β΅ I write software. β΅
Joined: 2022-10-28
ββββ
2024-11-25 pid_eins β 1#οΈ 1π¬ β RE: Man2Dev
@Man2Dev Once the series is complete for v257 I plan to do a blog story linking them all. I did that for v256 already. I do not intent to copy the content though, i think that's better kept on [β¦]
2024-11-25 pid_eins β edited β 1π¬ β RE: pid_eins
Except that starting with v257 they actually don't have to differ anymore: there's a new modifier to tmpfiles.d/ line types C and L: if suffixed with "?" then the lines are conditionalized on [β¦]
2024-11-25 pid_eins β edited β 2π 2π¬ β RE: pid_eins
β¦that shall be placed in /etc/ (and elsewhere) during early boot.
Tools such as everyone's favourite secure image builder mkosi (github.com/systemd/mkosi) integrate nicely with tmpfiles.d/ to [β¦]
2024-11-25 pid_eins β 1π¬ β RE: pid_eins
Now, of course the best outcome would be if these components would simply be fixed to support the hermetic /usr/ model, and not require those files in /etc/.
But of course the world is not [β¦]
2024-11-25 pid_eins β edited β 1π¬ β RE: pid_eins
β¦already ready to run in a hermetic /usr/ model, higher level applications are often not written that way. For example instead of falling back to good built-in defaults if no configuration file [β¦]
2024-11-25 pid_eins β edited β 1π¬ β RE: pid_eins
β¦be created during early boot, so that the various basic directories and files applications expect to exist are properly created.
One key component of the boot process responsible for making [β¦]
2024-11-25 pid_eins β edited β 1#οΈ 1π¬
1οΈβ£8οΈβ£ Here's the 18th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
With the systemd project we are trying to push distributions to adopt a "Hermetic [β¦]
ββββ
2024-11-23 pid_eins β 1π€ β RE: ?
@niklauzg i tagged all v257 posts like this now.
ββββ
2024-11-22 pid_eins β 1π¬ β RE: mripard
@mripard yes /etc/credstore can be used.
2024-11-22 pid_eins β 1π€ β RE: ?
@niklauzg you want me to edit all old stories like that? I am a lazy person, that's a lot of work...
2024-11-22 pid_eins β 1π¬ β RE: pid_eins
But that got fixed in the kernel a while back. And thus with v257 we decided to drop the special casing again. So from now on all applicable predictable network interface names are applied by [β¦]
2024-11-22 pid_eins β edited β 1π¬ β RE: pid_eins
That was because in some situations MAC addresses can get "inherited" from one device to another. (Thus allowing multiple interfaces with the same mac.) Now, the kernel actually allowed to mark [β¦]
2024-11-22 pid_eins β 1π¬ β RE: pid_eins
Since a while systemd would always follow that policy for the primary name, and then add all other candidate names as alternative names to the interfaces too.
That way, you can use all [β¦]
2024-11-22 pid_eins β edited β 1π¬ β RE: pid_eins
β¦named the same way for the lifetime of the system. Different definitions of "same" exist, i.e. some people prefer if the very same physical device always carries the same name (in which case [β¦]
2024-11-22 pid_eins β edited β 1#οΈ 1π¬
1οΈβ£7οΈβ£ Here's the 17th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
Linux network interfaces since a longer time have not just a primary name, but [β¦]
ββββ
2024-11-21 pid_eins β 1π¬ β RE: lkundrak
@lkundrak systemd's userdb stuff is purely read-only. It's not a suer manager. It just allows you to look up/enumerate user and group records.
AccountsService is different: it wraps [β¦]
2024-11-21 pid_eins β 1π¬ β RE: jmarion
@jmarion you mean my blog? i'll probably do a post eventually with links to these mastodon posts. but frankly i find the interactivity/commenting that mastodon offers a lot more attractive than [β¦]
2024-11-21 pid_eins β 1π¬ β RE: pid_eins
And that's all for now.
2024-11-21 pid_eins β 1π¬ β RE: pid_eins
Moreover it will do Levenshtein string distance based searching so that minor typos are allowed.
Currently this kind of filtering is done client side. But the infrastructure added for this is [β¦]
2024-11-21 pid_eins β 1π¬ β RE: pid_eins
β¦ users and so on. For example if you only want to see regular users you can just type "userdbctl -RB" now.
There's also filtering by UID range (wich is very handy to search for [β¦]
2024-11-21 pid_eins β 1π 1π¬ β RE: pid_eins
β¦ can be integrated with other components too, both as a provider and a consumer of such records.
For more details about these user records see the docs:
[β¦]
2024-11-21 pid_eins β edited β 1#οΈ 3π¬
1οΈβ£6οΈβ£ Here's the 16th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
Since systemd v245 there's the "userdb" subsystem in systemd. It's a modernized [β¦]
ββββ
2024-11-20 pid_eins β 1π€ β RE: ?
@grawity people are looking into this, but so far no code ready I was aware of.
(oh and I hear that sooner or later an XDG desktop portal will show up that opens this up via flatpak, too)
2024-11-20 pid_eins β RE: pid_eins
they typically installed udev rules that opened up access to the devices for any unprivileged user, thus throwing security out of the window, and allowing any code on your system to read all [β¦]
2024-11-20 pid_eins β 1π¬ β RE: pid_eins
This requires a really new kernel (6.12) but works mostly the same as the regular evdev access: an application asks logind for access to a hidraw device, for which it then will receive an open [β¦]
2024-11-20 pid_eins β 1π¬ β RE: pid_eins
This has been supported for a longer time for DRM, and regular Linux event subsystem devices. But there are various input devices that applications typically use a differen interface for: the [β¦]
2024-11-20 pid_eins β edited β 1#οΈ 2π¬
1οΈβ£5οΈβ£ Here's the 15th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
systemd-logind manages interactive user logins. It implements switching between [β¦]
ββββ
2024-11-19 pid_eins β 1π€ β RE: pid_eins
@niklauzg That said, it's not perfect yet. If you want to do all this right now you need some manual steps still. i.e. there's still some automatic glue missing that you can drop an add-on on a [β¦]
2024-11-19 pid_eins β 1π€ 1π¬ β RE: ?
@niklauzg Yes, it will show up in PCR 4 and possibly others.
If you bind FDE to your PCRs, you need a good prediction engine that can deal with that, for example systemd-pcrlock, which will [β¦]
ββββ
ββββ
