Re: [systemd-devel] SD_BUS_VTABLE_CAPABILITY

! -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH v2] log: be more verbose if dbus job fails

... +[SERVICE_FAILURE_START_LIMIT] = start of the service was attempted too often too quickly, +}; -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] macro: allow assert_se() assertions to also be optimized out when NDEBUG is set

On Mon, Mar 30, 2015 at 07:32:35PM -0700, Shawn Landden wrote: On Mon, Mar 30, 2015 at 5:04 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Mar 27, 2015 at 09:51:26AM -0700, Shawn Landden wrote: On Fri, Mar 27, 2015 at 8:16 AM, Tom Gundersen t...@jklm.no wrote: [...] * Current

Re: [systemd-devel] [PATCH 2/2] macro: allow assert_se() assertions to also be optimized out when NDEBUG is set

Hi Shawn, On Tue, Mar 31, 2015 at 04:59:29PM -0700, Shawn Landden wrote: On Tue, Mar 31, 2015 at 2:40 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Mar 31, 2015 at 11:10:34AM -0700, Shawn Landden wrote: [...] The point is that assert() and assert_se() should only be used

Re: [systemd-devel] [PATCH 2/2] macro: allow assert_se() assertions to also be optimized out when NDEBUG is set

the callers and their semantics if you think that the code there is robust and it's worth it... ? Thanks! -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman

Re: [systemd-devel] [PATCH 2/2] macro: allow assert_se() assertions to also be optimized out when NDEBUG is set

Hi Shawn, On Thu, Mar 26, 2015 at 11:21:54PM -0700, Shawn Landden wrote: On Thu, Mar 26, 2015 at 5:47 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Mar 27, 2015 at 12:30:53AM +0100, Tom Gundersen wrote: On Thu, Mar 26, 2015 at 9:19 AM, Lennart Poettering lenn...@poettering.net wrote

Re: [systemd-devel] [PATCH 2/2] macro: allow assert_se() assertions to also be optimized out when NDEBUG is set

://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] path-lookup: use secure_getenv()

... ?! Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list

Re: [systemd-devel] [PATCH][RFC] bus-proxy: add support for GetConnectionCredentials method

, error); Can this ever return unknown (-1?) for creds-pid or creds-euid? So, I'm missing lot of bits, but pid can be 0, euid can perhaps be (uid_t)-1 which is also a valid value... that maps to the INVALID_UID -- Djalal Harouni http://opendz.org

Re: [systemd-devel] [PATCH] test: bump KDBUS_CONN_MAX_MSGS_PER_USER value

be used to inspect policy_db-talk_access_hash -- 1.9.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org

Re: [systemd-devel] systemd-nspawn create container under unprivileged user

On Wed, Feb 11, 2015 at 05:06:56PM +0100, Lennart Poettering wrote: On Wed, 11.02.15 13:53, Djalal Harouni (tix...@opendz.org) wrote: On Tue, Feb 10, 2015 at 12:52:34PM +0100, Lennart Poettering wrote: On Thu, 05.02.15 02:03, Vasiliy Tolstov (v.tols...@selfip.ru) wrote: Hello

Re: [systemd-devel] systemd-nspawn create container under unprivileged user

running inside containers, we'll have to add more code paths for this special case... and not only CAP_SYS_MODULE, perhaps there are other cases... -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org

Re: [systemd-devel] [PATCH] Assorted typo fixes

On Mon, Jan 19, 2015 at 02:42:31PM +0200, Mantas Mikulėnas wrote: On Mon, Jan 19, 2015 at 2:26 PM, Djalal Harouni tix...@opendz.org wrote: Hi, On Mon, Jan 19, 2015 at 10:46:23AM +0100, Rémi Audebert wrote: Signed-off-by: Rémi Audebert ha...@lse.epita.fr Your email is in base64 format

Re: [systemd-devel] [PATCH] Assorted typo fixes

-- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/2] Add detect_userns to detect uid/gid shifts

-x240 userns]# mount -t tmpfs none test/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org

Re: [systemd-devel] [PATCH 1/2] Add detect_userns to detect uid/gid shifts

! Cheers, Tom -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org

Re: [systemd-devel] [PATCH v3] Do not clear parent mount flags when setting up namespaces

); ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel

Re: [systemd-devel] [PATCH] Do not clear parent mount flags when setting up namespaces

-October/023515.html -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH v2] Do not clear parent mount flags when setting up namespaces

buf; + +if (statvfs(path, buf) 0) +return 0; IMO here it should return an errno since this is a helper. In that case perhaps just open code the statvfs() or improve the helper ? Thanks! -- Djalal Harouni http://opendz.org

Re: [systemd-devel] Compatibility between D-Bus and kdbus

, they are mandatory. process credentials might be suppressed hwover, for example if they cannot be translated due to namespaces. Thanks. Could you clarify in the docs? Daniel, David? Could you add a note about this? Ok pushed a note about namespace issues, thanks! -- Djalal Harouni http

Re: [systemd-devel] Unprivileged poweroff

Simon! S ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org ___ systemd-devel mailing

[systemd-devel] [PATCH 1/2] test: some tests to enforce routing messages by connections ID

best practice and to be able to free the returned kdbus_msg and the slice pointed by that offset. Signed-off-by: Djalal Harouni tix...@opendz.org --- Hi Daniel, before applying please make sure that we want this. It follows what I've discussed in the other mail, otherwise just test it, it will give

[systemd-devel] [PATCH 2/2] test: Use 'CapBnd' string for capability bounding set

Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/kdbus-util.c b/test/kdbus-util.c index fe4565c..b1c5864 100644 --- a/test/kdbus-util.c +++ b/test/kdbus-util.c @@ -569,7 +569,7 @@ void kdbus_msg_dump

Re: [systemd-devel] [PATCH 2/2] policy: make policy checks work across user namespaces

On Tue, Sep 09, 2014 at 10:40:57AM +0200, Daniel Mack wrote: On 09/08/2014 03:50 PM, Djalal Harouni wrote: Yes there are compile time checks, and it is perhaps easier/consistent to read this way! but yes a union is also good. OK I'll update it. Nevermind - I amended the your patch

[systemd-devel] [PATCH 1/2] test: update policy tests to handle user namespaces

. * kdbus_clone_userns_test() that performs the test inside a new user namespace. * Converts all the other tests to return CHECK_OK, CHECK_SKIP or CHECK_ERR so we are consistent. Currently we fail at kdbus_clone_userns_test() test #8. The next patch will fix this issue. Signed-off-by: Djalal Harouni tix

[systemd-devel] [PATCH 2/2] policy: make policy checks work across user namespaces

we can add it later a la: fs/inode.c:inode_owner_or_capable() Add kdbus_policy_make_access() to convert the user provided info to the current user namespace. Userspace struct is not changed, only the kernel one. This patch fixes test #8 of test-kdbus-policy Signed-off-by: Djalal Harouni tix

Re: [systemd-devel] [PATCH 2/2] policy: make policy checks work across user namespaces

On Mon, Sep 08, 2014 at 03:27:42PM +0200, Daniel Mack wrote: On 09/08/2014 03:18 PM, Djalal Harouni wrote: * This is the internal version of struct kdbus_policy_db_access. @@ -51,7 +52,8 @@ struct kdbus_policy_db_cache_entry { struct kdbus_policy_db_entry_access { u8 type

Re: [systemd-devel] [PATCH 1/2] test: update policy tests to handle user namespaces

On Mon, Sep 08, 2014 at 03:32:21PM +0200, Daniel Mack wrote: On 09/08/2014 03:18 PM, Djalal Harouni wrote: Upstream kernels allow unprivileged users to create user namespaces and change their uid/gid. These patches update kdbus policy logic to handle this case and improve our current

[systemd-devel] [PATCH] sd-bus: kdbus: monitor connections use the KDBUS_HELLO_MONITOR flag

--- Currently this bus_kernel_create_monitor() is not used. Patch compile tested. src/libsystemd/sd-bus/bus-kernel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index 3ca271c..1440e43 100644 ---

Re: [systemd-devel] [PATCH 3/3] kdbus: get some creds during meta append for optimization

On Wed, Aug 20, 2014 at 10:49:22PM +0200, Daniel Mack wrote: On 08/20/2014 06:16 PM, Djalal Harouni wrote: On Tue, Aug 19, 2014 at 09:15:35AM +0200, Daniel Mack wrote: Hmm, I'm not convinced this buys us anything really. After all, that struct has a single user only, and factoring out

[systemd-devel] [PATCH 1/2] test: in msg_dump() fix kdbus_audit fields order

We have sessionid then loginuid in kdbus_audit. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/kdbus-util.c b/test/kdbus-util.c index f79d7ec..956fa6f 100644 --- a/test/kdbus-util.c +++ b/test/kdbus

[systemd-devel] [PATCH 2/2] kdbus: do the audit loginuid translation as late as possible

Do the namespace translation just before pushing into the receiver's slice, so we map to the receiver's user namespace. Patch tested. Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 37 + metadata.c | 3 +++ metadata.h | 4 3

Re: [systemd-devel] [PATCH 3/3] kdbus: get some creds during meta append for optimization

On Tue, Aug 19, 2014 at 09:15:35AM +0200, Daniel Mack wrote: Hi Djalal, Thanks for applying the others. On 08/19/2014 03:43 AM, Djalal Harouni wrote: Some creds can be gathered during kdbus_meta_append() instead of kdbus_conn_queue_alloc() where they will be gathered for all

Re: [systemd-devel] [PATCH 1/2] test: in msg_dump() fix kdbus_audit fields order

On Wed, Aug 20, 2014 at 06:04:09PM +0200, Daniel Mack wrote: On 08/20/2014 05:58 PM, Djalal Harouni wrote: case KDBUS_ITEM_AUDIT: - printf( +%s (%llu bytes) loginuid=%llu sessionid=%llu\n, + printf( +%s (%llu bytes) sessionid=%llu

[systemd-devel] [PATCH] test: use audit.loginuid and audit.sessionid when dumping the audit item

Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/kdbus-util.c b/test/kdbus-util.c index f79d7ec..5b3df7d 100644 --- a/test/kdbus-util.c +++ b/test/kdbus-util.c @@ -471,8 +471,8 @@ void msg_dump(const

Re: [systemd-devel] kdbus: merge 3.17 branch into master?

, MFD_ALLOW_SEALING); I also confirm, HEAD gives these errors! However yesterday before any change to Makefile, I got the same error that was first reported by Greg, and to compile and test kdbus, I just added export KERNELDIR to the root Makefile, didn't bother to search... -- Djalal Harouni http

Re: [systemd-devel] kdbus: merge 3.17 branch into master?

and then doing a 'make headers_install' in your kernel repo (before you build kdbus) fixes it? Daniel, I confirm here. I just did that and it builds. Thanks -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel

[systemd-devel] [PATCH 0/3] kdbus: metadata improvements

Hi, Patch 1 and 2 should be applied. For patch 3 it can be discussed :-) Please apply on top of the test series that contain the test-kdbus-metadta-ns tool. Thanks! ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org

[systemd-devel] [PATCH 1/3] metadata: document creds_item_off and auxgrps_item_off fields

Signed-off-by: Djalal Harouni tix...@opendz.org --- metadata.c | 3 ++- metadata.h | 8 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/metadata.c b/metadata.c index eb286aa..3dff9ac 100644 --- a/metadata.c +++ b/metadata.c @@ -130,7 +130,8 @@ kdbus_meta_append_item(struct

[systemd-devel] [PATCH 2/3] connection: move the install creds into the slice to its own function

Move the install creds into the receiver's slice to its own function kdbus_conn_creds_install(). Use from_kuid_munged(), so the uid mapping never fails. Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 32 1 file changed, 20 insertions(+), 12

[systemd-devel] [PATCH 3/3] kdbus: get some creds during meta append for optimization

it. Patch tested with the test-kdbus-metadata-ns Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 56 metadata.c | 6 +- metadata.h | 26 ++ 3 files changed, 67 insertions(+), 21 deletions

Re: [systemd-devel] compile with clang broken

(optimization) passes on the GIMPLE form of the code... so it depends on the code and parameters passed to __builitin_constant_p(), not only preprocessor constants. https://gcc.gnu.org/onlinedocs/gccint/Tree-SSA.html -- Djalal Harouni http://opendz.org

[systemd-devel] [PATCH 1/2] test: sync the policy tests with the recent activators and policy holders changes

. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/test-kdbus-policy.c | 25 +++-- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/test/test-kdbus-policy.c b/test/test-kdbus-policy.c index a2430f2..e0bd619 100644 --- a/test/test-kdbus-policy.c +++ b/test

[systemd-devel] [PATCH 2/2] handle: return -EOPNOTSUPP instead of -EPERM if an operation is not supported

If userspace calls in with the wrong connection type, just return -EOPNOTSUPP instead of -EPERM. This will not confuse unprivileged and privileged processes, and permits to identify legitimate -EPERM errors. This just converts errors introduced in commit 7015a1e6746 Signed-off-by: Djalal

[systemd-devel] [PATCH 0/3] more improvements on connection types checks

Hi, This goes on top of the previous one: http://lists.freedesktop.org/archives/systemd-devel/2014-August/021747.html Kay, sorry it should be perhaps just be a one series, but I just noticed those bugs, so just send quick fixes. If you want me to resend as a one series, I will do it, no

[systemd-devel] [PATCH 1/3] handle: allow KDBUS_CMD_CONN_UPDATE ioctl for policy holders

Allow KDBUS_CMD_CONN_UPDATE for KDBUS_CONN_POLICY_HOLDER connections. Signed-off-by: Djalal Harouni tix...@opendz.org --- handle.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/handle.c b/handle.c index 2e6502b..ac68681 100644 --- a/handle.c +++ b/handle.c @@ -636,8

[systemd-devel] [PATCH 2/3] connection: improve kdbus_cmd_conn_update() connection type checks

in it. And update a kdbus_policy_set() call to only pass a one name per policy-holding connection Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 21 - 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/connection.c b/connection.c index c2d71a8

[systemd-devel] [PATCH 3/3] test: split conn_update() into update attach-flags and update policy

all the tests. This prevents messing up with the attach-flags. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c| 62 +++- test/kdbus-util.h| 7 +++--- test/test-kdbus-policy.c | 2 +- 3 files changed, 45 insertions

Re: [systemd-devel] [PATCH 0/5] kdbus: allow multiple policies

when doing send/recv validation. So I guess we should also block policy holders from owning well-known names ? hmm, then add the policy holders to the block X connections from sending or receiving... . Thanks! -- Djalal Harouni http://opendz.org

Re: [systemd-devel] [PATCH 0/5] kdbus: allow multiple policies

Hi, On Thu, Jul 31, 2014 at 10:38:47PM +0200, Kay Sievers wrote: On Thu, Jul 31, 2014 at 8:57 PM, Djalal Harouni tix...@opendz.org wrote: (Cc'ed Lennart) On Thu, Jul 31, 2014 at 05:40:53PM +0200, Kay Sievers wrote: On Wed, Jul 23, 2014 at 6:34 PM, Djalal Harouni tix...@opendz.org wrote

Re: [systemd-devel] [PATCH 0/5] kdbus: allow multiple policies

(Cc'ed Lennart) On Thu, Jul 31, 2014 at 05:40:53PM +0200, Kay Sievers wrote: On Wed, Jul 23, 2014 at 6:34 PM, Djalal Harouni tix...@opendz.org wrote: This series adds the infrastructure to test and upload multiple policies. The last #5 patch allows to upload multiple policies per

[systemd-devel] [PATCH v2 0/7] kdbus: improve user domain accounting

Hi, This is series v2 of: http://lists.freedesktop.org/archives/systemd-devel/2014-July/021526.html This series improves user domain accounting and fixes some bugs. It should go on top of the kdbus: allow multiple policies series:

[systemd-devel] [PATCH v2 1/7] domain: add kdbus_domain_user_assign_id() to assign IDs to domain users

Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 33 + 1 file changed, 33 insertions(+) diff --git a/domain.c b/domain.c index c4912fa..af9d986 100644 --- a/domain.c +++ b/domain.c @@ -419,6 +419,39 @@ int kdbus_domain_make_user(struct kdbus_cmd_make

[systemd-devel] [PATCH v2 2/7] domain: add __kdbus_domain_user_account() to account domain users

Add __kdbus_domain_user_account() to account and link users into a domain. Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 70 domain.h | 4 2 files changed, 74 insertions(+) diff --git a/domain.c b/domain.c

[systemd-devel] [PATCH v2 3/7] domain: add kdbus_domain_user_account()

Add kdbus_domain_user_account() to account and link users into a domain. This function will take the domain lock, and it will be used as a replacement for kdbus_domain_user_find_or_new(). Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 36

[systemd-devel] [PATCH v2 4/7] kdbus: improve user quota accounting by using kdbus_domain_user_account()

(). The last one in bus.c is updated in the next patch. Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 12 ++-- handle.c | 8 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/connection.c b/connection.c index 1658a92..8838029 100644

[systemd-devel] [PATCH v2 5/7] bus: improve user quota accounting and domain locking

. kdbus_bus_new(): = take domain lock = check if domain is still active/connected = __kdbus_domain_user_account() ... Signed-off-by: Djalal Harouni tix...@opendz.org --- bus.c | 13 + 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/bus.c b/bus.c index d09e3c6

[systemd-devel] [PATCH v2 6/7] connection: fix user quota accounting corruption

First use kzalloc to allocate the users array, so we do not reference unintialized values. And free the old conn-msg_users array not the newly allocated 'users' one. Patch tested, and users will hit the KDBUS_CONN_MAX_MSGS_PER_USER limit and fail with -ENOBUFS Signed-off-by: Djalal Harouni tix

[systemd-devel] [PATCH v2 7/7] domain: remove dead kdbus_domain_user_find_or_new()

Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 67 domain.h | 2 -- 2 files changed, 69 deletions(-) diff --git a/domain.c b/domain.c index 1e2c3c9..eeb73ca 100644 --- a/domain.c +++ b/domain.c @@ -557,73 +557,6

[systemd-devel] [PATCH 0/5] kdbus: allow multiple policies

This series adds the infrastructure to test and upload multiple policies. The last #5 patch allows to upload multiple policies per connection The todo for the policy holders is: * Should we set a maximum value for how many names/policies a policy holder is allowed to upload. This is needed

[systemd-devel] [PATCH 5/5] connection: allow policy holders to install multiple names

Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/connection.c b/connection.c index 85ffa5a..1658a92 100644 --- a/connection.c +++ b/connection.c @@ -1905,7 +1905,11 @@ int kdbus_conn_new(struct kdbus_ep *ep

[systemd-devel] [PATCH 0/7] kdbus: improve user domain accounting

Hi, This series improves user domain accounting and fixes some bugs. On top of the kdbus: allow multiple policies series: http://lists.freedesktop.org/archives/systemd-devel/2014-July/021514.html Patches 1, 2, 3 and 4 are preparation patches to improve the code. Patch 5 fixes

[systemd-devel] [PATCH 1/7] domain: add __kdbus_domain_user_account() to account and link users

Add __kdbus_domain_user_account() to account and link users into a domain. Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 32 1 file changed, 32 insertions(+) diff --git a/domain.c b/domain.c index c4912fa..a321f31 100644 --- a/domain.c +++ b

[systemd-devel] [PATCH 2/7] domain: add the lock protected version of user accounting

Add the lock protected version of __kdbus_domain_user_account(). It will check if the domain is still active before linking users. Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 24 1 file changed, 24 insertions(+) diff --git a/domain.c b/domain.c index

[systemd-devel] [PATCH 3/7] domain: add kdbus_domain_user_new()

Add kdbus_domain_user_new() to allocate kdbus_domain_user objects. Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 27 +++ 1 file changed, 27 insertions(+) diff --git a/domain.c b/domain.c index 86fde55..18dc2a7 100644 --- a/domain.c +++ b/domain.c

[systemd-devel] [PATCH 4/7] domain: add kdbus_domain_user_find()

Add kdbus_domain_user_find() to look up domain users Signed-off-by: Djalal Harouni tix...@opendz.org --- domain.c | 32 1 file changed, 32 insertions(+) diff --git a/domain.c b/domain.c index 18dc2a7..a5abb2d 100644 --- a/domain.c +++ b/domain.c @@ -446,6

[systemd-devel] [PATCH 5/7] kdbus: improve user domain accounting

the former to 1, and adapt other parts of the code to treat 1 as the starting id of user indexes. Signed-off-by: Djalal Harouni tix...@opendz.org --- bus.c| 4 ++-- connection.c | 19 +++ domain.c | 76 +--- handle.c

[systemd-devel] [PATCH 6/7] bus: call __kdbus_domain_user_account() and avoid an extra domain lock

2 times by replacing the kdbus_domain_user_find_or_new() with kdbus_domain_user_find(): take the lock 1 time kdbus_domain_user_new() + kdbus_bus_new(): take the lock 1 time and use the unlocked version __kdbus_domain_user_account() to account the user. Signed-off-by: Djalal Harouni tix

Re: [systemd-devel] [PATCH 2/3] nspawn: use Barrier API instead of eventfd-util

On Thu, Jul 17, 2014 at 11:30:26AM +0200, David Herrmann wrote: Hi On Mon, Jul 14, 2014 at 3:28 AM, Djalal Harouni tix...@opendz.org wrote: ppoll is atomic and it is handled by the kernel, so perhaps setting/restoring sigmask can be done easily! and for nspawn: IMO we need to receive

Re: [systemd-devel] [PATCH 2/3] nspawn: use Barrier API instead of eventfd-util

/eventfd-util.c deleted file mode 100644 index 27b7cf7..000 --- a/src/shared/eventfd-util.c +++ /dev/null @@ -1,169 +0,0 @@ -/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ - -/*** - This file is part of systemd. - - Copyright 2014 Djalal Harouni - - systemd is free

Re: [systemd-devel] How to Listen for SessionRemoved Signal

something or clean things up... So there is the 'PrepareForShutdown' signal, assume SessionRemoved, then release the inhibitor lock ? http://www.freedesktop.org/wiki/Software/systemd/logind/ Thanks -- Djalal Harouni http://opendz.org ___ systemd-devel

Re: [systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

to continue and try to report. I don't know if memfd needs to do something special, or just convert! I really don't know... It might also be a good idea to investigate whether one specific meta data attachments causes the regression. Ok will do, thanks! Thanks, Daniel -- Djalal Harouni http

Re: [systemd-devel] [PATCH] nspawn: When exiting with an error, make the error code meaningful.

) break; Thank you for the report and the patch! -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 3/4] connection: use the already cached metadata if KDBUS_HELLO_CACHE_META is set

On Fri, Jun 27, 2014 at 01:02:19PM +0200, Daniel Mack wrote: On 06/27/2014 12:46 PM, Kay Sievers wrote: On Fri, Jun 27, 2014 at 12:32 PM, Djalal Harouni tix...@opendz.org wrote: For connections with the KDBUS_HELLO_CACHE_META flag dup the metadata/credentials from handle or from the HELLO

Re: [systemd-devel] [PATCH] nspawn: When exiting with an error, make the error code meaningful.

On Mon, Jun 30, 2014 at 01:54:57AM +0100, Djalal Harouni wrote: On Sun, Jun 29, 2014 at 07:59:38PM -0400, Luke Shumaker wrote: At Sun, 29 Jun 2014 12:31:13 +0100, Djalal Harouni wrote: On Sat, Jun 28, 2014 at 12:09:56PM -0400, Luke Shumaker wrote: This is accomplished by having

Re: [systemd-devel] [RFC 4/8] HACK0: allow meta information customizable

___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel

Re: [systemd-devel] [RFC 4/8] HACK0: allow meta information customizable

On Fri, Jun 27, 2014 at 11:44:06AM +0200, Daniel Mack wrote: On 06/27/2014 11:33 AM, Djalal Harouni wrote: On Fri, Jun 27, 2014 at 11:24:48AM +0200, Daniel Mack wrote: No, that's what I'm saying. We cannot cache anything as any information may change at any time. The rule here is simple

[systemd-devel] [PATCH 0/4] kdbus: improve benchmark by using cached metadata

Hi, First this is just to investigate things! and if it follows kdbus use cases. This is in the spirit of the late kdbus benchmark threads. Do not apply, just trying to investigate things and if it is really useful. I did benchmarks and the improvement is say ~50%, but did not post numbers,

[systemd-devel] [PATCH 1/4] kdbus: add KDBUS_HELLO_CACHE_META to use the cached metadata

but will not cause the source connection to collect its data on every broadcast round. This allows to provide metadata and reduce latency. Signed-off-by: Djalal Harouni tix...@opendz.org --- kdbus.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kdbus.h b/kdbus.h index 0b189cb..f637203 100644

[systemd-devel] [PATCH 2/4] metadata: add kdbus_meta_memdup() to dup a metadata object

This is a preparation patch thats add kdbus_meta_memdup() to memdup a metadata object. This is useful to connections with a KDBUS_HELLO_CACHE_META flag. Signed-off-by: Djalal Harouni tix...@opendz.org --- metadata.c | 27 +++ metadata.h | 3 ++- 2 files changed, 29

[systemd-devel] [PATCH 3/4] connection: use the already cached metadata if KDBUS_HELLO_CACHE_META is set

for the privileged process. Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 22 +++--- connection.h | 2 +- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/connection.c b/connection.c index 85ffa5a..f460ad1 100644 --- a/connection.c +++ b/connection.c @@ -1230,7

[systemd-devel] [PATCH 4/4] kdbus-benchmark: use KDBUS_HELLO_CACHE_META to improve benchmark

Use the new KDBUS_HELLO_CACHE_META flag to improve benchmark by ~50% This reduces latency and allows sending metadata at the same time. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/test-kdbus-benchmark.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test

[systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

packets processed, latency (usecs) min/max/avg 113/10274/131 stats: 5507 packets processed, latency (usecs) min/max/avg 113/10314/132 stats: 5550 packets processed, latency (usecs) min/max/avg 113/12435/132 Thanks -- Djalal Harouni http://opendz.org

Re: [systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

On Fri, Jun 27, 2014 at 01:04:00PM +0200, Daniel Mack wrote: On 06/27/2014 12:51 PM, Djalal Harouni wrote: Just to let you know that I did notice a regression by ~70% when running test-kdbus-benchmark on a kvm guest (that's what I've under hands now) I know sorry, but still a kdbus

Re: [systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

On Fri, Jun 27, 2014 at 12:23:05PM +0100, Djalal Harouni wrote: On Fri, Jun 27, 2014 at 01:04:00PM +0200, Daniel Mack wrote: On 06/27/2014 12:51 PM, Djalal Harouni wrote: Just to let you know that I did notice a regression by ~70% when running test-kdbus-benchmark on a kvm guest (that's

Re: [systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

On Fri, Jun 27, 2014 at 02:28:56PM -0700, Greg KH wrote: On Fri, Jun 27, 2014 at 10:19:03PM +0100, Djalal Harouni wrote: On Fri, Jun 27, 2014 at 12:23:05PM +0100, Djalal Harouni wrote: On Fri, Jun 27, 2014 at 01:04:00PM +0200, Daniel Mack wrote: On 06/27/2014 12:51 PM, Djalal Harouni

Re: [systemd-devel] kdbus performance regression by ~70% on 3.15 kernels ?

On Fri, Jun 27, 2014 at 04:55:30PM -0700, Steven Noonan wrote: On Fri, Jun 27, 2014 at 3:14 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Jun 27, 2014 at 02:28:56PM -0700, Greg KH wrote: On Fri, Jun 27, 2014 at 10:19:03PM +0100, Djalal Harouni wrote: On Fri, Jun 27, 2014 at 12:23

Re: [systemd-devel] [PATCH 07/12] policy: use the db-entries_hash to access the policy db entries

Hi, On Fri, Jun 20, 2014 at 07:12:13PM +0100, Djalal Harouni wrote: On Fri, Jun 20, 2014 at 08:01:04PM +0200, Daniel Mack wrote: On 06/20/2014 07:28 PM, Daniel Mack wrote: On 06/20/2014 06:50 PM, Djalal Harouni wrote: Use the db-entries_hash to access the policy db entries instead

Re: [systemd-devel] [PATCH 0/12] kdbus: policy tests and fixes

Hi Daniel, (Really sorry for my late response, my university/research job...) On Fri, Jun 20, 2014 at 07:21:25PM +0200, Daniel Mack wrote: Hi Djalal, On 06/20/2014 06:49 PM, Djalal Harouni wrote: This series adds the test-kdbus-policy test. The first patches are prepration then you have

[systemd-devel] [PATCH 0/12] kdbus: policy tests and fixes

Hi, This series adds the test-kdbus-policy test. The first patches are prepration then you have the test. Later there are several fixes and improvments, I've performed all the tests with success. I still have another series which deals with the send access cache, will send it soon, or perhaps

[systemd-devel] [PATCH 02/12] test: make msg_send() return -errno

any test. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/test/kdbus-util.c b/test/kdbus-util.c index 988aa8c..b7dc057 100644 --- a/test/kdbus-util.c +++ b/test/kdbus-util.c @@ -189,20 +189,23

[systemd-devel] [PATCH 03/12] test: add simple helper to drop privileges

This is needed since we will add tests to fork() + drop privileges Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 29 + test/kdbus-util.h | 1 + 2 files changed, 30 insertions(+) diff --git a/test/kdbus-util.c b/test/kdbus-util.c index

[systemd-devel] [PATCH 04/12] test: add conn_update() to test KDBUS_CMD_CONN_UPDATE

Add conn_update() to perform KDBUS_CMD_CONN_UPDATE ioctl() calls. Signed-off-by: Djalal Harouni tix...@opendz.org --- test/kdbus-util.c | 74 +++ test/kdbus-util.h | 4 +++ 2 files changed, 78 insertions(+) diff --git a/test/kdbus-util.c b

[systemd-devel] [PATCH 05/12] test: add the test-kdbus-policy test

if it was exec by root. Signed-off-by: Djalal Harouni tix...@opendz.org --- .gitignore | 1 + test/Makefile| 3 +- test/test-kdbus-policy.c | 456 +++ 3 files changed, 459 insertions(+), 1 deletion(-) create mode 100644 test

[systemd-devel] [PATCH 06/12] connection: update attach_flags only if KDBUS_ITEM_ATTACH_FLAGS is provided

Fix a bug introcuded in commit d92d68414fab which fixed another bug. conn-attach_flags should only be update if KDBUS_ITEM_ATTACH_FLAGS was provided. Signed-off-by: Djalal Harouni tix...@opendz.org --- connection.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git

[systemd-devel] [PATCH 07/12] policy: use the db-entries_hash to access the policy db entries

Use the db-entries_hash to access the policy db entries instead of the db-send_access_hash which is just a cache for send entries. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/policy.c b/policy.c index

[systemd-devel] [PATCH 08/12] policy: kdbus_policy_set() make sure we restore the right entries

and makes the code able to restore previously saved entries in case of errors. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy.c b/policy.c index 79d6fa4..9cf7f67 100644 --- a/policy.c +++ b/policy.c @@ -601,7

[systemd-devel] [PATCH 09/12] policy: kdbus_policy_set() use another variable to save entries

' variable to reference hash entries. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/policy.c b/policy.c index 9cf7f67..601d2a8 100644 --- a/policy.c +++ b/policy.c @@ -467,6 +467,7 @@ int kdbus_policy_set(struct

[systemd-devel] [PATCH 10/12] policy: kdbus_policy_set() fix a use after free bug

the other kdbus_policy_entry_free() calls. Thix fixes the bug triggered by test-kdbus-policy when we try to register the same name twice. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 9 ++--- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/policy.c b/policy.c

[systemd-devel] [PATCH 11/12] policy: kdbus_policy_check_own_access() returns 0 on success not true

kdbus_policy_check_own_access() returns 0 if access is granted, otherwise a negative errno. So fix this by returning 0. We did not hit this since callers were checking negative values for errors. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 13 +++-- 1 file changed, 11

  1   2   3   >