I.e. don't perform any action if we can't spawn mount task anyway.
Later the same check would be added to mount_can_start/reload(),
so this makes things more coherent too.
There are cases where templated Socket unit files are used for network services
with interface name used as an instance. This patch allows using %i for
BindToDevice setting to limit the scope automatically.
When a new device is processed, there should be no watch handle for
the device, hence udev_watch_clear() provides -1. Let's not try to call
inotify_rm_watch() in that case.
This should not change any behavior. Just for suppressing spurious
debugging log:
=====
(udev-worker)[3626140]: zram1: Removing watch handle -1.
=====
Based on this patch i had submitted to RedHat
(https://issues.redhat.com/browse/RHEL-56280), i am submitting this
patch to this upstream systemd.
There is no way to explicitly enable/disable IPv6 AAAA queries.
Problem was that i am using RHEL9 and some applications does not use a
newer glibc that supports `no-aaaa` option in `/etc/resolv.conf`. So
some applications will still resolve IPv6 AAAA even with `no-aaaa`
option and it is inconsistent across the system where some work and some
don't.
So this systemd-resolved patch catch-all queries and disable IPv6 AAAA
queries for all applications in the OS by having an option
`RefuseRecordTypes=AAAA` to disable IPv6 AAAA queries.
Although https://github.com/systemd/systemd/pull/28136 tries to fix this
automatically but it still does not work with
`net.ipv6.conf.all.disable_ipv6 = 1`. Also tried with explicitly
removing the conditional and force set `family = AF_INET` and still
resolves AAAA records.
The issue is that i want to explicitly disable IPv6 AAAA queries instead
of systemd-resolved to figure out itself which address family it is
using, which always have problems.
Let's move the currently used/default/oneshot entry output after the
basic info about the boot loader itself, since conceptually these are
objects kinda "one level down" from the boot loader perspective. Hence,
let's *first* show all info about the boot loader itself before we
display the objects it manages.
This is just a trivial change in output, just swaps th elines for these
fields with the ones showing where the boot loader is installed.
Public keys and certificates are not the same, as the latter embeds more
information that the former, and other tools like sd-measure have distinct
parameters for each of them.
Add a new --pcr-certificate= parameter to ukify, and use it to pass certs
down to sd-measure, as an alternative to --pcr-public-key=. Do not allow
specifying both.
So far we'd output both the partition and the binary path always, even
if we didn't know either (but in that case show empty information).
Let's address this, and show partition info only if we know it, or if we
know the EFI binary path, but suppress both if we know neither.
Note that we'll show the partition info if we don't know it still if we
know the EFI binary path used for boot, since it is relative to the
partition of course, and hence it's really strange to know one but not
the other, hence it deserves some mentioning in the output.
Let's make the stub and loader output sections more alike, and say in
both cases whether we recieved that data from the boot phase or not the
same way.
CLONE_PIDFD was introduced in v5.2 and in sched.h in glibc-2.31 so
without this, building with older version fails with:
src/basic/raw-clone.h:41:108: error: 'CLONE_PIDFD' undeclared (first use in this function); did you mean 'CLONE_FILES'?
While killing cgroup v1 I want to turn all cg_* helpers to take
cgroupfs_fd + cg path, which means all relevant path operations must
support openat() semantics. `removexattrat()` is currently missing. I
took the chance to do a bigger refactor for xattr-util.
The BMAX MaxBook Y14 has 2 acceleromenter sensors, one seems to be in
the display, the other in the base. With the default ACCEL_MOUNT_MATRIX
monitor-sensor would report the display to be rotate of 180 degrees
compared to its real position, i.e. upside down when normal and vice
versa. Left up and right up are also swapped.
Correcting the ACCEL_MOUNT_MATRIX for the display sensor solves the
issue and monitor-sensor reports the correct values.
For the Y13 model the Z axis value was also inverted. For the Y14 to
work correctly, this is not necessary, but I'm not sure how to double
check this.
Sensors info:
P: /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-0/i2c-KIOX010A:00/iio:device0
M: iio:device0
R: 0
U: iio
T: iio_device
D: c 237:0
N: iio:device0
L: 0
E: DEVPATH=/devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-0/i2c-KIOX010A:00/iio:device0
E: SUBSYSTEM=iio
E: DEVNAME=/dev/iio:device0
E: DEVTYPE=iio_device
E: MAJOR=237
E: MINOR=0
E: USEC_INITIALIZED=25931869
E: IIO_SENSOR_PROXY_TYPE=iio-poll-accel iio-buffer-accel
E: SYSTEMD_WANTS=iio-sensor-proxy.service
E: TAGS=:systemd:
E: CURRENT_TAGS=:systemd:
P: /devices/pci0000:00/0000:00:15.3/i2c_designware.3/i2c-3/i2c-KIOX020A:00/iio:device1
M: iio:device1
R: 1
U: iio
T: iio_device
D: c 237:1
N: iio:device1
L: 0
E: DEVPATH=/devices/pci0000:00/0000:00:15.3/i2c_designware.3/i2c-3/i2c-KIOX020A:00/iio:device1
E: SUBSYSTEM=iio
E: DEVNAME=/dev/iio:device1
E: DEVTYPE=iio_device
E: MAJOR=237
E: MINOR=1
E: USEC_INITIALIZED=26000295
E: IIO_SENSOR_PROXY_TYPE=iio-poll-accel iio-buffer-accel
E: SYSTEMD_WANTS=iio-sensor-proxy.service
E: TAGS=:systemd:
E: CURRENT_TAGS=:systemd:
accel-display
acpi:KIOX010A:KIOX010A:
dmi:bvnAmericanMegatrendsInternational,LLC.:bvr5.00_002:bd05/13/2024:br5.27:efr1.1:svnAMI:pnIntel:pvrDefaultstring:rvnAMI:rnIntel:rvrDefaultstring:cvnDefaultstring:ct31:cvrDefaultstring:skuH8Y6:
accel-base
acpi:KIOX020A:KIOX020A:
Added in 6140be90ec
However, when O_PATH fds are encountered we'd have to go by
/proc/self/fd/ still, since the kernel people are reluctant
to make the new syscalls work with them
(https://lore.kernel.org/linux-fsdevel/20250206-steril-raumplanung-733224062432@brauner/)
Hence getxattrat() and listxattrat() are not employed.
While at it, remove the discrepancy between path being NULL
and empty - I don't grok the "security issue" claimed earlier,
but nowadays even the kernel treats the two as identical:
e896474fe4
