Re: [systemd-devel] [PATCH] dbus-manager: don't allow enabling if unit is masked
Lennart Poettering lenn...@poettering.net writes: On Mon, 06.10.14 13:21, Jan Synacek (jsyna...@redhat.com) wrote: Hmm with this change in place we'd have different behaviour for the cases where systemctl executes the operation client-side, and when it goes via the bus. We really should keep those differences in behaviour to a minimum. I figure the verification for this really needs to be moved a few levels down, somewhere into unit_file_enable() and friends, so that all code paths behave the same. But that wouldn't fix a scenario where one uses just dbus to call the method, would it? Maybe I'm missing something, but that's how I understood the code so far. However, I agree that the fix is incomplete and I'll try to fix that. While I'm at it, what about disable? Should it behave in the same way, i.e. return error when the unit is masked? My guess is that yes, but I'm not sure. https://bugzilla.redhat.com/show_bug.cgi?id=1149069 --- src/core/dbus-manager.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 533ce43..c2d52b2 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1588,18 +1588,23 @@ static int method_enable_unit_files_generic( if (r 0) return r; -#ifdef HAVE_SELINUX STRV_FOREACH(i, l) { Unit *u; u = manager_get_unit(m, *i); if (u) { +#ifdef HAVE_SELINUX r = selinux_unit_access_check(u, message, verb, error); if (r 0) return r; +#endif +if (u-load_state == UNIT_MASKED) { +sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED, + Unit %s is masked., u-id); +return -EADDRNOTAVAIL; +} } } -#endif scope = m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; -- 1.9.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel Lennart -- Lennart Poettering, Red Hat -- Jan Synacek Software Engineer, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/2] sysusers.d: split files to cope with split packages.
On 25/09/14 22:12, Gustavo Sverzut Barbieri wrote: move each user/group creation to a file that represents its own split package, so it's possible to ship them in separate. Even if you split out bits of systemd functionality like networkd, timesyncd, kdbus into separate binary packages, what harm would be done by shipping the existing sysusers.d/systemd.conf in a core package (systemd-core.deb or whatever, which should probably also be the one with /lib/systemd/systemd), and having the other packages depend on it? As far as I can tell, the only cost is in a cut-down system with kdbus/timesync/etc. omitted, there are some unused system users which only exist to support functionality that is not currently installed. Is that really so significant? Similarly, unneeded tmpfiles.d entries just mean a few extra bytes of directory entries in a tmpfs, right? S ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] core: don't allow enabling if unit is masked
--- src/shared/install.c | 13 + 1 file changed, 13 insertions(+) diff --git a/src/shared/install.c b/src/shared/install.c index fa064c2..945bb27 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1516,6 +1516,19 @@ int unit_file_enable( return r; STRV_FOREACH(i, files) { +UnitFileState state; + +state = unit_file_get_state(scope, root_dir, *i); +if (state 0) { +log_error(Failed to get unit file state for %s: %s, *i, strerror(-state)); +return state; +} + +if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { +log_error(Failed to enable unit: Unit %s is masked, *i); +return -ENOTSUP; +} + r = install_info_add_auto(c, *i); if (r 0) return r; -- 1.9.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2] core: don't allow enabling if unit is masked
I'm not sure about the error type and message the user gets, though. It seems that the only way to do this currently is to return an approximate errno, which gets translated on the client side and the real message is then found in the error log. Changes in v2: - move the funcionality to a common path, so uses with and without dbus are affected Jan Synacek (1): core: don't allow enabling if unit is masked src/shared/install.c | 13 + 1 file changed, 13 insertions(+) -- 1.9.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] core: map the 'rescue' argument to rescue.target
Even though the 'emergency' and 'single' aliases come from sysvinit, the lack of 'rescue' is still quite confusing (caught me by surprise for the 9th time yet) and inconsistent with `systemctl rescue` as well. --- src/core/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/core/main.c b/src/core/main.c index 1a62e04..44373cc 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -272,6 +272,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { static const char * const rlmap[] = { emergency, SPECIAL_EMERGENCY_TARGET, -b,SPECIAL_EMERGENCY_TARGET, +rescue,SPECIAL_RESCUE_TARGET, single,SPECIAL_RESCUE_TARGET, -s,SPECIAL_RESCUE_TARGET, s, SPECIAL_RESCUE_TARGET, -- 2.1.2 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v4] systemctl: add add-wants and add-requires verbs
--- Changes in v4 - renamed install_dependency - dependency - removed the enum with dependencies and used the general one instead - add an error meesage in the case that --root is used and it fails - changes in manpage TODO | 1 - man/systemctl.xml | 19 +++ src/core/dbus-manager.c| 83 +-- src/core/org.freedesktop.systemd1.conf | 4 ++ src/core/selinux-access.c | 29 ++ src/core/selinux-access.h | 3 + src/core/unit.c| 29 -- src/core/unit.h| 51 - src/shared/install.c | 89 ++--- src/shared/install.h | 2 + src/shared/unit-name.c | 29 ++ src/shared/unit-name.h | 51 + src/systemctl/systemctl.c | 100 + 13 files changed, 370 insertions(+), 120 deletions(-) diff --git a/TODO b/TODO index 0c648f9..c12d55f 100644 --- a/TODO +++ b/TODO @@ -453,7 +453,6 @@ Features: - systemctl mask should find all names by which a unit is accessible (i.e. by scanning for symlinks to it) and link them all to /dev/null - systemctl list-unit-files should list generated files (and probably with a new state generated for them, or so) - - systemctl: maybe add systemctl add-wants or so... * timer units: - timer units should get the ability to trigger when: diff --git a/man/systemctl.xml b/man/systemctl.xml index b28a3b7..b2aa17f 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -1098,6 +1098,25 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service /varlistentry varlistentry + termcommandadd-wants replaceableTARGET/replaceable + replaceableNAME/replaceable.../command/term + termcommandadd-requires replaceableTARGET/replaceable + replaceableNAME/replaceable.../command/term + + listitem +paraAdds literalWants=/literal resp. literalRequires=/literal +dependency to the specified replaceableTARGET/replaceable for +one or more units. /para + +paraThis command honors option--system/option, +option--user/option, option--runtime/option and +option--global/option in a similar way as +commandenable/command./para + + /listitem +/varlistentry + +varlistentry termcommandlink