Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Oleksii Shevchuk]

 (Note
 that this means systemd --user will only work when run from
 user@.service, as access to the cgroup tree is *not* granted for normal
 sessions directly.)

So, how sessions should work now? Before that I started systemd --user
as main session process, and when it exited, session exited too. How
should I wait for session end now?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Oleksii Shevchuk]

Ok. I trying to use current git. Nothing works for me. I.e. systemd --user
starts, but I couldn't connect to it, because it doesn't connect to 
d-bus (because dbus socket doesn't exists and systemd doesn't start dbus.socket
probably). systemd starts X services, but they couldn't establish X connection.

Generally I couldn't get the idea behind recent changes. How that supposed
to work at all? How that
1) will interract with login managers (i.e. waits for systemd --user
exits, selects proper starting unit or so)
2) will setup environment from user profile
3) will setup temporary files for user temporary folder (dbus folder,
for example)
4) will work with different login paths (ssh, local VT login, X login)

Now i have lightdm that explicity starts systemd --user as session
process. With Marc-Antoine patch that still works ok, so I will fall 
back to it and wait for some clarifications
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] no installed machine-id vs systemd-in-initramfs

[Harald Hoyer]

On 07/10/2013 05:26 PM, Colin Walters wrote:
 The gnome-ostree build system generates disk images that can be
 downloaded directly; there is no installer.
 
 In the old model of dracut shell script + systemd, systemd's main.c
 has:
 if (arg_running_as == SYSTEMD_SYSTEM ...) {
   ...
   machine_id_setup();
   ...
 }
 
 So after mounting the rootfs, we'd end up writing one to /etc (at least
 in gnome-ostree which comes with a writable copy of /etc), and it would
 persist across reboots, and all would be well with the world.
 
 In the new systemd-in-initramfs model, journald is now launched in the
 initramfs.  Dracut will copy the host's machine id into the initramfs
 if it exists, but in the gnome-ostree case (or more generally
 pre-canned OS case), there isn't one.  journald will attempt to start,
 and fail.
 
 One thought I had is to say:  If there's no /etc/machine-id in the
 initramfs, write one to /run/machine-id.  After mounting the rootfs,
 persist that to /etc.

Err, if there is no machine-id in the initramfs, systemd and journald should do
just fine.

It was this way in F18, F17.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] no installed machine-id vs systemd-in-initramfs

[Kay Sievers]

On Thu, Jul 11, 2013 at 11:55 AM, Harald Hoyer harald.ho...@gmail.com wrote:
 On 07/10/2013 05:26 PM, Colin Walters wrote:
 The gnome-ostree build system generates disk images that can be
 downloaded directly; there is no installer.

 In the old model of dracut shell script + systemd, systemd's main.c
 has:
 if (arg_running_as == SYSTEMD_SYSTEM ...) {
   ...
   machine_id_setup();
   ...
 }

 So after mounting the rootfs, we'd end up writing one to /etc (at least
 in gnome-ostree which comes with a writable copy of /etc), and it would
 persist across reboots, and all would be well with the world.

 In the new systemd-in-initramfs model, journald is now launched in the
 initramfs.  Dracut will copy the host's machine id into the initramfs
 if it exists, but in the gnome-ostree case (or more generally
 pre-canned OS case), there isn't one.  journald will attempt to start,
 and fail.

 One thought I had is to say:  If there's no /etc/machine-id in the
 initramfs, write one to /run/machine-id.  After mounting the rootfs,
 persist that to /etc.

 Err, if there is no machine-id in the initramfs, systemd and journald should 
 do
 just fine.

 It was this way in F18, F17.

Didn't it always need an empty file to over-mount it with a temporary
and randomly created one?

Kay
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] no installed machine-id vs systemd-in-initramfs

[Harald Hoyer]

On 07/11/2013 12:04 PM, Kay Sievers wrote:
 On Thu, Jul 11, 2013 at 11:55 AM, Harald Hoyer harald.ho...@gmail.com wrote:
 On 07/10/2013 05:26 PM, Colin Walters wrote:
 The gnome-ostree build system generates disk images that can be
 downloaded directly; there is no installer.

 In the old model of dracut shell script + systemd, systemd's main.c
 has:
 if (arg_running_as == SYSTEMD_SYSTEM ...) {
   ...
   machine_id_setup();
   ...
 }

 So after mounting the rootfs, we'd end up writing one to /etc (at least
 in gnome-ostree which comes with a writable copy of /etc), and it would
 persist across reboots, and all would be well with the world.

 In the new systemd-in-initramfs model, journald is now launched in the
 initramfs.  Dracut will copy the host's machine id into the initramfs
 if it exists, but in the gnome-ostree case (or more generally
 pre-canned OS case), there isn't one.  journald will attempt to start,
 and fail.

