[systemd-devel] Wrong interface name
Hello, Recently I found that my kvm guest has inconsistent network names every reboot. Here is the log myPC kernel: virtio_net virtio0 eth000102030405: renamed from eth0 myPC kernel: virtio_net virtio1 eth000102030406: renamed from eth1 myPC kernel: virtio_net virtio2 eth000102030407: renamed from eth2 myPC kernel: virtio_net virtio0 eth1: renamed from eth000102030405 myPC kernel: virtio_net virtio1 eth3: renamed from eth000102030406 myPC kernel: virtio_net virtio2 eth4: renamed from eth000102030407 Looks like systemd-udevd has renamed the interface name but incorrectly. Could you please let me know if the above log is printed out because system-udevd runs or from kernel? And why the name is changed incorrectly, is it due to some udev rules? Is there any way I can change to make the interface name persistent on each reboot. Thanks, Brs, Naruto ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Systemd stop info
Hi everyone, When rebooting the system, I notice systemd print out: [[0;32m OK [0m] Stopped Account Service What do 0;32m and 0m means? Thanks, Brs, Naruto ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Cannot create 'home' directory systemd-tmpfiles-setup.service
Hi everyone, systemd-tmpfiles-setup.service throws a strange error when booting my system . Dec 30 11:32:53 mynode systemd-tmpfiles[751]: Failed to open directory 'home': No such file or directory Dec 30 11:32:53 mynode systemd[1]: systemd-tmpfiles-setup.service: Job systemd-tmpfiles-setup.service/start finished, result=failed Dec 30 11:32:53 mynode systemd[1]: Failed to start Create Volatile Files and Directories. The error is solved when I start systemd-tmpfiles-setup.service manually again after booting completely. My system is boot up with initrd RAM disk and I am quire sure there is a /home in my initrd. The error only happens if I put a partition to /etc/fstab to mount it during the boot time. If I do not put anything in /etc/fstab then their is no error shown during starting up process. The content of /etc/fstab does not relate any to 'home' folder, I just want to mount a partition to a /mnt folder. Could you please help to advise the reason of this? is there anything related between /etc/fstab and systemd-tmpfiles-setup.service dependency? Thanks Brs,Naruto ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Mantas, Thanks for your reply. "Hold on – why are you whitelisting individual users for systemd.GetMethod()? " Sorry I am not clear your question. My intend is to add a user that fails to authenticate with DBUS in the previous email to policy config file to troubleshoot if dbus resolve it or not. But it throws "Unknown username" so I think dbus does not know anything about this user and it leads to the authenticate fails. Brs, Bao On Tue, Mar 12, 2019 at 6:20 PM Mantas Mikulėnas wrote: > On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen wrote: > >> Hi again, >> >> I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then >> send signal SIGHUP to reload the configuration, also for dbus flush user >> cache, but dbus said that >> >> Unknown username "ldap_demo" on element >> Reloaded configuration >> > > Hold on – why are you whitelisting individual users for > systemd.GetMethod()? > > >> >> I search the source code in dbus. it will >> call _dbus_get_user_id_and_primary_group , >> then _dbus_user_database_get_system to search user ldap_demo in its >> database but I am not clear how this database is built. Could you please >> help me for that? >> Is there anyway to make dbus aware the new user except restart dbus? >> > > > >> If I restart dbus, does it have any impact to the system? >> > > Yes; it closes all existing bus connections, which may cause many services > to exit. > > >> >> Thanks, >> Brs, >> Bao >> >> >> On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering >> wrote: >> >>> On Fr, 08.03.19 11:59, Mantas Mikulėnas (graw...@gmail.com) wrote: >>> >>> > > dbus policy can only reference users that are available locally at >>> any >>> > > time, i.e. generally system users, not human users. >>> > > >>> > > >>> > Hmm, but in this case, the client seems to be completely refused >>> access to >>> > the bus – not just blocked by policy from sending some message. The >>> system >>> > bus normally allows any user to connect (I mean, I have no problems >>> > accessing it from an LDAP account), so I'm not sure why the bus config >>> > should matter at this point. >>> >>> At this point this is probably something to move to the dbus list... I >>> don#t remember how precisely dbus-daemon authenticates stuff, I just >>> have a rough idea. >>> >>> Lennart >>> >>> -- >>> Lennart Poettering, Red Hat >>> >> > > -- > Mantas Mikulėnas > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi again, I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then send signal SIGHUP to reload the configuration, also for dbus flush user cache, but dbus said that Unknown username "ldap_demo" on element Reloaded configuration I search the source code in dbus. it will call _dbus_get_user_id_and_primary_group , then _dbus_user_database_get_system to search user ldap_demo in its database but I am not clear how this database is built. Could you please help me for that? Is there anyway to make dbus aware the new user except restart dbus? If I restart dbus, does it have any impact to the system? Thanks, Brs, Bao On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering wrote: > On Fr, 08.03.19 11:59, Mantas Mikulėnas (graw...@gmail.com) wrote: > > > > dbus policy can only reference users that are available locally at any > > > time, i.e. generally system users, not human users. > > > > > > > > Hmm, but in this case, the client seems to be completely refused access > to > > the bus – not just blocked by policy from sending some message. The > system > > bus normally allows any user to connect (I mean, I have no problems > > accessing it from an LDAP account), so I'm not sure why the bus config > > should matter at this point. > > At this point this is probably something to move to the dbus list... I > don#t remember how precisely dbus-daemon authenticates stuff, I just > have a rough idea. > > Lennart > > -- > Lennart Poettering, Red Hat > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Lennart & Mantas,
Thanks a lot for your quick response.
Maybe you're right, dbus-daemon resolves users mentioned in its policy
files at start-up. And then adding a new user to LDAP, dbus-daemon has
not resolved yet so it do not allow to access system bus. That may be
the reason that restart dbus resolve the issue, mean makes dbus aware
the new user. However, as Mantas said he does not meet the issue with
LDAP account, could Mantas please add a new LDAP account again to
confirm if you meet the same problem or not, or any new LDAP account
added you do not see the issue without restart dbus?
BTW, I remember I did not meet the same problem in older systemd, not
sure if later systemd has any changes that makes the issue "Assess
denied" happens for LDAP, or could you please let me know it is a
expected behavior for every version of systemd?
Thanks,
Brs,
Naruto
On Fri, Mar 8, 2019 at 4:59 PM Mantas Mikulėnas wrote:
>
> On Fri, Mar 8, 2019 at 11:54 AM Lennart Poettering
> wrote:
>>
>> On Fr, 08.03.19 16:05, Bao Nguyen (bao...@gmail.com) wrote:
>>
>> > Hi Lennart,
>> >
>> > After debugging the problem, when strace the busctl call method command
>> >
>> > strace -f -tt busctl call org.freedesktop.systemd1
>> > /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager GetUnit s
>> > sys-devices-platform-serial8250-tty-ttyS6.device
>> >
>> >
>> > 07:54:32.027830 connect(3, {sa_family=AF_LOCAL,
>> > sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0
>> > 07:54:32.028045 getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0,
>> > gid=0}, [12]) = 0
>> > 07:54:32.028146 fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
>> > 07:54:32.028240 getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
>> > 07:54:32.028369 getsockname(3, {sa_family=AF_LOCAL, NULL}, [2]) = 0
>> > 07:54:32.028477 geteuid() = 701
>> > 07:54:32.028584 sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL
>> > ", 15}, {"373031", 6}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}],
>> > msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 49
>> > 07:54:32.028854 gettid()= 6861
>> > 07:54:32.028954 getrandom("f\7Wa\3512\306\316\3325\246\372\207\247\272(",
>> > 16, GRND_NONBLOCK) = 16
>> > *07:54:32.029115 recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"REJECTED
>> > EXTERNAL DBUS_COOKIE_SH"..., 256}], msg_controllen=0,
>> > msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) =
>> > 82*
>> > *07:54:32.029230 writev(2, [{"Access denied", 13}, {"\n", 1}], 2Access
>> > denied*
>> >
>> > I can see that the "Access Denied" is thrown because the system dbus fail
>> > to authenticate NEGOTIATE_UNIX_FD sent from client . It returns
>> > *REJECTED
>> > EXTERNAL DBUS_COOKIE_SH. * Could you please help to explain more why DBUS
>> > fail to authenticate? Is there any work around to make it authenticate
>> > successfully? I restart dbus and the error is gone away. Not sure why and
>> > maybe restarting dbus is not a good WA to do.
>> >
>> > My system uses SSSD, PAM and LDAP to authenticate the user,
>>
>> dbus-daemon resolves users mentioned in its policy files at
>> start-up. Are you referencing users that are defined in SSSD/LDAP? If
>> so, that's most likely your problem. You can't do that.
>>
>> dbus policy can only reference users that are available locally at any
>> time, i.e. generally system users, not human users.
>>
>
> Hmm, but in this case, the client seems to be completely refused access to
> the bus – not just blocked by policy from sending some message. The system
> bus normally allows any user to connect (I mean, I have no problems accessing
> it from an LDAP account), so I'm not sure why the bus config should matter at
> this point.
>
> --
> Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Lennart,
After debugging the problem, when strace the busctl call method command
strace -f -tt busctl call org.freedesktop.systemd1
/org/freedesktop/systemd1 org.freedesktop.systemd1.Manager GetUnit s
sys-devices-platform-serial8250-tty-ttyS6.device
07:54:32.027830 connect(3, {sa_family=AF_LOCAL,
sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0
07:54:32.028045 getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0,
gid=0}, [12]) = 0
07:54:32.028146 fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
07:54:32.028240 getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
07:54:32.028369 getsockname(3, {sa_family=AF_LOCAL, NULL}, [2]) = 0
07:54:32.028477 geteuid() = 701
07:54:32.028584 sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL
", 15}, {"373031", 6}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}],
msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 49
07:54:32.028854 gettid()= 6861
07:54:32.028954 getrandom("f\7Wa\3512\306\316\3325\246\372\207\247\272(",
16, GRND_NONBLOCK) = 16
*07:54:32.029115 recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"REJECTED
EXTERNAL DBUS_COOKIE_SH"..., 256}], msg_controllen=0,
msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) =
82*
*07:54:32.029230 writev(2, [{"Access denied", 13}, {"\n", 1}], 2Access
denied*
I can see that the "Access Denied" is thrown because the system dbus fail
to authenticate NEGOTIATE_UNIX_FD sent from client . It returns *REJECTED
EXTERNAL DBUS_COOKIE_SH. * Could you please help to explain more why DBUS
fail to authenticate? Is there any work around to make it authenticate
successfully? I restart dbus and the error is gone away. Not sure why and
maybe restarting dbus is not a good WA to do.
My system uses SSSD, PAM and LDAP to authenticate the user,
Thanks,
Brs,
Naruto
On Sat, Mar 2, 2019 at 2:31 PM Bao Nguyen wrote:
>
> Hi Lennart,
>
> Thanks for your information.
>
> I do not use selinux. Could you please show me how to enable dbus log?
> I found this thread https://wiki.ubuntu.com/DebuggingDBus, not sure it
> works but I'll give it a try.
>
> BTW, last time when I enable systemd debug systemd.log_level=debug, I
> found this log
>
> systemd[1]: Got message type=method_call sender=:1.183
> destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
> interface=org.freedesktop.systemd1.Manager member=GetUnit cookie=2
> reply_cookie=0 error=n/a
> systemd[1]: Sent message type=method_return sender=n/a
> destination=:1.183 object=n/a interface=n/a member=n/a cookie=2151
> reply_cookie=2 error=n/a
>
> This is when I can ssh successfully, when it fails, the Sent message
> (and maybe Got Message as well, sorry I lost the log, I will update
> later) has sender and destination is "n/a". Could you please elaborate
> on this "n/a", can it lead to the Acess denied"?
>
> And if dbus-daemon refused access to the unit's runtime data, when I
> restart dbus, there is no error "Access Denied" anymore. How does
> restarting dbus relate with Access Denied? If it is permission, I
> guess even restarting dbus, it still meets Access Denied.
>
> Sorry for asking a lot of questions.
>
> Thanks a lot,
> Brs,
> Naruto
>
> On Fri, Mar 1, 2019 at 5:22 PM Lennart Poettering
> wrote:
> >
> > On Do, 28.02.19 18:21, Bao Nguyen (bao...@gmail.com) wrote:
> >
> > > Hello everyone,
> > >
> > > I am using systemd 228. When the system starts successfully, I tried
> > > to login to my system via ssh with my one of setting users, and I can
> > > log in successfully but systemd throws an error message:
> > >
> > > "Failed to get unit: Access denied"
> > >
> > > When I trace code of systemd, I found the message thrown from the
> > > method call via sdbus. This is one of function I added in systemd
> > > source
> > >
> > > r = sd_bus_call_method(
> > > bus,
> > > "org.freedesktop.systemd1",
> > > "/org/freedesktop/systemd1",
> > > "org.freedesktop.systemd1.Manager",
> > > "GetUnit",
> > > _message,
> > > _return,
> > > "s", name_unit);
> > > if (r < 0) {
> > > return log_errno(r, "Failed to get unit: %s",
> > > bus_error_message(_message, r));
> > > }
> > >
> > > But somehow it cannot call GetUnit met
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Lennart,
Thanks for your information.
I do not use selinux. Could you please show me how to enable dbus log?
I found this thread https://wiki.ubuntu.com/DebuggingDBus, not sure it
works but I'll give it a try.
BTW, last time when I enable systemd debug systemd.log_level=debug, I
found this log
systemd[1]: Got message type=method_call sender=:1.183
destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=GetUnit cookie=2
reply_cookie=0 error=n/a
systemd[1]: Sent message type=method_return sender=n/a
destination=:1.183 object=n/a interface=n/a member=n/a cookie=2151
reply_cookie=2 error=n/a
This is when I can ssh successfully, when it fails, the Sent message
(and maybe Got Message as well, sorry I lost the log, I will update
later) has sender and destination is "n/a". Could you please elaborate
on this "n/a", can it lead to the Acess denied"?
And if dbus-daemon refused access to the unit's runtime data, when I
restart dbus, there is no error "Access Denied" anymore. How does
restarting dbus relate with Access Denied? If it is permission, I
guess even restarting dbus, it still meets Access Denied.
Sorry for asking a lot of questions.
Thanks a lot,
Brs,
Naruto
On Fri, Mar 1, 2019 at 5:22 PM Lennart Poettering
wrote:
>
> On Do, 28.02.19 18:21, Bao Nguyen (bao...@gmail.com) wrote:
>
> > Hello everyone,
> >
> > I am using systemd 228. When the system starts successfully, I tried
> > to login to my system via ssh with my one of setting users, and I can
> > log in successfully but systemd throws an error message:
> >
> > "Failed to get unit: Access denied"
> >
> > When I trace code of systemd, I found the message thrown from the
> > method call via sdbus. This is one of function I added in systemd
> > source
> >
> > r = sd_bus_call_method(
> > bus,
> > "org.freedesktop.systemd1",
> > "/org/freedesktop/systemd1",
> > "org.freedesktop.systemd1.Manager",
> > "GetUnit",
> > _message,
> > _return,
> > "s", name_unit);
> > if (r < 0) {
> > return log_errno(r, "Failed to get unit: %s",
> > bus_error_message(_message, r));
> > }
> >
> > But somehow it cannot call GetUnit method from interface
> > org.freedesktop.systemd1.Manager with error "Access denied". Could you
> > please let me know what the error message of this method call means ?
> > Does it relate any to user permission and if any setting permission of
> > user can cause the method called via sdbus can not retrieve unit
> > object path for a unit name during ssh?
>
> This means dbus-daemon or selinux refused access to the unit's runtime
> data.
>
> if it's dbus there might be more info in the dbus logs.
>
> if it's selinux (do you use that?) there might be AVCs...
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Mantas,
Thanks for our reply.
No, my /usr has not any special setup, it is already in initrd.
Brs,
Naruto
On Fri, Mar 1, 2019 at 4:33 PM Mantas Mikulėnas wrote:
>
> Does your system have any sort of special setup for /etc or /usr?
>
> It sounds very much like /usr is on a separate filesystem that's not yet
> mounted at the time of system boot, so dbus-daemon cannot find its
> configuration at that time. When /usr is separate, it must be pre-mounted by
> the initramfs.
>
> On Thu, Feb 28, 2019 at 1:28 PM Bao Nguyen wrote:
>>
>> Hi again,
>>
>> Just would like to update that when i restart dbus service, the issue does
>> not happen.
>>
>> Brs,
>> Bao
>>
>> On Thu, Feb 28, 2019 at 6:21 PM Bao Nguyen wrote:
>>>
>>> Hello everyone,
>>>
>>> I am using systemd 228. When the system starts successfully, I tried
>>> to login to my system via ssh with my one of setting users, and I can
>>> log in successfully but systemd throws an error message:
>>>
>>> "Failed to get unit: Access denied"
>>>
>>> When I trace code of systemd, I found the message thrown from the
>>> method call via sdbus. This is one of function I added in systemd
>>> source
>>>
>>> r = sd_bus_call_method(
>>> bus,
>>> "org.freedesktop.systemd1",
>>> "/org/freedesktop/systemd1",
>>> "org.freedesktop.systemd1.Manager",
>>> "GetUnit",
>>> _message,
>>> _return,
>>> "s", name_unit);
>>> if (r < 0) {
>>> return log_errno(r, "Failed to get unit: %s",
>>> bus_error_message(_message, r));
>>> }
>>>
>>> But somehow it cannot call GetUnit method from interface
>>> org.freedesktop.systemd1.Manager with error "Access denied". Could you
>>> please let me know what the error message of this method call means ?
>>> Does it relate any to user permission and if any setting permission of
>>> user can cause the method called via sdbus can not retrieve unit
>>> object path for a unit name during ssh?
>>>
>>> Thanks a lot,
>>> Brs,
>>> Naruto
>>
>> ___
>> systemd-devel mailing list
>> systemd-devel@lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
>
>
> --
> Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi again,
Just would like to update that when i restart dbus service, the issue does
not happen.
Brs,
Bao
On Thu, Feb 28, 2019 at 6:21 PM Bao Nguyen wrote:
> Hello everyone,
>
> I am using systemd 228. When the system starts successfully, I tried
> to login to my system via ssh with my one of setting users, and I can
> log in successfully but systemd throws an error message:
>
> "Failed to get unit: Access denied"
>
> When I trace code of systemd, I found the message thrown from the
> method call via sdbus. This is one of function I added in systemd
> source
>
> r = sd_bus_call_method(
> bus,
> "org.freedesktop.systemd1",
> "/org/freedesktop/systemd1",
> "org.freedesktop.systemd1.Manager",
> "GetUnit",
> _message,
> _return,
> "s", name_unit);
> if (r < 0) {
> return log_errno(r, "Failed to get unit: %s",
> bus_error_message(_message, r));
> }
>
> But somehow it cannot call GetUnit method from interface
> org.freedesktop.systemd1.Manager with error "Access denied". Could you
> please let me know what the error message of this method call means ?
> Does it relate any to user permission and if any setting permission of
> user can cause the method called via sdbus can not retrieve unit
> object path for a unit name during ssh?
>
> Thanks a lot,
> Brs,
> Naruto
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Cannot call GetUnit method with ssh
Hello everyone,
I am using systemd 228. When the system starts successfully, I tried
to login to my system via ssh with my one of setting users, and I can
log in successfully but systemd throws an error message:
"Failed to get unit: Access denied"
When I trace code of systemd, I found the message thrown from the
method call via sdbus. This is one of function I added in systemd
source
r = sd_bus_call_method(
bus,
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
"org.freedesktop.systemd1.Manager",
"GetUnit",
_message,
_return,
"s", name_unit);
if (r < 0) {
return log_errno(r, "Failed to get unit: %s",
bus_error_message(_message, r));
}
But somehow it cannot call GetUnit method from interface
org.freedesktop.systemd1.Manager with error "Access denied". Could you
please let me know what the error message of this method call means ?
Does it relate any to user permission and if any setting permission of
user can cause the method called via sdbus can not retrieve unit
object path for a unit name during ssh?
Thanks a lot,
Brs,
Naruto
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Turn off journald entirely
Hello everyone, I found in this thread that "There's currently no way to turn off journald entirely, but it's on the TODO list" https://lists.freedesktop.org/archives/systemd-devel/2012-March/004773.html Would you please let me know how this TODO is going? Is it possible to turn off journald entirely nowadays? Thanks, Brs, Naruto ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Question about a random UDP port on rpcbind 0.2.3 started by systemd
Hello evryone, I would like to ask you a question regarding the new random UDP port in rpcbind 0.2.3. In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through rpcbind.service, then I do netstat udp0 0 0.0.0.0:111 0.0.0.0:* 10408/rpcbind udp0 0 0.0.0.0:831 0.0.0.0:* 10408/rpcbind udp6 0 0 :::111 :::* 10408/rpcbind udp6 0 0 :::831 :::* 10408/rpcbind The rpcbind does not only listen on port 111 but also on a random udp port "831" in this case, this port is changed every time the rpcbind service retstarts. And it listens on 0.0.0.0 so it opens a hole on security. I have looked into the change of rpcbind 0.2.3 and found the change " rpcbind: add support for systemd socket activation", it calls a function sd_listen_fds, I do not know much about systemd socket activation programming, does the "831" port is generated from rpcbind to communicate with systemd socket activation? Could you please let me know what this port is for and is there any way to avoid that like force it listen on a internal interface rather than on any interfaces like that? As the rpcbind is started from systemd so "-h" option is invalid as the man page says: -h Specify specific IP addresses to bind to for UDP requests. This option may be specified multiple times and can be used to restrict the interfaces rpcbind will respond to. Note that when rpcbind is controlled via sys- temd's socket activation, the -h option is ignored. In this case, you need to edit the ListenStream and ListenDgram definitions in /usr/lib/systemd/system/rpcbind.socket instead. Thanks a lot, Brs, Bao ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Question about service dependency handling in systemd-228
Hi all, Thank you very much for your support. I will try to fix the cycle. Brs, On Mon, Nov 27, 2017 at 4:11 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 27.11.2017 um 05:23 schrieb Bao Nguyen: > >> Thanks all for your comments. I will try to use option FreeBind. However >> could anyone explain for me that I did not use FreeBind option in >> systems-210 but all my services start well? I am still inclined to the >> different of systemd-228 and systemd-210 causes the current issue. >> > > beause your configuration was undefined behavior and never made any sense > when there are dependency loops and similar problems - systemd does and did > the best not throw you to the mergency console and boot the system somehow, > pointed out errors and now it's time to fi them > > IMHO it would be justified not to boot at all if there is as example a > unit which has itself in After/Before/Requires as example when someone > don't read his systemlogs after change units and "systemctl daemon-reload" > :-) > > > On Sun, Nov 26, 2017 at 4:53 PM, Reindl Harald <h.rei...@thelounge.net >> <mailto:h.rei...@thelounge.net>> wrote: >> >> >> >> Am 26.11.2017 um 10:47 schrieb Bao Nguyen: >> >> Regard to your question, "asi-My-5101.socket" depends on >> "My-sshd.target", I think that in my case it is expected as my >> socket listens on a specific address IP:port so it should start >> after a network service to configure and assign IP address >> before my socket runs >> >> >> nonsense - the whole point of socket activation is to have sockets >> listening before other stuff is up and running >> >> https://www.freedesktop.org/software/systemd/man/systemd.socket.html >> <https://www.freedesktop.org/software/systemd/man/systemd.socket.html >> > >> If an IP address is used here, it is often desirable to listen on it >> before the interface it is configured on is up and running, and even >> regardless of whether it will be up and running at any point. To >> deal with this, it is recommended to set the FreeBind= option >> described below >> >> FreeBind= >> Takes a boolean value. Controls whether the socket can be bound to >> non-local IP addresses. This is useful to configure sockets >> listening on specific IP addresses before those IP addresses are >> successfully configured on a network interface. This sets the >> IP_FREEBIND socket option. For robustness reasons it is recommended >> to use this option whenever you bind a socket to a specific IP >> address. Defaults to false. >> > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Question about service dependency handling in systemd-228
Hi, Thanks all for your comments. I will try to use option FreeBind. However could anyone explain for me that I did not use FreeBind option in systems-210 but all my services start well? I am still inclined to the different of systemd-228 and systemd-210 causes the current issue. Thanks again, Brs, Bao On Sun, Nov 26, 2017 at 4:53 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 26.11.2017 um 10:47 schrieb Bao Nguyen: > >> Regard to your question, "asi-My-5101.socket" depends on >> "My-sshd.target", I think that in my case it is expected as my socket >> listens on a specific address IP:port so it should start after a network >> service to configure and assign IP address before my socket runs >> > > nonsense - the whole point of socket activation is to have sockets > listening before other stuff is up and running > > https://www.freedesktop.org/software/systemd/man/systemd.socket.html > If an IP address is used here, it is often desirable to listen on it > before the interface it is configured on is up and running, and even > regardless of whether it will be up and running at any point. To deal with > this, it is recommended to set the FreeBind= option described below > > FreeBind= > Takes a boolean value. Controls whether the socket can be bound to > non-local IP addresses. This is useful to configure sockets listening on > specific IP addresses before those IP addresses are successfully configured > on a network interface. This sets the IP_FREEBIND socket option. For > robustness reasons it is recommended to use this option whenever you bind a > socket to a specific IP address. Defaults to false. > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Question about service dependency handling in systemd-228
Hi Uoti, Thanks a lot for your answer, I have checked the cycle. It is created by sockets.target -> asi-My-5101.socket -> My-sshd.target -> My-syncd.service -> My-nfs-client.service -> My-handling.service -> basic.target -> sockets.target. I do not see the same cycle in systemd-210 so I said that there is maybe a change in systemd-210 and sytemd-228 like building dependency tree and handling cycle. I can confirm there is no change in my scripts. Regard to your question, "asi-My-5101.socket" depends on "My-sshd.target", I think that in my case it is expected as my socket listens on a specific address IP:port so it should start after a network service to configure and assign IP address before my socket runs. Could you please help me if it is due to the fault in sytemd-228 or I have to adapt my script to overcome this issue? I tried to add DefaultDependencies=no in my asi-My-5101.socket, the problem go away (because sometimes I see it said the cycle created in basic.target, the behavior is really strange in systemd-228). Thanks, Brs, Bao On Sat, Nov 25, 2017 at 9:44 PM, Uoti Urpala <uoti.urp...@pp1.inet.fi> wrote: > On Sat, 2017-11-25 at 12:08 +0700, Bao Nguyen wrote: > > [ 41.154231] systemd[1]: nss-lookup.target: Dependency > Before=nss-lookup.target dropped > > [ 41.297229] systemd[1]: sockets.target: Found ordering cycle on > sockets.target/start > > [ 41.297236] systemd[1]: sockets.target: Found dependency on > asi-My-5101.socket/start > > [ 41.297239] systemd[1]: sockets.target: Found dependency on > My-sshd.target/start > > [ 41.297241] systemd[1]: sockets.target: Found dependency on > My-syncd.service/start > > [ 41.297244] systemd[1]: sockets.target: Found dependency on > My-nfs-client.service/start > > [ 41.297246] systemd[1]: sockets.target: Found dependency on > My-handling.service/start > > > > My question is if there are any significant different about building > tree dependency and handling cycle dependency between systemd-210 and > systemd-228 that can lead to my current situation? I have checked the > change log, source code but not found any useful info > > Rather than start by trying to find differences between systemd > versions, I suggest you first find out exactly what goes wrong under > the newer systemd version. Exactly which dependency is wrong and > shouldn't be there? Where does that dependency come from? A system > where ordering dependencies form a cycle is not valid, so some > dependency explicitly listed in your unit files or implicitly added by > systemd must be wrong. After finding that out, you can then try to find > out what differs under the older systemd if it's still relevant. > > In the above log, the most suspicious part is that it seems to say > "asi-My-5101.socket" depends on "My-sshd.target". A socket unit almost > certainly shouldn't have such dependencies, as normally a listening > socket can be opened regardless of the state of the rest of the system > (the main exception I can think of would be a UNIX socket at a > filesystem path that requires mounting something, but normally you > wouldn't do that...). > > > > And what does the message "nss-lookup.target: Dependency > Before=nss-lookup.target dropped" mean? I do not see it in systemd-210. > > Apparently the target had a dependency saying that it should be started > before itself, and such a blatantly impossible dependency was ignored. > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Question about service dependency handling in systemd-228
Hello everyone, I would like to have a question regarding to the building dependency and cycle dependency handling on systemd-228. In my system, I have some socket and service files, it has a cycle on socket target, when I run on system-228, systemd-228 throws [ 40.358582] systemd[1]: Set hostname to . [ 41.154231] systemd[1]: nss-lookup.target: Dependency Before=nss-lookup.target dropped [ 41.297229] systemd[1]: sockets.target: Found ordering cycle on sockets.target/start [ 41.297236] systemd[1]: sockets.target: Found dependency on asi-My-5101.socket/start [ 41.297239] systemd[1]: sockets.target: Found dependency on My-sshd.target/start [ 41.297241] systemd[1]: sockets.target: Found dependency on My-syncd.service/start [ 41.297244] systemd[1]: sockets.target: Found dependency on My-nfs-client.service/start [ 41.297246] systemd[1]: sockets.target: Found dependency on My-handling.service/start [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5101 [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5010 [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5111 [ SKIP ] Ordering cycle found, skipping asi-vsftpd-MyIO_2.socket [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5110 [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5002 [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5100 [ SKIP ] Ordering cycle found, skipping Remo...ell Facilities Activation Socket [ SKIP ] Ordering cycle found, skipping My Telnet Server Socket on port 5011 [ SKIP ] Ordering cycle found, skipping My sshd target It said that there is an ordering on the sockets.target, then break the cycle and SKIP randomly starting other service => the system cannot start. However I did not meet the same issue on systemd-210 with the same my services and sockets. Systemd-210 does not break and skip, and my system can start well. My question is if there are any significant different about building tree dependency and handling cycle dependency between systemd-210 and systemd-228 that can lead to my current situation? I have checked the change log, source code but not found any useful info And what does the message "nss-lookup.target: Dependency Before=nss-lookup.target dropped" mean? I do not see it in systemd-210. Many thanks for your support, Best regards, Naru ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Can LSBInitScipts specify an dependency on systemd unit?
Hi Michael, Thanks, do you know any document or manual talks about that like removing the .service extension as you said? I mean any proof to show it can work. Thanks again, Brs On Thu, Jun 9, 2016 at 4:13 PM, Michael Biebl <mbi...@gmail.com> wrote: > 2016-06-09 10:55 GMT+02:00 Bao Nguyen <bao...@gmail.com>: > > Hi everyone, > > > > I have a script written by SysVinit, can I declare ordering of this > script > > with a systemd unit in "X-Start-Before:" and "X-Start-After:", for ex > > > > X-Start-Before: systemd_1.service > > X-Start-After: systemd_2.service > > > > Can it be declared like that? Can it work as expected if LSB depends on > > systemd service? > > > Yes, this works. But you need to drop the .service file extension. > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Can LSBInitScipts specify an dependency on systemd unit?
Hi everyone, I have a script written by SysVinit, can I declare ordering of this script with a systemd unit in "X-Start-Before:" and "X-Start-After:", for ex X-Start-Before: systemd_1.service X-Start-After: systemd_2.service Can it be declared like that? Can it work as expected if LSB depends on systemd service? Thanks, Best regards, Bao ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Shutdown a specific service in systemd shutdown
Hi Michael, Thanks for your comments, looks like it will work. I will try it. Just adding a question, if my specific is written in old style (SystemVinit), it has LSB header, how can I modify it to make it depend on multi-user.target. Thanks, Brs On Wed, May 25, 2016 at 5:09 PM, Michael Chapman <m...@very.puzzling.org> wrote: > On Thu, 19 May 2016, Bao Nguyen wrote: > >> Hi everyone, >> >> When the system is shutdown, systemd will terminate all services in >> parallel manner, could you let me know if there is any ways to tell >> systemd >> to shutdown a specific service first, then shutdown all remaining >> services? >> > > Hello, > > I haven't tested it, but as far as I know all you need to do is ensure > your special service is After=multi-user.target, i.e.: > > [Unit] > Description=Some service that must be started late / stopped early > After=multi-user.target > > [Service] > # ... > > [Install] > WantedBy=multi-user.target > > A target unit is automatically After= all the units that it Wants=, > Requires=, etc., but this automatic dependency is *not* added if that would > create a dependency loop. > > So at shutdown systemd knows it needs to stop all services and targets. > Because your special service is After=multi-user.target, and > multi-user.target is After= all *other* normal services, everything gets > ordered correctly: your service is stopped first, then multi-user.target is > stopped, then all the other services are stopped. > > Now, this isn't the *cleanest* solution -- you really want to be specific > in your service dependencies rather than depending upon a whole target's > worth of services, and there's always the chance that multi-user.target > might be stopped some other way before shutdown -- but it does seem as if > it goes some way to solving your problem. > > - Michael > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Shutdown a specific service in systemd shutdown
Hi, Thanks for all your comments. How do you think if we create a custom target to include all remaining services, then add this target to the dependency After= of the specific services. This way can make the specific stop before the services in the target when the system shutdowns? Thanks, BRs, Natsu On Mon, May 23, 2016 at 3:54 PM, Lennart Poettering <lenn...@poettering.net> wrote: > On Sun, 22.05.16 15:24, Andrei Borzenkov (arvidj...@gmail.com) wrote: > > > 19.05.2016 11:57, Martin Pitt пишет: > > > Hello Bao, > > > > > > Bao Nguyen [2016-05-19 15:52 +0700]: > > >> When the system is shutdown, systemd will terminate all services in > > >> parallel manner, could you let me know if there is any ways to tell > systemd > > >> to shutdown a specific service first, then shutdown all remaining > services? > > > > > > The concept of "first"/"last" has no well-defined meaning in any > > > non-serial init systems (not even SysV init with insserv, only with > > > classic SysV init with manually set priorities). I've heard requests > > > like "but this needs to be started as the last thing" a lot in the > > > recent years, and there's no way all the services can simultaneously > > > be "last" :-) > > > > Well, the very good example of service that has to be started/stopped > > before/after anything else is splash screen (plymouth or anything). It > > really must appear as soon as user hit ENTER in "systemctl reboot". As > > it stands now, there is no way to ensure it. > > Well, shutting down is asynchronous anyway. Hence, yes, it should be shown > pretty quickly, but strict, enforced ordering here is not necessary. > > This is a different story if you want a smooth transition between some > graphical login thingy (such as gdm) and the ply shutdown screen, but > in that case there should really be a direct hand-over so that gdm > only releases the DRM when it knows that py has taken over. Such logic > needs to happen directly between ply and gdm however, and in fact does > already. > > > > You should put sufficient After= properties into your service, so that > > > it gets started after and stopped before the ones you specify. > > > > Do you suggest adding dependency on plymouth to *every* service? > > No, I'd suggest that you are using the wrong tool here and should use > something else... > > Lennart > > -- > Lennart Poettering, Red Hat > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Shutdown a specific service in systemd shutdown
Hi Martin, Thanks a lot for your answer. How about if my specific script is written by SysVinit, it has LSB headers, can we still use in LSB header the property lAfter= as in systemd to make it start/stop orderly? Another solution I think to make it shutdowns "order" when I read systemd-halt.service in https://www.freedesktop.org/software/systemd/man/systemd-halt.service.html "Immediately before executing the actual system halt/poweroff/reboot/kexec systemd-shutdown will run all executables in /usr/lib/systemd/system-shutdown/ and pass one arguments to them: either " halt", "poweroff", "reboot" or "kexec", depending on the chosen action. All executables in this directory are executed in parallel, and execution of the action is not continued before all executables finished." Can I put a script to terminate my specific script in /usr/lib/systemd/system-shutdown/? As the description, the script will be run to terminate my script before executing the actual system shutdown? Some people on internet also tried to make a script to do something before everything else on shutdown with systemd like http://superuser.com/questions/1016827/how-do-i-run-a-script-before-everything-else-on-shutdown-with-systemde How do you think if I can make a script to terminate my script before all other services shutdown like above to make it "order"? Thanks a lot. Best regards, Natsu On Thu, May 19, 2016 at 3:57 PM, Martin Pitt <martin.p...@ubuntu.com> wrote: > Hello Bao, > > Bao Nguyen [2016-05-19 15:52 +0700]: > > When the system is shutdown, systemd will terminate all services in > > parallel manner, could you let me know if there is any ways to tell > systemd > > to shutdown a specific service first, then shutdown all remaining > services? > > The concept of "first"/"last" has no well-defined meaning in any > non-serial init systems (not even SysV init with insserv, only with > classic SysV init with manually set priorities). I've heard requests > like "but this needs to be started as the last thing" a lot in the > recent years, and there's no way all the services can simultaneously > be "last" :-) > > You should put sufficient After= properties into your service, so that > it gets started after and stopped before the ones you specify. See > man systemd.unit for details. > > Martin > > -- > Martin Pitt| http://www.piware.de > Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Shutdown a specific service in systemd shutdown
Hi everyone, When the system is shutdown, systemd will terminate all services in parallel manner, could you let me know if there is any ways to tell systemd to shutdown a specific service first, then shutdown all remaining services? Thanks, Best regards, Natsu ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
