Re: [systemd-devel] Docker vs PrivateTmp

On Sun, Jan 18, 2015 at 08:50:35PM -0500, Colin Walters wrote: On Sat, Jan 17, 2015, at 11:02 PM, Lars Kellogg-Stedman wrote: Hello all, With systemd 216 on Fedora 21 (kernel 3.17.8), I have run into an odd behavior concerning the PrivateTmp directive, and I am looking for help

Re: [systemd-devel] Docker vs PrivateTmp

On Sat, Jan 17, 2015, at 11:02 PM, Lars Kellogg-Stedman wrote: Hello all, With systemd 216 on Fedora 21 (kernel 3.17.8), I have run into an odd behavior concerning the PrivateTmp directive, and I am looking for help identifying this as: - Everything Is Working As Designed, Citizen - A

Re: [systemd-devel] Docker vs PrivateTmp

On Sun, Jan 18, 2015 at 11:38:12PM -0500, Lars Kellogg-Stedman wrote: I think we actually want MountFlags=slave, which will permit mounts from the global namespace to propagate into the service namespace without permitting propagation in the other direction. It seems like this would the Least

Re: [systemd-devel] [PATCH 04/11] tmpfiles: attach an array of items to each path

On Mon, Jan 19, 2015 at 01:20:37AM +0100, Zbigniew Jędrzejewski-Szmek wrote: The data structure used by tmpfiles is changed: instead of hashmaps mapping {path → Item*} we now have hashmaps containing {path - ItemArray}, where ItemArray contains a pointer to an array of Items. For current

Re: [systemd-devel] Docker vs PrivateTmp

On Sun, Jan 18, 2015 at 11:38:12PM -0500, Lars Kellogg-Stedman wrote: On Sun, Jan 18, 2015 at 08:50:35PM -0500, Colin Walters wrote: On Sat, Jan 17, 2015, at 11:02 PM, Lars Kellogg-Stedman wrote: Hello all, With systemd 216 on Fedora 21 (kernel 3.17.8), I have run into an odd

[systemd-devel] [PATCH v2] backlight: let the administrator override clamping

On my computer, the minimum brightness enforced by clamping in backlight is too bright. Add a new option to override clamping in unit file. While at it, describe the clamping in documentation. --- man/systemd-backli...@.service.xml | 27 +-- src/backlight/backlight.c

[systemd-devel] [PATCH] timedated: support split usr v3

From: Shawn Paul Landden sh...@churchofgit.com The current Debian solution to this is really ugly, and I would rather have them use the correct patch even if split usr is dumb. Read: http://rusty.ozlabs.org/?p=236 (Why Everyone Must Oppose The Merging of /usr and /) (I managed to skip the

[systemd-devel] [PATCH 03/11] tmpfiles: make sure not to concatenate non-absolute path

If the path is absolute was only checked later. Also do not check if path if absolute if we just specified it starting with a slash. --- src/tmpfiles/tmpfiles.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index

[systemd-devel] [PATCH 09/11] tmpfiles: use ACL magic on journal directories

--- README | 11 +++ configure.ac | 1 + tmpfiles.d/systemd.conf.m4 | 8 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README b/README index fa95433ecb..c72209262e 100644 --- a/README +++ b/README @@ -178,14 +178,9 @@ USERS

[systemd-devel] [PATCH 01/11] tmpfiles: simplification

Certain conditions were checked more than once. Warning message is improved. --- This is a sprawling set of changes to add ACL support to tmpfiles. The patches are not entirely clean, you can see how my understanding of the problem evolved :) Comments, suggestions for improved syntax, etc., very

[systemd-devel] [PATCH 02/11] tmpfiles: detect all combinations of + and !

