On Sat, 18.07.15 19:06, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
On Tue, Jun 09, 2015 at 01:02:43PM +0200, Lennart Poettering wrote:
On Mon, 01.06.15 22:43, Michael Biebl (mbi...@gmail.com) wrote:
2015-06-01 20:12 GMT+02:00 David Herrmann dh.herrm...@gmail.com:
Hi
As
2015-07-22 19:15 GMT+02:00 Lennart Poettering lenn...@poettering.net:
On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
Can I write my nifty.target as a service? I have seen in this case
nifty.service files with Exec=/bin/true to basically create a no-op
service, but
On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
Hi,
I am trying to systemd'ize a daemon which is useful to be run in two
instances. It is usually the case that both instances need to be
started and stopped simultaneously, and the local admin would want a
_single_
On Tue, 21.07.15 16:39, Florian Weimer (fwei...@redhat.com) wrote:
On 07/21/2015 01:52 PM, David Herrmann wrote:
Hi
On Tue, Jul 21, 2015 at 1:37 PM, Florian Weimer fwei...@redhat.com wrote:
We have quite a zoo of services which listen on localhost, on a fixed
TCP port, for use by
On Mon, 20.07.15 17:09, Pradeepa Kumar (cdprade...@gmail.com) wrote:
Hi
I need to use functions to call method, get property value etc from
dbus.
See http://0pointer.net/blog/the-new-sd-bus-api-of-systemd.html and
have a look at the sd-bus.h header file:
On Tue, 21.07.15 13:37, Florian Weimer (fwei...@redhat.com) wrote:
We have quite a zoo of services which listen on localhost, on a fixed
TCP port, for use by local clients. The canonical example is PostgreSQL
on 5432/TCP, for the benefit of Java clients (which cannot use the UNIX
domain
On Wed, 22.07.15 20:28, Michael Biebl (mbi...@gmail.com) wrote:
2015-07-22 19:15 GMT+02:00 Lennart Poettering lenn...@poettering.net:
On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
Can I write my nifty.target as a service? I have seen in this case
nifty.service
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
What's the intent of these settings? Is it a form of hardening? If
yes, it is rather ineffective because UID=0 does not need any
Am 21.07.2015 um 13:24 schrieb Florian Weimer:
On 07/20/2015 02:34 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:58 schrieb Florian Weimer:
On 07/20/2015 01:52 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID
On Tue, 21.07.15 13:24, Florian Weimer (fwei...@redhat.com) wrote:
And that's fine. But doing hardening for UID=0 services seems a very
bad practice to me because it looks like someone is assuming that UID=0
without capabilities is just another “nobody” user. Which is not
surprising,
B1;4002;0cOn Mon, 20.07.15 13:58, Florian Weimer (fwei...@redhat.com) wrote:
On 07/20/2015 01:52 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
Hi,
I am new to systemd. I am using CoreOS 717.3.0 with systemd 220.
When I checked the status of systemd-networkd I got:
systemctl status systemd-networkd
● systemd-networkd.service - Network Service
Loaded: loaded (/usr/lib64/systemd/system/systemd-networkd.service;
disabled; vendor
On Tue, Jul 21, 2015 at 09:42:38PM +0200, Michael Biebl wrote:
Have a look at the openvpn package in Debian. It implements something
like you have in mind.
There are multiple openvpn@.service instances and a single
openvpn.service which can be used by the admin to start/stop/restart
them.
On Wed, Jul 22, 2015 at 04:17:36PM +0800, Xtonic wrote:
Hi,
I am new to systemd. I am using CoreOS 717.3.0 with systemd 220.
When I checked the status of systemd-networkd I got:
systemctl status systemd-networkd
● systemd-networkd.service - Network Service
Loaded: loaded
Am 20.07.2015 um 13:58 schrieb Florian Weimer:
On 07/20/2015 01:52 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
What's the intent of these settings? Is
On Mon, 20.07.15 13:24, Florian Weimer (fwei...@redhat.com) wrote:
What's the intent of these settings? Is it a form of hardening? If
yes, it is rather ineffective because UID=0 does not need any
capabilities to completely compromise the system.
Well, we run our stuff with minimal attack
On Thu, 23.07.15 10:41, Daurnimator (q...@daurnimator.com) wrote:
On 23 July 2015 at 04:41, Lennart Poettering lenn...@poettering.net wrote:
Maybe we can change the manager core to propagate Reload() calls
for unit type that do not support it natively to other units listed in
On Fri, 17.07.15 13:13, David Sommerseth (dav...@redhat.com) wrote:
Hi,
I'm looking through some journals now, and even though I've seen it a
few times I haven't thought about it until now.
systemd-journal[1151]: Runtime journal is using 8.0M (max allowed
4.0G, trying
On 23 July 2015 at 04:41, Lennart Poettering lenn...@poettering.net wrote:
Maybe we can change the manager core to propagate Reload() calls
for unit type that do not support it natively to other units listed in
PropagateReloadsTo= and then become a NOP.
Or in other words: invoking reload on a
19 matches
Mail list logo
