| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
This reverts commit db6ebe003dd8f96b18824809c3fcecd1390788e5.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hidepid
When mounting /proc with hidepid, we might fail to read the
start-time of the process from /proc/$PID/stat. In this case,
we should just accept a start-time of zero.
On the other side of authentication, polkit should accept a zero
start-time too.
nm_utils_get_start_time_for_pid() has other uses in NetworkManager,
mostly when killing a process from a PIDFILE or during
nm_utils_kill_process_sync(). In both these cases, this will only
succeed if we try to kill a process that also runs a root.
For processes started by the current instance, we don't care about the
PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem
with hidepid there.
https://bugzilla.gnome.org/show_bug.cgi?id=764502
|
| |\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=765329
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Re-add nm_vpn_plugin_info_get_service(). This function *is* useful
and could be used by nm-applet.
This reverts commit 3517084b92aa64817ce8cd82163e5ab6e1947017.
|
| |/
|
|
|
|
|
| |
_nm_vpn_plugin_info_list_load_dir()
No need to assert against an empty dirname. It's not different from
any other non-existing directory and we should be graceful about that.
|
| | |
|
| |
|
|
|
|
| |
And for @out_state, return ' ' instead of '\0' in case of
failure. That is more friendly, when the user happens to
print the value.
|
| |
|
|
|
|
| |
Otherwise the types links would be dangling or resolved to slightly
irrelevant documentation in libnm or completely irrelevant documentation
in libnm-util.
|
| |
|
|
|
|
| |
It isn't right in that context -- NMDevice is a libnm-core object,
not a bus object. In rendered documentation this would generate
a dangling link.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Pass an empty configuration file otherwise dnsmasq loads
"/etc/dnsmasq.conf".
We already allow for a config.d/ directory "/etc/NetworkManager/dnsmasq.d"
to allow the user to overwrite configuration. We don't want to consider
the global config file.
Fixes: 497a8aa5c6463404200a3fcc745aa65396dc4f22
|
| |\
| |
| |
| |
| | |
https://mail.gnome.org/archives/networkmanager-list/2016-March/msg00144.html
https://bugzilla.gnome.org/show_bug.cgi?id=765043
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Use DBus to make nameserver updates rather than restarting the dnsmasq binary
again and again.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
https://mail.gnome.org/archives/networkmanager-list/2016-March/msg00144.html
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
The 4 private fields pid, watch_id, progname and pidfile strictly
belong together. When spawning a child, we set all 4 of them and
when killing the child all get cleared. Cleanup to code to always
set those 4 fields together.
|
| | |
| |
| |
| |
| | |
dispose() already calls nm_dns_plugin_child_kill(), which clears
both pidfile and progname.
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
| |
wifi_utils_is_wifi() only has one caller, so it's very clear
what the passed in @sysfs_path contains. Instead of accepting
a redundant argument, compute the sysfs path internally based
on @iface alone.
|
| |
|
|
| |
And while at it, don't pass the sysfs_path but instead the ifname to it.
|
| |
|
|
|
| |
It is interesting to find in the logfile when we write to "/etc/resolv.conf"
or our internal version "/var/run/NetworkManager/resolv.conf".
|
| |
|
|
|
|
|
| |
When NetworkManager exits, it must preserve the DNS configuration of
devices that are left up.
Fixes: 9498ea507eb1d5042736c4351337e91b9c13bdf6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main purpose of audit logging is to understand who did what to the
system configuration, so it is useful to log also the list of changed
properties when a connection is updated:
op="connection-update"
uuid="2f3e48fc-5f47-41d9-9278-d2871378df43"
name="pppoe1"
args="pppoe.username,pppoe.password" <========
pid=9523
uid=1001
result="success"
|
| |
|
|
|
| |
Fixes an assertion failure on WWAN connection attempts that fail before
secrets are requested.
|
| |\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=765303
|
| | |
| |
| |
| |
| | |
After issuing the sysctl "delete_child", we must request the
link to get the platform cache in sync.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
We want to preserve the relevant errno during nm_platform_sysctl_set().
Also, if the final close() fails, fail altogether.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
| |
object
Otherwise NetworkManager can be too fast calling a method:
<error> [1461073999.2362] vpn-connection[0x7fe39ec491e0,be049803-a705-438f-b8f5-49db87640c93,"libreswan",0]:
plugin NeedSecrets request #1 failed: No such interface 'org.freedesktop.NetworkManager.VPN.Plugin'
on object at path /org/freedesktop/NetworkManager/VPN/Plugin
|
| |
|
|
| |
Thomas thinks it's a sin.
|
| |
|
|
|
|
| |
The infiniband drivers don't implement the rtnetlink link deletions.
Therefore we unrealize the NMDevice instance but the backing resources
stay around, preventing us from ever realizing the device again.
|
| | |
|
| |
|
|
|
|
| |
nmcli> set 802-1x.ca-cert file:///tmp/certs/eaptest_ca_cert.pem
(process:31015): libnm-CRITICAL **: crypto_is_pkcs12_data: assertion 'data != NULL' failed
Error: failed to set 'ca-cert' property: PEM certificate had no start tag '-----BEGIN CERTIFICATE-----'.
|
| |
|
|
| |
Reported-by: Ali Nematollahi <alirezan1@gmail.com>
|
| |
|
|
|
|
| |
This reverts commit 8b6a1ac62f2cb39b1246d7dff3525b1a8bb48f2c.
Original patch was in error; 'active' is already gs_unref_object.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit ca000cffbb9ef20c6dd965283df3f1babf0a7745, we changed to
accept a plugin library name without path. One reason for that
is to keep architecture dependent parts out of the .name file
and possibly support multilib.
However, the shared libraries of VPN plugins are not installed in
a global library search path, but for example into
"/usr/lib64/NetworkManager/libnm-vpn-plugin-openvpn.so".
In that case, specifying "plugin=libnm-vpn-plugin-openvpn.so"
would not be enough to find plugin.
Instead, when configuring a plugin name without path, assume
it is in NMPLUGINDIR directory. Modify nm_vpn_editor_plugin_load_from_file()
to allow path-less plugin-names. Previously such names would be rejected
as not being absolute. This API allows to do file verification
before loading the plugin, but it now supports prepending NMPLUGINDIR
to the plugin name. Basically, this function mangles the plugin_name
argument and checks that such a file exists.
The recently added nm_vpn_editor_plugin_load() continues to behave
as before: it does no checks whatsoever and passes the name directly
to dlopen(). That way, it uses system search paths like LD_LIBRARY_PATH
and performs no checks on the file.
Fixes: ca000cffbb9ef20c6dd965283df3f1babf0a7745
|
| |\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=765225
|
| | |
| |
| |
| |
| |
| | |
Contrary to nm_vpn_editor_plugin_load_from_file(), this allows
to specify a library name without path. In this case, g_module_open()
(dlopen()) will search for a library in various system directories.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since commit 3dfbbb227e82b47973f612b6b031d8d591727436, we enforce that
the plugin path in the .name file is absolute and we perform several
checks on the file before loading it (ownership, etc).
Relax that, to also allow libray names without path component.
In that case, g_module_open()/dlopen() will search for a library
in various search paths. This allows, to omit absolute paths
in the .name file. The latter is problematic, because by default
we install the .name file in the architecture independent location
/usr/lib/NetworkManager. As such, it should not contain paths
to architecture dependent libraries. With this change, a .name
file can contain only the library name and it will be loaded
using the usual mechanism.
However, specifying absolute paths is still possible and works
same as before, including checking file permissions.
As such, distributions probably should package the VPN plugins
to have no path in the .name file. On the other hand, a user
compiling from source probably wants to specify an absolute
path. The reason is, that the user probably doesn't build the
plugin for multiple achitectures and that way, he can install
the plugin in a separate (private) prefix.
|
| | |
| |
| |
| |
| |
| |
| | |
The @plugin_filename argument must be an absolute path.
That was changed later, but forgot to update the comment.
Fixes: 3dfbbb227e82b47973f612b6b031d8d591727436
|
| | |
| |
| |
| |
| | |
The GKeyFile is no longer needed after constuction. All strings are
copied over to the "keys" hash.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of looking into the keyfile, lookup the "supports-multiple-connections" setting
in the "keys" hash. This has some behavioral difference:
- g_key_file_get_boolean() first does g_key_file_get_value(), and then
converts the string using the private g_key_file_parse_value_as_boolean()
function -- which is case-sensitive, accepts "true|false|0|1" and
considers only the text until the first whitespace.
- now, we put g_key_file_get_string() into the cache "keys" and
parse it with _nm_utils_ascii_str_to_bool(). The latter is
case insensitive, allows also "yes|no|on|off", strips whitespaces.
However, the difference is subtle and shouldn't matter.
The point of this change is to free "keyfile" after construction.
|
