Merge pull request #17855 from poettering/more-socktops

socket-util: some helpers for various sockopts
systemd-nspawn: Allow setting ambient capability set
2025-09-27 07:44:45 +02:00 · 2020-12-07 21:15:28 +00:00 · 2020-12-07 19:56:59 +01:00 · 2020-12-07 19:56:13 +01:00 · 2020-12-07 19:46:02 +01:00 · 2020-12-07 13:46:35 +01:00
18 changed files with 289 additions and 199 deletions
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -1002,7 +1002,11 @@
        If the special value <literal>all</literal> is passed, all capabilities are retained.</para>

        <para>If the special value of <literal>help</literal> is passed, the program will print known
-        capability names and exit.</para></listitem>
+        capability names and exit.</para>
+
+        <para>This option sets the bounding set of capabilities which
+        also limits the ambient capabilities as given with the
+        <option>--ambient-capability=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
@ -1014,7 +1018,32 @@
        above).</para>

        <para>If the special value of <literal>help</literal> is passed, the program will print known
-        capability names and exit.</para></listitem>
+        capability names and exit.</para>
+
+        <para>This option sets the bounding set of capabilities which
+        also limits the ambient capabilities as given with the
+        <option>--ambient-capability=</option>.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--ambient-capability=</option></term>
+
+        <listitem><para>Specify one or more additional capabilities to
+        pass in the inheritable and ambient set to the program started
+        within the container. The value <literal>all</literal> is not
+        supported for this setting.</para>
+
+        <para>All capabilities specified here must be in the set
+        allowed with the <option>--capability=</option> and
+        <option>--drop-capability=</option> options. Otherwise, an
+        error message will be shown.</para>
+
+        <para>This option cannot be combined with the boot mode of the
+        container (as requested via <option>--boot</option>).</para>
+
+        <para>If the special value of <literal>help</literal> is
+        passed, the program will print known capability names and
+        exit.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@ -190,7 +190,34 @@
        <filename>/run/system/nspawn/</filename> (see above). On the
        other hand, <varname>DropCapability=</varname> takes effect in
        all cases. If the special value <literal>all</literal> is passed, all
-        capabilities are retained (or dropped).</para></listitem>
+        capabilities are retained (or dropped).</para>
+        <para>These settings change the bounding set of capabilities which
+        also limits the ambient capabilities as given with the
+        <varname>AmbientCapability=</varname>.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>AmbientCapability=</varname></term>
+        <listitem><para>Takes a space-separated list of Linux process
+        capabilities (see
+        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+        for details). The <varname>AmbientCapability=</varname> setting
+        specifies capability which will be passed to to started program
+        in the inheritable and ambient capability sets. This will grant
+        these capabilities to this process. This setting correspond to
+        the <option>--ambient-capability=</option> command line switch.
+        </para>
+
+        <para>The value <literal>all</literal> is not supported for this
+        setting.</para>
+
+        <para>The setting of <varname>AmbientCapability=</varname> must
+        be covered by the bounding set settings which were established by
+        <varname>Capability=</varname> and <varname>DropCapability=</varname>.
+        </para>
+
+        <para>Note that <varname>AmbientCapability=</varname> is a privileged
+        setting (see above).</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/meson.build
+++ b/meson.build
@ -1460,6 +1460,7 @@ foreach term : ['analyze',
                'ima',
                'initrd',
                'compat-mutable-uid-boundaries',
+                'nscd',
                'ldconfig',
                'localed',
                'logind',
@ -3763,6 +3764,7 @@ foreach tuple : [
        ['idn'],
        ['initrd'],
        ['compat-mutable-uid-boundaries'],
+        ['nscd'],
        ['libidn2'],
        ['libidn'],
        ['libiptc'],
--- a/meson_options.txt
+++ b/meson_options.txt
@ -44,6 +44,8 @@ option('initrd', type : 'boolean',
       description : 'install services for use when running systemd in initrd')
 option('compat-mutable-uid-boundaries', type : 'boolean', value : 'false',
       description : 'look at uid boundaries in /etc/login.defs for compatibility')
+option('nscd', type : 'boolean',
+       description : 'build support for flushing of the nscd caches')

 option('quotaon-path', type : 'string', description : 'path to quotaon')
 option('quotacheck-path', type : 'string', description : 'path to quotacheck')
--- a/po/tr.po
+++ b/po/tr.po
@ -5,21 +5,21 @@
 # Gökhan Gurbetoğlu <ggurbet@gmail.com>, 2015.
 # Oğuz Ersen <oguzersen@protonmail.com>, 2020.
 # Muhammet Kara <muhammetk@gmail.com>, 2015-2020.
-#
 msgid ""
 msgstr ""
 "Project-Id-Version: systemd master\n"
 "Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
 "POT-Creation-Date: 2020-09-27 03:31+0000\n"
-"PO-Revision-Date: 2020-11-01 15:10+0300\n"
-"Last-Translator: Muhammet Kara <muhammetk@gmail.com>\n"
-"Language-Team: Turkish <gnometurk@gnome.org>\n"
+"PO-Revision-Date: 2020-11-28 13:35+0000\n"
+"Last-Translator: Oğuz Ersen <oguzersen@protonmail.com>\n"
+"Language-Team: Turkish <https://translate.fedoraproject.org/projects/systemd/"
+"master/tr/>\n"
 "Language: tr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
-"X-Generator: Gtranslator 3.38.0\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Weblate 4.3.2\n"

 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@ -323,22 +323,18 @@ msgstr ""
 "kimlik doğrulaması gereklidir."

