`c->cpu_sched_reset_on_fork` is serialized using
`exec-context-cpu-sched-reset-on-fork` and
`exec-context-cpu-scheduling-reset-on-fork`. Let's keep only the second one, to
serialize the value only if `cpu_sched_set` is true.
Let's not complain about various valid loader.conf settings we more
recently added. At the same time let's remove the half-assed userspace
parsers for the fields we actually do support but don't actually really
care about in userspace. There's really no point in storing strings away
that we are not using at all, hence just don#t.
Fixes: #31487
By default socat open a separate r/w channel for each specified address,
and terminates the connection after .5s from receiving EOF on _either_
side. And since one side of that connection is an empty stdin, we reach
that EOF pretty quickly. Let's avoid this by using socat in
"reversed unidirectional" mode, where the first address is used only for
writing, and the second one is used only for reading.
Addresses:
- https://github.com/systemd/systemd/issues/31500
- https://github.com/systemd/systemd/issues/31493
Follow-up for 3456c89ac2.
Let's make systemd-nspawn use our own ptyfwd logic to handle the TTY by
default.
This adds a new setting --console=, inspired by nspawn's setting of the
same name. If --console=interactive= is used, then we'll do the TTY
dance on our own via ptyfwd, and thus get tinting, our usual hotkey
handling and similar.
Since qemu's own console is useful too, let's keep it around via
--console=native.
FInally, replace the --qemu-gui switch by --console=gui.
According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.
It has been demonstrated that tolerating an unbounded number of dnssec
signature validations is a bad idea. It is easy for a maliciously
crafted DNS reply to contain as many keytag collisions as desired,
causing us to iterate every dnskey and signature combination in vain.
The solution is to impose a maximum number of validations we will
tolerate. While collisions are not hard to craft, I still expect they
are unlikely in the wild so it should be safe to pick fairly small
values.
Here two limits are imposed: one on the maximum number of invalid
signatures encountered per rrset, and another on the total number of
validations performed per transaction.
Previously, the function supports packets without IPv6 sender address
for unit tests. However, now unit tests use their own version of
icmp6_receive(). Hence, let's make the check more strict.
Follow-up for e0e7bc8223
This allows us to pin the process locally when GetUnitByPIDFD
is not available, just like what we have been doing for
'systemctl whoami'. Also, fix looking up remote pid.
We can't use pidfd for those.
Skip using pidfds if we get a permission denied error.
This can happen with an old policy and a new kernel that uses the
new pidfs filesystem to back pidfds, instead of anonymous inodes,
as the existing policy denies access.
This is already the case for most uses of pidfd_open, like pidref,
but not on these two. Fix them.