replaceableFILENAME/replaceable.../command/term listitem diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 533ce43..57db1c9 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1562,9 +1562,6 @@ static int method_enable_unit_files_generic( sd_bus_error *error) { _cleanup_strv_free_ char **l = NULL; -#ifdef HAVE_SELINUX -char **i; -#endif UnitFileChange *changes = NULL; unsigned n_changes = 0; UnitFileScope scope; @@ -1588,18 +1585,9 @@ static int method_enable_unit_files_generic( if (r 0) return r; -#ifdef HAVE_SELINUX -STRV_FOREACH(i, l) { -Unit *u; - -u = manager_get_unit(m, *i); -if (u) { -r = selinux_unit_access_check(u, message, verb, error); -if (r 0) -return r; -} -} -#endif +r = selinux_unit_access_check_strv(l, message, m, verb, error); +if (r 0) +return r; scope = m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; @@ -1637,9 +1625,6 @@ static int method_mask_unit_files(sd_bus *bus, sd_bus_message *message, void *us static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_strv_free_ char **l = NULL; -#ifdef HAVE_SELINUX -char **i; -#endif UnitFileChange *changes = NULL; unsigned n_changes = 0; Manager *m = userdata; @@ -1674,18 +1659,9 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa return -EINVAL; } -#ifdef HAVE_SELINUX -STRV_FOREACH(i, l) { -Unit *u; - -u = manager_get_unit(m, *i); -if (u) { -r = selinux_unit_access_check(u, message, enable, error); -if (r 0) -return r; -} -} -#endif +r = selinux_unit_access_check_strv(l, message, m, enable, error); +if (r 0) +return r; scope = m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; @@ -1828,6 +1804,52 @@ static int
Re: [systemd-devel] [PATCH 2/4] mount-setup: introduce mount_setup_run_dirs()
On Thu, Oct 02, 2014 at 11:43:22AM +0200, Lennart Poettering wrote: On Thu, 02.10.14 09:57, Michal Sekletar (msekl...@redhat.com) wrote: In cases when we are running as system manager, but we don't have the capability to mount filesystems don't call mount_setup(). However we assume that some directories (e.g. /run/systemd) are always around. Hence don't create those directories in mount_setup(). --- src/core/main.c| 7 ++- src/core/mount-setup.c | 20 src/core/mount-setup.h | 1 + 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/core/main.c b/src/core/main.c index 1a62e04..fcd9471 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1393,10 +1393,15 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ -if (getpid() == 1) { +if (getpid() == 1 have_effective_cap(CAP_SYS_ADMIN)) { r = mount_setup(loaded_policy); if (r 0) goto finish; Hmm, is this really necessary? I mean, the code in mount_setup() will anyway only mount what is missing, but not overmount what is already mounted. I think it is necessary to make possible to run systemd in a docker container. Hence, if a container manager mounts everything properly, then mount_setup() should be a NOP anyway... In theory yes, but in fact not having /run mounted as tmpfs is default in the docker container. I have no strong opinion on whether this is sensible or not, however I think that systemd can be made more resilient and handle such cases. Now systemd will try to mount /run on tmpfs, such attempt will fail because of missing capability and then systemd will just hang. Michal Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 3/4] shutdown: don't do final unmounting when inside the container and running without CAP_SYS_ADMIN
On Thu, Oct 02, 2014 at 12:04:02PM +0200, Lennart Poettering wrote: On Thu, 02.10.14 09:57, Michal Sekletar (msekl...@redhat.com) wrote: #define FINALIZE_ATTEMPTS 50 @@ -207,7 +208,11 @@ int main(int argc, char *argv[]) { in_container = detect_container(NULL) 0; -need_umount = true; +if (in_container !have_effective_cap(CAP_SYS_ADMIN)) +need_umount = false; +else +need_umount = true; + need_swapoff = !in_container; need_loop_detach = !in_container; need_dm_detach = !in_container; Hmm, I think we should just do need_umount = !in_container, like we do for the other things like loopback detaching, dm detaching or swapoff. After all, if we run in a container we run in a mount namespace anyway, so unmounting things is done by the kernel implicitly if the namespace dies. At least in theory this means we can simply skip the unmounting in all containers, but I must admit that I am not entirely clear on this one, so this needs to be tested in the common container managers really, I figure... Do you mind if I push just need_umount = !in_container then? Michal Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] variable expansion in ExecStart
On Mon, Oct 06, 2014 at 05:52:40PM +0200, Lennart Poettering wrote: On Sat, 04.10.14 21:24, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: Hi, Environment=X='Y' Z ExecStart=/bin/echo $X ${X} results in echo[31266]: Y Z 'Y' Z i.e., $X not only splits at whitespace, as documented, but also strips quotes. Is this by design, or is it an implementation accident? Should this behaviour be changed? Well, I wouldn't claim it was by design, but I think it actually *does* make some sense the way it is. Might need documentation though... By design or not, it is documented now. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v4] systemctl: add add-wants and add-requires verbs
On Tue, Oct 07, 2014 at 02:09:37PM +0200, Lukas Nykryn wrote: --- Changes in v4 - renamed install_dependency - dependency - removed the enum with dependencies and used the general one instead This part should really be a separate commit. It moves a lot of code around and makes it harder to see what is going on. - add an error meesage in the case that --root is used and it fails - changes in manpage Looks good, please push. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] dbus-manager: don't allow enabling if unit is masked
On Tue, Oct 07, 2014 at 08:23:32AM +0200, Jan Synacek wrote: While I'm at it, what about disable? Should it behave in the same way, i.e. return error when the unit is masked? My guess is that yes, but I'm not sure. I don't see a reason why disabling should be disallowed. I think we even allow (or should allow) disabling of uninstalled units. Disabling is only about removing links. E.g. in the situation where somebody masked a file by adding a link to /dev/null, and wants to remove the links also, this should be totally OK. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Bug? /dev/disk/by-path symlinks disappear for iSCSI targets
Hi: I am debugging a problem where the symlinks in /dev/disk/by-path disappeared for iSCSI target devices. It looks like it's from systemd/udev commit e98bbfd2074e2b1079b7059341eac25741baf319 udev: path_id - suppress ID_PATH for devices with an unknown parent device type I believe the worry was that if you allowed pathnames based on a parent bus that did not supply unique IDs, then you could end up with duplicate paths, since this references a bug: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1321816 But, looking at the code, this change seems to have assumed SCSI was not a supported parent. I am not aware of any cases where SCSI has given duplicate names to devices Before submitting a patch to fix this for SCSI, I wanted to make sure I understood the intent correctly. Thank you for your help. -- Lee Duncan ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Shell expressions in EnvironmentFile
Since EnvironmentFile in a service isn't sourced by any shell, shell expressions in it will obviously not work the way that they did in a SysV style script. Nor does it seems that the environment gets preserved between ExecStartPre (where one could run a script that sets environment variables to be later used in the starting of the service) and ExecStart, so something like the following won't work: [Service] ExecStartPre=/something/that/sets/var ExecStart=/some/file $var Is there some way to get dynamically determined data into the environment such that it can be passed to the daemon at start? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Shell expressions in EnvironmentFile
2014-10-07 19:12 GMT+02:00 Jon Stanley jonstan...@gmail.com: Since EnvironmentFile in a service isn't sourced by any shell, shell expressions in it will obviously not work the way that they did in a SysV style script. Nor does it seems that the environment gets preserved between ExecStartPre (where one could run a script that sets environment variables to be later used in the starting of the service) and ExecStart, so something like the following won't work: Which is logical since no system exists to modify the environment of the parent proces. [Service] ExecStartPre=/something/that/sets/var ExecStart=/some/file $var ExecStart=/bin/sh -c . /something/that/sets/var; /some/file $var in other words: If you want shell behaviour, use a shell. Is there some way to get dynamically determined data into the environment such that it can be passed to the daemon at start? Simon Peeters ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] I wonder… why systemd provokes this amount of polarity and resistance
- Original Message - From: Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl On Mon, Oct 06, 2014 at 02:56:22PM -0400, Rob Owens wrote: On Debian, I came across an unusual dependency. Installing a cd burner (brasero) required me to change my init system to systemd. Sounds kind of ridiculous, I think. The dependency chain went like this: brasero - gvfs - gvfs-daemons - udisks2 - libpam-systemd - systemd-sysv I don't know enough about this stuff to comment very intelligently, which is why I haven't said anything up until now. But my research shows that each of these dependencies is indeed valid in the sense that each dependency represents some real requirement for functionality. The issue, I think, is that some of these packages provide very broad functionality. As I put it in a Debian bug report: Brasero needs X functionality, which can be found in package W. Package W also provides Y functionality, which depends on systemd-sysv. So therefore brasero depends on systemd-sysv, even though it doesn't *need* it. I gather that this has something to do with logind and/or cgroups. I can appreciate the benefits (on some systems) of giving only the local user access to removable media. But I don't understand why this functionality requires the use of systemd-sysv (the init system), particularly if my understanding is correct that this functionality used to be separate from the init portion of systemd. I'll assume that this is a serious question, despite being rather elementary... My question really isn't why are the Debian dependencies the way they are. I understand that. I was trying to highlight the strange situation of a desktop application requiring a particular init system. I *think* this is a result of the init portion of systemd being bundled together with the logind portion of systemd. To me (unfamiliar with the systemd code) those two functions seem distinct enough to merit being separate. Debian can't easily separate what the systemd devs have developed as a single binary, so we end up with these strange dependency chains. I am trying to demonstrate the drawbacks of the decision to combine logind with the init portion of systemd. I'm giving you an outsider's point of view. I realize that most of the folks on this list probably love all of systemd and couldn't imagine why anyone would want to have just bits and pieces of it. But I think my previous email gave some good reasons. If not, let me know and I'll try to be more clear about it. The second option requires someone to step up and provide an alternative implementation. So far, systemd-shim is one candidate, but it took months to appear and still has occasional problems. (I don't follow the situation quite closely, but Michael seems to find serious bugs with very light testing). At some point, systemd-shim might become a viable replacement. This work should be done by people who want the alternatives, not the maintainers of systemd, who happily use the existing stack. So if the alternatives are not in the shape you would like them to be, inquire with the maintainers of the said alternatives. But even assuming that an alternative is functional, using it is not without costs for the maintainers of dependent packages. Let's say that we have some systems with systemd, some with systemd-shim. It is likely that a bug report for udisk2 might require the maintainer to ask which of the alternatives is used. For such basic functionality that influences the whole OS, if the maintainer uses a different init, it is like being on a different architecture. It makes things hard to debug, hard to test, and greatly distracts from the time the maintainer has available to really fix bugs. It is not free, and diminishes the appeal of the whole distribution. It might be that this alternative dependency has advantages which outweigh this cost. I think everything you said in these two paragraphs could be used to support the argument of keeping logind separate from init. Then everybody would be using your logind code, and there would be no need for systemd-shim. There still would be the issue for package maintainers of supporting multiple init systems, but that's Debian's decision to do so. But seriously, is SysV init that great? I never thought much about my init system until recently. I never really had any complaints with SysV init, although I do recognize that systemd provides real improvements for some use cases. So for me as a sysadmin the wisest thing to do is stick with what I already know, as long as it's working well enough (and for me, it is). Systemd-shim provides some functionality that systemd-sysv provides, and allows admins to use init systems other than systemd while still installing things like brasero. I think this is a great thing, except I wonder why the systemd project didn't separate this functionality
[systemd-devel] [PATCH 0/3 v2] Added test for unit file state returned by unit_file_get_state and unit_file_get_list.
Ken Sedgwick (3): Added test for unit file state returned by unit_file_get_state and unit_file_get_list. Made test-enabled units more basic, removing superfluous fields. Cleaned up test path assignment code. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/3] Added test for unit file state returned by unit_file_get_state and unit_file_get_list.
--- .gitignore | 1 + Makefile.am| 44 ++- src/test/test-enabled.c| 143 + .../etc/systemd/system/masked.service | 1 + .../etc/systemd/system/maskedstatic.service| 1 + .../etc/systemd/system/some.target | 15 +++ .../system/some.target.wants/aliased.service | 1 + .../system/some.target.wants/also_masked.service | 1 + .../system/some.target.wants/another.service | 1 + .../system/some.target.wants/different.service | 1 + .../system/some.target.wants/masked.service| 1 + .../some.target.wants/templating@four.service | 1 + .../some.target.wants/templating@one.service | 1 + .../some.target.wants/templating@three.service | 1 + .../some.target.wants/templating@two.service | 1 + .../run/systemd/system/maskedruntime.service | 1 + .../run/systemd/system/maskedruntimestatic.service | 1 + .../run/systemd/system/other.target| 15 +++ .../system/other.target.wants/runtime.service | 1 + .../usr/lib/systemd/system/another.service | 12 ++ .../usr/lib/systemd/system/disabled.service| 12 ++ .../usr/lib/systemd/system/invalid.service | 1 + .../usr/lib/systemd/system/masked.service | 12 ++ .../usr/lib/systemd/system/maskedruntime.service | 12 ++ .../lib/systemd/system/maskedruntimestatic.service | 9 ++ .../usr/lib/systemd/system/maskedstatic.service| 9 ++ .../usr/lib/systemd/system/runtime.service | 12 ++ .../usr/lib/systemd/system/static.service | 9 ++ .../usr/lib/systemd/system/templating@.service | 12 ++ .../lib/systemd/system/templating@three.service| 12 ++ .../usr/lib/systemd/system/templating@two.service | 12 ++ .../usr/lib/systemd/system/unique.service | 12 ++ 32 files changed, 365 insertions(+), 3 deletions(-) create mode 100644 src/test/test-enabled.c create mode 12 test/test-enabled-root/etc/systemd/system/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/etc/systemd/system/some.target create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/aliased.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/also_masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/another.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/different.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@four.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@one.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@three.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@two.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntime.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/run/systemd/system/other.target create mode 12 test/test-enabled-root/run/systemd/system/other.target.wants/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/another.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/disabled.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/invalid.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/masked.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/static.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@three.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@two.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/unique.service diff --git a/.gitignore b/.gitignore index f119b57..97b2b2b 100644 --- a/.gitignore +++ b/.gitignore @@ -173,6 +173,7 @@ /test-icmp6-rs /test-ellipsize /test-engine +/test-enabled /test-env-replace /test-event /test-fdset diff --git a/Makefile.am b/Makefile.am index 60011b7..3d782fa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1355,7
[systemd-devel] [PATCH 2/3] Made test-enabled units more basic, removing superfluous fields.
--- test/test-enabled-root/etc/systemd/system/some.target | 6 +- test/test-enabled-root/run/systemd/system/other.target | 3 +-- test/test-enabled-root/usr/lib/systemd/system/another.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/disabled.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/masked.service | 7 ++- .../test-enabled-root/usr/lib/systemd/system/maskedruntime.service | 7 ++- .../usr/lib/systemd/system/maskedruntimestatic.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/maskedstatic.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/runtime.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/static.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/templating@.service | 7 ++- .../usr/lib/systemd/system/templating@three.service| 7 ++- .../usr/lib/systemd/system/templating@two.service | 7 ++- test/test-enabled-root/usr/lib/systemd/system/unique.service | 7 ++- 14 files changed, 26 insertions(+), 67 deletions(-) diff --git a/test/test-enabled-root/etc/systemd/system/some.target b/test/test-enabled-root/etc/systemd/system/some.target index a2c4532..06eb04e 100644 --- a/test/test-enabled-root/etc/systemd/system/some.target +++ b/test/test-enabled-root/etc/systemd/system/some.target @@ -6,10 +6,6 @@ # (at your option) any later version. [Unit] -Description=Graphical Interface -Documentation=man:systemd.special(7) +Description=Some sort of target. Requires=multi-user.target After=multi-user.target -Conflicts=rescue.target -Wants=display-manager.service -AllowIsolate=yes diff --git a/test/test-enabled-root/run/systemd/system/other.target b/test/test-enabled-root/run/systemd/system/other.target index a2c4532..0f54eb3 100644 --- a/test/test-enabled-root/run/systemd/system/other.target +++ b/test/test-enabled-root/run/systemd/system/other.target @@ -6,8 +6,7 @@ # (at your option) any later version. [Unit] -Description=Graphical Interface -Documentation=man:systemd.special(7) +Description=Other Target Requires=multi-user.target After=multi-user.target Conflicts=rescue.target diff --git a/test/test-enabled-root/usr/lib/systemd/system/another.service b/test/test-enabled-root/usr/lib/systemd/system/another.service index 669548a..e4ea7f3 100644 --- a/test/test-enabled-root/usr/lib/systemd/system/another.service +++ b/test/test-enabled-root/usr/lib/systemd/system/another.service @@ -1,12 +1,9 @@ [Unit] -Description=Crash recovery kernel arming -After=network.target network-online.target remote-fs.target +Description=Another Service [Service] Type=oneshot -ExecStart=/usr/bin/kdumpctl start -ExecStop=/usr/bin/kdumpctl stop -RemainAfterExit=yes +ExecStart=/bin/echo Another Service Start [Install] WantedBy=some.target diff --git a/test/test-enabled-root/usr/lib/systemd/system/disabled.service b/test/test-enabled-root/usr/lib/systemd/system/disabled.service index 669548a..f1d1fc6 100644 --- a/test/test-enabled-root/usr/lib/systemd/system/disabled.service +++ b/test/test-enabled-root/usr/lib/systemd/system/disabled.service @@ -1,12 +1,9 @@ [Unit] -Description=Crash recovery kernel arming -After=network.target network-online.target remote-fs.target +Description=Disabled Service [Service] Type=oneshot -ExecStart=/usr/bin/kdumpctl start -ExecStop=/usr/bin/kdumpctl stop -RemainAfterExit=yes +ExecStart=/bin/echo Disabled Service Start [Install] WantedBy=some.target diff --git a/test/test-enabled-root/usr/lib/systemd/system/masked.service b/test/test-enabled-root/usr/lib/systemd/system/masked.service index 669548a..7a64302 100644 --- a/test/test-enabled-root/usr/lib/systemd/system/masked.service +++ b/test/test-enabled-root/usr/lib/systemd/system/masked.service @@ -1,12 +1,9 @@ [Unit] -Description=Crash recovery kernel arming -After=network.target network-online.target remote-fs.target +Description=Masked Service [Service] Type=oneshot -ExecStart=/usr/bin/kdumpctl start -ExecStop=/usr/bin/kdumpctl stop -RemainAfterExit=yes +ExecStart=/bin/echo Masked Service Start [Install] WantedBy=some.target diff --git a/test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service b/test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service index 669548a..db50f6e 100644 --- a/test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service +++ b/test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service @@ -1,12 +1,9 @@ [Unit] -Description=Crash recovery kernel arming -After=network.target network-online.target remote-fs.target +Description=Masked Runtime Service [Service] Type=oneshot -ExecStart=/usr/bin/kdumpctl start -ExecStop=/usr/bin/kdumpctl stop -RemainAfterExit=yes +ExecStart=/bin/echo Masked Runtime Service Start [Install] WantedBy=some.target diff --git
[systemd-devel] [PATCH 3/3] Cleaned up test path assignment code.
--- src/test/test-enabled.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/test/test-enabled.c b/src/test/test-enabled.c index 607f68c..104348e 100644 --- a/src/test/test-enabled.c +++ b/src/test/test-enabled.c @@ -75,9 +75,6 @@ */ -const char *subdir = /test-enabled-root; -char root_dir[UNIT_NAME_MAX + 2 + 1] = TEST_DIR; - #define confirm_unit_state(unit, expected) \ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root_dir, unit) == expected) @@ -86,8 +83,9 @@ static void test_enabled(int argc, char* argv[]) { UnitFileList *p; Iterator i; int r; +const char *root_dir; -strncat(root_dir, subdir, strlen(subdir)); +root_dir = strappenda(TEST_DIR, /test-enabled-root); confirm_unit_state(nonexistent.service, -ENOENT); confirm_unit_state(invalid.service, -EBADMSG); -- 1.9.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Shell expressions in EnvironmentFile
From: Simon Peeters peeters.si...@gmail.com 2014-10-07 19:12 GMT+02:00 Jon Stanley jonstan...@gmail.com: [Service] ExecStartPre=/something/that/sets/var ExecStart=/some/file $var ExecStart=/bin/sh -c . /something/that/sets/var; /some/file $var Yeah, I think some thing like this would work: ExecStartPre=/bin/sh -c '/something/that/sets/var ; printenv /tmp/special' ExecStart=/bin/sh -c '. /tmp/special ; /some/file $var' But you probably want to reorganize how you're doing the job. You probably want a wrapper script that calculates $var and then invokes /some/file $var. Dale ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH, REVIEW] Added unit enabled-context cache to improve performance w/ many units.
The attached patch adds an EnabledContext cache so systems with 1000s of units do not suffer O(N^2) performance when determining unit state. The test-enabled unit test (added to master under other patch) is used to confirm that the returned states are the same as the current master. Please review. Many thanks in advance, Ken -- Ken Sedgwick Bonsai Software, Inc. http://www.bonsai.com/ken/ (510) 269-7334 k...@bonsai.com Public Key: http://www.bonsai.com/ken/ken.asc GPG Fingerprint: 851E 3B07 E586 0843 9434 5CC7 4033 3B9B 3F3F 9640 diff --git a/.gitignore b/.gitignore index f119b57..97b2b2b 100644 --- a/.gitignore +++ b/.gitignore @@ -173,6 +173,7 @@ /test-icmp6-rs /test-ellipsize /test-engine +/test-enabled /test-env-replace /test-event /test-fdset diff --git a/Makefile.am b/Makefile.am index e52db17..7d4f2f5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1358,7 +1358,8 @@ tests += \ test-ratelimit \ test-condition-util \ test-uid-range \ - test-bus-policy + test-bus-policy \ + test-enabled EXTRA_DIST += \ test/a.service \ @@ -1394,8 +1395,36 @@ EXTRA_DIST += \ test/bus-policy/hello.conf \ test/bus-policy/methods.conf \ test/bus-policy/ownerships.conf \ - test/bus-policy/signals.conf - + test/bus-policy/signals.conf \ + test/test-enabled-root/usr/lib/systemd/system/masked.service \ + test/test-enabled-root/usr/lib/systemd/system/runtime.service \ + test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service \ + test/test-enabled-root/usr/lib/systemd/system/another.service \ + test/test-enabled-root/usr/lib/systemd/system/templating@three.service \ + test/test-enabled-root/usr/lib/systemd/system/maskedstatic.service \ + test/test-enabled-root/usr/lib/systemd/system/invalid.service \ + test/test-enabled-root/usr/lib/systemd/system/disabled.service \ + test/test-enabled-root/usr/lib/systemd/system/templating@two.service \ + test/test-enabled-root/usr/lib/systemd/system/unique.service \ + test/test-enabled-root/usr/lib/systemd/system/templating@.service \ + test/test-enabled-root/usr/lib/systemd/system/static.service \ + test/test-enabled-root/usr/lib/systemd/system/maskedruntimestatic.service \ + test/test-enabled-root/run/systemd/system/other.target.wants/runtime.service \ + test/test-enabled-root/run/systemd/system/maskedruntime.service \ + test/test-enabled-root/run/systemd/system/other.target \ + test/test-enabled-root/run/systemd/system/maskedruntimestatic.service \ + test/test-enabled-root/etc/systemd/system/masked.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/masked.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/another.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/templating@three.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/templating@one.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/templating@two.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/templating@four.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/also_masked.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/different.service \ + test/test-enabled-root/etc/systemd/system/some.target.wants/aliased.service \ + test/test-enabled-root/etc/systemd/system/maskedstatic.service \ + test/test-enabled-root/etc/systemd/system/some.target EXTRA_DIST += \ src/test/test-helper.h @@ -1782,6 +1811,15 @@ test_install_LDADD = \ libsystemd-shared.la \ libsystemd-internal.la +test_enabled_SOURCES = \ + src/test/test-enabled.c + +test_enabled_LDADD = \ + libsystemd-units.la \ + libsystemd-label.la \ + libsystemd-shared.la \ + libsystemd-internal.la + test_watchdog_SOURCES = \ src/test/test-watchdog.c diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 533ce43..8dcd552 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1403,7 +1403,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us if (!h) return -ENOMEM; -r = unit_file_get_list(m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, NULL, h); +r = unit_file_get_list(m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, NULL, h, m-enabled); if (r 0) goto fail; @@ -1454,7 +1454,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void scope = m-running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER; -state = unit_file_get_state(scope, NULL, name); +state = unit_file_get_state(scope, NULL, name, m-enabled); if (state 0) return state; diff --git a/src/core/manager.c b/src/core/manager.c index e0c1cd1..c9aef42 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -465,6 +465,10 @@ int manager_new(SystemdRunningAs running_as, bool test_run, Manager **_m) { if (r 0) goto
Re: [systemd-devel] [PATCH 2/3] Made test-enabled units more basic, removing superfluous fields.
I think the test additions need to be rebased into a single commit onto master rather than the initial patch plus the fixes as a second commit. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] I wonder… why systemd provokes this amount of polarity and resistance
On Tue, 2014-10-07 at 14:15 -0400, Rob Owens wrote: My question really isn't why are the Debian dependencies the way they are. I understand that. I was trying to highlight the strange situation of a desktop application requiring a particular init system. I *think* this is a result of the init portion of systemd being bundled together with the logind portion of systemd. To me (unfamiliar with the systemd code) those two functions seem distinct enough to merit being separate. Debian can't easily separate what the systemd devs have developed as a single binary, so we end up with these strange dependency chains. Single binary is false of course. Logind is developed as a separate program, which is why systemd-shim is possible at all. AFAIK the actual relevant dependencies go as follows: First, there's a good reason why logind requires cgroup functionality. And there's a good reason why cgroup functionality is best implemented together with init (see http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/ for more info). So it's not quite directly logind has to depend on systemd as init, but logind has to depend on the system having cgroup support, and there's no equally good cgroup support available for inits other than systemd. It is possible to provide the relevant cgroup interfaces in or on top of another init, as the systemd-sysv + cgmanager combination attempts to do. But it is not trivial to do, as bugs and implementation delays with that combo have shown, and it's quite likely that there will be more problems in the future. It's not a particularly good idea to use the less-tested and less-reliable systemd-shim instead of the more reliable systemd. Thus the overall result is that yes, it does make sense to switch machines to systemd when you add certain functionality, even if that functionality does not appear to be directly tied to the init system at first glance. I never thought much about my init system until recently. I never really had any complaints with SysV init, although I do recognize that systemd provides real improvements for some use cases. So for me as a sysadmin the wisest thing to do is stick with what I already know, as long as it's working well enough (and for me, it is). The issue with I should be able to stay with sysvinit because it worked fine for me is that keeping sysvinit working is COSTLY. The reason sysvinit used to mostly work was not that it would have been a reliable system - it mostly worked because people kept using a lot of effort to work around and paper over various issues that kept popping up. And there's no justification to keep up that effort for the minority who wants to stay with sysvinit. So, you can keep running your old systems unchanged if you want, but you shouldn't expect to be able to upgrade them or install new software without switching to systemd. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] core: don't allow enabling if unit is masked
On Tue, Oct 07, 2014 at 01:35:41PM +0200, Jan Synacek wrote: --- src/shared/install.c | 13 + 1 file changed, 13 insertions(+) Applied. Making the error messages better is another step that needs to be done. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v4] systemctl: add add-wants and add-requires verbs
On Tue, Oct 07, 2014 at 05:46:48PM +0200, Zbigniew Jędrzejewski-Szmek wrote: On Tue, Oct 07, 2014 at 02:09:37PM +0200, Lukas Nykryn wrote: --- Changes in v4 - renamed install_dependency - dependency - removed the enum with dependencies and used the general one instead This part should really be a separate commit. It moves a lot of code around and makes it harder to see what is going on. - add an error meesage in the case that --root is used and it fails - changes in manpage Looks good, please push. Jan Synacek's patch f7101b7368 adds a check to unit_file_enable(). An identical check should be applied to the code path you are adding. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] journal: Fix sd_journal_enumerate_unique skipping values
On Mon, Oct 06, 2014 at 06:57:38PM +0200, Zbigniew Jędrzejewski-Szmek wrote: On Mon, Oct 06, 2014 at 06:36:34PM +0200, Jan Janssen wrote: *bump* Sorry, I'll look into this. Doesn't work. Both without or with your other patch sd_journal_enumerate_unique I get bogus results on my test case. It seems the issue is more complicated. Zbyszek On 2014-09-06 10:36, Jan Janssen wrote: sd_journal_enumerate_unique will lock its mmap window to prevent it from being released by calling mmap_cache_get with keep_always=true. This call may return windows that are wider, but compatible with the parameters provided to it. This can result in a mismatch where the window to be released cannot properly be selected, because we have more than one window matching the parameters of mmap_cache_release. Therefore, introduce a release_cookie to be used when releasing the window. https://bugs.freedesktop.org/show_bug.cgi?id=79380 --- src/journal/journal-file.c| 2 +- src/journal/journal-file.h| 11 --- src/journal/journal-verify.c | 2 +- src/journal/mmap-cache.c | 32 +++- src/journal/mmap-cache.h | 8 +++- src/journal/sd-journal.c | 11 ++- src/journal/test-mmap-cache.c | 10 +- 7 files changed, 39 insertions(+), 37 deletions(-) diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 7286e14..0ed51ed 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -391,7 +391,7 @@ static int journal_file_move_to(JournalFile *f, int context, bool keep_always, u return -EADDRNOTAVAIL; } -return mmap_cache_get(f-mmap, f-fd, f-prot, context, keep_always, offset, size, f-last_stat, ret); +return mmap_cache_get(f-mmap, f-fd, f-prot, context, keep_always, offset, size, f-last_stat, ret, NULL); } static uint64_t minimum_header_size(Object *o) { diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h index da2ef3b..da1b793 100644 --- a/src/journal/journal-file.h +++ b/src/journal/journal-file.h @@ -212,17 +212,14 @@ static unsigned type_to_context(int type) { return type 0 type _OBJECT_TYPE_MAX ? type : 0; } -static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) { +static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset, void **release_cookie) { unsigned context = type_to_context(o-object.type); uint64_t s = le64toh(o-object.size); return mmap_cache_get(f-mmap, f-fd, f-prot, context, true, - offset, s, f-last_stat, NULL); + offset, s, f-last_stat, NULL, release_cookie); } -static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) { -unsigned context = type_to_context(o-object.type); -uint64_t s = le64toh(o-object.size); - -return mmap_cache_release(f-mmap, f-fd, f-prot, context, offset, s); +static inline int journal_file_object_release(JournalFile *f, void *release_cookie) { +return mmap_cache_release(f-mmap, f-fd, release_cookie); } diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c index 6c8ca8c..a1c34ac 100644 --- a/src/journal/journal-verify.c +++ b/src/journal/journal-verify.c @@ -368,7 +368,7 @@ static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) { c = (a + b) / 2; -r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) z); +r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) z, NULL); if (r 0) return r; diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c index 7dbbb5e..64bc8da 100644 --- a/src/journal/mmap-cache.c +++ b/src/journal/mmap-cache.c @@ -352,7 +352,8 @@ static int try_context( bool keep_always, uint64_t offset, size_t size, -void **ret) { +void **ret, +void **release_cookie) { Context *c; @@ -381,6 +382,8 @@ static int try_context( if (ret) *ret = (uint8_t*) c-window-ptr + (offset - c-window-offset); +if (keep_always release_cookie) +*release_cookie = c-window; return 1; } @@ -392,7 +395,8 @@ static int find_mmap( bool keep_always, uint64_t offset, size_t size, -void **ret) { +void **ret, +void
Re: [systemd-devel] Systemd-nspawn: Cannot create tun device in container
Does anyone have any feedback on this thread? If it's not possible for a container to create its own /dev/net/tun device (or use the host system's), I'll just move on to finding a less preferable solution. On Oct 3, 2014, at 10:46 AM, James Lott ja...@lottspot.com wrote: Hello, list! In some work I've been doing with systemd-nspawn containers, I've been trying to connect one of my containers to an openvpn network. This conteiner is being run with the --network-bridge flag to setup its networking, so according to the documentation, should retain CAP_NET_ADMIN capabilities. However, the container appears to be unable to create a new tun device [root@lanvpn ~]# ip tuntap add dev tun0 mode tun open: No such file or directory I tried retaining the CAP_MKNOD capability for this container using the -- capability flag as well, and this met with the same result. I also tried binding the /dev/net device directory from the parent to the /dev/net device directory of the child container, and added the following line to the systemd-nspawn service file of the container [root@host01 ~]# grep Device /etc/systemd/system/lanvpn.service DeviceAllow=/dev/net/tun rwm This resulted in the error [root@lanvpn ~]# ip tuntap add tun0 mode tun open: Operation not permitted Is there any way to run my containers which will allow them to create tun/tap devices? System is arch linux arm, running systemd 216-r3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] note on relative symlink in os-release
--- man/os-release.xml | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/man/os-release.xml b/man/os-release.xml index 4e02f80..b298304 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -90,11 +90,15 @@ files at the same time. filename/usr/lib/os-release/filename is the recommended place to store OS release information as -part of vendor trees. Frequently, -filename/etc/os-release/filename is simply a -symlink to filename/usr/lib/os-release/filename, +part of vendor trees. +filename/etc/os-release/filename should be a +relative symlink to +filename/usr/lib/os-release/filename, to provide compatibility with applications only -looking at filename/etc/filename./para +looking at filename/etc/filename. A relative +symlink instead of an absolute symlink is +necessary to avoid breaking the link in a chroot or +initrd environment such as dracut./para parafilenameos-release/filename contains data that is defined by the operating system vendor and -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v2] Added test for unit file state returned by unit_file_get_state and unit_file_get_list. Made test-enabled units more basic, removing superfluous fields. Cleaned up test path
--- .gitignore | 1 + Makefile.am| 44 ++- src/test/test-enabled.c| 141 + .../etc/systemd/system/masked.service | 1 + .../etc/systemd/system/maskedstatic.service| 1 + .../etc/systemd/system/some.target | 11 ++ .../system/some.target.wants/aliased.service | 1 + .../system/some.target.wants/also_masked.service | 1 + .../system/some.target.wants/another.service | 1 + .../system/some.target.wants/different.service | 1 + .../system/some.target.wants/masked.service| 1 + .../some.target.wants/templating@four.service | 1 + .../some.target.wants/templating@one.service | 1 + .../some.target.wants/templating@three.service | 1 + .../some.target.wants/templating@two.service | 1 + .../run/systemd/system/maskedruntime.service | 1 + .../run/systemd/system/maskedruntimestatic.service | 1 + .../run/systemd/system/other.target| 14 ++ .../system/other.target.wants/runtime.service | 1 + .../usr/lib/systemd/system/another.service | 9 ++ .../usr/lib/systemd/system/disabled.service| 9 ++ .../usr/lib/systemd/system/invalid.service | 1 + .../usr/lib/systemd/system/masked.service | 9 ++ .../usr/lib/systemd/system/maskedruntime.service | 9 ++ .../lib/systemd/system/maskedruntimestatic.service | 6 + .../usr/lib/systemd/system/maskedstatic.service| 6 + .../usr/lib/systemd/system/runtime.service | 9 ++ .../usr/lib/systemd/system/static.service | 6 + .../usr/lib/systemd/system/templating@.service | 9 ++ .../lib/systemd/system/templating@three.service| 9 ++ .../usr/lib/systemd/system/templating@two.service | 9 ++ .../usr/lib/systemd/system/unique.service | 9 ++ 32 files changed, 322 insertions(+), 3 deletions(-) create mode 100644 src/test/test-enabled.c create mode 12 test/test-enabled-root/etc/systemd/system/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/etc/systemd/system/some.target create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/aliased.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/also_masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/another.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/different.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@four.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@one.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@three.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@two.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntime.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/run/systemd/system/other.target create mode 12 test/test-enabled-root/run/systemd/system/other.target.wants/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/another.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/disabled.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/invalid.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/masked.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/static.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@three.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@two.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/unique.service diff --git a/.gitignore b/.gitignore index f119b57..97b2b2b 100644 --- a/.gitignore +++ b/.gitignore @@ -173,6 +173,7 @@ /test-icmp6-rs /test-ellipsize /test-engine +/test-enabled /test-env-replace /test-event /test-fdset diff --git a/Makefile.am b/Makefile.am index e52db17..7d4f2f5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1358,7 +1358,8
[systemd-devel] [PATCH v2] Added test for unit file state returned by unit_file_get_state and unit_file_get_list
Combined initial submission and subsequent fixes into a single patch. Ken Sedgwick (1): Added test for unit file state returned by unit_file_get_state and unit_file_get_list. Made test-enabled units more basic, removing superfluous fields. Cleaned up test path assignment code. .gitignore | 1 + Makefile.am| 44 ++- src/test/test-enabled.c| 141 + .../etc/systemd/system/masked.service | 1 + .../etc/systemd/system/maskedstatic.service| 1 + .../etc/systemd/system/some.target | 11 ++ .../system/some.target.wants/aliased.service | 1 + .../system/some.target.wants/also_masked.service | 1 + .../system/some.target.wants/another.service | 1 + .../system/some.target.wants/different.service | 1 + .../system/some.target.wants/masked.service| 1 + .../some.target.wants/templating@four.service | 1 + .../some.target.wants/templating@one.service | 1 + .../some.target.wants/templating@three.service | 1 + .../some.target.wants/templating@two.service | 1 + .../run/systemd/system/maskedruntime.service | 1 + .../run/systemd/system/maskedruntimestatic.service | 1 + .../run/systemd/system/other.target| 14 ++ .../system/other.target.wants/runtime.service | 1 + .../usr/lib/systemd/system/another.service | 9 ++ .../usr/lib/systemd/system/disabled.service| 9 ++ .../usr/lib/systemd/system/invalid.service | 1 + .../usr/lib/systemd/system/masked.service | 9 ++ .../usr/lib/systemd/system/maskedruntime.service | 9 ++ .../lib/systemd/system/maskedruntimestatic.service | 6 + .../usr/lib/systemd/system/maskedstatic.service| 6 + .../usr/lib/systemd/system/runtime.service | 9 ++ .../usr/lib/systemd/system/static.service | 6 + .../usr/lib/systemd/system/templating@.service | 9 ++ .../lib/systemd/system/templating@three.service| 9 ++ .../usr/lib/systemd/system/templating@two.service | 9 ++ .../usr/lib/systemd/system/unique.service | 9 ++ 32 files changed, 322 insertions(+), 3 deletions(-) create mode 100644 src/test/test-enabled.c create mode 12 test/test-enabled-root/etc/systemd/system/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/etc/systemd/system/some.target create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/aliased.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/also_masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/another.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/different.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/masked.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@four.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@one.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@three.service create mode 12 test/test-enabled-root/etc/systemd/system/some.target.wants/templating@two.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntime.service create mode 12 test/test-enabled-root/run/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/run/systemd/system/other.target create mode 12 test/test-enabled-root/run/systemd/system/other.target.wants/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/another.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/disabled.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/invalid.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/masked.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedruntimestatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/maskedstatic.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/runtime.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/static.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@three.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/templating@two.service create mode 100644 test/test-enabled-root/usr/lib/systemd/system/unique.service -- 1.9.3 ___