platform/upstream/systemd.git
5 years agoupdate TODO
Lennart Poettering [Wed, 20 Mar 2019 20:00:17 +0000 (21:00 +0100)]
update TODO

5 years agocore: imply NNP and SUID/SGID restriction for DynamicUser=yes service
Lennart Poettering [Wed, 20 Mar 2019 19:19:38 +0000 (20:19 +0100)]
core: imply NNP and SUID/SGID restriction for DynamicUser=yes service

Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.

Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.

5 years agounits: turn on RestrictSUIDSGID= in most of our long-running daemons
Lennart Poettering [Wed, 20 Mar 2019 18:52:20 +0000 (19:52 +0100)]
units: turn on RestrictSUIDSGID= in most of our long-running daemons

5 years agoman: document the new RestrictSUIDSGID= setting
Lennart Poettering [Wed, 20 Mar 2019 18:45:32 +0000 (19:45 +0100)]
man: document the new RestrictSUIDSGID= setting

5 years agoanalyze: check for RestrictSUIDSGID= in "systemd-analyze security"
Lennart Poettering [Wed, 20 Mar 2019 18:20:35 +0000 (19:20 +0100)]
analyze: check for RestrictSUIDSGID= in "systemd-analyze security"

And let's give it a heigh weight, since it pretty much can be used for
bad things only.

5 years agocore: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=
Lennart Poettering [Wed, 20 Mar 2019 18:09:09 +0000 (19:09 +0100)]
core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=

5 years agotest: add test case for restrict_suid_sgid()
Lennart Poettering [Wed, 20 Mar 2019 18:01:37 +0000 (19:01 +0100)]
test: add test case for restrict_suid_sgid()

5 years agoseccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid...
Lennart Poettering [Wed, 20 Mar 2019 18:00:28 +0000 (19:00 +0100)]
seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files

5 years agoseccomp: add debug messages to seccomp_protect_hostname()
Lennart Poettering [Wed, 20 Mar 2019 17:59:59 +0000 (18:59 +0100)]
seccomp: add debug messages to seccomp_protect_hostname()

5 years agocore: add a generic helper that forwards per-unit method calls from Manager
Lennart Poettering [Fri, 29 Mar 2019 19:34:45 +0000 (20:34 +0100)]
core: add a generic helper that forwards per-unit method calls from Manager

Quite often we have a method DoSomethingWithUnit() on the Manager object
that is the same as a function DoSomething() on a Unit object. Let's
shorten things by introducing a common function that forwards the
former to the latter, instead of writing this again and again.

5 years agoMerge pull request #12013 from yuwata/fix-switchroot-11997
Zbigniew Jędrzejewski-Szmek [Tue, 2 Apr 2019 14:06:07 +0000 (16:06 +0200)]
Merge pull request #12013 from yuwata/fix-switchroot-11997

core: on switching root do not emit device state change based on enumeration results

5 years agoMerge pull request #12185 from poettering/login-unstore-fd
Zbigniew Jędrzejewski-Szmek [Tue, 2 Apr 2019 12:27:27 +0000 (14:27 +0200)]
Merge pull request #12185 from poettering/login-unstore-fd

logind: remove unused fds from fdstore

5 years agoMerge pull request #12186 from poettering/lgtm-updates
Zbigniew Jędrzejewski-Szmek [Tue, 2 Apr 2019 12:19:27 +0000 (14:19 +0200)]
Merge pull request #12186 from poettering/lgtm-updates

lgtm ruleset updates

5 years agoMerge pull request #12183 from poettering/askpwargv
Zbigniew Jędrzejewski-Szmek [Tue, 2 Apr 2019 11:50:14 +0000 (13:50 +0200)]
Merge pull request #12183 from poettering/askpwargv

tty-ask-password: let's copy argv[] before forking

5 years agojournal: LGTM doesn't recognize suppressions in /* */
Frantisek Sumsal [Mon, 25 Mar 2019 17:22:48 +0000 (18:22 +0100)]
journal: LGTM doesn't recognize suppressions in /* */

5 years agotest: stop using dup() needlessly
Lennart Poettering [Tue, 2 Apr 2019 10:44:15 +0000 (12:44 +0200)]
test: stop using dup() needlessly

