Re: [systemd-devel] Make systemd-localed modify the kernel commandline for the initrd keymap?
On Sun, Sep 29, 2019, at 6:08 AM, Lennart Poettering wrote: > i.e maybe write down a spec, that declares how to store settings > shared between host OS, boot loader and early-boot kernel environment > on systems that have no EFI NVRAM, and then we can make use of > that. i.e. come up with semantics inspired by the boot loader spec for > finding the boot partition to use, then define a couple of files in > there for these params. I like the idea in general but it would mean there's no mechanism to "roll back" to a previous configuration by default, which is a quite important part of OSTree (and other similar systems). (Relatedly this is also why ostree extends the BLS spec with an atomically-swappable /boot/loader symlink, though I want to get away from that eventually) That said, maybe one thing we want regardless is a "safe mode" boot that skips any OS customization and will get one booted enough to be able to fix/retry for configuration like this. BTW related to EFI - as you know AWS doesn't support it, and we're making a general purpose OS. Fedora isn't just about desktops, and we need to be careful about doing anything in the OS that diverges from the server side. (That said I only recently discovered that GCP supports it as well as vTPMs, working on "blessing" our Fedora CoreOS images to note they support it https://github.com/coreos/mantle/pull/1060 ) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] user slice changes for uid ranges
On Tue, Oct 1, 2019 at 11:19 AM Stijn De Weirdt wrote: > hello mantas, jeremy, all, > > > wrt the pam script magic, i'm not a big fan, esp because it is optional. > i'd rather have those users not login than that they don't have the > constraints. (but obvioulsy, i really don't want to lock myself out, so > i totally see what you need the optional keyword) > It's as optional as you make it. If the script exits with non-0, pam_exec returns PAM_SYSTEM_ERR and you can treat this as a fatal error. To avoid locking yourself out, either always make it exit 0 for root, or "session [success=1 default=ignore] pam_succeed_if.so user ingroup wheel", etc. -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] user slice changes for uid ranges
hello mantas, jeremy, all, wrt the pam script magic, i'm not a big fan, esp because it is optional. i'd rather have those users not login than that they don't have the constraints. (but obvioulsy, i really don't want to lock myself out, so i totally see what you need the optional keyword) wrt the generators, i'll have a look how those really work and what i could do with them. i like the idea that the user slice settings are only generated when needed (and maybe even cleaned upwhen there are too many old ones to avoid performance issues) searching for info on generators and user slices, i stumbled on https://github.com/systemd/systemd/issues/2556 where this was also mentioned. unfortunaltey, no examples, so if someone can share some examples, that would be great ! anyway, thanks a lot, stijn On 9/29/19 4:07 PM, Jérémy ROSEN wrote: > I don't have a complete solutions, but here are a couple of tools that you > might be able to assemble into something that work > * dropins, you could do a dropin for every existing UID that sets the > Slice= field > * generators : could be used to generate those dropins > * also note that if a unit is named a-b-c.service, systemd will look for > dropins named a-b-.service and a-.service... there might be something to do > with that, but I havn't given it much thought > > Le ven. 27 sept. 2019 à 18:28, Mantas Mikulėnas a > écrit : > >> On Fri, Sep 27, 2019 at 5:03 PM Stijn De Weirdt >> wrote: >> >>> hi all, >>> >>> i'm looking for an "easy" way to set resource limits on a group of users. >>> >>> we are lucky enough that this group of users is within a (although >>> large) high enough range, so a range of uids is ok for us. >>> >>> generating a user-.slice file for every user (or symlink them or >>> whatever) looks a bit cumbersome, and probably not really performance >>> friendly if the range is in eg 100k (possible) uids. >>> >>> e.g. if this range was 100k-200k, i was more looking for a way to do >>> e.g. user-1X.slice or user-10:20.slice >>> >> >> As far as I know there isn't a good systemd-native method for this, but >> you can dynamically set slice parameters during PAM processing, as in this >> blog post: >> https://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu1804SystemdUserLimits >> >> -- >> Mantas Mikulėnas >> ___ >> systemd-devel mailing list >> systemd-devel@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/systemd-devel > > > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] sd-boot kickstart
Hello, I watched the video and presentation https://cfp.all-systems-go.io/media/sdboot-asg2019.pdf I could not agree more! Anaconda/Kickstart install grub as the bootloader. Is there some hidden option to use sd-boot instead or is it necessary to install sd-boot manually after the OS is deployed? Thanks in advance. Regards, Damian ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
