Re: [systemd-devel] [PATCH] loopback setup in unprivileged containers

2014-12-28 Thread Tom Gundersen 
On Sun, Dec 28, 2014 at 11:56 PM, Tom Gundersen  wrote:
> On Sun, Dec 28, 2014 at 6:18 PM, Stéphane Graber
>  wrote:
>> My host system doesn't have nspawn so I can't easily test it this way,
>> but it was my understanding that nspawn didn't support user namespaces
>> and uid/gid mappings which is what I'm working with here.
>
> Indeed, that is not supported by nspawn (which explains why I cannot
> reproduce). I was able to reproduce using the userns_child_exec test
> program from [0], so I'll take a look.

The bug should now be fixed in git. Please let me know if you still
experience problems.

Thanks for the report!

Cheers,

Tom
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] loopback setup in unprivileged containers

2014-12-28 Thread Tom Gundersen 
On Sun, Dec 28, 2014 at 6:18 PM, Stéphane Graber
 wrote:
> My host system doesn't have nspawn so I can't easily test it this way,
> but it was my understanding that nspawn didn't support user namespaces
> and uid/gid mappings which is what I'm working with here.

Indeed, that is not supported by nspawn (which explains why I cannot
reproduce). I was able to reproduce using the userns_child_exec test
program from [0], so I'll take a look.

> Now, as far as I could tell, the problem was when reading a response back
> over netlink where I'd end up in an infinite recvmsg loop which would
> eventually return once the timeout for the operation would be reached.

Indeed, that seems to be the problem.

Cheers,

Tom

[0] 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] Fix install location of systemd.pc

2014-12-28 Thread Matthias Urlichs 
Hi,

Mike Gilbert:
> >   libdir=/usr/lib/x86_64-linux-gnu
> >
> > which isn't architecture agnostic and thus not suitable for
> > /usr/share/.
> 
> From Lennart's commit message, it seems like this was done intentionally.
> 
It still doesn't work on a multi-arch system. :-P

-- 
-- Matthias Urlichs
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH v2] bootchart: ship a configuration that will boot without sysvinit compat

2014-12-28 Thread Gabriel de Perthuis 
bootchart defaults to chaining to /sbin/init, which is sensible,
but in a pure systemd environment (without systemd-sysvinit)
will make the machine unbootable.

Change the default through /etc/systemd/bootchart.conf.
Keep the /sbin/init default in the source code, in case
some users rely on that.
---

Updated to take the path from autotools.


 Makefile.am | 12 +++-
 src/bootchart/.gitignore|  1 +
 src/bootchart/{bootchart.conf => bootchart.conf.in} |  2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)
 create mode 100644 src/bootchart/.gitignore
 rename src/bootchart/{bootchart.conf => bootchart.conf.in} (95%)

diff --git a/Makefile.am b/Makefile.am
index e1e0843..6be5c4f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4624,23 +4624,25 @@ systemd_bootchart_LDADD = \
libsystemd-shared.la
 
 rootlibexec_PROGRAMS += \
systemd-bootchart
 
-dist_pkgsysconf_DATA += \
+nodist_pkgsysconf_DATA += \
src/bootchart/bootchart.conf
 
 nodist_systemunit_DATA += \
units/systemd-bootchart.service
 
+CLEANFILES += \
+   src/bootchart/bootchart.conf \
+   units/systemd-bootchart.service
+endif
+
 EXTRA_DIST += \
+   src/bootchart/bootchart.conf.in \
units/systemd-bootchart.service.in
 
-CLEANFILES += \
-   units/systemd-bootchart.service
-endif
-
 # 
--
 if ENABLE_QUOTACHECK
 rootlibexec_PROGRAMS += \
systemd-quotacheck
 
diff --git a/src/bootchart/.gitignore b/src/bootchart/.gitignore
new file mode 100644
index 000..371b43b
--- /dev/null
+++ b/src/bootchart/.gitignore
@@ -0,0 +1 @@
+/bootchart.conf
diff --git a/src/bootchart/bootchart.conf b/src/bootchart/bootchart.conf.in
similarity index 95%
rename from src/bootchart/bootchart.conf
rename to src/bootchart/bootchart.conf.in
index c73328f..08e7071 100644
--- a/src/bootchart/bootchart.conf
+++ b/src/bootchart/bootchart.conf.in
@@ -14,11 +14,11 @@
 #Samples=500
 #Frequency=25
 #Relative=no
 #Filter=yes
 #Output=
-#Init=/path/to/init-binary
+Init=@rootlibexecdir@/systemd
 #PlotMemoryUsage=no
 #PlotEntropyGraph=no
 #ScaleX=100
 #ScaleY=20
 #ControlGroup=no
-- 
2.2.0.71.g3365589

