3rd version of the patch, taking in account the feedback from Lennart.
See
http://lists.freedesktop.org/archives/systemd-devel/2014-January/015975.html
and
http://lists.freedesktop.org/archives/systemd-devel/2014-February/016916.html
for details
___
Currently on at least Fedora, SELinux policy does not come in
the initramfs. systemd will attempt to load *both* in the
initramfs and in the real root.
Now, the selinux_init_load_policy() API has a regular error return
value, as well as an enforcing boolean. To determine enforcing
state, it
On Thu, Feb 20, 2014 at 8:41 AM, Zbigniew Jędrzejewski-Szmek
zbys...@in.waw.pl wrote:
On Thu, Feb 20, 2014 at 01:37:55PM +0100, Holger Schurig wrote:
Compilation on Debian Stable, this happens during a make:
GISCAN src/gudev/GUdev-1.0.gir
Usage: g-ir-scanner [options] sources
With split-usr, libsystemd should be installed to /lib, not /usr/lib.
The compat-libs are still correctly installed to /lib, but
libsystemd.so itself isn't
Will follow up with a patch unless someone beats me to it
Michael
--
Why is it that all of the instruments seeking intelligent life in the
On Thu, 20.02.14 17:03, Daniel Mack (dan...@zonque.org) wrote:
Hi,
When cross-compiling the current git HEAD for ARM using gcc 4.8.2, I see
~160 warnings similar to this one:
src/core/unit.c: In function 'unit_get_exec_runtime':
src/core/unit.c:2851:17: warning: cast increases required
On Thu, Feb 20, 2014 at 05:20:05PM +0100, Michael Biebl wrote:
With split-usr, libsystemd should be installed to /lib, not /usr/lib.
The compat-libs are still correctly installed to /lib, but
libsystemd.so itself isn't
Will follow up with a patch unless someone beats me to it
On Thu, Feb 20, 2014 at 05:21:22PM +0100, Lennart Poettering wrote:
On Thu, 20.02.14 17:03, Daniel Mack (dan...@zonque.org) wrote:
Hi,
When cross-compiling the current git HEAD for ARM using gcc 4.8.2, I see
~160 warnings similar to this one:
src/core/unit.c: In function
2014-02-20 17:24 GMT+01:00 Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl:
On Thu, Feb 20, 2014 at 05:20:05PM +0100, Michael Biebl wrote:
With split-usr, libsystemd should be installed to /lib, not /usr/lib.
The compat-libs are still correctly installed to /lib, but
libsystemd.so itself isn't
On Thu, 20.02.14 14:38, Holger Schurig (holgerschu...@gmail.com) wrote:
Make macro assert_cc() not emit declaration after statements warnings.
This can be done by using the GCC pragmas 'diagnostic ignore undefined'.
In order to be able to use that pragma inside a macro, we need to put it
On Thu, 2014-02-20 at 02:03 +0100, Lennart Poettering wrote:
On Thu, 20.02.14 01:21, Uoti Urpala (uoti.urp...@pp1.inet.fi) wrote:
Even if there can be reasonable style disagreements about exactly where
to use mixed declarations, at least some uses of them are certainly
beneficial. It's only
On 02/20/2014 10:42 AM, Colin Walters wrote:
Currently on at least Fedora, SELinux policy does not come in
the initramfs. systemd will attempt to load *both* in the
initramfs and in the real root.
Now, the selinux_init_load_policy() API has a regular error return
value, as well as an
On Thu, Feb 20, 2014 at 1:06 PM, Stephen Smalley s...@tycho.nsa.gov
wrote:
Wouldn't it be better (and more correct) to probe both the initramfs
and
the real root, and if neither one can load policy successfully and
enforcing=1, then halt?
So you're saying we should handle -ENOENT specially
Hey guys,
Thought I'd put this discussion upstream. At the moment at Gentoo [1],
we're considering building without the compat-libs, but still with
installing the pkg-config files, so that most out of date packages will
work with a rebuild without having to patch the build system, and we won't
On Thu, 20.02.14 19:31, Jason A. Donenfeld (ja...@zx2c4.com) wrote:
Hey guys,
Thought I'd put this discussion upstream. At the moment at Gentoo [1],
we're considering building without the compat-libs, but still with
installing the pkg-config files, so that most out of date packages will
On Thu, 20.02.14 18:17, Colin Walters (walt...@verbum.org) wrote:
Hmm, maybe a simple check access(/etc/selinux/, F_OK) would be enough?
