From 0ea3e1420c373027bdf57ea9e794b81dd6b6ad4f Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 1 Apr 2023 15:31:46 +0200
Subject: container: T5082: switch to netavark network stack

We now support assigning discrete IPv6 addresses to a container.
---
 debian/control | 1 +
 1 file changed, 1 insertion(+)

(limited to 'debian')

diff --git a/debian/control b/debian/control
index 028b7cd43..8cd49f62a 100644
--- a/debian/control
+++ b/debian/control
@@ -99,6 +99,7 @@ Depends:
   mtr-tiny,
   ndisc6,
   ndppd,
+  netavark,
   netplug,
   nfct,
   nftables (>= 0.9.3),
-- 
cgit v1.2.3


From f72fa135986186544b6125481bae4691ddd4dded Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 4 Apr 2023 10:36:24 +0000
Subject: T5142: Add audit tool to monitor security-relevant events

---
 debian/control                      | 2 ++
 op-mode-definitions/show-log.xml.in | 6 ++++++
 2 files changed, 8 insertions(+)

(limited to 'debian')

diff --git a/debian/control b/debian/control
index 8cd49f62a..856f57030 100644
--- a/debian/control
+++ b/debian/control
@@ -35,6 +35,7 @@ Architecture: amd64 arm64
 Depends:
   ${python3:Depends},
   accel-ppp,
+  auditd,
   avahi-daemon,
   beep,
   bmon,
@@ -80,6 +81,7 @@ Depends:
   lcdproc,
   lcdproc-extra-drivers,
   libatomic1,
+  libauparse0,
   libbpf1 [amd64],
   libcharon-extra-plugins (>=5.9),
   libcharon-extauth-plugins (>=5.9),
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 7f6469ca9..7663e4c00 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -8,6 +8,12 @@
         </properties>
         <command>journalctl --no-hostname --boot</command>
         <children>
+          <leafNode name="audit">
+            <properties>
+              <help>Show audit logs</help>
+            </properties>
+            <command>cat /var/log/audit/audit.log</command>
+          </leafNode>
           <leafNode name="all">
             <properties>
               <help>Show contents of all master log files</help>
-- 
cgit v1.2.3


From 42775f287cca3e08dc8b2e58958018ecd1c626c9 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 14 Apr 2023 08:29:50 +0200
Subject: container: T5082: enable aardvark-dns support

With commit 0ea3e1420 ("container: T5082: switch to netavark network stack")
moving to a new network stack we should also enable the new DNS plugin provided
by default.

TODO: add CLI nodes to manually disable DNS and/or supply external DNS servers
to the container.
---
 debian/control             | 1 +
 src/conf_mode/container.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/control b/debian/control
index 856f57030..3126e6ad9 100644
--- a/debian/control
+++ b/debian/control
@@ -34,6 +34,7 @@ Package: vyos-1x
 Architecture: amd64 arm64
 Depends:
   ${python3:Depends},
+  aardvark-dns,
   accel-ppp,
   auditd,
   avahi-daemon,
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index cb39f19b6..aceb27fb0 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -380,7 +380,7 @@ def generate(container):
                 'subnets': [],
                 'ipv6_enabled': False,
                 'internal': False,
-                'dns_enabled': False,
+                'dns_enabled': True,
                 'ipam_options': {
                     'driver': 'host-local'
                 }
-- 
cgit v1.2.3