This makes NetworkManager independent of <polkit/polkit.h>
development headers and libpolkit-gobject-1.so library.
Instead communicate directly with polkit using its DBUS
interface.
PolicyKit support is now always compiled in. You can control
polkit authorization with the configuration option
[main]
auth-polkit=yes|no
If the configure option is omitted, a build time default
value is used. This default value can be set with the
configure option --enable-polkit.
This commit adds a new class NMAuthManager that reimplements the
relevant DBUS client parts. It takes source code from the polkit
library.
https://bugzilla.gnome.org/show_bug.cgi?id=734146
Signed-off-by: Thomas Haller <thaller@redhat.com>
man/nm-settings-keyfile.xml is generated via an XSLT stylesheet applied to
libnm-util/nm-keyfile-docs.xml. Then a manual page is generated from the XML.
Certain build configurations (like --enable-gtk-doc
--disable-introspection) were broken with respect to nm-setting-docs.
Fix this. Also, we don't require just gobject-introspection, we need
pygobject specifically as well.
To ensure that NetworkManager does not block needlessly for events
which have no scripts, require scripts that respond to blocking
events to opt into the action.
The script is called synchronously from NetworkManager so it can handle
asynchronicity itself. The long-term plan is to incorporate the script
partially into the new plugin and partially into a dnssec-trigger
library which will be used instead of dnssec-trigger daemon.
https://bugzilla.gnome.org/show_bug.cgi?id=699810
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
This allows setting bridge MAC either on command-line
nmcli con add type bridge con-name mybridge mac 11:22:33:44:55:66
or provide it when asked
nmcli -a con add type bridge con-name mybridge
Interpret the configuration option main.debug and the
environment variable NM_DEBUG as a comma separated list
of debugging options (parsed with g_parse_debug_string()).
Currently only the option "RLIMIT_CORE" is supported, to set
the core dump size to unlimited.
Signed-off-by: Thomas Haller <thaller@redhat.com>
In case of DHCP4, DHCP6 and/or SLAAC, delay "startup complete" until
both IPv4 and IPv6 are ready. This especially has an effect on
nm-online/NetworkManager-wait-online.service, which blocks until
configuration of both IPv4 and IPv6 is ready.
We queue a pending_action when automatic configuration starts and
remove it again, when we receive an address. Before, "startup complete"
was reached when either one of the two IP protocols was configured.
https://bugzilla.redhat.com/show_bug.cgi?id=1086906
Signed-off-by: Thomas Haller <thaller@redhat.com>
This fixes a behaviour change made by 44ac1020da.
That commit make nm-online to wait for NM finishing startup instead of waiting
for a real connection. So for NetworkManager fully initialized, but
disconnected nm-online would return 0.
$ nmcli -f RUNNING,STATE,STARTUP,CONNECTIVITY gen status
RUNNING STATE STARTUP CONNECTIVITY
running disconnected started none
Revert back to the original behaviour of waiting for a connection. And
introduce a new option '--wait-for-startup' waiting for NetworkManager
finishing its startup, which is useful in some cases, like
NetworkManager-wait-online.service.
https://bugzilla.redhat.com/show_bug.cgi?id=1054364
nmcli con add type team-slave ifname em2 master team-master0
nmcli con add type team-slave ifname em2 master id/team-master0
It helps to disambiguate values for cases where they may overlap,
e.g. "team0" -> "ifname/team0" or "id/team0"
nmcli con add type *-slave ifname em1 master <ifname|UUID|name>
'master' property of 'connection' setting has to be either interface name or
connection UUID of master connection. However, to make nmcli more convenient
for users, we also allow specifying connection name and translating it to UUID
automatically.
https://bugzilla.redhat.com/show_bug.cgi?id=1057494
Synopsis:
nmcli con modify -<property>.<setting> <value>
'value' can be empty ("") to remove the whole property value value (in this
case the behaviour is the same as without '-').
Or the 'value' is an index of the item to remove, or an option name (for a few
properties that have option names, like bond.options or ethernet.s390-options).
$ nmcli con mod myeth ipv4.dns "10.0.0.55 10.0.0.66 8.8.8.8 8.8.4.4"
---> ipv4.dns: 10.0.0.55, 10.0.0.66, 8.8.8.8, 8.8.4.4
$ nmcli con mod myeth -ipv4.dns 1
---> ipv4.dns: 10.0.0.55, 8.8.8.8, 8.8.4.4
---> bond.options: mode=balance-rr
$ nmcli con mod bond0 +bond.options "mii=500, downdelay=800"
---> bond.options: downdelay=800,miimon=500,mode=balance-rr
$ nmcli con mod bond0 -bond.options downdelay
---> bond.options: miimon=500,mode=balance-rr
The [main] section is not mandatory.
Clarify in several places that the keyfile plugin is always used for
fallback, and that the [keyfile] section is normally only used if you
aren't using any other plugin.
Fix some erroneous references to "keyfile" and "ifdown" in the
ifupdown section.
Update the ifcfg-rh docs to list all currently-supported connection
types.
Swap the order of ifcfg-suse and ifupdown to make them alphabetical.
(Note that ifnet is currently missing.)
https://bugzilla.gnome.org/show_bug.cgi?id=720841
Handle connection profiles in a single 'show' command instead of 'show active'
and 'show configured'.
nmcli con show [--active] [[id|uuid|path|apath] <bla>]
nmcli con show : display all connection profiles
nmcli con show --active : only display active connection profiles
(filters out inactive profiles)
nmcli con show myeth : display details of "myeth" profile, and also active
connection info (if the profile is active)
nmcli -f profile con show myeth : only display "myeth"'s static configuration
nmcli -f active con show myeth : only display active details of "myeth"
nmcli -f connection.id,ipv4,general con show myeth
: display "connection.id"a property
"ipv4" setting and "GENERAL" group
of active data
https://bugzilla.redhat.com/show_bug.cgi?id=997999
Make clear, that only full names are guaranteed to work in future
versions. The use of some abbreviations might break as new options
get added.
It would be rather complicated, to ensure, that abbreviations always
continue to work, at the additional disadvantage, that they no longer
uniquely identify an option. Instead, clearly state that using
them is not guaranteed to work in the future. Users that care about
long term compatibility should instead spell out the full names.
Abbreviations are mainly here for interactive use.
Signed-off-by: Thomas Haller <thaller@redhat.com>