| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Also mention ZZZ_HIBERNATE_MODE
|
| |
|
|
|
|
|
|
|
|
| |
The fix in 79675bcb1a was insufficient, as test -x doesn't work
on noexec mount (which /run often is), due to using access(X_OK)
and not checking the actual stat. Use find instead.
Found and fixed by feranur.
|
|
|
|
|
| |
effectively informs user that encryption key(s) have been securely
erased prior to potentially rebooting which would leave memory energized
|
|
|
|
| |
oops
|
| |
|
|
|
|
|
|
|
|
|
| |
This enables handling of the following options:
* perf-same_cpu_crypt
* perf-submit_from_crypt_cpus
* perf-no_read_workqueue
* perf-no_write_workqueue
|
| |
|
|
|
|
| |
fixes #82
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Reference: https://wiki.archlinux.org/title/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance
adds no-read-workqueue,no-write-workqueue options.
|
|
|
|
|
|
| |
There have been a number of subtle improvements and cleanups to seedrng,
including using openat and locking the directory fd instead of a
separate lock file. Also various stylistic cleanups.
|
|
|
|
| |
Fixes #6
|
|
|
|
| |
A few days of cooking have yielded a few trivial cleanups.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like void-runit
and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
This commit imports it into void-runit and wires up the init scripts to
call it. This also is a significant improvement over the current init
script, which fails to remove seed files that have already been used, or
to ratchet them forward.
|
|
|
| |
Fixes #77
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the tooling that rely on cgroups (notably podman, runc and
crun) enable cgroup2 mode only if /sys/fs/cgroup has a v2 magic
number. This commit introduces configuration option that controls the
way cgroup is mounted, 3 modes are supported:
- hybrid: current mode with v1 and v2 mounted
- unified: v2 only mode
- legacy: v1 only mode
This is modeled after OpenRC:
https://github.com/OpenRC/openrc/blob/72df51e17ba0e1a0f94451b4bbfb338288c4625c/init.d/cgroups.in#L121-L129
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pending change to allow for alternate init power controls requires
that the halt binary provided here be somewhat less strict in its
argv[0] matching in order to allow for halt, reboot, and poweroff to
still function in situations where the binary has been renamed.
This switches from strcmp(__progname, "string") to strncmp(__progname,
"string", len), where len is the name of the power command sans any
suffix.
Signed-off-by: Colin Booth <colin@heliocat.net>
|
|
|
|
| |
Closes #64.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The setsid program has a surprise gotcha of backgrounding a process if
it already happens to be the session leader. This is ok for runit which
never sets the service as a session leader but does not work with other
supervisors which might. chpst provides the same setsid(2) functionality
without also having the gotcha.
Be aware that chpst has issues around gidlist squashing when using
the -u or -U options without explicit passing. This behavior is not
triggered in this case since chpst is being run as root and not being
asked to drop privileges.
|
|
|
|
| |
Without this only the first occurrence is replaced
|
| |
|
| |
|
|
|
|
|
| |
Recommend users to symlink their timezone to /etc/localtime instead of
setting TZ in /etc/rc.conf. List disadvantages of setting it in rc.conf.
|
|
|
|
|
|
|
| |
/run/runit/{stopit,reboot} should have their perms set to 100 by
ctrlaltdel, before runit signals itself with SIGCONT, in order to
trigger a reboot. This script can be changed by a user to perform
different actions. The comments in it explain what each file is for.
|
|
|
|
|
|
|
|
| |
runit uses the permissions in the /etc/runit/reboot file to determine
whether it's going to perform a halt or reboot action. This conditional
in 3 meant that touching the reboot file, even with 000 perms, would
lead to a reboot, which goes agains what is expected according to the
runit documentation.
|
|
|
|
|
|
|
|
|
|
| |
The 100 permission in /run/runit/stopit made it so that signaling runit
with SIGCONT would shut the system down. To achieve the correct
behavior, we should create the stopit and reboot files with 000 perms,
and allow their permissions to be set correctly by calls to `init 0` or
`init 6` or by /etc/runit/ctrlaltdel.
1
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Update README.md
|
| |
| |
| | |
list not the link, but inside the linked dir.
|
|\ \
| | |
| | | |
Vlogger
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
fix(urandom): avoid uninitialized read during boot
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Regenerating the stored seed was an attempt to prevent hard shutdowns
from leading to seed reuse.
Unfortunately, this practice depletes any entropy that was added by
the seed.
Furthermore on newer kernels which do not credit entropy added from
userspace, the operation is often an uninitialized read of urandom.
|
|\ \ \ \
| | | | |
| | | | | |
fix(sysctl): behave more like sysctl --system
|