Re: [systemd-devel] start user-service only with UID greater than 1000

2017-05-09 Thread Jakob Schürz 
Am 2017-05-09 um 18:19 schrieb Mantas Mikulėnas:
> That might be nice... but, how come your services register a logind
> session in the first place? That doesn't happen unless something
> deliberately calls pam_systemd – and the service startup process
> generally doesn't involve calling PAM in the first place. So something
> doesn't add up. (Are you using su?)

Good point!
The User-Session for Debian-exim maybe really come from a su in a
script... I rewrote this script, now the User-Session for Debian-gdm
seems not to be startet again.

But gdm... it starts this service, in case of starting a user-session
for systemd.
This seems to be another Problem, understanding the following answers
from the others in this thread...

Thanks for your suggestion.

Jakob
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] start user-service only with UID greater than 1000

2017-05-09 Thread Michael Biebl 
Afaics, the logind/PAM session for gdm/Debian-gdm is deliberate. gdm
spawns that via gdm-launch-environment, see
/etc/pam.d/gdm-launch-environment, which in turn includes
pam_systemd.so

2017-05-09 20:35 GMT+02:00, Lennart Poettering :
> On Tue, 09.05.17 17:06, Jakob Schürz (wertsto...@nurfuerspam.de) wrote:
>
>> Hi There!
>>
>> I have two services running in systemd --user, which should only be
>> startet for login-users.
>> If i put the service-file by a deb-package in /usr/lib/systemd/user, the
>> service will also be started for Debian-exim, Debian-gdm and other users
>> with a UID below 1000. And this is not "good"...
>
> These users should not have a PAM session normally, and hence no
> logind session either, and hence no systemd --user instance
> either. There's something really strange if you actually do get PAM
> sessions for these... Any idea why you get them?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-resolved continuously switching DNS servers

2017-05-09 Thread Lennart Poettering 
On Tue, 09.05.17 00:42, Kai Krakow (hurikha...@gmail.com) wrote:

> Am Sat, 6 May 2017 14:22:21 +0200
> schrieb Kai Krakow :
> 
> > Am Fri, 5 May 2017 20:18:41 +0200
> > schrieb Lennart Poettering :
> > 
> > > On Fri, 05.05.17 01:01, Kai Krakow (hurikha...@gmail.com) wrote:
> > >   
> > > > Hello!
> > > > 
> > > > Why is systemd-resolved switching DNS servers all day long? This
> > > > doesn't seem to be right...
> > > 
> > > If you turn on debug logging, you should see an explanation right
> > > before each switch. I figure we should choose the log levels more
> > > carefully, so that whenever we switch we also log the reason at the
> > > same level...  
> > 
> > It looks like this all has to do with timeouts:
> 
> Fixed by restarting the router. The cable modem seems to be buggy with
> UDP packets after a lot of uptime: it simply silently drops UDP
> packets at regular intervals, WebUI was also very slow, probably a CPU
> issue.
> 
> I'll follow up on this with the cable provider.
> 
> When the problem starts to show up, systemd-resolved is affected more
> by this than direct resolving. I don't know if there's something that
> could be optimized in systemd-resolved to handle such issues better but
> I don't consider it a bug in systemd-resolved, it was a local problem.

Normally configured DNS servers should be equivalent, and hence
switching them for each retry should not come at any cost, hence,
besides the extra log output, do you experience any real issues?

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] start user-service only with UID greater than 1000

2017-05-09 Thread Lennart Poettering 
On Tue, 09.05.17 17:06, Jakob Schürz (wertsto...@nurfuerspam.de) wrote:

> Hi There!
> 
> I have two services running in systemd --user, which should only be
> startet for login-users.
> If i put the service-file by a deb-package in /usr/lib/systemd/user, the
> service will also be started for Debian-exim, Debian-gdm and other users
> with a UID below 1000. And this is not "good"...

These users should not have a PAM session normally, and hence no
logind session either, and hence no systemd --user instance
either. There's something really strange if you actually do get PAM
sessions for these... Any idea why you get them?

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] start user-service only with UID greater than 1000

2017-05-09 Thread Mantas Mikulėnas 
That might be nice... but, how come your services register a logind session
in the first place? That doesn't happen unless something deliberately calls
pam_systemd – and the service startup process generally doesn't involve
calling PAM in the first place. So something doesn't add up. (Are you using
su?)

(GDM is an exception – the service is not in a logind session, but the
login screen (greeter) *is*, and it might rely on user@ being available
just like a regular GNOME session.)

On Tue, May 9, 2017, 18:09 Jakob Schürz  wrote:

> Hi There!
>
> I have two services running in systemd --user, which should only be
> startet for login-users.
> If i put the service-file by a deb-package in /usr/lib/systemd/user, the
> service will also be started for Debian-exim, Debian-gdm and other users
> with a UID below 1000. And this is not "good"...
>
> Is there a mechanism in systemd --user to start services only for UIDs >
> 1000 (on Debian... other Distros may have the first login-user with
> UID=500... how can i catch this?)
> Or is it possible, to start Units only, if the user is in a special
> unix-group? For example a group called "cups-fuse" or "backup", then the
> service is startet in the users systemd only, if the user is in this group.
>
> For now i have a
>
> [Service]
> ExecStartPre=/bin/sh -c '/usr/bin/test %U -ge 1000'
>
> This produces a failed unit... That is not "beautiful" and leads to
> wrong thoughts, watching the journal.
>
> I need this services really only for logged in real users. Not
> Debian-gdm or Debian-exim. And i need a solution, to activate it per
> package-installation automatically for all the users who should be able
> to login...
>
> Maybe a Condition for a set usershell or another item, which identifies
> a user as a login-user...
>
> Any ideas or suggestions?
>
> regards
>
> jakob
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-- 

Mantas Mikulėnas 
Sent from my phone
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] start user-service only with UID greater than 1000

2017-05-09 Thread Jakob Schürz 
Hi There!

I have two services running in systemd --user, which should only be
startet for login-users.
If i put the service-file by a deb-package in /usr/lib/systemd/user, the
service will also be started for Debian-exim, Debian-gdm and other users
with a UID below 1000. And this is not "good"...

Is there a mechanism in systemd --user to start services only for UIDs >
1000 (on Debian... other Distros may have the first login-user with
UID=500... how can i catch this?)
Or is it possible, to start Units only, if the user is in a special
unix-group? For example a group called "cups-fuse" or "backup", then the
service is startet in the users systemd only, if the user is in this group.

For now i have a

[Service]
ExecStartPre=/bin/sh -c '/usr/bin/test %U -ge 1000'

This produces a failed unit... That is not "beautiful" and leads to
wrong thoughts, watching the journal.

I need this services really only for logged in real users. Not
Debian-gdm or Debian-exim. And i need a solution, to activate it per
package-installation automatically for all the users who should be able
to login...

Maybe a Condition for a set usershell or another item, which identifies
a user as a login-user...

Any ideas or suggestions?

regards

jakob
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] 50-udev-default.rules.in: set correct group for mediaX/cecX

2017-05-09 Thread Lennart Poettering 
On Tue, 09.05.17 09:40, Hans Verkuil (hverk...@xs4all.nl) wrote:

> The /dev/mediaX and /dev/cecX devices belong to the video group.
> Add two default rules for that.
> 
> The /dev/cecX devices were introduced in kernel 4.8 in staging and moved
> out of staging in 4.10. These devices support the HDMI CEC bus.
> 
> The /dev/mediaX devices are much older, but because they are not used very
> frequently nobody got around to adding this rule to systemd. They let the
> user control complex media pipelines.

Next time, please submit patches as PRs on github. I created one for
your patch now:

https://github.com/systemd/systemd/pull/5921

patch looks good btw.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] 50-udev-default.rules.in: set correct group for mediaX/cecX

2017-05-09 Thread systemd github import bot 
Patchset imported to github.
To create a pull request, one of the main developers has to initiate one via:


--
Generated by https://github.com/haraldh/mail2git
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] 50-udev-default.rules.in: set correct group for mediaX/cecX

2017-05-09 Thread Hans Verkuil 
The /dev/mediaX and /dev/cecX devices belong to the video group.
Add two default rules for that.

The /dev/cecX devices were introduced in kernel 4.8 in staging and moved
out of staging in 4.10. These devices support the HDMI CEC bus.

The /dev/mediaX devices are much older, but because they are not used very
frequently nobody got around to adding this rule to systemd. They let the
user control complex media pipelines.

---
 rules/50-udev-default.rules.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index 064f66a97..e55653302 100644
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -34,6 +34,8 @@ SUBSYSTEM=="video4linux", GROUP="video"
 SUBSYSTEM=="graphics", GROUP="video"
 SUBSYSTEM=="drm", GROUP="video"
 SUBSYSTEM=="dvb", GROUP="video"
+SUBSYSTEM=="media", GROUP="video"
+SUBSYSTEM=="cec", GROUP="video"

 SUBSYSTEM=="sound", GROUP="audio", \
   OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
-- 
2.11.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel