On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary filesystem changes, defeating any possible configurable
security mechanism.
If you give it access to /dev/sd* but not to
Hi,
condition_test_needs_update() wants the timestamp of /usr to be newer
than what is being checked.
Is there a reason why we don't check for /usr != Condition.parameter?
It makes sense to check for /usr Condition.parameter in a package
managed linux but our embedded system is upgrading the
On Mon, Jan 26, 2015 at 12:07 AM, Jan Engelhardt jeng...@inai.de wrote:
On Sunday 2015-01-25 23:51, Jan Engelhardt wrote:
The virtual machine only receives L2 frames destined for 08:00:27:0a:c5:b2
(and broadcast), even when enp0s3 is in promisc mode.
This may very well be an artifact of TAP, or
This reverts part of c2c13f2df42e0, which introduced this with no
explanation as to *why*. Enslaving the mount namespace breaks default
behavior included in rules/60-cdrom_id.rules. Specifically, filesystems
on optical media will not be properly unmounted when the physical eject
button is used in
---
NEWS | 8
TODO | 2 +-
man/crypttab.xml | 2 +-
man/networkctl.xml| 2 +-
man/sd_event_add_child.xml| 2 +-
man/sd_notify.xml | 2 +-
---
Hi,
I've tested getrandom(): With 384 the kernel dumps a warning, because the
syscall does not exist. With 278 the syscall tracer tells me that it's
called when I run e.g. journalctl, so that looks good.
I've not tested memfd_create() but it's defined right below getrandom() in
On Mon, Jan 26, 2015 at 03:29:14PM +0100, Torstein Husebø wrote:
---
NEWS | 8
TODO | 2 +-
man/crypttab.xml | 2 +-
man/networkctl.xml| 2 +-
man/sd_event_add_child.xml
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*. It would be a bit complex to do this
without
On Mon, 26.01.15 07:34, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
The offline update mechanism is explicitly designed to work with a
separate /var. systemd-update-generator is supposed to run early,
before filesystems are mounted, so it cannot check if the
/system-update symlink
I'm using standalone Openbox and when I log out by killing Xserver
(ctrl+alt+backspace), some processes stay alive even though the user
logged out completely. I know there's a KillUserProcesses option in
the /etc/systemd/logind.conf file, and it works just fine, but with a
little lag. I mean,
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary filesystem changes, defeating any possible configurable
security mechanism.
Heya!
Here's a final reminder that the next systemd hackfest takes place
this friday at the Brussels Marriott Hotel. For details, please see:
https://plus.google.com/u/0/events/c56kbn26s6g01n6m4tj2nmdgnfc
It would be nice to sign up at this Google Event if you intend to
come, so that we can
On 01/26/15 16:13, Lennart Poettering wrote:
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set (null, zero, urandom etc). For example, smartd
only needs access to /dev/sd*.
On Mon, 26.01.15 20:17, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
I'm using standalone Openbox and when I log out by killing Xserver
(ctrl+alt+backspace), some processes stay alive even though the user
logged out completely. I know there's a KillUserProcesses option in
the
On Mon, 26.01.15 17:07, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 12:41, Simon McVittie wrote:
On 24/01/15 10:09, Topi Miettinen wrote:
For example, smartd only needs access to /dev/sd*.
Let me spell that differently: smartd only needs the ability to make
arbitrary
On Fri, 23.01.15 19:35, Christian Seiler (christ...@iwakd.de) wrote:
- explicitly enable getty@tty{1,2,3,4}.service
Why? This cannot work. The getty services assume a Linux console tty,
they will issue ioctls and ansi sequences that only the linux console
supports, and do VT management on
Normally, the SIGTERM should be delivered instantly on logout from
logind. Unless the PAM session end hook wasn't called or so.
If you log in as root, and then reproduce the 20s wait for another
user what does loginctl session-status and loginctl user-status
say about the session/user that
On Sun, 25.01.15 12:23, Topi Miettinen (toiwo...@gmail.com) wrote:
There's no need for CAP_CHOWN, CAP_DAC_OVERRIDE or CAP_FOWNER.
Hmm, that's not true, is it? load_clock_timestamp() is invoked before
we drop privs in the daemon. And it certainly calls fchmod() and
fchown(), so that it can later
On Tue, 27.01.15 02:12, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
Normally, the SIGTERM should be delivered instantly on logout from
logind. Unless the PAM session end hook wasn't called or so.
If you log in as root, and then reproduce the 20s wait for another
user what does
On Mon, Jan 26, 2015 at 6:08 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Fri, 23.01.15 19:35, Christian Seiler (christ...@iwakd.de) wrote:
- I hope I didn't forget anything
I spent quite some time to ensuer that systemd systems work
out-of-the-box in container managers. Any
Hmm, not sure I follow.
It only happens if I'm logged in as root in tmux.
The session is shown as closing, that's good. Can you check what
systemctl status reports on the scope unit if this hang happens?
Lennart
I'm not sure if I did the right thing, but there it is.
After
On Fri, 23.01.15 08:51, Martin Polednik (mpoled...@redhat.com) wrote:
Quite frankly, I cannot make sense of these sentences. I have no clue
what a SR-IOV, virtual function, physical function is supposed
to be.
Please explain what this all is, before we can think of adding any
On Mon, 26.01.15 08:59, Dave Reisner (dreis...@archlinux.org) wrote:
This reverts part of c2c13f2df42e0, which introduced this with no
explanation as to *why*. Enslaving the mount namespace breaks default
behavior included in rules/60-cdrom_id.rules. Specifically, filesystems
on optical media
Sorry, but I cannot parse this. Do you want a delay because when
logging out and back in you want to be able to reuse your old
gpg-agent? Or what precisely is the current behaviour and what do you
want it to be instead?
Lennart
No, I just want to speed it up. Now I have to wait about 20s
On Sat, 24.01.15 14:20, Sangjung Woo (sangjung@samsung.com) wrote:
According to the glibc manual, secure_getenv() is more trustful than
getenv() since it returns a null pointer if the environment is untrusted
such as setting SUID or SGID bits. Moreover, libraries should use
On Mon, 26.01.15 07:34, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
I now commited this after changing this to laccess().
Thanks!
The offline update mechanism is explicitly designed to work with a
separate /var. systemd-update-generator is supposed to run early,
before filesystems
On Sun, 25.01.15 03:37, Tomasz Pawlak (toma...@wp.pl) wrote:
core/main.c:1519
/* Make sure we leave a core dump without panicing the
* kernel. */
if (getpid() == 1) {
install_crash_handler();
r =
On Mon, 26.01.15 00:33, Tomasz Pawlak (toma...@wp.pl) wrote:
You are right, but it's not as simple as it may look at first sight:
1. If we allow the process to continue without sig handlers
installed, then results can be just catastrophic: kernel panic with
all the services launched -
В Tue, 27 Jan 2015 03:30:22 +0100
Lennart Poettering lenn...@poettering.net пишет:
On Fri, 23.01.15 08:51, Martin Polednik (mpoled...@redhat.com) wrote:
Quite frankly, I cannot make sense of these sentences. I have no clue
what a SR-IOV, virtual function, physical function is supposed
On Tue, 2015-01-20 at 19:35 +0200, Patrik Flykt wrote:
Hi,
Here is version 2 updated according to comments.
The trivial debug printout removal being too trivial is no longer
part of this set. NTP and DNS information I also left off, I think
there might have been a few bugs so
Peter Mattern [2015-01-23 14:03 +0100]:
According to man
(http://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html,
see section Description) systemd-gpt-auto-generator is supposed to behave
like this by now already.
Supposed yes, but I don't see anything in
On Mon, 26.01.15 16:51, Michael Olbrich (m.olbr...@pengutronix.de) wrote:
I've tested getrandom(): With 384 the kernel dumps a warning, because the
syscall does not exist. With 278 the syscall tracer tells me that it's
called when I run e.g. journalctl, so that looks good.
I've not tested
Dnia Poniedziałek, 26 Stycznia 2015 07:58 Zbigniew Jędrzejewski-Szmek
zbys...@in.waw.pl napisał(a)
On Sun, Jan 25, 2015 at 03:37:09AM +0100, Tomasz Pawlak wrote:
core/main.c:1519
/* Make sure we leave a core dump without panicing the
* kernel. */
if (getpid() == 1) {
On Mon, 26.01.15 17:25, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/26/15 16:13, Lennart Poettering wrote:
On Sat, 24.01.15 10:09, Topi Miettinen (toiwo...@gmail.com) wrote:
Hello,
It would be useful to be able to use PrivateDevices with additional
devices to the basic set
On Mon, 26.01.15 15:44, Michael Biebl (mbi...@gmail.com) wrote:
2015-01-26 14:59 GMT+01:00 Dave Reisner dreis...@archlinux.org:
This reverts part of c2c13f2df42e0, which introduced this with no
explanation as to *why*. Enslaving the mount namespace breaks default
behavior included in
On Sun, 25.01.15 18:46, Cristian Rodríguez (crrodrig...@opensuse.org) wrote:
GCC5 introduces -fno-semantic-interposition allowing
better code generation in shared libraries at the cost
of making interposition of exported symbols impossible
(i.e, a 3rd party shared library overriding
On Tue, 27.01.15 01:00, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
Sorry, but I cannot parse this. Do you want a delay because when
logging out and back in you want to be able to reuse your old
gpg-agent? Or what precisely is the current behaviour and what do you
want it to be instead?
On Sun, 25.01.15 07:10, Topi Miettinen (toiwo...@gmail.com) wrote:
On 01/25/15 03:34, Zbigniew Jędrzejewski-Szmek wrote:
On Sat, Jan 24, 2015 at 10:39:56AM +0200, Topi Miettinen wrote:
Leave space for the terminating zero when reading and make sure
that the last byte is zero. This also
On Mon, 26.01.15 14:00, Umut Tezduyar Lindskog (u...@tezduyar.com) wrote:
Hi,
condition_test_needs_update() wants the timestamp of /usr to be newer
than what is being checked.
Is there a reason why we don't check for /usr !=
Condition.parameter?
Well, when I hacked that up, I didn't
On Mon, 26.01.15 23:45, Tomasz Pawlak (toma...@wp.pl) wrote:
Actually it *is* protected, see kill(2). Signals are ignored for PID 1
unless it installed handlers for them. Nevertheless, we probably want to
abort on SIGSEGV and similar and not continue, so we shouldn't ever run
without the
40 matches
Mail list logo
