Re: [systemd-devel] Systemd-cryptsetup triggers a black screen after upgrading to 6.4.1

2023-07-07 Thread Christian Hesse 
Felix Rubio  on Thu, 2023/07/06 18:07:
> Using arch linux, I have had my kernel upgraded from 6.3.9 to 6.4.1. 
> After regenerating the UKI, that works, I get just a black screen when 
> systemd-cryptsetup should be either using the TPM to unlock the drive or 
> to ask me the rescue password.

Possibly running on a Framework laptop with Intel 12th gen or later?

https://bugs.archlinux.org/task/78961
https://bugzilla.kernel.org/show_bug.cgi?id=217631
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}


pgp6M6VUO9Rgw.pgp
Description: OpenPGP digital signature

Re: [systemd-devel] Bugfix release(s)

2019-01-15 Thread Christian Hesse 
Lennart Poettering  on Tue, 2019/01/15 20:00:
> Note that we don't branch releases right now. Instead when we are
> getting closer to a release we simply don't merge PRs we don't
> consider appropriate for the release anymore until after the
> release. Or in other words: the master branch simply "stops" for a
> while getting new stuff, and only gets bugfixes until we release the
> version, which reopens the floodgates

Most people do not notice when this happens. Having milestones on github is
nice, but most of us miss that. Just make it obvious: add a tag when
you start preparation for a release - no matter if you call it 'v241-freeze',
'v241-rc' or whatever. I guess 'communication' on the lowest level can help a
lot here.

(BTW, there's another place I would like to see more tags... Would be nice to
have signed tags whenever a bunch of commits lands in a stable branch.)
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}


pgpqZRBDjeM2i.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Bugfix release(s)

2019-01-18 Thread Christian Hesse 
Lennart Poettering  on Wed, 2019/01/16 19:46:
> And in case the tag matches ^v[0-9]+-pre-.*$ may be this:
> 
> A new systemd ☠️ pre-release☠️  has just been tagged. Please
> download the tarball here:
> 
> https://github.com/systemd/systemd/archive/$TAG.tar.gz
> 
> NOTE: This is ☠️ pre-release☠️ software. Do not run this on
> production systems, but please test this and report any issues you
> find to GitHub:
> 
> https://github.com/systemd/systemd/issues/new?template=Bug_report.md

See the milestones for pending changes:

https://github.com/systemd/systemd/milestones
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}


pgpk89OXKii4O.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [networkd] dbus interface?

2016-05-18 Thread Christian Hesse 
Yuri D'Elia  on Mon, 2016/05/16 21:30:
> I'd like to monitor interface state changes as emitted by networkd.

You may want to take a look at netlink-notify [0]. It does not use networkd
at all but kernel's netlink interface. It's not perfect but works pretty well
for me. And there's no polling, so no waste of resources.

BTW, probably the simplest and most straight forward monitoring on console
(so no notification popups...) is 'ip monitor'.

[0] https://github.com/eworm-de/netlink-notify
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}


pgphSp2_ZjLhA.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Port 231 security patch to 213

2016-10-24 Thread Christian Hesse 
Jay Burger  on Mon, 2016/10/24 10:54:
> Hi,
> 
> I need some help porting the security patch released in version 231 back
> to version 213. If this is not the correct place for this question can
> someone point me to the proper forum?
> 
> Updating my system from 213 to 231 is not an option for me at this time.
> If anyone knows if this has been done can you point me to the patch?

What exactly are you referring to?

Does this help? (There is no v213 tree, but v214 is next.)
https://github.com/systemd/systemd-stable/tree/v214-stable
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}


pgpSeE4WRgsGh.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] inotify_add_watch() failed: Bad file descriptor

2015-05-26 Thread Christian Hesse 
Hello everybody,

with systemd v220 I see inotify errors from udevd. I get this once:

systemd-udevd: inotify_add_watch(9, /dev/sr0, 10) failed: Bad file descriptor

And a lot of these:

systemd-udevd: inotify_add_watch(9, /dev/dm-[0-9]+, 10) failed: Bad file
descriptor
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgpbnb1NlH6bY.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] 220 udev boot regression: timeout, giving up waiting for workers to finish

2015-05-26 Thread Christian Hesse 
Martin Pitt  on Tue, 2015/05/26 17:11:
> Hello Tom, all,
> 
> with 220 I get a severe boot time regression:
> 
>   $ systemd-analyze
>   Startup finished in 30.751s (kernel) + 11.706s (userspace) = 42.458s
> 
> which used to be
> 
>   $ systemd-analyze
>   Startup finished in 703ms (kernel) + 890ms (userspace) = 1.593s
> 
> (this is a VM)
> 
> It seems udevd --daemon spends 30 seconds timing out in the initramfs:
> 
>   [0.384519] systemd-udevd[55]: starting version 220
>   [   30.736381] systemd-udevd[56]: timeout, giving up waiting for workers
> to finish
> 
> and then some more in the real root:
> 
>$ systemd-analyze blame
>  10.826s dev-vda1.device
>  10.067s systemd-tmpfiles-setup-dev.service
>  10.031s systemd-sysctl.service
>  10.019s systemd-journald.service
>  10.005s sys-fs-fuse-connections.mount
>  10.001s tmp.mount
> 
> (full journal at http://paste.ubuntu.com/11372265/, but it's not very
> useful)
> 
> I bisected this to
> 
>   http://cgit.freedesktop.org/systemd/systemd/commit/?id=e237d8c
>   udevd: move file descriptors to Manager
> 
> this is hard to revert individually as there are lots of other recent
> changes in udev around this commit, but any version before that commit is
> fast and doesn't give that timeout error.
> 
> Current trunk as of commit 185abfc3 still has that problem, so it
> wasn't fixed by one of the recent udev commits.
> 
> Does anyone else see this too? Any idea what causes this?

I do see this as well. And probably we have an upstream bug [0] already.

Wondering whether or not my report about "inotify_add_watch() failed: Bad
file descriptor" [1] is related. Do you see that as well?
BTW, is it expected to have fd_inotify in udevd.c and inotify_fd in
udev_watch.c?

[0] https://bugs.freedesktop.org/show_bug.cgi?id=90051
[1] http://lists.freedesktop.org/archives/systemd-devel/2015-May/032213.html
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgpjACQJgD4Y4.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/2] detect-virt: detect in best-heuristic order

2015-11-09 Thread Christian Hesse 
Mantas Mikulėnas  on Wed, 2015/11/04 15:55:
> On Wed, Nov 4, 2015 at 3:52 PM, Lennart Poettering 
> wrote:
> 
> > On Wed, 04.11.15 15:54, Andrei Borzenkov (arvidj...@gmail.com) wrote:
> >  
> > > 04.11.2015 00:04, Andrew Jones пишет:  
> > > >afaict, this will fix a regression caused by commit 75f86906c5.
> > > >Where we used to report "kvm" before that patch, without this patch,
> > > >we would only report "qemu".  
> > >
> > > Are you sure it is regression? QEMU is a program (platform) while KVM is
> > > technology. Modern VirtualBox can use KVM as PV interface but it still
> > > remains VirtualBox. QEMU may use KVM as PV interface but it still
> > > remains QEMU.
> > >
> > > Where does it matter? Is anything broken because of this change?  
> >
> > I am pretty sure that vbox should be reported as vbox even if it uses
> > kvm as backend. qemu-kvm should be reported as kvm, and any other qemu
> > as qemu.
> >  
> 
> As I understand it, VirtualBox doesn't use KVM as *backend*; it only
> exposes a KVM-like paravirt interface to *guests*.

It does use kvm since version 5.0.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgpHcb6_mOMPF.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] mounting loop

2015-04-20 Thread Christian Hesse 
Hello everybody,

with systemd 219 mounting a filesystem image in loopback mode fails. Using
these command:

# truncate -s 1G /tmp/test.img
# mkfs.ext4 /tmp/test.img
[...]
# mount -o loop /tmp/test.img /mnt/tmp

systemd umounts the image as it thinks it is inactive:

Apr 20 08:54:28 leda systemd[1]: Unit mnt-tmp.mount is bound to inactive
unit. Stopping, too.
Apr 20 08:54:28 leda systemd[1]: Unmounting /mnt/tmp...
Apr 20 08:54:28 leda systemd[1]: Unmounted /mnt/tmp.

However manually assigning a loop device and mounting that works just fine:

# losetup -f /tmp/test.img
# losetup -a
/dev/loop0: [0034]:695793 (/tmp/test.img)
# mount /dev/loop0 /mnt/tmp

I think this is not the intended behavior, no? Any chance to fix that?
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgp7OZapXnwTz.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] mounting loop

2015-04-21 Thread Christian Hesse 
Christian Hesse  on Mon, 2015/04/20 09:25:
> Hello everybody,
> 
> with systemd 219 mounting a filesystem image in loopback mode fails. Using
> these command:
> 
> # truncate -s 1G /tmp/test.img
> # mkfs.ext4 /tmp/test.img
> [...]
> # mount -o loop /tmp/test.img /mnt/tmp
> 
> systemd umounts the image as it thinks it is inactive:
> 
> Apr 20 08:54:28 leda systemd[1]: Unit mnt-tmp.mount is bound to inactive
> unit. Stopping, too.
> Apr 20 08:54:28 leda systemd[1]: Unmounting /mnt/tmp...
> Apr 20 08:54:28 leda systemd[1]: Unmounted /mnt/tmp.
> 
> However manually assigning a loop device and mounting that works just fine:
> 
> # losetup -f /tmp/test.img
> # losetup -a
> /dev/loop0: [0034]:695793 (/tmp/test.img)
> # mount /dev/loop0 /mnt/tmp
> 
> I think this is not the intended behavior, no? Any chance to fix that?

Looks like the issue is fixed with this upstream commit:

From 628c89cc68ab96fce2de7ebba5933725d147aecc Mon Sep 17 00:00:00 2001
From: Lennart Poettering 
Date: Fri, 27 Feb 2015 21:55:08 +0100
Subject: core: rework device state logic

-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgp13Mnz6qgr2.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] heads-up: chasing journal(?) related regression in 219 causing boot hang/fail

2015-04-27 Thread Christian Hesse 
Martin Pitt  on Sat, 2015/04/11 10:38:
> Hello Tobias,
> 
> Tobias Hunger [2015-04-11  2:17 +0200]:
> > did you make any progress with this bug? Apparently the same issue is
> > blocking systemd-219 from getting into arch linux (
> > https://bugs.archlinux.org/task/44016 ), so this seems to be a
> > wide-spread issue. Is anyone taking a serious look into this issue?
> 
> Sorry, no, I was pretty busy with making systemd work good enough
> for the impending Debian and Ubuntu releases. A few weeks ago I mostly
> wanted to see whether this was specific to Debian/Ubuntu somehow, and
> I couldn't reproduce it in a VM with Fedora 21 plus dbus and systemd
> from rawhide. But in the meantime we got plenty of confirmations that
> it affects Fedora and now Arch, so I don't believe this is actually
> related to d-bus or something such.
> 
> As for the actual lockup, I'm afraid I don't understand at all
> what is happening (I'm anot familiar at all with how journald
> interacts with other services and D-Bus/logind).
> 
> So from my POV my best recommendation would be to revert commit
> 13790add4 upstream for now until this gets understood and fixed
> properly, especially if/when version 220 should be released. Breaking
> booting is much worse than not being able to restart journald.

Any news about this one?
Looks like everybody is waiting for a fix and nobody is working on it...

I do not know how to debug this. If I can help let me know.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


pgpCZgV7v7BLX.pgp
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] percentage values in journald.conf

2014-09-19 Thread Christian Hesse 
Hello everybody,

I am just trying to give journald some useful configuration on my system with
a dedicated log partition. The man page speaks about default values in
percent, so I tried:

SystemMaxUse=75%
SystemKeepFree=25%

However this is ignored. Are values in percent supposed to work?

Either we should make this work (I would prefer) or mention in man page more
clearly that values are expected in absolut values, not percentage.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] odd seek_tail behaviour

2014-10-13 Thread Christian Hesse 
Daurnimator  on Mon, 2014/10/13 01:27:
> Hi All,
> 
> I was trying to write a program that tailed the journal, but found that
> sd_journal_seek_tail() didn't work as expected.
> That is: that it would seek to the last/most recent thing in the journal,
> and I could tail things from there.
> 
> I whipped up a quick demonstration program, that shows that messages I
> 'next' through, are before the 'cutoff':
> 
> [code and output]
> 
> Is this behaviour expected? I'm using systemd 216.

I do see a similar problem in my code [0]. I do call sd_journal_previous()
after sd_journal_seek_tail(), but I still do see some older message come up.

sd_journal_next() is the first I call in while loop. Perhaps even this is a
problem?

[0] https://github.com/eworm-de/journal-notify/blob/master/journal-notify.c

-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/1] sd-journal: consistently use ternany for all direction checks

2014-10-13 Thread Christian Hesse 
From: Christian Hesse 

---
 src/journal/sd-journal.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 479444c..daa04ac 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -849,10 +849,8 @@ static int next_beyond_location(sd_journal *j, JournalFile 
*f, direction_t direc
 int k;
 
 k = compare_with_location(f, c, &j->current_location);
-if (direction == DIRECTION_DOWN)
-found = k > 0;
-else
-found = k < 0;
+
+found = direction == DIRECTION_DOWN ? k > 0 : k < 0;
 } else
 found = true;
 
-- 
2.1.2

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] odd seek_tail behaviour

2014-10-13 Thread Christian Hesse 
Christian Hesse  on Mon, 2014/10/13 20:22:
> Daurnimator  on Mon, 2014/10/13 01:27:
> > Hi All,
> > 
> > I was trying to write a program that tailed the journal, but found that
> > sd_journal_seek_tail() didn't work as expected.
> > That is: that it would seek to the last/most recent thing in the journal,
> > and I could tail things from there.
> > 
> > I whipped up a quick demonstration program, that shows that messages I
> > 'next' through, are before the 'cutoff':
> > 
> > [code and output]
> > 
> > Is this behaviour expected? I'm using systemd 216.
> 
> I do see a similar problem in my code [0]. I do call sd_journal_previous()
> after sd_journal_seek_tail(), but I still do see some older message come up.
> 
> sd_journal_next() is the first I call in while loop. Perhaps even this is a
> problem?
> 
> [0] https://github.com/eworm-de/journal-notify/blob/master/journal-notify.c

Looks like I was right. For any reason sd_journal_next() can jump to old
journal entries (even if sd_journal_previous() has been called before). That
happens before sd_journal_wait() is called the first time.

Sadly I do not know how to reproduce. It happens very seldom and I could not
find the culprit so far.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] odd seek_tail behaviour

2014-10-14 Thread Christian Hesse 
Christian Hesse  on Mon, 2014/10/13 23:56:
> Christian Hesse  on Mon, 2014/10/13 20:22:
> > Daurnimator  on Mon, 2014/10/13 01:27:
> > > Hi All,
> > > 
> > > I was trying to write a program that tailed the journal, but found that
> > > sd_journal_seek_tail() didn't work as expected.
> > > That is: that it would seek to the last/most recent thing in the
> > > journal, and I could tail things from there.
> > > 
> > > I whipped up a quick demonstration program, that shows that messages I
> > > 'next' through, are before the 'cutoff':
> > > 
> > > [code and output]
> > > 
> > > Is this behaviour expected? I'm using systemd 216.
> > 
> > I do see a similar problem in my code [0]. I do call sd_journal_previous()
> > after sd_journal_seek_tail(), but I still do see some older message come
> > up.
> > 
> > sd_journal_next() is the first I call in while loop. Perhaps even this is
> > a problem?
> > 
> > [0]
> > https://github.com/eworm-de/journal-notify/blob/master/journal-notify.c
> 
> Looks like I was right. For any reason sd_journal_next() can jump to old
> journal entries (even if sd_journal_previous() has been called before). That
> happens before sd_journal_wait() is called the first time.
> 
> Sadly I do not know how to reproduce. It happens very seldom and I could not
> find the culprit so far.

Actually the problem happens before. I have an old entry selected after
calling sd_journal_previous().

Mhh, does adding matches (sd_journal_add_match(),
sd_journal_add_conjunction() and sd_journal_add_disjunction()) have an effect
to sd_journal_seek_tail() and sd_journal_previous()?
Looks like the problem goes away if I seek to tail first, then add my matches.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] unlocking encrypted hard disk two factor authentication (password and Yubikey)

2014-04-30 Thread Christian Hesse 
Hello everybody,

for encrypted hard disks systemd asks via password agent [0] request for a key
to unlock the device. I coded a little program that can answer the request
with information received from a Yubikey [1] in challenge/response HMAC-SHA1
mode:

1. systemd asks for password
2. Yubikey is inserted
3. udev receives a hotplug event from Yubikey
4. udev launches my executable 'ykfde'
5. ykfde sends challenge to the key
6. ykfde receives response from the key
7. ykfde answers systemd's password request
8. systemd unlocks the hard disk and continues booting

Everything works perfectly so far.

Now I would like to add two factor authentication. The process should look
something like this:

...
4. udev launches my executable 'ykfde'
5. ykfde asks for a second password (second factor)
6. user types second password on keyboard
7. ykfde reveives second password and generates challenge
8. ykfde sends challenge to the key
9. ykfde receives response from the key
10. ykfde answers systemd's password request
11. systemd unlocks the hard disk and continues booting

Is there any way to make sure the users answers the second password request?

If no Yubikey is present (and no second password request is started) the user
should be able to answer as usual by typing a valid key.

[0] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
[1] http://www.yubico.com/products/yubikey-hardware/yubikey/
-- 
main(a){char*c=/*Schoene Gruesse */"C7?Bj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] networkd: create tun/tap device?

2014-05-06 Thread Christian Hesse 
Hello everybody,

currently it is not possible to create tun/tap device with networkd. Is this
feature planned? Anybody working on it?
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] networkd: create tun/tap device?

2014-06-03 Thread Christian Hesse 
Tom Gundersen  on Fri, 2014/05/16 14:54:
> On Fri, May 16, 2014 at 12:24 AM, Lennart Poettering
>  wrote:
> > On Wed, 07.05.14 08:22, Christian Hesse (l...@eworm.de) wrote:
> >
> >> Hello everybody,
> >>
> >> currently it is not possible to create tun/tap device with networkd. Is
> >> this feature planned? Anybody working on it?
> >
> > Sounds useful and reasonable. Added to TODO list.

Thanks!

> Yeah, sounds useful. Nobode working on it as far as I know, so patches
> welcome.

I am limited in time atm. Not sure whether or not I will manage to look into
this.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] unlocking encrypted hard disk two factor authentication (password and Yubikey)

2014-06-03 Thread Christian Hesse 
Lennart Poettering  on Fri, 2014/05/16 18:56:
> On Wed, 30.04.14 23:20, Christian Hesse (m...@eworm.de) wrote:
> 
> > 4. udev launches my executable 'ykfde'
> > 5. ykfde asks for a second password (second factor)
> > 6. user types second password on keyboard
> > 7. ykfde reveives second password and generates challenge
> > 8. ykfde sends challenge to the key
> > 9. ykfde receives response from the key
> > 10. ykfde answers systemd's password request
> > 11. systemd unlocks the hard disk and continues booting
> > 
> > Is there any way to make sure the users answers the second password
> > request?
> > 
> > If no Yubikey is present (and no second password request is started) the
> > user should be able to answer as usual by typing a valid key.
> 
> Did I get this right:
> 
> a) if there's a yubikey present, your tool shall answer cryptsetup's
> password queries, and the user shall only answer your tool's questions?
> 
> b) if there's no yubikey present, the user shall directly answer
>cryptsetup's password queries?
> 
> So basically, you want to plug your tool in the middle of the password
> pipeline, when the tool is running?

Exactly.

> I don't see a way how to do that in the current scheme. We could extend
> it in a way where a client could take posession of a password requests
> or so. Maybe via bsd file locks on the file containing the prompt or
> so. As soon as some other process sees that it would have to hide the
> prompt?
> 
> But meh, I am I have the suspicion we'll revisit the entire password
> prompt protocol anyway as soon as we have kdbus and can use the bus
> during early boot... I am not too keen thinking up this just now if we
> already know that thing will change quite a bit sooner or later in this
> area...

Ah, ok...
Would be great if anybody keeps this in mind then. ;)

Thanks!
-- 
Schoene Gruesse
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/1] udev: really exclude device-mapper from block device ownership event locking

2014-06-10 Thread Christian Hesse 
Arguments were wrong order, no?
This fixes commits:

e918a1b5a94f270186dca59156354acd2a596494
3d06f4183470d42361303086ed9dedd29c0ffc1b
---
 src/udev/udevd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 0f3f3f0..160360e 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -304,7 +304,7 @@ static void worker_new(struct event *event)
  *  IMHO this sounds like a good plan for this 
moment
  */
 if (streq_ptr("block", udev_device_get_subsystem(dev)) 
&&
-!startswith("dm-", udev_device_get_sysname(dev))) {
+!startswith(udev_device_get_sysname(dev), "dm-")) {
 struct udev_device *d = dev;
 
 if (streq_ptr("partition", 
udev_device_get_devtype(d)))
@@ -741,7 +741,7 @@ static int synthesize_change(struct udev_device *dev) {
 
 if (streq_ptr("block", udev_device_get_subsystem(dev)) &&
 streq_ptr("disk", udev_device_get_devtype(dev)) &&
-!startswith("dm-", udev_device_get_sysname(dev))) {
+!startswith(udev_device_get_sysname(dev), "dm-")) {
 bool part_table_read = false;
 bool has_partitions = false;
 int fd;
-- 
2.0.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] mdns support to networkd

2014-06-20 Thread Christian Hesse 
Lennart Poettering  on Fri, 2014/06/20 20:19:
> On Sat, 14.06.14 01:13, Vasiliy Tolstov (v.tols...@selfip.ru) wrote:
> 
> > As i see avahi development stopped.
> 
> Well, yeah, I am doign a shitty job at maintaining it.
> 
> > Does mdns support goes to networkd or no?
> 
> Well, no. But into systemd-resolved. Our plan is to turn
> systemd-resolved into an nscd compatible daemon that speaks dns/dnssec,
> mdns, llmnr, in the long run replacing avahi. 

Does this cover server functionality only or will there be client bits as
well?
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] networkd config for dummy0 interface

2014-06-30 Thread Christian Hesse 
Matthias Schiffer  on Mon, 2014/06/30 23:47:
> On 06/24/2014 12:25 PM, Tom Gundersen wrote:
> > On Tue, Jun 24, 2014 at 12:14 PM, Vasiliy Tolstov 
> > wrote:
> >> Hi. I have very strange task:
> > 
> > Not tested, but I would start with trying:
> > 
> >> 1) Nedd modprobe dummy
> > 
> > Use modules-load.d
> > 
> >> 2) Assign specific mac address to it
> > 
> > Possibly use .link files, or check if it is possible to spcify this as
> > module options (didn't check).
> > 
> >> 3) Bring up it
> >> 4) Assign specific address to it
> > 
> > Use a regular .network file... Should wokr.
> > 
> > HTH,
> > 
> > Tom
> 
> I'm not sure if this has changed recently, but I think it is not
> possible to use .link files to configure virtual network devices as
> there is _nothing_ to match on.

Sure. You have a name. That is what I tried first and it works perfectly.

[Match]
Name=dummy0

Or did I miss anything?

-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] networkd config for dummy0 interface

2014-06-30 Thread Christian Hesse 
Matthias Schiffer  on Tue, 2014/07/01 07:08:
> On 07/01/2014 05:56 AM, Christian Hesse wrote:
> > Matthias Schiffer  on Mon, 2014/06/30
> > 23:47:
> >> On 06/24/2014 12:25 PM, Tom Gundersen wrote:
> >>> On Tue, Jun 24, 2014 at 12:14 PM, Vasiliy Tolstov 
> >>> wrote:
> >>>> Hi. I have very strange task:
> >>>
> >>> Not tested, but I would start with trying:
> >>>
> >>>> 1) Nedd modprobe dummy
> >>>
> >>> Use modules-load.d
> >>>
> >>>> 2) Assign specific mac address to it
> >>>
> >>> Possibly use .link files, or check if it is possible to spcify this as
> >>> module options (didn't check).
> >>>
> >>>> 3) Bring up it
> >>>> 4) Assign specific address to it
> >>>
> >>> Use a regular .network file... Should wokr.
> >>>
> >>> HTH,
> >>>
> >>> Tom
> >>
> >> I'm not sure if this has changed recently, but I think it is not
> >> possible to use .link files to configure virtual network devices as
> >> there is _nothing_ to match on.
> > 
> > Sure. You have a name. That is what I tried first and it works perfectly.
> > 
> > [Match]
> > Name=dummy0
> > 
> > Or did I miss anything?
> > 
> 
> No, Name= matches only work in .network units, not in .link units. A
> link unit without any valid match option matches any interface though;
> so if you have a .link unit with Name=dummy0 in its [Match] section, it
> will actually be applied to dummy0... but also to all other interfaces,
> which can be very confusing.

Of course you are right. I do have a dummy0.network unit.
Sorry for the noise.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 2/2] man/sd_journal_get_data: fix variable naming in example

2014-07-01 Thread Christian Hesse 
From: Christian Hesse 

---
 man/sd_journal_get_data.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man/sd_journal_get_data.xml b/man/sd_journal_get_data.xml
index 343b680..1222939 100644
--- a/man/sd_journal_get_data.xml
+++ b/man/sd_journal_get_data.xml
@@ -225,7 +225,7 @@
 ...
 int print_fields(sd_journal *j) {
 const void *data;
-size_t l;
+size_t length;
 SD_JOURNAL_FOREACH_DATA(j, data, length)
 printf("%.*s\n", (int) length, data);
 }
-- 
2.0.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/2] man/sd_journal_next: fix argument in example

2014-07-01 Thread Christian Hesse 
From: Christian Hesse 

The example does not compile, it fails with:

error: passing argument 3 of ‘sd_journal_get_data’ from incompatible
pointer type

Cast to (const void **) to avoid this.
---
 man/sd_journal_next.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man/sd_journal_next.xml b/man/sd_journal_next.xml
index 0216d6e..5e691a1 100644
--- a/man/sd_journal_next.xml
+++ b/man/sd_journal_next.xml
@@ -183,7 +183,7 @@ int main(int argc, char *argv[]) {
 const char *d;
 size_t l;
 
-r = sd_journal_get_data(j, "MESSAGE", &d, &l);
+r = sd_journal_get_data(j, "MESSAGE", (const void **)&d, 
&l);
 if (r < 0) {
 fprintf(stderr, "Failed to read message field: %s\n", 
strerror(-r));
 continue;
-- 
2.0.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] regular expressions in sd_journal_add_match()

2014-07-01 Thread Christian Hesse 
Hello everybody,

I am using libsystemd to access the system journal. Playing with
sd_journal_add_match() it looks like I can only match strings. Regular
expressions are not supported, no?

