Re: [systemd-devel] systemd 219 unmounting things unexpectedly

[Steven Noonan]

I cherry-picked some patches from git, which fixed it, but they are
pretty big patches. At least it works now:

commit 628c89cc68ab96fce2de7ebba5933725d147aecc
Author: Lennart Poettering 
Date:   Fri Feb 27 21:55:08 2015 +0100

   core: rework device state logic

   This change introduces a new state "tentative" for device units. Device
   units are considered "plugged" when udev announced them, "dead" when
   they are not available in the kernel, and "tentative" when they are
   referenced in /proc/self/mountinfo or /proc/swaps but not (yet)
   announced via udev.

   This should fix a race when device nodes (like loop devices) are created
   and immediately mounted. Previously, systemd might end up seeing the
   mount unit before the device, and would thus pull down the mount because
   its BindTo dependency on the device would not be fulfilled.

commit 98f738b62047229af4a929d7996e2ab04253b02c
Author: Colin Walters 
Date:   Tue Feb 17 13:47:34 2015 -0500

   unit: When stopping due to BindsTo=, log which unit caused it

   I'm trying to track down a relatively recent change in systemd
   which broke OSTree; see https://bugzilla.gnome.org/show_bug.cgi?id=743891

   Systemd started to stop sysroot.mount, and this patch should help
   me debug why at least.

   While we're here, "break" on the first unit we find that will
   deactivate, as there's no point in further iteration

commit 5bd4b173605142c7be493aa4d958ebaef21f421d
Author: Lennart Poettering 
Date:   Wed Feb 25 22:05:14 2015 +0100

   unit: use weaker dependencies between mount and device units in --user mode

   When running in user mode unmounting of mount units when a device
   vanishes is unlikely to work, and even if it would work is already done
   by PID 1 anyway. HEnce, when creating implicit dependencies between
   mount units and their backing devices, created a Wants= type dependency
   in --user mode, but leave a BindsTo= dependency in --system mode.

On Sun, Mar 29, 2015 at 5:56 PM, Canek Peláez Valdés  wrote:
> On Sun, Mar 29, 2015 at 6:48 PM, Steven Noonan 
> wrote:
>>
>> This is weird. I issued a 'mount' command, which succeeds, but then
>> systemd jumps in and immediately unmounts it. What's going on here?
>>
>> Command issued:
>>
>> mount -o loop,ro someisofile.iso /mnt
>>
>> Journal shows this mess:
>>
>> Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount is bound to
>> inactive unit. Stopping, too.
>> Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount is bound to inactive
>> unit. Stopping, too.
>> Mar 29 17:39:06 loki systemd[2480]: Unit mnt.mount is bound to
>> inactive unit. Stopping, too.
>> Mar 29 17:39:06 loki systemd[2460]: Unmounting /mnt...
>> Mar 29 17:39:06 loki systemd[2480]: Unmounting /mnt...
>> Mar 29 17:39:06 loki systemd[1]: Unmounting /mnt...
>> Mar 29 17:39:06 loki systemd[1]: mnt.mount mount process exited,
>> code=exited status=32
>> Mar 29 17:39:06 loki systemd[1]: Unmounted /mnt.
>> Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount entered failed state.
>> Mar 29 17:39:06 loki systemd[2460]: mnt.mount mount process exited,
>> code=exited status=1
>> Mar 29 17:39:06 loki systemd[2460]: Unmounted /mnt.
>> Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount entered failed state.
>> Mar 29 17:39:06 loki umount[4173]: umount: /mnt: not mounted
>> Mar 29 17:39:06 loki umount[4175]: umount: /mnt: not mounted
>> Mar 29 17:39:06 loki systemd[1]: mnt.mount failed to run 'mount' task:
>> No such file or directory
>> Mar 29 17:39:06 loki systemd[1]: Failed to mount /mnt.
>> Mar 29 17:39:06 loki systemd[1]: Mounting /mnt...
>> Mar 29 17:39:06 loki systemd[2480]: Unmounted /mnt.
>>
>> systemd[1] is obviously PID1.
>> systemd[2460] is the 'systemd --user' for my user
>> systemd[2480] is the 'systemd --user' for root
>>
>> Why all three observed the '/mnt' mount appearing and all three
>> decided to issue the unmount is beyond me.
>>
>> What inactive unit is it talking about? I don't have a 'mnt.mount'
>> unit anywhere. Why did systemd decide to do this? Is there a way to
>> tell systemd to keep its hands off?
>
> https://bugs.freedesktop.org/show_bug.cgi?id=89383
>
> The propose patch works for me.
>
> Regards.
> --
> Canek Peláez Valdés
> Profesor de asignatura, Facultad de Ciencias
> Universidad Nacional Autónoma de México
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd 219 unmounting things unexpectedly

[Canek Peláez Valdés]

On Sun, Mar 29, 2015 at 6:48 PM, Steven Noonan 
wrote:
>
> This is weird. I issued a 'mount' command, which succeeds, but then
> systemd jumps in and immediately unmounts it. What's going on here?
>
> Command issued:
>
> mount -o loop,ro someisofile.iso /mnt
>
> Journal shows this mess:
>
> Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount is bound to
> inactive unit. Stopping, too.
> Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount is bound to inactive
> unit. Stopping, too.
> Mar 29 17:39:06 loki systemd[2480]: Unit mnt.mount is bound to
> inactive unit. Stopping, too.
> Mar 29 17:39:06 loki systemd[2460]: Unmounting /mnt...
> Mar 29 17:39:06 loki systemd[2480]: Unmounting /mnt...
> Mar 29 17:39:06 loki systemd[1]: Unmounting /mnt...
> Mar 29 17:39:06 loki systemd[1]: mnt.mount mount process exited,
> code=exited status=32
> Mar 29 17:39:06 loki systemd[1]: Unmounted /mnt.
> Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount entered failed state.
> Mar 29 17:39:06 loki systemd[2460]: mnt.mount mount process exited,
> code=exited status=1
> Mar 29 17:39:06 loki systemd[2460]: Unmounted /mnt.
> Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount entered failed state.
> Mar 29 17:39:06 loki umount[4173]: umount: /mnt: not mounted
> Mar 29 17:39:06 loki umount[4175]: umount: /mnt: not mounted
> Mar 29 17:39:06 loki systemd[1]: mnt.mount failed to run 'mount' task:
> No such file or directory
> Mar 29 17:39:06 loki systemd[1]: Failed to mount /mnt.
> Mar 29 17:39:06 loki systemd[1]: Mounting /mnt...
> Mar 29 17:39:06 loki systemd[2480]: Unmounted /mnt.
>
> systemd[1] is obviously PID1.
> systemd[2460] is the 'systemd --user' for my user
> systemd[2480] is the 'systemd --user' for root
>
> Why all three observed the '/mnt' mount appearing and all three
> decided to issue the unmount is beyond me.
>
> What inactive unit is it talking about? I don't have a 'mnt.mount'
> unit anywhere. Why did systemd decide to do this? Is there a way to
> tell systemd to keep its hands off?

https://bugs.freedesktop.org/show_bug.cgi?id=89383

The propose patch works for me.

Regards.
--
Canek Peláez Valdés
Profesor de asignatura, Facultad de Ciencias
Universidad Nacional Autónoma de México
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd 219 unmounting things unexpectedly

[Steven Noonan]

This is weird. I issued a 'mount' command, which succeeds, but then
systemd jumps in and immediately unmounts it. What's going on here?

Command issued:

mount -o loop,ro someisofile.iso /mnt

Journal shows this mess:

Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount is bound to
inactive unit. Stopping, too.
Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount is bound to inactive
unit. Stopping, too.
Mar 29 17:39:06 loki systemd[2480]: Unit mnt.mount is bound to
inactive unit. Stopping, too.
Mar 29 17:39:06 loki systemd[2460]: Unmounting /mnt...
Mar 29 17:39:06 loki systemd[2480]: Unmounting /mnt...
Mar 29 17:39:06 loki systemd[1]: Unmounting /mnt...
Mar 29 17:39:06 loki systemd[1]: mnt.mount mount process exited,
code=exited status=32
Mar 29 17:39:06 loki systemd[1]: Unmounted /mnt.
Mar 29 17:39:06 loki systemd[1]: Unit mnt.mount entered failed state.
Mar 29 17:39:06 loki systemd[2460]: mnt.mount mount process exited,
code=exited status=1
Mar 29 17:39:06 loki systemd[2460]: Unmounted /mnt.
Mar 29 17:39:06 loki systemd[2460]: Unit mnt.mount entered failed state.
Mar 29 17:39:06 loki umount[4173]: umount: /mnt: not mounted
Mar 29 17:39:06 loki umount[4175]: umount: /mnt: not mounted
Mar 29 17:39:06 loki systemd[1]: mnt.mount failed to run 'mount' task:
No such file or directory
Mar 29 17:39:06 loki systemd[1]: Failed to mount /mnt.
Mar 29 17:39:06 loki systemd[1]: Mounting /mnt...
Mar 29 17:39:06 loki systemd[2480]: Unmounted /mnt.

systemd[1] is obviously PID1.
systemd[2460] is the 'systemd --user' for my user
systemd[2480] is the 'systemd --user' for root

Why all three observed the '/mnt' mount appearing and all three
decided to issue the unmount is beyond me.

What inactive unit is it talking about? I don't have a 'mnt.mount'
unit anywhere. Why did systemd decide to do this? Is there a way to
tell systemd to keep its hands off?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Masked services start dependencies in any case

[Jan Engelhardt]

Thread originated in
http://lists.opensuse.org/opensuse-factory/2015-03/msg00419.html

On Monday 2015-03-30 01:07, Jan Engelhardt wrote:
>On Sunday 2015-03-29 20:24, Stefan Seifert wrote:
>>
>>Some time in the last month Tumbleweed lost the ability to boot into runlevel 
>>3 (command line with no X server running) by appending a 3 to the kernel line 
>>in the grub menu. I guess that's because with systemd there are no numbered 
>>runlevels anymore,
>
>There is a bug… somewhere. !@#$%^&


Our basic.target requests klog.service.

Our klog.service has a Requires=default.target defined. This resolves 
to, say, graphical.target, *rather than* what's on the command line. And 
so, the graphic parts are started *even if* you have "3" on the boot 
line.

klog.service itself is masked in our setup, so it won't be started, but 
its dependencies *are* in systemd-219. Why, o why? >:-{
This did not occur in 210.




systemd debug messages….(after patching source code…):

Mar 29 19:38:37 jng-sfac systemd[1]: Pulling in graphical.target/start 
from klog.service/start

The log message at the start of the 
transaction_add_job_and_dependencies() function should really always be 
enabled, and not commented out, so that people can exactly figure out 
these kinds of weird systemd behaviors.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] OnCalendar every X minutes

[Mirco Tischler]

2015-03-29 23:48 GMT+02:00 Max :
> 29.03.2015 21:28, T.C. Hollingsworth пишет:
>>
>> On Mar 29, 2015 9:52 AM, "Max" > > wrote:
>> >
>> > Hi.
>> >
>> > Is there a way to make timer unit which will execute things every X 
>> > minutes where X
>> > is not divisor for 60?
>> > In case of divisor it's obvious:
>> >
>> > [Timer]
>> > OnCalendar=*:00/10
>> >
>> > Will run every 10 minutes which nicely fit into 60 minutes hour. What if I 
>> > would like
>> > to run things every 11 minutes: 0, 11, 22, 33, 44, 55, 66, 77...
>> >
>> > If I interpret 
>> > http://www.freedesktop.org/software/systemd/man/systemd.time.html
>> > correctly than
>> > OnCalendar=*:00/11 will run on 0, 11...44,55,0,11... resulting in 
>> > unevenness at the
>> > end of an hour.
>> >
>> > Am I missing something?
>>
>> Yes. :-)  See OnActiveSec and related options, listed right above OnCalendar 
>> in the
>> documentation you linked to.
>>
>
> You probably mean 
> http://www.freedesktop.org/software/systemd/man/systemd.timer.html
> which is indeed easy to confuse with what I've linked too :)
>
> Unfortunately it doesn't have any examples :(
>
> [Timer]
> OnActiveSec=11min
>
> Will this fire up once after the timer activation? How do I combine it with 
> other
> directives to make it fire _every_ 11 minutes?
>
> cheers,
> Max.
>
What you want is OnUnitActiveSec=11min. This will cause the service
(or type of unit) associated with the timer unit to start every 11
minutes. But only if the service isn't still activated as I
understand.
OnActiveSec=11min will start the service once 11 minutes after the
timer unit itself is started.
There's also OnUnitInactiveSec where the service is started 11 minutes
after it has stopped. This may be useful if your service may need more
than 11 minutes until it exits.

In the man page it is recommended to combine OnUnitActiveSec with
onBootSec to start the service once after boot and in regular
intervals from then on.

However there's one difference between these relative triggers and
OnCalendar: you can only use Persistent= in combination with
OnCalendar. This means that if your timer elapses in 5 minutes and you
suspend your machine for an hour or so, after resume it still elapses
in 5 minutes.

Mirco
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH v2] systemd-bootchart: Prevent closing random file descriptors

[Daniel Mack]

On 03/29/2015 08:41 PM, Alexander Sverdlin wrote:
> If the kernel has no CONFIG_SCHED_DEBUG option set, systemd-bootchart produces
> empty .svg file. The reason for this is very fragile file descriptor logic in
> log_sample() and main() (/* do some cleanup, close fd's */ block). There are
> many places where file descriptors are closed on failure (missing SCHED_DEBUG
> provokes it), but there are several problems with it:
>  - following iterations in the loop see that the descriptor is non zero and do
>not open the corresponding file again;
>  - "some cleanup" code closes already closed files and the descriptors are 
> reused
>already, in particular for resulting .svg file;
>  - static "vmstat" and "schedstat" variables in log_sample() made the 
> situation
>even worse.

Looks good to me. Applied, thanks!


Daniel

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] What requires kmod

[Michael Biebl]

Are you sure?

units/kmod-static-nodes.service.in

ExecStart=@KMOD@ static-nodes --format=tmpfiles
--output=/run/tmpfiles.d/kmod.conf

2015-03-30 0:00 GMT+02:00 Jan Engelhardt :
>
> systemd/configure.ac has a
>
> AC_CHECK_PROG([KMOD]...)
>
> but what actually *uses* this? The way it looks, it's all (udev rules)
> using libkmod directly.
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] What requires kmod

[Jan Engelhardt]

systemd/configure.ac has a

AC_CHECK_PROG([KMOD]...)

but what actually *uses* this? The way it looks, it's all (udev rules) 
using libkmod directly.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] OnCalendar every X minutes

[Max]

29.03.2015 21:28, T.C. Hollingsworth пишет:
>
> On Mar 29, 2015 9:52 AM, "Max"  > wrote:
> >
> > Hi.
> >
> > Is there a way to make timer unit which will execute things every X minutes 
> > where X
> > is not divisor for 60?
> > In case of divisor it's obvious:
> >
> > [Timer]
> > OnCalendar=*:00/10
> >
> > Will run every 10 minutes which nicely fit into 60 minutes hour. What if I 
> > would like
> > to run things every 11 minutes: 0, 11, 22, 33, 44, 55, 66, 77...
> >
> > If I interpret 
> > http://www.freedesktop.org/software/systemd/man/systemd.time.html
> > correctly than
> > OnCalendar=*:00/11 will run on 0, 11...44,55,0,11... resulting in 
> > unevenness at the
> > end of an hour.
> >
> > Am I missing something?
>
> Yes. :-)  See OnActiveSec and related options, listed right above OnCalendar 
> in the
> documentation you linked to.
>

You probably mean 
http://www.freedesktop.org/software/systemd/man/systemd.timer.html
which is indeed easy to confuse with what I've linked too :)

Unfortunately it doesn't have any examples :(

[Timer]
OnActiveSec=11min

Will this fire up once after the timer activation? How do I combine it with 
other
directives to make it fire _every_ 11 minutes?

cheers,
Max.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] Set the NOCOW flag for the journal via tmpfiles

[Goffredo Baroncelli]

Hi,
did you find the time to give a look a these patches ? Do you have any 
suggestions ?

BR
G.Baroncelli

On 2015-03-21 12:56, Goffredo Baroncelli wrote:
> 
> Hi all,
> 
> these patches set reverts the commit 11689d2 "journald: turn off COW for
> journal files on btrfs" which enables *unconditionally* the NOCOW flag for the
> journal files. The reason was that the performances of the journal file format
> are very bad on btrfs, and decrease during the time. Disabling the COW
> behavior, the perfomances increase.
> Unfortunately disabling the COW behavior leads to disable the BTRFS checksums,
> which in turn prevents BTRFS to rebuild a corrupted file in a RAID
> filesystem [3].
> 
> To avoid that I proposed a patch which introduces a configurable option to
> disables the "turn off COW" behavior[1]. Lennart commented that instead he
> prefer to set the NOCOW attribute via tmpfile.d snippets.
> 
> A further patches set was proposed and accepted [2] to extend systemd-tmpfiles
> to change the file attributes.
> 
> This last patches set removes the "turn off COW" behavior (patch #1) and
> introduces a new tmpfiles.d snippet which enable the NOCOW beahvior for the
> journal files (patch #2). So a sysadmin can disable this setting overriding
> this file configuration.
> 
> BR
> G.Baroncelli
> 
> 
> [1] Re: [systemd-devel] [RFC][PATCH] Add option to enable COW for journal file
> https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28724.html
> 
> [2] 
> https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg29313.html
> 
> [3] http://en.wikipedia.org/wiki/Btrfs#Checksum_tree_and_scrubbing
> 
> --
> gpg @keyserver.linux.it: Goffredo Baroncelli 
> Key fingerprint BBF5 1610 0B64 DAC6 5F7D  17B2 0EDA 9B37 8B82 E0B5
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> 


-- 
gpg @keyserver.linux.it: Goffredo Baroncelli 
Key fingerprint BBF5 1610 0B64 DAC6 5F7D  17B2 0EDA 9B37 8B82 E0B5
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Different behaviour when sending SIGTERM

[Marcos Mello]

Squid is known to be borked when running as a daemon (background):

http://bugs.squid-cache.org/show_bug.cgi?id=3826#c12

But still I am experiencing a difference between systemd's "built in" signal
delivery and systemctl kill.

# systemctl -l status squid.service
* squid.service - Squid Web Proxy Server
   Loaded: loaded (/etc/systemd/system/squid.service; disabled)
   Active: active (running) since Sun 2015-03-29 15:21:16 BRT; 20s ago
  Process: 1488 ExecStart=/usr/sbin/squid $SQUID_OPTS (code=exited,
status=0/SUCCESS)
 Main PID: 1491 (squid)
   CGroup: /system.slice/squid.service
   |-1489 /usr/sbin/squid -sX
   |-1491 (squid-1) -sX
   |-1492 (ssl_crtd) -s /var/lib/squid/ssl_db -M 4MB -b 4096
   |-1493 (ssl_crtd) -s /var/lib/squid/ssl_db -M 4MB -b 4096
   |-1494 (ssl_crtd) -s /var/lib/squid/ssl_db -M 4MB -b 4096
   |-1495 (ssl_crtd) -s /var/lib/squid/ssl_db -M 4MB -b 4096
   |-1496 (ssl_crtd) -s /var/lib/squid/ssl_db -M 4MB -b 4096
   `-1497 (logfile-daemon) /var/log/squid/access.log

Mar 29 15:21:16 xxx.localdomain squid[1491]: 0 Objects cancelled.
Mar 29 15:21:16 xxx.localdomain squid[1491]: 0 Duplicate URLs purged.
Mar 29 15:21:16 xxx.localdomain squid[1491]: 0 Swapfile clashes avoided.
Mar 29 15:21:16 xxx.localdomain squid[1491]: Took 0.23 seconds (  0.00
objects/sec).
Mar 29 15:21:16 xxx.localdomain squid[1491]: Beginning Validation Procedure
Mar 29 15:21:16 xxx.localdomain systemd[1]: squid.service: Supervising
process 1491 which is not our child. We'll most likely not notice when it exits.
Mar 29 15:21:16 xxx.localdomain squid[1491]: Completed Validation Procedure
Mar 29 15:21:16 xxx.localdomain squid[1491]: Validated 0 Entries
Mar 29 15:21:16 xxx.localdomain squid[1491]: store_swap_size = 0.00 KB
Mar 29 15:21:16 xxx.localdomain squid[1491]: storeLateRelease: released 0
objects

After 'systemctl stop squid.service':