There's no point in trying to initialized SELinux if that dir does not
exist, right? Then we could simply bypass the whole thing...
On Thu, Feb 20, 2014 at
Not really. If it doesn't exist on the final root fs and I put
enforcing=1 on the command line, I expect the box to
panic/fail/die/whatever
On Thu, Feb 20, 2014 at 1:36 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Thu, 20.02.14 18:17, Colin Walters (walt...@verbum.org) wrote:
On 02/20/2014 01:17 PM, Colin Walters wrote:
On Thu, Feb 20, 2014 at 1:06 PM, Stephen Smalley s...@tycho.nsa.gov wrote:
Wouldn't it be better (and more correct) to probe both the initramfs and
the real root, and if neither one can load policy successfully and
enforcing=1, then halt?
So
---
src/libsystemd-dhcp/sd-dhcp-client.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/src/libsystemd-dhcp/sd-dhcp-client.c
b/src/libsystemd-dhcp/sd-dhcp-client.c
index ec2b53f..84d38f0 100644
--- a/src/libsystemd-dhcp/sd-dhcp-client.c
+++ b/src/libsystemd-dhcp/sd-dhcp-client.c
@@
On Thu, Feb 20, 2014 at 1:36 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Thu, 20.02.14 18:17, Colin Walters (walt...@verbum.org) wrote:
Hmm, maybe a simple check access(/etc/selinux/, F_OK) would be
enough?
There's no point in trying to initialized SELinux if that dir does not
On Thu, 20.02.14 13:50, Eric Paris (epa...@parisplace.org) wrote:
Not really. If it doesn't exist on the final root fs and I put
enforcing=1 on the command line, I expect the box to
panic/fail/die/whatever
OK, then maybe check !in_initrd() || access(/etc/selinux/, F_OK) = 0?
Lennart
I like it, if it's reasonable/possible
On Thu, Feb 20, 2014 at 2:26 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Thu, 20.02.14 13:50, Eric Paris (epa...@parisplace.org) wrote:
Not really. If it doesn't exist on the final root fs and I put
enforcing=1 on the command line, I expect
On Thu, 20.02.14 19:49, Umut Tezduyar Lindskog (umut.tezdu...@axis.com) wrote:
---
src/libsystemd-dhcp/sd-dhcp-client.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/src/libsystemd-dhcp/sd-dhcp-client.c
b/src/libsystemd-dhcp/sd-dhcp-client.c
index ec2b53f..84d38f0 100644
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/20/2014 02:27 PM, Eric Paris wrote:
I like it, if it's reasonable/possible
On Thu, Feb 20, 2014 at 2:26 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Thu, 20.02.14 13:50, Eric Paris (epa...@parisplace.org) wrote:
Not really.
---
src/libsystemd-dhcp/sd-dhcp-client.c |4
1 file changed, 4 insertions(+)
diff --git a/src/libsystemd-dhcp/sd-dhcp-client.c
b/src/libsystemd-dhcp/sd-dhcp-client.c
index ec2b53f..53abe22 100644
--- a/src/libsystemd-dhcp/sd-dhcp-client.c
+++ b/src/libsystemd-dhcp/sd-dhcp-client.c
@@
From: Lennart Poettering [lenn...@poettering.net]
Sent: Thursday, February 20, 2014 8:38 PM
To: Umut Tezduyar Lindskog
Cc: systemd-devel@lists.freedesktop.org; Umut Tezduyar Lindskog
Subject: Re: [systemd-devel] [PATCH] sd-dhcp-client: prevent timer
Hi,
Hope this is not completly ridiculous?
I havnt tested this since im not entirely sure how to do it.
So tips and comments regarding that are very welcome, im tempt to research
further and maybe eventually provide a test for socket-proxy.
Best regards.
---
Makefile.am |
On Thu, Feb 20, 2014 at 2:45 PM, Daniel J Walsh dwa...@redhat.com
wrote:
You mean
!in_initrd() || access(selinux_path(), F_OK) = 0?
I don't think so - that would mean we would silently continue if
enforcing=1, but we happen to not find a policy on disk. Right?
I think my patch is
I think the idea was
if we are not in the initrd - try to load policy
if we are in the initrd and we find selinux_path() - try to load policy
Thus embeded/thin who put everything inside the initrd will work (and
the kernel enforce=1 will mean what is should)
And where we don't put anything
On Thu, Feb 20, 2014 at 5:03 PM, Daniel Mack dan...@zonque.org wrote:
Hi,
When cross-compiling the current git HEAD for ARM using gcc 4.8.2, I see
~160 warnings similar to this one:
src/core/unit.c: In function 'unit_get_exec_runtime':
src/core/unit.c:2851:17: warning: cast increases
On Thu, Feb 20, 2014 at 4:10 PM, Eric Paris epa...@parisplace.org
wrote:
I think the idea was
if we are not in the initrd - try to load policy
if we are in the initrd and we find selinux_path() - try to load
policy
Thus embeded/thin who put everything inside the initrd will work (and
the
Dear systemd folks,
Docker, “an open-source project to easily create lightweight, portable,
self-sufficient containers from any application”, [1] mostly recommends
to use Supervisor [2] to control the processes to be run in the
container, like starting and restarting them and logging the output.
Dear systemd folks,
after Debian’s CTTE chose systemd as the default init system for the
next Debian release, I installed it on one of the systems.
Looking at the output `systemd-analyze plot`, I noticed that CUPS takes
700 ms to start and as this is a desktop system where not a lot is
printed
Le jeudi 20 février 2014 à 23:18 +0100, Paul Menzel a écrit :
Dear systemd folks,
after Debian’s CTTE chose systemd as the default init system for the
next Debian release, I installed it on one of the systems.
Looking at the output `systemd-analyze plot`, I noticed that CUPS takes
700
Files:
* hwdb/60-keyboard.hwdb
* shell-completion/zsh/_systemd-coredumpctl
* src/test/test-helper.h
---
I also noticed that kdbus.h uses tabs exclusively. Is this something that
should be fixed too?
hwdb/60-keyboard.hwdb | 4 ++--
shell-completion/zsh/_systemd-coredumpctl |
It's not ridiculous, but it's also no better. This patch still blocks
the main event loop during each lookup.
Proper integration of non-blocking lookup would involve using
sd_resolve_get_fd() to integrate with the main event loop.
___
systemd-devel
On Thu, Feb 20, 2014 at 2:25 PM, Paul Menzel
paulepan...@users.sourceforge.net wrote:
Or is there a reason why systemd should not be used for that?
Distro portability, but that's rapidly dying as a reason.
___
systemd-devel mailing list
On Thu, Feb 20, 2014 at 06:09:27PM -0500, Jason St. John wrote:
Files:
* hwdb/60-keyboard.hwdb
* shell-completion/zsh/_systemd-coredumpctl
* src/test/test-helper.h
---
I also noticed that kdbus.h uses tabs exclusively. Is this something that
should be fixed too?
kdbus.h will end up in the
This might be of interest to you:
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2014-February/001433.html
So, the cups maintainer is already looking into this. It has to be
said CUPS is not the most trivial wrt proper systemd support.
2014-02-20 23:18 GMT+01:00 Paul Menzel
On Thu, Feb 20, 2014 at 4:21 PM, Colin Walters walt...@verbum.org
wrote:
I'm testing this suggested patch now.
I tweaked the suggestion a bit because the selinux_path() API call made
the most sense inside selinux-setup.c. Attached patch works for me.
From
On Thu, 20.02.14 14:39, Holger Schurig (holgerschu...@gmail.com) wrote:
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
I modified your patch and commited it. The change
On Thu, 20.02.14 16:07, m...@zarb.org (m...@zarb.org) wrote:
Thanks! Applied!
From: Michael Scherer m...@zarb.org
---
Makefile.am | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 08b94d7..e4ff7de 100644
--- a/Makefile.am
+++
On Thu, 20.02.14 22:26, Thomas H.P. Andersen (pho...@gmail.com) wrote:
On Thu, Feb 20, 2014 at 5:03 PM, Daniel Mack dan...@zonque.org wrote:
Hi,
When cross-compiling the current git HEAD for ARM using gcc 4.8.2, I see
~160 warnings similar to this one:
src/core/unit.c: In function
On Thu, 20.02.14 21:04, Umut Tezduyar Lindskog (umut.tezdu...@axis.com) wrote:
Tom commited this. Thanks!
Tom, please always do a quick reply on the ML so that it is easy to see
what is commited and what is not!
Thanks!
---
src/libsystemd-dhcp/sd-dhcp-client.c |4
1 file changed,
Hey guys,
This commit caught me by surprise:
http://git.zx2c4.com/systemd/commit/?id=daeb71a36a98834664e4d95773a3629b746f4db8
It wasn't in the NEWS or the mailing list post for 209, so when
updating I encountered a bit of unexpected behavior. I see that I can
disable persistent names using
On Thu, 20.02.14 16:19, m...@zarb.org (m...@zarb.org) wrote:
From: Michael Scherer m...@zarb.org
This permit to switch to a specific apparmor profile when starting a daemon.
This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for
On Thu, 20.02.14 18:09, Jason St. John (jstj...@purdue.edu) wrote:
Applied! Thanks!
I also noticed that kdbus.h uses tabs exclusively. Is this something that
should be fixed too?
Greg's right, this should not be fixed. kdbus.h and a couple of drop-in
headers we copied from other projects
Hi folks,
systemd-networkd seems to get started by default in 209. Why is this?
What if I don't want to use it to manage my networks? Why does it have
to be on by default?
Jason
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
systemd-network.service should not be started unless the administrator
runs systemctl enable systemd-network.service, as it's entirely
unessential and most distributions use their own network management
daemons instead. If some distributions or users choose to use systemd's
built in networking,
Compilation works okay here. And make check said PASS: test-namespace.
The change I made is to complain if __NR_setns is not defined.
The approach with an error message (at runtime) was taken from
iproute2. I used that because for many (desktop) users namespace
support isn't really needed. So
-Original Message-
From: systemd-devel-boun...@lists.freedesktop.org [mailto:systemd-
devel-boun...@lists.freedesktop.org] On Behalf Of Zbigniew Jedrzejewski-
Szmek
Sent: den 21 februari 2014 04:42
To: Jason A. Donenfeld
Cc: systemd Mailing List
Subject: Re: [systemd-devel]
-Original Message-
From: Lennart Poettering [mailto:lenn...@poettering.net]
Sent: den 21 februari 2014 03:22
To: Umut Tezduyar Lindskog
Cc: systemd-devel@lists.freedesktop.org; Umut Tezduyar Lindskog
Subject: Re: [systemd-devel] [PATCH] sd-dhcp-client: prevent timer related
memory
I'm on Debian 7.4 (the current stable one), gcc is gcc (Debian
4.7.2-5) 4.7.2. I get lots of warnings, but also a compilation error.
I also get one warning at autogen time and one warning at configure time.
For the compilation error: I have libc6-dev in version 2.13-38+deb7u1.
Doesn't that one
20.02.2014 on 09:59 Holger Schurig holgerschu...@gmail.com wrote:
I'm on Debian 7.4 (the current stable one), gcc is gcc (Debian
4.7.2-5) 4.7.2. I get lots of warnings, but also a compilation error.
I also get one warning at autogen time and one warning at configure time.
For the compilation
You need glibc = 2.14
Two notes:
* than ./configure should say so
* that cuts out Debian Stable from the dance, which is probably with
us for 2 years ...
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
Make C++11 static_assert work without warning by using C99 _Pragma() as well.
---
NOTE: this patch is probably whitespace damaged, because I'm pasting
it in via Google's web interface. I declared this patch as RFC because
I'm unsure how clang behaves on it.
Index:
2014-02-20 3:48 GMT+01:00 Greg KH gre...@linuxfoundation.org:
On Thu, Feb 20, 2014 at 03:19:09AM +0100, Peeters Simon wrote:
2014-02-19 21:03 GMT+01:00 Peeters Simon peeters.si...@gmail.com:
2014-02-19 20:41 GMT+01:00 Kay Sievers k...@vrfy.org:
On Wed, Feb 19, 2014 at 8:34 PM, Peeters Simon
It was 2014-02-19 śro 20:05, when Zbigniew Jędrzejewski-Szmek wrote:
On Wed, Feb 19, 2014 at 04:17:15PM +0100, Łukasz Stelmach wrote:
It was 2014-02-19 śro 16:05, when Zbigniew Jędrzejewski-Szmek wrote:
On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
How to have support for
2014-02-20 3:43 GMT+01:00 Kay Sievers k...@vrfy.org:
On Thu, Feb 20, 2014 at 3:19 AM, Peeters Simon peeters.si...@gmail.com
wrote:
Where is it defined on arm? There is an include in kdbus.h.
the problem is that it is #ifndef __KERNEL__ and I assume that
__KERNEL__ gets defined when
This fix allows to register activator connection when
normal connection already exists for that name.
Also, when activator connection registers for a second name
(different than first one) name lookup will
result in no entry found and checking for multiple names
will not occur. So checking needs
Compilation on Debian Stable, this happens during a make:
GISCAN src/gudev/GUdev-1.0.gir
Usage: g-ir-scanner [options] sources
g-ir-scanner: error: no such option: -W
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
On 02/20/2014 12:33 PM, Michal Eljasiewicz wrote:
This fix allows to register activator connection when
normal connection already exists for that name.
Also, when activator connection registers for a second name
(different than first one) name lookup will
result in no entry found and checking
Okay, that's easy enought. Can you tell me if ./test-namespace is
all I need to test it? Or do I have to install the compile systemd
and create a service file with namespace stuff in it?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
On Thu, Feb 20, 2014 at 02:21:42PM +0100, Holger Schurig wrote:
Okay, that's easy enought. Can you tell me if ./test-namespace is
all I need to test it? Or do I have to install the compile systemd
and create a service file with namespace stuff in it?
If you write it, anyone can test it by
Make macro assert_cc() not emit declaration after statements warnings.
This can be done by using the GCC pragmas 'diagnostic ignore undefined'.
In order to be able to use that pragma inside a macro, we need to put it
into the (C99-introduced) _Pragma() pseudo-function.
---
src/shared/macro.h |
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
---
configure.ac |3 +++
src/shared/missing.h | 13 +
2 files changed, 16 insertions(+)
diff --git
On Thu, Feb 20, 2014 at 7:37 AM, Holger Schurig
holgerschu...@gmail.com wrote:
Compilation on Debian Stable, this happens during a make:
GISCAN src/gudev/GUdev-1.0.gir
When posting errors from builds, always use make V=1.
Usage: g-ir-scanner [options] sources
g-ir-scanner: error: no
On Thu, Feb 20, 2014 at 01:37:55PM +0100, Holger Schurig wrote:
Compilation on Debian Stable, this happens during a make:
GISCAN src/gudev/GUdev-1.0.gir
Usage: g-ir-scanner [options] sources
g-ir-scanner: error: no such option: -W
It doesn't have this option here either, afaics. What is
$ make -j1 V=1
make --no-print-directory all-recursive
Making all in .
/usr/bin/g-ir-scanner --c-include=gudev/gudev.h --namespace=GUdev
--nsversion=1.0 --libtool=/bin/bash ./libtool --include=GObject-2.0
--library=libgudev-1.0.la --pkg-export=gudev-1.0 --warn-all -pipe
-Wall -Wextra
Hi Jason,
On Thu, Feb 20, 2014 at 2:57 AM, Jason A. Donenfeld ja...@zx2c4.com wrote:
-r = sd_rtnl_call(rtnl, message, 0, NULL);
+r = sd_rtnl_call(rtnl, NULL, message, 0);
So this is not 'really' a constructor, so the new convention doesn't
apply. The most important thing to me
From: Michael Scherer m...@zarb.org
---
Makefile.am | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 08b94d7..e4ff7de 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1868,9 +1868,13 @@ systemd_nspawn_LDADD = \
From: Michael Scherer m...@zarb.org
This permit to switch to a specific apparmor profile when starting a daemon.
This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
---
Makefile.am | 2
71 matches
Mail list logo