5 years agolgtm: beef up list of dangerous/questionnable API calls not to make
Lennart Poettering [Tue, 2 Apr 2019 10:43:47 +0000 (12:43 +0200)]
lgtm: beef up list of dangerous/questionnable API calls not to make

5 years agologind: when we cannot attach a passed fd to a device, close it
Lennart Poettering [Tue, 2 Apr 2019 09:52:58 +0000 (11:52 +0200)]
logind: when we cannot attach a passed fd to a device, close it

Replaces: #8532

5 years agologind: simplify removal of device fds
Lennart Poettering [Tue, 2 Apr 2019 09:51:50 +0000 (11:51 +0200)]
logind: simplify removal of device fds

let's use sd_notifyf(). Let's also stop validating the session ID here.
This is the destructor. if it contains a dash, we are already too late
here anyway.

5 years agojournal-remote: use source's boot-id
Chris Morin [Thu, 14 Mar 2019 18:24:52 +0000 (11:24 -0700)]
journal-remote: use source's boot-id

systemd-journal-remote always wrote the boot-id of the device it was running on
to the header of its journal files. When the source had a different boot-id
(because it was generated on a different boot, or a different device), the
boot-ids in the file were inconsistent. The _BOOT_ID field was that of the
source, but the journal file header and each entry object header were that of
the device systemd-journal-remote ran on. This breaks journalctl --list-boots
on any of these files.

Set the boot-id in the header to be that of the source. This also fixes the
entry object headers.

5 years agoipv4ll: do not reset seed generation counter on restart
Yu Watanabe [Fri, 29 Mar 2019 22:33:03 +0000 (07:33 +0900)]
ipv4ll: do not reset seed generation counter on restart

Fixes #12145.

5 years agoMerge pull request #12007 from poettering/clock-change
Lennart Poettering [Tue, 2 Apr 2019 08:24:35 +0000 (10:24 +0200)]
Merge pull request #12007 from poettering/clock-change

.timer OnClockChange= and OnTimezoneChange= settings

5 years agotty-ask-password: re-break comment
Lennart Poettering [Tue, 2 Apr 2019 08:10:30 +0000 (10:10 +0200)]
tty-ask-password: re-break comment

5 years agotty-ask-password: simplify signal handler installation
Lennart Poettering [Tue, 2 Apr 2019 08:10:02 +0000 (10:10 +0200)]
tty-ask-password: simplify signal handler installation

5 years agotty-ask-password: no need to initialize something already NUL initialized to NUL
Lennart Poettering [Tue, 2 Apr 2019 08:08:29 +0000 (10:08 +0200)]
tty-ask-password: no need to initialize something already NUL initialized to NUL

5 years agotty-ask-password: drop redundant local variable
Lennart Poettering [Tue, 2 Apr 2019 08:07:58 +0000 (10:07 +0200)]
tty-ask-password: drop redundant local variable

5 years agotty-ask-password: copy argv[] before forking child
Lennart Poettering [Tue, 2 Apr 2019 08:04:16 +0000 (10:04 +0200)]
tty-ask-password: copy argv[] before forking child

Another fix in style of bd169c2be0fbdaf6eb2ea7951e650d5e5983fbf6.

Let's also avoid strjoina() in a loop (i.e. stack allocation). While in
this specific caseone could get away with it (since we'd immediately
afterwards leave the loop) it's still ugly, and every static checker
would be totally within its rights to complain.

Also, let's simplify things by not relying on argc, since it's redundant
anyway, and it's nicer to just treat things as NULL terminated strv
array.

Fixes: #12180

5 years agoupdate TODO
Lennart Poettering [Thu, 14 Mar 2019 22:30:11 +0000 (23:30 +0100)]
update TODO

5 years agoman: document the two new .timer settings
Lennart Poettering [Thu, 14 Mar 2019 22:28:46 +0000 (23:28 +0100)]
man: document the two new .timer settings

5 years agotest: add tests for new .timer units
Lennart Poettering [Thu, 14 Mar 2019 20:40:08 +0000 (21:40 +0100)]
test: add tests for new .timer units

5 years agocore: optionally, trigger .timer units on timezone and clock changes
Lennart Poettering [Thu, 14 Mar 2019 20:36:47 +0000 (21:36 +0100)]
core: optionally, trigger .timer units on timezone and clock changes

Fixes: #6228

5 years agorun: rename with_timer → arg_with_timer
Lennart Poettering [Thu, 14 Mar 2019 18:55:29 +0000 (19:55 +0100)]
run: rename with_timer → arg_with_timer

The value is directly initialized from cmdline args, hence let's name it
so, following our usual naming style.

