| Age | Commit message (Collapse) | Author |
|---|
|
There is no need to assign valuse to the states. Also add _INVALID and _MAX,
even though these are not used, it keeps it consistent.
|
|
This ressurects 47d45d3cde45d6545367570264e4e3636bc9e345. We now always use /128 prefixes,
so there is no need for the DHCPv6 code to know about prefixes expiring.
|
|
The routing information should be configured separately by ND, there is no need to
indicate the prefix again in the DHCPv6 addresses.
See discussion and related links at issue #1520.
|
|
|
|
Refer to Router Discovery rather than ICMPv6.
|
|
|
|
|
|
|
|
|
|
The actual code rename will follow. The reason for the change of name is to make it
simpler and more uniform with how we name other libraries (we don't include the
underlying protocol). The new name also matches the naming in the kernel (which
is particularly relevent here as we expect to let the kernel do some parts of
the protocol and we do others).
|
|
networkd-manager: fix swapped arguments
|
|
fixes Coverity #1328493
|
|
extract_first_word understands "\'string" but doesn't understand "\"string"
fixed this inconsistency.
|
|
|
|
Othewise we might follow the symlinks on the host, instead of the
container.
Fixes #1400
|
|
Make sure we acquire CAP_NET_ADMIN if we require virtual networking.
Make sure we imply virtual ethernet correctly when bridge is request.
Fixes: #1511
Fixes: #1554
Fixes: #1590
|
|
|
|
|
|
using "machinectl set-limit"
Previously, we already accepted "-" as special value for dropping
limits. Add "infinity", as that's what we support for RLIMITs and hence
should support here to. Also add "none" as that's what the btrfs tools
use.
|
|
This allows us to set up the quota group hierarchy in a reasonable way
on btrfs file systems.
|
|
|
|
With this change we understand more than just leaf quota groups for
btrfs file systems. Specifically:
- When we create a subvolume we can now optionally add the new subvolume
to all qgroups its parent subvolume was member of too. Alternatively
it is also possible to insert an intermediary quota group between the
parent's qgroups and the subvolume's leaf qgroup, which is useful for
a concept of "subtree" qgroups, that contain a subvolume and all its
children.
- The remove logic for subvolumes has been updated to optionally remove
any leaf qgroups or "subtree" qgroups, following the logic above.
- The snapshot logic for subvolumes has been updated to replicate the
original qgroup setup of the source, if it follows the "subtree"
design described above. It will not cover qgroup setups that introduce
arbitrary qgroups, especially those orthogonal to the subvolume
hierarchy.
This also tries to be more graceful when setting up /var/lib/machines as
btrfs. For example, if mkfs.btrfs is missing we don't even try to set it
up as loopback device.
Fixes #1559
Fixes #1129
|
|
|
|
I accidentally broke this a while back when I ported systemctl to the
verbs logic.
Add support for this back.
|
|
Simplify the call, and add dir_is_populated() as inverse call, in order
to make some checks easier to read.
|
|
|
|
ReadOnlyDirectories=-/ works fine
|
|
systemd-run can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories
|
|
Every time the state is written out we may trigger third-party apps, so
let's be a bit more careful about writing this out unnecessarily.
|
|
|
|
|
|
|
|
We only keep the addresses that we added ourselves in link->addresses, and
introduce a new set link->addresses_foreign to keep addresses of unknown
origin.
Only functional change is that "foreign" addresses no longer prevent a link
from entering "configured" state.
|
|
Establish the firewall rule before creating the address, and do not create the address
if the firewall rule could not be created. Also, only drop the firewall rule once
the address has been removed from the kernel.
|
|
These functions are almost entirely the same, so avoid duplication.
|
|
Call back into link_check_ready() whenever an address state change may have
made a link ready.
|
|
We were considering a link configured whilst its IPv6 addresses were still
tentative.
Fixes issue #650.
|
|
InaccessibleDirectories
|
|
from ceb728cf
|
|
run: fix Environment parsing
|
|
networkd: add support to configure IPv6 DAD
|
|
* `Environment=` resets previous assignments
* `Environment='a=1 b=2'` sets `a` to `1` and `b` to `2`
* `Environment='"a=1 2" b=2"'` sets `a` to `1 2` and `b` to `2`
|
|
nspawn: skip /sys-as-tmpfs if we don't use private-network
|
|
Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel
doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over
the network namespace.
So the mounting /sys as a tmpfs code introduced in
d8fc6a000fe21b0c1ba27fbfed8b42d00b349a4b doesn't work with user
namespaces if we don't use private-net. The reason is that we mount
sysfs inside the container and we're in the network namespace of the host
but we don't have CAP_SYS_ADMIN over that namespace.
To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use
private network and ignore the /sys-as-a-tmpfs code if we find that /sys
is already mounted as sysfs.
Fixes #1555
|
|
|
|
|
|
A bit snake-oilish, but can't hurt.
|
|
Fixes one of the issues pointed out in #1522.
|
|
|
|
|
