| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Let's disable KVM if TEST_NO_KVM=1 is set but let's not specify anything
if it's not set so the QemuKvm= setting from mkosi.conf is used.
|
|
Closes #23159.
|
|
Currently it is not used, but will be used later.
|
|
No functional change, just refactoring and preparation for later
commits.
|
|
- Check userdata, instead of data, though they point to the same
position.
- Support an empty string.
- Use UINT32_MAX, as the label is uint32_t.
|
|
No functional change, just refactoring.
|
|
being connected to a TTY is not really enough to determine
interactivity in many cases. Let's also check if we have a controlling
TTY.
Inspired by #34016
|
|
We do not prefix the field with anything, since
8c053c83ae3c18342c4faaa0043d787884056614.
|
|
This will greatly reduce the number of cases where the global unicast
scope overlaps with link scopes configured as default-route, making it
feasible to use the global DNS setting in conjunction with per-link dns
servers configured by the network.
This change is preferred over demoting links to default-route=no where
the user prefers to use the network provided DNS servers, and I expect
it is non-disruptive in that it should not degrade the efficacy of any
existing configuration.
|
|
|
|
let's instead generate ENOTTY on our own. This is more correct with out
coding style (since we generally do not propagate errors via errno), and
also addresses #34039 as side effect. (#34039 really needs to be fixed
in musl though, too, this is just a work-around as side-effect).
Fixes: #34039
|
|
glibc returs EIO on ttys that are hung up. That's not really correct,
POSIX seems to disagree.
Work around this in our code, and turn this into a clean "1", since a
hung up tty doesn't stop being a tty just because it is hung up.
Background: https://github.com/systemd/systemd/pull/34039
|
|
If the router interface send NA without router flag, client interface will drop
SLAAC addresses. To make the router interface send NA with router flag,
IPv6 forwarding needs to be enabled.
===
client: NDISC: Received Neighbor Advertisement from fe80::1034:56ff:fe78:9a99: Router=no, Solicited=yes, Override=no
client: NDISC: Invoking callback for 'neighbor' event.
client: Removing NDisc route (configured): dst: 2002:da8:1:99::/64, src: n/a, gw: n/a, prefsrc: n/a, table: main(254), priority: 1024, proto: ra, scope: global, type: unicast, flags: n/a
client: Removing NDisc route (configured): dst: n/a, src: n/a, gw: fe80::1034:56ff:fe78:9a99, prefsrc: n/a, table: main(254), priority: 1024, proto: ra, scope: global, type: unicast, flags: n/a
client: Removing NDisc address (configured): 2002:da8:1:99:1034:56ff:fe78:9a00/64 (valid for 23h 59min 58s, preferred for 3h 59min 58s), flags: manage-temporary-address,no-prefixroute, scope: global
===
|
|
In apply_one_mount(), in the MOUNT_EXTENSION_DIRECTORY case,
char **extension_release was used as a return pointer twice but only
cleaned up once in the end. Fix it by removing duplicate code that
was causing this issue.
Fixes issue introduced in 55ea4ef096543d2bceea9315868d5aca945d7a57.
|
|
|
|
RoutingPolicyRule
No functional change, just refactoring and preparation for later change.
|
|
Currently, only FIB_RULE_INVERT flag can be configurable, but for
simplicity and future extension, let's manage all flags.
No functional change, just refactoring.
|
|
The kernel parses FRA_SUPPRESS_PREFIXLEN as uint32_t, but internally
handled as signed integer and negative values as unset. Let's explicitly
specify the size of the variable.
No functional change, just refactoring.
|
|
comments
No functional change, just refactoring.
|
|
Let's manage fib rules with the logic used by the kernel.
Should not change any behavior.
|
|
|
|
|
|
|
|
|
|
Also drop unnecessary spaces.
|
|
|
|
|
|
No functional change, just refactoring.
|
|
Then, non-privilege user can call e.g. 'resolvectl monitor' with
authentication.
|
|
Otherwise, polkit authentication does not work for methods that require
the MORE flag.
|
|
When e.g. `resolvectl monitor` is called, it is not necessary to acquire
DBus connection.
|
|
Use RET_GATHER(), FOREACH_ARRAY(), and strv_skip().
|
|
|
|
Even the server side supports polkit authentication, previously
the client side did not support polkit authentication.
|
|
|
|
Previously, e.g. 'networkctl reload' did not ask password through
polkit.
|
|
Unprivileged users often make themselves root by unsharing a user namespace
and then mapping their current user to root which does not require privileges.
Let's make sure our tests don't fail in such an environment by adding checks
where required to see if we're not running in a user namespace with only a
single user.
|
|
units
Note, `systemd-analyze foo@.service --instance=hoge` is equivalent to
`systemd-analyze foo@hoge.service`. But, the option may be useful when
e.g. passing multiple template units that have restriction on their
instance name:
```
$ ls
template_aaa@.service template_bbb@.service template_ccc@.service
$ systemd-analyze ./template_* --instance=hoge
```
Without the option, we need to embed an instance name into each unit
name, so cannot use globs.
Prompted by #33681.
|
|
The users still periodically come back to #24208.
Let's add a detection for this hence.
|
|
|
|
Before this commit, the "Cannot raise nice level" branch
is rather confusing, as we're actually lowering the nice.
Also, it's better to log about the final nice value
for both cases, no matter whether we need to set to limit
or not.
|
|
|
|
Follow-up for 6d2984d21bf2a8f71d379ef6bc13a761bb2e2756
The current semantics of "filtered" in unit_is_filtered()
are actually the contrary of ListUnitsFiltered(). Let's
make things consistent, i.e. return true when the unit
shall be included.
|
|
The previous name is quite vague on what this precisely
do.
|
|
The credential mounts should be managed singlehandedly by pid1.
Preparation for the future introduction of RefreshOnReload=credential,
where refreshing creds will be properly supported on reload.
|
|
Perform some checks earlier to avoid pointless polkit auth.
Plus, the missing unit_get_exec_context() shall not be
a formalized error. As it's our internal representation
and in the normal operation should never happen.
|
|
Addresses https://github.com/systemd/systemd/pull/34013#discussion_r1719890231.
|
|
|
|
Similar to PresharedKeyFile=, but for public key.
Closes #34012.
|
|
|
