On 17.06.2024 18:20, Michal Koutný wrote:
Hello.
On Sat, Jun 15, 2024 at 04:49:33PM GMT, Andrei Borzenkov
wrote:
...
Which does not really solve the problem. So, once again:
- nftables allow filtering based on cgroupv2 path
- cgroupv2 path is resolved at the time rule is processed. It is
Hello.
On Sat, Jun 15, 2024 at 04:49:33PM GMT, Andrei Borzenkov
wrote:
> ...
> Which does not really solve the problem. So, once again:
>
> - nftables allow filtering based on cgroupv2 path
> - cgroupv2 path is resolved at the time rule is processed. It is impossible
> to configure rule for a
https://linuxunplugged.com/567
Den tis 11 juni 2024 kl 23:45 skrev systemd tag bot
:
>
> A new, official systemd release has just been tagged . Please download
> the tarball here:
>
> https://github.com/systemd/systemd/archive/v256.tar.gz
>
> Changes since the previous release:
>
On 15/06/2024 4.37 pm, Andrei Borzenkov wrote:
Not really. nftables checks the *socket* cgroup, not the *process* cgroup. The
socket may have been created while process was in the old cgroup.
I do not know whether kernel attempts to also move all process sockets to the
new cgroup. I suspect
On 15.06.2024 14:02, Mikhail Morfikov wrote:
Otherwise there is such project as
https://github.com/mk-fg/systemd-cgroup-nftables-policy-manager
which dynamically adds nftables rules to match systemd cgroups (well, in principle it can
match anything). It could be combined with "systemd-run
On 15.06.2024 16:58, Mikhail Morfikov wrote:
On 15/06/2024 2.27 pm, Andrei Borzenkov wrote:
On 15.06.2024 14:02, Mikhail Morfikov wrote:
But there's no curl pids in
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/cgroup.procs .
To be more specific, there's no pids at all in this
On 15/06/2024 2.27 pm, Andrei Borzenkov wrote:
On 15.06.2024 14:02, Mikhail Morfikov wrote:
But there's no curl pids in
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/cgroup.procs .
To be more specific, there's no pids at all in this cgroup.procs file. The curl
pids are under
#
On 14.06.2024 11:20, Lennart Poettering wrote:
On Fr, 14.06.24 10:06, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
--
Lennart Poettering, Berlin
I don't need any warranty, I need a way to make this work.
Yeah, but this is the wrong forum to ask for help then. What you are
doing is
On 15.06.2024 14:02, Mikhail Morfikov wrote:
But there's no curl pids in
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/cgroup.procs .
To be more specific, there's no pids at all in this cgroup.procs file. The curl
pids are under
# cat
On 15/06/2024 8.15 am, Andrei Borzenkov wrote:
On 14.06.2024 18:49, Mikhail Morfikov wrote:
On 14/06/2024 5.26 pm, Demi Marie Obenour wrote:
On Fri, Jun 14, 2024 at 10:06:34AM +0200, Mikhail Morfikov wrote:
On 13/06/2024 10.27 pm, Lennart Poettering wrote:
On Do, 13.06.24 21:38, Mikhail
On 14.06.2024 18:49, Mikhail Morfikov wrote:
On 14/06/2024 5.26 pm, Demi Marie Obenour wrote:
On Fri, Jun 14, 2024 at 10:06:34AM +0200, Mikhail Morfikov wrote:
On 13/06/2024 10.27 pm, Lennart Poettering wrote:
On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
I'm trying
On 14/06/2024 5.26 pm, Demi Marie Obenour wrote:
On Fri, Jun 14, 2024 at 10:06:34AM +0200, Mikhail Morfikov wrote:
On 13/06/2024 10.27 pm, Lennart Poettering wrote:
On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
I'm trying to make the 4 things (systemd, cgrupsv2,
On Fri, Jun 14, 2024 at 10:06:34AM +0200, Mikhail Morfikov wrote:
> On 13/06/2024 10.27 pm, Lennart Poettering wrote:
> > On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
> >
> > > I'm trying to make the 4 things (systemd, cgrupsv2, cgrulesengd, and
> > > nftables)
> > > work
On Fr, 14.06.24 10:06, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
> > --
> > Lennart Poettering, Berlin
>
> I don't need any warranty, I need a way to make this work.
Yeah, but this is the wrong forum to ask for help then. What you are
doing is strictly against how systemd and cgroup2 is
On 13/06/2024 10.27 pm, Lennart Poettering wrote:
On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
I'm trying to make the 4 things (systemd, cgrupsv2, cgrulesengd, and nftables)
work together, but I think I'm missing something.
Is "cgrulesengd" interfering with the cgroup
On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfi...@gmail.com) wrote:
> I'm trying to make the 4 things (systemd, cgrupsv2, cgrulesengd, and nftables)
> work together, but I think I'm missing something.
Is "cgrulesengd" interfering with the cgroup tree?
Sorry, but that's simply not supported.
I'm trying to make the 4 things (systemd, cgrupsv2, cgrulesengd, and nftables)
work together, but I think I'm missing something.
Basically what I want to achieve is the filtering of OUTPUT packets in nftables
in the case of all user apps. System services work well either with
A new, official systemd release has just been tagged . Please download
the tarball here:
https://github.com/systemd/systemd/archive/v256.tar.gz
Changes since the previous release:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for
On Fr, 07.06.24 08:31, Vladimir Mokrozub (m...@mfc.tambov.gov.ru) wrote:
>
> > Uh, LVM is simply nothing anyone here tests, it's not really where the
> > future is. Please reproduce with a current systemd version (i.e. 252
> > is two years old, an eternity in Linux), and file a bug, and maybe
> >
Uh, LVM is simply nothing anyone here tests, it's not really where the
future is. Please reproduce with a current systemd version (i.e. 252
is two years old, an eternity in Linux), and file a bug, and maybe
someone with an interest in LVM will look into, but don't hold your breath.
Lennart
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v256-rc4.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
On Mi, 05.06.24 09:12, Vladimir Mokrozub (m...@mfc.tambov.gov.ru) wrote:
> Hello,
>
> OS: Debian 12
> systemd: 252
>
> Could someone please explain why systemd-umount doesn't unmount LVM volumes
> by device:
>
> $ systemd-mount /dev/vg0/lv0 /mnt/lvm/
> Started unit mnt-lvm.mount for mount point:
Hello,
OS: Debian 12
systemd: 252
Could someone please explain why systemd-umount doesn't unmount LVM
volumes by device:
$ systemd-mount /dev/vg0/lv0 /mnt/lvm/
Started unit mnt-lvm.mount for mount point: /mnt/lvm
$ findmnt -n /mnt/lvm
/mnt/lvm /dev/mapper/vg0-lv0 ext4 rw,relatime
$
For future reference,
The issue was hyper-v reclaiming memory.
Robert Landers
Software Engineer
Utrecht NL
On Thu, May 30, 2024 at 11:19 AM Robert Landers
wrote:
>
> Hello systemd developers,
>
> On WSL2 + Ubuntu 24, I'm seeing systemd locking up. There doesn't
> appear to be any log messages
Hello systemd developers,
On WSL2 + Ubuntu 24, I'm seeing systemd locking up. There doesn't
appear to be any log messages once it locks up, it stops reaping
zombie/defunct processes and responding to socket requests. I can
reliably reproduce it (just wait about 10 minutes), but I haven't the
On Wed, 29 May 2024 at 11:01, Andreas Svensson
wrote:
>
> Hello,
>
> I have a system that should keep the hardware watchdog active while
> rebooting the system. It has worked fine up to systemd version v254.
>
> I noticed that since systemd version v254 my system stops the hardware
> watchdog
On 5/29/24 11:22, Lennart Poettering wrote:
On Mi, 29.05.24 10:51, Andreas Svensson (andreas.svens...@axis.com) wrote:
Hello,
I have a system that should keep the hardware watchdog active while
rebooting the system. It has worked fine up to systemd version v254.
I noticed that since systemd
On Mi, 29.05.24 10:51, Andreas Svensson (andreas.svens...@axis.com) wrote:
> Hello,
>
> I have a system that should keep the hardware watchdog active while
> rebooting the system. It has worked fine up to systemd version v254.
>
> I noticed that since systemd version v254 my system stops the
Hello,
I have a system that should keep the hardware watchdog active while
rebooting the system. It has worked fine up to systemd version v254.
I noticed that since systemd version v254 my system stops the hardware
watchdog after systemd-shutdown completes. I think it's the
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v256-rc3.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
I'm trying to add a global OnFailure= to all the services and
excluding some non important services with /dev/null symlinks
Now when using systemd-run in some cases I also don't want to run the
OnFailure handler
I tried (and multiple small variations)
```
systemd-run --unit=test
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v256-rc2.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
On Fr, 26.04.24 09:49, Neal Gompa (ngomp...@gmail.com) wrote:
> > Well, people moved off split-usr quite successfully, which is a bigger
> > feat than cleaning up the /boot/efi/ mess I'd say.
> >
> > Fedora is currently merging /usr/bin/ and /usr/sbin/, which I am pretty
> > sure is a bigger
On Fr, 26.04.24 09:47, Neal Gompa (ngomp...@gmail.com) wrote:
> > > > * systemd-gpt-auto-generator will stop generating units for ESP
> > > > or
> > > > XBOOTLDR partitions if it finds mount entries for or below
> > > > the /boot/
> > > > or /efi/ hierarchies in
On Fri, Apr 26, 2024 at 9:46 AM Lennart Poettering
wrote:
>
> On Fr, 26.04.24 10:39, Dan Nicholson (d...@endlessos.org) wrote:
>
> > On Fri, Apr 26, 2024 at 10:11 AM Adrian Vovk wrote:
> > >
> > > Perhaps Fedora can be adjusted to follow the BLS's recommended mount
> > > points?
> >
> > The
On Fri, Apr 26, 2024 at 9:41 AM Lennart Poettering
wrote:
>
> On Do, 25.04.24 18:52, Neal Gompa (ngomp...@gmail.com) wrote:
>
> > > * systemd-gpt-auto-generator will stop generating units for ESP or
> > > XBOOTLDR partitions if it finds mount entries for or below the
> > >
On Fr, 26.04.24 10:39, Dan Nicholson (d...@endlessos.org) wrote:
> On Fri, Apr 26, 2024 at 10:11 AM Adrian Vovk wrote:
> >
> > Perhaps Fedora can be adjusted to follow the BLS's recommended mount points?
>
> The problem with all of these type of "we've realized a better way and
> the old way is
On Do, 25.04.24 18:52, Neal Gompa (ngomp...@gmail.com) wrote:
> > * systemd-gpt-auto-generator will stop generating units for ESP or
> > XBOOTLDR partitions if it finds mount entries for or below the
> > /boot/
> > or /efi/ hierarchies in /etc/fstab. This is to
On Fri, Apr 26, 2024 at 10:11 AM Adrian Vovk wrote:
>
> Perhaps Fedora can be adjusted to follow the BLS's recommended mount points?
The problem with all of these type of "we've realized a better way and
the old way is obsolete" is that it's left as someone else's issue to
actually change
systemd has been recommending against an arrangement like that for a long
time now. These partitions are often fragile (read from bootloader code, or
worse firmware! VFAT has no data integrity), and they really have no reason
to be mounted unless they're about to be accessed. Stacking the mount
On Thu, Apr 25, 2024 at 6:15 PM systemd tag bot
wrote:
>
> A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
> tarball here:
>
> https://github.com/systemd/systemd/archive/v256-rc1.tar.gz
>
> NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v256-rc1.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
Hello,
I am running an uptodate archlinux, with gnome desktop.
Please find the logs attached.
In those logs we see that systemd-oomd is triggered, and select this scope for
killing:
Hello,
I'm trying to use systemd journal remote.
Occasionally the system goes crazy, spams errors like this:
systemd-journal-remote[]: File
/var/log/journal/remote//remote-.journal corrupted or uncleanly shut down,
renaming and replacing.
When this happens, this leads to tens of 8MB .journal~
On Mo, 05.02.24 09:24, Dominick Grift (dominick.gr...@defensec.nl) wrote:
Please run "SYSTEMD_LOG_LEVEL=debug systemd-pcrlock make-policy" from
the command line, then file a github issue about this, and pastethe
output there.
Lennart
--
Lennart Poettering, Berlin
systemd v255
Debian Testing
Linux nimbus 6.6.13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1
(2024-01-20) x86_64 GNU/Linux
systemd-pcrlock
Feb 04 20:00:02 nimbus audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295
ses=4294967295 subj=sys.id:sys.role:sys.subj:s0
Dear Lennart,
thanks for the tips.
The distro is buildroot, that compiles systemd with "
-Ddefault-hierarchy=unified ".
Should I consider that the named kernel has incomplete cgroupsv2 support ?
(How can I check that ?).
I would need to cleanup the log before pasting it in a mail, but what I
On Do, 01.02.24 16:30, Thierry Bultel (thierry.bul...@linatsea.fr) wrote:
> Hi,
>
> I am using systemd v255,
> and currently using a kernel vendor branch :
>
> g...@github.com:varigit/linux-imx.git
> lf-5.15.y_var01
> imx_v7_defconfig
>
> I had no issue with the older 5.4 kernel.
>
> I have
Hi,
I am using systemd v255,
and currently using a kernel vendor branch :
g...@github.com:varigit/linux-imx.git
lf-5.15.y_var01
imx_v7_defconfig
I had no issue with the older 5.4 kernel.
I have verified that the kernel has the following options:
CONFIG_DEVTMPFS=y
CONFIG_CGROUPS=y
Hello,
Thanks for the tip, I've taken a more recent version of systemd-nspawn and
it now works.
I now have another question: I want to set up a signle process. I have a
problem on the network side, I want to launch my signle process by
connecting it to a bridge. In the .nspawn file, in the
A new, official systemd release has just been tagged . Please download
the tarball here:
https://github.com/systemd/systemd/archive/v255.tar.gz
Changes since the previous release:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for
What prevents unauthorized changes to the NV index used by
systemd-pcrlock? Is the secret key itself stored in the NV index, with
the policy deciding who can read the key? Or does the policy on the NV
index require that the policy established by systemd-pcrlock is itself
satisfied before the NV
On Mo, 04.12.23 13:01, Pintu Agarwal (pintu.p...@gmail.com) wrote:
> Hi,
> Any comments or suggestions on the below ?
I already replied.
https://lists.freedesktop.org/archives/systemd-devel/2023-November/049706.html
Lennart
--
Lennart Poettering, Berlin
Hi,
Any comments or suggestions on the below ?
On Tue, 28 Nov 2023 at 22:48, Pintu Agarwal wrote:
>
> Hi,
>
> I need some clarification about systemd services that are dependent on dbus
> service.
>
> We have a service that depends on dbus.service, so our service has to be
> started after
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v255-rc4.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
On Fr, 01.12.23 14:03, Warex61 YTB (thomasdabou...@gmail.com) wrote:
> Hello,
> I would like to use systemd-nspawn to create a container that can launch a
> single process as pid 1 and mount its configuration files. I want the
> container to be as light as possible. Is there any way of creating a
Hello,
I would like to use systemd-nspawn to create a container that can launch a
single process as pid 1 and mount its configuration files. I want the
container to be as light as possible. Is there any way of creating a
container using nspawn without using bootstrap ?
For example, using this
On Di, 28.11.23 22:48, Pintu Agarwal (pintu.p...@gmail.com) wrote:
> Hi,
>
> I need some clarification about systemd services that are dependent on dbus
> service.
>
> We have a service that depends on dbus.service, so our service has to be
> started after dbus.socket and dbus.service.
It's
Hi,
I need some clarification about systemd services that are dependent on dbus
service.
We have a service that depends on dbus.service, so our service has to be
started after dbus.socket and dbus.service.
But dbus.service comes after local-fs.target and sysinit.target.
However, our service
Hi,
not sure if this is the right place to ask. If it's not then just
ignore this post.
systemd-logind has recently introduced an option StopIdleSessionSec
which has become available in Rocky 8.7 and onward as well as in Rocky
9.
>From logind.conf(5):
StopIdleSessionSec=
Specifies a timeout in
Hi,
As I start looking at the code, is there any design documentation for
developers that describes systemd-networkd?
Specifically, I'm looking for an overview of the data-flow when an IPv6 Router
Advertisement is received, where it is processed and where it generates the
reply.
I'm slowly
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v255-rc3.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v255-rc2.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
tarball here:
https://github.com/systemd/systemd/archive/v255-rc1.tar.gz
NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to
> In the past prior to systemd-resolve as a default solution the order I
> think was followed. From what I understand windows
> https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-
> server-2008-R2-and-2008/dd197552(v=ws.10)
> prefers first server on the list (it doesn't
>
> Obviously there are other solutions to the problem described above (eg
> having multiple internal servers, although my experience was in the SOHO
> environment where that would be excessive). If as Rafał says Windows
> prioritises the first DNS option then I'm pretty sure that wasn't always
On Wed, 11 Oct 2023 at 09:37, Marc wrote:
> Having 3 different nameservers reporting different results?
>
An example I have seen quite frequently is where there is an internal DNS
which resolves local (internal) server resources and forwards anything else
to an external server such as 8.8.8.8.
>
> I hope this is the right mailing list to ask that kind of question. I'm
> following what is recommended on github issue tracker:
> https://github.com/systemd/systemd/issues/new/choose
> If it's not - feel free to point me to a different place.
>
> I use azure ubuntu 20.04 build with
W dniu 2023-10-11 09:50, Marc napisał(a):
I think this is not how resolv.conf was designed to be used. Are you
100% sure this is the only way to solve your issue? Having 3 different
nameservers reporting different results? Can't you do something with
views and sorting? What about just giving
I hope this is the right mailing list to ask that kind of question. I'm
following what is recommended on github issue tracker:
https://github.com/systemd/systemd/issues/new/choose
If it's not - feel free to point me to a different place.
I use azure ubuntu 20.04 build with nameservers obtained
On Mon, Oct 2, 2023 at 2:36 PM Pintu Agarwal wrote:
> Hi All,
>
> I have a doubt related to systemd-tmpfiles-setup.service.
> This service is mentioned to be started after local-fs.target.
> {{{
> After=local-fs.target systemd-sysusers.service
> Before=sysinit.target shutdown.target
> }}}
> In
Hi All,
I have a doubt related to systemd-tmpfiles-setup.service.
This service is mentioned to be started after local-fs.target.
{{{
After=local-fs.target systemd-sysusers.service
Before=sysinit.target shutdown.target
}}}
In this case this service takes only ~125ms.
systemd-tmpfiles-setup.service
Each nspawn container that's managed via machinectl is run as an instance
of "systemd-nspawn@.service". Add a [Service] ExecStartPre= to the instance
you need, using `systemctl edit` or similar.
On Mon, Oct 2, 2023 at 1:37 AM Rob Ert wrote:
> Hello all,
>
> As I have not been able to find an
Hello all,
As I have not been able to find an answer to my question after consulting
man pages and google, I am turning to this mailing list.
I have a systemd-nspawn os container that I have set to automatically start
with machinectl enable.
I would like to automatically have a bcachefs snapshot
On Fr, 29.09.23 10:53, Lewis Gaul (lewis.g...@gmail.com) wrote:
> Hi systemd team,
>
> I've encountered an issue when running systemd inside a container using
> cgroups v2, where if a container exec process is created at the wrong
> moment during early startup then systemd will fail to move all
> Wouldn't it be better to have the container inform the host via
NOTIFY_SOCKET (the Type=notify mechanism)? I believe systemd has had
support for sending readiness notifications from init to a container
manager for quite a while.
> Use the notify socket and you'll get a notification back when
On Fri, 29 Sept 2023 at 12:00, Lewis Gaul wrote:
>
> Hi systemd team,
>
> I've encountered an issue when running systemd inside a container using
> cgroups v2, where if a container exec process is created at the wrong moment
> during early startup then systemd will fail to move all processes
On Fri, Sep 29, 2023, 12:54 Lewis Gaul wrote:
> Hi systemd team,
>
> I've encountered an issue when running systemd inside a container using
> cgroups v2, where if a container exec process is created at the wrong
> moment during early startup then systemd will fail to move all processes
> into a
Hi systemd team,
I've encountered an issue when running systemd inside a container using
cgroups v2, where if a container exec process is created at the wrong
moment during early startup then systemd will fail to move all processes
into a child cgroup, and therefore fail to enable controllers due
On Mon, Sep 11, 2023 at 11:49 AM Lennart Poettering
wrote:
>
> On Mo, 11.09.23 11:39, Nils Kattenbeck (nilskem...@gmail.com) wrote:
>
> > On Mon, Sep 11, 2023, 10:54 Lennart Poettering
> > wrote:
> >
> > > The discoverable partition scheme has no concept of /etc/ discovery. It
> > > focusses on
On Mo, 11.09.23 11:39, Nils Kattenbeck (nilskem...@gmail.com) wrote:
> On Mon, Sep 11, 2023, 10:54 Lennart Poettering
> wrote:
>
> > On So, 10.09.23 00:33, Nils Kattenbeck (nilskem...@gmail.com) wrote:
> >
> > > Hello, I am currently trying to build a linux image with discoverable
> > >
On Mon, Sep 11, 2023, 10:54 Lennart Poettering
wrote:
> On So, 10.09.23 00:33, Nils Kattenbeck (nilskem...@gmail.com) wrote:
>
> > Hello, I am currently trying to build a linux image with discoverable
> > partitions in an A/B+etc+var scheme.
>
> The discoverable partition scheme has no concept
On So, 10.09.23 00:33, Nils Kattenbeck (nilskem...@gmail.com) wrote:
> Hello, I am currently trying to build a linux image with discoverable
> partitions in an A/B+etc+var scheme.
The discoverable partition scheme has no concept of /etc/ discovery. It
focusses on three basic setups:
1. writable
Hello, I am currently trying to build a linux image with discoverable
partitions in an A/B+etc+var scheme. I know that /usr and /var have a
corresponding partition UUID for automatically mounting them as per
DPS. However, I am not sure how to mount the /etc partition? Do I have
to specify it as
I was just 'cleaning up' a bit an ubuntu server from unnecessary running
processes. I think I removed also some things from systemd. Now I have that
some external auth that is slow due to the fact that the external auth host has
two ip addresses configured. One of those ip addresses is not
On Wed, Aug 23, 2023 at 12:50 PM Aleksandar Kostadinov
wrote:
>
> On Wed, Aug 23, 2023 at 10:49 AM Andrei Borzenkov wrote:
> <...>
> > > > Sure, if you allow unencrypted systems to boot in your OS then all
> > > > bets are off. You shouldn't do that of course.
> > > >
> > > > (in my model of
On Wed, Aug 23, 2023 at 10:49 AM Andrei Borzenkov wrote:
<...>
> > > Sure, if you allow unencrypted systems to boot in your OS then all
> > > bets are off. You shouldn't do that of course.
> > >
> > > (in my model of mind, where automatic GPT image dissection is used the
> > > image dissection
On Tue, Aug 22, 2023 at 10:45 PM Aleksandar Kostadinov
wrote:
>
> On Tue, Aug 22, 2023 at 8:10 PM Lennart Poettering
> wrote:
> > On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> <...>
> > > If attacker replaces volume with unencrypted one, and it boots without
> > >
On Di, 22.08.23 22:35, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> On Tue, Aug 22, 2023 at 8:10 PM Lennart Poettering
> wrote:
> > On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> <...>
> > > If attacker replaces volume with unencrypted one, and it boots
On Tue, Aug 22, 2023 at 8:10 PM Lennart Poettering
wrote:
> On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote:
<...>
> > If attacker replaces volume with unencrypted one, and it boots without
> > messing up the sealing PCRs, then probably attacker can query the TPM
> > and
On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> > > I'm concerned though about an attacker replacing the encrypted root volume
> > > with a non-encrypted one. Which may result in system booting an attacker
> > > controlled environment while PCRs may be in a state that
On Tue, Aug 22, 2023 at 4:16 PM Lennart Poettering
wrote:
>
> On Mo, 21.08.23 17:40, Aleksandar Kostadinov (akost...@redhat.com) wrote:
>
> > Hello,
> >
> > This is more of a user question but I didn't find any other suitable forum
> > to ask.
> >
> > I want to install a server that should have
On Mo, 21.08.23 19:56, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> Thanks, this is what I was also considering the feasibility of. And whether
> it made sense to begin with. Any idea how can this be done with systemd?
>
> In man I read:
>
> > Note that currently when enrolling a
On Mo, 21.08.23 17:40, Aleksandar Kostadinov (akost...@redhat.com) wrote:
> Hello,
>
> This is more of a user question but I didn't find any other suitable forum
> to ask.
>
> I want to install a server that should have an encrypted root but be able
> to reboot unattended.
>
> systemd-cryptenroll
Thanks, this is what I was also considering the feasibility of. And whether
it made sense to begin with. Any idea how can this be done with systemd?
In man I read:
> Note that currently when enrolling a new key of one of the five
> supported types listed above, it is required to
Have your initramfs *extend* a PCR after it retrieves the key from the TPM,
before it switches to (or even unlocks) the rootfs. As most PCRs cannot be
rolled back without a reboot, this would prevent the key from being
unsealed from a running system even if it manages to boot (without causing
the
Hello,
This is more of a user question but I didn't find any other suitable forum
to ask.
I want to install a server that should have an encrypted root but be able
to reboot unattended.
systemd-cryptenroll with TPM2 looks like a viable option. I'm concerned
about which PCRs to pin so that an
Thanks. Adding libdw as dependency does get the stack traces working.
From: Richard Purdie
Sent: Friday, August 11, 2023 3:57 AM
To: Lennart Poettering ; Aaron Brice
Cc: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] systemd-coredump stack
On Fri, 2023-08-11 at 12:34 +0200, Lennart Poettering wrote:
> On Do, 10.08.23 20:34, Aaron Brice (aaron.br...@nikolamotor.com) wrote:
>
> > I am trying to enable stack traces for core dumps with
> > systemd-coredump. I have a yocto build for aarch64 containing
> > systemd 250 with the coredump
On Do, 10.08.23 20:34, Aaron Brice (aaron.br...@nikolamotor.com) wrote:
> I am trying to enable stack traces for core dumps with
> systemd-coredump. I have a yocto build for aarch64 containing
> systemd 250 with the coredump and elfutils options enabled in the
> build, and the binaries I'm
1 - 100 of 4045 matches
Mail list logo
