IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Limits should be enforced, but not in a way real setups collide with
them.
There have been multiple reports that current limits are too low, hence
raise them 8x.
Fixes: #24852
(cherry picked from commit af7674f4ad)
Previously, GREEDY_REALLOC_APPEND would compile perfectly fine and cause
subtle memory corruption if the caller messes up the type they're passing
in (i.e. by forgetting to pass-by-reference when appending a Type* to an
array of Type*). Now this will lead to compilation failure
(cherry picked from commit fafc3c2d5c)
../src/resolve/resolved-bus.c: In function ‘call_link_method’:
../src/resolve/resolved-bus.c:1769:16: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized]
1769 | return handler(message, l, error);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
../src/resolve/resolved-bus.c:1755:15: note: ‘l’ was declared here
1755 | Link *l;
| ^
../src/resolve/resolved-bus.c: In function ‘bus_method_get_link’:
../src/resolve/resolved-bus.c:1828:13: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized]
1828 | p = link_bus_path(l);
| ^~~~~~~~~~~~~~~~
../src/resolve/resolved-bus.c:1816:15: note: ‘l’ was declared here
1816 | Link *l;
| ^
(cherry picked from commit 5f911aca84)
'Default Memory Pressure Duration' field in oomctl, which can be configured
with DefaultMemoryPressureDurationSec= in oomd.conf, is a global config.
Let's check it earlier.
This also drops unnecessary cleanup at the beginning.
(cherry picked from commit 23fb9b63cd)
Fedora and friends has a drop-in config for the settings in
/usr/lib/systemd/user/slice.d/ . Hence, settings in the main .slice may be
overridden. Let's set below in a drop-in with higher decimal prefix.
Also, rename override.conf -> 99-managed-oom-preference.conf for the same reason.
(cherry picked from commit 1473836a1e)
Ensure that we always attempt to mount the `ESP` partition to `/boot`
when there is no `XBOOTLDR` partition.
Fixes an issue when booting without a `XBOOTLDR` partition and an empty
root partition, since it would mount the `ESP` partition to `/efi/`
unconditionally causing boot entries to not be under `/boot/` as
recommended by the Boot Loader Specification.
(cherry picked from commit 28dbee46d5)
Do not fail if the directory is missing entirely, other than just empty
Follow-up for 00f546e25e
Follow-up for 5e79dd96a8
Follow-up for 622efc544d
(cherry picked from commit e1efa9d804)
If the vpick directory is configured to be ignored if missing, do not
fail and just skip ahead.
Follow-up for 5e79dd96a8
Follow-up for 622efc544d
(cherry picked from commit 00f546e25e)
Since the root directory was being suppressed to NULL, the subsequent
check would erroneously think that no working directory was specified.
This caused the default working directory to be applied instead.
(cherry picked from commit 0054a2acc3)
As another device may be created with the same device node while udevd
is processing the remove event of the previous owner of the device node.
This also adds comment why we skip watching device node on remove.
(cherry picked from commit e8df18c9e1)
This is a new syscall provided by the kernel used to implement faster
uprobes. It's not supposed to be called by userspace, but only by kernel
generated uprobe code.
It should be fine to allow this, as the kernel authenticates the
invocation itself, and we shouldn't break compat with things.
Note that this allowlisting is not sufficient to make ureprobe() work.
libseccomp must be tought the syscall too, but this can happen
independently.
Fixes: #34615
(cherry picked from commit d693c483a2)
When building unprivileged, the testuser home directory ends up
owned by root:root because mkosi can't chown directories to other
owners when running unprivileged. So let's fix up the testuser
ownership on first boot with tmpfiles instead.
(cherry picked from commit 0d0ecaab00)
Add a note to the service-file naming scheme that reminds developers
that those names might be aliases. Hence, when parsing such unit names,
the entire name-array of a unit must be parsed, rather than just the
unit ID.
The service-name of existing applications might be already part of their
API. Hence, not all applications can switch the service ID to this new
naming scheme, but can provide suitable aliases. Document this behavior.
(cherry picked from commit b3b7cf8b7c)
The <RANDOM> part is optional in the naming scheme of application units.
However, this is only true for service files. Scope units must include
the <RANDOM> part, otherwise it would be impossible to parse:
The schema would be:
`app[-<launcher>]-<ApplicationID>[-<RANDOM>].scope`
in which case a two-part name would be impossible to parse, since it is
unclear whether the launcher of the random bit where omitted.
(cherry picked from commit cbaebf811e)
This effectively reverts 37d15cd132.
The offending commit wrongly assumed that the second READY=1
notification is for system scope only, but it also serves the purpose
of flushing out previous STATUS= containing user unit job status.
(cherry picked from commit da81a10865)
The annotation about omittance is meant to be about the `RANDOM` string.
However, the current formatting makes it look like the entire naming
scheme is optional. Fix this.
(cherry picked from commit 5697bce82b)
We don't support split /usr/ anymore. Hence fix the paths. This
apparently matters because of PK validating the binary path.
Fixes: #34712
(cherry picked from commit c28a13b5af)
The documentation claimed that ExecStartPre=/ExecStartPost= accepts
multiple command lines, in contrast to ExecStart=. This is half an
untruth, because ExecStart= allows that too – as long as Type=oneshot is
set.
Hence, reword this a bit, and do not emphasize the contrast.
Prompted by: #34570
(cherry picked from commit c3069a6bfb)
This change makes it possible for repart to create dm-verity hash
partitions for a custom amount of protected data. When the property
`SizeMaxBytes=` is specified for a dm-verity data partition, the size
of the corresponding hash partition is set to accommodate hash data
for this maximum size, rather than the actual contents its data
sibling. However, the contained hash data continues to be generated
from said sibling.
(cherry picked from commit d3032e651e)
In mount_load_proc_self_mountinfo(), device_found_node() is synchronously called
during the traversal of mountinfo entries. When there are a large number of
mount points, and the device types are not significantly different, this results
in excessive time consumption during device discovery, causing a performance
bottleneck. This issue is particularly prominent on servers with a large number
of cores in IDC.
This patch decouples device discovery from the mountinfo traversal process,
avoiding redundant device operations. As a result, it significantly improves
performance, especially in environments with numerous mount points.
Signed-off-by: Chen Guanqiao <chen.chenchacha@foxmail.com>
(cherry picked from commit 00ad3f0227)