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] Fix install location of systemd.pc

2014-12-28 Thread Mike Gilbert 
On Sun, Dec 28, 2014 at 6:20 AM, Martin Pitt  wrote:
> Hello all,
>
> systemd.pc is currently installed into /usr/share/pkgconfig/, but this
> isn't correct: It contains "libdir" whose value is (possibly)
> architecture specific. E. g. if you configure with
> --libdir=/usr/lib/x86_64-linux-gnu (we do that in Debian for
> multi-arch support) systemd.pc contains
>
>   libdir=/usr/lib/x86_64-linux-gnu
>
> which isn't architecture agnostic and thus not suitable for
> /usr/share/.

From Lennart's commit message, it seems like this was done intentionally.

http://cgit.freedesktop.org/systemd/systemd/commit/?id=eb39a6239c631873db62f6a942e6cb3dab0a2db4
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] bootchart: ship a configuration that will boot without sysvinit compat

2014-12-28 Thread Mike Gilbert 
On Sat, Dec 27, 2014 at 8:57 AM, Gabriel de Perthuis  wrote:
> bootchart defaults to chaining to /sbin/init, which is sensible,
> but in a pure systemd environment (without systemd-sysvinit)
> will make the machine unbootable.
>
> Change the default through /etc/systemd/bootchart.conf.
> Keep the /sbin/init default in the source code, in case
> some users rely on that.
> ---
>  src/bootchart/bootchart.conf | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bootchart/bootchart.conf b/src/bootchart/bootchart.conf
> index c73328f..61ba0c1 100644
> --- a/src/bootchart/bootchart.conf
> +++ b/src/bootchart/bootchart.conf
> @@ -14,11 +14,11 @@
>  #Samples=500
>  #Frequency=25
>  #Relative=no
>  #Filter=yes
>  #Output=
> -#Init=/path/to/init-binary
> +Init=/usr/lib/systemd/systemd
>  #PlotMemoryUsage=no
>  #PlotEntropyGraph=no
>  #ScaleX=100
>  #ScaleY=20
>  #ControlGroup=no

Please do not hard-code the path to systemd; it gets installed under
$(rootprefix)/lib/systemd, and rootprefix is a configure option.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Quiesce audit message flood from 218

2014-12-28 Thread Reindl Harald 


Am 28.12.2014 um 12:45 schrieb Martin Pitt:

systemd 218 now enables audit in the kernel unconditionally


i hope "audit=0" in the kernel line will be respected without compliant logs



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/2] fix minor typo in comment

2014-12-28 Thread Sylvain Plantefeve 
Thanks !

2014-12-28 13:05 GMT+01:00 Martin Pitt :

> Hey Sylvain,
>
> both applied, thank you!
>
> Martin
> --
> Martin Pitt| http://www.piware.de
> Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] loopback setup in unprivileged containers

2014-12-28 Thread Tom Gundersen 
Hi Martin,

On Sat, Dec 27, 2014 at 7:27 PM, Martin Pitt  wrote:
> I'm forwarding a patch for the loopback setup from Stéphane. I already
> pushed one part of it as 
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=58a489c
> which is trivial and obvious, but the other part isn't.

Thanks for that fix!

I had a look at this code again, and it turns out that the whole
address checking is not really needed any longer, and can be
simplified quite a bit. I'd like to push the attached patch if no one
objects.

> Stéphane Graber  wrote:
>> Attached is a pretty simple patch/workaround to fix the massive CPU
>> usage of systemd in unprivileged containers.
>>
>> LXC provides each containers with an already-UP loopback device. systemd
>> will attempt to bring it up regardless of its current state and doing so
>> gets it into a broken codepath somewhere deep in the netlink handling
>> code of systemd.

Hi Stéphane,

I was not able to reproduce this. Is it reproducable for you using
nspawn? If not, could you point me to how to reproduce it with LXC, or
even better give some more details about the failure you see "deep in
the netlink handling"? Is it 100% reproducible, and are you able to
get a backtrace? This really sounds like something we need to fix at
its root.

> The fix is to always check whether the loopback is ready to use before
> doing anything.

The workaround looks fine (i.e., it will give the correct behaviour),
but I'd really prefer that we don't do this upstream, but rather fix
the underlying problem.

Cheers,

Tom
From 13139185a50c286769810e3e7979cfcf51c48ee9 Mon Sep 17 00:00:00 2001
From: Tom Gundersen 
Date: Sun, 28 Dec 2014 13:38:23 +0100
Subject: [PATCH] core: loopback - simplify check_loopback()

We no longer configure the addresses on the loopback interface, but simply bring it up
and let the kernel do the rest. Also change the check to only check if the interface
is up, rather than checking for the IPv4 loopback address.
---
 src/core/loopback-setup.c | 42 ++
 1 file changed, 18 insertions(+), 24 deletions(-)

diff --git a/src/core/loopback-setup.c b/src/core/loopback-setup.c
index ab6335c..0d7d00c 100644
--- a/src/core/loopback-setup.c
+++ b/src/core/loopback-setup.c
@@ -56,30 +56,24 @@ static int start_loopback(sd_rtnl *rtnl) {
 return 0;
 }
 
-static int check_loopback(void) {
+static bool check_loopback(sd_rtnl *rtnl) {
+_cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL, *reply = NULL;
+unsigned flags;
 int r;
-_cleanup_close_ int fd = -1;
-union {
-struct sockaddr sa;
-struct sockaddr_in in;
-} sa = {
-.in.sin_family = AF_INET,
-.in.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
-};
-
-/* If we failed to set up the loop back device, check whether
- * it might already be set up */
-
-fd = socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
-if (fd < 0)
-return -errno;
-
-if (bind(fd, &sa.sa, sizeof(sa.in)) >= 0)
-r = 1;
-else
-r = errno == EADDRNOTAVAIL ? 0 : -errno;
-
-return r;
+
+r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX);
+if (r < 0)
+return r;
+
+r = sd_rtnl_call(rtnl, req, 0, &reply);
+if (r < 0)
+return r;
+
+r = sd_rtnl_message_link_get_flags(reply, &flags);
+if (r < 0)
+return r;
+
+return flags & IFF_UP;
 }
 
 int loopback_setup(void) {
@@ -92,7 +86,7 @@ int loopback_setup(void) {
 
 r = start_loopback(rtnl);
 if (r == -EPERM) {
-if (check_loopback() < 0)
+if (!check_loopback(rtnl))
 return log_warning_errno(EPERM, "Failed to configure loopback device: %m");
 } else if (r < 0)
 return log_warning_errno(r, "Failed to configure loopback device: %m");
-- 
2.2.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/2] fix minor typo in comment

2014-12-28 Thread Martin Pitt 
Hey Sylvain,

both applied, thank you!

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/2] fix minor typo in comment

2014-12-28 Thread Sylvain Plantefève 
From: Sylvain Plantefève 

---
 src/libsystemd/sd-bus/bus-error.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libsystemd/sd-bus/bus-error.c 
b/src/libsystemd/sd-bus/bus-error.c
index 2955d9d..09800ec 100644
--- a/src/libsystemd/sd-bus/bus-error.c
+++ b/src/libsystemd/sd-bus/bus-error.c
@@ -265,7 +265,7 @@ int bus_error_setfv(sd_bus_error *e, const char *name, 
const char *format, va_li
 return -ENOMEM;
 }
 
-/* Of we hit OOM on formatting the pretty message, we ignore
+/* If we hit OOM on formatting the pretty message, we ignore
  * this, since we at least managed to write the error name */
 if (format)
 (void) vasprintf((char**) &e->message, format, ap);
-- 
2.1.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 2/2] machined: fix MarkReadOnly method's name on bus

2014-12-28 Thread Sylvain Plantefève 
From: Sylvain Plantefève 

---
 src/machine/image-dbus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c
index 5ac689c..659f7de 100644
--- a/src/machine/image-dbus.c
+++ b/src/machine/image-dbus.c
@@ -142,7 +142,7 @@ const sd_bus_vtable image_vtable[] = {
 SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, 0),
 SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, 0),
 SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, 0),
-SD_BUS_METHOD("MarkeReadOnly", "b", NULL, 
bus_image_method_mark_read_only, 0),
+SD_BUS_METHOD("MarkReadOnly", "b", NULL, 
bus_image_method_mark_read_only, 0),
 SD_BUS_VTABLE_END
 };
 
-- 
2.1.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Quiesce audit message flood from 218

2014-12-28 Thread Martin Pitt 
Hello all,

systemd 218 now enables audit in the kernel unconditionally [1]. While
these messages might be nice to have in the journal, they literally
flood dmesg and thus /var/log/syslog and friends with messages like

[39098.129349] audit: type=1105 audit(1419765421.403:4233): pid=25633 uid=0 
auid=0 ses=20 msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" 
hostname=? addr=? terminal=cron res=success'

$ dmesg |grep -c audit
786

and more importantly, eats a lot of real kernel/daemon messages due to
rate limiting: I have many dozen messages like

  [37444.978307] audit_printk_skb: 222 callbacks suppressed

and they demonstrably cause e. g. AppArmor violations to not get shown
due to this.

Is there a way to make the audit messages *only* go to the journal,
but not to dmesg and sysloggers? If not, could we perhaps add a
./configure or config file option for this, to disable audit on
systems where we don't need it?

Thanks,

Martin

[1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=4d9ced995
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] Fix install location of systemd.pc

2014-12-28 Thread Martin Pitt 
Hello all,

systemd.pc is currently installed into /usr/share/pkgconfig/, but this
isn't correct: It contains "libdir" whose value is (possibly)
architecture specific. E. g. if you configure with
--libdir=/usr/lib/x86_64-linux-gnu (we do that in Debian for
multi-arch support) systemd.pc contains

  libdir=/usr/lib/x86_64-linux-gnu

which isn't architecture agnostic and thus not suitable for
/usr/share/.

Attached patch fixes this, and puts systemd.pc into the same pkgconfig
dir as the libraries.

Thanks,

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
From d8cfbf1c7696371ee5f73e42a3dd031d67044099 Mon Sep 17 00:00:00 2001
From: Martin Pitt 
Date: Sun, 28 Dec 2014 12:14:25 +0100
Subject: [PATCH] build-sys: Fix install location of systemd.pc

systemd.pc contains "libdir" which can be architecture specific. Thus it needs
to be installed into libdir/pkgconfig/ instead of datadir/pkgconfig.

As nothing else is using pkgconfigdata any more, remove it entirely.

Note that udev.pc does not contain architecture specific values and thus can be
kept in /usr/share/pkgconfig/.
---
 Makefile.am | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index e1e0843..631d67e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -74,7 +74,6 @@ dbussessionservicedir=@dbussessionservicedir@
 dbussystemservicedir=@dbussystemservicedir@
 pamlibdir=@pamlibdir@
 pamconfdir=@pamconfdir@
-pkgconfigdatadir=$(datadir)/pkgconfig
 pkgconfiglibdir=$(libdir)/pkgconfig
 polkitpolicydir=$(datadir)/polkit-1/actions
 bashcompletiondir=@bashcompletiondir@
@@ -1302,7 +1301,7 @@ dist_dbussystemservice_DATA += \
 polkitpolicy_in_in_files += \
 	src/core/org.freedesktop.systemd1.policy.in.in
 
-pkgconfigdata_DATA = \
+pkgconfiglib_DATA += \
 	src/core/systemd.pc
 
 nodist_rpmmacros_DATA = \
@@ -6081,7 +6080,6 @@ EXTRA_DIST += \
 CLEANFILES += \
 	$(nodist_systemunit_DATA) \
 	$(nodist_userunit_DATA) \
-	$(pkgconfigdata_DATA) \
 	$(pkgconfiglib_DATA) \
 	$(nodist_polkitpolicy_DATA)
 
-- 
2.1.3



signature.asc
Description: Digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel