shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-26 22:50:16 +03:00
Code
79,155 Commits 4 Branches 403 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Yu Watanabe d90c01d02c
network: bridge: add support for configuring locked ports (#36150) 
"Recently" (as of 5.18) the Linux kernel gained the ability of locking
bridge ports to restrict network access to authenticated hosts only.

This is implemented by disabling automated learning and dropping
incoming traffic from unknown hosts. User space is then expected to add
fdb entries for authenticated hosts. Once a fdb entry exist, traffic for
that host will be forwarded as expected.

This was later extended with "Mac Authentication Bypass", where the
locking was extended to fdb entries. In this mode the kernel adds fdb
entries again automatically, but they are locked by default.

To properly configure this, add two network options and one netdev
option:

* `LinkLocalLearning=` to prevent the kernel from creating unlocked
entries based on link-local traffic, which would bypass any
authentication. Needed when enabling learning on a locked port.
* `Locked=` to allow setting a bridge port to locked.
* `MACAuthenticationBypass=` to allow enabling Mac Authentication
 Bypass on a port. Requires learning to be enabled on the port as well
 (and consequently `LinkLocalLearning` disabled on the bridge).

An authenticator (e.g. hostapd) is still needed to do the actual
authentication, the kernel only provides the access control.
2025-01-29 04:16:20 +09:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
test: install stub package for test-ukify unit test
2025-01-28 15:04:28 +00:00
.obs
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
.semaphore
Revert "semaphore: skip some tests"
2024-12-13 23:43:28 +00:00
catalog
catalog: update Polish translation
2024-11-28 13:03:31 +01:00
coccinelle
coccinelle: add .gitignore for cache files
2025-01-19 08:27:47 +09:00
docs
HACKING: Drop run0 from mkosi boot invocation
2025-01-24 17:29:58 +01:00
factory
man: don't suggest using pam_unix.so's use_authtok switch
2024-01-17 23:59:05 +00:00
hwdb.d
Adds asus T103HAF rotation matrix to 60-sensor.hwdb (#36177)
2025-01-27 13:01:05 +00:00
LICENSES
boot: Add HWID calculation from SMBIOS strings and matching against a built-in list
2024-11-05 22:29:58 +03:00
man
network: bridge: add support for configuring locked ports (#36150)
2025-01-29 04:16:20 +09:00
mime
creds-util: add a concept of "user-scoped" credentials
2024-01-30 17:07:47 +01:00
mkosi.conf.d
mkosi: add loongarch64 to Debian's list of EFI arches
2025-01-27 22:32:34 +00:00
mkosi.coverage
mkosi: Make sure the /coverage directory exists
2024-12-05 22:03:07 +01:00
mkosi.extra
mkosi: move drop-in config for sanitizers
2024-12-10 09:46:29 +09:00
mkosi.extra.common
mkosi: disable multipathd by default
2025-01-16 00:57:07 +09:00
mkosi.images
mkosi: update debian commit reference
2025-01-24 22:14:41 +09:00
mkosi.repart
mkosi: switch rootfs to ext4
2025-01-22 22:50:52 +00:00
mkosi.sanitizers
mkosi: drop wrapper for unshare
2024-12-14 17:30:01 +09:00
mkosi.uki-profiles
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network: request non-NULL SSID when a wlan interface is configured as station
2024-07-31 10:06:04 +09:00
po
po: Translated using Weblate (French)
2025-01-22 23:43:34 +09:00
presets
presets: Don't enable systemd-homed-firstboot.service by default
2024-06-08 11:29:55 +01:00
profile.d
profile.d: don't bail if $SHELL_* variables are unset
2024-12-11 18:33:41 +00:00
rules.d
udev: add input/by-{id,path} symlinks for hidraw devices
2025-01-27 18:57:13 +00:00
shell-completion
nspawn: add support for 'managed' userns mode even when we run privileged
2025-01-23 21:48:02 +01:00
src
network: bridge: add support for configuring locked ports (#36150)
2025-01-29 04:16:20 +09:00
sysctl.d
sysctl.d: Fix pid_max comment
2023-10-31 13:07:49 +01:00
sysusers.d
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
test
network: bridge: add support for configuring locked ports (#36150)
2025-01-29 04:16:20 +09:00
tmpfiles.d
Revert "link README.logs from tmpfiles.d/legacy.conf only if available"
2024-11-29 14:18:15 +01:00
tools
tools: add loongarch64 to debug-sd-boot script
2025-01-25 01:25:38 +00:00
units
mntfsd: add api to mount dirs for containers
2025-01-23 21:48:02 +01:00
xorg
xorg/50-systemd-user: add a full license header
2021-10-01 14:45:00 +02:00
.clang-format
Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
2024-03-06 15:24:23 +01:00
.ctags
editors: Prevent ctags from following symlinks
2019-02-15 11:01:20 -08:00
.dir-locals.el
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.editorconfig
editorconfig: add NEWS whitespace configuration
2023-10-26 22:41:03 +01:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
Add .venv to gitignore
2024-12-20 15:33:32 +00:00
.mailmap
mailmap: fix entries for Tobias Klauser
2024-12-11 13:55:07 +00:00
.packit.yml
packit: Simplify configuration
2025-01-07 15:18:50 +01:00
.pylintrc
Add .pylintrc to globally suppress warnings we don't really care about
2023-08-10 18:13:29 +02:00
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
ycm: add doc string for all the functions in configuration file
2017-11-29 13:21:49 -07:00
LICENSE.GPL2
relicense to LGPLv2.1 (with exceptions)
2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1
licence: remove references to old FSF address
2012-12-17 11:41:31 +01:00
meson_options.txt
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
meson.build
build: fail the build if we accidentally drop a "const" qualifier on a parameter
2025-01-20 21:44:23 +01:00
meson.version
meson: update version to 258~devel
2024-12-10 19:30:06 +00:00
mkosi.clangd
mkosi.clangd: Fail on command errors
2024-12-20 20:09:36 +01:00
mkosi.clean
mkosi: Add missing SPDX line
2024-09-22 15:23:08 +02:00
mkosi.conf
mkosi: Add VCS_TAG to PassEnvironment=
2025-01-27 11:27:49 +01:00
mkosi.functions
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
mkosi.postinst.chroot
mkosi: Fix authselect systemd-homed feature name
2024-12-21 21:03:03 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
NEWS: mention OWNER=/GROUP= in udev rules now refuses non-system user/group
2025-01-24 02:33:18 +09:00
README
user-runtime-dir: enforce /tmp/ and /dev/shm/ quota
2025-01-23 22:36:39 +01:00
README.md
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
ruff.toml
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
TODO
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
2025-01-24 12:52:27 +01:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Description
The systemd System and Service Manager
cinitlinuxservicessystemsystemd
Readme 568 MiB
Languages
C 89.2%
Python 5.3%
Shell 4.1%
Meson 1.2%