We must also remove -Waggregate-return from m4/compiler-warnings.m4 because systemd
uses aggregate return (correctly) in a couple cases, and we cannot keep single-level
makefiles and override aggregate-return only for the systemd sub-library.
This client currently only supports DHCPv4 because the base systemd code
does not yet fully support DHCPv6.
The systemd code was modified to add "#if 0 /* NM_IGNORED */"
around lines that cause problems for compilation or code that is
not actually used in the library.
An adaptation layer (nm-sd-adapt) was added for glue between
systemd functions and NetworkManager, but changes to the actual
systemd code have been kept to a minimum.
The sd_event/sd_event_source functions of systemd have been
re-implemented on top of the GLib main loop.
client->secs wasn't getting set in the REBOOT state, causing
an assertion. REBOOT should work the same way as INIT, per
RFC 2131:
secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
REBOOT is necessary because many DHCP servers (especially on
home routers) do not hand back the same IP address when in
response to a DISCOVER packet, even if the same client ID is used.
The raw socket sd_event_source used for DHCP server solicitations
was simply dropped on the floor when creating the new UDP socket
after a lease has been acquired. Clean it up properly so we're
not still listening and responding to events on it.
Non-ethernet interface types use different client identifier formats,
plus when doing DHCPv4 and DHCPv6 on the same interface, the client
identifier should be related per RFC 4361. Thus let the caller
override the existing MAC-based client identifier if necessary.
The plugin can indicate that this connection can persist across link
changes and other connectivity dropouts by passing this option
back in the SetConfig() calls.
If the VPN re-enters the STARTING state to indicate that it has
disconnected from the VPN server and is trying to reconnect, change
the VPN connection's state to indicate that connectivity may be
limited. Wait for the VPN to provide updated IP configuration
information from the reconnect to change back to the ACTIVATED
state.
This property will indicate that the user wishes the VPN connection
to stay active until explicitly disconnected, even across link changes
or other interruptions.
They are defined as gint32 but are assigned a guint32 value and
then immediately passed back to the caller of _address_get_lifetime()
as guint32. They can never be negative, and may receive values
greater than G_MAXINT32, so they should be unsigned.
When the DHCP server address is not on the same subnet, we used
to add a /32 route to the server IP address via the gateway.
Do not add this route, if we already got a direct route from DHCP.
https://bugzilla.gnome.org/show_bug.cgi?id=738590
Signed-off-by: Thomas Haller <thaller@redhat.com>
add two functions nm_ip4_config_get_direct_route_for_host()
and nm_ip6_config_get_direct_route_for_host() to check if we have
a direct (non-gw) route to a certain host.
Signed-off-by: Thomas Haller <thaller@redhat.com>
https://bugzilla.gnome.org/show_bug.cgi?id=738590
Kernel treats IPv6 route metrics with value zero (0) special.
Add a utility function that helps accounting for that.
Signed-off-by: Thomas Haller <thaller@redhat.com>
https://bugzilla.gnome.org/show_bug.cgi?id=738590
/general/nm_utils_kill_child: **
GLib:ERROR:test-general-with-expect.c:105:test_nm_utils_kill_child_sync_do: Did not see expected message NetworkManager-DEBUG: *kill child process 'test-s-1-1' (*): waiting up to 500 milliseconds for process to terminate normally after sending SIGTERM (15)...
Aborted
The first test case assumes the child does not go away immediately after being
delivered a TERM signal. Add some delay to its teardown code path, so that NM
will set up the timeout the test expects.
This way the compiler issues a warning when accidently
switching the level and domain arguments when logging.
Make LOGD_ALL and LOGD_DEFAULT members of the enum instead
defining them. Previously the LOGD_ALL define included all
the defined domains, hence this is no functional change.
Also define the logging domain aliases as enum members (instead
of preprocessor defines).
Signed-off-by: Thomas Haller <thaller@redhat.com>
In case of a missing NetworkManager.conf (or a missing configuration option
main.plugins), allow to determine the fallback at compile time
https://bugzilla.gnome.org/show_bug.cgi?id=738611
Signed-off-by: Thomas Haller <thaller@redhat.com>
NMIP4Configs and NMIP6Configs are never supposed to contain a default
route, and thus nm_platform_ip6_route_sync() should never have to deal
with one. Unfortunately, if it *does* get passed a default route, it
will add it even if it was already there. This will result in an
RTM_NEWROUTE notification, which will cause NMPlatform to emit
ip6-route-changed, which will result in NMDevice doing some work and
then calling nm_ip6_config_commit(), which will result in NMIP6Config
passing the same list of routes to nm_platform_ip6_route_sync() again,
including the default route, which will cause NMPlatform to add the
route again...
(Something eventually causes this cycle to get broken, but it starts
up again the next time NM receives an RA.)
Fix this by having the route_sync() functions never add/modify the
default route (They were already not deleting it.)
If the router sends an RA with an RDNSS or DNSSL lifetime of "0", that
means to immediately stop using the corresponding server/domain name.
NMLNDPRDisc knew this, but messed up its handling of it, and so if
this happened, it might end up sending out an RS to get new data every
0 seconds...
(Noticed while investigating bgo 735325, though it turned out to be
irrelevant there.)
The warning -Wstrict-prototypes was disabled by commit
db9b1df0e4 .
Enable it again, but avoid warnings for WiMax SDK by explicitly disabling the
compiler warning where needed.
Apparently clang does not produce a warning for -Wstrict-prototypes,
hence we don't need a clang specific #pragma.
Signed-off-by: Thomas Haller <thaller@redhat.com>
nm_setting_verify() took a GSList of other NMSettings, but really it
would just be simpler all around to pass the NMConnection instead...
This means that several formerly NMSetting-branded functions that
operated on lists-of-settings now get replaced with
NMConnection-branded functions instead.
Add nm-core-types.h, typedefing all of the GObject types in
libnm-core; this is needed so that nm-setting.h can reference
NMConnection in addition to nm-connection.h referencing NMSetting.
Removing the cross-includes from the various headers causes lots of
fallout elsewhere. (In particular, nm-utils.h used to include
nm-connection.h, which included every setting header, so any file that
included nm-utils.h automatically got most of the rest of libnm-core
without needing to pay attention to specifics.) Fix this up by
including nm-core-internal.h from those files that are now missing
includes.
If the DHCP server happens to send "0.0.0.0", which you see with
some consumer gear that only has one nameserver set, don't warn
because we know it's bogus.
Also rename the copy & pasted 'searches' variable to what it's
actually used for.
Code outside of libnm-core/ should not include the private headers.
nm-core-internal.h should be used instead.
Fixes: 98fe073fb9
Signed-off-by: Thomas Haller <thaller@redhat.com>
This can be triggered by stopping the DBUS service. The assertion happens
because when the supplicant stops (due to the name-owner-change, which is triggered
because dbus-daemon quit), the supplicant manager sets all supplicant interfaces
to DOWN state so that they can be cleaned up. That does two things:
1) calls supplicant_interface_acquire() to attempt to re-launch wpa_supplicant
in case wpa_supplicant segfaulted
2) moves the NMDevicWifi to UNAVAILABLE state because the supplicant is gone,
the device is no longer usable and we must terminate the connection and wait
for the supplicant to come back
But #2 also ends up calling supplicant_interface_acquire(), because that's what
we want to do when the NMDeviceWifi is first managed (at startup) and when the
supplicant dies. The code just doesn't differentiate between the two cases.
To fix this, just allow duplicate "waiting for supplicant" pending
actions, which is fine because the operation doesn't care about strict
added/removed sequencing.
#0 0x000000381d0504e9 in g_logv (log_domain=0x59cd5b "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fff8cccc1a0) at gmessages.c:989
#1 0x000000381d05063f in g_log (log_domain=<optimized out>, log_level=<optimized out>, format=<optimized out>) at gmessages.c:1025
#2 0x000000000044f53b in nm_device_add_pending_action (self=0xa60310, action=0x7febecd1d37d "waiting for supplicant", assert_not_yet_pending=1) at devices/nm-device.c:6466
#3 0x00007febecd0bc56 in supplicant_interface_acquire (self=0xa60310) at nm-device-wifi.c:262
#4 0x00007febecd0b240 in device_state_changed (device=0xa60310, new_state=NM_DEVICE_STATE_UNAVAILABLE, old_state=NM_DEVICE_STATE_ACTIVATED, reason=NM_DEVICE_STATE_REASON_SUPPLICANT_FAILED) at nm-device-wifi.c:3136
#5 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#6 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff8cccc6c0, fn=0x7febecd0b050 <device_state_changed>, rvalue=0x7fff8cccc630, avalue=avalue@entry=0x7fff8cccc5b0) at ../src/x86/ffi64.c:522
#7 0x000000381e010ad8 in g_cclosure_marshal_generic (closure=0xa30a40, return_gvalue=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>,
marshal_data=0x7febecd0b050 <device_state_changed>) at gclosure.c:1454
#8 0x000000381e010298 in g_closure_invoke (closure=closure@entry=0xa30a40, return_value=return_value@entry=0x0, n_param_values=4, param_values=param_values@entry=0x7fff8cccc8c0, invocation_hint=invocation_hint@entry=0x7fff8cccc860)
at gclosure.c:777
#9 0x000000381e02211b in signal_emit_unlocked_R (node=node@entry=0xa322b0, detail=detail@entry=0, instance=instance@entry=0xa60310, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fff8cccc8c0) at gsignal.c:3624
#10 0x000000381e02a0f2 in g_signal_emit_valist (instance=instance@entry=0xa60310, signal_id=signal_id@entry=63, detail=detail@entry=0, var_args=var_args@entry=0x7fff8ccccaf8) at gsignal.c:3330
#11 0x000000381e02a8f8 in g_signal_emit_by_name (instance=0xa60310, detailed_signal=0x59a8d1 "state-changed") at gsignal.c:3426
#12 0x00000000004514a4 in _set_state_full (self=0xa60310, state=NM_DEVICE_STATE_UNAVAILABLE, reason=NM_DEVICE_STATE_REASON_SUPPLICANT_FAILED, quitting=0) at devices/nm-device.c:6820
#13 0x0000000000449ec6 in nm_device_state_changed (self=0xa60310, state=NM_DEVICE_STATE_UNAVAILABLE, reason=NM_DEVICE_STATE_REASON_SUPPLICANT_FAILED) at devices/nm-device.c:6949
#14 0x00007febecd0f247 in supplicant_iface_state_cb (iface=0x9b9290, new_state=13, old_state=12, disconnect_reason=0, user_data=0xa60310) at nm-device-wifi.c:2276
#15 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#16 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff8cccd230, fn=0x7febecd0eb20 <supplicant_iface_state_cb>, rvalue=0x7fff8cccd160, avalue=avalue@entry=0x7fff8cccd0e0) at ../src/x86/ffi64.c:522
#17 0x000000381e010f35 in g_cclosure_marshal_generic_va (closure=0xa2f490, return_value=0x0, instance=0x9b9290, args_list=<optimized out>, marshal_data=0x0, n_params=3, param_types=0xa422e0) at gclosure.c:1550
#18 0x000000381e0104c7 in _g_closure_invoke_va (closure=closure@entry=0xa2f490, return_value=return_value@entry=0x0, instance=instance@entry=0x9b9290, args=args@entry=0x7fff8cccd470, n_params=3, param_types=0xa422e0) at gclosure.c:840
#19 0x000000381e029749 in g_signal_emit_valist (instance=0x9b9290, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff8cccd470) at gsignal.c:3238
#20 0x000000381e02a3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#21 0x00000000004b0e4b in set_state (self=0x9b9290, new_state=13) at supplicant-manager/nm-supplicant-interface.c:344
#22 0x00000000004b0916 in smgr_avail_cb (smgr=0xa3c890, pspec=0xa3c8d0, user_data=0x9b9290) at supplicant-manager/nm-supplicant-interface.c:930
#23 0x000000381e010298 in g_closure_invoke (closure=0x9a68b0, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7fff8cccd770, invocation_hint=invocation_hint@entry=0x7fff8cccd710) at gclosure.c:777
#24 0x000000381e02235d in signal_emit_unlocked_R (node=node@entry=0x990da0, detail=detail@entry=610, instance=instance@entry=0xa3c890, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fff8cccd770) at gsignal.c:3586
#25 0x000000381e02a0f2 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fff8cccd900) at gsignal.c:3330
#26 0x000000381e02a3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#27 0x000000381e014945 in g_object_dispatch_properties_changed (object=0xa3c890, n_pspecs=1, pspecs=0x0) at gobject.c:1047
#28 0x000000381e017019 in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0xa3c890) at gobject.c:1141
#29 g_object_notify (object=0xa3c890, property_name=<optimized out>) at gobject.c:1183
#30 0x00000000004b56f1 in set_running (self=0xa3c890, now_running=0) at supplicant-manager/nm-supplicant-manager.c:228