Any chance to get this implemented? Or any reason not to implement this?
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/1] tests: skip test for test-unit-file when executed without privileges

2013-07-30 Thread Christian Hesse 
Hello everybody,

for me this test fails and I think it is correct to skip it in case
permission is denied. Patch attached.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
From 50ff13f7cf44f9e7e93c82f67ac777456b7e8364 Mon Sep 17 00:00:00 2001
From: Christian Hesse 
Date: Tue, 30 Jul 2013 11:35:25 +0200
Subject: [PATCH 1/1] tests: skip test for test-unit-file when executed without
 privileges

---
 src/test/test-unit-file.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index a7fe77a..e7924b5 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -36,7 +36,7 @@
 #include "strv.h"
 #include "fileio.h"
 
-static void test_unit_file_get_set(void) {
+static int test_unit_file_get_set(void) {
 int r;
 Hashmap *h;
 Iterator i;
@@ -46,6 +46,10 @@ static void test_unit_file_get_set(void) {
 assert(h);
 
 r = unit_file_get_list(UNIT_FILE_SYSTEM, NULL, h);
+	if (r == -EPERM || r == -EACCES) {
+		puts("unit_file_get_list: Permission denied. Skipping test.");
+		return EXIT_TEST_SKIP;
+	}
 log_info("unit_file_get_list: %s", strerror(-r));
 assert(r >= 0);
 
@@ -53,6 +57,8 @@ static void test_unit_file_get_set(void) {
 printf("%s = %s\n", p->path, unit_file_state_to_string(p->state));
 
 unit_file_list_free(h);
+
+	return 0;
 }
 
 static void check_execcommand(ExecCommand *c,
@@ -351,11 +357,13 @@ static void test_install_printf(void) {
 #pragma GCC diagnostic pop
 
 int main(int argc, char *argv[]) {
+	int r;
 
 log_parse_environment();
 log_open();
 
-test_unit_file_get_set();
+if ((r = test_unit_file_get_set()) != 0)
+		return r;
 test_config_parse_exec();
 test_load_env_file_1();
 test_load_env_file_2();
-- 
1.8.3.4



signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/1] tests: skip test for test-unit-file when executed without privileges

2013-07-30 Thread Christian Hesse 
Zbigniew Jędrzejewski-Szmek  on Tue, 2013/07/30 13:52:
> On Tue, Jul 30, 2013 at 11:50:54AM +0200, Christian Hesse wrote:
> > Hello everybody,
> > 
> > for me this test fails and I think it is correct to skip it in case
> > permission is denied. Patch attached.
> It *is* an error in the installation or environment if
> unit files cannot be read.

Stupid me... Please ignore this request. ;)

I had a service file installed to /usr/lib/systemd/system/ with permissions
just set to 0600, thus making the test fail for unprivileged users.
Sorry for the noise.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] brightness in tmpfiles.d

2013-08-12 Thread Christian Hesse 
Hello everybody,

I have a file /etc/tmpfiles.d/brightness.conf containing this line:

w /sys/class/backlight/acpi_video0/brightness - - - - 10

This used to set the brightness on boot, but broke lately. The path is
correct, so I assume this is a race condition. Any chance to get this work
again?
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] brightness in tmpfiles.d

2013-08-13 Thread Christian Hesse 
Mantas Mikulėnas  on Tue, 2013/08/13 00:27:
> On Mon, Aug 12, 2013 at 11:40 PM, Christian Hesse  wrote:
> > Hello everybody,
> >
> > I have a file /etc/tmpfiles.d/brightness.conf containing this line:
> >
> > w /sys/class/backlight/acpi_video0/brightness - - - - 10
> >
> > This used to set the brightness on boot, but broke lately. The path is
> > correct, so I assume this is a race condition. Any chance to get this work
> > again?
> 
> Sure, and it involves *not* using tmpfiles.d.
> 
> I cannot know for sure, but yes, it is likely that it *is* a race
> condition – tmpfiles.d being run before the relevant module gets
> inserted, device gets detected, or whatever. And the usual way for
> working with events like device detection is to write an udev rule
> that triggers after that specific device has appeared:
> 
> ACTION=="add", SUBSYSTEM=="backlight",
> KERNEL=="acpi_video0", ATTR{brightness}="10"
> 
> (I'm not 100% sure if the KERNEL match is correct. The rest should work.)

Makes sense to use udev for this kind of things... I am not sure why I
decided to use tmpfiles. Thanks for your hint!
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] fix return code for systemctl in chroot

2012-10-17 Thread Christian Hesse 
Hello everybody,

if 'systemctl enable' (and friends) is run inside chroot it always
exits with a bad return code. unit_file_enable() returns the number of
symlink rules that were supposed to be created. So resetting r to 0 and
exiting gracefully should be the correct way. At least it fixes it for me, my
supposed patch is attached.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 7d6a6a2..ae7a301 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -3660,7 +3660,8 @@ static int enable_unit(DBusConnection *bus, char **args) {
 if (r < 0) {
 log_error("Operation failed: %s", strerror(-r));
 goto finish;
-}
+} else
+			r = 0;
 
 if (!arg_quiet) {
 for (i = 0; i < n_changes; i++) {
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] fix typo in comment

2012-10-17 Thread Christian Hesse 
Hello everybody,

I found a typo in comment. Patch is attached, thanks!
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
diff --git a/src/shared/install.c b/src/shared/install.c
index a99c757..a9d75f3 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1515,7 +1515,7 @@ int unit_file_enable(
 
 /* This will return the number of symlink rules that were
 supposed to be created, not the ones actually created. This is
-useful to determine whether the passed files hat any
+useful to determine whether the passed files had any
 installation data at all. */
 r = install_context_apply(&c, &paths, config_path, root_dir, force, changes, n_changes);
 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Hybrid-sleep needs to be executed bu superuser

2012-12-17 Thread Christian Hesse 
Federico Di Pierro  on Mon, 2012/12/17 21:19:
> Hi!
> I'm using systemd 196 on my archlinux, with linux 3.7.0 .
> I found out that "systemctl hybrid-sleep" needs to be ran as root. While my
> session is active (using systemd-logind feature), and in fact i can
> hibernate/poweroff/suspend with my normal user. But hybrid-sleep still
> requires superuser privileges.
> Is there any reason?
> Thanks for your time!

I suppose this is just polkit missing the correct rules. Take a look
at /usr/share/polkit-1/actions/org.freedesktop.login1.policy and add the
block needed. I will take a look tomorrow if you did not success till then.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Hybrid-sleep needs to be executed bu superuser

2012-12-17 Thread Christian Hesse 
Christian Hesse  on Mon, 2012/12/17 21:33:
> Federico Di Pierro  on Mon, 2012/12/17 21:19:
> > Hi!
> > I'm using systemd 196 on my archlinux, with linux 3.7.0 .
> > I found out that "systemctl hybrid-sleep" needs to be ran as root. While
> > my session is active (using systemd-logind feature), and in fact i can
> > hibernate/poweroff/suspend with my normal user. But hybrid-sleep still
> > requires superuser privileges.
> > Is there any reason?
> > Thanks for your time!
> 
> I suppose this is just polkit missing the correct rules. Take a look
> at /usr/share/polkit-1/actions/org.freedesktop.login1.policy and add the
> block needed. I will take a look tomorrow if you did not success till then.

Damn, I was wrong... Polkit has anything it needs, if a system is allowed to
hibernate it is also allowed to hybrid-sleep (from polkit's point of view).
Probably Mantas' solution works, take a look at his post.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] login problems

2013-04-29 Thread Christian Hesse 
Hello everybody,

ok, this looks very tricky... I have no idea what happens and I have no way
to reproduce this. It just happens from time to time - very seldom.

If this happens I am not able to log in from lxdm and getty. The only way back
into the system is getting a failed login from getty, it succeeds after the
process has been restarted. From there I can restart lxdm unit.

Looks like lxdm-binary gets 'permission denied' when accessing some file.
This is strace from lxdm-binary, grepped for 'EACCES':

open("/etc/pam.d/eworm-yubico-otp", O_RDONLY) = -1 EACCES (Permission denied)
open("/var/log/faillog", O_RDWR)= -1 EACCES (Permission denied)
open("/var/log/faillog", O_RDONLY)  = -1 EACCES (Permission denied)
open("/dev/bus/usb/001/002", O_RDWR)= -1 EACCES (Permission denied)
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

lxdm-binary is running with user and group 'root' so I do not understand why
permissions for other take effect.

This is an Arch Linux system with Linux 3.8.8-1-ARCH and systemd 202-1.
Any ideas?
-- 
Schoene Gruesse
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] login problems

2013-04-29 Thread Christian Hesse 
Zbigniew Jędrzejewski-Szmek  on Tue, 2013/04/30 01:05:
> On Tue, Apr 30, 2013 at 12:03:24AM +0200, Christian Hesse wrote:
> > Hello everybody,
> > 
> > ok, this looks very tricky... I have no idea what happens and I have no
> > way to reproduce this. It just happens from time to time - very seldom.
> > 
> > If this happens I am not able to log in from lxdm and getty. The only way
> > back into the system is getting a failed login from getty, it succeeds
> > after the process has been restarted. From there I can restart lxdm unit.
> > 
> > Looks like lxdm-binary gets 'permission denied' when accessing some file.
> > This is strace from lxdm-binary, grepped for 'EACCES':
> > 
> > open("/etc/pam.d/eworm-yubico-otp", O_RDONLY) = -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDWR)= -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDONLY)  = -1 EACCES (Permission
> > denied) open("/dev/bus/usb/001/002", O_RDWR)= -1 EACCES (Permission
> > denied) open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission
> > denied)
> > 
> > lxdm-binary is running with user and group 'root' so I do not understand
> > why permissions for other take effect.
> > 
> > This is an Arch Linux system with Linux 3.8.8-1-ARCH and systemd 202-1.
> > Any ideas?
> Are you using selinux, runinng in enforcing mode? How soon after boot,
> and how soon after selinux policy is loaded, does this happen?

No selinux, just the standard Arch kernel.

It happens once a week or even less.
Once I thought this was triggered by dkms unit recompiling kernel modules.
Possibly dkms is a factor, but not the only one.

I suppose there is any kind of race condition involved. This is a fast system
- i7 3rd gen with Crucial SSD.
-- 
Schoene Gruesse
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] login problems

2013-05-03 Thread Christian Hesse 
Lennart Poettering  on Fri, 2013/05/03 16:30:
> On Tue, 30.04.13 00:03, Christian Hesse (m...@eworm.de) wrote:
> 
> > Hello everybody,
> > 
> > ok, this looks very tricky... I have no idea what happens and I have no
> > way to reproduce this. It just happens from time to time - very seldom.
> > 
> > If this happens I am not able to log in from lxdm and getty. The only way
> > back into the system is getting a failed login from getty, it succeeds
> > after the process has been restarted. From there I can restart lxdm unit.
> > 
> > Looks like lxdm-binary gets 'permission denied' when accessing some file.
> > This is strace from lxdm-binary, grepped for 'EACCES':
> > 
> > open("/etc/pam.d/eworm-yubico-otp", O_RDONLY) = -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDWR)= -1 EACCES (Permission
> > denied) open("/var/log/faillog", O_RDONLY)  = -1 EACCES (Permission
> > denied) open("/dev/bus/usb/001/002", O_RDWR)= -1 EACCES (Permission
> > denied) open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission
> > denied)
> > 
> > lxdm-binary is running with user and group 'root' so I do not understand
> > why permissions for other take effect.
> > 
> > This is an Arch Linux system with Linux 3.8.8-1-ARCH and systemd 202-1.
> > Any ideas?
> 
> My guess is that lxdm is broken and reuses the process that invokes the
> PAM session hooks? That means the first login on the display would work,
> but the second one wouldn't.
> 
> PAM clients need to open the PAM session in a process, then fork the
> child off, wait for it to die via waitpid, then close the PAM session in
> the original process, and then exit in that original process. Everything
> else is broken.

Uh... Just wanted to collect some more data and found a pam config file
include loop - I will try without now. ;)

I will report back if this does not help. Sorry for the noise and thanks for
your help!
-- 
Schoene Gruesse
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org


signature.asc
Description: PGP signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemctl runs systemd-tty-ask-password-agent and hangs?

2011-04-20 Thread Christian Hesse 
On Tue, 19 Apr 2011 17:02:51 +0200 Albert Strasheim  wrote:
> Hello again
> 
> I had the same problem again today trying to start a service.

Hello everybody,

I have the same problem on a number of Arch Linux Systems. The boot process
stalls untill dev-{vg-{home,swap},bt-boot}.device times out after three
minutes. After the system has booted /home and /boot are not mountet, swap is
not activated. Running "systemctl start dev-vg-home.device" times out after
three minutes as well, however I can mount the filesystems manually.
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemctl runs systemd-tty-ask-password-agent and hangs?

2011-04-20 Thread Christian Hesse 
On Wed, 20 Apr 2011 16:04:55 +0200
Lennart Poettering  wrote:

> On Wed, 20.04.11 12:12, Christian Hesse (l...@eworm.de) wrote:
> 
> > 
> > On Tue, 19 Apr 2011 17:02:51 +0200 Albert Strasheim
> >  wrote:
> > > Hello again
> > > 
> > > I had the same problem again today trying to start a service.
> > 
> > Hello everybody,
> > 
> > I have the same problem on a number of Arch Linux Systems. The boot
> > process stalls untill dev-{vg-{home,swap},bt-boot}.device times out
> > after three minutes. After the system has booted /home and /boot
> > are not mountet, swap is not activated. Running "systemctl start
> > dev-vg-home.device" times out after three minutes as well, however
> > I can mount the filesystems manually.
> 
> Sounds like LVM borkage.
> 
> Note that you need an up-to-date LVM with udev support enabled and it
> must be the same version in your initrd as in your main system.

This is lvm2-2.02.84-1 and udev-167-1. lvm2 is compiled with these
options (among others):

--with-udevdir=/lib/udev/rules.d/ --enable-udev_sync --enable-udev_rules

So I assume everything should be fine. My initrd is up to date.

Any ideas how to debug this?
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemctl runs systemd-tty-ask-password-agent and hangs?

2011-04-20 Thread Christian Hesse 
On Wed, 20 Apr 2011 16:35:51 +0200
Christian Hesse  wrote:

> On Wed, 20 Apr 2011 16:04:55 +0200
> Lennart Poettering  wrote:
> 
> > On Wed, 20.04.11 12:12, Christian Hesse (l...@eworm.de) wrote:
> > 
> > > 
> > > On Tue, 19 Apr 2011 17:02:51 +0200 Albert Strasheim
> > >  wrote:
> > > > Hello again
> > > > 
> > > > I had the same problem again today trying to start a service.
> > > 
> > > Hello everybody,
> > > 
> > > I have the same problem on a number of Arch Linux Systems. The
> > > boot process stalls untill dev-{vg-{home,swap},bt-boot}.device
> > > times out after three minutes. After the system has booted /home
> > > and /boot are not mountet, swap is not activated. Running
> > > "systemctl start dev-vg-home.device" times out after three
> > > minutes as well, however I can mount the filesystems manually.
> > 
> > Sounds like LVM borkage.
> > 
> > Note that you need an up-to-date LVM with udev support enabled and
> > it must be the same version in your initrd as in your main system.
> 
> This is lvm2-2.02.84-1 and udev-167-1. lvm2 is compiled with these
> options (among others):
> 
> --with-udevdir=/lib/udev/rules.d/ --enable-udev_sync
> --enable-udev_rules
> 
> So I assume everything should be fine. My initrd is up to date.
> 
> Any ideas how to debug this?

Ok, got one step further I think.
The scripts in my initrd call

$ /sbin/vgchange --sysinit -a y

I think this breaks udev in any way? After calling

$ vgchange -a n && vgchange -a y

everything seems to work fine. I can run

$ systemctl start dev-bt-boot.device

without any delay. So what is acting the wrong way?
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemctl runs systemd-tty-ask-password-agent and hangs?

2011-04-20 Thread Christian Hesse 
On Wed, 20 Apr 2011 18:41:33 +0200 Lennart Poettering
 wrote:
> On Wed, 20.04.11 17:01, Christian Hesse (l...@eworm.de) wrote:
> 
> > Ok, got one step further I think.
> > The scripts in my initrd call
> > 
> > $ /sbin/vgchange --sysinit -a y
> > 
> > I think this breaks udev in any way? After calling
> > 
> > $ vgchange -a n && vgchange -a y
> > 
> > everything seems to work fine. I can run
> > 
> > $ systemctl start dev-bt-boot.device
> > 
> > without any delay. So what is acting the wrong way?
> 
> Most likely your lvm in the initrd does not match up with the installed
> one or the udev db gets lost on the way. This has little to do with
> systemd itself btw.

The udev db was the problem... My initrd did not handle /run correctly (or at
all). However the fix is very simple: Update to mkinitcpio-0.6.10-1 from
[testing].