The same algorithm as with - and @ in ExecStart= is used. --- src/tmpfiles/tmpfiles.c | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 91ae62da45..8811f27482 100644 ---

[systemd-devel] [PATCH 06/11] tmpfiles: make recursive operation generic

--- src/tmpfiles/tmpfiles.c | 52 ++--- 1 file changed, 19 insertions(+), 33 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 7081b4dc57..d563989790 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@

[systemd-devel] [PATCH 05/11] tmpfiles: add 'a' type to set ACLs

--- Makefile.am | 5 +++ man/tmpfiles.d.xml| 32 - src/journal/coredump.c| 6 +--- src/journal/journalctl.c | 6 +--- src/journal/journald-server.c | 5 --- src/login/logind-acl.c| 2 -- src/shared/acl-util.c | 66

[systemd-devel] [PATCH 11/11] TODO: tmpfiles

--- TODO | 2 ++ 1 file changed, 2 insertions(+) diff --git a/TODO b/TODO index d443209414..4d0fb06dbf 100644 --- a/TODO +++ b/TODO @@ -682,6 +682,8 @@ Features: * tmpfiles: - apply x on D too (see patch from William Douglas) + - replace F with f+. + - instead of ignoring unknown fields,

[systemd-devel] [PATCH 10/11] shared/acl-util: add mask only when needed, always add base ACLs

For ACLs to be valid, a set of entries for user, group, and other must be always present. Always add those entries. While at it, only add the mask ACL if it is actually required, i.e. when at least on ACL for non-owner group or user exists. --- man/tmpfiles.d.xml | 20 +-

[systemd-devel] [PATCH 07/11] tmpfiles: make t and a globby, add their recursive versions T and A

For types which adapt existing files it is generally more useful to accept globs. In analogy to z and Z, add recursive versions using uppercase letters. Technically, making a accept globs is backwards incompatible, but in practice it probably isn't yet widely used and we can assume that most

[systemd-devel] [PATCH 04/11] tmpfiles: attach an array of items to each path

The data structure used by tmpfiles is changed: instead of hashmaps mapping {path → Item*} we now have hashmaps containing {path - ItemArray}, where ItemArray contains a pointer to an array of Items. For current code it doesn't matter much, but when we add new types it is easier to simply add a

[systemd-devel] [PATCH 08/11] tmpfiles: implement augmenting of existing ACLs

This is much more useful in practice (equivalent to setfacl -m). --- man/tmpfiles.d.xml | 28 +++-- src/shared/acl-util.c | 49 +--- src/shared/acl-util.h | 3 ++- src/tmpfiles/tmpfiles.c | 54

[systemd-devel] [PATCH] libudev: fix check for too long packet

Don't use recvmsg(2) return value to check for too long packets (it doesn't work) but MSG_TRUNC flag. --- src/libudev/libudev-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c index 484fefe..d8e551b 100644

Re: [systemd-devel] [PATCH] timedated: support split usr v3

On Sun, Jan 18, 2015 at 7:53 PM, Shawn Landden sh...@churchofgit.com wrote: From: Shawn Paul Landden sh...@churchofgit.com The current Debian solution to this is really ugly, and I would rather have them use the correct patch even if split usr is dumb. Please keep this local to the distro,

Re: [systemd-devel] Suspicious assertions in resolved

On 01/18/15 20:45, David Herrmann wrote: Hi On Sun, Jan 18, 2015 at 8:12 PM, Topi Miettinen toiwo...@gmail.com wrote: Hello, I think resolved_manager.c function manager_recv() has an assertion that could be triggerable by the server sending an oversized packet:

Re: [systemd-devel] Suspicious assertions in resolved

Hi On Sun, Jan 18, 2015 at 10:15 PM, Topi Miettinen toiwo...@gmail.com wrote: On 01/18/15 20:45, David Herrmann wrote: Hi On Sun, Jan 18, 2015 at 8:12 PM, Topi Miettinen toiwo...@gmail.com wrote: Hello, I think resolved_manager.c function manager_recv() has an assertion that could be

Re: [systemd-devel] [PATCH 3/3] remove RUN_WITH_LOCALE et all, use extended locale functions instead

Hi On Thu, Jan 15, 2015 at 6:27 AM, Cristian Rodríguez crrodrig...@opensuse.org wrote: There were two callers, one can use strtod_l() and the other strptime_l() --- src/import/curl-util.c | 38 +++--- src/shared/util.c | 18 +-

Re: [systemd-devel] Suspicious assertions in resolved

On 01/18/15 21:23, David Herrmann wrote: Hi On Sun, Jan 18, 2015 at 10:15 PM, Topi Miettinen toiwo...@gmail.com wrote: On 01/18/15 20:45, David Herrmann wrote: Hi On Sun, Jan 18, 2015 at 8:12 PM, Topi Miettinen toiwo...@gmail.com wrote: Hello, I think resolved_manager.c function