mirror of
https://github.com/systemd/systemd
synced 2026-04-23 15:34:50 +02:00
Compare commits
5 Commits
608c3b0293
...
288bd40620
| Author | SHA1 | Date | |
|---|---|---|---|
|
288bd40620 | ||
|
|
0c6e746b86 | ||
|
|
ec4954d934 | ||
|
|
53350c7bba | ||
|
|
505df87ea8 |
254
NEWS
254
NEWS
@ -65,7 +65,7 @@ CHANGES WITH 251 in spe:
|
||||
(as exposed via the SystemCallFilter= setting in service unit files).
|
||||
It is apparently used by the linker now.
|
||||
|
||||
New functionality and other changes:
|
||||
Changes for Boot Loader Specification, kernel-install and sd-boot:
|
||||
|
||||
* kernel-install's and bootctl's Boot Loader Specification Type #1
|
||||
entry generation logic has been reworked. The user may now pick
|
||||
@ -113,6 +113,31 @@ CHANGES WITH 251 in spe:
|
||||
location. kernel-install will move them when all files have been
|
||||
prepared successfully.
|
||||
|
||||
* New option sort-key= has been added to the Boot Loader Specification
|
||||
to override the sorting order of the entries in the boot menu. It is
|
||||
read by sd-boot and bootctl, and will be written by kernel-install,
|
||||
with the default value of IMAGE_ID= or ID= fields from
|
||||
os-release. Together, this means that on multiboot installations,
|
||||
entries should be grouped and sorted in a predictable way.
|
||||
|
||||
* The kernel-install tool gained a new 'inspect' verb which shows the
|
||||
paths and other settings used.
|
||||
|
||||
* sd-boot can now optionally beep when the menu is shown and menu
|
||||
entries are selected, which can be useful on machines without a
|
||||
working display. (Controllable via a loader.conf setting.)
|
||||
|
||||
* The --make-machine-id-directory= switch to bootctl has been replaced
|
||||
by --make-entry-directory=, given that the entry directory is not
|
||||
necessarily named after the machine ID, but after some other suitable
|
||||
ID as selected via --entry-token= described above. The old name of
|
||||
the option is still understood to maximize compatibility.
|
||||
|
||||
* 'bootctl list' gained support for a new --json= switch to output boot
|
||||
menu entries in JSON format.
|
||||
|
||||
Changes for homed:
|
||||
|
||||
* Starting with v250 systemd-homed uses UID/GID mapping on the mounts
|
||||
of activated home directories it manages (if the kernel and selected
|
||||
file systems support it). So far it mapped three UID ranges: the
|
||||
@ -147,14 +172,7 @@ CHANGES WITH 251 in spe:
|
||||
handling, and improving compatibility with home directories intended
|
||||
to be portable like the ones managed by systemd-homed.
|
||||
|
||||
* The journal JSON export format has been added to listed of stable
|
||||
interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
|
||||
|
||||
* /etc/locale.conf is now populated through tmpfiles.d factory /etc/
|
||||
handling with the values that were configured during systemd build
|
||||
(if /etc/locale.conf has not been created through some other
|
||||
mechanism). This means that /etc/locale.conf should always have
|
||||
reasonable contents and we avoid a potential mismatch in defaults.
|
||||
Changes for shared libraries:
|
||||
|
||||
* A new libsystemd-core-<version>.so private shared library is
|
||||
installed under /usr/lib/systemd/system, mirroring the existing
|
||||
@ -170,6 +188,12 @@ CHANGES WITH 251 in spe:
|
||||
fail to execute because they were installed earlier or later than the
|
||||
appropriate version of the library.
|
||||
|
||||
* The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
|
||||
similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
|
||||
format instead of simple series of hex characters.
|
||||
|
||||
Changes for PID1 and systemctl:
|
||||
|
||||
* A new set of service monitor environment variables will be passed to
|
||||
OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
|
||||
handler unit as OnFailure=/OnSuccess=. The variables are:
|
||||
@ -184,50 +208,6 @@ CHANGES WITH 251 in spe:
|
||||
|
||||
'portablectl attach --extension=' now also accepts directory paths.
|
||||
|
||||
* HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
|
||||
to override the values gleaned from the hwdb.
|
||||
|
||||
* A ID_CHASSIS property can be set in the hwdb (for the DMI device
|
||||
/sys/class/dmi/id) to override the chassis that is reported by
|
||||
hostnamed.
