Re: [systemd-devel] Failed to apply ACLs: Invalid argument
2017-07-19 15:12 GMT+03:00 Matwey V. Kornilov : > 2017-07-19 13:32 GMT+03:00 Matwey V. Kornilov : >> 2017-07-19 13:10 GMT+03:00 Matwey V. Kornilov : >>> 2017-07-19 12:47 GMT+03:00 Lennart Poettering : On Wed, 19.07.17 12:38, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: > This is all that is relevant to Invalid Argument errno in strace: > [...] > readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 > EINVAL (Invalid argument) realinkat() returns EINVAL when invoked on a non-symlinks. It's not a real error, just a way to report that mismatch. > drwxr-xr-x 3 root root 0 июл 19 12:35 > /sys/devices/virtual/input/input7/event7 > drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport > drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc > > It is brand-new openSUSE 42.2 installation. No selinux or something like > that. Not sure what else I can suggest then, except attaching gdb to logind and check what happens when you switch VTs... it should be sufficient to set a breakpoint onto devnode_acl_all() and wait until it gets triggered, and then follow the code until you see EINVAL thrown. Unless you know gdb well enough you shouldn't attempt that though... >>> >>> Ok, it is udev_enumerate_scan_devices who returns -22 >> >> Now I see that something wrong happens inside >> >> enumerator_scan_devices_children >> >> at >> >> sd_device_get_syspath >> > > k = sd_device_new_from_device_id(&device, dent->d_name); > > inside enumerator_scan_devices_tag() returns -22 for some entry. I suspect 21d6220fe0bf24fda7df9833961e022cafa439bc will fix my issue. I will check tomorrow. > >> >>> Lennart -- Lennart Poettering, Red Hat >>> >>> >>> >>> -- >>> With best regards, >>> Matwey V. Kornilov >> >> >> >> -- >> With best regards, >> Matwey V. Kornilov > > > > -- > With best regards, > Matwey V. Kornilov -- With best regards, Matwey V. Kornilov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-nspawn map UID/GID between cointainer and host
Hello, I have some users inside container hat had the same uid/GID on host. The files are bind to container and has rights "700" on host. I can't access files inside container (permission denied). so far so good. Is there a way to map uid/gid from host to container or from container to host, that user with uid 1004 on container can access files owned by user with uid 1004 on host? there are multiple uid so that --private-users option is not usable I think. Best regards, basti ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] no user dbus session in container
On Wed, Jul 19, 2017 at 2:18 PM Simon McVittie wrote: > On Wed, 19 Jul 2017 at 09:31:36 +, arnaud gaboury wrote: > > Do I really need a per user dbsu session in my container? > > I don't know. Do you? You haven't said anything about how you start the > container, With the systemd-nspawn@ default unit file with a small override % cat /etc/systemd/system/systemd-nspawn@.service.d/override.conf [Service] ExecStart= ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-bridge=br0 -U --settings=override --machine=%i --bind-ro=/home/gabx --bind=/home/gabx/share:/home/poisonivy/share how you log in to the container, sudo machinectl login poppy > what its purpose is, or how > (if at all) its purpose interacts with the session bus. > the machine is a web server with http, ssh, ftp, postfix... > > Again, the only advice I can give you based on the information you > provided is to read the system log and look for error messages. > I am on the journal > > If you believe you have found a bug in some component (systemd or dbus > or your container manager), the first step in resolving that bug is > to describe in detail how the bug can be reproduced, including all the > steps taken and any error messages that result from them. > > Since the trigger for this regression was a Fedora upgrade, Fedora support > channels might be a more useful source of help and information than the > systemd upstream mailing list (but I suspect the first things they will > ask you to do are to describe the steps to reproduce the issue and check > the system log, so you might as well do those first, and include them > in your request for help). > Thank you again for your patience and answers. > > S > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
