IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Receive Router Solicitations and send a unicast Router Advertisment
in response. Refactor ICMPv6 packet handling code so that the common
ICMPv6 validation parts are reused between the existing router
discovery and the new functionality adding reception of Router
Solicitation messages.
Create and remove the ICMPv6 Router Advertisement socket file
descriptor and implement Router Advertisment sending. As not
all options are mandatory, use IO vectors to point to the included
options and the prefix information.
Reuse and refactor the functionality already present for Router
Solicitations in order to create a socket for sending Router
Advertisements. Anticipate reception of incoming Router
Solicitations by setting the ICMPv6 filter accordingly. Also set
the unicast hop limit to 255 for ICMPv6 sockets as unicast Router
Advertisments are to be sent in response to Router Solicitations.
Update the Router Solicitation test case code with a function
definition in order to keep the test case working.
Router Advertisements are sent uniformly distributed between a
minimum and maximum time according to RFC 4861, Section 6.2.4.
Default values from RFC 4861 are for now used as minimum and
maximum Router Advertisement timeouts.
When stopping, a Router Advertisement with a router lifetime set
to zero is sent in order to inform any nodes that the interface
on this host no longer is a router.
Add variables for enabling Router Advertisements, router lifetime as
well as managed and other information flags indicating use of DHCPv6.
Add configuration of default router preferences as defined in RFC 4191.
IPv6PrefixDelegation in the [Network] section has to be set in order
to enable prefix delegation. The rest of the prefix delegation values
are stored in the [IPv6PrefixDelegation] section. The host will act as
a default router if it is given a non-zero lifetime with
RouterLifetimeSec. Managed and OtherInformation booleans set the level
of DHCPv6 support, and the RouterPreference configures the router's
preference between low, medium and high. Words 'normal' and 'default'
are added as synonyms for 'medium' just to make configuration simpler.
This adds a section like the following to .network configuration files:
[Network]
IPv6PrefixDelegation=true
[IPv6PrefixDelegation]
RouterLifetimeSec=2000
Managed=false
OtherInformation=true
RouterPreference=medium
Support zero or more [IPv6Prefix] sections in the network configuration
files. Each section can have one Prefix=<subnet>[/<prefixlength>]
option, with the preferred and valid lifetimes specified by
ValidLifetimeSec and PreferredLifetimeSec measured in seconds, and
with onlink and address autoconfiguration booleans specified by
OnLink and AddressAutoconfiguration variables.
This adds a section like the following to .network configuration files:
[IPv6Prefix]
Prefix=2001:db8:dead:beef::/64
OnLink=true
AddressAutoconfiguration=true
ValidLifetimeSec=1500
PreferredLifetimeSec=1000
Define Router Advertisement prefix structure. Add the Prefix
Information ICMPv6 option defined in RFC 4861 to the prefix
information structure, as it will simplify sending a Prefix
Information option later on. In order to handle endianness
correctly, the structure is redefined here instead of using
the one in netinet/icmp6.h.
Add functions to create and modify prefix information and set
default values as defined in RFC 4861, Section 6.2.1.
Without cc9daff228, this results in:
src/libsystemd/sd-bus/test-bus-vtable-cc.cc:56:1: sorry, unimplemented: non-trivial designated initializers not supported
};
^
The condition is on "word", hence we give word instead of rvalue.
An assert would be triggered if !utf8_is_valid(word) is true and
rvalue == NULL, since log_syntax_invalid_utf8 calls utf8_escape_invalid
which calls assert(str).
A test case has been added to test with valid and invalid utf8.
This test is mostly a compilation test that checks that various defines in
sd-bus-vtable.h are valid C++. The code is executed, but the results are not
checked (apart from sd-bus functions not returning an error). test-bus-objects
contains pretty extensive tests for this functionality.
The C++ version is only added to meson, since it's simpler there.
Because of the .cc extension, meson will compile the executable with c++.
This test is necessary to properly check the macros in sd-bus-vtable.h. Just
running the headers through g++ is not enough, because the macros are not
exercised.
Follow-up for #5941.
This adds a meson test because it fits nicely into the existing framework.
It should be enough to run this test once in a while, so I don't think it's
crucial to also have it under autotools.
This adds a modified version of dhcp6_option_parse_domainname() that is
able to parse compressed domain names, borrowing the idea from
dns_packet_read_name(). It also adds pieces in networkd-link and
networkd-manager to properly save/load the added option field.
Resolves#2710.
Adds a check to audit-fd.c to ensure that CAP_AUDIT_WRITE is present in
the set of effective capabilities before opening an audit netlink
socket. This ensures that unprivileged systemd instances (MANAGER_USER)
don't try to log AVC permission checks with the audit subsystem when
CAP_AUDIT_WRITE is not present.
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and systemd instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for systemd --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:
hosts: resolve [!UNAVAIL=return] dns myhostname
Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.
Tested with
hosts: resolve [!UNAVAIL=return] myhostname
and
hosts: resolve [!UNAVAIL=return] dns myhostname
Fixes#5742.
g++ annoyingly requires a non-empty struct-initializer to initialize all
struct members, in order of declaration.
Signed-off-by: Matthijs van Duin <matthijsvanduin@gmail.com>
libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003.
https://bugzilla.redhat.com/show_bug.cgi?id=1449145
From that bug report:
Internationalized domain names exist for quite some time (IDNA2003), although
the protocols describing them have evolved in an incompatible way (IDNA2008).
These incompatibilities will prevent applications written for IDNA2003 to
access certain problematic domain names defined with IDNA2008, e.g., faß.de is
translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is
translated to fass.de domain. That not only causes incompatibility problems,
but may be used as an attack vector to redirect users to different web sites.
v2:
- keep libidn support
- require libidn2 >= 2.0.0
v3:
- keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the
function.
- use both ±IDN and ±IDN2 in the version string
We know how the field we are parsing is called, let's put this information in
the error message:
"Route Source= prefix is invalid, ignoring assignment: ..."
"Route Destination= prefix is invalid, ignoring assignment: ..."
https://bugzilla.redhat.com/show_bug.cgi?id=1227736#c49
We counted how many filesystems could not be unmounted, but only for those
filesystems which we tried to unmount. Since we only remount / ro, without
attempting to unmount, we would emit a confusing error message:
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
Remounting '/' read-only with options 'seclabel,space_cache,subvolid=5,subvol=/'.
All filesystems unmounted.
Warn when remount-ro fails, and for filesystems which we won't try to unmount,
include the failure to remount-ro in n_failed.
A few minor cleanups:
- remove unecessary goto which jumps to the next line anyway
- always calculate n_failed, even if log_error is false. This causes no change
in behaviour, but I think the code is easier to follow, since the log setting
cannot influence other logic.
A connection becomes a monitor the moment it loses its unique name, so any
messages received before that should not be dumped to the console.
Currently, we print NameAcquired and NameLost for the unique name of the
peer that becomes the monitor, simply discard all messages until we
receive our NameLost signal.
The example for LD_LIBRARY_PATH in the environment.d man page is wrong.
When setting LD_LIBRARY_PATH, the new directory usually needs to be at
the front so it overrides old directories.
In the example, the colon delimiter is correctly prepended to the front, but
the actual new path is erroneously appended to the end.
This commit moves it to the front where it belongs.
It gets truncated, so the result is that people mess with the const accel
because the sensitivity isn't the expected 300 but the too-low 45.
One example: https://bugs.freedesktop.org/show_bug.cgi?id=100965
