| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Install a NM-specific firewalld zone to be used for interfaces that
are used for connection sharing. The zone blocks all traffic to the
local machine except some protocols (DHCP, DNS and ICMP) and allows
all forwarded traffic.
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1828458
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/484
(cherry picked from commit e468b48ab7b8e2ddc8802db4b93e3f13787835e4)
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add SPDX license headers for meson files.
As far as I can tell, according to RELICENSE.md file, almost everybody
who contributed to the meson files agreed to the LGPL-2.1+ licensing.
This entails the vast majority of code in question.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/397
|
| |
| |
| |
| |
| | |
License is missing in meson build files. This has been added using
SPDX identifiers and licensed under LGPL-2.1+.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before=NetworkManager.service"
The 'Before' dependency between NM-dispatcher and NM causes a deadlock
when stopping the NM service. When terminating, NM wants to D-Bus
activate NM-dispatcher to synchronously handle pre-down events; but
NM-dispatcher start is ordered after NM shutdown due to the following
behavior described in systemd.unit(5) man page:
Given two units with any ordering dependency between them, if one
unit is shut down and the other is started up, the shutdown is
ordered before the start-up. It doesn't matter if the ordering
dependency is After= or Before=, in this case. It also doesn't
matter which of the two is shut down, as long as one is shut down
and the other is started up; the shutdown is ordered before the
start-up in all cases.
So, NM is waiting NM-dispatcher to start and NM-dispatcher is queued
by systemd, waiting that NM is stopped. The result is a 90 seconds
delay, after which systemd kills NM and continues.
The dependency was added so that during shutdown NM-dispatcher would
be stopped after NM. I don't think it worked as expected because
NM-dispatcher is not supposed to be active most of the times, and so
it doesn't need a dependency that delays its stop after NM.
This reverts commit acc335aad4c310fef3760d43b2fb137e5206615c.
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need such data duplicated. The build setup should
have only one configuration_data() for patching such values.
Now we only have one global, immutable data_conf dictionary with
configuration values. Note that none of the users of data_conf uses all
entries, but as the entries are basically only dependent on the
meson/configure option and valid for the entire project, this simplifies
to handling.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some variables belong to variables in their correspondent pkg-config
file.
These variables have been renamed to `dependency_variable` to
reflect the dependency and variables from pkg-config files they are
related to.
Some of these has also been fixed to use paths relative to
installation prefix.
|
|
|
|
|
|
|
|
|
|
| |
Functions derived from generators as `configure_file`,
`custom_target` and `i18n.merge_file` can use placeholders like
`@BASENAME@` that removes the extension from the input filename
string.
The output string has been replaced by this placeholder that
allows in some cases the use of less variables.
|
|
|
|
|
| |
While dbus-send may not be installed, busctl is shipped with systemd
and so it should be always available.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Systemd v243 is complaining about the wrong substitution there. That is
sort of harmless, because systemd-udevd in that version doesn't need the
rule anyway. But still fix it, to avoid a warning.
Also, newer udevd's $PATH doesn't include sbin. That is also okay,
because we don't need the rule to actually work there. But fix it
anyway.
https://bugzilla.redhat.com/show_bug.cgi?id=1740655
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING: Project targetting '>= 0.44.0' but tried to use feature
introduced in '0.50.0': install arg in configure_file
From the documentation:
"install (added 0.50.0) When true, this generated file is installed
during the install step, and install_dir must be set and not
empty. When false, this generated file is not installed regardless of
the value of install_dir. When omitted it defaults to true when
install_dir is set and not empty, false otherwise."
The parameter can be omitted because install_dir is set.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/216
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functionality of the ibft settings plugin is now handled by
nm-initrd-generator. There is no need for it anymore, drop it.
Note that ibft called iscsiadm, which requires CAP_SYS_ADMIN to work
([1]). We really want to drop this capability, so the current solution
of a settings plugin (as it is implemented) is wrong. The solution
instead is nm-initrd-generator.
Also, on Fedora the ibft was disabled and probably on most other
distributions as well. This was only used on RHEL.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1371201#c7
|
|
|
|
|
|
|
|
|
| |
Before=NetworkManager.service
During shutdown, systemd should first stop NetworkManager and then
the dispatcher service. Note that dispatcher service is D-Bus activated,
so the two services don't Want/Require each other. But the ordering
still matters.
|
|
|
|
|
|
|
| |
The docker bridges are no special -- just regular externally created
bridges.
This reverts commit 0ce73275506e8d3156b8d3cd9ca7a1105c5dc4fb.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, Wi-Fi scans uses polkit action
"org.freedesktop.NetworkManager.network-control". This is introduced
in commit 5e3e19d0. But in a system with restrict polkit rules, for
example "org.freedesktop.NetworkManager.network-control" was set as
auth_admin. When you open the network panel of GNOME Control Center, a
polkit dialog will keep showing up asking for admin password, as GNOME
Control Center scans the Wi-Fi list every 15 seconds.
Fix that by adding a new polkit action
"org.freedesktop.NetworkManager.wifi.scan" so that distributions can
add specific rule to allow Wi-Fi scans.
[thaller@redhat.com: fix macro in "shared/nm-common-macros.h"]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/68
|
|
|
|
|
|
|
| |
Add missing trailing commas that avoids getting noise when another
file/parameter is added and eases reviewing changes[0].
[0] https://gitlab.gnome.org/GNOME/dconf/merge_requests/11#note_291585
|
|
|
|
|
|
|
|
| |
Correct the spelling across the *entire* tree, including translations,
comments, etc. It's easier that way.
Even the places where it's not exposed to the user, such as tests, so
that we learn how is it spelled correctly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the NetworkManager daemon has been stopped manually we don't want it
to be autostarted by a client request.
[lkundrak@v3.sk: The auto-activation is probably more surprising than useful.
Services that need NetworkManager API should depend on NetworkManager service
directly.
I have no idea what purpose does the D-Bus service file serve nowadays,
but it looks rather hacky (really, activating /bin/false) and the comment
in it suggests that the autoactivating behavior was not intended anyway.
Debian has been shipping this for quite some time and no complains have been
heard.]
https://github.com/NetworkManager/NetworkManager/pull/230
|
|
|
|
| |
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/15
|
|
|
|
|
|
|
|
|
|
| |
Load the thunderbolt-net module if we see a host-to-host connection
and configure the resulting ethernet connection automatically to be
a link-local only one. The latter is done by setting a new udev
property "NM_AUTO_DEFAULT_LINK_LOCAL_ONLY" which is picked up when
we configure the connection for the device.
https://github.com/NetworkManager/NetworkManager/pull/97
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the approach used by systemd-networkd.
I don't understand the logic that caused systemd-networkd to make the change -
https://github.com/systemd/systemd/commit/9e49656037717b96c06b1f1507a41550bdb2c795
Instead, I am suggesting it for consistency, and because it seems to me this is the
exact correct behaviour. Because if you enable NetworkManager, and rely on it to
configure your network devices, then network mounts will not start correctly at boot
time unless you also enable NetworkManager-wait-online.service.
Enabling NetworkManager-wait-online.service does not cause unnecessary serialization
of the boot process; it is only pulled in if something else (like a network mount)
pulls in network-online.target.
I am suggesting this in response to reading this user support request [1].
[1] https://unix.stackexchange.com/questions/429604/fstab-not-automatically-mounting-smb-storage
[thaller@redhat.com: reworded commit message]
https://github.com/NetworkManager/NetworkManager/pull/76
|
|
|
|
|
|
|
|
|
|
| |
meson is a build system focused on speed an ease of use, which
helps speeding up the software development. This patch adds meson
support along autotools.
[thaller@redhat.com: rebased patch and adjusted for iwd support]
https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00022.html
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"NetworkManager.service"
`systemctl start network-online.target` should suffice to start
"NetworkManager.service".
That would work because
- "network-online.target" has "Wants=NetworkManager-wait-online.service"
- "NetworkManager-wait-online.service" has "Require=NetworkManager.service".
But previously, "NetworkManager-wait-online.service" would just
fail with missing dependency.
See also https://github.com/systemd/systemd/pull/6065 which does the
same for networkd's wait-online serice, and see rh#1452866 for a
use-case.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1452866
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=785117
|
|
|
|
|
| |
instead of `kill -HUP`. We support "org.freedesktop.NetworkManager.Reload"
D-Bus method for a long time now. Use it because it is synchronous.
|
|
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=780199
[thaller@redhat.com: reworded commit message]
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CAP_SYS_ADMIN
We don't want to enable this upstream, but make the requirement
more discoverable by documenting it and put a comment to
NetworkManager.service.
https://bugzilla.redhat.com/show_bug.cgi?id=1371201
|
|
|
|
|
|
|
|
|
| |
Reference the nm-online and NetworkManager man page in the corresponding
service files.
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Documentation=
https://bugzilla.gnome.org/show_bug.cgi?id=767168
|
|
|
|
|
|
|
|
|
|
|
| |
RemainAfterExit=yes is typically used for Type=oneshot services.
systemd-networkd-wait-online.service uses it, so we should as well.
See
https://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
https://bugzilla.gnome.org/show_bug.cgi?id=767170
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new Reload D-Bus command to reload NetworkManager configuration.
For now, this is like sending SIGHUP to the process. There are several
advantages here:
- it is guarded via PolicyKit authentication while signals
can only be sent by root.
- the user can wait for the reload to be complete instead of sending
an asynchronous signal. For now, we operation completes after
nm_config_reload() returns, but later we could delay the response
further until specific parts are fully reloaded.
- SIGHUP reloads everything including re-reading configuration from
disk while SIGUSR1 reloads just certain parts such as writing out DNS
configuration anew.
Now, the Reload command has a flags argument which is more granular
in selecting parts which are to be reloaded. For example, via
signals the user can:
1) send SIGUSR1: this writes out the DNS configuration to
resolv.conf and possibly reloads other parts without
re-reading configuration and without restarting the DNS plugin.
2) send SIGHUP: this reloads configuration from disk,
writes out resolv.conf and restarts the DNS plugin.
There is no way, to only restart the DNS plugin without also reloading
everything else.
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=761001
|
|
|
|
| |
CAP_SYS_CHROOT is needed for openvpn hardening.
|
|
|
|
|
| |
Also, don't manage them by default. Whatver created it should take care of
management.
|
|
|
|
|
|
|
|
|
| |
Order NetworkManager after dbus. Otherwise during shutdown, both service are killed
together and possibly NetworkManager can no longer use D-Bus during shutdown. It
will need it however to communicate with VPN plugins and wpa-supplicant.
Related: https://bugs.freedesktop.org/show_bug.cgi?id=89847#c14
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1214466
|
|
|
|
|
|
|
|
|
|
|
|
| |
network.target is a very early boot target which basically says "I can start
opening sockets now". It has nothing to do with being connected to the internet
and is often required by early boot services as well.
Drop the unnecessary and wrong Wants=/Before=network.target to avoid dependency
cycles and boot delays.
https://bugzilla.gnome.org/show_bug.cgi?id=746039
https://launchpad.net/1430280
|
|
|
|
|
|
|
|
| |
This unit "implements" network-online.target, which is fairly independent from
multi-user.target, so specify the correct install target.
https://bugzilla.gnome.org/show_bug.cgi?id=746039
https://launchpad.net/1430280
|
|
|
|
|
| |
It's for their own good. Otherwise stale dnsmasq instances haunt the shared
connections.
|
|
|
|
|
|
|
|
|
| |
udev rules file
Those are not required with systemd-udevd v210 or newer. This way
distros which have a new enough version of udev can skip installing
84-nm-drivers.rules. While at it, don't use absolute paths for sed and
ethtool.
|
| |
|
| |
|
|
|
|
|
| |
ethtool may cause the auto-loading of a kernel module for non-existing
interface-names. Avoid that by checking whether such an interface exists.
|
|
|
|
|
|
|
| |
This reverts commit 44fee0f6fff42773aa73a9a46220db697907751f.
Bad quoting here. Also, this is not quite the best fix for the issue,
filtering on ACTION=="add" is probably a bit more elegant.
|
|
|
|
|
|
|
| |
ethtool may cause the auto-loading of a kernel module for non-existing
interface-names. Avoid that by checking whether such an interface exists.
This is inherently racy.
|
|
|
|
| |
We need it to write messages to kernel auditing log.
|
|
|
|
|
|
| |
Tested with dnsmasq (ipv4.method=shared), openvpn & vpnc.
https://bugzilla.gnome.org/show_bug.cgi?id=750598
|
|
|
|
|
| |
This allows us to always announce links when the kernel advertises
them, instead of waiting for udev.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since f9e4af2, parts of the configuration can be reloaded
by sending SIGHUP to NetworkManager. Add ExecReload option
to service file to support reloading by sending a signal.
Note that 'man 5 systemd.service' advices to use a blocking
command instead of a sending a signal. Later we should add a
D-Bus method to allow reloading synchronously. For now, this
is better then nothing.
https://mail.gnome.org/archives/networkmanager-list/2015-April/msg00042.html
|