 One thought I had is to say:  If there's no /etc/machine-id in the
 initramfs, write one to /run/machine-id.  After mounting the rootfs,
 persist that to /etc.

 Err, if there is no machine-id in the initramfs, systemd and journald should 
 do
 just fine.

 It was this way in F18, F17.
 
 Didn't it always need an empty file to over-mount it with a temporary
 and randomly created one?
 
 Kay
 

To quote from the dracut install script:

if [[ $hostonly ]]; then
dracut_install -o \
/etc/machine-id
else
if ! [[ -e $initdir/etc/machine-id ]]; then
 $initdir/etc/machine-id
fi
fi

Yes, you are right. In the hostonly case, there is no empty machine-id created,
if it is missing on the running machine.


Will fix.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Help getting serial console working again after upgrade to systemd?

[Łukasz Stelmach]

It was 2013-07-10 śro 20:26, when Dmt Ops wrote:
 Hey all,

 I'm starting upgrades to old production servers to newer 64-bit Linux that
 runs systemd = v195.

 Serial consoles are always my 1st step.  Before upgrade it worked great.

 After upgrade, with the new systemd-based config, I'm not having much luck
 so far.

 I configured the grub conf:

 serial --unit=0 --speed=57600 --word=8 --parity=no --stop=1
 terminal --timeout=3 serial console
 title PRODUCTION
  root (hd0,0)
  kernel /vmlinuz root=/dev/sd1a noresume showopts x11failsafe vga=0x31a
 console=tty0 console=com1,vga
  initrd /initrd

According to kernel-parameters.txt[1] (it's for 3.10 but I assume there
hasn't been any changes in this area for quite some time) you have to
use ttyS0 instead of com1. Neither serial-console.txt[2] mentions
com[1-4] to be a proper name for a serial port.

[1] 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/kernel-parameters.txt?id=v3.10#n560
[2] 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/serial-console.txt?id=v3.10
-- 
Łukasz Stelmach
Samsung RD Institute Poland
Samsung Electronics
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Lennart Poettering]

On Wed, 10.07.13 20:07, Kok, Auke-jan H (auke-jan.h@intel.com) wrote:

  +r = cg_path_get_owner_uid(path, uid);
  +if (r  0  r != -ENOENT)
  +return r;
  +
  +if (uid != (uid_t) -1)
  +chown(fs, uid, (gid_t) -1);
  +
 
  systemd in git will now grant access to the cgroup subtree in
  user@.service to the specific user. That should solve the issue. (Note
  that this means systemd --user will only work when run from
  user@.service, as access to the cgroup tree is *not* granted for normal
  sessions directly.)
 
 can you elaborate what normal sessions are? Are we talking about
 `PAMName=systemd-shared` being the part that distinguishes them?

So, when somebody logs in now, let's say via ssh, then ssh goes
through PAM to register the new session. pam_systemd talks to logind as
part of that to make sure it is tracked by it. logind then does three
things: if this is the first login by the user, it will create a slice
unit for him, and instantiate user@1000.service for him inside that
slice. It will then create a scope unit for the PAM client, and
return. After the SSH login there will hence be three units for the
user: a scope (for the actual session), a service (for the user systemd
instance) and a slice (wrapping it all). When the user then logs in a
second time, he will get another scope within the existing slice, and no
additional user@.service will be created. After the user logs out fully
(i.e. the last of his scopes is gone) the slice and user@.service
instance is removed too. 

If a user has lingering enabled then the slice and user@.service are
instantiated at boot time already, i.e. they are not reference counted
by the session scopes.

Now, since we cannot run user code without having set up PAM for it
first user@.service will also go through PAM, however, it will be
shortcut in pam_systemd, so that it does not create a logic loop in
logind. And yeah, this instance is recognized by the pam service name as
set with PAMName=.

Only user@.service will get write access to its own cgroup subtree. This
is a good thing, since that way we can be sure that only systemd' own
code gets write access to the cgroupfs tree, and no other code.

Makes some sense I hope?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Lennart Poettering]

On Thu, 11.07.13 07:41, Oleksii Shevchuk (alx...@gmail.com) wrote:

 
  (Note
  that this means systemd --user will only work when run from
  user@.service, as access to the cgroup tree is *not* granted for normal
  sessions directly.)
 
 So, how sessions should work now? Before that I started systemd --user
 as main session process, and when it exited, session exited too. How
 should I wait for session end now?

The idea was always that there would be one systemd instance *per user*
rather than *per session*, that's why the switch is called --user
rather than --session.

You probably want your session to exist as long as the display it
manages is around.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Lennart Poettering]

On Thu, 11.07.13 09:40, Oleksii Shevchuk (alx...@gmail.com) wrote:

 
 Ok. I trying to use current git. Nothing works for me. I.e. systemd --user
 starts, but I couldn't connect to it, because it doesn't connect to 
 d-bus (because dbus socket doesn't exists and systemd doesn't start 
 dbus.socket
 probably). systemd starts X services, but they couldn't establish X
 connection.

Yeah, you need to set some env vars currently. The idea however is that
the X/dbus libraries learn to look into XDG_RUNTIME_DIR on their own.

 Generally I couldn't get the idea behind recent changes. How that supposed
 to work at all? How that
 1) will interract with login managers (i.e. waits for systemd --user
 exits, selects proper starting unit or so)

Nobody needs to wait for systemd --user exits. It will just exist in the
background as long as the user is logged in and will go away as soon as
he logs out entirely. It is refernce counted by the login sessions. 

 2) will setup environment from user profile
 3) will setup temporary files for user temporary folder (dbus folder,
 for example)
 4) will work with different login paths (ssh, local VT login, X login)
 
 Now i have lightdm that explicity starts systemd --user as session
 process. With Marc-Antoine patch that still works ok, so I will fall 
 back to it and wait for some clarifications

Yeah, starting it directly in the session is not really how we intended
it to be used, and it's problematic due to access to the cgroupfs. You
can make it work by manually granting yourself write access to the
cgroupfs subtree, but that's a hack for debugging purposes only.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [RFC PATCH] condition: add ConditionFileContains=

[Karol Lewandowski]

Add ability to test if given file contains specified value.
File and expected value are given as one argument separated
by colon (:), i.e.

  ConditionFileContains=/sys/module/sn/parameters/enabled:1

---
As above example suggests we use it to conditionally
start service based on kernel module parameter value.
This can be (ab)used for other/regular files too.

RFC

Thanks!
---
 man/systemd.unit.xml  |8 
 src/core/condition.c  |   34 +
 src/core/condition.h  |1 +
 src/core/load-fragment-gperf.gperf.m4 |1 +
 4 files changed, 44 insertions(+)

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 4f0bd64..d26bd23 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -841,6 +841,7 @@
 
termvarnameConditionDirectoryNotEmpty=/varname/term
 
termvarnameConditionFileNotEmpty=/varname/term
 
termvarnameConditionFileIsExecutable=/varname/term
+
termvarnameConditionFileContains=/varname/term
 
termvarnameConditionKernelCommandLine=/varname/term
 
termvarnameConditionVirtualization=/varname/term
 
termvarnameConditionSecurity=/varname/term
@@ -932,6 +933,13 @@
 exists, is a regular file and marked
 executable./para
 
+paravarnameConditionFileContains=/varname
+may be used to check whether a given
+file contains specified value.  The
+argument consists of file path to be
+tested, separator (:), and the
+expected value./para
+
 paraSimilar,
 varnameConditionKernelCommandLine=/varname
 may be used to check whether a
diff --git a/src/core/condition.c b/src/core/condition.c
index 427aa08..7c62d11 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -124,6 +124,36 @@ static bool test_kernel_command_line(const char 
*parameter) {
 return found;
 }
 
+static bool test_file_contains(const char *parameter) {
+int r;
+char *p;
+_cleanup_free_ char *path = NULL;
+_cleanup_free_ char *line = NULL;
+
+assert(parameter);
+
+path = strdup(parameter);
+if (!path) {
+log_oom();
+return false;
+}
+
+p = strchr(path, ':');
+if (!p)
+return false;
+
+*(p++) = '\0';
+
+r = read_one_line_file(path, line);
+
+if (r  0) {
+log_warning(Failed to read %s, ignoring: %s, path, 
strerror(-r));
+return false;
+}
+
+return !!streq(line, p);
+}
+
 static bool test_virtualization(const char *parameter) {
 int b;
 Virtualization v;
@@ -307,6 +337,9 @@ bool condition_test(Condition *c) {
 return (S_ISREG(st.st_mode)  (st.st_mode  0111)) == 
!c-negate;
 }
 
+case CONDITION_FILE_CONTAINS:
+return test_file_contains(c-parameter) == !c-negate;
+
 case CONDITION_KERNEL_COMMAND_LINE:
 return test_kernel_command_line(c-parameter) == !c-negate;
 
@@ -392,6 +425,7 @@ static const char* const 
condition_type_table[_CONDITION_TYPE_MAX] = {
 [CONDITION_DIRECTORY_NOT_EMPTY] = ConditionDirectoryNotEmpty,
 [CONDITION_FILE_NOT_EMPTY] = ConditionFileNotEmpty,
 [CONDITION_FILE_IS_EXECUTABLE] = ConditionFileIsExecutable,
+[CONDITION_FILE_CONTAINS] = ConditionFileContains,
 [CONDITION_KERNEL_COMMAND_LINE] = ConditionKernelCommandLine,
 [CONDITION_VIRTUALIZATION] = ConditionVirtualization,
 [CONDITION_SECURITY] = ConditionSecurity,
diff --git a/src/core/condition.h b/src/core/condition.h
index 50ed955..2bf26bd 100644
--- a/src/core/condition.h
+++ b/src/core/condition.h
@@ -35,6 +35,7 @@ typedef enum ConditionType {
 CONDITION_DIRECTORY_NOT_EMPTY,
 CONDITION_FILE_NOT_EMPTY,
 CONDITION_FILE_IS_EXECUTABLE,
+CONDITION_FILE_CONTAINS,
 CONDITION_KERNEL_COMMAND_LINE,
 CONDITION_VIRTUALIZATION,
 CONDITION_SECURITY,
diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index 2325d6a..310e1c5 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -134,6 +134,7 @@ Unit.ConditionPathIsReadWrite,   
config_parse_unit_condition_path,   CONDITION_P
 Unit.ConditionDirectoryNotEmpty, config_parse_unit_condition_path,   
CONDITION_DIRECTORY_NOT_EMPTY, 0
 Unit.ConditionFileNotEmpty,  

Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=

[Dave Reisner]

On Thu, Jul 11, 2013 at 07:18:35PM +0200, Karol Lewandowski wrote:
 Add ability to test if given file contains specified value.
 File and expected value are given as one argument separated
 by colon (:), i.e.
 
   ConditionFileContains=/sys/module/sn/parameters/enabled:1
 
 ---
 As above example suggests we use it to conditionally
 start service based on kernel module parameter value.
 This can be (ab)used for other/regular files too.
 
 RFC
 
 Thanks!
 ---
  man/systemd.unit.xml  |8 
  src/core/condition.c  |   34 
 +
  src/core/condition.h  |1 +
  src/core/load-fragment-gperf.gperf.m4 |1 +
  4 files changed, 44 insertions(+)
 
 diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
 index 4f0bd64..d26bd23 100644
 --- a/man/systemd.unit.xml
 +++ b/man/systemd.unit.xml
 @@ -841,6 +841,7 @@
  
 termvarnameConditionDirectoryNotEmpty=/varname/term
  
 termvarnameConditionFileNotEmpty=/varname/term
  
 termvarnameConditionFileIsExecutable=/varname/term
 +
 termvarnameConditionFileContains=/varname/term
  
 termvarnameConditionKernelCommandLine=/varname/term
  
 termvarnameConditionVirtualization=/varname/term
  
 termvarnameConditionSecurity=/varname/term
 @@ -932,6 +933,13 @@
  exists, is a regular file and marked
  executable./para
  
 +
 paravarnameConditionFileContains=/varname
 +may be used to check whether a given
 +file contains specified value.  The
 +argument consists of file path to be
 +tested, separator (:), and the
 +expected value./para
 +
  paraSimilar,
  
 varnameConditionKernelCommandLine=/varname
  may be used to check whether a
 diff --git a/src/core/condition.c b/src/core/condition.c
 index 427aa08..7c62d11 100644
 --- a/src/core/condition.c
 +++ b/src/core/condition.c
 @@ -124,6 +124,36 @@ static bool test_kernel_command_line(const char 
 *parameter) {
  return found;
  }
  
 +static bool test_file_contains(const char *parameter) {
 +int r;
 +char *p;
 +_cleanup_free_ char *path = NULL;
 +_cleanup_free_ char *line = NULL;
 +
 +assert(parameter);
 +
 +path = strdup(parameter);
 +if (!path) {
 +log_oom();
 +return false;
 +}
 +
 +p = strchr(path, ':');

This is going to fail for a file:value pair such as /foo:/bar/baz:value.
You could use strrchr(), but then you have to be concerned about
matching values with a colon.

 +if (!p)
 +return false;
 +
 +*(p++) = '\0';
 +
 +r = read_one_line_file(path, line);
 +
 +if (r  0) {
 +log_warning(Failed to read %s, ignoring: %s, path, 
 strerror(-r));
 +return false;
 +}
 +
 +return !!streq(line, p);
 +}
 +
  static bool test_virtualization(const char *parameter) {
  int b;
  Virtualization v;
 @@ -307,6 +337,9 @@ bool condition_test(Condition *c) {
  return (S_ISREG(st.st_mode)  (st.st_mode  0111)) == 
 !c-negate;
  }
  
 +case CONDITION_FILE_CONTAINS:
 +return test_file_contains(c-parameter) == !c-negate;
 +
  case CONDITION_KERNEL_COMMAND_LINE:
  return test_kernel_command_line(c-parameter) == !c-negate;
  
 @@ -392,6 +425,7 @@ static const char* const 
 condition_type_table[_CONDITION_TYPE_MAX] = {
  [CONDITION_DIRECTORY_NOT_EMPTY] = ConditionDirectoryNotEmpty,
  [CONDITION_FILE_NOT_EMPTY] = ConditionFileNotEmpty,
  [CONDITION_FILE_IS_EXECUTABLE] = ConditionFileIsExecutable,
 +[CONDITION_FILE_CONTAINS] = ConditionFileContains,
  [CONDITION_KERNEL_COMMAND_LINE] = ConditionKernelCommandLine,
  [CONDITION_VIRTUALIZATION] = ConditionVirtualization,
  [CONDITION_SECURITY] = ConditionSecurity,
 diff --git a/src/core/condition.h b/src/core/condition.h
 index 50ed955..2bf26bd 100644
 --- a/src/core/condition.h
 +++ b/src/core/condition.h
 @@ -35,6 +35,7 @@ typedef enum ConditionType {
  CONDITION_DIRECTORY_NOT_EMPTY,
  CONDITION_FILE_NOT_EMPTY,
  CONDITION_FILE_IS_EXECUTABLE,
 +CONDITION_FILE_CONTAINS,
  CONDITION_KERNEL_COMMAND_LINE,
  CONDITION_VIRTUALIZATION,
  CONDITION_SECURITY,
 diff --git a/src/core/load-fragment-gperf.gperf.m4 
 b/src/core/load-fragment-gperf.gperf.m4
 index 

[systemd-devel] My last post went as unprocessed

[David Lambert]

My last post went as unprocessed. I checked my membership and it is 
current

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] My last post went as unprocessed

[David Lambert]

OK this post went through, so I am replying with the original text that 
was unprocessed:


On my Angstrom distribution the sshd service is controlled by the file 
/lib/systemd/system/sshd@.service. What is the significance of the @ 
in the service name?


This may be buried in documentation, but is very difficult to search 
for. My apologies if it is obvious.


Best regards,

Dave.

Sorry for any confusion, but I am confused ;)

On 13-07-11 02:46 PM, David Lambert wrote:
My last post went as unprocessed. I checked my membership and it is 
current

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] fstab Mounts Not Getting Waken Up

[CACook]

I'd understood that if a mount is in fstab, that it should be 
re-established when the system wakes.  But that's not happening.


Meaning two sshfs mounts as so:
sshfs#carl@droog:/	/media/droog	fuse 
user,auto,_netdev,gid=6,umask=007,cache=no,ServerAliveInterval=15,allow_other,comment=sshfs 
0 0


Why would this be?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Oleksii Shevchuk]

 Yeah, you need to set some env vars currently. The idea however is that
 the X/dbus libraries learn to look into XDG_RUNTIME_DIR on their own.

I tried to make it work without success -- result is unusable. So, one
of the issues - pam_systemd doesn't forward environment to child
process. Without that things like pam_gnome_keyring (probably) can work
only with awfull workarounds.

 Nobody needs to wait for systemd --user exits. It will just exist in the
 background as long as the user is logged in and will go away as soon as
 he logs out entirely. It is refernce counted by the login sessions. 

Second one is absence of following mode or so. So here is the problem:
login manager forks Xsession initialization and terminates the greeter
(and session) when it exits. If daemon running in background, some
waiting mechainsm should be invented. And again, new environment should
be propagated to shared instance (and if session stops, should be
deinitialized). So, to migrate, either some new daemon should be written
to do all that stuff, or dm managers should be reworked.

Do we really need such complexity?

Maybe old behavior can be offered as the option for those of us, who
really uses user session, at least till the moment, when mainstream will
be ready for migration? 

// Btw, there are some minor issues with proper
deinitialization|stopping -- PID 1 rests in timeouts while shutdown..
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] My last post went as unprocessed

[David Lambert]

Thanks for your quick reply. I also notice a - preceding the target 
for ExecStart target. How does this work and where is it documented. 
Again very difficult to search :-[


Dave.


[Unit]
Description=OpenSSH Per-Connection Daemon
After=sshdgenkeys.service

[Service]
ExecStart=-/usr/sbin/sshd -i
ExecReload=/bin/kill -HUP $MAINPID
StandardInput=socket
StandardError=syslog



On 13-07-11 03:08 PM, Zbigniew Jędrzejewski-Szmek wrote:

On Thu, Jul 11, 2013 at 02:58:26PM -0500, David Lambert wrote:

On my Angstrom distribution the sshd service is controlled by the
file /lib/systemd/system/sshd@.service. What is the significance
of the @ in the service name?

@ means that it's a template unit. A separate instance of the
sshd@.service unit will be created for each connections, called
sshd@connection-1-details.service,
sshd@connection-2-details.service, etc.

Zbyszek


This may be buried in documentation, but is very difficult to search
for. My apologies if it is obvious.

It's described in systemd.unit(5), but not very verbosely.

Zbyszek



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Lennart Poettering]

On Thu, 11.07.13 23:20, Oleksii Shevchuk (alx...@gmail.com) wrote:

 
  Yeah, you need to set some env vars currently. The idea however is that
  the X/dbus libraries learn to look into XDG_RUNTIME_DIR on their own.
 
 I tried to make it work without success -- result is unusable. So, one
 of the issues - pam_systemd doesn't forward environment to child
 process. Without that things like pam_gnome_keyring (probably) can work
 only with awfull workarounds.

pam_gnome_keyring needs to be in the pam stack for systemd-shared of
course.

(BTW, I figure we should rename the PAM service before this gets widely
adopted. systemd-shared is not helpful...)

  Nobody needs to wait for systemd --user exits. It will just exist in the
  background as long as the user is logged in and will go away as soon as
  he logs out entirely. It is refernce counted by the login sessions. 
 
 Second one is absence of following mode or so. So here is the problem:
 login manager forks Xsession initialization and terminates the greeter
 (and session) when it exits. If daemon running in background, some
 waiting mechainsm should be invented. And again, new environment should
 be propagated to shared instance (and if session stops, should be
 deinitialized). So, to migrate, either some new daemon should be written
 to do all that stuff, or dm managers should be reworked.

Which environment would that be? 

For sockets and suchlike relying on $XDG_RUNTIME_PATH should be sufficient.

 Do we really need such complexity?
 
 Maybe old behavior can be offered as the option for those of us, who
 really uses user session, at least till the moment, when mainstream will
 be ready for migration? 

Well, you can still run systemd --user from inside the session if you
chown the cgroupfs subtree first.
 
 // Btw, there are some minor issues with proper
 deinitialization|stopping -- PID 1 rests in timeouts while shutdown..

Can you elaborate? Where exactly does it hang?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] My last post went as unprocessed

[Reindl Harald]

Am 11.07.2013 22:36, schrieb David Lambert:
 Thanks for your quick reply. I also notice a - preceding the target for 
 ExecStart target. How does this work and
 where is it documented. Again very difficult to search :-[

the command is allowed to fail without failing the service
it's common for EnvironemntFiles which are used if present
and ignored if not

in case of sshdgenkeys.service the way to go because
the kyes must be generated at the first start but
*must not* be overwritten at any later time

 [Unit]
 Description=OpenSSH Per-Connection Daemon
 After=sshdgenkeys.service
 
 [Service]
 ExecStart=-/usr/sbin/sshd -i
 ExecReload=/bin/kill -HUP $MAINPID
 StandardInput=socket
 StandardError=syslog



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] My last post went as unprocessed

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 11, 2013 at 10:59:41PM +0200, Reindl Harald wrote:
 
 
 Am 11.07.2013 22:36, schrieb David Lambert:
  Thanks for your quick reply. I also notice a - preceding the target for 
  ExecStart target. How does this work and
  where is it documented. Again very difficult to search :-[
See 
http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= 
.

 the command is allowed to fail without failing the service
 it's common for EnvironemntFiles which are used if present
 and ignored if not
Exactly.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] cgroups: chown user slices

[Lennart Poettering]

On Thu, 11.07.13 23:56, Oleksii Shevchuk (alx...@gmail.com) wrote:

 
  pam_gnome_keyring needs to be in the pam stack for systemd-shared of
  course.
 
 pam_gnome_keyring needs authinfo to unlock login keychain. Will that be
 passed to new systemd instance? 

Well, hmm, I am not sure how pam_gnome_keyring works exactly, but it
shoudln#t be too hard for it to store the auth token somewhere so that
it is accessible for all sessions of the same user. I'd recommend using
the kernel keyring for these things btw.

  Which environment would that be? 
 
 When systemd fully runs session, than that will be full profile
 environment + environment setted by login manager.
 
 For example, DM should setup DISPLAY variable.

The X11 display is passed into the PAM session as parameter. logind
knows that, and will managed a symlink in $XDG_RUNTIME_DIR to the
display. What's missing though is that libx11 can actually deal with that.

  Can you elaborate? Where exactly does it hang?
 
 Some kind of debugging environment should be setted up before that. With
 shared user instance user@.service hangs alot. Sometimes session scopes
 rests in timeouts, when user session terminated without systemctl --user
 exit. Looks like logind/pam_systemd doesn't kill something.  

Hmm, Can you enable debug-shell.service, and then check from there
what exactly is hanging, i.e. what the output of systemctl list-jobs is?

 I have some units in user session with KillMode=process. Maybe that matters

So, my suspicion is that it might be bash that is hanging. It ignores
SIGTERM and only dies on SIGHUP which the current scope code doesn't
send.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=

[Lennart Poettering]

On Thu, 11.07.13 19:18, Karol Lewandowski (k.lewando...@samsung.com) wrote:

 Add ability to test if given file contains specified value.
 File and expected value are given as one argument separated
 by colon (:), i.e.
 
   ConditionFileContains=/sys/module/sn/parameters/enabled:1

Hmm, I don't like the naming. If this is called Contains I'd always
assume that it does substring matching or so?

Maybe ConditionFileContentsIs= or so?

I don#t really like the : as separator. Either = or a space sounds better.

 +path = strdup(parameter);
 +if (!path) {
 +log_oom();
 +return false;
 +}
 +
 +p = strchr(path, ':');
 +if (!p)
 +return false;
 +
 +*(p++) = '\0';

I'd prefer if we'd have a path_is_absolute() check here, and immeidately
fail with a warning if the path isn't absolute.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=

[Lennart Poettering]

On Thu, 11.07.13 13:37, Dave Reisner (d...@falconindy.com) wrote:

  +p = strchr(path, ':');
 
 This is going to fail for a file:value pair such as /foo:/bar/baz:value.
 You could use strrchr(), but then you have to be concerned about
 matching values with a colon.

This might become a problem, but then again, I think it is OK if some
files cannot be checked with this. I'd prefer using a space or = as
separator as a better choice though, as that's probably less frequent
than : in the names of files one would check with this condition
setting.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] man: document the slice unit

[Lennart Poettering]

On Thu, 11.07.13 04:47, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:

 
 On Thu, Jul 11, 2013 at 03:02:44AM +0200, Lennart Poettering wrote:
  On Wed, 10.07.13 02:23, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) 
  wrote:
  
   ---
   Does this description fit the masterplan? What about units that
   systemd will expose for CPU and BlockIO shares, will they still be
   1024 and 1000 based?
  
  Yes, they will.
 Thanks, this clarifies things.
 
 I think we could introduce additional syntax using %:
 CPUShares=15%

But what do you do if the percentages don't add up to 100%?

We'll probably have another setting CPUBudget= where you can specify a
floating point value that specifies the maximum number of CPUs a cgroup
can get as hard ceiling. i.e. you could specify CPUBudget=0.33 to grant
a cgroup only 1/3 of one CPU at max. Or CPUBudget=3 to grant a cgroup
access to full 3 CPUs of CPU time.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Forward systemd's sleep.target to a systemd user session

[Lennart Poettering]

On Wed, 10.07.13 21:04, Jörg Thalheim (jo...@higgsboson.tk) wrote:

 How I can trigger sleep.target in systemd --user session?

What precisely are you trying to do with this?

 Can I use systemctl --user only at a login shell and not in a systemd
 unit? Because using systemd --user from tty works great.

You need access to the same bus socket. I am note sure how you set up
dbus for your session.

 My use case is to logout my jabber client before suspend (I hope this
 does not sounds to trivial compared to your serious problems, but you
 might come up with other use cases).

It's probably a better idea to patch the client to use a delay inhibitor
for this:

http://www.freedesktop.org/wiki/Software/systemd/inhibit/

 This cannot be done in a normal .service file, because it does require a
 connection to the current dbus session.

Well, systemctl --user needs that too, so you gain nothing...

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Help getting serial console working again after upgrade to systemd?

[Lennart Poettering]

On Wed, 10.07.13 11:26, Dmt Ops (ops...@gmail.com) wrote:

 Hey all,
 
 I'm starting upgrades to old production servers to newer 64-bit Linux that
 runs systemd = v195.
 
 Serial consoles are always my 1st step.  Before upgrade it worked great.
 
 After upgrade, with the new systemd-based config, I'm not having much luck
 so far.

Note that systemd will actually automatically spawn a serial getty on
the serial port kernel logging is directed to. Normally you should not
need to do anything.

 I configured the grub conf:
 
 serial --unit=0 --speed=57600 --word=8 --parity=no --stop=1
 terminal --timeout=3 serial console
 title PRODUCTION
  root (hd0,0)
  kernel /vmlinuz root=/dev/sd1a noresume showopts x11failsafe vga=0x31a
 console=tty0 console=com1,vga
   

That doesn't look right.

 With that setup I get nothing out the serial port.  I probably have the
 grub cmd line wrong for using with systemd.  I could use some help getting
 this untangled.

Maybe the baud rate isn't right? Note that serial-getty@.service will
try to reuse whatever was initialized by the kernel, hence make sure to
configure the right parameters on the kernel console and you should be
fine.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] no installed machine-id vs systemd-in-initramfs

[Lennart Poettering]

On Wed, 10.07.13 11:26, Colin Walters (walt...@verbum.org) wrote:

 The gnome-ostree build system generates disk images that can be
 downloaded directly; there is no installer.
 
 In the old model of dracut shell script + systemd, systemd's main.c
 has:
 if (arg_running_as == SYSTEMD_SYSTEM ...) {
   ...
   machine_id_setup();
   ...
 }

machine_id_setup() will:

a) do nothing if /etc/machine-id is already valid

b) if it doesn't exist or is empty and the disk is writable, it will
   create a new randomized one

c) if it exists but is empty and the disk is read-only it will mount the
   file over with a randomized one from /run.

d) otherwise it will whine.

 So after mounting the rootfs, we'd end up writing one to /etc (at least
 in gnome-ostree which comes with a writable copy of /etc), and it would
 persist across reboots, and all would be well with the world.
 
 In the new systemd-in-initramfs model, journald is now launched in the
 initramfs.  Dracut will copy the host's machine id into the initramfs
 if it exists, but in the gnome-ostree case (or more generally
 pre-canned OS case), there isn't one.  journald will attempt to start,
 and fail.

I am pretty sure you should make use of c), i.e. create an empty stub
file in your initrd image and let systemd do its thing.

 One thought I had is to say:  If there's no /etc/machine-id in the
 initramfs, write one to /run/machine-id.  After mounting the rootfs,
 persist that to /etc.

there's no need to use the same one really. It's good to use the same,
but we are OK if they aren't, after all they are sufficiently distinct
systems with a different file system tree and so on.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] journal and /run/systemd/journal/syslog

[Lennart Poettering]

On Wed, 10.07.13 12:30, Umut Tezduyar (u...@tezduyar.com) wrote:

  We though about just bumping this globally via sysctl, but we feared
  that might not sit well with some folks, as we shouldn't change a global
  setting just because one user of it would benefit, especially given that
  we don't know the effect this might have on others...
 
 I want to go this route and I think it is not possible at the moment
 due to undetermined start order between syslog.socket and
 systemd-sysctl.service. Can we change that?

Hmm, are you saying that changing the sysctl value too late will have no
effect on the sockets that already exist at that time?

You could do this on your system:

# mkdir /etc/systemd/system/syslog.socket.d/
# echo [Unit]
After=systemd-sysctl.service  
/etc/systemd/system/syslog.socket.d/after-sysctl.conf

Then, make the sysctl setting, and things should work?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/3] unit: check correct variable after strdup

[Lennart Poettering]

On Tue, 09.07.13 15:45, Lukas Nykryn (lnyk...@redhat.com) wrote:

Applied all three! Thanks!
 ---
  src/core/unit.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/core/unit.c b/src/core/unit.c
 index 447f201..b3f9832 100644
 --- a/src/core/unit.c
 +++ b/src/core/unit.c
 @@ -2302,7 +2302,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
  char *s;
  
  s = strdup(v);
 -if (!v)
 +if (!s)
  return -ENOMEM;
  
  free(u-cgroup_path);


Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC PATCH] condition: add ConditionFileContains=

[Kyungmin Park]

On Fri, Jul 12, 2013 at 7:43 AM, Lennart Poettering
lenn...@poettering.net wrote:
 On Thu, 11.07.13 13:37, Dave Reisner (d...@falconindy.com) wrote:

  +p = strchr(path, ':');

 This is going to fail for a file:value pair such as /foo:/bar/baz:value.
 You could use strrchr(), but then you have to be concerned about
 matching values with a colon.

 This might become a problem, but then again, I think it is OK if some
 files cannot be checked with this. I'd prefer using a space or = as
 separator as a better choice though, as that's probably less frequent
 than : in the names of files one would check with this condition
 setting.

 Lennart


It's another question.
the main goal of this patch is that supports conditional execution
If some services are executed with given condition, it should check
some conditions and execute different flow.
if [ condition is 1 ]; then
launch A service
else if [ condition is 2 ]; then
launch B service
else
launch C service

current systemd scheme we have to prepare three service file. so can
we make it only one service with some unit extension? IOW multipul
unit support?

[Unit]
...
ConditionBlahBlah=1

[Unit]
...
ConditionBlahBlah=2

[Unit]
...
ConditionBlahBlah=!1  !2 or empty line

Thank you,
Kyungmin Park
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel