[systemd-devel] How to get rid of audit logs only from the systemd journal?
I'm using AppArmor and it sometimes returns many audit logs. By default there was something like this in the journal: ... audit[1397]: AVC apparmor= ... ... kernel: audit: type=1400 audit(1523275695.613:76): apparmor= ... So there are two entries and they carry the same message. So the message is doubled. The first message disappears when systemd-journald-audit.socket is masked, but what about the second message? Basically I want to remove the AppArmor logs only from the journal and not from the whole system. They could be logged by rsyslog and placed in some file/FIFO device. Is there a way to get rid of the second message from the journal only somehow? -- Morfik signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to set primary slave in active-backup mode (bonding)
On Tue, 19 May 2015 18:12:15 +0200 Tom Gundersen t...@jklm.no wrote: On Thu, Apr 9, 2015 at 4:29 PM, Mikhail Morfikov mmorfi...@gmail.com wrote: I usually have two network interfaces on my laptops (one eth and one wlan), and when I was using sysvinit I also was configuring the bond interface via the /etc/network/interfaces file so the two interfaces could work in the active-backup mode. But now, they work in balance-rr mode which is set via the .netdev file. The problem with this mode is that when you have, let's say wifi 30mbit/s and wired 100mbit/s, you can get 60mbit/s max, and that's why I wanted to use the active-backup mode which switches from wire to wifi and vice versa depending on whether the ethernet cable is plugged in. Generally speaking, I have to set some additional parameters so this could work well, and that would be: We don't yet fully support all the bonding options. bond-primary eth1 This is not currently supported, I suppose we should add the possibility of marking a slave as 'primary' to the .network file (rather than listing the slave in the .netdev file). bond-primary-reselect always This is PrimaryReselectPolicy=always in the .netdev file. bond-slaves eth1 wlan0 This is achieved by setting Bond= in the .network files applied to eth1 and wlan0. bond-fail-over-mac none This is FailOverMACPolicy=none in the .netdev file, which is also the default, so is redundant. I'm not sure if all of them are necessary, and the question is how to pass these parameters in systemd? I'm asking because in the systemd.netdev manual, in the bond section, these options weren't specified. I hope the above helps, but I suspect you really need the feature to specify the primary slave for this to work as you intended. Happy to take a patch! Cheers, Tom Thank you for the information. pgpa9lyjdGv2A.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Automatic user ACL management
On Mon, 18 May 2015 17:38:33 +0200 Lennart Poettering lenn...@poettering.net wrote: On Sun, 17.05.15 12:46, Mikhail Morfikov (mmorfi...@gmail.com) wrote: As you can read, for instance here ( http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/ ), logind, which is a part of systemd, can set permissions to some devices for user sessions. There's also a vid showing how this kind of behavior works in practice ( https://www.youtube.com/watch?v=qcD4Qr5ldbI ). In short, if you start, let's say, amarok, and you play some song, you will hear the sound till you switch to another user or TTY where you have only the login prompt. That's because the active session became inactive. I know that you can simply add a user (or users) to a specific group, in this case audio, and that will 'fix' this issue, but I'm wondering if there's another solution. What I really want is to set some permissions for the process so it could use the sound card all the time, even when all users have their sessions locked. Is that possible? I'm asking because I often listen to the music and I don't really need my monitor to be on most of the time, so I just lock the screen. But when I lock the screen, the active session becomes inactive and amarok stops playing. And yes, the screen should be locked, and not just turned off. To my knowledge GNOME runs the screen lock from the same session, and thus does not suffer by the problem... Generally, making your process member of the audio group is the way to go, if you want to forego the per-session device access control logic logind implements. You can use /usr/bin/newgrp to join a group for some of your processes only. Lennart Something is wrong. I did the following steps: $ newgrp audio In the log I have the following message: May 18 18:02:19 morfikownia newgrp[80543]: user 'morfik' (login 'morfik' on pts/7) switched to group 'audio' Then I started amarok (in the same terminal): $ amarok $ ps -eo user,group,args | grep amarok morfik audioamarok So it says the process has the audio group, but the sound disappears when I switch to TTY, so nothing has changed. Should this happen, or am I supposed to do something else in order to make it work? pgpupLdQkIvtJ.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Automatic user ACL management
On Mon, 18 May 2015 18:18:57 +0200 Lennart Poettering lenn...@poettering.net wrote: On Mon, 18.05.15 18:16, Mikhail Morfikov (mmorfi...@gmail.com) wrote: Something is wrong. I did the following steps: $ newgrp audio In the log I have the following message: May 18 18:02:19 morfikownia newgrp[80543]: user 'morfik' (login 'morfik' on pts/7) switched to group 'audio' Then I started amarok (in the same terminal): $ amarok $ ps -eo user,group,args | grep amarok morfik audioamarok So it says the process has the audio group, but the sound disappears when I switch to TTY, so nothing has changed. Should this happen, or am I supposed to do something else in order to make it work? you need to run PA with those privs, not your media player. it's pa that needs the access rights to the device nodes, not your media player. Lennart And now it works as expected! :) pgpb3A_nxsNVK.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Automatic user ACL management
As you can read, for instance here ( http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/ ), logind, which is a part of systemd, can set permissions to some devices for user sessions. There's also a vid showing how this kind of behavior works in practice ( https://www.youtube.com/watch?v=qcD4Qr5ldbI ). In short, if you start, let's say, amarok, and you play some song, you will hear the sound till you switch to another user or TTY where you have only the login prompt. That's because the active session became inactive. I know that you can simply add a user (or users) to a specific group, in this case audio, and that will 'fix' this issue, but I'm wondering if there's another solution. What I really want is to set some permissions for the process so it could use the sound card all the time, even when all users have their sessions locked. Is that possible? I'm asking because I often listen to the music and I don't really need my monitor to be on most of the time, so I just lock the screen. But when I lock the screen, the active session becomes inactive and amarok stops playing. And yes, the screen should be locked, and not just turned off. pgp_Aqvr9dWU4.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Automatic user ACL management
On Sun, 17 May 2015 12:55:18 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 17.05.2015 um 12:46 schrieb Mikhail Morfikov: Is that possible? I'm asking because I often listen to the music and I don't really need my monitor to be on most of the time, so I just lock the screen. But when I lock the screen, the active session becomes inactive and amarok stops playing. And yes, the screen should be locked, and not just turned off that's a pulseaudio problem and if you run pulsed as system-wide audio is indepdendent of sessions and you may want to look at MPD which can even start playing music after power on the machine without login I see, I've read this article: http://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/ and I've changed the pulseaudio config file a little bit: allow-module-loading = no allow-exit = no system-instance = yes enable-shm = no exit-idle-time = -20 then I started pulseaudio in the system mode and I was able to play sound all the time. But there's another question -- is there any difference between pulseaudio in system mode and pulseaudio in user mode + adding specific users to the audio group? I mean in the link I had given in the previous post, you can read something like this: By the way, you don't want users permanently added to groups like audio or video. Such user would be able to ssh into the machine while you are using it and spy on you using webcam, microphone etc. Access to such critical peripherals should only be granted for active user. Does this concern pulseaudio in the system mode with users added to the pulse-access group? pgpFtCRkmM3xb.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] KillUserProcesses timeout
This is the log when my system works as usual: (loginctl session-status) 1 - morfik (1000) Since: Sun 2015-04-26 23:19:01 CEST; 18h ago Leader: 1720 (lightdm) Seat: seat0; vc7 Display: :0 Service: lightdm; type x11; class user State: online Unit: session-1.scope ├─ 1720 lightdm --session-child 12 19 ├─ 1764 /usr/bin/gnome-keyring-daemon --daemonize --login ├─ 1766 /usr/bin/openbox --startup /usr/lib/x86_64-linux-gnu/openbox-autostart OPENBOX ├─ 1808 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/morfik/.gnupg/gpg-agent-info-morfikownia /usr/bin/dbus-launch --exit-with-session /usr/bin/openbox-session ├─ 1809 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/morfik/.gnupg/gpg-agent-info-morfikownia /usr/bin/dbus-launch --exit-with-session /usr/bin/openbox-session ├─ 1812 /usr/bin/dbus-launch --exit-with-session /usr/bin/openbox-session ├─ 1813 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session ├─ 1829 compton --config /home/morfik/.config/compton.conf -b ├─ 1844 /usr/bin/urxvtd -q -f -o ├─ 1845 /usr/bin/urxvtd -q -f -o ├─ 1848 tint2 -c /home/morfik/.config/tint2/tint2rc_up ├─ 1849 tint2 -c /home/morfik/.config/tint2/tint2rc_down ├─ 1880 sg p2p -c megasync ├─ 1881 claws-mail ├─ 1883 volumeicon ├─ 1887 megasync ├─ 1888 xfce4-volumed ├─ 1890 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2 ├─ 1911 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd ├─ 1912 tmux attach-session -t system-logs ├─ 1972 tmux attach-session -t system-logs ├─ 2000 zsh -c journalctl -b --no-pager --since -10m | ccze -m ansi systemctl --failed --no-pager | ccze -m ansi journalctl -n 0 -f | ccze -m ansi ├─ 2003 zsh -c cat /dev/log-lxc | ccze -m ansi -p syslog -C ├─ 2004 newsbeuter ├─ 2056 light-locker ├─ 2129 cat /dev/log-lxc ├─ 2131 ccze -m ansi -p syslog -C ├─ 2177 /usr/lib/at-spi2-core/at-spi-bus-launcher ├─ 2180 /usr/lib/dconf/dconf-service ├─ 2184 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3 ├─ 2194 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session ├─ 2546 /usr/bin/pulseaudio --start --log-target=syslog ├─ 2637 journalctl -n 0 -f ├─ 2638 ccze -m ansi ├─ 2640 /usr/lib/pulseaudio/pulse/gconf-helper ├─ 2691 tmux attach-session -t tmux ├─ 2794 -zsh ├─ 2881 su - ├─ 2898 -su ├─ 3557 -zsh ├─15023 conky -c /home/morfik/.conky/.conkyrc_fs ├─15060 conky -c /home/morfik/.conky/.conkyrc ├─15899 conky -c /home/morfik/.conky/1c/.conkyrc_1c └─15900 conky -c /home/morfik/.conky/1b1/.conkyrc_1b1_int Apr 27 13:11:51 morfikownia su[68365]: pam_unix(su:session): session closed for user debian-security-support Apr 27 13:11:51 morfikownia su[68388]: Successful su for debian-security-support by root Apr 27 13:11:51 morfikownia su[68388]: + ??? root:debian-security-support Apr 27 13:11:51 morfikownia su[68388]: pam_unix(su:session): session opened for user debian-security-support by (uid=0) Apr 27 13:11:51 morfikownia su[68388]: pam_unix(su:session): session closed for user debian-security-support Apr 27 13:12:10 morfikownia su[69569]: Successful su for morfik by root Apr 27 13:12:10 morfikownia su[69569]: + ??? root:morfik Apr 27 13:12:10 morfikownia su[69569]: pam_unix(su:session): session opened for user morfik by (uid=0) Apr 27 13:12:10 morfikownia org.freedesktop.Notifications[1813]: (xfce4-notifyd:69577): Gtk-WARNING **: Failed to set text from markup due to error parsing markup: Unknown tag 'p' on line 1 char 20 Apr 27 13:12:12 morfikownia su[69569]: pam_unix(su:session): session closed for user morfik 21 - root (0) Since: Mon 2015-04-27 18:00:08 CEST; 6min ago Leader: 41244 (login) Seat: seat0; vc1 TTY: /dev/tty1 Service: login; type tty; class user State: active Unit: session-21.scope ├─12773 -zsh ├─15435 loginctl session-status 1 21 c1 └─41244 /bin/login -- Apr 27 18:00:08 morfikownia systemd[1]: Started Session 21 of user root. Apr 27 18:00:08 morfikownia systemd[1]: Starting Session 21 of user root. Apr 27 18:00:08 morfikownia
Re: [systemd-devel] KillUserProcesses timeout
On Fri, 24 Apr 2015 19:04:53 +0200 Lennart Poettering lenn...@poettering.net wrote: On Tue, 27.01.15 04:28, Mikhail Morfikov (mmorfi...@gmail.com) wrote: Sorry for the really late reply, still trying to work through piles of mail. Hmm, not sure I follow. It only happens if I'm logged in as root in tmux. The session is shown as closing, that's good. Can you check what systemctl status reports on the scope unit if this hang happens? Lennart I'm not sure if I did the right thing, but there it is. After logout: ● user-1000.slice Loaded: loaded Active: active since Tue 2015-01-27 04:13:31 CET; 8min ago CGroup: /user.slice/user-1000.slice ├─session-7.scope │ ├─32562 gpg-agent -s --enable-ssh-support --daemon --write-env-file /home/morfik/.gpg-agent-info │ ├─32692 tmux attach-session -t logi │ ├─32696 bash -c cat /dev/logi | ccze -m ansi -p syslog -C │ ├─32697 -bash │ ├─32698 newsbeuter │ ├─32702 cat /dev/logi │ ├─32703 ccze -m ansi -p syslog -C │ ├─34376 su - │ └─34393 -su This here is probably the issue: you opened a su session from your session, and that keeps things referenced and open. Lennart Yep, that's the problem, but after 10-20 secs (I don't remember exactly) the session will be closed, and the question was: is there a way to make it faster, I mean without the delay so it would be closed just after the user logged off. pgpeXsbIVxNBY.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journald problems
On Wed, 22 Apr 2015 00:28:12 +0200 Michał Zegan webczat_...@poczta.onet.pl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I have just removed my journal files and restarted journald. I then generated sealing keys, saved the verification key. The system worked for maybe an hour or less, I had to power it off, then it was restarted. I tried to verify the journal. This is what happened: PASS: /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/system.journal 390398: tag failed verification File corruption detected at /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1000.journal:3903 98 (of 8388608 bytes, 44%). FAIL: /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1000.journal (Bad message) 3987a0: tag failed verification File corruption detected at /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1002.journal:3987 a0 (of 8388608 bytes, 44%). FAIL: /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1002.journal (Bad message) 3903a0: tag failed verification File corruption detected at /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1001.journal:3903 a0 (of 8388608 bytes, 44%). FAIL: /var/log/journal/a523e1ef5ffe4b15b9d2698b85e944cd/user-1001.journal (Bad message) What is happening here? It always happens after sealing, no matter what I am doing, all new journal files are corrupted and show this message. Systemd version 219, system is archlinux, kernel 3.19.3-3-ARCH, and filesystem is btrfs if at all important. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJVNs77AAoJEHb1CzgxXKwYldcP/jGnuCyN1hcQvUHgc4ZS+CkW gCEf59TteLYO/7yVQnrAs4gHFJ6WJlFw8+2L1Lt9gpts2h41oQxyPjhfa6578kSB 2ZC+9McpjLqMctn+hBt3GcPyi/vpr7QAm29sBoPpbCl8hCQQeRbGg5dfUnV0q7ot ueXiO2VMW2wYDz3/0gmqCf7Fh+ChWdBTNAZFrTMqP1hLw0xTukazpNFGm8sStgcp TC2p3JlLmmdCXHxPTGnxFj4jVWuYIOzDajh5GZUPlhmlBy48TKSzF+T3ri6zkOr5 +lyDC1fho5P7shdSN07OlGLSeg6JXC193gBB8WEhUwTs29fZzjyChke0dHVq/WSj 2pYpSr5cncxiUnwR5HTAhBRKHctKP8/5Rqmgu9GCEpy52mtuDsHUQQVbckjMaOYj 9Bz1y+pLNVi5v9AeD3wv/TnxEKeIYd4lwfs9pSutrF/KDo3XxPzys+jgbQvDrxVn zbiKW9X8gc0r6P9qQ5p1jcBndW3dstQExNqGSZCgrCckymDxiSzfhjKQe8G/rD/O 29By4j9vbhHRq/gVpo0MWdnn8I1PCAxpqrftxCLmkEUNCgNAn+xIzwe+G6ppmAv7 4ZnbYfvLAz4Fj0g4QmswCXZB+DEqowrHK5N89BWxRSiY19A87l7BeFDzIFytOfkC LHhedmjVTZXNvgTZXyeE =VsvH -END PGP SIGNATURE- ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel It seems you have exactly the same issue that I had. I described the problem here: http://lists.freedesktop.org/archives/systemd-devel/2015-February/028119.html , but no one answered it. I was just testing this sealing feature and forgot about it because I couldn't make it work, and there was no info what to do with the problem. It seems I'm not the only one who has the issue, you have it on archlinux, and I had it on debian, different kernels, and different filesystem types. pgp4xXrSZvggC.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-resolved service ignores UseDNS=false
I think I get it now. I have two interfaces that have different DNS servers set -- bond0 and br_lxc. All of the LXC containers use my router's DNS and everything else uses 127.0.2.1 . The config file for the br_lxc interface looks like this: [Match] Name=br_lxc [Network] Description=LXC bridge configuration DHCP=no LinkLocalAddressing=no Address=192.168.10.100/24 DNS=192.168.1.1 IPForward=true Now the DNS option is empty, and the 192.168.1.1 resolver disappeared from the /etc/resolv.conf file, and this is what I actually wanted, and I've accidentally found the bug. :) I also changed the bond0 interface config file to the following one: [Match] Name=bond0 [Network] Description=Bonded network DHCP=ipv4 LinkLocalAddressing=no DNS= IPForward=true [DHCP] UseDNS=false UseMTU=false SendHostname=true UseHostname=false UseDomains=true UseRoutes=true CriticalConnection=true RequestBroadcast=true And in the /etc/systemd/resolved.conf file I set DNS=127.0.2.1 only, and the two interfaces looks like this: # networkctl status -a ... ● 6: br_lxc Link File: n/a Network File: /etc/systemd/network/30-br_lxc-static.network Type: ether State: no-carrier (configured) Driver: bridge HW Address: 6e:7d:a5:7f:d6:06 MTU: 1500 Address: 192.168.10.100 fe80::6c7d:a5ff:fe7f:d606 ● 7: bond0 Link File: n/a Network File: /etc/systemd/network/50-bond0-dhcp.network Type: ether State: routable (configured) Driver: bonding HW Address: 3c:4a:92:00:4c:5b (Hewlett-Packard Company) MTU: 1500 Address: 192.168.1.150 fe80::3e4a:92ff:fe00:4c5b Gateway: 192.168.1.1 (TP-LINK TECHNOLOGIES CO.,LTD) Domain: mhouse.lh I'm not sure, but shouldn't there be a DNS field pointing to the local 127.0.2.1 address that was set in /etc/systemd/resolved.conf file? It looks like the DNS line in the above log shows only if the DNS= option is set in a corresponding interface config file. pgpywIvfDlXcs.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] How to set primary slave in active-backup mode (bonding)
I usually have two network interfaces on my laptops (one eth and one wlan), and when I was using sysvinit I also was configuring the bond interface via the /etc/network/interfaces file so the two interfaces could work in the active-backup mode. But now, they work in balance-rr mode which is set via the .netdev file. The problem with this mode is that when you have, let's say wifi 30mbit/s and wired 100mbit/s, you can get 60mbit/s max, and that's why I wanted to use the active-backup mode which switches from wire to wifi and vice versa depending on whether the ethernet cable is plugged in. Generally speaking, I have to set some additional parameters so this could work well, and that would be: ... bond-primary eth1 bond-primary-reselect always bond-slaves eth1 wlan0 bond-fail-over-mac none ... I'm not sure if all of them are necessary, and the question is how to pass these parameters in systemd? I'm asking because in the systemd.netdev manual, in the bond section, these options weren't specified. pgpl2qWMR7FIw.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-resolved service ignores UseDNS=false
In the systemd-resolved manual we can read something like this: The DNS servers contacted are determined from the global settings in resolved.conf(5), the per-link static settings in .network files, and the per-link dynamic settings received over DHCP. 1. Let's say that I have set all the three settings, which one will be applied? 2. If I set the global settings via the /etc/systemd/resolved.conf file, for instance: [Resolve] DNS=127.0.2.1 FallbackDNS=208.67.222.222 208.67.220.220 will this local resolver be used all the time, even when dhcp server sends an ip address of other resolver in the network to the client? I don't know how that is supposed to work, but it looks like it doesn't work in the way I thought it would. So I added some entries to this /etc/systemd/network/50-bond0-dhcp.network file: [Match] Name=bond0 [Network] Description=Bonded network DHCP=ipv4 LinkLocalAddressing=no DNS=127.0.2.1 IPForward=true [DHCP] UseDNS=false UseMTU=false SendHostname=true UseHostname=false UseDomains=true UseRoutes=true CriticalConnection=true RequestBroadcast=true And according to the systemd-networkd manual: DNS -- a DNS server address, which must be in the format described in inet_pton(3). This option may be specified more than once. UseDNS -- when true (the default), the DNS servers received from the DHCP server will be used and take precedence over any statically configured ones. (btw, the link to inet_pton is dead) So UseDNS is set to false, and I thought the system will be using the local resolver, but it sometimes uses the local settings and sometimes not -- it depends on restarting the systemd-resolved service, for example: # ls -al /etc/resolv.conf lrwxrwxrwx 1 root root 32 2015-02-27 23:52:39 /etc/resolv.conf - /run/systemd/resolve/resolv.conf # cat /etc/resolv.conf nameserver 127.0.2.1 nameserver 192.168.1.1 search mhouse.lh # systemctl restart systemd-resolved.service # cat /etc/resolv.conf nameserver 192.168.1.1 nameserver 127.0.2.1 search mhouse.lh (I've cut the comments for readability) As you can see, the two resolvers just switched, and it seems that my system tries to use the 192.168.1.1 , but I disabled it for testing on my router. After I ping a domain, I have 10s lag, and then ping go there and back, so it falls back to the local resolver. 3. Shouldn't there be just one resolver in the /etc/resolv.conf file? 4. How to force the system to use the one particular resolver no matter what? I know I could probably do that by creating a static file instead of a link (and maybe chattr +i if necessary), but I want to do this using the systemd native tools if that is possible of course. 5. Is the /etc/resolv.conf file necessary when using systemd? pgpkN7WA1Tn2p.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-fsckd: Couldn't connect to plymouth: Connection refused
This is the full log I got when I tried to mount the device: Mar 14 20:46:08 morfikownia polkitd(authority=local)[1266]: Registered Authentication Agent for unix-process:11439:94979 (system bus name :1.41 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Mar 14 20:46:08 morfikownia systemd[1]: Starting Cryptography Setup for grafi... Mar 14 20:46:08 morfikownia cryptdisks_start[11444]: Starting crypto disk...grafi (starting)... Mar 14 20:46:11 morfikownia cryptdisks_start[11444]: grafi (started)...done. Mar 14 20:46:11 morfikownia systemd[1]: Started Cryptography Setup for grafi. Mar 14 20:46:11 morfikownia systemd[1]: Found device /dev/mapper/grafi. Mar 14 20:46:11 morfikownia systemd[1]: Starting File System Check on /dev/mapper/grafi... Mar 14 20:46:11 morfikownia systemd[1]: Started File System Check Daemon to report status. Mar 14 20:46:11 morfikownia systemd[1]: Starting File System Check Daemon to report status... Mar 14 20:46:12 morfikownia systemd-fsck[11515]: grafi has been mounted 22 times without being checked, check forced. Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:12 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:13 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:13 morfikownia systemd-fsck[11515]: grafi: 21194/1966080 files (4.9% non-contiguous), 7743265/7863808 blocks Mar 14 20:46:13 morfikownia systemd-fsckd[11517]: Couldn't connect to plymouth: Connection refused Mar 14 20:46:13 morfikownia systemd[1]: Started File System Check on /dev/mapper/grafi. Mar 14 20:46:13 morfikownia systemd[1]: Mounting /media/Grafi... Mar 14 20:46:13 morfikownia systemd[1]: Mounted /media/Grafi. Mar 14 20:46:13 morfikownia kernel: EXT4-fs (dm-6): mounted filesystem with ordered data mode. Opts: errors=remount-ro,commit=10 Mar 14 20:46:13 morfikownia polkitd(authority=local)[1266]: Unregistered Authentication Agent for unix-process:11439:94979 (system bus name :1.41, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) That's an encrypted partition, and I open it sometimes after I log into the system because most of the time I don't need it, and I don't want it to be mounted at boot automatically. The device works well after mounting, but what about the systemd-fsckd message? Is there a way to get rid of that? I can't use the systemd-cryptsetup@grafi.service file directly because I use the keyscript=/lib/cryptsetup/scripts/decrypt_derived option in the /etc/crypttab file, and as far as I know, systemd isn't able to use that option, so I had to change the service file a little bit, and it looks like this: [Unit] Description=Cryptography Setup for %I Documentation=man:cryptdisks_start man:cryptdisks_stop man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8) SourcePath=/etc/crypttab DefaultDependencies=no IgnoreOnIsolate=true Before=systemd-fsck@dev-mapper-grafi.service media-Grafi.mount umount.target After=dev-disk-by\x2duuid-d314ed20\x2dffaf\x2d4a18\x2d98a7\x2d91538e79d981.device cryptsetup-pre.target systemd-fsck-root.service BindsTo=dev-mapper-%i.device BindsTo=dev-disk-by\x2duuid-d314ed20\x2dffaf\x2d4a18\x2d98a7\x2d91538e79d981.device Conflicts=umount.target [Service] Type=oneshot RemainAfterExit=yes TimeoutSec=30 ExecStart=/usr/sbin/cryptdisks_start %i ExecStop=/usr/sbin/cryptdisks_stop %i [Install] WantedBy=cryptsetup.target It's basically the same file which was generated by systemd-cryptsetup-generator . I only changed Exec lines so it could use the debian tools that can open the device using the keyscript option. I don't know if that is related in any way to this problem, but I inform
Re: [systemd-devel] systemd-networkd and bonding config
You can use options bonding max_bonds=0 to disable the creation of bond0. That's exactly what I needed: # cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 1000 Up Delay (ms): 5000 Down Delay (ms): 5000 Slave Interface: wlan0 MII Status: up Speed: Unknown Duplex: Unknown Link Failure Count: 0 Permanent HW addr: c0:cb:38:01:f0:f5 Slave queue ID: 0 Slave Interface: eth1 MII Status: going down Speed: 10 Mbps Duplex: half Link Failure Count: 1 Permanent HW addr: 3c:4a:92:00:4c:5b Slave queue ID: 0 There's only one bond interface and also the MAC address is the right one. pgpLXS8DxVp_J.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-networkd and bonding config
Alternatively, if you're attached to the name bond0, you might be able to something like this (not tested with systemd-networkd): /etc/modprobe.d/rename-bond.conf: install bonding /usr/sbin/modprobe --ignore-install bonding \ $CMDLINE_OPTS; /usr/sbin/ip link set dev bond0 down; \ /usr/sbin/ifrename -c /dev/null -i bond0 -n FOO /dev/null It doesn't work. It just removed bond interfaces completely (it doesn't matter whether I use bond0 or bond1): root:~# networkctl IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier configured 2 eth1 ether off configuring 3 ifb0 ether off unmanaged 4 ifb1 ether off unmanaged 5 wlan0wlan degradedconfiguring 6 br_lxc ether no-carrier configured 6 links listed. Maybe I just stay with the bond1 interface. pgpU2SChggEgT.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-networkd and bonding config
The logic here is that when we create a new bond we will create it with these settings, but we will not change the settings of a preexisting bond, as that may have been created by somebody else we don't know about so we figure better leave it alone. The confusing part here is that the kernel will create bond0 with default settings, and we will then not touch that. Ideally there would be a kernel config switch to make it not create default devices like that, but for the moment I think the best solution is to simply call your bond something else. So if you put bond1 everywhere instead things should JustWork(TM). I performed some tests, and I was able to run my system without bond interfaces. So I think there's nothing that could trigger creation of these kind of interfaces. The next thing I did was to create a .netdev file that set bond0 interface (+ the rest of config files), and here's the log: # journalctl -b | grep -i bond Mar 05 05:04:12 morfikownia kernel: bonding: Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Mar 05 05:04:12 morfikownia systemd-networkd[862]: bond0 : netdev ready Mar 05 05:04:12 morfikownia kernel: IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready Mar 05 05:04:12 morfikownia kernel: bonding: bond0: Enslaving wlan0 as an active interface with an up link Mar 05 05:04:12 morfikownia kernel: IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready Mar 05 05:04:12 morfikownia systemd-networkd[862]: bond0 : bond0 : could not bring up interface: Invalid argument Mar 05 05:04:12 morfikownia kernel: bonding: bond0: Enslaving eth1 as an active interface with an up link Mar 05 05:04:12 morfikownia systemd-networkd[862]: bond0 : gained carrier Mar 05 05:04:19 morfikownia systemd-networkd[862]: bond0 : DHCPv4 address 192.168.1.113/24 via 192.168.1.1 Mar 05 05:04:19 morfikownia systemd-networkd[862]: bond0 : link configured As you can see, there's nothing before it, so I don't understand why the bond0 interface has some problems. Anyway, I changed the files and set bond1 instead of bond0, and here's the log: root:~# journalctl -b | grep -i bond Mar 05 05:09:18 morfikownia kernel: bonding: Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Mar 05 05:09:18 morfikownia kernel: bonding: bond1: Setting MII monitoring interval to 1000 Mar 05 05:09:18 morfikownia kernel: bonding: bond1: Setting up delay to 5000 Mar 05 05:09:18 morfikownia kernel: bonding: bond1: Setting down delay to 5000 Mar 05 05:09:18 morfikownia systemd-networkd[945]: bond1 : netdev ready Mar 05 05:09:19 morfikownia kernel: bonding: bond1: Enslaving wlan0 as an active interface with a down link Mar 05 05:09:19 morfikownia systemd-networkd[945]: bond1 : gained carrier Mar 05 05:09:19 morfikownia systemd-networkd[945]: bond1 : bond1 : could not bring up interface: Invalid argument Mar 05 05:09:19 morfikownia systemd-networkd[945]: bond1 : lost carrier Mar 05 05:09:19 morfikownia systemd-networkd[945]: bond1 : DHCPv4 connection considered system critical, ignoring request to reconfigure it. Mar 05 05:09:19 morfikownia kernel: bonding: bond1: Enslaving eth1 as an active interface with a down link Mar 05 05:09:20 morfikownia kernel: bonding: bond1: link status up for interface wlan0, enabling it in 0 ms Mar 05 05:09:20 morfikownia kernel: bonding: bond1: link status definitely up for interface wlan0, 0 Mbps full duplex Mar 05 05:09:20 morfikownia kernel: bonding: bond1: first active interface up! Mar 05 05:09:20 morfikownia systemd-networkd[945]: bond1 : gained carrier Mar 05 05:09:22 morfikownia systemd-networkd[945]: bond1 : DHCPv4 address 192.168.1.150/24 via 192.168.1.1 Mar 05 05:09:22 morfikownia systemd-networkd[945]: bond1 : link configured It's a little bit longer, and as you can see there's just bond1 info and nothing concerning bond0. Also the MAC address changed in this point -- it looks like the bond0 interface caused that problem. I thougt that the only one interface was created, but there were two of them. The bond0 interface looks like this: root:~# cat /proc/net//bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: down MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 and the other one: root:~# cat /proc/net//bonding/bond1 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 1000 Up Delay (ms): 5000 Down Delay (ms): 5000 Slave Interface: wlan0 MII Status: up Speed: Unknown Duplex: Unknown Link Failure Count: 0 Permanent HW addr: c0:cb:38:01:f0:f5 Slave queue ID: 0 Slave Interface: eth1 MII Status: down Speed: 10 Mbps Duplex: half Link Failure Count: 0 Permanent HW addr: 3c:4a:92:00:4c:5b Slave queue ID: 0 and the bond1 works as
[systemd-devel] systemd-networkd and bonding config
I've just finished migration from /etc/init.d/networking script to systemd-networkd solution, and I just wanted to ask a couple of things. First, I have two interfaces -- one wire (eth1) and one wifi (wlan0), and I want them to be bonded into one bond0 interface. I had that solution when I was using sysvinit, and, so far, I haven't played with the network settings. After some reading, I managed to set the exact same setup and it works, more or less. Here are the questions: 1. How to set a MAC address to the bond0 interface? So far, I created 05-bond0.link file: # cat /etc/systemd/network/05-bond0.link [Match] Driver=bonding Name=bond0 [Link] MACAddress=3c:4a:92:00:4c:5b The MAC address is the MAC address of the eth1 interface. Is this the right way to do it? 2. I noticed that the bonding information is bugged for some reason, I mean, when you check it under: # cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: wlan0 MII Status: up Speed: Unknown Duplex: Unknown Link Failure Count: 0 Permanent HW addr: c0:cb:38:01:f0:f5 Slave queue ID: 0 Slave Interface: eth1 MII Status: up Speed: 10 Mbps Duplex: half Link Failure Count: 0 Permanent HW addr: 3c:4a:92:00:4c:5b Slave queue ID: 0 it gives you the proper interfaces, but Up/Down Delay are set to 0 and Link Failure Count doesn't count anything. The Bonding Mode is also wrong. This is the bonding file for networkd : # cat 20-bond0.netdev [NetDev] Description=Bonding interface Name=bond0 Kind=bond MACAddress=3c:4a:92:00:4c:5b [Bond] Mode=active-backup MIIMonitorSec=200 UpDelaySec=1000 DownDelaySec=1000 Is the information bugged, or should I check some other file in order to see the bonding settings? 3. I don't know why, but sometimes (at boot stage) I get the following error message: # journalctl -b -1 -u systemd-networkd -- Logs begin at Sun 2015-02-22 21:48:12 CET, end at Sat 2015-02-28 12:33:57 CET. -- Feb 28 12:08:26 morfikownia systemd[1]: Starting Network Service... Feb 28 12:08:27 morfikownia systemd-networkd[1165]: bond0 : netdev ready Feb 28 12:08:27 morfikownia systemd-networkd[1165]: br_lxc : netdev ready Feb 28 12:08:27 morfikownia systemd-networkd[1165]: Enumeration completed Feb 28 12:08:27 morfikownia systemd[1]: Started Network Service. Feb 28 12:08:27 morfikownia systemd-networkd[1165]: ifb0: lost carrier Feb 28 12:08:27 morfikownia systemd-networkd[1165]: ifb1: lost carrier Feb 28 12:08:27 morfikownia systemd-networkd[1165]: ifb0: gained carrier Feb 28 12:08:27 morfikownia systemd-networkd[1165]: ifb1: gained carrier Feb 28 12:08:28 morfikownia systemd-networkd[1165]: bond0 : bond0 : could not bring up interface: Invalid argument Feb 28 12:08:28 morfikownia systemd-networkd[1165]: br_lxc : br_lxc : could not bring up interface: Invalid argument Feb 28 12:08:28 morfikownia systemd-networkd[1165]: br_lxc : link configured Feb 28 12:08:28 morfikownia systemd-networkd[1165]: wlan0 : wlan0 : could not join netdev: Operation not permitted Feb 28 12:08:28 morfikownia systemd-networkd[1165]: wlan0 : failed Feb 28 12:08:28 morfikownia systemd-networkd[1165]: eth1: link configured Feb 28 12:08:28 morfikownia systemd-networkd[1165]: lo : link configured Feb 28 12:08:28 morfikownia systemd-networkd[1165]: bond0 : gained carrier Feb 28 12:08:34 morfikownia systemd-networkd[1165]: wlan0 : gained carrier Feb 28 12:11:02 morfikownia systemd-networkd[1165]: wlan0 : lost carrier But after the boot stage, when I restart the systemd-networkd service, everything works just fine. Feb 28 12:14:52 morfikownia systemd[1]: Starting Network Service... Feb 28 12:14:53 morfikownia systemd-networkd[1103]: bond0 : netdev ready Feb 28 12:14:53 morfikownia systemd-networkd[1103]: br_lxc : netdev ready Feb 28 12:14:53 morfikownia systemd-networkd[1103]: Enumeration completed Feb 28 12:14:53 morfikownia systemd-networkd[1103]: ifb0: lost carrier Feb 28 12:14:53 morfikownia systemd-networkd[1103]: ifb1: lost carrier Feb 28 12:14:53 morfikownia systemd-networkd[1103]: ifb0: gained carrier Feb 28 12:14:53 morfikownia systemd[1]: Started Network Service. Feb 28 12:14:53 morfikownia systemd-networkd[1103]: ifb1: gained carrier Feb 28 12:14:54 morfikownia systemd-networkd[1103]: bond0 : bond0 : could not bring up interface: Invalid argument Feb 28 12:14:54 morfikownia systemd-networkd[1103]: br_lxc : br_lxc : could not bring up interface: Invalid argument Feb 28 12:14:54 morfikownia systemd-networkd[1103]: br_lxc : link configured Feb 28 12:14:54 morfikownia
[systemd-devel] Cgroup limits for user processes
What is the best way to set cgroup limits for user processes? I mean the individual processes. I know that you can set limits for user.slice, but how to set limits for, let's say, firefox? I tried to make a service file for firefox, it looks like this: [Unit] Description=Firefox Web Browser Documentation=https://www.mozilla.org/ After=graphical.target Before=shutdown.target [Service] Environment=DISPLAY=:0 User=morfik Type=simple ExecStart=/opt/firefox/firefox -new-instance -ProfileManager Restart=no RemainAfterExit=no Nice=5 IOSchedulingClass=best-effort IOSchedulingPriority=3 OOMScoreAdjust=500 CPUShares=512 MemoryLimit=300M BlockIOWeight=256 The parameters are just for testing purposes, and of course the unit is a system unit. I tested it with: morfik:~$ systemctl start firefox.service AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: morfik Password: AUTHENTICATION COMPLETE === and the service starts. The nice parameters are set, so are the cgroups: morfik:~$ systemctl status firefox ● firefox.service - Firefox Web Browser Loaded: loaded (/etc/systemd/system/firefox.service; static; vendor preset: enabled) Active: active (running) since Wed 2015-02-18 12:11:49 CET; 1min 46s ago Docs: https://www.mozilla.org/ Main PID: 60773 (firefox) Memory: 259.2M (limit: 300.0M) CGroup: /system.slice/firefox.service └─60773 /opt/firefox/firefox -new-instance -ProfileManager I didn't really like the way I stared the firefox, so I tried to move the service from the system to the user dir. I also changed a little bit the unit file -- the user and env lines were removed. After the change, I started the service in order to test whether it works or not: morfik:~$ systemctl --user daemon-reload morfik:~$ systemctl --user start firefox.service morfik:~$ systemctl --user status firefox.service ● firefox.service - Firefox Web Browser Loaded: loaded (/etc/systemd/user/firefox.service; static; vendor preset: enabled) Active: active (running) since Wed 2015-02-18 12:20:56 CET; 19s ago Docs: https://www.mozilla.org/ Main PID: 64082 (firefox) CGroup: /user.slice/user-1000.slice/user@1000.service/firefox.service └─64082 /opt/firefox/firefox -new-instance -ProfileManager It works, but as you can see, there's no cgroup limits. The nice parameters are set correctly, but it looks like the cgroup ones are ignored for some reason. Here are some additional commands: # cat /proc/`pidof firefox`/cgroup 9:blkio:/ 8:cpuset:/ 7:freezer:/ 6:cpu,cpuacct:/ 5:perf_event:/ 4:devices:/user.slice 3:memory:/ 2:net_cls,net_prio:/ 1:name=systemd:/user.slice/user-1000.slice/user@1000.service/firefox.service root:~# systemd-cgls ├─1 /sbin/init splash ├─system.slice │ ├─dbus.service │ │ └─1529 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation ... └─user.slice ├─user-1000.slice │ ├─session-1.scope │ │ ├─ 2027 lightdm --session-child 12 19 ... │ └─user@1000.service │ ├─2031 /lib/systemd/systemd --user │ ├─2032 (sd-pam) │ └─firefox.service │ └─64082 /opt/firefox/firefox -new-instance -ProfileManager └─user-108.slice ├─session-c1.scope │ ├─2013 /usr/bin/dbus-launch --autolaunch 159815709bbc46c29ef786cfc497afd4 --binary-syntax --close-stderr │ ├─2014 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session │ ├─2016 /usr/lib/at-spi2-core/at-spi-bus-launcher │ ├─2020 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3 │ └─2023 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session └─user@108.service ├─1992 /lib/systemd/systemd --user └─1993 (sd-pam) root:~# ls -al /sys/fs/cgroup/systemd/user.slice/user-1000.slice/user@1000.service/firefox.service/ total 0 drwxr-xr-x 2 morfik morfik 0 2015-02-18 12:20:56 ./ drwxr-xr-x 24 morfik morfik 0 2015-02-18 12:20:56 ../ -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 cgroup.clone_children -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 cgroup.procs -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 notify_on_release -rw-r--r-- 1 morfik morfik 0 2015-02-18 12:20:56 tasks BTW, one more thing. Is there a way to set a mark for network packets using unit services? I really need this feature, but I couldn't find any useful information on this subject. pgpEAfAZxmQeG.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] File corruption detected (journalctl --verify --verify-key)
Hello there! I just wanted to ask about the sealing log feature because I can't make it work. I tried to set it up in the following way: I stopped the journald service: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald-dev-log.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald-audit.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald.service Then I removed all files from the journal directory: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# rm -R * Then next thing was to change the config file: # egrep -v ^# /etc/systemd/journald.conf [Journal] Storage=persistent Compress=yes Seal=yes SplitMode=login SyncIntervalSec=10m RateLimitInterval=10s RateLimitBurst=500 SystemMaxUse=300M SystemMaxFileSize=16M RuntimeMaxUse=16M RuntimeMaxFileSize=8M MaxFileSec=2week ForwardToSyslog=no ForwardToKMsg=no ForwardToConsole=no Then I generated the keys: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --setup-keys --interval=60s Generating seed... Generating key pair... Generating sealing key... The new key pair has been generated. The secret sealing key has been written to the following local file. This key file is automatically updated when the sealing key is advanced. It should not be used on multiple hosts. /var/log/journal/159815709bbc46c29ef786cfc497afd4/fss Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 The sealing key is automatically changed every 1min. The keys have been generated for host morfikownia/159815709bbc46c29ef786cfc497afd4. root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al total 12K drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:00:52 ./ drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../ -rw---+ 1 root systemd-journal 482 2015-02-10 02:00:52 fss Then I started the service: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald-dev-log.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald-audit.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald.service root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl status systemd-journald.service ● systemd-journald.service - Journal Service Loaded: loaded (/lib/systemd/system/systemd-journald.service; static; vendor preset: enabled) Active: active (running) since Tue 2015-02-10 02:03:14 CET; 6s ago Docs: man:systemd-journald.service(8) man:journald.conf(5) Main PID: 15359 (systemd-journal) Status: Processing requests... CGroup: /system.slice/systemd-journald.service └─15359 /lib/systemd/systemd-journald Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using 8.0M (max allowed 300.0M, trying to leave 1…00.0M). Feb 10 02:03:14 morfikownia systemd-journal[15359]: Journal started Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. Hint: Some lines were ellipsized, use -l to show in full. root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al total 8.1M drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:03:14 ./ drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../ -rw---+ 1 root systemd-journal 482 2015-02-10 02:03:14 fss -rw-r-+ 1 root systemd-journal 8.0M 2015-02-10 02:03:14 system.journal And here's the thing -- before sealing, there's no problem with the log file: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify --verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 PASS: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal = No sealing yet, 1.794ms of entries not sealed. But after the sealing: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify --verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 0747c0: tag failed verification File corruption detected at /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal:0747c0 (of 8388608 bytes, 5%). FAIL: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal (Bad message) I checked the journal in order to see what's in there: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl -- Logs begin at Tue 2015-02-10 02:03:14 CET, end at Tue 2015-02-10 02:03:14 CET. -- Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using 8.0M (max allowed 300.0M, trying to leave 1.7G f Feb 10 02:03:14 morfikownia systemd-journald[259]: Received SIGTERM from PID 1 (systemd). Feb 10
[systemd-devel] Filtering and remote logs
I'm playing with the journal to see what useful things it can do, and I have two questions: 1. Rsyslog has the ability of filtering logs, for instance: if $syslogtag contains something and ($msg contains something-else or $msg contains something-different) then -/var/log/trash.log or something similar. The thing is that some apps produce certain logs, and I don't want them to be logged. Let's say I type journalctl -f in a terminal, and I want to be capable of seeing all the things except the logs I mentioned. I'm aware of the two options (StandardOutput and StandardError) in the [Service] block of a unit file, but even if I used StandardOutput=null I would lose all the logs that ultimately go to the standard output, and I don't want that too. So there's a question -- is there a way to do some filtering with journald ? 2. I'm using rsyslog for two things, one of which I've already mentioned, and the second one is for remote logging using the TLS channel. Is journald able to send logs through network using TLS? 2.1. The bonus questions. Let's say journald is able to send logs via encrypted channel -- what about requests from rsyslog or syslog-ng? Can journald handle them too? pgpdPcHKOGnjP.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Container, private network and socket activation
That indicates that the systemd or apache inside the container do not correctly make use of the the socket passed into them. You need to make sure that inside the container you have pretty much the same .socket unit running as on the host. The ListStream lines must be identical, so that systemd inside the container recognizes the sockets passed in from the host as the ones to use for apache. The only difference for the socket units is that on the host they should activate the container, in the container they should activate apache. ... Well, because the socket wasn't passed on right the connection on it will still be queued after the container exits again. systemd will thus immediately spawn the container again. Basically, if you fix your issue #1, your issue #3 will be magically fixed too. Now I understand the mechanizm, at least I think so. Unfortunately I have apache 2.4.x . I tried to apply the patches Christian Seiler mentioned, but I was unable to build the package. I think I have to wait a little bit longer in order to make it work. Anyway, I tried to reproduce the ssh example (it can be found here: http://0pointer.net/blog/projects/socket-activated-containers.html) just for testing purposes, and I dont't experience the rebooting issue anymore, but there's another thing: morfik:~$ ssh -p 23 192.168.10.10 ^C morfik:~$ ssh -p 23 192.168.10.10 ssh: connect to host 192.168.10.10 port 23: Connection refused The container started when I had tried to connect for the first time, but I couldn't connect to this port after that, and I have no idea why. I tried to figure out what went wrong, but I failed. # machinectl status debian-tree -l --no-pager debian-tree Since: Thu 2015-02-05 00:21:41 CET; 1min 16s ago Leader: 103953 (systemd) Service: nspawn; class container Root: /media/Kabi/debian-tree Address: 192.168.10.10 fe80::1474:8dff:fe79:6b44 OS: Debian GNU/Linux 8 (jessie) Unit: machine-debian\x2dtree.scope ├─103953 /lib/systemd/systemd 3 └─system.slice ├─dbus.service │ └─104069 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation ├─cron.service │ └─104043 /usr/sbin/cron -f ├─apache2.service │ ├─104481 /usr/sbin/apache2 -k start │ ├─104485 /usr/sbin/apache2 -k start │ ├─104511 /usr/sbin/apache2 -k start │ ├─104512 /usr/sbin/apache2 -k start │ ├─104513 /usr/sbin/apache2 -k start │ ├─104515 /usr/sbin/apache2 -k start │ └─104516 /usr/sbin/apache2 -k start ├─system-sshd.slice │ └─sshd@0-192.168.10.10:23-192.168.10.10:51767.service │ ├─104041 sshd: [accepted] │ └─104042 sshd: [net] ├─systemd-journald.service │ └─103975 /lib/systemd/systemd-journald ├─systemd-logind.service │ └─104046 /lib/systemd/systemd-logind ├─mysql.service │ ├─104090 /bin/sh /usr/bin/mysqld_safe │ └─104453 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port= ├─console-getty.service │ └─104208 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102 └─rsyslog.service └─104088 /usr/sbin/rsyslogd -n Then I logged into the container: root:~# machinectl login debian-tree ... root@www:/home/morfik# netstat -tupan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 192.168.10.10: 0.0.0.0:* LISTEN 483/mysqld tcp6 0 0 :::80 :::*LISTEN 511/apache2 tcp6 0 0 :::22 :::*LISTEN 1/systemd tcp6 0 0 :::443 :::*LISTEN 511/apache2 Nothing listens on the port 23, why? Still inside of the container: root@www:/home/morfik# tree /etc/systemd/system /etc/systemd/system |-- getty.target.wants | `-- getty@tty1.service - /lib/systemd/system/getty@.service |-- multi-user.target.wants | |-- cron.service - /lib/systemd/system/cron.service | |-- remote-fs.target - /lib/systemd/system/remote-fs.target | `-- rsyslog.service - /lib/systemd/system/rsyslog.service
Re: [systemd-devel] Container, private network and socket activation
Hmm, to implement something like this I think the best option would be to set up the interface to later pass to the container first on the host, then listen on the container's IP address on the host. When a connection comes in the container would have to be started via socket activation, and would then have to take over the container interface (with --network-interface=), so that all further connections are delivered directly to the container and the host is not involved anymore. I managed to set this up. In short: # ip link add type veth # ip addr add 192.168.10.10/24 brd + dev veth1 # ip addr add 192.168.10.20/24 brd + dev veth0 # ip link set veth1 up # ip link set veth0 up # brctl addif br_lxc veth0 This sets two interfaces, one of which (veth1) goes to the container via the following service file: [Unit] Description=My little container [Service] Type=simple KillMode=process ExecStart=/usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ \ --network-interface=veth1 \ --bind /media/Kabi/apache/:/apache/ \ --bind /media/Kabi/backup_packages/apt/archives/:/var/cache/apt/archives/ \ --bind /media/Kabi/repozytorium:/repozytorium \ 3 In addition, I have my bridge interface set: auto br_lxc iface br_lxc inet static address 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255 bridge_ports none bridge_waitport 0 bridge_fd 0 The next thing is to socket activate the container through this file: [Unit] Description=The HTTP/HTTPS socket of my little container [Socket] ListenStream=192.168.10.10:80 ListenStream=192.168.10.10:443 When I start the socket, I get: root:~# systemctl start mycontainer.socket root:~# systemctl status mycontainer.socket ● mycontainer.socket - The HTTP/HTTPS socket of my little container Loaded: loaded (/etc/systemd/system/mycontainer.socket; static; vendor preset: enabled) Active: active (listening) since Wed 2015-02-04 04:00:51 CET; 1s ago Listen: 192.168.10.10:80 (Stream) 192.168.10.10:443 (Stream) Feb 04 04:00:51 morfikownia systemd[1]: Listening on The HTTP/HTTPS socket of my little container. That's all for the host. In the container I had to configure the passed interface via /etc/network/interface : auto veth1 iface veth1 inet static address 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255 gateway 192.168.10.100 And that's it. This setup works. I mean, when I type in my firefox http://192.168.10.10, the container boots and I'm able to browse the page. Now I have some questions: 1. When I try to connect for the very first time, I get a timeout, even though the container is working. I can cancel the connection immediately, and reconnect after 2-3 sec and then the page shows up. All subsequent connections work without a problem, just the first one gets a timeout. Is there a way to fix this, so the first connection that boots the system could be somehow delayed, so after a while the page would show up? 2. Is there a way to shut down the container automatically after some period of inactivity? Let's say there's no traffic for 30min, and after this time the container goes down. 3. How to stop the container manually? I'm asking because when I try via systemctl stop mycontainer.service , it stops, but: ... Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Halting system. Feb 04 04:15:58 morfikownia systemd-machined[14353]: Machine debian-tree terminated. Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Container debian-tree has been shut down. Feb 04 04:15:58 morfikownia systemd[1]: Starting My little container... Feb 04 04:15:58 morfikownia systemd[1]: Stopping Container debian-tree. Feb 04 04:15:58 morfikownia systemd[1]: Stopped Container debian-tree. Feb 04 04:15:58 morfikownia kernel: br_lxc: port 1(veth0) entered disabled state Feb 04 04:15:58 morfikownia kernel: device veth0 left promiscuous mode Feb 04 04:15:58 morfikownia kernel: br_lxc: port 1(veth0) entered disabled state Feb 04 04:15:58 morfikownia systemd-nspawn[15325]: Spawning container debian-tree on /media/Kabi/debian-tree. Feb 04 04:15:58 morfikownia systemd-nspawn[15325]: Press ^] three times within 1s to kill container. Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service: main process exited, code=exited, status=237/n/a Feb 04 04:15:58 morfikownia systemd[1]: Failed to start My little container. Feb 04 04:15:58 morfikownia systemd[1]: Unit mycontainer.service entered failed state. Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service failed. Feb 04 04:15:58 morfikownia systemd[1]: Starting My little container... Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service: main process exited, code=exited, status=237/n/a Feb 04 04:15:58 morfikownia systemd[1]: Failed to start My little container. Feb 04 04:15:58 morfikownia systemd[1]: Unit mycontainer.service entered failed state. Feb 04 04:15:58
Re: [systemd-devel] Container, private network and socket activation
Also note that using socket activation for cotnainers means that systemd instance inside the container also needs to have configuration for the socket, to pass it on to the service that ultimately shall answer for it. Are you sure that apache2 has support for that, and that you set it up? Actually, I just want to start the container when someone else tries to connect to the port 80 of the host, just using the container's IP address. So, for instance, my host has IP 192.168.1.150, the container has IP 192.168.10.10 , and I want to type the second address in a web browser so the system in the container could boot and start apache. Then I could browse the page that is hosted by the apache server inside of the container. I'm not sure if that's even possible, but apache inside of the container starts at boot automatically, so I think there's no need for setting anything in the container -- please correct me if I'm wrong. pgpZjLYp3PFB1.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Container, private network and socket activation
I've set up a container via systemd-nspawn tool, and I wanted to use the private network feature. The line that launches the container includes --network-bridge= and --network-veth options. The whole systemd .service file looks like this: [Unit] Description=My little container [Service] Type=simple KillMode=process ExecStart=/usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ \ --network-bridge=br_lxc \ --network-veth \ --bind /media/Kabi/apache/:/apache/ \ --bind /media/Kabi/backup_packages/apt/archives/:/var/cache/apt/archives/ \ --bind /media/Kabi/repozytorium:/repozytorium \ 3 The bridge interface was created through the /etc/network/interface file, and it looks as follows: auto br_lxc iface br_lxc inet static address 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255 bridge_ports none bridge_waitport 0 bridge_fd 0 The container is able to boot: # systemctl status mycontainer.service ● mycontainer.service - My little container Loaded: loaded (/etc/systemd/system/mycontainer.service; static; vendor preset: enabled) Active: active (running) since Tue 2015-02-03 01:57:24 CET; 12s ago Main PID: 84905 (systemd-nspawn) CGroup: /system.slice/mycontainer.service └─84905 /usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ --network-bridge=br_lxc --network-veth --bind /media/Kabi/apache/:/apache/ --bind /media/Kabi/backup_packages/apt/arch... Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started Console Getty. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Reached target Login Prompts. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started System Logging Service. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started Cleanup of Temporary Directories. Feb 03 01:57:27 morfikownia systemd-nspawn[84905]: [ OK ] Started LSB: Start and stop the mysql database server daemon. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Started LSB: Apache2 web server. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Reached target Multi-User System. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: Starting Update UTMP about System Runlevel Changes... Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Started Update UTMP about System Runlevel Changes. Feb 03 01:57:29 morfikownia systemd-nspawn[84905]: Debian GNU/Linux 8 www console # machinectl MACHINE CONTAINER SERVICE debian-tree container nspawn 1 machines listed. # machinectl status debian-tree debian-tree Since: Tue 2015-02-03 01:57:24 CET; 2min 54s ago Leader: 84906 (systemd) Service: nspawn; class container Root: /media/Kabi/debian-tree Iface: br_lxc Address: 192.168.10.10 fe80::541b:d0ff:febc:c38c%7 OS: Debian GNU/Linux 8 (jessie) Unit: machine-debian\x2dtree.scope ├─84906 /lib/systemd/systemd 3 └─system.slice ├─dbus.service │ └─85024 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation ├─cron.service │ └─85003 /usr/sbin/cron -f ├─apache2.service │ ├─85427 /usr/sbin/apache2 -k start │ ├─85454 /usr/sbin/apache2 -k start │ ├─85485 /usr/sbin/apache2 -k start │ ├─85486 /usr/sbin/apache2 -k start │ ├─85488 /usr/sbin/apache2 -k start │ ├─85489 /usr/sbin/apache2 -k start │ └─85491 /usr/sbin/apache2 -k start ├─systemd-journald.service │ └─84941 /lib/systemd/systemd-journald ├─systemd-logind.service │ └─85006 /lib/systemd/systemd-logind ├─mysql.service │ ├─85057 /bin/sh /usr/bin/mysqld_safe │ └─85415 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run... ├─console-getty.service │ └─85055 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102 └─rsyslog.service └─85051 /usr/sbin/rsyslogd -n Inside of the container I added the following configuration to its network interface: auto host0 iface host0 inet static address 192.168.10.10 network 192.168.10.0/24 netmask 255.255.255.0 broadcast 192.168.10.255 gateway 192.168.10.100 Communication works (ping from the container): root@www:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52
[systemd-devel] KillUserProcesses timeout
I'm using standalone Openbox and when I log out by killing Xserver (ctrl+alt+backspace), some processes stay alive even though the user logged out completely. I know there's a KillUserProcesses option in the /etc/systemd/logind.conf file, and it works just fine, but with a little lag. I mean, those processes in question will never exit, and when I'm logging again almost instantly to my box, all those processes will be killed shortly after I log -- because of KillUserProcesses . This concerns, for instance, tmux or gpg-agent -- I want them in my session, but I also want to kill them on logout. The question is how to set a timeout option for this KillUserProcesses ? For now I just have to wait 15-20sec to be sure all process exited and that I can log without worrying some processes will be killed after login. pgpPe75IHyPNc.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] KillUserProcesses timeout
Normally, the SIGTERM should be delivered instantly on logout from logind. Unless the PAM session end hook wasn't called or so. If you log in as root, and then reproduce the 20s wait for another user what does loginctl session-status and loginctl user-status say about the session/user that is hanging? Lennart I know where the problem is. I'm using tmux, and when I try to log out and at the same time I'm logged on root in tmux, I get the lag. Here's the situation after logout: morfik (1000) Since: Tue 2015-01-27 01:59:56 CET; 1min 59s ago State: closing Sessions: *3 Unit: user-1000.slice ├─user@1000.service │ ├─3861 /lib/systemd/systemd --user │ └─3863 (sd-pam) └─session-3.scope ├─3957 gpg-agent -s --enable-ssh-support --daemon --write... ├─4082 tmux attach-session -t logi ├─4084 bash -c cat /dev/logi | ccze -m ansi -p syslog -C ├─4085 -bash ├─4086 newsbeuter ├─4088 cat /dev/logi ├─4089 ccze -m ansi -p syslog -C ├─5212 -bash ├─5232 su - ├─5250 -su ├─5269 -bash ├─5289 su - └─5306 -su And that's all of the remaining processes. After ~20s they will be also killed. So, is there a way to kill them without logging out from the root account? pgpShK3TJ6rnJ.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] KillUserProcesses timeout
Hmm, not sure I follow. It only happens if I'm logged in as root in tmux. The session is shown as closing, that's good. Can you check what systemctl status reports on the scope unit if this hang happens? Lennart I'm not sure if I did the right thing, but there it is. After logout: ● user-1000.slice Loaded: loaded Active: active since Tue 2015-01-27 04:13:31 CET; 8min ago CGroup: /user.slice/user-1000.slice ├─session-7.scope │ ├─32562 gpg-agent -s --enable-ssh-support --daemon --write-env-file /home/morfik/.gpg-agent-info │ ├─32692 tmux attach-session -t logi │ ├─32696 bash -c cat /dev/logi | ccze -m ansi -p syslog -C │ ├─32697 -bash │ ├─32698 newsbeuter │ ├─32702 cat /dev/logi │ ├─32703 ccze -m ansi -p syslog -C │ ├─34376 su - │ └─34393 -su └─user@1000.service ├─32466 /lib/systemd/systemd --user └─32467 (sd-pam) Jan 27 04:13:31 morfikownia systemd[1]: Starting user-1000.slice. Jan 27 04:13:31 morfikownia systemd[1]: Created slice user-1000.slice. Jan 27 04:13:31 morfikownia systemd[32466]: pam_unix(systemd-user:session): session opened for user morfik by (uid=0) Jan 27 04:22:07 morfikownia login[32428]: pam_unix(login:session): session closed for user morfik And here's when the processes are dead: ● user-1000.slice Loaded: loaded Active: inactive (dead) Jan 27 04:12:40 morfikownia systemd[31361]: pam_unix(systemd-user:session): session opened for user morfik by (uid=0) Jan 27 04:12:58 morfikownia login[31352]: pam_unix(login:session): session closed for user morfik Jan 27 04:13:18 morfikownia systemd[1]: Stopping user-1000.slice. Jan 27 04:13:18 morfikownia systemd[1]: Removed slice user-1000.slice. Jan 27 04:13:31 morfikownia systemd[1]: Starting user-1000.slice. Jan 27 04:13:31 morfikownia systemd[1]: Created slice user-1000.slice. Jan 27 04:13:31 morfikownia systemd[32466]: pam_unix(systemd-user:session): session opened for user morfik by (uid=0) Jan 27 04:22:07 morfikownia login[32428]: pam_unix(login:session): session closed for user morfik Jan 27 04:22:27 morfikownia systemd[1]: Stopping user-1000.slice. Jan 27 04:22:27 morfikownia systemd[1]: Removed slice user-1000.slice. As you can see, there's 20secs period. pgpvSTe_PrvWP.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] KillUserProcesses timeout
Sorry, but I cannot parse this. Do you want a delay because when logging out and back in you want to be able to reuse your old gpg-agent? Or what precisely is the current behaviour and what do you want it to be instead? Lennart No, I just want to speed it up. Now I have to wait about 20s for KillUserProcesses so it can kill the remaining processes, and I want it to do that, let's say, in 1-2s max, that's it. pgplNvbHIe1FZ.pgp Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel