rd ?
>
> Usually its an admin task to maintain group membership and she has no
> user passwords.
>
> But when its the users task to join a group, the user needs the admin
> password, this is also a bad situation.
>
> Is it possible to add more than one password ?
>
> /eric
>
>
--
Mantas Mikulėnas
r=GetConnectionUnixUser cookie=52 reply_cookie=0 signature=s
> error-name=n/a error-message=n/a
> Jan 31 11:06:35 sarkovy systemd-networkd[1294]: Got message
> type=method_return sender=org.freedesktop.DBus destination=:1.12
> path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=52
> signature=u error-name=n/a error-message=n/a
>
>
> These are the contents of /etc/systemd/network/50-vpn.network:
>
> [Match]
> Name = vpn_*
>
> [Link]
> RequiredForOnline = no
> ActivationPolicy = up
> ARP = no
>
> [Network]
> Description = VPN interface
> DHCP = no
> DHCPServer = no
> LinkLocalAddressing = no
> DefaultRouteOnDevice = no
> LLMNR = no
> IPv6AcceptRA = no
> Bridge = br_lan
>
>
--
Mantas Mikulėnas
On Fri, Feb 10, 2023, 00:11 Vladimir Kudrya wrote:
> Hello everyone!
>
> As an experiment I wrote a session manager for standalone wayland
> compositors that utilizes systemd user-level daemon features for graphical
> sessions: https://github.com/Vladimir-csp/uwsm
>
> It can either manage targets
On Fri, Feb 10, 2023 at 12:27 PM Vladimir Kudrya
wrote:
> On 10/02/2023 12.51, Mantas Mikulėnas wrote:
>
> Also systemd.special manual recommends putting display servers into
>> session.slice. But in case of a wayland compositor it is impossible to
>> separate it from
self, so there's no way for faxgetty@.service to be sure
that pty/0 is your fax thing and not e.g. someone's xterm or an incoming
SSH connection.
What is supposed to be creating /dev/pts/0 in your case? It might be
simplest to have the same software directly start faxgetty@.service
as well.
--
Mantas Mikulėnas
On Sun, Feb 12, 2023 at 9:27 AM Vladimir Kudrya
wrote:
> On 10/02/2023 12.51, Mantas Mikulėnas wrote:
>
> Also systemd.special manual recommends putting display servers into
>> session.slice. But in case of a wayland compositor it is impossible to
>> separate it from
On Mon, Feb 13, 2023 at 3:21 PM Giuseppe Sacco wrote:
> Il giorno lun, 13/02/2023 alle 12.12 +0200, Mantas Mikulėnas ha
> scritto:[...]
> > I'm not entirely sure whether it even makes sense for a .service unit
> > to wait for a specific pty? I mean, the entire design of p
On Mon, Feb 13, 2023 at 5:16 PM Giuseppe Sacco wrote:
> Hello Mantas,
>
> Il giorno lun, 13/02/2023 alle 14.32 +0100, Giuseppe Sacco ha scritto:
> > Il giorno lun, 13/02/2023 alle 15.25 +0200, Mantas Mikulėnas ha scritto:
> > > On Mon, Feb 13, 2023 at 3:21 PM Giu
/sync': Permission denied
> ```
>
> But I can touch that dir as my user.
>
> Any ideas of what might be wrong?
>
An automount placeholder is, itself, a special kind of mount – as long as
the .automount unit is active, the path is no longer owned by you because
the "sync" directory has an 'autofs' filesystem mounted on top of it. (See
`findmnt`.)
--
Mantas Mikulėnas
h rejected.
> > >>
> > >> I tried also subscribing via the maillist web site form. That also
> hasn't unsubscribed me.
> > >>
> > >> Can someone please tell me the correct way to unsubscribe from this
> list?
> > > You need to unsubscribe through the web interface.
> > >
> > > Zbyszek
>
--
Mantas Mikulėnas
My wild guess would be "no", in order to remain compatible with CPUs that
might be added to the system at runtime.
On Thu, Mar 23, 2023, 23:00 Etienne Champetier
wrote:
> Le jeu. 23 mars 2023 à 16:37, Etienne Champetier
> a écrit :
> >
> > Hello,
> >
> > I'm setting `CPUAffinity=0-1` in /etc/sy
names (translated to a dash as part of
the escaping), as a unit name has to be a valid filename. The "@" has
special meaning (indicates instance name for .service units; I don't think
that's supported for .scope units though). Usually
"foo-bar-baz-12345.scope" is the typical format.
--
Mantas Mikulėnas
ferent line?
>
> Or do I need to create a .device unit file manually? I can't see much
> info on doing that.
>
> Cheers,
> Richard
>
--
Mantas Mikulėnas
Systemd-resolved can't actually see your leases all on its own; the DHCP
client needs to provide it that information. Networkd and NetworkManager do
it directly through the D-Bus IPC.
For standalone dhcpcd, you would likely need to install the `resolvconf`
emulation that comes with systemd (usuall
,
how/why is it even reporting a different kernel than the host OS? Isn't the
entire point of OpenVZ to share a single kernel with the guest containers?
Is it actually 3.10 **pretending** to be 5.4 just to make it pass systemd's
kernel version checks?
--
Mantas Mikulėnas
On Tue, Apr 11, 2023, 03:41 Chandler wrote:
> systemd has been working great here, system-wide as well as in all user
> instances except one. I'm not exactly sure what all the steps are in
> the process to get a systemd user instance running. The directory
> /run/user/$UID was not being created
On Tue, Apr 11, 2023, 19:23 Chandler wrote:
> Mantas Mikulėnas wrote on 4/10/23 10:31 PM:
> > The same pam_systemd module registers a "session" with logind (which
> > triggers the creation of runtime directory as well as the startup of
> > user@.service; note: /n
On Tue, Apr 18, 2023, 02:59 Bill Steinberg wrote:
>
> Hi Barry,
>
> Thanks for the response. Answers inline below.
>
> On Apr 17, 2023, at 5:09 PM, Barry wrote:
>
>
>
> On 17 Apr 2023, at 19:05, Bill Steinberg wrote:
>
> Hello systemd devel,
>
> I have a systemd service that I’ve run on prior
pty
...` could be used if you need to manually run something as another user
(but as soon you need to do it twice, you should just make a .service with
Slice=, or even a --user service).
--
Mantas Mikulėnas
The main difference is that "containers" are chroots with their own PID
namespace, at least, while an ordinary chroot still keeps the PID numbering
from the host. In other words, the container has its own PID 1 – and
systemd really wants to be PID 1, as init. A container runtime such as
nspawn will
On Sun, Apr 30, 2023, 11:29 wrote:
> The following is a feature request. At src/login/loginctl.c ?
> The looked up feature is the equivalent of
> setterm --blank aDelay --powerdown SomeOtherDelay
> , only as soon as the login prompt appears. Before login.
> I mean, I ask to leave the current
group/user4/cgroup.procs";pgrep -u user5 | grep -vxFf
>> /sys/fs/cgroup/user5/cgroup.procs | xargs -I{} sh -c "echo {} >>
>> /sys/fs/cgroup/user5/cgroup.procs";sleep 5;
>> done'[Install]WantedBy=multi-user.target*
>>
>> This solution is workin
es to validate passwords over a Unix socket interface and has
a PAM backend (`saslauthd -a pam`).
I don't know of other such daemons (surprisingly, SSSD doesn't expose an
authenticate call through its D-Bus interface either, keeping it internal
to PAM only), but that's the general approach if you plan on writing your
own.
--
Mantas Mikulėnas
ch]
> MACAddress=99:xx:xx:xx:xx:xx
>
> [Link]
> Name=wan
>
VLANs have the same MAC address as their parent device, so this .link file
tells the system to rename *both* interfaces to the same name "wan".
Add a "Type=ether" match to avoid this.
--
Mantas Mikulėnas
Assuming you already have "hidepid" configured for /proc, you'll still need
to block access to the corresponding systemd D-Bus call:
$ cat /etc/dbus-1/system.d/systemd-restrict.conf
On
add and remove handlers, is there a way to
> manually trigger the remove handler of that file?
>
> Thanks,
>
> Dagg
>
--
Mantas Mikulėnas
so maybe you can get `systemd-measure` to do exactly
what you want? There's a github RFE filed for #2 so it might show up in
systemd-cryptenroll someday.
--
Mantas Mikulėnas
ces first (i.e. networkd doesn't look for
interfaces matching 10-wan.network; it looks for .network files matching
the eth0 device).
--
Mantas Mikulėnas
ts the advantages of
> socket activation by sequencing startups and being explicit about
> dependencies. Now rabbitmq-server and epmd are just examples here, any
> service using a socket-activated service during its shutdown is
> affected and prone to timeouts or failures.
>
Not entirely sure here, but I *think* this might be unavoidable.
--
Mantas Mikulėnas
t super familiar with abstract
> sockets so I'm not sure of the downsides
>
Abstract sockets are tied to the network namespace, instead of the
filesystem (mount namespace). That's the main difference, as far as I know.
--
Mantas Mikulėnas
tell systemd-cryptenroll to use
that when unlocking. (Later you only need to re-sign the PCR measurements
in /boot without needing to re-do cryptenroll.)
--
Mantas Mikulėnas
fully
separate kernel module (i.e. not strictly part of OpenVZ), so in theory you
could still use it with nspawn. Alternatively, you could use regular loop
devices (which can be space-efficient with all recent kernels, as they now
support TRIM) if you don't need the snapshotting.
Though, "consuming inodes" is only a problem with Ext4, isn't it? Does the
same type of problem even exist on more modern filesystems like XFS or
Btrfs?
--
Mantas Mikulėnas
Is that "once per boot", "once per interface appearance", or "once per
physical NIC lifetime"? Can the command check its effects directly (i.e.
check whether a setting has been set, or whatever the task is)?
If it's once per boot, a flag file in /run/thing_done.$ifname would be a
common solution..
On Mon, Jul 17, 2023, 15:44 Marc Haber
wrote:
>
> # /lib is necessary here, or execve will fail without indication for
> # reason - that was a surprise and hard to debug because even strace
> # didnt hint me towards the real issue
> ExecPaths=/usr/sbin/named /usr/sbin/rndc /lib
>
This one in par
On Thu, Aug 3, 2023, 21:09 Ross Boylan
wrote:
> Hi, systemd-ers. I'm trying to do something that seems at cross
> purposes with systemd's assumptions, and I'm hoping for some guidance.
>
> Goal: remote client sends a 1 line command to a server, which executes
> a script that does not create a lo
On 2023-08-06 03:42, Ross Boylan wrote:
On Fri, Aug 4, 2023 at 4:32 PM Kevin P. Fleming
wrote:
On Fri, Aug 4, 2023, at 18:11, Ross Boylan wrote:
Theory: since br0 has no associated IP address when socket creation is
attempted, the socket creation fails. If so, I need to delay socket
startup
As far as I know, that's normal – /proc/meminfo always reflects the total
amount of memory, regardless of cgroup limits. LXC uses lxcfs to mount a
fake meminfo file there, nspawn doesn't have an equivalent.
On Sun, Aug 6, 2023, 18:55 Paulo Coghi - Coghi IT
wrote:
> I used "systemctl set-property
500
> /bin/bash
> [root@x11 ~]#
> logout
> Connection to machine x11 terminated.*lukas@home*:*~*$ sudo machinectl shell
> x11 /bin/bash
> Connected to machine x11. Press ^] three times within 1s to exit
> session.*root@x11*:*~*# echo $HISTFILESIZE; echo $0;
>
> /bin/bash*root@x11*:*~*#
> exit
> Connection to machine x11 terminated.*lukas@home*:*~*$
>
> Thanks,
> lukaro
>
--
Mantas Mikulėnas
Have your initramfs *extend* a PCR after it retrieves the key from the TPM,
before it switches to (or even unlocks) the rootfs. As most PCRs cannot be
rolled back without a reboot, this would prevent the key from being
unsealed from a running system even if it manages to boot (without causing
the i
d at the beginning of the month move it if it exists with a timed
> service, but I really would not like that kind of solution.
>
It's called /etc/logrotate.conf and it's what everyone else does. It's what
Debian/Ubuntu itself uses for /var/log/apt*.log and such.
--
Mantas Mikulėnas
It sounds like you're reinventing LC_NUMERIC.
The locale system has a lot more than just LANG; it already allows the
number format to be overridden separately from the "language". Take a look
at `locale -k LC_NUMERIC` and <
https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap07.html>.
s in failure
> due to neighbour
> solicitation.
>
No; `default` has nothing to do with the gateway field. It's an alias for
the route *destination network* field, specifically ::/0 for IPv6 or
0.0.0.0/0 for IPv6.
What you have is a completely standard IPv6 default route, regardless of
which table it's in:
[Route]
Destination=::/0
Gateway=fe80::1
--
Mantas Mikulėnas
on, and need to do manual
> filtering.
If you dump with `-o export` instead (or convert the JSON to the export
format), you can later feed the dump into systemd-journal-remote(8) (which
is somewhere in /lib/systemd) to import it back into a .journal file.
--
Mantas Mikulėnas
.device units wait for *udev* to broadcast the uevent about that device
being added, which happens after udev has 1. received the initial kernel
uevent (either real or produced by systemd-udev-trigger.service) and 2.
finished processing all its .rules for that device (which means everything
that ru
Depends on what exactly runs dhcpcd and wpa_supplicant. Is that done by
networking.service (ifupdown)? NetworkManager? Are they standalone services?
I would generally expect Before/Wants=network-pre.target to work, but that
relies on your network services themselves being set up correctly – they
t
On Tue, Sep 26, 2023, 15:32 Mark Rogers wrote:
> On Tue, 26 Sept 2023 at 13:08, Mantas Mikulėnas wrote:
>
>> Depends on what exactly runs dhcpcd and wpa_supplicant. Is that done by
>> networking.service (ifupdown)? NetworkManager? Are they standalone services?
>>
&
On 2023-09-26 21:31, Mark Rogers wrote:
On Tue, 26 Sept 2023 at 13:44, Mantas Mikulėnas <mailto:graw...@gmail.com>> wrote:
I'm still not entirely sure of the situation but right now it sounds
like the configuration is okay but the Ethernet interface is failing
n/up script), how should I do that without
> modifying system dhcpcd unit files?
>
Use the "drop-in" system (dhcpcd.service.d/*.conf), e.g. via `systemctl
edit dhcpcd5`. Add a few ExecStartPre= commands in [Service] to have it
"manually" bring the interface up, then down (possibly with a 'sleep .5'
after each), and hopefully when dhcpcd brings it up the /second/ time it
will work.
--
Mantas Mikulėnas
On Wed, Sep 27, 2023 at 12:14 PM Mark Rogers
wrote:
> On Wed, 27 Sept 2023 at 09:39, Mantas Mikulėnas wrote:
>
>> It might be an issue with the kernel driver for your Ethernet interface,
>> then (as setting the interface 'up/down' usually reinitializes the
&g
On Wed, Sep 27, 2023 at 12:31 PM Mark Rogers
wrote:
> On Wed, 27 Sept 2023 at 10:18, Mantas Mikulėnas wrote:
>
>> So now I'm curious: if the first command you run is to bring the
>> interface *down*, then what exactly brought it up?
>>
>
> Good question. The r
On Fri, Sep 29, 2023, 12:54 Lewis Gaul wrote:
> Hi systemd team,
>
> I've encountered an issue when running systemd inside a container using
> cgroups v2, where if a container exec process is created at the wrong
> moment during early startup then systemd will fail to move all processes
> into a
created before the
> machine is started. As provisions for a hook to script something like this
> do not seem to be supported in systemd.nspawn,
> I would like to know what and where the best way and place to achieve this
> is?
>
> Please cc me.
>
> Many thanks,
> and all the best,
> Rob
>
--
Mantas Mikulėnas
figurations and add specific After=foo.mount or
RequiresMountsFor=/foo/bar ordering – for each filesystem that the
configuration expects to be available – into your tmpfiles service.
--
Mantas Mikulėnas
o I can create a script to
> print the content of those multiple files.
>
> Or maybe there is another way to do this?
>
>
> Thank you.
>
--
Mantas Mikulėnas
rocesses are created during shutdown and systemd gets confused.
>
> I see a similar thing for a much simpler service, winbind:
>
> Here is winbind.service:
>
> [Unit]
> Description=Samba Winbind Daemon
> Documentation=man:winbindd(8) man:samba(7) man:smb.conf(5)
> After=network.target nmb.service
>
> [Service]
> Type=notify
> PIDFile=/var/run/winbindd.pid
> EnvironmentFile=-/etc/sysconfig/samba
> ExecStart=/usr/sbin/winbindd --foreground --no-process-group
> $WINBINDOPTIONS
> ExecReload=/bin/kill -HUP $MAINPID
> LimitCORE=infinity
>
> [Install]
> WantedBy=multi-user.target
>
> Yesterday I watched it do the same thing as CTDB. I could start the
> service by hand but it would time out during stop, nearly every time,
> even though there were no relevant processes running anymore.
> winbindd sends a READY=1 notification after successfully starting. It
> does not send STOPPING=1. winbindd is much simpler during shutdown.
> I can get logs for this one too if necessary.
>
> Thanks for any help.
>
> peace & happiness,
> martin
>
--
Mantas Mikulėnas
Hi Mantas,
>
> Yes, it looks like cgroups v1.
>
> Would this be a kernel bug? systemd bug?
>
> Thanks...
>
> peace & happiness,
> martin
>
> On Wed, 11 Oct 2023 08:19:59 +0300, Mantas Mikulėnas
> wrote:
>
> > Is this with cgroups v1 or v2? If cgroups v1
login (i.e. one that goes through PAM) will have pam_systemd
create you a "session" in systemd-logind and move your process to a fresh
cgroup named after your UID, e.g. in cgroupv2 systems it would be
"/user.slice/user-UID.slice/session-XXX.scope" (and everything that's
launched via your 'systemd --user' would likewise be under
".../user-UID.slice/user@UID.service")
Whereas if your processes are still inside x2go's "service" cgroup, that's
an indication that it's not doing PAM setup correctly.
--
Mantas Mikulėnas
onally, sd_device_get_is_initialized() seems to return sometimes
> true even if the udev worker still has the volume open.
> In short, which API do you recommend to ensure that the device my
> thread has created is actually usable?
>
> [0]: http://git.infradead.org/mtd-utils.git/tree/HEAD:/tests/ubi-tests
> [1]: http://git.infradead.org/mtd-utils.git/blob/HEAD:/lib/libubi.c#l994
>
> --
> Thanks,
> //richard
>
--
Mantas Mikulėnas
emd-logind starts the
user@ system system service; 3) as a dependency this also starts the
user-runtime-dir@ system service; 4) the user-runtime-dir@ service
creates the runtime directory for you. In older versions it was slightly
different; logind did it internally.
--
Mantas Mikulėnas
id? We generally don't open
> device nodes unless we have a reason to, such as doing blkid on it or
> so.
>
blkid and 60-persistent-storage indeed analyze ubi devices, it seems.
--
Mantas Mikulėnas
Kernel and systemd changes aside, I kind of want to say that you need to
specify an interface for the link-local endpoint to be bound to – just as
with regular sockets. If the tunnel were device-bound and not independent,
that would happen by default.
It also seems weird that the tunnel has endpoi
I'm not a DBA but I've heard that one common way to handle this would be to
create a separate MySQL instance (probably on a separate machine, even)
that would replicate all the data, for the heavy users to query. (Or the
other way around, main instance for the heavy updates ⇒ replica for re
On Wed, Nov 29, 2023, 20:59 Thomas Larsen Wessel wrote:
> Thanks both of you! :)
>
> I have taken some time to digest your answers. And in particular I have
> tried to investigate this line closer:
>
> *Nov 27 12:34:22 tumbleweed unknown: WSL (2): Creating login session for
> andrei*
>
> I have f
On boot, interfaces are admin-down *by default* until something explicitly
brings them up. If you don't configure any network management software to
bring eth0 up, then it'll be down.
On Thu, Dec 7, 2023, 22:52 lejeczek wrote:
> Hi guys.
>
> Perhaps not strictly _systemd_ question but community
On Fri, Dec 8, 2023, 12:22 Christopher Wong
wrote:
> Hi Luca,
>
>
>
> Sorry, for late reply, below is a log with debug. This time I run with a
> user with higher UID, but the result is the same.
>
>
>
> root@host:~# systemd-analyze set-log-level debug
>
> root@host:~# systemctl set-environment XD
> '/run/user/1001/systemd/inaccessible/blk', ignoring: Permission denied
>
What's the ownership of /run/user/1001 and /run/user/1001/systemd after all
of this?
Are you rebooting between tests or just manually starting it?
My current guess is that due to the earlier `systemctl set-environment`,
some *other* thing that's running as root inherited the /run/user/1001 path
and created root-owned directories there? That's the issue with setting
global environment, it needs to be unset afterwards...
--
Mantas Mikulėnas
it.
>
> Regarding the testing, I have done both restart of everything and manual,
> but the result is the same. Now that I have the
> “Environment=XDG_RUNTIME_DIR=/run/user/%i” I no longer need to do
> “systemctl set-environment …”
>
>
>
> Thank you for taking your time
9 ..
>
> srw-rw-rw-1 ida ssh-user 0 Dec 12 16:19 bus
>
> drwxr-xr-x5 ida ssh-user 140 Dec 12 16:19 systemd
>
>
>
> The ”mount” command don’t list /run/user/1001 for the successful case
> either.
>
>
>
> Best regards,
>
> Ch
Process: 16361 ExecStop=/usr/lib/systemd/systemd-user-runtime-dir
> stop 1001 (code=exited, status=0/SUCCESS)
>
>Main PID: 16329 (code=exited, status=0/SUCCESS)
>
> CPU: 48ms
>
>
>
> /etc/fstab don’t include anything on /run/user/1001 and there is no mount
&g
(or in fact you could
replace the entire user-runtime-dir@ with a simpler one that only mkdirs
and chowns), but in that case you shouldn't be saying that it's a systemd
issue that it doesn't chown something that it was never meant to chown to
begin with.
>
>
> Best regards,
Activation is not client-side, it's handled automatically by dbus-daemon –
which either spawns the service directly or starts it as a systemd service.
In this case, check whether your logs show systemd-hostnamed.service
attempting to start; either it fails to start (missing libraries?
Apparmor?) o
The traditional dbus-daemon keeps a separate environment for services it
spawns directly (i.e. those that don't specify SystemdService= in their
D-Bus .service files), though that it doesn't apply to services it runs via
systemd so you need to keep both in sync.
On the other hand, dbus-broker runs
On Fri, Jan 19, 2024, 17:47 Morten Bo Johansen wrote:
> On 2024-01-18 Lennart Poettering wrote:
>
> > On Do, 18.01.24 22:53, Morten Bo Johansen (morte...@hotmail.com) wrote:
> >
> >> ~/ % systemd-creds has-tpm2
> >> partial
> >> +firmware
> >> -driver
> >> +system
> >> +subsystem
> >> +libraries
On Fri, Jan 19, 2024, 19:12 Morten Bo Johansen wrote:
> On 2024-01-19 Mantas Mikulėnas wrote:
>
> > In general I've learned to not quite trust what the firmware shows...
> we've
> > had a batch of Skylake-or-so desktops that *did* have a CPU-integrated
> fTP
On Sat, Jan 20, 2024 at 8:02 AM Andrei Borzenkov
wrote:
> On 19.01.2024 20:22, Mantas Mikulėnas wrote:
> > On Fri, Jan 19, 2024, 19:12 Morten Bo Johansen
> wrote:
> >
> >> On 2024-01-19 Mantas Mikulėnas wrote:
> >>
> >>> In general I'
ervice" that adds Before=foo.target. I'm not sure if
clevis integrates with that. (Although honestly I don't see much point in
using clevis for data volumes at all – just use it for the rootfs, and
regular keyfiles in /etc/private for everything else...)
--
Mantas Mikulėnas
On Mon, Feb 5, 2024, 14:54 Lennart Poettering
wrote:
> On So, 04.02.24 00:06, David Timber (d...@dev.snart.me) wrote:
>
> > 2: How do I get Systemd to freeze to test such program? I mean, if I kill
> > Systemd, the kernel would crash so I have to somehow tell Systemd to
> freeze?
>
> Not really,
.NamespaceId property t 4026531840 const
> .OnlineStateproperty s "partial"
> emits-change
> .OperationalState property s "routable"
> emits-change
> root@MK3AC-WS100269:/var/lib/evse/cache#
>
> Thanks,
> Ashok
>
>
--
Mantas Mikulėnas
You need to make sure the PAM configuration for whichever service you're
logging in through includes pam_systemd.so in the 'session' group. Check
/etc/pam.d on other distributions. (For tty logins it's /etc/pam.d/login,
but usually it's indirect via /etc/pam.d/common-session or something along
thos
Also, if you're using a terminal that doesn't recognize OSCs (it should
just ignore unknown ones), export SYSTEMD_URLIFY=0 to disable the hyperlink
feature that's making a mess out of systemctl output.
On Tue, Feb 13, 2024, 06:53 Sangeetha Elumalai
wrote:
> Hi,
>
> The* 'loginctl list-users'* co
> I want the user sessions to start in a {mount,user} namespace. How can
> I do this? I know there is the command systemd-nspawn. But to use this
> I have to adjust the first command to start a session. Or is it
> possible by setting parameters in logind?
>
> Stef
> the Netherlands
>
--
Mantas Mikulėnas
On Wed, Feb 14, 2024, 10:55 Julian Zielke wrote:
> Hi,
>
>
>
> is there a possibility to only add the routes from allowed-ips to the
> kernel routing table after the peer has connected?
>
> Because since the tunnel itself is stateless, there is no way for me to
> make use of OSPF to route packets
temd startup process runs twice as many Assorted Things as my full
desktop environment did in the past, so maybe the issue is no longer
relevant.)
--
Mantas Mikulėnas
On Tue, Mar 12, 2024, 15:06 wrote:
> Hi,
>
> I have a system that needs to perform some tasks on first boot. I have
> this working for the most part but I had some general questions and would
> like some guidance on the proper implementation.
>
> The tasks I need to perform on first boot include
, but it can continue to run
under (x)inetd or a custom `systemd-socket-activate` service (that's mainly
a CLI tool for testing but it would work as a service too).
--
Mantas Mikulėnas
On Wed, Mar 27, 2024, 16:36 Orion Poplawski wrote:
>
>
> Can I setup a unit that gets started automatically when a particular
> dev-disk-by-uuid device becomes present?
>
Just link it under dev-disk-foo.device.wants/ (systemctl enable, or
systemctl add-wants).
Alternatively, ENV{SYSTEMD_WANTS}=
9 (249.11-0ubuntu3.12). On my laptop (Fedora
> 40) I cannot reproduce the error and it works like in your case. The
> other two machines are servers.
>
--
Mantas Mikulėnas
I don't know, but it might be related to this note:
https://github.com/systemd/systemd/commit/0a207d8f234ff7ea0d7988445e38685090fc930e
On Fri, Mar 29, 2024, 19:53 Nils Kattenbeck wrote:
> On Fri, Mar 29, 2024 at 7:04 AM Mantas Mikulėnas
> wrote:
> >
> > It's probab
atively, run the service under the debugger: `gdb /usr/.../timesyncd`.
--
Mantas Mikulėnas
e.service, then you need
WantedBy=logrotate.service. Then each time logrotate.service is started on
schedule, it'll cause your service to be started as a dependency, and the
After= will actually work to define the order.
--
Mantas Mikulėnas
.
(But you can use "/bin/hostname -f" or "sysctl kernel.hostname" or "echo
testvm > /proc/sys/kernel/hostname" or pass "systemd.hostname=testvm" as a
kernel command line option to achieve the same thing.)
--
Mantas Mikulėnas
But since it's done to a .service, it doesn't imply any Before/After (if I
remember correctly, the Wants-implies-After is .target-specific magic), so
that may be what makes RequiredBy= insufficient. Use a .conf to add both
Requires *and* After to immutable.service.
--
Mantas Mikulėnas
aren't working for me, although
> manually setting --background does work. Setting
> $SYSTEMD_TINT_BACKGROUND makes no difference.
>
> Any ideas?
>
--
Mantas Mikulėnas
v255 added a new systemd-executor binary – instead of direct
fork/setup/exec, now it's fork/exec(executor)/setup/exec(service), to avoid
doing too much stuff after fork. But the binary is executed off an open fd,
so even though you've upgraded it on disk, the manager is still holding
onto its old c
h uses the high-level
ResolveHostname call), but I suspect that switching to the traditional
'dns' module (which makes low-level A/ queries to 127.0.0.53) would
bypass this logic.
--
Mantas Mikulėnas
have missed to label the
> interface names in the .nspawn file to later reference them in the .link
> file?
>
"@if3" is not part of the name. The interface name should be just
"vb-webserver" and is based directly on the nspawn name.
--
Mantas Mikulėnas
A service could receive multiple listeners sockets, but I don't remember
systemd having an option to pass client connection sockets – and I don't
think it would make much sense, as the SMTP server is likely to close the
connection while the service is still running, and then systemd would
definitel
link
>
> Am I missing something? Of course, the process running the root shell
> invoked from the command line is ultimately also a child of systemd,
> which is the system's init process.
>
--
Mantas Mikulėnas
hold them.
So if you have any service options that cause a new *mount* namespace to be
created (preventing its filesystem mounts from being visible outside the
unit), then it cannot pin persistent network namespaces.
(It's also a bit overkill to use ProtectSystem for this kind of script,
really.)
--
Mantas Mikulėnas
On Thu, Jul 18, 2024, 15:43 Thomas Köller wrote:
> Am 18.07.24 um 14:04 schrieb Mantas Mikulėnas:
> > Yes, but namespace persistence actually relies on filesystem access –
> > it's implemented as a bind-mount of the namespace file descriptor (onto
> > /run/netns fo
101 - 200 of 1190 matches
Mail list logo