There were talks a few years ago about changing sd-tmpfiles name but it was decide not worth it due to the churn and bikeshedding it would cause.
sd-tmpfiles is generally used to create, modify (e.g. permissions) and remove directories on the system. The home.conf is intended for systems that only ship /usr/ (e.g. containers) to create /home/ and /srv/ as a separate subvolume on btrfs
I don’t understand how this is any improvement over pkexec
That has the same problem as sudo: the SUID bit is set for it.
The fact that run0 uses polkit is more of a byproduct that this kinda authentication is already done with polkit all over the place in systemd. You can have individual subcommand accessible to different users (for example everyone can systemctl status, but systemctl reboot needs to be in the wheel group) which is why its generally used within systemd already. And it wouldn't surprise me if again you can do it with this as well, limiting what commands can unconditionally run, need prompt or are completely blocked.
systemd-run, which is calling into PID1)dlopened on demand (which was planned even before the attack, which is speculated that the attack was accelerated in timeline because he was on a timer before the change was released)I think what they meant is that there are people that think: "Wayland is too fragmented, there should be 1 'Wayland Compositor' and the rest should be window managers"
Arch: Move more of the things shipped by the distro to /usr/, too many things are still in /etc/, /var/ and /srv/. Generally this isn't a problem, but when you want to make an A/B updated image where only /usr/ is shipped it is a bit annoying. Also, bash has no way to have a "distro" version of /etc/profile.
Another benefit is: no .pacnew files in /etc/ (or anywhere else) since those would all be managed by the system maintainer and aren't touched by the package manager
It only at most auto logs you into the display manager or more generally into login. Then you still need to get root access to modify anything from there. Login would still be based on user password/key/whatever.
Having read poetterings blog posts a bit and he explains that the TPM2 based encryption is entirely just for system resources (basically everything under / with exception of /home). For home he still "envisions" (its already possible and not really hard with sd-homed) that the encryption is based on the users passphrase/key/whatever and not unlockable by anyone else than the users passphrase/...
So user specific stuff is tied to user keys while system stuff is tied to the system & OS.
If you wanna read the post: https://0pointer.net/blog/fitting-everything-together.html
nor can I imagine it ever happening.
Chief, MS has multiple internal only Linux distros and publically they have CBL-Mariner and I think another that I forgot. They are mostly used with Azure. They really aren't that much more different to what I know to any other (common) distro out there
Bruh, I read this as ELF instead of EFL and was hoping on learning something interesting about the format.
But then I started the TTS to read out loud and noticed it said E-F-L.
But they also confirmed that every new/reinstall on the same device counts as a different install, aka another 20ct
Well, it's a Microsoft company. So... ya know, they have shit hit the fan so often they would just be in meeting permanently.
The kernel modules usually are signed with a different key. That key is created at build time and its private key is discarded after the build (and after the modules have been signed) and the kernel uses the public key to validate the modules IIRC. That is how Archlinux enables can somewhat support Secure Boot without the user needing to sign every kernel module or firmware file (it is also the reason why all the kernel packages aren't reproducible).