5 years agocore: use more structured initialization
Lennart Poettering [Thu, 14 Mar 2019 18:54:46 +0000 (19:54 +0100)]
core: use more structured initialization

5 years agobuild: install /etc/systemd/{system,user}-generators
Topi Miettinen [Mon, 1 Apr 2019 20:31:47 +0000 (23:31 +0300)]
build: install /etc/systemd/{system,user}-generators

Manual page systemd.generators refers to /etc/systemd/{system,user}-generators,
but the paths do not exist, so let's install them.

5 years agoMerge pull request #12030 from poettering/condition-memory
Yu Watanabe [Mon, 1 Apr 2019 23:01:42 +0000 (08:01 +0900)]
Merge pull request #12030 from poettering/condition-memory

add ConditionCPUs= + ConditionMemory=

5 years agoMerge pull request #12168 from poettering/man-fixes
Yu Watanabe [Mon, 1 Apr 2019 22:32:40 +0000 (07:32 +0900)]
Merge pull request #12168 from poettering/man-fixes

three minor tweaks to the man pages

5 years agocore: refactor transaction.c to use fewer gotos
Lennart Poettering [Tue, 26 Mar 2019 16:05:42 +0000 (17:05 +0100)]
core: refactor transaction.c to use fewer gotos

In particular, let's not use gotos that jump up, i.e. are loops. gotos
that jump down for the purpose of clean-up are cool, but using them for
loops is evil.

No change in behaviour, just some refactoring.

5 years agoNEWS: document the change to installation
Zbigniew Jędrzejewski-Szmek [Mon, 1 Apr 2019 13:47:15 +0000 (15:47 +0200)]
NEWS: document the change to installation

5 years agoMerge pull request #12160 from yuwata/wait-online-allow-configuring
Yu Watanabe [Mon, 1 Apr 2019 21:10:36 +0000 (06:10 +0900)]
Merge pull request #12160 from yuwata/wait-online-allow-configuring

wait-online: add --any option

5 years agoMerge pull request #12155 from yuwata/network-fix-and-extend-foo-over-udp-support
Yu Watanabe [Mon, 1 Apr 2019 21:10:07 +0000 (06:10 +0900)]
Merge pull request #12155 from yuwata/network-fix-and-extend-foo-over-udp-support

network: fix and extend Foo over UDP

5 years agosystemctl: print a more accurate error message when we can
Lennart Poettering [Fri, 29 Mar 2019 19:23:16 +0000 (20:23 +0100)]
systemctl: print a more accurate error message when we can

5 years agorm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and REMOVE_SUBVOLUME for now
Lennart Poettering [Fri, 29 Mar 2019 15:09:49 +0000 (16:09 +0100)]
rm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and REMOVE_SUBVOLUME for now

It's not easy to implement such a combined operation race-freely since
dropping a subvolume will drop all its contents, including any
non-directories.

Hence, let's just not support this combination for now. Which isn't much
of a loss, since we never combine these flags anyway.

5 years agocore: export ReloadResult value on the bus
Lennart Poettering [Mon, 1 Apr 2019 16:39:25 +0000 (18:39 +0200)]
core: export ReloadResult value on the bus

We keep track of it, but never exposed it. Let's fix that.

5 years agoshared: add some minor comments
Lennart Poettering [Mon, 1 Apr 2019 16:41:19 +0000 (18:41 +0200)]
shared: add some minor comments

5 years agocore: add a common function for bus calls that return unit dbus path
Lennart Poettering [Mon, 1 Apr 2019 15:49:27 +0000 (17:49 +0200)]
core: add a common function for bus calls that return unit dbus path

Let's shorten the code a bit by using a single function for similar
cases.

No change in behaviour, just some refactoring and shortening.

5 years agoMerge pull request #12167 from poettering/timer-parse-tweak
Yu Watanabe [Mon, 1 Apr 2019 20:29:53 +0000 (05:29 +0900)]
Merge pull request #12167 from poettering/timer-parse-tweak

two tweaks for timer expression parsing

5 years agofs-util: suppress world-writable warnings if we read /dev/null
Lennart Poettering [Mon, 1 Apr 2019 18:13:36 +0000 (20:13 +0200)]
fs-util: suppress world-writable warnings if we read /dev/null

Fixes: #12165

5 years agosd-bus: add missing empty line
Lennart Poettering [Fri, 29 Mar 2019 11:34:22 +0000 (12:34 +0100)]
sd-bus: add missing empty line

5 years agotest-network: add tests for --any option of wait-online
Yu Watanabe [Mon, 1 Apr 2019 01:28:32 +0000 (10:28 +0900)]
test-network: add tests for --any option of wait-online

5 years agotest-network: fix timeout argument for wait_online()
Yu Watanabe [Sun, 31 Mar 2019 15:08:16 +0000 (00:08 +0900)]
test-network: fix timeout argument for wait_online()

5 years agowait-online: add --any option
Yu Watanabe [Sun, 31 Mar 2019 21:43:48 +0000 (06:43 +0900)]
wait-online: add --any option

When this option is specified, wait-online exits with success even
when several interfaces are in configuring state.

Closes #9714.

5 years agotest-network: add tests for FooOverUDP tunnels
Yu Watanabe [Sun, 31 Mar 2019 13:04:00 +0000 (22:04 +0900)]
test-network: add tests for FooOverUDP tunnels

5 years agoman: update FooOverUDP=
Yu Watanabe [Sun, 31 Mar 2019 07:31:25 +0000 (16:31 +0900)]
man: update FooOverUDP=

5 years agonetwork: make FooOverUDP.Protocol= support name of ipproto
Yu Watanabe [Sun, 31 Mar 2019 13:35:44 +0000 (22:35 +0900)]
network: make FooOverUDP.Protocol= support name of ipproto

5 years agonetwork: use asynchronous call for creating FOU tunnels
Yu Watanabe [Sun, 31 Mar 2019 09:08:32 +0000 (18:08 +0900)]
network: use asynchronous call for creating FOU tunnels

Otherwise, multiple FOU tunnels cannot be created correctly.

5 years agonetwork: do not ignore FooOverUDP.Encapsulation= setting
Yu Watanabe [Sun, 31 Mar 2019 08:26:16 +0000 (17:26 +0900)]
network: do not ignore FooOverUDP.Encapsulation= setting

Previously the setting is ignored and always FOU_ENCAP_GUE is sent.

5 years agonetwork: merge ipip_init() and sit_init()
Yu Watanabe [Sun, 31 Mar 2019 13:02:37 +0000 (22:02 +0900)]
network: merge ipip_init() and sit_init()

5 years agonetwork: add FooOverUDP support for SIT and GRE tunnels
Yu Watanabe [Sun, 31 Mar 2019 07:24:48 +0000 (16:24 +0900)]
network: add FooOverUDP support for SIT and GRE tunnels

5 years agotest-network: add more tests for SerializeTunneledPackets=, Key=, and friends
Yu Watanabe [Sun, 31 Mar 2019 06:44:42 +0000 (15:44 +0900)]
test-network: add more tests for SerializeTunneledPackets=, Key=, and friends

5 years agohwdb: Fix micmute on ASUS FX503VD
Benjamin Berg [Mon, 1 Apr 2019 14:54:12 +0000 (16:54 +0200)]
hwdb: Fix micmute on ASUS FX503VD

The micmute key needs to be remapped to F20 for userspace to consume it.

See https://gitlab.gnome.org/GNOME/gnome-settings-daemon/issues/121

5 years agotest: set longer StartLimitIntervalSec= and fewer StartLimitBurst=
Yu Watanabe [Mon, 1 Apr 2019 12:26:26 +0000 (21:26 +0900)]
test: set longer StartLimitIntervalSec= and fewer StartLimitBurst=

Some test environment may be in heavy load. In that case, rate limit
never hit, and the test fails...

5 years agoMerge pull request #12164 from keszybz/units-use-presets
Lennart Poettering [Mon, 1 Apr 2019 16:33:10 +0000 (18:33 +0200)]
Merge pull request #12164 from keszybz/units-use-presets

Enable our units using presets in the usual fashion

5 years agoman: be clearer that .timer time expressions need to be reset to override them
Lennart Poettering [Mon, 1 Apr 2019 15:30:45 +0000 (17:30 +0200)]
man: be clearer that .timer time expressions need to be reset to override them

let's be clearer about the overriding concept for OnCalendar= settings.

Prompted by this thread:

https://lists.freedesktop.org/archives/systemd-devel/2019-March/042351.html

5 years agoman: refer to innermost directory as innermost, not as "lowest"
Lennart Poettering [Mon, 1 Apr 2019 15:29:12 +0000 (17:29 +0200)]
man: refer to innermost directory as innermost, not as "lowest"

Let's avoid confusion whether the root is at the top or of the bottom of
the directory tree. Moreover we use "innermost" further down for the
same concept, so let's stick to the same terminology here.

5 years agoman: tweak XyzDirectory= table a bit
Lennart Poettering [Mon, 1 Apr 2019 15:29:02 +0000 (17:29 +0200)]
man: tweak XyzDirectory= table a bit

5 years agocore: pass parse error to log functions when parsing timer expressions
Lennart Poettering [Mon, 1 Apr 2019 15:43:29 +0000 (17:43 +0200)]
core: pass parse error to log functions when parsing timer expressions

5 years agocore: simply timer expression parsing by using ".ltype" field of conf-parser logic
Lennart Poettering [Mon, 1 Apr 2019 15:39:11 +0000 (17:39 +0200)]
core: simply timer expression parsing by using ".ltype" field of conf-parser logic

No change of behaviour. Let's just not parse the lvalue all the time
with timer_base_from_string() if we can already pass it in parsed.

5 years agoudev: move udev_ctrl_cleanup() into manager_free()
Yu Watanabe [Sun, 31 Mar 2019 19:11:02 +0000 (04:11 +0900)]
udev: move udev_ctrl_cleanup() into manager_free()

5 years agoMerge pull request #12157 from yuwata/network-netdev-name-conflict
Lennart Poettering [Mon, 1 Apr 2019 13:17:07 +0000 (15:17 +0200)]
Merge pull request #12157 from yuwata/network-netdev-name-conflict

network: handle NetDev.Name= conflict nicely

5 years agomeson: stop creating enablement symlinks in /etc during installation
Zbigniew Jędrzejewski-Szmek [Mon, 1 Apr 2019 11:57:24 +0000 (13:57 +0200)]
meson: stop creating enablement symlinks in /etc during installation

This patch was initially prompted by a report on a Fedora update [1], that the
upgrade causes systemd-resolved.service and systemd-networkd.service to be
re-enabled. We generally want to preserve the enablement of all services during
upgrades, so a reset like this is not expected.

Both services declare two symlinks in their [Install] sections, for their dbus
names and for multi-user.target.wants/.  It turns out that both services were
only partially enabled, because their dbus unit symlinks
/etc/systemd/system/dbus-org.freedesktop.{resolve1,network1}.service were
created, by the symlinks in /etc/systemd/system/multi-user.target.wants/ were
not. This means that the units could be activated by dbus, but not in usual
fashion using systemctl start. Our tools make it rather hard to figure out when
something like this happens, and it is definitely an area for improvement on its
own. The symlink in .wants/ was filtered out by during packaging, but the dbus
symlink was left in (I assume by mistake).

Let's simplify things by not creating the symlinks statically during 'ninja
install'. This means that the units shipped by systemd have to be enabled in
the usual fashion, which in turns means that [Install] section and presets
become the "single source of truth" and we don't have two sets of conflicting
configuration.

Let's consider a few cases:
- developer: a developer installs systemd from git on a running system, and they
  don't want the installation to reset enablement of anything. So this change is
  either positive for them, or has no effect (if they have everything at
  defaults).

- package creation: we want to create symlinks using 'preset-all' and 'preset'
  on upgraded packages, we don't want to have any static symlinks. This change
  will remove the need to filter out symlinks in packaging and of course fix
  the original report.

- installation of systemd from scratch: this change means that without
  'preset-all' the system will not be functional. This case could be affected
  negatively by this change, but I think it's enough of a corner case to accept
  this. In practice I expect people to build a package, not installl directly
  into the file system, so this might not even matter in practice.

Creating those symlinks was probably the right thing in the beginning, but
nowadays the preset system is very well established and people expect it to
be honoured. Ignoring the presets and doing static configuration is not welcome
anymore.

Note: during package installation, either 'preset-all' or 'preset getty@.service
machines.target remote-cryptsetup.target remote-fs.target
systemd-networkd.service systemd-resolved.service
systemd-networkd-wait-online.service systemd-timesyncd.service' should be called.

[1] https://bodhi.fedoraproject.org/updates/FEDORA-2019-616045ca76

5 years agomeson: indentation
Zbigniew Jędrzejewski-Szmek [Mon, 1 Apr 2019 11:57:07 +0000 (13:57 +0200)]
meson: indentation

5 years agoMerge pull request #12156 from yuwata/fix-bootspec-memleaks
Lennart Poettering [Mon, 1 Apr 2019 10:46:37 +0000 (12:46 +0200)]
Merge pull request #12156 from yuwata/fix-bootspec-memleaks

bootspec: fix memleaks

5 years agopo: update ja.po
Yu Watanabe [Mon, 1 Apr 2019 02:23:51 +0000 (11:23 +0900)]
po: update ja.po

5 years agotest-network: add test for NetDev.Name= conflict
Yu Watanabe [Sun, 31 Mar 2019 16:06:22 +0000 (01:06 +0900)]
test-network: add test for NetDev.Name= conflict

5 years agoudev: shorten code a bit
Yu Watanabe [Sun, 31 Mar 2019 15:55:22 +0000 (00:55 +0900)]
udev: shorten code a bit

5 years agonetwork: add '=' to config key names in log
Yu Watanabe [Sun, 31 Mar 2019 15:37:58 +0000 (00:37 +0900)]
network: add '=' to config key names in log

Also, long lines are wrapped.

5 years agonetwork: do not abort execution when NetDev.Name= conflicts
Yu Watanabe [Sun, 31 Mar 2019 15:24:25 +0000 (00:24 +0900)]
network: do not abort execution when NetDev.Name= conflicts

This also changes that .netdev files are loaded in ascending order.
Otherwise, when NetDev.ifname= setting conflicts with other .netdev file,
then .netdev file with large prefix number wins.

5 years agotest-network: add test for drop-in [WireGuardPeer] section
Yu Watanabe [Sun, 31 Mar 2019 14:56:39 +0000 (23:56 +0900)]
test-network: add test for drop-in [WireGuardPeer] section

This also merges the two wireguard tests, and use wait_online()
to speed up the test.

5 years agobootspec: fix memleak caused by setting invalid cleanup function
Yu Watanabe [Sun, 31 Mar 2019 14:31:29 +0000 (23:31 +0900)]
bootspec: fix memleak caused by setting invalid cleanup function

5 years agobootspec: add missing free() in boot_config_free()
Yu Watanabe [Sun, 31 Mar 2019 14:30:30 +0000 (23:30 +0900)]
bootspec: add missing free() in boot_config_free()

5 years agoMerge pull request #12147 from yuwata/network-gre-key-12144
Yu Watanabe [Sun, 31 Mar 2019 13:12:34 +0000 (22:12 +0900)]
Merge pull request #12147 from yuwata/network-gre-key-12144

network: make GRE and GRETAP support Key= or friends

5 years agotest-network: test stacked erspan tunnels
Yu Watanabe [Fri, 29 Mar 2019 18:50:11 +0000 (03:50 +0900)]
test-network: test stacked erspan tunnels

5 years agoman: update Tunnel.Key= and friends
Yu Watanabe [Fri, 29 Mar 2019 18:49:11 +0000 (03:49 +0900)]
man: update Tunnel.Key= and friends

5 years agonetwork: make GRE and GRETAP support Key=, InputKey=, OutputKey=, and SerializeTunnel...
Yu Watanabe [Fri, 29 Mar 2019 18:43:19 +0000 (03:43 +0900)]
network: make GRE and GRETAP support Key=, InputKey=, OutputKey=, and SerializeTunneledPackets=

This also merge netdev_gre_fill_message_create() and netdev_erspan_fill_message_create().

5 years agoMerge pull request #12048 from jengelh/master
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 21:27:31 +0000 (22:27 +0100)]
Merge pull request #12048 from jengelh/master

rpm: avoid hiding errors from systemd commands

5 years agoMerge pull request #12146 from yuwata/test-network-wait-online
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 21:23:38 +0000 (22:23 +0100)]
Merge pull request #12146 from yuwata/test-network-wait-online

test-network: use wait-online to speed up tests

5 years agonetwork: make erspan netdev can be specified in Network.Tunnel=
Yu Watanabe [Fri, 29 Mar 2019 18:34:03 +0000 (03:34 +0900)]
network: make erspan netdev can be specified in Network.Tunnel=

5 years agonetwork: do not continue when appending data to netlink message fails
Yu Watanabe [Fri, 29 Mar 2019 17:47:33 +0000 (02:47 +0900)]
network: do not continue when appending data to netlink message fails

5 years agotest-network: merge tests for [Route] section
Yu Watanabe [Wed, 27 Mar 2019 20:53:45 +0000 (05:53 +0900)]
test-network: merge tests for [Route] section

5 years agotest-network: use wait_online() in test_sysctl_disable_ipv6()
Yu Watanabe [Thu, 21 Mar 2019 20:56:52 +0000 (05:56 +0900)]
test-network: use wait_online() in test_sysctl_disable_ipv6()

5 years agotest-network: use wait_online() in test_sysctl()
Yu Watanabe [Thu, 21 Mar 2019 20:53:15 +0000 (05:53 +0900)]
test-network: use wait_online() in test_sysctl()

This also disables IPv6AcceptRA= to speed up the test.

5 years agotest-network: use wait_online() in test_link_local_addressing()
Yu Watanabe [Thu, 21 Mar 2019 20:48:12 +0000 (05:48 +0900)]
test-network: use wait_online() in test_link_local_addressing()

This also disables IPv6AcceptRA= to speed up the test.

5 years agotest-network: fix addr_gen_mode
Yu Watanabe [Thu, 21 Mar 2019 20:41:51 +0000 (05:41 +0900)]
test-network: fix addr_gen_mode

If stable_secret is set, then networkd sets addr_gen_mode 2.

5 years agotest-network: move tests related to bonding
Yu Watanabe [Thu, 21 Mar 2019 20:20:04 +0000 (05:20 +0900)]
test-network: move tests related to bonding

5 years agotest-network: merge tests about static addresses
Yu Watanabe [Thu, 21 Mar 2019 20:08:20 +0000 (05:08 +0900)]
test-network: merge tests about static addresses

And use wait_online()

5 years agotest-network: add wait_online() helper function
Yu Watanabe [Thu, 21 Mar 2019 20:06:09 +0000 (05:06 +0900)]
test-network: add wait_online() helper function

5 years agoMerge pull request #12138 from poettering/doc-ip-allow-src-dst
Zbigniew Jędrzejewski-Szmek [Fri, 29 Mar 2019 15:44:48 +0000 (16:44 +0100)]
Merge pull request #12138 from poettering/doc-ip-allow-src-dst

man: expand IPAddressAllow= docs a bit

5 years agoupdate TODO
Lennart Poettering [Thu, 28 Mar 2019 16:15:40 +0000 (17:15 +0100)]
update TODO

5 years agoman: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=
Lennart Poettering [Thu, 28 Mar 2019 16:14:39 +0000 (17:14 +0100)]
man: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=

For ingress traffic it's the source address of IP packets we check, for
egress traffic it's the destination address. Mention that.

5 years agopo: update Polish translation
Piotr Drąg [Mon, 25 Mar 2019 09:40:57 +0000 (10:40 +0100)]
po: update Polish translation