|
||||
|
||||
* hostnamed's D-Bus interface gained a new method GetHardwareSerial()
|
||||
for reading the hardware serial number, as reportd by DMI.
|
||||
|
||||
* Two new hwdb files have been added. One lists "handhelds" (PDAs,
|
||||
calculators, etc.), the other AV production devices (DJ tables,
|
||||
keypads, etc.) that should accessible to the seat owner user by
|
||||
default.
|
||||
|
||||
* A new unit systemd-networkd-wait-online@<interface>.service has been
|
||||
added that can be used to wait for a specific network interface to be
|
||||
up.
|
||||
|
||||
* systemd-resolved is started earlier (in sysinit.target), so it
|
||||
available earlier and will also be started in the initrd if installed
|
||||
there.
|
||||
|
||||
* udevadm trigger gained a new --prioritized-subsystem= option to
|
||||
process certain subsystems (and all their parent devices) earlier.
|
||||
|
||||
systemd-udev-trigger.service now uses this new option to trigger
|
||||
block and TPM devices first, hopefully making the boot a bit faster.
|
||||
|
||||
* udevadm trigger now implements --type=all, --initialized-match,
|
||||
--initialized-nomatch to trigger both subsystems and devices, only
|
||||
already-initialized devices, and only devices which haven't been
|
||||
initialized yet, respectively.
|
||||
|
||||
* systemd-cryptenroll can now control whether to require the user to
|
||||
enter a PIN when using TPM-based unlocking of a volume via the new
|
||||
--tpm2-with-pin= option.
|
||||
|
||||
Option tpm2-pin= can be used in /etc/crypttab.
|
||||
|
||||
* When unlocking devices via TPM, TPM2 parameter encryption is now
|
||||
used, to ensure that communication between CPU and discrete TPM chips
|
||||
cannot be eavesdropped to acquire disk encryption keys.
|
||||
|
||||
* The user.delegate and user.invocation_id extended attributes on
|
||||
cgroups are used in addition to trusted.delegate and
|
||||
trusted.invocation_id. The latter pair requires privileges to set,
|
||||
@ -236,17 +216,6 @@ CHANGES WITH 251 in spe:
|
||||
|
||||
(Only supported on kernels ≥5.6.)
|
||||
|
||||
* New option sort-key= has been added to the Boot Loader Specification
|
||||
to override the sorting order of the entries in the boot menu. It is
|
||||
read by sd-boot and bootctl, and will be written by kernel-install,
|
||||
with the default value of IMAGE_ID= or ID= fields from
|
||||
os-release. Together, this means that on multiboot installations,
|
||||
entries should be grouped and sorted in a predictable way.
|
||||
|
||||
* sd-boot can now optionally beep when the menu is shown and menu
|
||||
entries are selected, which can be useful on machines without a
|
||||
working display. (Controllable via a loader.conf setting.)
|
||||
|
||||
* In unit files the new %y/%Y specifiers can be used to refer to
|
||||
normalized unit file path, which is particularly useful for symlinked
|
||||
unit files.
|
||||
@ -266,15 +235,6 @@ CHANGES WITH 251 in spe:
|
||||
services, i.e. those run by the user's --user service manager, as long
|
||||
as user namespaces are enabled on the system.
|
||||
|
||||
* The --make-machine-id-directory= switch to bootctl has been replaced
|
||||
by --make-entry-directory=, given that the entry directory is not
|
||||
necessarily named after the machine ID, but after some other suitable
|
||||
ID as selected via --entry-token= described above. The old name of
|
||||
the option is still understood to maximize compatibility.
|
||||
|
||||
* 'bootctl list' gained support for a new --json= switch to output boot
|
||||
menu entries in JSON format.
|
||||
|
||||
* Services with Restart=always and a failing ExecCondition= will no
|
||||
longer be restarted, to bring ExecCondition= behaviour in line with
|
||||
Condition*= settings.
|
||||
@ -286,31 +246,18 @@ CHANGES WITH 251 in spe:
|
||||
that encapsulates the service's numeric cgroup ID that newer kernels
|
||||
assign to each cgroup.
|
||||
|
||||
* systemd-networkd gained a new [Bridge] Isolated=true|false setting
|
||||
that configures the eponymous kernel attribute on the bridge.
|
||||
* PID 1 gained support for configuring the "pre-timeout" of watchdog
|
||||
devices and the associated governor, via the new
|
||||
RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
|
||||
options in /etc/systemd/system.conf.
|
||||
|
||||
* .netdev files now can be used to create virtual WLAN devices, and
|
||||
configure various settings on them, via the [VirtualWLAN] section.
|
||||
* systemctl's --timestamp= option gained a new choice "unix", to show
|
||||
timestamp as unix times, i.e. seconds since 1970, Jan 1st.
|
||||
|
||||
* .link files gained support for [Match] Firmware= setting to match on
|
||||
the device firmware description string. By mistake, it was previously
|
||||
only supported in .network files.
|
||||
Changes for journald:
|
||||
|
||||
* .link/.network files gained support for [Match] Kind= setting to match
|
||||
on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
|
||||
|
||||
This value is also shown by 'networkctl status'.
|
||||
|
||||
* .link files gained support for setting MDI/MID-X on a link.
|
||||
|
||||
* The Local= setting for various virtual network devices gained support
|
||||
for specifying, in addition to the network address, the name of a
|
||||
local interface which must have the specified address.
|
||||
|
||||
* New [DHCPServer] BootServerName=, BootServerAddress=, and
|
||||
BootFilename= settings can be used to configure the server address,
|
||||
server name, and file name sent in the DHCP packet (e.g. to configure
|
||||
PXE boot).
|
||||
* The journal JSON export format has been added to listed of stable
|
||||
interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
|
||||
|
||||
* journalctl --list-boots now supports JSON output and the --reverse option.
|
||||
|
||||
@ -320,24 +267,113 @@ CHANGES WITH 251 in spe:
|
||||
https://systemd.io/JOURNAL_EXPORT_FORMATS
|
||||
https://systemd.io/BUILDING_IMAGES
|
||||
|
||||
* The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
|
||||
similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
|
||||
format instead of simple series of hex characters.
|
||||
Changes for udev:
|
||||
|
||||
* Two new hwdb files have been added. One lists "handhelds" (PDAs,
|
||||
calculators, etc.), the other AV production devices (DJ tables,
|
||||
keypads, etc.) that should accessible to the seat owner user by
|
||||
default.
|
||||
|
||||
* udevadm trigger gained a new --prioritized-subsystem= option to
|
||||
process certain subsystems (and all their parent devices) earlier.
|
||||
|
||||
systemd-udev-trigger.service now uses this new option to trigger
|
||||
block and TPM devices first, hopefully making the boot a bit faster.
|
||||
|
||||
* udevadm trigger now implements --type=all, --initialized-match,
|
||||
--initialized-nomatch to trigger both subsystems and devices, only
|
||||
already-initialized devices, and only devices which haven't been
|
||||
initialized yet, respectively.
|
||||
|
||||
* .link files gained support for setting MDI/MID-X on a link.
|
||||
|
||||
* .link files gained support for [Match] Firmware= setting to match on
|
||||
the device firmware description string. By mistake, it was previously
|
||||
only supported in .network files.
|
||||
|
||||
* .link files gained support for [Link] SR-IOVVirtualFunctions= setting
|
||||
and [SR-IOV] section to configure SR-IOV virtual functions.
|
||||
|
||||
Changes for networkd:
|
||||
|
||||
* The default scope for unicast routes configured through [Route]
|
||||
section is changed to "link", to make the behavior consistent with
|
||||
"ip route" command. The manual configuration of [Route] Scope= is
|
||||
still honored.
|
||||
|
||||
* A new unit systemd-networkd-wait-online@<interface>.service has been
|
||||
added that can be used to wait for a specific network interface to be
|
||||
up.
|
||||
|
||||
* systemd-networkd gained a new [Bridge] Isolated=true|false setting
|
||||
that configures the eponymous kernel attribute on the bridge.
|
||||
|
||||
* .netdev files now can be used to create virtual WLAN devices, and
|
||||
configure various settings on them, via the [WLAN] section.
|
||||
|
||||
* .link/.network files gained support for [Match] Kind= setting to match
|
||||
on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
|
||||
|
||||
This value is also shown by 'networkctl status'.
|
||||
|
||||
* The Local= setting in .netdev files for various virtual network
|
||||
devices gained support for specifying, in addition to the network
|
||||
address, the name of a local interface which must have the specified
|
||||
address.
|
||||
|
||||
* systemd-networkd gained a new [Tunnel] External= setting in .netdev
|
||||
files, to configure tunnels in external mode (a.k.a. collect metadata
|
||||
mode).
|
||||
|
||||
* [Network] L2TP= setting was removed. Please use interface specifier in
|
||||
Local= setting in .netdev files of corresponding L2TP interface.
|
||||
|
||||
* New [DHCPServer] BootServerName=, BootServerAddress=, and
|
||||
BootFilename= settings can be used to configure the server address,
|
||||
server name, and file name sent in the DHCP packet (e.g. to configure
|
||||
PXE boot).
|
||||
|
||||
Changes for resolved:
|
||||
|
||||
* systemd-resolved is started earlier (in sysinit.target), so it
|
||||
available earlier and will also be started in the initrd if installed
|
||||
there.
|
||||
|
||||
Changes for disk encryption:
|
||||
|
||||
* systemd-cryptenroll can now control whether to require the user to
|
||||
enter a PIN when using TPM-based unlocking of a volume via the new
|
||||
--tpm2-with-pin= option.
|
||||
|
||||
Option tpm2-pin= can be used in /etc/crypttab.
|
||||
|
||||
* When unlocking devices via TPM, TPM2 parameter encryption is now
|
||||
used, to ensure that communication between CPU and discrete TPM chips
|
||||
cannot be eavesdropped to acquire disk encryption keys.
|
||||
|
||||
Changes for hostnamed:
|
||||
|
||||
* HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
|
||||
to override the values gleaned from the hwdb.
|
||||
|
||||
* A ID_CHASSIS property can be set in the hwdb (for the DMI device
|
||||
/sys/class/dmi/id) to override the chassis that is reported by
|
||||
hostnamed.
|
||||
|
||||
* hostnamed's D-Bus interface gained a new method GetHardwareSerial()
|
||||
for reading the hardware serial number, as reportd by DMI.
|
||||
|
||||
Changes for other components:
|
||||
|
||||
* /etc/locale.conf is now populated through tmpfiles.d factory /etc/
|
||||
handling with the values that were configured during systemd build
|
||||
(if /etc/locale.conf has not been created through some other
|
||||
mechanism). This means that /etc/locale.conf should always have
|
||||
reasonable contents and we avoid a potential mismatch in defaults.
|
||||
|
||||
* The userdbctl tool will now show UID range information as part of the
|
||||
list of known users.
|
||||
|
||||
* systemctl's --timestamp= option gained a new choice "unix", to show
|
||||
timestamp as unix times, i.e. seconds since 1970, Jan 1st.
|
||||
|
||||
* PID 1 gained support for configuring the "pre-timeout" of watchdog
|
||||
devices and the associated governor, via the new
|
||||
RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
|
||||
options in /etc/systemd/system.conf.
|
||||
|
||||
* The kernel-install tool gained a new 'inspect' verb which shows the
|
||||
paths and other settings used.
|
||||
|
||||
Experimental features:
|
||||
|
||||
* sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
|
||||
|
||||
2
TODO
2
TODO
@ -1352,7 +1352,7 @@ Features:
|
||||
- on login, if we can't fallocate initially, but rebalance is on, then allow
|
||||
login in discard mode, then immediately rebalance, then turn off discard
|
||||
- extend user records with optional "bulk" data. Specifically, a user
|
||||
avatar/photo or so. This data should be stored along wiht the user record,
|
||||
avatar/photo or so. This data should be stored along with the user record,
|
||||
but probably shouldn't be part of the record itself, since it might be
|
||||
large.
|
||||
|
||||
|
||||
@ -92,9 +92,9 @@ $ ./generate-package-notes.py --rpm systemd-248~rc2-1.fc33.arm32 --cpe cpe:/o:fe
|
||||
SECTIONS
|
||||
{
|
||||
.note.package (READONLY) : ALIGN(4) {
|
||||
BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
|
||||
BYTE(0x7b) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
|
||||
BYTE(0x7e) BYTE(0x1a) BYTE(0xfe) BYTE(0xca) /* Note ID */
|
||||
LONG(0x0004) /* Length of Owner including NUL */
|
||||
LONG(0x007b) /* Length of Value including NUL */
|
||||
LONG(0xcafe1a7e) /* Note ID */
|
||||
BYTE(0x46) BYTE(0x44) BYTE(0x4f) BYTE(0x00) /* Owner: 'FDO\x00' */
|
||||
BYTE(0x7b) BYTE(0x22) BYTE(0x74) BYTE(0x79) /* Value: '{"type":"rpm","name":"systemd","version":"248~rc2-1.fc33","architecture":"arm32","osCpe":"cpe:/o:fedoraproject:fedora:33"}\x00\x00' */
|
||||
BYTE(0x70) BYTE(0x65) BYTE(0x22) BYTE(0x3a)
|
||||
|
||||
@ -193,8 +193,8 @@
|
||||
<row><entry><varname>ipoib</varname></entry>
|
||||
<entry>An IP over Infiniband subinterface.</entry></row>
|
||||
|
||||
<row><entry><varname>virtual-wlan</varname></entry>
|
||||
<entry>A virtual local wireless network (WLAN) interface.</entry></row>
|
||||
<row><entry><varname>wlan</varname></entry>
|
||||
<entry>A virtual wireless network (WLAN) interface.</entry></row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
@ -2186,17 +2186,16 @@
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>[VirtualWLAN] Section Options</title>
|
||||
<para>The [VirtualWLAN] section only applies to virtual WLAN interfaces, and accepts the following
|
||||
keys:</para>
|
||||
<title>[WLAN] Section Options</title>
|
||||
<para>The [WLAN] section only applies to WLAN interfaces, and accepts the following keys:</para>
|
||||
|
||||
<variablelist class='network-directives'>
|
||||
<varlistentry>
|
||||
<term><varname>PhysicalDevice=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the name or index of the WLAN physical WLAN device (e.g. <literal>0</literal>
|
||||
or <literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can
|
||||
be obtained by <command>iw phy</command> command. This option is mandatory.</para>
|
||||
<para>Specifies the name or index of the physical WLAN device (e.g. <literal>0</literal> or
|
||||
<literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can be
|
||||
obtained by <command>iw phy</command> command. This option is mandatory.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
@ -760,6 +760,10 @@ conf.set('TIME_EPOCH', time_epoch)
|
||||
|
||||
conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max'))
|
||||
|
||||
default_user_shell = get_option('default-user-shell')
|
||||
conf.set_quoted('DEFAULT_USER_SHELL', default_user_shell)
|
||||
conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell))
|
||||
|
||||
foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1], # Also see login.defs(5).
|
||||
['system-uid-max', 'SYS_UID_MAX', 999],
|
||||
['system-alloc-gid-min', 'SYS_GID_MIN', 1],
|
||||
|
||||
@ -220,6 +220,8 @@ option('time-epoch', type : 'integer', value : '-1',
|
||||
description : 'time epoch for time clients')
|
||||
option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years
|
||||
description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error')
|
||||
option('default-user-shell', type : 'string', value : '/bin/bash',
|
||||
description : 'default interactive shell')
|
||||
|
||||
option('system-alloc-uid-min', type : 'integer', value : '-1',
|
||||
description : 'minimum system UID used when allocating')
|
||||
|
||||
@ -2644,7 +2644,7 @@ static int manager_dispatch_sigchld(sd_event_source *source, void *userdata) {
|
||||
* We only do this for the cgroup the PID belonged to. */
|
||||
(void) unit_check_oom(u1);
|
||||
|
||||
/* We check if systemd-oomd perfomed a kill so that we log and notify appropriately */
|
||||
/* We check if systemd-oomd performed a kill so that we log and notify appropriately */
|
||||
(void) unit_check_oomd_kill(u1);
|
||||
|
||||
manager_invoke_sigchld_event(m, u1, &si);
|
||||
|
||||
@ -1939,7 +1939,7 @@ static void schedule_post_change(JournalFile *f) {
|
||||
|
||||
assert_se(e = sd_event_source_get_event(f->post_change_timer));
|
||||
|
||||
/* If we are aleady going down, post the change immediately. */
|
||||
/* If we are already going down, post the change immediately. */
|
||||
if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED))
|
||||
goto fail;
|
||||
|
||||
|
||||
@ -259,6 +259,6 @@ BatmanAdvanced.RoutingAlgorithm, config_parse_batadv_routing_algorithm,
|
||||
IPoIB.PartitionKey, config_parse_ipoib_pkey, 0, offsetof(IPoIB, pkey)
|
||||
IPoIB.Mode, config_parse_ipoib_mode, 0, offsetof(IPoIB, mode)
|
||||
IPoIB.IgnoreUserspaceMulticastGroups, config_parse_tristate, 0, offsetof(IPoIB, umcast)
|
||||
VirtualWLAN.PhysicalDevice, config_parse_wiphy, 0, 0
|
||||
VirtualWLAN.Type, config_parse_wlan_iftype, 0, offsetof(WLan, iftype)
|
||||
VirtualWLAN.WDS, config_parse_tristate, 0, offsetof(WLan, wds)
|
||||
WLAN.PhysicalDevice, config_parse_wiphy, 0, 0
|
||||
WLAN.Type, config_parse_wlan_iftype, 0, offsetof(WLan, iftype)
|
||||
WLAN.WDS, config_parse_tristate, 0, offsetof(WLan, wds)
|
||||
|
||||
@ -128,7 +128,7 @@ static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
|
||||
[NETDEV_KIND_VXCAN] = "vxcan",
|
||||
[NETDEV_KIND_VXLAN] = "vxlan",
|
||||
[NETDEV_KIND_WIREGUARD] = "wireguard",
|
||||
[NETDEV_KIND_WLAN] = "virtual-wlan",
|
||||
[NETDEV_KIND_WLAN] = "wlan",
|
||||
[NETDEV_KIND_XFRM] = "xfrm",
|
||||
};
|
||||
|
||||
|
||||
@ -41,9 +41,9 @@
|
||||
"-VRF\0" \
|
||||
"-VXCAN\0" \
|
||||
"-VXLAN\0" \
|
||||
"-WLAN\0" \
|
||||
"-WireGuard\0" \
|
||||
"-WireGuardPeer\0" \
|
||||
"-VirtualWLAN\0" \
|
||||
"-Xfrm\0"
|
||||
|
||||
typedef enum NetDevKind {
|
||||
|
||||
@ -249,7 +249,7 @@ const NetDevVTable wlan_vtable = {
|
||||
.object_size = sizeof(WLan),
|
||||
.init = wlan_init,
|
||||
.done = wlan_done,
|
||||
.sections = NETDEV_COMMON_SECTIONS "VirtualWLAN\0",
|
||||
.sections = NETDEV_COMMON_SECTIONS "WLAN\0",
|
||||
.is_ready_to_create = wlan_is_ready_to_create,
|
||||
.create = wlan_create,
|
||||
.create_type = NETDEV_CREATE_INDEPENDENT,
|
||||
|
||||
@ -3550,10 +3550,13 @@ static int inner_child(
|
||||
/* If we cannot change the directory, we'll end up in /, that is expected. */
|
||||
(void) chdir(home ?: "/root");
|
||||
|
||||
execle(DEFAULT_USER_SHELL, "-" DEFAULT_USER_SHELL_NAME, NULL, env_use);
|
||||
if (!streq(DEFAULT_USER_SHELL, "/bin/bash"))
|
||||
execle("/bin/bash", "-bash", NULL, env_use);
|
||||
if (!streq(DEFAULT_USER_SHELL, "/bin/sh"))
|
||||
execle("/bin/sh", "-sh", NULL, env_use);
|
||||
|
||||
exec_target = "/bin/bash, /bin/sh";
|
||||
exec_target = DEFAULT_USER_SHELL ", /bin/bash, /bin/sh";
|
||||
}
|
||||
|
||||
return log_error_errno(errno, "execv(%s) failed: %m", exec_target);
|
||||
|
||||
@ -1747,7 +1747,7 @@ const char *user_record_shell(UserRecord *h) {
|
||||
return "/bin/sh";
|
||||
|
||||
if (user_record_disposition(h) == USER_REGULAR)
|
||||
return "/bin/bash";
|
||||
return DEFAULT_USER_SHELL;
|
||||
|
||||
return NOLOGIN;
|
||||
}
|
||||
|
||||
@ -246,7 +246,7 @@ RoutingAlgorithm=
|
||||
PartitionKey=
|
||||
Mode=
|
||||
IgnoreUserspaceMulticastGroups=
|
||||
[VirtualWLAN]
|
||||
[WLAN]
|
||||
PhysicalDevice=
|
||||
Type=
|
||||
WDS=
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user