 #: src/login/org.freedesktop.login1.policy:117
-#, fuzzy
-#| msgid "Allow applications to inhibit system handling of the power key"
 msgid "Allow applications to inhibit system handling of the reboot key"
-msgstr "Uygulamaların sistemin güç tuşunun kullanımını engellemesine izin ver"
+msgstr ""
+"Uygulamaların sistemin yeniden başlatma tuşunun kullanımını engellemesine "
+"izin ver"

 #: src/login/org.freedesktop.login1.policy:118
-#, fuzzy
-#| msgid ""
-#| "Authentication is required for an application to inhibit system handling "
-#| "of the power key."
 msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the reboot key."
 msgstr ""
-"Bir uygulamanın sistemin güç tuşunu idare etmesine engel olması için kimlik "
-"doğrulaması gereklidir."
+"Bir uygulamanın sistemin yeniden başlatma tuşunu idare etmesine engel olması "
+"için kimlik doğrulaması gereklidir."

 #: src/login/org.freedesktop.login1.policy:128
 msgid "Allow non-logged-in user to run programs"
@ -385,7 +381,7 @@ msgstr "Sistemi kapat"

 #: src/login/org.freedesktop.login1.policy:170
 msgid "Authentication is required to power off the system."
-msgstr "Sistemi kapatmak için kimlik doğrulaması gerekiyor."
+msgstr "Sistemi kapatmak için kimlik doğrulaması gereklidir."

 #: src/login/org.freedesktop.login1.policy:180
 msgid "Power off the system while other users are logged in"
@ -468,16 +464,12 @@ msgid "Halt the system while an application is inhibiting this"
 msgstr "Bir uygulama engellenmesini isterken sistemi durdur"

 #: src/login/org.freedesktop.login1.policy:258
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to hibernate the system while an application "
-#| "is inhibiting this."
 msgid ""
 "Authentication is required to halt the system while an application is "
 "inhibiting this."
 msgstr ""
-"Bir uygulama engellenmesini isterken sistemi hazırda bekletmek kimlik "
-"doğrulaması gerektiriyor."
+"Bir uygulama engellenmesini isterken sistemi durdurmak kimlik doğrulaması "
+"gerektiriyor."

 #: src/login/org.freedesktop.login1.policy:268
 msgid "Suspend the system"
@ -565,20 +557,17 @@ msgstr ""

 #: src/login/org.freedesktop.login1.policy:352
 msgid "Set the reboot \"reason\" in the kernel"
-msgstr ""
+msgstr "Çekirdekte yeniden başlatma \"nedenini\" ayarla"

 #: src/login/org.freedesktop.login1.policy:353
-#, fuzzy
-#| msgid "Authentication is required to set the system timezone."
 msgid "Authentication is required to set the reboot \"reason\" in the kernel."
-msgstr "Sistem zaman dilimini ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr ""
+"Çekirdekte yeniden başlatma \"nedenini\" ayarlamak kimlik doğrulaması "
+"gerektiriyor."

 #: src/login/org.freedesktop.login1.policy:363
-#, fuzzy
-#| msgid "Allow indication to the firmware to boot to setup interface"
 msgid "Indicate to the firmware to boot to setup interface"
-msgstr ""
-"Kurulum arayüzünü önyüklemek için ürün yazılımının belirtilmesine izin ver"
+msgstr "Ürün yazılımına kurulum arayüzüne önyükleme yapmasını belirt"

 #: src/login/org.freedesktop.login1.policy:364
 msgid ""
@ -590,34 +579,26 @@ msgstr ""

 #: src/login/org.freedesktop.login1.policy:374
 msgid "Indicate to the boot loader to boot to the boot loader menu"
-msgstr ""
+msgstr "Önyükleyiciye önyükleyici menüsünü başlatmasını belirt"

 #: src/login/org.freedesktop.login1.policy:375
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to indicate to the firmware to boot to setup "
-#| "interface."
 msgid ""
 "Authentication is required to indicate to the boot loader to boot to the "
 "boot loader menu."
 msgstr ""
-"Kurulum arayüzünü önyüklemek için ürün yazılımının belirtilmesi için kimlik "
+"Önyükleyiciye önyükleyici menüsünü başlatmasını belirtmek için kimlik "
 "doğrulaması gereklidir."

 #: src/login/org.freedesktop.login1.policy:385
 msgid "Indicate to the boot loader to boot a specific entry"
-msgstr ""
+msgstr "Önyükleyiciye belirli bir girdiye önyükleme yapmasını belirt"

 #: src/login/org.freedesktop.login1.policy:386
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to indicate to the firmware to boot to setup "
-#| "interface."
 msgid ""
 "Authentication is required to indicate to the boot loader to boot into a "
 "specific boot loader entry."
 msgstr ""
-"Kurulum arayüzünü önyüklemek için ürün yazılımının belirtilmesi için kimlik "
+"Önyükleyiciye belirli bir girdiye önyükleme yapmasını belirtmek için kimlik "
 "doğrulaması gereklidir."

 #: src/login/org.freedesktop.login1.policy:396
@ -720,10 +701,8 @@ msgid "Set NTP servers"
 msgstr "NTP sunucularını ayarla"

 #: src/network/org.freedesktop.network1.policy:23
-#, fuzzy
-#| msgid "Authentication is required to set the system time."
 msgid "Authentication is required to set NTP servers."
-msgstr "Sistem zamanını ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr "NTP sunucularını ayarlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:33
 #: src/resolve/org.freedesktop.resolve1.policy:44
@ -733,10 +712,8 @@ msgstr "DNS sunucularını ayarla"

 #: src/network/org.freedesktop.network1.policy:34
 #: src/resolve/org.freedesktop.resolve1.policy:45
-#, fuzzy
-#| msgid "Authentication is required to register a DNS-SD service"
 msgid "Authentication is required to set DNS servers."
-msgstr "Bir DNS-SD hizmeti kaydetmek için kimlik doğrulaması gereklidir"
+msgstr "DNS sunucularını ayarlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:44
 #: src/resolve/org.freedesktop.resolve1.policy:55
@ -745,10 +722,8 @@ msgstr "Etki alanlarını ayarla"

