not use it if it works for this stuff. It uses
DNS as local IPC. Which is pretty universal, and just works for almost
everyone.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email t
ade
attack surface is probably mostly limited to local networks.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Con
min who set
everything up right it might work, but DNSSEC on a laptop that moves
around and connects to a WLAN here, and another WLAN there and a third
WLAN over there is just a nightmare.
If the other big OSes would enable DNSSEC client-side by default
things might change, but neither Windows n
entation of the "resolvconf" tool that Debian and FreeBSD
have, not more (it does provide a command line compatible binary for
that btw). I have the strong suspicion that the same people who are
able to deploy working DNSSEC client side and are educated enough in
DNSSEC
misc.
> Probably .. because as I've pointed there are two units for that fs.
Only binfmt_misc is typically a kernel module of its own. For stuff
that is built-in it's pointless trying to avoid module loading.
Lennart
--
Lennart Poettering, Berlin
__
early owned by systemd, and
systemd-resolved will brutally overwrite them whenever it feels the
need to.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fed
0.5KB systemd unit yext file which will execute
> mount/umount commands with some exact params.
I don't think it's worth pulling in yet another package just for
calling a few ioctls, sorry.
Lennart
--
Lennart Poettering, Berlin
it feels a bit dated in style).
It's not usable for NIS stye autofs mounts, as it doesn't support
maps. Use autofs4 package if you want that.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproje
re
explicitly listed in fstab tough, unfortunately fedora does that).
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Condu
t
> necessarily takes that away, it becomes system domain. And what
> happens if a user changes the name? Is it a bad idea to stuff a copy
> of this information in an XATTR so it can be restored? The schema
> needs to account for snapshotting and rollbacks. I'm not sure how much
>
And you
> > gain immediate compat with "systemd-nspawn --image=" right-away as the
> > basic minimum, which already is great.
>
> I would love to do that now, but right now I want to make sure
> everything *works* before we jum
from git. When you switch defaults you would then just
update where the symlink points.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedor
On Mo, 13.07.20 19:07, Chris Murphy (li...@colorremedies.com) wrote:
> On Mon, Jul 13, 2020 at 12:14 PM Lennart Poettering
> wrote:
>
> > Quite frankly, I don't see why the boot loader should care about the
> > btrfs subvolume the initrd later picks at all.
>
> As
subvolumes called
"/_home." on the root fs, then it would sort them by name, and
pick the last one of it, and automatically synthesize a .mount unit
that mounts it to /home. And similar for other relevant dirs. That
way, if you want to opt into this simple logic, just name your subvols
/_
e, so that the mount hierarchry is
determined from itself, without needing an external config source such
as the kernel cmdline or fstab.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe se
more robust.
There's really no need to complicate things by pushing btrfsisms into
user-visible concepts needlessly.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...
value in allowing short kernel cmdlines that are
as similar as possible everywhere, instead of blowing it up with
different switches for every single case.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproje
> entries overwrite the existing Fedora installation? Or fix it to have
> > 2 separate entries after the fact?
>
>
> It's possible but has challenges. Separate ESP's you'll need to
> either
Thou shallt not have multiple ESPs per disk. See:
https://news.ycombinator
en you can easily make it happen, just by dropping
in their driver files, and things will just work.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproj
re asking for. Android uses dm-verity, if I remember correctly.
EFI SecureBoot uses PE signed executables.
> Less complexity in the boot chain, mainly. But the EFI drivers would
> need to be signed by MS, I think? That would massively complicate
> things.
Could use SHIM like everyt
the
> kernel we're using to boot a rollback, has modules available on the
> rolledback /usr. That does not need to be done with Btrfs, even
> though
You are just reimplementing OSTree/Atomic/FedoraCoreOS with that...
Lennart
--
Lennart Poettering, Berlin
___
arently just a troll and this is the point
where I will now ignore you.
Just stop being so awful and dismissive, this is not constructive.
