| Commit message (Collapse) | Author | Files | Lines |
|---|
|
All these are really unsigned and used as such. This silences some
-Wformat-signedness warnings with gcc.
|
|
|
|
The format specifiers for UUID parsing use %x, which expects unsigned.
|
|
gcc will complain about all these with -Wformat-signedness.
|
|
The key doesn't create a release event. This is a fix to make it work properly. I made sure the product is generic to work on all Victus laptops.
This fix #23006.
|
|
This doesn't really change anything, since we know the stat data used
here also contains S_IFBLK, but it's frickin' confusing.
|
|
|
|
|
|
We print the very same log message for loopback block devices and for
loopback network devices. Let's better be clear what kind it is.
|
|
as per:
https://titlecase.com/
|
|
|
|
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later. Currently this feature
is only implemented for SELinux.
The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.
Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```
With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation
```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```
Result:
```
$ sudo netlabelctl -p unlbl list
...
interface: eth0
address: 10.0.0.0/8
label: "system_u:object_r:localnet_peer_t:s0"
...
```
|
|
|
|
Added functions to generate netmasks for IPv6 and generic IP family addresses.
|
|
The inquiry is issued to kernel via ioctl, kernelspace would set
this inquiry command's retry count to 0 which means the command
would not be retried in kernel space even if the LLDs returned
a status which need to be retried. So we should take the retry
in user space.
|
|
The path /sys/firmware/device-tree doesn't exist. This should be either
/proc/device-tree or /sys/firmware/devicetree.
The first path is only a link. So lets use the second path.
See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218.
|
|
|
|
When --initialized=no is specified, it is not necessary to wait
for uevents to be processed by udevd.
|
|
This reverts commit 1a0e065e9f154f46fd68cd45f46310bc7df7a51c.
This does not work as expected.
After `losetup --detach`, the kernel lazily removes the loop device.
But, systemd-dissect should gracefully handle that. If it does not, then
it is a bug in systemd-dissect.
Let's not hide the real issue in systemd-dissect.
|
|
|
|
|
|
|
|
|
|
It should not fail in general.
|
|
|
|
|
|
Follow-ups for #24420.
|
|
|
|
|
|
CREDENTIAL_PATH appears nowhere in the systemd source code.
$CREDENTIALS_DIRECTORY is what is used instead.
|
|
Fixes #24473.
|
|
|
|
|
|
assigned
Also refuse invalid log level.
|
|
|
|
to speed up non-KVM environment
|
|
Fixes #24465.
|
|
|
|
|
|
|
|
|
|
The functions provided by the file are only used in sd-device.
|
|
Follow-up for 0f79b3469f167583033d17f9a6fa0e4341a68003.
To obtain device node, sd_device_get_devname() must be used.
|
|
|
|
|
|
|
|
|
|
Otherwise, on Ubuntu, the DS RRs sometimes won't get propagated
correctly to parent zones for some reason, ending in a loop:
```
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
knotd[70]: info: [signed.test.] DS check, outgoing, remote 10.0.0.1@53, KSK submission check: negative
...
```
causing DNSSEC verification fails. I'm not sure why that happens (yet)...
|
|
delv on Ubuntu defaults to /etc/bind/bind.keys instead of /etc/bind.keys
when reading trust anchors, so let's create a symlink to make the test
work there as well.
Resolves: #24453
|
|
|
