[systemd-devel] [PATCH] udev: Remove hard-coded string offsets when parsing kernel command line.
--- src/udev/udevd.c | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 193702c..340812b 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -968,6 +968,7 @@ static void kernel_cmdline_options(struct udev *udev) { FOREACH_WORD_QUOTED(word, l, line, state) { char *s, *opt; +const char *name; s = strndup(word, l); if (!s) @@ -979,24 +980,24 @@ static void kernel_cmdline_options(struct udev *udev) { else opt = s; -if (startswith(opt, udev.log-priority=)) { +if (startswith(opt, name = udev.log-priority=)) { int prio; -prio = util_log_priority(opt + 18); +prio = util_log_priority(opt + strlen(name)); log_set_max_level(prio); udev_set_log_priority(udev, prio); -} else if (startswith(opt, udev.children-max=)) { -r = safe_atoi(opt + 18, arg_children_max); +} else if (startswith(opt, name = udev.children-max=)) { +r = safe_atoi(opt + strlen(name), arg_children_max); if (r 0) -log_warning(Invalid udev.children-max ignored: %s, opt + 18); -} else if (startswith(opt, udev.exec-delay=)) { -r = safe_atoi(opt + 16, arg_exec_delay); +log_warning(Invalid udev.children-max ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.exec-delay=)) { +r = safe_atoi(opt + strlen(name), arg_exec_delay); if (r 0) -log_warning(Invalid udev.exec-delay ignored: %s, opt + 16); -} else if (startswith(opt, udev.event-timeout=)) { -r = safe_atou64(opt + 19, arg_event_timeout_usec); +log_warning(Invalid udev.exec-delay ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.event-timeout=)) { +r = safe_atou64(opt + strlen(name), arg_event_timeout_usec); if (r 0) { -log_warning(Invalid udev.event-timeout ignored: %s, opt + 19); +log_warning(Invalid udev.event-timeout ignored: %s, opt + strlen(name)); break; } arg_event_timeout_usec *= USEC_PER_SEC; -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] udev: Remove hard-coded string offsets when parsing kernel
This avoids the hard-coded string offsets by using strlen. It's a bit of a strange coding style. Mainly I was interested to see if gcc could optimize this, and (gcc-4.9.2 / x86-64 / -O2) it did - all calls to strlen are removed from the assembly and replaced by constants. When I compile systemd normally, it recommends using -O0 so of course no optimization is done and all the calls to strlen are still there. Rich. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [question] networkd: Any support for hooks?
On Tue, 04.11.14 14:48, Dan Williams (d...@redhat.com) wrote: Can you be more specific what precisely you intend to hook in there? I'd really prefer if we could find different solutions for the common usecases. Example: I'd like to add interface to proper firewalld zone. Ideally it could be done by networkd itself (it just one dbus call: addInterface(in s zone, in s interface, …) based on new Zone=string setting in .netdev file. Hook can determine which zone interface should belong to and call firewall-cmd --zone=zone --add-interface=interface If firewalld shall be dynamic then it really should listen to rtnl on its own. It's the wrong way round, you don't want to to call into higher level software from lower level one. It's the higher level software that should subscribe to changes from the lower level software. firewalld can't get the information that WiFi network Starbucks should be locked down more than your home network. How is it supposed to get that information just listening to rtnl or other kernel events? The kernel doesn't care; the only source of that information is the connection manager. Well, even if the connection manager keeps track of information for that it should be firewalld that queries it from the connection manager, and not the connection manager calling out to firewalld. It's really not clean design to have the lower layers of the stack call out to the higher layers of the stack. It should be the higher layers that subscribe to the lower layers. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-nspawn - exporting /dev/video0
On Tue, 04.11.14 23:43, MohanR (mohan...@gmail.com) wrote: Hi, I'm in need to passthrough /dev/video0 for a gstreamer based application development. Is it possible using systemd-nspawn? I tried enabling CAP_MKNOD and manually creating /dev/video0. But it was not recognized. Is there any way to do it? We explicitly don't support this. It's really not as easy as just making a device node available in a container. In order to support device pass-thru we'd need proper virtualization of /sys, so that we can run udev in the container. The Linux kernel however doesn't support that. Just passing through an isolated device node is only a small facet of Linux device APIs. Applications must be able to also find the device when they enumerate it via libudev, they must be able to see metadata from the udev database and /sys. Often device nodes appear in combination with other matching device nodes. For example webcams usually provide a v4l device as well as a set of alsa devices. To properly make the webcam available in a container you hence need to move those device nodes, too, plus the meta information so that apps can match up the v4l and alsa devices... With nspawn we will not pretend to support something we currently cannot suspend. If you want proper device pass-thru to containers, please work with the kernel community so that they implement namespaced devices. However, I wouldn't hold my breath, it's not a particularly attractive idea among the people involved. Sorry, Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] [PATCH] cgroup: don't trim cgroup trees created by someone else
On Mon, 03.11.14 17:27, Michal Sekletar (msekl...@redhat.com) wrote: On Tue, Oct 21, 2014 at 09:16:16PM +0200, Lennart Poettering wrote: On Fri, 19.09.14 17:14, Michal Sekletar (msekl...@redhat.com) wrote: snip I do see the usecase though for those projects. I'd probably suggest not to merge it for RHEL either. But instead I'd propose a different solution for software: make sure sure to always move a PID into a cgroup as soon as it is created, so that its removal is blocked. Or in other words: right before you need a cgroup to add yourself to it, create it, and expect that it might go away while you are not using it. To deal with the possible race condition of creating a cgroup which is immediately cleaned up by somebody else, try doing this in a loop, until you succeeded. I think I grok what are you proposing, however according to developments in https://bugzilla.redhat.com/show_bug.cgi?id=1139223 it doesn't seem to be correct solution either. systemd will happily remove cgroup in which there are processes. Oh. right, systemd is stricter there than I remembered: we will actually migrate the PIDs before removing the cgroup. I figure we need to figure out a way how we can make a cgroup capable for embedding their own systemd instances, so that the controller memberships cover all hierarchies. I need to think about this. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] instantiated services set up
On Tue, 04.11.14 21:42, Tomasz Torcz (to...@pipebreaker.pl) wrote: On Tue, Nov 04, 2014 at 08:56:48PM +0100, Jan Včelák wrote: Hi! OK. I will remove the syslog. But I will have to keep network.target for now as we support non-Linux systems as well. Adding support for rtnl or IP_FREEBIND would mean duplicating a lot of code... probably. Note that invoking IP_FREEBIND is just a single setsockopt() line... You are right. We enabled IP_FREEBIND after all. (And we also added IP_BINDANY and IPV6_BINDANY on FreeBSD to achieve the same behavior.) On the other hand, we cannot give the administrator proper feedback when the daemon is configured incorrectly. If you need, you can first try binding without IP_FREEBIND. If it fails, you can print Configured address (xxx) not available yet, enable IP_FREEBIND and call bind() again. I'd recommend this, too. I'd check for the right errno first though, given that there might be other reasons why bind() could fail, and one shouldn't confuse the user with misleadin error messages. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] buildsys: test-util needs -lm for fabs()
Hi On Wed, Nov 5, 2014 at 12:48 AM, Cristian Rodríguez crrodrig...@opensuse.org wrote: --- Makefile.am | 1 + 1 file changed, 1 insertion(+) Looks good, applied! Thanks David diff --git a/Makefile.am b/Makefile.am index ff5f61b..3686103 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1543,6 +1543,7 @@ test_util_SOURCES = \ src/test/test-util.c test_util_LDADD = \ + -lm \ libsystemd-core.la test_uid_range_SOURCES = \ -- 2.1.2 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2] udev: Fix parsing of udev.event-timeout kernel parameter.
Hi On Wed, Nov 5, 2014 at 12:45 AM, Richard W.M. Jones rjo...@redhat.com wrote: --- src/udev/udevd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Applied! Thanks David diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 2e6c713..193702c 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -994,9 +994,9 @@ static void kernel_cmdline_options(struct udev *udev) { if (r 0) log_warning(Invalid udev.exec-delay ignored: %s, opt + 16); } else if (startswith(opt, udev.event-timeout=)) { -r = safe_atou64(opt + 16, arg_event_timeout_usec); +r = safe_atou64(opt + 19, arg_event_timeout_usec); if (r 0) { -log_warning(Invalid udev.event-timeout ignored: %s, opt + 16); +log_warning(Invalid udev.event-timeout ignored: %s, opt + 19); break; } arg_event_timeout_usec *= USEC_PER_SEC; -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] udev: Remove hard-coded string offsets when parsing kernel command line.
Hi On Wed, Nov 5, 2014 at 10:16 AM, Richard W.M. Jones rjo...@redhat.com wrote: --- src/udev/udevd.c | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 193702c..340812b 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -968,6 +968,7 @@ static void kernel_cmdline_options(struct udev *udev) { FOREACH_WORD_QUOTED(word, l, line, state) { char *s, *opt; +const char *name; s = strndup(word, l); if (!s) @@ -979,24 +980,24 @@ static void kernel_cmdline_options(struct udev *udev) { else opt = s; -if (startswith(opt, udev.log-priority=)) { +if (startswith(opt, name = udev.log-priority=)) { This looks weird. Note that startswith() returns a pointer to the offset, so maybe we should restructure like this: if ((value = startswith(opt, udev.log-priority))) { prio = util_log_priority(value); } I will try to fix this up myself. Lets see.. Thanks David int prio; -prio = util_log_priority(opt + 18); +prio = util_log_priority(opt + strlen(name)); log_set_max_level(prio); udev_set_log_priority(udev, prio); -} else if (startswith(opt, udev.children-max=)) { -r = safe_atoi(opt + 18, arg_children_max); +} else if (startswith(opt, name = udev.children-max=)) { +r = safe_atoi(opt + strlen(name), arg_children_max); if (r 0) -log_warning(Invalid udev.children-max ignored: %s, opt + 18); -} else if (startswith(opt, udev.exec-delay=)) { -r = safe_atoi(opt + 16, arg_exec_delay); +log_warning(Invalid udev.children-max ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.exec-delay=)) { +r = safe_atoi(opt + strlen(name), arg_exec_delay); if (r 0) -log_warning(Invalid udev.exec-delay ignored: %s, opt + 16); -} else if (startswith(opt, udev.event-timeout=)) { -r = safe_atou64(opt + 19, arg_event_timeout_usec); +log_warning(Invalid udev.exec-delay ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.event-timeout=)) { +r = safe_atou64(opt + strlen(name), arg_event_timeout_usec); if (r 0) { -log_warning(Invalid udev.event-timeout ignored: %s, opt + 19); +log_warning(Invalid udev.event-timeout ignored: %s, opt + strlen(name)); break; } arg_event_timeout_usec *= USEC_PER_SEC; -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] udev: Remove hard-coded string offsets when parsing kernel command line.
On Wed, Nov 05, 2014 at 12:54:21PM +0100, David Herrmann wrote: Hi On Wed, Nov 5, 2014 at 10:16 AM, Richard W.M. Jones rjo...@redhat.com wrote: --- src/udev/udevd.c | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 193702c..340812b 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -968,6 +968,7 @@ static void kernel_cmdline_options(struct udev *udev) { FOREACH_WORD_QUOTED(word, l, line, state) { char *s, *opt; +const char *name; s = strndup(word, l); if (!s) @@ -979,24 +980,24 @@ static void kernel_cmdline_options(struct udev *udev) { else opt = s; -if (startswith(opt, udev.log-priority=)) { +if (startswith(opt, name = udev.log-priority=)) { This looks weird. Note that startswith() returns a pointer to the offset, so maybe we should restructure like this: if ((value = startswith(opt, udev.log-priority))) { prio = util_log_priority(value); } Ah ... yes, that would be better. Rich. I will try to fix this up myself. Lets see.. Thanks David int prio; -prio = util_log_priority(opt + 18); +prio = util_log_priority(opt + strlen(name)); log_set_max_level(prio); udev_set_log_priority(udev, prio); -} else if (startswith(opt, udev.children-max=)) { -r = safe_atoi(opt + 18, arg_children_max); +} else if (startswith(opt, name = udev.children-max=)) { +r = safe_atoi(opt + strlen(name), arg_children_max); if (r 0) -log_warning(Invalid udev.children-max ignored: %s, opt + 18); -} else if (startswith(opt, udev.exec-delay=)) { -r = safe_atoi(opt + 16, arg_exec_delay); +log_warning(Invalid udev.children-max ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.exec-delay=)) { +r = safe_atoi(opt + strlen(name), arg_exec_delay); if (r 0) -log_warning(Invalid udev.exec-delay ignored: %s, opt + 16); -} else if (startswith(opt, udev.event-timeout=)) { -r = safe_atou64(opt + 19, arg_event_timeout_usec); +log_warning(Invalid udev.exec-delay ignored: %s, opt + strlen(name)); +} else if (startswith(opt, name = udev.event-timeout=)) { +r = safe_atou64(opt + strlen(name), arg_event_timeout_usec); if (r 0) { -log_warning(Invalid udev.event-timeout ignored: %s, opt + 19); +log_warning(Invalid udev.event-timeout ignored: %s, opt + strlen(name)); break; } arg_event_timeout_usec *= USEC_PER_SEC; -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Rationale for mirroring cpu and systemd cgroup subsystems
Hi, What is the reasoning for not joining cpu subsystem with systemd subsystem? There are couple ways you can mirror [1] cpu and systemd subsystems and doing so can result completely different cpu bandwidth for processes. I am wondering why we don't mirror them by default. Not mirroring them results PID 1, each kernel thread and each user space task having the same cpu bandwidth (/sys/fs/cgroup/cpu/tasks). Even worse is the cpu bandwidth PID 1 gets goes down with the number of processes spawned, possibly opening ways to DOS. [1] - Simple changes that alter the entire cpu bandwidth processes get a) DefaultCPUAccounting=yes will change the entire cpu bandwidth allocation due to JoinControllers=cpu,cpuacct b) Dropping a .slice and adding even only 1 service in it. c) systemctl set-property system.slice CPUShares=1024 (Even though 1024 is the default cpu weight) Umut ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Put user@.service cgroups into all controllers (user LXC)
On Mon, 03.11.14 16:25, Martin Pitt (martin.p...@ubuntu.com) wrote: Hello all, LXC upstream (in CC:) supports unprivileged containers, i. e. you can create a rootfs in your $HOME and then run lxc-start on it with some initial preparation [1]. While of course they have some limits, they are very useful for a lot of applications and are by nature quite safe towards other users/containers/services on the same machine. However, that requires putting at least the per-user session cgroup (from logind) into *all* available cgroup controllers, not just the systemd one, so that the per-user container actually has privileges to create sub-cgroups under the session-cN.scope parent. We cannot blindly add user scopes/slices into all cgroup controllers, since simply adding them to a cgroup might already affect on the runtime. For example, if you add a cgroup to the cpu controller then RT automatically becomes unavailable, and the processes get scheduled evenly against all other cgroups on the same level. Also, we cannot allow unprivileged access to most of the controllers, not even cpu. You can easily configure contradicting parameters in the cpu controller in a way that can severely hurt the system. This is not different for the other controllers either. This isn't really something to solve in systemd, it requires kernel work (and that work is quite far actually, with the unified cgroup heirarchy). To say this clearly: unpriviliged access to any of the hierarchies but name=systemd is something we will *explicitly* not support until this is deemed safe by the kernel folks. Priviliged containers is less problematic, as they usually come without security guarantees anyway. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Rationale for mirroring cpu and systemd cgroup subsystems
On Wed, 05.11.14 13:41, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: Hi, What is the reasoning for not joining cpu subsystem with systemd subsystem? There are couple ways you can mirror [1] cpu and systemd subsystems and doing so can result completely different cpu bandwidth for processes. I am wondering why we don't mirror them by default. Because simply enabling a cpu controller for a unit already has effects on the processes running it. For example, you don't get RT anymore, and the general scheduling is altered to schedule your entire group evenly against the all groups on the same level. systemd will mirror a cgroup in the cpu hierarchy as soon as you set a property on it that requires the cpu or cpuacct hierarchy, for example CPUAccounting=, CPUShares= or CPUQuota. Bu the general rule is: don't enable a controller for a unit, unless we really need to. We must make sure the tree is always as minimal as possible. Not mirroring them results PID 1, each kernel thread and each user space task having the same cpu bandwidth (/sys/fs/cgroup/cpu/tasks). Even worse is the cpu bandwidth PID 1 gets goes down with the number of processes spawned, possibly opening ways to DOS. There has been a plan to introduce CPUFairScheduling= that you can set on a slice, and that will turn on the cpu controller for all children of that slice. Setting that on system.slice should have the desired effect. Regarding PID1: with the unified cgroup hierarchy it will not be possible to have both populated subcgroups and processes in the same cgroup. This means we will have to move PID 1 out of the root cgroup anyway, probably into some unit in system.slice. This should fix your problem, I figure? This would also allow applying cgroup resource limits to PID 1 itself, for example to control the way it is scheduled against other proceses. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] login: rerun vconsole-setup when switching from vgacon to fbcon
From: Ray Strode rstr...@redhat.com The initialization performed by systemd-vconsole-setup is reset when changing console drivers (say from vgacon to fbcon), so we need to run it in that case. See http://lists.freedesktop.org/archives/systemd-devel/2014-October/023919.html http://lists.freedesktop.org/archives/systemd-devel/2014-October/024423.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/024881.html This commit adds a udev rule to 71-seat.rules to make systemd-vconsole-setup get run when the fbcon device becomes available. --- src/login/71-seat.rules.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/login/71-seat.rules.in b/src/login/71-seat.rules.in index ad26acbb..cbcfb53 100644 --- a/src/login/71-seat.rules.in +++ b/src/login/71-seat.rules.in @@ -1,43 +1,44 @@ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. ACTION==remove, GOTO=seat_end TAG==uaccess, SUBSYSTEM!=sound, TAG+=seat SUBSYSTEM==sound, KERNEL==card*, TAG+=seat SUBSYSTEM==input, KERNEL==input*, TAG+=seat SUBSYSTEM==graphics, KERNEL==fb[0-9]*, TAG+=seat, TAG+=master-of-seat +SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup SUBSYSTEM==usb, ATTR{bDeviceClass}==09, TAG+=seat # 'Plugable' USB hub, sound, network, graphics adapter SUBSYSTEM==usb, ATTR{idVendor}==2230, ATTR{idProduct}==000[13], ENV{ID_AUTOSEAT}=1 # Mimo 720, with integrated USB hub, displaylink graphics, and e2i # touchscreen. This device carries no proper VID/PID in the USB hub, # but it does carry good ID data in the graphics component, hence we # check it from the parent. There's a bit of a race here however, # given that the child devices might not exist yet at the time this # rule is executed. To work around this we'll trigger the parent from # the child if we notice that the parent wasn't recognized yet. # Match parent SUBSYSTEM==usb, ATTR{idVendor}==058f, ATTR{idProduct}==6254, \ ATTR{%k.2/idVendor}==17e9, ATTR{%k.2/idProduct}==401a, ATTR{%k.2/product}==mimo inc, \ ENV{ID_AUTOSEAT}=1, ENV{ID_AVOID_LOOP}=1 # Match child, look for parent's ID_AVOID_LOOP SUBSYSTEM==usb, ATTR{idVendor}==17e9, ATTR{idProduct}==401a, ATTR{product}==mimo inc, \ ATTR{../idVendor}==058f, ATTR{../idProduct}==6254, \ IMPORT{parent}=ID_AVOID_LOOP # Match child, retrigger parent SUBSYSTEM==usb, ATTR{idVendor}==17e9, ATTR{idProduct}==401a, ATTR{product}==mimo inc, \ ATTR{../idVendor}==058f, ATTR{../idProduct}==6254, \ ENV{ID_AVOID_LOOP}==, \ RUN+=@rootbindir@/udevadm trigger --parent-match=%p/.. TAG==seat, ENV{ID_PATH}==, IMPORT{builtin}=path_id -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] login: rerun vconsole-setup when switching from vgacon to fbcon
Hi Ray On Wed, Nov 5, 2014 at 2:30 PM, Ray Strode halfl...@gmail.com wrote: From: Ray Strode rstr...@redhat.com The initialization performed by systemd-vconsole-setup is reset when changing console drivers (say from vgacon to fbcon), so we need to run it in that case. See http://lists.freedesktop.org/archives/systemd-devel/2014-October/023919.html http://lists.freedesktop.org/archives/systemd-devel/2014-October/024423.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/024881.html This commit adds a udev rule to 71-seat.rules to make systemd-vconsole-setup get run when the fbcon device becomes available. --- src/login/71-seat.rules.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/login/71-seat.rules.in b/src/login/71-seat.rules.in index ad26acbb..cbcfb53 100644 --- a/src/login/71-seat.rules.in +++ b/src/login/71-seat.rules.in @@ -1,43 +1,44 @@ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. ACTION==remove, GOTO=seat_end TAG==uaccess, SUBSYSTEM!=sound, TAG+=seat SUBSYSTEM==sound, KERNEL==card*, TAG+=seat SUBSYSTEM==input, KERNEL==input*, TAG+=seat SUBSYSTEM==graphics, KERNEL==fb[0-9]*, TAG+=seat, TAG+=master-of-seat +SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup Looks good. I just don't like stuffing it into 71-seat.rules. I mean, it's in no way related to seats, is it? Kay, Tom, Lennart? Any better ideas where to put it? Otherwise, I will apply the patch. Thanks David SUBSYSTEM==usb, ATTR{bDeviceClass}==09, TAG+=seat # 'Plugable' USB hub, sound, network, graphics adapter SUBSYSTEM==usb, ATTR{idVendor}==2230, ATTR{idProduct}==000[13], ENV{ID_AUTOSEAT}=1 # Mimo 720, with integrated USB hub, displaylink graphics, and e2i # touchscreen. This device carries no proper VID/PID in the USB hub, # but it does carry good ID data in the graphics component, hence we # check it from the parent. There's a bit of a race here however, # given that the child devices might not exist yet at the time this # rule is executed. To work around this we'll trigger the parent from # the child if we notice that the parent wasn't recognized yet. # Match parent SUBSYSTEM==usb, ATTR{idVendor}==058f, ATTR{idProduct}==6254, \ ATTR{%k.2/idVendor}==17e9, ATTR{%k.2/idProduct}==401a, ATTR{%k.2/product}==mimo inc, \ ENV{ID_AUTOSEAT}=1, ENV{ID_AVOID_LOOP}=1 # Match child, look for parent's ID_AVOID_LOOP SUBSYSTEM==usb, ATTR{idVendor}==17e9, ATTR{idProduct}==401a, ATTR{product}==mimo inc, \ ATTR{../idVendor}==058f, ATTR{../idProduct}==6254, \ IMPORT{parent}=ID_AVOID_LOOP # Match child, retrigger parent SUBSYSTEM==usb, ATTR{idVendor}==17e9, ATTR{idProduct}==401a, ATTR{product}==mimo inc, \ ATTR{../idVendor}==058f, ATTR{../idProduct}==6254, \ ENV{ID_AVOID_LOOP}==, \ RUN+=@rootbindir@/udevadm trigger --parent-match=%p/.. TAG==seat, ENV{ID_PATH}==, IMPORT{builtin}=path_id -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] login: rerun vconsole-setup when switching from vgacon to fbcon
On Wed, 05.11.14 14:43, David Herrmann (dh.herrm...@gmail.com) wrote: TAG==uaccess, SUBSYSTEM!=sound, TAG+=seat SUBSYSTEM==sound, KERNEL==card*, TAG+=seat SUBSYSTEM==input, KERNEL==input*, TAG+=seat SUBSYSTEM==graphics, KERNEL==fb[0-9]*, TAG+=seat, TAG+=master-of-seat +SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup Looks good. I just don't like stuffing it into 71-seat.rules. I mean, it's in no way related to seats, is it? Kay, Tom, Lennart? Any better ideas where to put it? Otherwise, I will apply the patch. Grr, ugly. Add it to 99-systemd.rules please. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] s/commandline/command line/g
From: Harald Hoyer har...@redhat.com --- TODO | 2 +- m4/attributes.m4 | 2 +- man/systemd-bootchart.xml | 4 ++-- man/systemd-delta.xml | 2 +- man/systemd-run.xml| 2 +- man/systemd.link.xml | 2 +- man/udev.conf.xml | 2 +- src/core/shutdown.c| 2 +- src/cryptsetup/cryptsetup-generator.c | 4 ++-- src/fstab-generator/fstab-generator.c | 2 +- src/journal/coredump.c | 2 +- src/network/networkd-wait-online-manager.c | 2 +- src/shared/condition-util.c| 2 +- src/udev/collect/collect.c | 2 +- src/udev/net/link-config.c | 2 +- src/udev/udevd.c | 2 +- 16 files changed, 18 insertions(+), 18 deletions(-) diff --git a/TODO b/TODO index b54aa61..8d3ef11 100644 --- a/TODO +++ b/TODO @@ -14,7 +14,7 @@ Bugfixes: Environment=ONE='one' TWO='two two' too THREE= ExecStart=/bin/python3 -c 'import sys;print(sys.argv)' $ONE $TWO $THREE -* MEMORY return code is overloaded for syntax errors in the commandline. +* MEMORY return code is overloaded for syntax errors in the command line. str_split_quoted() should return a real return code, so spawn_child can report the failure properly. diff --git a/m4/attributes.m4 b/m4/attributes.m4 index 7bd5ad8..ac3c662 100644 --- a/m4/attributes.m4 +++ b/m4/attributes.m4 @@ -89,7 +89,7 @@ AC_DEFUN([CC_NOUNDEFINED], [ *-freebsd* | *-openbsd*) ;; *) dnl First of all check for the --no-undefined variant of GNU ld. This allows -dnl for a much more readable commandline, so that people can understand what +dnl for a much more readable command line, so that people can understand what dnl it does without going to look for what the heck -z defs does. for possible_flags in -Wl,--no-undefined -Wl,-z,defs; do CC_CHECK_LDFLAGS([$possible_flags], [LDFLAGS_NOUNDEFINED=$possible_flags]) diff --git a/man/systemd-bootchart.xml b/man/systemd-bootchart.xml index 150ca48..0068e92 100644 --- a/man/systemd-bootchart.xml +++ b/man/systemd-bootchart.xml @@ -64,7 +64,7 @@ as an SVG graph. Normally, systemd-bootchart is invoked by the kernel by passing optioninit=filename/usr/lib/systemd/systemd-bootchart/filename/option -on the kernel commandline. systemd-bootchart will then +on the kernel command line. systemd-bootchart will then fork the real init off to resume normal system startup, while monitoring and logging startup information in the background. @@ -125,7 +125,7 @@ listitemparaOne can execute commandsystemd-bootchart/command as normal application from the -commandline. In this mode it is highly +command line. In this mode it is highly recommended to pass the option-r/option flag in order to not graph the time elapsed since boot diff --git a/man/systemd-delta.xml b/man/systemd-delta.xml index 9117773..2175f96 100644 --- a/man/systemd-delta.xml +++ b/man/systemd-delta.xml @@ -97,7 +97,7 @@ only configuration files in this subdirectory (across all configuration paths) will be analyzed. Otherwise, all configuration files will be analyzed. If the -commandline argument is not given at all, all +command line argument is not given at all, all configuration files will be analyzed. See below for some examples./para /refsect1 diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 0c9d13d..6ccfd71 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -215,7 +215,7 @@ along with systemd; If not, see http://www.gnu.org/licenses/. /variablelist paraAll command-line arguments after the first non-option -argument become part of the commandline of the launched +argument become part of the command line of the launched process. If a command is run as service unit, its first argument needs to be an absolute binary path./para /refsect1 diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 6075b39..6c74b42 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -231,7 +231,7 @@ be set. literalNamePolicy/literal may be disabled by specifying
[systemd-devel] [PATCH] rules: rerun vconsole-setup when switching from vgacon to fbcon
From: Ray Strode rstr...@redhat.com The initialization performed by systemd-vconsole-setup is reset when changing console drivers (say from vgacon to fbcon), so we need to run it in that case. See http://lists.freedesktop.org/archives/systemd-devel/2014-October/023919.html http://lists.freedesktop.org/archives/systemd-devel/2014-October/024423.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/024881.html This commit adds a udev rule to 99-systemd.rules to make systemd-vconsole-setup get run when the fbcon device becomes available. --- rules/99-systemd.rules.in | 4 1 file changed, 4 insertions(+) diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in index e30d9a8..4763b65 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -1,39 +1,43 @@ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. ACTION==remove, GOTO=systemd_end +# Kernel resets vconsole state when changing console drivers so run +# systemd-vconsole-setup when fbcon loads +SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup + SUBSYSTEM==tty, KERNEL==tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*, TAG+=systemd KERNEL==vport*, TAG+=systemd SUBSYSTEM==block, KERNEL!=ram*, TAG+=systemd SUBSYSTEM==block, KERNEL!=ram*, ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}==1, ENV{SYSTEMD_READY}=0 # Ignore encrypted devices with no identified superblock on it, since # we are probably still calling mke2fs or mkswap on it. SUBSYSTEM==block, KERNEL!=ram*, ENV{DM_UUID}==CRYPT-*, ENV{ID_PART_TABLE_TYPE}==, ENV{ID_FS_USAGE}==, ENV{SYSTEMD_READY}=0 # Ignore raid devices that are not yet assembled and started SUBSYSTEM==block, ENV{DEVTYPE}==disk, KERNEL==md*, TEST!=md/array_state, ENV{SYSTEMD_READY}=0 SUBSYSTEM==block, ENV{DEVTYPE}==disk, KERNEL==md*, ATTR{md/array_state}==|clear|inactive, ENV{SYSTEMD_READY}=0 # Ignore loop devices that don't have any file attached SUBSYSTEM==block, KERNEL==loop[0-9]*, ENV{DEVTYPE}==disk, TEST!=loop/backing_file, ENV{SYSTEMD_READY}=0 # Ignore nbd devices in the add event, with change the nbd is ready ACTION==add, SUBSYSTEM==block, KERNEL==nbd*, ENV{SYSTEMD_READY}=0 # We need a hardware independent way to identify network devices. We # use the /sys/subsystem path for this. Current vanilla kernels don't # actually support that hierarchy right now, however upcoming kernels # will. HAL and udev internally support /sys/subsystem already, hence # it should be safe to use this here, too. This is mostly just an # identification string for systemd, so whether the path actually is # accessible or not does not matter as long as it is unique and in the # filesystem namespace. # -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] manager: Ensure user's systemd runtime directory exists.
Colin Guthrie wrote on 03/11/14 08:02: Zbigniew Jędrzejewski-Szmek wrote on 02/11/14 18:18: On Sun, Nov 02, 2014 at 02:04:20PM +, Colin Guthrie wrote: This mirrors code in dbus.c when creating the private socket and avoids error messages like: systemd[1353]: bind(/run/user/603/systemd/notify) failed: No such file or directory systemd[1353]: Failed to fully start up daemon: No such file or directory Seems reasonable. But why not move the mkdir_parent_label() to the shared code path? Even if the dir is created elsewhere, it seems cleaner to ensure here that it is available. Well, to be honest, I just copied the structure from dbus.c. I can easily do as you suggest in both places if you think it's nicer. I guess this would add two unnecessary stat()s (at least - not looked at the mkdir... implementation!) on boot however, so might just be better leaving it as is (not that that is a real problem practically speaking, especially in tmpfs!). Just pushed as is for now. I'm sure any moving of mkdir*() to common code path can come later (both here and in dbus.c) if it's deemed more readable and doesn't have a negative impact on performance (I'd expect it to be negligible, but I'm not an embedded guy) Cheers! Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] rules: rerun vconsole-setup when switching from vgacon to fbcon
Hi Ray On Wed, Nov 5, 2014 at 3:48 PM, Ray Strode halfl...@gmail.com wrote: From: Ray Strode rstr...@redhat.com The initialization performed by systemd-vconsole-setup is reset when changing console drivers (say from vgacon to fbcon), so we need to run it in that case. See http://lists.freedesktop.org/archives/systemd-devel/2014-October/023919.html http://lists.freedesktop.org/archives/systemd-devel/2014-October/024423.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/024881.html This commit adds a udev rule to 99-systemd.rules to make systemd-vconsole-setup get run when the fbcon device becomes available. --- rules/99-systemd.rules.in | 4 1 file changed, 4 insertions(+) diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in index e30d9a8..4763b65 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -1,39 +1,43 @@ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. ACTION==remove, GOTO=systemd_end +# Kernel resets vconsole state when changing console drivers so run +# systemd-vconsole-setup when fbcon loads +SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup + I had that change locally, but didn't push it because vconsole is optional. Thus, this rule must be optional, too. I'm now digging into autoconf+m4 to see how to do this... but I'm getting nowhere so far... So if you have no idea how to make that rule be generated only if ENABLE_VCONSOLE is set by configure, then we probably should take my patch below. Thanks David diff --git a/Makefile.am b/Makefile.am index 3686103..f614b86 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4439,6 +4439,9 @@ rootlibexec_PROGRAMS += \ nodist_systemunit_DATA += \ units/systemd-vconsole-setup.service +dist_udevrules_DATA += \ + src/vconsole/90-vconsole.rules + SYSINIT_TARGET_WANTS += \ systemd-vconsole-setup.service endif diff --git a/src/vconsole/90-vconsole.rules b/src/vconsole/90-vconsole.rules new file mode 100644 index 000..8334979 --- /dev/null +++ b/src/vconsole/90-vconsole.rules @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# re-run vconsole if the VT driver changed + +ACTION==add, SUBSYSTEM==graphics, KERNEL==fbcon, RUN+=/usr/lib/systemd/systemd-vconsole-setup ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Rationale for mirroring cpu and systemd cgroup subsystems
On Wed, Nov 5, 2014 at 2:05 PM, Lennart Poettering lenn...@poettering.net wrote: On Wed, 05.11.14 13:41, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: Hi, What is the reasoning for not joining cpu subsystem with systemd subsystem? There are couple ways you can mirror [1] cpu and systemd subsystems and doing so can result completely different cpu bandwidth for processes. I am wondering why we don't mirror them by default. Because simply enabling a cpu controller for a unit already has effects on the processes running it. For example, you don't get RT anymore, and the general scheduling is altered to schedule your entire group evenly against the all groups on the same level. Doesn't it make sense to turn it on by default and let users wanting RT disable it? Seems like this was the case at some point - http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime/ (Very much outdated article, we don't have ControlGroup= anymore) systemd will mirror a cgroup in the cpu hierarchy as soon as you set a property on it that requires the cpu or cpuacct hierarchy, for example CPUAccounting=, CPUShares= or CPUQuota. You can turn on mirroring during runtime but as far as I know there is no way going back without rebooting right? Bu the general rule is: don't enable a controller for a unit, unless we really need to. We must make sure the tree is always as minimal as possible. Not mirroring them results PID 1, each kernel thread and each user space task having the same cpu bandwidth (/sys/fs/cgroup/cpu/tasks). Even worse is the cpu bandwidth PID 1 gets goes down with the number of processes spawned, possibly opening ways to DOS. There has been a plan to introduce CPUFairScheduling= that you can set on a slice, and that will turn on the cpu controller for all children of that slice. Setting that on system.slice should have the desired effect. Regarding PID1: with the unified cgroup hierarchy it will not be possible to have both populated subcgroups and processes in the same cgroup. This means we will have to move PID 1 out of the root cgroup anyway, probably into some unit in system.slice. This should fix your problem, I figure? This would also allow applying cgroup resource limits to PID 1 itself, for example to control the way it is scheduled against other proceses. We discussed putting systemd in to its own cgroup in Germany during hack fest. It would solve the problem I have mentioned. Umut Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] bus-proxy: --clone-smack-label option
This patch adds a '--clone-smack-label' option to systemd-bus-proxyd. When dbus client connects to systemd-bus-proxyd through Unix domain socket and this option is enabled proxy takes client's smack label and sets for itself. It is done before and independent of dropping privileges. The reason of such soluton is fact that tests of access rights performed by lsm may take place inside kernel, not only in userspace of recipient of message. The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label. In case of systemd running in system mode, CAP_MAC_ADMIN should be added to CapabilityBoundingSet in service file of bus-proxyd. In case of systemd running in user mode ('systemd --user') it can be achieved by addition Capabilities=cap_mac_admin=i and SecureBits=keep-caps to user@.service file and setting cap_mac_admin+ei on bus-proxyd binary. Change-Id: I5a2c77348d4d293dd3707e82349cf624ddaf744a Signed-off-by: Przemyslaw Kedzierski p.kedzier...@samsung.com --- man/systemd-bus-proxyd.xml | 9 + src/bus-proxyd/bus-proxyd.c | 37 + src/shared/capability.c | 18 ++ src/shared/capability.h | 2 ++ src/shared/smack-util.c | 18 ++ src/shared/smack-util.h | 1 + 6 files changed, 85 insertions(+) diff --git a/man/systemd-bus-proxyd.xml b/man/systemd-bus-proxyd.xml index f9400f0..0aa24cf 100644 --- a/man/systemd-bus-proxyd.xml +++ b/man/systemd-bus-proxyd.xml @@ -87,6 +87,15 @@ along with systemd; If not, see http://www.gnu.org/licenses/. /listitem /varlistentry + varlistentry +termoption--clone-smack-label/option/term + +listitem + paraTake client's smack label and set for itself. + The commandsystemd-bus-proxyd/command needs CAP_MAC_ADMIN to manipulate it./para +/listitem + /varlistentry + xi:include href=standard-options.xml xpointer=help / xi:include href=standard-options.xml xpointer=version / /variablelist diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index d10de2f..ae8cd02 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -45,11 +45,13 @@ #include def.h #include capability.h #include bus-policy.h +#include smack-util.h static char *arg_address = NULL; static char *arg_command_line_buffer = NULL; static bool arg_drop_privileges = false; static char **arg_configuration = NULL; +static bool arg_clone_smack_label = false; static int help(void) { @@ -58,6 +60,7 @@ static int help(void) { -h --help Show this help\n --versionShow package version\n --drop-privilegesDrop privileges\n +--clone-smack-label Clone smack label\n --configuration=PATH Configuration file or directory\n --machine=MACHINEConnect to specified machine\n --address=ADDRESSConnect to the bus specified by ADDRESS\n @@ -75,6 +78,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_DROP_PRIVILEGES, ARG_CONFIGURATION, ARG_MACHINE, +ARG_CLONE_SMACK_LABEL, }; static const struct option options[] = { @@ -84,6 +88,7 @@ static int parse_argv(int argc, char *argv[]) { { drop-privileges, no_argument, NULL, ARG_DROP_PRIVILEGES }, { configuration, required_argument, NULL, ARG_CONFIGURATION }, { machine, required_argument, NULL, ARG_MACHINE }, +{ clone-smack-label, no_argument, NULL, ARG_CLONE_SMACK_LABEL }, {}, }; @@ -149,6 +154,9 @@ static int parse_argv(int argc, char *argv[]) { break; } +case ARG_CLONE_SMACK_LABEL: +arg_clone_smack_label = true; +break; case '?': return -EINVAL; @@ -1168,6 +1176,35 @@ int main(int argc, char *argv[]) { if (is_unix) { (void) getpeercred(in_fd, ucred); (void) getpeersec(in_fd, peersec); + +if (arg_clone_smack_label) { + +if (!mac_smack_use()) { +log_warning(No SMACK found); +goto exit_clone_smack_label; +} + +if (!peersec) { +log_warning(Invalid SMACK label); +goto exit_clone_smack_label; +} + +r = have_effective_cap(CAP_MAC_ADMIN); +if (r = 0) { +log_warning(No CAP_MAC_ADMIN capability); +goto exit_clone_smack_label; +} +
Re: [systemd-devel] [PATCH] rules: rerun vconsole-setup when switching from vgacon to fbcon
Hi, On Wed, Nov 5, 2014 at 9:53 AM, David Herrmann dh.herrm...@gmail.com wrote: I had that change locally, but didn't push it because vconsole is optional. Thus, this rule must be optional, too. I'm now digging into autoconf+m4 to see how to do this... but I'm getting nowhere so far... Well you could: 1) rename 99-systemd.rules.in to 99-systemd.rules.in.in and then add it to AC_CONFIG_FILES in configure.ac and add substitution variable to 99-systemd.rules.in.in that expands to the empty string when ENABLE_VCONSOLE isn't set and the udev rule when it is set. I don't like that though, it would mean separating the udev rule from the file. 2) Alternatively, you could leave 99-systemd.rules.in as is and hack SED_PROCESS stuff in the makefile to remove the line if ENABLE_VCONSOLE isn't set. I don't like this either, it's ugly. So if you have no idea how to make that rule be generated only if ENABLE_VCONSOLE is set by configure, then we probably should take my patch below. Your patch seems far better than the options above, but I think it needs a dracut patch to make sure the new rules file gets in the initrd too, or it won't work. --Ray ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v6] udev hwdb: Support shipping pre-compiled database in system images
Hiya, Martin Pitt wrote on 28/10/14 11:18: @@ -275,30 +281,43 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) { hwdb-refcount = 1; udev_list_init(udev, hwdb-properties_list, true); -hwdb-f = fopen(/etc/udev/hwdb.bin, re); +/* find hwdb.bin in hwdb_bin_paths */ +NULSTR_FOREACH(hwdb_bin_path, hwdb_bin_paths) { +hwdb-f = fopen(hwdb_bin_path, re); +if (hwdb-f) +break; +else if (errno == ENOENT) +continue; +else { +udev_dbg(udev, error reading %s: %m, hwdb_bin_path); +udev_hwdb_unref(hwdb); +return NULL; +} +} + if (!hwdb-f) { -udev_dbg(udev, error reading /etc/udev/hwdb.bin: %m); +udev_err(udev, hwdb.bin does not exist, please run udevadm hwdb --update); udev_hwdb_unref(hwdb); return NULL; } Pretty sure it's a relatively minor issue, but since this patch, I see the error message hwdb.bin does not exist, please run udevadm hwdb --update twice on every boot despite me having a /etc/udev/hwdb.bin file present and correct! With a bit of digging, I looked into the issue and even after reverting this patch, both error messages remained... at which point I realised it was from udev in the initrd (dracut generated), not the installed version. Rebuilding the initrd with the patch reverted udevd solved the problems and the error message disappeared. While it's a nice error message, I wonder if it should be reverted back to being dbg again for the initrd use case or perhaps some other mechanism could be used to suppress the error in that case? AFAIUI, we do not need to ship the complied hwdb.bin in the initrd (it would make it quite large) and thus is quite valid to not include it. Anyone against the attached patch? Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ From ec66bb59f669a39a0ba4acbbe2d1f3a562d3d2ec Mon Sep 17 00:00:00 2001 From: Colin Guthrie co...@mageia.org Date: Wed, 5 Nov 2014 15:29:41 + Subject: [PATCH] udev hwdb: Change error message regarding missing hwdb.bin back to debug. When used in the initrd, it's expected that the hwdb.bin file is not present (it makes for very large initrd's). While it's nice to tell the user about this, as it's not strictly speaking an error we really shouldn't be so forceful in our reporting. --- src/libudev/libudev-hwdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c index a1cfc0b..0716072 100644 --- a/src/libudev/libudev-hwdb.c +++ b/src/libudev/libudev-hwdb.c @@ -296,7 +296,7 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) { } if (!hwdb-f) { -udev_err(udev, hwdb.bin does not exist, please run udevadm hwdb --update); +udev_dbg(udev, hwdb.bin does not exist, please run udevadm hwdb --update); udev_hwdb_unref(hwdb); return NULL; } -- 2.1.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd presentation slides?
Tom Gundersen wrote on 28/10/14 10:40: Hi Mihamina, On Tue, Oct 28, 2014 at 11:06 AM, Mihamina Rakotomandimby mihamina.rakotomandi...@rktmb.org wrote: Would you have some bookmarks of some slide presenting systemd? We try to gather all such resources here: http://www.freedesktop.org/wiki/Software/systemd/ In particular I'd recommend to you and your colleagues to read the systemd for Administrators series of posts linked above. They are really informative! Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Udev rules hardware database
Dear all, sorry if this list is not the correct one for my post. In this case please just point me to the correct list. I you want to have permanent power saving activated for your devices, the recommended way is to use udev (e.g. https://wiki.archlinux.org/index.php/Power_saving#USB_autosuspend). Some devices do not work with active power saving, which is the reason why it's not activated by default. To get it working anyway, users should activated it for all devices and create their own blacklists. I did exactly that and had to copy blacklists to multiple computers when moving my devices around. As this should be distribution agnostic, I wonder if there are upstream blacklists or whitelists to take care of this problem. A power save whitelist would be useful, as distributions could start activating power saving for theses devices immediately. A power save blacklist would be useful as users could try to activate power saving for all devices and if their problematic hardware is already on the blacklist, everything works and they can save even more power as with the whitelist. In the long run there could even be a small please test your hardware tool, where the power saving is activated for, e.g., your mouse. You then have to click to confirm that it is working. Otherwise power saving gets deactivated after a timeout, so you can use your mouse again. This result could then be automatically uploaded (after user confirmation) and added to the blacklist/whitelist. So I have several questions: - Is there already something like this? - If not, is udev the correct piece in the Linux stack to put this? - What is the general way to contribute udev rules? - Where is it documented? Kind regards Patrick signature.asc Description: This is a digitally signed message part. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] bus-proxy: --clone-smack-label option
On Wed, 05.11.14 16:08, Przemyslaw Kedzierski (p.kedzier...@samsung.com) wrote: This patch adds a '--clone-smack-label' option to systemd-bus-proxyd. When dbus client connects to systemd-bus-proxyd through Unix domain socket and this option is enabled proxy takes client's smack label and sets for itself. Why is this an option? Shouldn't this be the default behaviour? +if (arg_clone_smack_label) { + +if (!mac_smack_use()) { +log_warning(No SMACK found); +goto exit_clone_smack_label; +} + +if (!peersec) { +log_warning(Invalid SMACK label); +goto exit_clone_smack_label; +} + +r = have_effective_cap(CAP_MAC_ADMIN); +if (r = 0) { +log_warning(No CAP_MAC_ADMIN capability); +goto exit_clone_smack_label; +} Instead of checking the cap in userspace we should just try to update the label right away and let the kernel decide whether it wants to allow this or not... + @@ -33,3 +33,4 @@ int mac_smack_apply(const char *path, const char *label); int mac_smack_apply_fd(int fd, const char *label); int mac_smack_apply_ip_in_fd(int fd, const char *label); int mac_smack_apply_ip_out_fd(int fd, const char *label); +int mac_smack_set_current_label(char *label); The selinux code has a code mac_selinux_get_our_label(). I figure we should unify the naming scheme here... I don't really like the word current in this context, since, well, of course it's current, and we don't use the word current for any other calls... As a matter of fact I actually don't like the our bit in the existing selinux call, since it's not clear why that's supposed to be plural. Maybe name the SMACK call: int mac_smack_set_process_label(const char *label); And then rename the the selinux call: int mac_selinux_get_process_label(char **label); (I'll make the selinux change, please just rename the SMACK call as pointed out.) Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v6] udev hwdb: Support shipping pre-compiled database in system images
Hey Colin, Colin Guthrie [2014-11-05 15:30 +]: While it's a nice error message, I wonder if it should be reverted back to being dbg again for the initrd use case or perhaps some other mechanism could be used to suppress the error in that case? Oh indeed, I didn't consider that this would happen in an initramfs. So +1 from my side for dialing it back to _dbg(). Thanks! Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] hostnamed: add chassis type robot
--- man/hostnamectl.xml | 3 ++- man/machine-info.xml | 3 ++- shell-completion/bash/hostnamectl | 2 +- shell-completion/zsh/_hostnamectl | 2 +- src/hostname/hostnamed.c | 3 ++- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml index 128d92f..0292bad 100644 --- a/man/hostnamectl.xml +++ b/man/hostnamectl.xml @@ -217,7 +217,8 @@ literalserver/literal, literaltablet/literal, literalhandset/literal, -literalwatch/literal, as well as +literalwatch/literal, +literalrobot/literal, as well as the special chassis types literalvm/literal and literalcontainer/literal for diff --git a/man/machine-info.xml b/man/machine-info.xml index c654daa..da728c1 100644 --- a/man/machine-info.xml +++ b/man/machine-info.xml @@ -139,7 +139,8 @@ literalserver/literal, literaltablet/literal, literalhandset/literal, - literalwatch/literal, as well as + literalwatch/literal, + literalrobot/literal, as well as the special chassis types literalvm/literal and literalcontainer/literal for diff --git a/shell-completion/bash/hostnamectl b/shell-completion/bash/hostnamectl index a5e3460..28fa42f 100644 --- a/shell-completion/bash/hostnamectl +++ b/shell-completion/bash/hostnamectl @@ -52,7 +52,7 @@ _hostnamectl() { if [[ -z $verb ]]; then comps=${VERBS[*]} elif __contains_word $verb ${VERBS[CHASSIS]}; then -comps='desktop laptop server tablet handset watch vm container' +comps='desktop laptop server tablet handset watch robot vm container' elif __contains_word $verb ${VERBS[STANDALONE]} ${VERBS[ICONS]} ${VERBS[NAME]}; then comps='' fi diff --git a/shell-completion/zsh/_hostnamectl b/shell-completion/zsh/_hostnamectl index e02f6de..6b610b8 100644 --- a/shell-completion/zsh/_hostnamectl +++ b/shell-completion/zsh/_hostnamectl @@ -18,7 +18,7 @@ _hostnamectl_set-icon-name() { _hostnamectl_set-chassis() { if (( CURRENT = 3 )); then -_chassis=( desktop laptop server tablet handset watch vm container ) +_chassis=( desktop laptop server tablet handset watch robot vm container ) _describe chassis _chassis else _message no more options diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index a449610..cc8f48b 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -138,7 +138,8 @@ static bool valid_chassis(const char *chassis) { server\0 tablet\0 handset\0 -watch\0, +watch\0 +robot\0, chassis); } -- 2.1.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] [PATCH] cgroup: don't trim cgroup trees created by someone else
On Wed, 05.11.14 12:27, Lennart Poettering (mzerq...@0pointer.de) wrote: it doesn't seem to be correct solution either. systemd will happily remove cgroup in which there are processes. Oh. right, systemd is stricter there than I remembered: we will actually migrate the PIDs before removing the cgroup. I figure we need to figure out a way how we can make a cgroup capable for embedding their own systemd instances, so that the controller memberships cover all hierarchies. I need to think about this. OK, after some thinking and some discussions and more thinking, I now added this: http://cgit.freedesktop.org/systemd/systemd/commit/?id=a931ad47a8623163a29d898224d8a8c1177ffdaf With this in place libvirt-lxc should just work, if it properly creates the root cgroup of is containers with machined's CreateMachine() call. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Rationale for mirroring cpu and systemd cgroup subsystems
On Wed, 05.11.14 16:00, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: On Wed, Nov 5, 2014 at 2:05 PM, Lennart Poettering lenn...@poettering.net wrote: On Wed, 05.11.14 13:41, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: Hi, What is the reasoning for not joining cpu subsystem with systemd subsystem? There are couple ways you can mirror [1] cpu and systemd subsystems and doing so can result completely different cpu bandwidth for processes. I am wondering why we don't mirror them by default. Because simply enabling a cpu controller for a unit already has effects on the processes running it. For example, you don't get RT anymore, and the general scheduling is altered to schedule your entire group evenly against the all groups on the same level. Doesn't it make sense to turn it on by default and let users wanting RT disable it? Seems like this was the case at some point - http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime/ (Very much outdated article, we don't have ControlGroup= anymore) Yeah, I really need to update that article. Generally we should try hard to keep the tree minimal. Resource control enforcement is not free, and hence it should be opt-in, not opt-out. This is something Tejun pretty explicitly asked us for: he wants the most shallow tree that does what is needed. systemd will mirror a cgroup in the cpu hierarchy as soon as you set a property on it that requires the cpu or cpuacct hierarchy, for example CPUAccounting=, CPUShares= or CPUQuota. You can turn on mirroring during runtime but as far as I know there is no way going back without rebooting right? In current versions it should correctly turn mirroring off again when you reset the props to their defaults. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-machined sigterm, cgroups trimmed
Apologize for the self-reply, but upgrading to dbus-1.8.6 seems to have fixed the cgroup trimming issue. However, systemd-machined still gets a sigterm within a minute or two after a VM starts. For what it's worth, throwing a loop in bash that calls machinectl every 10 seconds will keep systemd-machined running indefinitely and avoid any cgroup trimming of active virtual machines: while true; do machinectl; sleep 10; done Should systemd-machined remain running whenever a VM or container is running? -- Major Hayden On Nov 4, 2014, at 08:38, Major Hayden ma...@mhtx.net wrote: I'm currently running systemd 216 on Fedora 21 and I've found an issue where systemd-machined stops running and cgroups are trimmed from the scope of running qemu virtual machines. The series of events looks like this: 1) OpenStack nova creates a KVM virtual machine via libvirt 2) Libvirt registers the VM with systemd-machined, cgroups appear 3) 0-300 seconds pass 4) systemd-machined gets a sigterm and stops 5) cgroups are trimmed for running virtual machines The cgroup trimming is a disaster because it removes devices.allow and devices.deny ACL's for the running virtual machine. Here is a snippet of the systemd journal with two virtual machines running. You'll see that systemd-machined gets a sigterm and stops: https://gist.github.com/major/2d76cbf0d0de0d62ce3f Shortly after systemd-machined goes offline, the cgroups are removed. Rebooting the hypervisor, rebooting a virtual machine, or building a new virtual machine will cause systemd-machined to start again but it will stop shortly afterwards. I'm running libvirt 1.2.9 and systemd 216 on Linux 3.16.7. Thanks in advance for your help. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v6] udev hwdb: Support shipping pre-compiled database in system images
Martin Pitt wrote on 05/11/14 17:04: Hey Colin, Colin Guthrie [2014-11-05 15:30 +]: While it's a nice error message, I wonder if it should be reverted back to being dbg again for the initrd use case or perhaps some other mechanism could be used to suppress the error in that case? Oh indeed, I didn't consider that this would happen in an initramfs. So +1 from my side for dialing it back to _dbg(). Thanks! No problem. I pushed it now but with a small correction to the commit message to refer to initramfs rather than initrd... don't think I'll ever learn to call it by its proper name :p Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-machined sigterm, cgroups trimmed
On Tue, Nov 04, 2014 at 08:38:51AM -0600, Major Hayden wrote: Hello there, I'm currently running systemd 216 on Fedora 21 and I've found an issue where systemd-machined stops running and cgroups are trimmed from the scope of running qemu virtual machines. The series of events looks like this: 1) OpenStack nova creates a KVM virtual machine via libvirt 2) Libvirt registers the VM with systemd-machined, cgroups appear 3) 0-300 seconds pass 4) systemd-machined gets a sigterm and stops I do not see in the trace, I think that systemd-machined stops on it's own after a period of inactivity. 5) cgroups are trimmed for running virtual machines I don't see this either... (the log is fairly long and hard to read, so maybe I missed it). I only see systemd-machined exiting. DEFAULT_EXIT_USEC is 30 s, and it exits 37 s after startup, consistent with that timeout. Can you post the full cgroup tree before systemd-machined exists and after (systemd-cgls output)? You might want to disable the watchdog for systemd-machined (by adding [Service] WatchdogSec=0 to a drop-in file for systemd-machined), and then stop it with sigstop, and see if your machines still get killed. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [systemd-commits] units/basic.target units/poweroff.target units/reboot.target
On Wed, 05.11.14 17:46, Zbigniew Jędrzejewski-Szmek (zbys...@kemper.freedesktop.org) wrote: Ahum. This needs more discussion. units: disable job timeouts For boot, we might kill fsck in the middle, with likely catastrophic consequences. This I can agree with for now. However, we really should revisit this. On shutdown there might be other jobs, like downloading of updates for installation, and other custom jobs. It seems better to schedule an individual timeout on each one separately, when it is known what timeout is useful. However, this one appears bogus to me. Is there any such software around that really does this? And if so, this really appears weird to me to support. Delaying shutdown for more than 30min is just wrong. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Udev rules hardware database
On Wed, Nov 05, 2014 at 04:55:52PM +0100, Patrick Häcker wrote: - If not, is udev the correct piece in the Linux stack to put this? Most likely the kernel should do this by itself. What where the devices that you had to disable power saving on? - What is the general way to contribute udev rules? Send patches to this mailing list. - Where is it documented? Good question. A patch which documents this might not be a bad idea. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] hostnamed: add chassis type robot
On Wed, Nov 05, 2014 at 06:40:51PM +0100, Noé Rubinstein wrote: --- man/hostnamectl.xml | 3 ++- man/machine-info.xml | 3 ++- shell-completion/bash/hostnamectl | 2 +- shell-completion/zsh/_hostnamectl | 2 +- src/hostname/hostnamed.c | 3 ++- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml index 128d92f..0292bad 100644 --- a/man/hostnamectl.xml +++ b/man/hostnamectl.xml @@ -217,7 +217,8 @@ literalserver/literal, literaltablet/literal, literalhandset/literal, -literalwatch/literal, as well as +literalwatch/literal, +literalrobot/literal, as well as the special chassis types literalvm/literal and literalcontainer/literal for This is a nice fun patch. But I'm a bit concerned where this is going... Soon we'll have to add fridge, car, aircraft, ISS, extraterrestial rover, etc., since systmed is being used everywhere. I know that it's rather mundane, but would other work for you instead? Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [systemd-commits] units/basic.target units/poweroff.target units/reboot.target
On Thu, Nov 06, 2014 at 03:22:09AM +0100, Lennart Poettering wrote: On Wed, 05.11.14 17:46, Zbigniew Jędrzejewski-Szmek (zbys...@kemper.freedesktop.org) wrote: Ahum. This needs more discussion. units: disable job timeouts For boot, we might kill fsck in the middle, with likely catastrophic consequences. This I can agree with for now. However, we really should revisit this. Yeah, that was supposed to be temporary, until we figure things out. On shutdown there might be other jobs, like downloading of updates for installation, and other custom jobs. It seems better to schedule an individual timeout on each one separately, when it is known what timeout is useful. However, this one appears bogus to me. Is there any such software around that really does this? And if so, this really appears weird to me to support. Delaying shutdown for more than 30min is just wrong. Isn't this what the various download updates and reboot gnome-y things are doing? Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel