With the fix done in PR28215, the unit restart job is created with type JOB_START.
Because of that, it is not properly merged anymore with the old one: the
merged job has state JOB_RUNNING. It should have state JOB_WAITING.
I think that the old job is not cleaned up because we don't go through the failed state.
With this fix, the merged job is properly created with state JOB_WAITING.
When this option is set to direct, the service restarts without entering a failed
state. Dependent units are not notified of transitory failure.
This is useful for the following use case:
We have a target with Requires=my-service, After=my-service.
my-service.service is a oneshot service and has Restart=on-failure in
its definition.
my-service.service can get stuck for various reasons and time out, in
which case it is restarted. Currently, when it fails the first time, the
target fails, even though my-service is restarted.
The behavior we're looking for is that until my-service is not restarted
anymore, the target stays pending waiting for my-service.service to
start successfully or fail without being restarted anymore.
This property reports whether the system is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The "cvm" flag indicates whether the OS is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The --list-cvm option reports the known types of confidential virtualization
technology that can be detected.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The --cvm option detects whether the OS is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This code uses various CPUID checks to be able to identify
* AMD SEV
* AMD SEV-ES
* AMD SEV-SNP
* Intel TDX
On HyperV/Azure, it has special checks for detecting SEV-SNP
since the normal CPUID is blocked.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The article "a" goes before consonant sounds and "an" goes before vowel
sounds. This commit changes an to a for UKI, UDP, UTF-8, URL, UUID, U-Label, UI
and USB, since they start with the sound /ˌjuː/.
quality_check_password() used to return the same value 0 in two
different cases: when pwq_allocate_context() failed with a
ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the
password. As result, users of quality_check_password() used to report
password weakness also in case when the underlying library was not
available.
Fix this by changing quality_check_password() to forward the
ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers
to handle this case gracefully.
--copy-to, --copy-from, --list and --mtree are useful for image directories
as well as image files, so for those verbs, let's check if we were passed
a directory and skip all the image file setup if that's the case.
Let's cast these floats explicitly to usec_t, since implicit
float-to-integer casts are dangerous business, and we should underline
that there's a cast happening here.
Before this patch, if a network has multiple routers and one of them
provides a captive portal, then the portal was overwritten or cleared
when another RA from another router is received.
This makes captive portals managed in the similar way as DNS servers or
DNS domains. So now captive portal can safely handled even if a network
has multiple routers.
Add function to simplify getting the TPM SRK; if one exists, it is provided,
otherwise one is created and then the new SRK provided.
This also add tpm2_create_loaded() and updates tpm2_seal() to use the new
functions instead of tpm2_make_primary().
