Re: [systemd-devel] Vendor default masked service
On Thu, May 28, 2015 at 6:25 PM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 28.05.15 13:56, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: On Thu, May 28, 2015 at 1:17 PM, Lennart Poettering lenn...@poettering.net wrote: On Wed, 27.05.15 13:05, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: On Tue, May 26, 2015 at 4:14 PM, Lennart Poettering lenn...@poettering.net wrote: On Tue, 26.05.15 11:53, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote: Hi, I was wondering if we have a way to provide vendor default masked service? Well, so far our thinking was that if the vendor wants to make a unit completely unavailable he should simply not ship it in the first place. What's the usecase for a vendor masking a unit, but installing it? Why not remove it in the first place entirely? If we ship a product without the service, we don't have a way of installing it again once the product is deployed. Use case would be: We use one software for a video encoder blade with multiple CPUs. Every CPU runs the same software. We have a special service which should only run on the first CPU. A generator installs the .wants link for the service on first CPU. Another service could try to talk to the special service over dbus causing it to be dbus activated (where special service is only allowed to be up on first CPU). We could install the dbus activation files with generator but it gets messy to offload this logic to a generator. Also, special service can be activated by using systemd's dbus interface. My recommendation would be to ship the dbus service file always, but make it direct to SystemdService=dbus-com.axis.foobar.waldi.service, and then manage dbus-com.axis.foobar.waldi.service as a symlink alias to the real bus service. All you do in your generator now is create the symlink or not create it... Wouldn't that work? For dbus activation it would work but other services can still activate the service through systemd. But why is that a problem? If daemons explicitly request another service by invoking StartUnit() via the bus, why block this off in your usecase? I think you are right. As long as we can stop the service from being bus/socket activated (which we can), we should be good. Really not much to do for explicit requests. Our software has to interpret activation failure messages coming from dbus [1] somehow to service shouldn't be started. I am guessing we should also be future compatible that these messages will come from someone else with kdbus or? [1] - sender=org.freedesktop.DBus destination=:1.57 object=n/a interface=n/a member=n/a cookie=3 reply_cookie=2 error=Unit dbus-com.axis.PrioritizedTextOverlay.service failed to load: No such file or directory. Umut I can understand you don't want implicit activation via socket, boot, bus but that's all easily managable via systemctl disable and systemctl enable. What am I missing? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the mount options, and the define is not used. Everywhere else, we explicitly white-list allow 'name=' prefix to be used with all controllers, and strip it out to 'normalise' the controller name. That work is mostly inflicted on us due to 'name=' prefix in the define. Dropping this prefix makes everything more sane overall. --- src/shared/cgroup-util.c| 24 ++-- src/shared/cgroup-util.h| 2 +- src/shared/def.h| 2 +- src/test/test-cgroup-util.c | 20 ++-- 4 files changed, 22 insertions(+), 26 deletions(-) diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c index 9988e5c..d83cdf7 100644 --- a/src/shared/cgroup-util.c +++ b/src/shared/cgroup-util.c @@ -441,9 +441,7 @@ static const char *normalize_controller(const char *controller) { assert(controller); -if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) -return systemd; -else if (startswith(controller, name=)) +if (startswith(controller, name=)) return controller + 5; else return controller; @@ -483,7 +481,7 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch assert(fs); -if (controller !cg_controller_is_valid(controller, true)) +if (controller !cg_controller_is_valid(controller)) return -EINVAL; if (_unlikely_(!good)) { @@ -526,7 +524,7 @@ int cg_get_path_and_check(const char *controller, const char *path, const char * assert(fs); -if (!cg_controller_is_valid(controller, true)) +if (!cg_controller_is_valid(controller)) return -EINVAL; /* Normalize the controller syntax */ @@ -742,7 +740,7 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **path) { assert(pid = 0); if (controller) { -if (!cg_controller_is_valid(controller, true)) +if (!cg_controller_is_valid(controller)) return -EINVAL; controller = normalize_controller(controller); @@ -971,7 +969,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) { e = strchr(spec, ':'); if (!e) { -if (!cg_controller_is_valid(spec, true)) +if (!cg_controller_is_valid(spec)) return -EINVAL; if (controller) { @@ -994,7 +992,7 @@ int cg_split_spec(const char *spec, char **controller, char **path) { t = strdup(normalize_controller(v)); if (!t) return -ENOMEM; -if (!cg_controller_is_valid(t, true)) { +if (!cg_controller_is_valid(t)) { free(t); return -EINVAL; } @@ -1610,17 +1608,15 @@ char *cg_unescape(const char *p) { DIGITS LETTERS \ _ -bool cg_controller_is_valid(const char *p, bool allow_named) { +bool cg_controller_is_valid(const char *p) { const char *t, *s; if (!p) return false; -if (allow_named) { -s = startswith(p, name=); -if (s) -p = s; -} +s = startswith(p, name=); +if (s) +p = s; if (*p == 0 || *p == '_') return false; diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h index cbf7201..fd72e9e 100644 --- a/src/shared/cgroup-util.h +++ b/src/shared/cgroup-util.h @@ -122,7 +122,7 @@ int cg_path_decode_unit(const char *cgroup, char **unit); char *cg_escape(const char *p); char *cg_unescape(const char *p) _pure_; -bool cg_controller_is_valid(const char *p, bool allow_named); +bool cg_controller_is_valid(const char *p); int cg_slice_to_path(const char *unit, char **ret); diff --git a/src/shared/def.h b/src/shared/def.h index a3d9fcf..011c7c6 100644 --- a/src/shared/def.h +++ b/src/shared/def.h @@ -35,7 +35,7 @@ * the watchdog pings will keep the loop busy. */ #define DEFAULT_EXIT_USEC (30*USEC_PER_SEC) -#define SYSTEMD_CGROUP_CONTROLLER name=systemd +#define SYSTEMD_CGROUP_CONTROLLER systemd #define SIGNALS_CRASH_HANDLER SIGSEGV,SIGILL,SIGFPE,SIGBUS,SIGQUIT,SIGABRT #define SIGNALS_IGNORE SIGPIPE diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c index 4a89f64..ecc9d70 100644 --- a/src/test/test-cgroup-util.c +++ b/src/test/test-cgroup-util.c @@ -244,16 +244,16 @@ static void test_escape(void) { } static void test_controller_is_valid(void) { -assert_se(cg_controller_is_valid(foobar, false)); -assert_se(cg_controller_is_valid(foo_bar, false)); -assert_se(cg_controller_is_valid(name=foo, true)); -assert_se(!cg_controller_is_valid(, false)); -assert_se(!cg_controller_is_valid(name=, true)); -
Re: [systemd-devel] [PATCH] shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433163413-13720-1-git-send-email-dimitri.j.ledkov%40intel.com -- Generated by https://github.com/haraldh/mail2git ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] mount: use libmount to monitor mountinfo utab
Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433160477-25478-1-git-send-email-kzak%40redhat.com -- Generated by https://github.com/haraldh/mail2git ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] bcache broke in udev 220
Hey David, David Mohr [2015-05-31 15:57 -0600]: udev 220 arrived in Debian sid and this update broke bcache support [1]: no /dev/disk/by-uuid/ symlink is being created for the filesystem on top of /dev/bcache*. That's because 60-persistent-storage now uses a whitelist instead of blacklist. The simple attached patch fixes this, could you please apply it? Applied, thank you! http://cgit.freedesktop.org/systemd/systemd/commit/?id=19672f1e5f Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] mount: use libmount to monitor mountinfo utab
The current implementation directly monitor /proc/self/mountinfo and /run/mount/utab files. It's really not optimal because utab file is private libmount stuff without any official guaranteed semantic. The libmount since v2.26 provides API to monitor mount kernel userspace changes. This patch replaces the current implementation with libmount based solution. Now the manager.h includes libmount.h, so $MOUNT_CFLAGS has been necessary to add to many tests CFLAGS. Note that mnt_monitor_event_cleanup() in v2.26 is broken, so the patch uses mnt_monitor_next_change(). It's exactly the same solution which uses the current libmount HEAD (mnt_monitor_event_cleanup() is API shorcut only). --- Makefile.am| 33 -- configure.ac | 2 +- src/core/manager.c | 2 +- src/core/manager.h | 5 ++- src/core/mount.c | 100 - 5 files changed, 49 insertions(+), 93 deletions(-) diff --git a/Makefile.am b/Makefile.am index ed5135d..3815e72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1352,7 +1352,8 @@ systemd_SOURCES = \ systemd_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) systemd_LDADD = \ libsystemd-core.la \ @@ -1554,7 +1555,8 @@ test_engine_SOURCES = \ test_engine_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_engine_LDADD = \ libsystemd-core.la \ @@ -1565,7 +1567,8 @@ test_job_type_SOURCES = \ test_job_type_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_job_type_LDADD = \ libsystemd-core.la \ @@ -1609,7 +1612,8 @@ test_unit_name_SOURCES = \ test_unit_name_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_unit_name_LDADD = \ libsystemd-core.la \ @@ -1620,7 +1624,8 @@ test_unit_file_SOURCES = \ test_unit_file_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_unit_file_LDADD = \ libsystemd-core.la \ @@ -1838,7 +1843,8 @@ test_tables_CPPFLAGS = \ test_tables_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_tables_LDADD = \ libsystemd-logs.la \ @@ -1973,7 +1979,8 @@ test_cgroup_mask_SOURCES = \ src/test/test-cgroup-mask.c test_cgroup_mask_CPPFLAGS = \ - $(AM_CPPFLAGS) + $(AM_CPPFLAGS) \ + $(MOUNT_CFLAGS) test_cgroup_mask_CFLAGS = \ $(AM_CFLAGS) \ @@ -2022,7 +2029,8 @@ test_path_SOURCES = \ src/test/test-path.c test_path_CFLAGS = \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(MOUNT_CFLAGS) test_path_LDADD = \ libsystemd-core.la @@ -2031,7 +2039,8 @@ test_execute_SOURCES = \ src/test/test-execute.c test_execute_CFLAGS = \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(MOUNT_CFLAGS) test_execute_LDADD = \ libsystemd-core.la @@ -2061,7 +2070,8 @@ test_sched_prio_SOURCES = \ src/test/test-sched-prio.c test_sched_prio_CPPFLAGS = \ - $(AM_CPPFLAGS) + $(AM_CPPFLAGS) \ + $(MOUNT_CFLAGS) test_sched_prio_CFLAGS = \ $(AM_CFLAGS) \ @@ -2133,7 +2143,8 @@ systemd_analyze_SOURCES = \ systemd_analyze_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) systemd_analyze_LDADD = \ libsystemd-core.la \ diff --git a/configure.ac b/configure.ac index 48cedb5..74ec386 100644 --- a/configure.ac +++ b/configure.ac @@ -454,7 +454,7 @@ AM_CONDITIONAL(HAVE_BLKID, [test $have_blkid = yes]) # -- have_libmount=no -PKG_CHECK_MODULES(MOUNT, [ mount = 2.20 ], +PKG_CHECK_MODULES(MOUNT, [ mount = 2.26 ], [AC_DEFINE(HAVE_LIBMOUNT, 1, [Define if libmount is available]) have_libmount=yes], have_libmount=no) if test x$have_libmount = xno; then AC_MSG_ERROR([*** libmount support required but libraries not found]) diff --git a/src/core/manager.c b/src/core/manager.c index b931b0d..6881bb2 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -567,7 +567,7 @@ int manager_new(ManagerRunningAs running_as, bool test_run, Manager **_m) { m-idle_pipe[0] = m-idle_pipe[1] = m-idle_pipe[2] = m-idle_pipe[3] = -1; -m-pin_cgroupfs_fd = m-notify_fd = m-signal_fd = m-time_change_fd = m-dev_autofs_fd = m-private_listen_fd = m-kdbus_fd = m-utab_inotify_fd = -1; +m-pin_cgroupfs_fd = m-notify_fd = m-signal_fd = m-time_change_fd = m-dev_autofs_fd = m-private_listen_fd = m-kdbus_fd = -1; m-current_job_id = 1; /* start as id #1, so that we can leave #0 around as null-like value */ m-ask_password_inotify_fd = -1; diff --git a/src/core/manager.h
Re: [systemd-devel] [PATCH v2] cgroup-util: fix is_valid check to pass for unified cgroup hierchy.
On 1 June 2015 at 09:03, Umut Tezduyar Lindskog u...@tezduyar.com wrote: On Fri, May 29, 2015 at 12:25 PM, Lennart Poettering lenn...@poettering.net wrote: On Fri, 29.05.15 00:24, Dimitri John Ledkov (dimitri.j.led...@intel.com) wrote: On 28 May 2015 at 18:08, Lennart Poettering lenn...@poettering.net wrote: On Thu, 28.05.15 16:42, Dimitri John Ledkov (dimitri.j.led...@intel.com) wrote: It appears in /proc/self/cgroup as `0::/' What precisely does this fix? I mean, we need to do some major rework of things before the unified hierarchy is really supported in systemd, and this one thing won't really get us too much in this regard, does it? I'm starting to explore possibilities to start work towards supporting unified cgroups hierarchy, or at least be able to boot with it. I'll send a larger patch series in one go later than with all the bits that offer something more tangible, albeit disabled by default behind configure options (like kdbus) given that unified hierarchy is still marked experimental in the kernel. Ah, it's actually my big thing to work on for the next weeks too... What is the advantage of having a unified hierarchy, could you guys explain? There are a few. Read more in the linux documentation: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/cgroups/unified-hierarchy.txt For me, I'm spending a lot of time during boot forking cgroups release agent user-space binary, which establishes IPC connection to systemd to notify that a cgroup was released. And essentially oneshot services during boot pay sequential price of executing two processes rather than just one. Hence exposure of cgroups.populated field is very desirable for me. Currently only available on the unified hierarchy, but I'm not sure why it couldn't be enabled on the old one, given that it is forward compatible. -- Regards, Dimitri. Pura Vida! https://clearlinux.org Open Source Technology Center Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] sd-device: fix invalid property strv pointers
On Mon, Jun 1, 2015 at 11:39 AM, Martin Pitt martin.p...@ubuntu.com wrote: With our 220 package I still get a broken environment in udev callouts, even with Tom's recent fix 0e3e605 applied. Curiously it works for devices like lo which don't have a lot of properties, but for real wlan devices I get invalid environment variables. With some debugging applied (http://paste.ubuntu.com/11492452/) this is visible in the bogus strings that udev_device_get_properties_envp() returns: http://paste.ubuntu.com/11492458/ I tracked that down to invalid memory handling in device_update_properties_bufs(). Patch attached with detailled explanation. Thanks for figuring this out Martin. The patch looks good to me, though maybe we should use NULSTR_FOREACH for the second loop? Go ahead and push. Cheers, Tom ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] sd-device: fix invalid property strv pointers
Hey Tom, Tom Gundersen [2015-06-01 11:52 +0200]: Thanks for figuring this out Martin. The patch looks good to me, though maybe we should use NULSTR_FOREACH for the second loop? Thanks for pointing out, these little utilities haven't made it yet into my finger memory.. Applied with this change: http://cgit.freedesktop.org/systemd/systemd/commit/?id=d854ba50 Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Partially revert ma-setup: simplify
On Mon, 2015-06-01 at 10:36 -0400, Zbigniew Jędrzejewski-Szmek wrote: --- OK, that's strange. Because the error message comes from copy_bytes() failing, and in copy_bytes() EINVAL could only originate in loop_write(), unless I'm missing something. Can you check the following patch, which essentially reverts to the old copy method? Zbyszek With minor include changes to have it apply cleanly, the IMA policy is loaded properly. Mimi src/core/ima-setup.c | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index 7721b3ecaf..531c4e1931 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -24,9 +24,10 @@ #include unistd.h #include errno.h #include fcntl.h +#include sys/stat.h +#include sys/mman.h #include ima-setup.h -#include copy.h #include util.h #include log.h @@ -39,6 +40,8 @@ int ima_setup(void) { #ifdef HAVE_IMA _cleanup_close_ int policyfd = -1, imafd = -1; +struct stat st; +char *policy; if (access(IMA_SECFS_DIR, F_OK) 0) { log_debug(IMA support is disabled in the kernel, ignoring.); @@ -53,7 +56,7 @@ int ima_setup(void) { } if (access(IMA_SECFS_POLICY, F_OK) 0) { -log_warning(Another IMA custom policy has already been loaded, ignoring.); +log_error(Another IMA custom policy has already been loaded, ignoring.); return 0; } @@ -63,12 +66,20 @@ int ima_setup(void) { return 0; } -r = copy_bytes(policyfd, imafd, (off_t) -1, false); +if (fstat(policyfd, st) 0) +return log_error_errno(errno, Failed to fstat IMA_POLICY_PATH: %m); + +policy = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, policyfd, 0); +if (policy == MAP_FAILED) +return log_error_errno(errno, Failed to mmap IMA_POLICY_PATH: %m); + +r = loop_write(imafd, policy, (size_t) st.st_size, false); if (r 0) log_error_errno(r, Failed to load the IMA custom policy file IMA_POLICY_PATH: %m); else log_info(Successfully loaded the IMA custom policy IMA_POLICY_PATH.); +munmap(policy, st.st_size); #endif /* HAVE_IMA */ return r; } ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] mount: use libmount to monitor mountinfo utab
Hi Karel, On Mon, Jun 1, 2015 at 2:07 PM, Karel Zak k...@redhat.com wrote: The current implementation directly monitor /proc/self/mountinfo and /run/mount/utab files. It's really not optimal because utab file is private libmount stuff without any official guaranteed semantic. The libmount since v2.26 provides API to monitor mount kernel userspace changes. This patch replaces the current implementation with libmount based solution. Now the manager.h includes libmount.h, so $MOUNT_CFLAGS has been necessary to add to many tests CFLAGS. Note that mnt_monitor_event_cleanup() in v2.26 is broken, so the patch uses mnt_monitor_next_change(). It's exactly the same solution which uses the current libmount HEAD (mnt_monitor_event_cleanup() is API shorcut only). Tiny nitpick below, otherwise look good to me. Cheers, Tom --- Makefile.am| 33 -- configure.ac | 2 +- src/core/manager.c | 2 +- src/core/manager.h | 5 ++- src/core/mount.c | 100 - 5 files changed, 49 insertions(+), 93 deletions(-) diff --git a/Makefile.am b/Makefile.am index ed5135d..3815e72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1352,7 +1352,8 @@ systemd_SOURCES = \ systemd_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) systemd_LDADD = \ libsystemd-core.la \ @@ -1554,7 +1555,8 @@ test_engine_SOURCES = \ test_engine_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_engine_LDADD = \ libsystemd-core.la \ @@ -1565,7 +1567,8 @@ test_job_type_SOURCES = \ test_job_type_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_job_type_LDADD = \ libsystemd-core.la \ @@ -1609,7 +1612,8 @@ test_unit_name_SOURCES = \ test_unit_name_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_unit_name_LDADD = \ libsystemd-core.la \ @@ -1620,7 +1624,8 @@ test_unit_file_SOURCES = \ test_unit_file_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_unit_file_LDADD = \ libsystemd-core.la \ @@ -1838,7 +1843,8 @@ test_tables_CPPFLAGS = \ test_tables_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) test_tables_LDADD = \ libsystemd-logs.la \ @@ -1973,7 +1979,8 @@ test_cgroup_mask_SOURCES = \ src/test/test-cgroup-mask.c test_cgroup_mask_CPPFLAGS = \ - $(AM_CPPFLAGS) + $(AM_CPPFLAGS) \ + $(MOUNT_CFLAGS) test_cgroup_mask_CFLAGS = \ $(AM_CFLAGS) \ @@ -2022,7 +2029,8 @@ test_path_SOURCES = \ src/test/test-path.c test_path_CFLAGS = \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(MOUNT_CFLAGS) test_path_LDADD = \ libsystemd-core.la @@ -2031,7 +2039,8 @@ test_execute_SOURCES = \ src/test/test-execute.c test_execute_CFLAGS = \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(MOUNT_CFLAGS) test_execute_LDADD = \ libsystemd-core.la @@ -2061,7 +2070,8 @@ test_sched_prio_SOURCES = \ src/test/test-sched-prio.c test_sched_prio_CPPFLAGS = \ - $(AM_CPPFLAGS) + $(AM_CPPFLAGS) \ + $(MOUNT_CFLAGS) test_sched_prio_CFLAGS = \ $(AM_CFLAGS) \ @@ -2133,7 +2143,8 @@ systemd_analyze_SOURCES = \ systemd_analyze_CFLAGS = \ $(AM_CFLAGS) \ - $(SECCOMP_CFLAGS) + $(SECCOMP_CFLAGS) \ + $(MOUNT_CFLAGS) systemd_analyze_LDADD = \ libsystemd-core.la \ diff --git a/configure.ac b/configure.ac index 48cedb5..74ec386 100644 --- a/configure.ac +++ b/configure.ac @@ -454,7 +454,7 @@ AM_CONDITIONAL(HAVE_BLKID, [test $have_blkid = yes]) # -- have_libmount=no -PKG_CHECK_MODULES(MOUNT, [ mount = 2.20 ], +PKG_CHECK_MODULES(MOUNT, [ mount = 2.26 ], [AC_DEFINE(HAVE_LIBMOUNT, 1, [Define if libmount is available]) have_libmount=yes], have_libmount=no) if test x$have_libmount = xno; then AC_MSG_ERROR([*** libmount support required but libraries not found]) diff --git a/src/core/manager.c b/src/core/manager.c index b931b0d..6881bb2 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -567,7 +567,7 @@ int manager_new(ManagerRunningAs running_as, bool test_run, Manager **_m) { m-idle_pipe[0] = m-idle_pipe[1] = m-idle_pipe[2] = m-idle_pipe[3] = -1; -m-pin_cgroupfs_fd = m-notify_fd = m-signal_fd = m-time_change_fd = m-dev_autofs_fd = m-private_listen_fd = m-kdbus_fd = m-utab_inotify_fd = -1; +m-pin_cgroupfs_fd = m-notify_fd = m-signal_fd =
[systemd-devel] [PATCHi V4] cryptsetup: craft a unique ID with the source device
From: Harald Hoyer har...@redhat.com If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible /dev/block/maj:min is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the Message field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/maj:min [1] https://github.com/npmccallum/petera --- V2: - renamed to disk_major_minor(), return error values - removed sanity stat() for /dev/block/maj:min V3: - assert() the correct parameters V4: - code style cleanup - fixed maj_min _cleanup_free_ src/cryptsetup/cryptsetup.c | 91 + 1 file changed, 59 insertions(+), 32 deletions(-) diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index a5018f1..dd6f01c 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -238,6 +238,23 @@ static void log_glue(int level, const char *msg, void *usrptr) { log_debug(%s, msg); } +static int disk_major_minor(const char *path, char **ret) { +struct stat st; + +assert(path); + +if (stat(path, st) 0) +return -errno; + +if (!S_ISBLK(st.st_mode)) +return -EINVAL; + +if (asprintf(ret, /dev/block/%d:%d, major(st.st_rdev), minor(st.st_rdev)) 0) +return -errno; + +return 0; +} + static char* disk_description(const char *path) { static const char name_fields[] = @@ -295,20 +312,56 @@ static char *disk_mount_point(const char *label) { return NULL; } -static int get_password(const char *name, usec_t until, bool accept_cached, char ***passwords) { -int r; +static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***passwords) { +int r = 0; char **p; _cleanup_free_ char *text = NULL; _cleanup_free_ char *escaped_name = NULL; char *id; +const char *name = NULL; +_cleanup_free_ char *description = NULL, *name_buffer = NULL, +*mount_point = NULL, *maj_min = NULL; -assert(name); +assert(vol); +assert(src); assert(passwords); +description = disk_description(src); +mount_point = disk_mount_point(vol); + +if (description streq(vol, description)) { +/* If the description string is simply the + * volume name, then let's not show this + * twice */ +free(description); +description = NULL; +} + +if (mount_point description) +r = asprintf(name_buffer, %s (%s) on %s, description, vol, mount_point); +else if (mount_point) +r = asprintf(name_buffer, %s on %s, vol, mount_point); +else if (description) +r = asprintf(name_buffer, %s (%s), description, vol); + +if (r 0) { +log_oom(); +return r; +} +name = name_buffer ? name_buffer : vol; + if (asprintf(text, Please enter passphrase for disk %s!, name) 0) return log_oom(); -escaped_name = cescape(name); +if (src) +disk_major_minor(src, maj_min); + +if (maj_min) { +escaped_name = maj_min; +maj_min = NULL; +} else +escaped_name = cescape(name); + if (!escaped_name) return log_oom(); @@ -552,8 +605,7 @@ int main(int argc, char *argv[]) { unsigned tries; usec_t until; crypt_status_info status; -const char *key_file = NULL, *name = NULL; -_cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL; +const char *key_file = NULL; /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */ @@ -581,31 +633,6 @@ int main(int argc, char *argv[]) { /* A delicious drop of snake oil */ mlockall(MCL_FUTURE); -description = disk_description(argv[3]); -mount_point = disk_mount_point(argv[2]); - -if (description streq(argv[2], description)) { -/* If the description string is simply the - * volume name, then let's not show this - * twice */ -free(description); -description = NULL; -} - -k = 0; -if (mount_point description) -k =
[systemd-devel] [PATCH 1/7] nspawn, shared: Factor out sending and receiving fd
Right now it can be used to sent rtnl and kmsg descriptors. These functions will be used later to send journal directory descriptor in machined. --- src/nspawn/nspawn.c | 66 +++-- src/shared/util.c | 56 + src/shared/util.h | 3 +++ 3 files changed, 67 insertions(+), 58 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 4211a3d..bd7532c 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1839,15 +1839,6 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { const char *from, *to; _cleanup_umask_ mode_t u; int fd, k; -union { -struct cmsghdr cmsghdr; -uint8_t buf[CMSG_SPACE(sizeof(int))]; -} control = {}; -struct msghdr mh = { -.msg_control = control, -.msg_controllen = sizeof(control), -}; -struct cmsghdr *cmsg; assert(kmsg_socket = 0); @@ -1872,17 +1863,9 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { if (fd 0) return log_error_errno(errno, Failed to open fifo: %m); -cmsg = CMSG_FIRSTHDR(mh); -cmsg-cmsg_level = SOL_SOCKET; -cmsg-cmsg_type = SCM_RIGHTS; -cmsg-cmsg_len = CMSG_LEN(sizeof(int)); -memcpy(CMSG_DATA(cmsg), fd, sizeof(int)); - -mh.msg_controllen = cmsg-cmsg_len; - /* Store away the fd in the socket, so that it stays open as * long as we run the child */ -k = sendmsg(kmsg_socket, mh, MSG_NOSIGNAL); +k = send_fd(kmsg_socket, fd); safe_close(fd); if (k 0) @@ -1894,20 +1877,11 @@ static int setup_kmsg(const char *dest, int kmsg_socket) { return 0; } -static int send_rtnl(int send_fd) { -union { -struct cmsghdr cmsghdr; -uint8_t buf[CMSG_SPACE(sizeof(int))]; -} control = {}; -struct msghdr mh = { -.msg_control = control, -.msg_controllen = sizeof(control), -}; -struct cmsghdr *cmsg; +static int send_rtnl(int sender_fd) { _cleanup_close_ int fd = -1; -ssize_t k; +int r; -assert(send_fd = 0); +assert(sender_fd = 0); if (!arg_expose_ports) return 0; @@ -1916,18 +1890,10 @@ static int send_rtnl(int send_fd) { if (fd 0) return log_error_errno(errno, Failed to allocate container netlink: %m); -cmsg = CMSG_FIRSTHDR(mh); -cmsg-cmsg_level = SOL_SOCKET; -cmsg-cmsg_type = SCM_RIGHTS; -cmsg-cmsg_len = CMSG_LEN(sizeof(int)); -memcpy(CMSG_DATA(cmsg), fd, sizeof(int)); - -mh.msg_controllen = cmsg-cmsg_len; - /* Store away the fd in the socket, so that it stays open as * long as we run the child */ -k = sendmsg(send_fd, mh, MSG_NOSIGNAL); -if (k 0) +r = send_fd(sender_fd, fd); +if (r 0) return log_error_errno(errno, Failed to send netlink fd: %m); return 0; @@ -2032,18 +1998,8 @@ static int on_address_change(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata) } static int watch_rtnl(sd_event *event, int recv_fd, union in_addr_union *exposed, sd_rtnl **ret) { -union { -struct cmsghdr cmsghdr; -uint8_t buf[CMSG_SPACE(sizeof(int))]; -} control = {}; -struct msghdr mh = { -.msg_control = control, -.msg_controllen = sizeof(control), -}; -struct cmsghdr *cmsg; _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL; int fd, r; -ssize_t k; assert(event); assert(recv_fd = 0); @@ -2052,16 +2008,10 @@ static int watch_rtnl(sd_event *event, int recv_fd, union in_addr_union *exposed if (!arg_expose_ports) return 0; -k = recvmsg(recv_fd, mh, MSG_NOSIGNAL); -if (k 0) +r = receive_fd(recv_fd, fd); +if (r 0) return log_error_errno(errno, Failed to recv netlink fd: %m); -cmsg = CMSG_FIRSTHDR(mh); -assert(cmsg-cmsg_level == SOL_SOCKET); -assert(cmsg-cmsg_type == SCM_RIGHTS); -assert(cmsg-cmsg_len == CMSG_LEN(sizeof(int))); -memcpy(fd, CMSG_DATA(cmsg), sizeof(int)); - r = sd_rtnl_open_fd(rtnl, fd, 1, RTNLGRP_IPV4_IFADDR); if (r 0) { safe_close(fd); diff --git a/src/shared/util.c b/src/shared/util.c index 8a61079..395af7c 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -6046,3 +6046,59 @@ int reset_uid_gid(void) { return 0; } + +int send_fd(int sender_fd, int fd) { +union { +struct cmsghdr cmsghdr; +uint8_t buf[CMSG_SPACE(sizeof(int))]; +} control = {}; +struct msghdr mh = { +
[systemd-devel] [PATCH 7/7] journal: Try getting journal fd from machined
--- Makefile.am | 2 +- src/journal/sd-journal.c | 52 +++- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 32e7ca3..ee9c29b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4399,8 +4399,8 @@ systemd_journal_upload_CFLAGS = \ $(LIBCURL_CFLAGS) systemd_journal_upload_LDADD = \ - libsystemd-internal.la \ libsystemd-journal-internal.la \ + libsystemd-internal.la \ libsystemd-shared.la \ $(LIBCURL_LIBS) diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index 630cc3a..debd45c 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -28,6 +28,8 @@ #include sys/vfs.h #include linux/magic.h +#include bus-error.h +#include bus-util.h #include sd-journal.h #include journal-def.h #include journal-file.h @@ -1701,6 +1703,52 @@ fail: return r; } +static int try_journal_fd(sd_journal *j, const char *machine) { +_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; +_cleanup_bus_message_unref_ sd_bus_message *reply = NULL; +_cleanup_bus_close_unref_ sd_bus *bus = NULL; +_cleanup_free_ char *p = NULL; +int fd; +int r; + +r = sd_bus_default_system(bus); +if (r 0) +return log_error_errno(r, Failed to get D-Bus connection: %m); + +r = sd_bus_call_method( +bus, +org.freedesktop.machine1, +/org/freedesktop/machine1, +org.freedesktop.machine1.Manager, +GetJournal, +error, +reply, +s, machine); +if (r 0) { +log_error(Failed to get journal fd from machined: %s, bus_error_message(error, r)); +return r; +} + +r = sd_bus_message_read(reply, h, fd); +if (r 0) +return bus_log_parse_error(r); + +if (fd 0) +return -ENODATA; + +/* TODO: Just some bogus directory name with machine id in it, + * so it will look semi-nicely in logs. Is that alright? */ +p = strjoin(machine://, machine, /journal, NULL); +if (!p) +return -ENOMEM; + +r = add_root_directory_with_fd(j, p, fd); +if (r 0) +return r; + +return 0; +} + _public_ int sd_journal_open_container(sd_journal **ret, const char *machine, int flags) { _cleanup_free_ char *root = NULL, *class = NULL; sd_journal *j; @@ -1731,7 +1779,9 @@ _public_ int sd_journal_open_container(sd_journal **ret, const char *machine, in j-prefix = root; root = NULL; -r = add_search_paths(j); +r = try_journal_fd(j, machine); +if (r == -ENODATA) +r = add_search_paths(j); if (r 0) goto fail; -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 3/7] nspawn, machined: Fix comments and error messages related to child failures
--- src/machine/machine-dbus.c | 18 +- src/nspawn/nspawn.c| 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 0892479..12f7961 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -327,9 +327,9 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd r = wait_for_terminate(child, si); if (r 0) -return sd_bus_error_set_errnof(error, r, Failed to wait for client: %m); +return sd_bus_error_set_errnof(error, r, Failed to wait for child: %m); if (si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS) -return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client died abnormally.); +return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child died abnormally.); r = sd_bus_message_close_container(reply); if (r 0) @@ -404,9 +404,9 @@ int bus_machine_method_get_os_release(sd_bus_message *message, void *userdata, s r = wait_for_terminate(child, si); if (r 0) -return sd_bus_error_set_errnof(error, r, Failed to wait for client: %m); +return sd_bus_error_set_errnof(error, r, Failed to wait for child: %m); if (si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS) -return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client died abnormally.); +return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child died abnormally.); r = sd_bus_message_new_method_return(message, reply); if (r 0) @@ -738,11 +738,11 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu r = wait_for_terminate(child, si); if (r 0) { -r = sd_bus_error_set_errnof(error, r, Failed to wait for client: %m); +r = sd_bus_error_set_errnof(error, r, Failed to wait for child: %m); goto finish; } if (si.si_code != CLD_EXITED) { -r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client died abnormally.); +r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child died abnormally.); goto finish; } if (si.si_status != EXIT_SUCCESS) { @@ -750,7 +750,7 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu if (read(errno_pipe_fd[0], r, sizeof(r)) == sizeof(r)) r = sd_bus_error_set_errnof(error, r, Failed to mount: %m); else -r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client failed.); +r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child failed.); goto finish; } @@ -786,7 +786,7 @@ static int machine_operation_done(sd_event_source *s, const siginfo_t *si, void o-pid = 0; if (si-si_code != CLD_EXITED) { -r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client died abnormally.); +r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child died abnormally.); goto fail; } @@ -794,7 +794,7 @@ static int machine_operation_done(sd_event_source *s, const siginfo_t *si, void if (read(o-errno_fd, r, sizeof(r)) == sizeof(r)) r = sd_bus_error_set_errnof(error, r, %m); else -r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Client failed.); +r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child failed.); goto fail; } diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 28b79c4..2b397b6 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4806,8 +4806,8 @@ int main(int argc, char *argv[]) { } /* Let the child know that we are ready and wait that the child is completely ready now. */ -if (!barrier_place_and_sync(barrier)) { /* #5 */ -log_error(Client died too early.); +if (!barrier_place_and_sync(barrier)) { /* #4 */ +log_error(Child died too early.); r = -ESRCH; goto finish; } -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 5/7] journal: Add JournalDirectory
This ref-counted struct holds a path and a descriptor to a directory. The descriptor should be used for real work (openat, renameat and others) and the path should be used for logging/debugging. --- Makefile.am | 2 + src/journal/journal-dir.c | 141 ++ src/journal/journal-dir.h | 37 3 files changed, 180 insertions(+) create mode 100644 src/journal/journal-dir.c create mode 100644 src/journal/journal-dir.h diff --git a/Makefile.am b/Makefile.am index 43b819b..32e7ca3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4644,6 +4644,8 @@ libsystemd_journal_internal_la_SOURCES = \ src/systemd/_sd-common.h \ src/journal/journal-file.c \ src/journal/journal-file.h \ + src/journal/journal-dir.c \ + src/journal/journal-dir.h \ src/journal/journal-vacuum.c \ src/journal/journal-vacuum.h \ src/journal/journal-verify.c \ diff --git a/src/journal/journal-dir.c b/src/journal/journal-dir.c new file mode 100644 index 000..689e1f0 --- /dev/null +++ b/src/journal/journal-dir.c @@ -0,0 +1,141 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2015 Endocode AG + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see http://www.gnu.org/licenses/. +***/ + +#include journal-dir.h +#include macro.h +#include util.h + +static int journal_directory_new_steal(char *path, int fd, JournalDirectory **dir) { +JournalDirectory *d; + +assert(path); +assert(fd = 0); +assert(dir); + +d = new0(JournalDirectory, 1); +if (!d) +return -ENOMEM; +d-path = path; +d-fd = fd; +d-n_ref = 1; +*dir = d; +return 0; +} + +int journal_directory_open(const char *path, JournalDirectory **dir) +{ +_cleanup_free_ char *p = NULL; +_cleanup_close_ int fd = -1; +int r; + +assert(path); +assert(dir); + +fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); +if (fd 0) +return -errno; + +p = strdup(path); +if (!p) +return -ENOMEM; + +r = journal_directory_new_steal(p, fd, dir); +if (r 0) +return r; +p = NULL; +fd = -1; +return 0; +} + +int journal_directory_new(const char *path, int fd, JournalDirectory **dir) +{ +_cleanup_free_ char *p = NULL; +_cleanup_close_ int dfd = -1; +int r; + +assert(path); +assert(fd = 0); +assert(dir); + +dfd = fcntl(fd, F_DUPFD_CLOEXEC, 3); +if (dfd 0) +return -errno; + +p = strdup(path); +if (!p) +return -ENOMEM; + +r = journal_directory_new_steal(p, dfd, dir); +if (r 0) +return r; +p = NULL; +dfd = -1; +return 0; +} + +JournalDirectory *journal_directory_ref(JournalDirectory *dir) +{ +assert(dir); +assert(dir-n_ref 0); + +dir-n_ref ++; +return dir; +} + +JournalDirectory *journal_directory_unref(JournalDirectory *dir) +{ +if (dir) { +PROTECT_ERRNO; + +assert(dir-n_ref 0); + +dir-n_ref --; +if (!dir-n_ref) { +safe_close(dir-fd); +free(dir-path); +free(dir); +} +} + +return NULL; +} + +int journal_directory_opendir(JournalDirectory *dir, DIR **de) +{ +int fd; +DIR* d; + +assert(dir); +assert(de); + +fd = fcntl(dir-fd, F_DUPFD_CLOEXEC, 3); +if (fd 0) +return -errno; + +d = fdopendir(fd); +if (!d) { +safe_close(fd); +return -errno; +} + +*de = d; +return 0; +} diff --git a/src/journal/journal-dir.h b/src/journal/journal-dir.h new file mode 100644 index 000..65ae229 --- /dev/null +++ b/src/journal/journal-dir.h @@ -0,0 +1,37 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +#pragma once + +/*** + This file is part of systemd. + + Copyright 2015 Endocode AG + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser
[systemd-devel] [PATCH 6/7] journal: Open JournalFile by dirfd and filename instead of path
That way we can have access to a file that is not accessible by path, for example to a file in overlayfs in different mount namespace (which is the case for rkt pods). --- src/journal-remote/journal-remote-write.c | 12 +- src/journal-remote/journal-remote.c | 34 ++-- src/journal/journal-file.c| 108 +- src/journal/journal-file.h| 10 +- src/journal/journal-internal.h| 3 +- src/journal/journal-vacuum.c | 27 +-- src/journal/journal-vacuum.h | 3 +- src/journal/journal-verify.c | 4 +- src/journal/journalctl.c | 8 +- src/journal/journald-server.c | 113 +++ src/journal/sd-journal.c | 324 -- src/journal/test-journal-flush.c | 13 +- src/journal/test-journal-interleaving.c | 55 +++-- src/journal/test-journal-stream.c | 10 +- src/journal/test-journal-verify.c | 13 +- src/journal/test-journal.c| 21 +- src/shared/util.c | 20 ++ src/shared/util.h | 1 + 18 files changed, 515 insertions(+), 264 deletions(-) diff --git a/src/journal-remote/journal-remote-write.c b/src/journal-remote/journal-remote-write.c index 99820fa..0fdeb7f 100644 --- a/src/journal-remote/journal-remote-write.c +++ b/src/journal-remote/journal-remote-write.c @@ -59,7 +59,7 @@ static int do_rotate(JournalFile **f, bool compress, bool seal) { int r = journal_file_rotate(f, compress, seal); if (r 0) { if (*f) -log_error_errno(r, Failed to rotate %s: %m, (*f)-path); +log_error_errno(r, Failed to rotate %s/%s: %m, (*f)-directory-path, (*f)-filename); else log_error_errno(r, Failed to create rotated journal: %m); } @@ -93,7 +93,7 @@ Writer* writer_free(Writer *w) { return NULL; if (w-journal) { -log_debug(Closing journal file %s., w-journal-path); +log_debug(Closing journal file %s/%s., w-journal-directory-path, w-journal-filename); journal_file_close(w-journal); } @@ -136,8 +136,8 @@ int writer_write(Writer *w, assert(iovw-count 0); if (journal_file_rotate_suggested(w-journal, 0)) { -log_info(%s: Journal header limits reached or header out-of-date, rotating, - w-journal-path); +log_info(%s/%s: Journal header limits reached or header out-of-date, rotating, + w-journal-directory-path, w-journal-filename); r = do_rotate(w-journal, compress, seal); if (r 0) return r; @@ -151,12 +151,12 @@ int writer_write(Writer *w, return 1; } -log_debug_errno(r, %s: Write failed, rotating: %m, w-journal-path); +log_debug_errno(r, %s/%s: Write failed, rotating: %m, w-journal-directory-path, w-journal-filename); r = do_rotate(w-journal, compress, seal); if (r 0) return r; else -log_debug(%s: Successfully rotated journal, w-journal-path); +log_debug(%s/%s: Successfully rotated journal, w-journal-directory-path, w-journal-filename); log_debug(Retrying write.); r = journal_file_append_entry(w-journal, ts, iovw-iovec, iovw-count, diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index 911e2a1..1a4c337 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -162,14 +162,20 @@ static int spawn_getter(const char *getter, const char *url) { #define filename_escape(s) xescape((s), / ) static int open_output(Writer *w, const char* host) { -_cleanup_free_ char *_output = NULL; -const char *output; +_cleanup_free_ char *directory = NULL; +_cleanup_free_ char *filename = NULL; +JournalDirectory *dir; int r; switch (arg_split_mode) { -case JOURNAL_WRITE_SPLIT_NONE: +case JOURNAL_WRITE_SPLIT_NONE: { +const char *output; + output = arg_output ?: REMOTE_JOURNAL_PATH /remote.journal; +directory = dirname_malloc(output); +filename = basename_malloc(output); break; +} case JOURNAL_WRITE_SPLIT_HOST: { _cleanup_free_ char *name; @@ -180,13 +186,10 @@ static int open_output(Writer *w, const char* host) { if (!name) return log_oom(); -r = asprintf(_output, %s/remote-%s.journal, - arg_output ?: REMOTE_JOURNAL_PATH, - name); +directory = strdup(arg_output ?:
[systemd-devel] [PATCH 0/7] Make journalctl -M work with journals inside overlayfs
Hi, When having a container that keeps its journal inside overlayfs, journalctl from host can't access them anymore. The way to fix, as proposed by Lennart, was basically journalctl to get file descriptor of journal directory from machined and go from there. This situation happens inside rkt containers - currently to get logs from them, we need to link the journal to host and call journalctl with merge flag, journalctl -m _HOSTNAME=machine-id So, first three commits are some fixes for minor bugs I noticed or small refactorings I made during this work. Fourth patch adds a GetJournal() method to machine1.Manager which takes a machine name and returns a file descriptor. It works by entering a mount namespace of machine's leader and getting a descriptor of /var/log/journal. Fifth and sixth patches convert the JournalFile from being open()ed with a path to being openat()ed with dirfd and filename. The fifth patch wraps the directory fd and path into a refcounted struct, so many JournalFiles actually hold a ref to JournalDirectory instead of holding a descriptor. The sixth patch changes the JournalFile to use JournalDirectory and all the other sources that were using JournalFile. The patch is quite big because of that, sorry about that. Maybe you will want to minimize the changes (by preserving JournalFile's path member). Seventh patch hooks journalctl to machine1.Manager's GetJournal. Krzesimir Nowak (7): nspawn, shared: Factor out sending and receiving fd nspawn: Close unneeded sockets in outer child nspawn, machined: Fix comments and error messages related to child failures machined: Add getter for machine's journal directory descriptor journal: Add JournalDirectory journal: Open JournalFile by dirfd and filename instead of path journal: Try getting journal fd from machined Makefile.am| 4 +- src/journal-remote/journal-remote-write.c | 12 +- src/journal-remote/journal-remote.c| 34 ++- src/journal/journal-dir.c | 141 ++ src/journal/journal-dir.h | 37 +++ src/journal/journal-file.c | 108 +++ src/journal/journal-file.h | 10 +- src/journal/journal-internal.h | 3 +- src/journal/journal-vacuum.c | 27 +- src/journal/journal-vacuum.h | 3 +- src/journal/journal-verify.c | 4 +- src/journal/journalctl.c | 8 +- src/journal/journald-server.c | 113 +--- src/journal/sd-journal.c | 376 ++--- src/journal/test-journal-flush.c | 13 +- src/journal/test-journal-interleaving.c| 55 ++-- src/journal/test-journal-stream.c | 10 +- src/journal/test-journal-verify.c | 13 +- src/journal/test-journal.c | 21 +- src/machine/machine-dbus.c | 18 +- src/machine/machined-dbus.c| 112 src/machine/org.freedesktop.machine1.policy.in | 10 + src/nspawn/nspawn.c| 72 + src/shared/util.c | 76 + src/shared/util.h | 4 + 25 files changed, 949 insertions(+), 335 deletions(-) create mode 100644 src/journal/journal-dir.c create mode 100644 src/journal/journal-dir.h -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/7] nspawn: Close unneeded sockets in outer child
--- src/nspawn/nspawn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index bd7532c..28b79c4 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4348,6 +4348,8 @@ static int outer_child( } pid_socket = safe_close(pid_socket); +kmsg_socket = safe_close(kmsg_socket); +rtnl_socket = safe_close(rtnl_socket); return 0; } -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 4/7] machined: Add getter for machine's journal directory descriptor
Sometimes machine's journal is not accessible by path, so we can ask machined to provide a descriptor to it. --- src/machine/machined-dbus.c| 112 + src/machine/org.freedesktop.machine1.policy.in | 10 +++ 2 files changed, 122 insertions(+) diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index 0e971a6..ea5f6f7 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -37,6 +37,7 @@ #include machined.h #include machine-dbus.h #include formats-util.h +#include process-util.h static int property_get_pool_path( sd_bus *bus, @@ -840,6 +841,116 @@ static int method_set_image_limit(sd_bus_message *message, void *userdata, sd_bu return bus_image_method_set_limit(message, i, error); } +static int get_journal_fd_child(int socket_fd, int mntns_fd, int root_fd) { +_cleanup_close_ int fd = -1; +int r; + +r = namespace_enter(-1, mntns_fd, -1, root_fd); +if (r 0) +return r; + +fd = open(/var/log/journal, O_RDONLY|O_CLOEXEC|O_DIRECTORY); +if (fd 0) +return -errno; + +r = send_fd(socket_fd, fd); +return r; +} + +static int get_journal_fd_parent(int socket_fd, pid_t child, sd_bus_error *error, int* journal_fd) { +int r; +siginfo_t si; + +r = wait_for_terminate(child, si); +if (r 0) +return sd_bus_error_set_errnof(error, r, Failed to wait for child: %m); +if (si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS) +return sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, Child died abnormally.); + +r = receive_fd(socket_fd, journal_fd); +if (r 0) +return sd_bus_error_set_errnof(error, r, Failed to receive journal fd: %m); + +return 0; +} + +static int get_journal_fd(Machine *machine, sd_bus_error *error, int *journal_fd) { +_cleanup_close_pair_ int pair[2] = { -1, -1 }; +_cleanup_close_ int mntns_fd = -1, root_fd = -1, fd = -1; +pid_t child; +int r; + +assert(machine); +assert(error); +assert(journal_fd); + +r = socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pair); +if (r 0) +return sd_bus_error_set_errnof(error, errno, Failed to create pair of sockets: %m); + +r = namespace_open(machine-leader, NULL, mntns_fd, NULL, root_fd); +if (r 0) +return sd_bus_error_set_errnof(error, r, Failed to open leader's namespace(): %m); + +child = fork(); +if (child 0) +return sd_bus_error_set_errnof(error, errno, Failed to fork(): %m); + +if (child == 0) { +pair[0] = safe_close(pair[0]); +r = get_journal_fd_child(pair[1], mntns_fd, root_fd); +pair[1] = safe_close(pair[1]); +if (r 0) +_exit(EXIT_FAILURE); +_exit(EXIT_SUCCESS); +} + +pair[1] = safe_close(pair[1]); +r = get_journal_fd_parent(pair[0], child, error, journal_fd); +return r; +} + +static int method_get_journal(sd_bus_message *message, void *userdata, sd_bus_error *error) { +Manager *m = userdata; +const char *name; +int r; +Machine *machine; +_cleanup_close_ int journal_fd = -1; + +assert(message); +assert(m); + +r = sd_bus_message_read(message, s, name); +if (r 0) +return r; + +r = bus_verify_polkit_async( +message, +CAP_SYS_ADMIN, +org.freedesktop.machine1.get-journal, +false, +UID_INVALID, +m-polkit_registry, +error); +if (r 0) +return r; +if (r == 0) +return 1; /* Will call us back */ + +if (!machine_name_is_valid(name)) +return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, Invalid machine name); + +machine = hashmap_get(m-machines, name); +if (!machine) +return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, No machine '%s' known, name); + +r = get_journal_fd(machine, error, journal_fd); +if (r 0) +return r; + +return sd_bus_reply_method_return(message, h, journal_fd); +} + const sd_bus_vtable manager_vtable[] = { SD_BUS_VTABLE_START(0), SD_BUS_PROPERTY(PoolPath, s, property_get_pool_path, 0, 0), @@ -869,6 +980,7 @@ const sd_bus_vtable manager_vtable[] = { SD_BUS_METHOD(MarkImageReadOnly, sb, NULL, method_mark_image_read_only, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD(SetPoolLimit, t, NULL, method_set_pool_limit, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD(SetImageLimit, st, NULL,
Re: [systemd-devel] [PATCH 7/7] journal: Try getting journal fd from machined
Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433172543-30632-8-git-send-email-krzesimir%40endocode.com -- Generated by https://github.com/haraldh/mail2git ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Partially revert ma-setup: simplify
On Mon, 2015-06-01 at 11:57 -0400, Mimi Zohar wrote: On Mon, 2015-06-01 at 10:36 -0400, Zbigniew Jędrzejewski-Szmek wrote: --- OK, that's strange. Because the error message comes from copy_bytes() failing, and in copy_bytes() EINVAL could only originate in loop_write(), unless I'm missing something. Can you check the following patch, which essentially reverts to the old copy method? Zbyszek With minor include changes to have it apply cleanly, the IMA policy is loaded properly. FYI, by commenting out try_sendfile() in copy_bytes, the policy is also loaded properly. Mimi ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Separating gudev from systemd
On Sun, 2015-05-31 at 02:24 +, Zbigniew Jędrzejewski-Szmek wrote: On Wed, May 27, 2015 at 11:21:06AM +0200, Bastien Nocera wrote: On Wed, 2015-05-20 at 12:01 +0200, David Herrmann wrote: Hi On Wed, May 20, 2015 at 8:46 AM, Tom Gundersen t...@jklm.no wrote: On Wed, May 20, 2015 at 8:24 AM, Martin Pitt martin.p...@ubuntu.com wrote: Hey David, David Herrmann [2015-05-19 17:06 +0200]: We're about to remove gudev from the systemd repository, as it is in no way related to the systemd code-base, nor used by the systemd project. This makes sense indeed. gudev used to be a standalone project before it was merged into udev, so the circle is complete now :-) For those of us who already packaged gudev from systemd 219, would it be possible to bump the current release to 220, so that gudev can be packaged without renaming the tarball and doing ugly version numbers? Monotonously increasing version numbers and all.. (Yes, there are epochs in Debian, and I'm sure RPM has these too, but they might not be available everywhere and are generally frowned upon) While you are at it, why not bump it to 225 or something (just to guarantee that the last systemd release with gudev has a lower version number than gudev at that time, so people can switch over whenever they want without having to worry about going backwards). I intend to apply patches to systemd-git until we finally removed it there. Given that we had 0 patches so far this year, it'll probably stay that way. Hence, there's no hurry in replacing gudev from systemd with libgudev. It'd be enough to just drop the systemd sub -package and provide a new libgudev package, even if that might not forcefully update the package. However, I see no reason not to bump it, so I'll gladly follow the packager's demands: https://github.com/systemd -devs/libgudev/commit/f6203336e5b1ccf896acc506b54ec895fdae98b4 @Bastien: At your convenience, can you cherry-pick this and do another release? Should have done this right away, sorry! Could you file this in our new Bugzilla? Otherwise, I end up losing track of it... Hi Bastien, do you have any plans for the package in Fedora? I don't plan on packaging it in the short term, so if there are volunteers, go right ahead. Cheers ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Separating gudev from systemd
On Mon, 2015-06-01 at 16:51 +, Zbigniew Jędrzejewski-Szmek wrote: On Mon, Jun 01, 2015 at 05:48:15PM +0100, Bastien Nocera wrote: On Sun, 2015-05-31 at 02:24 +, Zbigniew Jędrzejewski-Szmek wrote: On Wed, May 27, 2015 at 11:21:06AM +0200, Bastien Nocera wrote: On Wed, 2015-05-20 at 12:01 +0200, David Herrmann wrote: Hi On Wed, May 20, 2015 at 8:46 AM, Tom Gundersen t...@jklm.no wrote: On Wed, May 20, 2015 at 8:24 AM, Martin Pitt martin.p...@ubuntu.com wrote: Hey David, David Herrmann [2015-05-19 17:06 +0200]: We're about to remove gudev from the systemd repository, as it is in no way related to the systemd code-base, nor used by the systemd project. This makes sense indeed. gudev used to be a standalone project before it was merged into udev, so the circle is complete now : -) For those of us who already packaged gudev from systemd 219, would it be possible to bump the current release to 220, so that gudev can be packaged without renaming the tarball and doing ugly version numbers? Monotonously increasing version numbers and all.. (Yes, there are epochs in Debian, and I'm sure RPM has these too, but they might not be available everywhere and are generally frowned upon) While you are at it, why not bump it to 225 or something (just to guarantee that the last systemd release with gudev has a lower version number than gudev at that time, so people can switch over whenever they want without having to worry about going backwards). I intend to apply patches to systemd-git until we finally removed it there. Given that we had 0 patches so far this year, it'll probably stay that way. Hence, there's no hurry in replacing gudev from systemd with libgudev. It'd be enough to just drop the systemd sub -package and provide a new libgudev package, even if that might not forcefully update the package. However, I see no reason not to bump it, so I'll gladly follow the packager's demands: https://github.com/systemd -devs/libgudev/commit/f6203336e5b1ccf896acc506b54ec895fdae98b 4 @Bastien: At your convenience, can you cherry-pick this and do another release? Should have done this right away, sorry! Could you file this in our new Bugzilla? Otherwise, I end up losing track of it... Hi Bastien, do you have any plans for the package in Fedora? I don't plan on packaging it in the short term, so if there are volunteers, go right ahead. OK, I'll prepare a review request. @David: could you make a release of gudev 230? There's a few patches on top gudev 219 currently, and I think it would be less error-prone to package the released version with the bumped version number. /me patiently waits for the bugzilla patches to be uploaded... ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCHi V4] cryptsetup: craft a unique ID with the source device
Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433172387-14173-1-git-send-email-harald%40redhat.com -- Generated by https://github.com/haraldh/mail2git ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Separating gudev from systemd
On Mon, Jun 01, 2015 at 05:48:15PM +0100, Bastien Nocera wrote: On Sun, 2015-05-31 at 02:24 +, Zbigniew Jędrzejewski-Szmek wrote: On Wed, May 27, 2015 at 11:21:06AM +0200, Bastien Nocera wrote: On Wed, 2015-05-20 at 12:01 +0200, David Herrmann wrote: Hi On Wed, May 20, 2015 at 8:46 AM, Tom Gundersen t...@jklm.no wrote: On Wed, May 20, 2015 at 8:24 AM, Martin Pitt martin.p...@ubuntu.com wrote: Hey David, David Herrmann [2015-05-19 17:06 +0200]: We're about to remove gudev from the systemd repository, as it is in no way related to the systemd code-base, nor used by the systemd project. This makes sense indeed. gudev used to be a standalone project before it was merged into udev, so the circle is complete now :-) For those of us who already packaged gudev from systemd 219, would it be possible to bump the current release to 220, so that gudev can be packaged without renaming the tarball and doing ugly version numbers? Monotonously increasing version numbers and all.. (Yes, there are epochs in Debian, and I'm sure RPM has these too, but they might not be available everywhere and are generally frowned upon) While you are at it, why not bump it to 225 or something (just to guarantee that the last systemd release with gudev has a lower version number than gudev at that time, so people can switch over whenever they want without having to worry about going backwards). I intend to apply patches to systemd-git until we finally removed it there. Given that we had 0 patches so far this year, it'll probably stay that way. Hence, there's no hurry in replacing gudev from systemd with libgudev. It'd be enough to just drop the systemd sub -package and provide a new libgudev package, even if that might not forcefully update the package. However, I see no reason not to bump it, so I'll gladly follow the packager's demands: https://github.com/systemd -devs/libgudev/commit/f6203336e5b1ccf896acc506b54ec895fdae98b4 @Bastien: At your convenience, can you cherry-pick this and do another release? Should have done this right away, sorry! Could you file this in our new Bugzilla? Otherwise, I end up losing track of it... Hi Bastien, do you have any plans for the package in Fedora? I don't plan on packaging it in the short term, so if there are volunteers, go right ahead. OK, I'll prepare a review request. @David: could you make a release of gudev 230? There's a few patches on top gudev 219 currently, and I think it would be less error-prone to package the released version with the bumped version number. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Partially revert ma-setup: simplify
Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433169401-2220-1-git-send-email-zbyszek%40in.waw.pl -- Generated by https://github.com/haraldh/mail2git ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Revert commit ma-setup: simplify
On Mon, 2015-06-01 at 10:05 -0400, Mimi Zohar wrote: On Mon, 2015-06-01 at 14:02 +, Zbigniew Jędrzejewski-Szmek wrote: On Mon, Jun 01, 2015 at 08:57:57AM -0400, Mimi Zohar wrote: The original systemd IMA module loaded the IMA policy by mmaping the file into memory and then writing the entire file to securityfs/ima/policy. By changing this behavior of writing the entire file, commit 4dfb18922d5d ima-setup: simplify broke IMA policy loading. Please revert commit 4dfb18922d5d1efb13ee459cbf23832277f85ed7 and the related hunk from commit 7430ec6ac08f2c0416d9f806964c46b30f3862b2. I'm pretty sure that whether the input file was mmaped or read using read() cannot influence the rresult.The difference must come from the way that the output file is written. Current code also eventually calls loop_write, except that it writes in chunks of COPY_BUFFER_SIZE (16*1024). Previous code tried to write everything in one go. Does the output file have to be written using one write() call? Yes! But I doubt very much that is the problem as the test file I'm using is small, only 1780 bytes. Mimi ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemctl disable service not working as expected
Hi Lennart Thanks a lot for the reply. I believe it is off-topic here and I should rather post on the pulseaudio mailing list but please answer the below and I will come over to the pulse mailing list if need be. I have autospawn = no and daemon-binary = /bin/true in my client.conf but I still see pulseaudio being triggered... :( Can you please suggest a way on how I can disable it completely other than deleting/renaming the binary? Is the autospawn config not enough to make sure pulse is never started during system boot? BR, Awais From: Lennart Poettering [lenn...@poettering.net] Sent: Friday, May 29, 2015 6:59 PM To: Belal, Awais Cc: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] systemctl disable service not working as expected On Fri, 29.05.15 11:19, Belal, Awais (awais_be...@mentor.com) wrote: Hi, I am working on an x86_64 platform with a yocto based environment. I was trying to disable pulseaudio which is included in the system by default so I did a 'systemctl disable pulseaudio' but when I reboot it seems pulseaudio is still run for a very short period of time and this is messing up some sound controls on my system. Although SYSVINIT capability is enabled but no sysv init style scripts are available on the target. Any pointers will be really helpful. pulseaudio is generally not a system service but a user service. Unless your user session is fully converted to be managed by systemd too (which is unlikely) systemd is hence not involved at all with starting it. PA is usually started from the session setup script or service. In Gnome that's gnome-session, for example. It's also auto-spawned on-demand if the libraries are used and note that it is missing. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Partially revert ma-setup: simplify
--- OK, that's strange. Because the error message comes from copy_bytes() failing, and in copy_bytes() EINVAL could only originate in loop_write(), unless I'm missing something. Can you check the following patch, which essentially reverts to the old copy method? Zbyszek src/core/ima-setup.c | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index 7721b3ecaf..531c4e1931 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -24,9 +24,10 @@ #include unistd.h #include errno.h #include fcntl.h +#include sys/stat.h +#include sys/mman.h #include ima-setup.h -#include copy.h #include util.h #include log.h @@ -39,6 +40,8 @@ int ima_setup(void) { #ifdef HAVE_IMA _cleanup_close_ int policyfd = -1, imafd = -1; +struct stat st; +char *policy; if (access(IMA_SECFS_DIR, F_OK) 0) { log_debug(IMA support is disabled in the kernel, ignoring.); @@ -53,7 +56,7 @@ int ima_setup(void) { } if (access(IMA_SECFS_POLICY, F_OK) 0) { -log_warning(Another IMA custom policy has already been loaded, ignoring.); +log_error(Another IMA custom policy has already been loaded, ignoring.); return 0; } @@ -63,12 +66,20 @@ int ima_setup(void) { return 0; } -r = copy_bytes(policyfd, imafd, (off_t) -1, false); +if (fstat(policyfd, st) 0) +return log_error_errno(errno, Failed to fstat IMA_POLICY_PATH: %m); + +policy = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, policyfd, 0); +if (policy == MAP_FAILED) +return log_error_errno(errno, Failed to mmap IMA_POLICY_PATH: %m); + +r = loop_write(imafd, policy, (size_t) st.st_size, false); if (r 0) log_error_errno(r, Failed to load the IMA custom policy file IMA_POLICY_PATH: %m); else log_info(Successfully loaded the IMA custom policy IMA_POLICY_PATH.); +munmap(policy, st.st_size); #endif /* HAVE_IMA */ return r; } -- 2.1.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] How many times is the root mounted in boot up?
Hi all, In case of no initrd and mounting the root by specifying root=/dev/sdaN in kernel command line, how many time is the root mounted in systemd? I find: 1. systemd will generate a -.mount unit from /proc/self/mountsinfo 2. systemd will generate a -.mount unit by systemd-fstab-generator Q: * Which one takes priority? * For 1, it will not do the mount action, but 2 will. Am I right? If so, why we mount root here(again)? And systemd-remount-fs.service will remount the root again, thus apply options in fstab? BTW, where are the units generated by generators? -- Regards, - cee1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [ANNOUNCE] Git development moved to github
Hi As of today we've disabled git-push to fd.o. The official development git repository is now at github [1]. The old repository will still be back-synced, but we had to disable push-access to avoid getting out-of-sync with github. In recent months, keeping up with the mailing-list has become more and more cumbersome, with many of us missing mails or unable to keep up with the traffic. To make sure all community requests and patches will get handled in time, we're now trying out the github infrastructure. We encourage everyone in the development community to switch over now, even though the old fd.o infrastructure will still be maintained. Distributions are free to wait until the next release announcement before updating anything. If github does not work out, we will see what else we can try out. But lets give it at least a try. Thanks David [1] https://github.com/systemd-devs/systemd ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Git development moved to github
On Mon, Jun 01, 2015 at 08:12:37PM +0200, David Herrmann wrote: [1] https://github.com/systemd-devs/systemd Is there a particular reason not to use the existing https://github.com/systemd/systemd ? Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Git development moved to github
On Mon, Jun 1, 2015 at 8:12 PM, David Herrmann dh.herrm...@gmail.com wrote: Hi As of today we've disabled git-push to fd.o. The official development git repository is now at github [1]. The old repository will still be back-synced, but we had to disable push-access to avoid getting out-of-sync with github. In recent months, keeping up with the mailing-list has become more and more cumbersome, with many of us missing mails or unable to keep up with the traffic. To make sure all community requests and patches will get handled in time, we're now trying out the github infrastructure. We encourage everyone in the development community to switch over now, even though the old fd.o infrastructure will still be maintained. Distributions are free to wait until the next release announcement before updating anything. If github does not work out, we will see what else we can try out. But lets give it at least a try. About applying patches, do we still rebase on top of master, or do we start to merge pull requests from the github interface? Thanks David [1] https://github.com/systemd-devs/systemd ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Separating gudev from systemd
Hi On Mon, Jun 1, 2015 at 6:51 PM, Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl wrote: On Mon, Jun 01, 2015 at 05:48:15PM +0100, Bastien Nocera wrote: On Sun, 2015-05-31 at 02:24 +, Zbigniew Jędrzejewski-Szmek wrote: Hi Bastien, do you have any plans for the package in Fedora? I don't plan on packaging it in the short term, so if there are volunteers, go right ahead. OK, I'll prepare a review request. Thanks a lot! @David: could you make a release of gudev 230? There's a few patches on top gudev 219 currently, and I think it would be less error-prone to package the released version with the bumped version number. I only found a typo-fix on top of 219. Now backported to libgudev and pushed into the gnome bugzilla. Same for the 230 version bump. If anything else is missing, please let me know. Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Git development moved to github
On Mon, Jun 1, 2015 at 11:20 AM Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl wrote: On Mon, Jun 01, 2015 at 08:12:37PM +0200, David Herrmann wrote: [1] https://github.com/systemd-devs/systemd Is there a particular reason not to use the existing https://github.com/systemd/systemd ? No idea why not. I even replied that I'd take care of it this week. I need to move the CI repo out of the way and update permissions. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Separating gudev from systemd
On Tue, May 19, 2015, at 11:06 AM, David Herrmann wrote: Hi We're about to remove gudev from the systemd repository, as it is in no way related to the systemd code-base, nor used by the systemd project. To preserve backwards compatibility, gudev was extracted into a separate repository and is now managed on gnome.org: Homepage: https://wiki.gnome.org/Projects/libgudev Bugtracker: http://bugzilla.gnome.org/browse.cgi?product=libgudev Releases: http://download.gnome.org/sources/libgudev/ Repository: http://git.gnome.org/browse/libgudev/ ArchLinux: https://aur.archlinux.org/packages/li/libgudev/PKGBUILD Others: TBD For reference: https://git.gnome.org/browse/gnome-continuous/commit/?id=abc335746078670e18e90cacf4983aef44cacf63 updated GNOME Continuous, and it will now start building and shipping libgudev git master. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Revert commit ma-setup: simplify
On Mon, 2015-06-01 at 10:05 -0400, Mimi Zohar wrote: On Mon, 2015-06-01 at 14:02 +, Zbigniew Jędrzejewski-Szmek wrote: On Mon, Jun 01, 2015 at 08:57:57AM -0400, Mimi Zohar wrote: The original systemd IMA module loaded the IMA policy by mmaping the file into memory and then writing the entire file to securityfs/ima/policy. By changing this behavior of writing the entire file, commit 4dfb18922d5d ima-setup: simplify broke IMA policy loading. Please revert commit 4dfb18922d5d1efb13ee459cbf23832277f85ed7 and the related hunk from commit 7430ec6ac08f2c0416d9f806964c46b30f3862b2. I'm pretty sure that whether the input file was mmaped or read using read() cannot influence the rresult.The difference must come from the way that the output file is written. Current code also eventually calls loop_write, except that it writes in chunks of COPY_BUFFER_SIZE (16*1024). Previous code tried to write everything in one go. Does the output file have to be written using one write() call? Yes .. because splitting into chunks may truncate in the middle of an IMA rule, which then leads to parse errors (each write is parsed separately). That's the conceptual issue I had with the change. But as Mimi said, it's unlikely to hit in practice. What's failing is continuing with sendfile() or regular write() after the /sys virtual file has parsed the first line and reported back a partial write. See http://sourceforge.net/p/linux-ima/mailman/message/34145236/ for more information. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] mount-setup: create /run/systemd/netif/links/ before accessing
systemd-timesyncd breaks with Starting Network Time Synchronization... [FAILED] Failed to start Network Time Synchronization. when we have timesyncd activated and systemd-networkd not. Create directory before using it. --- src/core/mount-setup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index ba96741e9549..25412a1c42d3 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -393,6 +393,8 @@ int mount_setup(bool loaded_policy) { mkdir_label(/run/systemd, 0755); mkdir_label(/run/systemd/system, 0755); mkdir_label(/run/systemd/inaccessible, ); + mkdir_label(/run/systemd/netif, 0755); + mkdir_label(/run/systemd/netif/links, 0755); return 0; } ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [HEADSUP] nspawn/networkd: moving from iptables to nftables
Is this going to make nspawn/networkd fundamentally incompatible with distributions that use iptables-based tools (such as firewalld)? -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v4 3/3] udev: input_id - use ABS_MT_SLOT{-1} to exclude non touch screen devices
Peek at the ABS_MT_SLOT-1 axis. Expect that touch screens only have axes inside the MT range. --- src/udev/udev-builtin-input_id.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c index 0f9f021..59616c8 100644 --- a/src/udev/udev-builtin-input_id.c +++ b/src/udev/udev-builtin-input_id.c @@ -170,7 +170,8 @@ static bool test_pointers(struct udev_device *dev, finger_but_no_pen = test_bit(BTN_TOOL_FINGER, bitmask_key) !test_bit(BTN_TOOL_PEN, bitmask_key); has_mouse_button = test_bit(BTN_LEFT, bitmask_key); has_rel_coordinates = test_bit(EV_REL, bitmask_ev) test_bit(REL_X, bitmask_rel) test_bit(REL_Y, bitmask_rel); -has_mt_coordinates = test_bit(ABS_MT_POSITION_X, bitmask_abs) test_bit(ABS_MT_POSITION_Y, bitmask_abs); +has_mt_coordinates = test_bit(ABS_MT_POSITION_X, bitmask_abs) test_bit(ABS_MT_POSITION_Y, bitmask_abs) + test_bit(ABS_MT_SLOT, bitmask_abs) !test_bit(ABS_MT_SLOT - 1, bitmask_abs); is_direct = test_bit(INPUT_PROP_DIRECT, bitmask_props); has_touch = test_bit(BTN_TOUCH, bitmask_key); /* joysticks don't necessarily have buttons; e. g. -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Starting up service after my openvpn connection turns up
I am trying to start a dropbear service after my openvpn service starts up. --- [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service Wants=openvpn@equipment.service After=openvpn@equipment.service --- But I would like to start up the service after tun0 interface is available (made by openvpn). How do I find out what to put in Wants and After for tun0? I can't seem to find anything related Also if there is a better way to get dropbear to start after tun0 has appeared I'm open to doing that as well. My goal is to have my ssh server only look at my openvpn address and ignore ssh requests that are not from the vpn iface. I'm thinking I can do this with a script setting up drop bear with the -p option (and looking for my tun0 ip4 address and using it). Many Thanks, Matt Karas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Git development moved to github
2015-06-01 20:12 GMT+02:00 David Herrmann dh.herrm...@gmail.com: Hi As of today we've disabled git-push to fd.o. The official development git repository is now at github [1]. What about the bug tracker? Will it remain at fdo's bugzilla. I have to admit I'm not a huge fan of github's bug tracker. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH v5 3/3] udev: input_id - use ABS_MT_SLOT{-1} to exclude non touch screen devices
Peek at the ABS_MT_SLOT-1 axis. Expect that touch screens only have axes inside the MT range. --- src/udev/udev-builtin-input_id.c | 4 1 file changed, 4 insertions(+) diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c index 0f9f021..7fa7d1a 100644 --- a/src/udev/udev-builtin-input_id.c +++ b/src/udev/udev-builtin-input_id.c @@ -171,6 +171,10 @@ static bool test_pointers(struct udev_device *dev, has_mouse_button = test_bit(BTN_LEFT, bitmask_key); has_rel_coordinates = test_bit(EV_REL, bitmask_ev) test_bit(REL_X, bitmask_rel) test_bit(REL_Y, bitmask_rel); has_mt_coordinates = test_bit(ABS_MT_POSITION_X, bitmask_abs) test_bit(ABS_MT_POSITION_Y, bitmask_abs); + +/* unset has_mt_coordinates if devices claims to have all abs axis */ +if(has_mt_coordinates test_bit(ABS_MT_SLOT, bitmask_abs) test_bit(ABS_MT_SLOT - 1, bitmask_abs)) +has_mt_coordinates = false; is_direct = test_bit(INPUT_PROP_DIRECT, bitmask_props); has_touch = test_bit(BTN_TOUCH, bitmask_key); /* joysticks don't necessarily have buttons; e. g. -- 2.1.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Partially revert ma-setup: simplify
On Mon, Jun 01, 2015 at 12:36:25PM -0400, Mimi Zohar wrote: On Mon, 2015-06-01 at 11:57 -0400, Mimi Zohar wrote: On Mon, 2015-06-01 at 10:36 -0400, Zbigniew Jędrzejewski-Szmek wrote: --- OK, that's strange. Because the error message comes from copy_bytes() failing, and in copy_bytes() EINVAL could only originate in loop_write(), unless I'm missing something. Can you check the following patch, which essentially reverts to the old copy method? Zbyszek With minor include changes to have it apply cleanly, the IMA policy is loaded properly. OK, thanks for testing. Unfortunately, because of recent attempt at github migration I lost my write rights. I'll push the patch as soon as I get them back :) Zbyszek FYI, by commenting out try_sendfile() in copy_bytes, the policy is also loaded properly. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Starting up service after my openvpn connection turns up
В Mon, 1 Jun 2015 16:36:38 -0400 Matthew Karas mkarasc...@gmail.com пишет: I am trying to start a dropbear service after my openvpn service starts up. --- [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service Wants=openvpn@equipment.service After=openvpn@equipment.service --- But I would like to start up the service after tun0 interface is available (made by openvpn). How do I find out what to put in Wants and After for tun0? I can't seem to find anything related Also if there is a better way to get dropbear to start after tun0 has appeared I'm open to doing that as well. My goal is to have my ssh server only look at my openvpn address and ignore ssh requests that are not from the vpn iface. I'm thinking I can do this with a script setting up drop bear with the -p option (and looking for my tun0 ip4 address and using it). What about using OpenVPN hooks to start service after connection is established? You can pass it (service) interface name and bind it to interface so it is automatically stopped when interface is teared down. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [ANNOUNCE] Git development moved to github
Hey David, David Herrmann [2015-06-01 20:12 +0200]: As of today we've disabled git-push to fd.o. The official development git repository is now at github [1]. Can you copy the committer list from fd.o? Right now it seems the only person that can actually push to systemd-devs/systemd is you (https://github.com/orgs/systemd-devs/people). Or is that on purpose, and all committers should now work in their own branches, and some bot processes pull requests? That's a very interesting model, especially if pulls/merges are gated by build and make check at least. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Visible pull requests on github? [was: [PATCH] mount-setup: create /run/systemd/netif/links/ before accessing]
Hello all, systemd github import bot [2015-06-01 20:06 -]: Patchset imported to github. Pull request: https://github.com/systemd-devs/systemd/compare/master...systemd-mailing-devs:1433186201-32678-1-git-send-email-r.schwebel%40pengutronix.de I've seen these imported into github messages for quite a while, but why don't these actually appear on https://github.com/systemd-devs/systemd/pulls ? This only has three (open) pull requests. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [systemd-commits] load-fragment: use UNESCAPE_RELAX flag to parse exec directives
Hi, Not sure I agree with the commit below. (In particular as I'm looking at converting this code into using unquote_first_word.) On Mon, Jun 1, 2015 at 9:10 AM, Daniel Mack zon...@kemper.freedesktop.org wrote: commit 22874a348fb1540c1a2b7907748fc57c9756a7ed Author: Daniel Mack dan...@zonque.org Date: Mon Jun 1 17:49:04 2015 +0200 load-fragment: use UNESCAPE_RELAX flag to parse exec directives The cunescape() helper function used to handle unknown escaping sequences gracefully by copying them over verbatim. Commit 527b7a42 (util: rework cunescape(), improve error handling) added a flag to make that behavior optional, and changed to default to error out with -EINVAL otherwise. However, config_parse_exec(), which is used to parse the Exec{Start,Stop}{Post,Pre,} directives of unit files, was not changed along with that commit, which means that directives with improperly escaped command line strings are no longer parsed. Relevant bugreports include: https://bugs.freedesktop.org/show_bug.cgi?id=90794 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787256 Fix this by passing UNESCAPE_RELAX to config_parse_exec() in order to restore the original behavior. diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index c95c110..df5fe6f 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -610,7 +610,7 @@ int config_parse_exec( else skip = strneq(word, \\;, MAX(l, 1U)); -r = cunescape_length(word + skip, l - skip, 0, c); +r = cunescape_length(word + skip, l - skip, UNESCAPE_RELAX, c); if (r 0) { log_syntax(unit, LOG_ERR, filename, line, r, Failed to unescape command line, ignoring: %s, rvalue); r = 0; So, my problem with it is that the bug's expectation is that backslashes inside single quotes will remain as backslashes, as the example is a regexp '\w+@\K[\d.]+'. But this is not true here!!! It's only fixing it for the particular cases that are not escape sequences yet. For instance, what if I'm doing a parameter that is a regexp that is looking for a word boundary and I want to use '\b'? systemd with the current patch will (still) turn this into a backspace character. Right now the systemd quoting rules do *not* match the shell quoting rules. (In fact, this is akin to a bug complaining that variables in systemd do not match shell variables. That's indeed the case, but it doesn't make it a bug. It's working as documented and as intended.) I'd be ok with changing the rules so that backslash inside single quotes remains a literal backslash, as I think we have the two kinds of quotes (single quotes and double quotes) and I don't think it would hurt to make them work a little bit closer to how the shell works... (Though we'll keep expanding variables inside single quotes?) In that case (of making backslashes stay literal inside single quotes) I think the best way forward is complete the conversion to unquote_first_word and then update unquote_first_word to introduce those rules (essentially, just get rid of the SINGLE_QUOTE_ESCAPE rule would do.) Cheers, Filipe ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel