In order to allow other parts of systemd-networkd to use sets/hashmaps
of Address objects, the address_hash_ops structure needs to be made
available to them.
The RFC 7217 (prefixstable) algorithm can use Duplicate Address
Detection to produce multiple candidate addresses, but the implementation
here does not currently employ that mechanism.
This patch provides new documentation for IPv6Token,
reflecting the new modes (and the existing mode), and documents
various caveats users should be aware of when using these
modes.
This error message will be emitted when any form of SLAAC address
generation fails, not just 'prefix stable', so the message should
only refer to SLAAC.
The logic which can produce an IPv6 address using SLAAC produces an
address, not a prefix, so the boolean variable used to detect whether
it succeeded should reflect that.
To suppress the following warning:
---
Warning: Stopping systemd-udevd.service, but it can still be activated by:
systemd-udevd-control.socket
systemd-udevd-kernel.socket
In certain cases the expected enqueue-start-replace-continue
sequence would end up as enqueue-replace-start-continue which causes
unexpected fails even though the serialization/deserialization part
works as expected. As we can't use `--wait` in this case, let's give
sysetmd a second to actually start the unit before replacing it with
another one.
Also, switch from the single-letter test output to a bit verbose format.
Fixes: #14632
Add shortcuts to enable and start, or disable and stop, portable
services with a single portablectl command.
Allow to pass a filter on detach, as it's necessary to call
GetImageMetadata to get the unit names associated with an image.
Fixes#10232
9e48626571 added some new syscalls to the
filter lists. However, on systems that do not yet support the new calls,
running systemd-run with the filter set results in error:
```
$ sudo systemd-run -t -r -p "SystemCallFilter=~@mount" /bin/true
Failed to start transient service unit: Invalid argument
```
Having the same properties in a unit file will start the service
without issue. This is because the load-fragment code will parse the
syscall filters in permissive mode:
https://github.com/systemd/systemd/blob/master/src/core/load-fragment.c#L2909
whereas the dbus-execute equivalent of the code does not.
Since the permissive mode appears to be the right setting to support
older kernels/libseccomp, this will update the dbus-execute parsing
to also be permissive.
Instead of setting the bus error structure and then freeing it, let's only set
it if used. If we will ignore the selinux denial, say ", ignore" to make this
clear. Also, use _cleanup_ to avoid gotos.
../src/core/selinux-access.c: In function ‘mac_selinux_generic_access_check’:
../src/basic/log.h:223:27: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
../src/core/selinux-access.c:235:85: note: format string is defined here
235 | log_warning_errno(errno, "SELinux getcon_raw failed (tclass=%s perm=%s): %m", tclass, permission);
| ^~
I wonder why nobody ever noticed this.
Fixes#14691 (other issues listed in that ticket have already been fixed).
For #8495: it is arguably useful to not show the length of the password
in public spaces. It is possible to press TAB or BS to cancel the asterisks,
but this is not very discoverable. Let's make it discoverable by showing
a message (in gray). The message is "erased" after the first character
is entered.
test-ask-password-api would crash if ^D was pressed.
If think the callers generally expect a non-empty strv as reply. Let's
return an error if we have nothing to return.
Also modernize test-ask-password-api a bit.
Let systemd create the dummy file where a device node will be mounted on with the default label for the parent directory (e.g. /tmp/namespace-dev-yTMwAe/dev/).
Fixes: #13762
See c80a9a33d0, target units can't fail.
I guess we need to figure out some replacement functionality, but at least
let's avoid the warning from systemd for now.
Inside format_bytes, we return NULL if the value is UINT64_MAX. This
makes some kind of sense where this has some other semantic meaning than
being a value, but in this case the value is both a.) not the default
(so we definitely want to display it), and b.) means "infinity" (or
"max" in cgroup terminology).
This patch adds a small wrapper around format_bytes that can be used for
these cases, to avoid the following situation:
[root@tangsanjiao ~]# cat /sys/fs/cgroup/workload.slice/memory.low
max
[root@tangsanjiao ~]# systemctl show workload.slice -p MemoryLow
MemoryLow=infinity
[root@tangsanjiao ~]# systemctl status workload.slice | grep low:
Memory: 14.9G (low: (null))
After the patch:
[root@tangsanjiao ~]# systemctl status workload.slice | grep low:
Memory: 15.1G (low: infinity)
Susant Sahani