Lennart Poettering
Lennart Poettering
how does your /etc/nsswitch.conf actually look like? i.e. it must say: ``` group: compat [SUCCESS=merge] systemd ``` or something like that. i.e. the `[SUCCESS=merge]` thing is key.
Anyway, the two last commits look good to me. But I don't understand the renaming at all I must say. I don't understand the reasoning and I particularly dislike that...
So I figure mkdir_safe() should be reworked to first to chase_symlinks_and_open() with O_DIRECTORY on the parent dir of the specified path. It should then create the dir with open_mkdir_at(), and...
This code was originally added by @msekletar in 16115b0a7b7cdf08fb38084d857d572d8a9088dc @msekletar any comment?
(this will need review from some selinux folks really, i don't grok the effect of this)
> ```diff > + exec_context = SERVICE(service)->exec_context.selinux_context; > + if (exec_context) { > + *ret = strdup(exec_context); > + return *ret ? 0 : -ENOMEM; > + } > ```...
@hifilove that patch doesn't look right to me. The BSD lock is suppsoed to be taken of the *main* block device, not the partition device. Usually you'll call mke2fs on...
As mentioned elsewhere, the udev logic blocks out the whole device since when probing a partition fs we tend to also look in the whole block device to acquire partition...
So given that systemd upstream now supports auto-enrolling of keys, I guess we could simply copy the secure boot key form mkosi.secureboot.crt into the ESP at the right place, and...
Hmm, so there are two approaches here: 1. first approach: implement this in sd-boot (what I had in mind in #23347): i.e. instead of just invoking the EFI binary, decompress...