Lennart Poettering

I prepped #40048 now, which should address the CI issues, I think. But the issues on real-life hw are different, but we cannot do anything about that without logs. @qwertviop...

Hmm, I was thinking of adding a new PE section `.uname` that contains the `uname -r` string to unified kernels. We could use this here as a generic (i.e. systemd-stub...

The .uname PE section has been around for a long time now in our tools. No idea about the shim side of things.

would love to see an update here. we started to disable libseccomp filtering in some systemd services now, because we want open_tree_attr(). for example see this: https://github.com/systemd/systemd/pull/39144/files

may i suggest splitting this into three prs? one with the refactorings, one with the new helpers, and then finally the actually new code that hooks things up with the...

iirc there's now some explicit cgroup bpf points for bind() and connect()... we should use those.

I'd prefer if "[bootctl: rework setting of menu timeout variables](https://github.com/systemd/systemd/pull/39842/commits/d4dc997eea7ee29a8f07f5e7c0f95dbf07f34eaa)" maybe is delayed until next release, given that not trivial (and i suggested some non-trivial changes), but the other stuff...

How precisely are you even measuring memory use? rss is not a useful memory leak measurement metric. Note that the glibc allocator does not return memory to the OS when...

As discussed in that document, UIDs outside of the 16bit range are somewhat problematic, because they make it harder to use them inside of a container, under the assumption that...

I think the best way out would be if the document would define a separate UID range for network/sssd/IPA style setups, to cover for these cases, and assign that to...