RootImage= may require the following settings
```
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rwm
DeviceAllow=block-blkext rwm
```
This adds the following settings implicitly when RootImage= is
specified.
Fixes#9737.
When clients don't follow protocol and use the same object from
different threads, then we previously would silently corrupt memory.
With this assert we'll fail with an assert(). This doesn't fix anything
but certainly makes mis-uses easier to detect and debug.
Triggered by https://bugzilla.redhat.com/show_bug.cgi?id=1609349
Triggered by https://bugzilla.redhat.com/show_bug.cgi?id=1609349
This adds two generic paragaphs we include via xinclude. One is the
"strict" version, which contains wording saying that we are thread
agnostic and what that means. And the other is the "safe" version, for
the cases we provide fully safety.
Let's then change most man pages to use either of these generic
paragraphs. With one exception: man/sd_journal_get_catalog.xml contains
both kinds of function, we hence use manual wording.
This service won't use much resources, but it's certainly nicer to see
it attached th the user's slice along with user@.service, so that
everything we run for a specific user is properly bound into one unit.
We use systemd-user-sessions.service as barrier when to allow login
sessions. With this patch user@.service is ordered after that too, so
that any login related code (which user-runtime-dir@.service is) is
guaranteed to run after the barrier, and never before.
As the comments already say it might be quite likely that
$XDG_RUNTIME_DIR is not set up as mount, and we shouldn't complain about
that.
Moreover, let's make this idempotent, so that a runtime dir that is
already gone and is removed again doesn't cause failure.
Test it when sending an FD without any contents, or an FD and some contents,
or only contents and no FD (using a bare send().)
Also fix the previous test which forked but was missing an _exit() at the
end of the child execution code.
These take a struct iovec to send data together with the passed FD.
The receive function returns the FD through an output argument. In case data is
received, but no FD is passed, the receive function will set the output
argument to -1 explicitly.
Update code in dynamic-user to use the new helpers.
We would verify destination e.g. in sd_bus_message_new_call, but allow setting
any value later on with sd_bus_message_set_destination. I assume this check was
omitted not on purpose.
sd_bus_message{get_type,is_signal,is_method_call,is_method_error} get one man
page.
sd_bus_message_{set,get}_{destination,path,interface,member,sender} are put in
the second one.
