| Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
In a confidential VM, the SMBIOS data is not trusted, as it is under the
control of the host OS/admin and not covered by attestation of the machine.
Fixes: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
This helper is a simplified version of detect_confidential_virtualization()
that merely returns a boolean status flag reflecting whether we are believed
to be running inside a confidential VM.
This flag can be used for turning off features that are inappropriate to
use from a CVM, but must not be used for releasing sensitive data. The
latter must only be done in response to an attestation for the environment.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
In etc_hosts_lookup_by_name(), return the canonical name of the resolved
address instead of the name used to obtain that address.
Resolves: #20158
|
|
In etc_hosts_lookup_by_address(), make sure the canonical name of the given
address is returned first in the list of names that address resolves to.
Resolves: #25088
|
|
These names will be used later in responses as canonical names.
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
|
Let's get rid of all the complexity and just not build ukify on
CentOS Stream 8.
|
|
mkosi sets these by default now so let's drop them from our
configuration.
|
|
mkosi now supports CentOS SIGs natively so we drop our own definition
of that and use the mkosi builtin one. We also enable hyperscale for
both CentOS 8 and CentOS 9 for consistency and add epel-next as well
which is a requirement for Hyperscale.
|
|
CentOS 8 ships python 3.6 so let's try and stay compatible with that
since the only feature we're using that requires python 3.9 is the
streamlined type annotations which are trivial to convert back to
the older stuff to stay compatible with python 3.6.
|
|
Currently translated at 100.0% (227 of 227 strings)
po: Translated using Weblate (Ukrainian)
Currently translated at 93.8% (213 of 227 strings)
Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/uk/
Translation: systemd/main
|
|
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/
Translation: systemd/main
|
|
Until [0] is deployed to production.
[0] https://github.com/packit/specfile/commit/2bdcec3db5cbee5e1f61fd578edd6a3393afd787
|
|
kernel-install used to work without /proc mounted before the rewrite
in C. Let's restore that property by making sure we don't reopen
file descriptors via /proc. In this case, parse_env_file_fdv() calls
fdopen_independent() to get a FILE * for the given file descriptor
(which itself calls fd_reopen()). Let's avoid the call to
fdopen_independent() by using chase_and_fopenat_unlocked() which
gives us a FILE * immediately without having to reopen any file
descriptors.
|
|
|
|
Otherwise, we may configure a route that depends on the existence
of an address or another route, and may fail when lifetime of one
of them are already zero.
Hopefully fixes #28358.
|
|
|
|
getopt_long()
If getopt_long() is called for a list of arguments and it is freed, then
calling getopt_long() for another list will trigger use-after-free.
The function proc_cmdline_filter_pid1_args() may be called before or during
parsing program arguments (typically named as parse_argv()), hence we cannot
use getopt_long() in proc_cmdline_filter_pid1_args().
Fixes #28366.
|
|
|
|
This commit allows service_sigchld_event() is executed before
service_dispatch_exec_io(), which might happen when a main process exits
very quickly.
Also do not check PID for service goodness because the main process have
already been exited in this case.
Fix: #27919
|
|
We currently prepend /sysroot to mount points for entries
in /sysroot/etc/fstab. But when it comes to bind mounts,
the source needs to canonicalized too.
Fixes #6827
Replaces #7894
|
|
|
|
|
|
|
|
In #20155, verify_shutdown_creds() needs to authenticate for both
org.freedesktop.login1.hibernate-multiple-sessions and
org.freedesktop.login1.hibernate-ignore-inhibit . Previously, the second
authentication attempt would fail with -ESTALE.
Fixes #20155.
|
|
... and store just the result.
|
|
This is a preparation for later commits.
|
|
|
|
|
|
|
|
|