Age | Commit message (Collapse) | Author |
|
selinux: fix missing SELinux unit access check
|
|
basic: dns-name - between()
|
|
analyze: correctly draw the plot for user instances.
|
|
Start-up timestamp of a user instance (userspace_time in struct boot_times)
actually may be arbitrarily big. This, because all timestamps are offset by
that value, leads to creation of arbitrarily wide SVGs which almost completely
consist of blank space.
Fix this by inverse-offsetting all timestamps by that value if user instance
operation is requested.
Fixes #740.
|
|
|
|
Given three DNS names this function indicates if the second argument lies
strictly between the first and the third according to the canonical DNS
name order. Note that the order is circular, so the last name is
considered to be before the first.
|
|
The canonical DNS name ordering considers the rightmost label the most significant,
we were considering it the least significant. This is important when implementing
NSEC, which relies on the correct order.
|
|
Intended to be called repeatedly, and returns then successive unescaped labels
from the most to the least significant (left to right).
This is slightly inefficient as it scans the string three times (two would be
sufficient): once to find the end of the string, once to find the beginning
of each label and lastly once to do the actual unescaping. The latter two
could be done in one go, but that seemed unnecessarily convoluted.
|
|
Next patch will make the latter call into the former.
|
|
VnetHeader was renamed to VNetHeader just now. Update NEWS accordingly.
|
|
networkd: capitalize VNetHeader= as VnetHeader=
|
|
resolved: UDP fixes
|
|
|
|
This is handled by the kernel now that the socket is connect()ed.
|
|
This was a bug.
|
|
As we have connect()ed to the desired DNS server, we no longer need to pass
control messages manually when sending packets. Simplify the logic accordingly.
|
|
This function emits the UDP packet via the scope, but first it will
determine the current server (and connect to it) and store the
server in the transaction.
This should not change the behavior, but simplifies the code.
|
|
Even when we use shortened, combined words, we still should uppercase
where a new word starts. I couldn't find a canonically capitalized
version of this term, hence I think we should follow our naming rules
here.
|
|
No functional change, but makes follow-up patch clearer.
|
|
With access to the server when creating the socket, we can connect()
to the server and hence simplify message sending and receiving in
follow-up patches.
|
|
Close the socket when changing the server in a transaction, in
order for it to be reopened with the right server when we send
the next packet.
This fixes a regression where we could get stuck with a failing
server.
|
|
This was only ever used by LLMNR, so don't request this for unicast DNS packets.
|
|
A transaction can only have one socket at a time, so no need to distinguish these.
|
|
Each signal of the ObjectManager interface carries the path of the object
in question as an argument. Therefore, a caller will deduce the object
this signal is generated for, by parsing the _argument_. A caller will
*not* use the object-path of the message itself (i.e., message->path).
This is done on purpose, so the caller can rely on message->path to be
the path of the actual object-manager that generated this signal, instead
of the path of the object that triggered this signal.
This commit fixes all InterfacesAdded/Removed signals to use the path of
the closest object-manager as message->path. 'closest' in this case means
closest parent with at least one object-manager registered.
This fix raises the question what happens if we stack object-managers in
a hierarchy. Two implementations are possible: First, we report each
object only on the nearest object-manager. Second, we report it on each
parent object-manager. This patch chooses the former. This is compatible
with other existing ObjectManager implementations, which are required to
call GetManagedObjects() recursively on each object they find, which
implements the ObjectManager interface.
|
|
… for better readability.
|
|
|
|
units: add more caps to machined
|
|
New features and API changes for v223. Please review carefully and amend!
|
|
Otherwise copying full directory trees between container and host won't
work, as we cannot access some fiels and cannot adjust the ownership
properly on the destination.
Of course, adding these many caps to the daemon kinda defeats the
purpose of the caps lock-down... but well...
Fixes #433
|
|
Add the PID we are proxying for, as well as the message's sender and
destination string, to the debug message that is printed when the proxy
drops unmatched broadcasts.
|
|
-i (aka --interface) takes an argument. Tell getopt_long() that, so that optarg
isn't NULL.
|
|
Automount fixes
|
|
proxyd: downgrade to log_debug() for unmatched broadcasts
|
|
|
|
sd-boot: Show stub cmdline when edit (v2)
|
|
man: typo fixes
|
|
man: describe masking of .network files better
|
|
|
|
This should clear up some confusion in
https://github.com/systemd/systemd/issues/717.
This basically copies the description from systemd.unit to this
man page. Masking can happen also in /run, so strike the part
about /etc, and also add the magic work "mask".
|
|
|
|
Networkd clarifications
|
|
Justification is similar to BPDUGuard rename. "Positive" values
are easier. This is a rather uncommon option, so using a slightly
longer name should not be a problem, and may in fact may make it
easier to guess what the option does without reading the
documentation.
|
|
Looking at the kernel commit, "on" seems to be the default value:
commit 867a59436fc35593ae0e0efcd56cc6d2f8506586
Author: Vlad Yasevich <vyasevic@redhat.com>
Date: Wed Jun 5 10:08:01 2013 -0400
bridge: Add a flag to control unicast packet flood.
Add a flag to control flood of unicast traffic. By default, flood is
on and the bridge will flood unicast traffic if it doesn't know
the destination. When the flag is turned off, unicast traffic
without an FDB will not be forwarded to the specified port.
... and it seems to be the reasonable thing to do by default.
|
|
Rename to follow the follow the style of other options.
In general "positive" options are preferred to "negative" ones,
because they are easier to describe and easier for humans to
parse (c.f. the shortening on the man page entry).
|
|
|
|
Old name was slightly misleading, because this flag does not determine
whether DSCP is used overall, but only if it is copied to the
decapsulated packet. Rename to better reflect that.
"Copy" does not imply direction. This is on purpose, because we might
later on enhance the setting to allow/disallow copying in the other
direction, to the encapsulated packet. If that is implemented,
CopyDSCP could understand additional values. This is nicer than
having two separate settings and follows the example of DHCP=.
Also, we try to avoid abbreviations, but we allow acronyms
like MTU, in DiscoverPathMTU=.
This setting was recently added, so it's fine to rename it without
backwards compat.
|
|
http://marc.info/?l=linux-netdev&m=109507453227993&w=2
|
|
Follow up for v222-124-g79e27dbcb1.
|
|
Also add dots at the end of sentences.
|
|
|