Age | Commit message (Collapse) | Author |
|
This patch adds peer address support for
networkd . In the [Address] a new configurable
param is Peer.
[Match]
Name=ipip-tun
[Address]
Address=10.0.0.1/32
Peer=10.0.0.2/32
|
|
Check that received DHCP packets actually include our MAC address in
chaddr field. BPF interpreter has 32 bit wide registers but MAC address
is 48 bits long so we have to do check in two steps.
|
|
|
|
This is useful to test the behaviour of the compressor for various buffer
sizes.
Time is limited to a minute per compression, since otherwise, when LZ4
takes more than a second which is necessary to reduce the noise, XZ
takes more than 10 minutes.
% build/test-compress-benchmark (without time limit)
XZ: compressed & decompressed 2535300963 bytes in 794.57s (3.04MiB/s), mean compresion 99.95%, skipped 3570 bytes
LZ4: compressed & decompressed 2535303543 bytes in 1.56s (1550.07MiB/s), mean compresion 99.60%, skipped 990 bytes
% build/test-compress-benchmark (with time limit)
XZ: compressed & decompressed 174321481 bytes in 60.02s (2.77MiB/s), mean compresion 99.76%, skipped 3570 bytes
LZ4: compressed & decompressed 2535303543 bytes in 1.63s (1480.83MiB/s), mean compresion 99.60%, skipped 990 bytes
It appears that there's a bug in lzma_end where it leaks 32 bytes.
|
|
Add liblz4 as an optional dependency when requested with --enable-lz4,
and use it in preference to liblzma for journal blob and coredump
compression. To retain backwards compatibility, XZ is used to
decompress old blobs.
Things will function correctly only with lz4-119.
Based on the benchmarks found on the web, lz4 seems to be the best
choice for "quick" compressors atm.
For pkg-config status, see http://code.google.com/p/lz4/issues/detail?id=135.
|
|
uncompress_startswith would always decode the whole stream, even
if it did not start with the given prefix.
Reallocation policy was also strange.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=80685
|
|
|
|
Repotred by Ronny Chevalier
|
|
|
|
|
|
If client->lease is NULL, dhcp6_lease_clear_timers will cause a segmentation
fault.
|
|
(ephemeral) mode
Two modes are supported: --volatile=yes mounts only /usr into the
container, and a tmpfs as root directory. --volatile=state mounts the
full OS tree in, but overmounts /var with a tmpfs.
--volatile=yes hence boots with an unpopulated /etc and /var, starting
with pristine configuration and state.
--volatile=state hence boots with an unpopulated /var, only starting
with pristine state.
|
|
Previously, we checked whether /etc was completely empty. This makes it
difficult though for container managers such as nspawn to install a
small number of files (such as /etc/timezone), and have the system
otherwise populate its own tree.
Hence, change this by looking for /etc/machine-id, which should be a
good sign whether /etc is populated or not.
|
|
We really don't want these in containers as they provide a too lowlevel
look on the system.
Conditionalize them with CAP_SYS_RAWIO since that's required to access
/proc/kcore, /dev/kmem and similar, which feel similar in style. Also,
npsawn containers lack that capability.
|
|
CAP_MKNOD
npsawn containers generally have CAP_MKNOD, since this is required
to make PrviateDevices= work. Thus, it's not useful anymore to
conditionalize the kmod static device node units.
Use CAP_SYS_MODULES instead which is not available for nspawn
containers. However, the static device node logic is only done for being
able to autoload modules with it, and if we can't do that there's no
point in doing it.
|
|
Reported by Moviuro <moviuro@gmail.com>
|
|
When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather
than just an empty ack (unlike how NEWLINK works). For this reason, the
process that did the NEWADDR does not get the broadcast message.
We were only listening for broadcast messages, and hence not tracking the
addresses we added ourselves. This went unnoticed as the kernel will usually
send NEWADDR messages from time to time anyway, so things would mostly work,
but in the worst case we would not notice that a routable address was available
and consider ourselves offline.
|
|
|
|
the only correct name appears to be "crisv32"...
http://lists.freedesktop.org/archives/systemd-devel/2014-July/020899.html
|
|
|
|
|
|
|
|
|
|
container on a remote host
|
|
|
|
|
|
|
|
|
|
|
|
|
|
set up
|
|
|
|
|
|
|
|
I don't have suitable hardware at hand, so this is based
on debian documentation:
https://wiki.debian.org/ArmEabiPort#GCC_preprocessor_macros_for_floating_point
|
|
|
|
|
|
|
|
|
|
This is really just about library locations, hence clarify that we don't
assume this to be anything but that.
|
|
We should follow the naming scheme waitid() uses, not come up with our
own reversed one...
|
|
|
|
|
|
|
|
THis way we can remove cgroup priviliges after setup, but get them back
for the next restart, as we need it.
|
|
When a machine is registered in machined with CreateMachine it is OK to
kill the machine when it is terminated, but when an existing unit is
simply registered via RegisterMachine we shouldn't do that, as the unit
is controlled by somebody else.
|
|
This does the inverse of RestartPreventExitStatus=: it forces a restart
of a service when a certain exit status is returned by a service
process.
|
|
Susant says:
> ip tuntap turns this off by default.
Let's follow ip(8) here as that should be the least surprising.
|
|
The group argument is a union. We need to
pass the correct type
|