Thanks a lot for your help!
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

2011-04-29 Thread Christian Hesse 
On Fri, 29 Apr 2011 08:41:37 +0200 Michał Piotrowski 
wrote:
> W dniu 29 kwietnia 2011 04:09 użytkownik Jasper Boot
>  napisał:
> > Hi,
> > 2011/4/29 Michał Piotrowski 
> >>
> >> Hi,
> >>
> >> By the way, maybe it would be good to think about the meaning of /srv
> >> existance? For seven years FHS requires that this directory exists
> >> http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> >> but "The methodology used to name subdirectories of /srv is
> >> unspecified as there is currently no consensus on how this should be
> >> done" - so even the authors of the standard did not have anything to
> >> say about how this directory should be used. Is there a rational
> >> reason for the existence of this directory besides FHS conformance?
> >
> >
> > For years now I've been using /srv to contain the content for the various
> > (world visible) services my machines run. Instead of having a mix of
> > /var/www/ /home/apache /home/httpd/ /var/lib/mysql/ /var/named/ and other
> > directories the different distributions come up with (usually somewhere in
> > /var), I've standardized on /srv/www /srv/svn /srv/git/ /srv/mysql and
> > /srv/dns for all machines and distros. Instead of just getting rid of
> > such a useful directory I'd rather see an effort to come up with a beter
> > standardization / description.
> > Because /var already contains a lot of other variable/transient data, e.g.
> > log, spool and temporary files, I like the fact that I can have another
> > hierarchy for 'content' data instead of 'variable run/state' data. In /srv
> > is the really important data I need to backup and restore; /var is just
> > variable data that is needed in a running system, but isn't that essential
> > and specific to my system. You could almost say that /srv is the
> > system-wide /home in my case.
> 
> Ok, so it has some use. For the purpose that you described I use
> "data" dir that is somewhere on other than / partition
> 
> $ ls /home/data/
> backup  mysql  pgsql  www
> 
> Probably I should use /srv for this, but this would mean that I need
> yet another partition.

$ mount --move /home/data/ /srv/

However I do use /home/data/ (for music, videos, etc...) and /srv/ (for www,
ftp, tftp, etc...) Perhaps I show think about unifying this.
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] tmux / screen

2011-05-27 Thread Christian Hesse 
Hello everybody,

I've set up pam to use pam_systemd.so. This way tmux and screen work,
but other processes started in this session will continue to run after
the user logs out.

I would like to set kill-user=1 or kill-session=1, but that breaks tmux
and screen.
What is the correct fix for that? Do these applications need
support for pam? Calling pam_systemd themself and getting their own
cgroup could workaround this, doesn't it?
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] tmux / screen

2011-06-16 Thread Christian Hesse 
Lennart Poettering  on Wed, 15 Jun 2011 21:17:15
+0200:
> On Fri, 27.05.11 16:45, Christian Hesse (l...@eworm.de) wrote:
> 
> > Hello everybody,
> > 
> > I've set up pam to use pam_systemd.so. This way tmux and screen work,
> > but other processes started in this session will continue to run after
> > the user logs out.
> > 
> > I would like to set kill-user=1 or kill-session=1, but that breaks tmux
> > and screen.
> > What is the correct fix for that? Do these applications need
> > support for pam? Calling pam_systemd themself and getting their own
> > cgroup could workaround this, doesn't it?
> 
> Yes, if screen should be considered an independent session then it
> should invoke the PAM session hooks and systemd will do the right thing.
> 
> In order not to break screen we currently do not set kill-user=1 or
> kill-session=1. 
> 
> Note that in some cases it might be a good thing to kill screen sessions
> when the user otherwise logs out (think university, where students not
> logged in on a workstation should not be able to waste CPU), in other
> cases its a bad thing however (i.e. in yours). That means it must be
> configurable whether screen is considered an independent session or not.

Configuring this is up to the administrator. He/She would be able to
configure this in /etc/pam.d/{screen,tmux}.

I've asked in the tmux mailing list. Seems like the devs tend to not include
pam support:

> I'm not convinced tmux should need PAM support to do something perfectly
> normal.

And:

> I don't think this is something the application should need to
> configure, you should be able to configure it in systemd [...]

However...
I have a script that creates a new cgroup via libcgroup [0] and
launches tmux within this cgroup. If anybody is interested please take
a look at my Arch package [1].

IMHO this is just a workaround.
Sadly my programming skills did not allow to add pam support myself. If
anybody has a patch I would like to test.

[0] http://libcg.sf.net/
[1] http://arch.lugor.de/eworm/x86_64/tmux-cgroup-0.0.2-1-any.pkg.tar.xz
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Trying to build on a new LFS system.

2011-06-20 Thread Christian Hesse 
Stef Bon  on Mon, 20 Jun 2011 15:15:57 +0200:
> Thanks a lot,
> 
> 
> And how do I select the services to be started at boot time??
> 
> I've seen lots of documentation, and possibly I did not read good
> enough.

Just add "init=/bin/systemd" to you boot options.
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] WorkingDirectory in service file

2011-11-22 Thread Christian Hesse 
Hello everybody,

I use a service file for openvpn from the Arch Linux systemd-arch-units
package:

[Unit]
Description=OpenVPN connection to %i
After=network.target

[Service]
Type=forking
ExecStart=/usr/sbin/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i
WorkingDirectory=/etc/openvpn

[Install]
WantedBy=multi-user.target

Looks like WorkingDirectory is ignored and the real working directory is / as
I have to call scripts within the configuration with absolute paths. pwd run
inside a script gives "/".
Everything works as expected (with relative paths) when launching openvpn
from /etc/openvpn manually. Any hints what goes wrong?
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] WorkingDirectory in service file

2011-11-23 Thread Christian Hesse 
Christian Hesse  on Tue, 22 Nov 2011 14:44:01 +0100:
> [...]
> Looks like WorkingDirectory is ignored and the real working directory
> is / as I have to call scripts within the configuration with absolute
> paths. pwd run inside a script gives "/".
> Everything works as expected (with relative paths) when launching
> openvpn from /etc/openvpn manually. Any hints what goes wrong?

Ok, solved this...
systemd works as expected but openvpn does a chdir("/") when forking to
background. In respect to daemon(3) this seems to be the expected
behavior.
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] WorkingDirectory in service file

2011-11-24 Thread Christian Hesse 
Colin Guthrie  on Thu, 24 Nov 2011 20:51:19 +:
> 'Twas brillig, and Christian Hesse at 23/11/11 20:07 did gyre and gimble:
> > Christian Hesse  on Tue, 22 Nov 2011 14:44:01 +0100:
> >> [...]
> >> Looks like WorkingDirectory is ignored and the real working directory
> >> is / as I have to call scripts within the configuration with absolute
> >> paths. pwd run inside a script gives "/".
> >> Everything works as expected (with relative paths) when launching
> >> openvpn from /etc/openvpn manually. Any hints what goes wrong?
> > 
> > Ok, solved this...
> > systemd works as expected but openvpn does a chdir("/") when forking to
> > background. In respect to daemon(3) this seems to be the expected
> > behavior.
> 
> 
> One "solution" here might be to not call --daemon NAME, but instead call
> --syslog NAME and set Type=simple in the systemd unit.
> 
> This should keep openvpn in the foreground and use systemd's
> backgounding and hopefully the WorkingDirectory thing will work.
> 
> Not sure if you really need this, or if it was more of a random query..

It works as it is now. The one drawback is that I have to give absolut paths
to the up and route-up scripts.
I think it's ok now that I know the reason. ;)
-- 
Schoene Gruesse
Chris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] User services

2012-01-23 Thread Christian Hesse 
Hello everybody,

I think systemd caring about session is a great idea and I added
"kill-session-processes=1" to systemd's configuration in pam files.
However this brings some problems. (Two for me to be precisely.)

First one was tmux. Detaching a tmux session and logging off used to kill the
tmux session as well. I fixed this with a patch by Ben Boeckel, adding pam
support to tmux. The tmux server now starts a pam session, thus systemd does
no longer kill it. If anybody is interested:
http://www.eworm.de/download/linux/tmux-pam.patch
(Though the tmux maintains are not willing to include it as they think it's a
design flaw in systemd to kill processes if a session ends.)

Ok, now my "real" problem. How about services started for a user?
ssh-agent for example suffers the same problem. I used to start one instance
per user, sharing socket information via temporary file. systemd kills
ssh-agent if my first session is closed, leaving all others without
authentication daemon.

Anybody with a solution for that?
I thought about a ssh-agent@.service file that has a service section like
that:

[Service]
Type=forking
User=%i
ExecStart=/usr/bin/ssh-agent > /run/ssh-agent@%i

But I could not find a solution how to start a process for a user. Any
thoughts, solutions, whatelse?
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd v4[01] and graphical login managers

2012-02-09 Thread Christian Hesse 
Hello everybody,

starting with systemd v40 I have problems with graphical login managers
(tested with lightdm and slim on Arch).
After successful user authentication the login manager is killed by
systemd-logind with SIGTERM. I think this is because of the changes in commit
"logind: if we have to stop a session, kill at least its leader" - not sure
though. Anybody else with this problem?
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd v4[01] and graphical login managers

2012-02-09 Thread Christian Hesse 
Lennart Poettering  on Thu, 9 Feb 2012 19:38:39 +0100:
> On Thu, 09.02.12 18:50, Christian Hesse (l...@eworm.de) wrote:
> 
> > Hello everybody,
> > 
> > starting with systemd v40 I have problems with graphical login managers
> > (tested with lightdm and slim on Arch).
> > After successful user authentication the login manager is killed by
> > systemd-logind with SIGTERM. I think this is because of the changes in
> > commit "logind: if we have to stop a session, kill at least its leader" -
> > not sure though. Anybody else with this problem?
> 
> Yes, there have been similar reports.

Glad to hear I am not the only one... Could not find any reports so far.

