date:20210611

[systemd-devel] Running systemd unprivileged in Docker container

2021-06-11 Thread Johannes Ernst

I can run a full Arch system (with systemd as PID 1) in a Docker container in 
Docker privileged mode:
sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd
but privileged mode is, well, a bit privileged. I believe used to be able to 
tone this down with something like:

sudo docker run -i -t --cap-add=ALL -v /sys/fs/cgroup:/sys/fs/cgroup:ro 
archlinux /usr/lib/systemd/systemd
or even less capabilities than "all". But now I'm getting:

systemd 248.3-2-arch running in system mode. (+PAM +AUDIT -SELINUX 
-APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL 
+ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 
-PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP 
-SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture x86-64.
Detected first boot.

Welcome to Arch Linux!

Initializing machine ID from random generator.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!] Failed to allocate manager object.
Exiting PID 1...
I don't understand what that means. (Somebody likes exclamation marks.) What's 
the "manager object", and who is trying to allocate it?

Assuming that the "Read-only filesystem" in question is that /sys/fs/cgroup, 
when binding it into the container as read-write I get that instead:

Failed to create /init.scope control group: No such file or directory
Failed to allocate manager object: No such file or directory
This long Serverfault thread 

 may be related? Are they saying it's broken? Can it be done?

Posted this earlier  in the Arch 
forum, lots of views, no answers.

Thanks,



Johannes.___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Script in system-sleep that makes an HTTP post

2021-06-11 Thread Mantas Mikulėnas

perror doesn't define exit statuses. It defines syscall return codes and
libc function errno values, which usually have nothing to do with the exit
code of the whole process.

Aside from the convention that "non-zero = failure", you have to look at
the docs of the whole program (e.g. if it's a shell script and the last
thing it did was call `curl` then the exit status is defined by curl).

I don't think system-sleep hooks are the right place to do network calls.
They're run at the last possible point, right before systemd tells the
kernel to suspend, but after it has informed userspace.

Hooking into sleep.target or using dbus to listen for the "PrepareForSleep"
signal might work better. Though I'm not sure how to make sure you get to
process the signal before NetworkManager does the same thing.

On Fri, Jun 11, 2021, 18:05 Doug Koobs  wrote:

> Hello all,
>
> tldr: Is there way I can use systemd to run scripts in
> /usr/lib/systemd/system-sleep at suspend before disabling the network?
>
> I've put a script in /usr/lib/systemd/system-sleep that makes an HTTP
> post to an IFTTT webhook when it's passed "pre" as $1. The script is
> successful if I run it manually, but when systemd runs it when I suspend
> the laptop, running "journalctl -b -u systemd-suspend.service" reports:
>
>  /usr/lib/systemd/system-sleep/outlet.sh failed with exit status 6.
>
> perror defines exit status 6 as: OS error code   6:  No such device or
> address
>
> This sounds like a network problem. If I disable networking and manually
> run the script, I get:
>
>  curl: (6) Could not resolve host: maker.ifttt.com
>
> My assumption is that systemd disables networking before the
> system-sleep scripts are run. Is there way I can use systemd to run the
> script before disabling the network?
>
> Thanks!
>
> Doug
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Script in system-sleep that makes an HTTP post

2021-06-11 Thread Tomasz Torcz

Dnia Fri, Jun 11, 2021 at 10:50:34AM -0400, Doug Koobs napisał(a):
> Hello all,
> 
> tldr: Is there way I can use systemd to run scripts in
> /usr/lib/systemd/system-sleep at suspend before disabling the network?
>     curl: (6) Could not resolve host: maker.ifttt.com
> 
> My assumption is that systemd disables networking before the system-sleep
> scripts are run. Is there way I can use systemd to run the script before
> disabling the network?

  Looking at match_prepare_for_sleep() function in systemd-networkd, it
doesn't seem to do anything. So systemd do not touch network when
sleeping.
  But if you use NetworkManager, it has quite comprehensive handling of
the sleep signal. You may want to look at NM configuration to see what
can be done.
  If you're using another network management software, the story can be
similar to NM. Anyway, systemd does not touch network when suspending.


-- 
Tomasz Torcz   There exists no separation between gods and men:
to...@pipebreaker.pl   one blends softly casual into the other.  — Frank 
Herbert

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Script in system-sleep that makes an HTTP post

2021-06-11 Thread Doug Koobs


Hello all,

tldr: Is there way I can use systemd to run scripts in 
/usr/lib/systemd/system-sleep at suspend before disabling the network?


I've put a script in /usr/lib/systemd/system-sleep that makes an HTTP 
post to an IFTTT webhook when it's passed "pre" as $1. The script is 
successful if I run it manually, but when systemd runs it when I suspend 
the laptop, running "journalctl -b -u systemd-suspend.service" reports:


    /usr/lib/systemd/system-sleep/outlet.sh failed with exit status 6.

perror defines exit status 6 as: OS error code   6:  No such device or 
address


This sounds like a network problem. If I disable networking and manually 
run the script, I get:


    curl: (6) Could not resolve host: maker.ifttt.com

My assumption is that systemd disables networking before the 
system-sleep scripts are run. Is there way I can use systemd to run the 
script before disabling the network?


Thanks!

Doug

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd unit transition timestamps

2021-06-11 Thread paul.niel...@fujitsu.com

Hi Uoti,

Thanks a lot for your answer.
I wasn't aware of the garbage collector.
Just after your mail I saw that it is "now" described in the systemd.unit man 
page, with all answers to my question. :D
As I said, unfortunately, we use a fairly outdated version (228) that ships 
with SLES12 and this version's man page has no info about the garbage 
collection.

Best regards,
Paul

Paul Nieleck
Associate Software Developer, CE EPS BS2000 DS OS4
Fujitsu
Mies-van-der-Rohe-Straße 8, 80807 München
Germany
Email: paul.niel...@fujitsu.com
Web: https://www.fujitsu.com/emeia/

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Running systemd unprivileged in Docker container

Re: [systemd-devel] Script in system-sleep that makes an HTTP post

Re: [systemd-devel] Script in system-sleep that makes an HTTP post

[systemd-devel] Script in system-sleep that makes an HTTP post

Re: [systemd-devel] systemd unit transition timestamps

5 matches

Site Navigation

Mail list logo

Footer information