ALLOW makes a lot of sense: it means we can enable PK
logic for actions where we so far bypassed the checks for root. With the
new combination we can have a default policy of allowing some operation
but still provide an effective hook to disable it.
Also add some debug logging about PK operations and results as they are ongoing.
When this flag is set we'll disable the local shortcut that skips polkit
checks for clients that are privileged, and assumes they are
authenticated.
Or in other words: if this flag is set, we'll query PK not matter what,
regardless if it's root we talk about or any other user.
This adds a new helper that basically just wraps
async_polkit_query_have_action() and allows calling this without
actually triggering a PK authentication operation: it just checks if we
aleady have acquired an action or not.
We may want to propagate O_APPEND, or (try to) keep the current file position,
even if we use fd_reopen() to re-initialize (and "unshare") other file
description status.
For now, used only with --pty to keep/propagate O_APPEND (and/or) position
if set on stdin/stdout.
If we re-open stdout and "drop" the O_APPEND,
we get rather "unexpected" behavior,
for example with repeated "systemd-run --pty >> some-log".
If someone carefully pre-positioned the passed in original file descriptors,
we avoid surprises if we do not reset file postition to zero.
fcntl F_GETFL first, and propagate O_APPEND if present in the existing flags.
Then use lseek to propagate the file position.
This was lost on refactor, and only addons had a default uki
line in the .sbat. Add it back, and differentiate between the
default for UKIs vs the default for addons, so that they can
be revoked separately. These are only defaults and users are
encouraged to provide their own.
Follow-up for a8b645dec8e6abf4c9ba0c93a6a0088953a2155e
This is a follow-up for 945a8210c770801c8492eda03b6e9af3ec5d03a3 and
makes the st_dev check generic, so that we can reuse it some other
places. It also incorporates the non-NULL check now, to be a
comprehensive one-stop solution.
The helper is static inline so that compilers can optimize the redundant
checks away in case it is combined with other checks.
Then, we can read the lease file on restart, and the DHCP server will be
able to manage previously assigned addresses.
To save leases in the state directory /var/lib/systemd/network/, this
adds systemd-networkd-dhcp-server.service, and by default
systemd-networkd does not start the DHCP server without the heler
service started.
Closes#29991.
Currently, the received hostname is not used for assigning an address to
the host, or options in the subsequent reply message. But, the parsed
hostname is exposed through DBus, and possibly Varlink in the future.
Let's ignore spurious hostname.
We oftem save parsed DHCP options into a file, or expose them
through DBus or Varlink. In such case, control characters or non-UTF8
characters may cause many kind of unexpected errors. In general, a DHCP
message that have string options with spurious characters is mostly
malformed or broken. Let's refuse them.
This also makes dhcp_option_parse_string() do not free 'ret' argument,
to follow our usual coding style. So, callers now need to free the
pre-exisitng string if necessary.
Fixes#31708.
Then, this introduces systemd-networkd-persistent-storage.service.
systemd-networkd.service is an early starting service. So, at the time
it is started, the persistent storage for the service may not be ready,
and we cannot use StateDirectory=systemd/network in
systemd-networkd.service.
The newly added systemd-networkd-persistent-storage.service creates the
state directory for networkd, and notify systemd-networkd that the
directory is usable.
For anonymous inodes, the result would be 0, but
the struct stat is initialized obviously.
So let's switch to st_dev for the check, which
is guaranteed to be non-zero.
Also this is completely unnecessary for statx(),
since we check stx_mask first and that on its own
denotes that the struct is initialized.
Looks like the compiler doesn't even notice these were left over
as the types end up matching somehow
Follow-up for 29556b75d8025580eebe160a1fa1459965912ee2
Let's make fd_verify_safe_flags() even more useful:
1. let's return the cleaned up flags (i.e. just the access mode) after
validation, hiding all the noise, such as O_NOFOLLOW, O_LARGEFILE and
similar.
2. let's add a "full" version of the call that allows passing additional
flags that are OK to be set.
