systemd: add sandboxing options (old)#58
Closed
mmilata wants to merge 115 commits intoDanielAdolfsson:1.0-develfrom
Closed
systemd: add sandboxing options (old)#58mmilata wants to merge 115 commits intoDanielAdolfsson:1.0-develfrom
mmilata wants to merge 115 commits intoDanielAdolfsson:1.0-develfrom
Conversation
added 30 commits
September 13, 2011 21:26
Fix a bug with ptr<> that at some occasions will try to free _ref multiple times when release() becomes nested.
- Clean up some junk code that was left over. - Replace ptr<> with strong_ptr<> and weak_ptr<> to easier distinguish between weak and strong pointers. - Fix a couple of bugs.
Inside iface::~iface(), make sure to close any open sockets and restore ALLMULTI to it's original value.
* Add '-d' to "daemonize". Will also enable syslogging. * Fix a couple of bugs in 'session'. * Clean up 'log', and use LOG_* macros instead. * Add syslog(bool) to 'log' to enable/disable the use of syslog.
* Make iface::read() return a bit more generic address (sockaddr). * Add is_unicast() and is_multicast() to address. * Set default config path to "/etc/ndppd.conf". * Silently ignore solicit messages with bad saddr and/or daddr.
* Change Makefile so release is the default mode, use DEBUG=1 to turn on debugging. * Clean up 'conf' a bit. * Add a new option 'router' (valid in 'proxy' section) to turn on/off the ND_NA_FLAG_ROUTER flag for adverts.
- 'ttl' to control how long a session will stay in the cache once the session becomes valid or invalid. Default is 30 seconds. - 'timeout' to control how long a session will wait for a Neighbor Advertisement before being invalidated. Default is 500 ms.
- Update Makefile to provide 'install'. - Add manpages ndppd(1) and ndppd.conf(5).
…ond to queries send from the gateway (for instance when it needs to route to a WAN address thats local)
…t triggers a particular failure path
…ssage rather than an error code is returned for easier debugging
…ation request causing none of the sessions to really expire
…ifically asked for one yet thus ensuring the routes are created and that the latecy on proxy solicitation is kept much lower
…e local machine which will be used to cover some missing solicitation requests
…ses that it holds on secondary interfaces
…d auto rules defined in the configuration
…kept up during high traffic when no proactive NDP soliciations are sent by the sender
Feature to automatically wire the routes for a gateway
nd-proxy is not built by `make all`, so it shouldn't be copied by `make install`. Signed-off-by: Blake Gentry <blakesgentry@gmail.com>
…om-makefile remove cp nd-proxy from make install
…n, as otherwise we loose the ALLMULTI flag on the listening interfaces during the whole process. Probable cause is the parent restoring the original state of the interface flags before exitting.
/etc/init.d/ndppd. Probably works on current stable as well, but I couldn't test this so far.
When an interface disappears handle the resulting POLLERR result from polling. Ignoring this will cause ndppd to go into a hot loop. This is a very simple fix that will make the daemon terminate.
Handle disappearing interfaces
Fix issue DanielAdolfsson#39, interface configuration
|
If this goes through, it might be a good idea to also use the unit file directly in the NixOS module. |
Owner
|
Cool! Although, I'm not accepting new PRs to the 0.x branch. Working on a complete rewrite under branch |
Author
|
I suck at using github and accidentally closed this when trying to change base branch to @Mic92 do you mean for the NixOS module to install unit file from upstream sources instead of generating one? Do you know of other modules that do it? We'd have to inject the path to the binary somehow and also change the unit type |
mmilata
changed the title
|
@mmilata You can override unit description from nixos configuration. Have a look at the nfs module. It uses |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds some systemd sandboxing options to the service file. Ported from NixOS/nixpkgs#74700. Might be good idea to test it some more before merging:)