| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
This reverts commit 437a85112e02042b62751395b9e7225628c1b708.
The outcome of this isn't that clear, let's revert this for now, see
discussion on #6286.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 74dd6b515fa968c5710b396a7664cac335e25ca8 (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interested in
This way logind will get woken up only when an actual event took place,
and not for every key press on the system.
The ioctl EVIOCSMASK was added by @dvdhrm already in October 2015, for
the use in logind, among others, hence let's actually make use of it
now.
While we are at it, also fix usage of the EVIOCGSW ioctl, where we
assumed a byte array, even though a unsigned long native endian array is
returned.
|
| |
|
|
|
|
| |
It's not necessary for anything.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ubuntu 14.04 (Trusty) kernel header packages ship without
<linux/vm_sockets.h>. Only struct sockaddr_vm and VMADDR_CID_ANY will
be needed by elogind and they are simple enough to go in missing.h.
CentOS 7 <sys/socket.h> does not define AF_VSOCK. Define it so the code
can compile although actual socket(2) calls may fail at runtime if the
address family isn't available.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.
With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.
(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)
(With input from David Howells)
|
|
|
|
|
|
|
|
|
|
|
| |
Previously --ephemeral was only supported with container trees in btrfs
subvolumes (i.e. in combination with --directory=). This adds support for
--ephemeral in conjunction with disk images (i.e. --image=) too.
As side effect this fixes that --ephemeral was accepted but ignored when using
-M on a container that turned out to be an image.
Fixes: #4664
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's take inspiration from bluez's ELL library, and let's move our
cryptographic primitives away from libgcrypt and towards the kernel's AF_ALG
cryptographic userspace API.
In the long run we should try to remove the dependency on libgcrypt, in favour
of using only the kernel's own primitives, however this is unlikely to happen
anytime soon, as the kernel does not provide Elliptic Curve APIs to userspace
at this time, and we need them for the DNSSEC cryptographic.
This commit only covers hashing for now, symmetric encryption/decryption or
even asymetric encryption/decryption is not available for now.
"khash" is little more than a lightweight wrapper around the kernel's AF_ALG
socket API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Link: port to new ethtool ETHTOOL_xLINKSETTINGS
This patch defines a new ETHTOOL_GLINKSETTINGS/SLINKSETTINGS API,
handled by the new get_link_ksettings/set_link_ksettings .
This is a WIP version based on this [kernel
patch](https://patchwork.kernel.org/patch/8411401/).
commit 0527f1c
http://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cfommit
35afb33
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch enables to configure
IFA_F_HOMEADDRESS
IFA_F_NODAD
IFA_F_MANAGETEMPADDR
IFA_F_NOPREFIXROUTE
IFA_F_MCAUTOJOIN
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, a missing __O_TMPFILE was only defined for i386 and x86_64,
leaving any other architectures with an "old" toolchain fail miserably
at build time:
src/import/export-raw.c: In function 'reflink_snapshot':
src/import/export-raw.c:271:26: error: 'O_TMPFILE' undeclared (first use in this function)
new_fd = open(d, O_TMPFILE|O_CLOEXEC|O_NOCTTY|O_RDWR, 0600);
^
__O_TMPFILE (and O_TMPFILE) are available since glibc 2.19. However, a
lot of existing toolchains are still using glibc-2.18, and some even
before that, and it is not really possible to update those toolchains.
Instead of defining it only for i386 and x86_64, define __O_TMPFILE
with the specific values for those archs where it is different from the
generic value. Use the values as found in the Linux kernel (v4.8-rc3,
current as of time of commit).
|
|
|
|
|
| |
- define CLONE_NEWCGROUP
- add fun to detect whether cgroup namespaces are supported
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but
IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get
fixed in missing.h. This occurs with kernel headers new enough to have
the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have
IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
|
| |
|
| |
|
|
|
|
|
| |
Add some special filesystems that should not be shifted, most of them
relate to the host and not to containers.
|
|
|
|
|
|
|
|
| |
Although networkd has option (LinkLocalAddressing=) to toggle IPv6LL autoconfiguration, when it is enabled, the address is autoconfigured by the kernel, but not networkd.
Therefore, we do not statically set IFLA_INET6_ADDR_GEN_MODE to IN6_ADDR_GEN_MODE_EUI64, but dynamically depending on whether stable_secret is set, just as what the kernel does by default.
Note that this does NOT affect the global addresses configured by networkd.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
In 4.2 kernel headers, some netlink defines are missing that we need. missing.h
already can add them in, but currently makes this dependent on a definition
that these kernels already have. Change the check hence to check for the newest
definition in the table, so that the whole bunch of definitions as added in on
all kernels lacking this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
This fixes #3046.
Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
Introduce network_has_static_ipv6_addresses() to find out if any static
ipv6 address configured.
If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
IPv6 addresses not configured, then IPv6 will be automatically disabled for that
interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
|
| |
|
|
|
|
|
| |
syscall numbers based on:
https://fedora.juszkiewicz.com.pl/syscalls.html
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RHEL explicitly disables IFLA_BRPORT_PROXYARP by renaming the enum value.
In order to support unpatched builds, we have two options:
a) redefine the enum value through missing.h and ignore the fact that it
is really unsupported, or
b) omit that enum value on rtnl_prot_info_bridge_port_types[]
As we are not actually using this netlink type anywhere, and because it
is only hooked up for the sake of completeness, this patch opts for the
former.
|
|
|
|
|
| |
After all, most ETHERTYPE variables are defined in the system headers, hence
define these where we defined all other fill-ins for system headers.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this patch existence of char16_t, char32_t, key_serial_t was checked
with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to
use AC_CHECK_TYPES() instead.
Also, while we are at it, change the check for memfd_create() to use
AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a
couple of syscalls are defined by glibc but not exported in the header files
(pivot_root() for example), and we hence should probably be more picky with
memfd_create() too, which glibc might decide to expose one day, but not
necessarily in the headers too.
|
|
|
|
|
|
| |
We already define IFLA_PROMISCUITY and some other of these masks in
order to allow building with older headers. Define IFLA_EXT_MASK too,
which was added in the same kernel version as IFLA_PROMISCUITY (v3.10).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Linux v4.4-rc1, __DEVEL__sane_behavior does not exist anymore and
is replaced by a new fstype "cgroup2".
With this patch, elogind no longer supports the old (unstable) way of
doing unified hierarchy with __DEVEL__sane_behavior and elogind now
requires Linux v4.4 for unified hierarchy.
Non-unified hierarchy is still the default and is unchanged by this
patch.
https://github.com/torvalds/linux/commit/67e9c74b8a873408c27ac9a8e4c1d1c8d72c93ff
|
| |
|
|
|
|
|
| |
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
|
|
|
| |
This small addition fixes the issues #1982 and #2242.
IPv6PrivacyExtension now works as expected even when a RA is received.
|
|
|
|
|
| |
SCTP_NODELAY is diffrent to TCP_NODELAY.
Apply proper options in case of SCTP.
|
| |
|
|
|
|
|
| |
Apply remaining fixes and the performed move of utility functions
into their own foo-util.[hc] files on libbasic.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
IA64 is missing this syscall as of linux-4.2.
This works around it until the necessary kernel patch gets merged.
|
|
|
|
|
|
|
|
| |
The patching of elogind in several steps with only partly rebasing on
a common commit with upstream, left the tree in a state, that was
unmergeable with master. By rebasing on master and manually cleaning
up all commits, this merge is now possible.
However, this process left some orphans, that are cleanup now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Check whether printf.h is available and define/undef HAVE_PRINTF_H
accordingly.
* Added src/shared/parse-printf-format.[hc] by Emil Renner Berthing
<systemd@esmil.dk> that provides parse_printf_format() if printf.h
is unavailable
* Added src/basic/musl_missing.h by Juergen Buchmueller
<pullmoll@t-online.de> that implements glibc functions missing in
musl libc as macros.
* Extended src/basic/musl_missing.h and added
src/basic/musl_missing.c providing
- program_invocation_name
- program_invocation_short_name and
- elogind_set_program_name() to set the two where appropriate.
* Added calls to elogind_set_program_name() to all main() functions
where needed.
* A few other fixes to work nicely with musl libc.
|
| |
|