Let's say "uki" rather than "stub", since that is just too generic, and
we shouldn't limit us to our own stub anyway, but generally define a
concept of a "measured UKI", which is a UKI that measures its part to
PCR 11.
This is mostly preparation for exposing this check to the user via
ConditionSecurity=.
This also adds an ignore list, which currently contains the whole API as of
version 250, since that's the base we used for dbus interfaces.
See d9d2d16aea
Build targets should have a link dependency on the version scripts they
use. This also uses absolute paths in anticipation for meson 1.3
needlessly deprecating file to string conversions.
...
uint8_t c;
struct trie_node *child;
for (p = 0; (c = trie->strings->buf[node->prefix_off + p]); p++) {
_cleanup_free_ struct trie_node *new_child = NULL;
_cleanup_free_ char *s = NULL;
ssize_t off;
if (c == search[i + p])
continue;
...
When '®' is present in search, c is 194, search[i + p] is -62, c is not equal to search[i + p], but c should be equal to search[i + p].
We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE
to what the service manager allows us, which is quite a lot these days.
udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus
ensuring that forked off processes get their RLIMIT_NOFILE soft limit
reset to 1K for compat with crappy old select().
Replaces: #29298Fixes: #28583
service_restart_usec_next() is also called when querying
'RestartUSecNext' dbus property. Let's avoid the redundant
logging triggered every time user does a 'systemctl status'.
So, unfortunately oomd uses "io.system." rather than "io.systemd." as
prefix for its sockets. This is a mistake, and doesn't match the
Varlink interface naming or anything else in oomd.
hence, let's fix that.
Given that this is an internal protocol between PID1 and oomd let's
simply change this without retaining compat.
Let's move setting of O_NONBLOCK into varlink_server_listen_fd() and out
of varlink_server_create_listen_fd_socket(). The latter has two callers:
varlink_server_listen_fd() and varlink_server_listen_address(), which
guarantees O_CLOEXEC+O_NONBLOCK anyway, hence no neet to repeat the
logic.
