1. 16 Apr, 2018 4 commits
  2. 12 Apr, 2018 2 commits
    • Luca Boccassi's avatar
      Add capabilities to /bin/ip on postinst to fix ip vrf exec · 48fc47a8
      Luca Boccassi authored
      /bin/ip can now drop capabilities when launched, except when running
      ip vrf exec.
      ip vrf exec requires cap_dac_override to create a cgroup subdir in
      /sys, cap_sys_admin to load a BPF program to change the VRF of the
      socket being used to jail the application and cap_net_admin to change
      the cgroup of the process.
      Without these, it's impossible to run a simple command like ping into
      a vrf.
      
      Add the required capabilities via a postinst file to fix it. Make it
      disabled by default behind a new low-priority debconf knob.
      Add NEWS file to inform users of the debconf option.
      48fc47a8
    • Luca Boccassi's avatar
      Update changelog for 4.16.0-1 release · e4324552
      Luca Boccassi authored
      e4324552
  3. 03 Apr, 2018 4 commits
  4. 02 Apr, 2018 3 commits
  5. 29 Mar, 2018 10 commits
  6. 28 Mar, 2018 5 commits
  7. 27 Mar, 2018 10 commits
  8. 19 Mar, 2018 1 commit
    • Alexander Zubkov's avatar
      treat "default" and "all"/"any" addresses differenty · b8d26199
      Alexander Zubkov authored
      Debian maintainer found that basic command:
      	# ip route flush all
      No longer worked as expected which breaks user scripts and
      expectations. It no longer flushed all IPv4 routes.
      
      Recently behavior of "default" prefix parameter was corrected. But at
      the same time behavior of "all"/"any" was altered too, because they
      were the same branch of the code. As those parameters mean different,
      they need to be treated differently in code too. This patch reflects
      the difference.
      
      Also after mentioned change, address parsing code was changed more
      and address family was set explicitly even for "all"/"any" addresses.
      And that broke matching conditions further. This patch fixes that too
      and returns AF_UNSPEC to "all"/"any" address.
      
      Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
      IPv4) and "all"/"any" always matches anything in exact, root and match
      modes.
      Reported-by: Luca Boccassi's avatarLuca Boccassi <bluca@debian.org>
      Signed-off-by: 's avatarAlexander Zubkov <green@msu.ru>
      b8d26199
  9. 16 Mar, 2018 1 commit