 #: src/network/org.freedesktop.network1.policy:45
 #: src/resolve/org.freedesktop.resolve1.policy:56
-#, fuzzy
-#| msgid "Authentication is required to stop '$(unit)'."
 msgid "Authentication is required to set domains."
-msgstr "'$(unit)' durdurmak için kimlik doğrulaması gereklidir."
+msgstr "Etki alanlarını ayarlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:55
 #: src/resolve/org.freedesktop.resolve1.policy:66
@ -757,10 +732,8 @@ msgstr "Öntanımlı rota belirle"

 #: src/network/org.freedesktop.network1.policy:56
 #: src/resolve/org.freedesktop.resolve1.policy:67
-#, fuzzy
-#| msgid "Authentication is required to set the local hostname."
 msgid "Authentication is required to set default route."
-msgstr "Yerel makine adını ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr "Öntanımlı rotayı ayarlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:66
 #: src/resolve/org.freedesktop.resolve1.policy:77
@ -769,118 +742,106 @@ msgstr "LLMNR etkinleştir/devre dışı bırak"

 #: src/network/org.freedesktop.network1.policy:67
 #: src/resolve/org.freedesktop.resolve1.policy:78
-#, fuzzy
-#| msgid "Authentication is required to hibernate the system."
 msgid "Authentication is required to enable or disable LLMNR."
-msgstr "Sistemi hazırda bekletmek kimlik doğrulaması gerektiriyor."
+msgstr ""
+"LLMNR etkinleştirmek veya devre dışı bırakmak için kimlik doğrulaması "
+"gereklidir."

 #: src/network/org.freedesktop.network1.policy:77
 #: src/resolve/org.freedesktop.resolve1.policy:88
 msgid "Enable/disable multicast DNS"
-msgstr ""
+msgstr "Çoklu yayın DNS'i etkinleştir/devre dışı bırak"

 #: src/network/org.freedesktop.network1.policy:78
 #: src/resolve/org.freedesktop.resolve1.policy:89
-#, fuzzy
-#| msgid "Authentication is required to get product UUID."
 msgid "Authentication is required to enable or disable multicast DNS."
-msgstr "Ürün UUID'ini almak için kimlik doğrulaması gereklidir."
+msgstr ""
+"Çoklu yayın DNS'i etkinleştirmek veya devre dışı bırakmak için kimlik "
+"doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:88
 #: src/resolve/org.freedesktop.resolve1.policy:99
 msgid "Enable/disable DNS over TLS"
-msgstr ""
+msgstr "TLS üzerinden DNS'i etkinleştir/devre dışı bırak"

 #: src/network/org.freedesktop.network1.policy:89
 #: src/resolve/org.freedesktop.resolve1.policy:100
-#, fuzzy
-#| msgid "Authentication is required to register a DNS-SD service"
 msgid "Authentication is required to enable or disable DNS over TLS."
-msgstr "Bir DNS-SD hizmeti kaydetmek için kimlik doğrulaması gereklidir"
+msgstr ""
+"TLS üzerinden DNS'i etkinleştirmek veya devre dışı bırakmak için kimlik "
+"doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:99
 #: src/resolve/org.freedesktop.resolve1.policy:110
 msgid "Enable/disable DNSSEC"
-msgstr ""
+msgstr "DNSSEC etkinleştir/devre dışı bırak"

 #: src/network/org.freedesktop.network1.policy:100
 #: src/resolve/org.freedesktop.resolve1.policy:111
-#, fuzzy
-#| msgid "Authentication is required to hibernate the system."
 msgid "Authentication is required to enable or disable DNSSEC."
-msgstr "Sistemi hazırda bekletmek kimlik doğrulaması gerektiriyor."
+msgstr ""
+"DNSSEC etkinleştirmek veya devre dışı bırakmak için kimlik doğrulaması "
+"gereklidir."

 #: src/network/org.freedesktop.network1.policy:110
 #: src/resolve/org.freedesktop.resolve1.policy:121
 msgid "Set DNSSEC Negative Trust Anchors"
-msgstr ""
+msgstr "DNSSEC Negatif Güven Bağlantılarını Ayarla"

 #: src/network/org.freedesktop.network1.policy:111
 #: src/resolve/org.freedesktop.resolve1.policy:122
-#, fuzzy
-#| msgid "Authentication is required to set the system locale."
 msgid "Authentication is required to set DNSSEC Negative Trust Anchors."
-msgstr "Sistem yerelini ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr ""
+"DNSSEC Negatif Güven Bağlantılarını ayarlamak için kimlik doğrulaması "
+"gereklidir."

 #: src/network/org.freedesktop.network1.policy:121
 msgid "Revert NTP settings"
-msgstr ""
+msgstr "NTP ayarlarını geri al"

 #: src/network/org.freedesktop.network1.policy:122
-#, fuzzy
-#| msgid "Authentication is required to set the system time."
 msgid "Authentication is required to reset NTP settings."
-msgstr "Sistem zamanını ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr "NTP ayarlarını sıfırlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:132
 msgid "Revert DNS settings"
-msgstr ""
+msgstr "DNS ayarlarını geri al"

 #: src/network/org.freedesktop.network1.policy:133
-#, fuzzy
-#| msgid "Authentication is required to set the system time."
 msgid "Authentication is required to reset DNS settings."
-msgstr "Sistem zamanını ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr "DNS ayarlarını sıfırlamak için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr ""
+msgstr "DHCP sunucusu zorunlu yenileme mesajı gönderiyor"

 #: src/network/org.freedesktop.network1.policy:144
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "Duvar mesajı ayarlamak için kimlik doğrulaması gereklidir"
+msgstr "Zorunlu yenileme mesajı göndermek için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
 msgstr "Dinamik adresleri yenile"

 #: src/network/org.freedesktop.network1.policy:155
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to renew dynamic addresses."
-msgstr "Duvar mesajı ayarlamak için kimlik doğrulaması gereklidir"
+msgstr "Dinamik adresleri yenilemek için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:165
 msgid "Reload network settings"
 msgstr "Ağ ayarlarını yeniden yükle"

 #: src/network/org.freedesktop.network1.policy:166
-#, fuzzy
-#| msgid "Authentication is required to reload the systemd state."
 msgid "Authentication is required to reload network settings."
-msgstr "systemd durumunu yeniden yüklemek kimlik doğrulaması gerektiriyor."
+msgstr "Ağ ayarlarını yeniden yüklemek için kimlik doğrulaması gereklidir."

 #: src/network/org.freedesktop.network1.policy:176
 msgid "Reconfigure network interface"
 msgstr "Ağ arabirimini yeniden yapılandır"

 #: src/network/org.freedesktop.network1.policy:177
-#, fuzzy
-#| msgid "Authentication is required to reboot the system."
 msgid "Authentication is required to reconfigure network interface."
-msgstr "Sistemi yeniden başlatmak kimlik doğrulaması gerektiriyor."
+msgstr "Ağ arayüzünü yeniden yapılandırmak için kimlik doğrulaması gereklidir."

 #: src/portable/org.freedesktop.portable1.policy:13
 msgid "Inspect a portable service image"
@ -932,13 +893,11 @@ msgstr ""

 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
-msgstr ""
+msgstr "Ad çözümleme ayarlarını geri al"

 #: src/resolve/org.freedesktop.resolve1.policy:133
-#, fuzzy
-#| msgid "Authentication is required to set the system keyboard settings."
 msgid "Authentication is required to reset name resolution settings."
-msgstr "Sistem klavye ayarlarını ayarlamak kimlik doğrulaması gerektiriyor."
+msgstr "Ad çözümleme ayarlarını sıfırlamak için kimlik doğrulaması gereklidir."

 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"
@ -1015,26 +974,19 @@ msgstr ""
 "gereklidir."

 #: src/core/dbus-unit.c:708
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
 msgstr ""
-"'$(unit)'in \"failed\" (başarısız) durumunu sıfırlamak için kimlik "
-"doğrulaması gereklidir."
+"'$(unit)' ile ilişkili dosyaları ve dizinleri silmek için kimlik doğrulaması "
+"gereklidir."

 #: src/core/dbus-unit.c:757
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to send a UNIX signal to the processes of "
-#| "'$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
 msgstr ""
-"'$(unit)' süreçlerine bir UNIX sinyali göndermek için kimlik doğrulaması "
-"gereklidir."
+"'$(unit)' biriminin işlemlerini dondurmak veya devam ettirmek için kimlik "
+"doğrulaması gereklidir."

 #~ msgid ""
 #~ "Authentication is required to halt the system while an application asked "
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@ -12,7 +12,7 @@ msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-08-19 18:02+0200\n"
-"PO-Revision-Date: 2020-11-26 11:35+0000\n"
+"PO-Revision-Date: 2020-11-28 13:35+0000\n"
 "Last-Translator: Whired Planck <fungdaat31@outlook.com>\n"
 "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/"
 "projects/systemd/master/zh_CN/>\n"
@ -178,7 +178,7 @@ msgstr "下载虚拟机或容器镜像"

 #: src/import/org.freedesktop.import1.policy:43
 msgid "Authentication is required to download a VM or container image"
-msgstr "下载虚拟机或容器镜像需要认证。"
+msgstr "下载虚拟机或容器镜像需要认证"

 #: src/locale/org.freedesktop.locale1.policy:22
 msgid "Set system locale"
@ -514,7 +514,7 @@ msgstr "设置 wall 消息"

 #: src/login/org.freedesktop.login1.policy:386
 msgid "Authentication is required to set a wall message"
-msgstr "设置 wall 消息需要认证。"
+msgstr "设置 wall 消息需要认证"

 #: src/login/org.freedesktop.login1.policy:395
 msgid "Change Session"
@ -667,147 +667,119 @@ msgstr "启用/禁用 DNSSEC"

 #: src/network/org.freedesktop.network1.policy:100
 #: src/resolve/org.freedesktop.resolve1.policy:111
-#, fuzzy
-#| msgid "Authentication is required to hibernate the system."
 msgid "Authentication is required to enable or disable DNSSEC."
-msgstr "休眠系统需要认证。"
+msgstr "启用或禁用 DNSSEC 需要认证。"

 #: src/network/org.freedesktop.network1.policy:110
 #: src/resolve/org.freedesktop.resolve1.policy:121
 msgid "Set DNSSEC Negative Trust Anchors"
-msgstr ""
+msgstr "设定 DNSSEC 负信任锚（Negative Trust Anchors）"

 #: src/network/org.freedesktop.network1.policy:111
 #: src/resolve/org.freedesktop.resolve1.policy:122
-#, fuzzy
-#| msgid "Authentication is required to set the system locale."
 msgid "Authentication is required to set DNSSEC Negative Trust Anchors."
-msgstr "设置系统区域和语言需要认证。"
+msgstr "设定 DNSSEC 负信任锚需要认证。"

 #: src/network/org.freedesktop.network1.policy:121
 msgid "Revert NTP settings"
-msgstr ""
+msgstr "重置 NTP 设置"

 #: src/network/org.freedesktop.network1.policy:122
-#, fuzzy
-#| msgid "Authentication is required to set the system time."
 msgid "Authentication is required to reset NTP settings."
-msgstr "设置系统时间需要认证。"
+msgstr "重置 NTP 设置需要认证。"

 #: src/network/org.freedesktop.network1.policy:132
 msgid "Revert DNS settings"
-msgstr ""
+msgstr "重置 DNS 设置"

