On Sun, 17.05.15 17:30, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-05-15 22:16 GMT+02:00 Tom Gundersen :
> > on-demand I agree with Lennart that it makes the most sense to simply
> > unconditionally load the modules. If this is undesirable the solution
> > should be to teach the kernel to auto
On Sun, May 17, 2015 at 5:30 PM, Michael Biebl wrote:
> 2015-05-15 22:16 GMT+02:00 Tom Gundersen :
>> on-demand I agree with Lennart that it makes the most sense to simply
>> unconditionally load the modules. If this is undesirable the solution
>> should be to teach the kernel to auto-load the mod
2015-05-15 22:16 GMT+02:00 Tom Gundersen :
> on-demand I agree with Lennart that it makes the most sense to simply
> unconditionally load the modules. If this is undesirable the solution
> should be to teach the kernel to auto-load the modules, not to expect
> the admin to figure out that explicit
On Wed, Apr 22, 2015 at 2:36 PM, Michael Biebl wrote:
> 2015-04-22 14:26 GMT+02:00 Lennart Poettering :
>> On Wed, 22.04.15 14:22, Michael Biebl (mbi...@gmail.com) wrote:
>>> 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
>>> > On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
>>> >
Yes, I was referring to a container when using the name "vm". Sorry if
I caused confusion with this, I used to run lots of real VMs and then
moved those over to containers and still think of those services as
virtual machines.
On Mon, Apr 27, 2015 at 5:01 PM, Lennart Poettering
wrote:
> I figure
On Sat, 25.04.15 01:44, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> By the way: Is there a way to get the journal from a --ephemeral container?
>
> I had expected --link-journal=host to work, but --link-journal seems
> to not be allowed in any way.
I figure we should teach journalctl -m to
On Sat, 25.04.15 00:14, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> Hello,
>
> sorry (again) for the delay. I unfortunately can not check into this
> as often as I would like:-(
>
> Lennart: Thank you for that patch, that does indeed fix my issue with
> read-only machine images.
>
> The ne
By the way: Is there a way to get the journal from a --ephemeral container?
I had expected --link-journal=host to work, but --link-journal seems
to not be allowed in any way.
On Sat, Apr 25, 2015 at 12:14 AM, Tobias Hunger wrote:
> Hello,
>
> sorry (again) for the delay. I unfortunately can not
Hello,
sorry (again) for the delay. I unfortunately can not check into this
as often as I would like:-(
Lennart: Thank you for that patch, that does indeed fix my issue with
read-only machine images.
The networking issue does work better when iptables are used. All I
needed to do was to make sur
On Wed, 22.04.15 16:31, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> On Wed, Apr 22, 2015 at 4:04 PM, Lennart Poettering
> wrote:
> > Well, if that's what it says, then yes. We can certainly add support
> > for manipulating nft too, but so far the APIs fo that appeared much
> > less convincin
On Wed, Apr 22, 2015 at 4:04 PM, Lennart Poettering
wrote:
> Well, if that's what it says, then yes. We can certainly add support
> for manipulating nft too, but so far the APIs fo that appeared much
> less convincing to me, and quite a bit more exotic.
The user space tools for nft are much nicer
> > > 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
> > >
> > > Well, I really don't want to give networkd the caps for that,
> > > sorry. It's a network facing daemon, it should not be able to load
> > > kernel modules.
> >
> > But it is okay for networkd to manipulate the firewall directly.
>
>
On Wed, 22.04.15 15:19, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> On Wed, Apr 22, 2015 at 3:12 PM, Tobias Hunger
> wrote:
> > Hi Lennart,
> >
> > On Wed, Apr 22, 2015 at 1:46 PM, Lennart Poettering
> > wrote:
> >>> I was trying to run "systemd-nspawn --ephemeral", but that failed
> >>> s
On Wed, 22.04.15 15:55, Dominick Grift (dac.overr...@gmail.com) wrote:
> > 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
> >
> > Well, I really don't want to give networkd the caps for that,
> > sorry. It's a network facing daemon, it should not be able to load
> > kernel modules.
>
> But it is
On Wed, 22.04.15 15:43, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-04-22 15:25 GMT+02:00 Lennart Poettering :
> > On Wed, 22.04.15 14:36, Michael Biebl (mbi...@gmail.com) wrote:
> >
> >> >> >> Not everyone is using networkd or nspawn though, so loading this
> >> >> >> module for everyone is a
On Wed, 22.04.15 15:42, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> PS: Is there a way to stop the VMs to get a btrfs subvolume created in
> /var/lib/machines?
Not in nspawn, no.
This could be implemented via seccomp though.
> I have a couple of .#vm subvolumes in /var/lib/machines now
> 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
>
> Well, I really don't want to give networkd the caps for that,
> sorry. It's a network facing daemon, it should not be able to load
> kernel modules.
But it is okay for networkd to manipulate the firewall directly.
The nft manual page states th
2015-04-22 15:25 GMT+02:00 Lennart Poettering :
> On Wed, 22.04.15 14:36, Michael Biebl (mbi...@gmail.com) wrote:
>
>> >> >> Not everyone is using networkd or nspawn though, so loading this
>> >> >> module for everyone is a bit excessive.
>> >> >
>> >> > Well, then blacklist the module or don't bui
PS: Is there a way to stop the VMs to get a btrfs subvolume created in
/var/lib/machines?
I have a couple of .#vm subvolumes in /var/lib/machines now and
btrfs subvolume delete does not work on those since they have a
subvolume in /var/lib/machine. Apparently systemd-nspawn also stumbled
over
On Wed, 22.04.15 15:19, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> On Wed, Apr 22, 2015 at 3:12 PM, Tobias Hunger
> wrote:
> > Hi Lennart,
> >
> > On Wed, Apr 22, 2015 at 1:46 PM, Lennart Poettering
> > wrote:
> >>> I was trying to run "systemd-nspawn --ephemeral", but that failed
> >>> s
On Wed, 22.04.15 15:12, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> >> Then I have trouble with "systemd-nspawn --network-veth": The host0
> >> interface won't come up and stays in degraded state. On the host i get
> >> the following line in the journal:
> >>
> >> systemd-networkd[509]: ve-XX
On Wed, 22.04.15 14:36, Michael Biebl (mbi...@gmail.com) wrote:
> >> >> Not everyone is using networkd or nspawn though, so loading this
> >> >> module for everyone is a bit excessive.
> >> >
> >> > Well, then blacklist the module or don't build it at all.
> >>
> >> That's the wrong way around.
>
On Wed, Apr 22, 2015 at 3:12 PM, Tobias Hunger wrote:
> Hi Lennart,
>
> On Wed, Apr 22, 2015 at 1:46 PM, Lennart Poettering
> wrote:
>>> I was trying to run "systemd-nspawn --ephemeral", but that failed
>>> since I had a read-only image in /var/lib/machines. Why is that not
>>> allowed? systemd-n
Hi Lennart,
On Wed, Apr 22, 2015 at 1:46 PM, Lennart Poettering
wrote:
>> I was trying to run "systemd-nspawn --ephemeral", but that failed
>> since I had a read-only image in /var/lib/machines. Why is that not
>> allowed? systemd-nspawn does create its own snapshot of that one after
>> all (whic
2015-04-22 14:26 GMT+02:00 Lennart Poettering :
> On Wed, 22.04.15 14:22, Michael Biebl (mbi...@gmail.com) wrote:
>
>> 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
>> > On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
>> >
>> >> 2015-04-22 13:57 GMT+02:00 Lennart Poettering :
>> >
On Wed, 22.04.15 14:28, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-04-22 14:22 GMT+02:00 Michael Biebl :
> > 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
> >> On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
> >>
> >>> Not everyone is using networkd or nspawn though, so loadi
2015-04-22 14:22 GMT+02:00 Michael Biebl :
> 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
>> On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
>>
>>> Not everyone is using networkd or nspawn though, so loading this
>>> module for everyone is a bit excessive.
>>
>> Well, then blackl
2015-04-22 14:14 GMT+02:00 Lennart Poettering :
> On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
>
>> 2015-04-22 13:57 GMT+02:00 Lennart Poettering :
>> >> Maybe we should simply list the iptables kernel modules in
>> >> src/core/kmod-setup, and then tell people to blacklist them i
On Wed, 22.04.15 14:22, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-04-22 14:14 GMT+02:00 Lennart Poettering :
> > On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
> >
> >> 2015-04-22 13:57 GMT+02:00 Lennart Poettering :
> >> >> Maybe we should simply list the iptables kernel mod
On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-04-22 13:57 GMT+02:00 Lennart Poettering :
> >> Maybe we should simply list the iptables kernel modules in
> >> src/core/kmod-setup, and then tell people to blacklist them if they
> >> really don't want them.
> >
> > I have mad
2015-04-22 13:57 GMT+02:00 Lennart Poettering :
>> Maybe we should simply list the iptables kernel modules in
>> src/core/kmod-setup, and then tell people to blacklist them if they
>> really don't want them.
>
> I have made such a change now:
>
> http://cgit.freedesktop.org/systemd/systemd/commit/?
On Wed, 22.04.15 13:46, Lennart Poettering (lenn...@poettering.net) wrote:
> > I have an nftables based firewall up and running, so maybe networkd is
> > expecting iptables to be in use?
>
> Most likely iptables is compiled as kernel module for you. The module
> cannot be auto-loaded currently, i
On Tue, 21.04.15 22:43, Tobias Hunger (tobias.hun...@gmail.com) wrote:
> Hi!
>
> Now that systemd 219 is finally available in arch I am playing with
> systemd-nspawn again.
>
> I was trying to run "systemd-nspawn --ephemeral", but that failed
> since I had a read-only image in /var/lib/machines.
Hi!
Now that systemd 219 is finally available in arch I am playing with
systemd-nspawn again.
I was trying to run "systemd-nspawn --ephemeral", but that failed
since I had a read-only image in /var/lib/machines. Why is that not
allowed? systemd-nspawn does create its own snapshot of that one afte
34 matches
Mail list logo
