The rule is changed from "put in basic unless there's a reason not to" to "put
in shared unless there's a reason not to", to match the change done in previous
commit. This minimizes libbasic. See previous commit for the reasons why this
is useful.
Previously, the guideline was based on whether the files in question use
"publicly exported APIs". This distinction is not particularly relevant. Let's
consider all other programs we compile: most of them use "publicly exported
APIs", usually linking to libsystemd-shared.so for the actual code. But those
programs are not forced to be in src/basic, and the distinction whether they
happen to use 'sd-*.h' or not is of no importance. The same is true for files
in src/shared/. If we didn't have publicly exported shared objects, we'd put
everything in libsystemd-shared.so. So let's only move things out of it that we
need to. Previous guideline was not "wrong", in the sense that it created *a*
split that was functional (no code in src/shared was required in the publicly
exported shared objects), but it put more files in basic/ then necessary.
Not much changes in practice, because (as previous commit shows), moving files
between libbasic.a and libsystemd-shared.so mostly just changes compilation
order.
The list of components which cannot use libsystemd-shared.so is adjusted.
The existing text already said "See below regarding a recommended
vocabulary for boot loader entry identifiers.", but the section for it
was still missing. Let's fill in the missing bits, and describe basic
suggested rules for the boot menu entry identifier vocabulary, in
particular how to identify Windows and MacOS X installations, and how to
name automatic entries vs. explicitly configured ones.
This basically follows the logic implemented in sd-boot these days.
A couple of changes:
1. Clearly name the drop-in entry files "Type #1", and the unified
kernel images "Type #2", and be clearer that the latter is specific
to UEFI.
2. Suffix all directory paths with a trailing "/" to clarify that these
are directories. Also, enclose them all in ``.
3. Add introductory paragraph that explains that there is Type #1 and
Type #2 and what they are about.
4. Explain that Type #2 is about signed UEFI SecureBoot.
5. Don't claim that $BOOT/loader/ contains really all files defined by
the spec, because that's not true, Type #2 images are not located there
after all.
Fixes: #10399
Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for
services. If provided, these values get passed to the journald
client context, and those values are used in the rate limiting
function in the journal over the the journald.conf values.
Part of #10230
When the root account is locked sulogin will either inform you of
this and not allow you in or if --force is used it will hand
you passwordless root (if using a recent enough version of util-linux).
Not being allowed a shell is ofcourse inconvenient, but at the same
time handing out passwordless root unconditionally is probably not
a good idea everywhere.
This patch thus allows to control which behaviour you want by
setting the SYSTEMD_SULOGIN_FORCE environment variable to true
or false to control the behaviour, eg. via adding this to
'systemctl edit rescue.service' (or emergency.service):
[Service]
Environment=SYSTEMD_SULOGIN_FORCE=1
Distributions who used locked root accounts and want the passwordless
behaviour could thus simply drop in the override file in
/etc/systemd/system/rescue.service.d/override.conf
Fixes: #7115
Addresses: https://bugs.debian.org/802211
