This makes ping(8) work without CAP_NET_ADMIN and CAP_NET_RAW because
those aren't effective inside rootless Podman containers.
It's quite useful when using OSTree based operating systems like Fedora
Silverblue, where development environments are often set up using
rootless Podman containers with helpers like Toolbox [1]. Not having
a basic network utility like ping(8) work inside the development
environment can be inconvenient.
See:
https://lwn.net/Articles/422330/http://man7.org/linux/man-pages/man7/icmp.7.htmlhttps://github.com/containers/libpod/issues/1550
The upper limit of the range of group identifiers is set to 2147483647,
which is 2^31-1. Values greater than that get rejected by the kernel
because of this definition in linux/include/net/ping.h:
#define GID_T_MAX (((gid_t)~0U) >> 1)
That's not so bad because values between 2^31 and 2^32-1 are reserved
on systemd-based systems anyway [2].
[1] https://github.com/debarshiray/toolbox
[2] https://systemd.io/UIDS-GIDS.html#summary
This code is not part of the public API of sd-netlink, nor used by it
internally and hence should not be in the sd-netlink directory.
Also, move the test case for it to src/test/.
The info printed in this function is the same as the non-Ex version of the
property so there's no point double printing.
Other places that print ExecXYZEx= properties are left alone since the
displayed information is different.
Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
The specific header file is probably not copyrightable anyway, since
it's so trivial, but let's still add the SPDX header line so that a
systematic check for the line does't spit out this header needlessly.
This option is only used on reboot, not on other types of shutdown
modes, so it is misleading.
Keep the old name working for backward compatibility, but remove it
from the documentation.
Rather than always enabling the shutdown WD on kexec, which might be
dangerous in case the kernel driver and/or the hardware implementation
does not reset the wd on kexec, add a new timer, disabled by default,
to let users optionally enable the shutdown WD on kexec separately
from the runtime and reboot ones. Advise in the documentation to
also use the runtime WD in conjunction with it.
Fixes: a637d0f9ec ("core: set shutdown watchdog on kexec too")
Let's follow our modern style (i.e. return proper errors, use structure
initialization and _cleanup_).
Most importantly: remove state file and FIFO removal from
inhibitor_free() and let's move it to inhibitor_stop().
This makes sure that state files/FIFOs are not removed when the we
terminate logind, i.e. that they can survive logind restarts.
Fixes: #11825
Also make some parsing errors, fatals and others (that just care fore
'decoration') non-fatal.
The single caller of inhibitor_load() didn't log about any errors, hence
let's do this in our function, similar to how this is done in
session_load() already.
Users might end up with more than one of those service enabled, through
admin mistake, or broken installation scriptlets, or whatever. On my machine,
I had both chronyd and timesyncd happilly running at the same time. If
more than one is enabled, it's better to have just one running. Adding
Conflicts will make the issue more visible in logs too.
Priority is 80. At least in Fedora, chrony uses 50, and ntpd 60.
timesyncd has lower priority, because if people install those other packages,
it's most likely on purpose. timesyncd is always installed and provides
less functionality.
We removed support for foreign services (and ntp-units.d/) in b72ddf0f4.
Support for foreign services was added back in 5d280742, but through an
environment variable.
The problem with the env var approach is that it only works as a mechanism
to select one item, and doesn't work nicely as a mechinism to create a list
of items through drop-ins (because the env var can be easily overridden, but not
extended). Having a list of "ntp providers" is important to be able to reliably disable
all of them when that is requested.
Another problem is that nobody ever bothered to care about our new "standard".
ntp-units.d/ is a nice simple format that works and is already supported by
chrony and ntpd and timedatex. If we were to introduce and ask people to follow
a new standard, there should be some good reason for this. The idea with env
vars has lower functionality, requires systemd-specific syntax. We should just
re-adopt the format that we originally introduced and that seems to work for
everyone, and more on to more interesting problems.