Thank you,
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To u
they
make sense and that helps.
i.e. PRs against this file:
https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
Thank you,
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To
s/initrds from too, to make things simple, i.e. reuse the
existing storage stack you cannot avoid anyway.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fed
efer if the firmware would
natively implement the boot loader spec and we wouldn't have to have
sd-boot around at all. Such a scheme would be fantastic actually, as
it would remove so many variables from the stack.
sd-boot exists only to add the minimum on top of EFI to make the
On Sa, 04.07.20 11:39, Mauricio Tavares (raubvo...@gmail.com) wrote:
> On Sat, Jul 4, 2020 at 11:30 AM Lennart Poettering
> wrote:
> >
> > On Mi, 01.07.20 22:10, Neal Gompa (ngomp...@gmail.com) wrote:
> >
> > > This could still work. But you really shouldn'
pretend-Linux-compatible storage stack out
of your boot loader.
TLDR: boot loader should be simpler and not needlessly reimplement LVM
and xfs. If there's "bloat" here anywhere, it's probably these
reimplementations of LVM and xfs, but not in sd-boot that avoids all
that.
Lennart
--
hat, it has little UI, has a lot
of automatism, little configuration, and a lot of integration, so that
you drive it from the OS, and as little possible have to interface
with its own UI as you can. If you want to reboot into Windows then
you tell sd-boot so when shutting down, i.e. in the
boot but good point I'll add a test case
> > for that and check if it's not working.
>
> Is that with self enrolled keys or is it now signed with the MS keys
> through the official process?
It's up to the distro to sign it, it supports the shim though.
Lenn
f systemd-boot was proposed by some GNOME
designers back in the day. We just implemented what they wanted.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fed
Boot.
You are just spreading FUD, and throwing the word "bloat" around on
anything you don't personally love. On most of the recent threads on
this ML you have been everything, but never constructive. Stop being
just a spreader of negative energy, it'
Seems it isn't built for armhfp in Fedora (/usr/lib/systemd/boot/efi
> doesn't exist ...).
Hmm, I know that people build it on ARM, I guess we could enable that
in Fedora too. I am not an ARM pro myself, not sure what happens there
right now.
Upstream sd-boot has support for UEFI ia32,
make sense of it.
Note that the spec has extension points (i.e. it's permissible to add
new fields without this breaking the spec), but turning it into a
programming lnaguage is wy outside of it...
Lennart
--
Lennart Poettering, Berlin
__
work, very little gain) is exactly why we have
> been sticking with grub2 so far. We need to maintain it anyway, at which
> point we want to use it in as much cases as possible so that we can have
> unified code and documentation for dealing with the bootloader.
I do
On Mi, 01.07.20 00:38, Kevin Kofler (kevin.kof...@chello.at) wrote:
> In addition, as far as I know, systemd-boot is not compatible with the
> "Secure Boot" shim.
You are wrong. It is.
Lennart
--
Lennart Poettering, Berlin
___
de
old grub complexity again. They stole the "Boot
Loader Spec" name and turned it into something that is not related at
all to the real thing.
Supporting the boot loader spec has various benefits, including that
systemd's "systemctl kexec" will just work and un
know
it.
The dmraid people had ample time to fix their code. It's really time
this has to go.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@
installers turn it off when LUKS is involved,
since required interactivity — i.e. entering the pw — can take any
time in the world) then you will enter emergency mode if RAID is not
complete, and you can figure out yourself if you want to continue in
degraded mode, systemd won't help you a
ricter lockdown we have on the input devices otherwise.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.
ointless anyway to have
something as module that is now gonna used by most people anyway, it
just slows things down for little benefit)
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an
x27;s a novel idea: maybe read up on it, before making such a fuss
about it. You are fud'ing, and you know it.
Hint: they are NOPs if there's no configuration for them.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@l
;s
> what that file is for!
I disagree. We should strive for a system that works with empty /etc/
and if booted that way uses default settings. So that /etc is admin
territory where the admin makes changes from the defaults. Thus, if
zram is something to use by default then it should n
groups wants to do cgroup stuff it really needs to ask
systemd for delegation first (or be invoked inside a service where
something else asked for it). If it doesn't then it's simply broken.
In general, I am not sure why one would even want the cgroup tools on
a system
On Do, 16.04.20 19:53, Chris Adams (li...@cmadams.net) wrote:
> Once upon a time, Lennart Poettering said:
> > Again, we do not support DNSSEC from client to the stub. If you set CD
> > we'll return NOTIMP as rcode, indicating that. We do not implement a
> > full DNS s
On Do, 16.04.20 14:07, Matthew Miller (mat...@fedoraproject.org) wrote:
> On Thu, Apr 16, 2020 at 07:27:29PM +0200, Lennart Poettering wrote:
> > > If there are no servers configured... Shouldn't it use no servers?
> > Well, our assumption is that working DNS is better th
her be via DNSSEC if that's enabled to the upstream DNS server. We
also set it for hosts we read from /etc/hosts (i.e. a source owned by
root). If you saw incompatible server this looks like you left DNSSEC
on between resolved and upstream DNS server? Again, this is not what
we int
On Do, 16.04.20 07:45, John M. Harris Jr (joh...@splentity.com) wrote:
> If there are no servers configured... Shouldn't it use no servers?
Well, our assumption is that working DNS is better than DNS that
doesn't work.
Lennart
--
Lennart Poett
eam server
> on nss_resolve's behave (possibly with some caching), and eventually
> return the data to the application?
correct.
> Or does nss_resolve fail with UNAVAIL and expects nss_dns to fetch the
> data?
no.
Lennart
--
Lennart Poettering, Berlin
_
vide the file anymore.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/
On Do, 16.04.20 12:46, Florian Weimer (fwei...@redhat.com) wrote:
> * Lennart Poettering:
>
> > Long story short: if you experienced issues with DNSSEC on with
> > resolved today, then be assured that with DNSSEC off things are much
> > much better, and that's how
ts and a real DNS server is OK,
but maybe for servers we don't want to make such a claim, dunno, and
just enable this for newly deployed stuff but not on upgraded stuff.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedor
10:d5ff:fe78:6bbe
search fritz.box
```
(with some additional explanatory comments at the top, which I
stripped here)
Key is to access it under its proper path instead of via the symlink,
for the aforementioned reasons.
Lennart
--
Lennart Poettering, Berlin
___
low-up the discussion on this
specific issue on the bug report, instead of the ML.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Cod
27;s behaviour and quirks and its view of the world and with the
bit set it will be exposed to some upstream server's view of the world
and its quirks and behaviours, which are likely very very
different... Hence so far my take on it was: if you want real, fully
featured DNS with all weird, str
ibed in some other context?
We never suffix search domains to multi-label names. We do
traditional suffixing however for single-label names.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
ut this should be an OK
thing to do.
> I'm not sure what happens if there are multiple interfaces with
> no specific routing but I think it may try them all?
Exactly. If our routing info doesn't help us our logic is to route
queries to all scopes in parallel.
Lennart
--
Lennart Po
d be
sufficient to "systemctl disable" systemd-resolved however, and
nss-dns will take front seat again.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...
er
> > because too many scriptlets and programs patch it.
>
> Moving it to authselect might be sensible.
Why not setup.rpm? /etc/hosts is owned by setup.rpm.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedor
re anymore.
> Will the built-in DNS server still support DNSSEC without validation,
> passing through the records if they are requested by the client over the
> DNS interface? The section above is not clear.
depends on the record type. A number of DNSSEC RR types are magic, and
we'
On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
> On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
>
> > * Lennart Poettering:
> >
> > > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
> > >for
cache in memory), but I guess we
can decide it's not just compat feature now, but also and performance
improvement feature.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscri
On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
> * Lennart Poettering:
>
> > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
> >for DNS configuration, and never change it or modify it or replace
> >it. If this mode is
fd = open("/run/systemd/resolve/resolv.conf", O_RDONLY|O_CLOEXEC);
else
fd = open("/run/systemd/resolve/resolv.conf", O_RDONLY|O_CLOEXEC);
break;
}
You get the idea: use O_LOOP to check if it's a symlink and then use
readlink() to see if the
leave "files" the way it is, taking precendence.
That said, resolved has a bus API for resolving hosts too, which gives
a bit richer an API to do things, instead of using
gethostbyname(). resolved parses and caches /etc/hosts for that
natively, so that we can server the same set of n
ould just override the file to whatever it wants, and things will
just work, regarldess if resolved runs in the container or not, and
resolved -- if used -- will honour whatever the container mgr/builder
put there.
Lennart
--
Lennart Poettering, Berlin
_
if we turn resolved on in Fedora
by default, as long as we also keep DNSSEC off.
Long story short: if you experienced issues with DNSSEC on with
resolved today, then be assured that with DNSSEC off things are much
much better, and that's how we'd ship it in Fedora if it becomes
g story short: we want to default to mode #2. But if you can chose
mode #1 or #3 if you like, depending on whether you want to kick
resolved out of managing resolv.conf or out of doing any DNS lookups
for you at all.
Lennart
--
Lennart Poettering, Berlin
_
t all we'll try to use a default set of DNS servers
however, which can be specified when building systemd. it's a fallback
to make things more robust, i.e. making sure DNS works if possible.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing
imit to the hard limit should have no issues with
numbers of fds anymore, it may allocate a whipping 512K of them just
like that. (But should still take care to reset the soft limit to 1024
again when forking off foreign code.)
Lennart
--
Lennart Poettering, Berlin
_
d the ulimit -n above), and ask them to set
RLIMIT_NOFILE's soft value to the hard value. And then they will just
work without any manual limit bumping for regular people on modern
distros.
Lennart
--
Lennart Poettering, Berlin
___
devel mail
On Mi, 08.01.20 12:24, Chris Murphy (li...@colorremedies.com) wrote:
> On Mon, Jan 6, 2020 at 11:09 AM Lennart Poettering
> wrote:
> >
> > - facebook is working on making oomd something that just works for
> > everyone, they are in the final rounds of canonicalizing th
On Di, 07.01.20 09:27, Michael Catanzaro (mcatanz...@gnome.org) wrote:
> On Mon, Jan 6, 2020 at 7:09 pm, Lennart Poettering
> wrote:
> > - oomd currently polls some parameters in time intervals too,
> > still. They are working on getting rid of that too, so that
> > e
On Mo, 06.01.20 14:53, Michael Catanzaro (mcatanz...@gnome.org) wrote:
> On Mon, Jan 6, 2020 at 7:09 pm, Lennart Poettering
> wrote:
> > - facebook is working on making oomd something that just works for
> > everyone, they are in the final rounds of canonicalizing the
>
md:
https://cfp.all-systems-go.io/ASG2019/talk/DQX3DH/
(but before this will enter systemd it's gonna be dumbed down, i.e,
less configuration, more "just works")
Lennart
--
Lennart Poettering, Berlin
___
devel mailing lis
the kernel do
> > the killing, i.e. "echo f > /proc/sysrq-trigger". That way the
> > reporting via cgroups isn't fucked, and systemd can still do its
> > thing, and the kernel can kill per cgroup rather than per process...
>
> Problem is that lett
On Mo, 06.01.20 17:47, Lennart Poettering (mzerq...@0pointer.de) wrote:
> On Mo, 06.01.20 08:51, Chris Murphy (li...@colorremedies.com) wrote:
>
> > On Mon, Jan 6, 2020 at 3:08 AM Lennart Poettering
> > wrote:
> > >>
> > > Looking at the sources very s
On Mo, 06.01.20 08:51, Chris Murphy (li...@colorremedies.com) wrote:
> On Mon, Jan 6, 2020 at 3:08 AM Lennart Poettering
> wrote:
> >>
> > Looking at the sources very superficially I see a couple of problems:
> >
> > 1. Waking up all the time in 100ms intervals?
g to fix in kernel land, and if that doesn't
work out for some reason because kernel devs can't agree, then do it
as fallback in userspace, but with sound input from the kernel folks,
and the blessing of at least some of the kernel folks.
Lennart
--
Lennart Poettering, Berlin
On Fr, 20.12.19 18:11, Louis Lagendijk (lo...@fazant.net) wrote:
> On Fri, 2019-12-20 at 17:46 +0100, Lennart Poettering wrote:
> >
> > Or let me ask this differently: the "discard" mount option of various
> > kernel file systems, what does it differently than what
On Fr, 20.12.19 14:10, Karel Zak (k...@redhat.com) wrote:
> On Fri, Dec 20, 2019 at 10:23:50AM +0100, Lennart Poettering wrote:
> > On Do, 19.12.19 16:42, Ben Cotton (bcot...@redhat.com) wrote:
> >
> > > Over time, some users experience slow downs in certain flash sto
On Fr, 20.12.19 13:39, Fedora Development ML (devel@lists.fedoraproject.org)
wrote:
> On 20.12.2019 10:23, Lennart Poettering wrote:
> > So, if this is desirable, why doesn't the kernel do this on its own?
>
> Kernel's TRIM has issues with data corruption on some SSD con
l
functionality anyway?
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project
e. akin to
dm-verity, not akin to dm-integrity.
Also fs-verity applies to individual files only, it thus only has very
specific usecases. You cannot sensibly do fs-verity across the whole
OS tree, you'd spent agres to set it up at boot...
Lennart
--
Lennart Poettering, Berlin
On Fr, 06.12.19 16:42, Marius Schwarz (fedora...@cloud-foo.de) wrote:
> Am 06.12.19 um 08:57 schrieb Lennart Poettering:
> > If you know where stuff is located you can change individual blocks in
> > files. You are not going to know what you are changing them to, but
> >
distributions,
and trust the vendor's benevolence and understanding of things. And
that's the correct way to build integrity for OS resources.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject
On Fr, 06.12.19 00:39, Kevin Kofler (kevin.kof...@chello.at) wrote:
> Lennart Poettering wrote:
> > No it does not protect against offline modification. That's why
> > dm-integrity exists after all.
>
> How do you want to modify an encrypted file system without being ab
On Do, 05.12.19 15:23, Kevin Kofler (kevin.kof...@chello.at) wrote:
> Lennart Poettering wrote:
> > Uh, first of all plain full disk encryption like we set it up
> > typically on Fedora provides confidentiality, not integrity.
>
> Well, it does protect against offline modifi
ensure that /boot
> is not modified, and is generally paired with GRUB signature validation. In
> some setups, this GRUB configuration is moved to flash storage.
You are conflating integrity and confidentiality. If you want to
protect boot loaders against modification y
gnizing devices securely, which means any whitelist
is pointless because any device can claim to be whatever it wants to
be. (And yes, it would be great if we could be a bit more secure
there, but it's an orthogonal problem)
Lennart
--
Lennart Poettering, Berlin
_
want to
protect what, and understand that for different parts of the
installation different rules apply. And yes, I think encrypting the
home directory with the user's own password makes most sense.
Lennart
--
Lennart Poettering, Berlin
___
devel mail
On Do, 05.12.19 00:21, Marius Schwarz (fedora...@cloud-foo.de) wrote:
> Am 03.12.19 um 09:07 schrieb Lennart Poettering:
> > Also note that on Fedora Workstation we default to suspend-on-idle
> > these days. i.e. when you don't actually work on the laptop the laptop
>
mentary and likewise requires root?
The only thing stopping systemd-homed to run in early boot is D-Bus:
communication with systemd-homed is mostly D-Bus and that is run after
basic.target, hence logging earlier into home directories managed by
homed is not doable (at least how things are right now
are happy with such a much weaker model you might as well use regular
full disk encryption and have the home dirs themselves just be plain
directories)
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubsc
On Mi, 04.12.19 03:09, Kevin Kofler (kevin.kof...@chello.at) wrote:
> Lennart Poettering wrote:
> > The problem is that sshd's PAM implementation doesn't allow PAM
> > modules to ask questions in login sessions which are authenticated via
> > authorized_keys inst
e whole stack.
(And N and M can individually be zero, but N+M must be > 0)
(And systemd-homed also supports ext4 encryption as backend, as well
as unencrypted backends, and authentication works the same there
except that the keys are never propagated to any storage backend
because the storage ba
an that if you SSH login if you
already are logged in locally, then logins would be instant, but if
you SSH login otherwise then you'd get a prompt for the pw first.
Lennart
--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraprojec
on-idle
these days. i.e. when you don't actually work on the laptop the laptop
is suspended and not reachable via SSH at all, hence adding
systemd-homed doesn't make anything worse in that regard...
Lennart
--
Lennart Poettering, Berlin
___
devel
you don't have that,
you need to call it yourself somehow differently...
That all said it's entirely sufficient to invoke the tool at container
build time, and RPM scriptlets generally do that anyway. In that case
there's no need to ha
swap, and the kernel knows to resume from that device-mapper
> device?
I am pretty sure swap encryption really should be tied to the TPM. In
fact, it's one of the very few cases where tying things to the TPM
exclusively really makes sense.
So far noone prepared convincing patches to do
On Mo, 12.08.19 19:06, Benjamin Kircher (benjamin.kirc...@gmail.com) wrote:
>
>
> > On 12. Aug 2019, at 18:16, Lennart Poettering wrote:
> >
> > On Mo, 12.08.19 09:40, Chris Murphy (li...@colorremedies.com) wrote:
> >
> >> How to do this automatica
201 - 300 of 1811 matches
Mail list logo