> I am not entirely sure what's
> going on here, but it's most likely by code that closes all open fds
> after the PAM session start hook finished in the parent process of login
> processes. It's OK to close all open fds in the child, but it's not OK
> to do so in the parent.
> 
> systemd-logind tracks open sessions by keeping open a FIFO fd to the PAM
> session client. When the session client dies then systemd will see that
> as EOF. Now, if the PAM client side eagerly closes all fds it finds this
> will trigger an immediate end of session.

Can I help tracking this down? Let me know what to do.

I suppose testing with kdm and/or gdm does not help, does it? I am pretty
sure my pam setup is ok.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User services

2012-02-09 Thread Christian Hesse 
Gustavo Sverzut Barbieri  on Mon, 23 Jan 2012
12:22:46 -0200:
> On Mon, Jan 23, 2012 at 11:51 AM, Mike Kazantsev 
> wrote:
> > On Mon, 23 Jan 2012 09:16:52 +0100
> > Christian Hesse  wrote:
> > > I think systemd caring about session is a great idea and I added
> > > "kill-session-processes=1" to systemd's configuration in pam files.
> > > However this brings some problems. [...]
>
> Guys, you're misunderstanding that setting usage and the purpose.
> 
> People who will set kill-session-processes=1 are sysadmins that really
> do not want user processes to stay after they went out. Imagine an
> university campus, you do not want one student to leave background
> tasks after he logged out, they could interfere with the next student.

With todays desktops and notebook using suspend and hibernate and running for
days, weeks or even month this does make sense.

I can remember situations where a broken script starts a new ssh-agent every
time I started an interactive shell.
Or starting a dhcp daemon for testing purposes and wondering what confuses
the network the next location I connect to.
I can consider a lot more situations.

> For common desktops/laptops there should be no need for this setting,
> that's why it's off by default.

Till now I thought this is the "safe default" rather than what is expected
the final goal.

However I am nearly happy now. tmux with pam support works fine and starting
an ssh-agent (or in my case gpg-agent with ssh support) with the X
session suits nearly all my use cases.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd v4[01] and graphical login managers

2012-02-10 Thread Christian Hesse 
Lennart Poettering  on Thu, 9 Feb 2012 22:29:38 +0100:
> On Thu, 09.02.12 20:57, Christian Hesse (l...@eworm.de) wrote: 
> > > systemd-logind tracks open sessions by keeping open a FIFO fd to the PAM
> > > session client. When the session client dies then systemd will see that
> > > as EOF. Now, if the PAM client side eagerly closes all fds it finds this
> > > will trigger an immediate end of session.
> > 
> > Can I help tracking this down? Let me know what to do.
> 
> Well, strace the PAM client which invokes the PAM session hooks and
> figure out where exactly the fifo is closed and by what piece of
> code. The FIFO fd is received via a dbus reply (which you'll see as a
> recvmsg() with an SCM_RIGHTS param, followed by an fcntl(F_DUPFD)), and
> you'd need to trace where it gets closed in the parent process.

Here is my trace:
http://www.eworm.de/tmp/lightdm.log

I think this is the code closing the fd:
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/view/head:/src/pam-session.c#L393
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd v4[01] and graphical login managers

2012-02-10 Thread Christian Hesse 
Lennart Poettering  on Fri, 10 Feb 2012 21:02:03
+0100:
> On Fri, 10.02.12 09:48, Christian Hesse (l...@eworm.de) wrote:
> 
> > 
> > Lennart Poettering  on Thu, 9 Feb 2012 22:29:38
> > +0100:
> > > On Thu, 09.02.12 20:57, Christian Hesse (l...@eworm.de) wrote: 
> > > > > systemd-logind tracks open sessions by keeping open a FIFO fd to
> > > > > the PAM session client. When the session client dies then systemd
> > > > > will see that as EOF. Now, if the PAM client side eagerly closes
> > > > > all fds it finds this will trigger an immediate end of session.
> > > > 
> > > > Can I help tracking this down? Let me know what to do.
> > > 
> > > Well, strace the PAM client which invokes the PAM session hooks and
> > > figure out where exactly the fifo is closed and by what piece of
> > > code. The FIFO fd is received via a dbus reply (which you'll see as a
> > > recvmsg() with an SCM_RIGHTS param, followed by an fcntl(F_DUPFD)), and
> > > you'd need to trace where it gets closed in the parent process.
> > 
> > Here is my trace:
> > http://www.eworm.de/tmp/lightdm.log
> > 
> > I think this is the code closing the fd:
> > http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/view/head:/src/pam-session.c#L393
> 
> Well, but normally the PAM session should only be closed after the user
> logged out again. Why is this invoked so early?

Looks like lightdm starts a root pam session for the greeter. That is closed
before the user pam session ist started...
Sounds wired - hope I will find some time to take a look at the code. Anybody
here familiar with pam clients?

Anyway... slim is not split into core and greeter. Does it act the same
nevertheless? Will take a look at that, too.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd v4[01] and graphical login managers

2012-02-10 Thread Christian Hesse 
Cristian Rodríguez  on Fri, 10 Feb 2012 18:05:42
-0300:
> On 09/02/12 14:50, Christian Hesse wrote:
> > Hello everybody,
> >
> > starting with systemd v40 I have problems with graphical login managers
> > (tested with lightdm and slim on Arch).
> > After successful user authentication the login manager is killed by
> > systemd-logind with SIGTERM. I think this is because of the changes in
> > commit "logind: if we have to stop a session, kill at least its leader" -
> > not sure though. Anybody else with this problem?
> 
> I am having a very similar problem with current HEAD
> 
> "sudo" does no longer work
> 
> % sudo -s
> % id
> uid=1000(crrodriguez)
> 
> 
> su - works, but after typing "exit" it says "killed" () downgrading 
> to systemd 37 solves to problem.,

Same problem here. (Did not care a lot as it happens when closing the
session.)
This may be related to what I reported in this thread, but it is not
identical. The login manager problem raised with systemd v40 whereas your
problem was present in systemd v39 or before. (Probably you are right and v38
was the first version having this problem.)

BTW, whatever gets killed receives a SIGKILL, I have bash error code 137
(from man bash: The return value of a simple command is [...] 128+n if the
command is terminated by signal n).
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd v4[01] and graphical login managers

2012-02-11 Thread Christian Hesse 
Lennart Poettering  on Sat, 11 Feb 2012 00:59:47
+0100:
> On Fri, 10.02.12 22:34, Christian Hesse (l...@eworm.de) wrote:
> 
> > > > > Well, strace the PAM client which invokes the PAM session hooks and
> > > > > figure out where exactly the fifo is closed and by what piece of
> > > > > code. The FIFO fd is received via a dbus reply (which you'll see as
> > > > > a recvmsg() with an SCM_RIGHTS param, followed by an
> > > > > fcntl(F_DUPFD)), and you'd need to trace where it gets closed in
> > > > > the parent process.
> > > > 
> > > > Here is my trace:
> > > > http://www.eworm.de/tmp/lightdm.log
> > > > 
> > > > I think this is the code closing the fd:
> > > > http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/view/head:/src/pam-session.c#L393
> > > 
> > > Well, but normally the PAM session should only be closed after the user
> > > logged out again. Why is this invoked so early?
> > 
> > Looks like lightdm starts a root pam session for the greeter. That is
> > closed before the user pam session ist started...
> 
> It should be starting a PAM session for the greeter, but definitely not
> for "root". That would mean their entire greeter runs as root? THat's a
> really bad idea.

By default, yes.
But it can be configured to use another user... Using 'lightdm' for that on
my system now.

> The greeter should have its own PAM session so that systemd-logind know
> about it and can rearrange access control to devices such as soundcards
> properly, so that screenreaders and event sounds work.
> 
> > Anyway... slim is not split into core and greeter. Does it act the same
> > nevertheless? Will take a look at that, too.
> 
> Umpf. Their entire stuff runs as a single process? So if their UI
> toolkit is borked you just became root? That sounds really bad. 

Indeed...

> Can't really believe Ubuntu ships with such a setup by default.

AFAIK Ubuntu ships with lightdm, not slim.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] special characters in console

2012-03-20 Thread Christian Hesse 
Hello everybody,

I used to have problems with special characters in console, this includes
German umlauts (ä, ö, ü & ß) and pseudo graphical stuff produced by pstree,
tmux and friends.

I fix to by appending " linux" to the agetty command in getty@.service. Is
there anything wring with doing that? Patch is attached.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
--- systemd/units/getty@.service.m4	2012-03-20 17:07:22.687970800 +0100
+++ systemd/units/getty@.service.m4	2012-03-20 17:07:49.423944289 +0100
@@ -18,7 +18,7 @@ Before=getty.target
 
 [Service]
 Environment=TERM=linux
-ExecStart=-/sbin/agetty %I 38400
+ExecStart=-/sbin/agetty %I 38400 linux
 Restart=always
 RestartSec=0
 UtmpIdentifier=%I
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] special characters in console

2012-03-20 Thread Christian Hesse 
Kay Sievers  on Tue, 2012/03/20 17:34:
> On Tue, Mar 20, 2012 at 17:22, Christian Hesse  wrote:
> > I used to have problems with special characters in console, this includes
> > German umlauts (ä, ö, ü & ß) and pseudo graphical stuff produced by
> > pstree, tmux and friends.
> >
> > I fix to by appending " linux" to the agetty command in getty@.service. Is
> > there anything wring with doing that? Patch is attached.
> 
> What's the output of 'locale' and 'echo $TERM' on your system?