#31 0x00000000004b5002 in name_owner_changed (dbus_mgr=0x99f740, name=0x9ba910 "fi.w1.wpa_supplicant1", old_owner=0xa945a0 ":1.25", new_owner=0xac2ce0 "", user_data=0xa3c890) at supplicant-manager/nm-supplicant-manager.c:294
#32 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#33 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff8cccdd10, fn=0x4b4d50 <name_owner_changed>, rvalue=0x7fff8cccdc80, avalue=avalue@entry=0x7fff8cccdc00) at ../src/x86/ffi64.c:522
#34 0x000000381e010ad8 in g_cclosure_marshal_generic (closure=0xa530a0, return_gvalue=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=0x0) at gclosure.c:1454
#35 0x000000381e010298 in g_closure_invoke (closure=0xa530a0, return_value=return_value@entry=0x0, n_param_values=4, param_values=param_values@entry=0x7fff8cccdf10, invocation_hint=invocation_hint@entry=0x7fff8cccdeb0) at gclosure.c:777
#36 0x000000381e02235d in signal_emit_unlocked_R (node=node@entry=0x99cce0, detail=detail@entry=0, instance=instance@entry=0x99f740, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fff8cccdf10) at gsignal.c:3586
#37 0x000000381e02a0f2 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fff8ccce0d0) at gsignal.c:3330
#38 0x000000381e02a3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#39 0x00000000004c4026 in proxy_name_owner_changed (proxy=0x998210, name=0xa3ad50 "fi.w1.wpa_supplicant1", old_owner=0x9cffc0 ":1.25", new_owner=0x99d230 "", user_data=0x99f740) at nm-dbus-manager.c:708
#40 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#41 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff8ccce410, fn=0x4c3fd0 <proxy_name_owner_changed>, rvalue=0x7fff8ccce380, avalue=avalue@entry=0x7fff8ccce300) at ../src/x86/ffi64.c:522
#42 0x000000381e010ad8 in g_cclosure_marshal_generic (closure=closure@entry=0x9beb80, return_gvalue=return_gvalue@entry=0x0, n_param_values=<optimized out>, param_values=<optimized out>,
invocation_hint=invocation_hint@entry=0x7fff8ccce630, marshal_data=marshal_data@entry=0x0) at gclosure.c:1454
#43 0x0000003829a10864 in marshal_dbus_message_to_g_marshaller (closure=0x9beb80, return_value=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=0x7fff8ccce630, marshal_data=0x0) at dbus-gproxy.c:1736
#44 0x000000381e010298 in g_closure_invoke (closure=0x9beb80, return_value=return_value@entry=0x0, n_param_values=3, param_values=param_values@entry=0x7fff8ccce690, invocation_hint=invocation_hint@entry=0x7fff8ccce630) at gclosure.c:777
#45 0x000000381e02235d in signal_emit_unlocked_R (node=node@entry=0x9be290, detail=detail@entry=347, instance=instance@entry=0x998210, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fff8ccce690) at gsignal.c:3586
#46 0x000000381e02a0f2 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fff8ccce840) at gsignal.c:3330
#47 0x000000381e02a3af in g_signal_emit (instance=instance@entry=0x998210, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#48 0x0000003829a111c0 in dbus_g_proxy_emit_remote_signal (message=0xa6c2b0, proxy=0x998210) at dbus-gproxy.c:1789
#49 dbus_g_proxy_manager_filter (connection=<optimized out>, message=0xa6c2b0, user_data=0x9be520) at dbus-gproxy.c:1356
#50 0x000000382001006e in dbus_connection_dispatch (connection=connection@entry=0x9badb0) at dbus-connection.c:4631
#51 0x0000003829a0ad65 in message_queue_dispatch (source=source@entry=0x9bdcc0, callback=<optimized out>, user_data=<optimized out>) at dbus-gmain.c:90
#52 0x000000381d0492a6 in g_main_dispatch (context=0x99b4b0) at gmain.c:3066
#53 g_main_context_dispatch (context=context@entry=0x99b4b0) at gmain.c:3642
#54 0x000000381d049628 in g_main_context_iterate (context=0x99b4b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#55 0x000000381d049a3a in g_main_loop_run (loop=0x99b5d0) at gmain.c:3907
#56 0x0000000000443c28 in main (argc=1, argv=0x7fff8cccf268) at main.c:704
Signed-off-by: Thomas Haller <thaller@redhat.com>
Calling dbus_g_proxy_begin_call() on a closed DBUS connection will
return NULL. All the call sites of nm_call_store_add() don't check
for NULL and therefore might hit an assertion.
This can easily reproduced by stopping the DBUS daemon.
Backtrace:
#0 0x000000381d0504e9 in g_logv (log_domain=0x59cd8b "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fff42cce5c0) at gmessages.c:989
#1 0x000000381d05063f in g_log (log_domain=<optimized out>, log_level=<optimized out>, format=<optimized out>) at gmessages.c:1025
#2 0x00000000004b64e9 in nm_call_store_add (store=0x7f8e1c003d20, proxy=0x219c0d0, call=0x0) at supplicant-manager/nm-call-store.c:47
#3 0x00000000004b0b7b in interface_add (self=0x20e2500, is_wireless=1) at supplicant-manager/nm-supplicant-interface.c:907
#4 0x00000000004b0865 in nm_supplicant_interface_new (smgr=0x216c870, ifname=0x211e840 "wlp3s0", is_wireless=1, fast_supported=1, ap_support=AP_SUPPORT_YES, start_now=1) at supplicant-manager/nm-supplicant-interface.c:1355
#5 0x00000000004b47da in nm_supplicant_manager_iface_get (self=0x216c870, ifname=0x211e840 "wlp3s0", is_wireless=1) at supplicant-manager/nm-supplicant-manager.c:91
#6 0x00007f8e250f8b3f in supplicant_interface_acquire (self=0x218a350) at nm-device-wifi.c:253
#7 0x00007f8e250fc22e in supplicant_iface_state_cb (iface=0x20e2290, new_state=13, old_state=9, disconnect_reason=0, user_data=0x218a350) at nm-device-wifi.c:2274
#8 0x000000381dc05d8c in ffi_call_unix64 () at ../src/x86/unix64.S:76
#9 0x000000381dc056bc in ffi_call (cif=cif@entry=0x7fff42cced00, fn=0x7f8e250fbb20 <supplicant_iface_state_cb>, rvalue=0x7fff42ccec30, avalue=avalue@entry=0x7fff42ccebb0) at ../src/x86/ffi64.c:522
#10 0x000000381e010f35 in g_cclosure_marshal_generic_va (closure=0x20fd2b0, return_value=0x0, instance=0x20e2290, args_list=<optimized out>, marshal_data=0x0, n_params=3, param_types=0x2189ee0) at gclosure.c:1550
#11 0x000000381e0104c7 in _g_closure_invoke_va (closure=closure@entry=0x20fd2b0, return_value=return_value@entry=0x0, instance=instance@entry=0x20e2290, args=args@entry=0x7fff42ccef40, n_params=3, param_types=0x2189ee0)
at gclosure.c:840
#12 0x000000381e029749 in g_signal_emit_valist (instance=0x20e2290, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff42ccef40) at gsignal.c:3238
#13 0x000000381e02a3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#14 0x00000000004b0e4b in set_state (self=0x20e2290, new_state=13) at supplicant-manager/nm-supplicant-interface.c:344
Signed-off-by: Thomas Haller <thaller@redhat.com>
Ignoring SIGPIPE signal, otherwise it causes problems.
For example, running `NetworkManager --debug 2>&1 | tee log.txt` in a
terminal and killing it with CTRL+C (SIGINT), will abruplty terminate
NetworkManager without clean shutdown.
Note, that with this patch and above example, NetworkManager will both
receive SIGINT and SIGPIPE. Since we now ignore SIGPIPE, NetworkManager
will shut down cleanly. Any logging output after killing `tee` is of
lost however.
Also, there might be other cases where NM reads/writes to a pipe/socket
and unexpectedly received SIGPIPE. For example nm-dns-manager.c
spawns netconfig (run_netconfig()) and writes the configuration
to its stdin. If netconfig dies, the write might fail with EPIPE.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Previously the only thing preventing default-unmanaged devices from
being auto-activated was luck and the fact that they didn't have any
available connections when in the UNMANAGED state. That's no longer
true, so we must be more explicit about their behavior.
Furthermore it makes no sense to allow default-unmanaged devices
to set priv->autoconnect=TRUE since that is never supposed to
happen, so enforce that both in NM itself and if the change
request comes in over the D-Bus interface.
Lastly, internal priv->autoconnect=TRUE changes never emitted a
property change notification, meaning the NMPolicy would never
schedule an autoconnect check if the device's priv->autoconnect
was set to TRUE as a result of re-activating or waking from sleep.
Previously a master device would wait for a carrier before starting
IP configuration only for 'manual' connections, but that's not quite
broad enough. We also want to allow SHARED methods to proceed
immediately since they are also effectively static/manual configuration.
Use the newly split out methods for checking whether a connection
requires a carrier or not to allow the SHARED method to proceed
for master devices without a carrier.
For example, this allows bridge configurations with tun/tap ports
to set up SHARED addressing before the tun/tap gets a carrier which
only happens when something opens the other side of the tun/tap
(like the VM or container).