2017-07-19 13:32 GMT+03:00 Matwey V. Kornilov : > 2017-07-19 13:10 GMT+03:00 Matwey V. Kornilov : >> 2017-07-19 12:47 GMT+03:00 Lennart Poettering : >>> On Wed, 19.07.17 12:38, Matwey V. Kornilov (matwey.korni...@gmail.com) >>> wrote: >>> This is all that is relevant to Invalid Argument errno in strace: >>> [...] readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 EINVAL (Invalid argument) >>> >>> realinkat() returns EINVAL when invoked on a non-symlinks. It's not a >>> real error, just a way to report that mismatch. >>> drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/virtual/input/input7/event7 drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc It is brand-new openSUSE 42.2 installation. No selinux or something like that. >>> >>> Not sure what else I can suggest then, except attaching gdb to logind >>> and check what happens when you switch VTs... it should be sufficient >>> to set a breakpoint onto devnode_acl_all() and wait until it gets >>> triggered, and then follow the code until you see EINVAL thrown. >>> >>> Unless you know gdb well enough you shouldn't attempt that though... >>> >> >> Ok, it is udev_enumerate_scan_devices who returns -22 > > Now I see that something wrong happens inside > > enumerator_scan_devices_children > > at > > sd_device_get_syspath > k = sd_device_new_from_device_id(&device, dent->d_name); inside enumerator_scan_devices_tag() returns -22 for some entry. > >> >>> Lennart >>> >>> -- >>> Lennart Poettering, Red Hat >> >> >> >> -- >> With best regards, >> Matwey V. Kornilov > > > > -- > With best regards, > Matwey V. Kornilov -- With best regards, Matwey V. Kornilov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] no user dbus session in container
On Wed, 19 Jul 2017 at 09:31:36 +, arnaud gaboury wrote: > Do I really need a per user dbsu session in my container? I don't know. Do you? You haven't said anything about how you start the container, how you log in to the container, what its purpose is, or how (if at all) its purpose interacts with the session bus. Again, the only advice I can give you based on the information you provided is to read the system log and look for error messages. If you believe you have found a bug in some component (systemd or dbus or your container manager), the first step in resolving that bug is to describe in detail how the bug can be reproduced, including all the steps taken and any error messages that result from them. Since the trigger for this regression was a Fedora upgrade, Fedora support channels might be a more useful source of help and information than the systemd upstream mailing list (but I suspect the first things they will ask you to do are to describe the steps to reproduce the issue and check the system log, so you might as well do those first, and include them in your request for help). S ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
2017-07-19 13:10 GMT+03:00 Matwey V. Kornilov : > 2017-07-19 12:47 GMT+03:00 Lennart Poettering : >> On Wed, 19.07.17 12:38, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: >> >>> This is all that is relevant to Invalid Argument errno in strace: >>> >> [...] >>> readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 >>> EINVAL (Invalid argument) >> >> realinkat() returns EINVAL when invoked on a non-symlinks. It's not a >> real error, just a way to report that mismatch. >> >>> drwxr-xr-x 3 root root 0 июл 19 12:35 >>> /sys/devices/virtual/input/input7/event7 >>> drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport >>> drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc >>> >>> It is brand-new openSUSE 42.2 installation. No selinux or something like >>> that. >> >> Not sure what else I can suggest then, except attaching gdb to logind >> and check what happens when you switch VTs... it should be sufficient >> to set a breakpoint onto devnode_acl_all() and wait until it gets >> triggered, and then follow the code until you see EINVAL thrown. >> >> Unless you know gdb well enough you shouldn't attempt that though... >> > > Ok, it is udev_enumerate_scan_devices who returns -22 Now I see that something wrong happens inside enumerator_scan_devices_children at sd_device_get_syspath > >> Lennart >> >> -- >> Lennart Poettering, Red Hat > > > > -- > With best regards, > Matwey V. Kornilov -- With best regards, Matwey V. Kornilov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
2017-07-19 12:47 GMT+03:00 Lennart Poettering : > On Wed, 19.07.17 12:38, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: > >> This is all that is relevant to Invalid Argument errno in strace: >> > [...] >> readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 >> EINVAL (Invalid argument) > > realinkat() returns EINVAL when invoked on a non-symlinks. It's not a > real error, just a way to report that mismatch. > >> drwxr-xr-x 3 root root 0 июл 19 12:35 >> /sys/devices/virtual/input/input7/event7 >> drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport >> drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc >> >> It is brand-new openSUSE 42.2 installation. No selinux or something like >> that. > > Not sure what else I can suggest then, except attaching gdb to logind > and check what happens when you switch VTs... it should be sufficient > to set a breakpoint onto devnode_acl_all() and wait until it gets > triggered, and then follow the code until you see EINVAL thrown. > > Unless you know gdb well enough you shouldn't attempt that though... > Ok, it is udev_enumerate_scan_devices who returns -22 > Lennart > > -- > Lennart Poettering, Red Hat -- With best regards, Matwey V. Kornilov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] permissions issues in systemd machine
Here is my environment: Linux kernel 4.11.3 with usernamespace set to YES % systemctl --version systemd 233 +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=hybrid % machinectl list MACHINE CLASS SERVICEOS VERSION ADDRESSES poppy container systemd-nspawn fedora 26 192.168.1.94... % machinectl show poppy Name=poppy Id=59b720b533834a4eafe07a62c2482266 Timestamp=Wed 2017-07-12 22:07:15 CEST TimestampMonotonic=6928076 Service=systemd-nspawn Unit=systemd-nspawn@poppy.service Leader=648 Class=container RootDirectory=/var/lib/machines/poppy State=running Now first issue: -- On container % systemctl status user@1000.service ● user@1000.service - User Manager for UID 1000 Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset: disabled) Active: failed (Result: protocol) since Wed 2017-07-19 01:59:29 CEST; 9h ago Main PID: 264 (code=exited, status=237/KEYRING) Jul 19 01:59:29 thetradinghall.com systemd[1]: Starting User Manager for UID 1000... Jul 19 01:59:29 thetradinghall.com systemd[264]: user@1000.service: Failed at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied Jul 19 01:59:29 thetradinghall.com systemd[1]: Failed to start User Manager for UID 1000. Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Unit entered failed state. Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Failed with result 'protocol'. Everything looks OK when running systemd binary out from unit file: % ls -al /usr/lib/systemd/systemd -rwxr-xr-x 1 root root 1.2M Jun 27 23:49 /usr/lib/systemd/systemd* % /usr/lib/systemd/systemd --v systemd 233 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=hybrid Can anyone give me some hints why the unit file screams Permission denied? Second issue: - on host : $ mkdir ~/share ; $ touch ~/share/toto on container: $ mkdir ~/share ; I start the container with unit file: % cat /etc/systemd/system/systemd-nspawn@.service.d/override.conf [Service] ExecStart= ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-bridge=br0 -U --settings=override --machine=%i --bind-ro=/home/gabx --bind=/home/gabx/share:/home/poisonivy/share Now on container: % ls -al share total 4.0K drwxr-xr-x 2 nobodynobody4.0K Jul 19 01:59 ./ drwx-- 1 poisonivy poisonivy 786 Jul 19 01:46 ../ -rw-r--r-- 1 nobodynobody 0 Jul 19 01:59 toto Why this nobody ? I can see this behavior a lot on my container. Example: $ ls -al /proc ... -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 devices -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 diskstats -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 dma -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 execdomains -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 fb . When looking at these folders from host: # ls -al $POPPY/home/poisonivy/share total 0 drwxrwxr-x 1 vu-poppy-1000 vg-poppy-1000 0 Jul 19 01:46 ./ drwx-- 1 vu-poppy-1000 vg-poppy-1000 786 Jul 19 01:46 ../ Please note that file toto is not seen Same user:group for /proc This comes certainly from my username space being set in Kernel. How can I deal with nobody as I can't change it? poisonivy@thetradinghall ➤➤ ~ % chown poisonivy:poisonivy share chown: changing ownership of 'share': Operation not permitted Thank you for help/hints with these permissions issues. It starts to be difficult to run properly my container. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
On Wed, 19.07.17 12:38, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: > This is all that is relevant to Invalid Argument errno in strace: > [...] > readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 > EINVAL (Invalid argument) realinkat() returns EINVAL when invoked on a non-symlinks. It's not a real error, just a way to report that mismatch. > drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/virtual/input/input7/event7 > drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport > drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc > > It is brand-new openSUSE 42.2 installation. No selinux or something like that. Not sure what else I can suggest then, except attaching gdb to logind and check what happens when you switch VTs... it should be sufficient to set a breakpoint onto devnode_acl_all() and wait until it gets triggered, and then follow the code until you see EINVAL thrown. Unless you know gdb well enough you shouldn't attempt that though... Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
This is all that is relevant to Invalid Argument errno in strace: readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/drm/card0", 0x55d7a4d59230, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/drm/card0/card0-DP-1", 0x55d7a4d57190, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/drm/card0/card0-HDMI-A-1", 0x55d7a4d555f0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/drm/card0/card0-VGA-1", 0x55d7a4d555f0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/drm/card0/card0-eDP-1", 0x55d7a4d555f0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/pci:00/:00:02.0/graphics/fb0", 0x55d7a4d555f0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1", 0x55d7a4d54c70, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input2/event2", 0x55d7a4d54b60, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0/event0", 0x55d7a4d54cd0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/devices/virtual/input/input7/event7", 0x55d7a4d54bb0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport_pc", 0x55d7a4d63350, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d63350, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport_pc", 0x55d7a4d60f90, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d60f90, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport_pc", 0x55d7a4d60fb0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d60fb0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport_pc", 0x55d7a4d60fb0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d60fb0, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport_pc", 0x55d7a4d5d940, 99) = -1 EINVAL (Invalid argument) readlinkat(AT_FDCWD, "/sys/module/parport", 0x55d7a4d5d940, 99) = -1 EINVAL (Invalid argument) The files are present, but all of them are directories, not symlinks: drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input2/event2 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0/event0 drwxr-xr-x 7 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/drm/card0 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/drm/card0/card0-DP-1 drwxr-xr-x 4 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/drm/card0/card0-eDP-1 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/drm/card0/card0-HDMI-A-1 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/drm/card0/card0-VGA-1 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/pci:00/:00:02.0/graphics/fb0 drwxr-xr-x 3 root root 0 июл 19 12:35 /sys/devices/virtual/input/input7/event7 drwxr-xr-x 5 root root 0 июл 19 12:31 /sys/module/parport drwxr-xr-x 7 root root 0 июл 19 12:33 /sys/module/parport_pc It is brand-new openSUSE 42.2 installation. No selinux or something like that. 2017-07-19 11:51 GMT+03:00 Lennart Poettering : > On Tue, 18.07.17 16:28, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: > >> Hello, >> >> I am running systemd 228. And one one particular system installation >> there are messages 'Failed to apply ACLs: Invalid argument' from >> systemd-logind. Moreover, ACL on /dev/dri/* are not set correctly >> after user log in. How could I figure out which argument is invalid? >> Managing ACLs on /dev filesystem using setfacl works fine. I've tried >> using debug log_level, but nothing helpful here: > > No idea, but I'd recommend strace'ing logind when this happens, and > tracking looking for relevant operations on the device nodes... > > logind doesn't do anything particularly magic... We just invoke > libacl, and normally libacl should validate enough what we pass > there... > > do you use any MAC or so? selinux? smack? apparmor? > > Do you any non-standard UIDs? i.e. 65535 or so? > > Lennart > > -- > Lennart Poettering, Red Hat -- With best regards, Matwey V. Kornilov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] no user dbus session in container
On Tue, Jul 18, 2017 at 3:09 PM Simon McVittie wrote: > On Fri, 14 Jul 2017 at 12:36:12 +, arnaud gaboury wrote: > > After upgrade from Fedora 25 to 26, there is no more user dbus session > for user > > in container. > ... > > On container, user can't connect to dbus session, and I have no idea why. > > May someone please give me some hints on how to debug this issue? > > Please start by reading the system log (the Journal). > > The chain of events that is meant to result in a D-Bus session bus is: > > * A user logging in (somehow) starts a login session > * The login session starts an instance of `systemd --user` > * `systemd --user` starts the dbus.socket user service, listening on > that user's $XDG_RUNTIME_DIR/bus > * Some client in the login session interacts with the session bus > * As a side-effect of connecting to $XDG_RUNTIME_DIR/bus, > `systemd --user` starts the dbus.service user service > (dbus-daemon --session --address=systemd:) > * The dbus-daemon accepts the client's connection > I can't tell in the container the variable DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus. I have tried many places (~/.pam_environment; /etc/systemd/system/user@.service.d/local.conf; ~/.config/systemd/user.conf). Could it be at the root of my issue? Do I really need a per user dbsu session in my container? > > The system log should tell you which step in that chain of events is > no longer happening. > > S > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] sd-bus example code for SetLinkDNS()
Hi folks, I'm trying to teach a vpn software (openfortivpn) how to properly set up DNS in a systemd-resolve environment. I'm trying to set up a equivalent to this in C. busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager SetLinkDNS 'ia(iay)' 16 2 2 4 10 10 10 10 2 4 10 10 10 11 [https://gist.github.com/tbaumann/d484efb2e27613654a52dbe11cfe53b8] I came up with this quick proof of concept code based on the example code in the sd-bus docu. Of course it segfaults. No surprise, I have done nothing to hint at the length of the inner byte array. (ay) I was unable to find any example code that would give me a hint on how to pass such more complex data structures into sd_bus_call_method() int SetLinkDNSv4(sd_bus *bus, int if_index, struct in_addr ns1, struct in_addr ns2) { sd_bus_error error = SD_BUS_ERROR_NULL; sd_bus_message *m = NULL; int r; struct dns_address { int sin_family; struct in_addr ip_addr; }; struct dns_address addresses[2]; addresses[0].sin_family = AF_INET; addresses[0].ip_addr = ns1; addresses[1].sin_family = AF_INET; addresses[1].ip_addr = ns2; r = sd_bus_call_method(bus, "org.freedesktop.resolve1", /* service to contact */ "/org/freedesktop/resolve1", /* object path */ "org.freedesktop.resolve1.Manager", /* interface name */ "SetLinkDNS", /* method name */ &error, /* object to return error in */ &m, /* return message on success */ "ia(iay)",/* input signature */ if_index, 2,/* Array size */ addresses); } [Full code: https://gist.github.com/tbaumann/0f466c984c858767c966458d53483697] My guess is that I can have it easier if I somehow use sd_bus_message_append() to assemble the message. But I don't see a clear path either. Also, the length of the array can be one or two. So that bit is variable too. Thanks for any hints Tilman Baumann ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Failed to apply ACLs: Invalid argument
On Tue, 18.07.17 16:28, Matwey V. Kornilov (matwey.korni...@gmail.com) wrote: > Hello, > > I am running systemd 228. And one one particular system installation > there are messages 'Failed to apply ACLs: Invalid argument' from > systemd-logind. Moreover, ACL on /dev/dri/* are not set correctly > after user log in. How could I figure out which argument is invalid? > Managing ACLs on /dev filesystem using setfacl works fine. I've tried > using debug log_level, but nothing helpful here: No idea, but I'd recommend strace'ing logind when this happens, and tracking looking for relevant operations on the device nodes... logind doesn't do anything particularly magic... We just invoke libacl, and normally libacl should validate enough what we pass there... do you use any MAC or so? selinux? smack? apparmor? Do you any non-standard UIDs? i.e. 65535 or so? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel