Hello all
I was wondering if anyone had an example of a service unit that sets
up a chroot jail with RootDirectory= but also mounts /proc, /sys and
maybe a directory with some binaries and configuration inside it?
It feels like this should perhaps be possible with
ReadWriteDirectories and ReadOnl
Hello all
Is there a way to specify the equivalent of RLIM_INFINITY for LimitNOFILE, etc.?
I did a quick grep of the systemd source, but couldn't find an obvious answer.
Regards
Albert
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
Hello all
I just tried to start a socket unit with ListenStream=0 in the
configuration, but this yields the following error:
Failed to issue method call: Unit zero.socket failed to load: Invalid
argument. See system logs and 'systemctl status' for details.
I would expect that it would simply bin
On Mon, Apr 4, 2011 at 00:20, Florian Kriener wrote:
> Are there plans to support other distributions like debian in upstream
> git wholeheartedly or will systemd git only run properly on fedora? Or
> am I lumping packaging and development together here?
It does run on many distros without patchi
W dniu 3 kwietnia 2011 23:35 użytkownik Lennart Poettering
napisał:
> On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
>> > But for /dev/shm I see no quick fix... do you?
>>
>> Unfortunately not. No one foresaw that quota support on tmpfs will
>> someday be useful :)
>>
>> >
On Sunday 03 April 2011 23:44:41 Santi Béjar wrote:
> Are those purged? Because if not the init.d files are still there
> causing troubles.
> $dpkg -l nfs-common
> ...
> rc nfs-common ...
Yes it's purged but it just occured to me that there are a lot of other
init.d files that might cause havok
2011/4/3 Kay Sievers :
> 2011/4/3 Lennart Poettering :
>> On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp...@gmail.com) wrote:
>>
>>> > But for /dev/shm I see no quick fix... do you?
>>>
>>> Unfortunately not. No one foresaw that quota support on tmpfs will
>>> someday be useful :)
>>>
>>> >
>>> >
2011/4/3 Lennart Poettering :
> On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
>> > But for /dev/shm I see no quick fix... do you?
>>
>> Unfortunately not. No one foresaw that quota support on tmpfs will
>> someday be useful :)
>>
>> >
>> > I think we should fix either both
On Sun, Apr 3, 2011 at 6:32 PM, Florian Kriener wrote:
> On Sunday 03 April 2011 18:27:53 you wrote:
>> > I am still playing around with systemd and try to somehow convince
>> > it to boot again, after the debian package stopped working (dbus
>> > broke somehow when booting with systemd). My probl
On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp...@gmail.com) wrote:
> > But for /dev/shm I see no quick fix... do you?
>
> Unfortunately not. No one foresaw that quota support on tmpfs will
> someday be useful :)
>
> >
> > I think we should fix either both or should wait for the proper fix by
>
On Sun, 03.04.11 21:39, Michal Schmidt (mschm...@redhat.com) wrote:
> > We should really stop having flag files like this outside
> > of well-defined directories which exist for that purpose.
>
> /.autorelabel is not new. Fedora's /etc/rc.sysinit has been doing
> this since May 2005. I am only tr
W dniu 3 kwietnia 2011 23:14 użytkownik Lennart Poettering
napisał:
> On Sun, 03.04.11 23:05, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
>>
>> W dniu 3 kwietnia 2011 22:39 użytkownik Lennart Poettering
>> napisał:
>> > On Sun, 03.04.11 13:54, Lennart Poettering (mzerq...@0pointer.de) wrote:
>
On Sun, Apr 03, 2011 at 23:22:06 +0200,
Michał Piotrowski wrote:
> W dniu 3 kwietnia 2011 23:11 użytkownik Bruno Wolff III
> napisał:
> > On Sun, Apr 03, 2011 at 23:05:52 +0200,
> > Michał Piotrowski wrote:
> >>
> >> Of course it will be the best solution. But I doubt it will happen in
> >> a
W dniu 3 kwietnia 2011 23:11 użytkownik Bruno Wolff III
napisał:
> On Sun, Apr 03, 2011 at 23:05:52 +0200,
> Michał Piotrowski wrote:
>>
>> Of course it will be the best solution. But I doubt it will happen in
>> a next few weeks - so some temporary workaround for F15 would be
>> appreciated. It
On Sun, 03.04.11 23:05, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
> W dniu 3 kwietnia 2011 22:39 użytkownik Lennart Poettering
> napisał:
> > On Sun, 03.04.11 13:54, Lennart Poettering (mzerq...@0pointer.de) wrote:
> >
> >> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote
On Sun, Apr 03, 2011 at 23:05:52 +0200,
Michał Piotrowski wrote:
>
> Of course it will be the best solution. But I doubt it will happen in
> a next few weeks - so some temporary workaround for F15 would be
> appreciated. It seems to me that this is a too serious problem to
> release F15 without
On Sun, 03.04.11 18:01, Albert Strasheim (full...@gmail.com) wrote:
>
> Hello all
>
> On Sun, Apr 3, 2011 at 4:59 PM, Albert Strasheim wrote:
> > pam_loginuid(sshd:session): set_loginuid failed
>
> This one is caused by:
>
> 32open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = 4
>
On Sun, 03.04.11 16:59, Albert Strasheim (full...@gmail.com) wrote:
> Hello all
>
> I've been working on a systemd configuration to do integration tests
> with a few services inside a nspawn container.
>
> Among these, I'm trying to get sshd going using the units here as a
> starting point:
>
>
W dniu 3 kwietnia 2011 22:39 użytkownik Lennart Poettering
napisał:
> On Sun, 03.04.11 13:54, Lennart Poettering (mzerq...@0pointer.de) wrote:
>
>> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
>>
>> > Hi,
>> >
>> > I can write to /run/user/michal in this way I can fill the
On Sat, 02.04.11 14:28, Albert Strasheim (full...@gmail.com) wrote:
> Ideally, we'd like to achieve this without touching the configuration
> of the developer's system itself, since they might still be running
> Fedora 14 without systemd, or might have built systemd directly from
> git. This shoul
On Sun, 03.04.11 10:38, Bruno Wolff III (br...@wolff.to) wrote:
> On Sun, Apr 03, 2011 at 15:55:11 +0100,
> Michał Piotrowski wrote:
> > I see no other way out here because tmpfs does not support quota.
>
> What about having /run/user/whoever sym link to /home/user/.run ?
No, not really possi
On Sun, 03.04.11 15:55, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
> W dniu 3 kwietnia 2011 12:54 użytkownik Lennart Poettering
> napisał:
> > On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
> >
> >> Hi,
> >>
> >> I can write to /run/user/michal in this way I can fill th
On Sun, 03.04.11 13:54, Lennart Poettering (mzerq...@0pointer.de) wrote:
> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
> > Hi,
> >
> > I can write to /run/user/michal in this way I can fill the entire free
> > tmpfs space which is not good from my POV.
>
> Yupp, this
On Sun, 03.04.11 18:16, Michal Schmidt (mschm...@redhat.com) wrote:
> This replaces the previous ConditionSELinux series.
> Kay suggested ConditionSecurity would be nicer and more general.
Thanks. Applied.
(I changed the "SELinux" spelling to "selinux" however and made things
case-sensitive, sin
]] Michal Schmidt
Hi,
| > We should really stop having flag files like this outside
| > of well-defined directories which exist for that purpose.
|
| /.autorelabel is not new. Fedora's /etc/rc.sysinit has been doing
| this since May 2005. I am only trying to prevent the loss of this
| feature.
On Sun, 03 Apr 2011 19:56:50 +0200 Tollef Fog Heen wrote:
> How does this interact with read-only /?
If the user
1. boots with SELinux disabled and read-only /,
2. remounts / read-write and thus destroys some files' contexts,
3. and then reboots with SELinux enabled
then he's on his own to deal
2011/4/3 Michał Piotrowski :
> W dniu 3 kwietnia 2011 12:54 użytkownik Lennart Poettering
> napisał:
>> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
>>
>>> Hi,
>>>
>>> I can write to /run/user/michal in this way I can fill the entire free
>>> tmpfs space which is not good f
]] Michal Schmidt
Hi,
| I'd like to use this feature for a unit that creates /.autorelabel if
| SELinux is disabled, to ensure a relabel is done automatically when the
| system is later rebooted with SELinux enabled.
How does this interact with read-only /? We should really stop having
flag fi
On Sunday 03 April 2011 19:38:57 Michael Biebl wrote:
> You seem to have a mix of file in /usr/local and /
>
> Get rid of the local installation and start with a clean installation
> of the Debian package.
That doesn't work either as mentioned in the first mail, it fails with a
different problem
W dniu 3 kwietnia 2011 18:00 użytkownik drago01 napisał:
> 2011/4/3 Michał Piotrowski :
>> W dniu 3 kwietnia 2011 12:54 użytkownik Lennart Poettering
>> napisał:
>>> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
>>>
Hi,
I can write to /run/user/michal in this
2011/4/3 Florian Kriener :
> On Sunday 03 April 2011 19:16:25 Michael Biebl wrote:
>> Getting a log of booting with systemd.log_level=debug would be a good
>> start.
>
> Ahh, I should have mentioned, that I you can find that in dmesg.log,
> sorry.
You seem to have a mix of file in /usr/local and /
On Sunday 03 April 2011 19:16:25 Michael Biebl wrote:
> Getting a log of booting with systemd.log_level=debug would be a good
> start.
Ahh, I should have mentioned, that I you can find that in dmesg.log,
sorry.
___
systemd-devel mailing list
systemd-dev
2011/4/3 Florian Kriener :
> On Sunday 03 April 2011 18:27:53 you wrote:
>> > I am still playing around with systemd and try to somehow convince
>> > it to boot again, after the debian package stopped working (dbus
>> > broke somehow when booting with systemd). My problem with the
>> > recent versi
On Sunday 03 April 2011 18:27:53 you wrote:
> > I am still playing around with systemd and try to somehow convince
> > it to boot again, after the debian package stopped working (dbus
> > broke somehow when booting with systemd). My problem with the
> > recent version of
>
> You might be hit by
>
2011/4/3 Florian Kriener :
> Hi,
>
> I am still playing around with systemd and try to somehow convince it to
> boot again, after the debian package stopped working (dbus broke somehow
> when booting with systemd). My problem with the recent version of
You might be hit by
http://wiki.debian.org/sy
---
man/systemd.unit.xml |8
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 47ddece..7396806 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -565,6 +565,7 @@
Condition
Using ConditionSecurity a unit can depend on a security module being
enabled/disabled. For now the only recognized security module is SELinux.
I'd like to use this feature for a unit that creates /.autorelabel if
SELinux is disabled, to ensure a relabel is done automatically when the
system is lat
They only differ in the condition type, otherwise the code is identical.
Replace them with a more generic config_parse_condition_string().
---
src/load-fragment.c | 44 ++--
1 files changed, 6 insertions(+), 38 deletions(-)
diff --git a/src/load-fragment
Several condition types were missing their strings, they were showing as
"(null)" in systemctl dump.
Indentation was missing too.
---
src/condition.c |7 +--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/condition.c b/src/condition.c
index b404b49..5ab77d8 100644
---
This replaces the previous ConditionSELinux series.
Kay suggested ConditionSecurity would be nicer and more general.
---
Michal Schmidt (4):
man: document ConditionSecurity
condition: add ConditionSecurity
load-fragment: unify config_parse_condition_{kernel,virt}
condition
On Sun, Apr 03, 2011 at 15:55:11 +0100,
Michał Piotrowski wrote:
> I see no other way out here because tmpfs does not support quota.
What about having /run/user/whoever sym link to /home/user/.run ?
___
systemd-devel mailing list
systemd-devel@lists.f
Hello all
On Sun, Apr 3, 2011 at 4:59 PM, Albert Strasheim wrote:
> pam_loginuid(sshd:session): set_loginuid failed
This one is caused by:
32open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = 4
32write(4, "0", 1) = -1 EPERM (Operation not permitted)
This happen
W dniu 3 kwietnia 2011 16:38 użytkownik Bruno Wolff III
napisał:
> On Sun, Apr 03, 2011 at 15:55:11 +0100,
> Michał Piotrowski wrote:
>> I see no other way out here because tmpfs does not support quota.
>
> What about having /run/user/whoever sym link to /home/user/.run ?
>
Certainly it is not
Hello all
I've been working on a systemd configuration to do integration tests
with a few services inside a nspawn container.
Among these, I'm trying to get sshd going using the units here as a
starting point:
http://0pointer.de/public/systemd-units/
Unfortunately, it seems the nspawn container
W dniu 3 kwietnia 2011 12:54 użytkownik Lennart Poettering
napisał:
> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
>
>> Hi,
>>
>> I can write to /run/user/michal in this way I can fill the entire free
>> tmpfs space which is not good from my POV.
>
> Yupp, this is trivially
On Sun, 3 Apr 2011 16:38:35 +0200 Kay Sievers wrote:
> Wouldn't it be nicer to have ConditionSecurity=SELinux, like we have
> ConditionVirtualization=kvm? You never know what people invent next
> year. :)
OK, why not.
I guess just having ConditionSecurity=SELinux and
ConditionSecurity=!SELinux wou
On Sun, Apr 3, 2011 at 16:22, Michal Schmidt wrote:
> ConditionSELinux=disabled
Wouldn't it be nicer to have ConditionSecurity=SELinux, like we have
ConditionVirtualization=kvm? You never know what people invent next
year. :)
> ConditionPathExists=!/.autorelabel
This flag file is supposed to b
---
man/systemd.unit.xml | 12
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 47ddece..e255f7a 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -565,6 +565,7 @@
Cond
Using ConditionSELinux a unit can depend on the SELinux state:
disabled, permissive, enforcing
A bool argument is also accepted:
no = disabled
yes = permissive | enforcing
I'd like to use this feature for a unit that creates /.autorelabel if
SELinux is disabled, to ensure a relabel is done aut
They only differ in the condition type, otherwise the code is identical.
Replace them with a more generic config_parse_condition_string().
---
src/load-fragment.c | 44 ++--
1 files changed, 6 insertions(+), 38 deletions(-)
diff --git a/src/load-fragment
Several condition types were missing their strings, they were showing as
"(null)" in systemctl dump.
Indentation was missing too.
---
src/condition.c |7 +--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/condition.c b/src/condition.c
index b404b49..5ab77d8 100644
---
When the system is rebooted with SELinux enabled after being disabled
temporarily, automatic relabeling is supposed to happen. This is currently
broken in Fedora 15.
/etc/rc.sysinit used to do that by touching /.autorelabel when SELinux was
disabled. The code still exists in fedora-autorelabel, bu
Now that I am subscribed...
Here is the information about my own setup...
Linux Kernel 2.6.37.3 with config.gz attached,
glibc 2.12.2
gcc 4.4.3 (installed this version for non-linux cross-compilation
targets)
systemd 22 from git repository sources (outside package management)
I've also attac
On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp...@gmail.com) wrote:
> Hi,
>
> I can write to /run/user/michal in this way I can fill the entire free
> tmpfs space which is not good from my POV.
Yupp, this is trivially fixable by placing another tmpfs on /run/user,
which can be done by installin
Hi,
I can write to /run/user/michal in this way I can fill the entire free
tmpfs space which is not good from my POV.
--
Best regards,
Michal
http://eventhorizon.pl/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freed
55 matches
Mail list logo
