Compare commits
6 Commits
ddd6dd9f23
...
1b97c5cba5
| Author | SHA1 | Date |
|---|---|---|
Yu Watanabe
|
1b97c5cba5 | |
|
Michal Suchanek
|
3224e38bb6 | |
|
Zbigniew Jędrzejewski-Szmek
|
bf645844f7 | |
|
Zbigniew Jędrzejewski-Szmek
|
41b6ae4da3 | |
|
Zbigniew Jędrzejewski-Szmek
|
e6fd398d61 | |
|
Zbigniew Jędrzejewski-Szmek
|
e0c60bf6a0 |
|
|
@ -357,11 +357,11 @@
|
|||
|
||||
<listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
|
||||
(e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
|
||||
<literal>hmac-secret</literal> extension, that shall be able to unlock the user account. If used, a
|
||||
random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a
|
||||
HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the
|
||||
user account. The random salt is included in the user record, so that whenever authentication is
|
||||
needed it can be passed again to the FIDO2 token, to retrieve the actual key.</para>
|
||||
<literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
|
||||
value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
|
||||
salt using an internal secret key. The result is then used as the key to unlock the user account. The
|
||||
random salt is included in the user record, so that whenever authentication is needed it can be
|
||||
passed to the FIDO2 token again.</para>
|
||||
|
||||
<para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
|
||||
<literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is
|
||||
|
|
|
|||
|
|
@ -125,16 +125,16 @@
|
|||
<term><varname>KillOnlyUsers=</varname></term>
|
||||
<term><varname>KillExcludeUsers=</varname></term>
|
||||
|
||||
<listitem><para>These settings take space-separated lists of usernames that override
|
||||
the <varname>KillUserProcesses=</varname> setting. A user name may be added to
|
||||
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
|
||||
that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
|
||||
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
|
||||
excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
|
||||
to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
|
||||
is checked next. If this setting is specified, only the session scopes of those users
|
||||
will be killed. Otherwise, users are subject to the
|
||||
<varname>KillUserProcesses=yes</varname> setting.</para></listitem>
|
||||
<listitem><para>These settings take space-separated lists of usernames that override the
|
||||
<varname>KillUserProcesses=</varname> setting. A user name may be added to
|
||||
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
|
||||
being killed even if <varname>KillUserProcesses=yes</varname> is set. If
|
||||
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
|
||||
default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
|
||||
default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
|
||||
setting is specified, only the processes in the session scopes of those users will be
|
||||
killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry valign="top" morerows="12">VM</entry>
|
||||
<entry valign="top" morerows="13">VM</entry>
|
||||
<entry><varname>qemu</varname></entry>
|
||||
<entry>QEMU software virtualization, without KVM</entry>
|
||||
</row>
|
||||
|
|
@ -92,6 +92,11 @@
|
|||
<entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><varname>powervm</varname></entry>
|
||||
<entry>IBM PowerVM hypervisor - comes as firmware with some IBM POWER servers</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><varname>xen</varname></entry>
|
||||
<entry>Xen hypervisor (only domU, not dom0)</entry>
|
||||
|
|
|
|||
|
|
@ -711,20 +711,16 @@
|
|||
<varlistentry>
|
||||
<term><varname>DestinationPort=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures the default destination UDP port on a per-device basis.
|
||||
If destination port is not specified then Linux kernel default will be used.
|
||||
Set destination port 4789 to get the IANA assigned value. If not set or if the
|
||||
destination port is assigned the empty string the default port of 4789 is used.</para>
|
||||
<para>Configures the default destination UDP port. If the destination port is not specified then
|
||||
Linux kernel default will be used. Set to 4789 to get the IANA assigned value.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>PortRange=</varname></term>
|
||||
<listitem>
|
||||
<para>Configures VXLAN port range. VXLAN bases source
|
||||
UDP port based on flow to help the receiver to be able
|
||||
to load balance based on outer header flow. It
|
||||
restricts the port range to the normal UDP local
|
||||
ports, and allows overriding via configuration.</para>
|
||||
<para>Configures the source port range for the VXLAN. The kernel assigns the source UDP port based
|
||||
on the flow to help the receiver to do load balancing. When this option is not set, the normal
|
||||
range of local UDP ports is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -1160,6 +1160,7 @@
|
|||
<literal>vmware</literal>,
|
||||
<literal>microsoft</literal>,
|
||||
<literal>oracle</literal>,
|
||||
<literal>powervm</literal>,
|
||||
<literal>xen</literal>,
|
||||
<literal>bochs</literal>,
|
||||
<literal>uml</literal>,
|
||||
|
|
|
|||
|
|
@ -93,6 +93,11 @@ static int detect_vm_device_tree(void) {
|
|||
_cleanup_closedir_ DIR *dir = NULL;
|
||||
struct dirent *dent;
|
||||
|
||||
if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 &&
|
||||
access("/proc/device-tree/hmc-managed?", F_OK) == 0 &&
|
||||
access("/proc/device-tree/chosen/qemu,graphic-width", F_OK) != 0)
|
||||
return VIRTUALIZATION_POWERVM;
|
||||
|
||||
dir = opendir("/proc/device-tree");
|
||||
if (!dir) {
|
||||
if (errno == ENOENT) {
|
||||
|
|
@ -679,6 +684,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
|
|||
[VIRTUALIZATION_BHYVE] = "bhyve",
|
||||
[VIRTUALIZATION_QNX] = "qnx",
|
||||
[VIRTUALIZATION_ACRN] = "acrn",
|
||||
[VIRTUALIZATION_POWERVM] = "powervm",
|
||||
[VIRTUALIZATION_VM_OTHER] = "vm-other",
|
||||
|
||||
[VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ enum {
|
|||
VIRTUALIZATION_BHYVE,
|
||||
VIRTUALIZATION_QNX,
|
||||
VIRTUALIZATION_ACRN,
|
||||
VIRTUALIZATION_POWERVM,
|
||||
VIRTUALIZATION_VM_OTHER,
|
||||
VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER,
|
||||
|
||||
|
|
|
|||
|
|
@ -45,12 +45,12 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set **settle_s
|
|||
|
||||
r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER);
|
||||
if (r < 0) {
|
||||
bool ignore = r == -ENOENT;
|
||||
bool ignore = IN_SET(r, -ENOENT, -ENODEV);
|
||||
|
||||
log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r,
|
||||
"Failed to write '%s' to '%s'%s: %m",
|
||||
action, filename, ignore ? ", ignoring" : "");
|
||||
if (IN_SET(r, -EACCES, -ENODEV, -EROFS))
|
||||
if (IN_SET(r, -EACCES, -EROFS))
|
||||
/* Inovoked by unpriviledged user, or read only filesystem. Return earlier. */
|
||||
return r;
|
||||
if (ret == 0 && !ignore)
|
||||
|
|
|
|||
Loading…
Reference in New Issue