# strace -f -e trace=process -p 1491
Process 1491 attached
+++ killed by SIGKILL +++

When I run 'systemctl kill --kill-who=main squid.service':

# strace -f -e trace=process -p 1510
Process 1510 attached
--- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=1, si_uid=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1516, si_uid=23,
si_status=SIGTERM, si_utime=0, si_stime=0} ---
wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGTERM}], WNOHANG, NULL) = 1516
wait4(-1, 0x7ffd9ffe6624, WNOHANG, NULL) = 0
exit_group(0)   = ?
+++ exited with 0 +++

The modified service file:

# /etc/systemd/system/squid.service
[Unit]
Description=Squid Web Proxy Server
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/squid.pid
EnvironmentFile=/etc/sysconfig/squid
#ExecStartPre=/usr/local/libexec/cache_swap.sh
ExecStart=/usr/sbin/squid $SQUID_OPTS
ExecReload=/usr/bin/kill -HUP $MAINPID
#ExecStop=/usr/sbin/squid -k shutdown
KillMode=process
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

Reload works fine. 'squid -k shutdown' (it just sends SIGTERM to the pid
file process) works fine. Any clues? This is Fedora 21 (systemd-216-21)
running squid-3.4.12-2 from updates-testing.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] OnCalendar every X minutes

[T.C. Hollingsworth]

On Mar 29, 2015 9:52 AM, "Max"  wrote:
>
> Hi.
>
> Is there a way to make timer unit which will execute things every X
minutes where X
> is not divisor for 60?
> In case of divisor it's obvious:
>
> [Timer]
> OnCalendar=*:00/10
>
> Will run every 10 minutes which nicely fit into 60 minutes hour. What if
I would like
> to run things every 11 minutes: 0, 11, 22, 33, 44, 55, 66, 77...
>
> If I interpret
http://www.freedesktop.org/software/systemd/man/systemd.time.html
> correctly than
> OnCalendar=*:00/11 will run on 0, 11...44,55,0,11... resulting in
unevenness at the
> end of an hour.
>
> Am I missing something?

Yes. :-)  See OnActiveSec and related options, listed right above
OnCalendar in the documentation you linked to.

-T.C.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] systemd-bootchart: Repair Entropy Graph

[Alexander Sverdlin]

Entropy Graph code doesn't handle the error condition if open() of /proc entry
fails. Moreover, the file is only opened once and only first sample will contain
the correct value because the return value of pread() is also not handled
properly and file is not re-opened. Fix both problems.
---
 src/bootchart/store.c | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/bootchart/store.c b/src/bootchart/store.c
index 8e9a62f..fb3dc9a 100644
--- a/src/bootchart/store.c
+++ b/src/bootchart/store.c
@@ -119,7 +119,7 @@ void log_sample(int sample, struct list_sample_data **ptr) {
 int c;
 int p;
 int mod;
-static int e_fd;
+static int e_fd = -1;
 ssize_t s;
 ssize_t n;
 struct dirent *ent;
@@ -215,16 +215,21 @@ schedstat_next:
 }

 if (arg_entropy) {
-if (!e_fd) {
+if (e_fd < 0) {
 e_fd = openat(procfd, 
"sys/kernel/random/entropy_avail", O_RDONLY);
+if (e_fd == -1) {
+log_error_errno(errno, "Failed to open 
/proc/sys/kernel/random/entropy_avail: %m");
+exit(EXIT_FAILURE);
+}
 }

-if (e_fd) {
-n = pread(e_fd, buf, sizeof(buf) - 1, 0);
-if (n > 0) {
-buf[n] = '\0';
-sampledata->entropy_avail = atoi(buf);
-}
+n = pread(e_fd, buf, sizeof(buf) - 1, 0);
+if (n <= 0) {
+close(e_fd);
+e_fd = -1;
+} else {
+buf[n] = '\0';
+sampledata->entropy_avail = atoi(buf);
 }
 }


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] systemd-bootchart: Prevent leaking file descriptors in open-fdopen combination

[Alexander Sverdlin]

Correctly handle the potential failure of fdopen() (because of OOM, for 
instance)
after potentially successful open(). Prevent leaking open fd in such case.
---
 src/bootchart/store.c | 12 ++--
 src/bootchart/svg.c   |  9 +
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/bootchart/store.c b/src/bootchart/store.c
index 3900936..8e9a62f 100644
--- a/src/bootchart/store.c
+++ b/src/bootchart/store.c
@@ -330,9 +330,13 @@ schedstat_next:
 /* ppid */
 sprintf(filename, "%d/stat", pid);
 fd = openat(procfd, filename, O_RDONLY);
+if (fd == -1)
+continue;
 st = fdopen(fd, "r");
-if (!st)
+if (!st) {
+close(fd);
 continue;
+}
 if (!fscanf(st, "%*s %*s %*s %i", &p)) {
 continue;
 }
@@ -432,9 +436,13 @@ schedstat_next:
 if (!ps->smaps) {
 sprintf(filename, "%d/smaps", pid);
 fd = openat(procfd, filename, O_RDONLY);
+if (fd == -1)
+continue;
 ps->smaps = fdopen(fd, "r");
-if (!ps->smaps)
+if (!ps->smaps) {
+close(fd);
 continue;
+}
 setvbuf(ps->smaps, smaps_buf, _IOFBF, 
sizeof(smaps_buf));
 }
 else {
diff --git a/src/bootchart/svg.c b/src/bootchart/svg.c
index e1fc531..5412915 100644
--- a/src/bootchart/svg.c
+++ b/src/bootchart/svg.c
@@ -170,6 +170,9 @@ static void svg_title(const char *build) {
 if (!fgets(cmdline, 255, f))
 sprintf(cmdline, "Unknown");
 fclose(f);
+} else {
+if (fd >= 0)
+close(fd);
 }

 /* extract root fs so we can find disk model name in sysfs */
@@ -185,6 +188,9 @@ static void svg_title(const char *build) {
 if (!fgets(model, 255, f))
 fprintf(stderr, "Error reading disk model for 
%s\n", rootbdev);
 fclose(f);
+} else {
+if (fd >= 0)
+close(fd);
 }
 }

@@ -208,6 +214,9 @@ static void svg_title(const char *build) {
 }
 }
 fclose(f);
+} else {
+if (fd >= 0)
+close(fd);
 }

 svg("Bootchart for %s - 
%s\n",

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd 204 to 215 (Debian version) fails to recognize that LVM2 device nodes are already present and accessible

[Dominik Brodowski]

Dear systemd developers,

In my custom initramfs, lvm vgmknodes successfully creates the device
nodes for /dev/vg0/home and /dev/vg0/swap . However, /home is left unmounted
and swap is still off. Then, after handing business over to systemd (with
/dev re-mounted), and after some services are activated successfully,
systemd enters an emergency shell: The (autogenerated)
systemd-cryptsetup@home.service and systemd-cryptsetup@swap.service want
dev-vg0-home.device and dev-vg0-swap.device to be ready, but

$ systemctl status dev-vg0-home.device
and $ systemctl status dev-vg0-swap.device

show they are inactive -- even though the device nodes at /dev/vg0/home and
/dev/vg0/swap actually exists and are working!

A workaround for this bug is to mask these devices:

$ systemctl mask /etc/systemd/system/dev-vg0-home.device
$ systemctl mask /etc/systemd/system/dev-vg0-var.device

Is there any better option available?

Many thanks for taking a look at this issue.

Best,
Dominik

[*] Debian version 215-12. The issue is present (at least) since 204-8, see
Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745390 . I
_could_ try out upstream systemd if really needed, but maybe that's not
necessary?


signature.asc
Description: Digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH v2] systemd-bootchart: Prevent closing random file descriptors

[Alexander Sverdlin]

If the kernel has no CONFIG_SCHED_DEBUG option set, systemd-bootchart produces
empty .svg file. The reason for this is very fragile file descriptor logic in
log_sample() and main() (/* do some cleanup, close fd's */ block). There are
many places where file descriptors are closed on failure (missing SCHED_DEBUG
provokes it), but there are several problems with it:
 - following iterations in the loop see that the descriptor is non zero and do
   not open the corresponding file again;
 - "some cleanup" code closes already closed files and the descriptors are 
reused
   already, in particular for resulting .svg file;
 - static "vmstat" and "schedstat" variables in log_sample() made the situation
   even worse.

These are the strace fragments:

[...]
close(7)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
pread(7, 0xbea60a2c, 4095, 0)   = -1 EBADF (Bad file descriptor)
close(7)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
pread(7, 0xbea60a2c, 4095, 0)   = -1 EBADF (Bad file descriptor)
close(7)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
getdents64(4, /* 0 entries */, 32768)   = 0
clock_gettime(CLOCK_MONOTONIC, {24, 783843501}) = 0
nanosleep({0, 5221792}, NULL)   = 0
clock_gettime(CLOCK_MONOTONIC, {24, 789726835}) = 0
lseek(4, 0, SEEK_SET)   = 0
pread(5, "nr_free_pages 52309\nnr_alloc_bat"..., 4095, 0) = 685
pread(6, "version 15\ntimestamp 4294939775\n"..., 4095, 0) = 86
getdents64(4, /* 99 entries */, 32768)  = 2680
pread(7, 0xbea60a2c, 4095, 0)   = -1 EBADF (Bad file descriptor)
close(7)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
pread(8, 0xbea60a2c, 4095, 0)   = -1 EBADF (Bad file descriptor)
close(8)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
pread(9, 0xbea60a2c, 4095, 0)   = -1 EBADF (Bad file descriptor)
close(9)= -1 EBADF (Bad file descriptor)
[...]

where it obviously tries to close same and reused decriptors many times, also
passing return code "-1" instead of descriptor...

[...]
close(7)= -1 EBADF (Bad file descriptor)
close(-1)   = -1 EBADF (Bad file descriptor)
pipe2([7, 8], O_CLOEXEC)= 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0xb6fd0068) = 192
close(8)= 0
fcntl64(7, F_SETFD, 0)  = 0
fstat64(7, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb6fd2000
read(7, "[0.074507] calling  vfp_init"..., 4096) = 4096
[...]
read(7, "s)\n[6.228910] UBIFS: reserve"..., 4096) = 4096
read(7, "trary Executable File Formats Fi"..., 4096) = 1616
read(7, "", 4096)   = 0
close(7)= 0
wait4(192, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 192
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=192, si_uid=0, 
si_status=0, si_utime=9, si_stime=9} ---
munmap(0xb6fd2000, 4096)= 0
fstat64(7, 0xbea62850)  = -1 EBADF (Bad file descriptor)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb6fce000
write(7, "http://www.w3.org/Graphics/SVG/";..., 52) = -1 EBADF (Bad file 
descriptor)
[...]

here .svg file had descriptor 7, but was closed by log_sample(), then even 
reused
to read /proc entry and finally systemd-bootchart even tries to write .svg 
file, but
descriptor is long time lost already.

Fix it by ensuring that the variables are always initialized to -1 and set again
to -1 after close(). Change the logic for opening files, because "0" is also a
valid file descriptor.

The fix is important even with CONFIG_SCHED_DEBUG option enabled, because very
first failure to open /proc//* if process exited will result in some other
victim descriptor being closed later and will therefore disturb the whole
collected statistics.
---

Changes in v2:
- "closed" state of file descriptors changed to "-1" instead of "0", as 
proposed by
  Daniel Mack
- Thunderbird repaired and doesn't brake patches any more

 src/bootchart/bootchart.c |  4 ++--
 src/bootchart/store.c | 27 +++
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/src/bootchart/bootchart.c b/src/bootchart/bootchart.c
index 71dffc9..f50479d 100644
--- a/src/bootchart/bootchart.c
+++ b/src/bootchart/bootchart.c
@@ -448,9 +448,9 @@ int main(int argc, char *argv[]) {
 ps = ps_first;
 while (ps->next_ps)

[systemd-devel] OnCalendar every X minutes

[Max]

Hi.

Is there a way to make timer unit which will execute things every X minutes 
where X
is not divisor for 60?
In case of divisor it's obvious:

[Timer]
OnCalendar=*:00/10

Will run every 10 minutes which nicely fit into 60 minutes hour. What if I 
would like
to run things every 11 minutes: 0, 11, 22, 33, 44, 55, 66, 77...

If I interpret http://www.freedesktop.org/software/systemd/man/systemd.time.html
correctly than 
OnCalendar=*:00/11 will run on 0, 11...44,55,0,11... resulting in unevenness at 
the
end of an hour.

Am I missing something?
If not - are there plans to introduce such notion like OnCakendar=every 11 min. 
?

cheers,
Max.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] nspawn: fallback on bind mount when mknod fails

[Alban Crequy]

On Sun, Mar 29, 2015 at 5:24 PM, Tom Gundersen  wrote:
>
> On Mar 29, 2015 5:18 PM, "Alban Crequy"  wrote:
>>
>> From: Alban Crequy 
>>
>> Some systems abusively restrict mknod, even when the device node already
>> exists in /dev. This is unfortunate because it prevents systemd-nspawn
>> from creating the basic devices in /dev in the container.
>>
>> This patch implements a workaround: when mknod fails, fallback on bind
>> mounts.
>
> Could we just always use bind mounts and avoid the two code paths?

It's possible but I avoided it in order not to add to many entries in
/proc/self/mounts and /proc/self/mountinfo in the normal case when
mknod is not restricted.

I don't have a strong opinion about this. If you think my concern
about the mount entries is less important than avoiding two code
paths, I can prepare another patch.

Alban

> Tom
>
>> Additionally, /dev/console was created with a mknod with the same
>> major/minor as /dev/null before bind mounting a pts on it. This patch
>> removes the mknod and creates an empty regular file instead.
>>
>> In order to test this patch, I used the following configuration, which I
>> think should replicate the system with the abusive restriction on mknod:
>>
>>   # grep devices /proc/self/cgroup
>>   4:devices:/user.slice/restrict
>>   # cat /sys/fs/cgroup/devices/user.slice/restrict/devices.list
>>   c 1:9 r
>>   c 5:2 rw
>>   c 136:* rw
>>   # systemd-nspawn --register=false -D .
>> ---
>>  src/nspawn/nspawn.c | 27 ++-
>>  1 file changed, 14 insertions(+), 13 deletions(-)
>>
>> diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
>> index 300b6df..09fff38 100644
>> --- a/src/nspawn/nspawn.c
>> +++ b/src/nspawn/nspawn.c
>> @@ -1449,8 +1449,17 @@ static int copy_devnodes(const char *dest) {
>>  return -r;
>>  }
>>
>> -if (mknod(to, st.st_mode, st.st_rdev) < 0)
>> -return log_error_errno(errno, "mknod(%s)
>> failed: %m", to);
>> +if (mknod(to, st.st_mode, st.st_rdev) < 0) {
>> +if (errno != EPERM)
>> +return log_error_errno(errno,
>> "mknod(%s) failed: %m", to);
>> +
>> +/* Some systems abusively restrict mknod
>> but
>> + * allow bind mounts. */
>> +if (touch(to) < 0)
>> +return log_error_errno(errno,
>> "touch (%s) failed: %m", to);
>> +if (mount(from, to, "bind", MS_BIND,
>> NULL) < 0)
>> +return log_error_errno(errno,
>> "both mknod and bind mount (%s) failed: %m", to);
>> +}
>>
>>  if (arg_userns && arg_uid_shift != UID_INVALID)
>>  if (lchown(to, arg_uid_shift,
>> arg_uid_shift) < 0)
>> @@ -1481,7 +1490,6 @@ static int setup_ptmx(const char *dest) {
>>  static int setup_dev_console(const char *dest, const char *console) {
>>  _cleanup_umask_ mode_t u;
>>  const char *to;
>> -struct stat st;
>>  int r;
>>
>>  assert(dest);
>> @@ -1489,24 +1497,17 @@ static int setup_dev_console(const char *dest,
>> const char *console) {
>>
>>  u = umask();
>>
>> -if (stat("/dev/null", &st) < 0)
>> -return log_error_errno(errno, "Failed to stat /dev/null:
>> %m");
>> -
>>  r = chmod_and_chown(console, 0600, 0, 0);
>>  if (r < 0)
>>  return log_error_errno(r, "Failed to correct access mode
>> for TTY: %m");
>>
>>  /* We need to bind mount the right tty to /dev/console since
>>   * ptys can only exist on pts file systems. To have something
>> - * to bind mount things on we create a device node first, and
>> - * use /dev/null for that since we the cgroups device policy
>> - * allows us to create that freely, while we cannot create
>> - * /dev/console. (Note that the major minor doesn't actually
>> - * matter here, since we mount it over anyway). */
>> + * to bind mount things on we create a empty regular file. */
>>
>>  to = strjoina(dest, "/dev/console");
>> -if (mknod(to, (st.st_mode & ~0) | 0600, st.st_rdev) < 0)
>> -return log_error_errno(errno, "mknod() for /dev/console
>> failed: %m");
>> +if (touch(to) < 0)
>> +return log_error_errno(errno, "touch() for /dev/console
>> failed: %m");
>>
>>  if (mount(console, to, "bind", MS_BIND, NULL) < 0)
>>  return log_error_errno(errno, "Bind mount for
>> /dev/console failed: %m");
>> --
>> 2.1.4
>>
>> ___
>> systemd-devel mailing list
>> systemd-devel@lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-dev

Re: [systemd-devel] [PATCH] systemd-bootchart: Prevent closing random file descriptors

[Kay Sievers]

On Sun, Mar 29, 2015 at 5:17 PM, Daniel Mack  wrote:
> On 03/29/2015 03:04 PM, Alexander Sverdlin wrote:
>> On 29/03/15 13:44, Daniel Mack wrote:
 @@ -184,6 +185,7 @@ vmstat_next:
> n = pread(schedstat, buf, sizeof(buf) - 1, 0); if (n <= 0) {
> close(schedstat); +schedstat = 0;
>>> Note that 0 is a valid file descriptor number. You should really
>>> rather reset the variables to -1 and check for '>= 0'. This applies
>>> to all hunks of this patch, which also needs a rebase onto the
>>> current git HEAD.
>>
>> I believe, it was HEAD as of time of patch submission, but I can of
>> course rebase it once again. Regarding 0: everywhere in the program
>> it relies on the fact that newly allocated memory is zeroed and files
>> are only opened if the corresponding file descriptor field of a
>> structure is 0. So do you propose to change the logic everywhere
>> where the files are opened?
>
> I see. As that code doesn't close stdin, 0 can't be returned by any
> open*(), so that's not a real issues, but all code should still be
> written in a way that it treats 0 as valid descriptor. So we need to
> explicitly initialize fd variables to -1 after new0(), and refactor code
> to where necessary.

Right, we rely on uninitialized fds to be negative. Even when it is
not commonly used, the _cleanup_close_ logic and other commonly
used fd handling functions, which should probably used in bootchart
too, rely on it:
  http://cgit.freedesktop.org/systemd/systemd/tree/src/shared/util.c#n272

Kay
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] nspawn: fallback on bind mount when mknod fails

[Tom Gundersen]

On Mar 29, 2015 5:18 PM, "Alban Crequy"  wrote:
>
> From: Alban Crequy 
>
> Some systems abusively restrict mknod, even when the device node already
> exists in /dev. This is unfortunate because it prevents systemd-nspawn
> from creating the basic devices in /dev in the container.
>
> This patch implements a workaround: when mknod fails, fallback on bind
> mounts.

Could we just always use bind mounts and avoid the two code paths?

Tom

> Additionally, /dev/console was created with a mknod with the same
> major/minor as /dev/null before bind mounting a pts on it. This patch
> removes the mknod and creates an empty regular file instead.
>
> In order to test this patch, I used the following configuration, which I
> think should replicate the system with the abusive restriction on mknod:
>
>   # grep devices /proc/self/cgroup
>   4:devices:/user.slice/restrict
>   # cat /sys/fs/cgroup/devices/user.slice/restrict/devices.list
>   c 1:9 r
>   c 5:2 rw
>   c 136:* rw
>   # systemd-nspawn --register=false -D .
> ---
>  src/nspawn/nspawn.c | 27 ++-
>  1 file changed, 14 insertions(+), 13 deletions(-)
>
> diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
> index 300b6df..09fff38 100644
> --- a/src/nspawn/nspawn.c
> +++ b/src/nspawn/nspawn.c
> @@ -1449,8 +1449,17 @@ static int copy_devnodes(const char *dest) {
>  return -r;
>  }
>
> -if (mknod(to, st.st_mode, st.st_rdev) < 0)
> -return log_error_errno(errno, "mknod(%s)
failed: %m", to);
> +if (mknod(to, st.st_mode, st.st_rdev) < 0) {
> +if (errno != EPERM)
> +return log_error_errno(errno,
"mknod(%s) failed: %m", to);
> +
> +/* Some systems abusively restrict mknod
but
> + * allow bind mounts. */
> +if (touch(to) < 0)
> +return log_error_errno(errno,
"touch (%s) failed: %m", to);
> +if (mount(from, to, "bind", MS_BIND,
NULL) < 0)
> +return log_error_errno(errno,
"both mknod and bind mount (%s) failed: %m", to);
> +}
>
>  if (arg_userns && arg_uid_shift != UID_INVALID)
>  if (lchown(to, arg_uid_shift,
arg_uid_shift) < 0)
> @@ -1481,7 +1490,6 @@ static int setup_ptmx(const char *dest) {
>  static int setup_dev_console(const char *dest, const char *console) {
>  _cleanup_umask_ mode_t u;
>  const char *to;
> -struct stat st;
>  int r;
>
>  assert(dest);
> @@ -1489,24 +1497,17 @@ static int setup_dev_console(const char *dest,
const char *console) {
>
>  u = umask();
>
> -if (stat("/dev/null", &st) < 0)
> -return log_error_errno(errno, "Failed to stat /dev/null:
%m");
> -
>  r = chmod_and_chown(console, 0600, 0, 0);
>  if (r < 0)
>  return log_error_errno(r, "Failed to correct access mode
for TTY: %m");
>
>  /* We need to bind mount the right tty to /dev/console since
>   * ptys can only exist on pts file systems. To have something
> - * to bind mount things on we create a device node first, and
> - * use /dev/null for that since we the cgroups device policy
> - * allows us to create that freely, while we cannot create
> - * /dev/console. (Note that the major minor doesn't actually
> - * matter here, since we mount it over anyway). */
> + * to bind mount things on we create a empty regular file. */
>
>  to = strjoina(dest, "/dev/console");
> -if (mknod(to, (st.st_mode & ~0) | 0600, st.st_rdev) < 0)
> -return log_error_errno(errno, "mknod() for /dev/console
failed: %m");
> +if (touch(to) < 0)
> +return log_error_errno(errno, "touch() for /dev/console
failed: %m");
>
>  if (mount(console, to, "bind", MS_BIND, NULL) < 0)
>  return log_error_errno(errno, "Bind mount for
/dev/console failed: %m");
> --
> 2.1.4
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] nspawn: fallback on bind mount when mknod fails

[Alban Crequy]

From: Alban Crequy 

Some systems abusively restrict mknod, even when the device node already
exists in /dev. This is unfortunate because it prevents systemd-nspawn
from creating the basic devices in /dev in the container.

This patch implements a workaround: when mknod fails, fallback on bind
mounts.

Additionally, /dev/console was created with a mknod with the same
major/minor as /dev/null before bind mounting a pts on it. This patch
removes the mknod and creates an empty regular file instead.

In order to test this patch, I used the following configuration, which I
think should replicate the system with the abusive restriction on mknod:

  # grep devices /proc/self/cgroup
  4:devices:/user.slice/restrict
  # cat /sys/fs/cgroup/devices/user.slice/restrict/devices.list
  c 1:9 r
  c 5:2 rw
  c 136:* rw
  # systemd-nspawn --register=false -D .
---
 src/nspawn/nspawn.c | 27 ++-
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 300b6df..09fff38 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1449,8 +1449,17 @@ static int copy_devnodes(const char *dest) {
 return -r;
 }
 
-if (mknod(to, st.st_mode, st.st_rdev) < 0)
-return log_error_errno(errno, "mknod(%s) 
failed: %m", to);
+if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+if (errno != EPERM)
+return log_error_errno(errno, 
"mknod(%s) failed: %m", to);
+
+/* Some systems abusively restrict mknod but
+ * allow bind mounts. */
+if (touch(to) < 0)
+return log_error_errno(errno, "touch 
(%s) failed: %m", to);
+if (mount(from, to, "bind", MS_BIND, NULL) < 0)
+return log_error_errno(errno, "both 
mknod and bind mount (%s) failed: %m", to);
+}
 
 if (arg_userns && arg_uid_shift != UID_INVALID)
 if (lchown(to, arg_uid_shift, arg_uid_shift) < 
0)
@@ -1481,7 +1490,6 @@ static int setup_ptmx(const char *dest) {
 static int setup_dev_console(const char *dest, const char *console) {
 _cleanup_umask_ mode_t u;
 const char *to;
-struct stat st;
 int r;
 
 assert(dest);
@@ -1489,24 +1497,17 @@ static int setup_dev_console(const char *dest, const 
char *console) {
 
 u = umask();
 
-if (stat("/dev/null", &st) < 0)
-return log_error_errno(errno, "Failed to stat /dev/null: %m");
-
 r = chmod_and_chown(console, 0600, 0, 0);
 if (r < 0)
 return log_error_errno(r, "Failed to correct access mode for 
TTY: %m");
 
 /* We need to bind mount the right tty to /dev/console since
  * ptys can only exist on pts file systems. To have something
- * to bind mount things on we create a device node first, and
- * use /dev/null for that since we the cgroups device policy
- * allows us to create that freely, while we cannot create
- * /dev/console. (Note that the major minor doesn't actually
- * matter here, since we mount it over anyway). */
+ * to bind mount things on we create a empty regular file. */
 
 to = strjoina(dest, "/dev/console");
-if (mknod(to, (st.st_mode & ~0) | 0600, st.st_rdev) < 0)
-return log_error_errno(errno, "mknod() for /dev/console 
failed: %m");
+if (touch(to) < 0)
+return log_error_errno(errno, "touch() for /dev/console 
failed: %m");
 
 if (mount(console, to, "bind", MS_BIND, NULL) < 0)
 return log_error_errno(errno, "Bind mount for /dev/console 
failed: %m");
-- 
2.1.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] systemd-bootchart: Prevent closing random file descriptors

[Daniel Mack]

Hi Alexander,

On 03/29/2015 03:04 PM, Alexander Sverdlin wrote:
> On 29/03/15 13:44, Daniel Mack wrote:
>>> @@ -184,6 +185,7 @@ vmstat_next:
 n = pread(schedstat, buf, sizeof(buf) - 1, 0); if (n <= 0) { 
 close(schedstat); +schedstat = 0;
>> Note that 0 is a valid file descriptor number. You should really
>> rather reset the variables to -1 and check for '>= 0'. This applies
>> to all hunks of this patch, which also needs a rebase onto the
>> current git HEAD.
> 
> I believe, it was HEAD as of time of patch submission, but I can of
> course rebase it once again. Regarding 0: everywhere in the program
> it relies on the fact that newly allocated memory is zeroed and files
> are only opened if the corresponding file descriptor field of a
> structure is 0. So do you propose to change the logic everywhere
> where the files are opened?

I see. As that code doesn't close stdin, 0 can't be returned by any
open*(), so that's not a real issues, but all code should still be
written in a way that it treats 0 as valid descriptor. So we need to
explicitly initialize fd variables to -1 after new0(), and refactor code
to where necessary.


Thanks,
Daniel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [systemd-219] Journal spamming by umount / high CPU usage

[Kai Krakow]

Hello!

I've got a automount point for a daily USB backup job. Due to some 
instabilities of early USB3 chipsets and early USB3 devices, the mounted 
device sometimes wents offline and eventually comes back after a while but 
my backup job is stuck (rsync). I configured rsync to shutdown upon block io 
timeouts. This in turn makes the systemd automounter think (correctly) that 
the mount point is no longer in use - but it cannot be unmounted. The 
problem here is, that it spams the journal with hundreds of messages per 
minute all day long (or as long as I don't reboot):

Mär 29 16:49:00 jupiter umount[19547]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19575]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19577]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19645]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19671]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19719]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19795]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19843]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19853]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19907]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt
Mär 29 16:49:00 jupiter umount[19947]: umount: /mnt/private/usb-backup: 
umount fehlgeschlagen: Die Operation ist nicht erlaubt

The German phrase means "umount failed: operation not permitted". This in 
turn leads to a constant CPU usage of systemd and journald between 30% and 
70% added together and the journal grows to gigabytes, meanwhile "old" 
journals become rotated away so that I currently cannot even look back far 
enough to see the logs right before that repeating incident. The system 
reboots just fine, there's no hanging systemd job during shutdown.

The thing is, the device is back - it switched to another device node, tho 
(sda at boot, not sdf). The systemd automounter happily mounts it when 
changing to the directory, and I can list all my files fine. The backup 
scratch area is dirty/incomplete as expected - but there are no file system 
errors or inconsistencies.

Related dmesg log purely for informational purpose to see the incident in 
chronological order, this in not about discussing a btrfs issue (and it is 
not):

$ dmesg|egrep "sd[af]"
[2.241559] sd 6:0:0:0: [sda] 3907029164 512-byte logical blocks: (2.00 
TB/1.81 TiB)
[2.241878] sd 6:0:0:0: [sda] Write Protect is off
[2.241883] sd 6:0:0:0: [sda] Mode Sense: 03 00 00 00
[2.242380] sd 6:0:0:0: [sda] No Caching mode page found
[2.242419] sd 6:0:0:0: [sda] Assuming drive cache: write through
[2.267163]  sda: sda1
[2.268617] sd 6:0:0:0: [sda] Attached SCSI disk
[4.349156] BTRFS: device label usb-backup devid 1 transid 28610 
/dev/sda1
# backup started here:
[13059.571377] BTRFS info (device sda1): force zlib compression
[13059.571382] BTRFS info (device sda1): disk space caching is enabled
# USB hickup here:
[58885.081027] sd 7:0:0:0: [sdf] 3907029164 512-byte logical blocks: (2.00 
TB/1.81 TiB)
[58885.081433] sd 7:0:0:0: [sdf] Write Protect is off
[58885.081437] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
[58885.081979] sd 7:0:0:0: [sdf] No Caching mode page found
[58885.083306] sd 7:0:0:0: [sdf] Assuming drive cache: write through
# backup failed here:
[58885.250710] BTRFS: error (device sda1) in btrfs_commit_transaction:2010: 
errno=-5 IO failure (Error while writing out transaction)
[58885.252190] BTRFS info (device sda1): forced readonly
[58885.252195] BTRFS warning (device sda1): Skipping commit of aborted 
transaction.
[58885.252359] BTRFS: error (device sda1) in cleanup_transaction:1670: 
errno=-5 IO failure
[58885.253900] BTRFS info (device sda1): delayed_refs has NO entry
[58885.253913] BTRFS error (device sda1): commit super ret -5
[58893.553877]  sdf: sdf1
[58893.555061] sd 7:0:0:0: [sdf] Attached SCSI disk
# I've cd'ed into the directory here:
[99457.380783] BTRFS info (device sdf1): force zlib compression
[99457.380788] BTRFS info (device sdf1): disk space caching is enabled


Here's the configuration:

$ fgrep usb-backup /etc/fstab
LABEL=usb-backup /mnt/private/usb-backup btrfs \
noauto,noatime,compress-force=zlib,subvolid=0,x-systemd.automount \
0 0

$ systemctl cat mnt-private-usb\\x2dbackup.{automount,mount}
# /run/systemd/generator/mnt-private-usb\x2dbackup.

Re: [systemd-devel] [PATCH] systemd-bootchart: Prevent closing random file descriptors

[Alexander Sverdlin]

Hello Daniel,

On 29/03/15 13:44, Daniel Mack wrote:

@@ -184,6 +185,7 @@ vmstat_next:
>   n = pread(schedstat, buf, sizeof(buf) - 1, 0);
>   if (n <= 0) {
>   close(schedstat);
>+schedstat = 0;

Note that 0 is a valid file descriptor number. You should really rather
reset the variables to -1 and check for '>= 0'. This applies to all
hunks of this patch, which also needs a rebase onto the current git HEAD.


I believe, it was HEAD as of time of patch submission, but I can of course 
rebase it once again.
Regarding 0: everywhere in the program it relies on the fact that newly 
allocated memory is zeroed
and files are only opened if the corresponding file descriptor field of a 
structure is 0. So do you
propose to change the logic everywhere where the files are opened?

Alexander.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] systemd-bootchart: Prevent closing random file descriptors

[Daniel Mack]

On 03/29/2015 03:13 AM, Alexander Sverdlin wrote:
> Fix it by zeroing all the closed descriptors immediately, this would repair
> existing caching of open files and clean-up strategy.
> 
> The fix is important even with CONFIG_SCHED_DEBUG option enabled, because very
> first failure to open /proc//* because process exited will result in some
> other victim descriptor being closed later and will therefore disturb the 
> whole
> collected statistics.
> ---
>   src/bootchart/store.c | 13 +++--
>   1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/src/bootchart/store.c b/src/bootchart/store.c
> index dfa681f..8525f62 100644
> --- a/src/bootchart/store.c
> +++ b/src/bootchart/store.c
> @@ -152,6 +152,7 @@ void log_sample(int sample, struct list_sample_data 
> **ptr) {
>   n = pread(vmstat, buf, sizeof(buf) - 1, 0);
>   if (n <= 0) {
>   close(vmstat);
> +vmstat = 0;
>   return;
>   }
>   buf[n] = '\0';
> @@ -184,6 +185,7 @@ vmstat_next:
>   n = pread(schedstat, buf, sizeof(buf) - 1, 0);
>   if (n <= 0) {
>   close(schedstat);
> +schedstat = 0;

Note that 0 is a valid file descriptor number. You should really rather
reset the variables to -1 and check for '>= 0'. This applies to all
hunks of this patch, which also needs a rebase onto the current git HEAD.


Thanks,
Daniel

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel