diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-14 08:06:27 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-22 15:23:58 +0200 |
| commit | b48ed70c79c6482e1f39b77d16e62043ff5042a5 (patch) | |
| tree | 58245c4075beb60a8558020b647dc67134beb68e /src/core/load-fragment-gperf.gperf.in | |
| parent | resolve: mDNS transaction max attempts fix (diff) | |
| download | systemd-b48ed70c79c6482e1f39b77d16e62043ff5042a5.tar.xz systemd-b48ed70c79c6482e1f39b77d16e62043ff5042a5.zip | |
Revert NFTSet feature
This reverts PR #22587 and its follow-up commit. More specifically,
2299b1cae32c1fb8911da0ce26efced68032f4f8 (partially),
e176f855278d5098d3fecc5aa24ba702147d42e0,
ceb46a31a01b3d3d1d6095d857e29ea214a2776b, and
51bb9076ab8c050bebb64db5035852385accda35.
The PR was merged without final approval, and has several issues:
- OSS fuzz reported issues in the conf parser,
- It calls synchrnous netlink call, it should not be especially in PID1,
- The importance of NFTSet for CGroup and DynamicUser may be
questionable, at least, there was no justification PID1 should support
it.
- For networkd, it should be implemented with Request object,
- There is no test for the feature.
Fixes #23711.
Fixes #23717.
Fixes #23719.
Fixes #23720.
Fixes #23721.
Fixes #23759.
Diffstat (limited to 'src/core/load-fragment-gperf.gperf.in')
| -rw-r--r-- | src/core/load-fragment-gperf.gperf.in | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in index facda69d0d..7817c20c0b 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in @@ -32,7 +32,6 @@ {{type}}.PassEnvironment, config_parse_pass_environ, 0, offsetof({{type}}, exec_context.pass_environment) {{type}}.UnsetEnvironment, config_parse_unset_environ, 0, offsetof({{type}}, exec_context.unset_environment) {{type}}.DynamicUser, config_parse_bool, true, offsetof({{type}}, exec_context.dynamic_user) -{{type}}.DynamicUserNFTSet, config_parse_dynamic_user_nft_set, 0, offsetof({{type}}, exec_context) {{type}}.RemoveIPC, config_parse_bool, 0, offsetof({{type}}, exec_context.remove_ipc) {{type}}.StandardInput, config_parse_exec_input, 0, offsetof({{type}}, exec_context) {{type}}.StandardOutput, config_parse_exec_output, 0, offsetof({{type}}, exec_context) @@ -242,7 +241,6 @@ {{type}}.SocketBindAllow, config_parse_cgroup_socket_bind, 0, offsetof({{type}}, cgroup_context.socket_bind_allow) {{type}}.SocketBindDeny, config_parse_cgroup_socket_bind, 0, offsetof({{type}}, cgroup_context.socket_bind_deny) {{type}}.RestrictNetworkInterfaces, config_parse_restrict_network_interfaces, 0, offsetof({{type}}, cgroup_context) -{{type}}.ControlGroupNFTSet, config_parse_cgroup_nft_set, 0, offsetof({{type}}, cgroup_context) {%- endmacro -%} %{ |