| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
This file makes clear the interface shall be owned by networkd.
This does what 658169e6d307b5b1aea0d82b4a6430fa9d529c68 did for nspawn's
regular devices for the devices defined through
8aee931e7ae1adb01eeac0e1e4c0aef6ed3969ec too.
|
| |
|
|
|
| |
Alternative names are basically free, hence add "mac" there too, to make
it easier to see what names could be used as primary options too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
assigning resources to them
This adds a small, socket-activated Varlink daemon that can delegate UID
ranges for user namespaces to clients asking for it.
The primary call is AllocateUserRange() where the user passes in an
uninitialized userns fd, which is then set up.
There are other calls that allow assigning a mount fd to a userns
allocated that way, to set up permissions for a cgroup subtree, and to
allocate a veth for such a user namespace.
Since the UID assignments are supposed to be transitive, i.e. not
permanent, care is taken to ensure that users cannot create inodes owned
by these UIDs, so that persistancy cannot be acquired. This is
implemented via a BPF-LSM module that ensures that any member of a
userns allocated that way cannot create files unless the mount it
operates on is owned by the userns itself, or is explicitly
allowelisted.
BPF LSM program with contributions from Alexei Starovoitov.
|
| |
|
|
|
|
|
|
| |
Spotted randomly when going through CI logs:
systemd-udevd[658]: /usr/lib/systemd/network/80-6rd-tunnel.link:21: Unknown section 'Network'. Ignoring.
Follow-up for 658169e6d30.
|
| |
|
|
| |
Follow-up for 658169e6d307b5b1aea0d82b4a6430fa9d529c68.
|
| |
|
|
|
|
|
|
|
|
| |
This is a follow-up for #30786 and uses it to assign
ID_NET_MANAGED_BY=io.systemd.Network to all all network interfaces that
we consider ours to manage. This should hopefully have the effect that
other well-behaving managers won't fight for these devices.
This doesn't bother with network interfaces we match inside containers,
since udev is not available there anyway.
|
| |
|
|
|
|
|
|
| |
I started working on integrating this in the Fedora package and realized that
the example files should be installed regardless of the renamed files when
default-network=true is used. This is because the renamed files become part of
a different package, and we want to have the other files which are used as
documentation in the main package anyway.
|
| |\
| |
| | |
meson: follow-ups for -Ddefault-network=
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It seems that when 'rename' field is set, the path (instead of the
filename) is appended to the 'install_dir'.
Follow-up for 9b7a624267fddc5c20bd15480e7a393d7a3b270e.
Fixes #29925.
|
| | |
| |
| |
| |
| | |
For safety. We already add similar condition to a generated one:
c25aa6c8acc6d95eaacae7858a7057907d61a25e
|
| |/
|
|
|
|
|
|
| |
networkd ignores errors in reading driver through ethtool. The kind of
network interface is retrieved through netlink, and networkd checks
checks many failures. So, using Kind= should be safer.
No functional change, just for safety.
|
| | |
|
| |
|
|
|
|
|
|
| |
Also this renames 80-ethernet.network.example -> 89-ethernet.network.example,
to make it have lower precedence over other default .network files for
Ethernet interfaces.
Closes #29765.
|
| |
|
|
|
|
|
| |
Also,
- drop DHCP=no, as it is the default setting,
- enable IPv6SendRA= for wifi access point,
- enable MulticastDNS= for wifi adhoc mode.
|
| |
|
|
| |
Follow-up for e6ba085398866ab05511fe748b8e9f7cbe85148e.
|
| |
|
|
|
|
|
|
|
|
| |
This is name ".network.example" for now, to match the existing
80-ethernet.network file.
I think it would make sense to actually install this by default if told
so via a meson file (and then hopefully this would happen even on
Fedora, though in a split off RPM or so). However, we aren't there yet,
hence for now, just ship the .network files as example, like the others.
|
| |
|
|
|
|
| |
The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'.
Let's replace it with install_emptydir() builtin function and
inline meson call.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Arguably, CC0 is just fine for examples since they are not code. But it's
easier to be consistent and just use MIT-0 for all "documentation". Thus,
the license is changed similarly code examples under man/.
Based on 'git shortlog -ns network/*' and 'git log -p', the following folks
should ack this:
Zbigniew Jędrzejewski-Szmek
Lennart Poettering
Tom Gundersen
Yu Watanabe
Daan De Meyer
Marc-André Lureau
|
| |
|
|
|
|
|
|
| |
The file has instructions how to "enable" it by symlinking into the
appropriate place. If we create a different mechanism to do enablement
later on, we can always adjust the instructions.
Closes #3998.
|
| |
|
|
|
|
|
|
| |
Same justification as the previous commit.
$ for i in network/*-*; do git blame $i;done | less
shows that those files were written by Tom Gundersen, Lennart Poettering, Yu
Watanabe, me, and Marc-André Lureau.
|
| |
|
|
|
|
| |
This matches what we have for example programs under man/, and is nice
because it allows people to copy the files as they wish without worrying
about copyright. The files are too trivial to copyright anyway.
|
| |
|
|
| |
Closes #19152.
|
| |
|
|
|
| |
It should have the full header because it will be installed onto
user systems like the other .network files.
|
| | |
|
| |
|
|
| |
It is nicer and shorter.
|
| | |
|
| |
|
|
| |
Follow-up for 4c72d851cd007e945a85811f89376a2675daa1a5.
|
| |
|
|
|
|
|
|
|
| |
RAs trigger neighbor discovery which allows users to query the
LL address of the container/VM via `ip neighbor get dev`. This is
useful as it gives users an easy way to connect to the container
without needing LLMNR or mDNS to resolve the hostname of the container
to an IP address. In practice, this allows connecting with only
networkd enabled and without resolved running in the host/container.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.
Alternative to https://github.com/systemd/systemd/pull/17501
tested with:
$ mkdir inst build && cd build
$ meson \
-Dcreate-log-dirs=false \
-Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \
-Dsysvinit-path=$(realpath ../inst)/etc/init.d \
-Drootprefix=$(realpath ../inst) \
-Dinstall-sysconfdir=false \
--prefix=$(realpath ../inst) ..
$ ninja install
|
| | |
|
| |
|
|
|
| |
VM typically use a TAP device, and work similarly to a veth device from the
host side.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I think 80-wifi-adhoc.network is safe enough, since it just enables
the link-local addressing. But the other two enable DHCP in client
or server modes, and we should not do this by default.
|
| |\ |
|
| |/ |
|
| |
|
|
| |
Closes #12098.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If "keep" policy is specified, and the interface has a name that is
NET_NAME_USER or NET_NAME_RENAMED, we stop processing rules. "keep" should
probably be specified either first or last depending on the preference.
This partially reimplements 55b6530baacf4658a183b15b010a8cf3483fde08, in the
sense that if the "keep" policy is not specified, and if the interface has
a NamingPolicy, it will be renamed, even if it had a name previously.
So this breaks backwards compatibility in this case, but that's more in line
with what users expect.
Closes #9006.
|
| |
|
|
|
|
|
| |
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
|
| |
|
|
|
|
| |
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
| |
|
|
|
|
|
|
|
|
| |
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
|
| |
|
|
|
|
|
| |
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
|
| |
|
|
|
| |
v2:
- also mention m4
|
| |
|
|
|
|
|
|
|
| |
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.
Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
|
| |
|
|
|
|
|
| |
The indentation for emacs'es meson-mode is added .dir-locals.
All files are reindented automatically, using the lasest meson-mode from git.
Indentation should now be fairly consistent.
|