 #: src/network/org.freedesktop.network1.policy:133
-#, fuzzy
-#| msgid "Authentication is required to set the system time."
 msgid "Authentication is required to reset DNS settings."
-msgstr "设置系统时间需要认证。"
+msgstr "重置 DNS 设置需要认证。"

 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr ""
+msgstr "DHCP 服务器发送强制更新消息"

 #: src/network/org.freedesktop.network1.policy:144
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "设置 wall 消息需要认证。"
+msgstr "发送强制更新消息需要认证。"

 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
-msgstr ""
+msgstr "续订动态地址"

 #: src/network/org.freedesktop.network1.policy:155
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to renew dynamic addresses."
-msgstr "设置 wall 消息需要认证。"
+msgstr "续订动态地址需要认证。"

 #: src/network/org.freedesktop.network1.policy:165
 msgid "Reload network settings"
-msgstr ""
+msgstr "重新加载网络设置"

 #: src/network/org.freedesktop.network1.policy:166
-#, fuzzy
-#| msgid "Authentication is required to reload the systemd state."
 msgid "Authentication is required to reload network settings."
-msgstr "重新载入 systemd 状态需要认证。"
+msgstr "重新加载网络设置需要认证。"

 #: src/network/org.freedesktop.network1.policy:176
 msgid "Reconfigure network interface"
-msgstr ""
+msgstr "重新配置网络接口"

 #: src/network/org.freedesktop.network1.policy:177
-#, fuzzy
-#| msgid "Authentication is required to reboot the system."
 msgid "Authentication is required to reconfigure network interface."
-msgstr "重启系统需要认证。"
+msgstr "重新配置网络接口需要认证。"

 #: src/portable/org.freedesktop.portable1.policy:13
 msgid "Inspect a portable service image"
-msgstr ""
+msgstr "检查便携式服务映像"

 #: src/portable/org.freedesktop.portable1.policy:14
-#, fuzzy
-#| msgid "Authentication is required to import a VM or container image"
 msgid "Authentication is required to inspect a portable service image."
-msgstr "导入虚拟机或容器镜像需要认证"
+msgstr "检查便携式服务映像需要认证。"

 #: src/portable/org.freedesktop.portable1.policy:23
 msgid "Attach or detach a portable service image"
-msgstr ""
+msgstr "添加或卸载便携式服务映像"

 # Pay attention to the concept of "seat".
 #
 # To fully understand the meaning, please refer to session management in old ConsoleKit and new systemd-logind.
 #: src/portable/org.freedesktop.portable1.policy:24
-#, fuzzy
-#| msgid "Authentication is required to attach a device to a seat."
 msgid ""
 "Authentication is required to attach or detach a portable service image."
-msgstr "允许将设备附加至某个会话座位需要认证。"
+msgstr "添加或卸载便携式服务映像需要认证。"

 #: src/portable/org.freedesktop.portable1.policy:34
 msgid "Delete or modify portable service image"
-msgstr ""
+msgstr "删除或修改便携式服务映像"

 #: src/portable/org.freedesktop.portable1.policy:35
-#, fuzzy
-#| msgid "Authentication is required to download a VM or container image"
 msgid ""
 "Authentication is required to delete or modify a portable service image."
-msgstr "下载虚拟机或容器镜像需要认证。"
+msgstr "删除或修改便携式服务映像需要认证。"

 #: src/resolve/org.freedesktop.resolve1.policy:22
 msgid "Register a DNS-SD service"
-msgstr ""
+msgstr "注册 DNS-SD 服务"

 #: src/resolve/org.freedesktop.resolve1.policy:23
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to register a DNS-SD service"
-msgstr "设置 wall 消息需要认证。"
+msgstr "注册 DNS-SD 服务需要认证"

 #: src/resolve/org.freedesktop.resolve1.policy:33
 msgid "Unregister a DNS-SD service"
-msgstr ""
+msgstr "取消注册 DNS-SD 服务"

 #: src/resolve/org.freedesktop.resolve1.policy:34
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to unregister a DNS-SD service"
-msgstr "设置 wall 消息需要认证。"
+msgstr "取消注册 DNS-SD 服务需要认证"

 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
-msgstr ""
+msgstr "重置名称解析设置"

 #: src/resolve/org.freedesktop.resolve1.policy:133
-#, fuzzy
-#| msgid "Authentication is required to set the system keyboard settings."
 msgid "Authentication is required to reset name resolution settings."
-msgstr "设置系统键盘需要认证。"
+msgstr "重置名称解析设置需要认证。"

 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"
@ -862,12 +834,10 @@ msgid "Authentication is required to restart '$(unit)'."
 msgstr "重新启动“$(unit)”需要认证。"

 #: src/core/dbus-unit.c:538
-#, fuzzy
-#| msgid "Authentication is required to set properties on '$(unit)'."
 msgid ""
 "Authentication is required to send a UNIX signal to the processes of "
 "'$(unit)'."
-msgstr "设置“$(unit)”的属性需要认证。"
+msgstr "发送 UNIX 信号给 '$(unit)' 进程需要认证。"

 #: src/core/dbus-unit.c:569
 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
@ -878,21 +848,15 @@ msgid "Authentication is required to set properties on '$(unit)'."
 msgstr "设置“$(unit)”的属性需要认证。"

 #: src/core/dbus-unit.c:711
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
-msgstr "重置“$(unit)”的失败（\"failed\"）状态需要认证。"
+msgstr "删除与 '$(unit)' 关联的文件和目录需要认证。"

 #: src/core/dbus-unit.c:760
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
-msgstr "重置“$(unit)”的失败（\"failed\"）状态需要认证。"
+msgstr "冻结或解冻 '$(unit)' 单元进程需要认证。"

 #~ msgid "Authentication is required to kill '$(unit)'."
 #~ msgstr "杀死“$(unit)”需要认证。"
--- a/src/basic/missing_socket.h
+++ b/src/basic/missing_socket.h
@ -67,6 +67,14 @@ struct sockaddr_vm {
 #define IPV6_FREEBIND 78
 #endif

+#ifndef IP_RECVFRAGSIZE
+#define IP_RECVFRAGSIZE 25
+#endif
+
+#ifndef IPV6_RECVFRAGSIZE
+#define IPV6_RECVFRAGSIZE 77
+#endif
+
 /* linux/sockios.h */
 #ifndef SIOCGSKNS
 #define SIOCGSKNS 0x894C
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@ -1314,3 +1314,35 @@ int socket_set_option(int fd, int af, int opt_ipv4, int opt_ipv6, int val) {
                return -EAFNOSUPPORT;
        }
 }
+
+int socket_get_mtu(int fd, int af, size_t *ret) {
+        int mtu, r;
+
+        if (af == AF_UNSPEC) {
+                r = socket_get_family(fd, &af);
+                if (r < 0)
+                        return r;
+        }
+
+        switch (af) {
+
+        case AF_INET:
+                r = getsockopt_int(fd, IPPROTO_IP, IP_MTU, &mtu);
+                break;
+
+        case AF_INET6:
+                r = getsockopt_int(fd, IPPROTO_IPV6, IPV6_MTU, &mtu);
+                break;
+
+        default:
+                return -EAFNOSUPPORT;
+        }
+
+        if (r < 0)
+                return r;
+        if (mtu <= 0)
+                return -EINVAL;
+
+        *ret = (size_t) mtu;
+        return 0;
+}
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@ -258,6 +258,19 @@ static inline int setsockopt_int(int fd, int level, int optname, int value) {
        return 0;
 }

+static inline int getsockopt_int(int fd, int level, int optname, int *ret) {
+        int v;
+        socklen_t sl = sizeof(v);
+
+        if (getsockopt(fd, level, optname, &v, &sl) < 0)
+                return -errno;
+        if (sl != sizeof(v))
+                return -EIO;
+
+        *ret = v;
+        return 0;
+}
+
 int socket_bind_to_ifname(int fd, const char *ifname);
 int socket_bind_to_ifindex(int fd, int ifindex);

@ -266,6 +279,7 @@ ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags);
 int socket_get_family(int fd, int *ret);
 int socket_set_recvpktinfo(int fd, int af, bool b);
 int socket_set_unicast_if(int fd, int af, int ifi);
+
 int socket_set_option(int fd, int af, int opt_ipv4, int opt_ipv6, int val);
 static inline int socket_set_recverr(int fd, int af, bool b) {
        return socket_set_option(fd, af, IP_RECVERR, IPV6_RECVERR, b);
@ -282,3 +296,8 @@ static inline int socket_set_freebind(int fd, int af, bool b) {
 static inline int socket_set_transparent(int fd, int af, bool b) {
        return socket_set_option(fd, af, IP_TRANSPARENT, IPV6_TRANSPARENT, b);
 }
+static inline int socket_set_recvfragsize(int fd, int af, bool b) {
+        return socket_set_option(fd, af, IP_RECVFRAGSIZE, IPV6_RECVFRAGSIZE, b);
+}
+
+int socket_get_mtu(int fd, int af, size_t *ret);
--- a/src/machine/machined-core.c
+++ b/src/machine/machined-core.c
@ -5,6 +5,7 @@
 #include "strv.h"
 #include "user-util.h"

+#if ENABLE_NSCD
 static int on_nscd_cache_flush_event(sd_event_source *s, void *userdata) {
        /* Let's ask glibc's nscd daemon to flush its caches. We request this for the three database machines may show
         * up in: the hosts database (for resolvable machine names) and the user and group databases (for the user ns
@ -35,6 +36,7 @@ int manager_enqueue_nscd_cache_flush(Manager *m) {

        return 0;
 }
+#endif

 int manager_find_machine_for_uid(Manager *m, uid_t uid, Machine **ret_machine, uid_t *ret_internal_uid) {
        Machine *machine;
--- a/src/machine/machined.c
+++ b/src/machine/machined.c
@ -83,7 +83,9 @@ static Manager* manager_unref(Manager *m) {
        hashmap_free(m->image_cache);

        sd_event_source_unref(m->image_cache_defer_event);
+#if ENABLE_NSCD
        sd_event_source_unref(m->nscd_cache_flush_event);
+#endif

        bus_verify_polkit_async_registry_free(m->polkit_registry);

--- a/src/machine/machined.h
+++ b/src/machine/machined.h
@ -36,7 +36,9 @@ struct Manager {
        LIST_HEAD(Operation, operations);
        unsigned n_operations;

+#if ENABLE_NSCD
        sd_event_source *nscd_cache_flush_event;
+#endif

        VarlinkServer *varlink_server;
 };
@ -57,7 +59,11 @@ int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error);
 int manager_unit_is_active(Manager *manager, const char *unit);
 int manager_job_is_active(Manager *manager, const char *path);

+#if ENABLE_NSCD
 int manager_enqueue_nscd_cache_flush(Manager *m);
+#else
+static inline void manager_enqueue_nscd_cache_flush(Manager *m) {}
+#endif

 int manager_find_machine_for_uid(Manager *m, uid_t host_uid, Machine **ret_machine, uid_t *ret_internal_uid);
 int manager_find_machine_for_gid(Manager *m, gid_t host_gid, Machine **ret_machine, gid_t *ret_internal_gid);
--- a/src/nspawn/nspawn-gperf.gperf
+++ b/src/nspawn/nspawn-gperf.gperf
@ -25,6 +25,7 @@ Exec.Parameters,              config_parse_strv,           0,                 of
 Exec.Environment,             config_parse_strv,           0,                 offsetof(Settings, environment)
 Exec.User,                    config_parse_string,         0,                 offsetof(Settings, user)
 Exec.Capability,              config_parse_capability,     0,                 offsetof(Settings, capability)
+Exec.AmbientCapability,       config_parse_capability,     0,                 offsetof(Settings, ambient_capability)
 Exec.DropCapability,          config_parse_capability,     0,                 offsetof(Settings, drop_capability)
 Exec.KillSignal,              config_parse_signal,         0,                 offsetof(Settings, kill_signal)
 Exec.Personality,             config_parse_personality,    0,                 offsetof(Settings, personality)
--- a/src/nspawn/nspawn-settings.h
+++ b/src/nspawn/nspawn-settings.h
@ -157,6 +157,7 @@ typedef struct Settings {
        char *user;
        uint64_t capability;
        uint64_t drop_capability;
+        uint64_t ambient_capability;
        int kill_signal;
        unsigned long personality;
        sd_id128_t machine_id;
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -165,6 +165,7 @@ static uint64_t arg_caps_retain =
        (1ULL << CAP_SYS_PTRACE) |
        (1ULL << CAP_SYS_RESOURCE) |
        (1ULL << CAP_SYS_TTY_CONFIG);
+static uint64_t arg_caps_ambient = 0;
 static CapabilityQuintet arg_full_capabilities = CAPABILITY_QUINTET_NULL;
 static CustomMount *arg_custom_mounts = NULL;
 static size_t arg_n_custom_mounts = 0;
@ -379,6 +380,9 @@ static int help(void) {
               "     --capability=CAP       In addition to the default, retain specified\n"
               "                            capability\n"
               "     --drop-capability=CAP  Drop the specified capability from the default set\n"
+               "     --ambient-capability=CAP\n"
+               "                            Sets the specified capability for the started\n"
+               "                            process. Not useful if booting a machine.\n"
               "     --no-new-privileges    Set PR_SET_NO_NEW_PRIVS flag for container payload\n"
               "     --system-call-filter=LIST|~LIST\n"
               "                            Permit/prohibit specific system calls\n"
@ -648,6 +652,7 @@ static int parse_argv(int argc, char *argv[]) {
                ARG_UUID,
                ARG_READ_ONLY,
                ARG_CAPABILITY,
+                ARG_AMBIENT_CAPABILITY,
                ARG_DROP_CAPABILITY,
                ARG_LINK_JOURNAL,
                ARG_BIND,
@ -709,6 +714,7 @@ static int parse_argv(int argc, char *argv[]) {
                { "uuid",                   required_argument, NULL, ARG_UUID                   },
                { "read-only",              no_argument,       NULL, ARG_READ_ONLY              },
                { "capability",             required_argument, NULL, ARG_CAPABILITY             },
+                { "ambient-capability",     required_argument, NULL, ARG_AMBIENT_CAPABILITY     },
                { "drop-capability",        required_argument, NULL, ARG_DROP_CAPABILITY        },
                { "no-new-privileges",      required_argument, NULL, ARG_NO_NEW_PRIVILEGES      },
                { "link-journal",           required_argument, NULL, ARG_LINK_JOURNAL           },
@ -1018,6 +1024,15 @@ static int parse_argv(int argc, char *argv[]) {
                        arg_settings_mask |= SETTING_READ_ONLY;
                        break;

+                case ARG_AMBIENT_CAPABILITY: {
+                        uint64_t m;
+                        r = parse_capability_spec(optarg, &m);
+                        if (r <= 0)
+                                return r;
+                        arg_caps_ambient |= m;
+                        arg_settings_mask |= SETTING_CAPABILITY;
+                        break;
+                }
                case ARG_CAPABILITY:
                case ARG_DROP_CAPABILITY: {
                        uint64_t m;
@ -1760,6 +1775,17 @@ static int verify_arguments(void) {
                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--port= is not supported, compiled without libiptc support.");
 #endif

+        if (arg_caps_ambient) {
+                if (arg_caps_ambient == (uint64_t)-1)
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "AmbientCapability= does not support the value all.");
+
+                if ((arg_caps_ambient & arg_caps_retain) != arg_caps_ambient)
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "AmbientCapability= setting is not fully covered by Capability= setting.");
+
+                if (arg_start_mode == START_BOOT)
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "AmbientCapability= setting is not useful for boot mode.");
+        }
+
        r = custom_mount_check_all();
        if (r < 0)
                return r;
@ -2622,13 +2648,13 @@ static int drop_capabilities(uid_t uid) {
                        q.effective = uid == 0 ? q.bounding : 0;

                if (q.inheritable == (uint64_t) -1)
-                        q.inheritable = uid == 0 ? q.bounding : 0;
+                        q.inheritable = uid == 0 ? q.bounding : arg_caps_ambient;

                if (q.permitted == (uint64_t) -1)
-                        q.permitted = uid == 0 ? q.bounding : 0;
+                        q.permitted = uid == 0 ? q.bounding : arg_caps_ambient;

                if (q.ambient == (uint64_t) -1 && ambient_capabilities_supported())
-                        q.ambient = 0;
+                        q.ambient = arg_caps_ambient;

                if (capability_quintet_mangle(&q))
                        return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Cannot set capabilities that are not in the current bounding set.");
@ -2637,9 +2663,9 @@ static int drop_capabilities(uid_t uid) {
                q = (CapabilityQuintet) {
                        .bounding = arg_caps_retain,
                        .effective = uid == 0 ? arg_caps_retain : 0,
-                        .inheritable = uid == 0 ? arg_caps_retain : 0,
-                        .permitted = uid == 0 ? arg_caps_retain : 0,
-                        .ambient = ambient_capabilities_supported() ? 0 : (uint64_t) -1,
+                        .inheritable = uid == 0 ? arg_caps_retain : arg_caps_ambient,
+                        .permitted = uid == 0 ? arg_caps_retain : arg_caps_ambient,
+                        .ambient = ambient_capabilities_supported() ? arg_caps_ambient : (uint64_t) -1,
                };

                /* If we're not using OCI, proceed with mangled capabilities (so we don't error out)
@ -4070,6 +4096,7 @@ static int merge_settings(Settings *settings, const char *path) {
        if ((arg_settings_mask & SETTING_CAPABILITY) == 0) {
                uint64_t plus, minus;
                uint64_t network_minus = 0;
+                uint64_t ambient;

                /* Note that we copy both the simple plus/minus caps here, and the full quintet from the
                 * Settings structure */
@ -4101,6 +4128,12 @@ static int merge_settings(Settings *settings, const char *path) {
                        else
                                arg_full_capabilities = settings->full_capabilities;
                }
+
+                ambient = settings->ambient_capability;
+                if (!arg_settings_trusted && ambient != 0)
+                        log_warning("Ignoring AmbientCapability= setting, file %s is not trusted.", path);
+                else
+                        arg_caps_ambient |= ambient;
        }

        if ((arg_settings_mask & SETTING_KILL_SIGNAL) == 0 &&
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@ -173,7 +173,6 @@ shared_sources = files('''
        net-condition.h
        netif-naming-scheme.c
        netif-naming-scheme.h
-        nscd-flush.c
        nscd-flush.h
        nsflags.c
        nsflags.h
@ -308,6 +307,10 @@ if conf.get('HAVE_PAM') == 1
 '''.split())
 endif

+if conf.get('ENABLE_NSCD') == 1
+        shared_sources += files('nscd-flush.c')
+endif
+
 generate_ip_protocol_list = find_program('generate-ip-protocol-list.sh')
 ip_protocol_list_txt = custom_target(
        'ip-protocol-list.txt',
--- a/src/shared/nscd-flush.h
+++ b/src/shared/nscd-flush.h
@ -1,4 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once

+#if ENABLE_NSCD
 int nscd_flush_cache(char **databases);
+#else
+static inline void nscd_flush_cache(char **databases) {}
+#endif
--- a/src/test/meson.build
+++ b/src/test/meson.build
@ -92,17 +92,6 @@ tests += [
          libblkid],
         '', 'manual'],

-        [['src/test/test-nscd-flush.c'],
-         [libcore,
-          libshared],
-         [threads,
-          librt,
-          libseccomp,
-          libselinux,
-          libmount,
-          libblkid],
-         '', 'manual'],
-
        [['src/test/test-loopback.c'],
         [libcore,
          libshared],
@ -827,6 +816,20 @@ tests += [
         [libdl]],
 ]

+if conf.get('ENABLE_NSCD') == 1
+        tests += [
+                [['src/test/test-nscd-flush.c'],
+                 [libcore,
+                  libshared],
+                 [threads,
+                  librt,
+                  libseccomp,
+                  libselinux,
+                  libmount,
+                  libblkid],
+                 '', 'manual']]
+endif
+
 ############################################################

 # define some tests here, because the link_with deps were not defined earlier
Author	SHA1	Message	Date
Luca Boccassi	77613416e0	Merge pull request #17855 from poettering/more-socktops socket-util: some helpers for various sockopts	2020-12-07 21:15:28 +00:00
Torsten Hilbrich	88fc9c9bad	systemd-nspawn: Allow setting ambient capability set The old code was only able to pass the value 0 for the inheritable and ambient capability set when a non-root user was specified. However, sometimes it is useful to run a program in its own container with a user specification and some capabilities set. This is needed when the capabilities cannot be provided by file capabilities (because the file system is mounted with MS_NOSUID for additional security). This commit introduces the option --ambient-capability and the config file option AmbientCapability=. Both are used in a similar way to the existing Capability= setting. It changes the inheritable and ambient set (which is 0 by default). The code also checks that the settings for the bounding set (as defined by Capability= and DropCapability=) and the setting for the ambient set (as defined by AmbientCapability=) are compatible. Otherwise, the operation would fail in any way. Due to the current use of -1 to indicate no support for ambient capability set the special value "all" cannot be supported. Also, the setting of ambient capability is restricted to running a single program in the container payload.	2020-12-07 19:56:59 +01:00
Zbigniew Jędrzejewski-Szmek	bf20d93750	Merge pull request #17766 from weblate/weblate-systemd-master Translations update from Weblate	2020-12-07 19:56:13 +01:00
Zbigniew Jędrzejewski-Szmek	7e0079f95f	Make support for nscd flushing optional Fedora will deprecate support for nscd in the upcoming release [1] and plans to drop it in the next one [2]. At that point we might as well build systemd without that support too, since there'll be nothing to talk too. [1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD [2] https://fedoraproject.org/wiki/Changes/RemoveNSCD	2020-12-07 19:46:02 +01:00
Lennart Poettering	52975f8672	socket-util: add common API for querying socket MTU	2020-12-07 13:46:35 +01:00
Lennart Poettering	4e25d4cf0f	socket-util: add getsockopt_int() helper	2020-12-07 13:46:35 +01:00
Lennart Poettering	00ed2fff1a	socket-util: add sockopt helper for controlling IP_RECVFRAGSIZE	2020-12-07 13:46:35 +01:00
Whired Planck	00c5d74f9a	Translated using Weblate (Chinese (Simplified)) Currently translated at 100.0% (187 of 187 strings) Co-authored-by: Whired Planck <fungdaat31@outlook.com> Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/ Translation: systemd/master	2020-11-28 14:36:01 +01:00
Oğuz Ersen	ed72aa4954	Translated using Weblate (Turkish) Currently translated at 100.0% (189 of 189 strings) Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com> Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/tr/ Translation: systemd/master	2020-11-28 14:36:01 +01:00