Re: encrypted swap with urandom key problem

2019-06-17 Thread Lennart Poettering
no idea why systemd doesn't see it. Wat does udevadm info on the block device node say? i.e. does the device carry the right tag, does it have SYSTEMD_READY=0 set? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedor

Re: bootctl: no entry could be determined as default (Was: Upgrade to F30 gone wrong)

2019-05-06 Thread Lennart Poettering
do not support either. (Which is a pity of course, since it also means there's no working "systemctl --boot-loader-entry=" support in Fedora, nor "sytemctl kexec" support). Lennart -- Lennart Poettering, Berlin ___ devel mailing l

Re: dropping autogenerated dependency on pkg-config

2019-04-29 Thread Lennart Poettering
aptop. You probably need some base RPM to own the dir /usr/lib64/pkgconfig then, which is currently owned by pkgconf-pkg-config, no? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-25 Thread Lennart Poettering
On Do, 25.04.19 13:14, Przemek Klosowski (przemek.klosow...@nist.gov) wrote: > On 4/25/19 5:14 AM, Lennart Poettering wrote: > > For the hashtable seeds we use classic /dev/urandom (i.e. entropy from > > a possibly non-initialized pool) since it's OK if those seeds are >

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-25 Thread Lennart Poettering
On Mi, 24.04.19 17:28, Björn Persson (Bjorn@rombobjörn.se) wrote: > Lennart Poettering wrote: > >As mentioned before: systemd itself already needs entropy itself (it > >assigns a random 128bit id to each service invocation, dubbed the > >"invocation ID" of it,

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-25 Thread Lennart Poettering
e it's OK if those seeds are crappy initially, as long as they get better over time, since we reseed if we see too many hash collisions. We never use /dev/random or GRND_RANDOM. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- deve

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-25 Thread Lennart Poettering
in fact, you don't get to fix bugs that often by inserting a single character in your sources... ;-) I mean, how is this ever going to be fixed if not by simply dropping rngd from the default install and then fixing everything popping up? You can't fix thes

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-24 Thread Lennart Poettering
egular service, but as kind of an init before the real init. The current mode is just entirely bogus... Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@l

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-24 Thread Lennart Poettering
To reach the point where rngd can be run we already need the pool to be full, and hence rngd can't do any good at all anymore, whatsoever. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send a

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-24 Thread Lennart Poettering
On Mi, 24.04.19 12:02, Nikos Mavrogiannopoulos (n...@redhat.com) wrote: > On Thu, Apr 18, 2019 at 10:23 AM Lennart Poettering > wrote: > > Sure, you can invoke rngd before systemd, in which case it would have > > to be able to run as PID 1 itself pretty much and then ha

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-23 Thread Lennart Poettering
gner" is broken then. It appears to use /dev/random instead of /dev/urandom. if you use the latter, then you can pull out as much randomness as you want, it's not affected by "entropy depletion". See man page about that: http://man7.org/linux/man-pages/

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-23 Thread Lennart Poettering
On Do, 18.04.19 09:16, stan (upai...@zoho.com) wrote: > On Thu, 18 Apr 2019 10:22:27 +0200 > Lennart Poettering wrote: > > > On Mi, 17.04.19 11:29, Japheth Cleaver (clea...@terabithia.org) wrote: > > > > This seems like a false dichotomy, no? Surely, things like t

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-18 Thread Lennart Poettering
dually for each driver judging by how much the device is trusted or not. (Also note that virtio-rng is something systemd automatically loads if it's not around but the environment would support it, and it appears to credit entropy too.) Lennart -- Lennart Poettering, Berlin

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-18 Thread Lennart Poettering
On Mi, 17.04.19 16:05, Chris Murphy (li...@colorremedies.com) wrote: > On Wed, Apr 17, 2019 at 11:36 AM Lennart Poettering > wrote: > > > > Yeah, all that stuff is stuff the kernel could do better on its > > own. If the CPU jitter stuff or the TPM stuff is a good id

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-18 Thread Lennart Poettering
seconds, hit ctl-c to kill cat. Watch what happens to the > entropy. Well, don't use /dev/random. Use /dev/urandom. The official documentation declares /dev/random a "legacy interface". http://man7.org/linux/man-pages/man4/random.4.html Lennart -- Lennart Poettering, Berlin ___

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-18 Thread Lennart Poettering
On Mi, 17.04.19 11:29, Japheth Cleaver (clea...@terabithia.org) wrote: > On 4/17/2019 10:36 AM, Lennart Poettering wrote: > > On Mi, 17.04.19 10:55, Steve Grubb (sgr...@redhat.com) wrote: > > > > > On Wednesday, April 17, 2019 4:38:18 AM EDT Lennart Poettering wrote: >

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-18 Thread Lennart Poettering
On Mi, 17.04.19 13:01, Jason L Tibbitts III (ti...@math.uh.edu) wrote: > >>>>> "LP" == Lennart Poettering writes: > > LP> That's not true anymore. There's a kernel compile time option now > LP> for that in CONFIG_RANDOM_TRUST_CPU=y. And yes, the

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-17 Thread Lennart Poettering
On Mi, 17.04.19 10:55, Steve Grubb (sgr...@redhat.com) wrote: > On Wednesday, April 17, 2019 4:38:18 AM EDT Lennart Poettering wrote: > > On Di, 16.04.19 09:06, Adam Williamson (adamw...@fedoraproject.org) wrote: > > > > > > > > I think all of these are good i

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-17 Thread Lennart Poettering
o, why run a service that is supposed to fill up the entropy pool at a point where we don't need it anymore, and if the kernel can do what it does most likely already on its own? Isn't it time to kick rngd out of the default install, in particular on the workstation image? Isn't keeping it a

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-15 Thread Lennart Poettering
> is being run in an audit event. To my knowledge audit collects the comm name of any process already, no? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fe

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-12 Thread Lennart Poettering
eak Chrome as it will > just ignore the 'at' command execution error due to 'exit 0' a few > lines below it. Just out of curiosity, why does a web browser need a daily chrome job? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@li

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-12 Thread Lennart Poettering
" to do a lot of stuff without password. We require "auth_admin_keep" from pk for the action of enabling lingering. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-12 Thread Lennart Poettering
1) then it is lifecycled (and its processes killed as needed) by the user service manager. And you can configure the way you want killing to behave like you would for any systemd service: with KillMode= in the unit file. Lennart -- Lennart Poettering, Berlin ___

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-11 Thread Lennart Poettering
On Do, 11.04.19 11:32, Przemek Klosowski (przemek.klosow...@nist.gov) wrote: > On 4/11/19 10:16 AM, Lennart Poettering wrote: > > However, that's intended for system services only (i.e. for services > > running as users UID < 1000). For regular users (i.e. human ones, > >

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-11 Thread Lennart Poettering
same feature set as cron. And I wouldn't push users who want cron to use systemd timers instead. But I'd say the semantics and security model we expose in systemd timers is actually better fitting for the various housekeeping jobs we ship along with our various RPMs. Lennart -- Lennart Poette

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-11 Thread Lennart Poettering
ything-else can be nicely done for the same service. Or to say this even differently: service activation in systemd is substantially more powerful than in inetd: it's not exclusively about *on-demand* socket activation, but socket activation is just one form that can neatly be composed with every

Re: Anyone seeing udev failing to start in Rawhide?

2019-04-11 Thread Lennart Poettering
ow-up on this: This does sound a lot like a different iteration of this: https://hansdegoede.livejournal.com/20910.html i.e. turning off enforcing mode might have solved the issue for you. Lennart -- Lennart Poettering, Berlin ___ devel mailing

Re: Anyone seeing udev failing to start in Rawhide?

2019-04-10 Thread Lennart Poettering
ennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-10 Thread Lennart Poettering
Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelin

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-10 Thread Lennart Poettering
nstaller needs them. I mean, it could be as easy that these services remain off, but the installer does a "systemctl enable --now …" on them as soon as it notices it needs them. That way the livesys and the host installed version can be 100% identical, if that'

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-10 Thread Lennart Poettering
ose scripts, can't we make them part of some RPM btw? I filed a bug about that yesterday: https://bugzilla.redhat.com/show_bug.cgi?id=1698119 These scripts are a bit annoying since they are the only SysV scripts left really (not even LSB!), have no purposes on an installed system and live out

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
On Di, 09.04.19 20:12, Richard Hughes (hughsi...@gmail.com) wrote: > On Tue, 9 Apr 2019 at 19:27, Lennart Poettering wrote: > > Hmm? Can you elaborate? Why does fwupd's runtime have something to do > > with display flickers? Not grokking the connection? > > More i

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
On Di, 09.04.19 19:24, Richard Hughes (hughsi...@gmail.com) wrote: > On Tue, 9 Apr 2019 at 19:21, Lennart Poettering wrote: > > Very similar is actually "fwupd", why does that need to run all the > > time? Seems like something that should be bus activatable, and >

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
On Di, 09.04.19 14:16, Cole Robinson (crobi...@redhat.com) wrote: > On 4/9/19 1:09 PM, Zbigniew Jędrzejewski-Szmek wrote: > > On Tue, Apr 09, 2019 at 06:07:09PM +0200, Lennart Poettering wrote: > >> multipathd [...] And beyond that, this daemon is really ugly too: it logs &

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
ike something that should be bus activatable, and exit-on-idle, but why run it all the time? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedora

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
t because the dir doesn't actually exist. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/cod

Re: Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
On Di, 09.04.19 17:09, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: > On Tue, Apr 09, 2019 at 06:07:09PM +0200, Lennart Poettering wrote: > > multipathd [...] And beyond that, this daemon is really ugly too: it logs > >at high log levels during boot that it found n

Can we maybe reduce the set of packages we install by default a bit?

2019-04-09 Thread Lennart Poettering
Heya, today I installed the current Fedora 30 Workstation beta on my new laptop. It was a bumpy ride, I must say (the partitioner (blivet?) crashed five times or so on me, always kicking me out of anaconda again, just because I wanted to undo something). But I don't really want to discuss that.

Re: FYI https://fedoraproject.org/wiki/Changes/CGroupsV2

2019-02-15 Thread Lennart Poettering
n snap reliably enough. Well, the SIGSTOP thing is racy: processes can fork() quicker than you can pause them. Together with the pids controller you should be fine though, as you can put a limit on forks. Lennart -- Lennart Poettering, Red Hat ___ devel mai

Re: FYI https://fedoraproject.org/wiki/Changes/CGroupsV2

2019-02-15 Thread Lennart Poettering
2 since day one basically, at the same day it was introduced for cgroupsv1. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora C

Re: FYI https://fedoraproject.org/wiki/Changes/CGroupsV2

2019-02-14 Thread Lennart Poettering
e page suggests the installer would switch from cgroupsv1 to cgroupsv2. My suggestion would instead be to simply update the systemd RPM to pass slightly different params to meson, to make cgroupsv2 the new default. Lennart -- Lennart Poettering, Red Hat ___ dev

Re: F30 System-Wide Change proposal (update): DNF Better Counting (was: DNF UUID)

2019-01-15 Thread Lennart Poettering
ems active every month 3. systems that survive a week 4. systems that survive a month (And of course all stats derived from the above: systems that didn't survive the first week, and so on). Lennart -- Lennart Poettering, Red Hat ___ devel m

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-08 Thread Lennart Poettering
On Di, 08.01.19 16:22, Lennart Poettering (mzerq...@0pointer.de) wrote: > On Di, 08.01.19 07:49, Stephen John Smoogen (smo...@gmail.com) wrote: > > > The additional information could be > > > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET > > /metalink?r

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-08 Thread Lennart Poettering
s and maybe submit countme=2 the first time within each 4 week period, and countme=3 within each 52 week period, so that you you catch even those though it will take a bit longer for them to accumulate them) -- Lennart Poettering, Red Hat ___ devel maili

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-08 Thread Lennart Poettering
On Di, 08.01.19 10:11, Richard Hughes (hughsi...@gmail.com) wrote: > On Tue, 8 Jan 2019 at 08:57, Lennart Poettering wrote: > > Yes, Tom's proposal makes sense. Calculate the UUID you submit as > > HMAC(machined_id, CONCAT(fixedappuuid, unixtime/432000)) > > Out of i

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-08 Thread Lennart Poettering
On Mo, 07.01.19 22:54, Tom Gundersen (t...@jklm.no) wrote: > On Mon, Jan 7, 2019, 7:31 PM Matthew Miller > wrote: > > > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote: > > > > * The Fedora community cares about privacy and is adverse to tracking

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-08 Thread Lennart Poettering
1 system getting a short ip address lifetime? Again, if you teach each system to only send one "1" ping per 24h and only "0" pings otherwise it doesn't matter how many systems are behind a single IP, because the numbers of "1" pings per 24h window tell you pretty exca

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-07 Thread Lennart Poettering
On Mo, 07.01.19 16:04, John Harris (joh...@splentity.com) wrote: > On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote: > > hence my recommendation to derive the any uuid for purposes like this > > from /etc/machine-id, by using a HMAC of some kind (see other mail

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-07 Thread Lennart Poettering
On Mo, 07.01.19 13:28, Matthew Miller (mat...@fedoraproject.org) wrote: > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote: > > > * The Fedora community cares about privacy and is adverse to tracking > > > measures. We don't want to track; just count. > &

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-07 Thread Lennart Poettering
d for purposes like this from /etc/machine-id, by using a HMAC of some kind (see other mail). Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.

Re: F30: System-Wide Change proposal: DNF UUID

2019-01-07 Thread Lennart Poettering
tion... Of course, doing it that way would mean fedora would have to host NTP servers... Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedo

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-12 Thread Lennart Poettering
gt; administrative changes are pushed around from either a dynamic central > system (AD/FreeIPA/LDAP) or a config managment system that only has a > view on centrally managed resources. > It doesn't have to be anything magic, but it needs to be somethin

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Lennart Poettering
flicts — as long as everything is properly registered in NSS. "adduser" registers from the range 1000…6 on Fedora by default. DynamicUser=1 uses the range 61184…65519. systemd-nspawn uses 524288…1879048191. So these at least do not overlap. Lennart -- Lennart Poettering, Red Hat ___

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Lennart Poettering
cing allocated users with NSS is one thing, it's something we always should do, unconditionally. It's only reasonably way to announce you took possession of a range. Actually allocating ranges is a different discussion. It's a discussion worth having, but is unrelated from the NSS

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Lennart Poettering
e: https://systemd.io/UIDS-GIDS I think it would be great if we could come to a better protocol for taking possession of UID ranges in the long run. But I still think the best database for such allocation should be NSS itself, right now. What would be great if we'd at least agree on a better lock f

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Lennart Poettering
ge of users it *must* show up in NSS too, so that other components know. I commented on the bug too. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedorapro

Re: authselect: what to do with systemd and nss-mdns that modify nsswith.conf

2018-12-06 Thread Lennart Poettering
ld be in the 'hosts' line. Summary: I'd make things simple, and enable all four unconditionally and by default without any dynamic infrastructure, without postinst scripts or anything. If that's not acceptable, then at least two of the four should be unconditional

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-22 Thread Lennart Poettering
promise not to use select()") by bumping the soft limit to the high limit. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedor

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-19 Thread Lennart Poettering
nfortunately the container messiness blocks that for now). But as long as we don't, lifting the fd limit is not really making things worse, given that there are tons of other easily exploitable ways to acquire untracked memory... Lennart -- Lennart Poettering, Red Hat _

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-18 Thread Lennart Poettering
ple can test this first across the various development distros, before we propagate this to stable distros. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedor

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-18 Thread Lennart Poettering
distros as soon as we do the next release. https://github.com/systemd/systemd/pull/10244 Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org F

Re: how to detect Atomic Rawhide?

2018-10-16 Thread Lennart Poettering
On Di, 16.10.18 16:43, Miroslav Suchý (msu...@redhat.com) wrote: > Dne 16.10.2018 v 16:11 Lennart Poettering napsal(a): > > Quite frankly, you are doing it wrong. > > It's not me. It is either author of python-distro or mantainers of > fedora-release. > But you are righ

Re: how to detect Atomic Rawhide?

2018-10-16 Thread Lennart Poettering
or presentation to the user. This field is optional. > Example: "VERSION=17" or "VERSION="17 > (Beefy Miracle)"". Quite frankly, you are doing it wrong. $VERSION is for display purposes. $VERSION_ID is for processing by code. Similar, $VARIANT is for display p

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-15 Thread Lennart Poettering
On Mo, 15.10.18 18:00, Kamil Paral (kpa...@redhat.com) wrote: > On Tue, Oct 9, 2018 at 6:15 PM Lennart Poettering > wrote: > > > On Di, 09.10.18 14:45, Anderson, Charles R (c...@wpi.edu) wrote: > > > > > > It would be nice if somebody managed to find where

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-09 Thread Lennart Poettering
It is my intention to change this system wide, i.e. for system services (which do not go through PAM) too. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-05 Thread Lennart Poettering
ystemd upstream to 1M too. If it's #2, then I figure we can start with 256K as my PR currently does, for now. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le

Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

2018-10-05 Thread Lennart Poettering
pen to suggestions there... Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html L

Re: pam_cgfs.so support for Fedora?

2018-09-09 Thread Lennart Poettering
oking for a way to get your own per-user delegated cgroup subtree, simply ask systemd for it by setting Delegate=yes in your service unit file, or by asking for a scope unit to be registered, also with Delegate=yes set. Nothing else is supported. Lennart -- Lennart Poettering, Red Hat __

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-30 Thread Lennart Poettering
verything to make kernel updates mostly safe. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.

Re: F29 System Wide Change: Make BootLoaderSpec the default ['id' field]

2018-06-26 Thread Lennart Poettering
rating > code. In the interest of minimal redundancy and compat with other implementations of the spec, please stick to a single set of ids for each entry, and according to the spec that's the file name. If you have multiple id concepts for the same thing t

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-26 Thread Lennart Poettering
ed, but all google finds are dead sourceforge pages. And links like "https://www.reddit.com/r/linux/comments/6giwvi/why_isnt_udf_given_more_attentiondeveloped_fully/;, which don't precisely make me want to trust this. Again, stick to something supportable. udffs is not it. Don't make a barely suppo

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
implemented anything like that on Fedora/RHEL at all yet, as it's a major piece in making unattended system updates less risky. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send a

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
s one linear blob, and remove them again. Both operations should totally be implementable in a fail-save mode onm FAT. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
early on its way out pretty much everywhere, and that since years. I mean, fat isn't really the epitome of file systems, but it *is* generally very well supported, all across systems, and it's not really on its way anywhere at all... Lennart -- Lennart Poettering, Red Hat __

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
On Mo, 25.06.18 11:54, Daniel P. Berrangé (berra...@redhat.com) wrote: > On Mon, Jun 25, 2018 at 12:47:35PM +0200, Lennart Poettering wrote: > > On Mo, 25.06.18 11:23, Daniel P. Berrangé (berra...@redhat.com) wrote: > > > > > That would break applications like libguest

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
itself then they shouldn't really use /boot anyway I figure, but instead the kernel in /usr/lib/modules/`uname -r`/vmlinux. It's the same thing really. Generally I think it'd be a good idea to ensure that only the boot loader and tools setting up the boot loader would access /boot. Lennart -- L

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
I mean, let's face it, the main stakeholder on $BOOT is not going to honour the labels anyway, so I think it's only fair to treat the whoile thing as a single security domain. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- deve

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
On Fr, 22.06.18 14:17, Chris Murphy (li...@colorremedies.com) wrote: > On Fri, Jun 22, 2018 at 12:57 PM, Lennart Poettering > wrote: > > On Fr, 22.06.18 19:01, Javier Martinez Canillas (jav...@dowhile0.org) wrote: > > > >> > Whereas constantly changing t

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
generally can't and shouldn't override each other's files. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://get

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-25 Thread Lennart Poettering
ad of saying "must be vfat" to say "must be firmware readable" essentially means the same, but is friendlier towards MacOS of course. So yes, we should totally relax the language on this, but not, using completely arbitrary file systems on this certainly doesn't make much sense. Le

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-22 Thread Lennart Poettering
kernels and their initrds. I mean, we build our kernels as EFI binaries on Fedora, IIRC. Wouldn't it be a pity if EFI can't actually access them, because they are stored on an fs only Linux speaks? Lennart -- Lennart Poettering, Red Hat ___ devel mailing

Re: Services that shouldn't be started in the first place: Was F29... hide.. grub

2018-06-21 Thread Lennart Poettering
el is something probably better done inside of the kernel instead of involving userspace at all with this...) Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-21 Thread Lennart Poettering
e" and "needed" is up to you. All the spec tries to make sure though is that once the decision is made for a specific image the other parties that might want to process the entries know how to find the thing. Lennart -- Lennart Poettering, Red Hat ___

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-21 Thread Lennart Poettering
BOOT/loader/entries" name (just read it aloud, it tells you exactly what this is), I doubt there's need to rename it now. it's not that the namespace below $BOOT or ESP is particularly crowded, anyway. Also, I like my bikesheds blue. Lennart -- Lennart Poettering, Red Hat __

Re: Services that shouldn't be started in the first place: Was F29... hide.. grub

2018-06-20 Thread Lennart Poettering
ably be a while before that propagates into fedora. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.or

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-20 Thread Lennart Poettering
kly, I am really surprised by this and this makes me wonder what the whole point of this feature is at all, and very sure we shouldn't have it like this. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscri

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-20 Thread Lennart Poettering
involved in booting groks, if they grok a file system at all. UEFI knows it, and so does the Raspberry Pi boot protocol. The Linux initrd knows it and so does the Linux host OS, Windows knows it. MacOS knows it. Grub knows it. Lennart -- Lennart Poettering, Red Hat __

Re: upcoming systemd-239 release — call for testing

2018-06-20 Thread Lennart Poettering
yet at the time the client asks for the service. However, judging by the provided logs (https://openqa.stg.fedoraproject.org/tests/318564/file/_do_install_and_reboot-syslog) the activation of the lvmdbus1 service actually completes fine. Hence, this is somewhere between the message bus, and the LVM cli

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-19 Thread Lennart Poettering
On Di, 19.06.18 11:14, Daniel P. Berrangé (berra...@redhat.com) wrote: > On Tue, Jun 19, 2018 at 11:48:39AM +0200, Lennart Poettering wrote: > > On Mo, 18.06.18 16:54, R P Herrold (herr...@owlriver.com) wrote: > > > > > On Mon, 18 Jun 2018, Lennart Poettering wro

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-19 Thread Lennart Poettering
On Mo, 18.06.18 16:54, R P Herrold (herr...@owlriver.com) wrote: > On Mon, 18 Jun 2018, Lennart Poettering wrote: > > > On Do, 14.06.18 14:20, Chris Murphy (li...@colorremedies.com) wrote: > > > > > The cited BLS spec is the original one, [1] > > ... l

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-19 Thread Lennart Poettering
On Mo, 18.06.18 16:50, Ondřej Lysoněk (olyso...@redhat.com) wrote: > Hi, > > On 18.6.2018 15:27, Lennart Poettering wrote: > > On Do, 14.06.18 14:20, Chris Murphy (li...@colorremedies.com) wrote: > > > >> The cited BLS spec is the original one, not the more thoroug

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-19 Thread Lennart Poettering
; it at /boot ? systemd will do the discovery and automount unit generation only for the ESP, and it's very defensive, i.e. it will never over-mount neither /boot or /efi if there's anything in there, or if there's already an explicit line for in /etc/fstab and such. If you want to separate $BOO

Re: F29 System Wide Change: Make BootLoaderSpec the default

2018-06-18 Thread Lennart Poettering
ngs simpler and more robust. That said, the generator only cares about the ESP, not for cases where $BOOT is backed by any other partition. See systemd-gpt-auto-generator(8) for details about all of this. Lennart -- Lennart Poettering, Red Hat ___

Re: F29 System Wide Change: The tzdata transition to 'vanguard' format

2018-05-22 Thread Lennart Poettering
Through this it kinda has become API. Which doesn't mean it can't be changed, but can we please make sure that the new format is as well documented as the old one, i.e. please update that man page along with this new feature. Thanks, Lennart -- Lennart Poettering, Red Hat _

Re: [systemd-devel] Running “telinit u” on glibc update

2018-05-16 Thread Lennart Poettering
, and it's racy and hence nothing we should attempt. Doing this just for PID 1 hence doesn't really help much, it's a drop of water on a hot stone. Hence, please go aahead and drop it from the rpm scripts. Lennart -- Lennart Poettering, Red Hat ___ dev

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

2018-05-02 Thread Lennart Poettering
specs turned out not to be perfect after 15years of use, definitely a lot of thought went into them. And what's "perfect" anyway? Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

2018-05-02 Thread Lennart Poettering
On Mi, 02.05.18 10:47, Paul Wouters (p...@nohats.ca) wrote: > On Wed, 2 May 2018, Lennart Poettering wrote: > > > > > It's already there. And it is XDG complaint. The question here is about > > > > order (what takes priority). > > > > > > Can you

Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

2018-05-02 Thread Lennart Poettering
his comment[1]. So this came up again recently here: https://lists.freedesktop.org/archives/xdg/2017-August/013938.html (see the full thread) And I even promised to merge the proposed spec addition there, but never actually did that. Maybe I re

Re: systemd in non-privileged container

2018-04-27 Thread Lennart Poettering
On Fr, 27.04.18 17:27, Pavel Raiskup (prais...@redhat.com) wrote: > Hi all, > > just wanted to let you know about trivial experiment [1] with systemd in > container. Non-privileged systemd can now pretty fine run in docker > container (tested on Fedora 27 box). Hmm, IIRC there were at least

Re: Fedora 27 kernel updates make system unbootable (sort of)

2018-04-24 Thread Lennart Poettering
reuse the stuff already there and don't invent anything complex new. Lennart -- Lennart Poettering, Red Hat ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

  1   2   3   4   5   6   7   8   9   10   >