[systemd-devel] systemctl ; tmpfiles 'D'
From the series of "Living with systemd-git"…
~ After commit d7b8eec7dc7fe30 (tmpfiles: add new line type 'v'…),
`systemd-tmpfiles` no longer creates directories from 'D' entries
("Create or empty a directory"), though it still tries to chmod them:
umask(022) = 0
stat("/run/samba", 0x7fff7bbf2fa0) = -1 ENOENT (No such file or directory)
chmod("/run/samba", 0755) = -1 ENOENT (No such file or directory)
writev(2, [{"chmod(/run/samba) failed: No such file or directory",
51}, {"\n", 1}], 2) = 52
'd' entries work fine. samba.conf contains:
D /run/samba 0755 - - -
d /var/log/samba 0755 - - -
~ After commit ebd011d95b61a (machinectl: add new "start" verb…),
`systemctl start/stop/restart` hangs forever while waiting for the
action result (which *does* arrive over the bus):
Calling manager for RestartUnit on polkit.service, replace
Sent message type=method_call sender=n/a
destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=RestartUnit cookie=1
reply_cookie=0 error=n/a
Sent message type=method_call sender=n/a
destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=GetUnit cookie=2
reply_cookie=0 error=n/a
Sent message type=method_call sender=n/a
destination=org.freedesktop.systemd1
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=Get cookie=3
reply_cookie=0 error=n/a
Adding /org/freedesktop/systemd1/job/132481 to the set
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=JobNew cookie=2
reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=3 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=4 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/job/132481
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=5 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=8 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=9 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/job/132481
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=10 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=11 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=12 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/job/132481
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=13 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/job/132481
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=14 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=JobRemoved cookie=15
reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=16 reply_cookie=0 error=n/a
Got message type=signal sender=n/a destination=n/a
object=/org/freedesktop/systemd1/unit/polkit_2eservice
interface=org.freedesktop.DBus.Properties member=PropertiesChanged
cookie=17 reply_cookie=0 error=n/a
--
Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v3] Do not clear parent mount flags when setting up namespaces
When setting up a namespace, flags like noexec, nosuid and nodev are
cleared, so the mounts always have exec, suid, dev flags enabled.
Copy parent directory mount flags when setting up a namespace and
don't accidentally clear mount flags later.
---
src/core/namespace.c | 12 ++--
src/shared/util.c| 24 ++--
src/shared/util.h| 2 ++
3 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 4b8dbdd..6807e0c 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -149,6 +149,7 @@ static int mount_dev(BindMount *m) {
const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL,
*devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
_cleanup_umask_ mode_t u;
int r;
+unsigned long parent_flags;
assert(m);
@@ -159,7 +160,10 @@ static int mount_dev(BindMount *m) {
dev = strappenda(temporary_mount, "/dev");
(void)mkdir(dev, 0755);
-if (mount("tmpfs", dev, "tmpfs", MS_NOSUID|MS_STRICTATIME, "mode=755")
< 0) {
+r = get_mount_flags("/dev", &parent_flags);
+if (r < 0)
+goto fail;
+if (mount("tmpfs", dev, "tmpfs",
parent_flags|MS_NOSUID|MS_STRICTATIME, "mode=755") < 0) {
r = -errno;
goto fail;
}
@@ -272,6 +276,7 @@ static int mount_kdbus(BindMount *m) {
char *busnode = NULL, *root;
struct stat st;
int r;
+unsigned long parent_flags;
assert(m);
@@ -282,7 +287,10 @@ static int mount_kdbus(BindMount *m) {
root = strappenda(temporary_mount, "/kdbus");
(void)mkdir(root, 0755);
-if (mount("tmpfs", root, "tmpfs", MS_NOSUID|MS_STRICTATIME,
"mode=777") < 0) {
+r = get_mount_flags("/sys/fs/kdbus", &parent_flags);
+if (r < 0)
+goto fail;
+if (mount("tmpfs", root, "tmpfs",
parent_flags|MS_NOSUID|MS_STRICTATIME, "mode=777") < 0) {
r = -errno;
goto fail;
}
diff --git a/src/shared/util.c b/src/shared/util.c
index dfaf7f7..b28213f 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -61,6 +61,7 @@
#include
#include
#include
+#include
#undef basename
#ifdef HAVE_SYS_AUXV_H
@@ -6858,6 +6859,16 @@ int umount_recursive(const char *prefix, int flags) {
return r ? r : n;
}
+int get_mount_flags(const char *path, unsigned long *flags) {
+struct statvfs buf;
+
+if (statvfs(path, &buf) < 0)
+return -errno;
+
+*flags = buf.f_flag;
+return 0;
+}
+
int bind_remount_recursive(const char *prefix, bool ro) {
_cleanup_set_free_free_ Set *done = NULL;
_cleanup_free_ char *cleaned = NULL;
@@ -6892,6 +6903,7 @@ int bind_remount_recursive(const char *prefix, bool ro) {
_cleanup_set_free_free_ Set *todo = NULL;
bool top_autofs = false;
char *x;
+unsigned long orig_flags;
todo = set_new(&string_hash_ops);
if (!todo)
@@ -6969,7 +6981,11 @@ int bind_remount_recursive(const char *prefix, bool ro) {
if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC,
NULL) < 0)
return -errno;
-if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ?
MS_RDONLY : 0), NULL) < 0)
+r = get_mount_flags(prefix, &orig_flags);
+if (r < 0)
+return r;
+orig_flags &= ~MS_RDONLY;
+if (mount(NULL, prefix, NULL,
orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
return -errno;
x = strdup(cleaned);
@@ -6989,7 +7005,11 @@ int bind_remount_recursive(const char *prefix, bool ro) {
if (r < 0)
return r;
-if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ?
MS_RDONLY : 0), NULL) < 0) {
+r = get_mount_flags(x, &orig_flags);
+if (r < 0)
+return r;
+orig_flags &= ~MS_RDONLY;
+if (mount(NULL, x, NULL,
orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
/* Deal with mount points that are
* obstructed by a later mount */
diff --git a/src/shared/util.h b/src/shared/util.h
index a131a3c..d5aa988 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -1021,6 +1021,8 @@ union file_handle_union {
int update_reboot_param_file(const char *param);
+int get_mount_flags(const char *path, unsigned long *flags);
+
int umount_recursive(const char *target, int flags);
int bind_remount_recursive(const char *prefix,
Re: [systemd-devel] systemd networking : problems with bridges
В Sat, 3 Jan 2015 01:24:48 -0500 Charles Devereaux пишет: > Hello > > I'm trying to configure systemd networking for a bridge, using v217-stable > from anongit.freedesktop.org/systemd/systemd-stable > > I mostly have 3 problems: > > 1- 3 - I do not understand how to properly use systemd-networkd-wait-online > > I have one service (establishing the uplink) with: > After=network-online.target > So if I understand it correctly you want - configure one interface - start some program that establishes what you call "uplink". I presume it results in one more interface appearing? - configure new "uplink" interface Am I right? Could you explain in some more details your setup? ... > > If I try to start it manually, it hangs, even if I specify > --interface=wlan0 in its service. > --interface parameter does not restrict which links are watched - it simply delays checking their state until all named interfaces are present. > I think the reason might be br0, that is seen as "not ready" because of the > uplink issue: > > $ networkctl status 3 > ● 3: br0 >Link File: n/a > Network File: /etc/systemd/network/bridge.network > Type: ether >State: no-carrier (configuring) > (...) > Yes, systemd-networkd-online will wait for all known links to become ready. > If I manually start the uplink, networkctl is happy (State: routable > (configured) and systemd-networkd-wait-online works. So it's a catch 21: > uplink can't start because systemd-networkd-wait-online does not indicate > success because uplink can't start. > > Is there an option I could use on bridge.network to indicate it shouldn't > be considered by systemd-network-wait-online (a bit like it ignores the > loopback interfaces)? > This sounds like broken approach. If I follow your configuration correctly, br0 is *the* interface that provides your network connectivity so wait-online should wait until it is up and running. What is missing here is the ability to express dependency on individual interfaces. Alternatively support for callouts would help (start external helper to configure uplink as soon as physical interface is ready). I do not think either is possible right now. > 2- Updating the bridge configuration without requesting too many DHCP > addresses. > > The bridge is properly brought up by systemd-networkd, but I do not see how > to take it down or how to change some options when say the .netdev file has > changed (ex: changed the mac address, new dhcp option, etc). > > At the moment, I work around the problem with systemctl stop > systemd-networkd && systemctl start systemd-network but this cause some > dhcp weirdness on the other network interfaces using DHCP, with a new IP > being configured every time. > I think it was discussed and for now it is intentional - you need to restart networkd to pick configuration changes but networkd will not wipe clean existing configuration. > For exemple, after a few tries I currently have: > > $ networkctl status >State: routable > Address: 192.168.2.44 > 192.168.2.43 > 192.168.2.42 > 192.168.2.41 > 192.168.2.40 > 192.168.2.39 > 192.168.2.38 > (...) > > I'm not sure why it's hogging the DHCP addresses since the corresponding > .network file is quite simple: > > $ cat wireless.network > [Match] > Name=w* > Virtualization=no > > [Network] > DHCP=both > > [DHCP] > UseHostname=false > > Does networkctl supports turning interfaces up/down and restarting them? Is > it a planned feature? > > If not, I would suggest adding a least a restart feature, so that the > interface can be reconfigured in isolation without affecting the DHCP IPs > of the other interfaces. For bridges, this restart feature could do the > ifconfig down and brctl delbr. > > It might be good to do the same when systemd-network is restarted, so that > the new options (ex: cloned mac addres) are applied. > > 3- Acquiring DHCP leases *AND* serving DHCP on br0 > > br0 is configured as: > $ cat bridge.network > [Match] > Name=br0 > > [Network] > DHCP=both > Address=192.168.3.224/28 > DHCPServer=yes > > [DHCP] > UseHostname=false > UseDNS=false > RequestBroadcast=yes > > ap0 is a local access point, bridged to an uplink on br0 > > The idea is to have 192.168.3.224 configured and serve DHCP address in the > /28 (16 addresses) during the uplink confirmation. When the uplink is up, > it will provide better addresses and configuration to the clients. With > the configuration above, the DHCP address offered by the uplink is properly > seen by networkctl, and configured. It respond to pings. > > The DHCP range is properly used to give IP addresses like 192.168.3.225 to > clients. > > I tested with a OSX Yosemite client : when the uplink is established, the > clients get the new lease, yet they still seem to try and use the old one, > as I can see packets trying to use the local link instead of the uplink : > ip6
[systemd-devel] Relative links in tmpfiles.d/etc.conf
Hi, Our /etc is a sym link and due to that all the links created by tmpfiles.d/etc.conf are wrong. Is there a reason why the links are relative? I would like to send a patch to either: a) Convert the relative links to absolute ones. b) Follow the sym link before creating the relative one. Umut ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2] Do not clear parent mount flags when setting up namespaces
On 01/02/15 23:53, Djalal Harouni wrote:
> Hi,
>
> On Thu, Jan 01, 2015 at 10:36:39PM +0200, Topi Miettinen wrote:
>> Copy parent directory mount flags when setting up a namespace and
>> don't accidentally clear mount flags later.
> As noted by Colin in the other email, there should be a git log message
> for why the change.
>
> Yes thank you, I see that in one of the replies of v1 of the patch you
> say why, so just perhaps use it in the commit log and code comment ?
>
>
>> ---
>> src/core/namespace.c | 4 ++--
>> src/shared/util.c| 19 +--
>> src/shared/util.h| 2 ++
>> 3 files changed, 21 insertions(+), 4 deletions(-)
>>
>> diff --git a/src/core/namespace.c b/src/core/namespace.c
>> index 4b8dbdd..6859b6a 100644
>> --- a/src/core/namespace.c
>> +++ b/src/core/namespace.c
>> @@ -159,7 +159,7 @@ static int mount_dev(BindMount *m) {
>>
>> dev = strappenda(temporary_mount, "/dev");
>> (void)mkdir(dev, 0755);
>> -if (mount("tmpfs", dev, "tmpfs", MS_NOSUID|MS_STRICTATIME,
>> "mode=755") < 0) {
>> +if (mount("tmpfs", dev, "tmpfs",
>> get_mount_flags("/dev")|MS_NOSUID|MS_STRICTATIME, "mode=755") < 0) {
> There is no need for this function to be a parameter
>
>
>> r = -errno;
>> goto fail;
>> }
>> @@ -282,7 +282,7 @@ static int mount_kdbus(BindMount *m) {
>>
>> root = strappenda(temporary_mount, "/kdbus");
>> (void)mkdir(root, 0755);
>> -if (mount("tmpfs", root, "tmpfs", MS_NOSUID|MS_STRICTATIME,
>> "mode=777") < 0) {
>> +if (mount("tmpfs", root, "tmpfs",
>> get_mount_flags("/sys/fs/kdbus")|MS_NOSUID|MS_STRICTATIME, "mode=777") < 0) {
>> r = -errno;
>> goto fail;
>> }
>> diff --git a/src/shared/util.c b/src/shared/util.c
>> index dfaf7f7..8ff5073 100644
>> --- a/src/shared/util.c
>> +++ b/src/shared/util.c
>> @@ -61,6 +61,7 @@
>> #include
>> #include
>> #include
>> +#include
>> #undef basename
>>
>> #ifdef HAVE_SYS_AUXV_H
>> @@ -6858,6 +6859,15 @@ int umount_recursive(const char *prefix, int flags) {
>> return r ? r : n;
>> }
>>
>> +unsigned long get_mount_flags(const char *path) {
>> +struct statvfs buf;
>> +
>> +if (statvfs(path, &buf) < 0)
>> +return 0;
> IMO here it should return an errno since this is a helper. In that case
> perhaps just open code the statvfs() or improve the helper ?
I'll make it return errno, for general use it's of course good to know
if there was a problem.
>
> Thanks!
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2] Do not clear parent mount flags when setting up namespaces
On 01/02/15 21:49, Colin Walters wrote: > On Thu, Jan 1, 2015, at 03:36 PM, Topi Miettinen wrote: >> Copy parent directory mount flags when setting up a namespace and >> don't accidentally clear mount flags later. > > I think unless they're obvious, git commits should at least have a brief > rationale for *why* you're making the change, not just *what* the change is. > That way someone later editing the code has an idea what they might break if > they changed it. > > Is it something like mounting the tmpfs with options like size=? It looks like fs specific options do not change when doing the bind mount. The options that do get cleared unless copied are nosuid, nodev and noexec flags, maybe also MS_SYNCHRONOUS, MS_POSIXACL etc. > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
