mirror of
https://github.com/systemd/systemd
synced 2026-02-25 16:54:44 +01:00
Compare commits
5 Commits
3a7486c9fc
...
a2a78602b0
| Author | SHA1 | Date | |
|---|---|---|---|
|
a2a78602b0 | ||
|
|
0e3e62cfc7 | ||
|
|
1f0bdc7cf6 | ||
|
|
174be83f79 | ||
|
|
29a5ffb82b |
@ -50,7 +50,7 @@
|
||||
they be missing.</para></listitem>
|
||||
|
||||
<listitem><para>A <filename>bind@<replaceable>location</replaceable>/</filename> directory will be bind
|
||||
mounted to the mount point indicated by the <variable>location</variable> identifier, in read-write
|
||||
mounted to the mount point indicated by the <varname>location</varname> identifier, in read-write
|
||||
fashion. The location is encoded via the same escaping logic used for naming <literal>.mount</literal>
|
||||
units, i.e. slashes become dashes.</para></listitem>
|
||||
|
||||
|
||||
12
po/de.po
12
po/de.po
@ -5,7 +5,7 @@
|
||||
# Benjamin Steinwender <b@stbe.at>, 2014.
|
||||
# Bernd Homuth <dev@hmt.im>, 2015.
|
||||
# Fabian Affolter <mail@fabian-affolter.ch>, 2020.
|
||||
# Ettore Atalan <atalanttore@googlemail.com>, 2021, 2024.
|
||||
# Ettore Atalan <atalanttore@googlemail.com>, 2021, 2024, 2026.
|
||||
# Christian Wehrli <christian@chw.onl>, 2021.
|
||||
# Christian Kirbach <christian.kirbach@gmail.com>, 2023.
|
||||
# Jarne Förster <fedora@mymailclient.de>, 2024.
|
||||
@ -16,8 +16,8 @@ msgid ""
|
||||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2025-11-26 01:17+0000\n"
|
||||
"PO-Revision-Date: 2025-11-11 11:42+0000\n"
|
||||
"Last-Translator: Marcel Leismann <tiixrigjekfv@use.startmail.com>\n"
|
||||
"PO-Revision-Date: 2026-02-22 23:58+0000\n"
|
||||
"Last-Translator: Ettore Atalan <atalanttore@googlemail.com>\n"
|
||||
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
|
||||
"main/de/>\n"
|
||||
"Language: de\n"
|
||||
@ -25,7 +25,7 @@ msgstr ""
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
||||
"X-Generator: Weblate 5.14.3\n"
|
||||
"X-Generator: Weblate 5.16\n"
|
||||
|
||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||
msgid "Send passphrase back to system"
|
||||
@ -592,8 +592,8 @@ msgstr "Nicht angemeldetem Benutzer die Ausführung von Programmen erlauben"
|
||||
#: src/login/org.freedesktop.login1.policy:129
|
||||
msgid "Explicit request is required to run programs as a non-logged-in user."
|
||||
msgstr ""
|
||||
"Eine explizite Anfrage ist notwendig, um Programme als nicht angemeldeter "
|
||||
"Benutzer auszuführen."
|
||||
"Explizite Anfrage ist erforderlich, damit nicht angemeldete Benutzer "
|
||||
"Programme ausführen dürfen."
|
||||
|
||||
#: src/login/org.freedesktop.login1.policy:138
|
||||
msgid "Allow non-logged-in users to run programs"
|
||||
|
||||
28
po/he.po
28
po/he.po
@ -1,12 +1,12 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
#
|
||||
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
|
||||
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024, 2026.
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: systemd\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2025-11-26 01:17+0000\n"
|
||||
"PO-Revision-Date: 2024-11-19 07:38+0000\n"
|
||||
"PO-Revision-Date: 2026-02-22 23:58+0000\n"
|
||||
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
|
||||
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
|
||||
"main/he/>\n"
|
||||
@ -16,7 +16,7 @@ msgstr ""
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
|
||||
"n % 10 == 0) ? 2 : 3));\n"
|
||||
"X-Generator: Weblate 5.8.2\n"
|
||||
"X-Generator: Weblate 5.16\n"
|
||||
|
||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||
msgid "Send passphrase back to system"
|
||||
@ -140,12 +140,11 @@ msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש.
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:93
|
||||
msgid "Manage Home Directory Signing Keys"
|
||||
msgstr ""
|
||||
msgstr "ניהול מפתחות חתימת תיקיית הבית"
|
||||
|
||||
#: src/home/org.freedesktop.home1.policy:94
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to manage signing keys for home directories."
|
||||
msgstr "נדרש אימות כדי לנהל שירותי מערכת או יחידות אחרות."
|
||||
msgstr "נדרש אימות כדי לנהל מפתחות חתימה לתיקיות בית."
|
||||
|
||||
#: src/home/pam_systemd_home.c:333
|
||||
#, c-format
|
||||
@ -809,16 +808,14 @@ msgstr ""
|
||||
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
|
||||
|
||||
#: src/machine/org.freedesktop.machine1.policy:106
|
||||
#, fuzzy
|
||||
msgid "Register a local virtual machine or container"
|
||||
msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
|
||||
msgstr "רישום מכונה וירטואלית או מכולה מקומיות"
|
||||
|
||||
#: src/machine/org.freedesktop.machine1.policy:107
|
||||
#, fuzzy
|
||||
msgid ""
|
||||
"Authentication is required to register a local virtual machine or container."
|
||||
msgstr ""
|
||||
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
|
||||
"נדרש אימות כדי לרשום מכונות וירטואליות (VM) או מכולות (container) מקומיות."
|
||||
|
||||
#: src/machine/org.freedesktop.machine1.policy:116
|
||||
msgid "Manage local virtual machine and container images"
|
||||
@ -1038,12 +1035,11 @@ msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
|
||||
|
||||
#: src/resolve/org.freedesktop.resolve1.policy:154
|
||||
msgid "Subscribe to DNS configuration"
|
||||
msgstr ""
|
||||
msgstr "מינוי להגדרות DNS"
|
||||
|
||||
#: src/resolve/org.freedesktop.resolve1.policy:155
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to subscribe to DNS configuration."
|
||||
msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
|
||||
msgstr "נדרש אימות כדי להירשם להגדרות DNS."
|
||||
|
||||
#: src/resolve/org.freedesktop.resolve1.policy:165
|
||||
msgid "Dump cache"
|
||||
@ -1116,9 +1112,8 @@ msgid "Manage optional features"
|
||||
msgstr "ניהול יכולות רשות"
|
||||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
#, fuzzy
|
||||
msgid "Authentication is required to manage optional features."
|
||||
msgstr "נדרש אימות כדי לנהל יכולות רשות"
|
||||
msgstr "נדרש אימות כדי לנהל יכולות רשות."
|
||||
|
||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||
msgid "Set system time"
|
||||
@ -1182,11 +1177,10 @@ msgid ""
|
||||
msgstr "נדרש אימות כדי לשלוח אות יוניקס לתהליכים של ‚$(unit)’."
|
||||
|
||||
#: src/core/dbus-unit.c:620
|
||||
#, fuzzy
|
||||
msgid ""
|
||||
"Authentication is required to send a UNIX signal to the processes of "
|
||||
"subgroup of '$(unit)'."
|
||||
msgstr "נדרש אימות כדי לשלוח אות יוניקס לתהליכים של ‚$(unit)’."
|
||||
msgstr "נדרש אימות כדי לשלוח אות יוניקס לתהליכים של תת־קבוצה של ‚$(unit)’."
|
||||
|
||||
#: src/core/dbus-unit.c:648
|
||||
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
|
||||
|
||||
@ -633,6 +633,31 @@ static int vl_method_mount_image(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
for (;;) {
|
||||
use_policy = image_policy_free(use_policy);
|
||||
ps = mfree(ps);
|
||||
|
||||
/* We use the image policy for trusted images if either the path is below a trusted
|
||||
* directory, or if we have already acquired a PK authentication that tells us that untrusted
|
||||
* images are OK */
|
||||
bool use_trusted_policy =
|
||||
image_is_trusted ||
|
||||
polkit_have_untrusted_action;
|
||||
|
||||
r = determine_image_policy(
|
||||
image_fd,
|
||||
use_trusted_policy,
|
||||
p.image_policy,
|
||||
&use_policy);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = image_policy_to_string(use_policy, /* simplify= */ true, &ps);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
log_debug("Using image policy: %s", ps);
|
||||
|
||||
r = dissected_image_decrypt(
|
||||
di,
|
||||
/* root= */ NULL,
|
||||
@ -640,10 +665,33 @@ static int vl_method_mount_image(
|
||||
&verity,
|
||||
use_policy,
|
||||
dissect_flags);
|
||||
if (r == -ENOKEY) /* new dm-verity userspace returns ENOKEY if the dm-verity signature key is not in
|
||||
* key chain. That's great. */
|
||||
if (r == -EDESTADDRREQ) {
|
||||
/* new dm-verity userspace returns ENOKEY if the dm-verity signature key is not in
|
||||
* key chain which we mangle to EDESTADDRREQ. That's great. */
|
||||
|
||||
if (!polkit_have_untrusted_action) {
|
||||
log_debug("Missing verity key in kernel and userspace. Trying a stronger polkit authentication before continuing.");
|
||||
r = varlink_verify_polkit_async_full(
|
||||
link,
|
||||
/* bus= */ NULL,
|
||||
polkit_untrusted_action,
|
||||
polkit_details,
|
||||
/* good_user= */ UID_INVALID,
|
||||
/* flags= */ 0, /* NB: the image cannot be authenticated, hence unless PK is around to allow this anyway, fail! */
|
||||
polkit_registry);
|
||||
if (r <= 0 && !ERRNO_IS_NEG_PRIVILEGE(r))
|
||||
return r;
|
||||
if (r > 0) {
|
||||
/* Try again, now that we know the client has enough privileges. */
|
||||
log_debug("Missing verity key in kernel and userspace, retrying after polkit authentication.");
|
||||
polkit_have_untrusted_action = true;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
return sd_varlink_error(link, "io.systemd.MountFileSystem.KeyNotFound", NULL);
|
||||
if (r == -EBUSY) /* DM kernel subsystem is shit with returning useful errors hence we keep retrying
|
||||
}
|
||||
if (r == -EBUSY) /* DM kernel subsystem is bad at returning useful errors hence we keep retrying
|
||||
* under the assumption that some errors are transitional. Which the errors might
|
||||
* not actually be. After all retries failed we return EBUSY. Let's turn that into a
|
||||
* generic Verity error. It's not very helpful, could mean anything, but at least it
|
||||
@ -652,6 +700,10 @@ static int vl_method_mount_image(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* Success */
|
||||
break;
|
||||
}
|
||||
|
||||
r = dissected_image_mount(
|
||||
di,
|
||||
/* where= */ NULL,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user