1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Backports of patch from systemd git to stable distributions
Go to file
Lennart Poettering acf7f253de bpf: use BPF_F_ALLOW_MULTI flag if it is available
This new kernel 4.15 flag permits that multiple BPF programs can be
executed for each packet processed: multiple per cgroup plus all
programs defined up the tree on all parent cgroups.

We can use this for two features:

1. Finally provide per-slice IP accounting (which was previously
   unavailable)

2. Permit delegation of BPF programs to services (i.e. leaf nodes).

This patch beefs up PID1's handling of BPF to enable both.

Note two special items to keep in mind:

a. Our inner-node BPF programs (i.e. the ones we attach to slices) do
   not enforce IP access lists, that's done exclsuively in the leaf-node
   BPF programs. That's a good thing, since that way rules in leaf nodes
   can cancel out rules further up (i.e. for example to implement a
   logic of "disallow everything except httpd.service"). Inner node BPF
   programs to accounting however if that's requested. This is
   beneficial for performance reasons: it means in order to provide
   per-slice IP accounting we don't have to add up all child unit's
   data.

b. When this code is run on pre-4.15 kernel (i.e. where
   BPF_F_ALLOW_MULTI is not available) we'll make IP acocunting on slice
   units unavailable (i.e. revert to behaviour from before this commit).
   For leaf nodes we'll fallback to non-ALLOW_MULTI mode however, which
   means that BPF delegation is not available there at all, if IP
   fw/acct is turned on for the unit. This is a change from earlier
   behaviour, where we use the BPF_F_ALLOW_OVERRIDE flag, so that our
   fw/acct would lose its effect as soon as delegation was turned on and
   some client made use of that. I think the new behaviour is the safer
   choice in this case, as silent bypassing of our fw rules is not
   possible anymore. And if people want proper delegation then the way
   out is a more modern kernel or turning off IP firewalling/acct for
   the unit algother.
2018-02-21 16:43:36 +01:00
.github Docs: Fix spelling and capitalization (#7408) 2017-11-21 14:37:16 +01:00
.mkosi mkosi: remove intltool from deps 2018-02-16 13:01:12 +01:00
catalog catalog: update french translation 2017-12-22 15:34:51 +01:00
coccinelle coccinelle: O_NDELAY → O_NONBLOCK 2018-01-24 11:09:29 +01:00
docs Add license headers and SPDX identifiers to meson.build files 2017-11-19 19:08:15 +01:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb hwdb: add axis override for Dell Inspiron MM061 touchpad (#8226) 2018-02-20 16:27:48 +09:00
man Merge pull request #7908 from yuwata/rfe-7895 2018-02-21 08:57:11 +00:00
modprobe.d Add SPDX license headers to various assorted files 2017-11-19 19:08:15 +01:00
network Add license headers and SPDX identifiers to meson.build files 2017-11-19 19:08:15 +01:00
po po: update Serbian translation 2018-02-19 11:59:26 +01:00
presets Hook up systemd-tmpfiles as user units 2017-12-06 10:19:35 +01:00
rules rules: Mark the kvm device as static_node (for s390x and ppc64) (#7795) 2018-01-08 10:49:15 +01:00
scripts fuzz: add DHCP server fuzzer 2018-01-19 21:48:14 -05:00
shell-completion shell-completion: add --global and unit-paths 2018-02-09 12:27:34 +01:00
src bpf: use BPF_F_ALLOW_MULTI flag if it is available 2018-02-21 16:43:36 +01:00
sysctl.d coredump: accept hostname on command line (#8033) 2018-02-15 12:12:46 +01:00
sysusers.d sysusers: use NOBODY_USER_NAME 2017-12-07 17:12:13 +09:00
test test: fix test for TemporaryFileSystem= (#8241) 2018-02-21 16:43:35 +01:00
tmpfiles.d Add license headers and SPDX identifiers to meson.build files 2017-11-19 19:08:15 +01:00
tools [gdb-sd_dump_hashmaps.py] String Formatting Update (#7819) 2018-01-27 14:03:08 +01:00
travis-ci Integration of Travis CI and Coverity Scan Analysis (#7691) 2018-01-11 11:41:35 +01:00
units slice: system.slice should be perpetual like -.mount 2018-02-04 22:51:34 +00:00
xorg login: avoid external process call 2018-01-12 18:02:57 +01:00
.dir-locals.el meson: also indent scripts with 8 spaces 2017-04-25 08:49:16 -04:00
.editorconfig editorconfig: add rule for meson.build files (#6671) 2017-08-28 16:37:23 +02:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Add mkosi.output/ to .gitignore 2017-11-29 14:33:56 +01:00
.mailmap mailmap: one more person 2018-02-14 09:43:49 +01:00
.travis.yml Integration of Travis CI and Coverity Scan Analysis (#7691) 2018-01-11 11:41:35 +01:00
.vimrc vimrc: fix indentation logic for our docbook xml files 2016-04-29 12:23:34 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
CODING_STYLE CODING_STYLE: provide better explanation why /* */ over // (#7647) 2017-12-15 10:26:07 +01:00
configure build-sys: add basic support for ./configure && make && make install 2017-07-18 10:05:06 -04:00
DISTRO_PORTING DISTRO_PORTING: document that distros may/should change fallback DNS as well as fallback NTP if they wish 2017-07-24 11:49:16 +02:00
ENVIRONMENT.md systemctl,verbs: Introduce SYSTEMD_OFFLINE environment variable 2017-12-14 16:00:16 -05:00
HACKING Merge pull request #7933 from keszybz/fuzz-regression 2018-01-27 12:56:42 +03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile build-sys: Fix Makefile wrapper for install target (#6548) 2017-08-07 11:29:20 +02:00
meson_options.txt meson: add -Dmemory-accounting-default=true|false 2018-02-15 12:02:41 +01:00
meson.build xattr-util: use crtime/btime if statx() is available for implementation of fd_setcrtime() and friends 2018-02-20 15:41:49 +01:00
mkosi.build separate flags from shebang 2017-12-25 19:48:49 +01:00
mkosi.default mkosi: create .mkosi directory 2016-10-06 11:53:58 -04:00
NEWS meson: add -Dmemory-accounting-default=true|false 2018-02-15 12:02:41 +01:00
README README: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES 2018-01-17 18:04:27 +00:00
README.md README.md: add CII Best Practices badge 2017-11-04 21:15:57 +01:00
TODO TODO: drop one item 2018-02-20 17:25:05 +01:00
TRANSIENT-SETTINGS.md doc: update TRANSIENT-SETTINGS.md 2018-02-21 09:18:22 +09:00
UIDS-GIDS.md UIDS-GIDS.md: explicitly mention one more user of the overflowuid 2018-01-23 21:20:09 +01:00

systemd - System and Service Manager

Count of open issues over time Count of open pull requests over time Build Status
Coverity Scan Status
CII Best Practices

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.