Without `--root` or `--image`, the `security` command inspects all currently
loaded service units if no unit name is specified. But with `--root` or
`--image` with `--offline=true`, the `security` command exits silently if no
unit name is specified.
Also, fixed description of `--root` and `--image` in the man page, and added
missing `--unit` option to help text.
Arch finally made dbus-broker the default dbus daemon [0], but unlike
Fedora they don't use Alias=dbus.service to make the dbus.symlink under
/etc, instead they create the symlink manually under /usr/lib, so let's
account for that.
[0] b24d15795a
The data may be from user input or file. We usually use assertion for
programming error. Hence, using assert is not a good choise there.
Preparation for later commits.
This is a follow-up for #30786 and uses it to assign
ID_NET_MANAGED_BY=io.systemd.Network to all all network interfaces that
we consider ours to manage. This should hopefully have the effect that
other well-behaving managers won't fight for these devices.
This doesn't bother with network interfaces we match inside containers,
since udev is not available there anyway.
In some rare cases, a watchdog driver might neither be able to change
the watchdog timeout value, nor read it from the hardware at runtime.
With an otherwise functional watchdog setup, this constellation worked
until systemd v249. Since then, systemd ends up ignoring the timeout
defined by the system.conf and rather uses USEC_INFINITY. Consequently,
the watchdog is not pinged anymore and eventually resets the system.
We therefore want to ensure that the system keeps running with the
originally configured timeout.
pam_prompt() will log very noisely at high error levels if it is called
without a conversation function that works. This is however a frequent
case, given that ssh doesn't provide one. To tone down the misleading
logging a bit, implement our own pam_prompt_graceful() that is just like
pam_prompt(), but reports errors back the caller who then logs (which we
generally do anyway).
Introduce a _very_ simple DNS server using our internal DNS-related
code, that responds to queries with specifically crafted packets, to
cover scenarios that are difficult to reproduce with well-behaving DNS
servers.
Also, hide the test DNS server behind Knot using the dnsproxy module, so
we don't have to switch DNS servers during tests.
- add missing initialization for DnsQuery.answer_ede_rcode,
- clear EDE code and message in dns_transaction_reset_answer(),
otherwise the previous EDE code or message may be mistakenly reused
on restart. This fixes memory leak of DnsTransaction.answer_ede_msg.
- also clear EDE code and message in dns_query_reset_answer(),
otherwise ede message is leaked if dns_query_accept() is called
multiple times for the same DnsQuery.
Follow-up for 9ca133e97a.
Fixes#30752.
In some environments, such as a LXD container, the netns setup might
fail because ip netns exec fails trying to mount /sys:
$ systemd-detect-virt
lxc
$ ip link add dummy-test-exec type dummy
$ ip netns add test-execute-netns
$ ip netns exec test-execute-netns ip link add dummy-test-ns type dummy
mount of /sys failed: Operation not permitted
If this setup fails, test_exec_networknamespacepath will fail, so check
the exit codes for these setup calls and skip the test if necessary.
This partially reverts commit 9ca133e97a.
Not only there is no reason to introduce a new transaction failure state,
but also the commit introduces several severe issues.
Fixes#30776, #30779.
