On 12/14/21 21:06, Laine Stump wrote: > On 12/14/21 2:09 PM, Ján Tomko wrote: >> This bumps the minimum dnsmasq version to the point where we do not need >> capability probing, reducing it to a version check (which I will be >> happy to remove on request). >> >> Unless I missed something, this also means we no longer need to spawn >> radvd manually. > > The code doesn't lie! If removing the bits that were only true for older > dnsmasq removed the lines that ran radvd, then it's true. (I recall that > support for RA was added to dnsmasq fairly soon after the original ipv6 > support was added, and radvd was left in libvirt only because there were > so many downstreams that still had an older dnsmasq). > >> >> Note that DNSMASQ_CAPS_BINDTODEVICE was the indication of a downstream >> mitigation of a CVE that should no longer be needed if we have >> --bind-dynamic >> >> [...] > >> 17 files changed, 83 insertions(+), 569 deletions(-) > > Nice!!! > > After the minor fixes I noted in 03/17 and 08/17 > > Reviewed-by: Laine Stump <laine@xxxxxxxxxx> > > /me ponders what I should idly suggest be removed next... Parallels driver (src/vz/)? ;-) Michal