$ locale
LANG=en_US.utf8
LC_CTYPE=de_DE.utf8
LC_NUMERIC=de_DE.utf8
LC_TIME="en_US.utf8"
LC_COLLATE=de_DE.utf8
LC_MONETARY=de_DE.utf8
LC_MESSAGES="en_US.utf8"
LC_PAPER=de_DE.utf8
LC_NAME=de_DE.utf8
LC_ADDRESS=de_DE.utf8
LC_TELEPHONE=de_DE.utf8
LC_MEASUREMENT=de_DE.utf8
LC_IDENTIFICATION=de_DE.utf8
LC_ALL=

$ echo $TERM
linux
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] special characters in console

2012-03-20 Thread Christian Hesse 
Christian Hesse  on Tue, 2012/03/20 18:16:
> I used to have problems with special characters in console, this
> includes German umlauts (ä, ö, ü & ß) and pseudo graphical stuff
> produced by pstree, tmux and friends.
>
> I fix to by appending " linux" to the agetty command in getty@.service.
> Is there anything wring with doing that? Patch is attached.

Ok, forget about it... Was confused by my habits.

It's independent from whether or not I give agetty a terminal via argument.
(Anything else should be very wired as "linux" is the default for linux
systemd. ;) )

The problem occurs on tty1. tty2 to tty6 are ok. So what is different with
tty1?
BTW, this is an Arch system.
-- 
Schoene Gruesse
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] special characters in console

2012-03-20 Thread Christian Hesse 
Lennart Poettering  on Tue, 2012/03/20 21:19:
> On Tue, 20.03.12 20:24, Christian Hesse (m...@eworm.de) wrote:
> 
> > 
> > Christian Hesse  on Tue, 2012/03/20 18:16:
> > > I used to have problems with special characters in console, this
> > > includes German umlauts (ä, ö, ü & ß) and pseudo graphical stuff
> > > produced by pstree, tmux and friends.
> > >
> > > I fix to by appending " linux" to the agetty command in getty@.service.
> > > Is there anything wring with doing that? Patch is attached.
> > 
> > Ok, forget about it... Was confused by my habits.
> > 
> > It's independent from whether or not I give agetty a terminal via
> > argument. (Anything else should be very wired as "linux" is the default
> > for linux systemd. ;) )
> > 
> > The problem occurs on tty1. tty2 to tty6 are ok. So what is different with
> > tty1?
> > BTW, this is an Arch system.
> 
> Hmm, so we load the screen font in systemd-vconsole-setup, and this
> currently assumes to be invoked at a time where only one VT is allocated
> so that the font is inherited by all VTs created after that.
> 
> Is it possible that for you the VTs are allocated already very early at
> boot and hence don't get the font applied?
> 
> If this is your problem then the right fix is probably to change setfont
> so that it is capable of applying the font to all allocated VTs instead
> of just the first.

Ok, found the problem... Kind of.
This time for real I think. :D

It's the keymap hook (with install script [0] and hook itself [1]) from
Arch's mkinitcpio.

Setting the console font is not a problem, I have the correct font on all
ttys. Also setting consolefont in initrd via consolefont hook is not a
problem.

Will take a look at that soon. Thanks for your help!

[0] http://projects.archlinux.org/mkinitcpio.git/tree/install/keymap
[1] http://projects.archlinux.org/mkinitcpio.git/tree/hooks/keymap
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] pam_systemd.so and su

2012-03-22 Thread Christian Hesse 
Lennart Poettering  on Thu, 2012/03/22 02:11:
> On Thu, 22.03.12 00:41, Lennart Poettering (lenn...@poettering.net) wrote:
> 
> > On Sun, 18.03.12 16:08, Canek Peláez Valdés (can...@gmail.com) wrote:
> > 
> > > Hi; I'm using systemd 43 in Gentoo, and I usally have this line at the
> > > end of /etc/pam.d/system-auth:
> > > 
> > > -sessionoptionalpam_systemd.so
> > > 
> > > When I use su to become root, after logout the following message
> > > appears:
> > > 
> > >  ...killed.
> > > 
> > > Not always, but most of the time. Without the line with
> > > pam_systemd.so, the message never appears.
> > > 
> > > So, two questions:
> > > 
> > > 1. Why is my session being killed at logout time?
> > > 
> > > 2. The pam_systemd.so is really necessary? The "...killed." message
> > > appears after two or three seconds, and it's slightly annoying.
> > 
> > Which version of systemd is this? (If it isnt 44, please upgrade first,
> > then try to reproduce this)
> > 
> > Do you have audit enabled in the kernel and are using pam_loginuid?
> > 
> > Normally, when the pam session close hooks are called logind responds to
> > this by killing the main process of the session if it still
> > exists. This is probably the source of the problem here.
> 
> I have now commited a patch to git that might fix your issue. Please
> test:
> 
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=75c8e3cffd7da8eede614cf61384957af2c82a29
> 
> I assume this fixes your problem, but since our kernels actually have
> audit enabled I am a bit too lazy trying to reproduce the issue here, so
> I'd be very thankful if you could test this!

This fixes it for me. Thanks a lot!

Though this brings another problem: I have tmux with pam support (don't know
the original link but have a copy of the patch on my personal webserver [0]).
I used to have an alias

alias tmux="tmux attach || tmux"

which tries to attach to a session and opens a new one if it fails. I had to
change this to

alias tmux "tmux attach || sleep 0.1 && tmux"

to make it work again. So maybe there's a race condition anywhere? However I
am happy with that workaround.

[0] http://www.eworm.de/download/linux/tmux-pam.patch
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] pam_systemd.so and su

2012-03-28 Thread Christian Hesse 
Lennart Poettering  on Tue, 2012/03/27 12:58:
> On Thu, 22.03.12 12:11, Christian Hesse (l...@eworm.de) wrote:
> 
> > > > Do you have audit enabled in the kernel and are using pam_loginuid?
> > > > 
> > > > Normally, when the pam session close hooks are called logind responds
> > > > to this by killing the main process of the session if it still
> > > > exists. This is probably the source of the problem here.
> > > 
> > > I have now commited a patch to git that might fix your issue. Please
> > > test:
> > > 
> > > http://cgit.freedesktop.org/systemd/systemd/commit/?id=75c8e3cffd7da8eede614cf61384957af2c82a29
> > > 
> > > I assume this fixes your problem, but since our kernels actually have
> > > audit enabled I am a bit too lazy trying to reproduce the issue here, so
> > > I'd be very thankful if you could test this!
> > 
> > This fixes it for me. Thanks a lot!
> > 
> > Though this brings another problem: I have tmux with pam support (don't
> > know the original link but have a copy of the patch on my personal
> > webserver [0]). I used to have an alias
> > 
> > alias tmux="tmux attach || tmux"
> > 
> > which tries to attach to a session and opens a new one if it fails. I had
> > to change this to
> 
> "it fails"? How precisely?

It exits with error code 1, nothing more. No error messages, nothing.
Probably the patch is everything but verbose.

What I have found so far: If I add pam_unix in session directive (just for
logging) in /etc/pam.d/tmux I get logs for the first tmux process only, not
for the failing one.
If I sleep for a moment before starting the second tmux process it works as
expected and I git pam logs from both processes.

> No clue what tmux is though (some screen reimplementation?).

Basically, yes.
-- 
Best regards,
Chris
 O< ascii ribbon campaign
   stop html mail - www.asciiribbon.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] journald: no such file or directory

2012-09-04 Thread Christian Hesse 
Hello everybody,

a daemon flooded my syslog and rsyslog filled my log partition. After that
journald complains on startup:

systemd-journald[260]: Failed to open
/var/log/journal/d1ba4a2d5fc8ab0c4c46f6f74b607fdd/fss: No such file or
directory

How to fix that?
Everything seems to work without problems though.
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] journald: no such file or directory

2012-09-04 Thread Christian Hesse 
Dave Reisner  on Tue, 2012/09/04 06:03:
> On Tue, Sep 04, 2012 at 09:44:26AM +0200, Christian Hesse wrote:
> > Hello everybody,
> > 
> > a daemon flooded my syslog and rsyslog filled my log partition. After that
> > journald complains on startup:
> > 
> > systemd-journald[260]: Failed to open
> > /var/log/journal/d1ba4a2d5fc8ab0c4c46f6f74b607fdd/fss: No such file or
> > directory
> > 
> > How to fix that?
> > Everything seems to work without problems though.
> 
> These two events are unrelated. You've enabled persistent logs without
> setting up your sealing key.
> 
> journalctl --setup-keys

Ah, some unrelated conditions made me think this is related. Thanks for the
hint!
-- 
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Chris   get my mail address:*/=0;b=c[a++];)
putchar(b-1/(/*   gcc -o sig sig.c && ./sig*/b/42*2-3)*42);}
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel