| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Fixup for 32458cc968.
|
|
|
|
|
|
|
|
|
| |
We use those strings as hash keys. While writing "a...b" looks strange,
"a///b" does not look so strange. Both syntaxes would actually result in the
value being correctly written to the file, but they would confuse our
de-deplication over keys. So let's normalize. Output also becomes nicer.
Add test.
|
|
|
|
| |
one_zero() is used later in the header...
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to run sysctl also in containers, because the network
subtree is namespaces and may legitimately be writable. But logging
all "errors" at notice level creates unwanted noise.
Also downgrade message about missing sysctls to log_info. This might also be
relatively common when configuration is targeted at different kernel
versions. With log_debug it'll still end up in the logs, but isn't really worth
of "notice" most of the time.
https://bugzilla.redhat.com/show_bug.cgi?id=1609806
|
|
|
|
|
| |
This allocation is a low level detail, and it seems nicer to keep it
out of run().
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This section is loaded in a bunch of places, so this affects many
man pages.
1. point the reader to the synopsis section, which has the exact paths
that are used to load files.
2. put the "reference" part first, and recommendations later, in separate
paragraphs.
3. describe how individual settings and whole files are replaces.
Closes #12791.
|
|\
| |
| | |
alternative pam_setcred() fix
|
| |
| |
| |
| |
| | |
Fixes: #14567
Alternative-To: #14569
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
flags for each path
This extends on d253a45e1c147f5174265d71d7419da7bd52a88b, and instead of
merging just a single flag from previous mount entries of
/proc/self/mountinfo for the same path we merge all three.
This shouldn't change behaviour, but I think make things more readable.
Previously we'd set MOUNT_PROC_IS_MOUNTED unconditionally, we still do.
Previously we'd inherit MOUNT_PROC_JUST_MOUNTED from a previous entry on
the same line, we still do.
MOUNT_PROC_JUST_CHANGED should generally stay set too. Why that? If we
have two mount entries on the same mount point we'd first process one
and then the other, and the almost certainly different mount parameters
of the two would mean we'd set MOUNT_PROC_JUST_CHANGED for the second.
And with this we'll definitely do that still.
This also adds a comment explaining the situation a bit, and why we get
into this situation.
|
|\ \
| |/
|/| |
New varlink API for user and group management
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
(This also changes the suggested /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also updates the suggested PAM snippet in a number of way:
1. Be closer to the logic nowadays implemented in Fedora where the
auth/account/password stacks are all finished off with
pam_{deny|permit}.so
2. Make pam_unix.so just "sufficient" instead of "required" (paving
ground for pam_systemd_home.so being hooked in as additional
sufficient module.
3. Only do pam_nologin in the "account" stack, since it's about account
validity really.
4. Use modern parameters to pam_unix when changing passwords, i.e.
sha512 and shadow, and use already set up passwords (preparing ground
for pam_systemd_home again)
|
| |
| |
| |
| |
| | |
This way any component providing us with JSON user record data can use
this for automatic resource management and other session properties.
|
| |
| |
| |
| | |
Let's propagate the PAM errors we got.
|
| |
| |
| |
| |
| | |
Later on this allows us to set various session properties from user
record.
|
| |
| |
| |
| | |
Let's use the pam-util.h provided helpers to acquire them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This changes the user tracking of logind to use the new-style UserRecord
object.
In a later commit this enables us to do per-user resource management.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.
(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).
Fixes: #12492
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This new API can be used in place of NSS by our own internal code if
more than the classic UNIX records are needed.
|
| |
| |
| |
| |
| |
| |
| |
| | |
objects
These new calls may be used to convert classic UNIX/glibc NSS struct
passwd and struct group records into new-style JSON-based user/group
objects.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This way we can use libxcrypt specific functionality such as
crypt_gensalt() and thus take benefit of the newer algorithms libxcrypt
implements. (Also adds support for a new env var $SYSTEMD_CRYPT_PREFIX
which may be used to select the hash algorithm to use for libxcrypt.)
Also, let's move the weird crypt.h inclusion into libcrypt.h so that
there's a single place for it.
|
|/
|
|
|
| |
We have similar macros already for getpwuid()/getpwnam(), let's add more
of this.
|
|\
| |
| | |
Revert the test move and fix formatting on main page a bit
|
| | |
|
| |
| |
| |
| | |
This reverts commit 8c5cd27dd155fbe71a6bf82096b8775c5ff453b8.
|
|\ \
| | |
| | | |
introduce TABLE_STRV and use it in networkctl and resolvectl
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | |/
| |/| |
Let's see if redirects work
|